LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Security page

Recent Features

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

LWN.net Weekly Edition for January 26, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Unique Preventative IDS for Linux

[Posted June 4, 2002 by ris] 

From:	 "Diana Laverdure" <dlaverdure@reevescommunications.com>
To:	 <Letters@lwn.net>
Subject: Unique Preventative IDS for Linux
Date:	 Tue, 4 Jun 2002 11:10:00 -0700

Preventive Security
By Scott Wimer; Chief Technology Officer of Cylant
Each year more money is spent on information systems security, and each
year there are more incidents, more losses, and greater average losses.
Security spending, vulnerabilities, attacks, and related losses were at
record highs in 2001. This year is expected to be worse.

It should be obvious that the data security industry is missing something
critical when it comes to reigning in the losses caused by security
incidents. The potential for hundreds of thousands of systems to be
compromised literally overnight is a systemic failure that must be
corrected.

The increased reliance on the Internet and other networked systems makes 
developing a real and workable preventive solution for computer security 
an economic necessity. A security process that can keep systems secure 
in spite of their vulnerabilities is becoming a necessity. The current 
vulnerability-driven security process is just not up to the challenge.

Human Errors Create Security Holes
It's a basic fact: Mistakes are inevitable. People make mistakes when 
they design, write, install, configure, and use software.

The engineers who design mechanical systems assume that defects will 
exist and design products accordingly. Software engineers, on the other 
hand, seem to assume that the software they produce will be 100 percent 
defect free, installed perfectly by customers, and used precisely 
according to the manual. In reality software:

  1.. Contains design and implementation defects.
  b.. Is often installed incorrectly.
  c.. Is used in ways unexpected by the designers.
  d.. Is subject to malicious use.
The total number of defects in a given piece of software is unknown. 
Some of these defects lie dormant for the entire life of the application 
and never become security, reliability, or availability problems. Other 
defects are discovered and the security vulnerabilities they cause 
immediately become growing sources of risk. Each defect has the 
potential to become a problem, but only if the defect is actually 
encountered.

The recent vulnerabilities with OpenSSH software demonstrate that even 
intensive auditing cannot necessarily root out all the defects from 
software. As software systems become larger and more complex, intensive 
auditing becomes more expensive and more difficult. Software audits 
simply cannot be relied upon to find all of the security vulnerabilities 
in any given system.

Making the situation worse, unforeseen software usage by legitimate 
users and malicious attackers can cause programs to execute through 
defects that had previously lain dormant. These unexpected execution 
paths are an inconvenience for the innocent user, but a gold mine for 
the vulnerability seeker.

The increased usage of network software systems and the rapid 
time-to-market schedules demanded by businesses have caused a dramatic 
increase in the number of vulnerabilities discovered and security 
incidents that occur each year. In just the past two years these numbers 
have doubled, according to CERT. Because it is highly unlikely that the 
trend toward inter-networked systems will halt or even slow, or that the 
market pressures on software manufacturers will subside, preventive 
security has become a must for those who need to reduce their security 
risk exposure.

Preventive Security Techniques
The preventive security techniques discussed in this paper flow from the 
following axiom: If you can't or don't control a system, you cannot 
secure it. Put simply, security comes from control. Therefore, 
preventive security requires giving administrators real control over 
computer systems. If the administrator cannot prevent people from 
running malicious code or tampering with data, their systems will not be 
secure.

Preventive security techniques are subject to some a priori limitations 
and conditions. The methodologies for preventive security need to meet 
the following requirements:

  1.. Techniques must prevent attempted breaches from succeeding.
  b.. Techniques must be implementable.
  c.. Techniques must be manageable.
  d.. Techniques should err on the side of caution.
Since the purpose of preventive security is to prevent breaches, that is 
naturally a mandatory requirement. This requirement brings with it 
certain challenges that have historically been hard to overcome. First, 
the technologies we use must be able to spot attempted breaches in real 
time.

These breaches must be spotted whether they are a previously known 
breach, or a completely new type. Second, these attempts must be stopped 
before they succeed. Finally, the technologies must be accurate. False 
negatives (failing to spot an attack) and false positives (spotting an 
attack where there is none) must not occur or occur very rarely.

