Setting up an All-Linux Wireless LAN
If you've been to a Linux conference lately, you've probably seen a lot of people with wireless network cards, happily checking their e-mail while they sip refreshing beverages. The 802.11b, or “WiFi”, cards are really cheap, convenient and well supported under Linux.
If you want to do wireless networking at home, though, just plugging in a base station might not be too smart. Even with the largest key sizes, the badly named Wired Equivalent Privacy (WEP) encryption protocol that WiFi uses is vulnerable to people walking nearby—for large values of “nearby”. Security consultant Peter Shipley reports connecting to WiFi networks 25 miles away using a directional antenna. And as little as half an hour of intercepted traffic could be enough time for someone to break WEP and get on the Net using your base station (see Resources).
You can do some things to make WEP stronger, but it's inadequate as protection. (Adobe Systems, Inc. reportedly shut down all their WiFi base stations after they got the government to arrest programmer Dmitry Sklyarov. They may be trying to set software and free speech back 500 years, but they aren't stupid.)
The threat to WiFi is not that people might read your data—you're using ssh and SSL to protect sensitive information anyway. The threat is people using the network you're responsible for to do bad things. If a spammer or a script kiddie gets on the Net using your base station, it's almost impossible to find him or her. Who gets the blame? You do.
If you do decide to provide public connectivity via 802.11b, that's mighty neighborly of you. Get a separate net connection, put up a base station, join the relevant mailing lists and have fun. If someone uses your public base station to send spam or break into people's computers, and your ISP cancels the account, you'll still have your regular net connection.
So if off-the-shelf base stations are bad, what's the alternative? How about an old laptop? In case you haven't noticed, prices are coming down, and you probably can get a new laptop with half a gig of RAM and a 1600 × 1200 display for about eight dollars by the time you read this. So treat yourself to a new laptop and convert your old one into the base station. The on-line auction sites also have made damaged laptops really cheap. Busted hinge? Missing battery latch? Might not be the best thing to carry around, but with a little duct tape, there's your base station.
I put Debian on mine because it has packages for all the software mentioned in this article and a good automatic upgrade system. But any current distribution will work. (I didn't have to compile anything from source or reboot to do this article, although I did reboot a couple times after configuration to make sure everything came up in the right order.)
I shouldn't have to say this, but buy WiFi cards that are well supported by your distribution of choice. I got a pair of Orinoco cards.
Since your base station will be exposed to anyone who walks by with a WiFi card, take a few basic administration and security measures (which apply to any internet server) before you plug the card in.
First, forward root's mail to your real e-mail address, so important messages don't go unread.
Check that log rotation is working and that plenty of space is available in /var/log.
Configure the mailer dæmon to listen only on the loopback interface.
Set up either ntpd or a cron job to run ntpdate, so all times in the logs will be correct.
Remove all unused software, and apply any security fixes or updates.
Copy your main ssh key into .ssh/authorized_keys2 in your home directory on the base station, so that you never need to send your password over the Net, even encrypted. Configure sshd to refuse passworded or root logins.
Make sure you are subscribed to the security mailing list for the distribution the base station is running.
Finally, run Nmap against the base station from outside to make sure that no unnecessary services are running. From outside you should see ssh and that's it.
Just in case your base station does get compromised, make sure that no information or keys on the base station would help people get into any of your other systems. For example, accounts on the base station should not have ssh keys.
In this article, I use 10.2 addresses for the underlying WiFi, and 10.3 addresses for the VPN. Now it's time to get on the air.
The actual order of eth0, eth1 numbering depends on the order in which the drivers are insmod-ed, and the cardmgr dæmon probes the slots in order on boot. On my laptop (now base station) the WiFi card and conventional Ethernet card will only fit if the WiFi card is in the top slot, slot 0. That means that my WiFi interface is eth0, and my regular Ethernet is eth1.
By default, when you boot the base station, the PCMCIA script will start the cardmgr dæmon and possibly exit before all the cards are initialized. If you're running a server of any kind, this is not what you want to happen. All the interfaces should be up before dæmons try to start. Pass the -f option to cardmgr by putting it in the PCMCIA init script or configuration file; on Debian it's /etc/pcmcia.conf (see Listing 1). Below is /etc/pcmcia/wireless.opts:
# use "Ad-Hoc" mode to act as a base station. # Set your own ESSID. case "$ADDRESS" in *,*,*,*) ESSID="wifi.ssc.com" MODE="Ad-Hoc" ;; esac
To check your work, do an ifconfig and an iwconfig on the base station, and make sure the information is correct. Make sure that you can still log in to the base station over the regular Ethernet.
Practical Task Scheduling Deployment
One of the best things about the UNIX environment (aside from being stable and efficient) is the vast array of software tools available to help you do your job. Traditionally, a UNIX tool does only one thing, but does that one thing very well. For example, grep is very easy to use and can search vast amounts of data quickly. The find tool can find a particular file or files based on all kinds of criteria. It's pretty easy to string these tools together to build even more powerful tools, such as a tool that finds all of the .log files in the /home directory and searches each one for a particular entry. This erector-set mentality allows UNIX system administrators to seem to always have the right tool for the job.
Cron traditionally has been considered another such a tool for job scheduling, but is it enough? This webinar considers that very question. The first part builds on a previous Geek Guide, Beyond Cron, and briefly describes how to know when it might be time to consider upgrading your job scheduling infrastructure. The second part presents an actual planning and implementation framework.
Join Linux Journal's Mike Diehl and Pat Cameron of Help Systems.
Free to Linux Journal readers.View Now!
|The Firebird Project's Firebird Relational Database||Jul 29, 2016|
|Stunnel Security for Oracle||Jul 28, 2016|
|SUSE LLC's SUSE Manager||Jul 21, 2016|
|My +1 Sword of Productivity||Jul 20, 2016|
|Non-Linux FOSS: Caffeine!||Jul 19, 2016|
|Murat Yener and Onur Dundar's Expert Android Studio (Wrox)||Jul 18, 2016|
- The Firebird Project's Firebird Relational Database
- Stunnel Security for Oracle
- My +1 Sword of Productivity
- Non-Linux FOSS: Caffeine!
- Managing Linux Using Puppet
- SUSE LLC's SUSE Manager
- Murat Yener and Onur Dundar's Expert Android Studio (Wrox)
- Google's SwiftShader Released
- SuperTuxKart 0.9.2 Released
- Doing for User Space What We Did for Kernel Space
With all the industry talk about the benefits of Linux on Power and all the performance advantages offered by its open architecture, you may be considering a move in that direction. If you are thinking about analytics, big data and cloud computing, you would be right to evaluate Power. The idea of using commodity x86 hardware and replacing it every three years is an outdated cost model. It doesn’t consider the total cost of ownership, and it doesn’t consider the advantage of real processing power, high-availability and multithreading like a demon.
This ebook takes a look at some of the practical applications of the Linux on Power platform and ways you might bring all the performance power of this open architecture to bear for your organization. There are no smoke and mirrors here—just hard, cold, empirical evidence provided by independent sources. I also consider some innovative ways Linux on Power will be used in the future.Get the Guide