Improve The CrowdSec Multi-Server Installation With HTTPS Between Agents

CrowdSec Multi-Server Installation With HTTPS

Prerequisites

This article is a follow-up from the Crowdsec multi-server setup. It applies to a configuration with at least two servers (referred to as server-1 and one of server-2 or server-3).

Goals

To address security issues posed by clear http communication in our previous crowdsec multi-server installation, we propose solutions to achieve communication between Crowdsec agents over encrypted channels. On top of that, the third solution allows server-2 or server-3 to trust server-1 identity, and avoid man-in -the -middle attacks.

Using self-signed certificates

Create the certificate

First we have to create a certificate. This can be achieved with the following one-liner.

openssl req -x509 -newkey rsa:4096 -keyout encrypted-key.pem -out cert.pem -days 365 -addext "subjectAltName = IP:172.31.100.242"

For now crowdsec is not able to ask for the passphrase of the private key when starting.  Thus we have the choice to decipher by hand the private key each time we start or reload crowdsec or store the key unencrypted. In any way to strip the passphrase one can do:

openssl rsa -in encrypted-key.pem -out key.pem

Then, the unencrypted key file can be safely deleted after Crowdsec is started.

Configure crowdsec for using a self-signed certificate

On server-1 we have to tell crowdsec to use the generated certificate. Hence, the  tls.cert_file and tls.key_file option in the api.server section of the following /etc/crowdec/config.yaml excerpt set to the generated certificate file.

api:

  server:

    log_level: info

    listen_uri: 10.0.0.1:8080

    profiles_path: /etc/crowdsec/profiles.yaml

    online_client: # Crowdsec API credentials (to push signals and receive bad 

    tls:

      cert_file: /etc/crowdsec/ssl/cert.pem

      key_file: /etc/crowdsec/ssl/key.pem

On the client side configuration changes happen in two files. First we have to modify /etc/crowdec/config.yaml to accept self-signed certificates by setting the insecure_skip_verify to true.

We have to change http for https in the  /etc/crowdsec/local_api_credentials.yaml file too in order to reflect the changes. This small change has to be done on all three servers (server-1, server-2 and server-3).

Experimenting with Python implementation of Host Identity Protocol

Experimenting with Python implementation of Host Identity Protocol

INTRODUCTION

Sometimes it is easier to implement prototypes in user space using high-level languages, such as Python or Java. In this document we attempt to describe our implementation effort related to Host Identity Protocol version 2. In the first part, we describe various security solutions, then we discuss some implementation details of the HIP protocol, and finally, in the last part of this work we discuss the performance of the HIP and IPSec protocols implemented using Python language.

BACKGROUND

In this section we will describe the basic background. First, we will discuss the problem of mobile Internet and introduce the Host Identity Protocol. We then move to the discussion of various security protocols. We will conclude the section with the discussion of Elliptic Curves and a variant of DiffieHellman algorithm, which uses EC cryptography (ECC).

Dual role of IP

Internet was designed initially so that the Internet Protocol (IP) address is playing dual role: it is the locator, so that the routers can find the recipient of a message, and it is an identifier, so that the upper layer protocols (such as TCP and UDP) can make bindings (for example, transport layer sockets use IP addresses and ports to make a connections). This becomes a problem when a networked device roams from one network to another, and so the IP address changes, leading to failures in upper layer connections. The other problem is establishment of the authenticated channel between the communicating parties. In practice, when making connections, long term identities of the parties are not verified. Of course, there are solutions such as SSL which can readily solve the problem at hand. However, SSL is suitable only for TCP connections and most of the time practical use cases include only secure web surfing and establishment of VPN tunnels. Host Identity Protocol on the other hand is more flexible: it allows peers to create authenticated secure channels on the network layer, and so all upper layer protocols can benefit from such channels.

HIP13 relies on the 4-way handshake to establish an authenticated session. During the handshake, the peers authenticate each other using long-term public keys and derive session keys using Diffie-Hellman or Elliptic Curve (EC) Diffie-Hellman algorithms. To combat the denial-of-service attacks, HIP also introduces computational puzzles.

