Exploring Security Testing Tools

Many automated tools are available to perform security testing. Some of these tools are meant for finding the open ports on every system in a range of IP addresses. Others look for the vulnerabilities associated with open ports. Yet other tools can capture (or sniff) those weaknesses and help you analyze them so you can glean useful information about what's going on in your network. You can browse a list of the top 75 security tools (based on an informal poll of nmap users) at www.insecure.org...

Using the RPM commands

When you install Fedora Core from the companion DVD-ROMs, the Fedora Core installer uses the rpm command to unpack the packages (RPM files) and to copy the contents to your hard drive. You don't have to understand the internal structure of an RPM file, but you need to know how to use the rpm command to work with RPM files. Here are some of the things you can do with the rpm command Find out the version numbers and other information about the RPMs installed on your system. Install a new software...

Setting up Writer

You don't really have to do any special setup to start using Writer. Even tasks such as printing work right away provided you set up a printer using the steps I describe in Book I, Chapter 3. Some settings, however, you may want to tinker with so that Writer works to your liking. For example, you may want to turn off AutoCorrect so that it doesn't suggest word completion, or you may want to hide some toolbars to get more workspace. You can set up most of these options from the View and Tools...

Other sendmail files

The etc mail directory contains other files that sendmail uses. These files are referenced in the sendmail configuration file, etc mail sendmail.cf. For example, here's how you can search for the etc mail string in the etc mail sendmail.cf file grep etc mail etc mail sendmail.cf Here's what the grep command displays as a result of the search on my Fedora Core system Fw etc mail local-host-names FR-o etc mail relay-domains Kmailertable hash -o etc mail mailertable.db Kvirtuser hash -o etc mail...

Understanding the GUI startup

The graphical login screen starts at run level 5. When the i nit process starts up the system at run level 5, the last line of the etc inittab file causes i nit to start the graphical login process. Here's what the last line in the etc inittab file looks like (the number 5 denotes run level 5) x 5 respawn etc X11 prefdm -nodaemon This line causes i nit to run etc X11 prefdm, a shell script that starts a specific display manager gdm, kdm, or xdm depending on the setting of a variable named...

The maildelivery mechanism

On an Internet host, the sendmail mail-transport agent delivers mail using the Simple Mail Transfer Protocol (SMTP). SMTP-based mail-transport agents listen to the TCP port 25 and use a small set of text commands to exchange information with other mail-transport agents. In fact, SMTP commands are simple enough that you can use them manually from a terminal to send a mail message. The following example shows how I use SMTP commands to send a mail message to my account on the Fedora Core PC from...

Configuring CHAP and PAP authentication

The PPP server on your system has to authenticate itself to the ISP's PPP server before the PPP connection can get fully up and running. Authentication requires proving that you have a valid account with the ISP essentially providing a username and a secret (that is, a password). PPP specifies two ways of exchanging the authentication information between the two ends of the connection Challenge Handshake Authentication Protocol (CHAP) requires the remote end to send a randomly generated...

Index 839

USB support, 510-511 warning, 501 creating initial RAM disk files, 514-515 defined, 496 installing configured modules, 514 installing kernel-source RPMs, 496 linking device drivers into modular kernels, 497 overview, 493 phases in, 497 proving new kernel running, 517 reasons for, 496 rebooting system after, 517 515-517 warning, 517 recurring jobs, 421-424 Red Hat Enterprise Linux (RHEL) product line, 1, 12 Red Hat home page, 359 Red Hat Linux product line, 1, 9. See also Fedora Core Linux Red...

Setting Up Printers

The Fedora Core installer does not include a printer configuration step, but you can easily configure a printer from a graphical utility program. To set up printers, follow these steps 1. From the graphical login screen, log in as root. If you're not logged in as root, proceed to the next step and the printer configuration tool prompts you for the root password. 2. From the GNOME or KDE desktop, choose Main MenuO System SettingsOPrinting. The printer configuration tool is called...

Managing USB Devices

Fedora Core comes with built-in support for the Universal Serial Bus (USB) a serial bus that's gradually replacing the functionality of the PC's serial and parallel ports, as well as that of the keyboard and mouse ports. Nowadays, many PC peripherals such as mouse, keyboard, printer, CD burner, scanner, modem, digital camera, memory card, and so on are designed to connect to the PC through a USB port. USB version 1.1 supports data-transfer rates as high as 12 Mbps 12 million bits per second or...

Using the vmstat utility

You can get summary information about the overall system usage with the vmstat utility. To view system usage information averaged over 5-second intervals, type the following command (the second argument indicates the total number of lines of output vmstat displays) You see output similar to the following listing The first line of output shows the averages since the last reboot. After that, vmstat displays the 5-second average data seven more times, covering the next 35 seconds. The tabular...

Is l

For the etc X11 directory, a typical output from Is -l looks like the following xkb -> usr X11R6 lib X11 xkb This listing shows considerable information about every directory entry each of which can be a file or another directory. Looking at a line from the right column to the left, you see that the rightmost column shows the name of the directory entry. The date and time before the name show when the last modifications to that file were made. To the left of the date and time is the size of...

File permissions

Key system files need to be protected with appropriate file ownerships and file permissions. The key procedures in assigning file-system ownerships and permissions are as follows Figure out which files contain sensitive information and why. Some files may contain sensitive data related to your work or business, whereas many other files are sensitive because they control the Fedora Core system configuration. Maintain a current list of authorized users and what they are authorized to do on the...

Configuring the xinetd server to disable services

In addition to standalone servers such as a Web server (httpd), mail (sendmail), and domain name server (named), you have to configure another server separately. That other server, xinetd (the Internet super server), starts a host of other Internet services, such as FTP, TELNET, and so on whenever a client makes a request over the network. The xinetd server includes some security features that you can use to disable the services that it can start on demand. The xinetd server reads a...

The GNU debugger

Although make automates the process of building a program, that part of programming is the least of your worries when a program doesn't work correctly or when a program suddenly quits with an error message. You need a debugger to find the cause of program errors. Fedora Core includes gdb the versatile GNU debugger with a command-line interface. Like any debugger, gdb lets you perform typical debugging tasks, such as the following Set the breakpoint so the program stops at a specified line....

Using the GNOME system monitor

Like the text mode top utility, the GNOME System Monitor tool also enables you to view the system load in terms of the number of currently running processes, their memory usage, and the free disk space on your system. To run the tool, select Main MenuOSystem ToolsOSystem Monitor. The tool starts and displays its output in a window, as shown in Figure 1-3. Process Listing Resource Monitor Process Listing Resource Monitor The output is similar to the output you see when you type top in a...

Processor type and features

This set of options (refer to Figure 6-2) is for setting the subarchitecture type, the processor family, and support for specific processor-related features. The Subarchitecture Type options enable you to select from different types of fundamental system designs that make use of the Intel x86 processor family but that may differ fundamentally from the well-known PC-compatible machines. Prior to version 2.6, the Linux kernel made an implicit assumption that the system's architecture was based on...

Index

Wildcards, 140-141 (brackets) as command wildcards, 140-141 (exclamation points) in repeating commands, 142 (question marks) as command wildcards, 140-141 10BaseT Ethernet, 301-302, 305-306. See also Ethernet 802.11x. See wireless Ethernet A (Address) resource records, 687, 688 absolute pathnames, 158 access points, 310 access-control directives in httpd.conf,631-634 accounts. See users ad-hoc mode in wireless Ethernet, 308 Add New Device Type window, 313-315 Add NFS Share dialog box, 699-700...

Repeating previously typed commands

To make repeating long commands easy for you, Bash stores up to 500 old commands. Bash keeps a command history (a list of old commands). To see the command history, type history. Bash displays a numbered list of the old commands, including those that you entered during previous logins. If the command list is too long, you can limit the number of old commands you want to see. To see only the most recent 10 commands, type this command To repeat a command from the list that the history command...

Using the linux noprobe Command

If the Fedora Core installer does not detect the SCSI controller or network card, you can specify these devices manually by typing linux noprobe at the boot prompt. To see whether the installer deleted the hardware, look for any indication of SCSI or network devices in the messages the Linux kernel displays as it boots. To view these messages during installation, press Ctrl+Alt+F4. The display switches to a text-mode virtual console on which the messages appear. (A virtual console is a screen...

