Rocky Linux 8.5 Now Available with Secure Boot Support

Soon after Red Hat Enterprise Linux 8.5 was released, AlmaLinux 8.5 Stable was made available. Not to be outshined, the original developer of CentOS has unleashed the 8.5 version of Rocky Linux, which introduces a crucial feature for mass adoptions, Secure Boot support.

Main developer (and original creator of CentOS), Gregory Kurtzer, says of this release, "There was an amazing amount of work and collaboration that went into this release. The Rocky Release Engineering team went far and above the call of duty to make 8.5 a reality so quickly."

The one caveat to the Secure Boot option is that it must be activated after installation. For this, admins will need to run the commands:

sudo dnf install -y keyutils

sudo keyctl show %:.platform

sudo mokutil --sb

Other additions to Rocky Linux 8.5 include the FastestMirror DNF plugin (for faster network installations), Thunderbird with PGP support, Raspberry Pi aarch64 support, an enhanced Cockpit web console, better container support, new system roles, OpenJDK 17 support, and the newly-added Network Time Security protocol for use with NTP.

Download a copy of Rocky Linux 8.5 from the official website and read through the entire release notes for more information.

CronRAT Malware Targets Linux Servers

Security researchers at Sansec (https://sansec.io/research/cronrat) have found a new stealth attack that targets Linux servers and uses a non-existent calendar day to stay off the radar. This remote access Trojan (RAT) masks the actions of the attack by using the date February 31 and targets Linux-based web stores to trigger online payment skimmer threats.

The new CronRAT attack can execute fileless malware, launch malware in separate subsystems, control servers disguised as Dropbear SSH services, hide payloads in legitimate cron tasks, and run anti-tampering commands. CronRAT bypasses browser-based security scans and has already been discovered in live online stores. The threat was injected into servers via a Magecart (payment skimming) attack.

This attack is made possible because cron only checks for a date format and not that the date of the task is legitimate. The crontab date specification for CronRAT is 52 23 31 2 3, which would generate a runtime error upon execution. However, that runtime will never happen, because the date doesn't exist.

Once CronRAT is executed, it contacts a Command and Control (C2) server at IP address 47.115.46.167:443 using a fake banner for the Dropbear SSH service. The payloads of the commands are obfuscated with multiple layers of compression and Base64 encoding.

CronRAT is considered a serious threat to Linux e-commerce servers and has managed to bypass most detection algorithms. Sansec had to rewrite its algorithm to catch this dangerous threat.

AlmaLinux OS 8.5 Now Available

After CentOS dove into the "stream," AlmaLinux (https://almalinux.org/) has become one of the favorite replacements for the free take on Red Hat Enterprise Linux (RHEL). If users and businesses ever had any doubts about how well AlmaLinux would be able to keep up with RHEL, look no further than the release of 8.5 Stable as a bellwether on how well the fledgling platform will be able to keep up with the stalwart champ of enterprise Linux.

Within 48 hours of the RHEL 8.5 release, AlmaLinux 8.5 Stable was made available. This is the third stable release of the OS, which speaks to the commitment the AlmaLinux Foundation has made to deliver on its promises.

The latest release of AlmaLinux includes improvements to container management tools, module streams, as well as enhancements and additions to System Roles. Other additions/improvements have been applied to the web-based GUI, Cockpit, OpenJDK (version 17 now available), personal access tokens, Network Time Security (NTS) for Network Time Protocol (NTP), SCAP Security Guide, Ruby (3.0), PHP (7.4.19), Node.js (16), NGINX (1.20), Squid (4.15), Mutt (2.0.7), GCC (11), LLVM (12.0.1), Rust (1.54.0), and new repositories for Resilient Storage and Plus.

Find out more by reading the full release notes (https://wiki.almalinux.org/release-notes/8.5.html) and downloading AlmaLinux 8.5 (https://repo.almalinux.org/almalinux/8/isos/x86_64/).