Is your home or small business Linux secure?
Good sysadmins know many ways to secure their Linux systems, but often home, hobby, and small business users don't put enough emphasis on security. Good security doesn't put all it's eggs in one basket. It's a layered, integrated system of software and behaviour.
A common mistake is for people to just activate a firewall and call it a day.
One of the tools in my security toolbox is fail2ban. I use it on everything from personal systems to Enterprise servers. It's a simple tool conceptually. It monitors the services you choose for failed access attempts and bans the IP address making the attempt. This is important for stopping brute force attacks. Alone it's not good security, but as part of a larger security system and plan, it's a great tool.
One tip is to not to just jump in with permanent bans, use timed bans where appropriate. For example, ssh is a particularly bad service to perma-ban because it's all too easy to lock yourself out accidentally.
Read the docs and figure out your ban options and how fail2ban works. Used properly it's very powerful. Used wrong it can do more harm than good.
Anyway, take a look at fail2ban and don't let the app's crappy website put you off. Google it, look for good tutorials, and give it a shot. It should be in the default repository of most Linux distributions so installation should be simple.
#Sysadmin #linux #security
http://www.fail2ban.org/wiki/index.php/Main_Page
Saturday, 19 December 2015
Friday, 2 October 2015
Linux Tips - Using dd the painless way
Linux Tips - Using dd the painless way
Recently I watched someone cussing out dd for it's utter lack of feedback. For anyone that uses dd you know what they mean. Copying devices with dd can take a long time and it gives you absolutely no indication of what it's doing. Often new users will think it's broken or has crashed and even us old-timers wonder some times. Well here's how I've been solving that problem for years now and I'll never go back to using plain dd again.
The solution is to use Pipe Viewer which is invoked with "pv".
Many systems have it installed by default, if not, install it. It's well worth it. Anyway, here's how I use it.
Say you're copying a disk image, "SomeHugeImageFile.img" onto a USB stick at /dev/sdc. Type the following at your command prompt.
pv -tpreb ./SomeHugeImageFile.img | dd of=/dev/sdc bs=4M
This command will dump SomeHugeImage.img to the raw device sdc and give you a nice status output with a bar graph, elapsed time, and eta all displayed during the process. I always follow any dd commands with "sync" to make sure all the disk buffers are flushed to disk.
Oh, and FYI. Here's the man page for pv.
http://linux.die.net/man/1/pv
#Linux #Sysadmin #CommandLine #Tips
Recently I watched someone cussing out dd for it's utter lack of feedback. For anyone that uses dd you know what they mean. Copying devices with dd can take a long time and it gives you absolutely no indication of what it's doing. Often new users will think it's broken or has crashed and even us old-timers wonder some times. Well here's how I've been solving that problem for years now and I'll never go back to using plain dd again.
The solution is to use Pipe Viewer which is invoked with "pv".
Many systems have it installed by default, if not, install it. It's well worth it. Anyway, here's how I use it.
Say you're copying a disk image, "SomeHugeImageFile.img" onto a USB stick at /dev/sdc. Type the following at your command prompt.
pv -tpreb ./SomeHugeImageFile.img | dd of=/dev/sdc bs=4M
This command will dump SomeHugeImage.img to the raw device sdc and give you a nice status output with a bar graph, elapsed time, and eta all displayed during the process. I always follow any dd commands with "sync
Oh, and FYI. Here's the man page for pv.
http://linux.die.net/man/1/pv
#Linux #Sysadmin #CommandLine #Tips
Sunday, 20 September 2015
SSH keygen, a must have skill for Linux users
SSH keygen, a must have skill for Linux users
Hopefully, if you've been reading my stream for any length of time, you've been encouraged to learn some command line skills. As you learn the power of the CLI, you'll no doubt eventually end up with more than one Linux or Unix like device on your network (for example a few Raspberry Pi based media centre's). Once that happens, being able to access those systems in s secure yet convenient way becomes a handy tool. That's where SSH keygen comes in. This will allow you to access the devices on your network via the command line without having to type a password every time. You can also adapt this tutorial to add SSH keys to remote SSH apps on other platforms like ConnectBot on Android or PuTTY on Windows.
http://freedompenguin.com/articles/just-ask-matt/how-to-setup-ssh-keys-on-a-linux-system/
Hopefully, if you've been reading my stream for any length of time, you've been encouraged to learn some command line skills. As you learn the power of the CLI, you'll no doubt eventually end up with more than one Linux or Unix like device on your network (for example a few Raspberry Pi based media centre's). Once that happens, being able to access those systems in s secure yet convenient way becomes a handy tool. That's where SSH keygen comes in. This will allow you to access the devices on your network via the command line without having to type a password every time. You can also adapt this tutorial to add SSH keys to remote SSH apps on other platforms like ConnectBot on Android or PuTTY on Windows.
http://freedompenguin.com/articles/just-ask-matt/how-to-setup-ssh-keys-on-a-linux-system/
Monday, 14 September 2015
OK, so you're using Linux, now what?
OK, so you're using Linux, now what?
Well now it's time to put on your big kid pants and learn the command line
Isn't the command line for old guys and people that fear change?
Nope. The command line is where the real power, control, and yes speed of any Unix like OS lies, and even many non Unix base OS's have a lot waiting for you on the command line.
