Sommaire pour No. 167 de Linux User & Developer

This issue » Secure your system » Pen testing with Raspberry Pi » Play musical Minecraft » Build your own NAS Welcome to the latest issue of Linux User & Developer, the UK and America’s favourite Linux and open source magazine. You know that old adage about setting a thief to catch a thief? It’s true, especially when it comes to security. It’s all very well setting up a fence, but for maximum security you need to start thinking like a hacker. Don’t stockpile bitcoins in case your data gets locked down by crypto ransomware; think about what data is important and bury it somewhere so deep and encrypted and offline that it makes The Pit look like a holiday camp. Don’t assume that passive guards are enough to protect…

“We are going to need more solutions at the application-inspired level” The highly regarded Amazon Web Service has announced a new open-source project aimed creating a full, serverless runtime application environment that can be of benefit to app developers, coding enthusiasts and end users. Named Flourish, the project looks to highlight the simplicity of serverless environments by showing how requests can be scaled so as to not misuse server capacities. Other benefits include developers being able to code in their preferred language, thanks to the runtimes being open, and app providers not having to pay for unused computing power. Speaking at the ServerlessConf in Brooklyn, Tim Wagner, GM of AWS Serverless Compute, said: “We are now in the frameworks and dev tools stage where the ecosystem is growing and enabling…

Top 10 This month Stable releases (16) In development (9) The CentOS 6.8 release has been received well by users. It features a number of fresh changes, including a combined repository for installation. Highlights ElementaryOS The lightweight Ubuntu-based desktop has carved a following for its minimal take on the traditional desktop formula. Its desktop environment, Pantheon, is one of the best options out there for those who really like to customise core features. Zorin Zorin is still riding the crest of the wave thanks to its OS 11 update a few months back. Its range of pre-installed applications now include a new contacts manager and an alternative to VLC. Manjaro Linux enthusiasts are itching to get their hands on Manjaro’s upcoming 16.06 update, promising a new graphical configuration module for…

pfSense is so vast in its feature set that the team behind it has even launched its own tuition program to help budding users to get to grips with the advanced distribution. pfSense University offers an array of in-depth courses to help increase your overall knowledge of their products and services. Whether it’s in the form of improving your knowledge of security procedures, or learning the basics of network protection, you’ll find a course for you. Through the official pfSense site, users can find a full curriculum of each course and an enrolment sheet to get started.…

Issues for Linux Admins The problem with security advice is that there is too much of it and that those responsible for security certainly have too little time to implement all of it. The challenge is to determine what the biggest risks are and to worry about those first and about others as time permits. Weak passwords People’s choice of passwords continues to pose a huge security risk. Weak passwords are a general security concern in the Linux environment. Make it a practice to use ssh public keys to allow an account on one system to ssh into another system without supplying any password. At the very least, pick a moderately hard-to-crack password for your ssh key. Open network ports Just as every account on your system is a potential…

“You can identify the vulnerabilities that could allow an external hacker to access sensitive information” Nessus is a widely used vulnerability scanner that uses web interfaces to set up, scan and view reports. The great thing about Nessus is that it is an open source tool that offers a robust set of features and also has good community support. Nessus uses a modular architecture consisting of centralised servers that conduct scanning, and remote clients that allow for administrator interaction. You can deploy Nessus scanning servers at various points within your network and you can control them from a single client. With this, you will be able to effectively scan segmented networks from multiple vantage points and conduct scans of large networks that require multiple servers running simultaneously. Nessus gives you…

“In essence, a shell script is little more than a text file. It differs from its normal brethren by having the executable bit set” Even though Linux distributions like Ubuntu do a great job at hiding the often intimidating black terminal window from their users, Unix is and will forever be associated primarily with textual input systems. When used in text or terminal mode, commands are not handled by the operating system itself. Instead, a command line parser called a shell is responsible for handling I/O, parsing and program invocation. As time went by, a multitude of shells were developed. Bash, a free implementation of the Bourne shell, has managed to establish itself as a bona fide standard. Shells are interesting not only due to their ability to take in…

