Wednesday, August 22, 2012

Lab 1 - Selecting an OS

For the first lab we are going to select a distribution to work with. Some may think selecting a Linux distribution (operating system) would be easy, but in fact there are several hundred to choose from. So which is right for you?

The first question you have to ask yourself is, “what am I going to do with it?” This is a very important question because there are so many to pick from. If you’re just starting out and you’re not sure what you want yet, I would suggest looking at either Fedora or Ubuntu. These are two of the top distributions, and both have plenty of forms for help.

But before you download an iso (CD image file) and wipe Windows off your machine, you may want to play around with a live CD first. What’s a live CD you ask? A live CD is a full operating system on a CD-ROM!! All you have to do is to download an iso image, burn it to a CD, put the CD into your computer, and reboot. Like magic you’re running Linux in no time flat! (P.S. Fedora and Ubuntu come in Live CD’s).

Live CD’s are a great option because they give you a chance to try out different distributions without damaging your Windows operating system. Here is a great list of Linux Live CD’s.

So, for lab one, your task is to research the different Linux distributions you have to choose from and select one (or two, or three, etc). Once you do that, down load the iso files, burn your CD’s and start to explore.

(P.S. For more advanced users, you could also look into using VMware or VirtualBox to run your distribution of choice.)

For the labs we will be doing in this blog, I will be working with Fedora.

Wednesday, August 1, 2012

Multi-Factor Authentication using SSH

While setting up a new Linux server I got the idea to increase the security to multi factor authentication rather then just a simple password. A search of the Tubes didn’t reveal an adequate guide on how to best go about this. This post is due to the lack of guide in the hope it will save you a little time and help increase your security.

Goal:
I wanted to be able to utilize multi factor authentication from multiple workstations running different operating systems (naming Windows & Linux). Also, I will not be the only one using this form of authentication so I needed to make it shareable with team.

To accomplish these goals I selected SSH, using a public / private key along with a passphrase on the key; hence giving me two factors (something I have and something I know).

I know what some people will be saying at this point, “this has been done before and there’s tons of posts..” Well it is true that public / private keys are not new to SSH, generally they are used without a passphrase (for automation) and they are generated from the client side. In this example I will generate the RSA keys on the server and then transport the private key to the client I want to utilize it on.

The Setup:


Steps:
The following commands will do the following (in order)

1) Create an account named ServiceAccount
2) Set password for the ServiceAccount
3) Change user and “become” the user ServiceAccount
4) Generate the RSA keys
- Save the key to the default location
- Set a passphrase that is strong but you can remember
5) Put a copy of the public RSA key into the authorized_keys file
6) Change the security on the authorized_keys file
7) Become root (or another user that has sudo access)
8) Make a backup of the sshd_config file before we modify it
9) Make the following modifications to sshd_config file
10) Restart the sshd demon
11) Copy the private key to your remote client (in my case this was a Linux box)
12) Connect from the remote Linux workstation

Commands:

Useradd ServiceAccount
passwd ServiceAccount
su ServiceAccount
ssh-keygen –t rsa
## Save the keys to the default location (/home/ServiceAccount/.ssh)
## Set a strong passphrase when prompted
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
su -
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.orig
vi /etc/ssh/sshd_config
PermitRootLogin no
PasswordAuthenticaion no
PubKeyAuthentication yes
service sshd restart
scp ~/.ssh/id_rsa UserName@Client:~/ServiceAccount_RSA
ssh –i ~/ServiceAccount_RSA ServiceAccount@Server

Friday, June 15, 2012

Raspberry Pi - Retro Atari Game Case

Raspberry pi Atari Case

Like thousands of others, I too picked up a Raspberry Pi. I'm not much of a hardware developer, but for $35 bucks it's a fun toy to play around with. Since all you get is the board, the first step is to get a case around it. Like so many others I decided built my own from an old Atari Centipede game cartage. Yes, I'm old enough to still have games from that era lying around the house. Any way, I just wanted to display some pictures here for others to enjoy. If anyone would like more details just drop me a line.

