Secure SSD data deletion

Normal data deletion does not erase all data from SSD as same parts are reserved and omitted by removal process. The function secure erase function allows for a complete data removal from all cells. The secure erase function is offered by SSD manufactures and not all hard drives or Linux kernels support it. In the below examples we will refer to /dev/sda block device as our test drive. To find whether your SSD hard drive supports secure erase run a following linux command:

Warning:

ATA Security Feature Set
These switches are DANGEROUS to experiment with, and might not work with some kernels. USE AT YOUR OWN RISK.

# hdparm -I /dev/sda | grep erase
		supported: enhanced erase

Read more

Using Clonezilla: beginner and advanced approaches

Introduction and concepts

Every system administrator I know develops in time the habit of putting together a toolbox where, as time passes, many useful pieces of software get added up, as the recurrent need arises. Please do not imagine this in the most classical of the sense, as this is not about a carpenter’s toolkit, nor a mechanic’s toolbox. It usually is a CD portfolio with live CDs, installable most-used distributions, vendor-specific tools and whatever not. Of the (indispensable) live CDs, one usually sees in the aforementioned toolbox a disk cloning item. What does it do? It helps a tremendous amount when you need to save and restore a hard disk, operating system included, and by save I mean 1/1 copy with the possibility of restoring in a few minutes, despite the ever-increasing size of the hard drives offered by the market today, where the terabyte becomes more and more common.

Such software exists, and indeed it makes the lives of admins and users alike much easier and efficient. Unfortunately, companies tried to impose their own proprietary disk image formats, so that restoring could be possible only by using their tools. Fortunately, there is a FOSS solution that deals with this, offering a very efficient live CD and server for download, and that is Clonezilla, which we’ll talk about today. You are expected to have some knowledge on how disks work, networking and system administration. We will treat more advanced subjects a bit later on, but all you need to know if you are a beginner in those matters is right here.

Read more

Backdrop content management framework Docker image deployment and usage

About

The trusted docker image of Backdrop content management framework “linuxconfig/backdrop” can be used to instantly deploy Backdrop on your docker hosts.

Configuration

The backdrop application runs on Debian GNU/Linux system featuring Apache web server, MariaDB ( MySQL ), database and PHP5. A new docker container based on “linuxconfig/backdrop” will expose port 80 which can be linked to the docker host port for an immediate backdrop blog access.

Configured MySQL users:passwords:

  • root:”empty password”
  • admin:”pass”

Configured MySQL databases:

  • backdrop

Exposed ports:

  • 80

Deployment

The below command will download and create a new docker container called backdrop and link local host system port 80 with container’s exposed port 80.

# docker run -d --name=backdrop -p 80:80 linuxconfig/backdrop

Read more

Steganography on linux example

Steganography Made Easy in Linux

Introduction

Steganography is the art of hiding messages within other messages or data. Most commonly we see this utilized with pictures. This is probably encryption at its finest.
Mostly because it doesn’t look like usual garbled text that we are used to seeing with encryption. The changes made by Steganography are so slight the human eye cannot perceive them. Even trained cryptographers may have an encoded message inside a picture and be unaware of it. There is a very deep science to this. Usually this is done by flipping parity bits at the binary level. While it is great to learn how this works, sometimes it can be a very tedious job. Fortunately for us there is a tool that will take away most of the grunt work.

Read more

GlusterFS distributed storage configuration

Configuration of High-Availability Storage Server Using GlusterFS

March 12, 2013
by Lubos Rendek

Introduction

Whether you are administrating a small home network or an enterprise network for a large company the data storage is always a concern. It can be in terms of lack of disk space or inefficient backup solution. In both cases GlusterFS can be the right tool to fix your problem as it allows you to scale your resources horizontally as well as vertically. In this guide we will configure the distributed and replicated/mirror data storage. As the name suggests a GlusterFS’s distributed storage mode will allow you to evenly redistribute your data across multiple network nodes, while a replicated mode will make sure that all your data are mirrored across all network nodes.

What is GlusterFS

After reading the introduction you should have already a fair idea what GlusterFS is. You can think of it as an aggregation service for all your empty disk space across your whole network. It connects all nodes with GlusterFS installation over TCP or RDMA creating a single storage resource combining all available disk space into a single storage volume ( distributed mode ) or uses the maximum of available disk space on all notes to mirror your data ( replicated mode ). Therefore, each volume consist of multiple nodes, which in GlusterFS terminology are called bricks.

Preliminary Assumptions

Although GlusterFS can by installed and used on any Linux distribution, this article will primarily use Ubuntu Linux. However, you should be able to use this guide on any Linux Distribution like RedHat, Fedora, SuSe, etc. The only part which will be different will be the GlusterFS installation process.

Furthermore, this guide will use 3 example hostnames:

  • storage.server1 – GlusterFS storage server
  • storage.server2 – GlusterFS storage server
  • storage.client – GlusterFS storage client

Use DNS server or /etc/hosts file to define your hostnames and adjust your scenario to this guide.

Read more

I2P – Anonymity for the Masses

Introduction

For many years people have wanted to protect their right to privacy. As technology changes, it seems that privacy evolves away more and more. I2P is a protocol used for an encrypted multi-proxy on the Internet. While, this sounds simple, there is actually a lot of work going on with I2P to achieve this. Unlike some multi-proxies, I2P will allow you to tunnel many more applications through it than just web browsing, making it a very robust protocol.

