032009

Revision 4 as of 2009-03-27 20:42:33

Clear message

Thank you for your interest in Securing Ubuntu !

BodhiZazen will be running two Q&A sessions on irc to discuss security and security issues.

Please review these threads & bring your questions :

  1. Ubuntu Security

  2. Intrusion Detection

  3. Apparmor

logs for 19/03 and 26/03

19/03/2009

   1 [00:00] <bodhi_zazen> Probably one at at time for guests
   2 [00:00] <Rocket2DMn> ack im fighting with someone
   3 [00:00] <Nano_ext3> we are all fighting lolz
   4 [00:00] <Nano_ext3> can I type something everyone?
   5 [00:00] <Nano_ext3> :)
   6 [00:01] <bodhi_zazen> I can see everyone has hit the wall :)
   7 [00:01] <Rocket2DMn> i should customize my terminal like bodhi_zazen has
   8 [00:01] <Rocket2DMn> is that a bash thing?
   9 [00:01] <jimi_hendrix> bodhi_zazen, what programs are those
  10 [00:01] <bodhi_zazen> OK, lets get this show on the wall
  11 [00:01] <bodhi_zazen> :)
  12 [00:01] <Nano_ext3> haha
  13 [00:01] <WastePotato> \o/
  14 [00:01] <bodhi_zazen> First , thank you everyone for coming to this session
  15 [00:01] <rraj_be> bodhi_zazen: sorry for intrupting,   when i tried it , its giving like "Enter passphrase for key '/home/raj/.ssh/ufbt-guest':"
  16 [00:02] <Snova> rraj_be: "padawan"
  17 [00:02] <jimi_hendrix> bodhi_zazen, whats tha shell
  18 [00:02] <bodhi_zazen> Let me assure you , the beginners team put me up to this
  19 [00:02] <rraj_be> k Snova
  20 [00:02] <jimi_hendrix> ive heard zsh but not jailzsh
  21 [00:02] <Snova> jimi_hendrix: A jailed Zsh. :)
  22 [00:02] <jimi_hendrix> which is?
  23 [00:02] <bodhi_zazen> it is a shell I make for apparmor jimi_hendrix
  24 [00:02] <bodhi_zazen> it is zsh
  25 [00:02] <Snova> Zsh, in a restricted environment.
  26 [00:02] <jimi_hendrix> ahh
  27 [00:02] <jimi_hendrix> did you edit it or something
  28 [00:02] <jimi_hendrix> edit the source*
  29 [00:02] <WastePotato> :(
  30 [00:03] <Snova> No, that's what AppArmor is for.
  31 [00:03] <bodhi_zazen> The intention is to raise awareness of security and so here we are :)
  32 [00:03] <jimi_hendrix> ok
  33 [00:03]  * jimi_hendrix raises hand
  34 [00:03] <bodhi_zazen> What do people want me to cover, what questions do you have ?
  35 [00:03]  * jimi_hendrix raises hand
  36 [00:03] <rraj_be> Snova:  Enter passphrase for key '/home/raj/.ssh/ufbt-guest':
  37 [00:03] <bodhi_zazen> go jimi_hendrix :)
  38 [00:03] <rraj_be> Permission denied (publickey).
  39 [00:03] <Nano_ext3> show how to implement profiles
  40 [00:03] <bodhi_zazen> rraj_be: padawan
  41 [00:03] <Nano_ext3> http://paste.ubuntu.com/133993/
  42 [00:03] <jimi_hendrix> bodhi_zazen, i dual boot windows and ubuntu
  43 [00:03] <jimi_hendrix> do i need an antivirus on ubuntu
  44 [00:03] <rraj_be> ok bodhi_zazen
  45 [00:04] <Nano_ext3> jimi_hendrix: hahah no
  46 [00:04] <Nano_ext3> this is for user control
  47 [00:04] <Nano_ext3> security on a server if you may
  48 [00:04] <bodhi_zazen> someone help rraj_be in a private window or on ##beginenrs-help
  49 [00:04] <bodhi_zazen> OK, antivirus first then :)
  50 [00:04] <bodhi_zazen> you will get varied opinions
  51 [00:04]  * jimi_hendrix uses AVG on windows
  52 [00:05] <bodhi_zazen> IMO antivirus is best used on your windows boxes
  53 [00:05] <Nano_ext3> Agreed
  54 [00:05] <bodhi_zazen> IMO Linux antivirus is best on file or mail servers
  55 [00:05] <Nano_ext3> things that need the security
  56 [00:05] <bodhi_zazen> IMO scanning your Linux desktop with antivirus will yield lots fo false positives
  57 [00:05] <jimi_hendrix> what about a webserver
  58 [00:05] <Nano_ext3> for desktop , not an issue really
  59 [00:05]  * jimi_hendrix is thinking of setting up a webserver
  60 [00:05] <Nano_ext3> yes on a webserver I would say
  61 [00:05] <Rocket2DMn> bodhi_zazen, if you need a place to start the discussion, why dont you briefly explain some of the tools you use to enhance security in linux (apparmor, iptables, ossec, snort, etc).  e.g. in one sentence each, what do they do?
  62 [00:06] <Nano_ext3> anything that deals with heavy user traffic
  63 [00:06] <bodhi_zazen> good idea Rocket2DMn :)
  64 [00:06] <Nano_ext3> yea
  65 [00:06] <bodhi_zazen> The linux tools are a bit different
  66 [00:06] <bodhi_zazen> and linux is modular ...
  67 [00:06] <bodhi_zazen> The first line of defense is, of course, permissions
  68 [00:06] <bodhi_zazen> sudo vs su ?
  69 [00:06] <Nano_ext3> yea
  70 [00:07] <jimi_hendrix> sudo runs one command su changes your user
  71 [00:07] <bodhi_zazen> su gives all or none root access
  72 [00:07] <Rocket2DMn> (or other user access)
  73 [00:07] <bodhi_zazen> sudo allows finer control
  74 [00:07] <bodhi_zazen> sudo -i for a root shell
  75 [00:07] <bodhi_zazen> Next a firewall
  76 [00:07] <bodhi_zazen> firewall are also full of opinions
  77 [00:08] <bodhi_zazen> In general, you should use a router as a router has a firewall built in
  78 [00:08] <Nano_ext3> thats how I do it
  79 [00:08] <bodhi_zazen> a default install of ubuntu has no servers listening, so the default settings behind a router are just fine
  80 [00:08] <Nano_ext3> Not versed in linux firewalls yet
  81 [00:09] <bodhi_zazen> If you wish to user  a firewall, to set up your own router (NAT) or limit connections, teh firewall is iptables
  82 [00:09] <jimi_hendrix> what about firestarter?
  83 [00:09] <bodhi_zazen> iptables can be configured with commands, a  script, ufw, or a gui tool such as GUFW, Guraddog, firestarter, shorewall, etc
  84 [00:10] <bodhi_zazen> guraddog has very nice built in help
  85 [00:10] <bodhi_zazen> the gui tools are not the firewall, only config tools
  86 [00:10] <bodhi_zazen> Open them, config iptables, close them
  87 [00:10] <Nano_ext3> think router access list , but on the OS itself via iptables
  88 [00:10] <bodhi_zazen> I advise you NOT use Firestarter to monitor your network traffic
  89 [00:11] <bodhi_zazen> Next , everyone know the terms HIDS / NIDS ?
