Category Archives: Tutoriale Linux
Tig – A Command Line Browser for Git Repositories | Linux.com
In a recent article, we’ve described how to install and use GRV tool for viewing Git repositories in Linux terminal. In this article, we would like to introduce to you another useful command-line based interface to git called Tig.
Tig is a free open source, cross platform ncurses-based text-mode interface for git. It is a straight-forward interface to git that can help in staging changes for commit at chunk level and works as a pager for output from different Git commands. It can run on Linux, MacOSX as well as Windows systems.
Read more at Tecmint
MX Linux: A Mid-Weight Distro Focused on Simplicity | Linux.com
There are so many distributions of Linux. Some of those distributions go a very long way to differentiate themselves. In other cases, the differences are so minimal, you wonder why anyone would have bothered reinventing that particular wheel. It’s that latter concern that had me wondering why antiX and MEPIS communities would come together to create yet another distribution—especially given that the results would be an Xfce edition of antiX, built by the MEPIS community.
Does building antiX with an Xfce desktop warrant its own distribution? After all, antiX claims to be a “fast, lightweight and easy to install systemd-free linux live CD distribution based on Debian Stable.” The antiX desktop of choice is LXDE, which does certainly fit the bill for a lightweight desktop. So why retool antiX into another lightweight distribution, only this time with Xfce? Well, as anyone within the Linux community knows, variance adds flavor and a good lightweight distribution is a worthwhile endeavor (especially in preventing old hardware from making its way to the landfill). Of course, LXDE and Xfce aren’t quite in the same category. LXDE should be considered a true lightweight desktop, whereas Xfce should be considered more a mid-weight desktop. And that, my friends, is key to why MX Linux is an important iteration of antiX. A mid-weight distribution, built on Debian, that includes all the tools you need to get your work done.
But there’s something really keen within MX Linux—something directly borrowed from antiX—and that is the installation tool. When I first set up a VirtualBox VM to install MX Linux, I assumed the installation would be the typical, incredibly easy Linux installation I’d grown accustomed to. Much to my surprise, that antiX installer MX Linux uses could be a real game changer, especially for those on the fence about giving Linux a try.
So even before I began kicking the tires of MX Linux, I was impressed. Let’s take a look at what makes the installation of this distribution so special, and then finally have a go with the desktop.
You can download MX Linux 17.1 from here. The minimum system requirements are:
-
A CD/DVD drive (and BIOS capable of booting from that drive), or a live USB (and BIOS capable of booting from USB)
-
A modern i486 Intel or AMD processor
-
512 MB of RAM memory
-
5 GB free hard drive space
-
A SoundBlaster, AC97 or HDA-compatible sound card
-
For use as a LiveUSB, 4 GB free
Installation
Out of the gate, the MX Linux installer makes installing Linux a breeze. Although it may not be the most modern-looking installation tool, there’s little to second-guess. The heart of the installation begins with choosing the disks and selecting the installation type (Figure 1).
The next important screen (Figure 2) requires you to set a computer name, domain, and (if necessary) a workgroup for MS Networking.
That ability to configure a workgroup is the first bit to really stand out. This is the first distribution I can remember that offers this option during installation. It also should clue you in that MX Linux offers the ability to share directories out of the box. It does, and it does so with aplomb. It’s not perfect, but it works without having to install any extra package (more on this in a bit).
The last important installation screen (that requires user-interaction) is the creation of the user account and root password (Figure 3).
Once you’ve taken care of this final screen, the installation will complete and ask you to reboot. Upon rebooting, you’ll be greeted with the login screen. Login and enjoy the MX Linux experience.
Usage
The Xfce desktop is quite an easy interface to get up to speed with. The default places the panel on the left edge of the screen (Figure 4).
If you want to move the panel to a more traditional location, right click a blank spot on the panel and click Panel > Panel Preferences. In the resulting window (Figure 5), click the Mode drop-down to select from between Deskbar, Vertical, or Horizontal.
The difference between the Deskbar and Vertical options is that, in the Deskbar mode, the panel is aligned vertically, just like in the vertical mode, but the plugins are laid out horizontally. This means you can create much wider panels (for widescreen layouts). If you opt for a horizontal layout, it will default to the top—you will have to then uncheck the Lock panel check box, click Close, and then (using the drag handle on the left edge of the panel) drag it to the bottom. You can then go back into the Panel Settings window and re-lock the panel.
Beyond that, using the Xfce desktop should be a no-brainer for nearly any experience level … it’s that easy. You’ll find software to cover productivity (LibreOffice, Orage Calendar, PDF-Shuffler), graphics (GIMP), communication (Firefox, Thunderbird, HexChat), multimedia (Clementine, guvcview, SMTube, VLC media player), and a number of tools specific to MX Linux (called MX Tools, that range from a live-USB drive creator, a network assistant, package installer, repo manager, live ISO snapshot creator, and more).
Samba
Let’s talk about sharing folders to your network. As I mentioned, you won’t have to install any extra packages to get this to function. You simply open up the file manager, right-click anywhere, and select Share a folder on your network. You will be prompted for the administrative password (set during installation). Upon successful authentication, the Samba Server Configuration Tool will open (Figure 6).
Click the + button and configure your share. You will be asked to locate the directory, give the share a name/description, and then decide if the share is writeable and visible (Figure 7).
When you click the Access tab, you have the choice between giving everyone access to the share or just specific users. Here’s where the problem arises. At this point, no users will be available for sharing. Why? They haven’t been added. In order to add them, there are two possibilities: From the command line or using the tool we already have open. Let’s take the obvious route. From the main window of the Samba Server Configuration Tool, click Preferences > Samba Users. In the resulting window, click Add user.
A new window will appear (Figure 8), where you need to select the user from the drop-down, enter a Windows username, and type/retype a password for the user.
Once you’ve clicked OK, the user will be added and the share will be accessible, to that user, across your network. Creating Samba shares really can be that easy.
The conclusion
MX Linux makes transitioning from just about any desktop operating system simple. Although some might find the desktop interface to be a bit less-than-modern, the distribution’s primary focus isn’t on beauty, but simplicity. To that end, MX Linux succeeds in stellar fashion. This flavor of Linux can make anyone feel right at home on Linux. Spin up this mid-weight distribution and see if it can’t serve as your daily driver.
Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.
Install Munin on Ubuntu 17.10 Server
Sponsored Link
Munin the monitoring tool surveys all your computers and remembers what it saw. It presents all the information in graphs through a web interface. Its emphasis is on plug and play capabilities. After completing a installation a high number of monitoring plugins will be playing with no more effort.
Using Munin you can easily monitor the performance of your computers, networks, SANs, applications, weather measurements and whatever comes to mind. It makes it easy to determine “what’s different today” when a performance problem crops up. It makes it easy to see how you’re doing capacity-wise on any resources.
Munin uses the excellent RRDTool (written by Tobi Oetiker) and the framework is written in Perl, while plugins may be written in any language. Munin has a master/node architecture in which the master connects to all the nodes at regular intervals and asks them for data. It then stores the data in RRD files, and (if needed) updates the graphs. One of the main goals has been ease of creating new plugins (graphs).
Preparing Your system
Install apache web server using the following command
sudo apt-get install apache2
Now proceed with munin server installation using the following command from your terminal
sudo apt-get install munin
Once the package is installed, you only need to make a few changes to get your installation working.
