Friday, August 22, 2008

SELinux - a practical guide

originally from:

I just spent several days helping to upgrade an organization's servers from Red Hat Enterprise 3 to the latest version, Red Hat Enterprise 5.2. There were, of course, a large number of differences between the two versions; it's probably safe to say that every program and library underwent a significant upgrade. But one of the most important, and impressive, differences between the two was its use of SELinux, or "security-enhanced" Linux.SELinux offers a great deal of functionality, and helps to protect Linux boxes from a variety of threats. It forces system administrators to learn a new vocabulary, as well as permissions, logfiles, and programs with which they were previously unfamiliar. Fortunately, there are many good tutorials for SELinux on the Web. If you're interested in protecting your Linux boxes, you should take a look at these -- preferably before you perform any upgrades. SELinux is available as part of a growing number of distributions, and it has the potential to make your system significantly more secure.I've long told people that "all Unix problems are permission problems," and that's largely the case: Each Unix file (or program) traditionally belongs to a single user and a single group. The file can then be assigned read, write, and/or execute permission for the user, the group, or everyone on the system.

Unix system administrators know that getting permissions right can often take time. The thing is, Unix permissions are the only thing that stop an intruder from doing something nasty. If someone is able to gain access to your "root" (superuser) account, then they can do whatever they want, because Unix systems typically ignore permissions for the root user. If a program that runs as root has a security hole, then it might be possible to exploit that hole, using the program to execute program with the root user's permissions. Programs that run as users other than root aren't quite as dangerous, but they can still cause considerable damage.
SELinux solves these problems by adding a second layer of security, which takes effect where the traditional Unix permissions would permit access. Instead of just assigning user and group permissions, SELinux has a huge number of very specific access types. So a file might be described as a "file in /etc," or "a program in /bin," or "a file to be served by the HTTP server." Only a user who has been given explicit permission to access a file of that type will be allowed to do so.As impressively secure as SELinux can be -- actual security is, of course, a matter of policy and vigilance, not a single technology --

I was even more impressed by the tools that make it possible to work with SELinux. SELinux logs every access success and failure, making it possible to find (and understand) what is happening behind the scenes.When something does go wrong, the program audit2why can give an explanation, and the program audit2allow can produce a file that changes the current system policy, in order to allow access. Of course, you might not want to change the the system policy at all, but rather change the type of a file; the "chcon" program can do that, much as "chmod" works for regular permissions.Working with SELinux can be difficult and annoying at first, since it initially seems as though a huge number of programs are forbidden from doing innocuous things. Not only does SELinux become easier to work with over time, but the included programs make it possible to zero in on problems and fix them in a relatively short time. After a while, it becomes fairly natural to work with SELinux.

read more

Wednesday, August 13, 2008

19 Most Essential Open Source Applications

WordpressWordPress is a state-of-the-art publishing platform with a focus on aesthetics, web standards, and usability. WordPress is both free and priceless at the same time.ModSecurity - Open Source Web Application FirewallModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. It is also an open source project that aims to make the web application firewall technology available to everyone.SteelBlue Open Source Web Application ServerSteelBlue is an open-source Web application server environment in which Web-database applications can be developed completely in an extended HTML language. Similar to ColdFusion and Story Server, session and user-associated data as well as SQL commands can be directly embedded into the HTML page. Therefore, no CGI programming experience is required to develop applications with SteelBlue, only knowledge of SQL and HTML.Dolphin :: Smart Community BuilderDolphin community builderYouTube, MySpace, Odeo, Flickr, Match and Facebook - all in one, customizable and under your full control. You’re limited only by your imagination - not by software. Dolphin Smart Community Builder is a universal, free, open source software that allows you to build any kind of online community. With a huge variety of features & options, you can quickly develop your very unique and successful website.PURE Unobtrusive Rendering Engine For HTMLPURE is an Open Source JavaScript Template Engine for HTML. Truly unobtrusive, it leaves your HTML untouched. It is cross-browser (IE 6.0+, FF 2+, Safari 2.0+, Opera 9.0+).Bugzilla - Mozilla’s bug tracking systemBugzilla is a bug tracking system designed to help teams manage software development. Hundreds of organizations across the globe are using this powerful tool to get organized and communicate effectively.Mindquarry DO - Free Open Source Software Download for Team CollaborationMindquarry DO is an Open Source collaborative software platform for file sharing, task management, team collaboration and Wiki editing that is available for Windows, Linux and Mac OS X. Mindquarry runs as a web application with an optional desktop client for Windows, Linux and Mac OS that allows for desktop synchronization and offline work. As a result, you are able to connect with team members and share information from wherever you are, effectively improving team-work and increasing productivity within your team.EPIWARE - A Open Source Document Management SystemEpiware GPL project and document management, for those that like to be on the cutting edge of development. Take control of your information and content today.jobberBase - The Open Source Job Board SoftwarejobberBase is a great open source job board software for anyone. You can get online your job posting website with jobberBase. It’s easy to install and configure to start your job board.Flex SDK-Adobe Open SourceFlex is a highly productive, open source framework for building and maintaining expressive web applications that deploy consistently on all major browsers, desktops and operating systems.Open source Ticket Request SystemOTRS is an Open source Ticket Request System (also well known as trouble ticket system) with many features to manage customer telephone calls and e-mails. The system is built to allow your support, sales, pre-sales, billing, internal IT, helpdesk, etc. department to react quickly to inbound inquiries. Do you receive many e-mails and want to answer them with a team of agents? You’re going to love the OTRS!phpMyVisites Free Web Statistics And AnalyticsphpMyVisites is a free and powerful open source (GNU/GPL) software for websites statistics and audience measurements. phpMyVisites gives a lot of information on websites visitors, visited pages, software/hardware utilization, etc… The GUI Interface is fun and practical. The installation is entirely automated and very simple.LimeSurvey - The Leading Open Source Survey ToolLimeSurvey (formerly PHPSurveyor) is an Open Source PHP web application to develop, publish and collect responses to online & offline surveys.dotproject - Open Source Project and Task Management SoftwareThe original theme flagged dotProject as an open source alternative to Microsoft products and other expensive, commercial applications. Right from the start, dotProject had, as it’s core aims a number of simple requirements which are Clean, simple and consistent user interface; Project Management functionality - not another CMS, groupware environment or all things to all people collaboration tool, but a project management environment; Open source and free usage.The Freeway ProjectFreeway is the most advanced Open Source eCommerce platform and Freeway offers selling methods only previously available in enterprise class or niche bespoke systems. Without having to purchase a commercial system and then paying a developer to build a custom installation, Freeway does what you need out of the box. Of course Freeway is great for selling products but it also sells events AND services AND subscriptions. From appointments and time based bookings to event ticketing and subscriptions Freeway is the eCommerce platform.AtMail Open - Redefining Open Source WebmailAtMail is an open source webmail client written in PHP. We aim to provide a elegant Ajax webmail client for existing IMAP mailservers, with less bloat and a focus on an intuitive, simple user interface.OpenOffice - The Free and Open Productivity SuiteOpenOffice is the leading open-source office software suite for word processing, spreadsheets, presentations, graphics, databases and more. It is available in many languages and works on all common computers. It stores all your data in an international open standard format and can also read and write files from other common office software packages. It can be downloaded and used completely free of charge for any purpose.Open Workbench - Open Source Project Management and Project Scheduling for WindowsOpen Workbench is an open source Windows-based desktop application that provides robust project scheduling and management functionality and is free to distribute throughout the enterprise.The SeaMonkey ProjectThe SeaMonkey project is a community effort to develop the SeaMonkey all-in-one internet application suite. Such a software suite was previously made popular by Netscape and Mozilla, and the SeaMonkey project continues to develop and deliver high-quality updates to this concept. Containing an Internet browser, email & newsgroup client, HTML editor, IRC chat and web development tools, SeaMonkey is sure to appeal to advanced users, web developers and corporate users.

read more | digg story

Tuesday, August 12, 2008

Setting Up Apt-Cacher To Save Bandwidth.

If you're running more than one Ubuntu PC at home setting up Apt-Cacher is a quick and easy way to save lots of bandwidth.Instead of downloading updates numerous times you can download them once then distribute them over your local network, faster and easier especially if you have your downloads capped.

read more | digg story

Saturday, August 9, 2008

Got XP? Wish you had XP? Want something better? It's not Vista

Since most legitimate vendors are no longer able to sell or install Windows XP after June 30, I have an option for you: Use Linux. That's right, retain that XP look and feel goodness without violating any rules or creating other problems for yourself by using the little known XPDE (XP Desktop Environment). Even better, you install it on the uber-goodness (and freeness--is that a word?) of Linux.The good folks at XPDE offer you an almost exact replica of the XP Desktop on Linux.

read more | digg story

Analyst: Ubuntu, Community Distros Ready for the Enterprise

At the LinuxWorld expo in San Francisco, analyst Jay Lyman of the 451 Group spoke about the potential for enterprise adoption of Ubuntu and the impact that community-driven Linux distributions will have on the market.Companies are increasingly choosing free community-driven Linux distributions instead of commercial offerings with conventional support options. Several factors are driving this trend, particularly dissatisfaction with the cost of support services from the major distributors. Companies that use and deploy Linux internally increasingly have enough in-house expertise to handle all of their technical needs and no longer have to rely on Red Hat or Novell, according to Lyman.Procurement practices are evolving overseas, especially in Europe, where distributions like CentOS and Ubuntu are gaining more traction in corporate environments and data centers.

read more | digg story

Friday, August 8, 2008

Ubuntu/Linux Roundup

Hack Attack: Top 10 Ubuntu apps and tweaksUbuntu Tip: How to mount a Windows NTFS partitionHow to install Photoshop on UbuntuInstall and run Ubuntu without disturbing WindowsCompare Linux distros side by sideHow to install anything in UbuntuThirteen things to do after you install UbuntuIntroduction to the Unix command lineThe Window

read more | digg story