I2P is available for all platforms, not just Linux. For this example I have used Debian Sid to perform the installation. With the exception of ‘apt-get’, these instructions should work fine with any Linux distribution. But if you experience problems, please seek documentation for your distro.

Legal Disclaimer

As I explain this to help you maintain priviacy, there will always be a few bad apples in the crowd. I do not condone this use of this article for anything illegal. Even if you are not passing illegal information on I2P, please check your country’s laws on encryption and it’s exportation before you begin.

The Problem with Tor

One would probably see I2P as an overkill without knowing the downfalls of its predecessor. Tor was once a wonderful multi-proxy used for hiding ip addresses and bouncing off servers all over the world. At one time, it was even trusted by most governments for strong anonymity. All of that seemed to change after an article was posted in 2600 Hacker Quartley. One author exposed how becoming an exit node for Tor allowed all the traffic on the Tor network to pass right through your machine. Becoming an exit node was the same as performing a Man-In-The-Middle attack. All one had to do was open up a packet sniffer and see all the traffic going through encrypted. Tor is still used by people trying to protect their privacy. But at the same time it has become a playground for hackers and governments monitoring what they consider suspicious. I2P has secured this problem while adding more functionality.

Read more

introduction to wine on linux

Introduction to WINE

Introduction

One of the main concerns for people making the switch to Linux is how to run the programs that they’ve become accustomed to on other operating systems, mainly Windows. For most, there are one or two programs of games that aren’t available on Linux, and that puts a major hold on adopting Linux full time. Thankfully, WINE can help to solve this problem. introduction to wine on linux

WINE is a piece of software for Unix-like systems, including Linux, OSX, and the BSDs, that allows you to run native Windows applications. WINE stands for, WINE Is Not an Emulator. That’s because it isn’t. WINE isn’t a full Windows install or some kind of VM. It is a compatibility layer that essentially translates Windows binaries. This extends to graphics libraries like DirectX 9, which is converted to OpenGL. WINE allows Linux users to run many popular Windows applications and games at similar performance to if they were running on Windows itself.

Read more

How To backup data with rsync command under Linux

As a system administrator or just a backup-conscious home user, sooner or later (usually sooner) you will have to deal with backups. Disasters do happen, ranging from electrical storms to drive failures, and one needs to be prepared. We cannot stress enough the importance of having copies of important data. While the whole concept of backup is too long for this article, we will focus on rsync for what’s called incremental backups.

Incremental backups are based on the idea that, once you have a copy of the data you need to backup, consequent backups of the same data should be incremental, meaning that you only update the backup copy with the differences since the last operation occurred, not create another full copy. We will detail here a setup we have at home for backing up important data, but the examples here can be used at larger facilities. Once you get started, you will know what, where and when you need.

If you have a backup server that’s up 24/7, you can create a cronjob to backup your data periodically. Since our example is home-based, we have a backup server, but since it’s not up all the time, we will show you how to do it manually. rsync needs to be installed on both systems, and that’s about it, no other setup chores must be performed, at least in simple cases. Please remember that you are not by all means tied to Linux or other Unix platform : rsync is available also for Windows. If you are worried about security, rsync is working over SSH and can be regarded as a secure replacement for rcp (remote copy) command, so it’s all good.

Read more

Command-line programs for everyday use in Linux

Introduction

I must admit, I’m a command line geek. Whenever I have the chance, regardless of desktop environment or distribution, I open a terminal and start fiddling something. This does not mean everyone must be like me, of course. If you’re the person who is mouse and GUI-oriented, no problems. However, there are situations when all you have at your disposal for a while is the command line. One of those situations might be an upgrade of your kernel/graphics drivers that leave you high and dry until the bug is reported and the developers look at the issue. You have to send a very important e-mail or you have to check the evolution of prices of your favorite laptop. All the essential desktop tasks (with some exceptions, though) that you do on a GUI-enabled machine can be done on a CLI-only machine as well, so if you’re interested…

The tasks

The everyday tasks we will refer to are the ones we usually do in a usual day, be it a work day or a weekend. We need to check our mail, maybe watch something on Youtube (yes, it’s possible), chat with our friends or simply browse away from URL to URL. These are the kinds of things we are talking about in this article. By the way, another huge advantage of the CLI approach is (besides efficiency and low resources) uniformity. You don’t have to worry, if you use many Linux computers, that some of them won’t have your favorite desktop installed: these programs we will tell you about work everywhere, GUI available or not, as long as you have a terminal emulator installed, of course. Note that this article is comprised only of ideas and suggestions, and will not guide you step-by-step on how to use the presented applications.

Web browsing

It’s true, you can’t see images , but they are practical to have, way faster and even more secure, because some of them don’t even support Javascript unless you tweak their compile options. Ladies and gents, I give you links, elinks and lynx. You can install them on almost any distribution with the native package manager, or you can install them from source, and of course compilation will not take a lot, because there are no heavy dependencies. links also offers a command-line flag (-g from graphical) that, if compiled with the right options, will offer you a very simple but fast GUI browser.

On Debian, when I wanted to do ‘links -g’, I got “Graphics not enabled when compiling (use links2 instead for graphics mode)”. After installing it, typing

  $ links2 -g

Read more