Category Archive Linux

Top 10 Linux GUI tools that can make life much easier for a Linux administrator

Linux has become a know how, if you are a system administrator working in a larger environment. Security teams have been deployed by large organizations to keep an eye on vulnerabilities in their systems and take corrective or preventive action as suitable.

In the recent times, many organizations have migrated from Windows, where everything is regulated with a point-and-click GUI. Thankfully, Linux has plenty of GUI tools that can help you keep away from the command line. Linux-based security tools and distributions can be used for penetration testing, reverse engineering, forensics and so on.

Here’s a look at some of the good 10 GUI tools that can make your Linux sysadmin tasks simpler.

1. MySQL Workbench

MySQL Workbench is a visual database design tool that integrates SQLdevelopment, administration, database design, creation and maintenance into a single integrated development environment for the MySQL database system. MySQL Workbench is one of the best tools for working with MySQL databases. Besides managing databases, it also helps you design, develop, and administer MySQL databases. There is a new addition to the MySQL Workbench set of tools, which is the ability to easily migrate Microsoft Access, Microsoft SQL Server, PostgreSQL, Sybase ASE, and other RDBMS tables, objects, and data to MySQL, that alone makes MySQL Workbench worth using.

2. cPanel

cPanel is a Linux based web hosting control panel that provides a GUI and automation tools designed to simplify the process of hosting a web site. It allows you to configure sites, customers’ sites and services, and a lot more. You can also use this tool to configure/manage mail, apps, security, files, domains, apps, databases, logs and many more. However, the only flipside is that cPanel is not available for free. You need to pay to use cPanel.

3. Shorewall

Shorewall is an open source firewall tool for Linux that builds upon the Netfilter (iptables/ipchains) system built into the Linux kernel, making it easier to manage more complex configuration schemes by providing a higher level of abstraction for describing rules using text files. Shorewall is one of the best tops for the server. This security GUI allows you to configure gateways, traffic controlling, VPNs, blacklisting, and much more.

4. Webmin

Webmin is a web-based configuration tool for administering Linux servers. The recent versions can also be installed and run on Windows. Using this tool, you can configure operating system internals, such as users, disk quotas, services or configuration files, as well as modify and control open source apps, such as the Apache HTTP Server, PHP or MySQL. If the default installation does not include what you need, then a large number of third-party modules are available to take up the slack.

5. Apache Directory

Apache Directory is an open source project of the Apache Software Foundation. Though it is designed particularly for Apache Directory Server, it is the only solid GUI tool for managing any LDAP server. It is an Eclipse RCP application and can serve as your LDAP browser, ApacheDS configuration editor, schema editor, ACI editor, LDIF editor and more. The app also contains the latest ApacheDS, which means you can use it to create a DS server in no time.

6. YaST

YaST (Yet another Setup Tool) is a Linux operating system setup and configuration tool for enterprise-grade SUSE and openSUSE. With this all easy-to-use, attractive GUI, you can configure network, hardware, services and tune system security. By default, YaST is installed in all SUSE and openSUSE platforms.

7. Cockpit

Red Hat created Cockpit to make server administration easier. You can handle tasks like journal inspection, storage administration, multiple server monitoring, and starting/stopping services with this web-based GUI. Cockpit will run on Arch Linux, Red Hat Enterprise Linux, Fedora Server, Fedora Atomic, and CentOS Atomic.

8. CUPS

CUPS (an acronym for Common Unix Printing System) is a modular printing system for Unix-like computer operating systems which allows a computer to act as a print server. A computer running CUPS is a host that can accept print jobs from client computers, process them, and send them to the appropriate printer. It is also possible to enable remote administration and Kerberos authentication. The good part about the GUI is its built-in help system using which you can learn almost everything that you need to manage your print server.

9. Zenmap

Zenmap is the official Nmap Security Scanner GUI. It is a multi-platform (Linux, Windows, Mac OS X, BSD, etc.) free and open source application which aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. Frequently used scans can be saved as profiles to make them easy to run repeatedly. Scan results can be saved and viewed later. Even though you may not use this tool to directly administer your system, it will become invaluable in the quest for discovering network-related issues.

10. phpMyAdmin

phpMyAdmin is a free and open source tool written in PHP intended to handle the administration of MySQL with the use of a web browser. It can perform various tasks such as creating, modifying or deleting databases, tables, fields or rows; executing SQL statements; or managing users and permissions. You can create and manage MySQL databases with phpMyAdmin via a standard web browser. It means you can install phpMyAdmin on a headless Linux server and connect to it through any browser that has access to the machine.

The above GUI tools are taken in a random manner. If you are a SysAdmin working on Linux workstations, kindly put your favourite GUI in the comments section below.

mount and unmount iso images in linux

An ISO image or .iso (International Organization for Standardization) file is an archive file that contains a disk image called ISO 9660 file system format. Every ISO file have .ISO extension has defined format name taken from the ISO 9660 file system and specially used with CD/DVD Rom’s. In simple words an iso file is a disk image.

This article describes how to mount and unmount an ISO image on a Linux Operating system to access and list the content of files.

How to Mount an ISO Image

To mounting an ISO image on Linux (RedHatCentOSFedora or Ubuntu), you must be logged in as “root” user or switch to “sudo” and run the following commands from a terminal to create a mount point.

# mkdir /mnt/iso
OR
$ sudo mkdir /mnt/iso

Once you created mount point, use the “mount” command to mount an iso file called “Fedora-18-i386-DVD.iso“.

# mount -t iso9660 -o loop /home/norbertk/Fedora-18-i386-DVD.iso /mnt/iso/
OR
$ sudo mount -t iso9660 -o loop /home/norbertk/Fedora-18-i386-DVD.iso /mnt/iso/

After the ISO image mounted successfully, go the mounted directory at /mnt/iso and list the content of an ISO image. It will only mount in read-only mode, so none of the files can be modified.

# cd /mnt/iso
# ls -l

You will see the list of files of an ISO image, that we have mounted in the above command. For example, the directory listing of an Fedora-18-i386-DVD.iso image would look like this.

total 16
drwxrwsr-x  3 root 101737 2048 Jan 10 01:00 images
drwxrwsr-x  2 root 101737 2048 Jan 10 01:00 isolinux
drwxrwsr-x  2 root 101737 2048 Jan 10 01:00 LiveOS
drwxrwsr-x 28 root 101737 4096 Jan 10 00:38 Packages
drwxrwsr-x  2 root 101737 4096 Jan 10 00:43 repodata
-r--r--r--  1 root root   1538 Jan 10 01:00 TRANS.TBL

How to Unmount an ISO Image

Simply run the following command from the terminal either “root” or “sudo” to unmount an mounted ISO image.

# umount /mnt/iso
OR
$ sudo umount /mnt/iso
Where Options
  1. -t : This argument is used to indicate the given filesystem type.
  2. ISO 9660 : It describes standard and default filesystem structure to be used on CD/DVD ROMs.
  3. -o : Options are necessary with a -o argument followed by a separated comma string of options.
  4. loop: The loop device is a pseudo-device that often used for mounting CD/DVD ISO image and makes those files accessible as a block device.

Oracle Linux 7 version for the Raspberry pi

Some time ago the people from the Oracle Linux team have taken the time to build a Oracle Linux 7 version for the Raspberry pi. The Raspberry Pi is a series of small single-board computers developed in the United Kingdom by the Raspberry Pi Foundation to promote the teaching of basic computer science in schools and in developing countries. The original model became far more popular than anticipated, selling outside its target market for uses such as robotics. It does not include peripherals (such as keyboards, mice and cases).

The operating system you use will have to be placed on a single Micro SD card. Using a mac the below command was useful to place the downloaded Oracle Linux 7 distribution for the Raspberry Pi on the Micro SD card:

sudo dd bs=1m if=/var/tmp/rpi3-ol7.3-image.img of=/dev/disk2 conv=sync

If you face the issue of the below error, you most likely have mounted the SD card to your operating system. You will have to unmount it (via the disk utility app) and retry the command. Do note this could take some time to complete.

dd: /dev/disk2: Resource busy

A bit of care is needed when executing the command. If your Micro SD card is NOT mounted on /dev/disk2 you might run into the issue that you damage an existing other disk. Meaning, you need to check if /dev/disk2 is indeed the SD card in your case. Using a Mac you can use the below command to check your disks:

diskutil list

When your dd command is finished and you place the SD card in your Raspberry Pi and start it you should end up with a running Oracle Linux 7 operating system on your Raspberry Pi.

