VMware Brings Its Cloud to AWS

REF: http://www.admin-magazine.com/News/VMware-Brings-Its-Cloud-to-AWS

At the VMware World Conference, VMware announced the arrival of VMware cloud to AWS. VMware will be selling and supporting the service as an on-demand, elastically scalable cloud service. This announcement is the culmination of the strategic partnership that the two companies forged last October.

TrendLabs: USB Malware Implicated in Fileless Attacks

Figure 1. Infection chain

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/usb-malware-implicated-fileless-attacks/

The world's first iOS screen sharing app

REF: https://www.teamviewer.com/en/features/ios-screen-sharing/

Fully IP Turnkey Vizrt Playout System

The NVG1 NewTek-Vizrt IP Graphics Server comes complete with:
 •  Real-time animated 3D graphics
 •  NDI^® IP connectivity
 •  4K UHD resolution
 •  TriCaster^® TC1 and NewTek IP Series integration
 •  Ready-made templates & more

With NVG1, high-end graphics playout is now within reach. 

REF: https://newtek.com/nvg1/

Google CLoud Free Tier

Always Free Usage Limits

As part of the Google Cloud Platform Free Tier, Compute Engine offers an amount of usage that is free to use, up to a specific limit. These free usage limits are always available even during and after the free trial period. If you go over these usage limits and are no longer in the free trial period, you will be charged according to the price sheet.

• 1 f1-micro VM instance per month (US regions, excluding Northern Virginia).
• 30 GB of Standard persistent disk storage per month.
• 5 GB of snapshot storage per month.
• 1 GB egress from North America to other destinations per month (excluding Australia and China).

REF: https://cloud.google.com/compute/pricing

Check_MK: Backup and Restore

What happens at Backup & Restore

The following files and directories go into your backup - and will be replaced completely by a restore:

• the main configuration file (main.mk)
• the final configuration file final.mk, if present
• all files in your configuration subdirectory conf.d, if present
• automatically inventorized checks (usually /var/lib/check_mk/autochecks)
• current performance counters (usually /var/lib/check_mk/counters)
• stored logfiles of logwatch (usually /var/lib/check_mk/logwatch)
• cached files from the agents (usually /var/lib/check_mk/cache)

REF: https://mathias-kettner.de/checkmk_backup.html

Google Cloud Platform is the PaaS leader

According to the report, an insight PaaS makes it easier to:

• Manage and access large, complex data sets
• Update and evolve applications that deliver insight at the moment of action
• Update and upgrade technology
• Integrate and coordinate team member activities

REF: https://cloudplatform.googleblog.com/2017/08/independent-research-firm-names-Google-Cloud-the-Insight-Platform-as-PaaS-Leader.html

Live News Production Simplified

In 2014, NewsMaker Systems recognized the NewTek TriCaster’s integrated production system potential to be the single device it could control in an MOS-based newsroom system. The company began working with the development and technical teams at NewTek to integrate Tricaster with a suite of NewsMaker Systems solutions to be used in live newscast environments.

1970’s IBM computer used by Dean Kolkey and Tony Chick.
REF: http://blog.newtek.com/blog/2017/08/02/live-news-production-simplified/

Software-defined storage with LizardFS

Figure 1: The LizardFS master is the center of all operations (source: Skytechnology).
REF: http://www.admin-magazine.com/Articles/Software-defined-storage-with-LizardFS

BET Betting Big on IP Workflows

In 1980, BET (Black Entertainment Television) became the first television network in the United States primarily devoted to African-American viewers.

In 1991, the network’s then-parent company became the first black-owned company to be traded on the New York Stock Exchange.

And recently, the network scored another first, this time in technology adoption – enabling it to stake its claim among the pioneers of IP-based production workflows.

REF: http://blog.newtek.com/blog/2017/08/11/bet-betting-big-on-ip-workflows/

ISO 27001 compliance for DAM vendor

Unless you're involved in the technical side of your organisation, you may not have heard of ISO 27001. However, this is a very important term to be aware of when it comes to protecting sensitive company data and files.

REF: http://www.resourcespace.com/feed?49

Connected Car Vulnerabilities

Figure 1. A typical CAN network diagram (*1)

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/connected-car-hack/

OSSEC HIDS system

OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, OpenBSD, FreeBSD, Mac OS X, Solaris and Windows. A list with all supported platforms is available at: Supported Systems

REF: https://ossec.github.io/docs/

SIEM or Log Management

...there is confusion about “what is a SIEM?” vs “what is a log manager?” It is entirely possible that your IT and security requirements call for log aggregation and rapid log search – and for nothing else (so you only need log management). It is just as possible that they call for a robust real-time monitoring based on correlation and analytics, lots of security dashboards, etc (so you need both SIEM and log management, as we say here, and also perhaps a UEBA).

