Any decent Linux distribution comes with an installation option to automatically encrypt user's home directory. In case you do not wish to encrypt the entire home directory or perhaps you wish to encrypt some random directories on your Linux system you can use EncFS the FUSE-based cryptographic filesystem. EncFS will allow you to encrypt and decrypt any directory in a matter of seconds. It will reside on top of your current filesytem and provide access to any EncFS encrypted directory only upon entering a correct predefined password. This short tutorial will show you how to encrypt and decrypt your directories with the EncFS cryptographic filesystem.
Let's assume that you are a heavy Laptop user traveling from one place to another. You also use ssh quite often and so you have generated ssh keypair. For your convenience you even generated a private key without using a pass-phrase ( never good idea ). Furthermore, you have copied you public ssh key to multiple servers for an easy access. The problem with this scenario is that once someone gets hold of your Laptop s/he gets instantly access to all servers using you private ssh key. In this article we will show you how to encrypt your .ssh directory and avoid such problem.Read more ...
If you've ever been in charge of a network you've definitely had the need for a secure remote connection. Maybe you just need to keep an eye on employees or kids. Doing so can be a hassle to some while crossing networks and subnets. On top of that, many businesses may have Internet but no DHCP to more protected machines. Many do this to network machines while keeping employees from surfing the Web. Whatever the case, Linux has many great tools to enable remote encrypted GUI administration. Even better, we will get everything we need for free for accessing a Linux or Windows client.
You should have root privileges on the machine you wish to monitor from as well as on the clients. You are not required to have administrator rights on a Windows client if you can at least enable remote desktop. To follow this tutorial you can use virtual machines if you do not have physical clients to test on. As long as you have the rights above and an IP address you should be fine.
While I've already mentioned legitimate purposes for this tutorial, it can be abused. The purpose of this writing is to help people network their own machines. Please use this information for legal monitoring of clients only!
The first thing you should do is download the necessary packages with apt-get, if you're on Debian or derivatives:
# apt-get install xrdp openssh-server
After that we need to do some configuration to make sure our ssh server runs correctly. In a terminal type "ssh-keygen" to create the rsa keys for encryption. You will see some ascii art go by and then it's done. Most likely your rsa keys will be stored in /home//username/.ssh/ if you ever need to find them.Read more ...
For most of us WEP encryption has become a joke. WPA is quickly going the same way thanks to many tools such as Aircrack-ng. On top of this, wired networks are no strangers to unwanted guests as well. Anyone serious about security should have a good Intrusion Detection system in their toolbox.
There are already some very good IDS's (Intrusion Detection Systems) available. Why would anyone want to re-invent the wheel in Bash??? There are a couple of reasons for this. Obviously Bash scripts can be very light weight. Especially compared to some of the GUI programs that are out there. While programs like Etherape suck us in with pretty colors, they require constant monitoring to know when the network has changed. If you are like most of us, you only use the computer for two things, work and play. By using the system bell to alert for new clients online you can leave this script running and not have to have a constant watch. If you do decide you want to inspect what a suspicious client is doing more closely, you can always open up etherape, wireshark, or your tool of choice. But until you have a problem you can play or work on other things.
Another bonus to this program is that it will only show ip addresses on the networks connected to your computer. If you were hosting a busy server or perhaps downloading the latest Linux distro though a torrent client, an IDS may be flooded with connections. Looking for a new malicious client can be like looking for a needle in a hay stack. While this script may seem simple compared to other IDS's, simplicity can have its perks too.
Nmap is required for this script to work. We will not be doing any port scanning. However, to make this script fast we needed something better than a regular ping. Nmap's -sP parameter will only use a ping scan to check if a clients up. There were some variations in how Nmap outputs information between versions. So far this script has only been tested using Nmap 5.00 (Debian Squeeze) and 5.21 (Debian Sid). You may have luck with other distros and versions of Nmap. However, with all the possibilities I could only support a couple at this time.Read more ...
When navigating the Linux file system you are sure to encounter different file types. The most used and obvious file types are regular files and directories. However, the Linux operating system has more to offer in terms of file types as it also includes another 5 file types. This short article will help you to recognize all the 7 different file types within the Linux operating system.
There is only 1 command you need to know, which will help you to identify and categorize all the seven different file types found on the Linux system.
$ ls -ld <file name>
Here is an example output of the above command.
$ ls -ld /etc/services
-rw-r--r-- 1 root root 19281 Feb 14 2012 /etc/services
ls command will show the file type as an encoded symbol found as the first character of the file permission part. In this case it is "-", which means "regular file". It is important to point out that Linux file types are not to be mistaken with file extensions. Let us have a look at a short summary of all the seven different types of Linux file types and ls command identifiers:
System monitoring is an important aspect of any more-or-less advanced Linux user, because there comes a time when you want to know what is taking precious resources or simply how much it does take. And despite what some people think, this is not applicable only to server systems. Desktop applications go haywire too, and you find your system slowed down to a crawl because some "rogue" app decided to eat up all your memory. For enterprise users there are lots of potent free or commercial solutions for monitoring, but for the old-school Linux user and/or someone that prefers to keep it simple, there is always top(1). If you're somewhat familiar with the command line, you will probably benefit more from this article, but that doesn't mean GUI-centric users won't.
You might've noticed we said nothing about installing top. That's because it's usually already installed in your distribution, and it's even to be found in a Gentoo minimal install. If you remember, top is not strange to us, as we mentioned it before, except now it's gonna receive more attention and you will get more examples and real-life use cases. As before in our Linux commands series, our main inspiration source are the manual pages, and we recommend you take a look at'em too, as these series aren't a substitute.
Actually, top can do more than just display a table of running processes. We will first concentrate on the CLI options, then what keys and options you can use in conjunction with the existing fields top displays, then we'll go on with the other possible uses of top and, of course, examples.
User's ability to attach a priority value to its own process upon execution determines whether you are being nice to your fellow users on the same system. Are you being nice or you simply abuse system resources for no apparent reason? In this article you will learn how to manage your processes in terms of how much processing power they consume and how to change a priority value of your processes using nice & renice Linux command. We will start with some basic theory about what is process, process scheduling, how to fork new process and then we move to nice command and explain how to change process priority value.
In simple words a process is a naming convention used by Linux to assume role of a running program. A process is a collection of rules by which any particular program makes use of assigned processor time, memory and I/O resources. Each process running on a Linux system has its own Process ID ( PID ) by which it can be monitored and administered.
Linux kernel is designed to collect various information about each process. These include, but not limited to:
Now that we have some idea on what the process is we can go ahead and create some process. To do this simply open your terminal and execute yes command in background and redirecting its output to /dev/null:
$ yes > /dev/null &  5997Read more ...
In the previous article we have discussed how to install OpenJDK java on ubuntu from the standard Ubuntu repository or Oracle's Java JDK 7 using Personal Package Archives ( PPA ). This article will cover installation of Oracle Java JDK 7 from a source package or by converting RPM Java package to the Debian software package format.
First, we need to download Oracle Java JDK source package from the official Oracle website. Navigate to JDK Downloads, accept license terms and download jdk-7<version>-linux-<architecture>.tar.gz. Current version of this source package is jdk-7u11-linux-x64.tar.gz and this is also what we are going to use in this tutorial. Store this tarball source package into your home directory or some other arbitrary place.Read more ...
How to install Java on Ubuntu Linux? Although, this topic is a quite self explanatory to an experienced Linux system administrator it still creates lots of confusion for beginners in terms what version of Java I need, how do I install it or how to change my system settings between multiple different types of Java versions. The aim of this short article is to shed some light on this topic as we will show how to install Java JDK for both Oracle and as well as OpenJDK.
In short, Java is an object-oriented programming language. The current owner of the official implementation of the Java SE ( Standard Edition ) platform is Oracle Corporation. The free and open source implementation of the Java Platform SE is called OpenJDK and OpenJRE. There is also another Java version maintained by IBM. IBM provides also both JDK and JRE. Currently only OpenJDK and OpenJRE Java versions are available via standard Ubuntu repository.Read more ...
In this article we will look on how to automatically chroot jail selected user ssh login based on the user group. This technique can be quite useful if you what your user to be provided with a limited system environment and at the same time keep them separate from your main system. You can also use this technique to create a simple ssh honeypot. In this tutorial you will learn how to create a basic chroot environment and how to configure your main system's sshd to automatically chroot jail selected users upon the ssh login.
First we need to create a simple chroot environment. Our chroot environment will consist of a bash shell. To do this, first, we need to create a chroot directory:
# mkdir /var/chroot
In the next step, we need to copy the bash binary and its all shared library dependencies.
You can see the bash's shared library dependencies by executing the ldd command:
Read more ...
# ldd /bin/bash
linux-vdso.so.1 => (0x00007fff9a373000)
libtinfo.so.5 => /lib/x86_64-linux-gnu/libtinfo.so.5 (0x00007f24d57af000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f24d55ab000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f24d51eb000)
As a system administrator or just a backup-conscious home user, sooner or later (usually sooner) you will have to deal with backups. Disasters do happen, ranging from electrical storms to drive failures, and one needs to be prepared. We cannot stress enough the importance of having copies of important data. While the whole concept of backup is too long for this article, we will focus on rsync for what's called incremental backups.
Incremental backups are based on the idea that, once you have a copy of the data you need to backup, consequent backups of the same data should be incremental, meaning that you only update the backup copy with the differences since the last operation occurred, not create another full copy. We will detail here a setup we have at home for backing up important data, but the examples here can be used at larger facilities. Once you get started, you will know what, where and when you need.
If you have a backup server that's up 24/7, you can create a cronjob to backup your data periodically. Since our example is home-based, we have a backup server, but since it's not up all the time, we will show you how to do it manually. rsync needs to be installed on both systems, and that's about it, no other setup chores must be performed, at least in simple cases. Please remember that you are not by all means tied to Linux or other Unix platform : rsync is available also for Windows. If you are worried about security, rsync is working over SSH and can be regarded as a secure replacement for
rcp (remote copy) command, so it's all good.