Author Archives: phocean

Cisco configuration buffer full

I got this weired message while trying to save a configuration :


#wr mem
Building configuration...
% Warning: Saving this config to nvram may corrupt any network management or security files stored at the end of nvram.
Continue? [no]: no
% Configuration buffer full, can't add command:
************************************************************************

Looks scary at first, but normally it should be solved with a single command :


# configure terminal
(config-ter)# service compress-config
(config-ter)# end
# write mem

I guess that there are little chances the issue remains after that, but if so, well, you may be in trouble…

How to activate music preview in Nautilus

It allows to play a music file by letting the cursor over it, without opening a player.

Very easy to set up :

$ zypper install mpg123

and it should work immediatly.

Netflow on MLS switches

I had some trouble today at office with monitoring flows going through a MLS switch.

The Nfsen collector was working well for our routers, but I came to realize there were something definitely wrong with the traffic going through a Cisco 6500 switch.

The traffic reported was way below the real one.

After some research, what I suspected was confirmed by this documentation from Cisco.

Some more steps are required to make Netflow report flow processed by the switching module.

Otherwise, as only the first packet is routed and the following ones are switched by CEF, Netflow will only see the first packet at layer 3.

That explains why the reported traffic was ridicoulously small.

So, where on routers the following commands are enough :

(config)# ip cef
(config)# ip flow-export version 5
(config)# ip flow-export destination 192.168.1.1 1234
(config)# interface fa 1
(config-if)# ip route-cache flow

On MLS switches (like 6500 or 7200), add :

(config)# mls netflow
(config)# mls nde sender
(config)# mls aging long 64
(config)# mls flow ip full

The commands are described there. Unfortunately, as often with Cisco, they may vary depending on the IOS version your are running.

No Nessus gui client and limited support of the server for openSUSE

As I work on security, I used to use Nessus on my openSUSE system.

But it seems that Tenable Network Security dropped support for the client on our favorite distribution.

At least, for some reason, they stopped making an universal statically linked binary (though they keep doing it for the server part) and it hasn’t changed since april.

Even the server has a rather limited and obsolete support of openSUSE 10, whereas Debian, Ubuntu and Fedora have support for various versions and architectures. Check there.

This is rather a shame, as openSUSE is one of the major distribution.

I tried some workarounds like converting the deb packages, but, as expected, there are some dependancies issues.

So far, it seems that not many people are affected, because there are not many voices on the forum. I can live without it, but however, this is often a nice and useful tool.

Does anyone use it here ? Or did you get it to work somehow ? If you feel concerned, please let it know to Tenable !

openSUSE : default desktop going to be KDE, but…

What is this ?

It is said that this change is useless and won’t make any difference. In a few words, you consider that the request was stupid.
On that point, and also as a Gnome user, I agree.

In that case, why would you change anything ?

No one is going to be satisfied with this. It is not a compromise, just nonsense.
KDE users will be disappointed and Gnome users will feel marginalized.

The only thing that would have made sense were either following the request and focussing on KDE integration, or clearly reject it and leave things as they are.

openSUSE kernel sources : patching against sock_sendpage() NULL Pointer Dereference vulnerability

I am using the 2.6.30 kernel sources from Kernel:linux-next and noticed that it has not yet been patched against the ’sock_sendpage()’ NULL Pointer Dereference vulnerability.

The threat is serious as it could allow a local user to gain root privileges.

Those who compile their own 2.6.x kernel should apply this patch (from Linus, check there for more info) .

Within your kernel source folder :

$ patch -u -p0 < sock_sendpage.patch

I hope an official patch will be released soon for all kernels. I did not check if the 11.1 kernel has already been patched or not.

Phocean.net

Computer Security Blog