Tag Archives: ubuntu

Dynamic Linux Routing with Quagga | Linux.com


So far in this series, we have learned the intricacies of IPv4 addressing in Linux LAN Routing for Beginners: Part 1 and how to create static routes manually in Linux LAN Routing for Beginners: Part 2.

Now we’re going to use Quagga to manage dynamic routing for us, just set it and forget it. Quagga is a suite of routing protocols: OSPFv2, OSPFv3, RIP v1 and v2, RIPng, and BGP-4, which are all managed by the zebra daemon.

OSPF means Open Shortest Path First. OSPF is an interior gateway protocol (IGP); it is for LANs and LANs connected over the Internet. Every OSPF router in your network contains the topology for the whole network, and calculates the best paths through the network. OSPF automatically multicasts any network changes that it detects. You can divide up your network into areas to keep routing tables manageable; the routers in each area only need to know the next hop out of their areas rather than the entire routing table for your network.

RIP, Routing Information Protocol, is an older protocol. RIP routers periodically multicast their entire routing tables to the network, rather than just the changes as OSPF does. RIP measure routes by hops, and sees any destination over 15 hops as unreachable. RIP is simple to set up, but OSPF is a better choice for speed, efficiency, and scalability.

BGP-4 is the Border Gateway Protocol version 4. This is an exterior gateway protocol (EGP) for routing Internet traffic. You won’t use BGP unless you are an Internet service provider.

Preparing for OSPF

In our little KVM test lab, there are two virtual machines representing two different networks, and one VM acting as the router. Create two networks: net1 is 192.168.110.0/24 and net2 is 192.168.120.0/24. It’s all right to enable DHCP because you are going to go into your three virtual machines and give each of them static addresses. Host 1 is on net1, Host 2 is on net2, and Router is on both networks. Give Host 1 a gateway of 192.168.110.126, and Host 2 gets 192.168.120.136.

  • Host 1: 192.168.110.125
  • Host 2: 192.168.120.135
  • Router: 192.168.110.126 and 192.168.120.136

Install Quagga on your router, which on most Linuxes is the quagga package. On Debian there is a separate documentation package, quagga-doc. Uncomment this line in /etc/sysctl.conf to enable packet forwarding:

net.ipv4.ip_forward=1

Then run the sysctl -p command to load the change.

Configuring Quagga

Look in your Quagga package for example configuration files, such as /usr/share/doc/quagga/examples/ospfd.conf.sample. Configuration files should be in /etc/quagga, unless your particular Linux flavor does something creative with them. Most Linuxes ship with just two files in this directory, vtysh.conf and zebra.conf. These provide minimal defaults to enable the daemons to run. zebra always has to run first, and again, unless your distro has done something strange, it should start automatically when you start ospfd. Debian/Ubuntu is a special case, which we will get to in a moment.

Each router daemon gets its own configuration file, so we must create /etc/quagga/ospfd.conf, and populate it with these lines:

!/etc/quagga/ospfd.conf
hostname router1
log file /var/log/quagga/ospfd.log
router ospf
 ospf router-id 192.168.110.15
 network 192.168.110.0/0 area 0.0.0.0
 network 192.168.120.0/0 area 0.0.0.0
access-list localhost permit 127.0.0.1/32
access-list localhost deny any
line vty
  access-class localhost

You may use either the exclamation point or hash marks to comment out lines. Let’s take a quick walk through these options.

  • hostname is whatever you want. This isn’t a normal Linux hostname, but the name you see when you log in with vtysh or telnet.
  • log file is whatever file you want to use for the logs.
  • router specifies the routing protocol.
  • ospf router-id is any 32-bit number. An IP address of the router is good enough.
  • network defines the networks your router advertises.
  • The access-list entries restrict vtysh, the Quagga command shell, to the local machine, and deny remote administration.

Debian/Ubuntu

Debian, Ubuntu, and possibly other Debian derivatives require one more step before you can launch the daemon. Edit /etc/quagga/daemons so that all lines say no except zebra=yes and ospfd=yes.

Then, to launch ospfd on Debian launch Quagga:

# systemctl start quagga

On most other Linuxes, including Fedora and openSUSE, start ospfd:

# systemctl start ospfd

Now Host 1 and Host 2 should ping each other, and the router.

That was a lot of words to describe a fairly simple setup. In real life the router will connect to two switches and provide a gateway for all the computers attached to those switches. You could add more network interfaces to your router to provide routing for more networks, or connect directly to another router, or to a LAN backbone that connects to other routers.

You probably don’t want to hassle with configuring network interfaces manually. The easy way is to advertise your router with your DHCP server. If you use Dnsmasq then you get DHCP and DNS all in one.

There are many more configuration options, such as encrypted password protection. See the official documentation at Quagga Routing Suite.

Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.

Kali Linux Comes to Windows » Linux Magazine


Kali Linux, a penetration testing distro that you may have seen in Mr. Robot, is now available in Windows Store. The Kali Linux team has been working with the Microsoft WSL team to bring the distro to the platform that still dominates the PC landscape. By doing so, Kali has brought some of the best penetration testing tools to the biggest PC user-base.

“This is especially exciting news for penetration testers and security professionals who have limited toolsets due to enterprise compliance standards,” wrote Mati Aharoni, lead Kali developer, in a blog post.

At the end of last year, Microsoft took WSL out of beta, making it available for every Windows 10 user for the latest Fall Creators Update. Users can simply go to Windows Store and install their preferred Linux distro just like any other app. Initially only Ubuntu, openSUSE Leap and SUSE Linux Enterprise were available, but the WSL team is working with different distros to bring them to the store.

Officially on command line Linux utilities are available through WSL, as the target audience is developers and sysadmins who want to write or deploy applications for Linux machines running on Cloud. That didn’t stop the Linux community from running GUI applications through WSL. In fact, even the Kali Linux team managed to run full blown XFCE desktop.

Running Linux distros under WSL has its own shortcomings. Your system is as secure as is Windows 10. However, the Kali Linux team sees some great possibilities too, “While running Kali on Windows has a few drawbacks to running it natively (such as the lack of raw socket support), it does bring in some very interesting possibilities, such as extending your security toolkit to include a whole bunch of command line tools that are present in Kali.”

Being able to run Linux inside of Windows 10 gives developers native access to tools from both worlds.



Source link

Install Freeradius on ubuntu 17.10 Server and manage using daloradius (Freeradius web management application)


Sponsored Link

RADIUS, which stands for “Remote Authentication Dial In User Service”, is a network protocol — a system that defines rules and conventions for communication between network devices — for remote user authentication and accounting. Commonly used by Internet Service Providers (ISPs), cellular network providers, and corporate and educational networks, the RADIUS protocol serves three primary functions:

• Authenticates users or devices before allowing them access to a network

• Authorizes those users or devices for specific network services

• Accounts for and tracks the usage of those services

Freeradius Features

• An open and scalable solution

• Broad support by a large vendor base

• Easy modification

• Separation of security and communication processes

• Adaptable to most security systems

• Workable with any communication device that supports RADIUS client protocol

daloRADIUS is an advanced RADIUS web platform aimed at managing Hotspots and general-purpose ISP deployments. It features rich user management, graphical reporting, accounting, and integrates with GoogleMaps for geo-locating (GIS). daloRADIUS is written in PHP and JavaScript and utilizes a database abstraction layer which means that it supports many database systems, among them the popular MySQL, PostgreSQL, Sqlite, MsSQL, and many others.

It is based on a FreeRADIUS deployment with a database server serving as the backend. Among other features it implements ACLs, GoogleMaps integration for locating hotspots/access points visually and many more features. daloRADIUS is essentially a web application to manage a radius server so theoretically it can manage any radius server but specifically it manages FreeRADIUS and it’s database structure. Since version 0.9-3 daloRADIUS has introduced an application-wide database abstraction layer based on PHP’s PEAR::DB package which support a range of database servers.

Before Installing make sure you have Ubuntu 17.10 LAMP server installed and ready for freeradius.

Preparing your system

Open the terminal and run the following command

sudo apt-get install php-common php-gd php-curl php-mail php-mail-mime php-pear php-db php-mysql

Install freeradius using the following command

sudo apt-get install freeradius freeradius-mysql freeradius-utils

Create Freeradius Database

You can use the following command to create freeradius database

sudo mysql -u root -p

Enter password:

mysql> create database radius;

mysql> grant all on radius.* to [email protected] identified by “password”;

Query OK, 0 rows affected (0.00 sec)

Insert the freeradius database scheme using the following commands

sudo mysql -u root -p radius < /etc/freeradius/sql/mysql/schema.sql

Enter password:

sudo mysql -u root -p radius < /etc/freeradius/sql/mysql/nas.sql

Enter password:

Create new user for radius database

sudo mysql -u root -p

mysql> use radius;

Reading table information for completion of table and column names

You can turn off this feature to get a quicker startup with -A

Database changed

mysql> INSERT INTO radcheck (UserName, Attribute, Value) VALUES (‘sqltest’, ‘Password’, ‘testpwd’);

Query OK, 1 row affected (0.04 sec)

mysql> exit

Bye

Freeradius Configuration

You need to edit /etc/freeradius/sql.conf file

sudo vi /etc/freeradius/sql.conf

Make sure you have the following details

database = mysql
login = radius
password = password

Uncomment the following

readclients = yes

Save and Exit the file

Now you need to edit the /etc/freeradius/sites-enabled/default file

sudo vi /etc/freeradius/sites-enabled/default

Uncomment the sql option in the following sections

accounting

# See “Authorization Queries” in sql.conf

sql

session

# See “Authorization Queries” in sql.conf

sql

Post-Auth-Type

# See “Authorization Queries” in sql.conf

sql

Save and Exit the file

Now edit /etc/freeradius/radiusd.conf file

sudo vi /etc/freeradius/radiusd.conf

#Uncomment the following option

$INCLUDE sql.conf

Save and exit the file

Now you can stop the free radius server using the following command

sudo /etc/init.d/freeradius stop

Run freeradius in debugging mode. If there is no error, you are ready to go.

sudo freeradius -X

Start the freeradius using the following command

sudo /etc/init.d/freeradius start

Test the radius server using the following command

sudo radtest sqltest testpwd localhost 18128 testing123

Ouput as follows

Sending Access-Request of id 68 to 127.0.0.1 port 1812
User-Name = “sqltest”
User-Password = “testpwd”
NAS-IP-Address = 127.0.1.1
NAS-Port = 18128
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=68, length=20

Daloradius Installation

You can download the Daloradius latest version from here

Once you downloaded the daloradius-0.9-9.tar.gz file you need to extract using the following command

$ tar xvfz daloradius-0.9-9.tar.gz

$ mv daloradius-0.9-9 daloradius

$ mv daloradius /var/www/html

Change Permissions

sudo chown www-data:www-data /var/www/html/daloradius -R

sudo chmod 644 /var/www/html/daloradius/library/daloradius.conf.php

Mysql database need to setup for daloradius.We need to do is to import the daloradius scheme into our existing radius database.

$ cd /var/www/html/daloradius/contrib/db

sudo mysql -u root -p radius < mysql-daloradius.sql

configure the following daloradius setting.

sudo vi /var/www/html/daloradius/library/daloradius.conf.php

Change the database password

$configValues[‘CONFIG_DB_PASS’] = ‘password’;

Save and exit the file

Now you need to configure daloradius website under /etc/apache2/sites-available

sudo vi /etc/apache2/sites-available/daloradius.conf

add the following lines

Alias /daloradius “/var/www/html/daloradius/”

<Directory /var/www/html/daloradius/>
Options None
Order allow,deny
allow from all
</Directory>

Save and exit the file

Enable daloradius website using the following command

sudo a2ensite daloradius

Enabling site daloradius.

