Linux Blimp

There are constant level of high attacks and port scans on Linux servers all the time, while a properly configured firewall and regular security system updates adds a extra layer to keep the system safe, but you should also frequently watch if anyone got in. This will also helps to ensure that your server stays free of any program that aims at disrupting its normal operation.

The tools presented in this article are created for these security scans and they are able to identity Virus, Malwares, Rootkits, and Malicious behaviors. You can use these tools make regularly system scans e.g. every night and mail reports to your email address.

1. Lynis – Security Auditing and Rootkit Scanner

Lynis is a free, open source, powerful and popular security auditing and scanning tool for Unix/Linux like operating systems. It is a malware scanning and vulnerability detecting tool that scans systems for security information and issues, file integrity, configuration errors; performs firewall auditing, checks installed software, file/directory permissions and so much more.

Importantly, it doesn’t automatically perform any system hardening, however, it simply offers suggestions that enable you to harden your server.

We will install latest version of Lynis (i.e. 2.6.6) from the sources, using following commands.

# cd /opt/
# wget https://downloads.cisofy.com/lynis/lynis-2.6.6.tar.gz
# tar xvzf lynis-2.6.6.tar.gz
# mv lynis /usr/local/
# ln -s /usr/local/lynis/lynis /usr/local/bin/lynis

Now you can perform your system scanning with the command below.

# lynis audit system

To make run Lynis automatically at every night, add the following cron entry, which will run at 3am night and send reports to your email address.

0 3 * * * /usr/local/bin/lynis --quick 2>&1 | mail -s "Lynis Reports of My Server" you@yourdomain.com

2. Chkrootkit – A Linux Rootkit Scanners

Chkrootkit is also another free, open source rootkit detector that locally checks for signs of a rootkit on a Unix-like systems. It helps to detect hidden security holes. The chkrootkit package consists of a shell script that checks system binaries for rootkit modification and a number of programs that check various security issues.

The chkrootkit tool can be installed using following command on Debian-based systems.

$ sudo apt install chkrootkit

On CentOS-based systems, you need to install it from sources using following commands.

# yum update
# yum install wget gcc-c++ glibc-static
# wget -c ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
# tar –xzf chkrootkit.tar.gz
# mkdir /usr/local/chkrootkit
# mv chkrootkit-0.52/* /usr/local/chkrootkit
# cd /usr/local/chkrootkit
# make sense

To check your server with Chkrootkit run the following command.

$ sudo chkrootkit 
OR
# /usr/local/chkrootkit/chkrootkit

Once run, it will start checking your system for known Malwares and Rootkits and after the process is finished, you can see the summary of report.

To make run Chkrootkit automatically at every night, add the following cron entry, which will run at 3am night and send reports to your email address.

0 3 * * * /usr/sbin/chkrootkit 2>&1 | mail -s "chkrootkit Reports of My Server" you@yourdomain.com

Rkhunter – A Linux Rootkit Scanners

RKH (RootKit Hunter) is a free, open source, powerful, simple to use and well known tool for scanning backdoors, rootkits and local exploits on POSIX compliant systems such as Linux. As the name implies, it is a rootkit hunter, security monitoring and analyzing tool that is thoroughly inspects a system to detect hidden security holes.

The rkhunter tool can be installed using following command on Ubuntu and CentOS based systems.

$ sudo apt install rkhunter
# yum install epel-release
# yum install rkhunter

To check your server with rkhunter run the following command.

# rkhunter -c

To make run rkhunter automatically at every night, add the following cron entry, which will run at 3am night and send reports to your email address.

0 3 * * * /usr/sbin/rkhunter -c 2>&1 | mail -s "rkhunter Reports of My Server" you@yourdomain.com

4. ClamAV – Antivirus Software Toolkit

ClamAV is an open source, versatile, popular and cross-platform antivirus engine to detect viruses, malware, trojans and other malicious programs on a computer. It is one of the best free anti-virus programs for Linux and the open source standard for mail gateway scanning software that supports almost all mail file formats.

It supports virus database updates on all systems and on-access scanning on Linux only. In addition, it can scan within archives and compressed files and supports formats such as Zip, Tar, 7Zip, Rar among others and more other features.

The ClamAV can be installed using following command on Debian-based systems.

$ sudo apt-get install clamav

The ClamAV can be installed using following command on CentOS-based systems.

# yum -y update
# yum -y install clamav

Once installed, you can update the signatures and scan a directory with the following commands.

# freshclam
# clamscan -r -i DIRECTORY

Where DIRECTORY is the location to scan. The options -r, means recursively scan and the -i means to only show infected files.

5. LMD – Linux Malware Detect

LMD (Linux Malware Detect) is an open source, powerful and fully-featured malware scanner for Linux specifically designed and targeted at shared hosted environments, but can be used to detect threats on any Linux system. It can be integrated with ClamAV scanner engine for better performance.

It provides a full reporting system to view current and previous scan results, supports e-mail alert reporting after every scan execution and many other useful features.

For LMD installation and usage, read our article How to Install and Use Linux Malware Detect (LMD) with ClamAV as Antivirus Engine.

That’s all for now! In this article, we shared a list of 5 tools to scan a Linux server for malware and rootkits. Let us know of your thoughts in the comments section.

Source

Linfo is a free and open source, cross-platform server statistics UI/library which displays a great deal of system information. It is extensible, easy-to-use (via composer) PHP5 library to get extensive system statistics programmatically from your PHP application. It’s a Ncurses CLI view of Web UI, which works in Linux, Windows, *BSD, Darwin/Mac OSX, Solaris, and Minix.

It displays system info including CPU type/speed; architecture, mount point usage, hard/optical/flash drives, hardware devices, network devices and stats, uptime/date booted, hostname, memory usage (RAM and swap, if possible), temperatures/voltages/fan speeds and RAID arrays.

Requirements:

• PHP 5.3
• pcre extension
• Linux – /proc and /sys mounted and readable by PHP and Tested with the 2.6.x/3.x kernels

How to Install Linfo Server Stats UI/library in Linux

First, create a Linfo directory in your Apache or Nginx web root directory, then clone and move repository files into /var/www/html/linfo using the rsync command as shown below:

$ sudo mkdir -p /var/www/html/linfo 
$ git clone git://github.com/jrgp/linfo.git 
$ sudo rsync -av linfo/ /var/www/html/linfo/

Then rename sample.config.inc.php to config.inc.php. This is the Linfo config file, you can define your own values in it:

$ sudo mv sample.config.inc.php config.inc.php 

Now open the URL http://SERVER_IP/linfo in web browser to see the Web UI as shown in the screenshots below.

This screenshot shows the Linfo Web UI displaying core system info, hardware components, RAM stats, network devices, drives and file system mount points.

You can add the line below in the config file config.inc.php to yield useful error messages for troubleshooting purposes:

$settings['show_errors'] = true;

Running Linfo in Ncurses Mode

Linfo has a simple ncurses-based interface, which rely on php’s ncurses extension.

# yum install php-pecl-ncurses                    [On CentOS/RHEL]
# dnf install php-pecl-ncurses                    [On Fedora]
$ sudo apt-get install php5-dev libncurses5-dev   [On Debian/Ubuntu] 

Now compile the php extension as follows

$ wget http://pecl.php.net/get/ncurses-1.0.2.tgz
$ tar xzvf ncurses-1.0.2.tgz
$ cd ncurses-1.0.2
$ phpize # generate configure script
$ ./configure
$ make
$ sudo make install

Next, if you successfully compiled and installed the php extension, run the commands below.

$ sudo echo extension=ncurses.so > /etc/php5/cli/conf.d/ncurses.ini

Verify the ncurses.

$ php -m | grep ncurses

Now run the Linfo.

$ cd /var/www/html/linfo/
$ ./linfo-curses

The following features yet to be added in Linfo:

1. Support for more Unix operating systems (such as Hurd, IRIX, AIX, HP UX, etc)
2. Support for less known operating systems: Haiku/BeOS
3. Extra superfluous features/extensions
4. Support for htop-like features in ncurses mode

For more information, visit Linfo Github repository: https://github.com/jrgp/linfo

That’s all! From now on, you can view a Linux system’s information from within a web browser using Linfo. Try it out and share with us your thoughts in the comments. Additionally, have you come across any similar useful tools/libraries? If yes, then give us some info about them as well.

Source

Glances is a free open source, modern, cross-platform, real-time top and htop like system monitoring tool. It offers advanced features compared to its counterparts, and can run in different modes: as a standalone, in client/server mode and in web server mode.

Considering the web server mode, you do not necessarily need to log into your remote server via SSH to run glances, you can run it in web server mode and access it via a web browser to remotely monitor your Linux server, as explained below.

To run glances in web server mode, you need to install it together with the Python bottle module, a fast, simple and lightweight WSGI micro web-framework, using the appropriate command for your Linux distribution.

$ sudo apt install glances python-bottle	#Debian/Ubuntu
$ sudo yum install glances python-bottle	#RHEL/CentOS
$ sudo dnf install glancespython-bottle	        #Fedora 22+

Alternatively, install it using PIP command like shown.

$ sudo pip install bottle

Once you have installed the above packages, launch glances with the -w flag to run it in web server mode. By default, it will listen on port 61208.

$ glances -w 
OR
$ glances -w &

If you are running firewalld services, then you should open port 61208 to allow inbound traffic to that port.

$ sudo firewall-cmd --permanent --add-port=61208/tcp
$ sudo firewall-cmd --reload

For UFW firewall, run these commands.

$ sudo  ufw  allow 61208/tcp
$ sudo  ufw  allow reload

After that, from a web browser, use the URL http://SERVER_IP:61208/ to access the glances UI.

If you are using systemd system and services manager, you can run glances in web server mode as a service for efficient management, as explained in the next section. I actually prefer this method to running it as a background process.

Run Glances in Web Server Mode as a Service

Start by creating your service unit file (which I have preferred to name as glancesweb.service) under /usr/lib/systemd/system/glancesweb.service.

$ sudo vim /usr/lib/systemd/system/glancesweb.service

Then copy and paste the unit file configuration below in it.

[Unit]
Description = Glances in Web Server Mode
After = network.target

[Service]
ExecStart = /usr/bin/glances  -w  -t  5

[Install]
WantedBy = multi-user.target

The above configuration tells systemd that this is a unit of type service, it should be loaded after the network.target.

And once the system is in the network target, systemd will invoke the command “/usr/bin/glances -w -t 5” as a service. The -t specifies an interval for live updates in seconds.

The [install] section informs systemd that this service is wanted by “multi-user.target”. Therefore, when you enable it, a symbolic link is created from the /etc/systemd/system/multi-user.target.wants/glancesweb.service to /usr/lib/systemd/system/glancesweb.service. Disabling it will delete this symbolic link.

Next, enable your new systemd service, start and view its status as follows.

$ sudo systemctl enable connection.service
$ sudo systemctl start connection.service
$ sudo systemctl status connection.service

Finally, from your web browser, use the URL http://SERVER_IP:61208/ to remotely monitor your Linux servers via the glances UI, on any device (smart phone, tablet or computer).

You can change the refresh rate of the page, simply add the period in seconds at the end of the URL, this sets the refresh rate to 8 seconds.

http://SERVERI_P:61208/8	

One downside of running glances in web server mode is that, if the Internet connection is poor the client tends to easily disconnect from the server.

You can learn how to create new systemd services from this guide:

1. How to Create and Run New Service Units in Systemd Using Shell Script

That’s all! If you have any questions or additional information to add, use the comment from below.

Source

It has been said before -and I couldn’t agree more- that some of the best system administrators are those who seem (note the use of the word seem here) to be lazy all the time.

While that may sound somewhat paradoxical, I bet it must be true in most cases – not because they are not doing the job they are supposed to be doing, but rather because they have automated most of it.

One of the critical needs of a Linux system is to be kept up to date with the latest security patches available for the corresponding distribution.

In this article we will explain how to set up your Debian and Ubuntu system to auto install (or update) essential security packages or patches automatically when needed.

Other Linux distributions such as CentOS/RHEL configured to install security updates automatically.

Needless to say, you will need superuser privileges in order to perform the tasks outlined in this article.

Configure Automatic Security Updates On Debian/Ubuntu

To begin, install the following packages:

# aptitude update -y && aptitude install unattended-upgrades apt-listchanges -y

where apt-listchanges will report what has been changed during an upgrade.

Next, open /etc/apt/apt.conf.d/50unattended-upgrades with your preferred text editor and add this line inside the Unattended-Upgrade::Origins-Pattern block:

Unattended-Upgrade::Mail "root";

Finally, use the following command to create and populated the required configuration file (/etc/apt/apt.conf.d/20auto-upgrades) to activate the unattended updates:

# dpkg-reconfigure -plow unattended-upgrades

Choose Yes when prompted to install unattended upgrades:

then check that the following two lines have been added to /etc/apt/apt.conf.d/20auto-upgrades:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

And add this line to make reports verbose:

APT::Periodic::Verbose "2";

Last, inspect /etc/apt/listchanges.conf to make sure notifications will be sent to root.

In this post we have explained how to make sure your system is updated regularly with the latest security patches. Additionally, you learned how to set up notifications in order to keep yourself informed when patches are applied.

Do you have any questions about this article? Feel free to drop us a note using the comment form below. We look forward to hearing from you.

Source

GIMP (in full GNU Image Manipulation Program) is a free open source, powerful, and cross-platform image manipulation software that runs on GNU/Linux, OS X, Windows plus many other operating systems.

It is highly customizable and extensible via third party plugins. It offers advanced tools for graphic designers, photographers, graphical illustrators as well as scientists for high quality image manipulation.

For programmers, it also supports scripted image manipulation, with multiple programming languages such as C, C++, Perl, Python, Scheme, and so much more. The latest major release of GIMP is version 2.10 which was released a few weeks ago, and there is a recent update release GIMP 2.10.2.

What’s New in GIMP 2.10

Some of the important new highlights of this release are:

• Ships in with a number of new and improved tools such as the Warp transform, the Unified transform and the Handle transform tools.
• Color management has become a core feature.
• Improvements to histogram computation.
• Added support for HEIF image format.
• Image processing almost completely ported to GEGL.
• Uses on-canvas preview for all filters ported to GEGL.
• Improved digital painting with support for functions such as canvas rotation and flipping, symmetry painting, MyPaint brush.
• Support for several new image formats such as OpenEXR, RGBE, WebP, and HGT.
• Supports metadata viewing and editing for Exif, XMP, IPTC, and DICOM.
• Offers basic HiDPI support.
• Comes with some fresh themes:Light, Gray, Dark, and System and symbolic icons.
• Added two new filters: spherize and recursive transform, and more.

If you want to know more about GIMP 2.10 features in detail, please refer to its release note.

Install GIMP 2.10 in Ubuntu & Linux Mint

You can install or update Gimp on Ubuntu and Linux Mint using one of the following methods.

Install Gimp Using PPA

The developer Otto Kesselgulasch maintains a unofficial PPA, which has the latest version of the Gimp program for you to install on Ubuntu 17.10 and 18.04 (16.04 builds are said to be on the way), .

$ sudo add-apt-repository ppa:otto-kesselgulasch/gimp
$ sudo apt update
$ sudo apt install gimp

The above PPA will install or upgrade (if you already have GIMP 2.8) to GIMP 2.10.

Install Gimp Using Flatpak

This is the most recommended way to install GIMP 2.10 on Ubuntu, Linux Mint and other Ubuntu-based Linux distributions by using the official Flatpak app on the Flathub app store.

If you don’t have support for Flatpak, then you need to enable Flatpak support first using the following commands.

$ sudo add-apt-repository ppa:alexlarsson/flatpak
$ sudo apt update
$ sudo apt install flatpak

Once you have Fltapak support, use the following command to install GIMP 2.10.

$ flatpak install https://flathub.org/repo/appstream/org.gimp.GIMP.flatpakref

Once Gimp installed, if you don’t see it in the menu, you can start it using the following command.

$ flatpak run org.gimp.GIMP

Uninstall GIMP 2.10 in Ubuntu & Linux Mint

For any reasons, if you don’t like GIMP 2.10 and want to uninstall or roll back to old stable version. To accomplish this, you need the ppa-purge program to purge the PPA from your system using following commands.

$ sudo apt install ppa-purge
$ sudo ppa-purge ppa:otto-kesselgulasch/gimp

That’s all! In this article, we have explained how to install latest version of GIMP 2.10 in Ubuntu, Linux Mint and Ubuntu-based Linux distributions. If you have any questions, let us know via the feedback form below.

Source

In Unix/Linux systems, the root user account is the super user account, and it can therefore be used to do anything and everything achievable on the system.

However, this can be very dangerous in so many ways – one could be that the root user might enter a wrong command and breaks the whole system or an attacker gets access to root user account and takes control of the whole system and who knows what he/she can possibly do.

Based upon this background, in Ubuntu and its derivatives, the root user account is locked by default, regular users (system administrators or not) can only gain super user privileges by using the sudo command.

And one of the worst things that can happen to a Ubuntu System admin is losing privileges to use the sudocommand, a situation commonly referred to as “broken sudo”. This can be absolutely devastating.

A broken sudo may be caused by any of the following:

1. A user should not have been removed from the sudo or admin group.
2. The /etc/sudoers file was altered to prevent users in sudo or admin group from elevating their privileges to that of root using sudo command.
3. The permission on /etc/sudoers file is not set to 0440.

In order to perform crucial tasks on your system such as viewing or altering important system files, or updating the system, you need the sudo command to gain super user privileges. What if you are denied usage of sudodue one or more of the reasons we mentioned above.

Below is an image showing a case in which the default system user is being prevented from running sudocommand:

tecmint@TecMint ~ $ sudo visudo
[ sudo ] password for aaronkilik:
aaronkilik is not in the sudoers file.   This incident will be reported.

tecmint@TecMint ~ $ sudo apt install vim
[ sudo ] password for aaronkilik:
aaronkilik is not in the sudoers file.   This incident will be reported.

How To Fix Broken sudo Command in Ubuntu

If you happen to be running only Ubuntu on your machine, after powering it, press the Shift key for a few seconds to get the Grub boot menu. On the other hand, if you are running a dual-boot (Ubuntu alongside Windows or Mac OS X), then you should see the Grub boot menu by default.

Using the Down Arrow, select “Advanced options for Ubuntu” and press Enter.

You will be at the interface below, select the kernel with “recovery mode” option as below and press Enter to advance to the “Recovery menu”.

Below is the “Recovery menu”, indicating that the root filesystem is mounted as read-only. Move over to the line “root Drop to root shell prompt”, then hit Enter.

Next, press Enter for maintenance:

At this point, you should be at the root shell prompt. As we had seen before, the filesystem is mounted as read-only, therefore, to make changes to the system we need to remount is as read/write by running the command below:

# mount -o rw,remount /

Solving Case #1 – Add User to sudo or admin Group

Assuming that a user has been removed from the sudo group, to add user back to sudo group issue the command below:

# adduser username sudo

Note: Remember to use the actual username on the system, for my case, it is aaronkilik.

Or else, under the condition that a user has been removed from the admin group, run the following command:

# adduser username admin

Solving Case #2 – Granting sudo Privileges to Users

On the assumption that the /etc/sudoers file was altered to prevent users in sudo or admin group from elevating their privileges to that of a super user, then make a backup of the sudoers files as follows:

# cp /etc/sudoers /etc/sudoers.orginal

Subsequently, open the sudoers file.

# visudo

and add the content below:

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbi$

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

Solving Case #3 – Setting Correct Permission on sudoers File

Supposing that the permission on /etc/sudoers file is not set to 0440, then run following command to make it right:

# chmod  0440  /etc/sudoers

Last but not least, after running all the necessary commands, type the exit command to go back to the “Recovery menu”:

# exit 

Use the Right Arrow to select <Ok> and hit Enter:

Press <Ok> to continue with normal boot sequence:

Summary

This method should work just fine especially when it is an administrative user account involved, where there is no other option but to use the recovery mode.

However, if it fails to work for you, try to get back to us by expressing your experience via the feedback section below. You can as well offer any suggestions or other possible ways to solve the issue at hand or improve this guide altogether.

Source

MySQL community server is a free open source, popular and cross-platform database management system. It supports both SQL and NoSQL, and has a pluggable storage engine architecture. Additionally, it also comes with multiple database connectors for different programming languages, allowing you to develop applications using any of the well known languages, and many other features.

It has many use cases under document storage, cloud, high availability systems, IoT (Internet of Things), hadoop, big data, data warehousing, LAMP or LEMP stack for supporting high-volume website/apps and much more.

