Cramsession Linux Newsletter

                    LINUX NEWS
            http://www.Cramsession.com
           August 15, 2002 -- Issue #94

TABLE OF CONTENTS

1) Sean’s Notes

2) Linux News

KDE Smokes MS In SSL Bug Fix
Security -- Technology or People?
Linux in the Palm of Your Hand
It's Hammer Time!

3) Linux Resources

Technical Conference Presentation Tips
Customize That Prompt!
SysRq Mode
Load up Webmin
Modern Distributed File Systems

4) App o’ the Week

~~~~~~~~~~~~~~~~~~~~~~ ADVERTISEMENT ~~~~~~~~~~~~~~~~~~~~~~~

Linux Administration Resource Kit: This $119.97 value is available for just $9.99. Learn about installing Linux on one PC or an entire network, integrating Linux into any network topology and troubleshooting installation, configuration, and networking glitches. Click below for details.

http://ad.brainbuzz.com/?RC06&AIU69

For information on how to advertise in this newsletter
please contact mailto:adsales@CramSession.com or visit
http://cramsession.com/marketing/default.asp

-------------------------
1) Sean's Notes
-------------------------

Some days I have to wonder at why the people who run
Microsoft products put up with some of the things they do.

Take for example, security patches.  As I see it, there are
two challenges involved with them.  First, get the patches
out to the appropriate machines.  Secondly, be able to audit
a computer to ensure compliance to your security baseline.

With five or so servers, it's all pretty easy.  You can go
to each machine, manually check each one, and install what
ever is needed.  When you get to 20, 50, 100+ servers,
things become a bit more complicated.

Microsoft was kind enough to put out the Baseline Analyzer,
and HFNetChk which let you get some degree of automation.
There are also third-party utilities that do much the same.
However, when neither of them give a satisfactory answer,
or worse, different answers, what do you do?

Since it's all closed, you don't know what method it's using
to determine if the patch is applied.  Since everything is
hidden from you, it's difficult to do it yourself.  So, you
end up with an automated process done with a tool, followed
by some home grown batch files, and finished up with you
having to take a peek at each server anyway.

Linux, on the other hand, hides very little.  What you see
is what you get.  No registry you have to check to see if
the right key is there, the permissions are very simple and
easy to fix.  In short, almost any administrative task can
be scripted and rolled out to dozens, nay, thousands, of
workstations and servers.

Someone in such a job might designate one machine (or a
cluster) to be the "patch master".  It will have all the
latest packages, either exported by NFS if that's what your
environment is, or http/ftp.  Furthermore, by taking
advantage of SSH's keys, you can ensure that root can
securely log in from that machine to all other machines
without passwords.  Standard disclaimers about "protect
this machine" apply, which is why limiting what it does
outside of the patch functions is a necessity.

One way of keeping on top of your machines might be to
nightly dump the output of "rpm -qa" from each box into a
SQL database.  Whenever you need to perform an audit, simply
compare the values you have stored.

Likewise, patching is fairly easy:

ssh server1 rpm -U http://patchserver/patches/foo-1.1.2-1.i386.rpm

Iterate through each server (or fork off some helper processes
to do it in parallel), and all your servers are up to date.
Since very few upgrades require a reboot, your changes are
instantly applied.  The nice, easy, format of the RPM
distribution lets you restart daemons from within the RPM,
ensuring that every upgrade is performed exactly the same.

You could also take the opposite approach, of letting each
workstation determine its status, and upgrade itself.  While
it's equally workable, I prefer the audit trail and certainty
of pushing the patches from a server, versus pulling them
from the client.  Furthermore, it lets you control when stuff
goes out, so that it can be properly tested.

Finally, with Open Source tools, you can have a patch
available hours after the bug is found.  24 hours after the
recent Apache bug was found, the team had a new release.
Patches and updates to CVS are usually available within a few
hours after a bug.  Combine that with strong package
management and creation, and you can have a solution ready
for your users, and still make it home in time for dinner.

As a Unix administrator, one of your greatest assets is your
ability to automate routine tasks such as patches and
upgrades.  It frees your time up to do more important things,
like evaluating 3D video cards by testing them with the
latest games :)


Long live the Penguin,

Sean
mailto:swalberg@cramsession.com


-------------------------
2) Linux News
-------------------------

------------------------------------------------------------
KDE Smokes MS In SSL Bug Fix
------------------------------------------------------------
Earlier this week, a bug in some implementations of SSL was
found that could let nasty people impersonate an SSL
connection on the IE and Konqueror browsers. Surprise,
surprise, it's fixed in Konqueror, while MS is still spinning
their wheels.

http://online.securityfocus.com/news/575


------------------------------------------------------------
Security -- Technology or People?
------------------------------------------------------------
This is a very long (but interesting) account of an interview
with Bruce Schneier, a noted security expert. It's got some
of Bruce's regular quotes, but a lot of new stuff as well,
especially dealing with applying his computer security
principles to airport security.

http://www.theatlantic.com/issues/2002/09/mann.htm


------------------------------------------------------------
Linux in the Palm of Your Hand
------------------------------------------------------------
"The Zaurus is the first mass-market Linux PDA to hit the
market. I believe Linux fans will herald the move and
welcome and embrace the Zaurus. But, what about everyone
else? Will the PDA-buying public be willing to bet on the
Zaurus instead of one of the better-known available models?"

Read on to find out.

http://www.msnbc.com/news/792040.asp?cp1=1


------------------------------------------------------------
It's Hammer Time!
------------------------------------------------------------
Red Hat has announced that it will be providing support for
AMD processors based on the 64-bit hammer technology. This
means that there will be software built in a 64-bit
environment, and fully backed by Red Hat.

http://www.amdzone.com/releaseview.cfm?ReleaseID02


-------------------------
3) Linux Resources
-------------------------

------------------------------------------------------------
Technical Conference Presentation Tips
------------------------------------------------------------
I've given a few talks in my life, they're a great way to
share knowledge, or at least to make a fool out of yourself.
I'm always on the lookout for tips on how to give a good
presentation. This one, written by a Perl fanatic, is full
of good advice, and it had me in stitches.

http://perl.plover.com/yak/judo/presentation/


------------------------------------------------------------
Customize That Prompt!
------------------------------------------------------------
The shell is extremely flexible, right down to the prompt
itself. This article walks you through customizing the text
and color of your shell, even making sure that any X-Terms
have the right title displayed! This is a handy skill to
have; other than aesthetics, it can save you time figuring
out what server you're on when you've got a handful of
sessions open, among other things.

http://www-106.ibm.com/developerworks/linux/library/l-tip-prompt/


------------------------------------------------------------
SysRq Mode
------------------------------------------------------------
SysRq mode is a very under-documented feature of the Linux
kernel. It's mostly for kernel developers, so they can get
information off of a hung system, but it can do some handy
things for people who live in userland.

http://www.linuxgazette.com/issue81/vikas.html


------------------------------------------------------------
Load up Webmin
------------------------------------------------------------
I've received several comments from people about Webmin, a
web-based administration interface. It's really slick: you
can delegate tasks to certain users, and it's very easy to
understand. This article walks you through the installation
and basic usage.

http://www.linuxbeginner.org/modules.php?name=News&file=article&sid
e


------------------------------------------------------------
Modern Distributed File Systems
------------------------------------------------------------
Here's an article that looks at various ways of making
filesystems available over the network. Other than the
traditional NFS (network file system), many other methods
are investigated in the article. There's even stuff on
support for WebDAV.

http://www.linuxplanet.com/linuxplanet/reports/4361/1/


-------------------------
4) App o' the Week
-------------------------
"freeVSD is an advanced web-hosting platform for ISPs,
educational institutions, and other large organisations. It
allows multiple Virtual Servers to be created on a single
hosting server, each with a truly separate and secure web-
hosting environment. This reduces an ISP's hardware outlay
and also lowers the cost of support due to delegated
administration."

http://www.freevsd.org/


-------------------------
(C) 2002 BrainBuzz.com, Inc. All Rights Reserved.
-------------------------
-------------------------

          This message is from CramSession

You are currently subscribed to the following list
   Hottest Linux News and Resources
   as: sean@ertw.com

To un-subscribe from this newsletter by e-mail,
   send a blank email message to:
   mailto:leave-linuxnews-3825955Y@list.cramsession.com

To subscribe to this newsletter and many others visit
our site at:
http://newsletters.cramsession.com/signup/default.asp

-------------------------------------------------------