Securing your Linux server is important to protect your data, intellectual property, and time, from the hands of crackers (hackers). The system administrator is responsible for security Linux box. In this first part of a Linux server security series, I will provide 20 hardening tips for default installation of Linux system.

> Read More... | Digg This!

The latest version of the popular Linux desktop distribution Ubuntu 9.10 will be released in few hours from the official project web site. New features since Ubuntu 9.04 includes - Firefox 3.5, GNOME 2.28, an enforcing AppArmor profile, Linux kernel 2.6.31, ext4 file system (default), Empathy instant messenger instead of Pidgin, the Ubuntu One client, which interfaces with Canonical's new on-line storage system. It also includes a new application called the Ubuntu Software Center. A quick screen-shot tour of new features available here on our website.

> Read More... | Digg This!

BBC's blogger Rory Cellan-Jones took Ubuntu Karmic Koala for 24 hours test drive and predicated that - "... Ubuntu will remain a very niche product - but it's Google's Android which could bring open-source to the mass consumer market...".

> Read More... | Digg This!

Paul Vixie and Corey Shields currently serves as a judges for the Mozilla Foundation's "Download Day", an attempt to set a Guiness World Record for most downloads in a single day for a new piece of software

> Read More... | Digg This!

udev allows Linux users to have a dynamic /dev directory and it provides the ability to have persistent device names. In this tip you will learn about creating the static SCSI device name for /block/sdd as /dev/scsiharddisk.

> Read More... | Digg This!

Spacewalk is an open source (GPLv2) Linux systems management solution. It is the upstream community project from which the Red Hat Network Satellite product is derived.

> Read More... | Digg This!

Recently I was looking information about getting the integrated fingerprint reader to work under Linux. I found this site. It describes the process of getting the integrated fingerprint reader to work under Linux, using bioapi and binary-only drivers. It is based on experiences in Ubuntu on a IBM Thinkpad T43. The same works on Fedora Core 4 and 5, RHEL4, SuSE 9.3, SuSE 10, and Gentoo.

=> How to enable the fingerprint reader

Related Posts:

• Find out DNS Server Version With DNS Server Fingeprinting tool
• How do you disconnect inactive user sessions?
• Linux > How to encrypting a files for particular user (recipients aka your trusted friend)
• Subscribe
• Lighttpd block wget useragent for specific urls

Copyright © nixCraft. All Rights Reserved.

> Read More... | Digg This!

This site details about how to use Nokia Series 60 phone under Linux systems. It also details what applications put on them. The site is quite informative and I’m able to play with my nokia. It covers the following topics for Nokia N95,Nokia 6630,Nokia 6600 and phones:

=> Configuration Details

=> Communicating with it via Linux

=> BlueTooth Applications & Uses

=> TCP/IP over BlueTooth

=> Software on it

=> Games on it

=> Writing For It

=> File Formats etc

Read more @ Nick’s Adventures with Series 60 Phones and Linux

Related Posts:

• Nokia E90 Review (Good for sys admins)
• Hack Linux based Nokia 770 Internet Tablet
• How To: Install KDE on the Nokia N800 Internet Tablet
• Microsoft giving free acer ferrari notebooks to bloggers
• Trusted and tried

Copyright © nixCraft. All Rights Reserved.

> Read More... | Digg This!

Q. How do I change process scheduling priority under Linux? I’d like to change the priority in the kernel’s scheduler. A. Use nice command to run a program with modified scheduling priority / nicenesses. Nicenesses range at least from -20 (resulting in the most favorable scheduling) through 19 (the least favorable). The default behavior [...]

Copyright © nixCraft. All Rights Reserved.

> Read More... | Digg This!

If you want the server to get rebooted automatically after kernel hit by a pain error message, try adding panic=N to /etc/sysctl.conf file.

It specify kernel behavior on panic. By default, the kernel will not reboot after a panic, but this option will cause a kernel reboot after N seconds. For example following boot parameter will force to reboot Linux after 10 seconds.
(more…)

Related Posts:

• Practical alternatives to the panic position - when the screen goes blank
• 10 boot time parameters you should know about the Linux kernel
• RHEL / CentOS Support 4GB or more RAM ( memory )
• Howto Reboot or halt Linux system in emergency
• Linux Limiting or restricting SMP CPU activation in SMP mode

Copyright © nixCraft. All Rights Reserved.

