/proc/self/loginuid ã« write ããã¨è¨é²ããã Audit ãã°ã«ã¤ãã¦èª¿ã¹ã type=LOGIN msg=audit(1727786101.781:162): pid=4232 uid=0 subj=unconfined old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=3 res=1UID="root" OLD-AUID="unset"â¦
Linux ã® audit ãã°ã å é¨ã®å®è£ ã調ã¹ããã ä½ã¨ãªããªç¥èã¾ã¾æ±ã£ã¦ããã®ã§ããã£ã¡ãæ´é ãã¦ã¿ããã¨èª¿ã¹ç©ããã¦ãããã«ã¼ãã«ã®ã½ã¼ã¹ãèªãã ããlibaudit ã®ã½ã¼ã¹ãèªãã ãã kernel.org github.com audit ãã°ã¯ã«ã¼ãã«å é¨ã§çæããããâ¦
æ¥åä¸ã« Linux ã® OOM ãã©ã¼ã® dmesg ãè¦ã¦ããããè¦æ £ããªãå½¢å¼ã®ãã°ããã£ãã®ã§èª¿ã¹ã¦ã¿ã ãã° ãããªãã°ã§ã May 23 02:06:26 **** kernel: [40872.663481] Memory cgroup out of memory: OOM victim 46452 (nginx) is already exiting. Skip kiâ¦
3æã«èµ°ã£ããã®ã®ãéªã§å¼ãè¿ããã³ã¼ã¹ãåãã£ã¬ã³ã¸ããè¨é² hiboma.hatenadiary.jp å ´æã¯ãã®è¾ºã§ãã
ä¸æ¸åæ²¢ã®æéãæ£çããè¨é²ãå ´æã¯ãã®è¾ºã§ãã
é´«å ã®å°ããªæ²¢ãæ£ç ð èµ°ã£ãã«ã¼ãã§ã
å®æ¸å±± (1152m) ãèµ°ã£ã¦ç»ã£ãè¨é²ã ã³ã¼ã¹ã¯ãããªæãã§ããã¢ã°ãªãã«å¡©åå´ããä¸ã£ã¦ãèæ²¼æ¹é¢ã¸éãã¾ããã
å¡©åãã è¿ãã®ãç¹ã«ååãã«ã¼ããããããã§ããªããã ã®å±±éãèµ°ã£ã¦ããã å ´æã¯ããã§ãã èµ°ã£ãã³ã¼ã¹ã¯ãããªæãã§ãã2æéããããªãããã㧠走ã + ç»ã ãã§ããä½å±±ãã¬ã¼ãã³ã°ãªã³ã¼ã¹ã«ãªãããã ã¡ããã© â ã§èµ°ã£ãã«ã¼ãã®åå´ã«ãªâ¦
深山ãã ã«è¡ãéä¸ã®ç¢æ²¢ã®æ»ãã¿ã¦ããã®å¾ã¯ç¢æ²¢æ²¿ãã®æéãèµ°ã£ã¦ããã ç¢æ²¢ã®æ»ã¯ããã§ãã é»ç£¯ç°å³¶ç·ã®è»éããç¢æ²¢ã®æ»ã¾ã§ã¯ 70ã80m ã»ã©ã®å´ãéããªãã¨è¡ããªããå£ã³ãã«ããã¨å´ä¸ã¾ã§è£å©ãã¼ããè²¼ã£ã¦ããããã ã©ãã«ãã¼ããããã®â¦
ä¸æ¸åæ²¢æéãèµ°ã£ã¦æ£çããè¨é² å ´æã¯ããã§ãã ã¤ãã¬ã³ã®è¨é² æéã®å ¥å£ã§ãã1km ãé²ãã¨éãå´©è½ãã¦ãã¦è»ãéè¡ã§ããªãã®ã§ãç«ã¡å ¥ã人ãå°ãªãã¿ããã§æ¯ãèãã¤ããã¾ãã£ã¦ãã¾ãã å®å ¨ã«æ²¢ã«éãããå ´æãå¤ã æ²¢ã®è¡¨æ ãè±ãã¨ãããâ¦
æ¿å®¤æ¸©æ³ããæ²¼ãååå°ã«ã¬ããéãæ£çãã¦ããã(éä¸ã®åå²ã§ä¹å¥³ã®æ»ã«å¼ãè¿ãã) ã¤ãã¬ã³ã®è¨é² ã¾ã㯠æ¿å®¤ã®æ¸©æ³è¡ã«ã¢ããã¼ããã¾ã ( 帰ãã«æ®ãã¾ãã ) ããã®æ 館ã®å¥¥ã«å±±ã«ç¶ãéãããã¾ãã å°ããå· ( 湯å·? ) 沿ãã«ç»ã£ã¦è¡ãã¾ããå®â¦
ç¢æ¿å¸ã®éç²¾å·æ²¿ãã®æéãèµ°ã£ãè¨é² ã¤ãã¬ã³ã§è¨é²ããã³ã¼ã¹ éç²¾å·ã§èª¿ã¹ãã¨ãéç²¾å´ã®ã¾ãæ± ããããããããããé£ãå ã¨ã¬ã¹ãã©ã³ã人æ°ã¿ããã§ãçå¤ãã³ãã¼ã®è»ãããã¿ã www.konseigawa.com ããè¿æã«ã¯æ樹åããã£ã³ãå ´ããã£ã¦ããç°â¦
æ¿å®¤æ¸©æ³ããé£é é«åã®æ·±å±±ãã ã«è¡ãéä¸ã®ãç¢æ²¢ã沿ããèµ°ã£ã¦ããè¨é² Google ãããã ã¨ãã®ã¸ãã§ã ä¸æéã¡ãã£ã¨èµ°ãåã£ã¦ã¾ãã ãã®æ©ãããã£ã¦è¡ãã¾ããè¿ãã« 5-6å° è»ãåããããå ´æããã£ã¦ã¢ã¯ã»ã¹ãããã 3æããæ¸æµé£ãã解ç¦ããâ¦
ç¢æ¿å¸ å å·ãæ¨ãè½æ²¢ã®æéãèµ°ã£ãè¨é² Google Map ã ã¨å ´æã¯ãã®è¾ºã§ã YamaReco ã®å°å³ã 㨠ãããªã«ã¼ããèµ°ãã¾ãã æéã®å ¥å£ä»è¿ã¯ç®¡çãããææã§ãã 10æ°åèµ°ã£ã¦ããã¨ã人ã®æãå ¥ã£ã¦ãªããããªæ£® (å³) ãè¦ãã¦ãã¾ãã æ²¢ã¯éãããã â¦
æ¨å¹´ã®9æã« CrowdStrike Falcon ã® API ã¯ã©ã¤ã¢ã³ãã§ãã crimson-falcon ( Ruby ) ã«ãã°ã¬ãã¼ããåºãã¦ããã®ã ããããããåçããã¦ãã°ã解決ãã¦ãããã ããã github.com ã³ã¡ã³ãä»ãã®ãã ãã¶æéãåã£ãã®ã§ãããããããå æ¹ã®äºæ ããâ¦
findy.connpass.com ã¤ãã³ãã«ãªã³ã©ã¤ã³ç»å£ãã¾ãã! çºè¡¨ã®è³æã¯ãã¡ãã«ãªãã¾ãã speakerdeck.com ææ³ 2023年㯠bot ã®éçºãã¼ã¡ã¼ã¡åæ»ãã¦ãããã¨ããã£ã¦ãæ°ãããã¿ã¯ãã¾ãçãè¾¼ããã¹ã©ã¤ããã©ãæ§æããããè¿·ã£ã¦ããã®ã§ããã éå»â¦
Findy æ§ãããèªããé ãã¦ãä¸è¨ã®ã¤ãã³ãã«ãªã³ã©ã¤ã³ç»å£ / LT ããã¾ãã findy.connpass.com X ã§ã®å®£ä¼ãã¹ãã¯ãã¡ãã§ãã ï¼ #Findy ãªã³ã©ã¤ã³ã¤ãã³ãææ°æ å ±ã¤ã³ã·ãã³ãããã¸ã¡ã³ãLTã¤ãã³ãï¼¼2024/2/21(æ°´)12:00~13:15ï¸ @hiboma ããï¸ @gâ¦
Incident Response Meetup vol.1 ã«ãªã³ã©ã¤ã³è¦è´ã§åå ãã¾ãã 1 incident-response.connpass.com çºè¡¨ãããå社ããã§ãã¤ã³ã·ãã³ã対å¿ã§ã®ç´°ããªãã©ã¯ãã£ã¹ã®éãã¯ããã©ãæ¡ç¨ãã¦ãããã¬ã¼ã ã¯ã¼ã¯ãä½å¶ãæ§é åãã¦ããæ¹åæ§ãæ±ãããæ©ã¿â¦
éå¬ 200å ããã! toruby.connpass.com 家åºã®é½å㧠1年以ä¸åå ã§ãã¦ãã¾ããã§ããã å½æ¥ãã»ã³ã³ããã«ã声ããããã ããã®ã¨ãå¹´æ«ãªã®ã¨ã200åç®ãªã®ã¨ã§ä¹ ã ã«åå ã§ãã .... ã¨ããããæ¬ å¸ã®æ¹ãå¤ãã£ãã®ã§èªæ¸ä¼ã¯ã¹ããããã¦ã西é£é éâ¦
Notion ã« åã®ãã¼ã¸ã次ã®ãã¼ã¸ ã«é·ç§»ããã·ã§ã¼ãã«ãããã¼ããã å¥ã®ã·ã§ã¼ãã«ãããã¼ã«å¤ããããªã£ãã®ã§ Karabiner-Elements ã§è¨å®ãå¤æ´ãã karabiner-elements.pqrs.org ~/.config/karabiner/karabiner.json ã«ä»¥ä¸ã® JSON ã追å ã㦠optiâ¦
hiboma.hatenadiary.jp ãã¡ãã®ç¶ãã®ã¨ã³ããªã§ãã TechFeed Experts Night#19 ã§çºè¡¨ããåç»ã¨ã¹ã©ã¤ãã¯æ¢ã«å ¬éæ¸ã¿ã ã£ãã®ã§ããããã®ãã³æ°ãã«çºè¡¨å 容ãæ¸ãèµ·ãããè¨äºã追å ããã¦ãã¾ãã techfeed.io ã¹ã©ã¤ãã«æ¸ãã¦ãªã説æãå£é ã§è£â¦
