The Windows Subsystem for Linux in the Microsoft Store is now generally available on Windows 10 and 11
🗣plawwell

Microsoft might just be the coolest Linux company in 2022.
👤plawwell

I’m staying on the LSL
👤oscarbeebs2010

So what have I been using for the past couple of years?!
👤Drate_Otin


🎖@malwr

Encase- Index search issue
Hello,

I have created a .L01 image of a .PST file and need to perform searches. I ran the processor option 'index text and metadata', the job completed successfully according to Processor Manager. However, when I attempt to search using the index, I get zero hits.

I know for a fact these words appear in the data since I also ran a keyword search through the processor which provided matches. Any ideas what the issue might be?

Thanks!
🗣forvestic

Check the cache folder with the corresponding GUID for your .L01 file and see if it contains a folder called LucenIndex; under that should be a folder called Standard with a bunch of files in it. Check to make sure the files have some kind of size; not all of them will. There are also some .csv files in the main cache folder for that GUID that should basically recreate the data in the the performance monitor tabs for the Evidence processor the you could go through to check if the Indexing actually completed. Lastly I would do several raw keyword searches on your data and see if you get hits that way. If you're still having issues, I'd create a tech support case.

I've had issues recently with Encase's evidence processor hanging with one or two items to complete. I would also suggest re-running the process and monitoring it off and on to see if this might be your issue. If it is, definitely create a support case.
👤mkel2010


🎖@malwr

[LIVE Nov 25, 2022 11AM PT Off By One Security : Introduction to Linux Heap Exploitation](https://www.youtube.com/watch?v=dMDoC9DlVzA)
🗣soupcreamychicken


🎖@malwr

Containers: Rootful, Rootless, Privileged and Super Privileged
🗣fcano1

First off: Who the hell makes text highlighting for copy/paste the same colors as the text itself? That's seriously user-hostile and qualifies the site designer for an Asshat Of The Year award. Also, fix your damn CSP configuration, you're shitting out a bunch of blocked requests.

Anyways -

> A rootless container is a container that could be run without root privileges in the host. Docker runs containers launching them with the Docker daemon, which is run as root. Podman does not use any daemon and it does not need root to run containers.

This is wrong. Going by the docker rootless documentation directly, the docker daemon being run as root must be stopped as part of the rootlesskit installation; a systemd user service is started in its stead which is run as a user. As such, the daemon is no longer running as root, it's by default a unix socket and ends up getting placed in the user's XDGRUNTIMEDIR (which often means /run/user/$UID/docker.sock, my memory is fuzzy here).

This leads to interesting adventures with loginctl trying to keep systemd user units running without an active pty/tty, but is still manageable.

Also of note, cgroups v1 is non-viable with rootless docker; you have to get cgroups v2 configured (which requires some grub-fu) in order to get resource limitations to be effective for rootless docker. Might not be the case for podman, but definitely the case for docker.

Having been down this path recently trying to automate the deployment of rootless docker with Ansible, it's certainly an annoying process to automate.
👤Katana__


🎖@malwr