Unix/Linux/GNU Resources
The Web Developer
Virtual Library Tutorials (a complete set of introductory tutorials)
Learning the VI text editor
VI LOVERS HOME PAGE
crevier.org: vi
Editor Resources
http://www.networkcomputing.com/unixworld/tutorial/009/009.html
(VI text editor tutorial)
Quick
Vi Tutorial
Advanced
Vi Tutorial
CTC Tutorial on vi
(Cornell Tutorial on the vi text editor)
Linda MacEwan's Floppix
http://www.algonquincollege.com/infosystems/macewal/
http://floppix.ccai.com/
Installing Linux
http://www.linux.org/help/beginner/install.html
(How to install Linux)
news:comp.os.linux.setup (Usenet
News Group with discussions about setting up Linux.)
http://www.debian.org/2.0/install.html
(Installing the Debian distribution of Linux.)
http://www.linux.ncsu.edu/howtoinstall/index.html
(Installing Red Hat)
http://www.cs.runet.edu/~linux/HOWTO/install.html
(Installing Slackware)
Linux MAN Pages Indexed HTML
Version - "A Gift to Linux Users: HTML version of the the MAN
pages. I'm trying to understand Linux and the documentation sucks. My brain is
so full that in order to learn something new I have to forget something to
make room for it. So I need docs that I can read and search. I'm sure I speak
for a lot of people besides myself that the biggest barrier to Linux is the
documentation. It doesn't matter how good it is if you can't figure out how to
use it."
Linux Homes, Documentation, and Software
http://www.linuxhelp.org/
http://www.linux.org/
http://slashdot.org/
http://linux.wiw.org/doc/man/
(Linux man pages)
http://www.freshmeat.net/ (Linux
software for download)
Basic Programming
Basic
Programming: Loops in Java (applicable to any programming language, e.g.
shell, Perl)
Shell Scripting
http://www.tc.cornell.edu/Edu/Tutor/Basics/shell/
(Tutorial on Shell Scripts [mostly C Shell])
Regular Expressions / sed / grep / vi
Appendix A
Regular Expressions are a powerful pattern-matching language.
To see what's possible once you learn Regular Expressions, read what a Perl
master has to say:
http://virtual.park.uga.edu/humcomp/perl/regexps.html
(Using Regular Expressions)
For help learning Regular Expressions in the vi text
editor see "Searching and Replacing text" in this tutorial:
http://www.tcmb.gov.tr/mse/lug/node171.html
(Linux User Guide: Advanced vi Tutorial)
http://ir.parks.lv/li/Resources/LDP/guide/section2_21.html
(alternate source)
http://www.mvblind.uni-linz.ac.at/linux/guide/node171.html
(alternate source)
Here is a Java applet that lets you experiment with Regular Expressions
online:
http://www.rutgers.edu/~sgro/perltutor/regexp.html
(Java Perl Regular Expression evaluator)
sed, Perl and
Regular Expressions
Regular
Expressions
Perl Tutorial
- First Meeting - Regular Expressions (With cool Java applet!)
82.562
Perl Patterns
Searching
and replacing text
Regular
Expression in JavaScript 1.2 - Regular Expressions Introduction
Unix
for Linguists Regular Expressions
Regular
Expression in JavaScript 1.2 - Regular Expressions Introduction
Security
Rootshell: Network
Security incidents and exploits
The WWW
Security FAQ
National Security Institute Security
Resource Net
Apache Week: Using
User Authentication
Bugtraq mailing list archives
L0pht Heavy Industries (Software to
find holes and to break into systems)
Dan Farmer: COPS, SATAN, etc.
Deception ToolKit (Make your system appear
to be hackable)
Network Security Solutions Ltd. -
White Papers and Advisories
Computer Virus Myths home page
Securing NIS
Enterprise
Network Security and Risk Management
Miscellaneous
The Web Developer Virtual
Library: UNIX
http://www.pathname.com/fhs/index.html
(Unix/Linux Filesystem Hierarchy Standard [FHS])
http://www.networkcomputing.com/unixworld/resources/unix.html
(Unix resources)
http://www.ugu.com/ (Unix Guru Universe)
http://infocom.cqu.edu.au/85321/
(An online Unix course, text, and study guide by David Jones in Australia)
Microsoft Windows NT Server 4.0
versus UNIX (The technical merits of Unix.)
http://www.news.com/News/Item/0%2C4%2C26950%2C00.html?dd.ne.htmldisp.hl.ne
(Linux popularity grows)
http://www.sdsu.edu/doc/texi/gawk_toc.html
(GNU Awk Users Guide)
http://www.ece.unh.edu/networks/Ethernet/Ethernet.html
(Ethernet IP/ARP packet simulations)
http://www.math.fu-berlin.de/~guckes/afw/
(Alt.Fan.Warlord - the art of signatures)
Unix
- Frequently Asked Questions - Why do some scripts start with #! ...
