It's probably nothing, and doesn't really effect me personally.... plus I'm probably way off base and KNOW nothing is full proof...
yet does anyone else feel slightly more secure during these publicized hacker wars (I know it happens a lot that we don't hear about) running a version of linux verses say windows or even osx? LOL
There's definitely a lot of junk out there for Windows. Linux is a little bit more inherently secure, but the bigger thing is not having to navigate the minefield when online. If it came down to someone directly trying to get into your system, though, I think all things are pretty much equal.
The bigger thing is making sure you secure your passwords, and assuming you use a password program, making sure you don't do something stupid like securing that with an easy password.
Alright Linux GAF I'm back with more server questions. I figure why not right? You guys rock so far, and I've learned a shit ton. So thanks a metric fuck ton for all of your thought out heart felt info so far.
Since we are in the days of the well hmm publicized hacking at least (I get that it goes on all the time just not as reported) I figure my next set of questions would be well about security!
13) Just how secure is a default install of the latest distros?
Just how secure is just a regular nix sever install? Are certain distros just that much more security safe ( I know nothing is ever fool proof)? Are nix servers more secure than Windows? What about BSD?
14) Outside of the obvious ie update asap baring issues for security patches what steps to do you guys take to make your server more secure than default?
Is there anything special you do? Is it just a matter of getting the proper updates installed as fast as possible? Do you have a laundry list of stuff you do to secure things ever time you are gonna deployed a new server?
15) What's more safe: Doing all of your terminal stuff directly on the box itself or else using SSH to get your daily stuff done?
16) What's your game plan password wise on servers?
Do you make up ones? Use a password generator? How do you keep track of them? How do you decide what to do when making the root password? What about general user passwords for everyone else that might have server access?
17) Any recommended programs to install security wise through Apptitude?
Thanks in advance! You guys and gals in Linux-GAF rock! I'm sure I'll have follow up questions and more in the future. I can't thank you enough for all the knowledge you guys are sharing with me!
Alright Linux GAF I'm back with more server questions. I figure why not right? You guys rock so far, and I've learned a shit ton. So thanks a metric fuck ton for all of your thought out heart felt info so far.
Since we are in the days of the well hmm publicized hacking at least (I get that it goes on all the time just not as reported) I figure my next set of questions would be well about security!
13) Just how secure is a default install of the latest distros?
Just how secure is just a regular nix sever install? Are certain distros just that much more security safe ( I know nothing is ever fool proof)? Are nix servers more secure than Windows? What about BSD?
14) Outside of the obvious ie update asap baring issues for security patches what steps to do you guys take to make your server more secure than default?
Is there anything special you do? Is it just a matter of getting the proper updates installed as fast as possible? Do you have a laundry list of stuff you do to secure things ever time you are gonna deployed a new server?
15) What's more safe: Doing all of your terminal stuff directly on the box itself or else using SSH to get your daily stuff done?
15) What's your game plan password wise on servers?
Do you make up ones? Use a password generator? How do you keep track of them? How do you decide what to do when making the root password? What about general user passwords for everyone else that might have server access?
16) Any recommended programs to install security wise through Apptitude?
Thanks in advance! You guys and gals in Linux-GAF rock! I'm sure I'll have follow up questions and more in the future. I can't thank you enough for all the knowledge you guys are sharing with me!
13) Varies from distro to distro since different apps, services, settings, etc are security concerns and all distros do things differently. I think default *nix installs are inherently more secure than Windows. As for BSD It's also great security wise. In fact OpenBSD is the best in terms of security among all Unix like operating systems. Although I wouldn't bother with it on a desktop.
14) Know whats installed on your system and turn off everything that isn't needed.
15) Both are secure.
16) For passwords I'd never use a password generator. I actually just keep them in a PGP encrypted text file on a usb stick for when the day came that I forgot one. If I really feel the need to go overboard on a password I'll just use a phrase. Something like "I'd better remember to call Robin at 867-5309" although longer or shorter depending on how often I use it.
Alright Linux GAF I'm back with more server questions. I figure why not right? You guys rock so far, and I've learned a shit ton. So thanks a metric fuck ton for all of your thought out heart felt info so far.
Since we are in the days of the well hmm publicized hacking at least (I get that it goes on all the time just not as reported) I figure my next set of questions would be well about security!
13) Just how secure is a default install of the latest distros?
Just how secure is just a regular nix sever install? Are certain distros just that much more security safe ( I know nothing is ever fool proof)? Are nix servers more secure than Windows? What about BSD?
14) Outside of the obvious ie update asap baring issues for security patches what steps to do you guys take to make your server more secure than default?
Is there anything special you do? Is it just a matter of getting the proper updates installed as fast as possible? Do you have a laundry list of stuff you do to secure things ever time you are gonna deployed a new server?
15) What's more safe: Doing all of your terminal stuff directly on the box itself or else using SSH to get your daily stuff done?
16) What's your game plan password wise on servers?
Do you make up ones? Use a password generator? How do you keep track of them? How do you decide what to do when making the root password? What about general user passwords for everyone else that might have server access?
17) Any recommended programs to install security wise through Apptitude?
Thanks in advance! You guys and gals in Linux-GAF rock! I'm sure I'll have follow up questions and more in the future. I can't thank you enough for all the knowledge you guys are sharing with me!
13) Any distro out of the box is secure as long as it doesn't install uneeded services. No other thing but rpcbind should be in a default distro listening.
14) Depends on the service you are installing and the purpose. Red hat distros always come with SELinux enabled by default which was created by the nsa which is one step further in protecting your server.
Normally the procedure should be:
Install a barebones system.
Remove the "Single user" mode if the server is gonna be physically accesible.
Use iptables to block all traffic.
Install logging tools and configure them (systlog for example) so you don't miss any errors.
Install one service at a time, harden it, install extra tools needed for more security (like fail2ban )
Unblock the needed ports for the services just installed.
If the hosts you are accessing from are static, use hosts.allow and host.deny to add them and block the rest.
Repeat for each service.
15) Both. But for servers ssh is the method preferred as physical access to a server should be limited as much as possible.
16) Randomly generated password and memorized. If needed to store them use an encryption tool to create a small container with as much encryption as possible so it's nearly impossible to brute force. Only open it when needed, close it afterwards. Make the master password with mixed-alphanumeric-special chars and minimun 10 chars so in the case your file is compromised, it will take a few years to break.
17) fail2ban is a must if you have any service connected to the internet. It check logs for failed login attempts and blocks them. Its kind of incredible the amount of failed logins that you can find after a few days of having ssh installed.
The point in linux is to have the minimun services required and well configured. If you just use apache to test some things you have to be sure it doesn't start automatically for example. If you need to use mysql/postgresql, bind them to 127.0.0.1 so it's only possible to access it locally.
Quick question, hopefully someone can answer: a few months ago I installed Linux Mint on my PC. I was already dual booting OS X and W7, but I've always enjoyed using a Linux environment and wanted to again have the option. I've used Linux Mint in the past (Mint 8 was the last I used, I believe), along with other distros, and didn't have many problems. I have 10 installed now. The issue is, after an hour or two of operation, my entire PC freezes up while running Mint. It just locks up. No error message, no unusual memory or CPU activity. Simply stalls completely. Has anyone experienced that before? I can't find any help online, was wondering if it's a known issue that's managed to elude me. It's not a huge deal, as I can just use Windows or OS X, but I'd like to know what's causing it.
As a side note, occasionally on booting other OSes, I'll have one of my RAM sticks fail and my CPU usage shoot up to 100%. This causes OS X to give me a "restart computer" grey screen error and W7 to operate so slowly that it can take up to 20 minutes to shut down. When the computer restarts, my BIOS shows only 10 of 12 GB of RAM as active, but it operates normally following that. I haven't been able to isolate a failing RAM stick, and I think it might actually be my memory controller acting up. At first I thought this was the same reason Mint was locking up, but in OS X and W7, it occurs immediately after booting into the OS and trying to load a program. In Mint it occurs randomly after an hour or so of operation.
Quick question, hopefully someone can answer: a few months ago I installed Linux Mint on my PC. I was already dual booting OS X and W7, but I've always enjoyed using a Linux environment and wanted to again have the option. I've used Linux Mint in the past (Mint 8 was the last I used, I believe), along with other distros, and didn't have many problems. I have 10 installed now. The issue is, after an hour or two of operation, my entire PC freezes up while running Mint. It just locks up. No error message, no unusual memory or CPU activity. Simply stalls completely. Has anyone experienced that before? I can't find any help online, was wondering if it's a known issue that's managed to elude me. It's not a huge deal, as I can just use Windows or OS X, but I'd like to know what's causing it.
As a side note, occasionally on booting other OSes, I'll have one of my RAM sticks fail and my CPU usage shoot up to 100%. This causes OS X to give me a "restart computer" grey screen error and W7 to operate so slowly that it can take up to 20 minutes to shut down. When the computer restarts, my BIOS shows only 10 of 12 GB of RAM as active, but it operates normally following that. I haven't been able to isolate a failing RAM stick, and I think it might actually be my memory controller acting up. At first I thought this was the same reason Mint was locking up, but in OS X and W7, it occurs immediately after booting into the OS and trying to load a program. In Mint it occurs randomly after an hour or so of operation.
Well it definitely sounds like somethings up with one of your RAM sticks. Lock ups is a common error with faulty memory. You should run memtest86 on it over the night to make sure.
there's a hardening guide to RHEL5 written by the NSA floating around somewhere on the internets. might be worth a look if you're into that kind of stuff.
Well it definitely sounds like somethings up with one of your RAM sticks. Lock ups is a common error with faulty memory. You should run memtest86 on it over the night to make sure.
Totally sounds like ram. Remember that the R is for random, so there is a chance that witht he different management of the ram on those systems you get a totally different behavior.
Okay so I'm back with a few follow up things. More questions will come, but this is just follow up stuff. You guys and gals rock as always!
So I'm booted into my server install and just ran aptitude to update things. There were like what appeared to be en packages which I assume were english language updates which I did, but it seemed like it had to update a fuck ton of related shit. WTF was that all about?
Anyways a couple of smallerish things....
A) What's the command line to just update? I always try sudo aptitude-upgrade or sudo aptitude-update and neither work.
B) Also how do I install that way? I always just end up using sudo apt-get install program name. What do I type to do this with aptitude?
C) iptables seems to be already installed by default. I did a iptables -h to read up, but I was confused on what I should be using this for.
D) I tried sudo apt-get install selinux and it came up to install....
What exactly IS this? I read the link to the NSA, but was confused. I seemed to think it was it's own distro not an installable program?
Also when it's gonna install selinux it says 13 new installs which is cool... it also says 2 to be removed.... aka apparmor and apparmor-utils... what are these two files/programs or whatever?
Finally it says Suggested Packages: selinux-policy-dev and Recommended Packages: selinux-policy-default
What's the difference between suggested and recommended? Also what are those two packages, and the difference between the two?
In general if I go through and install selinux what else do I need to install, and what should I do post install? What does it really DO? I know I already asked that.
PS: Thanks again in advance and I'll come back with more questions tomorrow or the next day after I get through these follow ups! You people are A to the WESOME!!
Okay so I'm back with a few follow up things. More questions will come, but this is just follow up stuff. You guys and gals rock as always!
So I'm booted into my server install and just ran aptitude to update things. There were like what appeared to be en packages which I assume were english language updates which I did, but it seemed like it had to update a fuck ton of related shit. WTF was that all about?
Anyways a couple of smallerish things....
A) What's the command line to just update? I always try sudo aptitude-upgrade or sudo aptitude-update and neither work.
B) Also how do I install that way? I always just end up using sudo apt-get install program name. What do I type to do this with aptitude?
C) iptables seems to be already installed by default. I did a iptables -h to read up, but I was confused on what I should be using this for.
D) I tried sudo apt-get install selinux and it came up to install....
What exactly IS this? I read the link to the NSA, but was confused. I seemed to think it was it's own distro not an installable program?
Also when it's gonna install selinux it says 13 new installs which is cool... it also says 2 to be removed.... aka apparmor and apparmor-utils... what are these two files/programs or whatever?
Finally it says Suggested Packages: selinux-policy-dev and Recommended Packages: selinux-policy-default
What's the difference between suggested and recommended? Also what are those two packages, and the difference between the two?
In general if I go through and install selinux what else do I need to install, and what should I do post install? What does it really DO? I know I already asked that.
PS: Thanks again in advance and I'll come back with more questions tomorrow or the next day after I get through these follow ups! You people are A to the WESOME!!
Language packs: They suck because they install them for everything. Aspell, dictionary, translations, etc..
It's worst if you a a non english linux as it normally installs the EN packages + your language.
A) sudo aptitude update. it has to be separeted by an space like apt-get command
B) same. sudo aptitude install name
C) Iptables is quite difficult if you haven't play with it before. It's basically a "rule creator" for the linux kernel firewall. But it doesn't just blocks or unblocks packets/ports/protocols. You can reroute protocols/packets/ports, drop them, refuse them, etc..
I would recommend reading a LOT before using it. As soon as you some rules you will see that its not as difficult as it seems. As long as you have physical access to the machine it shouldn't be a problem. Pro-Tip: Do not play with iptables while connected by ssh or you could lock yourself out. Believe me, I know lol
D)
wikipedia:
Security-Enhanced Linux (SELinux) is a Linux feature that provides a mechanism for supporting access control security policies, including United States Department of Defense-style mandatory access controls, through the use of Linux Security Modules (LSM) in the Linux kernel. It is not a Linux distribution, but rather a set of modifications that can be applied to Unix-like operating system kernels, such as Linux and that of BSD.
Differences with apparmor:
The AppArmor system generally takes a similar approach to SELinux. One important difference is that AppArmor identifies file system objects by path name instead of inode. This means that, for example, a file that is inaccessible may become accessible under AppArmor when a hard link is created to it, while SELinux would deny access through the newly created hard link. On the other hand, data that is inaccessible may become accessible when applications update the file by replacing it with a new version a frequently used technique while AppArmor would continue to deny access to the data. In both cases, a default policy of "no access" avoids the problem.
I would NOT recommend installing SELinux unless you have a gui and access to SETroubleShoot as managing SELinux is one of the most painful experiences I have ever encounter. Leave it for later as it's quite complicated and difficult to troubleshoot and configure.
The difference between the policies is probably the security. One should be more relaxed than the other, I guess the default one locks all services from the start.
So am I to assume AppArmor is already preinstalled then with Ubuntu server if it's gonna remove those two packages to install selinux? Is it already working with a default policy set or is it something I'd need to run? Seems like that is "good enough" for now since it appears to try and do similar stuff like se, but might not be AS hardcore or effective. Plus I need to learn other stuff 1st, and then work my way to that.
BTW how would I have a GUI on a server? What if you had a gui on your other comp and were ssh'ing in? Wouldn't putting a GUI on your server be overkill and one of the reasons you have a server with the terminal verses a desktop? Wouldn't installing the GUI also allow in more security holes to fix?
