our graduate TA's like java since the classloader lets tudents write their projects as a class that gets accessed by an autograder. Java can resrict us from cheating by preventing the loading of certain classes, etc.
Have them play dopewars! they can learn about economics, their own culture and computers all at once. Seriously though, this seems to follow the sam philosophy as those reader rabbit type games.
i've decided to make a Linux based bong. The machine will be liquid cooled. The water coolant will be shared with the bong component. I'm going to hook up heat detectors to tell when the bowlis being sparced err...sparked. I'm going to try to figure out some method of measuring the size of each hit... If anyone has any ideas, resources or whanot, reply.
Some ideas for securing a public access Linux
on
Themes.org Cracked
·
· Score: 3
Check out how I "secure" my network, Its not perfect but its relatively easy to implement. http://while1.org/security.shtml and now I post the whole thing to karma whore!:)
We try to keep While(1).org fairly secure. Here is a general overview of our security process. It should be helpful for many novice UNIX admins.
Operating System: Although OpenBSD is generally regarded as the best Freenix in terms of security, GNU/Linux is under more active development, faster, more user friendly and supports far more software packages and types of hardware than OpenBSD (sorry Theo, much respect...). I, along with most of the other admins and users are more familiar with a GNU environment. The distribution we use is Debian. I chose Debian for several reasons: free (libre and gratis), strong package system and reliability. It hasn't let me down. I do prefer Slackware on my personal box, since the -current tree is more stable than Debian's unstable. However, Debian's package system is nicer and provides many things that Slackware lacks (I may abandon Slackware as soon as Debian supports XF4 and kernel 2.4 by default in stable). Debian also keeps up to date on security issues.
Kernel: We now run a Linux 2.4 kernel. Although most security tools/patches are 2.2 only, the mature (READ: usable) ones have been ported to kernel 2.4. I'm confident that more will follow. 2.2 is dead. We have disabled modules entirely in our kernel to prevent hax0ring and to avoid using modules (does anyone else hate them?). We only have a few drivers enabled. Besides helping performance, this protects against hostile code injection into the kernel. It is possible for a clever coder to inject code into a non-modular kernel, but most rootkits use kernel modules. Not allowing kernel modules and using 2.4, prevents us from using some really cool security tools like LOMAC. However, I found that LOMAC did not play nicely with OpenWall's Secure Linux patch (or cron, or init or getty...). When Lomac behaves nicer, it will be added (I'd also like to see it as a patch rather than a module). Currently, we are using the GetRewted.net patch which provides lots of security enhancements. We may be adding more secure kernel additions such as the NSA's Security Enhanced Linux. However, at this time, we feel that the current kernel security model is both secure and usable. If you have any neat kernel goodies we might like, tell us.
Firewall: Note that we are NOT running any sort of real firewall. We feel that the extra kernel overhead of the firewall hurts performance and adds needless complexity to the server. Since we are NOT trusting local (ie: users with shell access) anyway, we feel that a firewall is basically useless since Linux's TCP/IP stack is already fault-tolerant, mature and robust. We augmented the TCP/IP stack with this shell script to limit our vulnerability to DoS attacks. Firewalling services should not be needed if your services are secure (run with minimal priviliges and SECURE by design and condiguration). Eventually we may drop an OpenBSD or Linux 2.4 firewall in front of the server as a measure for restricting local users ability to portscan, DoS and exploit remote hosts.
Authentication / Login: Remote interactive sessions are only supported over ssh (and we run OpenSSH). Telnet is not allowed. Rhosts authentication is not allowed. I've looked at forcing people to use S/Keys, but it is a real pain in the ass on both ends. We are currently allowing FTP in. When I'm confident that all the users can get a good graphical scp/sftp client for their platform, I'll kill FTP. Since I'm not relying on trusting local users anyway, this is more a security concern for individual users. I'm considering locking some users who don't use their shells out of real shell access.
Users: I only make accounts for people I know personally. I also monitor user login
s and their activity using whowatch and process accounting. I'm suspicious of logins from weird hosts. I also use PAM to set resource limits.
Monitoring: We watch out for network nastiness with Snort which is an AWESOME IDS. We monitor its logs and other system activity with Psionic's LogCheck. Occasionally, I'll audit the machines for weird ports using nmap and Nessus, both of which are REALLY nice. I'll also routinely verify system integrity using a combination of Tripwire and chkrootkit, on a system booted from a known CLEAN floppy containing the tools.
Looks like someone from monkey.org (big OpenBSD lovers) is starting up a new project. If it follows in the history of other OpenBSD alternatives it will be about 30 times better than the original and have some cute Blowfish/Daemon shirt. Damn OpenBSD people! They're beating the other BSD's simply through how cool their t-shirts are!:)
xm@jolt:~$ whois openipf.org
Whois Server Version 1.3
Domain names in the.com,.net, and.org domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: OPENIPF.ORG
Registrar: TUCOWS, INC.
Whois Server: whois.opensrs.net
Referral URL: www.opensrs.org
Name Server: NS1.FRIES.NET
Name Server: NS0.FRIES.NET
Updated Date: 25-may-2001
>>> Last update of whois database: Wed, 30 May 2001 02:01:56 EDT
The Registry database contains ONLY.COM,.NET,.ORG,.EDU domains and
Registrars.
Found InterNIC referral to whois.opensrs.net.
Registrant:
OpenBSD
600 N. Chowning Avenue
Apt. W110
Edmond, OK 73034-5110
VI
Domain Name: OPENIPF.ORG
Administrative Contact:
Fries, Todd todd@fries.net
600 N. Chowning Avenue
Apt. W110
Edmond, OK 73034-5110
VI
405-715-4168 Technical Contact:
hostmaster, monkey.org hostmaster@monkey.org
PO box 2031
ann arbor, mi 48106-2031
US
734 623 0456
Billing Contact:
Fries, Todd todd@fries.net
600 N. Chowning Avenue
Apt. W110
Edmond, OK 73034-5110
VI
405-715-4168
Record last updated on 29-May-2001.
Record expires on 25-May-2002.
Record Created on 25-May-2001.
Domain servers in listed order:
NS0.FRIES.NET 206.30.141.10
NS1.FRIES.NET 208.128.7.232
Yet another company that ask you to donate to them. Alternative Tentacles (an indie music label) did this.
From info about a benefit.
The proceeds shall benefit the Alternative Tentacles Legal Defense Fund . Why do this benefit? Becuase Alternative Tentacles was one of the first and most dedicated independent recording labels that not only issued releases from underground cultures, especially punk, but also numerous political, spoken word and benefit recordings.
Founded by Jello Biafra when he was a vocalist for Dead Kennedys, Alternative Tentacles has been through countless trials and legal hassles. The famous obscenity trial for the DK's Frankenchrist album resulted in a precedent setting victory for free speech, but nearly bankrupted the label . Amazingly, despite the numerous famous artists under attack at that time, only Frank Zappa and a couple of others tried to help.
Now Alternative Tentacles is at risk of total financial collapse once again, due to the latest court drama. This time, it isn't Jesse or Tipper or Falwell..it is the other three former members of Dead Kennedys. While Jello has stayed true to the ideals and vision of the early days of the band and label, the other three have been considerably less honorable. They have sought to seize control of the DK masters to cash in and use the songs for jeans commercials and other acts that total contadict what the band once stood for. Any Dead Kennedys release on a new label is unworthy of purchase.
Alternative Tentacles continues to issue recordings by numerous artists who would have much less of a chance being released on another label. Further, they have released countless spoken word releases by Noam Chomsky, Howard Zinn and other voices that challenge abuses of power and the lies of the corporate media. Who Bombed Judi Bari (of Earth First) and All Things Censored (the censored recordings of Mumia Abu-Jamal) were also released on Alternative Tentacles.
It is time to support this vital label and assist valuable allies in the struggles for justice. Please consider coming to this benefit and/ or helping to get the word out. Also please check out the AT website and offering support (and maybe getting some items from them).
I encountered quite bit of instability (say hello to my friend kernel panic!) running this on 2.2.19 with the openwallpatches installed. I don't know who is being naughty, but I'd guess LOMAC since Solar Designer has a reputation for being a wonderful coder. OH... and it fucked up my system so getty thought it was still booting and only root could login. Promising though... when these issues are fixed I'll definately run it on my server. Good work. I'd like to see this (and ACLs) ported to OpenBSD also... I'm thinking about making an "ideal" armored server for fun next year and these would be cool features.
Of course you can! GPLing code does not preclude licensing it under another license (commercial or what not). You could also claim that your product has lost "value" by hazingv the license violated....
It'll be interesting to see what the FSF will say about them saying Open rather than Free.
What does suck about this license is that someone can sell your music for profit. I'm not sure I like that. Regardless, my band will release all our material under this or an improved audio license... anyone have one?
MOVE TO USA! SPEAK AMERICAN! USE LINUX! EVERY USA WEBPAGE WORKS IN NETSCAPZE OR MOZILLA!!!! or just put your monitor up to a mirror to fix the right to left text thing
Because it runs on more platforms than Linux?
Because it supports more hardware than Linux?
Because it scales well?
Because it is clusterable?
Because it has a journaling filesystem?
Because the fs performance rules so much?
Because so many companies work on the kernel?
Because there are THOUSANDS of applications?
Oh wait.... I mean Linux.:)
FreeBSD does have a nice (although less so than Debian IMHO) base system.
FreeBSD is stable. But no more so than Debian/Slackware/Anything-but-RedHat.
FreeBSD is fine for DNS servers and whatnot but it doesn't scale up or down like Linux does and the desktop is not (quite) up to par although Linux "Emulation" brings a lot more apps to it.
FreeBSD is still nice IMHO for a server or a workstation, but cannot compare to Linux in XPlatformness, scalability, desktop-improvement or feature-growth (and you can always not compile more features into it)
Slashdot Mirror
This is why systems like debian's apt-get that automagically satisfy dependencies are good. Granted, 60 is a lot!
Simple 100% OOP (vs. C++)
Good strings (Pointers, malloc(), static sized arrays all suck)
Widely used
Cross platform
Free
Extremely comprehensive cross platform base libraries
our graduate TA's like java since the classloader lets tudents write their projects as a class that gets accessed by an autograder. Java can resrict us from cheating by preventing the loading of certain classes, etc.
Have them play dopewars! they can learn about economics, their own culture and computers all at once. Seriously though, this seems to follow the sam philosophy as those reader rabbit type games.
i've decided to make a Linux based bong. The machine will be liquid cooled. The water coolant will be shared with the bong component. I'm going to hook up heat detectors to tell when the bowlis being sparced err...sparked. I'm going to try to figure out some method of measuring the size of each hit... If anyone has any ideas, resources or whanot, reply.
We try to keep While(1).org fairly secure. Here is a general overview of our security process. It should be helpful for many novice UNIX admins.
Looks like someone from monkey.org (big OpenBSD lovers) is starting up a new project. If it follows in the history of other OpenBSD alternatives it will be about 30 times better than the original and have some cute Blowfish/Daemon shirt. Damn OpenBSD people! They're beating the other BSD's simply through how cool their t-shirts are! :)
xm@jolt:~$ whois openipf.org
.com, .net, and .org domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
.COM, .NET, .ORG, .EDU domains and
Registrars.
Whois Server Version 1.3
Domain names in the
Domain Name: OPENIPF.ORG
Registrar: TUCOWS, INC.
Whois Server: whois.opensrs.net
Referral URL: www.opensrs.org
Name Server: NS1.FRIES.NET
Name Server: NS0.FRIES.NET
Updated Date: 25-may-2001
>>> Last update of whois database: Wed, 30 May 2001 02:01:56 EDT The Registry database contains ONLY
Found InterNIC referral to whois.opensrs.net.
Registrant:
OpenBSD
600 N. Chowning Avenue
Apt. W110
Edmond, OK 73034-5110
VI
Domain Name: OPENIPF.ORG
Administrative Contact:
Fries, Todd todd@fries.net
600 N. Chowning Avenue
Apt. W110
Edmond, OK 73034-5110
VI
405-715-4168 Technical Contact:
hostmaster, monkey.org hostmaster@monkey.org
PO box 2031
ann arbor, mi 48106-2031
US
734 623 0456
Billing Contact:
Fries, Todd todd@fries.net
600 N. Chowning Avenue
Apt. W110
Edmond, OK 73034-5110
VI
405-715-4168
Record last updated on 29-May-2001.
Record expires on 25-May-2002.
Record Created on 25-May-2001.
Domain servers in listed order:
NS0.FRIES.NET 206.30.141.10
NS1.FRIES.NET 208.128.7.232
www.kerneli.org!!!!
doh! I forgot MOSIX! MOSIX is a clustering thing! It looks cool.
- Alan Cox's Patches - Nice!
- Real Time Scheduler - Aside from making Linux a RTOS, it improves app performance!
- GetRewted - Similar to the Openwall pacthes for 2.2.X - NonExec stack, improved filesystem security, stealth networking, Trusted Path Execution
My personal box runs all but GetRewted. My server will run them all very soon. Enjoy!I encountered quite bit of instability (say hello to my friend kernel panic!) running this on 2.2.19 with the openwall patches installed. I don't know who is being naughty, but I'd guess LOMAC since Solar Designer has a reputation for being a wonderful coder. OH... and it fucked up my system so getty thought it was still booting and only root could login. Promising though... when these issues are fixed I'll definately run it on my server. Good work. I'd like to see this (and ACLs) ported to OpenBSD also... I'm thinking about making an "ideal" armored server for fun next year and these would be cool features.
IIS does a lot on the kernel level. That was one of the factors in original Mindcraft tests.....
Of course you can! GPLing code does not preclude licensing it under another license (commercial or what not). You could also claim that your product has lost "value" by hazingv the license violated....
convert packages to/from slack, rpm, deb
http://kitenet.net/programs/alien/
It'll be interesting to see what the FSF will say about them saying Open rather than Free.
What does suck about this license is that someone can sell your music for profit. I'm not sure I like that. Regardless, my band will release all our material under this or an improved audio license... anyone have one?
Kurt Goedel will have a field day with this!
Jon KAtz didn't use the word geek until the ThinkGeek link! Huazzah!
Kernel 2.4?????? if so reiserfs support? devfs? assorted goodies support?
I got it!
MOVE TO USA! SPEAK AMERICAN! USE LINUX! EVERY USA WEBPAGE WORKS IN NETSCAPZE OR MOZILLA!!!! or just put your monitor up to a mirror to fix the right to left text thing
Because it runs on more platforms than Linux?
:)
Because it supports more hardware than Linux?
Because it scales well?
Because it is clusterable?
Because it has a journaling filesystem?
Because the fs performance rules so much?
Because so many companies work on the kernel?
Because there are THOUSANDS of applications?
Oh wait.... I mean Linux.
FreeBSD does have a nice (although less so than Debian IMHO) base system.
FreeBSD is stable. But no more so than Debian/Slackware/Anything-but-RedHat.
FreeBSD is fine for DNS servers and whatnot but it doesn't scale up or down like Linux does and the desktop is not (quite) up to par although Linux "Emulation" brings a lot more apps to it.
FreeBSD is still nice IMHO for a server or a workstation, but cannot compare to Linux in XPlatformness, scalability, desktop-improvement or feature-growth (and you can always not compile more features into it)
Its called the BSD ports system. It really shouldn't be that hard to get it to work on Linux.
Tech Journals just don't understand that the kernel is irrelevent! What really matter now that 2.4 is out is applications!
I'd rather have a SparcPlug!