Expanding Your Nextcloud Instance Using Linode’s NVMe-Backed Block Storage

Expanding Your Nextcloud Instance Using Linode's NVMe-Backed Block Storage

Nextcloud is a very popular self-hosted alternative to Dropbox, Google Drive, and other cloud hosting providers. It's not only the go-to choice for individuals, either. Nextcloud has a number of enterprise-level deployments.

Given the above, we decided to install Nextcloud on a Linode Dedicated CPU and see just what it would take to configure it to use Linode's new NVMe-backed block storage. This article was the result.

See if Linode works for you with $100 in credit

Watch the video version of this article:

The first challenge is setting up an instance of Nextcloud. There are any number of ways to do this: One could install and configure a web server and a PHP environment by hand. This has the advantage of low overhead, but will mean that you'll need to harden your Linode against common Nextcloud and PHP vulnerabilities. Plus, it will require you to apply any optimizations like Redis or other such memcaches yourself. 

Alternatively, you could pull down a premade Docker image from Nextcloud which should handle a lot of these things itself. But Docker can be a rather cumbersome tool and that still leaves a ton of configuration for you to do with reverse proxies.

There's also the Nextcloud snap package, however I wouldn't touch that with a ten foot pole.

Finally, after some waffling, I decided to go with Linode's One Click installer. A pre-made image of Debian 10 that automatically provisions everything you'll need to run a Nextcloud instance. Even going so far as to do some basic hardening, such as installing Fail2Ban to protect against bruteforce attacks.

The process couldn't be simpler. Open up the Linode Cloud Manager and select Marketplace on the left hand side of the screen. Then select Nextcloud from the list of available applications. Fill in your information like the Nextcloud administrative username and password, then the database password. Choose a datacenter, then choose a password for your OS. Finally, click "Create" and wait for the Linode to provision and the Nextcloud install script to finish.

SSH Key Rotation with the POSIX Shell – Sunset Nears for Elderly Keys

SSH Key Rotation with the POSIX Shell

Introduction

OpenBSD has recently stressed to us the value of key rotation by their use of “Signify” distribution release signatures. We have realized that SSH keys should also rotate, to reduce the risk of powerful keys that fall into the wrong hands which become “the gift that keeps on giving.” There have always been open questions on the retirement of SSH keys. These questions have grown in volume and many are joining the advocacy for SSH certificate authorities.

To “rotate” an SSH key is to replace it, in such a way that it is no longer recognized, requiring removal from the authorized_keys file. SSH rotation is commonly addressed with Ansible, but this leaves many users on smaller systems or lacking privilege without recourse. A more basic and accessible method to migrate SSH keys is sorely lacking.

Below is presented an SSH key rotation script written in nothing more than the POSIX shell.

There is palpable danger in the misuse of such a tool. Many administrators control inaccessible systems that entail massive inconvenience in a loss of control. Demonstrated here are rotation schemes of increasing risk, for any holder of a key to choose, to their own tolerance. Hopefully, I have not made grave mistakes in the design.

The most conservative users of this approach should tread with extreme caution, test carefully, and ensure alternate means of access prior to any deployment. As the author, I have no desire to assume any responsibility for a failed rotation, and its consequences. I especially disavow the “wipe” option below to remove entries from authorized_keys. It is presented as commentary, not working code.

In any case, we foolishly rush in where the more prudent fear to tread.

What Version of RHEL am I Using?

What Version of RHEL am I Using?

RHEL or Red Hat Enterprise Linux is one of the many operating systems provided by Red Hat. Red Hat is a popular Linux OS and has started functioning ever since the mid-1990s. Red Hat earned a good reputation due to being stable, regularly updated, and reliable.

If you are using RHEL and want to find its version, this article is for you. Now let’s check 7 useful methods to know what version of RHEL you are using.

Method 1: Track Your System with Hostnamectl

The hostnamectl command helps track your system’s appearance on a network. It also finds the operating system and its release version. So, this can be a quick way to check this information.

To use this command, open a terminal and type:

$ hostnamectl

In the output result, you’ll see the OS, kernel, and the architecture details.

Method 2: Use RPM Command

Red Hat Package Manager, abbreviated to RPM, is a well known core package management utility included in Red Hat Enterprise Linux. You can identify the RHEL version you are using with this command.

Use RPM in the following manner.

$ rpm --query redhat-release

You can also identify CentOS’ (another OS offered by Red Hat) release version using the RPM command. To check, type:

$ rpm --query centos-release

As you enter the command suitable for your OS, the release version will appear on the screen.

Method 3: Check Red Hat Release File

Linux distributions based on Red Hat contain release files. You can find such files in the /etc/redhat-release directory. There are various types of Red hat release files, such as system-release, os-release, and redhat-release.

Check your Red Hat OS release version with the help of the below-given command.

$ cat /etc/redhat-release

To get more information, you can use the following commands.

