Enterprise Unix Roundup: Next Stop, LinuxWorld – page 2

In Other News

» Time zones are something we think about whenever Sydney, Australia comes up in conversation. After all, they're 16 hours ahead from our location, with an extra day thrown in for good measure. But this was not enough to deter the open source faithful to journey halfway across the planet to attend LinuxWorld Sydney this past week. Not much product news came out of that show, but open source disciple Jon "Maddog" Hall delivered his usual candid messages of why Linux adoption is not as rapid as it could be. This time, Hall's message centers around the idea that too many companies are accepting what proprietary vendors are saying about open source and not thinking for themselves.

HP's open source guru Martin Fink delivered the one of the last keynotes of the event, popping off a rebuke toward the Open Source Initiative and the fact that with 58 official open source licenses and counting, the proliferation was just too great. Fink gets no argument from us.

Meanwhile, open source up and comer Peter Quinn, the former CIO of Massachusetts, offered a more mundane and personal reason for the lack of Linux success in government: the informal dress code used by some members of the Linux community. Apparently it must be an issue for U.S. politicians, since Brazil, Venezuela, and the City of Munich, among others, are deploying Linux anyway. We'll be sure to pack our best clothes for LinuxWorld next week.

» We can almost feel the giddiness streaming out of Red Hat's Durham, N.C. headquarters after its announcement of a killer fourth quarter 2005 after the market closed Tuesday.

Red Hat's earnings were 13 cents per share — a penny ahead of estimates. Sales rose 37 percent to $78.7 million, beating the $78.26 million forecasts. Subscription revenue rose 44 percent to $66.7 million. Not too shabby. Red Hat's business has been growing consistently in recent quarters, and this commercial success is certainly reflecting well on Linux as a whole.

Of course, Wall Street being what it is, traders latched on to one bad point in the fourth-quarter report: Current quarter earnings were expected to be only 8 cents per share, while analysts were predicting a 9 cents per share forecast for 1Q06. So in the end, Red Hat shares dropped 88 cents at close of trading Wednesday.

This is why we put all of our money into precious metals. Like chrome.

» Another Linux success is the aforementioned migration to the Linux desktop in the City of Munich. But that was almost not to be, according to a new book out by European patent protester Florian Mueller. In the book, No Lobbyists As Such, Mueller details how he and his fellow anti-patent campaigners urged the Green Party in Munich to raise an official query about patent litigation to the city administrators.

This move, intended to bring more attention to the dangers of patent litigation to free and open source software, almost did more harm than good. The city fathers immediately put the kibosh on the migration plan, pending further investigation. Luckily for all involved, the project was re-started a week later, and the Munich migration is still under way.

Maybe placards next time, huh guys?

» One city that has had its woes with Linux recently is the metropolis of Tuttle, Oklahoma (pop. 4,294), where a misconfigured Web site running Apache on Red Hat Enterprise Linux clone CentOS had city manager Jerry Taylor fit to be tied. Believing the default CentOS page displayed by the city's host Web server was some sort of hack, Taylor contacted CentOS lead developer Johnny Hughes. "Contacted" might be too soft of a term. More like harassed and threatened, as Taylor repeatedly mentioned FBI involvement while Hughes patiently tried to discover (a) what Taylor was talking about and (b) which server was incorrectly displaying the default page.

In the end, as Hughes suspected, it was the fault of the city's host provider, and Taylor was appeased — sort of. He indicated in his last missive that "It could have been resolved a lot quicker if the initial correspondence with you provided the helpful information that was transmitted in the last messages."

Okay, so not every Linux deployment goes smoothly.

Elsewhere in the Corral

Recent relevant articles about enterprise Unix

• While Novell conducts video-enabled usability tests of new GUIs, the company's partners are implementing Mono, a cross-platform development environment built into the new SUSE Linux 10, along with other tools to create applications and hardware drivers for current and future editions of Novell's Linux desktop.
• If you've got Linux clients on your WLAN, our quick guide to securing their connections with WPA is a must-have.
• There's been a lot of hype around Zimbra, an open source, standards-based e-mail and collaboration server. ServerWatch takes it out for a spin to determine whether it has what it takes to be the Linux alternative to Exchange.

Tips of the Trade

Today's letter is the letter "n", for netstat, nmap, and netstat-net. With these three commands you can run quick tests on your iptables firewall, and easily pinpoint misconfigured or unnecessary services.

Netstat shows all listening and connected ports on a system. Running the netstat command as root shows established network connections, plus all active Unix domain sockets. In most cases, you will not be interested in Unix domain sockets, since these are local inter-process communications. So this command shows just TCP/IP and UDP sockets, both listening and connected:

# netstat -atu

You may also see the program names and users with the -pe options. -n display addresses instead of hostnames.

These commands are especially useful on a multi-homed system, so you can be sure which services are confined to the local net, and which ones are exposed to the Internet.

Use nmap to view your firewall from both sides. First, run it from a neighboring LAN host on your firewall box:

# nmap -v [ip or hostname]

Then run it from a remote host outside your firewall. You may be surprised by the different pictures presented.

Finally, if you are running a NAT iptables firewall, you can see all of your NAT-ed connections:

# netstat-nat

You may view them by host:

# netstat-nat -s [ip or hostname]

All of these commands have many more options, which are find in their respective man pages. This does not represent a complete security testing kit, but these three commands are extremely useful to get a quick picture of which services are running, which ports and interfaces they are listening too, and what your firewall is filtering.

Carla Schroder writes the Tips of the Trade section of Enterprise Unix Roundup. She also appears on Enterprise Networking Planet and Linux Planet, covering Linux from the desktop to the server room. She is the author of the Linux Cookbook and the upcoming "Linux Networking Cookbook."

>> To Main -->