Cramsession Linux Newsletter

home

Mar 21 2002

                    LINUX NEWS
        Resources & Links From CramSession.com
             Thursday, March 21, 2002

TABLE OF CONTENTS

1) Sean’s Notes

2) Linux News

Lindows is OK
Linux Will Prevail
Bynari Exchange Compatibility
Mandrake Announces New Release

3) Linux Resources

Hardening Sendmail
What's My Name?
Skirting Some Common Samba Problems
Business Card Rescue CD
How's Your Heartbeat?

4) App o’ the Week

~~~~~~~~~~~~~~~~~~~~~~ ADVERTISEMENT ~~~~~~~~~~~~~~~~~~~~~~~

Try Our IT Certification Courses FREE! SmartCertify Direct gives you classroom-quality IT training at a fraction of the cost of traditional courses. You’ll get 24-hour online mentoring from certified advisors, hands-on interactive exercises, the popular Test Prep exams and more! Choose from MCSE, Cisco, A+, CIW, Linux, and many other courses. Click below to try them all FREE and register to WIN a state of the art Dell PC!

http://ad.brainbuzz.com/?RC06&AIP36

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

For information on how to advertise in this newsletter please contact mailto:adsales@CramSession.com or visit http://cramsession.com/marketing/default.asp

1) Sean’s Notes

Last week, I went over the basics of the GNU Privacy Guard and public key cryptography. We generated a key pair, and learned a couple of commands to manage keyrings. The article is here, for those who are just tuning in, or want to review.

http://ertw.com/~sean/newsletter/March+14%2C+2002

One of the problems with this system of email encryption is that you need to have someone’s public key before you can encrypt email to them. Public sites, called keyservers, have sprung up to solve this problem. GPG has the capability to import and export over the Internet directly to the keyservers (they all replicate, so you only need pick one).

If you browse to http://www.keyserver.net, you can search for an email address to find people’s keys. Go ahead, look me up. My email address is “swalberg@cramsession.com”. When it returns, you’ll see my name and key id, “FE257047”. You can either click on the keyid, do a cut and paste, and a gpg –import like we did last week, or take the easy way out:

$ gpg –keyserver wwwkeys.pgp.net –recv-keys FE257047

If you really want to save some time, you can add

keyserver wwwkeys.pgp.net

into your ~/.gnupg/options file, and it will be your default keyserver.

Again, a “gpg –list-keys” should show my key in your ring.

While we’re at it, you can upload your key to the key server.

$ gpg –send-keys FE257047

(Though you’ll want to replace FE257407 with your keyid; it’s shown in the list-keys output)

Now you can get someone’s key from the server, and get your own key there for others to download. You’re ready to encrypt a message!

For this, I’m going to assume you’ve got a message in a file called message.txt. You want to encrypt it, and send it to someone.

$ gpg -sea -r RECIPIENT message.txt

You need a passphrase to unlock the secret key for user: “Sean Walberg (Linux News) <swalberg@cramsession.com>” 1024-bit DSA key, ID FE257047, created 2001-10-26

Here, I type in my secret password, the message is encrypted and signed, and I’m done. A quick explanation of the command line options is in order, though:

-s means that the message is to be signed. Signing a message requires your secret key, so that’s why you were prompted to unlock it.

-e means to encrypt the message. You need the other guy’s public key for this, but you’ve got that on your ring, right?

-a means that the message is to be ASCII armored. Take a look at the output, message.txt.asc. It’s all text (gibberish, but text nonetheless). Try it again, without -a, it’ll be all binary.

-r specifies the recipients. Here, we can give a keyid, an email address, or anything else that uniquely identifies it on our keyring.

Finally, “message.txt” says what file we want to operate on. The output will be message.txt.asc. Toss that in an email, send it off, and you’re done.

Decrypting the output is a lot easier.

$ gpg message.txt.asc

You need a passphrase to unlock the secret key for user: “Sean Walberg (Linux News) <swalberg@cramsession.com>” 1024-bit ELG-E key, ID 07DA80CE, created 2001-10-26 (main key ID FE257047)

gpg: encrypted with 1024-bit ELG-E key, ID 07DA80CE, created 2001-10-26 “Sean Walberg (Linux News) <swalberg@cramsession.com>” gpg: Signature made Wed 20 Mar 2002 08:10:29 PM CST using DSA key ID FE257047 gpg: Good signature from “Sean Walberg (Linux News) <swalberg@cramsession.com>”

Here, I ran GPG on the file. It asks me for my passphrase, unlocks my secret key, and uses it to decrypt the message that was encrypted with my public key. The output is now in message.txt. The final few lines let me know that the message was signed, and that it was able to verify the signature.

That’s GPG in a nutshell. Mail clients make it a lot easier to use. For example, if you give Evolution your KeyID, it will handle it all automatically. Just click “Security->PGP Encrypt”. PINE users can download PinePGP (it might be on your system). Redhat users can type “pinegpg-install”, and your configuration will be updated to handle this all.

GPG doesn’t have to be used only for encryption. If you’re making a public posting, you can sign it (no encryption) so that people can verify that the message hasn’t been altered, and that you in fact wrote it.

So generate that keypair. Upload it to the servers. Encrypt your mail when possible. Feel free to send one this way, and let me know how your GPG experiences are going.

Long live the Penguin,

Sean mailto:swalberg@cramsession.com

2) Linux News

Lindows is OK

A while back, Microsoft decided that “Lindows” was too close to “Windows”, and chose to sue for copyright infringement. Not only did they lose, but the judge wrote in his ruling that Microsoft’s “Windows” name might be too generic to qualify for trademark protection. Somehow, I can’t see Microsoft pushing the issue any further.

http://www.theregister.co.uk/content/4/24483.html

Linux Will Prevail

Cramsession user Breakology posted a link to an article seen here before, and it’s generated some interesting conversation on the Linux-General board. Give us your best “Linux is like a car” analogy, or your opinion on anything in general!

http://boards.cramsession.com/boards/vbm.asp?mQ0028

Bynari Exchange Compatibility

In Exchange, everything is a message. A calendar item? Email? All the same, it’s just the way they’re interpreted. Bynari took this, and wrote a product that makes any IMAP4 mail server able to do calendar requests through a plug-in for the Outlook client. Result? You can have Exchange functionality without needing the Exchange server!

http://www.linuxplanet.com/linuxplanet/reports/4099/1/

Mandrake Announces New Release

Mandrake is a popular distribution with lots of packages. Version 8.2 was just released. Some features that look interesting are encrypted file system support, software to remotely control X sessions, and the latest applications.

http://www.linux-mandrake.com/en/82announce.php

3) Linux Resources

Hardening Sendmail

Sendmail gets a bad rap for being insecure, due to incidents in the past. I’m a huge sendmail fan, which is why this article appeals to me. It dispels some of the myths associated with this MTA, and goes on to show how to use it in production, along with all its security features.

http://linuxjournal.com/article.php?sidW53

What’s My Name?

No matter which operating system you run, if you’re running several servers, you’re going to run into the old “what do I call it?” problem. SUN has put together some great ideas on ways to keep your data center straight, even getting down into how to name your disks!

http://www.sun.com/blueprints/0501/Naming.pdf

Skirting Some Common Samba Problems

“Samba is the most common open source file and print server, but its administration is not without potential quirks. With Richard Sharpe’s guidance, password incompatibilities and configuration differences will be a thing of the past.”

http://www.linuxworld.com/linuxworld/lw-2000-11/lw-11-samba.html

Business Card Rescue CD

There are a few rescue CDs small enough to fit on a mini CD, but I haven’t seen any as powerful as this. ext3, ssh, and lots of other tools are in one handy spot if you ever get into a pinch.

http://www.gnumonks.org/ftp/pub/distributions/redhat-addons/rescue- cd/

How’s Your Heartbeat?

Most articles to do with Linux clustering look at the Beowulf cluster, where a process is run in parallel across many nodes. Another method of clustering lets you run two machines as if they were one, if one fails, the other takes over. This is sometimes known as High Availability (HA). The heartbeat package is one way of implementing HA, and this article has a good description of how to set it up.

http://www.linuxjournal.com/article.php?sidX62

4) App o’ the week

Internet access blocked by a proxy, only letting HTTP and SSL through? This application can be used to build an SSL tunnel through your proxy server, and supports a wide variety of features.

http://www.r00t3d.org.uk/

(C) 2002 BrainBuzz.com, Inc. All Rights Reserved.

     This message is from CramSession.com.

You are currently subscribed to the Hottest Linux News and Resources as: sean@ertw.com

To un-subscribe from this newsletter by e-mail: send a blank email message to: mailto:leave-linuxnews-3825955Y@list.cramsession.com

To Subscribe to this newsletter by e-mail: send a blank email message to:

mailto:join-linuxnews@list.cramsession.com

github.com/swalberg
twitter.com/seanwalberg