Year: 2019

Ansible is an open source, powerful automation software for configuring, managing and deploying software applications on the nodes without any downtime just by using SSH. Today, most of the IT Automation tools runs as a agent in remote host, but ansible just need a SSH connection and Python (2.4 or later) to be installed on the remote nodes to perform it’s action.

How Ansible Works?

There are many similar automation tools available like Puppet, Capistrano, Chef, Salt, Space Walk etc, but Ansible categorize into two types of server: controlling machines and nodes.

The controlling machine, where Ansible is installed and Nodes are managed by this controlling machine over SSH. The location of nodes are specified by controlling machine through its inventory.

The controlling machine (Ansible) deploys modules to nodes using SSH protocol and these modules are stored temporarily on remote nodes and communicate with the Ansible machine through a JSON connection over the standard output.

Playbooks are bunch of commands which can perform multiple tasks and each playbooks are in YAML file format.

What’s the Use of Ansible

Ansible can be used in IT infrastructure to manage and deploy software applications to remote nodes. For example, let’s say you need to deploy a single software or multiple software to 100’s of nodes by a single command, here ansible comes into picture, with the help of Ansible you can deploy as many as applications to many nodes with one single command, but you must have a little programming knowledge for understanding the ansible scripts.

We’ve compiled a series on Ansible, title ‘Preparation for the Deployment of your IT Infrastructure with Ansible IT Automation Tool‘, through parts 1-4 and covers the following topics.

In this article, we will show you how to install ‘Ansible’ on RHEL/CentOS 7/6, Fedora 21-19, Ubuntu 14.10-13.04 and Debian 7/6 systems and also we will go through some basics on how how to manage a server by installing packages, applying updates and much more from basic to pro.

Prerequisites

1. Operating System: RHEL/CentOS/Fedora and Ubuntu/Debian/Linux Mint
2. Jinja2: A modern, fast and easy to use stand-alone template engine for Python.
3. PyYAML: A YAML parser and emitter for the Python programming language.
4. parmiko: A native Python SSHv2 channel library.
5. httplib2: A comprehensive HTTP client library.
6. sshpass: A non-interactive ssh password authentication.

My Environment Setup

Controlling Machine – Ansible

Operating System :	Linux Mint 17.1 Rebecca
IP Address	 :	192.168.0.254
Host-name	 :	tecmint.instrcutor.com
User		 :	tecmint

Remote Nodes

Node 1: 192.168.0.112
Node 2: 192.168.0.113
Node 3: 192.168.0.114

Step 1: Installing Controlling Machine – Ansible

1. Before installing ‘Ansible‘ on the server, let’s first verify the details of the server like hostname and IP Address. Login into server as a root user and execute the below command to confirm system settings that we’re going to use for this setup.

# sudo ifconfig | grep inet

2. Once you confirm your system settings, it’s time to install ‘Ansible’ software on the system.

On Ubuntu/Debian/Linux Mint

Here we are going to use official Ansible PPA repository on the system, just run the below commands to add the repository.

$ sudo apt-add-repository ppa:ansible/ansible -y
$ sudo apt-get update && sudo apt-get install ansible -y

On RHEL/CentOS/Fedora

Unfortunately, there are no official Ansible repository for RedHat based clones, but we can install Ansible by enabling epel repository under RHEL/CentOS 6, 7 and currently supported fedora distributions.

Fedora users can directly install Ansible through default repository, but if you are using RHEL/CentOS 6, 7, you have to enable EPEL repo.

After configuring epel repository, you can install Ansible using following command.

$ sudo yum install ansible -y

After installed successfully, you can verify the version by executing below command.

# ansible --version

Step 2: Preparing SSH Keys to Remote Hosts

4. To perform any deployment or management from the localhost to remote host first we need to create and copy the ssh keys to the remote host. In every remote host there will be a user account tecmint (in your case may be different user).

First let we create a SSH key using below command and copy the key to remote hosts.

# ssh-keygen -t rsa -b 4096 -C "admin@tecmintlocal.com"

5. After creating SSH Key successfully, now copy the created key to all three remote server’s.

# ssh-copy-id tecmint@192.168.0.112
# ssh-copy-id tecmint@192.168.0.113
# ssh-copy-id tecmint@192.168.0.114

6. After copying all SSH Keys to remote host, now perform a ssh key authentication on all remote hosts to check whether authentication working or not.

$ ssh tecmint@192.168.0.112
$ ssh tecmint@192.168.0.113
$ ssh tecmint@192.168.0.114

Step 3: Creating Inventory File for Remote Hosts

Inventory file, This file hold the host information’s like which host we need to get connect from local to remote. Default inventory file will be under /etc/ansible/hosts.

7. Now let’s add these three hosts to inventory file. Open and edit file using your favourite editor, Here I use vim.

# sudo vim /etc/ansible/hosts

Add the following three hosts IP address..

[web-servers]
192.168.0.112
192.168.0.113
192.168.0.114

Note: The ‘web-servers‘ in the brackets indicates as group names, it is used in classifying systems and deciding which systems you are going to controlling at what times and for what reason.

# ansible -m ping web-servers

OR

# ansible -m ping -all

# ansible -m command -a "df -h" web-servers

# ansible -m command -a "free -mt" web-servers

# ansible -m command -a "uptime" web-servers

# ansible -m command -a "arch" web-servers
# ansible -m shell -a "hostname" web-servers

# ansible -m command -a "df -h" web-servers > /tmp/df_outpur.txt

In the previous article of this Ansible series, we explained that Ansible is an agent-less tool that allows you to quickly and efficiently manage multiple machines (also known as nodes – and perform deployments to them as well) from a single system.

After installing the software in the controller machine, creating the keys for passwordless login and copying them to the nodes, it’s time to learn how to optimize the process of managing such remote systems using Ansible.

Ansible Testing Environment

Throughout this article, as well as the next one, we will use the following test environment. All hosts are CentOS 7 boxes:

Controller machine (where Ansible is installed): 192.168.0.19
Node1: 192.168.0.29
Node2: 192.168.0.30

In addition, please note that both nodes have been added in the webservers section of the local /etc/ansible/hosts file:

# ansible -a "/bin/hostnamectl --static" webservers

---
- hosts: webservers
  remote_user: root
  vars:
    variable1: value1
    variable2: value2
  remote_user: root
  tasks:
  - name: description for task1
    task1: parameter1=value_for_parameter1 parameter2=value_for_parameter2
  - name: description for task1
    task2: parameter1=value_for_parameter1 parameter2=value_for_parameter2
  handlers:
    - name: description for handler 1
      service: name=name_of_service state=service_status
- hosts: dbservers
  remote_user: root
  vars:
    variable1: value1
    variable2: value2
…

# mkdir /etc/ansible/playbooks

---
- hosts: webservers
  vars:
    http_port: 80
    max_clients: 200
  remote_user: root
  tasks:
  - name: ensure apache is at the latest version
    yum: pkg=httpd state=latest
  - name: replace default index.html file
    copy: src=/static_files/index.html dest=/var/www/html/ mode=0644
    notify:
    - restart apache
  - name: ensure apache is running (and enable it at boot)
    service: name=httpd state=started enabled=yes
  handlers:
    - name: restart apache
      service: name=httpd state=restarted

# mkdir /static_files

<!DOCTYPE html>
 <html lang="en">
 <head>
 <meta charset="utf-8"/>
 </script>
 </head>
 <body>
 <h1>Apache was started in this host via Ansible</h1><br>
<h2>Brought to you by Tecmint.com</h2>
 </body>
 </html>

# ansible-playbook /etc/ansible/playbooks/apache.yml

# systemctl stop httpd
# systemctl disable httpd
# systemctl is-active httpd
# systemctl is-enabled httpd

# ansible-playbook /etc/ansible/playbooks/apache.yml

node1: 192.168.0.29
node2: 192.168.0.30

# cd /etc/ansible/playbooks
# ansible-galaxy init wp-dependencies
# ansible-galaxy init wp-install-config

# ls -R /etc/ansible/playbooks

---
# tasks file for wp-dependencies
- name: Update packages (this is equivalent to yum update -y)
  yum: name=* state=latest

- name: Install dependencies for WordPress
  yum: name={{ item }} state=present
  with_items:
        - httpd
        - mariadb-server 
        - mariadb
        - php 
        - php-mysql
        - MySQL-python

- name: Ensure MariaDB is running (and enable it at boot)
  service: name=mariadb state=started enabled=yes

- name: Copy ~/.my.cnf to nodes
  copy: src=/root/.my.cnf dest=/root/.my.cnf

- name: Create MariaDB database
  mysql_db: name={{ wp_mysql_db }} state=present

- name: Create MariaDB username and password
  mysql_user:
        login_user=root
        login_password=YourMariaDBRootPasswordHere
        name={{ wp_mysql_user }}
        password={{ wp_mysql_password }}
        priv=*.*:ALL

---
# defaults file for wp-dependencies
  wp_mysql_db: MyWP
  wp_mysql_user: wpUser
  wp_mysql_password: wpP4ss

---
# tasks file for wp-install-config
- name: Create directory to download WordPress
  command: mkdir -p /opt/source/wordpress

- name: Download WordPress
  get_url: url=https://www.wordpress.org/latest.tar.gz dest=/opt/source/wordpress/wordpress.tar.gz validate_certs=no

- name: Extract WordPress
  command: "tar xzf /opt/source/wordpress/wordpress.tar.gz -C /var/www/html --strip-components 1"

- name: Send config file
  copy: src=/root/wp-config-sample.php dest=/var/www/html/wp-config.php mode=0644

…
/** The name of the database for WordPress */
define('DB_NAME', 'MyWP');

/** MySQL database username */
define('DB_USER', 'wpUser');

/** MySQL database password */
define('DB_PASSWORD', 'wpP4ss');
…

Make sure you use the same password in all hosts, then copy the credentials in /root/.my.cnf (the actual location may differ in your case, but in all instances it needs to match the value of the src parameter for the task Copy ~/.my.cnf to nodes in /etc/ansible/playbooks/wp-dependencies/tasks/main.yml).

In that file (see above) we’ve assumed that the password for root is YourMariaDBRootPassword.

6. Next, our playbook (/etc/ansible/playbooks/playbook.yml) will look much more organized and simple when compared to the previous tutorial:

# cat playbook.yml

- hosts: webservers
  roles:
        - wp-dependencies
        - wp-install-config

Finally, it’s time to run these tasks by invoking our playbook:

# ansible-playbook playbook.yml

Now let’s check if we can access the WordPress Admin page using the IP addresses of node1 192.168.0.29 and node2 192.168.0.30:

You can view the last two steps in the following screencast:

As you can see, you can set up multiple WordPress installations with little to no effort using Ansible. Then you can use the respective Admin user interface to configure each site separately.

Final considerations

If you are using another distribution to deploy WordPress, the packages name may vary, but it comes down to installing the Apache web server, the MariaDB database server, and the Python MySQL module. If that is the case, use your distribution’s software management system to search for the exact package name that you need to install.

Summary

In this series we have explained how to use Ansible to run commands and execute complex tasks in several Linux machines simultaneously.

One of such examples is setting up WordPress, as we have discussed in this guide. Whether you are a system administrator or a blogger, I hope you have found the concepts and examples in this tutorial useful.

Best of luck and do not hesitate to drop us a line if you need help or have any comments or suggestions!

Source

Have you upgraded your kernel and redhat-release packages and you are encountering some issues. Do you want to downgrade to a lower minor release. In this article, we will describe how to do downgrade RHEL or CentOS version to previous minor version.

Note: The following steps will only work for downgrades within the same major version (such as from RHEL/CentOS 7.6 to 7.5) but not between major versions (such as from RHEL/CentOS 7.0 to 6.9).

A minor version is a release of RHEL that does not (in most cases) add new features or content. It focuses on solving minor problems, typically bugs or security issues. Most of what makes a specific minor version is included in the kernel, so you will need to find out which kernels are supported as part of the minor version you are targeting.

For the purpose of this article, we will show how to downgrade from 7.6 to 7.5. Before we proceed, note that the kernel version for 7.5 is 3.10.0-862. Got to Red Hat Enterprise Linux Release Dates for a complete list of minor releases and associated kernel versions.

Let’s check if the required kernel packages “kernel-3.10.0-862” is installed or not, using the following yum command.

 
# yum list kernel-3.10.0-862*

If the output of the previous command shows that the kernel package is not installed, you need to install it on the system.

# yum install kernel-3.10.0-862.el7

Once the kernel installation is compete, to apply the changes, you need to reboot the system.

Then downgrade the redhat-release package to complete the process. The command below targets the latest minor version that is lower than the current running one, such as from 7.6 to 7.5, or from 7.5 o 7.4.

# yum downgrade redhat-release

Finally, confirm the downgrade by checking the contents of /etc/redhat-release using the cat command.

# cat /etc/redhat-release

That’s all! In this article, we have explained how to downgrade RHEL or CentOS distribution to a lower minor release. If you have any queries, use the feedback form below to reach us.

Source

Searching or finding files on a Linux system from the terminal can be a little of a challenge especially for newbies. However, there are several command line tools/utilities for locating files in Linux.

In this article, we will review 5 command line tools to find, locate and search files quickly on Linux systems.

1. Find Command

find command is a powerful, widely used CLI tool for searching and locating files whose names match simple patterns, in a directory hierarchy. Using find is simple, all you need to do is provide a starting point (top of the directory heirarchy) where the search beings. This can be the current directory or any other directory where you suspect the file you are looking for is stored.

After the starting point, you can specify an expression (composed of test, actions, options and operators) which describes how to match files and what to do with the files that were matched.

It supports multiple options to locate files using attributes such as permissions, users, groups, file type, date, size and other possible criteria. You can learn some useful find command usage examples in the following articles:

1. 35 Practical Examples of Linux Find Command
2. Ways to Use ‘find’ Command to Search Directories More Efficiently
3. How to Find Files With SUID and SGID Permissions in Linux
4. How to Use ‘find’ Command to Search for Multiple Filenames (Extensions) in Linux
5. How to Find and Sort Files Based on Modification Date and Time in Linux

2. Locate Command

locate command is another commonly used CLI utility for searching files quickly by name, just like find command. However, it is practically more efficient and faster compared to its counterpart because, instead of searching through the file system when a user initiates a file search operation (the way find works), locate queries a database which contains bits and parts of files and their corresponding paths on the file system.

This database can be prepared and updated using the updatedb command. Note that locate will not report files created after the most recent update of the relevant database.

Read Also: How to Install ‘locate Command’ to Find Files in Linux

3. Grep Command

Although grep command is not a tool for directly searching files (its instead used to print lines matching a pattern from one or more files), you can employ it to locate files. Assuming you know a phrase in the file(s) you are looking for or you are looking for a file that contains a particular string of characters, grep can help you list all files that contain a particular phrase.

For example, if you are looking for a README.md file which contains the phrase “An assortment”, which you suspect should be somewhere in your home directory, possibly in ~/bin, you can locate it as shown.

$ grep -Ri ~/bin -e "An assortment" 
OR
$ grep -Ri ~/bin/ -e "An assortment" | cut -d: -f1

Where the grep flag:

• -R – means search the specified directory recursively
• -i – means ignore case distinctions
• -e – specifies the phrase to be used as a pattern for searching
• -d – specifies the delimter
• -f – sets the field to be printed

You can learn some useful grep command usage examples in the following articles:

1. 12 Practical Examples of Linux Grep Command
2. 11 Advance Linux Grep Commands Usage and Examples
3. How to Find a Specific String or Word in Files and Directories

4. Which Command

which command is a tiny and straightforward utility for locating the binary of a command; it outputs the absolute path of a command. For example:

$ which find
$ which locate
$ which which

5. Whereis Command

whereis command is also used to locate a command and it additionally shows the absolute path of the source, and manual page files for the command.

$ whereis find
$ whereis locate
$ whereis which
$ whereis whereis

Read Also: 5 Ways to Find a ‘Binary Command’ Description and Location on File System

That’s all for now! If we have missed any Commandline tools/utilities for quickly locating files on a Linux system, let us know via the comment form below. You can ask any questions concerning this topic as well.

Source

This tutorial will explain the first basic steps you need to go through after installing a minimal CentOS 7 system with no graphical environment in order to obtain information about the installed system, the hardware on top of which runs the system and configure other specific system tasks, such as networking, root privileges, software, services and others.

Requirements

1. CentOS 7 Minimal Installation

Important: RHEL 7 users, can follow this article to do a Initial Server Setup on RHEL 7.

Update CentOS 7 System

The first step you need to perform on a fresh installed CentOS system is to make sure the system is up-to-date with the latest kernel and system security patches, software repositories and packages.

To fully update a CentOS 7 system, issue the following commands with root privileges.

# yum check-update
# yum upgrade

After the upgrade process completes, in order to release disk space you can remove all downloaded packages that where used in the process of upgrading alongside with all cached repositories information by executing the following command.

# yum clean all

Install System Utilities on CentOS 7

The following utilities packages can prove to be useful for day-by-day system administration: nano (text editor to replace vi editor), wget, curl (utilities used for downloading packages over network mostly) net-tools, lsof(utilities for managing local networking) and bash-completion (command line autocomplete).

Install them all in one-shot by executing the below command.

# yum install nano wget curl net-tools lsof bash-completion

Setup Networking in CentOS 7

CentOS 7 has a wide range of tools that can be used to configure and manage networking, from manually editing the network configuration file to using commands such as ip, ifconfig, nmtui, nmcli or route.

The easiest utility a beginner can use to manage and change network configurations is nmtui graphical command line.

In order to change the system hostname via nmtui utility, execute nmtui-hostname command, set your machine hostname and press OK to finish, as illustrated in the below screenshot.

# nmtui-hostname

To manipulate a network interface, execute nmtui-edit command, choose the interface you want to edit and select edit from the right menu, as shown in the below screenshot.

# nmtui-edit

Once you’re in the graphical interface provided by nmtui utility you can setup the network interface IP settings as illustrated in the below screenshot. When you finish, navigate to OK using [tab] key to save the configuration and quit.

In order to apply the network interface new configuration, execute nmtui-connect command, select the interface you want to manage and hit on Deactivate/Activate option to decommission and rise-up the interface with the IP settings, as presented in the below screenshots.

# nmtui-connect

In order to view the network interface settings, you can inspect the content of the interface file or you can issue the below commands.

# ifconfig enp0s3
# ip a
# ping -c2 google.com

Other useful utilities that can be used to manage speed, link state or obtain information about machine network interfaces are ethtool and mii-tool.

# ethtool enp0s3
# mii-tool enp0s3

An important aspect of your machine networking is to list all open network sockets in order to see what programs are listening on what ports and what’s the state of the established network connections.

To list all servers that have opened TCP or UDP sockets in listening state issue the following commands. However, UDP server won’t list any socket state due to the fact that UDP is a connectionless protocol which only sends packets over network and doesn’t establish connections.

# netstat -tulpn
# ss -tulpn
# lsof -i4 -6

Manage Services in CentOS 7

CentOS 7 manages daemons or service via systemctl utility. In order to list all services state, issue the following command.

# systemctl list-units

To check if a daemon or service is enabled to automatically start when the system starts, issue the following command.

# systemctl list-unit-files -t service

To list the old SysV services present in your system and disable them issue the following chkconfig commands.

# chkconfig --list
# chkconfig service_name off

5. Disable Unwanted Services in CentOS 7

It’s recommended after installing CentOS 7, to list what services are running in the system by running the above commands and disable and remove them in order to reduce the attacks vectors against your system.

For instance, Postfix daemon is installed and enabled by default in CentOS 7. If your system don’t require running a mail server, it’s best to stop, disable and remove the postfix service by issuing the below commands.

# systemctl stop postfix
# systemctl disable postfix
# yum remove postfix

In addition to netstat, ss, lsof or systemctl commands, you can also run ps, top or pstree commands in order to discover and identify what unwanted services are running in your system and disable or remove them.

By default, pstree utility is not installed in CentOS 7. To install it execute the following command.

# yum install psmisc
# pstree -p

Enable Firewall in CentOs 7

Firewalld is the main firewall utility that uses interacts with in order to manage iptables rules.
To enable and start and verify the firewall in CentOS 7, execute the following commands.

# systemctl enable firewalld
# systemctl start firewalld
# systemctl status firewalld

In order to open a specific service to incoming connections, first verify if the application is already present in firewalld rules and, then, add the rule for the service, as shown in the below example which allows SSHincoming connections. Use --permanent switch to add the rule permanently.

# firewall-cmd --add-service=[tab]  #List services
# firewall-cmd --add-service=ssh
# firewall-cmd --add-service=ssh --permanent

In case the service is now already defined in firewalld rules, you can manually add the service port, as shown in the below example.

# firewall-cmd --add-port=22/tcp --permanent
# firewall-cmd --reload     #Apply the rule on-fly

Enable Sudo Permissions on User Accounts

In order to grant root permissions for a normal user, first create the user by issuing adduser command, set the password for the user and grant root permissions to the user by executing the below command which adds the new user to the administrative wheel group.

# adduser tecmint
# passwd tecmint
# usermod -aG wheel tecmint

To test if the new user has root privileges, login to the system with user’s credentials and run yum command with sudo permissions, as shown in the below excerpt.

# su - tecmint
# sudo yum update

Configure SSH Public Key Authentication on CentOS 7

In order to secure SSH your server and set up public key authentication to increase the security of your server with a private SSH key to log in, first generate a SSH Key Pair with a following command.

Don’t not enter a passphrase in case you want to automate server management via SSH.

# ssh-keygen -t RSA

After the SSH key pairs had been generated, copy the key to the server you want to connect to by issuing the below command. Initially, enter you remote SSH user password in order to copy the public key.

# ssh-copy-id remote_user@SSH_SERVER_IP

After the SSH public key has been copied to the remote server, login to the remote SSH server with the following command.

# ssh remote_user@SSH_SERVER_IP

Finally, in order to secure the SSH server, make sure you disallow remote SSH access to the root account by opening the configuration SSH file /etc/ssh/sshd_config with your text editor as root and change it from Yes to No.

PermitRootLogin no

To apply the setting you need to restart the SSH service so that it will use the new configuration.

# systemctl restart sshd

That’s all! These are just a few basic settings and commands every system administrator needs to know and apply on a fresh installed CentOS system or in order to perform day to day tasks on the system.

To secure and harden CentOS 7 server, check out these following articles.

1. The Mega Guide To Harden and Secure CentOS 7 – Part 1
2. The Mega Guide To Harden and Secure CentOS 7 – Part 2

If you’re planning to deploy websites on this CentOS 7 system, learn how to setup and configure LAMP stack or LEMP stack.

Source

One of the serious needs of a Linux system is to be kept up to date regularly with the latest security patches or updates available for the corresponding distribution.

In a previous article, we’ve explained how to configure automatic security update in Debian/Ubuntu, in this article we will explain how to set up your CentOS/RHEL 7/6 distribution to auto update essential security packages when needed.

Other Linux distributions in the same families (Fedora or Scientific Linux) can be configured similarly.

Configure Automatic Security Updates on CentOS/RHEL Systems

On CentOS/RHEL 7/6, you will need to install the following package:

# yum update -y && yum install yum-cron -y

Enable Automatic Security Updates on CentOS/RHEL 7

Once the installation is complete, open /etc/yum/yum-cron.conf and locate these lines – you will have to make sure that the values matches those listed here:

update_cmd = security
update_messages = yes
download_updates = yes
apply_updates = yes

The first line indicates that the unattended update command will be:

# yum --security upgrade

whereas the other lines enable notifications and automatic download and installation of security upgrades.

The following lines are also required to indicate that notifications will be sent via email from root@localhost to the same account (again, you may choose another one if you want).

emit_via = email
email_from = root@localhost
email_to = root

Enable Automatic Security Updates on CentOS/RHEL 6

By default, the cron is configured to download and install all updates immediately, but we can change this behavior in /etc/sysconfig/yum-cron configuration file by modifying these two parameters to yes.

# Don't install, just check (valid: yes|no)
CHECK_ONLY=yes

# Don't install, just check and download (valid: yes|no)
# Implies CHECK_ONLY=yes (gotta check first to see what to download)
DOWNLOAD_ONLY=yes

To enable email notification that about the security package updates, set the MAILTO parameter to a valid mail address.

# by default MAILTO is unset, so crond mails the output by itself
# example:  MAILTO=root
MAILTO=admin@tecmint.com

Finally, start and enable the yum-cron service:

------------- On CentOS/RHEL 7 ------------- 
systemctl start yum-cron
systemctl enable yum-cron

------------- On CentOS/RHEL 6 -------------  
# service yum-cron start
# chkconfig --level 35 yum-cron on

Congrats! You have successfully set up unattended upgrades on CentOS/RHEL 7/6.

Summary

In this article we have discussed how to keep your server updated regularly with the latest security patches or updates. Additionally, you learned how to configure email notifications in order to keep yourself updated when new patches are applied.

If you have any concerns about this article? Feel free to drop us a note using the comment form below. We look forward to hearing from you.

Source

Lightweight Directory Access Protocol (LDAP in short) is an industry standard, lightweight, widely used set of protocols for accessing directory services. A directory service is a shared information infrastructure for accessing, managing, organizing, and updating everyday items and network resources, such as users, groups, devices, emails addresses, telephone numbers, volumes and many other objects.

The LDAP information model is based on entries. An entry in a LDAP directory represents a single unit or information and is uniquely identified by what is called a Distinguished Name (DN). Each of the entry’s attributes has a type and one or more values.

An attribute is a piece of information associated with an entry. The types are typically mnemonic strings, such as “cn” for common name, or “mail” for email address. Each attribute is assigned one or more values consisting in a space-separated list.

The following is an illustration of how information is arranged in the LDAP directory.

Step 1: Installing LDAP Server

1. First start by installing OpenLDAP, an open source implementation of LDAP and some traditional LDAP management utilities using the following commands.

# yum install openldap openldap-servers	    #CentOS 7
$ sudo apt install slapd ldap-utils	    #Ubuntu 16.04/18.04

On Ubuntu, during the package installation, you will be prompted to enter the password for the admin entry in your LDAP directory, set a secure password and confirm it.

When the installation is complete, you can start the service as explained next.

2. On CentOS 7, run the following commands to start the openldap server daemon, enable it to auto-start at boot time and check if its up and running (on Ubuntu the service should be auto-started under systemd, you can simply check its status):

$ sudo systemctl start slapd
$ sudo systemctl enable slapd
$ sudo systemctl status slapd

3. Next, allow requests to the LDAP server daemon through the firewall as shown.

# firewall-cmd --add-service=ldap    #CentOS 7
$ sudo ufw allow ldap                #Ubuntu 16.04/18.04

Step 2: Configuring LDAP Server

Note: It is not recommended to manually edit the LDAP configuration, you need to add the configurations in a file and use the ldapadd or ldapmodify command to load them to the LDAP directory as shown below.

4. Now create a OpenLDAP administrative user and assign a password for that user. In the below command, a hashed value is created for the given password, take note of it, you will use it in the LDAP configuration file.

$ slappasswd

5. Then create an LDIF file (ldaprootpasswd.ldif) which is used to add an entry to the LDAP directory.

$ sudo vim ldaprootpasswd.ldif

Add the following contents in it:

dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}PASSWORD_CREATED

explaining the attribute-value pairs above:

• olcDatabase: indicates a specific database instance name and can be typically found inside /etc/openldap/slapd.d/cn=config.
• cn=config: indicates global config options.
• PASSWORD: is the hashed string obtained while creating the administrative user.

6. Next, add the corresponding LDAP entry by specifying the URI referring to the ldap server and the file above.

$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f ldaprootpasswd.ldif  

Step 3: Configuring LDAP Database

7. Now copy the sample database configuration file for slapd into the /var/lib/ldap directory, and set the correct permissions on the file.

$ sudo cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
$ sudo chown -R ldap:ldap /var/lib/ldap/DB_CONFIG
$ sudo systemctl restart slapd

8. Next, import some basic LDAP schemas from the /etc/openldap/schema directory as follows.

$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif 
$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif

9. Now add your domain in the LDAP database and create a file called ldapdomain.ldif for your domain.

$ sudo vim ldapdomain.ldif 

Add the following content in it (replace example with your domain and PASSWORD with the hashed value obtained before):

dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
  read by dn.base="cn=Manager,dc=example,dc=com" read by * none

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=example,dc=com

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,dc=example,dc=com

dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}PASSWORD

dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange by
  dn="cn=Manager,dc=example,dc=com" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=Manager,dc=example,dc=com" write by * read

10. Then add the above configuration to the LDAP database with the following command.

$ sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f ldapdomain.ldif

11. In this step, we need to add some entries to our LDAP directory. Create another file called baseldapdomain.ldif with the following content.

dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectclass: organization
o: example com
dc: example

dn: cn=Manager,dc=example,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager

dn: ou=People,dc=example,dc=com
objectClass: organizationalUnit
ou: People

dn: ou=Group,dc=example,dc=com
objectClass: organizationalUnit
ou: Group 

Save the file and then add the entries to the LDAP directory.

$ sudo ldapadd -Y EXTERNAL -x -D cn=Manager,dc=example,dc=com -W -f baseldapdomain.ldif

12. The next step is to create a LDAP user for example, tecmint, and set a password for this user as follows.

$ sudo useradd tecmint
$ sudo passwd tecmint

13. Then create the definitions for a LDAP group in a file called ldapgroup.ldif with the following content.

dn: cn=Manager,ou=Group,dc=example,dc=com
objectClass: top
objectClass: posixGroup
gidNumber: 1005

In the above configuration, gidNumber is the GID in /etc/group for tecmint and add it to the OpenLDAP directory.

$ sudo ldapadd -Y EXTERNAL -x  -W -D "cn=Manager,dc=example,dc=com" -f ldapgroup.ldif

14. Next, create another LDIF file called ldapuser.ldif and add the definitions for user tecmint.

dn: uid=tecmint,ou=People,dc=example,dc=com
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: tecmint
uid: tecmint
uidNumber: 1005
gidNumber: 1005
homeDirectory: /home/tecmint
userPassword: {SSHA}PASSWORD_HERE
loginShell: /bin/bash
gecos: tecmint
shadowLastChange: 0
shadowMax: 0
shadowWarning: 0

then load fthe configuration to the LDAP directory.

$ ldapadd -Y EXTERNAL  -x -D cn=Manager,dc=example,dc=com -W -f  ldapuser.ldif

Once you have setup a central server for authentication, the final part is to enable the client to authenticate using LDAP as explained in this guide:

1. How to Configure LDAP Client to Connect External Authentication

For more information, see the appropriate documentation from OpenLDAP Software document catalog and Ubuntu users can refer to the OpenLDAP server guide.

Summary

OpenLDAP is a open source implementation of LDAP in Linux. In this article, we have shown how to install and configure OpenLDAP server for centralized authentication, in Ubuntu 16.04/18.04 and CentOS 7. If you have a question or thoughts to share, do not hesitate to reach us via the comment form below.

Source

LDAP (short for Lightweight Directory Access Protocol) is an industry standard, widely used set of protocols for accessing directory services.

A directory service in simple terms is a centralized, network-based database optimized for read access. It stores and provides access to information that must either be shared between applications or is highly distributed.

Directory services play an important role in developing intranet and Internet applications by helping you share information about users, systems, networks, applications, and services throughout the network.

A typical use case for LDAP is to offer a centralized storage of usernames and passwords. This allows various applications (or services) to connect to the LDAP server to validate users.

After setting up a working LDAP server, you will need to install libraries on the client for connecting to it. In this article, we will show how to configure an LDAP client to connect to an external authentication source.

I hope you already having a working LDAP server environment, if not setup Up LDAP Server for LDAP-based Authentication.

How to Install and Configure LDAP Client in Ubuntu and CentOS

On the client systems, you will needs to install a few necessary packages to make authentication mechanism function correctly with an LDAP server.

Configure LDAP Client in Ubuntu 16.04 and 18.04

First start by installing the necessary packages by running the following command.

$ sudo apt update && sudo apt install libnss-ldap libpam-ldap ldap-utils nscd

During the installation, you will be prompted for details of your LDAP server (provide the values according to your environment). Note that the ldap-auth-config package which is auto-installed does the most of the configurations based on the inputs you enter.

Next, enter the name of the LDAP search base, you can use the components of their domain names for this purpose as shown in the screenshot.

Also choose the LDAP version to use and click Ok.

Now configure the option to allow you to make password utilities that use pam to behave like you would be changing local passwords and click Yes to continue..

Next, disable login requirement to the LDAP database using the next option.

Also define LDAP account for root and click Ok.

Next, enter the password to use when ldap-auth-config tries to login to the LDAP directory using the LDAP account for root.

The results of the dialog will be stored in the file /etc/ldap.conf. If you want to make any alterations, open and edit this file using your favorite command line editor.

Next, configure the LDAP profile for NSS by running.

$ sudo auth-client-config -t nss -p lac_ldap

Then configure the system to use LDAP for authentication by updating PAM configurations. From the menu, choose LDAP and any other authentication mechanisms you need. You should now be able to log in using LDAP-based credentials.

$ sudo pam-auth-update

In case you want the home directory of the user to be created automatically, then you need to perform one more configuration in the common-session PAM file.

$ sudo vim /etc/pam.d/common-session

Add this line in it.

session required pam_mkhomedir.so skel=/etc/skel umask=077

Save the changes and close the file. Then restart the NCSD (Name Service Cache Daemon) service with the following command.

$ sudo systemctl restart nscd
$ sudo systemctl enable nscd

Note: If you are using replication, LDAP clients will need to refer to multiple servers specified in /etc/ldap.conf. You can specify all the servers in this form:

uri ldap://ldap1.example.com  ldap://ldap2.example.com

This implies that the request will time out and if the Provider (ldap1.example.com) becomes unresponsive, the Consumer (ldap2.example.com) will attempt to be reached to process it.

To check the LDAP entries for a particular user from the server, run the getent command, for example.

$ getent passwd tecmint

If the above command displays details of the specified user from the /etc/passwd file, your client machine is now configured to authenticate with the LDAP server, you should be able to log in using LDAP-based credentials.

Configure LDAP Client in CentOS 7

To install the necessary packages, run the following command. Note that in this section, if you are operating the system as a non-root administrative user, use the sudo command to run all commands.

# yum update && yum install openldap openldap-clients nss-pam-ldapd

Next, enable the client system to authenticate using LDAP. You can use the authconfig utility, which is an interface for configuring system authentication resources.

Run the following command and replace example.com with your domain and dc=example,dc=com with your LDAP domain controller.

# authconfig --enableldap --enableldapauth --ldapserver=ldap.example.com --ldapbasedn="dc=example,dc=com" --enablemkhomedir --update

In the above command, the --enablemkhomedir option creates a local user home directory at the first connection if none exists.

Next, test if the LDAP entries for a particular user from the server, for example user tecmint.

$ getent passwd tecmint

The above command should display details of the specified user from the /etc/passwd file, which implies that the client machine is now configured to authenticate with the LDAP server.

Important: If SELinux is enabled on your system, you need to add a rule to allow creating home directories automatically by mkhomedir.

HHVM stands for HipHop Virtual Machine, is an open source virtual machine created for running Hack (it’s a programming language for HHVM) and PHP written applications. HHVM uses a last minute compilation path to achieve remarkable performance while keeping the flexibility that PHP programmers are addicted to. Till date, HHVM has achieved over a 9x increase in http request throughput and more than 5x cut in memory utilization (when running on low system memory) for Facebook compared with the PHP engine + APC (Alternative PHP Cache).

HHVM can also be used along with a FastCGI-based web-server like Nginx or Apache.

In this tutorial we shall look at steps for setting up Nginx/Apache web server, MariaDB database server and HHVM. For this setup, we will use Ubuntu 15.04 (64-bit) as HHVM runs on 64-bit system only, although Debian and Linux Mint distributions are also supported.

Step 1: Installing Nginx and Apache Web Server

1. First do a system upgrade to update repository list with the help of following commands.

# apt-get update && apt-get upgrade

# apt-get install nginx

# apt-get install apache2

http://localhost
OR
http://IP-Address

# apt-get install mariadb-client mariadb-server

# systemctl start mysql
# mysql_secure_installation

Enter current password for root (enter for none) = press enter
Set root password? [Y/n] = y
Remove anonymous users[y/n] = y
Disallow root login remotely[y/n] = y
Remove test database and access to it [y/n] = y
Reload privileges tables now[y/n] = y 

# mysql -u root -p

# wget -O - http://dl.hhvm.com/conf/hhvm.gpg.key | apt-key add -
# echo deb http://dl.hhvm.com/ubuntu DISTRIBUTION_VERSION main | sudo tee /etc/apt/sources.list.d/hhvm.list
# apt-get update

# apt-get install -y hhvm

# update-rc.d hhvm defaults

# /usr/share/hhvm/install_fastcgi.sh

# /usr/bin/update-alternatives --install /usr/bin/php php /usr/bin/hhvm 60

# systemctl start hhvm

# nano /usr/share/nginx/html/hello.php       [For Nginx]
OR
# nano /var/www/html/hello.php               [For Nginx and Apache]

<?php
if (defined('HHVM_VERSION')) {
echo 'HHVM is working';
 phpinfo();
}
else {
echo 'HHVM is not working';
}
?>

http://localhost/info.php
OR
http://IP-Address/info.php

PostgreSQL (Postgres in short) is an open source, powerful, advanced, high performance and stable relational-document database system. It uses and enhances the SQL language coupled with a large number of features for secure data storage and management.

It is efficient, reliable, and scalable for handling large, complicated volumes of data and setting up enterprise-level and fault-tolerant environments, while ensuring high data integrity. Postgres is also highly extensible with features such as indexes comes with APIs so that you can develop your own solutions to solve your data storage challenges.

In this article, we will explain how to install PostgreSQL on an Ubuntu 18.04 server (also works on older Ubuntu releases) and learn some basic ways to use it.

How to Install PostgreSQL on Ubuntu

First, create a file /etc/apt/sources.list.d/pgdg.list which stores the repository configuration, then import the repository key to your system, update your system packages list and install Postgres package using following commands.

$ sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
$ sudo apt install wget ca-certificates
$ wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
$ sudo apt update
$ sudo apt install postgresql-10 pgadmin4

Once postgres has been installed, the database service started automatically and you can confirm by typing following command.

$ sudo systemctl status postgresql.service

How to Use PostgreSQL Roles and Databases

In postgres, client authentication is controlled by the /etc/postgresql/10/main/pg_hba.conf configuration file. The default authentication method is “peer” for the database administrator, meaning it gets the client’s operating system user name from the operating system and checks if it matches the requested database user name to allow access, for local connections (as shown in the following screenshot).

During the installation process, a system user account called postgres was created without a password, this is also the default database administrator user name.

$ sudo vim /etc/postgresql/10/main/pg_hba.conf

In addition, under postgres database access permission management is performed via roles. A role can be considered as either a database user, or a group of database users, depending on how the role is set up.

The default role is also postgres. Importantly, database roles are conceptually fully unconnected to operating system users, but practically they may not be separate (for example when it comes to client authentication).

Importantly, roles can own database objects, and can assign privileges on those objects to other roles to control who has access to which objects. In addition, it is possible to grant membership in a role to another role.

To configure other roles to use encrypted passwords to manage databases assigned to them, apart from the default postgres role, you need to change the line to.

Then restart the postgresql service to apply the recent changes.

$ sudo systemctl restart postgresql

How to Use PostgreSQL on Ubuntu

Once everything setup, you can access the postgres system account with the following command, where the -i flag tells sudo to run the shell specified by the target user’s password database entry as a login shell.

$ sudo -i -u postgres 
$ psql		#to launch the postgres shell program  
postgres=#

To access the postgres shell directly, without first accessing the postgres user account, run the following command.

$ sudo -i -u postgres psql

You can quit/exit the postgres by typing the following command.

postgres=# \q

Create PostgreSQL Database Roles

Create a new user role using the following command.

postgres=# CREATE ROLE tecmint;

To create a role with a LOGIN attribute, use the following command (roles with the LOGIN attribute can be considered the same as a database users).

postgres=#CREATE ROLE tecmint LOGIN;
OR
postgres=#CREATE USER name;	#assumes login function by default

A role can also be created with a password, this is useful if you configured the client authentication method to ask users to supply an encrypted password when connecting to the database.

postgres=#CREATE ROLE tecmint PASSWORD 'passwd_here'

List Existing PostgreSQL Database Roles

To list the existing user roles, use any of these commands.

postgres=# \du 				#shows actual users
OR
postgres=# SELECT rolname FROM pg_roles;

Drop a PostgreSQL Database Role

To drop any existing user role use the DROP ROLE command as shown.

postgres=# DROP ROLE tecmint;

Create a PostgreSQL Database

Once you have created a role with a particular name (for instance tecmint user), you can create a database (with the same name as the role) which will be managed by that role as shown.

postgres=# CREATE DATABASE tecmint;

Now to manage the database tecmint, access the postgres shell as the tecmint role, provide your password as follows.

$ sudo -i -u tecmint psql

Create a PostgreSQL Table

Creating tables is so easy, we will create a test table called authors, which stores information about TecMint.com authors, as shown.

tecmint=>CREATE TABLE authors (
    code      char(5) NOT NULL,
    name    varchar(40) NOT NULL,
    city varchar(40) NOT NULL
    joined_on date NOT NULL,	
    PRIMARY KEY (code)
);

After creating a table, try to populate it with some data, as follows.

tecmint=> INSERT INTO authors VALUES(1,'Ravi Saive','Mumbai','2012-08-15');

To view the data stored in a table, you can run a SELECT command.

tecmint=> SELECT * FROM authors;

List PostgreSQL Database Tables

You can list all tables in the current database with the following command.

tecmint=>\dt

Delete/Drop a PostgreSQL Table

To delete a table in the current database, use the DROP command.

tecmint=> DROP TABLE authors;

List All PostgreSQL Databases

To list all databases, use any of the following commands.

tecmint=>SELECT datname FROM pg_database;
OR
tecmint=>\list	#shows a detailed description 
OR
tecmint=>\l

Delete/Drop a PostgreSQL Database

If you want to delete a database, use the DROP command, for example.

tecmint=>DROP DATABASE tecmint;

Switch to Another PostgreSQL Database

You can also switch from one database to another easily using the following command.

tecmint=>\connect database_name

For more information, refer to the PostgreSQL 10.4 Documentation.

That’s it for now! In this article, we have explained how to install and use PostgreSQL database management system on Ubuntu 18.04. You can send us your queries or thoughts in the comments.

Source

It is that time of the year where we are earnestly anticipating the release of the next LTS version of what is undoubtedly one of the world’s most popular free operating system and if you’re a keen reader of Tecmint, you’ll know by now that we already covered the installation of the next iteration of Ubuntu’s desktop operating system in great detail – if you missed it, we have the link right down below.

Here, I have compiled the things that you will most likely need to do after you might have completed the installation of Ubuntu 16.10 (Yakkety Yak) and installation of Ubuntu 16.04 Xenial Xerus so you might have a stable and safe system to play with.

I’ll try to keep this as concise as possible and not bore you with a terribly long list and you can be sure that this article comprises just about everything you’ll need to have to system humming as you’d like it.

Like I mentioned in the previous install article, the best practice for any Linux user or any PC user for that matter, is to have their PC updated once it’s installed so it may have all the latest security updates, patches and features.

You can either choose to update your system via the GUI-enabled inbuilt system update tool (image below) or if you’d rather do it the terminal way of things, below are self-descriptive images on how to but for the sake of newbies reading through with this, we’ll add a few notes with the images just to makes things a little.

Now let’s get on with this already.

1. Update Ubuntu 16.10/16.04 Xenial Xerus

1. First and foremost, we must update our sources; head on to the Unity dash on the top left corner and type in “software and updates”; open the app, and select the “other software” tab, tick both options, close the app (you’ll be prompted to enter you root PW) and go back to the same dash; this time around, type in “software updater” open the app and it should auto-update sources and show the available update size.

Using the preinstalled “software updater”.

Using the terminal; you’ll need to enter these commands consecutively.

$ sudo apt-get update
$ sudo apt-get upgrade

If you are still feeling a little lost, you may watch the video below that shows how to update Ubuntu 16.04 Xenial Xerus.

2. Install Core Internet Applications

Install some core internet applications; Ubuntu 16.04 Xenial Xerux somes preinstalled with Firefox like every other Ubuntu distro before it however, it’s not the world’s most used browser and still lags behind Chromium – the open source version of Chrome — in terms of features and functionality.

You’ll find Chromium in the new Gnome application manager that ships with Ubuntu Xenial Xerux 16.04 LTS.

The other recommended applications to download include but not limited to:

1. Skype – One if the world’s most popular VOIP service.
2. Pidgin – Probably the best IM client.M
3. Deluge – One of the best torrenting app.
4. Mega – Free cloud backup with 50GB storage.
5. CrashPlan – Always have your system backed up either locally or in the cloud for easy recovery later.
6. Telegram – Privacy-centric multi-platform service.
7. Uget – Easily one of the best download manager for Linux.
8. Tor – Download the Tor browser for a complete anonymity online.

3. Install a Replacement Music App – Clementine

Clementine is by far the most superior multi-platform music playing app out there for Linux and it’s feature set is unmatched; it blows every other app out of the water be it VLC, Rthythmbox, Audacious etc.

Perhaps the most prominent feature of Clementine is its ability to connect you to online music streaming services without the need of firing up a web browser or a specific third party app for each service.

You can simply connect your (Premium) Spotify account, Last.fm, Sky.fm, Google Drive, Onedrive, just to name a few.

Clementine also has its own built-in equalizer and you can download it via the Software center of open up the terminal, input:

$ sudo apt-get install clementine

and should be done in no time.

Don’t Miss: 21 Music Players for Linux Lovers – Worth Trying on Linux

Other noteworthy media applications that we almost always recommend you download include:

1. VLC – the universal media player that has an extensive list of supported formats.
2. Audacity – a simple minimalistic audio editing tool for both beginners and pro alike; comes with quite the list of features that will allow you maximize the extent at which you can modify an audio file or even create.
3. Kodi (formerly XBMC) – the open source home theater submerges you in an entire media-centric universe that will has an extensive support for media files; ranging from your standard .MP3 files to the most obscure formats you can think of, be it under the music, video or photos category; Kodi will most likely have support for it.

Don’t Miss: 10 Best Linux Video Players of Year 2015

Even better, you can customized it to your heart’s content and enjoy an unparalled media experience.

1. Handbrake – this is another cross platform application that should come in handy whenever you need to quickly convert a video file while still effectively shrinking the size.
2. Spotify – for those of you that don’t have a premium Spotify subscription but will still like to enjoy the services it provides, then you’re mostly better off with official client for Linux that has a somewhat sub-par experience when compared to the clients on other platforms but should mostly suffice for whatever you throw at it.

Install Spotify on Ubuntu 16.10/16.04

To install Spotify, open up your terminal and enter the follow up commands from the first to the last; one after the other.

$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys BBEBDCB318AD50EC68650906
$ sudo apt-get update
$ sudo apt-get install spotify-client

Openshot – this is by far the most basic and straightforward video editing app available for Linux, that will allow just about anybody to start their hands out at video editing.

The interface is clean and it will help you quickly get things done. Mind you, Openshot does not come anywhere close in term of feature set and functionality when compared other well established tools like Adobe Premiere Pro on Windows, Kdenlive etc.

Don’t Miss: 8 Best Video Editing Softwares for Linux I Found in 2015

It’s just as basic as you can think.

Ubuntu restricted extras – you want to have this installed so you don’t have to worry about any missing codecs that will otherwise not allow some media files to play nice with the defaults of your system if not installed.

GIMP is by far the most popular free image manipulation tool (and perhaps the best alternative to Photoshop) available for Linux.

Don’t Miss: 15 Best Image or Photo Editing Softwares for Linux I Found in 2015

All of the aforementioned applications (except Spotify) are available in the new software center as a free install.

4. Install Synaptics and AppGrid

It is always nice to have alternative sources when it comes to application installation; particularly if you’re not a big fan of the new Software center or maybe you just want something minimalistic without all the bells and whistles? …. Or you just care for something more aesthetically pleasing.

Synaptics has always been there for as long as I can remember and it gives you a similar experience to that of Pamac and Octopi which are frontends for Arch Linux’s package manager.

You still get a GUI that is pretty stripped of all the usuals you’ll normally find on other app sources like comments, ratings and the likes.

CTRL+ALT+T to open up the terminal and type in:

$ sudo apt-get install synaptic

Alternatively, you can download it from the Software center.

AppGrid on the other hand, can be installed via the terminal by typing in the following commands consecutively.

$ sudo add-apt-repository ppa:appgrid/stable
$ sudo apt-get update
$ sudo apt-get install appgrid

So depending on what you really want, you can have as many as four options to install your apps from – Terminal, Gnome software center, AppGrid, and Synaptics (which is mostly used by power users).

5. Turn Off Online Search Results

The unity dash search results still include options from sources like Wikipedia and Amazon by default which can pose some security threats to the user of the system.

Thankfully though, Canonical has included an option to turn it off since 15.10. Just go to settings ->security and privacy -> select the search tab and turn off include online search results.

6. Install Unity Tweak Tool to Customize Ubuntu

Ubuntu’s stock Unity interface has always been barebone and hardly does anything change regards the general look and feel of it with every iteration – I really like to think of it as boring – (especially as an Android fanboy) hence, the need for some cool customization.

Which is where Unity’s tweak tool comes in; it’s available in the Gnome Software center. Download it and make your desktop your OWN.

7. Install Graphics Driver in Ubuntu

Lastly, you want to install the proper graphics driver of your system to enable smooth rendering of the GUI; this would mostly be required too if you’re looking to game with your PC via Steam, Video editing and so on.

Type in “software and updates” in the dash and go to the “additional drivers tab”; select as needed and apply changes.

We recommend that you go through with the list and you’ll just be ready to enjoy the rest of the Ubuntu Xenial Xerus experience as long as you need to.

From this point, you can now tailor the system to some other specific needs you might have; thereafter, it’s silky smooth sailing with this LTS release. If you do encounter any problems installing, or configuring the system as guided above, kindly let us know in the comments below.

Source