As a Linux administrator or developer, it’s important to keep your systems running at optimal performance. One of the most effective ways to achieve this is by mastering kernel tuning and system profiling. In this guide, we’ll walk you through the steps to improve the performance of your Linux systems.
Step 1: Understand kernel parameters
The Linux kernel is the heart of the operating system and manages system resources such as memory, CPU, and storage. By understanding the parameters that can be adjusted, you can optimize the performance of your system to meet the specific requirements of your organization. Some important parameters to understand include swappiness, I/O scheduler, file system, and TCP congestion control.
Step 2: Adjust kernel parameters
Once you understand the parameters that can be adjusted, you can begin to tweak them for optimal performance. You can adjust kernel parameters by editing the /etc/sysctl.conf file. It is important to make a backup of this file before making any changes. You can use the sysctl command to reload the configuration and apply the changes.
Step 3: Use system profiling tools
To understand how your system is currently behaving, you can use system profiling tools such as top, htop, vmstat, and perf. These tools provide detailed information about system memory, CPU, I/O, and network usage, which can be used to identify performance bottlenecks and inefficiencies.
Step 4: Analyze the results
By using these tools, you can analyze the results and identify performance bottlenecks and inefficiencies in your system. For example, if you notice that the system is swapping a lot, you may need to adjust the swappiness parameter to reduce the amount of swapping. If you notice that the I/O scheduler is causing a bottleneck, you may need to switch to a different scheduler.
Step 5: Repeat the process
Optimizing performance on Linux systems is an ongoing process. You may need to repeat these steps multiple times to fine-tune the performance of your system. It’s also important to monitor the performance of your system over time and make adjustments as necessary.
Conclusion
In conclusion, optimizing performance on Linux systems is a crucial task for any Linux administrator or developer. By following these steps and using the tools available, you’ll be able to take control of your Linux systems and ensure that they are running at their best.
As a Linux administrator, one of your most important tasks is to manage users and groups on your system. In this post, we will cover the basics of creating and managing users and groups in Linux.
Creating Users
In Linux, user accounts are stored in the /etc/passwd file. Each line of the file represents a user account, with fields separated by colons. The fields include the user’s name, password, UID, GID, and home directory. The password field is actually a placeholder, as Linux stores passwords in a separate file, /etc/shadow.
To create a new user, you can use the “useradd” command. The basic syntax is:
useradd [options] username
The options can include things like the user’s home directory, UID, and GID. For example, to create a new user named “joe” with a home directory of /home/joe and a UID of 1000, you would use the following command:
useradd -d /home/joe -u 1000 joe
You can also specify the initial password for the user when you create them. For example, to set the password for joe as “password”, you can use the following command:
echo joe:password | chpasswd
Managing Users
Once you have created a user, you may need to make changes to their account. For example, you may need to change their password or update their home directory.
To change a user’s password, you can use the “passwd” command. For example, to change joe’s password, you would use the following command:
passwd joe
You can also use the “usermod” command to make changes to a user’s account. For example, to change joe’s home directory to /home/joe2, you would use the following command:
usermod -d /home/joe2 joe
Creating and Managing Groups
In Linux, groups are used to control access to files and resources. Each user can be a member of one or more groups, and each group has a unique GID.
To create a new group, you can use the “groupadd” command. The basic syntax is:
groupadd [options] groupname
The options can include the GID for the group. For example, to create a new group named “dev” with a GID of 2000, you would use the following command:
groupadd -g 2000 dev
You can also use the “usermod” command to add or remove users from groups. For example, to add joe to the “dev” group, you would use the following command:
usermod -a -G dev joe
To remove joe from the “dev” group, you would use the following command:
gpasswd -d joe dev
Managing groups is an important aspect of maintaining a secure and well-organized Linux system. By understanding the basics of creating and managing users and groups, you can ensure that your users have the access they need to perform their tasks, while still maintaining control over your system’s resources.
In summary, creating and managing users and groups in Linux is a fundamental task for Linux administrators. By using the useradd, usermod, groupadd,
Tags
Linux, Users, Groups, Command Line, Passwords, Security, Performance, Optimization, UID, GID, Home directory, Boot Process, System Administration, Linux Administration, Linux System, Linux Security.
SMB is a client-server, document-sharing protocol that stands for Server Message Block which became invented through IBM in 1984 for the motive of permittingcomputer systems to get right of entry todocuments for analyzing or writing on a far flung host the usage of the LAN (Local locationcommunity). The SMB protocol that makes to be had the documents or directories which can be accessed at thefar flung host are known asshares. This way that we will mount a shared document or listing to our devicethe usage of the nearbylocationcommunity. SMB becameformerlycalled CIFS and is the antiquemodel or dialect of SMB which stands for Common Internet File System which became created through Microsoft and is a specific implementation of the Server Message Block protocol. In this text, we canoffer you with every and each little step on the way to mount SMB stocks on Ubuntu the usage of the Samba document server. Samba makes use of the SMB protocol and has the equalcharacteristic as SMB i-e permittingdocument sharing on Local location networks with differentstructures. But earlier than going aheadlet me spotlight a factor that this article assumes which you have already shared a listing on a far flungdeviceand you’llget right of entry to that directory in this article.
Step1: Updating and upgrading apt-cache repository
The first step is to update our apt applicationsthroughthe usage of the update command in our Ubuntu 20.04 terminal:
$ sudo apt update
All our applications are updatedbut if our applicationsaren’tupdated then we need to run the subsequent command to upgrade:
$ sudo apt upgrade
Step2: Cifs-utils Package installation
$ sudo apt install cifs-utils
Step3: Creating Directory
$ sudo mkdir /media/share
Step4: Creating Credentials document
This step entailsdeveloping the credentials document in our domesticlisting and with the use of .(dot) which is wanted for safetymotiveswith the intention to make our document hidden. For this motive execute the underneath command a good way to open the documentwithinside the nano editor:
$ sudo nano /root/.examplecredentials
You can replace the name of the document with anything you need the documentcall to be:
Now that the document is opened kindthe subsequentstrainswithinside thedocumenta good way to be our samba username and password:
Next, we can make the /root/.examplecredentials document readable best and best for the foundation account for this reason will putrestrict on all non-root money owedthrough executing the subsequent command in our Ubuntu 20.04 terminal:
$ sudo chmod 400 /root/.examplecredentials
Step5: Mount samba share
In this step we will execute the command which will mount the remote samba shared directory on our Ubuntu system:
$ sudo mount -t cifs -o rw,vers=3.0,credentials=/root/.examplecredentials
//192.168.18.112/sharedDir /media/share
Replace the IP Address in the above command where you have already shared a directory or folder on the remote system and if that is Ubuntu system then you can find the IP address with ip a command:
$ ip a
The IP address of the remote Ubuntu system from where sharedDir was shared is “192.168.18.112” which was provided in the above mount command.
Step6: Automount on system reboot
The manually mounted file system in the above step will not be mounted once our Ubuntu/system reboots, hence to solve this problem first we will open the /etc/fstab file in nano editor and then add some configuration to that file. To open the /etc/fstab file in the nano editor execute the following command:
$ sudo nano /etc/fstab
The above command will open /etc/fstab file and you will see something like shown below on your system screen:
Now add the following line in the file that was opened with the nano editor:
Remember that you need toupdate the IP Address together along with your IP Address and then press CTRL+S to save the above documentafter which press CTRL+X to close the document.
Conclusion
SMB is a document-sharing protocol created for the motive of permittingcomputer systems to get right of entry tofar flungstructuresdocuments over a LAN community and CIFS is a specific dialect of SMB having nearly the equal functionality. In this text, we confirmed you the way to mount SMB proportion on Ubuntu 20.04 the usage of the samba document server; but, the instructions used have beenaccepted and may beimplemented on any Linux distribution.
In this tutorial, I will display you tools that permit you to get right of entry tofaraway Desktop on machines strolling CentOS/RHEL. All those apps work in client-server mode. So you want to run a server-aspect app for yourfarawaymachine and after that, you may becapin a positionto connect to it from everywhere in the world. Of courseon this reference manual, I will inform youa way to configure this securely, so most effectiveyou couldget right of entry to your server. Before we begin, you’llwant SSH accesson your server and permissions to put in the software. You will want to login as the rootuser or user with the sudo privileges. All instructions will work on each CentOS server 5/6/7/8. Before we start, you wantto put indesktopsurroundingson your server.
1) VNC
x11vnc – simplest of these three methods to get remote access. VNC stands for Virtual Network Computing) is a very useful network graphics protocol.
