perfSONAR Announcements

[Joseph Bernard <>]

I was just typing the same email.  We just had one of our boxes used.  perl was running at 100% by user apache when I was applying patches which I thought was odd.  Look in your /var/log/httpd/access_log files to see that strings these people are using.  I’d post them here, but I don’t want to give anyone any ideas.

Thanks,

Joseph B.

On Sep 29, 2014, at 2:45 PM, Trey Dockendorf <> wrote:

I can confirm that un-patched systems are being used for botnets.  I just had two systems fall victim as I was not quick enough to apply the updates.  Lesson learned.

- Trey

=============================

Trey Dockendorf 

Systems Analyst I 

Texas A&M University 

Academy for Advanced Telecommunications and Learning Technologies 

Phone: (979)458-2396 

Email:  

Jabber:

On Mon, Sep 29, 2014 at 9:20 AM, Jason Zurawski <> wrote:

Greetings;

A reminder following Andy's note last week - If you haven't done so, please take a moment to update your perfSONAR nodes to protect against the shellshock vulnerability (https://access.redhat.com/articles/1212303).  That means:

 - If you are a LiveCD user, download the new version, burn, and reboot

 - If you are a netinstall user, 'yum update' and reboot

This is a serious issue for all systems that use bash, e.g. pS nodes and non-pS nodes, and there are emerging reports of un-patched machines being harvested for botnets.  News stories this morning seem to hint that things could still get worse:

        http://it.slashdot.org/story/14/09/29/024239/bash-to-require-further-patching-as-more-shellshock-holes-found

In the coming days we will continue to monitor security feeds and alert the community to additional news as it becomes available.  If we see upstream warnings, we will send them along to these 2 lists first.  If you have any reason to believe a machine has been compromised - remove it from the network and re-install immediately.

Please relay any questions you might have to .

Thanks;

-jason

On Sep 26, 2014, at 9:59 AM, Andrew Lake <> wrote:

> Hi all,
>
> Another new LiveCD has been posted with the bash fixes posted last night: http://software.internet2.edu/pS-Performance_Toolkit/. See https://rhn.redhat.com/errata/RHSA-2014-1306.html for details on the fix applied.
>
> As stated before NetInstall users just need to run 'yum update'. Also, the NetInstall ISO will not be updated because it by definition pulls down the latest packages so should get the fixes anytime someone does a new install.
>
> Thanks,
> Andy
>
>
>
> On Sep 25, 2014, at 9:20 AM, Andrew Lake <> wrote:
>
>> Hi,
>>
>> Thanks for pointing that out, I should have highlighted that in my note. We will likely do a follow-up ISO when that occurs. Since we don't have control over that timeframe, it could be later today or could be further out. You may end-up burning a couple ISOs in close succession if something close to the former is the case. As usual, we'll do our best to keep everyone posted.
>>
>> Thanks,
>> Andy
>>
>> On Sep 25, 2014, at 9:12 AM, "Christoph.Galuschka" <> wrote:
>>
>>> Hi all,
>>>
>>> it is also very likely that there will be a followup patch coming soon, as the first one seems to have been incomplete.
>>> See also this link:
>>> https://access.redhat.com/articles/1200223
>>>
>>> cheers
>>> Christoph
>>>
>>>> Andrew Lake <> hat am 25. September 2014 um 15:06 geschrieben:
>>>>
>>>> Hi all,
>>>>
>>>> Yesterday CentOS announced a critical bash vulnerability (see Jason's note that was sent to the perfSONAR lists copied below). We now have new LiveCDs and LiveUSBs available for users of those installation types at  http://software.internet2.edu/pS-Performance_Toolkit/
>>>>
>>>> As Jason noted yesterday, users of the NetInstall can simply run 'yum update' to get the new fixes. Also, since we almost always get asked in situations like this, if you are planning to do a new NetInstall but notice that the NetInstall ISO was not updated, that is because it will grab the latest packages at install time automatically. In other words, it will just work and you will get all the latest stuff, no new ISO required. Please let us know if you have any questions.
>>>>
>>>> Thank you,
>>>> Andy
>>>>
>>>
>>>> CentOS-QA member | IRC: tigalch