 Securely setting up a Linux PCNo matter which Linux distribution you choose, there are at least 10 things you do to properly prepare the operating system for connection to the Internet. Suspend is now working on my Ubuntu Laptop I recently wrote an article about my new laptop. In that article, I mentioned that suspend to RAM just doesn't seem to work. I had seen this website before about Ubuntu on an Inspiron 9300 and tried the suggestions for getting suspend to work...to no avail. Recently, though, I tried it again and it worked. I don't know what has changed, but suspend works for me now. I did revert back to the xorg ATI drivers rather than the ATI proprietary fglrx drivers, but I tried that before, so I guess the xorg ATI drivers were maybe updated. Fun With Makefiles Make is a phenomenally useful utility that is included with most UNIX-like systems. There are a number of different flavours of make, with the most common being GNU Make, included with most Linux distributions and Mac OS X. Linux: Dropping Support for GCC 2.95Four months ago a debate on the lkml suggested that support for GCC 2.95 would be around for a long time, but a more recent thread suggests otherwise. 2.6 maintainer Andrew Morton put together a small patch to remove support for 2.95, and discussion continued to explore which versions of GCC 3.x to support. [Kerneltrap] Creating secure wireless access points with OpenBSD and OpenVPN You know how insecure 802.11x wireless networks are. In this article we'll create an OpenBSD-based secure wireless access point that prevents unauthorized access and encrypts every packet using a VPN tunnel. OpenBSD is one of the most secure operating systems available, is easy to use, and includes almost everything you need for this project in the base installation. My sysadmin toolbox I'm that odd guy who puts Linux on virtually everything, and will take something apart just because I can. My Linksys WRT54G runs Talisman from Sveasoft, my iPaq runs Familiar, and even my TiVos (DirecTiVo and Series 2) have been hacked up a bit. So what does a guy like me use for software tools?  Updates on Testing Dell and a Linksys WRT 54G HowtoI recently reported on a test of a Dell computer and I wrote a Howto for the Linksys WRT54G to terminate an IPSec VPN tunnel to our companies’ firewall. I've updates to both accounts. Tutorial: Preventing Buffer Overflow Exploits Using the Linux Distributed Security Module, Part 1 Internet servers (such as Web, email, and ftp servers) have been the target for different kinds of attacks aiming to disable them from providing services to their respective users. One particular exploit, which has become almost ubiquitous in the last several years, is the buffer overflow exploit. This article describes the buffer overflow exploit and provides detailed examples to help understand it. CLI Magic: Daily aliases If you spend any time working at the shell, you probably use many GNU utilities. One thing that distinguishes the GNU versions from the classic Unix versions is that the GNU programs are rife with additional options. Some of these options are so useful you may want to create an alias so you can use them all the time without needing to do all the extra typing.  Firefox 1.5 hole a minor problem claims MozillaMozilla claimed that first Firefox 1.5 security vulnerability was not as critical as initially perceived, but a patch will be available to fix it early next year. Linux Advisory Watch - December 9, 2005 This week advisories were released for gdk-pixbuf, horde2, helix-player, Inkscape, horde2, Perl, Webmin, eagle-usb, spamassassin, mailman, xpdf, libc-client, and imap. The distributors include Debian, Gentoo, Mandriva, and Red Hat. Review: Tale of a Black Dog What is a Black Dog? It's a complete USB-powered Linux server which fits easily in the palm of your hand. Powered by a 400-MHz PowerPC processor, 64 MB of RAM, and either 256 MB or 512 MB of flash, this pint-sized pet packs quite a bite (or is that "byte"?). Russell Pavlicek finds out in this product review.  Using sed for UNIX Portability Part IThere is a program called service which can be used on multiple UNIX systems to control Operating System services. One of the problems faced in the design of the service utility was the path to where system startup scripts (or rc scripts) resided. This series examines how using sed can easily mitigate multi-platform scripting problems. The first part will look at how the utility program works. Debian Alliance Eyes The Enterprise The effort to put a Debian GNU/Linux based distribution into the enterprise consciousness may have picked up some steam this week. The DCC Alliance of Debian based GNU/Linux distributions released their DCC 3.0 core as part of an effort to further adoption and standardization and potentially offer an alternative to Red Hat and Novell/SUSE. User-Mode Linux: A Book Excerpt Here's an excerpt on UML from Steve Best's new book, The Chicken, the Egg and the Linux Desktop Here are some reasons why the Linux desktop has been so slow in coming: good, bad and interesting. Linux desktop architects team up on Portland Project Architects from two dozen desktop-oriented Linux projects converged in Portland, Ore. last weekend to collaborate on creating the best possible Linux desktop. To that end, the group launched the Portland Project, which aims to provide a common set of standards that allow applications to easily integrate with the Linux desktop.  Custom scripting gives users a safe-duAs a system administrator, there are two ways you can interact with users: force them to follow the rules or encourage them with tools and guidelines. I prefer the second approach, as I think people generally want to do the right thing. Also, if people don't follow the rules at your company, that is a management problem, not a computer problem. Therefore, I prefer to concentrate my attention on helpful tools and scripts, which is exactly what I did recently to solve a typical system administrator problem. Got An Open-Source Problem? Red Hat Wants To Be Your Help Desk SpikeSource is about to get some new competition. This week, Linux vendor Red Hat Inc. said it will enter the market for certifying that groups of open-source apps work well in conjunction. During the first quarter of next year, Red Hat will begin selling technical support for three stacks of open-source software components that companies frequently use together--and which Red Hat has tested for compatibility. First look: BeleniX live CDBeleniX is a free live CD based on the OpenSolaris kernel. With it you can have Solaris, which once ran exclusively on SPARC servers, powering your modest desktop computer. But with few applications and lacking an installation script, the Live CD does little more than slake a nerd's thirst for a taste of Solaris. Moving elderly dad, mom from Windows to Linux XYZComputing.com has published a human-interest story about helping Mom and Dad learn to use a Linux-based desktop computer. The author explains how he moved his elderly parents from a problematic Windows XP desktop system to Mandriva PowerPack 10, leaving spyware, viruses, slow performance, and myriad other problems behind. Xen 3.0.0 Now seems a good time to call a Xen 3.0.0 release! We've been seeing good stability on the XenRT regression tests for the last couple of weeks, and the number of bug reports submitted to bugzilla have dropped right down. It's time to get a bigger group of people to start beating up on it... Super Glue: Using Perl to Develop a Cheap Network Framework To build something flexible and extendable, you're going to need to use a well-known integrated path to relay messages to the central server. Syslog-ng will handle that. You'll use a simple program in Perl as a destination for some Snort messages relayed over syslog-ng. The Perl program will use a PostgreSQL database to store the messages in a very custom fashion. My sysadmin toolbox: second helping When I wrote last month's my sysadmin toolbox column, I knew that Linux.com readers would probably have a few suggestions. I was surprised, however, by the sheer number of reader responses with suggestions for other tools. With all those good suggestions, it seemed like a good idea to compile a list of the most popular reader-suggested tools and utilities to cover some of the programs that didn't make the first column. Are You Replacing Windows with GNU/Linux?LXer editor Don Parris takes a straw poll that he believes points to the fact that Windows is becoming more and more irrelevant. Read and weigh in! TCP Tuning and Network Troubleshooting Bob had written a Java program to copy 100MB data files from his Windows XP computer at his office in Sunnyvale, California, to a Linux server at his company's East Coast office in Reston, Virginia. He knew both offices had 100Mbps Ethernet networks that connected over a 155Mbps Virtual Private Network (VPN). When he measured the speed of the transfers, he found out that his files were transferring at less than 4Mbps, and wondered if I had any idea why. Open Source Anti spyware and trojan protection Winpooch Winpooch acts as a powerful anti spyware and anti trojans, and if you have ClamWin installed Winpooch is a Windows watchdog, free and open source. CLI Magic: More on SSH We've covered SSH before in CLI Magic, but this week let's look at some additional SSH features that new users might not be aware of. For the purpose of this article, we'll be looking specifically at OpenSSH, but many of these features apply to other SSH variants as well. Apache HTTP Server 2.2.0The Apache Software Foundation and The Apache HTTP Server Project are pleased to announce the release of version 2.2.0 of the Apache HTTP Server ("Apache"). Creating appealing video software demos in Linux A software product description is nothing without screenshots. They are the most-clicked links on almost every free software page -- much more than "Download." Screenshots carry information about the software's appearance, maturity, user interface, user friendliness, and feature set in a much more immediate way than paragraphs of text description. You can't show some software characteristics with still images, however. More exploits out for Windows flaws The exploit posted on Thursday is another that could allow a remote attacker to gain complete control over a vulnerable computer. The code takes advantage of a flaw in a Windows component for transaction processing, called the Microsoft Distributed Transaction Coordinator. Microsoft addressed the flaw in security bulletin MS05-051 in October. LXer Feature: Early results of the (Dutch) Windows refund survey Sometimes as a Linux user, you wish you could buy any computer with Linux preinstalled, or if that's not possible, just without an operating system, but that's not the reality. If that isn't possible, is it possible to buy any computer with Windows pre-installed, and then, return the unused Windows, and ask a refund for it? That's a question many non-Windows users ask themselves. The answer however, isn't clear to consumers. There's only one way to find out: ask your hardware manufacturer. IBM wants Solaris to Linux convertsThe kind engineers at IBM have delivered a new tool for moving customers off Sun Microsystems' Solaris operating system and onto Linux. Those interested in the kit will likely use it to shift Solaris C/C++ software over to Linux running on IBM's Power, x86 and mainframe systems. Autopackage: Toward a universal package manager for the desktop If Mike Hearn, Hongli Lai, and the rest of the Autopackage team realize their goals, the future of package management in GNU/Linux will be greatly different from the present. Existing package management systems will remain for libraries and system utilities, but a separate tool will manage desktop applications. Packages will be installable for either the entire system or just the current account. Moving a Newbie to Linux This article goes over one person's experience when moving computer beginners from Windows to Linux. This is not always a smooth transition, but this case salvaged a barely-working computer for an easy switch from one operating system to the next. SANS Top20 Vulnerabilities List is outJust like last year, I would like to remind those who are not following the security news closely to take a look at the list of "The Twenty Most Critical Internet Security Vulnerabilities", released by SANS. Unlike last year, the list shows an interesting trend: a major shift away from platform vulnerabilities towards cross-platform applications. [O'Reilly Network Weblogs] It's shipping! Time Management for System Administrators is shipping. Use this Google Maps-based application to mark where you live. [O'Reilly Network Weblogs] DIY Telephony With Asterisk, Part 2 \Asterisk@Home is a nice bundle that includes a Web-based graphical configuration interface, a Flash-based Operator Panel that lets you monitor all activity on the network, and even barge in on calls. Plus hold music, fax support and a bunch of other goodies. It's not just a toy for home users; it's also great for business use. Linux Kernel Multiple Denial of Service Vulnerabilities Some vulnerabilities have been reported in the Linux Kernel, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service)]. Qmail Toaster makes mail server setup easyA mail server is an essential part of any organization's IT infrastructure, but installing and maintaining a mail server is not always easy, and it's often difficult for small organizations to pay an expert to set up a mail server. Fortunately, Qmail Toaster can simplify the task enormously. A quick AWstats guide AWstats is a free, popular log analyzer, released under the GPL. It can generate advanced graphical statistics from web, streaming, ftp or mail server log files. This document is not intended to be a review, but rather a quick installation and configuration guide for a specific web site, in order to have as accurate statistical data as possible for use in your traffic analysis reports. OS Virtualization: An Introduction One of the hottest topics in all of IT today is the subject of virtualization. While it has been around for some time, it has just recently started to garner the attention of the biggest names in tech. Everyone from Intel and AMD, to Microsoft, Sun, and virtually every commercial Linux vendor has either current or planned support for virtualization. So what is it, and why is everyone so head over heels about it?  A Linux User's perspective in installing FreeBSD 6.0I have been a Linux user way back from the first time I was introduced to an alternate OS than windows. Even though I was aware of other Unices like FreeBSD and Solaris, I hadn't come around to installing them on my machine. Two days back, things changed when I downloaded the latest FreeBSD version 6.0 from their official website. Using a Mac to make Windows cope with something Linux touched Sometimes the easiest path from Linux to Windows is via the Macintosh. [O'Reilly Network Weblogs] Mono 1.1.10 Solves Deployment ProblemThe open-source implementation of .Net has been updated to enable a single instance to run multiple Mono applications using the Apache Web server.
Security architecture is a new concept to many computer users. Users are aware of security threats such as viruses, worms, spyware, and other malware. They have heard of, and most use, anti-virus programs and firewalls. Many use intrusion detection. Architectural security, though, remains a mystery to most computer users. Super Glue: Using Perl to Develop a Cheap Network Framework Network Security is hot these days. There are plenty of offerings, both commercial and free. Usually, a good network security model employs more than a single security product. However, not many commercial or free security utilities play nice with each other. Luckily, you can use Perl to glue them together to get more meaningful data from your network. Secure remote file management with sshfsWhat if you need to work with files on a remote server, but find scp tedious in repetition and FreeS/WAN too cumbersome? You might find just what you're looking for in sshfs -- a tool for mounting a remote filesystem transparently and securely as if it were just another directory on your local machine. Mac OS/Linux/Windows Single Sign-On This is an important piece of information that has baffled many enterprises. Highly recommended reading for anyone attempting to move Linux on the desktop into a Microsoft 2000 infrastructure. Wireless HotSpot HowTo Yunus Bookwala has published a tutorial dealing with setting up a WLAN HotSpot on a Linksys WRT54GS router using OpenWrt, ChilliSpot, and FreeRadius.  Installing and Configuring Ubuntu on a LaptopJeremy Jones recently bought a new laptop and decided to run Linux. Don't shudder--it actually works! Here's how he installed, reinstalled, and configured Ubuntu GNU/Linux on a Dell Inspiron. [Linux] Linux Advisory Watch - November 18, 2005 This week, advisories were released for awstats, kdelibs, acidlab, AbiWord, uim, ftpd-ssl, phpsysinfo, phpgroupware, lynx, rar, sylpheed, gtk, egroupware, cpio, lm_sensors, and gdk-pixpuf. The distributors include Debian, Gentoo, Mandriva, and Red Hat. More Open Source Support For Sun's Solaris Sun is improving its Solaris OS with new support for the open source PostgreSQL database, Xen virtualization, GRUB boot loader and the Solaris ZettaByte File System (ZFS). Sun releases OpenSolaris file system Sun Microsystems has released the source code for its OpenSolaris file system, a major component of its server operating system. As part of a "build," or update, to OpenSolaris, the company on Wednesday released the source code for ZFS, a system for managing data and files. Ubuntu On The Business DesktopOne day, while the boss was away, I shoved a spare hard-drive into my computer and installed Ubuntu 5.04. I managed to work for a month and a half before the Boss noticed I was using Linux - and that was only because he happened to glance at my screen. Half a year later, I am still using Ubuntu (now version 5.10) at work and I am more productive than ever. Blocking Skype with OpenBSD and squid Sam Varghese writes in The Age, "A systems administrator in the United Arab Emirates has come up with a simple method to prevent a popular internet telephony program from being used." Undeadly.org has details. [Undeadly.org] A Day in the Life of #Apache A huge number of the questions on #apache have to do with mod_rewrite. And, fairly frequently, I find myself thinking that the problem being discussed would be so much easier to solve if we could just write a Perl script to deal with it. Of course, you can, using the RewriteMap, but it's moderately hard to come by good examples of using this, either in the documentation, or elsewhere online. Using Software RAID-1 with FreeBSD Have you ever needed a software RAID solution for a low-end server install? Perhaps you've wanted your workstation to take advantage of the redundancy provided by a disk mirror without investing in a hardware RAID controller. Has a prior painful configuration experience turned you off software RAID altogether on Unix systems? Since 5.3-Release, FreeBSD comes with gmirror(8), which allows you to easily configure a software RAID 1 solution. How to become an information security professionalMany years ago, while directing IT operations for a small company on the West Coast, I became aware that our network security was particularly weak. The company was growing at a rapid pace, IT was understaffed, the network was at capacity in a number of ways, and the demands were brutal both in terms of time and technology needs. I wanted to fix that. So began my quest to become an information security professional. OpenBSD goes to Venice What happens when you put a dozen developers on a little island with their laptops, power, and an Internet connection? Thanks to Ed for his report from OpenCON 2005 in Venice. [Undeadly.org] Condor: Building a Linux cluster on a budget So you need a lot of computing power but don't want to spend tens of thousands of dollars on a commercial cluster? Or maybe you just have a lot of machines sitting idle that you would like to put to good use? You can build a powerful and scalable Linux cluster using only free software and off-the-shelf components. Here's how. OpenBSD goes 10Gbpsbrad@ just committed support for Intel's 10Gbps network interfaces. The OpenBSD Journal has more notes and discussion. [Undeadly.org] Apt metadata for RHL 7.3 and 9 Due to an error I introduced into a publish script, the apt metadata information for RHL 7.3 and RHL 9 had not been updated since Sept 15 of this year. I have fixed this error and uploaded the latest information, which was generated on Nov 13. I apologize for any problems this may cause. Getting Oracle and CVS to play together Using CVS to capture and Synchronise Oracle changes .. Is there a better way? [O'Reilly Network Weblogs] Enhancing kernel security with grsecurity Is your server as secure as it could be? Sure, you use a firewall, mandate strong passwords, and patch regularly. You even take a proactive approach by performing security audits with tools such as nmap and Nessus. Yet you may still be vulnerable to zero-day exploits and privilege escalation attacks. If these possibilities keep you awake at night, you're not alone. The sleepless folks with the grsecurity project have developed an easy-to-use set of security enhancements to help put your fears to rest. Make your files immutable in Linux which even root can't delete Root is all powerful in Linux, but here is a cool article that tells you how to forbid even the root user from deleting or modifying certain files. Everyday Linux gripesAs you already know, if I have to sit down in front of a computer, I want it to be running the Gnome desktop on Linux. I've watched it mature from a downright ugly, needlessly complex playground for geeks, to an attractive, simple interface that holds its own against commercial alternatives. And yet, every day I still encounter rough edges that make me think there aren't nearly enough folks out there hacking away at this stuff. I'd like to watch. Realnetworks issues patches to fix critical flaws RealNetworks patched up a critical flaw on Thursday. The patch covers three flaws that would have allowed malicious hackers to take control of a user's computer through the Real player. The problem was reported to the company more than four months ago. HowTo Setup Basic SMTP AUTH in Exim4 This brief guide explains the steps you can take to get basic SMTP AUTH working with Debian Sarge's exim4 package. CLI Magic: netcat The response to my recent sysadmin toolbox article has been overwhelming. By far, readers' number one suggestion was to replace Telnet with netcat. Here then is an introduction to netcat for Linux users who may not be familiar with the TCP/IP Swiss Army knife. Torvalds gets tough on kernel codersLinus Torvalds, the creator of Linux and the maintainer of the development kernel, is cracking down on developers that add last-minute changes to the kernel. Lightweight Web Serving with thttpd The Apache HTTP Server is the most popular web server due to its functionality, stability, and maturity. However, this does not make it suitable for all uses: slow machines and embedded systems may have serious problems running it because of its size. Here is where lightweight HTTP servers come into play.... Setting up a PXE-Boot Server This documents how to setup a PXE boot server for Linux. This assumes that you're using Red Hat/FC as the PXE boot server. Forgotten Password - Good Guy Box Cracking I found out is that the following is the easiest and most foolproof (not to mention fastest) way to do this. Hotrod Your Linksys WAP with Linux (Part 3)Now that we have ripped out the stock guts out of our Linksys WRT54G and replaced them with a miniature, but mighty, Linux operating system, it's time to configure it to do some actual work...sharing a broadband connection, and configuring a local DNS/DHCP server the easy way. Project management with Trac If you've ever been a part of a large development project, you've no doubt become accustomed to having access to source control and bug tracking tools and design document repositories. But what if you're part of smaller project where you're responsible for setting up your own infrastructure? Trac, an open source project sponsored by Edgewall Software Services, provides a complete project infrastructure that's easy to install and maintain. OpenSolaris has a leg up on Linux The incompatibilities between distributions that have plagued Linux for so long aren't an issue with OpenSolaris-based distributions. The reason is simple: a Linux distribution is a kernel combined with other tools, but OpenSolaris is an operating system in its own right; it doesn't need additional tools to make it work. Linux: Secure as You Want It to Be My colleague Larry Seltzer thinks that we may be on the verge of an age of Linux worms that might rival the endless trouble that Windows users find themselves in. ClamAV - The free Anti Virus solution for Windows on LinuxThere is a common perception that there are no viruses on the Linux platform - which to a large extent is true. But what happens when you get a mail attachment which you would like to forward to your windows machine so you can open it with your favorite proprietary software? And what if this attachment is infected by a virus? This is where the anti virus solutions for linux comes into the picture. Why Soft Skills? Technical skills have little value if you have poor soft skills. Don't get me wrong, your tech expertise matters. But don't be fooled by your tech skills. King of Linux, champion of Oracle? You've got it made, right? Give me a break! Tech skills alone are no guarantee of success. Sun Says They'll Convert Word Files to ODF Panela Jones writes: "Since Microsoft would rather fight than switch to supporting ODF, Sun is stepping up to the plate...." Help bring ACPI support to OpenBSD jordan@ is working on ACPI support and has written an ASL parser and an AML interpreter. In order to test it he needs dumps from as many systems as possible. The tool to do the dumps works completely from userland so there's no intrusive kernel patching required. If you've been whining about the lack of ACPI support then here's your chance to step up and take action. [Undeadly.org] Media Giddy over Linux Worm.You might think that the sky is falling the way the media has gone on a feeding frenzy related to a Linux worm. Sorry to disappoint you, but the worm will hardly affect the user base. It's not like the Code Red worm which self-replicated malicious code that exploits a known vulnerability in Microsoft IIS servers (CA-2001-13). How a Linux Distro Saved Hard Disk Data Our search-and-rescue expert is back to share how he recovered a master boot record and reclaimed lost data. Hacks From Pax: SELinux Administration Most of what you already know about Linux system administration will still apply to an SELinux system, but there are some additions and changes that are critical to understand when using SELinux.  