jusupov.com

Hewlett-Packard and Redhat comes together to launch Desktop PC with Redhat Linux OS. Action takes place in Australia, HP’s dx2250 model PC was chosen as a hardware with AMD Athlon 64 X2 / Athlon 64/ Sempron CPUs. The price is around AUD$600 which is ~USD$490, since I live and work in Malaysia that’s ~RM 1,600! However, I’m not sure if it includes the monitor or not.

I couldn’t find much information regarding this but this is a great news. Not only Dell is shipping Linux preloaded but HP also has stepped in. Not long ago Lenovo also confirmed shipment of Thinkpads loaded with Suse Linux Enterprise Desktops.

My two cents: I am really happy to say vendors adopting choices and going for Linux. I think Linux has proven itself on the server side and now time for the desktops!

Linus Torvalds 16 year ago, 25th August 1991, emailed developers around the world announcing his new operating system(OS). At that time he never realized that it’s going to be a history. Who would know that Linux will eventually become so popular that most of the top companies are considering it very seriously and it’s now enterprise level operating system. A system to which they can rely their mission critical business operations.

Anyways, here I quote his email:

Hello everybody out there using minix -
I’m doing a (free) operating system (just a hobby, won’t be big and
professional like gnu) for 386(486) AT clones. This has been brewing
since april, and is starting to get ready. I’d like any feedback on
things people like/dislike in minix, as my OS resembles it somewhat
(same physical layout of the file-system (due to practical reasons)
among other things).
I’ve currently ported bash(1.08) and gcc(1.40), and things seem to work.
This implies that I’ll get something practical within a few months, and
I’d like to know what features most people would want. Any suggestions
are welcome, but I won’t promise I’ll implement them
Linus (torva…@kruuna.helsinki.fi)
PS. Yes – it’s free of any minix code, and it has a multi-threaded fs.
It is NOT protable (uses 386 task switching etc), and it probably never
will support anything other than AT-harddisks, as that’s all I have .

I’ve mentioned a few tips previously here and now I’ve found another great tool that helps you to stay even more secure in Windows XP. Introducing DropMyRights little usefull software written by Michael Howard who is specialist in security, working in the Secure Engineering group at Microsoft.

Before I begin with DropMyRights, let’s take a look at how Windows XP operates and how it can be vulnerable.

First off when you do a Windows XP install, somewhere at the end of the installation it will ask you to enter usernames to be used on that computer. You need to enter at least one username there otherwise it won’t let you pass to the next step. Well, did you know that Windows assigns Administrator rights to that users that you created?

What does that mean?

That means that these users can do a lot of System related tasks which usually allowed only to Administrator. I understand that if you are not a member of Administrator groups you will have a lot of restrictions and sometimes it’s just easy to add yourself into that group. However, this comes with a lot of responsibility. While you are surfing with Administrator rights you can easily get malware (malicious software) , viruses infect your system easier and also critical Windows system files can be at risk of modifying or even deletion.

What’s DropMyRights in this?

DropMyRights allows you to run applications with restricted rights (i.e. non-Administrator rights). This applies even if you are logged in as Administrator or if you are a member of Administrators group.

Why bother? I have AntiVirus softwares installed!

Sometimes, you are behind of patches and upgrades. Sometimes patches come only after you are infected.

How to install and use?

1. Download the application here and install it. The application will be installed in C:\Documents and Settings\%Username%\My Documents\MSDN\DropMyRights.
2. I’d like to copy the DropMyRights.exe file to somewhere else, for example C:\Downloads\DropMyRights.exe.
3. Now I can setup shortcut and type in the location of the item C:\Downloads\DropMyRights.exe “C:\Program Files\Internet Explorer\IEXPLORE.EXE” , then I give a proper name for the shortcut, let’s name it IE – Non-Admin.
4. It will create a shortcut with a default exe icon, you might want to change icon to IE icon or the application you are trying to run with DropMyRights.

Notes:

According to SANS Top-20 Internet Security Attack Targets (2006 Annual Update), Internet Explorer, Windows Libraries and MS Office are the most vulnerable.

Other alternatives:

• Alternative for Microsoft Windows XP – is Ubuntu Linux
• Alternative for Internet Explorer is – is Mozilla Firefox, very much popular these days
• Alternative for Microsoft Outlook (Express) is – Mozilla Thunderbird

Here’s a little shell hack we did with synack last week. Basically instead of logrotate for apache we wrote this shell script which gives us more control over the logs. If you look into the codes you will see that it grabs all the apache log files, zips them, clear the logs, move the zipped file into different directory and if needed ftp/ssh file into different server. At the end, it restarts apache to enable new logs.

So enjoy!

[php]
#!/bin/sh
# log-apache.sh
#
# Copyright 2007 Arstan Jusupov
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

# Exporting paths
PATH=$PATH:/usr/local/sbin:/sbin:/usr/sbin

# Assign variables
LOGS_FILE_ZIP=`date +%Y%m%d`_logs.zip
LOGS_DIR=/var/log/httpd
LOGS_BACKUPS_DIR=/var/logs_backups
FTP_BACKUPS_DIR=/path/to/backup/`date +%Y%m`
APACHECTL=`which apachectl` # or hard-code full path

FTP_USER=”backup”
FTP_PASSWD=”backup”
FTP_SERVER=”192.168.x.x”

# Check if we can access $LOGS_DIR
if [ ! -d $LOGS_DIR ]; then
echo $LOGS_DIR does not exists or cannot be accessed.
break
fi

# Check if $LOGS_BACKUPS_DIR exists, if not create.
if [ ! -d $LOGS_BACKUPS_DIR ]; then
mkdir -p $LOGS_BACKUPS_DIR
fi

# Rotate the log files
for X in `ls $LOGS_DIR | grep log`; do
mv $LOGS_DIR/$X $LOGS_DIR/$(date +%Y%m%d)_$X
done

# Archive log files
zip $LOGS_BACKUPS_DIR/$LOGS_FILE_ZIP $LOGS_DIR/$(date +%Y%m%d)*

# Verification for successful zipping and removal of old log files.
if [ $? = 0 ]; then
rm $LOGS_DIR/$(date +%Y%m%d)*
fi

# Re-create the log files
for X in access_log error_log ssl_error_log ssl_request_log modsec_audit_log modsec_debug_log; do
touch $LOGS_DIR/$X
done

# Finally, restarting apache or if you want $APACHECTL graceful
$APACHECTL restart

# Off-system transfer of the log files
# Change local dir
cd $LOGS_BACKUPS_DIR

ftp -n $FTP_SERVER <
user $FTP_USER $FTP_PASSWD
binary

# create the remote backup dir in %Y%m format, if exists wont hurt
# I dont know how to do: if [ -d $DIR ]; then
mkdir $FTP_BACKUPS_DIR

cd $FTP_BACKUPS_DIR
put $LOGS_FILE_ZIP

bye
End-Of-Session
echo Done
exit 0
[/php]

Did you know that Darren and John, two big pro bloggers introduced new designs for their blogs? Both of them hired/paid for web designers to design themes for them.

I’m not a designer, but I tried to do something out of Silhouette theme originally designed by Brian Gardner. I liked Silhouette for its plain and web2.0 look design(not so much!). Also it was very easy to customize.

Hats off to Nurba for sending me the link!

For those who are new here is old theme screen shot. Compare it with the new one and leave your comments!