This tutorial is aimed at those who have just started using Linux.
Generally when users from the Windows background enter the Linux
scene,they are totally stumped by the software installation method.
They were used to the luxury of double clicking on a single file
and getting their software installed. But now they have to type
cryptic commands to do the same.
Though the installation instructions tell them what to do, they
have no idea what those steps actually do. This article
shall explain the basics of software installation. After reading
this article you would feel more at home when installing your
next software.
Generally beginners tend to search desperately for RPMs since
installing RPMs is a real simple task. But this article doesn't
talk about RPMs. It deals with the softwares that you generally
get in the zipped formats as tarballs.
Details :
Generally you would get Linux software in the tarball format
(.tgz) This file has to be uncompressed into any directory using
tar command. In case you download a new tarball by the name game.tgz,
then you would have to type the following command
$ tar xfvz game.tgz
This would create a directory within the current directory
and unzip all the files within that new directory. Once this is
complete the installation instructions ask you to execute the
3 (now famous) commands : configure, make & make install.
Most of the users do this and successfully install their softwares.
But most of the newbies have no idea what this really does. The
rest of the article shall explain the meaning of these 3 commands
Each software comes with a few files which are solely for the
purpose of installation sake. One of them is the configure script.
The user has to run the following command at the prompt
$ ./configure
The above command makes the shell run the script named ' configure
' which exists in the current directory. The configure script
basically consists of many lines which are used to check some
details about the machine on which the software is going to be
installed. This script checks for lots of dependencies on your
system. For the particular software to work properly, it may be
requiring a lot of things to be existing on your machine already.
When you run the configure script you would see a lot of output
on the screen , each being some sort of question and a respective
yes/no as the reply. If any of the major requirements are missing
on your system, the configure script would exit and you cannot
proceed with the installation, until you get those required things.
The main job of the configure script is to create a ' Makefile
' . This is a very important file for the installation process.
Depending on the results of the tests (checks) that the configure
script performed it would write down the various steps that need
to be taken (while compiling the software) in the file named Makefile.
If you get no errors and the configure script runs successfully
(if there is any error the last few lines of the output would
glaringly be stating the error) then you can proceed with the
next command which is
$ make
' make ' is actually a utility which exists on almost
all Unix systems. For make utility to work it requires a file
named Makefile in the same directory in which you run make. As
we have seen the configure script's main job was to create a file
named Makefile to be used with make utility. (Sometimes the Makefile
is named as makefile also)
make would use the directions present in the Makefile and proceed
with the installation. The Makefile indicates the sequence, that
Linux must follow to build various components / sub-programs of
your software. The sequence depends on the way the software is
designed as well as many other factors.
The Makefile actually has a lot of labels (sort of names for different
sections). Hence depending on what needs to be done the control
would be passed to the different sections within the Makefile
Or it is possible that at the end of one of the section there
is a command to go to some next section.
Basically the make utility compiles all your program code and
creates the executables. For particular section of the program
to complete might require some other part of the code already
ready, this is what the Makefile does. It sets the sequence for
the events so that your program does not complain about missing
dependencies.
One of the labels present in the Makefile happens to be named
' install ' .
If make ran successfully then you are almost done with the installation.
Only the last step remains which is
$
make install
As
indicated before make uses the file named Makefile in the same
directory. When you run make without any parameters, the instruction
in the Makefile begin executing from the start and as per the
rules defined within the Makefile (particular sections of the
code may execute after one another..thats why labels are used..to
jump from one section to another). But when you run make with
install as the parameter, the make utility searches for a label
named install within the Makefile, and executes only that section
of the Makefile.
The
install section happens to be only a part where the executables
and other required files created during the last step (i.e. make)
are copied into the required final directories on your machine.
E.g. the executable that the user runs may be copied to the /usr/local/bin
so that all users are able to run the software. Similarly all
the other files are also copied to the standard directories in
Linux. Remember that when you ran make, all the executables were
created in the temporary directory where you had unzipped your
original tarball. So when you run make install, these executables
are copied to the final directories.
Thats
it !! Now the installation process must be clear to you. You surely
will feel more at home when you begin your next software installation.
Tuesday, December 30, 2008
Thursday, December 11, 2008
Layer-7 filter protocol
L7-filter is a packet classifier for Linux. Unlike most other classifiers, it doesn't just look at simple values such as port numbers. Instead, it does regular expression matching on the application layer data to determine what protocols are being used.
Since this classifier is much more processor and memory intensive than others, we recommend that you only use it if you have reason to believe that matching by port (or IP number, etc.) is insufficient for your purposes. L7-filter is right for you if you need:
* to match any protocol that uses unpredictable ports (e.g. P2P filesharing)
* to match traffic on non-standard ports (e.g. HTTP on port 1111)
* to distinguish between protocols which share a port (e.g. P2P filesharing that uses port 80)
Thursday, December 4, 2008
Regular Expression
In computing, regular expressions provide a concise and flexible means for identifying strings of text of interest, such as particular characters, words, or patterns of characters. Regular expressions (abbreviated as regex or regexp, with plural forms regexes, regexps, or regexen) are written in a formal language that can be interpreted by a regular expression processor, a program that either serves as a parser generator or examines text and identifies parts that match the provided specification.
The following examples illustrate a few specifications that could be expressed in a regular expression:
the sequence of characters "car" in any context, such as "car", "cartoon", or "bicarbonate"
the word "car" when it appears as an isolated word
the word "car" when preceded by the word "blue" or "red"
a dollar sign immediately followed by one or more digits, and then optionally a period and exactly two more digits
Regular expressions can be much more complex than these examples.
Regular expressions are used by many text editors, utilities, and programming languages to search and manipulate text based on patterns. For example, Perl, Ruby and Tcl have a powerful regular expression engine built directly into their syntax. Several utilities provided by Unix distributions—including the editor ed and the filter grep—were the first to popularize the concept of regular expression
A regular expression is a pattern describing a certain amount of text. Their name comes from the mathematical theory on which they are based.
Friday, November 28, 2008
Advanced stdin, stdout and redirection
You've probably heard of stdout (standard out) and stdin (standard in) before but may not know what they really mean. Basically, when you run a program in the shell like 'ls' or 'grep' the output that it produces is sent to stdout, which is your terminal window. stdin is basically the opposite, instead of getting data from a file, stdin is opened up to a pipe for input to the program. If you have ever put '| less' after a command to control the amount of output you get at once, you've used stdin. By using the pipe symbol (|) you are redirecting the stdout from a program like 'ls' to the stdin of 'less'.
[user@host ~]$ ls -l | less total 53 drwxr-xr-x 2 suso suso 1024 Dec 7 19:10 ./ drwxr-xr-x 3 suso suso 1024 Nov 27 06:32 ../ -rw------- 1 suso suso 12288 Dec 7 19:21 .ioredirect.phtml.swp -rw-r--r-- 1 suso suso 3763 Dec 6 03:44 bangcharacter.phtml -rw-r--r-- 1 suso suso 1574 Dec 7 03:29 electricfence-readme -rw-r--r-- 1 suso suso 127 Nov 27 06:56 footer.phtml -rw-r--r-- 1 suso suso 219 Dec 6 00:58 header.phtml -rw-r--r-- 1 suso suso 1496 Dec 7 03:51 index.phtml -rw-r--r-- 1 suso suso 3132 Dec 7 19:10 ioredirect.phtml -rw-r--r-- 1 suso suso 3132 Dec 7 02:49 jobcontrol.phtml -rw-r--r-- 1 suso suso 5231 Dec 6 03:33 movement.phtml -rw-r--r-- 1 suso suso 6842 Dec 7 19:09 regularexpressions.phtml -rw-r--r-- 1 suso suso 3132 Dec 7 02:55 regularexpressions.phtml~ -rw-r--r-- 1 suso suso 3680 Dec 5 20:00 shellvariables.phtml (END)
The output of ls is treated just like it was a file and you had typed less
Another way you can redirect stdout is by using the angle operators, <>. If you want to send stdout to a file you use '> filename'. If you want to send the contents of a file to the stdin of a program, you can do '<>
[user@host ~]$ ls -l > listoutput [user@host ~]$ cat listoutput total 53 drwxr-xr-x 2 suso suso 1024 Dec 7 19:10 ./ drwxr-xr-x 3 suso suso 1024 Nov 27 06:32 ../ -rw------- 1 suso suso 12288 Dec 7 19:21 .ioredirect.phtml.swp -rw-r--r-- 1 suso suso 3763 Dec 6 03:44 bangcharacter.phtml -rw-r--r-- 1 suso suso 1574 Dec 7 03:29 electricfence-readme -rw-r--r-- 1 suso suso 127 Nov 27 06:56 footer.phtml -rw-r--r-- 1 suso suso 219 Dec 6 00:58 header.phtml -rw-r--r-- 1 suso suso 1496 Dec 7 03:51 index.phtml -rw-r--r-- 1 suso suso 3132 Dec 7 19:10 ioredirect.phtml -rw-r--r-- 1 suso suso 3132 Dec 7 02:49 jobcontrol.phtml -rw-r--r-- 1 suso suso 5231 Dec 6 03:33 movement.phtml -rw-r--r-- 1 suso suso 6842 Dec 7 19:09 regularexpressions.phtml -rw-r--r-- 1 suso suso 3132 Dec 7 02:55 regularexpressions.phtml~ -rw-r--r-- 1 suso suso 3680 Dec 5 20:00 shellvariables.phtml [user@host ~]$
[root@host /usr/src/linux]# patch -p1 <>You can also append the output of a program to a file using double greater-than signs (>>).
[root@host ~]# tail /var/log/messages Dec 7 18:22:51 host ftpd[26820]: FTP session closed Dec 7 18:22:52 host ftpd[26821]: ACCESS DENIED (not in any class) TO dhcp-33.domain.net [xxx.xxx.xxx.xxx] Dec 7 18:22:52 host ftpd[26821]: FTP LOGIN REFUSED (access denied) FROM dhcp-33.domain.net [xxx.xxx.xxx.xxx], xxxxxxxx Dec 7 18:22:52 host ftpd[26821]: FTP session closed Dec 7 18:23:04 host ftpd[26825]: FTP LOGIN FROM dhcp-33.domain.net [xxx.xxx.xxx.xxx], xxxxxxxx Dec 7 18:23:06 host ftpd[26827]: FTP LOGIN FROM dhcp-33.domain.net [xxx.xxx.xxx.xxx], xxxxxxxx Dec 7 18:26:29 host ftpd[26827]: FTP session closed Dec 7 19:00:59 host PAM_pwdb[27479]: (su) session opened for user news by (uid=0) Dec 7 19:01:01 host PAM_pwdb[27479]: (su) session closed for user news Dec 7 19:59:48 host PAM_pwdb[28448]: (su) session opened for user root by suso(uid=500) [root@host /root]# echo "Dec 7 20:00:30 host messaged: Hi Mom." >> /var/log/messages [root@host /root]# tail /var/log/messages Dec 7 18:22:52 host ftpd[26821]: FTP session closed Dec 7 18:23:04 host ftpd[26825]: FTP LOGIN FROM dhcp-33.domain.net [xxx.xxx.xxx.xxx], xxxxxxxx Dec 7 18:23:06 host ftpd[26827]: FTP LOGIN FROM dhcp-33.domain.net [xxx.xxx.xxx.xxx], xxxxxxxx Dec 7 18:26:29 host ftpd[26827]: FTP session closed Dec 7 19:00:59 host PAM_pwdb[27479]: (su) session opened for user news by (uid=0) Dec 7 19:01:01 host PAM_pwdb[27479]: (su) session closed for user news Dec 7 19:59:48 host PAM_pwdb[28448]: (su) session opened for user root by suso(uid=500) Dec 7 20:01:00 host PAM_pwdb[28639]: (su) session opened for user news by (uid=0) Dec 7 20:01:01 host PAM_pwdb[28639]: (su) session closed for user news Dec 7 20:00:30 host messaged[]: Hi Mom. [root@host /root]#There is also stderr which with is like stdout, but is the erroneous output that comes out of a program. Sometimes you might be redirecting the output of a program and you will still see output in your terminal window, this is stderr output.
[root@host /root]# ls -l /var/log /var/log/httpd/access_og > logslist ls: /var/log/httpd/access_og: No such file or directory [root@host /root]#That line of output that says that the file access_og doesn't exist was sent by the ls program to stderr, which the > doesn't catch. If you want to catch the output of stderr you have to use the n> notation to express which output filehandle number you wish to use. In the case of stderr, that number is 2.
