Show posts tagged:
security

Turn off your devices

Saint Patrick’s Day makes us think of the color green. Spring is coming. Plants are starting to sprout amongst the dead grass and leaves from Fall/Winter: Earth Day is just around the corner on April 22nd. This reminds us of our commitment to the environment and ecosystems that surround us. As we at Northern.tech state in our corporate social responsibilities: We have set an ambitious company-objective to “Become a net-zero carbon business by the end of 2022”.

Posted by Craig Comstock
March 17, 2022

Secure your hosts with CFEngine Build modules

Last year, we launched functionality for users to add policy for reporting data, compliance reports, promise types, and other code as modules. With CFEngine Build, users can manage and update their own policy, the default policy and any additional modules separately. This makes it very easy to utilize policy or other modules written by the CFEngine team, or other community members. In this post we will take a look at using some modules to improve the security of our infrastructure.

March 16, 2022

CVE-2021-44215 & CVE-2021-44216 - Log file permissions

The CFEngine engineering team has recently discovered two security issues in the CFEngine Enterprise product, specifically in the hub package: CVE-2021-44215 - PostgreSQL log file world readable. CVE-2021-44216 - Apache and Mission Portal Application log files world readable. CVE-2021-44215 is a regression affecting currently supported versions 3.18.0 and 3.15.4 as well as some unsupported versions. CVE-2021-44216 affects all supported versions prior to 3.18.1 and 3.15.5 as well as some unsupported versions.

Posted by Nick Anderson
March 3, 2022

Show notes: The agent is in - Episode 9 - Introduction to cf-secret

How can I work with secrets using CFEngine? Craig (Digger) demoed cf-secret and how he uses it for protecting secrets used to mount LUKS encrypted drives. Video The video recording is available on YouTube: At the end of every webinar, we stop the recording for a nice and relaxed, off-the-record chat with attendees. Join the next webinar to not miss this discussion. Links cf-secret LUKS Connect on LinkedIn w/ Cody, Craig, or Nick All Episodes

Posted by Nick Anderson
January 27, 2022

Show notes: The agent is in - Episode 8 - Security hardening holiday calendar

Looking for ways to improve the security of your infrastructure? Craig (Digger) and Nick (Doer of Things) walk us through some of the policies shared during the 2021 CFEngine security holiday hardening calendar. Video The video recording is available on YouTube: At the end of every webinar, we stop the recording for a nice and relaxed, off-the-record chat with attendees. Join the next webinar to not miss this discussion. Links CFEngine security hardening holiday calendar week 1 CFEngine security hardening holiday calendar week 2 CFEngine security hardening holiday calendar week 3 CFEngine security hardening holiday calendar week 4 Connect on LinkedIn w/ Cody, Craig, or Nick All Episodes

Posted by Nick Anderson
December 30, 2021

Security hardening holiday calendar - Week 4

This is the final summary of our 2021 security hardening holiday calendar. We wanted to provide educational, useful, and actionable security advice, and we’re really pleased with the reception! Thank you for reading and following along. Week 1-3 summary (1-21/25) We posted summaries for the 3 first weeks of the calendar: Week 1 Week 2 Week 3 Enforce specific list of allowed sudoers (22/25) As discussed previously, the root user and sudo tool provide a lot of access to the system, both in terms of making changes, and reading sensitive data.

December 25, 2021

Hunting and tracking remediation of Log4Shell (CVE-2021-44228)

The internet has been ablaze since the announcement of Log4Shell, the nickname for CVE-2021-44228, an arbitrary remote code execution vulnerability in the Java logging utility Log4j. So far two additional vulnerabilities (CVE 2021-45046, CVE-2021-45105) have been identified. If you are interested in how the vulnerability works, this graphic from SecurityZines explains it well: The code has been vulnerable since 2013 and millions of hosts and services are affected. The US Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive on December 17th, 2021 ordering all civilian federal agencies to take a series of measures to identify, patch, or mitigate vulnerable systems.

Posted by Nick Anderson
December 22, 2021

Security hardening holiday calendar - Week 3

This december, we are posting security advice and modules, every day until December 25th. Now, it’s December 21st, and we’ve gotten through most of the security hardening holiday calendar: Week 1 & 2 summary (1-14/25) We posted summaries for the 2 first weeks of the calendar: Week 1 Week 2 Disable prelinking (15/25) A technique called prelinking can be used to optimize programs, making them start up faster. As this feature will change the binary file, it interferes with security functionality such as checksumming and signatures.

December 21, 2021

What happened to sudo and who is Baron Samedit?

In January of 2021 Qualys security researchers discovered a heap overflow vulnerability in sudo, an extremely common tool installed in most Unix and Linux operating systems. Sudo allows users to execute programs with the privileges of another user but the vulnerability allows any unprivileged user to gain root on a vulnerable host. This specific vulnerability was nicknamed “Baron Samedit”. The Buffer overflow in command line escaping blog post on sudo.ws notes that the vulnerability can be tested by executing sudoedit -s /.

Posted by Nick Anderson
December 16, 2021

Security hardening holiday calendar - Week 2

This december, we are posting security advice and modules, every day until December 25th. Now, it’s December 14th, and we’ve gotten to the fourteenth day of the security hardening holiday calendar: Week 1 summary (1-7/25) If you didn’t see it yet, we posted a summary last week. Click here to read the security tips for day 1-7. Non-root users with uid 0 (8/25) On most UNIX-like systems, there is a user called root, with an ID number 0 (uid).

December 14, 2021