Tag Archives: ubuntu

How to Synchronize Time with NTP in Linux | Linux.com


The Network Time Protocol (NTP) is a protocol used to synchronize computer system clock automatically over a networks. The machine can have the system clock use Coordinated Universal Time (UTC) rather than local time.

The most common method to sync system time over a network in Linux desktops or servers is by executing the ntpdate command which can set your system time from an NTP time server. In this case, the ntpd daemon must be stopped on the machine where the ntpdate command is issued.

In most Linux systems, the ntpdate command is not installed by default. To install it, execute the below command:

$ sudo apt-get install ntpdate    [On Debian/Ubuntu]
$ sudo yum  install ntpdate       [On CentOS/RHEL]
$ sudo dnf install ntpdate        [On Fedora 22+]

Read more at Tecmint

Click Here!

Install Munin on Ubuntu 17.10 Server


Sponsored Link

Munin the monitoring tool surveys all your computers and remembers what it saw. It presents all the information in graphs through a web interface. Its emphasis is on plug and play capabilities. After completing a installation a high number of monitoring plugins will be playing with no more effort.

Using Munin you can easily monitor the performance of your computers, networks, SANs, applications, weather measurements and whatever comes to mind. It makes it easy to determine “what’s different today” when a performance problem crops up. It makes it easy to see how you’re doing capacity-wise on any resources.

Munin uses the excellent RRDTool (written by Tobi Oetiker) and the framework is written in Perl, while plugins may be written in any language. Munin has a master/node architecture in which the master connects to all the nodes at regular intervals and asks them for data. It then stores the data in RRD files, and (if needed) updates the graphs. One of the main goals has been ease of creating new plugins (graphs).

Preparing Your system

Install apache web server using the following command

sudo apt-get install apache2

Now proceed with munin server installation using the following command from your terminal

sudo apt-get install munin

Once the package is installed, you only need to make a few changes to get your installation working.

Configuring Munin server

You need to edit the /etc/munin/munin.conf file

sudo vi /etc/munin/munin.conf

Change the following lines

Change 1

#dbdir /var/lib/munin
#htmldir /var/cache/munin/www
#logdir /var/log/munin
#rundir /var/run/munin

to

dbdir /var/lib/munin
htmldir /var/www/munin
logdir /var/log/munin
rundir /var/run/munin

Change 2

#tmpldir /etc/munin/templates

to

tmpldir /etc/munin/templates

Change 3

the server name on the line localhost.localdomain should be updated to display the hostname, domain name, or other identifier you’d like to use for your monitoring server

# a simple host tree
[localhost.localdomain]
address 127.0.0.1
use_node_name yes

to

[MuninMonitor]
address 127.0.0.1
use_node_name yes

Change 4

You need to edit the munin apache configuration

sudo vi /etc/munin/apache.conf

Change the following line in the starting of the file

Alias /munin /var/cache/munin/www

to

Alias /munin /var/www/munin

and

We also need to allow connections from outside of the local computer for this do the following changes

<Directory /var/cache/munin/www>
Order allow,deny
Allow from localhost 127.0.0.0/8 ::1
Options None

to

<Directory /var/munin/www>
Order allow,deny
#Allow from localhost 127.0.0.0/8 ::1
Allow from all
Options None

you will need to create the directory path that you referenced in the munin.conf file and modify the ownership to allow munin to write to it:

sudo mkdir /var/www/munin

sudo chown munin:munin /var/www/munin

Now you need to restart the munin and apache services using the following commands

sudo service munin-node restart

sudo service apache2 restart

It might take a few minutes to generate the necessary graphs and html files. After about five minutes, your files should be created and you will be able to access your data. You should be able to access your munin details at:

http://yourserver_ip_address/munin

Screenshots

1

2

If you get an error message in your browser similar to the following, you need to wait longer for munin to create the files

Forbidden

You don’t have permission to access /munin/

Configure Remote Monitoring

Munin can easily monitor multiple servers at once.If you want to monitor remote servers you need to following this procedure.

First you need to install munin client package using the following commands

sudo apt-get install munin-node

Now you need to edit the munin-node.conf file to specify that your monitoring server is allowed to poll the client for information.

sudo vi /etc/munin/munin-node.conf

Search for the section that has the line “allow ^127.0.0.1$”. Modify the IP address to reflect your monitoring server’s IP address.If your server ip is 172.30.2.100

allow ^.172.30.2.100$

Save and exit the file

You need to restart the munin client using the following information

sudo service munin-node restart

Now you need to login in to your munin server and edit the munin.conf file

sudo vi /etc/munin/munin.conf

Copy the following section and change the ip address to your remote server client ip address

[MuninMonitor]
address 127.0.0.1
use_node_name yes

to

[MuninMonitor]
address 172.30.2.101
use_node_name yes

Finall you need to restart the apache server using the following command

sudo service apache2 restart

Additional Plugins

The munin-plugins-extra package contains performance checks additional services such as DNS, DHCP, Samba, etc. To install the package run the following command from the terminal

sudo apt-get install munin-plugins-extra

Make sure you have install this package on both the server and node machines.

Sponsored Link




Related posts

Protect Your Websites with Let’s Encrypt | Linux.com


Back in the bad old days, setting up basic HTTPS with a certificate authority cost as much as several hundred dollars per year, and the process was difficult and error-prone to set up. Now we have Let’s Encrypt for free, and the whole thing takes just a few minutes.

Why Encrypt?

Why encrypt your sites? Because unencrypted HTTP sessions are wide open to multiple abuses:

Internet service providers lead the code-injecting offenders. How to foil their nefarious desires? Your best defense is HTTPS. Let’s review how HTTPS works.