Mount devcdrom mount mntcdrom

You can mount by specifying only the CD-ROM device name or the mount-point name because of what's in a file named etc fstab. A line is in the etc fstab file for the mnt cdrom mount point. That entry specifies the CD-ROM device name and the file-system type. That's why you can mount the CD-ROM with a shorter mount command. The etc fstab file is a configuration file a text file containing information that the mount and umount commands use. Each line in the etc fstab file provides information...

Using the Command Line FTP Client

Knowing how to use FTP from the command line is a good idea just in case. For example, your GUI desktop may not be working and to fix the problem, you may have to download some files. If you know how to use the command-line FTP client, you can download the files and take care of the problem. It's not that hard. The best way to learn the command-line FTP client is to try it out. The command is called ftp, and you can try out the ftp commands from your Fedora Core system. You don't even need any...

Sendmailmc file

The simple example in the preceding section gives you an idea of how m4 macros are defined and used to create configuration files such as the sendmail.cf file. You find many complex macros stored in files in the usr share sendmail-cf directory. A top-level macro file, sendmail.mc, described later in this section, brings in these macro files with the include macro (used to copy a file into the input stream). By defining its own set of high-level macros in files located in the usr share...

Using chkconfig command

The chkconfig program is a command-line utility for checking and updating the current setting of servers in Fedora Core. Various combinations of servers are set up to start automatically at different run levels. Each run level represents a system configuration in which a selected set of processes runs. You're usually concerned about run levels 3 and 5 because run level 3 is for textmode login and run level 5 is for logging in through a graphical interface. The chkconfig command is simple to...

Viewing files and folders

When you double-click a folder icon on the desktop, Konqueror starts automatically. For example, double-click the home icon in the upper-left corner of the KDE desktop. Konqueror runs and displays the contents of your home directory (think of a directory as a folder that can contain other files and folders). Figure 1-18 shows a typical user's home directory in Konqueror. If you have used Windows Explorer, you can use Konqueror in a similar manner. The Konqueror window is vertically divided into...

Checking network status

To check the status of the network, use the netstat command. This command displays the status of network connections of various types (such as TCP and UDP connections). You can view the status of the interfaces quickly with netstat -i, as follows Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1500 0 94237 0 0 1 74889 0 0 0 BMRU eth1 1500 0 3942 0 0 0 24 1 0 0 BMRU lo 16436 0 3255 0 0 0 3255 0 0 0 LRU In this case, the output shows the current status of the loopback...

Learning the mtools commands

The mtools package is a collection of utilities. So far, I have been using mdir the mtools counterpart of the DIR command in DOS. The other mtools commands are fairly easy to use. If you know MS-DOS commands, using the mtools commands is easy. Type the DOS command in lowercase letters, and remember to add m in front of each command. Because the Linux commands and filenames are case-sensitive, you must use all lowercase letters as you type mtools commands. Table 3-4 summarizes the commands...

The makefile

For a program made up of several source and header files, the makefile specifies the following The items that make creates usually the object files and the executable. Using the term target to refer to any item that make has to create is common. The files or other actions required to create the target. Which commands to execute to create each target. Suppose you have a C++ source file named form.C that contains the following preprocessor directive include form.h Include header file The object...

Connecting the modem

Modem is a contraction of modulator demodulator a device that converts digital signals (string of 1s and 0s) into continuously varying analog signals that transmit over telephone lines and radio waves. Thus, the modem is the intermediary between the digital world of the PC and the analog world of telephones. Figure 1-7 illustrates the concept of a modem. A modem bridges the digital world of PCs and the analog world of telephones. A modem bridges the digital world of PCs and the analog world of...

Connecting with a Cable Modem

Cable TV companies also offer high-speed Internet access over the same coaxial cable that carries television signals to your home. After the cable company installs the necessary equipment at its facility to send and receive digital data over the coaxial cables, customers can sign up for cable Internet service. You can then get high-speed Internet access over the same cable that delivers cable TV signals to your home. A box called a cable modem is at the heart of Internet access over the cable...

Typical cable modem setup

To set up cable modem access, your cable TV provider must offer highspeed Internet access. If the service is available, you can call to sign up. The cable companies often have promotional offers such as no installation fee or a reduced rate for three months. Look for these offers. If you are lucky, it may have a promotion going on just when you want to sign up. The installation is typically done by a technician, who splits your incoming cable into two one side goes to the TV and the other to...

