Upgrading SuSE 9.0

From: JPB (news{_at_}europa{.}demon{.}co{.}uk)
Date: 01/21/05 

Date: Fri, 21 Jan 2005 02:03:21 +0000

I was thinking about switching away from SuSE, and going over to MEPIS
instead as my primary installation. But for a couple of reasons I didn't
get round to doing it, and then I looked at my existing SuSE 9.0 Personal
which already did 95% of what I wanted, and wondered what it would take to
add the last 5%.

I have a DVD with SuSE 9.1 Pro on it that I might use sometime, but again
I'm in no hurry to bother about using that yet, when 9.0 was nearly all
what I want from my computer, and some of what I want I'd have to tailor
SuSE 9.1 or 9.2 to do anyway. I was encouraged by the appearance of the 9.2
DVD ISO for download, however, as although I don't have a DVD writer I only
want to stay with SuSE if Novell keeps producing consumer versions, and
doesn't go Red Hat on us.

There were several things I added or tweaked:

Added Firefox browser, thanks to a pointer from this group:
http://mirrors.mathematik.uni-bielefeld.de
/pub/linux/suse/projects/mozilla/firefox/1.0
and it nicely imported my Mozilla defaults. Definitely a cracking browser!

Removed RealPlayer8, which used to work with some sites, but doesn't now,
and added RealPlayer10:
http://www.real.com/linux/
using the RPM package. When run, it set itself up as a plug-in for Mozilla
nicely, but not for Firefox, I had to figure out where to put a copy of the
plug-in for Firefox to pick it up. Once I had that, then streaming video
from the internet started working seamlessly from within Firefox and
Mozilla, e.g. from CBS news and BBC news.

Removed limited version xine-lib and replaced it, and added libdvdcss2 and
w32codec-all for good measure:
http://packman.links2linux.org/?action=124
This was this most awkward piece, since there were a couple of dependencies
to resolve. I also removed Kaffeine and Totem, as I'd found Kaffeine
sometimes a little flaky, and though I haven't used Totem, when I tried
xine-ui with MEPIS I found it really comfortable to use, so I installed
that. DVD playback was initially a little patchy, and xine complained about
the frame drop rate. On running xine-check, as it suggested, it complained
that DMA was not enabled, and suggested a hdparm command to rectify it.
That worked, but I found that I could enable DMA for the drive from YaST,
so I did that as a permanent solution rather than put the hdparm command
into a startup script.

Yay! Perfectly working DVD playback!

Next up I wanted to enable a firewall, and lock down my system more
effectively than it has been. So I added the Guarddog firewall
configuration program, again from packman:
http://packman.links2linux.org/?action=402
I know SuSE comes with a firewall, but when I looked at it I didn't really
understand what I was doing with it, probably I'm a bit slow :-), and I
always think that it's no good trying to implement security if you're not
confident about what you're doing. When I tried Guarddog on MEPIS, for the
first time I could see and understand what I was doing, so I wanted it!

To verify my setup, I used the Shields Up! scanner at:
http://www.grc.com/
My aim was first to ensure that my system had everything not required
unavailable without the firewall, and then to ensure on top of that the
firewall only permitted traffic which I expected to be using. Scanning with
no firewall enabled showed all ports closed, except for three which were
open:
Port 22, SSH
Port 111, Sun RPC call
Port 631, IPP printing
Hmm - didn't entirely realise what was open before I did it, and I'm not
sure I want SSHD running or remote procedure calls being possible unless I
actually want to do something that might rely on it. With a little
investigation, I found that I could turn the sshd and portmap services off
in the YaST runlevel editor, after which port 22 and port 111 showed as
closed. Port 631 looks like it relates to CUPS, which I do use locally, so
I didn't want to disable the service altogether.

Having done that, I ran Guarddog, and enabled those incoming and outgoing
services that I actually use (not all that many of them), which I found
very easy to do. With that done, rescanning with Shields Up! showed a
perfect pass, all ports stealthed and not detected. Everything I use still
works, so until I think of something else, I've run out of things to do to
secure the system.

On we go. Yet another bit of extra software I wanted was bit-torrent, which
I sometimes find useful. That came from:
ftp://ftp.gwdg.de/pub/linux/suse/apt/SuSE/9.0-i386/RPMS.suser-gbv/
Also necessary was to add a couple of GTK packages, which was
straightforward enough from the SuSE ftp server.

Annoyingly, it would initially nag asking for a donation, which I don't mind
in itself, but it made a pig's ear of marking itself done by trying to
write an empty document as /usr/bin/donated, which of course it didn't have
permission to write. Hmmm - something to watch out for. Bit-torrent might
be OK, but we don't want to see spyware or trojans arriving in future along
this sort of route. Anyway, after all of which I had working
bit-torrent :-)

I also wanted Quanta +, from the SuSE ftp server, which I'd come across and
really liked, as it reminded of Cold Fusion Studio that I'd used before and
liked. Having that might help motivate me to revamp my website, as I
haven't updated that for far too long.

After all that, I think I've got a system with everything I want on it the
way I want it, hopefully for the next year or more. If I was installing
from scratch sometime in the future, likely I'd go for a Debian-based
system, as I think there's nothing to touch apt-get, but I probably don't
need to think about that now for quite a while. In any case, it was an
interesting journey, and I feel a lot more confident about managing my
system than I did when I started.

One other thing I'd definitely do would be to make sure I put my /home/
directory on its own partition, but I didn't know that when I first
installed SuSE, and for now I still have a dual boot system with Windows,
which means I have both an NTFS and a FAT partition to fit in as well.

Perhaps with Wine I might be able to eliminate Windows altogether, or simply
sign up with Transgaming for Cedega, which might well do everything I need. 

-- 
JPB

Relevant Pages

  • [SLE] Bug and Request: SuseFirewall2 for Suse 10.1
    ... As suse promote to be: ... testing suse firewall 2 which come from suse 10.1: ... user can entry redirect port, ... feature to reset all configuration to default ...
    (SuSE)
  • Re: What is the best way to monitor and prevent port scans?
    ... > MS Windows XP on one HD and SuSE 9.0 on another HD. ... > In windows XP I experience a lot of port scans and the firewall I use ... > (Sygate Firewall Pro) alerts that ports are being scanned. ...
    (alt.os.linux.suse)
  • Re: What is the best way to monitor and prevent port scans?
    ... > MS Windows XP on one HD and SuSE 9.0 on another HD. ... > In windows XP I experience a lot of port scans and the firewall I use ... > (Sygate Firewall Pro) alerts that ports are being scanned. ... > but cannot monitor any action happening in the background. ...
    (alt.os.linux.suse)
  • 10.2 firewall - newby
    ... I have Samba Server and Client installed on the SUSE box and I can access the shared folders on all of the Windows systems and on the network drive - just so long as the SUSE Firewall is disabled. ... I've experimented with the firewall settings with no luck - my Windows firewalls simply throw up warnings and let me select "permit" and automatically set a rule. ... Unrelated to the above and for any newbie suffering similar installation problems to me, I was getting a stall just after the opening options screen with a magazine cover DVD although a live distro worked fine. ...
    (alt.os.linux.suse)
  • Re: [SLE] printer loss [susepro 9.1]
    ... > I found that I had added port 631 to the firewall and the ... What does the command kcmshell printmgr show? ... required that you set a cups admin passwd with lppasswd -g sys root in ... UNIX since 1989, linux since 1994, SuSE since 1998 ...
    (SuSE)