Linux steep learning curve

[Computernerd22]

Boot in text mode then graphical, do this by: typing linux text I installed linux ass backwards did graphical mode first set partitions using LILO got done installing it restarted system, gave me a prompt for the Username root
password ***********

error 319 %^$^^% $#### @@@@@@@@@@@@@@@@@@@@@@@@@@@@@99 some type of bufferoverflow had to unistall and load linux from text mode first <--

[reaper44]

I have been a busy redhat nut updating distros as they come, i found redhat 9.0 to be very buggy (it still needs work) i eyed off mandrake 9.2 suggest you try that!it has the latest gear.

[IKnowNot]

Damn, if you can read 2 paragraphs in a white paper and have it down, you’re a better man then me.

Although many things can now be done in a GUI on Linux, the question is do you really want to?
You said a client wants a proxy server to “speed things up”.
What types of “things”?
More important, what type of client?
What are their security needs ?

Another thing bothered me about your post. Why would you be installing the RPM and then doing “the make and whatevers” ? Did you uninstall the original first? Did you install any updates from RedHat ? Do you know what an RPM is or how it works ?

If it is going to be a production machine you should learn to use the command line, and NOT install a GUI unless it is necessary. The more services you have running ( including X and Gnome ), the more holes that are possible. ( remember, this is a security site )

You should NEVER, NEVER, NEVER just slap together a machine with default settings out of the box ( not Linux, not BSD, and not Windows as you should already know ) and place it in a production environment just because it works.

In the environment envisioned, will it be necessary to CHROOT Squid ? ( I would regardless )

Yes, you are going to have to read. Yes, it is going to be work on your part. Although RedHat 9 is much better then say RedHat 5 at default settings for security, for a production machine you still may have to tweak things, and you are definitely going to have to know what to install and what not to install.

If you are as good at M$ products as you think you are, then what I have said should be no surprise. Otherwise I think maybe you should go back and read more then just 2 paragraphs of the white papers you perused. And definitely read more about Linux before offering it to a client.
phishphreek80 had some great starting links.

IMHO.
But what do I know?
IKnowNot

[disc0rd]

I know Linux junkies will hate me for this....But KDE has a nice Windows knockoff of ADD/REMOVE programs, try installing the Squid package through there. I had that problem with VNC not installing correctly, and ran it through the ADD/REMOVE, and it worked perfectly.
GNOME might have this option to, however I'm not too sure.

[maxim_86ualb2]

well man it is jsut coz ur used to M$..... that is all linux is userfrendly...

[jeffs72]

Originally posted here by IKnowNot

(snipped to save bandwidth)

Although many things can now be done in a GUI on Linux, the question is do you really want to?

I have heard that running anything other than the command line in linux chews up resources, and I've found this first hand. My hope is to get everything setup, and then disable the GUI, take away the keyboard and mouse, and just access the box via ssh.

You said a client wants a proxy server to “speed things up”.
What types of “things”?

Well, the internet, in vague terms. I report to one of the owners that can spare about 4 hours a month to interact with me, so I'm kind of on a long leash here. I am mainly hoping to use squid to speed up web browsing (a lot of http traffic here, and it's actually business traffic). I'm fairly sure the data T is maxed out, so I wanted to reduce bandwidth usage by cacheing frequently used images.

More important, what type of client?

Not sure exactly what you want here. My client is a mortgage company that doesn't have an IT budget. The clients are win95/98/ME/2000/XP (plus this 'new' redhat box).

What are their security needs ?

Sadly, I'm still trying to sell management on the idea of all users having their own passwords and enforcing a screen saver password policy. Any user control is difficult here, so I try to do a best effort in other areas. All the boxes are patched with SUS, I monitor firewall and switch syslogs, have a strong firewall policy in place, and try to fight people who insist on needing to run p2p stuff inside the network.

Another thing bothered me about your post. Why would you be installing the RPM and then doing “the make and whatevers” ? Did you uninstall the original first? Did you install any updates from RedHat ? Do you know what an RPM is or how it works ?

To clarify, I first tried to install the RPM, which failed at the half way point with no results. So, I downloaded the newest STABLE from the squid server and compiled, etc. Redhat comes with a nifty 'linux updater' much like microsoft, and it's as patched as it can be via that. I'm not sure how to be notified of any bugs/problems beyond that. I am subscribed to thier list, but it only notifies me of new downloads that are available (or seems to anyway).

I THOUGHT I knew what an RPM was and what it did, but since it didnt seem to work...

If it is going to be a production machine you should learn to use the command line, and NOT install a GUI unless it is necessary. The more services you have running ( including X and Gnome ), the more holes that are possible. ( remember, this is a security site )

True dat. As I said, the long term goal is to lockdown the box after I figure out how everything works. Like I don't leave services running on my servers that aren't used, I plan on removing/uninstalling/neutering anything not necessary to the function of a caching proxy server. I MAY, if time allows, frag the box and rebuild from scratch after I've climbed the learning curve.

You should NEVER, NEVER, NEVER just slap together a machine with default settings out of the box ( not Linux, not BSD, and not Windows as you should already know ) and place it in a production environment just because it works.

Yeah. Right now I'm testing squid with my machine. I won't move it into production without doing a lock down on it.

In the environment envisioned, will it be necessary to CHROOT Squid ? ( I would regardless )

I fear my ignorance will show through here, but here goes... What's CHROOT mean? If squid is invoked from/as root it starts up and changes itself to the nobody/nogroup setting or whatever. I actually created a user/group for squid that only has permissions where needed (according to the squid faq anyway).

Yes, you are going to have to read. Yes, it is going to be work on your part. Although RedHat 9 is much better then say RedHat 5 at default settings for security, for a production machine you still may have to tweak things, and you are definitely going to have to know what to install and what not to install.

Well, so far I've gotten redhat up, patched, and squid actually installed and working. I even went in and got redhat to autorun it at system boot. I am finding that a lot of the meat and potatoes of sys admining a linux box seem to only be accessible at the command prompt. I guess this makes sense considering it's roots. I was just hoping someone somewhere might have made a 'server manager' gui by now is all.

If you are as good at M$ products as you think you are, then what I have said should be no surprise. Otherwise I think maybe you should go back and read more then just 2 paragraphs of the white papers you perused. And definitely read more about Linux before offering it to a client.

Gees, that kind of stings. I've plenty of experience with running/building production environments. I've worked for several .coms and other more serious companies, I'm at the point where I can pimp myself out to people through my own company and do well at it. I wish every client had the resources available to do things the 'right way', but not everyone cares about security sadly. I watch Antionline and a few others to stay current, but most small and medium businesses have to have an incident for them to see the light where security is concerned.

My current client dictates my available resources (time to spend on X project, resources available to me, etc). While I'd prefer to do this in a much different fashion, sometimes you have to make some compromises based on the reality of the situation at hand.


phishphreek80 had some great starting links.

Thanks for that link, and I appreciate the feedback as well. This thread has helped quite a bit. I've found several good linux starter resources that I think would have taken me a bit of time to locate. It's always easy to find info on the net, just not easy to find GOOD info all the time.

Originally posted here by disc0rd
I know Linux junkies will hate me for this....But KDE has a nice Windows knockoff of ADD/REMOVE programs, try installing the Squid package through there. I had that problem with VNC not installing correctly, and ran it through the ADD/REMOVE, and it worked perfectly.
GNOME might have this option to, however I'm not too sure.

Oh wow, awesome. I haven't had time to play with KDE yet. I guess gnome is the default in redhat, and choice isn't as, uh, important to me as most linux people, I guess. I'll poke around KDE and see whats different.

Thanks!

[gore]

My 1,070th post:

Ok, learning Linux to me is a good idea. After you have it down pretty well, it's POSIX compliant so using another UNIX based OS is usually pretty easy to do.

