Tag Archives: servers

Rockstor: A Solid Cloud Storage Solution for Small or Home Office | Linux.com


The Linux platform can do quite a lot of things; it can be just about anything need it to be and function in nearly any form. One of the many areas in which Linux excels is that of storage. With the help of a few constituent pieces, you can have a powerful NAS or cloud storage solution up and running.

But, what if you don’t want to take the time to piece these together for yourself? Or, what if you’d rather have a user-friendly, web-based GUI to make this process a bit easier. For that, there are a few distributions available to meet your needs. Once such platform is Rockstor. Rockstor is a Network Attached Storage (NAS) and cloud solution that can serve either your personal or small business needs with ease.

Rockstor got its start in 2014 and has quickly become a solid tool in the storage space. I was able to quickly get Rockstor up and running (after overcoming only one minor hurdle) and had SMB shares and users/groups created with just a few quick clicks. And, with the inclusion of add-ons (called Rockons), you can extend the feature set of your Rockstor to include new apps, servers, and services.

Let me walk you through that process (as well as how I solved one tiny hiccup), so you can decide if Rockstor is the solution for you.

A word on requirements

I managed to easily get Rockstor running as a VirtualBox VM. Whether you’re installing as a VM or on dedicated hardware, the minimal installation requirements are:

  • 64-bit Intel or AMD processor

  • 2GB RAM or more (recommended)

  • 8GB hard disk space for the OS

  • One or more additional hard drives for data (recommended)

  • Ethernet interface (with Internet access – for updates)

  • Media drive or USB port (for installation on dedicated hardware)

Installation

Based on the Anaconda Installer, the installation of Rockstor is incredibly simple. In fact, once you start the installation process, the only thing you have to do is configure a root user password; there is no package selection, no set up of systems or servers. Once the installation completes, reboot, and you’re ready to go.

When the reboot completes, you will discover the biggest (and really only) caveat to Rockstor—the handling of the IP address. After logging into the Rockstor terminal window (the only GUI is the web interface), you will find it does not give you any indication what IP address to use. And, since you weren’t able to configure the networking interface during installation, what do you do?  

The first thing would be to issue the command ip address. This will report to you the DHCP-assigned IP address of your server (Figure 1).

Point your browser to the IP address (using secure HTTPS, so https://SERVER_IP) listed. NOTE: You will have to okay the exception for the self-signed certificate, used by your Rockstor instance, in your browser.

On the first page, you will be required to accept the license as well as create a hostname and admin user for your Rockstor instance (Figure 2).

Upon successful creation of the hostname/admin user, you will be greeted by the Rockstor Dashboard (and a popup asking if you want to update to the latest release). Do note that the update popup will take you to a page where you can sign up for either the stable or the testing releases. The Stable updates will cost you $40.00 for a three-year subscription and the Testing updates do not have an associated cost. If you do enable the Testing updates, make sure you read through each offered changelog before okaying the update.

Addressing the IP address caveat

You don’t want to have to work with a DHCP-assigned IP address for your storage server. Once you’ve taken care of the final installation/update bits, you can then configure the network device for a manual (static) address through the Rockstor GUI. One method for setting up a static IP address is through the Rockstor web interface. To do this, log onto Rockstor as your admin user and then click on SYSTEM > Network (Figure 3).

In the resulting window (Figure 4), configure the network interface as a manual connection and fill out the necessary information.

With that taken care of, you’re ready to start setting up your Rockstor storage server.

If the above method fails you (which it did me in one instance), I have found the best solution to be the old-fashioned method…configuring the network manually. For this, you need to log into the Rockstor server as root and then edit the networking file associated with your network adapter. As I was working with VirtualBox, the file was /etc/sysconfig/network-scripts/ifcfg-enp0s3. Open that file for editing and make sure the following options are configured properly:

ONBOOT=”yes”

BOOTPROTO=”static”

IPADDR=”IP address”

GATEWAY=”gateway”

DNS1=”DNS address”

DNS2=”DNS address

where all options in bold are specific to your network.
There will be other options preconfigured in the file (e.g., NAME and DEVICE), leave them as-is. Once you’ve made these changes, save and close the file, and then issue the command:

systemctl restart network

Now, if you go back to SYSTEM > Network (on your Rockstor Dashboard), you should see the network configuration for your interface is set to Manual, with all of your necessary options.

You are now ready to go back to your Rockstor Dashboard, click STORAGE and set up whatever storage type you need (Figure 5).

Quick Samba Share

Before you create your first share, you’ll want to head over to SYSTEM > Groups and SYSTEM > Users and make sure you have the necessary users/groups created, in order to make creating shares easier.

To set up your first Samba Share, click on STORAGE > Samba. In the resulting window (Figure 6), make sure that Samba Service is set to ON.

