Archive | June, 2013

Upgrade CentOS 6.3 to CentOS 6.4

Check the packages that will be updated:

yum list update

Pull the trigger:

yum update

or

yum clean all
yum update glibc* yum* rpm* python*
yum update

Restart the system after update get completed

restart

Check the version:

cat /etc/redhat-release
CentOS release 6.4 (Final)



Backup all important data before upgrading:

  • Backup /etc diretory
  • Backup important logs /var/log
  • Backup web server configs and sites
  • Dump MySQL databases
  • Dump PostgreSQL databases
  • Backup all what you need if something goes wrong
Leave a Comment

CentOS 6.3 Yum Repos Returning Error 404

If you do a ‘yum install whateverpackage‘ or ‘yum update‘ and get something like:

http://centos.aol.com/6.3/updates/x86_64/repodata/c89405afba739f4b38b01e84b44e4b986ad6f93-filelists.sqlite.bz2: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404"
Trying other mirror.
http://mirror.umd.edu/centos/6.3/updates/x86_64/repodata/c89405afba739f4b38b01e84b44e4b986ad6f93-filelists.sqlite.bz2: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404"

Try this and see if it fixed it:

yum clean all
yum update
Leave a Comment

Mini Methodology for Identifying a Compromised System

Identifying a breach can be broken down into three semi-simple points:

  • Intruder uploads code to compromised system
  • Run uploaded code locally
  • Executed code makes outbound connection(s)

To track and find compromised system start by identify any new files that are present on the system.  Then tie any new processes that are running on the box to outbound connections.  If present, make a binary image of the drive for forensics analysis.

Let’s review some basic linux commands that should be used for helping with comparison and coloration.  Starting with Process Status (ps) “ps –aux | more” will display:

  • owner of the process
  • current processes running
  • associated tty
  • execution time
  • name of the command being executed

The ps utility comes in handy when responding to incidents or live monitoring of activity in attempts to identify rouge, hidden, or run-away processes and is considered a detection and not prevention for monitoring.  The ps utility does not generate any default logs however scripting is utility is possible.

netstat -an | more” is used for summarizing the TCP/IP network traffic running on a machine with the  ‘a’ switch displaying ‘all’ the services or ports active, and the ‘n’ telling the system to restrict the display to the numeric format only and not to do  service association.

File attributes can be reviewed with “ls -ld /home /mnt” the ‘l’ switch displays detailed file listing and ‘d’ forces the ls command to display the file attributes for actual directories listed.  Note that dates within the last year display the actual time of modification while older dates imply display month, day, and year.

Containment is critical, start by taking a binary image of the box in question.  This can be done with the dd tool.  A little history lesson – only two other tools have been around in the Unix environment since day one.  They are cpio (copy in copy out) and tar (tape archive).  The dd utility can be run locally, from scripts, or done across the network.  Here is an example of running locally:

dd if=INPUT-FILE-NAME of=OUTPUT-FILE-NAME

Imaging is done at a low level (1’s & 0’s) and the OS does not matter.  You can have a bootable CD/DVD and make your image.  A Live CD/DVD is great tool to use when investigating a computer’s installation, without taking the risk of modifying anything.

Leave a Comment