You need to enable EPEL (Extra Packages for Enterprise Linux) repository. Run
# yum -y install epel-release
Now we can install x11vnc. This command will install server and solve all dependencies:
# yum -y install x11vnc
Then we will protect server with password:
# x11vnc -storepasswd
Enter VNC password:
Verify password:
Write password to /root/.vnc/passwd? [y]/n y
Password written to: /root/.vnc/passwd
NOTE: You must change the USERNAME in the above config if you’ll use the same VNC setup. This is the configuration we used for this tutorial.
Now we must run vncpasswd command to setup our access password, and/or view-only password (a password that allows the user to only view the remote screen):
# vncpasswd
Password:
Verify:
Would you like to enter a view-only password (y/n)? n
A view-only password is not used
If everything went ok, you should have similar terminal output to this:
$ systemctl status vncserver@:1.service
● vncserver@:1.service - Remote desktop service (VNC)
Loaded: loaded (/etc/systemd/system/vncserver@:1.service; enabled; vendor preset: disabled)
Active: active (exited) since Wed 2020-09-30 22:04:47 CEST; 7s ago
Process: 3766 ExecStart=/usr/sbin/runuser -l slax -c /usr/bin/vncserver %i (code=exited, status=0/SUCCESS)
Process: 3761 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill %i > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
Main PID: 3766 (code=exited, status=0/SUCCESS)
Sep 30 22:04:44 localhost.localdomain systemd[1]: Starting Remote desktop service (VNC)...
Sep 30 22:04:47 localhost.localdomain systemd[1]: Started Remote desktop service (VNC).
And finally connect to it:
# vncviewer YOUR_SERVER_IP
3) XRDP
XRDP is an Open Source Remote desktop Protocol server. In order to use XRDP you need to have VNC service already installed. So you should follow the first or second option from this tutorial prior to XRDP installation.
First of all we need to install EPEL repository and xrdp server:
# teamviewer passwd YOUR_PASSWORD
ok
# systemctl start teamviewerd.service
Now you only need to get your id to connect:
# teamviewer –info
TeamViewer ID: 9XXXXXXX7
Try to connect to it using this id and password you set before:
5) FreeNX
FreeNX is a Remote Access solution based on enterprise-class open source technologies by NoMachine. If you want exactly this tool to get remote access, you may consider upgrading to cloud version.
First of all we need to add e EPEL + nux-dextop repositories, for Centos 6:
Now we need to create user for remote access and assign password for him:
# /usr/libexec/nx/nxserver --adduser bob
NX> 100 NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: not detected)
NX> 1000 NXNODE - Version 3.2.0-74-SVN OS (GPL, using backend: not detected)
NX> 716 Public key added to: /home/bob/.ssh/authorized_keys2
NX> 1001 Bye.
NX> 999 Bye
#/usr/libexec/nx/nxserver --passwd bob
NX> 100 NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: not detected)
New password:
Password changed.
NX> 999 Bye
Now we will install epel-repos and opennx client on your machine:
# yum install opennx
After beginning opennx wizard you’ll berequestedapproximately the consultation name, server address, and port. Most essentialcomponent is to installation your key. You’ll wantto replicatethe important thing from server’s /etc/nxserver/client.id_dsa.key and paste it into the overall tab of your clientsession properties. Please share your remarksin thiseducational and allow us torecognisein case you are privy tosome other tools.
Tags:
rdp linux, xrdp ubuntu, linux remote desktop client, remote access in linux, linux rdp client, gnome remote desktop, linux rdp server
This article we deliver shell scripts to backup your documents and directories from you nearby Linux system to a faraway Linux server the use of rsync command. This could be an interactive manner to carry out backup, in which you want to offerfaraway backup server hostname/ip deal with and folder location. We maintain a separate reportin which you want to offerdocuments and directories that want backup. We have brought scripts in which first script ask password after everyreporthave been copied (when you have enabled ssh authentication keys , then password might benow no longer be asked) and in 2d script password might beprecipitatedmost effective once. We are going to backup bckup.txt, dataconfig.txt, docs and oracledb.
[root@Fedora21 tmp]# ls -l total 12 -rw-r–r–. 1 root root 0 May 15 10:43 bckrsync.sh -rw-r–r–. 1 root root 0 May 15 10:44 bckup.txt -rw-r–r–. 1 root root 0 May 15 10:46 dataconfig.txt drwxr-xr-x. 2 root root 4096 May 15 10:45 docs drwxr-xr-x. 2 root root 4096 May 15 10:44 oracledb
#!/bin/bash
#We will save path to backup file in variable
backupf='/tmp/bckup.txt'
#Next line just prints message
echo "Shell Script Backup Your Files / Directories Using rsync"
#next line check if entered value is not null, and if null it will reask user to enter Destination Server
while [ x$desthost = "x" ]; do
#next line prints what userd should enter, and stores entered value to variable with name desthost
read -p "Destination backup Server : " desthost
#next line finishes while loop
done
#next line check if entered value is not null, and if null it will reask user to enter Destination Path
while [ x$destpath = "x" ]; do
#next line prints what userd should enter, and stores entered value to variable with name destpath
read -p "Destination Folder : " destpath
#next line finishes while loop
done
#Next line will start reading backup file line by line
for line in `cat $backupf`
#and on each line will execute next
do
#print message that file/dir will be copied
echo "Copying $line ... "
#copy via rsync file/dir to destination
rsync -ar "$line" "$desthost":"$destpath"
#this line just print done
echo "DONE"
#end of reading backup file
done
Running the script with output
[root@Fedora21 tmp]# ./bckrsync.sh
Shell Script Backup Your Files / Directories Using rsync
Destination backup Server : 104.*.*.41
Destination Folder : /tmp
Copying /tmp/oracledb ...
The authenticity of host '104.*.*.41 (104.*.*.41)' can't be established.
ECDSA key fingerprint is 96:11:61:17:7f:fa:......
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '104.*.*.41' (ECDSA) to the list of known hosts.
root@104.*.*.41's password:
DONE
Copying /tmp/dataconfig.txt ...
root@104.*.*.41's password:
DONE
Copying /tmp/docs ...
root@104.*.*.41's password:
DONE
[root@Fedora21 tmp]#
Script 2 :
#!/bin/bash
#We will save path to backup file in variable
backupf='/tmp/bckup.txt'
#Next line just prints message
echo "Shell Script Backup Your Files / Directories Using rsync"
#next line check if entered value is not null, and if null it will reask user to enter Destination Server
while [ x$desthost = "x" ]; do
#next line prints what userd should enter, and stores entered value to variable with name desthost
read -p "Destination backup Server : " desthost
#next line finishes while loop
done
#next line check if entered value is not null, and if null it will reask user to enter Destination Path
while [ x$destpath = "x" ]; do
#next line prints what userd should enter, and stores entered value to variable with name destpath
read -p "Destination Folder : " destpath
#next line finishes while loop
done
#next line check if entered value is not null, and if null it will reask user to enter password
while [ x$password = "x" ]; do
#next line prints what userd should enter, and stores entered value to variable with name password. #To hide password we are using -s key
read -sp "Password : " password
#next line finishes while loop
done
#Next line will start reading backup file line by line
for line in `cat $backupf`
#and on each line will execute next
do
#print message that file/dir will be copied
echo "Copying $line ... "
#we will use expect tool to enter password inside script
/usr/bin/expect << EOD
#next line set timeout to -1, recommended to use
set timeout -1
#copy via rsync file/dir to destination, using part of expect — spawn command
spawn rsync -ar ${line} ${desthost}:${destpath}
#as result of previous command we expect “password” promtp
expect "*?assword:*"
#next command enters password from script
send "${password}\r"
#next command tells that we expect end of file (everything finished on remote server)
expect eof
#end of expect pard
EOD
#this line just print done
echo "DONE"
#end of reading backup file
done
Screenshot running the second script with output
Tags:
rsync, rsync linux, rsync ssh, rsync over ssh, rsync remote to local, linux rsync examples, bash script, shell script, bash in linux, linux script
Crontab recordshops the cron jobs in Linux. Cron jobs (cron) runs periodically at constant time, dates and intervals. Its equal in Windows is scheduled task. All repetitive responsibilitiesmay be scheduled the use of cron. Crontab record is the configuration recordwhich includesrecordsapproximately the time and command/scripts to execute. In this educational we examine Linux crontab with examples to time table jobs. Crontab Syntax Each line in crontab record represents a job. It incorporates5 fields accompaniedvia way of means of a shell command or script to execute.