In this article, we will explain a fresh installation of MySQL 8.0 database system on Ubuntu 18.04 Bionic Beaver. Before we move onto the actual installation steps, let’s look at a summary of:

What’s New in MySQL 8.0

• The database now incorporates a transactional data dictionary.
• Comes with Atomic DDL statement support.
• Enhanced security and account management.
• Improvements to resource management.
• Several InnoDB enhancements.
• New type of backup lock.
• Default character set has changed to utf8mb4 from latin1.
• A couple of JSON enhancements.
• Comes with regular expression support using International Components for Unicode (ICU).
• New error logging which now uses the MySQL component architecture.
• Enhancements to MySQL replication.
• Supports common table expressions(both non-recursive and recursive).
• Has an enhanced optimizer.
• Additional window functions and more.

Step 1: Add MySQL Apt Repository

Luckily, there is an APT repository for installing the MySQL server, client, and other components. You need to add this MySQL repository to your system’s package sources list; start by downloading the repository package using the wget tool from the command line.

$ wget -c https://dev.mysql.com/get/mysql-apt-config_0.8.10-1_all.deb 

Then install the MySQL repository package using the following dpkg command.

$ sudo dpkg -i mysql-apt-config_0.8.10-1_all.deb 

Note that in the package installation process, you will be prompted to choose MySQL server version and other components such as cluster, shared client libraries, or the MySQL workbench that you want to configure for installation.

MySQL server version mysql-8.0 will be auto-selected, then scroll down to the last option Ok and click [Enter]to finish the configuration and installation of the release package, as shown in the screenshot.

Step 2: Install MySQL Server in Ubuntu 18.04

Next, download the latest package information from all configured repositories, including the recently added MySQL repository.

$ sudo apt update

Then run the following command to install packages for the MySQL community server, client and the database common files.

$ sudo apt-get install mysql-server

Through the installation process, you will be asked to enter a password for the root user for your MySQL server, re-enter the password to confirm it and press [Enter].

Next, the MySQL server authentication plugin configuration message will appear, read through it and use the right arrow to choose Ok and press [Enter] to continue.

Afterwards, you will be asked to select the default authentication plugin to use, then use the right arrow to choose Ok and press [Enter] to complete the package configuration.

Step 3: Secure MySQL Server Installation

By default, the MySQL installation is unsecure. To secure it, run the security script which comes with the binary package. You will be asked to enter the root password you set during the installation process. Then also choose whether to use the VALIDATE PASSWORD plugin or not.

You can also change the root password you set before (as we have done in this example). Then enter yes/y to the following security questions:

• Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
• Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y
• Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y
• Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y

Launch the script by issuing the following command.

$ sudo mysql_secure_installation

To further secure your MySQL server, read our article 12 MySQL/MariaDB Security Best Practices for Linux.

Step 4: Managing MySQL Server via Systemd

On Ubuntu, after installing a package, it’s service(s) are usually started automatically once the package is configured. You can check if the MySQL server is up and running using following command.

$ sudo systemctl status mysql

If for one reason or the other, it isn’t auto-started, use the commands below to start and enable it to start at system boot time, as follows.

$ sudo systemctl status mysql
$ sudo systemctl enable mysql

Step 5: Install Extra MySQL Products and Components

In addition, you can install extra MySQL components that you feel you need in order to work with the server, such as mysql-workbench-community, libmysqlclient18 and many others.

$ sudo apt-get update
$ sudo apt-get install mysql-workbench-community libmysqlclient18

Finally, to access the MySQL shell, issue the following command.

$ sudo mysql -u root -p

For more information, read the MySQL 8.0 Release Notes.

That’s It! In this article, we have explained how to install MySQL 8.0 in Ubuntu 18.04 Bioni Beaver. If you have any questions or thoughts to share, use the comment form below to reach us.

Source

When today traffic and casual internet speeds is measured in teens of Giga over an eye blink even for ordinary Internet clients, what’s the purpose of setting a local repository cache on LAN’s you may ask?

One of the reasons is to reduce Internet bandwidth and high speed on pulling packages from local cache. But, also, another major reason should be privacy. Let’s imagine that clients from your organization are Internet restricted, but their Linux boxes need to regular system updates on software and security or just need new software packages. To go further picture, a server that runs on a private network, contains and serves secret sensitive information only for a restricted network segment, and should never be exposed to public Internet.

This are just a few reasons why you should build a local repository mirror on your LAN, delegate an edge server for this job and configure internal clients to pull out software form its cache mirror.

Ubuntu provides apt-mirror package to synchronize local cache with official Ubuntu repositories, mirror that can be configured through a HTTP or FTP server to share its software packages with local system clients.

For a complete mirror cache your server needs at least 120G free space reserved for local repositories.

Requirements

1. Min 120G free space
2. Proftpd server installed and configured in anonymous mode.

Step 1: Configure Server

1. The first thing you may want to do is to identify the closest and fastest Ubuntu mirrors near you’re location by visiting Ubuntu Archive Mirror page and select your country.

If your country provides more mirrors you should identify mirror address and do some tests based on ping or traceroute results.

2. The next step is to install required software for setting up local mirror repository. Install apt-mirror and proftpd packages and configure proftpd as standalone system daemon.

$ sudo apt-get install apt-mirror proftpd-basic

3. Now it’s time to configure apt-mirror server. Open and edit /etc/apt/mirror.list file by adding your nearest locations (Step 1) – optional, if default mirrors are fast enough or you’re not in a hurry – and choose your system path where packages should be downloaded. By default apt-mirror uses /var/spool/apt-mirror location for local cache but on this tutorial we are going to use change system path and point set base_path directive to /opt/apt-mirror location.

$ sudo nano /etc/apt/mirror.list

Also you can uncomment or add other source list before clean directive – including Debian sources – depending on what Ubuntu versions your clients use. You can add sources from 12.04, if you like but be aware that adding more sources requires more free space.

For Debian source lists visit Debian Wiki or Debian Sources List Generator.

4. All you need to do now is, just create path directory and run apt-mirror command to synchronize official Ubuntu repositories with our local mirror.

$ sudo mkdir -p /opt/apt-mirror
$ sudo apt-mirror

As you can see apt-mirror proceeds with indexing and downloading archives presenting total number of downloaded packages and their size. As we can imagine 110-120 GB is large enough to take some time to download.

You can run ls command to view directory content.

Once the initial download is completed, future downloads will be small.

5. While apt-mirror downloads packages, you can configure your Proftpd server. The first thing you need to do is, to create anonymous configuration file for proftpd by running the following command.

$ sudo nano /etc/proftpd/conf.d/anonymous.conf

Then add the following content to anonymous.conf file and restart proftd service.

<Anonymous ~ftp>
   User                    ftp
   Group                nogroup
   UserAlias         anonymous ftp
   RequireValidShell        off
#   MaxClients                   10
   <Directory *>
     <Limit WRITE>
       DenyAll
     </Limit>
   </Directory>
 </Anonymous>

6. Next step is to link apt-mirror path to proftpd path by running a bind mount by issuing the command.

$ sudo mount --bind /opt/apt-mirror/mirror/archive.ubuntu.com/  /srv/ftp/

To verify it run mount command with no parameter or option.

$ mount

7. Last step is to make sure that Proftpd server is automatically started after system reboot and mirror-cachedirectory is also automatically mounted on ftp server path. To automatically enable proftpd run the following command.

$ sudo update-rc.d proftpd enable

To automatically mount apt-mirror cache on proftpd open and edit /etc/rc.local file.

$ sudo nano /etc/rc.local

Add the following line before exit 0 directive. Also use 5 seconds delay before attempting to mount.

sleep 5
sudo mount --bind  /opt/apt-mirror/mirror/archive.ubuntu.com/ /srv/ftp/

If you pull packages from Debian repositories run the following commands and make sure appropriate settings for above rc.local file are enabled.

$ sudo mkdir /srv/ftp/debian
$ sudo mount --bind /opt/apt-mirror/mirror/ftp.us.debian.org/debian/ /srv/ftp/debian/

8. For a daily apt-mirror synchronization you can also create a system schedule job to run at 2 AM every day. Run crontab command, select your preferred editor then add the following line syntax.

$ sudo crontab –e

On last line add the following line.

0  2  *  *  *  /usr/bin/apt-mirror >> /opt/apt-mirror/mirror/archive.ubuntu.com/ubuntu/apt-mirror.log

Now every day at 2 AM your system repository cache will synchronize with Ubuntu official mirrors and create a log file.

Step 2: Configure clients

9. To configure local Ubuntu clients, edit /etc/apt/source.list on client computers to point to the IP address or hostname of apt-mirror server – replace http protocol with ftp, then update system.

deb ftp://192.168.1.13/ubuntu trusty universe
deb ftp://192.168.1.13/ubuntu trusty main restricted
deb ftp://192.168.1.13/ubuntu trusty-updates main restricted
## Ad so on….

10. To view repositories you can actually open a browser and point to your server IP address of domain name using FTP protocol.

The same system applies also to Debian clients and servers, the only change needed are debian mirror and sources list.

Also if you install a fresh Ubuntu or Debian system, provide your local mirror manually whit ftp protocol when installer asks which repository to use.

The great thing about having your own local mirror repositories is that you’re always on current and your local clients don’t have to connect to Internet to install updates or software.

Source

The LEMP stack is an acronym which represents is a group of packages (Linux OS, Nginx web server, MySQL\MariaDB database and PHP server-side dynamic programming language) which are used to deploy dynamic web applications and web pages.

This tutorial will guide you on how to install a LEMP stack with MariaDB 10, PHP 7 and HTTP 2.0 Support for Nginx on Ubuntu 16.10 and Ubuntu 16.04 server/desktop editions.

Requirements

1. Installation of Ubuntu 16.04 Server Edition [instructions also works on Ubuntu 16.10]

Step 1: Install the Nginx Web Server

1. Nginx is a modern and resources efficient web server used to display web pages to visitors on the internet. We’ll start by installing Nginx web server from Ubuntu official repositories by using the apt command line.

$ sudo apt-get install nginx

2. Next, issue the netstat and systemctl commands in order to confirm if Nginx is started and binds on port 80.

$ netstat -tlpn

$ sudo systemctl status nginx.service

Once you have the confirmation that the server is started you can open a browser and navigate to your server IP address or DNS record using HTTP protocol in order to visit Nginx default web page.

http://IP-Address

Step 2: Enable Nginx HTTP/2.0 Protocol

3. The HTTP/2.0 protocol which is build by default in the latest release of Nginx binaries on Ubuntu 16.04 works only in conjunction with SSL and promises a huge speed improvement in loading web SSL web pages.

To enable the protocol in Nginx on Ubuntu 16.04, first navigate to Nginx available sites configuration files and backup the default configuration file by issuing the below command.

$ cd /etc/nginx/sites-available/
$ sudo mv default default.backup

4. Then, using a text editor create a new default page with the below instructions:

server {
        listen 443 ssl http2 default_server;
        listen [::]:443 ssl http2 default_server;

        root /var/www/html;

        index index.html index.htm index.php;

        server_name 192.168.1.13;

        location / {
                try_files $uri $uri/ =404;
        }

        ssl_certificate /etc/nginx/ssl/nginx.crt;
        ssl_certificate_key /etc/nginx/ssl/nginx.key;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
        ssl_dhparam  /etc/nginx/ssl/dhparam.pem;
        ssl_session_cache shared:SSL:20m;
        ssl_session_timeout 180m;
        resolver 8.8.8.8 8.8.4.4;
        add_header Strict-Transport-Security "max-age=31536000;
        #includeSubDomains" always;


        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }

        location ~ /\.ht {
                deny all;
        }

}

server {
       listen         80;
       listen    [::]:80;
       server_name    192.168.1.13;
       return         301 https://$server_name$request_uri;
}

The above configuration snippet enables the use of HTTP/2.0 by adding the http2 parameter to all SSL listen directives.

Also, the last part of the excerpt enclosed in server directive is used to redirect all non-SSL traffic to SSL/TLS default host. Also, replace the server_name directive to match your own IP address or DNS record (FQDN preferably).

5. Once you finished editing Nginx default configuration file with the above settings, generate and list the SSL certificate file and key by executing the below commands.

Fill the certificate with your own custom settings and pay attention to Common Name setting to match your DNS FQDN record or your server IP address that will be used to access the web page.

$ sudo mkdir /etc/nginx/ssl
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
$ ls /etc/nginx/ssl/

6. Also, create a strong DH cypher, which was changed on the above configuration file on ssl_dhparaminstruction line, by issuing the below command:

$ sudo openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048

7. Once the Diffie-Hellman key has been created, verify if Nginx configuration file is correctly written and can be applied by Nginx web server and restart the daemon to reflect changes by running the below commands.

$ sudo nginx -t
$ sudo systemctl restart nginx.service

8. In order to test if Nginx uses HTTP/2.0 protocol issue the below command. The presence of h2 advertised protocol confirms that Nginx has been successfully configured to use HTTP/2.0 protocol. All modern up-to-date browsers should support this protocol by default.

$ openssl s_client -connect localhost:443 -nextprotoneg ''

Step 3: Install PHP 7 Interpreter

Nginx can be used with PHP dynamic processing language interpreter to generate dynamic web content with the help of FastCGI process manager obtained by installing the php-fpm binary package from Ubuntu official repositories.

9. In order to grab PHP7.0 and the additional packages that will allow PHP to communicate with Nginx web server issue the below command on your server console:

$ sudo apt install php7.0 php7.0-fpm 

10. Once the PHP7.0 interpreter has been successfully installed on your machine, start and check php7.0-fpmdaemon by issuing the below command:

$ sudo systemctl start php7.0-fpm
$ sudo systemctl status php7.0-fpm

11. The current configuration file of Nginx is already configured to use PHP FastCGI process manager in order to server dynamic content.

The server block that enables Nginx to use PHP interpreter is presented on the below excerpt, so no further modifications of default Nginx configuration file are required.

location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }

Below is a screenshot of what instructions you need to uncomment and modify is case of an original Nginx default configuration file.

12. To test Nginx web server relation with PHP FastCGI process manager create a PHP info.php test configuration file by issuing the below command and verify the settings by visiting this configuration file using the below address: http://IP_or domain/info.php.

$ sudo su -c 'echo "<?php phpinfo(); ?>" |tee /var/www/html/info.php'

Also check if HTTP/2.0 protocol is advertised by the server by locating the line $_SERVER[‘SERVER_PROTOCOL’] on PHP Variables block as illustrated on the below screenshot.

13. In order to install extra PHP7.0 modules use the apt search php7.0 command to find a PHP module and install it.

Also, try to install the following PHP modules which can come in handy in case you are planning to install WordPress or other CMS.

$ sudo apt install php7.0-mcrypt php7.0-mbstring

14. To register the PHP extra modules just restart PHP-FPM daemon by issuing the below command.

$ sudo systemctl restart php7.0-fpm.service

Step 4: Install MariaDB Database

15. Finally, in order to complete our LEMP stack we need the MariaDB database component to store and manage website data.

Install MariaDB database management system by running the below command and restart PHP-FPM service in order to use MySQL module to access the database.

$ sudo apt install mariadb-server mariadb-client php7.0-mysql
$ sudo systemctl restart php7.0-fpm.service

16. To secure the MariaDB installation, run the security script provided by the binary package from Ubuntu repositories which will ask you set a root password, remove anonymous users, disable root login remotely and remove test database.

Run the script by issuing the below command and answer all questions with yes. Use the below screenshot as a guide.

