[KLUG Members] KLUG Meeting Notes for 01/28/2003
mag00
members@kalamazoolinux.org
Fri, 31 Jan 2003 01:11:27 -0500
KLUG Meeting Notes: Tuesday - January 28, 2003 7:00PM
I. PRESENTATION RECAP
II. NEXT WEEK'S MEETING INFO <=== Beginner's Meeting!!!
III. KLUG MAILING LISTS
IV. KLUG NEWS FLASHES
V. KLUG CONTACT & MEETING INFO
Tonight's Meeting Moderator: Todd Pillars
I. PRESENTATION RECAP
THIS WEEK'S KLUG PRESENTATION: (28 active KLUG participants)
*****************************************************************
Mandatory Access Control
by Matthew Benjamin
This week KLUG had the privilege of hosting a guest speaker well known
in the Open Source security, and eastern Michigan. If you're an NPR
listener you've probably heard the name of his company, the Linux Box,
many times due to their generous sponsorship of public radio. A large
turnout of happy KLUGites gave Mr.Benjamin a warm welcome to our
side of the state. We all heard about "Mandatory Access Control",
an advanced security mechanism whereby you can grant specific "super
user" privileges to various security contexts on an as-needed basis,
while at the same time protecting your machines from the super user
context itself. Think of it as: 'beyond root'.
Information on Mandatory Access Control and LIDS
------------------------------------------------
http://www.foo.be/lks/lks.pdf
http://www.unixreview.com/documents/s=1234/urm0106m/0106m.htm
http://www.linuxsecurity.com/articles/host_security_article-3227.html
http://www.lids.org/
PRESENTATION SUMMARY:
***********************
Hopefully this information will be posted as a .pdf on the
past presentations page. See the first entry in the FLASHES
below for instructions on how to get this reference material.
Matt used a laptop running Suse Linux, with the KDE desktop and
OpenOffice - XXdiff (puts two files side by side) - and the
good old terminal window connected to the KLUG SVGA projector to
take us on an exciting tour of "Mandatory Access Control" (MAC)
and the "Linux Intrusion Detection System" (LIDS) security tool.
He gave us a thorough overview of the entire tool set and then
gave us a LIVE demo of the way that LIDS sets up security on his
laptop.
It would be an understatement to say that LIDS blocks the typical
hacker exploited weaknesses of a system. This tool enables a B1
security rating which is as high as you can get short of
unplugging your PC! It meets Dept. of Defense guidelines and
allows you to protect systems that are accessible to the outside
world from surreptitious attacks by even the most elite Linux
hacking experts. If you are paranoid about intrusions into your
at-risk realm... this is a solution for you to consider. Matt even
told us who should be (and is) using this type of security and why!
Matt exhibits a passion for technology and the Open Source GNU/Linux
community. I know that we were enthralled by his manner and his
eloquent presentation style. This was a nerd's nerd in the most
positive sense of that designation. WOW! What a night he gave us.
He left us speechless and practically whimpering from overwhelming
detail and technical content. He declared victory when no more
questions were being launched from the "KLUGite brain trust." He
answered all our questions and satisfied even the most suspicious
among us. LIDS can be attacked and defeated... but it will take
a guy like him to do it. Not many like him exist on this planet!
Perhaps the Linux Box president, Elizabeth Ziph, would be at or near
Matt's level of operating system architectural understanding. There
might even be others associated with him that are among these elite.
His outline was as follows:
TOPICS
-------
Overview
Practical Objectives
B1 / Common Criteria (security rating)
MAC, Open Source
LIDS
How LIDS looks to the Kernel
General Usage Pattern
Installation Procedures
Recommended LIDS Kernel Build Options
LIDS Configuration File
LIDS Commands
LIDS Access Control Lists (ACL's)
Sample LIDS Configuration and LIVE Demonstration
LIDS Success Stories
Potential Problems
Future Directions
Questions (and ANSWERS too!)
