rolfs.no: Experiencing weblogging

A predictability of the random number is not good. It makes the randomness predictable, which makes it just predictable. This means that it is a lot easier to guess the key a user has created to gain access to a remote system trough services using openssl keys.

http://lists.debian.org/debian-security-announce/2008/msg00152.html

openssl is affected with vulnerability: “predictable random number generator”.
It is a Debian-specific remote vulnerability. It got CVE Id: CVE-2008-0166.

Here is a perl script that holds all the fingerprints of predictable random number (so called compromised. Around 262 thousand keys).
http://security.debian.org/project/extra/dowkd/dowkd.pl.gz

SSH (OpenSSH)

I removed the fingerprints for obvious security reasons: (You should run as root and without piping to the sed command)

root@untuome:/# ssh-vulnkey -a | sed  s/..:..:..:../xx:xx:xx:xx/gi
Not blacklisted: 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx /etc/ssh/ssh_host_rsa_key.pub
Not blacklisted: 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx /etc/ssh/ssh_host_dsa_key.pub
COMPROMISED: 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx /home/user/.ssh/id_rsa.pub
Unknown (no blacklist information): 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx /home/user/.ssh/authorized_keys

List all users using ssh keys:

ls -al /root/.ssh/authorized_keys
ls -al /home/*/.ssh/authorized_keys

Fix: remove all authorized_keys that are compromised from the system

I will add more info about OpenVPN and other openssl key software here, but I wonder if you know any other ways to clean out and fix a system for these ssl key security issues?

For sysadmins: I will give you an idea of how to test for week passwords on several servers.

First, collect all /etc/shadow from every server into a single directory (”passwordcheck”) on your own machine and name each of the files like the servername.

I assume that you have a ssh key installed on your user account on all of your servers.
Insecure: The ssh-commands below might give away your password to other users.
Continue reading ‘Run john the ripper on several servers / password files’

I wrote this liferea syncing script for liferea yesterday. It seems to work as I wanted.. When I’ve got some problems, the backup that this script implements helps me solving the issues. I’m pleased with how this script makes my RSS more joyful.

I hope you can get some good ideas or that this script helps you sync your RSS feeds.
Continue reading ’sync-liferea.sh syncing script’

I’m going to make some ideas/thoughts about how to synchronize what you have read of your RSS feeds between two computers. I have wanted to do this for a while now.

First part is if you want to do the sql-stuff to export and import the items that you have marked as read.

Alternative1: Export a list of read items from liferea.db on pc1 and update items in liferea.db on pc2
First, make sure to turn of Liferea on both computers. It locks the sqlite database so it is not possible for us to export the list of items that are read on pc1 or update them on pc2.
Make sure to have backup of both computers. I just say this so you don’t blame me.
Continue reading ‘Sync Liferea – How to synchronize what items you have read between two pcs’

The bash script /usr/bin/liferea-add-feed is adding the url you send as an argument to your list of rss feeds in Liferea. If liferea is not running it will tell you “Liferea is not running! You need to start it first.” but if you did like me, the url is passed from firefox to the liferea-add-feed -script without you seeing that anything goes wrong. To avoid this, I changed the liferea-add-feed script so it makes sure that liferea is running before trying to add the RSS feed.
Continue reading ‘liferea-add-feed – Start Liferea if it is not running to add RSS feed’

Here is a mini-howto about how to create debian packages of perl modules, easying distributed install and removal of the module.

Requirement: dh-make-perl Continue reading ‘Create .deb package of perl modules’

Here is how to make the rsnapshot package in debian/ubuntu style: Continue reading ‘rsnapshot 1.3.0 in ubuntu’

I found myself putting things into the trashcan because I was pressing the CTRL+T combination on the keyboard. (using it for new tab/location bar in firefox).

Continue reading ‘Change keyboard shortcuts in nautilus: Howto disable the CTRL+T combination from ‘move to trash’ in GNOME/Nautilus?’

I like to see the percentage done of an ongoing process. I also want to make it easier for others to do the same, so I created a small example-script for how to do it from a bash script. On the left side, you see how it will look like.

I have seen some scripts using awk to calculate the percentage of a progress when the output is to verbose maybe doesn’t show the percentage but a number of a total.

You can also add –auto-kill if you want the cancel-button to kill the parent pid.

Enjoy making X graphical verbose scripts!

zenity-progress-example.sh

(for a in `seq 1 100` ;
do
echo $a;
sleep 0.03;
done) | zenity --auto-close --progress \
--text="Slow counting from 1 to 100" \
--title="Example Progress"

I was looking at why my ssh -vvv was giving me some errors and made me wait for some extra seconds when tried to ssh to other machines.

debug1: An invalid name was supplied
Configuration file does not specify default realm
 
debug1: An invalid name was supplied
A parameter was malformed
Validation error
 
debug1: Miscellaneous failure
No credentials cache found

Continue reading ‘SSH debug1: An invalid name was supplied, Configuration file does not specify default realm’