00000004.htm

一份很好的linux入门资料

<HTML>

<HEAD>
  <TITLE>BBS水木清华站∶精华区</TITLE>
</HEAD>

<BODY>

<CENTER><H1>BBS水木清华站∶精华区</H1></CENTER>

发信人:&nbsp;cybergene&nbsp;(活泼的基因),&nbsp;信区:&nbsp;Linux&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<BR>
标&nbsp;&nbsp;题:&nbsp;Linux&nbsp;Security:&nbsp;It's&nbsp;Not&nbsp;Just&nbsp;About&nbsp;Security&nbsp;<BR>
发信站:&nbsp;BBS&nbsp;水木清华站&nbsp;(Sun&nbsp;Jan&nbsp;&nbsp;9&nbsp;10:23:27&nbsp;2000)&nbsp;<BR>
&nbsp;<BR>
&nbsp;<BR>
Linux&nbsp;Security:&nbsp;It's&nbsp;Not&nbsp;Just&nbsp;About&nbsp;Security&nbsp;<BR>
jeff&nbsp;covey&nbsp;-&nbsp;January&nbsp;08th&nbsp;2000,&nbsp;23:59&nbsp;EST&nbsp;&nbsp;<BR>
Jon&nbsp;Lasser&nbsp;began&nbsp;the&nbsp;Bastille&nbsp;Linux&nbsp;Project&nbsp;in&nbsp;order&nbsp;to&nbsp;harden&nbsp;the&nbsp;&nbsp;<BR>
security&nbsp;of&nbsp;Red&nbsp;Hat&nbsp;Linux,&nbsp;the&nbsp;distribution&nbsp;he&nbsp;uses&nbsp;at&nbsp;work.&nbsp;In&nbsp;the&nbsp;&nbsp;<BR>
process,&nbsp;he&nbsp;began&nbsp;looking&nbsp;at&nbsp;the&nbsp;other&nbsp;distributions&nbsp;to&nbsp;see&nbsp;how&nbsp;they&nbsp;&nbsp;<BR>
handle&nbsp;security&nbsp;updates,&nbsp;and&nbsp;he&nbsp;was&nbsp;not&nbsp;at&nbsp;all&nbsp;happy&nbsp;with&nbsp;what&nbsp;he&nbsp;found.&nbsp;<BR>
&nbsp;In&nbsp;today's&nbsp;editorial,&nbsp;he&nbsp;shares&nbsp;his&nbsp;concerns&nbsp;and&nbsp;explains&nbsp;why&nbsp;it&nbsp;&nbsp;<BR>
matters&nbsp;to&nbsp;you&nbsp;even&nbsp;if&nbsp;you&nbsp;do&nbsp;all&nbsp;your&nbsp;security&nbsp;monitoring&nbsp;for&nbsp;yourself.&nbsp;<BR>
&nbsp;&nbsp;<BR>
&nbsp;<BR>
&nbsp;<BR>
&nbsp;<BR>
------------------------------------------------------------------------&nbsp;<BR>
--------&nbsp;<BR>
&nbsp;<BR>
Copyright&nbsp;notice:&nbsp;All&nbsp;reader-written&nbsp;material&nbsp;on&nbsp;freshmeat&nbsp;is&nbsp;the&nbsp;&nbsp;<BR>
property&nbsp;and&nbsp;responsibility&nbsp;of&nbsp;its&nbsp;author;&nbsp;for&nbsp;reprint&nbsp;rights,&nbsp;please&nbsp;&nbsp;<BR>
contact&nbsp;the&nbsp;author&nbsp;directly.&nbsp;<BR>
&nbsp;<BR>
------------------------------------------------------------------------&nbsp;<BR>
--------&nbsp;<BR>
&nbsp;<BR>
&nbsp;<BR>
As&nbsp;a&nbsp;professional&nbsp;Unix&nbsp;systems&nbsp;administrator,&nbsp;I'm&nbsp;concerned&nbsp;about&nbsp;system&nbsp;<BR>
&nbsp;security.&nbsp;Keeping&nbsp;unauthorized&nbsp;users&nbsp;off&nbsp;my&nbsp;systems&nbsp;is&nbsp;simply&nbsp;part&nbsp;of&nbsp;&nbsp;<BR>
my&nbsp;job;&nbsp;doing&nbsp;this&nbsp;requires&nbsp;vigilance&nbsp;in&nbsp;the&nbsp;form&nbsp;of&nbsp;monitoring&nbsp;&nbsp;<BR>
performance,&nbsp;reading&nbsp;logs,&nbsp;and&nbsp;keeping&nbsp;patches&nbsp;up-to-date.&nbsp;For&nbsp;me,&nbsp;&nbsp;<BR>
security&nbsp;is&nbsp;about&nbsp;security;&nbsp;it's&nbsp;about&nbsp;keeping&nbsp;my&nbsp;users'&nbsp;projects&nbsp;safe&nbsp;&nbsp;<BR>
and&nbsp;keeping&nbsp;them&nbsp;comfortable&nbsp;despite&nbsp;a&nbsp;full-time&nbsp;connection&nbsp;to&nbsp;the&nbsp;&nbsp;<BR>
Internet.&nbsp;<BR>
&nbsp;<BR>
As&nbsp;Lead&nbsp;Coordinator&nbsp;of&nbsp;the&nbsp;Bastille&nbsp;Linux&nbsp;Project,&nbsp;a&nbsp;hardening&nbsp;script&nbsp;&nbsp;<BR>
for&nbsp;Red&nbsp;Hat&nbsp;Linux,&nbsp;I&nbsp;thought&nbsp;my&nbsp;job&nbsp;was&nbsp;to&nbsp;make&nbsp;Linux&nbsp;more&nbsp;secure&nbsp;so&nbsp;&nbsp;<BR>
beginning&nbsp;users&nbsp;could&nbsp;easily&nbsp;keep&nbsp;their&nbsp;boxes&nbsp;secure.&nbsp;Often,&nbsp;new&nbsp;Linux&nbsp;&nbsp;<BR>
users&nbsp;have&nbsp;no&nbsp;experience&nbsp;as&nbsp;system&nbsp;administrators&nbsp;or&nbsp;often&nbsp;even&nbsp;any&nbsp;&nbsp;<BR>
experience&nbsp;with&nbsp;Unix.&nbsp;I&nbsp;thought&nbsp;the&nbsp;best&nbsp;way&nbsp;to&nbsp;tackle&nbsp;the&nbsp;problem&nbsp;was&nbsp;&nbsp;<BR>
to&nbsp;make&nbsp;it&nbsp;easy&nbsp;to&nbsp;do&nbsp;the&nbsp;right&nbsp;thing.&nbsp;<BR>
&nbsp;<BR>
Recently,&nbsp;I've&nbsp;been&nbsp;asked&nbsp;lots&nbsp;of&nbsp;questions&nbsp;about&nbsp;Linux&nbsp;system&nbsp;&nbsp;<BR>
security&nbsp;by&nbsp;reporters.&nbsp;Often,&nbsp;I'm&nbsp;put&nbsp;on&nbsp;the&nbsp;defensive&nbsp;right&nbsp;away:&nbsp;&nbsp;<BR>
Does&nbsp;Linux&nbsp;have&nbsp;a&nbsp;security&nbsp;problem?&nbsp;Why&nbsp;is&nbsp;Linux&nbsp;less&nbsp;secure&nbsp;than&nbsp;&nbsp;<BR>
other&nbsp;operating&nbsp;systems?&nbsp;Is&nbsp;open-source&nbsp;software&nbsp;inherently&nbsp;less&nbsp;&nbsp;<BR>
secure&nbsp;than&nbsp;commercial&nbsp;systems?&nbsp;<BR>
&nbsp;<BR>
I&nbsp;usually&nbsp;begin&nbsp;by&nbsp;explaining&nbsp;that&nbsp;more&nbsp;holes&nbsp;are&nbsp;reported&nbsp;in&nbsp;&nbsp;<BR>
open-source&nbsp;software&nbsp;before&nbsp;they're&nbsp;exploited,&nbsp;and&nbsp;that&nbsp;the&nbsp;number&nbsp;of&nbsp;&nbsp;<BR>
actually-exploited&nbsp;holes&nbsp;is&nbsp;no&nbsp;greater&nbsp;--&nbsp;perhaps&nbsp;even&nbsp;less&nbsp;--&nbsp;than&nbsp;&nbsp;<BR>
commercial&nbsp;software.&nbsp;I&nbsp;explain&nbsp;that&nbsp;one&nbsp;reason&nbsp;there&nbsp;are&nbsp;so&nbsp;many&nbsp;&nbsp;<BR>
break-ins&nbsp;into&nbsp;Linux&nbsp;systems&nbsp;is&nbsp;that&nbsp;there&nbsp;are&nbsp;so&nbsp;many&nbsp;Linux&nbsp;systems&nbsp;&nbsp;<BR>
on&nbsp;the&nbsp;Internet,&nbsp;and&nbsp;I&nbsp;explain&nbsp;that&nbsp;Linux&nbsp;can&nbsp;be&nbsp;as&nbsp;secure&nbsp;as&nbsp;any&nbsp;&nbsp;<BR>
other&nbsp;operating&nbsp;system.&nbsp;<BR>
&nbsp;<BR>
But&nbsp;Linux&nbsp;does&nbsp;have&nbsp;a&nbsp;security&nbsp;problem.&nbsp;It's&nbsp;not&nbsp;a&nbsp;universal&nbsp;problem,&nbsp;&nbsp;<BR>
but&nbsp;look&nbsp;at&nbsp;the&nbsp;following&nbsp;list&nbsp;of&nbsp;security&nbsp;Web&nbsp;sites,&nbsp;mailing&nbsp;lists,&nbsp;and&nbsp;<BR>
&nbsp;update&nbsp;tools&nbsp;for&nbsp;some&nbsp;common&nbsp;Linux&nbsp;distributions:&nbsp;<BR>
&nbsp;<BR>
&nbsp;<BR>
Red&nbsp;Hat&nbsp;Linux&nbsp;&nbsp;<BR>
<A HREF="http://www.redhat.com/support/errata">http://www.redhat.com/support/errata</A>&nbsp;&nbsp;<BR>
redhat-watch-list-<A HREF="mailto:request@redhat.com">request@redhat.com</A>&nbsp;&nbsp;<BR>
Update&nbsp;Agent&nbsp;available&nbsp;only&nbsp;to&nbsp;purchasers&nbsp;of&nbsp;Red&nbsp;Hat&nbsp;6.1&nbsp;&nbsp;<BR>
Debian&nbsp;&nbsp;<BR>
<A HREF="http://www.debian.org/security">http://www.debian.org/security</A>&nbsp;&nbsp;<BR>
debian-security-announce-<A HREF="mailto:REQUEST@lists.debian.org">REQUEST@lists.debian.org</A>&nbsp;&nbsp;<BR>
apt-get&nbsp;update&nbsp;&nbsp;<BR>
SuSE&nbsp;&nbsp;<BR>
<A HREF="http://www.suse.de/security">http://www.suse.de/security</A>&nbsp;&nbsp;<BR>
suse-security-announce-<A HREF="mailto:subscribe@suse.com">subscribe@suse.com</A>&nbsp;&nbsp;<BR>
No&nbsp;official&nbsp;tool&nbsp;for&nbsp;auto&nbsp;updates&nbsp;--&nbsp;AutoRPM&nbsp;works&nbsp;on&nbsp;both&nbsp;SuSE&nbsp;and&nbsp;&nbsp;<BR>
Red&nbsp;Hat.&nbsp;&nbsp;<BR>
Mandrake&nbsp;&nbsp;<BR>
<A HREF="http://www.linux-mandrake.com/en/security.php3">http://www.linux-mandrake.com/en/security.php3</A>&nbsp;&nbsp;<BR>
<A HREF="mailto:symp@linux-mandrake.com">symp@linux-mandrake.com</A>&nbsp;&nbsp;<BR>
MandrakeUpdate&nbsp;&nbsp;<BR>
Caldera&nbsp;&nbsp;<BR>
<A HREF="http://www.calderasystems.com/support/security">http://www.calderasystems.com/support/security</A>&nbsp;&nbsp;<BR>
announce-<A HREF="mailto:subscribe@lists.caldera.com">subscribe@lists.caldera.com</A>&nbsp;is&nbsp;not&nbsp;just&nbsp;security&nbsp;updates&nbsp;but&nbsp;&nbsp;<BR>
also&nbsp;product&nbsp;announcements,&nbsp;press&nbsp;releases,&nbsp;etc.&nbsp;&nbsp;<BR>
No&nbsp;official&nbsp;tool&nbsp;for&nbsp;automatic&nbsp;updates&nbsp;&nbsp;<BR>
Corel&nbsp;&nbsp;<BR>
No&nbsp;known&nbsp;web&nbsp;page&nbsp;for&nbsp;security&nbsp;&nbsp;<BR>
No&nbsp;known&nbsp;mail&nbsp;list&nbsp;for&nbsp;security&nbsp;&nbsp;<BR>
No&nbsp;known&nbsp;tool&nbsp;for&nbsp;security&nbsp;updates.&nbsp;'apt-get&nbsp;update'&nbsp;probably&nbsp;works,&nbsp;&nbsp;<BR>
as&nbsp;it's&nbsp;based&nbsp;on&nbsp;Debian&nbsp;Linux&nbsp;&nbsp;<BR>
Turbo&nbsp;Linux&nbsp;&nbsp;<BR>
No&nbsp;known&nbsp;web&nbsp;page&nbsp;for&nbsp;security&nbsp;&nbsp;<BR>
No&nbsp;known&nbsp;mail&nbsp;list&nbsp;for&nbsp;security&nbsp;&nbsp;<BR>
No&nbsp;known&nbsp;tool&nbsp;for&nbsp;security&nbsp;updates&nbsp;&nbsp;<BR>
Slackware&nbsp;Linux&nbsp;&nbsp;<BR>
No&nbsp;known&nbsp;web&nbsp;page&nbsp;for&nbsp;security&nbsp;&nbsp;<BR>
No&nbsp;known&nbsp;mail&nbsp;list&nbsp;for&nbsp;security&nbsp;&nbsp;<BR>