Posted on

PwnKit, or How 12-Year-Old Code Can Give Root To Unprivileged Users

It looks like IT teams have no respite. Following all the hassles caused by Log4j (and its variants), there is a new high profile, high-risk vulnerability making the rounds. CVE-2021-4034, or PwnKit if you’re into fancy CVE nicknames, is a polkit vulnerability that lets unprivileged users gain root privileges on basically any Linux system out there that has polkit installed.

NOTE: Patches are now available for Centos6, Oracle6, CL6, Ubuntu16, and Centos8.4 with more to follow. You can track actual distribution support through a CVE dashboard here.

Posted on

How to Use Automatic Index Recommendations in PostgreSQL

In our last blog, we learned about the Need and Usage of Hypothetical Indexes in PostgreSQL. We can now "check" easily in a live environment, determine if some particular index will be helpful or not, and figure out how we get to know which index to test. To do this, you'll also need in-depth knowledge of indexing and experience in Postgresql. However, in PostgreSQL, we can get an automatic recommendation of indexes for specific queries by using three extensions hypog, pg_stat_statements, and pg_qualstats

Let’s explore the practical uses of this feature in Postgres!

Posted on

Checklists: System is Hacked (Part 2) Preventive Steps for Infra (OS Hardening)

Introduction

In the last article, we described a list of checks which can determine if a system is compromised or hacked.  In this article, we will talk about preventive steps (especially infra-related) that can be taken care of to avoid hacking or to make the system more secure. There are many directions in which we can secure our application as follows:

  • OS Hardening (Infra Level Security).
  • Secure Coding Guidelines.
  • Encryption Of Sensitive Data.
  • Ensure No Vulnerability Exists in System.

In this blog, we will be concerned about OS hardening (Infra Level Security) in Linux systems (CentOS/Redhat). We will cover other parts in future blogs.

Posted on

Checklists: System is Hacked (Part 1) Confirming a Compromise

Introduction

As in my previous blog where I explained how I came to know if my system is hacked or compromised (link here). Here in this blog, I will explain what basic things we can check on our system when we have doubt if our system is compromised.

This blog has 3 parts. In this part, we look at a list of checks which can determine if a system is compromised or hacked.

Posted on

Getting started with edge development on Linux using open source

There are many reasons why Linux is such a popular platform for processing Internet of Things (IoT) edge applications. A major one is a transparency. Linux security capabilities are built on open source projects, giving users a transparent view of security risks and threats and enables them to apply fixes quickly with security module patches or kernel-level updates. Another Linux advantage is that developers can choose from various programming languages to develop, test, and run device communications over various networking protocols—other than HTTP(s)—when developing IoT edge applications. It also enables developers to address server programming for controlling data flow from IoT devices to front-end graphical user interface (GUI) applications.

This article explains how to get started with IoT edge development using Quarkus, a cloud-native Java framework that enables you to integrate a lightweight message broker for processing data streams from IoT devices in a reactive way.

Posted on

Avengers of the Container World, Episode 1: Podman Hands-On

CRI-O and Podman have been widely adapted by most of the modern container platforms. In this blog, I will explore why everybody is gaga about this new ecosystem of tools/utilities and share some of my experience in this series.

I got a lot of feedback, after I published my blog on Containers and evolution of Containers (you can read it here 'Evolution of k8s worker nodes - CRI-O'). One of the common questions asked, is how Podman is different from Docker and how the new ecosystem of podman+buildah+cri-o+skopio different from what we do with docker... so I wanted to do a deep dive on these things, and share some of my experiences with this new ecosystem of container runtime and management tools/utilities.

Posted on

Building a Mission-Critical Open Source Java Platform – The Web Layer

Currently the Java platform is one of the most consolidated in the world, much of this is due to platform's ability to support other languages such as Kotlin, Groovy and Scala, etc. Thousands of web and mobile applications are developed using the platform as a base. The Java platform has changed a lot in recent years and probably will keep evolving.

In parallel with these changes, we see the evolution application servers, that increasingly offer highly complex features such as load balancing components, smart asynchronous messaging, transaction control and many other technologies facilitating application development and standardization. They also provide a stable and scalable infrastructure for mission critical applications. One of the biggest challenges for application servers is to couple highly complex services, making them stable and flexible.

Posted on

Kubernetes Installation in RedHat/CentOS

Welcome! In this article, we are going to look at how to configure Kubernetes cluster for container orchestration.

Before reading this article, you should know basic core concepts of kubernetes components and basic administration in Redhat OS or CentOS

Posted on

How to Configure Sentrifugo: An Open-Source Human Management System on CentOS

Learn how to install and configure Sentrifugo — an open-source human management system

Sentrifugo is a free and open-source human resource management system that is powerful enough to meet your organizational needs. Sentrifugo helps you to manage and track your employees' availability and helps you to maintain privileges and roles for various employee groups in your organization. It also comes with a CV management feature that allows you to schedule interviews conveniently.

You may also like: From Gut Feeling to Informed Decision: Journey of HR Analytics

In this tutorial, we will be installing Sentrifugo on a Linux server with CentOS 7 installed on it.

Posted on

How to Install ClipBucket and Nginx on CentOS 7

ClipBucket is an open source media and video management system, available in both free and paid versions. With ClipBucket, you can launch your own multi-screen branded Video-On-Demand (VOD) content. ClipBucket has LDAP integration through which you can setup your Ad credentials. A revenue sharing system in ClipBucket also allows you to manage RPM (revenue per thousand impressions) by regions.

ClipBucket does not restrict its installation to any specific operating system (OS). You can use any operating system (OS) of your choice; however, the installation steps would vary according to the choice of operating system.
In this tutorial, we will be installing and configuring ClipBucket and Nginx on an Alibaba Cloud Elastic Compute Service (ECS) instance with CentOS 7.

Posted on

Install R Shiny Server on CentOS 7

The shiny server is a web server which provides you with a platform to host R-powered shiny applications on the server. You can host multiple shiny applications on a single server without getting HTML, CSS, and other stuff involved. It enables you to support non-web socket-enabled browsers like Internet Explorer 10.

Some of the features of the Shiny server are listed below: