Nach Angaben Microsofts öffnet die TCP/IP Security Vulnerability (CVE-2020-16898) einen Weg über den Angreifer Code tief in das System einschleusen und zur Ausführung bringen können. Die Schwachstelle ist dabei auch nicht so komplex zu „exploiten“ dass dies nur mit hohem Aufwand und großem Können möglich wäre es sei daher „sehr wahrscheinlich“ dass es bald zu Angriffen über diese Lücke kommt
Archive for the ‘Security Solution’ Category
Microsoft – hat eine gefährliche TCP/IP Security Vulnerability (CVE-2020-16898) gefixt d.h. nicht zögern sondern patchen
Mittwoch, Oktober 14th, 2020PrivacyBadger – Link Tracking filtern
Mittwoch, Oktober 14th, 2020U.S. Government Accountability Office (GAO) – warnt vor Hackerangriffen auf Flugzeuge
Dienstag, Oktober 13th, 2020
Samba & Snapper – is a command-line program for filesystem snapshot management it can create delete and compare snapshots and undo changes done between snapshots
Dienstag, Oktober 13th, 2020root@rpi-iot-jsho-samba-01:/etc# snapper -c root create-config /samba/Filespace
Creating config failed (subvolume already covered).
root@rpi-iot-jsho-samba-01:/# snapper list-configs
Config | Subvolume
——-+—————–
root | /samba/Filespace
root@rpi-iot-jsho-samba-01:/# btrfs subvolume list /samba/Filespace
ID 256 gen 8013 top level 5 path Filespace
ID 5618 gen 8016 top level 256 path .snapshots
ID 5619 gen 8013 top level 5618 path .snapshots/1/snapshot
root@rpi-iot-jsho-samba-01:/# snapper list
# | Type | Pre # | Date | User | Cleanup | Description | Userdata
—+——–+——-+——————————-+——+———-+————-+———
0 | single | | | root | | current |
1 | single | | Tue 13 Oct 2020 12:00:04 CEST | root | timeline | timeline |
root@rpi-iot-jsho-samba-01:/#
root@rpi-iot-jsho-samba-01:/# snapper -c root create
root@rpi-iot-jsho-samba-01:/# snapper list
# | Type | Pre # | Date | User | Cleanup | Description | Userdata
—+——–+——-+——————————-+——+———-+————-+———
0 | single | | | root | | current |
1 | single | | Tue 13 Oct 2020 12:00:04 CEST | root | timeline | timeline |
2 | single | | Tue 13 Oct 2020 12:12:47 CEST | root | | |
3 | single | | Tue 13 Oct 2020 12:14:17 CEST | root | | |
root@rpi-iot-jsho-samba-01:/# btrfs subvolume list /samba/Filespace
ID 256 gen 8020 top level 5 path Filespace
ID 5618 gen 8021 top level 256 path .snapshots
ID 5619 gen 8013 top level 5618 path .snapshots/1/snapshot
ID 5620 gen 8017 top level 5618 path .snapshots/2/snapshot
ID 5621 gen 8020 top level 5618 path .snapshots/3/snapshot
root@rpi-iot-jsho-samba-01:~# snapper list
# | Type | Pre # | Date | User | Cleanup | Description | Userdata
—+——–+——-+——————————-+——+———+————-+———
0 | single | | | root | | current |
1 | single | | Tue 13 Oct 2020 13:55:14 CEST | root | | |
2 | single | | Tue 13 Oct 2020 13:55:29 CEST | root | | |
root@rpi-iot-jsho-samba-01:~# snapper -c root delete 1-2
root@rpi-iot-jsho-samba-01:~# snapper list
# | Type | Pre # | Date | User | Cleanup | Description | Userdata
—+——–+——-+——+——+———+————-+———
0 | single | | | root | | current |
Set snapshot limits – the default settings will keep 10 hourly, 10 daily, 10 monthly and 10 yearly snapshots
root@rpi-iot-jsho-samba-01:/# vi /etc/snapper/configs/root
# subvolume to snapshot
SUBVOLUME=“/samba/Filespace“
# filesystem type
FSTYPE=“btrfs“
# btrfs qgroup for space aware cleanup algorithms
QGROUP=““
# fraction of the filesystems space the snapshots may use
SPACE_LIMIT=“0.5″