Matthew W. Benjamin, president, CTO, and co-founder of The Linux Box
Corporation, has over 10 years experience in Information Technology.
He is a contributor to a variety of open source software packages and
tools. Prior to co-founding The Linux Box he held a senior developer
position with Comshare, Inc. in Ann Arbor, Michigan. Matt had been a
consultant with Integrated Micro Systems prior to joining Comshare. He
holds a master's degree from the University of Michigan, and a
bachelor's degree from the University of Missouri.
The Linux Box
-------------
http://www.linuxbox.nu/index.php
The Linux Box has been providing services from training to software
development to customers users using Open Source software since 1999 and
are a sponsor of the Linux Professional Institute http://www.lpi.org
Visit Matt and his team of Open Source GNU Linux experts in Ann Arbor
at 206 South Fifth Ave. Suite 150. Make sure you call first so they
can lower the drawbridge and turn off the 100,000 volt electric fence!
(734) 761-4689 They are into fortification in a BIG way. If you make
Matt angry, you might find your decrypted shawdowed password file
published on IRC in a room called "WHAT_WERE_YOU_THINKING_STUPID?" Nah!
He is definitly a white hat guy, if there ever was such an archetype
II. NEXT KLUG MEETING - TUESDAY 02/04/2003
******************************************************************
Linux for Beginners
by Todd Pillars
THE BEGINNER'S MEETINGS ARE HELD the first Tuesday of each
month. Linux basics and distribution installs are the
lessons of these evenings. If you do want KLUG's FREE help
installing Linux on your computer at one of these meetings,
http://kalamazoolinux.org/meetings/installform.html
Contact the KLUG Installmasters for more information:
installmaster@kalamazoolinux.org
- and -
ORDER YOUR SOFTWARE HERE: http://kalamazoolinux.org/bsware
Now is the time to get started! Linux is becoming a mainstay
of free software, free choice, dependability and power.
===============================================================
THE STANDARD KLUG BEGINNER'S PRESENTATION - LINUX BOOT CAMP!!!
http://kalamazoolinux.org/presentations/beginner01.html
===============================================================
Note:
As Linux matures as an OS, the educational needs are evolving.
The Beginner's Meeting format is changing with those needs.
It is difficult to cover all the basics in one meeting. Linux
is not just for CS experts and IT professionals. The "BASICS"
meetings are intended for those with limited experience with
Operating System's or even Personal Computer's. Your comments
and questions are welcomed!
Working on getting biographical information on Todd Pillars.
Todd is the new Chairperson of KLUG and has some great ideas
that he will implement when he gets some other projects out
of the way. He is in transition right now, moving from his
previous work and taking on something new. This can take up
a great deal of time as one settles into their new employment
responsibilities. We look forward to another progressive year
of growth for KLUG under Todd's leadership.
III. K L U G M A I L I N G L I S T S
*************************************************************
Diversified mailing lists can be found on the KLUG web site.
http://kalamazoolinux.org/listserv/
Facilitated by - John Bridleman listmaster@kalamazoolinux.org
Sign up and participate to serve the Open Source community!!!
IV. K L U G N E W S F L A S H E S ! ! !
==============================================================
MATTHEW BENJAMIN OF THE LINUX BOX OFFERS MAC & LIDS TEXT!
If you missed the presentation this week you can receive
the text copy of his information by requesting it from me.
recordingsecretary@kalamazoolinux.org
==============================================================
THE HARDWARE CONTRIBUTIONS KEEP COMING WEEK AFTER WEEK!!!
Brian Ritz ahnded me a list of hardware donations to KLUG.
He has given us 3 Intel Pentium processors, 2 - 133 MHz and
1 - 200 MHz CPU's! He also donated 1 - 8 Mb EDO SIMM, 1 -
16 Mb EDO SIMM, and 6 EDO SIMM's of unknown size. Make sure
you thank Brian for his generous donation intended to be
used in some fo the 15 machines that we recently received.
