KLUG Meeting Minutes and Agenda (#37) The 37th meeting of the Kingston Linux User Group was held Wed, Nov 7, 2001 at 7PM at RMC. The meeting lasted until about 9:30 PM. The attendees were: Antos, Andras Conrad-Avarmaa, Brigitte Drummond, Mark Hammond, Andrew Hlivka, Alex <9ahl8@qlink.queensu.ca> Ip, Sebastian <9scki@qlink.queensu.ca> Jezak, Edward Lott, Rodney MacIntosh, Bob Michelle (?) Miller, George Mitton, Doug Nagy, Daniel Szafranski, Mike Wirth, Edwin C. Meeting Schedule: 38 - Mon. Dec. 3 at RMC. "System & Network Security II" Summary Of Activities: - Web page and domain - http://www.klug.on.ca/ - Hosted by Internet Kingston! (Thanks!) - We also have klug.ca registered but it is not yet activated. - Mailing List: Send an email with "subscribe klug-general" in the body to majordomo@klug.on.ca - or "subscribe klug-security" in the body to majordomo@klug.on.ca - Usenet Group - kingston.os.linux (General, not just KLUG) Agenda/Minutes: 1) Roll Call and Introductions (if required) - See attendees above. 2) This Meeting: There were 15 attendees to our 26th presentation "System & Network Security I" by Mark Drummond. To start off Mark pointed everyone to security check lists located at cert.org and auscert.org. These check lists can be used to cover off all of the issues relating to securing your system. Mark then emphasized that this presentation was to cover securing a work station or computer. This does not mean network security but physical security of the hardware. He stressed that no hardware can be 100% secure and that only reasonable security can be achieved. This was broken down into hardware and software security. Hardware includes a locked, secured and restricted access to the case. Next comes passwords including BIOS, LILO (boot loader) and user. Software security involved knowing what is running on your machine, deactivating or deleting packages you don't need or understand. Once you know what is running and how it runs then keep it updated to current releases and configure it carefully to you and your users requirements. He discussed some of the older "r" services such as rshell, telnet, finger and auth. The secure modern versions of these packages were covered and why they are superior. Then he went on to cover some of the differences between the SYSV based Mandrake and BSD based Slackware. The main differences center around what happens when the kernel boots and passes control to the "init" process. The layout and use of the scripts in /etc/rc.d/ are different between Slackware and Mandrake so though the aims are the same editing requirements are different. Mark then emphasized the importance of monitoring, maintaining and acting on the contents of the various log files generated by the system. The main log file is /var/log/messages but others are created and updated depending on the packages installed. There was a description of the generic Linux boot process. It starts with the computer being turned on and the BIOS loading the boot loader blocks on the hard drive. In our case this is generally LILO and you are presented with boot options generally Linux or Windows. Of course Linux boots by default and the kernel is loaded from /vmlinuz for Slack or /boot/vmlinuz for Mandrake. The kernel initializes the hardware, loads the compiled in drivers and launches the "init" process. Init processes the files in the /etc/rc.d/ hierarchy in a manner dependant on the distribution. The system comes up from there with /etc/rc.d/rc.local typically being the last file processed. At this point you have a loaded system waiting for tasks to run. We then had a few announcements. Next month Mark will try to arrange a social evening for a Christmas Dinner at a local restaurant. Last year it was McGinnis Landing on Bath Road and a similarly priced location will be selected this year. Also Mark had been approached by nerdsunderglass.com to do some presenting at KLUG, this will be scheduled at a future date if it can be arranged. Also, we are attempting to set up a co-located system running Linux at Internet Kingston. Mark has hardware and he has solicited some input as to packages and applications. If you have some hardware to donate, would like to maintain some part of the services being offered or some other input please contact Mark. That wrapped up the evening and thanks to Mark and all who attended and participated. 3) Next Meeting: Mon, Dec. 3 at RMC. "System & Network Security II"