adi-goldstein-EUsVwEOsblE-unsplash

How to Install and Set Up WireGuard VPN on Linux

by with No Comment CentOsDebianLinuxSecurityUbuntu

WireGuard is a relatively new VPN technology that is becoming increasingly popular for its simplicity, speed, and security. In this tutorial, we’ll guide you through the process of installing and setting up WireGuard VPN on your Linux machine.

Step 1: Check the Kernel Version Before you start

make sure that your Linux kernel is version 3.10 or higher, as WireGuard requires this to run. You can check your kernel version by typing the following command in your terminal:

uname -r

Step 2: Install WireGuard

WireGuard is available in most Linux distributions’ official repositories. To install it, type the following command in your terminal:

For Debian/Ubuntu based systems:

sudo apt-get install wireguard

For CentOS/RHEL based systems:

 yum install wireguard-tools

Step 3: Generate Public and Private Keys

WireGuard uses public-key cryptography to establish a secure connection. You’ll need to generate a pair of public and private keys for your VPN server and client. To generate them, type the following command in your terminal:

umask 077
wg genkey | tee privatekey | wg pubkey > publickey

This will generate a private key and a public key. Make sure to keep the private key safe, as it should only be known to you.

Step 4: Configure the VPN Server

Next, you’ll need to configure the VPN server. This involves creating a configuration file and setting up the network interface. Here’s an example configuration file:

[Interface]
PrivateKey = <server-private-key>
Address = 10.0.0.1/24
ListenPort = 51820

[Peer]
PublicKey = <client-public-key>
AllowedIPs = 10.0.0.2/32

Replace <server-private-key> with the private key you generated in Step 3, and <client-public-key> with the public key of the client you’ll be connecting to. You can add more [Peer] sections to allow more clients to connect.

Save this configuration file as /etc/wireguard/wg0.conf, and then start the WireGuard service by typing:

sudo systemctl start wg-quick@wg0
sudo systemctl enable wg-quick@wg0

Step 5: Configure the VPN Client

To connect to the VPN server, you’ll need to configure the client. This involves creating a configuration file similar to the server’s configuration file. Here’s an example:

makefileCopy code[Interface]
PrivateKey = <client-private-key>
Address = 10.0.0.2/24

[Peer]
PublicKey = <server-public-key>
Endpoint = <server-ip>:51820
AllowedIPs = 0.0.0.0/0

Replace <client-private-key> with the private key you generated in Step 3, <server-public-key> with the public key of the server, and <server-ip> with the IP address of the server.

Save this configuration file as /etc/wireguard/wg0.conf, and then start the WireGuard service by typing:

sudo systemctl start wg-quick@wg0
sudo systemctl enable wg-quick@wg0

That’s it! You should now be able to connect to your WireGuard VPN server. You can check the status of your VPN connection by typing:

sudo wg show

In this tutorial, we’ve covered the basics of installing and setting up WireGuard VPN on Linux. With its simplicity, speed, and security, WireGuard is

sigmund-AxAPuIRWHGk-unsplash

Top 5 tools to Remote Access in Linux

by with No Comment CentOsDebianSecurityUbuntu

In this tutorial, I will display you tools that permit you to get right of entry to faraway Desktop on machines strolling CentOS/RHEL. All those apps work in client-server mode. So you want to run a server-aspect app for your faraway machine and after that, you may be capin a position to connect to it from everywhere in the world. Of course on this reference manual, I will inform you a way to configure this securely, so most effective you could get right of entry to your server. Before we begin, you’ll want SSH access on your server and permissions to put in the software. You will want to login as the root user or user with the sudo privileges. All instructions will work on each CentOS server 5/6/7/8. Before we start, you want to put in desktop surroundings on your server.

1) VNC

x11vnc – simplest of these three methods to get remote access. VNC stands for Virtual Network Computing) is a very useful network graphics protocol.

You need to enable EPEL (Extra Packages for Enterprise Linux) repository. Run

# yum -y install epel-release

Now we can install x11vnc. This command will install server and solve all dependencies:

# yum -y install x11vnc

Then we will protect server with password:

# x11vnc -storepasswd

Enter VNC password:

Verify password:

Write password to /root/.vnc/passwd? [y]/n y

Password written to: /root/.vnc/passwd

!Do not use simple passwords!

We are now ready to start server:

# x11vnc --reopen --forever -rfbauth ~/.vncpasswd &

You can check if servers started:

# netstat -an | grep 5900

tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN

tcp6 0 0 :::5900 :::* LISTEN

If it is ok, simply try to connect to it using vncviewer.

# yum -y install vnc
# vncviewer YOUR_SERVER_IP

That’s all! Now you have access to your desktop. After reboot just ssh again and do it again.

x11vnc --reopen --forever -rfbauth ~/.vnc/passwd &

2) TigerVNC server

TigerVNC – is a high-performance, platform-neutral implementation of VNC

# yum install -y tigervnc-server

Let’s copy example config and edit it:

# cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:1.service
# vi /etc/systemd/system/vncserver@:1.service

Example of config:

[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target
Requires=systemd-logind.service

[Service]
Type=oneshot
RemainAfterExit=yes

# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/usr/sbin/runuser -l USERNAME -c "/usr/bin/vncserver %i"
ExecStop=/usr/sbin/runuser USERNAME -c '/usr/bin/vncserver -kill %i'

[Install]
WantedBy=multi-user.target

NOTE: You must change the USERNAME in the above config if you’ll use the same VNC setup. This is the configuration we used for this tutorial.

Now we must run vncpasswd command to setup our access password, and/or view-only password (a password that allows the user to only view the remote screen):

# vncpasswd 
Password:
Verify:
Would you like to enter a view-only password (y/n)? n
A view-only password is not used

Now enable autostart service and restart it:

$ systemctl enable vncserver@:1.service
$ systemctl restart vncserver@:1.service

You can check the vnc service status by typing:

$ systemctl status vncserver@:1.service

If everything went ok, you should have similar terminal output to this:

$ systemctl status vncserver@:1.service
● vncserver@:1.service - Remote desktop service (VNC)
   Loaded: loaded (/etc/systemd/system/vncserver@:1.service; enabled; vendor preset: disabled)
   Active: active (exited) since Wed 2020-09-30 22:04:47 CEST; 7s ago
  Process: 3766 ExecStart=/usr/sbin/runuser -l slax -c /usr/bin/vncserver %i (code=exited, status=0/SUCCESS)
  Process: 3761 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill %i > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
 Main PID: 3766 (code=exited, status=0/SUCCESS)

Sep 30 22:04:44 localhost.localdomain systemd[1]: Starting Remote desktop service (VNC)...
Sep 30 22:04:47 localhost.localdomain systemd[1]: Started Remote desktop service (VNC).

And finally connect to it:

# vncviewer YOUR_SERVER_IP

3) XRDP

XRDP is an Open Source Remote desktop Protocol server. In order to use XRDP you need to have VNC service already installed. So you should follow the first or second option from this tutorial prior to XRDP installation.

First of all we need to install EPEL repository and xrdp server:

# yum -y install epel-release
# yum -y install xrdp

Now let’s start service:

# systemctl start xrdp.service

Check if its running, and add it to autostart.

# netstat -an | grep 3389 
tcp 0 0 0.0.0.0:3389 0.0.0.0:* LISTEN
# systemctl enable xrdp.service

Thats all. Now you can connect to your server from any Windows machine.

4) Teamviewer

Teamviewer does not exist in standard repos, so we need to install wget and download TeamViewer rpm package

# yum -y install wget
# wget https://download.teamviewer.com/download/linux/teamviewer.x86_64.rpm

Install it using this command:

# yum install teamviewer.x86_64.rpm

And set your password:

# teamviewer passwd YOUR_PASSWORD
ok
# systemctl start teamviewerd.service

Now you only need to get your id to connect:

# teamviewer –info
TeamViewer ID: 9XXXXXXX7

Try to connect to it using this id and password you set before:

5) FreeNX

FreeNX is a Remote Access solution based on enterprise-class open source technologies by NoMachine. If you want exactly this tool to get remote access, you may consider upgrading to cloud version.