Stopping attacks before they are able to succeed requires machine-time 
response. It is not feasible to place a human in the response loop 
because they simply cannot be relied upon to respond in less than a 
second to each and every attempt. Human involvement is for oversight and 
fine-tuning automated responses to ensure conformity with the security 
policy.

Providing this level of protection must not have a substantive impact on 
the performance, reliability, and availability of the services being 
protected. The techniques chosen or developed must be capable of being 
implemented without affecting proper system and service usage.

Further, the protection must be easy to manage. IT departments need to 
be able to integrate preventive security management into the standard 
network and system administrative tasks. Currently, security 
administration is an irregular and unpredictable task relative to normal 
administration. This is one of the major reasons security is not kept up 
to date - updates cannot be scheduled because outside entities dictate 
the schedule by finding vulnerabilities, attacking systems, and 
releasing patches.

Preventive security management must be just another routine 
administrative task similar to adding a new authorized user to the 
authentication system, installing new software, rolling out a new 
service, or updating a currently installed software package to get the 
latest features.

Finally, the techniques used should err on the side of caution. Many 
security holes exist because people temporarily adopt insecure practices 
and then forget to close the holes. Computers are very good at 
remembering to do things, and sealing up temporary holes is a good thing 
to remember to do. Even better would be having the ability to create 
tightly constrained temporary holes that close automatically. The 
continual goal should be to prevent attempted security breaches from 
succeeding.

Human and Technological Aspects
Preventive security techniques rely on both human and technological 
components. The division of labor needs to reflect the strengths of 
each.

There are three principal human aspects of preventive security: 
authorization, policy creation, and management. Authorization determines 
who is allowed to use a given set of resources, as well as the nature of 
the allowed usage. Creating a useful security policy is also a uniquely 
human task. The security policy must set forth what activity is allowed 
and what activity is not allowed. It should do this at a granularity 
level that makes the implementation of the policy as decision-free as 
possible. The more direct the mapping from the policy to its 
implementation, the lower the likelihood for implementation mistakes and 
the easier it will be to identify implementation mistakes. The final 
human component is the routine management of the technological 
components of preventive security.

There are three technological components to preventive security: 
authentication, behavioral control, and access control. Each of these 
components implements a type of control over the behavior of the system. 


Control is the driving principle of preventive security. Authentication 
controls system access so that only those persons granted authorization 
are allowed in. Behavioral control governs what the authorized and 
authenticated users are allowed to do on a system once they are logged 
in. Behavioral control constrains execution and system usage behavior so 
that it stays within the approved behavior set defined by the security 
policy. Access control governs the visibility and mutability of data 
resources throughout the system and the network. Access control 
constrains the usage of data by the authenticated users of a system in 
accordance with the security policy.

By working together, the three technological aspects of preventive 
security are able to control and constrain the activity of the system. 
For example, the resources (files) used in the authentication process 
must be protected. Access control provides this protection. The actual 
process of authentication itself is protected by behavioral control, 
making sure that the authentication processes execute properly.

Authentication, in turn, controls who can update and change the access 
and behavioral control systems.

The assignment of trust and authorization governs the control 
implemented by the technological aspects of preventive security. People 
define the security policy and decide who the authorized users of the 
system are. The technical components provide the mechanisms to enforce 
the policy and authorization decisions.

Organized Around Four Activities
The implementation of preventive security breaks down into four 
iterative tasks. First, the security policy must be established and kept 
up to date. In preventive security, the security policy is meant to be a 
meaningful document. It should set forth the precise levels of access 
and behavior required for authorized users to perform legitimate tasks. 
It should also define the usage to which systems will be constrained.

Instead of sitting on a shelf being pleasantly ignored, the security 
policy should be actively enforced and updated as the authorized usage 
of the system changes.

Second, decisions must be made about allowing people and systems access 
to resources and which resources they will be allowed to access. These 
authorization decisions need to be revisited at predictable intervals 
such as when people are hired or fired, when their tasks change, when 
new outsourcing vendors are chosen, and when new internal or external 
services are rolled out.

Behavioral and access control constraints tend to need to be updated 
together at predictable intervals: when new applications or services are 
deployed, when new versions of applications are deployed, or when an 
application's legitimate usage changes. These events correspond with the 
events that require updating the detailed security policy. In fact, 
successful behavioral and access control techniques should be able to 
assist in the creation of a fine-grained security policy by auditing the 
accesses and behaviors needed in the course of authorized usage.