How to Install and Enable Bash Auto Completion in CentOS/RHEL

Crontab – Quick Reference

Setting up cron jobs in Unix, Solaris & Linux

cron is a unix, solaris, Linux utility that allows tasks to be automatically run in the background at regular intervals by the cron daemon. 

cron meaning – There is no definitive explanation but most accepted answers is reportdly from Ken Thompson ( author of unix cron ), name cron comes from chron ,the Greek prefix for ‘time.’.
What is cron ? – Cron is a daemon which runs at the times of system boot from /etc/init.d scripts. If needed it can be stopped/started/restart using init script or with command service crond start in Linux systems.

This document covers following aspects of Unix, Linux cron jobs to help you understand and implement cronjobs successfully

  1. What is crontab?
  2. What is a cron job or cron schedule?
  3. Crontab Restrictions
  4. Crontab Commands
  5. Crontab file – syntax
  6. Crontab Example
  7. Crontab Environment
  8. Disable Email
  9. Generate log file for crontab activity
  10. Crontab file location

1. What is crontab?

Crontab (CRON TABle) is a file which contains the schedule of cron entries to be run and at specified times. File location varies by operating systems, See Crontab file location at the end of this document.

2.What is a cron job or cron schedule?

Cron job or cron schedule is a specific set of execution instructions specifing day, time and command to execute. crontab can have multiple execution statments.

3. Crontab Restrictions

You can execute crontab if your name appears in the file /usr/lib/cron/cron.allow. If that file does not exist, you can use
crontab if your name does not appear in the file /usr/lib/cron/cron.deny.
If only cron.deny exists and is empty, all users can use crontab. If neither file exists, only the root user can use crontab. The allow/deny files consist of one user name per line.

4. Crontab Commands

export EDITOR=vi ;to specify a editor to open crontab file.

crontab -e    Edit crontab file, or create one if it doesn’t already exist.
crontab -l    crontab list of cronjobs , display crontab file contents.
crontab -r    Remove your crontab file.
crontab -v    Display the last time you edited your crontab file. (This option is only available on a few systems.)

5. Crontab file

Crontab syntax :
A crontab file has five fields for specifying day , date and time followed by the command to be run at that interval.

*     *     *   *    *        command to be executed
-     -     -   -    -
|     |     |   |    |
|     |     |   |    +----- day of week (0 - 6) (Sunday=0)
|     |     |   +------- month (1 - 12)
|     |     +--------- day of        month (1 - 31)
|     +----------- hour (0 - 23)
+------------- min (0 - 59)

* in the value field above means all legal values as in braces for that column.
The value column can have a * or a list of elements separated by commas. An element is either a number in the ranges shown above or two numbers in the range separated by a hyphen (meaning an inclusive range).
Notes
A. ) Repeat pattern like /2 for every 2 minutes or /10 for every 10 minutes is not supported by all operating systems. If you try to use it and crontab complains it is probably not supported.

B.) The specification of days can be made in two fields: month day and weekday. If both are specified in an entry, they are cumulative meaning both of the entries will get executed .

6. Crontab Examples

A line in crontab file like below removes the tmp files from /home/someuser/tmp each day at 6:30 PM.

30     18     *     *     *         rm /home/someuser/tmp/*

Changing the parameter values as below will cause this command to run at different time schedule below :

min hour day/month month day/week Execution time
30 0 1 1,6,12 * — 00:30 Hrs  on 1st of Jan, June & Dec.
0 20 * 10 1-5 –8.00 PM every weekday (Mon-Fri) only in Oct.
0 0 1,10,15 * * — midnight on 1st ,10th & 15th of month
5,10 0 10 * 1 — At 12.05,12.10 every Monday & on 10th of every month
:

Note : If you inadvertently enter the crontab command with no argument(s), do not attempt to get out with Control-d. This removes all entries in your crontab file. Instead, exit with Control-c.

7. Crontab Environment

cron invokes the command from the user’s HOME directory with the shell, (/usr/bin/sh).
cron supplies a default environment for every shell, defining:
HOME=user’s-home-directory
LOGNAME=user’s-login-id
PATH=/usr/bin:/usr/sbin:.
SHELL=/usr/bin/sh

Users who desire to have their .profile executed must explicitly do so in the crontab entry or in a script called by the entry.

8. Disable Email

By default cron jobs sends a email to the user account executing the cronjob. If this is not needed put the following command At the end of the cron job line .