  90 [00:11] <Nano_ext3> no
  91 [00:11] <bodhi_zazen> http://en.wikipedia.org/wiki/Intrusion-detection_system
  92 [00:11] <bodhi_zazen> http://en.wikipedia.org/wiki/Host-based_intrusion_detection_system
  93 [00:12] <bodhi_zazen> http://en.wikipedia.org/wiki/Network_intrusion_detection_system
  94 [00:12] <bodhi_zazen> OK, HIDS, most new users are familiar with say Windows antivirus scanners
  95 [00:12] <bodhi_zazen> This is a HIDS
  96 [00:12] <Nano_ext3> k
  97 [00:12] <bodhi_zazen> so is rkhunter and chkrootkit
  98 [00:12] <bodhi_zazen> as is OSSEC, tripwire, etc
  99 [00:13] <bodhi_zazen> use these tools to monitor your system for unauthorizzed changes
 100 [00:13] <bodhi_zazen> rkhunter and chkrootkit have a bunch of flase positives, learn what they are
 101 [00:13] <duanedesign> do you recommend running chkrootkit from a usb device
 102 [00:13] <bodhi_zazen> and what a "normal" sustem is
 103 [00:14] <bodhi_zazen> duanedesign: I do not think it matters really
 104 [00:14] <bodhi_zazen> The point is, you can not monitor your system for changes if you do not know what normal is
 105 [00:14] <bodhi_zazen> You will get alerts when you say install new software as well, or change a config file
 106 [00:15] <bodhi_zazen> Next NIDS
 107 [00:15] <bodhi_zazen> NIDS is sophisticated and even the geekiest will find this hard
 108 [00:16] <bodhi_zazen> You need to understand basic networking protocols, tcp, udp, ping, etc
 109 [00:16] <bodhi_zazen> Tools include snort and wireshark
 110 [00:16]  * jimi_hendrix tried wireshark one to sniff some packets i was sending
 111 [00:16] <Nano_ext3> ive take Cisco CCNA, and Id still have enormous trouble with that
 112 [00:16] <Nano_ext3> wireshark I have used
 113 [00:16]  * jimi_hendrix 's head blew up
 114 [00:16] <bodhi_zazen> these tools are "packte sniffers" and will montior your network traffic
 115 [00:17] <Nano_ext3> I reccomend wireshark
 116 [00:17] <bodhi_zazen> snort will user a set of rules to identify potentially problematic activity, although lots of false positives
 117 [00:17] <bodhi_zazen> wireshark will monitor the raw packets
 118 [00:17] <bodhi_zazen> in a nut shell
 119 [00:18] <bodhi_zazen> Next line of defense - SELinux / Apparmor
 120 [00:18] <Nano_ext3> :)
 121 [00:18] <jimi_hendrix> SELinux != distro right
 122 [00:18] <Snova> No, it's a security framework built into the kernel.
 123 [00:18] <Nano_ext3> no
 124 [00:18] <Nano_ext3> to jimi
 125 [00:18] <Nano_ext3> security monitor
 126 [00:18] <bodhi_zazen> These are very powerful tools and these are the first tools that can protect you against unknown exploits and Zero day exploits
 127 [00:18] <bodhi_zazen> These tools can limit even root
 128 [00:18] <Nano_ext3> zero day?
 129 [00:19] <Snova> Security exploits, on the day they are found, before they are patched.
 130 [00:19] <bodhi_zazen> http://en.wikipedia.org/wiki/Zero-Day_Attack
 131 [00:19] <bodhi_zazen> Ubuntu uses Apparmor, but it needs to be configured
 132 [00:19] <bodhi_zazen> Most people find apparmor easy to understand
 133 [00:20] <bodhi_zazen> The point, IMO, of apparmor is to "confine" any network applications
 134 [00:20] <bodhi_zazen> such as firefox, thunderbird, etc
 135 [00:20] <bodhi_zazen> you limit what they can do on your os
 136 [00:20] <bodhi_zazen> you can also limit a users shell, as I will show you on the shared ssh session
 137 [00:20] <Nano_ext3> cool
 138 [00:20] <lovinglinux> can be used with torrent applications?
 139 [00:21] <Snova> Anything.
 140 [00:21] <bodhi_zazen> IMO SELINUX and Apparmor are mis characterized as "overkill"
 141 [00:21] <bodhi_zazen> lovinglinux: yes
 142 [00:21] <bodhi_zazen> I am collecting apparmor profiles here : http://bodhizazen.net/aa-profiles/
 143 [00:21] <lovinglinux> So if someone exploit a vunerability on my torrent client, then Apparmor can prevent it from achieving success?
 144 [00:21] <bodhi_zazen> I have a profile for rtorrent
 145 [00:22] <Snova> lovinglinux: AppArmor can prevent it from accomplishing anything by restricting access to the filesystem, which is mostly the same thing.
 146 [00:22] <bodhi_zazen> If anyone is willing to contribute, send me your profiles ( bodhi.zazen @ ubuntu.com)
 147 [00:22] <bodhi_zazen> and I will post them as well
 148 [00:22] <Nano_ext3> i will have time this weeked to learn it bodhi
 149 [00:22] <lovinglinux> do you know a good tutorial for apparmor?
 150 [00:22] <Nano_ext3> bodhi link him your thread
 151 [00:22] <Nano_ext3> :)
 152 [00:22] <bodhi_zazen>  /end long winded security drive by
 153 [00:23]  * jimi_hendrix puts away machine gun
 154 [00:23] <bodhi_zazen> Links are here : http://paste.ubuntu.com/133993/
 155 [00:23] <lovinglinux> thanks
 156 [00:23] <Snova> AppArmor introduction: http://ubuntuforums.org/showthread.php?t=1008906
 157 [00:23] <bodhi_zazen> OK , with that background, questions please ?
 158 [00:23] <Snova> Oh, didn't notice the links at the bottom of that..
 159 [00:23] <bodhi_zazen> Or do you want to see what the shared session can do ?
 160 [00:23] <bodhi_zazen> ie live demo ?
 161 [00:24]  * jimi_hendrix raises hand
 162 [00:24] <bodhi_zazen> go jimi_hendrix :)
 163 [00:24] <jimi_hendrix> if i am running a webserver (linux of course...well maybe a *BSD)...and its just pages with html, what am i at risk for
 164 [00:25] <bodhi_zazen> apache attacks, php attacks, and DOS are the major ones
 165 [00:25] <bodhi_zazen> The damage depends on the attack
 166 [00:26] <bodhi_zazen> I have seen php code that takes you cookies for example (think passwords for web sites)
 167 [00:26] <bodhi_zazen> If a crack allows "arbitrary code" think an intruder then has root access
 168 [00:26] <lovinglinux> Do I need to create apparmor profiles for all applications that connect to network or just for those that listen to ports?