To activate the new configuration, you need to run:

sudo service apache2 reload

Daloradius Web GUI

you can access daloradius GUI using http://server-ip/daloradius and the login screen as follows

1

Use the following login details

username: administrator
password: radius

If you are running PHP 7 then you might see the following error

Database connection error
Error Message: DB Error: extension not found

To fix the above error you need to do the following changes Credit goes here

Changing file library/daloradius.conf.php

It’s required to update daloRADIUS’s database connection code so that it identifies the MySQL server using the new and improved mysqli driver:

Open for editing the file library/daloradius.conf.php and locate the configuration variable CONFIG_DB_ENGINE and change it to the value of mysqli (it is now probably set to mysql, notice the extra i). It should end up looking as follows: $configValues[‘CONFIG_DB_ENGINE’] = ‘mysqli’;
Changing file library/opendb.php

Open for editing the file library/opendb.php

At the very end of the file just add this new line of code: $dbSocket->query(“SET GLOBAL sql_mode = “;”); which makes the MySQL version work with less strict SQL syntax

Once you logged in you should see similar to the following screen

2

Sponsored Link




Related posts

Namib Linux Makes Arch Linux a Dream for New Users | Linux.com


Let’s not mince words here. Arch Linux is a challenge to install. If it weren’t, we wouldn’t have so many distributions, such as Anarchy, which we covered previously, claiming to make Arch accessible for any user. Some of those distributions succeed and some fall flat. But few do as remarkable (albeit someone confusing) of a job as does Namib Linux. Not only does Namib Linux make installing and using Arch Linux as simple as can be, it also offers everything desktop Linux should have:

  • Pre-installed codecs to play multimedia files.

  • Automatic installation of hardware drivers.

  • Access to the latest versions of software.

  • Support for the easy installation and use of multiple kernels.

All of that, along with the usual Linux goodness that comes with standard desktop distribution (graphical desktop interface, pre-installed applications, etc.), helps make Namib Linux pretty impressive.

A little about Namib Linux

Namib Linux is a rolling release distribution created and maintained by Meerkat Software, which is based in New Zealand. One of the key aspects of Namib Linux is the idea that privacy, security, and control is of the utmost value. To that end, Namib Linux allows you to:

I’ve installed Namib Linux as a VirtualBox virtual machine and I can, without question, say the distribution lives up to its claims. Let’s get it installed and see what makes this user-friendly approach to Arch Linux special.

Installation

I’d love to spend a good amount of time discussing the installation of Namib Linux, but Meerkat Software has done such a great job of making the installation easy, there’s little use dwelling on the subject. Download the ISO image (there are four versions to choose from: Mate, GNOME, KDE, or Xfce), burn it to a disk, or USB drive (or just create a VirtualBox VM from the ISO) and boot up your machine (or virtual machine). I’ve tried both the Mate and GNOME versions of Namib Linux and can say they are both stellar options.

Namib Linux uses the Calamares Installer (Figure 1), which happens to be one the most user-friendly installers on the planet.

Once installed, you’ll find your Namib Linux desktop ready to serve. Reboot and log into your user account. The first thing you might check is to see if there are any updates. Open the software update tool for your desktop of choice (Figure 2) and run any necessary updates.

Because Namib Linux is a rolling release, you won’t have to install again, once a new release is out. Just keep it up to date and you’re good to go.

Software variations

I did notice that, between the Mate and GNOME editions of Namib, there are different main packages installed. For example, in the GNOME edition, LibreOffice is installed, whereas with the Mate edition, it is not. Oddly, the installed version of LibreOffice is out of date (at 5.4.5.1). Considering this is a rolling release, I am surprised that the Fresh version (6) of LibreOffice isn’t installed. If, however, you install LibreOffice from the default package manager, you will find the Fresh version (6.0.1.1 as of this writing) available. If you do this on the GNOME version, you’ll wind up with two different releases of LibreOffice.

Fortunately, each iteration of Namib Linux does include a graphical software installer (e.g., GNOME Software or Pamac). Thus, installing or removing software is as easy as opening the software installer, searching for the package to be installed (or removed), selecting it for installation (or removal), and providing your user password. This means you can open up the Add/Remove Software tool, and easily uninstall the LibreOffice 5 release. Oddly enough, GNOME Software wasn’t able to see the LibreOffice Still (5) version. Because of this, the only way to remove it (using a graphical tool) was by way of Pamac.

Conversely, I did notice that installing LibreOffice Fresh via GNOME Software resulted in the Add/Remove Software tool not being aware of this new installation. That’s right, both GNOME Software and Pamac will be available in the GNOME edition of Namib Linux, and they seem to have difficulting seeing what one another is doing. Even so, LibreOffice Fresh can be installed and launched from the GNOME Dash. NOTE: This issue didn’t appear in the Mate version of Namib Linux, as LibreOffice isn’t installed by default.

Regardless of your desktop of choice, Namib Linux does include a few extra bits and pieces (as compared to the likes of, say, Ubuntu Linux. You’ll find:

  • Avahi Server Browser

  • HP Device Manager

  • Parcellite (clipboard manager)

  • PulseAudio Volume Controller

  • V4L2 Test Bench

  • Polari IRC Chat

  • Builder

  • Nambi Notifications Settings

  • Namib Settings

It is that final entry that might be of interest to users. Within the Namib Settings tool, you can configure:

  • Locale Settings

  • Language Packages

  • User Accounts

  • Time and Date

  • Hardware

  • Keyboard

  • Kernel

That’s right, Namib Linux allows the user to easily install and remove kernels. If you open up the desktop menu and type namib, you’ll see the Namib Settings Manager. Open that and then double-click on the Kernel entry. In the resulting window (Figure 3), you will see a listing of available kernels.

As you can see in the figure, I’ve already installed kernel 4.15.6a-1, so it is now available, alongside 4.15.5-1. Kernel 4.14.22-1 is also available for installation. Should I opt for one of the other kernels, I only need to click the Install button associated with the kernel I want to run. After entering the user password, the kernel will be downloaded and installed. When prompted, click Close and reboot your machine for the changes to take effect.

I did find one issue with this tool. After installing the 4.15.6-1-hardened kernel (using the Namib tool), I rebooted as described, only to find the 4.15.5-1 kernel running. It wasn’t until I issued the command sudo grub-mkconfig -o /boot/grub/grub.cfg, that the newer kernel booted. This leads me to believe the Namib Kernel Settings window is incomplete or somewhat misleading. According to the documentation, this is a one-click kernel switcher. However, if (after installing a new kernel) it then requires the user to issue the grub-mkconfig command, it is not truly a one-click solution.

Even with that one caveat, it does make for easy kernel switching.

Definitely worth a try

Even with these caveats, Namib Linux makes Arch Linux incredibly accessible for new users. If you’ve been looking for an excuse to get familiar with Arch Linux, you should definitely give Namib Linux a go. Once you’re familiar with the environment, you may want to give Arch Linux a try.

Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.

Plasma Mobile Could Give Life to a Mobile Linux Experience | Linux.com


In the past few years, it’s become clear that, outside of powering Android, Linux on mobile devices has been a resounding failure. Canonical came close, even releasing devices running Ubuntu Touch. Unfortunately, the idea of Scopes was doomed before it touched down on its first piece of hardware and subsequently died a silent death.

The next best hope for mobile Linux comes in the form of the Samsung DeX program. With DeX, users will be able to install an app (Linux On Galaxy—not available yet) on their Samsung devices, which would in turn allow them to run a full-blown Linux distribution. The caveat here is that you’ll be running both Android and Linux at the same time—which is not exactly an efficient use of resources. On top of that, most Linux distributions aren’t designed to run on such small form factors. The good news for DeX is that, when you run Linux on Galaxy and dock your Samsung device to DeX, that Linux OS will be running on your connected monitor—so form factor issues need not apply.

Outside of those two options, a pure Linux on mobile experience doesn’t exist. Or does it?

You may have heard of the Purism Librem 5. It’s a crowdfunded device that promises to finally bring a pure Linux experience to the mobile landscape. This device will be powered by a i.MX8 SoC chip, so it should run most any Linux operating system.

Out of the box, the device will run an encrypted version of PureOS. However, last year Purism and KDE joined together to create a mobile version of the KDE desktop that could run on the Librem 5. Recently ISOs were made available for a beta version of Plasma Mobile and, judging from first glance, they’re onto something that makes perfect sense for a mobile Linux platform. I’ve booted up a live instance of Plasma Mobile to kick the tires a bit.

What I saw seriously impressed me. Let’s take a look.

Testing platform

Before you download the ISO and attempt to fire it up as a VirtualBox VM, you should know that it won’t work well. Because Plasma Mobile uses Wayland (and VirtualBox has yet to play well with that particular X replacement), you’ll find VirtualBox VM a less-than-ideal platform for the beta release. Also know that the Calamares installer doesn’t function well either. In fact, I have yet to get the OS installed on a non-mobile device. And since I don’t own a supported mobile device, I’ve had to run it as a live session on either a laptop or an Antsle antlet VM every time.

What makes Plasma Mobile special?

This could be easily summed up by saying, Plasma Mobile got it all right. Instead of Canonical re-inventing a perfectly functioning wheel, the developers of KDE simply re-tooled the interface such that a full-functioning Linux distribution (complete with all the apps you’ve grown to love and depend upon) could work on a smaller platform. And they did a spectacular job. Even better, they’ve created an interface that any user of a mobile device could instantly feel familiar with.

What you have with the Plasma Mobile interface (Figure 1) are the elements common to most Android home screens:

Because KDE went this route with the UX, it means there’s zero learning curve. And because this is an actual Linux platform, it takes that user-friendly mobile interface and overlays it onto a system that allows for easy installation and usage of apps like:

  • GIMP

  • LibreOffice

  • Audacity

  • Clementine

  • Dropbox

  • And so much more

Unfortunately, without being able to install Plasma Mobile, you cannot really kick the tires too much, as the live user doesn’t have permission to install applications. However, once Plasma Mobile is fully installed, the Discover software center will allow you to install a host of applications (Figure 2).

Swipe up (or scroll down—depending on what hardware you’re using) to reveal the app drawer, where you can launch all of your installed applications (Figure 3).

Open up a terminal window and you can take care of standard Linux admin tasks, such as using SSH to log into a remote server. Using apt, you can install all of the developer tools you need to make Plasma Mobile a powerful development platform.

We’re talking serious mobile power—either from a phone or a tablet.

A ways to go

Clearly Plasma Mobile is still way too early in development for it to be of any use to the average user. And because most virtual machine technology doesn’t play well with Wayland, you’re likely to get too frustrated with the current ISO image to thoroughly try it out. However, even without being able to fully install the platform (or get full usage out of it), it’s obvious KDE and Purism are going to have the ideal platform that will put Linux into the hands of mobile users.

If you want to test the waters of Plasma Mobile on an actual mobile device, a handy list of supported hardware can be found here (for PostmarketOS) or here (for Halium). If you happen to be lucky enough to have a device that also includes Wi-Fi support, you’ll find you get more out of testing the environment.

If you do have a supported device, you’ll need to use either PostmarketOS (a touch-optimized, pre-configured Alpine Linux that can be installed on smartphones and other mobile devices) or Halium (an application that creates an minimal Android layer which allows a new interface to interact with the Android kernel). Using Halium further limits the number of supported devices, as it has only been built for select hardware. However, if you’re willing, you can build your own Halium images (documentation for this process is found here). If you want to give PostmarketOS a go, here are the necessary build instructions.

Suffice it to say, Plasma Mobile isn’t nearly ready for mass market. If you’re a Linux enthusiast and want to give it a go, let either PostmarketOS or Halium help you get the operating system up and running on your device. Otherwise, your best bet is to wait it out and hope Purism and KDE succeed in bringing this oustanding mobile take on Linux to the masses.

Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.