ãã°ããã¾ã¨ããã®ããµãã£ã¦ããèªè»¢è»ã®è¨é²ãæ¥å é§éé«åã®å¤§ç¬¹ç§å ´ãå æ¹æ²¢æ©ã¾ã§èµ°ã£ã æ¢ é¨å ¥ãããã®ãåã®ãããªæ´å¤©ã«æµã¾ãã¾ããã è·é¢ 121km ç²å¾æ¨é« 1514m
ä¸è¨ã®ã¨ã³ããªã®ç¶ãã§ã hiboma.hatenadiary.jp setuid ãããã¤ããªã /dev/full, /dev/null ã open ãã glibc å®è£ ãåãããªãã£ãã®ããå ã®ã¨ã³ããªã®å®¿é¡ã§ãã ãããã調ã¹ã¦ã¿ã¦ csu/check_fds.c ã ã¨åããã¾ãã libdw ããªã³ã¯ãã strace â¦
以ä¸ã®è¨äºãèªã㧠setuid ãããã¤ããªãå®è¡ããæåã§æ°ãã«ç¥ã£ããã¨ããã£ã lwn.net 以ä¸ã«å¼ç¨ãã Some OSes (e.g., OpenBSD) protect against this by opening /dev/null on any unused FDs in the 0-2 range when execing a setuid program. As â¦
以åãããªã¨ã³ããªãæ¸ãã¦ãã hiboma.hatenadiary.jp strace 㧠-k ãæå®ãã㨠ã·ã¹ãã ã³ã¼ã«å¼ã³åºãã®ã¹ã¿ãã¯ãã¬ã¼ã¹ãæ¡åã§ããã®ãç¥ã£ããv4.9 ãã使ãã experimental æ±ãã®ãªãã·ã§ã³ ã¨ããå 容ã®ã¨ã³ããªã§ããã ããããªãã CentOS7.â¦
注) /dev/null ãããªã㦠/dev/full ã«é¢ããã¨ã³ããªã§ãã /dev/full ã¯ä½ã§ãã? write(2) ããã¨å¿ ã ENOSPC ãè¿ããã£ã©ã¯ã¿ããã¤ã¹ã§ãã $ echo hello > /dev/full -bash: echo: write error: No space left on device ãããããã°ããããªãã£ã©â¦
Linux 㧠setuid ãããã¤ããªã§æ¤è¨¼ä½æ¥ãã¦ããæã«ç¥ã£ã /edtc/suid-debug ã«ã¤ãã¦èª¿ã¹ãå 容ã§ãã ãªã ãããªãã¨ã調ã¹ã¦ããã®ã§ãã? ã¾ããsetuid-sleep ã¨ãã setuid ãããã¤ããªãããªã¾ãããã㯠sleep ããã ãã® setuid æ¤è¨¼ç¨ã®ãã¤ãâ¦
hiboma.hatenadiary.jp ãã®ã¨ã³ããªã®ç¶ãã§ãã deb ããã±ã¼ã¸ã® configure ãªãã·ã§ã³ã¯ã©ããã£ã¦ç¢ºããããã ã£ãããª? ã¨èª¿ã¹ã次第 ç°å¢ Ubuntu jammy ã® docker ã§ä½æ¥ãã 1. deb ã® source ããã±ã¼ã¸ãåå¾ããã¡ã¤ã«ã·ã¹ãã ã§å±éãã ãããâ¦
ã¨ãã RPM ããã±ã¼ã¸ã® configure ã調ã¹ããç¨äºããã£ãã®ã§ãæé ãã¨ã³ããªã¨ãã¦æ¸ãèµ·ããã¾ãã ç°å¢ CentOS7 ã® docker ã§ä½æ¥ãã 1. SRPM ããã¡ã¤ã«ã·ã¹ãã ã§å±éãã ä»åã¯å¯¾è±¡ã® SRPM ã rpm ã§ç´æ¥ GET ãã¦å±éãã¾ããvault.centos.org â¦
techfeed.io ãã©ãã«ã·ã¥ã¼ãã£ã³ã°ãã Linux ã«ã¼ãã«ã«æ½ãè¾¼ã ãã¿ã¤ãã«ã«çºè¡¨ããã¾ãã speakerdeck.com Linux ã«ã¼ãã«ã®ã³ã¼ããèªãåæ©ã¯äººã«ãã£ã¦æ§ã ã¨æãã¾ãããç§ã®å ´åã¯ãã©ãã«ã·ã¥ã¼ãã£ã³ã°ã大ããå ãã¦ããæãã§ãã ä»åã®çºâ¦