$ cat /etc/system-release

$ cat /etc/os-release #contains more information

Method 4: Check within Red Hat Issue File

To check your Red Hat version, check within the /etc/issue file. To find the version, type:

$ cat /etc/issue

Method 5: Use lsb_release Command

LSB stands for Linux Standard Base. The lsb_release command shows the Linux distribution information and some LSB. On RHEL, the lsb_release is provided within the redhat_lsb. You can simply install the redhat_lsb package to use the command. To install, type:

What Version of RHEL am I Using?

What Version of RHEL am I Using?

RHEL or Red Hat Enterprise Linux is one of the many operating systems provided by Red Hat. Red Hat is a popular Linux OS and has started functioning ever since the mid-1990s. Red Hat earned a good reputation due to being stable, regularly updated, and reliable.

If you are using RHEL and want to find its version, this article is for you. Now let’s check 7 useful methods to know what version of RHEL you are using.

Method 1: Track Your System with Hostnamectl

The hostnamectl command helps track your system’s appearance on a network. It also finds the operating system and its release version. So, this can be a quick way to check this information.

To use this command, open a terminal and type:

$ hostnamectl

In the output result, you’ll see the OS, kernel, and the architecture details.

Method 2: Use RPM Command

Red Hat Package Manager, abbreviated to RPM, is a well known core package management utility included in Red Hat Enterprise Linux. You can identify the RHEL version you are using with this command.

Use RPM in the following manner.

$ rpm --query redhat-release

You can also identify CentOS’ (another OS offered by Red Hat) release version using the RPM command. To check, type:

$ rpm --query centos-release

As you enter the command suitable for your OS, the release version will appear on the screen.

Method 3: Check Red Hat Release File

Linux distributions based on Red Hat contain release files. You can find such files in the /etc/redhat-release directory. There are various types of Red hat release files, such as system-release, os-release, and redhat-release.

Check your Red Hat OS release version with the help of the below-given command.

$ cat /etc/redhat-release

To get more information, you can use the following commands.

$ cat /etc/system-release

$ cat /etc/os-release #contains more information

Method 4: Check within Red Hat Issue File

To check your Red Hat version, check within the /etc/issue file. To find the version, type:

$ cat /etc/issue

Method 5: Use lsb_release Command

LSB stands for Linux Standard Base. The lsb_release command shows the Linux distribution information and some LSB. On RHEL, the lsb_release is provided within the redhat_lsb. You can simply install the redhat_lsb package to use the command. To install, type:

Want to Upgrade RHEL 8.3? Here’s the Best Way to Upgrade to RHEL 8.4

Red Hat Enterprise Linux 8.4

Red Hat Enterprise Linux (shortened to RHEL) 8.4 is now available for the Linux customers. RHEL 8.4 has various updates and enhancements for developers, designers, and production teams. So now you can download the latest version from Red Hat’s official site

But before downloading RHEL 8.4 you might want to have a sneak peek at all the new features offered by this model. This article will explain that and then will take you through the upgrade procedure using the dnf command-line option.

About RHEL 8.4 

RHEL 8.4 offers a definitive guide from development to deployment. It helps teams collaborate within a single open platform that includes tools and analytics required for building and managing these systems. The latest tools, advanced container capabilities, and programming languages included in RHEL 8.4 allow the developers to perform any task with a new set of codes faster.

New software updates available in RHEL 8.4 are Redis 6, Python 3.9, MariaDB 10.5, PostgreSQL 13, LLVM/Clang, GCC 10, Go 1.15, and Rust 1.49.

When it comes to hardware support, Intel Tiger Lake GPUs are supported now by RHEL. These GPUs come with Intel Xe and Intel UHD graphics.

How to Upgrade RHEL 8.3 to RHEL 8.4

Before starting the significant RHEL version upgrade, keep verified RHEL 8.x backups.

At first, login as a root user by typing:

ssh ec2-user@rhel-8-ec2-box

Then, note the current kernel with the help of following commands.

$ uname -a

$ uname -r

$ cat /etc/os-release

You can use Ansible to upgrade or update RHEL running at Google Cloud or AWS. Another way is to use updated images to get rid of earlier instances. Now let's follow the commands given below in a step-by-step guide to upgrade RHEL 8.3.

#1: Take Backups

Always take a backup before updating your current distro because if you don’t you’ll lose all your data and important files saved in the computer. And you must use bash or any modern shell while executing the actions given in this article.

#2: Check for Updates

To check for updates type the following command.

$ sudo dnf check-update

#3: Upgrading RHEL 8.3 to 8.4

To apply or install updates, type the following Linux command.

Configuring TACACS+ Server With A Simple GUI

Configuring TACACS+ Server With A Simple GUI

Managing authentication and authorization in a large-scale network is a challenge: the passwords need to be set and rotated every now and then, access to certain configuration settings needs to be controlled and, finally, users’ actions need to be logged somewhere. This poses a need for a centralized controller in the network that is responsible for such functions. Modern routers and switches, which typically run Linux operating systems, support TACACS+ protocol that enables system administrators to implement flexible rules for authentication and authorization. However, TACACS+ server implementation for Linux operating system, although neat, lacks a graphical user interface which makes daemon configuration a smooth and intuitive process. In the next few paragraphs, we will discuss how to configure the TACACS+ daemon on Linux operating system and demonstrate how to deploy a simple, yet intuitive, GUI used for the configuration of the TACACS+ instance.

