posts about "linux"

Get rid of SSH unknown server authentication prompts by using SSHFP

Oct 13, 2019

ssh dns remote-access

The most annoying and consistently ignored prompt when using SSH is that stupid “The authenticity of host blah, blah, blah can’t be established” and then a fingerprint that no one ever has or ever will bother to authenticate. Be honest, you’ve skipped this message more times than you can count and just answer ‘yes’ so you can get on with life, right? Maybe it’s time we changed that.

Logrotate with fail2ban

Sep 26, 2019

fail2ban debian ubuntu administration admin-tools logs

Your intentions are good, rotating your fail2ban log file. You are rotating your fail2ban log file, right? I mean, it’s not done by default for some weird reason so I’d forgive you if you aren’t. They get big and they should be trimmed and archived. If you’re already rotating your fail2ban log file or you’ve tried doing it in the past, did you ever notice that fail2ban stops using those rotated files? How rude! Let’s fix that.

Changing a user's UID/GID

Jun 23, 2019

debian ubuntu administration

Need to update a user’s UID/GID for whatever reason? Sometimes it’s just something you need to do when conforming with a new management scheme or when you’re moving to a new LDAP server, for example. This doesn’t have to be as difficult an undertaking as you might think.

Secure your Linux console and SSH with 2FA (TOTP)

May 17, 2019

debian ubuntu security sudo

Passwords are great and a strong password is definitely the first line of defense against unauthorized access. But, if you think your Facebook account is important enough to warrant another layer of security so people can’t hack pictures you posted about your lunch, then surely you can understand why your Linux console could use another security wrapper too, right? Let’s add second factor authentication (2FA) to your console, su, sudo and SSH access all in just a few easy steps.

Setting up a Debian base-system (with Hyper-V notes)

Feb 23, 2019

debian installation setup step-by-step tutorial

For most of my Linux projects, and a lot of the tutorials on this site, I fire up a virtual machine on Hyper-V and load a minimal Debian system. Working with a Debian system gives me a stable, clean, platform I can easily customize as needed. If you were interested in a similar setup, here’s a walkthrough.

Setting up a Static IP on a Debian machine

Feb 16, 2019

debian ubuntu networking IP tcp-ip

There are lots of times when you need a static IP, especially for server systems. It’s pretty simple on Debian, we only have to edit a few files and run a few simple commands.

Implementing DANE with certbot using Let's Encrypt certificates

Feb 06, 2019

dane tls ssl certificate security certbot letsencrypt

Despite being around for a while, DANE has been only been slowly catching on in the last few years. But, that’s finally starting to change as encrypted DNS gets more popular and people have started to realize the advantages DANE offers. Want to implement it using free certificates from Let’s Encrypt? You should! Let’s do it…

Automatically renewed free SSL certificates using certbot on Debian running NGINX

Jan 30, 2019

certbot debian ubuntu letsencrypt security ssl certificate nginx

If you run a server of any kind, you know the importance of making sure your clients can securely connect.  Many people rely on Let’s Encrypt since they issue free certificates that make these secure connections possible.  However, those certificates are only good for 90 days and then have to be renewed… that’s a hassle!  Enter Certbot…

Free SSL certificates using Cloudflare DNS validation and certbot

Jan 22, 2019

debian ubuntu certificate security tls ssl certbot cloudflare certbot letsencrypt

Have a server that’s offering services that need to be secured with TLS but you can’t install a web server, can’t open port 80 or have something using that port you can’t shutdown? How do you get free Let’s Encrypt certificates? If you’re using Cloudflare for your DNS we can use certbot and automate the whole thing including renewals! If you’re using another DNS server provider, the basic process still works too.

Free SSL certificates without a web server

Jan 18, 2019

debian ubuntu certificate security tls ssl certbot letsencrypt

There’s lots of instances where you need a certificate for a non-web server system. Popular examples of this include database servers, git-servers, docker-repos, etc. However, free providers like Let’s Encrypt usually validate your server by means of an HTTP lookup for a specific file and that means you need a way to serve that file but, we aren’t running a web server. Catch-22? Not necessarily…

Setting up SSH with ED25519 user and host keys for easy, secure access

Jan 15, 2019

administration debian ubuntu ed25519 remote-access ssh sshd

If you’re running a Linux system, you need SSH access. It’s just a fact for any administrator. More over, you need quick, secure access with a minimum of security prompts. It’s not hard to get that set up and use the latest elliptical-curve security to boot!

Proper self-signed certificates on Debian

Jan 15, 2019

debian ubuntu certificate self-signed security tls ssl

Generating self-signed certificates is a common task that every admin needs to do from time to time for any number of reasons. Here’s how to make an OpenSSL configuration file to generate properly formed certificates quickly.

Installing sudo on a Debian/Ubuntu system and understanding sudoers

Jan 10, 2019

admin-tools administration debian ubuntu sudo sudoers

If you’ve been using Linux for any amount of time or even just getting your feet wet in the world of administering a Linux system, you’ve definitely seen references to ‘sudo’ or been told to use ‘sudo’ when executing certain commands. But, what is ‘sudo’, why should you use it and how do you install and set it up?

Easily monitor your logs using Logwatch

Nov 01, 2018

admin-tools administration debian ubuntu logs logwatch monitoring

Most every program you install and run, especially services, generate some form of log file and nearly everyone only checks those logs when something bad happens.  Why? Because there are so many logs to check!  Well, that’s where a log parsing program can be a lifesaver.  I like using Logwatch on my Debian/Ubuntu systems. Logwatch is a nice, lightweight, easy-to-use program that generates a summary report that can be emailed nightly or on whatever schedule you choose.

Custom prompt and command aliases: Why I choose bash.bashrc

Aug 29, 2018

bash debian

Working with any Linux distro means you’ll be spending a lot of your time at the prompt. So, I’m sure you’ve made it your own over time. Maybe added some colours, the time, important information like the current path, etc. Plus, I’m sure you’ve created a few command aliases that make your life easier. But, where do you put this stuff so it’s applied even when you quickly switch to a different user, say root, for some admin work?
Simple way to get email notifications from a linux server

Jun 30, 2018

debian ubuntu email msmtp notifications smtp mta

Sometimes you’re running a server to provide a specific service and you need it to send you status updates via email but do NOT need the overhead and complexity of having it run a mailserver or complicated MTA.