Syntax:
* (Minute) *(Hour) * (Day of the Month) *(Month of the Year) *(Day of the Week) username <path to command/script to execute
*
Minute
This field value is between 0 – 59
*
Hour
This field value is between 0 – 23
*
Day of the month
This field value is between 1 – 31
*
Month of the year
This field value is between 1 – 12. First 3 alphabet of month is also accepted like jan, feb, mar
*
Day of the week
This field value is between 0 – 7. Where 0 and 7 is Sunday. 1 is Monday, 2 is Tuesday , like wise
Define multiple values or ranges
To define multiple values and ranges use comma (,) and hyphen (-). The asterisk (*) matches anything. For example, to show multiple values use 1,2,3 or mon,tue,wed and for ranges can use 1-3 or mon-wed.
How to use crotab
crontab command is used to open and edit/add cron jobs. The cron daemon that run on Linux execute scheduled jobs at time define in the crontab ( cron table). The main system-wide crontab file is /etc/crontab.
Cron is by default installed in most Linux Distributions. Each user in the Linux system can manage their own cron jobs. Each user cron is stored under /var/spool/cron/crontabs/. The cron daemon runs both user and system crontab.
Cron daemon has some default $PATH defined, which you can find in /etc/crontab. If its not define either use absolute path or add to the cron $PATH variable.
Cron mail notification by default is sent to owner of the crontab. To change this, edit MAILTO environment variable.
Cron logs are stored in /var/log/syslog on Ubuntu/Debian systems and in /var/log/cron on Redhat/Rocky Linux. You can filter the log file using grep command to verify the cron job ran successfully or not.
1. Edit/add Crontab
To edit (existing jobs) or add new cron use crontab -e command. This will open an editor for the current user.
$ crontab -e
To edit another user crontab file, type:
$ crotab -u username -e
Or simply run crontab -e command by logged in as that user.
2. List Cron Jobs
To list all jobs of the current user, type:
$ crontab -l
To list all cron jobs for a specified user, type:
$ crontab -u -l
3. Remove cron jobs
To remove all cron jobs of the current user, execute the following command:
# crontab -r
Note: This will remove all the cron jobs without asking for confirmation.
If you want to delete interactively, you need to use the following command:
# crontab -ir
Crontab Jobs Examples
Let’s check some crontab examples for scheduling cron jobs.
1. Run cron jobs every 12 hours
This helps for regular system checks or backups. To schedule a task to run every 12 hours, type:
0 */12 * * * /scripts/test.sh
2. Run cron job every 5 minutes
Sometimes you need to monitor your system every n minutes. Use the following expression to run the task every 5 minutes.
*/5 * * * * /scripts/test.sh
3. Run cron job every day at 2 am
Everyday backup can be scheduled for a specific time. The following expression runs the cron job at 2 am every day.
0 2 * * * /script/test.sh
To schedule a cron job every day at 2 pm, cron use 24 hours clock.
0 14 * * * /script/test.sh
4. Run cron job every day at 12:30 am
30 12 * * * /script/test.sh
5. Run cron job every minute
For example, you have a script that needs to be run every minute, use the following expression.
* * * * * /scripts/test.sh
6. Run cron job at certain minutes
Use the following cron expression to run the script at minutes 2, 15, and 30.
2,15,30 * * * * /scripts/test.sh
7. Run cron job to run every Saturday at 1 AM
This helps you nee to run the backup on Saturday at a specific time. The following expression helps to cron job on every Saturday at 1 AM.
0 1 * * sat /scripts/test.sh
8. Run cron job to run on specific Months
To run cron jobs at 01:00 on the 1st day of the month on January, April, and June.
0 1 1 jan,apr,jun * /script/test.sh
9. Run cron job on selected days
To run cron jobs on selected days such as Saturday and Sunday, use:
0 4 * * sat,sun /script/test.sh
10. Run cron jobs at certain hours of the day
At minute 0 past every hour from 9 through 17
0 9-17 * * * /script/test.sh
11. Run cron job twice on every Saturday and Sunday
Cron jobs allow running tasks on specific hours on specific days
0 2,23 * * sat,sun /scripts/test.sh
12. Run cron job for a range of Monday to Friday
At 02:00 on every day-of-week from Monday through Friday.
0 2 * * mon-fri /scripts/test.sh
13. Run cron job monthly
Instead of using 0 0 1 * *, you can use shortcut using @monthly. It runs at 00:00 on the 1st day of month. Alternatively you can place your script under /etc/cron.monthly/.