>/dev/null 2>&1

9. Generate log file

To collect the cron execution execution log in a file :

30 18 * * * rm /home/someuser/tmp/* > /home/someuser/cronlogs/clean_tmp_dir.log

10. Crontab file location

User crontab files are stored by the login names in different locations in different Unix and Linux flavors. These files are useful for backing up, viewing and restoring but should be edited only with crontab command by the users.

  • Mac OS X
    /usr/lib/cron/tabs/
  • BSD Unix 
    /var/cron/tabs/
  • Solaris, HP-UX, Debian, Ubuntu
    /var/spool/cron/crontabs/
  • AIX, Red Hat Linux, CentOS, Ferdora
    /var/spool/cron/

Modify Ubuntu ens network interface card to eth0

  1. Display current interface cards and verify that eth0 doesnt exist:
    ifconfig -a
  2. Edit grub file configuration to disable new naming convention
    vim /etc/default/grub
  3. Look for GRUB_CMDLINE_LINUX= include the following net.ifnames=0 biosdevname=0″
    From:
    GRUB_CMDLINE_LINUX=””
    To
    GRUB_CMDLINE_LINUX=”net.ifnames=0 biosdevname=0″
  4. Save and exit the file
  5. Reload grub config file:
    update-grub
  6. Edit interfaces file
    vim /etc/network/interfaces
    From:
    # The primary network interface
    auto ens16
    iface ens16 inet dhcpTo:
    # The primary network interface
    auto eth0
    iface eth0 inet dhcp
  7. Reboot your machine/Restart networking service

3 Linux Network Monitors

Learn more about your network connections with the iftop, Nethogs, and vnstat tools.

You can learn an amazing amount of information about your network connections with these three glorious Linux networking commands. iftop tracks network connections by process number, Nethogs quickly reveals what is hogging your bandwidth, and vnstat runs as a nice lightweight daemon to record your usage over time.

iftop

The excellent iftop listens to the network interface that you specify, and displays connections in a top-style interface.

This is a great little tool for quickly identifying hogs, measuring speed, and also to maintain a running total of your network traffic.

If you have just one network interface, run iftop with no options. iftop requires root permissions:

$ sudo iftop

When you have more than one, specify the interface you want to monitor:

$ sudo iftop -i wlan0

Just like top, you can change the display options while it is running.

  • h toggles the help screen.
  • n toggles name resolution.
  • s toggles source host display, and d toggles the destination hosts.
  • s toggles port numbers.
  • N toggles port resolution; to see all port numbers toggle resolution off.
  • t toggles the text interface. The default display requires ncurses. I think the text display is more readable and better-organized (Figure 1).
  • p pauses the display.
  • q quits the program.

text display

Figure 1: The text display is readable and organized.
When you toggle the display options, iftop continues to measure all traffic. You can also select a single host to monitor. You need the host’s IP address and netmask. I was curious how much of a load Pandora put on my sad little meager bandwidth cap, so first I used dig to find their IP address:
$ dig A pandora.com
[...]
;; ANSWER SECTION:
pandora.com.            267     IN      A       208.85.40.20
pandora.com.            267     IN      A       208.85.40.50

 

$ sudo iftop -F 208.85.40.20/24 -i wlan0

Is that not seriously groovy? I was surprised to learn that Pandora is easy on my precious bits, using around 500Kb per hour. And, like most streaming services, Pandora’s traffic comes in spurts and relies on caching to smooth out the lumps and bumps.

You can do the same with IPv6 addresses, using the -G option. Consult the fine man page to learn the rest of iftop’s features, including customizing your default options with a personal configuration file, and applying custom filters (see PCAP-FILTER for a filter reference).

