Posts Tagged ‘anti’

Fix “init: Id “ad” respawning too fast: disabled for 5 minutes” – Reload /etc/inittab changes in memory apply without rebooting Linux server

Thursday, April 15th, 2021

inittab-logo-reload-inittab-without-reboot

During my daily sysadmin tasks I've been contacted by a colleague, reporting issues with missing logs in rsyslog on a very old Redhat Server release 5.11.
Exact version is:

root@linux-server:~# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.11 (Tikanga)

After checking the logs, I have confirmed his finding that in reality since about more than a year logs were not produced and al I could find multiple messages in /var/log/messages reading like:

init: Id "ad" respawning too fast: disabled for 5 minutes
init: Id "ad" respawning too fast: disabled for 5 minutes
init: Id "ad" respawning too fast: disabled for 5 minutes
init: Id "ad" respawning too fast: disabled for 5 minutes
init: Id "ad" respawning too fast: disabled for 5 minutes
init: Id "ad" respawning too fast: disabled for 5 minutes

I've checked the status of rsyslog which seemed to be fine

root@linux-server:~# /etc/init.d/rsyslog status
rsyslogd (pid  13709) is running…

The redhat version on the system was

root@linux-server:~# rpm -qa |grep -i rsyslog
rsyslog-3.22.1-7.el5

 

root@linux-server:~# tail -n 16 /var/log/messages
Apr 15 17:21:25 linux-server init: Id "ad" respawning too fast: disabled for 5 minutes
Apr 15 17:26:26 linux-server init: Id "ad" respawning too fast: disabled for 5 minutes
Apr 15 17:31:27 linux-server init: Id "ad" respawning too fast: disabled for 5 minutes
Apr 15 17:36:28 linux-server init: Id "ad" respawning too fast: disabled for 5 minutes
Apr 15 17:41:29 linux-server init: Id "ad" respawning too fast: disabled for 5 minutes
Apr 15 17:46:30 linux-server init: Id "ad" respawning too fast: disabled for 5 minutes
Apr 15 17:51:31 linux-server init: Id "ad" respawning too fast: disabled for 5 minutes
Apr 15 17:56:32 linux-server init: Id "ad" respawning too fast: disabled for 5 minutes
Apr 15 18:01:33 linux-server init: Id "ad" respawning too fast: disabled for 5 minutes
Apr 15 18:06:34 linux-server init: Id "ad" respawning too fast: disabled for 5 minutes
Apr 15 18:11:35 linux-server init: Id "ad" respawning too fast: disabled for 5 minutes
Apr 15 18:16:38 linux-server init: Id "ad" respawning too fast: disabled for 5 minutes
Apr 15 18:21:39 linux-server init: Id "ad" respawning too fast: disabled for 5 minutes

 

root@linux-server:~# /etc/init.d/rsyslog status
rsyslogd (pid  13709) is running…

Since the system is so old and I've seen this message and experienced this "respawning too fast: disabled for 5 minutes" myself in the past on some old Redhat 6.0 before RHEL was born as well as on Slackware Linux. The /etc/inittab which is nowadays obsoleted in newer Linux distributions was used to keep respawing a processes which have the chance to die out for some reason. 

For those unfamiliar with inittab there is a short extract from man inittab to get idea what it is.

 

NAME
       inittab  –  format of the inittab file used by the sysv-compatible init
       process

DESCRIPTION
       The inittab file describes which processes are started  at  bootup  and
       during  normal  operation  (e.g. /etc/init.d/boot, /etc/init.d/rc, get-
       tys…).  Init(8) distinguishes multiple runlevels, each of  which  can
       have  its  own  set of processes that are started.  Valid runlevels are
       0-6 plus A, B, and C for ondemand entries.  An  entry  in  the  inittab
       file has the following format:

              id:runlevels:action:process
 

So for example the use of /etc/inittab was very handy to configure a separate TTY12 (physical console) in the text environment of Linux to log all your messages. Another good use if you had a bash / perl / python script that you wanted to respawn (resurrect itself if it does out) on OS level without adding additional software like Dan Bernstein's all famous daemontools inittab was the right thing to use. It is a pity nowadays inittab is obsoleted in modern Linux OSes but the most likely reason to remove it is if you put some broken script that overeats CPU or memory if it runs multiple times you can easily get into a hung system.

Thus the logical thing to do is to check /etc/inittab content for any strange issues with less /etc/inittab and near the end of file found the problematic process which was triggering a never ending error messages to rsyslog and the module to protect from such messages in rsyslog by values $SystemLogRateLimitInterval and $SystemLogRateLimitBurst

# configure rsyslog rate limiting
# Rate-limiting
$SystemLogRateLimitInterval 5
$SystemLogRateLimitBurst 50000

The problem causing respawning too fast: disabled for 5 minutes

Was an old version of TivSM IBM Tivoli Service Manager /opt/tivoli/tsm/client/ba/bin/dsmc, set in the past in /etc/inittab it seems some colleague after updating to a more recent version has either changed the location of dsmc binary either the architecture of old tsm itself required a record in /etc/inittab in case if for some reasons or bugs the dsmc during backup creation was dying.

root@linux-server:~# tail -8 /etc/inittab
6:2345:respawn:/sbin/mingetty tty6

# Run xdm in runlevel 5
x:5:respawn:/etc/X11/prefdm -nodaemon

#ad:2345:respawn:/opt/tivoli/tsm/client/ba/bin/dsmc sched >/dev/null 2>&1

root@linux-server:~# rpm -qa |grep -i tivsm
TIVsm-API-5.3.4-0
TIVsm-stagent-5.3.4-0
TIVsm-BA-5.3.4-0
TIVsm-API64-5.3.4-0


The logical thing to do was to check whether this binary exist at all here is the result:

root@linux-server:~$ ls -al /opt/tivoli/tsm/client/ba/bin/dsmc
ls: /opt/tivoli/tsm/client/ba/bin/dsmc: No such file or directory

Obviously someone decided to comment out the inittab support for /opt/tivoli/tsm/client/ba/bin/dsmc as the binary was not present and the dsmc backup was executed via a separate one time cron job or the service itself was configured to run continue, but forgot to reread its configuration so in the kernel memory inittab was still having the instruction to loop over the dsmc binary, since the Linux machine was not rebooted ages (1472 days) or 4.8 years time.

