New kernel 3.10.0-123.13.1.el7.x86_64 loses my tv tuners

2014-12-12 Thread John Pilkington 
I've posted about this on the mythtv-users list but it also belongs here 
and probably on linux-media too.


[john@HP_Box ~]$ dmesg | grep adapter
[1.845944] DVB: registering new adapter (Kworld UB499-2T T09(IT9137))
[john@HP_Box ~]$ dmesg | grep DVB
[1.556887] saa7133[0]: subsystem: 0070:6700, board: Hauppauge 
WinTV-HVR1110 DVB-T/Hybrid [card=104,autodetected]
[1.695217] tveeprom 0-0050: TV standards PAL(B/G) NTSC(M) PAL(I) 
SECAM(L/L') PAL(D/D1/K) ATSC/DVB Digital (eeprom 0xfc)

[1.708443] DVB: Unable to find symbol tda10046_attach()
[1.736049] usb 2-2: Product: DVB-T TV Stick
[1.845944] DVB: registering new adapter (Kworld UB499-2T T09(IT9137))
[1.848465] DVB: Unable to find symbol it913x_fe_attach()
[john@HP_Box ~]$ uname -r
3.10.0-123.13.1.el7.x86_64
[john@HP_Box ~]$

for comparison with this, which works:

[john@HP_Box ~]$ dmesg | grep "registering adapter"
[   14.345933] usb 2-2: DVB: registering adapter 0 frontend 0 (Kworld
UB499-2T T09(IT9137)_1)...
[   14.991941] usb 2-2: DVB: registering adapter 1 frontend 0 (Kworld
UB499-2T T09(IT9137)_2)...
[   20.597036] saa7134 :07:04.0: DVB: registering adapter 2 frontend
0 (Philips TDA10046H DVB-T)...
[john@HP_Box ~]$ uname -r
3.10.0-123.9.3.el7.x86_64
[john@HP_Box ~]$

3.18.0-1.el7.elrepo.x86_64 doesn't see the Hauppauge/Philips device at all.

John P

Re: turla

2014-12-12 Thread Yasha Karant 
My amount of concern depends upon just what this infection can do -- 
including transmission of sensitive data and/or a root compromise.


From your response, are you assuming a separate stand alone hardware 
firewall that is filtering all traffic to the server, or an application 
running on the server?


Yasha Karant

On 12/11/2014 06:09 PM, Paul Robert Marino wrote:
If you are really worried about this put a "web  application firewall" 
in front of your server in other words a squid reverse proxy which 
tests the inbound data through a filter application, or if you are 
really brave you can try in line snort in iptables.


I would personally love to see an inline implementation of snort 
hooked into squid instead of iptables.




-- Sent from my HP Pre3


On Dec 10, 2014 5:16 AM, Karel Lang AFD  wrote:

Hi,
i'm not much afraid of this. I run all servers i take care of with tight
SELinux policies.
I dont think this poses a threat to a secured server.

Don't get me wrong, i'm not saying i'm a 'master knowing all, afraid of
nothing' :] I know, i'm not, that's why i've got everything backed up
and barebone reinstall procedure in place - in case, disaster happens
(box is hacked, burnt, stolen, 3rd WW started - in this case i also have
a bottle of whiskey in my stash :D)

And if all this is in vain, then you should at least have a good
insurance, if your business is really critical.

Biggest threat to any Linux box server (IMHO) is still at the social
(engineering) level, like exceptions with weak passwords for some
'special' users, stolen laptops, secretary giving away her pw to any guy
who says he needs it because he's from IT department .. etc etc :]


--
*Karel Lang*
*Unix/Linux Administration*
l...@afd.cz | +420 731 13 40 40
AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz


On 12/09/2014 07:23 PM, Yasha Karant wrote:
> I am attempting to discover the degree of penetration of the following
> compromise methodology into EL systems, particularly SL 6 and SL 7. I
> apologize for including the actual article in addition to the URL;
> however, if the URL should be compromised or removed, the material 
is of

> sufficient importance to be retained. At the moment, I do not have time
> to research this item; however, I suspect that there are subscribers to
> this list who have more detailed information. There is mention of a
> tool called YARA that will help in the detection (albeit evidently
> neither the quarantine nor removal of the infection) -- has anyone used
> this tool and is it effective?
>
> Yasha Karant
>
> From: https://securelist.com/blog/research/67962/the-penquin-turla-2/
> The 'Penquin' Turla
>
> A Turla/Snake/Uroburos Malware for Linux
> By Kurt Baumgartner, Costin Raiu on December 8, 2014. 7:05 pm
>
> Recently, an interesting malicious sample was uploaded to a
> multi-scanner service. This immediately triggered our interest because
> it appears to represent a previously unknown piece of a larger puzzle.
> That puzzle is "Turla", one of the most complex APTs in the world.
>
> We have written previously about the Turla APT with posts about their
> Epic Turla operations
> 


> and Agent.btz inspiration
> 
 
.
> So far, every single Turla sample we've encountered was designed for 
the

> Microsoft Windows family, 32 and 64 bit operating systems. The newly
> discovered Turla sample is unusual in the fact that it's the *first
> Turla sample targeting the Linux operating system* that we have 
discovered.

>
> This newly found Turla component supports Linux for broader system
> support at victim sites. The attack tool takes us further into the set
> alongside the Snake rootkit
>  and
> components first associated with this actor a couple years ago. We
> suspect that this component was running for years at a victim site, but
> do not have concrete data to support that statement just yet.
>
> The Linux Turla module is a C/C++ executable statically linked against
> multiple libraries, greatly increasing its file size. It was 
stripped of

> symbol information, more likely intended to increase analysis effort
> than to decrease file size. Its functionality includes hidden network
> communications, arbitrary remote command execution, and remote
> management. Much of its code is based on public sources.
>
> *Md5* *Size* *Verdict Name*
> 0994d9deb50352e76b0322f48ee576c6 627.2 kb N/A (broken file)
> 14ecd5e6fc8e501037b54ca263896a11 637.6 kb HEUR:Backdoor.Linux.Turla.gen
>
> General executable characteristics:
>
> ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically
> linked, for GNU/Linux 2.2.5, stripped
>
> Statically linked libraries:
>
> * glibc2.3.2 - the GNU C library
> * openssl v0.9.6 - an older OpenSSL libr