Because programs (Virii) cant install and run at user level (not with out a lot of effort), Av is not as needed in Linux. There is usualy a firewall that is installed, its just not as intrusive or recsource hungry as in Windoze.

Helped a workmate install Ubuntu on an old troublesome (under XP) Dell laptop. everything including the webcam worked without effort.

BOAC:

As others have so correctly stated: I wouldn't worry about av on linux.
It is a rarity when any Linux distro suffers from virus infection. Don't give it another thought.

As for a firewall. Following this link and behold the joys of configuring iptables, if you so desire, or other methods of installing a firewall on your ubuntu distro. (Ubuntu is one of the few Linux distros which do not come with a default firewall installation.)

Basic Ubuntu Linux Firewall Configuration - Techotopia

I spent the week stealing components from another, reliable, working machine and proved that the crashing is not power supply, wireless card, graphics card or ram module related. It is not the software as it has been known to spontaneously restart before it has completed the POST. I also updated to Ubuntu 10.04 to see if that made any difference. I called Scan to ask about returning the motherboard and the CPU and they suggested I try updating the bios. This I have done and, fingers crossed, it seem to be more stable. 22 hours and no restart.

One thing that I have noticed is that the scroll wheel on the mouse doesn't always work. This feature has been hit and miss since the 10.04 upgrade. Any idea why? or how to sort it?

Rans6....

"One thing that I have noticed is that the scroll wheel on the mouse doesn't always work."

Firefox does this on my Windows XP machine (yes, I have one...:\) - I think its a Firefox thing - Opera doesn't.

Mac

:ok:

'tis not a FF thing in this case, it doesn't work in gedit either.

Sorta Linux question, sorta Mac (VMware Fusion) question.

My VM running Ubuntu 10 LTS worked ok for a few hours. Now I can't click in the VM's window and get it to focus - clicking / cmd-G, nothing.

Googling has been little help, I suspect because I'm not using the right terms

Anyone else seen this ?

@rgbrock1
Firestarter is a good graphical firewall on ubuntu. It can be installed via Synaptic or apt-get.

Good point Hawkeye. Firestarter is indeed a nice GUI firewall front-end.:ok:

Linux Server Problem
 

The new-to-us family server is a secondhand Dell Poweredge 64 bit machine, 4GB, running Suse 11.2 (64bit) with a 180 GB drive with the operating system only and a Linux Raid 1 of 2 1 TB drives mounted as /home. The Raid is about half full of family data. You might think that the 180 GB drive should last forever before it filled, but only a month after commissioning the server, the drive is full.

What is likely to have caused this and where do I start to look for junk to delete?

First place to look is in /var/log. Can be lots of useless crap in there.
Second place, /tmp. (Although most Linux distros delete the contents of /tmp on reboot)

And if you really want to see what's chewing up your hard drive space issue the following command:

$ cd /
$ du -h | more

This will give you a rather lengthy listing of ALL your files on the entire hard drive.
You'll have to hit the <return> key to scroll through the listing.

Hope this helps.

It might be worth looking into setting up some crontab entries to clear out the log directory at regular intervals automatically.

Thanks
 

Thank you for the suggestion RGB1 - I cleared out /var/log and /tmp (the wonders of shift+del!) and now the drive has 3.7 GB on it and the server is happy again. There is no way that there were over 175Gb of messages, so I'm guessing somewhere a file was incorrectly allocating space - perhaps following a less-than-orthodox shut-down.

I'll look into crontab to see if I can set up a routine deletion of old logs.

"Family" machine I think you said ...

Maybe some of those "log files" were in fact not log files but the kids' cunningly hidden stolen porno movies.

Before deleting logs check just how much space they take. On this 'ere system, Kubuntu 10.04 installed just under 6 months ago, all the logs since then take all of 54MiB. If there are problems the logs can help a lot in isolating them to hardware/software/circumstances. Logs are in plaintext and very repetitive, so they compress very well (that's the .log.N.gz files). They shouldn't take much space, but can save your ass. One place I'd look is .xsessionerrors in users' home directories. They can get huge, and because they're out of the normal log hierarchy are frequently overlooked. If you're going to scan the whole disk for space usage try sudo du / | sort -nr | more This will list directories in order of the space they take. But it's slooooooow in GiB territory, what it's like in TiB areas I hate to think. (The "sudo" is needed to see into other users' usage, if you haven't used it before.) There are also graphical tools that do much the same job, if looking at columns of numbers doesn't float your boat. 'b

Gertie - that sort of thing is hidden on pendrives - they know Dad is too much of a geek for them to get away with it on the server.
AB - too late now, all are gone, but you confirm what I saw, which is that logs aren't large files. there must have been something in the /tmp area which either was genuinely huge or was erroneously reporting itself as such.

Grateful to all for the very valuable help.

The quick and dirty way, preferably as root:

du -csh /* 2>/dev/null

Example output:

8.3M /bin
23M /boot
264K /dev
41M /etc
73G /home
156M /lib
23M /lib64
16K /lost+found
4.0K /media
4.0K /mnt
4.0K /opt
0 /proc
1.6M /root
12M /sbin
4.0K /selinux
214G /srv
0 /sys
728M /tftpboot
6.0M /tmp
3.4G /usr
20G /var
311G total


Then repeat as needed on any subdirectories of interest, e.g.,:

du -csh /var/* 2>/dev/null
61M /var/adm
50M /var/cache
4.0K /var/crash
4.0K /var/games
20G /var/lib
32K /var/lock
79M /var/log
0 /var/mail
4.0K /var/opt
372K /var/run
99M /var/spool
17M /var/tmp
4.0K /var/X11R6
12K /var/yp
20G total


An alternative syntax to have the output appear in order of decreasing size:

du -s /var/* 2>/dev/null |sort -nr
20403992 /var/lib
100660 /var/spool
80352 /var/log
61476 /var/adm
51000 /var/cache
17360 /var/tmp
372 /var/run
32 /var/lock
12 /var/yp
4 /var/X11R6
4 /var/opt
4 /var/games
4 /var/crash
0 /var/mail


Various graphical tools are also available, but I always use the above as it's guaranteed to be on any Linux installation (some embedded platforms excepted).

archiving logs
 

copy them daily and compress to an oldlogs directory with a cron script. Delete any over 30 days old in oldlogs within same script, simples.
Copied this from what we did @ work when I moved onto nix systems support and set up my own sever as a VM image. Don't use it much now though, thinking about getting rid

man logrotate

As the OP is using OpenSUSE, this will do the trick: zypper install logrotate

Linux IS vulnerable
 

'Fix' due out shortly to close down a bug in the OS that enables someone to attain superuser rights on a system.

Just when you thought you were safe.....................

Any link to what the bug is?

Found it.

Linked to oracle client installations. You need to have an account on the machine and access to it.

Fix has aready been pushed.

BREAKING NEWS: The Pope is catholic.

Honestly BOAC.

I've said it once and I've said it again.

Software is written by human beings.

The more lines of code in a piece of software, the greater the risk of bugs in the code.

More complex pieces of software have a great number of interdependencies with other software written by other people (crypto libraries etc.).

Mac, Linux, Windows .... even the infamous OpenBSD. Only an idiot would claim their software to be invincible, as time and time again, it's proven that it's not a case of if.... but when.

What differentiates the software developers is not whether there are bugs in their code, but the overall quality of their code......how many bugs are found, the seriousness of the bugs, and how the bugs are dealt with etc. etc.

Mixture - may I suggest you stop reading? Your news on the Pope is timely, however.:ugh:

BOAC the simple difference between this "security breach" and the microsoft ones is that the linux/unix ones are usually found by pro security firms. And its is very rare they are in the core kernal. They also tend to be package specific as in this case. Its not actually the linux kernal that has the security hole its a third party add on for oracle clients.

m j - according to my info the flaw IS in the Linux kernel and was introduced in version 2.6.30. The fix is at http://www.vsecurity.com/download/to...-rds-exploit.c. We may be looking at different things? This is the second recent kernel 'error' by the writers following September's.

Its in a protocol layer of RDS which is a data package protocol for operating databases eg Oracle. You have to be on the local machine with a local account to be able to use it. ie you the user have to want to get into your own machine. Any self respecting linux user would know if you want to zero the root passwd and have access all you have to do is boot via a liveOS and zero the root passwd in the passwd file. Its only really an issue if you have a work machine aka your a dealer on the stock exchange. Even if you do get the local admin rights you still have no access to the servers.

For this to be able to work the RDS services has to be up, in 99% of the linux machines it won't be turned on.

The second flaw was part of the GNU C. libarys. And I might add as well there is no way I would ever open that link of yours. Its a C script that will screw every type of OS if it has something nasty inside it.

Which again is the main issue with nastys, users clicking on things that they don't have a clue what they do. Call it security_update.doc.c. most folk won't spot the c. on the end click on it and trigger the script.

MJ - to ease your concerns over whatever a 'c' is, you can visit VSR Security Advisories (no 'c')

C is a programing language.

And yes that is the "security flaw" which I was on about.

Of course any computer is vulnerable if you have direct local access to it, or if you're silly about passwords. The book The Cuckoo's Egg documents various hack attacks on UNIX that took place in 1986, in which secure military systems were brought down by "human factors", such as weak passwords and "social engineering" (i.e. call someone up and ask for the password). There were also remote attacks such as the Morris worm, which exploited some known bugs in UNIX processes. When we talk about systems being vulnerable these days, we hope that people and designers have learned from these and other past vulnerabilities and closed them off, but of course it's not guaranteed.

One main difference between UNIX and Windows systems, in the past, has been that you had Windows users running with administrative privileges at all times, while the "root" user on a UNIX system was clearly defined as "only when you have to". You could log in as root and do work, but if you read any books or received any training, you were left in no doubt that that was a Bad Thing. If you're running e.g. a web browser, it should be running under your limited permissions, why would it need anything more? Normal UNIX users had no choice in the matter - permissions were enforced by the sysadmin.

Which wasn't a problem at first, since UNIX systems were always designed to be run by a trained sysadmin, but if you're going to roll out UNIX (Linux, Mac OS X, etc.) to users who are not sysadmins, you have to give them a way in, which led to the "su" or "sudo" method. This gives you temporary root permissions using your own password, not a root password. You launch an application with "sudo" do what you have to do, and close the app. If any application were to try that, you get asked about it - is it necessary? If that sounds like what Microsoft has been doing with Vista and W7, it's not a coincidence. :8

BOAC

May I in return suggest you reconsider scaremongering type headlines that a journo would use..... "Linux IS vulnerable" .... :rolleyes:

Anyhow, no I won't "stop reading".... I'm off to read a book. Thank you very much.

bnt,

Ah yes... the joys of "sudo su" .... :cool:

Linux...the Phil Collins of the IT world
:}

Obligatory sudo reference: xkcd: Sandwich

So Windows must be Benny Hill, right?

The other difference is that 'Linux security hole' stories tend to hit the media two days _after_ my Linux machines have downloaded the updates which fix them. Normally when I see one of these stories I think 'oh, so that's why I got a new kernel on Monday', whereas when I used to run Windows I had to think 'Oh God, how long are they going to take to fix this one?'

That is, of course, still the situation with Flash bugs (nearly two weeks before they fix the latest critical exploit), but with Apparmor on Linux at least I can trivially sandbox Flash so that it literally cannot do anything bad to the OS because the kernel blocks it.

Really Stuffed Now
 

I can't work out what is causing this problem, but over time the entire data disk fills up. Twice I have recovered the machine to a useable state by locating and deleting large directories, but this time I was too late and the machine has stuffed itself and now refuses to let me login.

I need to establish what the cause is, as there is clearly something amiss - and it isn't log files - they would never fill hundreds of Gbs in a number of weeks. Most importantly, however, I need to regain control of the server so that we can have our files back.

I can gain access to the machine using a live disk (SuSe, or Knoppix), but they refuse to let me create a RAID using the existing pair of data disks; they want to format the disks, which clearly I don't want to do. A possibility is to disconnect the 2 data disks and reboot onto the OS disk, reset the partition tables, reboot and try to remount the data disks, but I am anxious that I risk losing my data. Thoughts anyone?

And yes, the backup is fairly recent, but not that recent!

Boot with Knoppix or whatever, take the data onto a separate USB drive, then blow away the server and reinstall so that you know how it's configured. Terabyte disks are relatively cheap these days, so ~£100 would get you a pair which you can RAID (assuming it's a SATA array rather than SAS?)

MB - Thanks for your thoughts, but I wish it were that simple. If I boot off a Live Disk, the partitioner recognizes the 2 disks as part of a RAID 1, but won't let me mount the RAID, saying that it cannot mount an unknown type of disk.

Is there a trick that I have missed?

RAID1 is a mirror of 2 disks with identical information on both.

Break the mirror and mount an individual disk (if you can)?

What directories did you have to delete? I believe the / partition on my home server is about 16GB and I've never had this kind of problem.