System Administration

Steganography on linux example

Steganography Made Easy in Linux

by

Introduction

Steganography is the art of hiding messages within other messages or data. Most commonly we see this utilized with pictures. This is probably encryption at its finest.
Mostly because it doesn’t look like usual garbled text that we are used to seeing with encryption. The changes made by Steganography are so slight the human eye cannot perceive them. Even trained cryptographers may have an encoded message inside a picture and be unaware of it. There is a very deep science to this. Usually this is done by flipping parity bits at the binary level. While it is great to learn how this works, sometimes it can be a very tedious job. Fortunately for us there is a tool that will take away most of the grunt work.

Read more

GlusterFS distributed storage configuration

Configuration of High-Availability Storage Server Using GlusterFS

by

March 12, 2013
by Lubos Rendek

Introduction

Whether you are administrating a small home network or an enterprise network for a large company the data storage is always a concern. It can be in terms of lack of disk space or inefficient backup solution. In both cases GlusterFS can be the right tool to fix your problem as it allows you to scale your resources horizontally as well as vertically. In this guide we will configure the distributed and replicated/mirror data storage. As the name suggests a GlusterFS’s distributed storage mode will allow you to evenly redistribute your data across multiple network nodes, while a replicated mode will make sure that all your data are mirrored across all network nodes.

What is GlusterFS

After reading the introduction you should have already a fair idea what GlusterFS is. You can think of it as an aggregation service for all your empty disk space across your whole network. It connects all nodes with GlusterFS installation over TCP or RDMA creating a single storage resource combining all available disk space into a single storage volume ( distributed mode ) or uses the maximum of available disk space on all notes to mirror your data ( replicated mode ). Therefore, each volume consist of multiple nodes, which in GlusterFS terminology are called bricks.

Preliminary Assumptions

Although GlusterFS can by installed and used on any Linux distribution, this article will primarily use Ubuntu Linux. However, you should be able to use this guide on any Linux Distribution like RedHat, Fedora, SuSe, etc. The only part which will be different will be the GlusterFS installation process.

Furthermore, this guide will use 3 example hostnames:

  • storage.server1 – GlusterFS storage server
  • storage.server2 – GlusterFS storage server
  • storage.client – GlusterFS storage client

Use DNS server or /etc/hosts file to define your hostnames and adjust your scenario to this guide.

Read more

I2P – Anonymity for the Masses

by

Introduction

For many years people have wanted to protect their right to privacy. As technology changes, it seems that privacy evolves away more and more. I2P is a protocol used for an encrypted multi-proxy on the Internet. While, this sounds simple, there is actually a lot of work going on with I2P to achieve this. Unlike some multi-proxies, I2P will allow you to tunnel many more applications through it than just web browsing, making it a very robust protocol.

I2P is available for all platforms, not just Linux. For this example I have used Debian Sid to perform the installation. With the exception of ‘apt-get’, these instructions should work fine with any Linux distribution. But if you experience problems, please seek documentation for your distro.

Legal Disclaimer

As I explain this to help you maintain priviacy, there will always be a few bad apples in the crowd. I do not condone this use of this article for anything illegal. Even if you are not passing illegal information on I2P, please check your country’s laws on encryption and it’s exportation before you begin.

The Problem with Tor

One would probably see I2P as an overkill without knowing the downfalls of its predecessor. Tor was once a wonderful multi-proxy used for hiding ip addresses and bouncing off servers all over the world. At one time, it was even trusted by most governments for strong anonymity. All of that seemed to change after an article was posted in 2600 Hacker Quartley. One author exposed how becoming an exit node for Tor allowed all the traffic on the Tor network to pass right through your machine. Becoming an exit node was the same as performing a Man-In-The-Middle attack. All one had to do was open up a packet sniffer and see all the traffic going through encrypted. Tor is still used by people trying to protect their privacy. But at the same time it has become a playground for hackers and governments monitoring what they consider suspicious. I2P has secured this problem while adding more functionality.

Read more

introduction to wine on linux

Introduction to WINE

by

Introduction

One of the main concerns for people making the switch to Linux is how to run the programs that they’ve become accustomed to on other operating systems, mainly Windows. For most, there are one or two programs of games that aren’t available on Linux, and that puts a major hold on adopting Linux full time. Thankfully, WINE can help to solve this problem. introduction to wine on linux

WINE is a piece of software for Unix-like systems, including Linux, OSX, and the BSDs, that allows you to run native Windows applications. WINE stands for, WINE Is Not an Emulator. That’s because it isn’t. WINE isn’t a full Windows install or some kind of VM. It is a compatibility layer that essentially translates Windows binaries. This extends to graphics libraries like DirectX 9, which is converted to OpenGL. WINE allows Linux users to run many popular Windows applications and games at similar performance to if they were running on Windows itself.

