Twitter
Home Blog Page 547

How to Password Protect a Vim File in Linux

By
Tecmint
-

Vim is a popular, feature-rich and highly-extensible text editor for Linux, and one of its special features is support for encrypting text files using various crypto methods with a password.

In this article, we will explain to you one of the simple Vim usage tricks; password protecting a file using Vim in Linux. We will show you how to secure a file at the time of its creation as well as after opening it for modification.

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Read more at Tecmint

Making Chips Smarter

By
Communications of the ACM
-

It is no secret that artificial intelligence (AI) and machine learning have advanced radically over the last decade, yet somewhere between better algorithms and faster processors lies the increasingly important task of engineering systems for maximum performance—and producing better results.

The problem for now, says Nidhi Chappell, director of machine learning in the Datacenter Group at Intel, is that “AI experts spend far too much time preprocessing code and data, iterating on models and parameters, waiting for training to converge, and experimenting with deployment models. Each step along the way is either too labor-and/or compute-intensive.”

Read more at ACM

OpenStack Summit Emphasizes Emerging Deployment Models

By
eWeek
-

The OpenStack Summit kicked off here today with multiple announcements and an emphasis on the evolution of the cloud deployment model. 

Jonathan Bryce, executive director of the OpenStack Foundation, said during his keynote that there has been a 44 percent year-over-year increase in the volume of OpenStack deployments, with OpenStack now running on more than 5 million compute cores around the world.

Although OpenStack has had success, the path has not been a straight line upward since NASA and Rackspace first started the project in June 2010.

“We’re now at a major inflection point in the cloud,” Bryce said.

Read more at eWeek

NIST to Security Admins: You’ve Made Passwords too Hard

By
InfoWorld
-

Despite the fact that cybercriminals stole more than 3 billion user credentials in 2016, users don’t seem to be getting savvier about their password usage. The good news is that how we think about password security is changing as other authentication methods become more popular.

Password security remains a Hydra-esque challenge for enterprises. Require users to change their passwords frequently, and they wind up selecting easy-to-remember passwords. Force users to use numbers and special characters to select a strong password and they come back with passwords like Pa$$w0rd.

Read more at InfoWorld

Self Contained Systems (SCS): Microservices Done Right

By
Info Q
-

Everybody seems to be building microservices these days. There are many different ways to split a system into microservices, and there appears to be little agreement about what microservices actually are – except for the fact that they can be deployed independently. Self-contained Systems are one approach that has been used by a large number of projects.

What are Self-contained Systems?

The principles behind Self-contained Systems (SCSs) are defined at the SCS website. Self-contained Systems have some specific characteristics:

  • Each SCS is an autonomous web application. Therefore it includes the web UI as well as the logic and the persistence. So a user story will typically be implemented by changing just one SCS even if they require changes to UI, logic and persistence. To achieve this the SCS has to have its own data storage so each SCS can modify its database schema independently from the others.

 

Read more at InfoQ

What is Docker’s Moby Project?

By
Network World
-

During DockerCon 2017, a few major announcements were made, including the Moby Project

What is the Moby Project? It’s a framework to assemble specialized container systems without reinventing the wheel.

The Moby Project is to Docker what Fedora is to Red Hat Enterprise Linux. – Solomon Hykes, Docker CTO/Founder

In becoming the container project equivalent to the Fedora project, how Docker is built is changing.

Red Hat did a good job in the early days of the RHEL confusion in that they delineated the project from product; they split Fedora from RHEL. Docker sees this approach as a way to better engage community. The boundaries between community and products were fuzzy before. People couldn’t necessarily tell when they are contributing to the project vs the product. This separation of code between the moby/moby repository and the docker/docker repository clarifies this distinction.

Read more at NetworkWorld

DevConf Comes to India May 11-12, 2017

By
Zainab Bawa
-

DevConf is a developer-focused conference organized by Red Hat. Originally started at Red Hat’s Brno site as DevConf.cz, it has evolved to be the important event for open source project communities where Red Hat participates and contributes.

This year Red Hat, HasGeek, and The Linux Foundation have come together to bring DevConf.in as part of HasGeek’s Rootconf 2017 event. DevConf.in is an outreach to application developers; architects; systems engineers who like to share knowledge and exchange notes on large, distributed application platforms. As significant number of (micro)services are deployed on hosted platforms, topics of resiliency; recovery; administration; operational security processes; design patterns become important.

