Author: root

Last August, the Linux Foundation started the LFCS certification (Linux Foundation Certified Sysadmin), a brand new program whose purpose is to allow individuals everywhere and anywhere take an exam in order to get certified in basic to intermediate operational support for Linux systems, which includes supporting running systems and services, along with overall monitoring and analysis, plus intelligent decision-making to be able to decide when it’s necessary to escalate issues to higher level support teams.

Please have a quick look at the following video that describes an introduction to the Linux Foundation Certification Program.

This article is Part 8 of a 10-tutorial long series, here in this section, we will guide you on how to manage users and groups permissions in Linux system, that are required for the LFCS certification exam.

Since Linux is a multi-user operating system (in that it allows multiple users on different computers or terminals to access a single system), you will need to know how to perform effective user management: how to add, edit, suspend, or delete user accounts, along with granting them the necessary permissions to do their assigned tasks.

Adding User Accounts

To add a new user account, you can run either of the following two commands as root.

# adduser [new_account]
# useradd [new_account]

When a new user account is added to the system, the following operations are performed.

1. His/her home directory is created (/home/username by default).

2. The following hidden files are copied into the user’s home directory, and will be used to provide environment variables for his/her user session.

.bash_logout
.bash_profile
.bashrc

3. A mail spool is created for the user at /var/spool/mail/username.

4. A group is created and given the same name as the new user account.

Understanding /etc/passwd

The full account information is stored in the /etc/passwd file. This file contains a record per system user account and has the following format (fields are delimited by a colon).

[username]:[x]:[UID]:[GID]:[Comment]:[Home directory]:[Default shell]

1. Fields [username] and [Comment] are self explanatory.
2. The x in the second field indicates that the account is protected by a shadowed password (in /etc/shadow), which is needed to logon as [username].
3. The [UID] and [GID] fields are integers that represent the User IDentification and the primary Group IDentification to which [username] belongs, respectively.
4. The [Home directory] indicates the absolute path to [username]’s home directory, and
5. The [Default shell] is the shell that will be made available to this user when he or she logins the system.

Understanding /etc/group

Group information is stored in the /etc/group file. Each record has the following format.

[Group name]:[Group password]:[GID]:[Group members]

1. [Group name] is the name of group.
2. An x in [Group password] indicates group passwords are not being used.
3. [GID]: same as in /etc/passwd.
4. [Group members]: a comma separated list of users who are members of [Group name].

After adding an account, you can edit the following information (to name a few fields) using the usermodcommand, whose basic syntax of usermod is as follows.

# usermod [options] [username]

Setting the expiry date for an account

Use the –expiredate flag followed by a date in YYYY-MM-DD format.

# usermod --expiredate 2014-10-30 tecmint

Adding the user to supplementary groups

Use the combined -aG, or –append –groups options, followed by a comma separated list of groups.

# usermod --append --groups root,users tecmint

Changing the default location of the user’s home directory

Use the -d, or –home options, followed by the absolute path to the new home directory.

# usermod --home /tmp tecmint

Changing the shell the user will use by default

Use –shell, followed by the path to the new shell.

# usermod --shell /bin/sh tecmint

Displaying the groups an user is a member of

# groups tecmint
# id tecmint

Now let’s execute all the above commands in one go.

# usermod --expiredate 2014-10-30 --append --groups root,users --home /tmp --shell /bin/sh tecmint

In the example above, we will set the expiry date of the tecmint user account to October 30th, 2014. We will also add the account to the root and users group. Finally, we will set sh as its default shell and change the location of the home directory to /tmp:

Read Also:

1. 15 useradd Command Examples in Linux
2. 15 usermod Command Examples in Linux

For existing accounts, we can also do the following.

Disabling account by locking password

Use the -L (uppercase L) or the –lock option to lock a user’s password.

# usermod --lock tecmint

Unlocking user password

Use the –u or the –unlock option to unlock a user’s password that was previously blocked.

# usermod --unlock tecmint

Creating a new group for read and write access to files that need to be accessed by several users

Run the following series of commands to achieve the goal.

# groupadd common_group # Add a new group
# chown :common_group common.txt # Change the group owner of common.txt to common_group
# usermod -aG common_group user1 # Add user1 to common_group
# usermod -aG common_group user2 # Add user2 to common_group
# usermod -aG common_group user3 # Add user3 to common_group

Deleting a group

You can delete a group with the following command.

# groupdel [group_name]

If there are files owned by group_name, they will not be deleted, but the group owner will be set to the GID of the group that was deleted.

Linux File Permissions

Besides the basic read, write, and execute permissions that we discussed in Archiving Tools and Setting File Attributes – Part 3 of this series, there are other less used (but not less important) permission settings, sometimes referred to as “special permissions”.

Like the basic permissions discussed earlier, they are set using an octal file or through a letter (symbolic notation) that indicates the type of permission.

Deleting user accounts

You can delete an account (along with its home directory, if it’s owned by the user, and all the files residing therein, and also the mail spool) using the userdel command with the –remove option.

# userdel --remove [username]

Group Management

Every time a new user account is added to the system, a group with the same name is created with the username as its only member. Other users can be added to the group later. One of the purposes of groups is to implement a simple access control to files and other system resources by setting the right permissions on those resources.

For example, suppose you have the following users.

1. user1 (primary group: user1)
2. user2 (primary group: user2)
3. user3 (primary group: user3)

All of them need read and write access to a file called common.txt located somewhere on your local system, or maybe on a network share that user1 has created. You may be tempted to do something like,

# chmod 660 common.txt
OR
# chmod u=rw,g=rw,o= common.txt [notice the space between the last equal sign and the file name]

# chmod g+s [filename]

# chmod 2755 [directory]

# chmod o+t [directory]

# chmod 1755 [directory]

# chattr +i file1
# chattr +a file2

$ su

$ su -

# visudo

Defaults    secure_path="/usr/sbin:/usr/bin:/sbin"
root        ALL=(ALL) ALL
tecmint     ALL=/bin/yum update
gacanepa    ALL=NOPASSWD:/bin/updatedb
%admin      ALL=(ALL) ALL

Defaults    secure_path="/usr/sbin:/usr/bin:/sbin:/usr/local/bin"

root        ALL=(ALL) ALL

tecmint     ALL=/bin/yum update

gacanepa    ALL=NOPASSWD:/bin/updatedb

%admin      ALL=(ALL) ALL

# ldd $(which login) | grep libpam # login uses PAM
# ldd $(which top) | grep libpam # top does not use PAM

# cat /etc/passwd

remember=2

password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok

password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=2

In this tutorial, we will explain auxiliary file permissions, commonly referred to as “special permissions” in Linux, and also we will show you how to find files which have SUID (Setuid) and SGID (Setgid) set.

What is SUID and SGID?

SUID is a special file permission for executable files which enables other users to run the file with effective permissions of the file owner. Instead of the normal x which represents execute permissions, you will see an s(to indicate SUID) special permission for the user.

SGID is a special file permission that also applies to executable files and enables other users to inherit the effective GID of file group owner. Likewise, rather than the usual x which represents execute permissions, you will see an s (to indicate SGID) special permission for group user.

Suggested Read: Managing Users & Groups, File Permissions & Attributes in Linux

Let’s look at how to find files which have SUID and SGID set using the find command.

The syntax is as follows:

$ find directory -perm /permissions

Important: Certain directories (such as /etc, /bin, /sbin etc.) or files require root privileges in order to be accessed or listed, if you are managing your system as a normal user, use the sudo command to gain root privileges.

How to Find Files with SUID Set in Linux

This below example command will find all files with SUID set in the current directory using -perm (print files only with permissions set to 4000) option.

$ find . -perm /4000 

You can use the ls command with -l option (for long listing) to view the permissions on the listed files as shown in the image above.

How to Find Files with SGID Set in Linux

To find files which have SGID set, type the following command.

$ find . -perm /2000

To find files which have both SUID and SGID set, run the command below.

$ find . -perm /6000

You may also like to read these useful guides about file permissions in Linux:

1. How to Set File Attributes and Finding Files in Linux
2. Translate rwx Permissions into Octal Format in Linux
3. Secure Files/Directories using ACLs (Access Control Lists) in Linux
4. 5 ‘chattr’ Commands to Make Important Files IMMUTABLE (Unchangeable) in Linux

That’s it for now! In this guide, we showed you how to find files which have SUID (Setuid) and SGID (Setgid) set in Linux. If you have any questions, use the feedback form below to share any queries or additional thoughts about this topic.

Source

In this guide we are going to look at how to use a script and scriptreplay commands in Linux that can help you to record commands and their output printed on your terminal during a given session.

The history command is a great command-line utility that helps users to store previous command used, though it does not store the output of a command.

Don’t Miss: Showterm.io – A Linux Terminal Recording Tool

Don’t Miss: 8 Best Desktop Screen Recorders for Linux

Therefore the script command comes in handy to provide you a powerful functionality that helps you to record everything that is printed on your terminal to a log_file. You can then refer to this file later on in case you want to view the output of a command in history from the log_file.

You can also replay commands that you recorded using the scriptreplay command by using a timing information.

How to Record Linux Terminal Using script Command

The script command stores terminal activities in a log file that can be named by a user, when a name is not provided by a user, the default file name, typescript is used.

Basic Syntax of script Command

# script [options] - -timing=timing_file log_filename

To start recording of Linux terminal, type script and add the log filename as shown.

tecmint@tecmint ~ $ script history_log.txt

Script started, file is history_log.txt

To stop script, type exit and press [Enter].

tecmint@tecmint ~ $ exit

Script done, file is history_log.txt

If the script can not write to the named log file then it shows an error.

For example, in the output below, the permissions of the file typescript does not allow reading, writing and execution of the file not by any user or group. When you run the script command without a log file name, it attempts to write to the default file, typescript hence showing an error.

tecmint@tecmint ~ $ ls -l typescript

--------- 1 ubuntu ubuntu 144 Sep 15 00:00 typescript

tecmint@tecmint ~ $ script

script: open failed: typescript: Permission denied
Terminated

Examples of using the script command

I have named my log file script.log in the example below, you can give your file a different name.

tecmint@tecmint ~ $ script script.log

Now try to execute few commands to allow script to record executed commands on the terminal.

tecmint@tecmint ~ $ cal

   September 2015     
Su Mo Tu We Th Fr Sa  
       1  2  3  4  5  
 6  7  8  9 10 11 12  
13 14 15 16 17 18 19  
20 21 22 23 24 25 26  
27 28 29 30           
                      
tecmint@tecmint ~ $ w

 14:49:40 up  4:06,  2 users,  load average: 1.37, 1.56, 1.62
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
tecmint  tty8     :0               10:45    4:06m  7:40   0.36s x-session-manager
tecmint  pts/5    :0               13:42    4.00s  0.07s  0.00s script script.log

tecmint@tecmint ~ $ uptime

 14:49:43 up  4:06,  2 users,  load average: 1.37, 1.56, 1.62

tecmint@tecmint ~ $ whoami

tecmint

tecmint@tecmint ~ $ echo 'using script'

using script
tecmint@tecmint ~ $ exit
exit
Script done, file is script.log

Now try to view the log file ‘script.log‘ for all recorded commands, while you view the log you realize that the script also stores line feeds and backspaces.

