Enterprise Unix Roundup -- Open Source Bucks the Herd Page 2

In Other News

» Red Hat released an incremental update to Enterprise Linux 3 that includes the "NX" kernel extension, the recently GPLed Exchange Connector from Novell/Ximian, and support for IBM's Power5 chipset.

The NX kernel extension is meant to help stop the execution of malicious code from viruses and worms. Exchange Connector enables Linux and Unix clients running Ximian's Evolution groupware client to connect to Microsoft Exchange servers transparently.

Red Hat also named a new CFO: Charles E. Peters, Jr. Peters is taking over in the wake of turmoil over the company's need to restate its earnings to take subscription revenue into account.

» Sybase announced it is offering a no-cost Linux version of its Adaptive Server Enterprise (ASE) database package. The offering runs only on systems with a single CPU, 5 GB of database storage, and 2 GB of RAM. As internetnews.com reports, the download is less of an assault on IBM and CA, and more of a preemptive strike against Microsoft's low-end SQL Server Express, due out next year.

» ServerWatch's review of SUSE Linux Enterprise Server 9 maintains that the big value differentiator is the inclusion of Linux kernel 2.6.

» Although much noise has been made about Sun's move into low-end x86 servers, it looks as if the company is also looking to hold on to its status as a telco force with the latest batch of Advanced Telecom Computing Architecture enhancements to its Netra 440 line.

Security Roundup

• Apple has released a sizable update covering some of the issues reported here in the past few weeks, including bugs in kerberos, Apache 2, rsync, tcpdump, OpenSSH, and others. The patch is available via Apple's Software Update tool or at Apple's update page. Look for "Security Update 2004-09-07."
• Patches to kerberos5 came in from Trustix, Mandrake, and Gentoo.
• SUSE and Mandrake patched a denial of service vulnerability in zlib.

Tips of the Trade

ngrep, or network grep, cunningly combines the abilities of grep, for searching on text strings, and tcpdump, for filtering on specific network protocols. ngrep can be used to sniff network packets directly or to extract information selectively from the logs of other packet sniffers and network monitoring utilities, like Ethereal, Snort, or tcpdump.

The following command displays, in real time, all traffic on eth0:

# ngrep -d eth0

You can use it to snoop other hosts on your LAN, either by IP or hostname, like so:

# ngrep '*' host 192.168.1.10

You can also filter on text strings. This command looks for variations on the word "password," and displays only the contents of packets containing the search string ("-i" switch makes the search string case-insensitive):

# ngrep -i 'password|passwd'

If you're monitoring users on your LAN, you can look for certain inappropriate text strings ("-w" means "whole-word search"):

# ngrep host 192.168.1.10 -iw 'naked|sexy|hooters|jailbait'

To pipe the output of ngrep to a file, use the -O flag:

# ngrep '*' host 192.168.1.10 -O filename.txt

ngrep is downloadable from the ngrep home page. Because you need to understand TCP/IP networking to use utilities like ngrep effectively, see the RFC Sourcebook for definitions, diagrams of packets, and relevant requests for comment.

Carla Schroder writes the Tips of the Trade section of Enterprise Unix Roundup. She also appears on Crossnodes every Wednesday, and is the author of the site's popular Scripting Clinic, which deals with Unix/Linux scripting issues.

>> To Main
>> To Sender ID for E-Mail Update