Category: Linux, FreeBSD, and Unix types

Bash provides many important built-in commands, like ls, cd, and mv, as well as regular tools such as grep, awk, and sed. But, it is equally important to know the punctuation marks — the glue in the shape of dots, commas, brackets. and quotes — that allow you to transform and push data from one place to another. Take angle brackets (< >), for example.

Pushing Around

If you are familiar with other programming and scripting languages, you may have used < and > as logical operators to check in a condition whether one value is larger or smaller than another. If you have ever written HTML, you have used angle brackets to enclose tags.

In shell scripting, you can also use brackets to push data from place to place, for example, to a file:

ls > dir_content.txt

In this example, instead of showing the contents of the directory on the command line, > tells the shell to copy it into a file called dir_content.txt. If dir_content.txt doesn’t exist, Bash will create it for you, but if dir_content.txt already exists and is not empty, you will overwrite whatever it contained, so be careful!

You can avoid overwriting existing content by tacking the new stuff onto the end of the old stuff. For that you use >> (instead of >):

ls $HOME > dir_content.txt; wc -l dir_content.txt >> dir_content.txt

This line stores the list of contents of your home directory into dir_content.txt. You then count the number of lines in dir_content.txt (which gives you the number of items in the directory) with wc -l and you tack that value onto the end of the file.

After running the command line on my machine, this is what my dir_content.txt file looks like:

Applications bin cloud Desktop Documents Downloads Games ISOs lib logs Music OpenSCAD Pictures Public Templates test_dir Videos 17 dir_content.txt

The mnemonic here is to look at > and >> as arrows. In fact, the arrows can point the other way, too. Say you have a file called CBActors containing some names of actors and the number of films by the Coen brothers they have been in. Something like this:

John Goodman 5
John Turturro 3
George Clooney 2
Frances McDormand 6
Steve Buscemi 5
Jon Polito 4
Tony Shalhoub 3
James Gandolfini 1

Something like

sort < CBActors # Do this
Frances McDormand 6 # And you get this
George Clooney 2 James Gandolfini 1 John Goodman 5 John Turturro 3 Jon Polito 4 Steve Buscemi 5 Tony Shalhoub 3

Will sort the list alphabetically. But then again, you don’t need < here since sort already expects a file anyway, so sort CBActors will work just as well.

However, if you need to see who is the Coens’ favorite actor, you can check with :

while read name surname films; do echo $films $name $surname > filmsfirst.txt; done < CBActors

Or, to make that a bit more readable:

while read name surname films;\ do echo $films $name $surname >> filmsfirst;\ done < CBActors

Let’s break this down, shall we?

• the while ...; do ... done structure is a loop. The instructions between do and done are repeatedly executed while a condition is met, in this case…
• … the read instruction has lines to read. read reads from the standard input and will continue reading until there is nothing more to read…
• … And as standard input is fed in via < and comes from CBActors, that means the while loop will loop until the last line of CBActors is piped into the loop.
• Getting back to read for a sec, the tool is clever enough to see that there are three distinct fields separated by spaces on each line of the file. That allows you to put the first field from each line in the name variable, the second in surname and the third in films. This comes in handy later, on the line that says echo $films $name $surname >> filmsfirst;\, allowing you to reorder the fields and push them into a file called filmsfirst.

At the end of all that, you have a file called filmsfirst that looks like this:

5 John Goodman 3 John Turturro 2 George Clooney 6 Frances McDormand 5 Steve Buscemi 4 Jon Polito 3 Tony Shalhoub 1 James Gandolfini

which you can now use with sort:

sort -r filmsfirst

to see who is the Coens’ favorite actor. Yes, it is Frances McDormand. (The -r option reverses the sort, so McDormand ends up on top).

We’ll look at more angles on this topic next time!

Kubernetes Day is a single day, single track event that brings together local and international experts to engage developers interested in Kubernetes and related cloud native technologies. Run by the Cloud Native Computing Foundation, which hosts Kubernetes, the event is targeted at regions with large numbers of developers who cannot necessarily travel to KubeCon + CloudNativeCon events in Europe, China, and North America. Learn more

Click Here!