Think of it this way, why do you still text your friends when you can video chat?? Are you backwards and stupid? Of course not. Every medium has it's uses and advantages. For example, in the time it takes to fire up your Hangouts, Skype, Facetime, etc. and get your friend to answer, you can have already sent all the relevant and necessary information to them in a text.
It's the same with the command line. By the time you get the file manager open, browse for all the files you just downloaded, CTRL-click them all, CUT, go to the folder you want them in, PASTE, and wait for the move to happen, you could have done it already from the command line.
So yes, sometimes the command line is faster and or easier. Other times it's just plain the only way to get at certain powerful features or configuration settings.
Anyway, the point is that you should get to know the command line and learn to use it. Don't think of it as an archaic hassle, think of it as being in an elite club of people that knows how to get things done. The kind that in the real world, know the right people, and the right places to get things done without waiting in lines and dealing with red tape.
Personally, I always leave a KDE Konsole window open on my desktop, and in it I have multiple command line tabs always open. One su to root so I can do admin tasks quickly, and one as my regular user, sitting in each of the directories I frequently work in. Eg. my Downloads, my Documents, one to ssh into my server, one to rsync files between network locations, etc.
#Linux #Sysadmin
https://www.maketecheasier.com/online-resources-for-learning-the-command-line/
Well now it's time to put on your big kid pants and learn the command line
Isn't the command line for old guys and people that fear change?
Nope. The command line is where the real power, control, and yes speed of any Unix like OS lies, and even many non Unix base OS's have a lot waiting for you on the command line.
Think of it this way, why do you still text your friends when you can video chat?? Are you backwards and stupid? Of course not. Every medium has it's uses and advantages. For example, in the time it takes to fire up your Hangouts, Skype, Facetime
It's the same with the command line. By the time you get the file manager open, browse for all the files you just downloaded, CTRL-click them all, CUT, go to the folder you want them in, PASTE, and wait for the move to happen, you could have done it already from the command line.
So yes, sometimes the command line is faster and or easier. Other times it's just plain the only way to get at certain powerful features or configuration settings.
Anyway, the point is that you should get to know the command line and learn to use it. Don't think of it as an archaic hassle, think of it as being in an elite club of people that knows how to get things done. The kind that in the real world, know the right people, and the right places to get things done without waiting in lines and dealing with red tape.
Personally, I always leave a KDE Konsole window open on my desktop, and in it I have multiple command line tabs always open. One su to root so I can do admin tasks quickly, and one as my regular user, sitting in each of the directories I frequently work in. Eg. my Downloads, my Documents, one to ssh into my server, one to rsync files between network locations, etc.
#Linux #Sysadmin
https://www.maketecheasier.com/online-resources-for-learning-the-command-line/
Thursday, 27 August 2015
Use packages from other Linux distributions easily with Alien
Use packages from other Linux distributions easily with Alien
Sometimes you come across a Linux application you've just got to have, but unfortunately, the developer only builds for a different Linux platform than you use. Well don't give up, or worse switch platforms, over one application. Just use Alien to morph that package into one your Linux distro can use.
A common situation would be applications developed for Ubuntu and derivatives. If you are using an RPM based Linux, like Fedora, RedHat, or SUSE, then you'll need to find the .deb version of the package and use Alien to make an RPM.
Here's how.
#Linux #Sysadmin
http://www.tecmint.com/convert-from-rpm-to-deb-and-deb-to-rpm-package-using-alien/
Sometimes you come across a Linux application you've just got to have, but unfortunately, the developer only builds for a different Linux platform than you use. Well don't give up, or worse switch platforms, over one application. Just use Alien to morph that package into one your Linux distro can use.
A common situation would be applications developed for Ubuntu and derivatives. If you are using an RPM based Linux, like Fedora, RedHat, or SUSE, then you'll need to find the .deb version of the package and use Alien to make an RPM.
Here's how.
#Linux #Sysadmin
http://www.tecmint.com/convert-from-rpm-to-deb-and-deb-to-rpm-package-using-alien/
Friday, 22 May 2015
How-to: Using Google two factor authentication with ssh on your Linux box
How-to: Using Google two factor authentication with ssh on your Linux box
Two factor authentication is a great way to increase the security of your accounts. Google offers it for your Google accounts and now you can use it to secure your Linux box. How cool is that?
Note that while this tutorial is based around CentOS, it should be simple to apply to most Linux distributions with little modification.
For more info, here is a video on using two factor authentication with your Google account.
https://youtu.be/zMabEyrtPRg
I suggest installing the Google Authenticator app.
#Linux #Security #Google #SSH
https://www.howtoforge.com/tutorial/secure-ssh-with-google-authenticator-on-centos-7/
Two factor authentication is a great way to increase the security of your accounts. Google offers it for your Google accounts and now you can use it to secure your Linux box. How cool is that?
Note that while this tutorial is based around CentOS, it should be simple to apply to most Linux distributions with little modification.
For more info, here is a video on using two factor authentication with your Google account.
https://youtu.be/zMabEyrtPRg
I suggest installing the Google Authenticator app.
#Linux #Security #Google #SSH
https://www.howtoforge.com/tutorial/secure-ssh-with-google-authenticator-on-centos-7/
Subscribe to:
Posts (Atom)