Linux Solutions

Linux is more than a hip buzzword in computing. It is more than the latest fad. It was modelled on the Unix operating system first developed by Dennis Ritchie and Ken Thompson at AT&T. Unix was developed to run the largest network in world, the AT&T telephone system, and it did. The Unix operating system was designed to be scalable, reliable, modular, secure and portable with network extensibility.

The development of Unix eventually led to the POSIX standard which defines much of the Linux architecture. Unlike many single user desktop console based operating systems, Linux is a multi-user, multi-tasking, network enabled operating system accessible from anywhere on the network. Multiple users can access a Linux computer remotely, each running their own individual desktop instance, all at the same time. The Linux/Unix X-Windows network enabled multi-user windowing system allows full remote access. This is a sharp contrast to a single user console based OS which requires the user to be physically present at the computer in order to access his desktop and applications, limiting access to one user at a time. The Linux/Unix OS was designed to support remote and secure multi-user access using ssh. This gives all Linux/Unix administrators and users a powerful flexible standard remote interface while the automobile is often the primary remote access tool of other OS administrators (i.e. Windows 98 and NT).

The use of Linux/Unix pipes, tees and redirection allow a modular approach to the design of Linux/Unix tools. They allow the capability of any tool to be extended, chaining input and output with other tools. In operating systems like DEC/VMS, paging and formatting capabilities were built into a tool, instead of leveraging the capabilities of standard Linux/Unix tool components like “more”, “sort”, “less” and “awk”.
Linux/Unix shell scripts provide a batch scripting capability which can be scheduled, propagated to other systems or used to create new commands. GUI only interfaces may require physical point and clicks on each system to perform a task. While some debate GUI vs commands and scripts, Linux/Unix embraces both.

The system startup and shutdown is controlled by the system initialization configuration file /etc/inittab and the init scripts in /etc/rc.d/init.d/… The system startup and shutdown procedures are configurable and extensible. One may control which services are started upon system boot and which are terminated on system shutdown, as well as the sequence dependencies. This allows for the orderly shutdown of databases and other sensitive programs which should be shutdown by the application itself, rather than killed while processing, which could lead to data corruption or loss. The system can be booted to various “init” states allowing the system to operate in various configurations to support maintenance and system debugging. On many competing operating systems, the shutdown procedure is not extensible or modifiable.

Linux avoids the MS/Windows “DLL HELL”, which causes Windows or its applications to fail when a newer or incompatible run-time dynamic linked library (DLL) is installed. (See Microsoft DLL database used to help avoid conflicts.) Linux employs version numbers in its run-time shared object libraries, which can therefore coexist on the system with different versions of the same libraries. The Linux RPM package management system also helps resolve dependencies and conflicts with files and libraries.
Network settings and many other MS/Windows parameters require a reboot to take effect. This is also true when MS/Windows registry settings are modified. Linux is modular enough to allow the particular service (i.e. networking) to be cycled without shutting down the entire computer. Linux also has many kernel parameters which can be set through the “/proc/” interface to allow dynamic changes to a running kernel. This greatly increases Linux system uptime and eliminates the time wasted performing system reboots.

The file system directory structure is completely configurable and not limited to drive letters such as A, C or D as a top level mount point. Thus MS/Windows has a limit of 23 mount points. (22 + Floppy: A, B & System: C & DVD/CD: D.) Note: MS/Windows Server 2003 Server and Datacenter Edition can use volume mount points to get around this limitation. Linux file system mount points can be created at anywhere in the directory hierarchy. Multi-user versions of MS/Windows such as the server edition will allow a single user to map a network file system to a letter which is a local mount point. The MS/Windows OS will not allow a second user to map the same letter. Thus if an application is configured to read data from this mount point, the application is immediately limited to operation by a single user. The Linux/Unix file system is network enabled (using NFS) to extend it’s reach. Both directly attached storage and networked file systems are mountable at any point in the file system directory hierarchy and can be simultaneously used by all users on the system.

The kernel is at the heart of the Linux/Unix operating system. It is responsible for enabling multi-tasking, multi-user, multi-threading, multi-processing, security, interfacing with hardware and the network. It is this kernel which Linus Torvalds developed, based on the Posix/Unix design, which gives Linux its name. Shells, user applications and everything else interfaces with this kernel. Linux kernel development is currently supported by OSDL.org, a consortium of telecommunications and computer software and hardware companies. The source code is published under the GNU General Public License (GPL). This license for Open Source software has led to the rapid development, debugging, deployment and acceptance by allowing and defining terms under which people can copy, modify and share the source code.

Hardware vendors such as IBM, Hewlett Packard and SGI have bet their future on Linux. Oracle has made it their development platform and thus the platform of first release. Deployment of corporate enterprise software such as SAP and Oracle on Linux as a primary platform have ensured that Linux is a cornerstone of the corporate computing infrastructure. The open source license has rid Linux of any suspicion of monopoly extension or restrictive and expensive licensing structures. It is also the nature of the Linux open source kernel software to be more bug free and secure than its competitors, as it is reviewed by developers everywhere rather than by a limited group of security analysts. Linux has been deployed commercially on a vast array of hardware from PDA’s (Sharp Zaurus) to laptops, wokstations, servers, mainframes (IBM S/390) and supercomputers (SGI Altix, Beowulf clusters) and is making its way into more devices each day (routers, satellites, automobiles, …).

Future and advanced development is ensured as the source code is available to all. It is studied in universities and institutions worldwide. PhD candidates and corporate researchers use Linux to try advanced computing concepts. The improvements when made available, must compete with other advanced concepts, and those which withstand the rigors of first users, and scrutiny of the development community, are approved and included into the Linux kernel. Once adopted as part of Linux, they then must also continue to survive challengers. This will help ensure that Linux is always the best it can be. Developers who submit source code know that it will face scrutiny from a worldwide pool of developers and reviewers, which motivates them to put forth well-written code.
Linux is here to stay; it is getting stronger day by day, and that is good from a technical, financial and economic point of view.

1. It Doesn’t Crash
Linux has been time-proven to be a reliable operating system. Although the desktop is not a new place for Linux, most Linux-based systems have been used as servers and embedded systems. High-visibility Web sites such as Google use Linux-based systems, but you also can find Linux inside the TiVo set-top box in many livingrooms.
Linux has proved to be so reliable and secure that it is commonly found in dedicated firewall and router systems used by high-profile companies to secure their networks. For more than ten years, it has not been uncommon for Linux systems to run for months or years without needing a single reboot.

2. Viruses Are Few and Far Between
Although it is possible to create a virus to target Linux systems, the design of the system itself makes it very difficult to become infected. A single user could cause local damage to his or her files by running a virus on his or her system; however, this would be an isolated instance rather than something could spread out of control.
In addition, virtually all Linux vendors offer free on-line security updates. The general philosophy of the Linux community has been to address possible security issues before they become a problem rather than hoping the susceptibility will go unnoticed.

3. Virtually Hardware-Independent
Linux was designed and written to be easily portable to different hardware. For the desktop user, this means that Linux has been and likely always will be the first operating system to take advantage of advances in hardware technology such as AMD’s 64-bit processor chips.

4. Freedom of Choice
Linux offers freedom of choice as far as which manufacturer you purchase the software from as well as which application programs you wish to use. Being able to pick the manufacturer means you have a real choice as far as type of support you receive. Being open-source software, new manufacturers can enter the market to address customer needs.
Choice of application programs means that you can select the tools that best address your needs. For example, three popular word processors are available. All three are free and interoperate with Microsoft Word, but each offers unique advantages and disadvantages. The same is true of Web browsers.

5. Standards
Linux itself and many common applications follow open standards. This means an update on one system will not make other systems obsolete.

6. Applications, Applications, Applications
Each Linux distribution comes with hundreds and possibly thousands of application programs included. This alone can save you thousands of dollars for each desktop system you configure. Although this is a very small subset, consider that the OpenOffice.org office suite is included as well as the GIMP, a program similar to (and many people say more capable than Adobe Photoshop); Scribus, a document layout program similar to Quark Xpress; Evolution, an e-mail system equivalent to Microsoft’s Outlook Express; and hundreds more.
For the more technically inclined, development tools, such as compilers for the C, C++, Ada, Fortran, Pascal and other languages, are included as well as Perl, PHP and Python interpreters. Editors and versioning tools also are included in this category.
Whether you are looking for Instant Messaging clients, backup tools or Web site development packages, they likely are all included within your base Linux distribution.

7. Interoperability
More and more computers are being connected to networks. No system would be complete if it did not include tools to allow it to interoperate with computers running other operating systems. Once again, Linux is very strong in this area.
Linux includes Samba, software that allows Linux to act as a client on a Microsoft Windows-based network. In fact, Samba includes server facilities such that you could run a Linux system as the server for a group of Linux and Windows-based client systems.
In addition, Linux includes software to network with Apple networks and Novell’s Netware. NFS, the networking technology developed on UNIX systems also is included.

8. It’s a Community Relationship, Not a Customer Relationship
Other operating systems are the products of single vendors. Linux, on the other hand, is openly developed, and this technology is shared among vendors. This means you become part of a community rather than a customer of a single manufacturer. Also, the supplier community easily can adjust to the needs of various user communities rather than spouting a “one size fits all” philosophy.
This means you can select a Linux vendor that appears to best address your needs and feel confident that you could switch vendors at a later time without losing your investment–both in terms of costs and learning.

9. It’s Not How Big Your Processor Is…
Because of a combination of the internal design of Linux and development contributions from a diverse community, Linux tends to be more frugal in the use of computer resources. This may manifest itself in a single desktop system running faster with Linux than with another operating system, but the advantages go far beyond that. It is possible, for example, to configure a single Linux system to act as a terminal server and then use outdated hardware as what are called thin clients.
This server/thin client configuration makes it possible for older, less powerful hardware to share the resources of a single powerful system thus extending the life of older machines.

10. Linux Is Configurable
Linux is a true multi-user operating system. Each user can have his or her own individual configuration all on one computer. This includes the look of the desktop, what icons are displayed, what programs are started automatically when the user logs in and even what language the desktop is in.

The Best Linux Security Tools
You can never be too safe these days. Viruses, spyware, rootkits, remote exploits, you just never know what security issue is going to be your downfall. That’s why it is important as a Linux administrator to have an understanding of some of the best Linux security tools available to you. In this article, you will learn about ten of the best Linux security tools, and resources on how to use them to your advantage.
• Nmap Security Scanner
Nmap, which stands for “Network Mapper” is a free open source utility that allows you to explore and audit a network. From the website: “Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.”

• Nessus Vulnerability Scanner
Nessus is a vulnerability scanner that probes your network machines against an up-to-date security vulnerability database, alerting you of security holes, with detailed analysis on how to fix each hole. From the Nessus website: “Nessus is the world’s most popular vulnerability scanner used in over 75,000 organisations world-wide. Many of the world’s largest organisations are realising significant cost savings by using Nessus to audit business-critical enterprise devices and applications.”

• Clam AntiVirus
ClamAV is a GPL anti virus toolkit. The main purpose of ClamAV is the integration with mail servers, but can also be used to scan files for viruses on the command line. It provides a flexible and scalable multi-threaded daemon, a command line scanner and a virus database that is kept up to date. The most popular use of ClamAV is on a mail server, tied in with a anti-spam application like Spasm Assasin.

• Snort
Snort is one of the greatest weapons you can have in the fight against intrusions. Snort is mainly used in three different ways: as a packet sniffer, a packet logger, or as a complete intrusion detection system (IDS). From the website: “Snort is an open source network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.”

• Chkrootkit
Chkrootkit is a tool designed to locally check for signs of a root kit on your Linux machine. “Root kits” are basically files that can hide on your machine after a break in that allow the attacker to gain access to your computer in the future.

• Tripwire
Tripwire is a security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems. Basically, tripwire has the ability to alert you when files have been modified on your system.

• Rootkit Hunter
Rootkit Hunter is a great tool for analysing and monitoring the security of your systems. Like Chkrootkit, this tool also checks for rootkits that may be hiding on your machine, as well as other tools on your system that may be potentially dangerous.

• Kismet
From the website: “Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.” If you have a wireless network, or travel with a laptop, this security tool is a must have.

• Shorewall
Shorewall is a very powerful and flexible firewall that utilises iptables and Netfilter. Very flexible configuration allows the firewall to be used in a wide variety of firewall/gateway/router and VPN environments.

• Ethereal (Now called Wireshark)
Wireshark is a very popular network protocol anyaliser that has a variety of security features including a packet browser, live capture and offline analysis and more. Basically, Wireshark captures packets going across the network and displays them to you with as much detail possible. From the users guide: “You could think of a network packet analyser as a measuring device used to examine what’s going on inside a network cable, just like a voltmeter is used by an electrician to examine what’s going on inside an electric cable (but at a higher level, of course).”
After gaining knowledge and awareness about ten Linux security tools, it is your choice to install them and put them to use in your network environment. I am sure that all the information on Linux security tools will prove useful for you.

The top five things people need to remember when looking for in a Linux distribution. The many distributions of Linux to juggle through when going to a place like Distrowatch.com can be very confusing to a new person coming from the world of Windows or OS X. So here is top five list about things to look at when choosing a Linux distribution.

1. The number one thing to remember is that most distributions of Linux now use LiveCDs that can be downloaded and burned to CD or DVD. Place the disc into your computer and boot into a full Linux operating system. This is a great way to test out the distribution of your choice on your real hardware to see what will work and what will not.
2. How good is the hardware detection of the distribution you are using? Each distribution will detect something that other ones won’t or will and vice versa. Which leads me into my very first point
3. Does the particular distribution you are thinking about trying fit your needs? A lot of the distributions within Linux are meant for specific tasks. For example a distribution like Ubuntu is meant for ease of use to a new user, whereas something like Backtrack 2 is meant for security penetration. So find the distribution that will fit best as to what you will be using it for.
4. How much time are you willing to spend, and do you prefer a GUI or do you prefer the command line? One major thing to remember in Linux is there are two ways of doing things and getting around. There is the command line and then there is the GUI — in the end it boils down to choice of wanting to learn menus or wanting to learn commands. Now to give an example, getting the right resolution sometimes requires opening up xorg and manually editing the file, however, if you’re setting up Nvidia graphics, there’s a settings manager GUI. How would you configure that file? Change it through manually editing or changing it by clicking? However, in answering that question, that’s where you should be looking for a possible distro.

5. There are, for the most part, four core distributions that most distributions are forked from. Those distributions generally tend to be Slackware, Red Hat (aka Fedora), Debian, and Gentoo. Each distribution has a difference at its core in the way files are installed. Each file format has its strengths and weaknesses. Depending on how new to Linux you are and how much you are willing to spend time learning should be part of the decision on which distribution you choose.
• Gentoo: everything is installed from source
o Strength: compiling from source gives the best performance out of your installed OS
o Weakness: can take a long time to compile a complete system — sometimes days
• Slackware: installs from tgz files
o Strength: one of the most stable and secure Linux distributions
o Weakness: can be very intimidating to a new user
• Debian: installs from .Deb file
o Strength: apt-get for installing programs
o Weakness: depending on the distro fork, the community within Debian can be very vocal
and not always in a good way, which can drive away new users
• Fedora (or Red Hat): installed from RPM
o Strength: as the testing ground for RHEL, there are many cutting edge things within
o Weakness: some would say that RPM is the major weakness (however, there have been
major improvements)