2014 September

How to test and patch your server for the Shellshock exploit

To test your system to see if it is vulnerable to the ShellShock exploit, run the following command from the command line:

env check='Not vulnerable' x='() { :;}; check=Vulnerable' bash -c 'echo $check'

If the reply from the command says “Vulnerable”, you should patch it immediately! The fix is actually quite simple and only takes a minute or so.

 

CentOS, Fedora, Redhat

Log into your server as root

yum update -y

 

Debian, Ubuntu, Mint

sudo apt-get update && sudo apt-get install --only-upgrade bash

That’s it! You can re-run the test command to verify your server has been successfully patched.

 
 
 

By admin on September 26, 2014 | Linux, Security | A comment?

How to create a CSR (Certificate Signing Request) in Linux using OpenSSL

Before you can purchase or create your own self signed SSL certificate, you must first create a CSR (Certificate Signing Request) and a Private Key. These two files much be created simultaneously or the resulting SSL certificate will not work.

As root, run the following command:

openssl req -nodes -newkey rsa:2048 -keyout sub.domain.com.key -out sub.domain.com.csr
Generating a 2048 bit RSA private key
............+++
.......................+++
writing new private key to 'sub.domain.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:State
Locality Name (eg, city) [Default City]:City
Organization Name (eg, company) [Default Company Ltd]:Business Name or Domain.com
Organizational Unit Name (eg, section) []:optional
Common Name (eg, your name or your server's hostname) []:sub.domain.com
Email Address []:optional

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:Enter
An optional company name []:Enter

With the above command, both the CSR (sub.domain.com.csr) and Private Key (sub.domain.com.key) files are created.

It is important to note in the above example to use the fully qualified domain name (FQDN) for the “Common Name”. If you are going to use the certificate with www.domain.com, enter “www.domain.com”. If you are using an alternate subdomain, such as orders, type “orders.domain.com”.

Some SSL providers may create certificates that work for both domain.com and www.domain.com, but there is no guarantee this will work for you.

By admin on September 16, 2014 | Apache | A comment?