Enterprise Unix Roundup: Picking at the Red Hat Lock-In Page 2

Security Roundup

» If you run a Fedora server, you'll want to doublecheck any update notices you may have received in the mail: There's a chance they're a scam designed to trick the unwary into installing malware. If you haven't already made yourself familiar with the vagaries of public key crypto like GnuPG, this might be a good time: Signed packages are how the good guys prove their identity.

• Apple released Security Update 2004-10-27, which addresses a bug in the Apple Remote Desktop Client that could allow an application to be launched behind the login window and run as root.
• Bugs in the Common Unix Printing System (CUPS) could allow user names and passwords to turn up in log files or enable malicious users to run arbitrary code. Fixes are in from Mandrake, Debian, and Fedora.
• Odds and ends: Mandrake released a patch for squid that addresses a potential denial of service attack. SUSE patched a bug in libtiff that could allow execution of arbitrary code. Gentoo patched a bug that could allow a local user "to overwrite arbitrary files with the rights of the user running the script."

Tips of the Trade

Running a Web site used to be so easy. Set up Apache, fling up a few HTML pages, and that was that. Performance-tuning was easy — just get rid of things like silly animated Java applets, blink tags, and obese graphical images. (You're thinking blink tags had nothing to do with performance, aren't you. Well they did — they improved it by chasing site visitors away.)

These days, it's more complicated: All kinds of network intermediaries clutter the landscape between your actual Web pages and the fortunate surfers who manage to find them. Finding performance bottlenecks, fine-tuning configurations, and figuring out what hardware you need to support seem to require alchemy more than science.

If you prefer to rely on testing and benchmarking rather than alchemy, Web Polygraph is just the thing. For example, say you want to test how your DNS performs under load. Every test has both a client and server component. Edit the simple.pg files so that they have the correct network and test parameters. Then, start the server test followed by the client test.

polysrv \
    --config /usr/local/polygraph/workloads/simple.pg \
    --verb_lvl 10
    --log server-test.log

polyclt \
    --config /usr/local/polygraph/workloads/simple.pg \
    --verb_lvl 10
    --log client-test.log

Gobs of output will fill your screen and the logfiles. When you've had enough, kill the polysrv and polyclt processes. Then, use the included Reporter to generate readable graphs from the logs. (You'll also need gnuplot to make this work.)

Web Polygraph tests just about everything you can think of: workload, authentication, load balancing, proxies and caches, content filtering, DNS -- everything that can get in the way of delivering content. It runs on Linux, Unix, and Windows. Visit Web Polygraph for downloads and user reference manuals.

Carla Schroder writes the Tips of the Trade section of Enterprise Unix Roundup. She also appears on Crossnodes every Wednesday, and is the author of the site's popular Scripting Clinic, which deals with Unix/Linux scripting issues.

>> To Main
>> To Other News