From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id CA0A913829C for ; Tue, 31 May 2016 18:45:09 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 81B5114244; Tue, 31 May 2016 18:44:40 +0000 (UTC) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id ED6ED14211 for ; Tue, 31 May 2016 18:44:38 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1b7oeW-0006ec-6e for gentoo-user@lists.gentoo.org; Tue, 31 May 2016 20:44:32 +0200 Received: from static-71-122-242-106.tampfl.fios.frontiernet.net ([static-71-122-242-106.tampfl.fios.frontiernet.net]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 31 May 2016 20:44:32 +0200 Received: from wireless by static-71-122-242-106.tampfl.fios.frontiernet.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 31 May 2016 20:44:32 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-user@lists.gentoo.org From: James Subject: [gentoo-user] Re: CoreOS vulnerability inherited from Gentoo? Date: Tue, 31 May 2016 18:44:18 +0000 (UTC) Message-ID: References: <3181100.83d2K62WRd@dell_xps> <1fbd2ef8-c75b-6ec1-af94-cb63caa0a531@mackal.net> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: sea.gmane.org User-Agent: Loom/3.14 (http://gmane.org/) X-Loom-IP: 71.122.242.106 (Mozilla/5.0 (X11; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0 SeaMonkey/2.40) X-Archives-Salt: 22a10b5c-0e9d-448b-8f26-0c8a885eb948 X-Archives-Hash: bce0b5e989fe8bb7ffff04c705b12ce9 Michael Cook mackal.net> writes: > >> [1] https://coreos.com/blog/ > > Does this mean we need to do anything to improve the security of our systems? It's going to depend, but surely a wide audience needs to poke at this... > I tried logging in as operator with any password, it did not work for > me. Unsure if that's because of my SSH set up or not though. The blog > post does however mention reverting their SSSD change did fix the issue, > so I assume if you set up SSSD the same way they did you would have > issues. With that being said, maybe it would be a good idea for the > gentoo pam team to set up pambase to support SSSD and not cause issues. > (Currently if you want to set up SSSD you are left to do it manually) I simple went looking for a pam<*>.conf file to make a simple edit and then test. It took me on a journey, so I posted here, figuring one of the others had already ferreted out the details.... Oddly, I was looking at DPI (deep packet inspection) tools readily available for gentoo, to test some protocols, including ssh*. I found nDPI and libndpi in overlays and suricata, which purports to be able to perform deep packet inspections and is Netfilter compatible. Since dpi can be a big drain on resources (of a single host), I was hoping somebody had already migrated a dpi family of codes to a gentoo cluster of some sort. Naddah. Ziltchen. Verboten! Since much of routing and network engines have move to clusters (sdn, nvf, etc) dpi is king of the hill for hot analytics..... Those folks deeply into penetration (professional assessment types) means are the best source for understanding dpi semantics. Every thing I have found where folks are migrating dpi to clusters, these companies, projects and experts are being snapped up by large corps, agencies and otherwise going 'off grid'. I'm not too sure what to make of all of this, but the pam issue is only the tip of the berg.....ymmv. hth, James