Bootchart: boot profiling
on 24.02.2008, 15:13
in packages-news
DebConf8 registration open and CfP
on 23.02.2008, 16:09
in debconf-news
rkhunter & chkrootkit: wise crackers only
on 06.02.2008, 05:00
in packages-news

Swiss canton Solothurn is migrating 2000 desktops to Debian GNU Linux

contributed by andremachado, published on Thu Feb 28 12:32:52 2008 in success-stories

The swiss canton Solothurn is migrating 2000 desktops to Debian GNU / Linux

The IT adminstration of the swiss canton Solothurn will conclude the 2000 desktop migration to Debian GNU / Linux by the end of 2008.

Kurt Bader, director of the Office for Computer Science and Organization (Amts fur Informatik und Organisation - AIO) in the canton Solothurn, presented the strategy for more economy, security and flexibility under GNU / Linux during the congress " Open Source Meets Business" in Nuremberg, DE, January 2008.

The largest open source project in Switzerland runs "smoothly, the conversion is a complete success and a major step forward", summarizes Kurt Bader.

The carefully planned three phase desktop migration, currently at around half way, started in 2006. According to Bader, 21 companies offered assistance, proposing several combinations of Open Source operating systems and applications, then narrowed to 3 offers and 3 prototypes for evaluation.

The administration, in September 2006, decided to use the Debian GNU / Linux distribution, OpenOffice.org, Mozilla Firefox and the KDE collection of desktop applications, starting first phase, the deployment of the desktops.

Now at the second phase, staff workers can access, through thin and fat clients, some applications that only run on Microsoft Windows®, which are hosted on a central server, without legacy data and applications conversions. In the third phase of the migration project, these Windows®-only legacy applications will be replaced by software that are able to run on more than one operating system.

Among the decision factors as stability, security, virus immunity, flexibility, liberation of market constraints and objective savings, two arguments stood out:

"The independence from suppliers and its business policy played an important role with our decision. Beyond that, the low cost of optimization was an important argument for the free operating system Debian GNU / Linux".

In a 2000 desktops environment, the Debian GNU / Linux allowed 70% savings in costs.

The desktop migration was resisted by the users fears against changes, as expected. "The substantial success factor is the direct communication with our coworkers", said Bader.

All department representatives and or users were involved since the conceptual analysis. The applications, systems and support are evolving processes with the help of them.

"A single day of training is enough to get started on the new desktop", he says. Also, the staff have a support infrastructure at disposal, like feedback meetings, intranet documents and FAQs and more channels will have to be created.

The solution is based on internal GNU / Linux know-how, developed since 2001, when GNU / Linux servers were installed throughout the IT environment.

The stability of the system and the potential savings helped to convince the government of the canton of Solothurn. It decided, in the autumn of 2007, to keep the current IT strategy without substantive changes, and continue for the next four to eight years to have validity.

The central swiss government is being already formally questioned by local representatives about some planned migrations to proprietary systems, and the case of Solothurn will bring objective local data for analysis.

More details at the original European Communities announcement.

About Debian Project

Debian GNU / Linux is one of the free libre operating systems (GNU/Linux, GNU/Hurd, GNU/NetBSD, GNU/kFreeBSD), developed by more than two thousand volunteers from all over the world who collaborate via the internet on the Debian Project.

Debian's dedication to Free Libre Open Source Software, its constitutional non-profit nature, its open and meritocratic development model, organization and social governance make it a first among free libre operating system distributions.

The Debian project's key strengths are its volunteer base, its dedication to the Debian Social Contract, and its commitment to provide the best operating systems attainable, following a strict quality policy, working with an established QA Team.

You can help Debian Project without joining it and even not being a programmer, or being a development and or service partner company or institution at the Debian Partner Program, or simply making various donations to the Debian Project.

Debian Project news, press releases and press coverage can be found from the official Debian wiki page.

Ministry of Finance in the Republic of Macedonia uses Debian in its servers

contributed by andremachado, published on Thu Feb 28 00:24:36 2008 in success-stories

The Ministry of Finance in the Republic of Macedonia uses Debian GNU Linux in its servers

Miroslav Jovanovic, former head of Macedonian Ministry of Finance IT department, gave an overview of the Open Source utilisation at desktops and servers during a conference organized by the United Nations Development Programme at the capital Skopje in 2007.

The Ministry is the largest organisation in Macedonia using Open Source software, according to him.

"The IT department has been using and developing Open Source solutions and open standards ever since 2001. The entire server infrastructure has been migrated to Open Source and all new IT services are based on Open Source solutions."

The department maintains several Debian GNU / Linux servers that offer printer services, by using the CUPS Open Source printing manager. These servers also help sharing office documents in environments using Microsoft Windows, using the Samba Open Source file server.

"These centralised servers offer better printer and resources utilisation and help to cut costs."

Also, the solution allowed single sign on, Quality of Service management and analysis with more cost savings.

At desktops, 170 out of 370 have open source software like office suite OpenOffice.org, web browser Mozilla Firefox and PDFCreator. The GNU / Linux operating system is used at two departments, IT and Treasury.

GNU / Linux operating system is used at other servers, like web, intranet, proxy, web security and content filtering, antivirus, antispam, e-mail servers, groupware servers.

GNU / Linux allowed use of open source virtualization software, bringing consolidation of servers, better resource utilisation, lower power consumption, easier administration and repair and recovery.

Developing applications mostly with open source software, and some others ported to GNU / Linux, allowed the Ministry of Finance more vendor independence, better resource utilisation, open standards compliance and countrywide demand for FLOSS.

"FLOSS provides opportunities in Europe for new businesses, a greater role in the wider information society and a business model that suits European SMEs".

"By providing a skills development environment valued by employers and retaining a greater share of value addition locally, FLOSS can encourage the creation of SMEs and jobs."

More details at the original European Communities announcement.

About Debian Project

Debian GNU / Linux is one of the free libre operating systems (GNU/Linux, GNU/Hurd, GNU/NetBSD, GNU/kFreeBSD), developed by more than two thousand volunteers from all over the world who collaborate via the internet on the Debian Project.

Debian's dedication to Free Libre Open Source Software, its constitutional non-profit nature, its open and meritocratic development model, organization and social governance make it a first among free libre operating system distributions.

The Debian project's key strengths are its volunteer base, its dedication to the Debian Social Contract, and its commitment to provide the best operating systems attainable, following a strict quality policy, working with an established QA Team.

You can help Debian Project without joining it and even not being a programmer, or being a development and or service partner company or institution at the Debian Partner Program, or simply making various donations to the Debian Project.

Debian Project news, press releases and press coverage can be found from the official Debian wiki page. PR contact at debian-publicity list.

About Republic of Macedonia

The Republic of Macedonia , often referred to as Macedonia, is a landlocked country on the Balkan peninsula in southeastern Europe.

It was admitted to the United Nations in 1993 under the provisional reference "the former Yugoslav Republic of Macedonia" (FYROM), pending resolution of a naming dispute with Greece.

Bootchart: boot profiling

published on Sun Feb 24 15:13:56 2008 in packages-news

If you usually read Debaday, you must have noticed the recent lack of articles. We apologise for that, we’re lacking articles and editing manpower. We really need your help to keep the site running!

Article submitted by Stevem. Guess what? We still need you to submit good articles about software you like!

On a recent vacation my laptop boot time (>4 min.) started getting on my nerves. I resolved to enjoy the vacation but fix things on my return. At home a few minutes with Google brought bootchart to my attention.

Boothchart won’t cure lengthy boot times but it will provide details about how the time is spent. Bootchart is actually two packages, bootchart, the profiler daemon to gather resource data from /proc during boot, and bootchart-view to create an image from the collected data.

bootchartd starts measuring as soon as /proc is mounted. From /proc it collects a sizeable amount of data about processes, including (in 2.6 kernels) disk utilization and throughput.

The documentation suggests to use BSD process accounting to exactly reconstruct the process tree. The CONFIG_BSD_PROCESS_ACCT_V3 feature is enabled in stock Debian kernels, so to use this, you just need to install the acct package.

I expected profiling the system boot would be complicated and I was prepared for some serious hacking to measure the process. In fact, it couldn’t be much easier.

The boot profiler is started as an option to the boot/loader kernel command line.

It works with LILO but Grub’s interactive boot makes it very simple:

  1. Select your image entry from the boot menu
  2. Type ‘e‘ to edit the entry
  3. Append ‘init=/sbin/bootchartd‘ to the command line
  4. Type ‘b‘ and you’ll be booting with bootchart profiling in effect

bootchartd starts itself and then launches /sbin/init. There’s no indication that logging is in effect, console output appears as usual. Once you login you’ll find all the boot data stored in a compressed tar, /var/log/bootchartd.tgz.

To view the data run bootchart-view. It defaults to creating a SVG image but EPS and PNG outputs are possible with the --format option.

Here’s an example of the output:

bootchart-intro.png

By default the chart renderer doesn’t display most child processes. If you think that level of detail will be helpful, bootchart-view has a --no-prune option. Be warned, it will create a fairly large image.

Conclusion: I still haven’t significantly decreased my boot time, many before me have tried and failed, but I discovered a clever, easy-to-use profiling tool to diagnose boot problems.

