Archive

Articles taggués ‘Ubuntu’

How To Use Port Knocking to Hide your SSH Daemon from Attackers on Ubuntu

12/03/2024 Aucun commentaire

Introduction

Servers, by definition, are implemented as a means of providing services and making applications and resources accessible to users. However, any computer connected to the internet is inevitably targeted by malicious users and scripts hoping to take advantage of security vulnerabilities.

Firewalls exist and should be used to block access on ports not being utilized by a service, but there is still the question of what to do about services that you want access to, but do not want to expose to everybody. You want access when you need it, but want it blocked off otherwise.

Port knocking is one method of obscuring the services that you have running on your machine. It allows your firewall to protect your services until you ask for a port to be opened through a specific sequence of network traffic.

In this guide, we will discuss how to implement port knocking as a method of obscuring your SSH daemon on an Ubuntu 12.04 VPS using the knockd package.

Note: This tutorial covers IPv4 security. In Linux, IPv6 security is maintained separately from IPv4. For example, “iptables” only maintains firewall rules for IPv4 addresses but it has an IPv6 counterpart called “ip6tables”, which can be used to maintain firewall rules for IPv6 network addresses.

If your VPS is configured for IPv6, please remember to secure both your IPv4 and IPv6 network interfaces with the appropriate tools. For more information about IPv6 tools, refer to this guide: How To Configure Tools to Use IPv6 on a Linux VPS

Lire la suite…

How To Configure Port Knocking Using Only IPTables on an Ubuntu VPS

12/03/2024 Aucun commentaire

Source: digitalocean.com

Introduction

Servers that are connected to the internet are subjected to all manners of attacks and probes by malicious users, scripts, and automated bots. It is sometimes a balancing act to secure your server from attacks without affecting legitimate access to your services and resources.

Certain types of services are meant to be visible and consumable to the public internet. An example of this is a web server. Other types of services are typically used by only the system administrator or a select number of individuals and are not meant to be a public resource.

A concept known as port knocking is a way of shielding processes that fit into the latter description. Port knocking works by covering the ports associated with a process behind a firewall until a specific, predetermined sequence of network activity occurs. At this point, the port knocking service reconfigures the firewall to allow access to the protected application.

In a previous article, we discussed how to enable port knocking through a specially designed port knocking service. In this article, we will discuss an alternative method of configuring port knocking.

This method does not rely on an external application to alter the firewall rules. Instead, the iptables firewall can take advantage of a state-tracking module called “recent” to do all of this within the firewall rules themselves.

We will be configuring this on an Ubuntu 12.04 droplet, but any kind of Linux server should operate in a similar manner.

Note: This tutorial covers IPv4 security. In Linux, IPv6 security is maintained separately from IPv4. For example, “iptables” only maintains firewall rules for IPv4 addresses but it has an IPv6 counterpart called “ip6tables”, which can be used to maintain firewall rules for IPv6 network addresses.

If your VPS is configured for IPv6, please remember to secure both your IPv4 and IPv6 network interfaces with the appropriate tools. For more information about IPv6 tools, refer to this guide: How To Configure Tools to Use IPv6 on a Linux VPS

Lire la suite…

Clone Your Ubuntu installation

09/03/2024 Aucun commentaire

If you want to create a system that is similar to a different system you have already set up, it can be difficult to remember each and every package you had installed.This method works best when you are exporting to and importing from the same distribution and, specifically, the same releasefor example, exporting from Ubuntu Dapper to Ubuntu Dapper or ubuntu edgy to ubuntu edgy.

Ubuntu uses the APT package management system which handles installed packages and their dependencies. If we can get a list of currently installed packages you can very easily duplicate exactly what you have installed now on your new machine. Below is a command you can use to export a list of your installed packages.

sudo dpkg --get-selections | grep '[[:space:]]install$='| awk '{print $1}' > installedpackages
Now you should end up with a file called “installedpackages” which consists of a long list of every package your currently have installed.

The next step would be to tell the clone machine to install each of those packages. You’ll have to copy that file to the clone machine (via network, usb drive, email, etc) and also make sure to duplicate the /etc/apt/sources.list file. Without the same access to repositories it may not be able to find the packages.

To tell your system to use the previously exported package list use the following command (after making sure to also clone your /etc/apt/sources.list file).

Update the source list using the following command

sudo aptitude update

Import the package list using the following command

cat installedpackages | xargs sudo aptitude install

 

Zsync HTTP-based File Transfer Utility Transfers Large Files Efficiently

07/03/2024 Aucun commentaire

Zsync is an opensource file transfer utility built on top of rsync algorithm. This helps to download partial/differential files over the HTTP protocol. The utility allows downloading only new parts of a file from a centralized location,  where the older version of the file is already within your computer.

While rsync is for syncing data from one computer to another,  zsync allows file distribution, where the file hosted in a server using any web server can be distributed to many and downloaded seamlessly.

How it works

The command-line utility will do all the differential calculations in the client, instead of doing it in the server as in rsync. Server metadata will be created only once and stored as part of the control file. And rest of the operations and decision making will be handled by the client-side application. This will reduce the huge processing needed on the server-side, even when thousands of clients are trying to fetch the file.

Zsync WorkFlow

Zsync WorkFlow


Server

The server will calculate the checksum and create the control file in advance. This contains checksums,  block size of the file, length and file permissions. Since the rest of the comparisons happens at the client-side, there aren’t any checksum calculations happening on the server, and each time the client requests for data.

Client

The Zsync client is written in “C”, and capable of pulling the metadata from the server first. This will compare with the current files checksum data (generated by rsync) and requests the remaining data from the server. Lire la suite…

Categories: Système Tags: , ,

Set Nemo as Default File Manager in Ubuntu

01/03/2024 Comments off

Nemo is a file manager application developed by Linux Mint team. It is a fork of Nautilus, the GNOME’s file manager. In the beginning, Nemo was just Nautilus 3.4 (Nautilus version which is forked to become Nemo) with different name.

With rapid development and improvement, Nemo now become a full-featured file manager with lots of features, more customizable, and looks beter (in my opinion) than its original (Nautilus).

shutter-2012-12-27-025056

Nemo is the default file manager in Linux Mint, to handle folder and also handle the desktop. You can also easily install Nemo in Ubuntu if you want which is just apt-get away using a PPA (read more: How to install Nemo in Ubuntu),

When you install Nemo in Ubuntu, it doesn’t set itself as the default file manager, Nautilus remains as the default one. If you want to integrate Nemo into Ubuntu system (as the default folder handler), you have to do it manually.

Here I want to share simple command to set Nemo as the default file manager in Ubuntu.

We will invoke the xdg-mime command from freedesktop.org, which is standard command and installed by default in most Linux distribution including Ubuntu. It can be use to set an application (*.desktop file) as the default file opening a certain file type(s) (mime-type). You can also use it to find out what application on your system to handle type(s) of file. Lire la suite…

Categories: Logiciel Tags: