| Related sites for http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html |
| Newton_Archives A well orginized selection of Newton software ranging from backdrops to medical to travel packages. | | Lcrzo_network_library Network library for Linux, Windows, FreeBSD and Solaris providing sniff, spoof, packet creation, packet decoding, packet printing, and address conversion. [Open Source, Free] | | Planet_Ocean_Communications Offers book on search engine strategies with monthly newsletter. | | The_Cerebral_Code,_Thinking_a_Thought_in_the_Mosaics_of_the_Mind by William H. Calvin. | | RFC_0845 Who Talks TCP? - Survey of 15 February 1983. D. Smallberg. February 1983. | | RFC_1179 Line Printer Daemon Protocol. L. McLaughlin. August 1990. | | RealVision,_Inc_ Offers software tools for DNC programming, shopfloor, tool crib, and preventive maintenance management, as well as document handling. | | OVP__A_Simple_SMTP_Framework_for_Java Examination of the implementation of a Simple Mail Transfer Protocol (SMTP) client-side framework that can be used in Java applications and applets. Published in Crossroads, the ACM student magazine. | | SIM-SERV Offers plant simulation software and services. | | Indian_Institute_of_Technology_-_IIT_Madras Offers under-graduate, post-graduate and doctoral programs. Information about courses, personal homepages, events, and contacts. | | HP_iPAQ_Developer_Program Membership provides access to the SDK, knowledge base articles, and additional support. | | NameSeek A large and diverse selection of names for sale in a keyword searchable catalog. | | Python_Enhancement_Proposals_(PEPs) Design documents providing information to the Python community, or describing a new feature for Python. | | Quickshow Authoring tool to create presentations to be displayed in the Opera web browser in OperaShow mode. Includes features, examples, and download. | | alt_magick Official Frequently Asked Questions from the alt.magick Usenet newsgroup. Containing occult information on magick, spells and other arcanum. | | do_Oh__todo_lists Provides to do list space which is then fed into a wacky poll. | | CSS_ICC_Profile_Support_Proposal Working draft to give CSS finer control of reproducibility and accuracy of colors. [Not final specification] | | Spruance_Enterprises Presence provider and design company in Broward County, Fort Lauderdale, Florida, United States. | | Chestysoft Suppliers of ASP components for image manipulation, graphics and charts. | | Six_Log__Comment_Spam Spammers are abusing comment systems to increase their rank on Google. Here are some steps to take to reduce or eliminate this problem. |
|
Dranch's HomePage - Linux: A -REAL- O/S
[ HOME ]
[ Linux ]
[ RAS ]
[ Networks ]
[ PC Hardware ]
[ ISDN ]
[ Cablemodems ]
[ Eval ISPs ]
[ Security ]
[ Trinity Designs ]
[ Who am I ]
[ Bookmarks ]
[ ChangesLog ]
[ Email me ]
[ --- ]
[ Search! ]
Linux is a freely available UNIX operating system that is gaining
momentum every day. Often pronounced with a short ``i'' and with
the first syllable stressed -- i.e 'LIH-nucks', it was originally released
by Linus Torvalds (See a
picture of Linus). Linux has now become one of the
best multi-platform operating systems in existence with support for
single and multi-processor support for Intel x86 , Sun Sparc, Digital Alpha,
Motorola 680x0, Motorola PowerPC, and Silicon Graphics MIPs microprocessors.
Companies like BSDI, SCO (native and Unixware) aren't very happy about
losing a significant amount of market share (which they WILL lose) to a
FREE operating system!
Linux comes in several favors which you might have heard of before.
All of these 'distributions' use free software from the GNU project
but they differentiate themselves by user interfaces, file placement,
etc. Some of these common distributions are:
Slackware
- Very common with a good file structure
RedHat - Known for a good
user interface and a excellent incremental upgrade system
Debian - Known for incremental
upgrades
MkLinux - A full GNU
distribution for the Motorola and PowerPC-based Apple computers
Please see the second chapter of TrinityOS (link below) for more in-depth
coverage on other distributions.
Then toss in full networking support, X-windows, one of the fastest
development cycles for software out there, and an amazing level of
Internet support, Linux is here to stay!
Here are some links that I've either written or found to be
very helpful:
The TrinityOS documentation and TrinityOS-Archive Scripts
The CURRENT version is: 05/22/05
Please see below for a full list of TrinityOS documented features, etc
TrinityOS is available in the following formatsCompressed
Chapterized HTML files
TarGZed
One Large HTML file
TarGZed
One Large ASCII Text file
TarGZed
One Large PDF file (output will be improved soon)
TarGZed
One Large PS file
TarGZed
One Large SGML file
TarGZed
All of the above TrinityOS formats in one Large TGZ file
TarGZed
The last WRI version (04/15/00)
TarGZed
Manually browse the TrinityOS documentation directory structure
TrinityOS Updates OLDER than 01/12/03
Gzip
The archive link below contains all of configuration files, firewall rulesets, etc
directly from the TrinityOS documentation the with a step-by-step shell script to help
the user along to semi-automatically tune and secure the Linux box quickly. You can get/view
these files in one of two ways:
[Updated 05/22/05]
TrinityOS-security.tar.gzAll files contained in TrinityOSAutomated installation of TrinityOS
Compressed
Browse the individual files in directory form.
52k .tar.gz file
If you'd like to show your approval of TrinityOS and what it stands for,
feel free to grab one of the
following graphics and put it on your page!
Thanks to j.f.gauthier for the graphics work!
10/16/05 - I recently looked at the legacy "TrinityOS and Linux" forum and it
seems that this OneCenter system has fallen under Spammer control. Until I
find a new solution, feel free to email me.
WANTED:: If you know of a different
provider that offers similar service in a better, searchable mechanism, please
let me know!
Here is TrinityOS's current feature set..
------------------------------------------------------------------------------------
TrinityOS is a step by step, example driven, HOWTO on building a very functional
Linux box with strong security in mind.
Current
Features:
=========
Master References and Recommended Guidelines
--------------------------------------------
+ An extensive URL library and current version list for all installed and
recommended Linux tools and applications
+ Example guidelines on documenting the hardware and partition layout of
your specific hardware
Linux Distribution Thoughts:
----------------------------
+ Thoughts and recommendations on picking a Linux distribution
+ A common "Search & Replace" key to customize this doc to YOUR specific
environment for both better clarity and the ability to use Search and
Replace tools to customize to your specific setup
Core OS setup:
--------------
+ Configuring, compiling, installing, and booting both a 2.2.x & 2.0.x kernel
+ Lilo configuration, security, and recovery
+ PCMCIA / CARDBUS PC-Card Services
+ Software RAID 0 (striping) hard drives
+ 7-CD SCSI CD-ROM changer system
+ Automated Patching via RPM notifiers
+ EXT2 file system tuning
+ IDE hard drive performance optimization
+ Dual printing system support for both UNIX and Windows/Samba hosts
Network Connectivity:
---------------------
+ Strong, comfigrable, and well commented IPCHAINS and IPFWADM packet
firewall rule sets for SINGLE, DUAL, and THREE NIC environments. This
section also includes a complete intro on how Packet and Stateful
Inspected firewalls work
+ Automated rollback script for the loading of rc.firewall rule sets so that if you
make an error in the firewall rule set and the rule set doesn't complete
execution, a backup rule set will be automatically loaded to restore
connectivity.
+ Full LAN masquerading (NAT or Network Address Translation) using private
IP addressing
+ Masq IP port forwarding support (PORTFW)
+ Three Ethernet network card support setup and TCP/IP Performance optimization
(modem and cable modem users w/ DMZ support)
+ DNS servers running both primary and secondary zones using Bind in a
CHROOTed and and SPLIT Zone configuration
+ Full Sendmail e-mail system support w/ domain masquerading & Anti-SPAM measures with support
for more than one Internet domain on one EMAIL server
+ IMAP4 / POP3 remote email service
+ DHCPd server for other LAN machines (laptops, etc)
+ DHCPc client setup for TCP/IP addresses
+ SAMBA : Full Microsoft Windows file & printing support
+ NFS: Full Sun RPC-based Network File System support
+ IPSEC (Swan) VPN [Almost Complete]
+ PPTP VPN client and forwarding through IPMASQ
+ HTTPd WWW WWW server
+ PPP connectivity for primary PPP connectivity AND backup PPP connections
+ Dial-on-Demand (Diald) Internet connections (modem users)
- Automatic Internet connections every 15 minutes (modem users)
+ Direct dial-in terminal / PPP access via a modem
+ NTP time calibration
+ Full UNIX LPR and SMB printing
Security:
---------
+ Complete physical and OS-level security recommendations and guidelines
+ Full SSHd (encrypted TELNET) support
+ Actively Updated Linux system security and patching (Shadow passwords, etc)
+ Advanced SYSLOG logging and nightly filtered reports emailed to the root user
+ Prioritized TrinityOS "CRITICALITY" rating system in the CHANGELOG section
to gauge the level of urgency of security vulnerabilities, system
mis-configurations, etc.
+ NMAP port scanning to test your packet firewall
+ Figuring out if you have been hacked.. Confirm it!
+ Prioritized ChangeLog to let users know what changes are and are NOT too important
+ Anonymized Sendmail Banners
System backup:
--------------
+ Minimum backups to floppy
+ Full tape backup to HD drives via a custom Local/NFS/Samba script
+ Full tape backups via BRU with emergency restore diskette creation
+ Full APC SmartUPS power down support (APCUPSd) with both paging support
and plotting power stats with GNU Plot to a graph which is emailed via
"Sendlogs"
+ Backing up the server to a CD-R [not completed yet]
More Extensive Guides:
----------------------
+ How to fix LILO, HD partitioning, and file system corruption
+ How to obtain an Internet domain(s) via a domain registrar
+ How to successfully move Internet domains across DNS servers and/or
TCP/IP addresses
+ How to recover from your box being hacked and how to RE-secure it
+ How to understand and fight SPAM email
+ SSH encrypted PORTFW VPN tunnels for email, etc
Future
Features:
=========
(Won't be implemented in any particular order)
* TrinityOS TO-DOs:
-------------------
+ Add more "Configuration via GUI tools" sections
* Network stuff
---------------
+ Modularize the rc.firewall rulset so updates can be transparent and not
require additional tailoring for each update.
+ Remove LPR and replace it with LPRng or CUPS
+ IPv6: Configure and setup IPv6 and possibly setup a IPv6 tunnel via the 6Bone
+ Dial Backup: Add automatic analog modem dial backup when the ADSL/Cable
modem goes down
+ CODA: Replace NFS support with CODA
+ Add a CACHING only setup for 8.1.x DNS
+ Setup a email list server (MajorDomo, Petidomo, dunno yet)
+ Email sent dynamic IP address exception requests for access through the
TCP Wrappers and the IPFWADM rule sets
+ DHCPc client setup for Cablemodems
+ 128-bit encrypted Apache SSL WWW server
+ Move over to xinetd for better DoS protection
+ WWW Proxy services
+ WWW banner add filtering
+ Give instructions on compiling Xntp
* Security Stuff
----------------
+ Replace the Sendlogs script to use either Swatch or LogSentry
+ Automate the firewall hits logging for trend analysis
+ Install PGP / GPG for secure and/or verified communications to: other users, Internic,
binaries/source code verification, etc.
+ Tripwire Security Breech monitoring [not completed yet]
+ SATAN / SAINT / Nessus / COPS / ISS security testing
* Application stuff
-------------------
+ Get Sendmail to run in an SMRSH shell
+ Implement Procmail to do local email filtering
+ Setup fetchmail to get remote email vs. setting up a remote .forward
* Administration stuff
----------------------
+ Rotate the UPS logs
+ Implement automatic weekly incremental tape backups to the TR4 tape drive.
* System Stuff
--------------
+ Iomega parallel ZIP drive support
------------------------------------------------------------------------------------
IP-MASQ-HOWTO: The Official Linux Documentation Project (LDP) HOWTO Distribution site:
These are the most current versions of the Linux IP Masquerading HOWTO. If you find
any spelling mistakes, typos, unclear sections, etc., please let me know.
NOTE: I have now made the DocBook version of the HOWTO the primary version and deprecated the
obsolete LinuxDoc version. The LinuxDoc version did not support the 2.4.x kernels and no longer
meets LDP document requirements. If you would like a copy of the old IPMASQ HOWTO in LinuxDOC format,
please email me.
Current version:
11/13/05
The current IP Masquerade HOWTO covering the 2.4.x / 2.2.x / 2.0.x kernels
- See the ChangeLog at the end of the HOWTO for recent changes:
The IP Masquerade HOWTO is available in the following formats:Compressed
Chapterized HTML files
TAR.GZed
One Large HTML file
GZIPed
One PDF file
[11/13/05] - (might be out of date)
GZIPed
One Large SGML file
GZIPed
All of the above IP MASQ HOWTO formats in one Large TGZ file
TAR.GZed
Example rc.firewall rulesets from the HOWTO:
-- Hold the SHIFT key to download --
rc.firewall-iptables and
rc.firewall-iptables-stronger
rc.firewall-ipchains and
rc.firewall-ipchains-stronger
rc.firewall-ipfwadm and
rc.firewall-ipfwadm-stronger.
Tgz of all 6 files
Installing and Configuring IPMI 2.0 on Linux:
Current version:
10/16/05
Abstract:
IPMI is a newer PC hardware management system that lets you monitor the state
of hardware (fan RPM, thermal temps), gain console access, and issue power
commands (reset, power on, off, cycle) all from the machine's built-in
Ethernet port without even having an operating system installed on the machine!
That's right, no dedicated hardware for terminal servers, power management,
no functioning operating system! This standard is impressive but the
documentation from the various vendor tools and OpenSource sites are either
vague, incomplete, or just completely incorrect. This document discusses
getting full IPMI support on Linux Fedora Core3 on a SuperMicro P8SCi
motherboard. Feedback and other vendor IPMI gotchas is welcome.
Linux Audio CD ripping and encoding scripts for Grip:
Current version:
01/06/06
I have put together my thoughts on how to configure and enhance the Linux
audio ripping tool called "Grip" as well as how to use an Apple iPod via Linux
either via Firewire (IEEE1394) and USB as well as how to support an iPod using
Apple's native HPFS file system.
Details: The Grip program is a flexible tool so I wrote up how to use it in
example-based way much like TrinityOS and the IPMASQ howto. Also included is
a Grip shell script I wrote that encodes the initial WAV file with both the
lossless FLAC format as well as 256bit high quality MP3 format. The script
was written to be very flexible and it saves me a LOT of time.
Linux IEEE-1394 SBP2 Benchmarking:
I recently ran some firewire benchmarks to better understand how the same
IDE HD installed into a Compucable 525DX enclosure would run behind an Agere
OHCI vs. Ti OHCI IEEE1394 Firewire cards vs. natively on a UDMA100 IDE
controller. Testing was run using HDPARM, Bonnie++, and "dd" on EXT2, EXT3,
and ReiserFS file systems.
Function.S:
Just starting out with UNIX? Can't remember some one command-line parameter,
or just looking for some new UNIX commands to try out? Check out my
Function.s
UNIX crib sheet! It covers everything from simple Vi commands
to advanced Meta-character replacement and more!
Updated [04/22/04]
Securing Linux: Step
by Step"
If you like TrinityOS but find it missing some specific topics or you need
something a little more readible, check out the *original* "Securing Linux:
Step-by-Step" guide I co-wrote for SANS. It was well received by the SANS
Conference in San Francisco and I think you'll like it too. The above link
also has the book's Table of Contents, some example pages, and other information available if you are interested. It's
worth mentioning that SANS re-wrote this book without any of my input so the
new version is most likely completely different.