root@linux-server:~#  uname -a; echo; uptime
Linux linux-server2.6.18-419.el5 #1 SMP Wed Feb 22 22:40:57 EST 2017 x86_64 x86_64 x86_64 GNU/Linux

 19:04:34 up 1472 days,  5:20,  1 user,  load average: 0.12, 0.07, 0.06


So what really happens is <b>inittab</b> is trying to kind of re-run all the time dsmc process in a similar way like it would in a bash never ending loop;


while [ 1 ]; do 
/opt/tivoli/tsm/client/ba/bin/dsmc sched
done

Since the $PATH location to the binary returns 'No such file or directory' message this message floods up the rsyslog every second which triggers the LimitBurst protection of rsyslog causing rsyslog to disable completely logging for 5 minutes. The next 5 minutes when the time expires for blocking out logging due to reached limit burst.
dsmc binary sends again few ten thousand of messages for few seconds which are already waiting in a queue of rsyslog and the LimitBurst anti DDoS protection activates again. The reason for the LimitBurst is simply because if it logging is not disabled quickly the repeating message is going to fill the hard drive of the system and noone will be able to login. So rsyslog activated the good protection.

It seems noone from support colleagues, never ever noticed this init: Id "ad" respawning too fast: disabled for 5 minutes in /var/log/messages. So since the syslog was continuesly blocked by overflow of non-sense messages, systems  normal logging was interruped and respectively prevented any other meaningful error messages and warnings from the system to get properly logged  and perhaps flooed the remote rsyslog logging servers @logging-servers:514 in /etc/rsyslog.conf


Fix to respawning too fast: disabled for 5 minutes

Very simply make /etc/inittab get reloaded in memory with:

root@linux-server:~# /sbin/init q

or with the linked telnet, which was so much used by us sys admins in the past

root@linux-server:~# /sbin/telinit q

To make the rsyslog suspension disabled of course we need to restart it again.

root@linux-server:~# /etc/init.d/rsyslog restart

root@linux-server:~# /etc/init.d/rsyslog status
rsyslogd (pid  13710) is running…

And Voila logs from services are being delivered normally via configured stuff in /etc/rsyslog.conf, to make sure this is so:

root@linux-server:~# tail -8 /var/log/messages
Apr 15 14:36:29 linux-serverinit: Id "ad" respawning too fast: disabled for 5 minutes
Apr 15 14:41:37 linux-serverinit: Id "ad" respawning too fast: disabled for 5 minutes
Apr 15 14:51:22 linux-serverinit: Id "ad" respawning too fast: disabled for 5 minutes
Apr 15 14:56:30 linux-serverinit: Id "ad" respawning too fast: disabled for 5 minutes
Apr 15 15:01:38 linux-serverinit: Id "ad" respawning too fast: disabled for 5 minutes
Apr 15 15:06:45 linux-serverinit: Id "ad" respawning too fast: disabled for 5 minutes
Apr 15 18:21:49 linux-server init: Re-reading inittab
Apr 15 18:21:54 linux-server kernel: imklog 3.22.1, log source = /proc/kmsg started.
Apr 15 18:21:54 linux-server rsyslogd: [origin software=”rsyslogd” swVersion=”3.22.1″ x-pid=”13709″ x-info=”http://www.rsyslog.com”] (re)start
Apr 15 18:41:54 linux-server rsyslogd: — MARK —
Apr 15 19:01:54 linux-server rsyslogd: — MARK —
Apr 15 19:21:54 linux-server rsyslogd: — MARK —
Apr 15 19:41:54 linux-server rsyslogd: — MARK —
Apr 15 20:01:54 linux-server rsyslogd: — MARK —

Improve wordpress admin password encryption authentication keys security with WordPress Unique Authentication Keys and Salts

Friday, October 9th, 2020

wordpress-improve-security-logo-linux

Having a wordpress blog or website with an admistrator and access via a Secured SSL channel is common nowadays. However there are plenty of SSL encryption leaks already out there and many of which are either slow to be patched or the hosting companies does not care enough to patch on time the libssl Linux libraries / webserver level. Taking that in consideration many websites hosted on some unmaintained one-time run not-frequently updated Linux servers are still vulneable and it might happen that, if you paid for some shared hosting in the past and someone else besides you hosted the website and forget you even your wordpress installation is still living on one of this SSL vulnerable hosts. In situations like that malicious hackers could break up the SSL security up to some level or even if the SSL is secured use MITM (MAN IN THE MIDDLE) attack to simulate your well secured and trusted SSID Name WIFi network to  redirects the network traffic you use (via an SSL transparent Proxy) to connect to WordPress Administrator Dashbiard via https://your-domain.com/wp-admin. Once your traffic is going through the malicious hax0r even if you haven't used the password to authenticate every time, e.g. you have saved the password in browser and WordPress Admin Panel authentication is achieved via a Cookie the cookies generated and used one time by Woddpress site could be easily stealed one time and later from the vicious 1337 h4x0r and reverse the hash with an interceptor Tool and login to your wordpress …

Therefore to improve the wordpress site security it very important to have configured WordPress Unique Authentication Keys and Salts (known also as the WordPress security keys).

They're used by WordPress installation to have a uniquely generated different key and Salt from the default one to the opened WordPress Blog / Site Admin session every time.

So what are the Authentication Unique Keys and Salts and why they are Used?

Like with almost any other web application, when PHP session is opened to WordPress, the code creates a number of Cookies stored locally on your computer.

Two of the cookies created are called:

 wordpress_[hash]
wordpress_logged_in_[hash]

First  cookie is used only in the admin pages (WordPress dashboard), while the second cookie is used throughout WordPress to determine if you are logged in to WordPress or not. Note: [hash] is a random hashed value typically assigned to your session, therefore in reality the cookies name would be named something like wordpress_ffc02f68bc9926448e9222893b6c29a9.

WordPress session stores your authentication details (i.e. WordPress username and password) in both of the above mentioned cookies.

The authentication details are hashed, hence it is almost impossible for anyone to reverse the hash and guess your password through a cookie should it be stolen. By almost impossible it also means that with today’s computers it is practically unfeasible to do so.

WordPress security keys are made up of four authentication keys and four hashing salts (random generated data) that when used together they add an extra layer to your cookies and passwords. 

The authentication details in these cookies are hashed using the random pattern specified in the WordPress security keys. I will not get into too much details but as you might have heard in Cryptography Salts and Keys are important – an indepth explanation on Salts Cryptography (here). A good reading for those who want to know more on how does the authentication based and salts work is on stackexchange.

How to Set up Salt and Key Authentication on WordPress
 

To be used by WP Salts and Key should be configured under wp-config.php usually they look like so:

wordpress-website-blog-salts-keys-wp-config-screenshot-linux

!!! Note !!!  that generating (manually or generated via a random generator program), the definition strings you have to use a random string value of more than 60 characters to prevent predictability 

The default on any newly installed WordPress Website is to have the 4 definitions with _KEY and the four _SALTs to be unconfigured strings looks something like:

default-WordPress-security-keys-and-salts-entries-in-wordPress-wp-config-php-file

Most people never ever take a look at wp-config.php as only the Web GUI Is used for any maintainance, tasks so there is a great chance that if you never heard specifically by some WordPress Security Expert forum or some Security plugin (such as WP Titan Anti Spam & Security) installed to report the WP KEY / SALT you might have never noticed it in the config.

There are 8 WordPress security keys in current WP Installs, but not all of them have been introduced at the same time.
Historically they were introduced in WP versions in below order:

WordPress 2.6: AUTH_KEY, SECURE_AUTH_KEY, LOGGED_IN_KEY
WordPress 2.7: NONCE_KEY
WordPress 3.0: AUTH_SALT, SECURE_AUTH_SALT, LOGGED_IN_SALT, NONCE_SALT

Setting a custom random generated values is an easy task as there is already online Wordpress Security key Random generator.
You can visit above address and you will get an automatic randomly generated values which could be straight copy / pasted to your wp-config.php.

Howeever if you're a paranoic on the guessability of the random generator algorithm, I would advice you use the generator and change some random values yourself on each of the 8 line, the end result in the configuration should be something similar to:

 

define('AUTH_KEY',         '|w+=W(od$V|^hy$F5w)g6O-:e[WI=NHY/!Ez@grd5=##!;jHle_vFPqz}D5|+87Q');
define('SECURE_AUTH_KEY',  'rGReh.<%QBJ{DP )p=BfYmp6fHmIG~ePeHC[MtDxZiZD;;_OMp`sVcKH:JAqe$dA');
define('LOGGED_IN_KEY',    '%v8mQ!)jYvzG(eCt>)bdr+Rpy5@t fTm5fb:o?@aVzDQw8T[w+aoQ{g0ZW`7F-44');
define('NONCE_KEY',        '$o9FfF{S@Z-(/F-.6fC/}+K 6-?V.XG#MU^s?4Z,4vQ)/~-[D.X0<+ly0W9L3,Pj');
define('AUTH_SALT',        ':]/2K1j(4I:DPJ`(,rK!qYt_~n8uSf>=4`{?LC]%%KWm6@j|aht@R.i*ZfgS4lsj');
define('SECURE_AUTH_SALT', 'XY{~:{P&P0Vw6^i44Op*nDeXd.Ec+|c=S~BYcH!^j39VNr#&FK~wq.3wZle_?oq-');
define('LOGGED_IN_SALT',   '8D|2+uKX;F!v~8-Va20=*d3nb#4|-fv0$ND~s=7>N|/-2]rk@F`DKVoh5Y5i,w*K');
define('NONCE_SALT',       'ho[<2C~z/:{ocwD{T-w+!+r2394xasz*N-V;_>AWDUaPEh`V4KO1,h&+c>c?jC$H');

 


Wordpress-auth-key-secure-auth-salt-Linux-wordpress-admin-security-hardening

Once above defines are set, do not forget to comment or remove old AUTH_KEY / SECURE_AUTH_KEY / LOGGED_IN_KEY / AUTH_SALT / SECURE_AUTH_SALT / LOGGED_IN_SALT /NONCE_SALT keys.

The values are configured one time and never have to be changed, WordPress installation automatic updates or Installed WP Plugins will not tamper the value with time.
You should never expand or show your private generated keys to anyone otherwise this could be used to hack your website site.
It is also a good security practice to change this keys, especially if you have some suspects someone has somehow stolen your wp-onfig keys. 
 

Closure

Having AUTH KEYs and Properly configured is essential step to improve your WordPress site security. Anytime having any doubt for a browser hijacked session (or if you have logged in) to your /wp-admin via unsecured public Computer with a chance of a stolen site cookies you should reset keys / salts to a new random values. Setting the auth keys is not a panacea and frequent WP site core updates and plugins should be made to secure your install. Always do frequent audits to WP owned websites with a tool such as WPScan is essential to keep your WP Website unhacked.

 

 

June 29 the Feast of The Glorious and First among Apostles Peter and Paul in the Church and What were the names of The twelve Apostles

Tuesday, June 30th, 2020

saint-Glorious-Apostle-Peter-and-Paul-holy-orthodox-icon

Saint Apostle Peter and Paul are the most glorious of all Christ desciples thanks to whom by God's mercy and Grace the nations have received the good news of the Lord Jesus's Christ Crucifix for the sins of all us the sinful people whose evils and unthankfullness is on the way to reach its climax in this days of apostacy where the Church built on top of the Holy Martyrs blood and the Blood and tortures for Christ and the Truth of this two holy man is in one of its biggest temptetation caused by the Coronavirus hysteria exeggerated by the mass-media and purposing to mark a slavery upon human mind and took away the freedoms of man and change the life as we know it.

The Holy Apostles day is the End of the post-Pentecostal fasting which is in the Church from the ancient days of the Church. Rhe date selected being the anniversary of either their death or the translation of their relics.

Fasting is among the 4 main fasts in the One Holy Orthodox Church and the feast in the number of the biggest feasts of the Church. If one reads the historical records for all the places this two simple man was to preach the Gospel he is puzzled and couldn't comprehend how could it be for a simple Roman and a Fisherman to be able to walk through so many lands by boats, ships, through rivers, by carrets, on horses, donkeys, axes, elephants and God knows what kind of other animals typical for the multiple countries and lands this two most holy man has visit. 
It is even more amazing that their frutis of faith planted in the nations are still present today in so many Christians through the world …

The saint Peter and Paul fasting has been set for the reason the Apostles, have fasted immediately after Pentecost the descent of the Holy spirit over The desciples of Christ on the 50th day after the Resurrection of the Lord Jesus Christ. The feast has been setup because the Apostles immerse joy of the Holy Spirit who filled their heart spirits, soul and body made them understood how much dirty and how much in sin they and all the humanity is and how much cleanness is necessery in order for them to start their hard mission of spreading the fact of the Resurrection they have witnessed with their own eyes. A small bracket to open here that Saint Paul never had the  chance to see in Body the Savior just like Saint Paul and the rest of the Apostles, but he was illuminated by The Lord Jesus Christ's appearance to him on the road of the mask when he was on a journey to hunt for christians and put them to court and to death.

Saint Paul was so fierce (by his zillotism) for the Old Testamental Jewish pharisee faith who was based on human interpretation of God's laws, that he was even physically present on the Killing of Saint Archideacon Stephan.
Saint Paul was the one holding the dresses of the Killers of the first Christian martyr St. Stephan thinking that this devilish deed was truthful and pleasant to God. 
But God loved Saint Paul for his Zilotism and his heart aiming to know the Truth and because of that on the Road to Damascus appeared, blinding him from the unbearable light that was emitted by the Lord Jesus Christ who has answered the simple prayer of St. Paul who was honestly looking for the truth. On the Question Saint Paul asked the Unknown bright man who appeared in Glory and surrounded by Angels and Archangels he asked "Who are you Lord"? The reply came, 'I am Jesus, whom you are persecuting'." Acts of the Holy Apostles 9:4-5.

This moment changed Paul forever to make him from a fierce persecutor to a truthful desciple. However as it is said in the Holy Scriptures noone who sees the Lord can't stay alive in the Flesh and perhaps due to that the appearance of Christ left St. Paul to be blind for 3 days until God sent Ananias to heal his eyes by the ordination of Hands in the name of Jesus Christ – again a miracle of God aiming to strengthen the weakness of Faith of Saint Paul and stimulate him to continue on the way of Salvation. Even after the healing of his eyes, later in his eyes by God's providence the eyesight of Paul become weak again and he had to dictate his Apostle letters in the New Testament to his desciples who put it on paper and quite rarely write with his own hand due to his visionary problems. But apperantly the weak physical eye sight doesn't always mean a blindness as with his spiritual eyes the holy apostle was seeing much more than with his physical eyes and one weakness of seeing the physical let him contemplate the eternal.

It is little known fact that saint Paul among with his preaching the Gospel everywhere he went had a profession of making Tents and has worked hardly along with praying day and night, and the sleepless nights of vigil, the tortures by different anti-christians, jews, pagans, philosophers, magicians and others multitude of people who led by his spiritual blindness and passions has done multiple evils and tried in all means to stop Paul to preach the Gospel. But they did not succeeded and we see today the Result as there is rarely a man in the civillized world in all continents who doesn't heard or know about him 20-teen centuries after his martyrdom in the Capital of Roman Empire Rome.

saint-Paul-and-Peter-holy-icon

Saint Peter on the other hand was known for his simplicity and he like all of us was suffering of sickness of weakness of faith, he even rejected to know Christ thrice on the Christ trial, even though he was with Christ for the 3.5 years of Christ's preaching his Salvation Way to the world. But again just like with Paul, God made the miracle of preliminary foretelling him the future, warning him that he is about to reject Christ as his teacher a fact that occured just like prophecised by Christ earlier. Saint Peter seeing that The Lord Jesus Christ as the Son of God knows the future believed him and recover his trust in the Resurrection and with repentance came to believe and await the Resurrection of Christ which by the mercy of God he soon saw with his own eys. Soon after this mercy of God and his preparation with the Eyes of Christ and his desires to follow the will of God for his life led him to completely sacrifice all he had in his remaining earthly life for Christ. Saint Peter "Simon" (Σίμων Simōn in Greek), means stone and he is called that way for the fact he become a stone on which the Church of Christ was build and this stone is present their in the Church and everyone in both Christians and not Christians knows him well.

Saint-Apostle-Paul-and-Peter-embrace

 

In a dialogue between Jesus and his disciples (Matthew 16:13–19), Jesus asks, "Who do people say that the Son of Man is?" The disciples give various answers. When he asks "Who do you say that I am?", Simon Peter answers, "You are the Messiah, the Son of the living God." Jesus then declares:

Blessed are you, Simon son of Jonah, for this was not revealed to you by flesh and blood, but by my Father in heaven. And I tell you that you are Cephas (Peter) (Petros), and on this rock (petra) I will build my church, and the gates of Hades will not overcome it. I will give you the keys of the kingdom of heaven; whatever you bind on earth will be bound in heaven, and whatever you loose on earth will be loosed in heaven.

Saint Peter is known to have been in Antioch and Corinth and many other lands and is believed to have been the First PopSaint-Apostle-Paul-and-Peter-embrace.jpge of Rome.

Saint-Apostle-Peter-Crucifix-with-head-downed-cross-as-he-said-he-is-unworthy-to-die-as-the-saviour

Early Church tradition says that Peter probably died by crucifixion (with arms outstretched) at the time of the Great Fire of Rome in the year 64. This took place three months after the disastrous fire that destroyed Rome for which the emperor (Nero) wished to blame the Christians. This "dies imperii" (regnal day anniversary) was an important one, exactly ten years after Nero ascended to the throne, and it was "as usual" accompanied by much bloodshed. Traditionally, Roman authorities sentenced him to death by crucifixion. In accordance with the apocryphal Acts of Peter, he was crucified head down. Tradition also locates his burial place where the Basilica of Saint Peter was later built, directly beneath the Basilica's high altar.

On the next day 30th of June the Bulgarian Orthodox Church and some of the other Eastern Orthodox Churches celebrate another great feast The Assembly of the 12 Apostles which honors all the 12 Apostles who were the main building blocks whose preach and martyrdom for Christ put the second stones on the Building of the Church which was based on the main base cornerstone Jesus Christ whom with his holy blood for the Salvation of mankind made the existence of the Ship of Salvation (as the holy fathers) call the Church posslble.

Feast-of-The-Assembly-of-the-Holy-Apostles-and-St-Peter-and-Paul

Below are the Church Troparions and Kontaktions (Praising songs in the Church sang in Holy Liturgy) on 29 of June that every year marks Feast of the Glorious Apostles who enlightened the Universe, I put the songs in Both English and in Cyrillic translated out of Old Bulgarian (Church Slavonic).

Here are the names of the 12 Apostles as we know them by Church Tradition

The 12 disciples of Lord Jesus Christ

1. Peter
2. James
3. John
4. Andrew
5. Bartholomew or Nathanael
6. James, the Lesser or Younger
7. Judas
8. Jude or Thaddeus
9. Matthew or Levi
10. Philip
11. Simon the Zealot
12 . Thomas

 

Troparion — Tone 4

O first-enthroned of the Apostles, / and teachers of the universe, / intercede with the Master of all / to grant peace to the world, / and to our souls great mercy.

Kontakion — Tone 2

O Lord, You have taken to Yourself the steadfast and divinely-inspired heralds, the leaders of Your disciples, / for the enjoyment of Your blessings for and their rest; / for You have accepted their labors and their deaths as above all burnt offerings, / for You alone know the hearts of men.

Kontakion — Tone 2

Today Christ the Rock glorifies with highest honor / the rock of Faith and leader of the Apostles, / together with Paul and the company of the Twelve, / whose memory we celebrate with eagerness of faith, / glorifying Him Who glorified them.

ТРОПАРЬ, ГЛАС 4-Й

Апостолов первопрестольницы и вселенныя учителие, Владыку всех молите мир вселенный даровати и душам нашым велию милость.

Первенствующие из апостолов и Вселенской Церкви учителя, Владыку всех молите мир миру даровать и душам нашим великую милость.

КОНДАК, ГЛАС 2-Й

Твердыя и боговещанныя проповедатели, верх апостолов твоих, Господи, приял еси, в наслаждение благих Твоих и покой: болезни бо онех и смерть приял еси, паче всякаго всеплодия, Едине сведый сердечная.

Непоколебимых и богогласных проповедников, высших из Апостолов Твоих, Господи, Ты принял в наслаждение благ Твоих и покой, ибо страдания их и смерть благоволил принять как жертву, выше всякой жертвы, Единый, ведающий сердца наши.

ВЕЛИЧАНИЕ

Величаем вас, апостоли Христовы Петре и Павле, весь мир ученьми своими просветившия и вся концы ко Христу приведшия.

Прославляем вас, апостолы Христовы Петр и Павел, весь мир своим учением просветивших и приведших ко Христу народы всей земли.

Let by the Prayers of the Holy Apostles Peter and Paul and the Apostle James, John, Andrew, Bartholomew (Nathnael), James (the lesser or Younger), Judas, Jude (Thaddeus), Mathew (Levi), Philip, Simon Zealot and Thomas God have mercy on all Christians in our age and the ages to come till the Second Glorious Coming of Christ and in the Frightening Judgement day.

How to harden Linux Security and imprpove network efficiency on Kernel sysctl Level to Stop SYN flood

Friday, July 8th, 2011

Power up Linux and protect against DDoS with sysctl var optimization

Some long time ago I’ve written an article Optimizing Linux tcp/ip networking

In the article I’ve examined a number of Linux kernel sysctl variables, which significantly improve the way TCP/IP networking is handled by a non router Linux based servers.

As the time progresses I’ve been continuing to read materials on blogs and internet sites on various tips and anti Denial of Service rules which one could apply on newly installed hosting (Apache/MySql/Qmail/Proxy) server to improve webserver responce times and tighten the overall security level.

In my quest for sysctl 😉 I found a few more handy sysctl variables apart from the old ones I incorporate on every Linux server I adminstrate.
The sysctl variables improves the overall network handling efficiency and protects about common SYN/ACK Denial of service attacks.

Here are the extra sysctl variables I started incorporating just recently:

############ IPv4 Sysctl Settings ################
#Enable ExecShield protection (randomize virtual assigned space to protect against many exploits)
kernel.randomize_va_space = 1
#Increase the number of PIDs processes could assign this is very needed especially on more powerful servers
kernel.pid_max = 65536
# Prevent against the common 'syn flood attack'
net.ipv4.tcp_syncookies = 1
# Controls the use of TCP syncookies two is generally a better idea, though you might experiment
#net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_synack_retries = 2
##################################################
#
############## IPv6 Sysctl Settings ################
# Number of Router Solicitations to send until assuming no routers are present.
net.ipv6.conf.default.router_solicitations = 0
# Accept Router Preference in RA? Again not necessery if the server is not a router
net.ipv6.conf.default.accept_ra_rtr_pref = 0
# Learn Prefix Information in Router Advertisement (Unnecessery) for non-routers
net.ipv6.conf.default.accept_ra_pinfo = 0
# disable accept of hop limit settings from other routers (could be used for DoS)
net.ipv6.conf.default.accept_ra_defrtr = 0
# disable ipv6 global unicasts server assignments
net.ipv6.conf.default.autoconf = 0
# neighbor solicitations to send out per address (better if disabled)
net.ipv6.conf.default.dad_transmits = 0
# disable assigning more than 1 address per network interface
net.ipv6.conf.default.max_addresses = 1
#####################################################

 

To use this settings paste the above sysctl variables in /etc/sysctl.conf and ask sysctl command to read and apply the newly added conf settings:

server:~# sysctl -p
...

Hopefully you should not get errors while applying the sysctl settings, if you get some errors, it’s possible some of the variable is differently named (depending on the Linux kernel version) or the Linux distribution on which sysctl’s are implemented.

For some convenience I’ve created unified sysctl variables /etc/sysct.conf containing the newly variables I started implementing to servers with the ones I already exlpained in my previous post Optimizing Linux TCP/IP Networking

Here is the optimized / hardened sysctl.conf file for download

I use this exact sysctl.conf these days on both Linux hosting / VPS / Mail servers etc. as well as on my personal notebook 😉

Here is also the the complete content of above’s sysctl.conf file, just in case if somebody wants to directly copy/paste it in his /etc/sysctl.conf

# Sysctl kernel variables to improve network performance and protect against common Denial of Service attacks
# It's possible that not all of the variables are working on all Linux distributions, test to make sure
# Some of the variables might need a slight modification to match server hardware, however in most cases it should be fine
# variables list compiled by hip0
### https://www.pc-freak.net
#### date 08.07.2011
############ IPv4 Sysctl Kernel Settings ################
net.ipv4.ip_forward = 0
# ( Turn off IP Forwarding )
net.ipv4.conf.default.rp_filter = 1
# ( Control Source route verification )
net.ipv4.conf.default.accept_redirects = 0
# ( Disable ICMP redirects )
net.ipv4.conf.all.accept_redirects = 0
# ( same as above )
net.ipv4.conf.default.accept_source_route = 0
# ( Disable IP source routing )
net.ipv4.conf.all.accept_source_route = 0
# ( - || - )net.ipv4.tcp_fin_timeout = 40
# ( Decrease FIN timeout ) - Useful on busy/high load server
net.ipv4.tcp_keepalive_time = 4000
# ( keepalive tcp timeout )
net.core.rmem_default = 786426
# Receive memory stack size ( a good idea to increase it if your server receives big files )
##net.ipv4.tcp_rmem = "4096 87380 4194304"
net.core.wmem_default = 8388608
#( Reserved Memory per connection )
net.core.wmem_max = 8388608
net.core.optmem_max = 40960
# ( maximum amount of option memory buffers )
# tcp reordering, increase max buckets, increase the amount of backlost
net.ipv4.tcp_max_tw_buckets = 360000
net.ipv4.tcp_reordering = 5
##net.core.hot_list_length = 256
net.core.netdev_max_backlog = 1024
#Enable ExecShield protection (randomize virtual assigned space to protect against many exploits)
kernel.randomize_va_space = 1
#Increase the number of PIDs processes could assign this is very needed especially on more powerful servers
kernel.pid_max = 65536
# Prevent against the common 'syn flood attack'net.ipv4.tcp_syncookies = 1
# Controls the use of TCP syncookies two is generally a better idea, though you might experiment
#net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_synack_retries = 2
###################################################
############## IPv6 Sysctl Settings ################
# Number of Router Solicitations to send until assuming no routers are present.
net.ipv6.conf.default.router_solicitations = 0
# Accept Router Preference in RA? Again not necessery if the server is not a router
net.ipv6.conf.default.accept_ra_rtr_pref = 0
# Learn Prefix Information in Router Advertisement (Unnecessery) for non-routersnet.
ipv6.conf.default.accept_ra_pinfo = 0
# disable accept of hop limit settings from other routers (could be used for DoS)
net.ipv6.conf.default.accept_ra_defrtr = 0
# disable ipv6 global unicasts server assignmentsnet.
ipv6.conf.default.autoconf = 0
# neighbor solicitations to send out per address (better if disabled)
net.ipv6.conf.default.dad_transmits = 0
# disable assigning more than 1 address per network interfacenet.
ipv6.conf.default.max_addresses = 1
#####################################################
# Reboot if kernel panic
kernel.panic = 20

These sysctl settings will tweaken the Linux kernel default network settings performance and you will notice the improvements in website responsiveness immediately in some cases implementing this kernel level goodies will make the server perform better and the system load might decrease even 😉

This optimizations on a kernel level are not only handy for servers, their implementation on Linux Desktop should also have a positive influence on the way the network behaves and could improve significantly the responce times of opening pages in Firefox/Opera/Epiphany Torrent downloads etc.

Hope this kernel tweakenings are helpful to someone.
Cheers 😉

Secure Apache webserver against basic Denial of Service attacks with mod_evasive on Debian Linux

Wednesday, September 7th, 2011

Secure Apache against basic Denial of Service attacks with mod evasive, how webserver DDoS works

One good module that helps in mitigating, very basic Denial of Service attacks against Apache 1.3.x 2.0.x and 2.2.x webserver is mod_evasive

I’ve noticed however many Apache administrators out there does forget to install it on new Apache installations or even some of them haven’t heard about of it.
Therefore I wrote this small article to create some more awareness of the existence of the anti DoS module and hopefully thorugh it help some of my readers to strengthen their server security.

Here is a description on what exactly mod-evasive module does:

debian:~# apt-cache show libapache2-mod-evasive | grep -i description -A 7

Description: evasive module to minimize HTTP DoS or brute force attacks
mod_evasive is an evasive maneuvers module for Apache to provide some
protection in the event of an HTTP DoS or DDoS attack or brute force attack.
.
It is also designed to be a detection tool, and can be easily configured to
talk to ipchains, firewalls, routers, and etcetera.
.
This module only works on Apache 2.x servers

How does mod-evasive anti DoS module works?

Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address which matches the criterias:

  • Requesting the same page more than number of times per second
  • Making more than N (number) of concurrent requests on the same child per second
  • Making requests to Apache during the IP is temporarily blacklisted (in a blocking list – IP blacklist is removed after a time period))

These anti DDoS and DoS attack protection decreases the possibility that Apache gets DoSed by ana amateur DoS attack, however it still opens doors for attacks who has a large bot-nets of zoombie hosts (let’s say 10000) which will simultaneously request a page from the Apache server. The result in a scenario with a infected botnet running a DoS tool in most of the cases will be a quick exhaustion of system resources available (bandwidth, server memory and processor consumption).
Thus mod-evasive just grants a DoS and DDoS security only on a basic, level where someone tries to DoS a webserver with only possessing access to few hosts.
mod-evasive however in many cases mesaure to protect against DoS and does a great job if combined with Apache mod-security module discussed in one of my previous blog posts – Tightening PHP Security on Debian with Apache 2.2 with ModSecurity2
1. Install mod-evasive

Installing mod-evasive on Debian Lenny, Squeeze and even Wheezy is done in identical way straight using apt-get:

deiban:~# apt-get install libapache2-mod-evasive
...

2. Enable mod-evasive in Apache

debian:~# ln -sf /etc/apache2/mods-available/mod-evasive.load /etc/apache2/mods-enabled/mod-evasive.load

3. Configure the way mod-evasive deals with potential DoS attacks

Open /etc/apache2/apache2.conf, go down to the end of the file and paste inside, below three mod-evasive configuration directives:

<IfModule mod_evasive20.c>
DOSHashTableSize 3097DOS
PageCount 30
DOSSiteCount 40
DOSPageInterval 2
DOSSiteInterval 1
DOSBlockingPeriod 120
#DOSEmailNotify hipo@mymailserver.com
</IfModule>

In case of the above configuration criterias are matched, mod-evasive instructs Apache to return a 403 (Forbidden by default) error page which will conserve bandwidth and system resources in case of DoS attack attempt, especially if the DoS attack targets multiple requests to let’s say a large downloadable file or a PHP,Perl,Python script which does a lot of computation and thus consumes large portion of server CPU time.

The meaning of the above three mod-evasive config vars are as follows:

DOSHashTableSize 3097 – Increasing the DoSHashTableSize will increase performance of mod-evasive but will consume more server memory, on a busy webserver this value however should be increased
DOSPageCount 30 – Add IP in evasive temporary blacklist if a request for any IP that hits the same page 30 consequential times.
DOSSiteCount 40 – Add IP to be be blacklisted if 40 requests are made to a one and the same URL location in 1 second time
DOSBlockingPeriod 120 – Instructs the time in seconds for which an IP will get blacklisted (e.g. will get returned the 403 foribden page), this settings instructs mod-evasive to block every intruder which matches DOSPageCount 30 or DOSSiteCount 40 for 2 minutes time.
DOSPageInterval 2 – Interval of 2 seconds for which DOSPageCount can be reached.
DOSSiteInterval 1 – Interval of 1 second in which if DOSSiteCount of 40 is matched the matched IP will be blacklisted for configured period of time.

mod-evasive also supports IP whitelisting with its option DOSWhitelist , handy in cases if for example, you should allow access to a single webpage from office env consisting of hundred computers behind a NAT.
Another handy configuration option is the module capability to notify, if a DoS is originating from a number of IP addresses using the option DOSEmailNotify
Using the DOSSystemCommand in relation with iptables, could be configured to filter out any IP addresses which are found to be matching the configured mod-evasive rules.
The module also supports custom logging, if you want to keep track on IPs which are found to be trying a DoS attack against the server place in above shown configuration DOSLogDir “/var/log/apache2/evasive” and create the /var/log/apache2/evasive directory, with:
debian:~# mkdir /var/log/apache2/evasive

I decided not to log mod-evasive DoS IP matches as this will just add some extra load on the server, however in debugging some mistakenly blacklisted IPs logging is sure a must.

4. Restart Apache to load up mod-evasive debian:~# /etc/init.d/apache2 restart
...

Finally a very good reading which sheds more light on how exactly mod-evasive works and some extra module configuration options are located in the documentation bundled with the deb package to read it, issue:

debian:~# zless /usr/share/doc/libapache2-mod-evasive/README.gz

The Satanic roots of Metal and Rock Music genre – Two parts Christian movie exposing connection between Satanism and Metal music

Tuesday, May 1st, 2012

Some long time ago a bit before I repent and believed in Jesus Christ as my Lord and Saviour, I've done quite an extensive research on the trustability of the Holy Bible and mostly the Church and Christian writtings. In that times, as an ex-metal head I had a profound interest if there is really a connection between Modern Hard Rock and Heavy Metal Music?

My research back then was quite thoroughful and I found plenty of proofs clearly showing a clear connection between most of the hard rock and heavy / death metal bands to satanism. I used to listen this anti-christian music for about 8 years repeatedly believing the message is not  really bad, even though subconsciously I knew something is not right with the music.

It was quite shocking to me to find that one of my favourite hard rock / psychedelic bands Led Zeppelin, The Beatles, The Doors, Rolling Stones etc. e, had a clear connection with Alester Crawley (a new age occultist magician and a forefather of modern satanism …).

Crawley was a completely insane person proclaiming himself under the alias "The Beast". This psycho travelled all around America, cursing people and cities and teaching people to worship evil. In other words the guy was a complete modern day anti-christ. I found in youtube few short 20 minute, movies exposing the relation between the new age ecumenistic beliefs and Crawley. Along with the musicians spoken about and their exposure to be a bible and God deniers, the movie explains why the message of this popular figures is anti-Christian in essence. This short few movies explains how this terrible guy Crawley become an inspirator of many of the today world popular played rock bands in most of the radio stations …


Satanism – The Root of Rock Music (part 1)


Satanism – The Root of Rock Music (part 2)

Another interesting documentary exposing some of the major pop and rock culture and musicians connection with satanism and the occult is They Sold Their Souls to the devil. The movie is again a short research on popular musicians, who openly say in their interviews they sold their souls for fame to the devil. . Many of the star musicians featured in this videos, even say openly they're possessed by evil spirits.


They Sold Their Souls to the devil part 1 of 3


They Sold Their Souls to the devil part 2 of 3


They Sold Their Souls to the devil part 3 of 3


They Sold Thir Souls to the devil part 4 of 4

Some people might think this is a joke non-serious, some crazy christian propaganda, but if you watch it without bias and analyze it nomatter if Christian or atheist you will see most of the things said in the video reflect the reality. Actually it's very sad reality, today's world has rapidly headed towards non-christianity, occult and satanism. Believe it or not, the elite in the world, we see daily on TV or hear on the Radio and read for as heroes in the newspapers has a strong connection with magicians, occult and fake spirituality. Many of them think loving evil is fun and okay but in fact it is a big lie we're said. As I've red someone says, once a lie is repeated many times it appears to sound like truth….
Anyways we should know Evil is evil and no good can come of worshipping the evil our ancestors and forefathers knew that pretty well and they used to teach us in a spirit to obey good and walk after good and not evil. Modern pop-rock culture teach us something else it teach us to go after the ways of dis-obeying satan took … Pitily our dying generation forgot that evil seeking will bring just evil and now systematically many  governments and medias are working seriously for  destroying the Christian moral and pureness hence by that we  seek to destroy ourselves hurrying towards our own destruction….

Lets hope God will be merceful and turn more people to him and unveil them the truth we read in the Holy Bible. I have hope more and more people will realize that we have to be living in a moderate and saintly way and not like the rock and pop stars shown in those videos. We should pray for each other and love each other and keep an eye on our children to let them not go the bad ways of witchcraft, unholiness and sinfulness  the modern pop – rock culture push us to.

Bulgaria silently signs for ACTA / Why ACTA, SOPA and PIPA are bad for our freedom

Thursday, February 2nd, 2012

r freedomYesterday silently with zero publicity, Bulgarian representatives ratified the ACTA (Trade agreement for fighting counterfeit.)
The name sounds really good, but it has not much to do with what ACTA is about, when applied to digital medias and data sharing.
The ACTA legislation has been ratified in Tokyo last week, where 22 of the European Union membership countries signed in favour of these "malicious" treaty.

The basic idea of ACTA looks tempting as it gives more freedoms to copyright holders, however if you look closely you will understand actually this copyright infringement clauses are not so in favour of us the users but mostly in favour of multinational corporations.
For all those who have not heard about ACTA and SOPA in short this is anti freedom of speech treaty, which if put in action could lead to serious filtering of the internet.
The ACTA 's controversial treaty has already raised an outcry from dozens of computer literated individuals who daily use the internet. Unfortunately, ACTA is less known among non-tech guys … and hence most people on the internet have no about its existence.