With the Samba Service running, go back to the Dashboard and click STORAGE > Shares. In this new window, click the Create Share button and fill out the necessary information (Figure 7).

Click Submit and your share has been created. After the share has been saved, click on the new share from the listings and then click on the Access Control tab, where you can change the associated group for the share as well as the share permissions (Figure 8).

And that’s it to creating a Samba share with Rockstor.

A solid solution for SOHO and SMB

If you’re looking for a solid storage solution for your home office or small business, you’d certainly be remiss for skipping over the open source Rockstor solution. With one of the best storage GUIs I’ve used, Rockstor makes creating a powerful storage solution an experience nearly anyone can handle.

Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.

Practical Networking for Linux Admins: TCP/IP | Linux.com


Linux grew up with a networking stack as part of its core, and networking is one of its strongest features. Let’s take a practical look at some of the TCP/IP fundamentals we use every day.

It’s IP Address

I have a peeve. OK, more than one. But for this article just one, and that is using “IP” as a shortcut for “IP address”. They are not the same. IP = Internet Protocol. You’re not managing Internet Protocols, you’re managing Internet Protocol addresses. If you’re creating, managing, and deleting Internet Protocols, then you are an uber guru doing something entirely different.

Yes, OSI Model is Relevant

TCP is short for Transmission Control Protocol. TCP/IP is shorthand for describing the Internet Protocol Suite, which contains multiple networking protocols. You’re familiar with the Open Systems Interconnection (OSI) model, which categorizes networking into seven layers:

  • 7. Application layer
  • 6. Presentation layer
  • 5. Session layer
  • 4. Transport layer
  • 3. Network layer
  • 2. Data link layer
  • 1. Physical layer

The application layer includes the network protocols you use every day: SSH, TLS/SSL, HTTP, IMAP, SMTP, DNS, DHCP, streaming media protocols, and tons more.

TCP operates in the transport layer, along with its friend UDP, the User Datagram Protocol. TCP is more complex; it performs error-checking, and it tries very hard to deliver your packets. There is a lot of back-and-forth communication with TCP as it transmits and verifies transmission, and when packets get lost it resends them. UDP is simpler and has less overhead. It sends out datagrams once, and UDP neither knows nor cares if they reach their destination.

TCP is for ensuring that data is transferred completely and in order. If a file transfers with even one byte missing it’s no good. UDP is good for lightweight stateless transfers such NTP and DNS queries, and is efficient for streaming media. If your music or video has a blip or two it doesn’t render the whole stream unusable.

The physical layer refers to your networking hardware: Ethernet and wi-fi interfaces, cabling, switches, whatever gadgets it takes to move your bits and the electricity to operate them.

Ports and Sockets

Linux admins and users have to know about ports and sockets. A network socket is the combination of an IP address and port number. Remember back in the early days of Ubuntu, when the default installation did not include a firewall? No ports were open in the default installation, so there were no entry points for an attacker. “Opening a port” means starting a service, such as an HTTP, IMAP, or SSH server. Then the service opens a listening port to wait for incoming connections. “Opening a port” isn’t quite accurate because it’s really referring to a socket. You can see these with the netstat command. This example displays only listening sockets and the names of their services:

$ sudo netstat -plnt 
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address     Foreign Address State  PID/Program name
tcp        0      0 127.0.0.1:3306    0.0.0.0:*       LISTEN 1583/mysqld     
tcp        0      0 127.0.0.1:5901    0.0.0.0:*       LISTEN 13951/qemu-system-x  
tcp        0      0 192.168.122.1:53  0.0.0.0:*       LISTEN 2101/dnsmasq
tcp        0      0 192.168.122.1:80  0.0.0.0:*       LISTEN 2001/apache2
tcp        0      0 192.168.122.1:443 0.0.0.0:*       LISTEN 2013/apache2
tcp        0      0 0.0.0.0:22        0.0.0.0:*       LISTEN 1200/sshd            
tcp6       0      0 :::80             :::*            LISTEN 2057/apache2    
tcp6       0      0 :::22             :::*            LISTEN 1200/sshd            
tcp6       0      0 :::443            :::*            LISTEN 2057/apache2

This shows that MariaDB (whose executable is mysqld) is listening only on localhost at port 3306, so it does not accept outside connections. Dnsmasq is listening on 192.168.122.1 at port 53, so it is accepting external requests. SSH is wide open for connections on any network interface. As you can see, you have control over exactly what network interfaces, ports, and addresses your services accept connections on.

Apache is listening on two IPv4 and two IPv6 ports, 80 and 443. Port 80 is the standard unencrypted HTTP port, and 443 is for encrypted TLS/SSL sessions. The foreign IPv6 address of :::* is the same as 0.0.0.0:* for IPv4. Those are wildcards accepting all requests from all ports and IP addresses. If there are certain addresses or address ranges you do not want to accept connections from, you can block them with firewall rules.

A network socket is a TCP/IP endpoint, and a TCP/IP connection needs two endpoints. A socket represents a single endpoint, and as our netstat example shows a single service can manage multiple endpoints at one time. A single IP address or network interface can manage multiple connections.

The example also shows the difference between a service and a process. apache2 is the service name, and it is running four processes. sshd is one service with one process listening on two different sockets.

Unix Sockets

Networking is so deeply embedded in Linux that its Unix domain sockets (also called inter-process communications, or IPC) behave like TCP/IP networking. Unix domain sockets are endpoints between processes in your Linux operating system, and they operate only inside the Linux kernel. You can see these with netstat:

$ netstat -lx     
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ACC ]     STREAM     LISTENING     988      /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     29730    /run/user/1000/systemd/private
unix  2      [ ACC ]     SEQPACKET  LISTENING     357      /run/udev/control
unix  2      [ ACC ]     STREAM     LISTENING     27233    /run/user/1000/keyring/control

It’s rather fascinating how they operate. The SOCK_STREAM socket type behaves like TCP with reliable delivery, and SOCK_DGRAM is similar to UDP, unordered and unreliable, but fast and low-overhead. You’ve heard how everything in Unix is a file? Instead of networking protocols and IP addresses and ports, Unix domain sockets use special files, which you can see in the above example. They have inodes, metadata, and permissions just like the regular files we use every day.

If you want to dig more deeply there are a lot of excellent books. Or, you might start with man tcp and man 2 socket. Next week, we’ll look at network configurations, and whatever happened to IPv6?

Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.

Fedora 26 Beta Comes with New Features » Linux Magazine


The Fedora project has announced the beta of Fedora 26, the latest version of Fedora OS. Three editions of Fedora target three different markets: Fedora 26 Workstation Beta, Fedora 26 Server, and Fedora 26 Atomic.

As the name implies, Workstation targets desktop users, the Server edition is aimed at sys admins running servers, and Atomic targets DevOps, for managing cloud- and container-centric infrastructures.

Although each edition targets a different market segment, they all share the same fundamental Fedora technologies, and the only differences are in what comes packaged with each edition.

All three versions share these new components: updated compilers and languages, including GNU Compiler Collection (GCC) 7; Go 1.8; Python 3.6 and Ruby 2.4; DNF 2.0 with backward compatibility with Yum; a new storage configuration screen for the Anaconda installation program, enabling “bottom-up” configuration from devices and partitions; and updates to Fedora Media Writer that enable users to create bootable SD cards with Fedora for ARM-based devices, like Raspberry Pi.

New in the desktop edition is Gnome 3.24, which offers many new features, including batch rename of files and night mode. One of the highlights of this release is many improvements to Builder – to support a number of application build systems, including Flatpak, CMake, Meson, and Rust – in addition to integration with Valgrind for project profiling.

As containers become more and more important, Fedora Atomic offers a great platform for running container-based workloads in the cloud or on bare metal. One of the most notable features of Fedora Atomic Host is containerized Kubernetes to run different versions of the container orchestration engine.

All three editions are available for download and testing.



Source link

Trojan Turns Raspberry Pi into a Cryptocurrency… » Linux Magazine


The Russian security firm Doctor Web has discovered two trojan programs that target Linux machines. One Trojan turns Raspberry Pi machines into a cryptocurrency mining device, and the other runs a proxy server on Linux systems.

The Trojan named Linux.MulDrop.14 targets Raspberry Pi devices, changing the password on the devices it infects, then unpacking and launching a miner, which, in an infinite loop, starts searching for network nodes with an open port 22 to replicate itself.

According to Doctor Web, “The Trojan is a script that contains a compressed and encrypted application designed to mine cryptocurrency.”

The second Trojan, dubbed Linux.ProxyM, uses a special range of methods to detect honeypots – special decoy servers used by digital security specialists to examine malicious software.

“Once launched, it connects to its command and control server and, after getting confirmation from it, runs a SOCKS proxy server on the infected device. Cybercriminals can use this Trojan to ensure that they remain anonymous online,” noted Doctor Web.



Source link

Install and monitor services using Monit on ubuntu 17.04 Server


Sponsored Link

Monit is a utility for managing and monitoring, processes, files, directories and devices on a UNIX system. Monit conducts automatic maintenance and repair and can execute meaningful causal actions in error situations.