REF: http://blogs.gartner.com/anton-chuvakin/2017/07/26/siem-or-log-management/

New Malware Abuses PowerPoint Slide Show

Figure 1: Infection flow for TROJ_CVE20170199.JVU

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-0199-new-malware-abuses-powerpoint-slide-show/

Backdoor-carrying Emails to Russian-speaking Businesses

Figure 1. The malicious email campaign’s attack chain

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/backdoor-carrying-emails-set-sights-on-russian-speaking-businesses/

OpenBSD on modern laptop

REF: http://bsdly.blogspot.tw/2017/07/openbsd-and-modern-laptop.html

Here are the two machines, the old (2014-vintage) and the new side by side:

The OpenBSD installer is a wonder of straightforward, no-nonsense simplicity that simply gets the job done. Even so, if you are not yet familiar with OpenBSD, it is worth spending some time reading the OpenBSD FAQ's installation guidelines and the INSTALL.$platformfile (in our case, INSTALL.amd64) to familiarize yourself with the procedure. If you're following this article to the letter and will be installing a snapshot, it is worth reading the notes on following -current too.

Avoiding KVM configuration errors

Figure 1: An architectural overview of the KVM ecosystem with libvirt/Qemu.
REF: http://www.admin-magazine.com/Articles/Avoiding-KVM-configuration-errors

Sys Admins Will Love Red Hat Enterprise Linux 7.4

One of the main areas of focus this release is security. Those sys admins who are experimenting with containers can now take advantage of SELinux for their container workloads. In addition to SELinux support for OverlayFS, RHEL now has full support for the overlay2 storage driver.

What sys admin doesn’t love automation? RHEL 7.4 comes with the technology preview of RHEL System Roles, which brings together the capabilities of Red Hat Satellite and automation via Ansible Tower.

http://www.admin-magazine.com/News/Sys-Admins-Will-Love-Red-Hat-Enterprise-Linux-7.4

Unprivileged container mapping

REF: https://pve.proxmox.com/wiki/Unprivileged_LXC_containers

Let's see an example, we want to make uid 1005 accessible in an unprivileged container.

First, we have to change the container UID mapping in the file /etc/pve/lxc/1234.conf:

# uid map: from uid 0 map 1005 uids (in the ct) to the range starting 100000 (on the host), so 0..1004 (ct) → 100000..101004 (host)
lxc.id_map = u 0 100000 1005
lxc.id_map = g 0 100000 1005
# we map 1 uid starting from uid 1005 onto 1005, so 1005 → 1005
lxc.id_map = u 1005 1005 1
lxc.id_map = g 1005 1005 1
# we map the rest of 65535 from 1006 upto 101006, so 1006..65535 → 101006..165535
lxc.id_map = u 1006 101006 64530
lxc.id_map = g 1006 101006 64530

Then we have to allow lxc to actually do the mapping on the host. Since lxc creates the CT using root, we have to allow root to use these uids in the container.

First the file /etc/subuid (we allow 1 piece of uid starting from 1005):

root:1005:1

then /etc/subgid:

root:1005:1

You can start or restart the container here, it should start and see /shared mapped from the host directory /mnt/bindmounts/shared, all uids will be mapped to 65534:65534 except 1005, which would be seen (and written) as 1005:1005.

Ransomware Now Steals From Bitcoin Wallets

Figure 1. Cerber arrival

The JavaScript attachment is dedicated as JS_NEMUCOD.SMGF2B, which leads to the download of the Cerber variant (detected as RANSOM_HPCERBER.SMALY5A). In most respects, this Cerber variant is identical to the versions we spotted in May, but with a new nuance to its behavior: it now targets Bitcoin wallets for theft as well.

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/cerber-ransomware-evolves-now-steals-bitcoin-wallets/

AI already changing how CIOs lead healthcare IT

The healthcare industry is being rapidly transformed by technology in a multitude of ways – from how doctors engage with patients to how cures are discovered. Boston-based Partners HealthCare is getting ahead of these shifts by collaborating with GE Healthcare and Nvidia to strategically integrate artificial intelligence and machine learning technology into every aspect of patient care over the next 10 years.

REF: https://enterprisersproject.com/article/2017/8/ai-already-changing-how-cios-lead-healthcare-it

Querying ZFS Storage Pool Status

REF: https://docs.oracle.com/cd/E19253-01/819-5461/gaynp/index.html

The zpool list command provides several ways to request information regarding pool status. The information available generally falls into three categories: basic usage information, I/O statistics, and health status. All three types of storage pool information are covered in this section.

• Displaying Information About ZFS Storage Pools
• Viewing I/O Statistics for ZFS Storage Pools
• Determining the Health Status of ZFS Storage Pools

Linux Tools on Windows 10

WSL allows you to run your choice of Linux distribution in Windows 10. Major distributions like openSUSE Leap are now available from the store and can be installed with one click.

REF: http://www.admin-magazine.com/News/Now-Everyone-Can-Run-Linux-Tools-on-Windows-10

Linux Container Security

LXC containers can be of two kinds:

• Privileged containers
• Unprivileged containers

The former can be thought as old-style containers, they're not safe at all and should only be used
in environments where unprivileged containers aren't available and where you would trust
your container's user with root access to the host.

