Jack Wallen
Author Archives: Jack Wallen
- Home → Author's archive:
Jack Wallen
0
SysLinuxOS: The Go-To Linux for System Administrators
Today’s Linux distributions are plentiful and run the gamut of purposes. There are Linux distributions for those who are new to the open source OS, for gaming, developing, content creation, multimedia, containers, Internet of Things (IoT), edge, routers, firewalls, refrigerators … the list goes on and on. And, of course, there are Linux distributions that are purpose-built for those in IT, such as its site, “SysLinuxOS was built to work right out of the box, with all networking tools already installed by default. There is no need to install anything; it is a Swiss army knife to always carry with us. There are all the major Virtual Private Networks (VPN), several remote control clients, various browsers, as well as Wine, Wireshark, Etherape, Ettercap, PackETH, Packetsender, Putty, Nmap, Packet Tracer 8.2.2, Virtualbox 7.2, Munin, Zabbix-agent2, Icinga, Monit, Nagios4, and tools for serial console and the latest stable liquorix kernel.” At first blush, SysLinuxOS seems to be similar to Tails, only instead of it being targeted at pentesters, it’s more for administrators who need Continue reading
0
How To Deploy a Full-Stack, Containerized Network Infrastructure Visualizer
Your network, be it home or business, is probably quite busy and crowded with devices. On my small home LAN, most Wireshark to see what packets are coming and going so I can ensure nothing nefarious is going on. But as far as network visualizers, I’d yet to come across one that is easy enough to use that it didn’t require an entire morning or afternoon to deploy. When I came across Atlas GitHub page, the container stack is “built with Go, FastAPI, NGINX, and a custom React frontend, it provides automated scanning, storage, and rich dashboards for insight into your infrastructure.” Usually, when I read such a description, I immediately think, “Sounds great, but it also sounds like it’ll be a real pain to deploy.” To my great surprise, Atlas did not Continue reading
0
Build Your Own Private Cloud at Home With Docker
If you’re like me, you depend on a lot of systems and services, even within your home LAN. Because I work from home, that’s amplified to the point where I need certain applications available to me that aren’t hosted by a third party, for flexibility, ease of use, reliability and security. Thankfully, Docker is there to make deploying those apps and services considerably easier; otherwise, I’d wind up having to first deploy a collection of virtual machines (VMs), keep them running and worry about upgrading/managing them efficiently. Yeah, Docker makes this entire process easier. Even better, I can spin up those apps and services in seconds, instead of having to go the traditional route, which can often take quite a bit longer to deploy. But what are the apps and services that I depend on for my LAN to keep me productive? Surprise, surprise: I have a list, and here it is. Nextcloud
0
TrueNAS, a Linux Distro for Low Cost Network-Attached Storage
Network Attached Storage (NAS) is a great way to build out storage for your business. Instead of relying solely on external drives, shared directories or expensive cloud storage, why not deploy a tool that was created specifically for scalable storage? That’s where TrueNAS comes into play. TrueNAS is a take on Linux that is purpose-built for storage and comes with all the NAS capabilities you can imagine. TrueNAS can be installed on off-the-shelf hardware (even small form-factor PCs or virtual machines), so your storage server can be tucked out of the way. This storage solution includes features like: User/group management Alerts SSH connectivity 2-Factor authentication Storage pools Snapshots Disks (and disk importing) Support for directory services such as Active Directory, LDAP, NIS, and Kerberos Sharing via Apple Shares, Block Shares, UNIX Shares, WebDAV, and SMB Service management Plugins Jails Virtual Machines Shell access The installation of TrueNAS is all text-based but is incredibly simple to take care of and takes very little time. With minimal configuration work for the installation, I had an instance of TrueNAS up and running within about 2 minutes. The only thing you need to do is set a root password during the installation, which is Continue reading
0
What Is the Future of the .io Domain?
The .io domain was originally created for the British Indian Ocean Territory but eventually became popular with the tech sector, for obvious reasons. Part of the reason for this is that ‘io’ is similar in appearance to I/O (aka input/output), which is why the tech sector started gobbling up the .io domains. There were issues soon after the creation of the domain that had to do with the distribution of profit. A lot of app developers use the .io domain. The New Stack uses the .io domain. It’s everywhere. But there’s a problem, and it’s one that could have a cascading effect within the realm of the tech sector. What has happened is that the
0
Git: Set Up a Local Repository Accessible by LAN
A Git repository simplifies the sharing of code to a team. Many teams opt to go the GitHub route but there might be an occasion when you need to spin up a quick repository that is only available to those team members working on your LAN. When you need to deploy a Git repository on your LAN and you need to give other team members access to it, the goal is to do it quickly and securely. Thanks to git and Secure Shell (SSH), this isn’t nearly as challenging as you might think. And although this setup might not be an option for team members who work outside of your LAN, it’s great for a temporary repository offered to those within your company network. How does it work? Let me show you. What You’ll Need To make this work, you’ll need the following: A Linux machine with Git installed. An SSH key pair. A user with sudo privileges (if the minimum requirements aren’t installed). That’s it. Let’s make some Git magic. Installing Git On the off-chance Git isn’t installed, here’s how you can take care of that: Ubuntu-based distributions – sudo apt-get install git -y Fedora-based distributions – sudo dnf Continue reading
0
AlmaLinux: Deploy a DHCP Server for Your Internal Network
Chances are pretty good you already have a DHCP server on your network. DHCP stands for
0
Linux: Mount Remote Directories With SSHFS
The Secure Shell (SSH) isn’t just about allowing you to remote into servers to tackle admin tasks. Thanks to this secure networking protocol, you can also mount remote directories with the help of the SSH File System (SSHF). SSHFS uses SFTP (SSH File Transfer Protocol) to mount remote directories to a local machine using secure encryption, which means the connection is far more secure than your standard FTP. As well, once a remote directory is mounted, it can be used as if it was on the local machine. Consider SSHFS to be a more secure way of creating network shares, the only difference is you have to have SSHFS installed on any machine that needs to connect to the share (whereas with Samba, you only have to have it installed on the machine hosting the share). Let’s walk through the process of getting SSHFS up and running, so you can securely mount remote directories to your local machine. What You’ll Need To make this work, you’ll need at least two Linux machines. These machines can be Ubuntu or Fedora-based, because SSHFS is found in the standard repositories for most Linux distributions. You’ll also need a user with Continue reading
0
Install NordVPN on Linux for an Added Layer of Security
By default (and design), Linux is one of the most secure operating systems on the planet. That doesn’t mean, however, that you can or should assume that the out-of-the-box experience gives you all the security you need. I tend to assume this: If a computer is attached to a network, it’s vulnerable. You should always keep that in mind when considering the security of the desktop or server you are using and you should take any means possible to protect the data within and the data you transmit and receive. At this point, you’ve probably heard of virtual private networks (VPNs). They’re everywhere. Of course, the VPNs of today aren’t exactly the same as the ones we used years ago. Back in the day, when you needed to connect to your company network (to access various resources), you connected to a VPN, and your local computer was treated as if it was a part of the remote network. Although those types of VPNs are still in use across the globe, the type of VPN most people talk about today is more about privacy and security. What Modern VPNs Do Essentially, a modern VPN hides your IP address and Continue reading
0
Samba Network Shares for RHEL-Based Linux Distributions
At some point, you’re going to have a Linux server that includes directories that various users, developers, admins, or clients need to access from your network. If you depend on Linux, your best bet for this is Samba. Samba is the Linux implementation of the
0
OpenSpeedTest: Check the Speed of your LAN via Web Browser
Imagine you’re developing an application for your internal network that requires a certain network speed to function properly. You could open a web browser and point it to one of the many network speed tests on the market but I’m sure you know what that does… it tests your connection to the outside world. What if you’re looking to test the speed of your LAN itself? OpenSpeedTest comes in. OpenSpeedTest is a free, open source HTML5 network performance estimation tool that doesn’t require any client-side software or plugin to function. Once deployed, the tool can be accessed from a standard, modern web browser. Even better, OpenSpeedTest can be deployed with Docker. It uses a combination of NGINX and Alpine Linux to use very little resources on your Docker server. You can run OpenSpeedTest with or without
0
Create a Samba Share and Use from in a Docker Container
Overview This article provides a step-by-step guide on how to create a Samba share from within a Docker container using Ubuntu Server as the host operating system. The tutorial covers two main topics: Installing and configuring Samba on an Ubuntu server Install Samba with sudo apt-get install samba -y Start and enable the Samba service Set a password for users who will access the share Creating a persistent Docker volume mapped to the Samba share: Create a new group and add users to it, setting permissions accordingly Create a persistent Docker volume with docker volume create –opt type=none –opt o=bind –opt device=/data public Deploying an NGINX container using the Docker volume: Mount the Docker volume to the /usr/share/nginx/html directory in the NGINX container Run a new NGINX instance with docker run -d –name nginx-samba -p 8090:80 -v public:/usr/share/nginx/html nginx Testing the setup: Verify that the index.html file is served correctly from the Samba share The article concludes by noting that this setup may not be suitable for production environments, but it can be useful for development or internal services/apps. Key takeaways: Install and configure Samba on an Ubuntu server Create a persistent Docker volume mapped to a shared directory Continue reading