 169 [00:26] <bodhi_zazen> many attacks then use your box to attack others, send spam, spoof ip, what have you
 170 [00:27] <bodhi_zazen> IMO lovinglinux all apps that access the internet
 171 [00:27] <jimi_hendrix> bodhi_zazen, i said just html, no php
 172 [00:27] <bodhi_zazen> although as you can see I do not yet have profiles for all apps yet
 173 [00:28] <bodhi_zazen> jimi_hendrix: LAMP == Linux apache Mysql and PHP so I included it in the broader discussion
 174 [00:28] <jimi_hendrix> ok
 175 [00:28] <bodhi_zazen> Want to see a demo ?
 176 [00:28] <jimi_hendrix> yes
 177 [00:28] <bodhi_zazen> On the ssh session ?
 178 [00:28] <Nano_ext3> yeps
 179 [00:28] <bodhi_zazen> OK
 180 [00:29] <bodhi_zazen> anyone need assistance connecting via ssh ?
 181 [00:29] <bodhi_zazen> ok, the guru account has root access
 182 [00:29] <bodhi_zazen> as you can see
 183 [00:30] <bodhi_zazen> the guru account can install applications
 184 [00:30] <Traveler15164> yeah, i keep getting the Permission denied (publickey) error
 185 [00:30] <bodhi_zazen> :)
 186 [00:30] <bodhi_zazen> someone help Traveler15164 please :)
 187 [00:30] <lovinglinux> sorry, I know how to use ssh, but don't which server I'm supposed to connect
 188 [00:30] <bodhi_zazen> I will wait and answer questions
 189 [00:31] <bodhi_zazen> you need the key
 190 [00:31] <bodhi_zazen> then ssh guest@bodhizazen.net -i ~/.ssh/ufbt-guest
 191 [00:31] <bodhi_zazen> pw = padawan
 192 [00:31] <Nano_ext3> http://paste.ubuntu.com/133993/
 193 [00:31] <Nano_ext3> follow exactly
 194 [00:31] <Nano_ext3> verbatim
 195 [00:31] <bodhi_zazen> http://paste.ubuntu.com/133993/
 196 [00:31] <Nano_ext3> via terminal
 197 [00:31] <bodhi_zazen> for keys
 198 [00:31] <Nano_ext3> beat you to it :)
 199 [00:31] <bodhi_zazen> any other questions while we are waiting
 200 [00:31] <bodhi_zazen> ?
 201 [00:32] <bodhi_zazen> chickens, all questions are welcome :)
 202 [00:33] <bodhi_zazen> you in Traveler15164 ?
 203 [00:33] <bodhi_zazen> lovinglinux: ?
 204 [00:33] <Traveler15164> nope
 205 [00:33] <bodhi_zazen> Traveler15164: what do you need help with ?
 206 [00:33] <bodhi_zazen> do you have the key ?
 207 [00:33] <lovinglinux> just a second
 208 [00:33] <Traveler15164> yes
 209 [00:33] <bodhi_zazen> do you know how to use it ?
 210 [00:34] <Traveler15164> i got it and placed it in a new empty file?
 211 [00:34] <Traveler15164> named ufbt-guest and chmod 400 on that
 212 [00:34] <Snova> Stick it in ~/.ssh
 213 [00:34] <Traveler15164> it is
 214 [00:34] <bodhi_zazen> ok
 215 [00:34] <Snova> ssh guest@bodhizazen.net -i ~/.ssh/ufbt-guest
 216 [00:34] <Nano_ext3> you have to place that text in ~/.ssh/ufbt-guest
 217 [00:34] <Nano_ext3> and then chmod 400 on that file
 218 [00:35] <Nano_ext3> its all in the paste link
 219 [00:35] <Nano_ext3> http://paste.ubuntu.com/133993/
 220 [00:35] <lovinglinux> The authenticity of host xxxxxxxxxxx can't be established.
 221 [00:35] <Traveler15164> i'll redo it all to make sure
 222 [00:35] <bodhi_zazen> lol lovinglinux
 223 [00:35] <Snova> lovinglinux: That's normal, just confirm it.
 224 [00:35] <bodhi_zazen> say yes :)
 225 [00:36] <bodhi_zazen> Traveler15164: cd .ssh
 226 [00:36] <lovinglinux> lol, stupid me
 227 [00:36] <bodhi_zazen> rm ufbt-guest
 228 [00:36] <bodhi_zazen> wget http://bodhizazen.net/beginners/ufbt-guest
 229 [00:36] <bodhi_zazen> chmod 400 ufbt
 230 [00:36] <Rocket2DMn> you may have to "ssh bodhizazen.net" first and accept the fingerprint
 231 [00:36] <bodhi_zazen> ssh guest@bodhizazen.net -i ./ufbt-guest
 232 [00:36] <Rocket2DMn> then just ctrl-c without doing any authentication
 233 [00:37] <Rocket2DMn> then do the ssh command above to use the key
 234 [00:37] <lovinglinux> Connection closed by xxxxxxxxx
 235 [00:37] <Rocket2DMn> i found if you use the key without having the fingerprint cached, it doesnt give you the option to store it and it aborts
 236 [00:38] <bodhi_zazen> thanks Rocket2DMn
 237 [00:38] <bodhi_zazen> Traveler15164: you in ?
 238 [00:38] <Traveler15164> redoing it worked
 239 [00:38] <bodhi_zazen> lovinglinux: ?
 240 [00:38] <Traveler15164> strange
 241 [00:38] <bodhi_zazen> OK, so ...
 242 [00:38] <bodhi_zazen> as you can see we are root :)
 243 [00:38] <lovinglinux> OK, I am in
 244 [00:38] <Nano_ext3> yay!
 245 [00:38] <bodhi_zazen> as you can see, we started a new shell
 246 [00:39]  * Nano_ext3 runs around in circles with streamers
 247 [00:39] <bodhi_zazen> guru was jailzsh
 248 [00:39] <bodhi_zazen> root is bash
 249 [00:39] <bodhi_zazen> but the apparmor confinement follows us
 250 [00:39] <bodhi_zazen> so ...
 251 [00:39] <bodhi_zazen> First I am limiting root with iptables ...
 252 [00:40] <bodhi_zazen> sorry for the typo :(
 253 [00:40] <bodhi_zazen> as you can see, root can ping google , but not my lan
 254 [00:40] <jimi_hendrix> back
 255 [00:40] <bodhi_zazen> so lets stop iptables :)
 256 [00:41] <bodhi_zazen> OH NO
 257 [00:41] <bodhi_zazen> Permission denied
 258 [00:41] <jimi_hendrix> sudo it!
 259 [00:41] <Halow> He's root....
 260 [00:41] <jimi_hendrix> (i know)
 261 [00:41] <Rocket2DMn> tab complete fail
 262 [00:41] <bodhi_zazen> ok ..
