ConfigServer’s Login Failure Daemon is Vulnerable to Denial of Service Attacks

ConfigServer Firewall

Login Failure Daemon (lfd) is a process that monitors the authentication log and matches all its lines against the set of regular expressions to detect login attempts that continually fail within a short period of time. It is often used to detect login failures of SSH connections. However, the regular expressions lfd uses to detect brute force attacks contain severe errors, and an attacker can exploit those bugs to cause a denial of service attack.

How to Run Docker in Alpine Container in LXC/LXD

How to Run Docker in Alpine Container in LXC/LXD

When experimenting with Docker Swarm, I decided to set up five more nodes on my local computer. I used Alpine images in the LXC, and tried to use Docker in them. Although docker stared successfully, it was impossible to deploy any services to Alpine nodes, deployment failed with “cgroups: cannot find cgroup mount destination: unknown” error message.

Because I dislike when something that should work, does not work the way I expect it to work, I decided to dig deeper and try to fix the problem.

How to Make System Logs Append-Only

During an intrusion, an intruder leaves signs of his actions in various system logs. Without reliable logs, it could be very difficult to figure out how the attacker got in, or where the attack came from. This information is crucial in analyzing the incident. It is evident that the logs are a valuable audit trail that should be well protected.

Of course, when an intruder gets in to the system, they will try to remove all traces. So, how can we stop an intruder from removing evidence?