If ACTA is ratified and set to be valid as a legislation to Bulgaria, this could lead to total Internet censorship in BG (more or less like it is in china now).
ACTA legislation will make sharing files via torrents and other P2P community file sharing networks a criminal activity.
Another effect of ACTA is that practically free software which reads a proprietary formats like DVD becomes illegal in Europe (like it is currently in America) and I will become guilty for just reading the non-free format..
As a result of ACTA our ISP (Internet Service Providers) will be forced to log and keep all traffic flowing through their (Routering servers). Filters on a local ISP level that will be censoring free speech could also become totally lawful…
Already there are plenty of ANTI-ACTA and ANTI-SOPA propaganda website which are trying to bring some more awareness to the public for the issue… Once an individual is suspected, to fraudulent activity or anything that breaks what is in ACTA is he is presumed to be guilty of crome …
Just watch the two videos below and you will see how terrible the consequence could be if this legislation is integrated with todays Bulgarian government laws. If you're hearing for ACTA for a first time and you live in a country which has still not rafitied ACTA as a local country legislation, make sure you spread the word and let all your friends about the bad impact of this anti-human legislation. We have to really stand up and protest to retain our digital freedom !

The Internet can be censored if Protect IP ACT (PIPA) and Stop Online Piracy Act (SOPA) are put in action !

ANTI-ACTA – Hmmm But What can you do??
 

Communistic Government BCP epoch deliberately tried to destroy the Bulgarian Orthodox Church

Wednesday, December 21st, 2011

Communism Reality, Anti Communism Poster

As a Child I've been baptized in the Orthodox Church and since then I've been a complete atheist until the age of 21.
What is the reason to get my faith in God in 21? This is a short post to shed some light on the great efforts of communism to erradicate faith in God in Communistic countries and change faith in God with faith in man and how this kind of approach devastates societies.
During the communism it's a well known fact that communists, all the members in the Bulgarian Communist's Party (BCP),has led an anti Bulgarian Orthodox Church government politics. The fact that Communistic Governments are fighting Churches and faith in God is less known among youngesters and hardly known by people part of western democratic societies.

I did not lived this time myself, but I heard many stories about the stupidities of communism.
Many older people say, when communism came to rule the Communist Government did immediately destroy some Orthodox Christian temples, some priests were convinced in crimes they were not responsible for etc…
Other priests were send in the Concentration camps and many of them never returned in the society.
"Access" to the Churches was limited and sometimes prohibited to the orthodox layman and often to clergy.
During these terrible communism era, it was prohibited to everybody who is a member of BPC to attend Orthodox Church services or identify himself as christian in public.
I've heard from my grandma an interesting story she witnessed, while she was working as a cleaner in the militia (police).
Here is the story:
One day my grandma wanted to go to the Church St. George located on the city centre of Dobrich city Bulgaria.
A policeman stopped her when she was entering the temple and since he knew her as an employee in the police called her by name and told her that she is not allowed to enter the church building, because she is working in the police.
My grandma asked the militiaman to let her enter the temple to pray for just few minutes and light up a candle (just for this time) without reporting for that in the police.
The policeman agreed to let us in and keep silent that she entered the Church this time,but warned her that if he sees her another time entering the church he is going to report to the respective authorities.
Another part of the Government active politics against the Bulgarian Orthodox Church was by placing an ex-criminals who were sentenced for thefts, rapings, agression or other crimes as a priests in the Church.
By this move the supreme counsel of the bulgarian communist party wanted to break the people confidence in the Church as the true holy apostolic Church. The most fierce communists during these days did their best to present the church of God as a corrupted and void institution who only steals from people and exists only to deceive society.
Yet many years after the fall of communism this people distrust in the church that communists sow through the years.

What is pity is even after the communism is gone for a long, time the churches are only full on biggest feasts and no more than 5% of the citizens are regularly going for Church service or have even the basic knowledge on the Church truths and mysteries.
Following the fall of communism the democratic governments who come to power, elected in a citizen democratic elections did not do much to help the church either, some of them does lead politics openly hostile to our Bulgarian Church.
The last government selected, seems to be less hostile to our Church, but people have once been cut away from the Church and now its really hard for our nation to get back to faith.
The severe crisis (a word that means judgement in greek) and the hardships many people experience started to make some people rethink about what is the meaning of life and made them occasionally go back to faith of our fathers orthodoxy.
What will happen further nobody knows, we need to pray and hope God will have mercy and people will repent for their sins and come back to faith again.

Sjecas li se dolly bell? – Do you remember Dolly Bell? – A classic serbian movie by Emil Kosturica

Tuesday, September 27th, 2011

Sjecas li se Dolly Bell / Do you remember dolly bell?

Sjecas li se dolly is a piece of classic in the well known Kosturica genre, the movie is from the distant 1981. The movie action takes place in communistic Yugoslavia. It clearly contains anti-communistic nuances. I’m really amazed that this movie see the light of the day in the early ’90s while still communism had strong influence on information media in Yugoslavia.

As I’ve lived until the age of 7 in communism and post-communism (and experienced myself communism), the movie was especially interesting to see. In the family in the movie I can see many things I’ve seen and suffered many of the anti-human communistic bull-shit in my own family in my boy years.
Communism has cripppled us the Bulgarians as a nation and destroyed any society which it was in (clearly observable in all post-communistic countries).

Interesting thing to notice among the communistic Marxist ideas in the plot is the growing influence of the Western World (seen in the anti social behavior of the actors),the enthusiasm to look for occult of the main actor the teenager boy – (Dino), the desire to look follow Italian western culture etc.
The movie also keeps the mark of the negativism and crazyness which is so distinct about all Kosturica movies I’ve seen. Anyways from an art point of view the movie is a real master piece.

The movie plot takes place in the so conflict area of Sarajevo, a place predominated by Muslims. What is shocking about the movie considering its time of make, is the explicit erotic and sexually related scenes. The censorship in communistic times was quite severe so it’s amazing, how this anti-communistic movie containing society unacceptable scenes ever came to existence.
Do you remember Dolly Bell? is a drama movie, presenting a sad reality, we still partially continue to live in the Balkans. Though 20 years has passed since the fall of communism pitily not much has changed here…

Near the movie end there are some religious scenes as well obviously attempting to fill in the material emptiness of communism with something spiritual. The religious scene,is a muslim local tradition of a funeral preparations.
The relation between the movie and Islam is understandable as Kosturica had some Bosnian Muslim roots from the line of his father. This kind of muslim influence is also observable on the other Kosturica movies as well.
Nowdays since 2005, Kosturica is officially Orthodox Christian baptized in Savina Monastery which makes me happy as myself am Orthodox Christian 😉