CLI Magic: sudo voodooSudo is a handy little tool that is of value to both system administrators and common folks like us. What does it do? It allows you to temporarily assume the permissions of another user, up to and including root. If you belong to the camp that says you should only have root privileges at the time they are needed, sudo makes your life a little easier by making it easier to shape-shift between the permissions for a mere mortal and those of the super user. One-click installation with Klik Simplifying software installation is a popular pastime for Linux developers. It has given us useful tools like Synaptic, YUM, checkinstall, and autopackage. A new kid on the block, Klik, approaches the problem differently, by avoiding the installation altogether. Time to patch your Cisco routers Three months after the scandal at the Black Hat conference, Cisco finally confirmed the existence of some serious vulnerabilities that Michael Lynn warned about when he demonstrated the ability to hack in to Cisco routers back in July. While the specifics were never made clear during the Black Hat conference, it was thought that Cisco had already fixed the issues with their IPv6 patch but now it's clear that the problems affecting Cisco IOS were much deepe Linux/lupper.worm This worm spreads by exploiting web servers hosting vulnerable PHP/CGI scripts. It is a modified derivative of the Linux/Slapper and BSD/Scalper worms from which it inherits the propagation strategy. It scans an entire class B subnet created by randomly choosing the first byte from an hard-coded list of A classes and randomly generating the second byte. NetBSD 2.1NetBSD 2.1 is the first maintenance release of the netbsd-2 release branch. This release provides numerous functional enhancements, including support for many new devices, hundreds of bug fixes, patches and updates to kernel subsystems, and many enhancements to the user environment. In addition, all of the security fixes and critical bug fixes from the NetBSD 2.0.3 update are included as well. FreeBSD 6.0 It is my great pleasure and privilege to announce the availability of FreeBSD 6.0-RELEASE. This release is the next step in delivering the high performance and enterprise features that have been under development in the FreeBSD 5.x series for that last several years. Some of the many changes since 5.4 include... Basic Iptables - Debian Pre-Sarge This How-To uses a Debian Sarge 3.1 box, though the commands and syntax should work for any linux distro. Before you can configure iptables, you first must ensure that it has been compiled into the kernel, and that you have the proper userland utilities installed. Linux Advisory Watch - November 4th 2005 This week, advisories were released for lynx, OpenSSL, gnump3d, netpbmfree, gallery, phpmyadmin, SELinux PAM Local, TikiWiki, mantis, Ethereal, XLI, libgda, ImageMagick, kernel, and wget. The distributors include Debian, Gentoo, and Red Hat. Hotrod Your Linksys WAP with Linux (Part 2)Last week we rambled over the OpenWRT landscape, issued dire warnings and concluded with the easy, but risky, installation method. Today we'll learn the harder, but much safer, installation method. This one is fun, because it depends on an unpatched bug in the Linksys firmware. A tour of Red Hat Certificate System Red Hat Certificate System (RHCS) is not an open source product, but don't neglect it for that reason. It's a powerful tool, which builds on Red Hat Directory Server to provide an enterprise solution for managing user identities and ensuring privacy. Essentially, RHCS handles all the different phases of identify lifecycle by using PKI (Public Key Infrastructure). Here's a tour of the latest release of RHCS. Postfixing your mail server Years removed from the original release of Postfix, the Unix-based mail server is still serving oodles of people every day. Sendmail may have a larger market share in the Linux community, but Postfix has a much simpler setup and is good for users who do not want to spend a lot of time configuring a mail server. My sysadmin toolboxEvery administrator has a set of software tools that he just can't live without. These are the utilities that you install as soon as you log into a new machine, to help make day-to-day tasks a little easier. Here are my top 10 tools. ISO Makes Linux Standards Base a Standard The Open Source Business Conference (OSBC) here will open on Tuesday to the news from the Free Standards Group that the Linux Standards Base (LSB) has been approved as an ISO standard. Sun Grid Utility Aimed at MS Word Docs Sun Microsystems is starting a new grid utility service that unlocks the data stored in Microsoft Word documents and converts it into Open Document Format files that can be used by the StarOffice and OpenOffice desktop suites. 'False alarms' delay Linux kernel releaseVersion 2.6.14 of the Linux kernel is now available despite 'frustrating' delays due to mistaken bug reports, says Linus Torvalds. My sysadmin toolbox Every administrator has a set of software tools that he just can't live without. These are the utilities that you install as soon as you log into a new machine, to help make day-to-day tasks a little easier. Here are my top 10 tools. Red Hat Wants Xen in Linux Kernel Linux vendor Red Hat Inc. is aggressively pushing to get Xen virtualization technology included in the Linux kernel as quickly as possible. OpenBSD 3.8 Released The official release announcement will soon appear. The OpenBSD team has released version 3.8 right on time, as usual. [Undeadly.org] CLI Magic: GNU findDon't you just hate it when you can't find a file you need, but you know it's on your computer? Wouldn't you like an easy way to track down files anywhere on your computer? If so, I have good news for you, a command available to you at the friendly Linux CLI called find. Hardware emulation with QEMU QEMU is an open source cross-platform emulator for Linux hosts. It allows you to emulate a number of hardware architectures (x86, x86-64, and PowerPC are currently known to work, with others, including SPARC and MIPS, in development). QEMU thereby lets you run another operating system on top of your existing OS. Going through the process of installing and configuring QEMU not only gave me a worthwhile new software tool, but also helped me learn a few things about Linux. Software Firewalls versus Wormhole Tunnels In a VPN configuration, most personal firewalls are configured to drop their shields (because all traffic is heading to and from a trusted source), so the VPN client is, in fact, a liability because there is no need to use a libpcap outbound wormhole-tunnel communications channel. The firewall will happily ignore whatever packets a malicious program might need and they go unfiltered through the "secure" VPN connection... Creating and using a wormhole-tunnel communications channel is not limited to malicious use by malware, spyware, viruses or worms. The following scenario illustrates how one can legitimately (and more robustly) bypass the firewall without the use of libpcap.<p> <i>[Ed.- and don't forget email, web browsers, and all the ways that SSH can sneak around firewall rules.] Tips and Toys for the Hardworking Admin Welcome to today's installment of More Tips and Tricks For Hardworking Admins, the finest and freshest collection of mini-howtos on the Web. Today we'll do dynamic blocking of SSH server attacks, run nested window managers, and take a peek at hacking the Linksys WRTG54.<p> <i>[Ed.- The DenyHosts utility, for dynamic blocking of SSH or other port attacks, is quite ingenious and easy to use. Also, XNest is covered, for running multiple window managers simultaneously. Just try to do that with poor ole feeble MS Windows!] Your Next WAP: Hold the Cheese? Q:What's the difference between an enterprise wireless access point from a big name vendor, and a SOHO grade one from the likes of Belkin, Buffalo or Netgear? A: About 500 bucks OK, say it's not a very funny joke. In fact it's not really a joke at all – more of an economic observation. But like most jokes, there is a point to it: When you go shopping for wireless access points, do you really need to spend five times as much on an enterprise product which does the same base function – providing wireless network access – as a SOHO one? Citadel: Groupware Secret RevealedNow you're in on the secret. Sick of sendmail's security bug of the week? Exchange crashed again and took everyoneÂ’s calendar with it? Microsoft Outbreak let another virus into the intranet again? Want your email and calendaring to Just Work? With a nice web interface for the road warrior executive types? It's time to take a good look at Citadel. Bugzilla 2.20 Released, bugzilla.mozilla.org Upgraded Version 2.20 of Bugzilla, the Mozilla bug tracking software, has been released. The Bugzilla 2.20 new features page has more details about the improvements in this release, which include experimental support for PostgreSQL (previously only MySQL was supported) and a new user interface style. Refer to the Bugzilla 2.20 Release Notes for more information. Network monitoring with Cacti GNU/Linux is without doubt a brilliant server OS, but monitoring your Linux server can be a challenge. There are a few powerful tools available, such as MRTG, the Multi Router Traffic Grapher, but setting them up can be an exercise in frustration for first-time users. By contrast, Cacti, a graphing program for network statistics, is designed to be easy for relatively inexperienced systems administrators to use, while at the same time being powerful enough to be used in complex networks. Continuing to Improve Hardware Support In -Current Undeadly.org discusses the ongoing work to improve hardware support in OpenBSD 3.8 and beyond. [Undeadly.org] Apache's good reputation drives demand for open web server skillsThe Apache HTTP server - now 10 years old - is the product of an open source initiative dedicated to keeping the internet free from commercial control. It is a key part of the Lamp (Linux, Apache, MySQL, PHP/Perl/Python) platform. Advanced