Examining the etcinittab file

The etc inittab file is the key to understanding the processes that init starts at various run levels. You can look at the contents of the file by using the more command, as follows To see the contents of the etc inittab file with the more command, you don't have to log in as root. To interpret the contents of the etc inittab file, follow these steps 1. Look for the line that looks like this id 5 initdefault That line shows the default run level. In this case, it's 5. 2. Find all the lines that...

Understanding digital signatures

The purpose of digital or electronic signatures is the same as pen-and-ink signatures, but how you sign digitally is completely different. Unlike pen-and-ink signatures, your digital signature depends on the message you're signing. The first step in creating a digital signature is to apply a mathematical function on the message and reduce it to a fixed-size message digest (also called hash or a fingerprint). No matter how big your message is, the message digest is always around 128 or 160 bits,...

Using GUI text editors Working with the ed text editor Learning the vi text editor

n Fedora Core, most system-configuration files are text files. If you write any shell scripts or other computer programs, they're text files too. Sometimes you have to edit these files using programs designed for that purpose text editors. For example, you may need to edit files such as etc hosts, etc modprobe.conf, etc X11 xorg.conf, etc xinetd.d telnet, and many more. In this chapter, I introduce you to a few text editors both the GUI editors and text-mode editors.

Adding graphics and special effects

To jazz up your presentation, you may want to add graphics, charts, and other special effects to the slides. With Impress, you can do nearly everything you can think of all you have to decide is how many bells and whistles your presentation needs. It's your call, but I recommend using these features judiciously lest they detract from your presentation's main message. Making ntations v jnOffice.oi Impress If you want to add some simple drawings to the slide, you can pick from the drawing tools...

Using GUI Text Editors

Each of the GUI desktops GNOME and KDE comes with GUI text editors (text editors that have graphical user interfaces). To use the GNOME text editor, select Main MenuOAccessoriesOText Editor from the GNOME desktop. You can open a file by clicking the Open button on the toolbar, which brings up the Open File dialog box. You can then change directories and select the file to edit by clicking the OK button. The GNOME text editor then loads the file in its window. You can open more than one file and...

Sniffing network packets

Sniffing network packets sounds like something illegal, doesn't it Nothing like that. Sniffing simply refers to viewing the TCP IP network data packets. The concept is to capture all the network packets so you can examine them later. If you feel like sniffing TCP IP packets, you can use tcpdump, a command-line utility that comes with Fedora Core. As its name implies, it dumps (prints) the headers of TCP IP network packets. To use tcpdump, log in as root and type the tcpdump command in a...

Using styles and templates

In Writer, you can format pages, paragraphs, and blocks of text manually. For example, you can place the cursor in a paragraph, choose FormatOParagraph, and then format various characteristics of the paragraph (such as indentation, spacing, and borders). This paragraph-by-paragraph formatting is okay for a short document, but it can be tedious and time-consuming if you have to format hundreds of paragraphs one by one. A better approach is to define a style a collection of formatting...

DNS utility programs

You can use the DNS utility programs dig and host to try out DNS from the shell prompt interactively. These utility programs are DNS clients. You can use them to query the DNS database and debug any name server you may set up on your system. By default, these programs query the name server listed in your system's etc resolv.conf file. You can use dig, the Domain Internet Groper program, to look up IP addresses for a domain name or vice versa. For example, to look up the IP address of dig prints...

Using the top utility

To view the top CPU processes the ones that are using most of the CPU time you can use the text mode top utility. To start that utility, type top in a terminal window (or text console). The top utility then displays a text screen listing the current processes, arranged in the order of CPU usage, along with various other information, such as memory and swap-space usage. Figure 1-2 shows a typical output from the top utility. 0.0 ni, 9S.OJ6 id, 0.0* wa, 0.0 hi. 0.0* si You can see the top CPU...

Graphics and Imaging

You can use graphics and imaging applications to work with images and graphics (line drawings and shapes). I discuss two applications The GIMP (GNU Image Manipulation Program) is a program for viewing and performing image-manipulation tasks, such as photo retouching, image composition, and image creation. Gnome Ghostview (GGV) is a graphical application capable of displaying PostScript files. The GIMP (GNU Image Manipulation Program) is an image-manipulation program written by Peter Mattis and...

Calibrating delay loop 295731 BogoMIPS

BogoMIPS is Linux jargon (explained in this chapter in a handy sidebar) for a measure of time. The number that precedes BogoMIPS depends on your PC's processor speed, whether it's an old 200MHz Pentium or a new 4GHz Pentium 4. The kernel uses the BogoMIPS measurement when it has to wait a small amount of time for some event to occur (like getting a response back from a disk controller when it's ready). After the boot messages, Fedora Core switches to a graphical boot screen that shows...

Trying Out Simple Shell Scripts

If you are not a programmer, you may feel apprehensive about programming. But shell scripting (or programming) can be as simple as storing a few commands in a file. In fact, you can have a useful shell program that has a single command. While writing this book, for example, I captured screens from the X Window System and used the screen shots in figures. I used the X screen-capture program, xwd, to store the screen images in the X Window Dump (XWD) format. The book's production team, however,...

Editing and reviewing documents

To edit a document, you have to open the file, move around within the document, insert and delete text, and save the file. You can perform most of these tasks intuitively because these steps are similar in most word processors. For that reason, I don't discuss in detail how to perform each of these tasks. Instead, in the following paragraphs, I highlight just a couple of features that you'll find particularly useful in your work. Then, in Table 1-2, I provide a list of commonly used tasks and...

Following the Installation Steps

Installing Fedora Core involves a number of steps and I want to walk you through them briefly, without the details. Then you can follow the detailed steps and install Fedora Core from this book's companion DVD-ROM. The very first step is to make sure that your PC and its peripheral components are Linux-friendly and you can successfully install Fedora Core on the PC. Linux installation has come a long way from the old days when you had to manually load drivers for your specific brand of...

Loading and unloading modules

You can manage the loadable device driver modules by using a set of commands. You have to log in as root to use some of these commands. In Table 5-1, I summarize a few of the commonly used module commands. Table 5-1 Commands to Manage Kernel Modules Table 5-1 Commands to Manage Kernel Modules Determines interdependencies between modules Displays a list of symbols along with the name of the module that Displays information about a kernel module Inserts or removes a module or a set of modules...

Dynamically loading a shared library

Loading a shared library in your program and using the functions within the shared library is simple. In this section, I demonstrate the way you do this action. The header file < dlfcn.h> (that's a standard header file in Linux) declares the functions for loading and using a shared library. Four functions are declared in the file dlfcn.h for dynamic loading void *dlopen(const char *filename, int flag) Loads the shared library specified by the filename and returns a handle for the library....

Checking Your PCs Hardware

When you are thinking about Linux-compatible hardware, here are some of the key components in your PC that you need to consider before you start the Fedora Core installation Processor A 400 MHz Pentium II or better is best. The processor speed, expressed in MHz (megahertz) or GHz (gigahertz), is not that important as long as it's over 400 MHz, but the faster the better. Fedora Core can run on other Intel-compatible processors such as AMD, Cyrix, and VIA processors. RAM RAM is the amount of...

Using Secure Shell SSH for Remote Logins

Fedora Core comes with the Open Secure Shell (OpenSSH) software, a suite of programs that provides a secure replacement for the Berkeley r commands rlogin (remote login), rsh (remote shell), and rcp (remote copy). OpenSSH uses public-key cryptography to authenticate users and to encrypt the communication between two hosts, so users can securely log in from remote systems and copy files securely. Book VII In this section, I briefly describe how to use the OpenSSH software in Fedora Core. To find...

IEEE 1394 Fire Wire support

IEEE 1394 is a high-speed serial bus for connecting peripherals to PCs. Apple calls this bus FireWire Sony calls it i.Link. IEEE 1394 is similar to USB, but it can transfer data at rates up to 400Mbps, which is more than 30 times the data rate of the older USB version 1.1 (note that USB 2.0 is even faster it can transfer data at rates of up to 480Mbps). Because of its high data-transfer rates, IEEE 1394 is ideal for connecting high-speed peripherals such as digital audio and video devices and...

Understanding the Linux File System

Like any other operating system, Linux organizes information in files and directories. Directories, in turn, hold the files. A directory is a special file that can contain other files and directories. Because a directory can contain other directories, this method of organizing files gives rise to a hierarchical structure. This hierarchical organization of files is called the file system. The Linux file system gives you a unified view of all storage in your PC. The file system has a single root...

