Cramsession Linux Newsletter

home

Feb 1 2001

                    LINUX NEWS
        RESOURCES & LINKS FROM BRAINBUZZ.COM
            Thursday, February 1, 2001

TABLE OF CONTENTS

1) Sean’s Notes

2) Linux News

Microsoft's New Product
More on the Ramen Worm
SUN Shines on GNOME
2.4.1 Released

3) Linux Resources

Star Office Patches Available
GIMP Essential Reference
Using Kerberos
New Freshmeat
FTP and your Firewall

4) App o’ the week

~~~~~~~~~~~~~~~~~~~~~~ ADVERTISEMENT ~~~~~~~~~~~~~~~~~~~~~~~ AUDIOWHIZ

Gain study time and enhance your learning! Hear hundreds of certification exam questions on audio CD or cassettes. Learn while you commute to and from work, exercise or walk the dog. Ideal for those times when you can’t read. 90 day money back guarantee if you are not happy.

http://ad.brainbuzz.com/?RC06&AI64

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

For information on how to advertise in this newsletter please contact mailto:adsales@BrainBuzz.com or visit http://cramsession.brainbuzz.com/marketing/default.asp

1) Sean’s Notes

* Running BIND? Serious bugs found. Check out: * * http://www.isc.org/products/BIND/bind-security.html *

While the Ramen worm that came out the other week didn’t cause a huge stir, it does show that people aren’t security conscious. Even if your machine doesn’t have any important data on it, a security breach is inconvenient. It can also result in your machine being used as a place from which a cracker[0] can mount an attack, or run a warez[1] site.

Securing your box starts right after it finishes booting for the first time. Here is my checklist of things I do after the install:

1) Go to the distro’s web site and download any patches. Apply them.

RedHat - http://www.redhat.com/errata Debian - http://www.debian.org/security Mandrake - http://www.linux-mandrake.com/en/security/

2) Run through /etc/inetd.conf. Comment out any services I don’t want to run, especially stuff like the R*[2] utilities, FTP, etc. I can add anything later, once I’m ready to configure it properly.

3) Eyeball the packages that were installed, and remove anything I don’t want. RedHat is notorious for installing extra stuff.

4) Find out what services are running at boot. In RedHat, I can do–

chkconfig –list | grep :on

–to find out what’s being started. Furthermore–

chkconfig sendmail off

–will turn off the sendmail process. Not running a mail server? You don’t need sendmail started. Things like portmap, ypbind, netfs should be turned off unless you’re running NFS or NIS. Plan on being a print server? Probably not, so you don’t need lpd. That’s one of the Ramen worm’s targets.

5) I then make a note of what is going to be running on boot up, and start configuring it. Nothing should be running with the defaults.

6) Peek at /etc/passwd… What accounts are there? Is there a valid shell?

7) Install SSH. http://www.openssh.org

8) Set up wrappers. Put “ALL:ALL” in /etc/hosts.deny, and then let in machines from hosts.allow. “man hosts_access” for the syntax.

9) Reboot the computer. When it comes back up, check the process listings and boot logs to see if the changes have had the desired effect.

10) Resolve to keep an eye on logs. Having a program parse them and email them is a good thing, try “logcheck” from the Abacus project.

http://www.psionic.com/abacus

Portsentry, from the same site, is another good program to help secure your box.

11) Resolve to keep up on updates. The sites I listed above for downloading updates usually have an address where you can subscribe to a list that lets you know when something is new. If you did, then things like the Ramen worm won’t scare you. The vulnerabilities it exploited have had patches available for quite some time.

This may all seem like a lot, but it takes less than half an hour. The steps listed above will shut down the script kiddies, and let you get on with your life.

Anything to add to this list? Security concerns? Questions about Linux? The Linux news board is open 24x7.

http://boards.brainbuzz.com/boards/vbt.asp?b2

Long live the Penguin,

Sean swalberg@brainbuzz.com

FOOTNOTES

[0] - Hacker good, Cracker bad. A hacker is someone with a knack for computers, a cracker is someone who uses that knack to cause harm. [1] - Illegal software [2] - rsh, rcp, rexec, rlogin - these utilities were designed to copy/run programs between trusted systems. Now, nothing can be trusted. SSH can securely replace these.

2) Linux News

Microsoft’s New Product

We’ll start off this week’s resource section with a light one. First you have Windows CE, then ME, and finally NT. What do you get when you put them all together?

http://www.geocities.com/rcwoolley/

More on the Ramen Worm

The Ramen worm targeted RedHat 6.2 and 7.0 machines that weren’t up on their security patches. This release from RedHat shows the vulnerabilities, and the necessary patches.

http://www.redhat.com/support/alerts/ramen_worm.html

SUN Shines on GNOME

In case you haven’t heard, SUN Microsystems, maker of that wonderful operating system called Solaris, has embraced the GNOME windowing environment. In this interview, John Heard, manager of architecture and strategy at Sun, talks about where SUN wants to go with this technology.

http://linuxpower.org/display.php?id 2

  2. 1 Released

    The kernel team has been busy. 2.4.1 promises some features left out of the 2.4.0 release, including ReiserFS. Grab it from your local mirror and patch up!

http://www.kernel.org/

3) Linux Resources

Star Office Patches Available

Anyone who has used Star Office knows that it’s pretty good, but far from perfect. Since the 5.2 release, they’ve done a lot of work, fixed a lot of bugs. Go here to grab the latest patches for Star Office 5.2.

http://supportforum.Sun.COM/cgi-bin/WebX.cgi?officePatchPage

GIMP Essential Reference

The GNU Image Manipulation Program is a great piece of software, but the plethora of options can be intimidating and even confusing. Take a peek at my review of this reference guide, which promises to shed some light into the darkest of the corners of the GIMP.

http://itresources.brainbuzz.com/tutorials/tutorial.asp?t=S1TU1130

Using Kerberos

It’s there, but what does it do? Kerberos is a distributed authentication mechanism, but incorporates strong cryptography. If you have multiple Unix systems, you may want to consider running Kerberos to reduce the user administration you have to do.

http://www.redhat.com/support/manuals/RHL-7-Manual/ref-guide/ch-ker beros.htm l

New Freshmeat

Freshmeat has just undergone a redesign. If you’ve never visited it before, it’s a searchable index of useful software. Freshmeat II promises better categories and a host of new features. Check it out!

http://www.freshmeat.net

FTP and your Firewall

FTP transfers data by building a data channel from the server back to the client. This, of course, doesn’t make firewalls happy. This article gives the details, and shows you how to make it all work.

http://itresources.brainbuzz.com/tutorials/tutorial.asp?t=S1TU1057

4) App o’ the week

With Napster gearing up to charge for usage, I thought I’d pass along a link to this system. Mojonation is a distributed filesharing and searching architecture with a twist – pay for downloading with a currency called “mojo”. Earn mojo by providing services to the Mojonation.

http://www.mojonation.net

(C) 2001 BrainBuzz.com. All Rights Reserved.

     This message is from BrainBuzz.com.

You are currently subscribed to the Hottest Linux News and Resources as: sean@ertw.com

To un-subscribe from this newsletter by e-mail: send a blank email message to: mailto:leave-linuxnews-3825955Y@list.cramsession.com

To Subscribe to this newsletter by e-mail: send a blank email message to:

mailto:join-linuxnews@list.brainbuzz.com

github.com/swalberg
twitter.com/seanwalberg