| DistroWatch Weekly
|DistroWatch Weekly, Issue 144, 27 March 2006
Welcome to this year's 13th issue of DistroWatch Weekly. Following last week's Fedora 5 release, the next few days will be equally exciting: we are expecting KDE 3.5.2, DesktopBSD 1.0. Frugalware 0.4 and the first release candidate of SUSE Linux 10.1. Before that happens, we'll bring you news about MEPIS switching allegiance, Slackware preparing version 11.0, and Debian compiling with GCC 4.1. Also in this week's issue: Ulteo, a new distribution developed by the founder of Mandrake Linux is nearing release, while the user community of PCLinuxOS gets a new community resource. In the review section we'll take a brief look at an intriguing book entitled Mastering FreeBSD and OpenBSD Security. Happy reading!
Listen to the Podcast edition of this week's DistroWatch Weekly in ogg (5.52MB) or mp3 (6.64MB) format (courtesy of Shawn Milo).
Join us at irc.freenode.net #distrowatch
Miscellaneous news: MEPIS switches allegiance, Slackware 11.0 pre-orders, compiling Debian with GCC 4.1, Ulteo, My.PCLinuxOS
As hinted previously, the developers of MEPIS Linux, an easy-to-use distribution for Linux beginners, have switched their base system from Debian to Ubuntu Linux. If the initial tests prove successful, we are likely to see all future releases of SimplyMEPIS based on the distribution which, although derived from Debian, has a more predictable release cycle and an enviable momentum that has already pushed it to the top of many popularity charts. Designed for experienced beta testers, the first experimental release of the Ubuntu-based SimplyMEPIS 6.0 is only available from the project's premium server (starting at US$14.99), although subsequent betas and the final release should be distributed publicly.
Good news for all fans of the oldest surviving Linux distribution: Version 11.0 of Slackware Linux is now available for pre-order from the distribution's online store. Although there is no word on when the new version will be formally released, the store now offers the usual 4-CD set for US$39.95 as well as a single-DVD edition for US$59.95 and a "Slack Pack" edition containing the DVD with the Slackware Essential book (2nd edition) for US$69.95. The current Slackware development tree is based on Linux kernel 2.4.32 (with version 18.104.22.168 in the testing directory), X.Org 6.9.0, KDE 3.5.1, Apache 1.3.34, PHP 4.4.2, MySQL 5.0.18 and the usual range of popular open source software. If you enjoy Slackware, don't miss this major new update!
Over the last two weeks, Debian developer and former Debian Project Leader Martin Michlmayr compiled the whole Debian archive on a quad-core MIPS machine donated by Broadcom using GCC 4.1. The aim was to find problems in GCC 4.1 itself and bugs in free software projects exhibited by GCC's increased standards conformance (in particular regarding C++ code). By compiling about 6200 packages, over 500 new bugs have been discovered and submitted, 280 of which are specific to the increased strictness of GCC 4.1. In a posting to the Debian development list, Martin classified the bugs he found and offered some useful links to programmers of C++ code. In a posting to the GCC list, he proposed that GCC should only produce new errors after warnings have been shown for at least one release, giving programmers more time to fix their code. This work is part of his research on quality in free software carried out at the University of Cambridge and sponsored by Google.
Last week's news about Ulteo, a new distribution being developed by the freshly unemployed Gaël Duval, has piqued the curiosity of many Linux users. As a result of the buzz, a French web site called NetEconomie expanded on the story by interviewing Monsieur Duval (the link is in French). Although the well-known founder of Mandrake Linux does not seem quite ready to reveal the finer details of the new product just yet, he does disclose that it will focus on ease of use throughout all the facets of the distribution, not just the user interface and that it will be designed for Internet-connected computers in the home and in small offices. Despite the "dot-com" nature of the distribution's domain, Gaël Duval promises that Ulteo will remain a free project, with the business model based on selling associated services rather than the distribution itself. The first beta of Ulteo is expected to be released in May 2006.
A new web site for the PCLinuxOS user community has been launched. Called My.PCLinuxOS, it promises to deliver an organised platform for the development of sub-projects that fall within the PCLinuxOS umbrella, and provide a unified system for creating user manuals, documentation and other relevant material: "We would like to help foster positive involvement within PCLinuxOS for users of all experience levels. We have areas for distributing user contributed software packages, submitting news and HOWTO articles, project newsletters, and areas for project development. No project is too small or large…." While still in its infancy, the new web site is already functional, with forums now ready for your input and the FAQs also starting to take shape. For more information please read the initial announcement and visit MyPCLinuxOS.com.
Following all the excitement surrounding the announcement of Fedora Core 5 last Monday, this week promises to continue the trend of new, interesting software releases. An update to the popular KDE desktop, version 3.5.2, is now available for Kubuntu (Breezy Badger and Dapper Drake), so the official release announcement can't be too far away now. A major milestone in the development of SUSE Linux 10.1 is expected on Thursday when the first release candidate should give us a good indication about the quality and stability of the new version. Looking through some of the mirror sites earlier today, we also spotted a couple of "wget-watering" and (as yet) unannounced distribution releases: after several release candidates, the CD and DVD images of DesktopBSD 1.0 are now available from a number of FTP and HTTP servers, while those of Frugalware Linux 0.4, officially scheduled for release later this week, have now also started appearing on the project's download sites. Expect the official release announcements of both later in the week.
DesktopBSD 1.0 - although not yet announced, the ISO images of the project's first stable release started appearing on mirrors on Sunday.
(full image size: 722kB, resolution: 1280x1024 pixels)
Finally, a handful of links for those moments when you just want to sit back, relax, and have a good laugh. The first one is meant to dispel the myth that software bug reports provide only boring, highly technical information completely detached of any human emotions. As proven by Bug #330884, the developers and users of Firefox are far from that; in fact some of them are trying to save a 5-year old relationship wrecked by a bug in Firefox that gave away a partner's dark secret - some frequently visited password-protected sites, some of which were a little, er, embarrassing, to say the least. The Register caries a similar story. In the meanwhile, here is a hilarious email exchange between the lead developer of CentOS and the City Manager of Tuttle, Oklahoma, USA, who mistook the default Apache welcome page for an attempt by CentOS to hack the city's web site, even threatening to hand the matter over to the FBI! Last but not least, don't miss the Guy's Guide to Geek Girls, a step-by-step HOWTO explaining the art of attracting, dating and "maintaining" geek girls. Enjoy!
|Book review: Mastering FreeBSD and OpenBSD Security
Book review: Mastering FreeBSD and OpenBSD Security
I have to admit that one of my biggest Internet-related fears is that I wake up one morning to find this site's web server security mechanism cracked and its web pages defaced. This paranoia further accelerates every time I dare to open the auth.log file and start wading through the ever increasing lines indicating that someone somewhere, at this very moment, is attempting a dictionary attack on the SSH server, or when I browse through the tcpdump output providing information about the number of times somebody tried to force their way in through a presumably water-tight port. As a result of this anxiety -- and also to improve my sleep -- I decided to do something: I invested in a copy of O'Reilly's Mastering FreeBSD and OpenBSD Security by Yanek Korff, Paco Hope and Bruce Potter.
Published in March 2005, this 450-page book is divided into three main sections: Security Foundation, Deployment Situations, and Auditing and Incident Response. While some security experts would be able to use the publication as a reference book, the majority of readers targeted by the authors will be wise to read it from the beginning, at least the chapters that are devoted to general security concepts. As the early chapters explain, system security is not a goal, but a journey; it's not something that you attain and forget about - instead, it's a never-ending state of alertness that may at times require fast reaction, lateral thinking and even calculated risks. That's because every security measure implemented on a computer system brings a trade-off. Devising an air-tight security system may indeed give the administrator fewer sleepless nights, but it can also reduce productivity of those users who have legitimate reasons to access the system.
But let's get back to the book. After going through the eye-opening early chapters, it covers the basic building blocks of a BSD system, such as security aspects of sysctl, chroot and jail (the two words that have become synonyms in Linux, but which mean two very different things in FreeBSD), inherent security mechanisms, cryptography and OS tuning. Chapter 3 then goes beyond these elementary concepts by introducing hardening techniques (e.g. sudo, turning off services, and system updates). The first section of the book is then concluded by discussing secure administration techniques, such as access control, network services and system health monitoring. This I found to be perhaps the most valuable chapter of the entire book - not only it covers excellent techniques for organising users, limiting access and dealing with passwords, it also gives many useful tips and warnings over potential pitfalls of granting users seemingly innocent privileges.
The next three chapters deal with practical considerations affecting the most common servers in existence - DNS, mail and web. As anybody who has run Sendmail, Postfix or qmail knows, mail server attacks have become very common in recent years and have been used as gateways to the entire system, or as mail transfer agents for delivering spam. The chapter shows how to guard against malicious mail server attacks and how to reduce the amount of spam delivered to the system's mail boxes. It deals extensively with both Sendmail and Postfix, but qmail users will find it unfair that their mail server is given no more than two paragraphs. Web server attacks are also covered in great detail, together with some advanced prevention techniques, such as the above-mentioned jails.
Next, it's all about firewalls and intrusion detection. OpenBSD's PF (which has since been ported to FreeBSD) is covered in some detail, although a better book to learn all there is about this excellent firewall is Absolute OpenBSD by Michael W Lucas. The last two chapters of the book are devoted to managing audit trails, incident response and forensics. I decided to skip these for the time being - not only I had been overwhelmed by all the new information I had to absorb in the preceding nine chapters, I haven't had a reason (knock on the wood) to learn about recovering compromised systems. But with ever increasing levels of Internet vandalism, it's great to know that a good resource is available as part of this great book.
Anything that could have been done better? Looking through some reader comments on Amazon.com and other forums discussing the book, it was generally very well received. The only aspects that were somewhat disappointing were the above-mentioned neglect of qmail, a rather superficial discussion on firewall failover techniques with CARP (Common Address Redundancy Protocol) and pfsync, and the omission of OpenBSD's systrace. But since this is the book's first edition, let's hope that the authors will expand the next one by incorporating the above topics.
So, will Mastering FreeBSD and OpenBSD Security make your server impenetrable? Of course not. But if you pay attention to some of the security concepts, implement a few security ideas specific to your situation, and understand the risk versus convenience trade-off, you will definitely sleep more soundly. You will be equipped with valuable knowledge that will give you confidence in preventing and dealing with common Internet malice. A great book indeed.
* * * * *
Title: Mastering FreeBSD and OpenBSD Security
Authors: Yanek Korff, Paco Hope and Bruce Potter
|Released Last Week
Fedora Core 5
The eagerly anticipated Fedora Core 5, code name "Bordeaux", has been released: "The Fedora Project is pleased to announce the release of Fedora Core 5. New desktop applications, advances in security, better localization tools, improved software installation and management facilities and strong Java integration help to make Fedora Core 5 the most innovative Linux distribution ever." For more details please read the release announcement, release summary and release notes.
CentOS, a community distribution built from source packages for Red Hat Enterprise Linux, has been updated to version 4.3: "The CentOS development team is pleased to announce the availability of CentOS 4.3. Major changes in this version of CentOS include: upgraded update system - this new system provides more that 100 total mirrors for updates and picks geographically close and non-stale mirrors based on our master server's content; Frysk, InfiniBand Architecture (IBA), and z/VM hypervisor issues are discussed in the upstream release notes; updated and added packages." Read the full release announcement for additional information.
AliXe is a French Canadian Linux live CD based on SLAX. The new version 0.04, released yesterday, is derived from SLAX 5.0.7b with a number of newly updated packages; these include Linux kernel 2.6.15, X.Org 6.9.0, KDE 3.5.0, OpenOffice.org 2.0.1 (replaces KOffice), GIMP 2.2.10, Firefox 22.214.171.124 and Thunderbird 1.5. Two keyboards are supported: Canadian French and Canadian multilingual. A "copy2ram" option is available on systems with the minimum of 512 MB or memory. Please refer to the release announcement and visit the project's home page (both links in French) for further details.
B2D Linux 20060321
Taiwan's B2D project has released a new KNOPPIX-based live CD that includes both KDE (3.5.1) and GNOME (2.12) on a single CD. Called "PureKGB", the new version combines the best software from the two major desktop environments, although due to space restrictions, some applications, notably OpenOffice.org, Nvu and Mozilla Thunderbird, had to be left out from the CD. These can be installed through the "Klik" infrastructure. Apart from this major change, the previously reported midi playback bug in Rosegarden has also been fixed. Please read the release announcement (in Chinese) for more information and screenshots.
SLAX, a popular live CD based on Slackware Linux, has been updated to version 5.0.8: "It's my pleasure to let you know that SLAX 5.0.8 has been released. All users are strongly encouraged to upgrade, because all new modules created from now are not readable in older SLAX releases. What's new? The long-awaited SLAX Server Edition is finally available; all other editions are updated too; 2.6.16 Linux kernel; fixed bug in mounting of DOS partitions (long file names work now); the 'uselivemod' and 'configsave' features work again." See the distribution's changelog for more details.
Ehad is a single-CD, Mandriva-based distribution designed for the speakers of Hebrew. A new major version was released over the weekend. What's new? "Based on Mandriva 2006.0 packages; includes all official updates released until 25-Mar-2006; OpenOffice.org 2.0 (Hebrew version from official project with hspell and Culmus); removed KOffice; the full range of desktop applications are now installed as default; Ehad desktop, boot and LILO theme; local packages: ehad-media (define software repositories with ease) , ehad-guide (a guide for Israeli Internet Connectivity), ehad-radio (Hebrew Internet Radio launcher), hocr (Hebrew OCR), hdate (Hebrew calendar), Anka (new type-1 font from 'culmus fancy' series)." Read the release announcement (in Hebrew) and release notes for more details.
Ehad 2006 - a single-CD Mandriva-based distribution with support for Hebrew
(full image size: 335kB, resolution: 1280x1024 pixels)
* * * * *
Development and unannounced releases
|Upcoming Releases and Announcements
Summary of expected upcoming releases
New distributions added to the waiting list|
- Aegean Linux. Aegean Linux is an i686-optimised Linux distribution designed for intermediate and advanced users.
- Openfiler. Openfiler is a CentOS-based network storage software distribution. It delivers file-based Network Attached Storage and block-based Storage Area Networking in a single framework.
* * * * *
DistroWatch database summary
That's all for today. The next issue of DistroWatch Weekly will be published on Monday, 3 April 2006. See you then :-)
|• Issue 537 (2013-12-09): OpenMandriva 2013.0, Gentoo developer interview, project Neon, Linux Mint and security|
|• Issue 536 (2013-12-02): Impressions of openSUSE 13.1, Ubuntu Touch, FreeBSD 10 delay, troubleshooting OS lock-ups|
|• Issue 535 (2013-11-25): GhostBSD 3.5, Debian and MATE, Ubuntu 14.04 features, security updates|
|• Issue 534 (2013-11-18): Review of OpenBSD 5.4, Fedora on ARM, menu names vs command-line names|
|• Issue 533 (2013-11-11): Point Linux 2.2, Pisi update, Debian and Xfce, Bruno Cornec interview|
|• Issue 532 (2013-11-04): Ubuntu and Kubuntu 13.10, Debian's init, FreeBSD's PKG-NG, Linux on ARM|
|• Issue 531 (2013-10-28): PC-BSD 9.2, openSUSE testing, nftables, upgrade pros and cons|
|• Issue 530 (2013-10-21): Kwheezy 1.2, DPL interview, Zenwalk's future, keeping up with vulnerabilities|
|• Issue 529 (2013-10-14): Ubuntu's Mir, dmesg and photorec tips, Tiny Tiny RSS|
|• Issue 528 (2013-10-07): Semplice 5, Haiku package management, Klaus Knopper interview, making custom distro|
|• Issue 527 (2013-09-30): Tiny Core Linux 5.0, SteamOS, moving operating system to new computer|
|• Issue 526 (2013-09-23): Look at ArchBang 2013.09.01, BSD Now, kernel stats, command-line tips|
|• Issue 525 (2013-09-16): The Official Ubuntu Server Book, FreeBSD 10 and OpenBSD 5.4, Skype alternatives|
|• Issue 524 (2013-09-09): Look at LXLE 12.04.3, Ubuntu's new package format, Secure Boot and dual-booting|
|• Issue 523 (2013-09-02): OpenIndiana 151a8, openSUSE "Evergreen", GNOME and DuckDuckGo, running apps from RAM|
|• Issue 522 (2013-08-26): Look at gNewSense 3.0, Ubuntu Edge fundraising failure, exploring GPL|
|• Issue 521 (2013-08-19): Review of Korora 19, Fedora considers return to "Core", Haiku package management|
|• Issue 520 (2013-08-12): Salix OS 14.0.1 "KDE", Xubuntu experiments with XMir, managing passwords with KeePass|
|• Issue 519 (2013-08-05): Review of Porteus 2.0, Kubuntu lays out plans for Wayland adoption, adjusting system swappiness|
