Everything Debian! News, interviews, comment. en Snort box on Debian?
I’ve been thinking about deploying several Snort sensors over my network. I decided that I would use Debian, because of apt-get (I want to be able to easily upgrade and fix security holes). However, I wanted to ask, how do you update your snort rules if there’s new attack signature available? I suppose there’s not a new snort package every day. Do you run ACID and MySQL on the sensor machine (so the ids machine does not generate any network traffic) or you log to remote DB? Do you use software like <a href="http://users.pandora.be/larc/index.html">SnortCenter</a> for management?
JFS boot-floppies and net install CD
For those of you who are interested in installing Debian onto a JFS filesystem, there is a set of modified boot-floppies and netinst CD images available <a href="http://people.debian.org/~blade/JFS-Install/">here</a>. They are built in a similar way to the <a href="http://people.debian.org/~blade/XFS-Install/">XFS install</a> series and also provide some precompiled module packages.
Perl 5.8.0 Released
Perl 5.8.0 and many perl-related packages have been released to unstable (aka "sid"). A number of packages which depend on the older version of Perl 5.6.1, notably libapache-mod-perl, have yet to be updated so there will be some apt-get breakage while perl modules etc are rebuilt. However, thanks to great foresight by Brendan O’Dea (bod), the Perl maintainer, a staging area was set up for many packages to be compiled against Perl 5.8 in advance, so the breakage is far less than it could have been.
XFree86 4.2.0 Debian packages revised
Yup. Branden has done it again and released yet another revision of his fine Debian packages, this bumps up the version to 4.2.0pre1v3. As usual these packages can be found at the <a href="http://people.debian.org/~branden/">X Strike Force</a> pages. Feedback on these packages should go to the <a href="http://lists.debian.org/debian-x">debian-x</a> list. Usual disclaimer applies, beware of the monkeys.
KDE 3.0.3 released … and some .debs
Dirk Mueller, the KDE Release Coordinator, today announced the release of KDE 3.0.3, with the major feature a fix for the SSL in Konqueror issue. With this release also comes a new (and working, tested) set of .debs.
This set of .debs is not yet mirrored at kde3.geniussystems.net and the usual mirrors; instead, it is on all the main KDE mirrors.
GNU/Hurd 0.3 Upgrade
The Hurd interfaces have recently gone through an incompatible change to prepare support for long files. The consequence is a chicken and egg problem for upgrading to GNU 0.3. Marcus Brinkmann just <a href="http://lists.debian.org/debian-hurd/2002/debian-hurd-200208/msg00109.html">posted</a> an instruction summary on how to upgrade your existing Debian GNU/Hurd system, solving the cyclic dependency issue.
Where should irc.debian.org point to?
This weekend’s top flamewar, taking place on the <a href="http://lists.debian.org/debian-project/">debian-project list</a> is a debate over which network the irc.debian.org host should point to and hence which network is considered "official" for Debian. For full details please see this <a href="http://lists.debian.org/debian-project/2002/debian-project-200208/msg00046.html">thread</a>.
FLOSS Developer Survey results published
The <a href="http://www.infonomics.nl/FLOSS/">FLOSS</a> (Free/Libre and Open Source Software) Survey from the University of Maastricht has published its <a href="http://www.infonomics.nl/FLOSS/report/">final report</a>. It shows, among other things, a 48.1% preference towards Debian as <i>"Favoured Distribution System"</i>, and a 32.4% preference towards GNOME as <i>"Favoured Desktop"</i>. A majority of Free Software/Open Source Software developers are 20-30 years old, and the majority of the participants in the survey are based in the EU.
Second version of XFree86 4.2 pre release packages
Branden ‘Overfiend’ Robinson has quietly slipped out a second version of his pre-release XFree86 4.2 packages. The announcement is on the glorious <a href="http://people.debian.org/~branden/">X Strike Force</a> page. Of course the usual disclaimers apply, if these packages fry your system and refuse to make you your morning cup of Earl Grey, dont come running to us or Branden. But I’m sure he’d love to hear any feedback you do have on the <a href="http://lists.debian.org/debian-x/">debian-x</a> mailing list (and not on IRC, private mail or the BTS).
GNU HURD J1 CDs released
On the Sunday 4th August, Philip Charles from the <a href="http://www.gnu.org/software/hurd/">GNU HURD</a> project <a href="http://lists.debian.org/debian-hurd/2002/debian-hurd-200208/msg00014.html">announced</a> an updated set of <a href="http://www.debian.org/ports/hurd/">Debian GNU HURD</a> CDs, revision J1. Available <a href="ftp://ftp.gnu.org/iso/hurd-J1">here</a> or <a href="ftp://ftp.fsn.hu/pub/CDROM-Images/debian-unofficial/hurd">here</a>, the CDs are generated using a heavily modified debian-cd and boot-floppies system, and use the Linux 2.4 kernel to boot the initial install system, prepare the partition, copy the files, and install the bootloader. If you havn’t already, give HURD a try if you have a bit of spare disk space, it’s a good fresh approach to the whole UNIX idea. Nice introductions to the concepts <a href="http://www.ukuug.org/events/linux2002/papers/html/hurd/">here</a> and <a href="http://lists.debian.org/debian-hurd/2002/debian-hurd-200208/msg00017.html">here</a>.
Woody extra CD
Now that Woody is out, there are some interesting things that unluckily were not ready to get into it (<a href="http://people.debian.org/~branden">X 4.2</a>, <a href="http://www.debianplanet.org/node.php?id=751">GNOME2</a>, <a href="http://www.debianplanet.org/node.php?id=712">KDE3</a>, <a href="http://www.linux-debian.de/openoffice/">OpenOffice</a>, <a href="http://packages.debian.org/stable/admin/pgi.html">a graphical installer</a>…). Are there any plans to build an "extra" CD to complement woody for those who don’t care much about stability but have little bandwidth and desperate needs?
GNOME 2.0.1 Desktop RC1: "Not Considered Harmful" released
The first release candidate for the first point release of the GNOME 2 Desktop is now available on GNOME mirrors. Whilst it’s not in Debian yet, we like GNOME so we’re posting it straight away (<i>read: robot101 is a hopeless gnome weenie 😉 –joy</i>). The last I heard, the plan is to put GNOME 2 into unstable when 2.0.1 (final) is out. As with all 2.0.x releases, the focus is bug fixes, UI tweaks, translation and general polishing. See the <a href="http://mail.gnome.org/archives/desktop-devel-list/2002-August/msg00158.html">announcement</a> and <a href="http://bugzilla.gnome.org/buglist.cgi?bug_status=RESOLVED&bug_status=VERIFIED&bug_status=CLOSED&priority=Immediate&priority=Urgent&priority=High&email1=&emailtype1=substring&emailassigned_to1=1&email2=&emailtype2=substring&emailreporter2=1&changedin=&chfield=resolution&chfieldfrom=06%2F26%2F2002&chfieldto=Now&chfieldvalue=FIXED&short_desc=&short_desc_type=substring&long_desc=&long_desc_type=substring&bug_file_loc=&bug_file_loc_type=substring&status_whiteboard=&status_whiteboard_type=substring&keywords=GNOME2&keywords_type=anywords&op_sys_details=&op_sys_details_type=substring&version_details=&version_details_type=substring&cmdtype=doit&namedcmd=default+d2+mustfix+query&newqueryname=&order=Reuse+same+sort+as+last+time&form_name=query">list of closed bugs</a>.
Qt# 0.4 Released (with apt sources!)
<a href="http://qtcsharp.sourceforge.net">Qt# 0.4</a> has been <a href="http://sourceforge.net/project/showfiles.php?group_id=48999">released</a>! Qt# is a set of cross-platform C# bindings for <a href="http://www.trolltech.com">Trolltech</a>’s Qt GUI toolkit, targeted towards <a href="http://go-mono.com">Mono</a> and <a href="http://www.dotgnu.org">Portable.NET</a>. Some screenshots can be found <a href="http://qtcsharp.sourceforge.net/screenshots.html">here</a>, and apt sources <a href="http://chemlab.org/~nick/apt-sources.txt">here</a>. Interested parties can also feel free to stop by #qtcsharp on OpenProjects and say hi!
Hurd: Status of Port to the L4 Microkernel
The Hurd currently runs only on the Mach microkernel, but there is work to port it to the newer L4 microkernel. <a href="http://www.8ung.at/shell/l4-port.html">This article</a> has the details about the current status of the <a href="http://kerneltrap.org/node.php?id=157">Hurd/L4 port</a>. It is primarily written for people familiar with Hurd/Mach, but who do not know L4.Because of design differences between L4 and Mach (as is to be expected from 2 different kernels), a lot of infrastructural work still needs to be done; including a Virtual Memory Manager (VMM), getting glibc ported, and writing device drivers.
OpenSSH packages not vulnerable
The OpenSSH 3.4p1 packages on the <a href="http://www.openbsd.org/">OpenBSD</a> FTP server were trojaned earlier today, as <a href="http://docs.freebsd.org/cgi/getmsg.cgi?fetch=394609+0+current/freebsd-security">discovered</a> by a FreeBSD user, Edwin Groothuis. The trojan only works at build time, and binaries produced from the source are not vulnerable, as detailed on his <a href="http://slashdot.org/comments.pl?sid=37188&cid=3991288">weblog</a> (copied to /. because of bandwidth limitations).
The Debian packages were created some time ago from original untrojaned tarballs and are thus not affected in this way (and nor is the package maintainer’s machine). The source tarball and the binary packages in the Debian archive are not affected, as confirmed by the ssh package maintainer, and several other Debian developers.