free space

Sunday, March 15, 2009

Solaris Containers

3 comments

One of the most intriguing aspects of the Solaris 10 operating system is the functionality included in the system. The three main items, Solaris Containers, the Service Service Manager, and DTrace have spawned their own communities and discussions and for some these features along are enough to encourage them to switch to the Solaris operating system.

As computer power keeps increasing, the need for such power on an individual machine basis is beginning to decrease. Five or ten years ago it would be common to find an SME (Small to medium Enterprise) supporting a number of different servers, each one dedicated to its own task. Today, if the organization is operating in the same way it's likely the power of some of the machines is being underused. It's no wonder then that virtualization software such as VMware or Microsoft's Virtual Server/VirtualPC has become a popular way of sharing the power of a single machine through multiple virtual servers.

These solutions are fine, but they involve emulating a complete machine with its own operating system and often this means increased licensing costs in addition to the technical overhead of emulating a hardware environment for the sake of running software within a dedicated environment.

Solaris Service Manager

0 comments

For SVR4-based Unix operating systems the services and applications executed during a normal boot are controlled through a combination of the run-level selected and the scripts located within the /etc/rcX.d directory. For example, when entering run-level 3 (the default), all the scripts in /etc/rc3.d are executed, in numbered order, to start up different services like NFS or Apache.

From an execution perspective the process is time-consuming, and from a technical perspective the system is basic and laced with difficulties. For example, the NFS service relies on the system having configured networking (another script), but it is up to the administrator to ensure that the NFS script runs after the networking script. Getting the order and sequence of the scripts correct is therefore vital. The script model also had problems in that the script would run once at boot time, but a failure during execution would need to be addressed by an administrator.

The Service Management Facility (SMF) addresses these problems through a more extensive method of configuration that allows you specify prerequisites (which implies execution order) and the necessary methods to start, stop and restart services. As an active management facility, rather than script execution process, the SMF becomes an much more integral part of running services within Solaris.

Dynamic Tracing (DTrace)

0 comments

The DTrace tool is an extension of this original idea, but with a much wider scope and more configurability. There almost 40,000 different probes built into DTrace and you can write a "script" to monitor specific aspects of an execution. In effect, the DTrace tool is like a combination of the original truss and a very flexible debugger. Unlike debugging, DTrace doesn't require any special options to enable tracing the code and this means that you can trace not only your application, but also the internals of the libraries, system calls, and kernel functions called during the execution.

Because DTrace is not tied to the method you use to compile your application, administrators can use DTrace to find out why applications aren't running or why kernel modules aren't loading, without ever needing access to the source code. DTrace is still a relatively new tool and extensions are being provided for other applications, libraries and environments to improve the level of information provided. For example, it is possible to examine the internal workings of Java applications, a boon for Java developers. In recent months we've also seen DTrace functionality added for PHP, Perl, Python, and many others.

OpenSolaris

0 comments

OpenSolaris is a completely free and open source version of the Solaris operating system. OpenSolaris is made up of source code for the commercial Solaris operating system and both products will feed each other. The two "versions" of the operating system are based on the same source code, with the major benefit for OpenSolaris users that they have access to the latest source code and bug fixes for Solaris. OpenSolaris is not, in any way, a cut-down or restricted version of the main Solaris operating system, it is just an open source version of that solution.

Sun has formalized the open source approach by making OpenSolaris available as a distribution in the form of the Solaris Express: Community Release, a free version of Solaris, based on the OpenSolaris code and designed to be used to help further develop the OpenSolaris product. The release is available as a set of CDs (four, currently) available for free download as ISOs which you can write and use to install Solaris. Both the SPARC and x86 versions are available and although the current Sun Download Center interface requires you to click for approval before download, technically the license does not require click-approval.

If you prefer, you can download the sources and build them for yourself to create your preferred Solaris operating system. The whole process can take from about an hour to 24 hours depending on your hardware and environment.

Wednesday, March 11, 2009

Linux security benefits in the data center and on the desktop

0 comments

Linux v2.6 provides support for cryptographic security, with the addition of a cryptographic API used by IPSec. This enables multiple algorithms (e.g., SHA-1, DES, Triple DES, MD4, HMAC, EDE, and Blowfish) to be used for network and storage encryption. Linux's ability to support IPSec protocols for IPv4 and IPv6 is a significant advance. With security abstracted to the protocol level, applications are less vulnerable to a potential exploit. Cryptographically signed modules are not yet a part of Linux, but if the issues about implementing such a feature can be resolved it will prove useful in preventing unsigned modules from being accessed by the kernel.

One of the issues that continues to plague Windows users is buffer overflow. Linux users will appreciate the ability to use the exec-shield patch, which is available with the Linux 2.6 kernel. Exec-shield enables protection against a variety of exploits that attempt to overwrite data structures or insert code within these structures. Since a recompile is not required for the exec-shield patch to work, this makes it easier to implement. Also, the addition of a preemptive kernel, also in v2.6, reduces latency, which is likely to drive the use of Linux not only in the data center, but also for applications that require a deterministic kernel with soft real-time capabilities.

Many Linux users depend on non-open source drivers and other binary modules from hardware manufacturers and systems providers. The problem is that although adding these drivers and modules is often useful, it is not necessarily beneficial to the operation of a Linux system. For example, a non-open source driver or binary module can overwhelm a system call and change the system call table. The Linux v2.6 kernel provides protection against these dangers by placing restrictions on the level of access a non-open source driver or module has to the kernel. This feature promotes stability, but does not place any new restrictions from a security point of view to stop a determined hacker from writing a malicious module.

Networking With Linux Wireless-Tools

0 comments

Using iwconfig For wireless-tools Configuration


After physically installing your Linux-compatible NIC, you need to configure your NIC's IP and wireless settings before Wireless Tools works.

You can configure your NIC's IP settings as if the NIC were a regular Ethernet device. After you use the ifup command the NIC becomes active, but it will not function correctly as its wireless settings haven't been configured yet.

The most commonly used command in Wireless Tools is iwconfig, which you can use to configure most of the wireless parameters, including the SSID and the wireless mode. For the wireless mode, Managed means that there is a wireless access point (WAP) on the network and Ad-hoc signifies that there is none.

For example, if your wireless NIC is named eth0 and your managed network's ESSID is homenet, then the commands would be.

| ------------------------------------------------------------------------------|

   |                   iwconfig eth0 mode Managed                         |    
| iwconfig eth0 essid homenet |

|---------------------------------------------------------------------------------|

Tuesday, March 10, 2009

basic linux commands

0 comments

prompt

If you login as root, the prompt will be machinename:~# and if you login as user, the prompt will be machinename:~$.

The tilde character (~) represents the home directory; appended to the end of a filename, it means a backup of a file that has been edited (the file as it existed before it was last edited, and if your configuration is set up to make backups).

shell account

How to Explore Your Shell Account


So you’re in your shell account. You’ve tried the “ls -alF” command and
are pretty sure this really, truly is a shell account. What do you do
next?

A good place to start is to find out what kind of shell you have. There
are many shells, each of which has slightly different ways of working. To
do this, at your prompt give the command “echo $SHELL.” Be sure to type in
the same lower case and upper case letters. If you were to give the
command ECHO $shell, for example, this command won’t work.

If you get the response:

/bin/sh

That means you have the Bourne shell.

If you get:

/bin/bash

Then you are in the Bourne Again (bash) shell.

If you get:

/bin/ksh

You have the Korn shell.

If the “echo $SHELL” command doesn’t work, try the command “echo $shell,”
remembering to use lower case for “shell.” This will likely get you the
answer:

/bin/csh

This means you have the C shell.
Why is it important to know which shell you have? For right now, you’ll
want a shell that is easy to use. For example, when you make a mistake in
typing, it’s nice to hit the backspace key and not see ^H^H^H on your
screen. Later, though, for running those super hacker exploits, the C
shell may be better for you.

Fortunately, you may not be stuck with whatever shell you have when you
log in. If your shell account is any good, you will have a choice of
shells.

