Configuring TACACS+ Server With A Simple GUI

Configuring TACACS+ Server With A Simple GUI

Managing authentication and authorization in a large-scale network is a challenge: the passwords need to be set and rotated every now and then, access to certain configuration settings needs to be controlled and, finally, users’ actions need to be logged somewhere. This poses a need for a centralized controller in the network that is responsible for such functions. Modern routers and switches, which typically run Linux operating systems, support TACACS+ protocol that enables system administrators to implement flexible rules for authentication and authorization. However, TACACS+ server implementation for Linux operating system, although neat, lacks a graphical user interface which makes daemon configuration a smooth and intuitive process. In the next few paragraphs, we will discuss how to configure the TACACS+ daemon on Linux operating system and demonstrate how to deploy a simple, yet intuitive, GUI used for the configuration of the TACACS+ instance.

TACACS+, which stands for Terminal Access Controller Access-Control System Plus, is a protocol mainly designed by Cisco and standardized in RFC8907. The primary goal of the protocol is to handle authentication and authorization of commands executed on remote telecommunication hardware on a centralized server. TACACS+ is a great protocol and can be compared to RADIUS. Its key advantages are the following: it allows scrambling or obfuscating (although, not really encrypting in a cryptographic sense) the entire payload with help of MD5 hash function and a secret shared between telecommunication hardware and a central server, it supports TCP protocol for transport, and it provides the possibility of carrying out AAA functions in a flexible way. More details on the protocol can be found in the corresponding RFC.

There exists a pretty neat implementation of the TACACS+ server for Linux. And here we will discuss how to configure this implementation on Linux and also touch aspects related to the deployment of the GUI-based tool used to configure an instance of the protocol.

In order to install TACACS+ run the following commands on the server which is reachable by your zoo of network devices:

How Can You Install Google Chrome Browser on Debian?

How Can You Install Google Chrome Browser on Debian?

Google Chrome is a widely used web browser in the world. Google Chrome is fast and secure as well. However, it is not an open-source web browser. Hence, Debian comes with a pre-loaded Chromium browser, and not a Chrome. Chromium is an open-source browser.

If you still want to install the Google Chrome browser on Linux, this article is for you. Installing Chrome on Linux has a little twist as it’s not an open-source browser. So let’s check out how you can easily install Chrome browser from a Linux terminal.

Google Chrome Privacy Concerns

The source code of Google Chrome is free software. But, the binaries which Chrome is distributed with come under a restrictive BSD license. In Linux, a Google Chrome web browser is included as a pre-compiled RPM or DEB package. You need the root access to install Google Chrome from a RPM or DEB package.

The Linux Package Signing Key within an apt key ring gives Google a path to install anything virtually into the user's OS. This is done through the google-chrome-stable package because no additional involvement of the system administrator is required while updating this package in future. 

What You Need to Install Chrome

  • Login as sudo user.

  • Pre-installed wget package.

Installing Google Chrome Browser on Linux

Now I’ll guide you through the steps to install the Google Chrome browser on your Linux system.

Step 1: Download Google Chrome

First, open the Linux terminal using the terminal icon or by pressing Ctrl+Alt+T. To download the latest updated version of Google Chrome, run the below-given wget command.

wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb

Side Note: Wget utility helps download files from the internet. Using Wget, HTTP, FTP, and HTTPS files can be downloaded. It uses the following syntax.

wget [options] [url]

Most of the Linux distros come with a pre-loaded wget utility. If not, please use the below command to get wget on your system.

sudo apt install wget

Step 2: Install Google Chrome

Once the browser is downloaded, install Chrome. To install, write:

sudo apt install ./google-chrome-stable_current_amd64.deb

The above command is useful in installing the Chrome web browser. After completing the installation, you will be required to enter the user password.

Starting Google Chrome

Once you have installed Chrome on your Linux system, start it by typing “google-chrome” on the terminal. You can also open Google Chrome using the Google Chrome icon given within the Activities list.

Sending EmailsSend them from Linux Terminal?

Send them from Linux Terminal

Does your job require sending a lot of emails on a daily basis? And you often wonder if or how you can send email messages from the Linux terminal.

This article explains about 6 different ways of sending emails using the Linux terminal. Let’s go through them.

sendmail Command

Use the sendmail command to send emails to one or more people at once. Sendmail is one of the most popular SMTP servers in Linux. You can easily send emails directly from the command line using the sendmail command. To route the information, the sendmail command makes use of the network configured on your system. 

Let’s execute the following commands to create a file having email content.

cat /tmp/email.txt

Subject: Terminal Email Send

Email Content line 1

Email Content line 2

The Subject will be the line used as a subject for the email.

