In Linux it is possible to aggregate multiple network links together into a single logical link which can either increase network throughput or redundancy. For example we can assign an IP address to a group of two network interfaces to double our throughput, or reserve one interface for backup purposes so if the first one fails we can fail over.
Here we’re going to cover how to create and configure a network team with two different network interfaces.
In the past many system administrators have simply resorted to disabling IPv6 rather than properly configuring it, continuing to rely on the older IPv4 which has worked just fine for a very long time. As the IPv4 address space has since become exhausted, administrators are starting to slowly take up IPv6 out of necessity.
Here we’re going to cover how to configure IPv6 addressing in Linux and provide some basic tips and advice for troubleshooting IPv6 network issues.
Here we cover how to add a banner message in the GNOME Display Manager (GDM), this message will display in the graphical user interface (GUI) prior to a user logging in.
Here we’re going to take a look at configuring two Squid proxy servers to forward requests from an internal network with no connectivity to the Internet out to a DMZ network and then onto the Internet if required.
The configuration will allow us to select which domains should or should not be forwarded on to the next proxy server, allowing requests that are destined for domains within the internal network to not be forwarded to the next Squid proxy, while other requests to the DMZ network or the Internet will be forwarded to the next proxy.
By default when you plug in an external USB storage device into a computer running Linux it will automatically mount, allowing the user to access the contents.
This behaviour can be less than ideal from a security perspective, as it can allow an attacker to copy confidential files, or allow a user to run a malicious script stored on the USB device for example.
With some simple configuration changes we can disable USB storage in Linux for unprivileged users.
The XFS file system generally does a pretty good job at keeping itself clean and tidy, however it can still get fragmented over time. Here we’re going to show you how to check the level of fragmentation in place on your XFS file system and how you can defragment it if required, further increasing disk performance.
Have you ever wanted to view a list of all files or subdirectories within a directory in Linux and order them by when they were last changed or modified? Then you have come to the right place! Here we are going to provide and explain some useful commands that when piped together will give us this result, allowing us to recursively list files and directories by date.
This is one of my favourite commands to use when trying to build a timeline of events, for instance if a server or website has been compromised and you want to see when files have been modified with malicious content. By seeing other files that were modified around the same time you can get a better idea of what took place and when, allowing you to correlate these events with your logs.
There are many different services such as Kerberos that depend on the time of a Linux system being accurate in order to function correctly. It is therefore important to ensure that system time is synchronized with an external source so that it can be kept accurately up to date, this is done with the network time protocol (NTP).
Here we are going to cover how to configure chronyd or ntpd in Linux to connect to an NTP server and keep time in sync. Read more »
By default SELinux policy defines the ports that a particular service is allowed bind to and make use of with port labeling. This increases system security by preventing random services or malicious code from being able to bind to a well known defined port that may otherwise be used by a legitimate service.
In order to change a service to use a non standard port we must change SELinux policy and specify the SELinux port types that are allowed to use specific ports.
Most web pages don’t serve only simple static content, they typically process and display all sorts of different dynamically generated contents. This is usually done via scripting, whereby the web server will process and execute a script and the result will be displayed to the user.
While CGI (Common Gateway Interface) is fairly old it does allow the web server to execute various types of scripts. Scripts such as PHP, Perl or Python can be used for example, allowing us to combine the power of scripting into our web pages.