Sick of Firefox's Memory Leaks? Help Fix it!
David Baron recently wrote a tool that testers can use to help reduce memory leaks in Firefox. With this tool, you can find out what leaks you encounter during your normal browsing patterns and report useful bugs when you encounter leaks.
Novell releasing Xgl to open-source community
Xgl -- X over OpenGL -- is a rendering technology for Linux that takes advantage of current 3D rendering hardware. Apple's Mac OS X operating system already offers such capabilities. The initial special effects Novell is demonstrating for SuSE Linux are somewhat reminiscent of what the Apple operating system can already do in terms of offering transparent windows and windows animation.
IBM serves up free "Linux Client Migration Cookbook"
IBM's Redbooks publication arm has published a freely downloadable 260-page book on migrating to the Linux desktop. Linux Client Migration Cookbook: A Practical Planning and Implementation Guide for Migrating to Desktop Linux aims to provide a technical planning reference for organizations that are considering a migration to Linux-based personal computers.
Call for Testers: Ports and Packages
In order to make the coming OpenBSD 3.9 release the best yet, porters are calling for users to test the latest snapshot packages and the ports tree itself. [Undeadly.org]
Distribute Software on a Linux LiveCD
Linux has always been comfortable running Web servers, firewalls, and other single-function services on dedicated machines, thanks to its flexibility, reliability, and small kernel footprint. LiveCDs are a natural extension of this capability of single-mindedness, letting you install a specialized, bootable Linux distribution -- along with whatever applications you choose -- onto a single CD for distribution.
Network Documentation for PROFIT! PART III
This entry is an ongoing series looking into the world of networking service providers performing / offering network documentation. It focuses on policies.
CLI Magic: ifup, ifdown, ifstatus
I've always assumed that ifup and ifdown were conditional commands that performed their assigned duties only if the interface device in question was up or down, as the command might be. I was dead wrong.
Building a virtual cubicle
I have been building a "virtual cubicle" for my work that takes me from office to office and I have become quite good at setting up a workspace virtually.
How critical is an e-mail service?
How important is e-mail to your enterprise? Why am I asking? One organization has had problems with their e-mail services for three months and has done nothing to alleviate it.
Cape Town to respond to disasters using Asterisk
An emergency management centre in Cape Town will soon be using open source VOIP telephony to deal with and respond to disasters in the region. The implementation of the Asterisk-based call-handling system by local VOIP gurus, Connection Telecom, points towards growing open source use in critical applications.
Updating Ubuntu 5.10 for Current Versions of OpenOffice and FireFox
I kept waiting for the upgrades to two packages I use the most as a writer and they haven't made it into the repositories. I did what Linux guys do. I did it myself.
Software promises open source management
Qlusters, which launched in 2001, kicked off its OpenQRM project last month, bringing its Qlusters Resource Management software into the open source realm. The software, which includes monitoring and policy-based provisioning and resource management for Linux systems, has been available as a commercial product for four years.
Do-It Yourself Computing 2: Packages
In Linux Land, distributions are often divided into categories based on how they manage software. It's more than just keeping track of what is installed, but what version. The obvious issue is security updates. Software is usually offered in packages. Sometimes they are all self-contained; often there are packages which depend on others. These dependencies usually make sense, but not always.
Running VMware Player under Linux
After testing VMware's new Player on Windows a few weeks ago, I wanted to see how it performs on Linux. While the Player is a great tools for Windows users who want to see what its like to run Linux, the inverse of that equation doesn't play out the same way
Perl is a high-level, general-purpose programming language that makes easy things easy and hard things possible. It is optimized for scanning arbitrary text files and system administration. It has built-in extended regular expression matching and replacement, a dataflow mechanism to improve security with setuid scripts and is extendable via modules that can interface to C libraries.
Will OpenSolaris and Linux Soon Be Trading Code?
Opinion: The GPL 3 may yet change into something that Linus Torvalds can bless, and if that happens, Linux and Solaris may trade code after all.
Goobuntu, the Google operating system: fact or fiction?
Rumours of Google's potential foray into the world of desktop operating systems continue unabated. Following claims that Google is building an operating system based on Ubuntu by The Register yesterday, screen shots have started appearing on the Web, purportedly of the mythical operating system.
Network Documentation for PROFIT! PART I
I know I don't have to sell you on "why" to document or express my stand that EVERY network should be documented. So I'll blog about helping build up the network documentation for others whom may not be able to do it themselves... I believe Network Documentation is as valuable a product as any other!
Solaris and Linux: No Code Swapping
Sun refuses to reconsider licensing Solaris under GPL 2.0, and Linux Torvalds says Linux will not migrate to GPL 3.0, closing the door on any chance of co-mingling of code between the two operating systems.
Nmap 4.0 has new, better organized and more comprehensive documentation, including a rewritten man page available in seven languages. Huge improvements have also been made in version detection, which offers many new features and saw its signature database triple in size.
Apache 2.2: new goodies from an old friend
In December, Apache marked its tenth birthday with its first major new release in a little over three and a half years. So, what's changed in 2.2? Well, the good news is a bunch of improvements.
Sun wants Linux on T1
Sun is keener than ever to port Linux to its new multicore T1 chip, even if it's not expected to happen for six to nine months. The company has made T1 servers available to Linux developers and is working with unnamed Linux distributors to develop the port.
Chrooted SSH HowTo
This tutorial describes how to install and configure OpenSSH so that it will allow chrooted sessions for users. With this setup, you can give your users shell access without having to fear that they can see your whole system. Your users will be jailed in a specific directory which they will not be able to break out of.
Linux Virtualization with Xen
Virtualization is an old idea--running multiple distinct operating systems atop a powerful box has a lot of advantages. Xen is a new virtualization platform. Despite its youth, its Linux support is very good. Kris Buytaert explains the basics of virtualization and shows how to configure and install Xen and to create new virtual machines. [Linux]
My sysadmin toolbox
I am the senior system administrator for a national ISP. We run a cluster of blade servers as our primary mail/Web/DNS/RADIUS farm. I have found several tools that I cannot live without in this environment.
Phishing for Open Proxies: Baby Squid Hooked In Under 18 Hours
Email Battles reports that their unpublished Squid server was up for just 17 hours and 35 minutes before an attacker tried to use it as an open proxy. The story examines how the company used a program called ProxyJudge to find the perpetrator.
Usenix LISA '06 Call For Papers
Writing my first paper for a Usenix LISA conference was the best thing I ever did for my career. [O'Reilly Network Weblogs]
Wireless Man in the Middle Attack Part I
Typical hacks against both wired and wireless networks include traffic sniffing. Man-in-the-Middle attacks are really a derivative of packet sniffing. Instead of listening to all packets that pass through a network, man-in-the-middle attacks attempt to pick one or more hosts with which to interfere.
HOWTO: Diagnose a Failing Hard Drive
Many times before a hard drive goes completely bad there are signs foreshadowing its demise. If you observe and recognize these signs, there is a good chance that you can save the data.
Add an extra layer of security with systrace
Niels Provos' Systrace is a utility that monitors and controls what an application can access on a system by creating and enforcing access policies for system calls. For the Linux crowd, it's something like the US National Security Agency's SE Linux, but it's more flexible and, if used properly, it can improve a system's overall security by "sandboxing" untrusted applications and users.
CLI Magic: OpenSSH + Bash
User level: Advanced Other system administrators have fantastic toolboxes for their work. My tools consist of two everyday programs: OpenSSH and the GNU Bourne-Again Shell (bash). No other tool, whether console-based or GUI, has been so consistently useful to me as these two programs.
Death to SNMP Part I
I begin this year with an all out assault on yet another of network management's favorite and most ubiquitous protocols and foundation of virtually all tools on the market both free and ridiculously expensive. Of course it's Simple Network Management Protocol (SNMP).
Interview with Alan Robertson of the Heartbeat project
Heartbeat, a free software project, has crashed the price barrier for Linux high-availablity. Redundancy has never been so affordable, thanks in part to the efforts of Alan Robertson, project lead. I caught up with Alan to find out more about the history of the project, and future plans.
OpenBSD Moves To 3.9-beta
Theo has bumped the version identifier from 3.8-current to 3.9-beta in CVS HEAD. The most notable recent developments have been major bumps due to type changes and an X.org upgrade to 6.9.0. Now is an especially good time to test snapshots. Undeadly.org readers discuss the changes. [Undeadly.org]
Running A MySQL-Based DNS Server: MyDNS
This tutorial describes how to install and configure MyDNS, a DNS server that uses a MySQL database as backend instead of configuration files like, for example, Bind or djbdns.
KDE flaws put Linux, Unix systems at risk
Rolling your own Debian packages (part 1)
This two-part article explains how to make a Debian package of simple piece of software, presumably something you have written yourself. Although building a new package is more complex than rebuilding one or having one generated, it is actually surprisingly simple to create basic Debian packages.
An Introduction to DHCP
Confused about what DHCP offers and how you can take advantage of it on your Linux system? Here are some tips and pointers.
Company frees commercial software for 1 million thin clients
2X Software Ltd. announced Wednesday that it will give away software for a total of 1 million thin clients in a bid to demonstrate the advantages of its commercial thin-client computing software. The company is offering the first 200,000 visitors to its website a free five-thin-client license for 2X ThinClientServer.
Several people wrote in about Jason Miller's article "How not to respond to a security advisory" in a SecurityFocus opinion column. The short version is that a recent advisory shows that root can temporarily replace system immutable files by mounting over them. That's not a shockingly new discovery (some people would even expect that to be the case), but Jason took offense in Theo's vendor reply, which reportedly was "Sorry, we are going to change nothing. Securelevels are useless." [Undeadly.org]
Four Ways to Boost Socket Performance on Linux
The Sockets API lets you develop client and server applications that can communicate across a local network or across the world via the Internet. Like any API, you can use the Sockets API in ways that promote high performance -- or inhibit it.
Traveling admin Part Deux
Travel can be fun or it can be tedious. In any case, travel has its unique challenges. It is up to you what your travel will realistically be like. What I have learned though is that traveling really stretches your muscles of critical thinking, organization, knowledge (both geek and non-geek), as well as, curiosity.
Open source waits for a Xen moment in 2006
In the past month, there's been much ado about Xen in the online community, both from developers, columnists and the SearchOpenSource.com audience at large. Why is Xen so important, and why could it be an open source force in 2006 and beyond?
Interview with Martin F. Krafft, Author of The Debian System
I was a long-time Windows NT beta tester (up until 3.51), and a Netware junkie. When I found that Microsoft had ignored every single one of my elaborate suggestions and wishlist reports in 4.0, and that NT 4.0 was a clear deviation from the path of a server operating system towards colours and animation and junk I didn't need let alone want on my production machines, I took the chance to say goodbye to the world of double-clicks and blue screens and downloaded Slackware. That was in 1995, or thereabouts.
Xen Virtualization and Linux Clustering, Part 2
In this article, we complete our cluster and then test it using an open-source parallel ray tracer. The first thing we need to do is create additional slave nodes to be used with the cluster.
Companies push Linux partitioning effort
Effort is under way to get virtualization into the Linux kernel, so it can catch up with rival OSes in server efficiency.
Installing Drupal on Linux: an Epic Adventure
Installing the Drupal content management system is too much of a battle, but works well once the fight is over.
Bringing The Power of ClamAV To The KDE Desktop
Many people in the open source community question the need for antivirus software on a Linux or BSD system - especially a non-corporate, home system. But let me ask you, "Do you send and receive emails?" "Do you download files from untrusted sources?" "Does your web browser and/or news reader download info from the web and cache it on your system?" If the answer to any of these is, "Yes," you may want to reconsider your position on antivirus software and open source systems.
CLI Magic: Learn to talk awk
User level: Advanced When it comes to slicing and dicing text, few tools are as powerful, or as underused, as awk.
HOWTO: Booting from USB
Booting a computer from your USB flash drive may seem like a daunting task, but it is actually quite easy. This article goes over booting your Windows or Linux system from USB as well as booting directly into Linux and a few other details of the process.
Running Commercial Linux Software on FreeBSD
One of the more intriguing capabilities of the BSD operating systems is their ability to run binaries for other Unix-like operating systems. I recently found myself requiring the commercial PGP Command Line for a project. Rather than install a Linux box just for this one piece of software, I jumped through some hoops and made it work perfectly on one of my existing FreeBSD systems.
Previewing KDE 4
The next major release of KDE will come out in the fall, and the developers are already planning new features and benefits. John Littler recently interviewed Aaron J. Seigo about the team's plans--and controversy surrounding upcoming ports to nonfree platforms. [Linux]
Novell releases SP3 for SuSE Enterprise Linux
Commercial Linux distributor Novell has put out its Service Pack 3 for its SUSE Linux Enterprise Server 9 implementation of the Linux 2.6 operating system. The update includes all of the security fixes and patches for SLES 9 since SP2 shipped in August 2004.
Pftop 0.5 released
Can E. Acar has released a new version of pftop. It's already in the ports tree. Undeadly.org has more details. [Undeadly.org]
From Analog to VoIP: Asterisk Brings Telephony Together Under One Open-Source Platform
Six years ago, Mark Spencer started his own Linux technical support business. Unlike other tech startups at the time, he spent his money frugally. Spencer had to; he didn't even have enough to pay for an office PBX system, which can cost up to several thousands of dollars. So he made one.
Windows vs. Linux: Think Patch Quality, Not Quantity
Mark Cox, security response team leader at Linux vendor Red Hat, agrees ["the differentiator for customers is not the number comparison, but which vendor makes the patching and updating experience the least complex, most efficient and easiest to manage"], saying that one of the top reasons machines are ensnared by security exploits is that they don't obtain the latest security updates.
An introduction to runlevels and init scripts
What's the first thing that you do once you've logged onto Linux? Is it to manually start up a processes such as Apache or MySQL, or even start your network connection? Or do you have to stop applications that have started up without your telling them to, and which are overloading your machine? If you have unwanted processes starting at boot time, or find yourself starting necessary services manually, let's make your life a little bit easier by introducing you the world of Linux services.
Microsoft vs. Computer Security
Four years ago, Bill Gates dispatched a companywide e-mail promising that security and privacy would be Microsoft's top priorities. Microsoft customers haven't stopped worrying.
Wireless Developers Summit
Recently Lx'er (and Kerneltrap) ran a story on the state of Wireless in Linux by Jeff Garzik which was pretty frank and just a tad depressing. Stephen Hemminger is trying to do something at OSDL.
How To: Asterisk Answering Machine
After years of frustration and living with sub-par answering machines, I've finally decided to create my own. Sure, it sounds like a daunting task, but thanks to Mark Spencer of Digium, Inc. we now have a fantastic piece of software to work with called Asterisk. Asterisk is a complete PBX system and well known in the VoIP world. While it is admittedly overkill for the task of a simple answering machine, it met my goals perfectly and offers nearly unlimited expansion as my needs grow.
Switching to Windows: Not as easy as you think
There was a loud bang, a nasty smell (think burnt cabbage) and a lot of smoke billowed out from the hole where the CD-ROM used to be. Then Nothing. At this point, the idea occurred to me that maybe my computer was broken. "Why not use this opportunity to try this 'Windows XP' I keep hearing so much about."
HowTo: Ubuntu File- And Print Server For Windows Workgroups (Samba Domain Controller)
This is a detailed tutorial about the steps to set up a Ubuntu based server (Ubuntu 5.10 - Breezy Badger) to act as file- and print server for Windows workstations in small workgroups.
3.8 errata, authpf and perl
Undeadly.org announces and discusses two security updates for OpenBSD 3.8. [Undeadly.org]
Partition images with Partimage and Partimaged
This is a guide to create or restore images of your partitions using the great open source tool Partimage. It provides information on how to do this locally or across the network, by setting up a Partimaged Server.
Know your BIOS - Basic Input Output System
Knowing how a BIOS works and how to configure the BIOS in your PC will hold you in good stead when installing Linux or any other OSes and doing many other things.
State of the Union: Wireless
Another banner year has passed, with Linux once again proving its superiority in the area of crappy wireless (WiFi) support. Linux oldsters love the current state of wireless, because it hearkens back to the heady days of Yuri Gagarin, Sputnik and Linux kernel 0.99, when getting hardware to work under Linux required either engineering knowledge or luck (or both).
Bugtraq: MS released a patch today - MS06-001
MS released a patch today - MS06-001 [Bugtraq]
The Windows WMF exploit could be the last wake up call Microsoft and others get
An ill wind is blowing near Microsoft right now. It's come and passed before, but this time seems different.... I'm not alone in having my doubts about the "upcoming patch" that Microsoft has promised on the tenth of January. It's simply not going to be all it needs to be (even if it does appear on time).
Password-less Encrypted Connections with OpenSSH
Believe it or not a lot of users out there do not know how to set up password-less encrypted connections with OpenSSH.
Interview with the team leader of the Ubuntu Server Project
Why an Ubuntu server version? Fabio Massimo Di Nitto: There's much confusion about it, and many rumors that don't have much to do with the reality of Ubuntu "Server". The first thing of note is that all Ubuntu-offered software comes from one repository. There are no desktop and server-specific repositories. For example, the desktop and server version share the installer. A point worthy of note is that all packages present on the Ubuntu server CD were already supported by us in previous Ubuntu versions (or almost all, if I remember correctly).
Using sed for UNIX Portability II
In the first part of this series, the problem of determining what the path to rc scripts on a per platform basis was shown within the prototype version of a service utility. Part two of the series discusses some ways to auto-magically take care of that problem and the particular method used.
Linux v2.6.15 - Happy 15th!
Hey, it's fifteen years today since I bought the machine that got Linux started. January 2nd is a good date. - Linus
Gnu liberates VoIP with new open source telephony stack
GNU developers have released a telephony stack, an open source alternative to competing proprietary VoIP solutions. The GNU telephony stack provides a sacalable environment for building and deploying enterprise level VoIP solutions compatible with current standards and hardware. With an emphasis on modularity and extensible functionality, the GNU telephony stack can be integrated with other systems and services like web servers and databases.
My sysadmin toolbox
After reading an article on system administration utilities, I started thinking about the utilities I find most valuable in my day-to-day work. The article mentioned a few, such as Vim and GNU Screen. When thinking over my list, I was found the number of recent additions surprising.
Installing Xen 3.0 upon Debian Unstable, with a custom Kernel
Recently we demonstrated the process of installing a binary release of Xen 3.0 on Sarge. Because the packages on Debian Unstable are not yet available for Xen 3.0 we're now going to look at installing it via the packages provided by Ralph Passgang. This also includes building a custom Xen kernel from source.
Bootcamp 404: PC rescue part 3
In the first two parts of this series we looked at how to create a PC rescue disc using Knoppix, a version of the Linux operating system (OS). It boots from a CD and allows you to revive a dead PC, so you can continue working, retrieve files, open documents and so on. We now turn our attention to creating a more specialised rescue disc that can help to recover files and more, including diagnose and repair faults to the Windows operating system.
Installing Xen 3.0 upon Debian Unstable, with a custom Kernel
Recently we demonstrated the process of installing a binary release of Xen 3.0 on Sarge. Because the packages on Debian Unstable are not yet available for Xen 3.0 we're now going to look at installing it via the packages provided by Ralph Passgang. This also includes building a custom Xen kernel from source.
Released: DD-WRT v23 Final for Linksys WRT54G (and others)
DD-WRT is a 100% free firmware for the Linksys WRT54G/GS and the Asus WL-500 deluxe 802.11g wireless routers (which run off a minimalist Linux OS). The newer version(s) of DD-WRT- v23 (currently in beta development)- are a complete new project. DD-WRT offers many advanced features not found in the original Linksys firmware, or even firmware purchased from Sveasoft. It is also free of the product activation or tracking found in the Sveasoft firmware.
Bandwidth monitoring with iptables
Linux has a number of useful bandwidth monitoring and management programs. However, if all you need is a basic overview of your total bandwidth usage, iptables is all you really need -- and it's already installed if you're using a Linux distribution based on the 2.4.x or 2.6.x kernels.
Methods for running Linux on a Windows PC
There can be many methods getting Linux to run on a Windows box. I always encourage peoiple to make the total switch to Linux but there can be good reasons to keep your Windows box intact. An employer may give you a laptop loaded with Windows to use for work. You may really enjoy PC gaming and all of the latest good games still require Windows. Maybe you need to perform data recovery for someone on their Windows PC that will not boot.
Demystifying Security Enhanced Linux
This paper explains the philosophy behind the Security Enhanced Linux (SE Linux). (PDF)
New Feature Alert: trunk(4)
First released in OpenBSD 3.8, trunk(4) aggregates multiple network interfaces as one virtual trunk interface. In English, this means you take two network cards, plug them both into the same (or a different switch) and you continue functioning even if you unplug one. As released in 3.8, the trunk(4) interface implemented a simple roundrobin protocol. [Undeadly.org]
Linux Advisory Watch - December 23, 2005
Happy Holidays! This week, advisories were released for dropbear, nbd, phpbb2, OpenLDAP, Xpdf, cURL, CenterICQ, Digikam, Apache 2, sudo, kernel, netpbm, udev, gpdf, kdegraphics, Cups, and Perl. The distributors include Debian, Gentoo, Mandriva, and Red Hat.
Foremost for Data Recovery
Even with the best recovery systems in place accidents can still happen. When you've terminally trashed the file system of your drive after a 4AM coding marathon more drastic measures than a backup restore are called for. Enter Foremost.
Looking back at computer security in 2005
This article presents a view on some of the biggest events of 2005 with comments by Bruce Schneier, Howard Schmidt, Dr. Gerhard Eschelbeck, Mikko H. Hyppönen, Ira Winkler and Fyodor.
Linux: Overview of the Perfmon2 Interface
Stephane Eranian posted an overview of the perfmon2 interface, highlighting key features. He begins, "the goal of the perfmon2 interface is to provide access to the hardware performance counters present in all modern processors."
VMware Community Virtual Machines
Undeadly.org reports that the VMware Technology Network has a link to an OpenBSD 3.8 image. You can use the image with VMware products including the free VMware player. [Undeadly.org]
Fish: the friendly interactive shell
This is an in-depth look at fish, the friendly interactive shell. Fish is a GPLed commandline shell, written for Linux and other Posix-like systems. Fish is based on the same ideas as other Unix shells like bash and zsh, but contains many user interface improvements and makes shellscript into a proper programming language.
Do-It Yourself Computing: Installation and Display
If your business can afford high-end computing, then go for it. On purely economic grounds, that could be the best option for some. However, for many of us there is more to life than that. Ours is a labor of love, and computers are simply one of the most important tools in that labor. Because of that, we tend to have smaller budgets, which means older machines and free software.
Tom's Time Tips
Tom Limoncelli has been speaking about time management at geek conferences for a number of years. Now he's written a book that is almost as entertaining as his talks. [O'Reilly Network Weblogs]
The problem: the filesystem on my Unix workstation was a mess. I couldn't find anything without grepping all over creation. About half the time, I'd actually find something useful. Usually I'd get no hits at all, or I'd match something like a compiled binary and end up hosing my display beyond belief.
Deciding whether your company needs FOSS insurance
Should companies that use free and open source software (FOSS) insure themselves possible patent or copyright violations? That question has no easy answer, say James Gatto, a partner at Pillsbury Winthrop Shaw Pittman specializing in intellectual property and FOSS issues, and Karen Hiser, director of compliance services at Open Source Risk Management.
There's Hope for a Unified Linux Desktop Yet
Seems like everyone got tired of clawing at reach other and instead decided to get down to work last week. Moreover, not only was the acrimony factor way down, but also the helpful factor was way up. What a change!
Security-Enhanced Linux Moving into Mainstream
Security Enhanced Linux has moved into the mainstream of operating system architecture in recent years. For those who don't understand the technology, many articles exist.
The Apache Geronimo push for clustering
Clustering allows an application server to support multiple nodes with failover, session data sharing, and load balancing across many network nodes. This article provides details on the clustering technologies the team is considering implementing.
Another Business Case for Integrating OpenBSD into IT Infrastructures
At the recent PacSec conference in Tokyo, I demonstrated how to secure wireless networks with OpenBSD. This solution uses IPsec to protect the traffic between the wireless clients and the Access Points. Users authenticate using OpenSSH (authpf) before they can access network resources. All of this is automated making it user friendly and very secure. [Undeadly.org]
Securely setting up a Linux PC
No matter which Linux distribution you choose, there are at least 10 things you do to properly prepare the operating system for connection to the Internet.
Suspend is now working on my Ubuntu Laptop
I recently wrote an article about my new laptop. In that article, I mentioned that suspend to RAM just doesn't seem to work. I had seen this website before about Ubuntu on an Inspiron 9300 and tried the suggestions for getting suspend to work...to no avail. Recently, though, I tried it again and it worked. I don't know what has changed, but suspend works for me now. I did revert back to the xorg ATI drivers rather than the ATI proprietary fglrx drivers, but I tried that before, so I guess the xorg ATI drivers were maybe updated.
Fun With Makefiles
Make is a phenomenally useful utility that is included with most UNIX-like systems. There are a number of different flavours of make, with the most common being GNU Make, included with most Linux distributions and Mac OS X.
Linux: Dropping Support for GCC 2.95
Four months ago a debate on the lkml suggested that support for GCC 2.95 would be around for a long time, but a more recent thread suggests otherwise. 2.6 maintainer Andrew Morton put together a small patch to remove support for 2.95, and discussion continued to explore which versions of GCC 3.x to support. [Kerneltrap]
Creating secure wireless access points with OpenBSD and OpenVPN
You know how insecure 802.11x wireless networks are. In this article we'll create an OpenBSD-based secure wireless access point that prevents unauthorized access and encrypts every packet using a VPN tunnel. OpenBSD is one of the most secure operating systems available, is easy to use, and includes almost everything you need for this project in the base installation.
My sysadmin toolbox
I'm that odd guy who puts Linux on virtually everything, and will take something apart just because I can. My Linksys WRT54G runs Talisman from Sveasoft, my iPaq runs Familiar, and even my TiVos (DirecTiVo and Series 2) have been hacked up a bit. So what does a guy like me use for software tools?
Updates on Testing Dell and a Linksys WRT 54G Howto
I recently reported on a test of a Dell computer and I wrote a Howto for the Linksys WRT54G to terminate an IPSec VPN tunnel to our companies’ firewall. I've updates to both accounts.
Tutorial: Preventing Buffer Overflow Exploits Using the Linux Distributed Security Module, Part 1
Internet servers (such as Web, email, and ftp servers) have been the target for different kinds of attacks aiming to disable them from providing services to their respective users. One particular exploit, which has become almost ubiquitous in the last several years, is the buffer overflow exploit. This article describes the buffer overflow exploit and provides detailed examples to help understand it.
CLI Magic: Daily aliases
If you spend any time working at the shell, you probably use many GNU utilities. One thing that distinguishes the GNU versions from the classic Unix versions is that the GNU programs are rife with additional options. Some of these options are so useful you may want to create an alias so you can use them all the time without needing to do all the extra typing.
Firefox 1.5 hole a minor problem claims Mozilla
Mozilla claimed that first Firefox 1.5 security vulnerability was not as critical as initially perceived, but a patch will be available to fix it early next year.
Linux Advisory Watch - December 9, 2005
This week advisories were released for gdk-pixbuf, horde2, helix-player, Inkscape, horde2, Perl, Webmin, eagle-usb, spamassassin, mailman, xpdf, libc-client, and imap. The distributors include Debian, Gentoo, Mandriva, and Red Hat.
Review: Tale of a Black Dog
What is a Black Dog? It's a complete USB-powered Linux server which fits easily in the palm of your hand. Powered by a 400-MHz PowerPC processor, 64 MB of RAM, and either 256 MB or 512 MB of flash, this pint-sized pet packs quite a bite (or is that "byte"?). Russell Pavlicek finds out in this product review.
Using sed for UNIX Portability Part I
There is a program called service which can be used on multiple UNIX systems to control Operating System services. One of the problems faced in the design of the service utility was the path to where system startup scripts (or rc scripts) resided. This series examines how using sed can easily mitigate multi-platform scripting problems. The first part will look at how the utility program works.
Debian Alliance Eyes The Enterprise
The effort to put a Debian GNU/Linux based distribution into the enterprise consciousness may have picked up some steam this week. The DCC Alliance of Debian based GNU/Linux distributions released their DCC 3.0 core as part of an effort to further adoption and standardization and potentially offer an alternative to Red Hat and Novell/SUSE.
User-Mode Linux: A Book Excerpt
Here's an excerpt on UML from Steve Best's new book,
The Chicken, the Egg and the Linux Desktop
Here are some reasons why the Linux desktop has been so slow in coming: good, bad and interesting.
Linux desktop architects team up on Portland Project
Architects from two dozen desktop-oriented Linux projects converged in Portland, Ore. last weekend to collaborate on creating the best possible Linux desktop. To that end, the group launched the Portland Project, which aims to provide a common set of standards that allow applications to easily integrate with the Linux desktop.
Custom scripting gives users a safe-du
As a system administrator, there are two ways you can interact with users: force them to follow the rules or encourage them with tools and guidelines. I prefer the second approach, as I think people generally want to do the right thing. Also, if people don't follow the rules at your company, that is a management problem, not a computer problem. Therefore, I prefer to concentrate my attention on helpful tools and scripts, which is exactly what I did recently to solve a typical system administrator problem.
Got An Open-Source Problem? Red Hat Wants To Be Your Help Desk
SpikeSource is about to get some new competition. This week, Linux vendor Red Hat Inc. said it will enter the market for certifying that groups of open-source apps work well in conjunction. During the first quarter of next year, Red Hat will begin selling technical support for three stacks of open-source software components that companies frequently use together--and which Red Hat has tested for compatibility.
First look: BeleniX live CD
BeleniX is a free live CD based on the OpenSolaris kernel. With it you can have Solaris, which once ran exclusively on SPARC servers, powering your modest desktop computer. But with few applications and lacking an installation script, the Live CD does little more than slake a nerd's thirst for a taste of Solaris.
Moving elderly dad, mom from Windows to Linux
XYZComputing.com has published a human-interest story about helping Mom and Dad learn to use a Linux-based desktop computer. The author explains how he moved his elderly parents from a problematic Windows XP desktop system to Mandriva PowerPack 10, leaving spyware, viruses, slow performance, and myriad other problems behind.
Now seems a good time to call a Xen 3.0.0 release! We've been seeing good stability on the XenRT regression tests for the last couple of weeks, and the number of bug reports submitted to bugzilla have dropped right down. It's time to get a bigger group of people to start beating up on it...
Super Glue: Using Perl to Develop a Cheap Network Framework
To build something flexible and extendable, you're going to need to use a well-known integrated path to relay messages to the central server. Syslog-ng will handle that. You'll use a simple program in Perl as a destination for some Snort messages relayed over syslog-ng. The Perl program will use a PostgreSQL database to store the messages in a very custom fashion.
My sysadmin toolbox: second helping
When I wrote last month's my sysadmin toolbox column, I knew that Linux.com readers would probably have a few suggestions. I was surprised, however, by the sheer number of reader responses with suggestions for other tools. With all those good suggestions, it seemed like a good idea to compile a list of the most popular reader-suggested tools and utilities to cover some of the programs that didn't make the first column.
Are You Replacing Windows with GNU/Linux?
LXer editor Don Parris takes a straw poll that he believes points to the fact that Windows is becoming more and more irrelevant. Read and weigh in!
TCP Tuning and Network Troubleshooting
Bob had written a Java program to copy 100MB data files from his Windows XP computer at his office in Sunnyvale, California, to a Linux server at his company's East Coast office in Reston, Virginia. He knew both offices had 100Mbps Ethernet networks that connected over a 155Mbps Virtual Private Network (VPN). When he measured the speed of the transfers, he found out that his files were transferring at less than 4Mbps, and wondered if I had any idea why.
Open Source Anti spyware and trojan protection Winpooch
Winpooch acts as a powerful anti spyware and anti trojans, and if you have ClamWin installed Winpooch is a Windows watchdog, free and open source.
CLI Magic: More on SSH
We've covered SSH before in CLI Magic, but this week let's look at some additional SSH features that new users might not be aware of. For the purpose of this article, we'll be looking specifically at OpenSSH, but many of these features apply to other SSH variants as well.
Apache HTTP Server 2.2.0
The Apache Software Foundation and The Apache HTTP Server Project are pleased to announce the release of version 2.2.0 of the Apache HTTP Server ("Apache").
Creating appealing video software demos in Linux
A software product description is nothing without screenshots. They are the most-clicked links on almost every free software page -- much more than "Download." Screenshots carry information about the software's appearance, maturity, user interface, user friendliness, and feature set in a much more immediate way than paragraphs of text description. You can't show some software characteristics with still images, however.
More exploits out for Windows flaws
The exploit posted on Thursday is another that could allow a remote attacker to gain complete control over a vulnerable computer. The code takes advantage of a flaw in a Windows component for transaction processing, called the Microsoft Distributed Transaction Coordinator. Microsoft addressed the flaw in security bulletin MS05-051 in October.