Monit Features

* Daemon mode — poll programs at a specified interval
* Monitoring modes — active, passive or manual
* Start, stop and restart of programs
* Group and manage groups of programs
* Process dependency definition
* Logging to syslog or own logfile
* Configuration — comprehensive controlfile
* Runtime and TCP/IP port checking (tcp and udp)
* SSL support for port checking
* Unix domain socket checking
* Process status and process timeout
* Process cpu usage
* Process memory usage
* Process zombie check
* Check the systems load average
* Check a file or directory timestamp
* Alert, stop or restart a process based on its characteristics
* MD5 checksum for programs started and stopped by monit
* Alert notification for program timeout, restart, checksum, stop resource and timestamp error
* Flexible and customizable email alert messages
* Protocol verification. HTTP, FTP, SMTP, POP, IMAP, NNTP, SSH, DWP,LDAPv2 and LDAPv3
* An http interface with optional SSL support to make monit accessible from a webbrowser

Install Monit on Ubuntu 17.04 server

sudo apt-get install monit

This will complete the installation.

Configuring Monit

Default configuration file located at /etc/monit/monitrc you need to edit this file to configure your options

sudo vi /etc/monit/monitrc

Sample Configuration file as follows and uncomment all the following options

## Start monit in background (run as daemon) and check the services at 2-minute
## intervals.
#
set daemon 120

## Set syslog logging with the ‘daemon’ facility. If the FACILITY option is
## omited, monit will use ‘user’ facility by default. You can specify the
## path to the file for monit native logging.
#
set logfile syslog facility log_daemon

## Set list of mailservers for alert delivery. Multiple servers may be
## specified using comma separator. By default monit uses port 25 — it is
## possible to override it with the PORT option.
#
set mailserver localhost # primary mailserver

## Monit by default uses the following alert mail format:

From: monit@$HOST # sender
Subject: monit alert — $EVENT $SERVICE # subject

$EVENT Service $SERVICE

Date: $DATE
Action: $ACTION
Host: $HOST # body
Description: $DESCRIPTION

Your faithful,
monit

## You can override the alert message format or its parts such as subject
## or sender using the MAIL-FORMAT statement. Macros such as $DATE, etc.
## are expanded on runtime. For example to override the sender:
#
set mail-format { from: monit@monitorserver.com }

## Monit has an embedded webserver, which can be used to view the
## configuration, actual services parameters or manage the services using the
## web interface.
#
set httpd port 2812 and
use address localhost # only accept connection from localhost
allow localhost # allow localhost to connect to the server and
allow 172.29.5.0/255.255.255.0
allow admin:monit # require user ‘admin’ with password ‘monit’

===> Change 172.29.5.0/255.255.255.0 to your network ip range

# Monitoring the apache2 web services.
# It will check process apache2 with given pid file.
# If process name or pidfile path is wrong then monit will
# give the error of failed. tough apache2 is running.
check process apache2 with pidfile /var/run/apache2.pid

#Below is actions taken by monit when service got stuck.
start program = “/etc/init.d/apache2 start”
stop program = “/etc/init.d/apache2 stop”
# Admin will notify by mail if below of the condition satisfied.
if cpu is greater than 60% for 2 cycles then alert
if cpu > 80% for 5 cycles then restart
if totalmem > 200.0 MB for 5 cycles then restart
if children > 250 then restart
if loadavg(5min) greater than 10 for 8 cycles then stop
if 3 restarts within 5 cycles then timeout
group server

#Monitoring Mysql Service

check process mysql with pidfile /var/run/mysqld/mysqld.pid
group database
start program = “/etc/init.d/mysql start”
stop program = “/etc/init.d/mysql stop”
if failed host 127.0.0.1 port 3306 then restart
if 5 restarts within 5 cycles then timeout

#Monitoring ssh Service

check process sshd with pidfile /var/run/sshd.pid
start program “/etc/init.d/ssh start”
stop program “/etc/init.d/ssh stop”
if failed port 22 protocol ssh then restart
if 5 restarts within 5 cycles then timeout

You can also include other configuration files via include directives:

include /etc/monit/default.monitrc
include /etc/monit/mysql.monitrc

This is only sample configuration file. The configuration file is pretty self-explaining; if you are unsure about an option, take a look at the monit documentation

After configuring your monit file you can check the configuration file syntax using the following command

sudo monit -t

Once you don’t have any syntax errors you need to enable this service by changing the file /etc/default/monit

sudo vi /etc/default/monit

# You must set this variable to for monit to start

startup=0

to

# You must set this variable to for monit to start

startup=1

Now you need to start the service using the following command

sudo systemctl restart monit.service

Monit Web interface

Monit Web interface will run on the port number 2812.If you have any firewall in your network setup you need to enable this port.

Now point your browser to http://yourserverip:2812/ (make sure port 2812 isn’t blocked by your firewall), log in with admin and monit.If you want a secure login you can use https check here

Once you logged in you should see the following screen with all the services we are monitoring


Apache web server process details

Sponsored Link



Related posts