Linux Blimp

Iptables is a firewall service included in CentOS, in CentOS 7 its offered as a alternative firewalld is offered as well. Iptables uses netfilter to filter chains. Essentially you create a chain of filter rules to process how incoming and outgoing data is handled. You can view more about iptables on Netfilter

Iptables rule format

The iptables rules format is pretty simplistic when using basic rules to allow or deny traffic.

iptables -t <type> <direction> <pattern> -j <action>

Type

for -t <type> there are two basic type options filter and nat

filter – creates a rule for filtering traffic.
nat – this creates a nat(network address translation) rule.

Direction

–append – Adds a rule to the end of the chain. You also want to specify INPUT (incoming packets) or OUTPUT (outgoing packets) when appending rules.
–delete – Deletes a rule from the chain. You also want to specify INPUT (incoming packets) or OUTPUT (outgoing packets) when deleting rules.
–list – lists the current rules
–flush – flushes all the rules

Pattern

–source <ip_address> – Rule only applies to packets coming from this source IP address.
–destination <ip_address> – Rule only applies for packets going to this destination IP address.

Action

DROP – packets are dropped
REJECT – packets are dropped and a error message sent back
ACCEPT – packets are allowed

Iptables Service Management

How to manage the IPtables service itself.

To start iptables:

service iptables start

To stop iptables:

service iptables stop

To ensure iptables starts on reboot:

CentOS 6:

chkconfig –add iptableschkconfig iptables on

Centos 7:

systemctl enable iptables

Restore saved ruleset:

iptables-restore < /etc/sysconfig/iptables

Save new rules permamently:

iptables-save > /etc/sysconfig/iptables

Example rules:

Samples of different functions you can perform to block or accept traffic based on IP addresses and Ports.

Block a IP with Iptables:

iptables -A INPUT -s 1.2.3.4 -j DROP

Allow a IP

iptables -A INPUT -s 1.2.3.4 -j ACCEPT

Block a PORT:

iptables -A INPUT -p tcp –dport 21 -j DROP

Allow a IP to a specific port:

iptables -A INPUT -s 1.2.3.4 -p tcp –dport 21 -j ACCEPT

There is much more that you can do with iptables this is just a basic introduction.

Source

System76 has been making big news in the Linux community lately with its upcoming open source Thelio computer. Many Linux users have been clamoring for System76 to make its own hardware, and that dream will soon be a reality.

Unfortunately, not much is known about Thelio hardware other than it is definitely a desktop computer that is built with open source ideology. Today, however, System76 shares new details and images about the computer with those that signed up for its email list. Probably the most exciting is the promise of an open source “daughter board” that will apparently strip the proprietary aspects from a typical motherboard — this has me seriously intrigued.

“Creating an open desktop is a giant step for us, not only as a company, but as a team of Linux enthusiasts and contributors who are passionate about the future of open source. We hope that Thelio will open many new doors for people to build their own open hardware, develop their own utilities, and design a computer that reflects who they are,” says System76.

ALSO READ: System76 releases Ubuntu-based Pop!_OS 18.10 Linux distribution

The famed company further says, “We will be unveiling Thelio Systems on Thursday, November 1st. From there you’ll be able to customize your own Thelio desktops for preorder. As our most faithful fans, you can enjoy some extra computer clues and a sneak peek at our manufacturing process leading up to the release. We’re grateful for all of your passion and enthusiasm, and we can’t wait to share this next phase of our journey with you.”

System76 shares the following teaser images of the computer. As we can see, it uses DDR4 memory, which is to be expected. I also spot a SATA SSD — hopefully an NVMe drive will be an option too. With that said, I really like how 2.5-inch SATA drives will mount — it looks very convenient (and pretty).

There will be three variants of Thelio, and below is what we know so far.

• Thelio (Up to 32GB RAM, 24TB Storage)
• Thelio Major (Up to 128GB RAM, 46TB Storage)
• Thelio Massive (Up to 768GB ECC RAM, 86TB Storage)

Carl Richell, System76 CEO, shares the following statement.