Configuring Munin server
You need to edit the /etc/munin/munin.conf file
sudo vi /etc/munin/munin.conf
Change the following lines
Change 1
#dbdir /var/lib/munin
#htmldir /var/cache/munin/www
#logdir /var/log/munin
#rundir /var/run/munin
to
dbdir /var/lib/munin
htmldir /var/www/munin
logdir /var/log/munin
rundir /var/run/munin
Change 2
#tmpldir /etc/munin/templates
to
tmpldir /etc/munin/templates
Change 3
the server name on the line localhost.localdomain should be updated to display the hostname, domain name, or other identifier you’d like to use for your monitoring server
# a simple host tree
[localhost.localdomain]
address 127.0.0.1
use_node_name yes
to
[MuninMonitor]
address 127.0.0.1
use_node_name yes
Change 4
You need to edit the munin apache configuration
sudo vi /etc/munin/apache.conf
Change the following line in the starting of the file
Alias /munin /var/cache/munin/www
to
Alias /munin /var/www/munin
and
We also need to allow connections from outside of the local computer for this do the following changes
<Directory /var/cache/munin/www>
Order allow,deny
Allow from localhost 127.0.0.0/8 ::1
Options None
to
<Directory /var/munin/www>
Order allow,deny
#Allow from localhost 127.0.0.0/8 ::1
Allow from all
Options None
you will need to create the directory path that you referenced in the munin.conf file and modify the ownership to allow munin to write to it:
sudo mkdir /var/www/munin
sudo chown munin:munin /var/www/munin
Now you need to restart the munin and apache services using the following commands
sudo service munin-node restart
sudo service apache2 restart
It might take a few minutes to generate the necessary graphs and html files. After about five minutes, your files should be created and you will be able to access your data. You should be able to access your munin details at:
http://yourserver_ip_address/munin
Screenshots
If you get an error message in your browser similar to the following, you need to wait longer for munin to create the files
Forbidden
You don’t have permission to access /munin/
Configure Remote Monitoring
Munin can easily monitor multiple servers at once.If you want to monitor remote servers you need to following this procedure.
First you need to install munin client package using the following commands
sudo apt-get install munin-node
Now you need to edit the munin-node.conf file to specify that your monitoring server is allowed to poll the client for information.
sudo vi /etc/munin/munin-node.conf
Search for the section that has the line “allow ^127.0.0.1$”. Modify the IP address to reflect your monitoring server’s IP address.If your server ip is 172.30.2.100
allow ^.172.30.2.100$
Save and exit the file
You need to restart the munin client using the following information
sudo service munin-node restart
Now you need to login in to your munin server and edit the munin.conf file
sudo vi /etc/munin/munin.conf
Copy the following section and change the ip address to your remote server client ip address
[MuninMonitor]
address 127.0.0.1
use_node_name yes
to
[MuninMonitor]
address 172.30.2.101
use_node_name yes
Finall you need to restart the apache server using the following command
sudo service apache2 restart
Additional Plugins
The munin-plugins-extra package contains performance checks additional services such as DNS, DHCP, Samba, etc. To install the package run the following command from the terminal
sudo apt-get install munin-plugins-extra
Make sure you have install this package on both the server and node machines.
Sponsored Link
Related posts
IPFire: A User-Friendly Linux Firewall Distribution | Linux.com
Securing your network is an incredibly challenging task, one that’s made even more difficult by software that adds yet another layer of complexity on top. And let’s face it, most firewall tools are the stuff of user nightmare. That’s why, when a firewall tool strips away some of that complexity, it deserves attention.
One such tool is IPFire, an open source Linux distribution geared specifically for the task of firewalls. This particular distribution is hardened, secure, easy to operate, and ready to serve enterprise, small-to-medium businesses, and even home users. IPFire was designed for users new to firewalling, so it places a premium on user-friendliness.
How user friendly is IPFire? Let’s install it and find out.
Installation
The installation of IPFire might be the one stumbling block for new users. The install is text-based and might intimidate those who haven’t previously installed Linux. Fortunately, the installation is not hard. In this article, I’ll demonstrate how to install IPFire via a VirtualBox virtual machine. If you’re planning on doing the same, you must make sure to enable a second network adapter (before booting the ISO image for installation). One adapter will be used for the Green networking segment and one for the Red networking segment (more on this in a bit).
Once you’ve downloaded the ISO image and burned it to either a CD/DVD or USB drive, insert the newly created media and boot the machine. You will be greeted by the IPFire splash screen (Figure 1), where you select Install IPFire.
Once you get beyond the splash screen, you will be presented with the ncurses-based installer. In the next few windows (Figure 2), you will have to accept the license, configure the language, and partition/format the drive.
This portion of the installation will complete very quickly and then require you to reboot. Once you’ve rebooted, you will be presented with the next phase of the installation, where you’ll configure the keyboard mapping, timezone (make sure this is correct), hostname, domain name, root user password, admin user (for the web interface) password, and then the network options. It isn’t until you get to the network configuration type that you might be tripped up. Here (Figure 3), you must select from the four options:
What do these choices all mean? Each color represents a different network segment. The breakdown is as follows:
-
Red – WAN – External network connected to the Internet
-
Green – LAN – Internal/Private network connected locally
-
Orange – DMZ – The DeMilitarized Zone, an unprotected/Server network accessible from the internet
-
Blue – WLAN – Wireless Network
You will want to select the combination that best-suits your network. For my testing purpose, I’ve selected GREEN + RED. Once you’ve made that you will be returned to the Networking configuration menu. Select Drivers and card assignments. In this new window, you must assign a network card to a color. Select one of the colors and then, when prompted (Figure 4), assign an interface to the color.
Once you’ve assigned the interfaces to colors, tab to Done and hit Enter on your keyboard. Back on the Network configuration menu, select Address settings. In the next window, select a color and then configure it for your network. You’ll need to give it an IP address and a network mask (Figure 5).
Make sure to configure both network interfaces. Once you’ve done that, tab to Done and hit Enter on your keyboard. The final network configuration is DNS and Gateway settings. Select that option and then, when prompted, enter the proper information (Figure 6).
Once you’ve finished the network configuration, you can then set up an optional DHCP server (Figure 7).
At this point, IPFire will boot and land at a login prompt. You can either log in (using the user root and the password set during installation) or point your browser to http://SERVER_IP:444 (Where SERVER_IP is the IP address of the IPFire server).
At the web interface, login with the user admin and the password you set for that user during installation. Once you’ve successfully logged in, you will be presented with the IPFire web-based interface (Figure 8).
What to do now?
You are ready to start configuring your firewall. For full documentation on firewall setup, check out the official IPFire Documentation. Let’s say you want to configure a port-forward rule (so that traffic from the WAN can be properly directed to an machine on your LAN). For this you’ll need an originating source and a target destination. To create the new rule, click Firewall > Firewall Rules. In the resulting window, click New rule.
You will now need to configure the port forwarding rule (Figure 9).
Select Source address and enter the address for the originating source. Next click the check box for User Network Address Translation (NAT) and select Destination NAT. Next you must select the firewall interface for the NAT rule.
In the Destination section, click the check box for Destination address and type the IP address for the destination. With the address added, select the necessary protocol for the translation. Once you’ve selected the protocol, you can then add the required source and destination port for the NAT (Figure 10).
Click Add (at the bottom of the window) and you will be presented with a window displaying your new rule. If everything is correct, click Apply changes and the new rule will be added to the system.
That’s all there is to creating a new firewall rule with IPFire. It really is that easy.
Ease of use and security
If you need two reasons to give IPFire a try, they should be ease of use and security. You’d be hard-pressed to find a Linux-based firewall distribution that is as easy to setup and manage … that gives you this level of security. IPFire is an outstanding open source firewall solution. Give this distribution a test and see if it doesn’t make securing your network a very simple task.
Protect Your Websites with Let’s Encrypt | Linux.com
Back in the bad old days, setting up basic HTTPS with a certificate authority cost as much as several hundred dollars per year, and the process was difficult and error-prone to set up. Now we have Let’s Encrypt for free, and the whole thing takes just a few minutes.
Why Encrypt?
Why encrypt your sites? Because unencrypted HTTP sessions are wide open to multiple abuses:
Internet service providers lead the code-injecting offenders. How to foil their nefarious desires? Your best defense is HTTPS. Let’s review how HTTPS works.
Chain of Trust
You could set up asymmetric encryption between your site and everyone who is allowed to access it. This is very strong protection: GPG (GNU Privacy Guard, see How to Encrypt Email in Linux), and OpenSSH are common tools for asymmetric encryption. These rely on public-private key pairs. You can freely share public keys, while your private keys must be protected and never shared. The public key encrypts, and the private key decrypts.
This is a multi-step process that does not scale for random web-surfing, however, because it requires exchanging public keys before establishing a session, and you have to generate and manage key pairs. An HTTPS session automates public key distribution, and sensitive sites, such as shopping and banking, are verified by a third-party certificate authority (CA) such as Comodo, Verisign, or Thawte.
When you visit an HTTPS site, it provides a digital certificate to your web browser. This certificate verifies that your session is strongly encrypted and supplies information about the site, such as organization’s name, the organization that issued the certificate, and the name of the certificate authority. You can see all of this information, and the digital certificate, by clicking on the little padlock in your web browser’s address bar (Figure 1).
The major web browsers, including Opera, Firefox, Chromium, and Chrome, all rely on the certificate authority to verify the authenticity of the site’s digital certificate. The little padlock gives the status at a glance; green = strong SSL encryption and verified identity. Web browsers also warn you about malicious sites, sites with incorrectly configured SSL certificates, and they treat self-signed certificates as untrusted.
So how do web browsers know who to trust? Browsers include a root store, a batch of root certificates, which are stored in /usr/share/ca-certificates/mozilla/. Site certificates are verified against your root store. Your root store is maintained by your package manager, just like any other software on your Linux system. On Ubuntu, they are supplied by the ca-certificates package. The root store itself is maintained by Mozilla for Linux.
As you can see, it takes a complex infrastructure to make all of this work. If you perform any sensitive online transactions, such as shopping or banking, you are trusting a whole lot of unknown people to protect you.
Encryption Everywhere
Let’s Encrypt is a global certificate authority, similar to the commercial CAs. Let’s Encrypt was founded by the non-profit Internet Security Research Group (ISRG) to make it easier to secure Websites. I don’t consider it sufficient for shopping and banking sites, for reasons which I will get to shortly, but it’s great for securing blogs, news, and informational sites that don’t have financial transactions.
There are at least three ways to use Let’s Encrypt. The best way is with the Certbot client, which is maintained by the Electronic Frontier Foundation (EFF). This requires shell access to your site.
If you are on shared hosting then you probably don’t have shell access. The easiest method in this case is using a host that supports Let’s Encrypt.
If your host does not support Let’s Encrypt, but supports custom certificates, then you can create and upload your certificate manually with Certbot. It’s a complex process, so you’ll want to study the documentation thoroughly.
When you have installed your certificate use SSL Server Test to test your site.
Let’s Encrypt digital certificates are good for 90 days. When you install Certbot it should also install a cron job for automatic renewal, and it includes a command to test that the automatic renewal works. You may use your existing private key or certificate signing request (CSR), and it supports wildcard certificates.
Limitations
Let’s Encrypt has some limitations: it performs only domain validation, that is, it issues a certificate to whoever controls the domain. This is basic SSL. It does not support Organization Validation (OV) or Extended Validation (EV) because it is not possible to automate identity validation. I would not trust a banking or shopping site that uses Let’s Encrypt– let ’em spend the bucks for a complete package that includes identity validation.
As a free-of-cost service run by a non-profit organization there is no commercial support, but only documentation and community support, both of which are quite good.
The Internet is full of malice. Everything should be encrypted. Start with Let’s Encrypt to protect your site visitors.
Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.
