document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2024-12-26 21:30:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

20141211-3 选题

Browse Source
This commit is contained in:
DeadFire 2014-12-11 17:03:50 +08:00
parent ffafaea7f9
commit 8db52bfc8a
2 changed files with 232 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
sources/news/20141211 Turla espionage operation infects Linux systems with malware.md Normal file
View File

@ -0,0 +1,35 @@
Turla espionage operation infects Linux systems with malware
================================================================================
![](http://images.techhive.com/images/article/2014/12/open-source-linux-100533457-primary.idge.jpg)
> A newly identified Linux backdoor program is tied to the Turla cyberespionage campaign, researchers from Kaspersky Lab said
A newly discovered malware program designed to infect Linux systems is tied to a sophisticated cyberespionage operation of Russian origin dubbed Epic Turla, security researchers found.
The Turla campaign, also known as Snake or Uroburos, [was originally uncovered in February][1], but goes back several years. The massive operation infected computers at government organizations, embassies, military installations, education and research institutions and pharmaceutical companies in over 45 countries.
The newly identified Turla component for Linux was uploaded recently to a multi-engine antivirus scanning service and was described by security researchers from antivirus vendor Kaspersky Lab as "a previously unknown piece of a larger puzzle."
"So far, every single Turla sample we've encountered was designed for the Microsoft Windows family, 32 and 64 bit operating systems," the Kaspersky researchers said Monday in a [blog post][2]. "The newly discovered Turla sample is unusual in the fact that it's the first Turla sample targeting the Linux operating system that we have discovered."
The Turla Linux malware is based on an open-source backdoor program called cd00r developed in 2000. It allows attackers to execute arbitrary commands on a compromised system, but doesn't require elevated privileges or root access to function and listens to commands received via hidden TCP/UDP packets, making it stealthy.
"It can't be discovered via netstat, a commonly used administrative tool," said the Kaspersky researchers, who are still analyzing the malware's functionality.
"We suspect that this component was running for years at a victim site, but do not have concrete data to support that statement just yet," they said.
Since their blog post Monday, the Kaspersky researchers also found a second Turla Linux component that appears to be a separate malware program.
--------------------------------------------------------------------------------
via: http://www.computerworld.com/article/2857129/turla-espionage-operation-infects-linux-systems-with-malware.html
作者:[Lucian Constantin][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://www.computerworld.com/author/Lucian-Constantin/
[1]:http://news.techworld.com/security/3505688/invisible-russian-cyberweapon-stalked-us-and-ukraine-since-2005-new-research-reveals/
[2]:https://securelist.com/blog/research/67962/the-penquin-turla-2/

197
sources/tech/20141211 How to Setup Bind Chroot DNS Server on CentOS 7.0 VPS.md Normal file
View File

@ -0,0 +1,197 @@
How to Setup Bind Chroot DNS Server on CentOS 7.0 VPS
================================================================================
BIND (Berkeley Internet Name Daemon) also known as NAMED is the most widely used DNS server in the internet. This tutorial will descibes how we can run BIND in a chroot jail, the process is simply unable to see any part of the filesystem outside the jail. For example, in this post, i will setting up BIND to run chrooted to the directory /var/named/chroot/. Well, to BIND, the contents of this directory will appear to be /, the root directory. A “jail” is a software mechanism for limiting the ability of a process to access resources outside a very limited area, and its purposely to enhance the security. Bind Chroot DNS server was by default configured to /var/named/chroot. You may follow this complete steps to implement Bind Chroot DNS Server on CentOS 7.0 virtual private server (VPS).
1. Install Bind Chroot DNS server :
[root@centos7 ~]# yum install bind-chroot bind -y
2. Copy all bind related files to prepare bind chrooted environments :
[root@centos7 ~]# cp -R /usr/share/doc/bind-*/sample/var/named/* /var/named/chroot/var/named/
3. Create bind related files into chrooted directory :
[root@centos7 ~]# touch /var/named/chroot/var/named/data/cache_dump.db
[root@centos7 ~]# touch /var/named/chroot/var/named/data/named_stats.txt
[root@centos7 ~]# touch /var/named/chroot/var/named/data/named_mem_stats.txt
[root@centos7 ~]# touch /var/named/chroot/var/named/data/named.run
[root@centos7 ~]# mkdir /var/named/chroot/var/named/dynamic
[root@centos7 ~]# touch /var/named/chroot/var/named/dynamic/managed-keys.bind
4. Bind lock file should be writeable, therefore set the permission to make it writable as below :
[root@centos7 ~]# chmod -R 777 /var/named/chroot/var/named/data
[root@centos7 ~]# chmod -R 777 /var/named/chroot/var/named/dynamic
5. Copy /etc/named.conf chrooted bind config folder :
[root@centos7 ~]# cp -p /etc/named.conf /var/named/chroot/etc/named.conf
6.Configure main bind configuration in /etc/named.conf. Append the example.local zone information to the file :
[root@centos7 ~]# vi /var/named/chroot/etc/named.conf
Create forward and reverse zone into named.conf:
..
..
zone "example.local" {
type master;
file "example.local.zone";
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "192.168.0.zone";
};
..
..
Full named.conf configuration :
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "example.local" {
type master;
file "example.local.zone";
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "192.168.0.zone";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
7. Create Forward and Reverse zone files for domain example.local.
a) Create Forward Zone :
[root@centos7 ~]# vi /var/named/chroot/var/named/example.local.zone
Add the following and save :
;
; Addresses and other host information.
;
$TTL 86400
@ IN SOA example.local. hostmaster.example.local. (
2014101901 ; Serial
43200 ; Refresh
3600 ; Retry
3600000 ; Expire
2592000 ) ; Minimum
; Define the nameservers and the mail servers
IN NS ns1.example.local.
IN NS ns2.example.local.
IN A 192.168.0.70
IN MX 10 mx.example.local.
centos7 IN A 192.168.0.70
mx IN A 192.168.0.50
ns1 IN A 192.168.0.70
ns2 IN A 192.168.0.80
b) Create Reverse Zone :
[root@centos7 ~]# vi /var/named/chroot/var/named/192.168.0.zone
----------
;
; Addresses and other host information.
;
$TTL 86400
@ IN SOA example.local. hostmaster.example.local. (
2014101901 ; Serial
43200 ; Refresh
3600 ; Retry
3600000 ; Expire
2592000 ) ; Minimum
0.168.192.in-addr.arpa. IN NS centos7.example.local.
70.0.168.192.in-addr.arpa. IN PTR mx.example.local.
70.0.168.192.in-addr.arpa. IN PTR ns1.example.local.
80.0.168.192.in-addr.arpa. IN PTR ns2.example.local.
8. Stop and disable named service. Start and enable bind-chroot service at boot :
[root@centos7 ~]# /usr/libexec/setup-named-chroot.sh /var/named/chroot on
[root@centos7 ~]# systemctl stop named
[root@centos7 ~]# systemctl disable named
[root@centos7 ~]# systemctl start named-chroot
[root@centos7 ~]# systemctl enable named-chroot
ln -s '/usr/lib/systemd/system/named-chroot.service' '/etc/systemd/system/multi-user.target.wants/named-chroot.service'
As always if you need any help you can reach us on twitter @ehowstuff or drop us a comment below. [Jumping through archives page to read more articles..][1]
--------------------------------------------------------------------------------
via: http://www.ehowstuff.com/how-to-setup-bind-chroot-dns-server-on-centos-7-0-vps/
作者:[skytech][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://www.ehowstuff.com/author/mhstar/
[1]:http://www.ehowstuff.com/archives/