TACACS+, which stands for Terminal Access Controller Access-Control System Plus, is a protocol mainly designed by Cisco and standardized in RFC8907. The primary goal of the protocol is to handle authentication and authorization of commands executed on remote telecommunication hardware on a centralized server. TACACS+ is a great protocol and can be compared to RADIUS. Its key advantages are the following: it allows scrambling or obfuscating (although, not really encrypting in a cryptographic sense) the entire payload with help of MD5 hash function and a secret shared between telecommunication hardware and a central server, it supports TCP protocol for transport, and it provides the possibility of carrying out AAA functions in a flexible way. More details on the protocol can be found in the corresponding RFC.

There exists a pretty neat implementation of the TACACS+ server for Linux. And here we will discuss how to configure this implementation on Linux and also touch aspects related to the deployment of the GUI-based tool used to configure an instance of the protocol.

In order to install TACACS+ run the following commands on the server which is reachable by your zoo of network devices:

How Can You Install Google Chrome Browser on Debian?

How Can You Install Google Chrome Browser on Debian?

Google Chrome is a widely used web browser in the world. Google Chrome is fast and secure as well. However, it is not an open-source web browser. Hence, Debian comes with a pre-loaded Chromium browser, and not a Chrome. Chromium is an open-source browser.

If you still want to install the Google Chrome browser on Linux, this article is for you. Installing Chrome on Linux has a little twist as it’s not an open-source browser. So let’s check out how you can easily install Chrome browser from a Linux terminal.

Google Chrome Privacy Concerns

The source code of Google Chrome is free software. But, the binaries which Chrome is distributed with come under a restrictive BSD license. In Linux, a Google Chrome web browser is included as a pre-compiled RPM or DEB package. You need the root access to install Google Chrome from a RPM or DEB package.

The Linux Package Signing Key within an apt key ring gives Google a path to install anything virtually into the user's OS. This is done through the google-chrome-stable package because no additional involvement of the system administrator is required while updating this package in future. 

What You Need to Install Chrome

  • Login as sudo user.

  • Pre-installed wget package.

Installing Google Chrome Browser on Linux

Now I’ll guide you through the steps to install the Google Chrome browser on your Linux system.

Step 1: Download Google Chrome

First, open the Linux terminal using the terminal icon or by pressing Ctrl+Alt+T. To download the latest updated version of Google Chrome, run the below-given wget command.

wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb

Side Note: Wget utility helps download files from the internet. Using Wget, HTTP, FTP, and HTTPS files can be downloaded. It uses the following syntax.

wget [options] [url]

Most of the Linux distros come with a pre-loaded wget utility. If not, please use the below command to get wget on your system.

sudo apt install wget

Step 2: Install Google Chrome

Once the browser is downloaded, install Chrome. To install, write:

sudo apt install ./google-chrome-stable_current_amd64.deb

The above command is useful in installing the Chrome web browser. After completing the installation, you will be required to enter the user password.

Starting Google Chrome

Once you have installed Chrome on your Linux system, start it by typing “google-chrome” on the terminal. You can also open Google Chrome using the Google Chrome icon given within the Activities list.

Sending EmailsSend them from Linux Terminal?

Send them from Linux Terminal

Does your job require sending a lot of emails on a daily basis? And you often wonder if or how you can send email messages from the Linux terminal.

This article explains about 6 different ways of sending emails using the Linux terminal. Let’s go through them.

sendmail Command

Use the sendmail command to send emails to one or more people at once. Sendmail is one of the most popular SMTP servers in Linux. You can easily send emails directly from the command line using the sendmail command. To route the information, the sendmail command makes use of the network configured on your system. 

Let’s execute the following commands to create a file having email content.

cat /tmp/email.txt

Subject: Terminal Email Send

Email Content line 1

Email Content line 2

The Subject will be the line used as a subject for the email.

Now, to send the email, use the following syntax.

sendmail user@example.com  < /tmp/email.txt

mail Command

Just like Sendmail, you can use the mail command for sending emails from the terminal. Use the below-given command for this purpose.

mail -s "Test Subject" user@example.com < /dev/null

Here -s defines the email subject. 

To send an attachment included within the email, type the below-mentioned line.

mail -a /opt/backup.sql -s "Backup File" user@example.com < /dev/null

Here -a is used to include attachments. If yours is a Debian-based distro, use -A because it uses the mailutils package.

If you have to send emails to multiple recipients at a time, add comma-separated emails in the following manner.

mail -s "Test Email"  user@example.com,user2@example.com < /dev/null

mailx Command

The GNU Mailutils is a combination of multiple utility packages. All Mailutils can operate on mailboxes starting from UNIX maildrops, maildir, and all the way up to remote mailboxes. These mailboxes are accessed with IMAP4, POP3, and SMTP. Mailutils is made for developers, regular Linux users, and system administrators. 

For the installation purpose, use the following command.

sudo apt install mailutils

The mailutils package is mainly made of 2 commands, mail and mailx, and they both function in a similar manner.

7 Important Linux Commands for Every Linux User

7 Important Linux Commands for Every Linux User

Linux might sound scary for first-time Linux users, but actually, it isn’t. Linux is a bunch of open-source Unix operating systems based on Linux Kernel. These operating systems are called Linux distributions, such as Fedora, Debian, Ubuntu, and Mint.

Since its inception in 1991, Linux has garnered popularity for being open-source. People can modify and redistribute Linux under their own brand. When using a Linux OS, you need a shell to access the services provided. Also, it’s recommended to run your Linux OS through a CLI or command-line interface. CLI makes time-consuming processes quicker.

This article presents a guide to 7 important Linux commands for every Linux user to know. So, let’s begin.

cat Command

cat is the shortened form of “concatenate”. It’s a frequently used multi-purpose Linux command. This command is used to create, display, and copy a file content on the standard output.

Syntax

cat [OPTION]... [FILE]..

To create a file, type:

cat >   

// Enter file content

To save the file created, press Ctrl+D. And to display the file content, execute:

cat 

cd Command

The cd command is used to navigate through the directories and files in Linux. It needs either the entire path or the directory name depending on the current directory.

Syntax

cd [Options] [Directory]

Suppose you’re in /home/username/Documents. You want to navigate to a subdirectory of Documents which is Photos. To do that, execute:

cd Photos

To move to an entirely different directory, type cd and then the directory’s absolute path.

cd /home/username/Movies

The above command will switch to /home/username/Movies. Apart from this, the commands, cd.., cd, and cd- are used to move one directory up, to go to the home folder, and to go to the previous directory respectively.

Reminder: Linux’s shell is case-sensitive. So, make sure you type the name’s directory as it is.

echo Command

The echo command displays a line of text or string passed as an argument. It’s used for the purpose of debugging shell programs in the Linux terminal.

Syntax

echo [Option] [String]

Other examples of the echo command are:

  • echo "String": This displays the string within the quotes.

  • echo -e "Learn \nBy \nDoing": Here the ‘-e’ tag allows the echo command to understand the backslash escape sequences in the argument.

In PuTTY, Scripted Passwords are Exposed Passwords

PuTTY Scripted Passwords are Exposed Passwords

PuTTY is one of the oldest and most popular SSH clients, originally for Windows, but now available on several platforms. It has won corporate support and endorsement, and is prepared and bundled within several third-party repositories.

Unfortunately, the 0.74 stable PuTTY release does not safely guard plain-text passwords provided to it via the -pw command line option for the psftp, pscp, and plink utilities as the documentation clearly warns. There is evidence within the source code that the authors are aware of the problem, but the exposure is confirmed on Microsoft Windows, Oracle Linux, and the package prepared by the OpenBSD project.

After discussions with the original author of PuTTY, Simon Tatham developed a new -pwfile option, which will read an SSH password from a file, removing it from the command line. This feature can be backported into the current 0.76 stable release. Full instructions for applying the backport and a .netrc wrapper for psftp are presented, also implemented in Windows under Busybox.

While the -pw option is attractive for SSH users who are required to use passwords (and forbidden from using keys) for scripting activities, the exposure risk should be understood for any use of the feature. Users with security concerns should obtain the -pwfile functionality, either by applying a patch to the 0.76 stable release, or using a snapshot release found on the PuTTY website.

Vulnerability

The psftp, pscp, and plink utilities are able to accept a password on the command line, as their usage output describes:

How To Pick a Linux Distribution

How To Pick a Linux Distribution

I have suffered from distrohopping. Now that I have settled for the last two years, here are some tips to save your time.

  1. All distros run the same operating system at their core, Linux. They are more similar than different. Hence, the marginal cost (time) of looking for a better distro is much more than the marginal benefit of it.

  2. Say no to distributions made for specific purposes like Kali, CentOS, and OpenSuse. OpenSuse is great, but it is made for enterprise use. An everyday user won't ever need most of its features. To maintain it would be a waste of time. The same goes for the RedHat family.

  3. Instead of trimming Suse, you better pick a distro made for everyday people, such as AntiX and SolusOS. Read their descriptions and target users on Distrowatch.

  4. Avoid technical distributions like arch, its forks, and Gentoo. They are for the programmer types. If you are not one, you will likely break it. Updates tend to be massive and very frequent. And you can't install a new package without updating first. You don't want to deal with this. If you want it only for AUR, just learn to compile a little bit.

  5. Say no to most desktop environments (DEs) besides LXDE and LXQT. Prefer window managers (WMs) for maximum performance. DEs can be buggy and cause distraction. They increase boot time and update size. It may be reasonable to rule out all distros that don't come with a window manager so you don't have to do the work post-installation. Know the rule; the less stuff you have, the fewer things you can break, the fewer problems you will face. Keep it minimal. Don't allow the bling-bling to distract you.

  6. Try out different Init systems. Ever since systemd was adopted, Linux has started to feel like Windows, complex and out of hand. I do have it on Manjaro (but I did have to mask a couple of unneeded services to lower the boot time). A particular init system might work better on your specific hardware. Try some isos on a virtual machine.

  7. Avoid forks because they simply are not different enough. In addition, they tend to carry their parent distro's issues on top of their own issues. Developers can do only so much about it. Independent distributions can fix issues more quickly because they can. Prefer original and independent distros.

  8. Don't worry about software availability. Every distro hosts tools to help you install packages not present in their repos. Furthermore, package managers like Appimage and Flatpak allow you to install packages on all distros. Avoid snap. It slows down bootup and doesn't allow you to control app updates. This may change in the future though.

What’s New in Debian 11 “Bullseye”?

Image
What’s New in Debian 11 “Bullseye”?

Debian is a preferred choice of millions of Linux users for some of the most popular and powerful operating systems, like Ubuntu and its derivatives are based on Debian.

Debian 11 has finally been released, finally, after a long development work of two years. Bullseye – that’s the name given to this latest Debian Linux distro. So what are the updates and upgrades? In this article, let’s check out what’s new in Debian 11.

Debian 11’s Architecture

Debian supports a good range of hardware architectures. 

Supported Architectures

  1. ARM EABI (armel)
  2. ARMv7 (EABI hard-float ABI and armhf)
  3. 64-bit ARM (arm64)
  4. 32-bit PC (i386)
  5. 64-bit PC (amd64)
  6. Little-endian MIPS (mipsel)
  7. 64-bit little-endian PowerPC
  8. 64-bit little-endian MIPS
  9. IBM System z (s390x)

Not Supported Hardware

  1. Old MIPS 32-bit CPUs

Linux Kernel Information

Debian 11 supports the Linux Kernel 5.10 LTS. Debian 10 Buster, the earlier version to Debian 11, used Linux Kernel 4.19 while released. A newer kernel means a new set of bug fixes, new hardware support, and improved performance.

This is the perfect kernel for Debian bullseye considering the Debian lifecycle.   

Supports exFAT

exFAT is the shortened form of the Extensible File Allocation Table. It’s a filesystem used for flash memory, such as SD cards and USB flash drives.

Now Debian 11 provides support for the exFAT. For mounting the exFAT filesystem, you don’t need the filesystem-in-userspace implementation provided by the exfat-fuse package additionally anymore. Thanks to kernel 5.10! exFAT comes in handy with it. Tools for checking and creating an exFAT are given in the exfatprogs package.

Bauhaus Movement Inspired Theme & Wallpaper

Debian features cool wallpapers and a default theme for each of the major releases. Debian 11’s theme is inspired by the Bauhaus movement. Bauhaus means “building house” and it was an art and design movement from 20th century Germany. The Bauhaus movement revolved around abstract, geometric style featuring little emotion or sentiments. 

Its modern aesthetic still is immensely influential for designers, architects, and artists. You can see this theme all through Debian 11 whether it’s the installer, login window, or the Grub menu.

Newer Desktop Environment Versions

Debian 11 offers newer desktop environment versions. Desktop flavors you get here are, KDE Plasma 5.20, GNOME 3.38, LXDE 11, LXQt 0.16, Xfce 4.16, and MATE 1.24. Debian prefers stability and it’s quite clear from the desktop environments. You might not get the latest cutting-edge distributions like Fedora or Arch/Manjaro.

Updated Packages

Debian 11 consists of more than 11,294 new packages out of 59,551 packages. It also reduced over 9,519 “obsolete” packages and removed 42,821 that were updated. A total of 5,434 packages remained as they were.

A good number of software applications and package updates are included in Debian bullseye, such as Apache 2.4.48, Calligra 3.2, Emacs 27.1, LibreOffice 7.0, Inkscape 1.0.2, Linux kernel 5.10 series, Perl 5.32, PHP 7.4, Vim 8.2, PostgreSQL 13, and the list goes on. All these ready-to-use software packages are built with over 30,000 source packages.

With this huge selection of packages and wide architecture support, Debian has always stayed committed to its aim of being The Universal Operating System.

Improved Printer and Scanner Features

Debian 11 presents a new ipp-usb package. It is built with a vendor-neutral IPP-over-USB protocol that is supported by many latest printers. So, many modern-day printers will be supported now by Debian. And you won’t need the drivers for that.

SANE driverless backend lets you use scanners without any trouble.

Endnotes

Want to try Debian Bullseye? Get it from here. You can also check “bullseye” with Live Images without installing it on your PC. This will load and run the entire OS in read-only mode. These live images are available for the i386 and amd64 architectures in the form of USB sticks, DVDs, and netboot setups. Debian Live has a standard image. So you can try a basic Debian without any GUIs.

And that’s the ending of this article. Hope you find our Debian 11 guide helpful.

Privacy-focused Linux Distributions to Secure Your Online Presence in 2021

Privacy-focused Linux Distributions to Secure Your Online Presence in 2021

Linux distros are usually more secure than their Windows and Mac counterparts. Linux Operating Systems being open-source leaves very less scope of unauthorized access to its core. However, with the advancement of technologies, incidents of attacks are not rare.

Are you in a fix with the coming reports of Linux systems targeted malware attacks? Worried about your online presence? Then maybe it’s time to go for a secure, privacy-focused Linux distro. This article presents a guide to 3 privacy-oriented Linux distributions that respect your privacy online.

Why You Need a Privacy-focused Linux Distro

But before jumping into that, let’s have a brief overview regarding the importance of a secure Linux Operating System. You may know that the Operating System is the core software of your computer. It helps maintain communication across all the hardware, software, memory, and processor of the system. It also manages the hardware parts.

If your computer isn’t secure enough to use, then hackers can get easy access to the OS and can exploit it to view your files and track your presence on the internet. Privacy-focused Linux distributions offer a lot of good choices packed with the most reliable features to select from.

5 Privacy-focused Linux Distributions

Now let’s take a look at the most privacy-focused Linux distros that allow staying secure.

Septor Linux

Septor Linux is an OS created by the project called Serbian Linux. Serbian Linux also produces Serbian language-based general general-purpose Linux distribution. Septor implements the KDE Plasma desktop environment and is a newcomer among all other distros.

The Septor operating system offers a stable and reliable user experience. It’s suitable for a vast range of computers because it is built upon Debian GNU/Linux. So, a solid privacy level is what you can expect. The distro routes all of the internet traffic through Tor network to earn privacy credentials. The distro used to use a launcher script to pick up the latest Tor, however, now Tor comes in bundles with it by default.

A Guide to 5 Fair Selections of Open Source Ticketing Tools for Linux

A Guide to 5 Fair Selections of Open Source Ticketing Tools for Linux

Are you in search of open-source ticketing tools for Linux? Well, this article brings a guide to 5 fair selections of open source ticketing software to provide uninterrupted customer support.

Why You Need Ticketing Tools

A customer trouble ticketing (help desk) is an assistance resource to solve a customer query. Companies often provide customer support using email, website, and/or telephone. The importance of ticketing software is a crucial part for any business to be successful.

Your business can’t run properly without a satisfied client base. Increased customer retention is what businesses need. Right ticketing tools help ensure the best customer service for any business. 

Linux makes sure enterprises get the best possible customer service software for their businesses to have sustainable growth. Because a powerful set of ticketing software provides undivided support that the businesses deserve.

5 Best Ticketing Tools for Linux

This section takes you through 5 different ticketing software to be downloaded on Linux and why you should use them. So let’s begin!

osTicket

For all the newly started businesses, osTicket would be a viable open source ticketing tool. It’s a lightweight and efficient support ticket software used by a good number of companies. If you run an enterprise or a non-profit and are not ready for paid ticketing tools just yet, osTicket is a must-try.

osTicket provides a simple and intuitive web interface to integrate customer queries via phone, email, and web forms. Worried of spam emails? osTicket helps reduce spam enabling captcha filling and auto-refreshing techniques.

You can work on a priority basis through this ticketing tool and get the issues solved in the lowest possible time.

PHD Help Desk

PHD Help Desk is a PHP+Javascript+MySQL-based open source ticketing tool and is used in the registry. PHD helps follow-up incidents in an organization. PHD has a user base all across the world. The latest version of the PHD Help Desk is 2.12.

This ticketing tool works in various ways. Using PHD, incidents can be classified and registered into multiple levels, such as the state of incident, type, sub-type, priority, description of Incident, historical factors, to name a few. 

The database is consulted in a particular format depending on the user requirements. The data is then processed on a tallying sheet. Some of the advanced features of PHD Help Desk are the ability to export tickets into excel format, a PHPMailer Library to configure emails, and new password creation.

In Search of Linux Laptops? Check these 6 Places to Get Your Laptop in 2021

Linux Laptops

Are you in search of Linux laptops? This article takes you through 6 different places that offer the best Linux laptops. So get prepared to choose your Linux laptop in 2021.

Dell

When it comes to laptops, the first name that comes to my mind is Dell. For over 20 years Dell has been selling high-end Linux laptops. In a Dell store, you can get Ubuntu and Redhat Enterprise Linux laptops. These laptops are built to meet the needs of developers, businesses, and sysadmins.

For developers, who travel a lot, XPS 13 Developer Edition would be the confirmed best choice. Dell XPS comes at an expensive cost of around $1,000. So, if you’re in search of something less expensive, you can check Dell Inspiron laptops. Dell’s Precision workstations with RHEL or Ubuntu are designed for small business owners or CG professionals.

Side Note: Dell doesn’t have a separate section for Linux laptops. Type Ubuntu in the search to get a view of all its laptops with Linux preinstalled.

Slimbook

Slimbook is well known for its thin, rigid, and light durable laptops starting at a reasonable price of €930 (approx $1,075). These come with a nice screen, solid battery life, powerful CPU, and very good speakers.

