Capital Area Central Texas UNIX Society
CACTUS Newsletter

Volume 17, Number 5 - May 2001


Contents:


May Meeting Program - Demo of TKG's Bare Metal Restore

Ray Schafer of The Kernel Group (TKG) will demo their Bare Metal Restore on Solaris.


April Meeting Report

by Michael Rice

Michael Rice announced that the sparc 10 and the sparc 2 were still at his house, and that the NetApp was fixed according to NetApp and that Jack McKinney had volunteered to pick it up from them.

Gil reported that he never heard back from the former public access television producer he knew of. He volunteered to look further into it.

Ray said he was still trying to get in touch with a big name for an upcoming event. He mentioned Terpster, John Quarterman, Bruce Sterling. Ray mentioned again that Bruce Sterling doesn't do public appearances, but that if we push the "digital divide" as justification he might be willing to make an exception.

The discussion then veered onto the digital divide, and several points came up. The first was that many people on the other side of the divide don't know why they need computers, don't know how it could be useful to themselves, and some can't afford them. Gil mentioned that lots of companies are throwing away older computers. We also discussed how a public access television program could help address these issues.

Michael brought up that many companies are trying to address these issues with very low cost internet appliances, such as the NIC (to be demonstrated at a future CACTUS meeting), the i-opener and the like devices. We eventually came back around to future presentations at CACTUS. A returning member, Ron Woan , volunteered to talk on Large Scale Systems Security and possibly at some future date on Privacy. Lenny suggested a TIVO demonstration. Michael brought up the NIC demonstration. Ray said we could have a demonstration of Bare Metal Restore from TKG and his ksh presentation was on standby.


CACTUS System News

by Lindsay Haisley

We're still in a holding pattern on the full system upgrade on linux.cactus.org this month. The OS has been upgraded to Debian 2.2 (potato) however due to upgrade problems with the software RAID system on the box, we're still using the obsolete Linux 2.0 kernel. Hopefully this will change soon.

Our only major software addition this past month is an interesting one. We're now running a Nessus server on linux.cactus.org. For those of you not familiar with Nessus, it's an excellent security scanner along the lines of satan and other similar tools, providing the ability to probe your important Windows and Unix boxes for critical security holes. Nessus is in active development and is fully open source. The project's website at http://www.nessus.org has a description of Nessus which is worth quoting.

"Unlike many other security scanners, Nessus does not take anything for granted. That is, it will not consider that a given service is running on a fixed port - that is, if you run your web server on port 1234, Nessus will detect it and test its security. It will not make its security tests regarding the version number of the remote services, but will really attempt to exploit the vulnerability.

"Nessus is very fast, reliable and has a modular architecture that allows you to fit it to your needs."

I had a minor problem with the documentation and wrote the author of the software who got back to me in a couple of hours with a friendly and complete answer - the kind of excellent support many of us have come to expect from quality open source projects.

Nessus runs in a client/server configuration, allowing one to run a local client (GTK based) to interface with the server, which probes your system from the point of view of an outside intruder. Clients are available for (ugh!) MS Windows and Java, although the Nessus website posts a disclaimer about the latter, warning that it hasn't been maintained for a while.

I ran a security check on my system here using the Nessus server on linux.cactus.org and came up with a number of potential problems - problem CGI scripts, old versions of software, a few services on our LAN which should be closed to the world. I made some changes to the firewall in my router and tried again, only to find the problem ports still open! It turns out that the "Basic Firewall" filter rule set which came with my Netopia router when Jump.Net delivered it is configured out of the loop and is completely ineffective. When I got to the bottom of the issue, I emailed Jump.Net, rebuilt my firewall, and am considerably safer today than I was last week, thanks in large part to Nessus!

If you want to run Nessus, download the software and install the client on a machine to which you have console access. If you have root access on linux.cactus.org, run nessus-adduser as root to create an account for yourself. If you don't have root access but are a paid-up CACTUS member, contact one of the CACTUS officers to create an account for you. Communication between the Nessus client and server requires a one-time password the first time you connect, thereafter the client and server maintain a cryptographic key pair for one another which automates client authentication on the server.

In other news, our domain, cactus.org, is now registered with CASDNS, www.casdns.net, rather than with Network Solutions, Inc. CAS (for Computer Analytical Systems) is located in Louisville, KY and provides domain name registration services as a Council of Registrars (CORE) member. They're a small company, very competent and responsive. I've been working with them for a couple of years and if necessary I can almost always reach the top person in their registration service within a few seconds on the phone. No voice mail hell with these folks! I approached them about registering our domain for two years on a sponsorship basis, to which they readily agreed, so you'll find a listing for them in the "Friends of CACTUS" section with full information on reaching them. They must be doing something right! I talked with their main registration person early this month and he was up to his ears in domain name transfer requests from people fleeing NSI.

My company, FMP Computer Services, is currently providing a 2nd DNS server for cactus.org on ns.fmp.com which is slaving DNS from linux.cactus.org. When we get the Sparc 10 back on line, we can either move our 2nd name service to it, or leave it at FMP and set up the Sparc 10 as a 3rd name server. I am also listed as the tech/zone contact for the domain, and we may want to change this back to hostmaster [at] cactus <dot> org at some point. It will be a pleasure to work with the people at CASDNS after some of the tangled negotiations on changes we and others have had working through Network Solutions!


Membership

By Luis Basto

Let's welcome Baba Buehler as the newest member to CACTUS. We also want to thank Conrad Schneiker, Philip Wheatley, Eric Jones, and Michael Cheselka for renewing their membership.

We especially like to extend our sincere thanks to the Kernel Group for renewing their sponsorship. The Kernel Group (TKG) provides top quality mission-critical computer network development and support services for the healthcare and financial services industries. They provide integration and management services for existing networks, custom application development, and maintenance outsourcing services. The Kernel Group was founded in 1990 with headquarters in Austin, TX and maintains a branch office in New York, NY. The contact person is Ray Schafer, schafer [at] tkg <dot> com or 433-3300.


To renew your membership, please send check or money order payable to CACTUS ($25/yr for regular membership and $96/yr for corporate sponsorship):

You can also pay in person at the general meetings. Please direct any inquiries or address changes to membership [at] cactus <dot> org.



 

CACTUS Officers

Contact Information


CACTUS Sponsors

Significant Contributing Sponsors

Applied Research Laboratories/University of Texas at Austin www.arlut.utexas.edu
(Gil Kloepfer, Computer Science Division (CSD), 835-3771, gil [at] arlut <dot> utexas <dot> edu)
OuterNet www.outer.net
Internet service provider.

CACTUS Sponsors

Auspex Systems www.auspex.com
(Paul Levine, plevine [at] auspex <dot> com
Fastest reliable network fileservers.
Flametree Corporation www.flametree.com
(David Maynard, 670-4090, dpm [at] flametree <dot> com)
Internet and software consulting.
Covad/Laserlink www.laserlink.net
(Chip Rosenthal)
Multi Media Arts (MMA)
(Lee Williams, 451-7191)
Publisher of instructional materials for classroom and independent study.

Friends of CACTUS

Applied Formal Methods, Inc.
(Susan Gerhart, 794-9732, gerhart [at] cactus <dot> org)
Austin Code Works
(Scott Guthery, 258-0785, info [at] acw <dot> com)
CASDNS, Inc. www.casdns.net
(Warren Brown, (800) 977-3475), wlb [at] cas-com <dot> net)
A top-level domain name registrar, CORE member.
CTG
(Maurine Mecer, 502-0190 [FAX 502-0287])
Professional recruiting.
Compaq Computer Corporation www.himalaya.compaq.com
(Ron Boerger, 432-8000)
Provider of scalable, high availability systems.
EDP Contract Services
(Mark Grabenhorst, 346-1040) Professional recruiting.
Hewlett Packard www.hp.com
(Bill Sumrall, 338-7221)
Hounix http://www.texascomputers.com/hounix/
(Marilyn Harper)
Houston's Unix Users Group.
Network Appliance Corporation www.netapp.com
(Frank Mozina, fmozina [at] netapp <dot> com)
O'Keefe Search
Professional recuiting.
Sailaway System Design
(Chris J Johnson, 447-5243)
Schlumberger www.slb.com
(Kathy O'Brien, obrien [at] asc <dot> slb <dot> com)
Technical services and products in over 100 countries.
Silicon Graphics www.sgi.com
(Don Williams, 346-9342)
Solid Systems
(Pete Farrell, 442-2222)
Sterling Infomation Group www.sterinfo.com
(Darrell Hanshaw, 344-1005, dhanshaw [at] sterinfo <dot> com)
Sun Microsystems www.sun.com
(Rick Taylor)
Supplier of Unix client-server computing solutions.
Texas Internet Consulting www.tic.com
(Smoot Carl-Mitchell, 451-6176, smoot [at] tic <dot> com)
TCP/IP networking, Unix, and open systems standards.
Technow
A Sun Authorized Training Center and a Hardware Reseller.
Unison Software
(Shelley St. John, 478-0611)
Supplier of networked systems management solutions.
UT Computer Science Department
(Patti Spencer)
UT Computation Center
(Mike Cerda, 471-3241, cerda [at] uts <dot> cc <dot> utexas <dot> edu)

CACTUS Meeting Location:
Applied Research Labs

CACTUS meets on the third Thursday of each month at the Applied Research Labs (ARL) in the JJ Jake Pickle Research Campus (JJ PRC). We'll meet in the main auditorium located directly behind the guard's desk and main lobby.

Please do not show up earlier than 6:20 pm on the specified day. Enter through the main entrance at 10000 Burnet Road for ARL:UT. Tell the guard that you are here for the CACTUS meeting. You will be required to sign a log book, but not required to wear a badge. The guards will direct you to the auditorium entrance. Limited parking in the front of the building is available, but more extensive parking is available in the large parking lot just north of the ARL building. After 6:30 pm, all entrances to JJ PRC, except for the Burnet Road entrance, are closed and locked. You can still enter the parking lot in front of the ARL building. No parking tags are necessary after 6:00 pm. See map for further details.

Online maps are available at:

As always, please leave the facility as you saw it when you arrived. So let's clean up all pizza and soda items before we leave. Thanks and hope to see all of you there.

Map to the Monthly CACTUS Meeting

                                                  | |     ^
        <---- to MOPAC                            | |     |
                                                  | |     | North
                                                  | |     | to Braker Lane
                                   ---------------+ |
                                   -+ /-----------+ |
                                    | |           | |
                                    | +--------+  | |
                                    |  Parking |  | |
                                    |    Lot   |  | |
                                    +----------+  | |
                                                  | |
                           +------------+         | |
                           |            | +-------+ |
                           |            | |   +---+ |
                           |            | |   |   | | Rutland
                           |    ARL     | |   |   | +---------
                           |            | |   |   | +---------
                           |            | |   +---+ |
                           |            | +---+---+ |
                           +------------+         | |  |
                                                  | |  | South
                                                  | |  | to US 183
                                                  | |  v