Re: [SLUG] Announcement roundup from October meeting
On Sat, 2009-10-31 at 16:47 +1100, James Polley wrote: Just to summarise the things people announced at the start of our October meeting: - Ubuntu Killer^WKarmic Koala was released yesterday. If you have a Jaunty Jackalope machine you should be prompted for an upgrade - otherwise you can download it from the usual places (http://www.ubuntu.com/getubuntu/download will help you find the usual places, if you don't know where they are already) A small note: if you have Hardy, the ISO won't help, you should upgrade via update-manager -c -d (or wait 6 more months for Lucid which will be a LTS release). -Rob signature.asc Description: This is a digitally signed message part -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Penetration Test
Would any member be interested in conducting a penetration test of a server I administer? If so, please contact me off list and I will explain the circumstances. Thanks, Rick Phillips -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Re: Advice Request for moving a Ubuntu installation to a larger disk and 4Gb RAM
I find it useful putting /home on a separate partition. Then if you totally hose your o/s, you can just reinstall and keep all your existing data and app preferences (though of course you'll need to reinstall any additional apps). FWIW, I mount the other partition at /var/local, where I have home directories (under /var/local/home) and the other data I'd rather not lose on reinstall: apt cache (/var/local/cache/apt), databases (/var/local/lib/postgresql), etc., and I put bind mounts in /etc/fstab for /home, /var/cache/apt, etc. Thanks, Nicholas -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Penetration Test
Rick Phillips r...@greyheads.net writes: Would any member be interested in conducting a penetration test of a server I administer? If so, please contact me off list and I will explain the circumstances. If it were possible, even in the most general of terms, I would be very curious to know what you hope to achieve through a penetration test. As far as I can see a penetration test gives you one piece of information: Were the attackers in question capable of breaking in to your network? What I can't see is how this then turns into anything useful: it might let you fix the issues they did discover, but nothing more — especially not, are you actually secure. OTOH, you may see some value that I have missed, so I am very curious to know what that is, if it is possible for you to share the information. Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons Looking for work? Love Perl? In Melbourne, Australia? We are hiring. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
LTS worth anything? (was: Re: [SLUG] Announcement roundup from October meeting)
2009/10/31 Robert Collins robe...@robertcollins.net A small note: if you have Hardy, the ISO won't help, you should upgrade via update-manager -c -d (or wait 6 more months for Lucid which will be a LTS release). Speaking of Ubuntu LTS - does anyone see real value in sticking to it? I tried to stick to Hardy because it's LTS but a bug which, well, bugged me (something with X keymaps and auto-login) was fixed in the next, none-LTS release and Ubuntu basically said it's fixed in the next release and it's too much of a hassle to back-port, so LTS won't have this bug fixed and you can upgrade to none-LTS if you like. So I upgraded and so far learned that LTS doesn't mean anything. Google'ing about LTS back then seemed to hint that many others got the same conclusion as me. Do others have better experience with LTS over none-LTS? Anything that made them wish/thankful that they have LTS on their desktop? The goal of trying to stick with LTS was to get a stable system - one where Skype will work with my webcam, mic and speaker, Firefox won't blow up on me and play Flash. I'm now with 9.04 which took a while to get Speaker working and mic doesn't work, I don't know whether it's a Skype problem or hardware except that the mic used to work with ALSA until PulseAudio was thrust on me. I'm not a gamer and don't have time to play with the latest and greatest, I just need to Get Things Done(tm) - monitor my work network (which is based on CentOS 5, great support and stability, BTW), browsing, e-mail (gmail, hosted exchange server (another sore point), skype (which doesn't do voice for months now), printing (which loses the printer every time it changes IP address). Cheers, --Amos PS - I love it how the Windows 7 official release was the none-news of the week :) -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: LTS worth anything? (was: Re: [SLUG] Announcement roundup from October meeting)
On Sat, 2009-10-31 at 23:25 +1100, Amos Shapira wrote: 2009/10/31 Robert Collins robe...@robertcollins.net A small note: if you have Hardy, the ISO won't help, you should upgrade via update-manager -c -d (or wait 6 more months for Lucid which will be a LTS release). Speaking of Ubuntu LTS - does anyone see real value in sticking to it? So LTS is all about stable [e.g. nothing changed that doesn't have to be changed]. It has the following: - regular point releases with kernel updates (giving new hardware support) - security fixes - backports are available if you want newer packages on a per package basis. Many many things improve in every release, but there is always the chance that something will regress - and sound and video support are particular risk points. I generally encourage users that have the resources to run latest-release always, users with particularly large deployments (those where a refresh takes years to deploy) to run LTS, and users that want to contribute to run ubuntu+1 as soon as an alpha is available. -Rob signature.asc Description: This is a digitally signed message part -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Penetration Test
Daniel um ... ok. I don't see how a security audit is any different to any other(audit). Audits should be done. Rick i hope some one can help you. However, do consider the cost of a server compromise when you are considering testing / having some one else look at the server. 2009/10/31 Daniel Pittman dan...@rimspace.net: Rick Phillips r...@greyheads.net writes: Would any member be interested in conducting a penetration test of a server I administer? If so, please contact me off list and I will explain the circumstances. If it were possible, even in the most general of terms, I would be very curious to know what you hope to achieve through a penetration test. As far as I can see a penetration test gives you one piece of information: Were the attackers in question capable of breaking in to your network? What I can't see is how this then turns into anything useful: it might let you fix the issues they did discover, but nothing more — especially not, are you actually secure. OTOH, you may see some value that I have missed, so I am very curious to know what that is, if it is possible for you to share the information. Daniel -- ✣ Daniel Pittman ✉ dan...@rimspace.net ☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons Looking for work? Love Perl? In Melbourne, Australia? We are hiring. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Penetration Test