> Read More... | Digg This!

Q. How do I change Compiz settings under Ubuntu Linux? A. You need to install compiz configuration settings manager to change and update settings. Once compiz configuration settings manager installed, right click on Desktop > Select > Change Desktop background > Visual effects > Preferences Now you can change settings and customize visual effects. Install compiz configuration [...]

Copyright © nixCraft. All Rights Reserved.

> Read More... | Digg This!

The xm command is the main command line interface for managing Xen guest domains. The program can be used to create, pause, and shutdown domains. It can also be used to list current domains, enable or pin VCPUs, and attach or detach virtual block devices.

Please note that before running any one of the following command you must run xend ( Xen control daemon aka service) and must be run as privileged user. Running xm command as non root will return an error.

I hope following XEN status monitoring cheat sheet will save your time.
(more…)

Related Posts:

• Execute Commands on Multiple Linux or UNIX Servers
• Linux MySQL server monitoring
• Monitor Bandwidth with iptables
• Suse Linux: Nagios Basic Installation and Configuration
• Copy MySQL database from one server to another remote server

Copyright © nixCraft. All Rights Reserved.

> Read More... | Digg This!

Q. How do I format and connect to an iSCSI Volume under Debian / Ubuntu Linux? A. You need to install open-iscsi package for high performance, transport independent iSCSI implementation under Debian / Ubuntu Linux. This package is also known as the Linux Open-iSCSI Initiator. You need Linux operating system with kernel version 2.6.16, or [...]

Copyright © nixCraft. All Rights Reserved.

> Read More... | Digg This!

Well, personally I’m all set to freedom and open internet culture. However, in corporate and in an academic environment you will always find abuse smart users. Large and medium size corporate institutional networks suffer now a days from “smart” users who try to get their latest Movie/soft/Music/TVShow downloaded in their office.

Beside the moral/legal dispute these activities present the network admins with some troubles. To begin with a considerable downgrade in the network performance, and the need to comply with local policy and legal restrictions, and of course the admins needs to have full band with for they own downloads.

ipp2p is a reasonable stable product, I ‘ve use it for 2 years in a large network 4 class C networks in an university environment. Users were use to abuse the network for personal downloads, and after chasing and punishing them for some time we chose to block the traffic once and for all.

Read more at debian-administration: Filtering P2P network traffic with ipp2p.

On a related note we use application layer packet classifier for Linux called L7-filter:

L7-filter is a classifier for Linux’s Netfilter that identifies packets based on application layer data. It can classify packets as Kazaa, HTTP, Jabber, Citrix, Bittorrent, FTP, Gnucleus, eDonkey2000, etc., regardless of port. It complements existing classifiers that match on IP address, port numbers and so on.
Our intent is for l7-filter to be used in conjunction with Linux QoS to do bandwidth arbitration (”packet shaping”) or traffic accounting.

Also if user tunnel packets through SSL or uses encrypt them, none of these technique will work as software classify them as SSL, so your smart user still have a way out Trust me I’ve seen logs of largest broadband ISP in India and 60-80% traffic is p2p only.

Related Posts:

• Linux Iptables block all network traffic
• Linux Iptables block incoming access to selected or specific ip address
• Linux : Iptables # 4 Block all incoming traffic but allow ssh
• Linux : Iptables #1 Basic concepts
• Linux Iptables block outgoing access to selected or specific ip address

Copyright © nixCraft. All Rights Reserved.

> Read More... | Digg This!

Q. I’m using Ubuntu Linux. How to force Linux to reacquire a new IP address from the DHCP server? What is the command in Linux equivalent to Windows’ “ipconfig /renew” Command? A. You need to use Dynamic Host Configuration Protocol Client i.e. dhclient command. The client normally doesn’t release the current lease as it [...]

Copyright © nixCraft. All Rights Reserved.

> Read More... | Digg This!