root@debian:~$ dpkg --get-selections > /root/package-selections
wiki.debian.org
Tag: ubuntu
What’s your favourite desktop and why?
In response to Voice of the Masses
My favourite Desktop is Unity because it is not MATE. This has been bugging me for quite some time.
Like almost everyone else on the planet, I was unhappy when in 2011 Canonical declared Unity Ubuntu’s new default desktop. After years of using GNOME 2, I just thought that Unity felt a bit awkward. But I stuck with it, mainly for a perceived lack of alternatives and my wish to avoid PPAs if at all possible.
Fast-forward a few years and, thanks to the excellent Martin Wimpress, I hear of MATE Desktop Environment almost every other podcast I listen to. With the release of Ubuntu 15.10, MATE is finally elevated to official flavour status and I was sure to be making the switch away from Unity.
I ended up using MATE for about one day before going back to Unity. It was quite an uncomfortable thing to have to admit, but there was a problem: After years of using Unity, I just thought that MATE felt a bit awkward…
ubuntu-mate.org
Remove packages that are no longer needed
user@ubuntu:~$ sudo apt-get autoremove
help.ubuntu.com
Copy public key to ssh server
user@ubuntu:~$ ssh-copy-id user@123.45.56.78
askubuntu.com
Executing Linux commands in the background using screen
The screen command allows you to detach a running process from a session and then reattach it at a later time. Its use is simple:
user@debian:~$ screen yourlinuxcommand
Now that yourlinuxcommand is executing, press Ctrl+A followed by D to detach the screen.
Obtain a list of all the running screen processes:
user@debian:~$ screen -ls
There is a screen on:
18470.pts-0.server(02/03/14 10:03:43) (Detached)
1 Socket in /var/run/screen/S-user.
Note the screen id in the above output. Use the screen id to reattach the session at anytime:
user@debian:~$ $ screen -r 18470.pts-0.server
Canonical’s ticking time clock
“Ubuntu could have stayed relevant if Canonical hadn’t tossed aside its user base to pursue Unity and tablets.” Barbara Hudson shares her doubts about Canonical’s apparent strategy for Ubuntu.
www.linuxinsider.com
Redirecting mail for the local root user
postfix is Ubuntu’s default mail transfer agent (MTA) and can be configured to deliver mail using a relay host that requires SMTP authentication. Get the necessary packages with the following command:
user@ubuntu:~$ sudo apt-get install postfix bsd-mailx
Begin to configure your postfix installation by choosing satellite system as the general type of configuration. Enter the local machine name as the mail name (eg mycomputer.edafe.org) and the SMTP server address of your email service provider as the SMTP relay host (eg smtp.relayhost.com). Edit the file /etc/postfix/main.cf and add the following:
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
Create the file /etc/postfix/sasl_passwd and make the following entries:
smtp.relayhost.com user:password
Substitute smtp.relayhost.com with the address of the SMTP relay host and user:password with your login details. Continue by executing the following three commands:
user@ubuntu:~$ sudo chown root.root /etc/postfix/sasl_passwd
user@ubuntu:~$ sudo chmod 600 /etc/postfix/sasl_passwd
user@ubuntu:~$ sudo postmap hash:/etc/postfix/sasl_passwd
Instruct postfix to reload its settings with the following command:
user@ubuntu:~$ sudo /etc/init.d/postfix reload
Making changes to the alias table
The aliases table provides a system-wide mechanism to redirect mail for local recipients. Edit the file /etc/aliases to contain the following entries:
postmaster: root
root: localuser
localuser: user@yourdomain.com
The localuser is the system administrator. Substitute user@yourdomain.com with the email address that you would like mail for the root user to be redirected to. Finally, update /etc/aliases.db using the following command:
user@ubuntu:~$ sudo newaliases
Mail for the local root user from now on will automatically be forwarded to user@yourdomain.com , using smtp.relayhost.com as the relay host.
www.postfix.org, help.ubuntu.com
Monitoring hard disks with smartmontools
SMART stands for Self-Monitoring, Analysis and Reporting Technology and is built into most modern hard disks. The smartd daemon is part of smartmontools and monitors a disk’s SMART data for any signs of hardware problems. SMART is available with Parallel and Serial ATA disks, drives appearing as either /dev/hd* or /dev/sd*, respectively. Use the following command to obtain relevant information for your system:
user@ubuntu:~$ df -hl
If required, start by configuring postfix to redirect mail for the local root user. Get the necessary packages with the following command:
user@ubuntu:~$ sudo apt-get install smartmontools bsd-mailx
Configuring smartd
Edit the file /etc/smartd.conf and comment out any lines beginning with DEVICESCAN. If you are using a netbook or a laptop, add the following line for the smartd daemon to monitor the device /dev/sda:
/dev/sda -a -d ata -n standby -o on -S on -m root -M daily -M test
If you are using a desktop or a server, add the following line for the smartd daemon to monitor the device /dev/hda:
/dev/hda -a -d ata -n never -o on -S on -s (L/../../7/04|S/../.././02) -m root -M daily -M test
See man smartd.conf for more information on how to tailor the operation of smartd to your needs.
Starting smartd
Edit the file /etc/default/smartmontools and uncomment the line containing start_smartd=yes. Restart the smartd daemon with the following command:
user@ubuntu:~$ sudo /etc/init.d/smartmontools restart
Verify that the local root user has received a test message from the smartd daemon. From now on, the smartd daemon will monitor the disk and, in the event of impending disk failure, alert the local root user by email.
Desktop Linux for the Windows power user
“As a lifelong Windows user, system builder, ex-gamer, and performance freak, I’m not drinking anyone’s Kool-Aid. I just want the most amount of control over my system as possible, and at this point in time, Ubuntu is the best follow-up to Windows XP.” Adam Overa walks the Windows user through the Ubuntu installation process from downloading the CD image to finding help online.
www.tomshardware.com
Ubuntu Linux is for everyone
Ubuntu is a relatively new flavour of Linux. Since the release of ‘Warty Warthog’ in October 2004, it has become the most popular Linux distribution worldwide. Similar to its parent, Debian GNU/Linux, Ubuntu is based entirely on free software. It inherits outstanding package management and provides one-click access to thousands of downloadable applications. Ubuntu 8.10 (Intrepid Ibex) is the latest version and available for download from today.
www.ubuntu.com
Switch to Ubuntu Linux not Apple Mac OS
“Umpteen number of reports have been published telling people why they should consider switching to the Mac OS now that Vista has failed.” Prosenjit Bhattacharyya suggests Ubuntu as another alternative.
prosenjit23.wordpress.com
Hardy Heron makes Linux worth another look
“If you’ve flirted with the idea of switching your desktop operating system to Linux but never took the leap, the time is now.” Kevin Purdy highlights key features of the latest Ubuntu Long Term Support (LTS) release.
lifehacker.com
Monitoring hard disks with smartmontools
This post has been updated.
Allowing other users to run sudo
user@ubuntu:~$ sudo adduser username admin
Editing configuration files with nano
There are many different tools that you can use to edit configuration files. Because of its simplicity, I personally like to use Nano:
user@ubuntu:~$ sudo nano /path/to/the/file
You can change the default settings for nano by editing its configuration file. For example, to stop nano from wrapping text simply make the following changes to /etc/nanorc:
## Don't wrap text at all.
set nowrap
Enabling the root account
Consider the implications of enabling the root account, and then proceed with:
user@ubuntu:~$ sudo passwd root
To disable the root account again, use the following command:
user@ubuntu:~$ sudo passwd -l root
Changing default permissions
Change the default permissions for your installation by editing the value for umask in /etc/profiles and /etc/login.defs.
lists.ubuntu.com
Redirecting mail for the local root user
This post has been updated.
Public/private key authentication with SSH
Updated 09/10/2016
SSH is a protocol that enables secure logins over a network. It supports the use of asymmetric encryption for user authentication. Private keys are kept locally, while public keys are stored on the remote machine.
On the local machine
Use the following command to generate a new key pairs for the local user schmidt:
schmidt@exhaustpiano:~$ ssh-keygen -t ed25519 -o -a 100schmidt@exhaustpiano:~$ ssh-keygen -t rsa -b 8192 -o -a 100
Use an appropriate passphrase to secure the private key (don’t be tempted to use an empty passphrase).
Deploy the public key with the following command:
schmidt@exhaustpiano:~$ ssh-copy-id schmidt@pizzaposition
On the remote machine
Delete any unused host keys with the following command:
root@pizzaposition:~$ rm /etc/ssh/ssh_host_dsa_key* /etc/ssh/ssh_host_ecdsa_key* /etc/ssh/ssh_host_rsa_key*
Create the group ssh-users with the following command:
root@pizzaposition:~$ addgroup --system ssh-users
Add the local user schmidt to the group ssh-users:
root@pizzaposition:~$ adduser schmidt ssh-users
# HostKeys for protocol version 2HostKey /etc/ssh/ssh_host_ed25519_keyHostKey /etc/ssh/ssh_host_rsa_key
# Specify allowed key exchange algorithms
KexAlgorithms curve25519-sha256@libssh.org# Specify the ciphers allowed for protocol version 2
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128
gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
# Specifiy the available MAC (message authentication code) algorithms
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256
etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128
etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac
128@openssh.com
# Logging
LogLevel VERBOSE
# HostKeys for protocol version 2HostKey /etc/ssh/ssh_host_ed25519_keyHostKey /etc/ssh/ssh_host_rsa_key
RSAAuthentication no
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no
ClientAliveInterval 15
MaxStartups 3:60:20
UsePAM noUseDNS no
Restart the SSH server on the remote machine with the following command:
root@pizzaposition:~$ systemctl restart ssh.service
Setting these options will make root logins impossible. Only users belonging to the group ssh-users may establish a connection. Access is strictly tied to the private key and the passphrase used to encrypt it. Using the private key stored on exhaustpiano, local user schmidt should now be able to remotely log into pizzaposition:
schmidt@exhaustpiano:~$ ssh pizzapositionEnter passphrase for key '/home/schmidt/.ssh/id_ed25519':Last login: Sun Oct 9 15:51:15 2016 from 12.34.56.78schmidt@pizzaposition:~$
For more in-depth information, please see stribika’s post-Snowden advice on hardening OpenSSH server installations.
stribika.github.io
The book SSH The Secure Shell by Daniel Barrett, Richard Silverman and Robert Byrnes is still useful today and has information on other clever stuff you can do with SSH.
Open Source Ubuntu
“Ubuntu has been the most popular distro of Linux since 2005, and since I made the switch last year those tearful evenings in front of the computer screen have become a distant memory.” Becky Hogges describes how Ubuntu has put a smile back on her face.
www.opendemocracy.net