LXer Feature: Early results of the (Dutch) Windows refund survey
Sometimes as a Linux user, you wish you could buy any computer with Linux preinstalled, or if that's not possible, just without an operating system, but that's not the reality. If that isn't possible, is it possible to buy any computer with Windows pre-installed, and then, return the unused Windows, and ask a refund for it? That's a question many non-Windows users ask themselves. The answer however, isn't clear to consumers. There's only one way to find out: ask your hardware manufacturer.
IBM wants Solaris to Linux converts
The kind engineers at IBM have delivered a new tool for moving customers off Sun Microsystems' Solaris operating system and onto Linux. Those interested in the kit will likely use it to shift Solaris C/C++ software over to Linux running on IBM's Power, x86 and mainframe systems.
Autopackage: Toward a universal package manager for the desktop
If Mike Hearn, Hongli Lai, and the rest of the Autopackage team realize their goals, the future of package management in GNU/Linux will be greatly different from the present. Existing package management systems will remain for libraries and system utilities, but a separate tool will manage desktop applications. Packages will be installable for either the entire system or just the current account.
Moving a Newbie to Linux
This article goes over one person's experience when moving computer beginners from Windows to Linux. This is not always a smooth transition, but this case salvaged a barely-working computer for an easy switch from one operating system to the next.
SANS Top20 Vulnerabilities List is out
Just like last year, I would like to remind those who are not following the security news closely to take a look at the list of "The Twenty Most Critical Internet Security Vulnerabilities", released by SANS. Unlike last year, the list shows an interesting trend: a major shift away from platform vulnerabilities towards cross-platform applications. [O'Reilly Network Weblogs]
Time Management for System Administrators is shipping. Use this Google Maps-based application to mark where you live. [O'Reilly Network Weblogs]
DIY Telephony With Asterisk, Part 2
\Asterisk@Home is a nice bundle that includes a Web-based graphical configuration interface, a Flash-based Operator Panel that lets you monitor all activity on the network, and even barge in on calls. Plus hold music, fax support and a bunch of other goodies. It's not just a toy for home users; it's also great for business use.
Linux Kernel Multiple Denial of Service Vulnerabilities
Some vulnerabilities have been reported in the Linux Kernel, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service)].
Qmail Toaster makes mail server setup easy
A mail server is an essential part of any organization's IT infrastructure, but installing and maintaining a mail server is not always easy, and it's often difficult for small organizations to pay an expert to set up a mail server. Fortunately, Qmail Toaster can simplify the task enormously.
A quick AWstats guide
AWstats is a free, popular log analyzer, released under the GPL. It can generate advanced graphical statistics from web, streaming, ftp or mail server log files. This document is not intended to be a review, but rather a quick installation and configuration guide for a specific web site, in order to have as accurate statistical data as possible for use in your traffic analysis reports.
OS Virtualization: An Introduction
One of the hottest topics in all of IT today is the subject of virtualization. While it has been around for some time, it has just recently started to garner the attention of the biggest names in tech. Everyone from Intel and AMD, to Microsoft, Sun, and virtually every commercial Linux vendor has either current or planned support for virtualization. So what is it, and why is everyone so head over heels about it?
A Linux User's perspective in installing FreeBSD 6.0
I have been a Linux user way back from the first time I was introduced to an alternate OS than windows. Even though I was aware of other Unices like FreeBSD and Solaris, I hadn't come around to installing them on my machine. Two days back, things changed when I downloaded the latest FreeBSD version 6.0 from their official website.
Using a Mac to make Windows cope with something Linux touched
Sometimes the easiest path from Linux to Windows is via the Macintosh. [O'Reilly Network Weblogs]
Mono 1.1.10 Solves Deployment Problem
The open-source implementation of .Net has been updated to enable a single instance to run multiple Mono applications using the Apache Web server.
Nine principles of security architecture
Security architecture is a new concept to many computer users. Users are aware of security threats such as viruses, worms, spyware, and other malware. They have heard of, and most use, anti-virus programs and firewalls. Many use intrusion detection. Architectural security, though, remains a mystery to most computer users.
Super Glue: Using Perl to Develop a Cheap Network Framework
Network Security is hot these days. There are plenty of offerings, both commercial and free. Usually, a good network security model employs more than a single security product. However, not many commercial or free security utilities play nice with each other. Luckily, you can use Perl to glue them together to get more meaningful data from your network.
Secure remote file management with sshfs
What if you need to work with files on a remote server, but find scp tedious in repetition and FreeS/WAN too cumbersome? You might find just what you're looking for in sshfs -- a tool for mounting a remote filesystem transparently and securely as if it were just another directory on your local machine.
Mac OS/Linux/Windows Single Sign-On
This is an important piece of information that has baffled many enterprises. Highly recommended reading for anyone attempting to move Linux on the desktop into a Microsoft 2000 infrastructure.
Wireless HotSpot HowTo
Yunus Bookwala has published a tutorial dealing with setting up a WLAN HotSpot on a Linksys WRT54GS router using OpenWrt, ChilliSpot, and FreeRadius.
Installing and Configuring Ubuntu on a Laptop
Jeremy Jones recently bought a new laptop and decided to run Linux. Don't shudder--it actually works! Here's how he installed, reinstalled, and configured Ubuntu GNU/Linux on a Dell Inspiron. [Linux]
Linux Advisory Watch - November 18, 2005
This week, advisories were released for awstats, kdelibs, acidlab, AbiWord, uim, ftpd-ssl, phpsysinfo, phpgroupware, lynx, rar, sylpheed, gtk, egroupware, cpio, lm_sensors, and gdk-pixpuf. The distributors include Debian, Gentoo, Mandriva, and Red Hat.
More Open Source Support For Sun's Solaris
Sun is improving its Solaris OS with new support for the open source PostgreSQL database, Xen virtualization, GRUB boot loader and the Solaris ZettaByte File System (ZFS).
Sun releases OpenSolaris file system
Sun Microsystems has released the source code for its OpenSolaris file system, a major component of its server operating system. As part of a "build," or update, to OpenSolaris, the company on Wednesday released the source code for ZFS, a system for managing data and files.
Ubuntu On The Business Desktop
One day, while the boss was away, I shoved a spare hard-drive into my computer and installed Ubuntu 5.04. I managed to work for a month and a half before the Boss noticed I was using Linux - and that was only because he happened to glance at my screen. Half a year later, I am still using Ubuntu (now version 5.10) at work and I am more productive than ever.
Blocking Skype with OpenBSD and squid
Sam Varghese writes in The Age, "A systems administrator in the United Arab Emirates has come up with a simple method to prevent a popular internet telephony program from being used." Undeadly.org has details. [Undeadly.org]
A Day in the Life of #Apache
A huge number of the questions on #apache have to do with mod_rewrite. And, fairly frequently, I find myself thinking that the problem being discussed would be so much easier to solve if we could just write a Perl script to deal with it. Of course, you can, using the RewriteMap, but it's moderately hard to come by good examples of using this, either in the documentation, or elsewhere online.
Using Software RAID-1 with FreeBSD
Have you ever needed a software RAID solution for a low-end server install? Perhaps you've wanted your workstation to take advantage of the redundancy provided by a disk mirror without investing in a hardware RAID controller. Has a prior painful configuration experience turned you off software RAID altogether on Unix systems? Since 5.3-Release, FreeBSD comes with gmirror(8), which allows you to easily configure a software RAID 1 solution.
How to become an information security professional
Many years ago, while directing IT operations for a small company on the West Coast, I became aware that our network security was particularly weak. The company was growing at a rapid pace, IT was understaffed, the network was at capacity in a number of ways, and the demands were brutal both in terms of time and technology needs. I wanted to fix that. So began my quest to become an information security professional.
OpenBSD goes to Venice
What happens when you put a dozen developers on a little island with their laptops, power, and an Internet connection? Thanks to Ed for his report from OpenCON 2005 in Venice. [Undeadly.org]
Condor: Building a Linux cluster on a budget
So you need a lot of computing power but don't want to spend tens of thousands of dollars on a commercial cluster? Or maybe you just have a lot of machines sitting idle that you would like to put to good use? You can build a powerful and scalable Linux cluster using only free software and off-the-shelf components. Here's how.
OpenBSD goes 10Gbps
brad@ just committed support for Intel's 10Gbps network interfaces. The OpenBSD Journal has more notes and discussion. [Undeadly.org]
Apt metadata for RHL 7.3 and 9
Due to an error I introduced into a publish script, the apt metadata information for RHL 7.3 and RHL 9 had not been updated since Sept 15 of this year. I have fixed this error and uploaded the latest information, which was generated on Nov 13. I apologize for any problems this may cause.
Getting Oracle and CVS to play together
Using CVS to capture and Synchronise Oracle changes .. Is there a better way? [O'Reilly Network Weblogs]
Enhancing kernel security with grsecurity
Is your server as secure as it could be? Sure, you use a firewall, mandate strong passwords, and patch regularly. You even take a proactive approach by performing security audits with tools such as nmap and Nessus. Yet you may still be vulnerable to zero-day exploits and privilege escalation attacks. If these possibilities keep you awake at night, you're not alone. The sleepless folks with the grsecurity project have developed an easy-to-use set of security enhancements to help put your fears to rest.
Make your files immutable in Linux which even root can't delete
Root is all powerful in Linux, but here is a cool article that tells you how to forbid even the root user from deleting or modifying certain files.
Everyday Linux gripes
As you already know, if I have to sit down in front of a computer, I want it to be running the Gnome desktop on Linux. I've watched it mature from a downright ugly, needlessly complex playground for geeks, to an attractive, simple interface that holds its own against commercial alternatives. And yet, every day I still encounter rough edges that make me think there aren't nearly enough folks out there hacking away at this stuff. I'd like to watch.
Realnetworks issues patches to fix critical flaws
RealNetworks patched up a critical flaw on Thursday. The patch covers three flaws that would have allowed malicious hackers to take control of a user's computer through the Real player. The problem was reported to the company more than four months ago.
HowTo Setup Basic SMTP AUTH in Exim4
This brief guide explains the steps you can take to get basic SMTP AUTH working with Debian Sarge's exim4 package.
CLI Magic: netcat
The response to my recent sysadmin toolbox article has been overwhelming. By far, readers' number one suggestion was to replace Telnet with netcat. Here then is an introduction to netcat for Linux users who may not be familiar with the TCP/IP Swiss Army knife.
Torvalds gets tough on kernel coders
Linus Torvalds, the creator of Linux and the maintainer of the development kernel, is cracking down on developers that add last-minute changes to the kernel.
Lightweight Web Serving with thttpd
The Apache HTTP Server is the most popular web server due to its functionality, stability, and maturity. However, this does not make it suitable for all uses: slow machines and embedded systems may have serious problems running it because of its size. Here is where lightweight HTTP servers come into play....
Setting up a PXE-Boot Server
This documents how to setup a PXE boot server for Linux. This assumes that you're using Red Hat/FC as the PXE boot server.
Forgotten Password - Good Guy Box Cracking
I found out is that the following is the easiest and most foolproof (not to mention fastest) way to do this.
Hotrod Your Linksys WAP with Linux (Part 3)
Now that we have ripped out the stock guts out of our Linksys WRT54G and replaced them with a miniature, but mighty, Linux operating system, it's time to configure it to do some actual work...sharing a broadband connection, and configuring a local DNS/DHCP server the easy way.
Project management with Trac
If you've ever been a part of a large development project, you've no doubt become accustomed to having access to source control and bug tracking tools and design document repositories. But what if you're part of smaller project where you're responsible for setting up your own infrastructure? Trac, an open source project sponsored by Edgewall Software Services, provides a complete project infrastructure that's easy to install and maintain.
OpenSolaris has a leg up on Linux
The incompatibilities between distributions that have plagued Linux for so long aren't an issue with OpenSolaris-based distributions. The reason is simple: a Linux distribution is a kernel combined with other tools, but OpenSolaris is an operating system in its own right; it doesn't need additional tools to make it work.
Linux: Secure as You Want It to Be
My colleague Larry Seltzer thinks that we may be on the verge of an age of Linux worms that might rival the endless trouble that Windows users find themselves in.
ClamAV - The free Anti Virus solution for Windows on Linux
There is a common perception that there are no viruses on the Linux platform - which to a large extent is true. But what happens when you get a mail attachment which you would like to forward to your windows machine so you can open it with your favorite proprietary software? And what if this attachment is infected by a virus? This is where the anti virus solutions for linux comes into the picture.
Why Soft Skills?
Technical skills have little value if you have poor soft skills. Don't get me wrong, your tech expertise matters. But don't be fooled by your tech skills. King of Linux, champion of Oracle? You've got it made, right? Give me a break! Tech skills alone are no guarantee of success.
Sun Says They'll Convert Word Files to ODF
Panela Jones writes: "Since Microsoft would rather fight than switch to supporting ODF, Sun is stepping up to the plate...."
Help bring ACPI support to OpenBSD
jordan@ is working on ACPI support and has written an ASL parser and an AML interpreter. In order to test it he needs dumps from as many systems as possible. The tool to do the dumps works completely from userland so there's no intrusive kernel patching required. If you've been whining about the lack of ACPI support then here's your chance to step up and take action. [Undeadly.org]
Media Giddy over Linux Worm.
You might think that the sky is falling the way the media has gone on a feeding frenzy related to a Linux worm. Sorry to disappoint you, but the worm will hardly affect the user base. It's not like the Code Red worm which self-replicated malicious code that exploits a known vulnerability in Microsoft IIS servers (CA-2001-13).
How a Linux Distro Saved Hard Disk Data
Our search-and-rescue expert is back to share how he recovered a master boot record and reclaimed lost data.
Hacks From Pax: SELinux Administration
Most of what you already know about Linux system administration will still apply to an SELinux system, but there are some additions and changes that are critical to understand when using SELinux.
CLI Magic: sudo voodoo
Sudo is a handy little tool that is of value to both system administrators and common folks like us. What does it do? It allows you to temporarily assume the permissions of another user, up to and including root. If you belong to the camp that says you should only have root privileges at the time they are needed, sudo makes your life a little easier by making it easier to shape-shift between the permissions for a mere mortal and those of the super user.
One-click installation with Klik
Simplifying software installation is a popular pastime for Linux developers. It has given us useful tools like Synaptic, YUM, checkinstall, and autopackage. A new kid on the block, Klik, approaches the problem differently, by avoiding the installation altogether.
Time to patch your Cisco routers
Three months after the scandal at the Black Hat conference, Cisco finally confirmed the existence of some serious vulnerabilities that Michael Lynn warned about when he demonstrated the ability to hack in to Cisco routers back in July. While the specifics were never made clear during the Black Hat conference, it was thought that Cisco had already fixed the issues with their IPv6 patch but now it's clear that the problems affecting Cisco IOS were much deepe
This worm spreads by exploiting web servers hosting vulnerable PHP/CGI scripts. It is a modified derivative of the Linux/Slapper and BSD/Scalper worms from which it inherits the propagation strategy. It scans an entire class B subnet created by randomly choosing the first byte from an hard-coded list of A classes and randomly generating the second byte.
NetBSD 2.1 is the first maintenance release of the netbsd-2 release branch. This release provides numerous functional enhancements, including support for many new devices, hundreds of bug fixes, patches and updates to kernel subsystems, and many enhancements to the user environment. In addition, all of the security fixes and critical bug fixes from the NetBSD 2.0.3 update are included as well.
It is my great pleasure and privilege to announce the availability of FreeBSD 6.0-RELEASE. This release is the next step in delivering the high performance and enterprise features that have been under development in the FreeBSD 5.x series for that last several years. Some of the many changes since 5.4 include...
Basic Iptables - Debian Pre-Sarge
This How-To uses a Debian Sarge 3.1 box, though the commands and syntax should work for any linux distro. Before you can configure iptables, you first must ensure that it has been compiled into the kernel, and that you have the proper userland utilities installed.
Linux Advisory Watch - November 4th 2005
This week, advisories were released for lynx, OpenSSL, gnump3d, netpbmfree, gallery, phpmyadmin, SELinux PAM Local, TikiWiki, mantis, Ethereal, XLI, libgda, ImageMagick, kernel, and wget. The distributors include Debian, Gentoo, and Red Hat.
Hotrod Your Linksys WAP with Linux (Part 2)
Last week we rambled over the OpenWRT landscape, issued dire warnings and concluded with the easy, but risky, installation method. Today we'll learn the harder, but much safer, installation method. This one is fun, because it depends on an unpatched bug in the Linksys firmware.
A tour of Red Hat Certificate System
Red Hat Certificate System (RHCS) is not an open source product, but don't neglect it for that reason. It's a powerful tool, which builds on Red Hat Directory Server to provide an enterprise solution for managing user identities and ensuring privacy. Essentially, RHCS handles all the different phases of identify lifecycle by using PKI (Public Key Infrastructure). Here's a tour of the latest release of RHCS.
Postfixing your mail server
Years removed from the original release of Postfix, the Unix-based mail server is still serving oodles of people every day. Sendmail may have a larger market share in the Linux community, but Postfix has a much simpler setup and is good for users who do not want to spend a lot of time configuring a mail server.
My sysadmin toolbox
Every administrator has a set of software tools that he just can't live without. These are the utilities that you install as soon as you log into a new machine, to help make day-to-day tasks a little easier. Here are my top 10 tools.
ISO Makes Linux Standards Base a Standard
The Open Source Business Conference (OSBC) here will open on Tuesday to the news from the Free Standards Group that the Linux Standards Base (LSB) has been approved as an ISO standard.
Sun Grid Utility Aimed at MS Word Docs
Sun Microsystems is starting a new grid utility service that unlocks the data stored in Microsoft Word documents and converts it into Open Document Format files that can be used by the StarOffice and OpenOffice desktop suites.
'False alarms' delay Linux kernel release
Version 2.6.14 of the Linux kernel is now available despite 'frustrating' delays due to mistaken bug reports, says Linus Torvalds.
My sysadmin toolbox
Every administrator has a set of software tools that he just can't live without. These are the utilities that you install as soon as you log into a new machine, to help make day-to-day tasks a little easier. Here are my top 10 tools.
Red Hat Wants Xen in Linux Kernel
Linux vendor Red Hat Inc. is aggressively pushing to get Xen virtualization technology included in the Linux kernel as quickly as possible.
OpenBSD 3.8 Released
The official release announcement will soon appear. The OpenBSD team has released version 3.8 right on time, as usual. [Undeadly.org]
CLI Magic: GNU find
Don't you just hate it when you can't find a file you need, but you know it's on your computer? Wouldn't you like an easy way to track down files anywhere on your computer? If so, I have good news for you, a command available to you at the friendly Linux CLI called find.
Hardware emulation with QEMU
QEMU is an open source cross-platform emulator for Linux hosts. It allows you to emulate a number of hardware architectures (x86, x86-64, and PowerPC are currently known to work, with others, including SPARC and MIPS, in development). QEMU thereby lets you run another operating system on top of your existing OS. Going through the process of installing and configuring QEMU not only gave me a worthwhile new software tool, but also helped me learn a few things about Linux.
Software Firewalls versus Wormhole Tunnels
In a VPN configuration, most personal firewalls are configured to drop their shields (because all traffic is heading to and from a trusted source), so the VPN client is, in fact, a liability because there is no need to use a libpcap outbound wormhole-tunnel communications channel. The firewall will happily ignore whatever packets a malicious program might need and they go unfiltered through the "secure" VPN connection... Creating and using a wormhole-tunnel communications channel is not limited to malicious use by malware, spyware, viruses or worms. The following scenario illustrates how one can legitimately (and more robustly) bypass the firewall without the use of libpcap.<p> <i>[Ed.- and don't forget email, web browsers, and all the ways that SSH can sneak around firewall rules.]
Tips and Toys for the Hardworking Admin
Welcome to today's installment of More Tips and Tricks For Hardworking Admins, the finest and freshest collection of mini-howtos on the Web. Today we'll do dynamic blocking of SSH server attacks, run nested window managers, and take a peek at hacking the Linksys WRTG54.<p> <i>[Ed.- The DenyHosts utility, for dynamic blocking of SSH or other port attacks, is quite ingenious and easy to use. Also, XNest is covered, for running multiple window managers simultaneously. Just try to do that with poor ole feeble MS Windows!]
Your Next WAP: Hold the Cheese?
Q:What's the difference between an enterprise wireless access point from a big name vendor, and a SOHO grade one from the likes of Belkin, Buffalo or Netgear? A: About 500 bucks OK, say it's not a very funny joke. In fact it's not really a joke at all – more of an economic observation. But like most jokes, there is a point to it: When you go shopping for wireless access points, do you really need to spend five times as much on an enterprise product which does the same base function – providing wireless network access – as a SOHO one?
Citadel: Groupware Secret Revealed
Now you're in on the secret. Sick of sendmail's security bug of the week? Exchange crashed again and took everyoneÂ’s calendar with it? Microsoft Outbreak let another virus into the intranet again? Want your email and calendaring to Just Work? With a nice web interface for the road warrior executive types? It's time to take a good look at Citadel.
Bugzilla 2.20 Released, bugzilla.mozilla.org Upgraded
Version 2.20 of Bugzilla, the Mozilla bug tracking software, has been released. The Bugzilla 2.20 new features page has more details about the improvements in this release, which include experimental support for PostgreSQL (previously only MySQL was supported) and a new user interface style. Refer to the Bugzilla 2.20 Release Notes for more information.
Network monitoring with Cacti
GNU/Linux is without doubt a brilliant server OS, but monitoring your Linux server can be a challenge. There are a few powerful tools available, such as MRTG, the Multi Router Traffic Grapher, but setting them up can be an exercise in frustration for first-time users. By contrast, Cacti, a graphing program for network statistics, is designed to be easy for relatively inexperienced systems administrators to use, while at the same time being powerful enough to be used in complex networks.
Continuing to Improve Hardware Support In -Current
Undeadly.org discusses the ongoing work to improve hardware support in OpenBSD 3.8 and beyond. [Undeadly.org]
Apache's good reputation drives demand for open web server skills
The Apache HTTP server - now 10 years old - is the product of an open source initiative dedicated to keeping the internet free from commercial control. It is a key part of the Lamp (Linux, Apache, MySQL, PHP/Perl/Python) platform.
Advanced Linux LDAP authentication
In an earlier look at LDAP, we set up a simple LDAP-based authentication system. We configured client machines to retrieve authentication information from a server running OpenLDAP. Now let's go further by enabling encryption and looking at how to make user modifications through LDAP.
CrossOver Office Version 5.0
CodeWeavers have shipped version 5 of CrossOver Office. Jeremy White writes "We have added initial support for Microsoft Office 2003, added a powerful new feature we call 'bottles', which lets you manage your Windows applications more easily than ever before, and dramatically improved the installation and execution process of nearly every Windows program."
File System Tutorial
Here is a short article explaining some basics about file systems. This is an area in which many people, even full time computer users, lack much understanding. Its kind of important!
Comment of the Day - October 25, 2005 Calculate the Optimal Size of a New Disk Drive
In answering a question on the Linux metaforumat Lxer, bstadil wrote a splendid comment about how to figure out the optimal size of a new disk drive.
Hacks From Pax: SELinux And Access Decisions
Hi, and welcome to my second of a series of articles on Security Enhanced Linux. My previous article detailed the background of SELinux and explained what makes SELinux such a revolutionary advance in systems security. This week, we'll be discussing how SELinux security contexts work and how policy decisions are made by SELinux.
IPMI Support in OpenBSD
Undeadly.org has a story about new support for IPMI in OpenBSD. The key characteristics of Intelligent Platform Management is that inventory, monitoring, logging, and recovery control functions are available independent of the main processor, BIOS, and operating system.
More OpenBSD-specific IPMI can be found in the ipmi(4) man page. It is quite interesting as it provides support for some sensors like the ones used in Dell PowerEdge servers.[Undeadly.org]
Nessus fork emerges
With news settling in that the makers of the network vulnerability scanner Nessus will not open source the next version of the software, the team behind the soon-to-be-renamed GNessUs project is growing fast and attracting attention.
The Story of Snort: Past, Present and Future
Last week we met with Martin Roesch, the creator of Snort, the de facto standard for intrusion detection/prevention. Presented here is the entire story of Snort in his words that covers seven years of development that made this tool one of the most important security software titles ever developed.
Fetching email with Mutt
What do you look for in an email program? You may find it in Mutt, an easy-to-use text-based messaging client. Here's all you need to know to get started with Mutt.
SMB Browsing with KDE
KDE 3.x has some nice, built-in, multi-protocol network browsing features, but, unfortunately, chances are that your Linux distribution doesn't enable or configure those features automatically. So this month, dive into KDE and get connected.
Greenlight your RFID systems
Incorporate a Radio Frequency Identification (RFID) framework and connect to various interface types. Learn how to integrate the RFID framework with back-end applications and implement business logic. This article provides the answers to getting it all done.
Apache 2 mod_deflate
Are you ready to take a look at a fairly new technology that promises you to save bandwidth? Maybe you're even more interested when the promises range from a 50% to a 80% amount of savings? Jump in, and take the ride to see if it works out as well as you were promised. Here's how to use mod_deflate in a real life situation.
Finding The Right Man (Page)
A shell script hack to build the PATH and MANPATH shell variables dynamically. [O'Reilly Network Weblogs]
CLI Magic: lsof
Last week's CLI Magic column was about Trojan Scan, a useful tool -- still in alpha development phase -- for warding off the bad guys. I noted then that the utility was based on the lsof command -- actually, based on just one of the hundreds of combinations of arguments used to tell lsof exactly what it is you want from it. This week we're going to take a longer look at lsof, and see a few of the other mysteries it can solve.
VMWare Inc. Releases Free Virtual Machine Runtime
VMWare Inc. has released a new free (as in beer) virtual machine runtime called VMware Player. According to VMWare, this free VM runtime makes it possible for anyone to run virtual machines created in their Workstation, GSX or ESX products. It also runs virtual machines created in Microsoft's virtualization products. The runtime is available for both Windows and Linux.
What do to when apt-get fails
When you install an application package in a Debian-based system, sometimes prerequisite application packages are unavailable. These missing packages are known as broken dependencies. Left unresolved, they can cripple your system's ability to install new packages. They're a disaster that isn't supposed to happen in Debian, thanks to the Advanced Packaging Tool (APT) and the scripts contained in Debian packages.
Rootkit creators turn professional
Signalling a trend towards increased 'outsourcing' of some elements of malware creation, security experts are reporting a surge in the level of professionalism and commercialisation in the creation of so-called rootkits.
OpenBSD 3.8: Hackers of the Lost RAID
Undeadly.org readers discuss ONLamp's extensive interview with several OpenBSD developers. Most topics covered are related to new features in 3.8 like interface trunking, internationalization support, mmap malloc, etc. but there is also some discussion of works in progress. [Undeadly.org]
LinuxWorld Feature - Best Practices in Cluster Management and HPC
Albert Einstein defined success as 10 percent inspiration and 90 percent perspiration. Although he had no inkling about the emergence of Linux Clusters for High Performance Computing (HPC), his words ring true for designing, building, and managing compute clusters.
Get Linux drivers for wireless network cards
The www.linux-wlan.org site provides driver software and Linux compatibility information for a number of USB and PC Card wireless network devices.<br><br> One of the best places to start searching for drivers for a particular USB device is the Linux Wireless LAN HowTo document. While some of the information may be a bit dated, you can find information on Linux wireless drivers ranging from pre-802.11 standards up through more recent 802.11g and 802.11a devices.
OpenOffice.org goes live with 2.0
Last week the OpenOffice.org project turned five. Today the team released the long-awaited OpenOffice.org 2.0 office.
Gnu Bayonne 2 1.0 Released
GNU Bayonne 2 offers a GNU GPL licensed scalable, media independent software environment for development and deployment of telephony solutions for use both with current, and next generation VOIP telephone networks.
Black Duck makes open-source code service free until year's end
Black Duck Software Inc. is making its protexIP/OnDemand software-compliance assessment service available free of charge from Tuesday through year's end, according to a company executive. The service analyzes software projects to determine whether they contain any pieces of open-source code and ensure that the code meets licensing obligations
The CUPS Printing System
A basic introduction to what CUPS is and why you might want to use it rather than LPD.
Squid is a free caching proxy server that runs on Linux and many other operating systems. Many Linux users who have used Squid have taken advantage of its simple setup, and ignore or overlook its advanced features. Here's an introduction to some of those features and how to use them.
Browser security: why an insecure browse-only account doesn't work
One of the reasons why people switch to Firefox (also on the Linux platform) is the assumed security of the browser. Nonetheless, with several vulnerabilities found in Firefox the last few months, the browser may be the weak spot in the security of your desktop. Here's a possible working solution to the problem.
Cross-platform packaging facility OpenPKG 2.5 available
The OpenPKG project released version 2.5 of their unique RPM-based cross-platform multi-instance Unix software packaging facility.
Freeradius and Linux for Your WLAN
A RADIUS server running on Linux can authenticate clients on any platform -- including those connected via a wireless network. Here's to implement EAP-TLS encryption.
OpenBSD's 10th Birthday
Today marks 10 years of OpenBSD. Undeadly.org has the story. [Undeadly.org]
Cruising the Kernel with Andrew, Ted and the Gang, Part I
The ship may not win any interior design awards, but the latest Geek Cruise made up for that with smart minds giving great talks--both on the schedule and off.
New Ubuntu Release Works in a Crisis
In a tight spot? Ubuntu can bail you out.
Intel Slashes PC Power-up Time
Intel has unveiled a new technology on Monday that significantly reduces the time it takes for a notebook PC to power up or access programs, while improving battery life to boot.
Splogs: Is Our Developers Learning?
"Splogs" -- spam blogs -- are just the latest Internet annoyance. And there's really no outright cure for this annoyance, any more than there is for all the others; the only reasonable response is prevention up-front -- by shrewd developers. [O'Reilly Network Weblogs]
Check Point's acquisition of Snort's parent has some users worried
Check Point Software Technologies and Sourcefire have a history of working together, but last week's announcement that Check Point plans to acquire Sourcefire has some open source users a bit nervous.
Whitedust interviews the enimagic Fyodor, creator of the Nmap network security utility.
A Comparison of Solaris, Linux, and FreeBSD Kernel
I spend most of my time teaching classes on Solaris internals, device drivers, and kernel crash dump analysis and debugging. When explaining to classes how various subsystems are implemented in Solaris, students often ask, "How does it work in Linux?" or, "In FreeBSD, it works like this, how about Solaris?" This article examines three of the basic subsystems of the kernel and compares implementation between Solaris 10, Linux 2.6, and FreeBSD 5.3.
Lightweight Web Serving with thttpd
The Apache HTTP Server is the most popular web server due to its functionality, stability, and maturity. However, this does not make it suitable for all uses: slow machines and embedded systems may have serious problems running it because of its size. Here is where lightweight HTTP servers come into play, as their low-memory footprints deliver decent results without having to swap data back to disk.
Get a terabyte of storage on Windows and Linux
Most people who chimed in complained that the NetGear box didn't support anything other than Windows Â– I don't find this to be a tragic big deal since if you're running Linux, you can find yourself a way to rig up a RAID array with a suitable distro on a spare server.
CLI Magic: Trojan Scan
We're all about security this week. Not the security you get from being all wrapped up in a baby-blanket, coddling, gratuitous GUI, but the kind that comes from knowing who is connected to your machine, and why. Trojan Scan is a simple but effective tool that monitors connections and alerts you to unauthorized activity of the sort that a rootkit, trojan, or other bad-to-the-bone-ware might engage in. Jump down out of that hi-tech hammock you're in and let's take a look.
Get Linux drivers for wireless network cards
Steve Blass writes "No problem: if you can't get a Linux driver, Ndiswrapper lets you use the Windows drivers." <br><br> Mr. Blass knows one side of the story, using Windows drivers isn't always a panacea. - Ed
What Is the Linux Desktop
Much has been made of predictions about the "year of the Linux desktop," but what is the Linux desktop, why should you use it, and why should you care? Jono Bacon takes a look at development of the Linux desktop, from its roots to its apps to its future prospects. [Linux]
Finding voice codecs for free software
A triumph of open protocols, like Session Initiation Protocol (SIP) and Inter-Asterisk EXchange (IAX), is hollow if the marketplace standardizes on closed, proprietary codecs for delivering the voice data itself. How do you find the good free codecs? Here are some options.
Regular expression: Stupid is as stupid does
Have you ever had one of those days where you make a mistake, and every attempt to fix your mistake just leads to worse problems? Eventually you've managed to turn a minor glitch into a major disaster.
It Salaries Heading North in 2006
October 13, 2005: With demand for IT talent finally catching up with supply, companies can expect to pay more for help in the coming year.
SecurityFocus covers OpenBSD's network stack
Highlighting the upcoming 3.8 release, SecurityFocus has posted an interview with three OpenBSD developers about the network stack protection against DoS attacks which use ICMP, a short comparison with Linux's stack, and some thoughts on OpenBGPD. Undeadly.org has the discussion. [Undeadly.org]
How to keep instant messaging off the record
Sometimes encryption isn't enough to keep your conversations private. With standard encryption, it's theoretically possible for someone to steal your secret encryption keys and decipher the conversation. For conversations that need to be kept confidential, the Off-the-Record (OTR) plugin for Gaim saves the day. It leaves no trace of a conversation ever having taken place.
