Slashdot Mirror
Linux Lite?
smock writes "An interesting (and, IMO, excellent) suggestion is over at Linux Journal. " Essentially, an argument for better opening security, given the lack of experience of many new Linux users.
← Back to Stories (view on slashdot.org)
No, you're absolutely right. But, there are a few solutions. First, they could do something involving the serial number on the CD it came on; then, the "now you're ready to be root" section of the manual can say how to use it. Or, you could cast root as something other than an ordinary account, e.g. with a prompt sequence like: "What do you want your username to be? And its password? Now, make up a super-secret emergency password, different from the first one, and type it here: ..." There are a lot of ways you could get a root password unique to the machine such that the "dumb user" doesn't really know what to do with it until they are no longer just a dumb user.
``This, too, shall pass.'' ---Eastern proverb
Why do we need http, nfs, telnet, ftp servers running by default in a home networked environment. I've always used RedHat, and sure it gives the option of what servers to run, but somebody with no unix/server experience would quite probably just pass over such a screen without even thinking about the consequences.
Wake up.
I dunno about this being *tooo* far off... As far as not even letting the user know about root until they're forced to dig into the manual ("Oh, BTW, in order to make the following changes, you must be logged in as root... For an explanation of root, please turn to page XX...") -What if root's password were set (by default) to the user's normal password? Or some derivative of their username? Being relatively new to Linux myself, I dunno if this is feasible (or itself another nasty security risk); could someone more experienced please comment?
Well, I suppose the root password could be randomly assigned and kept hidden. How to become root then? LILO: linux single (Good Idea? If not please berate my suggestion..:)
Try to hack my 31337 firewall!
Well, I suppose the root password could be randomly assigned and kept hidden. How to become root then? LILO: linux single (Good Idea? If not please berate my suggestion..:) After all, if the box is single user and one is worried about attacks coming over the network as opposed to the box itself, this would work.
Try to hack my 31337 firewall!
In my experience ( Linux various distros, now Freebsd), the key element that has either been missing or difficult to find/obtain is good documentation.
Most of the free unices are just that, FREE, how many many of us are prepared to pay somebody or some group to provide clear and coherent documentation of the different tweaks and customisations that exist and are frequently required by the different unices even at kernel level before you even start talking about ports.
To even attempt this task would require the setting in place of some kind of standard that will inevitably limit the flexibility of offerings
Whilst this flexibility itself is both a strength and weakness, I would resist an attempt to change or impose some additional framework upon it that might reduce the variety of tools available to me.
Not necessarily.
Certainly you _could_ be lazy and do it that way.
But you could equally have the root password indivuidually tailored with each copy of the distro. You know - "root password is on the sticky label inside the front cover of the manual"
kind of thing...
Gentlemen, start your penguins
Essentially this is the case with NT.
Although Microsoft badge them as different products - the code is still the same, it's just installed differently. In NT 3.51 you could turn Workstation into server just by altering a registry key. You can do the same in NT 4.0, but you need to kill off a magic thread in the OS which modifies this key if it detects you changing it!
The install program here oculd install the dumbed down version of linux by default - but if they bothered to the read the manual they could find out that if you did "blah blah blah" you got all the really cool server stuff, and a big shove towards the rest of the manual.
Gentlemen, start your penguins
Right on.
I've installed debian more than a few times too. dselect really needs some work. Like maybe a complete re-write...
Gentlemen, start your penguins
I discovered (although only recently) that hitting F1 from the dialog where you "choose individual packages" produces at least a semi-helpful description of the particular package. (Actually the contents of the description contained in the RPM package.)
Anyway, I believe RedHat's install is getting better. I fiddled with Lorax (the RH6.1 beta) a little this weekend and I think that the new graphical install will be quite nice when they get it working correctly. Also, the new install options are:
- Install Gnome Workstation
- Install KDE Workstation
- Install Server
- Install Custom
So, more specialized install options is the trend. This is good. Also, install help is printed directly on the same screen as the options. Also good, pending useful help comments.I still believe Linux isn't there yet as far as the novice is concerned; perhaps not even close yet, but it's getting better fast.
"I have a good idea why it's hard to verify programs. They're usually wrong." --Manuel Blum, FOCS 94
When I recently installed linux it did have pop up help for *some* of these options available by pressing F1. A sentence or two is all that's really needed. The sad thing, though, is that some options didn't have even that - you just got a blank window when you hit F1 on them.
You can go on doing whatever you like, but there are people who want Linux to be a viable alternative to Windows. Both price and O/S efficiency on desktops/small servers points to this as A Good Idea. Keeping it Open Source means you can still hack it.
I think Linux has improved tremenduosly over the past few years, but it's still not ready for clueless newbies (or my grandmother) who only want a PC to connect to the Internet. If you only want a machine to connect to the Internet, you better make sure your ports are closed off and safe. Newbies can't do this without help, but they can install Linux with a GUI install and they can run KDE/GNOME once it's installed.
A user is *not* a sysadmin, and shouldn't need to learn how to become one.
Get Linux ready for users!
becouse on one side, office user doesn't need
number of www servers, search engines and such
and on other hand, guy who setting up headless
www server to put on T1 line doesn't need KDE or
Gnome, or even gimp.
Debian already spans over five CD's (including
non-free/non-US). I suggest even further splitting:
console as installation option)
With such approach each of stripped-down versions
would fit on one CD. Of course, there should
be Linux complete which is mother of all problem-oriented distributions, and may be add-on
CD-s which would allow to add missing packages
to already installed system without getting
whole thing (binaries can be ommited for this CD.
If you have already running system with basic
development tools, rebuilding package from source
is only matter of time, but no need for purcashing
separate cd for each type of processor can be
winning)
There is definitely room for another flavor of Linux along these lines. Hiding root almost completely, is a good idea. Certainly a root password will be setup at install, but a large set of root capabilities could be handled by a small set of setuid root programs that ask for the root password to peform admin tasks. Packages could be installed by something like an setuid root install shield, which would ask for root's password to install the package system wide, otherwise the package would be installed in the user account if possible. Even better, the install shield should have a configuration screen which lets you pick which users have the priveledge to add and remove system wide applications. This would then be implemented via groups, file permissions, and setuid root, behind the scenes. Using this, root could really be reserved for only the most neccessary occations, and attempting to login as root could come with all sorts of warnings.
Of course if you don't want all this hand holding, don't use it. This is Linux after all pick the flavor that fits you!
I really can't imagine this being terribly complicated, but I would personally love to see a nice, graphical (or at least curses-based) installation program that behaved basically like this:
1. Select a basic "personality" for this system:
a. Server
b. Workstation
2. Select a starting configuration for this system:
a. Minimal (most secure)
b. Standard
c. Custom (for experienced users or administrators only)
You would then proceed to an application selection area, where you would pick some major configuration options (X Windows, Web Server, Mail Server, Games, etc.) and, if you picked Custom, an exhaustive sub-list of packages selectable with checkbox efficiency. Defaults would be pre-selected based on what "personality" you chose for the system.
Basic daemon configuration would be taken care of at this time as well. If you chose to install the telnet daemon, you would be presented with a warning and an option to automatically refuse connections (firewall? TCP wrappers?) from Internet hosts. Repeat this procedure for things like sendmail, httpd, whatever.
Daemon venders tend to like their packages shipped individually with everything "turned on", because in most cases, when the package is being installed, it's being installed by someone who's about to configure and *use* it. This is bad in the cases where someone is installing a new system, because they probably *won't* be jumping straight to the "configure and use" part. They'll install all of the packages and get to them "later." So, if we force them to make configuration decisions at *install* time, and build (or use pre-built) configuration files then, instead of the stock configuration files, the system ends up being much more secure with the user much more aware of what's been installed and how it's been set up.
Along a similar line of thought, and perhaps this already exists, an extension of this installation program could be a graphical "autorpm" of sorts. A program that retrieves from the 'Net a list of updated packages (such as RedHat's updates), and either automatically makes the updates or at least notifies the user that updates are available (a la Windows Update). If the package uses a new configuration file format, a packaged utility should be included and run to convert the old configuration to the new, otherwise the user should be presented with a configuration dialog again to be sure the new package is ideally configured for the system. I've been the victim of several instances where an RPM "upgrade" *overwrote* the existing configuration file (though it did save a backup). In cases where the "default" configuration only differs from the user-specified configuration in that the default configuration is much less secure, the change might not be noticed immediately (or ever).
I'd also like to see warnings where an installed/upgraded RPM is being installed on a machine that previously contained a self-installed copy of the same package. An example could be some HTTP daemon. A quick search for various httpd binaries could let the RPM's installation program know about previously installed copies of the package that weren't done via RPM's and warn the user (perhaps with the option of duplicating the old package's configuration files in the new setup).
Anyways, these are just a few of my ideas, and it seems like we're starting to move in these directions, but the setup programs I'm seeing are just baby steps. Instead of just dropping everything and writing a totally user-friendly setup *system*, we're spending time writing stuff "in between," and I just don't think that's a very efficient way to do it.
Ahem... The Server, Workstation, or Custom installations.
It hink Debian will do a better job a bout it. Since they allow you to pick a purpose for the computer, you can then know precisely what not to install.
Imagine that... A user asks not what his/her/its/their computer can do, but ask what he/she/it/they want to do with his/her/its/their computer.
The message on the other side of this sig is false.
Try Turbo Linux They have composed lately Turbo Linux Workstation 3.6 and Turbo Linux Server 4.0 Does that count for something?
