2.7. Installing Packages

2.7. Installing Packages

The next stage is selecting application software components to install. This is a rather important moment, and it is at this point that many users make their first and the most terrible mistake: They select all available packages. The names and functions of many packages do not tell much to most users, so beginners cannot form a clear idea what they need to install. But this does not mean that all available packages are to be installed.

On my testing system, I have Linux with all available packages installed. I use this system to test new programs and to check the operability of individual modules. But I do not install anything unnecessary on my work systems.

Any Linux distribution contains an incredible amount of application software, especially server programs. You have a Web server, an FTP server, and much other software. If you install all available application-software packages, you will make your computer a public thoroughfare, especially if all these packages start automatically on the system boot. Moreover, it will take much too long for the system to boot, comparable to booting Windows XP on a Pentium 100 machine.

There will be numerous ports opened and various services running in the operating system, about which you do not yet have the slightest idea as to their function and operation. As you know, there is no bug-free software. It is only a matter of time before bugs are detected and, hopefully, corrected. If there is only one buggy daemon (a server program that processes client requests ), any hacker can penetrate your system and do whatever he or she likes in it.

For a work system, I start by installing the bare operating system, to which I then add only the necessary components. Additional components can be installed at any time, but removing an installed component is sometimes tricky.

During the installation, the software packages to install are selected in the Package Group Selection dialog window (Fig. 2.8), which contains a list of all components that can be installed divided into groups. Packages that are to be installed by default have their checkboxes marked . No server program is installed by default, which is just fine. However, if you know that you need to install some server, you can put a mark into its checkbox to have it installed automatically.

image from book
Figure 2.8: The Package Group Selection dialog window

Linux components can usually comprise more than one application. For example, the Editor component contains four text editors. To change which particular text editor will be installed, click the Details label to open the list of the available components. Here you can view components that are available, and select those you want to install.

Take your time and go through all the packages in the list. Select only the most necessary components; you will be able to add other components after the installation. Remember that during the installation stage, you are laying the foundation for the future efficiency and security of your system.

Do not install anything that is unnecessary. If you do not use a program, you, naturally, will not keep track of and apply updates to fix any potential bugs. Hackers can take advantage of these bugs to penetrate your system. Thus, by installing a program that will be just sitting there unattended, you are leaving an extra door, through which hackers can enter your system.

Having selected all necessary software packages, click the Next button. This will take you to the About to Install dialog window (Fig. 2.9). This is the last point, at which you can go back to the beginning of the installation process or safely abort the installation. Clicking the Next button will start the process of writing the system to the hard drive, which cannot be undone. The installation process will take a little while, during which you can make yourself a cup of coffee and even watch a short movie.

image from book
Figure 2.9: The About to Install dialog window

While the installation is under way, let me tell you more about this process so that you will have the necessary knowledge when it is time to configure the system. Suppose that you must have three servers on your network: a Web server, an FTP server, and a news server. The security aspects of running all three servers on one computer will be far from ideal. I always install individual servers on separate computers and advise that you don't economize on hardware but do the same.

Each running daemon is a potential security hole. You already know that all software packages have bugs in them and that administrators are often not the first ones to find this out. Assume that a bug was discovered in the Apache server. This sort of thing happens rarely of late, because the program has been well debugged , but you can imagine such a situation for the sake of an example. Moreover, the bug may be not in Apache but in the Web server that it services, or in the PHP/Perl interpreter. In any case, a hacker can take advantage of this hole to obtain access to your computer. Once in the computer, he or she can easily obtain access to, for example, the FTP server and download all secret data that you may have on the computer. But if you have only a Web server running on the particular computer, the access to confidential data using the FTP server will not be that easy. The most that the hacker will be able to do is deface or destroy the site. And even though this is not pleasant, restoring the home page or even the entire site is much easier than reconstructing all FTP or news-server data.

To prevent the malefactor from penetrating other network computers after breaking into one of them, you should set a different password for each computer. Some administrators are too lazy to memorize many passwords and use one password everywhere. I will cover the password subject in more detail in Chapter 4 , but for now you should know that you have to use an individual access password for each system.

Daemons are not the only potential problem. Many programs are included into Linux as source codes and have to be compiled before execution. Programs taking advantage of the vulnerabilities of Linux systems also come as source codes. To use them, the malefactor uploads such a module on a server and executes the program. To make it impossible to compile source codes, I advise you not to install development libraries and the GNU C (GCC) compiler.

Program installers are seldom used in Linux; therefore, all configurations are performed when the source codes are compiled. With GCC unavailable, the malefactor will have problems executing malicious code.

An experienced hacker can assemble a program from the source codes on his or her own computer and then upload it onto the compromised server for execution, circumventing the need for the GCC compiler. A novice hacker, however, may be nonplussed by not having the compiler available on the target machine. And any problem faced by hackers is a victory for the security specialist.

If you are just cutting your teeth in the Linux world, I recommend that you install the linuxconf software package, which makes administering tasks much easier. When learning your way around Linux, you will see that many of its settings are configured by manually editing configuration files. This task has been made easier of late by numerous configuration utilities with a graphical interface, linuxconf being one of them.

But if you are not daunted by the task of configuring the system manually, I recommend going about it this way: Configuration utilities with graphical interface often introduce unsafe parameters into the system configuration, or allow service access rights that are too privileged. It is a good idea, therefore, to examine the modifications made by the program, a task that requires excellent knowledge of the structure and content of the configuration files.

After the files are copied to the disk, the system offers to configure the video system. This is done in the Monitor Configuration dialog window (Fig. 2.10).

image from book
Figure 2.10: The Monitor Configuration window

Select the correct video card and monitor and the display characteristics. If you make a mistake here, you will have to start your work with Linux with the command line instead of the graphical interface. Later in this chapter, I will show you how to configure the monitor from the command line.



Hacker Linux Uncovered
Hacker Linux Uncovered
ISBN: 1931769508
EAN: 2147483647
Year: 2004
Pages: 141

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net