Displaying items by tag: linux

set_up_your_own_web_server.png 

 

The great thing about hosting is that similar to setting up your own site, you can make it as simple as you would like or you can get really complex, the reality is whichever method you choose is up to you. This is not a project for the faint of heart – indeed, you should be techy and much into the intricacy of hosting your own site. Someone who is interested in setting up their own server is a person with time to dedicate to this task and looks forward to the fulfillment of completing something that can be arduous even for the most tech-savvy.

Before getting into how to do your own hosting, you need to be aware of a few issues. Hosting your site requires a lot of electricity and you could deal with power outages, plus you are responsible for the efficacy and maintenance of hardware and software. Self-hosting has slower speeds than paid, dedicated hosts as well. However, the challenge of setting up your own hosting is invigorating, and a great next step on your tech journey.

Before you get started on hosting your own sites, it is a wise move to consider the benefits of paid hosting. The first thing you should know about paid hosting is generally things move faster on a paid host; these servers are dedicated to getting everything going and they don’t have the upload limitations that your ISP imposes upon you. That said, the other benefit a paid host has over self-hosting is that a paid host is responsible for the software and hardware. If anything goes wrong, you have to fix it instead of relying on the paid server company to perform maintenance. While sometimes it is easier to get any web hosting by simply paying with PayPal, the reality is hosting your own site is something for techy people that is really fun and as you improve in this endeavor, you develop skills that are quite marketable.

You can do web hosting with Windows and with Linux. Here is how with both systems.


 

 


Windows

 

Windows is not a popular way to host. The people who like Windows for hosting are those using ASP.NET or C# to code. If using these systems, Windows is the best option, despite being less popular than Linux.

 

Step 1: Get WAMP

One of the best installation programs is WampServer. This helps you work in Windows, Apache, PHP, and MySQL. Get the massive package when you download this, as the individual packages can be onerous and less accurate than the ones coming with WampServer. Once you get your WAMP, you can create subdirectories within it. Clicking on the Local Host link will take you to a URL that says, http://localhost in your main screen of WampServer.

 

Step 2: Simple Page Creation and Configuration of MySQL

As with anything, you want to test what you are doing. The next step is creating a new file with sample code. This could be something simple as a test using PHP. You can check in on this by going to the info section. However, if you click on phpMyAdmin, you can get going on configuring the MySQL information. This means the screen will open for admin credentials, but if you type in Admin to the log in name, rarely do you need a password. Once you get there, you can set and reconfigure your MySQL databases, and some CMS’s like WordPress do it for you.

 

Step 3: Make Your Site Public
Apache by default doesn’t want to make your site public, so you need to go in Apache and turn on the public settings. This will allow not just you to view your site, but the public as well.

 

Step 4: Domain Names
Setting up your DNS is not the easiest. What you do here is associate your IP address with a particular domain name. This will allow any DNS to pick out your domain name and download your site to get the information they need.


 


Linux

 

This is the most popular system used for web hosting. Learning about Linux will give you plenty of advantages while using a platform most folks are comfortable with.

 

Step 1: Use LAMP Software on the Terminal

The first thing you do with your terminal is to write a line of code to start your LAMP software installation. These tutorials will help you get started:

 

Step 2: Check if your PHP is Working

The way to test your PHP is to place a test file in the webserver root directory. Once there, you can visit the page by going to http://localhost/info.php. At this point, you’ll get a lot of information including the current version of PHP, configuration, and the installed modules. The good news is you can use Ubuntu to get the newest PHP modules. You can also use a simple command-line technique to get the same information as well.

 

Step 3: Get MySQL Under Control

Testing the MySQL for your site is imperative. This is especially important when you are using a CMS like Drupal, Joomla, or WordPress. Once there, you have to look at the server issue. Unfortunately, like the other servers, these one needs you to guide them. Most of the time, the system itself takes care of these MySQL databases. That said, you may have to enter some manually.

 

Step 4: DNS Configuration

Use the A record to get the IP address for your server using the dig tool. Once you do this, the next step is to associate your domain name with an IP address. The DNS step is vitally important because getting your domain associated with the IP means people won’t have to type in random numbers to see your site. Use Apache to set up the domain name, the index file, and any other files and set up permissions as well, and that gets your hosting done for you. You can use Namecheap to buy a domain name, read this review to help you decide.

This is just a short intro to self-hosting. You should do more research on security, setting up and maintaining servers, and a lot more. Though it’s a fun thing to do, it still requires a lot of skills and knowledge.

 

Published in Technology
Saturday, 30 May 2020 17:35

How to : Install PHP 7.2 to 7.4 on Ubuntu

php_ubuntu_server.png 

Finally, the third part of our LAMP tutorial series: how to install PHP on Ubuntu. In this tutorial, we’ll show you how to install various versions of PHP, including PHP 7.2, PHP 7.3, and the latest PHP 7.4

This tutorial should work for any Ubuntu release and other Ubuntu-based releases. Ubuntu 14.04, Ubuntu 16.04, Ubuntu 18.04, even Ubuntu 19.10.

 

Tutorials here:

  • Before we begin
  • How to install PHP 7.4 on Ubuntu 18.04 or 16.04
  • How to Install PHP 7.2 on Ubuntu 16.04
  • How to Install PHP 7.2 on Ubuntu 18.04
  • How to Install PHP 7.3 on Ubuntu 18.04 or 16.04
  • How to change the PHP version you’re using
  • How to upgrade to PHP 7.3 (or 7.4) on Ubuntu
  • Speed up PHP by using an opcode cache

 

 

For the first part of our LAMP series, go to our Ubuntu: How to install Apache

And for the second part, go to How to Install MySQL/MariaDB on Ubuntu

 

 

Before we begin installing PHP on Ubuntu

 

  • PHP has different versions and releases you can use. Starting from the oldest that is currently supported – PHP 7.2, and onto PHP 7.3 and the latest – PHP 7.4. We’ll include instructions for PHP 7.4, PHP 7.2 (the default in Ubuntu 18.04) and the default PHP version in the Ubuntu 16.04 repositories – PHP 7. We recommend that you install PHP 7.3 as it’s stable and has lots of improvements and new features. If you still use PHP 7.1, you definitely need to upgrade ASAP because its security support ended at 2019.
  • You’ll obviously need an Ubuntu server. You can get one from Vultr. Their servers start at $2.5 per month. Or you can go with any other cloud server provider where you have root access to the server.
  • You’ll also need root access to your server. Either use the root user or a user with sudo access. We’ll use the root user in our tutorial so there’s no need to execute each command with ‘sudo’, but if you’re not using the root user, you’ll need to do that.
  • You’ll need SSH enabled if you use Ubuntu or an SSH client like MobaXterm if you use Windows.
  • Check if PHP is already installed on your server. You can use the ‘which php’ command. If it gives you a result, it’s installed, if it doesn’t, PHP is not installed. You can also use the “php -v” command. If one version is installed, you can still upgrade to another.
  • Some shared hosts have already implemented PHP 7.3 and PHP 7.4 in their shared servers, like Hawk Host and SiteGround.

Now, onto our tutorial.

 

How to install PHP 7 on Ubuntu 16.04

Currently, as of January 2018, the default PHP release in the Ubuntu 16.04 repositories is PHP 7.0. We’ll show you how to install it using Ubuntu’s repository.

You should use PHP 7.2 or 7.3 instead of the default, outdated PHP version in Ubuntu 16.04. Skip these instructions and follow the instructions below for a newer version.

 

Update Ubuntu

First, before you do anything else, you should update your Ubuntu server:

apt-get update && apt-get upgrade

 

Install PHP

Next, to install PHP, just run the following command:

apt-get install php

This command will install PHP 7.0, as well as some other dependencies:

php-common
php7.0
php7.0-cli
php7.0-common
php7.0-fpm
php7.0-json
php7.0-opcache
php7.0-readline

To verify if PHP is installed, run the following command:

php -v

You should get a response similar to this:

php-v-ubuntu.jpg

 

And that’s it. PHP is installed on your Ubuntu server.

 

 

Install PHP 7.0 modules

You may need some additional packages and PHP modules in order for PHP to work with your applications. You can install the most commonly needed modules with:

apt-get install php-pear php7.0-dev php7.0-zip php7.0-curl php7.0-gd php7.0-mysql php7.0-mcrypt php7.0-xml libapache2-mod-php7.0

 

Depending on how and what you’re going to use, you may need additional PHP modules and packages. To check all the PHP modules available in Ubuntu, run:

apt-cache search --names-only ^php
You can tweak the command to only show ^php7.0- packages etc.

 

If you want to use the latest PHP version, follow the next instructions instead.

 

How to Install PHP 7.2 on Ubuntu 16.04
PHP 7.2 is a stable version of PHP and has many new features, improvements, and bug fixes. You should definitely use it if you want a better, faster website/application.

 

Update Ubuntu
Of course, as always, first update Ubuntu:

apt-get update && apt-get upgrade

 

Add the PHP repository
You can use a third-party repository to install the latest version of PHP. We’ll use the repository by Ondřej Surý.

 

First, make sure you have the following package installed so you can add repositories:

apt-get install software-properties-common

 

Next, add the PHP repository from Ondřej:

add-apt-repository ppa:ondrej/php

And finally, update your package list:

apt-get update


 


Install PHP 7.2

After you’ve added the repository, you can install PHP 7.2 with the following command:

apt-get install php7.2

 

This command will install additional packages:

libapache2-mod-php7.2
libargon2-0
libsodium23
libssl1.1
php7.2-cli
php7.2-common
php7.2-json
php7.2-opcache
php7.2-readline

And that’s it.

 

To check if PHP 7.2 is installed on your server, run the following command:

php -v

 

Install PHP 7.2 modules
You may need additional packages and modules depending on your applications. The most commonly used modules can be installed with the following command:

apt-get install php-pear php7.2-curl php7.2-dev php7.2-gd php7.2-mbstring php7.2-zip php7.2-mysql php7.2-xml

And that’s all. You can now start using PHP on your Ubuntu server.

 

If you want to further tweak and configure your PHP, read our instructions below.

 

How to Install PHP 7.2 on Ubuntu 18.04
PHP 7.2 is included by default in Ubuntu’s repositories since version 18.04. So the instructions are pretty similar to PHP 7 for 16.04.

 

Update Ubuntu
Again, before doing anything, you should update your server:

apt-get update && apt-get upgrade
Install PHP 7.2

 

Next, to install PHP 7.2 on Ubuntu 18.04, just run the following command:

apt-get install php

This command will install PHP 7.2, as well as some other dependencies.

 

To verify if PHP is installed, run the following command:

php -v
You should get a response similar to this:

PHP 7.2.3-1ubuntu1 (cli) (built: Mar 14 2018 22:03:58) ( NTS )
And that’s it. PHP 7.2 is installed on your Ubuntu 18.04 server.

 

Install PHP 7.2 modules
These are the most common PHP 7.2 modules often used by php applications. You may need more or less, so check the requirements of the software you’re planning to use:

apt-get install php-pear php-fpm php-dev php-zip php-curl php-xmlrpc php-gd php-mysql php-mbstring php-xml libapache2-mod-php

To check all the PHP modules available in Ubuntu, run:

apt-cache search --names-only ^php

 

How to install PHP 7.3 on Ubuntu 18.04 or 16.04
PHP 7.3 is a stable version that you can safely use on your servers.

Update Ubuntu

First, update your Ubuntu server:

Add the PHP repository
To install PHP 7.3 you’ll need to use a third-party repository. We’ll use the repository by Ondřej Surý that we previously used.

First, make sure you have the following package installed so you can add repositories:

apt-get install software-properties-common
Next, add the PHP repository from Ondřej:

add-apt-repository ppa:ondrej/php
And finally, update your package list:

apt-get update
Install PHP 7.3

After you’ve added the repository, you can install PHP 7.3 with the following command:

apt-get install php7.3

 

This command will install additional packages:

libapache2-mod-php7.3
libaprutil1-dbd-sqlite3
php7.3-cli
php7.3-common
php7.3-json
php7.3-opcache
php7.3-readline
…and others.
And that’s it. 

 

To check if PHP 7.3 is installed on your server Run the following command:

php -v

 

Install PHP 7.3 modules
You may need additional packages and modules depending on your applications. The most commonly used modules can be installed with the following command:

apt-get install php-pear php7.3-curl php7.3-dev php7.3-gd php7.3-mbstring php7.3-zip php7.3-mysql php7.3-xml
And that’s all. You can now start using PHP on your Ubuntu server.

If you want to further tweak and configure your PHP, read our instructions below.

 

 

How to install PHP 7.4 on Ubuntu 18.04 or 16.04

PHP 7.4 is the latest version of PHP that has lots of improvements. The instructions are pretty similar to PHP 7.3.

Update Ubuntu

First, update your Ubuntu server:

apt-get update && apt-get upgrade
Add the PHP repository

To install PHP 7.4 you’ll need to use a third-party repository. We’ll use the repository by Ondřej Surý that we previously used again.

 

First, make sure you have the following package installed so you can add repositories:

apt-get install software-properties-common
Next, add the PHP repository from Ondřej:

add-apt-repository ppa:ondrej/php

And finally, update your package list:

apt-get update
Install PHP 7.4

 

After you’ve added the repository, you can install PHP 7.4 with the following command:

apt-get install php7.4

This command will install additional packages:

libapache2-mod-php7.4
libaprutil1-dbd-sqlite3
php7.4-cli
php7.4-common
php7.4-json
php7.4-opcache
php7.4-readline
…and others.

And that’s it. To check if PHP 7.4 is installed on your server, run the following command:

php -v
Install PHP 7.4 modules

 

You may need additional packages and modules depending on your applications. The most commonly used modules can be installed with the following command:

apt-get install php-pear php7.4-curl php7.4-dev php7.4-gd php7.4-mbstring php7.4-zip php7.4-mysql php7.4-xml

And that’s all. You can now start using PHP on your Ubuntu server.

If you want to further tweak and configure your PHP, read our instructions below.

 

How to change the PHP version you’re using
If you have multiple PHP versions installed on your Ubuntu server, you can change what version is the default one.

To set PHP 7.2 as the default, run:

update-alternatives --set php /usr/bin/php7.2

 

To set PHP 7.3 as the default, run:

update-alternatives --set php /usr/bin/php7.3

 

To set PHP 7.4 as the default, run:

update-alternatives --set php /usr/bin/php7.4

 

If you’re following our LAMP tutorials and you’re using Apache, you can configure Apache to use PHP 7.3 with the following command:

a2enmod php7.3

And then restart Apache for the changes to take effect:

systemctl restart apache2

 

How to upgrade to PHP 7.3 or 7.4 on Ubuntu

If you’re already using an older version of PHP with some of your applications, you can upgrade by:

  • Backup everything.
  • Install the newest PHP and required modules.
  • Change the default version you’re using.
  • (Optionally) Remove the older PHP (Required) Configure your software to use the new PHP version. You’ll most likely need to configure Nginx/Apache, and many other services/applications. If you’re not sure what you need to do, contact professionals and let them do it for you.
  • Speed up PHP by using an opcode cache
  • You can improve the performance of your PHP by using a caching method. We’ll use APCu, but there are other alternatives available.

 

If you have the ‘php-pear’ module installed (we included it in our instructions above), you can install APCu with the following command:

pecl install apcu

There are also other ways you can install APCu, including using a package.

 

To start using APCu, you should run the following command for PHP 7.2:

echo "extension=apcu.so" | tee -a /etc/php/7.2/mods-available/cache.ini

Or this command for PHP 7.3:

echo "extension=apcu.so" | tee -a /etc/php/7.3/mods-available/cache.ini

 

And the following command for PHP 7.4:

echo "extension=apcu.so" | tee -a /etc/php/7.4/mods-available/cache.ini
If you’re following our LAMP tutorials and you’re using Apache, create a symlink for the file you’ve just created.

For PHP 7.2:

ln -s /etc/php/7.2/mods-available/cache.ini /etc/php/7.2/apache2/conf.d/30-cache.ini

 

For PHP 7.3:

ln -s /etc/php/7.3/mods-available/cache.ini /etc/php/7.3/apache2/conf.d/30-cache.ini

 

For PHP 7.4:

ln -s /etc/php/7.4/mods-available/cache.ini /etc/php/7.4/apache2/conf.d/30-cache.ini

 

And finally, reload Apache for the changes to take effect:

systemctl restart apache2

To further configure APCu and how it works, you can add some additional lines to the cache.ini file you previously created. The best configuration depends on what kind of server you’re using, what applications you are using etc. Either google it and find a configuration that works for you, or contact professionals and let them do it for you.

That’s it for our basic setup. Of course, there are much more options and configurations you can do, but we’ll leave them for another tutorial.

 

Published in GNU/Linux Rules!

LinuxHead

 

 

Guys, we are going to learn about the Package installation in Linux systems from this article. Basically how to install a package ( a package is  simply same as a software in a windows environment) and uninstalling it, what is a repository, how to create/enable/disable a repository, how the package installation commands change with different Linux distributions and so on.

What is a Package ?

Basically a package is a software application in a Linux operating system. Same as in windows and Mac OS, in Linux also we can install a software in a GUI environment as well as with the command line interface.

What is a Package manager ?

There are different package managers for different Linux distributions. It is very important to remember how to use different package installation commands in a Linux system. As we all know in a windows OS, we have softwares ending with .exe extension. But in Linux, the extensions may be different. It can be having an extension like .rpm, .deb or whatever.  Actually the package manager is serving as tool which access the softwares and installing/removing/modifying them.

dpkg is used by Debian, Ubuntu and apt is also supported.
rpm is used by Red Hat, Cent OS and yum is also supported.

 

* Important – You should be a superuser to install packages. 

So, for here testing i’m taking two AWS EC2 Linux servers ( Ubuntu and a Red Hat ). We will take one by one.

To get to know which Linux distribution you are using, try the below command,

cat /etc/*-release

 

 fedr1

 

Yum package manager

What is yum ? Yum is a command we can use to get the packages installed in a Red Hat, Cent OS environments. Yum is using repositories to search and install the applications.

What are Repositories ?

Red Hat or third party repositories are used as the software sources. In a repo we include links where the package managers can search for the packages.

Simply a repository looks like below.

 

fedr2

 

All repositories resides in the path “/etc/yum.repos.d“. The configuration file for yum is “/etc/yum.conf“.

From here, we will check the useful command we need to know.

1) yum repolist ( This command will list your active repositories )

 

fedr3

 

2) yum repolist all ( This will list all of your repositories even it is enabled or disabled )

 

fedr4

 

3) yum list installed ( This will list all your installed packages )

4) yum list vim* ( This will list installed and available packages which suits for package name )

 

fedr5

 

5) yum search vim ( This also searches with package names )

 

fedr6

 

yum search all  ( This gives more details than above )

6) yum info vim* ( This will display information about all the packages that suits the given name )

We can identify different parts in a package as below.

eg – vim-minimal.x86_64 : A minimal version of the VIM editor

vim-minimal – Package name
x86_64 – Architecture
*Sometimes we can see package version also with the names.
7) yum provides  ( This shows packages which contains the mentioned path names ). Not only path names, we can use application names also if we are not sure to check.
eg – yum provides tree

fedr7

 

yum provides /var/www/html

 

fedr8

 

8) yum install httpd ( This will install httpd package into the system )

 

fedr9

 

yum install httpd -y ( This command will install the package without asking for entering yes or no at the end. )

9) yum update  ( This will update the package to the latest version. )
10) yum remove  ( This will uninstall the installed package )
11) yum list kernel ( This will display installed and available kernel software versions )

 

fedr10

 

yum update kernel ( This will update the kernel to the latest version )

12) How to create a new repo
 
Go to the file location – /etc/repos.d
create your new repo – example.repo

fedr11

 

[examplerepo] – repo id

Example Repolist – repo name
baseurl – source url
enabled – status of the repo ( can be enabled or disabled )

 

fedr12

 

Apt package manager

 
Apt package manager is used in Ubuntu and Debian like Linux distributions.  Below listed commands would be helped.
apt actually works on a package database. The system will not know about is there are updates for the packages, if the package database is not updated. Because of this updating the package database is essential.
1) apt-get update ( This command will update the package database )
2) apt-get upgrade ( This will upgrade all the software to the latest version. )
3) apt-get install  ( This will install the package )
4) apt remove  ( This will remove the package binary file except configs)
5) apt purge  ( This will remove all files with the configuration files related to the package )
6) apt show  ( Display information about the package )
7) apt list  ( list the packages with the given name )
So, guys here are some of the basic very useful commands as in the above. You could know more than these commands with the usage.

 

Linuxfinal

Published in GNU/Linux Rules!
Friday, 28 February 2020 13:27

Linux Commands: The easy way

BANNERLINUXINICIOESPAOL

 

find command is a very essential command in the linux operating system. We need to use this amazing command to find files within our system hierarchy.

In a windows operating system we can use search option very simply in the GUI. Likewise we can use find linux command here to find and grab the files as our need.

Same as other linux commands find command also having so  many command options, like to search recursively in the files, to find the files with considering modified dates, accessed dates, files considering their sizes, files considering ownerships and  permissions,  and with so many options.

Also we can use the pipeline and redirection to have the output of the find command and pass it to another operation. As an example we can type the find command to find some files and delete those files with a single linux command. For that purpose we are using pipeline with –

exec or xarg command. We will discuss about -exec later. After this we will discuss the find command and it’s examples with the options. 