Click Here!

Blockchains have to be trusted in order for them to succeed, and public blockchains can cause problems you may not think about, according to Bruce Schneier, a fellow and lecturer at the Harvard Kennedy School, in his keynote address at December’s Hyperledger Global Forum on “Security, Trust and Blockchain.”

Schneier began his talk by citing a quote from Bitcoin’s anonymous developer, Satoshi Nakamoto, who said “We have proposed a system for electronic transaction without relying on trust.”

“That’s just not true,’’ Schneier said. “Bitcoin is not a system that doesn’t rely on trust.” It eliminates certain trust intermediaries, but you have to somehow trust Bitcoin, he noted. Generally speaking, the Bitcoin system changes the nature of trust.

Schneier called himself a big fan of “systems thinking,” which is what the issue boils down to, he said. This is something that is in too short supply in the tech world right now,’’ he maintained, and “we need a lot more of it.”

Trust relationships

Schneier’s talk focused on the data structures and protocols that make up a public blockchain. He called private blockchains “100 percent uninteresting,” explaining that they’re easy to create and secure, they don’t need any special properties, and they’ve been around for years.

Public blockchains are what’s new, he noted. They have three elements that make them work:

• The ledger, which is the record of what happened and in what order
• The consensus algorithm, which ensures all copies of the ledger are the same
• The token, which is the currency

All the pieces fit together as a single system, and whether they can achieve anything gets back to the issue of trust, he said.

Read more and watch the complete presentation at The Linux Foundation.

Learn how to get network information using the ss command in this tutorial from the archives.

Linux includes a fairly massive array of tools available to meet almost every need. From development to security to productivity to administration…if you have to get it done, Linux is there to serve. One of the many tools that admins frequently turned to was netstat. However, the netstat command has been deprecated in favor of the faster, more human-readable ss command.

The ss command is a tool used to dump socket statistics and displays information in similar fashion (although simpler and faster) to netstat. The ss command can also display even more TCP and state information than most other tools. Because ss is the new netstat, we’re going to take a look at how to make use of this tool so that you can more easily gain information about your Linux machine and what’s going on with network connections.

The ss command-line utility can display stats for the likes of PACKET, TCP, UDP, DCCP, RAW, and Unix domain sockets. The replacement for netstat is easier to use (compare the man pages to get an immediate idea of how much easier ss is). With ss, you get very detailed information about how your Linux machine is communicating with other machines, networks, and services; details about network connections, networking protocol statistics, and Linux socket connections. With this information in hand, you can much more easily troubleshoot various networking issues.

Let’s get up to speed with ss, so you can consider it a new tool in your administrator kit.

Basic usage

The ss command works like any command on the Linux platform: Issue the command executable and follow it with any combination of the available options. If you glance at the ss man page (issue the command man ss), you will notice there aren’t nearly the options found for the netstat command; however, that doesn’t equate to a lack of functionality. In fact, ss is quite powerful.

If you issue the ss command without any arguments or options, it will return a complete list of TCP sockets with established connections (Figure 1).

Because the ss command (without options) will display a significant amount of information (all tcp, udp, and unix socket connection details), you could also send that command output to a file for later viewing like so:

ss > ss_output

Of course, a very basic command isn’t all that useful for every situation. What if we only want to view current listening sockets? Simple, tack on the -l option like so:

ss -l

The above command will only output a list of current listening sockets.

To make it a bit more specific, think of it this way: ss can be used to view TCP connections by using the -t option, UDP connections by using the -u option, or UNIX connections by using the -x option; so ss -t,  ss -u, or ss -x. Running any of those commands will list out plenty of information for you to comb through (Figure 2).

By default, using either the -t, the -u, or the -x options alone will only list out those connections that are established (or connected). If we want to pick up connections that are listening, we have to add the -a option like:

ss -t -a 

The output of the above command will include all TCP sockets (Figure 3).

In the above example, you can see that UDP connections (in varying states) are being made from the IP address of my machine, from various ports, to various IP addresses, through various ports. Unlike the netstat version of this command, ss doesn’t display PID and command name responsible for these connections. Even so, you still have plenty of information to begin troubleshooting. Should any of those ports or URLs be suspect, you now know what IP address/Port is making the connection. With this, you now have the information that can help you in the early stages of troubleshooting an issue.

Filtering ss with TCP States

One very handy option available to the ss command is the ability to filter using TCP states (the the “life stages” of a connection). With states, you can more easily filter your ss command results. The ss tool can be used in conjunction with all standard TCP states:

• established

• syn-sent

• syn-recv

• fin-wait-1

• fin-wait-2

• time-wait

• closed

• close-wait

• last-ack

• listening

• closing

Other available state identifiers ss recognizes are:

• all (all of the above states)

• connected (all the states with the exception of listen and closed)

• synchronized (all of the connected states with the exception of syn-sent)

• bucket (states which are maintained as minisockets, for example time-wait and

• syn-recv)

• big (Opposite to bucket state)

The syntax for working with states is simple.

For tcp ipv4:
ss -4 state FILTER
For tcp ipv6: ss -6 state FILTER

Where FILTER is the name of the state you want to use.

Say you want to view all listening IPv4 sockets on your machine. For this, the command would be:

ss -4 state listening

The results of that command would look similar to Figure 4.

Show connected sockets from specific address

One handy task you can assign to ss is to have it report connections made by another IP address. Say you want to find out if/how a machine at IP address 192.168.1.139 has connected to your server. For this, you could issue the command:

ss dst 192.168.1.139

The resulting information (Figure 5) will inform you the Netid, the state, the local IP:port, and the remote IP:port of the socket.

Make it work for you

The ss command can do quite a bit to help you troubleshoot issues with your Linux server or your network. It would behoove you to take the time to read through the ss man page (issue the command man ss). But, at this point, you should at least have a fundamental understanding of how to make use of this must-know command.

Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.

Ah, the age-old question: Which Linux distribution is best suited for servers? Typically, when this question is asked, the standard responses pop up:

• RHEL

• SUSE

• Ubuntu Server

• Debian

• CentOS

However, in the name of opening your eyes to maybe something a bit different, I’m going to approach this a bit differently. I want to consider a list of possible distributions that are not only outstanding candidates but also easy to use, and that can serve many functions within your business. In some cases, my choices are drop-in replacements for other operating systems, whereas others require a bit of work to get them up to speed.

Some of my choices are community editions of enterprise-grade servers, which could be considered gateways to purchasing a much more powerful platform. You’ll even find one or two entries here to be duty-specific platforms. Most importantly, however, what you’ll find on this list isn’t the usual fare.

ClearOS

What is ClearOS? For home and small business usage, you might not find a better solution. Out of the box, ClearOS includes tools like intrusion detection, a strong firewall, bandwidth management tools, a mail server, a domain controller, and much more. What makes ClearOS stand out above some of the competition is its purpose is to server as a simple Home and SOHO server with a user-friendly, graphical web-based interface. From that interface, you’ll find an application marketplace (Figure 1), with hundreds of apps (some of which are free, whereas some have an associated cost), that makes it incredibly easy to extend the ClearOS featureset. In other words, you make ClearOS the platform your home and small business needs it to be. Best of all, unlike many other alternatives, you only pay for the software and support you need.

There are three different editions of ClearOS:

To make the installation of software even easier, the ClearOS marketplace allows you to select via:

• By Function (which displays apps according to task)

• By Category (which displays groups of related apps)

• Quick Select File (which allows you to select pre-configured templates to get you up and running fast)

In other words, if you’re looking for a Linux Home, SOHO, or SMB server, ClearOS is an outstanding choice (especially if you don’t have the Linux chops to get a standard server up and running).

