Server Hardening Strategies

Articles
Staying secure is a full-time gig. It doesn't matter whether we're talking a datacentre or your smartphone, there are always steps to be taken to keep your machines and your data as safe as possible. With the increasing popularity of virtualization for applications and services and the ability for people to "roll your own" cloud comes the need to secure those machines. This becomes increasingly challenging when you consider the fact that by their very nature these machines are constantly exposed to the Internet. ### Minimize Your Attack Surface **Don't install it unless you need it** One of the best things you can do to harden a server environment is to take a minimalistic approach. Don't install components that you think you "might need" somewhere down the road, or things…
Read More

My Journey to Linux & OSS for Hacker Public Radio

Articles
I recently recorded and submitted my first podcast for [Hacker Public Radio](http://hackerpublicradio.org/), which is something I've been planning to do for several months. I figured I might as well dump the transcript to the blog as well for those who don't subscribe to HPR and/or are allergic to audio. Telling the tale of how you came to be an active user of Linux or open source software has become the de facto first show topic, so here's my story. ### Early Years The first computer I ever owned was purchased second-hand from a local company who had recently upgraded their systems. It was a second-generation Intel Pentium system with precious few system resources. But it was mine... all mine. I played with it for a few months trying out different…
Read More

Ubuntu School – which: Finding Ruby

Projects
I've been getting my feet wet with Ruby the past couple of days and decided to post this as much for my own recollection as anything else. When you're creating a .rb script file the first line (as with nearly all \*nix script files) contains a reference to the executable which should be used to execute the script. ``` #!/usr/bin/ruby ``` But what if you don't know precisely where that file lives? The [which](http://linux.about.com/library/cmd/blcmdl1_which.htm) command will find it for you. Which is a command which provides you the fully qualified path to shell commands, and this includes script hosts like ruby. ``` callisto:~ kdmurray$ which ruby /usr/bin/ruby ``` This also works for Perl, Python and any number of other executables. Ever wonder where the pwd command lives? or nano? or…
Read More

Ubuntu School – What Groups Do I Belong To?

Projects
This is a quick one. If you need to figure out what groups your user account belongs to you can simply use the **groups** command from the command line: ``` kdmurray@titan:~$ groups kdmurray adm cdrom sudo dip plugdev sambashare lpadmin debian-transmission smbmedia smbbackups ccnet ``` You can also use this command to find out what groups any other users belong to. This is particularly useful when setting up new services or new network shares and you need to confirm which groups the user belongs to. ``` kdmurray@titan:~$ groups ccnet ccnet : users ccnet ``` Try to find yourself a use for the **groups** command this week!
Read More

Home Server Build part 5 – DNS Basics (Ubuntu School)

Articles
Once the server has been configured one major "infrastructure" task remains - setting up DNS. This is where those clever names you thought up back in [the "prerequisites" stage](http://kdmurray.net/2012/06/23/home-server-build-part-3-os-installation-ubuntu-school/) come into play. Strictly speaking DNS isn't required for everything else to work properly, but it's one of those things that makes the overall solution that much more elegant. When you're connecting to various components in your network it's so much nicer to refer to them by name rather than simply by IP address. A key piece of information you'll want to keep close at hand is the Webmin [BIND module](http://doxfer.webmin.com/Webmin/BINDDNSServer) documentation. This provides an easy-to-understand guide to managing DNS using [BIND](http://en.wikipedia.org/wiki/BIND) and Webmin. It was key to me being able to complete this tutorial. ### Create the Domain's Master Record…
Read More

Ubuntu School – GUI (xubuntu-desktop) for Ubuntu Server

Projects
Whether it's because you're not fully versed in the power of the command line, or you just want to use a tool that will speed things along like gparted, the command-line isn't always the best tool for the job. Sometimes you just need a GUI, even if it's just for a few minutes. I'm going to walk through how to do the installation on Ubuntu 11.10 with the assumption that you only want the GUI occasionally, and don't want it consuming server resources all the time. The first step is to get the GUI tools installed. ``` sudo apt-get update sudo apt-get upgrade sudo apt-get install xubuntu-desktop ``` That was the simple part. At this point you now have the GUI installed, but it will start the GUI every time…
Read More

Ubuntu School – Get Rolling with Webmin on Ubuntu Server 11.10

Projects
Even if some Linux purists would have you believe the command-line is the only way to go, the pragmatist in me will always take an appropriate GUI over a complicated command-line any day. You can run a lot of powerful services for your home network using one or more Ubuntu server machines. With the right tools you don't need to be a Linux expert to make that happen. The tool of choice is [Webmin](http://webmin.com/ "Webmin"). This is a set of web-based tools which allow you to control virtually every piece of server-side software on you Ubuntu server. The GUI is intuitive and straight-forward, the documentation is excellent, and the project is under active development. Because Webmin isn't in the standard repositories you will have to do a couple of quick…
Read More

Ubuntu School – Add an Existing User to a Group

Projects
Occasionally you need to grant an existing user some additional permissions to files, directories or applications. This typically means some kind of change in your permissions settings for the object in question. But because you can only have a single owner for a given object you need to be careful making these changes. Something you can do, though, is extend the permissions on the object to a set of users by way of a group. Logically, a group is nothing more than a named collection of users who all have the same access (by way of that group) to some resource. Users in Ubuntu typically carry one primary, and one or more secondary groups (I won't get into the differences here). By adding group permissions to your resources (ie give…
Read More

Ubuntu School – sudo Your Last Command

Projects
Sometimes we just forget that we need to specify elevated privileges on our Ubuntu machines. I do it all the time, particularly when I'm setting up a new machine. Thankfully there's a shortcut for those of us who are forgetful. If I want to restart the box I can use a command like: ``` shutdown -r now ``` But of course that command requires elevated privileges: ``` shutdown: Need to be root ``` With the fantastic `!!` argument for sudo you can repeat your last terminal command: ``` sudo !! ``` Now you can quickly and efficiently re-run that last command you forgot to sudo.
Read More

Ubuntu School – DHCP Release and Renew

Projects
It's not uncommon to need to release/renew the IP address for a given machine. This is particularly true if you're doing any kind of maintenance on your network, or are troubleshooting pretty much any kind of Internet problem. I never seem to remember how to do this, so I'm including this post as much for my own benefit as anything. What I'm talking about is the Ubuntu equivalent of these windows commands ``` ipconfig /release ipconfig /renew `` From an Ubuntu terminal type: ``` sudo dhclient -r sudo dhclient ``` Much like the Windows equivalents you can also specify these actions for a specific interface if your situation requires. ``` sudo dhclient eth0 ```
Read More