Cramsession Linux Newsletter

home

Jan 30 2003

                    LINUX NEWS
        Resources & Links From CramSession.com
             Thursday, January 30, 2003

TABLE OF CONTENTS

1) Sean’s Notes

2) Linux News

Interview With Alan Cox
PostgreSQL Wins Over .ORG
Homeland Security Chooses Linux
Mandrake 9.1 Beta Review

3) Linux Resources

Inspiring Work
Sean's Obsessions
How To Be A Programmer
User Mode Linux?
PHP Caching

4) App o’ the week

~~~~~~~~~~~~~~~~~~~~~~ ADVERTISEMENT ~~~~~~~~~~~~~~~~~~~~~~~

Serebra Learning Corporation knows that it’s true: you get paid more if you have the skills. Learn at your own pace with our dynamic training programs for the skills needed to succeed in today’s IT market. The Best Way to Learn Anything, Anywhere, Anytime. Check out this month’s specials!

http://ad.brainbuzz.com/?RC153&AIY17

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

For information on how to advertise in this newsletter please contact mailto:adsales@CramSession.com or visit http://cramsession.com/marketing/default.asp

1) Sean’s Notes

I was going to write about Apache configuration this week, but this Slammer thing has got me in a knot. (Yes, it ruined a perfectly good Saturday afternoon)

For those that are behind the news, Slammer is a worm that attacks Microsoft SQL 2000 Servers, including the servers that are part of MSDE (the mini-SQL Server included with some packages, everything from Visio to Cisco Call Manager). 376 bytes of UDP payload, it overflows a buffer in a rarely used service, and enters an infinite loop trying to infect others. Since it’s written in machine code, it’s fairly fast.

This, of course, is a Linux newsletter. However, many lessons can be learned no matter what the OS.

The first, obviously, is to patch your systems. Try telling that to someone with a hundred boxes. Even Microsoft was hit by the worm. If the vendor themselves can’t keep their systems up to date, what hope do you have?

No matter what distribution you run, subscribe to their security mailing list. If you’re a Red Hat user, I strongly urge you to shell out the $5US/month, and put your server on the Red Hat Network. The first one is free, and not only will it email you when a system becomes out of date, but you can push patches over the web. It’s a lifesaver once you have more than half a dozen machines. If this isn’t an option, look on a site like freshmeat.net for something that can help you keep up to date.

The second lesson is a call to the developers – if you accept data from the network, don’t trust it! Bounds check your strings. If you’re expecting 30 bytes, ensure you only read 30, and not 31 or more. This mistake is almost unforgivable – we’ve known about this type of attack for decades. It’s especially unforgivable from a company that not only claims to hold security paramount, and who also closes off their software to inspection from the user.

It shouldn’t need to be said that Internet facing systems should have as little as possible exposed to the public. I’ve yet to run across a situation where I’ve needed my database ports to be open to everyone.

Network administrators, you’ve got a part in this too. UDP traffic leaving your firewall, except from your DNS servers, is fairly rare. Unless you know what it is, don’t let it out. And filter! Don’t allow private addresses out to the Internet!

One of the things this worm did was to flood the network with traffic, in an attempt to find more victims. As such, it probably rendered your network management system ineffective, and also limited your ability to manage switches to find out who was the victim. A packet sniffer is an indispensable tool at this time, letting you watch all the traffic on the wire, which would point you toward the victim. In this case, the source address was left intact, so you’d quickly see who it was. If the source address were forged (and I’ll bet the next mutation is), you’re stuck looking at MAC addresses.

Ethereal (http://www.ethereal.com) is a powerful, free, packet sniffer. It even runs on Windows (much slower, because of the extra libraries, but it works). Keep it loaded on your laptop for such an emergency (not only is a packet sniffer a good idea in these situations, it solves a wide variety of problems too).

Practice for such an emergency. Know how to quickly take your network off the Internet if such a situation arises. Document your connections to other networks, such as extranets and VPNs. Filter incoming traffic, and only allow what’s necessary.

Finally, demand more from your software vendors. Open Sourced software has its share of bugs, but you also have a lot of choice.

Slammer, like all the worms before it, and the ones that will surely come after it, show how fragile the Internet is. Not only must we protect ourselves from the rest of the ‘Net, but we must also be “Good Internet Neighbours”, and make sure that we’re not going to infect other people.