tecmint@tecmint ~ $ vi script.log

Sample Output

^[[0m^[[255D^[[01;32mtecmint@tecmint^[[01;34m ~ $^[[00m cal^M
   September 2015     ^M
Su Mo Tu We Th Fr Sa  ^M
       1  2  3  4  5  ^M
 6  7  8  9 10 11 12  ^M
13 14 15 ^[[7m16^[[27m 17 18 19  ^M
20 21 22 23 24 25 26  ^M
27 28 29 30           ^M
                      ^M
^[[01;32mtecmint@tecmint^[[01;34m ~ $^[[00m w^M
 14:49:40 up  4:06,  2 users,  load average: 1.37, 1.56, 1.62^M
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT^M
tecmint  tty8     :0               10:45    4:06m  7:40   0.36s x-session-manager^M
tecmint  pts/5    :0               13:42    4.00s  0.07s  0.00s script script.log^M
^[[01;32mtecmint@tecmint^[[01;34m ~ $^[[00m uptime^M
 14:49:43 up  4:06,  2 users,  load average: 1.37, 1.56, 1.62^M
^[[01;32mtecmint@tecmint^[[01;34m ~ $^[[00m whoami^M
tecmint^M
^[[01;32mtecmint@tecmint^[[01;34m ~ $^[[00m echo ''^Hu'^Hs'^Hi'^Hn'^Hg'^H '^Hs'^Hc'^Hr'^Hi'^Hp'^Ht'^H^M
using script^M
^[[01;32mtecmint@tecmint^[[01;34m ~ $^[[00m exit^M
exit^M

Script done on Wednesday 16 September 2015 02:49:59 PM IST
~                                                              

You may use the -a option to append the log file or typescript, retaining the prior contents.

tecmint@tecmint ~ $ script -a script.log
Script started, file is script.log

tecmint@tecmint ~ $ date
Wed Sep 16 14:59:36 IST 2015


tecmint@tecmint ~ $ pwd
/home/tecmint


tecmint@tecmint ~ $ whereis script
script: /usr/bin/script /usr/bin/X11/script /usr/share/man/man1/script.1.gz


tecmint@tecmint ~ $ whatis script
script (1)           - make typescript of terminal session

View the contents of script, log after using -a option to append it.

tecmint@tecmint ~ $ vi script.log

Sample Output

^[[0m^[[255D^[[01;32mtecmint@tecmint^[[01;34m ~ $^[[00m date^M
Wed Sep 16 14:59:36 IST 2015^M
^[[01;32mtecmint@tecmint^[[01;34m ~ $^[[00m pwd^M
/home/tecmint^M
^[[01;32mtecmint@tecmint^[[01;34m ~ $^[[00m whre^H^[[K^H^[[Kereis script^M
script: /usr/bin/script /usr/bin/X11/script /usr/share/man/man1/script.1.gz^M
^[[01;32mtecmint@tecmint^[[01;34m ~ $^[[00m whatis script^M
script (1)           - make typescript of terminal session^M
^[[01;32mtecmint@tecmint^[[01;34m ~ $^[[00m vi s^H^[[K^H^[[K^H^[[K^H^[[Kexit^M
exit^M

To log results of a single command other than an interactive shell session, use the -c option.

tecmint@tecmint ~ $ script -c 'hostname' script.log

Script started, file is script.log
tecmint.com
Script done, file is script.log

If you want script to run in a quiet mode then you can use the -q option. You will not see a message that shows script is starting or exiting.

tecmint@tecmint ~ $ script -c 'who'  -q  script.log

tecmint  tty8         2015-09-16 10:45 (:0)
tecmint  pts/5        2015-09-16 13:42 (:0)

To set timing information to standard error or a file use the –timing option. The timing information is useful when you want to re-display the output stored in the log_file.

Let us start script and run the following commands w, uptime and cal to be recorded.

tecmint@tecmint ~ $ script --timing=time.txt script.log
Script started, file is script.log

tecmint@tecmint ~ $ w
 15:09:31 up  4:26,  2 users,  load average: 1.38, 1.39, 1.47
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
tecmint  tty8     :0               10:45    4:26m  8:15   0.38s x-session-manager
tecmint  pts/5    :0               13:42    3.00s  0.09s  0.00s script --timing=time.txt script.log

tecmint@tecmint ~ $ uptime
 15:09:36 up  4:26,  2 users,  load average: 1.43, 1.40, 1.48

tecmint@tecmint ~ $ cal
   September 2015     
Su Mo Tu We Th Fr Sa  
       1  2  3  4  5  
 6  7  8  9 10 11 12  
13 14 15 16 17 18 19  
20 21 22 23 24 25 26  
27 28 29 30    

You can view the script.log and time.txt file for the timing command above.

tecmint@tecmint ~ $ vi script.log

Sample Output

^[[0m^[[255D^[[01;32mtecmint@tecmint^[[01;34m ~ $^[[00m w^M
 15:12:05 up  4:28,  2 users,  load average: 1.31, 1.37, 1.45^M
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT^M
tecmint  tty8     :0               10:45    4:28m  8:20   0.38s x-session-manager^M
tecmint  pts/5    :0               13:42    5.00s  0.09s  0.00s script --timing=time.txt script.log^M
^[[01;32mtecmint@tecmint^[[01;34m ~ $^[[00m uptime^M
 15:12:07 up  4:28,  2 users,  load average: 1.29, 1.36, 1.45^M
^[[01;32mtecmint@tecmint^[[01;34m ~ $^[[00m cal^M
   September 2015     ^M
Su Mo Tu We Th Fr Sa  ^M
       1  2  3  4  5  ^M
 6  7  8  9 10 11 12  ^M
13 14 15 ^[[7m16^[[27m 17 18 19  ^M
20 21 22 23 24 25 26  ^M
27 28 29 30           ^M
                      ^M

Now view time.txt file.

tecmint@tecmint ~ $ vi time.txt

Sample Output

0.259669 306
0.037680 829
0.000006 2
0.000002 100
0.000002 2
0.000002 102
0.000019 202
0.000004 2
0.000002 102
0.000015 100
0.000002 2
0.000003 2
0.000002 99
0.000011 2
0.000003 82
...

The time.txt file has two columns, the first column shows how much time has elapsed since the last display and the second column, shows the number of characters that have been displayed this time around.

Use the man page and –help to seek for more options and help in using the script command-line utility.

Using scriptreplay to replay scripts using timing information

The scriptreplay command helps to replay information in your log_file recorded by the script command.

The timing information is defined by the -timing=file option used with the script command and file in this case is file.txt that was used with script command .

Remember you need to specify the log_file you used with the script command.

