Date: December 24, 2007. Categories:
linux.
Welcome to Linux Screw! If you're new here, you may want to subscribe our RSS feed.
The National Security Agency (NSA) recently issued security configuration guides for various operating system, including MAC OS X, Windows, Linux and Solaris. The published guides are used by the government and are pretty interesting.
Guide for Linux is presented as Hardening Tips for the Red Hat Enterprise Linux 5 and Guide to the Secure Configuration of Red Hat Enterprise Linux 5. Of course most of recommendation suit other distributions. Here is the introduction quote from latter guide:
The purpose of this guide is to provide security configuration recommendations for the Red Hat Enterprise Linux (RHEL) 5 operating system. The guidance provided here should be applicable to all variants (Desktop, Server, Advanced Platform) of the product. Recommended settings for the basic operating system are provided, as well as for many commonly-used services that the system can host in a network environment.
The guide is intended for system administrators. Readers are assumed to possess basic system administration skills for Unix-like systems, as well as some familiarity with Red Hat’s documentation and administration conventions. Some instructions within this guide are complex. All directions should be followed completely and with understanding of their effects in order to avoid serious adverse effects on the system and its security.
Above mentioned guide covers the following directions: system-wide configuration (for example, iptables and ip6tables setup, logging, selinux and etc.) and services configuring (SSH, Avahi server, MTA, LDAP and many others).
Linux Screw (and NSA btw 
) strongly recommends every system administrator to get familiar with this guide(s).
Thanks to G-Loaded! (Technology and Open-Source Software related journal).
Share This
Nmap is well known open source tool for security auditing and many other related network exploring activities. Here is it’s developers' description taken from their site:
Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and both console and graphical versions are available.
Few days ago latest version 4.50 of this outstanding tool was released celebrating 10 years anniversary. Among notable changes are Zenmap GUI, new generation OS detection, the nmap scripting engine, new host discovery system, advanced 
traceroute and ~ 1500 new version detection signatures. Full changelog is here, binary packages for almost all operating systems (including Linux, BSD, Windows) can be downloaded at project’s download page.
One of major changes in 4.50 is multi-platform Graphical User Interface (GUI) that would be helpful for nmap newbies as well as experienced people. Manual page is here, screenshot is right 
Share This
Apturl allows to install Ubuntu packages using apt:pkgname like syntax with any compatible browser like Firefox, Konqueror or other. Let me note that apturl comes with Ubuntu Gutsy 7.10 by default and is very useful while placing links through manuals, howtos etc. For example, to install ntop utility in Ubuntu I'd suggested to run the following command from terminal: sudo apt-get install ntop, but now I can just place the link like this: hey, install ntop by clicking here!
Here is graphical representation of this example:
After you click pressing "ok" button Ubuntu will start installation process of certain package:
I hope this would be useful for bloggers writing manuals for Ubuntu Gutsy users. Real thanks apturl’s author Harsh J (aka Qwerty Maniac).
Share This
Date: December 11, 2007. Categories:
linux.
Sander Marechal published at LXer interesting observations on file defragmentation that is would be needed in Linux:
I still wondered how on earth it was possible the 100k+ files in Gentoo’s portage system - updated every time I synchronize the portage tree - didn't fragment my filesystem. Or was my filesystem fragmented and did I not know? Only recently, I found a script that is actually able to put numbers to all this gut-feelings, and the results were quite surprising in my opinion.
Result: to achieve notable fragmentation level it’s necessary to do utmost. File fragmentation mainly happens in filesystems that contain large files. Pretty interesting.
Full article is here, as well as testing script, also you're welcome to read LXer discussion on this. Script for defragmentation is available at this page.
Share This
Good news for Dell laptops owners: latest BIOS images can be loaded with Ubuntu, Fedora or CentOS! It was announced at official Direct2Dell blog by Matt Domsch. In a nutshell to get new BIOS installed while you're running Ubuntu 7.04 Feisty, 7.10 Gutsy, or Hardy just enable Universe repository in sources.list (System -> Administration -> Software Sources) and run under root (sudo -s):
wget -q -O - http://linux.dell.com/repo/firmware/bootstrap.cgi | bash
aptitude install firmware-addon-dell
aptitude install $(bootstrap_firmware -a)
update_firmware
The first command enables Dell’s Ubuntu repository as well as downloads and installs GPG key for this repository. As you might guess, restart is needed after last command is done (keep fingers crossed)
Please note that detailed instructions on how to update BIOS with Ubuntu (or other Linux distro) and firmware-tools developed by Dell are here:
We are releasing this project in the hopes of moving the industry towards a more scalable and friendly way to update BIOS and Firmware for systems.
Respect to Dell and it’s Linux engineers!
Share This
Really interesting device was found today in the vast expanses of Internet. Company named Aleutia (established in London, 2006) sells extremely mini PC that consumes really small amount of energy (8 watts!!!), runs Linux and can be powered by sun! It’s named Aleutia E1 and is available starting at 180 £. See details below!
Seller announces the following product specifications (see detailed specs here):
- Processor: 200MHz x86 CPU, Memory: 128MB SDRAM, Storage: 2GB (included Compact Flash card), Power Supply (US, UK, or EU).
- 3 x USB 2.0 ports (480Mbps transfer rate), 1 x 10/100 Ethernet port, VGA port to connect LCD display (supports resolutions up to 1280x1024)
- Power consumption of 8W with CPU and SDRAM running at full speed. With external devices (USB 2.0 CD Rewriter, USB-powered hard drive) power consumption rises to 11W.
- Dimensions: 11.5cm (Width) x 11.5cm (Lenght) x 3.5cm (Height)
- Puppy Linux Operating System (version 2.14) - similar in appearance to MS Windows, stable, and pre-installed.
- Excel-compatible spreadsheet software (Gnumeric), Word-compatible word processor (Abiword)
Looking at these specs and using Google it was discovered that Aleutia sells Norhtec’s device The MicroClient Jr! Do you see the difference at the pictures below? Maybe hand? 
By the way, Norhtec’s one is of 120$… From Norhtec’s site:
The MicroClient Jr. is a revolutionary device that is especially designed for installations having limited physical space and temperature concerns. It does not matter if you are in a jammed office, a crowded place, or public transportation - it can be easily integrated with a VESA LCD to bring you computer access at any time.
It can attach to any VESA mounting fixture, allowing it to be securely mounted onto desks, room walls, or buildings, and thereby optimizing your work area. It can also attach directly to LCDs of any size to create a mobile system for the use at trade shows, presentations, promotions, etc. Unlike the traditional laptop design, the MicroClient Jr. can be used with a large size LCD. Furthermore, with FANLESS design, MicroClient Jr. is ideal for use in hot climates without air conditioning.
Get more details on The MicroClient Jr. here… Sweeeet!
Share This
Recent Ideas