I recently offered some security tips aimed at new system administrators. And hey, the home users among you should take note, after all, you’re the administrator of your home system! One of the tips was “Don’t run as root.” Today I would like to expand on that a bit. First, we’ll take a look at why you should limit the use of your super powers. Then we’ll look at the best ways to use su and sudo to help you limit your risks.
FOSS Force
I wasn’t in search of a hero when I found him.
Burt Rutan signed autographs on that blistering hot June day in the Mojave desert. His collection of engineers, scientists and “enterprise rouges” shouldered their way into front page news. SpaceShipOne had just become the first civilian aircraft/spacecraft to carry the first civilian pilot into space. His pilot for that epic flight into space, Mike Melvill, was the first recognized and licensed space pilot on the planet. How about that as “your most shining achievement” on a future resume? Burt Ratan and his company, Applied Composites, took home the ten million dollar prize offered by SpaceX. They fulfilled all of the requirements, to include everyone being alive upon landing.
I was a member of the crowd that gathered in the high country desert for the flight and the homecoming of SpaceShipOne. We planned our trip in order to be early. We were sure that a couple of hundred people would show up for this history-in-the-making event.
Now that Microsoft has been pretty much neutralized as a threat, who’s next on the list to be free tech’s “public enemy number one?”
Oracle? While it’s true that the company is more thuggish than Redmond ever dreamed of being, Oracle has never really been a threat to anyone but the database and high finance crowds. Also, the company’s recent financials indicate the company, like Microsoft, isn’t what it used to be.
Apple? So long as it continues to be an overpriced walled garden, it’s not likely to pose much of a threat. It’ll always be held in disdain by free tech folks, but always in the number two position because it’s easily ignored.
My guess is that the company poised to win the most-hated-in-free-tech prize is Google.
FOSS Week in Review
It’s been a busy week for those in the FOSS realm — from sea-to-shining-sea, and even down South — with the Red Hat Summit going on in Boston, with Open Source Bridge in Portland, Oregon, and with preparations being finalized for the upcoming Texas Linux Fest in two months, among other things.
Let’s take these one at a time, shall we?
Red Hat, Samsung Team Up: While there has been a lot of oooh-ing and ahhh-ing over what’s been coming out of the Red Hat Summit in Boston this week, probably the most intriguing news to come out of the proceedings is that Red Hat and Samsung Electronics America “announced a strategic alliance to deliver the next generation of mobile solutions for the enterprise,” according to Red Hat’s PR department.
Poor Microsoft. The beleaguered company just can’t catch a break. We’ve already told you about how Snowden’s revelations have forced the pride of Redmond to spend who knows how many millions opening two “transparency centers” to allow government IT experts to pore through source code to prove there’s no back doors baked into Windows or other Microsoft products. Trouble is, while its engineers have been busy plastering over all traces of old back doors, they’ve left a side door standing wide open, waiting to be exploited.
Ironically, this side door is intended to be a security door for third party add-ons that every Windows machine needs to keep it safe from cracker hackers — if that’s indeed possible. And this security tool is usually more trusted by Microsoft system admins, especially those outside the U.S., than Windows itself.
Sarah Sharp, an embedded software architect at Intel, and Kesha Shah, a student at Dhirubhai Ambani Institute of Information and Communication Technology, were named the winners of Red Hat’s first Women in Open Source Awards at the Red Hat Summit in Boston on Tuesday.
The Women in Open Source Awards recognize women in two categories – Community and Academic – who make important contributions to open source projects and communities, or who promote open source methodologies.
Free open source software. FOSS. The vision of one man…a vision tenacious enough to catch fire and spread around the globe. Free open source software is a staple of the enterprise for most of the world. We have one man to thank for that. Richard Stallman’s courage and foresight will be known and built upon long after we are gone. His contribution is truly his timeless, global legacy.
The only sad part of the story, at least so far, is that the United States has stubbornly dug in her heels. She has chosen to pay homage to the Microsofts and the Apples in our nation. We remain as one of the only nations in the world that openly shuns FOSS in the enterprise. We not only shun it, we work directly against it in the halls of our Senate. That’s due to one simple thing.
Money.
Mageia 5, released on Friday and over a year in the making, is familiar territory to those of us who cut our Linux teeth on Mandriva back in the days when it was called Mandrake. That’s not to say that the distro is old or outdated, far from it, but any Mandrake old-timer will instantly recognize the roots of this distro.
It’s generally fairly easy for new Linux administrators to get up and running with the basics of installing, configuring and managing Linux systems at a basic level. Truthfully, though, it takes years to get the in-depth knowledge required in many server environments today. One thing I really recommend learning early on — i.e. from the beginning — is security.
I participate in a group of professional penetration testers (the nice folks who help you test your security as if they were the bad guys) called Charlotte Hackers Anonymous. I asked the group what they thought were the most important tips for new system administrators, and below are their tips, along with my thoughts on each.