|Ruben Safir Secretary NYLXS
|Subject: [hangout] [MLUG] November 13, 2004 Meeting Notes
Are we supposed to have an inservice on cups in the near future?
MLUG Meeting -May 8, 2004 -1240 to 1500
The meeting was held in Room B079 of WCTC, with 17 persons in
NEWBIE SESSION - CONFIG FILES
Whil Hentzen first showed us /home/myname/.bashrc and then /boot/grub/
menu.lst where you can change your grub screen providing options for
the operating systems you can load. An excellent source of
information on grub is:
He then displayed a number of config files that he often edits,
explaining what the various lines mean, among which:
As always, there was lots of participation from the audience, and much
appreciation for Whil's ongoing classes.
MAIN PRESENTATION - SECURITY
Roger Jenson gave a slide show using OpenOffice.org's Impress, and it
was indeed an impressive presentation! Among the many points
Installations are usually secure - the big job is to STAY secure, and
this requires attention to vulnerability within operating systems,
applications, and informational resources.
Strong passwords are essential for security - they should be more than
six characters and a mix of upper/lower case and alpha and numeric
Check your vendor's website and/or mail list for specific
recommendations. Roger does not recommend enabling automatic
software updates. Look over the updates and patches that are being
offered and choose what you need. He showed how SUSE's "YOU" (YAST
Online Update) works. Other distros like Mandrake and Fedora also
have good update programs.
Connecting to networks is the major risk for vulnerability and
requires the highest level of safeguards.
Roger then showed a number of useful websites:
http://www.sans.org - The SANS Institute
http://www.secunia.com - this is not the one giving the first alerts,
but has the best archives, and the homepage gives a good summary of
the most recent advisories and their severity.
http://www.securityfocus.com - this has high volume email lists, where
you can get some of the earliest hints on potential problems. The
Bugtraq button gives a list of the latest alerts. The homepage gives
a summary of timely articles.
http://www.osvdb.org - the Open Source Vulnerability Database
http://alerts.symantec.com - Members only. This is very comprehensive
and also very expensive. Being a member, Roger showed the various
services available here. You can search by operating systems,
applications, severity levels, etc. There are excellent graphic
charts, and for each cybervillain there are details on history,
mitigating strategies, solutions such as patches provided, etc.
Roger's presentation was really interesting and useful for everyone.
M.A. Panevska, Secretary
mlug-list mailing list
Brooklyn Linux Solutions
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.mrbrklyn.com - Consulting
http://www.inns.net <-- Happy Clients
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive or stories and articles from around the net
http://www2.mrbrklyn.com/downtown.html - See the New Downtown Brooklyn....
NYLXS: New Yorker Free Software Users Scene
Fair Use -
because it's either fair use or useless....
NYLXS is a trademark of NYLXS, Inc