JDPFu.com 2025

11/2018 Update

For Ubuntu 18.04, the commands have changed for network setup thanks to netplan, but the major ideas are still the same.
Hammond is active on the Ubuntu Forums. He has many server setup guides

6/2016 Update

Nothing major, just minor tweaks and a few details added.

4/2015 Update

Seems that lots of people are interested in extremely basic security of Linux systems and would like to see what others do initially on their fresh servers or VMs. So, I did a little googling (DRY, right?) to see what a few others are doing and to compare that with my setup steps. We all come from different places, backgrounds, and have different things we want out of our servers.

This is about basic, first-pass security, not securing Apache, MySQL, Tomcat, email, or any webapp. The box has an ssh-server, known login, DHCP IP and is ready for other stuff. That is our starting point.

Let’s get started.

If you want to boot from an ISO on the HDD, grub2 supports that. There is probably something related to the installed OS supporting it too – Ubuntu 12.04 does.

/etc/grub.d/40_custom contains:

#!/bin/sh

exec tail -n +3 $0

\# This file provides an easy way to add custom menu entries.  Simply type the

\# menu entries you want to add after this comment.  Be careful not to change

\# the ‘exec tail’ line above.

menuentry “Fedora 20 LXDE (i686 bit)” {

    set isoname=“Fedora-Live-LXDE-i686-20-1”

    set isofile=“/ISO/${isoname}.iso”

    loopback loop (hd0,5)$isofile

    linux (loop)/isolinux/vmlinuz0 root=live:CDLABEL=${isoname} rootfstype=auto ro rd.live.image quiet rhgb rd.luks=0 rd.md=0 rd.dm=0 iso-scan/filename=${isofile}

    initrd (loop)/isolinux/initrd0.img

}

A few notes:

• The loopback line (hd0,5) correlates to /dev/sda5. It cannot be encrypted.
• The /ISO part of the location is just a directory off / on the partition.
• Different distro ISO files have different internal layouts which determines the linux and initrd locations.
• After saving the update for your specific needs, run sudo update-grub

For internal layouts of other distro ISO files, this AskUbuntu article has examples. Could be very handy.

Got a Google Chromecast for Xmas. Played with it for about 2 hrs, then unplugged it. Seems the things I wanted to use it for … youtube streaming … isn’t supported.

Update Feb 2014: In the last few days, the Chromecast has become useful to some level here. It is still mainly useful to people with Netflix and HuluPlus Paid subscriptions, but there is hope.

Let me explain.

How can I determine which program is using an open port?

This question comes up all the time on forums and at LUG meetings. As usual, with Linux there are 100 different, correct answers. Here are two more of different capability.

lsof

sudo lsof -l -P|grep LISTEN

lsof – list open files. Requires admin-level access. Running it without sudo will show this.
grep – look for specific things in the output.

On most desktop systems, I’d expect to see only ntpd, sshd and cupsd in the list. Might see smbd and rpc.statd (NFS) too if those were setup.

netstat

Another option:

netstat --all --program|egrep -v unix|more

So, how else can we find which programs are using open ports?

From time to time, we all need to migrate our systems from 1 machine to another. With Linux, often it is possible to swap the old HDD into the newer machine to get that accomplished. Sometimes that is not an option and we need to migrate the data, settings and installed programs some other way.

A few options to accomplish this are below. This is an APT package manager solution. Other Linux package managers should work in a similar way, just replace the dpkg commands with whatever the package manager needs for your specific system.

For a few years now, Linux installations have offered to encrypt our HOME directories as part of the installation. On portable devices, this is a great idea – after all, the risk of loss or stolen equipment on a portable device is real.

Portable Devices NEED Encryption

For a while, I ran virtual machines on a laptop inside a Truecrypt partition. Encryption is good for some things, but doing it badly does still happen. I still use Truecrypt on my laptops.

I must be stupid. At least that is how I felt trying to play local music on my Nexus4.
I listen to books-on-tape all the time … walking, in the car, road trips … I’m listening to a book almost always. At home, my stereos have links to a CD collection that took me 6 months to rip doing 2-10 CDs a day. The CDs are safely stored in a box somewhere, but the ripped files are on the network and I copy over Best of to portable devices as desired.

Found a reasonable list of the Best Linux Apps . While I do not agree with all of them, many are my favorites too.

In the editor section, I would add geany. It is like Notepad+ on Windows, but cross-platform. Syntax highlighting for many languages, spell check plugin, and many other IDE features without the bloat of a typical IDE. Functions, classes, method completion … are covered.

Take a look – perhaps one of the options will fill a need for you too?

When installing, be careful about apps with too many dependencies. Is it really worth loading almost all of KDE to have 1 app?

Update 4/2015
For Ubuntu 14.04 and later, FreeNX use has stopped. We switched over to x2go and have been using it daily from local and intercontinental remote locations to access 14.04 remote desktops. It has been performing better than FreeNX did with only a minor issue – only 1 remote desktop can be displayed concurrently on a client machine. That isn’t a big issue for us, but it could be for others.

In short s/freenx/x2go-server/g and s/nxclient/x2go-client/g for the remainder of this article. Hope that is clear.

Original Article

Below is a sample way to setup and use KVM with virt-manager as the VM management client for your consideration. It is not a How-To, rather it shows how the peices fit between local and remote and the hostOS vs clientOSes running inside virtual machines. I hope this diagram helps.

Installed Ubuntu 13.10 x86 under an ubuntu 12.04 KVM server.

Installation

VM Settings:

• 1G of RAM
• 500MB swap
• 10G of ext4 for /
• Cirrus video – 9MB

Install started at : 08:43:54 EDT 2013
Install ended at : 08:58:07 EDT 2013
Reboot.
forgot to remove the installation ISO file – remove and reboot again. ;)
Login.

About 15 minutes to install a full desktop OS? What is not to like?