Let us now replay the last three commands w, uptime and cal that we had run as follows.

tecmint@tecmint ~ $ scriptreplay --timing=time.txt script.log

When the log_file replayed using the timing information, the commands recorded are run and their output is displayed at the same time the original output was displayed while being recorded.

Summary

These two commands, script and scriptreplay easy to use and help a lot when you need to run the same batch of commands several times. They help a lot in managing servers that have only command-line interface for interaction with your system. Hope this guide was useful and if you have anything to add or face a challenge while using them, do not hesitate to post a comment.

Source

Ever thought of using any computer which is not yours, with all your personal stuff and configuration? It is possible with any Linux distribution. Yes! You can use your own, customized Linux OS on any machine with just an USB drive.

This tutorial is all about installing Latest Linux OS on your pen-drive ( fully reconfigurable personalized OS, NOT just a Live USB ), customize it, and use it on any PC you have an access to. Here I am using Lubuntu 18.04 Bionic beaver for this tutorial (but, you can use any Linux distribution). So let’s gets started..

Requirements:

1. One Pendrive 4GB or More (Let’s call it as Main USB drive/Pendrive).
2. One more Pen drive or DVD disk to use as bootable Linux installation media.
3. Linux OS ISO file, for example Lubuntu 18.04.
4. One PC (Don’t worry, there will not be any effect on that PC).

TIP: Use 32 bit Linux OS to make it compatible with any available PC.

That’s it! Go, and collect all of these. It’s time to do something new.

Step 1: Create Bootable Linux Installation Media

Use your Linux ISO image file to create a bootable USB installation media. You can use any software like Unetbootin, Gnome Disk Utility, Yumi Multi Boot, xboot, Live USB Creator etc. to create bootable usb with the help of ISO image file.

Alternatively you can use dvd disk by writing that ISO image to it (but that is the old school method).

Step 2: Create Partitions On Main USB Drive

You have to make two partitions on your Main USB drive using Gparted or Gnome Disk Utility, etc.

• Root partition of format ext4 of size according to your use.
• Optionally you can use rest of the space as a FAT partition for using it as a normal USB drive.

I am having 16GB USB drive and I have created one root partition of 5GB and using rest 11GB as normal FATpartition. So my 16 GB USB drive is converted to 11GB drive for normal use on any PC. Sounds good!!!

This step you can do while installing Linux also, but it will be very complex while installing Operating System’s like Arch Linux.

Once you have created required partitions on Main USB drive. Now take a deep breath because it’s time to go for Linux installation section.

Step 3: Install Linux on USB Drive

1. First boot Linux OS (Lubuntu 18.04) from your bootable installation media and launch installation application from live session. Live session of Lubuntu 18.04 will look like this.

2. Installer welcome screen will appear, select Language there and hit Continue.

3. Select Keyboard Layout and continue…

4. Select Wifi internet if you want to update Lubuntu while installation. I will skip it..

5. Select Installation Type and Third party installation as per your choice and go to next..

6. Here select Something Else Option (It is Mandatory) and go to next…

7. This is an an Important step, here you need to find out where your Main USB drive is mounted.

In my case /dev/sda is internal hard disk of the PC and I am using /dev/sdb is USB Lubuntu Installation media from where this live session is booted.

And /dev/sdc is my Main USB drive where I want to install my Linux system and where I have made two partition in step number 2. If you have skipped step 2, you can also make partitions in this window.

First change mount point of First partition on this Main USB drive to ROOT (i.e. “ / ”). And as shown in second red square select bootloader installation device as the Main USB drive.

In my case it is /dev/sdc. This is the most important step in this tutorial. If it is not done correctly your system will boot only on the current PC you are using, which is exactly opposite of your motivation to follow this tutorial.

Once it is completed, double check it and hit continue. You will get a small window showing devices and drive which will be affected.

8. Make sure that the device and drives shown on this window are of your Main USB drive, which is in my case /dev/sdc. Hit continue…

9. Now select your Region and hit Continue…

10. Add username, password and hostname etc…

11. Let the installation finish..

12. After completing installation hit restart and remove your installation media and press Enter.

13. Congratulations, you have successfully installed your own Linux OS on your pen drive to use it on any PC. Now you can connect USB drive to any PC and start your system on that PC by simply selecting boot from usb option while booting.

Step 4: Customize Lubuntu System

Now it’s time for fun. Just boot your system on any PC and start customizing. You can install any softwares you want. You can change Themes, Icon themes, install docker.

You can add and store your online accounts on it. Install / modify / customize whatever you want. All the changes will be permanent. They will not change or reset after rebooting or booting on other PCs.

Following figure shows my customized Lubuntu 18.04.

The main advantage of this method is you can use your personal stuff, your online accounts securely on any PC. You can even do secure online transactions as well on any available PC.

I hope it will be helpful for you, if you have questions regarding this article, please feel free to ask in the comment section below.

Source

When you compile a custom kernel module such as device driver on a CentOS system, you need to have kernel header files installed on the system, which include the C header files for the Linux kernel. Kernel header files provide different kinds of function and structure definitions required when installing or compiling any code that interfaces with the kernel.

When you install Kernel Headers, make sure it matches with the currently installed kernel version on the system. If your Kernel version comes with the default distribution installation or you have upgraded your Kernel using yum package manager from system base repositories, then you must install matching kernel headers using package manager only. If you’ve compiled Kernel from sources, you can install kernel headers from sources only.

Read Also: How to Install Kernel Headers in Ubuntu and Debian

In this article, we will explain how to install Kernel Headers in CentOS/RHEL 7 and Fedora distributions using default package manager.

Install Kernel Headers in CentOS 7

First confirm that the matching kernel headers are already installed under /usr/src/kernels/ location on your system using following commands.

# cd /usr/src/kernels/
# ls -l

If no matching kernel headers are located in the /usr/src/kernels/ directory, go ahead and install kernel headers, which is provided by the kernel-devel package that can be installed using default package manager as shown.

# yum install kernel-devel   [On CentOS/RHEL 7]
# dnf install kernel-devel   [On Fedora 22+]

After installing the kernel-devel package, you can find all the kernel headers files in /usr/src/kernels directory using following command.

# ls -l /usr/src/kernels/$(uname -r) 

Note on a VPS (for instance a Linode VPS), a kernel may have a customized version name, in such scenario, you have to identify the kernel version manually and check the installed kernel header files using following commands.

# uname -r	
# ls -l /usr/src/kernels/3.10.0-862.2.3.el7.x86_64

Sample Output

total 4544
drwxr-xr-x.  32 root root    4096 May 16 12:48 arch
drwxr-xr-x.   3 root root    4096 May 16 12:48 block
drwxr-xr-x.   4 root root    4096 May 16 12:48 crypto
drwxr-xr-x. 119 root root    4096 May 16 12:48 drivers
drwxr-xr-x.   2 root root    4096 May 16 12:48 firmware
drwxr-xr-x.  75 root root    4096 May 16 12:48 fs
drwxr-xr-x.  28 root root    4096 May 16 12:48 include
drwxr-xr-x.   2 root root    4096 May 16 12:48 init
drwxr-xr-x.   2 root root    4096 May 16 12:48 ipc
-rw-r--r--.   1 root root     505 May  9 19:21 Kconfig
drwxr-xr-x.  12 root root    4096 May 16 12:48 kernel
drwxr-xr-x.  10 root root    4096 May 16 12:48 lib
-rw-r--r--.   1 root root   51205 May  9 19:21 Makefile
-rw-r--r--.   1 root root    2305 May  9 19:21 Makefile.qlock
drwxr-xr-x.   2 root root    4096 May 16 12:48 mm
-rw-r--r--.   1 root root 1093137 May  9 19:21 Module.symvers
drwxr-xr-x.  60 root root    4096 May 16 12:48 net
drwxr-xr-x.  14 root root    4096 May 16 12:48 samples
drwxr-xr-x.  13 root root    4096 May 16 12:48 scripts
drwxr-xr-x.   9 root root    4096 May 16 12:48 security
drwxr-xr-x.  24 root root    4096 May 16 12:48 sound
-rw-r--r--.   1 root root 3409102 May  9 19:21 System.map
drwxr-xr-x.  17 root root    4096 May 16 12:48 tools
drwxr-xr-x.   2 root root    4096 May 16 12:48 usr
drwxr-xr-x.   4 root root    4096 May 16 12:48 virt
-rw-r--r--.   1 root root      41 May  9 19:21 vmlinux.id

In addition, if you need header files for the Linux kernel for use by glibc, install the kernel-header package using following command.

# yum install kernel-headers   [On CentOS/RHEL 7]
# dnf install kernel-headers   [On Fedora 22+]

Now you are good to go with compiling your own or existing kernel modules for software such as VirtualBoxand many more.

That’s it! In this article, we have explained how to install kernel-devel and kernel-header packages in CentOS/RHEL 7 and Fedora systems. Remember that before you can compile kernel modules such as device driver on a Linux system, you should have necessary kernel header files installed. If you have queries, please use the comment form below to reach us.

Source

Kernel Headers contain the Cheader files for the Linux kernel, which offers the various function and structure definitions required when compiling any code that interfaces with the kernel, such as kernel modules or device drivers and some user programs.

It is very important to note that the kernel headers package you install should match with the currently installed kernel version on your system. If your kernel version ships with the default distribution installation or you have upgraded your Kernel using dpkg or apt package manager from the Ubuntu or Debian base repositories, then you must install matching kernel headers using package manager only. And if you’ve compiled kernel from sources, you must also install kernel headers from sources.

In this article, we will explain how to install Kernel Headers in Ubuntu and Debian Linux distributions using default package manager.

Install Kernel Headers in Ubuntu and Debian

First check your installed kernel version as well as kernel header package that matches your kernel version using following commands.

$ uname -r
$ apt search linux-headers-$(uname -r)

On Debian, Ubuntu and their derivatives, all kernel header files can be found under /usr/src directory. You can check if the matching kernel headers for your kernel version are already installed on your system using the following command.

$ ls -l /usr/src/linux-headers-$(uname -r)

From the above output, it’s clear that the matching kernel header directory doesn’t exist, meaning the package is not yet installed.

Before you can install the appropriate kernel headers, update your packages index, in order to grab information about the latest package releases, using the following command.

$ sudo apt update

Then run the following command that follows to install the Linux Kernel headers package for your kernel version.

$ sudo apt install linux-headers-$(uname -r)

Next, check if the matching kernel headers have been installed on your system using the following command

$ ls -l /usr/src/linux-headers-$(uname -r)

That’s all! In this article, we have explained how to install kernel headers in Ubuntu and Debian Linux and other distributions in the Debian family tree.

Always keep in mind that to compile a kernel module, you will need the Linux kernel headers. If you have any quires, or thoughts to share, use the comment form below to reach us.

Source

If you are a system administrator in charge of maintaining critical systems in enterprise environments, we are sure you know two important things:

1) Finding a downtime window to install security patches in order to handle kernel or operating system vulnerabilities can be difficult. If the company or business you work for does not have security policies in place, operations management may end up favoring uptime over the need to solve vulnerabilities. Additionally, internal bureaucracy can cause delays in granting approvals for a downtime. Been there myself.

2) Sometimes you can’t really afford a downtime, and should be prepared to mitigate any potential exposures to malicious attacks some other way.

The good news is that Canonical has recently released (actually, a couple of days ago) its Livepatch service to apply critical kernel patches to Ubuntu 16.04 (64-bit edition / 4.4.x kernel) without the need for a later reboot. Yes, you read that right: with Livepatch, you don’t need to restart your Ubuntu 16.04 server in order for the security patches to take effect.

Signing up for Ubuntu Livepatch

In order to use Canonical Livepatch Service, you need to sign up at https://auth.livepatch.canonical.com/ and indicate if you are a regular Ubuntu user or an Advantage subscriber (paid option). All Ubuntu users can link up to 3 different machines to Livepatch through the use of a token:

In the next step you will be prompted to enter your Ubuntu One credentials or sign up for a new account. If you choose the latter, you will need to confirm your email address in order to finish your registration:

Once you click on the link above to confirm your email address, you’ll be ready to go back to https://auth.livepatch.canonical.com/ and get your Livepatch token.