Trust me, if you are a beginner, you will find bash to be the easiest
shell to use. You may be able to get the bash shell by simply typing the
word “bash” at the prompt. If this doesn’t work, ask tech support at your
ISP for a shell account set up to use bash.

If you want to find out what other shells you have the right to use, try
“csh” to get the C shell; “ksh” to get the Korn shell, “sh” for Bourne
shell, “tcsh” for the Tcsh shell, and “zsh” for the Zsh shell. If you
don’t have one of them, when you give the command to get into that shell
you will get back the answer “command not found.”

Now that you have chosen your shell, the next thing is to explore. See
what riches your ISP has allowed you to use. For that you will want to
learn, and I mean *really learn* your most important Unix commands and
auxiliary programs. Because I am supreme arbiter of what goes into these
Guides, I get to decide what the most important commands are. Hmm, “ten”
sounds like a famous number. So you’re going to get the:



Ten Meinel Hall of Fame Shell Account Exploration Tools

1) man
This magic command brings up the online Unix manual. Use it on each of
the commands below, today! Wonder what all the man command options are?
Try the"man -k" option.

2) ls
Lists files. I suggest getting people in the habit of using "ls -alF".
This will come into play down the road for security-conscious users.”
You’ll see a huge list of files that you can’t see with the “ls” command
alone, and lots of details. If you see such a long list of files that they
scroll off the terminal screen, one way to solve the problem is to use “ls
-alF|more.”

3) pwd
Shows what directory you are in.

4) cd
Changes directories. Kewl directories to check out include /usr, /bin and
/etc. For laughs, I advise exploring in /tmp. Changes
directories. Kewl directories to check out include /usr, /bin and
/etc. /usr directory belongs to the accounts, /bin belongs to the commands
and executable programs/files, and /tmp of course, the temporary
directory.

5) more
This shows the contents of text files. Also you might be able to find
“less” and “cat” which are similar commands.

6) whereis
Think there might be a nifty program hidden somewhere? Maybe a game you
love? This will find it for you. Similar commands are “find” and “locate.”
Try them all for extra fun.

7) vi
An editing program. You’ll need it to make your own files and when you
start programming while in your shell account. You can use it to write a
lurid file for people to read when they finger you. Or try “emacs.” It’s
another editing program and IMHO more fun than vi. Other editing programs
you may find include “ed” (an ancient editing program which I have used to
write thousands of lines of Fortran 77 code), “ex,” “fmt,” “gmacs,” you
may find include “ed” (an ancient editing program which I have used to
write thousands of lines of Fortran 77 code), “ex,” “fmt,” “gmacs,”
“gnuemacs,” and “pico.”

8) grep
Extracts information from files, especially useful for seeing what’s in
syslog and shell log files. Similar commands are “egrep,” “fgrep,” and
“look.”

9) chmod
Change file permissions.

10) rm
Delete file. If you have this command you should also find “cp” for copy
file, and “mv” for move file.



Thursday, March 5, 2009

Penetration Testing Tool

0 comments

SAINTexploit™

The SAINTexploit™ Penetration Testing Tool is the ultimate resource to demonstrate the security—or vulnerability—of your network. SAINTexploit goes beyond simply detecting vulnerabilities to safely exploiting them. The first integrated vulnerability and penetration testing tool, SAINTexploit is part of the complete solution SAINT offers to evaluate the vulnerabilities on your network.

This fully automated product examines potentially vulnerable services discovered by SAINT, exposes points where an attacker could breach the network, and exploits the vulnerability to prove its existence without a doubt. The file browsing and command execution capabilities resulting from a successful exploit provide undeniable evidence of a network vulnerability.

SAINTexploit™ demonstrates the path an attacker could use to breach a network, quantifies risk to the system, and allows administrators to manage resources more efficiently to better defend information assets.

Pentesting with BackTrack (offsec 101)

0 comments


Pentesting with BackTrack" (previously known as Offensive Security 101) is an online course designed for network administrators and security professionals who need to get acquainted with the world of offensive security. The course introduces the latest hacking tools and techniques, and includes remote live labs for exercising the material presented to the students.

This course gives a solid understanding of the penetration testing process, and is equally important for those wanting to either defend or attack their network. The course can be taken from your home, as long as you have a modern computer with high speed internet.

"Pentesting with BackTrack" qualifies you for 40 ISC2 CPE Credits. This applies to students who submit their exercise documentation at the end of the course, or pass the certification challenge.

what is BACKTRACK

0 comments


BackTrack is the result of the merging of two innovative penetration testing live linux distributions - Whax and Auditor. BackTrack has been dubbed as the best Security Live CD today, and has been rated 1st in its category, and 32nd overall by Insecure.org. Based on SLAX (Slackware), BackTrack provides user modularity. This means the distribution can be easily customised by the user to include personal scripts, additional tools, customised kernels, etc.

Is your system unstable ?

0 comments

Have you ever lost your precious work because Windows crashed? Do you always shut down your computer the proper way, or do you sometimes just switch it off because Windows has gone crazy and doesn't let you do anything anymore? Have you ever gotten the "blue screen of death" or error messages telling you that the computer needs to be shut down for obscure reasons?

The latest versions of Windows, especially the "Professional" ones are becoming more stable than before. Nevertheless this kind of problem still happens fairly often.

Of course, no operating system is perfect, and people who tell you that theirs can never ever crash are lying. However, some operating systems can be so stable that most users never see their systems crash, even after several years. This is true for Linux. Here's a good way to see this. When a system crashes, it needs to be shut down or restarted. Therefore, if your computer can stay up and running for a long time, no matter how much you use it, then you can say the system is stable. Well, Linux can run for yearswithout needing to be restarted (most internet servers run Linux, and they usually never restart). Of course, with heavy updates, it still needs to be restarted (the proper way). But if you install Linux, and then use your system as much as you want, leaving your computer on all the time, you can go on like that for years without having any trouble.

Most of the time, you won't leave your computer on for such a long time, but this shows how stable Linux is.

Linux protects your computer

0 comments

Viruses, trojans, adwares, spywares... Windows lets all these enter your computer pretty easily. The average period of time before a Windows PC (connected to the Internet and with a default "Service Pack 2" installation) gets infected is 40 minutes (and it sometimes takes as little time as 30 seconds).

So you can either 1) install a firewall, 2) install an antivrus program, 3) install an anti-adware program, 4) get rid of Internet Explorer and Outlook (replacing them with Firefox and Thunderbird), and 5) pray that pirates aren't smart enough to overcome these protections and that, if a security flaw is discovered, Microsoft will take less than a month to make an update available (and this doesn't happen very often). Or you can install Linux and sleep soundly from now on.

As we have already said in the "virus" section, Open Source software (e.g. Linux) means more eyes to check the code. Every programmer on Planet Earth can download the code, have a look, and see whether it might have security flaws. On the other hand, the only people allowed to look at the Windows source code (its "recipe") are people working for Microsoft. That's hundreds of thousands of people (maybe millions) versus a few thousand. That makes a big difference.

But actually, it isn't exactly a matter of how many flaws a system has, compared to the others. If there are many flaws, but nobody has discovered them yet (including pirates), or they are minor (they don't compromise an important part of the system), pirates won't be able to do great damage. It is really a matter of how fast a security flaw can be solved once it has been discovered. If a security flaw is discovered in an open source program, anyone in the open source community can have a look and help solve it. The solution (and the update) usually appears within a few days, sometimes even a few hours. Microsoft doesn't have that much manpower, and usually releases security patches within about a month after the flaw has been discovered (and sometimes published): that's more than enough for pirates to do whatever they want with your computer.

Forget about drivers

0 comments

New pieces of hardware, even the simplest kind, usually come with a CD. On the CD, a very small piece of software called a "driver". If you read the instructions manual, you'll know that the hardware won't work on a Windows computer until you install the driver. If you're like most people and do not read the manual, then you'll probably figure it out yourself when you see your new high-tech gizmo doesn't work out of the box.

Insert CD, click on installation wizard, wait, eject CD, reboot computer.

If you bought the hardware a while ago and are re-using it on another computer, you'll probably want to forget about the CD and fetch the latest version of the driver from the manufacturer's website. Which can take quite a bit of time, given how, huh, let's say strangely organized some manufacturers' web sites are.

