Category: General information

General information

A. P. J. Abdul Kalam – Great Son of India

A. P. J. Abdul Kalam – Great Son of India

Introduction

A. P. J. Abdul Kalam (Avul Pakir Jainulabdeen Abdul Kalam) was the 11th President of India from 2002 to 2007. He was great engineer,scienctist and Leader.

I pay tribute to him and May his soul rest in peace.

 

 

 

 

 

 

ॐ असतो मा सद्गमय ।
तमसो मा ज्योतिर्गमय ।
मृत्योर्मा अमृतं गमय ।
ॐ शान्तिः शान्तिः शान्तिः ॥
Om Asato Maa Sad-Gamaya |
Tamaso Maa Jyotir-Gamaya |
Mrtyor-Maa Amrtam Gamaya |
Om Shaantih Shaantih Shaantih ||

 

Thank you,

Arun Bagul

Shellshock ‘Deadly serious’ new tech bug found!

Shellshock ‘Deadly serious’ new tech bug found!

This issue affects all products which use the Bash shell and parse values of environment variables. This issue is especially dangerous as there are many possible ways Bash can be called by an application. Quite often if an application executes another binary, Bash is invoked to accomplish this. Because of the pervasive use of the Bash shell, this issue is quite serious and should be treated as such.

All versions prior to those listed as updates for this issue are vulnerable to some degree.

My infected OS version is CentOS-6 and bash version 4.1.2

[root@host75 ~]# lsb_release -a
lsb_release -a
LSB Version: :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-noarch
Distributor ID: CentOS
Description: CentOS release 6.4 (Final)
Release: 6.4
Codename: Final

[root@host75 ~]# bash --version
bash --version
GNU bash, version 4.1.2(1)-release (x86_64-redhat-linux-gnu)
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later

This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Diagnostic Steps:

To test if your version of Bash is vulnerable to this issue, run the following command:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If the output of the above command looks as follows:

vulnerable
this is a test

hmm, I got infected!

[root@host75 ~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test

You are using a vulnerable version of Bash. The patch used to fix this issue ensures that no code is allowed after the end of a Bash function. Thus, if you run the above example with the patched version of Bash, you should get an output similar to:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

If your system is vulnerable, update to the most recent version of the Bash package by running the following command:

$yum update bash

This fix my bash ??????

[root@host75 ~]# yum update bash
Loaded plugins: fastestmirror, security, tmprepo
Loading mirror speeds from cached hostfile
epel/metalink | 15 kB 00:00
* base: centos.eecs.wsu.edu
* epel: mirrors.kernel.org
* extras: centos.chi.host-engine.com
* updates: mirror.raystedman.net
base | 3.7 kB 00:00
epel | 4.4 kB 00:00
epel/primary_db | 6.3 MB 00:05
extras | 3.3 kB 00:00
updates | 3.4 kB 00:00
updates/primary_db | 5.3 MB 00:04
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package bash.x86_64 0:4.1.2-14.el6 will be updated
---> Package bash.x86_64 0:4.1.2-15.el6_5.1 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================================================================================
Package Arch Version Repository Size
================================================================================================================================================
Updating:
bash x86_64 4.1.2-15.el6_5.1 updates 905 k

Transaction Summary
================================================================================================================================================
Upgrade 1 Package(s)

Total download size: 905 k
Is this ok [y/N]: y
Downloading Packages:
bash-4.1.2-15.el6_5.1.x86_64.rpm | 905 kB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : bash-4.1.2-15.el6_5.1.x86_64 1/2
Cleanup : bash-4.1.2-14.el6.x86_64 2/2
Verifying : bash-4.1.2-15.el6_5.1.x86_64 1/2
Verifying : bash-4.1.2-14.el6.x86_64 2/2

Updated:
bash.x86_64 0:4.1.2-15.el6_5.1

Complete!

Test if update fixed to patch your bash

[root@host75 ~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

How does this impact systems:
This issue affects all products which use the Bash shell and parse values of environment variables. This issue is especially dangerous as there are many possible ways Bash can be called by an application. Quite often if an application executes another binary, Bash is invoked to accomplish this. Because of the pervasive use of the Bash shell, this issue is quite serious and should be treated as such.

All versions prior to those listed as updates for this issue are vulnerable to some degree.

See the appropriate remediation article for specifics.

Functions written in Bash itself do not need to be changed, even if they are exported with “export -f”. Bash will transparently apply the appropriate naming when exporting, and reverse the process when importing function definitions.

Ref:
http://www.bbc.com/news/technology-29361794
https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability
https://access.redhat.com/articles/1200223
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
http://lists.gnu.org/archive/html/bug-bash/2014-09/threads.html
https://rhn.redhat.com/errata/RHSA-2014-1306.html

Mangalyaan – India’s race for space success

Mangalyaan – India’s race for space success

Introduction-

Many many congratulations to ISRO (Indian Space Research Organisation) team for making Mangalyaan successful!. we are proud of you all!

 

Short story of Mangalyaan!-

India’s maiden mission to Mars, the Mangalyaan, has arrived in orbit after a 300-day marathon covering over 670 million kilometres.

“India will become the first Asian country to have achieved this and if it happens in the maiden attempt itself, India could become the first country in the world to have reached distant Mars on its own steam in the first attempt,” said Isro chairman K Radhakrishnan as it approached.

“We have gone beyond the boundaries of human enterprise” – Narendra Modi (PM. India)

Ref Links-  http://www.isro.org/mars/home.aspx

http://en.wikipedia.org/wiki/Mars_Orbiter_Mission

Thanks you,
Arun Bagul

Selecting virtual SCSI Controllers for Disks (VMware VM)

Selecting virtual SCSI Controllers for Disks (VMware VM)

Introduction-
To access virtual disks, a virtual machine uses virtual SCSI controllers. Each virtual disk that a virtual machine can access through one of the virtual SCSI controllers resides in the VMFS datastore, NFS-based datastore, or on a raw disk. The choice of SCSI controller does not affect whether your virtual disk is an IDE or SCSI disk.

Following virtual SCSI controllers commonly used…

A) BusLogic
– This was one of the first emulated vSCSI controllers available in the VMware platform.
– No updates and considered as legacy or for backward compatibility…

B) LSI Logic Parallel
– This was the other emulated vSCSI controller available originally in the VMware platform.
– Most operating systems had a driver that supported a queue depth of 32 and it became a very common choice, if not the default
– Default for Windows 2003/Vista and Linux

C) LSI Logic SAS
– This is an evolution of the parallel driver to support a new future facing standard.
– It began to grown popularity when Microsoft required its use for MCSC within Windows 2008 ore newer.
– Default for Windows 2008 or newer
– Linux guests SCSI disk hotplug works better with LSI Logic SAS
– Personally I use this
D) VMware Paravirtual (aka PVSCSI)
– This vSCSI controller is virtualization aware and was been designed to support very high throughput with minimal processing cost and is therefore the most efficient driver.
– In the past, there were issues if it was used with virtual machines that didn’t do a lot of IOPS, but that was resolved in vSphere 4.1.

* PVSCSI and LSI Logic Parallel/SAS are essentially the same when it comes to overall performance capability.
* Total of 4 vSCSI adapters are supported per virtual machine.  To provide the best performance, one should also distribute virtual disk across as many vSCSI adapters as possible
* Why not IDE? – IDE adapter completes one command at a time while SCSI can queue commands. So SCSI adapter is better optimized for parallel performance. Also Maximum of 4 IDE Devices per VM (includes CDROM) but SCSI allows 60 devices.

Thank You,
Arun

How to Import/Export GNU GPG Keys

How to Import/Export GNU GPG Keys

How to Import/Export GPG Keys-

Step 1) List GPG Keys –

[root@test-host ~]# gpg -kv
/root/.gnupg/pubring.gpg
————————
pub  1024D/F9F17DC2 2012-09-27 Test GPG key (Created by Arun) <arun@my.com>
sub  2048g/F173E2CC 2012-09-27

pub  1024D/5A6C12B1 2013-02-25 Test2 <abagul@my.com>
sub  1024g/CA7BF220 2013-02-25

Step 2) How to Export GPG Key –

[root@test-host ~]# gpg –armor –export  –output /tmp/mykey.pub -r ‘5A6C12B1’
[root@test-host ~]# cat /tmp/mykey.pub
—–BEGIN PGP PUBLIC KEY BLOCK—–
Version: GnuPG v1.2.6 (GNU/Linux)

[root@test-host ~]# gpg –armor –export-secret-key  -r 5A6C12B1 –output /tmp/mykey.pri
[root@test-host ~]# cat /tmp/mykey.pri
—–BEGIN PGP PRIVATE KEY BLOCK—–
Version: GnuPG v1.2.6 (GNU/Linux)

Step 3) How to Import GPG Keys –

[arunb@test-host2 ~]$ gpg –import   /tmp/mykey.pri
gpg: keyring `/saba/arunb/.gnupg/secring.gpg’ created
gpg: key 5A6C12B1: secret key imported
gpg: key 5A6C12B1: public key Test2 <abagul@my.com> imported

[arunb@test-host2 ~]$ gpg –import   /tmp/mykey.pub
gpg: key 5A6C12B1: key Test2 <abagul@my.com> 2 new signatures imported
[arunb@test-host2 ~]$

Step 4) Now Test GPG Encryption/Decryption –

[arunb@test-host2 ~]$ echo “arunb” |gpg -v –no-tty  –passphrase-fd 0 –output /tmp/output.csv –decrypt /tmp/mytest.csv.pgp
gpg: public key is CA7BF220
gpg: using secondary key CA7BF220 instead of primary key 5A6C12B1
gpg: using secondary key CA7BF220 instead of primary key 5A6C12B1
gpg: encrypted with 1024-bit ELG-E key, ID CA7BF220, created 2013-02-25
“Test2 <abagul@my.com>”
gpg: AES256 encrypted data
gpg: original file name=’mytest_1_1.csv’
[arunb@test-host2 ~]$

Thank you,
Arun Bagul

Choosing a NIC (Network Adapter) for VM in Vmware ESXi environment

Choosing a NIC (Network Adapter) for VM in Vmware ESXi environment

Introduction-

NIC types available for VM  are depends on VM Hardware version and Guest OS (Operating System). When you configure a virtual machine, you can add network adapters (NICs) and specify the adapter type…

The following NIC types widely used:

E1000 –
Emulated version of the Intel 82545EM Gigabit Ethernet NIC, with drivers available in most newer guest operating systems, including Windows XP and later and Linux versions 2.4.19 and later.