Creating a computer that is open-source, from the physical design to the OS, is the next step in our mission to empower our customers and the community. We believe that by leading with open source design, the rest of the industry will have to follow.

Are you excited to see Thelio revealed on November 1? Will you pre-order? Please tell me in the comments below.

Source

One of the oldest Linux distribution still in development, Debian has just turned 25.

10 Interesting facts about Debian Linux

The facts presented here have been collected from various sources available from the internet. They are true to my knowledge, but in case of any error, please remind me to update the article.

1. One of the oldest Linux distributions still under active development

Debian project was announced on 16th August 1993 by Ian Murdock, Debian Founder. Like Linux creator Linus Torvalds, Ian was a college student when he announced Debian project.

Debian project announcement

2. Some people get tattoo while some name their project after their girlfriend’s name

The project was named by combining the name of Ian and his then-girlfriend Debra Lynn. Ian and Debra got married and had three children. Debra and Ian got divorced in 2008.

3. Ian Murdock: The Maverick behind the creation of Debian project

Ian Murdock

Ian Murdock led the Debian project from August 1993 until March 1996. He shaped Debian into a community project based on the principals of Free Software. The Debian Manifesto and the Debian Social Contract are still governing the project.

He founded a commercial Linux company called Progeny Linux Systems and worked for a number of Linux related companies such as Sun Microsystems, Linux Foundation and Docker.

Sadly, Ian committed suicide in December 2015. His contribution to Debian is certainly invaluable.

4. Debian is a community project in the true sense

Debian is a community based project in true sense. No one ‘owns’ Debian. Debian is being developed by volunteers from all over the world. It is not a commercial project, backed by corporates like many other Linux distributions.

Debian Linux distribution is composed of Free Software only. It’s one of the few Linux distributions that is true to the spirit of Free Software and takes pride in being called a GNU/Linux distribution.

Debian has its non-profit organization called Software in Public Interest (SPI). Along with Debian, SPI supports many other open source projects financially.

5. Debian and its 3 branches

Debian has three branches or versions: Debian Stable, Debian Unstable (Sid) and Debian Testing.

Debian Stable, as the name suggests, is the stable branch that has all the software and packages well tested to give you a rock solid stable system. Since it takes time before a well-tested software lands in the stable branch, Debian Stable often contains older versions of programs and hence people joke that Debian Stable means stale.

Debian Unstable codenamed Sid is the version where all the development of Debian takes place. This is where the new packages first land or developed. After that, these changes are propagated to the testing version.

Debian Testing is the next release after the current stable release. If the current stable release is N, Debian testing would be the N+1 release. The packages from Debian Unstable are tested in this version. After all the new changes are well tested, Debian Testing is then ‘promoted’ as the new Stable version.

There is no strict release schedule for Debian.

7. There was no Debian 1.0 release

Debian 1.0 was never released. The CD vendor, InfoMagic, accidentally shipped a development release of Debian and entitled it 1.0 in 1996. To prevent confusion between the CD version and the actual Debian release, the Debian Project renamed its next release to “Debian 1.1”.

8. Debian releases are codenamed after Toy Story characters

Debian releases are codenamed after the characters from Pixar’s hit animation movie series Toy Story.

Debian 1.1 was the first release with a codename. It was named Buzz after the Toy Story character Buzz Lightyear.

It was in 1996 and Bruce Perens had taken over leadership of the Project from Ian Murdock. Bruce was working at Pixar at the time.

This trend continued and all the subsequent releases had codenamed after Toy Story characters. For example, the current stable release is Stretch while the upcoming release has been codenamed Buster.

The unstable Debian version is codenamed Sid. This character in Toy Story is a kid with emotional problems and he enjoys breaking toys. This is symbolic in the sense that Debian Unstable might break your system with untested packages.

9. Debian also has a BSD ditribution

Debian is not limited to Linux. Debian also has a distribution based on FreeBSD kernel. It is called Debian GNU/kFreeBSD.

10. Google uses Debian

Google uses Debian as its in-house development platform. Earlier, Google used a customized version of Ubuntu as its development platform. Recently they opted for Debian based gLinux.

Happy 25th birthday Debian

I hope you liked these little facts about Debian. Stuff like these are reasons why people love Debian.

I wish a very happy 25th birthday to Debian. Please continue to be awesome. Cheers 🙂

Source

Welcome to Xubuntu, an official flavor of the world’s most popular free operating system, Ubuntu Linux, built around the lightweight Xfce graphical desktop environment. It is oriented towards low-end machines and computers with old hardware components.

Distributed as 64-bit and 32-bit Live DVDs

This Xubuntu edition is distributed as Live DVD ISO images that contain software packages optimized for both both 32-bit (x86) and 64-bit (x86_64) instruction set architectures. Both ISOs have approximately 1 GB in size and can be deployed on either USB thumb drives or DVD discs.

The boot options are standard

The Live DVD boot menu is unchanged from previous Xubuntu releases, allowing the user to try the distribution without installing it, to check the bootable medium for errors (only if booting from a DVD media), start the installer directly, run a memory diagnostic test, as well as to boot an existing OS from the first disk drive detected by the BIOS.

Please note that if you don’t press a key on your keyboard in ten seconds from the moment you boot the ISO image from the BIOS of your computer, the Live DVD will automatically start and drop you to the graphical session.

Xfce is in charge of the graphical session

As mentioned, Xubuntu is built around the Xfce desktop environment, which is quite lightweight and low on resources, suitable for computers with old or semi-old hardware components. It offers a classic layout comprised of a panel located on the upper part of the screen and a traditional main menu with built-in search functionality.

Comes pre-loaded with lightweight apps

Being designed from the ground up to be as low on resources as possible, Xubuntu comes pre-loaded with lightweight apps, among which we can mention the AbiWord word processor, Gnumeric spreadsheet editor, gmusicbrowser audio player, Mozilla Thunderbird email and news client, Xfburn CD/DVD burning software, Parole media player, Pidgin multi-protocol insant messenger, as well as the Mozilla Firefox web browser.

Source

 

Every time you open a webpage on your computer, data packets are sent and received on your network interface. Sometimes, analyzing these packets becomes important for many reasons. Thankfully, Linux offers a command line utility that dumps information related to these data packets in output.

In this article, we will discuss the basics of the tool in question – tcpdump. But before we do that, it’s worth mentioning that all examples here have been tested on an Ubuntu 18.04 LTS machine.

Linux tcpdump command

The tcpdump command in Linux lets you dump traffic on a network. Following is its syntax in short:

tcpdump [OPTIONS]

Here’s the detailed syntax:

tcpdump [ -AbdDefhHIJKlLnNOpqStuUvxX# ] [ -B buffer_size ]
[ -c count ]
[ -C file_size ] [ -G rotate_seconds ] [ -F file ]
[ -i interface ] [ -j tstamp_type ] [ -m module ] [ -M secret ]
[ –number ] [ -Q in|out|inout ]
[ -r file ] [ -V file ] [ -s snaplen ] [ -T type ] [ -w file ]
[ -W filecount ]
[ -E spi@ipaddr algo:secret,… ]
[ -y datalinktype ] [ -z postrotate-command ] [ -Z user ]
[ –time-stamp-precision=tstamp_precision ]
[ –immediate-mode ] [ –version ]
[ expression ]

Source

To recover the root password on a linux system if you do not have it have misplaced it depends on the major release of the OS. This guide will cover both CentOS 6(and prior releases) and CentOS 7.

Recover a root password on CentOS 6 or older

You will need to boot into single user mode. When the system is powering on you will need to enter the grub configuration and append single to the end of the kernel line

Once you are in the grub configuration editor you will need to type ‘e’ to edit the appropriate kernel. It will take you to another screen. Go down to the line that begins with kernel, you will need to append the following

single

Once you have done that you you can go ahead and type ‘b’ to boot the kernel.

The OS will reboot into single user mode. This will give you a password less prompt which will allow you to reset the root password by typing the following:

passwd

Once you have entered the new password you can go ahead and reboot the machine which will then load into the default runlevel with the updated password.

Recover a root password on CentOS 7

To recover a root password on CentOS 7, you will again need to enter the grub menu and type ‘e’ to edit the appropriate kernel. Go to the line that begins with kernel and append the following to the end of the line

init=sysroot/bin/sh

Then type ‘b’ to boot this kernel. It will boot up and you will need to mount the file system in a read-write state:

mount -o remount,rw /sysroot

You will then need to chroot to the mounted filesystem

chroot /sysroot

Now you can successfully update the root password by typing

passwd

If you have SElinux enabled you will need to enable auto-relabel

touch /.autorelabel

Now you can go ahead and reboot the system and it should load with the newly set password.

Source

Get this short and easy to digest JavaScript book list.

If there was ever the potential for a giant book list it’s one based on our favorite Javascript books. But, this list is short and easy to digest. Maybe it will help you get started, gently. Plus, check out three of our top Javascript articles with even more books, resources, and tips.

6 JavaScript books you should know

3D Game Programming for Kids

by Chris Strom

I consider this to be one of the best introduction to programming books let alone introduction to JavaScript. It jumps right in and gets to something fun and useful right away. It shows programming concepts as you use or need them. Even as a huge Perl zealot I recommend this as an intro book over my beloved Learning Perl.

D3.js in Action

by Elijah Meeks

There is a lot of useful text and many examples that explain how to use D3.js, which is a fine data visualization tool. (Recommendation by Chris Hermansen)

Effective JavaScript

by David Herman

This book was a good read for me when I got started with JavaScript; I was coming from the C++ world. If you start with JavaScript and want to learn nifty details like what the difference is between == and ===, this book can help you make your way. (Recommendation by
Manuel Dewald)

JavaScript: The Definitive Guide

by David Flanagan

In its 6th edition, this definitive guide lives up to its title. This book has been around for more than a decade, is comprehensive, and it is and well organized. If you pick only one JavaScript book to add to your library, this is the one. (Recommendation by Tom Manor)

JQuery in Action

by Bear Bibeault and Yehuda Katz

JQuery UI in Action

by TJ VanToll

Both of these books are solid introductions to jQuery and jQuery UI, which is a great and widely-used JavaScript framework. (Recommendation by Chris Hermansen)

About the author

Opensource.com

Source

Now that WebRender has reached beta within Firefox Nightly, I decided to run some fresh web-browser benchmarks to see how this GPU-accelerated web rendering is working out for Firefox and how it compares to that of Google Chrome in some popular browser benchmarks.

 

 

Within Firefox 65 Nightly builds, WebRender is now considered to be of beta quality though it will likely be a few release cycles before it hits the release population.

 

 

Enabling WebRender within the latest Firefox builds can be done using the gfx.webrender.all boolean setting on the “about:config” page. Due to GPU blacklisting, it’s also best to set the MOZ_WEBRENDER=1 environment variable prior to running Firefox for ensuring the settings work out.

 

 

Confirmation of WebRender enabled/disabled can be found via the Firefox about:support page.

 

I ran some cursory benchmarks this weekend on an Intel Core i9 9900K box with Ubuntu 18.10 while testing an AMD Radeon RX Vega 64 and NVIDIA GeForce RTX 2070 graphics cards. Tested were the builds of Firefox 63.0, Firefox 65 Nightly, Firefox 65 Nightly with WebRender enabled, and Google Chrome 70 using the official builds from Mozilla/Google.

Source

What is FirewallD?

Firewalld was introduced in CentOS 7/ RHEL 7 with both a GUI and command line interface for making changes. It is a alternative for using IPtables. If offers a zone based firewall configuration that allows you to enable different zones with different levels of trust.

Different Zone possibilities

Zones change be changed, different network cards or rules can also force different zones to be applied in different situations.

Drop Zone – Allows outgoing connections, but incoming connnections are dropped
Block Zone – Allows outgoing ssh/dhcp connections, but incoming connnections are rejected.
Public Zone – Allows both incoming and outgoing connections(ssh)
DMZ Zone – Allows both incoming ssh connections and outgoing connections
Trusted Zone – allows both incoming and outgoing connections
Home – dhcp,ipp and ssh incoming is allowed as well as outgoing connections
Internal – Outgoing connections and the same connections as Home are allowed

FirewallD Zone Management

To see what zone is currently being used:

# firewall-cmd –get-default-zone
internal

To set a new zone(replace internal with the zone you want to use)

# firewall-cmd –set-default-zone=internal
success

To see configuration of a zone:

# firewall-cmd –list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: dhcpv6-client ftp http https ssh
ports: 80/tcp 81/tcp
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:

FirewallD Port Managment

To allow ftp to access with the current zone being used:

# firewall-cmd –add-service ftp
success

To allow http access with the current zone being used:

# firewall-cmd –add-service http
success

If you add –permanent this will ensure the rule stays after a reload of the firewall ruleset.

To get a list of all services:

# firewall-cmd –get-services
RH-Satellite-6 amanda-client amanda-k5-client bacula bacula-client ceph ceph-mon dhcp dhcpv6 dhcpv6-client dns docker-registry dropbox-lansync freeipa-ldap freeipa-ldaps freeipa-replication ftp high-availability http https imap imaps ipp ipp-client ipsec iscsi-target kadmin kerberos kpasswd ldap ldaps libvirt libvirt-tls mdns mosh mountd ms-wbt mysql nfs ntp openvpn pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy proxy-dhcp ptp pulseaudio puppetmaster radius rpc-bind rsyncd samba samba-client sane smtp smtps snmp snmptrap squid ssh synergy syslog syslog-tls telnet tftp tftp-client tinc tor-socks transmission-client vdsm vnc-server wbem-https xmpp-bosh xmpp-client xmpp-local xmpp-server

Managing the service itself

To start firewalld

systemctl start firewalld

To ensure firewalld starts after a reboot

systemctl enable firewalld

To reload the firewalld rulset:

firewall-cmd –reload

Source

What is SELinux?

Security-Enhanced Linux (SELinux) was developed to provide access control for linux. It goes beyond file permissions and ACLs to create a more secure environment by limiting access. It is based on subjects, objects, and actions. A subject is the running command or application(example proftpd), the object is anything that can be accessed by that object, and the action is what can be done to that object by the subject.

Modes of Operation

There are 3 different modes that cause the protection to be different.

Enforcing – The configuration will actively be enforced
Permissive – The configuration will be monitored but not enforced
Disabled – The configuration with neither be monitored or enforced, essentially the service is completely disabled

To change modes without a reboot you would want to use setenforce, for example to make it permissive you would do

setenforce permissive

To change modes permanently you would want to update /etc/selinux/config and uncomment the appropriate one.

# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – No SELinux policy is loaded.
SELINUX=enforcing

A reboot will be needed to make the change take effect.

Configure Users

to check current users type the following:

# semanage login -l

Login Name SELinux User MLS/MCS Range Service

__default__ unconfined_u s0-s0:c0.c1023 *
root unconfined_u s0-s0:c0.c1023 *
system_u system_u s0-s0:c0.c1023 *

To add a new user, replacing newusername with the user

semanage login -a -s user_u newusername

Boolean Settings

Boolean settings are either turned on by setting them to a 1(on) or off (0), they give access to numerous utilities and functions within the system

To view all of the possible settings type

getsebool

To enable or disable one of them use

setsebool <setting_name> on

or

setsebool <setting_name> off

We will be adding another section on file management which is another control system of SELinux shortly.

Source