Okay, now that's only one piece of hardware. Now imagine you want to install Windows on a whole new, untouched, computer. For each little piece of hardware you'll have to find the latest driver (or use a CD), install it, and reboot from time to time. Video card, sound card, keyboard, mouse, motherboard chipset, etc. (better do the video card driver first or you're stuck with your high-end screen showing a very low resolution mode). And that comes after an already rather long installation of Windows itself.

Linux doesn't need separate drivers. All the drivers are already included in the Linux kernel, the core of the system, and that comes with every single Linux installation. This means:

  • A very fast and standalone installation process. Once you're done, you have everything you need to start working (including the software you'll be using, see "When the system has installed..." item on this website).
  • Out-of-the-box ready peripherals.
  • Less harm for the planet because all these CDs don't need to come with hardware any more (well, at least once Windows don't need them either...).

Forget about viruses

0 comments

If your computer shuts itself down without asking you, if strange windows with text you don't understand and all kinds of advertisements appear when you don't ask for them, if emails get sent to all your contacts without your knowing it, then your computer probably has a virus. The main reason for this is because it runs Windows.

Linux hardly has any viruses. And that's not like "Oh well, not very often, you know". That's like "If you've ever heard of a real Linux virus, please tell me". Of course, a Linux virus is not impossible to get. However, Linux makes it very hard for this to happen, for several reasons:

  • Most people use Microsoft Windows, and pirates want to do as much damage (or control) as possible: therefore, they target Windows. But that's not the only reason; the Apache web server (a web server is a program located on a remote computer that sends web pages to your browser when you ask for them), which is open source software, has the biggest market share (against Microsoft's IIS server), but it still suffers from much fewer attacks/flaws than the Microsoft one.
  • Linux uses smart authorization management. In Windows you (and any program you install) usually have the right to do pretty much anything to the system. If you feel like punishing your PC because it just let your precious work disappear, you can go inside the system folder and delete whatever you want: Windows won't complain. Of course, the next time you reboot, trouble begins. But imagine that if you can delete this system stuff, other programs can, too, or just mess it up. Linux doesn't allow that. Every time you request to do something that has to do with the system, an administrator password is required (and if you're not an administrator on this system, you simply can't do it). Viruses can't just go around and delete or modify what they want in the system; they don't have the authorization for that.
  • More eyes make fewer security flaws. Linux is Open source software, which means that any programmer in the world can have a look at the code (the "recipe" of any program), and help out, or just tell other developers "Hey, what if blah blah, isn't this a security flaw?".

Don't pay $300 for your operating system

0 comments

You're probably saying to yourself : "Oh, I didn't pay for Windows". Are you absolutely sure ? If your computer came with a copy of Windows, then you paid for it, even if the store didn't tell you about that. The price for a Windows license amounts to an average of one fourth of each new computer's price. So unless you obtained Windows illegally, you probably paid for it. Where do you think Microsoft gets its money from?

On the other hand, you can get Linux completely free of charge. That's right, all these guys all around the world worked very hard to make a neat, secure, efficient, good-looking system, and they are giving their work away for everybody to use freely (if you wonder why these guys do such things, drop me an email and I'll try to explain the best I can :) ). Of course, some companies are making good business by selling support, documentation, hotline, etc., for their own version of Linux, and this is certainly a good thing. But most of the time, you won't need to pay a cent.

No backdoors in your software.

0 comments

The difference between "closed source" (proprietary) and "open source" software is (how did you guess?) that their "source" is open. Huh, okay, why do I care? Well, the "source", or "source code", is like the secret recipe of every software, like the recipe of a cake. When you buy a cake, there's no way you can figure out the exact recipe (although you can guess bits and pieces, "there's some coconut in here"). If a bakery gave out the recipe for its super-sucessful cheesecake, it would soon go out of business because people would bake it for themselves, at home, and stop buying it. Likewise, Microsoft does not give out the recipe, or "source code", of their software, like Windows, and rightly so because that's what they make their money from.

