Linux Articles

Cheat Sheet / Updated 11-01-2022

Linux can fulfill almost any need you have for the operating system on a desktop computer, but you must be able to tell it what you want to do in a way that it understands. You need to know common commands and how to access the help pages.

Cheat Sheet / Updated 04-25-2022

To get Ubuntu Linux up and running, get help provided in the Boot Prompt Function Keys section and take advantage of the straightforward, helpful commands.

Cheat Sheet / Updated 02-14-2022

Linux can seem like a very daunting environment. But it doesn’t have to be! With the two topics in this cheat sheet—the commands you’ll use on a daily basis and the useful help pages—you can easily navigate your Linux environment.

Article / Updated 11-01-2020

Simplicity has become the hallmark of the GNOME 3 desktop environment for Linux. There aren't any long menus from which you need to select things from, nor do you need to go digging through folders looking for files, but getting comfortable with the new interface may take some time. This discussion walks through the basic features of the GNOME 3 desktop so you can maneuver your way around. Menus, please! At the top of the GNOME 3 desktop is a panel (called the top bar) that when the desktop first opens, contains just three menu selections, as shown. The three menu items are Activities Calendar and notifications System menu The following sections walk through what each of these menus contains. The GNOME Activities menu The Activities menu is how you get to your applications, and check the status of any running applications. You can open the Activities menu using three different methods: Click the Activities menu item in the top bar. Move your mouse pointer to the top-left corner of the desktop (some Linux distributions, such as Ubuntu, have this feature disabled). Press the Super key on your keyboard (the Windows logo on PCs). When you open the Activities menu, you see the activities overview layout, as shown. The activities overview provides one-stop shopping for getting to all your applications, and viewing the status of any applications already running on the desktop. It consists of three main items: The dash The windows overview The workspace selector The Calendar menu The Calendar menu item produces what you'd expect — a calendar, as shown. But wait, there's more! To the left of the calendar is the notification area. The notification area displays any upcoming calendar events that you have scheduled. GNOME 3 allows you to sync your calendar with an online calendar from many popular applications, such as Google, Facebook, and Microsoft, providing a great way to see all your calendar events in one place! Besides keeping up with your appointments, the notification area also displays any messages produced by the system, such as when there are upgrades and patches available to install, or whether your system is running low on disk space. The Do Not Disturb slider allows you to disable system messages from popping up on your desktop. The system menu At the far right-hand end of the top bar is the system menu. The system menu displays icons showing the status of several features on your system, depending on what hardware is available on your system. This menu is highly customizable, and often differs slightly between different Linux distributions. The system menu options could include: A network connection status A sound card status A display brightness setting A battery status The status of the logged-in user The reboot options To get to these menu options, click the down arrow icon in the system menu. A drop-down menu of system options appears, as shown. If your PC has a sound card, you can adjust the volume or mute the speakers, and if your PC has a display that's dimmable there's also a setting to adjust the display brightness. Next you see a menu that allows you to manage your network connection, if available. If your PC uses a wireless network connection, a drop-down menu allows you to select the wireless network to connect with, along with other network settings. If your PC uses a wired network connection, you see options to disable the network connection, and change the network settings. As part of the system menu, most Linux distributions include an option to get to the system settings — usually as either a menu option, or as an icon at the bottom of the system menu. When you select either option the System Settings dialog box appears. It allows you to customize your desktop experience to your liking. Also in the system menu is an option to manage the currently logged in user account. Some Linux distributions customize this option, so your result may vary from what's shown in Figure 4-4. In Ubuntu, you can only lock the desktop for the current user. Fedora Linux allows you to also log out from this menu, or go to the Settings dialog box for the user account. At the bottom of the system menu is the option to power off or log out of the system. The power off menu option provides another menu, allowing you to choose to either restart, shut down, or suspend the system. Application menu While I mentioned that only three menus are visible in the top bar by default, a fourth menu appears at times. When you launch an application in the GNOME 3 desktop, a separate menu appears in the top bar. This is the application menu, which contains options related to the application. Instead of placing the application menu in the application's window title bar, GNOME 3 placed it in the top bar, separate from the application window. This can take some getting used to. The options available in the application menu differ depending on the application that you have open on the desktop. Most applications provide options to allow you to open a new window of the application, or quit the existing window. Some applications also provide other application-specific features as well. The desktop In many graphical desktop environments, the desktop is king. Often just about everything you do happens from an icon on the desktop. Have a favorite application? Create an icon on the desktop to launch it. Have a file that you need to open on a daily basis? Create an icon on the desktop to open it. Plug in a new USB stick? The system creates an icon automatically on the desktop to access it. The GNOME 3 paradigm has changed that a bit. Desktop icons are no longer the preferred way to launch applications, store files, or access removable media. In fact, many Linux distributions don't even bother creating any icons on the desktop at all by default! However, if you have trouble breaking old habits, GNOME 3 does still allow you to create and use icons on the desktop. The Ubuntu Linux distribution does create two desktop icons by default: The Home folder: Opens the Files file manager program and defaults to the user account Home folder. The Trash folder: Opens the Files file manager program and defaults to the Trash folder for the user account. You can do a few things from the desktop. Right-click an empty area on the desktop and a pop-up menu opens, as shown. The desktop pop-up menu provides you with a few different choices: New Folder: Create a new folder under your user account's Desktop folder. Paste: Paste any copied files or folders to the desktop. Show Desktop in Files: Open the Desktop folder using the Files file manager program. Open in Terminal: Open the Desktop folder using the Terminal command line interface. Change Background: Modify the picture used for the desktop background. Display Settings: Change the orientation and resolution settings for the display. Settings: Access the Systems setting tool. This gives you quick access to a few of the system settings related to the desktop. Many graphical desktops allow you to create new files by right-clicking the desktop, unfortunately GNOME 3 isn't one of them. If you want to create an icon for a file on your desktop, you need to store the file in the Desktop folder, located in your Home folder, using the Files file manager program.