The sendmail alias file

In addition to the sendmail.cf file, sendmail also consults an alias file named etc aliases to convert a name into an address. The location of the alias file appears in the sendmail configuration file. Each alias is typically a shorter name for an e-mail address. The system administrator uses the sendmail alias file to forward mail, to create mailing lists (a single alias that identifies several users), or to refer to a user by several different names. For example, here are some typical aliases...

Toplevel newsgroup categories

Table 3-1 lists some of the major newsgroup categories. You'll find a wide variety of newsgroups covering subjects ranging from politics to computers. The Linux-related newsgroups are in the comp.os.linux hierarchy. Table 3-1 Some Major Newsgroup Categories Table 3-1 Some Major Newsgroup Categories Alternative newsgroups (not subject to any rules), which run the gamut Computer hardware and software newsgroups (includes operating systems such as Linux and Microsoft Windows) Newsgroups for the...

Perimeter network with bastion host

An Internet firewall is often more complicated than a single dual-homed host that connects to both the Internet and the protected internal network. In particular, if you provide a number of Internet services, you may need more than one system to host them. Imagine that you have two systems one to run the Web and FTP servers and the other to provide mail (SMTP) and domain name system (DNS) lookups. In this case, you place these two systems on a network that sits between the Internet and the...

M4 macro processor

The m4 macro processor generates the sendmail.cf configuration file, which comes with the sendmail package in Fedora Core. The main macro file, sendmail.mc, is included with the sendmail package, but that file needs other m4 macro files that are in the sendmail-cf package. So what's a macro A macro is basically a symbolic name for code that handles some action, usually in a shorthand form that substitutes for a long string of characters. A macro processor such as m4 usually reads its input file...

The switch statement

The switch statement performs a multiple branch, depending on the value of an expression. It has the following syntax If the expression being tested by switch evaluates to valuel, statement_1 executes. If the expression is equal to value2, statement_2 executes. The value is compared with each case label and the statement following the matching label executes. If the value does not match any of the case labels, the block statement_default following the default label executes. Each statement ends...

Shadow passwords

Obviously, leaving passwords lying around where anyone can get at them even if they're encrypted is bad security. So instead of storing passwords in the etc passwd file (which any user can read), Fedora Core now stores them in a shadow password file, etc shadow. Only the superuser (root) can read this file. For example, here is the entry for root in the new-style etc passwd file In this case, note that the second field contains an x instead of an encrypted password. The x is the shadow password...

Monitoring System Security

Even if you secure your system, you have to monitor the log files periodically for signs of intrusion. You may want to install the Tripwire software to monitor the integrity of critical system files and directories. Fedora Core does not come with the Tripwire package. To use Tripwire, you have to download it from www.tripwire.org downloads index.plip. You have to download the source tarball (a compressed archive of source files) and then build Tripwire. (Book VI, Chapter 4 provides more...

Adding the newsgroups

The final step is to add the newsgroups. After you update the configuration files and have innd running, adding a local newsgroup is easy. Log in as root and use ctlinnd to perform this task. For example, here's how you add a newsgroup named xyz.general usr lib news bin ctlinnd newgroup xyz.general That's it That command adds the xyz.general newsgroup to your site. If you use the traditional storage method, the innd server creates the directory var spool news articles xyz general and stores...

Typical DSL setup

To get DSL for your home or business, you have to contact a DSL provider. In addition to your phone company, you can find many other DSL providers. No matter who provides the DSL service, some work has to be done at your central office the place where your phone lines connect to the rest of the phone network. The work involves connecting your phone line to equipment that can work with the DSL modem at your home or office. The central office equipment and the DSL modem at your location can then...

Configuring a caching name server

A simple, but useful, name server is one that finds answers to host-name queries by using other name servers and then remembers the answer by saving it in a cache the next time you need it. This caching name server can shorten the time it takes to access hosts you have accessed recently the answer is already in the cache. When you install the DNS Name Server package group during Fedora Core installation, the configuration files for a caching name server are also installed. That means you can...

Table 21 continued

Enter a password in the next dialog box. Create a PDF version of the spreadsheet Choose FileOPrint. In the Print dialog box, click the list of printers and select PDF Converter from the dropdown list. Click OK. Choose FileOSave As. In the dialog box, enter a filename and select the format in which you want to save the file. Choose FileOVersions. From the resulting dialog box, choose Save New Version. You can create new versions only after you save the spreadsheet...