Sudo Flaw Lets Linux Users Run Commands As Root Even When They’re Restricted

What’s more interesting is that this flaw can be exploited by an attacker to run commands as root just by specifying the user ID “-1” or “4294967295.”

That’s because the function which converts user id into its username incorrectly treats -1, or its unsigned equivalent 4294967295, as 0, which is always the user ID of root user..

Source: Sudo Flaw Lets Linux Users Run Commands As Root Even When They’re Restricted

How to Free up Unused Memory in Ubuntu/Linux Mint

In this tutorial, we will see how to use the terminal to clean up unused memory that was not released properly after being used by your system. No need to use any third-party software, just a few commands will do the job pretty easily.

Source: How to Free up Unused Memory in Ubuntu/Linux Mint

Have a little problem with a server freezing which might be memory related.  This simple tutorial was very helpful.

You can free up unused memory under Ubuntu/Linux Mint using this command:

sudo sysctl -w vm.drop_caches=3

What’s the best way to check if a volume is mounted in a Bash script?

What’s the best way to check if a volume is mounted in a Bash script? What I’d really like is a method that I can use like this: if <something is mounted at /mnt/foo> then <Do some

Source: What’s the best way to check if a volume is mounted in a Bash script?

Avoid using /etc/mtab because it may be inconsistent.

Avoid piping mount because it needn’t be that complicated.

Simply:

if grep -qs '/mnt/foo' /proc/mounts; then
    echo "It's mounted."
else
    echo "It's not mounted."
fi

secmodel_securelevel

The securelevel mechanism is intended to allow protecting the persistence of code and data on the system, or a subset thereof, from modification, even by the super-user by providing convenient means of “locking down” a system to a degree suited to its environment.

Source: NetBSD 6.1.5 – man page for secmodel_securelevel (netbsd section 9) – Unix & Linux Commands

Highly secure mode may seem Draconian, but is intended as a last line of defence should the super-user account be compromised. Its effects preclude circumvention of file flags by direct modification of a raw disk device, or erasure of a file system by means of newfs(8). Further, it can limit the potential damage of a compromised “firewall” by prohibiting the modification of packet filter rules. Preventing the system clock from being set backwards aids in post-mortem analysis and helps ensure the integrity of logs. Precision timekeeping is not affected because the clock may still be slowed.

Ikea Patched for Shellshock by Methodically Upgrading All Servers

Glantz explained that the first step in the assembly of his IT infrastructure is to have a well-defined Standard Operating Environment (SOE). The SOE includes a definition of the hardware platforms used as well as the Linux and application software that is installed. There is also an installation and configuration management layer that helps enforce the SOE across the distributed Ikea IT footprint. Additionally, Glantz has defined a lifecycle-management plan that describes the lifecycle of how Linux will be used at Ikea for the next seven years.”

It’s not enough just to have documents, you have to have systems driving how technology works,” Glantz said.

Source: Ikea Patched for Shellshock by Methodically Upgrading All Servers

Cool, but obscure unix tools

Just a list of 20 (now 28) tools for the command line. Some are little-known, some are just too useful to miss, some are pure obscure — I hope you find something useful that you weren’t aware of yet! Use your operating system’s package manager to install most of them. (Thanks for the tips, everybody!)

via Cool, but obscure unix tools :: Software architect Kristof Kovacs.

Graphics from the command line

This article shows how to perform image manipulation using command-line tools. I do this job quite often, since I’ve picked up a some digital cameras and now manage a library of several thousand happy snaps. For Web developers and administrators who frequently have to batch-process large numbers of images, command line tools are an especially attractive option, because the developer can incorporate them into scripts. But even if you only want to perform a manipulation once or twice, a command-line alternative can save time.

The command line tools discussed in this article are part of the excellent ImageMagick suite, which ships with Red Hat Linux and is freely available online (see Resources). ImageMagick can also be accessed via C, C++, Perl, Python, Java, and several other languages, which Linux programmers will appreciate.

via Graphics from the command line.

Why aren’t we using SSH for everything?

A few weeks ago, I wrote ssh-chat.

The idea is simple: You open your terminal and type,

$ ssh chat.shazow.net

Unlike many others, you might stop yourself before typing “ls” and notice — that’s no shell, it’s a chat room!

via Why aren’t we using SSH for everything? — Medium.

I was just thinking about how useful and simple ssh is for doing end to end encryption for various services before being notified of this post.  On a linux box you can ssh -X remotehost and bring up any X-windowed app from a terminal command.  Very simple.  Very useful. Very secure.  For copying files there’s the scp command.  And one final shout out to the sshfs command for mounting remote filesystems.