David Phillips said:
> Wayne Johnson writes:
>> Installing Linux (we have a lab with ~20 PCs, might as well
>> give them some behind the wheel).
>
> This is a problem. What distro do you use? Do any of the distros with
> an easy installer offer a free, automatic system for security updates?
> With Debian, you could easily setup security updates to run nightly from
> ...
As far as distros, we were going to start them on Redhat (easiest to
install), with a quick overview of others. As far as maintanance, Redhat
is about as easy as others, true, you do have to answer a survey every few
months in order to maintain their free up2date access, but I don't think
it's going to break anyone. Automatic updates are as problematic as they
are beneficial. Last week our Apache stopped working when we picked up a
perl update that required matching changes to the httpd.conf file. The
httpd.conf file was not updated because it had local changes.
>> Access Control (passwd, group, file system security)
>
> There is a lot more to UNIX security than just that. Understanding file
> permissions is almost useless without understanding process credentials.
> Why shouldn't things run as root? Why shouldn't all daemons run as
> "nobody"? If a process is compromised, what other files and processes
> can become compromised?
My comment on access control is more, how to add users, remove them, why
can't user a access a file from user b, etc.
>> GUI vs Command line (including a tutorial in Vi)
>
> Haha. The vi interface is not at all intuitive. Trying to teach
> newbies how to use it is pointless and stupid.
...
> My pick would be joe, because it almost as easy to use and has basically
> any feature an advanced user would want from a text editor, except for
> syntax highlighting. It even has a pico imitation mode, run by running
> jpico.
I'll take a look at Joe, I agree vi is not as easy as it should be. Maybe
we should just stick with the GUI editors.
>> E-mail Serving
>
> Make sure to pick a secure MTA, such as qmail or Postfix.
I'm not going to touch this... :{)>
>> PHP
>
> If you need to teach a user what a CPU is, you should not be trying to
> teach them a programming language in the same course, especially not one
> that makes it easy to have huge remote security holes...
We were just doing an introduction to show the possibilities of dynamic HTML.
> Don't. Newbies should not be deploying machines on the Internet,
> period. Teaching them how to setup a Linux operating system for a
> desktop machine that will be behind a hardware NAT router is probably
> alright.
Of course Internet machines are an advanced subject. This is just an
introduction. To show what is possible with further study. Worst is to
let a nubie run a Windows system on the internet. There is a benefit to
these organizations to have an internal web site.
Thanks for your input.
_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list