APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed
RSS Feeds RSS Feeds









Return to Index

March 2005

Don't use internal Modems 
- If lightning comes down your phone line (it happens) and you have an internal modem, your whole computer is likely to be fried. With an external modem, you'll lose the modem, but probably not anything else. People insist that UPS'es and surge protectors can prevent this. Maybe so, but external modems are already more isolated from the computer so with all else being equal, they are less likely to pass current to the expensive stuff...
 
Docfile,OLE2: Tech Words of the Day 
- Microsoft doesn't fully document these, but if you pressed on, you'd also find that a DocFile looks an awful lot like a FAT file system, and it's apparent that Microsoft apps use it in a similar manner, looking up sections much as you'd look for files or directories on a disk. That can get pretty interesting as was noted at http://www.advogato.org/article/754.html
 
Oligomorphic, Polymorphic, Metamorphic Viruses: Tech Words of the Day 
- 2005/03/02 Oligomorphic, Polymorphic, Metamorphic Viruses
 
only root user can print, normal users cannot  by Brian
- only root user can print, normal users cannot. Hi, i am using SCO OpenServer 5.0.6 and i have this strange problem. Only root users can print, normal users cannot print and no errors are shown. I am sure its a rights problem but dont know where...I hope you can help me. Thanks
 
Hardening Linux 
- Oh, a book on iptables? No. Oh, sure, this does cover iptables, but this is a complete, soup to nuts Linux security book, starting with installation and proceeding right through to what to do if you have been breached. About the only thing not covered is web server security which, as the author explains, needs a whole other book.
 
users: Tech Words of the Day 
- Without 'users', if you just want a simple list of who's logged in, you have to run "w" or "who" and pipe it through awk, or cut or sed or whatever to extract the one piece of information you actually wanted.
 
Hardening your Kernel with OpenWall 
- The Openwall Project provides security related kernel patches for Linux and BSD kernels. I
 
tr: Tech Words of the Day 
- The man page for tr gives some examples, but doesn't mention what is probably its most important use today: security for input strings gathered from web forms.
 
POST,GET: Tech Words of the Day 
- Web forms have two possible methods of passing information back to the script that will process the form.
 
PreciseMail Anti-Spam Gateway 
- Probably the hardest part of this is configuring its web interface. While I know how to add something foreign like this to an existing webserver, I suspect at least a few admins would fail or need help.
 
seq: Tech Words of the Day 
- Seq is useful to control loops and to generate numbers you are too lazy to calculate in your head.
 
Ajax: Tech Words of the Day 
- Do you want to tell the boss 'We developed that with Javascript in a frame and XMLHttpRequest Object calling a php back end'?
 
dialog: Tech Words of the Day 
- Dialog adds dialog boxes to shell scripts, providing such things as menus, input boxes and even calendars.
 
Comment Spam: Tech Words of the Day 
- Aside from letting visitors let us know their opinions of our probable IQ, genealogy, and sexual habits, comments also provide a way to correct errors.
 
shutdown.allowed: Tech Words of the Day 
- That lets someone at the physical console reboot using only ctrl-alt-delete. No one even has to be logged in; physical access to the keyboard is all you need.
 
Netgear card won't relink  by anonymous
- The card is: NetGear, 32 bit, PCI Adapter FA311, 10/100 Mbps Fast Ethernet. It appears to install and configure okay. It says it's been modified, etc. It's just when I go to relink the kernel, I get an >error message. It says "kslgen: cannot determine major/minor number for /dev/mdi/ngr1 - Unix relink failed".
 
Microsoft Linux? 
- Microsoft services for unix: Itweek suggested that this might have been part of the reason Microsoft paid licensing fees to SCO ( not that they wouldn't have done so for darker reasons also, but this could have been another part of it).
 
fam: Tech Words of the Day 
- The program fam is a server that processes communicate with. Your app needs to link with libfam, register the files or directories you want to monitor, and check back for updates or just sleep waiting to be awoken by a change
 
noshell: Tech Words of the Day 
- This is designed to be a shell for users you don't want to have a shell. It's probably unnecessary on most modern systems which have binary "shells" for this purpose (/sbin/nologin or /sbin/false). On older systems, these "no shell" shells were shell scripts, which rather obviously use a real shell and thus have at least the potential for abuse. Consequently, the old practice often was to use /dev/null as the "shell". The only problem with that is that you get no logging; "noshell" and the other modern equivalents will log the access attempt to syslog.
 
Sarcheck for Linux 
- On traditional Unix systems, Sarcheck analyzes data produced by "sar", but Linux systems don't usually have sar. It is available as part of the sysstat package on RedHat, and I do recommend that you install sysstat if you can, but Sarcheck on Linux installs its own data collection tools.
 
nikto: Tech Words of the Day 
- Nikto is a Perl script for testing web sites. It's useful, though there are more than a few things that are annoying about it.
 
pam_console.so: Tech Words of the Day 
- pam_console.so gives console users additional privileges
 
logname, pipes and controlling terminals 
- porting scripts from SCO to Linux: watch out gor the "logname" command (it is actually "getlogin" that is different).
 
chage: Tech Words of the Day 
- When passwords remain the same, users may actually be able to remember them, while constant change just leads to yellow sticky notes plastered on monitors.
 
sysstat (iostat,mpstat,sar): Tech Words of the Day 
- The value of sar (for those not familiar with it) is that it collects statistics through cron (the sysstat rpm automatically installs a "sysstat" job in /etc/cron.d for this). You can examine the results at your leisure, but more importantly this means that you can see what "normal" performance looks like for your system, which is critically important in diagnosing sudden problems.
 
vlock: Tech Words of the Day 
- This lets you lock the console screens (or just the one you are using, if you prefer).
 
SHA-1: Tech Words of the Day 
- A hash used for cryptography has to have specific characteristics: it needs to be collision free and it needs to be one-way.
 
How to Protect your PC from password theft?  by bruceg
- As most people know, you can simply press escape to get past the network logon screen in Win98, and gain some access to the PC.
 
links,elinks: Tech Words of the Day 
- Links is an alternative to Lynx. If you are stuck in a text mode and need to use a browser, I think "links" is friendlier and easier to use.
 
pam_cracklib.so: Tech Words of the Day 
- A PAM module for checking password strength. The retry parameter sets how many chances you get to supply an acceptable password.
 
rooted: Tech Words of the Day 
- The original rootkits installed modified binaries of tools and or libraries that you might use to detect their presence.
 
The dark side of NTFS and Alternative Data Streams.  by Drag Sidious
- This has lead to the perverse situation were you can actually store programs and files inside other file's ADS's and the end user has no way to know that they exist. You can even stick data into directories.. even C:\!
 
DOCTYPE: Tech Words of the Day 
- Based on what it sees or doesn't see, Mozilla adjusts its behavior accordingly, and hopefully you get to see pages at least close to as their authors intended.
 
Lock file permissions (lpd)  by rongrout
- My syslog is filling up with the following but I cannopt find out how to stop it.
 
Zero Install: Tech Words of the Day 
- The basic idea here is similar to thin client computing; though the authors don't like that description, and they are correct. It's a little different.
 
Fairuce: Tech Words of the Day 
- The basic idea is that it will try to find the real sender's domain. If that seems legitimate, it passes the mail on through. If not, it sends back (to the real sender's MX) a challenge.
 
captive: Tech Words of the Day 
- He uses the Linux read-only NTFS driver to go mucking through the drive looking for the real Windows driver, which he then runs in an emulator - impressive!
 
Lengthen SCO 5.0.6 wtmpx logs  by CraigF
- /etc/wtmp is cleaned out regularly; that's not ideal for forensics (who screwed up the server over the weekend?).
 
Intrusion Prevention and Active Response 
- The more security books I read, the more I feel like I'm standing in a hall of mirrors, with the villian plainly visible pointing a weapon at me. But where is he? Which reflection is the one I need to pay attention to?
 
Dropping to command line  by anonymous
- When you boot up the sco box you end up with a gui login. Is there a hotkey to drop that down to the command line login? I need access to the command line on virtual console 2 as a different user, but it can only login on 2 via command line login
 
Lojban: Tech Words of the Day 
- While I understand that this probably has value in studying languages in general, I think parts of it are more than silly. Why, for example, avoid having a word with more than one meaning? Very often, the multiple meanings are related in ways that can help with comprehension and give deeper insight - it may confuse computers, but it helps us.
 
IPP: Tech Words of the Day 
- If you fire up your web browser and point it at http://localhost:631 you get the CUPS administration screen. That's the IPP port.
 
ScoUnix Portmapping issue  by anonymous
- Portmapper is not responding: I recently moved this network over to a new office and one of the machines was a sco Unix box using SCO OpenServer 5.0.6. Now when I boot it up it hangs for awhile at the bringing up interface tty02.. please wait screen. Then after like 5 minutes I start getting portmapping errors. It appears to try to connect to an ip address that apparently is not there. It shows the error 3 times and just sits there.
 
IP spoofing and automatic blocking 
- So.. for this to make sense our hacker has to first come in with a real ip address and fail to login the magic number of times. He then notices that he's been blocked, and revengefully decides to spoof ip's
 
Mailbag: bashrc broken 
- he's messed up his .bash_profile and possibly .bashrc
 
John the Ripper: Tech Words of the Day 
- Password security. John the Ripper attempts to crack passwords by comparing the hashed version with hashes computed from common words, permutations of common words, pointless additions ("alex123", "betty222" and the like).
 
Cron job doesn't run 
- "We want to use the default cron set up with our Red Hat (/etc/cron.hourly, /etc/cron.daily). We have placed files in these directories and they work great. According to the Red Hat Sys Adm guide, we should be able to put files in the /etc/cron.d directory when we want to run them at times other than hourly, daily, weekly. I placed a test file in the /etc/cron.d dir that has the same format as cron. This file is set to run every 5 minutes. It does not run."
 
Managing Qmail mail queues 
- Qmail quees are efficient, but confusing for a human to navigate. This software helps you manage a qmail queue.
 
Controlling Linux colors in vi (vim) 
- The Linux colorizing fouls things up royally. You can shut off command line colorizing by editing /etc/DIR_COLORS and changing COLOR tty to COLOR none or (less drastically) by removing the TERM ansi line from the same file (which removes colorization for ansi but doesn't affect console use). But that still leaves vi messing things up. The fix for that is to add
 
Controlling core files (Linux) 
- Core files will then just be named "core". People do things like that so that a user can choose to put a non-writable file named "core" in directories where they don't want to generate core dumps. That could be a directory (mkdir core) or a file (touch core;chmod 000 core). I've seen it suggested that a symlink named core would redirect the dump to wherever it pointed, but I found that didn't work. But perhaps more interesting is that you can do:
 
Understanding PAM 
- PAM is the Pluggable Authentication Module, invented by Sun. It's a beautiful concept, but it can be confusing and even intimidating at first. We're going to look at it on a RedHat system, but other Linuxes will be similar - some details may vary, but the basic ideas will be the same.