Read more

How To backup data with rsync command under Linux

by

As a system administrator or just a backup-conscious home user, sooner or later (usually sooner) you will have to deal with backups. Disasters do happen, ranging from electrical storms to drive failures, and one needs to be prepared. We cannot stress enough the importance of having copies of important data. While the whole concept of backup is too long for this article, we will focus on rsync for what’s called incremental backups.

Incremental backups are based on the idea that, once you have a copy of the data you need to backup, consequent backups of the same data should be incremental, meaning that you only update the backup copy with the differences since the last operation occurred, not create another full copy. We will detail here a setup we have at home for backing up important data, but the examples here can be used at larger facilities. Once you get started, you will know what, where and when you need.

If you have a backup server that’s up 24/7, you can create a cronjob to backup your data periodically. Since our example is home-based, we have a backup server, but since it’s not up all the time, we will show you how to do it manually. rsync needs to be installed on both systems, and that’s about it, no other setup chores must be performed, at least in simple cases. Please remember that you are not by all means tied to Linux or other Unix platform : rsync is available also for Windows. If you are worried about security, rsync is working over SSH and can be regarded as a secure replacement for rcp (remote copy) command, so it’s all good.

Read more

How to extract XZ compressed archive on Linux

by

XZ is another compression method used to compress data. There are several ways on how to decompress XZ archive on Linux. For a tarball XZ compressed archive first try a tar command with xf options. This way a tar command will try automatically guess a compression method. Before you run the above command firs install XZ tools:

# apt-get install xz-utils

Otherwise, you will receive error message output:

tar (child): xz: Cannot exec: No such file or directory
tar (child): Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error is not recoverable: exiting now

To extract XZ tarball run:

$ tar xf myarchive.tar.xz

Read more

How to rename VDI/Virtual disk on XenServer Linux

by

Objective

The Virtual Machine creation using template provisioner may spawn unnamed VDI disks. Usually, the VID description states Created by template provisioner at most.
Example:

uuid ( RO)                : 093e128a-2632-43bd-bb45-8f864bc69d6f
          name-label ( RW): 0
    name-description ( RW): Created by template provisioner
             sr-uuid ( RO): 3ef7b35b-5d39-7414-0c91-bbb281b9a521
        virtual-size ( RO): 21474836480
            sharable ( RO): false
           read-only ( RO): false

The objective is to set a proper name and description to VDI disk.

Read more

Secure SSD data deletion

by

Normal data deletion does not erase all data from SSD as same parts are reserved and omitted by removal process. The function secure erase function allows for a complete data removal from all cells. The secure erase function is offered by SSD manufactures and not all hard drives or Linux kernels support it. In the below examples we will refer to /dev/sda block device as our test drive. To find whether your SSD hard drive supports secure erase run a following linux command:

Warning:

ATA Security Feature Set
These switches are DANGEROUS to experiment with, and might not work with some kernels. USE AT YOUR OWN RISK. 

# hdparm -I /dev/sda | grep erase
		supported: enhanced erase

Read more

User Data Encryption with FUSE-based EncFS filesystem

by

Introduction

Any decent Linux distribution comes with an installation option to automatically encrypt user’s home directory. In case you do not wish to encrypt the entire home directory or perhaps you wish to encrypt some random directories on your Linux system you can use EncFS the FUSE-based cryptographic filesystem. EncFS will allow you to encrypt and decrypt any directory in a matter of seconds. It will reside on top of your current filesytem and provide access to any EncFS encrypted directory only upon entering a correct predefined password. This short tutorial will show you how to encrypt and decrypt your directories with the EncFS cryptographic filesystem.

Scenario

Let’s assume that you are a heavy Laptop user traveling from one place to another. You also use ssh quite often and so you have generated ssh keypair. For your convenience you even generated a private key without using a pass-phrase ( never good idea ). Furthermore, you have copied you public ssh key to multiple servers for an easy access. The problem with this scenario is that once someone gets hold of your Laptop s/he gets instantly access to all servers using you private ssh key. In this article we will show you how to encrypt your .ssh directory and avoid such problem.

Read more

How to rename VM ( virtual machine ) name label on XenServer

by

Objective

The objective is to set a new name label on a existing XenServer’s VM ( virtual machine ).

Requirements

Privileged access to XenServer’s command line as well as configured ISO image storage containing an ISO image of the Linux distribution you wish to install.

Difficulty

EASY

Instructions

Identify VM’s UUID

In order to set/rename VM’s name label we fisrt need to identify its UUID. List all VM’s and take a note of a relevant UUID. Example:

# xe vm-list
uuid ( RO)           : bad8e456-df88-435d-ba12-3f0f6e54b2c6
     name-label ( RW): Control domain on host: xenserver
    power-state ( RO): running


uuid ( RO)           : 699dcb0c-e897-5bd4-30c1-ab1dd9a3ca4e
     name-label ( RW): Debian Jessie 8.0
    power-state ( RO): halted

Read more