-
Notifications
You must be signed in to change notification settings - Fork 14
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
909711c
commit 1cfec5a
Showing
3 changed files
with
144 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| --- | ||
| title: GLIBC Vulnerability on Servers Serving PHP | ||
| date: '2024-04-22' | ||
| description: 'Information and temporal solution to CVE-2024-2961' | ||
| posttype: 'news' | ||
| author: Alexia Stein, Community Deputy Lead | ||
| --- | ||
|
|
||
| Last week, [CVE-2024-2961](https://nvd.nist.gov/vuln/detail/CVE-2024-2961) was announced. In brief, systems using glibc and serving php content | ||
| could potentially be at risk. The vulnerability is related to the ISO-2022-CN-EXT character set. | ||
|
|
||
| While at the time of writing this article there is no glibc package with the fix, a small workaround to disable the compromised character set is advised. | ||
|
|
||
|
|
||
| First, let us check if the system has the compromised set, running ``` iconv -l | grep -E 'CN-?EXT'``` | ||
|
|
||
| If there is no output, the system is safe to this vulnerability. If the output is similar to the one below, the system is vulnerable. Read below | ||
| for the steps to fix it. | ||
|
|
||
| ``` | ||
| [lexi@emerald gconv]$ iconv -l | grep -E 'CN-?EXT' | ||
| ISO-2022-CN-EXT// | ||
| ISO2022CNEXT// | ||
| ``` | ||
|
|
||
| Browse to ```/usr/lib64/gconv/gconv-modules.d``` | ||
|
|
||
| Edit ```gconv-modules-extra.conf``` | ||
|
|
||
| Go to line 1254 and comment out the following: | ||
|
|
||
| ``` | ||
| alias ISO2022CNEXT// ISO-2022-CN-EXT// | ||
| module ISO-2022-CN-EXT// INTERNAL ISO-2022-CN-EXT 1 | ||
| module INTERNAL ISO-2022-CN-EXT// ISO-2022-CN-EXT 1 | ||
| ``` | ||
|
|
||
| do ```sudo iconvconfig``` to regenerate the cache. | ||
|
|
||
| now, running ```iconv -l | grep -E 'CN-?EXT'``` should return no output. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,65 @@ | ||
| --- | ||
| title: Rocky Linux included in new Azure Community Galleries Feature | ||
| date: '2024-04-23' | ||
| description: 'Downloading Rocky Linux from Azure community galleries has been more accessible since November 2023, with prebuilt images for x86_64 and aarch64 accompanying the version 8.9 and 9.3 release.' | ||
| posttype: 'news' | ||
| author: Neil Hanlon, Infrastructure Lead | ||
| --- | ||
|
|
||
| # Rocky Linux included in new Azure Community Galleries Feature | ||
|
|
||
| Downloading Rocky Linux from Azure community galleries has been more accessible since November 2023, with prebuilt images for x86_64 and aarch64 accompanying the version 8.9 and 9.3 release. | ||
|
|
||
| ## Changes in accessibility | ||
|
|
||
| Historically images of open-source operating systems have not been included in Azure unless they are packaged for-profit with specific paid offerings and long term support. With the advent of standalone enterprise-class community Linux has come the case for expanding inclusion. | ||
|
|
||
| Understanding this, Microsoft was willing to work with the Rocky Linux team and others to secure this change. We appreciate the patience and persistence of everyone involved—from gathering information and solving technological puzzles to allocating resources. As a result of this new form of availability, more developers and universities and other use-cases can utilize community-driven enterprise software for everything from SBCs to HPC via [Community Gallery](https://aka.ms/communitygallery). | ||
|
|
||
| Learn more about community galleries in Azure from the [Microsoft blog](https://aka.ms/communitygalleryblog). | ||
|
|
||
| ## Deploying Rocky Linux on Azure | ||
|
|
||
| Getting started with Rocky on Azure has never been easier–in just a few steps you can be up and running with a virtual machine anywhere in the world. | ||
|
|
||
| 1. Login to the Azure portal | ||
|
|
||
| Login to Azure at [https://portal.azure.com/](https://portal.azure.com/) | ||
|
|
||
| 2. Search for Rocky Linux | ||
|
|
||
| Search for “Community Images” in the top bar and navigate to the Service | ||
|
|
||
|  | ||
|
|
||
| Once here, search for the Rocky Linux images using the gallery name “rocky-dc1c6aa6-905b-4d9c-9577-63ccc28c482a”. | ||
|
|
||
|  | ||
|
|
||
| 3. Select the image suiting your needs | ||
|
|
||
| Rocky offers both Base and LVM-enabled images for both 8 and 9, depending on your preference. In both cases, the root partition is the last partition allowing for ease of expansion using growpart and/or LVM utilities. | ||
|
|
||
|  | ||
|
|
||
| 4. Configure the the Virtual Machine deployment | ||
|
|
||
| Click the “Create VM” link on the image you wish to use to begin the deployment process. The portal will prompt you for information like the name, resource group, authentication details, and more. | ||
|
|
||
|  | ||
|
|
||
| 5. Review and start deployment | ||
|
|
||
| Once satisfied with the configuration options, proceed to the Review + Create button to double check your settings and begin the deployment by clicking “Create” | ||
|
|
||
|  | ||
|
|
||
| Of course, you can also deploy these images using the command line, API, or your favorite Infrastructure-as-Code tool. Keep an eye out for a future blog post detailing how to get started with automated cloud deployments. | ||
|
|
||
| ## Going forward | ||
|
|
||
| Our method of generating these images is related to the process of the Fedora Cloud SIG. At the moment we intend to refresh images on a regular schedule around the existing Rocky Linux release, and ideally keep all image versions available for use. | ||
|
|
||
| We are grateful for the efforts of the Fedora Cloud SIG and the Rocky Linux Cloud SIG in pushing this change forward, and Microsoft’s commitment to getting the community gallery option up and running. | ||
|
|
||
| Want to learn more about how community galleries work, and try it out yourself? Check out best practices [here](https://learn.microsoft.com/en-us/azure/virtual-machines/share-gallery-community). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| --- | ||
| title: SCaLE 21x Recap | ||
| date: '2024-03-27' | ||
| description: 'Celebrating a busy yet fun event' | ||
| posttype: 'news' | ||
| author: Krista Burdine, Community Team Lead | ||
| --- | ||
|  | ||
|
|
||
| The Rocky Community team had a great time at the Southern California Linux Expo, aka SCaLE 21x, in Pasadena, California. We intentionally support regional Linux events like this, because local engagement is a big key to our success as an open-source community. | ||
|
|
||
|
|
||
| ## Social | ||
|
|
||
| Thursday we hosted a Birds of a Feather game night called “[Speed Migration with Rocky Linux](https://www.socallinuxexpo.org/scale/21x/presentations/rocky-linux-speed-migration-event)” in which players “migrated” games at random intervals, often in the middle of a hand. This worked decently well for Jenga and Uno, but proved more challenging with Yahtzee and Battleship. Either way, Rocky Linux is an excellent option when considering migrating to a new OS that is stable. | ||
|
|
||
|
|
||
| ## Sessions | ||
|
|
||
| Friday was a great day for sessions. At the end of the day Krista Burdine, one of our community leaders, spoke as part of the UpScale social hour, about [growing open source community](https://www.youtube.com/live/JJk_-pkrQBQ?feature=shared&t=2426) by making your project accessible to newcomers. If you missed it, make sure you tune into the first 30 minutes of the linked video for a clever and Linux-y musical performance by Forrest Brazeal, entitled, “Songs to Enjoy while your servers deploy.” You won’t regret it. | ||
|
|
||
|
|
||
| ## Working the Booth | ||
|
|
||
| Saturday we had the distinct pleasure of meeting a class of middle school students from Los Nietos STEAM Academy, who had just finished a Rocky Linux mini install day as part of their class on cybersecurity. They stopped by our booth for a photo opportunity, and warmed all our hearts with their enthusiasm. | ||
|
|
||
| Saturday we also awarded raffle prizes. The OpenSUSE Mascot won the Rocky Linux lunch cooler. We also chose two additional winners for a hoodie and a long sleeve tee. | ||
|
|
||
|
|
||
| ## Kids and a Really Cool Non-Profit | ||
|
|
||
| Sunday ended up being a lot about kids and kids-at-heart. This was the day for staff and other attendees to bring their families. We met lots of young kids, and figured out to plan our giveaways for that phenomenon next time. | ||
|
|
||
| And the kids-at-heart stole the show all weekend long. In one corner of the exhibit hall, the National Upcycled Computing Collective (NUCC Inc.) had a massive soda machine on display, appropriately named the Shell On Demand Appliance (SODA). For a donation, you could choose a “flavor” of Linux (we were partial to Rocky Brew) which yielded a ticket with a unique IP and password to allow you to ssh into the virtual machine and hack away. All proceeds supported [NUCC Inc](https://www.nuccinc.org/donate/)., a non-profit group facilitating computer education and research by upcycling computer parts in a meaningful way. After a good-natured rivalry all weekend between Rocky Brew and NixOS Pop, the real winner was NUCC, the nonprofit receiving donations. Follow the continuing adventures of the [SODA machine](https://twitter.com/ShellOnDemand) on X. | ||
|
|
||
| ## Summary | ||
|
|
||
| From celebrating some of our project partners, OpenLogic by Perforce and AWS, to celebrating upcoming events we support (hello, GNOME and the GUADEC committee!); from saying hello to our upstream neighbors from Fedora and CentOS to greeting so many new friends, it was a busy and full event. Can't wait to return next time. | ||
|
|