Linux is an operating system that evolved from a kernel created by Linus Torvalds when he was a student at the University of Helsinki. Generally, it is obvious to most people what Linux is. However, both for political and practical reasons, it needs to be explained further. To say that Linux is an operating system means that it's meant to be used as an alternative to other operating systems, Windows, Mac OS, MS-DOS, Solaris and others. Linux is not a program like a word processor and is not a set of programs like an office suite. Linux is an interface between computer/server hardware, and the programs which run on it.
A brief history of Linux
When Linus Torvalds was studying at the University of Helsinki, he was using a version of the UNIX operating system called 'Minix'. Linus and other users sent requests for modifications and improvements to Minix's creator, Andrew Tanenbaum, but he felt that they weren't necessary. That's when Linus decided to create his own operating system that would take into account users' comments and suggestions for improvements.
Free Software pre-Linux
This philosophy of asking for users' comments and suggestions and using them to improve computer programs was not new. Richard Stallman, who worked at the Massachusetts Institute of Technology, had been advocating just such an approach to computer programming and use since the early 1970's. He was a pioneer in the concept of 'free software', always pointing out that 'free' means 'freedom', not zero cost. Finding it difficult to continue working under conditions that he felt went against his concept of 'free software' he left MIT in 1984 and founded GNU. The goal of GNU was to produce software that was free to use, distribute and modify. Linus Torvalds' goal 6 years later was basically the same: to produce an operating system that took into account user feedback.
We should point out here that the focal point of any operating system is its 'kernel'. Without going into great detail, the kernel is what tells the big chip that controls your computer to do what you want the program that you're using to do. To use a metaphor, if you go to your favorite Italian restaurant and order 'Spaghetti alla Bolognese', this dish is like your operating system. There are a lot of things that go into making that dish like pasta, tomato sauce, meatballs and cheese. Well, the kernel is like the pasta. Without pasta, that dish doesn't exist. You might as well find some bread and make a sandwich. A plate of just pasta is fairly unappetizing.
Without a kernel, an operating system doesn't exist. Without programs, a kernel is useless.
Today, Linux is enjoying a favorable press for the most part. This comes from the fact that Linux has proven to be a tremendously stable and versatile operating system, particularly as a network server. When Linux is deployed as a web server or in corporate networks, its down-time is almost negligible. There have been cases when Linux servers have been running for more than a year without re-booting and then only taken down for a brief period for routine maintenance. Its cost effectiveness has sold it more than anything else. Linux can be installed on a home PC as well as a network server for a fraction of the cost of other companies' software packages. More reliability and less cost - it's ideal.
Securing Linux using IptablesComments (0)
This post will describe on how to secure your linux server using iptables.
Iptables is a firewall and is installed by default on many linux distributions.
One can edit the configuration using various shell commands but there is also a graphical tool called UFW – Uncomplicated Firewall.
For servers that are not running X we have to use these commands to get this up and running.
To list the current rules:
sudo iptables -L
To block all incoming traffic from 192.168.0.10:
iptables -A INPUT -s 192.168.0.10 -j DROP
To block outgoing tcp traffic to 192.168.0.10:
iptables -A OUTPUT -p tcp -d 192.168.0.10 -j DROP
-A – Append this rule to a rule chain. Valid chains for what we’re doing are INPUT, FORWARD and OUTPUT, but we mostly deal with INPUT in this tutorial, which affects only incoming traffic.
-L – List the current filter rules.
-m conntrack – Allow filter rules to match based on connection state. Permits the use of the –ctstate option.
–ctstate – Define the list of states for the rule to match on. Valid states are:
NEW – The connection has not yet been seen.
RELATED – The connection is new, but is related to another connection already permitted.
ESTABLISHED – The connection is already established.
INVALID – The traffic couldn’t be identified for some reason.
-m limit – Require the rule to match only a limited number of times. Allows the use of the –limit option. Useful for limiting logging rules.
–limit – The maximum matching rate, given as a number followed by “/second”, “/minute”, “/hour”, or “/day” depending on how often you want the rule to match. If this option is not used and -m limit is used, the default is “3/hour”.
-p – The connection protocol used.
–dport – The destination port(s) required for this rule. A single port may be given, or a range may be given as start:end, which will match all ports from start to end, inclusive.
-j – Jump to the specified target. By default, iptables allows four targets:
ACCEPT – Accept the packet and stop processing rules in this chain.
REJECT – Reject the packet and notify the sender that we did so, and stop processing rules in this chain.
DROP – Silently ignore the packet, and stop processing rules in this chain.
LOG – Log the packet, and continue processing more rules in this chain. Allows the use of the –log-prefix and –log-level options.
–log-prefix – When logging, put this text before the log message. Use double quotes around the text to use.
–log-level – Log using the specified syslog level. 7 is a good choice unless you specifically need something else.
-i – Only match if the packet is coming in on the specified interface.
-I – Inserts a rule. Takes two options, the chain to insert the rule into, and the rule number it should be.
-I INPUT 5 would insert the rule into the INPUT chain and make it the 5th rule in the list.
-v – Display more information in the output. Useful for if you have rules that look similar without using -v.
-s –source – address[/mask] source specification
-d –destination – address[/mask] destination specification
-o –out-interface – output name[+] network interface name ([+] for wildcard)
Understanding filepermissions in LinuxComments (0)
This guide will help you understand how the permissions work within Linux.
Every permission is held by a three digit number, example: 755
The first number is the owner permission
The second number is the group permission
The third number is the everyone elses permission
777 is the highest number of permission. Everyone can read/write/change/execute
4 = read permission
2 = write permission
1 = execute permission
To just let the owner of the file have read/write and execute permissions, that would end in a 7 (4+2+1=7)
To let the group have read and write permission but not execute, that would be 6, (4+2=6)
To let everyone have execute permission, that’s a 1 (1… = 1)
This will all end in the permission: 761
To set this permission on a file:
sudo chmod 761 /usr/share/script.sh
Backup linux content using rsync!Comments (0)
Rsync is a great tool provided out-of-the-box in nearly any linux distribution today. It can help doing copies of files, directories or whole sites both locally and remote.
Lets say we want to backup Documents to a USB drive.
Our folder: /home/fredrik/Documents
Our target USB drive: /media/USBDisk
rsync -avh /home/fredrik/Documents/ /media/USBDisk/Backup/Documents/
To act as a mirror, removing files on the target that has been removed locally use the –deleted option:
rsync -avh --delete /home/fredrik/Documents/ /media/USBDisk/Backup/Documents/
Lets say we want to put the files on a remote machine, lets just add logoninformation:
rsync -avhe ssh --delete /home/fredrik/Documents/ firstname.lastname@example.org:backup/Documents/
To see the progress, just add the –progress option:
rsync -avhe ssh --delete --progress /home/fredrik/Documents/ email@example.com:backup/Documents/