Plus what if all the pentester does is take the system offline. If they are a good pen testing company the will do the full audit as well as the actual getting in part. Secure policies and design are the best bet usually. Treat every system like it is going to get owned, if not already and go from there. My suggestion too, to save on some of the costs and issues they find is run the system up in a virtual environment and attempt to get in yourself, this will help for later systems when costs are tight to. On Sun, Nov 1, 2009 at 12:08 AM, db db.pub.m...@gmail.com wrote: Daniel um ... ok. I don't see how a security audit is any different to any other(audit). Audits should be done. Rick i hope some one can help you. However, do consider the cost of a server compromise when you are considering testing / having some one else look at the server. 2009/10/31 Daniel Pittman dan...@rimspace.net: Rick Phillips r...@greyheads.net writes: Would any member be interested in conducting a penetration test of a server I administer? If so, please contact me off list and I will explain the circumstances. If it were possible, even in the most general of terms, I would be very curious to know what you hope to achieve through a penetration test. As far as I can see a penetration test gives you one piece of information: Were the attackers in question capable of breaking in to your network? What I can't see is how this then turns into anything useful: it might let you fix the issues they did discover, but nothing more — especially not, are you actually secure. OTOH, you may see some value that I have missed, so I am very curious to know what that is, if it is possible for you to share the information. Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons Looking for work? Love Perl? In Melbourne, Australia? We are hiring. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Penetration Test
Just of out of interest, what kind of server are you talking about ? It's a CentOS 5.4 box. Briefly, we have been running this server for 5 years principally to serve learning materials to students. Initially, the server was sanctioned by the Education Department and it has grown in usefulness and reliability and contrary to the official LMS run by the department, is very easy to use. We run Moodle which is free, they run Blackboard, which is not. The success of our Moodle is proving to be of some embarrassment to them now as other schools are pushing for a similar situation as our own and now they want our service closed down. They claim that our server is a security risk because it connects to the inside network as well as the outside network. Each connected network uses a different range of addresses which are unbridged. A firewall allowing only one way traffic protects the inside network to the server. ie. the Moodle server cannot initiate any call on the inside network - it is blocked. Only calls coming the other way can be serviced. Only the following ports are open to the world plus one secret non standard one for administration via ssh: 80/tcp open http 443/tcp open https 1723/tcp open pptp 2000/tcp open callbook Ports 1723 and 2000 are not specifically opened by myself but seem to be factory set open in the firewall device and out of my control. Only 80 and 443 point to the server which sends but does not receive mail. Using hosts allow and deny, connection is restricted to my private IP address for external admin purposes via ssh. Both passwords are complex and root logon is not allowed. I believe that we are well locked down but that does not mean that some form of code injection might not be possible. The system is religiously patched as soon as patches are available and I read the detailed logs daily. I run a rootkit detection program from time to time. The department is employing a white hat to do a penetration test at the end of this month and we thought it would be better to be fore armed. This LMS is very important to us and has significantly helped our student base lift their average results to be near the top for the state. They have guided learning available to them both at home and at school. We would hate that one mistake on my part would give the department the excuse they need to shut us down. We know there is money involved and we are looking for a trustworthy company or individual to do the job without destroying our server and who will advise us where our weaknesses, if any, lie. Perhaps I am being naive and simplistic in my approach. This is a serious matter for us and I certainly didn't appreciate last night's reply to the list. Rick -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Re: LTS worth anything?
Robert Collins wrote: On Sat, 2009-10-31 at 23:25 +1100, Amos Shapira wrote: 2009/10/31 Robert Collins robe...@robertcollins.net A small note: if you have Hardy, the ISO won't help, you should upgrade via update-manager -c -d (or wait 6 more months for Lucid which will be a LTS release). Speaking of Ubuntu LTS - does anyone see real value in sticking to it? So LTS is all about stable [e.g. nothing changed that doesn't have to be changed]. It has the following: - regular point releases with kernel updates (giving new hardware support) - security fixes - backports are available if you want newer packages on a per package basis. Many many things improve in every release, but there is always the chance that something will regress - and sound and video support are particular risk points. I generally encourage users that have the resources to run latest-release always, users with particularly large deployments (those where a refresh takes years to deploy) to run LTS, and users that want to contribute to run ubuntu+1 as soon as an alpha is available. I'm running LTS on my two servers - so graphics, sound etc are non issues. So far, so good and it's really nice to not have to worry about things breaking but still get security upgrades. I'm wondering if anyone has any thoughts about how good the transition to the next LTS will be when I'm going to want to upgrade critical servers. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Re: LTS worth anything?
On Sun, 2009-11-01 at 10:50 +1100, david wrote: I'm running LTS on my two servers - so graphics, sound etc are non issues. So far, so good and it's really nice to not have to worry about things breaking but still get security upgrades. I'm wondering if anyone has any thoughts about how good the transition to the next LTS will be when I'm going to want to upgrade critical servers. Speaking from personal experience (got given management of a Gutsy server post EOL), the transition seems to be handled okay. You're going to need to watch for any major changes in the apps but that's something you're going to need to manage with any OS. -- James Purser Collaborynth http://collaborynth.com.au Mob: +61 406 576 553 Skype: purserj1977 Twitter: http://twitter.com/purserj -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Re: LTS worth anything?
On Sun, 2009-11-01 at 10:50 +1100, david wrote: I'm running LTS on my two servers - so graphics, sound etc are non issues. So far, so good and it's really nice to not have to worry about things breaking but still get security upgrades. I'm wondering if anyone has any thoughts about how good the transition to the next LTS will be when I'm going to want to upgrade critical servers. We test release-release+1 upgrades, and LTS-LTS+1 upgrades, so no better or worse than any release I expect. Possibly better because things that catch people out (like the update-grub needs running issue with karmic sounds) in intermediate releases can be catered for and avoided in the LTS-LTS+1 upgrade path. -Rob signature.asc Description: This is a digitally signed message part -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] interesting apache vhost config
I am posting this fix in the hope it helps others. I have no idea why this happens. In my local development environment I use /etc/hosts and an apache vhost file to set up domainname.local. This situation was a long domain name where the business name begins with the letters the. I altered the /etc/hosts file. Copied a working vhost file. Altered the vhost file. I used the entry thedomainname.local. I expected to go to the root directory where I am developing. I got the default root of the dev box. apachectl -S syntax OK apachectl -t the vhost domain was in the list as it should be. I altered the logs files to a special one and it was created as required. No entries at all, ever. In desperation I altered the /etc/hosts file and the ServerName to: domainname.local. That was the only alteration. All working. I have absolutely no idea why this works. Hopefully it may help others. Regards, Ashley Maher signature.asc Description: OpenPGP digital signature -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: LTS worth anything? (was: Re: [SLUG] Announcement roundup from October meeting)
2009/10/31 Robert Collins robe...@robertcollins.net: On Sat, 2009-10-31 at 23:25 +1100, Amos Shapira wrote: Speaking of Ubuntu LTS - does anyone see real value in sticking to it? So LTS is all about stable [e.g. nothing changed that doesn't have to be changed]. It has the following: - regular point releases with kernel updates (giving new hardware support) - security fixes That's generally what I'd expect, based on my experience with Debian and CentOS, and why I tried to stick to it - I usually don't care about having latest versions (as long as the current one does the job) and I don't have too much spare time to mess with upgrades unless I absolutely must. But when a bug was fixed in a later release it was NOT back-ported to the LTS release - so what does LTS stand for? Local Transport Strategy? (http://www.clacksweb.org.uk/property/developmentplan/glossary/), Leaning Toothpick Syndrome? Low-Temperature Superconductor? (http://en.wikipedia.org/wiki/LTS) - backports are available if you want newer packages on a per package basis. Backporting, in the definitions I'm familiar with (e.g. RHEL), is to fix an OLDER version which is current in a supported release, not an upgrade to a later version of the software. Cheers, --Amos -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: LTS worth anything? (was: Re: [SLUG] Announcement roundup from October meeting)
On Sun, 2009-11-01 at 13:03 +1100, Amos Shapira wrote: That's generally what I'd expect, based on my experience with Debian and CentOS, and why I tried to stick to it - I usually don't care about having latest versions (as long as the current one does the job) and I don't have too much spare time to mess with upgrades unless I absolutely must. But when a bug was fixed in a later release it was NOT back-ported to the LTS release - so what does LTS stand for? Local Transport Strategy? (http://www.clacksweb.org.uk/property/developmentplan/glossary/), Leaning Toothpick Syndrome? Low-Temperature Superconductor? (http://en.wikipedia.org/wiki/LTS) https://wiki.ubuntu.com/LTS To get the LTS updated a 'stable release update' is needed - SRU: https://wiki.ubuntu.com/StableReleaseUpdates. When an individual fix is backported its called an SRU - see below for 'backports', which is a whole other thing. - backports are available if you want newer packages on a per package basis. Backporting, in the definitions I'm familiar with (e.g. RHEL), is to fix an OLDER version which is current in a supported release, not an upgrade to a later version of the software. In Debian/Ubuntu 'backports' (NOT BackportING) is a collection of newer packages built as much as possible against an older release. https://help.ubuntu.com/community/UbuntuBackports -Rob signature.asc Description: This is a digitally signed message part -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html