LTC bulletin: December 12, 2001

Maya Stodte (mstodte@yahoo.com)
Technology journalist

December 2001

Our biweekly news from the IBM Linux Technology Center -- where all the Linux-related technologies happening inside IBM are tracked -- briefs you on several updated kernel patches, including the new Bastille Linux, a new Heartbeat from High Availability Linux, the new Reference Implementation from SBLIM, the System Installation Suite's inclusion in the most recent Debian test version, and several other new releases.

The updates in this bulletin are arranged alphabetically by project. To find out more about any of these projects and others, go directly to the Linux Technology Center.

Bastille Linux
The Bastille Linux patch from the LTC has been updated by Niki Rahimi to support SuSE 7.2 and Turbolinux 7.0. Both patches have been submitted to the Bastille Linux team and the Bastille mailing list. "Bastille is an automated security hardening system," Niki explains, "that simplifies the work a system administrator must do in order to increase network and system security. It runs on various Mandrake and Red Hat platforms."

The Bastille project is a part of the effort to simplify enhanced security in multiple Linux distributions. It uses a Perl script, each step of which is optional and contains information to educate and guide the installing administrator on the relevant security issues. "The initial development," the Bastille team notes, "integrated Jay Beale's existing O/S hardening experience for Solaris and Linux with most of the major points from the SANS' Securing Linux Step by Step, Kurt Seifried's Linux Administrator's Security Guide, and countless other sources." The current Bastille script is now available as version 1.2.0 and includes support for Red Hat Linux versions 6.0 through 7.1 and Mandrake Linux versions 6.0 through 8.0, as well as a new X Windows-based configuration GUI and support for iptables firewalling.

DProbes
In mid-November, DProbes version 3.2.0 was released. This version fixes a bug causing the module list to be exported without the version suffix when CONFIG_MODVERSIONS was set, preventing dprobes module from loading. A complete changelog dating back to the initial release in August of 2000, is available through the project's Web site on developerWorks.

DProbes, or Dynamic Probes, is a debugging facility designed to work under extreme or inaccessible conditions. It gathers diagnostic information by dynamically firing probes into executing code modules, relying on user written probe-handlers (programs written in assembly-like code based on Reversed Polish Notation).

Event Logging
Event Logging for the Enterprise released version 1.1.1, which features several new bug fixes with additional code and functions. It is strongly recommended that if you are using Linux kernel 2.4.10 or later, you upgrade your event logging to the current release. Complete release notes and installation instructions are available from the project Web site on SourceForge.

The Linux Event Logging for Enterprise-Class Systems logs events and informational messages from kernel subsystems and system applications. The previously used printk/klog (for logging kernel events) and syslog (for logging non-kernel events) record events as text-only, have a limited user interface and set of event providers and notification capabilities, and log file sizes and the age of the events they record. With this in mind, the Device Driver Event Logging project aims, without affecting calls to printk/klog and syslog, to provide a system-wide log with event records of fixed structure that represent attributes of the event record and a variable-length data buffer containing the event data (text or binary).

High Availability Linux
Heartbeat 0.4.9.1 is now available from the High Availability Linux project. It is a beta series with several fixes and changes to the code as well as some new plug-ins and options. A complete changelog is available from the High Availability Linux Web site.

Heartbeat is the code for Linux High Availability. Currently over a dozen High Availability Linux machines are up and running, and the project team is beginning a close collaboration with the Linux Virtual Server. Heartbeat now ships as part of SuSE Linux, Conectiva Linux, and Mandrake Linux. Mission Critical Linux is also building one of their products on it, as is VA Linux with their Ultra Monkey. A complete guide to Linux High Availability and Heartbeat has been made available by Rudy Pawul.

Internationalization patches (I18N)
There is a new Internationalization patch by Masahide Washizawa for additional iconv converters in Vietnamese. The patch enables the IBM codeset conversions IBM-1163 (Vietnamese PC code) and IBM-1164 (Vietnamese Host code), and has been submitted to the glibc maintainer.

JFS
JFS has put out its forty-eighth release, version 1.0.10, which has the temporary restriction that the block size must be 4K. MKFS.jfs defaults to a block size to 4K. The function changes and fixes to the utilities were minor; changes to JFS include fixing a boundary case in xtTruncate, the addition of another sanity check to avoid trapping when imap is corrupt, and the addition of dtSearchNode and dtRelocate. A complete changelog cataloging release notes back to the first JFS drop is available through the project Web site on developerWorks.

The Journaled File System technology from IBM, currently used in its enterprise servers, provides a log-based, byte-level file system designed for high-throughput server environments. Work is underway to complete the port to Linux. The project also offers a CVS repository that lists the latest changes to JFS and its documentation.

Miscellaneous patches
Following are miscellaneous patches produced by members of the LTC:

• A new Linux kernel patch for arpmod by David Wilder:
  "arpmod is a kernel module offered as a solution for the "arp problem" described on the Linux Virtual Server Web site," explains David. "This module is used on systems that assign virtual IP addresses to the loopback device (lo) and filters out any incoming arp who-has requests for IP addresses assigned to a lo interface, thus preventing the system from responding to these arp requests."
• A new Linux kernel patch for kernel_flag (BKL) removal from drivers by Rick Lindsley:
  This patch is also included in linux-2.5.1-pre4. The patch "removes the BKL from the release functions of over 50 drivers' release functions," notes Rick. "The release functions are already serialized in the VFS code by an atomic_t, which guarantees that each function will be called only once, after all file descriptors have been closed. In addition, in these drivers, the BKL was held only in the release function and nowhere else in the driver where it might be needed."

NGPT
The Next Generation POSIX Threads project has made the unstable release 1.1.0 available and posted a patch for NGPT 1.1.0 to fix a cancellation problem. NGPT 1.1.0, although technically an unstable release, is, as the team notes, actually quite stable. It is based on the 2.0 Development tree. "The major focus of this release was threefold," notes the team leader Bill Abt. "First and foremost, we've improved POSIX compliance. Second, we've improved performance. And finally, we've greatly improved glibc/LinuxThread compatibility." Detailed release notes and a complete changelog are available from the project's Web site on developerWorks.

The Next Generation POSIX Threading project derives from the GNU Pth package. It aims to solve problems associated with the pthreads library on Linux.

OpenAFS
The OpenAFS project has released version 1.2.2a.

AFS is a distributed enterprise file system with a data management model that was open sourced by IBM's Transarc lab in September of 2000. It offers a client-server architecture for file sharing in which files stored in AFS are accessed through user installations.

Samba
A new Samba patch for "net" utility enhancements by Jim McDonough is now available; it has been committed in CVS. "This patch adds new features to the "net" utility. It can list, start, and stop services remotely, change a password remotely, and enable it for translations," explains Jim. He is looking for people to translate the help and messages to different languages.

SBLIM
The Standards Based Linux Instrumentation for Manageability project has released its Reference Implementation version 0.5 and FSVOL version 0.9.5. This is the first public release of the Reference Implementation, which allows access to systems management data on systems running a CIMOM with appropriate instrumentation. Release notes for the fsvol are available from the project's Web site on developerWorks.

The most important goal of the SBLIM (pronounced "sublime") project is to provide a complete suite of CIMOM providers for Linux (also known as instrumentation) effectively implementing the CIM Schema. Doing this will enable GNU/Linux systems for WBEM. As of version 2.5, the CIM Schema consists of the following sub-schemas: Core, Application, Device, Events, Network, Metrics, Physical, Policy, Support, System, User, and Network. The CIMOM technology from SNIA , the Storage Networking Industry Association, provides client and server with CIM/WBEM technologies.

The SBLIM (Standards Based Linux Instrumentation for Manageability) project is working to enhance the manageability of GNU/Linux systems. It does so by enabling GNU/Linux for WBEM , Web Based Enterprise Management, a set of standards defined by the DMTF and fostered by the WBEMsource initiative .

SIS
In news from the System Installation Suite, System Imager 2.0.0 and System Configurator 1.0 are now included in the unstable (Sid) tree of the Debian GNU/Linux distribution.

The System Installation Suite grew out of a merger between the LTC LUI project and VA Linux's SystemImager. LUI is a utility that installs workstations remotely over an ethernet network by providing tools to manage installation resources on the server. The VA SystemImager automates Linux installation to multiple machines. It is composed of the System Configurator, System Installer and System Imager. Read more about the merger in the LTC bulletin from June 19, 2001.

Resources

• Read the previous LTC bulletins on developerWorks:
  • November 28, 2001
  • November 15, 2001
  • October 30, 2001
  • August 30, 2001
  • August 22, 2001
  • July 31, 2001
  • July 16, 2001
  • June 19, 2001
  • May 21, 2001
  • May 7, 2001
  • April 23, 2001
• Visit the Linux Technology Center and take a look Behind the scenes at the LTC.
• Browse the Linux Documentation Page.
• Learn more about the projects and patches covered in this LTC bulletin:
  • Bastille Linux patch (developerWorks)
  • DProbes project (developerWorks)
  • Event Logging for the Enterprise project (SourceForge)
  • High Availability Linux project (Linux-ha.org)
  • Internationalization patches (I18N) (developerWorks)
  • JFS project (developerWorks)
  • Miscellaneous patches (developerWorks)
  • Next Generation POSIX Threads project (developerWorks)
  • OpenAFS project (OpenAFS.org)
  • Samba patch (developerWorks)
  • Standards Based Linux Instrumentation for Manageability project (developerWorks)
  • System Configurator, System Installer, System Imager and System Installation Suite projects (SourceForge)
• Take our free JFS fundamentals tutorial.
• Check out more Linux resources and more Open source resources on developerWorks.

About the author
Maya Stodte, previously a contributing writer and editor for developerWorks, is now working as a freelancer. She can be reached at mstodte@yahoo.com.

Copyright 2001