thesamesam

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Update: I've disabled comments as of 2025-01-26 to avoid everyone having notifications for something a year on if someone wants to suggest a correction. Folks are free to email to suggest corrections still, of course.

Background

brasey

Configure systemd-resolved to use a specific DNS nameserver for a given domain

Use case

Given

• I use a VPN to connect to my work network
• I'm on a Linux computer that uses systemd-resolved
• I have a work domain called example.com
• example.com is hosted by both public and private DNS nameservers

jnovack

Mosh (mobile shell) is a gift from the Gods(tm). Anyone with spotty internet or wireless connection has suffered the pain of a lost SSH session. Sure, one can fire up screen (or tmux as the kids are using these days), but that's an extra step and you are still using the SSH protocol.

I'm not here to tout the benefits of Mosh, you came here to open it up in your firewall.

1. Create the following file as /etc/firewalld/services/mosh.xml
2. firewall-cmd --add-service=mosh --permanent
3. firewall-cmd --reload

If you tend to have a lot of sessions (not recommended), you can increase the ports, but the default should be fine for most applications.