Tag Archives: hosting

GitHub Announces Open Source Friday Program » Linux Magazine


After Linux, Git is the second major contribution of Linus Torvalds. Git has become a global phenomenon with GitHub, the planet’s largest repository of open source projects. Even Microsoft has moved the source code of Windows to a private GitHub repository. Companies like Google have shut down their own code-hosting platforms and moved their code to GitHub.

GitHub is now becoming active in “promoting” the open source development model. The company has announced celebrating every Friday as Open Source Day.

Mike McQuaid, a senior software engineer at GitHub wrote in a blog post, “Open source software powers the internet. Anyone using a computer uses open source, either directly or indirectly. Although it has become the industry standard, getting involved isn’t always straightforward.”

McQuaid disclosed that the company has been running a program internally for the last three years in which they encourage employees to work on some open source project every fourth Friday of the month. Now, they are opening up the program for anyone to get involved with open source.

“Open Source Friday isn’t limited to individuals. Your team, department, or company can take part, too. Contributing to the software you already use isn’t altruistic – it’s an investment in the tools your company relies on. And you can always start small: spend two hours every Friday working on an open source project relevant to your business,” wrote McQuaid.

Source: https://opensourcefriday.com/

Blog Post: http://mikemcquaid.com/



Source link

Building Linux Firewalls With Good Old Iptables: Part 2 | Linux.com


When last we met we reviewed some iptables fundamentals. Now you’ll have two example firewalls to study, one for a single PC and one for a LAN. They are commented all to heck to explain what they’re doing.

This is for IPv4 only, so I’ll write up some example firewalls for IPv6 in a future installment.

I leave as your homework how to configure these to start at boot. There is enough variation in how startup services are managed in the various Linux distributions that it makes me tired to think about it, so it’s up to you figure it out for your distro.

Lone PC Firewall

Use the lone PC firewall on laptop, desktop, or server system. It filters incoming and outgoing packets only for the host it is on.

#!/bin/bash

# iptables single-host firewall script

# Define your command variables
ipt="/sbin/iptables"

# Define multiple network interfaces
wifi="wlx9cefd5fe8f20"
eth0="enp0s25"

# Flush all rules and delete all chains
# because it is best to startup cleanly
$ipt -F
$ipt -X 
$ipt -t nat -F
$ipt -t nat -X
$ipt -t mangle -F 
$ipt -t mangle -X 

# Zero out all counters, again for 
# a clean start
$ipt -Z
$ipt -t nat -Z
$ipt -t mangle -Z

# Default policies: deny all incoming
# Unrestricted outgoing

$ipt -P INPUT DROP
$ipt -P FORWARD DROP
$ipt -P OUTPUT ACCEPT
$ipt -t nat -P OUTPUT ACCEPT 
$ipt -t nat -P PREROUTING ACCEPT 
$ipt -t nat -P POSTROUTING ACCEPT 
$ipt -t mangle -P PREROUTING ACCEPT 
$ipt -t mangle -P POSTROUTING ACCEPT

# Required for the loopback interface
$ipt -A INPUT -i lo -j ACCEPT

# Reject connection attempts not initiated from the host
$ipt -A INPUT -p tcp --syn -j DROP

# Allow return connections initiated from the host
$ipt -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

# If the above rule does not work because you
# have an ancient iptables version (e.g. on a 
# hosting service)
# use this older variation instead
$ipt -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Accept important ICMP packets. It is not a good
# idea to completely disable ping; networking
# depends on ping
$ipt -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
$ipt -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT
$ipt -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT

# The previous lines define a simple firewall
# that does not restrict outgoing traffic, and
# allows incoming traffic only for established sessions

# The following rules are optional to allow external access
# to services. Adjust port numbers as needed for your setup

# Use this rule when you accept incoming connections
# to services, such as SSH and HTTP
# This ensures that only SYN-flagged packets are
# allowed in
# Then delete '$ipt -A INPUT -p tcp --syn -j DROP'
$ipt -A INPUT p tcp ! --syn -m state --state NEW -j DROP

# Allow logging in via SSH
$ipt -A INPUT -p tcp --dport 22 -j ACCEPT

# Restrict incoming SSH to a specific network interface
$ipt -A INPUT -i $eth0 -p tcp --dport 22 -j ACCEPT

# Restrict incoming SSH to the local network
$ipt -A INPUT -i $eth0 -p tcp -s 192.0.2.0/24 --dport 22 -j ACCEPT

# Allow external access to your HTTP server
# This allows access to three different ports, e.g. for
# testing. 
$ipt -A INPUT -p tcp -m multiport --dport 80,443,8080 -j ACCEPT

# Allow external access to your unencrypted mail server, SMTP,
# IMAP, and POP3.
$ipt -A INPUT -p tcp -m multiport --dport 25,110,143 -j ACCEPT

# Local name server should be restricted to local network
$ipt -A INPUT -p udp -m udp -s 192.0.2.0/24 --dport 53 -j ACCEPT
$ipt -A INPUT -p tcp -m udp -s 192.0.2.0/24 --dport 53 -j ACCEPT

You see how it’s done; adapt these examples to open ports to your database server, rsync, and any other services you want available externally. One more useful restriction you can add is to limit the source port range. Incoming packets for services should be above port 1024, so you can allow in only packets from the high-numbered ports with --sport 1024:65535, like this:

$ipt -A INPUT -i $eth0 -p tcp --dport 22 --sport 1024:65535 -j ACCEPT

LAN Internet Connection-Sharing Firewall

It is sad that IPv4 still dominates US networking, because it’s a big fat pain. We need NAT, network address translation, to move traffic between external publicly routable IP addresses and internal private class addresses. This is an example of a simple Internet connection sharing firewall. It is on a device sitting between the big bad Internet and your LAN, and it has two network interfaces, one connecting to the Internet and one that connects to your LAN switch.

