Linked by Thom Holwerda on Mon 1st Aug 2005 14:13 UTC, submitted by LogError
Linux There seems to be a new important security patch out for Linux every month, lots of "do not use this program" warnings, too many articles and books with too little useful information, high-priced consultants, and plenty of talk about compromised systems. It is almost enough to send someone back to Windows. Can the average Linux user or system administrator keep his or her system secure and still have time to do other things? Bob Toxen is happy to say yes and here is how to do it.
Thread beginning with comment 12438
To view parent comment, click here.
To read all comments associated with this story, please click here.
deathshadow
Member since:
2005-07-12

Agreed there Paul! I've been getting the feeling the attitude towards *nix in general finally shifting to something a bit more realistic...

Perhaps finally people are realizing that the "Average" user is going to respond with a whole bunch of four letter words when you feed them commands like:

find / ! -fstype proc -perm -4000 ! -type l -ls > find_uid.log
find / ! -fstype proc -perm -2000 ! -type l -ls > find_gid.log


ANYONE who thinks that is "Ready for the average user" deserves a good *WHAP* upside the head, even if it is something the user "Only has to do once"

There used to be an old saying about the Mac, that "The first week you own it you'll be amazed by what it can do, for the rest of your life you'll be amazed by what it can't do..."

I think linux has assumed that mantle with a minor modification: "The first week you own it you'll be amazed by what it can do, for the rest of your life you'll be amazed by what it can't do without endless hordes of cryptic entries from the command line."

Reply Parent Score: 1

Dark_Knight Member since:
2005-07-10

Re: "I think linux has assumed that mantle with a minor modification: "The first week you own it you'll be amazed by what it can do, for the rest of your life you'll be amazed by what it can't do without endless hordes of cryptic entries from the command line."

Not all distributions require use of the command line otherwise called Bash or the Terminal. Several distributions are just as easy to use as Windows XP is. The reality is that Linux is just the kernel and not all Linux distribution developers have "ease of use" at the top of their list when packaging the distribution with their own tools. Though claiming that using Linux (as in general to all distributions) requires cyptic commands is a clear indication you either have no idea of what you're commenting on or are severely misinformed.

Reply Parent Score: 1

deathshadow Member since:
2005-07-12

Though claiming that using Linux (as in general to all distributions) requires cyptic commands is a clear indication you either have no idea of what you're commenting on or are severely misinformed.

You did READ the article in question, right. Ok Mr. Smart guy, how many distro's let you view the set-UID and set-GID status of programs in one list without going to the command line?

The article is full of examples on how NOT to tell a 'average user' how to do things, much less go into things the average user really has no business DOING IN THE FIRST PLACE... Don't tell them CHMOD from the command line, show them how to do it from Konqueror, Galeon, or whatever flavor GUI file manager they are using. He talks about securing Apache, something I would not even expect the "average user" to even be RUNNING in the first {censored} place... The average user should never have to even THINK about doing something like "/etc/rc.d/rc3.d/*sendmail* restart" or dealing with the postfix vs sendmail thing, and yet since most every damned mail client relies on one of the two instead of handling it ITSELF you need to dig in to configure the thing to "secure it"...

The article aside, the first time the 'average' user tries to get a driver working they'll curse you out like a sailor, say "{censored} this" and go back to XP or go buy a Mac. The FGLRX or NV drivers for example (which it seems 90% of the distro's don't even come with by default), yes both have added a GUI panel once you get them running... But when you have a package manager that 'installs' the package then the user has to go in and do "lsmod -grep nvidia" then switch to root, do "init 3" to switch the runlevel, then rmmod nvidia just in case a kernel module is present... etc, etc, etc, you get the idea...

Reply Parent Score: 1