|• Issue 518 (2013-07-29): MidnightBSD 0.4, Razor-qt, Ubuntu Edge, mounting infected drives|
|• Issue 517 (2013-07-22): Zorin OS 7 "Lite", Slackware turns 20, UbuntuForums compromise, Raspbian as home server, Tor|
|• Issue 516 (2013-07-15): Review of Fedora 19 "KDE", Shuttleworth on Mir, Seth Vidal, Kingsoft Office for Linux|
|• Issue 515 (2013-07-08): Whonix 0.5.6 and Deepin 12.12, MintBox, processor capabilities, distros for Raspberry Pi|
|• Issue 514 (2013-07-01): Peppermint Four, Mir, Mandriva forks, ThinkPenguin on libre hardware|
|• Issue 513 (2013-06-24): Look at ROSA, PC-BSD updates, Xen4CentOS6, Slacko vs Precise, Mageia interview, shells|
|• Issue 512 (2013-06-17): Trisquel 6.0, RHEL 7 with GNOME Classic, from Linux to FreeBSD, first look at Wayland|
|• Issue 511 (2013-06-10): Mint 15 impressions, GNOME Classic, Ubuntu Community portal, Absolute OpenBSD|
|• Issue 510 (2013-06-03): Impressions of aptosid 2013-01, Wayland comes to Raspberry Pi, maintaining DNS settings|
|• Issue 509 (2013-05-27): Mageia 3, Debian GNU/Hurd, RebeccaBlackOS with Wayland, ports|
|• Issue 508 (2013-05-20): Review of Debian 7.0, interviews with Clement Lefebvre and Gaël Duval, scripting with xdotool|
|• Issue 507 (2013-05-13): Impressions of Calculate Linux, 13.4, Ubuntu's portable packages, mintDrivers|
|• Issue 506 (2013-05-06): Ubuntu and Kubuntu 13.04, Debian "Wheezy", Slackware on systemd, distros for Raspberry Pi|
|• Issue 505 (2013-04-29): First look at PCLinuxOS 2013.04, Saucy Salamander, Remastersys and System Imager, Linux containers|
|• Issue 504 (2013-04-22): Look at Bodhi 2.3.0, Ubuntu 13.04 features, building OpenBSD ports, opening large files|
|• Issue 503 (2013-04-15): CentOS versus Scientific Linux, PCLinuxOS 64, Lucas Nussbaum, ZFS/Btrfs versus ext4|
|• Issue 502 (2013-04-08): Look at Mint 201303 "Debian", Ubuntu versus openSUSE, comparing ZFS and Btrfs file systems|
|• Issue 501 (2013-04-01): KANOTIX 2013 and GhostBSD 3.0, openSUSE Rescue-CD, Haiku package management, computer forensics|
|• Issue 500 (2013-03-25): Look at openSUSE 12.3, Ubuntu release changes, Debian backports, growing divide|
|• Issue 499 (2013-03-18): MINIX 3.2.1, openSUSE 12.3 on desktop, Ubuntu GNOME and UbuntuKylin, distros for musicians, KolibriOS|
|• Issue 498 (2013-03-11): Sabayon Linux 11, Ubuntu's Mir, Linux malware|
|• Issue 497 (2013-03-04): Rebellin Linux 1.00 "Adrenaline", rolling-release Ubuntu, Arch vs spin-offs, justification and diversity|
|• Issue 496 (2013-02-25): Review of Chakra 2013.02, The Book of GIMP, Ubuntu and privacy, FreeNAS vs NAS4Free|
|• Issue 495 (2013-02-18): SparkyLinux 2.1 "Ultra", Fedora 19 schedule, Xubuntu on DVD, cloud privacy|
|• Issue 494 (2013-02-11): FreeBSD 9.1, web server stats, Anaconda, rolling-release PC-BSD, fixing broken packages in Arch|
|• Issue 493 (2013-02-04): UberStudent 2.0, OmniBoot 1.0, MariaDB, Enlightenment 0.17|
|• Issue 492 (2013-01-28): Fedora 18 review, systemd, Kali Linux, Ubuntu Unleashed|
|• Issue 491 (2013-01-21): Fuduntu 2013.1, Fedora 18 desktop choices, Consort, accessing encrypted drive|
|• Issue 490 (2013-01-14): Look at Manjaro Linux 0.8.3, openSUSE on Chromebook, Able2Extract 8.0|
|• Issue 489 (2013-01-07): PC-BSD 9.1, Arch spin-offs, rolling-releases, year-end PHR stats, removing applications|
|• Full list of all issues|
|Linux Identity |
NEW The Best of Linux 2013: Fedora 19, Mageia 3, Mint 15, openSUSE 12.3, Ubuntu 13.04
68 pages, one DVD