Now that I am getting some steady traffic on the site I have decided to work on making it more user friendly.

Here is a list of items that I will be changing over the weekend.

Category Changes

1. I will be chaning the categories around to make the site easier to navagate.
2. Posts will be different from day to day instead of a flood of information I will structure the posts based on the new categories.

Theme Changes

1. I am looking at creating my own theme or at least finding one that makes navagation easier and is easier on the eyes (some posts are lengthy and I have noticed my current colors strain my eyes a bit)

Content

1. As I said above I will be targeting posts based on the catagories.
2. I will be making some edits of past posts that are poorly written.
3. Advertising may change or go away entirely. I am thinking about small more subtle adds instead of the inline ads (NOTE: ad revenue is less than $5 per month)
4. Requests are appreciated, also anyone that wants to contribute let me know and we can work something out.

I think that is enough work to keep me busy over the weekend.

Todays post I will go over commands for networking. I hope you like it.

» Continue reading “Linux Networking Commands and Tools”

This tutorial shows how you can clone Linux systems with CloneZilla SE. This is useful for copying one Linux installation to multiple computers without losing much time, e.g. in a classroom, or also for creating an image-based backup of a system. I will install CloneZilla SE on a Debian Etch server in this tutorial. The systems that you want to clone can use whatever Linux distribution you prefer.

I do not issue any guarantee that this will work for you!

Cloning Linux Systems With CloneZilla Server Edition (CloneZilla SE) | HowtoForge - Linux Howtos and Tutorials

What is AppArmor?

AppArmor is the most effective and easy-to-use Linux application security system available on the market today. AppArmor is a security framework that proactively protects the operating system and applications from external or internal threats, even zero-day attacks, by enforcing good program behavior and preventing even unknown software flaws from being exploited. AppArmor security profiles completely define what system resources individual programs can access, and with what privileges. A number of default policies are included with AppArmor, and using a combination of advanced static analysis and learning-based tools, AppArmor policies for even very complex applications can be deployed successfully in a matter of hours.

Why do I need AppArmor?

Software flaws in complex applications provide attackers with an avenue to compromise systems that host critical data in the enterprise. Firewalls and other forms of perimeter security only solve part of the problem because businesses are having to open their network to access by customers, partners and mobile employees. So, the perimeter essentially shrinks down to the machine that hosts the critical data. IT organizations struggle to keep these machines patched to protect against the latest exploits, but this reactive security strategy still leaves businesses exposed.

With experience, hackers are becoming faster at exploiting a vulnerability and sometimes a hacker may be the first to discover the vulnerability. A zero-day exploit is one that takes advantage of a security vulnerability on the same day that the vulnerability becomes generally known leaving businesses little or no time to fetch, QA and apply patches to their systems. AppArmor provides a way to lock down those systems so that software flaws, whether they are known or unknown, can’t be exploited to compromise the system. And, AppArmor solves the problem of zero-day exploits by providing a proactive security model that enforces good application behavior regardless of the latest attack.

How does AppArmor work?

Most operating systems have a built-in security mechanism known as access control. Linux employs Discretionary Access Control (DAC) which means that a program runs with the permissions of the user executing it. Since we have seen that attackers often exploit flaws in programs that allow them to compromise systems, giving a program all the privileges of the user running the program is highly risky.

AppArmor supplements the discretionary access control mechanism of Linux with Mandatory Access Control (MAC). Under mandatory access control, each program runs with a very strict set of permissions that are specified by the system, not the user. AppArmor enforces the idea of least privilege for programs, that is, granting programs only the privileges they need to do their job and nothing else.

Check out Apparmor FAQ - Developer Community for the full FAQ

Looks like this is starting to be my theme this week. Below you will find all of the goodies provided by Linux when it comes to user and group management.

» Continue reading “Linux User and Group Management Commands”

A few months ago i started doing some QA with SF-HA on SLES 10 SP2 64. Now being the security minded person that I am I disable allot of services in my default build. Most importantly to this article I disable xinetd (actually I think novell disables this by default)

Here is the kicker: the vxpal. services all require xinetd for some unknown reason

### BEGIN INIT INFO
# Provides:       vxpal.StorageAgent
# Required-Start: vxpbx_exchanged xinetd
# Required-Stop:
# Default-Start:  3 5
# Default-Stop:
# Description:    Veritas Datacenter Storage Agent
### END INIT INFO

Now I have not been able to get any good reason for this from Symantec however they have assured me that in the next pathc it will be fixed. this was the same as the 4.x versions runnig on SLES. You installed it and it was broken, you applied some patches and then it worked.

I really hope Symantec can get a handle on all of this some day. In the meantime just remember that after the installation is completed choose to NOT start the services. Instead edit the init scripts that have xinetd required and remove it. Reboot and you are all set.

This is a great little video that demonstrates the powers of screen.

Thanks Linux Journal

Continue over to Shadows of epiphany » Blog Archive » Shared Terminal Sessions over SSH for the rest of the howto.

Time to take control of processes and jobs on that linux server.
Take a look at today’s cheat sheet that is all about jobs and process manipulation.

» Continue reading “Linux Job and Process Commands”