I don't think it means what you think it means.. from the hosts.deny man page:
PARANOID
Matches any host whose name does not match its address. When tcpd is built with -DPARANOID (default mode), it drops requests from such clients even before looking at the access control tables.
dan
Every distro already has different install options, like workstation, network basic, X and everything.
But the thing is that tradionally, linux users chose to use it for its "power" features. Why bother installing it if you dont want the good bits.
Also, distributions should package there programs in a secure manner.
The only problem is users dont upgrade to new packages as new releases are made.
Of course, we will only know if that's the one when they release the distro. But the other distros would do well in taking a note from this article as well.
The author have a good point.
All distribution should be secure at install, it should be up to the user to enable some ports, etc. If the user as enough knowledge to enable the ports he wants, he should have enough knowledge to make hes system secure.
There is a liability issue with this, if a system is not secure out of the box, one could sue the distributor if another one break into the system. Unless the license agreement state that the distibutor shall not be responsible for this.
One thing that all the distros should do, is to clean up the apps and command duplicates.
Why when I install linux I have 3 or 4 word processor, 3 or 4 text editor, several web browsers, 2 or 3 administration utilities than have the same functions, etc.
A default linux installation with most distos take at 500megs to 1gig. This is a lot more bloat that Windows9x/NT.
Why also the installation wizard like Lizard can only be invoked at installation and I have to use another utilities when I add new hardware? There should be a way to invoke the installation wizard to update the configuration.
Would reading a few paragraphs kill anyone?
While reading the manuals is something we would *hope* everyone would do, time and experience has shown us that it just Won't Happen. We can't just say, "Well, dammit, you should have read the manual," over and over again. We have to build something that will work securely for those that *don't* read the manuals, because there will always be a significant percentage of users that simply won't.
No amount of screaming, shouting, pasting of banners and throttling will get everyone to "clue up" and read about what they're installing, so we have to adapt the distributions so that they will still function for these types of people.
Remember LinuxPPC? They gave out the root password and no-one could break in. If nothing is listening on any port it doesn't matter what root's password is. (even exim and so on can do this..deny connections to the SMTP port from anything but localhost. ipchains is your friend) /' is another story, but we're assuming that people who can't understand the concept of root won't be mucking around in a shell.. :-P
Of course, what happens what the user types 'rm -rf
Daniel
Hurry up and jump on the individualist bandwagon!
When it comes to security... less (packages) is more. But, it is a little hard for a former windows user to change to the unix methodology of adding packages.
I say "upgrade" in the MS-context; it is really easy with MS to just re-install things... that's what their support is built on. BUT, it doesn't scare someone off from the idea that they can always install something at a later date... just as easily as they can now.
I know, i know... there are packages to do it. RPM's aren't hard to use, and I know that there are some RPM GUI's out there, but the what would be nice for the newbies is to just stick that same distribution CD in, and get the whole list of packages, in the same format they saw in thier original install.
One of things that is required for taking over the desktop...
Really, there is a ways to perform routine administrative tasks (such as adding new users)
/etc/sudoers which would allow
without being root. For instance on Solaris
there are bunch of GUI tools, which require
user only to be memeber of certain group to operate them (and they provide some idiot-proof).
So, you can disable root password by default,
and write defauit
user, who perform installation to do almost everything as root. Including changing password.
So when user come learns concept of root user,
he just can say sudo passwd root and gain access.
Or change root password in some GUIsh usertool or
linuxconf.
Note that you should never do normal work in kind
of single-user. For instance I have a sister
(who was total disaster in the time I run DOS on
home machine and father. Both of them use my
machine (from separate X terminals, but this doesn't matter). While they are working under
their own names I can be sure that they wouldn't
accidentely erase my files. But there was a case
when I've accidentely erased 200Kb of fathers files (debugging Makefile for typesetting a book), so since that I have to teach them to use
CVS if they want me to help with their projects.
While reading the manuals is something we would *hope* everyone would do, time and experience has shown us that it just Won't Happen. We can't just say, "Well, dammit, you should have read the manual," over and over again. We have to build something that will work securely for those that *don't* read the manuals, because there will always be a significant percentage of users that simply won't.
How about this:
We make a default install option which only installs user stuff (nice GUIs, eye-catchers, WWW browser, mail etc.) and no daemons and restrictive input IP firewall (so nobody from outside can connect to any priviledged ports or known unpriviledged ports).
Users will select this, and be happy.
For installing additional server packages, server package would need to contain some additional fields. Like questionary.
So, when user (well, root user, actually) tries to install server package, it would be shown documentation, and then would be presented a few strategical questions. If user can't answer them, they are presented a choice wheather they want to read documentation again or quit.
Of course, there would be expert option to auto-install packages from hand-made tag files on diskettes (like in RH, for example) so serious admins could install distros without any fuss, and that would be too much hand-work for typical user.
...for all of us not quite yet, but wanna-be-gurus.
----------------
"Great spirits have always encountered violent opposition from mediocre minds." - Albert Einstein
Co-founder and designer at Music Nearby: http://musicnearby.com
the security sometimes should be better, thing is the market is too wide and the demand for options too big... meabythere should b more distro's with the same ver. example: RedHat 6.0 desktop & "" i dunno... server... or something like that. is a good pt. tho
----====___SUBLIME___OR___NOTHING___====----
Red Hat can't package ssh, because they ship worldwide and ssh is defined as "strong cryptography" -- it is illegal to export strong crypto from the U.S. (And similar laws in other countries.) There's nothing (apart from local laws!) to stop you obtaining ssh yourself, from its home site or elsewhere, and some people do package it for the various distributions. Debian get round the problem by not including the export-controlled stuff in the standard distribution and telling people to go visit ftp.non-us.debian.org (or whatever it is, I don't remember for sure). Perhaps RedHat could include a user-friendly installer for ssh which would visit somewhere like ftp.export.redhat.com, download a (signed by RedHat) RPM and install it? >But really, does a home user even need telnet? Not most home users... I do, though. (well, I use ssh internally out of paranoia...)
You are basicly trying to protect (clueless?) users from themselves. But being clueless as they are, do you really think that if you hand them 2 choices (full blown Linux / Linux Lite, safer for the newbie) they will actually choose the lite version? No way!
Think about it; why are they installing/Linux in the first place? Most of these people are attracted towards Linux because a lot of people use it and it gets commonly known being 'a more stable OS then Windows'. Put differently; many feel it looks cool to have a copy of Linux on your computer. And what would look cooler; a full blown Linux or a lite version?
IMVHO we are talking about the same people who are using Linux being root only dispite the fact its mentioned all over that you should not. The same people who are running NT Server on their PC because it can even do more things then a plain workstation. People who will not settle for a lite version even if they would benefit from it if they did
Personally I would really like to see how many (beginning or want to be) users installed RedHat 6 as a workstation instead of a server.
I mean; us hackers could still fall back to Debian, slackware or whatever, while end users could setup a stripped down version of Linux which would run word processor and other stuff while logging them automatically in single-user mode. I mean, for most people that's all they need.
Linux still sees itself as a network OS, and until some extra effort is spent in making it darn easy to install and run on a single machine not connected to any LAN, it won't catch on completely. I mean, not everyone has a friendly Linux guru to set them up and give them the tour ('Well, you have to use 'ls'. Well, it's possible to use 'dir', but you need to alias it. Let me show you...' etc.)
"There is no surer way to ruin a good discussion than to contaminate it with the facts."
It would be much simpler to give a special name to the lite version, and give a simple name like server to the server version. Any special name for the server version would be picked up by consumers as being "cool" and they would buy it on that name alone. We are trying for the opposite effect, naming the lower version to make it sound better.
OK, so if the user doesn't even know there's a root account (even though there will have to be), that means that they don't know what the root password is. Which means they didn't set it. Which means all the root passwords will be the same. Which means it's even a bigger security hole than it would be otherwise. Or am I just way off here?
> The 'secure' option should complement the > install. i.e. Secure Workstation, Secure Server
You will also need 'Secure Internet workstation'
I'll see your Constitution and raise you a Queen.
Finally somebody recognized that in most computers being used at home, security is only unnecesary junk that nobody really uses. ...!
Way to go
Sounds like a great idea
I have been thinking along these lines for some time. If World Domination (tm) is truly a goal, we have to recognize that a lot of users will never, ever, have the inclination of imaginative horsepower to understand administration activities. Not everybody likes recompiling their kernels or editing /etc/inetd.conf or...
What to do? Give them a secure, stable, preconfigured setup they can browse the net and send mail from. Something you can set up for your grandmother, and it will just plain work. I am wondering who will get there first.
Then again, a good separate commercial distro might be very good. There's probably enough security issues to merit a company just focusing on that, not to mention if they do it right they'll be proactive about finding security problems in Linux and feeding them back to the community.
Personally I think it'd be nice if Linux took OpenBSD's path of concentrating on security, for example by auditing all code for security problems. But that doesn't look like it'll happen any time soon.
----------
In a real emergency, we would have all fled in terror, and you would not have been notified.
As the article suggested, we should make a dumbed down installation.
But from my experience (with redhat) it is very confusing.
In redhat, if you choose workstation you agree to wipe out all of your HD.
Obviously bad for multibooters which are most of the newbies today.
Being that, these users are forced to choose their packages alone.
The defaults in there are quite bad for newbies, and i expect the expert to twaek it's packages
instead of a newbie that doesn't understand what he does.
Then one has to choose his services, which is a disaster when people just choose all "because it can't hurt",
or don't delete the unused defaults. (which are again quite bad, imho)
The average newbie likes to go on his installation just by clicking ok on everything,
so i think what must be done is to make it so.
Caldera has an installation that makes it easy for users to click "ok" all the way through.
Another thing is,
newbies of one area are not newbies in another.
Some newbies need to set their partitions, but have no idea what i daemon is.
Some others don't know what partitions are but know what packages they want.
There must be a way for newbies to "skip" only some choices, not all.
Lastly,
i think it is a bad bad bad idea not to explain root to users,
or make their computer some non-multiuser version.
this makes security worse. think win98.
Users should understand multiuser enviroments,
this is how linux works, and this is how it should work.
---
The day Microsoft makes something that doesn't suck,
---
I'm going to live forever, or die in the attempt.
I dunno. I rather like dselect because it's good for what I do. (Then again, I know linux pretty well, and have been using it for going on five-six years).
That said, using the debian core functionality would be an excellent way to implement this. Start off with basic install, use apt to get what you need to start off and no more, and most importantly have apt periodically update packages from dists/stable. Security flaws will "fix themselves" (or at least be fixed seamlessly and without needing too much user intervention) as Debian maintainers get around to patching and updating the relevant packages.
Maybe the underlying distribution doesn't have to be debian, but Debian is well suited to this kind of automation.
--
--
There is no premature anti-fascism. -Ernest Hemingway
(1) Yeah, that would seem to be the best way to do things.
(2) This doesn't seem like such a great idea. If all the services are set up correctly, there's no need to firewall the PPP device. If there's no telnetd running, a script kiddie can't telnet into your box. Rejecting incoming TCP connections would have nasty side-effects such as messing up IRC DCC transfers and ICQ messaging.
(3) Definitely. New users should not be encouraged to set up an ftp/http/irc/telnet server during their initial install. They should get the OS running first, then worry about setting up services.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
What this article proposes is nothing less than the dumbing down of Linux. And his motivation?
"We have to do it so all the drooling idiots will never have to think for themselves or learn about their computers!"
The drooling idiots can keep their Windoze and MacOS, for all I care. I'm a Linux elitist and proud of it. I'm sick of the M$ myth that computers are easy to use. Computers are not always easy to use, and damnit people deserve to be honestly told that when they get into Linux. They need to be sat down and told: "Look, you're graduating off your training wheels now. There are fewer safeguards in your new OS. UNIX (and Linux, of course) have a philosophy called "leave enough rope", which means they give you the power to hang yourself by the neck if you ask for it. Don't think this is going to be easy. You have been granted great power and flexibility, but with it comes complexity."
This will undoubtedly scare away some novices or lazy people, or people who just aren't interested in their computers except as a means to an end. This is all well and good and as it should be. M$ OSen are out there for people WHO DON'T WANT TO THINK. And personally, I'm not so worshipful of the Cult of Linux that I feel the need to turn everyone into a Linux junkie. Let there be diversity and many OSes. Let those who would willingly walk into the Gates of hell take their damnation in the form of bluescreens and Back Orifice. You asked for it, you got it! No pity for the masses.
Now, none of this is to say that shipping distros with better "out of the box" security is a bad thing. Precisely the opposite, in fact. Let's get real here, folks. Out of the new users coming into Linux now, the "second wave", (i.e., the typical users), how many of them will actually need a real mailer daemon running on their box?
So does it make sense to ship with sendmail or POP/IMAP (both notorious security holes) enabled and running by default? I don't think so. Similiarly with webservers. If a user wants these daemons, they should set them up themselves.
Yes, I can hear you saying "but those things are hard to set up!" Well, I have two replies for that. The first is: Yeah, damn right those things are hard to set up. There's a reason for that. It's so fools with incomplete understanding who don't want to take the time to enlighten themselves, don't mess with them. The other reply is: Yeah, damn right those things are hard to set up - and shouldn't we the open source community be doing something to fix that?
I agree with main point of this article, which is that distros need to ship with tighter security. But I think the author is advocating better security for all the wrong reasons.
-Ben
Here's a good start on how to secure a Linux Box:
i tyOS.wri
http://www.ecst.csuchico.edu/~dranch/LINUX/Trin
I'll say people don't have time to secure their OS. At 8pt Font, and 0.5" margins, the above is 164 pages ! How many Linux newbies are going to spend the time to read and secure their box?!
The 'secure' option should complement the install. i.e. Secure Workstation, Secure Server
While I agree on the sickness of the dumbing down movement, and that it should be an installer option, not a seperate distro, it must be realized that the 'average' users as you called them, WANT dumbed down.
Can you go to a school and go up to any windows/mac user, and expect them to even know what a daemon is, never mind what a port is, or even what an ip is? No, sadly, you can't.
The 'average' user will have no idea what these little programs are that are running that magically give others the power to '0wn' their box.
The fact is, people will install linux, get screwed over by script kiddies, and blame linux.
About a year ago I decided I was sick of being a windows luser. I am a programmer, and had had previous generic *nix experience so I was far from being inept. I, like many others, decided to take the easy approach and go with Red Hat (I was aware of the other distributions, but had it on good word from a Linux guru that I should start out with Red Hat).
;). Anyway, I kept Linux around for a while, until the real world problem of disk space came around.
Most of the installation was pretty straightfoward...I knew my hardware specs and wasn't really phased by all the partitioning. However, the package installer was a **nightmare**. There was an absolutely humongous list of packages with undecipherable names that all had intricate dependencies on each other. "What is prl3.405.1? And why do I need it for tk103.4? What the hell is asdf4.21...and why does qwerty1.2.3 want it?" Since no clue was really given as to WHAT these things were, I was forced (after several attempts at a minimalistic install) to install a humongous amount of crap @350 MB.
Now I used to be a DOS dork with a stupid 386. I knew every in and out of my system, and spent a lot of time tweaking. I liked to be able to understand and control everything. But the sheer amount of stuff I was required to install under Linux made this a bit daunting, and less than enjoyable. Sometimes there is such a thing as TOO much choice
I would really, *really* like to switch to SOMETHING other than Windows. BeOS looks pretty nice too...I sort of like the idea of a clean start. If I do permanently switch to Linux it will probably be Debian, because I've heard their package handling is rather stringent. I'd also like GNOME and KDE to mature a bit, and see XFree86 get some of the performance enhancements in.
It's 10 PM. Do you know if you're un-American?
We (LinuxPPC Inc.) used to have a "lite" version of LinuxPPC R4, our old glibc-1.99 distro. Lite was a minor debacle..
;)
First, it was hard to install. I actually can't remember why at this point, but it rarely seemed to work.
It was hard to figure out what needed to be in, and what people would want, and still give it a small footprint. The final cut was a 104 MB distro that could be installed into as little as 30 or 50 MB. But really, you can do that with R4 anyway. I installed from an R4 CD onto a Zip disk. I had Apache running, but no X. It was slow, but it worked!
Then there was LinuxPPC Live, which was an all-in-one distro similar to the recently announced "DemoLinux". Live consisted of a big fat ramdisk.image.gz file and a bigger, fatter live.filesystem file.
Now, the problem with Live was that to make it small enough to fit on demo CD-ROMs and Zip disks, we had to (again) do a lot of cutting, which made it semi-useless. You could set up a PPP dialup with netcfg (kppp was a buggy pile of junk at the time, and of no use). But, if you booted it off a CD, it took forever to boot, and it couldn't save any settings.
Linux on PowerPC still has to contend with users who have HFS Extended formatted drives. HFS Extended, or HFS+, is a more efficient disk format than Apple's original HFS, the Heirarchical File System. (Anyone else remember MFS?) Most Macs now ship with HFS+ formatted HDs, and Linux can't boot from a live filesystem on an HFS+ disk.
Live worked better than Lite, but only slightly. I never had problems with it (that is, it booted, it ran), but it just wasn't usable for much.
The good news is that doing Live provided a lot of solid R&D ground for us to do our current release's installer on. LinuxPPC 1999 (and the new Q3) can boot right from the CD-ROM, into Linux, into X, and into the installer. And it's all under the GPL. C'mon, Caldera! You made such a big deal about releasing Lizard under a semi-open license.. let's see you go all the way.
Live as a standalone distribution isn't a totally dead concept, though. It's got a lot of merit, and it's served nicely as a proof of concept for the live filesystem. It's not perfect, definately not ideal for power users, but it's a good way to get people into Linux with a minimum of fuss.
-- haaz.
Is it so hard to add a little bit of documentation to explain what these daemons do/used for, and why an average user does/doesn't need them? Either right on the computer screen or in the text manual. I haven't installed any newish versions in a while so I've no idea if they do any of this yet or not. I think this would be way more valuable than a separate installation that just hides these dameons from the user.
My parents eyes glaze over when I talk about computers to them, but I know both of them are smart enough to read a few paragraphs that an installation program SHOULD have in order to understand, for the most part, what they're doing.
Also, they know that they'd be better off in the long run to do a little reading so they have an idea 'what's going on' with the computer later on.
The more information that the newbie can learn/understand, the better off we all are.
I agree that the user NOT knowing about root is patently BAD. At least tell the user that they must now enter a root password, AND WRITE IT DOWN, and DON'T FORGET.
Couldn't this be fixed with RunLevels? Couldn't you just set up the box to boot into X under a certain user?
It's 10 PM. Do you know if you're un-American?
This isn't a perfect solution, of course, but it does mean that most of the exploits in common use won't work against most machines in Cambridge. There is also a site-wide firewall that is used to block some services that are regularly abused.
A good place to start would be in the following two files:
/etc/inetd.conf - Turn off the services you don't use.
/etc/hosts.deny - Limit the IP address that connect to your machine.
:)
That'll keep most of the losers out. Remember that programs like sendmail and sshd, which are generally run as a daemon, and not from inetd.conf do not have the protection offered by hosts.deny. Well, there are man pages for both, so read up.
Mike
Okay, that's a great solution, but what if your campus is run by morons? I mean, hypothetically. :)
Suppose you're at some campus... M$U, for example. Their NT boxen-farm gets hacked as a waypoint for some script-kiddie, so that they'll be that much harder to trace. Of course he wipes the logs. The problem? He jumps through a Linux box on campus to get to the NT boxen. A Linux box owned by a well-respected (and technically proficient) RA, who missed one security upgrade, because he was out of town for a week. The script-kiddie subscribes to bugtraq, too. The script-kiddie punches in, and eventualy brings the wrath of a foreign nation's intel service down on the college. Apparently the script-kiddie knows his shit, and isn't so "1am3" after all.
What's lame is that the RA gets kicked off campus, ethernet revoked, and a big black mark on his record (remember he was out of town for the week... in the middle of the woods with no internet connection, too).
The Luddites on campus get their own security shamans to close all ports numbered higher than 100 or so. Close. Shut Down. SSH, Telnet, and web access, and that's it. No online gaming anymore, no ICQ anymore, no IRC anymore. Firewalls were discussed, and dismissed as "too difficult to implement."
How did the Linux box get broken into? A backdoor having nothing to do with the higher ports. How did the NT box get broken into? Script-kiddie tools very commonly available... I had heard it was BackOrifice.
(I'm sorry, it would have been BackOrifice... if this weren't a totally hypothetical case).
The short of it is:
What do you do when your network is run by folks who cut off their arm when they get a papercut on their shin?
Since protesting doesn't work, how can I get full access back without hacking?
Why does such a "big name" school not have "halfway intelligent" sysadmins who can make "well thought out" decisions?
The answer? I'm up a creek until someone comes up with a better way to secure a network, and makes it easy to maintain. Even though most sysadmins are brilliant techies, there are many who are morons. Good security needs to let 99% of the well-meaining morons defend against 99% of the evil geniuses.
Sigh... sorry about the rant.
-jurph
We have an interesting arrangement in the University as far as computing is concerned. The Computing Service provides central services (the city-wide network, a central mail store and switches, a central Unix service, printroom facilities, archive services, etc.), but the various Colleges and Departments (and the University administration) are all responsible for their own systems. It has the potential to get very confusing, but in practice seems to work very well.
Yes, you told a sad story, but an unencombered ethernet (i.e. no firewalls) really is a great learning exprence for lots of people. when I was a freshman we had this one guy on our hall who would hack us all the time. It was pretty funny. One day my roomate distracted him while I took a boot disk into his room and changed true to queue an at job to call him a dried up stinky dick licker. Ahh.. those were the days. Anyway, I'd recommend for schools to take a mostly hands off aproach to student personal computer usage. Maybe run the script kiddy tools against them and email the system's owner.. and maybe make recomendations for people to run a Linux Lite if such a thing exists in the near future.
Jeff
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
That is SUCH a good idea! Choose your packages and then be shown a virtual du of your potential directory tree. Then you could make intelligent decisions about how to partition.
Are you distro makers listening?
"I have a good idea why it's hard to verify programs. They're usually wrong." --Manuel Blum, FOCS 94
What Linux advocates should do is tell everyone the advantages of having multiple logins. (For one, suppose you have houseguests using your computer. Give them their own account and they can't see your income tax spreadsheets, browser bookmarks, and other personal stuff. For two, you can customize the environment to suit the user. When my wife logs in she gets KDE. When I log in I get WindowMaker and the ability to switch to all the other installed window managers on the fly).
PPP should be easier to set up. I wish I had a nickel for every newsgroup posting asking how to run PPP as someone besides "root". (Some of these postings are mine). (Another nickel for everyone who has just set up RedHat and knows what password he told it to use but has no idea of what user id to use with it (root) would be nice too.)
I would like an install for low disk space situations too. The CIO of my company was thinking about installing Linux on thousands of 486 PCs we have in our Stores, to use for web browsing only. Based on my experience with Linux on 486s I know this would have worked beautifully, but they only had about 200 meg hard drives. The smallest installation I could think of would have taken about 300 meg.
Very cool, this is exactly what I was looking for! Thanks a million...
Jon
This is what the bastille Linux distribution has in mind -- an Linux distro which a sysadmin can give out to his users to install, without worrying about a bunch of security updates, locking down daemons, and all the riff we all love to hate.
http://www.bastille-linux.org/
I was just talking to someone about making a spinoff distro of Debian called "Snack Cakes", as in "Little Debian Snack Cakes". Or just "Little Debian". Of course, then we have the whole "Big Debian v. Little Debian"
_________
Sometimes, when I'm feelin' bored, I like to take a necrotic equine and assault it physically.
IIRC inetd is turned on by default on Redhat. The newbie thinks "Great, Internet, I need that". /etc/hosts.allow and /etc/hosts.deny are empty and /etc/inetd.conf has turned on ftp and pop by default.
Trouble is that
I mean, what's the use of all those security updates and fixes if the worst holes are provided as an installation default? And with services like dynIP the problem even gets much worse. In its current form Linux is pure dynamite in the hands of people that have no idea of how to smell the fuse.
The author's proposal of having server and workstation editions will at least work for the sensible portion of new users. The rest will have to learn by error, I am afraid.
--
"Just believe everything I tell you, and it will all be very, very simple."
So you arrive at college to move your junk into your dorm room. You notice a little jack in your wall that is too big to stick your telephone plug into and see the word DATA above it. After asking someone, you find out that it's an Internet connection. Not only that, it's *Really* fast and always connected. A sence of freedom and superiority overcomes you as you think of all of your friends with little modems. You can't wait, and run to the bookstore to get the "Network startup kit."
Opening your machine for the first time made you nervous, but after all, you have "ethernet" now, so you can't possibly go wrong. Magicly enough, Windows properly finds your new 3C509 and sets it up. You begin playing around with the network settings based on the little numbers you find on your dorm network setup paper. After a reboot, you fly into Netscape and get lost in the web, watching things come at you with blinding speed. But you want more.
You meet this scruffy, withdrawn student down the hall. You know he's the resident computer guru, so you ask him what else you can do to have fun on the internet. He gives you a long hard look, not sure just how bright you are. Unknown to you, he has been evaluating your intellegence since day one, along with the rest of the incoming freshman. He sighs when he realizes you are the least annoying person in your pack. "Linux," he says. You turn to him with a quizical look on your face. He points you to linux.org and tells you to look around. You jump to it.
Around 2 AM, your Debian install is complete. You had another hard drive lying around from when you had your machine upgraded, and an engineering major installed it and made it go. You choose debian because of the FTP install. You wanted everything to work without waiting, too impatient. Once it's set up, you leave your machine on as you go to bed. You logged out, and felt important doing so.
The morning brings around the first day of classes. You give your friends your 'New' email address and brag about being able to get your own email without having to use the Campus system. You don't know or care how sendmail works. You know, however that it works, and that pine is rather nifty.
As you walk in at night, exhausted from a full day of work and play, you hear your hard drive going a mile a second. You walk over to log in, and find your password changed. You're completely lost and have no idea what to do. You yank the magic cable out of the wall and turn off the machine. You remember that you can still boot to Windows, so you do. Ahh, safe, you sigh.
A week later, the scruffy geek comes back to your room with your hard drive. He had taken it, at your request, to find out what had happened. He snorted, and asked you what business did you have running NCSA HTTPD. You shrugged. He looks over at the wall. He looks confused and exasperated. Unbenounsed to you, he's having a chicken and egg argument with himself. "He needs to learn before he can use this stuff. However, he can't learn without using Linux."
He turns back to you. "Ok, I'll secure this system for you. However, this is a one time deal. I'll answer your questins, in brief, but I will not do anymore for you. Do you understand?" You nod. He returns your harddrive the next day. You're happy as a clam that everything, as far as you can tell, is just as you left it. What did he do? You let it escape your mind as you look at this neat thing called IRC.
Two weeks later, your hard drive is wiped. Unknown to you, another daemon, this time sendmail, had a Cert advisory posted, and you pissed someone off on IRC. The wrong person.
I hope you enjoied that little tidbit. This happens way too often. However, in reality, people's college boxes just become hideouts for script kiddies. I believe a condenced Linux Workstation would be extreamly useful. I wish I had one when I started. I, instead, was baptized by fire.
Mike
SSC's just returning internal server errors.... Ho-hum!
There are two assumptions being made here that I am not sure are universally held.
First, that "we" collectively want people who refuse to read documentation running Linux.
Second, that "we" are striving for universal use of Linux.
These are contrary to the things that drew me to Linux in the first place. I started using Linux (and reading /. and hanging out at #linux) because every illiterate monkey who considers himself a "computer expert" doesn't. The OS sucks less, and so does the community. Now there is this big push to get "every computer" running Linux. World dominance is a Microsoft value, not an open source value.
I am not against making Linux (and associated software) easier to use, I am absolutely for it, but I am for making these things easier as one element of making them better. I am against making it easier to use at the expense of quality. I think that we need to be ever vigilant in this regard.
"Is ease of use more important than quality?""No. Quicker, easier, more seductive"
"But how will I know good ease of use improvements from the bad?"
You will know when your goal is making software better, not driving it on to every processor in the world.
My $.02
-Peter
This is what it is going to take to get Linux into the mainsteam.
As much as we would all like everyone to RTFM, it will never happen. The "average" home computer user never will read the manual. He/She just wants to get on thier computer and have it work. They care about the *apps*, i.e. the browser, word processor, spreedsheet, etc. not the underlying OS.
I know there have been times that I have installed RedHat or Slackware and really wanted the *easy* install option. Just press a button and go. It takes a while to configure and secure a box.
When I first started messing around with Linux I didn't have to worry about security because I wasn't wired 24/7, and had to share a line with roommates. I had time to learn the systems ins and outs *then* not until the past few years have I had to start securing my box.
You have to put yourself in their shoes. They want to use this wonderfull OS but first they gotta catch up on months/years of knowledge otherwise a bunch of script kiddies are going to take over my machine!! Not going to attract many people that way.
Give them Linux Lite, let them learn by exploring, then they can start expanding their system and grow with it.
ok enough ranbling... please excuse the spelling errors, it a Monday!!
One of the distinctions that might be helpful in thinking about what "most" users might wish for in switching from Windows to Linux, is to consider what would be necessary for an intelligent information user that doesn't program computers. In my experience as a Molecular Biologist, kits that were well designed and reliable enough to work in a couple of tries (and a few perusals of the manual) were "easy enough for MDs to use". That means that a competent technical professional from outside of the specialty could perform the tasks
required to be successful. The majority of intelligent professional people aren't programmers, and don't have the time to relearn fundamental concepts involved in carrying out a task that Microsoft and Apple abstract out to a drag and drop. I find it incredible that a person who spends all of their time learning to be competitive in their own discipline would be required to reinvent the wheel to
escape Microsoft. Provide a safe, productive environment to (for example) the teachers out there who need to extend their budget by using old PCs to teach kids how to live in an information world, and you'll find a less Redmond oriented world. Put another way, are you qualified to practice medicine?
"Why don't distros install ssh by default ?"
Largely because "certain" countries don't want it that way, hence make it illegal to "export" reasonable crypto-enabled apps.Most distros attempt to appease these "certain" countries so they can be distributed from there, so they suck up by removing anything with reasonable crpyto. You want secure computing to be the norm? ... Write your legislator regularly to get ridiculous legislation changed.
Where are my moderator points when I need them? :) This post truly needs to be a 5 minimum.
However, this isn't solely a "me too" post, since I disagree with one point the AC made. An MTA is needed for most installations. Not only is it needed for outbound mail, but fetchmail sends to "localhost" by default.
Hint: there is a reason RTFM became a cliche in the *nix world. People unwilling to learn shoudn't be on a powerful OS, they should remain in their various sandboxen.
I don't really agree.
I know more than one person who felt that they
wanted to install _everything_ on their workstation machine, so they wouldn't have a problem loading it on later if they wanted it later.
One person actually started digging around researching how to get into the DNS with his spiffy new named. Not because he needed it, but because the "everything" install included it, and he assumed, in his newbieness, that he needed to use it.
I'm somewhat tempted to do the same thing, but I don't. For example, if I installed a server machine without a news server, and later decided I wanted to make it a news server, you no longer have that slick GUI to load it in for you, you have to rpm and stuff. It's natural, under those circumstances, to be tempted to load in the news server just in case you might want it later.
Personally, I've been thinking about this and a few other things as well. The idea of a simple, secure, 'lite' distro is an alluring one, but as we've seen, there's no need for it to be an entire distro. What we need is for the installation options to be improved even further. One of the beauties about a linux distro is that every copy can be either a workstation or a server. What needs to happen is to continue to improve the installation programs. Linux installation programs could explain everything in a depth greater than we've seen in any previous setup util for any os, simply because of the massive amount of information available. An installation that could tailor exactly what is needed, based on computing need and experience, with a level of realtime help previously unheard of, is exactly what the os needs. With a tool like that, at the time of install, users would have a complete, powerful system, at startup. And there's no reason to have it stop there. Looking at SuSE's yast, I think we see the beginning of this process. But imagine a setup tool even more powerful and flexible, which could perform various types of automated updates, and search for information and help. It's a kind of killer meta-app, something that enables a user to take complete advantage of his system. I think the linux community has the basic elements already, and it's the only community that could provide anything like this in the near future.
This is not uniquely a Linux problem. Solaris, Irix, FreeBSD, etc come with a million services enabled by default. OpenBSD has it right--disable *everything*, and then turn things on specifically. The people who don't know what httpd and bind are don't need to run them. It's a simple as that. The people who do know what they are know not only if they need them, but how to turn them on or off.
RedHat has a good start but it could be taken further--the installation does ask for a server or workstation setup. What it should do is make you specify "server" as part of the Expert setup--a parameter you pass to it when you begin the installation.
The author raises a very important point--as "the masses" are becoming more and more interested in Linux, and it is becoming increasingly less rare for people to be using it, it behooves the distributors to create distributions that are secure by default. In fact, I can think of no reason not to create secure distributions under any circumstances. Especially with the newer, graphical control panel-type administration tools, where turning services on and off (like sendmail and http) is becoming point-and-drool easy.
Is there any reason to have login, exec, rsh, wall, httpd, finger, and bind on the average workstation, even one connected to a network? Not really. Probably not at all; in these days of NIS and NFS, many services need only run on one centralized server.
darren
(darren)
Yeah it's the right idea, but RH doesn't implement it as well as they could, because the user's account has *no* rights to anything except /home/username. They can't mount their Windows partition or use files on it, they can't configure or install software packages, they can't even dial the modem or mount a cd-rom without logging in as root. That's why many users run as root all the time -- it's easier than figuring out permissions. chmod is not terribly intuitive, and I have yet to find an explanation of the numbers.
A single-user workstation needs to, by default, let that user do most workstation tasks, just about anything except deleting the kernel or unmounting the swap partition.
"Nothing was broken, and it's been fixed." -- Jon Carroll
I completly agree with you. Lets call it Ultra instead of lite.. hehe JK thats a bit far..
Umm how bout Distribution Desktop
or maby Distribution User Edition.
(replace Distribution with your favorite distribution of course.. as in RedHat User Edition.)
The trouble with the LinuxLite suggestion is that it violates the architectural intent of Un*x, which is meant to be a networking, multi-user OS and is designed on those assumptions.
People have already noted all of the problems with lacking a root password, etc. These are reflective of an underlying problem -- we are asking Un*x to do something it was never designed to do. Microsoft tried to take a 16-bit, single-user, single-tasking system and make it into a 32-bit, multi-user, multi-tasking OS -- and wasn't the result just grand?
If you want a solid, nice-looking, single-user OS with GNU tools and good security, try MacOS or BeOS. I run Linux by preference, but I use Be and recommend it to inexperienced users who won't abandon their old x86 hardware :). Each system has its place.
--
Some keywords for the NSA in the Lord of the Rings universe: One Ring bind find Sauron quest Nazgul freedom
Stop the flame war, I have a point.
This LinuxLite is Yet Another Option, and Linux has ALWAYS been about options, so don't yell that a trimmed version is evil, or foolish, or that people should all RTFM.
Mainly, because yelling won't make them.
His point is good and valid, and if following will bring us more linux users, then lets do it. The whole point is MORE. The evolution of the system is driven by numbers, and an uneducated linux user can only become one thing: a more educated linux user. But first, we have to get them on the system, and we have to get their resources to support the system.
And there does need to be a LinuxLite ONLY Cd, because we want them to play with it, but we don't want them to hurt themselves, and we dont want to scare them (so no "Experienced users ONLY" options).
If Linux is a tank, think of Linux Lite as the Poeple's Car (the Volkswagon). It is built around the same ideas, but is simple enough to be understood JUST by taking it apart, and is straightforward enough, that a newbie can put it back together.
-Crutcher
-- Crutcher --
#include <disclaimer.h>
yeah, try ALL: ALL
I use 'autorpm' to keep stuff updated. For background updates, it works fine, e-mailing me progress reports, but the interactive mode it uses to install new packages is just horrible. I haven't looked at the Mandrake-update program, but I suspect it behaves similarly.
Additionally, it just uses RPM's upgrade facility. It would be very nice to have a global configuration mechanism so that one could configure a new package at install/upgrade time (or at least select from multiple pre-written configurations). There are already some efforts on global X-based configuration programs (dotfile I think might be one such effort), but it hasn't quite made its way into a large enough chunk of packages (it might not be flexible/powerful enough for large apps that have complex configuration systems, such as sendmail or Apache).
I am a little annoyed that so many people have the same attitude as you do towards software development, the "it wouldn't kill the user if..." attitude.
Keep in mind that for most people, computers are tools, not toys. And why shouldn't software be dummy-proof just like other tools? Imagine if everytime you bought a new toaster or a new television you had to read a long manual, and then spend an hour or two setting it up, and then weeks or months learning how to use it!!
Think about it. How many people do you know who say things like "I'd use computers more often, but I can't figure out how to boot the internet" or "I'll start using computers when the become easy to use". We need to start making software intuitive for the computer-illiterate!!
pdubroy AT yahoo DOT com
I've actually been interested in Mandrake for a while. I just hope their Linux distribution skills are a lot better than their grammar and spelling skills. :)
I think that the author's concerns could be addressed with probably a bit more work on Red Hat or Debian's part. With tools such as Linuxconfig, the ability to enable and disable demons is a mouse-click away. What naive users need is more information on just what they might need. I could see, for example, a naive user wanting a web server, but not an ftp site or a telnet server. A wizard-like interface that 1) explains what the capabilities of the software is 2) when you'd want to use it, and 3) what vulnerabilities it has would address the naive Linux user.
The thing that I'd really like to see is some sort of automated security updates. What this would entail is a demon that hits the distribution's web site (using secure channels and authentication) to see if there are any "emergency" updates to packages. If there are, the system can go ahead and automatically upgrade, or prompt the user to upgrade, or whatnot. The user would, obviously, choose at setup time whether the demon runs, and whether they will accept the automatic upgrades.
I know Mandrake has an update system that is invoked manually (I haven't tried it yet). A bit of an extension to the system could let you do these emergency security updates. Of course, sometimes upgrading a package is not fool-proof...
With DSL and cable modems, I think more people are going to end up running not just workstations, but also servers. I don't consider myself a sysadmin by any stretch, but when I get my cable modem, I do plan on having a PC on the net 24x7 to act as a personal web server, maybe an FTP server, perhaps a MUD, etc. While I know enough not to run demons I won't be using, I also don't want to live in fear that a security hole will be found and a script kiddie with exploit it on my system when I've got my back turned (say, when I'm on vacation). An automatic update system would be helpful.
Also, a security evaluation system would be handy, to determine if you have screwed up. The distros could encourage people to run these sorts of things on their PC's after they have set them up, to catch any of the obvious mistakes.
see my post above. basically read the linux security handbook. install all the updates (do this when after you custom install your redhat system)..you can get em from updates.redhat.com. install ssh (redhat crypto carries it). edit the /etc/inetd.conf file and turn off or comment everything. remove all the servers (httpd, samba etc) which are not controlled by inetd. delete telnet from your system (use only ssh). write out your firewall rules and use ipchains to implement em. turn on MD5 and shadow password if you have not done so at install time. install tripwire or my own sentinel utility or fcheck or something similar. check your logs regularly.
The idea for Linux Lite is a good start, But it dosen't go far enough. I have installed Redhat, Mandrake, and Caldera. They all have too many choices for a newbe. Look at it this way, Do you want to install #*&^9SE? How can you decide if you don't have the slighest idea what it is? I would like to see a distro aimed at users of the Redmond OS. Call it the Windows Upgrade Linux distro. WUL for short. WUL could go into the Winreg and pull out all the data for installed hardware,(No Probing needed). Look in Netscape and/or IE for Bookmarks/favorites and transfer them to the Netscape in Linux. Transfer saved Mail from Outlook/Eudora/Messanger to a default mail reader. Transfer internet settings to the Linux install.Move wallpaper to linux and even have the selected wallpaper come up. Maybe even a theme converter to change those Plus! themes to whatever window manager was the default install.In short make WUL like upgrading(?) from Win95 to Win98. Insert CD click mouse. Reboot, and you have a new OS with all your old settings.This would give Linux Newbes a secure working Linux box, Then they would have the most important tool of all to learn Linux. They could graduate to a better distro after they learn from WUL.
Quemadmodum gladius neminem occidit, occidentis telum est
bruce i usually agree with most of your posts but on this one i must disagree. As an admin i have found redhat is full of holes when users install it (ive not worked on debian). By having a default newbie friendly install redhat would do well to improve user security. Why dont distros install ssh by default ? stop httpd/ftpd running by default ? add a simple integrity checking system at install time ? its silly to assume the user will know what the checkbox is for or even what "servers" do at install time. a simplified installation with all paranoid on and hosts.deny with an all:all on will really help.
Ok, so I just ordered RH6 and plan to use it to run a low-cost firewall w/IP maquerading for our partial-T1 connection. Where should I go on the Web to make sure that I have all the security holes filled? Where should I hang out to monitor what new ones are found? Thanks!
I submitted a suggestion like this as a RedHat bug (ID 134) awhile ago. The response was not exactly overwhelming.
The RedHat workstation/server difference is helpful, but not enough. We need an option to install the RPMs but not start the services. And I think *all* listening ports (except maybe telnet) should be off by default.
Install all the core OS to the / partition
/home/*you*/ directory
/home/ directory, the need for root access would be minimalized.
Install all user apps in the
Develop an Install Wizard like in Win95 with a graphical shell.
Maintain the current use of the root user. With all the apps in the
I agree. I am a newbie and I chose Debian (no shortcuts - I wanted to know Linux). But to correct you, I've had to read 500 plus pages over the last month and each of the problems I've had has taken days to fix (X server, file permissions, navigating your directories, printing). It even took me two hours to find how to "su to root" when I started so I could run dselect (all documentation says, "become root", assuming everybody knows this command). And I've been using PCs since the early eighties. I agree with you and I've spent as much time on other hobbies, but most people won't do this to use Linux.
From what I understand about plan9, it was able
to function quite nicely w/out any concept of a
root user. I'm confident that a kernel developer
with too much free time could be convinced into
sending a patch. Of course then I might be
talking out my ass and none of this is really
possible.
Might be this:
Give 'em a "user install". Let it include the Xconfigurator, or whatever, so they can play around in a controlled way to set up their screen...y'know, like everyone does with Lose9[58]. Don't offer them things they don't know what to do with - set reasonable defaults, which should include a reasonably (not C2, orange book compatable, jeez) secure environment. Y'know, like a user environment at work.
The install, of course, is in single user mode, and so as root. After installation, if you don't start X, and you need to change something, have them su -, or give inexperienced users another command that, first time in, would prompt them for a new root passwd.
Under X, give 'em the equivalent of "control panel", and again, they are prompted, the first time, to create a new passwd.
If they forget the root passwd, wither one might check to see if there is only one user, a common home environment situation, or if the user is physically typing from the console keyboard, and prompt them on how to reboot and reset it.
mark
whitroth@wwa.com
Last night I felt like playing a game. I went to www.linuxgames.com and poked around, Orbit looked cool. Downloaded it in rpm format, noted it required mesa, which is already installed because of Wine. RPM installed. I then tried to run the executable, and it crashed because GLUT wasn't installed. 30 minutes of research later, I find that GLUT is an OpenGL development library from SGI. I download the source and try to compile, but it requires an X script (xmkmkf or something) which isn't included in XFree86. Well, that was exciting. Back to linuxgames, download another game in RPM format, find that to install it correctly one needs to compile and run a pair of tools that are only included in the source tar.gz download.
Never mind...
"Nothing was broken, and it's been fixed." -- Jon Carroll
I have heard of school administrators considering *banning* Linux machines (as if they could), after serious network security incidents involving Linux "install everything" installations that weren't tweaked at all for security.
Such incidents make great fodder for security-related FUD, which the campus Microsoft supporters eagerly dish out to discredit Linux and encourage the ban of it on campus.
When you secure a new user's box, most of the time they don't pay attention. And, in their defense, the things that fly by them are totaly over their heads anyway.
:) for about a year (on one of the school's systems). When I first installed Linux, I knew nothing about how to secure a box, but at least I was comfortable using it.
:)
I started kind of like you, except I had been using unix (slowaris
Fortunatly, I was able to learn, over time, how to secure a box without being trashed by kiddies in the process. Heh. Now I'm the guy in the dorm that people get install's from. A few of them actually learn, but most of them never quite get it. Oh well, at least I try.
This sig is false.
How about Server and GUI for the identifiers? It's kind of silly to have X running on a serious server, and it's quite unnecessary as you can admin it remotely and it needn't even have a _monitor_. Conversely, what could be more attractive and appropriate to the lusermentality than choosing between 'unpretty' and 'GUI'? No way would most of them pick 'light' or 'restricted' but give them a choice between 'server' and 'GUI' and they will _leap_ on 'GUI' uttering cries of delight. It's all in how you phrase it. Problem solved.
Ok. So your hammer (you're not a proffesional carpenter are you?) will protect you from hitting your thumb? And keep you from bending nails as you hammer them in? Or mabe it refuses to hammer in nails at all, for fear you'll hammer them all the way through into the floor.
Making things simple to use is great. And having a good, clean, secure base setup is extremely important.
But the computer *is* a tool. And you have to know how to use any tool or you can't use it effectively. That's the flip side of this dumbing down business -- it discourages users from ever learning to use their computer effectively. This idea that you can have a powerful tool without risk is ridiculous. That users expect this is a mistake on their part. That system designers who should know better cater to this mistake is idiotic and shortsighted. You expect this sort of thing with comercial OS's, but OSS is supposed to be able to take the longer view.
Video = N64 (most people can get it to work, but they don't know how or why it does what it does)
Private Aircraft = Linux PC (anyone can be taught to fly one, but they may need constant supervision, and they're pretty likely to crash it)
Society doesn't always handle tech well (the idea that everyone should be encouraged to operate 100kph 1000kg machinery in populated areas is just craziness, and it's a tribute to human ingenuity that we've made it as safe as it is to drive a Car)
Today's attitude to computers (Uh, I deleted it, how do I get it back?) is just a less extreme example of this in action, and I think it's pretty sad to Dumb Down Computers just to let people be more lazy...
That said, I support the idea that Out-of-box Linux should not be set up as a fully-daemonized Unix if it's intended for desktop users, if you really NEED an SMTP server you can read the paragraph which tells you how to activate the damn thing.
Nick.
OK I'm going to go under the assumption that by "people like you" you are of course not literally referring to me. If I'm wrong in making that assumption, please let me know so that I can respond in a more direct fashion.
---
If they can't be bothered to learn about the software they want to use, we don't need them.
This is *not* the attitude to take. If we continue to cater only to the technically savvy, Linux will remain a niche operating system used only by the technically savvy. Its growth will slow, and fewer people will be interested in learning to use it.
The current trend for computers and operating systems is for intelligent, autonomous simplicity. Some people call it "dumbing the PC down", others call it "creating an intuitive user interface." The types of people that need these interfaces are going to be the types of people that have the hardest time manually editing configuration files and "learning" an operating system's internals. These are the consumers. These are the people that make up the vast, vast majority of the operating system market, and if these people are unable to make use of an operating system that is unable to present configuration options in an intelligent, simple way, that operating system will lose market share and remain in a niche market forever.
Yes, there's probably not a real reason to have a lot of the 'default' daemons running - especially for the average user, and yes, Linux should install fairly securly by default, but one have seperate versions ala workstation and server? I don't think so. The installation program should be able to handle a lot of this - and, I personally, believe the user should have some clue what's going on- that may require some reading and understanding on what the installation program is asking. Would reading a few paragraphs kill anyone? Perhaps it would be nice to coddle new users with a 'dumbed' down version of Linux, but why not try to get the user to learn a little bit - that way there's a more intelligent userbase to work with.
It seems that way too many things are 'dumbed' down or over-simplified for the 'average' user - it makes me sick.
Dispite the general distain towards the folks, this seems like a great place for RedHat to come into play. For most newbies coming into the flux, they know of RedHat, they might even trust RedHat. So why not have a RedHat Lite? Cost less mayhap, perhaps it just comes on another CD in the standard install. Or just have a "presets" menu in the installer that has such things as "Secure", "Web Server", some pregrown installs that'll all work peachy.
Supurb idea, and an absolutly needed before Linux can be for the average folk.
I think a 'lite' version of Linux would be a great thing for a couple reasons:
1.) For running most distributions as workstations, you don't really need sendmail, httpd, POP3, IMAP, etc running.
2.) Sure you can choose not to install these and other services, but like a good TCP wrapper, deny everything first, then install what you need.
Other cool things to include in such a 'lite' disto. would be an automatic ipchains configuration type script and automagic samba configuration. With the advent of the newer installers like Lizard from Caldera and Anaconda from Redhat, these features could be implemented with some work.
It should just be another option however, like Redhats current "Server, Workstation, Custom" configs, so power users dont have to deal with this 'lite' version.
.djc.
Did you read the same article I did? About someone breaking into the author's machine because it _didn't_ have security?
I think the author has some very valid points. A lot of people want to try Linux because they can and it won't usually cost them much to experiment with it. These versions, even if they don't switch to something like Linux Lite, need to come with some sort of documention that is up front about how to tweak for security or what not to do as root. Can there be a Linux that the end user doesn't even know what root is? I'll be making the move to Linux as soon as my compliant video card gets here. I'll be looking for some tweaks for security. Hope I can find some.
Good is never enough, when you dream of being great!
debian comes with a default hosts.deny file of ALL : PARANOID. That way, if you want an inetd controlled service open to anyone, you have to explicity open that service. More distributions should follow this lead.
I think that this issue will become more important as we get away from PPP and move towards cable and dsl. The person who wrote this article was fortunate because he realized that someone was logged into his machine, but if the average user walks away from his/her machine at home, then Bad Things can happen without the user knowing it
All computer users need to be made more aware of security issues, including those running Windows. I have a friend with a cable modem, and just for fun one day he decided to see how many Windows shares were available to him on his network. He was able to get, among other things, someone's tax return because of a share that user left open.
Ouch.
The basic idea is hard to fault. A few caveats:
(1) There's no need for entirely separate distributions: a radiobutton selection in the install dialog about whether you want the default desktop edition or something fancy would do.
(2) Firewalling the PPP device by default would help. A *lot*. Just bar incoming TCP connections and most other stuff and a lot of script kiddies get shown the door.
(3) The biggest helper would be if these distributions installed fewer packages! I've installed Debian umpteen times, and I've grown to loathe dselect. The best thing would be for distributions to install a minimum set of recommended packages at install time, enough to get online and browse the Web and read mail and news, and then let them get used to it. Another day, they can learn about making Web servers available and suchlike: a simple, secure base would be an excellent place to start.
--
Xenu loves you!
The users do need to know that there is a root account, and know the password. They need to be educated at least to the extent not to stay logged in as root. Many NT users have been able to grasp this; Linux users should, too. And as someone already pointed out, otherwise there will be known default root passwords, which is a Bad Thing, Man (tm).
In reality, all distributions should come with the default configurations a bit more secure. Maybe not to the level of extreme paranoia, but to a reasonable degree. Let's be honest, we sysadmins aren't perfect (although we want our users to think so). It's possible that we could forget to configure something when installing a new system, or erroneously assume that some option is already set in a secure manner when in fact it's not.
This will have another, non-technical effect. Once the mainstream media picks up on such a distribution or effort, that's going to entice more users (and corporate managers) to consider it a viable desktop option. I'm all for users learning more about what they're doing, but I've met too many customers who asked me, "What's 'double-click' mean?" to believe that this could ever happen.
"You can never have too many elephants on your team."
I would really hate to see multiple accounts get scrapped from any configuration. Even in the most typical newbie setting: an idiotic family of four, say, it is so nice that everyone can have their own unique environment without stepping on each others toes. It would be tragic to lose that...
Are there scripts available which you can run on "stock install" distributions like Red Hat which will automatically modify configuration files to get rid of & shutdown "unnecessary" services?
I realize that the proper place to do this is in the distribution, but until that happens, it seems to me that there are enough people who have performed these procedures so often that it might be possible for them to put a little script together that could be given to a newbie who has barely got the distribution installed so you don't have to go running over to their house in the middle of the night when they call you up asking "why somebody else is using my system?".
I'm a most-time network/sysadmin for a department at a university. We run Linux, IRIX, and a (un?)healthy dose of Windows. As much as I can't stand windows, this article is right about RH's (or any linux distro's) default install.
/etc/inetd.conf and hosts.deny on the very first boot, but these folks don't realize it, and there's no way to tell them it unless you're looking over their shoulder when they install.
I've convinced a couple of friends of mine to make the switch to Linux, but the ones who put it on machines with any sort of dedicated network access I *force* to go behind the firewall when they first install. It's almost criminal the number of ways into an out-of-the-box RedHat/Slackware system (the main distributions I've worked with). Finger, systat/netstat, and everything RPC are all completely running -- and not even filtered by tcpwrappers. The worst part is that these things are (99% of the time) completely unnecessary on a workstation.
Granted, I know to go and edit out
#include
(okay, I'm done moaning now.)
-Chris
Check out this article on installing Linux securely. It focuses on RH5.x, but can be applied to just about any distro.
"You can never have too many elephants on your team."
The author seems a bit systems-administration-naive to think that you'd have to design a special distribution just for this.
Bruce
Bruce Perens.
Linux is approaching a crossroads when it comes to taking over the desktop. One extreme is the old path, the path of the smug Unix people. RTFM is the standard reply and clicking is for wimps. Linux and its community tends to be a bit better than that but still expects a lot from the average user. The fact is that most people in the desktop world would have major difficulties with running Linux. By "running", I mean to include setup, configuration, and general usage. To conquer the desktop Linux has to become easier to use. You shouldn't have to RTFM to setup a simple, safe, workstation. It should be as easy as... no, easier than Windows 9x. Or NT. Or the Mac. I know many of us have a nasty tendency to look down on a Win9x/NT/Mac user but they are the majority of the desktop crowd and they deserve a quality OS too. Without having to know what /etc does. Just like in the Win9x world the user should not have to know anything about the Registry. The old rule of thumb applies here: "It has to be so easy that your mother could use it."
Compatibility is a big issue here. Look at the how Microsoft takes the lead away from other companies. Lotus 1-2-3 ruled the spreadsheet world until Excel proved that everything Lotus 1-2-3 could do, it could do. It had pretty good compatibility (could open and save in Lotus's format) and had the same general functionality. It even had special help for people transitioning. How about Mac? Win95 is so similar to MacOS, Apple sued Microsoft. NT uses the same look and feel as Win9x. NT supports Novel networking well enough. All of this is done so that a user has no reason not to switch. Granted, Microsoft usually does these things just barely good enough but their idea is a good one. We need to take a page from our most hated enemy and beat them at their own game.
I have said this before but I think that it needs to be mentioned again. To win the desktop you need a perfect duplication of MacOS and Win9x/NT in look and feel. In a perfect world it would be so good that you could come in at night and install it on your boss's PC and all he notices is that things don't crash anymore. Then you would have him hooked!
-- soldack
Why the hell are peole suggesting a whole new distribution for this? The author of the article is a dumbass. He suggests that NT is superior than Linux because it offers workstation and Server versions. Hey dumbo, so does RedHat. But instead of putting them on seperate CDs they put them on one and nicely and politely ask you during install "Workstation" or "Server" or heck even "Custom" if you are brave. What is the friggin fascination with another CD? Okay, so if the workstation turns on a couple of daemons that you think are too many, then ask for that to be changed. Not a whole new release? Damn! People are sooooo stupid!
I have set up a Debian laptop for someone who never owned a computer before and hardly ever used one. I made runlevel 4 the default. It execs su user startx. .xsession runs netscape with geometry occupying the full screen. All ports are closed to the outside (except ssh in case I need to fix something). Apache listens on the localhost interface. A CGI can reboot, run diald, etc. all using sudo. The user account has no password. She can get a root shell using sudo, but she doesn't know that yet.
btw, this user has become an email and WWW addict. :-)
Or how about...
Secure Desktop
Power User
Secure Server
Open Server
Custom install
"Power User" is a common enough term that it would make newbies think twice before choosing it, while allowing those with a clue to have something more fun to play with. It'd also have the advantage of sorely punishing those who think they are power users, but are actually far from it!
Ahh - My eye!
The doctor said I'm not supposed to get Slashdot in it!
... Almost!
Mandrake has the main install categories (server, workstation and custom), but not the subcategories.
The package categories are almost like it.
And it has Mandrake-update: You start it, it fetches the list of mirrors of the FTP site, let's you select one, then fetches the list of RPMs to update, you select the ones to get, it downloads and installs them, and you're set.
Now, they're preparing the next incarnation, we can suggest this to them, it shouldn't be hard to implement.
"Now you can see that evil will triumph, because good is dumb!"
Unfortunately, everyone thinks they are a 'Power User.' The term tends to apeal to the ego.
Assuming an installation straight out of the box, what is the most secure Linux distribution available today?
This is what we tell people to do. Write it down and don't forget it. It's amazing how many people call asking what their Administrator password is. "I don't know; you tell me," is my usual paraphrased answer. This by itself is not asking much of people.
The party's over
Funny that thins came up... I was thinking of makeing a simple version of linux... but one thing stoped me (knowledge) Things such as logging in and access to drives should be made simpler ... More like (dare I say it.) MAC or Amiga OS (disk in ... yes its there... not >mount vfat /dev/fd0 /mnt/floppy or whatever .. even the gui for this is dismal for beginers).. X windows also needs a beginers overhaul... its justa all too much.. too many options .. And too higher overheads for a GUI interface. Also another problem is unity... Lets face it guys, Linux comunity is split at the moment (KDE/Gnome/whatever windows manager... is a good eaxmple of split development... in which if everyone aimed for a a main goal and worked co-operativly we could have a much better product). A lite version of linux would have to come under a committed and unified Linux comunity, so we dont have so many diferent choices, and so we can all focus on getting things simple and easiy to use (sorry techo guys but I think we need to drop vi in a easy version of linux!) But above all what acronym would this be distributed under? CLINUX ? (Crappy Linux) SimLin or SimLix or SimLux ?(Simple Linux). And above that.. where do I signb up to help?
I think this is mostly the fault of distributions not being easy enough to setup. Take Red Hat for example. During installation, you'll have to answer the question: What services do you want to be started at boot? (or something like that) But do anyone seriously think that a newbie should know what apmd, atd, inetd, lpd, syslogd, etc... is??
But this will get better, i'm sure.
"Bernoulli was wrong. X proves that you can fill a vacuum, yet still it sucks." - Dennis Ritchie
I don't see why different distributions are needed to accomplish this. It seems that the same thing could be accomplished with two options presented near the beginning, "Express" and "Advanced". "Express" would create the system this guy is talking about. "Advanced" would give you all the options. It should be doable with one package.
The cake is a pie
First - I agree with the author. Why does
should a system come out of the box running
httpd, ftp, or whatever?
The OTHER problem that stops us from
world domination is the GUI! X can be
impossible to get working - especially
on newer hardware(My EOne for example)
A couple of days ago there was an announcement
here of yet another distro that takes care
of one issue: http://www.demolinux.org
This distro runs exclusively off of a CDROM -
you can take linux to any machine! One of the
tricks they pulled that got it to run on my
EOne that neither the latest RH, Mandrake, or
Suse could do was bring up X! They used the
new Frame Buffer server. It isn't accelerated
but it works GREAT! So if the demolinux
people were to go a step further and tighten
up their system to not have a large number
of separate demons running - we might be
pretty close to what the author was asking
for! (Actually haven't looked at what
demons they HAVE enabled on this distro -maybe
it's already there?)
Steve
Have you compiled your kernel today??
While I understand they do it to attract Windows users it is becoming a very dangerous game. The solution is not going even further the Windows way, as the article suggests. The only real solution is that the distributions stop focusing on copying Windows styles, looks, feels, sounds, etc. and start focusing on these points:
- Good comprehensive documentation, including overviews and guides to the software they distribute. Besides all generic documentation which comes with a package there is a need for each distribution to explain what is included and why, how the packages included will help the user, and which packages should a user install to accomplish what she needs.
- An installation system which educates the user at the same time it installs the packages. It should guide users so that they choose the installation which best fits their needs, avoiding the current install everything approach.
- A good admintool which takes care of all the tedious system administration tasks in an unobtrusive way. It should perform all necessary security checks and monitor the system periodically.
Of course, these are the ultimate goals and it would take time to reach them. However, while some distros are at least partially working on similar projects, most are not. If new Linux boxes are insecure it is the distros fault. No doubt about it.red hat lite is a great idea but the funny thing is that if you market something as "lite", you expect less features for less price. great for most products unless your product is support (a la redhat & every other linux distribution) red hat should be charging more for a red hat lite because the newbies are the ones requiring the most tech support.
I supppose I was trying to refute the comments about "the typical user" when I started to reply to this, but now I have to say that I'm in agreement.
I started my time with Win 3.1, and tweaked that to death, then moved on to Win95 and played with that for a time. Up until this time, I had been your typical user, unwilling to dig too much further.
My experience with NT over the years has taught me some valuable lessons.
* I have a user account on my machine instead of logging in as the Admin. I've set up the desktop and start menu on the Admin account with items aimed at administration [doh].
* I set whatever services I may run to manual, so that I use them only when needed.
* The C: partition is for the OS and programs only. All data is on the D: or subsequent drives.
I'll be damned if that isn't the successful recipe for a Linux box as well.
I'd have to say the first few chapters of the Red Hat manual were invaluable, and ought to be required reading. It isn't that difficult. And if you're not careful, you just might learn something.
The party's over
The fact that this is just now being widely addressed should be a wake-up call to those who want to see "world domination," to tell them just how out of touch with the average user we may be. We need to make that effort to understand the average user, and create a secure, out of the box "Linux for the Standard User." We need to do that in a lot of areas besides security before Linux is ready for Prime Time.
"After a nice clean re-install, a raft of changed passwords, and a minimalist reconfiguration, my system is secure. "
This article propagates the myth that there is a such thing as Secure System. The only Secure System is to have no system. Instead of "Secure System," we should use the term "Securer System" and we should encourage schools to teach the idea of not having a system, at least, not until you have a certificate (degree?) saying you are ready to have a system.
I thought the idea of different installation 'profiles' (a la workstation/server) was an active part of Linux installations? I know that Debian offers a number of variaties of installation profiles, what about other distributions?
"Nobody" may need to be concerned about security if your computer is never plugged into a network such as the internet.
However, as soon as you dial up your ISP, not to mention connect a cablemodem, you would be well advised to be concerned with security.
Even if you have nothing but valueless games on your personal computer, a malicious cracker can still make use of it as a depot for warez and pornography, and they can also use your computer as a launching pad for attacks on other systems. Some people will try and damage your computer simply because you live in (insert your country here).
How would you like it if your computer was seized by the feds for evidence because a malicious person used it for illegal purposes?
Everyone who is part of an worldwide electronic community should be aware of security (and privacy) issues. You don't have to be a security expert, but you should at least go in with a cautious attitude. In the end, you are responsible for yourself.
I mean in Windows the big deal is *poof* its there and its helped me. I mean if we ever want to survive this war the answer is standards, standards , standards. We need to have a better installation precedure, not just for the distro, but say for Quake3 , if i'm the average user I want installation to be simple. I mean do I really need a 12 step procedure, including mounting a cdrom changing up directories, copying the windows "content" files to the right place, downloading the linux binary, etc. AWW! This should be point and click, a BOOM your there. This should all be standardized too. What are we doing worring about the correct definition of open source so we can scold someone who doesnt do it exactly right, or having flame wars of Linux vs. xBSD? Lets make all our shit work together, and make it easier for the rest of us.
sorry about any errors,
rob
"Are you satisfied with fucking?" - Dave Matthews from "Halloween"
Redhat has been asking users whether they want a server, workstation, or custom installation for a while now. Anyone know the specifics between the server and workstation. I fear it may only be Gnome/Kde or no Gnome/Kde; but hopefully it rips out sendmail and some other nasty daemons.
What would really be appropriate is if distributions could package in ssh, but then we run into export problems - i assume, only because I know redhat doesn't come with ssh - but maybe that's the ssh people being uncooperative. But really, does a home user even need telnet?
Joseph Elwell.
I have installed linux for a great number of newbies. They tend (like myself when I started) to be grossly unaware of what a deamon is or what it does, and have a very hard time understanding the concept of security in a multiuser system. The switch from single-user to multi-user is the most difficult concept to grasp as a newbie.
This makes security holes very common on such systems, as noted in the article. If a linux-lite distro were to be written that by default turned off all deamons, and left NO access to anyone except the local user, then it will have come a long ways towards desktop acceptability for the average corporate secretary. They should not have telnet or nfsd or samba or anything else running until their system administrator turns it on because it is needed.
Perhaps a "secure" workstation install option as the recommended install for new users is in order.
Hopefully Corel will adresss this in their upcoming distribution.
Steve Ruyle
Ex Libris Veritas