Fedora Server

You’ve heard of Fedora Linux. Of course you have. It’s one of the finest bleeding edge distributions on the market. But did you know the developers of that excellent Fedora Desktop distribution also has a Server edition? The Fedora Server platform is a short-lifecycle, community-supported server OS. This take on the server operating system enables seasoned system administrators, experienced with any flavor of Linux (or any OS at all), to make use of the very latest technologies available in the open source community. There are three key words in that description:

• Seasoned

• System

• Administrators

In other words, new users need not apply. Although Fedora Server is quite capable of handling any task you throw at it, it’s going to require someone with a bit more Linux kung fu to make it work and work well. One very nice inclusion with Fedora Server is that, out of the box, it includes one of the finest open source, web-based interface for servers on the market. With Cockpit (Figure 2) you get a quick glance at system resources, logs, storage, network, as well as the ability to manage accounts, services, applications, and updates.

If you’re okay working with bleeding edge software, and want an outstanding admin dashboard, Fedora Server might be the platform for you.

NethServer

NethServer is about as no-brainer of a drop-in SMB Linux server as you’ll find. With the latest iteration of NethServer, your small business will enjoy:

All of the included features can be easily configured with a user-friendly, web-based interface that includes single-click installation of modules to expand the NethServer feature set (Figure 3) What sets NethServer apart from ClearOS is that it was designed to make the admin job easier. In other words, this platform offers much more in the way of flexibility and power. Unlike ClearOS, which is geared more toward home office and SOHO deployments, NethServer is equally at home in small business environments.

Rockstor

Rockstor is a Linux and Btfrs powered advanced Network Attached Storage (NAS) and Cloud storage server that can be deployed for Home, SOHO, as well as small- and mid-sized businesses alike. With Rockstor, you get a full-blown NAS/Cloud solution with a user-friendly, web-based GUI tool that is just as easy for admins to set up as it is for users to use. Once you have Rockstor deployed, you can create pools, shares, snapshots, manage replication and users, share files (with the help of Samba, NFS, SFTP, and AFP), and even extend the featureset, thanks to add-ons (called Rock-ons). The list of Rock-ons includes:

• CouchPotato (Downloader for usenet and bittorrent users)

• Deluge (Movie downloader for bittorrent users)

• EmbyServer (Emby media server)

• Ghost (Publishing platform for professional bloggers)

• GitLab CE (Git repository hosting and collaboration)

• Gogs Go Git Service (Lightweight Git version control server and front end)

• Headphones (An automated music downloader for NZB and Torrent)

• Logitech Squeezebox Server for Squeezebox Devices

• MariaDB (Relational database management system)

• NZBGet (Efficient usenet downloader)

• OwnCloud-Official (Secure file sharing and hosting)

• Plexpy (Python-based Plex Usage tracker)

• Rocket.Chat (Open Source Chat Platform)

• SaBnzbd (Usenet downloader)

• Sickbeard (Internet PVR for TV shows)

• Sickrage (Automatic Video Library Manager for TV Shows)

• Sonarr (PVR for usenet and bittorrent users)

• Symform (Backup service)

Rockstor also includes an at-a-glance dashboard that gives admins quick access to all the information they need about their server (Figure 4).

Zentyal

Zentyal is another Small Business Server that does a great job of handling multiple tasks. If you’re looking for a Linux distribution that can handle the likes of:

• Directory and Domain server

• Mail server

• Gateway

• DHCP, DNS, and NTP server

• Certification Authority

• VPN

• Instant Messaging

• FTP server

• Antivirus

• SSO authentication

• File sharing

• RADIUS

• Virtualization Management

• And more

Zentyal might be your new go-to. Zentyal has been around since 2004 and is based on Ubuntu Server, so it enjoys a rock-solid base and plenty of applications. And with the help of the Zentyal dashboard (Figure 5), admins can easily manage:

Adding new components to the Zentyal server is as simple as opening the Dashboard, clicking on Software Management > Zentyal Components, selecting what you want to add, and clicking Install. The one issue you might find with Zentyal is that it doesn’t offer nearly the amount of addons as you’ll find in the likes of Nethserver and ClearOS. But the services it does offer, Zentyal does incredibly well.

Plenty More Where These Came From

This list of Linux servers is clearly not exhaustive. What it is, however, is a unique look at the top five server distributions you’ve probably not heard of. Of course, if you’d rather opt to use a more traditional Linux server distribution, you can always stick with CentOS, Ubuntu Server, SUSE, Red Hat Enterprise Linux, or Debian… most of which are found on every list of best server distributions on the market. If, however, you’re looking for something a bit different, give one of these five distos a try.

Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.

The Linux Foundation just recently announced its 2019 events schedule, featuring all your favorite events as well as some brand-new ones to cover the latest technologies. Make plans now to speak or attend and expand your experience with open source.

The Linux Foundation’s 2019 events are projected to more than 35,000 open source influencers to learn and share best practices in open source technologies ranging from operating systems, cloud applications, containers, IoT, AI, networking, security, storage, and more. New events on the schedule for this year include Cephalocon and gRPC Conf.

Submit a Proposal

If you’re interested in submitting a proposal, act soon because calls for papers for some of the earliest 2019 events are on the verge of closing. Speaking proposals are now being accepted for:

Check back soon for submission details for other upcoming events, as the calendar is regularly updated. The Linux Foundation welcomes first-time speakers and is happy to provide additional information about the submission process.

If you don’t plan to speak but do want to attend, note that events like KubeCon + CloudNativeCon Europe are expected to sell out. The recent event in Seattle was record-breaking in terms of attendance, so register early to secure your spot.

Learn how to use Let’s Encrypt in this tutorial from our archives.

Back in the bad old days, setting up basic HTTPS with a certificate authority cost as much as several hundred dollars per year, and the process was difficult and error-prone to set up. Now we have Let’s Encrypt for free, and the whole thing takes just a few minutes.

Why Encrypt?

Why encrypt your sites? Because unencrypted HTTP sessions are wide open to multiple abuses:

Internet service providers lead the code-injecting offenders. How to foil their nefarious desires? Your best defense is HTTPS. Let’s review how HTTPS works.

Chain of Trust

You could set up asymmetric encryption between your site and everyone who is allowed to access it. This is very strong protection: GPG (GNU Privacy Guard, see How to Encrypt Email in Linux), and OpenSSH are common tools for asymmetric encryption. These rely on public-private key pairs. You can freely share public keys, while your private keys must be protected and never shared. The public key encrypts, and the private key decrypts.

This is a multi-step process that does not scale for random web-surfing, however, because it requires exchanging public keys before establishing a session, and you have to generate and manage key pairs. An HTTPS session automates public key distribution, and sensitive sites, such as shopping and banking, are verified by a third-party certificate authority (CA) such as Comodo, Verisign, or Thawte.

When you visit an HTTPS site, it provides a digital certificate to your web browser. This certificate verifies that your session is strongly encrypted and supplies information about the site, such as organization’s name, the organization that issued the certificate, and the name of the certificate authority. You can see all of this information, and the digital certificate, by clicking on the little padlock in your web browser’s address bar (Figure 1).

The major web browsers, including Opera, Firefox, Chromium, and Chrome, all rely on the certificate authority to verify the authenticity of the site’s digital certificate. The little padlock gives the status at a glance; green = strong SSL encryption and verified identity. Web browsers also warn you about malicious sites, sites with incorrectly configured SSL certificates, and they treat self-signed certificates as untrusted.

So how do web browsers know who to trust? Browsers include a root store, a batch of root certificates, which are stored in /usr/share/ca-certificates/mozilla/. Site certificates are verified against your root store. Your root store is maintained by your package manager, just like any other software on your Linux system. On Ubuntu, they are supplied by the ca-certificates package. The root store itself is maintained by Mozilla for Linux.

As you can see, it takes a complex infrastructure to make all of this work. If you perform any sensitive online transactions, such as shopping or banking, you are trusting a whole lot of unknown people to protect you.

Encryption Everywhere

Let’s Encrypt is a global certificate authority, similar to the commercial CAs. Let’s Encrypt was founded by the non-profit Internet Security Research Group (ISRG) to make it easier to secure Websites. I don’t consider it sufficient for shopping and banking sites, for reasons which I will get to shortly, but it’s great for securing blogs, news, and informational sites that don’t have financial transactions.

There are at least three ways to use Let’s Encrypt. The best way is with the Certbot client, which is maintained by the Electronic Frontier Foundation (EFF). This requires shell access to your site.

