หน้าเว็บ

วันพฤหัสบดีที่ 3 มีนาคม พ.ศ. 2554

Multi-Booting the Solaris 10 OS, Linux, and Microsoft Windows on the Laptop

Multi-Booting the Solaris 10 OS, Linux, and Microsoft Windows on a Laptop

Introduction
As an intern working for Sun Microsystems, one of my first projects was to configure my laptop to multi-boot the Solaris Operating System, Linux, and Microsoft Windows. It sounded very exciting but daunting. However, as I went along, it proved to be a fairly easy exercise.
For more information on this topic, please see the Sun BluePrints OnLine document in PDF, Configuring Multiboot Environments on Sun x64 Systems with AMD Opteron Processors.
From my experience, these are the steps it takes to configure a system for multi-boot:
  1. Ensure the system meets the minimum hardware and disk space requirements.
  2. Obtain the media (CD/DVD) for the partitioning software and the operating systems.
  3. Back up the system.
  4. Decide how to partition the disk.
  5. Install Microsoft Windows.
  6. Install partitioning software, and partition the disk.
  7. Install Linux.
  8. Install the Solaris 10 OS for x86 platforms.
  9. Set up access to all three operating systems.

1. Ensure System Meets Minimum Hardware and Disk Space Requirements
Make sure your BIOS is set up to boot from a CD/DVD (see the "Practical How-to" at http://multiboot.solaris-x86.org/iv/1.html). Then check your system, especially your disk space and processor type, to ensure it meets the minimum requirements for all three operating systems.
Fedora requires a minimum processor speed of 200MHz, 92MB RAM for graphical installation, and a 6.9GB hard drive to install everything. Windows XP requires a minimum processor speed of 233MHz, 64MB RAM, and a 1.8GB hard drive during installation. The Solaris 10 OS requires a minimum processor speed of 120MHz, 256MB RAM, and a 2GB hard drive. For the Solaris OS on x86 platforms, check the Hardware Compatibility List (HCL) to see if your system is listed. If your system is not listed, as in the case of my Sony VAIO laptop, you might still be able to install the Solaris OS.
My laptop has 1GB memory, a 76GB hard drive, and an Intel Pentium M processor; its processor speed is 2.00GHz, so the system meets all the basic requirements for the three operating systems.

2. Obtain Media (CD/DVD) for Partitioning Software and Operating Systems
I used PowerQuest's PartitionMagic but you can download and use other free software packages such as SystemRescueCd and Ranish Partition Manager.
Here's how I got copies of the operating systems:
  • Windows XP is provided on my VAIO recovery disk.
  • I obtained Fedora Core 3 for free from the Fedora Project.
  • I found the Solaris 10 OS and the Solaris Companion CD available at no charge from Sun Microsystems.

3. Back Up Your System
As with any new install, my first step was to back up my current files. Installing operating systems, especially one involving different partitions of a single hard drive, is a volatile process. It is essential that you back up all your files; you can reinstall them after you partition the hard drive.

4. Decide How to Partition Your Disk
The next step was planning my partition. You should plan your partition based on how you are going to use each of the operating systems. Here is how I partitioned my hard drive.
====================================================================================
Partition Information for Disk 1:    76,316.6 Megabytes
Volume         PartType    Status    Size MB    PartSect  #   StartSect  TotalSects
====================================================================================
C:             NTFS        Pri      20,481.3           0  0          63  41,945,652
               Linux ext2  Pri      20,481.3           0  1  41,945,715  41,945,715
               Type BF     Pri,Boot 33,295.5           0  2  83,893,824  68,189,184
               ExtendedX   Pri       2,055.2           0  3 152,087,355   4,209,030
               EPBR        Log       2,055.2        None -- 152,087,355   4,209,030
*:SWAPSPACE2   Linux Swap  Log       2,055.2 152,087,355  0 152,087,418   4,208,967
I allocated more space to the Solaris OS because I planned to do most of my development on that OS. I allocated 20GB each to Linux and Windows to be able to do development and testing on those platforms.