The work aspects of preventive security are driven by the activities of 
the organization. Preventive security for an organization that is 
routinely deploying new software and rolling out new services will 
require more work than would be necessary for an organization that does 
not deploy new services and software as often. Contrast this with 
current approaches to security that are driven by the frequency of 
vulnerability discoveries, frequency and type of attacks, and the time 
lag for releasing vulnerability patches. One of the main goals of 
preventive security is making certain that the relevant events are under 
your control, rather than being controlled by external entities of 
dubious intent.

One of the advantages of this approach is that organizations are able to 
accurately predict what their security workload will be at any given 
time. Such predictability should make security work boring for security 
professionals: No tracking down attackers, studying packet dumps for 
attack analysis, or all-night software patch fests. Boring is good for 
CEOs and CFOs.

Conclusion
Preventive security presents a different security process. Instead of 
being driven by vulnerabilities, preventive security is driven by 
legitimate changes in system usage. Because of this, preventive security 
techniques can keep systems secure in spite of vulnerabilities. That is 
crucial, because as long as people produce software, they will continue 
to make mistakes in the process. As the level of interconnectivity 
between computers, businesses, clients, customers, and partners grows, 
the need for a truly secure computing platform will only increase.

Scott Wimer is Chief Technology Officer of Cylant, a division of 
Software Systems International The company is the developer of 
CylantSecure, a Linux host-based intrusion detection software product 
that takes a proactive, rather than reactive, approach to security. 
Through behavioral measurement, CylantSecure is able to detect malicious 
activity in real time and control the operation of the software to 
report and immediately stop any aberrant behavior.

He has worked on the design and implementation of core components of the 
CylantSecure systems. He has established the framework of Preventative 
Security and worked to define how behavioral control relates to the 
field of security. Scott can be reached at scottw@cylant.com.

Diana Laverdure
Reeves Communications, Inc.
561-391-8717
dlaverdure@reevescommunications.com
www.reevescommunications.com
(Log in to post comments)

All Fluff

Posted Jun 4, 2002 22:11 UTC (Tue) by AnswerGuy (guest, #1256) [Link]

This article isn't about Linux, and hasn't got one practical tip, link, code or configuration excerpt. It reads like a college freshman's essay on "what is wrong with computer security today."

The terms in the headline "Unique" and "IDS" (intrusion detection system) are mistaken here. There is nothing unique in the article and it has almost nothing to do with IDS since it talks almost exlusively about policies and (human/management) procedures.

I hate to be harsh, but what's this doing on LWN?

All Fluff

Posted Jun 5, 2002 13:16 UTC (Wed) by Shamgar (guest, #1356) [Link]

I have to agree. I've seen a fair bit of this posturing lately, and it is getting rather old. We all know there are problems with the current security model, but it doesn't help anyone to just describe the problem another way and call it a solution. This was a tremendous waste of my time.

Re: All Fluff

Posted Jun 6, 2002 16:07 UTC (Thu) by DeletedUser1598 ((unknown), #1598) [Link]

AnswerGuy,

Scott Wimer here. I must appologize, this article was never meant for distribution into highly technical audiences. Its only purpose is to get management and budget folks looking at security as a cost area that they can control, rather than the cyclic cost center it is right now for them.

Because of its intended audience, I was forced to adopt a completely vendor neutral position in the article. This meant that it would be pretty well useless for technical people looking for ways to do these things unless they were already familiar with such tools. (In which case the article's only benefit for them would be something they might show upper management to say, "See, other people think that this is the right way to go about security too.")

Here's a quick listing of the tools that I see being useful in each of these areas for the Linux platform. The weak spot in my knowledge of these is the authentication methods. I've not spent much time looking at that area, because it seems like a problem that has already been more or less solved. You'll note that the listing below reflects a host-centric view of security. 

1. Authentication
1.1  Strong passwords
1.1.1  crack
1.1.2  John the ripper
1.2  Password expiration
1.2.1  (Is there a PAM module that does this?)

