DFWUUG NEWSLETTER 
NOVEMBER 2001

 

Meeting Information

Program Committee

DFWUUG

Useful Links

 Sponsors UNIX Java

Perl

Articles By DFWUUG Members

Meeting Location: SGI Graphics at 6200 LBJ Freeway

Thursday, November 1, 7:00 PM

FREE pizza

Top

Click here for directions.

Click here for the official Bylaws.

Click here for our Policies.

Individual Membership

Sponsorship Application

The mission of the DFWUUG is to promote interest in and an understanding of UNIX All meetings are open to the public without charge.

The group meets the first Thursday of the month, with the exception of those months where the Thursday falls on or near a holiday.  Everyone is cordially invited to attend. For current information, please check out the user group's web site www.dfwuug.org.

 

VPN´s: Sorting Through the Mess
by  F. Ward Holloway III; Senior Systems Engineer of Check Point Software

Top

Everyday, more and more corporations are looking to implement VPN's to allow remote access for home and road workers, as well as lowering cost through elimination of dedicated access lines. When deciding which technology to utilize, an administrator can be overwhelmed. Every IT vendor suddenly seems to have some VPN offering. This presentation will examine the different VPN technologies available in the marketplace today, as well as the security risks and other factors that need to be considered when implementing VPN's.

Bio:

Ward Holloway is the Senior Systems Engineer for Check Point Software Technologies in the Southern Region, providing technical assistance and knowledge in the design, implementation and troubleshooting of all Check Point products, as well as speaking at security and product seminars throughout the region. Previously, he worked for Check Point's Worldwide Technical Services as a Senior Consultant, providing on-site support, training, design and installation services worldwide to Check Point partners and end users, as well as training internal groups within Check Point. Prior to joining Check Point, he worked on a two-year project for Global Integrity, implementing a worldwide security infrastructure for a major financial institution. Mr. Holloway began his career with Software Academy as a Unix System Administrator and instructor. He is currently contributing an article providing an overview of what makes up computer security to a new security website, intro2security.com.

Teaching Basics of UNIX
by John Keohane -- DFWUUG Member

Top

 
I teach C++, C, Java, and Unix, but usually have a textbook to start with. I adjust around the edges. For C++ and operator overloading, I start with friends, then go to member functions, because I believe that's an easier way for students to see and understand.

Recently, I taught UNIX with no textbook. The only book for the whole course in basics of Unix was the O'Reilly reference "Unix in a Nutshell: A Desktop Quick Reference for SVR4 and Solaris". Nothing to teach from, so I built my own handouts, and in doing so, created my own direction. Here's what I did, and the direction in which I taught. With your knowledge of UNIX you may want to get involved in this dialogue. I am interested!

1) A very short history of Unix. We'll emphasize hand-on, not history
2) Logging in. Some short commands: cal, ls, who, whoami, man
3) vi where letters are letters (input) and where letters are commands building files with vi
4) cat to see files, copy files, build files from the command prompt
5) rm to remove files mkdir rmdir to remove directories
6) moving among directories with cd . .. ~ /
7) touch as a simple way to create files for testing
8) wildcards within the shell * ? [ ]
9) wildcards within files with grep * . [ ] ^ $
10) permissions come in 3s ugo rwx adding, taking away with chmod
11) permissions with numerics 777 etc. for full settings with chmod
12) file permissions and umask total adding to 666 have to set x
13) stringing commands together, output from one, input to another
14) tee history and tail
15) building shell scripts using tail .sh_history
16) permissions and meaning, with directories, why no w on shell scripts

OK, now there's plenty of space for your comments.

What am I missing, that you think one should include?

Just as I find that teaching operator overloading in C++, goes best
       by starting with friends, then member functions,
       what order of teaching or tutoring or mentoring do you
       find works best in Unix?

What textbooks do you suggest for Unix?

Enough for now! Email me.
--John Keohane, C/C++ and Java                              keohane@prodigy.net

The Heart of Darkness
by Gary Smith DFWUUG Member

Top

A Column Devoted to Computer Security
Silver Bullets and Golden Principles

One of the facts of computer security is there are no silver bullets. If there were silver bullets, the movie of our lives would go more like this: We’d load up our guns with the silver bullets. Then we’d take a bead on the hacker werewolves. As they’re running towards the servers with claws and fangs ready to rend them asunder, we’d fire those silver bullets. Finding their targets, the silver bullets would kill the hacker werewolves. The servers are saved. The theme music swells in the background and the title credits rolls End of movie.