Gaming Time? Top 3 VR Games Available on Linux

Top 3 VR Games Available on Linux

It’s possible to deep dive into the virtual reality gaming world on your Linux system. Want to explore VR games on Linux? This article takes you through the top 3 VR games available on Linux.

Ready to get amazed? Let’s start.

What are VR Games?

VR games are the new-gen computer games enabled with virtual reality, in short, VR technology. It gives players a first-person perspective of all the gaming actions. As a participant, you can enjoy the gaming environment through your VR gaming devices, such as hand controllers, VR headsets, sensor-equipped gloves, and others.

VR games are played on gaming consoles, standalone systems, powerful laptops, and PCs compatible with VR headsets including HTC Vive, Oculus Rift, HP Reverb G2, Valve Index, and others.

Now, a little brief about VR technology. By now, you know that VR is an abbreviation of Virtual Reality. This is, basically, a computer-generated simulation where the player controls its generated objects through the limb and facial movements in a three-dimensional environment. This environment is interacted with through special equipment, like clothing having touch simulating pressure nodes and enclosed glasses with screens in front, instead of lenses.

A lot of VR objects are usable as they are in reality and the gaming developers are making the VR universe more and more immersive with each passing day.

How to Get VR Games on Linux

The Steam store seems to be the best way to get VR games on your system. Good news: you don’t need to worry about installing all the modules and software to run the game smoothly. Steam client is ready to take all the worries. So, get a Steam account by downloading the client from Steam’s site.

Back in 2019, it was reported that VR Linux desktops are around the corner. What about now? Xrdesktop is here for you. Xrdesktop is free to use. It lets you work with the common desktop environments, like GNOME and KDE.

The SimulaVR is a similar open-source project to check out.

Top 3 VR Games Available on Linux

Now the fun part: In this section, we’ll share the best 5 VR games to play on Linux in your gaming time.

How to Check Battery Status Using Linux Command Line

How to Check Battery Status Using Linux Command Line

Checking the battery status through GUI is easy. Hovering the mouse cursor over the battery indicator given in the Laptop task bar simply shows the battery level. But, did you know you can find the battery status through the Linux command line as well?

Yes, there are some utilities in Linux that can be of help in this regard.

This article explains 4 different methods of checking laptop battery status using the Linux command line. So,

Why Do You Need to Check Battery Status?

So, why do you need to check the battery status? Knowing laptop battery health on a monthly basis is a good practice. It’ll inform you about any issues your computer might have related to charging or battery life. You can get alerted earlier and take the measures required, such as charging or altering batteries.

When your PC is not active, the power management feature levels down its components to a low-power state. And also turns off the power. 

Similarly, knowing the power source, battery model name, the technology used, vendors, etc helps operate your devices better and keep work going without any hassles.

How to Check Battery Status Using Linux Command Line

Follow the methods mentioned below to check battery status using the Linux command line. Check Battery Status with “upower” CommandThe command produces output 

Check Battery Status with upower Command

The upower command-line tool helps extract information related to the power source (batteries). It provides an interface to list down all the power sources of your PC or laptop.

Options Used with the upower Command

  • –monitor: You can print a line each time a battery or power source is added by connecting –monitor to upower. It also produces outputs while the power sources are removed or changed.

  • –monitor-detail: This option prints the full power source detail whenever an event occurs.

 

Syntax

upower -i /org/freedesktop/UPower/devices/battery_BAT0

upower -i `upower -e | grep 'BAT'`

upower -i $(upower -e | grep BAT) | grep --color=never -E "state|to\ full|to\ empty|percentage"

The above are three different ways of using acpi command to find power source information.

Use cat and find

The “cat” and “find” commands also help find details about your battery and power source.

Syntax

For the battery capacity, the syntax would be:

cat /sys/class/power_supply/BAT0/capacity

For more detailed battery information use the find command.

How to Decrease Video Sizes Using FFmpeg in Linux

How to Decrease Video Sizes Using FFmpeg in Linux

Decreasing video sizes becomes necessary when space is limited in cloud services, disks, or personal storage drives. You can easily hold onto larger files by chopping them down to a lower size.

The world of open-source video editing tools is huge. So, choosing one can be tricky. This article explains how you can efficiently decrease video sizes using FFmpeg in Linux.

What is FFmpeg?

So, what is FFmpeg? FFmpeg is a free and open-source command-line utility used in handling audio, video, other multimedia files, and streams in Linux. It has widespread use in video scaling, format transcoding, basic editing, standards compliance, and video post-production effects.

It can create GIFs, edit videos, and record also. You can convert videos at up to a minuscule level while maintaining the quality to a great extent. 

MPEG video standards group brought inspiration in defining the name of this media handling software project, while “FF” stands for “Fast Forward”. FFmpeg functions as a backbone of several software projects and renowned media players – YouTube, Blender, VLC, and iTunes, to name a few.

How to Install FFmpeg

Want to get hands-on with it? Let’s install FFmpeg.

Basically, you have to use the following codes for Ubuntu, Arch Linux, and Fedora respectively.

# Debian/Ubuntu

sudo apt-get install ffmpeg


# Arch Linux

sudo pacman -S ffmpeg


#REHL/CentOS/Fedora

sudo dnf install ffmpeg

sudo rpm install ffmpeg

sudo yum install ffmpeg

 

And FFmpeg will be in your Linux distro.

Basic Usage of FFmpeg

To convert a media file using the default settings of FFmpeg, type:

ffmpeg -i inputfile.video outputfile.video

The above command will change the specified format into the output format given. 

How to Decrease Video Sizes Using FFmpeg

Going to the basics: Not all video files are created following the same procedure. Hence, file sizes tend to be different. For example, the avi video file extensions are larger than mp4 files.

Takeaway? The smallest mp4 file of a video will be smaller than the smallest avi file of the same video. However, the quality will vary with each of these varied file sizes. Mp4s are not the smallest size you can expect. Various containers for Windows media videos and flash videos (FLV and WMV) are the winners.

How to Replace a Variable in a File Using SED

How to Replace a Variable in a File Using SED

Want to know the tricks of replacing a variable in a file using the SED command?

This article will give you an overview of replacing a variable value in a file using SED. Before replacing a variable in a file using SED, you need to understand what SED is, the syntax of SED, and how SED works.

I’ll also show how to perform delete operations using SED. This will come after the variable value replacement part. If you’re looking for that, you can directly jump onto that, and skip the rest.

So, let’s begin the guide.

 

What is SED?

So, what is  SED?

SED command in Linux stands for Stream Editor. It performs searching, insertion, find and replace, deletion. In the Linux world, SED is mainly popular for its find and replace functionality.

With the help of SED, coders can edit files without even opening them.

In a nutshell,

  • SED is a text stream editor. It can be used to do find and replace, insertion, and delete operations in Linux.

  • You can modify the files as per your requirements without having to open them.

  • SED is also capable of performing complex pattern matching.

 

Syntax of SED

Here we’ll see the syntax of SED used in a simple string replacement. This will help understand the command better.

So the syntax is:

sed -i 's/old-string/new-string/g' file_name

 

How SED Works

In the syntax, you only need to provide a suitable “new string” name that you want to be placed with the “old string”. Of course, the old string name needs to be entered as well.

Then, provide the file name in the place of “file_name” from where the old string will be found and replaced.

Here’s a quick example to clear the concept.

Suppose, we have a random text “Welcome to Linux Channel” in a text file called “file.txt”.

Now, we want to replace “Channel” with “Family”. How can we do that?

First, write the below-given command in the terminal to create the file.

cat file.txt

Press enter, then type:

Welcome to Linux Channel

Let’s alter “Channel” with “Family” now. So, go to the next line, and type:

sed -i 's/Channel/Family/g' file.txt

After running the command, to view the file again, type:

cat file.txt

You’ll see “Channel” has been replaced with “Family”. In this way, you can replace a string using the SED command. Let’s learn how to replace a variable using SED, now.