Pages

Monday, February 26, 2018

Fedora 27 : The LXMusic music player for LXDE.

The LXMusic come with version 0.4.7-4 , update and bugs fixes.
It is a minimalist music player for LXDE with very few features .
This simple XMMS frontend music player named LXMusic has very few features.
I used to playing my list of music files and works great.
The install can be done with dnf tool:
# dnf install lxmusic

Wednesday, February 21, 2018

Fedora 27 : selinux and getfattr attributes.

In this tutorial I show you how to use the getfattr command to get extended attributes of filesystem objects and security selinux.
One attribute is selinux.security for selinux and other like:

  • security.capability - the security.capability files stores Linux capabilities for the related file and is applies to binaries which are provided one or more capabilities via this file.
  • security.ima - for the Integrity Measurement Architecture (IMA), the file security.ima stores a hash or digital signature.
  • security.evm - this is similar to security.ima, the Extended Verification Module (EVM) stores a hash/HMAC or digital signature in this file ( the different with IMA is that it protects the metadata of the file, not the contents).

Now, about selinux.security :
You can use for example the getfattr command to perform specific security selinux tasks:

# getfattr -m security.selinux -d /etc/passwd
getfattr: Removing leading '/' from absolute path
names
# file: etc/passwd 
security.selinux="system_u:object_r:passwd_file_t:s0"
# getfattr -m security.selinux -d /etc/shadow
...
# getfattr -m security.selinux -d /var/www d /var/www
...
Both getfattr and setfattr commands has provided by the POSIX ACL package (Portable Operating Systems Interface).

Thursday, February 15, 2018

Fedora 27 : The strace tool for debug.

Today I test a great tool named strace from here.
This tool will help you with diagnostic, debugging and monitor between processes and the Linux kernel.

For example you can test this tool with ls command:
- to display only a specific system call, use the strace -e option as shown below.
$ strace -e open ls > /dev/null
- the result of this will come with all infos about count time, calls, and errors for each system call.
$ strace -c ls > /dev/null
- save the trace execution to a file:
$ strace -o output.txt ls
- display and save the strace for a given process id:
$ strace -p 1725 -o process_id_trace.txt

You can see more examples on the official webpage.

Tuesday, February 13, 2018

Fedora 27 : Test browsers for inline security.

Open the browser with this page: https://github.com.
Next step is to open the Developer Tools console.
If you use Opera then you can use this keys: Ctr+Shift +C .
If you use Firefox or Chrome browsers use F12 key.
Paste the following code into the console area to create a new inline script and add this java script:
var test = document.createElement('script');
test.innerText = 'alert("hi there");'
document.body.appendChild(test);
For example, this is a good security result on my Opera browser.

The result of this message tell us about the script we tried to execute was stopped by the browser.