Fedora already has a number of variations—called "spins"—to support different use cases: alternative desktops (KDE, LXDE, XFCE), gaming, hardware design, education, etc. Starting with Fedora 13, those will be joined by the Fedora Security Lab (FSL), which is meant to be a "safe test-environment for working on security-auditing, forensics and penetration-testing, coupled with all the Fedora-Security features and tools". The target audience is much the same as that of the BackTrack security distribution—security professionals along with those who want to learn about various security techniques.
FSL is based on the LXDE desktop environment because of its small resource footprint, which will leave more memory available for running various security and forensic tools. The LXDE menu has been customized to present a categorized list of tools and applications available to a user. The distribution comes with a fairly extensive list of packages, as well as a wish list of additional packages that would be added to FSL once they are packaged for Fedora.
The release itself will be an ISO image that can be used as a Live CD, which can then be installed on the hard disk. A more likely scenario is creating a bootable system on a USB stick using Fedora's liveusb-creator. That will allow the user to reserve some extra space on the USB stick for persistent storage. That storage can be used for installing additional packages or storing the output or configuration of various utilities so that they are available after each boot.
Fedora's Joerg Simon is leading the FSL effort, which got final approval from the Fedora advisory board in mid-February. FSL provides a number of advantages for Fedora and its users—many of which are listed on the FSL page—but there is one item in particular that Simon seems to be excited about: using it as a platform to teach about security.
Simon has slides [PDF] from a presentation he gave that proposed FSL as the basis for teaching classes based on the Open Source Security Testing Methodology Manual (OSSTMM). Simon is involved in both projects and sees benefits to both from a collaboration. FSL would provide a stable platform that teachers and students could rely upon and Fedora would benefit from the wider exposure those classes would bring.
In addition to the various utilities and tools that are packaged with the spin, FSL also showcases the security features that are part of all Fedora spins. Things like SELinux, default firewall rules, PolicyKit, and various protections like stack smashing protection, buffer overflow protection, and so forth, are all available for students and others to examine and play with.
Having a larger parent organization like Fedora—and to some extent Red Hat—may help FSL achieve a higher-profile than BackTrack or other security distributions have in the past. One can imagine that FSL will be the tool of choice for recovery of broken systems in the Fedora and RHEL worlds, as users will already be familiar with the underlying distribution. Working with other organizations that are targeting security education is another thing that may very well help foster FSL as a tool of choice for security professionals.
While FSL is somewhat late to this particular party, and still has a number of important tools (Metasploit, OpenVAS, SiLK, etc.) on its wish list, it does have the infrastructure and user community of Fedora behind it. There is ample room for collaboration with BackTrack and other security-focused distributions—one hopes that can come about. By sharing information, configuration, tools, and techniques, in much the same way that free software development is done, better security distributions will result. That can only help bring about increased security for all free software.
Brief itemsThis ars technica article describes how Microsoft took down the control structure for the Waledac botnet. "By obtaining the restraining order, this command-and-control system was disrupted; with the domain names offline, the machines in the botnet were no longer able to locate their control servers, rendering them mostly harmless. The court action had to be taken in secret to avoid warning the botnet's operators; with sufficient warning, they might have been able to set up new domain names and new control systems, thereby circumventing Microsoft's efforts. The names have now been offline for three days, presumably sufficient to cause permanent disruption, and the injunction is now public."
|Package(s):||apache httpd||CVE #(s):||CVE-2010-0408|
|Created:||March 3, 2010||Updated:||September 14, 2010|
|Description:||The mod_proxy_ajp module packaged with Apache 2.2.x suffers from an unknown vulnerability when faced with a protocol error.|
|Created:||February 26, 2010||Updated:||March 3, 2010|
|Description:||From the Openwall
multiple security flaws, which might lead to bypass of intended security restrictions and denial of service, have been reported and corrected in latest v2.5.12 version of ModSecurity.
|Created:||February 25, 2010||Updated:||March 3, 2010|
|Description:||From the Pardus alert:
A vulnerability has been fixed in Kernel, which can be exploited by malicious people to crash kernel due to divide by zero in azx_position_ok. Using mp3blaster-3.2.5 (latest version) to play MP3 audio, the reporter was able to crash the kernel by stopping and restarting playback using the "5" key repeatedly. This happens as a normal user, not only as root.
|Created:||March 2, 2010||Updated:||June 4, 2010|
|Description:||From the Red Hat advisory:
A flaw was found in the way the x86 emulator loaded segment selectors (used for memory segmentation and protection) into segment registers. In some guest system configurations, an unprivileged guest user could leverage this flaw to crash the guest or possibly escalate their privileges within the guest.
|Created:||March 2, 2010||Updated:||June 14, 2010|
|Description:||From the Red Hat bugzilla:
puppet may create several predictable files in /tmp, e.g.
|Created:||March 1, 2010||Updated:||September 23, 2011|
|Description:||From the Debian advisory:
Jeff Layton discovered that missing input sanitising in mount.cifs allows denial of service by corrupting /etc/mtab.
|Package(s):||sudo||CVE #(s):||CVE-2010-0426 CVE-2010-0427|
|Created:||February 26, 2010||Updated:||October 27, 2010|
|Description:||From the Red Hat advisory:
A privilege escalation flaw was found in the way sudo handled the sudoedit pseudo-command. If a local user were authorized by the sudoers file to use this pseudo-command, they could possibly leverage this flaw to execute arbitrary code with the privileges of the root user. (CVE-2010-0426)
The sudo utility did not properly initialize supplementary groups when the "runas_default" option (in the sudoers file) was used. If a local user were authorized by the sudoers file to perform their sudo commands under the account specified with "runas_default", they would receive the root user's supplementary groups instead of those of the intended target user, giving them unintended privileges. (CVE-2010-0427)
Page editor: Jake Edge
Next page: Kernel development>>
Copyright © 2010, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds