Linux Blimp

One of the serious needs of a Linux system is to be kept up to date regularly with the latest security patches or updates available for the corresponding distribution.

In a previous article, we’ve explained how to configure automatic security update in Debian/Ubuntu, in this article we will explain how to set up your CentOS/RHEL 7/6 distribution to auto update essential security packages when needed.

Other Linux distributions in the same families (Fedora or Scientific Linux) can be configured similarly.

Configure Automatic Security Updates on CentOS/RHEL Systems

On CentOS/RHEL 7/6, you will need to install the following package:

# yum update -y && yum install yum-cron -y

Enable Automatic Security Updates on CentOS/RHEL 7

Once the installation is complete, open /etc/yum/yum-cron.conf and locate these lines – you will have to make sure that the values matches those listed here:

update_cmd = security
update_messages = yes
download_updates = yes
apply_updates = yes

The first line indicates that the unattended update command will be:

# yum --security upgrade

whereas the other lines enable notifications and automatic download and installation of security upgrades.

The following lines are also required to indicate that notifications will be sent via email from root@localhost to the same account (again, you may choose another one if you want).

emit_via = email
email_from = root@localhost
email_to = root

Enable Automatic Security Updates on CentOS/RHEL 6

By default, the cron is configured to download and install all updates immediately, but we can change this behavior in /etc/sysconfig/yum-cron configuration file by modifying these two parameters to yes.

# Don't install, just check (valid: yes|no)
CHECK_ONLY=yes

# Don't install, just check and download (valid: yes|no)
# Implies CHECK_ONLY=yes (gotta check first to see what to download)
DOWNLOAD_ONLY=yes

To enable email notification that about the security package updates, set the MAILTO parameter to a valid mail address.

# by default MAILTO is unset, so crond mails the output by itself
# example:  MAILTO=root
MAILTO=admin@tecmint.com

Finally, start and enable the yum-cron service:

------------- On CentOS/RHEL 7 ------------- 
systemctl start yum-cron
systemctl enable yum-cron

------------- On CentOS/RHEL 6 -------------  
# service yum-cron start
# chkconfig --level 35 yum-cron on

Congrats! You have successfully set up unattended upgrades on CentOS/RHEL 7/6.

Summary

In this article we have discussed how to keep your server updated regularly with the latest security patches or updates. Additionally, you learned how to configure email notifications in order to keep yourself updated when new patches are applied.

If you have any concerns about this article? Feel free to drop us a note using the comment form below. We look forward to hearing from you.

Source

Red Hat, Inc. the largest company in Open Source world, released last month one of their major enterprise products – RHEL 7.0 – Red Hat Enterprise Linux, designed for modern datacenters, new cloud platforms and big data.

Among other important improvement like switching to systemd, who now manages daemons, processes and other important system resources even for init services that are now passed through systemd start-up, use of Linux Containers with Docker, cross-realm trust for Microsoft Active Directory, one important aspect represents the XFS as the default filesystem, which can support filesystems up to 16 exabytes and files up to 8 exabytes.

Requirements:

You must have an active Red Hat subscription to download RHEL 7.0 ISO image from Red Hat Customer Portal.

1. RHEL 7.0 Binary DVD ISO image

Although RHEL can be installed on a variety of platforms, such as AMD 64, Intel 64, IBM System Z, IBM Power, etc. This tutorial covers the RHEL 7.0 basic minimal installation with on an Intel x86-64 processor architecture using a binary DVD ISO image, an installation best suited for developing a high customizable server platform with no Graphical Interface.

Installation of Red Hat Enterprise Linux 7.0

1. After registering on Red Hat Customer Portal go to Download section and grab the last version of RHEL DVD Binary ISO image, then burn it to a DVD media or create a USB bootable media using Unetbootin LiveUSB Creator.

2. Then place the DVD/USB in your appropriate system drive, start your computer, select bootable unit and on the first RHEL prompt select Install Red Hat Enterprise Linux 7.0.

3. After the system loads, select the language for installation process and hit on Continue.

4. When the installer gets on Installation Summary it’s time to customize the installation process. First click on Date & Time, choose your system location from the provided map and hit on Done to apply configuration.

5. The next step is to change Language System Support and Keyboard language. Click on both if you want to change or add other languages to your system but for a server the recommendation is to stick with English language.

6. If you want to use other sources than the ones provided by the DVD media hit on Installation Source and add your Additional Repositories or specify a network location using HTTP, HTTPS, FTP or NFS protocols then hit on Done to use your new sources. If you can’t provide other sources stick to default one Auto-detected installation media.

7. The next important step is to select your system software. Click on Software Selection and choose your Base Installation Environment from the down-list. For a highly customizable platform where you can install only the packages that you need after the installation, choose Minimal Install with Compatibility Libraries Add-ons, then hit on Done to apply this changes to installation process.

8. The next important step is to configure your system partitions. Click on Installation Destination, select LVMas partition scheme for a
better management over system space, then hit on Click here to create them automatically.

9. After the installer presents you with default system partition scheme you can edit in any way that suits you (delete and recreate partitions and mount points, change partitions space capacity and file system type, etc.). As the base scheme for a server you should use dedicated partitions such as:

1. /boot – 500 MB – non-LVM
2. /root – min 20 GB – LVM
3. /home – LVM
4. /var – min 20 GB – LVM

With XFS filesystem, which is the most advanced filesystem in the world. After editing partitions hit on Update Setting button, then click on Done then Accept Changes on Summary of Changes prompt to apply new configurations.

As a note, if your Hard-Disk is larger than 2TB in size the installer automatically will convert partition table to GPT disks and if you want to use GPT table on disks smaller than 2TB, then you should pass the argument inst.gpt to the boot command line in order to change the default behaviour.

10. The last step before continuing with installation process is setting your Network Connection. Click on Network & Hostname and setup your system hostname. Here you can use your short system hostname or you can append the dot domain (FQDN).

11. After setting up hostname bring up your Network Interface by switching the top Ethernet button to ON. If your network provides automatic Interface configurations through a DHCP server your IPs should be visible on Ethernet Interface Card else go to Configure button and provide your static network settings for your appropriate network connection.

12. After finishing editing Ethernet Interface settings hit on Done which you bring you to default window installer and after you check on your installation settings hit on Begin Installation to proceed further with system installation.

13. As the installation begins writing the system components on your hard-disk, you need to supply your Root Password and create a new User. Click on Root Password and try choose a strong with one at least eight characters in length (alpha-numerical and special characters) and hit in Done when you finish.

14. Then move to User Creation and provide your credentials for this new user. A good idea is to use this user as a system administrator with root powers through sudo command by checking the box Make this user administrator, then click on Done and wait for the installation process to finish.

15. After the installation finishes the installer will announce that everything completed with success so you should be ready to use your system after reboot.

Congratulation! Remove you installation media and reboot your computer and you can now login to your new minimal Red Hat Linux 7.0 environment and perform other system tasks for beginning like register you system to a Red Hat Subscription, activate your system Repositories, update you system and install other useful tools needed to run day to day tasks.

These all tasks can be discussed in my upcoming article. Till then stay tuned to Tecmint for more such howto’s and don’t forget to give your feedback about the installation.

Source

This tutorial will guide you on how to perform a minimal installation of latest version of CentOS 7.0, using the binary DVD ISO image, an installation that is best suitable for developing a future customizable server platform, with no Graphical User Interface, where you can install only the software that you need.

If you want to find out more about what’s new in this release of CentOS 7.0 holds and download links, I suggest reading the previous article on release announcements:

1. CentOS 7.0 Features and Download ISO Images

Requirements

1. CentOS 7.0 DVD ISO

CentOS 7.0 Installation Process

1. After downloading the last version of CentOS using above links or using official CentOS download page. Burn it to a DVD or create a bootable USB stick using LiveUSB Creator called Unetbootin.

2. After you have created the installer bootable media, place your DVD/USB into your system appropriate drive, start the computer, select your bootable unit and the first CentOS 7 prompt should appear. At the prompt choose Install CentOS 7 and press [Enter] key.

Amazon Simple Storage Service (S3) allows modern businesses to store their data, collect it from a wide variety of sources, and easily analyze it from anywhere. With its robust security, compliance capabilities, management and native analytics tools, Amazon S3 stands out in the cloud storage industry.

On top of this, data is stored redundantly in multiple, physically-separate data centers with independent power substations. In other words, S3 gets you covered no matter what.

What can be more perfect than that? CloudBerry, the #1 cross-platform cloud backup software, can be seamlessly integrated with Amazon S3. This gives you the experience, support, and functionality of 2 heavy weights in one place. Let’s take a few minutes to discover how you can harness the power of these solutions to backup your files in the cloud.

Installing and Activating CloudBerry License

In this article we will install and configure CloudBerry on a CentOS 7 desktop system. The instructions provided in CloudBerry Backup for Linux: Review and Installation should apply with minimal (if any) modifications on other desktop distributions such as Ubuntu, Fedora, or Debian.

The installation process can be summarized as follows:

1. 1. Download the free trial from the CloudBerry Linux Backup Solution page.
   2. Double click on the file, and choose Install.
   3. Remove the installation file.
   4. To activate the trial license, open a terminal and run the following commands (note the pair of single quotes around CloudBerry Backup in the first one):

# cd /opt/local/'CloudBerry Backup'/bin
# ./cbb activateLicense -e "YourEmailHere@YourDomain.com" -t "ultimate"

1. Go to the Internet or Office section under your Applications menu.
2. Choose CloudBerry Backup and Continue trial, then click Finish.

That’s all – now let’s configure CloudBerry to use Amazon S3 as our cloud storage solution.

Configuring CloudBerry + Amazon S3

Integrating CloudBerry and Amazon S3 is a walk in the park:

To begin, click the Settings menu and choose Amazon S3 & Glacier from the list. You will also need to choose a descriptive Display Name, and enter your Access and Secret keys.

These should be available from your Amazon S3 account, as is the Bucket where you will be storing your data. When you’re done, look under Backup Storage to find the newly created backup solution:

Hint: You can now go to the Backup tab to indicate how many versions of files you want to keep, and whether you want to follow soft links or not, among other settings.

Next, to create a backup plan, choose the Backup menu and the cloud storage we created earlier:

Now specify a plan name:

and indicate the location you want to backup:

Do you want to exclude certain types of files? That’s not a problem:

Encryption and compression to increase data transfer speeds and security? You bet:

You can either use the backup retention policy defined for the whole product, or create one specifically for the current plan. We will go with the first here. Finally, let’s specify the backup frequency or method that best suits our needs:

At the end of the plan creation, CloudBerry lets you run it. You can either do that or wait until the next scheduled backup to happen. If any errors happen, you will get a notification at the registered email address prompting you to correct what’s wrong.

In the following image we can see that S3 Transfer Acceleration is not enabled in the tecmint bucket. We can either enable it following the instructions provided in Amazon S3 Transfer Acceleration page or remove this feature from our plan’s current configuration.

After we have corrected the above issue, let’s run the backup again. This time it succeeds:

Note that you can store multiple versions of the same file(s) as indicated earlier. To distinguish one from another, a timestamp is added at the end of the path (20180317152702) as you can see in the above image.

Restoring Files from Amazon S3

Of course, backing up our files would be useless if we can’t restore them when we need them. To set up a restoration process, click the Restore menu and choose the plan you will be using. Since the steps involved are pretty straightforward, we will not go into detail here. However, let’s summarize the steps as a quick reference:

• Indicate restore method: restore once (when you press Finish in the last wizard step) or create a Restoreplan to run at a specified time.
• If you are storing multiple versions of your file(s), you will need to tell CloudBerry if you want to restore the latest version or the one at a specific point in time.
• Specify the file(s) and directories you want to restore.
• Enter the decryption password. This is the same that was used to encrypt the file(s) in the first place.

Once done, the restore will be performed automatically. As you can see in the following image, the file tecmintamazons3.txt was restored after being deleted manually from /home/gacanepa:

Congratulations! You have set up a complete backup and restore solution in less than 30 minutes.

Summary

In this post we have explained how to backup your file(s) to and from Amazon S3 using CloudBerry. With all the features offered by these 2 tools, you don’t need to look any further for your backup needs.

If you have any questions, feel free to reach us using the comment form.

Source

SSL Certificates fall into two broad categories: 1) Self-Signed Certificate which is an identity certificate that is signed by the same entity whose identity it certifies-on signed with its own private key, and 2) Certificates that are signed by a CA (Certificate Authority) such as Let’s Encrypt, Comodo and many other companies.

Self-Signed Certificates are commonly used in test environments for LAN services or applications. They can be generated for free using OpenSSL or any related tool. On the other hand, for sensitive, public-facing production services, applications or websites, it is highly recommended to use a certificate issued and verified by a trusted CA.

The first step towards acquiring an SSL certificate issued and verified by a CA is generating a CSR (short for Certificate Signing Request).

In this article, we will demonstrate how to create a CSR (Certificate Signing Request) on a Linux system.

Creating a CSR – Certificate Signing Request in Linux

To create a CSR, you need the OpenSSL command line utility installed on your system, otherwise, run the following command to install it.

$ sudo apt install openssl  [On Debian/Ubuntu]
$ sudo yum install openssl  [On CentOS/RHEL]
$ sudo dnf install openssl  [On Fedora]

Then issue the following command to generate a CSR and the key that will protect your certificate.

$ openssl req -new -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr

where:

• req enables the part of OpenSSL that handles certificate requests signing.
• -newkey rsa:2048 creates a 2048-bit RSA key.
• -nodes means “don’t encrypt the key”.
• -keyout example.com.key specifies the filename to write on the created private key.
• -out example.com.csr specifies the filename to write the CSR to.

Answer correctly, the questions you will be asked. Note that your answers should match information in legal documents regarding the registration of your company. This information is critically checked by the CA before issuing your certificate.

After creating your CSR, view the contents of the file using a cat utility, select it and copy it.

$ cat example.com.csr

Then go back to your CA’s website, log in, go to the page will contain the SSL certificate you purchased, and activate it. Then in a window such as the one below, paste your CSR in the correct input field.

In this example, we created a CSR for a multiple domain certificate purchased from Namecheap.

Then follow the rest of the instructions to initiate activation of your SSL certificate. For more information about OpenSSL command, see its man page:

$ man openssl

That’s all for now! Always remember that the first step to getting your own SSL certificate from a CA is to generate a CSR. Use the feedback form below to ask any questions or share your comments with us.

Source

Tomb is a free open source, small, powerful and simple tool for encrypting files on GNU/Linux. At the time of this writing, it comprises of a shell script (zsh) using generic filesystem GNU tools and the Linux kernel crypto API (cryptsetup and LUKS).

It also employs various GNU/Linux tools such as steghide, lsof, mlocate, resizefs, dcfld and many more, to extend its functionality.

Tomb is used to create secure backups of secret or personal files in encrypted, password-protected directories called tombs. These directories can only be opened using their associated keyfiles and passwords.

After creating a tomb, you can store its key files separately, for example your tomb file can exist on a remote server while the key file is on your laptop or desktop at home or in office. If the tomb file is on your laptop or desktop, you can hide it within the filesystem or as a more secure option, store the key in a USB drive.

In addition, you can hide a tomb in the filesystem or move it safely over a network or in external storage media; share it with other friends or colleagues. You can also hide a key in an image as we will see later on.

Requirements

Tomb needs a few programs such as zsh, gnupg, cryptsetup and pinentry-curses to be installed on a system in order to work.

How to Installing Tomb in Linux Systems

First start by installing the following required tools using your distribution default package manager and also we will install steghide to add functionality for hiding of keys in images.

$ sudo apt install gnupg zsh cryptsetup pinentry-curses steghide	#Debian/Ubuntu
$ sudo yum install gnupg zsh cryptsetup pinentry-curses steghide	#CentOS/RHEL
$ sudo dnf install gnupg zsh cryptsetup pinentry-curses steghide	#Fedora 22+

After installing required packages, download the stable tomb source code for your distribution or use the following wget command to download directly in terminal as shown.

$ cd Downloads/
$ wget -c https://files.dyne.org/tomb/Tomb-2.5.tar.gz 

Next, extract the tar archive file you just downloaded and move into the decompressed folder.

$ tar -xzvf Tomb-2.5.tar.gz
$ cd Tomb-2.5

Finally, run the following command, as root or use sudo command to gain root privileges, to install the binary under /usr/local/bin/.

$ sudo make install

How to Create Tombs in Linux Systems

After installing tomb, you can generate a tomb by creating a new key for it and set its password as explained below.

To create a tomb, use the dig sub-command and the -s flag to set its size in MB (this size can be increased when a tomb gets full to capacity after adding files).

$ sudo tomb dig -s 30 tecmint.tomb      

Then create a new key for tecmint.tomb with the forge sub-command and set its password when asked. This operation will take some time to complete, just sit back and relax or go prepare yourself a cup of coffee.

$ sudo tomb forge tecmint.tomb.key

While creating the key, tomb will complain if swap space exists on disk, and it will terminate if that swap memory is turned on as shown in the following screenshot. This is due to a security risk associated with swap memory on disk (refer to documentation or man page for more information).

You can either use the -f flag to force the operation or turn of swap memory with the following command.

$ sudo swapoff -a

Then try to create the tomb key once more.

Next, format tecmint.tomb to lock it with the above key. The -k flag specifies the location of the key file to use.

$ sudo tomb lock tecmint.tomb -k tecmint.tomb.key

How to Open a New Tomb

To open a tomb, use the open sub-command, you will be prompted to enter the password you set while creating the tomb.

$ sudo tomb open -k tecmint.tomb.key tecmint.tomb  

From the output of the previous command, the tomb has been opened and mounted on /media/tecmint/ – this is where you can add your secret files.

If you have numerous tombs, you can list all open tombs plus get some information about them as shown.

$ sudo tomb list 

How to Copy Files to Open Tomb

Now you can add your secret or important files to the tomb as follows. Every time you need to add more files, open the tomb first, as shown above.

$ sudo cp -v passwds.txt accounts.txt keys.txt -t /media/tecmint/

After opening a tomb, once you are done using it or adding files to it, use the close sub-command to close the tomb file. But if a process is working with an open tomb, if may fail to close.

$ sudo tomb close

You can close all tombs by running.

$ sudo tomb close all

To force an open tomb to close, even when a process is interacting with it, use the slam sub-command.

$ sudo tomb slam 
OR
$ sudo tomb slam all 

How to Hiding Tomb Key in an Image

It is also possible to hide/encode the tomb key in an image using the bury sub-command, as follows

$ sudo tomb bury -k tecmint.tomb.key zizu.jpg 

Then use the newly created jpeg image to open the tomb, as shown.

$ sudo tomb open -k zizu.jpg tecmint.tomb

You can also recover a key encoded in a jpeg image with the exhume sub-command.

$ sudo tomb  exhume zizu.jpg -k tecmint.tomb.key
OR
$ sudo tomb -f exhume zizu.jpg -k tecmint.tomb.key   #force operation if key exists in current directory

Attention: Remember to hide the tomb key, do not keep it in the same directory with the tomb. For example, we will move the key for tecmint.tomb into a secret location (you can use your own location) or keep it on an external media or move it to remote server over SSH.

$ sudo mv tecmint.tomb.key /var/opt/keys/  

Unfortunately, we can not exploit all the tomb usage commands and options in this guide, you can consult its man page for more information. There, you will find instruction on how to change a tomb’s key and password, resize it and much more.

$ man tomb 

Tomb Github repository: https://github.com/dyne/Tomb

Summary

Tomb is a simple yet powerful and easy-to-use encryption tool for handling files as delicate as secrets, on GNU/Linux systems. Share your thoughts about it via the comment form below.

Source

We have taken initiative to produce Linux tips and tricks series. If you’ve missed the last article of this series, you may like to visit the link below.

1. 5 Interesting Command Line Tips and Tricks in Linux

In this article, we will share some interesting Linux tips and tricks to generate random passwords and also how to encrypt and decrypt passwords with or without slat method.

Security is one of the major concern of digital age. We put on password to computers, email, cloud, phone, documents and what not. We all know the basic to choose the password that is easy to remember and hard to guess. What about some sort of machine based password generation automatically? Believe me Linux is very good at this.

1. Generate a random unique password of length equal to 10 characters using command ‘pwgen‘. If you have not installed pwgen yet, use Apt or YUM to get.

$ pwgen 10 1

Generate several random unique passwords of character length 50 in one go!

$ pwgen 50

2. You may use ‘makepasswd‘ to generate random, unique password of given length as per choice. Before you can fire makepasswd command, make sure you have installed it. If not! Try installing the package ‘makepasswd’ using Apt or YUM.

Generate a random password of character length 10. Default Value is 10.

$ makepasswd 

Generate a random password of character length 50.

$ makepasswd  --char 50

Generate 7 random password of 20 characters.

$ makepasswd --char 20 --count 7

3. Encrypt a password using crypt along with salt. Provide salt manually as well as automatically.

For those who may not be aware of salt,

Salt is a random data which servers as an additional input to one way function in order to protect password against dictionary attack.

Make sure you have installed mkpasswd installed before proceeding.

The below command will encrypt the password with salt. The salt value is taken randomly and automatically. Hence every time you run the below command it will generate different output because it is accepting random value for salt every-time.

$ mkpasswd tecmint

Now lets define the salt. It will output the same result every-time. Note you can input anything of your choice as salt.

$ mkpasswd tecmint -s tt

Moreover, mkpasswd is interactive and if you don’t provide password along with the command, it will ask password interactively.

4. Encrypt a string say “Tecmint-is-a-Linux-Community” using aes-256-cbc encryption using password say “tecmint” and salt.

# echo Tecmint-is-a-Linux-Community | openssl enc -aes-256-cbc -a -salt -pass pass:tecmint

Here in the above example the output of echo command is pipelined with openssl command that pass the input to be encrypted using Encoding with Cipher (enc) that uses aes-256-cbc encryption algorithm and finally with salt it is encrypted using password (tecmint).

5. Decrypt the above string using openssl command using the -aes-256-cbc decryption.

# echo U2FsdGVkX18Zgoc+dfAdpIK58JbcEYFdJBPMINU91DKPeVVrU2k9oXWsgpvpdO/Z | openssl enc -aes-256-cbc -a -d -salt -pass pass:tecmint

That’s all for now. If you know any such tips and tricks you may send us your tips at admin@tecmint.com, your tip will be published under your name and also we will include it in our future article.

Keep connected. Keep Connecting. Stay Tuned.

Source

Encryption is the process of encoding files in such a way that only those who are authorized can access it. Mankind is using encryption from ages even when computers were not in existence. During war they would pass some kind of message that only their tribe or those who are concerned were able to understand.

Linux distribution provides a few standard encryption/decryption tools that can prove to be handy at times. Here in this article we have covered 7 such tools with proper standard examples, which will help you to encrypt, decrypt and password protect your files.

If you are interested in knowing how to generate Random password in Linux as well as creating random password you may like to visit the below link:

Generate/Encrypt/Decrypt Random Passwords in Linux

1. GnuPG

GnuPG stands for GNU Privacy Guard and is often called as GPG which is a collection of cryptographic software. Written by GNU Project in C programming Language. Latest stable release is 2.0.27.

In most of the today’s Linux distributions, the gnupg package comes by default, if in-case it’s not installed you may apt or yum it from repository.

$ sudo apt-get install gnupg
# yum install gnupg

We have a text file (tecmint.txt) located at ~/Desktop/Tecmint/, which will be used in the examples that follows this article.

Before moving further, check the content of the text file.

$ cat ~/Desktop/Tecmint/tecmint.txt

Now encrypt tecmint.txt file using gpg. As soon as you run the gpc command with option -c (encryption only with symmetric cipher) it will create a file texmint.txt.gpg. You may list the content of the directory to verify.

$ gpg -c ~/Desktop/Tecmint/tecmint.txt
$ ls -l ~/Desktop/Tecmint

Note: Enter Paraphrase twice to encrypt the given file. The above encryption was done with CAST5 encryption algorithm automatically. You may specify a different algorithm optionally.

To see all the encryption algorithm present you may fire.

$ gpg --version

Now, if you want to decrypt the above encrypted file, you may use the following command, but before we start decrypting we will first remove the original file i.e., tecmint.txt and leave the encrypted file tecmint.txt.gpguntouched.

$ rm ~/Desktop/Tecmint/tecmint.txt
$ gpg ~/Desktop/Tecmint/tecmint.txt.gpg

Note: You need to provide the same password you gave at encryption to decrypt when prompted.

2. bcrypt

bcrypt is a key derivation function which is based upon Blowfish cipher. Blowfish cipher is not recommended since the time it was figured that the cipher algorithm can be attacked.

If you have not installed bcrypt, you may apt or yum the required package.

$ sudo apt-get install bcrypt
# yum install bcrypt

Encrypt the file using bcrypt.

$ bcrypt ~/Desktop/Tecmint/tecmint.txt

As soon as you fire the above command, a new file name texmint.txt.bfe is created and original file tecmint.txtgets replaced.

Decrypt the file using bcrypt.

$ bcrypt tecmint.txt.bfe

Note: bcrypt do not has a secure form of encryption and hence it’s support has been disabled at least on Debian Jessie.

3. ccrypt

Designed as a replacement of UNIX crypt, ccrypt is an utility for files and streams encryption and decryption. It uses Rijndael cypher.

If you have not installed ccrypt you may apt or yum it.

$ sudo apt-get install ccrypt
# yum install ccrypt

Encrypt a file using ccrypt. It uses ccencrypt to encrypt and ccdecrypt to decrypt. It is important to notice that at encryption, the original file (tecmint.txt) is replaced by (tecmint.txt.cpt) and at decryption the encrypted file (tecmint.txt.cpt) is replaced by original file (tecmint.txt). You may like to use ls command to check this.

Encrypt a file.

$ ccencrypt ~/Desktop/Tecmint/tecmint.txt

Decrypt a file.

$ ccdecrypt ~/Desktop/Tecmint/tecmint.txt.cpt

Provide the same password you gave during encryption to decrypt.

4. Zip

It is one of the most famous archive format and it is so much famous that we generally call archive files as zip files in day-to-day communication. It uses pkzip stream cipher algorithm.

If you have not installed zip you may like to apt or yum it.

$ sudo apt-get install zip
# yum install zip

Create a encrypted zip file (several files grouped together) using zip.

$ zip --password mypassword tecmint.zip tecmint.txt tecmint1.1txt tecmint2.txt

Here mypassword is the password used to encrypt it. A archive is created with the name tecmint.zip with zipped files tecmint.txt, tecmint1.txt and tecmint2.txt.

Decrypt the password protected zipped file using unzip.

$ unzip tecmint.zip

You need to provide the same password you provided at encryption.

5. Openssl

Openssl is a command line cryptographic toolkit which can be used to encrypt message as well as files.

You may like to install openssl, if it is not already installed.

$ sudo apt-get install openssl
# yum install openssl

Encrypt a file using openssl encryption.

$ openssl enc -aes-256-cbc -in ~/Desktop/Tecmint/tecmint.txt -out ~/Desktop/Tecmint/tecmint.dat

Explanation of each option used in the above command.

1. enc : encryption
2. -aes-256-cbc : the algorithm to be used.
3. -in : full path of file to be encrypted.
4. -out : full path where it will be decrypted.

Decrypt a file using openssl.

$ openssl enc -aes-256-cbc -d -in ~/Desktop/Tecmint/tecmint.dat > ~/Desktop/Tecmint/tecmint1.txt

6. 7-zip

The very famous open source 7-zip archiver written in C++ and able to compress and uncompress most of the known archive file format.

If you have not installed 7-zip you may like to apt or yum it.

$ sudo apt-get install p7zip-full
# yum install p7zip-full

Compress files into zip using 7-zip and encrypt it.

$ 7za a -tzip -p -mem=AES256 tecmint.zip tecmint.txt tecmint1.txt

Decompress encrypted zip file using 7-zip.

$ 7za e tecmint.zip

Note: Provide same password throughout in encryption and decryption process when prompted.

All the tools we have used till now are command based. There is a GUI based encryption tool provided by nautilus, which will help you to encrypt/decrypt files using Graphical interface.

7. Nautilus Encryption Utility

Steps to encrypt files in GUI using Nautilus encryption utility.

Encryption of file in GUI

1. Right click the file you want to encrypt.

2. Select format to zip and provide location to save. Provide password to encrypt as well.

3. Notice the message – encrypted zip created successfully.

Decryption of file in GUI

1. Try opening the zip in GUI. Notice the LOCK-ICON next to file. It will prompt for password, Enter it.

2. When successful, it will open the file for you.

That’s all for now. I’ll be here again with another interesting topic. Till then stay tuned and connected to Tecmint. Don’t forget to provide us with your valuable feedback in the comments below. Like and share us and help us get spread.

Source

When you have important sensitive data, then its crucial to have an extra layer of security to your files and directories, specially when you need to transmit the data with others over a network.

That’s the reason, I am looking for a utility to encrypt and decrypt certain files and directories in Linux, luckily I found a solution that tar with OpenSSL can do the trick, yes with the help of these two tools you can easily create and encrypt tar archive file without any hassle.

Don’t Miss: 7 Tools to Encrypt and Decrypt Files in Linux

In this article, we will see how to create and encrypt a tar or gz (gzip) archive file with OpenSSL:

Remember that the conventional form of using OpenSSL is:

# openssl command command-options arguments

Encrypt Files in Linux

To encrypt the contents of the current working directory (depending on the size of the files, this may take a while):

# tar -czf - * | openssl enc -e -aes256 -out secured.tar.gz

Explanation of the above command:

1. enc – openssl command to encode with ciphers
2. -e – a enc command option to encrypt the input file, which in this case is the output of the tar command
3. -aes256 – the encryption cipher
4. -out – enc option used to specify the name of the out filename, secured.tar.gz

Decrypt Files in Linux

To decrypt a tar archive contents, use the following command.

# openssl enc -d -aes256 -in secured.tar.gz | tar xz -C test

Explanation of the above command:

1. -d – used to decrypt the files
2. -C – extract in subdirectory named test

The following image shows the encryption process and what happens when you try to:

1. extract the contents of the tarball the traditional way
2. use the wrong password, and
3. when you enter the right password

When you are working on a local network or the Internet, you can always secure your vital documents or files that you share with others by encrypting them, this can help reduce the risk of exposing them to malicious attackers.

We looked at a simple technique of encrypting tarballs using OpenSSL, a openssl command line tool. You can refer to its man page for more information and useful commands.

As usual, for any additional thoughts or simple tips that you wish to share with us, use the feedback form below and in the upcoming tip, we shall look at a way of translating rwx permissions into octal form.

Source

mStream is a free, open source and cross-platform personal music streaming server that lets you sync and stream music between all your devices. It consists of a lightweight music streaming server written with NodeJS; you can use it to stream your music from your home computer to any device, anywhere.

Server Features

• Works on Linux, Windows, OSX and Raspbian
• Dependency Free Installation
• Light on memory and CPU usage
• Tested on multi-terabyte libraries

WebApp Features

• Gapless Playback
• Milkdrop Visualizer
• Playlist Sharing
• Upload Files through the file explorer
• AutoDJ – Queues up random songs

Importantly, mStream Express is a special version of the server that comes with all the dependencies pre-packaged and in this article, we will explain how to install and use mStream to stream your home music to anywhere from the Linux.

Before you install mStream, check out the demo: https://demo.mstream.io/

How to Install mStream Express in Linux

The easiest way to install mStream, without facing any dependencies issues is to download the latest version of mStream Express from the release page and run it.

The package comes with an additional set of UI tools and features for adding tray icon for easy server management, auto boots server on startup and GUI tools for server configuration.

You can use the wget command to download it directly from the command line, unzip the archive file, move into the extracted folder and run the mstreamExpress file as follows.

$ wget -c https://github.com/IrosTheBeggar/mStream/releases/download/3.9.1/mstreamExpress-linux-x64.zip
$ unzip mstreamExpress-linux-x64.zip 
$ cd mstreamExpress-linux-x64/
$ ./mstreamExpress

After starting mstreamExpress, the server configuration interface will show up as shown in the following screenshot. Enter the config options and click on Boot Server.

Once the server has booted, you will see the following messages.

To access the webapp, go to the address: http://localhost:3000 or http://server_ip:3000.

You can easily manage the server via the Tray Icon; it has options to disable auto-boot, restart and reconfigure, advanced options, manage DDNS and SSL, among others.

mStream Github repository: https://github.com/IrosTheBeggar/mStream.

That’s all! mStream is an easy to install and personal music streaming software. In this article, we showed how to easily install and use mStream Express in Linux. If you have any queries, reach us via the feedback form below.

Source