$ sudo mysql_secure_installation

17. To configure MariaDB so that ordinary users can access the database without system sudo privileges, go to MySQL command line interface with root privileges and run the below commands on MySQL interpreter:

$ sudo mysql 
MariaDB> use mysql;
MariaDB> update user set plugin=’‘ where User=’root’;
MariaDB> flush privileges;
MariaDB> exit

Finally, login to MariaDB database and run an arbitrary command without root privileges by executing the below command:

$ mysql -u root -p -e 'show databases'

That’ all! Now you have a LEMP stack configured on Ubuntu 16.10 and Ubuntu 16.04 server that allows you to deploy complex dynamic web applications that can interact with databases.

Source

In this article, we will go through the various steps to install the constituent packages in LAMP stack with PHP 7and MariaDB 10 on Ubuntu 16.10 Server and Desktop editions.

As you may already know, LAMP (Linux, Apache, MySQL/MariaDB, PHP) stack is the assortment of leading open source web development software packages.

This web platform is made up of a web server, database management system and a server-side scripting language, and is acceptable for building dynamic websites and a wide range of web applications. It can be used in a testing or production environment to support small-scale to very large web-based projects.

One of the common uses of LAMP stack is for running content management systems (CMSs) such as WordPress, Joomla or Drupal and many others.

Requirements

1. Ubuntu 16.10 Installation Guide

Step 1: Install Apache on Ubuntu 16.10

1. The first step is to start by installing Apache web server from the default Ubuntu official repositories by typing the following commands on terminal:

$ sudo apt install apache2
OR
$ sudo apt-get install apache2

2. After Apache web server successfully installed, confirm if the daemon is running and on what ports it binds (by default apache listens on port 80) by running the commands below:

$ sudo systemctl status apache2.service 
$ sudo netstat -tlpn

3. You can also confirm apache web server via a web browser by typing server IP address using HTTP protocol. A default apache web page should be appeared on the web browser similar to the below screenshot:

http://your_server_IP_address

4. If you want to use HTTPS support to secure your web pages, you can enable Apache SSL module and confirm port by issuing the following commands:

$ sudo a2enmod ssl 
$ sudo a2ensite default-ssl.conf 
$ sudo systemctl restart apache2.service
$ sudo netstat -tlpn

5. Now confirm Apache SSL support using HTTPS Secure Protocol by typing the below address in web browser:

https://your_server_IP_address

You will get the following error page, its because that apache is configured to run with a Self-Signed Certificate. Just accept and proceed further to bypass the certificate error and the web page should be displayed securely.

6. Next enable apache web server to start the service at boot time using following command.

$ sudo systemctl enable apache2

Step 2: Install PHP 7 on Ubuntu 16.10

7. To install most recent version of PHP 7, which is developed to run with speed enhancements on Linux machine, first do a search for any existing PHP modules by running the below commands:

$ sudo apt search php7.0

8. Once you came to know that proper PHP 7 modules are needed to setup, use apt command to install the proper modules so that PHP can able to run scripts in conjunction with apache web server.

$ sudo apt install php7.0 libapache2-mod-php7.0 php7.0-mysql php7.0-xml php7.0-gd

9. After PHP7 and its required modules are installed and configured on your server, run php -v command in order see the current release version of PHP.

$ php -v

10. To further tests PHP7 and its modules configuration, create a info.php file in apache /var/www/html/webroot directory.

$ sudo nano /var/www/html/info.php

add the below lines of code to info.php file.

<?php 
phpinfo();
?>

Restart apache service to apply changes.

$ sudo systemctl restart apache2

Open your web browser and type the following URL to check the PHP configuration.

https://your_server_IP_address/info.php 

11. If you wanted to install additional PHP modules, use apt command and press [TAB] key after php7.0 string and the bash autocomplete feature will automatically show you all available PHP 7 modules.

$ sudo apt install php7.0[TAB]

Step 3: Install MariaDB 10 in Ubuntu 16.10

12. Now it’s time to install latest version of MariaDB with the needed PHP modules to access the database from Apache-PHP interface.

$ sudo apt install php7.0-mysql mariadb-server mariadb-client

13. Once MariaDB has been installed, you need to secure its installation using the security script, which will set a root password, revoke anonymous access, disable root login remotely and remove the test database.

$ sudo mysql_secure_installation

14. In order to give MariaDB database access to system normal users without using sudo privileges, login to MySQL prompt using root and run the below commands:

$ sudo mysql 
MariaDB> use mysql;
MariaDB> update user set plugin=’‘ where User=’root’;
MariaDB> flush privileges;
MariaDB> exit

To learn more about MariaDB basic usage, you should read our series: MariaDB for Beginners

15. Then, restart MySQL service and try to login to database without root as shown.

$ sudo systemctl restart mysql.service
$ mysql -u root -p

16. Optionally, if you wanted to administer MariaDB from a web browser, install PhpMyAdmin.

$ sudo apt install php-gettext phpmyadmin

During PhpMyAdmin installation select apache2 web server, choose No for configure phpmyadmin with dbconfig-common and add a strong password for the web interface.

16. After PhpMyAdmin has been installed, you can access the web interface of Phpmyadmin at the below URL.

https://your_server_IP_address/phpmyadmin/ 

If you wanted to secure your PhpMyAdmin web interface, go through our article: 4 Useful Tips to Secure PhpMyAdmin Web Interface

That’s all! Now you have a complete LAMP stack setup installed and running on Ubuntu 16.10, which enables you to deploy dynamic websites or application on your Ubuntu server.

Source