- Michael -








Raspberry pi Atari Case

Raspberry pi Atari Case







Saturday, November 12, 2011

Host Firewall - Level 1

I know there are a ton of websites out there talking about firewalls, especially iptables, however I wanted to just take a minute to create a basic, but very functional firewall. So, here it is.

1) backup your current config file

sudo cp /etc/sysconfig/iptables /etc/sysconfig/iptables.orig


2) Edit the file /etc/sysconfig/iptables with your favorite editor (vi) and add the following lines

*filter
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j DROP
COMMIT


3) Restart the iptables firewall

sudo service iptables restart


4) Enjoy

Note: This testing was done on CentOS 6.0

Friday, August 26, 2011

The History of Linux

So to get a better understanding of Linux let's start by examining where Linux comes from and why.

(Here's the short version)

In the early 70's there was UNIX. UNIX systems were not (and are still not) cheep and fall under a lot of the same licensing issues that a Microsoft box does. (i.e. you're not allowed to distribute or modify the code without their permission). So there was this guy by the name of Richard Stallman who came up with this idea to create an open source, freely distributed operating system. So in the 80's Richard started working on his "free" OS. At first he was the sole member of his team and began to write code and publish it on bulletin board systems (BBS). Soon Richard's team grew and he has people all over the place helping him write the code.

This was good news since building an operating system from scratch is no small task. If you've ever looked at building your own OS from the ground up, or even explored an OS in depth, you know there are a lot of moving parts that need to be taken into account. Things like the compiler, hardware support, libraries to support applications, text editors and tons of over things; oh, and don't forget about the kernel (you're going to need one of those).

So in 1985 Richard founded the "Free Software Foundation" to help with the GNU project. By 1990 Richard either found or had written most (if not all) of the components of the operating system; minus one, the kernel.

On a side note: coming up with the name for the project started one of the more odd phenomena in open source software; creating wired but meaningful names / acronyms for products. Richard came up with the acronym of GNU, which stands for "GNU's Not Unix". Yes, the G in GNU stands for GNU. This is known as a recursive acronym. Odd I know but people have been having fun with acronyms ever since.

Now back to our story. Around the same time the GNU project was being built, Linus Torvalds created a kernel (oddly enough, it was just what the GNU project needed). So joining Linus's kernel into the GNU project finished the puzzle and an open source, free operating system was born.

Going back to names for a second, since the OS is often referred to as Linux, most people think Linus created it. Of course he played a vital role in building it, but it's important to remember all the work the GNU team put into the OS as well. So to be correct, it should be referred to as "GNU/Linux".

Tuesday, August 9, 2011

Building a Digital Picture Frame in 10,542 Easy Steps



I know this project has been done before, but I have added a few tweaks along with tips and tricks to make it easier. This is the presentation I gave at UAT on November 4th 2009. If you would like more information, please E-mail me.

I have converted the PowerPoint to a PDF for your viewing pleasure. It can be found here.

Also, in this post I talk about using my custom image of DSL Linux. I have yet to get that on the Internet, but it is coming...

Introduction

Welcome to the Linux-How-2 blog.

The goal of this blog is to educate people in the use of the Linux operating system. I will try to be as general as possible, but my main OS's are CentOS (Red Hat) and Fedora. I will be talking about other OS's and I welcome all questions.

In this blog we will go over using and learning Linux in a practical way. In short, what that means is I will be providing and demonstrating real world scenarios with Linux. For ease of education, I have divided this blog into I've sections; beginner, intermediate, advanced, scripts and projects.

The beginner section will be for basic overviews, explanations as to "why" things are done the way they are and some of the history behind Linux. The goal will be to give the learner the background and foundation to start using Linux.

In the intermediate section, I will start to go over more elaborate uses of commands, basic software configuration & usage and some system tuning techniques.

Under the advanced section the plan is to go more in-depth of system configuration and examine some of the more rare commands and their usage. I would also like to get some of your questions and add them to this section.

As you would expect scripts will be under the scripts section. Like other sections, I would like your questions or requests on what you would like to see.

In the project section you will find any of the projects I use Linux for. Again, all ideas are welcome.

I hope you enjoy this blog and I look forward to hearing from you.

Michael