Monitoring Network Traffic with Netflow
SNMP and MTRG can tell you what your network is doing, but they don't always give you the details you need. Netflow does--but it has a complex setup and configuration. Fortunately, Michael W. Lucas shows how to install and configure modern versions. [Sysadmin]
Quick primer on Unicode under Linux
Ed Trager's A Quick Primer On Unicode and Software Internationalization Under Linux and UNIX is a good short intro to configuration and tool setup for working with Unicode on a Linux machine.
An Overview of ping
Trying to figure out if your laptop is connected to your home or office network? ping it.
Linux: Error Detection and Correction
Alan Cox submitted a pair of patches to add error detection and correction (EDAC) logic to the 2.6 kernel. He noted, "I don't think its yet merge ready but getting there so I'd appreciate other folks comments and views on what else needs fixing before generating a submission for Andrew." As usual, Kerneltrap has more details. [Kerneltrap]
Vuln: OpenSSL Insecure Protocol Negotiation Weakness
Bugtraq discusses an OpenSSL insecure protocol negotiation weakness. [Bugtraq]
Linux: 2.6.14-rc4, Final Release Candidate
Linus Torvalds announced 2.6.14-rc4, "the final -rc before a 2.6.14 release." Kerneltrap discusses the current version of the development process as well as changes for this release. [Kerneltrap]
Don't discount software distribution sites as attack vectors
Sendmail. Tcpdump. OpenSSH. With control of the sites, the bad guys replaced the downloadable installation package for each tool with a Trojanized version that included a backdoor bundled in the package. The bad guys had hit upon the ideal mechanism to propagate their malicious code -- duping systems administrators to take the bait and install their wares for them.
Hacks From Pax: Security Enhanced Linux and Mandatory Access Control
Security Enhanced Linux, or SELinux, is an exciting security project that is reaching maturity and poised to revolutionize Linux security administration. This article provides a basic introduction to the philosophy behind SELinux and explains how it can add a powerful layer of security to your Linux system.
DBAs vs. Developers: Managing Your Data without Conflict
While not reaching the deadly proportions of the Hatfield-McCoy feud, some IT feuds rival them in fever. Teams that are supposed to work together don't. Specifically, database administrators (DBAs) and developers (don't call me a programmer!) often butt heads and fail to find common ground.
Is your open source project ready for the daylight savings time fix?
Here's a computer problem you can blame George W. Bush for personally. Starting in 2007 daylight savings time will start a month earlier and end a few days later. Instead of starting on April 2, as it will next year, it will start on March 11.
Linux: State Tracing, Visualizing Fragmentation
Yumiko Sugita announced the 2.3.1 release of LKST, the Linux Kernel State Tracer. The project page notes, the "Linux Kernel State Tracer(LKST) records information as trace data about events in the Linux Kernel. It records various events like process context switch, send signal, exception, memory allocation, send packet, and so on." Kerneltrap has discussion.[Kerneltrap]
CLI Magic: Checkinstall
Given the ease of installing free software apps these days, especially those installed outside your distro's package management, how do you get that the great game you installed from scratch last week when you learn it opens your system up to hostile takeover? Think that just removing the executable does the trick? Think again.
What Is Linux
For a long time, Linux was seen as a geek's system--too complicated for ordinary folks. But Linux has matured, and with today's desktop environments and new user-friendly installations, Linux is finally coming into its own as a desktop system. [Linux]
Exclusive: Xen Grows Up
In the past year, development of the open source Xen virtualization platform (http://www.cl.cam.ac.uk/netos/xen/) has forged ahead at a rapid pace, adding support for hardware virtualization and large- scale enterprise server hardware such as symmetric multiprocessor (SMP) guests and physical address extensions (PAE). Simultaneously, the Xen project has amassed a substantial community of developers and refined the software to be stable and robust. Now with a third major release, Xen is ready for Â“The Big Show,Â” production use. Up until the recent release of Xen 3.0, a major obstacle to the adoption of Xen in some environments was the softwareÂ’s lack of support for unmodified operating systems. XenÂ’s original approach of paravirtualization, modifying an operating system to facilitate virtualization, yielded great performance, but failed to host operating systems for which source code is unavailable.
Security Alerts: XFree86 Trouble
Noel Davis looks at problems in XFree86,
Meng Wong Plots Messaging's Future
Email Battles' discussion with Meng Weng Wong, the father of the Sender Policy Framework method for sender authentication of email messages, continues.
Linux: Kernel Crash Dumps
A kernel crash dump is a snapshot of system state taken at the time that the kernel crashed, useful for finding and debugging the problem that caused the crash in the first place. There is no standard mechanism for automatiaclly collecting a crash dump on Linux, but Kerneltrap discusses several existing projects intended to meet that goal. [Kerneltrap]
Pass on Passwords with scp
Learn how to propagate files quickly and do backups easily when you set up scp to work without needing passwords.
Serve Paid Content to Spiders and the Public as Babel
Here's a working example and PHP script for randomizing web page text in-place. The result scans well and indexes well, but it doesn't give the story away. I think this would be a good technique for interfacing paid content with the free web... certainly better than following search engine hits into "access denied" pages. [O'Reilly Network Weblogs]
Vuln: Linux Kernel MMap Invalid Memory Region Local Denial Of Service Vulnerability
Bugtraq reports on a "Linux Kernel MMap Invalid Memory Region Local Denial Of Service Vulnerability". [Bugtraq]
Installing Fink on Mac OS X
At its heart, Mac OS X is a Unix operating system. This means that plenty of Unix open source software compiles and runs on it. However, compiling software can be tedious, especially if it has many dependencies, or if it hasn't been tested on Mac OS X. Fink can help.
FreeBSD: Interview with Release Engineer Scott Long
BSDForums interviews FreeBSD Release Engineering Team's Scott Long relating to various aspects of FreeBSD. Topics discussed include FreeBSD general issues, its academic roots, how FreeBSD compares to other BSDs - OpenBSD, NetBSD, and the ongoing debate on FreeBSD vs. Linux.
Augustus' Ultimate Linux Workstation: Part II
In this part of my look at building what I would consider the ultimate Linux workstation, I will take you through some of the special construction that had to be done to accommodate some of the special hardware I selected.
What's your downtime worth?
If you're looking at high availability for your hardware, chances are you're considering a clustering option -- using multiple standard boxes to form a highly available system. But according to fault-tolerant server vendors, companies need to take a closer look at redundant hardware before buying into potentially more expensive and more complicated clustered options.
The Arrival of NX, Part 5: Using NX
We know you've been waiting for it, so here's the next installment of our NX series. This time out, learn how to navigate with hands-on exercises that demonstrate all NX can do.
Ibm debuts software for age-related disabilities
IBM has released a set of software programs to help older workers with age-related disabilities stay productive at the office.
CLI Magic: Logrotate
This week's CLI Magic comes from Mayank Sharma. While some might think that Logrotate is strictly a tool for system administrators, Mayank disagrees. He argues that even those as far down on the food chain as ordinary Linux desktop users -- not just system admins -- can benefit from the tool.
Red Hat Aims to Simplify Linux
The corporate sector does not just run on servers. Thus, Red Hat is putting lots of effort into the desktop in an effort to simplify Linux for this environment. Even the universal serial bus flash drives which required a user to "mount" or "dismount" via the console is now a simple matter of plug and play.
Disk Blasting 101 with Linux
<B>How To:</b> If all you want to do is be 99.9999 percent sure that there's no data left on your drives, DBAN (Darik's Boot and Nuke) is for you.
SysAdmin Paper from Yankee Group Ignorable
The Yankee Group has produced another of its infamous surveys about TCO comparisons between Microsoft and Linux. Excuse the yawn but has Yankee ever used its skills in statistical analysis to win a lottery?
Opinion: There are too darned many Linuxes
...There are only, by my quick count, one hundred and forty one Linux distributions. Currently shipping. For the Intel platform. In English.
Automating Linux security should be a higher priority
But I strongly believe that Linux users badly need the kind of automated anti-viral patch management service that Windows users now take for granted.
Debian GNU/Linux is a powerful and popular community-developed Linux distribution--and the basis for several other useful and usable distributions. With the recent release of Debian Sarge, it's better than ever. Edd Dumbill, Debian developer and GNU/Linux advocate, walks through a typical installation. [Linux]
When I see or hear people knocking Linux for not having applications, I think of Jesse Vincent's Request Tracker (RT). When I first found out about RT, I thought I had found a few hundred thousand dollars laying on the street. That's the amount of money I would have had to spend on a proprietary trouble ticket tracking system comparable to ones from "big" commercial shops.
If you haven't tried EnGarde recently, then I'm certain you'll be equally as excited about this release as we are. Completely redesigned web interface, firewall features, integrated Security-Enhanced Linux protection, and completely free updates are just a few of the outstanding new benefits.
Five common mistakes that Linux IT managers make
After seeing the same mistakes repeated by different IT managers over the years, I've noticed a pattern of common errors. Here are the five common mistakes, along with tips for avoiding them.
SSL VPNs and OpenVPN: A lot of lies and a shred of truth
I wanted to write an article on the strengths of OpenVPN, but I just can't get the message out without first talking about the serious insecurities I see in the rest of the SSL Virtual Private Network (VPN) space...
Bugtraq: Is the Bottom Line Impacted by Security Breaches?
Bugtraq reports on a study that asks if reported security breaches affect the bottom lines of companies. [Bugtraq]
New Tool To Monitor HIPAA Compliance
Ecora's Enterprise Auditor has built-in HIPAA reports that map directly to the act's security rules, making it easier to quickly generate compliance reports.
Mysql 5.0 about to be completed
The open-source database MySQL has been published in Version 5.0.13, the first edition of the 5.x development branch, which the manufacturer has designated a Release Candidate. Though the release date of a stable version is still a matter of speculation, the competition which MySQL launched on the occasion of the publication of the Release Candidate provides something of a hint. Anyone who within the next eight weeks finds and reports a bug in this version stands a chance of winning an iPod nano, the rules of the competition state. Anyone moreover who in addition in a blog relates his or her experiences with MySQL 5.0 can with a little bit of luck win free entry to the next MySQL Users Conference and will there be invited to have dinner with the team of developers.
Red Hat EAL5 To Get Government Blessing
Although it is still a year away from being released, Red Hat Enterprise Linux 5 is already on the path toward EAL4 certification.
Linux: PATA Drivers in LibATA
Alan Cox provided a status update on his PATA driver efforts with libata. He offered a qualified call for testers. Kerneltrap has more details.[Kerneltrap]
Dell talks up multicore servers, workstations
Dell has added multicore technology to its single-core dual-socket servers and workstations, the company announced Monday. Multicore computing is the placing together of two or more CPUs (central processing units) onto a single piece of silicon.
IT manager's crash course: 64-bit computing
The kind of hardware you buy can have a profound effect on the success of your business, but choosing among the available options is now tougher than ever. The advent of inexpensive, binary-compatible 64-bit processors has introduced a new facet to the decision-making process. Here's what to consider.
