LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Closed Thread
  Search this Thread
Old 06-16-2011, 10:13 AM   #46
MTK358
LQ 5k Club
 
Registered: Sep 2009
Posts: 6,443
Blog Entries: 3

Rep: Reputation: 721Reputation: 721Reputation: 721Reputation: 721Reputation: 721Reputation: 721Reputation: 721

http://www.gnu.org/philosophy/selling.html
 
Old 06-16-2011, 10:23 AM   #47
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,148
Blog Entries: 2

Rep: Reputation: 4864Reputation: 4864Reputation: 4864Reputation: 4864Reputation: 4864Reputation: 4864Reputation: 4864Reputation: 4864Reputation: 4864Reputation: 4864Reputation: 4864
Quote:
Originally Posted by softwarelabus View Post
An individual can define a word, e.g., open source, as they wish, but that doesn't change the standard definition. It appears that the standard definition of open-source is that it must be free. Sounds silly to me, but I'm just saying.

I just checked another source, dictionary.com. The first & top most definition is,

"o·pen-source"
"Computers . pertaining to or denoting software whose source code is available free of charge to the public to use, copy, modify, sublicense, or distribute"
http://dictionary.reference.com/browse/open-source
And where do I get charged when I want to use MySQL or the radeon driver on my Slackware system?
 
Old 06-16-2011, 10:37 AM   #48
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
softwarelabus, you've asked for feedback about your idea, and you've received it. Whether you want to welcome other members' opinions or stick your head in the sand is your problem, but at this point I'm gonna ask you to keep things focused on technical issues related to your script (or script idea). You seem to be quite misinformed regarding open source software in general, which when combined with your rather extreme unwillingness to make any concessions, results in a situation where discussion is about as unproductive as can be. You're free to believe whatever you want (that open source software gives the bad guys an upper hand; that closed source software gives the good guys an upper hand; that your script will automagically make your box more secure; that a paid coder will necessarily produce better software than one who programs in his/her free time; that all open source coders program in their free time and don't get paid for it; that open source software is supposed to be free as in beer; etc.), but surely we can have a more beneficial thread if we stick to the technicalities of your script idea and stay away from the more general philosophical aspects.

Last edited by win32sux; 06-16-2011 at 10:38 AM.
 
Old 06-16-2011, 10:39 AM   #49
softwarelabus
LQ Newbie
 
Registered: Jun 2011
Posts: 27

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by TobiSGD View Post
And where do I get charged when I want to use MySQL or the radeon driver on my Slackware system?
I've used mysql for free for over a decade. I never said otherwise. If it's free, then there's no contradiction.
 
Old 06-16-2011, 10:42 AM   #50
softwarelabus
LQ Newbie
 
Registered: Jun 2011
Posts: 27

Original Poster
Rep: Reputation: Disabled
@win32sux, I tried to get some details from you, but nothing. This thread was only asking for which folders to scan. Not a single answer yet. Anyhow, is it a forum rule that a thread can't branch off into other topics? I find the topic of open-source interesting. You want to suppress my opinions because you don't like them?
 
0 members found this post helpful.
Old 06-16-2011, 10:44 AM   #51
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,237

Rep: Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651
Quote:
Originally Posted by softwarelabus View Post
Of course. Again, I'm talking about *adding* security, not replacing it. That being said, win32sux and Hangdog42 have not pointed out any vulnerabilities in my method.
I pointed out the vulnerabilities in your method in my previous post.
 
Old 06-16-2011, 10:53 AM   #52
softwarelabus
LQ Newbie
 
Registered: Jun 2011
Posts: 27

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by szboardstretcher View Post
Really, you should have IDP/IDS in place to know that someone has accessed your system. Use auditing, traffic monitoring, firewalls, logging, alerting etc...

The "scan it every so often" idea might work... but at what cost? If you scan it every hour, then someone could have already been in your system for 59 minutes. If you scan every 5 minutes you will kill your performance.

To me, its better to watch the gates and doors than spend time to count the money every 5 minutes.
You're suggesting that the purpose of my scan is to prevent a hacker from gaining access to the server. Again, the purpose of the scan is to detect *if* the server has *been* hacked. If the server becomes hacked, then it will be wiped and reinstalled.
 
Old 06-16-2011, 10:56 AM   #53
softwarelabus
LQ Newbie
 
Registered: Jun 2011
Posts: 27

Original Poster
Rep: Reputation: Disabled
As a reminder to people new to the thread who don't want to read it, I'm not suggesting to replace existing security. The script is just me *adding* some custom undisclosed source code security scans. It's not modifying existing security. It's just passive scans where I upload the script on the fly every time I want to run the scan. There will be a text field where I enter some text equations that I'll be expecting a certain message from the script encase a hacker tries to fake my scripts output. And each file checksum scan is randomly divided into multiple checksums.

To me, it's just weird how anyone could oppose that.

Last edited by softwarelabus; 06-16-2011 at 11:00 AM.
 
Old 06-16-2011, 11:20 AM   #54
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,237

Rep: Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651
Quote:
Originally Posted by softwarelabus View Post
You're suggesting that the purpose of my scan is to prevent a hacker from gaining access to the server.
No. I suggested that the purpose of the scan is to detect that a hacker "had already" gained access to the server.



Rather than re-invent the wheel with a script, use samhein, aide, tripwire... etc. Or don't.

Done.
 
1 members found this post helpful.
Old 06-16-2011, 12:20 PM   #55
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 418Reputation: 418Reputation: 418Reputation: 418Reputation: 418
Quote:
Originally Posted by softwarelabus
This thread was only asking for which folders to scan. Not a single answer yet.
Completely and totally untrue. You were told that the folders you need to scan are up to you depending upon your level of risk tolerance and your ability to deal with any given signal/noise ratio. If you have the SA experience you claim, you should already know what folders are critical to operations and which ones are likely to have a lot of file churn.

Quote:
Originally Posted by softwarelabus
Anyhow, is it a forum rule that a thread can't branch off into other topics? I find the topic of open-source interesting. You want to suppress my opinions because you don't like them?
As has been explained to you the Security forum operates on facts related to security. If you want to have a discussion on the nature of Open Source, feel free to start a thread in General, where it belongs. I'm sure you'll find it easy to get a very lively discussion there.

Quote:
Originally Posted by softwarelabus
To me, it's just weird how anyone could oppose that.
Nobody is opposed to the idea, as it has already been done in a variety of readily available programs. It is the details of your specific implementation that strike many of us as a waste of time. But hey, its your time to waste.

What is very clear is that you either have no intention of actually having a discussion about security procedures and policies, or you're just trolling. So let me wish you good luck with your project, because your going to need it.
 
1 members found this post helpful.
Old 06-16-2011, 04:16 PM   #56
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
The Linux Security forum deals with facts alone. Technical questions deserve technical answers. Answering questions well may involve asking more questions. Since answers here increasingly mismatch questions this thread no longer is of benefit to anyone. As such it is closed. Thanks all for taking part.
 
1 members found this post helpful.
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Checksum 4 Slackware download - what type of checksum is this. Earnest Lux Linux - Newbie 1 02-02-2008 08:02 PM
checksum juanb Linux - Newbie 1 08-12-2004 03:40 AM
Checksum wonderpun Linux - General 1 08-28-2002 05:04 PM
Checksum? frkstein Linux - General 1 05-04-2002 02:03 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:38 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration