Tag Archives: servers

Ubuntu 17.10 (Artful Aardvark) Released and Download links Included


Codenamed “Artful Aardvark”, Ubuntu 17.10 continues Ubuntu’s proud tradition of integrating the latest and greatest open source technology
into a high-quality, easy-to-use Linux distribution. As always, the team has been hard at work through this cycle, introducing new features
and fixing bugs.

Under the hood, there have been updates to many core packages, including a new 4.13-based kernel, glibc 2.26, gcc 7.2, and much more.

Ubuntu Desktop has had a major overhaul, with the switch from Unity as our default desktop to GNOME3 and gnome-shell. Along with that, there
are the usual incremental improvements, with newer versions of GTK and Qt, and updates to major packages like Firefox and LibreOffice.

Ubuntu Server 17.10 includes the Pike release of OpenStack, alongside deployment and management tools that save devops teams time when
deploying distributed applications — whether on private clouds, public clouds, x86, ARM, or POWER servers, z System mainframes, or on developer
laptops. Several key server technologies, from MAAS to juju, have been updated to new upstream versions with a variety of new features.

Ubuntu 17.10 Download Links

You can download ISOs and flashable images from:

http://releases.ubuntu.com/17.10/ (Ubuntu Desktop and Server)
http://cdimage.ubuntu.com/ubuntu/releases/17.10/release/ (Less Popular Ubuntu Images)
http://cloud-images.ubuntu.com/daily/server/artful/current/ (Ubuntu Cloud Images)
http://cdimage.ubuntu.com/netboot/17.10/ (Ubuntu Netboot)
http://cdimage.ubuntu.com/kubuntu/releases/17.10/release/ (Kubuntu)
http://cdimage.ubuntu.com/lubuntu/releases/17.10/release/ (Lubuntu and Lubuntu Alternate)
http://cdimage.ubuntu.com/ubuntu-budgie/releases/17.10/release/ (Ubuntu Budgie)
http://cdimage.ubuntu.com/ubuntukylin/releases/17.10/release/ (Ubuntu Kylin)
https://ubuntu-mate.org/download/ (Ubuntu MATE)
http://cdimage.ubuntu.com/ubuntustudio/releases/17.10/release/ (Ubuntu Studio)
http://cdimage.ubuntu.com/xubuntu/releases/17.10/release/ (Xubuntu)

Sponsored Link



Related posts

Linux Networking Hardware for Beginners: Think Software | Linux.com


Last week, we learned about LAN (local area network) hardware. This week, we’ll learn about connecting networks to each other, and some cool hacks for mobile broadband.

Routers

Network routers are everything in computer networking, because routers connect networks. Without routers we would be lonely little islands. Figure 1 shows a simple wired LAN (local area network) with a wireless access point, all connected to the Internet. Computers on the LAN connect to an Ethernet switch, which connects to a combination firewall/router, which connects to the big bad Internet through whatever interface your Internet service provider (ISP) provides, such as cable box, DSL modem, satellite uplink…like everything in computing, it’s likely to be a box with blinky lights. When your packets leave your LAN and venture forth into the great wide Internet, they travel from router to router until they reach their destination.

A router can look like pretty much anything: a nice little specialized box that does only routing and nothing else, a bigger box that provides routing, firewall, name services, and VPN gateway, a re-purposed PC or laptop, a Raspberry Pi or Arduino, stout little single-board computers like PC Engines…for all but the most demanding uses, ordinary commodity hardware works fine. The highest-end routers use specialized hardware that is designed to move the maximum number of packets per second. They have multiple fat data buses, multiple CPUs, and super-fast memory. (Look up Juniper and Cisco routers to see what high-end routers look like, and what’s inside.)

A wireless access point connects to your LAN either as an Ethernet bridge or a router. A bridge extends the network, so hosts on both sides of the bridge are on the same network. A router connects two different networks.

Network Topology

There are multitudes of ways to set up your LAN. You can put all hosts on a single flat network. You can divide it up into different subnets. You can divide it into virtual LANs, if your switch supports this.

A flat network is the simplest; just plug everyone into the same switch. If one switch isn’t enough you can connect switches to each other. Some switches have special uplink ports, some don’t care which ports you connect, and you may need to use a crossover Ethernet cable, so check your switch documentation.

