Support for the Internet Protocol version 6 is available on Linux since 1996. The kernel implements this functionality, which is usually active and enabled by default on all the major distributions, via the “ipv6” module. Sometimes, for various reasons, it may be desirable to temporarily or permanently disable IPv6 networking.
Egidio Docile
Introduction to LVM thin provisioning
LVM (Logical Volume Manager) is a technology which allow us to create a layer of abstraction over physical storage devices, and implement flexible partitioning schemes where logical volumes are easier to shrink, enlarge or remove than classical “bare” partitions. While LVM “thick” provisioning requires the allocation of a fixed amount of storage space to a LVM logical volume at creation time, by using “thin” provisioning, storage is allocated only when needed.
How to create a backup with Proxmox backup client
While in the first part of this series dedicated to the Proxmox backup server we saw how to install the distribution, and in the second we explored the web administration interface, in this third tutorial, we learn how to create and restore a backup of a physical host using the Proxmox backup client.
Introduction to Proxmox backup server
Proxmox backup server is a free and open source, enterprise-level backup solution. It is implemented as a dedicated Linux distribution based on Debian, and supports essential features like deduplication and encryption. We can use it as a solution to back up and restore virtual machines, containers and physical hosts.
Introduction to the Proxmox backup server: the web interface
Proxmox backup server is an enterprise-level solution to backup containers, virtual machines and physical hosts. In the first part of this series, we learned how to download and install the distribution. Although the system can be managed from the command line, just like any other Linux distribution, it comes also with a user-friendly, integrated web interface.
How to install KeePassXC on Linux
KeePassXC is a free and open source application we can use to safely manage our passwords and sensitive data. It can store usernames, passwords, URLs, and even file attachments. Data is encrypted and stored locally, in a “kdbx” file: this is the ideal solution if we don’t want to store sensitive information in the cloud.
How to increase the security of systemd services
Nowadays all major Linux distributions adopted Systemd as their init system/service manager. Creating a systemd service is just a matter of writing a “.service” unit in the appropriate directory, and manage it using the systemctl utility. When starting a service, or launching a process in general, we want to make sure it runs with the lowest possible set of privileges it needs to accomplish the task. Systemd provides a series of options we can be use to fine-tune the behavior of a service, granting or denying privileges in a granular way, and ensuring a certain level of isolation from the rest of the system.
How to create secure and efficient backups with Restic
Restic is a cross-platform, free and open source program written in Go. We can use it to create compressed, encrypted and space efficient backups, since it is smart enough to archive only changed fragments of files. Restic can use many storage services as targets, such as Google Drive or AWS (Amazon Web Services) S3 buckets, but works also locally and over plain SFTP connections.
How to install Brave on Linux
Brave is a free and open source web browser focused on providing a privacy-oriented setup by default. It is released under the Mozilla Public License Version 2.0, and it is based on chromium, which is also the open source foundation upon Google Chrome is built. Brave comes with useful built-in features such an ad-blocker, a private search engine, an integrated VPN, and Tor support.
How to manage groups on Linux
Groups are an essential part of how discretionary access control (DAC) is implemented on Linux and, in general, on any Unix-based operating system. The creation, modification, and removal of groups are relatively straightforward operations which can be carried out using some utilities installed by default.
Introduction to Linux capabilities
On Linux, traditionally, a process could either run as root, and so have limitless access to the system, or as a non-root user, subject to a set of restrictions. Since version 2.2 of the kernel, capabilities were introduced as a way to grant permissions in a more granular way.
How to bind a rootless container to a privileged port on Linux
One of the main innovations introduced by Podman was the ability to run rootless containers. Security wise, this was a big improvement, since a potentially compromised container running as root represents a security threat for the host system. In order to obtain a similar behavior, recent versions of Docker support running the docker daemon in the user context. Running unprivileged containers, albeit more secure, has also its drawbacks, as the inability to bind to privileged host ports.