Articles: security - Shaun's Blog

Me, elsewhere

GitHub: parseword
Miscellaneous public code
Twitter: @parseword
I don't tweet much
XMPP chat: xmpp@shaunc.com
(Pidgin, Miranda, Swift, etc.)

Welcome to my personal blog. The thoughts expressed here don't represent the opinions or endorsement of anyone but me.

Viewing articles in category security

Verifying a BIND source tarball using cryptographic signatures

Posted April 12, 2017 by shaun

When downloading and compiling software, it's always a good idea to verify the integrity of the source files you obtain. Package handlers like yum and apt handle this automatically, but it must be done manually when you download software yourself.

ISC, the publisher of the BIND DNS server, provides cryptographic signatures with each release. If you have gpg installed, you can use the signature to validate your downloaded BIND tarball. ISC's download URLs follow a consistent naming pattern; simply change the version number in the URLs below to match the version you need.

Download the BIND source

[root@host /home/files]# wget https://ftp.isc.org/isc/bind9/9.11.4-P2/bind-9.11.4-P2.tar.gz
  `bind-9.11.4-P2.tar.gz' saved [9617963/9617963]

Download the associated signature file


[root@host /home/files]# wget https://ftp.isc.org/isc/bind9/9.11.4-P2/bind-9.11.4-P2.tar.gz.sha256.asc
  `bind-9.11.4-P2.tar.gz.sha256.asc' saved ...

▶ Click to continue reading "Verifying a BIND source tarball using cryptographic signatures"

Recent articles in category security

📰 Generating vanity DNSSEC key tags

📰 DDoS involving forged packets from 23.225.141.70

📰 Website integrity monitoring through version control

📰 SpamAssassin 3.4.2 fixes security problems, adds HashBL and phishing plugins

📰 Resolving LibreNMS error "RuntimeException: The only supported ciphers are AES-128-CBC and AES-256-CBC with the correct key lengths"

📰 Unusual HTTP POST traffic from 75.108.75.42

📰 autodiscover.xml as an Indicator of Attack

📰 Blocking Facebook's Tracking and Surveillance: A Comprehensive Approach

📰 Let's Encrypt Readies for Certificate Transparency with Embedded SCTs

📰 Implementing a report-uri endpoint for Expect-CT (and other headers)

📰 Verifying a BIND source tarball using cryptographic signatures

Recent articles

📰 Generating vanity DNSSEC key tags

📰 DDoS involving forged packets from 23.225.141.70

📰 Website integrity monitoring through version control

📰 SpamAssassin 3.4.2 fixes security problems, adds HashBL and phishing plugins

📰 Bug or turf war? ICQ via Pidgin now fails with "startOSCARSession: Request Timeout"

📰 🎂

📰 SFSQuery, a PHP class to query the StopForumSpam API and DNSBL

📰 Resolving portmaster error "pkg-static: automake-1.16.1 conflicts with automake-wrapper-20131203"

📰 Resolving LibreNMS error "RuntimeException: The only supported ciphers are AES-128-CBC and AES-256-CBC with the correct key lengths"

📰 1.1.1.1: Fast, but not so accurate (yet)

📰 autodiscover.xml as an Indicator of Attack

📰 Blocking Facebook's Tracking and Surveillance: A Comprehensive Approach

📰 Let's Encrypt Readies for Certificate Transparency with Embedded SCTs

📰 Evaluating DNSBL Effectiveness with Postfix Logs

📰 Resolving subversion error E145001: Node has unexpectedly changed kind