Flat networks are the easiest to administer. You don’t need routers and don’t have to calculate subnets, but there are some downsides. They don’t scale, so when they get too large they get bogged down by broadcast traffic. Segmenting your LAN provides a bit of security, and makes it easier to manage larger networks by dividing it into manageable chunks. Figure 2 shows a simplified LAN divided into two subnets: internal wired and wireless hosts, and one for servers that host public services. The subnet that contains the public-facing servers is called a DMZ, demilitarized zone (ever notice all the macho terminology for jobs that are mostly typing on a computer?) because it is blocked from all internal access.

Even in a network as small as Figure 2 there are several ways to set it up. You can put your firewall and router on a single device. You could have a dedicated Internet link for the DMZ, divorcing it completely from your internal network. Which brings us to our next topic: it’s all software.

Think Software

You may have noticed that of the hardware we have discussed in this little series, only network interfaces, switches, and cabling are special-purpose hardware. Everything else is general-purpose commodity hardware, and it’s the software that defines its purpose. Linux is a true networking operating system, and it supports a multitude of network operations: VLANs, firewall, router, Internet gateway, VPN gateway, Ethernet bridge, Web/mail/file/etc. servers, load-balancer, proxy, quality of service, multiple authenticators, trunking, failover…you can run your entire network on commodity hardware with Linux. You can even use Linux to simulate an Ethernet switch with LISA (LInux Switching Appliance) and vde2.

There are specialized distributions for small hardware like DD-WRT, OpenWRT, and the Raspberry Pi distros, and don’t forget the BSDs and their specialized offshoots like the pfSense firewall/router, and the FreeNAS network-attached storage server.

You know how some people insist there is a difference between a hardware firewall and a software firewall? There isn’t. That’s like saying there is a hardware computer and a software computer.

Port Trunking and Ethernet Bonding

Trunking and bonding, also called link aggregation, is combining two Ethernet channels into one. Some Ethernet switches support port trunking, which is combining two switch ports to combine their bandwidth into a single link. This is a nice way to make a bigger pipe to a busy server.

You can do the same thing with Ethernet interfaces, and the bonding driver is built-in to the Linux kernel, so you don’t need any special hardware.

Bending Mobile Broadband to your Will

I expect that mobile broadband is going to grow in the place of DSL and cable Internet. I live near a city of 250,000 population, but outside the city limits good luck getting Internet, even though there is a large population to serve. My little corner of the world is 20 minutes from town, but it might as well be the moon as far as Internet service providers are concerned. My only option is mobile broadband; there is no dialup, satellite Internet is sold out (and it sucks), and haha lol DSL, cable, or fiber. That doesn’t stop ISPs from stuffing my mailbox with flyers for Xfinity and other high-speed services my area will never see.

I tried AT&T, Verizon, and T-Mobile. Verizon has the strongest coverage, but Verizon and AT&T are expensive. I’m at the edge of T-Mobile coverage, but they give the best deal by far. To make it work, I had to buy a weBoost signal booster and ZTE mobile hotspot. Yes, you can use a smartphone as a hotspot, but the little dedicated hotspots have stronger radios. If you’re thinking you might want a signal booster, I have nothing but praise for weBoost because their customer support is superb, and they will do their best to help you. Set it up with the help of a great little app that accurately measures signal strength, SignalCheck Pro. They have a free version with fewer features; spend the two bucks to get the pro version, you won’t be sorry.

The little ZTE hotspots serve up to 15 hosts and have rudimentary firewalls. But we can do better: get something like the Linksys WRT54GL, replace the stock firmware with Tomato, OpenWRT, or DD-WRT, and then you have complete control of your firewall rules, routing, and any other services you want to set up.

Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.

Jazz Up lm-sensors with Graphics and Notifications | Linux.com


When last we met, we learned about lm-sensors, the excellent tool for monitoring CPU temperature, fan speeds, and motherboard voltages. Now we’re going to learn about changing the labels in sensors output to make it more useful, look at some good graphical front ends, and see how to configure and send notifications.

Customizing Labels

The default labels for your various sensors are sometimes not very helpful, as this snippet of sensors output shows.

fan1:  900 RPM
fan2: 1020 RPM

Fortunately, we can change the labels to anything we want. Let us relabel fan1 and fan2 more descriptively in the lm-sensors configuration file. (See Advanced lm-sensors Tips and Tricks on Linux for information on lm-sensor’s configuration file.)

chip "nct6776-*"
  label fan1 "CPU fan"
  label fan2 "Case fan"

Now in the sensors output it’s clear what they are.