 263 [00:42] <bodhi_zazen> lets mess with the settings a little
 264 [00:42] <bodhi_zazen> foiled again :)
 265 [00:42] <bodhi_zazen> Lets try this ::)
 266 [00:43] <bodhi_zazen> :)
 267 [00:44] <Halow> :O
 268 [00:44] <Snova> Ok, so the AppArmor restrictions followed you from jailzsh to root's Bash?
 269 [00:44] <bodhi_zazen> so you can see, although root can install apps, access to critical system files is restricted
 270 [00:44] <jimi_hendrix> r00t has uber fail?
 271 [00:44] <bodhi_zazen> yes Snova
 272 [00:44] <bodhi_zazen> We can start a new shell if we wish
 273 [00:45] <Rocket2DMn> My head just exploded.
 274 [00:45] <Nano_ext3> ugh gotta run, sorry guys
 275 [00:45] <bodhi_zazen> so ..
 276 [00:45] <Nano_ext3> have to head home for work tommorow :(
 277 [00:45] <Rocket2DMn> now bodhi_zazen , do these restrictions apply only when using sudo to access root?  What if you had a try root login, like "su -" ?
 278 [00:45] <Snova> Bye Nano_ext3.
 279 [00:45] <Nano_ext3> laters :(
 280 [00:45] <bodhi_zazen> any process you start is confined by apparmor
 281 [00:45] <bodhi_zazen> the restrictions follow you
 282 [00:45] <Nano_ext3> ill read more on aa this weekend
 283 [00:46] <Nano_ext3> def
 284 [00:46] <Nano_ext3> laters
 285 [00:46] <bodhi_zazen> no Rocket, watch
 286 [00:46] <bodhi_zazen> see, we are now guru again ?
 287 [00:46] <bodhi_zazen> guru is given jailzsh as a default shell
 288 [00:47] <bodhi_zazen> jailzsh in an apparmor profile and I think I can show it to you
 289 [00:47] <bodhi_zazen> There it is ...
 290 [00:47] <lovinglinux> That's it? Looks simple.
 291 [00:47] <bodhi_zazen> that was jail bash
 292 [00:48] <bodhi_zazen> jailbash is from jdong
 293 [00:48] <bodhi_zazen> posted here :
 294 [00:48] <bodhi_zazen> http://bodhizazen.net/aa-profiles/jdong/ubuntu-8.04/usr.local.bin.jailbash
 295 [00:48] <bodhi_zazen> and yes, it is simple
 296 [00:49] <lovinglinux> I'm gonna try this
 297 [00:49] <bodhi_zazen> I am restricting access to jailzsh as it is a fair amount more permissive then jailbash
 298 [00:49] <bodhi_zazen> anything else you want to see in the shared session ?
 299 [00:50] <bodhi_zazen> please, other security questions ?
 300 [00:50] <jimi_hendrix> bodhi_zazen, is it possible to secure a windows server?
 301 [00:50] <bodhi_zazen> yes, of course
 302 [00:51] <Rocket2DMn> ahh hardened windows servers :)
 303 [00:51] <lovinglinux> I have one stupid question at http://ubuntuforums.org/showthread.php?t=1100778
 304 [00:51] <bodhi_zazen> Again, I am collecting aa profiles here : http://bodhizazen.net/aa-profiles/
 305 [00:51] <bodhi_zazen> download them, try them out, and if you wish send me your modifications and I will post them for others
 306 [00:52] <bodhi_zazen> lovinglinux: in a nut shell, no your router is not ipv6
 307 [00:52] <bodhi_zazen> most people disable ipv6
 308 [00:53] <jimi_hendrix> Rocket2DMn, is it possible then?
 309 [00:53] <bodhi_zazen> ip providers hate ipv6 because ipv6 makes them obsolete as an ip provider
 310 [00:53] <bodhi_zazen> they would need to provide the physical layer howerver
 311 [00:53] <Rocket2DMn> yes jimi_hendrix you can lock down windows servers
 312 [00:53] <lovinglinux> bodhi_zazen:  so just leave ipv6 alone right? No need for iptables rules?
 313 [00:53] <bodhi_zazen> yes, or you can disable it if you wish
 314 [00:53] <lovinglinux> bodhi_zazen:  thanks
 315 [00:54] <bodhi_zazen> some people think their box runs faster if they disable it
 316 [00:54] <bodhi_zazen> np
 317 [00:54] <bodhi_zazen> please, I have been ranting, questions, questions :)
 318 [00:54] <jimi_hendrix> what is the average airspeed of a swallow
 319 [00:54] <lovinglinux> is there an alternative for intrusion detection without using MySQL?
 320 [00:55] <bodhi_zazen> yes lovinglinux
 321 [00:55] <bodhi_zazen> you can use snort + barnyard
 322 [00:56] <lovinglinux> I will look into that. Thanks
 323 [00:56] <bodhi_zazen> lovinglinux: http://searchenterpriselinux.techtarget.com/tip/0,289483,sid39_gci1255683_tax307468,00.html
 324 [00:57] <bodhi_zazen> although that may use mysql, and if so, my mistake
 325 [00:57] <ds305> quit Thanks bodhi
 326 [00:57] <jgoguen> lol :)
 327 [00:58] <lovinglinux> I have another question. Please wait because I have a inflamed finger, so I need time to type.
 328 [00:58] <bodhi_zazen> go lovinglinux
 329 [00:58] <bodhi_zazen> Well, we are close to the hour
 330 [00:59] <bodhi_zazen> Watch, if I close the screen session you all are disconnected :)
 331 [00:59] <bodhi_zazen> >:)
 332 [00:59] <Snova> Oh, like that? ;)
 333 [00:59] <bodhi_zazen> Just like that
 334 [00:59] <lovinglinux> I have an iptables rule to accept established connection. If I have a client listening to a port, but no other ports opened, is it possible for someone already connected to my client to establish connections on other ports?
 335 [00:59] <bodhi_zazen> The guest account can not connect without a session running
 336 [00:59] <bodhi_zazen> if you try you will be blacklisted after a few attempts
 337 [01:00] <bodhi_zazen> hard to follow lovinglinux
 338 [01:00] <lovinglinux> bodhi_zazen: maybe is just my paranoia
 339 [01:01] <bodhi_zazen> If your client is cracked and you are droping new connections I do not think normally the client could establish a new connection on a new port
 340 [01:01] <bodhi_zazen> I guess they could use the established connection and leverage additional exploits
 341 [01:02] <lovinglinux> bodhi_zazen: through the same port?
 342 [01:02] <bodhi_zazen> Well, thank you everyone, it is 7 so we are "oficially" over, although I will be available for say 10-15 minutes
 343 [01:02] <bodhi_zazen> then I have to go to my family
 344 [01:02] <duanedesign> aawesome!!! thank you
 345 [01:02] <bodhi_zazen> in theory lovinglinux
 346 [01:02] <Halow> Yes, thank you!
 347 [01:03] <bodhi_zazen> since the connection is established ...
 348 [01:03] <lovinglinux> Thank you very much. Really nice experience, specially the shared ssh session.