Now, to send the email, use the following syntax.

sendmail user@example.com  < /tmp/email.txt

mail Command

Just like Sendmail, you can use the mail command for sending emails from the terminal. Use the below-given command for this purpose.

mail -s "Test Subject" user@example.com < /dev/null

Here -s defines the email subject. 

To send an attachment included within the email, type the below-mentioned line.

mail -a /opt/backup.sql -s "Backup File" user@example.com < /dev/null

Here -a is used to include attachments. If yours is a Debian-based distro, use -A because it uses the mailutils package.

If you have to send emails to multiple recipients at a time, add comma-separated emails in the following manner.

mail -s "Test Email"  user@example.com,user2@example.com < /dev/null

mailx Command

The GNU Mailutils is a combination of multiple utility packages. All Mailutils can operate on mailboxes starting from UNIX maildrops, maildir, and all the way up to remote mailboxes. These mailboxes are accessed with IMAP4, POP3, and SMTP. Mailutils is made for developers, regular Linux users, and system administrators. 

For the installation purpose, use the following command.

sudo apt install mailutils

The mailutils package is mainly made of 2 commands, mail and mailx, and they both function in a similar manner.

7 Important Linux Commands for Every Linux User

7 Important Linux Commands for Every Linux User

Linux might sound scary for first-time Linux users, but actually, it isn’t. Linux is a bunch of open-source Unix operating systems based on Linux Kernel. These operating systems are called Linux distributions, such as Fedora, Debian, Ubuntu, and Mint.

Since its inception in 1991, Linux has garnered popularity for being open-source. People can modify and redistribute Linux under their own brand. When using a Linux OS, you need a shell to access the services provided. Also, it’s recommended to run your Linux OS through a CLI or command-line interface. CLI makes time-consuming processes quicker.

This article presents a guide to 7 important Linux commands for every Linux user to know. So, let’s begin.

cat Command

cat is the shortened form of “concatenate”. It’s a frequently used multi-purpose Linux command. This command is used to create, display, and copy a file content on the standard output.

Syntax

cat [OPTION]... [FILE]..

To create a file, type:

cat >   

// Enter file content

To save the file created, press Ctrl+D. And to display the file content, execute:

cat 

cd Command

The cd command is used to navigate through the directories and files in Linux. It needs either the entire path or the directory name depending on the current directory.

Syntax

cd [Options] [Directory]

Suppose you’re in /home/username/Documents. You want to navigate to a subdirectory of Documents which is Photos. To do that, execute:

cd Photos

To move to an entirely different directory, type cd and then the directory’s absolute path.

cd /home/username/Movies

The above command will switch to /home/username/Movies. Apart from this, the commands, cd.., cd, and cd- are used to move one directory up, to go to the home folder, and to go to the previous directory respectively.

Reminder: Linux’s shell is case-sensitive. So, make sure you type the name’s directory as it is.

echo Command

The echo command displays a line of text or string passed as an argument. It’s used for the purpose of debugging shell programs in the Linux terminal.

Syntax

echo [Option] [String]

Other examples of the echo command are:

  • echo "String": This displays the string within the quotes.

  • echo -e "Learn \nBy \nDoing": Here the ‘-e’ tag allows the echo command to understand the backslash escape sequences in the argument.

In PuTTY, Scripted Passwords are Exposed Passwords

PuTTY Scripted Passwords are Exposed Passwords

PuTTY is one of the oldest and most popular SSH clients, originally for Windows, but now available on several platforms. It has won corporate support and endorsement, and is prepared and bundled within several third-party repositories.

Unfortunately, the 0.74 stable PuTTY release does not safely guard plain-text passwords provided to it via the -pw command line option for the psftp, pscp, and plink utilities as the documentation clearly warns. There is evidence within the source code that the authors are aware of the problem, but the exposure is confirmed on Microsoft Windows, Oracle Linux, and the package prepared by the OpenBSD project.

After discussions with the original author of PuTTY, Simon Tatham developed a new -pwfile option, which will read an SSH password from a file, removing it from the command line. This feature can be backported into the current 0.76 stable release. Full instructions for applying the backport and a .netrc wrapper for psftp are presented, also implemented in Windows under Busybox.

While the -pw option is attractive for SSH users who are required to use passwords (and forbidden from using keys) for scripting activities, the exposure risk should be understood for any use of the feature. Users with security concerns should obtain the -pwfile functionality, either by applying a patch to the 0.76 stable release, or using a snapshot release found on the PuTTY website.

Vulnerability

The psftp, pscp, and plink utilities are able to accept a password on the command line, as their usage output describes: