Welcome to the Network Chico
Linux information pages.
Your one stop Linux
information resource.
Linux has a rich history.
It is essential to understand Linux's history
in order to understand the philosophy behind Linux's programming.
This area of the web site hopes to cover what Linux is really
about, show you its history, why it
was formed, and a brief description of its capabilities and how
it operates. Network Chico
also offers visitors the Linux FAQ.
External links will open in a new window. For more Linux
tips and tricks view the Tips and Tricks
page of the Linux FAQ at Network Chico.
Hear Linus Torvalds
pronounce Linux. [AU format sound]
TIPS:
| Java | Tripwire
| Apache log files | netcat
| Secure BIND | Audit
passwords |
| ngrep | Sync
| AWStats | Analog
| Arrays in bash |
TIP:
INSTALLING JAVA
Java is a fairly important technology to have on any operating
system. Countless web sites make use of Java or JavaScript and
programs such as Zend Studio are Java applications that require
the Java Runtime Environment. Unfortunately most Linux distributions
do not ship with Java due to its license fee. Certain Java implementations
are free, such as GCJ, or the GNU Compiler for Java, but it isn't
Sun's Java implementation which is arguably the better of the
two. Luckily, installing Java on your Linux system is extremely
simple. Visit the Java download Web site and select the operating
system you'd like to download for (Linux, Linux AMD64, Solaris,
etc.). Once you've chosen the download file, either a self-extracting
executable or a self-extracting RPM file, you can install it.
In this case the latest version is version 5.0 Update 5 and uses
the self-extracting binary:
<code>
# mkdir -p /usr/local/java
# cd /usr/local/java
# mv /path/to/jre-1_5_0_05-linux-amd64.bin .
# chmod u+x jre-1_5_0_05-linux-amd64.bin
# ./jre-1_5_0_05-linux-amd64.bin
</code>
The installation must be done as root if you want the Java
installation to be site-wide; if you want it just for yourself,
you can extract the package in ~/bin/java or some other appropriate
location. In the above, the JRE is installed in /usr/local/java/jre1.5.0_05/.
As a quick test, run the java executable:
<code>
# cd jre1.5.0_05/bin
# ./java -version
</code>
To make Java available to all users, add it to the default
PATH settings by editing /etc/profile and adding:
<code>
PATH=$PATH:/usr/local/java/jre1.5.0_05/bin
JAVA_HOME=/usr/local/java/jre1.5.0_05
export $PATH $JAVA_HOME
</code>
Top of page
TIP:
USE TRIPWIRE FOR INTEGRITY CHECKING
Validating file system files is a crucial part of system security.
However, without the help of an integrity-checking tool such
as Tripwire, this can be a daunting task. Tripwire makes it easy.
It creates a cryptographically protected database of files and
directories that you define, which you can use to periodically
verify the state of the system to ensure no unwanted changes
have occurred.
Tripwire is easy to use, but it may be a little time-consuming
to set up. However, this additional setup time will offset the
amount of time previously required to determine if problems exist
on the system. Many Linux vendors ship Tripwire, so you may be
able to install RPM or DEB packages. Once installed, run the
twinstall.sh script to generate the local and site keys used
to protect your configuration, policy, and database files. The
default Tripwire policy file may generate a lot of missing file
errors, and it may not cover everything you want to observe.
You can use your favorite editor to change the policy to match
your system and requirements. On Mandrake Linux, the policy file
is
/etc/tripwire/twpol.txt.
If you want to modify the policy file after creating the initial
database, change the clear text copy (twpol.txt), and generate
the new protected copy by using the following:
# twadmin --create-polfile --cfgfile /etc/tripwire/tw.cfg
\
--site-keyfile /etc/tripwire/site.key /etc/tripwire/twpol.txt
After changing the policy file, initialize the database again
using the following:
# tripwire --init
Finally, create a cronjob to execute the Tripwire check daily:
# tripwire --check
For more information, check out the Tripwire web site.
http://www.tripwire.org/
Top of page
TIP:
ENHANCE APACHE LOG FILES
By default, Apache logs a fair amount of information. However,
if you plan on performing some statistical analysis on files
using tools such as Webalizer or Analog, you may wish to get
as much information as possible into your log files to enhance
your reports.
You can accomplish this by using the Combined Log Format rather
than the default Common Log Format. In your Apache configuration
files, search for the CustomLog keyword, and modify it to look
like the following:
CustomLog logs/access_log combined
Using the Combined Log Format produces the same logged information
as before, and it also logs the Referrer and User-Agent headers,
which indicate where users were before visiting your Web site
page and which browsers they used, respectively.
You can get more information from Apache by changing the LogLevel
keyword. The default LogLevel setting is warn, which logs warning
conditions to the log.
You can reduce what Apache logs by changing the LogLevel to
error (error conditions) or crit (critical conditions). You can
increase what Apache logs by setting the LogLevel to notice (normal
but significant condition) or info (informational). These two
options provide a lot more information about what Apache is doing.
The highest log level is debug (debug-level messages), which
provides quite a lot of information. Use this level only when
debugging problems with the server.
You can change the log level by searching the Apache configuration
file (usually httpd.conf) for the LogLevel keyword and changing
it. For example:
LogLevel error
Top of page
TIP:
LEARN THE MANY USES OF NETCAT
Often referred to as the "Swiss Army Knife of networking,"
netcat is a tool that administrators can use to read and write
TCP or UDP data across the network. In addition, it's extremely
useful for network debugging and testing. Netcat offers several
interesting uses. For example, you can make it listen to a particular
port and run a program. To do so, use the following:
$ netcat -v -l -p 10111 -e "/bin/cat /etc/motd"
This tells netcat to listen to port 10111. When there's a
connection, it tells netcat to execute "/bin/cat /etc/motd,"
which essentially displays the contents of /etc/motd and exits.You
can also set up netcat on a machine to listen for incoming connections
and run it on a remote machine to connect to the local machine
and serve up a bash shell. For example, on a local machine with
an IP address of 192.168.5.10, you would use the following:
$ netcat -v -l -p 10111
On the remote machine, you would use:
$ netcat 192.168.5.10 10111 -e /bin/bash
This tells the netcat instance on the remote machine to connect
to the netcat instance listening on 192.168.5.10 and serve up
a bash shell from the remote machine, which will then be available
on the local machine. Using the netcat instance on 192.168.5.10,
you can execute shell commands on the remote host. To perform
some Web debugging, you could use something like the following:
$ netcat www.website.com 80
Then, enter typical HTTP commands to get the unaltered output
(e.g., "GET / HTTP 1.0"). As you can see, netcat is
both an extremely versatile and very powerful utility. You can
download this useful tool, based on the original netcat program,
from the GNU Netcat Project Web site.
http://netcat.sourceforge.net/
Top of page
TIP:
SECURE BIND WITH THESE TIPS
BIND is a DNS server package that's had a rather spotty history
when it comes to security. However, despite these limitations,
there are few alternatives for serving up DNS data that are as
feature-rich as BIND. If you just need to serve up DNS data without
support for zone transfers, keys, and other features that BIND
offers, using something
like D.J. Bernstein's djbdns package may be sufficient. But if
you need some of the more robust features that only BIND offers,
you might as well learn a few things you can do to better secure
your setup. First, configure BIND not to report its version number.
This can stop passive scanners from identifying the version of
BIND you're using. This trick doesn't really secure BIND as much
as it obfuscates things a bit. You can do this by editing the
named.conf file, as shown below:
options {
version "Not available";
}
You can also restrict which hosts can perform zone transfers.
BIND configurations typically have no restrictions for performing
a zone transfer, which can lead to providing unwanted data to
potential attackers. You can also set this restriction using
the named.conf file. Here's an
example:
options {
allow-transfer { 192.168.5.10; };
}
This restricts zone transfers to 192.168.5.10, which would
be your secondary DNS server. You can also use Transaction Signatures
(TSIG) to more securely perform zone transfers. You should also
disable recursive queries, which prevents your DNS server from
being vulnerable to spoofing attacks. Add the following to the
named.conf file:
options {
fetch-glue no;
recursion no;
}
Finally, you may also want to consider running BIND in a chrooted
environment as a nonprivileged user. (BIND's documentation discusses
how to do this.) By running BIND in a chroot, you're locking
it into a special section of your system where it can't interact
with the rest of the system, minimizing the damage potentially
caused by an attacker who successfully exploits it.
Top of page
TIP:
AUDIT PASSWORDS WITH A PASSWORD-CRACKING TOOL
Auditing passwords is a worthwhile venture, particularly in
an environment that deals with sensitive information. Because
systems encrypt passwords when they store them, you really can't
properly judge the strength of a password unless you try to crack
it.
We suggest using a password-cracking tool such as John the
Ripper. This tool works extremely well because it can crack MD5
passwords, which most systems currently use. In addition, it's
much faster and more sophisticated than earlier password-cracking
software such as Crack.
Once you've installed the tool, either from RPM or by compiling
a copy yourself, you can set it to work. Keep in mind that John
the Ripper uses a fair amount of CPU, but it will only use idle
CPU time. However, copying the /etc/shadow file to a nonessential
machine and running the tool on that, rather than a production
machine, wouldn't be a bad idea either.
If you need to stop John the Ripper, press [Ctrl]C. You can
resume cracking passwords from where you left off by using the
following:
$ john -restore
This tool comes with a fair-sized dictionary of common passwords,
which it uses by default. However, you can download any dictionary
you want to use instead of or as complement to the existing dictionary.
All you need to do is concatenate the default.lst file to the
new dictionary.
In addition, it's a good idea to add words that are specific
to your particular environment, including employee names, addresses,
company name, etc.
To use a different dictionary than the default, use the following:
# john -wordfile:/tmp/dict.txt /etc/shadow
This runs John the Ripper against the passwords in /etc/shadow
using the dictionary /etc/dict.txt.
To download the John the Ripper password cracker, visit the
Openwall Project Web site at http://www.openwall.com/john/
Top of page
TIP:
MONITOR NETWORK TRAFFIC WITH NGREP
When it comes to network monitoring, there are a number of
available tools out there. However, one tool that administrators
often overlook is the network grep (ngrep) tool. As a network
sniffer or monitor, ngrep is very similar in some respects to
tcpdump, but it's somewhat different because you can use grep-style
syntax to filter what you want.
Ngrep's most basic use is to listen to all traffic on an interface.
However, you can extend this quite a bit to narrow down what
you're looking for. Ngrep's syntax is similar to that of tcpdump.
Here's an example:
$ ngrep port 80 and src host 192.168.5.10 and dst host 192.168.5.100
This monitors all traffic on port 80 from the host 192.168.5.10
to the host 192.168.5.100.
If you're interested in watching Telnet traffic, you can do
so using ngrep. You can make it only return traffic that shows
a login string by using grep-style syntax. Here's an example:
$ ngrep -q -t -wi "login" port 23
This tells ngrep to look for the string "login"
as a word (without case sensitivity) on port 23 for any connection.
In this case, ngrep operates in quiet mode so it only prints
out matches. In addition, it timestamps them (as designated by
the -t option).
Used in conjunction with tcpdump, ngrep can also be very valuable
for searching standard pcap dump files to look for patterns.
If you have a large dump file from tcpdump, you can use ngrep
to examine it by using standard ngrep commands and issuing it
an input file with the -I parameter. Here's an example:
$ ngrep -wi "login" port 23 -I /tmp/packet.dump
Top of page
TIP:
SYNC LINUX DATA WITH A POCKET PC
The ability to sync Palm-based devices with Linux has existed
for quite a while. However, as the popularity of Windows-based
Pocket PCs increases, there's a growing need to be able to sync
data from a computer running Linux with the Pocket PC--without
using Windows.
The SynCE Project is working on exactly that. It works with
Linux, FreeBSD, and similar operating systems.
While the project is still somewhat in its infancy, a number
of add-ons and tools exist that work with popular desktops, such
as GNOME and KDE. In addition, several plug-ins are available
that work with programs such as Evolution. However, it's unlikely
that many distributions bundle SynCE, so you may need to do some
compiling.
You can download SynCE from the SynCE Project's web site.
This web site also sports a number of documents and tutorials
to help walk you through the compile stage. In addition, you
can download packages specifically for Red Hat, Fedora, or Debian,
or you can build it using emerge on Gentoo.
http://synce.sourceforge.net/synce/
Another useful tool is MultiSync, which synchronizes PIM data
between GNOME-based systems and a Pocket PC. While MultiSync
can handle other devices such as the Sharp Zaurus, Palm, and
others, it also works with the Pocket PC, provided you use the
SynCE plug-in for MultiSync. This program handles the synchronization
between Evolution and the Pocket PC, allowing you to synchronize
calendars, to-do lists, and contacts.
If you're a KDE user, you can use the KitchenSync tool to
synchronize KDE PIM information with your Pocket PC, using the
SynCE libraries to handle the connection.
Top of page
TIP:
GET LOG STATISTICS WITH AWSTATS
If you're interested in analyzing log files, a few Web log
file analyzers are available. The most widely known programs
include Analog and The Webalizer. However, another tool that
contains a vast array of information is AWStats. AWStats is a
free Perl program that you can run for real-time log analysis
via a CGI script. In addition, you can run it periodically to
create static Web pages.
The installation and configuration of this tool is quite simple.
The example config file doesn't require much modification. In
fact, the only keywords that you really need to modify are the
LogFile, SiteDomain, HostAlias, and DirData keywords. After you've
created a new file from the copy (e.g., /etc/awstats/awstats.myhost.com.conf)
and made these changes, you're ready to begin creating reports.
If you're monitoring a number of sites, you can create a configuration
file for each site and write a cron job that runs every day and
makes static pages. Let's say that you've set up a directory
that will have domains as subdirectories (e.g., /srv/www/mysite.com/html/awstats/mysite.com).
For this example, you would view the statistics by going to http://mysite.com/awstats/mysite.com/.
If you're running three Web sites (e.g., mysite.com, yoursite.com,
and hersite.com), your script to process the statistics for each
would look something like the following:
#!/bin/sh
AWSTATS="/usr/local/awstats/awstats.pl"
AWBUILD="/usr/local/awstats/awstats_buildstaticpages.pl"
for i in mysite.com yoursite.com hersite.com;
do
perl $AWBUILD -config=$i -update -awstatsprog=$AWSTATS -dir=/srv/www/mysite.com/html/awstats/$i
done
Set this script to run every night, and you'll be able to
get Web site statistics on all of the Web sites you host updated
daily. AWStats writes the "root" page as awstats.mysite.com.html,
so it's a good idea to make a symlink of the file that points
to index.html to make it even easier to view.
To download this handy tool, visit the AWStats Official Web
site:
http://awstats.sourceforge.net/
Top of page
TIP:
ANALYZE APACHE LOGS WITH ANALOG
If you're looking for a useful log analysis program check
out Analog. This powerful, fast tool creates web pages based
on the analysis of Apache log files.
If your Linux vendor doesn't provide binary packages, you
may have to download and install the program from source. After
installation, create a configuration file that tells Analog what
logs to read and where to place the output.
If installed via RPM or DEB, Analog will typically place a
default configuration file in /etc/analog.cfg. Make a copy of
this file, and customize it to fit your needs. Here are the essentials
you need to set:
- LOGFILE /var/log/httpd/access_log
- HOSTNAME www.myhost.com
- HOSTURL http://www.myhost.com
- OUTFILE /var/www/html/logs/report.html
- CHARTDIR /logs/images
- LOCALCHARTDIR /var/www/html/logs/images
This tells Analog which log file to analyze, provides information
on the host it's analyzing (i.e., hostname and URL), and indicates
where to place the report file. In this case, the resulting URL
would be:
http://www.mysite.com/logs/report.html
It also tells Analog where to write the image files for the
charts that it creates.
Analog creates a very comprehensive output that includes a
number of statistics, such as monthly page views, daily and hourly
summaries of page requests, most used search requests to reach
the site, and more.
For an up-to-date report, run Analog every day by using the
following:
# analog -G +g/etc/myanalog.cfg
This assumes your customized configuration file is /etc/myanalog.cfg,
and it tells Analog to use the specified configuration file instead
of the default configuration file. This comes in handy if you've
configured Apache to create log files for different virtual hosts
and want a different report for each virtual host.
Top of page
TIP:
ASSIGNING VARIABLES IN BASH
Assigning variables in bash is easily done and extremely useful,
but like other programming languages, bash can also use arrays.
This is particularly handy when you want to read the contents
of a file into an array or simply keep your scripts more organized
and logical.
There are two ways of declaring an array:
- <code>
- declare -a FOO
- </code>
This creates an empty array called FOO. You can also declare
an array by assigning values to it:
- <code>
- FOO[2] = 'bar'
- </code>
This assigns the third element of the array to the value 'bar'.
In this instance, FOO[0] and FOO[1] are also created, but their
values are empty.
To populate an array, use:
- <code>
- FOO=( bar string 'some text' )
- </code>
This assigns the first element (FOO[0]) to 'bar', the second
(FOO[1]) to 'string' and the final element (FOO[3]) to 'some
text'. Notice that the array elements are separated by a blank
space, so if a value contains white spaces it must be quoted.
To use an array, it is referred to as $FOO[2] but it also
needs to be surrounded in curly braces, otherwise bash will not
expand it correctly:
- <code>
- $ echo {$FOO[2]}
- some text
- </code>
To loop through an array, you can use a piece of shell code
like the following:
- <code>
- #!/bin/sh
- FOO=( bar string 'some text')
- foonum=${#FOO
- for ((i=0;i<$foonum;i++)); do
- echo ${FOO[${i}]
- done
- </code>
Here we loop through each item of the array and print out
its value. Each array element is accessed by number, so we use
the special variable ${#FOO} which gives the number of elements
in the array (in the above case, it would return the number 3).
That value is then used in the for loop to determine how many
times to loop. By accessing the array in this manner, you can
easily generate arrays from external data or command-line arguments,
and process each element one at a time.
Top of page
TIPS:
| Tripwire | Apache
log files | Netcat | Secure
BIND | Audit passwords |
| ngrep | Sync
| AWStats | Analog
| Arrays in bash |
Hear Linus Torvalds pronounce
Linux. [AU format sound]
Linux tips resources:
|