The problem is they can put whatever they want in their recipe, without us knowing. If they want to add a bit of code saying "every 12th of the month, if the computer is online, create a list of all the files that have been downloaded in this computer since last month, and send it back to Microsoft through the network". Microsoft probably doesn't do that, but how would you know, since everything is closed, invisible, secret?

A little while ago (October 2008) a lot of Chinese Windows users (most of them buy pirated copies of Windows) saw something strange happen with their computer: every hour, their screen would go black for a few seconds. Nothing to really prevent you from working, but it can easily make you go nuts. Microsoft had added a bit of code (an ingredient to the recipe) saying "if this is detected as a pirated copy of Windows, make the screen black for a few seconds, every hour". Now the point is not that the software was pirated: pirating software is bad, period. The point is that these users got an automatic update for Windows (updates usually fix bugs and add new features) without knowing how it would affect their system. No one knew.

Changing the source code of open source software is a much more open process. By definition, all the recipes are public. It doesn't matter to you since you won't be able to understand the code anyway, but people who understand it can read it, and speak out. And they often do. Every time someone wants to change the source code, all other developers are able to see the change ("hey man, why did you add this code spying on the user's keyboard input, are you out of your mind?"). And even if the whole team of maintainers for a piece of software go crazy and start adding puppy-killing features all over their source code, someone outside the team can very well take the code, remove all the bad bits, create a whole new version of it, and let the world know what the difference is. It's open.

That's why you can be sure open source software doesn't do bad things behind your back: the community keeps a close eye on all the recipes.

Use MSN, AIM, ICQ, Jabber, with a single program

0 comments


You may have accounts for several instant messaging services, such as MSN, Yahoo, ICQ, Jabber, AIM, etc. While running Windows or Mac OS X, you probably need one program to connect to each one of those : MSN Messenger for MSN, ICQ for ICQ, etc.

With Pidgin, the instant messenger for Linux (it exists for Windows as well, and for Mac OS X with the name "Adium"), you can connect to all these services at once, with this one program, and see all your buddies at the same time.

Too many windows? Use workspaces.

0 comments


I never was a Windows user and there is something I just cannot understand: once you have your word processor, your web browser, your email application, your instant messenger software and some windows open to explore your files, how do Windows users manage not to get lost in this clutter?

Workspaces is a feature I would never trade for anything else. You probably only have one screen, right? Try Linux, and you have four. Well, you can't actually look at the four of them at the same time, but this doesn't matter since your eyes can't look in two directions at once, right? On the first screen, lets put your word processor. On the second one, your instant messenger software. On the third one, your web browser. So when you're writing something in your word processor and you want to check out something on the web, no need to review all your windows to find your browser, stacked all the way behind the others. You just switch to your third screen and voilà, here it is.

Take a look at the following screen, and pay particular attention to the bottom right of the screen:



Why Linux is Better

0 comments


If you find a bug in Windows, you can basically wait and pray that Microsoft will fix it fast (and if it compromises your system's security, you would have to pray twice as hard). You might think that reporting that bug to Microsoft (so that they can fix it more quickly) must be easy. Well, think again. here is an interesting article about this. What if Microsoft doesn't even notice the bug ? Well then, let's hope the next version of Windows will fix it (but you'll need to pay another few hundred bucks).

Nearly all open source software (including Linux distributions) have a bug tracking system. You can not only file bug reports (and you're encouraged to do so !) explaining what the problem is, but you can see what happens next : everything is open and clear for everyone. Developers will answer, they also might ask a little extra information to help them fix the bug. You will know when the bug has been fixed, and you will know how to get the new version (still for free, needless to say). So here you have people taking care of your problems, keeping you informed about it, and all that for free ! If the problem is solved on your system, it will be on everyone else's : it's in everyone's interest to work together to make software better. This is how open source works.

F

free counters

sponsors

haa

sponsors

sponsors

haaaaa

visit

 

console operating system linux solaris solaris10 solari rachel solari sun microsystems linx | Copyright 2009 Tüm Hakları Saklıdır | Blogger Template by GoogleBoy ve anakafa | Sponsored by Noow!