Chain of Trust

You could set up asymmetric encryption between your site and everyone who is allowed to access it. This is very strong protection: GPG (GNU Privacy Guard, see How to Encrypt Email in Linux), and OpenSSH are common tools for asymmetric encryption. These rely on public-private key pairs. You can freely share public keys, while your private keys must be protected and never shared. The public key encrypts, and the private key decrypts.

This is a multi-step process that does not scale for random web-surfing, however, because it requires exchanging public keys before establishing a session, and you have to generate and manage key pairs. An HTTPS session automates public key distribution, and sensitive sites, such as shopping and banking, are verified by a third-party certificate authority (CA) such as Comodo, Verisign, or Thawte.

When you visit an HTTPS site, it provides a digital certificate to your web browser. This certificate verifies that your session is strongly encrypted and supplies information about the site, such as organization’s name, the organization that issued the certificate, and the name of the certificate authority. You can see all of this information, and the digital certificate, by clicking on the little padlock in your web browser’s address bar (Figure 1).

The major web browsers, including Opera, Firefox, Chromium, and Chrome, all rely on the certificate authority to verify the authenticity of the site’s digital certificate. The little padlock gives the status at a glance; green = strong SSL encryption and verified identity. Web browsers also warn you about malicious sites, sites with incorrectly configured SSL certificates, and they treat self-signed certificates as untrusted.

So how do web browsers know who to trust? Browsers include a root store, a batch of root certificates, which are stored in /usr/share/ca-certificates/mozilla/. Site certificates are verified against your root store. Your root store is maintained by your package manager, just like any other software on your Linux system. On Ubuntu, they are supplied by the ca-certificates package. The root store itself is maintained by Mozilla for Linux.

As you can see, it takes a complex infrastructure to make all of this work. If you perform any sensitive online transactions, such as shopping or banking, you are trusting a whole lot of unknown people to protect you.

Encryption Everywhere

Let’s Encrypt is a global certificate authority, similar to the commercial CAs. Let’s Encrypt was founded by the non-profit Internet Security Research Group (ISRG) to make it easier to secure Websites. I don’t consider it sufficient for shopping and banking sites, for reasons which I will get to shortly, but it’s great for securing blogs, news, and informational sites that don’t have financial transactions.

There are at least three ways to use Let’s Encrypt. The best way is with the Certbot client, which is maintained by the Electronic Frontier Foundation (EFF). This requires shell access to your site.

If you are on shared hosting then you probably don’t have shell access. The easiest method in this case is using a host that supports Let’s Encrypt.

If your host does not support Let’s Encrypt, but supports custom certificates, then you can create and upload your certificate manually with Certbot. It’s a complex process, so you’ll want to study the documentation thoroughly.

When you have installed your certificate use SSL Server Test to test your site.

Let’s Encrypt digital certificates are good for 90 days. When you install Certbot it should also install a cron job for automatic renewal, and it includes a command to test that the automatic renewal works. You may use your existing private key or certificate signing request (CSR), and it supports wildcard certificates.

Limitations

Let’s Encrypt has some limitations: it performs only domain validation, that is, it issues a certificate to whoever controls the domain. This is basic SSL. It does not support Organization Validation (OV) or Extended Validation (EV) because it is not possible to automate identity validation. I would not trust a banking or shopping site that uses Let’s Encrypt– let ’em spend the bucks for a complete package that includes identity validation.

As a free-of-cost service run by a non-profit organization there is no commercial support, but only documentation and community support, both of which are quite good.

The Internet is full of malice. Everything should be encrypted. Start with Let’s Encrypt to protect your site visitors.

Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.

Linux od Command Tutorial for Beginners (6 Examples) | Linux.com


There may be times when while working on the Linux command line, you might want to display/convert content in a file in/to a form other than its original form, like decimal or octal. Gladly, there’s an inbuilt command line tool that you can use in situations like these.

It’s called od, and in this tutorial, we will discuss the basics of this tool using some easy to understand examples. Please note that all examples discussed here have been tested on Ubuntu 16.04 LTS.

The OD command is used to convert input into Octal format. Following is its syntax:

od [OPTION]... [FILE]...

Read more at HowToForge

Click Here!

Install Firefox in a Snap on Linux » Linux Magazine


Linux desktop has an app fragmentation problem. Each distribution has its own application distribution mechanism which ends up duplicating maintainer resources and is almost always a bottleneck when it comes to delivering updates to apps.

The Linux desktop communities are trying to solve that problem with solutions like App Image, Flatpack and Snaps. While Flatpack is backed by Red Hat/Fedora developers, Snaps is backed by Canonical. App Image is relatively independent. Once again there is fragmentation which means either app developers ‘waste’ developer resources and create a package for all three formats or choose one. Eventually the Linux world may settle down on one, but for now we have to deal with all of the three.

Mozilla has officially picked Snap to offer Firefox browser for Linux. According to Canonical, by launching as a snap, the Firefox Quantum browser is available to an increased amount of Linux users with the snap working natively on Ubuntu, Arch, Linux Mint, Fedora, Solus, Debian and other Linux distributions that support snaps.

“Mozilla has long been a leader in the open source space,” said Jamie Bennett, VP of Engineering,  Devices & IoT at Canonical. “As such we are very happy to announce that they are joining the community of applications already available as snaps. Through their unique format, snaps can help bring some of the world’s most popular apps to almost any Linux desktop, server, device or cloud machine, allowing users to select the right distro for them without having to worry about updates, security or compatibility issues further down the line.”

There are a lot of advantages of using Snap like mechanism over the traditional method as you get updates as soon as the vendor releases it, no need to add 3rd party repositories or wait for weeks for official packages to land in official repositories.

If you want to grab a snap of Firefox, visit this link: https://snapcraft.io/store.



Source link