# fraction of the filesystems space that should be free
FREE_LIMIT=“0.2″
# users and groups allowed to work with config
ALLOW_USERS=““
ALLOW_GROUPS=““
# sync users and groups from ALLOW_USERS and ALLOW_GROUPS to .snapshots
# directory
SYNC_ACL=“no“
# start comparing pre- and post-snapshot in background after creating
# post-snapshot
BACKGROUND_COMPARISON=“yes“
# run daily number cleanup
NUMBER_CLEANUP=“yes“
# limit for number cleanup
NUMBER_MIN_AGE=“1800″
NUMBER_LIMIT=“50″
NUMBER_LIMIT_IMPORTANT=“10″
# create hourly snapshots
TIMELINE_CREATE=“yes“
# cleanup hourly snapshots after some time
TIMELINE_CLEANUP=“yes“
# limits for timeline cleanup
TIMELINE_MIN_AGE=“1800″
TIMELINE_LIMIT_HOURLY=“10″
TIMELINE_LIMIT_DAILY=“10″
TIMELINE_LIMIT_WEEKLY=“0″
TIMELINE_LIMIT_MONTHLY=“10″
TIMELINE_LIMIT_YEARLY=“10″
# cleanup empty pre-post-pairs
EMPTY_PRE_POST_CLEANUP=“yes“
# limits for empty pre-post-pair cleanup
EMPTY_PRE_POST_MIN_AGE=“1800″
root@rpi-iot-jsho-samba-01:/# snapper list
# | Type | Pre # | Date | User | Cleanup | Description | Userdata
—+——–+——-+——————————-+——+———-+————-+———
0 | single | | | root | | current |
1 | single | | Tue 13 Oct 2020 14:00:04 CEST | root | timeline | timeline |
2 | single | | Tue 13 Oct 2020 14:21:52 CEST | root | | |
3 | single | | Tue 13 Oct 2020 14:22:39 CEST | root | | |
4 | single | | Tue 13 Oct 2020 14:26:56 CEST | root | | |
5 | single | | Tue 13 Oct 2020 15:00:04 CEST | root | timeline | timeline |
6 | single | | Tue 13 Oct 2020 16:00:04 CEST | root | timeline | timeline |
root@rpi-iot-jsho-samba-01:~# snapper -c root create –description test
root@rpi-iot-jsho-samba-01:~# snapper list
# | Type | Pre # | Date | User | Cleanup | Description | Userdata
—+——–+——-+——————————-+——+———-+————-+———
0 | single | | | root | | current |
1 | single | | Tue 13 Oct 2020 14:00:04 CEST | root | timeline | timeline |
2 | single | | Tue 13 Oct 2020 14:21:52 CEST | root | | |
3 | single | | Tue 13 Oct 2020 14:22:39 CEST | root | | |
4 | single | | Tue 13 Oct 2020 14:26:56 CEST | root | | |
5 | single | | Tue 13 Oct 2020 15:00:04 CEST | root | timeline | timeline |
6 | single | | Tue 13 Oct 2020 16:00:04 CEST | root | timeline | timeline |
7 | single | | Tue 13 Oct 2020 16:14:49 CEST | root | number | boot |
8 | single | | Tue 13 Oct 2020 16:16:29 CEST | root | | test |
# vi /etc/samba/smb.conf
[Samba-BTRFS-Test]
vfs objects = snapper
path = /samba/Filespace
# systemctl restart smbd.service
# systemctl restart nmbd.service
SoSafe GmbH – verschafft Unternehmen über Phishing Simulationen Transparenz zum Stand der IT Sicherheit ihrer Mitarbeiter und macht diese durch interaktive eLearnings fit im Umgang mit verschiedensten Arten von Cyber Angriffen
Montag, Oktober 12th, 2020SoSafe GmbH – erkennen Sie alle Phishing Mails
Montag, Oktober 12th, 2020Samba & Snapper – btrfs/zfs und shadow copies
Montag, Oktober 12th, 2020Cyberfibel – das Nachschlagewerk für digitale Aufklärung
Sonntag, Oktober 11th, 2020
Wer aktuell eine eMail im Namen der Deutschen Post erhält die mit einer Geldstrafe droht – sollte sie am besten sofort löschen denn im Anhang der Nachricht steckt ein Trojaner
Samstag, Oktober 10th, 2020Samba – btrfs und shadow copies
Freitag, Oktober 9th, 2020
Samba – btrfs und shadow copies
# fdisk -l
# apt-get install btrfs-tools
# mkfs.btrfs -f /dev/sda
# mkdir -p /samba/Filespace
# mount /dev/sda /mnt/
# btrfs subvolume create /mnt/Filespace
# btrfs subvolume create /mnt/Filespace/.snapshots
# umount /mnt
# blkid /dev/sda
# vi /etc/fstab:
UUID=1c2551dc-8cee-41c4-999c-20d57becbcb7 /samba/Filespace btrfs subvol=Filespace 0 0
UUID=1c2551dc-8cee-41c4-999c-20d57becbcb7 /samba/Filespace/.snapshots btrfs subvol=Filespace/.snapshots 0 0
# mount -a
# apt-get install samba
vi /etc/samba/smb.conf
[Samba-BTRFS-Test]
comment = Samba BTRFS test folder
path = /samba/Filespace
vfs objects = shadow_copy2
shadow:format = @GMT_%Y.%m.%d-%H.%M.%S
shadow:sort = desc
shadow:snapdir=.snapshots
shadow:localtime = yes
writable = yes
browseable = yes
guest ok = yes
# chmod 777 /samba/Filespace
# /etc/init.d/smbd restart
# btrfs subvolume snapshot -r /samba/Filespace/ /samba/Filespace/.snapshots/@GMT_`date +%Y.%m.%d-%H.%M.%S`
# btrfs subvolume list /samba/Filespace/
ID 256 gen 37 top level 5 path Filespace
ID 258 gen 40 top level 256 path .snapshots
ID 261 gen 23 top level 258 path .snapshots/@GMT_2020.10.03-17.50.16
ID 262 gen 24 top level 258 path .snapshots/@GMT_2020.10.03-17.56.34
ID 263 gen 26 top level 258 path .snapshots/@GMT_2020.10.03-18.10.01
ID 264 gen 28 top level 258 path .snapshots/@GMT_2020.10.03-19.11.31
ID 265 gen 33 top level 258 path .snapshots/@GMT_2020.10.03-20.21.29
ID 266 gen 37 top level 258 path .snapshots/@GMT_2020.10.04-16.14.33
# btrfs subvolume delete /samba/Filespace/.snapshots/@GMT_2020.10.03-17.50.16
# btrfs property set -ts /samba/Filespace/.snapshots/Backup-01 ro false
# btrfs subvolume snapshot -r /samba/Filespace/ /samba/Filespace/.snapshots/Backup-01
# btrfs subvolume snapshot -r /samba/Filespace/ /samba/Filespace/.snapshots/Backup-02
# mkdir /samba/Filespace/.snapshots/Backup-99
# btrfs send /samba/Filespace/.snapshots/Backup-01 | btrfs receive /samba/Filespace/.snapshots/Backup-99
# mkdir /samba/Filespace/.snapshots/Backup-99
# btrfs send -p /samba/Filespace/.snapshots/Backup-01 /samba/Filespace/.snapshots/Backup-02 | btrfs receive /samba/Filespace/.snapshots/Backup-99p
# vi /samba/btrfs-snapshot.sh
#!/usr/bin/env bash
set -x
btrfs subvolume snapshot -r /samba/Filespace/ /samba/Filespace/.snapshots/@GMT_`date +%Y.%m.%d-%H.%M.%S`
find /samba/Filespace/.snapshots -maxdepth 1 -type d -name ‚@GMT_*‘ -ctime +1 -exec btrfs subvolume delete {} \;
# chmod +x /samba/btrfs-snapshot.sh
# crontab -l
* * * * * /samba/btrfs-snapshot.sh
Landesamt für Sicherheit in der Informationstechnik (LSI) Nürnberg – ist die IT Sicherheitsbehörde des Freistaats Bayern
Freitag, Oktober 9th, 2020Landesamt für Sicherheit in der Informationstechnik (LSI) Nürnberg – ist die IT-Sicherheitsbehörde des Freistaats Bayern
Bundesamt für Sicherheit in der Informationstechnik (BSI) – mehr als 40.000 deutsche Unternehmen spielen Russisch Roulette bzgl. der Microsoft Exchange Server Schwachstellen (CVE-2020-0688)
Mittwoch, Oktober 7th, 2020
Pulse Secure – Cyber Bedrohungen sind Entscheidungsträgern zu neu und zu komplex
Mittwoch, Oktober 7th, 2020Google Chrome Version 86.0.4240.75 – steht zum Download bereit
Mittwoch, Oktober 7th, 2020
Microsoft Windows 10 – keep your Volume Shadow Copy (VSS) safe
Mittwoch, Oktober 7th, 2020 Microsoft Windows 10 – isn’t at all uncommon to see ransomware deleting all Windows shadow copies using vssadmin and now you can use ‚Raccine‘ to terminate all processes that try to delete Shadow volumes using exactly Microsoft‘s vssadmin.exe program