@monthly /scripts/test.sh
14. Run cron job weekly
Instead of using 0 0 * * mon, you can use shortcut using @weekly. It runs at 00:00 on Monday. Alternatively you can place your script under /etc/cron.weekly/.
@weekly /scripts/test.sh
15. Run cron job daily
Instead of using 0 0 * * *, you can use shortcut using @daily. It runs at 00:00 every day. Alternatively you can place your script under /etc/cron.daily/.
@daily /scripts/test.sh
16. Run cron job hourly
Instead of using 0 */1 * * *, you can use shortcut using @hourly. It runs at 0 minutes past every hour. Alternatively you can place your script under /etc/cron.hourly/.
@hourly /scripts/test.sh
17. Run cron job on reboot
To run a task at every system reboot use @reboot string. The script will execute after rebooting.
@reboot /scripts/test.sh
18. Run cron job every 30 seconds
Cron only allows to run for a minimum of 60 seconds. There is no straightforward method to schedule a job to run every 30 seconds.
But we can use a work around by increasing the delay by 30 seconds.
Enabling stableconversationto your Apache net server is one of the first matterswhich youought to do even asplacing it up. This does now no longerought tovalue a fortune. As a count of fact, you couldtruelyacquire SSL/TLS certificate from Let’s Encrypt and also you do now no longerought to pay anything. Let’s Encrypt is a nonprofit initiative (courtesy: Internet Security Research Group) that pursuits to offerloosevirtualcertificate to allow HTTPS for web sites. In this tutorial, we are able todisplay you a way toallow HTTPS for Apache2 hosted web sitesjogging on Ubuntu 20.04.
Prerequisites
Apache2 hosted internet siterunning on Ubuntu 20.04
A user account with sudo capabilities
Install Certbot Snap
Put simply, snaps are self-contained apps that could run on more than one Linux distributions. The Certbot snap is a tool that automates the venture of acquiringloose SSL/TLS certificate from Let’s Encrypt. You handiestwant to run the Certbot deviceas soon asand you’llrevel inloose SSL/TLS certificate forever. Snap comes pre-mounted on Ubuntu 20.04. Firstly, run the instructionsbeneath to replace snapd that’s a historical pastsystem that manages snaps.
$ sudo snap install core
$ sudo snap refresh core
If applicable, run the subsequent command to dispose of any current certbot apps which can also additionallywereformerlyhooked upthe use of the apt or apt-get utility. This is to keep away from conflicts.
$ sudo apt remove certbot
After that, the Certbot snap may bewithout difficultyhooked up with the command below.
$ sudo snap install --classic certbot
To make sure that the certbot command works properly, create a symbolic hyperlink as follows.
$ sudo ln -s /snap/bin/certbot /usr/bin/certbot
Install Certificates from Let’s Encrypt
And right here comes the high-quality part. When you run the simple command below, you may get a certificates from Let’s Encrypt. In addition, Certbot will mechanicallyreplace your Apache configuration to permit HTTPS on your websites.
$ sudo certbot --apache
Once executed, you’ll be requested to offerprimarystatisticstogether with your e mailcope within whichcertificates renewal notices have to be despatched to. Most importantly, certbot will ask you to select the domains for that youwould really like to permit HTTPS.
After the Certbot device runs successfully, a message can be displayed indicating that HTTPS become enabled on yourdetailed domains.
Run the following command and you may see that certbot routinely created SSL configuration documents accordingly.
$ sudo ls /etc/apache2/sites-available
To take a look at the SSL configuration, go to your website in a web browser. If you notice a lock icon, the whole thing is in order.
Your certificatecould besaved in /etc/letsencrypt/live/yourdomain.com. Certbot will robotically renew your certificateearlier than they expire. Nevertheless, you could run the subsequent command to checkthe automated renewal process.
$ sudo certbot renew --dry-run
Conclusion
In this guide, we confirmedthe way tostable Apache with unfastened SSL/TLS certificate from Let’s Encrypt on Ubuntu 20.04. By the use of certbot, you couldrestconfident that HTTPS will continually be enabled to yourweb sites as you do now no longer even mustfearapproximatelyguide renewals.
