LINUX NEWS
Resources & Links From CramSession.com
Thursday, July 4, 2002
TABLE OF CONTENTS
1) Sean’s Notes
2) Linux News
New Apache Worm
An Open Source Success Story
Mandrake's View on United Linux
Public Disclosure and Apache
3) Linux Resources
TCP/IP Meets Chaos Theory
Seven Common SSL Pitfalls
Configuring GDM
TCP/IP Troubleshooting
Learn EMACS
4) App o’ the Week
~~~~~~~~~~~~~~~~~~~~~~ ADVERTISEMENT ~~~~~~~~~~~~~~~~~~~~~~~
Gain study time and enhance your learning! Hear hundreds of certification exam questions on audio CD or cassettes. Learn while you commute to and from work, exercise, or walk the dog. Ideal for those times when you can’t read. 90-day money back guarantee if you are not happy.
http://ad.brainbuzz.com/?RC06&AI%47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
For information on how to advertise in this newsletter please contact mailto:adsales@CramSession.com or visit http://cramsession.com/marketing/default.asp
1) Sean’s Notes
Last week we looked at file permissions, which allow you to control who can access various files.
http://newsletters.cramsession.com/Newsletters/NewsletterArchive/Li nuxNews/june-27-2002linux.txt
To recap, a file has permissions, an owner, and a group:
-rw-rw-r– 1 root disk 629 Jun 22 00:48 /etc/dumpdates
Here, /etc/dumpdates is owned by the root user and the disk group, is writable by both the user and the group, and readable by everyone. (Remember that there are three groups of three characters in the file mode, corresponding to owner, group, and everyone). In octal, read-write is 6 (4 for read, 2 for write), so the file permission is 664. In this particular instance, the disk group has write permission because it’s used for things like backups. (If you check the raw devices for your hard drive, such as /dev/hda1, you’ll see that “disk” has permissions to read the device too.)
But that first character, it’s an odd one. It’s there to specify what kind of file you’re looking at, including a directory:
ls -ld /etc
drwxr-xr-x 59 root root 5120 Jun 30 14:11 /etc
Here, the /etc directory has a ‘d’ as the first character in the file mode. Just like files, it has an owner and a group (both root in this case), and permissions. The owner has read, write, and execute, where both the group and everyone else have just read and execute.
Execute, as I showed last week, makes the file available to be run. In the context of a directory, though, what does it do? As usual, an example will clear it up.
$ cd /tmp tmp$ mkdir foo tmp$ touch foo/file tmp$ ls foo file tmp$ ls -ld foo drwxrwxr-x 2 sean sean 1024 Jul 3 20:46 foo
So, here is a directory called /tmp/foo, with a file aptly named “file”. The permissions on foo are 775, meaning that unless you’re the owner, or in the group, you don’t have the write bit set. Removing the x bit to everyone:
tmp$ chmod -x foo tmp$ ls -ld foo drw-rw-r– 2 sean sean 1024 Jul 3 20:46 foo tmp$ cd foo bash: cd: foo: Permission denied tmp$ chmod +x foo tmp$ cd foo foo$
Without the x bit, you can’t change into a directory.
What about the “read” bit?
tmp$ chmod 777 foo tmp$ ls foo file tmp$ chmod 111 foo tmp$ cd foo foo$ ls ls: .: Permission denied
With the execute bit there, we can change into a directory, but without the read bit, can’t get a directory listing.
The write bit should be pretty easy to figure out:
tmp$ chmod 555 foo tmp$ touch foo/file2 touch: creating ‘foo/file2’: Permission denied
In case you didn’t guess, you need the w bit to create or delete files (yes, you can edit files if the file itself gives you permission)
So, some common usages.
700 - Private directory, no one can see in
755 - Publicly readable directory. You can create files, everyone else can only read.
777 - World read/write. Be careful, because anyone can erase anyone else’s files!
711 - Full access for you, everyone else can change into your directory, but can’t even get a directory listing.
What good is that last one? Take for example Apache, where you can create a public_html directory to serve user files. If you hit http://server/~sean/, you’d get whatever is in that public_html directory. To access that directory, though, the server (running as user “nobody”) will have to change into /home/sean/public_html. It isn’t going to get to public_html without the execute bit on /home/sean. public_html itself is usually 755, which allows the web server to see what’s there.
Now you’re all set to apply permissions to files and directories. There are still some special options to go, we’ll catch those another time.
Just as a note to anyone who emailed me in the past while and ended up with a bounce message, there were some problems on the email server. It’s all cleared up now, though.
Long live the Penguin,
Sean swalberg@cramsession.com
2) Linux News
New Apache Worm
This worm exploits the recently announced vulnerability in the Apache web server. It’ll only get root on FreeBSD systems, though it’s only a matter of time until Linux and Solaris versions hit the streets. Upgrade Apache, folks!
http://news.com.com/2100-1001-940585.html
An Open Source Success Story
Marty Roesch is the creator of Snort, an amazing intrusion detection system. It started out as a hobby, but has turned into a profitable venture. Read on to find out how he did it.
http://newsforge.com/newsforge/02/06/29/2127239.shtml
Mandrake’s View on United Linux
Mandrake doesn’t plan on joining the United Linux initiative, and here is why. It makes use of some Unix history to point out why UL is a Bad Thing.
http://www.mandrakesoft.com/company/investors/bsa/faq2
Public Disclosure and Apache
Public disclosure, or sometimes “responsible” disclosure is a hot topic in security circles. If you find a vulnerability, how long should you give the vendor to fix it before disclosing details? In the Apache case, ISS decided that a few hours was enough, which led to a chain of events ending up in the Apache worm.
http://www.zdnet.com/anchordesk/stories/story/0,10738,2873254,00.ht ml
3) Linux Resources
TCP/IP Meets Chaos Theory
It’s been long understood that if an operating system doesn’t randomize the TCP initial sequence number, then it is vulnerable to a host of spoofing attacks. This paper applies some chaos theory to the discussion; not only is it informative, but there are some cool pictures!
http://razor.bindview.com/publish/papers/tcpseq.html
Seven Common SSL Pitfalls
SSL is not only for the web–you can use the OpenSSL libraries to protect client-server communications in almost any application. There are many gotchas… this article highlights the common ones.
http://www.onlamp.com/pub/a/onlamp/2002/06/27/openssl.html
Configuring GDM
This article takes you beyond some of the traditional settings in the Gnome Display Manager, and shows you how you can provide a couple of basic services to an X-Windows terminal before the users log in. The article is quick to point out that some of the things could lead to reduced security, but it shows that your system can do something other than just display a login window when no one is using it.
http://www.linuxgazette.com/issue80/nielsen3.html
TCP/IP Troubleshooting
Figuring out the source of a network problem takes some skill, and the ability to use some basic tools. Here is some information on where to start.
http://infocenter.cramsession.com/techlibrary/gethtml.asp?ID57
Learn EMACS
Love it or hate it, EMACS is one of the more popular editors out there. The key sequences make even vi look easy to use, which is why this online tutorial will help you out.
http://www-106.ibm.com/developerworks/education/r-emacs.html
4) App o’ the Week
From the more obscure side of the fence comes the
Controllable Regex Mutilator. It’s basically a filter you can use to categorize text by writing regular expressions, except that it learns as it goes. Practical uses include spam detection, or monitoring of logfiles.
http://crm114.sourceforge.net/
(C) 2002 BrainBuzz.com, Inc. All Rights Reserved.
This message is from CramSession
You are currently subscribed to the following list Hottest Linux News and Resources as: sean@ertw.com
To un-subscribe from this newsletter by e-mail, send a blank email message to: mailto:leave-linuxnews-3825955Y@list.cramsession.com
To subscribe to this newsletter and many others visit our site at: http://newsletters.cramsession.com/signup/default.asp