The latter has been introduced back in LXC 1.0 (February 2014) and requires a reasonably recent
kernel (3.13 or higher). The upside being that we do consider those containers to be root-safe and so,
as long as you keep on top of kernel security issues, those containers are safe.

As privileged containers are considered unsafe, we typically will not consider new container escape
exploits to be security issues worthy of a CVE and quick fix. We will however try to mitigate those
issues so that accidental damage to the host is prevented.

REF: https://linuxcontainers.org/lxc/security/

Check_MK: netstat

Established TCP Connections or TCP/UDP Listeners

Distribution:	official part of Check_MK
License:	GPL
Supported Agents:	Linux, AIX

This check evaluates the output of the netstat command on Linux and AIX and checks if there are established connections or listeners matching a given criteria. 

The check returns OK state if the specified connection/listener is present, and CRIT if not. 

This check needs the agent plugin netstat_an.bat to be installed. 

REF: https://mathias-kettner.com/checkmk_check_netstat.html

Proxmox: limiting I/O

• Disk IO limits are fully implemented with KVM - you can even configure them on the GUI ('Disk throttle' buttom).
• For lxc: lsblk to get device:

└─sda3 8:3 0 3.7T 0 part
├─pve-root 251:0 0 10G 0 lvm /
├─pve-swap 251:1 0 2G 0 lvm [SWAP]
├─pve-data_tmeta 251:2 0 116M 0 lvm
│ └─pve-data-tpool 251:4 0 3.6T 0 lvm
│ ├─pve-data 251:5 0 3.6T 0 lvm
│ ├─pve-dir 251:6 0 50G 0 lvm
│ ├─pve-vm--60200--disk--1 251:7 0 600G 0 lvm

then
limit read to 10KB/s for container 60200
echo "251:7 10000" > /sys/fs/cgroup/blkio/lxc/60200/blkio.throttle.read_bps_device

for iops use blkio.throttle.read_iops_device

REF: https://forum.proxmox.com/threads/i-o-disk-limit.28591/

OpenBSD Console Freezes Proxmox 5.0

Proxmox5.0 running on AMD Opteron G2 2435  Based systems
 are NOT affected by the bug...So the Bug seems to only affect Intel systems (well) IvyBridge Xeon e5 2660-v2 or Xeon X5650 based systems

REF: https://www.mail-archive.com/misc@openbsd.org/msg154985.html

Small Log Monitoring Tools

A system's logfiles not only record failed login attempts by users, but they also log program errors and information about attacks. Admins therefore should keep a continuous eye on them. Tools such as LOGalyze [1], Logcheck [2], Logwatch [3], MultiTail [4], and SwatchDog [5] can help you here.

REF: http://www.linux-magazine.com/Issues/2017/200/Five-lean-tools-for-monitoring-logfiles

Microsoft SQL Server 2017 RC Comes with Full Support for Linux

REF: http://www.admin-magazine.com/News/Microsoft-SQL-Server-2017-RC-Comes-with-Full-Support-for-Linux

“SQL Server 2017 will bring with it support for the Linux OS and containers running on Windows, Linux, and macOS. Our goal is to enable SQL Server to run in modern IT infrastructure in any public or private cloud,” Tony Petrossian, Partner Group Program Manager, Database Systems Group at Microsoft, wrote in a blog post.

How Linux containers have evolved

REF: https://opensource.com/article/17/7/how-linux-containers-evolved?sc_cid=70160000000h0P5AAI

Containers have come a long way in the past few years. We walk through the timeline.

 10 Jul 2017 Daniel J Walsh (Red Hat) Feed 

38

up

 6 comments

Image credits : 

Daniel Ramirez. CC BY-SA 4.0

Downside of Free Software

REF: http://www.linux-magazine.com/Issues/2017/202/Downside-of-Free-Software

Some software, even the essential plumbing of the Internet on which we all depend, becomes an externality, and that makes it a problem.

What's an externality? It's a cost that you bear, or an advantage that you enjoy, that you haven't paid for. If a factory pollutes a river and the fishermen downstream find that their catch declines, that's an example of a negative externality affecting the fishermen.

Googler: Command-line search engine

 It provides a headless search engine that can be called within a script. When combined with a text-based browser, it gives you access to the Internet. Most important of all, Googler offers the same search options and presentation of results as the Google home page, but with the use of a few aliases, in fewer keystrokes.

REF: http://www.linux-magazine.com/Issues/2017/202/Command-Line-Googler

How can better Digital Asset Management help charities

REF: http://www.resourcespace.com/feed?48

26TH JULY 2017

Canonical's next steps

REF: http://www.linux-magazine.com/Issues/2017/202/Interview-Canonical-s-Mark-Shuttleworth

Eventually, Shuttleworth and other Canonical leaders realized the company was trying to bite off more than it could chew, as it fought on simultaneous fronts with heavyweights such as Microsoft, Apple, Google, and Samsung. Canonical is now restructuring and is getting out of the consumer space to focus on the enterprise market.