During the troubleshooting of offeringsstrolling on a Linux system, checking open ports is one of theobligations any consumer or administrator have tobear in mind performing. If a carrier is predicted to be strollinghowever for a fewmotiveit is not, then maximumprobably the port related to that carrier is closed and have to be opened. In this tutorial, we are able toexhibit how to test open ports in a Linux from the command line.
Check open ports with the use of ss command
The Linux ss command offers you designated insights on open ports and listening sockets. It attractsfacts from the Linux kernel and is greaterfavored to the netstat command which has been deprecated.
$ ss -tl
Sample output
l – Shows listening sockets
t – Stands for TCP port
To display listening UDP connections, issue the command
$ ss -lu
Sample output
u – Stands for UDP port
or
To display both tcp and udp, process name
$ ss -lntup
p – List process name that opened sockets
To print out all socket connections, simply use the ss command in its default format
$ ss
Sample output
Check open ports using netstat command
The netstat command is a effective command devicethis is used for checking open TCP and UDP ports alongdifferent attributes. To take a look at open ports, difficulty the command:
$ netstat -pnltu
Let’s take a betterhave a take a observe the command options:
p – Displays the Procees ID related to a provider or Program name
n – Displays the numerical variety of the port walking e.g 3306 for mysqld, and 22 for sshd.
l – Shows listening sockets
t – Displays TCP connections
u – Displays UDP connections
Check open ports the usage of the lsof command
The lsof command is a community command toolthat also can be used to test open ports in a Linux system. To show open ports, difficulty the command
$ lsof -i
Sample output
If you wish to display open sockets, use the lsof command and pipe the output to grep as shown:
$ lsof -n -P | grep LISTEN
Sample output
To view all TCP connections execute :
$ lsof -i tcp
Sample output
To display all UDP connections run the command:
$ lsof -i udp
Sample output
Conclusion
Those are the linux instructions and equipment used for port scanning to test open ports in a Linux system. As always, your comments is most welcome. If you’ve got gotdifferentthoughts on how to test open ports, do get in contact with us.
open port linux, check open ports linux, ubuntu open port, linux list open ports, netstat, ss command, ss command linux, lsof command, lsof command linux, check if port is open linux, ubuntu check open ports, linux open port command, list ports in use linux
Lynis is an open-supply and depended onsafety auditing tool designed for Linux, macOS, and UNIX derivatives which include FreeBSD and OpenBSD. It is used for some offunctionswhich includessafety auditing, vulnerability detection, and compliance testing. The goal of leveraging an auditing devicewhich include Lynis is to probe and clear up any underlying safety vulnerabilities, and configuration mistakeswhich includesusceptibleconsumer account passwords or irrelevantdocument permissions that could compromise the gadget in face of an attack. In this tutorial, you’lldiscover ways toset up Lynis on Ubuntu 20.04. There are some ofmethods of putting in Lynis. You can set up from Ubuntu repositories the usage of the APT bundlesupervisor or from the legitnetwork repository.
Install the Lynis on Ubuntu
Granted, you mayinstall Lynis from Ubuntu repositories. However, this maynow no longercontinually get you the cutting-edgemodel. For example, on the time of scripting this guide, the cutting-edgemodel of Lynis is Lynis version 3.0.6. The model hosted at the Ubuntu repository is older because the command under confirms this.
$ apt-cache policy lynis
From the output, we will see that the present daymodel hosted at the Ubuntu repository is Lynis 2.6.2-1. If you desireto put in the present daymodel of Lynis, the qualitymethod is to put in it from the Offical Lynis Community repository. To attain this, first, update your system
$ sudo apt update
Next, download the signing key from the central keyserver:
Next, enable the Lynis community repository as follows:
$ echo "deb https://packages.cisofy.com/community/lynis/deb/ stable main" | sudo tee /etc/apt/sources.list.d/cisofy-lynis.list
With that done, refresh the system once more so that the system can be made aware of the newly added repository.
$ sudo apt update
Now proceed to the next step in order to install Lynis.
Finally, to install Lynis, use the following APT command:
$ sudo apt install Lynis
Once the installation is complete, verify the version of Lynis installed.
$ lynis show version
You can verify if there is an available update as follows:
$ lynis update info
If you’ve got got freshly mounted Lynis from its reliable repository, make sure thatthis cancontinually be updated as illustrated withinside the output.
Some of the Lynis Commands
Lynis is already installed. Let’s spare a fewsecondand notice how you could use the device to carry outa fewsafety auditing. To show the instructions that you could run the usage of Lynis, execute:
$ lynis show commands
Lynis additionally ships with a few audit profiles. A profile is synonymous with a configuration record that determines or spells out how a protection audit need to be carried out. The profiles are commonlydetermined in the /etc/lynis directory. To listing the audit profiles, run the command:
$ lynis show profiles
In addition, you can display Lynis settings as follows.
$ lynis show settings
Let’s Perform a Basic Audit
To perform a basic security audit of your system, run the command:
$ sudo lynis audit system
When this command is executed, Lynis probes the device and software program configuration for any capacity weaknesses or loopholes. Lynis then logs the audit statistics in the /var/log/lynis.log document and shops the audit file in the /var/log/lynis-file.dat document. Key regions that Lynis playsdevicetests on include:
Key regions that Lynis playsdevicetests on include:
Boot loader documents
Software applications
Configuration documents
Directories related to logging and auditing
During the device audit, you’reprobable to encounterunique auditing effects with key phrasesconsisting of Found, OK, Not Found, Suggestion, Warning, and so on.
Special interestmusttake delivery of to the machinetests that yield a “Warning” alert. Action must be taken to remedythe difficultydefined as this mayprobably undermine the safety of your machine. From our audit check, Lynis flagged an difficulty to do with domesticlisting permissions.
At the stop of the scan, you may be furnished with a precis of the audit that consists of warnings and pointers that you may take to harden the safety of your machine. Accompanying every thought is a URL that gives extra data approximately the thought that goals at enhancing or hardening your machine security.
Conclusion
As you’ve got got seen, it`s prettysmoothto put in Lynis and run audit reports. This gives much-wanted visibility to yourgadget and gives you key recommendationsto youryou mayenhance your server’s security. And it’s it! We desirewhich youobserved this manual insightful.
Tags:
lynis, lynis linux, lynis github, lynis ubuntu, lynis malware scanner, linux lynis, lynis scan, linux audit tool, lynis audit, cisofy lynis, linux security audit tool, lynis vulnerability scanner, lynis audit system remote
Docker Compose is an open-supplyfielddevice for running a multi-field Docker utility. Docker Compose makes use of a YAML syntax structure, this isnormally used for configuration documents and to outline and run field–primarily based totally applications. Compose additionallyguide to outline and configure utility‘s offerings in YAML format. The principalbenefit of Docker Compose is that you couldoutline a multi-fieldutilityin onesingle file, in an effort to spin up the utility with only asingle command which does want to be finished to get it jogging. With Compose you couldcontrol the entire lifecycle of utility: Managing offerings with start, stop, or rebuild View the popularity of runningservices Output the log of runningservices Run a one-off command on a service In this tutorial, we discover ways toset up Docker-compose on Ubuntu 20.04, and a way to run the sample-container app.
Install Docker Compose on Ubuntu
For successful installation of Docker Compose, need to have Docker installed on Ubuntu 20.04.
This command saves the file in: /usr/local/bin directory, under the name docker-compose.
Output:
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 633 100 633 0 0 5456 0 --:--:-- --:--:-- --:--:-- 5456
100 12.1M 100 12.1M 0 0 40.0M 0 --:--:-- --:--:-- --:--:-- 40.0M
Next, we need to change the file permission, making the downloaded file executable with the following command:
$ sudo chmod +x /usr/local/bin/docker-compose
Verify installation, and check Docker Compose version:
$ docker–compose –version
Output:
docker-compose version 1.29.2, build 5becea4c
Test Docker Compose with Sample Container
Create new directory for your sample container example:
$ mkdir docker-compose-test
Change directory that you just created:
$ cd docker-compose-test
From there, create a YAML configuration file:
$ sudo nano docker-compose.yaml
And copy the following configuration into docker-compose.yaml file that you just opened:
Docker-compose the use of folder callbecause theventurecall to prefix boxes and networks.
This created the box from the ubuntu picture, and run instructions that have beenparticularat the docker-compose.yaml.
Conclusion
In this tutorial, we discoveredthe way todeployation Docker-compose on Ubuntu 20.04, and the way to run the sample-box app. Docker-compose permits you to run more than one docker boxes on only aunmarried host, in case youwant to run more than oneboxes on more than one nodes, please check withanswerswhich include Kubernetes or Swarm.