#!/bin/bash

# iptables Internet-connection sharing 
# firewall script

# Define your command variables
ipt="/sbin/iptables"

# Define multiple network interfaces
wan="enp0s24"
lan="enp0s25"

# Flush all rules and delete all chains
# because it is best to startup cleanly
$ipt -F
$ipt -X 
$ipt -t nat -F
$ipt -t nat -X
$ipt -t mangle -F 
$ipt -t mangle -X 

# Zero out all counters, again for 
# a clean start
$ipt -Z
$ipt -t nat -Z
$ipt -t mangle -Z

# Default policies: deny all incoming
# Unrestricted outgoing

$ipt -P INPUT DROP
$ipt -P FORWARD DROP
$ipt -P OUTPUT ACCEPT
$ipt -t nat -P OUTPUT ACCEPT 
$ipt -t nat -P PREROUTING ACCEPT 
$ipt -t nat -P POSTROUTING ACCEPT 
$ipt -t mangle -P PREROUTING ACCEPT 
$ipt -t mangle -P POSTROUTING ACCEPT

# Required for the loopback interface
$ipt -A INPUT -i lo -j ACCEPT

# Set packet forwarding in the kernel
sysctl net.ipv4.ip_forward=1

# Enable IP masquerading, which necessary for NAT
$ipt -t nat -A POSTROUTING -j MASQUERADE

# Enable unrestricted outgoing traffic, incoming
# is restricted to locally-initiated sessions only
$ipt -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
$ipt -A FORWARD -i $wan -o $lan -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
$ipt -A FORWARD -i $lan -o $wan -j ACCEPT

# Accept important ICMP messages
$ipt -A INPUT -p icmp --icmp-type echo-request  -j ACCEPT
$ipt -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT
$ipt -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT

Stopping the Firewall

Take the first sections of the example firewall scripts, where it flushes, zeroes, and sets all default policies to ACCEPT, and put them in a separate script. Then use this script to turn your iptables firewall “off”.

The documentation on netfilter.org is ancient, so I recommend using man iptables. These examples are basic and should provide a good template for customizing your own firewalls. Allowing access to services on your LAN through your Internet firewall is good subject for another day, because thanks to NAT it is a huge pain and needs a lot of rules and explaining.

Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.

Microsoft is Shutting Down CodePlex » Linux Magazine


Microsoft has announced that it is shutting down its open source code hosting platform CodePlex, which allowed developers to host and share the source code of open source software. Microsoft created the site in 2006.

Microsoft is not the only vendor that has shut down an open source code hosting platform. In 2015 Google shut down Google Code.

Linus Torvald’s Git version control system is the reason behind the demise of Google Code and CodePlex. In a blog post, Microsoft engineer Brian Harry wrote, “Over the years, we’ve seen a lot of amazing options come and go but at this point, GitHub is the de facto place for open source sharing and most open source projects have migrated there.”

Even Google and Microsoft are now using the Git-based GitHub to host their open source code. “As many of you know, Microsoft has invested in Visual Studio Team Services as our ‘One Engineering System’ for proprietary projects, and we’ve exposed many of our key open source projects on GitHub (Visual Studio Code, TypeScript, .NET, the Cognitive Toolkit, and more). In fact, our GitHub organization now has more than 16,000 open source contributors – more than any other organization – and we’re proud to partner closely with GitHub to promote open source.”

Microsoft has disabled the ability to create new CodePlex projects. In October, it will be set to read-only, and by December 2017, plugs will be pulled on the service, bringing an end to an era.



Source link

Servers-Linux.ro has a new hosting service

Hello,

I am proud to announce that from today, I have moved the hosting of my blog to https://www.clicknetbox.net/. Please check out the great hosting packages and dedicated servers.

Thanks all for reading my blog.

 

CentOS Linux 7 (1611) Released


Red Hat Enterprise Linux clone, CentOS has announced the release of version 7. The latest version of this community-maintained distribution is based on RHEL 7.3, which was released recently.

Karanbir Singh, the release manager of CentOS wrote on the mailing list, “As with all CentOS Linux 7 components, this release was built from sources hosted at git.centos.org. In addition, SRPMs that are a byproduct of the build (and also considered critical in the code and buildsys process) are being published to match every binary RPM we release. Sources will be available from vault.centos.org in their own dedicated directories to match the corresponding binary RPMs.”

CentOS is one of the most popular community-based distributions on web hosting services that competes with DEB-based distributions like Debian and Ubuntu. In 2014, Red Hat acquired CentOS, while keeping it an independent project.

Singh wrote on the mailing list, “This release supersedes all previously released content for CentOS Linux 7, and therefore we highly encourage all users to upgrade their machines. Information on different upgrade strategies and how to handle stale content is included in the Release Notes.”



Source link