 349 [01:03] <bodhi_zazen> you are most welcome everyone
 350 [01:03] <duanedesign> applause
 351 [01:03] <bodhi_zazen> the beginners team is going to run additional sessions
 352 [01:03] <bodhi_zazen> and the shared ssh session is available to anyone willing to teach
 353 [01:04] <bodhi_zazen> I have found the shared ssh session is a very effective demo for apparmor and iptables , lol
 354 [01:05] <bodhi_zazen> wb k0001 :)
 355 [01:05] <lovinglinux> bodhi_zazen:  what do you think about UPnP?
 356 [01:05] <bodhi_zazen> Not a lot
 357 [01:05] <bodhi_zazen> Again, we all like convienience
 358 [01:05] <k0001> bodhi_zazen: hwllo
 359 [01:05] <bodhi_zazen> but we all hate it when we are cracked, lol
 360 [01:05] <lovinglinux> lol
 361 [01:06] <bodhi_zazen> so it is nice (off UPnP) for our flash drives to auto mount
 362 [01:06] <bodhi_zazen> but not so nice when a malignant code the uses this to automatically start it's evil work ;)
 363 [01:07] <bodhi_zazen> security and convenience == yin and yang and we must bring balance to the force
 364 [01:08] <bodhi_zazen> it is just that the balance point is dependent on sphincter tone, :p
 365 [01:08] <lovinglinux> lol
 366 [01:08] <bodhi_zazen> If anyone is interested in topics or teaching sessions, please let me know
 367 [01:08] <lovinglinux> do I need to keep your key for further sessions?
 368 [01:09] <bodhi_zazen> I shall try to run a session every other week at this time with varied topics
 369 [01:09] <bodhi_zazen> I am sorry to have such limited times, I wish I could vary it more, but I have a family so this works best
 370 [01:09] <duanedesign> that is much appreciated
 371 [01:09] <bodhi_zazen> yes lovinglinux
 372 [01:10] <duanedesign> :)
 373 [01:10] <lovinglinux> what time is there right now and what time it starts?
 374 [01:10] <bodhi_zazen> I hope that the sessions are logged and posted in classroom
 375 [01:10] <bodhi_zazen> It is just past 7 PM local time for me
 376 [01:10] <bodhi_zazen> Sessions will start at 6 pm local time
 377 [01:11] <lovinglinux> Ok, great
 378 [01:11] <bodhi_zazen> and if anyone has a topic, add it to the list
 379 [01:11] <bodhi_zazen> I think we do another security session in 2 weeks
 380 === k00011 is now known as k0001
 381 [01:11] <bodhi_zazen> and after that I have been asked to cover permissions
 382 [01:11] <lovinglinux> permissions will be nice
 383 [01:12] <linuxwarrior> is the session on 26th will be the same as this one ?
 384 [01:12] <bodhi_zazen> Add your topic here : https://wiki.ubuntu.com/BeginnersTeam/FocusGroups/Education/Proposals
 385 [01:12] <bodhi_zazen> put my name in as the instructor
 386 [01:13] <bodhi_zazen> and I will add them here : https://wiki.ubuntu.com/BeginnersTeam/FocusGroups/Education/Events
 387 [01:13] <bodhi_zazen> linuxwarrior: same topic
 388 [01:13] <bodhi_zazen> Hopefully different questions :)
 389 [01:13] <bodhi_zazen> I hope people will try iptables, apparmor, etc and bring questions
 390 [01:13] <Snova> Hmm... I could probably help with a few of those.
 391 [01:14] <linuxwarrior> ok ;)
 392 [01:14] <bodhi_zazen> http://bodhizazen.net/Tutorials/iptables/
 393 [01:14] <bodhi_zazen> I posted a number of links here : http://paste.ubuntu.com/133993/
 394 [01:14] <Traveler15164> what i don't get is i can genprof firefox and play around with it, then do the scan and it doesn't really add that much to the profile
 395 [01:14] <bodhi_zazen> no Traveler15164
 396 [01:15] <bodhi_zazen> That is the problem with apparmor, you will need to emulate a profile or make your own
 397 [01:15] <bodhi_zazen> firefox is not the best to start because it is large
 398 [01:15] <bodhi_zazen> Start with say xchat
 399 [01:15] <bodhi_zazen> or your irc client
 400 [01:15] <bodhi_zazen> and then go to firefox
 401 [01:15] <bodhi_zazen> sudo aa-enforce xchat
 402 [01:15] <bodhi_zazen> then
 403 [01:15] <lovinglinux> Is there a requirement for classes to be related with system configuration or can they be about how to use a specific kind of program, like multimedia for example?
 404 [01:16] <bodhi_zazen> tail -F /var/log/messages
 405 [01:16] <bodhi_zazen> open xchat and watch and resolve errors
 406 [01:16] <bodhi_zazen> lovinglinux: topics are open
 407 [01:17] <bodhi_zazen> we (the beginners team) is here to educate and we really want to grow this service and cover topics of interest to the community
 408 [01:17] <bodhi_zazen> We hope to add things like Moodle
 409 [01:17] <bodhi_zazen> http://fmc.isgreat.org/Ubuntu_Classroom/index.html
 410 [01:17] <bodhi_zazen> so we can develop more formal content
 411 [01:17] <bodhi_zazen> but ...
 412 [01:17] <Traveler15164> iif you put just enough in the firefox profile to allow firefox to start up, then it lets you view or change anything in that session but the settings or cache isn't saved, correct?
 413 [01:17] <bodhi_zazen> we are in the beginning phases
 414 [01:17] <Traveler15164> sorta like a sandboxing app
 415 [01:18] <bodhi_zazen> yes, I think Traveler15164
 416 [01:18] <lovinglinux> So maybe I could help with some stuff, like how to organize image collections using IPTC, EXIF and so on. I will think about it.
 417 [01:18] <bodhi_zazen> If you change (edit) the profile, you need to restart both apparmor and firefox for the effects to take place
 418 [01:18] <Traveler15164> ok
 419 [01:18] <bodhi_zazen> no always firefox, but it does not hurt
 420 [01:19] <bodhi_zazen> Sometimes you also need to clear your cache on firefox as well
 421 [01:19] <bodhi_zazen> lovinglinux: any help you can offer would be awesome
 422 [01:19] <bodhi_zazen> some team members help with content
 423 [01:19] <bodhi_zazen> others teach
 424 [01:19] <bodhi_zazen> some do nothing
 425 [01:19] <bodhi_zazen> :)
 426 [01:19] <lovinglinux> lol
 427 [01:19] <bodhi_zazen> it is a team effort and we are all volunteers
 428 [01:20] <bodhi_zazen> the main limiting factor , of course, is my time
 429 [01:20] <bodhi_zazen> I rely on the focus groups to help
 430 [01:20] <bodhi_zazen> OK, I gotta go
 431 [01:20] <bodhi_zazen> really, thank you all for coming
 432 [01:20] <bodhi_zazen> and lets see if we can continue and extend these sessions
 433 [01:21] <Halow> Thanks again. :)
 434 [01:21] <bodhi_zazen> we need both helpers and an audience :)
 435 [01:21] <lovinglinux> bodhi_zazen:  thanks again
 436 [01:21] <bodhi_zazen> PM me on the forms or come on by #ubuntuforums-beginners :)

26/03/2009

   1 [00:00] <bodhi_zazen> 'lo everyone :)
   2 [00:01]  * Hobbsee is here & watching
   3 [00:01] <bodhi_zazen> I am hoping this session can be more interactive then the last ;)
   4 [00:01] <bodhi_zazen> Otherwise I was going to discuss a little on encryption
   5 [00:02] <HymnToLife> sounds like fun
   6 [00:02] <bodhi_zazen> Here is the pastebin from 2 weeks ago
   7 [00:02] <bodhi_zazen> http://paste.ubuntu.com/133993/
   8 [00:02] <bodhi_zazen> we covered some of the basics and I demoed apparmor in a shared ssh session
   9 [00:02] <Snova> bodhi_zazen: I tried to log in just now, got errors regarding screen profiles.
