Week 13 – Blog 11 -- Page 578

Answer the questions to the Assignment on page 578.

1. What series of commands starts a child csh shell, determines the current port, then examines the processes currently running on that port?
A. csh ; tty ; ps –t /dev/pts/1 >> job. (yup, tested!! Works!!)

2. A. What signal quits a process? A. CTRL-\
2. B. What signal interrupts a process? A. CTRL-C
2. C. What are the differences between the two? A. The quit signal stops the process, whereas the interrupt signal puts the process “on hold” until you get back to it.
2. D. When should you use kill -9? A. When no other kill command will work, it is a last resort because it cannot be ignored and you may lose work when the process stops.

Refer to this list for questions 3-5:
[2] stopped sort /etc/passwd
[3] - stopped vi .cshrc
[4] + stopped more .login
[5] running find / -name foo

3. What command would you use to bring the vi editor to the foreground?
A. fg %- OR fg %vi
4. What is the command you would use to kill the more process?
A. kill %4 OR kill -9 %4
5. What is the command you would use to get this listing?
A. jobs

6. Consider this: You log on to your system on tty23. The system starts a csh for you that has a PID of 1056. Then you start a shell script (which is executed by a sh with a PID of 1080) that in turn executes who with a PID of 2020.
Csh PID 1056
Sh PID 1080 PPID 1056
Who PID 2020 PPID 1080

6. A. what is the PPID of the who process? A. PPID 1080
6. B. What is the PPID of the process executing the script? A. PPID 1056
6. C. With information provided, can you determine with what tty the who process is associated? A. The tty is probably still tty 23.

Instructions: Enter or paste your written work and/or
click "Attachments" to upload your files.

Virtual Machine Info

http://www.oszoo.org/wiki/index.php/Main_Page
http://www.xen.org/
http://www.virtualbox.org/wiki/Downloads
http://www.vmware.com/appliances/
http://www.vmware.com/download/server/
http://www.vmachines.net/
http://www.virtualbox.org/

OpenGoo

OpenGoo bundles tools to edit text and HTML documents and presentations. A module to handle spreadsheets is currently under development. You can upload files in other formats to OpenGoo for centralized access and version control. Users can also create and manage task lists, send and receive email, and manage personal and group calendars, links, and contacts.

Many of these tasks are handled by other open source apps. Instead of reinventing the wheel, the OpenGoo developers glue together available tools, filling in the odd hole with custom apps wherever required. Some of the tools they use include FCKEditor for text editing, ExtJS for most of the AJAX interface, activeCollab for project management, and Reece calendar. For handling and editing presentations, the developers created something called Slimey.

Get OpenGoo here: http://opengoo.org/

JumpBox

http://www.jumpbox.com/
http://www.jumpbox.com/product/FREE+Downloads

Virtual Appliances

http://www.linux.com/feature/138166


This is amazing !!
I want to do this !!

Week 12 – Blog 10 – Permissions

Besides permissions, what other ways are there to secure a system?
1. You can protect your system by requiring that users log on and use strong passwords. It is a good idea to let the screen lock after a period of inactivity and require the user to log back on.
2. Your anti-virus software can be set to scan for malware and viruses. Use anti-spyware, anti-malware, anti-adware software and keep it updated. Keep abreast of the news and be aware of threats as they arise. You should be aware of keylogger programs that record your keystrokes so an unauthorized user can steal your information. Good article here: http://www.securityfocus.com/infocus/1829 (see note below)
3. You can use either a software or hardware firewall. If you have a network you can combine a proxy firewall with a packet-filtering firewall greater defense.
4. Keep all your software and operating system updated so that any security patches will be installed.
5. Keep file sharing to a minimum.


What type of threats might you be securing yourself from?
1. One type of threat would be an unauthorized user getting passwords or other data off of your computer either by getting into your computer from the Internet or by capturing your information when you are on the Internet.
2. Another type of threat is malicious software installing itself on your computer.
3. If you have a network, you do not want any unauthorized users to have access to your data, your web pages, or any of your user information.



Note on keyloggers from http://www.securityfocus.com/infocus/1829
To prevent keyloggers on the desktop level two types of anti-keylogging software is available from various vendors:
1. Signature based anti-keylogger. These are applications that typically identify a keylogger based on the files or DLLs that it installs, and the registry entries that it makes. Although it successfully identifies known keyloggers, it fails to identify a keylogger whose signature is not stored in its database. Some anti-spyware applications use this approach, with varying degrees of success.
2. Hook based anti-keyloggers. A hook process in Windows uses the function SetWindowsHookEx(), the same function that hook based keyloggers use. This is used to monitor the system for certain types of events, for instance a keypress/mouse-click -- however, hook based anti-keyloggers block this passing of control from one hook procedure to another. This results in the keylogging software generating no logs at all of the keystroke capture. Although hook based anti-keyloggers are better than signature based anti-keyloggers, note that they still are incapable of stopping kernel-based keyloggers.

P.S. I know you are aware that there are classes on computer security, I can't even begin to cover it all here.
But I gave it a shot :-)

P.P.S. See Snort in the entry below.

Snort !!

What is Snort?

Snort is an open source network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.

Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient.

Snort has three primary uses. It can be used as a straight packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion prevention system.

GUI list for Linux/UNIX

http://www.linux.org/apps/all/GUI/Window_Managers.html

Linux.org

Great Website Index !!
http://www.linux.org/apps/all.html