2.  Access Control
2.1  Firewalls
2.1.1  Netfilter, IP chains
2.1.2  Checkpoint's Firewall 1
2.1.3  Nokia
2.1.4  (Other commercial firewalls for Linux.)
2.2  Encryption
2.2.1  GPG
2.2.1  PGP
2.3  Mandatory Access Control Lists
2.3.1  Gresecurity
2.3.2  LIDS
3.3.3  SELinux
3.3.4  LOMAC

3.  Behavioral Control
3.1  CylantSecure
3.2  SPADE for Snort (not really host based, but could be used that way)
3.3  Calvin Ko's generic wrappers.

These tools provide practical methods for implementing the ideas of preventative security.

That's probably a whole lot quicker to read, and a whole lot more useful for this audience, but I suspect you can see why it's pretty useless for management folks.

Regards,
scottwimer

Re: All Fluff

Posted Jun 6, 2002 17:51 UTC (Thu) by Shamgar (guest, #1356) [Link]

I think your primary problem came from the title. In the future, I'd encourage you to choose something more reflective of the content so that reader expectations fall in line with what you are actually going to give them.

If, for example, you'd described it the way you did in this post I'd have read it with a completely different mindset and would not have been disappointed. ;-)

Re: All Fluff

Posted Jun 6, 2002 20:28 UTC (Thu) by DeletedUser1598 ((unknown), #1598) [Link]

Shamgar,

I didn't post the article. :( Our PR agency did. And, quite frankly, the title threw me a bit when I saw it this morning.

We work with a PR agency because, well, the process of getting in touch with news agencies is well outside of our internal strengths.

I didn't let our PR agency know the general types of audiences that the paper is structured to reach. That is something that I have addressed today.

Regards,
scottwimer

Re: All Fluff

Posted Jun 6, 2002 20:57 UTC (Thu) by AnswerGuy (guest, #1256) [Link]

Scott, I appreciate your candor, and the fact that you were alert enough post a follow-up to my comments. I can appreciate that this was a press release that was intended or a non-technical audience, and that it's publication here was inappropriate. As a fairly well know Linux sysadmin, writer, teacher and consultant I can comment on the technical points that you've made with some confidence. You're also welcome to contact me offline if you'd like to engage in a more detailed discussion about the specifics of Linux security. I'm JimD at http://www.starshine.org

While strong passwords are still a fundamental of "best practice" they haven't been the primary cause of intrusions on Linux systems. The most common intrusion vectors continue to be exploitable software bugs in privileged code (mostly in network service daemons). These days it seems that BIND has taken the top spot from sendmail for being most frequently exploited. There are a few PAM modules that can be used to enforce password strength policies (especially while passwords are being set or changed). We could probably write some additional ones.

Password expiry schemes are largely irrelevant to normal security --- they alienate users without measurable benefit and I've routinely seen users go to great lengths to "trick" the expiry and tracking software into allowing them to repeatedly re-use "their" passwords; or they'll be forced to write down their password and store it "in a safe place" because the expiry of a password always occurs when the user is busy with their real work.

By far the greatest risk in user/account passwords today is simply in the sheer number of them that are required by moderately active computer users. For example, consider the password you used to log into this site and post your response; was it strong and completely unique or did you use a variant of some other password from one of your other accounts? [I'll admit that I use similar passwords for most of my "public web" personae --- from here, and slashdot and my subscription account on The Wall Street Journal.] Passwords being shared among accounts in different administrative domains is the primary modern threat to their integrity. A cracker who gets into LWN or slashdot's web servers can gain usernames, passwords and IP addresses with which they are VERY LIKELY to compromise a statistically significant number of other accounts, from which they can glean more info.

This problem is inherent in allowing user selection of passwords.

Unfortunately it may be the case that no human usable passwords will be sufficient in the near future. I'm not going to suggest alternatives in this forum. Suffice it to say that we need to look beyond passwords for the authentication models of the future. For the present we probably needn't focus much on password security --- other than an ongoing effort to educate users and provide some minimal enforcement on pass phrase strength.

Regarding firewalls: iptables is sufficient for most applications. I don't see advantages to the commercial offerings in this arena. The major issue here is that most users in most organizations today are not willing to tolerate uniform, strict use of application layer proxies. They want to "browse" the web and they don't want to hear that Javascript this and Java that, and various plug-ins, etc are not supported through a given organization's firewall. The easiest way through a firewall is to have one of the authorized users on the inside pop open the door and drag the miscreant code in.