Nethogs

When you want to quickly learn who is sucking up your bandwidth, Nethogs is fast and easy. Run it as root and specify the interface to listen on. It displays the hoggy application and the process number, so that you may kill it if you so desire:

$ sudo nethogs wlan0

NetHogs version 0.8.1

PID USER   PROGRAM              DEV    SENT   RECEIVED       
7690 carla /usr/lib/firefox     wlan0 12.494 556.580 KB/sec
5648 carla .../chromium-browser wlan0  0.052   0.038 KB/sec
TOTAL                                 12.546 556.618 KB/sec 

Nethogs has few options: cycling between kb/s, kb, b, and mb, sorting by received or sent packets, and adjusting the delay between refreshes. See man nethogs, or run nethogs -h.

vnstat

vnstat is the easiest network data collector to use. It is lightweight and does not need root permissions. It runs as a daemon and records your network statistics over time. The vnstatcommand displays the accumulated data:

$ vnstat -i wlan0
Database updated: Tue Oct 17 08:36:38 2017

   wlan0 since 10/17/2017

          rx:  45.27 MiB      tx:  3.77 MiB      total:  49.04 MiB

   monthly
                     rx      |     tx      |    total    |   avg. rate
     ------------------------+-------------+-------------+---------------
       Oct '17     45.27 MiB |    3.77 MiB |   49.04 MiB |    0.28 kbit/s
     ------------------------+-------------+-------------+---------------
     estimated        85 MiB |       5 MiB |      90 MiB |

   daily
                     rx      |     tx      |    total    |   avg. rate
     ------------------------+-------------+-------------+---------------
         today     45.27 MiB |    3.77 MiB |   49.04 MiB |   12.96 kbit/s
     ------------------------+-------------+-------------+---------------
     estimated       125 MiB |       8 MiB |     133 MiB |

By default it displays all network interfaces. Use the -i option to select a single interface. Merge the data of multiple interfaces this way:

$ vnstat -i wlan0+eth0+eth1

You can filter the display in several ways:

  • -h displays statistics by hours.
  • -d displays statistics by days.
  • -w and -m displays statistics by weeks and months.
  • Watch live updates with the -l option.

This command deletes the database for wlan1 and stops watching it:

$ vnstat -i wlan1 --delete

This command creates an alias for a network interface. This example uses one of the weird interface names from Ubuntu 16.04:

$ vnstat -u -i enp0s25 --nick eth0

By default vnstat monitors eth0. You can change this in /etc/vnstat.conf, or create your own personal configuration file in your home directory. See man vnstat for a complete reference.

You can also install vnstati to create simple, colored graphs (Figure 2):

$ vnstati -s -i wlx7cdd90a0a1c2 -o vnstat.png

vnstati

Figure 2: You can create simple colored graphs with vnstati.

See man vnstati for complete options.

Linux Rename Eth0 Network Interfaces

The best way to rename Ethernet devices is through udev. It is the device manager for the Linux kernel. Primarily, it manages device nodes in /dev. It is the successor of devfs and hotplug, which means that it handles /dev directory and all user space actions when adding/removing devices, including firmware load.

The order of the network interfaces may be unpredictable under certain configurations. Between reboots it usually stays the same, but often after an upgrade to a new kernel or the addition or replacement of a network card (NIC) the order of all network interfaces changes. For example, what used to be rl0 now becomes wlan0 or what used to be eth0 now becoems eth2 or visa versa.

Step #1: Find out the MAC address of the Ethernet device

Type the following command:
# ifconfig -a | grep -i --color hwaddr
Sample outputs:

eth0      Link encap:Ethernet  HWaddr b8:ac:6f:65:31:e5  
pan0      Link encap:Ethernet  HWaddr 4a:71:40:ed:5d:99  
vmnet1    Link encap:Ethernet  HWaddr 00:50:56:c0:00:01  
vmnet8    Link encap:Ethernet  HWaddr 00:50:56:c0:00:08  
wlan0     Link encap:Ethernet  HWaddr 00:21:6a:ca:9b:10 

Note down the MAC address.

Step #2: Rename eth0 as wan0

To rename eth0 as wan0, edit a file called 70-persistent-net.rules in /etc/udev/rules.d/directory, enter:
# vi /etc/udev/rules.d/70-persistent-net.rules
The names of the Ethernet devices are listed in this file as follows:

# PCI device 0x14e4:0x1680 (tg3)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="b8:ac:6f:65:31:e5", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"

Locate and identify the line with the NIC from step 1 (look for the MAC address). It may look like above. In this example, the interface eth0 will be renamed to wan0 (change NAME="eth0" to NAME="wan0"):

# PCI device 0x14e4:0x1680 (tg3)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="b8:ac:6f:65:31:e5", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="wan0"

Save and close the file. Reboot the system to test changes:
# reboot
Verify new settings:
# ifconfig -a
# ifconfig wan0
# ifconfig -a | less
# ip addr show