Archive

Articles taggués ‘Ubuntu’

How can I find out if a specific program is installed?

19/01/2021 Aucun commentaire

there’s always apt-cache policy <package-name> (no sudo needed).

Not installed:

olivier@neews:/$ apt-cache policy gnuift
 gnuift:
   Installed: (none)
   Candidate: 0.1.14-11
   Version table:
      0.1.14-11 0
         500 http://archive.ubuntu.com/ubuntu/ oneiric/universe amd64 Packages

Installed:

olivier@neews:/$ apt-cache policy firefox
 firefox:
   Installed: 8.0+build1-0ubuntu0.11.10.3
   Candidate: 8.0+build1-0ubuntu0.11.10.3
   Version table:
  *** 8.0+build1-0ubuntu0.11.10.3 0
         500 http://archive.ubuntu.com/ubuntu/ oneiric-updates/main amd64 Packages
         500 http://archive.ubuntu.com/ubuntu/ oneiric-security/main amd64 Packages
         100 /var/lib/dpkg/status
      7.0.1+build1+nobinonly-0ubuntu2 0
         500 http://archive.ubuntu.com/ubuntu/ oneiric/main amd64 Packages

Or dpkg: dpkg -l | grep -E '^ii' | grep <package name>. When it’s not installed it won’t show output. When it is, it’ll show something like:

olivier@neews:~$ dpkg -l | grep -E '^ii' | grep firefox
 ii  firefox                                                     8.0+build1-0ubuntu0.11.10.3                            Safe and easy web browser from Mozilla
 ii  firefox-branding                                            8.0+build1-0ubuntu0.11.10.3                            Safe and easy web browser from Mozilla - transitional package
 ii  firefox-globalmenu                                          8.0+build1-0ubuntu0.11.10.3                            Unity appmenu integration for Firefox
 ii  firefox-gnome-support                                       8.0+build1-0ubuntu0.11.10.3                            Safe and easy web browser from Mozilla - GNOME support
 ii  firefox-locale-en                                           8.0+build1-0ubuntu0.11.10.3                            English language pack for Firefox
It's obviously a fuzzier search but handy if you're not sure which package you're looking for.
 
 For manually installed things...
 
 A bit harder but if they're on the current path, you could just run them. That's a bit of mission so I'd rather just run:
 
 oli@bert:/$ which chromium-browser
 /usr/bin/chromium-browser

And:

oli@bert:/$ which gnuift
# returns nothing

Which is better?

That depends on the sanity of user. There’s nothing to stop somebody installing something called chromium-browser that isn’t Chromium. They could even package it up incorrectly and install that. Neither method can be 100% certain.

But assuming the owner is sane – packages should be good enough for most people.

Categories: Système Tags: , , ,

How do I replicate installed package selections from one Debian system to another? (Debian Wheezy)

18/01/2021 Aucun commentaire

To clone a Debian installation, use the apt-clone utility. It’s available (as a separate package, not part of the default installation) in Debian since wheezy and in Ubuntu since 12.04. On the existing machine, run

apt-clone clone foo

This creates a file foo.apt-clone.tar.gz. Copy it to the destination machine, and run

apt-get install apt-clone
apt-clone restore foo.apt-clone.tar.gz

If you’re working with an old system where apt-clone isn’t available, or if you just want to replicate the list of installed packages but not any configuration file, here are the manual steps.

  • On the source machine:
cat /etc/apt/sources.list /etc/apt/sources.list.d >sources.list
pkg --get-selections >selections.list
apt-mark auto >auto.list
  • On the target machine:
cp sources.list /etc/apt/
apt-get update
/usr/lib/dpkg/methods/apt/update /var/lib/dpkg/
dpkg --set-selections <selections.list
apt-get dselect-upgrade
xargs apt-mark auto <auto.list

I believe that you’re affected by an incompatible change in dpkg that first made it into wheezy. See bug #703092 for background.

The short story is that dpkg --set-selections now only accepts package names that are present in the file /var/lib/dpkg/status or /var/lib/dpkg/available. If you only use APT to manage packages, like most people, then /var/lib/dpkg/available is not kept up-to-date.

After running apt-get update and before running dpkg --set-selections and apt-get -u dselect-upgrade, run the following command:

apt-cache dumpavail >/tmp/apt.avail
dpkg --merge-avail /tmp/apt.avail

From jessie onwards, you can simplify this to

apt-cache dumpavail | dpkg --merge-avail

Alternatively, run

/usr/lib/dpkg/methods/apt/update /var/lib/dpkg/

or even simpler

apt-get install dctrl-tools
sync-available

Another simple method that doesn’t require installing an additional package but will download the package lists again is

dselect update

See the dpkg FAQ for more information. (This is mentioned in the dpkg man page, but more in a way that would remind you of the issue if you were already aware, not in a way that explains how to solve the problem!)

Note that cloning a package installation with dpkg --set-selections doesn’t restore the automatic/manual mark in APT. See Restoring all data and dependencies from dpkg –set-selections ‘*’ for more details. You can save the marks on the source system with

apt-mark showauto >auto.list

and restore them on the target system with

xargs apt-mark auto <auto.list
Categories: Système Tags: , ,

How To Secure Nginx with Let’s Encrypt on Ubuntu 14.04

09/01/2021 Aucun commentaire

Introduction

nginx lets encrypt ubuntuLet’s Encrypt is a new Certificate Authority (CA) that provides an easy way to obtain and install free TLS/SSL certificates, thereby enabling encrypted HTTPS on web servers. It simplifies the process by providing a software client, letsencrypt, that attempts to automate most (if not all) of the required steps. Currently, as Let’s Encrypt is still in open beta, the entire process of obtaining and installing a certificate is fully automated only on Apache web servers. However, Let’s Encrypt can be used to easily obtain a free SSL certificate, which can be installed manually, regardless of your choice of web server software.

In this tutorial, we will show you how to use Let’s Encrypt to obtain a free SSL certificate and use it with Nginx on Ubuntu 14.04. We will also show you how to automatically renew your SSL certificate. If you’re running a different web server, simply follow your web server’s documentation to learn how to use the certificate with your setup.

Nginx with Let's Encrypt TLS/SSL Certificate and Auto-renewal

 

Prerequisites

Before following this tutorial, you’ll need a few things.

You should have an Ubuntu 14.04 server with a non-root user who has sudo privileges. You can learn how to set up such a user account by following steps 1-3 in our initial server setup for Ubuntu 14.04 tutorial.

You must own or control the registered domain name that you wish to use the certificate with. If you do not already have a registered domain name, you may register one with one of the many domain name registrars out there (e.g. Namecheap, GoDaddy, etc.).

If you haven’t already, be sure to create an A Record that points your domain to the public IP address of your server. This is required because of how Let’s Encrypt validates that you own the domain it is issuing a certificate for. For example, if you want to obtain a certificate for example.com, that domain must resolve to your server for the validation process to work. Our setup will use example.com and www.example.com as the domain names, so both DNS records are required.

Once you have all of the prerequisites out of the way, let’s move on to installing the Let’s Encrypt client software.

 

Step 1 — Install Let’s Encrypt Client

The first step to using Let’s Encrypt to obtain an SSL certificate is to install the letsencrypt software on your server. Currently, the best way to install Let’s Encrypt is to simply clone it from the official GitHub repository. In the future, it will likely be available via a package manager.

Install Git and bc

Let’s install Git and bc now, so we can clone the Let’s Encrypt repository.

Update your server’s package manager with this command:

sudo apt-get update

Then install the git and bc packages with apt-get:

sudo apt-get -y install git bc

With git and bc installed, we can easily download letsencrypt by cloning the repository from GitHub.

Clone Let’s Encrypt

We can now clone the Let’s Encrypt repository in /opt with this command:

sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

You should now have a copy of the letsencrypt repository in the /opt/letsencrypt directory.
Lire la suite…

Categories: Sécurité, Système Tags: ,

How to Install and Configure UFW – An Un-complicated FireWall in Debian/Ubuntu

28/11/2020 Comments off

ufw debian ubuntuSince computers are connected to each other, services are growing fast. Email, Social Media, Online Shop, Chat until Web Conferencing are services that used by user. But on the other side this connectivity just likes a double-side knife. It’s also possible to send bad messages to those computers like Virus, malware, trojan-apps are one of them.

Install UFW Firewall

The Internet, as the biggest computer network is not always fill with good people. In order to make sure our computers / servers are safe, we need to protect it.

One of the must have component on your computer / servers is Firewall. From Wikipedia, a definition is:

In computing, a firewall is a software or hardware-based network security system that controls the incoming and outgoing network traffic by analysing the data packets and determining whether they should be allowed through or not, based on applied rule set.

Iptables is one of the firewall that widely used by servers. It is a program used to manage incoming and outgoing traffic in the server based on a set of rules. Generally, only trusted connection is allowed to enter the server. But IPTables is running at console mode and it’s complicated. Those who’re familiar with iptables rules and commands, they can read the following article that describes how to use iptables firewall.

Installation of UFW Firewall in Debian/Ubuntu

To reduce the complexity of how-to setting IPTables, there is a lot of fronted. If you’re running Ubuntu Linux, you will find ufw as a default firewall tool. Lets start to explore about ufw firewall.

What is ufw

The ufw (Uncomplicated Firewall) is an frontend for most widely used iptables firewall and it is well comfortable for host-based firewalls. ufw gives a framework for managing netfilter, as well as provides a command-line interface for controlling the firewall. It provides user friendly and easy to use interface for Linux newbies who are not much familiar with firewall concepts.

While, on the other side same complicated commands helps administrators it set complicated rules using command line interface. The ufw is an upstream for other distributions such as Debian, Ubuntu and Linux Mint.

Basic Usage ufw

First, check if ufw is installed using following command.

$ sudo dpkg --get-selections | grep ufw
ufw 		install

If it’s not installed, you can install it using apt command as shown below.

$ sudo apt-get install ufw

Before you use, you should check whether ufw is running or not. Use the following command to check it.

$ sudo ufw status

If you found Status: inactive, it mean it’s not active or disable.

NEW! An indispensable ebook for every Linux administrator!

Enabling / Disabling ufw

To enable it, you just need to type the following command at the terminal.

$ sudo ufw enable

Firewall is active and enabled on system startup

To disable it, just type.

$ sudo ufw disable

List the current ufw rules

After the firewall is activated you can add your rules into it. If you want to see what are the default rules, you can type.

$ sudo ufw status verbose
Sample Output
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip
$

Lire la suite…

UFW: an Uncomplicated Firewall

27/11/2020 Comments off

Introduction

For an introduction to firewalls, please see Firewall.

UFW – Uncomplicated Firewall

The default firewall configuration tool for Ubuntu is ufw. Developed to easeiptables firewall configuration, ufw provides a user friendly way to create an IPv4 or IPv6 host-based firewall. By default UFW is disabled.

Gufw is a GUI that is available as a frontend.

Basic Syntax and Examples

Default rules are fine for the average home user

When you turn UFW on, it uses a default set of rules (profile) that should be fine for the average home user. That’s at least the goal of the Ubuntu developers. In short, all ‘incoming’ is being denied, with some exceptions to make things easier for home users.

Enable and Disable

Enable UFW

To turn UFW on with the default set of rules:

sudo ufw enable

To check the status of UFW:

sudo ufw status verbose

The output should be like this:

youruser@yourcomputer:~$ sudo ufw status verbose
[sudo] password for youruser:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip
youruser@yourcomputer:~$

Note that by default, deny is being applied to incoming. There are exceptions, which can be found in the output of this command:

sudo ufw show raw

You can also read the rules files in /etc/ufw (the files whose names end with .rules).

Disable UFW

To disable ufw use:

sudo ufw disable

Lire la suite…