In order to be more flexible in sudoer rules, I added pcre support to sudo (sudo-pcre.patch).
A pcre enabled sudo can e.g. use the following rules:
# only allow restart and status parameters for some initscripts
%operating ALL = /sbin/service (clamd|postfix|dhcpd|amavisd|postgrey) (restart|status)
# only allow to change password for usernames starting with a two numbers
%operating ALL = /usr/sbin/chsmbpw.pl [0-9][0-9][a-z-]+
I created a patch for Apache httpd for ldap-authentication (reported upstream as bug #646646). In my scenario I used
AuthLDAPRemoteUserAttribute uid
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN Off
AuthBasicProvider ldap
require ldap-group cn=Domain Admins,ou=Group, dc=DOMAIN,dc=de
We always used lowercased usernames in memberUid. Some users tended to enter their usernames with a leading uppercase char. Password authentication worked, however, memberUid (from posixGroup, which is also used by samba domain groups) is case sensitive – so group authorization failed.
In order to fix this issue I created a patch for Apache httpd which allows to configure that the username Apache httpd uses is replaced by the “AuthLDAPRemoteUserAttribute”-field value of the ldap-result. This also helps to canonicalize usernames (in logs and REQUEST_USER environ variable) in the way that always the same casing and also for (ldap-)aliases the same username is used.
Based on my experience as the phishing expert in the ClamAV team I wrote a small article about phishing detection.
For my studies I had to give a seminar on a topic of my choice. So I chose to speak about malware (slides, in German).