Getting and Using your Livepatch Token

To begin, copy the unique token assigned to your Ubuntu One account:

Then go to a terminal and type:

$ sudo snap install canonical-livepatch

The above command will install the livepatch, whereas

$ sudo canonical-livepatch enable [YOUR TOKEN HERE]

will enable it for your system. If this last command indicates it can’t find canonical-livepatch, make sure /snap/bin has been added to your path. A workaround consists of changing your working directory to /snap/bin and do.

$ sudo ./canonical-livepatch enable [YOUR TOKEN HERE]

Overtime, you’ll want to check the description and the status of patches applied to your kernel. Fortunately, this is as easy as doing.

$ sudo ./canonical-livepatch status --verbose

as you can see in the following image:

Having enabled Livepatch on your Ubuntu server, you will be able to reduce planned and unplanned downtimes at a minimum while keeping your system secure. Hopefully Canonical’s initiative will award you a pat on the back by management – or better yet, a raise.

Feel free to let us know if you have any questions about this article. Just drop us a note using the comment form below and we will get back to you as soon as possible.

Source

PHP (recursive acronym for PHP: Hypertext Preprocessor) is an open source, popular general-purpose scripting language that is widely-used and best suited for developing websites and web-based applications. It is a server-side scripting language that can be embedded in HTML.

Currently, there are three supported versions of PHP, i.e PHP 5.6, 7.0 and 7.1. Meaning PHP 5.3, 5.4 and 5.5have all reached end of life; they are no longer supported with security updates.

In this article, we will explain how to install all the supported versions of PHP in Ubuntu and its derivatives with most requested PHP extensions for both Apache and Nginx web servers using a Ondřej Surý PPA. We will also explain how to set default version of PHP to be used on the Ubuntu system.

Note that PHP 7.x is the supported stable version in the Ubuntu software repositories, you can confirm this by running the apt command below.

$sudo apt show php
OR
$ sudo apt show php -a

Package: php
Version: 1:7.0+35ubuntu6
Priority: optional
Section: php
Source: php-defaults (35ubuntu6)
Origin: Ubuntu
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Original-Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 11.3 kB
Depends: php7.0
Supported: 5y
Download-Size: 2,832 B
APT-Sources: http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages
Description: server-side, HTML-embedded scripting language (default)
 PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used
 open source general-purpose scripting language that is especially suited
 for web development and can be embedded into HTML.
 .
 This package is a dependency package, which depends on Debian's default
 PHP version (currently 7.0).

To install the default PHP version from the Ubuntu software repositories, use the command below.

$ sudo apt install php

Install PHP (5.6, 7.0, 7.1) on Ubuntu Using PPA

1. First start by adding Ondřej Surý PPA to install different versions of PHP – PHP 5.6, PHP 7.0 and PHP 7.1 on Ubuntu system.

$ sudo apt install python-software-properties
$ sudo add-apt-repository ppa:ondrej/php

2. Next, update the system as follows.

$ sudo apt-get update

3. Now install different supported versions of PHP as follows.

For Apache Web Server

$ sudo apt install php5.6   [PHP 5.6]
$ sudo apt install php7.0   [PHP 7.0]
$ sudo apt install php7.1   [PHP 7.1]

For Nginx Web Server

$ sudo apt install php5.6-fpm   [PHP 5.6]
$ sudo apt install php7.0-fpm   [PHP 7.0]
$ sudo apt install php7.1-fpm   [PHP 7.1]

4. To install any PHP modules, simply specify the PHP version and use the auto-completion functionality to view all modules as follows.

------------ press Tab key for auto-completion ------------ 
$ sudo apt install php5.6 
$ sudo apt install php7.0 
$ sudo apt install php7.1 

5. Now you can install most required PHP modules from the list.

------------ Install PHP Modules ------------
$ sudo apt install php5.6-cli php5.6-xml php5.6-mysql 
$ sudo apt install php7.0-cli php7.0-xml php7.0-mysql 
$ sudo apt install php7.1-cli php7.1-xml php7.1-mysql 

6. Finally, verify your default PHP version used on your system like this.

$ php -v 

Set Default PHP Version in Ubuntu

7. You can set the default PHP version to be used on the system with the update-alternatives command, after setting it, check the PHP version to confirm as follows.

------------ Set Default PHP Version 5.6 ------------
$ sudo update-alternatives --set php /usr/bin/php5.6

------------ Set Default PHP Version 7.0 ------------
$ sudo update-alternatives --set php /usr/bin/php7.0

------------ Set Default PHP Version 7.1 ------------
$ sudo update-alternatives --set php /usr/bin/php7.1

8. To set the PHP version that will work with Apache web server, use the commands below. First disable the current version with the a2dismod command and then enable the one you want with the a2enmod command.

$ sudo a2dismod php7.0
$ sudo a2enmod php7.1
$ sudo systemctl restart apache2

9. After switching from one version to another, you can find your PHP configuration file, by running the command below.

------------ For PHP 5.6 ------------
$ sudo update-alternatives --set php /usr/bin/php5.6
$ php -i | grep "Loaded Configuration File"

------------ For PHP 7.0 ------------
$ sudo update-alternatives --set php /usr/bin/php7.0
$ php -i | grep "Loaded Configuration File"

------------ For PHP 7,1 ------------
$ sudo update-alternatives --set php /usr/bin/php7.1
$ php -i | grep "Loaded Configuration File"

You may also like:

1. How to Use and Execute PHP Codes in Linux Command Line
2. 12 Useful PHP Commandline Usage Every Linux User Must Know
3. How to Hide PHP Version in HTTP Header

In this article, we showed how to install all the supported versions of PHP in Ubuntu and its derivatives. If you have any queries or thoughts to share, do so via the feedback form below.