Unfortunately, life is not like a Hammer film. There are no silver bullets, but there are the Golden Principles of Security. Here they are:

Golden Principle No. 1: Know Your System. Before you can know say what is abnormal for your system, you first have to know what is “normal.” To do that you need to know your system. Is it normal for your main server to be spending 50 percent of its time in kernel mode? You do a “ps –ef” of your system and there’s this process running as root named “update-db”. Is this part of the normal operation? Where does “update-db” come from? Who installed it and when? You are looking through the /sbin directory and find a program that is setgid root but you don’t recognize the program name. Should it be there? Here’s another one: you notice lots of ICMP echo replies destined for an IP address on the Internet without corresponding echo requests. Is this as it should be? The answer to all of these questions if you don’t know your system is: Beats the socks off of me! The solution to this knotty big problem is spending time learning what is reasonable for your system. Regularly do a “ps –ef” and inspect the results identifying what processes are and their source. Find what programs in /, /usr/bin, /usr/sbin, and /sbin are setuid and setgid with the find commands such as

                find /usr –perm +4000 –print
and
                find /usr/bin –perm +2000 –print

respectively.

Monitor your network traffic to see determine what percentage of bandwidth is consumed by the various protocols running on it. Sure, this is time consuming work, but it will keep you from feeling dump when trouble arises. Surely, that’s worth something.

Golden Principle No. 2: Defense in Depth. This idea is taken from the castles of old. They didn’t just have a moat around the castle to protect them. They had a lot more. They had thick walls to prevent easy entry. They had high walls that were difficult to scale. They had turrets from which to pour boiling oil or pitch on the attackers. They had slits from which archers could fire arrows in safety. And finally they had a plan so that when they were under attack everybody knew what to do and not run around like chickens with their heads cut off. Applying this lesson to computer security: doesn’t just have a firewall to protect your network, have multiple layers of defense. Augment your firewall by adding filtering rules to your router. Harden the firewall to make it more tamper resistant. Get rid of unneeded services on the internal systems that serve as attack points for intruders. Improve the security of the systems by removing setgid and setuid programs with security weaknesses. Audit the userids and remove those that have been inactive for sometime. Last but not least, have a plan in place that details who is to do what when an intrusion does occur.

Golden Principle No. 3: Principle of Least Privilege. This one says, “Don’t give a program or individual more privilege that it absolutely requires.” Take for instance the Windows domain. Is it necessary for lots of individuals to be domain administrators? Absolutely not. Most times, this can be taken care of by making an individual the local administrator of a machine. In the Unix domain, do lots of individuals need to know the root password? Absolutely not. Most of times, using sudo appropriately installed and configured can give individuals the privilege level that they require. Now, let’s take the case of programs. Sendmail has to be the poster child for insecure programs. The mail has to get through despite wind, rain, gloom of night, and anthrax. The solution: make a sendmail sandwich. Get smap and smapd from the Firewall Toolkit. Run these daemons around sendmail so that it never executes directly. They also can keep certain kinds of denial of service attacks out as well. Take for instance the new whipping boy, bind. There are several things you can do mitigate the risk of running bind: limit zone transfers from only well-known trusted systems, don’t run bind as root, and run it in a chroot-ed jail.

Golden Principle No. 4: Protection is key but detection is a must. There are lots of attacks out there. There’s Smurf, Tribal Flood, Trinoo, Ping of Death, Fragmentation Bombs, Denial of Service, Distributed Denial of Serve, Port Scans, Stack Fingerprinting… The list goes on and on. Yes, you can protect you network against these attacks and more. You can also protect your network against being stuck by meteor, too. Rather than spending the money and time to construct a meteor defense system, wouldn’t it make more sense to have a meteor detection system? That way, when one of those errant rocks out there was headed straight for your data center your could know about it and take appropriate action. The same is true for your computer security. Protect your network from the things you can. This sets up the protection. Now set up the detection. Configure your logging to log to a central server. With all the logs in once place you can review the logs for patters. Make it sure somebody reviews the logs at least once a week. To make log review easier, set up a timeserver and synchronize all the systems in the network to the same time. With this done, log analysis is greatly simplified. You might also see some NFS strangeness go away when all the systems have the same time. Install and configure an intrusion detection system to let you know when an attack is in progress. There are many commercially available intrusion detection systems. A good free intrusion detection system is Snort. Get one and use it. Knowing a meteor is approaching is better than worrying “Have I made the walls thick enough?”

 That’s it; just four golden principles. Silver bullets don’t exist in security. Put with the Golden Principles, you can keep the hacker werewolves at bay.

 Gary Smith

PROGRAM COMMITTEE

Elliott Uchiyama - Program Chair 

Top


Here is the DFWUUG program schedule to date:

December 6, 2001 Steve Best of IBM - Journal File System
January Jeff Almeida - Apache 2rist

Linux SIG

Top

The Linux SIG will have a real live demonstration of SmoothWall, the Open Source firewall and VPN (Virtual Private Network) gateway (http://www.smoothwall.org/gpl/about/) . In the past, we've tried 2 times to demonstrate a VPN, but have failed miserably. SmoothWall should be our answer and we'll give it one more try.

In addition, Jeff Rush will demonstrate how to hack an internet phone appliance.

It should be alot of fun and I look forward to seeing you there.

-Greg

Security SIG

Top

TBA

DFWUUG Leadership and Volunteers

Who to Contact 

Top

Leadership and Volunteers
Office
Officer
Phone
President Kathy Hopkins 972-628-3271
Vice President Jeff Rush
Treasurer Blake Mitchell 972--539-7085
Secretary Mary Rush  
News Editor Jim Wyatt 972-516-4845
Program Committee Chair Elliott Uchiyama 214 661-7020
Linux SIG Greg Pratt  
Linux Development SIG Daniel Jackson  
SysAdmin SIG Lynn Jackson  
Publicity Blake Mitchell

until a replacement
can be found

Sponsorship Coordinator Brian Fink
Webmaster Dee Parker 972-361-3072
Member at Large Greg Pratt
Member at Large Cynthia Keohane

O'Reilly books

Top

DFWUUG Members

********************************************************************** O'Reilly User Group Program members receive 20% discount on conference prices. Register early--limited space is available. Please use the discount code *DSUG* when registering. This discount is meant for use by your current UG members only. If posting information about this conference on your website, please do not include discount information. For more details or brochures, please contact Denise Olliffe, deniseo@oreilly.com or 707-829-0515 ext 339. **********************************************************************

O'Reilly is a registered trademark of O'Reilly & Associates, Inc. All other trademarks are property of their respective owners.

Useful Links

Top

Internet security vulnerabilities

North Texas Linux User Group

Linux Support

USENIX

Online source for technology information

LinuxToday

Dallas/Ft Worth Compaq Users Group

Houston UNIX Users Group

North Texas Events

Job Leads

DFWSAGE

Computer Crime?

DFW Associations

Linux CD for $1.89

Linux Top 40

http://linux.com/



SPONSORS

Top

  • Abacus Technical Services
    Abacus Technical Services, a Woman’s Business Enterprise, is currently seeking the highest caliber UNIX professionals for contract assignments as Abacus employees. All positions are in the Dallas Metro Area. Abacus Technical Services’ mission is to provide quality staffing services, promoting the highest ethical standards while building positive relationships with clients and candidates. Contact an Abacus Technical Services’ recruiter for information about outstanding UNIX opportunities. Please call 972-644-4105 or send your resume to:abacus@abacustechnical.com. Visit Abacus on the web at www.abacustechnical.com .
  • Administaff
  • Aerotek, Inc.
  • Applied Solutions Incorporated
    Last year, Applied Solutions established themselves as a leading provider of database consulting services for business-critical systems. Their incredible success earned them a "Top 10" ranking on Entrepreneur and Dun & Bradstreet's list of fastest growing new businesses.
    Applied Solutions accomplished this by focusing senior I.T. professionals on providing Reliable Database Platforms, FAST! And, by sharing their knowledge with the business community. To this end, Applied Solutions is offering businesses free access to their "Top Gun" consultants via the web. To ask them a question about your database systems, disaster readyness and Sun Microsystems products, view http://www.QuizASI.com or call 800-521-7680.
    Applied Solutions is an Oracle Certified Partner and a Sun Microsystems Enterprise Elite authorized reseller.
    Argus Connection, Inc.
    UNIX Placement 817-329-8053 or 8058 Join our Pack!!
  • August Associates
  • BrightStar Information Technology Group
  • Bravo Technical Resources 
    Texas-based Bravo Technical Resources, Inc. is a rapidly growing provider of technical employment solutions.  Bravo’s offices in Houston, Dallas, Austin and Fort Worth specialize in providing technical staff augmentation services primarily within the client/server and internet fields.
    Quality, rather than quantity, drives the Bravo business philosophy. Submitting and hiring only the most qualified candidates is accomplished through intensive screening and interview processes.  This commitment to integrity has helped to distinguish Bravo from its competitors and drive its rapid growth.
    Bravo provides full-time and contract technical staffing solutions.  
    For information about these recent developments, visit the Bravo web site at  www.bravotech.com.

  • Buchanan Associates
    Buchanan Associates is an employee-owned, privately held technology services corporation. Headquartered in Irving, Texas since 1988, Buchanan Associates focuses on E-Business, End-User and Network Services for Fortune 1000 Companies. We provide the best of both worlds for our associates: the benefits and security of being a full-time staff employee with the variety and challenges of a consultant. Find out more about Buchanan Associates at www.buchanan.com. or contact us at 1-888-730-2774.
  • Bynari Inc.
  • Capital One
  • CoComp, Inc.
  • Comms People
  • Compaq
  • Computer Horizons Corporation
  • D-Tech Corporation
  • Dallas Technology Group
  • DalMac Companies
  • Datasys Computer Corp.
  • Decision Consultants, Inc.
    For information, please contact Susan Johnson at 972-386-8777.
  • Dynamic Database Resources, Inc.
  • Fidelity Investments
    Job Page
  • Frito-Lay, Inc.
  • GTE
  • HCL Technologies
  • Healthcare.com Corporation
  • Hex.Net Superhighway
    Since 1995 Hex.Net has been providing business-class Internet service to the DFW metroplex. Hex.Net specializes in assisting Linux users and is proud to host many  client's Linux webservers.
  • Hewlett Packard
    Hewlett-Packard is proud to sponsor DFWUUG!
    HP's Richardson R&D lab offers the opportunity to do development on  the HP-UX kernel. We have positions for HP-UX operating system development, test development, test technicians, and simulator development. See http://www.jobs.hp.com for HP job listings, and contact resumes@rsn.hp.com or call Dean Sablotny at phone 972-497-4894 / fax 972-497-4626 for more information.
  • IMI Systems
  • Impact Innovations Group 
  • Information Systems Consulting Corp.
  • Interface Teknologies
  • Invincible Technologies Corp.
  • JCPenney
    From our sophisticated on-line order entry and point-of-sale capabilities to our auto replenishment of merchandise to one of the largest private telecommunications networks anywhere, it's a world of change when it comes to technology. At JCPenney you'll work in an environment that encourages individuality and new ideas, fostering growth, advancement and personal development.
  • For career opportunities with JCPenney, please contact Alicia Boyd at JCPenney Co., P.O. Box 10001, Dallas, TX 75301-8115; FAX to (972) 431-2320; or EMAIL to: amboyd@jcpenney.com For more information on JCPenney, visit http://www.jcpenney.com
  • Linux-Class.com
  • Maxim Group
    Jobs Page
  • Metamor ITS
    An International, IT Consulting firm with offices across the nation employing approximately 4,000 Consultants. We have the large client base and flexibility to offer the project you need to move your career forward. For a job that offers excellent benefits, competitive pay and great training, contact Lisa Statzer at 972-455-3403 or 800-527-4907 ext. 3403.
    4000 McEwen Road South, Suite 200
    Dallas, TX 75244
  • Neiman Marcus
    Neiman Marcus is currently accepting resumes for UNIX System Administrators with 3+ years of experience inclusive of shell scripting knowledge. Fax resumes attention: Lisa Blunt 972-401-6690.
  • Network Appliance 
  • Raytheon Systems Company
    Raytheon Systems Company (RSC) is a global leader in defense electronics and complex integrated information systems. Applying technology to project realities, we deliver electronics solutions. In defense missions, we give our fighting men and women the tools they need to succeed. In federal and commercial projects, we help our customers use technology to address complex issues like air traffic control and environmental management.
    Job Page
  • Renaissance Worldwide Inc.
  • Rose Technologies, Inc.
  • Salomon Smith Barney Inc. 
    Tax Free Educational Savings for a granchild, a child or yourself! Haven't heard of the 529 plan? Ask here (link to my elliott.h.uchiyama@rssmb.com site).
    Call Elliott Uchiyama 214 661-7020 for more details.
  • SCB Computer Tech
  • Sirius Computer Solutions 
    Sirius Computer Solutions (http://www.siriuscom.com) is a Business Partner of IBM, Sun, HP, and Tivoli and has become an unparalleled leader in technology by providing UNIX products and services to customers across the United States. With certified specialists on all UNIX platforms, Sirius can deliver leading-edge solutions to solve technical and business challenges, including systems management, networking, storage management and security.
  • Specialized Systems Technology, Inc.
  • Sprint Paranet
  • Stonebridge Technologies
    Stonebridge Technologies, Inc., with headquarters in Dallas, Texas, is a regional systems integrator focused on providing its clients with solutions to their business problems based upon open systems technologies. Stonebridge has developed strategic relationships with the industry's leading open systems manufacturers and currently has a staff of over 160 associates trained and experienced on open systems client/server technologies, products and services.
    Job Page
  • Tandy Corporation
  • TEKsystems 
  • Veritas Software
    As the leading provider of enterprise-class application storage management software, VERITAS® Software ensures the continuous availability of business-critical information by delivering integrated, cross-platform storage management software solutions
  • Our Web Service Provider: Texas Metronet

    And a special thanks to SGI for providing facilities and extra staff to host our meetings. We are truly grateful!