0
TrueNAS SCALE Network Attached Storage Meets High Demand
TrueNAS SCALE might not be a distribution on the radar of most cloud native developers, but it should be. Although TrueNAS SCALE is, by design, a network-attached storage solution (based on Debian), it is also possible to create integrated virtual machines and even Linux containers. TrueNAS SCALE can be deployed as a single node or even to a cluster. It can be expanded with third-party applications, offers snapshotting, and can be deployed on off-the-shelf hardware or as a virtual machine. Gluster for scalable ZFS features and data management. You’ll find support for KVM virtual machines, Kubernetes, and Docker. Even better TrueNAS SCALE is open-source and free to use. Latest Release Recently, the company launched TrueNAS SCALE 22.12.1 (Bluefin), which includes numerous improvements and bug fixes. The list of improvements to the latest release includes the following: SMB Share Proxy to provide a redirect mechanism for SMB shares in a common namespace. Improvements to rootless login. Fixes to ZFS HotPlug. Improved Dashboard for both Enterprise HA and Enclosure management. Continue reading
0
Install Calico to Enhance Kubernetes’ Built-in Networking Capability
Calico, from network software provider Tigera, is a third-party plugin for Kubernetes geared to make full network connectivity more flexible and easier. Out of the box, Kubernetes provides the NetworkPolicy API for managing network policies within the cluster. The problem many Kubernetes admins find (especially those new to the technology) is that network can quickly become a rather complicated mess of YAML configurations, where you must configure traffic ingress and egress properly, or communication between Kubernetes objects (such as pods and containers) can be difficult. That’s where the likes of Flannel, which cannot configure network policies. With Calico, you can significantly enhance the Kubernetes networking configuration. Take, for instance, the feature limitations found in the default NetworkPolicy, which are: Policies are limited to a single environment and are applied only to pods marked with labels. You can only apply rules to pods, environments, or subnets. Rules can only contain protocols, numerical ports, or named ports. When you add the Calico plugin, the Continue reading
0
Primer: How XDP and eBPF Speed Network Traffic via the Linux Kernel
Every so often, however, a new buzzword or acronym comes around that really has weight behind it. Such is the case with XDP (eBPF programming language to gain access to the lower-level kernel hook. That hook is then implemented by the network device driver within the ingress traffic processing function, before a socket buffer can be allocated for the incoming packet. Let’s look at how these two work together. This outstanding example comes from Jeremy Erickson, who is a senior R&D developer with Sebastiano Piazzi on
0
TAYGA: Bridge an IPv6 Network Back to IPv4 using NAT64
Every network admin on the planet knows this dirty little secret: We’re running out of IPv4 addresses. This was an inevitability, given how wide-spread the network and network devices have become. Even on your LAN, you sometimes have to use subnetting, simply because you’ve found the devices on your massive enterprise network have gobbled up all the 192.68.1.x addresses. It’s a problem. Which is why IPv6 was developed. IPv6 offers a larger pool of addresses from which to use. The problem is that IPv6 isn’t nearly as easy to employ as IPv4. After all, 192.168.1.1 is much easier to remember than 0:0:0:0:0:ffff:c0a8:101. But what’s a network administrator to do? Migrate all of those servers and various hardware devices from IPv4 to IPv6? In theory, yes, that is exactly what should happen. However, that’s not nearly as easy as one would like to think it would be. After all, you might have hundreds upon hundreds of devices and numerous locations. On top of which, there’s always that pesky DNS that must be updated (which could equate to downtime). Oh, and let’s not forget that IPv6 is not backward compatible with IPv4. Why was this decision Continue reading
0
How to Protect Your Virtual Meetings from Zoombombing
Imagine, if you will, you’re participating in a Eric Yuan has put a freeze on feature updates, in order to address the security issues. Zoom’s promise was to address the problem within the next 90 days, when Yuan said, “Over the next 90 days, we are committed to dedicating the resources needed to better identify, address, and fix issues proactively. We are also committed to being transparent throughout this process. We want to do what it takes to maintain your trust.” Another writer for The New Stack, Jennifer Riggins Continue reading
0
WireGuard VPN Protocol Coming to a Linux Kernel Near You
The coming to the Linux kernel, much to the delight of Linux creator “Can I just once again state my love for it and hope it gets merged soon? Maybe the code isn’t perfect, but I’ve skimmed it, and compared to the horrors that are OpenVPN and IPSec, it’s a work of art,” Torvalds enthused, on the OpenVPN). Another reason WireGuard is special is how it functions. Unlike the more complex competition, WireGuard functions in a similar fashion to SSH — by exchanging public keys. Once the keys have been exchanged and the connection made, there’s no need to manage connections or daemons, or be concerned about state or what’s going on under the hood. For those that are interested in what’s going on under the hood, WireGuard makes use of the Curve25519, Poly1305, SipHash24, Jason Donenfeld’s prettysleepy1 from
0
Netflix Discovers Severe Kubernetes HTTP/2 Vulnerabilities
Taking a look at how the internet’s HTTP/2 protocol works, Netflix engineers discovered CVE-2019-9512 Ping Flood. This enables an attacker to send continual ping requests to an HTTP/2 peer, causing the peer to create an internal queue of responses. When this happens a server’s CPU and memory can be consumed, which can lead to a denial of service. already issued patches that are found in the following builds: Continue reading