A better approach would be to isolate the public browsing from the local intranet applications use --- so there's a quarantine. Basically any attempt to access "outside" sites should bring up a browser that's running remotely on a sacrificial system; such that a compromise of the sacrificial system doesn't constitute any access to the internal workstations or servers. Unfortunately nobody seems to even be attempting this approach. Simple identity based authorization systems (UNIX/Linux, NT/W2K, VMS and Netware, etc) are arguably not going to protect our systems from a subverted program or "socially engineered" user.

Regarding Encryption: Where would we start! The biggest problem with PGP and GNUPG is that no one is using them. There is no corporate buy-in. If a number of major corporations and/or government agencies instituted a policy that all "official" e-mail from all of their employees was to be GPG signed, and added a support mechanism (e.g. a webservice application) for verifying the keys of their employees; then we'd have a chance. As it is, only a few dedicated cybergeeks and cryptopunks even have GPG keys and usage among them is spotty at best.

Add to that the problem posed by other media. For example, how would I sign this posting? How would you verify my signature on it? It may seem like a spurious example, but consider that an ever increasing amount of our WORK (real work, as it our jobs) is done through web forms. SSL client certificates are not nearly as widespread nor nearly as easy to use as GPG/PGP keys; and the key management for SSL client certs is abysmal. [A promising idea was to have local browsers configured to connect to local daemon proxies --- have the local proxy act as the SSL engine and certificate "wallet" or agent; so that all browsers in use by a given user would share the same keys, this might be extended for cases where users are "apartmented" at different workstations from day to day].

Regarding MACs: The various patches you mention (LIDS, GRsecurity, et al) are interesting. There are several others (like Samhain, and Medusa DS9). None of them is provided in major mainstream Linux distributions. This relegates them to use by dedicated security geeks and dilletante nerds (such as I am). Eventually some of them or some of their features will be available (probably as options) in some future version of Red Hat, S.u.S.E. etc. (Several of these are partially available as Debian packages, though there isn't an initial installation option for them and they aren't fully integrated with the rest of the distribution. It is more likely that LIDS or GRsecurity will find use in specialized, dedicated server bundles --- not general purpose distributions. However, most companies show a decided preference to use GP distributions (often "standardizing" on Red Hat) due to management (rather than purely technical) concerns.

It seems likely that Linux 2.6 (the kernel) will include filesystem ACL support. This will probably be touted as a great boon for Linux security. Unfortunately support for ACLs has not been shown to have any benefit to overall system security. The fact is that most compromises involve a subverted user or process --- that user or process then has access to ALL resources of the associated UID; making ACLs irrelevant. However ACLs do signficantly increase administrative complexity and further increase the probability that hurried and harried sysadmins will apply blanket permissions grants for expediency. Auditing ACL based systems is about an order of magnitude more difficult than auditing a system in which filesystem level ACLs are not used.

You mention Snort in passing, I'll take that as a reference to IDS (host and network) and just say that Snort is only as good as your isolation and host policy definitions. For example, if you have a system which is supposed to be a dedicated NTP/DNS server then you want to create a Snort rule to alert you any time ANY traffic other than NTP (from specific time server peers) and DNS and (possibly) SSH (from VERY specific administrative hosts) is seen going to or coming from that server. If you add an SNMP agent to that server, you have to update your Snort rules with the appropriate list of NMS addresses. Combining Snort rules with active countermeasures (forcing the system that's violating policy to shutdown through a remote power switch, etc) must be done with extreme caution (if it is to be done at all). Whenever one considers automated countermeasures one must also consider how they might be used for a DoS (denial of service) or how they might be misdirected and used as a weapon to attack an innocent bystander.

For host file integrity management I'd recommend AIDE (the free re-implementation of tripwire). I'd also recommend installing one additional one from among many that are available (or writing a small custom one in Python, PERL or C). Samhain also has a very nice file integrity system. For critical servers I suggest two different ones; statically linked. (Belts and suspenders, not two belts, and not two pairs of suspenders; diversity is required).

By far my favorite file integrity system is a write-protected backup tape containing a comprehensive tar of the system, and an LNX-BBC (bootable business card) or Tom's Root/Boot (floppy). tar dzf /dev/st0 is my friend.

The problem with security under Linux is NOT a dearth of tools or features. The major problem is that there are way too few people who have the compination of time, training and inclination/motivation to configure their systems, monitor them and keep them up-to-date.

In this sense I understand that your article is attempting to address the problem by appealing to the people who set policies and provide the funding and management that is ultimately needed. I quibble with your comments about security being about "control" (I like to say that security is the enforcement of policy; policies are requirements that relate to the availability, confidentiality, and/or the integrity of computing resources; and that all security efforts must be cast in the context of a greater risk analysis and recovery planning effort). However, I understand what you're trying to do.

(Of course I also understand that you want these managers to purchase Cylant products and services).

Re: All Fluff

Posted Jun 6, 2002 22:11 UTC (Thu) by DeletedUser1598 ((unknown), #1598) [Link]

Hello Jim,

I appreciate the time you've taken in formulating your responses to my comments.

About authentication in general...
I don't bring this up as a particular problem area, but rather as an area that must be done "right" in order to have securable systems. Individual users might screw up and impinge the security of the system, but without the mechanisms in place and some formal policy stating that they're going to be followed, the box is not very securable.

Firewalls...
I don't know that I have a good handle on the benefits of commercial firewalls vs. their open source brethren. My suspicion is that the benefits fall into the areas of managebility by "C" or "B" level staff rather than "A" level staff. Beyond that, maybe it's just that budget people want to have a company that they can blame when things break.

Encryption...
In my own experience, I've found that GPG is enough extra work to use, that I just don't endup using it as often as I should. I could probably institute a policy here that would for me to, but I doubt that I'll do that any time soon. Human laziness simply isn't working for me here. :(

MAC...
I think that an older version of Grsecurity was included in a Mandrake distribution not to far back. But yes, the fact that some form of MAC (beyond just file access control) is not a default feature doesn't help. The subverted user or process method of getting around ACLs is why behavioral control is a key component of creating securable systems. The difficulty of actually using strict MACs without just creating blanket holes is, in my opinion, the reason for their scarcity despite their age and the protection they can provide.

More MAC...
I guess this is a shameless plug, but it's for open sourced code, so I don't feel to bad about it. We are working with Michael and Brad of the Grsecurity.net project to make the ACL system self training. Well, sort of self training, as the admin you have to tell it when to start and stop training. This provides for a much simpler way to create ACL rules that have only the necessary holes in them, and ensure that those holes are no bigger than absolutely necessary. We're currently running this code in house shaking some of the last bugs out of it before its beta release. Information about this will be carried at www.grsecurity.net and at www.cylant.com.

File integrity...
This is an area where I have mixed and conflicting feelings. On the one hand, file integrety checkers can be a tremendous boon when an attacker manages to subvert the security mechanisms in place on a server. On the other hand, if the security mechanisms weren't so frail and blindsidable as they are today, this wouldn't be nearly the issue it is. Mostly, I like the fresh-backup on a CD or a spare off-line disk method myself.

Behavioral control...
This is the one area that you didn't address. It also happens to be the area that I see most security and comp sci folks ignore, but the area that engineers and accountants look at first. I think this has to do with the education we get in the security and comp sci disciplines, but I'm not sure. Behavioral control speaks to monitoring application execution looking for deviances from its normal execution activity. There are a variety of ways to do this, some are really slow, others aren't, some don't work very well, others do.

Security seen as control...
We tend to look at security as control because of the following: If you can control the resources a process can access, and if you can control the execution behavior of that process, and if you can control who is allowed to run that process, you've got a handle on security. But, if you can't do even one of those things, then attackers, internal or external, can do things your security policy probably doesn't allow. Control is where the rubber meets the road. Control is not forensics, its purpose is to prevent undesirable situations, not generate reports about their damage level and outcome.

Naturally we'd like people to use our software where it's applicable. But, we also recognize that we don't build tools or offer services across the three areas of preventative security. To a certain extent, we're not really interested in doing so. We're moving into the MAC area simply because it makes sense for that to integrate with our current product. We're also giving it away for free too, since that seems to be the smartest thing to do in that case.

Regards,
scottwimer

Copyright © 2002, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds