Fear the Penguin!
Well ok you don't really need to fear the penguin, but it's good to know just
what the penguin is.
Linux is an open source operating system originally developed by Linus Torvalds. Originally started as a college project by Linus (a native of Finland), which has evolved into a strong competitor to commercial UNIX's (or *NIX's if you prefer), and in some arenas to MS Windows itself. The new kernel for the Linux core is jointly developed by Linus and his core team of programmers. Other applications are often created with input from the general user community and other developers.
I started to get involved in Linux usage through my tinkering with Free BSD.
As I finished up high school I found myself in a position to intern with a
company that was Linux friendly. Currently I am (and have been) a user of
RedHat, Debian and for work Mandrake, distributions of Linux. Each has
their strengths and weakness. My home systems are a RHEL 3WS laptop for work,
and a Fedora Core Linux server for testing. Correction: An astute reader
noted that during my time as a co-admin for the APA Counter-Strike Server
I was also working with SuSE.
Archived Posts (These are items that
are either months old or simply out of date)
Distros, distros, distros: Updated 12-18-06 So it's been pretty quiet on the Vraxx.com front in terms of Linux and Open Source Software. The truth is, with my schedule being what it is, I just haven't the time I used to. That doesn't mean however that I've stopped using OSS. Maximizing my limited hardware I've of course begun using VMWare more and more. Though I no longer have physical hardware dedicated to the cause I do have several VMWare sessions with specific distributions loaded for various testing. Debian 3.1: Been testing it for a while, still same old Debian to me. It's stable, a little more geared towards the command line administrator (wee TWM!) and still to me, more of a server OS. Fedora Core 6: The opposite spectrum of Debian, while trying to maintain their stance as a bleeding edge distro, with a bit of Ubuntu influence put it. The package management isn't significantly changed and I'm slowly getting used to using Yum more on a RedHat based box. Still feels a little more sluggish than I'd like, even in a VM with 1Gig of RAM allocated. RedHat Enterprise Linux 4WS: Here's where I do a lot of my work related testing and security tool loading. Snort, nmap, Ethereal etc. Still works well, though I'm starting to see excessive packages becoming the norm, much like SuSE has been. Ubuntu 6.0: Sadly I more or less chucked Unbuntu as I made my way _back_ to Debian. Dapper Drake was ok, a little more GUI friendly of course than a pure Debian install out of the box. But then again i was just too lazy to load a different desktop manager. MacOS X 10.4.8 (Running on PowerPC not Intel): OK realize this isn't really OSS, it's more like a cousin. Still technically BSD but with a lot more of the source locked away. Still easy to use, but I have noticed quirks with the spooler mechanism and the changes to their CUPS package. |
More Vulnerabilities Found in Linux/Unix Than Windows...: Added 1-4-06 Saw this article posted on Slashdot and thought I'd add my opinions. There were 5198 reported vulnerabilities: 812 Windows operating system vulnerabilities; 2328 Unix/Linux operating vulnerabilities; and 2058 Multiple operating system vulnerabilities. Noting that Linux/Unix has nearly 3 times the number of flaws. Now is this something unexpected? Does it prove what Windows pundits have been saying for years? I don't believe the answer is quite that black or white. A raw count is less important than the nature of the flaw and its accessibility. One thing I'd like to see is a break down between local or remotely exploitable. The vector of the flaw is really what to me, defines how severe a flaw is these days. If you're talking about something in which you already need local access first, then exploit, you can most likely lock this down a bit more. A remotely accessible flaw on the other hand or something which cannot be filtered through system change (IP rules, intercepted), security policy or configuration changes is to me a more severe issue. If you look at the MS exploits, the key problem is the vector is often something that cannot be easily locked down. With Linux/Unix the problem is the myriad of applications written for the OS that can be exploited and a sometimes limited accountability for the application. Neither software model is fool proof, rather there's a pro/con to each. MS generally has fewer known Kernel flaws (yes I'm sure I'll take flack for this statement). While Linux/Unix apps tend to have shorter turn around once the flaw is found. Everything has flaws, it's a question of how the user is able to deal with it. *steps off the soap box* |
| Fun Linux Wallpaper Added 9-15-04 Unfortunately I didn't see an actual author for this wallpaper but here it is. Kill Bill Tux wallpaper (1024x768). Though I'm not big on yellow/yellowish orange I found this to be just too fun to pass up. Click the thumbnail for the full screen version. |
 |
| Samba
Vulnerabilities And A Dose Of Realty Added 9-15-04 While MS-fans will probably claim this is another sign that MS has improved Windows security over Linux, a recently discovered flaw in Samba (a service designed to emulate SMB communication w/Windows hosts) has been patched as of Tuesday (9/14) The potential of a DoS attack in versions of Samba 3.0 to 3.0.6 has been corrected and is available for download. You can find more information here at the Samba.org website. Being fairly even-handed, I just want to remind everyone that this is another reminder that all software can have flaws. The important thing is having a good way to patch and address them. Whether you're running Windows, Linux, FreeBSD or MacOS, remember that you should try as much as possible to ensure that your system is current and well protected. The net is not a safe place. Hell, look what happened in The Matrix. |
| Tale
of Two Browsers Added 7-31-04 There was once a time when the Internet was riddled with information, but only a select view could really make use of it. Those days are but a distant memory to most end-users. However I can remember them fondly, not because they were all that much better than today, but because we didn't have to deal with the slew of Web based flaws. For those who have read my previous articles, you'll realize that I'm something of a pragmatist when it comes to technology. I recognize software for what it is, a potential idea given form. Like anything however software is created by humans and thus is fallible. This has been made most evident by the recently discovered exploits found in Mozilla and Internet Explorer. Most open source supporters would argue that anything MS related is by its very nature flawed, while I'm not championing MS's security record, I realize that everything has a flaw in it. Flaws in Mozilla and FireFox affecting XUL processing and the ability to spoof certificate data and interfaces has many users concerned. Equally unsettling are the recent IE flaws which necessitated patching. It seems that like anything there is a difficult balance to be had between features and accessibility, as well as 'integration' to apps and security. Personally I use either browser fairly liberally. Each has their strong suits and weaknesses, however it appears that we can no longer assume that our passive 'surfing' on the internet is completely safe. While a sad commentary on the world of security and the Internet at large, we can only hope that programmers learn from lessons of the past. |
 FireFox |
|
| About
Friggin Time Added 7-12-04 After a good deal of work, I realized that at some point I had never posted a screenshot of my laptop system "Darwin". Which is running RHEL 3WS on a ThinkPad. Well here it is. Short answer, you'll notice that Yes I do run the BlueCurve desktop, also present are FireFox, OpenOffice, Nmap and ThunderBird. I'm very pleased with the stability of the current builds of all these apps and I think it would be in the best interests of any Linux user or enthusiast to give OpenOffice and the Mozilla projects a once over. |
 |
| Click thumbnail for Full |
Security Study and Some Common Sense Added
2-21-04
Posted yesterday by the folks at mi2g
is this interesting article
outlining their survey of exploited servers in which MacOS X and other BSD
derivatives come out on top. Now of course seeing as how the number of Linux
servers that have been rooted is rather high it leads one to wonder if Linux
servers are any more secure than their Windows counterparts. I'd say probably
not. But look at the source of the problem. Linux has been by and large for
tech savvy users and administrators who are interested in expanding their
knowledge of UNIX/Linux. In comparison Windows Servers (if we're assuming
Windows 2000/2003 Advanced etc) are naturally limited by the sheer fact that
the costs are exorbitant just to get into the game. However since more and
more entry level IT people are becoming exposed to Linux it's proliferation
has expanded while the median skill set of the administrators has become a
bit more base lined. The weak link in the security equation here is mostly
poor network administration. Something that we've seen in spades with many
network operating systems. No operating system is ever 100% secure. That's
a given. However I did feel there was some pandering to the Windows side for
this article in which they specifically omitted anything virus or trojan related
as being "exploited". Having been an admin for NT, Linux and BSD
based systems I can tell you they each have their flaws, what's key however
is "where" and "how" that flaw can become exploited. Most
of the posted flaws for Linux systems often assume local file access to begin
with. Which, these days is becoming rare (sans File Servers). Security is
not an easy game by any stretch of the imagination but when an Operating System
(not an application, let's make that abundantly clear) has flaws that are
remotely exploited, I tend to assert it's place is not in the wild and wooly
reaches of the Internet. *checks his firewall one more time*
Back
Even MORE Mobile Linux Fun Added
2-7-04
So apparently there is more interest in my tinkering with mobile Linux and
I thought I'd post up the following note for a rather annoying behavior I
found in the hotplug system. [This is used in conjunction with anaconda when
plug/play devices are detected] The configuration file /etc/hotplug/net.agent
handles bootup of hotpluggable net cards, such as PCMCIA WiFi cards.
