Cramsession Linux Newsletter

home

Aug 15 2002

                    LINUX NEWS
            http://www.Cramsession.com
           August 15, 2002 -- Issue #94

TABLE OF CONTENTS

1) Sean’s Notes

2) Linux News

KDE Smokes MS In SSL Bug Fix
Security -- Technology or People?
Linux in the Palm of Your Hand
It's Hammer Time!

3) Linux Resources

Technical Conference Presentation Tips
Customize That Prompt!
SysRq Mode
Load up Webmin
Modern Distributed File Systems

4) App o’ the Week

~~~~~~~~~~~~~~~~~~~~~~ ADVERTISEMENT ~~~~~~~~~~~~~~~~~~~~~~~

Linux Administration Resource Kit: This $119.97 value is available for just $9.99. Learn about installing Linux on one PC or an entire network, integrating Linux into any network topology and troubleshooting installation, configuration, and networking glitches. Click below for details.

http://ad.brainbuzz.com/?RC06&AIU69

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

For information on how to advertise in this newsletter please contact mailto:adsales@CramSession.com or visit http://cramsession.com/marketing/default.asp

1) Sean’s Notes

Some days I have to wonder at why the people who run Microsoft products put up with some of the things they do.

Take for example, security patches. As I see it, there are two challenges involved with them. First, get the patches out to the appropriate machines. Secondly, be able to audit a computer to ensure compliance to your security baseline.

With five or so servers, it’s all pretty easy. You can go to each machine, manually check each one, and install what ever is needed. When you get to 20, 50, 100+ servers, things become a bit more complicated.

Microsoft was kind enough to put out the Baseline Analyzer, and HFNetChk which let you get some degree of automation. There are also third-party utilities that do much the same. However, when neither of them give a satisfactory answer, or worse, different answers, what do you do?

Since it’s all closed, you don’t know what method it’s using to determine if the patch is applied. Since everything is hidden from you, it’s difficult to do it yourself. So, you end up with an automated process done with a tool, followed by some home grown batch files, and finished up with you having to take a peek at each server anyway.

Linux, on the other hand, hides very little. What you see is what you get. No registry you have to check to see if the right key is there, the permissions are very simple and easy to fix. In short, almost any administrative task can be scripted and rolled out to dozens, nay, thousands, of workstations and servers.

Someone in such a job might designate one machine (or a cluster) to be the “patch master”. It will have all the latest packages, either exported by NFS if that’s what your environment is, or http/ftp. Furthermore, by taking advantage of SSH’s keys, you can ensure that root can securely log in from that machine to all other machines without passwords. Standard disclaimers about “protect this machine” apply, which is why limiting what it does outside of the patch functions is a necessity.

One way of keeping on top of your machines might be to nightly dump the output of “rpm -qa” from each box into a SQL database. Whenever you need to perform an audit, simply compare the values you have stored.

Likewise, patching is fairly easy:

ssh server1 rpm -U http://patchserver/patches/foo-1.1.2-1.i386.rpm

Iterate through each server (or fork off some helper processes to do it in parallel), and all your servers are up to date. Since very few upgrades require a reboot, your changes are instantly applied. The nice, easy, format of the RPM distribution lets you restart daemons from within the RPM, ensuring that every upgrade is performed exactly the same.

You could also take the opposite approach, of letting each workstation determine its status, and upgrade itself. While it’s equally workable, I prefer the audit trail and certainty of pushing the patches from a server, versus pulling them from the client. Furthermore, it lets you control when stuff goes out, so that it can be properly tested.

Finally, with Open Source tools, you can have a patch available hours after the bug is found. 24 hours after the recent Apache bug was found, the team had a new release. Patches and updates to CVS are usually available within a few hours after a bug. Combine that with strong package management and creation, and you can have a solution ready for your users, and still make it home in time for dinner.

As a Unix administrator, one of your greatest assets is your ability to automate routine tasks such as patches and upgrades. It frees your time up to do more important things, like evaluating 3D video cards by testing them with the latest games :)

Long live the Penguin,

Sean mailto:swalberg@cramsession.com

2) Linux News

KDE Smokes MS In SSL Bug Fix

Earlier this week, a bug in some implementations of SSL was found that could let nasty people impersonate an SSL connection on the IE and Konqueror browsers. Surprise, surprise, it’s fixed in Konqueror, while MS is still spinning their wheels.

http://online.securityfocus.com/news/575

Security – Technology or People?

This is a very long (but interesting) account of an interview with Bruce Schneier, a noted security expert. It’s got some of Bruce’s regular quotes, but a lot of new stuff as well, especially dealing with applying his computer security principles to airport security.

http://www.theatlantic.com/issues/2002/09/mann.htm

Linux in the Palm of Your Hand

“The Zaurus is the first mass-market Linux PDA to hit the market. I believe Linux fans will herald the move and welcome and embrace the Zaurus. But, what about everyone else? Will the PDA-buying public be willing to bet on the Zaurus instead of one of the better-known available models?”

Read on to find out.

http://www.msnbc.com/news/792040.asp?cp1=1

It’s Hammer Time!

Red Hat has announced that it will be providing support for AMD processors based on the 64-bit hammer technology. This means that there will be software built in a 64-bit environment, and fully backed by Red Hat.

http://www.amdzone.com/releaseview.cfm?ReleaseID02

3) Linux Resources

Technical Conference Presentation Tips

I’ve given a few talks in my life, they’re a great way to share knowledge, or at least to make a fool out of yourself. I’m always on the lookout for tips on how to give a good presentation. This one, written by a Perl fanatic, is full of good advice, and it had me in stitches.

http://perl.plover.com/yak/judo/presentation/

Customize That Prompt!

The shell is extremely flexible, right down to the prompt itself. This article walks you through customizing the text and color of your shell, even making sure that any X-Terms have the right title displayed! This is a handy skill to have; other than aesthetics, it can save you time figuring out what server you’re on when you’ve got a handful of sessions open, among other things.

http://www-106.ibm.com/developerworks/linux/library/l-tip-prompt/

SysRq Mode

SysRq mode is a very under-documented feature of the Linux kernel. It’s mostly for kernel developers, so they can get information off of a hung system, but it can do some handy things for people who live in userland.

http://www.linuxgazette.com/issue81/vikas.html

Load up Webmin

I’ve received several comments from people about Webmin, a web-based administration interface. It’s really slick: you can delegate tasks to certain users, and it’s very easy to understand. This article walks you through the installation and basic usage.

http://www.linuxbeginner.org/modules.php?name=News&file=article&sid e

Modern Distributed File Systems

Here’s an article that looks at various ways of making filesystems available over the network. Other than the traditional NFS (network file system), many other methods are investigated in the article. There’s even stuff on support for WebDAV.

http://www.linuxplanet.com/linuxplanet/reports/4361/1/

4) App o’ the Week

“freeVSD is an advanced web-hosting platform for ISPs, educational institutions, and other large organisations. It allows multiple Virtual Servers to be created on a single hosting server, each with a truly separate and secure web- hosting environment. This reduces an ISP’s hardware outlay and also lowers the cost of support due to delegated administration.”

http://www.freevsd.org/

(C) 2002 BrainBuzz.com, Inc. All Rights Reserved.

      This message is from CramSession

You are currently subscribed to the following list Hottest Linux News and Resources as: sean@ertw.com

To un-subscribe from this newsletter by e-mail, send a blank email message to: mailto:leave-linuxnews-3825955Y@list.cramsession.com

To subscribe to this newsletter and many others visit our site at: http://newsletters.cramsession.com/signup/default.asp

github.com/swalberg
twitter.com/seanwalberg