Slashdot Mirror

Slack.

• Operating System: Although OpenBSD is generally regarded as the best Freenix in terms of security, GNU/Linux is under more active development, faster, more user friendly and supports far more software packages and types of hardware than OpenBSD (sorry Theo, much respect...). I, along with most of the other admins and users are more familiar with a GNU environment. The distribution we use is Debian. I chose Debian for several reasons: free (libre and gratis), strong package system and reliability. It hasn't let me down. I do prefer Slackware on my personal box, since the -current tree is more stable than Debian's unstable. However, Debian's package system is nicer and provides many things that Slackware lacks (I may abandon Slackware as soon as Debian supports XF4 and kernel 2.4 by default in stable). Debian also keeps up to date on security issues.
• Kernel: We now run a Linux 2.4 kernel. Although most security tools/patches are 2.2 only, the mature (READ: usable) ones have been ported to kernel 2.4. I'm confident that more will follow. 2.2 is dead. We have disabled modules entirely in our kernel to prevent hax0ring and to avoid using modules (does anyone else hate them?). We only have a few drivers enabled. Besides helping performance, this protects against hostile code injection into the kernel. It is possible for a clever coder to inject code into a non-modular kernel, but most rootkits use kernel modules. Not allowing kernel modules and using 2.4, prevents us from using some really cool security tools like LOMAC. However, I found that LOMAC did not play nicely with OpenWall's Secure Linux patch (or cron, or init or getty ...). When Lomac behaves nicer, it will be added (I'd also like to see it as a patch rather than a module). Currently, we are using the GetRewted.net patch which provides lots of security enhancements. We may be adding more secure kernel additions such as the NSA's Security Enhanced Linux. However, at this time, we feel that the current kernel security model is both secure and usable. If you have any neat kernel goodies we might like, tell us.
• Firewall: Note that we are NOT running any sort of real firewall. We feel that the extra kernel overhead of the firewall hurts performance and adds needless complexity to the server. Since we are NOT trusting local (ie: users with shell access) anyway, we feel that a firewall is basically useless since Linux's TCP/IP stack is already fault-tolerant, mature and robust. We augmented the TCP/IP stack with this shell script to limit our vulnerability to DoS attacks. Firewalling services should not be needed if your services are secure (run with minimal priviliges and SECURE by design and condiguration). Eventually we may drop an OpenBSD or Linux 2.4 firewall in front of the server as a measure for restricting local users ability to portscan, DoS and exploit remote hosts.
• Authentication / Login: Remote interactive sessions are only supported over ssh (and we run OpenSSH). Telnet is not allowed. Rhosts authentication is not allowed. I've looked at forcing people to use S/Keys, but it is a real pain in the ass on both ends. We are currently allowing FTP in. When I'm confident that all the users can get a good graphical scp/sftp client for their platform, I'll kill FTP. Since I'm not relying on trusting local users anyway, this is more a security concern for individual users. I'm considering locking some users who don't use their shells out of real shell access.
• Users: I only make accounts for people I know personally. I also monitor user login s and their activity using whowatch and process accounting. I'm suspicious of logins from weird hosts. I also use PAM to set resource limits.
• Monitoring: We watch out for network nastiness with Snort which is an AWESOME IDS. We monitor its logs and other system activity with Psionic's LogCheck. Occasionally, I'll audit the machines for weird ports using nmap and Nessus, both of which are REALLY nice. I'll also routinely verify system integrity using a combination of Tripwire and chkrootkit, on a system booted from a known CLEAN floppy containing the tools.

Or, (protopkg trick of the week, kids), write a prototype that just has "sleep 10" in the compile() function. When protopkg goes to sleep, hit ctrl-z to stop it, and do whatever you want to manually. Then when you're done, give that shell an 'fg' to let protopkg finish its work.

Idunno about monitoring the network sockets... that's kinda weird.

You can find out more about us at our temporary website, which of course needs some serious updating. There are some good links to some articles, a few of our members sites and a great exhibition we had at the local EPA office.

If you want to know more feel free to email me and ask away! I'm also interested in all sorts of technology and communication issues that I feel suitably fit our purpose also (you can read a posting I just made today to our local LUG mailing list about some of this stuff.)

[Plea to the Slashdot crowd: we are in need of just one or two decent computers or parts and peripherals & office equipment which will seriously help us to ramp up activity and gain productivity again. If you have anything which you might like to donate please drop me an email -- remember we're a non-profit so it's tax deductable too! 8)]

You can find out more about us at our temporary website, which of course needs some serious updating. There are some good links to some articles, a few of our members sites and a great exhibition we had at the local EPA office.

If you want to know more feel free to email me and ask away! I'm also interested in all sorts of technology and communication issues that I feel suitably fit our purpose also (you can read a posting I just made today to our local LUG mailing list about some of this stuff.)

[Plea to the Slashdot crowd: we are in need of just one or two decent computers or parts and peripherals & office equipment which will seriously help us to ramp up activity and gain productivity again. If you have anything which you might like to donate please drop me an email -- remember we're a non-profit so it's tax deductable too! 8)]

...why should upgrading and duplicating our newer OSes be considered wrong in any way?

Upgrading an OS should not cost $80, or even $40.

Some applications can be priced at up to $600 for a single CD. As if someone of college age has $600 to spend on a CD.

hi, why don't you try Slackware. They have a Sparc version. I run it on two ultrasparc stations and they are working fine....

Red Hat may have dropped their SPARC support but there's still plenty to choose from:

Debian has active ports for both SPARC/UltraSPARC with a 32-bit userland and an UltraSPARC port with a 64-bit userland. The 32-bit SPARC port is much more up-to-date and complete, and basically is at parity with Debian-x86. It has a stable, testing and unstable branch just like Debian-x86 and thanks to the clever Debian package management and development tools is kept up-to-date with the main x86 tree automatically. Due to Debian's widely-ported and volunteer nature the SPARC port is likely to be supported for quite some time.

SuSE is also widely ported, and again, has a SPARC port which is essentially at parity with the main x86 version - 7.1.

Slackware also has a SPARC port, but if you are used to Red Hat or Solaris it may be too much of a culture shock with things like its BSD-style initscripts and primitive package management.

All of these are modern, up-to-date distros, which (Debian especially) I prefer to Red Hat.

Try them out. You might like them.

. . .

Slackware has a port to SPARC in their -current tree, which will freeze to 7.2 sometime this summer. They also have an working Alpha port.

Slackware has a SPARC port. (LINK).

I'm pretty pleased with my XL 300Alpha Slackware box. Matrox Graphics, Inc. MGA 2064W [Millennium], Symbios Logic Inc. (formerly NCR) 53c810, Lite-On Communications Inc LNE100TX, 196MBytes RAM, Alcor, running with MILO.

The SRM install wasn't supported, when I built it, but, with a little bit of work, was able to build my own boot disk to get it to run. I don't use it much for games, but, it's a rock-solid file/database server.

Linux rocks!!! www.dedserius.com

I believe Slackware makes a profit.

"Slackware has always made money (who else producing a commercial distribution can say that?)"
See Patrick's post regarding Slackware and WindRiver. And Slashdot article on said subject.

Now admittedly, I don't know how MUCH money they've been making, but they do it by having a distro that is stable and secure [well, compared to most other distros]. I've found Slackware to be "short, sweet and to the point" Because of this I think more people are willing to fork over the $$ to get the distro. It's the only distro that I've liked enough to pay for anyway.

Ender

See here on the slack forum: a post by Patrick in response to some guy posting his un-official paypal donation site. (in all fairness I think the Nanux guy was trying to help, I noticed several posts by him offering to do this, I guess Patrick didn't notice them)

Oh one of noble but misguided intentions. Before dispensing of wisdom one must learn wisdom. After slaking thy thirst at the fount of freely available knowledge. Go forth and spread thy wisdom and your newly aquired conception of liberty throughout the mind of humanity.

P. Volkerding:

Slackware has always made money (who else producing a commercial distribution can say that?) but with BSDi, we ended up strapped to a sinking ship.

Now I am not trying to say that I think this is fake. I just won't believe it until it is posted somewhere where I can be sure only Patrick could have put it up.

Actually, they will not be back for 7.2. David Cantrell said in this post that floppy installs are now gone. Also, if you look at -current, there are several packages which are too large for floppies. a1/modules.tgz is 5MB. n1/samba.tgz is 6MB.

Hmm...
Did you mention a real upgrade system with dependency checking?

Open mouth, insert foot?

Hmm...
Did you mention a real upgrade system with dependency checking?

Open mouth, insert foot?

Some people out there probably dont know what slackware is: this site is very informative for those who have no clue. Anyway it seems we have entered a new slackware age. I hope its for the better

Hell yes ima buyin it, have the beta, and it fucking rocks. Of course I'm some freak hard core gamer by most peoples opinions but, Linux rocks, and I'd toss away all this computer equipment if it went away for whatever reason. Life just ain't the same without an operations system that can boast longer uptimes than some peoples (short) lives. It ain't gonna be run everywhere until we get desktop. We don't get desktop unless we get killer apps. Games are close, maybe not killer, and not exclusive, but they will get users. That's the plan anyway...

Slackware SPARC

For those who are even more paranoid about disk space, one can use the Slackware Zipslack installation. It fits in under a hundred megs. It doesn't come with much beyond a basic Linux installation, but it's nice to start with something small and efficient, and add only what one needs.

This article seems to fall into the category of "Linux in Business" more than a general-interest Linux story. What the managers don't seem to realise is that non-commerical distros like Debian and, to a lesser extent, Slackware (which is good enough to be non-commercial ;-) can survive with just one maintainer. The commercial distros like Red Hat will die if there is no commercial interest or too much competition. Think of the power of free software, guys! It applies to distros too - Linux or any of its non-commercial distros will survive as long as there is sustained interest by hobbyists and hackers.

I'm told the SlackWare folks have a port in progress, but it's not ready yet. If it were here, I'd say it's exactly what you want, but as it's not... why not give NetBSD a try?

If you are really adventurous, though, you could also try Slackintosh - it's an unofficial port from the slackware source tree. It has no installer - you will have to set up another linux/ppc distro to install it, but a very minimal install should work fine.

Oracle 8i does work on Slackware. But its installation routine relies on specific paths for some system utilities that only apply to Red Hat and its derrivatives. I have successfully installed 8i on Slackware by following the advice here.

Unless people fill up entire disks with 100MB's of garbage, I don't think 1K on a disk will cut it as "non-blank" media.

So put ZipSlack on the Zip disks.

Sure...

Check this post in the Slackware forum from David Cantrell (Slack developer)

As seen in that post, www.slackware.com was hacked and defaced 25 december.

More comment from the Slackware team, Pat promises he wont be *rude* next time :)

Oh, BTW, PKB michael.....

--
Full plate and packing steel! -Minsc

There's even a response to michael's whiny, petulant updated message.

THIS_IS_NOT_A_BETA_EITHER.TXT

Here's the link to the official Slackware response.

This is what it says:

Slackware 7.2 is NOT released.

Is this in the slackware-current, or slackware-7.2 directory?

Looks like slackware-current to me.

Wake up, do some REAL reporting (like, ask someone on our team), and stop trying to get "fp!".

...should be about a month for the actual release.

- Pat

The evidence?

GET_A_CLUE_SLASHDOT.TXT.

While you are at it, checkout the topic at #slackware on irc.openprojects.net.

ftp://ftp.slackware.com/pub/slackware/slackware-cu rrent/GET_A_CLUE_SLASHDOT.TXT
Read that.
-------------

GET_A_CLUE_SLASHDOT

Wed Jan 10 12:46:50 PST 2001
(* security fix *)
glibc-2.2 contains a local vulnerability that affects all setuid root binaries. Any user on affected systems will be able to read any file on the system through a simple process: The user sets the RESOLV_HOST_CONF environment variable to the name of the file that they wish to read, then runs any setuid root program that makes use of that variable. The file is then written to stderr.
a1/glibcso.tgz: Patched sysdeps/generic/unsecvars.h to fix the problem with RESOLV_HOST_CONF, and also to add HOSTALIASES to the list. (this change is noted in glibc-CVS)br> d1/glibc.tgz: Patched sysdeps/generic/unsecvars.h as above.

Announcing Slackware Linux 7.1!

The first major release for 2000, Slackware Linux 7.1 builds...

Until that file announces Slackware 7.2, it has NOT been released. It hasn't even been released as beta yet!! Do you think any major distro would release something without releasing a beta beforehand?

What it looks like is happening is Patrick and the rest of the Slackware developers are preparing slackware-current, Slackware's developers release, to be released as a beta. This story on USENET, ummm I mean /., is a little premature.

Distros update their versions for lots of different reasons, often because a number of new user programs are available, a new XFree86 version is available that is needed for new video cards, or sometimes for purely marketing reasons, as when Slackware jumped from 4.0 to 7.0 in order to reach marketing parity with Red Hat - Slackware generally used a conservative numbering scheme, but Red Hat advanced the numbers rapidly, even though all the distros are based on the same stuff, but lots of people gave the Slackware folks the message they didn't want software they perceived as out of date.

So no, it's fine to use the 2.4.0 kernel with Mandrake 7.1. The version of the kernel bears no explicit relation to the version of the distribution.

By the way, if you wonder where most of the rest of the programs on your distro come from, you have the fine folks at The Free Software Foundation to thank. Richard Stallman takes pains to point out the system is more properly called "GNU/Linux", because what Linus developed was a kernel that the already-existing GNU programs could run on.

Michael D. Crawford
GoingWare Inc

--

I may be wrong, but I think APT stands for "Another Package Tool"
However, I use Slackware exclusively and have only touched Debian once, other distributions never.

--
steve

But this isn't the point of the article. He's trying to say that if Linux is ever going to make it out of a developer/power user/random curious person market, it needs to have a more limited set of software. With Windows, you get a command line FTP program, and if you want more, you install them.

This doesn't neccessarily mean that we want to follow in exactly Windows' footsteps, but this gives you a bit of flexibility, without bloat, and without handpruning seven different FTP clients.

Someone's a poweruser and wants a diffent FTP client? They know enough to download their choice of software and compile and run it.

I'd hate to see developers and the Linux community ignore articles like this, because I beleive that this is a common problem with new Linux users-

New user: How do I FTP a file from www.netscape.com?
Linux Friend: Well- let's see... Do you want barebones FTP, tab completion, KDE GUI based, or something else?
New User: Huh?

What we don't need is yet another distribution. (My brother is realeasing Little Timmy Linux 1.8 soon) I'd rather see something along the lines of Zip Slack, or BigSlack just a modified distro.

"So, Linux vendors, hear this: If you really want to give Windows the boot, your OS has to be slick, quick, and slim. Because, after all, too much is...just too much."

Has it occurred to this guy that you don't have to install every package that comes with your distribution?

You can get a version of Slackware that fits on a Zip disk. Try doing THAT with Windows.

Err, How about some facts to back up your assertions?

Contrary to popular mis-information, Slackware packages are not just archives. They do contain rules for installation, version information, and meta-information. This is why Slackware users know that you just cannot 'unzip and untar' a Slackware package -- you need to run 'installpkg' to install something correctly. (BTW - You can use installpkg to install 'simple tarballs', but these do not contain the additional package information used by the Slackware package system).

In the UserLocal interview, they discuss that 'autopkg' and 'protopkg' are the next generation of tools for the Slackware packaging system. For example, here's what the UserLocal interviewer wrote about 'protopkg':

I've recently made a package with protopkg, I was completely amazed at how simple it was to use (I actually just modified an existing prototype found on ftp.slackware.com in the /unsupported dir). This system seems almost revolutionary in the fact that essentially it allows users to trade binaries just by exchanging these prototype text files.

I don't know whether protopkg is revolutionary, but it is certainly not primative.

Later

"Fat, drunk, and stupid is no way to go through life."

All three need to be recognized and applauded for their efforts and commitment to the community.

I knew a guy who call himself Mr. I-Am-Elite-and-Edit-Everything-By-Hand-in-Linux.. This kind of people really have trait. I should've challenged him to write assembly code instead. Being an 31337 == being a time waster. I think if he wants to edit config for his life, he'd better go back to where he belongs editing WinNT registry.

Another thing is, security. For example, take a look at
ftp://ftp.slackware.com/pub/slackware/slackware-7. 1/patches/

Only 1 patch? Come on! glibc local exploit, netscape java problem, lpr, ypbind, pine, etc. It hasn't been updated for hundred years, I guess.
This site (slackware.com) even uses FreeBSD instead of Slackware Linux. Identity crisis, anyone?

Linuxmafia.org claims that Slackware is more secure than Redhat. The truth is, Redhat is more consistent when updating its security, and Redhat is being honest, even though 7.0 was still under development.

Debian also pretty consistent when updating its security problem.

Slackware does a false advertising in Dr. Dobb's Journal saying that it has the easiest installation. Does it have a partitioning tool that can resize Windows and Linux partition so that you don't have to waste your money for Partition Magic.

I'm not trying to make Slackware's name bad here, it's just that I'm upset because my money is wasted for a piece of shit junk that can't even detect my hardware like Redhat/Caldera/Mandrake/SuSE. Moreover, people who use it claims that it's so secure, but its security is so crappy that by the default install it allows people to remotely break into the system because there is /etc/hosts.equiv that contains "localhost" line with rlogin service turned on by default (this was in my friend's Slackware 7.0 system). Okay, this is just by default and can be prevented, but what if the user does not know Linux at all and his machine got hacked?

My point is, both GUI and ncurses config tool is good, hardware detection is good. I just can't seem to understand 31337 people who waste a lot of time for editing by hand.

Go to slackware.com and read through their book. The WHOLE installation manual is online... and you can probably print it off easily enough. The Slackware book covers quite a bit of material... and is probably one of the greatest features of Slackware (aside from everything else slackware! :).

Of course, the book covers slackware specific things... but you can easily adapt the information to DistroX.

4) Freebsd and the like make heavy inroads in the server area. I'm still waiting for a distro of linux to install on a server that doesn't require gigs of drive space. Yea, I know you can do min installs and then install what you need, but xxxBSD just seems cleaner to install. And you have to love the ports.

Have you heard of ZIPslack? It a Slackware. It's designed to be loaded from a zip drive. I think that will satisfy your needs.

RobK
---
RobK

I have been using Slackware since 1995. I have worked through 4 iterations of the product(3.0, 3.1, 4.0, and 7.0). In the meantime, I have installed Red Hat 4.0, 5.0, 6.2 and SuSE 6.1.

Of these distributions, I had the fewest installation problems with Slackware. My Slackware boxes are easy to configure. Unlike Red Hat, Slackware is a more conservative distribution that releases about every 6 months. The result is that "the latest and greatest" beta code is released in the /contrib area rather than just added to the main distribution. The Slackware guys keep out unproven, unreliable versions of software until the bugs are worked out. This is their philosophy - Check out Slackware.com for details.

In my experience in using Slackware and the other distributions, Slackware has far fewer updates (or 'errata' as RHAT likes to call them) than other distributions.

No I don't have actual "number of bugs per distribution" to support my hypothesis. What I do have is 6 years of Linux experience and the failures of trying to install and configure Red Hat and SuSE. In fact, of the other distributions I have installed over the years only Red Hat 6.2 went off without a hitch.

Finally, many newbies think that Slackware is easy to install. For example, read Andrew Chen's review of Slackware 7:

"Of the several Linux distributions I've tried, I feel that Slackware Linux 7 has presented me with one of the cleanest, most usable desktops, very suitable for anyone from a Linux professional to the casual desktop user switching from Windows."

This is why I prefer Slackware. Later.

"Fat, drunk, and stupid is no way to go through life."