CPU fan:   900 RPM
Case fan: 1020 RPM

Psensor

Psensor is my favorite lm-sensors graphical front-end. It supports multiple system monitors, including lm-sensors, hddtemp, smartmontools, and XNVCtrl for monitoring NVidia GPU temperatures. I love its nice user-friendly interface because all configurations are right there and you don’t have to hunt for them (Figure 1).

There are checkboxes on the right of the main window to control which sensors appear in the graph. Click on any sensor to configure it; options include hiding it, graph color, setting alarm thresholds, enabling desktop notifications, and changing its name. Change colors, monitoring intervals, enable logging, and set which monitors Psensor listens to in the Psensor > Preferences menu (Figure 2).

Desktop alerts are good, and Psensor supports scripts to execute any kind of notifications or actions you want. Enter your script name on the Psensor > Preferences > Sensors tab, in the “Script executed when alarm is raised” field. This example script sends an email and shuts down the computer when CPU temperatures are too high.

#!/bin/bash
echo "I am shutting down right now!" | 
/usr/bin/mail -s "[LinuxServer] I'm melting, help" 
carla@bratgrrl.com && shutdown -h now

This simple script plays a sad trombone:

#!/bin/bash
play /home/carla/sounds/sad_trombone.wav

These scripts use good old-fashioned Unix commands to do the work. /usr/bin/mail is provided by the s-nail package on my Ubuntu 16.04 system. Other distributions use mailx, which installs the traditional BSD mail client.

mail can send messages directly, without needing an SMTP server. Maybe it’s just me, but I kept having problems and couldn’t get it to send messages, so I installed ssmtp, the simple SMTP server. If you’re already running an MTA like Postfix or Exim, you don’t need ssmtp. ssmtp is not a mail transfer agent (MTA) like Postfix and Exim. It is a simple relay agent that sends messages to an upstream mail server. You must configure /etc/ssmtp/ssmtp.conf to accept messages in the same way that you configure your mail client, with the server name and port, TLS/SSL type, and your authorization if your upstream server requires it. This example is typical of hosted mail servers, which usually rely on STARTTLS.

mailhub=mail.example.com:25
AuthUser=carla@example.com
AuthPass=password
UseSTARTTLS=YES

It also has options for configuring the locations of SSL certificates if necessary. Whatever your regular mail client needs is what ssmtp needs. If you get the “sendmail: Cannot open mail.example.com:25” error when you send a message then your port number or TLS/SSL configuration is wrong. See man 5 ssmtp.conf for complete options.

You also need to add all local system users that will send notifications to /etc/ssmtp/revaliases:

root:carla@example.com:mail.example.com:25
carla:carla@example.com:mail.example.com:25

Another cool notification option is to send yourself SMS text messages. There are a couple of ways to do this on Linux. One is to use a commercial SMS gateway, which is easy and costs a little money. Another way is to use a USB GSM modem plugged into your computer, with a prepaid SIM card. This is a fun topic for another day, and if you have done this, please give some details in the comments.

More Graphical Interfaces

Graphical front ends to lm-sensors come and go. Conky and xsensors are two reliable oldtimers. Conky is endlessly configurable and supports everything under the sun. xsensors is barebones. Both run without complaints on all Linux distributions.

I like having a set of temperature sensors in my taskbar. These are specific to the graphical desktop environment you are running. Thermal Monitor for KDE is pretty nice. I use xfce4-sensors-plugin on my Xfce4 desktop (Figure 3).

Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.

Security Tools to Check for Viruses and Malware on Linux | Linux.com


Wait, Linux needs antivirus and anti-malware solutions? I thought it was immune to such things. Perhaps a bit of clarification is necessary here.

First and foremost, no operating system is 100 percent immune to attack. Whether a machine is online or offline, it can fall victim to malicious code. Although Linux is less prone to such attacks than, say, Windows, there is no absolute when it comes to security. I have witnessed, first hand, Linux servers hit by rootkits that were so nasty, the only solution was to reinstall and hope the data backup was current. I’ve been a victim of a (very brief) hacker getting onto my desktop, because I accidentally left desktop sharing running (that was certainly an eye opener). The lesson? Even Linux can be vulnerable.

So why does Linux need tools to prevent viruses, malware, and rootkits? It should be obvious why every server needs protection from rootkits — because once you are hit with a rootkit, all bets are off as to whether you can recover without reinstalling the platform. It’s antivirus and anti-malware where admins start getting a bit confused.

Let me put it simply — if your server (or desktop for that matter) makes use of Samba or sshfs (or any other sharing means), those files will be opened by users running operating systems that are vulnerable. Do you really want to take the chance that your Samba share directory could be dishing out files that contain malicious code? If that should happen, your job becomes exponentially more difficult. Similarly, if that Linux machine performs as a mail server, you would be remiss to not include AV scanning (lest your users be forwarding malicious mail).