Linux LDAP authentication In an earlier look at LDAP, we set up a simple LDAP-based authentication system. We configured client machines to retrieve authentication information from a server running OpenLDAP. Now let's go further by enabling encryption and looking at how to make user modifications through LDAP. CrossOver Office Version 5.0 CodeWeavers have shipped version 5 of CrossOver Office. Jeremy White writes "We have added initial support for Microsoft Office 2003, added a powerful new feature we call 'bottles', which lets you manage your Windows applications more easily than ever before, and dramatically improved the installation and execution process of nearly every Windows program." File System Tutorial Here is a short article explaining some basics about file systems. This is an area in which many people, even full time computer users, lack much understanding. Its kind of important! Comment of the Day - October 25, 2005 Calculate the Optimal Size of a New Disk DriveIn answering a question on the Linux metaforumat Lxer, bstadil wrote a splendid comment about how to figure out the optimal size of a new disk drive. Hacks From Pax: SELinux And Access Decisions Hi, and welcome to my second of a series of articles on Security Enhanced Linux. My previous article detailed the background of SELinux and explained what makes SELinux such a revolutionary advance in systems security. This week, we'll be discussing how SELinux security contexts work and how policy decisions are made by SELinux. IPMI Support in OpenBSD Undeadly.org has a story about new support for IPMI in OpenBSD. The key characteristics of Intelligent Platform Management is that inventory, monitoring, logging, and recovery control functions are available independent of the main processor, BIOS, and operating system. More OpenBSD-specific IPMI can be found in the ipmi(4) man page. It is quite interesting as it provides support for some sensors like the ones used in Dell PowerEdge servers. [Undeadly.org]Nessus fork emerges With news settling in that the makers of the network vulnerability scanner Nessus will not open source the next version of the software, the team behind the soon-to-be-renamed GNessUs project is growing fast and attracting attention. The Story of Snort: Past, Present and FutureLast week we met with Martin Roesch, the creator of Snort, the de facto standard for intrusion detection/prevention. Presented here is the entire story of Snort in his words that covers seven years of development that made this tool one of the most important security software titles ever developed. Fetching email with Mutt What do you look for in an email program? You may find it in Mutt, an easy-to-use text-based messaging client. Here's all you need to know to get started with Mutt. SMB Browsing with KDE KDE 3.x has some nice, built-in, multi-protocol network browsing features, but, unfortunately, chances are that your Linux distribution doesn't enable or configure those features automatically. So this month, dive into KDE and get connected. Greenlight your RFID systems Incorporate a Radio Frequency Identification (RFID) framework and connect to various interface types. Learn how to integrate the RFID framework with back-end applications and implement business logic. This article provides the answers to getting it all done. Apache 2 mod_deflate Are you ready to take a look at a fairly new technology that promises you to save bandwidth? Maybe you're even more interested when the promises range from a 50% to a 80% amount of savings? Jump in, and take the ride to see if it works out as well as you were promised. Here's how to use mod_deflate in a real life situation. Finding The Right Man (Page) A shell script hack to build the PATH and MANPATH shell variables dynamically. [O'Reilly Network Weblogs] CLI Magic: lsof Last week's CLI Magic column was about Trojan Scan, a useful tool -- still in alpha development phase -- for warding off the bad guys. I noted then that the utility was based on the lsof command -- actually, based on just one of the hundreds of combinations of arguments used to tell lsof exactly what it is you want from it. This week we're going to take a longer look at lsof, and see a few of the other mysteries it can solve. VMWare Inc. Releases Free Virtual Machine Runtime VMWare Inc. has released a new free (as in beer) virtual machine runtime called VMware Player. According to VMWare, this free VM runtime makes it possible for anyone to run virtual machines created in their Workstation, GSX or ESX products. It also runs virtual machines created in Microsoft's virtualization products. The runtime is available for both Windows and Linux. What do to when apt-get fails When you install an application package in a Debian-based system, sometimes prerequisite application packages are unavailable. These missing packages are known as broken dependencies. Left unresolved, they can cripple your system's ability to install new packages. They're a disaster that isn't supposed to happen in Debian, thanks to the Advanced Packaging Tool (APT) and the scripts contained in Debian packages. Rootkit creators turn professional Signalling a trend towards increased 'outsourcing' of some elements of malware creation, security experts are reporting a surge in the level of professionalism and commercialisation in the creation of so-called rootkits. OpenBSD 3.8: Hackers of the Lost RAID Undeadly.org readers discuss ONLamp's extensive interview with several OpenBSD developers. Most topics covered are related to new features in 3.8 like interface trunking, internationalization support, mmap malloc, etc. but there is also some discussion of works in progress. [Undeadly.org] LinuxWorld Feature - Best Practices in Cluster Management and HPC Albert Einstein defined success as 10 percent inspiration and 90 percent perspiration. Although he had no inkling about the emergence of Linux Clusters for High Performance Computing (HPC), his words ring true for designing, building, and managing compute clusters. Get Linux drivers for wireless network cards The www.linux-wlan.org site provides driver software and Linux compatibility information for a number of USB and PC Card wireless network devices.<br><br> One of the best places to start searching for drivers for a particular USB device is the Linux Wireless LAN HowTo document. While some of the information may be a bit dated, you can find information on Linux wireless drivers ranging from pre-802.11 standards up through more recent 802.11g and 802.11a devices. OpenOffice.org goes live with 2.0 Last week the OpenOffice.org project turned five. Today the team released the long-awaited OpenOffice.org 2.0 office. Gnu Bayonne 2 1.0 Released GNU Bayonne 2 offers a GNU GPL licensed scalable, media independent software environment for development and deployment of telephony solutions for use both with current, and next generation VOIP telephone networks. Black Duck makes open-source code service free until year's end Black Duck Software Inc. is making its protexIP/OnDemand software-compliance assessment service available free of charge from Tuesday through year's end, according to a company executive. The service analyzes software projects to determine whether they contain any pieces of open-source code and ensure that the code meets licensing obligations The CUPS Printing System A basic introduction to what CUPS is and why you might want to use it rather than LPD. Advanced Squid Squid is a free caching proxy server that runs on Linux and many other operating systems. Many Linux users who have used Squid have taken advantage of its simple setup, and ignore or overlook its advanced features. Here's an introduction to some of those features and how to use them. Browser security: why an insecure browse-only account doesn't work One of the reasons why people switch to Firefox (also on the Linux platform) is the assumed security of the browser. Nonetheless, with several vulnerabilities found in Firefox the last few months, the browser may be the weak spot in the security of your desktop. Here's a possible working solution to the problem. Cross-platform packaging facility OpenPKG 2.5 available The OpenPKG project released version 2.5 of their unique RPM-based cross-platform multi-instance Unix software packaging facility. Freeradius and Linux for Your WLAN A RADIUS server running on Linux can authenticate clients on any platform -- including those connected via a wireless network. Here's to implement EAP-TLS encryption. OpenBSD's 10th Birthday Today marks 10 years of OpenBSD. Undeadly.org has the story. [Undeadly.org] Cruising the Kernel with Andrew, Ted and the Gang, Part I The ship may not win any interior design awards, but the latest Geek Cruise made up for that with smart minds giving great talks--both on the schedule and off. New Ubuntu Release Works in a Crisis In a tight spot? Ubuntu can bail you out. Intel Slashes PC Power-up Time Intel has unveiled a new technology on Monday that significantly reduces the time it takes for a notebook PC to power up or access programs, while improving battery life to boot. Splogs: Is Our Developers Learning? "Splogs" -- spam blogs -- are just the latest Internet annoyance. And there's really no outright cure for this annoyance, any more than there is for all the others; the only reasonable response is prevention up-front -- by shrewd developers. [O'Reilly Network Weblogs] Check Point's acquisition of Snort's parent has some users worried Check Point Software Technologies and Sourcefire have a history of working together, but last week's announcement that Check Point plans to acquire Sourcefire has some open source users a bit nervous. Interview: Fyodor Whitedust interviews the enimagic Fyodor, creator of the Nmap network security utility. A Comparison of Solaris, Linux, and FreeBSD Kernel I spend most of my time teaching classes on Solaris internals, device drivers, and kernel crash dump analysis and debugging. When explaining to classes how various subsystems are implemented in Solaris, students often ask, "How does it work in Linux?" or, "In FreeBSD, it works like this, how about Solaris?" This article examines three of the basic subsystems of the kernel and compares implementation between Solaris 10, Linux 2.6, and FreeBSD 5.3. Lightweight Web Serving with thttpd The Apache HTTP Server is the most popular web server due to its functionality, stability, and maturity. However, this does not make it suitable for all uses: slow machines and embedded systems may have serious problems running it because of its size. Here is where lightweight HTTP servers come into play, as their low-memory footprints deliver decent results without having to swap data back to disk. Get a terabyte of storage on Windows and Linux Most people who chimed in complained that the NetGear box didn't support anything other than Windows – I don't find this to be a tragic big deal since if you're running Linux, you can find yourself a way to rig up a RAID array with a suitable distro on a spare server. CLI Magic: Trojan Scan We're all about security this week. Not the security you get from being all wrapped up in a baby-blanket, coddling, gratuitous GUI, but the kind that comes from knowing who is connected to your machine, and why. Trojan Scan is a simple but effective tool that monitors connections and alerts you to unauthorized activity of the sort that a rootkit, trojan, or other bad-to-the-bone-ware might engage in. Jump down out of that hi-tech hammock you're in and let's take a look. Get Linux drivers for wireless network cards Steve Blass writes "No problem: if you can't get a Linux driver, Ndiswrapper lets you use the Windows drivers." <br><br> Mr. Blass knows one side of the story, using Windows drivers isn't always a panacea. - Ed  What Is the Linux DesktopMuch has been made of predictions about the "year of the Linux desktop," but what is the Linux desktop, why should you use it, and why should you care? Jono Bacon takes a look at development of the Linux desktop, from its roots to its apps to its future prospects. [Linux] Finding voice codecs for free software A triumph of open protocols, like Session Initiation Protocol (SIP) and Inter-Asterisk EXchange (IAX), is hollow if the marketplace standardizes on closed, proprietary codecs for delivering the voice data itself. How do you find the good free codecs? Here are some options. Regular expression: Stupid is as stupid does Have you ever had one of those days where you make a mistake, and every attempt to fix your mistake just leads to worse problems? Eventually you've managed to turn a minor glitch into a major disaster. It Salaries Heading North in 2006 October 13, 2005: With demand for IT talent finally catching up with supply, companies can expect to pay more for help in the coming year. SecurityFocus covers OpenBSD's network stack Highlighting the upcoming 3.8 release, SecurityFocus has posted an interview with three OpenBSD developers about the network stack protection against DoS attacks which use ICMP, a short comparison with Linux's stack, and some thoughts on OpenBGPD. Undeadly.org has the discussion. [Undeadly.org] How to keep instant messaging off the record Sometimes encryption isn't enough to keep your conversations private. With standard encryption, it's theoretically possible for someone to steal your secret encryption keys and decipher the conversation. For conversations that need to be kept confidential, the Off-the-Record (OTR) plugin for Gaim saves the day. It leaves no trace of a conversation ever having taken place.  Monitoring Network Traffic with NetflowSNMP and MTRG can tell you what your network is doing, but they don't always give you the details you need. Netflow does--but it has a complex setup and configuration. Fortunately, Michael W. Lucas shows how to install and configure modern versions. [Sysadmin] Quick primer on Unicode under Linux Ed Trager's A Quick Primer On Unicode and Software Internationalization Under Linux and UNIX is a good short intro to configuration and tool setup for working with Unicode on a Linux machine. An Overview of ping Trying to figure out if your laptop is connected to your home or office network? ping it. Linux: Error Detection and Correction Alan Cox submitted a pair of patches to add error detection and correction (EDAC) logic to the 2.6 kernel. He noted, "I don't think its yet merge ready but getting there so I'd appreciate other folks comments and views on what else needs fixing before generating a submission for Andrew." As usual, Kerneltrap has more details. [Kerneltrap] Vuln: OpenSSL Insecure Protocol Negotiation Weakness Bugtraq discusses an OpenSSL insecure protocol negotiation weakness. [Bugtraq] Linux: 2.6.14-rc4, Final Release Candidate Linus Torvalds announced 2.6.14-rc4, "the final -rc before a 2.6.14 release." Kerneltrap discusses the current version of the development process as well as changes for this release. [Kerneltrap] Don't discount software distribution sites as attack vectors Sendmail. Tcpdump. OpenSSH. With control of the sites, the bad guys replaced the downloadable installation package for each tool with a Trojanized version that included a backdoor bundled in the package. The bad guys had hit upon the ideal mechanism to propagate their malicious code -- duping systems administrators to take the bait and install their wares for them. Hacks From Pax: Security Enhanced Linux and Mandatory Access Control Security Enhanced Linux, or SELinux, is an exciting security project that is reaching maturity and poised to revolutionize Linux security administration. This article provides a basic introduction to the philosophy behind SELinux and explains how it can add a powerful layer of security to your Linux system. DBAs vs. Developers: Managing Your Data without Conflict While not reaching the deadly proportions of the Hatfield-McCoy feud, some IT feuds rival them in fever. Teams that are supposed to work together don't. Specifically, database administrators (DBAs) and developers (don't call me a programmer!) often butt heads and fail to find common ground. Is your open source project ready for the daylight savings time fix? Here's a computer problem you can blame George W. Bush for personally. Starting in 2007 daylight savings time will start a month earlier and end a few days later. Instead of starting on April 2, as it will next year, it will start on March 11. Linux: State Tracing, Visualizing Fragmentation Yumiko Sugita announced the 2.3.1 release of LKST, the Linux Kernel State Tracer. The project page notes, the "Linux Kernel State Tracer(LKST) records information as trace data about events in the Linux Kernel. It records various events like process context switch, send signal, exception, memory allocation, send packet, and so on." Kerneltrap has discussion. [Kerneltrap]CLI Magic: Checkinstall Given the ease of installing free software apps these days, especially those installed outside your distro's package management, how do you get that the great game you installed from scratch last week when you learn it opens your system up to hostile takeover? Think that just removing the executable does the trick? Think again.  What Is LinuxFor a long time, Linux was seen as a geek's system--too complicated for ordinary folks. But Linux has matured, and with today's desktop environments and new user-friendly installations, Linux is finally coming into its own as a desktop system. [Linux] Exclusive: Xen Grows Up In the past year, development of the open source Xen virtualization platform (http://www.cl.cam.ac.uk/netos/xen/) has forged ahead at a rapid pace, adding support for hardware virtualization and large- scale enterprise server hardware such as symmetric multiprocessor (SMP) guests and physical address extensions (PAE). Simultaneously, the Xen project has amassed a substantial community of developers and refined the software to be stable and robust. Now with a third major release, Xen is ready for “The Big Show,” production use. Up until the recent release of Xen 3.0, a major obstacle to the adoption of Xen in some environments was the softwareÂ’s lack of support for unmodified operating systems. XenÂ’s original approach of paravirtualization, modifying an operating system to facilitate virtualization, yielded great performance, but failed to host operating systems for which source code is unavailable.  Security Alerts: XFree86 TroubleNoel Davis looks at problems in XFree86, cfengine, RealPlayer 10, Helix Player, ClamAV, XSun, Xprt, arc, prozilla, AbiWord, Backupninja, Hylafax, ApacheTop, and libsnmp5.