5. Install Windows
I reinstalled Windows XP and the application programs from the recovery disks. Installing from the recovery disk is an interactive and easy process. I installed Windows XP first because PartitionMagic needs to be installed on Windows. I then booted Windows and made sure it was operational.

6. Install Partitioning Software and Partition Hard Drive
I installed PartitionMagic on Windows and started up PartitionMagic. Using the options in PartitionMagic's menu, I resized Windows to 20GB. I created a Linux partition of type ext2 and allocated 20GB to it. Finally, I created a Solaris partition, allocated 33GB, and formatted the partition as FAT 32. Although the Solaris OS uses a different file system, I formatted the Solaris OS as FAT32 because PartitionMagic does not recognize the Solaris file system and I wanted to avoid getting an unformatted partition message. I formatted the remaining space, which was now in the extended partition as Linux swap space; it was exactly 2GB.
The bottom left panel showed a list of all the pending actions that I had requested. I was able to go through the bottom panel and edit any mistakes I had made. After I confirmed that the list was correct, PartitionMagic restarted my computer, performed the requested actions, and gave me a detailed live progress report. When the process was complete, PartitionMagic restarted my computer again and loaded Windows. I checked that the partitions were the right size and type as requested. Next, I checked that the Windows applications were still operational, then I reinstalled my backed up files from my USB mass storage.

7. Install Linux
Installing Fedora seems relatively easy. The menu is very informative and it is easy to identify the information requested at the prompt. I indicated I wanted to manually partition my hard drive with Diskdruid instead of letting it use a default configuration. Fedora recognized my ext2 and Windows partition but called the Windows partition "other", so I had to change the name to "Windows". I indicated the ext2 partition as the installation location for Fedora, and indicated I wanted to be able to boot Windows from Fedora's GRUB menu.
It is important to change the location where the GRUB loader is to be installed from the Master Boot Record (MBR) (/dev/hda) to the beginning of the Linux partition, in this case /dev/hda2. With the Solaris 10 OS, if you do not change where GRUB is installed, the Solaris 10 OS will overwrite the MBR during installation and you will not be able to boot your Linux operating system. You need to know how you are going to be using this operating system because there are different software packages for different users. I intend to use Fedora as a development environment but never as a server, so I chose the software development package.
After the installation, I restarted my system and made sure I could boot Windows and Fedora from Fedora's GRUB menu.
If you are going to install the Solaris 10 1/06 OS, navigate to /boot/grub/menu.lst. Make a note of the paths to the Linux partition, Linux kernel, and Linux RAM disk. You will need this information later.
The menu list should be something like this:
root (hd0,1)
 kernel /boot/vmlinuz-2.6.9-1.667 ro root=LABEL=/ rhgb quiet
 initrd /boot/initrd-2.6.9-1.667.img
Note that if you are installing Linux device drivers, there are numerous Linux support web sites where you can get help.

8. Install the Solaris 10 OS for x86 Platforms
You need to supply the following information for installation. The default values are always None or No:
  • Network Connection (Yes/No): If you choose Yes, you need to connect your Ethernet cable so it can be configured. Choosing No still lets you connect to the Internet after installation but you have to do the configuration yourself.
  • DHCP (Yes/No): If you choose No, you need to supply IP, subnet address, and host name. Either way, you need to specify if you want IP Version 6 (IPv6), which is a secure protocol.
  • Kerberos (Yes/No): This is a security feature in the Solaris OS. If you choose Yes, you need to provide a default realm, administration server, and the first Key Distribution Center (KDC).
  • Name Service (Yes/No): If you choose Yes, you need to supply a domain name and choose a type (NIS+/NIS/DNS/LDAP/NONE). If you choose any option other than None, you will be prompted for more information specific to that configuration.
  • Default Route: You can choose to specify one or allow the Solaris installation program to find one.
  • Time Zone: Indicate how you want to specify your default time zone (by geographic region/offset from GMT/from Time Zone file).
  • Root Password: Provide a root password for the system and save this information. You'll need it to log in to the system.
  • Default or Custom Install: The default layout will install the Solaris OS in default locations with default directory sizes. Custom Install will let you modify the disk space allocated to different directories.
  • Locales: Choose the geographic regions you want to support.
  • Proxy Server Configuration: If you do not connect directly to the Internet but connect via a proxy server, you will need to provide a host name and port number.
  • Software Group: Choose from Entire Plus OEM/Entire/Developer/End User/Core/Reduced Networking. Entire is the default. The Solaris Companion CD supplies some of the software. The CD can be downloaded for free from Sun Microsystems.
  • Custom Package Selection: You can choose to add or remove software packages from the Software Group you selected.
  • Select Disks: Choose your hard drive (it will be numbered something like c0t0d0). The Solaris OS alerts you about the Linux fdisk partition and informs you that it doesn't support a Linux and Solaris fdisk partition on the same disk. You are then asked if you want to load the default layout. I chose no, because this maintains the order selected after partitioning. Do not choose Yes, because choosing Yes assumes that the entire hard drive is to be used for the Solaris OS and will erase any existing operating systems.
  • fdisk Partitioning: You are asked if you want to create, modify, or delete a Solaris fdisk partition. If you choose Yes, you will be asked to select the disk for customization. Choose the partition that you have allocated to the Solaris OS. You are then asked if you want to customize the chosen fdisk partition. I chose the Solaris partition as the one to be formatted for installation and formatted it to a Solaris file system for x86 platforms.
  • Preserve Data (Yes/No): This refers to data on the Solaris partition. I chose No since it was a fresh installation.
  • Auto Layout File Systems (Yes/No): If you choose No, you will have to specify the layout you want. The Allocating Disk and Swap Space section of the Solaris 10 Installation Guide offers guidelines on how to customize the layout of the Solaris file system. Again, you need to have a fairly good idea of how you are going to be using your system. The default was good enough for me.
  • Mount Remote File Systems (Yes/No): Choose No if the system does not need to access software on another file system. If you choose Yes, you will need to provide the server, IP address, remote file system, and local mount point.
Review your selection on the summary page and make any necessary changes. Then click Install. If you are installing via a CD, the first installation CD performs the following actions:
  • Installs the OS.
  • Reboots the system.
  • Logs into the Common Desktop Environment.
  • Prompts you to load discs 2, 3 and 4, respectively.

9. Set Up Access to All Three Operating Systems
If you install the Solaris 10 3/05 release, your system is set to boot all three operating systems. If you are using the Solaris 10 1/06 OS, you will be able to access the Solaris OS and Windows only at this point. (Note: At the time of this writing, Solaris 10 1/06 software is available from the OpenSolaris Project or the Solaris Express program).
To set up access to your Linux OS from Solaris GRUB, do the following:
  • Boot the Solaris OS.
  • Navigate to /boot/grub/menu.lst.
  • Add the three lines you copied from Linux menu.lst in Section 7 above.
That's it! The next time you restart your system, you'll have the option to boot all three operating systems.

Quote: http://www.sun.com/bigadmin/features/articles/multiboot_laptop.jsp
Cradit: Ifeyinwa