This brand is from Spain. Slimbook came ahead of its competitors launching the first KDE laptops.

Slimbook brings laptops with a good variety of popular Linux distros, such as KDE Neon, Ubuntu, Ubuntu MATE, Linux Mint, Kubuntu. Additionally, their laptops have two Spanish Linux distros – Max and Lliurex. You can choose Windows OS as well with their laptops, but for that, additional costs are there.

Slimbook offers desktop systems too. So, if you ever need desktops, check it here

System76 

System76’s Linux laptops are very well built, powerful, and extremely portable. If you are a software developer, you travel a lot, and you’re in search of a laptop with 32G RAM and 1T SSD, then go for System76.

System76 laptops used to be Ubuntu-powered, initially. Later on, in 2017, this US-based company released their own Linux distro, called the Pop! OS. Pop OS is designed using Ubuntu. After that, Pop became the default OS with Ubuntu being still available.

Q&A trip to Linux’s Black Hole – /dev/null

Q&A trip to Linux’s Black Hole - /dev/null

As per NASA, “A black hole is a place in space where gravity pulls so much that even light can not get out”. Something similar exists in the Linux universe as well - it discards anything written to it and when read, just returns an EOF (end-of-file). It’s a special file which is also referred to as null device - /dev/null

So, it’s just a file?

Yes and most of the things in Linux is a file but /dev/null is not a regular file – lets dig deeper.

/dev/null 1

c in crw-rw-rw- tells us that it's a character special file, which means it processes data character by character. This can be checked using test -c as well:

/dev/null 2

What are the contents of the file?

Let’s check that using the cat command:

/dev/null 3

As stated earlier, it just returns an EOF (end-of-file) when read. So, it's empty!

What more can we know about the file?

Let’s find out using the stat command:

/dev/null 4

This tells us that its size is 0. Also, it’s good to note that the file’s read and write permission is enabled for everyone but it doesn't require execute permission. 

What happens to the file’s size when we write data to it?

Let’s try that:

/dev/null 5

The cat command returned nothing and as per the stat command, its size did not change.

As stated earlier, it discards anything written to it. You may write any amount of data to it, which will be immediately discarded, so its size will always remain 0 – Singularity?

In other words, you cannot change /dev/null

Download These 7 Cool Apps on Your Linux Machine to Make Life Easier

Linux Apps

Not only the Linux distros are open-source but the apps for Linux are also free. Though some business apps come with a cost, most of the apps created for individuals don’t have any charges.

Want to know about some of the cool apps to download on your Linux machine?

This article walks you through 7 apps to download on Linux to make your life easier. Head over to the next section!  

Ulauncher

Before downloading any other application on Linux, we recommend getting Ulauncher. That’s because you can launch any application via Ulauncher just by using the keyboard.

Try adding Ulaucher extensions to get the most of this app inspired by Alfred for Mac. You can extend capabilities with the extensions, such as looking up dictionary definitions, launching web searches, finding and copying emojis to a clipboard, and lots more.

Ulaucher runs smoothly and allows searching files and apps using hotkeys. Ulaucher features include built-in themes, customizable shortcuts, Fuzzy search, a wide variety of plugins, searching on Google, Stack Overflow, and Wikipedia.

Thunderbird

Thunderbird by Mozilla is an open-source email client. Some Linux distros offer Thunderbird installed. If it’s not, hop onto your App Center or Software Center and get it installed. You can download the app from their website as well.

The setup wizard guides you through the process of creating your own email address. Thunderbird provides email settings for most of the common email application providers. So, an existing email account can be added too. Attach multiple email accounts as per your needs.

Want to make Thunderbird look cool? Add-ons, such as themes, Lightning extension, sorting out Mail folders, are some of the features to try out.

Steam

Looking for gaming clients on Linux? Use Steam from Valve. Steam is, admittedly, the best games distribution store for top OSs like Linux.

From Shadow of the Tomb Raider to DiRT 4, and from DOTA 2 to Warhammer – Steam boasts many thousands of indie hits, retro-flavored, and AAA titled games for Linux

Improve The CrowdSec Multi-Server Installation With HTTPS Between Agents

CrowdSec Multi-Server Installation With HTTPS

Prerequisites

This article is a follow-up from the Crowdsec multi-server setup. It applies to a configuration with at least two servers (referred to as server-1 and one of server-2 or server-3).

Goals

To address security issues posed by clear http communication in our previous crowdsec multi-server installation, we propose solutions to achieve communication between Crowdsec agents over encrypted channels. On top of that, the third solution allows server-2 or server-3 to trust server-1 identity, and avoid man-in -the -middle attacks.

Using self-signed certificates

Create the certificate

First we have to create a certificate. This can be achieved with the following one-liner.

openssl req -x509 -newkey rsa:4096 -keyout encrypted-key.pem -out cert.pem -days 365 -addext "subjectAltName = IP:172.31.100.242"

For now crowdsec is not able to ask for the passphrase of the private key when starting.  Thus we have the choice to decipher by hand the private key each time we start or reload crowdsec or store the key unencrypted. In any way to strip the passphrase one can do:

openssl rsa -in encrypted-key.pem -out key.pem

Then, the unencrypted key file can be safely deleted after Crowdsec is started.