Mastery of Unix
"Mastery of UNIX, like mastery of language, offers real freedom. The
price of freedom is always dear, but there's no substitute. Personally, I'd
rather pay for my freedom than live in a bitmapped, pop-up-happy dungeon like
NT. I'm hoping that as IT folks become more seasoned and less impressed by
superficial convenience at the expense of real freedom, they will yearn for
the kind of freedom and responsibility UNIX allows. When they do, UNIX will be
there to fill the need." - Thomas Scoville, The Elements
of Unix Style: Unix as Literature
Security
This is a summary of the many (and I do mean many) replies. Thanks to
everyone that contributed.
Why do programmers write unsafe code?
- There is no curriculum that addresses computer security in most schools.
- Programming books/classes do not teach secure/safe programming techniques.
- No one uses formal verification methods.
- C is an unsafe language.
- The standard C library string functions are unsafe.
- Programmers do not think 'multiuser'.
- Programmers are human. Humans are lazy.
- Most programmers are simply not good programmers.
- Most programmers are not security people.
- Most security people are not programmers.
- Most computer security models suck.
- Lots of legacy code that is broken.
- Consumers don't care about security.
- Cost in extra developing time.
- Cost in extra testing.
What secure programming resources are available?
Conferences:
SANS ID'99
"How Attackers Break Programs, and How to Write Programs Securely"
by M. Bishop.
< http://www.sans.org/ >
Classes:
UC David ECS153 "Introduction to Computer Security" (M. Bishop)
EnGarde's Secure Programming Tutorial
< http://engarde.com/tutorials/tutorials_secprog.html
>
Articles:
"Designing Secure Software" by Peter Galvin
< http://www.sunworld.com/sunworldonline/swol-04-1998/swol-04-security.html
>
"The Unix Secure Programming FAQ" by Peter Galvin
< http://www.sunworld.com/sunworldonline/swol-08-1998/swol-08-security.html
>
"A Lab engineers check list for writing secure Unix code" by
AUCERT
< ftp://ftp.auscert.org.au/pub/auscert/papers/secure_programming_checklist
>
"How to find security holes" by Kragen Sitaker
< http://www.dnaco.net/~kragen/security-holes.txt
>
< http://www.dnaco.net/~kragen/security-holes.html
>
"setuid - checklist for security of setuid programs"
< http://www.homeport.org/~adam/setuid.7.html
>
"perlsec - Perl security"
< ftp://ftp.digital.com/pub/plan/perl/CPAN/doc/manual/html/pod/perlsec.html
>
Papers:
"Robust Programming" by M. Bishop
< http://seclab.cs.ucdavis.edu/~bishop/classes/ecs153-98-winter/robust.html
>
< http://seclab.cs.ucdavis.edu/~bishop/classes/ecs153-98-winter/Pdf/robust.pdf
>
< http://seclab.cs.ucdavis.edu/~bishop/classes/ecs153-98-winter/Postscript/robust.ps
>
"Security Code Review Guidelines" By Adam Shostack
< http://www.homeport.org/~adam/review.html
>
Talks & Tutorials:
"UNIX Security: Security in Programming" by M. Bishop
< http://seclab.cs.ucdavis.edu/~bishop/scriv/1996-sans-tut.pdf
>
< http://seclab.cs.ucdavis.edu/~bishop/scriv/1996-sans-tut.ps
>
"Shifting the Odds: Writing (More) Secure Software" by Steve
Bellovin
< http://www.research.att.com/~smb/talks/odds.pdf
>
< http://www.research.att.com/~smb/talks/odds.ps
>
Books on writing secure software:
"Practical Unix and Internet Security" from O'Reilly &
Associates
Chapter 22 "Writing Secure SUID and Network Programs"
< http://www.oreilly.com/catalog/puis/
>
Books on writing bug free software:
"Writing Solid Code" by Steve Maguire
< http://www.amazon.com/exec/obidos/ASIN/1556155514/ref=sim_books/002-7935989-4651662
>
"Code Complete" by Steve McConnel
< http://www.amazon.com/exec/obidos/ASIN/1556154844/o/qid=913914934/sr=2-1/002-7935989-4651662
>