101010.pl

Christian PietschLately I've been doing more <a href="https://fedifreu.de/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#SelfHosting</a> again due to the current situation. Of course, I'm paying particular attention to power consumption and noise. After good experiences with the <a href="https://fedifreu.de/tags/ARM64" class="mention hashtag" rel="nofollow noopener" target="_blank">#ARM64</a> architecture, even with power-hungry applications such as [Mastodon](<a href="https://fedifreu.de/about" rel="nofollow noopener" translate="no" target="_blank">https://fedifreu.de/about</a>), I'm now using the smartphone technology for my homeservers, too.There are <a href="https://fedifreu.de/tags/SBCs" class="mention hashtag" rel="nofollow noopener" target="_blank">#SBCs</a> with more open hardware, but the <a href="https://fedifreu.de/tags/RaspberryPi" class="mention hashtag" rel="nofollow noopener" target="_blank">#RaspberryPi</a> is widely available, well documented, powerful and inexpensive. And it is available with up to 16 GB of RAM.Anyone operating a server on the Internet must install <a href="https://fedifreu.de/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> updates quickly. However, many people forget to restart running software so that the new version runs instead of the old one. The <a href="https://fedifreu.de/tags/needrestart" class="mention hashtag" rel="nofollow noopener" target="_blank">#needrestart</a> tool helps with this on Debian-based Linux systems, which unfortunately is usually not pre-installed.On my Raspberry Pi 4, `needrestart` always runs correctly (automatically after `apt upgrade`). On my Raspberry Pi 5, however, I first had to create a configuration file as described by the main developer here: <a href="https://github.com/liske/needrestart/blob/master/README.raspberry.md" rel="nofollow noopener" translate="no" target="_blank">https://github.com/liske/needrestart/blob/master/README.raspberry.md</a> Previously, the tool *always* claimed that a reboot was necessary because it thought an outdated Linux kernel was running.Next, I want to activate <a href="https://fedifreu.de/tags/LUKS" class="mention hashtag" rel="nofollow noopener" target="_blank">#LUKS</a> hard drive encryption on both raspis. Unfortunately, this is not as easy under <a href="https://fedifreu.de/tags/Raspbian" class="mention hashtag" rel="nofollow noopener" target="_blank">#Raspbian</a> or <a href="https://fedifreu.de/tags/RaspberryPiOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#RaspberryPiOS</a> as on other Debian systems. If you have managed this: Please let me know how you did it!<a href="https://fedifreu.de/tags/rpi" class="mention hashtag" rel="nofollow noopener" target="_blank">#rpi</a> <a href="https://fedifreu.de/tags/rpi5" class="mention hashtag" rel="nofollow noopener" target="_blank">#rpi5</a> <a href="https://fedifreu.de/tags/raspi" class="mention hashtag" rel="nofollow noopener" target="_blank">#raspi</a> <a href="https://fedifreu.de/tags/raspberrypi5" class="mention hashtag" rel="nofollow noopener" target="_blank">#raspberrypi5</a> <a href="https://fedifreu.de/tags/homeserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#homeserver</a> <a href="https://fedifreu.de/tags/encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#encryption</a>

Christian PietschIn letzter Zeit mache ich aus gegebenem Anlass wieder mehr <a href="https://fedifreu.de/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#SelfHosting</a>. Natürlich achte ich dabei besonders auf den Stromverbrauch. Nach guten Erfahrungen mit der <a href="https://fedifreu.de/tags/ARM64" class="mention hashtag" rel="nofollow noopener" target="_blank">#ARM64</a>-Architektur selbst bei leistungshungrigen Anwendungen wie <a href="https://fedifreu.de/about" rel="nofollow noopener" target="_blank">Mastodon</a> setze ich jetzt auch zuhause auf auf die aus Smartphones bekannte Technologie.Es gibt zwar <a href="https://fedifreu.de/tags/SBCs" class="mention hashtag" rel="nofollow noopener" target="_blank">#SBCs</a> mit offenerer Hardware, aber der <a href="https://fedifreu.de/tags/RaspberryPi" class="mention hashtag" rel="nofollow noopener" target="_blank">#RaspberryPi</a> ist überall erhältlich, gut dokumentiert, leistungsfähig und preiswert. Und es gibt ihn mit bis zu 16 GB RAM.Wer einen Server am Internet betreibt, muss zügig <a href="https://fedifreu.de/tags/Sicherheitsupdates" class="mention hashtag" rel="nofollow noopener" target="_blank">#Sicherheitsupdates</a> einspielen. Viele vergessen aber, laufende Software neuzustarten, damit die neue Version läuft statt der alten. Dabei hilft auf debianbasierten Linux-Systemen das Tool <a href="https://fedifreu.de/tags/needrestart" class="mention hashtag" rel="nofollow noopener" target="_blank">#needrestart</a>, das leider meist nicht vorinstalliert ist.Auf meinem Raspberry Pi 4 läuft <code>needrestart</code> schon immer korrekt (automatisch nach <code>apt upgrade</code>). Auf meinem Raspberry Pi 5 musste ich aber erst eine Konfigurationsdatei anlegen, wie es der Hauptentwickler hier beschreibt: <a href="https://github.com/liske/needrestart/blob/master/README.raspberry.md" rel="nofollow noopener" translate="no" target="_blank">https://github.com/liske/needrestart/blob/master/README.raspberry.md</a> Bis dahin behauptete das Tool immer, dass ein reboot nötig sei, weil ein veralteter Linux-Kernel laufe.Als nächstes will ich auf beiden Raspis die Festplattenverschlüsselung aktivieren. Das ist unter <a href="https://fedifreu.de/tags/Raspbian" class="mention hashtag" rel="nofollow noopener" target="_blank">#Raspbian</a> bzw. <a href="https://fedifreu.de/tags/RaspberryPiOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#RaspberryPiOS</a> leider nicht so einfach wie auf anderen Debian-Systemen. Wenn ihr das geschafft habt: Schreibt gern eure Tipps!<a href="https://fedifreu.de/tags/rpi" class="mention hashtag" rel="nofollow noopener" target="_blank">#rpi</a> <a href="https://fedifreu.de/tags/rpi5" class="mention hashtag" rel="nofollow noopener" target="_blank">#rpi5</a> <a href="https://fedifreu.de/tags/raspi" class="mention hashtag" rel="nofollow noopener" target="_blank">#raspi</a> <a href="https://fedifreu.de/tags/raspberrypi5" class="mention hashtag" rel="nofollow noopener" target="_blank">#raspberrypi5</a> <a href="https://fedifreu.de/tags/homeserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#homeserver</a> <a href="https://fedifreu.de/tags/howto" class="mention hashtag" rel="nofollow noopener" target="_blank">#howto</a> <a href="https://fedifreu.de/tags/til" class="mention hashtag" rel="nofollow noopener" target="_blank">#til</a>

Thomas LiskeThere is a regression that reports false positives for processes running in a chroot or some mountns (read: container). This only happens if the process binary does not exist in the root mountns.This is tracked upstream in issue #317 <a href="https://github.com/liske/needrestart/issues/317#issuecomment-2495949384" rel="nofollow noopener" translate="no" target="_blank">https://github.com/liske/needrestart/issues/317#issuecomment-2495949384</a>A patch proposal is already available and awaits feedback and (security) review. This should be finished in the next few days.Sorry any inconvenience caused by this regression 😟 <a href="https://ibh.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#linux</a> <a href="https://ibh.social/tags/needrestart" class="mention hashtag" rel="nofollow noopener" target="_blank">#needrestart</a>

Marcel SIneM(S)US<a href="https://social.tchncs.de/tags/UbuntuServer" class="mention hashtag" rel="nofollow noopener" target="_blank">#UbuntuServer</a>: Root-Lücke durch <a href="https://social.tchncs.de/tags/needrestart" class="mention hashtag" rel="nofollow noopener" target="_blank">#needrestart</a>-Komponente | Security <a href="https://www.heise.de/news/Ubuntu-Server-Root-Luecke-durch-needrestart-Komponente-10083933.html" rel="nofollow noopener" translate="no" target="_blank">https://www.heise.de/news/Ubuntu-Server-Root-Luecke-durch-needrestart-Komponente-10083933.html</a> <a href="https://social.tchncs.de/tags/Patchday" class="mention hashtag" rel="nofollow noopener" target="_blank">#Patchday</a> <a href="https://social.tchncs.de/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> :tux: <a href="https://social.tchncs.de/tags/Ubuntu" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ubuntu</a> :ubuntu:

Ricardo MartínUpgrade to version 3.8 or later of needrestart *now*"We discovered three fundamental vulnerabilities in needrestart (three LPEs, Local Privilege Escalations, from any unprivileged user to full root), which are exploitable without user interaction on Ubuntu Server"<a href="https://www.qualys.com/2024/11/19/needrestart/needrestart.txt" rel="nofollow noopener" translate="no" target="_blank">https://www.qualys.com/2024/11/19/needrestart/needrestart.txt</a><a href="https://mastodon.bsd.cafe/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#linux</a> <a href="https://mastodon.bsd.cafe/tags/ubuntu" class="mention hashtag" rel="nofollow noopener" target="_blank">#ubuntu</a> <a href="https://mastodon.bsd.cafe/tags/needrestart" class="mention hashtag" rel="nofollow noopener" target="_blank">#needrestart</a>

Thomas LiskeBesides the security fixes the <a href="https://ibh.social/tags/needrestart" class="mention hashtag" rel="nofollow noopener" target="_blank">#needrestart</a> 3.8 release contains a new feature and a bunch of bug fixes.@cjwatson@debian.org has contributed support for <a href="https://ibh.social/tags/Incus" class="mention hashtag" rel="nofollow noopener" target="_blank">#Incus</a> based containers.@lelutin contributed a fix to make the OpenMetrics output <a href="https://ibh.social/tags/prometheus" class="mention hashtag" rel="nofollow noopener" target="_blank">#prometheus</a> compatible.@onyxmaster has provided fixes for nasty bugs.<a href="https://ibh.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#linux</a>

Thomas Liske<a href="https://ibh.social/tags/needrestart" class="mention hashtag" rel="nofollow noopener" target="_blank">#needrestart</a> 3.8 was released: <a href="https://github.com/liske/needrestart/releases/tag/v3.8" rel="nofollow noopener" translate="no" target="_blank">https://github.com/liske/needrestart/releases/tag/v3.8</a>This coordinated release contains 4 security fixes for local privilege escalations found by the Qualys Security Advisory team: <a href="https://www.qualys.com/2024/11/19/needrestart/needrestart.txt" rel="nofollow noopener" translate="no" target="_blank">https://www.qualys.com/2024/11/19/needrestart/needrestart.txt</a>An local attacker can trick needrestart to execute arbitrary code as root. Debian and Ubuntu already shipping security updates.You should apply these updates in a timely manner. These issues can be mitigated by disabling the interpreter heuristic.<a href="https://ibh.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#linux</a> <a href="https://ibh.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://ibh.social/tags/qualys" class="mention hashtag" rel="nofollow noopener" target="_blank">#qualys</a> <a href="https://ibh.social/tags/debian" class="mention hashtag" rel="nofollow noopener" target="_blank">#debian</a> <a href="https://ibh.social/tags/ubuntu" class="mention hashtag" rel="nofollow noopener" target="_blank">#ubuntu</a>

Recent searches

Search options

Administered by:

Server stats:

#needrestart