Is e-mail failing us?
There is a common understanding among Internet users that e-mail is one of the most trusted technologies around. Want to quit your job? After all, it all seems so easy... This however fails to take into account one of this century's most painful truths: e-mail, after so many years of being relied on, still doesn't work reliably.
An introduction to Debian networking setup
Under Debian networking is pretty comparable to other distributions of Linux, especially in areas such as DNS setup. However if you're new to the distribution you might not know where things are set. This brief introduction to networking will show you how it works.
CLI Magic: p0f
P0f is a passive OS fingerprint tool written by The Evil Twin, a.k.a. Michal Zalewski. Here's how to make your own personal version of Netcraft's "What's that site running?" survey.
ISP-Server Setup - Ubuntu 5.0.4
This is a detailed description about the steps to be taken to setup a Ubuntu based server (Ubuntu 5.0.4 - The Hoary Hedgehog) that offers all services needed by ISPs and hosters (web server (SSL-capable), mail server (with SMTP-AUTH and TLS!), DNS server, FTP server, MySQL server, POP3/POP3s/IMAP/IMAPs, Quota, Firewall, etc.).
Red Hat Network tour
I've used Red Hat Network successfully in the past, so I was happy to get my hands on a demo of Red Hat Network 4, which is in the process of being released. Before I drill down into RHN4, I have to say RHN4's new features are cool, particularly the ones that enable you to manage Unix-based Solaris servers and monitor systems more effectively.
Five common mistakes that Linux IT managers make
After seeing the same mistakes repeated by different IT managers over the years, I've noticed a pattern of common errors. Here are the five common mistakes, along with tips for avoiding them.
Configuring DNS on SLES 9
On a modern IP-based network, users take for granted the fact that they can access local network and Internet resources using easy-to-remember domain names instead of IP addresses. I doubt that a single work day goes by that the typical employee doesn't access some website with a URL. As a Linux system administrator, it's your job to know how to provide users with this behavior.
Auditor: The security tool collection
The Auditor security collection is a GPL-licensed live CD based on Knoppix, with more than 300 security software tools. Auditor gives you easy access to a broad range of tools in almost no time.
45 Minutes to a Linux Terminal Server
With a Linux Terminal Server and thin-clients, a business can remove many of the costs associated with maintenance, support, and licensing of countless desktop PCs. Thanks to the exceptional efforts of the Linux Terminal Server Project members, such a switch is neither dramatic, nor painful.
Protecting Linux against automated attackers
As many systems administrators will tell you, attacks from automated login scripts specifically targeting common account names with weak passwords have become a substantial threat to system security, especially via SSH (a popular program that allows remote users to log in to a Linux computer and execute commands locally). Here are some common-sense rules to follow that can greatly improve security, as well as several scripts to cut down on the computing resources wasted by these attacks.
Webmin: Simple, Secure Linux Management
Webmin is a great all-in-one graphical configurator that can be used to configure and monitor servers, system files, networking, and hardware - in short, everything. Unlike other GUI system administration tools, Webmin directly edits program configuration files. OSDir has more.
Mozilla Firefox 1.0.7 Released
Mozilla Firefox 1.0.7, a security and stability update to the flagship Mozilla browser, is now available for download. This version includes fixes for the international domain name (IDN) link buffer overflow vulnerability and the Linux command line URL parsing flaw.
Bluetooth and GNU/Linux
Bluetooth is an open, IEEE connection standard for wireless device communications. Here's an introduction to Bluetooth on GNU/Linux, including how to enable support for it, some programs that monitor Bluetooth communications, and some hardware devices that use Bluetooth.
Contributors wanted for new HOWTO/advocacy site
LinuxQuestions readers consider the possibility of providing guidance for people switching from Windows and Mac OS X to Linux... perhaps you can contribute! [Linuxquestions.org]
Free Standards Group Releases LSB 3.0
On Monday, the Free Standards Group released the latest version of the Linux Standard Base, Version 3.0, and announced that Red Hat Inc., Novell Inc., the Debian Common Core Alliance and Asianux are all certifying their latest operating systems versions to it.
Linux: New Home For master.kernel.org
The master.kernel.org server recently moved to a new home at Oregon State University's Open Source Lab, the same that provides hosting for KernelTrap . Kerneltrap has more details. [Kerneltrap]
OpenBSD is an ultra-secure, freely available, multi-platform BSD-based UNIX-like operating system x-- and arguably the most secure operating system in the world. After using OpenBSD for over 9 years I decided to place online some useful information for first time users of OpenBSD.
Filter spam with CanIt-PRO
Despite the the passage of the CAN-SPAM Act, email users are still subjected to vast quantities of spam and virus-laden messages. Roaring Penguin's CanIt-PRO is a Sendmail-based application that helps block spam, viruses, phishing attempts, and other nastiness....
Linux: Reiser4 and the Mainline Kernel
Hans Reiser sent an email to the lkml titled, "I request inclusion of reiser4 in the mainline kernel". He provided a list of objections raised earlier, noting that all had been addressed. Kerneltrap covers the story. [Kerneltrap]
Don't Install, Just Copy with klik
Klik is a system which creates self-contained packages of programmes installable over the web with a single click. Kurt Pfeifle discusses the potential uses of this technology for helping the non-coding contributors to KDE. He also looks at how the system works and the obvious security issues involved.
Apache Spamassassin 3.1.0
Apache SpamAssassin 3.1.0 has been released! SpamAssassin 3.1.0 is a major update. SpamAssassin is a mail filter which uses advanced statistical and heuristic tests to identify spam (also known as unsolicited bulk email).
CLI Magic: CDargs
Typing long path names at the command line can get to be a chore very quickly. Even with tab-completion, it can take a lot of typing to move from your home directory to /var/www/www.mysite.com/cgi-bin or something similar. Wouldn't it be much better if you could "bookmark" long path names and type something simple, like cdb site, to get to a directory? That's where CDargs comes in.
Big Scary Daemons: Visualizing Network Traffic with Netflow and FlowScan
SNMP and MTRG can tell you what your network is doing, but they don't always give you the details you need. Netflow does--but sometimes a pretty graph says more than thousands of lines of log output. Fortunately, Michael W. Lucas shows how to use FlowScan and CUFlow with Netflow to see the traffic on your network. [Sysadmin]
While email is increasingly a worker's most important communication medium, the onslaught of attacks from spam, viruses, and other malicious email content is ever increasing. By implementing a mail server in Perl, you can use your favorite language to mitigate those attacks and provide greater flexibility in processing incoming mail. Matt Sergeant shows how to install, configure, and write plugins for Qpsmtpd. [Sysadmin]
Enterprise-Wide Network Management with OpenNMS
Network management of more than a few devices is difficult, and many vendors have expensive, complicated software that mostly does the job. Fortunately, open source has a viable alternative in OpenNMS. Tarus Balog shows how the extensible and configurable software can simplify your life. [Sysadmin DevCenter]
Important Notice for Sysadmin DevCenter Readers About O'Reilly RSS and Atom Feeds
O'Reilly Media, Inc. is rolling out a new syndication mechanism that provides greater control over the content we publish online. Here's information to help you update your existing RSS and Atom feeds to O'Reilly content. [Sysadmin DevCenter]
Improving Network Reliability with Keepalived
No matter how good the software, hardware eventually fails. Redundancy is an important way to keep your important services running smoothly. With the right software, you can even sleep through otherwise catastrophic network failures. Philip Hollenback demonstrates how to make your network robust by using Keepalived on multiple Linux routers. [LinuxDevCenter.com]
Linux: Swap Pre-Fetching
Con Kolivas posted a patch for the 2.6.13 kernel that implements cache prefetching, based on earlier work. Kerneltrap has more details.[Kerneltrap]
Creating a software demo with Impress
If you've ever tried to explain how a particular feature or application works without actually showing it, you know how difficult that can be. A good software demo can really save the day.... Here is how to create a software demo that includes some essential elements: cursor movements, button clicks, animated menus, and callouts.
Here are step-by-step instructions for installing and customizing your own Linux system.
Real-Time Audio Servers on BSD Unix Derivatives
Undeadly.org readers discuss Juha Erkkilä's masters thesis on the real-time issues affecting the audio subsystems in the BSD operating systems. [Undeadly.org]
Unwilling to break apache's chroot for something as trivial as phpSysInfo, I decided to write a PHP script that taps into the stats symon streams to my server. It displays a quick overview of any stats available. [Undeadly.org]
Linux: Tainting The Kernel
The announcement of a new Forensic File System led into another discussion of kernel tainting and the legality of binary-only kernel modules. Kerneltrap has more details.[Kerneltrap]
SATAvs. Parallel IDE on Linux
Over the past few years SATA has become a standard interface on hard drives and is starting to show up in many peripheral devices. Today we're taking a look at two similar hard drives to see how well SATA is supported in Linux.
GridShell extends the tcsh and bash syntaxes
GridShell extends the tcsh and bash syntaxes. Users familiar with both will be able to write scripts that include these grid shell language extensions, and orchestrate and coordinate the execution of programs across the grid.
Bugtraq: Call for new mailing lists @ SecurityFocus
SecurityFocus issues a call for new mailing lists. [Bugtraq]
A Cherry keyboard cometh
SecurityFocus issues a call for new mailing lists. [LXer Linux News]
A Good Use for an Aging Linux Machine
Expensive groupware is simply overkill when all you want is to decide whose turn it is to do the dishes. This month, Peter uses his old Linux box to build a miniscule Web-based household calendar. In these Linux on board column installments, Peter looks at Linux running on various kinds of hardware -- PDAs, embedded devices, or just ancient hardware no one thought was useful anymore. He alternates between looking at specific Linux devices and showing you in detail how to use Linux on decrepit hardware that's past its reputed prime.
Vim's newest features
Vim, or "vi improved," is an open source text editor for multiple platforms. This article gives an overview of vim's latest improvements over vi.
A Surefire Cure For Spam
What the world needs now is not SpamAssassin, but SpammerAssassin. [O'Reilly Network Weblogs]
Open source identity management
A complete identity management solution comprises a number of components. As such, it would be difficult for any single open source project to offer a plug-and-play identity management system. There are, however, several projects that offer components of such a system, particularly in the area of federation and SSO (single sign-on).
Customizing FVWM even more
In my last article on FVWM, the F Virtual Windows Manager, I wrote about its basic setup, how to create a task bar, and how to create your own menus. In this article I'll be looking at further ways of customizing the windows manager to improve the basic desktop.
Linux: 2.6.13 Kernel Released
Linus Torvalds announced the release of the 2.6.13 Linux kernel.
aKademy 2005 Kicked Off!
Following yesterday's rousing KDE e.V. meeting, aKademy 2005 officially kicked off today with dual presentation tracks filled with content designed for users and system administrators. At the same time the hacking rooms were full of busy developers from morning until evening at which point everyone went to a party sponsored by Novell.
OpenBSD-based web application firewall
Armorlogic is using OpenBSD as the core of its new web application firewall product called Profense. Undeadly.org readers discuss it. [Undeadly.org]
The Boot Loader Showdown: LILO or GRUB?
What utility do practically all Linux users use -- regardless of their job or expertise? A boot loader. This article reviews GRUB and LILO.