Resources Debian Backports hhttp://backports.debian.org Debian LTS Project https://wiki.debian.org/LTS/ Telegram Desktop https://desktop.telegram.org/ GNU libc6 https://ftp.gnu.org/gnu/libc/ Memcpy VS memmove http://bit.ly/1X7cAwt It is quite difficult to catch up on new software versions. Newer versions need newer libraries, and some GNU/Linux distros cannot keep pace. This is why we must upgrade that old distro to a new release, apparently. Security concerns aside, it is not necessary to do so. If our distro has not reached its end of life yet, there is no need to hurry it along. Open source projects can be easily adapted and built on older distros as long as we can do the same to their dependencies (i.e., libraries). Sometimes we will not be that lucky: enter proprietary software! Even for these extreme cases there is hope. To ease the…

Raspberry Pi 2 or 3 While any version of the Pi can be used for pen testing, the more processing power you’ve got, the better. But you can still pen test with an older Pi. Wi-Fi dongle £6.00 Even if you’re using a Raspberry Pi 3, you’ll need to use an external USB Wi-Fi dongle, as the on-board wireless is unsuitable for pen testing. RAVPower rechargeable battery pack £21 Various portable power solutions are available for the Raspberry Pi, from DIY battery packs to rechargeable battery solutions with a full day’s charge – ideal for evaluating wireless access point security! Touchscreen  Display  / £57 You can interact with your pen-testing Pi over SSH, but for the best results a display is advisable, so you can easily launch testing tools and…

I chose the Pi 3 because I wanted the flexibility to add new components When did you decide you wanted to build a terrarium? I’d built my terrarium to grow tropical plants, but soon realised that it couldn’t maintain a stable temperature. The bulbs provided enough heat, and I had a cooling system for when it got too warm – the problem was, the cooling needed to run almost continuously on hot days but hardly at all on cold days. All the terrarium controllers on the market were either mechanical timers or overkill (huge units designed for greenhouses). I needed a simple controller to monitor the conditions, switch mains-powered devices on or off as required, and plot my data onto the Internet Of Things service ThingSpeak. Could you give us…

What you’ll need • PianoHAT • Raspberry Pi Pimoroni has created the PianoHAT, the ultimate mini musical companion for your Raspberry Pi! It is inspired by Zachary Igielman’s PiPiano and made with his blessing. The HAT consists of a dinky eight-key piano add-on, with touch-sensitive keys and LEDs. It can be used for many creative and musical purposes, such as playing music in Python, controlling software synths on your Raspberry Pi, taking control of hardware synthesisers, or unlocking your inner Mozart. This tutorial will show you how to set up the hardware, introduce you to the basic features of the software and show you how to combine these together in Minecraft to create musical blocks and a visualisation of your melodies. You can view a demonstration video here: https://www.youtube.com/watch?v=ezJgXp01MPk 01…

“Xubuntu is built for its speed, and moving around the desktop is lightning quick” RAM 512mb Storage 6GB Specs Based on Ubuntu PAE-compatible processor Very few distros can claim the longevity that Xubuntu has managed to achieve in its years of pleasing users all around the world. While it has never really been touted as one of the premier distros out there, it can certainly boast a fairly hefty user base. That said, the past few updates haven’t necessarily been kind to the distro, with buggy software, bare desktops and problematic installations being relatively common problems brought up in many forums. The recent 16.04 looks to have addressed a lot of these problems on paper, but in use there’s still some work to be done. Installation is one of…

If you’ve ever tried a basic screencast of any command line tools, or of programming in your favourite editor, you may have gotten frustrated after enlarging the font for readability, then running out of space for your displayed code. Screenkey lets you keep your editor or terminal at a more natural size, and pops up a magnified bar displaying everything you type: this is great not just for screencasts, but in the class or lecture room, or for informal demonstrations at meetings and code-ups. Written in Python 2.7 (Python 3 support is on the way), and running with or without system installation, Screenkey’s dependencies are not too onerous. Most can be installed through the package manager including Awesome fonts for display of multimedia key symbols – except slop (SeLect OPeration…

To access FileSilo, please visit www.filesilo.co.uk/linuxuser 01 Follow the instructions on-screen to create an account with our secure FileSilo system, then log in and unlock the issue by answering a simple question about the magazine. You can access the content for free with your issue. 02 If you’re a print subscriber, you can easily unlock all the content by entering your unique Web ID. Your Web ID is the eight-digit alphanumeric code printed above your address details on the mailing label of your subscription copies. It can also be found on your renewal letters. 03 You can access FileSilo on any desktop, tablet or smartphone device using any popular browser (such as Firefox, Chrome or Safari). However, we recommend that you use a desktop to download content, as…

1 Hybrid Tube Amp Meet the first Tube Amp specifically designed for any of the 40-pin versions of the Raspberry Pi. It includes a 24-bit DAC, capable of converting and then streaming music at 192KHz, while an on-board 3.5mm jack makes it easy to connect your favourite pair of headphones and listen to your tunes. 2 Audio Injector Sound Card This Pi board and sound card hybrid adds both audio input and output to your Pi. There are physical modules for seamless control and it removes the need for complicated audio control software. Thanks to its clever build, the Audio Injector can also be used in existing audio setups. 3 RasPiO Analog Zero The Analog Zero fits any 40-pin Raspberry Pi, adding full analog input technology to the board. Users…

Portable applications have carved a niche market for themselves within certain Linux groups for being lightweight and notoriously quick to run, but until now, they’ve failed to hit the mainstream market due to certain compatibility issues and installation problems for some users. Portable app pioneer Orbit Apps may have broken this mould, thanks to the announcement that its ORB portable app packages are now fully compatible with Ubuntu 16.04. We can also confirm that all flavours of Ubuntu will work with portable apps, including Lubuntu, Xubuntu and the increasingly popular UbuntuMATE. ORB is an open-source package format, enabling users to use apps that can be run on-the-fly, without the need for administrator privileges. Through the free ORB Launcher software, ORB also grants capabilities for users to transfer these specialised apps…

“Could you give us an overview of what pfSense is? What are its key features? With over 350,000 active users, pfSense is a popular open source firewall and router distribution that helps you secure networks, both large and small. IT administrators familiar with commercial firewalls will quickly understand how to configure all of the packages and components using the web interface. Those who are just getting started with security will love the short learning curve and rich, easily understood feature set. One of the key features of pfSense is its stateful firewall. The stateful firewall maintains information on open network connections. Monitoring the state of each connection allows all kinds of granular control on a per-rule basis, and provides multiple options to secure a wide variety of protocols. Finally, it…

“Linus Torvalds announced the first Release Candidate of what will become the 4.7 Linux kernel. According to Linus, the new kernel “isn’t a huge release” but is “certainly big enough”. What Linus means is that, while 4.7 doesn’t include whole new subsystems (such as a new filesystem, or architecture port), or major disruptive feature additions, it does include the usual mix of driver changes, architecture updates, networking, and “misc” features. The latter happens to include a fairly significant – but internal to the kernel – set of changes to the VFS (Virtual FileSystem layer) of interest to kernel developers working on filesystems. With the release of Linux 4.7 comes the implied closing of the ‘merge window’ – the period of time during which disruptive changes are allowed to the kernel…

If you suspect your system has been compromised, download and build chkrootkit. This will help you detect rootkits that may have been used to take over your machine. Chkrootkit can be considered as a collection of tools that will help in detecting the presence of rootkits. This can be very useful for Linux system administrators because it is a free and open source utility and is available for various distros, and it has the ability to detect almost all the latest rootkits – this is because of the fact that contributions from pen source contributors are helping to keep it up to date. Please note that chkrootkit uses C and shell scripts to perform a detailed process check, and scans system binaries to detect kit signatures. Upon detection, in most…

“Snort examines network traffic against a set of rules” Search for predefined patterns The patterns are defined as Snort rules. Snort can report its findings in a number of output formats. Some of these formats include syslog, tcpdump, database, alert full, and unified. Unified output is considered as the fastest logging method and hence used widely Command line options Snort comes with a variety of command line options. Some of the options can be specified in the config file instead of the command line. The general rule is that if you are just trying something out, specify the setting at the command line, and if you are planning on keeping the setting for a while, set it in the config file Snort scrutinises each and every packet to see if…

Resources FreeNAS http://www.freenas.org/ Ubuntu http://www.ubuntu.com/ In this tutorial, we are going to work through everything from choosing the right hardware for your NAS, through installing your Linux distribution and connecting from your Linux and non-Linux clients. Linux is incredibly versatile – it runs on a wide range of hardware and has a huge number of different ways of achieving what you are trying to do. Although we will talk about attached storage primarily in this tutorial, once you have a box set up running Linux, it can perform a whole host of other tasks. Before we start, have a think about any hardware you have lying around, your budget, how much storage you need and how important resilience is to the data you are storing. This will help you plan…

Resources A text editor such as Emacs or vi The Go compiler Although functions look like a simple concept, Go makes them more powerful and efficient by introducing additional and unique features. Strictly speaking, a Function is an autonomous entity in a computer program that can have input, output, both of them or none of them. Function declarations in Go start with the func keyword. The single most popular Go function is main() that is declared as follows: About functions Functions are an important element of every programming language. They allow you to break a big program into smaller, manageable parts. Functions need to be as independent from each other as possible. This means that a function must do one job and only one job. If you find yourself writing…

These satellites communicate with ground-based receivers “ In previous articles, we have looked at how to add various types of sensors to the Raspberry Pi to get it to interact with the world around it. One very useful piece of information that your Raspberry Pi could collect is its location on the Earth. It may be very useful to know where you are in order to decide on what action to take. This issue, we will look at adding the functionality of GPS (Global Positioning System) to your Raspberry Pi and how to use it within your own Python code. For those of you who may not have run into GPS before, it is a constellation of 31 satellites orbiting the Earth. Using extremely accurate time systems and some very…

What you’ll need • Raspberry Pi 2 or 3 with Raspbian Jessie • Wi-Fi dongle (if using Raspberry Pi 2) • Display (official 7-inch Touchscreen Display recommended) • Phillips screwdriver • Frame and/or stand (suitable options for the official touchscreen display are available at Pimoroni and other dedicated Pi hardware and accessory suppliers) • Scripts from https://github.com/samuelclay/Raspberry-Pi-Photo-Frame Digital picture frames that displayed a selection of your favourite photos were quite popular for a time, but are now seemingly available only as free gifts when signing up to magazine subscriptions. These tablet-like devices often made for interesting talking points, but were often let down by low memory, a poor user interface, or both. We don’t have to worry about either of those problems with this project. Here we are going to set…

Some useful improvements and bug fixes in an update to the stable branch, remind us it’s been some time since we had a good go at the turn-based war game, Battle For Wesnoth . It’s been around for more than a decade, and has always been there as a standout example of the quality of some free and open source software, but many of us will not have played for a while, and will have missed the accumulation of incremental improvements to campaigns, artwork, music, etc. Installation of the latest stable or developmental releases is usually possible from binary packages, as they make their way through the repositories particularly quickly. We used the Debian Unstable package. If you’re new to Wesnoth, the tutorial will soon get you…

“The way in which the kernel has often dealt with container spaces has been criticised, but with the addition of namespaces, processes can be isolated more easily” After two months of development, the highly anticipated 4.6 release of the Linux kernel is now available for download. Through his release notes, Linus Torvalds discussed that this release was bigger than many previous updates, with an array of new features that have been frequently requested by users. “The 4.6 kernel on the whole was a fairly big release – more commits than we’ve had in a while. But it all felt fairly calm despite that,” noted Torvalds. One said feature is the new distribution file system, named OrangeFS. While it’s comparable to many leading system managers currently out there, it also boasts…

Git, the popular source code management system, has received its third point release. Version 2.8.3 shows numerous bug fixes and over 20 improvements to the stable 2.8 branch that is being used by the majority of the program’s 12-million strong user base. Within the update, users will find fixes and enhancements to many core Git commands, including git send-email, git push, git submodule, ‘git config’, ‘git replace’ and ‘git format-patch- help’. On top of this, there’s some noticeable performance improvements, with better support for the CRAM-MD5 authentication method on-board and ready to use. There’s also an array of small improvements to many of Git’s core test scripts and submodules, which help eradicate many of the problems users were having. Perhaps what will catch the eye of avid Git users are…

While the pfSense software can be installed on a wide range of existing hardware, in its current state it’s currently supported only on x86 and x86-64 architecture. With this in mind, it’s certainly worth checking out the hardware built by pfSense itself. The top of the crop, and one of pfSense’s bestsellers, is the SG-2440 Security Gateway appliance. It features a dual-core Intel Atom processor, with Intel’s QuickAssist technology also on boards to help support a high level of I/O throughput and optimal performance per watt. For the casual user, the SG-2550 can be used to completely configure or rebuild an existing firewall, LAN or WAN router. Plus, with seamless connections to anyone in your business, it’s easy enough to use the pfSense software to closely monitor your SG-2440 and…

