mXtract is an opensource linux based tool that analyses and dumps memory. Its developed as an offensive pentration testing tool which can be used to scan memory for private keys, ips, and passwords using regexes. Remember your results are only as good as your regexes.[…]
In this post, we explore the adoption of Linux hardening schemes across five popular distributions by examining their out-of-the-box properties. For each distribution, we analyzed its default kernel configuration, downloaded all its packages, and analyzed the hardening schemes of their enclosed binaries. Our dataset includes the OpenSUSE 12.4, Debian 9, CentOS and RHEL 6.10 & 7 distributions, as well as the Ubuntu 14.04, 12.04, and 18.04 LTS distributions. Our findings confirm that even basic hardening schemes, such as stack canaries and position independent code, are not fully adopted. The situation is even worse when it comes to other compiler protections like stack clash hardening, which recently came into the spotlight due to last month’s systemd vulnerabilities. However, not all is hopeless.[…]
Fedora 30 now contains all changes changes for a fully Flicker Free Boot. Last week a new version of plymouth landed which implements the new theme for this and also includes a much improved offline-updates experience, following this design. At boot the display will seamlessly transit from the firmware boot-splash into the new plymouth theme, which uses the firmware boot-splash as background[…]
[…In this article, we explain how you can debug your Linux kernel and its modules during runtime. This article will be useful for Linux kernel developers who want to speed up the time to market of their software.[…]
While researching archaic facts about the 80386 hardware context switch last weekend, I remembered that early versions of the Linux kernel relied on it. I was promptly sidetracked for hours reading code I hadn’t seen in years. This weekend, I’ve decided to write down the journey to consolidate all the nuggets of fun stuff I discovered along the way.
[…]The following tips should make it quicker and easier to troubleshoot hardware in Linux. Many different things can cause problems with Linux hardware; before you start trying to diagnose them, it’s smart to learn about the most common issues and where you’re most likely to find them.[…]
This post describes the basic requirements for compiling highly portable ELF binaries. Essentially using a newer Linux distro like Ubuntu 18.10 to build complex projects that run on older distros like CentOS 6. The details are limited to C/C++ projects and to x86_64 architectures. The low-level solution is to use a C++ runtime that requires only glibc 2.13+ runtime linkage and link all third-party libraries as well as the compiler runtime and C++ implementation statically. Do not make a “fully static” binary. You will most likely find a glibc newer than 2.13 on every Linux distribution released since 2011. The high-level solution is to use the build-anywhere scripts to build a easy-to-use toolchain and set compiler flags.[…]
This project consists of 3 parts.
1) A script (gpu-pt-check.sh) that automatically checks to what extend a computer is compatible with GPU pass-through in its given configuration.
2) A script (setup.sh) that automatically installs and configures your system for GPU pass-through (Only tested on fresh installs of Fedora 28 x64 with Gnome, booted in UEFI mode!)
3) Instructions on how to create a bootable Linux USB stick that automatically runs the gpu-pt-check.sh script when you boot from it without any user interaction required.
This package contains ALT Linux UEFI SB CA certificate corresponding to the private key that is now used to sign ALT Linux UEFI bootloaders to cope with UEFI SecureBoot regime (aka “Restricted Boot”). This can be enrolled by the user so that ALT shim and subsequent bootloaders are accepted by firmware without Microsoft’s certificates.
PS: ALT Linux Rescue includes an EFI System Partition (ESP) with a few tools, and a boot option to go into UEFI or Linux.
efi-roller is a simple script to help sign EFI images. It creates the needed keys and helps you keep track of what to sign.
I want full control at what boots the computer to avoid the so called evil maid attack. That requires setting SecureBoot with only my own keys. SecureBoot protects the computer from tampering with the installed OS and boot files, while it’s left powered off outside our view. It’s not a substitute for disk encryption though, it’s an addition to it.[…]
Linux subsystem for managing device events
Create a script that triggers your computer to do a specific action when a specific device is plugged in.
13 Nov 2018
Seth Kenlon (Red Hat)
Udev is the Linux subsystem that supplies your computer with device events. In plain English, that means it’s the code that detects when you have things plugged into your computer, like a network card, external hard drives (including USB thumb drives), mouses, keyboards, joysticks and gamepads, DVD-ROM drives, and so on. That makes it a potentially useful utility, and it’s well-enough exposed that a standard user can manually script it to do things like performing certain tasks when a certain hard drive is plugged in. This article teaches you how to create a udev script triggered by some udev event, such as plugging in a specific thumb drive. Once you understand the process for working with udev, you can use it to do all manner of things, like loading a specific driver when a gamepad is attached, or performing an automatic backup when you attach your backup drive.[…]
UEFI-Boot is a simple project that focused on loading Linux kernel directly from UEFI firmware without need in any bootloader.
Videos of the Linux Security Summit EU 2018 are now online: