Focus on Software
Internets, Intranets, LANs, WANs and more. Frankly, I don't care how a system is connected, be it Ethernet, Token Ring, FDDI, Frame Relay, dial-up PPP, wireless, ham radio, satellite or two cans and a string. If it's connected to something else, even intermittently, it's vulnerable. Recently, Red Hat demonstrated to the world that installing unsecure, vulnerable and, even worse, unnecessary services is a highly security-challenged proposition to the Nth. I don't want to pick on Red Hat; most distributions do similar security-challenged things. But they shouldn't. For my money, no service should be turned on by default, whether the customer asked for a full install or not. Even worse, few distros explain logs and all they offer in their little getting started book. The syslog files (/etc/syslog.conf and the logs themselves) are not “black arts” stuff. They're just boring. Or so we hope. If you have an intruder, or attempted intrusions, these logs can be rather interesting. I've found myself on the edge of my chair as I read through the logs, watching an intrusion and wondering if this wannabe cracker or script kiddie is going to make it in. Okay, so I'm eccentric. But I'm hoping a few offerings centered on system logs might spark a little interest in a bunch of dull log files.
The logtool utility is another of those small things that sometimes go a long way. All a logtool does is colorize log entries. It makes the date-time stamp one color, originating system another, the facility a third color and the message itself a fourth color. This really breaks out a log entry when you have a large number of them on the screen at one time, making reading entries easier. Requires: glibc.
The name of this package is a bit of a misnomer. Yes, it does do some log file correlations, but it also shows other things, like currently logged in users (w), filesystem status (df -k), last dump (/etc/dumpdates), the logs. I would say it's more of a system analysis. This won't replace other log file tools that search for anomalies but will give an “executive overview” of a system. Requires: Perl.
If you're running ipchains, netfilter or a Cisco firewall, this utility can grep your logs and display statistics regarding the traffic passing through (or even just to) your system. You must generate the iptables/ipchains rules for logging (-j LOG in iptables) whatever you want fwlogwatch to look for. If you enable netfilter debugging, it's like logging every single packet you see. So I don't recommend that just because of the sheer volume of logging, but it will definitely show you what your system is seeing. Requires: glibc.
MasarLabs System Monitor: www.masarlabs.com/msysm.html
This is another graphical utility used to show various settings and loadings on your system. It is highly configurable and modular, with modules that show apm, clock, CPU, disk status, mail, memory, network status, serial status, swap, network IP, PCMCIA and ppptime. Mix and match in any order you want, in one row across, one row down or in various rows across. Want to just “fill a hole”? Select the empty module. My only complaint is the inability to resize the graphics, which look fine on a screen up to 1024 x 768 but is too small on a screen of 1600 x 1200. Requires: libX11, libXpm, libdl, glibc.
Automated Password Generator and tkapg: http://www.adel.nursat.kz/
This password generator can be configured to produce pronounceable passwords as well as totally random “white noise” passwords. apg can further check these passwords against a dictionary file. This utility comes as a standard program as well as a dæmon that can be run by inetd to service requests on the network (this may not be a good idea unless all network traffic is encrypted). The author also provides separately a tk utility to access and display generated passwords. These two programs make short work of excuses for bad passwords. Requires: glibc; tkapg also requires Tcl/Tk.
This utility, designed to be run in a video terminal (VT), shows the status of your PPP connection. All statistics are shown, including IP address and a graphical display of throughput. It's perfect if you have a system that acts as a firewall/dial-up. Its one drawback is it doesn't have an option to lock the screen when invoked so you can leave it up while unattended. Requires: libncurses, glibc.
Text WINdows Manager: http://linuz.sns.it/~max/twin/
Any of you remember the old DOS (DR-DOS or MS-DOS) programs like the Norton Window utility (the name slips my mind) that gave you a window in DOS? How would you like a trip down memory lane? Well TWIN can provide you that trip. It can also provide you with an extremely lightweight term window (or multiple term windows) on one VT. Nice thing is, it also works in X if you're so inclined. I think my laptop just became a non-X piece of hardware. Requires: glibc.
If you are a realtor, or know any realtors, then this software will be of interest. It claims to be simple enough for a realtor to set up, and I imagine that means techn-eaderthal realtors. Well, that may be a slight exaggeration but not much of one. It will require that someone make adjustments to the index.php page, but, beyond that, this is the simplest package to administer I've seen in a while. I wish realtors had something like this set up the last time I was looking for a house in the States. If you're not in the US, you might need to make some adjustments (including translations), but it would be a trivial undertaking. Requires: web server with MySQL and PHP4, web browser.
Until next month.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Peppermint 7 Released
- Sony Settles in Linux Battle
- Libarchive Security Flaw Discovered
- Client-Side Performance
- Maru OS Brings Debian to Your Phone
- Profiles and RC Files
- Snappy Moves to New Platforms
- The Giant Zero, Part 0.x
- Git 2.9 Released
With all the industry talk about the benefits of Linux on Power and all the performance advantages offered by its open architecture, you may be considering a move in that direction. If you are thinking about analytics, big data and cloud computing, you would be right to evaluate Power. The idea of using commodity x86 hardware and replacing it every three years is an outdated cost model. It doesn’t consider the total cost of ownership, and it doesn’t consider the advantage of real processing power, high-availability and multithreading like a demon.
This ebook takes a look at some of the practical applications of the Linux on Power platform and ways you might bring all the performance power of this open architecture to bear for your organization. There are no smoke and mirrors here—just hard, cold, empirical evidence provided by independent sources. I also consider some innovative ways Linux on Power will be used in the future.Get the Guide