Having a reliable backup of our GPG (Gnu Privacy Guard) secret key is not optional: the key represents our identity, and loosing it could potentially be a disaster. Creating a backup of our keys and sub-keys is quite a simple thing to do using gpg, and the resulting files can be easily backed up on one or more devices. Electronic devices such USB drives or hard disks, however, tend to fail, and usually in the most inappropriate times; therefore as an extreme resort, we may want to print our keys to paper.
LUKS (Linux Unified Key Setup) is the de facto standard encryption method used on Linux-based operating systems. As we saw in previous tutorials, when we want a partition or raw disk encrypted using LUKS to be automatically unlocked at boot, we need to enter a dedicated line into the /etc/crypttab file. Doing so, we are prompted to provide the encryption password interactively. This is quite straightforward on laptop or desktop machines, but how can we unlock a volume on an headless server? One solution is to use dropbear to get ssh access at an early boot stage, in the initramfs, in order to provide the volume password.
Déjà Dup is a free an open source program we can use to easily create incremental data backups on Linux. The program is basically a graphical frontend for Duplicity; its goal is to hide complexity, be simple and easy to use. Backups created with Déjà Dup can be encrypted and stored locally and remotely, even using storage space provided by services like Google Drive.
Linux-based operating systems, if well configured, are really stable; however, since bad things can always happen, it is a good idea to regularly create backups. As we saw in previous articles, there are many types of backup, and many possible backup strategies which can be implemented on Linux, using free and open source software. In this article we focus on Timeshift, an application which allows us to create incremental backups of our Linux system. The tool is similar to the Apple Time Machine, and can work as a frontend for rsync or use the BTRFS filesystem snapshot feature under the hood.
One of the things that make Linux-based operating systems great is the high degree of customization they offer us. We can customize and adapt (almost) everything to our needs, from the options the kernel is compiled with, to the desktop environment. On any Linux distribution, the terminal emulator is an essential tool for power users and system administrators. Starship is a free and open source plugin written in rust we can use to customize our favorite shell prompt by using a variety of modules.
PyCharm is a professional Python IDE (Integrated Development Environment) developed by JetBrains, which supports a lot of features like code completion, refactoring, debugging, etc. Two versions of the IDE exist: the “Professional” version, which must be purchased, and the free, “Community” version, which is based on open source software, and can be downloaded and installed free of charge. Various methods can be used to install the IDE on Linux.
Neither Python nor Git need presentations: the former is one of the most used general-purpose programming language; the latter is probably the most used version control system in the world, created by Linus Torvalds himself. Normally, we interact with git repositories using the git binary; when we need to work with them using Python, instead, we can use the GitPython library.
Tmux is a terminal multiplexer: it let us run and manage multiple terminal sessions from a single screen. This is specially useful when connecting to remote machines using ssh, since, among the other things, it allows us to keep processes started from those terminals running in the background when we disconnect from the session (or logout and close the remote secure shell altogether), letting us re-attach to it at a later time.
Vim is definitely one of the most venerated text editors in the Unix world. Although its learning curve can be pretty steep when accustomed to more traditional text editors, its usage can dramatically improve productivity. A lot of plugins are available for the editor; almost always their source code is hosted on Github or similar platforms based on Git. To manage such plugins, several third-party plugin managers were developed in time, such as Pathogen or Vim-Plug, but since version 8 of the editor, a native way to manage plugins was introduced.
Samba is a free and open source interoperability suite of programs which allows us to share files and printers between machines running Linux or Windows. A Samba share is pretty easy to configure and can easily be accessed on clients, since the vast majority of Linux file explorers has built-in support samba. In certain situations, however, we may want to mount a Samba share at boot, just like a normal filesystem on a specified mountpoint.
Firewalld is the default high-level firewall manager on the Red Hat family of distributions. One of its peculiarities is that it defines a series of so called firewall zones: each zone can be considered like a different level of trust and can be configured to allow traffic through a specific set of ports. While Firewalld comes with some predefined zones which can be easily examined and modified, sometimes we may want to create our custom zones from scratch.
Borg is a very useful application we can use to create deduplicating backups on Linux. Free and open source software, it is, for the most part, written in Python and supports data compression and encryption. Thanks to the data de-duplication feature, only data which actually changes is archived, and this let us optimize both disk space and execution time. Borg is really easy to install, since it is packaged and included in the repositories of the most used Linux distributions.