[Linux]
Meng Wong Plots Messaging's Future Email Battles' discussion with Meng Weng Wong, the father of the Sender Policy Framework method for sender authentication of email messages, continues. Linux: Kernel Crash Dumps A kernel crash dump is a snapshot of system state taken at the time that the kernel crashed, useful for finding and debugging the problem that caused the crash in the first place. There is no standard mechanism for automatiaclly collecting a crash dump on Linux, but Kerneltrap discusses several existing projects intended to meet that goal. [Kerneltrap] Pass on Passwords with scp Learn how to propagate files quickly and do backups easily when you set up scp to work without needing passwords. Serve Paid Content to Spiders and the Public as Babel Here's a working example and PHP script for randomizing web page text in-place. The result scans well and indexes well, but it doesn't give the story away. I think this would be a good technique for interfacing paid content with the free web... certainly better than following search engine hits into "access denied" pages. [O'Reilly Network Weblogs] Vuln: Linux Kernel MMap Invalid Memory Region Local Denial Of Service Vulnerability Bugtraq reports on a "Linux Kernel MMap Invalid Memory Region Local Denial Of Service Vulnerability". [Bugtraq] Installing Fink on Mac OS X At its heart, Mac OS X is a Unix operating system. This means that plenty of Unix open source software compiles and runs on it. However, compiling software can be tedious, especially if it has many dependencies, or if it hasn't been tested on Mac OS X. Fink can help. FreeBSD: Interview with Release Engineer Scott Long BSDForums interviews FreeBSD Release Engineering Team's Scott Long relating to various aspects of FreeBSD. Topics discussed include FreeBSD general issues, its academic roots, how FreeBSD compares to other BSDs - OpenBSD, NetBSD, and the ongoing debate on FreeBSD vs. Linux. Augustus' Ultimate Linux Workstation: Part II In this part of my look at building what I would consider the ultimate Linux workstation, I will take you through some of the special construction that had to be done to accommodate some of the special hardware I selected. What's your downtime worth? If you're looking at high availability for your hardware, chances are you're considering a clustering option -- using multiple standard boxes to form a highly available system. But according to fault-tolerant server vendors, companies need to take a closer look at redundant hardware before buying into potentially more expensive and more complicated clustered options. The Arrival of NX, Part 5: Using NX We know you've been waiting for it, so here's the next installment of our NX series. This time out, learn how to navigate with hands-on exercises that demonstrate all NX can do. Ibm debuts software for age-related disabilities IBM has released a set of software programs to help older workers with age-related disabilities stay productive at the office. CLI Magic: Logrotate This week's CLI Magic comes from Mayank Sharma. While some might think that Logrotate is strictly a tool for system administrators, Mayank disagrees. He argues that even those as far down on the food chain as ordinary Linux desktop users -- not just system admins -- can benefit from the tool. Red Hat Aims to Simplify Linux The corporate sector does not just run on servers. Thus, Red Hat is putting lots of effort into the desktop in an effort to simplify Linux for this environment. Even the universal serial bus flash drives which required a user to "mount" or "dismount" via the console is now a simple matter of plug and play. Disk Blasting 101 with Linux <B>How To:</b> If all you want to do is be 99.9999 percent sure that there's no data left on your drives, DBAN (Darik's Boot and Nuke) is for you. SysAdmin Paper from Yankee Group Ignorable The Yankee Group has produced another of its infamous surveys about TCO comparisons between Microsoft and Linux. Excuse the yawn but has Yankee ever used its skills in statistical analysis to win a lottery? Opinion: There are too darned many Linuxes ...There are only, by my quick count, one hundred and forty one Linux distributions. Currently shipping. For the Intel platform. In English. Automating Linux security should be a higher priority But I strongly believe that Linux users badly need the kind of automated anti-viral patch management service that Windows users now take for granted.  Installing DebianDebian GNU/Linux is a powerful and popular community-developed Linux distribution--and the basis for several other useful and usable distributions. With the recent release of Debian Sarge, it's better than ever. Edd Dumbill, Debian developer and GNU/Linux advocate, walks through a typical installation. [Linux] RT Essentials When I see or hear people knocking Linux for not having applications, I think of Jesse Vincent's Request Tracker (RT). When I first found out about RT, I thought I had found a few hundred thousand dollars laying on the street. That's the amount of money I would have had to spend on a proprietary trouble ticket tracking system comparable to ones from "big" commercial shops. EnGarde v3 If you haven't tried EnGarde recently, then I'm certain you'll be equally as excited about this release as we are. Completely redesigned web interface, firewall features, integrated Security-Enhanced Linux protection, and completely free updates are just a few of the outstanding new benefits. Five common mistakes that Linux IT managers make After seeing the same mistakes repeated by different IT managers over the years, I've noticed a pattern of common errors. Here are the five common mistakes, along with tips for avoiding them. SSL VPNs and OpenVPN: A lot of lies and a shred of truth I wanted to write an article on the strengths of OpenVPN, but I just can't get the message out without first talking about the serious insecurities I see in the rest of the SSL Virtual Private Network (VPN) space... Bugtraq: Is the Bottom Line Impacted by Security Breaches? Bugtraq reports on a study that asks if reported security breaches affect the bottom lines of companies. [Bugtraq] New Tool To Monitor HIPAA Compliance Ecora's Enterprise Auditor has built-in HIPAA reports that map directly to the act's security rules, making it easier to quickly generate compliance reports. Mysql 5.0 about to be completed The open-source database MySQL has been published in Version 5.0.13, the first edition of the 5.x development branch, which the manufacturer has designated a Release Candidate. Though the release date of a stable version is still a matter of speculation, the competition which MySQL launched on the occasion of the publication of the Release Candidate provides something of a hint. Anyone who within the next eight weeks finds and reports a bug in this version stands a chance of winning an iPod nano, the rules of the competition state. Anyone moreover who in addition in a blog relates his or her experiences with MySQL 5.0 can with a little bit of luck win free entry to the next MySQL Users Conference and will there be invited to have dinner with the team of developers. Red Hat EAL5 To Get Government Blessing Although it is still a year away from being released, Red Hat Enterprise Linux 5 is already on the path toward EAL4 certification. Linux: PATA Drivers in LibATA Alan Cox provided a status update on his PATA driver efforts with libata. He offered a qualified call for testers. Kerneltrap has more details. [Kerneltrap]Dell talks up multicore servers, workstations Dell has added multicore technology to its single-core dual-socket servers and workstations, the company announced Monday. Multicore computing is the placing together of two or more CPUs (central processing units) onto a single piece of silicon. IT manager's crash course: 64-bit computing The kind of hardware you buy can have a profound effect on the success of your business, but choosing among the available options is now tougher than ever. The advent of inexpensive, binary-compatible 64-bit processors has introduced a new facet to the decision-making process. Here's what to consider. Is e-mail failing us? There is a common understanding among Internet users that e-mail is one of the most trusted technologies around. Want to quit your job? After all, it all seems so easy... This however fails to take into account one of this century's most painful truths: e-mail, after so many years of being relied on, still doesn't work reliably. An introduction to Debian networking setup Under Debian networking is pretty comparable to other distributions of Linux, especially in areas such as DNS setup. However if you're new to the distribution you might not know where things are set. This brief introduction to networking will show you how it works. CLI Magic: p0f P0f is a passive OS fingerprint tool written by The Evil Twin, a.k.a. Michal Zalewski. Here's how to make your own personal version of Netcraft's "What's that site running?" survey. ISP-Server Setup - Ubuntu 5.0.4 This is a detailed description about the steps to be taken to setup a Ubuntu based server (Ubuntu 5.0.4 - The Hoary Hedgehog) that offers all services needed by ISPs and hosters (web server (SSL-capable), mail server (with SMTP-AUTH and TLS!), DNS server, FTP server, MySQL server, POP3/POP3s/IMAP/IMAPs, Quota, Firewall, etc.). Red Hat Network tour I've used Red Hat Network successfully in the past, so I was happy to get my hands on a demo of Red Hat Network 4, which is in the process of being released. Before I drill down into RHN4, I have to say RHN4's new features are cool, particularly the ones that enable you to manage Unix-based Solaris servers and monitor systems more effectively. Five common mistakes that Linux IT managers make After seeing the same mistakes repeated by different IT managers over the years, I've noticed a pattern of common errors. Here are the five common mistakes, along with tips for avoiding them. Configuring DNS on SLES 9 On a modern IP-based network, users take for granted the fact that they can access local network and Internet resources using easy-to-remember domain names instead of IP addresses. I doubt that a single work day goes by that the typical employee doesn't access some website with a URL. As a Linux system administrator, it's your job to know how to provide users with this behavior. Auditor: The security tool collection The Auditor security collection is a GPL-licensed live CD based on Knoppix, with more than 300 security software tools. Auditor gives you easy access to a broad range of tools in almost no time. 45 Minutes to a Linux Terminal Server With a Linux Terminal Server and thin-clients, a business can remove many of the costs associated with maintenance, support, and licensing of countless desktop PCs. Thanks to the exceptional efforts of the Linux Terminal Server Project members, such a switch is neither dramatic, nor painful. Protecting Linux against automated attackers As many systems administrators will tell you, attacks from automated login scripts specifically targeting common account names with weak passwords have become a substantial threat to system security, especially via SSH (a popular program that allows remote users to log in to a Linux computer and execute commands locally). Here are some common-sense rules to follow that can greatly improve security, as well as several scripts to cut down on the computing resources wasted by these attacks. Webmin: Simple, Secure Linux Management Webmin is a great all-in-one graphical configurator that can be used to configure and monitor servers, system files, networking, and hardware - in short, everything. Unlike other GUI system administration tools, Webmin directly edits program configuration files. OSDir has more. Mozilla Firefox 1.0.7 Released Mozilla Firefox 1.0.7, a security and stability update to the flagship Mozilla browser, is now available for download. This version includes fixes for the international domain name (IDN) link buffer overflow vulnerability and the Linux command line URL parsing flaw. Bluetooth and GNU/Linux Bluetooth is an open, IEEE connection standard for wireless device communications. Here's an introduction to Bluetooth on GNU/Linux, including how to enable support for it, some programs that monitor Bluetooth communications, and some hardware devices that use Bluetooth. Contributors wanted for new HOWTO/advocacy site LinuxQuestions readers consider the possibility of providing guidance for people switching from Windows and Mac OS X to Linux... perhaps you can contribute! [Linuxquestions.org] Free Standards Group Releases LSB 3.0 On Monday, the Free Standards Group released the latest version of the Linux Standard Base, Version 3.0, and announced that Red Hat Inc., Novell Inc., the Debian Common Core Alliance and Asianux are all certifying their latest operating systems versions to it. Linux: New Home For master.kernel.org The master.kernel.org server recently moved to a new home at Oregon State University's Open Source Lab, the same that provides hosting for KernelTrap . Kerneltrap has more details. [Kerneltrap] OpenBSD 101 OpenBSD is an ultra-secure, freely available, multi-platform BSD-based UNIX-like operating system x-- and arguably the most secure operating system in the world. After using OpenBSD for over 9 years I decided to place online some useful information for first time users of OpenBSD. Filter spam with CanIt-PRO Despite the the passage of the CAN-SPAM Act, email users are still subjected to vast quantities of spam and virus-laden messages. Roaring Penguin's CanIt-PRO is a Sendmail-based application that helps block spam, viruses, phishing attempts, and other nastiness.... Linux: Reiser4 and the Mainline Kernel Hans Reiser sent an email to the lkml titled, "I request inclusion of reiser4 in the mainline kernel". He provided a list of objections raised earlier, noting that all had been addressed. Kerneltrap covers the story. [Kerneltrap] Don't Install, Just Copy with klik Klik is a system which creates self-contained packages of programmes installable over the web with a single click. Kurt Pfeifle discusses the potential uses of this technology for helping the non-coding contributors to KDE. He also looks at how the system works and the obvious security issues involved. Apache Spamassassin 3.1.0 Apache SpamAssassin 3.1.0 has been released! SpamAssassin 3.1.0 is a major update. SpamAssassin is a mail filter which uses advanced statistical and heuristic tests to identify spam (also known as unsolicited bulk email). CLI Magic: CDargs Typing long path names at the command line can get to be a chore very quickly. Even with tab-completion, it can take a lot of typing to move from your home directory to /var/www/www.mysite.com/cgi-bin or something similar. Wouldn't it be much better if you could "bookmark" long path names and type something simple, like cdb site, to get to a directory? That's where CDargs comes in. Big Scary Daemons: Visualizing Network Traffic with Netflow and FlowScanSNMP and MTRG can tell you what your network is doing, but they don't always give you the details you need. Netflow does--but sometimes a pretty graph says more than thousands of lines of log output. Fortunately, Michael W. Lucas shows how to use FlowScan and CUFlow with Netflow to see the traffic on your network. [Sysadmin] Using Qpsmtpd While email is increasingly a worker's most important communication medium, the onslaught of attacks from spam, viruses, and other malicious email content is ever increasing. By implementing a mail server in Perl, you can use your favorite language to mitigate those attacks and provide greater flexibility in processing incoming mail. Matt Sergeant shows how to install, configure, and write plugins for Qpsmtpd. [Sysadmin]  Enterprise-Wide Network Management with OpenNMSNetwork management of more than a few devices is difficult, and many vendors have expensive, complicated software that mostly does the job. Fortunately, open source has a viable alternative in OpenNMS. Tarus Balog shows how the extensible and configurable software can simplify your life. [Sysadmin DevCenter] Important Notice for Sysadmin DevCenter Readers About O'Reilly RSS and Atom Feeds O'Reilly Media, Inc. is rolling out a new syndication mechanism that provides greater control over the content we publish online. Here's information to help you update your existing RSS and Atom feeds to O'Reilly content. [Sysadmin DevCenter]  Improving Network Reliability with KeepalivedNo matter how good the software, hardware eventually fails. Redundancy is an important way to keep your important services running smoothly. With the right software, you can even sleep through otherwise catastrophic network failures. Philip Hollenback demonstrates how to make your network robust by using Keepalived on multiple Linux routers. [LinuxDevCenter.com] Linux: Swap Pre-Fetching Con Kolivas posted a patch for the 2.6.13 kernel that implements cache prefetching, based on earlier work. Kerneltrap has more details. [Kerneltrap]Creating a software demo with Impress If you've ever tried to explain how a particular feature or application works without actually showing it, you know how difficult that can be. A good software demo can really save the day.... Here is how to create a software demo that includes some essential elements: cursor movements, button clicks, animated menus, and callouts. D.I.Y. Linux Here are step-by-step instructions for installing and customizing your own Linux system. Real-Time Audio Servers on BSD Unix Derivatives Undeadly.org readers discuss Juha Erkkilä's masters thesis on the real-time issues affecting the audio subsystems in the BSD operating systems. [Undeadly.org] phpSymon Unwilling to break apache's chroot for something as trivial as phpSysInfo, I decided to write a PHP script that taps into the stats symon streams to my server. It displays a quick overview of any stats available. [Undeadly.org] Linux: Tainting The Kernel The announcement of a new Forensic File System led into another discussion of kernel tainting and the legality of binary-only kernel modules. Kerneltrap has more details. [Kerneltrap]SATAvs. Parallel IDE on Linux Over the past few years SATA has become a standard interface on hard drives and is starting to show up in many peripheral devices. Today we're taking a look at two similar hard drives to see how well SATA is supported in Linux. GridShell extends the tcsh and bash syntaxes GridShell extends the tcsh and bash syntaxes. Users familiar with both will be able to write scripts that include these grid shell language extensions, and orchestrate and coordinate the execution of programs across the grid. Bugtraq: Call for new mailing lists @ SecurityFocus SecurityFocus issues a call for new mailing lists. [Bugtraq] A Cherry keyboard cometh SecurityFocus issues a call for new mailing lists. [LXer Linux News] A Good Use for an Aging Linux Machine Expensive groupware is simply overkill when all you want is to decide whose turn it is to do the dishes. This month, Peter uses his old Linux box to build a miniscule Web-based household calendar. In these Linux on board column installments, Peter looks at Linux running on various kinds of hardware -- PDAs, embedded devices, or just ancient hardware no one thought was useful anymore. He alternates between looking at specific Linux devices and showing you in detail how to use Linux on decrepit hardware that's past its reputed prime. Vim's newest features Vim, or "vi improved," is an open source text editor for multiple platforms. This article gives an overview of vim's latest improvements over vi. A Surefire Cure For Spam What the world needs now is not SpamAssassin, but SpammerAssassin. [O'Reilly Network Weblogs] Open source identity management A complete identity management solution comprises a number of components. As such, it would be difficult for any single open source project to offer a plug-and-play identity management system. There are, however, several projects that offer components of such a system, particularly in the area of federation and SSO (single sign-on). Customizing FVWM even more In my last article on FVWM, the F Virtual Windows Manager, I wrote about its basic setup, how to create a task bar, and how to create your own menus. In this article I'll be looking at further ways of customizing the windows manager to improve the basic desktop. Linux: 2.6.13 Kernel Released Linus Torvalds announced the release of the 2.6.13 Linux kernel. aKademy 2005 Kicked Off! Following yesterday's rousing KDE e.V. meeting, aKademy 2005 officially kicked off today with dual presentation tracks filled with content designed for users and system administrators. At the same time the hacking rooms were full of busy developers from morning until evening at which point everyone went to a party sponsored by Novell. OpenBSD-based web application firewall Armorlogic is using OpenBSD as the core of its new web application firewall product called Profense. Undeadly.org readers discuss it. [Undeadly.org] The Boot Loader Showdown: LILO or GRUB? What utility do practically all Linux users use -- regardless of their job or expertise? A boot loader. This article reviews GRUB and LILO. |
|
Sponsored by:
|
|