UNIX

Top

UNIX shell differences and how to change your shell

Java

Top

Want to write a program for your PALM.
check out KJAVA and KVM

Perl

Top

PERL -- Practical Extraction and Report Language

Notes of interest

Top

DFWUUG Members,

BOOK EXCHANGE

The question is, or how do you recycle those technical books and journals you never read anymore? The answer is, bring them to the next DFWUUG meeting and put them on display so members can browse through them and take home whatever is of interest. There is no monetary reward but you may find something you want and your stuff may get recycled through another great mind. Due to storage limitations, please be prepared to take you leftover stuff home with you afterward. Otherwise it will be sent to the trash. Think of it as a form of spring house cleaning.
John J Dyer
Home: 972-790-3311
jdyer@gte.net
Work: 214-951-2220
john.dyer@exxonmobil.com

There is a new mail list for the DFW Unix Users Group:
  • The discuss mail list is for DFWUUG members to air technical questions and comments. This list is only for DFWUUG members. Please keep flames to a minimum.

    To jump start this list, all DFWUUG members have been subscribed. If you do not want to be on the list, please send a message to discuss-request@dfwuug.org. The body of the e-mail should consist of two words on one line: unsubscribe discuss. No subject is needed for the message.

    To promote the DFWUUG jobs mail list, we have subscribed all DFWUUG members to it. This mail list is for recruiters, whether agency or direct, to post available positions to DFWUUG members. Any one can post to this mail list, but only DFWUUG members can subscribe to it. Members looking for work may post their availability to this list. As usual for all DFWUUG mail lists, unsubscribing is easy. Just mail a message to jobs-request@dfwuug.org, with the body consisting of a two-word line: unsubscribe jobs.
 


How to subscribe/unsubscribe to DFWUUG mail lists.

Send an e-mail to "<mail list>-request@dfwuug.org", where the name in angle brackets is the name of the mail list being subscribed or unsubscribed.  For example, to subscribe to the jobs mail list, an e-mail would be sent to "jobs-request@dfwuug.org".  The double quotes are delimiters and should not be included in the address. The body of the e-mail should consist of two words on one line: subscribe <mail list>.  For example, to unsubscribe to the jobs mail list, the body of the e-mail would contain the following line: unsubscribe jobs.

A confirmation message is sent to subscribers.

Currently, the following mail lists are open to all members of DFWUUG

newsl the monthly newsletter. Members are subscribed
discuss *nix technical Q & A and comments. Members may subscribe and post.
jobs

job leads, positions. Members may subscribe, anyone may post.

leaders DFWUUG operations. Members may subscribe, anyone may post.
equip equipment committee. Members may subscribe and post.
linux Linux SIG. Members may subscribe and post.
sysadmin Sysadmin SIG. Members may subscribe and post.
notify DFWUUG general announcements, for non-members. Anyone may subscribe

The jobs mail list is for announcements of available positions and people available/looking for work.  Any DFWUUG member or sponsor can Subscribe and post messages to this mail list.

The leaders mail list is where the Board members handle the operations of DFWUUG.  Anyone can post a message to this mail list, and any DFWUUG member can subscribe to it.

In order to post a message to any mail list, you must first be subscribed to it.  Receipt of a confirmation message is the signal that you are subscribed, and that you can now post a message to that mail list.

Other mail lists.

The notify mail list is used for general announcements from DFWUUG.  It is open to any non dues-paying member.  Anyone who registers at a DFWUUG event is put on the notify list.  Dues-paying members are put on the newsletter (newsl) mailing list and receive all the mailings sent to the notify list members, as well as the newsletter.

The newsl mail list is for members who wish to receive the DFWUUG newsletter by e-mail.  Only dues-paying members and sponsors can be on this mail list, and subscription is handled by DFWUUG officials.

Privacy concerns. 

Subscribers to DFWUUG mail lists are assured of privacy. The e-mail addresses are not given or sold to anyone. They are available only to DFWUUG mail list administrators performing mail list administratration. E-mail from a DFWUUG mail list does not contain anyone else's e-mail address, except perhaps the e-mail's author.  

Spam.

Spam is not condoned or permitted on DFWUUG mail lists. Spammers are removed from all DFWUUG mail lists, and cannot resubscribe. Whether a particular e-mail is spam is defined by DFWUUG mail list administrators.