As a fast workaround, a friend of mine made a modsecurity rule to filter CVE-2021-44228/LogJam/Log4Shell, which he allowed me to share with you. SecRule \   ARGS|REQUEST_HEADERS|REQUEST_URI|REQUEST_BODY|REQUEST_COOKIES|REQUEST_LINE|QUERY_STRING "jndi:ldap:" \   "phase:1, \   id:751001, \   t:none, \   deny, \   status:403, \   log, \   auditlog, \   msg:'Block: CVE-2021-44228 - deny pattern \"jndi:ldap:\"', \   severity:'5', \   rev:1, \   tag:'no_ar'" The post modsecurity r ..read more

You surely heard of the LogJam / Log4Shell / CVE-2021-44228 – if not, take a look at this blog post. If you’re running Jitsi is most likely vulnerable and as there is no fix currently, you need a workaround which I provide here for you. You need to add -Dlog4j2.formatMsgNoLookups=True at the correct places in the file – the position is important. /etc/jitsi/jicofo/config /etc/jitsi/videobridge/config And restart the processes or restart the server. The post Jitsi Workaround for CVE-2021-44228/LogJam/Log4Shell first appeared on Robert Penz Blog ..read more

Wireguard is the new star on the block concerning VPNs – and yes it has some benefits to the old VPN technologies but I won’t talk about them as there is much information about that on the Internet. This blog post just explains how to set it up in an unprivileged container. In my case everything is done on a Proxmox server. Let’s start: On the Proxmox host itself we need to get the kernel module running. As Proxmox is based on Debian we just pin the Wireguard package from unstable, which is the recommended way by the Debian project in this case. echo "deb http://deb.debian.org/debian/ unstable ..read more