DOCSLIB.ORG

Are You Secure?

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Are You Secure? L L I I GnuPG Hacks | Guarddog | Mono Primer | AJAX Galore | Firewall Scripting | Eclipse Plugins N N U U X X J J O O LISTEN TO THE SOUNDS U U R R OF LINUX VIA SONOS N N A A L L BARK UP THE RIGHT TREE FOR S S FIREWALL MANAGEMENT E E C C U U R R GET YOUR I I T T Y Y LINUX ON A STICK TAPPING INTO ™ AMAZON WEB SERVICE Since 1994: The Original Magazine of the Linux Community G AJAX E-MAIL MARCH 2006 | www.linuxjournal.com n u SOLUTIONS P G H a c Put mod_security k s | to work on your G u a Apache server r d d o g | Secure that ssh M o n server, soldier! o P r i m e r | A J A X ARE G a l o r e | F YOU i r e w a l l S c r i p SECURE? t i n LOCK DOWN EVERYTHING g | FROM FILES TO YOUR E c l SECURITY SYSTEM ITSELF i p s e P l u g i n LIDS takes s file security M M to the kernel A A R R C C H H 2 Perl script your way 0 0 AN 6 to firewall security I I S S PUBLICATION S S U U E E USA $5.00 1 4 CAN $6.50 3 U|xaHBEIGy03102ozXv+:. MARCH 2006 CONTENTS Issue 143 security FEATURES 48 GETTING STARTED WITH MOD_SECURITY 68 GETTING STARTED WITH THE LINUX INTRUSION What's the mod way of securing your Apache-driven Web site? Mick Bauer DETECTION SYSTEM Put a LID on unwanted file access the kernel way. Irfan Habib 52 GNUPG HACKS What can GnuPG do for you besides encrypt and decrypt e-mail? ON THE COVER Tony Stieber • Tapping into Amazon Web Service p. 20 58 DEMONS SEEKING DÆMONS—A PRACTICAL APPROACH • Bark up the right tree for firewall management p. 26 TO HARDENING YOUR OPENSSH CONFIGURATION • Listen to the sounds of Linux via Sonos p. 36 Don't wait until you have to exorcise a dæmon seeking to possess • Get your Linux on a stick p. 42 your SSH server. Phil Moses • Ajax e-mail solutions p. 43 & 76 • Put mod_security to work on your Apache server p. 48 62 GENERATING FIREWALL RULES WITH PERL • Secure that SSH server, soldier! p. 58 A Perl alternative to those tired of tweaking firewall rules by hand. • Perl script your way to firewall security p. 62 Mike Diehl • LIDS takes file security to the kernel p. 68 4 | march 2006 www.linuxjournal.com MARCH 2006 CONTENTS Issue 143 COLUMNS INDEPTH 20 REUVEN M. LERNER’S AT 72 SINGLE SIGN-ON AND THE Next Month THE FORGE CORPORATE DIRECTORY, PART IV Amazon Web Services Wrap up your single sign-on system with CUPS, SSH and firewall rules. 26 MARCEL GAGNÉ’S COOKING Ti Leggett WIKIS, BLOGS WITH LINUX The Best Security...Barks! 76 TOUGH ON GREASE BUT EASY AND PODCASTING ON WEB SERVERS 32 DAVE TAYLOR’S WORK THE SHELL Ajax expert Ben Galbraith chats about Are Wikis the wave of the future Writing a Shell Game Asynchronous Java and XML. or headed for the Internet grave- 36 DOC SEARLS’ LINUX FOR SUITS Kevin Bedell yard? We opine, we explain, you decide. In the meantime, how The Sound of Linux 79 RAPID GNOME DEVELOPMENT about using Wikis and blogs to WITH MONO 96 NICHOLAS PETRELEY’S ETC/RANT ease system administration? It’s Separation of Church and Choice If you’re itching to try Mono here’s where possible, and we explain how. to start. Robert Love Xoops is a powerful object-oriented REVIEWS PHP-based blog/Web content management system. If you want 42 LET YOUR FINGER DO 83 STEALTH E-MAIL TO THE RESCUE A sneaky way to get to your personal to learn how to set it up, we’ve THE BOOTING e-mail server from work. got the scoop. If Xoops isn’t your James Turner Peter Ziobrzynski scene, we also explain how to install and customize Mediawiki. 87 SUBVERSION: NOT JUST FOR CODE ANYMORE And there’s more. We have the Never lose track of your constantly details of how Jon Watson and changing personal information again. Kelly Penguin Girl have done William Nagel weekly GNU/Linux user podcasts. Learn how to extend Web ser- 90 DEVELOPING ECLIPSE PLUGINS vices, perform remote tempera- Don’t let your development habits be ture monitoring with Linux, and eclipsed by missing features others haven’t create a blog aggregator. yet added to this extensible IDE. Mike McCullough 43 BATTLE OF THE AJAX MAIL PACKAGES James Turner IN EVERY ISSUE 10 LETTERS 14 UPFRONT 46 NEW PRODUCTS 81 ADVERTISER INDEX Read about Doc’s experience with the Linux-based Sonos Digital Music System. p.36 6 | march 2006 www.linuxjournal.com Editor in Chief Nick Petreley, [email protected] Executive Editor Jill Franklin [email protected] Senior Editor Doc Searls [email protected] Web Editor Heather Mead [email protected] Art Director Garrick Antikajian [email protected] Editor Emeritus Don Marti [email protected] Technical Editor Michael Baxter [email protected] Senior Columnist Reuven Lerner [email protected] Chef Français Marcel Gagné [email protected] Security Editor Mick Bauer [email protected] Products Editor James Turner [email protected] Contributing Editors David A. Bandel • Greg Kroah-Hartman • Ibrahim Haddad • Robert Love • Zack Brown • Dave Phillips • Marco Fioretti • Ludovic Marcotte • Paul Barry • Paul McKenney Proofreader Geri Gale VP of Sales and Marketing Carlie Fairchild [email protected] Director of Marketing Rebecca Cassity [email protected] International Market Analyst James Gray [email protected] Sales Coordinator Lana Newlander [email protected] Regional Advertising Sales NORTHERN USA: Joseph Krack, +1 206-782-7733 x118, [email protected] EASTERN USA: Martin Seto, +1 206-782-7733 x117, [email protected] SOUTHERN USA: Laura Whiteman, +1 206-782-7733 x119, [email protected] INTERNATIONAL: Annie Tiemann, +1 206-782-7733 x111, [email protected] Advertising Inquiries [email protected] Linux Journal is published by SSC Media Corporation and is a registered trade name of SSC Publications, Inc. PO Box 55549, Seattle, WA 98155-0549 USA • [email protected] Publisher Phil Hughes [email protected] Accountant Candy Beauchamp [email protected] Editorial Advisory Board Daniel Frye, Director, IBM Linux Technology Center Jon “maddog” Hall, President, Linux International Lawrence Lessig, Professor of Law, Stanford University Ransom Love, Director of Strategic Relationships, Family and Church History Department, Church of Jesus Christ of Latter-day Saints Sam Ockman, CEO, Penguin Computing Bruce Perens Bdale Garbee, Linux CTO, HP Danese Cooper, Open Source Diva, Intel Corporation Subscriptions E-MAIL: [email protected] URL: www.linuxjournal.com PHONE: +1 206-297-7514 FAX: +1 206-297-7515 TOLL-FREE: 1-888-66-LINUX MAIL: PO Box 55549, Seattle, WA 98155-0549 USA Please allow 4–6 weeks for processing address changes and orders PRINTED IN USA USPS LINUX JOURNAL (ISSN 1075-3583) is published monthly by SSC Media Corporation, 2825 NW Market Street #208, Seattle, WA 98107. Periodicals postage paid at Seattle, Washington and at additional mailing offices. Cover price is $5 US. Subscription rate is $25/year in the United States, $32 in Canada and Mexico, $62 elsewhere. POSTMASTER: Please send address changes to Linux Journal, PO Box 55549, Seattle, WA 98155-0549. Subscriptions start with the next issue. Back issues, if available, may be ordered from the Linux Journal Store: store.linuxjournal.com. LINUX is a registered trademark of Linus Torvalds. MBX is the Industry Leader for Server Appliances From design to delivery we are dedicated to building a partnership with you. • Intel® Celeron 336 Processor at 2.8GHz • 1U Rackmount Chassis 16.5” Deep • Brandable With Your Color and Logo • 512MB PC4200 DDR2 Memory • Custom OS and Software Install • Maxtor 80GB Serial ATA Hard Drive • No Minimum Quantity Required • Eight Gigabit NIC’s, 4 ports with by-pass • 3 Year Warranty • Optional 16x2 LCD with Keypad other configurations available • On-board Compact Flash Socket $1,499 please call for pricing MBX RP-1110 Platform • Intel® Celeron 336 Processor at 2.8 GHz • 1U Rackmount Chassis • 512MB PC3200 DDR Memory • Maxtor 80GB Serial ATA Hard Drive • Dual On-board Gigabit NIC’s • Custom OS and Software Install • No Minimum Quantity Required • 3 Year Warranty other configurations available $899 please call for pricing MBX is the leader in custom appliances. Many premier application developers have chosen MBX as their manufacturing partner because of our experience, flexibility and accessibility. Visit our website or better yet, give us a call. Our phones are personally answered by experts ready to serve you. www.mbx.com 1-800-681-0016 Intel, Intel Inside, Pentium and Xeon are trademarks and registered trademark of Intel Corporation or its subsidiaries in the United States and other countries. Lease calculated for 36 months, to approved business customers. Prices and specifications subject to change without notice. Setup fee may apply to certain branding options. Motherboard Express Company. 1101 Brown Street Wauconda, IL. 60084. SMB-OEM NSA and 512.indd 1 1/4/2006 3:01:52 PM letters Tribute to Geoffrey Robertson Love LJ Subscription Service I wanted to contact you some time ago with a In April of 2003, my mother asked me what I mention of a person I think you should honour as wanted for my birthday. I told her I would like a sub- someone contributing to the Linux Community in scription to Linux Journal, so she got me one for two Sydney, Australia. Forgive me if this has been men- years.
Load more

Recommended publications
  • Praise for the Official Ubuntu Book
    Praise for The Official Ubuntu Book “The Official Ubuntu Book is a great way to get you started with Ubuntu, giving you enough information to be productive without overloading you.” —John Stevenson, DZone Book Reviewer “OUB is one of the best books I’ve seen for beginners.” —Bill Blinn, TechByter Worldwide “This book is the perfect companion for users new to Linux and Ubuntu. It covers the basics in a concise and well-organized manner. General use is covered separately from troubleshooting and error-handling, making the book well-suited both for the beginner as well as the user that needs extended help.” —Thomas Petrucha, Austria Ubuntu User Group “I have recommended this book to several users who I instruct regularly on the use of Ubuntu. All of them have been satisfied with their purchase and have even been able to use it to help them in their journey along the way.” —Chris Crisafulli, Ubuntu LoCo Council, Florida Local Community Team “This text demystifies a very powerful Linux operating system . in just a few weeks of having it, I’ve used it as a quick reference a half dozen times, which saved me the time I would have spent scouring the Ubuntu forums online.” —Darren Frey, Member, Houston Local User Group This page intentionally left blank The Official Ubuntu Book Sixth Edition This page intentionally left blank The Official Ubuntu Book Sixth Edition Benjamin Mako Hill Matthew Helmke Amber Graner Corey Burger With Jonathan Jesse, Kyle Rankin, and Jono Bacon Upper Saddle River, NJ • Boston • Indianapolis • San Francisco New York • Toronto • Montreal • London • Munich • Paris • Madrid Capetown • Sydney • Tokyo • Singapore • Mexico City Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks.
    [Show full text]
  • Gender Dimensions of Free and Open Source Development
    THE MAKING OF LABORER SUBJECTIVITY AND KNOWLEDGE IN THE INFORMATION INDUSTRY: GENDER DIMENSIONS OF FREE AND OPEN SOURCE DEVELOPMENT Yeon Ju Oh A Dissertation Submitted to the Graduate College of Bowling Green State University in partial fulfillment of the requirements for the degree of DOCTOR OF PHILOSOPHY August 2013 Committee: Radhika Gajjala, Advisor Deborah G. Wooldridge Graduate Faculty Representative Oliver Boyd-Barrett Victoria S. Ekstrand ii ABSTRACT Radhika Gajjala, Advisor This study examines female software developers as knowledge laborers with a special emphasis on free and open source software (FOSS) development. In examining female developers as knowledge laborers, this study focuses on both labor and knowledge. Women’s low participation in FOSS development is not an issue of recent years, but a consequence of women’s overall status in the computing field over the last three decades. In order to explicate women’s low participation in FOSS development, a broader historical and economic analysis is needed. Thus, this study explores the historical context of computer science education and industry in the 1980s since this is when the groundwork for FOSS development was laid. Furthermore, the power of cultural discourses that maintain and reinforce the gendered construction of FOSS development is discussed to unpack how the gendered construction is interrelated with the labor relations in the knowledge industry. In addition to the labor relations in FOSS development, this study attends to the knowledge produced by FOSS development. Knowledge gains importance as a sum of values of the knowledge producers. Source codes written by software developers turn into products that engage users with certain utility.
    [Show full text]
  • The Official Ubuntu Book, 7Th Edition.Pdf
    ptg8126969 Praise for Previous Editions of The Official Ubuntu Book “The Official Ubuntu Book is a great way to get you started with Ubuntu, giving you enough information to be productive without overloading you.” —John Stevenson, DZone book reviewer “OUB is one of the best books I’ve seen for beginners.” —Bill Blinn, TechByter Worldwide “This book is the perfect companion for users new to Linux and Ubuntu. It covers the basics in a concise and well-organized manner. General use is covered separately from troubleshooting and error-handling, making the book well-suited both for the beginner as well as the user that needs extended help.” —Thomas Petrucha, Austria Ubuntu User Group “I have recommended this book to several users who I instruct regularly on ptg8126969 the use of Ubuntu. All of them have been satisfied with their purchase and have even been able to use it to help them in their journey along the way.” —Chris Crisafulli, Ubuntu LoCo Council, Florida Local Community Team “This text demystifies a very powerful Linux operating system . In just a few weeks of having it, I’ve used it as a quick reference a half-dozen times, which saved me the time I would have spent scouring the Ubuntu forums online.” —Darren Frey, Member, Houston Local User Group This page intentionally left blank ptg8126969 The Official Ubuntu Book Seventh Edition ptg8126969 This page intentionally left blank ptg8126969 The Official Ubuntu Book Seventh Edition Matthew Helmke Amber Graner With Kyle Rankin, Benjamin Mako Hill, ptg8126969 and Jono Bacon Upper Saddle River, NJ • Boston • Indianapolis • San Francisco New York • Toronto • Montreal • London • Munich • Paris • Madrid Capetown • Sydney • Tokyo • Singapore • Mexico City Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks.
    [Show full text]
  • With Hacks That Any User Can Follow, Linux Desktop Hacks Demonstrates How Easy It Is to Modify Linux to Suit Your Desires. the B
    Linux Desktop Hacks By Jono Bacon, Nicholas Petreley Publisher: O'Reilly Pub Date: March 2005 ISBN: 0-596-00911-9 Pages: 342 Table of • Contents • Index • Reviews Reader With hacks that any user can follow, Linux Desktop Hacks demonstrates • Reviews how easy it is to modify Linux to suit your desires. The book is packed with • Errata tips on customizing and improving the interface, boosting performance, • Academic administering your desktop, and generally making the most out of what X, KDE, Gnome, and the console have to offer. Linux Desktop Hacks By Jono Bacon, Nicholas Petreley Publisher: O'Reilly Pub Date: March 2005 ISBN: 0-596-00911-9 Pages: 342 Table of • Contents • Index • Reviews Reader • Reviews • Errata • Academic Copyright Credits About the Authors Contributors Acknowledgments Preface Why Linux Desktop Hacks? How to Use This Book How This Book Is Organized Conventions Used in This Book Using Code Examples How to Contact Us Got a Hack? Safari Enabled Chapter 1. Booting Linux Hacks 1-9 Hack 1. Give Your Computer the Boot Hack 2. Kill and Resurrect the Master Boot Record Hack 3. Bypass the Boot Manager Hack 4. Set a Bitmap Boot Screen for LILO Hack 5. Create Your Own LILO Boot Splash Hack 6. Display a GRUB Boot Splash Background Hack 7. Create a GRUB Boot Splash Background Hack 8. Jazz Up Your Debian System Boot Hack 9. Graphics on the Console Chapter 2. Console Hacks 10-15 Hack 10. Redefine Keyboard Actions Hack 11. Energize Your Console with Macro Music Magic Hack 12. Take a Screenshot from the Command Line Hack 13.
    [Show full text]
  • Debian GNU Linux Bible.Pdf
    4710-0 Cover 3/30/01 11:56 AM Page 1 If Debian GNU/Linux can do it, you can do it too . “Steve Hunger’s book is the most comprehensive and up-to-date guide to Debian GNU/Linux in print.” Whether you’re a Linux newcomer looking for foolproof installation tips or a Debian GNU/ veteran who wants 100% COMPREHENSIVE 100% —Branden Robinson, Debian Developer the scoop on the latest security enhancements, this authoritative guide delivers all the information you need ONE HUNDRED PERCENT Debian GNU/Linux to make the most of the Debian GNU/ “potato” release. From customizing a desktop system to troubleshooting Debian GNU/Linux COMPREHENSIVE AUTHORITATIVE a network or setting up an e-commerce server, it’s the only reference you’ll ever need to become a Debian WHAT YOU NEED GNU/Linux pro. ONE HUNDRED PERCENT Inside, you’ll find Master Linux system complete coverage of Configure the Debian L administration Debian GNU/Linux interface for your special requirements Discover the power ® ® • Get crystal-clear instructions for fast, painless of Debian’s package installation management system • Learn your way around the Linux shell, file Build a network and system, and X Window System Monitor your set up Linux servers • Discover how easy it is to set up a LAN Web server in Debian and connect to the Internet with Debian L packages • Make the most of Linux desktop applications, games, and multimedia features • Master Linux administration, from automating system tasks to locking in security ® • Find guidance on how to keep Debian current Combine the and bug-free simplicity of a L ® • Get the scoop on configuring servers, from window manager ® ebian with up-to-date Apache and FTP to NIS and Sendmail graphic controls HUNGER D ® Debian GNU/Linux 2.2r2 inside www.hungryminds.com GNU/Linux System Requirements: $49.99 USA Reader Level: Shelving Category: Bible Intel 386 or better; 150MB+ hard drive space; $74.99 Canada Beginning to Advanced Linux 16MB+ RAM; CD-ROM drive £39.99 UK incl.
    [Show full text]
  • Introduction to the GNU/Linux Operating System
    Introduction to the GNU/Linux operating system Josep Jorba Esteve PID_00148470 GNUFDL • PID_00148470 Introduction to the GNU/Linux operating system Copyright © 2009, FUOC. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License" GNUFDL • PID_00148470 Introduction to the GNU/Linux operating system Index Introduction............................................................................................... 5 1. Free Software and Open Source..................................................... 7 2. UNIX. A bit of history...................................................................... 13 3. GNU/Linux systems........................................................................... 21 4. The profile of the systems administrator................................... 25 5. Tasks of the administrator............................................................. 30 6. GNU/Linux distributions................................................................. 35 6.1. Debian ......................................................................................... 39 6.2. Fedora Core ................................................................................. 42 7. What we will look at......................................................................
    [Show full text]
  • ARCADE and OTHER | Icecast COOL PROJECTS | Firefox NOKIA E61 and OPENSWAN VPN | 64-Bit Linux PLAYSTATION 3 SUPERCOMPUTING CLUSTER MAGNATUNE Is NOT EVIL AUGUST
    DJANGO | OPENSWAN | ALPHAMAIL | PLAYSTATION 3 | ICECAST LINUX JOURNAL ™ Ices and Icecast Streaming Audio COOL PROJECTS Embedded Linux SOP Intro to LMMS, inotail, Karmen and GAMGI Since 1994: The Original Magazine of the Linux Community AUGUST 2007 | ISSUE 160 Next-Generation Residential Gateway Django | Openswan BUILD IT | AlphaMail YOURSELF | PlayStation 3 PlayStation ARCADE AND OTHER | Icecast COOL PROJECTS | Firefox NOKIA E61 and OPENSWAN VPN | 64-Bit Linux PLAYSTATION 3 SUPERCOMPUTING CLUSTER MAGNATUNE is NOT EVIL AUGUST www.linuxjournal.com 2007 $5.99US $6.99CAN 08 ISSUE 160 Create Exploit + Firefox Extensions 64-Bit Linux 0 74470 03102 4 Manage Any Data Center. Anytime. Anywhere. Avocent builds hardware and software to access, manage and control any IT asset in your data center, online or offl ine, keeping it, and your business, “always on”. Visit us on our Remote Control Tour. For locations near you, go to Avocent, the Avocent logo and The Power of Being There, are registered www.avocent.com/remotecontrol. trademarks of Avocent Corporation. ©2007 Avocent Corporation. AvocentRemote_LinuxJournal.indd 1 5/8/07 1:01:52 PM AUGUST 2007 CONTENTS Issue 160 ILLUSTRATION ©ISTOCKPHOTO.COM/CYRO PINTOS ©ISTOCKPHOTO.COM/CYRO ILLUSTRATION FEATURES 38 BUILD YOUR OWN ARCADE GAME 54 THE BEST GAME IN TOWN PLAYER AND RELIVE THE ’80S! Clustering game machines? Donkey Kong won’t steal your lunch money. James Gray Shawn Powers ON THE COVER 44 CREATE A LINUX VPN FOR A NOKIA E61 • Ices and Icecast Streaming Audio, p. 84 WITH OPENSWAN • Embedded Linux SOP, p. 88 Want your personal phone VPN? • Intro to LMMS, inotail, Karmen and GAMGI, p.
    [Show full text]
  • © Kiskapu Kft. Minden Jog Fenntartva
    SZÓTÁR 7. RÉSZ artva Végre tudtunk egy kis idõt fordítani elõ (ha kell, feldarabolja stb.). A burkoló hatunk vele „ciklus” értelemben. a weben is elérhetõ szótár által kapott adat(folyam)ot ezzel elrejti. Ez bár szakmailag szokatlan, nem (szotar.kiskapu.hu) frissítésére. Igaz, még Egy burkoló segítségével például egy helytelen (kétségtelenül rendhagyó, mindig csecsemõkorát éli, de a tartalma csak TCP/IP-t engedélyezõ hálózati ha szóba kerül a fõhurka). folyamatosan bõvül, és igyekszünk a szakaszon keresztül is tudunk IPX-cso- I/O – B/K jelzett hiányosságokat is javítani benne. magokat továbbítani. jelzés – (signal) lásd a 48. oldalon lévõ Valójában nem is a szótár a legjobb meg- bus sín „Linuxos jelzések alkalmazásfejlesztõi t. Minden jog fennt határozás rá, hiszen egy szógyûjtemény ciklus – lásd: loop szemszögbõl” címû cikket. ez, elsõsorban informatikával foglalkozó compatible – több értelemben használ- képpont – pixel fordítók számára, de természetesen bárki ják. Amikor az az értelme, hogy a kezelõ – handler használhatja, aki kíváncsi, hogy melyik szóban forgó program egy másik prog- kiírat (dump) – ebben az értelemben angol szakszót mire fordítjuk. Gondo- ram kiváltására, illetve a vele való nagy mennyiségû adatot „kiömleszt”, lom, mindenki számára magától értetõ- együttmûködésére alkalmas, akkor a formázatlanul továbbít. © Kiskapu Kf dõ, hogy egy-egy szónak rendkívül sok csereszabatos fordítást használjuk, de kompatibilis – csereszabatos, együtt- fordítása lehet, és nem csak amiatt, mert elõfordul, hogy az angol eredeti is pon- mûködõ. Lásd: compatible. a szó különbözõ területeken különbözõ tatlan vagy olyan szavak helyett hasz- lemezrész – (partition) a lemeztípusú fogalmakat jelöl, de a fordító által hasz- nálja, mint például az „egyenértékû”. háttértárak egy egységként kezel- nált stílus, környezet is befolyásolhatja.
    [Show full text]