Linux and Open Source build on these communities. We often trust the software we install, knowing that someone is looking out for us. Often, someone is – code reviews are an ongoing thing. But if you choose to use the software, you must join the community, even if you don’t say anything. Keep up to date. Be a good neighbour. Learn, and share the knowledge.

On another note, this is the last issue of the Cramsession Linux News that I’ll be writing. Sean McCormick, who filled in for me at the beginning of the year, will be picking it up from here. I thank all my readers, especially those that wrote in with their comments and suggestions. I enjoyed writing each and every of the 114 issues over the past couple of years, and I wish Sean M. the very best as he continues on.

Best of luck, fellow Linux fans. The Penguin lives on.

Sean swalberg@cramsession.com

2) Linux News

Interview With Alan Cox

Alan Cox has been involved with Linux almost as long as it’s been around. He’s currently working for Red Hat, being paid to work on the kernel and squash customer bugs. This interview touches on his thoughts about Linux, and Microsoft’s announcement that they’re letting select governments see the source to Windows.

http://www.zdnet.com.au/builder/program/work/story/0,2000034960,202 71528,00.htm

PostgreSQL Wins Over .ORG

“PostgreSQL developers and advocates notched up a significant win for the open source database following the successful transition this month of the .ORG domain registry to the object-relational management system.” PostgreSQL kicks some serious ass, and I’m glad to see that it’s getting into some critical systems.

http://www.computerworld.com.au/idg2.nsf/All/2ADD84E6EBCEADE9CA256C B30075FA01!OpenDocument

Homeland Security Chooses Linux

The US Department of Homeland Security recently moved their website over to Oracle and Linux. Linux in government… Good stuff!

http://newsforge.com/article.pl?sid/01/27/1831240&tid=2

Mandrake 9.1 Beta Review

This review, with several screenshots, takes a look at Mandrake’s upcoming offering. Several things, including font handling, are looked at.

http://www.distrowatch.com/dwres.php?resource=review-mandrake

3) Linux Resources

Inspiring Work

“Work” was a column in a trade rag that I looked forward to every month. It was written by a couple of old Unix gurus who would tackle everyday problems with a bit of Unix magic. Not only did it help me in my own work, but it inspired me and influenced the way I wrote the Linux News. Though they’ve stopped publication, the archives are here.

http://www.alumni.caltech.edu/~copeland/work/index.html

Sean’s Obsessions

A few days before I learned about the cancellation of the Linux News, I started a blog to speak my mind about various technical topics. With a bit more free time on my hands, I might even manage to keep it updated.

http://ertw.com/blog/

How To Be A Programmer

“This long essay attempts to summarize the non-technical things that I wish someone had explained to me at the beginning of my career as a professional programmer.” As someone who’s held down a couple of programming jobs, I agree with what this guy is saying.

http://samizdat.mines.edu/howto/HowToBeAProgrammer.pdf

User Mode Linux?

As an alternative to running Linux under a virtual machine, such as VMWare, you can run Linux under… well… Linux. It’s called “User Mode Linux”, and the whole system runs as a userland task. This IBM tutorial takes a closer look.

http://www-105.ibm.com/developerworks/education.nsf/linux-onlinecou rse-bytitle/7E31B64596CDAAFB86256CB7004E9978?OpenDocument

PHP Caching

One of the things that’s always irked me about embedded code in HTML is the overhead of compilation, and the lack of persistence between successive hits. This article proves me wrong, showing how this can be attained, and decreasing processor overhead in the process.

http://www.sysbotz.com/articles/phpcache.htm

4) App o’ the week

“Snare” is a series of kernel modules and userland software that provide detailed auditing down to the system call level. It’s similar to some of the things that NT has, such as logging who touched a file, and what various processes are doing. There’s even a GUI for log viewing.

http://www.intersectalliance.com/projects/Snare/

(C) 2002 BrainBuzz.com, Inc. All Rights Reserved.

      This message is from CramSession

You are currently subscribed to the following list Hottest Linux News and Resources as: sean@ertw.com

To un-subscribe from this newsletter by e-mail, send a blank email message to: mailto:leave-linuxnews-3825955Y@list.cramsession.com

To subscribe to this newsletter and many others visit our site at: http://newsletters.cramsession.com/signup/default.asp

github.com/swalberg
twitter.com/seanwalberg