لطفا منتظر باشید ...
Keeping Abreast
of Security Developments
Because of publication delays, a book cannot
present the most up-to-date information on specific exploits
(methods of compromising a computer), security bugs, and so on. This chapter therefore
focuses on general security procedures and a few tools that are useful in
fighting intrusion attempts. There are times when you need the most up-to-date
information, though, such as when you're investigating a successful break-in or
suspicious activity that makes you think your system might be under attack. Fortunately,
there are several resources that are available to help you track developments
in the security arena or locate information on specific exploits, bugs, and so
on.
Security Web Sites
As with many computer-related topics, Web
sites can be a very useful resource in tracking security issues. Web sites can
be updated quickly with the latest information, but you must check them
yourself on a regular basis if they're to do any good. Some security Web sites
you might want to check on a regular basis include the following:
Your distribution's
Web site All major Linux distributions have Web
sites, and most include security or errata pages. As noted earlier, in the
section "
specific packages included with your distribution, as well as links to updated
versions of these packages built for your distribution.
The CERT/CC Web site The Computer Emergency Response Team Coordination Center (CERT/CC)
is one of the leading organizations for tracking security-related bugs. Their
Web site is at http://www.cert.org , and is well worth checking on a regular basis.
The CIAC Web site The United States Department of Energy operates an organization
known as the Computer Incident Advisory Capability (CIAC), which maintains a
Web page at http://www.ciac.org/ciac/ . This site is similar to the CERT/CC site in general scope.
The Linux Weekly News
Security Section The Linux Weekly News (
section with information on exploits, including some distribution-specific
comments. (Click the Security link in the column on the left of the main page;
the exact URL changes from day to day.) The SecurityFocus Web
site A site maintained at
on incident reports and includes more in the way of tutorials and
"digested" news than the CERT/CC and CIAC sites.
These sites can all provide useful
information on popular exploits, new bugs, new viruses and worms, security-related
updates to major servers, and how to protect your system from various dangers. It's
well worth checking at least one or two of these sites on a regular basissay,
once a day, or at least once a week.
Security Mailing Lists and Newsgroups
One of the problems with security Web sites
is that they require constant monitoring. Fortunately, there are other types of
resources that are more active in getting information to you. In particular,
mailing lists are a means of communication that allow mail from individuals to
reach an entire group of readers as quickly as the e-mail system can operate. Many
security mailing lists don't allow posting from members; they exist solely to
distribute information from the list maintainer. If you check your mail
regularly, you can subscribe to a mailing list and learn of a new threat very
soon after it is reported to that list.
TIP
align=left border=0> You can set up a Procmail filter (discussed
in Chapter 19 , Push
Mail Protocol: SMTP) to watch for mailing list postings and run a special
program to get your attention when a new alert arrives over the list. For
instance, you might write a script that causes Procmail to play a sound file
or pop up a special alert dialog box.
An information distribution medium that's
similar to mailing lists in some ways is a security newsgroup. Like mailing
lists, newsgroups are a way for a group of individuals to share information in
text-based messages. Newsgroups require more active monitoring, though, so to
get the most benefit from a newsgroup you must read it on a regular basis, or
perhaps set up a special "robot" script to scan newsgroup postings
for important keywords.
Some of the mailing lists and newsgroups that
are particularly relevant to Linux security include the following:
The CERT/CC mailing
list The CERT/CC runs a mailing list to which
they publish their security advisories. To subscribe, send an e-mail message to
majordomo@cert.org and include subscribe
cert-advisory in the text of the message.
The CIAC mailing list Like CERT/CC, CIAC maintains a mailing list of its bulletins. You
can subscribe by sending a message to majordomo@ tholia.llnl.gov and including the text subscribe ciac-bulletin in the body of the message.
The Bugtraq mailing
list The Bugtraq mailing list is a discussion
list, rather than a notification list. It can be a good way to obtain advice or
learn about security issues from others in an interactive environment. You can
subscribe by sending mail to listserv@netspace.org . The mail should include subscribe bugtraq in its
text.
The comp.security newsgroups There are several newsgroups in the comp.security newsgroup
hierarchy, including comp.security.unix and several related to specific products or product types, such as comp.security.firewalls .
The comp.os.linux.security newsgroup
This newsgroup specializes in discussion of Linux security issues.
NOTE
align=left border=0> Most Linux security issues are really UNIX
security issues, because most Linux servers run on other UNIX-like OSs, and
sometimes even non-UNIX OSs, like Microsoft Windows. Therefore, most
"Linux" security discussions are broader than Linux.