First of all we need to add e EPEL + nux-dextop repositories, for Centos 6:

# rpm -Uvh https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# rpm -Uvh http://li.nux.ro/download/nux/dextop/el6/x86_64/nux-dextop-release-0-2.el6.nux.noarch.rpm

For Centos 7

# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm

Install server and agent:

# yum install freenx-server nxagent

Enable passdb authentication:

# echo 'ENABLE_PASSDB_AUTHENTICATION="1"' >> /etc/nxserver/node.conf

Now we need to create user for remote access and assign password for him:

# /usr/libexec/nx/nxserver --adduser bob 
NX> 100 NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: not detected)
NX> 1000 NXNODE - Version 3.2.0-74-SVN OS (GPL, using backend: not detected)
NX> 716 Public key added to: /home/bob/.ssh/authorized_keys2
NX> 1001 Bye.
NX> 999 Bye

#/usr/libexec/nx/nxserver --passwd bob 
NX> 100 NXSERVER - Version 3.2.0-74-SVN OS (GPL, using backend: not detected)
New password:
Password changed.
NX> 999 Bye

Now we will install epel-repos and opennx client on your machine:

# yum install opennx

After beginning opennx wizard you’ll be requested approximately the consultation name, server address, and port. Most essential component is to installation your key. You’ll want to replicate the important thing from server’s /etc/nxserver/client.id_dsa.key and paste it into the overall tab of your client session properties. Please share your remarks in this educational and allow us to recognise in case you are privy to some other tools.

Tags:

rdp linux, xrdp ubuntu, linux remote desktop client, remote access in linux, linux rdp client, gnome remote desktop, linux rdp server
bckuprsync-script

Create a Shell Script to Backup Files and Directories Using rsync

by with 4 Comments CloudDebianSecurityUbuntu

This article we deliver shell scripts to backup your documents and directories from you nearby Linux system to a faraway Linux server the use of rsync command. This could be an interactive manner to carry out backup, in which you want to offer faraway backup server hostname/ip deal with and folder location. We maintain a separate report in which you want to offer documents and directories that want backup. We have brought scripts in which first script ask password after every report have been copied (when you have enabled ssh authentication keys , then password might be now no longer be asked) and in 2d script password might be precipitated most effective once. We are going to backup bckup.txt, dataconfig.txt, docs and oracledb.

[root@Fedora21 tmp]# ls -l
total 12
-rw-r–r–. 1 root root 0 May 15 10:43 bckrsync.sh
-rw-r–r–. 1 root root 0 May 15 10:44 bckup.txt
-rw-r–r–. 1 root root 0 May 15 10:46 dataconfig.txt
drwxr-xr-x. 2 root root 4096 May 15 10:45 docs
drwxr-xr-x. 2 root root 4096 May 15 10:44 oracledb

This file contains backup files / dir details

[root@Fedora21 tmp]# cat /tmp/bckup.txt
/tmp/oracledb
/tmp/dataconfig.txt
/tmp/docs
[root@Fedora21 tmp]#

Script 1 :

#!/bin/bash

#We will save path to backup file in variable
backupf='/tmp/bckup.txt'

#Next line just prints message
echo "Shell Script Backup Your Files / Directories Using rsync"

#next line check if entered value is not null, and if null it will reask user to enter Destination Server
while [ x$desthost = "x" ]; do

#next line prints what userd should enter, and stores entered value to variable with name desthost
read -p "Destination backup Server : " desthost

#next line finishes while loop
done

#next line check if entered value is not null, and if null it will reask user to enter Destination Path
while [ x$destpath = "x" ]; do

#next line prints what userd should enter, and stores entered value to variable with name destpath
read -p "Destination Folder : " destpath

#next line finishes while loop
done

#Next line will start reading backup file line by line
for line in `cat $backupf`

#and on each line will execute next
do

#print message that file/dir will be copied
echo "Copying $line ... "
#copy via rsync file/dir to destination

rsync -ar "$line" "$desthost":"$destpath"

#this line just print done
echo "DONE"

#end of reading backup file
done

Running the script with output

[root@Fedora21 tmp]# ./bckrsync.sh
Shell Script Backup Your Files / Directories Using rsync
Destination backup Server : 104.*.*.41
Destination Folder : /tmp
Copying /tmp/oracledb ...
The authenticity of host '104.*.*.41 (104.*.*.41)' can't be established.
ECDSA key fingerprint is 96:11:61:17:7f:fa:......
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '104.*.*.41' (ECDSA) to the list of known hosts.
root@104.*.*.41's password:
DONE
Copying /tmp/dataconfig.txt ...
root@104.*.*.41's password:
DONE
Copying /tmp/docs ...
root@104.*.*.41's password:
DONE
[root@Fedora21 tmp]#

Script 2 :

#!/bin/bash

#We will save path to backup file in variable
backupf='/tmp/bckup.txt'

#Next line just prints message
echo "Shell Script Backup Your Files / Directories Using rsync"

#next line check if entered value is not null, and if null it will reask user to enter Destination Server
while [ x$desthost = "x" ]; do

#next line prints what userd should enter, and stores entered value to variable with name desthost
read -p "Destination backup Server : " desthost

#next line finishes while loop
done

#next line check if entered value is not null, and if null it will reask user to enter Destination Path
while [ x$destpath = "x" ]; do

#next line prints what userd should enter, and stores entered value to variable with name destpath
read -p "Destination Folder : " destpath

#next line finishes while loop
done

#next line check if entered value is not null, and if null it will reask user to enter password
while [ x$password = "x" ]; do
#next line prints what userd should enter, and stores entered value to variable with name password. #To hide password we are using -s key
read -sp "Password : " password
#next line finishes while loop
done

#Next line will start reading backup file line by line
for line in `cat $backupf`

#and on each line will execute next
do

#print message that file/dir will be copied
echo "Copying $line ... "
#we will use expect tool to enter password inside script
/usr/bin/expect << EOD
#next line set timeout to -1, recommended to use
set timeout -1
#copy via rsync file/dir to destination, using part of expect — spawn command

spawn rsync -ar ${line} ${desthost}:${destpath}
#as result of previous command we expect “password” promtp
expect "*?assword:*"
#next command enters password from script
send "${password}\r"
#next command tells that we expect end of file (everything finished on remote server)
expect eof
#end of expect pard
EOD
#this line just print done
echo "DONE"

#end of reading backup file
done

Screenshot running the second script with output

Tags:

rsync, rsync linux, rsync ssh, rsync over ssh, rsync remote to local, linux rsync examples, bash script, shell script, bash in linux, linux script
stephen-phillips-hostreviews-co-uk-2kH-6T6x_0I-unsplash

How to setup a Free SSL in Apache Ubuntu 20.04

by with No Comment DebianSecurityUbuntu

Enabling stable conversation to your Apache net server is one of the first matters which you ought to do even as placing it up. This does now no longer ought to value a fortune. As a count of fact, you could truely acquire SSL/TLS certificate from Let’s Encrypt and also you do now no longer ought to pay anything. Let’s Encrypt is a nonprofit initiative (courtesy: Internet Security Research Group) that pursuits to offer loose virtual certificate to allow HTTPS for web sites. In this tutorial, we are able to display you a way to allow HTTPS for Apache2 hosted web sites jogging on Ubuntu 20.04.

Prerequisites

  • Apache2 hosted internet site running on Ubuntu 20.04
  • A user account with sudo capabilities

Install Certbot Snap

Put simply, snaps are self-contained apps that could run on more than one Linux distributions. The Certbot snap is a tool that automates the venture of acquiring loose SSL/TLS certificate from Let’s Encrypt. You handiest want to run the Certbot device as soon as and you’ll revel in loose SSL/TLS certificate forever. Snap comes pre-mounted on Ubuntu 20.04. Firstly, run the instructions beneath to replace snapd that’s a historical past system that manages snaps.

