Root Shells on Linux Servers Using  polkitd Vulnerability

A new vulnerability that affects many Linux systems has been revealed: Pwnkit. This attack uses a vulnerability in polkitd to allow any user to escalate his privileges to root.  There are patches for major Linux systems: see the LowEndTalk thread.

It’s important to note that the vulnerability can only be used by users logged into the system.  You can’t launch this attack on just any Linux box you ping on the network.

Patch your systems ASAP!

Failed to start MariaDB 10.3 database server [SOLVED]

Hello,
Today i will Share a Horror Story about Mariadb(MySQL) ,

We are Checking Our Server Load in that time we face a Huge Load Issue in our Server that was 12 Core CPU so it almost consumes 80% of the CPU we look into deep but in this case, the Server get Restart. When I Back it Online All Of the services are Working good But MYSQL Not Working Most Of the Sites are Facing MYSQL Issue, Database not Establish, I think to look at MYSQL or MariaDB I get

[root@us ~]# systemctl restart mariadb
Job for mariadb.service failed because the control process exited with error code. See “systemctl status mariadb.service” and “journalctl -xe” for details.

This means We have Some issue in MariaDB Service so look into it
No Solution !! No Solution
I think my Database Cruppretted 🙁 & yes I am finding a Solution for it No Solution.
last I figure out it if I make rename to ib_logfile0 & ib_logfile1
what will be ?
I did to Rename

mv /var/lib/mysql/ib_logfile0 /var/lib/mysql/ib_logfile0.bak 

mv /var/lib/mysql/ib_logfile1 /var/lib/mysql/ib_logfile1.bak

systemctl start mysql

WOW 😮 My MariaDB Service Active & Working 🙂

 

Nothing is Impossible If you try  🙂 have a Nice Day

 

How to Install the PHP Suhosin Extension

What is Suhosin?

Suhosin (pronounced ‘su-ho-shin’) is an advanced protection system for PHP 5 installations. It is designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against buffer overflows or format string vulnerabilities and the second part is a powerful PHP extension that implements numerous other protections.

Why Suhosin?

The most important question for new users of Suhosin is, why they should use Suhosin at all, if it is really necessary and what they gain by using the patch, the extension or a combination of both.

The answer to this question depends on what your usage of PHP is. If you are using PHP only for your own server and only for your own scripts and applications, then you can judge for yourself, if you trust your code enough. In that case you most probably don’t need the Suhosin extension. Because most of it’s features are meant to protect servers against vulnerable programming techniques. However PHP is a very complex programming language with a lot of pitfalls that are often overseen during the development of applications. Even PHP core programmers are writing insecure code from time to time, because they did not know about a PHP pitfall. Therefore it is always a good idea to have Suhosin as your safety net. The Suhosin-Patch on the other hand comes with Zend Engine Protection features that protect your server from possible buffer overflows and related vulnerabilities in the Zend Engine. History has shown that several of these bugs have always existed in previous PHP versions.

If you are not only running your own PHP scripts but are also hosting 3rd party PHP applications for yourself or even for possible customers, then you cannot trust the code quality of the PHP applications you use. Unfortunately, it is a fact that the pitfalls of the PHP language are not widely known among programmers. Many of these pitfalls are also not documented in the PHP-Security books that have been released during the last year. This is mainly caused by the fact, that the books were written in a hurry to be the first in market and because most of these books were not written by security professionals but by PHP programmers. The worst of these books is the one by Oreilly which contains examples that might fix the problem described but introduces more dangerous vulnerabilities into your application.

Another common error in these books is that they spread the urban legend that the most dangerous problem within PHP “remote code inclusion vulnerabilities” can be fixed by disabling allow_url_fopen in the configuration (or allow_url_include in PHP 5.2.x). This information is simply wrong, because these configuration directives do NOT protect against attacks through php://input or data:// URLs. Our Suhosin and the former Hardening-Patch are the only available protections that close all URL include attacks.

Summed up, it is your free choice to use Suhosin. If you want additional protection for your servers and your business, we can only recommend strongly that you use the extension and the patch. Always keep in mind that you are not only protecting yourself and your users, but also other people on the internet, that might get attacked by your server after it has been turned into a (Spam-/DDOS-)attack drone.

Installing Suhosin on PHP 7.0 or 7.1

To install on PHP 7.X, SSH into your server as root and install the packages required to build the Suhosin extension.

sudo apt-get -y install gcc make autoconf libc-dev pkg-config

Next, run the following commands on your server:

git clone https://github.com/sektioneins/suhosin7
cd suhosin7
/opt/sp/php7.X/bin/phpize
PATH=/opt/sp/php7.X/bin:$PATH ./configure
make
sudo make install
sudo bash -c "echo extension=suhosin.so > /etc/php7.X-sp/conf.d/suhosin.ini"
sudo service php7.X-fpm-sp restart

Installing Suhosin on PHP 5.4, 5.5, or 5.6

To install on PHP 7.X, SSH into your server as root and install the packages required to build the Suhosin extension.

sudo apt-get -y install gcc make autoconf libc-dev pkg-config

Next Download Suhosin
wget https://download.suhosin.org/suhosin-0.9.38.tar.gz
tar xzf suhosin-0.9.38.tar.gz
cd suhosin-0.9.38

Now, compile, install, and restart PHP. To install for multiple PHP versions, repeat the steps below for each PHP version.

/opt/sp/php5.X/bin/phpize
PATH=/opt/sp/php5.X/bin:$PATH ./configure
make
sudo make install
sudo bash -c "echo extension=suhosin.so > /etc/php5.X-sp/conf.d/suhosin.ini"
sudo service php5.X-fpm-sp restart

Verifying the Installation

You can verify Suhosin is installed correctly by running the command:

phpX.Y-sp -i | grep suhosin

You should see the following output:

/etc/phpX.Y-sp/conf.d/suhosin.ini,
suhosin
suhosin.apc_bug_workaround => Off => Off
suhosin.cookie.checkraddr => 0 => 0
suhosin.cookie.cryptdocroot => On => On
suhosin.cookie.cryptkey => [ protected ] => [ protected ]
suhosin.cookie.cryptlist => no value => no value
suhosin.cookie.cryptraddr => 0 => 0
suhosin.cookie.cryptua => On => On
suhosin.cookie.disallow_nul => 1 => 1
suhosin.cookie.disallow_ws => 1 => 1
suhosin.cookie.encrypt => Off => Off