==============================================================
KDE V3.1 IS RELEASED
On January 28th 2003, the KDE Project released KDE 3.1, a
major feature upgrade to the successful KDE 3.0 series.
http://www.kde.org/announcements/announce-3.1.html
==============================================================
THE VOTING RESULTS FOR THE 25 BEST GAMES FOR LINUX ARE ANNOUNCED
You are right... the numbers are just not there yet but things
are steadily improving as the Linux desktop penetration grows.
http://slashdot.org/articles/03/01/29/154247.shtml?tid=127&tid=106
==============================================================
FINALLY: PC-TO-PHONE CALLING FROM LINUX
GnomeMeeting now supports decent quality, low-cost VoIP calls to
any real phone in the world. It's about time." The calls are
through a company called MicroTelco.
http://slashdot.org/articles/03/01/29/080221.shtml?tid=95&tid=106
==============================================================
LINDOWS.COM SUMMARY JUDGEMENT MOTION DISMISSED
Microsoft filed suit against Lindows in the U.S. District Court
in Seattle in December 2001, charging that "lindows" infringes on
Microsoft's Windows trademark.
http://www.infoworld.com/article/03/01/24/030124hnlindows_1.html?s=IDGNS
==============================================================
FAIR USE UNDER ATTACK, EFF CO-FOUNDER JOHN PERRY BARLOW ARGUES THE CASE
Barlow discusses his opposition to DRM (digital rights management),
intellectual property law, and copyright extension.
http://www.infoworld.com/article/03/01/24/030124hnbarlow_1.html
==============================================================
LINUX WORLD IS WALL-TO-WALL GOOD NEWS
32-processor Linux systems, fast cluster nodes and business
opportunities make this a fun show.
http://www.linuxjournal.com/article.php?sid=6590&mode=thread&order=0
==============================================================
LINUX SUPPORTING CAST GROWS
Some large enterprises are putting broad Linux deployments on hold
until the next version of the kernel, 2.6, is released with improved
clustering and scalability.
http://www.eweek.com/article2/0,3959,847072,00.asp
==============================================================
DEARTH OF TOOLS HAMPERS LINUX
An integrated development environment (IDE) could be the missing
link that's keeping Linux from being widely deployed in the
enterprise. http://www.eweek.com/article2/0,3959,847067,00.asp
==============================================================
META, MORGAN STANLEY ALL THE BUZZ AT LINUXWORLD [PINCH ME!!!]
Microsoft will begin moving some of its proprietary technologies
to Linux by the end of next year.
http://www.eweek.com/article2/0,3959,847643,00.asp
==============================================================
IBM, SUSE NOTCH ANOTHER LINUX WIN
In another European Linux win for IBM and SuSE Linux AG, the
Kommunales Rechenzentrum Niederrhein (KRZN), a public sector
data center serving more than 60 counties in the northwestern
section of Germany, has chosen to run Linux on IBM zSeries
mainframes. http://www.eweek.com/article2/0,3959,852248,00.asp
==============================================================
V. K L U G C O N T A C T & M E E T I N G I N F O
*************************************************************
KLUG WEB SITE http://kalamazoolinux.org
MEMBERS AND GUESTS - COME JOIN US FOR A MEETING!!!
http://kalamazoolinux.org/meetings
WE MEET WEEKLY, EACH TUESDAY AT 7:00PM.
Our meeting site is the Kalamazoo Chamber
of Commerce office building downtown.
346 W. Michigan Ave. - Kalamazoo, MI 49007
http://kazoolug.org/meetings/maps.php3 <=== MAP!
CONTACT INFORMATION:
Kalamazoo Linux Users Group, Inc.
6749 South Westnedge Avenue
Suite K-288
Portage MI 49002
e-mail address: chairman@kalamazoolinux.org
Copyright 2003 Kalamazoo Linux Users Group, Inc.
>><< send corrections, additions, flames to the KLUG scribe >><<