If you are on shared hosting then you probably don’t have shell access. The easiest method in this case is using a host that supports Let’s Encrypt.

If your host does not support Let’s Encrypt, but supports custom certificates, then you can create and upload your certificate manually with Certbot. It’s a complex process, so you’ll want to study the documentation thoroughly.

When you have installed your certificate use SSL Server Test to test your site.

Let’s Encrypt digital certificates are good for 90 days. When you install Certbot it should also install a cron job for automatic renewal, and it includes a command to test that the automatic renewal works. You may use your existing private key or certificate signing request (CSR), and it supports wildcard certificates.

Limitations

Let’s Encrypt has some limitations: it performs only domain validation, that is, it issues a certificate to whoever controls the domain. This is basic SSL. It does not support Organization Validation (OV) or Extended Validation (EV) because it is not possible to automate identity validation. I would not trust a banking or shopping site that uses Let’s Encrypt– let ’em spend the bucks for a complete package that includes identity validation.

As a free-of-cost service run by a non-profit organization there is no commercial support, but only documentation and community support, both of which are quite good.

The Internet is full of malice. Everything should be encrypted. Start with Let’s Encrypt to protect your site visitors.

Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.

As we look forward to the release of Linux Kernel 5.0 in the coming weeks, we can enjoy another venerable open source technology reaching the 5.0 milestone: the Bash shell utility. The GNU Project has launched the public version 5.0 of GNU/Linux’s default command language interpreter. Bash 5.0 adds new shell variables and other features and also repairs several major bugs.

New shell variables in Bash 5.0 include BASH_ARGV0, which “expands to $0 and sets $0 on assignment,” says the project. The EPOCHSECONDS variable expands to the time in seconds since the Unix epoch, and EPOCHREALTIME does the same, but with microsecond granularity.

New features include a “history -d” built-in function that can remove ranges of history entries and understands negative arguments as offsets from the end of the history list. There is also a new option called “localvar_inherit” that allows local variables to inherit the value of a variable with the same name at the nearest preceding scope.

A new shell option called “assoc_expand_once” causes the shell to attempt to expand associative array subscripts only once, which may be required when they are used in arithmetic expressions. Among many other new features, a new option is available that can disable sending history to syslog at runtime. In addition, the “globasciiranges” shell option is now enabled by default.

Bash 5.0 also fixes several major bugs. It overhauls how nameref variables resolve and fixes “a number of potential out-of-bounds memory errors discovered via fuzzing,” says the GNU Project’s readme. Changes have been made to the “expansion of $@ and $* in various contexts where word splitting is not performed to conform to a Posix standard interpretation.” Other fixes resolve corner cases for Posix conformance.

Finally, Bash 5.0 introduces a few incompatibilities compared to the most recent Bash 4.4.x. For example, changes to how nameref variables are resolved can cause different behaviors for some uses of namerefs.

Bash to basics

Bash (Bourne-Again Shell) may be 5.0 in development years, but it’s a lot older in Earth orbits. The utility will soon celebrate its 30th anniversary since Brian Fox released Bash 1.0 beta release in June 1989.

Over the years, Bash has expanded upon the POSIX shell spec with interactive command line editing, history substitution, brace expansion, and on some architectures, job control features. It has also borrowed features from the Korn shell (ksh) and the C shell (csh). Most sh scripts can be run by Bash without modification, says the GNU Project.

Bash and other Bourne-based shell utilities have largely survived the introduction of GUI alternatives to the command line such as Git GUI. Experienced Linux developers — and especially sysadmins — tend to prefer the greater speed and flexibility of working directly with the command line. There are also situations where the GUI will spit you back to the command line anyway.

It’s really a matter of whether you will be spending enough time doing Linux development or administration to make it worthwhile to learn the commands. Besides, in a movie, isn’t it more exciting to watch the hacker frantically clacking away at the command line to disable the nuclear weapon rather than clicking options off a menu? Clacking rules!

Bash 5.0 is available for download from the GNU Project’s Bash 5.0 readme page.