Unix/Linux/GNU/HTML/CGI Resources
The Web Developer Virtual Library
Tutorials (a complete set of introductory tutorials)
Learning the VI text editor
VI LOVERS HOME PAGE
crevier.org: vi Editor
Resources
http://www.networkcomputing.com/unixworld/tutorial/009/009.html
(VI text editor tutorial)
Quick
Vi Tutorial
Advanced Vi
Tutorial
CTC Tutorial on vi
(Cornell Tutorial on the vi text editor)
Installing Linux
http://members.tripod.com/~i2ps_fasttrack/
(Carlos Azevedo's FastTrack web)
http://www.linux.org/help/beginner/install.html
(How to install Linux)
http://metalab.unc.edu/mdw/LDP/gs/gs.html
(Linux installation and getting started)
http://metalab.unc.edu/LDP/HOWTO/Installation-HOWTO-1.html
(Installing Linux)
news:comp.os.linux.setup (Usenet News Group with
discussions about setting up Linux.)
http://www.debian.org/2.0/install.html
(Installing the Debian distribution of Linux.)
http://www.linux.ncsu.edu/howtoinstall/index.html
(Installing Red Hat)
http://www.cs.runet.edu/~linux/HOWTO/install.html
(Installing Slackware)
http://sunsite.unc.edu/mdw/ldp.html
(Linux Documentation Project - online books; search engines)
Linux MAN Pages Indexed HTML Version - "A
Gift to Linux Users: HTML version of the the MAN pages. I'm trying to understand Linux and
the documentation sucks. My brain is so full that in order to learn something new I have
to forget something to make room for it. So I need docs that I can read and search. I'm
sure I speak for a lot of people besides myself that the biggest barrier to Linux is the
documentation. It doesn't matter how good it is if you can't figure out how to use
it."
Linux Homes and Software
http://www.linuxhelp.org/
http://www.linux.org/
http://slashdot.org/
http://www.freshmeat.net/ (Linux software for
download)
http://www.redhat.com/products/product-details.phtml?id=rhl-sparc5
(Red Hat Linux for Sparc)
Basic Programming
Basic
Programming: Loops in Java (applicable to any programming language, e.g. shell, Perl)
Perl
The Web Developer Virtual
Library: A Taste of Perl
Elara Webdirectory
PERLTutorials
Robert's Perl Tutorial
yallara.cs.rmit.edu.au
(Perl: A Quick Reference and Tutorial)
Elara Webdirectory PERL
Plan - Perl CGI Interactive
Tutorial
http://civeng.carleton.ca/Courses/Grad/1994-95/82.562/perl/
(Perl Tutorial)
A perl Tutorial by Will Morse
A
Perl Tutorial Super-Basics
Shell Scripting
http://www.tc.cornell.edu/Edu/Tutor/Basics/shell/
(Tutorial on Shell Scripts [mostly C Shell])
URL / HTML / CGI / Database
The Web Developer Virtual
Library: The Beginners Page
A Beginner's Guide to URLs
NCSA--A
Beginner's Guide to HTML Home Page
CGI for the Total Non-Programmer - a
tutorial
Elara
Webdirectory CGITutorialsProgramming_in_Perl
Web Review - A Complete
Database Application in Perl
Elara
Webdirectory PERLTutorialsRegular_Expressions
Regular Expressions / sed / grep / vi
Appendix A
Regular Expressions are a powerful pattern-matching language.
