Have you ever had an RPM installed on the system that you needed installed on another system, but didn’t have the .rpm file for it? Or, have you wanted to make a .rpm file with just a minor change without having to completely rebuilt it? Or perhaps forge an RPM with some naughty scripts or binaries in it? 
Check out my rpm-repack script. Simply run it with the package name that’s installed on the system:
I’ve been using GitHub a lot more lately, and have found it to be a great service. So, this is me officially saying that any code I reference you should be able to find in one of my github repositories. If I’ve mentioned something to you that isn’t in there, call me out on it; I’ll get it up ASAP.
In order to be more transparent, I’ve started pushing more stuff there. For example, I recently updated my rogue-beret-tools repository with my various snmp nagios plugins (which, by the way, you can also find on my account at Nagios Exchange). I’ve started polishing up some of my scripts and putting them in there as well. I also added a directory for rpm spec files, such as my grsecurity kernel rpm spec file.
Having to manage a wide array of servers with vastly different disk configurations, I found that things began to be very tedious with the nagios configuration file for disks checks. It seemed as if no two server disk configuration was the same, and coming up with a scheme to have different partitions be a consistent index number across systems was proving to be difficult.
It’s about time I post a detailed explanation about how my tpe-lkm module is able to enforce its security policy. This post is very technical, readers beware. Note that this writeup is based on the code as it was the latest commit, which was of this writing, was the one on Dec 10th, 2011. I’ll keep all the links relative to that date.
If you’ve looked at any of my original code lately, you might have noticed how I license it at the top of said code:
# # Originally written by Corey Henderson # # Dual-Licensed - you may choose between: # # 1) Public Domain # 2) WTFPL - see http://sam.zoy.org/wtfpl/ #
The other day I threw together a check_snmp_time.pl script that simply checks the remote’s time against the monitor host’s time. It’s fairly straight forward, and will alert you when host’s time drift too much, indicating that your ntpd configuration is bad. I had to do some custimizations to it, because not all hosts have the HOST-RESOURCES-MIB::hrSystemDate.0 option. For hosts that don’t it falls-back to the UCD-SNMP-MIB::versionCDate.0 option.
This evening I wasted a bunch of time on what turned out to be a simple problem. I really hate it when that happens.
I fixed a bug in tpe-lkm where users weren’t seeing all of their processes, and updated my servers with the new module. Suddenly, my phone starts buzzing off the desk; nagios was complaining that some daemons were down. This data is retrieved via snmp, and upon further investigation, I noticed that the daemons were in-fact up.
So it was a snmp problem.
This evening I implemented the optional hardcoded_path feature for tpe-lkm. It’s a way to be very strict on what on the system can be executed. When set, anything outside of the given path can’t be executed, regardless of permissions or ownership. This includes shared libraries, so use this feature with caution. Read the entry in the FAQ about it.
Tonight I implemented a “lock” sysctl feature for tpe-lkm. When enabled, the sysctl entries for the tpe module can’t be changed. It’s only real useful if also combined with the modules_disabled option.
Last week I completed the first draft of Part 1 of my book on Linux Security (chapters 1 through 4). I just got word that it’s been sent out for review, and expect to get them back in a few weeks. I’m nervous as hell about this review, mostly because it’s my first time writing a book.