2001 02 01

                    LINUX NEWS
            Thursday, February 1, 2001


1) Sean’s Notes

2) Linux News

Microsoft's New Product
More on the Ramen Worm
SUN Shines on GNOME
2.4.1 Released

3) Linux Resources

Star Office Patches Available
GIMP Essential Reference
Using Kerberos
New Freshmeat
FTP and your Firewall

4) App o’ the week

~~~~~~~~~~~~~~~~~~~~~~ ADVERTISEMENT ~~~~~~~~~~~~~~~~~~~~~~~ AUDIOWHIZ

Gain study time and enhance your learning! Hear hundreds of certification exam questions on audio CD or cassettes. Learn while you commute to and from work, exercise or walk the dog. Ideal for those times when you can’t read. 90 day money back guarantee if you are not happy.


For information on how to advertise in this newsletter
please contact mailto:adsales@BrainBuzz.com or visit

1) Sean's Notes

\* Running BIND?  Serious bugs found.  Check out: \*
\* http://www.isc.org/products/BIND/bind-security.html \*

While the Ramen worm that came out the other week didn't
cause a huge stir, it does show that people aren't security
conscious. Even if your machine doesn't have any important
data on it, a security breach is inconvenient.  It can also
result in your machine being used as a place from which a
cracker\[0] can mount an attack, or run a warez\[1] site.

Securing your box starts right after it finishes booting
for the first time.  Here is my checklist of things I do
after the install:

1) Go to the distro's web site and download any patches.
Apply them.

RedHat - http://www.redhat.com/errata
Debian - http://www.debian.org/security
Mandrake - http://www.linux-mandrake.com/en/security/

2) Run through /etc/inetd.conf.  Comment out any services I
don't want to run, especially stuff like the R\*\[2] utilities,
FTP, etc.  I can add anything later, once I'm ready to
configure it properly.

3) Eyeball the packages that were installed, and remove
anything I don't want.  RedHat is notorious for installing
extra stuff.

4) Find out what services are running at boot.  In RedHat,
I can do--

chkconfig --list | grep :on

--to find out what's being started. Furthermore--

chkconfig sendmail off

--will turn off the sendmail process.  Not running a mail
server?  You don't need sendmail started.  Things like
portmap, ypbind, netfs should be turned off unless you're
running NFS or NIS.  Plan on being a print server?
Probably not, so you don't need lpd.  That's one of the
Ramen worm's targets.

5) I then make a note of what is going to be running on boot
up, and start configuring it.  Nothing should be running
with the defaults.

6) Peek at /etc/passwd... What accounts are there?  Is there
a valid shell?

7) Install SSH.

8) Set up wrappers.  Put "ALL:ALL" in /etc/hosts.deny, and
then let in machines from hosts.allow.  "man hosts_access"
for the syntax.

9) Reboot the computer.  When it comes back up, check the
process listings and boot logs to see if the changes have
had the desired effect.

10) Resolve to keep an eye on logs.  Having a program parse
them and email them is a good thing, try "logcheck" from the
Abacus project.


Portsentry, from the same site, is another good program to
help secure your box.

11) Resolve to keep up on updates.  The sites I listed above
for downloading updates usually have an address where you can
subscribe to a list that lets you know when something is new.
If you did, then things like the Ramen worm won't scare you.
The vulnerabilities it exploited have had patches available
for quite some time.

This may all seem like a lot, but it takes less than half an
hour.  The steps listed above will shut down the script
kiddies, and let you get on with your life.

Anything to add to this list?  Security concerns?  Questions
about Linux?  The Linux news board is open 24x7.


Long live the Penguin,


\[0] - Hacker good, Cracker bad. A hacker is someone with a
knack for computers, a cracker is someone who uses that
knack to cause harm.
\[1] - Illegal software
\[2] - rsh, rcp, rexec, rlogin - these utilities were
designed to copy/run programs between trusted systems.
Now, nothing can be trusted. SSH can securely replace these.

2) Linux News

Microsoft's New Product
We'll start off this week's resource section with a light
one. First you have Windows CE, then ME, and finally NT.
What do you get when you put them all together?


More on the Ramen Worm
The Ramen worm targeted RedHat 6.2 and 7.0 machines that
weren't up on their security patches. This release from
RedHat shows the vulnerabilities, and the necessary patches.


SUN Shines on GNOME
In case you haven't heard, SUN Microsystems, maker of that
wonderful operating system called Solaris, has embraced the
GNOME windowing environment. In this interview, John Heard,
manager of architecture and strategy at Sun, talks about
where SUN wants to go with this technology.

http://linuxpower.org/display.php?id 2

2.4.1 Released
The kernel team has been busy. 2.4.1 promises some features
left out of the 2.4.0 release, including ReiserFS. Grab it
from your local mirror and patch up!


3) Linux Resources

Star Office Patches Available
Anyone who has used Star Office knows that it's pretty good,
but far from perfect. Since the 5.2 release, they've done a
lot of work, fixed a lot of bugs. Go here to grab the latest
patches for Star Office 5.2.


GIMP Essential Reference
The GNU Image Manipulation Program is a great piece of
software, but the plethora of options can be intimidating
and even confusing. Take a peek at my review of this
reference guide, which promises to shed some light into
the darkest of the corners of the GIMP.


Using Kerberos
It's there, but what does it do? Kerberos is a distributed
authentication mechanism, but incorporates strong
cryptography. If you have multiple Unix systems, you may
want to consider running Kerberos to reduce the user
administration you have to do.


New Freshmeat
Freshmeat has just undergone a redesign. If you've never
visited it before, it's a searchable index of useful
software. Freshmeat II promises better categories and a
host of new features. Check it out!


FTP and your Firewall
FTP transfers data by building a data channel from the
server back to the client. This, of course, doesn't make
firewalls happy. This article gives the details, and shows
you how to make it all work.


4) App o' the week

With Napster gearing up to charge for usage, I thought I'd
pass along a link to this system. Mojonation is a
distributed filesharing and searching architecture with a
twist -- pay for downloading with a currency called "mojo".
Earn mojo by providing services to the Mojonation.


(C) 2001 BrainBuzz.com. All Rights Reserved.


         This message is from BrainBuzz.com.

You are currently subscribed to the
   Hottest Linux News and Resources
   as: sean@ertw.com

To un-subscribe from this newsletter by e-mail:
   send a blank email message to:


To Subscribe to this newsletter by e-mail:
   send a blank email message to: