Linux Blog

Linux Users are Lazy

Filed under: Linux Video Tutorials,The Linux Blog News — TheLinuxBlog.com at 7:57 pm on Thursday, May 7, 2009

Some one told me once that all of the good system administrators are lazy, I believe this but I also think that Linux users are lazy. While I’m not a full time systems administrator, I am a full time Linux user. I sometimes think that I’m so lethargic that I don’t have the energy to turn on a light switch. Hence why I did this (youtube video)

If you couldn’t make it out from the crappy iphone video, it’s my house, I show the circuit, turn the light off, walk in the closet and walk back out again. It’s a rather simple circuit consisting of a switch wired to a halogen light I brought from Ikea. In true open source fashion, if any one is interested in this, let me know and I’ll share how I did it if you can’t figure it out.

Why The Antivirus?

Filed under: General Linux — TheLinuxBlog.com at 12:39 am on Friday, January 23, 2009

Why The Antivirus

Although viri on Linux are not very common, it is not unusual to find anti virus utilities available. You may ask what the point is if your operating system is not as vulnerable to these types of threats but perhaps you are looking at it the wrong way. What better platform is there to act as an anti-virus scanner then one that isn’t as likely to get owned?

Take this example: a Linux file server Vs. a Windows 2003 file server. Just by plugging the Windows server in it may be at risk, in an hostile environment (eg Internet), while the Linux server may not have as much risk (at least from a Virus attack)

We all know the benefits of running Linux file servers such as cost, stability and coolness so we won’t touch on those but there are downsides to running a Linux file server. One of the major downsides is that Linux servers have a perception of being hard to manage. While they can be significantly different from managing a Windows server this myth is often on the top of the list for decision makers.

Often system administrators (myself included in this one) get lazy in their samba configurations. This is a potential problem because a sneaky virus could attempt to write its self to any writable volume, which could cause a lot of grief for the poor Windows machines. Or perhaps in tandem with the writable volume an exploit for a piece of out dated software allowing the writable file to be executed.
A friend of mine first introduced me to the concept of anti-virus scanners on a machine he had created specifically for the purpose of housing his virus collection. He had made a script that extracted information about the virus and cataloged it for easy reading and searching. All he had to do to add a virus to his collection was copy it to a folder. With this method he was able to quickly search and find any virus he had on file for specific traits or purposes for analysis. While some may call this overkill for him it was a hobby. Would you keep your entire virus collection on a Windows machine?

As with any operating system, it is only as secure as you make it, therefore running an anti virus on your Linux machine may not be as stupid as it first sounds. Especially if they interact with the dirty Windows boxes on a regular basis. Then again, if you’re purely a Linux shop, enjoy the cleanliness while it lasts.

Introduction to CHMOD – Octal Format

Filed under: General Linux,Quick Linux Tutorials — TheLinuxBlog.com at 1:25 pm on Tuesday, September 25, 2007

CHMOD is used to change permissions on a file. There are three types of permissions read, write, execute and there are three types that permissions can be set for owner, group and other.
It can be used with a symbolic representation or with an octal number that represents the bits. This blog post features on just the octal format. CHMOD works on most Linux file systems. It is also used on other operating systems such as BSD. Web designers and developers may be familiar with CHMOD as they have to set permissions when uploading files via FTP.

The octal notation can seem quite confusing but is actually very simple.
To figure out the octal format take the following table:

  Owner Group Other
Read 4 4 4
Write 2 2 2
Execute 1 1 1

To figure out the octal method just add up the sum of what you want to set the permissions to.
If you would like to set the permissions for the owner to read, write execute and the group/other to read and execute you would do the following:

  Owner Group Other
Read 4 4 4
Write 2 2 2
Execute 1 1 1
Add: 7 5 5

Its that simple. The way I remember the numbers to the corresponding permission is to remember that the number starts with 4 and is divided by two and then I repeat the following:
“For Read, Two Write, Execute”
meaning that 4 is read, 2 is write and the last (1) is execute.

There are graphical utilities that set permissions such as Thunar in XFCE and Konqeuror for KDE, but they normally do not allow you to change the permissions on multiple files at once.

If you have a whole directory full of files that you would like to change permissions on, you can simply do:

chmod 755 *

* is a wild card or regex and tells chmod to change permissions on all files.

If you would like chmod to go into directories and change permissions on files, the -R option is used.

chmod 755 -R *

will change permissions on all files and dive into the folders also.

chmod is an absolute must for system administrators and is good to know for home Linux users. If your experimenting with chmod be careful and do not use the -R option unless your absolutly sure you need to. I have accidentally used chmod to recursivly change permissions on a whole drive before. Lets leave it at this was not what I call a fun time since I had changed them to a very open 777.

Take that as your warning.

Ubuntu & Gentoo Servers compromised

Filed under: General Linux — TheLinuxBlog.com at 11:00 pm on Wednesday, August 15, 2007

The case of the Ubuntu servers being breached [wiki.ubuntu.com]
Missing security updates and system administrators not running updates on servers is a problem. I don’t know why they didn’t do any updates past Breezy. They suggest that it was because of problems with network cards and later kernels but I don’t get it. Since when do software updates for an operating system have anything to do with what kernel is running? If there is a problem with hardware support for the network card you have two choices. The first is to fix the driver yourself or pay some one to do it. The second is to replace the network card to a better supported device. Both situations could be costly but it would get the problem fixed and five of the servers wouldn’t have been taken down at the same time.
If the kernels were configured correctly, the boxes probably wouldn’t of even had to have been rebooted.
Running FTP instead of a more secure version is not so bad unless they were running accounts with higher privileges than guest or using system accounts. In which case thats just stupid.

The Gentoo Situation [bugs.gentoo.org]
Apparently there is a problem in the packages.gentoo.org script. The bugzilla article goes into deeper explanation but basically there is some pretty unsafe code which could have allowed any one to run any command. I understand that the code is old but it probably should have been audited at some point. The problem would have stuck out like a soar thumb if looked at by a python coder and they probably would have fixed it, or at least suggested a fix. The problem was found on Tuesday the 7th. All of the infra- (I assume they mean infrastructure?) guys were at a conference last week so they couldn’t work on it. It still seems that if they were at the conference until midnight on the 12th they would still have been able to put up a coming back soon placeholder on the packages site by now. Hey, if they put some pay per click ads up there maybe they will get some additional funds during the down time. I would like to see what products would be pushed thru the advertising on that one. I believe that they could have reduced the downtime by releasing the code for the packages.gentoo.org site as open source or by asking for help from developers to review and upgrade the code as needed.

Its not strange for web servers get hacked. They get hacked all the time but who’s fault is it in the open source community? I really think that there is a problem in the community when it comes to situations like this but the blame can’t be placed on any one person. I would offer any assistance I could into getting these situations resolved but its not as easy as that. There has to be a certain level of trust for those working within a project. If they gave out keys to their servers to anyone the servers probably would have been compromised a long time ago. I hope that the affected sites can pull them selfs together and get back up and running as normal. It seems that Ubuntu did not have complete down time, but the Gentoo site is still down and there is no indication of when it will be back up.