The following line was added just after the call to invoke the interfaces
if [ -f /etc/sysconfig/network-scripts/wifi-boot ]; then
exec /sbin/ifup $INTERFACE
#disabled call to ifup unless wifi-boot
flag is present
else
mesg "WiFi Interface Not booted"
fi
To make my life easier to manage I made a simple toggle script in /usr/local/bin
called wifi-enable
#!/bin/bash
if [ -f /etc/sysconfig/network-scripts/wifi-boot ]; then
rm /etc/sysconfig/network-scripts/wifi-boot
echo "WiFi cards set to NO-boot"
else
touch /etc/sysconfig/network-scripts/wifi-boot
echo "WiFi cards set to ON for boot"
fi
More Mobile Linux Fun! Added
1-25-04
For a long while I've tried to search for a good write up that reviewed
how to configure the Sprint CF2031 Cellular Modem card for Linux. A lot of
interest was present but so far I have only found one truly valid writeup.
I decided to expand upon it and simplify some of it for the novice user. Credit
is due to James Ptak who's website
http://www.va2600.net/cf2031-howto.htm
provided me the core data needed to configure my RedHat Enterprise 3 laptop
(now a ThinkPad T30)
Some key requirements before you begin:
Kernel 2.4.20 or higher
PCMCIA Card Services: 3.2.1-3.2.4
pppd: 2.4.1
There are two key files you must be concerned with, /etc/ppp/options and the chat script (/usr/local/bin/chat-sprint) used during the dialup. To automate my tasks I created a simple bash script that setup some of the preminary data and handled a slight kludge I had to use in order to get the DNS data properly set. Before you start, upon inserting your Sprint card, be sure to use dmesg output to check what ttyS device the card is associated with. My install of RedHat 3WS automatically aliased /dev/modem to /dev/ttyS1 your distribution may vary.
Source code for my sprint-connect script:
#!/bin/bash
#NOTE that your serial device will vary, replace X with the respective device
number
setserial /dev/ttySX baud_base 230400
pppd #call the pppd executable to begin dialing uses /etc/ppp/options
cp /etc/ppp/resolv.conf /etc/resolv.conf #this was a workaround for some reason
the usepeerdns flag in the options file was not working
Source code for the /etc/ppp/options (as written by James Ptak and
related sources):
/dev/ttySX # Replace this with your device as reported by card services.
230400
mtu 576 # Borrowed from Merlin C-201 HOWTO
mru 576 # Seems to like it this way....eh
defaultroute
usepeerdns
novj
noauth
lcp-echo-failure 0 #
lcp-echo-interval 0 # Also borrowed from C-201
connect '/usr/sbin/chat -v -f /etc/ppp/chat-sprint'
Source for /etc/ppp/chat-sprint:
TIMEOUT 5
ABORT "BUSY"
ABORT "ERROR"
ABORT "NO ANSWER"
ABORT "NO CARRIER"
ABORT "NO DIALTONE"
TIMEOUT 22
"" "AT&F"
"OK" "ATE0V1"
#"OK" "at$qcmip=2" #only used if you have compatibility
issues
#"OK" "at+crm=2" #also used for compatibility
"OK" "ATD#777"
CONNECT ""
You may also want to create an alias that handles the disconnect. The common
method has been to use:
killall pppd
Windows 2003 and Linux Added
1-10-04
OK before you start burning images of Vraxx in effigy this isn't a blurb on
Windows 2003's supposed superiority but rather interoperability. Working for
Xerox I've had the chance to work with several flavors of UNIX, Linux and
custom embedded OS's built into our products. As such I stumbled on something
that many Samba admins are all too familiar. Windows 2003 adds something which
in my mind is just ri-god-damn-diculous. Enter SMB-signing, an optional component
which is now the default behavior during a Windows 2003 installation. This
has caused problems for users utilizing Samba for their SMB client connectivity,
including yours truly. Thankfully Xerox hasn't deployed 2003 often but both
at home testing and during my studies and work I have seen the issues caused
by the inclusion of SMB signing at the file server level. There's security
then there's Microsoft...
