Linux Blimp

NTP (Network Time Protocol) is a protocol which allows computers to synchronize time. NTPd is a daemon that maintains the system time in synchronization with other NTP servers. This prevents drift which is the slow inconsistency of time on computers internal clocks. Keeping system time accurate is particularly important for system logs, replication, and applications.

Install NTPD

First you will want to install ntp, this is found in the default repostory

yum -y install ntp

CentOS 7 ships with chronyd as a default package, so you will want to disable that as well

Stop the service:

systemctl stop chronyd.service

Disable the service:

systemctl disable chronyd.service

Both chronyd and ntpd be used at the same time.

Configure NTP

You will then want to locate the closest timeservers to you you can find them here In this case we are going to leave the default servers that ship with the rpm

server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst

Adding or removing servers would be done in /etc/ntp.conf

Enable And Start NTP

You will then want to start the ntpd service

systemctl start ntpd

And make sure the service will start on reboot

systemctl enable ntpd

You will also want to allow ntp in the firewall

firewall-cmd –add-service=ntp –permanent

Then reload the firewall

firewall-cmd –reload

You can then verify it has is working correctly

# systemctl status ntpd
● ntpd.service – Network Time Service
Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2017-07-31 13:27:12 EDT; 5min ago
Main PID: 810 (ntpd)
CGroup: /system.slice/ntpd.service
└─810 /usr/sbin/ntpd -u ntp:ntp -g

You are looking for the ‘active (running)’ statement. That is it for installing ntpd.

Performing A Manual NTP Sync

How to perform a manual update of the system clock with ntp

First stop the service to free up the port (123) to be used for the manual update:

systemctl stop ntpd

Run the update:

# ntpd -gq
ntpd: time slew +0.009586s

-g is to update the time no matter how much of a offset.
-q is to exit immediately after setting the time.

Regard ntpd service:

systemctl start ntpd

That is all that is required for a manual sync.

Jul 31, 2017LinuxAdmin.io

Source

Kali Linux 2017.1 KDE Plasma Installation on Oracle VirtualBox

This video tutorial shows

Kali Linux 2017.1 KDE Plasma installation

on

Oracle VirtualBox

step by step. This tutorial is also helpful to install Kali Linux 2017 KDE on physical computer or laptop hardware. We also install

Guest Additions

on Kali Linux 2017 for better performance and usability features such as Automatic Resizing Guest Display, Shared Folder, Seamless Mode and Shared Clipboard, Improved Performance and Drag and Drop.

 

Kali Linux 2017.1 KDE Installation Steps:

1. Create Virtual Machine on Oracle VirtualBox
2. Start Kali Linux KDE Installation
3. Install Guest Additions
4. Test Guest Additions Features: Automatic Resizing Guest Display and Shared Clipboard

Installing Kali Linux 2017.1 KDE on Oracle VirtualBox

 

Kali Linux 2017.1 New Features and Improvements

Kali Linux

is a Debian-based distribution which features several security and forensics tools. Kali Linux 2017.1 features drivers for RTL8812AU wireless chipsets, improved GPU support and there are now Azure and AWS images of Kali Linux for cloud instances.

Kali Linux 2017.1

brings with it a bunch of exciting updates and features. As with all new releases, you have the common denominator of updated packages, an updated kernel that provides more and better hardware support, as well as a slew of updated tools.

Kali Linux Website:

https://www.kali.org/

What is KDE Desktop?

The KDE Community is an international technology team dedicated to creating a free and user-friendly computing experience, offering an advanced graphical desktop, a wide variety of applications for communication, work, education and entertainment and a platform to easily build new applications upon. In this regard, the resources provided by KDE make it a central development hub and home for many popular applications and projects like Calligra Suite, Krita, digiKam, and many others.