With all of that said, what are your options? Let’s take a look at a few tools, offered for the Linux platform, that do a good job of protecting you (and your users) from viruses, malware, and rootkits.

ClamAV

Without a doubt, ClamAV is the most popular option for keeping viruses off of your Linux machines and out of your shared directories. There are a few reasons why ClamAV is so popular among the Linux crowd. First, it’s open source, which in and of itself is a big win. Second, it’s very effective in finding trojans, viruses, malware, and other threats. ClamAV features a multi-threaded scanner daemon that is perfectly suited for mail servers and on-demand scanning.

ClamAV can be run from command line or it with the ClamTK GUI. Both tools are easy to use and very dependable. Installing ClamAV is simple.

For Debian-based systems:

sudo apt install clamav

For RHEL/CentOS systems:

sudo yum install epel-release

sudo yum install clamav

For Fedora-based systems:

sudo dnf install clamav

For SUSE-based systems:

sudo zypper in clamav

If you’re running a Debian-based desktop, you can install ClamTK (the GUI) with the command:

sudo apt install clamtk

There are also third-party tools that can be added (to include support for the likes of MTA, POP3, Web & FTP, Filesys, MUA, Bindings, and more).

Upon installation, the first thing you’ll want to do is update the signatures with the command sudo freshclam. Once that completes, you can scan a directory with the command:

clamscan -r -i DIRECTORY

where DIRECTORY is the location to scan. The -r option means to recursively scan and the -i options means to only print out infected files. If you work with the GUI, it’s even easier. From the GUI you can run a scan and, should ClamAV find anything, act on it (Figure 1).

The one caveat to ClamAV is that it does not include real-time scanning. In fact, if you’re not using the ClamTK GUI, then to create a scheduled scan, you must make use of crontab. With the ClamTK GUI, you can only set up a schedule for your user home directory.

Sophos

If you’re looking for a non-open source solution from a company that’s been in the antivirus sector for quite some time, Sophos offers a free Linux scanner that does an outstanding job. This particular solution does on-access and on-demand scans for viruses, trojans, and malware. To prevent your Linux machine from becoming a distribution point for malicious software, Sophos Antivirus for Linux detects, blocks, and removes Windows, Mac, and Android malware. What makes Sophos stand above ClamAV is the inclusion of a real-time scanner. For desktops that share a lot of files, that is a deal maker.

Once you’ve agreed to the Sophos license (and entered a bit of information), you can download the distribution-agnostic installer, extract the file, and install with the command sudo sh install.sh. During the installation (Figure 2), you’ll be asked if you want to enable on-access scanning (real-time).

You will also be asked what type of auto-updating to be used for virus definitions. You can choose from Sophos servers, your own servers, or none. You can also choose to install the free or the supported version of Sophos as well as configure a proxy (if necessary).

When the installation completes, Sophos is running and protecting your machine in real time. There is no GUI for Sophos, so you’re restricted to the command line. You can check to see if Sophos is running with the command:

/opt/sophos-av/bin/savdstatus

Upon issuing the command, you should see Sophos Anti-Virus is active (Figure 3).

If you want to run an on-demand scan, it is as simple as:

savscan DIRECTORY

Where DIRECTORY is the directory to be scanned.

chkrootkit and rkhunter

No tool is more important to the security of your Linux server than either chkrootkit or rkhunter. These particular tools check for the likes of:

  • System binaries for rootkit modification

  • If the interface is in promiscuous mode

  • lastlog deletions

  • wtmp deletions

  • Signs of LKM trojans

  • Quick and dirty strings replacement

  • utmp deletions

The chkrootkit tool can be installed on Debian-based systems with the following command:

sudo apt install chkrootkit

The rkhunter tool can be installed on CentOS-like systems with the commands:

sudo yum install epel-release

sudo yum install rkhunter

Once installed, the usage is very simple: Issue either sudo chkrootkit or sudo rkhunter -c. Both commands will dive into the system and check for any known rootkits. During the rkhunter scan, you will have to press Enter on your keyboard (when prompted), as it runs through the different stages of the check. When the scan completes, both tools will report back their findings (Figure 4).

Stay safe

There are plenty more options out there, but these four tools should go a long way to keep you safe. Whether you only need a command line antivirus/malware/trojan scanner, a GUI, or a tool to hunt for rootkits, you’re covered. Just don’t fall into the trap of thinking that, because you’re using Linux, you are perfectly safe…even without protection.

Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.

Install Munin (Monitoring Tool) on Ubuntu 17.04 (zesty zapus) Server


Sponsored Link

Munin the monitoring tool surveys all your computers and remembers what it saw. It presents all the information in graphs through a web interface. Its emphasis is on plug and play capabilities. After completing a installation a high number of monitoring plugins will be playing with no more effort.

Using Munin you can easily monitor the performance of your computers, networks, SANs, applications, weather measurements and whatever comes to mind. It makes it easy to determine “what’s different today” when a performance problem crops up. It makes it easy to see how you’re doing capacity-wise on any resources.

Munin uses the excellent RRDTool (written by Tobi Oetiker) and the framework is written in Perl, while plugins may be written in any language. Munin has a master/node architecture in which the master connects to all the nodes at regular intervals and asks them for data. It then stores the data in RRD files, and (if needed) updates the graphs. One of the main goals has been ease of creating new plugins (graphs).

Preparing Your system

Install apache web server using the following command

sudo apt-get install apache2

Now proceed with munin server installation using the following command from your terminal

sudo apt-get install munin

Once the package is installed, you only need to make a few changes to get your installation working.

Configuring Munin server

You need to edit the /etc/munin/munin.conf file

sudo vi /etc/munin/munin.conf

Change the following lines

Change 1

#dbdir /var/lib/munin
#htmldir /var/cache/munin/www
#logdir /var/log/munin
#rundir /var/run/munin

to

dbdir /var/lib/munin
htmldir /var/www/munin
logdir /var/log/munin
rundir /var/run/munin

Change 2

#tmpldir /etc/munin/templates

to

tmpldir /etc/munin/templates

Change 3

the server name on the line localhost.localdomain should be updated to display the hostname, domain name, or other identifier you’d like to use for your monitoring server

# a simple host tree
[localhost.localdomain]
address 127.0.0.1
use_node_name yes

to

[MuninMonitor]
address 127.0.0.1
use_node_name yes

Change 4

You need to edit the munin apache configuration

sudo vi /etc/munin/apache.conf

Change the following line in the starting of the file

Alias /munin /var/cache/munin/www

to

Alias /munin /var/www/munin

and

We also need to allow connections from outside of the local computer for this do the following changes

<Directory /var/cache/munin/www>
Order allow,deny
Allow from localhost 127.0.0.0/8 ::1
Options None

to

<Directory /var/munin/www>
Order allow,deny
#Allow from localhost 127.0.0.0/8 ::1
Allow from all
Options None

you will need to create the directory path that you referenced in the munin.conf file and modify the ownership to allow munin to write to it:

sudo mkdir /var/www/munin

sudo chown munin:munin /var/www/munin

Now you need to restart the munin and apache services using the following commands

sudo service munin-node restart

sudo service apache2 restart

It might take a few minutes to generate the necessary graphs and html files. After about five minutes, your files should be created and you will be able to access your data. You should be able to access your munin details at:

http://yourserver_ip_address/munin

Screenshots

1

2

If you get an error message in your browser similar to the following, you need to wait longer for munin to create the files

Forbidden

You don’t have permission to access /munin/

Configure Remote Monitoring

Munin can easily monitor multiple servers at once.If you want to monitor remote servers you need to following this procedure.

First you need to install munin client package using the following commands

sudo apt-get install munin-node

Now you need to edit the munin-node.conf file to specify that your monitoring server is allowed to poll the client for information.

sudo vi /etc/munin/munin-node.conf

Search for the section that has the line “allow ^127.0.0.1$”. Modify the IP address to reflect your monitoring server’s IP address.If your server ip is 172.30.2.100

allow ^.172.30.2.100$

Save and exit the file

You need to restart the munin client using the following information

sudo service munin-node restart

Now you need to login in to your munin server and edit the munin.conf file

sudo vi /etc/munin/munin.conf

Copy the following section and change the ip address to your remote server client ip address

[MuninMonitor]
address 127.0.0.1
use_node_name yes

to

[MuninMonitor]
address 172.30.2.101
use_node_name yes

Finall you need to restart the apache server using the following command

sudo service apache2 restart

Additional Plugins

The munin-plugins-extra package contains performance checks additional services such as DNS, DHCP, Samba, etc. To install the package run the following command from the terminal

sudo apt-get install munin-plugins-extra

Make sure you have install this package on both the server and node machines.

Sponsored Link



Related posts