If you find yourself having issues there are several sites describing how
to turn off the SMB Signing option. Here's a nice write up by IBM.
Of course I should note that Microsoft says to enable SMB signing on the client
side (which works great if you're only running a Windows shop) but doesn't
tell you there is a slowdown of bewteen 10-15% in SMB performance as a result.
Back
Linux and USB Keys Added
12-26-03
Apparently there is growing interest in the use of USB keys for Linux based
laptops. I thought I'd share my experiences thus far and hopefully it provides
a bit of help for those of you having issues. First things first, I have only
tested USB memory sticks with 2.4.xx based kernels. Mostly due to the improved
USB modules. The one thing to keep in mind is that your Kernel should kick
back a system message upon detection of the USB key when inserted. You can
verify that by using the output from:
dmesg usb usb.c: USB device 2 (vend/prod 0xa16/0x9780) is not claimed by any
active driver. Since the device is tagged as a SCSI device it will commonly map to /dev/sda1 Below is the entry I placed in my /etc/fstab to allow access
You may wish to adjust the umask to allow for non-root users. I have seen some slight compatibility issues with my 128MB MuVo player
by Creative Labs. The initial dmesg info would suggest that the device
did not map properly by the USB module. However using /dev/sdb1 in place
of sda1 seems to have resolved that issue. I'll probably delve more
into this as several users of 2.4.xx based kernels have reported no
issues. |
ThunderBird, Evolution and anything else other
than Outlook Added 12-25-03
Feeling rather guilty and really wanting to get back into my support of open
source software I decided to move all my email client work for Vraxx.com to
Thunder Bird. In the interim I also decided to look at using the Evolution
desktop by Ximian. I can certainly say that I've been pleased with the usability
and features of both apps. While they do lack some of the integration of Outlook
it is reassuring that I can cut through my email w/o having to worry as much
about the myriad of Outlook-centric viruses. If you haven't already done so
be sure to check out the different projects under the Mozilla umbrella at
http://www.mozilla.org.
Now if only I could convince our corporate offices to support the use of non-MS
email clients... Here's to dreaming.
SuSE bought by Novell Added
(Sorry I forget)
I thought I'd add this if only for the sake of noting news other than RedHat
related. It would appear that European favorite SuSE has been acquired by
the folks at Novell. Does this bode well for the distro? Or just bad for everybody
else. We shall see. Thus far Novell has at the very least made for another
opponent to work against the deranged-zealot that is SCO. Don't get me wrong,
if they have a legal claim I'm all for them getting some form of payment (from
corporations like IBM perhaps) but their suit-happy zeal is starting to convince
me that there's some GOOD CRACK to be smoked down at SCO HQ.
Red Hat Enterprise Linux 3 Workstation (WS)
Added 12-10-03
Since I started goofing around with Linux I've seen it evolve literally from
the hobbyist and student OS to an actual, practical mid-range scalable server
OS. From small home offices just using Samba for file sharing to large organizations
using Linux and Apache for web serving, firewall duties, IDS security systems
etc. I thought it only befitting that I should test the new Enterprise Linux
(which is just a more stable build according to RH) for the Workstation user.
Granted this doesn't mean I can't run Apache or other Servers on my WS install
just that it isn't supported.
