feed-image  ISSN 1836-5930

linux

Linux eBooks FREE Download

A Newbie's Getting Started Guide to Linux

Linux from Scratch - Create Your Own Linux System - Free eBook

Linux: The Hacking Solution (v.3.0)

The GNU/Linux Advanced Administration

A Complete Beginner's Manual for Ubuntu 10.04 (Lucid Lynx)

Advanced Bash-Scripting Guide


Poll

Do you care about your privacy when using a FACEBOOK?
 


Partner Linux Sites: TuxMachines
Monsterb
LinuxBloggers
AdamsInfo
LinuxScrew
All For Linux

LINUX ADMINISTRATION NOTES & CODE SNIPPETS

Ubuntu and Debian google-talkplug installation howto

Installing this plugin on any Linux system should be a easy task. First download google-talkplugin_current_i386.deb package. On a Ubuntu system use: sudo dpkg -i google-talkplugin_current_i386.deb on a system where sudo is ...

Read more ...

WWW Mechanize - 401 Authorization Required

Here is a small script on how to login to a .htaccess protected page. Suppose that URL we want to login to is: http(:)//www(.)example(.)com/ and here are credentials required to login: username: www password: ...

Read more ...

Extract email address from a text file

A following perl script and regular expression extracts all email addresses from an given text file. Sample text: This perl script extracts all email addresses from an given text file. This email ...

Read more ...

Regular expression to validate credit card number

Credit card numbers contain four groups of numbers where each group contains 4 numbers. The following regular expression ( regexp ) will accept all credit card number in this format: ...

Read more ...

Regular Expression to validate US postal codes

Simple way to validate US postal codes using regular expression and optionally bash. US postall codes accept five digit ZIP number + optional 4 digit code. For example 32344-4444 and ...

Read more ...

vfat file system - unable to create uppercase directory name

Are you unable to create uppercase directory name on your storage device mounted as vfat file system. The reason for this behavior is that vfat filesystem is by default mounted ...

Read more ...

How To secure ssh

Here are couple ways on how to change your sshd default configuration settings to make ssh daemon more secure / restrictive and thus protecting your server from unwanted intruders. NOTE: Everytime you ...

Read more ...

Falling back to the standard locale - Solution

A following warning message may appear on your Linux terminal: perl: warning: Setting locale failed. perl: warning: Please check that your locale settings: LANGUAGE = ...

Read more ...

More in: Linux administration notes & code snippets

-
+
8
Linuxconfig.org
APACHE web server and SSL authentication

Author: Jaroslav Imrich


apache mod SSLThis article describes configuration techniques of module mod_ssl, which extends a functionality of Apache HTTPD to support SSL protocol. The article will deal with authentication of server (One-way SSL authentication), as well as it will also include authentication of clients by using certificates (Two-way SSL authentication).

Introduction

If you have decided to enable a SSL ( Secure Sockets Layer ) protocol on your web server it may be because you would like to extend its functionality to achieve an integrity and confidentiality for a data transferred on unsecured networks. However, this protocol with the combination of PKI ( Public Key Infrastructure ) principles can also along the side of integrity and confidentiality provide authentication between both sides involved in the client-server communication.

One-way SSL authentication allows a SSL client to confirm an identity of SSL server. However, SSL server cannot confirm an identity of SSL client. This kind of SSL authentication is used by HTTPS protocol and many public servers around the world this way provides services such as webmail or Internet banking. The SSL client authentication is done on a “application layer” of OSI model by the client entering an authentication credentials such as username and password or by using a grid card.

Two-way SSL authentication also known as mutual SSL authentication allows SSL client to confirm an identity of SSL server and SSL server can also confirm an identity of the SSL client. This type of authentication is called client authentication because SSL client shows its identity to SSL server with a use of the client certificate. Client authentication with a certificate can add yet another layer of security or even completely replace authentication method such us user name and password.

In this document, we will discuss configuration of both types of SSL authentication one-way SSL authentication and two-way SSL authentication.

Read more...
 
Choosing the right Linux File System Layout using a Top-Bottom Process

July 31, 2009
By Pierre Vignéras More stories by this author:


Abstract:

As you may probably know, Linux supports various filesystems such as ext2, ext3, ext4, xfs, reiserfs, jfs among others. Few users really consider this part of a system, selecting default options of their distribution's installer. In this article, I will give some reasons for a better consideration of the file-system and of its layout. I will suggest a top-bottom process for the design of a ``smart'' layout that remains as stable as possible over time for a given computer usage.

Introduction

The first question that you may ask is why are there so many file-systems, and what are their differences if any? To make it short (see wikipedia for details):

  • ext2: it is THE Linux fs, I mean, the one that was specifically designed for linux (influenced by  ext and Berkeley FFS). Pro: fast; Cons: not journalized (long fsck).
  • ext3: the natural ext2 extension. Pro: compatible with ext2, journalized; Cons: slower than ext2, as many competitors, obsolete today.
  • ext4: the last extension of the ext family. Pro: ascending-compatibility with ext3, big size; good read performance; cons: a bit too recent to know?
  • jfs: IBM AIX FS ported to Linux. Pro: mature, fast, light and reliable, big size; Cons: still developed?
  • xfs: SGI IRIX FS ported to Linux. Pro: very mature and reliable, good average performance, big size, many tools (such as a defragmenter); Cons: none as far as I know.
  • reiserfs: alternative to ext2/3 file-system on linux. Pro: fast for small files; Cons: still developed?

There are other file-systems, in particular new ones such as btrfs, zfs and nilfs2 that may sound very interesting too. We will deal with them later on in this article (see 5

).