[root@host /root]# ls -l /var/log /var/log/httpd/access_og 2> logslist -rw------- 1 root root 1463915 Dec 7 20:22 cron -rw-r--r-- 1 root root 2574 Jan 30 2000 dmesg -rw-r--r-- 1 root root 0 May 6 1999 htmlaccess.log drwxr-xr-x 2 root root 17408 Dec 1 00:04 httpd/ -rw-r--r-- 1 root root 157972 Dec 7 15:10 lastlog -rw------- 1 root root 688206 Nov 30 23:40 maillog -rw------- 1 root root 365531 Dec 7 20:11 messages -rw-r--r-- 1 root root 0 Dec 1 00:04 netconf.log -rw------- 1 root root 561272 Dec 7 20:19 secure -rw-r--r-- 1 root root 162275 Dec 7 04:23 spinwebd -rw------- 1 root root 337 Dec 7 00:04 spooler -rw-rw-r-- 1 root utmp 92544 Dec 7 18:26 wtmp -rw------- 1 root root 0 Dec 1 00:04 xferlog [root@host /root]# cat logslist ls: /var/log/httpd/access_og: No such file or directory [root@host /root]#To get both the stdout and stderr to go to a file we use a combination of > and 2>&1, which means that we want to duplicate the output of file descriptor 1 and put it on file descriptor 2. So both stdout (1) and stderr(2) get sent to the file 'logslist'.
$
cat food2>&1>filecat: can't open food $cat foodfile2>&1 $
Although lots of sh manual pages don't mention this, the shell reads arguments from left to right.
On the first command line, the shell sees
2>&1first. That means "make the standard error (file descriptor 2) go to the same place as the standard output (fd1) is going." There's no effect because both fd2 and fd1 are already going to the terminal. Then>fileredirects fd1 (stdout) tofile. But fd2 (stderr) is still going to the terminal.On the second command line, the shell sees
>filefirst and redirects stdout tofile. Next2>&1sends fd2 (stderr) to the same place fd1 is going - that's to the file. And that's what you want.
Wednesday, November 26, 2008
Kill process in Linux or terminate a process in UNIX or Linux systems
Q. How do I kill process in Linux?
A. Linux and all other UNIX like oses comes with kill command. The command kill sends the specified signal (such as kill process) to the specified process or process group. If no signal is specified, the TERM signal is sent.
Kill process using kill command under Linux/UNIX
kill command works under both Linux and UNIX/BSD like operating systems.
Step #1: First, you need to find out process PID (process id)
Use ps command or pidof command to find out process ID (PID). Syntax: ps aux | grep processname pidof processname
For example if process name is lighttpd, you can use any one of the following command to obtain process ID:
# ps aux | grep lighttpdOutput:
lighttpd 3486 0.0 0.1 4248 1432 ? S Jul31 0:00 /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf lighttpd 3492 0.0 0.5 13752 3936 ? Ss Jul31 0:00 /usr/bin/php5-cg
OR use pidof command which is use to find the process ID of a running program:
# pidof lighttpdOutput:
3486
Step #2: kill process using PID (process id)
Above command tell you PID (3486) of lighttpd process. Now kill process using this PID:
# kill 3486
OR
# kill -9 3486
Where,
- -9 is special Kill signal, which will kill the process.
killall command examples
DO NOT USE killall command on UNIX system (Linux only command). You can also use killall command. The killall command kill processes by name (no need to find PID):
# killall -9 lighttpd
Kill Firefox process:
# killall -9 firefox-bin
As I said earlier killall on UNIX system does something else. It kills all process and not just specific process. Do not use killall on UNIX system (use kill -9).
Linux: How to Kill X windows halted, frozen or resource eating application
Q. How do I kill X windows (or application) that is not die from local or remote X sever?
A. You need to use xkill command. It kills a client by its X resource and not by process ID. For example, your application may not be responding kill request. Even if you try to kill you see application window.
xkill is a utility for forcing the X server to close connections to clients. This program is very dangerous, but is useful for aborting programs that have displayed undesired windows on a user's screen.
Just type command xkill
$ xkill
And click on application which you want to abort forcefully or select the window/application whose client you wish to kill with button 1.
Kill a Frozen or Crashed UNIX / Linux X Desktop
Here is a quick tip to kill a crashed Linux / UNIX X desktop system. Many new user do not know this simple tip and end up hitting computer reboot button. Press CTRL + ALT + Backspace to kill GUI and get back to login screen. There are more ways to kill a crashed desktop without restarting your computer. If CTRL + ALT + Backspace refused to work, try to login to console by pressing CTRL +ALT + F1.
To kill GDM (Gnome Desktop) manger, enter:
killall gdm
You can also run the following:
/etc/init.d/gdm stop
To start GDM again, enter:
/etc/init.d/gdm start
To kill KDM (KDE Desktop), enter:
killall kdm
OR
/etc/init.d/kdm stop
To start KDM again, enter:
/etc/init.d/kdm start
Saturday, November 22, 2008
Disabling Unwanted Services
The list below is old (perhaps from 2006) and may only apply to Fedora Core
4 and earlier distributions.
After the name of each daemon is my recommended state: on for started (enabled)
and off for stopped (disabled). My recommendation is based on the kinds of
services most people run (e.g. a graphical desktop machine in a
home/office setting, with broadband network).
The minimal set of daemons for a graphical desktop machine browsing
the web and reading email is: xfs, cron, network, and syslog.
You'll probably also want cups, haldaemon, iptables, and messagebus.
If you are running a graphical desktop (KDE or Gnome) you must have
xfs running. Is it a good idea to have cron and syslog running as
well. You'll need network running to have your network active (unless
you are using dial up).
As far as I know, your computer will "run" without any of these
daemons. The computer won't have a graphical desktop or network, but
it will be running. By the same token, nearly all of these can be
enabled with no problem.
I don't know of a GUI application to manage daemons. Use ntsysv or
chkconfig. You'll have to use a terminal window, and you must be
logged in as root.
chkconfig name
For example:
chkconfig acpid off
List available daemons:
chkconfig --list
/etc/rc.d/init.d/).
chargen - generates characters
chargen-udp - udp version of chargen
cups-lpd
daytime - gives out the current system time
daytime-udp - udp version of daytime
echo - echo characters back to the client
echo-udp - upb version of echo
ktalk - KDE version of the talk server
rsync
time - RFC 868 time server.
time-udp - udb version of time
------------------------------------------------------------------------------------------------------------------------
For each service listed, the Service Configuration utility will display a short description about the service you have highlighted in the upper-right pane, and the current status and process ID (PID) of the service, if it is running.
The services that you can safely disable will depend upon the role of your system. For example, if you are planning to run a web server, you will not want to disable the httpd service. The list below is a good starting place. These services can be disabled for the role we have chosen, that of a home workstation:
aep1000 - load and unload AEP1000/AEP2000 coprocessor driver.
bcm5820 - Hardware cryptographic accelerator support - BCM5820 Cryptonet driver.
chargen - An xinetd internal service which generates characters.
chargen-udp - This is the udp version.
daytime - An internal xinetd service which gets the current system time.
daytime-udp - This is the udp version.
echo - An xinetd internal service which echo's characters back to clients.
echo-udp - This is the udp version.
httpd - Apache is a World Wide Web server. It is used to serve HTML files and CGI.
irda - Infrared data link (for PDAs and such)
ktalk - KDE version of the talk server.
lisa - Provides information about hosts on your network.
mysqld - MySQL database server.
named - named (BIND) is a Domain Name Server (DNS) that is used to resolve host names to IP addresses.
netplugd - netplugd is a daemon for managing non-static network interfaces.
nfs - This service provides NFS server functionality.
nfslock - This service provides NFS file locking functionality.
nscd - This is a daemon which handles passwd and group lookups for running programs and cache the results for the next query.
ntpd - ntpd is the NTPv4 daemon.
pcmcia - PCMCIA support is usually to support things like ethernet and modems in laptops.
rsync - allows remote file synchronization
saslauthd - saslauthd is a server process which handles plaintext authentication requests on behalf of the cyrus-sasl library.
sendmail - Sendmail is a Mail Transport Agent.
services - An internal xinetd service, listing active services.
sgi_fam - FAM is a file monitoring daemon.
smartd - Self Monitoring and Reporting Technology (SMART) Daemon.
snmpd - Simple Network Management Protocol (SNMP) Daemon.
snmptrapd - Simple Network Management Protocol (SNMP) Trap Daemon.
squid - Squid - Internet Object Cache.
time - An RFC 868 time server.
time-udp - This is the udp version.
tux - The TUX threaded kernel-based http server.
vncserver - Starts and stops vncserver. used to provide remote X administration services.
winbind - Starts and stops the Samba winbind daemon.
ypbind - This is a daemon which runs on NIS/YP clients and binds them to a NIS domain.
yppasswdd - yppasswdd is the RPC server that lets users change their passwords in the presence of NIS (a.k.a. YP).
ypserv - ypserv is an implementation of the standard NIS/YP networking protocol.
ypxfrd - ypxfrd should be started in addition to ypserv to accelerate transferring yp maps.
yum - Enable daily run of yum, a program updater. (This will depend on your environment.)
![[Note]](http://web.archive.org/web/20050507061820/http://members.cox.net/tuxxer/stylesheet-images/note.png) | Note |
|---|---|
If you include yum in your list of services to disable here, then you will be disabling the automated updates you would have configured in earlier sections of this overview. Certain users may have specific reasons for not wanting to run automated updates every night. Most users will want to leave this enabled, if you are disabling it, you should know exactly why. | |
Once you have chosen the services that you want to disable for your application, you can do so by unchecking the check box next to the name of the service you are disabling. Once you have deselected all of the services you want to disable, be sure to click the Save button, so that your changes are committed. The process needs to be done for all 3 multi user runlevels (3, 4, 5). The GUI utility defaults to runlevel 5, so you will have to manually select runlevels 3 and 4 to enable/disable service there. You may also want to check runlevel 2, as there are certain services that may be considered "critical" that will be started at that runlevel.
![[Important]](http://web.archive.org/web/20050507061820/http://members.cox.net/tuxxer/stylesheet-images/important.png) | Important |
|---|---|
Be sure to stop the service you are disabling, if it is running. This will both prevent you from having to reboot your system, as well as give you an immediate indication that stopping that particular service will inhibit any functionality you expect from the system. | |
| Note: |
|---|---|
The following commands will need to be run as root. | |
There are a number of ways to tackle service control from the command line. One of the simplest is to use chkconfig. The following command will show you the all of the services that are enabled to run at runlevel 5:
sudo '/sbin/chkconfig --list | awk '/5:on/ { print $1 }' | sort' If you are running in command line only mode (runlevel 3), theoretically, you could disable all of these services. However, this could cause problems if you were to ever run in GUI mode. So, focus on the ones that I have listed above in the GUI section. Take this list of services, and put it into a series of commands that can be run either from the command line directly, or in a script. The easiest way will be to put the list of services in a file, however you could list all of the services individually in the for loop. This might be the better option if you were running it directly from the command line.
To put the list of services in a file, issue the command above, and redirect the output to a file:
sudo '/sbin/chkconfig --list | awk '/[35]:on/ { print $1 }' | sort >> serviceslist.txt' This will capture all of the services that are designated to start at either runlevel 3 or runlevel 5. Then, edit the serviceslist.txt file to only disable the services you want to disable. An example serviceslist.txt file might look like this:
acpid anacron apmd autofs cpuspeed crond cups cups-config-daemon gpm haldaemon httpd iptables irqbalance kudzu lm_sensors mDNSResponder messagebus microcode_ctl netfs network nfslock nifd portmap readahead readahead_early rhnsd rpcgssd rpcidmapd rpcsvcgssd smartd smb vncserver xfs xinetd
Once you've edited the serviceslist.txt file, put the following into a text file, and give it executable permissions:
for SERVICE in `cat serviceslist.txt` ;do
/sbin/chkconfig --level 35 ${SERVICE} off
done
Execute the script by issuing the following command:
./script.sh
This will disable the services you have selected for runlevels 3 and 5, which are the multi-user runlevels: level 3 for command line only, and level 5 for X, or GUI, mode.
Wednesday, November 19, 2008
The state machine of IpTables
The state machine is a special part within iptables that should really not be called the state machine at all, since it is really a connection tracking machine. However, most people recognize it under the first name. Throughout this chapter i will use this names more or less as if they where synonymous. This should not be overly confusing. Connection tracking is done to let the Netfilter framework know the state of a specific connection. Firewalls that implement this are generally called stateful firewalls. A stateful firewall is generally much more secure than non-stateful firewalls since it allows us to write much tighter rule-sets.
Within iptables, packets can be related to tracked connections in four different so called states. These are known as NEW, ESTABLISHED, RELATED and INVALID. We will discuss each of these in more depth later. With the --state match we can easily control who or what is allowed to initiate new sessions.
All of the connection tracking is done by special framework within the kernel called conntrack. conntrack may be loaded either as a module, or as an internal part of the kernel itself. Most of the time, we need and want more specific connection tracking than the default conntrack engine can maintain. Because of this, there are also more specific parts of conntrack that handles the TCP, UDP or ICMP protocols among others. These modules grabs specific, unique, information from the packets, so that they may keep track of each stream of data. The information that conntrack gathers is then used to tell conntrack in which state the stream is currently in. For example, UDP streams are, generally, uniquely identified by their destination IP address, source IP address, destination port and source port.
