Tuesday, October 8, 2019

VirtualBox 6 upgrade and issues for the latest version

Upgrade your VirtualBox to the latest release 6

Here  I am showing how i have upgraded/downgrade my VirtualBox on Ubuntu machine.
NB: You need to backup your virtual servers before you perform the steps.


Please find the below steps where i have followed for upgrading my virtualbox version 5.1.38 to latest stable version 6.0.12. I didn't take any backup :)



ajeesh@ajeesh-Aspire-A515-51G:~$ ps aux | grep virt
ajeesh   19129  0.1  0.1 167452 12920 ?        S    21:52   0:00 /usr/lib/virtualbox/VBoxXPCOMIPCD
ajeesh   19134  0.4  0.2 761312 23784 ?        Sl   21:52   0:01 /usr/lib/virtualbox/VBoxSVC --auto-shutdown

ajeesh@ajeesh-Aspire-A515-51G:~$ kill -9 19129 19134


root@ajeesh-Aspire-A515-51G:/etc/apt/sources.list.d# apt-get install virtualbox-6.0
Reading package lists... Done
Building dependency tree      
Reading state information... Done
The following additional packages will be installed:
  libsdl-ttf2.0-0
The following packages will be REMOVED:
  virtualbox virtualbox-ext-pack virtualbox-qt

The following NEW packages will be installed:
  libsdl-ttf2.0-0 virtualbox-6.0
0 upgraded, 2 newly installed, 3 to remove and 258 not upgraded.
Need to get 109 MB of archives.
After this operation, 147 MB of additional disk space will be used.
Do you want to continue? [Y/n] y



Setting up virtualbox-6.0 (6.0.12-133076~Ubuntu~xenial) ...
addgroup: The group `vboxusers' already exists as a system group. Exiting.
Processing triggers for libc-bin (2.23-0ubuntu10) ...
root@ajeesh-Aspire-A515-51G:





But this version 6.0.12 is causing some issue for my Vagrant containers.

vagrant-container$ vagrant up

The provider 'virtualbox' that was requested to back the machine
'kmaster' is reporting that it isn't usable on this system. The
reason is shown below:

Vagrant has detected that you have a version of VirtualBox installed
that is not supported by this version of Vagrant. Please install one of
the supported versions listed below to use Vagrant:

4.0, 4.1, 4.2, 4.3, 5.0, 5.1

A Vagrant update may also be available that adds support for the version
you specified. Please check www.vagrantup.com/downloads.html to download
the latest version.
ajeesh@ajeesh-Aspire-A515-51G:

So i have downgraded the VirtualBox version to 5.1.38

sources.list.d# apt-get install virtualbox-5.1
Reading package lists... Done
Building dependency tree      
Reading state information... Done
Do you want to continue? [Y/n] y
Get:1 http://download.virtualbox.org/virtualbox/debian xenial/contrib amd64 virtualbox-5.1 amd64 5.1.38-122592~Ubuntu~xenial [66.0 MB]
Fetched 66.0 MB in 57s (1,147 kB/s)                                                                                                  
Preconfiguring packages ...

Setting up virtualbox-5.1 (5.1.38-122592~Ubuntu~xenial) ...
addgroup: The group `vboxusers' already exists as a system group. Exiting.
root@ajeesh-Aspire-A515-51G:


vagrant-container$ kubectl get nodes
NAME                   STATUS    ROLES     AGE       VERSION
kmaster.example.com    Ready     master    2d21h     v1.16.1
kworker1.example.com   Ready         2d21h     v1.16.1
kworker2.example.com   Ready         2d21h     v1.16.1

Thursday, October 3, 2019

LND Lighning Network Vulnerability reported

LND Lighning Network Vulnerability reported

Recently lightning network developer Russel updated a serious vulnerability for the old versions. The versions which is less than v0.7.0

    CVE-2019-12998 c-lightning < 0.7.1
    CVE-2019-12999 lnd < 0.7
    CVE-2019-13000 eclair <= 0.3

The issue he described as below:


A lightning node accepting a channel must check that the funding transaction
output does indeed open the channel proposed.  Otherwise an attacker can claim
to open a channel but either not pay to the peer, or not pay the full amount.
Once that transaction reaches the minimum depth, it can spend funds from the
channel. The victim will only notice when it tries to close the channel and none
of the commitment or mutual close transactions it has are valid.


Solution
--------

Once the funding transaction is seen, peers MUST check that the outpoint as
described in `funding_created`[1] is a funding transaction output[2] with
the amount described in `open_channel`[3].


Fixed versions:
 c-lightning: v0.7.1 and above
lnd: v0.7.1 and above
eclair: v0.3.1 and above

So the best way to fix the issue is you need t upgrade to the latest release, While right this i can see the latest version for the lnd is v0.8.0-Beta. From this release onwards, lnd will only support database upgrades from the previous major release. So that means those who are running on v0.6.0 would be required to upgrade v0.7.0 first and then to v0.8.0.

VMWare Tools : Not Running

In VMWare vSphere Client you will see the following errors.

VMWare Tools : Not Running  ( Not Installed)


We can easily fix this issue by installing open-vm-tools package in linux machine.

root@testing:/home/ubuntu# apt-get install open-vm-tools

Reading package lists... Done
Building dependency tree      
Reading state information... Done
The following extra packages will be installed:
  libdumbnet1 libicu52 zerofree
Suggested packages:
  open-vm-tools-desktop
The following NEW packages will be installed:
  libdumbnet1 libicu52 open-vm-tools zerofree
0 upgraded, 4 newly installed, 0 to remove and 218 not upgraded.
Need to get 7,237 kB of archives.
After this operation, 30.8 MB of additional disk space will be used.
Do you want to continue? [Y/n] y

After installing this package you can see your IP address and MAC address using this vmware tool.