Linux.com

Community Blogs



How VMs access metadata via qrouter-namespace in Openstack Kilo

It is actually an update for Neutron on Openstack Kilo of original blog entry
http://techbackground.blogspot.ie/2013/06/metadata-via-quantum-router.html
considering  Quantum implementation on Grizzly. From my standpoint understanding of core architecture of Neutron openstack flow in regards of nova-api metadata service access (and getting proper response from nova-api service) by VMs launching via nova causes a lot of problems due to leak of understanding of core concepts.

Complete text of article may be viewed here

 

Cut Command in Linux - Extract Fields and Columns from a file

In some of my recent articles on text processing, I have explained the use of sed command in Linux/Unix. In case of sed command, we provide an input file to the command, it reads the file line-by-line, processes each line and then prints it on the STDOUT. So, in brief, its a row-wise operation. Similar is the case with cut command - there is an input file, there is processing part and the processed output can be displayed on STDOUT or saved in a file. A minor difference between sed and cut is that, cut command processes the file in vertical manner. So, the outcome of the cut command is a single or multiple columns.

As of now, just remember that, cut command is just a filter, that processes the file and extracts columns from it. Basically, using cut command, we can process a file in order to extract - either a column of characters or some fields. Thus, to achieve more clarity about cut command, we would study it in two parts.

Read more at-  Cut Command in Linux - Extract Fields and Columns from a file

 

3 Open Source Python Shells

Python is a very useful and popular computer language. One of the benefits of using an interpreted language such as Python is exploratory programming with its interactive shell. You can try out code without having to write a script. But there are limitations with the Python shell. Fortunately, there are some excellent alternative Python shells that extend on the basic shell. They each offer an excellent interactive Python experience.

<A HREF="http://www.linuxlinks.com/article/20150523032756576/PythonShells.html">Full article</A>

 

How to full encrypt your linux system with lvm on luks

luks-logo-cropped

 

 

 

 

 

Security and privacy are two very important subjects, and everyone of us, in a way or another, has sensitive data stored on his computer. While you can consider pretty safe your data on a home computer, on a laptop (or any portable device) the situation is a lot different. You carry your device with you and don't want to loose all your precious data in case it is stolen or lost. Here is when system encryption comes in handy.

In this tutorial i will show you how to full encrypt your system using two linux native tools: LVM (for partitioning) and LUKS (for the actual encryption).

Why LVM on LUKS?

Imagine you have your hard drive divided in at least two partitions: one for the root of your system and the other used  as a swap partition. You could encrypt them separately but then 2 passwords will be asked during boot time, and this is really annoying.

You could decide to avoid the use of swap partition or to use a random generated key, but in both cases you would lost the ability to hibernate (actually to resume from hibernation).

The solution is to use LVM partitioning: we will encrypt the whole disk with LUKS, then we will use the disk as phisical volume and make it part of a volume group which will contain as much logical volumes as we need, each for every partitions we want. The only partition that must be unencrypted is the boot partition, so for the most secure setup, we will use an external device for it. Using the LVM partitioning we won't even need to create a partition table, we will use the raw disk instead.

Why do it from command line?

Most of the modern distributions installers offer the option to encrypt the disk grephically, so why do it from CLI? Well, the answer is in two words: more control. Most graphical installers offer no chance to fine tune the encryption options, and none of them (that i know) would encrypt the whole raw disk without creating a partition table. Sure this could have no importance for you, and in this case you can use the default (and usually good) options. Anyway, it's always nice to know how things work under the hood.

First things first: fill your disk with random data

Before anything else, we need to fill the disk with random data, so that the whole device content would appear the same and indistinguishable, and no patterns could be discovered on it (for example what zones of the disk are filled with data and what are empty). Filling a disk with random data can be very time consuming, especially on very large hard drives, but we can use a trick here: we will luks format the device first, and then fill it with zeros ( zeros are much faster to generate then random). Because of encryption the data will be written on the disk as random, so we're actually using the luks device as a random data generator device. At that point only the luks header will remain as clear data at the beginning of the disk and we will override it with random data from /dev/urandom.

Here's the process in few steps:

1) Create luks partition

cryptsetup luksFormat --hash=sha512 --key-size=512 --cipher=aes-xts-plain64 --verify-passphrase /dev/sda

Note that obviously you can use different settings for the luksFormat command; above it's what i usually use. After that you will be asked to enter a password for the encryption, it doesn't matter if it's not very secure now, because we will only use this device as random data generator.

2) Open the encrypted device: the command below opens the luks device and maps it as "sda_crypt"

cryptsetup luksOpen /dev/sda sda_crypt

3) Now we fill this device with 0s using dd and /dev/zero as source:

dd if=/dev/zero of=/dev/mapper/sda_crypt bs=1M

4) All the underlying disk appears now to be filled with random data, minus the luks header that we are about to override (you can take a look using "hexdump /dev/sda | less" command). Usually the header takes few Megabytes, but to avoid calculations and be rude we will cover the first 10 Megabytes of the disk. We will use dd with /dev/urandom as random data source this time:

# first destroy the mapping
cryptsetup luksClose sda_crypt

# override the header
dd if=/dev/urandom of=/dev/sda bs=512 count=20480

5) We have now the disk full of random data. Now for the serious stuff. Just repeat steps 1 and 2 but this time use a very secure passhrase, because it will be the key to unlock your disk

6) Now we will use the device as phisical volume...

pvcreate /dev/mapper/sda_crypt

7) Now create a volume group (i will name it "vg00" ) that will contain the phisical device /dev/mapper/sda_crypt

vgcreate vg00 /dev/mapper/sda_crypt

8) Create the logical volumes. I usually use 4: one for root, one for the swap partition, one for /home and the other for a data partition, but this is obviously up to you. The "+100%FREE" options on the last line modifies the command to use logical extents instead of size, and to use all of the free remaining ones for that logical volume.

lvcreate -n lv00_swap -L 4G vg00
lvcreate -n lv01_root -L 30G vg00
lvcreate -n lv02_home -L 10G vg00
lvcreate -n lv03_data -l +100%FREE vg00

7) Now create the boot partition on a separate device, ideally an usb stick, and install grub on the mbr of this device. With this setup we both will have no clear partitions on our encrypted disk, and no chance to boot the system without the external device, which adds an extra layer of security. 

Please rembember that encryption protects your data only on a pre-boot situation when the machine is not on. After you boot and decrypt the disk you will have no added protection. All you have to do now is to install your system as always, and enjoy full disk encryption!

 

How To: Install/Upgrade to Linux Kernel 4.0.4 in Ubuntu/Linux Mint Systems

The Linux Kernel 4.0.4 is now available for the users, announced Linus Torvalds. This Linux Kernel version comes with plenty of fixes and improvements. This article will guide you to install or upgrade to Linux Kernel 4.0.4 in your Ubuntu or Linux Mint system.

Read more at YourOwnLinux

 

How To: Speed Up File Transfers in Linux using RSync with GNU Parallel

    In order to rsync a huge chunk of data (containing considerably large number of smaller files), the best option one can have, is to run multiple instances of rsyncs in parallel. This seems to be pretty effective, but at the cost of high load average, more I/O oparations and network bandwidth utilization.
 
    So as to parallelize multiple rsync commands, one might use xargs or a series of rsync commands run in the background using &. But, over all of those alternatives, I would prefer GNU Parallel, a utility used to execute jobs in parallel. It is a single command that can replace certain loops in your code or a sequence of commands run in background.
 
Read more at YourOwnLinux
 

How to full encrypt your system with lvm on luks from cli

luks-logo-cropped

Security and privacy are two very important subjects, and everyone of us, in a way or another, has sensitive data stored on his computer. While you can consider pretty safe your data on a home computer, on a laptop the situation is a lot different. You carry the notebook with you (that's it's purpose after all) and you don't want to loose all your precious data in case it got stolen or lost for example. Here is where system encryption comes in. In this article i will show you how to full encrypt your system using two linux native tools: lvm (for partitioning) and luks (for the actual encryption). At this point you could ask why to use the command line to create this kind of setup when most of the distros installer could do it for us. Well that's not completely true because usually the graphical installers don't allow you to fine tune your settings (for example the type of cipher or key size you want to use), plus they don't let you encrypt your raw disk without creating a partition table on it. Even if you don't have these needs, it's anyhow interesting to know how things works under the hood.  
 

Why lvm on luks?

 
Imagine you have your hard drive divided in at least two partitions: one for the root of your system and the other used  as a swap partition. You could encrypt them separately but this will imply that 2 passwords will be asked during boot time, and this is really annoying. You could decide to avoid the use of swap partition, or to use a random generated key on boot for it, but in both cases you will lost the ability to hibernate (actually to resume from hibernation). The solution is to encrypt the whole disk with luks, then use the disk as phisical volume and make it part of a volume group which will contain as much logical volumes as we will need, each for every partition we want. The only partition that must stay unencrypted is the boot partition, so for the most secure setup, we will use an external device for it. Using the lvm partitioning we won't even need to create a partition table on the disk, we will use the raw disk instead.
 

Fist things first: destroy everything on your disk, filling it with random data

Filling a disk with random data can be very time consuming, especially on very large hard drives, but we can use a trick here: we will luks format the device first, and then fill it with 0s (much faster then random). Because of encryption the data will be written on the disk as random, so we're actually using the luks device as a random data generator device. Then we will override just the header with random data.

 

Step 1 -  create luks partition

cryptsetup luksFormat --hash=sha512 --key-size=512 --cipher=aes-xts-plain64 --verify-passphrase /dev/sda

You will be asked to enter a password for the encryption, it doesn't matter if it's not very secure this time, because we will only use this device as random data generator. Now we must open the device:
 

Step 2 - Open the encrypted device:

cryptsetup luksOpen /dev/sda sda_crypt
 

Step 3 - Fill the resulting device with 0s, using dd and /dev/zero as source:

dd if=/dev/zero of=/dev/mapper/sda_crypt bs=1M
 

Step 4 - Close the luks device and destroy the luks header overriding it with random data

Usually the header takes a few Megabytes, but to avoid calculations and be rude we will cover the first 10 Mb of the disk. We will use dd with /dev/urandom as random data source this time:

cryptsetup luksClose sda_crypt
dd if=/dev/urandom of=/dev/sda bs=512 count=20480

We have now the disk full of random data. Now for the serious stuff. Just repeat steps 1 and 2 but this time use a very secure passhrase, because it will be the key to unlock your disk

 

Step 5 - Now we're going to use the device as phisical volume...

lvm pvcreate /dev/sda
 

Step 6 - ... and create a volume group to contain it

vgcreate vg00 /dev/sda
 

Step 7 - Create the logical volumes

I usually use 4: one for root, one for the swap partition, one for /home and the other for a data partition, but this is obviously up to you.

lvcreate -n lv00_swap -L 4G vg00
lvcreate -n lv01_root -L 30G vg00
lvcreate -n lv02_home -L 10G vg00
lvcreate -n lv03_data -l +100%FREE vg00

Notice how on the last line i've used -l instead of -L. This modifies the command to use logical extends instead of size. The +100%FREE option tells the program to use all remaining space for the logical volume.

Now we must create the boot partition on a separate device, and when installing the system we should mark that device as bootloader device, in which to install grub. I will not cover this here, cause it's a common operation. 

Now format your logical volumes with the filesystem you like, install and enjoy your full encrypted system, but remember that encryption protects your computer only when it's turned off, for example if someone steal your disk and tries to look for data inside it. Once your machine boots and the disk is decrypted, you will have no special defenses against any other sort of attack or danger.

 

Introduction to Samba - Share Files and Directories between Linux, Windows and Mac

Samba is the most popular and efficient way with which you can share your files and directories between Linux, Windows and Mac. You just have to create a Samba user, Decide which file/directory you wish to share and Set the permissions, in order to create a Samba share. Well, initially, this might seem to be difficult- especially for beginners, but when you understand all the configuration options, it will seem to be as simple as anything.

Read more at YourOwnLinux

 

How To: Install/Upgrade to Linux Kernel 4.0.3 in Ubuntu/Linux Mint Systems

The Linux Kernel 4.0.3 is now available for the users, announced Linus Torvalds. This Linux Kernel version comes with plenty of fixes and improvements. This article will guide you to install or upgrade to Linux Kernel 4.0.3 in your Ubuntu or Linux Mint system.

Read more at YourOwnLinux

 

DigiKam 4.10.0 Released With Bug Fixes, Install In Ubuntu/Linux Mint Or Other Derivative Systems


DigiKam 4.10.0 Released With Bug Fixes

digiKam is an Open-Source project Photos management software, specially for KDE but you can use it on Ubuntu or others distros too. In digiKam photos are organized in albums which can be sorted chronologically, by folder layout or by custom collections. Developers recently released digiKam 4.10.0 with 16 bug fixes. Developers  main focus is on digiKam 5.0 release, as it is supposed to be a major release of digiKam.

Read At LinuxAndUbuntu

 

Linux Kernel 3.19 Has Reached To End With Last Release Kernel 3.19.8, Install/Upgrade Kernel 3.19.8


Linux Kernel 3.19 Has Reached To End With Last Release Kernel 3.19.8

Linux Kernel 3.19 has reached to End Of Life with the last release Linux Kernel 3.19.8. The last release comes with a number of fixes and released by Greg KH. As always he recommended to upgrade to Kernel 3.19.8. In this article I'm going to show you the changes made in this release and also how to upgrade to Kernel 3.19.8 in Ubuntu/Linux Mint and derivative systems.

Read At LinuxAndUbuntu

 
  • «
  •  Start 
  •  Prev 
  •  1 
  •  2 
  •  3 
  •  4 
  •  5 
  •  6 
  •  7 
  •  8 
  •  9 
  •  10 
  •  Next 
  •  End 
  • »
Page 1 of 145

Upcoming Linux Foundation Courses

  1. LFS201 Essentials of System Administration
    12 Jan » 30 Mar - Online Self-Paced
    Details
  2. LFD331 Developing Linux Device Drivers
    01 Jun » 05 Jun - Virtual (GUARANTEED TO RUN)
    Details
  3. LFD320 Linux Kernel Internals and Debugging
    08 Jun » 12 Jun - San Jose - CA + Virtual (GUARANTEED TO RUN)
    Details

View All Upcoming Courses


Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board