Tag: Linux

Adding HTTP/HTTPS proxy for docker image downloads

As part of development your lab network or corporate network might be under a proxy network to download docker images.
This article explains on how to add HTTP/HTTPS proxy to download the docker images in a corporate environment.

Add the below lines

[Service]
Environment=”HTTP_PROXY=http://proxy.mycompany.com:80/”

in /etc/systemd/system/docker.service.d/http-proxy.conf

and

[Service]
Environment=”HTTPS_PROXY=https://proxy.mycompany.com:443/”

in /etc/systemd/system/docker.service.d/https-proxy.conf

Replace proxy.mycompany.com with your companies proxy server details.

Additionally add nameserver entry also to resolve hostnames.

#Use your DNS server details.
nameserver 172.10.22.1

in /etc/resolv.conf

Once added restart docker daemon and reload. Commands below.

$ sudo systemctl daemon-reload
$ sudo systemctl restart docker

How to solve this Dependencies apt –fix-broken install with raspberry pi OS.

Raspberry pi is based on Debian distribution. This article may assist apt repository upgrade failures. When ever there is a broken install, you can use the below command.

apt –fix-broken install
Whatever library it depends on use the below command to resolve it.

dpkg –force-all –configure -a
dpkg –purge –force-depends <library package name>
apt –fix-broken install
apt-get -f install

 

Source: debian – How to solve this Dependencies apt –fix-broken install – Super User

Raspberry Pi Connection closed while doing remote SSH

Faced an issue of unable to connect remotely to my raspberry pi remotely over ssh. Enabled password based authentication etc in sshd_config file. Still the issue not resolved. Below commands assisted in the resolution of the problem.

sudo rm /etc/ssh/ssh_host_*
sudo dpkg-reconfigure openssh-server
sudo systemctl stop ssh
sudo systemctl start ssh

Source: Raspberry Pi Connection closed SSH – Stack Overflow

Preboot DMA vulnerability – CVE-2023-5410

DMA is direct memory access, used by lot of peripherals to transfer to and fro data without CPU involvement. Recent servers and consumer products increased the security of DMA. Recent OS enables secure DMA transfer. A potential security vulnerability has been reported in the system BIOS , which might allow memory tampering when the BIOS is in POST. Recent BIOS provide an option to disable Preboot DMA in their setup to allow older peripherals which has older firmware to service and not secure DMA capable. CVE ID is CVE-2023-5410.

Applying the firmware patches and enabling the preboot DMA security is much relevant in server and consumer products for the below reasons.

  1. This can be part of a NIST compliance in future products. Certain customer segments may not buy a product if it is not NIST compliant to the latest NIST version. e.g:- Government and finance organizations.
  2. Operating systems like Windows and Linux may add dependency on preboot DMA security as a prerequisite for enabling DMA security. Right now no valid way to relate between the Preboot and OS DMA security. Future it can be a requirement in operating systems installation and use.

Source: NVD – CVE-2023-5410

Source: HP PC BIOS Pre-boot DMA Protection Security Update