 

 

Syntax –

find [location] [options] [what to find]

  • location : The directories where you need to search. This can be a single location or multiple locations.
    eg – if we need to find a file under root directory, the location should be root directory.
    So, the command should start like find /
  • options : find command has so many options to optimise the search. Will discuss on below of the article.
  • What to find : The name of the file which you need to find.
    eg – if we need to find all files having the extention of .cpp under root directory, the command should be find / -name *.cpp. Here -name is the option we used to determine the file name. If we use to find a file giving a name of the file, we must use the option name. 

 

 

 

How to use find command with examples.

 


1) find files named “example.txt” in your current location

find . -name “example.txt”

 

2) find files named “passwd” under root directory

find / name “passwd”

 comm1.png

 

 3) find files named with case insensetively.

Guess we have two files named, Text_file and text_file. These two words differ with capital T.If we need to ignore case sensitivity we need to use option name as -iname. 

find / -name “text_file” ( Case sensitive )

find / -iname “text_file” ( Case Insensitive )

 

comm2.png 

 4) find file “example.txt” under your home directory

find /home -iname “example.txt”

 

5) find files which having the extention of .php under your home directory

find /home -type f -name “*.php”

here -type option is used to determine the type of the file, to recognize is it a file or a directory which you are searching. if you are finding a directory the option should be -type d on the above

example.

 

6) find directories named example under your home directory

find /home -type d -name “example”

 

7) find files in more than one location

find / /home -iname “student”

Above command find the files named student in both places of root directory and /home directory.

 

8) find emty files

find / -type f -empty

 

9) find empty directories

find / -type d -empty

 

10) find files which have permissions of 777

find / -type f -perm 777 

-perm option is used to determine permissions with the find command. if you want to find permissions of 644, it should be like -perm 644.

 

11) find files not having 777 permissions

find / -type f ! -perm 777

 

is used to mention NOT.


12) find files which are set to SETUID

find / -perm /u=s

 

13) find files which are set to SETGID

find / -perm /g=s

 

14) find files read only files

find / -perm /u=r

 

15) find files and remove them

find /home -iname “*.cpp” -exec rm -rf {} ;

 

We will break this command into two parts.

  •  find part is ok for you. It finds all files having .cpp extension under your home directory.
  •  -exec rm -rf {} ; This part is taking the output of the find section and executes the rm -rf command to remove the searched files.  So the output of the find command is going to store inside of {} as an input to rm -rf command and -exec option makes the command as executable.

 

16) find files having 755 permissions and change back to 644 permissions.

find / -iname “*.cpp” -perm 755 -exec chmod 644 {} ;

 

17) find files based on users

find / -iname “example” -user student

Above command finds files with example named which is owned to user student.

 

18) find files based on group

find / -iname “example” -group user

 

This finds files with name example with group name user.

 

19) find modified files with given dates

find / -iname “*.txt” -mtime 7

find files having .txt extention under root directory which is modified on 7 days back.

find / -iname “*.txt” -mtime +7

find files having .txt extention under root directory which is modified on more than 7 days.

find / -iname “*.txt” -mtime -7

find files having .txt extention under root directory which is modified within 7 days.

find / -iname “*.txt” -mmin 7

find files having .txt extention under root directory which is modified before 7 minutes from now.

mtime is used to mention in days and mmin is used to mention in minutes. 

 

 

20) find files which accessed on 10 days back

find / -iname “*.txt” -atime 10

 

21) find files which are changed on before 10 minutes

find / -iname “*.txt” -cmin 10 

 

22) find files with size

find / -size +50M

find files which are more than 50M in size.

find / -size +50M -size -200M 

find files which sizes are more than 50M and less than 200M.

 

So, we have discussed alot of options can be used with find command. You can refer the internet to find more and more.

Cheers. 

  

 BANNERLINUXFINALESPAOL

Published in GNU/Linux Rules!
Wednesday, 26 February 2020 17:52

How to: Install jekins on your linux

Guys, Before talking about how to install jenkins on linux, shall we discuss a little bit about actually what is jenkins ? It is a automation tool which has written in java language. It is an open source application. Jenkins helps for automation tasks and mostly used by system administrators, cloud engineers, DevOps engineers and developers.

 

 

As an example if we take running Ansible playbooks on the ansible master node itself, we can use jenkins tool for running ansible playbooks. Since jenkins is a web tool, system

administrators/DevOps can easily use it taking the advantage of it’s different types plugins for specific purposes. Jenkins is also very useful for Continuos Integration and Continous delivery

(CI/CD ). Thanks to  jenkins, developers can build and test their software projects by doing the changes continously and can take the project to the production level without any distruption to the

users because of the pre testing stages running in continous delivery.

 

So we are going to see different ways of how to install jenkins on Linux.

 

1) Install Jenkins using yum command

commands :
sudo yum update -y
sudo wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo
sudo yum install jenkins -y
sudo systemctl start jenkins
sudo systemctl enable jenkins
Note : Since Jenkins is a java application, first of all you must have installed java on your centos.

 jekins1.png

 

 command – sudo yum install java-1.8.0-openjdk-devel

 

 jenkins2.png

 

 We can check if the port for jenkins has opened. Remember that jenkins is using port 8080 as it’s default port. But we can change it if we need. 

 

jenkins3.png 

To access your Jenkins after the Installation, Open your web browser and got to your centos local ip

with port 8080 ( or localhost:8080 ) or if you are running a virtual machine your public ip with port 8080

could be accessed. I am here using the public ip attached to my virtual machine to get the jenkins web

interface. 

 

jenkins4.png

 

As shown in the browser you need to access that /var/lib path and get the Initial Admin password.

Then Install suggested plugins and login as admin ( if needed you can create another account ).

here we go, finally we have installed jenkins.

 

jenkins5.png 

 

 

2) Install Jenkins on a tomcat

What is tomcat ? Actually tomcat is a application server from apache foundation which executes java

servlets and renders the webpages which is having java coding. Since Jenkins is a tool build with

java, we are trying to install jenkins on tomcat.

 

commands :

sudo yum update -y
sudo yum install java-1.8.0-openjdk-devel
cd ~
wget https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.0.M10/bin/apache-tomcat-9.0.0.M10.tar.gz
tar xzfv apache-tomcat-9.0.0.M10.tar.gz
mkdir Tomcat9
mv apache-tomcat-9.0.0.M10 Tomcat9
cd Tomcat9/bin
./startup.sh

Now  we have installed tomcat on one of our directories in home folder and started tomcat server. You

can check of the port 8080 has opened.

sudo netstat -plunt |grep 8080

Now open the browser with your localhost:8080 or if you are running a virtual machine then your vm

local machine ip with port 8080 or your public ip with port 8080.

 

 jenkins6.png

 

 Ok, now tomcat is ready to searve for java applications. Let’s get our jenkins into tomcat.

Download the jenkins war file from this link. Jenkins war releases. I use version 2.214 ( latest war file ).

commands :

cd ~/Tomcat9/webapps

wget http://updates.jenkins-ci.org/download/war/2.214/jenkins.war

 

jenkins7.png 

Now we will get back to the browser.

try now the url as your tomcat url/jenkins, like localhost:8080/jenkins

 

jenkins8.png 

 See now you are running your jenkins on tomcat. You can check the java process on the server. ps -ef|grep java

 

jenkins9.png 

 If you want to shutdown or restart the jenkins, you can do it by shutting down the tomcat node. Simply

do as below

cd ~/Tomcat9/bin


./shutdown.sh – this will shutdown the tomcat, so jenkins will also be shutdown


./startup.sh = this will start your tomcat and jenkins will be back online

 

 jenkins10.png

 

4) Install Jenkins on a docker container

commands :

First we need to install docker engine in our centos, So follow the below

sudo yum update -y


sudo yum install -y yum-utils device-mapper-persistent-data lvm2 -y

sudo yum-config-manager –add-repo https://download.docker.com/linux/centos/docker-ce.repo

sudo yum -y install docker-ce

sudo systemctl start docker && sudo systemctl enable docker

now switch to root user – sudo su

 

To verify docker, use command docker ps and docker version to check the docker version.

 

jenkins11.png 

 Guys now we have installed docker on our centos. Now we will pull our jenkins image to our centos.

 

jenkins12.png

 

jenkins13.png

 

docker images

jenkins14.png

 

 Now i am creating a docker container from jenkins image as below

jenkins15.png

 

You can see that i have exposed the container to be accesible from the localhost ip from host port

8080. Open the browser and try to access the jenkins container with port 8080.

 

jenkins16.webp

 

So guys we discussed how to install jenkins on centos in three different ways. Hope more articles

related to jenkins on future.

 

Linuxfinal

Published in GNU/Linux Rules!
Tagged under
Sunday, 23 February 2020 01:49

Learn to: install TT-RSS on a Raspberry Pi

Read your news feeds while keeping your privacy intact with Tiny Tiny RSS.

 tt-rss1.jpeg

Tiny Tiny RSS (TT-RSS) is a free and open source web-based news feed (RSS/Atom) reader and aggregator. It's ideally suited to those who are privacy-focused and still rely on RSS for their

daily news. Tiny Tiny RSS is self-hosted software, so you have 100% control of the server, your data, and your overall privacy. It also supports a wide range of plugins, add-ons, and themes,

Want a dark mode interface? No problem. Want to filter your incoming news based on keywords? TT-RSS has you covered there, as well.

 

Now that you know what TT-RSS is and why you may want to use it, I'll explain everything you need to know about installing it on a Raspberry Pi or a Debian 10 server.

 

 

 

Install and configure TT-RSS

To install TT-RSS on a Raspberry Pi, you must also install and configure the latest version of PHP (7.3 as of this writing), PostgreSQL for the database backend, the Nginx web server, Git, and

finally, TT-RSS.

 

1. Install PHP 7

Installing PHP 7 is, by far, the most involved part of this process. Thankfully, it's not as difficult as it might appear. Start by installing the following support packages:

 

$ sudo apt install -y ca-certificates apt-transport-https


Now, add the repository PGP key:

$ wget -q https://packages.sury.org/php/apt.gpg -O- | sudo apt-key add -


Next, add the PHP repository to your apt sources:

echo "deb https://packages.sury.org/php/ buster main" | sudo tee /etc/apt/sources.list.d/php.list

 

Then update your repository index:

sudo apt update

 

Finally, install PHP 7.3 (or the latest version) and some common components:

 

sudo apt install -y php7.3 php7.3-cli php7.3-fpm php7.3-opcache php7.3-curl php7.3-mbstring php7.3-pgsql php7.3-zip php7.3-xml php7.3-gd php7.3-intl 

 

The command above assumes you're using PostgreSQL as your database backend and installs php7.3-pgsql. If you'd rather use MySQL or MariaDB, you can easily change this to php7.3-mysql.

Next, verify that PHP is installed and running on your Raspberry Pi:

php -v

 

Now it's time to install and configure the webserver.

 

2. Install Nginx

Nginx can be installed via apt with:

sudo apt install -y nginx

 

Modify the default Nginx virtual host configuration so that the webserver will recognize PHP files and know what to do with them:

 

You can safely delete everything in the original file and replace it with:

 

server {
listen 80 default_server;
listen [::]:80 default_server;

root /var/www/html;
index index.html index.htm index.php;
server_name _;

location / {
try_files $uri $uri/ =404;
}

location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
}

}

Use Ctrl+O to save your new configuration file and then Ctrl+X to exit Nano. You can test your new configuration with:

 

$ nginx -t

 

If there are no errors, restart the Nginx service:

 

 $ systemctl restart nginx

 

3. Install PostgreSQL


Next up is installing the database server. Installing PostgreSQL on the Raspberry Pi is super easy:

 

$ sudo apt install -y postgresql postgresql-client postgis

 

Check to see if the database server was successfully installed by entering:

 

psql --version 

 

4. Create the Tiny Tiny RSS database


Before you can do anything else, you need to create a database that the TT-RSS software will use to store data. First, log into the PostgreSQL server:

 

sudo -u postgres psql

 

Next, create a new user and assign a password:

 

CREATE USER username WITH PASSWORD 'your_password' VALID UNTIL 'infinity';

 

Then create the database that will be used by TT-RSS:

 

CREATE DATABASE tinyrss;

 

Finally, grant full permissions to the new user:

GRANT ALL PRIVILEGES ON DATABASE tinyrss to user_name;


That's it for the database. You can exit the psql app by typing \q.

 

5. Install Git


Installing TT-RSS requires Git, so install Git with:

$ sudo apt install git -y

Now, change directory to wherever Nginx serves web pages:

$ cd /var/www/html

Then download the latest source for TT-RSS:

$ git clone https://git.tt-rss.org/fox/tt-rss.git tt-rss

Note that this process creates a new tt-rss folder.

 

6. Install and configure Tiny Tiny RSS

 

It's finally time to install and configure your new TT-RSS server. First, verify that you can open http://your.site/tt-rss/install/index.php in a web browser. If you get a 403 Forbidden error, your

 

permissions are not set properly on the /var/www/html folder. The following will usually fix this issue:

$ chmod 755 /var/www/html/ -v

 

If everything goes as planned, you'll see the TT-RSS Installer page, and it will ask you for some database information. Just tell it the database username and password that you created earlier;

the database name; localhost for the hostname; and 5432 for the port.

Click Test Configuration to continue. If all went well, you should see a red button labeled Initialize Database. Click on it to begin the installation. Once finished, you'll have a configuration file that

you can copy and save as config.php in the TT-RSS directory.

After finishing with the installer, open your TT-RSS installation at http://yoursite/tt-rss/ and log in with the default credentials (username: admin, password: password). The system will recommend

that you change the admin password as soon as you log in. I highly recommend that you follow that advice and change it as soon as possible.

 

Set up TT-RSS

 

If all went well, you can start using TT-RSS right away. It's recommended that you create a new non-admin user, log in as the new user, and start importing your feeds, subscribing, and

configuring it as you see fit.


Finally, and this is super important, don't forget to read the Updating Feeds section on TT-RSS's wiki. It describes how to create a simple systemd service that will update your feeds. If you skip

this step, your RSS feeds will not update automatically.

 

Conclusion


Whew! That was a lot of work, but you did it! You now have your very own RSS aggregation server. Want to learn more about TT-RSS? I recommend checking out the official FAQ, the support

forum, and the detailed installation notes. Feel free to comment below if you have any questions or issues.

 

 Linuxfinal

Published in GNU/Linux Rules!
Tagged under
Sunday, 15 December 2019 12:29

Mate Linux desktop : What do fans love it?

BANNERGnulinuxrocks

 

 

If you remember GNOME 2 fondly, the Mate Linux desktop will fulfill your need for nostalgia.

 

 

gnome 2 32 andromeda

Stop me if you've heard this one before: When GNOME 3 was first released, many GNOME users were not ready to give up GNOME 2. The Mate (named after the yerba mate plant) project beganas an effort to continue the GNOME 2 desktop, at first using GTK 2 (the toolkit GNOME 2 was based upon) and later incorporating GTK 3. The desktop became wildly popular, due in no small partto Linux Mint's prompt adoption of it, and since then, it has become commonly available on Fedora, Ubuntu, Slackware, Arch, and many other Linux distributions. Today, Mate continues to deliver a traditional desktop environment that looks and feels exactly like GNOME 2 did, using the GTK 3 toolkit.

 

You may find Mate included in the software repository of your Linux distribution, or you can download and install a distribution that ships Mate as its default desktop. Before you do, though, be aware that it is meant to provide a full desktop experience, so many Mate apps are installed along with the desktop. If you're running a different desktop, you may find yourself with redundant applications (two PDF readers, two media players, two file managers, and so on). If you just want to try the Mate desktop, you can install a Mate-based distribution in a virtual machine, such as GNOME Boxes.

 

Mate desktop tour

 

advent mate openindiana andromeda


The Mate project doesn't just evoke GNOME 2; it is GNOME 2. If you were a fan of the Linux desktop back in the mid-'00s, at the very least, you'll find Mate nostalgic. I was not a fan of GNOME 2 and tended to use KDE instead, but there's one place I can't imagine without GNOME 2: OpenSolaris. The OpenSolaris project didn't last long, coming to prominence when Ian Murdock joined Sun Microsystems just before it was subsumed by Oracle, but I was a low-level Solaris admin at the time and used OpenSolaris to teach myself more about that flavor of Unix. It was the only platform where I used GNOME 2 (because I didn't know how to change the desktop at first and then just got used to it), and today the OpenIndiana project, a community continuation of OpenSolaris, uses GNOME 2 by way of the Mate desktop.

 

 

Mate's layout consists of three menus in the top-left corner: Applications, Places, and System. The Applications menu provides quick access to all application launchers installed on the system. The Places menu provides quick access to common locations, such as your home directory, a network folder, and so on. The System menu contains global options, such as shutdown and suspend. In the upper-right corner is a system tray, and there's a taskbar and a virtual desktop pager at the bottom of the screen.

It's a slightly peculiar configuration, as far as desktop design goes. It borrows equal parts from earlier Linux desktops, the Mac Finder, and Windows, but creates a unique configuration that's intuitive and somehow familiar. Mate intentionally resists deviation from this model, and that's exactly the way its users prefer it.

 

Mate and open source


Mate is one of the most direct examples of how open source empowers developers to fight against a project's end of life. On paper, GNOME 2 was superseded by GNOME 3, yet it lives on because one developer forked the code and carried on. Momentum grew, more developers joined, and the desktop that users love is healthier than ever. Not all software gets a second chance at life, but the option is always there with open source, and it's always absent otherwise.

Using and supporting open source means supporting user and developer freedom. And the Mate desktop is a powerful example of what happens when it works.

 

BannerFinalGNULINUZROCKS

Published in GNU/Linux Rules!
Sunday, 24 November 2019 14:26

TIMESHIFT : Backup and Restore Ubuntu Linux

 LinuxHead

Have you ever wondered how you can backup and restore your Ubuntu or Debian system ? Timeshift is a free and opensource tool that allows you to create incremental snapshots of your filesystem. You can create a snapshot using either RSYNC or BTRFS.

With that. let’s delve in and install Timeshift. For this tutorial, we shall install on Ubuntu 18.04 LTS system.

Installing TimeShift on Ubuntu / Debian Linux

TimeShift is not hosted officially on Ubuntu and Debian repositories. With that in mind, we are going to run the command below to add the PPA:

 

 

# add-apt-repository -y ppa:teejee2008/ppa

 Add-timeshift-repository1.png

 

 

Next, update the system packages with the command:

 

# apt update

 

After a successful system update, install timeshift by running following apt command :

 

# apt install timeshift

 apt-install-timeshift2.png

 

Preparing a backup storage device

Best practice demands that we save the system snapshot on a separate storage volume, aside from the system’s hard drive. For this guide, we are using a 16 GB flash drive as the secondary drive on which we are going to save the snapshot.

 

# lsblk | grep sdb

 lsblk-sdb-ubuntu3.png

 

For the flash drive to be used as a backup location for the snapshot, we need to create a partition table on the device. Run the following commands:

 

# parted /dev/sdb mklabel gpt

 

# parted /dev/sdb mkpart primary 0% 100%

 

# mkfs.ext4 /dev/sdb1

 create-partition-table-on-drive-ubuntu4.jpg

 

 

After creating a partition table on the USB flash drive, we are all set to begin creating filesystem’s snapshots!

Using Timeshift to create snapshots

To launch Timeshift, use the application menu to search for the Timeshift application.

Access-Timeshift-Ubuntu5.jpg

 

 

Click on the Timeshift icon and the system will prompt you for the Administrator’s password. Provide the password and click on Authenticate

 

 Authentication-required-ubuntu6.jpg

 

Next, select your preferred snapshot type.

 Select-Rsync-option-timeshift7.jpg

 

Click ‘Next’. Select the destination drive for the snapshot. In this case, my location is the external USB drive labeled as /dev/sdb

 Select-snapshot-location8.png

 

 Next, define the snapshot levels. Levels refer to the intervals during which the snapshots are created.  You can choose to have either monthly, weekly, daily, or hourly snapshot levels.

 

Select-snapshot-levels-Timeshift9.jpg

 

Click ‘Finish’ On the next Window, click on the ‘Create’ button to begin creating the snapshot. Thereafter, the system will begin creating the snapshot.

 Create-snapshot-timeshift10.jpg

 

Finally, your snapshot will be displayed as shown

 Snapshot-created-TimeShift11.jpg

 

Restoring Ubuntu / Debian from a snapshot

Having created a system snapshot, let’s now see how you can restore your system from the same snapshot. On the same Timeshift window, click on the snapshot and click on the ‘Restore’ button as shown.

 

 

Restore-snapshot-timeshift12.jpg

 

Next, you will be prompted to select the target device. leave the default selection and hit ‘Next’.

 Select-target-device-timeshift13.jpg

 

A dry run will be performed by Timeshift before the restore process commences.

 Comparing-files-Dry-Run-timeshift14.jpg

 

In the next window, hit the ‘Next’ button to confirm actions displayed.

 Confirm-actions-timeshift15.jpg

 

You’ll get a warning and a disclaimer as shown. Click ‘Next’ to initialize the restoration process.

Thereafter, the restore process will commence and finally, the system will thereafter reboot into an earlier version as defined by the snapshot.

 Restoring-snapshot-timeshift-1024x36316.png

 

Conclusion

As you have seen it quite easy to use TimeShift to restore your system from a snapshot. It comes in handy when backing up system files and allows you to recover in the event of a system fault. So don’t get scared to tinker with your system or mess up. TimeShift will give you the ability to go back to a point in time when everything was running smoothly.

 Linuxfinal

Published in GNU/Linux Rules!
Thursday, 14 November 2019 22:49

Learn to automate tasks in linux with cron jobs

Sometimes, you may have tasks that need to be performed on a regular basis or at certain predefined intervals. Such tasks include backing up databases, updating the system, performing periodic reboots and so on. Such tasks are referred to as cron jobs. Cron jobs are used for automation of tasks that come in handy and help in simplifying the execution of repetitive and sometimes mundane tasks. Cron is a daemon that allows you to schedule these jobs which are then carried out at specified intervals. In this tutorial, you will learn how to schedule jobs using cron jobs.

 

The Crontab file

A crontab file, also known as a cron table, is a simple text file that contains rules or commands that specify the time interval of execution of a task. There are two categories of crontab files:

1) System-wide crontab file

These are usually used by Linux services & critical applications requiring root privileges. The system crontab file is located at /etc/crontab and can only be accessed and edited by the root user. It’s usually used for the configuration of system-wide daemons. The crontab file looks as shown:

 cron1.png

 

 

The anatomy of a crontab file

Before we go further, it’s important that we first explore how a crontab file looks like. The basic syntax for a crontab file comprises 5 columns represented by asterisks followed by the command to be carried out.

* * * * * command

This format can also be represented as shown below:

m h d moy dow command

OR

m h d moy dow /path/to/script

Let’s expound on each entry

m: This represents minutes. It’s specified from 0 to 59

h: This denoted the hour specified from 0 to 23

d: This represents the day of the month. Specified between 1 to 31`

moy: This is the month of the year. It’s specified between 1 to 12

doy: This is the day of the week. It’s specified between 0 and 6 where 0 = Sunday

Command: This is the command to be executed e.g backup command, reboot, & copy

Managing cron jobs

Having looked at the architecture of a crontab file, let’s see how you can create, edit and delete cron jobs

Creating cron jobs

To create or edit a cron job as the root user, run the command

# crontab -e

To create a cron job or schedule a task as another user, use the syntax

# crontab -u username -e

For instance, to run a cron job as user Pradeep, issue the command:

# crontab -u Pradeep -e

If there is no preexisting crontab file, then you will get a blank text document. If a crontab file was existing, The -e option allows to edit the file,

Listing crontab files

To view the cron jobs that have been created, simply pass the -l option as shown

# crontab -l

Deleting a crontab file

To delete a cron file, simply run crontab -e and delete or the line of the cron job that you want and save the file.

To remove all cron jobs, run the command:

# crontab -r

That said, let’s have a look at different ways that you can schedule tasks

Crontab examples in Scheduling tasks. All cron jobs being with a shebang header as shown

#!/bin/bash

This indicates the shell you are using, which, for this case, is bash shell.

Next, specify the interval at which you want to schedule the tasks using the cron job entries we specified earlier on.

To reboot a system daily at 12:30 pm, use the syntax:

30 12 * * * /sbin/reboot

To schedule the reboot at 4:00 am use the syntax:

0 4 * * * /sbin/reboot

NOTE: The asterisk * is used to match all records

To run a script twice every day, for example, 4:00 am and 4:00 pm, use the syntax.

0 4,16 * * * /path/to/script

To schedule a cron job to run every Friday at 5:00 pm use the syntax:

0 17 * * Fri /path/to/script

OR

0 17 * * * 5 /path/to/script

If you wish to run your cron job every 30 minutes then use:

*/30 * * * * /path/to/script

To schedule cron to run after every 5 hours, run

* */5 * * * /path/to/script

To run a script on selected days, for example, Wednesday and Friday at 6.00 pm execute:

0 18 * * wed,fri /path/to/script

To schedule multiple tasks to use a single cron job, separate the tasks using a semicolon for example:

* * * * * /path/to/script1 ; /path/to/script2

Using special strings to save time on writing cron jobs Some of the cron jobs can easily be configured using special strings that correspond to certain time intervals. For example,

1) @hourly timestamp corresponds to 0 * * * *

It will execute a task in the first minute of every hour.

@hourly /path/to/script

2) @daily timestamp is equivalent to 0 0 * * *

It executes a task in the first minute of every day (midnight). It comes in handy when executing daily jobs.

@daily /path/to/script

3) @weekly timestamp is the equivalent to 0 0 1 * mon

It executes a cron job in the first minute of every week where a week whereby, a week starts on Monday.

@weekly /path/to/script

3) @monthly is similar to the entry 0 0 1 * *

It carries out a task in the first minute of the first day of the month.

@monthly /path/to/script

4) @yearly corresponds to 0 0 1 1 *

It executes a task in the first minute of every year and is useful in sending New year greetings ?

@monthly /path/to/script

Crontab Restrictions

As a Linux user, you can control who has the right to use the crontab command. This is possible using the /etc/cron.deny and /etc/cron.allow file. By default, only the /etc/cron.deny file exists and does not contain any entries. To restrict a user from using the crontab utility, simply add a user’s username to the file. When a user is added to this file, and the user tries to run the crontab command, he/she will encounter the error below.

 

 cron2.png

 

To allow the user to continue using the crontab utility, simply remove the username from the /etc/cron.deny file.

If /etc/cron.allow file is present, then only the users listed in the file can access and use the crontab utility.

If neither file exists, then only the root user will have privileges to use the crontab command.

Backing up crontab entries It’s always advised to backup your crontab entries. To do so, use the syntax

 

# crontab -l > /path/to/file.txt

 

For example,

 

# crontab -l > /home/james/backup.txt

 

Checking cron logs

 

Cron logs are stored in /var/log/cron file. To view the cron logs run the command:

 

# cat /var/log/cron

 

 cron3.png

 

To view live logs, use the tail command as shown:

# tail -f /var/log/cron


 cron4.png

 

Conclusion

In this guide, you learned how to create cron jobs to automate repetitive tasks, how to backup as well as how to view cron logs. We hope that this article provided useful insights with regard to cron jobs. Please don’t hesitate to share your feedback and comments.

 

BannerFinalGNULINUZROCKS 

Published in GNU/Linux Rules!

terminalsudoancom.jpg

 

 

Think you know everything about sudo? Think again.

Everybody knows sudo, right? This tool is installed by default on most Linux systems and is available for most BSD and commercial Unix variants.

Still, after talking to hundreds of sudo users, the most common answer I received was that sudo is a tool to complicate life.

There is a root user and there is the su command, so why have yet another tool? For many, sudo was just a prefix for administrative commands.

Only a handful mentioned that when you have multiple administrators for the same system, you can use sudo logs to see who did what.

 

 

So, what is sudo? According to the sudo website:

"Sudo allows a system administrator to delegate authority by giving certain users the ability to run some commands as root or another user while providing an audit trail of the commands and their arguments."

By default, sudo comes with a simple configuration, a single rule allowing a user or a group of users to do practically anything (more on the configuration file later in this article):

%wheel ALL=(ALL) ALL

In this example, the parameters mean the following:

The first parameter defines the members of the group.

The second parameter defines the host(s) the group members can run commands on.

The third parameter defines the usernames under which the command can be executed.

The last parameter defines the applications that can be run.

So, in this example, the members of the wheel group can run all applications as all users on all hosts. Even this really permissive rule is useful because it results in logs of who did what on your machine.

 

Aliases

Of course, once it is not just you and your best friend administering a shared box, you will start to fine-tune permissions. You can replace the items in the above configuration with lists: a list of users, a list of commands, and so on. Most likely, you will copy and paste some of these lists around in your configuration.

This situation is where aliases can come handy. Maintaining the same list in multiple places is error-prone. You define an alias once and then you can use it many times. Therefore, when you lose trust in one of your administrators, you can remove them from the alias and you are done. With multiple lists instead of aliases, it is easy to forget to remove the user from one of the lists with elevated privileges.

 

Enable features for a certain group of users

The sudo command comes with a huge set of defaults. Still, there are situations when you want to override some of these. This is when you use the Defaults statement in the configuration. Usually, these defaults are enforced on every user, but you can narrow the setting down to a subset of users based on host, username, and so on. Here is an example that my generation of sysadmins loves to hear about: insults. These are just some funny messages for when someone mistypes a password:

czanik@linux-mewy:~> sudo ls

 

[sudo] password for root:

 

Hold it up to the light --- not a brain in sight!

 

[sudo] password for root:

 

My pet ferret can type better than you!

 

[sudo] password for root:

 

sudo: 3 incorrect password attempts

 

czanik@linux-mewy:~>

Because not everyone is a fan of sysadmin humor, these insults are disabled by default. The following example shows how to enable this setting only for your seasoned sysadmins, who are members of the wheel group:

Defaults !insults Defaults:%wheel insults

I do not have enough fingers to count how many people thanked me for bringing these messages back.

 

Digest verification

There are, of course, more serious features in sudo as well. One of them is digest verification. You can include the digest of applications in your configuration:

peter ALL = sha244:11925141bb22866afdf257ce7790bd6275feda80b3b241c108b79c88 /usr/bin/passwd

In this case, sudo checks and compares the digest of the application to the one stored in the configuration before running the application. If they do not match, sudo refuses to run the application. While it is difficult to maintain this information in your configuration—there are no automated tools for this purpose—these digests can provide you with an additional layer of protection.

 

Session recording

Session recording is also a lesser-known feature of sudo. After my demo, many people leave my talk with plans to implement it on their infrastructure. Why? Because with session recording, you see not just the command name, but also everything that happened in the terminal. You can see what your admins are doing even if they have shell access and logs only show that bash is started.

There is one limitation, currently. Records are stored locally, so with enough permissions, users can delete their traces. Stay tuned for upcoming features.

 

Plugins

Starting with version 1.8, sudo changed to a modular, plugin-based architecture. With most features implemented as plugins, you can easily replace or extend the functionality of sudo by writing your own. There are both open source and commercial plugins already available for sudo.

In my talk, I demonstrated the sudo_pair plugin, which is available on GitHub. This plugin is developed in Rust, meaning that it is not so easy to compile, and it is even more difficult to distribute the results. On the other hand, the plugin provides interesting functionality, requiring a second admin to approve (or deny) running commands through sudo. Not just that, but sessions can be followed on-screen and terminated if there is suspicious activity.

In a demo I did during a recent talk at the All Things Open conference, I had the infamous:

czanik@linux-mewy:~> sudo rm -fr /

ommand displayed on the screen. Everybody was holding their breath to see whether my laptop got destroyed, but it survived.

 

Logs

As I already mentioned at the beginning, logging and alerting is an important part of sudo. If you do not check your sudo logs regularly, there is not much worth in using sudo. This tool alerts by email on events specified in the configuration and logs all events to syslog. Debug logs can be turned on and used to debug rules or report bugs.

Alerts Email alerts are kind of old-fashioned now, but if you use syslog-ng for collecting your log messages, your sudo log messages are automatically parsed. You can easily create custom alerts and send those to a wide variety of destinations, including Slack, Telegram, Splunk, or Elasticsearch. You can learn more about this feature from my blog on syslong-ng.com.

Configuration We talked a lot about sudo features and even saw a few lines of configuration. Now, let’s take a closer look at how sudo is configured. The configuration itself is available in /etc/sudoers, which is a simple text file. Still, it is not recommended to edit this file directly. Instead, use visudo, as this tool also does syntax checking. If you do not like vi, you can change which editor to use by pointing the EDITOR environment variable at your preferred option.

Before you start editing the sudo configuration, make sure that you know the root password. (Yes, even on Ubuntu, where root does not have a password by default.) While visudo checks the syntax, it is easy to create a syntactically correct configuration that locks you out of your system.

When you have a root password at hand in case of an emergency, you can start editing your configuration. When it comes to the sudoers file, there is one important thing to remember: This file is read from top to bottom, and the last setting wins. What this fact means for you is that you should start with generic settings and place exceptions at the end, otherwise exceptions are overridden by the generic settings.

 

 

You can find a simple sudoers file below, based on the one in CentOS, and add a few lines we discussed previously:

 

Defaults !visiblepw

Defaults always_set_home

Defaults match_group_by_gid

Defaults always_query_group_plugin

Defaults env_reset

Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"

Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"

Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin

root ALL=(ALL) ALL

%wheel ALL=(ALL) ALL

Defaults:%wheel insults

Defaults !insults

Defaults log_output

This file starts by changing a number of defaults. Then come the usual default rules: The root user and members of the wheel group have full permissions over the machine. Next, we enable insults for the wheel group, but disable them for everyone else. The last line enables session recording.

The above configuration is syntactically correct, but can you spot the logical error? Yes, there is one: Insults are disabled for everyone since the last, generic setting overrides the previous, more specific setting. Once you switch the two lines, the setup works as expected: Members of the wheel group receive funny messages, but the rest of the users do not receive them.

 

Configuration management

Once you have to maintain the sudoers file on multiple machines, you will most likely want to manage your configuration centrally. There are two major open source possibilities here. Both have their advantages and drawbacks.

You can use one of the configuration management applications that you also use to configure the rest of your infrastructure. Red Hat Ansible, Puppet, and Chef all have modules to configure sudo. The problem with this approach is that updating configurations is far from real-time. Also, users can still edit the sudoers file locally and change settings.

The sudo tool can also store its configuration in LDAP. In this case, configuration changes are real-time and users cannot mess with the sudoers file. On the other hand, this method also has limitations. For example, you cannot use aliases or use sudo when the LDAP server is unavailable.

 

New features

There is a new version of sudo right around the corner. Version 1.9 will include many interesting new features. Here are the most important planned features:

A recording service to collect session recordings centrally, which offers many advantages compared to local storage:

It is more convenient to search in one place.

Recordings are available even if the sender machine is down.

Recordings cannot be deleted by someone who wants to delete their tracks.

The audit plugin does not add new features to sudoers, but instead provides an API for plugins to easily access any kind of sudo logs. This plugin enables creating custom logs from sudo events using plugins.

The approval plugin enables session approvals without using third-party plugins.

And my personal favorite: Python support for plugins, which enables you to easily extend sudo using Python code instead of coding natively in C.

Conclusion I hope this article proved to you that sudo is a lot more than just a simple prefix. There are tons of possibilities to fine-tune permissions on your system. You cannot just fine-tune permissions, but also improve security by checking digests. Session recordings enable you to check what is happening on your systems. You can also extend the functionality of sudo using plugins, either using something already available or writing your own. Finally, given the list of upcoming features you can see that even if sudo is decades old, it is a living project that is constantly evolving.

If you want to learn more about sudo, here are a few resources:

BannerFinalGNULINUZROCKS

Published in GNU/Linux Rules!
Page 1 of 5