  10 [00:02] <bodhi_zazen> which I can do again if you wish
  11 [00:03] <bodhi_zazen> yes Snova , the shared screen session is kaput at the moment, but I can fix it if you wish
  12 [00:03] <bodhi_zazen> I think ;)
  13 [00:04] <bodhi_zazen> I updated the system for ecryptfs, and it borked the shared screen session
  14 [00:08] <bodhi_zazen> OK, try to join the shared session Snova ;)
  15 [00:08] <bodhi_zazen> sorry this was not working
  16 [00:09] <DasEi> bodhi_zazen: do you have the link of the last session ( I missed ?)
  17 [00:09] <bodhi_zazen> Let me ask if anyone has any questions then ?
  18 [00:10] <bodhi_zazen> DasEi: I do not know off the top of my head where the logs are
  19 [00:10] <bodhi_zazen> I can find them
  20 [00:10] <bodhi_zazen> cprofitt: do you know ?
  21 [00:10] <Snova> Still broken.
  22 [00:10] <bodhi_zazen> :(
  23 [00:10] <bodhi_zazen> too bad
  24 [00:11] <cprofitt> know what?
  25 [00:11] <bodhi_zazen> I can try one more thing ..
  26 [00:11] <bodhi_zazen> cprofitt: where logs of these sessions are posted ?
  27 [00:11] <cprofitt> the logs should be on the wiki page
  28 [00:12] <cprofitt> https://wiki.ubuntu.com/BeginnersTeam/FocusGroups/Education/Events
  29 [00:12] <cprofitt> I did not get any for your last session though bodhi_zazen
  30 [00:12] <bodhi_zazen> oic, lol
  31 [00:12] <HymnToLife> bodhi_zazen: I have a question
  32 [00:12] <bodhi_zazen> please HymnToLife :)
  33 [00:12] <HymnToLife> should I use DSA or RSA for my SSH keys? *evil grin*
  34 [00:13] <bodhi_zazen> lol
  35 [00:13] <bodhi_zazen> to be honest I am not sure it matters
  36 [00:13] <bodhi_zazen> That is like asking DROP or REJECT with iptables
  37 [00:14] <bodhi_zazen> If you use RSA (I think) use 1024 bits (whick is now default)
  38 [00:14] <bodhi_zazen> do you have a preference ?
  39 [00:15] <bodhi_zazen> try again Snova ;)
  40 [00:15] <bodhi_zazen> Lets talk a bit about encryption then ;)
  41 [00:16] <bodhi_zazen> do people know encryption options on Ubuntu ?
  42 [00:16] <Snova> bodhi_zazen: Looks like the same thing again.
  43 [00:16] <bodhi_zazen> kk Snova :(
  44 [00:16] <bodhi_zazen> thanks
  45 [00:16] <HymnToLife> bodhi_zazen: I prefer RSA
  46 [00:16] <bodhi_zazen> yes, in general I do too
  47 [00:16] <HymnToLife> DSA has been developed by the NSA, and they have had shady practices
  48 [00:16] <bodhi_zazen> it seems 70% prefer RSA
  49 [00:17] <HymnToLife> also, since SSH-2 uses DSA only for host keys encryption
  50 [00:17] <bodhi_zazen> Encryption options on Ubuntu are LUKS and ecryptfs
  51 [00:17] <HymnToLife> using is also for user keys is kind of putting all your eggs in the same basket
  52 [00:18] <HymnToLife> using it*
  53 [00:18] <bodhi_zazen> One can use truecrypt and other tools such as encryptfs and gpg
  54 [00:18] <bodhi_zazen> To install an encrypted system, meaning / and swap are encrypted , use the Alternate CD
  55 [00:19] <bodhi_zazen> By default this will give you a /boot partition, and LVM + LUKS
  56 [00:19] <bodhi_zazen> Post install or during the install, if you wish, you can use ecryptfs to encrypt your /home/user directory, swap, or a private (or other) directories
  57 [00:20] <bodhi_zazen> I posted a how to on ecryptfs here : http://bodhizazen.net/Tutorials/Ecryptfs/
  58 [00:20] <bodhi_zazen> It still needs a bit of work, but the basic information is there
  59 [00:21] <bodhi_zazen> encryption is used basically to protect your personal data if your laptop or hard drive is stolden
  60 [00:21] <bodhi_zazen> IMO things like password protecting yoru BIOS and GRUB is a minor deterrent if someone has physical access
  61 [00:22] <bodhi_zazen> Some people like those tools, and yes it may stop a casual intruder, but they are easily defeated
  62 [00:22] <HymnToLife> also, if it comes down to it, some encryption tools can make encryption plausibly deniable
  63 [00:22] <bodhi_zazen> The disadvantage of encryption is there is a, IMO, minor performance hit
  64 [00:23] <bodhi_zazen> +1 HymnToLife
  65 [00:23] <HymnToLife> meaning that the police, government, etc. cannot *prove* you have encrypted stuff
  66 [00:23] <bodhi_zazen> he he he ...
  67 [00:23] <bodhi_zazen> Encryption can be defeated by a $ hammer applied to the solar plexus >:)
  68 [00:23] <bodhi_zazen> * $10
  69 [00:24] <bodhi_zazen> Sometime you need to apply the hammer a few times for it to work
  70 [00:24] <bodhi_zazen> lol
  71 [00:24] <bodhi_zazen> The other disadvantage of encryption would be if you lost your password or wanted to re-install preserving /home for example
  72 [00:25] <bodhi_zazen> It can be done, but none of the installers will preserve /home automatically , even if it is on a separate partition and so you would need to take casre to configure the encryption manually post install
  73 [00:26] <bodhi_zazen> Frankly, IMO, it is easier to back up you data, re-install with the defaults, and then restore your data
  74 [00:26] <bodhi_zazen>  /end rant on encryption
  75 [00:26] <bodhi_zazen> :)
  76 [00:26] <DasEi> also a more complicared access in case of harddrive-trouble can be added to the disadvantages
  77 [00:27] <Hobbsee> actually, if you set a partition as /home, the installer won't try to auto-format it
  78 [00:27] <Hobbsee> or at least, not on recent ubuntu releases.