$ sudo snap install core
$ sudo snap refresh core

If applicable, run the subsequent command to dispose of any current certbot apps which can also additionally were formerly hooked up the use of the apt or apt-get utility. This is to keep away from conflicts.

$ sudo apt remove certbot

After that, the Certbot snap may be without difficulty hooked up with the command below.

$ sudo snap install --classic certbot

To make sure that the certbot command works properly, create a symbolic hyperlink as follows.

$ sudo ln -s /snap/bin/certbot /usr/bin/certbot

Install Certificates from Let’s Encrypt

And right here comes the high-quality part. When you run the simple command below, you may get a certificates from Let’s Encrypt. In addition, Certbot will mechanically replace your Apache configuration to permit HTTPS on your websites.

$ sudo certbot --apache

Once executed, you’ll be requested to offer primary statistics together with your e mail cope with in which certificates renewal notices have to be despatched to. Most importantly, certbot will ask you to select the domains for that you would really like to permit HTTPS.

After the Certbot device runs successfully, a message can be displayed indicating that HTTPS become enabled on your detailed domains.


Run the following command and you may see that certbot routinely created SSL configuration documents accordingly.

$ sudo ls /etc/apache2/sites-available

To take a look at the SSL configuration, go to your website in a web browser. If you notice a lock icon, the whole thing is in order.

Also Read: How to find when a Linux file is created (Super Geeky Stuff)

How to create your own Minecraft Server

How to setup PhpPgAdmin in CentOS

How to Renew Let’s Encrypt Certificates

Your certificate could be saved in /etc/letsencrypt/live/yourdomain.com. Certbot will robotically renew your certificate earlier than they expire. Nevertheless, you could run the subsequent command to check the automated renewal process.

$ sudo certbot renew --dry-run

Conclusion

In this guide, we confirmed the way to stable Apache with unfastened SSL/TLS certificate from Let’s Encrypt on Ubuntu 20.04. By the use of certbot, you could rest confident that HTTPS will continually be enabled to your web sites as you do now no longer even must fear approximately guide renewals.

Tags:

free ssl certificate, free ssl, free ssl cert, let’s encrypt ssl, lets encrypt ssl, free ssl certificate generator, free ssl certificate for website, free certificate authority, free certificate https,free ssl certificate 1 year, generate free certificate
sai-kiran-anagani-Tjbk79TARiE-unsplash

How to Check Open Ports in Linux

by with 2 Comments DebianSecurityUbuntu

During the troubleshooting of offerings strolling on a Linux system, checking open ports is one of the obligations any consumer or administrator have to bear in mind performing. If a carrier is predicted to be strolling however for a few motive it is not, then maximum probably the port related to that carrier is closed and have to be opened. In this tutorial, we are able to exhibit how to test open ports in a Linux from the command line.

Check open ports with the use of ss command

The Linux ss command offers you designated insights on open ports and listening sockets. It attracts facts from the Linux kernel and is greater favored to the netstat command which has been deprecated.

$ ss -tl

Sample output

l – Shows listening sockets

t – Stands for TCP port

To display listening  UDP connections, issue the command

$ ss -lu

Sample output

u – Stands for UDP port

or

To display both tcp and udp, process name

$ ss -lntup

p – List process name that opened sockets

To print out all socket connections, simply use the ss command in its default format

$ ss

Sample output

Check open ports using netstat command

The netstat command is a effective command device this is used for checking open TCP and UDP ports along different attributes. To take a look at open ports, difficulty the command:

$ netstat -pnltu


Let’s take a better have a take a observe the command options:

p – Displays the Procees ID related to a provider or Program name

n – Displays the numerical variety of the port walking e.g 3306 for mysqld, and 22 for sshd.

l – Shows listening sockets

t – Displays TCP connections

u – Displays UDP connections

Check open ports the usage of the lsof command

The lsof command is a community command toolthat also can be used to test open ports in a Linux system. To show open ports, difficulty the command

$ lsof -i

Sample output

If you wish to display open sockets, use the lsof command and pipe the output to grep as shown:

$ lsof -n -P | grep LISTEN

Sample output

To view all TCP connections execute :

$ lsof -i tcp

Sample output

To display all UDP  connections run the command:

$ lsof -i udp

Sample output

Conclusion

Those are the linux instructions and equipment used for port scanning to test open ports in a Linux system. As always, your comments is most welcome. If you’ve got got different thoughts on how to test open ports, do get in contact with us.

Also Read : How to install Lynis Security Auditing tool in Ubuntu

How to setup Docker-Compose in Ubuntu 20.04

How to find when a Linux file is created (Super Geeky Stuff)

Tags:

open port linux, check open ports linux, ubuntu open port, linux list open ports, netstat, ss command, ss command linux, lsof command, lsof command linux, check if port is open linux, ubuntu check open ports, linux open port command, list ports in use linux
mika-baumeister-J5yoGZLdpSI-unsplash

How to install Lynis Security Auditing tool in Ubuntu

by with One Comment DebianSecurityUbuntu

Lynis is an open-supply and depended on safety auditing tool designed for Linux, macOS, and UNIX derivatives which include FreeBSD and OpenBSD. It is used for some of functions which includes safety auditing, vulnerability detection, and compliance testing. The goal of leveraging an auditing device which include Lynis is to probe and clear up any underlying safety vulnerabilities, and configuration mistakes which include susceptible consumer account passwords or irrelevant document permissions that could compromise the gadget in face of an attack. In this tutorial, you’ll discover ways to set up Lynis on Ubuntu 20.04. There are some of methods of putting in Lynis. You can set up from Ubuntu repositories the usage of the APT bundle supervisor or from the legit network repository.

Install the Lynis on Ubuntu

Granted, you may install Lynis from Ubuntu repositories. However, this may now no longer continually get you the cutting-edge model. For example, on the time of scripting this guide, the cutting-edge model of Lynis is Lynis version 3.0.6. The model hosted at the Ubuntu repository is older because the command under confirms this.

$ apt-cache policy lynis

From the output, we will see that the present day model hosted at the Ubuntu repository is Lynis 2.6.2-1. If you desire to put in the present day model of Lynis, the quality method is to put in it from the Offical Lynis Community repository. To attain this, first, update your system

$ sudo apt update

Next, download the signing key from the central keyserver:

$ wget -O - https://packages.cisofy.com/keys/cisofy-software-public.key | sudo apt-key add -

Next, enable the Lynis community repository as follows:

$ echo "deb https://packages.cisofy.com/community/lynis/deb/ stable main" | sudo tee /etc/apt/sources.list.d/cisofy-lynis.list

With that done, refresh the system once more so that the system can be made aware of the newly added repository.

$ sudo apt update

Now proceed to the next step in order to install Lynis.

Finally, to install Lynis, use the following APT command:

$ sudo apt install Lynis

Once the installation is complete, verify the version of Lynis installed.

$ lynis show version

You can verify if there is an available update as follows:

$ lynis update info

If you’ve got got freshly mounted Lynis from its reliable repository, make sure that this can continually be updated as illustrated withinside the output.

Some of the Lynis Commands

Lynis is already installed. Let’s spare a few second and notice how you could use the device to carry out a few safety auditing. To show the instructions that you could run the usage of Lynis, execute:

$ lynis show commands

Lynis additionally ships with a few audit profiles. A profile is synonymous with a configuration record that determines or spells out how a protection audit need to be carried out. The profiles are commonly determined in the /etc/lynis directory. To listing the audit profiles, run the command:

$ lynis show profiles

In addition, you can display Lynis settings as follows.

 $ lynis show settings

Let’s Perform a Basic Audit

To perform a basic security audit of your system, run the command:

$ sudo lynis audit system

When this command is executed, Lynis probes the device and software program configuration for any capacity weaknesses or loopholes. Lynis then logs the audit statistics in the /var/log/lynis.log document and shops the audit file in the /var/log/lynis-file.dat document. Key regions that Lynis plays device tests on include:

Key regions that Lynis plays device tests on include:

Boot loader documents

Software applications

Configuration documents

Directories related to logging and auditing

During the device audit, you’re probable to encounter unique auditing effects with key phrases consisting of Found, OK, Not Found, Suggestion, Warning, and so on.

Special interest must take delivery of to the machine tests that yield a “Warning” alert. Action must be taken to remedy the difficulty defined as this may probably undermine the safety of your machine. From our audit check, Lynis flagged an difficulty to do with domestic listing permissions.

At the stop of the scan, you may be furnished with a precis of the audit that consists of warnings and pointers that you may take to harden the safety of your machine. Accompanying every thought is a URL that gives extra data approximately the thought that goals at enhancing or hardening your machine security.

Conclusion

As you’ve got got seen, it`s pretty smooth to put in Lynis and run audit reports. This gives much-wanted visibility to your gadget and gives you key recommendations to your you may enhance your server’s security. And it’s it! We desire which you observed this manual insightful.

Tags:

lynis, lynis linux, lynis github, lynis ubuntu, lynis malware scanner, linux lynis, lynis scan, linux audit tool, lynis audit, cisofy lynis, linux security audit tool, lynis vulnerability scanner, lynis audit system remote
nicholas-cappello-Wb63zqJ5gnE-unsplash

How to setup Munin monitoring system in CentOs

by with No Comment CentOsCloudSecurity

Hello Everybody! Welcome to our today’s article on one the maximum extensively used, freed from fee and Open Source Munin Network Resource Monitoring System. Its a perl software program utility assist you to tracking your every and each asset that continues document of it and sends you the important signals of offerings on your servers, switches, applications, and any every other gadgets linked on your community whether or not its your computers, community, garage or the entire IT infrastructure. It suggests all of the data in graphs via an internet interface that emphasis on plug and play capabilities. Munin has a grasp/node structure wherein the grasp connects to all of the nodes at ordinary durations and asks them for data, then stores the data in RRD documents to updates the graphs if needed. So, after finishing its set up a excessive wide variety of tracking plugins could be playing without a greater effort.

Prerequisites

Your structures hardware assets depends upon your very own necessities at the same time as in this newsletter we are able to be the use of the subsequent device aid for Munin set up on CentOS 7.

System Resources
Munin VersionMunin 2.0.25
Base OSCentOS Linux 7 (Core), 64-bit
RAM4 GB
CPU2.0 GHZ
Hard Disk30 G

Munin set up setup calls for the fundamental net server applications to be established at the server. So, after fundamental networking setup configure your hostname, IP deal with and firewall settings through preserving SELinux into permissive mode. Then begin putting in applications through replace your system first and permitting EPEL repository on it the usage of under commands.

# yum install epel-release
# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
# yum update

You may be requested to press “Y” key and hit Enter to continue for putting in all required updates. Once the updates are efficiently hooked up to your machine then continue to the set up of Apache Web server.

Setup Apache Web Server

To setup your Apache net server, we want to begin with the aid of using putting in its bundle the use of the below ‘yum’ command.

# yum install httpd

Upon of of entirety of programs installation, begin and allow its carrier and test that its lively and enabled the usage of the subsequent instructions respectively.

# systemctl enable httpd
# systemctl start httpd
# systemctl status httpd

Installing Munin monitoring system

We can set up Munin and Munin Node the use of the below ‘yum’ command via its to be had repository on CentOS 7 as shown.

# yum install munin munin-node

Hit “Y” plus Enter key to begin set up of Munin and Munin Noe consisting of a big range its required dependencies. Once the set up is complete, begin its service and permit it at auto begin throughout reboot with the aid of using the use of the subsequent commands.

Configure Munin

Now configure Munin via way of means of open its default configuration the use of any editor as utilized in beneath command.

# vim /etc/munin/munin.conf

# a simple host tree, change localhost with your FQDN.

[localhost]
address 127.0.0.1
use_node_name yes
:wq!

After saving the Munin configuration document, Open its apache digital host configuration document to feature get admission to permissions on your network.

# vim /etc/httpd/conf.d/munin.conf

After saving the configuration record changes , restart apache internet server service the usage of command below.

# systemctl restart httpd

Now we’re going to upload a brand new person and password to the /etc/munin/munin-htpasswd record because the Munin facts are included with a username and password, so we want to setup the simple Apache Authentication.

# htpasswd -c /etc/munin/munin-htpasswd admin

This will upload a brand new person with the name “admin” and asks for the brand new password as shown.

# vi /etc/munin/munin-node.conf

host_name munin.clinerds.com

Save and near the report and restart munin-node offerings and get admission to the subsequent hyperlink via way of means of mentioning your FQDN or IP from the customer that is for your community that changed into allowed in configuration report. http://your_servers_IP/munin

Welcome to Munin Web Console

Here is the Munin dashboard, now you can check the graphs of your required servers.

We can customise Munin dashboard via way of means of including one of a kind to be had plugins and upload more than one node to it. While the use of its internet console we’ve got alternatives to create more than one companies and classes consistent with the desired organization of services. You can test and notice the popularity of your vital provider via way of means of establishing its graph from the Munin internet console with a purpose to display you the modern and beyond facts from its maintained hostory as proven in beneath image.

Conclusion

Munin installation has been setup. We desire you’ve got got loved studying this article. The set up of Munin is pretty simple, now in reality upload the purchaser node and begin tracking your entire IT infrastructure the usage of this superb device without paying any charges. Now revel in the usage of Munin in your surroundings and sense unfastened to proportion your mind or tips in comments section.

Tags:

munin, munin linux, munin ubuntu, munin github, munin cron, munin mysql, munin apache, munin centos 7, munin centos 8, centos munin, munin ping, munin node centos
kevin-horvat-Pyjp2zmxuLk-unsplash

How to find when a Linux file is created (Super Geeky Stuff)

by with One Comment DebianSecurityUbuntu

In Linux systems, the whole lot is dealt with like a document and essential metadata approximately a document consisting of the advent and modification date are saved in inodes. In this tutorial, we can display you the way to locate document creation time with the usage of debugfs command.

Find file creation time

To get the advent time, you first want to locate the inode quantity of the goal document by using the stat command. The stat command is a command-line tool used to print distinct statistics about a document‘s metadata such as:

  • File size
  • Inode quantity
  • UID & GID of the document
  • I/O Block Access,
  • change and extrade times

You can use the stat command in its primary shape to test the inode quantity of the document the use of the syntax:

$ stat filename

For example:

$ stat file1.txt

The command offers us the inode variety of the file ‘file1.txt’ as 1078474. To bypass all of the different records and simply show the inode variety alone, use the syntax:

$ stat -c %i file_name

For example:

$ stat -c %i file1.txt

Once you’ve got got the inode number, you may continue to effortlessly get the document introduction time the use of the debugfs command the use of the syntax shown:

$  sudo debugfs -R 'stat <inode number>' DEVICE

The DEVICE represents the block tool wherein your document is living for example /dev/sda1, /dev/sda2 etc. To take a look at the block tool run the command:

$ lsblk

Using the inode variety we were given earlier on, the command will consequently be:

$  sudo debugfs -R 'stat <1078474>' /dev/sda

The advent time is prefixed through the directive crtime: as proven withinside the output above. We can see that the record became created at the 13th Fri December 2019 at 01:39:18 hrs. Alternatively, rather than specifying the inode number, you may pass the overall direction to the record as shown:

$  sudo debugfs -R 'stat /home/winnie/file1.txt' /dev/sda1

The above command will yield the equal effects as while you are the usage of the inode number.

Conclusion

And this wraps up this tutorial, hoping Linux might have a simple command to discover record advent time. Here we’ve got used debugfs command to test the advent time of a record.

Tags:

debugfs, debugfs linux, mount debugfs, linux find file, date time, linux time, ubuntu, debian, security