Questions and Answers
In the May column, I wrote about the security risk with
mentioned that it was based on the programming language
caused a frustrated reader to write to me stating "I
know Forth, and
Postscript is certainly not Forth!" I cannot claim
that I know Forth; I
worked with it very briefly more than 10 years ago when
tried to convince me that it was the best invention
since sliced bread.
However, it did not appeal to me, and I have not used
it ever since. On
the other hand, the statement that Postscript is based
on Forth has been
made by numerous people in the security community over
the years, so I
decided to get to the bottom of this.
Postscript is a graphical page description language
invented by Chuck
Getsche and John Warnock (the President and CEO of Adobe).
looks a little bit like Forth, because it is derived
however, Postscript's internal implementation has nothing
to do with
Forth. Postscript was written from scratch. So, now
we all know the
correct story. Nevertheless, it does not change my previous
about the security risks of Postscript. Postscript allows
commands, such as removing a file, to be executed, so
you still need to
be aware of these risks.
Some other comments to the May article were in regard
to the question
about wanting xlock to log occurrences of failed access.
was not to log password information. This is certainly
Another reader provided reference to an implementation
that will syslog
failed attempts. This modified xlock program, xlockmore-3.8,
To enable the syslog functionality, it is necessary
to enable -DSYSLOG
in the Imakefile before running xmkmf.
In the June issue, I mentioned the need for system administrators
keep track of their time. Since then, I have found a
neat tool that can
help with this, and I have been using it with great
It is a small gadget slightly bigger than a pager that
by the Stratos company. It is called "The Time
Machine." This is
probably a valid name, but I cannot help associating
"Time Machine" with
H. G. Wells' novel about traveling back in time. This
gadget will not
allow you travel back to yesterday to do the backup
you need to restore
that disk today (although that would certainly be useful).
however, allow you to keep track of how you spend your
The product actually consists of two parts, one is the
gadget, and the other is some software that runs under
the supplied cable, you can load information about the
tasks you want to
track. When starting a new activity, you just select
the category, then
push a bottom to start an internal timer, and push the
same bottom when
the task is complete (or interrupted). Later, you can
collected data into your PC and generate reports showing
how much time
is spent on various activities.
Although this tool probably is mainly aimed at consultants,
other people who charge for their time, I think it could
be a very
valuable tool for all people who need to keep track
of how they are
spending time, if only to make themselves more effective.
If you manage a group of people, you can supposedly
combine them into a
single database and generate a single report showing
how the time has
been spent for the entire department. I have not yet
tested this, but I
would think it should be able to generate highly valuable
data for those
who need to justify the budget for the system administration
I am by no means overwhelmed by the quality of the current
implementation of the concept. Both the hardware and
software could use
improvements, and the very flimsy user's manual needs
to be completely
redone. In spite of its shortcomings, I still consider
this tool one of
the best productivity enhancement tools I have seen
in a long time.
If you are interested in checking out the Time Machine,
you can order it
from "Hello Direct" (http://hello.direct.com).
Customers have 30 days to
return the product if they do not like it, so a trial
run is relatively
risk free. The purchase price is just under $300.
One noteworthy event that took place during the past
month was the
security seminar put on by Sun Microsystem and conducted
by Dan Farmer
and Wietse Venema. They are probably best known for
on the SATAN security scanner, but they have done other
independently, such as Dan Farmer's COPS and Wietse
Wrappers. The seminar was a one-time event and was mainly
held as part
of the collaboration on a new project writing a book
on security and
security audits. Dan Farmer hinted that the slides would
be put up on
his ftp server, ftp.fish.com, for anonymous retrieval.
If and when that
happens, I will publish the URL in this column.
Tool of the Month
For the tool this month, I have zeroed in on top. top
is a ps
alternative, written by William LeFever. Although ps
will give you a
single output listing all the active processes; top
will limit itself to
show only the top 15 active processes, and will update
every 5 seconds. In addition, top will show other useful
such as the number of active processes, the number of
inactive ones, and
the current load average of the system.
top provides a very nice tool for continually monitoring
are running on the system, and what kind of load they
are placing on it.
If you are running top regularly on your important systems,
provide you with a good feel for what is "normal"
for those systems.
This could make it easier to determine the cause of
problems when things
start acting abnormally.
top is ported to a large number of BSD-based systems.
It is ported to at
least some System V-based systems, but depending on
the flavor, it might
not be available for all of your platforms.
top is available from the system administration ftp
I have a medical system, and I need to run an automated
I'm trying to accomplish is this: Enter application,
through multiple screens, print report to file. Is there
a utility that
can record these functions and have it saved to a filename?
would be appreciated.
Depending on the nature of your application, you might
be able to use
the script command to capture whatever you type. script
was designed to
work with plain ascii terminals. If your application
displayed on a basic terminal, it might be usable, but
editing, as it also saves the output printed to the
terminal. If the
application uses a X11-based solution, you are out of
I want a utility, or set of, that will help me watch
nodes, their types, and throughput in a graphical format.
something that will help me determine what type of traffic
and how much bandwidth I'm using both overall and between
It sounds to me, as if you are looking for a full-blown
analyzer. There are several commercial products that
can do what you are
asking for, but they do not come cheap. There are also
MS-Windows-based packages that do at least some of these
tasks, but with
a much lower price tag. However, I have never used any
of those, and do
not know how well they compare to a "real"
You can get some of this information by running tcpdump,
the output. It is, also relatively trivial to write
a Perl script that
will count the various packets, thus, you will get an
idea of the type
of traffic you have and will be able to get some understanding
is using up your bandwidth. This will not, however,
take into account
the size of the packets. These tools, together with
the netstat -s
command, will help you get some feel for what is going
on in your
If you are finding that you have lots of NFS traffic,
nfstrace can be of value, too. Both of those, and tcpdump
as well, are
available from the system administration ftp archive
I tried to ftp to an anonymous ftp server, but I don't
know the User ID
The convention used for anonymous ftp is that you log
in as user ftp or
anonymous and give your email address as password. If
this does not
work, then the server is either not configured correctly,
or much more
likely, does not support anonymous ftp. If you want
a description on how
to configure an anonymous ftp server, see my column
in the April issue.
In the February 1996 column, you listed a utility called
op that is
available from your ftp server. I downloaded the op-1.1.tar.gz
have been unable to extract its contents. I've tried
and some others but none seem to recognize the contents.
How can I
extract the contents of this file?
All the files on that server are compressed with the
program, called gzip. Most ftp sites are using either
gzip or compress
to compress the archives to save disk space and network
common convention is that files that are compressed
with gzip have a .gz
extension, and files compressed with compress have a
.Z extension. gzip
is the newer of the two programs, and will usually do
a much better job
of compressing the files. The two programs use different
algorithms and do not understand each other's formats.
programs from the PC world, such as unzip do not work
format, so you really need to get one of these programs
before you can
get much usage out of the Internet ftp archives.
You will find the uncompressed sources to both programs
in the system
administration ftp archives:
Are you aware of an X GUI-based software package released
in the last 2
years that provides a front end to configure sendmail.cf?
I am afraid I'm not. If any of our readers know of
such a package, I
would be very interested to hear about it.
About the Author
Bjorn Satdeva is the president of /sys/admin, inc.,
a consulting firm
which specializes in large installation system administration.
also co-founder and former president of Bay-LISA, a
San Francisco Bay
Area user's group for system administrators of large
sites. Bjorn can be
contacted at /sys/admin, inc., 2787 Moorpark Ave., San
Jose, CA 95128;
electronically at email@example.com; or by phone at