Re: [CentOS] UDP Constant IP Identification Field Fingerprinting Vulnerability

2016-06-26 Thread James B. Byrne 

On Fri, June 24, 2016 12:24, John R Pierce wrote:
> On 6/24/2016 9:20 AM, James B. Byrne wrote:
>> We received a notice from our pci-dss auditors respecting this:
>>
>> CVE-2002-0510 The UDP implementation in Linux 2.4.x kernels keeps
>> the
>> IP Identification field at 0 for all non-fragmented packets, which
>> could allow remote attackers to determine that a target system is
>> running Linux.
>
>
> 2.4 kernels are kinda old.   kinda really really old.are you still
> running CentOS 4 on PCI audited systems ?!??
>
>

The CVE is from 2002 and the kernel mentioned refers to the original
report.  Linux core team said it was a non-problem and the issue
remains in the kernel found in CentOS-6.8.  Possibly the one in 7.
Perhaps it is still present in the development branch.

However, all I am seeking is knowledge on how to handle this using
iptables.  I am sure that this defect/anomaly has already been solved
wherever it is an issue.  Does anyone have an example on how to do
this?


-- 
***  e-Mail is NOT a SECURE channel  ***
Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrnemailto:byrn...@harte-lyne.ca
Harte & Lyne Limited  http://www.harte-lyne.ca
9 Brockley Drive  vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada  L8E 3C3

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-virt] Cannot allocate Memory

2016-06-26 Thread Pasi Kärkkäinen 
On Wed, Jun 22, 2016 at 05:45:05PM +, Shaun Reitan wrote:
>Any of you guys ever seen an issue with Xen 4.4 were xm cannot create a
>guest because of what looks like an issue allocating memory even though xm
>info shows like 5x the amount of free memory needed? We are still
>unfortunately still using xm... it's on my list, i know..
>We've had this happen on a couple hosts now.  Only way to resolve seams to
>be rebooting the host.  I'm going to update the host to latest Xen 4.4 now
>hoping this is a old bug.
>Here's from xen logs
>[2016-06-22 09:13:50 1958] DEBUG (XendDomainInfo:105)
>XendDomainInfo.create(['vm', ['name', 'xxx'], ['memory', 2048],
>['on_xend_start', 'ignore'], ['on_xend_stop', 'ignore'], ['vcpus', 2],
>['oos', 1], ['image', ['linux', ['kernel', '/kernels/vmlinux-2.6.18.8-4'],
>['videoram', 4], ['args', 'root=/dev/xvda ro xencons=tty console=tty1 '],
>['tsc_mode', 0], ['nomigrate', 0]]], ['s3_integrity', 1], ['device',
>['vbd', ['uname', 'phy:vg/fs_6818'], ['dev', 'xvda'], ['mode', 'w']]],
>['device', ['vbd', ['uname', 'phy:vg/fs_6819'], ['dev', 'xvdb'], ['mode',
>'w']]], ['device', ['vif', ['rate', '40mb/s'], ['mac',
>'FE:FD:48:01:F1:E7')
>[2016-06-22 09:13:50 1958] DEBUG (XendDomainInfo:2504)
>XendDomainInfo.constructDomain
>[2016-06-22 09:13:50 1958] DEBUG (balloon:187) Balloon: 7602632 KiB free;
>need 16384; done.
>

Hmm.. so you're using (dom0) memory ballooning? You might want to disable it.
Things worked better without ballooning (at least with xend).


-- Pasi

>[2016-06-22 09:13:50 1958] ERROR (XendDomainInfo:2566) (12, 'Cannot
>allocate memory')
>Traceback (most recent call last):
>  File "/usr/lib64/python2.6/site-packages/xen/xend/XendDomainInfo.py",
>line 2561, in _constructDomain
>target = self.info.target())
>Error: (12, 'Cannot allocate memory')
>[2016-06-22 09:13:50 1958] ERROR (XendDomainInfo:490) VM start failed
>Traceback (most recent call last):
>  File "/usr/lib64/python2.6/site-packages/xen/xend/XendDomainInfo.py",
>line 475, in start
>XendTask.log_progress(0, 30, self._constructDomain)
>  File "/usr/lib64/python2.6/site-packages/xen/xend/XendTask.py", line
>209, in log_progress
>retval = func(*args, **kwds)
>  File "/usr/lib64/python2.6/site-packages/xen/xend/XendDomainInfo.py",
>line 2572, in _constructDomain
>raise VmError(failmsg)
>VmError: Creating domain failed: name=xxx
>[2016-06-22 09:13:50 1958] ERROR (XendDomainInfo:110) Domain construction
>failed
>Traceback (most recent call last):
>  File "/usr/lib64/python2.6/site-packages/xen/xend/XendDomainInfo.py",
>line 108, in create
>vm.start()
>  File "/usr/lib64/python2.6/site-packages/xen/xend/XendDomainInfo.py",
>line 475, in start
>XendTask.log_progress(0, 30, self._constructDomain)
>  File "/usr/lib64/python2.6/site-packages/xen/xend/XendTask.py", line
>209, in log_progress
>retval = func(*args, **kwds)
>  File "/usr/lib64/python2.6/site-packages/xen/xend/XendDomainInfo.py",
>line 2572, in _constructDomain
>raise VmError(failmsg)
>VmError: Creating domain failed: name=xxx
>--
>Shaun

___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt