Checking for Linux/CDorked.A

We’ve been reading a lot about a Linux exploit targeting webservers and since we manage quite a lot of webservers, we’re keeping a close eye on it. We recently already deployed a check for rogue Apache modules (since we mainly use Apache), but now we’ve also created a check from the code provided by ESET on their security blog describing the Linux/CDorked.A exploit. All it does is check shared memory for a segment of a specific size, but it’s still better than nothing.

As usual, the Icinga check can be found in our GitHub repository and if you’re on Debian, you can find the nagios-plugins-kumina package in our repository. This check needs to be run on the local machine, so you need to setup nrpe or ssh access from Icinga for that.

Let us know if this helps you or if we should improve on it! All kudos to ESET, since they provided the actual script (and research!) for this check.

Checking for rogue Apache modules

We’ve read a lot recently about attacks in which an attacker loads a modified module into Apache to insert iframes in outgoing data. Pretty scary, especially since nobody really seems to know how the hacks are performed. Recently, Sucuri wrote a blog article about how to check for rogue Apache modules on Debian. We’ve decided to implement this into an Icinga/Nagios check.

You can find the source for the plugin here. We also publish all our plugins via the ‘nagios-plugins-kumina’ package, provided by our apt repository.

Hope this helps!

Update: I packaged and pushed the wrong version of the script… Silly me. Fixed now!

LOADays

We’re an official Gold Sponsor of LOADays! We’ll also have presence there, so if you’re attending, do stop by and say hi!

Twitter Weekly Updates for 2012-10-14

• Going home after a long day at the office. Pretty exhausted. Wondering what is making Mondays so work-intensive :-\ #

Powered by Twitter Tools

Twitter Weekly Updates for 2012-10-07

• @davecoveney No pints yet? ;-) in reply to davecoveney #
• @davecoveney Not announcing the new site yet? Was kinda expecting something to retweet ;-) #
• @davecoveney Ah, they didn't lower the TTL then? Shame on the reverse proxy :( in reply to davecoveney #
• @davecoveney Have one on me ;-) in reply to davecoveney #
• @zachinglis http://t.co/aun6cEYM in reply to zachinglis #

Powered by Twitter Tools

Python: Inheritance is not templating

This is something I forgot today, which bugged me a lot. Honestly, I don’t program a lot, but it’s a bit bothersome that I didn’t have this piece of knowledge on the top of my mind. The gist is simple, inheritance doesn’t work like templating. There’s a difference between local variables and class variables.

What I tried the first time:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

class Base:
    x = []
 
class A(Base):
    pass
 
class B(Base):
    pass
 
a_inst = A()
b_inst = B()
 
b_inst.x.append("foo")
a_inst.x.append("bar")
 
print a_inst.x
print b_inst.x

This resulted in the output:

['foo','bar']
['foo','bar']

That’s not what I expected. After asking around a little on #python, I was pointed to my mistake. The code should’ve been:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

class Base:
    def __init__(self):
        self.x = []
 
class A(Base):
    def __init__(self):
        Base.__init__(self)
 
class B(Base):
    def __init__(self):
        Base.__init__(self)
 
a_inst = A()
b_inst = B()
 
b_inst.x.append("foo")
a_inst.x.append("bar")
 
print a_inst.x
print b_inst.x

And this give me the expected output:

['bar']
['foo']

Hope this helps someone!

Twitter Weekly Updates for 2012-09-30

• I hope I have lungs left by the end of the day… #cough #cough #

Powered by Twitter Tools

Twitter Weekly Updates for 2012-09-23

• @marinakroeze vertel vertel! :-) in reply to marinakroeze #
• @marinakroeze Hoe ver ben je met de boeken? #lotr #
• Great College Tour episode with Desmond Tutu. Inspiring. #collegetour #

Powered by Twitter Tools

Twitter Weekly Updates for 2012-09-16

• @GuildWars2 I can't seem to create an account for my just-purchased GW2 serial… Keep being returned to the screen to enter info, no error. #
• @GuildWars2 I got a serial but can't create an account :-( It seems stuck in step 2,no error whatsoever :-( Any idea? #
• @SirRoguepope at least I'm not the only one! I thought I was doing something weird or something… Hope they fix it soon! in reply to SirRoguepope #
• @SirRoguepope I had success registering by using a different email address than I used for ordering. Maybe that works for you too! #GW2 in reply to SirRoguepope #

Powered by Twitter Tools

Twitter Weekly Updates for 2012-09-09

• Die Petra hadden ze van mij achterwege mogen laten. Zonde van de zendtijd, ze staat alleen wat moeilijk te doen zonder inhoud. #WatkiestNL #
• Awesome! RT @davecoveney: Our own big launch of the week – The Auditor is now openly available! http://t.co/uYOCQtKk Buy it now, and trac… #

Powered by Twitter Tools

Twitter Weekly Updates for 2012-08-19

• @GrouponNED Jullie hebben gezien dat die tablet die jullie zogenaamd "goedkoop" aanbieden op het internet te verkrijgen is voor $63.15? #
• @GrouponNED zie ook http://t.co/EQ74mlaz #
• I'll remember today forever as The Day She Found Out About Thinkgeek. Especially the 4moms origami… #

Powered by Twitter Tools

Twitter Weekly Updates for 2012-08-05

• I so dislike Linux acls :-( Never works the way I expect them to, it's always trial-and-error. So annoying :-\ #

Powered by Twitter Tools

Twitter Weekly Updates for 2012-07-29

• Abraham Lincoln, vampirehunter? It's a comedy or parody, right?! #

Powered by Twitter Tools

Twitter Weekly Updates for 2012-07-22

• I truly live in the middle of nowhere. Just saw a badger while walking the dog. It growled at us. We backed away. Awesome! #

Powered by Twitter Tools

Twitter Weekly Updates for 2012-07-08

• @davecoveney In our defence, a lot of people were hit by that bug, check out #leapocalypse here on twitter. in reply to davecoveney #
• @37signals Chrome is keeping complaining about 'Body can't be empty' when I try to add a comment. Is this a known bug? #
• @37signals In Basecamp, I must add. #
• Higgs boson has been confirmed. Awesome! #
• @ariejan True, but if it talks like a duck, walks like a duck and quacks like a duck… in reply to ariejan #
• Two weeks of free time, starting… Now! :-) #

Powered by Twitter Tools

Twitter Weekly Updates for 2012-07-01

• And then the strap of my almost three years old Samsonite bag broke off :-( Need to check if the warranty is still valid! #

Powered by Twitter Tools

Twitter Weekly Updates for 2012-06-17

• Proud of my team. They're really there when the pressure is on and the going gets tough. Even when it costs them some sleep. #

Powered by Twitter Tools

Twitter Weekly Updates for 2012-06-10

• @marinakroeze Gefeliciteerd met je 7.4! in reply to marinakroeze #
• @marinakroeze Wii-en morgenavond? :-) in reply to marinakroeze #
• @Dankjewelske je twitter gehacked? in reply to Dankjewelske #

Powered by Twitter Tools

Twitter Weekly Updates for 2012-06-03

• Why didn't I know Rival Sons??? #pinkpop2012 #
• Gisteravond gewoon 2,5 uur een fantastische performance gehad van Bruce Springsteen! Wat een artiest! #pinkpop2012 #
• Unexpectedly going home early! :-) #
• @Imm4g1c4l Honestly, I never got that far ;-) in reply to Imm4g1c4l #

Powered by Twitter Tools

Twitter Weekly Updates for 2012-05-27

• One co-worker about the other: "He's like a walking, talking BGP table." (He recognized an IP range owner at the second octet.) #
• Awesome, Zendesk spam-me-not page asks me to submit data and then timeouts. Doesn't get my vote of confidence… #

Powered by Twitter Tools