Configure crowdsec for using a self-signed certificate

On server-1 we have to tell crowdsec to use the generated certificate. Hence, the  tls.cert_file and tls.key_file option in the api.server section of the following /etc/crowdec/config.yaml excerpt set to the generated certificate file.

api:

  server:

    log_level: info

    listen_uri: 10.0.0.1:8080

    profiles_path: /etc/crowdsec/profiles.yaml

    online_client: # Crowdsec API credentials (to push signals and receive bad 

    tls:

      cert_file: /etc/crowdsec/ssl/cert.pem

      key_file: /etc/crowdsec/ssl/key.pem

On the client side configuration changes happen in two files. First we have to modify /etc/crowdec/config.yaml to accept self-signed certificates by setting the insecure_skip_verify to true.

We have to change http for https in the  /etc/crowdsec/local_api_credentials.yaml file too in order to reflect the changes. This small change has to be done on all three servers (server-1, server-2 and server-3).

Experimenting with Python implementation of Host Identity Protocol

Experimenting with Python implementation of Host Identity Protocol

INTRODUCTION

Sometimes it is easier to implement prototypes in user space using high-level languages, such as Python or Java. In this document we attempt to describe our implementation effort related to Host Identity Protocol version 2. In the first part, we describe various security solutions, then we discuss some implementation details of the HIP protocol, and finally, in the last part of this work we discuss the performance of the HIP and IPSec protocols implemented using Python language.

BACKGROUND

In this section we will describe the basic background. First, we will discuss the problem of mobile Internet and introduce the Host Identity Protocol. We then move to the discussion of various security protocols. We will conclude the section with the discussion of Elliptic Curves and a variant of DiffieHellman algorithm, which uses EC cryptography (ECC).

Dual role of IP

Internet was designed initially so that the Internet Protocol (IP) address is playing dual role: it is the locator, so that the routers can find the recipient of a message, and it is an identifier, so that the upper layer protocols (such as TCP and UDP) can make bindings (for example, transport layer sockets use IP addresses and ports to make a connections). This becomes a problem when a networked device roams from one network to another, and so the IP address changes, leading to failures in upper layer connections. The other problem is establishment of the authenticated channel between the communicating parties. In practice, when making connections, long term identities of the parties are not verified. Of course, there are solutions such as SSL which can readily solve the problem at hand. However, SSL is suitable only for TCP connections and most of the time practical use cases include only secure web surfing and establishment of VPN tunnels. Host Identity Protocol on the other hand is more flexible: it allows peers to create authenticated secure channels on the network layer, and so all upper layer protocols can benefit from such channels.

HIP13 relies on the 4-way handshake to establish an authenticated session. During the handshake, the peers authenticate each other using long-term public keys and derive session keys using Diffie-Hellman or Elliptic Curve (EC) Diffie-Hellman algorithms. To combat the denial-of-service attacks, HIP also introduces computational puzzles.

Gaming Time? Top 3 VR Games Available on Linux

Top 3 VR Games Available on Linux

It’s possible to deep dive into the virtual reality gaming world on your Linux system. Want to explore VR games on Linux? This article takes you through the top 3 VR games available on Linux.

Ready to get amazed? Let’s start.

What are VR Games?

VR games are the new-gen computer games enabled with virtual reality, in short, VR technology. It gives players a first-person perspective of all the gaming actions. As a participant, you can enjoy the gaming environment through your VR gaming devices, such as hand controllers, VR headsets, sensor-equipped gloves, and others.

VR games are played on gaming consoles, standalone systems, powerful laptops, and PCs compatible with VR headsets including HTC Vive, Oculus Rift, HP Reverb G2, Valve Index, and others.

Now, a little brief about VR technology. By now, you know that VR is an abbreviation of Virtual Reality. This is, basically, a computer-generated simulation where the player controls its generated objects through the limb and facial movements in a three-dimensional environment. This environment is interacted with through special equipment, like clothing having touch simulating pressure nodes and enclosed glasses with screens in front, instead of lenses.

A lot of VR objects are usable as they are in reality and the gaming developers are making the VR universe more and more immersive with each passing day.

How to Get VR Games on Linux

The Steam store seems to be the best way to get VR games on your system. Good news: you don’t need to worry about installing all the modules and software to run the game smoothly. Steam client is ready to take all the worries. So, get a Steam account by downloading the client from Steam’s site.

Back in 2019, it was reported that VR Linux desktops are around the corner. What about now? Xrdesktop is here for you. Xrdesktop is free to use. It lets you work with the common desktop environments, like GNOME and KDE.

The SimulaVR is a similar open-source project to check out.

Top 3 VR Games Available on Linux

Now the fun part: In this section, we’ll share the best 5 VR games to play on Linux in your gaming time.