Nmap is a widely-used open source tool that supports more than 15 scanning techniques. It can be used by network administrators as well as advanced users. In addition to securing your network, it can also be used for hacking. Nmap is considered to be the world’s leading port scanner, and is a popular part of hosted security tools. Nmap as an online port scanner is able to scan your perimeter network devices and servers from an external perspective; i.e. outside your firewall. It can be used for security scans, to identify what services a host is running, to fingerprint the operating system and applications on a host, discover the type of firewall a host is using, or to do a quick inventory of a local network. It is, in short,…

 OpenSSH is a very popular connectivity tool when it comes to remote login. It encrypts all traffic to eliminate any type of attack. For remote operations, it has ssh, scp and sftp. Key management is done with ssh-add, sshkeygen, and ssh-keysign. From a service-side perspective, it offers sshd and ssh-agent. OpenSSH is a freely available version of the SSH protocol family of tools. “SSH keys allow authentication between two hosts without providing a password. SSH key authentication uses a pair of keys” 01 Install OpenSSH Use the following commands for installing the OpenSSH server and client 02 Configure OpenSSH By editing the main configuration file (/etc/ssh/sshd_config), you can configure the default behaviour of the OpenSSH server application. Using the man page details of sshd_config, you will be able to get…

Resources Iproute2 https://en.wikipedia.org/ wiki/Iproute2 http://bit.ly/1wDV59R The iproute2 Utility Suite includes the following command line utilities: ss, ip, rtmon, tc, lnstat, nstat, bridge, rtacct, routel and routef. Each utility comes with its own manual page that you can use to learn more about the various options of a command. It is helpful to know that two types of network traffic exist: inbound traffic and outbound traffic. The manipulation of network traffic is called traffic shaping. The iproute2 Utility Suite offers tools that, among other things, let you control network traffic. Additionally, iproute2 includes tools that can help you inspect your current network configuration. Please have in mind that testing traffic-shaping rules and changing the configuration of network interfaces should never take place on a production machine or network. 01 General info…

While the GPS receiver connected to your Raspberry Pi can give you your exact coordinates, most people cannot process latitudes and longitudes in any intuitive way. Luckily, there are several services available on the internet, called geolocation services, that can help translate these coordinates to another form that is more intuitive. You will need to install the relevant Python module on Raspbian, with the command The core part of the geopy module is the concept of a geocoder. There are prebuilt subclasses for services like Google, Yahoo and Bing. You can use whichever is your favourite one. In the following examples, we will use the Nominatim geocoder for the OpenStreetMap geolocation service. To start with, you can create a geocoder with Normally, most people use this to find the coordinates…

Welcome to part one of a special robotics series. We will equip you with everything you need to know to make your own Raspberry Pi robot. In this first part we break down a robot into all its component parts and give you an insider’s perspective on batteries, motors, input controllers and more. What exactly is a ‘robot’? A robot is considered to be any machine that can perform a task or series of tasks, either autonomously once programmed or with direct instruction. Robots come in many shapes and sizes – they can be used for manufacturing, for search and rescue, and for just having fun and seeing what you can create. The hobbyist creations we saw at Pi Wars recently were wheeled or tracked, disconnected from any wires, and…

If there’s one thing we love, it’s little utilities – especially command line ones – that provide missing pieces of functionality for your system, and do it well. downtimed keeps a record of all system downtime, providing all or the most recent to you with the commands downtimes and downtime – a counterpart to the uptime command. You’ve probably already got downtimed 0.6.x in your distro’s repository. This 1.0 release changes little, rather it is a reflection of the app’s stability – and the fact it won’t need much changing, save when systems change. downtimed runs on GNU/Linux and GNU/ Hurd, various BSDs, and most flavours of Solaris, as well as MacOS X. These flavours of Unix all have slightly different ways of recording start-up (with downtimed recording its own…

“Having your own dedicated server will give you maximum performance; our UK servers typically include same-day activation” Featured host:   0845 527 9345 About us Cyber Host Pro are committed to provide the best cloud server hosting in the UK; we are obsessed with automation and have been since our doors opened 15 years ago! We’ve grown year on year and love our solid growing customer base who trust us to keep their business’s cloud online! If you’re looking for a hosting provider who will provide you with the quality you need to help your business grow then contact us to see how we can help you and your business! We’ve got a vast range of hosting solutions including reseller hosting and server products for all business sizes. What we…