To see what's possible once you learn Regular Expressions, read what a Perl master has
to say:
http://virtual.park.uga.edu/humcomp/perl/regexps.html
(Using Regular Expressions)
For help learning Regular Expressions in the vi text editor see
"Searching and Replacing text" in this tutorial:
http://www.tcmb.gov.tr/mse/lug/node171.html
(Linux User Guide: Advanced vi Tutorial)
http://ir.parks.lv/li/Resources/LDP/guide/section2_21.html
(alternate source)
http://www.mvblind.uni-linz.ac.at/linux/guide/node171.html
(alternate source)
Some materials on learning Regular Expressions:
http://134.117.1.194/Courses/Grad/1996-97/82.562/perl/prg50.html
(Tutorial on R.E. in Perl)
http://lab.dce.harvard.edu/perldocs/pod/perlre.html
(Perl Regular Expression "man" page)
http://www.webreview.com/97/07/04/perl/index.html
(Perl Regular Expressions)
http://www.pun.org/bram/Class/Perl/3/RegExp_Tutorial.html
(Perl Regular Expressions)
Here is a Java applet that lets you experiment with Regular Expressions online:
http://www.rutgers.edu/~sgro/perltutor/regexp.html
(Java Perl Regular Expression evaluator)
sed, Perl and Regular
Expressions
Regular Expressions
Perl Tutorial - First
Meeting - Regular Expressions (With cool Java applet!)
82.562
Perl Patterns
Sed
Tutorial
Searching
and replacing text
Regular
Expression in JavaScript 1.2 - Regular Expressions Introduction
Unix for
Linguists Regular Expressions
Perl Tutorial (Regular
Expressions)
Perl
tutorial String matching (Regular Expressions)
Regular
expressions (in the FrexxEd editor)
www.lisol.co.uk (Regular
Expressions in Perl)
Java
95.105 Course Notes (At
Carleton University)
Regular
Expression in JavaScript 1.2 - Regular Expressions Introduction
Security
Linux Administrators Security Guide (LASG)
Rootshell: Network Security incidents
and exploits
The WWW Security FAQ
National Security Institute Security Resource
Net
Apache Week: Using User
Authentication
Bugtraq mailing list archives
L0pht Heavy Industries (Software to find holes and
to break into systems)
Dan Farmer: COPS, SATAN, etc.
Deception ToolKit (Make your system appear
to be hackable)
Network Security Solutions Ltd. - White Papers
and Advisories
A day in the
life of a typical Internet host
Computer Virus Myths home page
Securing NIS
Enterprise Network
Security and Risk Management
Miscellaneous
The Web Developer Virtual Library: UNIX
http://www.pathname.com/fhs/index.html
(Unix/Linux Filesystem Hierarchy Standard [FHS])
http://www.networkcomputing.com/unixworld/resources/unix.html
(Unix resources)
http://www.ugu.com/ (Unix Guru Universe)
http://infocom.cqu.edu.au/85321/ (An
online Unix course, text, and study guide by David Jones in Australia)
Microsoft Windows NT Server 4.0 versus UNIX
(The technical merits of Unix.)
http://www.news.com/News/Item/0%2C4%2C26950%2C00.html?dd.ne.htmldisp.hl.ne
(Linux popularity grows)
http://www.sdsu.edu/doc/texi/gawk_toc.html
(GNU Awk Users Guide)
http://www.ece.unh.edu/networks/Ethernet/Ethernet.html
(Ethernet IP/ARP packet simulations)
http://www.math.fu-berlin.de/~guckes/afw/
(Alt.Fan.Warlord - the art of signatures)
Unix
- Frequently Asked Questions - Why do some scripts start with #! ...
The
Economist (Hackers Rule - on Open Source Software)
Mastery of Unix
"Mastery of UNIX, like mastery of language, offers real freedom. The price of
freedom is always dear, but there's no substitute. Personally, I'd rather pay for my
freedom than live in a bitmapped, pop-up-happy dungeon like NT. I'm hoping that as IT
folks become more seasoned and less impressed by superficial convenience at the expense of
real freedom, they will yearn for the kind of freedom and responsibility UNIX allows. When
they do, UNIX will be there to fill the need." - Thomas Scoville, The Elements of Unix
Style: Unix as Literature
Security
This is a summary of the many (and I do mean many) replies. Thanks to
everyone that contributed.
Why do programmers write unsafe code?
- There is no curriculum that addresses computer security in most schools.
- Programming books/classes do not teach secure/safe programming techniques.
- No one uses formal verification methods.
- C is an unsafe language.
- The standard C library string functions are unsafe.
- Programmers do not think 'multiuser'.
- Programmers are human. Humans are lazy.
- Most programmers are simply not good programmers.
- Most programmers are not security people.
- Most security people are not programmers.
- Most computer security models suck.
- Lots of legacy code that is broken.
- Consumers don't care about security.
- Cost in extra developing time.
- Cost in extra testing.
What secure programming resources are available?
Conferences:
SANS ID'99
"How Attackers Break Programs, and How to Write Programs Securely" by M. Bishop.
< http://www.sans.org/ >
Classes:
UC David ECS153 "Introduction to Computer Security" (M. Bishop)
EnGarde's Secure Programming Tutorial
< http://engarde.com/tutorials/tutorials_secprog.html
>
Articles:
"Designing Secure Software" by Peter Galvin
< http://www.sunworld.com/sunworldonline/swol-04-1998/swol-04-security.html
>
"The Unix Secure Programming FAQ" by Peter Galvin
< http://www.sunworld.com/sunworldonline/swol-08-1998/swol-08-security.html
>
"A Lab engineers check list for writing secure Unix code" by AUCERT
< ftp://ftp.auscert.org.au/pub/auscert/papers/secure_programming_checklist
>
"How to find security holes" by Kragen Sitaker
< http://www.dnaco.net/~kragen/security-holes.txt
>
< http://www.dnaco.net/~kragen/security-holes.html
>
"setuid - checklist for security of setuid programs"
< http://www.homeport.org/~adam/setuid.7.html
>
"perlsec - Perl security"
< ftp://ftp.digital.com/pub/plan/perl/CPAN/doc/manual/html/pod/perlsec.html
>
Papers:
"Robust Programming" by M. Bishop
< http://seclab.cs.ucdavis.edu/~bishop/classes/ecs153-98-winter/robust.html
>
< http://seclab.cs.ucdavis.edu/~bishop/classes/ecs153-98-winter/Pdf/robust.pdf
>
< http://seclab.cs.ucdavis.edu/~bishop/classes/ecs153-98-winter/Postscript/robust.ps
>
"How to Write a Setuid Program" by M. Bishop
< http://seclab.cs.ucdavis.edu/~bishop/scriv/1986-loginv12n1.ps
>
"Security Code Review Guidelines" By Adam Shostack
< http://www.homeport.org/~adam/review.html
>
Talks & Tutorials:
"Writing Safe Privileged Programs" by M. Bishop
< http://seclab.cs.ucdavis.edu/~bishop/scriv/1997-ns97.pdf
>
< http://seclab.cs.ucdavis.edu/~bishop/scriv/1997-ns97.ps
>
"UNIX Security: Security in Programming" by M. Bishop
< http://seclab.cs.ucdavis.edu/~bishop/scriv/1996-sans-tut.pdf
>
< http://seclab.cs.ucdavis.edu/~bishop/scriv/1996-sans-tut.ps
>
"Shifting the Odds: Writing (More) Secure Software" by Steve Bellovin
< http://www.research.att.com/~smb/talks/odds.pdf
>
< http://www.research.att.com/~smb/talks/odds.ps
>
Books on writing secure software:
"Practical Unix and Internet Security" from O'Reilly & Associates
Chapter 22 "Writing Secure SUID and Network Programs"
< http://www.oreilly.com/catalog/puis/
>
Books on writing bug free software:
"Writing Solid Code" by Steve Maguire
< http://www.amazon.com/exec/obidos/ASIN/1556155514/ref=sim_books/002-7935989-4651662
>
"Code Complete" by Steve McConnel
< http://www.amazon.com/exec/obidos/ASIN/1556154844/o/qid=913914934/sr=2-1/002-7935989-4651662
>