Overall I found the install to be pain free. Not very different from my Red Hat 9.0 installation a few months ago (logically since it's built on almost the exact same Kernel and package list). The now familiar Bluecurve desktop environment is becoming a little easier to get used to vs. the more strict KDE interface. Stability wise I found no issues (save for those related to my laptop and a freezing mouse thank you to the author of the mouse_uf utility). While I agree the cost of the Service Agreement and the delivery method (the cheapest requires an ISO download) may leave some rather frazzled, I found my install to go fairly smoothly, none of the reported Media issues. Keep in mind I have my reservations about 3WS. Particularly with regards to updates. One of the most recent centered on the do_brk() command which affected the pre-2.4.23 kernels. RHEL 3WS runs a modified 2.4.21 Kernel which thus far appears to have been patched regarding the afore mentioned exploit.
Stability is definitely present, however several packages will be somewhat
dated. If you choose you may of course install an updated RPM (most RH 9 RPMs
will work) or recompile from source if you wish (tends to be more stable).
Back
Fedora First Impressions Added 10-31-03
So having finished my SFF workstation Trowa, I finally had the opportunity
to begin working on my dedicated Linux server for home use and general testing.
With the merger of the Red Hat Linux and Fedora Project, I got around to installing
Fedora Core Linux (test build 3, 0.95) on Valiant a retired 1Gig P3 tower.
So far so good. I've got the box functioning as an interim IDS system and
a Samba server.
UPDATE: With the formal release of Fedora Core 1, I performed a full wipe
and updated. No detrimental effects seen thus far. I have noticed my motherboard
may be going :| So who knows Valiant/Indy may need to be replaced with a cheapo
board later. Update 12-25-03: It is with
a bit of sadness that I report that the test rig "valiant"
which had been used as my Fedora Core 1 test machine has died. Apparently
the motherboard shorted during a brown out recently. Worry not, I'm sure I'll
have the parts for a replacement to valiant, perhaps even another
SFF rig with a wireless bridge connection!
Back
Wireless + Linux = A Good Thing
Now I'll admit getting my 802.11b card to work in Linux has been one of
those things I've wanted to do, but kept putting off. Finally though I
found a few hours to test and to my surprise it actually worked. Like many
of my projects, I had to do my homework first. I'm a fairly good user, but
certainly my coding-fu needs refreshing. Quickly learned how to narrow down
which wireless module to load with my NetGear ME401 (orinoco) and after two
days of banging my head against the wall realized my key mistake. May these
words help you in your future efforts. NEVER EVER FORGET YOUR WEP KEY!
Yes, 2 days of debugging, checking rechecking all for naught because I was
a retard and forgot my WEP key. Perhaps the biggest annoyance is the
need to write up a quick script to correctly run ifconfig and iwconfig to
properly bring up the interface.
Like many others I recommend that you either create a wireless-start script or insert the code into your /etc/rc.d/rc.local startup file. I settled with the following:
#!/bin/bash
ifconfig eth1 up
iwconfig eth1 essid <essid of the access point, blank for any>
iwconfig eth1 enc <WEP key VERY VERY IMPORTANT>
#Don't forget to run the necessary DHCP client if you are obtaining an address
via DHCP
#otherwise use ifconfig to set the parameters for your NIC
dhclient
**SECURITY REMINDER**
For novice users, remember to restrict read access to the start up script.
Since you are entering your WEP key in plain text, you need to insure that
only root or admin users will be allowed to actually access the script to
initialize the wireless network adapter. I set my script to a 'chmod 550'
to insure that only the root user and admin group could run the script
**END OF SECURITY REMINDER**
Since I'm on the go a lot I opted to place this into a quick script file under /usr/local/bin
UPDATE: This is pretty much all moot now since the newest release of the wireless tools package provides a consistent syntax with your ifcfg-<adpter> files for all the afore mentioned parameters. Still the quick script is handy if you change your network frequently as I do.
Dual Booting
One of the most useful aspects, especially for my line of work, is dual
booting. If you're new to Linux or aren't ready to go 100% into it I'd recommend
trying a dual-boot rig setup as an interim.
The following is a quick overview of setting up a machine for a dual boot.
Install your Linux distribution according to the respective setup