Please note that some of the book's content DOES overlap with
TrinityOS but many things covered in the "Securing Linux" book is not covered
in TrinityOS and vice versa. These two documents truely complement eachother
at this point in time.
In addition to the IP Masq HOWTO, I wrote a decent magazine article for "Linux Magazine" on how IP Masq works.
Click on the magazine's front cover below to read the HTML version of the article.
Its unfortunate that the graphics within the HTML article are too small, fortunately, all the text is there.
I'll try to get Linux Magazine to fix that.
Pre-TrinityOS documentation for PPP/MASQ and PPP/MASQ/Diald setups:
Pre-TrinityOS docs:
NOTE: Both of these PPPd and DIALs docs are NOT in the TrinityOS doc
yet. They will be soon though.
PPP with PAP authentication
IP Masquerading (NAT)
Dial-on-demand (Diald) PPP connections
and more!
Rocko:
Check out the specs and history of first Linux server that's been in
24 by 7 production since 1992! The hardware has changed over time but never
the methodology.
Other excellent Linux documents and URLs:
The Linux Documentation Project (LDP)
This site is a absolute must for ALL Linux users. This site has all the Admin guides
(Install, Network, System Admin, Users Guide, etc), all the HOWTOs & FAQs, all the
MAN pages, etc.
Highly recommended.
A Linux site for TRUE beginners:
All kinds of intro documents for the new Linux/UNIX user for installation,
configuration, etc.
LinuxHQ: A great central site for
all kinds of Linux news, tools, software, etc..
Linux.org: The original Linux WWW page.
A great central site thats searchable for info, applications, etc.
Josh's LinuxGuide: Josh's
Linux Guide is a great resource for the new Linux user. It covers everything
from how to mount floppy disks to configuring and running X-windows!
The Signal 11 FAQ: Do you get a
bunch of Signal 11 errors when you compile stuff on your Linux box? If so..
its your HARDWARE. Seriously.. read this FAQ and it will explain a LOT to you.
Whenever I build new computers.. this is how I ALWAYS test the stability of
the machine. If it can compile Linux kernel.. it will run ANYTHING!
Locating Applications, utilities, and other Misc. software for Linux:
The Linux Applications
and Utilities page: Looking for a specific peice of Linux software by
Name? By Type? Need a master search engine for all the Linux stuff out
there? Look no further!
The Master RPM Software
Source:Check out this site to find all the RPMs your heart could desire!
Other Linux News sites:
Linux Weekly NewsA great site on new news regarding
Linux issues such as kernel versions, new application versions, press announcements,
etc. Highly recommended.
FreshMeat.net
Slashdot.org: Another strong Linux news WWW site!
Mailing lists:
Not interested in joining a mailing list but just want to search their archives?
Check out LinuxHQ's Lists
Archives!
This is an AWESOME way to search e-mails within a specific
subject from viewpoints of both beginner and experienced Linux users
alike. This is one of the fastest ways to figure out a problem
when none of the MAN pages, HOWTOs, FAQs, etc help out.
You can almost COUNT on the fact that someone else has had your
exact problem before and its archived HERE!
Distribution Specific:
Slackware:
Send email to listserv@slackware.com
to get a list of available mail lists.
Redhat:
Goto Redhat's Archive page to find
all the lists you can join. They have everyting from generic Redhat lists
to platform-specific lists.
Networking Specific:
IP Masquerading:
Send mail to
masq-subscribe@tori.indyramp.com to join the MASQ group.
Send mail to
masq-dev-subscribe@tori.indyramp.com to join the MASQ developers
maillist.
Networking:
Modems and PPP:
The Official Diald WWW page:
Dial-on-demand PPP connections for Linux.
Diald Monitor:
A monitor for the DIALD (Dial on Demand) daemon.
EQL:Bond multiple
modem connections together for one virtual PPP connection.
Another EQL ISP:More excellent
info on EQL for Linux.
Network Card drivers:
Network Drivers: If your stock Linux kernel doesn't seem to support
your new Network card, check here!
IP MASQ:
The Official IP Masquerade Homepage:
The primary site for ALL IP-MASQ related info. Run by Ambrose Au and ME!
Steve Clarke's
IPportfw tool to forward non-MASQ'able traffic through Linux's firewall.
IPFWADM rules:How to setup a
firewall on your Linux box. (See the TrinityOS doc for more advanced firewall rules).
IPFWADM Dotfile ruleset
generator:
A GUI interface to Jesper Pedersen's IPFWADM dotfile module. This will let the
common Linux user setup powerful IPFWADM rulesets for your network.
DHCP client for Cablemodem users:
DHCPc: Here is are two links to help DHCP-addressed cablemodem users get their
Linux box to get DHCP IP addresses. TrinityOS now fully covers this as well.
http://www.linux-firewall-tools.com/linux
Though this site is specific to the TimeWarner
RoadRunner service, it will work for ALL DHCP-enabled cablemodem setups.
Samba File & Print Services:
Samba: Samba is a Microsoft Windows v3.1, 95, and
NT file and print server for Linux. Funny thing is.. its a BETTER file and print server
than Microsoft's products ARE!
Linux Books and Mags:
Looking for some good Linux books? Here is great starting link from a fellow
Linux user who has written up a few good book reviews. I have also read
most of these books and I completely agree with him that O'Reilly Linux
books RULE! Check it out:
Linux Book Reviews
Also check out:
The Linux Journal:
A great mag for the Linux novice and guru alike! Subscribe to this one..
you won't be sorry!
The Linux Gazette: A !FREE! sister
publication to the Linux Journal with all kinds of great stuff in it.
Write lg-announce-request@ssc.com
with the word "subscribe" in the body, and each month you will receive an e-
mail notice when we post Linux Gazette.
Check out Alan Cox's Books
List for some other good ideas and recommendations.
Security:
rootshell.com - It doesn't get much
more authoritative than this for UNIX/NT/etc security!
Check out this URL on HOWTO
integrate Pine with PGP.
Kernels:
Standard and test 2.0.x and 2.1.x kernels:
ftp.kernel.org: This site
has all of the newest mainstream Linux kernels from 1.0 to 2.1! This site is
also accessable via FTP, HTTP, NFS, and SMB!
Bleeding edge and all the PRE 2.0.x kernels:
The Linux Maintinance Project: This site
has all of the newest PRE 2.0.24 Linux kernels!
Alan Cox's FTP site: Alan's
site seems to be the only place that has the 2.0.34PRE and 2.0.35PRE kernels. His
site also has patched kernels for the 2.1.x revs and other security releated
files.
System Optimization:
IRQ-Tune:Does your PPP/Modem
connections seem slow? Especially when your system is under load? Check
out IRQTUNE on how to FIX it!
GUI Configuration tools:
The LinuxConf Homepage: The Ultimate Administrative GUI System for Linux
Laptops:
The Linux Laptop Homepage: Having some tough times getting PCMCIA services
running? X-windows just won't work? This site is a MUST for all Linux laptop
users.
Looking to impliment or upgrade
PCMCIA services
on your laptop? This is PCMCIA headquaters.
Special Drive setups:
Linux ZIP drive Homepage
You are graphical user: (I'm a loser, I need to put up a new counter)
Last Updated: 01/17/06
[ HOME ]
[ Linux ]
[ RAS ]
[ Networks ]
[ PC Hardware ]
[ ISDN ]
[ Cablemodems ]
[ Eval ISPs ]
[ Security ]
[ Trinity Designs ]
[ Who am I ]
[ Bookmarks ]
[ ChangesLog ]
[ Email me ]
[ --- ]
[ Search! ]
|
|
