codeblog code is freedom — patching my itch

February 23, 2008

Ubuntu Server administration

Filed under: Blogging,Ubuntu — kees @ 6:24 pm

Apress was kind enough to send me a copy of their new book “Beginning Ubuntu Server Administration: From Novice to Professional” by Sander van Vugt. Overall, I was very impressed with this book — it was well written, filled with applicable examples, covered a wide range of topics, and provided background for people new to Ubuntu or Linux in general. The book was written to Ubuntu 7.04, so there are a few places where 8.04 will make for an improved experience without having been changed too drastically. All through the book I was pleased to see various slightly advanced topics covered well enough to get a reader started down the right path without getting them lost in the details. I think this was especially true in the command line and scripting sections which were great for someone unfamiliar with what can be a daunting experience.

In disk management, a lot of time was spent discussing LVM, which I’m very fond of myself. (Even LVM snapshots were covered!) I have a hard time imagining running any computer without LVM, so it was great to see it get a solid chunk of attention. The only thing I felt was missing from disk management was a discussion of RAID (md). For server environments, I think this is a critical topic. Providing redundancy against drive failure is, I think, even more important than demonstrating how to easily manage partition layouts with LVM.

In filesystem management, basic ACLs were covered as well as quota management. I think quota management is an often neglected part of administration, so I was glad to see this covered. In network management, basic iptables were outlined with good examples. (Hardy’s “ufw” will help make this section even simpler in future revisions of the book.) IPv6 was touched on, though I would have liked to see slightly more details.

Under service management I enjoyed the introduction to PKI, which is critical to understanding the basics of SSH and other services using SSL. The examples for DNS, DHCP, NFS, and Samba were all very well done. I think they make handy references for how to get a network or file-sharing server up and running in short order.

As another Hardy feature to call out, the addition of “virt-manager” will make the Virtualization section on KVM much nicer to deal with.

I took some notes for ideas and corrections that may be a benefit to other readers of this book:

  • I personally like suffixing VG and LV names with “vg” and “lv” just to be able to quickly distinguish them when looking at device names.
  • Administrators watching long-running “tail -f” output would benefit from using “tail -F” for when log files are rotated.
  • In the section on “Finding Files” I was expecting to see mention of “locate”.
  • When viewing compressed files: “zless” instead of “zcat FILE.gz | less”.
  • When discussing Job Control, I would have liked to see a mention of “screen” for managing long-running processes (kernel compiles, “top”, etc). Not enough people know about “screen”. :)
  • While the book was written to Feisty, it would be nice to have a short section in future versions on how to generate and use AppArmor profiles for the various running network services.
  • Instead of the manual symlink management for Apache modules and sites, administrators can use the “a2{dis,en}{site,mod}” tools.
  • Typos I saw: tailing “sudo” in mysql db creation example, “_netdec” should be “_netdev” in NFS fstab example.

As I mentioned at the start — I think this is a great book for someone either new to Ubuntu server management or looking for simple service configuration references in a single place. Thanks again to Apress for sending me a copy; I tried not to be too biased. :)

© 2008, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 License.
CC BY-SA 4.0

February 20, 2008

OSS Security – OSU CS419 2008

Filed under: Security,Ubuntu — kees @ 5:36 pm

Today I gave my presentation on Open Source Security to the Open Source class at Oregon State University. Along with the presentation is a collection of examples of bad (and good) programs ranging from XSS, CSRF, temp races, system() and SSL misuse, stack and heap memory corruption, format strings, and all sorts of other things I could think of. I gave this presentation in 2007 and was again honored to be asked back in 2008. I think more schools need to be teaching dedicated Open Source classes, and I’m pleased to help out. I’m hoping people will take away a few good ideas that will contribute to them producing safe code.

© 2008, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 License.
CC BY-SA 4.0

February 16, 2008

firefox trick and recovery help

Filed under: Ubuntu,Web — kees @ 10:05 am

To provide myself with slightly more safety through separation, I run two firefox profiles simultaneously. One is the “general” browser for day-to-day viewing of random (and unauthenticated) sites, and the other is the “authenticated” browser, which contains the cookies for known sites I authenticate against. The trick for this is having a launcher that runs firefox without attempting to request a new window from the currently running profile:

bash -c "MOZ_NO_REMOTE=1 firefox -ProfileManager"

And in a recent bug-hunting session, I had a firefox profile that just kind of didn’t load javascript correctly any more (“change_feedback_state is not defined” on facebook). I have no idea what was causing the issue (something not extensions — it didn’t go away in “-safe-mode“), and so I just reconstructed the profile one bit at a time, eventually leaving all of prefs.js out. I used the migration checklist I found at mozillazine.

© 2008, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 License.
CC BY-SA 4.0

Powered by WordPress