I made a list of the OSs I own:

My OSs:

1. PC-DOS 6.3

2. BeOS pro 5.0

3. Turbo Linux Workstation 4.0

4. Redhat Linux 6.1

5. Redhat Linux 7.2

6. Redhat Linux 8.0

7. Redhat Linux 9.0

8. Slackware Linux 3.6

9. Slackware Linux 8.1

10. Slackware Linux 9.0

11. Slackware Linux 9.1

12. Open Linux 1.3

13. Caldera Linux 2.2

14. Debian Linux 3.0R1

15. Mandrake Linux 7.1

16. Mandrake Linux 9.1

17. Turbo Linux x.x

18. SuSE Linux 8.1 Professional

19. SuSE Linux 8.2 Professional

20. Free BSD 2.2

21. Free BSD 4.0 Power Pack

22. Free BSD 4.7

23. Free BSD 5.0

24. Free BSD 5.1

25. Windows 3.11

26. Windows 95

27 Windows 95 2nd release

28. Windows 98

29. Windows 98 SE

30. Windows ME

31. Windows 2000 pro.

32. Windows XP home

33. Windows XP home SP1.

34. Windows server 2003

I know it's shocking but I'v only downloaded about 5 of these, the rest were bought and paid for.

[KeyserSoze]

Oh wow, awesome. I haven't had time to play with KDE yet. I guess gnome is the default in redhat

True, it is the default in rh. Some people have some fierce allegience to one or the other, but both will allow you to accomplish what you want to.
As far as the resources being chewed up, it depends on how good the box is that you are using. If it is a minimalist-type box, then yeah, you will notice a difference. But if it is a P3 or better with 256 MB of ram, I doubt you will see a lot of difference if squid is all you are running it with. Of course, I don't know how much squid needs but you can get a print to screen of all running processes and how much processor and memory they are using with the command top .

I fear my ignorance will show through here, but here goes... What's CHROOT mean? If squid is invoked from/as root it starts up and changes itself to the nobody/nogroup setting or whatever. I actually created a user/group for squid that only has permissions where needed (according to the squid faq anyway).

Again, I don't know any of squid, but it is changing itself probably cause it is running as a system process or daemon. Also, CHROOT means to actually change the files that the process recognizes. In linux, the root filesystem (/) is analogous to C:. It is the base folder, the top of the heirarchy. When you invoke the chroot command properly, you can limit the processes's ability to do damage in a worst case scenario by making it think that it is running in the root directory; like nothing else is there above it. Read up on it and do it properly, though, or you cold leave a nice hole.
Hope some of this helps.

[jeffs72]

Originally posted here by KeyserSoze

Again, I don't know any of squid, but it is changing itself probably cause it is running as a system process or daemon. Also, CHROOT means to actually change the files that the process recognizes. In linux, the root filesystem (/) is analogous to C:. It is the base folder, the top of the heirarchy. When you invoke the chroot command properly, you can limit the processes's ability to do damage in a worst case scenario by making it think that it is running in the root directory; like nothing else is there above it. Read up on it and do it properly, though, or you cold leave a nice hole.
Hope some of this helps. [/B]

Ah this is interesting. I'll have to read up on it next week. My client is moving offices tomorrow, so right now I'm making sure we don't get screwed by bell south on our T1 installations.

Thanks!

[IKnowNot]

I am glad to see you got it up and running, and glad to see that a slight setback such as this only encourages you more.

As far as CHROOT goes, I think KeyserSoze covered that nicely. It is usually thought of for things like BIND, and Apache but can be used for other services as well.

I imagine you figured out what your problem was, if not maybe this will help for the future.

If you are doing a new install you can choose the packages to be installed beforehand.

If the system is installed and you want to add something ( in RH 9 w/default GUI ) you can just point to the "Main Menu" / "System Settings" / "Add/Remove Applications". This will bring up a similar window as when installing the system.

The nice thing about the above methods is they will search for dependencies and install them if necessary. RPM is not just a compression program but a package manager.

But just clicking on an RPM to install it it may fail if it can't find the files it needs.

If installing an RPM from the command line, with the rpm file in the current directory
rpm -ivh --test some.rpm

will let you know if there are any missing dependencies ( although in this case "libgd" is actually the "gd-1.8.4-11" package, sometimes the naming can be a little confusing.)

I think you'll have fun learning Linux. Good Luck.