The DevConf.in editorial team have been mindful of these themes and the talk roster reflect the expectations from this first edition of the event. We have talks from developers — Baiju M, Suraj Deshmukh, Ratnadeep Debnath, and Raghavendra Talur spanning the application development lifecycle for designing and deploying containerized applications of large fabric while making use of a deployment pipeline. Ligaya Turmelle will be walking the audience through best practices of deploying and administering MySQL. Aravinda MK will be talking about challenges in monitoring a distributed filesystem with the traditional tools and how an events API helps solve them. Recently, Snapdeal made a conscious choice to move from a public to a private/self-hosted cloud and Ruchi Singh will share the learnings and anti-patterns from that move. Mehul Ved focuses on a move to dynamic cloud infrastructure and will be talking about choices – decisions and implementation detail.

In her talk on infrastructure for Open Source projects, Amye Scavarda will talk about the “Church of the Shaven Yak” where there is so much to do, but sometimes little progress being made. You pick a piece of the yak to shave every day, and you continue to make good progress, but while you are shaving one piece of the yak, the hair is growing back in another area. There’s a buzz-phrase going around that “Internet is moving to the edge” — there’s a number of “things” on the Internet. Jim Perrin talks about how CentOS can be a development platform for IoT business and highlights the security bits which are often overlooked in the quick and large scale deployment gold rush.

The topics being brought together at DevConf.in have their own flourishing communities which focus on specialized approaches. DevConf.in intends to bring in these practitioners along with the customers and decisions makers to talk about design patterns and architecture, and to discuss deployment models and efficiencies. We expect that such a forum will kick off a healthy model of soup-to-nuts conversations which provide a strong directional guidance to developers and businesses eager to derive benefits from large and repeatable deployments of distributed services across multiple geographical regions.

For more details, visit https://rootconf.in/2017

OpenWhisk System Overview

By
GitHub
-

OpenWhisk is an event-driven compute platform also referred to as Serverless computing or as Function as a Service (FaaS) that runs code in response to events or direct invocations. The following figure shows the high-level OpenWhisk architecture. 

Examples of events include changes to database records, IoT sensor readings that exceed a certain temperature, new code commits to a GitHub repository, or simple HTTP requests from web or mobile apps. Events from external and internal event sources are channeled through a trigger, and rules allow actions to react to these events.

Read more at GitHub

Secure your Samba Authentications Automatically via OpenVPN

By
Kevin Korte
-

Samba 4 has become the tool of choice to provide Linux-based identity management to diverse clients.

However, a growing number of organizations are offering work from home options and manage distributed operations, like construction companies with a computer at every construction site or a medical service provider with one person doctors offices.

If these companies want to enjoy the advantages of single sign-on and policies that Samba provides, a VPN solution, which starts before the login, needs to be added to the domain. This how-to will describe how to add OpenVPN to an existing Samba 4 installation to automatically secure client authentications over an untrusted network.

Prerequisite

Most Linux distributions will come with the needed software preinstalled. For this tutorial, we assume that you already have Samba 4 and a certificate authority installed on your server. If you are looking for a distribution with Samba 4 and a certificate authority integrated, you can quickly spin up a Univention Corporate Server, that also makes user management easy. On Debian or Ubuntu, you can use the easy-rsa tools to manually create the certificate authority

The article https://www.linux.com/learn/intro-to-linux/2017/3/build-real-vpn-openvpn provides an intro no how to set up OpenVPNs PKI.

Further, the OpenVPN Documentation, in Debian at /usr/share/doc/openvpn/examples/easy-rsa/2.0/, provides many usefull tools to setting up a certificate authority for OpenVPN.

The server or virtual machine needs a fixed IP or utilize a service, such as DynDNS, to be locatable from the Internet without additional steps to be undertaken by the end user.

Installing OpenVPN

OpenVPN is an open source virtual network daemon, whose client allows a computer to access a remote server securely. Most distributions have OpenVPN included in their repository. Thus it can be installed using the package management system. On Debian-based systems such as Debian, Ubuntu, or UCS:

$ sudo apt-get install openvpn

 

Configuring OpenVPN Server

Upon startup of OpenVPN the software scans the directory /etc/openvpn for files ending in “.conf” and starts a separate server process for each of them. Thus, the following configuration files, copied into “/etc/openvpn/clientconnect .conf”, should automatically be run upon restarting the OpenVPN.

Please note, that lines starting with “#” denote a comment and that you will need to change values depending on your environment.

## The following entries should point to your certificate information.
## Encryption parameters
dh /etc/openvpn/dh2048.pem
## Certificate Authority Certificate
ca /etc/univention/ssl/ucsCA/CAcert.pem
## Server Certificate
cert /etc/univention/ssl/master/cert.pem
## Private key for the Server Certificate
key /etc/univention/ssl/master/private.key
## Certificate Revocation List
crl-verify /etc/openvpn/crl.pem

## Encryption Cypher to use for the VPN
cipher AES-256-CBC

##Compression algorithm to use
comp-lzo

## Persistent endpoint addresses
## Always give the same IP to a device
ifconfig-pool-persist ipp.txt

## Push route for the server network
push "route 10.210.0.0 255.255.0.0"
push "redirect-gateway def1"

## Set the current server as the DNS server for domain server
## Change the IP to the internal IP of the server
push "dhcp-option DNS 10.210.140.219"
## Push the server's domain as DNS domain
push "dhcp-option DOMAIN outsidevpn.univention.com"

## Additional server configuration
keepalive 10 120
persist-key
persist-tun

## Configure the logfile and the verbosity
verb 1
mute 5
status /var/log/openvpn-status.log

## The port on which the VPN Server should listen on
port 1194

## The network to use for communication within the VPN
server 172.24.1.0 255.255.255.0

## Additional network settings
management /var/run/management-udp unix
dev tun
topology subnet
proto udp

In most cases the diffie hellman parameters file has to be created. The matching command is

For UCS

$ sudo openssl dhparam -out "/etc/openvpn/dh2048.pem" 2048

 

For Debian/Ubuntu:

$ sudo ./easyrsa gen-dh

 

On UCS, the revoked certificates have to be converted between formats

sudo -- sh -c "/usr/bin/wget -qO /etc/openvpn/ca.crl http://$(/usr/sbin/ucr get ldap/master)/ucsCA.crl && /usr/bin/openssl crl -inform der -outform pem -in /etc/openvpn/ca.crl -out /etc/openvpn/crl.pem"

As certificates might be retracted when exposed, it would be advisable to set up a cron job to periodically convert the list.

Firewall

You might also need to open the firewall. Please note, the article assumes, that the port in the configuration above remains unchanged. If not, please change it in the following commands as well.

On UCS that can be achieved using the configuration registry

$ sudo ucr set security/packetfilter/udp/1194/all=ACCEPT
$ sudo service univention-firewall restart

 

On Debian and Ubuntu you can manually add the port to your IP tables configuration

$ sudo iptables -A INPUT -p "udp"  --dport 1194 -j ACCEPT

 

Creating the Client Configuration

The client configuration consists of two parts – one for the client certificates and one for the configuration file.

The client certificates are easy to set up:

On Debian/Ubuntu servers the following commands create the certificates for a single client.

$ sudo /usr/share/doc/openvpn/examples/easy-rsa/2.0/pkitool clientname

 

On the UCS Master, the following command creates the certificates for all current and future clients. They are saved in “/etc/univention/ssl/”

$ sudo ucr set ssl/host/objectclass='univentionDomainController,univentionMemberServer,univentionClient,univentionMobileClient,univentionCorporateClient,univentionWindows'
$ sudo univention-directory-listener-ctrl resync gencertificate

 

The client configuration file itself is the same for every system. Adapt the following settings according to your need and save it as clientconfig.opnv

## client protocol and devices
client
dev tun
proto udp

## Server address and port
## Change to match your external address
remote 52.211.178.248 1194

## Hostname of the server
verify-x509-name master name-prefix

## Clint configuration
resolv-retry infinite
nobind
persist-key
persist-tun

## Certificate names and locations
ca CAcert.pem
cert cert.pem
key private.key

## Encryption configuration
cipher AES-256-CBC
comp-lzo

## Logging verbosity
verb 3

 

Copy this configuration file, the root CA, on UCS /etc/univention/ssl/ucsCA/CAcert.pem, and the client certificates to C:Program FilesOpenVPNconfigclientconfig

Autostart the VPN Client

To automatically start OpenVPN on the client, go to control panel, select small icons, go to administrative tools and then services.

Here choose the OpenVPN service, right-click on properties, and change the startup type to automatic. At the next reboot, the configuration from above for OpenVPN will automatically start.

Domain Join

Due to the fact that NetBIOS is not transferred without any additional manual changes, the domain join has to be completed using the full domain name.

After a reboot, you should be able to log in to the client as a domain user.

Security Consideration

While the setup provides the most convenience of connecting a computer to an offsite Samba-based domain controller, it also presents a risk.

A stolen PC will always have access to the domain, allowing a thief to test numerous user name and password combinations. Strong password policies can help to minimize the risk as can organizational policies regarding stolen computers. Extending the setup with smart card encrypted certificates, however, would present the most secure option.

Conclusion

The automation of the VPN connection in conjunction with Samba-based DCs provides a convenient, yet secure access to central authentication and policy services. This technique allows offsite users and computers to authenticate using centralized credentials and load domain wide settings. It thus contributes to enforcing compliance policies. At the same time, it enhances the user experience by reducing the number of credentials and steps needed to start productive work. In conjunction with UCS, the combination of OpenVPN and Samba provides on top an easy to manage Linux-based identity management solution.

3 Developers Explain Why They Attend ApacheCon

By
Pam Baker
-

ApacheCon North America is right around the corner. Everyone is looking forward to this year’s event May 16-18 in Miami. There’s plenty new to see, hear, and do this year but that’s not the only attraction for developers.

The annual conference of The Apache Software Foundation is where users and contributors meet face-to-face to collaborate on the next generation of cloud, Internet, and Big Data tech. The Apache community is huge and has upwards of 4500 committers. There is ample opportunity to meet MVPs and project heroes plus swap war stories with fellow developers in the trenches.

However, the benefits of attending aren’t left behind at the conference. Here are three developers explaining why they attend ApacheCon and how they continue to benefit long after they’ve returned home.

To connect and network with the big players

“Whether you are looking for support for Hadoop, consultants for the HTTP Server, someone to help you hack on a plugin for Tomcat, have an exciting business proposal to share with others, or just someone to help you debug why CloudStack doesn’t do this or that, you can be pretty sure someone will know about it and be able to help you. It really is the who’s who of Apache software.” — Daniel Gruno, Chief Innovations Officer at Quenda.

Continue the conversation in the flesh

“One of the big reasons I attend is to meet with people I work with remotely year after year. The Apache Software Foundation is a huge network of people, the majority of whom work on Apache projects for love, not money, and from the bottom of their gardens, on trains, or elsewhere. To meet these people in the flesh provides a human aspect that discussions over email lack and helps foster relations for work in the future.” — Tom Barber, NASA JPL, Apache OODT Chair.

And strengthen bonds for real-world payoffs

“By meeting other people in my communities, we’ve been able to strengthen community bonds and work through interpersonal problems that were much more complicated via email. Putting faces to names and email addresses makes future online interaction seems more personal. I learned about features and projects that I hadn’t had time to learn on my own time, in high-bandwidth technical sessions. We also worked on closing bugs in focused hackathon sessions where we could discuss changes quickly and without the time-lag of email.” — Rich Bowen, VP Conferences at The Apache Software Foundation.

Which lead to work opportunities in the future

“ApacheCon got me where I am, professionally — I owe a lot of my life to Apache! It enabled me to meet my personal heroes in the software world and get exposed to the greater Apache community. It also taught me a great deal about how the greater Apache community is held together and how each piece in the machinery works. It created business opportunities and helped launch a ton of ideas I had rummaging around in my head, turning them into either helpful services or in some cases, new Apache projects with all the help and support that comes with being involved in Apache. At ApacheCon, you really get an excellent opportunity to scratch that itch you’ve been having for a while, and get professional and insightful people to help you out — for free!” — Daniel Gruno, Chief Innovations Officer at Quenda.

Plus, it’s just fun to go

“I first attended in 2012, and I’ve been to every ApacheCon since, it’s just that good — and addictive,” said Gruno.

“I’ve been attending ApacheCon since the event in Orlando in 2000, and have only missed one since then. ApacheCon is the highlight of my year, and I hope to be attending it for many years to come,” added Bowen.

And the more the merrier.

“It’s a fantastic event run by dedicated and enthusiastic staff at great locations, if you want to learn about the Apache Software Foundation and a lot of the projects it stewards there is no better place. This year I’m not speaking, instead I’m bringing people along because I think it’s important for them to understand how the ASF works and learn and this is the event to do it at,” said Barber.

Learn first-hand from the largest collection of global Apache communities at ApacheCon 2017 May 16-18 in Miami, Florida. ApacheCon features 120+ sessions including five sub-conferences: Apache: IoT, Apache Traffic Server Control Summit, CloudStack Collaboration Conference, FlexJS Summit and TomcatCon. Secure your spot now! Linux.com readers get $30 off their pass to ApacheCon. Select “attendee” and enter code LINUXRD5. Register now >>  

1...546547548...10,742Page 547 of 10,742