In previous kernels, we had the possibility to turn on and off defragmentation. However, since iptables and Netfilter were introduced and connection tracking in particular, this option was gotten rid of. The reason for this is that connection tracking can not work properly without defragmenting packets, and hence defragmenting has been incorporated into conntrack and is carried out automatically. It can not be turned off, except by turning off connection tracking. Defragmentation is always carried out if connection tracking is turned on. All connection tracking is handled in the PREROUTING chain, except locally generated packets which are handled in the OUTPUT chain. What this means is that iptables will do all recalculation of states and so on within the PREROUTING chain. If we send the initial packet in a stream, the state gets set to NEW within the OUTPUT chain, and when we receive a return packet, the state gets changed in the PREROUTING chain to ESTABLISHED, and so on. If the first packet is not originated by ourself, the NEW state is set within the PREROUTING chain of course. So, all state changes and calculations are done within the PREROUTING and OUTPUT chains of the nat table.The conntrack entries
Let's take a brief look at a conntrack entry and how to read them in /proc/net/ip_conntrack. This gives a list of all the current entries in your conntrack database. If you have the ip_conntrack module loaded, a cat of /proc/net/ip_conntrack might look like:
tcp 6 117 SYN_SENT src=192.168.1.6 dst=192.168.1.9 sport=32775 \
dport=22 [UNREPLIED] src=192.168.1.9 dst=192.168.1.6 sport=22 \
dport=32775 use=2
This example contains all the information that the conntrack module maintains to know which state a specific connection is in. First of all, we have a protocol, which in this case is tcp. Next, the same value in normal decimal coding. After this, we see how long this conntrack entry has to live. This value is set to 117 seconds right now and is decremented regularly until we see more traffic. This value is then reset to the default value for the specific state that it is in at that relevant point of time. Next comes the actual state that this entry is in at the present point of time. In the above mentioned case we are looking at a packet that is in the SYN_SENT state. The internal value of a connection is slightly different from the ones used externally with iptables. The value SYN_SENT tells us that we are looking at a connection that has only seen a TCP SYN packet in one direction. Next, we see the source IP address, destination IP address, source port and destination port. At this point we see a specific keyword that tells us that we have seen no return traffic for this connection. Lastly, we see what we expect of return packets. The information details the source IP address and destination IP address (which are both inverted, since the packet is to be directed back to us). The same thing goes for the source port and destination port of the connection. These are the values that should be of any interest to us.
The connection tracking entries may take on a series of different values, all specified in the conntrack headers available in linux/include/netfilter-ipv4/ip_conntrack*.h files. These values are dependent on which sub-protocol of IP we use. TCP, UDP or ICMP protocols take specific default values as specified in linux/include/netfilter-ipv4/ip_conntrack.h. We will look closer at this when we look at each of the protocols; however, we will not use them extensively through this chapter, since they are not used outside of the conntrack internals. Also, depending on how this state changes, the default value of the time until the connection is destroyed will also change.
Note:
Recently there was a new patch made available in iptables patch-o-matic, called tcp-window-tracking. This patch adds, among other things, all of the above timeouts to special sysctl variables, which means that they can be changed on the fly, while the system is still running. Hence, this makes it unnecessary to recompile the kernel every time you want to change the timeouts.
These can be altered via using specific system calls available in the /proc/sys/net/ipv4/netfilter directory. You should in particular look at the /proc/sys/net/ipv4/netfilter/ip_ct_* variables.
When a connection has seen traffic in both directions, the conntrack entry will erase the [UNREPLIED] flag, and then reset it. The entry tells us that the connection has not seen any traffic in both directions, will be replaced by the [ASSURED] flag, to be found close to the end of the entry. The [ASSURED] flag tells us that this connection is assured and that it will not be erased if we reach the maximum possible tracked connections. Thus, connections marked as [ASSURED] will not be erased, contrary to the non assured connections (those not marked as [ASSURED]). How many connections that the connection tracking table can hold depends upon a variable that can be set through the ip-sysctl functions in recent kernels. The default value held by this entry varies heavily depending on how much memory you have. On 128 MB of RAM you will get 8192 possible entries, and at 256 MB of RAM, you will get 16376 entries. You can read and set your settings through the /proc/sys/net/ipv4/ip_conntrack_max setting.
Saturday, November 15, 2008
UNIX System Log (syslog)
Many versions of UNIX provide a general-purpose logging facility called syslog, originally developed at the University of California at Berkeley for the Berkeley sendmail program. Since then, syslog has been ported to several System V-based systems, and is now widely available. The uses of syslog have similarly been expanded.
Overview of Syslog
syslog is a host-configurable, uniform system logging facility. The system uses a centralized system logging process that runs the program /etc/syslogd or /etc/syslog. Individual programs that need to have information logged send the information to syslog. The messages can then be logged to various files, devices, or computers, depending on the sender of the message and its severity.
Any program can generate a syslog log message. Each message consists of four parts:
Program name
Facility
Priority
Log message itself
For example, the message:
login: Root LOGIN REFUSED on ttya
is a log message generated by the login program. It means that somebody tried to log into an unsecure terminal as root. The messages's facility (authorization) and error level (critical error) are not shown.
The syslog facilities are summarized in Table 1, Not all facilities are present on all versions of UNIX.
Name | Facility |
|---|---|
kern | Kernel |
user | Regular user processes |
Mail system | |
lpr | Line printer system |
auth | Authorization system, or programs that ask for user names and passwords (login, su, getty, ftpd, etc.) |
daemon | Other system daemons |
news | News subsystem |
uucp | UUCP subsystem |
local0... local7 | Reserved for site-specific use |
mark | A timestamp facility that sends out a message every 20 minutes |
The syslog priorities are summarized in Table 2
Priority | Meaning |
|---|---|
emerg | Emergency condition, such as an imminent system crash, usually broadcast to all users |
alert | Condition that should be corrected immediately, such as a corrupted system database |
crit | Critical condition, such as a hardware error |
err | Ordinary error |
warning | Warning |
notice | Condition that is not an error, but possibly should be handled in a special way |
info | Informational message |
debug | Messages that are used when debugging programs |
none | Do not send messages from the indicated facility to the selected file. For example, specifying *.debug;mail.none sends all messages except mail messages to the selected file. |
When syslogd starts up, it reads its configuration file, usually /etc/syslog.conf, to determine what kinds of events it should log and where they should be logged. syslogd then listens for log messages from three sources, shown in below Table 3
Source | Meaning |
|---|---|
/dev/klog | Special device, used to read messages generated by the kernel |
/dev/log | UNIX domain socket, used to read messages generated by processes running on the local machine |
UDP port 514 | Internet domain socket, used to read messages generated over the local area network from other machines |
System administrators have to deal with lots of different kinds of messages from a plethora of subsystems within each system, and usually lots of systems as well. For example, an FTP server might report every connection it gets. The kernel might report hardware failures on a disk drive. A DNS server might report usage statistics at regular intervals.
Some of these messages need to be brought to a system administrator's attention immediately. And it may not be just any system administrator – there may be a particular system administrator who deals with a particular kind of message. Other messages just need to be recorded for future reference if there is a problem. Still others may need to have information extracted from them by an automated process that generates monthly reports.
To deal with these messages, most Unix systems have a facility called "Syslog." It is generally based on a daemon called “Syslogd” Syslogd listens for messages on a Unix domain socket named /dev/log. Based on classification information in the messages and its configuration file (usually /etc/syslog.conf), Syslogd routes them in various ways. Some of the popular routings are:
- Write to the system console
- Mail to a specific user
- Write to a log file
- Pass to another daemon
- Discard
Syslogd can also handle messages from other systems. It listens on the syslog UDP port as well as the local socket for messages.
Syslog can handle messages from the kernel itself. But the kernel doesn't write to /dev/log; rather, another daemon (sometimes called “Klogd”) extracts messages from the kernel and passes them on to Syslog as any other process would (and it properly identifies them as messages from the kernel).
Syslog can even handle messages that the kernel issued before Syslogd or Klogd was running. A Linux kernel, for example, stores startup messages in a kernel message ring and they are normally still there when Klogd later starts up. Assuming Syslogd is running by the time Klogd starts, Klogd then passes everything in the message ring to it.
In order to classify messages for disposition, Syslog requires any process that submits a message to it to provide two pieces of classification information with it:
- facility
- This identifies who submitted the message. There are a small number of facilities defined. The kernel, the mail subsystem, and an FTP server are examples of recognized facilities. For the complete list, See syslog; vsyslog. Keep in mind that these are essentially arbitrary classifications. "Mail subsystem" doesn't have any more meaning than the system administrator gives to it.
- priority
- This tells how important the content of the message is. Examples of defined priority values are: debug, informational, warning, critical. For the complete list, See syslog; vsyslog. Except for the fact that the priorities have a defined order, the meaning of each of these priorities is entirely determined by the system administrator.
A “facility/priority” is a number that indicates both the facility and the priority.
Warning: This terminology is not universal. Some people use “level” to refer to the priority and “priority” to refer to the combination of facility and priority. A Linux kernel has a concept of a message “level,” which corresponds both to a Syslog priority and to a Syslog facility/priority (It can be both because the facility code for the kernel is zero, and that makes priority and facility/priority the same value).
Logging everything everywhere
Disks are cheap these days. Sites with sufficient resources and adequately trained personnel sometimes choose to log everything that might possibly be useful, and log it in many different places. For example, clients can create their own log files of syslog events, and also send all logging messages to several different logging hosts - possibly on different networks.
The advantage of logging in multiple places is that it makes an attacker's attempts at erasing any evidence of his presence much more difficult. On the other hand, multiple log files will not do you any good if they are never examined. Furthermore, if they are never pruned, they may grow so large that they will shut down your computers.
Syslog Messages
The following tables[11] summarize some typical messages available on various versions of UNIX.:
[11] A similar list is not available for System V UNIX, because syslog is part of the Berkeley UNIX offering. Companies that sell syslog with their System V offerings may or may not have modified the additional programs in their operating systems to allow them to use the syslog logging facility.
Program | Message | Meaning |
|---|---|---|
halt | halted by | |
login | ROOT LOGIN REFUSED ON | root tried to log onto a terminal that is not secure. |
login | REPEATED LOGIN FAILURES ON | Somebody tried to log in as |
reboot | rebooted by | |
su | BAD SU | Somebody tried to su to the superuser and did not supply the correct password. |
shutdown | reboot, halt, or shutdown by |
Other critical conditions that might be present might include messages about full filesystems, device failures, or network problems.
Program | Message | Meaning |
|---|---|---|
date | date set by | |
login | ROOT LOGIN | |
root logged in. | ||
su | ||
getty | /bin/getty was unable to open |
NOTE: For security reasons, some information should never be logged. For example, although you should log failed password attempts, you should not log the password that was used in the failed attempt. Users frequently mistype their own passwords, and logging these mistyped passwords would help a computer cracker break into a user's account. Some system administrators believe that the account name should also not be logged on failed login attempts - especially when the account typed by the user is nonexistent. The reason is that users occasionally type their passwords when they are prompted for their usernames. If invalid accounts are logged, then it might be possible for an attacker to use those logs to infer people's passwords.
You may want to insert syslog calls into your own programs to record information of importance. Third-party software also often has a capability to send log messages into the syslog if configured correctly. For example, Xyplex terminal servers and Cisco routers both can log information to a network syslog daemon; Usenet news and POP mail servers also log information.
If you are writing shell scripts, you can also log to syslog. Usually, systems with syslog come with the logger command. To log a warning message about a user trying to execute a shell file with invalid parameters, you might include:
logger -t ThisProg -p user.notice "Called without required # of parameters"
NOTE: Prior to 1995, many versions of the syslog library call did not properly check their inputs to be certain that the data would fit into the function's internal buffers. Thus, many programs could be coerced to accept input to write arbitrary data over their stacks, leading to potential compromise. Be certain that you are running software using a version of syslog that does not have this vulnerability.
Beware false log entries
The UNIX syslog facility allows any user to create log entries. This capability opens up the possibility for false data to be entered into your logs. An interesting story of such logging was given to us by Alec Muffet:
A friend of mine - a UNIX sysadmin - enrolled as a mature student at a local polytechnic in order to secure the degree which had been eluding him for the past four years.
One of the other students on his Computer Science course was an obnoxious geek user who was shoulder surfing people and generally making a nuisance of himself, and so my friend determined to take revenge.
The site was running an early version of Ultrix on an 11/750, but the local operations staff were somewhat paranoid about security, had removed world execute from "su" and left it group-execute to those in the wheel group, or similar; in short, only the sysadmin staff should have execute access for su.
Hence, the operations staff were somewhat worried to see messages with the following scrolling up the console:
BAD SU: geekuser ON ttyp4 AT 11:05:20 BAD SU: geekuser ON ttyp4 AT 11:05:24 BAD SU: geekuser ON ttyp4 AT 11:05:29 BAD SU: geekuser ON ttyp4 AT 11:05:36 ...
When the console eventually displayed:
SU: geekuser ON ttyp4 AT 11:06:10
all hell broke loose: the operations staff panicked at the thought of an undergrad running around the system as root and pulled the plug (!) on the machine. The system administrator came into the terminal room, grabbed the geekuser, took him away and shouted at him for half an hour, asking (a) why was he hacking, (b) how was he managing to execute su and (c) how he had guessed the root password?
Nobody had noticed my friend in the corner of the room, quietly running a script which periodically issued the following command, redirected into /dev/console, which was world-writable:
echo BAD SU: geekuser ON ttyp4 AT `date`
The moral of course is that you shouldn't panic, and that you should treat your audit trail with suspicion.
Wednesday, November 12, 2008
Proxy ARP
Introduction
This document explains the concept of proxy Address Resolution Protocol (ARP). Proxy ARP is the technique in which one host, usually a router, answers ARP requests intended for another machine. By "faking" its identity, the router accepts responsibility for routing packets to the "real" destination. Proxy ARP can help machines on a subnet reach remote subnets without the need to configure routing or a default gateway. Proxy ARP is defined in RFC 1027 leavingcisco.com.
The Host A (172.16.10.100) on Subnet A needs to send packets to Host D (172.16.20.200) on Subnet B. As shown in the diagram, Host A has a /16 subnet mask. What this means is that Host A believes that it is directly connected to all of network 172.16.0.0. When Host A needs to communicate with any devices it believes are directly connected, it sends an ARP request to the destination. Therefore, when Host A needs to send a packet to Host D, Host A believes that Host D is directly connected, so it sends an ARP request to Host D.
Therefore, Host A broadcasts an ARP request on Subnet A, as shown:
The Host A (172.16.10.100) on Subnet A needs to send packets to Host D (172.16.20.200) on Subnet B. As shown in the diagram, Host A has a /16 subnet mask. What this means is that Host A believes that it is directly connected to all of network 172.16.0.0. When Host A needs to communicate with any devices it believes are directly connected, it sends an ARP request to the destination. Therefore, when Host A needs to send a packet to Host D, Host A believes that Host D is directly connected, so it sends an ARP request to Host D.
Therefore, Host A broadcasts an ARP request on Subnet A, as shown:
|
Sender's MAC Address |
Sender's IP Address |
Target MAC Address |
Target IP Address |
|---|---|---|---|
|
00-00-0c-94-36-aa |
172.16.10.100 |
00-00-00-00-00-00 |
172.16.20.200 |
In this ARP request, Host A (172.16.10.100) requests that Host D (172.16.20.200) send its MAC address. The ARP request packet is then encapsulated in an Ethernet frame with the MAC address of Host A as the source address and a broadcast (FFFF.FFFF.FFFF) as the destination address. Since the ARP request is a broadcast, it reaches all the nodes in the Subnet A, which includes the e0 interface of the router, but does not reach Host D. The broadcast does not reach Host D because routers, by default, do not forward broadcasts. Since the router knows that the target address (172.16.20.200) is on another subnet and can reach Host D, it replies with its own MAC address to Host A.
| Sender's MAC Address | Sender's IP Address | Target MAC Address | Target IP Address |
|---|---|---|---|
| 00-00-0c-94-36-ab | 172.16.20.200 | 00-00-0c-94-36-aa | 172.16.10.100 |
This is the Proxy ARP reply that the router sends to Host A. The proxy ARP reply packet is encapsulated in an Ethernet frame with MAC address of the router as the source address and the MAC address of Host A as the destination address. The ARP replies are always unicast to the original requester.
Upon receit of this ARP reply, Host A updates its ARP table, as shown:|
IP Address |
MAC Address |
|---|---|
|
172.16.20.200 |
00-00-0c-94-36-ab |
From now on, Host A forwards all the packets that it wants to reach 172.16.20.200 (Host D) to the MAC address 00-00-0c-94-36-ab (router). Since the router knows how to reach Host D, the router forwards the packet to Host D. The ARP cache on the hosts in Subnet A is populated with the MAC address of the router for all the hosts on Subnet B. Hence, all packets destined to Subnet B are sent to the router. The router forwards those packets to the hosts in Subnet B.
The ARP cache of Host A is shown in this table:|
IP Address |
MAC Address |
|---|---|
|
172.16.20.200 |
00-00-0c-94-36-ab |
|
172.16.20.100 |
00-00-0c-94-36-ab |
|
172.16.10.99 |
00-00-0c-94-36-ab |
|
172.16.10.200 |
00-00-0c-94-36-bb |
Note: Multiple IP addresses are mapped to a single MAC address, the MAC address of this router, which indicates that proxy ARP is in use.
Note: When Host B (172.16.10.200/24) on Subnet A tries to send packets to destination Host D (172.16.20.200) on Subnet B, it looks into its IP routing table and routes the packet accordingly. Host B (172.16.10.200/24) does not ARP for Host D IP address 172.16.20.200 because it belongs to a different subnet than what is configured on Host B ethernet interface 172.16.20.200/24.
Advantages of Proxy ARP
The main advantage of proxy ARP is that it can be added to a singlerouter on a network and does not disturb the routing tables of the other routers on the network.
Proxy ARP must be used on the network where IP hosts are not configuredwith a default gateway or do not have any routing intelligence.
Disadvantages of Proxy ARP
Hosts have no idea of the physical details of their network and assumeit to be a flat network in which they can reach any destination simply by sending an ARP request. But using ARP for everything has disadvantages. These are some of the disadvantages:
- It increases the amount of ARP traffic on your segment.
- Hosts need larger ARP tables in order to handle IP-to-MAC address mappings.
- Security can be undermined. A machine can claim to be another in order to intercept packets, an act called "spoofing."
- It does not work for networks that do not use ARP for address resolution.
- It does not generalize to all network topologies. For example, more than one router that connects two physical networks.
Wednesday, November 5, 2008
Redirectoin in LINUX ,>,>>
What is Redirection and How Does it Work?
Redirecting the Input or Output of Linux CommandsAnother useful bash feature is its ability to redirect the input and output of Linux commands. You can save the results of a command in a file instead of displaying the results on the screen, or you can feed data from a file to a program instead of entering data from the keyboard.Let's look at redirection first. Imagine a fictitious command called nocats that prompts the user for a number and then waits for that many lines of text to be entered before processing them. (The program looks at each input line and pr ints only the ones that do not contain the word cat.)
You could feed the program by entering the data from the console (bold text is your typed input, normal text is console output):
$ nocats 3 Dogs are much better than those other household animals. A cat would never beg for jerky treats. Dogs are pretty stupid, but at least they stick around. Dogs are much better than those other household animals. Dogs are pretty stupid, but at least they stick around.
Or using a text editor, you could put all the input data in a file called stuff and feed the nocats program like this:
% nocats Dogs are much better than those other household animals. Dogs are pretty stupid, but at least they stick around.
The less-than (<) symbol causes the program to get input from the stuff file instead of waiting for keyboard input. The greater-than (>) symbol, on the other hand, redirects output to a file instead of to the console. Thus, the co mmand
% nocats <> bother
will cause the nocats program to read its input from one file (stuff) and write it to another (bother), without the keyboard or console entering the picture. Note that the nocats progra m doesn't know or care about all this redirection. It still thinks it is reading data from the keyboard and writing to the console--but the shell has temporarily reassigned the input and output to files instead of physical devices.
To append to an existing file instead of creating a new one, use two greater-than symbols (>>), as in this example:
zippity > somefile doodah >> somefile
The zippity command runs first, and the output is placed in a new file called somefile. Then doodah runs, and its output is added (appended) to the somefile file.
Note: It's important to remember that piping with a single > symbol will wipe out existing data if the output file already exists.
How Do I Use the Linux Command Prompt?
Linux Commands
When you enter a command in Linux, you type a command at a prompt and then press enter. Commands can be more than one word--some require switches (which modify the command's behavior ) and/or file names (which tell the command what data to act on). Let's dissect the command shown here:$ ls -l sample.doc
Linux Commands Are Case Sensitive
One of the most important things to remember about entering commands in any Unix environment is that case matters. In DOS, you can type DIR or dir or even DiR and get the same result, but not in Linux. Linux will be quite put out if you type LS instead of ls to list your files. With file names, you have to be even more careful, since nearly identical files (save for capitalization) can exist in the same directory, though they may have completely different contents--Cookie_Recipe and cookie_recipe would appear as distinctly different files to Linux, though they may look pretty much the same to you except for the capital letters.
The best rule to follow is this: Almost everything in Linux is lowercase, so avoid capital letters when naming your files.
Command Prompts Can Vary
When the Linux shell is ready for a command, you see a command prompt. Just as in DOS, Linux's command prompts vary. For example, when you log in as root, your default command prompt is the pound (#) sign, but if you log-in as a regula r user (like hermie), the prompt changes to a dollar sign ($).
Bash uses the different prompts to clue you in to your user privileges. Pay attention to the prompts so you don't inadvertently wipe out important files while logged in to the root account with superuser privileges, for example.
It's especially important to mind the prompts if you use the su (switch user) command, which allows you to act temporarily as the root user while you're logged in as a regular user. Watch how the prompt changes in the following example. (User input is in boldface.)
$ who am i hermie $ su - root Enter password for root: xxxxxxx # who am i root # exit $ who am i hermie
In this example, entering the command who am i tells you who the system thinks you are--hermie. Then the su - root command switches you to the root user (note the prompt change to the pound sign). The <>exit command exits the root user account and brings you back to hermie; the prompt changes back to a dollar sign. (See "Important Linux Commands" for more information on the su comma nd.)
This example used the prompt and the who am i command to show the logged-in user, but customizing your prompt is a better way to keep track of where you are.
For example, the command
PS1="\u \$ "
changes the prompt so that it displays the user name (\u), followed by the dollar sign (or pound sign, if you're a superuser). You can use other characters to insert the current time, date, or working directory (\t,
PS1="\t \$ " yields 09:15:24 $.
PS1="\u (\d) \$ " yields hermie (Wed Nov 4) $.
PS1="\u (\w) \$ " yields hermie (/home/hermie) $.
All you're actually doing here is setting the variable PS1 (prompt string number 1) to a special string of characters. The bash shell interprets the value of the PS1 variable each time it's ready to build the prompt string.
In the "Environment Variables" section, you'll learn more about special variables such as PS1 and how to set them automatically each time you log in.
LINUX INTRODUCTION
I know i should have this long time back, now i am posting this as i think this is intro about LiNUX is quite Good....
Can Linux Replace Windows?
Until recently, running Unix meant investing in a powerful workstation that cost megabucks. Linux changes all that, because it's a complete version of the Unix operating system (software that controls the basic functions of the personal computer) that runs on ordinary personal computers. The added fact that it's freely available and "open source" makes it all the more attractive.Linux is perfect for people who want to operate their own low-cost Internet servers, and it's robust enough to satisfy the needs of many Internet service providers. Linux is a multiuser and multitasking environment, and it can access huge amounts of me mory (gigabytes) and huge amounts of disk storage space (terabytes). Linux offers virtually everything that Windows has been promising for years and may not deliver in a truly stable form for some time to come.Don't make the mistake of assuming that Linux is some kind of watered-down or underpowered Unix for the masses. Linux is Unix. POSIX certification (compliance with the industry standards for Unix) makes it official that Linux can do everything that a Unix system is supposed to do. The only difference is that Linux works on a personal computer, whereas other versions of Unix run on larger workstations or mainframes.
Linux is also being taken very seriously by the computer industry, with new Linux-compatible versions of popular software packages being announced every month. The Apache Web server software running on Linux platforms powers about half of all Web sites today. Even more telling, Microsoft considers Linux a major threat to its Windows empire.
What Is Linux?
In the early 90s, a geek named Linus Torvalds at the University of Helsinki in Finland thought it would be fun to write a Unix kernel from scratch. He called it Linux, and it was cool but pretty much useless without all the utility programs needed to make it a complete operating system. At the same time, Richard Stallman and his pals at the Free Software Foundation were writing a bunch of freeware Unix utilities collectively known as the GNU Project. It was cool but pretty much useless without a kernel to make it a complete operating system. Fortunately, the two parties decided to collaborate.News of Linux spread quickly over the Internet, and many other Unix programmers joined the effort to enhance it. What we now know as Linux is a combination of Torvald's Linux kernel, the GNU Project software, and some other nifty software bit and pieces developed by programmers from all around the world.
Today Linux is a complete and reliable implementation of the Unix operating system, with the following notable features:
- 32-bit operation (it uses all the speed and power of your CPU, unlike 16-bit DOS systems)
- Virtual memory (it can use all of your system's RAM; there's no 640K memory limit)
- Full support for X Windows (Unix's standard graphical user interface)
- TCP/IP networking support (allowing connection to the Internet)
- GNU software support (including a huge amount of free Unix software from the GNU Project)
Note: GNU is one of those recursive acronyms that computer scientists love; it stands for GNU's Not Unix. The GNU Project is an effort sponsored by the Free Software Foundation to provide freely available Unix software. See http://www.gnu.org for related information.
Linux was written totally from scratch without using any of the original AT&T UNIX code. (Throughout this site, UNIX refers to the original trademarked UNIX project invented by AT&T. The term Unix is used here as a generic term for other variants of the operating system.)
Because of that (and because the author is a nice guy), Linux is free. You can obtain the source code, modify, sell or give away the software so long as you provide full source code and don't impose any restrictions on what others do with it.
Subscribe to:
Posts (Atom)