So now the question is: which file-system is the most suitable for your particular situation? The answer is not simple. But if you don't really know, if you have any doubt, I would recommend XFS for various reasons:

Read more...
 
IPwatchD an IP conflict detection tool for Linux

IPwatchD an IP conflict detection tool for Linux


Project name: IPwatchD - IP conflict detection tool
Author: Jaroslav Imrich
Project's Home Page: IPwatchD

 

Introduction

When using a GNU/Linux operating system, from time to time you may come across a situation where network connectivity was interrupted due to the IP conflict. An IP conflict event occurs when two or more hosts on the same network are configured with identical IP addresses. At the present, there appears to be no code in the Linux kernel to take care of this situation by means of appropriate Gratuitous ARP response . Very often a network administrator is left in the complete ignorance by the Linux kernel and needs to troubleshoot IP conflict the hard way. An IP Address Conflict GUI dialog triggered by IPwatchD Daemon Fortunately, there is a simple daemon called IPwatchD which main purpose is to catch and evaluate packets on the network and this way is able to prevent an IP conflict occurrence. This is done by help of  libpcap library. IPwatchD daemon is written in C language and can run in passive or active modes. The difference between a passive and active mode is that in the passive mode IPwatchD only logs every IP conflict event by engaging syslog daemon, and in active mode IPwatchD takes one step further and responds to Gratuitous ARP request which is the main construction block when it comes to the IP conflict prevention. This article will explore this simple daemon in terms of installation, configuration and usage.

Prerequisites

Before we can install IPwatchD under the GNU/Linux operating system it is recommended to confirm that all prerequisites needed by IPwatchD are installed on the system. Here is a list of packages you would need to install on Ubuntu 8.10.
 * build-essential - C compiler and other development tools
* libpcap-dev - Network packet capture library
* libnet1-dev - Network packet construction library
* libnotify-dev - sends desktop notifications to a notification daemon
On ubuntu or debian linux you can install those packages with a following command:
# apt-get install build-essential libpcap-dev libnet1-dev libnotify-dev 
Read more...
 
VPN - Virtual Private Network and OpenVPN

Introduction

This article will describe a configuration of Virtual Private Network connection by using an OpenVPN application. Firstly, you will be exposed to some basic theory behind Virtual Private Networks. Then, the article will guide you with step-by-step instructions on how to setup a OpenVPN virtual private network by using Symmetric Key Encryption and Public Key Encryption. This article is meant for everybody who possesses a basic knowledge of linux administration and networking.

Why VPN

If you work in IT industry, it is very common that you do not use only a single computer sitting on your work desk, but you also utilize other systems connected to the same local area network. As long as you are sitting on your office chair this approach should not be a problem. However, this situation can become complicated once you are in hurry, and therefore, you need to take some of your work home. You are able to take you company laptop with you, but to fully utilize company resources you would also need to be connected to the company's local area network. The solution to this problem depends on what resources are needed to complete your job. If you need some shared files available on the company's network, you may just simply copy these file to your laptop's hard drive or to USB stick. In case you need to work on the system installed on your company's PC you can also use some virtualization tools such as VirtualBox or VMware. Soon enough you will realize that this approach is not as convenient as you would like it to be, and that you spent more time by copying files and synchronizing virtual systems than concentrating on your work. The ideal solution in this case should allow employees to access company's local resources from an external network. This can be done by forwarding ports of the local services via firewall. Exposing local ports to the Internet is not entirely the safest approach. The more ports are exposed from your local network to an external network such as the Internet, the more vulnerable your local system will become. The ideal approach in this situation could be a use of just single port for all services coupled with encryption and user authentication. This can be achieved, for example, by using a Virtual Private Network (VPN)

.

How does VPN works

VPN networks are often operated as client-server applications. Good example could be an implementation of MS Windows PPTP or OpenVPN on the Linux Platform. VPN server is directly running on a firewall, where it creates virtual network interface and additional virtual network subnet. VPN server is waiting for connections on the external network interface of the firewall where it performs authentication of a VPN client application. After successful VPN client authentication a VPN client is given an IP address from a virtual subnet. Consequently, an encrypted tunnel is created between VPN client and VPN server, which is used for safe transfer of packets between two distant networks via the Internet. Services, which a VPN client can connect to, can furthermore be defined by firewall rules. This way firewall ensures that VPN client can connect only to services it is allowed to connect. If the previous couple sentences looked to you little difficult to understand, do not despair! Everything will become clearer once we see how encrypted tunnel works in an example.

VPN Encrypted Tunnel Fundamentals

VPN tunnels are generally considered as something mysterious and everybody who mentions them, is "cool" :-) However, there is nothing to be afraid about, in the fact principle of Virtual Private Network is very simple. Data in IP networks are exchanged in packets. Information about destination and a source of the packet can be found in the packet's header. The actual user data are carried as a payload. Let’s imagine that ssh client wants to talk to ssh server over the Virtual Private Network. Packets leaving a host's network interface located on the local network are sent with a destination port number 22. When this packet reaches a VPN tunnel it is encapsulated into the VPN packet where original packet is now treated as a payload. If the VPN server listens on the port 443, the VPN packet will carry a destination port 443. VPN Encrypted Tunnel Fundamentals
When looking at the previous figure it is apparent that this kind of network data transfer over the VPN is a waste of transfer rate because original packet has a smaller payload space just because it needs to fit into the VPN tunnel packet. In VPN analogical sense this can be considered as a drawback.

Read more...
 
«StartPrev12345678910NextEnd»

Page 6 of 11