  79 [00:27] <bodhi_zazen> Oh, one more thing, you can use keys with some encryption tools to automate decryption
  80 [00:27] <bodhi_zazen> No it will not Hobbsee , but I will not set up LUKS or encryptfs either
  81 [00:27] <Hobbsee> that's true
  82 [00:27] <bodhi_zazen> so post install you may not be able to decrypt it
  83 [00:28] <bodhi_zazen> :(
  84 [00:28] <Hobbsee> that may not still be true for jaunty, btw.
  85 [00:28] <bodhi_zazen> You need to take care with encryptfs if you encrypted /home/user_name because the information was stored on the root partition
  86 [00:28] <maxb> Isn't all the "setup" for ecryptfs contained within the homedir anyway?
  87 [00:29] <bodhi_zazen> maxb: It depends on how you setup encryptfs
  88 [00:29] <Snova> Is encryption only to protect if somebody gets physical access to the HD?
  89 [00:29] <bodhi_zazen> If you used encryptfs-setup-private you will be OK
  90 [00:29] <maxb> bodhi_zazen: Are you talking about ecryptfs? If so, spell it's name right to avoid confusing us!
  91 [00:29] <maxb> oops. I fail at apostrophe usage
  92 [00:29] <bodhi_zazen> If you encrypted your home directory during installation, no , the key is on the root partition and linked back to $HOME
  93 [00:30] <HymnToLife> Snova: in the case of ecryptfs, yes
  94 [00:30] <bodhi_zazen> so you will loose the config info if you install over the top of root
  95 [00:30] <HymnToLife> however, there are other kinds of encryption
  96 [00:30] <bodhi_zazen> sorry, yes ecryptfs
  97 [00:30] <bodhi_zazen> :p
  98 [00:30] <HymnToLife> Snova: for example, you can encrypts files using GnuPG to send them by email
  99 [00:31] <HymnToLife> (or to store them for later use)
 100 [00:31] <maxb> Ah, right, I'm only using ecryptfs in private-subdir setup, because I disagree that encrypting the entire homedir makes sense
 101 [00:31] <bodhi_zazen> If your data is sensitive enough to encrypt -
 102 [00:31] <Snova> I am fairly familiar with encryption in general, just wondering if there is any point to an encrypted *hard drive* (should have mentioned that previously) beyond physical access.
 103 [00:31] <bodhi_zazen> 1. Know that if the data is decrypted, ie you mounted your Private directory or LUKS partition, or truecrypt
 104 [00:32] <bodhi_zazen> the data is available to the root user
 105 [00:32] <HymnToLife> Snova: that the only one I can think of right now, but it's a pretty big one
 106 [00:32] <bodhi_zazen> or any other users allowed by your permissions
 107 [00:32] <HymnToLife> especially nowadays when laptops are getting smaller and smaller, thus easier to lose/steal
 108 [00:32] <bodhi_zazen> and 2. you should take care to encrypt your back ups as well :p
 109 [00:33] <bodhi_zazen> Snova: Only the paranoid would encrypt the entire installation
 110 [00:33] <Snova> bodhi_zazen: Any amount of it, really.
 111 [00:33] <bodhi_zazen> This would be to prevent someone for say installing a rootkit from a live CD
 112 [00:33] <HymnToLife> bodhi_zazen: there are many good reasons to be paranoid nowadays
 113 [00:34] <bodhi_zazen> The two potential vulnerabilities with encryption are :
 114 [00:34] <DasEi> and even then you'll need extra partitions or containers to avoid online-access
 115 [00:34] <bodhi_zazen> 1. Someone , in theory, could recover the key from RAM
 116 [00:34] <bodhi_zazen> 2. Your /boot partition is not encrypted so someone could replace your kernel
 117 [00:34] <bodhi_zazen> +1 HymnToLife re paranoia
 118 [00:35] <bodhi_zazen> Snova: for others , encrypting your private directory in /home , or a data partition, or removable device may be sufficient
 119 [00:36] <bodhi_zazen> I guess my point is to raise awareness of the vulnerabilities of physical access and encryption as the best solution, IMO
 120 [00:36] <HymnToLife> s/best/only/
 121 [00:37] <HymnToLife> encryption is based on math, math never cheats ;)
 122 [00:37] <bodhi_zazen> Well, you could wipe the drive or smash it very fast as they are breaking down your door ;)
 123 [00:37] <bodhi_zazen> melt it
 124 [00:37] <bodhi_zazen> questions on encryption ?
 125 [00:38] <bodhi_zazen> hint - this is your chance to ask questions
 126 [00:38] <bodhi_zazen> It sounds as if we have a few people here now who use encryption
 127 [00:39] <HymnToLife> no, I don't!
 128 [00:39] <HymnToLife> you can't prove anything!
 129 [00:39] <bodhi_zazen> Guilty by association
 130 [00:39] <bodhi_zazen> Off with his head
 131 [00:40] <DasEi> I just wonder how f.e. us-gpg needs a backdoor for nsa-related stuff, it is on ubuntu ?
 132 [00:40] <bodhi_zazen> We could talk a bit about iptables, root kits, antivirus
 133 [00:41] <bodhi_zazen> I know antivirus is boring to some, but it is a FAQ on the forums
 134 [00:41] <bodhi_zazen> Did anybody take a look at AppArmor ?
 135 [00:42] <DasEi> too less, let's talk
 136 [00:42] <HymnToLife> DasEi: if I understand your question, it's because the NSA doesn't like it when people use encryption they can't break :p
 137 [00:42] <bodhi_zazen> too less ?
 138 [00:43] <HymnToLife> well, they won't admit it, of course, but there's strong suspicion that the NSA-approve"d cryptosystems are the ones they can break
 139 [00:43] <DasEi> I recognized appamor f.e. restricts file access of an apache, but are not familiar with it
 140 [00:44] <HymnToLife> (hence why I don't use DSA for my SSH keys)
 141 [00:44] <DasEi> HymnToLife: pm ? don't stop bod..
 142 [00:44] <bodhi_zazen> no, this is an open discussion
 143 [00:44] <HymnToLife> well, you asked the question here, so I answer here :p
 144 [00:44] <bodhi_zazen> Or at least I hope so
 145 [00:45] <bodhi_zazen> DasEi: Apparmor can be used , and is most often used to "confine" network aware applications
 146 [00:45] <HymnToLife> or really any application
 147 [00:45] <DasEi> k, what I saw when mentioning harddrive encryption where different solutions ( I'm german), and from the same app, there are different releases, some of them are not legal in us
 148 [00:45] <bodhi_zazen> It has not been as popular as it *should* be , IMO
 149 [00:46] <bodhi_zazen> I posed a how to here : http://ubuntuforums.org/showthread.php?t=1008906
 150 [00:46] <HymnToLife> but the network-related ones are the one it makes most sense confining
 151 [00:46] <HymnToLife> since they basically process untrusted data all the time
 152 [00:46] <bodhi_zazen> and I am starting to post some example profiles here : http://bodhizazen.net/aa-profiles/
 153 [00:46] <bodhi_zazen> Looking for contributions in face
 154 [00:46] <bodhi_zazen> *fact
 155 [00:47] <bodhi_zazen> Apparmor vs SElinux is another issue sometimes debated
 156 [00:47] <bodhi_zazen> Apparmor is easier to learn, but IMO takes more time to maintain
 157 [00:48] <bodhi_zazen> For example , you need to revise your profile when firefox is updated from 3.0.6 to 3.0.7
 158 [00:48] <bodhi_zazen> ;)
 159 [00:48] <bodhi_zazen> You have to keep an eye on apparmor, and there are no GUI tools in Ubuntu, although SUSE has some
 160 [00:50] <bodhi_zazen> Any questions / comments please jump in >:)
 161 [00:50] <bodhi_zazen> Shifting gears a little ...