KDE Website:

https://www.kde.org/

VirtualBox Guest Additions Features

The Guest Additions offer the following features below:

 

1. Improved Video Support: While the virtual graphics card which VirtualBox emulates for any guest operating system provides all the basic features, the custom video drivers that are installed with the Guest Additions provide you with extra high and non-standard video modes as well as accelerated video performance.
2. Mouse Pointer Integration: This provides with seamless mouse support. A special mouse driver would have to be installed in the guest OS, which would exchange information with the actual mouse driver on the host. The special mouse driver then allows users to control the guest mouse pointer.
3. Time Synchronization: With the Guest Additions installed, VirtualBox can ensure that the guest’s system time is better synchronized with that of the host.
4. Shared Folders: These provide an easy way to exchange files between the host and the guest.
5. Seamless Windows: With this feature, the individual windows that are displayed on the desktop of the virtual machine can be mapped on the host’s desktop, as if the underlying application was actually running on the host.
6. Shared Clipboard: With the Guest Additions installed, the clipboard of the guest operating system can optionally be shared with your host operating system.

Hope you found this Kali Linux 2017.1 KDE Plasma installation on Oracle VirtualBox tutorial helpful and informative. Please consider sharing it. Your feedback and questions are welcome!

Source

In Linux, there are lots of powerful features that can make the life a lot easier. Linking is one of them that can allow you to perform your tasks a lot faster and more efficiently. You did hear the name “symbolic link”, or more common “symlink”, right? It’s a feature that allows linking to a physical directory or file.

For servers, symlinking is very useful. Are you a Linux user? Then symlink can also help you a lot. All you have to do is be creative with it to lessen your workload.

There are a lot of complex directories in the file system of Linux, right? Remembering all of them can be a real hassle. Moreover, when you want to work with a file/directory that’s deep within directories and sub-directories, the file path length becomes longer.

It’s especially a pain when working with CLI where you have to specify the file paths. Here comes the symlink to help.

For example, you want to access “/home/<username>/Downloads/a/b/c/d/e.txt” file. This is an easy demo, but surely typing the entire file length isn’t something you want to do often, right? With the power of symlink, you can dramatically reduce the file path to “/home/e.txt”.

Here, the symlink feature allows you create a virtual file at “/home/e.txt” that indicates to the “/home/<username>/Downloads/a/b/c/d/e.txt”. Whenever you ask for “/home/e.txt” file to manipulate, the system will work on the original file.

The same method goes for directories as well.

Today, let’s check out all how to create a symlink and have fun with it.

Creating Symlink

On all the Linux systems, there’s a tool “ln”. Don’t confuse with natural logarithm! “ln” follows the same structure of “cp” and “mv”. Learn more about copying file(s) and directories on Linux.

ln -s <source_file_directory> <link_file_directory>

For example, let’s create a symlink of “/home/viktor/Downloads” to “/Downloads”.

sudo ln -s /home/viktor/Downloads /Downloads

It’s time to verify the result. Note that you can easily verify the result with a command that works using that directory or file. For example,

I’m now inside “/Downloads” directory. It’s actually not a new directory. Instead, it’s a link to the original “/home/viktor/Downloads” folder.

Verify that both are the same –

cd /home/viktor/Downloads

ls

cd /Downloads

ls

See? Both of them are the same!

Let’s do the same with a file. I have already set a demo file “pimusic.txt” on “/home/viktor/Desktop”. Let’s link it as “PIMUSIC”.

sudo ln -s /home/viktor/Desktop/pimusic.txt PIMUSIC

Verify the result –

Creating permanent symlink

Note that the symlinks you create aren’t permanent. Whenever you reboot your system, you have to recreate the symlink again. To make them permanent, simply remove the “-s” flag. Note that it will create a HARD LINK.

sudo ln /home/viktor/Desktop/pimusic.txt PIMUSIC

Verify the result after rebooting the system –

Enjoy!

Source

In this tutorial, we will cover some networking basics. We won’t be hacking anything, but by the end of the tutorial you’ll learn a lot of things which will be useful later, especially when you’ll use nmap. Please note that it is advised that you go through wikipedia pages of all the concepts covered here since the discussion won’t be exhaustive in any way.

IP address

An IP address is simply a 32 bit address that every device on any network (which uses IP/TCP protocol) must have. It is usually expressed in the decimal notation instead of binary because it is less tedious to write it that way. For example,
Decimal notation – 192.168.1.1

Binary – 11000000.10101000.00000001.00000001It is clear from the binary form that the IP is indeed 32 bits. It can range from 0.0.0.0 to 255.255.255.255 (for the binary all 0s and all 1s respectively) [A lot of time, the first octet usually goes upto 127 only. However, we aren’t concerned with that here.]

 

Parts of an IP address

Now this IP address has 2 parts, the network address and host address. A lot of wireless routers keep the first 3 octets (8 bits, hence octets) for the network address and the last octet as host address. A very common configuration being 192.168.1.1 . Here, 192.168.1.0 is the network address and 0.0.0.1 is host address. I hope you can see that the host address can vary from 0.0.0.0 to 0.0.0.255 (though usually 0 and 255 are reserved for the network and broadcast respectively).

Need for Netmasks

But different networks have different needs. The previous configuration lets you have a lot of different possible networks (the first 3 octets are for the network and can take different values, not just 192.168.1.0) but only 256 (254 actually) hosts. Some networks may want more hosts (more than 255 hosts per network). This is why there is no “hardcoded” standard enforced on networks for the network and host addresses, and instead, they can specify their own configuration. The first 3 octets being network address and last octet being host address is common, but in no way mandatory. Using Netmasks, we can have very versatile set of configurations, for each and every need.

Netmask

A netmask is used to divide the IP address in subnets.

We’ll start with a basic example. Suppose we want to define a netmask which configures our network like wireless router in the previous example. We want the first 3 octets to correspond to the network and next 1 octet for host address. Let’s think of an operation which we can use to separate the network and host part of the IP address. For simple purposes, we could have just defined after which octet does the host part start [basically saying that anything after the third period(.) is host address]. While this is a simple solution, it is not very versatile. A more elegant and mathematical solution was proposed.

Netmask – Working

First I’ll tell you the mathematical functionality of a netmask. Assume A to be an IP address and M to be a netmask. Then,

A & M gives the Network addressA & (~M) gives the Host address.Where,& is bitwise And~ is bitwise Not (i.e. complement, 1s complement to be more precise)So, basically a netmask is another 32 bit binary number (just like an IP address), but with the purpose of giving Host address and network address when the operation bitwise and is carried out on it (and it’s complement) with A.

 

Example

You’ll understand better with example.

A = 192.168.1.1 is you IP addressM = 255.255.255.0We convert it to binary, and then carry out the desired operations.

A = 11000000.10101000.00000001.00000001 (192.168.1.1)

M = 11111111.11111111.11111111.00000000 (255.255.255.0)A&M = 11000000.10101000.00000001.00000000 (192.168.1.0)A&M is network IP that we desired
A = 11000000.10101000.00000001.00000001 (192.168.1.1)

~M = 00000000.00000000.00000000.11111111 (0.0.0.255)A&~M= 00000000.00000000.00000000.00000001 (0.0.0.1)A&~M is host IP that we desired

 

Explanation

Basically, if you realize that 11111111 is 255 in decimal, then you can see that for the parts of the IP address that you want for networks, you set the subnet to 255, and for the ones you want for host, you set it to 0.

So, if you want to reserve 2 octets for networks and 2 for hosts, then the subnet will be-M = 255.255.0.0If you want 3 octets for host, thenM = 255.0.0.0
Hence, we can see that using netmasks we can achieve what we wanted, i.e. to define networks with whatever number of hosts we require. Now we go a bit further.

 

Subnets

Now suppose you want to divide your network into parts. It is the sub-networks that are known as subnets (it is correct to call them subnetwork as well).

We’ll jump right to it, consider the netmask MM = 11111111.11111111.11111111.11000000Now, the first 3 octets describe the network. But the 4th octet, which is supposed to be for the host, has the 2 most significant bits (i.e. leftmost bits) as 1. Thus, the 2 most significant (leftmost) bits of the 4th octet will show up when we carry out the bitwise AND operation. They will, thus, be a part of the network address. However, they belong to the host octet. Thus, these 2 bits, which belong to the host octet but show up in the network IP address divide the network into subnets. The 2 bits can represent 4 possible combinations, 00, 01, 10 and 11, and hence the network will have 4 subnets.

 

Example of Subnetwork

Back to our previous “A”,

A = 11000000.10101000.00000001.xx000001 (192.168.1.1)M = 11111111.11111111.11111111.11000000 (255.255.255.192)A&M = 11000000.10101000.00000001.xx000000 (192.168.1.0)

Earlier, irrespective of what was there in 4th octet of A, we would have got all 0s in 4th octet of A&M i.e. network address. This time we will get the 2 most significant bits in the network address. Four subnets will be formed depending on the value of xx (which can be 00,01,10 or 11). Now, we will see which subnet has which set of hosts.

 

Which subnet has which hosts

11000000.10101000.00000001.00000000

has hosts 192.168.1.0-63 (00000000 to 00111111)
11000000.10101000.00000001.01000000

has hosts 192.168.1.64-127 (01000000 to 01111111)
11000000.10101000.00000001.10000000

has host 192.168.1.128-191 (10000000 to 10111111)
11000000.10101000.00000001.11000000

has host 192.168.1.192-255 (11000000 to 11111111)
So the netmask M divided the network into 4 equal subnets with 64 hosts each. There are some subnets which are much more complicated and have their applications in certain specific areas. I recommend going through Wikipedia page on Subnetworks to get some more idea. I have covered enough and now you can understand Wikipedia;s content on the topic without any difficulty.

 

Some Special IPs

0.0.0.0 = All IPs on local machine. Anything hosted on this IP is available to all devices on the network.

127.0.0.1 = LocalHost, this loops back to the machine itself.

255.255.255.255 = Broadcast, anything sent to this IP is broadcasted (like radio is broadcasted to everyone) to all hosts on the network.

Finally

You see the notation in this pic?

This way of representing subnets using /24, /25, /26, etc. is quite useful while doing vulnerability scans on networks (using nmap, etc.). /24 represents the netmask 255.255.255.0 , the first example we took of Wireless router. It is the most common configuration you’ll use while doing nmap scan. The one we discussed later, in the subnets section, is /26. It has 4 subnetworks. /25 has 2 subnets. /27 has 8. /31 has 128 subnets! In this subnet, only 2 host can be there per network, and it is used for 1 to 1 or point to point links. I hope the next time you have to deal with networks, you won’t be having difficulties. There are topic like Multicast etc. which build up on this, and you can do further reading on them. That was all for this tutorial. Good luck.

Source

It seems like everyone offers a Virtual Private Network (VPN) service these days. With the rising demand for true anonymity on the internet, service providers with suboptimal routing pathways, and increased demands for privacy and security, just about everyone recommends the use of a VPN. Whether you’re new to the concept or you’ve been operating from a proxied IP for years, verifying and ensuring the security of your connection will always be a top priority.

Some of the responsibility for a secure VPN rests in the hands of the service provider. There are steps that the provider can take to ensure “true” anonymity and security. The other half of the equation rests in the hands of the VPN user. There are a variety of settings, protocols, and options that can be configured to provide the maximum amount of security and privacy on most VPNs.

What makes a VPN service secure?

When evaluating the security of a VPN service and its connection, you’re going to be looking for a few things:

Administrative Logging:

• Administrative Logging: Whether or not your IP and its activities are logged and stored by the VPN service. Different services will have different policies on this, and just how secure your privacy is will vary from service to service. Some countries impose additional restrictions on the number of days logged for VPN activities, while others may have no restrictions.

Tunneling Protocol:

• Tunneling Protocol: Different protocols offer different amounts of encryption security and connection speed. Services that offer a variety of protocols are going to be more flexible and allow you to select the connection protocol that fits your own security vs. usability needs.

Consistent Connection and Uptime:

• Consistent Connection and Uptime: For most paid services, this won’t be a concern, but every VPN suffers the occasional drop in connection or a server down. In order for your location and activity to truly be protected, you need to have a constant connection to the service itself. Whenever your connection drops, you fall back to your own personal internet connection. There are ways to mitigate the privacy impact of this loss in connection, but the first line of defense is a good service provider with a high percentage uptime and a consistent connection.

Selecting a good VPN (like Surfshark) with strong security policies and a verified track record is important, and ensuring you look carefully at each services’ offerings is the first step in securing your VPN connection.

A closer look at VPN service security

Logging Policies

This may be the most important aspect of privacy and security when it comes to your VPN service. The entire idea behind running your connection through a VPN is to maintain anonymity and drastically reduce the likelihood that your activities or identity can be obtained by malicious individuals. The most effective way for a service to provide this level of security is to maintain zero logs on your activity.

An actual “zero-logging” policy is virtually impossible to find. It’s the nature of networking that some activity needs to be logged in some capacity for service and diagnostics. You’re going to be looking for a service that has a minimal amount of logging and concrete policies on the way this information is handled.

Again, this can vary based on the country the service is located as well as the policies of the service itself. While searching for a VPN, you’ll want to carefully examine the Terms of Service for each provider. Look for specifics on how long your information is retained, what is logged, and in what situations this information can be provided to others. This includes official requests from government agencies. The less information that can be given and the shorter it’s retained the better.

Protocols

Most VPNs will offer multiple tunneling protocols to connect to their service. The popular options are Point-to-Point Tunneling Protocol (PPTP), Layer-2 Tunneling Protocol (L2TP), and OpenVPN. Each has its own advantages and disadvantages, and you’ll need to select a service that offers the protocol that fits your needs.

PPTP connections are fastest, but also offer the least amount of security. For a large number of users, this may even be the preferred choice because its lower security overhead provides faster data transfer. If you’re seeking a more secure option, take a look at the other protocols.

L2TP is going to be the slowest but offers strong security. Its speed is lessened by the slow encryption used by the protocol, resulting in a trade of raw speed for security.

OpenVPN creates a balance between security and speed. It’s fast enough for the vast majority of users and also offers comparable security to the L2TP protocol.

Connection and Uptime

Networking is not an exact science. Switches can die, the software can have bugs, and data can slow to a crawl. A service provider with a well-established networking infrastructure will be able to get around most of these events and provide consistent uptime to their customers.

For the majority of paid services, uptime shouldn’t be much of a concern, but it’s always worth looking for more information on how a service is performing in this regard.

How to secure your VPN connection

Once you’ve selected a service, there are a few simple steps you can take to further reduce the risk of your privacy being compromised. These solutions will generally be configured through the application provided to you by your VPN service, or through a third-party application if you’ve chosen to not use your service’s software.

DNS Leaks:

Whenever you’re on the internet, your computer uses a DNS server to translate web addresses into IPs it can connect to. When you’re connected through a VPN, these requests should originate from the location of your VPN. Sometimes you can get a “leak” in DNS resolutions that cause your requests to come from your actual location instead of your VPN. There are websites and applications that can help you

monitor for DNS leaks

. Many VPN providers and applications give an option to monitor and correct DNS leaks. Check your configuration options and be sure any setting related to monitoring or correcting these leaks is turned on.

IPv6 Leaks: Similar to IPv4, but with far greater address space, IPv6 is used to assign addresses to devices on the internet. The vast majority of the internet is still using IPv4 but sometimes your IPv6 address is used instead. This address may not be protected by your VPN. To stop these leaks, simply disable IPv6 in your VPN applications settings.

VPN Kill Switch: Sometimes you may lose connection to your VPN service. When this happens, your activities become completely unmasked. To prevent the loss of privacy from losing connection to your VPN, go into your connection applications settings and turn on the kill switch feature. This may be labeled differently depending on how you are connecting to your VPN, but you’re generally looking for the setting that will disconnect you from any connected servers if your VPN loses its connection.

Test your IP: A simple solution for verifying that your VPN is working properly is to simply go to a website that will tell you your IP. You can find a range of these on the internet, including ones found on speed test sites and major internet service providers. Just look to see if the listed IP is your actual IP or not.

Source

Vim (also known as Vi Improved) is an open source graphical and command-line utility that aims to deliver a full-featured text editor designed for experienced programmers and developers of any kind who are looking for a versatile tool to write code. Keep in mind though, that Vim is not a word processor.

A Vi clone

Vim provides the power of the de-facto UNIX editor Vi, with a more complete feature set. It is useful whether you’re already using Vi or you write code with any other text editor of your choice. It is highly configurable, specially crafted to deliver efficient text editing on a mainstream operating system (see the section below for supported OSes).

Features at a glance

Key features includes vertically split windows, Vimdiff, folding, flexible indenting, Unicode support, comprehensive documentation, a powerful plugin architecture, as well as support for numerous scripting languages.

Getting started with Vim

Vim is not your regular text editor, especially if you were one of those people who used to work with pretty applications like Gedit, Leafpad, Sublime Text or UberWriter, nor Nano. It is a very sophisticated application that requires you to read its documentation, but if you’ve used Vi before, you’ll be just fine to upgrade to Vim.

A programmer’s editor

Vi Improved (Vim) is often called a “programmer’s editor,” and therefore it is extremely useful for and highly acclaimed by developers who want an entire IDE (Integrated Development Environment) into a single, easy-to-use software. However, Vim is perfect for all kinds of text editing, from editing configuration files to composing emails.

Supported operating systems and availability

Vim is not a GNU/Linux only application, as it officially supports many other operating systems, including BSD, Solaris, Amiga, OS/2, Mac OS X and Microsoft Windows. It is available for download as a universal sources archive and runs well on both 32-bit and 64-bit hardware platforms.

Source

Intel sent over the Core i9 9900K as their first 9th Gen Coffeelake-S CPU hitting store shelves today. With the embargo on that now expired, let’s have a look at how well this eight-core / sixteen-thread processor performs under Linux.

 

The Core i9 9900K is Intel’s new answer for competing with the likes of the AMD Ryzen 7 2700X, but does come at a higher price point of $499 USD. While the Core i9 9900K is a Coffeelake refresh, rather than being six cores / twelve threads, they are matching AMD’s precedent set by the Ryzen 7 processors in having eight cores / sixteen threads. This 14nm 8C / 16T processor has a base clock frequency of 3.6GHz with a turbo frequency at 5.0GHz, a 16MB L3 cache and supports dual-channel DDR4-2666 memory.

 

 

The Core i9 9900K has the same UHD Graphics 630 as existing Coffeelake/Kabylake processors. This LGA-1151 processor has a 95 Watt TDP and retail price of $499 USD. The 12nm FinFET 8C/16T AMD Ryzen 7 2700X as a reminder has a base clock frequency of 3.7GHz, 4.3GHz max boost clock, 16MB L3 cache, and a 105 Watt TDP. The biggest difference with the 2700X is the price with it retailing for just above $300 USD.

 

 

Most Intel motherboard vendors should be putting out BIOS updates (if not already) enabling the new 9th Gen CPUs to work in existing Coffeelake LGA-1151 motherboards. But there is also the new Z390 chipset rolling out as well. Z390 motherboards won’t be much of an upgrade if you already have a Z370 board, but some of the additions are useful including: better overclocking, USB 3.1 Gen 2 support, and integrated Intel Wireless-AC.

 

 

The motherboard I have been using for most of my pre-launch testing is the ASUS PRIME Z390-A. After the great experience using the ASUS PRIME Z370-A on Linux over the past year (and it still continues working great!), ASUS kindly sent over the Z390-A motherboard for this i9-9900K testing.

 

 

To no surprise given Intel’s always punctual Linux support and Z390 not being a whole lot different from previous Coffeelake motherboards, the ASUS Z390-A motherboard has been working out great under Ubuntu 18.04, Ubuntu 18.10, Fedora 29, and the like. The one caveat to point out is the unfortunate problem we have with most new Intel/AMD motherboards and that is the lack of sensor support for being able to read thermal/voltage/fan sensors with the stock mainline kernel drivers.

 

 

The ASUS PRIME Z390-A has two M.2 slots, Intel Optane memory support, USB 3.1 Gen 2 Type-C connections, and other features building off the success of the Z370-A. The ASUS PRIME Z390-A is priced well compared to other Z390 motherboards at launch with it going for about $190 USD. I’ll provide another update on the ASUS PRIME Z390-A in a few weeks but with the time I’ve spent with it so far this month and enduring a lot of benchmarks, the Z390-A has proven to be a great contender for Linux desktop systems.

 

Source

Neptune 5.0 – See What’s New

Neptune 5.0 the Linux distribution focused on KDE plasma has been release. This release uses the latest KDE Plasma 5.12 desktop environment along with the KDE Applications 17.12 and KDE Frameworks 5.43.0 software suites. It also promises new ways to run the latest software versions.

Powered by the long-term supported Linux 4.14 series kernel ported from Debian Stretch’s Backports repository, Neptune 5.0 ships not only with the latest and greatest Plasma LTS release but also features our known Neptune Artwork with beautiful designs for all applications no matter if GTK+2, GTK+3 or Qt4 or Qt5 applications. Combined with our Icon Theme this provides a truly marvelous user experience.

Neptune 5.0 release notes | Download Neptune 5.0

Source

Each attempt to login to SSH server is tracked and recorded into a log file by the rsyslog daemon in Linux. The most basic mechanism to list all failed SSH logins attempts in Linux is a combination of displaying and filtering the log files.

The most simple command to list all failed SSH logins is the one shown below.

#grep “Failed password” /var/log/auth.log

Sample output.

grep “Failed password” /var/log/auth.log

Sep 26 09:49:11 linuxforfreshers.com sshd[32138]: Failed password for ravi from 192.168.101.26 port 33325 ssh2

Oct 2 23:04:25 linuxforfreshers.com sshd[25028]: Failed password for root from 192.168.101.211 port 55800 ssh2

In order to display extra information about the failed SSH logins, issue the command as shown in the below example.

#egrep “Failed|Failure” /var/log/auth.log

In CentOS or RHEL, the failed SSH sessions are recorded in /var/log/secure file. Issue the above command against this log file to identify failed SSH logins.

#egrep “Failed|Failure” /var/log/secure

Sample output

Dec 29 16:11:01 localhost sshd[32526]: Failed password for root from 192.168.101.111 port 31729 ssh2

Dec 29 16:11:04 localhost sshd[32526]: Failed password for root from 58.218.198.264 port 31729 ssh2

Source

Memcached is a high performance storage engine designed for storing chunks for data, so it is great for storing sessions in it. The upside of doing this you notice a performance benefit from not writing these disk or a database is that you gain a performance increase. The downside is that memcached isn’t saving anything, so if memcached restarts all of the users will need to login again.

This guide assumes you have a working installation. If you do not please see How to install Memcached.

Configure PHP for Memcache

Make sure the memcache PHP extension is installed

php -i|grep memcache

If nothing returns go ahead and install it:

pecl install memcache

Find the location of your php.ini

# php -i|grep “Loaded Configuration File”
Loaded Configuration File => /usr/local/php7/etc/php.ini

Open the php.ini file and add the following line at the top:

extension=”memcache.so”

Configure PHP To Store Session Data In Memcached

You will want to edit your php.ini again and find the following lines:

session.save_handler =
session.save_path =

You will then want to update them to the following and uncomment them:

session.save_handler = memcache
session.save_path = ‘tcp://127.0.0.1.1:11211’

The reason we selected the PHP extension memcache vs memcached, is that the memcached extension is not available in PHP 7. Go ahead and save the file.

Restart your webserver

service nginx restart

or

service httpd restart

And your session data should now be stored in memcached

Aug 6, 2017LinuxAdmin.io

Source