security

How to easily encrypt any file or directory with Mcrypt on Linux System

by

In this config we will show you a number of examples how to use mcrypt tool to easily encrypt files whether the file is large or small in size. We will also use Mcrypt to encrypt and compress files and directories on the fly which can be usefully for a number of backup and scripting purposes.

Mcrypt installation

UBUNTU/DEBIAN
# apt-get install mcrypt
REDHAT/FEDORA/CENTOS
# yum install mcrypt

Creating a testing sandbox

Let’s first create a directory with some files we can work with:

$ mkdir dir1
$ cd dir1/
$ echo "My File to Encrypt" > file1
$ cat file1 
My File to Encrypt
$ fallocate -l 500MB file2
$ md5sum file*
bccd44aaa84c7c9d04a268f670ae92c5  file1
4034379ecc54213fc9a51785a9d0e8e2  file2

Read more

Netplan network configuration tutorial for beginners

Netplan network configuration tutorial for beginners

by

Netplan is an utility developed by Canonical, the company behind Ubuntu. It provides a network configuration abstraction over the currently supported two “backend” system, (or “renderer” in Netplan terminology): networkd and NetworkManager. Using Netplan, both physical and virtual network interfaces are configured via yaml files which are translated to configurations compatible with the selected backend.

On Ubuntu 20.04 Netplan replaces the traditional method of configuring network interfaces using the /etc/network/interfaces file; it aims to make things easier and more centralized (the old way of configuring interfaces can still be used: check our article about How to switch back networking to /etc/network/interfaces on Ubuntu 20.04 Focal Fossa Linux). In this article we will learn the basic principles behind the utility, and, just as an example, how we can use it to configure a static IPv4 address for a network interface.

In this tutorial you will learn:

  • The basic structure of yaml configuration files used by Netplan
  • How to create a simple rule to assign a static IP to a network interface
  • How to apply configurations using generate, try and apply subcommands

Read more

How to use a file as a LUKS device key

How to use a file as a LUKS device key

by

LUKS is the acronym of Linux Unified Key Setup: it is the most used encryption implementation used on Linux systems and can be configured as an alternative to dm-crypt plain setup. Compared to the latter it provides some additional features like password hashing and salting and the ability to store multiple passwords in the so called LUKS header. In this tutorial I will assume the reader has a certain familiarity with LUKS; if you want to know more about this subject, you can check our basic guide about encrypting linux partitions with luks. The most common way to protect a LUKS device is to use a passphrase, however it is also possible to use a file as a key; in this tutorial we will see how to do this. Let’s go!

In this tutorial you will learn:

  • How to create a file with random data to use as a LUKS device key
  • How to add a key to a LUKS device
  • How to automatically decrypt a LUKS device at boot using a file as a key

Read more

How to monitor network activity on a Linux system

How to monitor network activity on a Linux system

by

There are many reasons why you may want to monitor the network activity on your Linux system. You may be troubleshooting a network issue, you may want to check to make sure that there are no malicious applications creating suspicious network activity, or you may simply want to know if any processes are phoning home. Whatever the reason, here are a few methods to see which processes on your system are engaged in network activity and who they are communicating with.

Read more

ss command on Linux

Using ss command on Linux

by

The ss command is the successor to the netstat command on Linux systems. The command is used by system administrators to see information about network connections. It allows you to check things like the status, origin, and destination of connections. In addition, ss displays route tables, interface statistics, masquerade connections, and multicast memberships.

In this guide, you’ll learn how to use the ss command through examples and explanations. We’ll show you its most common uses and everything you need to know in order to use it effectively.

In this tutorial you will learn:

  • How to use ss command

Read more

Redirect HTTP traffic to HTTPS in Apache

How to use Apache to redirect all traffic from http to https

by

If your website uses Apache and SSL, there’s not much reason to keep using HTTP with your website. Having both HTTP and HTTPS just creates duplicate content, as now any given page will be accessible through two technically different URLs.

In this guide, we’ll assume you’re already using Apache on a Linux system and want to redirect all HTTP traffic to HTTPS. This will make sure that all your visitors are only connecting through HTTPS by forcing their browser over to the secure protocol if they happen to open an HTTP link. If a user decides to preface a link with http://, your site will be smart enough to still send them to the correct page, rather than showing duplicate content or displaying a 404 error.

