Saturday, June 27, 2015

Monitor Server Resources with Collectd-web and Apache CGI in Linux

This tutorial will discuss how you can install and run Collectd-web interface, which is a front-end web monitoring tool for Collectd daemon, in conjunction with Apache CGI interface in order to produce graphical html outputs in order to monitor Linux boxes.
Monitor Linux Server Resources
Monitor Linux Server Resources
At the end of the article we will, also, present how you can protect Collectd-web interface using .hpasswdApache Authentication mechanism.


The requirement of this article is, you must have Collectd and Collectd-Web installed on your Linux system. To install these packages, you must follow Steps #1 and #2 from the previous article of this series at:
  1. Install Collectd and Collectd-Web in Linux
Only Follow following two steps from the above link:
Step 1: Install Collectd Service 
Step 2: Install Collectd-Web and Dependencies 
Once these two required things completed successfully, you can continue further instructions in this article to configure Collectd-web with Apache CGI.

Step 1: Installing Apache Web Server

1. Assuming that you already have installed Apache web server on your system, if not you can install using following command according to your Linux distribution.
# apt-get install apache2 [On Debian based Systems]
# yum install httpd  [On RedHat based Systems]
2. After Apache installed, change the directory to your default web server document root (which is located under/var/www/html/ or /var/www system path and clone the Collectd-web Github project by issuing the below commands:
# cd /var/www/html
# git clone
Also, make the following Collectd-web script executable by issuing the following command:
# chmod +x /var/www/html/collectd-web/cgi-bin/graphdefs.cgi

Step 2: Enable Apache CGI (.cgi scripts) for Default Host

3. In order for Apache to run the CGI scripts located under the default host HTML Collectd-web cgi-bin directory, you need to explicitly enable Apache CGI interface for Bash scripts (with .cgi extension) by altering the sites-available default host and adding the below statements block.

On Debian Systems

First open Apache default host configuration file for editing with nano editor:
# nano /etc/apache2/sites-available/000-default.conf
While the file is opened for editing add the following directive block below the Document Root directive as illustrated on the below image:

                Options Indexes ExecCGI
                AllowOverride All
                AddHandler cgi-script .cgi
                Require all granted

Enable CGI in Debian
Enable CGI in Debian
After you’re done editing the file, close it with CTRL + o and exit nano editor (CTRL+x), then enable Apache CGI module and restart the server in order to apply all the changes made so far by issuing the below commands:
# a2enmod cgi cgid
# service apache2 restart
# systemctl restart apache2.service     [For systemd init scripts]
Enable Apache CGI
Enable Apache CGI

On RedHat Systems

4. To enable Apache CGI interface for CentOS/RHEL, open httpd.conf Apache configuration file and add the following lines at the bottom of the file:
# nano /etc/httpd/conf/httpd.conf
Add following excerpt to httpd.conf file.
ScriptAlias /cgi-bin/ “/var/www/html/collectd-web/cgi-bin"
Options FollowSymLinks ExecCGI
AddHandler cgi-script .cgi .pl
In order to apply changes, restart httpd daemon by issuing the following command:
# service httpd restart
# systemctl restart httpd        [For systemd init scripts]

Step 3: Browse Collectd-web Interface

5. In order to visit Collectd-web interface and visualize statistics about your machine collected so far, open a browser and navigate to your machine IP Address/collectd-web/ URI location using the HTTP protocol.
Collectd-Web Dashboard
Collectd-Web Dashboard

Step 4: Password Protect Collectd-web URL using Apache Authentication

6. In case you want to limit access to Collectd-web interface by protecting it using Apache Authentication mechanism (.htpasswd), which requires visitors to enter a username and a password in order to access a web resource.
To do so, you need to install apache2-utils package and create a set of credentials for local authentication. To achieve this goal, first issue the following command to install apache2-utils package:
# apt-get install apache2-utils         [On Debian based Systems]
# yum install httpd-tools  [On RedHat based Systems]
7. Next, generate a username and a password which will be stored on a hidden local .htpass file located under Apache default host Collectd-web path by issuing the below command:
# htpasswd -c /var/www/html/collectd-web/.htpass  your_username
Try to protect this file by assigning the following permissions:
# chmod 700 /var/www/html/collectd-web/.htpass
# chown www-data /var/www/html/collectd-web/.htpass
8. On the next step, after you have generated .htpass file, open Apache default host for editing and instruct the server to use htpasswd basic server-side authentication by adding the following directive block as illustrated on the below screenshot:

                AuthType Basic
                AuthName "Collectd Restricted Page"
                AuthBasicProvider file
                AuthUserFile /var/www/html/collectd-web/.htpass 
                Require valid-user

Apache Password Protect Directory
Apache Password Protect Directory
9. The last step in order to reflect changes is to restart Apache server by issuing the below command and visit the Coollectd-web URL page as described above.
A pop-up should appear on the web page requesting for your authentication credentials. Use the username and password created earlier to access Collectd web interface.
# service apache2 restart  [On Debian based Systems]
# service httpd restart   [On RedHat based Systems]

---------------- For systemd init scripts ----------------
# systemctl restart apache2.service  
# systemctl restart http.service  
Apache Password Authentication
Apache Password Authentication
Collectd-Web Panel

Wednesday, June 24, 2015

7 must-know tips to help you create better, stronger passwords

The hacking misdeeds were described in a New York Times story based on the findings of Hold Security, a Milwaukee firm that has a history of uncovering online security breaches.
Hold Security, called the data "the largest known collection of stolen Internet credentials." Hold's researchers did not identify the origins of the data or name the victim websites, citing nondisclosure agreements. The company also said it didn't want to name companies whose websites are still vulnerable to hacking, according to the Times report.
Hold Security didn't immediately respond to inquiries from The Associated Press.
If there's reason to believe any of your passwords might have been compromised, change them immediately. One of the best things you can do is to make sure your passwords are strong.
Here are seven ways to fortify them:
- Make your password long. The recommended minimum is eight characters, but 14 is better and 25 is even better than that. Some services have character limits on passwords, though.
-Use combinations of letters and numbers, upper and lower case and symbols such as the exclamation mark. Some services won't let you do all of that, but try to vary it as much as you can. "PaSsWoRd!43" is far better than "password43."
-Avoid words that are in dictionaries, even if you add numbers and symbols. There are programs that can crack passwords by going through databases of known words. One trick is to add numbers in the middle of a word - as in "pas123swor456d" instead of "password123456." Another is to think of a sentence and use just the first letter of each word - as in "tqbfjotld" for "the quick brown fox jumps over the lazy dog."
-Substitute characters. For instance, use the number zero instead of the letter O, or replace the S with a dollar sign.
-Avoid easy-to-guess words, even if they aren't in the dictionary. You shouldn't use your name, company name or hometown, for instance. Avoid pets and relatives' names, too. Likewise, avoid things that can be looked up, such as your birthday or ZIP code. But you might use that as part of a complex password. Try reversing your ZIP code or phone number and insert that into a string of letters. As a reminder, you should also avoid "password" as the password, or consecutive keys on the keyboard, such as "1234" or "qwerty."
-Never reuse passwords on other accounts - with two exceptions. Over the years, I've managed to create hundreds of accounts. Many are for one-time use, such as when a newspaper website requires me to register to read the full story. It's OK to use simple passwords and repeat them in those types of situations, as long as the password isn't unlocking features that involve credit cards or posting on a message board. That will let you focus on keeping passwords to the more essential accounts strong.
The other exception is to log in using a centralized sign-on service such as Facebook Connect. Hulu, for instance, gives you the option of using your Facebook username and password instead of creating a separate one for the video site. This technically isn't reusing your password, but a matter of Hulu borrowing the log-in system Facebook already has in place. The account information isn't stored with Hulu. Facebook merely tells Hulu's computers that it's you. Of course, if you do this, it's even more important to keep your Facebook password secure.
-Some services such as Gmail even give you the option of using two passwords when you use a particular computer or device for the first time. If you have that feature turned on, the service will send a text message with a six-digit code to your phone when you try to use Gmail from an unrecognized device. You'll need to enter that for access, and then the code expires. It's optional, and it's a pain - but it could save you from grief later on. Hackers won't be able to access the account without possessing your phone. Turn it on by going to the account's security settings.

Tips & Tricks: Here's how you should create, manage, and store your passwords

So many online accounts, so many passwords. No wonder it's tempting to turn to apps and services that promise to keep track of your passwords. But these password managers are like treasure chests for hackers. If your master password is compromised, all your accounts potentially go with it.
One such service, LastPass, says it has detected "suspicious activity." Although it says it found no evidence that individual passwords or user accounts were breached, it's advising users to change their LastPass master password.
I advise users instead to rely less on just passwords.
Here are some tips:
All accounts aren't equal
Instead of having to remember dozens of complex passwords, maybe you need to remember only a half-dozen.
Focus on accounts that are really important:
— Bank accounts, of course, along with shopping services with your credit card information stored.
— Don't forget email. Who would want your mundane chatter? Well, email accounts are important because they are gateways for resetting passwords for other services, such as your Amazon account to go on a shopping spree.
— As for social-media accounts and discussion forums, maybe there are some you value more than others. You might not care if someone posts on your behalf to a discussion board offering tech support. But if it's a forum you value, and you've established a reputation under that identity, you might want to prioritise that, too.
For these highly sensitive ones, choose a unique password and remember it. Write it down by hand and keep it in a safe place. If you must store it electronically, use password-protected files kept on your device — not online. And don't name that file "password." Use something boring, like "chores."
Lower priority
For the rest of your accounts, it's not as bad to turn to a password manager, but it might not be necessary.
Web browsers from Apple and Google have built-in mechanisms for storing frequently used passwords. You even have options to sync those online if you use multiple devices. Google's new Smart Lock feature extends that to Android apps, too, so you're not limited to Web browsing.
Many services also let you sign in with your Facebook or other ID instead of generating new passwords each time. Make sure the ID service offers two-step verification, as I'll explain later. Turn that on.
Phones and fingerprints
If you haven't protected your phone with a passcode, tsk tsk! Someone can easily swipe your phone and get to your email account to unlock all sorts of other accounts.
Fortunately, the latest iPhones and Samsung Galaxy phones have fingerprint IDs that make it easier to unlock phones. Instead of typing in the four-digit passcode each time, you can tap your finger on the home button.
Apple now allows other app developers to use that fingerprint ID, too. So you can unlock banking apps with just a tap of your finger. In its upcoming Android update, called M, Google is also promising to make it easier for app makers to incorporate fingerprint ID. And Microsoft plans support for biometrics — such as a fingerprint or iris scan — in the upcoming Windows 10 system.
Double security
Major services including Apple, Google, Facebook, Microsoft and Dropbox offer a second layer of authentication, typically in the form of a numeric code sent as a text message. After you enter your regular password, you type in the code you receive on your phone to verify that it's really you. A hacker wouldn't have access to your phone.
You need to go into the account settings to turn on this feature, which goes by such names as two-factor authentication or two-step verification.
It's a hassle, but it keeps your accounts safer. Just assume that your password will get compromised at some point. This extra layer will keep the hacker from doing anything with it.
Even safer ...
When given a choice, consider signing in with your mobile number rather than your email address. It's much easier to hack into an email account to reset passwords. Of course, you'll have to trust the service not to use your mobile number for marketing. (I don't like to share my mobile number, so in many cases, I still use my email — knowing I have protection with two-step verification turned on.)
Also be careful when creating security questions to reset passwords. Your dog's name? Your first school? These are things someone might find on your social-media page or elsewhere online. I make up answers and make them as strong as my regular passwords.

Tuesday, June 16, 2015

The Linux AIO project: All of a distro's desktops in one ISO

Want to try out all of the desktop environments for a distro? Linux AIO makes it a whole lot easier

mutliple linux distros
If you are working with Linux and, like me, want to explore all of the desktop options of a distro, you’ll wind up downloading an endless list of disk images. I find this both mildly annoying and quite time consuming and apparently so do other people. Much to my pleasure, a small team (Milan Rajcic, Zeljko Popivoda, Erich Eickmeyer, and Milos Mladenovic) decided to do something about it. They created the Linux AIO project.
Linux AIO combines all of the desktop environments available for each distro and wraps them up in a disk image for a “live” (i.e. bootable) system that can be burned to a DVD or a USB 4GB+/8GB+ flash drive. The team now publishes six compilations:
·         Linux AIO Ubuntu ISOs
·         Linux AIO Linux Mint ISOs 
·         Linux AIO LMDE ISOs 
·         Linux AIO Debian Live ISOs 
·         Linux AIO Fedora ISOs  
·         Linux AIO Other ISO releases

All compilations include both current and old releases and the Ubuntu ISOs also includes the Long Term Support (LTS) versions. To give you an idea of what’s on one of these ISOs, the Linux AIO Debian Live 8.1.0 64bit ISO includes:
·         Debian Live 8.1.0 Cinnamon desktop AMD64
·         Debian Live 8.1.0 GNOME desktop AMD64
·         Debian Live 8.1.0 KDE desktop AMD64
·         Debian Live 8.1.0 LXDE desktop AMD64
·         Debian Live 8.1.0 MATE desktop AMD64
·         Debian Live 8.1.0 Xfce desktop AMD64

All of the ISOs are hosted on SourceForge where they can be retrieved by either HTTP or BitTorrent. The Linux AIO project also provides instructions for creating bootable USB drives. Here’s what the Debian ISO displays on boot:
linuxaio debianlive8 64bit

This is an excellent concept and the only downside is the Linux AIO haveing the time and finanical resources to keep up to date with distro releases. On the other hand, this is an idea all distro developers really should adopt as a general strategy for promoting the breadth and depth of their offerings.

Thursday, June 11, 2015

A Brief Guide to Starting Your IT Career as a Linux Sysadmin

According to the 2015 Linux Jobs Report, 97% of hiring IT managers are looking to add Linux talent this year. There are almost 12,000 open jobs on requiring Linux experience. And individuals with Linux experience are being recruited at an unprecedented rate. Learning Linux has never been more profitable or interesting.
That’s why we’ve created a free 15-page ebook entitled “A Brief Guide to Starting Your IT Career as a Linux Sysadmin.”
This guide answers questions like:
  • How do I quickly go from Linux newbie to Linux professional?
  • What does a Linux system administrator do?
  • How do I get my first Linux sysadmin job?
  • What’s the best way to advance my career once I’m a Linux sysadmin?
  • And more!
Interested in learning more about starting your IT career with Linux? Check out our free ebook “A Brief Guide To Starting Your IT Career In Linux.”

Protect your data with these five Linux encryption tools

Encryption on Linux has gotten much easier, thanks to apps like these. 
Please disable ad block
This video is unavailable because we were unable to load a message
from our sponsors. If you are using ad blocking software, please
disable it and reload the page.
If you think data is more precious than ever, you should certainly consider its security to be a priority. And with more and more businesses working with multiple platforms, you have to be prepared to work with encryption on just about every business-ready operating system available. Including Linux. Fortunately, you have plenty of encryption-ready tools to choose from.
But which tools should you be looking at? If you open up, say, the Ubuntu Software Center, you'll find the majority of tools available (under the "encryption" search results) to be nothing more than libraries to resolve dependencies. Dig a bit deeper, though, and you'll find everything you need for easy-to-use encryption. I've uncovered five such tools for encryption on the Linux platform.

1: GnuPG

Figure A`
GnuPG (Figure A) is the basis for which all encryption is handled on Linux. Without it, you won't get very far. But don't think GnuPG is just the foundation that enables all other tools to be used. Believe it or not, you can easily encrypt a file with GnuPG from the command line. The command to encrypt a file is:
gpg -c filename
where filename is the name of the file to encrypt. The encryption will attach a .gpg extension to the file.
To decrypt a file, the command is:
gpg filename.gpg
This is the easiest, fastest way to encrypt files (even though you do have to touch the command line).

2: VeraCrypt

VeraCrypt (Figure B) is an enhanced version of TrueCrypt that works on a much more secure level. How much more secure? Well, TrueCrypt uses PBKDF2-RIPEMD160 with 1,000 iterations--and VeraCrypt uses 327,661 iterations. The GUI for VeraCrypt is simple to use and walks you through the entire process of creating encrypted containers.

Figure B

Figure B
One caveat: The creation, encryption, mounting, and decryption of containers take a bit of time. But the added time is worth the extra security. VeraCrypt can load containers created by TrueCrypt and convert TrueCrypt containers to the VeraCrypt format.

3: Files

Files (Figure C) is the default file manager for the GNOME and Ubuntu Unity desktops. Within this user-friendly tool lies the ability to easily protect your files and folders with a low-level password encryption. Just select the file for compression, select a compression format that works with encryption (such as zip), add a password, and compress.

Figure C

Figure C
When you extract the compressed file, you will be prompted to enter the encryption password. Although this type of encryption isn't nearly as strong as what you would get with, say VeraCrypt, if you're looking for something quick and easy to use, this is what you want.

4: KGpg

KGpg (Figure D) is a user-friendly interface for using GnuPG. Although you won't actually be encrypting/decrypting binary and folders with KGpg, you will be managing the encryption keys that work with a number of encryption tools. Without encryption keys, many of those tools simply won't work--and some people avoid working with encryption on Linux because of the perceived complexity of the GnuPG command-line tools.

Figure D

Figure D
With a GUI like KGpg, you remove that barrier to entry and managing those encryption keys becomes exponentially easier. And KGpg comes with a built-in editor that allows you to open and edit simple text documents. With this editor you can also encrypt and decrypt those documents, although you can't open documents created in tools such as LibreOffice or Microsoft Word. This is text-only.

5: Gnome Encfs Manager

Gnome Encfs Manager (Figure E) is a GUI tool for the venerable encfs file encryption system. It should be noted that there is a vulnerability with encfs that, should your system(s) be prone to attack, makes encfs not ideal for sensitive data. However, if your host system (or network) isn't prone to attack, you should be good to go.

Figure E

Figure E
Gnome Encfs Manager makes creating "stashes" (aka containers) easy. With just a few clicks, you can create and configure a hidden folder on your Linux directory. Options include mounting on boot, idle timeout locks, stash groups, and password change. Gnome Encfs Manager can work only with encfs, so you won't be decrypting containers from other systems--this is Linux-only.

Your picks?

There you have it... encryption made simple, even within the Linux platform. Some of these tools can also go well beyond user-friendliness and into the land of very powerful. But if you're looking for an app that offers the security of encryption, and does so with a nod to user-friendliness, these five apps will get you started