วันพุธที่ 2 มีนาคม พ.ศ. 2554

Threat Modeling and Risk Management

 
Since this book is about building secure Linux Internet servers from the ground up, you're probably expecting system-hardening procedures, guidelines for configuring applications securely, and other very specific and low-level information. And indeed, subsequent chapters contain a great deal of this.
But what, really, are we hardening against? The answer to that question is different from system to system and network to network, and in all cases, it changes over time. It's also more complicated than most people realize. In short, threat analysis is a moving target.
Far from a reason to avoid the question altogether, this means that threat modeling is an absolutely essential first step (a recurring step, actually) in securing a system or a network. Most people acknowledge that a sufficiently skilled and determined attacker[1] can compromise almost any system, even if you've carefully considered and planned against likely attack vectors. It therefore follows that if you don't plan for even the most plausible and likely threats to a given system's security, that system will be particularly vulnerable.
[1] As an abstraction, the "sufficiently determined attacker" (someone theoretically able to compromise any system on any network, outrun bullets, etc.) has a special place in the imaginations and nightmares of security professionals. On the one hand, in practice such people are rare: just like "physical world" criminals, many if not most people who risk the legal and social consequences of committing electronic crimes are fairly predictable. The most likely attackers therefore tend to be relatively easy to keep out. On the other hand, if you are targeted by a skilled and highly motivated attacker, especially one with "insider" knowledge or access, your only hope is to have prepared for the worst, and not just the most likely threats.
This chapter offers some simple methods for threat modeling and risk management, with real-life examples of many common threats and their consequences. The techniques covered should give enough detail about evaluating security risks to lend context, focus, and the proper air of urgency to the tools and techniques the rest of the book covers. At the very least, I hope it will help you to think about network security threats in a logical and organized way.

From: Linux Server Security

วันจันทร์ที่ 28 กุมภาพันธ์ พ.ศ. 2554

More Obscure PHP

   One of the more prominent features of PHP is its vast collection of built-in functions, even before
you start adding in optional extensions. This is arguably a failing because it makes the job of
deciding which function to use in a given situation that much more difficult. Many of the functions
are so similar in behavior that it’s sometimes hard to see why they exist as distinct functions.
split() or preg_split()? str_replace() or strtr()? ksort(), asort(), rsort(),
natsort(), usort() or uksort()? strftime() or date()? This book doesn’t go into the lack
of conventions regarding the naming of functions or the order of arguments, or the way in which
several functions are merely aliases of others.

   One cause of PHP’s overlapping set of functions is its early existence as a mere wrapper over
Perl’s and later C’s own libraries. Users familiar with those languages’ function libraries would
find their PHP equivalents going by the same names with the same calling conventions, overlaid
with PHP’s memory management and type handling. Extensions exacerbated this—with different
DBMSs exposing different APIs, PHP introduced different sets of functions for each DBMS it supported.
When two extensions boasted functions for two similar things, PHP provided both.
As PHP became implemented more expansively on a wider variety of platforms and built into a
wider variety of environments, platform-independent implementations of functions began to be
introduced. Hence the existence of both rand() (which uses whatever pseudorandom number
generator was supplied by the C compiler PHP was built on) and mt_rand() (which has identical
behavior across all platforms). At the same time, PHP developers have been committed to backward-
compatibility; even as new mechanisms are introduced, they do their best to retain the old
ones in case there are people relying on them.

   So PHP’s function list burgeoned, bulging out like a loaf of bread rising in a tin that’s too small for
it. At last count, the PHP manual had 3,630 function entries, distributed among 129 chapters, of
which 855 are listed in the 30 chapters that the manual describes as “core” or are bundled and
require an explicit configuration switch to disable. Those figures are already out of date.
The practical upshot of this is that many PHP programmers are like English speakers—they use
only a small subset of the language. There are parts of the language they may just not have any use for. But hidden among PHP’s esoterica are some functions that don’t get the attention they deserve. These
are functions that have been present in PHP since version 4.3.2 at the latest—many have been around
since the early days of PHP 4. Despite this, they are often overlooked, even when they are ideal for the
task at hand. Some of them seem to be used only in tutorials about them. They are by no means the only
obscure features of the language. Rather, they represent some of the more powerful core functionality of
the PHP environment and are areas which are the site of active development in recent versions.

This chapter seeks to redress some of this injustice.

From: Profressional LAMP

PHP5 OOP

    When you begin a new project, one of the first things you have to consider is the structure of your
code. Whether you’re coding something as simple as an online contact form, or as complex as a
full-featured content management system, how you organize your code is going to influence the
performance and maintainability of the end product.

    When you use a language like PHP, there are two main routes you can go: procedural programming
and object-oriented programming—OOP for short. Each strategy has its own benefits and
limitations.

Procedural Programming versus OOP
Procedural programming often emphasizes writing code that is as concise as possible and coding
directly for the end result. In other words, most procedural programming uses targeted groups
of functions that immediately address the problem at hand—usually nothing more, and nothing
less. In most situations, this gets you extremely efficient and high-performance applications. One
of the downsides to this approach is a lack of maintainability. If the project grows large enough,
the developer or developers could end up having to maintain a large number of individual functions,
and in some cases, the logic of different functions can become confusingly similar.
Object-oriented programming (OOP), on the other hand, emphasizes abstract relationships and a
hierarchy of related functionality. Similar functionality can all share a common core, making maintenance
much easier. Code reuse is increased as well, as you can easily adapt the abstracted base
functionality for new tasks. OOP also can aid in large-scale program design, helping encapsulate
and categorize the different sets of functionality required by each part of the system. Such organization
and modularity can come at a price, however. If your object-oriented system is poorly
designed, it can actually be harder to maintain than any of the alternatives. Often, the extreme
modularity and “code-heaviness” of object-oriented designs can suffer from poor performance.

   Once you get past the problems caused by poor object-oriented design, you will find that creating a system
using a custom set of PHP objects, or even a full-blown API, can yield benefits that most every
developer will appreciate. With that, you can now begin to take a look at how PHP5 implements objectoriented
programming.

Basic Class Definitions
The basic unit of code in object-oriented PHP is the class. Simply put, a class is a way to encapsulate
related functionality and data in one entity. This encapsulation can be used to hide internal operations
from external code, and helps simplify the external interaction with the data. A class is a formal description
of a grouping of code, a programmatic recipe if you will. A class by itself, like a recipe, is merely a
cluster of instructions, and not something that can directly be used—you don’t eat the actual recipe, do
you? To use classes, you will create an instance of the class, called an object—similar to using the recipe
to prepare a dish you can actually eat. Classes define the properties and actions of a group of code, and
objects are individual instances of that set of commands.
An easy way to understand classes is to relate class code to physical objects. Many times, classes
would represent these real-world objects. You might have a class named Car that has a property called
occupants, which might keep track of the number of people in the car. It might even contain a method
called brake(), which would perform its similarly-named task. Like many real world items, classes
have a combination of attributes that describe the individual object, called properties in OOP, and a set of
actions that they can perform, which are called methods in the object-oriented world.

From: Profresstional LAMP

What’s New in PHP5?

    So what’s the big deal about PHP5? If you’re experienced with PHP4, you probably know about
object-oriented programming and the way this was handled with PHP4. If you’re unfamiliar with
PHP, but you’re familiar with other programming languages, you’ll probably find PHP5’s implementation
of object-oriented principles familiar. Luckily, things have become a lot easier with the
release of PHP5. However, there are other improvements and changes, such as more configuration
options in php.ini and a host of new array-related and other functions, besides just “better objectoriented
programming” handling. This chapter outlines these changes for you.

Object-Oriented Changes
    The changes that follow relate to the OOP model and associated features and related topics. The
majority of these changes are covered in greater detail in Chapter 2, but are also briefly outlined
here for your quick reference.

Passing Objects
One big impact of OOP changes in PHP5 is the way that variables are passed as parameters to functions.
In PHP4, by default, variables were passed by value instead of by reference, unless denoted
otherwise with the syntax &$varname. In PHP5, the default is to assign a value by reference.

Exceptions
In a nutshell, exceptions are the procedures that happen when something goes wrong. Instead of
your program completely halting when it reaches an unexpected error, you can now exert a little
more control over what the program should do when it reaches said error. You are probably familiar
with the set_error_handler() function available in PHP4. If you aren’t, the purpose of this
function is to define a user function for error handling. However, it had many limitations in its
implementation. For example, it would not work if the error was type E_ERROR, E_PARSE,