There are two ways to set up this redirection in Apache. The better method is to configure Virtual Host, but users with hosted websites may not have access to this configuration. The second method is by making some changes to the .htaccess file. We’ll cover the step by step instructions for both methods below. Let’s get started.

In this tutorial you will learn:

  • How to redirect HTTP to HTTPS with Virtual Host
  • How to redirect HTTP to HTTPS with .htaccess file

Read more

Jail ssh user to home directory on Linux

Jail ssh user to home directory on Linux

by

Jailing an SSH user to their home directory allows you (the administrator) to exercise a lot of control and security over the user accounts on a Linux system.

The jailed user still has access to their home directory, but can’t traverse the rest of the system. This keeps everything else on the system private and will prevent anything from being tampered with by an SSH user. It’s an ideal setup for a system that has various users and each user’s files need to stay private and isolated from the others.

In this guide, we’ll show you the step by step instructions for jailing an SSH user to their home directory.

In this tutorial you will learn:

  • How to jail SSH user to home directory

Read more

HOW TO VERIFY ISO IMAGE INTEGRITY

How to verify the integrity of a Linux distribution iso image

by

When we decide to install an operating system based on the Linux kernel, the first thing we do is to download its installation image, or ISO, from the official distribution website. Before proceeding with the actual installation, however, it is crucial to verify the integrity of the image, to be sure it is what it claims to be, and nobody has compromised it. In this tutorial we will see the basic steps we can follow to accomplish this task.

In this tutorial you will learn:

  • What is the basic difference between gpg encrypting and signing
  • How to download and import a gpg public key from a key server
  • How to verify a gpg signature
  • How to verify the checksum of an ISO

Read more

Tips & Tricks with Netcat command on Linux

Tips & Tricks with Netcat command on Linux

by

Netcat is a versatile networking utility which can be used for reading from and writing to TCP and UDP connections on arbitrary ports (as with other utilities used on Linux, ports below 1024 require root/sudo privileges). By default netcat uses TCP connections, but UDP can be specified with the -u flag. Netcat can be used as both a server and a client. When used as a server the -l flag is used to listen for a connection. Similar to the cat command, netcat can receive information from stdin and write to stdout making it great for workflows involving pipes and redirects. The nc command is typically used to evoke netcat for ease of use.

Read more

systemd-logo

Introduction to the Systemd journal

by

Systemd is nowadays the init system adopted by almost all Linux distributions, from Red Hat Enterprise Linux to Debian and Ubuntu. One of the things that made Systemd the target of a lot of critics is that it tries to be a lot more than a simple init system and tries to re-invent some Linux subsystems.

The traditional logging system used on Linux, for example was rsyslog, a modern version of the traditional syslog. Systemd introduced its own logging system: it is implemented by a daemon, journald, which stores logs in binary format into a “journal”, which can be queried by the journalctl utility.

In this tutorial we will learn some parameters we can use to modify the journald daemon behavior, and some examples of how to query the journal and format the output resulting from said queries.

In this tutorial you will learn:

  • How to change default journald settings
  • How journald can coexist with syslog
  • How to query the journal and some ways to format the queries output

Read more

How to create compressed encrypted archives with tar and gpg

How to create compressed encrypted archives with tar and gpg

by

There are many reasons why you may want to create compressed encrypted file archives. You may want to create an encrypted backup of your personal files. Another possible scenario is that you may want to privately share content with a friend or colleague over the web or through cloud storage. Tar.gz files, or compressed tarballs, are created using the tar command. These tarballs are pretty much the standard go-to format for archives on GNU/Linux, however they are not encrypted. In the above scenarios that we mentioned it is often desirable to have encryption in order to secure your data. This is where gpg comes in.

Read more

Connection Information menu on Manjaro Linux

Configuring Network on Manjaro Linux

by

There’s a lot of network configuration that can be done on Manjaro Linux. Configuring DHCP, static IP addresses, default gateway, DNS, firewall, and other network settings can all be done from either GUI or command line. In this guide, we’ll show you a few methods for configuring the networking on your own system.

In this tutorial you will learn:

  • How to access network information
  • How to configure DHCP or static IP address
  • How to configure default gateway, DNS, and other settings
  • How to check public IP address

Read more