Source

Web proxies have been around for quite some time now and have been used by millions of users around the globe. They have a wide range of purposes, most popular being online anonymity, but there are other ways you can take advantage of web proxies. Here are some ideas:

• Online anonymity
• Improve online security
• Improve loading times
• Block malicious traffic
• Log your online activity
• To circumvent regional restrictions
• In some cases can reduce bandwidth usage

How Proxy Server Works

The proxy server is a computer that is used as an intermediary between the client and other servers from which client may request resources. A simple example of this is when a client makes online requests (for example want to open a web page), he connects first to the proxy server.

The proxy server then checks its local disk cache and if the data can be found in there, it will return the data to the client, if not cached, it will make the request in the client’s behalf using the proxy IP address (different from the clients) and then return the data to the client. The proxy server will try to cache the new data and will use it for future requests made to the same server.

What is Squid Proxy

Squid is a web proxy used my wide range of organizations. It is often used as caching proxy and improving response times and reducing bandwidth usage.

For the purpose of this article, I will be installing Squid on a Linode CentOS 7 VPS and use it as an HTTP proxy server.

How to Install Squid on CentOS 7

Before we start, you should know that Squid, does not have any minimum requirements, but the amount of RAM usage may vary depending on the clients browsing the internet through the proxy server.

Squid is included in the base repository and thus the installation is simple and straightforward. Before installing it, however, make sure your packages are up to date by running.

# yum -y update

Proceed by installing squid, start and enable it on system startup using following commands.

# yum -y install squid
# systemctl start squid
# systemctl  enable squid

At this point your Squid web proxy should already be running and you can verify the status of the service with.

# systemctl status squid

Sample Output

● squid.service - Squid caching proxy
   Loaded: loaded (/usr/lib/systemd/system/squid.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2018-09-20 10:07:23 UTC; 5min ago
 Main PID: 2005 (squid)
   CGroup: /system.slice/squid.service
           ├─2005 /usr/sbin/squid -f /etc/squid/squid.conf
           ├─2007 (squid-1) -f /etc/squid/squid.conf
           └─2008 (logfile-daemon) /var/log/squid/access.log

Sep 20 10:07:23 tecmint systemd[1]: Starting Squid caching proxy...
Sep 20 10:07:23 tecmint squid[2005]: Squid Parent: will start 1 kids
Sep 20 10:07:23 tecmint squid[2005]: Squid Parent: (squid-1) process 2007 started
Sep 20 10:07:23 tecmint systemd[1]: Started Squid caching proxy.

Here are some important file locations you should be aware of:

• Squid configuration file: /etc/squid/squid.conf
• Squid Access log: /var/log/squid/access.log
• Squid Cache log: /var/log/squid/cache.log

A minimum squid.conf configuration file (without comments in it) looks like this:

acl localnet src 10.0.0.0/8	# RFC1918 possible internal network
acl localnet src 172.16.0.0/12	# RFC1918 possible internal network
acl localnet src 192.168.0.0/16	# RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128
coredump_dir /var/spool/squid
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
refresh_pattern .		0	20%	4320

Configuring Squid as an HTTP Proxy

Here, we will show you how to configure squid as an HTTP proxy using only the client IP address for authentication.

Add Squid ACLs

If you wish to allow IP address to access the web through your new proxy server, you will need to add new acl(access control list) line in the configuration file.

# vim /etc/squid/squid.conf

The line you should add is:

acl localnet src XX.XX.XX.XX

Where XX.XX.XX.XX is the actual client IP address you wish to add. The line should be added in the beginning of the file where the ACLs are defined. It is a good practice to add a comment next to ACL which will describe who uses this IP address.

It is important to note that if Squid is located outside your local network, you should add the public IP address of the client.

You will need to restart Squid so the new changes can take effect.

# systemctl  restart squid

Open Squid Proxy Ports

As you may have seen in the configuration file, only certain ports are allowed for connecting. You can add more by editing the configuration file.

acl Safe_ports port XXX

Where XXX is the actual port you wish to load. Again it is a good idea to leave a comment next to that will describe what the port is going to be used for.

For the changes to take effect, you will need to restart squid once more.

# systemctl  restart squid

Squid Proxy Client Authentication

You will most probably want your users to authenticate before using the proxy. For that purpose, you can enable basic http authentication. It is easy and fast to configure.

First you will need httpd-tools installed.

# yum -y install httpd-tools

Now lets create a file that will later store the username for the authentication. Squid runs with user “squid” so the file should be owned by that user.

# touch /etc/squid/passwd
# chown squid: /etc/squid/passwd

Now we will create a new user called “proxyclient” and setup its password.

# htpasswd /etc/squid/passwd proxyclient

New password:
Re-type new password:
Adding password for user proxyclient

Now to configure the autnetication open the configuration file.

# vim /etc/squid/squid.conf

After the ports ACLs add the following lines:

auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid Basic Authentication
auth_param basic credentialsttl 2 hours
acl auth_users proxy_auth REQUIRED
http_access allow auth_users

Save the file and restart squid so that the new changes can take effect:

# systemctl restart squid

Block Websites on Squid Proxy

Finally we will create one last ACL that will help us block unwanted websites. First create the file that will store the blacklisted sites.

# touch /etc/squid/blacklisted_sites.acl

You can add some domains you wish to block. For example:

.badsite1.com
.badsite2.com

The proceding dot tells squid to block all referecnes to that sites including www.badsite1, subsite.badsite1.cometc.

Now open Squid’s configuration file.

# vim /etc/squid/squid.conf

Just after the ports ACLs add the following two lines:

acl bad_urls dstdomain "/etc/squid/blacklisted_sites.acl"
http_access deny bad_urls

Now save the file and restart squid:

# systemctl restart squid

Once everyting configured correctly, now you can configure your local client browser or operating system’s network settings to use your squid HTTP proxy.

Conclusion

In this tutorial you learned how to install, secure and configure a Squid HTTP Proxy server on your own. With the information you just got, you can now add some basic filtering for incoming and outgoing traffic through Squid.

If you wish to go the extra mile, you can even configure squid to block some websites during working hours to prevent distractions. If you have any questions or comments, please post them in the comment section below.

Source

Squid is a most popular caching and forwarding HTTP web proxy server used my wide range of companies to cache web pages from a web server to improve web server speed, reduce response times and reduce network bandwidth usage.

Read Also: How to Create an HTTP Proxy Using Squid on CentOS 7

In this article, we will explain how to install a squid proxy server on Ubuntu and Debian distributions and use it as an HTTP proxy server.

How to Install Squid on Ubuntu

Before we begin, you should know that Squid server doesn’t have any requirements, but the amount of RAM utilization may differ based on the clients browsing the internet via the proxy server.

Squid package is available to install from the base Ubuntu repository, but before that make sure to update your packages by running.

$ sudo apt update

Once your packages are up to date, you can proceed further to install squid and start and enable it on system startup using following commands.

$ sudo apt -y install squid
$ sudo systemctl start squid
$ sudo systemctl enable squid

At this point your Squid web proxy should already be running and you can verify the status of the service with.

$ sudo systemctl status squid

Sample Output

● squid.service - LSB: Squid HTTP Proxy version 3.x
   Loaded: loaded (/etc/init.d/squid; generated)
   Active: active (running) since Tue 2018-12-04 06:42:43 UTC; 14min ago
     Docs: man:systemd-sysv-generator(8)
    Tasks: 4 (limit: 1717)
   CGroup: /system.slice/squid.service
           ├─2761 /usr/sbin/squid -YC -f /etc/squid/squid.conf
           ├─2766 (squid-1) -YC -f /etc/squid/squid.conf
           ├─2768 (logfile-daemon) /var/log/squid/access.log
           └─2772 (pinger)

Dec 04 06:42:43 tecmint systemd[1]: Starting LSB: Squid HTTP Proxy version 3.x...
Dec 04 06:42:43 tecmint squid[2708]:  * Starting Squid HTTP Proxy squid
Dec 04 06:42:43 tecmint squid[2708]:    ...done.
Dec 04 06:42:43 tecmint systemd[1]: Started LSB: Squid HTTP Proxy version 3.x.
Dec 04 06:42:43 tecmint squid[2761]: Squid Parent: will start 1 kids
Dec 04 06:42:43 tecmint squid[2761]: Squid Parent: (squid-1) process 2766 started

Following are the some important squid file locations you should be aware of:

• Squid configuration file: /etc/squid/squid.conf
• Squid Access log: /var/log/squid/access.log
• Squid Cache log: /var/log/squid/cache.log

The default configuration file contains some configuration directives that needs to be configured to affect the behavior of the Squid.

Now open this file for editing using Vi editor and make changes as shown below.

$ sudo vim /etc/squid/squid.conf

Now, you may search about the following lines and change them as requested, in the Vi editor, you may search about those lines by hitting the ‘ESC’ and typing “/” key to writing the specific lines to look for.

• http_port : This is the default port for the HTTP proxy server, by default it is 3128, you may change it to any other port that you want, you may also add the “transparent” tag to the end of the line like http_port 8888 transparent to make Squid proxy act like a transparent proxy if you want.
• http_access deny all : This line won’t let anybody to access the HTTP proxy server, that’s why you need to change it to http_access allow all to start using your Squid proxy server.
• visible_hostname : This directive is used to set the specific hostname to a squid server. You can give any hostname to squid.

After making above changes, you may restart the Squid proxy server using the command.

$ sudo systemctl restart squid

Configuring Squid as an HTTP Proxy on Ubuntu

In this squid configuration section, we will explain you how to configure squid as an HTTP proxy using only the client IP address for authentication.

Add Squid ACLs

If you wish to allow only one IP address to access the internet through your new proxy server, you will need to define new acl (access control list) in the configuration file.

$ sudo vim /etc/squid/squid.conf

The acl rule you should add is:

acl localnet src XX.XX.XX.XX

Where XX.XX.XX.XX is the IP address of client machine. This acl should be added in the beginning of the ACL’s section as shown in the following screenshot.

It is always a good practice to define a comment next to ACL which will describe who uses this IP address, for example.

acl localnet src 192.168.0.102  # Boss IP address

You will need to restart Squid service to take the new changes into effect.

$ sudo systemctl restart squid

Open Ports in Squid Proxy

By default, only certain ports are allowed in the squid configuration, if you wish to add more just define them in the configuration file as shown.

acl Safe_ports port XXX

Where XXX is the port number that you wish to allow. Again it is a good practive to define a comment next to acl that will describe what the port is going to be used for.

For the changes to take effect, you will need to restart squid once more.

$ sudo systemctl restart squid

Squid Proxy Client Authentication

To allow users to authenticate before using the proxy, you need to enable basic http authentication in the configuration file, but before that you need to install apache2-utils package using following command.

$ sudo apt install apache2-utils

Now create a file called “passwd” that will later store the username for the authentication. Squid runs with user “proxy” so the file should be owned by that user.

$ sudo touch /etc/squid/passwd
$ sudo chown proxy: /etc/squid/passwd
$ ls -l /etc/squid/passwd

$ sudo htpasswd /etc/squid/passwd tecmint

New password: 
Re-type new password: 
Adding password for user tecmint

$ sudo vim /etc/squid/squid.conf

auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid Basic Authentication
auth_param basic credentialsttl 2 hours
acl auth_users proxy_auth REQUIRED
http_access allow auth_users

$ sudo systemctl restart squid

$ sudo touch /etc/squid/blacklisted_sites.acl

.badsite1.com
.badsite2.com

$ sudo vim /etc/squid/squid.conf

acl bad_urls dstdomain "/etc/squid/blacklisted_sites.acl"
http_access deny bad_urls

$ sudo systemctl restart squid

$ sudo touch /etc/squid/blockkeywords.lst

facebook
instagram
gmail

acl blockkeywordlist url_regex "/etc/squid/blockkeywords.lst"
http_access deny blockkeywordlist

$ sudo systemctl restart squid