DebConf8 registration open and CfP

published on Sat Feb 23 16:09:00 2008 in debconf-news

Registration is now open for DebConf8, which will take place in Mar del Plata from Sunday 10 to Saturday 16 August 2008.

To register follow one of the processes outlined below:

  • If you registered for last years conference, DebConf7, go to this page to login.
  • If you haven’t registered for last years conference you need an account in the conference management system. To register one, go to the following page and create an account. After visiting the activation URL sent to you by email, go to your user’s page and log in.

After you logged in

After you successfully logged in, please fill in at least the ‘General’, ‘Contact’ and ‘Travel’ tabs reachable through the ‘Registration details’ button on the bar on the left of the page. Please pay special attention to the ‘DebConf’ and ‘DebCamp’ boxes on the ‘General’ tab. You need to select at least the “I want to attend this conference” checkbox or your registration won’t be valid.

Note to users who have an account from last year: We did our best in making sure you do not have to reenter all your personal data again, just the conference specific changes. But please check if it is all still valid.

We suggest that attendees begin making travel arrangements as soon as possible. Some travel information has already been collected at the DebConf 8 site.

Submitting a paper/event

To submit papers, first register for DebConf as described above. Then use the ‘New event/paper’ button on this page and fill in information about your submission on the various tabs. You can use the same interface to submit papers for DebConf and DebCamp, by choosing the appropriate track.

rkhunter & chkrootkit: wise crackers only

published on Wed Feb 6 05:00:50 2008 in packages-news

Article submitted by Claudio Criscione. Guess what? We still need you to submit good articles about software you like!

Rkhunter and chkrootkit are tools to check for signs of a rootkit. They will inspect the system they’re running on and report anomalies either through the shell or via email.

Although an attacker able to install a rootkit is likely also able to easily escape or delete these tools, not every attacker is a skilful one. Not every script kiddie knows about these tools or the way to cover its tracks. Since every single error can make the difference, on either sides, an effortless passive protection can do no harm and adds one more (maybe thin) layer of security.

Both rkhunter and chkrootkit, indeed, can be deployed quickly and require little management effort.

Installation

Thanks to apt-get, aptitude and their super cow powers, we can just go for a

$ sudo aptitude install chkrootkit rkhunter

Or go root if you’re not a sudoer. Once installed, both packages will add a cron entry and automatically execute every day.

What they do

Both chkrootkit and rkhunter use a signature-rule/filter based system: they can detect the presence of known rootkits &emdash;via files or similar indicators&emdash; and flag anomalous conditions, like interfaces entering promiscuos mode or hidden files. In fact, not unlike anti-virus programs, rkhunter and chkrootkit indeed need periodical updates.

The signature based approach is a quite simple one, something like a big grep and strings combo: it is strongly suggested to have an alternate copy of some binary (egrep and strings, just to name a couple) so that &emdash;at the very least&emdash; the aggressor has to patch them too. Obviously, mounting the disk via another machine is far more reliable, even if it won’t allow you to find modified rootkits.

Both softwares provide MD5 signature verification on known binaries, with sort of a white list approach, thus trying to ensure that none of the most important binaries were tampered with. Among others, checks performed include searching for hidden directories and scanning for promiscuous interfaces and suspicious file permissions.

So, what are the differences?

Rkhunter pros

The autoupdate feature is a very nice feature to have. You just have to run rkhunter –update and the software will update the rootkit definitions. You can control the autoupdate behaviour via the /etc/default/rkhunter file, using the CRON_DB_UPDATE parameter, which is enabled by default. This will upgrade the system binaries MD5 database and the good/bad/black list of applications and program versions.

Other features of note include the ability to use WebJob to run rkhunter in a centralized manner, thus simplyfying administration, and the colorful interactive mode you can run with rkhunter -c.

rkhunter in interactive mode

Chkrootkit pros

Chkrootkit provides a differential mode where it reports only what changed between the latest scan and the previous one. While this is a very nice feature to limit the impact of false postives, one single missed mail can make the difference, so choosing whether it should be enabled or not is an important decision.

If the whole “grep and look for signatures” stuff is not enough for you, you can root chkrootkit in expert mode, with

# chkrootkit -x

This will give you a greatly improved control on what’s going on and more verbose output, but make sure to redirect the output somehow.

Chkrootkit has a nice modular design, with subcomponents taking care of differenct aspects, like lastlog and wtmp deletions. Last but not least, chkrootkit can run without installation and from a read only media.

The big decision

Maybe now you’re wondering “which one should I use?”. My answer is simply “both of them”. There is no reason not to do that, so go for it. Chkrootkit has been available since, at least, Sarge and Dapper. Rkhunter, being newer, has been available since Etch.