Enhanced Linux

Package : libthai
Vulnerability : integer overflow
Problem type : local (remote)
Debian-specific : no
CVE Id : CVE-2009-4012

Tim Starling discovered that libthai, a set of Thai language support routines, is vulnerable of integer/heap overflow. This vulnerability could allow an attacker to run arbitrary code by sending a very long string.

For the oldstable distribution (etch), this problem has been fixed in version 0.1.6-1+etch1.

For the stable distribution (lenny), this problem has been fixed in version 0.1.9-4+lenny1.

For the testing distribution (squeeze), and the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your libthai package.

I manage a number of different types of systems. I have an Arch Linux laptop, a Macbook installed with OS X, CentOS and RHEL machines at work, as well as Debian servers both at work and home. As if that weren’t enough I also maintain a few FreeBSD servers. Between all of these different Operating Systems and variants I find that certain files and commands aren’t always where I might expect them to be. For today’s article I’ve outlined different methods for finding files and binaries on Linux and UNIX systems.

Locate

The first tool I’ll share is the locate command. This command searches through an index, built-daily, of all files and folders on your machine. Locate should be available on all standard UNIX systems, and is generally a very fast way to search for files.

• Positives: fast
• Negatives: not very specific, index updated daily

If you need to re-build your index to include recently added files, you can run the command:

updatedb

Find

The find command is much, much more granular than the locate command but it can also be more complicated to use. Explaining all of its options would warrant a post of its own, so I’ll just outline a few basic uses.

• Positives: very, very granular search parameters
• Negatives: slower than other methods

To use the find command, refer to one of these examples:

find / -type f -iname "httpd.conf"
find . -type f -name ".bashrc"
find /etc/ -type f -name "hosts.*"
find /usr/local/ -type d -iname "www"


These examples are all very similar, with only slight variations, to give you an idea of some of the power of find. Again, find can do much more than this, but this is enough to get you started.

• The first command searches from the root directory for any files (-type f) for the case-insensitive string of “httpd.conf”.
• The second command searches the current working directory for any files with the case-sensitive name of “.bashrc”.
• The third command searches within the /etc/ directory (and subdirectories) for any files matching the name “hosts.*”
• The last command searches within the /usr/local/ directory for any directories (-type d) with the case-insensitive name of “www”.

As you can see, find can be very flexible and this only touches on the advanced search patterns it can define. I highly suggest you have a look at the find man page for more information!

Which

The which command searches for binary files within your PATH. For example, let’s say you need to know the full path to the wget command. You could use:

which wget

You should see something along the lines of:

/usr/bin/wget

Binaries may be stored in different places on different systems, which is again why it is important to know how to find them. I use which frequently within my scripting in an attempt to make scripts portable. Let me give you an example:

#!/bin/bash
if [ -x $(which wget) ]; then
$(which wget) http://example.com/file.txt
fi

This very simply script doesn’t make any assumptions about the availability or the location of the wget tool. It does a simple check to see if the binary, as defined by its full path, is executable and if so use it to download a file. If wget does not exist the script will do nothing, and if it does exist it will be sure to execute it by its full path.

This tool has been helpful when moving between operating systems and variants. It helps me ensure I know exactly where files are, and not make any assumptions.

Whereis

The whereis tool is similar to the locate tool in that it is not as granular as find, and it is also similar to the which tool in that it searches only a predefined PATH for files. I use whereis constantly on my FreeBSD systems to search for ports within the ports tree. An example:

whereis portmaster

This would give me the output (assuming it is installed), of:

portmaster: /usr/local/sbin/portmaster /usr/local/man/man8/portmaster.8.gz /usr/ports/ports-mgmt/portmaster

This searches the standard binary, manual page, and source directories. As you can see from the above output, I have a result from each. This tells me where the binary is in its full path, where the man page(s) is stored as well as within the ports tree. If I didn’t have it installed, the only result I would be given would be the ports tree entry. This would help me find the path, allowing me to install it.

Conclusion

All of these tools are standard UNIX binaries that you should find on any system. Each tool has its own strengths and weaknesses, and none of them will always do the job the right way. I find myself using each of these on a regular basis, each for its own strengths. I would invite you to start using these commands in your day-to-day as needed, and read more about them.

Despite the fact that I am a Red Hat Certified Engineer, and manage Red Hat and CentOS for a living, I prefer running Debian 5.x (Stable) on my personal servers.  The one thing that I end up needing to add to my Debian servers however is Logwatch (which is default on Red Hat). This post will outline how to install, configure and verify Logwatch on your Debian 5.x (Stable) server.

From the Logwatch home page:

Logwatch is a customizable log analysis system. Logwatch parses through your system’s logs for a given period of time and creates a report analyzing areas that you specify, in as much detail as you require. Logwatch is easy to use and will work right out of the package on most systems.

Installing Logwatch

To install the Logwatch Log Monitoring tool, you’ll need to install the required package. This package should be available in the main repository and simply requires Perl and a Mail Transport Agent. Perl is something you’ll likely already have, and Exim should be installed by default (although I prefer Postfix).

Use the following command to install Logwatch:

sudo aptitude install logwatch

Configure Logwatch

Logwatch runs via cron each day and, assuming you want to receive these reports, you’ll likely want to configure it to send these reports via email. You’ll need to update the configuration to output to mail as well as define the address you’d like it to send to. This is done in the following file:

/usr/share/logwatch/default.conf/logwatch.conf

The two changes you’ll want to make are as follows:

1. You should find, around line 35, a setting for Output. You’ll want to change this to mail.
2. Find, around line 44, the setting for MailTo. You’ll want to change this to the email address you’d like the reports sent.

You can verify the functionality by simply running the logwatch command and checking the email account you configured.

Troubleshooting

If you find that you don’t receive an email as expected, it is likely an issue with your Mail Transport Agent (Exim, Postfix, Sendmail, etc..) Take a look at /var/log/mail.log and see if that gives you any hints.

I have run into machines where Exim, the default Mail Transport Agent, was not configured properly to be able to send email outside of the machine. You can try to reconfigure Exim by reconfiguring the package installation:

sudo dpkg-reconfigure exim4

You can also try installing something you might be more familiar with. Perhaps Postfix or Sendmail. If you install Postfix, select the “Local Only” option during installation and it should work as expected.