 162 [00:50] <bodhi_zazen> Antivirus
 163 [00:50] <bodhi_zazen> IMO the biggest problem with antivirus is the sheer numbers of false postitives
 164 [00:50] <bodhi_zazen> If you use antivirus and you do not want to simply delete detected files, you will have to do a fair amount of detective work
 165 [00:51] <bodhi_zazen> Example : http://ubuntuforums.org/showthread.php?t=1106160
 166 [00:51] <bodhi_zazen> Snova: can you try to connect again please ?
 167 [00:51] <Snova> Ok. :)
 168 [00:52] <bodhi_zazen> nvr mind, it is still borked
 169 [00:52] <Snova> bodhi_zazen: Yep. :)
 170 [00:52] <bodhi_zazen> I had to update for ecryptfs , but it broke screen
 171 [00:53] <HymnToLife> well, you can always experiment with AA by yourself in a virtual machine (so you don't get locked off your real system)
 172 [00:53] <HymnToLife> the basic concepts are really not hard to grasp
 173 [00:54] <HymnToLife> Novell advertises it as requiring only 1-2 days of training, I don't think they're very far from the truth
 174 [00:54] <bodhi_zazen> I agree with that
 175 [00:54] <bodhi_zazen> I would say I am still learning, but it took me about 4 hours to become comfortable with it
 176 [00:55] <bodhi_zazen> The advantage of apparmor, it has the potential to stop zero day exploits
 177 [00:55] <bodhi_zazen> We have 5 minutes left in this session ;)
 178 [00:56] <bodhi_zazen> I will run a session on this channel, same time, every 1-2 weeks depending in interest
 179 [00:56] <bodhi_zazen> From last week there was the suggestion we discuss permissions
 180 [00:56] <bodhi_zazen> Now I know most of you know basic permissions, but we can review sticky bits and if you wish acl
 181 [00:58] <DasEi> I#ve got a question to the initialization of apparmor
 182 [00:58] <HymnToLife> basic SSH configuration might be a good topic too
 183 [00:59] <HymnToLife> I'm thinking about Issues like that: http://ubuntuforums.org/showthread.php?t=1107057
 184 [00:59] <DasEi> what does this 'connecting to repository mean ? isn't this a local mechanism ?
 185 [00:59] <HymnToLife> for those who want a bit more control than basic usernames/passwords
 186 [00:59] <HymnToLife> DasEi: it means downloading a few pre-made profiles for common applications, IIRC
 187 [01:00] <bodhi_zazen> DasEi: and HymnToLife we could have sessions on apparmor or ssh in more depth
 188 [01:00] <bodhi_zazen> I happen to like ssh ;)
 189 [01:01] <DasEi> HymnToLife: and it does for every app Iagain ?
 190 [01:01] <bodhi_zazen> DasEi: AppArmor was developed my Novell
 191 [01:01] <HymnToLife> but now they fired all the aa devs :p
 192 [01:01] <bodhi_zazen> And I think the idea was to have a central repository for profiles
 193 [01:01] <DasEi> deeper sessions.. gotta get coffeine.. great
 194 [01:01] <HymnToLife> I heard some of them were working for Microsoft now
 195 [01:01] <bodhi_zazen> for things such as say apache or what not
 196 [01:02] <bodhi_zazen> I do not think it has been developed, but it still comes up when you generate a profile
 197 [01:02] <bodhi_zazen> aa was then added to Ubuntu and we will need to see how much it is used / developed
 198 [01:03] <bodhi_zazen> Otherwise we will be back to SELinux :p
 199 [01:03] <HymnToLife> Mandriva uses AA too
 200 [01:03] <DasEi> sry when bein annoying; apparmor follows an given app in the inital , then asks additional quests and then creates the profile, which can be altered manually again, so no need for external request..
 201 [01:03] <HymnToLife> I think that's all
 202 [01:03] <bodhi_zazen> no DasEi
 203 [01:03] <bodhi_zazen> Most profiles need to be personalized anyways
 204 [01:03] <bodhi_zazen> PCLinuxOS ?
 205 [01:04] <bodhi_zazen> I have not tried that lately, but I though they were Mandriva based.
 206 [01:04] <HymnToLife> I think so too, but I don't go in the RPM world often
 207 [01:05] <bodhi_zazen> OK, I will stay for a while if there are additional questions, otherwise 2 weeks
 208 [01:05] <bodhi_zazen> Any interest in having weekly sessions ?
 209 [01:05] <DasEi> k, reading shall heal me for now, many thanks, bodhi_zazen and all the others
 210 [01:05] <bodhi_zazen> topics : add them here : https://wiki.ubuntu.com/BeginnersTeam/FocusGroups/Education/Proposals
 211 [01:06] <bodhi_zazen> put my name by the topic and I will try to announce and cover them as we go
 212 [01:06] <DasEi> bodhi_zazen: nothing bad, nice would be to follow up missed ons at http://irclogs.ubuntu.com/
 213 [01:06] <DasEi> *ones
 214 [01:07] <bodhi_zazen> In the long run the Beginners Team is hoping to do continued and more focused in depth sessions, perhaps using something such as Moodle
 215 [01:07] <bodhi_zazen> yes DasEi I thought ubuntu-classroom was going to post sessions, I will look into that
 216 [01:07] <bodhi_zazen> I do not have a way right now to log sessions
 217 [01:07] <bodhi_zazen> as I am @ work and accessing over mibbit
 218 [01:08] <DasEi> bodhi_zazen:they do, but last isn't there by now
 219 [01:08] <bodhi_zazen> We shall look into it then DasEi
 220 [01:08] <bodhi_zazen> but yes the intention is to post logs
 221 [01:08] <bodhi_zazen> and grow these sessions
 222 [01:09] <bodhi_zazen> I am hoping to spread the word and get some discussion and education going.
 223 [01:09] <DasEi> date -u was the greatest tip on UTC, writes this bold, lol
 224 [01:09] <bodhi_zazen> lol
 225 [01:09] <bodhi_zazen> Thank you everyone for coming
 226 [01:10] <DasEi> thank you for rowing
 227 [01:10] <bodhi_zazen> I shall spam channels with future meetings, but this time works out for most people, although not all
 228 [01:10] <bodhi_zazen> I hope these sessions help educate people ;)
 229 [01:11] <bodhi_zazen> we should learn from each other, some people know very much
 230 [01:11] <bodhi_zazen> we are planning to do sessions on wiki and development (packageing)