Bsrgvty

Is there any problem with students seeing faculty naked in university gym?

Was there an autocomplete utility in MS-DOS?

What makes a character irredeemable?

Could the Queen overturn the UK Supreme Court ruling regarding prorogation of Parliament?

Was "чёрствый" ever a synonym for fresh in Russian?

Mac no longer boots

I've been fired, was allowed to announce it as if I quit and given extra notice, how to handle the questions?

Colleague's grant application resembles my PhD thesis

Are there any NP complete problems in SUB EXP TIME?

How to explain that the sums of numerators over sums of denominators isn't the same as the mean of ratios?

Did the Humans find out about Gaius Baltar's role in the sabotage of the fleet?

Manager told a colleague of mine I was getting fired soon

How dangerous are my worn rims?

What are some ways to season that don't rely on garlic and onions?

In search of a pedagogically simple example of asymmetric encryption routine?

From Art to Offices

Did Joe Biden "stop a prosecution" into his son in Ukraine? And did he brag about stopping the prosecution?

Could Boris Johnson face criminal charges for illegally proroguing Parliament?

Did S. Lang prove Kuratowski–Zorn lemma without Axiom of choice or Well-ordering theorem?

Airport Security - advanced check, 4th amendment breach

SHA3-255, one bit less

Has Boris Johnson ever referred to any of his opponents as "traitors"?

As an interviewer, how to conduct interviews with candidates you already know will be rejected?

Driving test in New Zealand?

How do I run an email alert when a specific piece of code is run?

SETUP for sending Mail via postfix to GMAILPreferred mailer in UbuntuUnable to get email cache on mail clients on raring ringtailD-Link DWA-130 rev E1 RTL8191SU hard time connectingHow to run an interactive script before xserver shutdown?I would like to be able to take a screen shot every 6 hours and email it

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty
margin-bottom:0;

0

I am looking to set up an email alert every time the dirty cow exploit is run as a type of alarm or trigger that is set off every time the code is run, but I have no idea how. I am running it on Ubuntu 14.04 as it is a vulnerable system to the attack.

Any help would be appreciated.

14.04 email

share|improve this question

edited Apr 16 at 15:17

Philippe Delteil

1,11411 gold badge1111 silver badges2323 bronze badges

asked Apr 16 at 13:47

u Ahsinu Ahsin

111 bronze badge

add a comment
 | 

0

I am looking to set up an email alert every time the dirty cow exploit is run as a type of alarm or trigger that is set off every time the code is run, but I have no idea how. I am running it on Ubuntu 14.04 as it is a vulnerable system to the attack.

Any help would be appreciated.

14.04 email

share|improve this question

edited Apr 16 at 15:17

Philippe Delteil

1,11411 gold badge1111 silver badges2323 bronze badges

asked Apr 16 at 13:47

u Ahsinu Ahsin

111 bronze badge

add a comment
 | 

I am looking to set up an email alert every time the dirty cow exploit is run as a type of alarm or trigger that is set off every time the code is run, but I have no idea how. I am running it on Ubuntu 14.04 as it is a vulnerable system to the attack.

Any help would be appreciated.

14.04 email

share|improve this question

edited Apr 16 at 15:17

Philippe Delteil

1,11411 gold badge1111 silver badges2323 bronze badges

asked Apr 16 at 13:47

u Ahsinu Ahsin

111 bronze badge

share|improve this question

edited Apr 16 at 15:17

Philippe Delteil

1,11411 gold badge1111 silver badges2323 bronze badges

asked Apr 16 at 13:47

u Ahsinu Ahsin

111 bronze badge

share|improve this question

edited Apr 16 at 15:17

Philippe Delteil

1,11411 gold badge1111 silver badges2323 bronze badges

asked Apr 16 at 13:47

u Ahsinu Ahsin

111 bronze badge

edited Apr 16 at 15:17

Philippe Delteil

1,11411 gold badge1111 silver badges2323 bronze badges

edited Apr 16 at 15:17

Philippe Delteil

1,11411 gold badge1111 silver badges2323 bronze badges

asked Apr 16 at 13:47

u Ahsinu Ahsin

111 bronze badge

asked Apr 16 at 13:47

u Ahsinu Ahsin

111 bronze badge

1 Answer
1

active

oldest

votes

0

Assuming that you are referring to the Dirty COW (CVE-2016-5195) privilege escalation vulnerability in the Linux Kernel, then per https://dirtycow.ninja/:

Can I detect if someone has exploited this against me?

Exploitation of this bug does not leave any trace of anything abnormal happening to the logs.

Therefore, there is no clear way to detect if the code has been executed on your system.

---

However, if you're really that concerned, you should be aware that the Ubuntu Security Team has already provided a patch for DirtyCOW in the standard linux kernels in Trusty, so if you simply do a standard apt-get update && apt-get dist-upgrade and upgrade the Linux packages on your system, you'll be patched against this vulnerability.

share|improve this answer

edited Apr 16 at 16:29

answered Apr 16 at 14:01

Thomas Ward♦Thomas Ward

48.1k2323 gold badges129129 silver badges186186 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  If im not mistaken remote exploit goes via httpd or apache, so cant we log attempts like that ?
  
  – Sergiy Kolodyazhnyy
  Apr 16 at 15:36
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @SergiyKolodyazhnyy You'd need a customized plugin in Apache that would be able to pick up specific remote exploit code. That said, it'd be better to just run an IDS/IPS like Snort with the rulesets for that loaded into it to deny access and protect, AND issue the alerts, than try and set it up themselves. However, OP doesn't indicate how they would be vulnerable to the attack. Also, if they simply update their server with the repos to the latest kernel in the repos, they get patched for Dirty COW quickly (people.canonical.com/~ubuntu-security/cve/2016/…).
  
  – Thomas Ward♦
  Apr 16 at 16:28
  

  
  
  
  

add a comment
 | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "89"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1134378%2fhow-do-i-run-an-email-alert-when-a-specific-piece-of-code-is-run%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

0

Assuming that you are referring to the Dirty COW (CVE-2016-5195) privilege escalation vulnerability in the Linux Kernel, then per https://dirtycow.ninja/:

Can I detect if someone has exploited this against me?

Exploitation of this bug does not leave any trace of anything abnormal happening to the logs.

Therefore, there is no clear way to detect if the code has been executed on your system.

---

However, if you're really that concerned, you should be aware that the Ubuntu Security Team has already provided a patch for DirtyCOW in the standard linux kernels in Trusty, so if you simply do a standard apt-get update && apt-get dist-upgrade and upgrade the Linux packages on your system, you'll be patched against this vulnerability.

share|improve this answer

edited Apr 16 at 16:29

answered Apr 16 at 14:01

Thomas Ward♦Thomas Ward

48.1k2323 gold badges129129 silver badges186186 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  If im not mistaken remote exploit goes via httpd or apache, so cant we log attempts like that ?
  
  – Sergiy Kolodyazhnyy
  Apr 16 at 15:36
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @SergiyKolodyazhnyy You'd need a customized plugin in Apache that would be able to pick up specific remote exploit code. That said, it'd be better to just run an IDS/IPS like Snort with the rulesets for that loaded into it to deny access and protect, AND issue the alerts, than try and set it up themselves. However, OP doesn't indicate how they would be vulnerable to the attack. Also, if they simply update their server with the repos to the latest kernel in the repos, they get patched for Dirty COW quickly (people.canonical.com/~ubuntu-security/cve/2016/…).
  
  – Thomas Ward♦
  Apr 16 at 16:28
  

  
  
  
  

add a comment
 | 

0

Assuming that you are referring to the Dirty COW (CVE-2016-5195) privilege escalation vulnerability in the Linux Kernel, then per https://dirtycow.ninja/:

Can I detect if someone has exploited this against me?

Exploitation of this bug does not leave any trace of anything abnormal happening to the logs.

Therefore, there is no clear way to detect if the code has been executed on your system.

---

However, if you're really that concerned, you should be aware that the Ubuntu Security Team has already provided a patch for DirtyCOW in the standard linux kernels in Trusty, so if you simply do a standard apt-get update && apt-get dist-upgrade and upgrade the Linux packages on your system, you'll be patched against this vulnerability.

share|improve this answer

edited Apr 16 at 16:29

answered Apr 16 at 14:01

Thomas Ward♦Thomas Ward

48.1k2323 gold badges129129 silver badges186186 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  If im not mistaken remote exploit goes via httpd or apache, so cant we log attempts like that ?
  
  – Sergiy Kolodyazhnyy
  Apr 16 at 15:36
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @SergiyKolodyazhnyy You'd need a customized plugin in Apache that would be able to pick up specific remote exploit code. That said, it'd be better to just run an IDS/IPS like Snort with the rulesets for that loaded into it to deny access and protect, AND issue the alerts, than try and set it up themselves. However, OP doesn't indicate how they would be vulnerable to the attack. Also, if they simply update their server with the repos to the latest kernel in the repos, they get patched for Dirty COW quickly (people.canonical.com/~ubuntu-security/cve/2016/…).
  
  – Thomas Ward♦
  Apr 16 at 16:28
  

  
  
  
  

add a comment
 | 

Assuming that you are referring to the Dirty COW (CVE-2016-5195) privilege escalation vulnerability in the Linux Kernel, then per https://dirtycow.ninja/:

Can I detect if someone has exploited this against me?

Exploitation of this bug does not leave any trace of anything abnormal happening to the logs.

Therefore, there is no clear way to detect if the code has been executed on your system.

---

However, if you're really that concerned, you should be aware that the Ubuntu Security Team has already provided a patch for DirtyCOW in the standard linux kernels in Trusty, so if you simply do a standard apt-get update && apt-get dist-upgrade and upgrade the Linux packages on your system, you'll be patched against this vulnerability.

share|improve this answer

edited Apr 16 at 16:29

answered Apr 16 at 14:01

Thomas Ward♦Thomas Ward

48.1k2323 gold badges129129 silver badges186186 bronze badges

share|improve this answer

edited Apr 16 at 16:29

answered Apr 16 at 14:01

Thomas Ward♦Thomas Ward

48.1k2323 gold badges129129 silver badges186186 bronze badges

answered Apr 16 at 14:01

Thomas Ward♦Thomas Ward

48.1k2323 gold badges129129 silver badges186186 bronze badges

answered Apr 16 at 14:01

Thomas Ward♦Thomas Ward

48.1k2323 gold badges129129 silver badges186186 bronze badges