Article / Updated 11-01-2020

The Ubuntu installation process is one of the simplest in the Linux world. Ubuntu guides you through all the steps required to set up the system, then installs the entire Ubuntu system without prompting you for too much information. You can start the installation process from two locations after you boot from the Live DVD or USB stick: Directly from the boot menu without starting Ubuntu From the Install desktop icon after you start the Ubuntu Live system Both locations start the same installation process, which guides you through several steps of options. To begin the installation from the DVD or USB stick you may first need to change your system to start, or boot, from a DVD or USB stick — many systems today are configured to do this already, so you may not need to make any changes. You need to look at your BIOS settings to determine whether your system can boot from the DVD drive or USB stick. After you have a Live DVD or USB stick in your hand, you can start the installation process. Just follow these steps. 1. Place the Ubuntu Live DVD in the DVD tray of your PC (or plug the USB stick into a USB port), and restart your PC. Your PC then boots from the Ubuntu Live DVD or USB stick, and you see the main Ubuntu Live menu, shown. 2. From the menu, select your language, and then choose either to install Ubuntu directly, or to try out Ubuntu first by running it from the DVD or USB stick. The great feature about the Live versions is that you can test drive Ubuntu without having to mess with your hard drive. This gives you an idea of what'll work and what won't. After you've completed your test drive, if you decide to install Ubuntu, just click the Install icon on the desktop, shown. If you decide to run the install from the main menu, skip to Step 4. 3. Select the language to use for the installation, then click Continue. If you install Ubuntu from the desktop installation icon it asks you again for the default language, shown. Ubuntu uses this language to display text messages during the installation process, plus sets the default language used when the operating system runs. However, this doesn't necessarily mean that all the applications running on the system will use that language. Each individual application may or may not detect the default language configured in Ubuntu. 4. Select a Keyboard, and then click Continue. Next up in the installation process is to identify the keyboard you'll use with the Ubuntu system. While this may sound like a simple option, it can get complicated if you have a keyboard that includes special keys. Ubuntu recognizes hundreds of different keyboard types, and lists them all in the Keyboard Layout window, shown. The Keyboard Layout window lists the different types of keyboards commonly used based on your country. The left-side listing lists countries, and the right-side listing lists the different known keyboard types used in the country selected. Select your country from the left-side listing first, then select your keyboard type from the right-side listing. For most standard keyboards, the Ubuntu installation script automatically detects the correct keyboard and you won't have to do anything. There's also a button to force the installer to attempt to detect your keyboard again if something went wrong the first time. If you have a special keyboard, under the two listings is an area where you can test the keyboard selection. Just type any special or unique characters available on your keyboard to see whether the setting you selected produces the proper characters. 5. Select what software you'd like installed by default in your Ubuntu desktop, and then click Continue. The Ubuntu installer gives you some choices on just what software to install, as shown. The Ubuntu installer gives you two options for the software packages to install: Normal Installation: Includes software for web browsing, office automation (such as word processing and working with spreadsheets), games, and playing audio and video Minimal Installation: Provides a minimal desktop software bundle, which includes only software for web browsing and standard desktop utilities to control your desktop environment For most Ubuntu desktop installations, select the Normal Installation. If you're using an older workstation with a small hard drive you may have to go with the minimal desktop installation and then manually install any other software packages you need. If your PC is connected to a network the installer gives you the option to install any available updates from the Ubuntu software repository now if you prefer. Selecting this option increases the installation time, but it also ensures your Ubuntu desktop software is up to date when you first log in. The last option is to install third-party software. This topic is a bit controversial in the Linux world. Some hardware companies use proprietary drivers so Linux can interact with their hardware. These drivers aren't open source, so many Linux purists prefer not to use them. There are also certain audio and video formats that are proprietary as well, and as you can suspect, these also cause consternation among Linux purists. I'll leave the decision as to whether to select this option to you, but just beware if you choose to not install this bundle your desktop may not work with some of your hardware devices, or be able to play some of the more popular audio and video formats. 6. Select how to install Ubuntu on your hard drive, then click Install Now. This step in the installation is quite possibly the most important, and also the most complicated. Here's where you need to tell the Ubuntu installer exactly where to place the Ubuntu operating system on your system. One bad move here can really ruin your day. The options you get in this window during the installation depend on your hard drive configuration, and if you have any existing software on your hard drive. The figure shows an example of what the Installation type window looks like. The Ubuntu installer tries to detect your exact system setup and provides some simple options: If your entire hard drive is currently used for Windows, the Ubuntu installer offers to shrink the partition to make room for an Ubuntu partition, and create a dual-boot environment. If you've already shrunk your existing Windows partition manually, the Ubuntu installer offers to install Ubuntu on the available empty partition and create a dual-boot environment. If you have a previous version of Ubuntu already installed, the Ubuntu installer offers to upgrade only the OS and leave your data intact if possible. If you have a second hard drive in your workstation the Ubuntu installer offers to use it for Ubuntu, leaving your existing hard drive alone, and create a dual-boot environment. If you have a single hard drive that already contains an existing Windows or Linux partition, the Ubuntu installer offers to erase the entire partition and just install Ubuntu. Allows you to manually partition your hard drive to create your own partitions. Which option you select depends on just what type of setup you want to try. If you want to run an Ubuntu-only workstation, the option to erase the existing operating system is the quickest and easiest way to go. Even if you select one of the options to keep the existing operating system, it's a very good idea to back up any important files contained in that operating system. Mistakes can (and often do) happen when working with hard drives. If you select an option to keep an existing operating system on your hard drive, the Ubuntu installer allows you to select how much disk space to allocate for the new Ubuntu partition. You can drag the partition separator to redistribute disk space between the original operating system and the new Ubuntu partition. If you select the manual partition process, Ubuntu turns control of the partition process over to you. It does provide a great partition utility, shown, for you to use to create, edit, or delete hard drive partitions. The manual partition utility displays the current hard drives, along with any existing partitions configured in them. Once you become an experienced Linux user you can manually remove, modify, or create individual partitions on any hard drives installed on the system to customize your Linux setup. 7. If you're performing a manual partition, select a filesystem for your Ubuntu partition. Part of the manual partition process is to assign a file system to each partition. A filesystem is a method used for storing and accessing files on the partition. Unlike some other operating systems, Ubuntu supports several different filesystems. You can select any of the available file systems for any of the partitions Ubuntu will use. The table shows the filesystem types available for you when creating disk partitions in Ubuntu. Ubuntu Partition Filesystem Types Partition Type Description ext4 A popular Linux journaling filesystem that is the current extension over the original Linux ext2 file system ext3 A legacy Linux journaling filesystem that is an extension over the original Linux ext2 file system ext2 The original non-journaling Linux filesystem btrfs A newer, high-performance filesystem that supports large file sizes JFS The Journaled Filesystem, created by IBM and used in AIX Unix systems XFS A high-performance journaling filesystem created by Silicon Graphics for the IRIX operating system FAT16 Older Microsoft DOS filesystem FAT32 Newer Microsoft DOS filesystem compatible with Microsoft Windows swap area Virtual memory area encrypted volume Linux allows you to encrypt an entire partition — just don't forget the key Do not use Ignore the partition The most common partition type (and the default used by the Ubuntu guided methods) is the ext4 format. This filesystem format provides a journaling filesystem for Ubuntu. A journaling filesystem logs any file changes into a log file before attempting to commit them to the disk. If the system should crash before it can properly commit the data, the journal log file is used to complete the pending file commits, and return the disk to a normal state. Journaling filesystems greatly reduce file corruption in Linux. 8. If you're performing a manual partition, select the mount points for the partitions. After selecting a filesystem for the partition, the next item that Ubuntu wants for the partition is where to mount the partition in the virtual filesystem. The Ubuntu virtual filesystem handles hard drives by plugging them into specific locations in the virtual filesystem. The table lists the possible locations where you can mount a partition. Mount Point Locations Location Description / The root of the Linux virtual filesystem /boot The location of the Linux kernel used for booting the system /home User directories for storing personal files and individual application setting files /tmp Temporary files used by applications and the Linux system /usr A common location for multi-user application files /var The variable directory, commonly used for log files and spool files /srv A common location for files used by services running on the system /opt Optional package installation directory for third-party applications /usr/local A common alternative location for optional multi-user package installations If you create just one partition for Ubuntu, you must mount it at the root mount point (/). If you have additional partitions available, you can mount them in other locations within the virtual filesystem. If you're using the manual partition method, don't forget to allocate a partition for the swap area, even if you already have lots of physical memory installed on your system. The Linux kernel uses the swap area as a temporary holding ground to move sleeping applications out of physical memory to make more room for running applications. The standard rule for this is to create as large of a swap area as you have physical memory. Thus, if you have 8GB of physical memory, create an 8GB partition and assign it as the swap area. 9. If you’re erasing an existing partition, or creating a new one, select any advanced disk features to use, and then click OK. Ubuntu provides the option for you to use the Logical Volume Manager (LVM) feature in Linux with your hard drive partitions. LVM provides a way for you to easily add more space to an existing directory at any time if needed, even if there's data already in the directory. You may also choose to encrypt the logical volume if you need to. The other option is to use the ZFS filesystem, which is a commercial filesystem recently released to the open source world. 10. Click Install Now to accept the proposed hard drive partition changes and continue with the installation. Up until this point you can change your mind about the hard drive changes. However, after you click Install Now here you're committed to those changes and there's no going back! 11. Select your location, and then click Continue. Because Ubuntu is in use worldwide, you'll need to manually select just where in the world you are located so Ubuntu can assign the correct time zone and locale settings. 12. Create a Login ID, and then click Continue. Up next in the installation process is the Login ID window, shown. The login ID you create in this process is somewhat important. Unlike other Linux distributions, the Ubuntu distribution doesn't use an administrator login account (usually called root in the Unix/Linux world). Instead, Ubuntu provides the ability for normal user accounts to belong to an administrators group. Members in the administrators group have the ability to become temporary administrators on the system. Having an account with administrative privileges is important, as the administrator is the only account that's allowed to perform most system functions, such as changing system features, adding new devices, and installing new software. Without an administrative account, you won't be able to do much of anything new on the system. Besides identifying yourself, you'll also need to assign a name to the computer itself. Ubuntu uses this name when advertising its presence on the network, as well as when referencing the system in log files. You should select a computer name that's unique on your network, is less than 63 characters long, and not contain any special characters (although hyphens are allowed). One final setting — you must determine whether you want the system to automatically log you into your desktop, or to prompt for your login password. I wouldn't recommend using this feature on laptops that you may accidentally leave behind somewhere. If you'll be the only one using the desktop PC (and there aren't any nosy people around) you can utilize the automatic login feature to save some time. Otherwise, set it to prompt you for a password each time you log into your system. 13. Sit back and enjoy the show! As the installation process proceeds the installer presents a series of informational slides. Scan over these slides to learn about the features available in your new Ubuntu system. After the Ubuntu system is installed on the hard drive, the installation program prompts you to reboot. The next time your system boots, you'll be in Ubuntu-land!

Article / Updated 11-01-2020

If you only have a single hard drive available in your PC, you need to create separate areas (called partitions) on the hard drive for Windows and Linux. This article walks through the process of how to do that, but first, you need to understand how partitions work. Three types of partitions are available: primary, extended, and logical. A hard drive can have three primary partitions and one extended partition. Each primary partition acts as a separate hard drive as far as the operating system is concerned. Inside the extended partition you can have up to 12 logical partitions — think of an extended partition as just a cardboard box that contains the logical partitions. Logical partitions behave similar to primary partitions and hold data; extended partitions just hold logical partitions. Because I can't predict what software you want to install, I recommend having at least 10GB of space available in a partition for your Linux installation. More is always better because it gives you more room for downloads and even more programs. Make a note of the partition you dedicate to Windows and the one you dedicate to Linux. You need this information when installing Linux. Those who aren't starting from scratch for a dual boot likely need to make changes to their current installation. Proceed to the next section to find out how. How to partition a hard drive with Windows tools If you already have Windows installed on the entire hard drive, you'll need to shrink that partition down so there's room for Linux. The first step is to check your existing hard drive for how much free space is available to dedicate for Linux. You can do that using the File Explorer tool in Windows by following these steps: Open File Explorer by clicking the folder icon in the taskbar, or typing file explorer in the search area in the taskbar and selecting File Explorer from the search results. When File Explorer opens, click This PC on the left-hand side of the window. This displays the status of the various storage devices you have connected to your PC. This figure shows an example of what you might see in File Explorer. The example shows a single hard drive connected to the PC (assigned as drive letter C). File Explorer shows the drive is 899GB in size, and has 483GB available for use as a second partition. It's usually not a good idea to allocate all the free space on your hard drive to Linux; you'll want to leave some extra room in the Windows partition so you can continue doing things while you're running Windows, such as downloading and installing patches or saving new files. After you determine how much space you want to dedicate to Linux, you're ready to partition the hard drive. The Windows utility you want to use is the Disk Manager program. Follow these steps to use it: Right-click the Start icon in the taskbar. From the menu that appears, choose Disk Management. The Disk Management dialog box appears as shown. The dialog box shows all the hard drives installed on the PC, along with the partitions for each one. Right-click the partition that indicates it is assigned as a Windows partition and assigned a drive letter (usually the C drive). You can click either the partition entry in the text list, or the graphical picture of the partition. As shown, many modern PCs create one or more hidden partitions that aren't assigned drive letters in Windows. These partitions don't appear in File Explorer, but are used by the PC to contain recovery data to reinstall Windows in an emergency. Don't mess with those partitions! Select Shrink Volume from the pop-up menu. The Shrink Volume dialog box appears, as shown. Enter the amount of space you want to assign to the Linux partition in the text box. Note that the entry is in MB (megabytes) instead of GB (gigabytes). One gigabyte is equal to 1024 megabytes, so just multiply the available GB space value by 1024 to get the MB value to enter here. Click Shrink. During the shrink process Windows tries to move any data stored near the end of the partition towards the front to make room for the new partition. However, some system files can't be moved, which may cause a problem and produce an error message. If this happens there are ways to move those files, but it gets much more complicated that what I can cover here. Fortunately, you aren't the first person to need to do this, so there's plenty of help available. One place to consult is the Microsoft Windows forum at answers.microsoft.com and you'll see lots of postings on how to handle this situation. When the shrink process completes, a new partition appears in the Disk Manager listing. This new partition appears as Unassigned, and not have a drive letter assigned to it by Windows. If you have lots of space available on your existing Windows partition you'll probably want a lot more than 10GB of space. The 10GB is the minimum recommended for most Linux distributions to fit the operating system. However, if you download lots of multimedia, you’ll quickly eat up whatever was left after you installed your software! Give Linux as much space as you think you can spare from your Windows environment. How to partition a hard drive with Linux tools If you're in a situation where you don't currently have Windows installed on the hard drive but would like to partition the hard drive first, you can use Linux tools to do the work for you. The easy solution is to boot your PC using a Live distribution and use the disk management tools available. Plenty of Live distributions include disk management tools by default, but by far the most popular is the KNOPPIX Linux distribution. The KNOPPIX Linux distribution was the first to create a live Linux version, even back before there were DVDs (it was called a LiveCD!). What keeps KNOPPIX at the top of the list of popular Linux distributions is the myriad of utilities it includes by default. It touts itself as a rescue disk — a way to boot your PC if things go horribly wrong with the existing operating system, and be able to troubleshoot and possibly fix issues. Follow these steps to partition your hard drive using KNOPPIX: Download the latest KNOPPIX CD or DVD ISO image from the KNOPPIX website. Burn the ISO image onto a bootable CD, DVD, or USB stick using a standard ISO image burning tool. Boot your PC using the KNOPPIX LiveDVD. At the boot: prompt, press the Enter key to start KNOPPIX. Select Graphical Programs→startlxde from the main menu. The KNOPPIX graphical desktop environment comes up. It's a fairly bare-bones graphical desktop so it can run on just about any PC, but it gets the job done. From the KNOPPIX graphical desktop, click the Terminal icon in the taskbar at the bottom of the desktop. A Terminal session starts that provides access to the command prompt. At the command prompt in Terminal, enter the command: sudo gparted. The GParted application is a popular disk management tool for Linux. It provides an interface similar to the Windows disk management tool, as shown. Right-click inside the partition you need to shrink. Select Resize/Move from the pop-up menu. The Resize/Move dialog box opens, as shown. In the Resize/Move dialog box, either drag the right end of the partition graphical box to resize the partition, or enter a new value in the New Size textbox. The colored portion of the box indicates where the existing data in the partition is stored. You should be able to move the end of the partition down close to that area. Click the Resize/Move button to initiate the resizing process. After the hard drive is partitioned you can exit the tool and shutdown KNOPPIX. And that's all there is to it!

Article / Updated 11-01-2020

Troubleshooting is like reading a mystery novel. You have some facts, symptoms, and details, but you don’t know whodunit. You have to take whatever information you have, work with that data, weigh the various possibilities, and then narrow them to a single suspect. Finally, you need to test your theory and prove that your suspect is the guilty party. Troubleshooting problems in Linux (or any operating system) can encompass many hardware and software issues. Whether the problem is the operating system, the hardware, or a service giving you fits, you can use some basic troubleshooting techniques to start your investigations: Document the problem. Write down any and all symptoms that the system is showing, including actions you can and can’t do. Jot down any information you see in error messages. Examine the Linux log files. You can find most of these in the /var/log Look for the word “error.” Compare your problem system with a working system running the same distribution and version. Sometimes, comparing configuration files and settings may uncover the problem or narrow the possibilities. Check connections. Check to make sure that all the hardware is connected properly and powered on. Verify that all cables and connections are attached properly. There’s always someone, somewhere, accidentally kicking a cable out from a wall connection. Remove new hardware. Remove any hardware that you have changed or added recently (before the problem started) and see whether the problem disappears. If so, you can probably conclude that the new or changed hardware (or its driver) is the culprit and start researching solutions. Reduce the number of active programs. Stop running unnecessary services and applications that aren’t related to the problem at hand. You may more easily figure out what’s happening if other services and applications aren’t getting in the way. Check to see whether the problem is reproducible. Does the same sequence of events produce the same problem? Suppose that when you try to print to a color printer, nothing happens. If nothing happens every time you attempt to print, the problem is reproducible. If, instead, sometimes your information is printed and at other times it isn’t, the problem pattern isn’t the same and isn’t reproducible — or it's caused by something more complicated than just clicking one button. Unfortunately, problems that are nonreproducible are more difficult to resolve because it seems that no set pattern of events re-creates those problems. After you’ve come up with a solution, take a few moments to document the situation. Note the symptoms of the problem, its cause, and the solution you implement. The next time you encounter the same problem, you can call on your notes for a solution rather than reinvent the wheel. If you don’t have any problems to troubleshoot (yet), document your environment before you do. Making a backup of your /etc directory and your /boot directory is a great place to start. Tip #1: “The Linux Installer Froze” When you’re installing Linux, the installation may just freeze. If it does, wait a bit and make sure that the installation program really froze. (Sometimes, the software just takes a while to process information.) If the software looks like it has frozen, there’s no harm in rebooting your computer and starting over — just as you would do with any operating system installation. Sometimes, you can reboot and never have that problem again. At other times, the problem may happen twice in a row and then be fine the third time. Be sure to try several times before giving up. If the installation still freezes in the same spot or close to the same spot, go to the distribution’s support pages. These pages may talk about some known problems and solutions that can help you and should show you how to join discussion lists to get more assistance. Otherwise, diagnosing the problem can be tricky and may seem more like voodoo than science. Here are some tips: If this problem happens repeatedly at exactly the same spot, you may have a bad installation ISO image or DVD burn. See the next tip, “Checking Your Distribution Burns,” and then return here if that technique doesn’t solve your problem. Otherwise, try the DVD or USB stick in another machine if possible and see whether the installation fails in the same place there. If you purchased an installation DVD from someone, contact their technical support team. If you burned the ISO image onto a DVD yourself, try burning a new copy at a slower speed, or if your PC can boot from a USB device, burn it onto a USB stick. If this problem happens repeatedly at exactly the same spot and you don’t have a bad installation disk, the trouble may be with one of your machine’s hardware components. If you can, try trading hardware between machines. If not, you may need to choose a different machine on which to install Linux or try another distribution. If the problem seems to happen randomly, your particular Linux distribution may not be compatible with that particular machine. Again, you can try using another distribution and see whether it detects your hardware. If not, try trading some hardware around, installing Linux on another machine. If you’re not sure whether your installer has frozen, try pressing various combinations of Alt+F#, where # corresponds to one of the function keys. Depending on the distribution, the installer has not completely frozen if you can see different screens when you try this technique. Tip #2: Checking Your Distribution Burns Some Linux distributions (such as Ubuntu and openSUSE) provide the option to check the installation medium for errors. If your installation keeps dying while the installer program is placing packages on your hard drive, follow these steps to try to fix it: Place the DVD into your drive. Reboot the machine. Wait until you reach the boot menu. If you’ve changed your mind and just want to start the installation, use the Tab or arrow keys to select Skip and then press Enter. Use the Tab or arrow keys to select the option to inspect the installation media. Press Enter to begin the media check. The Media Check status box opens and shows you the name assigned to the DVD and how much progress has been made. At the end of the inspection, the Media Check Result dialog box opens. Look at the text after and the result is. If the result is PASS, nothing is wrong with the DVD itself. Your installation woes are caused by something else. If the result is FAIL, the DVD you just tested is flawed. If you purchased this DVD, you need to talk to the company you purchased it from to see whether you can get a replacement. On the other hand, if you burned your own DVD from an ISO file, I recommend doing one of the following: Burn the DVD again, at a slower speed. Burn the DVD again on a newer drive with BurnProof technology or something similar. Tip #3: “I Told the Installer to Test My Graphics, and They Failed” The installer may have guessed wrong about what hardware you have. Double-check the settings as best you can. If they look right, try choosing a lower resolution for now and testing again, and if that fails try a lower number of colors and test again. You can then try setting things back the way you want them after the machine is fully installed and updated, when it hopefully has a fix for whatever the problem might be. Tip #4: “The Installer Tested My Graphics Fine, but My GUI Won’t Start” If your Linux installation program showed you a GUI desktop saying that you were ready to proceed with the rest of the installation, you probably expected that the GUI would start with no problem. Unfortunately, that doesn’t always happen. If you boot your machine for the first time and see error messages when you’re trying to enter the GUI automatically or when you type startx to start the GUI manually, type system-config-display at a command prompt to start a program that can help you fix the problem. Tip #5: “I Think I’m in Linux, but I Don’t Know What to Do!” Two different screens tend to cause panic to folks new to Linux. The first of these screens, shown in the figure, is in fact a sign that you installed the software and booted the machine successfully. Jump for joy! It’s just that you’re booting into the command-line environment rather than the GUI environment. If you reach a screen similar to the one shown, the computer is asking you to log in with the username for an account and a password that you created during the installation process. If you created only the root account, you can log in there as root. After you enter the username and password, you find yourself at the screen shown , which just happens to be the second spot where people get worried. If you see this screen, you have not only booted properly into Linux, but you’re also logged in and using the machine! Give yourself a good pat on the back. What do you do from here? Anything you want. Type startx to start up the GUI. If you didn’t install any GUI (which means you selected a minimal install option with no graphical interface, or you actually unselected graphics), you may want to reinstall, or you have to add all the tools by hand (which is not a quick job!). Tip #6: “I Don’t Want to Boot into This!” Are you booting into the command-line environment when you want to use only the GUI? Or are you finding that you’re already booting into the GUI and you would rather boot to that nice, clean, black-and-white command line screen? You’re not stuck with either of these options. You can change them at any time. You can press Ctrl+Alt+F# (F# refers to function keys F2 through F6) to change out of the GUI to a command line terminal at any time and then Ctrl+Alt+F2 or Ctrl+Alt+F8 to switch back. Tip #7: Changing Your Boot Environment “Permanently” The word permanently is in quotes in the heading because you can, of course, go back and change this setting later, if you want. Permanently just refers to the fact that after you have made this change, every time you boot the system, it automatically goes into the preferred environment until you change it. To make this change you need to determine what startup method your Linux distribution uses. Currently there are two popular Linux startup methods: SysVinit: The original method used in Linux, copied from the Unix world. This uses a set of scripts that the OS runs at boot time. The configuration files determine which services to start, and what mode (command line or GUI) to start. Systemd: The systemd startup method is a relatively new startup method developed specifically for Linux. Instead of startup scripts it uses configuration files. The easiest way to determine which method your Linux distribution uses is with the following command: ps -p 1 If the result shows the systemd program is running as PID 1, your system uses the systemd startup method. If the result shows the init program is running as PID 1, your system uses the SysVinit startup method. For systems that use the systemd startup method, follow these steps to change the default boot environment: In the GUI, open a command line terminal. Type the following: sudo systemctl set-default multi-user.target Reboot the system. This sets the system to a text-based system. If you want to change back to the graphical login, just use the command: sudo systemctl set-default graphical.target For distributions that use the SysVinit startup method, you need to manually edit what’s called a run level. Fortunately, these distributions use the same run level settings, so the instructions are the same for all of them: In the GUI, open a command line terminal. Type the following: sudo cp /etc/inittab /etc/inittab.old This creates a backup of the current inittab file. Now, if something happens while you’re editing the inittab file, you can always restart fresh with the old version. Open the inittab file in your preferred text editor. Scroll down until you find a line similar to the following: id:5:initdefault: This line appears near the top of the file. What you’re interested in here is the number. In most mainstream Linux distributions, the number 5 tells Linux to boot into the GUI, and the number 3 tells Linux to boot into the command line. In the preceding example, therefore, I boot into the GUI. Change the number in this line. If it’s a 5, change it to 3, and vice versa. Make sure that all colons and other items are left properly in place, or else your machine will have problems booting later. Save and exit the file. The changes go into effect the next time you reboot the system. If you do end up having problems booting the system, just about any Linux LiveDVD distribution can be used as an emergency boot disk. Changing your boot environment just for now At any time, you can also have your Linux box switch between full command-line mode and full GUI mode. To switch between modes in a systemd startup method, do the following: To change from the GUI login to the command line login, open a terminal window and type: sudo systemctl isolate multi-user.target To change from the command line login to the GUI login, type: sudo systemctl isolate graphical.target To switch between modes in a SysVinit startup method, do the following: To change from the GUI login to the command-line login, open a terminal window and type: sudo init 3 To change from the command line login to the GUI login, type: sudo init 5 Tip #8: “I Want to Change Screen Resolutions” Do you want or need to swap between resolutions in the GUI on the fly? Suppose that you want to use 1,024 x 768, but you work on web pages and want to be able to see how they look in a browser at 800 x 600 or even 640 x 480. Your machine is very likely already set up to do this, but you just need to know how! If your machine is set up for it, you can change resolutions by pressing Ctrl+Alt+Plus, where Plus is the big key with the plus (+) sign on your number pad — you can’t use the plus (+) sign on the main keyboard for this one. If that doesn't work in your desktop, often you can right-click an empty place in the desktop and choose Display. This is shown in the following figure for Ubuntu. You can change the display resolution settings at any time, and then change them back as you need! Tip #9: “My GUI Is Hung, and I’m Stuck!” One quick solution to this problem is pressing Ctrl+Alt+Backspace. If this doesn’t do the trick, your system is in really bad shape! Try to switch to a virtual terminal by using Ctrl+Alt+F5. If this key combination also does nothing, you need to reboot the machine. Tip #10: “Help, My Machine Hangs During Boot!” When configuring a Linux machine, you may encounter problems with the GRUB2 bootloader program, which is what loads the Linux kernel. This program uses a configuration file to indicate the operating system or systems to which your system can boot, and the file also contains Linux startup settings. You can alter the GRUB2 boot settings "on the fly" as the system boots, but you have to get into the GRUB2 menu to do that. Some Linux systems (such as openSUSE) bring up the GRUB2 boot menu all the time, making it easy to make changes. Just press the E key while booting to edit the menu. Unfortunately, many Linux distributions (such as Ubuntu) hide the GRUB2 boot menu and automatically jump into booting the system. To get to the GRUB2 menu to make changes you need to stop the boot process midstream. Just how you do that depends on your system: For older systems that use BIOS firmware, hold down a Shift key as the system first boots. If you see the distribution splash screen you're too late; try again. For systems that use the newer UEFI firmware, hold down the ESC key as the system first boots. Again, if you see the distribution splash screen you're too late; try again. Once you get to the GRUB2 boot menu, some Linux distributions have a special recovery mode boot option. Give that a try and see what happens. If not, press the E key to edit the GRUB2 menu settings. Look for the Linux line in the configuration, add the word single to the list of options on that line, and then press F10 to reboot using the new options. Linux starts in single-user command line mode. From here you can look at the log files in the /var/log folder to see what previous boot attempts failed. “Aaargh! I Forgot My Root Password! What Do I Do?” Fear not. You have a way around this problem! You need to boot into single-user mode, which you can accomplish by rebooting your machine. When you see the blue screen with the words “Press any key to enter the menu,” press a key. At the GRUB boot screen, press E, which takes you to a configuration file. Use the arrow keys to go to the line starting with Linux, and press E again to edit that line. At the end of the line, add the word single, press Enter to put the change into place, and then press B to boot the machine. Type passwd and then enter the new password twice as directed. When you finish, type exit and then boot the machine normally.

Article / Updated 11-01-2020

Welcome to the world of Linux, the operating system developed by thousands of people around the world! In this article, you find out about Linux itself — what it is, where it comes from, and why it gets so much attention. Prepare to have your assumptions challenged about how software must be developed and sold, and your mind opened to new possibilities. Is free really free? Understanding Linux requires a radical shift of thought regarding the way that you acquire and use computer software. Your first step toward shifting your mindset is to alter your general connotation of the word free to represent freedom, rather than free lunch. That’s right; you can sell “free” software for a fee . . . and you’re encouraged to do so, as long as you relay the same freedom to each recipient of the software. Don’t scratch your head too hard; these concepts are tough to grasp initially, especially when you consider the conditioning you’ve received from the commercial software industry's marketing departments. Perhaps you don’t know that when you purchase most proprietary software packages, you don’t actually own the software. Rather, you’re granted permission to use the software within the bounds dictated by the licensor. Linux also has a license. However, the motives and purpose of the license are much different from those of most commercial software. Instead of using a license to restrict use of the software, the GNU General Public License (GPL) that Linux uses ensures that the software will always be open to anyone. No company can ever own Linux or dictate the way in which you use or modify Linux — although they can have their own individual copyrights and trademarks on their various brands of it, such as Red Hat and SUSE. In essence, you already own Linux, and you can use it for anything you like, as long as you propagate the GPL freedoms to any further recipients of the software. Linux: revolution or just another operating system? Before going any farther into Linux, let's get some terminology out of the way. Tux is the formal name of the mascot penguin that represents Linux. Rumor has it that Linux’s creator, Linus Torvalds, is rather fond of these well-dressed inhabitants of the Antarctic. An operating system is the software that runs your computer, handling all interactions between you and the hardware. Whether you’re writing a letter, calculating a budget, or managing your recipes on your computer, the operating system provides the essential air that your computer breathes. Furthermore, an operating system isn’t just one program; it consists of hundreds of smaller programs and utilities that allow us humans to use a computer to do something useful. You then run other programs (such as your word processor) on top of the operating system to get everything done. In recent technological history, Linux has evolved from a techie playground to a rock-solid solution for the business enterprise. The same software that was once dismissed as rogue is now being adopted and promoted by industry leaders such as IBM, Hewlett-Packard, Motorola, Microsoft, and Intel. Each of these computer manufacturers has determined that Linux provides value for their customers in some way (as well as for their own operations). Linux has been accused of being “just another operating system.” On the surface, it may appear so, but if you look deeper, you can see that this isn’t so. The Linux project is a flagship leading the current trend toward open source and free (as in freedom, not free lunch) software within the computing industry. A rock-solid operating system because of the model under which it was (and continues to be) developed, Linux represents much that is good in software development. Two fundamental distinctions separate Linux from the rest of the operating-system pack: Linux is licensed under the unique and ingenious GNU General Public License, which you can read about in the next section. Linux is developed and maintained by a worldwide team of volunteer and paid programmers, working together over the Internet. Linux is great for many reasons, including the fact that the folks who built it from the ground up wanted it to be Multiuser: More than one user can be logged in to a single computer at one time. Multiprocess: True preemptive multitasking enables the operating system core to efficiently juggle several programs running at once. This is important for providing multiple services on one computer. Multiplatform: While Mac OS only runs on Intel CPUs and Windows only runs on Intel and ARM CPUs, Linux currently runs on more than 24 different CPU platforms (hardware types), including 32- and 64-bit Intel-based PCs, Digital/Compaq Alpha, all variants of the Apple Macintosh, Sun SPARC, the Apple iPod, ARM CPUs, and even the Microsoft XBox. Interoperable: Linux plays nice with most network protocols (languages) and operating systems, allowing you to interact with users and computers running Microsoft Windows, UNIX, Apple Macintosh computers, and other, more niche groups. Scalable: As your computing needs grow, you can rely on Linux to grow with you. The same Linux operating system can run on a tiny electronic photo frame, a desktop computer, or a very large, industrial-strength server system. Portable: Linux is mostly written in the C programming language. C is a language created specifically for writing operating system–level software and can be readily ported (translated) to run on new computer hardware. Flexible: You can configure the Linux operating system as a network host, router, graphical workstation, office productivity PC, home entertainment computer, file server, Web server, cluster, or just about any other computing appliance that you can think of. Stable: The Linux kernel (the core of the operating system) has achieved a level of maturity that makes most software developers envious. It’s not uncommon to hear reports of Linux servers running for years without crashing. Efficient: The modular design of Linux enables you to include only the components needed to run your desired services. Even older computers can utilize Linux and become useful again. Free!: To most people, the most intriguing aspect of Linux is the fact that it’s often available free of charge. How (the capitalists murmur) can anyone build a better mousetrap with no incentive of direct monetary return? So where did Linux come from? The quickest way to understand Linux is to take a peek at its rich heritage. Although programming of the Linux core started in 1991, the design concepts were based on the time-tested UNIX operating system. UNIX was developed at Bell Telephone Laboratories in the late 1960s. The original architects of UNIX, working back when there were few operating systems, wanted to create one that shared data, programs, and resources both efficiently and securely — something that wasn’t available then (and is still sought after now). From there, UNIX evolved into many different versions; its current family tree is so complicated that it looks like a kudzu infestation! In 1991, Linus Torvalds was a computer science student at the University of Helsinki in Finland. He wanted an operating system that was like the UNIX system that he’d grown fond of at the university, but both UNIX and the hardware it ran on were prohibitively expensive. A UNIX version called Minix was available for free, but it didn’t quite meet his needs. So, as a computer science student, Torvalds studied Minix and then set out to write a new version himself. In his own words (recorded for posterity on the Internet because this was in an early version of an online chat room), his work was “just a hobby, won’t be big and professional like GNU.” Writing an operating system is no small task. Even after six months of hard work, Torvalds had made very little progress toward the general utility of the system. He posted what he had to the Internet — and found that many people shared his interest and curiosity. Before long, some of the brightest minds around the world were contributing to Linus’s project by adding enhancements or fixing bugs (errors in the code). Anatomy of an Open Source Software Project To the casual observer (and some corporate IT decision makers), Linux appears to be a freak mutation — a rogue creature randomly generated by anarchy. How, after all, can something so complex and discipline dependent as a computer operating system be developed by a loosely knit band of volunteer computer geeks from around the world? Just as science is constantly attempting to classify and explain everything in existence, technology commentators are still trying to understand how the open source approach can create superior software, especially in cases where there is no charge. Often the reasons have much to do with the usual human desire to fill a need with a solution. When a programmer in the Linux world wants a tool, the programmer simply writes one — or bands together with other people who want a similar package, and they write it together. GNU who? Imagine — software created out of need rather than projected profit. Even though UNIX ultimately became expensive proprietary software, the ideas and motives for its creation were originally based on practical needs. What people usually refer to (in the singular) as the Linux operating system is actually a collection of software tools that were created with the express purpose of solving specific computing problems. The speed of Linux's popularity also wouldn’t be possible without the vision of a man whom Steven Levy (author of the book Hackers) refers to as “The Last of the Great MIT AI-LAB Hackers” — in the original sense of the word hacker ss someone who is an expert at coding, not the current popular meaning that implies criminal intent. This pioneer and advocate of freedom software is Richard Stallman. The Massachusetts Institute of Technology (MIT) has long held a reputation for nurturing the greatest minds in the technological disciplines. In 1984, Stallman, a gifted student and brilliant programmer at MIT, was faced with a dilemma — sell his talent to a company for a tidy sum of money or donate his gifts to the world. He did what we’d all do . . . right? Stallman set out on a journey to create a completely free operating system that he would donate to the world. He understands — and continues to live — the original hacker ethic, which declares that information wants to be free. This concept wasn’t new in his time. In the early days of the computing industry, many advancements were made by freely sharing ideas and programming code. Manufacturer-sponsored user groups brought the best minds together to solve complicated problems. This ethic, Stallman felt, was lost when companies began to hoard software as their own intellectual property with the single purpose of profit. As you may or may not have gathered by this point, widespread and accessible source code is paramount to successful software development. Source code is the term for the human-readable text (as opposed to the unreadable cyber-hieroglyphics in an “executable” file) that a programmer types to communicate instructions to the computer. Writing computer programs using code that computers can run directly is an extremely arduous task. Modern computer software is usually written in a human-friendly language and then compiled, or translated, into the computer’s native instruction set. To make changes to this software, a programmer needs access to a program’s source code. Most proprietary software comes only as a precompiled product; the software developer keeps the source code for those programs under lock and key. After determining that his operating system would be built around the conceptual framework of UNIX, Stallman wanted the project name to distinguish his system from UNIX. So, he chose the recursive acronym GNU (pronounced ga-new), which means GNUs not Unix. To finance the GNU project, Stallman organized the Free Software Foundation (FSF), which sold open source software to help feed the programmers who worked on its continuing development. (Remember, we’re talking free as in freedom, not free lunch.) Although this organization and goal of creating a complete operating system was necessary and important, a much more important piece of the puzzle had to be put into place to protect this new software from big-business pirates — a concern still all too relevant today as a former Linux company tries to hijack ownership of decades of volunteer work from thousands of people around the world. The GNU General Public License (GPL) is a unique and creative software license that uses copyright law to protect the freedom of the software user, which is usually the opposite of how a copyright works. Generally, a copyright is an enforceable designation of ownership and restriction from duplication by anyone but the copyright holder. When software is licensed under the GPL, recipients are bound by copyright law to respect the freedom of anyone else to use the software in any way they choose. Software licensed with the GPL is also known as copyleft software (the reverse of right, get it?). Another way to remember the GPL is through its ultimate result: Guaranteed Public for Life. While Stallman's work set the stage for Linux's rapid climb to popularity, the operating system he and his crew were working on took longer than expected. Check out the completed version. Who’s in charge of Linux anyway? As an open source project evolves, various people emerge as leaders. This leader is often known as the project’s benevolent dictator. A person who becomes benevolent dictator has probably spent more time than anyone else on a particular problem and often has some unique insight. Normally, the words democratic and dictator are never paired in the same sentence, but the open source model is a very democratic process that endorses the reign of a benevolent dictator. Linus Torvalds is still considered the benevolent dictator of the Linux kernel (the operating system’s core). He ultimately determines what features are added to the kernel and what features aren’t. The community trusts his vision and discretion. In the event that he loses interest in the project, or the community decides that he has gone senile, a new leader will emerge from amongst the very competent people working with him. Einstein was a volunteer Someone who is a volunteer or donates time to a project isn’t necessarily providing a second-rate effort (or only working on weekends and holidays). In fact, any human resources expert will tell you that people who choose to do a job of their own free will produce the highest quality products. The volunteers who contribute to open source projects are often leaders in their fields who depend on community collaboration to get useful work done. The open source concept is no stranger to the scientific community. The impartial peer-review process that open source projects foster is critical in validating some new feature or capability as being technically correct. Those who paint the open source community as copyright violators and thieves often misunderstand — or outright ignore — these vital issues. Open source programmers are very proud of their work and are also very concerned about their own copyrights, not wanting their work to be stolen by others — hence licenses such as the GPL. This concern creates an atmosphere with the greatest respect for copyright. Bandits who claim that they’re “just being open source” when they steal other people’s hard work are grossly misusing the term to soothe their own consciences. Many have also pointed out that if copyright is violated in open source, it’s easy to tell. Watch the news and notice how often large software corporations are convicted of stealing other people’s code and incorporating it into their own work. If the final product is open source, it’s easy for anyone to look and make sure nothing stolen is in it. As you might imagine, tracking down such copyright violations is much more difficult in a closed source scheme.

Article / Updated 09-28-2018

GPG includes the tools you need to use public key encryption and digital signatures on your Linux system. You can figure out how to use GPG gradually as you begin using encryption in Linux. The information you find here shows some of the typical tasks you can perform with GPG to protect your Linux system. How to Generate the key pair with GPG in Linux The steps for generating the key pairs are as follows: Type gpg --gen-key. If you’re using GPG for the first time, it creates a .gnupg directory in your home directory and a file named gpg.conf in that directory. Then it asks what kind of keys you want: Please select what kind of key you want: (1) DSA and ElGamal (default) (2) DSA (sign only) (4) RSA (sign only) Your selection? Press Enter for the default choice, which is good enough. GPG prompts you for the key size (the number of bits). Press Enter again to accept the default value of 2,048 bits. GPG asks you when the keys expire. The default is to never expire. If the default is what you want (and why not?), press Enter. When GPG asks whether you really want the keys to never expire, press the Y key to confirm. GPG prompts you for your name, your email address, and a comment to make it easier to associate the key pair with your name. Type each piece of requested information, and press Enter. When GPG gives you a chance to change the information or confirm it, confirm by typing o and pressing Enter. GPG prompts you for a passphrase that protects your private key. Type a long phrase that includes lowercase and uppercase letters, numbers, and punctuation marks — the longer the better — and then press Enter. Be careful to choose a passphrase that you can remember easily. GPG generates the keys. It may ask you to perform some work on the PC so that the random-number generator can generate enough random numbers for the key-generation process. How to exchange keys using GPG in Linux If you're an administrator, protecting your Linux system should always be at the top of your mind. To communicate with others, you have to give them your public key. You also have to get public keys from those who may send you a message (or when someone who might sign a file and you want to verify the signature). GPG keeps the public keys in your key ring. (The key ring is simply the public keys stored in a file, but the name sounds nice because everyone has a key ring in the real world, and these keys are keys of a sort.) To list the keys in your key ring, type gpg --list-keys To send your public key to someone or to place it on a website, you have to export the key to a file. The best way is to put the key in what GPG documentation calls ASCII-armored format, with a command like this: gpg --armor --export [email protected] > kdulaneykey.asc This command saves the public key in ASCII-armored format (which looks like garbled text) in the file named kdulaneykey.asc. You replace the email address with your email address (the one you used when you created the key) and replace the output filename with something different. After you export the public key to a file, you can mail that file to others or place it on a website for use by others. When you import a key from someone, you typically get it in ASCII-armored format as well. If you have a us-http://www.us-cert.gov/pgp/email.htmlin a file named uscertkey.asc, you import it into the key ring with the following command: gpg --import uscertkey.asc Use the gpg --list-keys command to verify that the key is in your key ring. Here’s what you might see when typing gpg --list-keys on the system: /home/kdulaney/.gnupg/pubring.gpg ----------------------------- pub 1024D/7B38A728 2018-08-28 uid Kristin Dulaney <[email protected]> sub 2048g/3BD6D418 2018-08-28 pub 2048R/F0E187D0 2019-09-08 [expires: 2019-10-01] uid US-CERT Operations Key <[email protected]> The next step is checking the fingerprint of the new key. Type the following command to get the fingerprint of the US-CERT key: gpg --fingerprint [email protected] GPG prints the fingerprint, as follows: pub 2048R/F0E187D0 2018-09-08 [expires: 2019-10-01] Key fingerprint = 049F E3BA 240B 4CF1 3A76 06DC 1868 49EC F0E1 87D0 uid US-CERT Operations Key <[email protected]> At this point, you need to verify the key fingerprint with someone at the US-CERT organization. If you think that the key fingerprint is good, you can sign the key and validate it. Here’s the command you use to sign the key: gpg --sign-key [email protected] GPG asks for confirmation and then prompts you for your passphrase. After that, GPG signs the key. Because key verification and signing are potential weak links in GPG, be careful about what keys you sign. By signing a key, you say that you trust the key to be from that person or organization. How to sign a file with GPG in Linux You may find signing files to be useful if you send a file to someone and want to assure the recipient that no one tampered with the file and that you did in fact send the file. GPG makes signing a file easy. You can compress and sign a file named message with the following command: gpg -o message.sig -s message To verify the signature, type gpg --verify message.sig To get back the original document, type gpg -o message --decrypt message.sig Sometimes, you don’t care about keeping a message secret, but you want to sign it to indicate that the message is from you. In such a case, you can generate and append a clear-text signature with the following command: gpg -o message.asc --clearsign message This command appends a clear-text signature to the text message. Here’s a typical clear-text signature block: -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDEhAtaHWlHHs4pygRAhiqAJ9Qj0pPMgKVBuokDyUZaEYVsp6RIQCfaoBm 9zCwrSAG9mo2DXJvbKS3ri8= =2uc/ -----END PGP SIGNATURE----- When a message has a clear-text signature appended, you can use GPG to verify the signature with the following command: gpg --verify message.asc If you indeed signed the message, the last line of the output says that the signature is good. Encrypting and decrypting documents with GPG in Linux To encrypt a message meant for a recipient, you can use the --encrypt (or -e) GPG command. Here’s how you might encrypt a message for US-CERT by using its GPG key: gpg -o message.gpg -e -r [email protected] message The message is encrypted with the US-CERT public key (without a signature, but you can add the signature with the -s command). When US-CERT receives the message.gpg file, the recipient must decrypt it by using US-CERT’s private key. Here’s the command that someone at US-CERT can use: gpg -o message --decrypt message.gpg Then GPG prompts for the passphrase to unlock the US-CERT private key, decrypts the message, and saves the output in the file named message. If you want to encrypt a file that no one else has to decrypt, you can use GPG to perform symmetric encryption. In this case, you provide a passphrase to encrypt the file with the following GPG command: gpg -o secret.gpg -c somefile GPG prompts you for the passphrase and asks you to repeat the passphrase (to make sure that you didn’t mistype anything). Then GPG encrypts the file, using a key generated from the passphrase. To decrypt a file encrypted with a symmetric key, type gpg -o myfile --decrypt secret.gpg GPG prompts you for the passphrase. If you enter the correct passphrase, GPG decrypts the file and saves the output (in this example) in the file named myfile. Check here to discover ten security terms you should know for Linux systems.

Article / Updated 09-28-2018

Like any other OS, Linux needs to be protected with a firewall. A firewall is a network device or host with two or more network interfaces — one connected to the protected internal network and the other connected to unprotected networks, such as the Internet. The firewall controls access to and from the protected internal network. If you connect an internal network directly to the Internet, you have to make sure that every system on the internal network is properly secured — which can be nearly impossible, because a single careless user can render the entire internal network vulnerable. A firewall is a single point of connection to the Internet: You can direct all your efforts toward making that firewall system a daunting barrier to unauthorized external users. Essentially, a firewall is a protective fence that keeps unwanted external data and software out and sensitive internal data and software in. The firewall runs software on your Linux system that examines the network packets arriving at its network interfaces and then takes appropriate action based on a set of rules. The idea is to define these rules so that they allow only authorized network traffic to flow between the two interfaces. Configuring the firewall involves setting up the rules properly. A configuration strategy is to reject all network traffic and then enable only a limited set of network packets to go through the firewall. The authorized network traffic would include the connections necessary to enable internal users to do things such as visit websites and receive electronic mail. To be useful at protecting your Linux system, a firewall must have the following general characteristics: It must control the flow of packets between the Internet and the internal network. It must not provide dynamic routing because dynamic routing tables are subject to route spoofing — the use of fake routes by intruders. Instead, the firewall uses static routing tables (which you can set up with the route command on Linux systems). It must not allow any external user to log in as root. That way, even if the firewall system is compromised, the intruder is blocked from using root privileges from a remote login. It must be kept in a physically secure location. It must distinguish between packets that come from the Internet and packets that come from the internal protected network. This feature allows the firewall to reject packets that come from the Internet but have the IP address of a trusted system on the internal network. It acts as the SMTP mail gateway for the internal network. Set up the sendmail software so that all outgoing mail appears to come from the firewall system. Its user accounts are limited to a few user accounts for those internal users who need access to external systems. External users who need access to the internal network should use SSH for remote login. It keeps a log of all system activities, such as successful and unsuccessful login attempts. It provides DNS name-lookup service to the outside world to resolve any host names that are known to the outside world. It provides good performance so that it doesn’t hinder internal users’ access to specific Internet services (such as HTTP and FTP). A firewall can take many forms. Here are three common forms of a firewall you might find on a Linux system: Packet filter firewall: This simple firewall uses a router capable of filtering (blocking or allowing) packets according to various characteristics, including the source and destination IP addresses, the network protocol (TCP or UDP), and the source and destination port numbers. Packet filter firewalls are usually placed at the outermost boundary with an untrusted network, and they form the first line of defense. An example of a packet filter firewall is a network router that employs filter rules to screen network traffic. Packet filter firewalls are fast and flexible, but they can’t prevent attacks that exploit application-specific vulnerabilities or functions. They can log only a minimal amount of information, such as source IP address, destination IP address, and traffic type. Also, they’re vulnerable to attacks and exploits that take advantage of flaws within the TCP/IP protocol, such as IP address spoofing, which involves altering the address information in network packets to make them appear to come from a trusted IP address. Stateful inspection firewall: This type of firewall keeps track of the network connections that network applications are using. When an application on an internal system uses a network connection to create a session with a remote system, a port is also opened on the internal system. This port receives network traffic from the remote system. For successful connections, packet filter firewalls must permit incoming packets from the remote system. Opening many ports to incoming traffic creates a risk of intrusion by unauthorized users who abuse the expected conventions of network protocols such as TCP. Stateful inspection firewalls solve this problem by creating a table of outbound network connections, along with each session’s corresponding internal port. Then this state table is used to validate any inbound packets. This stateful inspection is more secure than a packet filter because it tracks internal ports individually rather than opening all internal ports for external access. Application-proxy gateway firewall: This firewall acts as an intermediary between internal applications on a Linux system that attempt to communicate with external servers such as a web server. A web proxy receives requests for external web pages from web browser clients running inside the firewall and relays them to the exterior web server as though the firewall was the requesting web client. The external web server responds to the firewall, and the firewall forwards the response to the inside client as though the firewall was the web server. No direct network connection is ever made from the inside client host to the external web server. Application-proxy gateway firewalls have some advantages over packet filter firewalls and stateful inspection firewalls. First, application-proxy gateway firewalls examine the entire network packet rather than only the network addresses and ports, which enables these firewalls to provide more extensive logging capabilities than packet filters or stateful inspection firewalls. Another advantage is that application-proxy gateway firewalls can authenticate users directly, whereas packet filter firewalls and stateful inspection firewalls normally authenticate users on the basis of the IP address of the system (that is, source, destination, and protocol type). Given that network addresses can be easily spoofed, the authentication capabilities of application-proxy gateway firewalls are superior to those found in packet filter and stateful inspection firewalls. The advanced functionality of application-proxy gateway firewalls, however, results in some disadvantages compared with packet filter or stateful inspection firewalls: Because of the full packet awareness found in application-proxy gateways, the firewall is forced to spend significant time reading and interpreting each packet. Therefore, application-proxy gateway firewalls generally aren’t well suited to high-bandwidth or real-time applications. To reduce the load on the firewall, a dedicated proxy server can be used to secure less time-sensitive services, such as email and most web traffic. Application-proxy gateway firewalls are often limited in terms of support for new network applications and protocols. An individual application-specific proxy agent is required for each type of network traffic that needs to go through the firewall. Most vendors of application-proxy gateways provide generic proxy agents to support undefined network protocols or applications. Those generic agents, however, tend to negate many of the strengths of the application-proxy gateway architecture; they simply allow traffic to tunnel through the firewall. Most firewalls implement a combination of these firewall functionalities. Linux systems are no different. Many vendors of packet filter firewalls or stateful inspection firewalls have also implemented basic application-proxy functionality to offset some of the weaknesses associated with their firewalls. In most cases, these vendors implement application proxies to provide better logging of network traffic and stronger user authentication. Nearly all major firewall vendors have introduced multiple firewall functions into their products in some manner. In a large organization, you may also have to isolate smaller internal networks from the corporate network. You can set up such internal firewalls the same way that you set up Internet firewalls.