E1000e – This feature emulates a newer model of Intel Gigabit NIC (number 82574) in the virtual hardware. This is known as the “e1000e” vNIC. e1000e is available only on hardware version 8 (and newer) virtual machines in vSphere.

VMXNET2 (Enhanced)

Optimized for performance in a virtual machine and has no physical counterpart. Because operating system vendors do not provide built-in drivers for this card, you must install VMware Tools to have a driver for the VMXNET network adapter available.
Based on the VMXNET adapter but provides high-performance features commonly used on modern networks, such as jumbo frames and hardware offloads. VMXNET 2 (Enhanced) is available only for some guest operating systems on ESX/ESXi 3.5 and later.

VMXNET3

Next generation of a paravirtualized NIC designed for performance. VMXNET 3 offers all the features available in VMXNET 2 and adds several new features, such as multiqueue support (also known as Receive Side Scaling in Windows), IPv6 offloads, and MSI/MSI-X interrupt delivery. VMXNET 3 is not related to VMXNET or VMXNET 2.
– VMXNET 3 is supported only for virtual machines version 7 and later.
– Support 10Gpbs ie 10Gig Network
– Jumbo frame supported

I would suggest to use  “VMXNET3”

Thank you,
Arun

Rigs of Rods

Rigs of Rods

Introduction-

First of all thanks to “sourceforge.net” for hosting open source software. I’m follower “sourceforge.net” of project of the Month.

“Rigs of Rods is project of month for November 2012. This is one of the best and rocking open source project.
Rigs of Rods is a 3D simulator game where you can drive, fly and sail various vehicles using an accurate and unique soft-body physics engine.

 

 

 

 

 

 

* I love this Software!

Thank you,
Arun Bagul

Parse FTP server log and send mail for every uploaded files

Parse FTP server log and send mail for every uploaded files

Introduction –

One of my friend was looking for script to parse FTP server log after every 10mins and send mail for every file uploaded by user
with Username, Uploaded File Name, Date and Size.  Please prefer the follow perl script to this task….

Download ftp file from here – http://www.indiangnu.org/wp-content/uploads/2012/ftp_logparser-pl.txt

1] Script –

arunb@mylaptop:~$ cat perl-prog/ftp_logparser.pl

#!/usr/bin/perl

use strict;
use warnings;

no warnings 'uninitialized';

my $argument = $#ARGV + 1 ;
my $mylog_file = $ARGV[0];

if ( -f $mylog_file ) {
  print "\nChecking FTP log file for Upload files ~ $mylog_file";
  open(FILE, "<$mylog_file") or die("\nFile not found : $! ");

  print "\nContent of file is....\n";
  while() {
	chomp($_);
	## Fri Jul  6 14:15:25 2012 [pid 27841] [vivek] OK UPLOAD: Client "172.30.1.76"," /squid-2 7-Template-v23.docx", 594488 bytes
	#print "\nLine=> $_";
	if ($_ !~ /^\s*$/) {
	  #print "\nLine=> $_";
	  if ($_ =~ m/(.*)\s+\[pid.*\]\s+\[(.*)\]\s+OK\s+UPLOAD:\s+Client\s+"(\d+.\d+.\d+.\d+)","(.*)",\s+(\d+)\sbytes.*/) {
	     my ($mydate, $myser,$ipaddr, $file_upload, $file_size) = ($1,$2,$3,$4,$5);
	     print "\n'$mydate' - '$myser' - '$ipaddr' - '$file_upload' - '$file_size'";
	     ## send mail
	     my $CONTACTEMAIL = "abc\@xyz.com";
	     open(MAIL, "|/usr/sbin/sendmail -t");
	     print MAIL "To: $CONTACTEMAIL\n";
	     print MAIL "From: ftp\@abc.com\n";
	     print MAIL "Subject: File Uploaded- $file_upload";
	     #print MAIL "\nContent-type: text/html\n\n";
	     print MAIL "\nContent-type: text/plain\n\n";
	     print MAIL "\nFile Name: $file_upload";
	     print MAIL "\nFile Size: $file_size bytes";
	     print MAIL "\nUser: $myser";
	     print MAIL "\nIPaddr: $ipaddr";
	     print MAIL "\nDate: $mydate";
	     close(MAIL);
	  }
	}
  }
  close(FILE);

  print "\nDone";
} else {
   print "\n * Usage: $0  \n";
}

#end
print "\n";
arunb@mylaptop:~$

2] How to Use –

arunb@mylaptop:~$ ./perl-prog/ftp_logparser.pl

* Usage: ./perl-prog/ftp_logparser.pl

arunb@mylaptop:~$ ./perl-prog/ftp_logparser.pl /var/log/ftp.log

Thank you,
Arun Bagul