Interesting to know about language packs. I was wondering cause I was like WTF at some of the shit being updated. LOL
So am I to assume AppArmor is already preinstalled then with Ubuntu server if it's gonna remove those two packages to install selinux? Is it already working with a default policy set or is it something I'd need to run? Seems like that is "good enough" for now since it appears to try and do similar stuff like se, but might not be AS hardcore or effective. Plus I need to learn other stuff 1st, and then work my way to that.
BTW how would I have a GUI on a server? What if you had a gui on your other comp and were ssh'ing in? Wouldn't putting a GUI on your server be overkill and one of the reasons you have a server with the terminal verses a desktop? Wouldn't installing the GUI also allow in more security holes to fix?
Interesting to know about language packs. I was wondering cause I was like WTF at some of the shit being updated. LOL
Yers apparmor is pre-install on ubuntu. No idea if it's activated by default thougth. If it is they did a fucking good job of not letting it affect anything normal as I never encountered any issues with it.
You can install a light manager like LXDE and lunch it manually. Always good to have a gui available just in case you need something and can't work out how to do it on terminal. As long as it runs on demand and don't put a lot of load on the server of course.
Regarding the holes, shouldn't be a problem as long as no services are started with it. With a server services are the weak point.
Yers apparmor is pre-install on ubuntu. No idea if it's activated by default thougth. If it is they did a fucking good job of not letting it affect anything normal as I never encountered any issues with it.
You can install a light manager like LXDE and lunch it manually. Always good to have a gui available just in case you need something and can't work out how to do it on terminal. As long as it runs on demand and don't put a lot of load on the server of course.
Regarding the holes, shouldn't be a problem as long as no services are started with it. With a server services are the weak point.
If you are managing a server, you will never run into a situation where this is the case. Even inexperienced, the most that you would need is to open a GUI-driven SFTP session so that you can edit files, and browse using the gui on the workstation.
If you are managing a server, you will never run into a situation where this is the case. Even inexperienced, the most that you would need is to open a GUI-driven SFTP session so that you can edit files, and browse using the gui on the workstation.
Well I disagree. For a begginner is useful. I remember my first steps into server management were pretty bad, especially with a distro I didn't touch before. I did a heavy use of the gui back then. Of course this wasn't a production server or anything.
And now with the virtualization and such is much easier to learn. I remember having some strange error with a black background with white letters and staring at it "like...what the fuck do I do now?". This was with my own computer, and checking anything on the internet meant I had to write everything down, reboot to windows, check online for it, reboot back into linux and try to reproduce it again and expect my written solutions to work.
Oh linux, how far you have come! I no longer have nightmares with hardware + linux anymore.
Well I disagree. For a begginner is useful. I remember my first steps into server management were pretty bad, especially with a distro I didn't touch before. I did a heavy use of the gui back then. Of course this wasn't a production server or anything.
And now with the virtualization and such is much easier to learn. I remember having some strange error with a black background with white letters and staring at it "like...what the fuck do I do now?". This was with my own computer, and checking anything on the internet meant I had to write everything down, reboot to windows, check online for it, reboot back into linux and try to reproduce it again and expect my written solutions to work.
Oh linux, how far you have come! I no longer have nightmares with hardware + linux anymore.
lol, good times. My case was especially bad since my computer was a laptop sporting a broadcom wireless card. Dreadful.
As for the GUI, when I train new admins, the first thing I have them learn is SSH. 9/10 they will have to do any admin work remotely and without a GUI.
I find getting over that hump as soon as possible to be extremely helpful and often the easiest way around this is to force them to work without a GUI.
They learn some lessons quick--like not messing with Network-related stuff unless you have to. Some others--like not leaving your session unattended or not running everything as root--take much longer.
Also, if anything, something like webmin (with SSL) is a much more practical graphical tool for managing a server box.
lol, good times. My case was especially bad since my computer was a laptop sporting a broadcom wireless card. Dreadful.
As for the GUI, when I train new admins, the first thing I have them learn is SSH. 9/10 they will have to do any admin work remotely and without a GUI.
I find getting over that hump as soon as possible to be extremely helpful and often the easiest way around this is to force them to work without a GUI.
They learn some lessons quick--like not messing with Network-related stuff unless you have to. Some others--like not leaving your session unattended or not running everything as root--take much longer.
Also, if anything, something like webmin (with SSL) is a much more practical graphical tool for managing a server box.
Well in that case it's normal. Not only because is the way to go, but they also have you to teach them
Im talking more oriented to learning by himself (Brettison). Way too many hours wasted trying to do something command line that ended being a one click in the gui. Then of course I learned how to do it on terminal, and it was actually easy. oh, how lost I was in that times, how easy everything seems now
Well I disagree. For a begginner is useful. I remember my first steps into server management were pretty bad, especially with a distro I didn't touch before. I did a heavy use of the gui back then. Of course this wasn't a production server or anything.
And now with the virtualization and such is much easier to learn. I remember having some strange error with a black background with white letters and staring at it "like...what the fuck do I do now?". This was with my own computer, and checking anything on the internet meant I had to write everything down, reboot to windows, check online for it, reboot back into linux and try to reproduce it again and expect my written solutions to work.
Oh linux, how far you have come! I no longer have nightmares with hardware + linux anymore.
I was having that issue last night when I was in my server and wanted to ask those follow up questions. Luckly I was like "HEY I CAN HAZ PERFECT SOLUTION" and busted out my CR-48 Google sent me and just sat it in my lap while I looked at my desktop screen.
Well in that case it's normal. Not only because is the way to go, but they also have you to teach them
Im talking more oriented to learning by himself (Brettison). Way too many hours wasted trying to do something command line that ended being a one click in the gui. Then of course I learned how to do it on terminal, and it was actually easy. oh, how lost I was in that times, how easy everything seems now
And I still happen to have that laptop. Everytime I upgrade my Kernel in arch I have a 10 second freakout before I realize that I have to manually recompile the stupid wl drivers.
- AppArmor is an established technology first seen in Immunix, and later integrated into Ubuntu, Novell/SUSE, and Mandriva. Core AppArmor functionality is in the mainline Linux kernel from 2.6.36 onwards; work is ongoing by AppArmor, Ubuntu and other developers to merge additional AppArmor functionality into the mainline kernel.
- AppArmor support was first introduced in Ubuntu 7.04, and is turned on by default in Ubuntu 7.10 and later. AppArmor confinement in Ubuntu is application specific with profiles available for specific binaries. With each release, more and more profiles are shipped by default, with more planned.
Only drawbacks are I'm not sure what it means by turned on by default. Plus that page as a link to AppArmor for each release except 11.04. It stopped at 10.10 which makes me pause and wonder.
It IS included though because it says so on the official general AppArmor wiki with 2.6.1 being finished in March and shipping with Natty in April! They all seem to be just bug fixing and code cleanup releases since 2.5 though.
I'm to big of a n00b to get into an AppArmor SELinux debate though that came up when typing in to the googles. It's nice that it's there though and preinstalled even if SE might be better. Just gives me a decent layer of preinstalled security. Figure I'll read up on both of the wikis on just what AppArmor does, how it works, and what I need to do. The ubuntu wiki mentioned with each release they've added in more and more profiles to chose from so I'd like to get to know what the preinstalled "default" profile is and what my other choices are. It would also be nice to know what's already installed verses what I'd need to pull from Aptitude.
PS: Aptitude is like the holy ZOMGWTFBBQ grail for me booting into my server. It's like I do everything in there! LOL
I know I'm 110% sure that you can create macros, but I'm not sure on if it's gonna be cross compatible. It also probably depends on what version of excel.
It's one of the things that is still a pain in the ass even with libre office in terms of compatibility. (Libre Office is fuck'n light years better than Open Office was though!).
Some of you probably have seen my thread, but I am the newest addition to Linux-GAF. I feel so foolish for never trying Linux until recently. With the exception of games, everything about it is just so superior to windows that I haven't figured out why Microsoft isn't emulating this awesomeness.
Some of you probably have seen my thread, but I am the newest addition to Linux-GAF. I feel so foolish for never trying Linux until recently. With the exception of games, everything about it is just so superior to windows that I haven't figured out why Microsoft isn't emulating this awesomeness.
- AppArmor is an established technology first seen in Immunix, and later integrated into Ubuntu, Novell/SUSE, and Mandriva. Core AppArmor functionality is in the mainline Linux kernel from 2.6.36 onwards; work is ongoing by AppArmor, Ubuntu and other developers to merge additional AppArmor functionality into the mainline kernel.
- AppArmor support was first introduced in Ubuntu 7.04, and is turned on by default in Ubuntu 7.10 and later. AppArmor confinement in Ubuntu is application specific with profiles available for specific binaries. With each release, more and more profiles are shipped by default, with more planned.
Only drawbacks are I'm not sure what it means by turned on by default. Plus that page as a link to AppArmor for each release except 11.04. It stopped at 10.10 which makes me pause and wonder.
It IS included though because it says so on the official general AppArmor wiki with 2.6.1 being finished in March and shipping with Natty in April! They all seem to be just bug fixing and code cleanup releases since 2.5 though.
I'm to big of a n00b to get into an AppArmor SELinux debate though that came up when typing in to the googles. It's nice that it's there though and preinstalled even if SE might be better. Just gives me a decent layer of preinstalled security. Figure I'll read up on both of the wikis on just what AppArmor does, how it works, and what I need to do. The ubuntu wiki mentioned with each release they've added in more and more profiles to chose from so I'd like to get to know what the preinstalled "default" profile is and what my other choices are. It would also be nice to know what's already installed verses what I'd need to pull from Aptitude.
PS: Aptitude is like the holy ZOMGWTFBBQ grail for me booting into my server. It's like I do everything in there! LOL
Oh, very interesting Brett, thanks for the link. As I only use ubuntu for personal computing (instead of a learning platform, testing shit and so on) and lately I been playing games like a 13 year old I do not normally boot into ubuntu so Im kind of lost in the most used distro :S
Some of you probably have seen my thread, but I am the newest addition to Linux-GAF. I feel so foolish for never trying Linux until recently. With the exception of games, everything about it is just so superior to windows that I haven't figured out why Microsoft isn't emulating this awesomeness.
Shameless double post but I just fin about double authentication for linux login using google authentication to generate a QR code that you have to scan with your phone, gives you a OTP (one time password) and you enter to complete your normal login.
You know you guys and gals have helped me and got me hooked when....
I'm booted into regular desktop ubuntu and want to run the terminal to do sudo apt-get update/upgrade verses the gui way.
Nice customization btw as I really like the color, the wallpaper, and the overall skin design. Ugh I hate the application menu though as I'm soooooooo over a regular app grid. Not that at times Ubuntu is any better. This did remind me that I want to change my wallpaper up though to freshen things up!
Thought I would finally dip my toe into Ubuntu waters. It has quite a nice UI, but I'm still getting use to the application installation process. I tried to install f.lux, ran the command line codes and the application shows up on the top bar. Yet, it does not seem to be working. Any thoughts on this issue?
Thought I would finally dip my toe into Ubuntu waters. It has quite a nice UI, but I'm still getting use to the application installation process. I tried to install f.lux, ran the command line codes and the application shows up on the top bar. Yet, it does not seem to be working. Any thoughts on this issue?
FWIW I've never gotten the f.lux gui program to work correctly in Ubuntu. No idea why. I've used xflux (from the same page) instead, but that's a bit trickier to set up.
Thought I would finally dip my toe into Ubuntu waters. It has quite a nice UI, but I'm still getting use to the application installation process. I tried to install f.lux, ran the command line codes and the application shows up on the top bar. Yet, it does not seem to be working. Any thoughts on this issue?
Okay Linux-GAF.... It's your well hopefully favorite n00b poster here back with more questions for which I hope you have answers to sever wise! This time up... well trying to get on my server without physically using well the server itself....
18) What do I need to install to be able to SSH in?
Do I need to install the Open SSH server stuff? Do I need to install client side stuff on the same box or do I need to install client side stuff on other comps?
19) What kind of setup should I use port and login/pw wise?
Does it default to a port? Do I need to make sure that is open on my router to SSH into my server? What kind of login and password deal does it use? Is it public and private keys (I've sort of read on how those work but never actually done that before).
20) What kind of steps should be taken to make sure that SSH is well really SSH aka secure?
Anything in particular I can do to make sure giving my server SSH access isn't just giving my server an easy vulnerability to the world to try and exploit?
21) Anything else I need to know on this subject since I've never done this before?
How do I know I'm securely conencted? Is it the same as normal once I'm connected? Can the server be on and running, but myself not actively logged in? Like I don't need to be logged in to ssh in do I? Can someone be logged in via SSH on the server AND someone else be logged in directly on the box? Do you have to use SSH to log in to get access to the server and then you have to use your regular login/pass to get onto the server like if you were on it OR do you just login and your in?
PS: Thanks again Linux-GAF and sorry if I'm such a nerd. I feel like you guys give me sooo much free advice that it's like a crime or something since it's given freely. I feel like I'm getting advice I'd get from an expensive book or taking a class or something. LOL
ok, here goes. No guarantees here, I may not know what I'm talking about.
Brettison said:
Do I need to install the Open SSH server stuff? Do I need to install client side stuff on the same box or do I need to install client side stuff on other comps?
Yep, openssh is the one. I'm not sure how the client/server stuff is seperated. As long as you've got the server bits on your server and the client bits on your client, it should be fine I'm guessing?
Brettison said:
19) What kind of setup should I use port and login/pw wise?
I think the "best" way is to use a custom port instead of the default (22). Not sure which ones are recommended though. As for the logins: I think using keys and disabling password login would be the safest. I can't explain how to set those up, but there are plenty of guides that can.
Brettison said:
Does it default to a port? Do I need to make sure that is open on my router to SSH into my server? What kind of login and password deal does it use? Is it public and private keys (I've sort of read on how those work but never actually done that before).
You can choose the method of authentication, but as I said I think keys is the safest. Default though, it will go with username/password. If it's different from the one you're using on your client machine you use ssh foo@ip, where foo is your username. If it's the same, you can just do ssh ip.
Brettison said:
20) What kind of steps should be taken to make sure that SSH is well really SSH aka secure?
Anything in particular I can do to make sure giving my server SSH access isn't just giving my server an easy vulnerability to the world to try and exploit?
So, the first thing is keys (and disabling password login). Another one is using a non-default port. A whole bunch of settings are in the config file, you should probably browse through those and look them up to set them to your liking.
Once you've set it up, it might be a good thing to check the auth logs and recent logins, just to see if someone's trying to get in. Especially when ssh uses the default port, you'll get a load of weird IP's knocking on your door, trying to get it.
A good idea is also to use something like fail2ban. It basically keeps out addresses who have failed to log in a number of times.
Brettison said:
How do I know I'm securely conencted? Is it the same as normal once I'm connected? Can the server be on and running, but myself not actively logged in? Like I don't need to be logged in to ssh in do I? Can someone be logged in via SSH on the server AND someone else be logged in directly on the box? Do you have to use SSH to log in to get access to the server and then you have to use your regular login/pass to get onto the server like if you were on it OR do you just login and your in?
Okay Linux-GAF.... It's your well hopefully favorite n00b poster here back with more questions for which I hope you have answers to sever wise! This time up... well trying to get on my server without physically using well the server itself....
18) What do I need to install to be able to SSH in?
Do I need to install the Open SSH server stuff? Do I need to install client side stuff on the same box or do I need to install client side stuff on other comps?
If you're using ubuntu, I think you can install openssh-client and not install openssh-server. Other distros may act a little differently. opensuse, for instance, just has "openssh", and that installs everything.
The client goes on the machines you're actually typing on, and the server goes on the machine you want to connect to.
When you install it, the server should just start running. If not, you could run "/etc/init.d/ssh start" from a root terminal. But if you have to do that, then you'll also have to do some fingerwork to make sure that it runs on bootup.
19) What kind of setup should I use port and login/pw wise?
Does it default to a port? Do I need to make sure that is open on my router to SSH into my server? What kind of login and password deal does it use? Is it public and private keys (I've sort of read on how those work but never actually done that before).
It uses port 22 by default, but you don't have to specify it unless you want to use another port.
To do the public/private key thing:
On a client machine, type the following:
Code:
ssh-keygen -t rsa
(the "-t rsa" is just specifying the encryption; that's an old kind and there's probably a better one now, but it's not that important)
Do what it says. It will create two files in your ~/.ssh directory. You need to take the contents of the "id_rsa.pub" file and put it into a file in the ~/.ssh directory of the user you're logging into on the server. The file is called "authorized_keys". Here's the quick and dirty way to do it:
(change "targetuser" to the username on the server and "targetserver" to the server's hostname)
That just copies the contents of the client user's public key file ("id_rsa.pub") to the end of the server user's authorized_keys file. On the way, it makes sure that the ~/.ssh directory actually exists and it makes sure that the permissions are set appropriately for it to work. It will ask your password once. After that, if you type
Code:
ssh targetuser@targetserver
, then it will just go in without asking your password.
20) What kind of steps should be taken to make sure that SSH is well really SSH aka secure?
Anything in particular I can do to make sure giving my server SSH access isn't just giving my server an easy vulnerability to the world to try and exploit?
It's pretty secure out of the box. You could do things like using a nonstandard port, only allowing certain users to log in and certain hosts to connect, turning off password access (only using keys), and so on.
21) Anything else I need to know on this subject since I've never done this before?
How do I know I'm securely conencted? Is it the same as normal once I'm connected? Can the server be on and running, but myself not actively logged in? Like I don't need to be logged in to ssh in do I? Can someone be logged in via SSH on the server AND someone else be logged in directly on the box? Do you have to use SSH to log in to get access to the server and then you have to use your regular login/pass to get onto the server like if you were on it OR do you just login and your in?
The command "w" will list what users are logged in and what they're doing. "netstat -nt" will show what IP addresses are connected to your computer. Under the "Local Address" column, anything ending in :22 (or whatever port you may have custom set ssh for) is an ssh connection, and the "Foreign Address" is the IP address of the attached computer.
I also use "htop" with the tree option to get a nice view of who's running what processes via ssh. Both "pstree" and "ps axjf" do something similar but are not as cool.
A hundred people can be logged into ssh, I'd imagine, and they each get their own session, and it's different from the physical console. I don't think there's a way to, for instance, directly spy on somebody else's ssh session.
PS: Thanks again Linux-GAF and sorry if I'm such a nerd. I feel like you guys give me sooo much free advice that it's like a crime or something since it's given freely. I feel like I'm getting advice I'd get from an expensive book or taking a class or something. LOL
Alright thanks for all of the replies Linux-GAF! Here comes a simple follow up that shows my ignorance...
I found the file in the Ubuntu site on SHH and it told me the path to the file to edit my settings. Problem is I'm a noob on how to go about editing that. I'm use to gedit in regular desktop Ubuntu, and I'm kind of clueless on what to do to edit the file. I tried to load of Vim, but gosh damn I was like over my head for the amount of time I had to deal with it earlier.
I guess I should probably just learn that unless people have another suggestion!
Alright thanks for all of the replies Linux-GAF! Here comes a simple follow up that shows my ignorance...
I found the file in the Ubuntu site on SHH and it told me the path to the file to edit my settings. Problem is I'm a noob on how to go about editing that. I'm use to gedit in regular desktop Ubuntu, and I'm kind of clueless on what to do to edit the file. I tried to load of Vim, but gosh damn I was like over my head for the amount of time I had to deal with it earlier.
I guess I should probably just learn that unless people have another suggestion!
I think learning to vi or emacs will go a loooooooong way however if you just want to do some quick editing now then use nano. As for vi and emacs both include built in tutorials in case you have some free time and care to try learn one of them.
This man know where the grass is greener! org-mode, org2blog, bbdb, and loads more extensions make emacs more like a life management tool for me than an editor (although it works swell as one).
Probably what might seem like a dumb follow up but to open a file in an editor do I just run the editor and then somehow navigate to the menus up top and find the file or do I type something like sudo vim /filepath/
Nothing wrong with using editors like those. When I'm feeling particularly decadent, I open up kwrite and load the file "sftp://root@myserver:/etc/inittab" and type away. It makes me feel extra dangerous because I'm logging in remotely as root.
Also. DOS Edit is still superior to notepad, even after fifteen years, because it can open more than one file at a time.
(I like to use joe, because it has built-in help -- the only downside is that its default configuration turns on hard word wrapping, which is hell for config files when I forget to disable the feature; vim is my editor of choice when I want to feel like I'm competent)
Probably what might seem like a dumb follow up but to open a file in an editor do I just run the editor and then somehow navigate to the menus up top and find the file or do I type something like sudo vim /filepath/
Usually the latter, but these programs have key-bindings for opening files. In joe, for instance, Ctrl-k is the magic do-stuff key combo, and you hit Ctrl-k then 'e' to open a file (it uses tab completion and all of that usual bash magic).
Yeah I couldn't quickly find the key bindings in Vim to open a file or access the menus at the top, and didn't have time to sit down and do the tutorial. I was gonna meet my GF soon to see Cars 2. Figure I'll have more time next time I try, and can actually get some editor learning done.
I'll also look into Nano and Joe beyond just the usual vi(m) and emacs.
PS: Dang post Fedora release it's been basically all quiet on the distro front. Kind of boring actually though boring can be good if shit just well works and gets updates when needed!
Yeah I couldn't quickly find the key bindings in Vim to open a file or access the menus at the top, and didn't have time to sit down and do the tutorial. I was gonna meet my GF soon to see Cars 2. Figure I'll have more time next time I try, and can actually get some editor learning done.
For what it's worth, vim starts as just a text viewer ("Normal Mode") where the cursor just moves around and stuff. When you want to edit, you press the 'i' key and then you edit it ("Insert Mode") just like in DOS Edit or whatever. When you're done, you press the escape key to get back into Normal Mode, from which you can save and exit by typing ":wq" (without the quotes but with the colon at the beginning). It is strange, but it's very fast, very powerful and very ubiquitously installed on barebones installations (well, sometimes it's just plain "vi" instead of "vim", but the basic usage is the same).
PS: Dang post Fedora release it's been basically all quiet on the distro front. Kind of boring actually though boring can be good if shit just well works and gets updates when needed!
What are you talking about? We got a new PCLinuxOS yesterday, a new versions of Sabayon and Scientific Linux last week, and there are new developmentals of Vinux, Deepin, Vector, Frugal, Parsix, as well as releases from a few distros for embedded devices.
In previous weeks, post-Fedora's late May release, there's been pretty much a new stable release or a new development release every day.
Okay I was just being fun and playful about the Linux stuff. Plus you know I meant shit the average person would care about. Distrowatch always fucking updates with random distros like daily. Not that I mean to hate or anything.
BTW with Vim how do I get access to the menus at the top? I couldn't figure that out for the life of me. I saw the menus at the top but like couldn't find a key combo using ctrl, alt, or the command key.
Okay I was just being fun and playful about the Linux stuff. Plus you know I meant shit the average person would care about. Distrowatch always fucking updates with random distros like daily. Not that I mean to hate or anything.
My posts are always intended to be playful, even when I'm pouring the hatorade.
BTW with Vim how do I get access to the menus at the top? I couldn't figure that out for the life of me. I saw the menus at the top but like couldn't find a key combo using ctrl, alt, or the command key.
Can I just say... this might seem odd... but I'm really really getting into learning all of this new info!
I'm not saying it's easy or that I understand it all. Far from it, and my knowledge is paltry compared to the rest of you blokes! Still it's oddly fresh, exciting, invigorating, and well FUN! I look forward to checking this thread everyday, learning more about Linux in general both from here and else where, just doing my day to day stuff in desktop Linux (outside of games), and getting free time to boot into my server and put my n00b skillz to the test.
LOL... thanks Linux GAF... this is sort life changing at least in my computer life anyways
Thanks for this link btw, I was looking for something like the System Monitor applet. That thing was great, but it's missing from GNOME 3. I like to keep an eye on what my laptop is doing.
Can I just say... this might seem odd... but I'm really really getting into learning all of this new info!
I'm not saying it's easy or that I understand it all. Far from it, and my knowledge is paltry compared to the rest of you blokes! Still it's oddly fresh, exciting, invigorating, and well FUN! I look forward to checking this thread everyday, learning more about Linux in general both from here and else where, just doing my day to day stuff in desktop Linux (outside of games), and getting free time to boot into my server and put my n00b skillz to the test.
LOL... thanks Linux GAF... this is sort life changing at least in my computer life anyways
Anyways I just tried to edit my SSHD_Config file with Vim which was easy to do insert wise, but I still get confused or just forget that I have to pull up EX Mode to type commands. It was also LOLtastic as I just was seeing if it worked by editing the default port (any suggestions on a good port range, I'll pick my own, to switch to?), but then I couldn't figure out how to save and quit. I could quit but couldn't save. I SWEAR it said zz or ZZ would save and quit or do the same thing as x or X (can't remember the cases), but that did notta. Finally figured out I could type xit and it would write to the file and quit.
My first step into the larger editor world Linux-GAF! LOLz
