Install and Use Firewalld in CentOS / RHEL - Step by step process to implement it ?
This article covers method to Install and Use Firewalld in CentOS in order to increase the security of your Linux system. Note that the host-based firewall like firewalld is recommended by compliances like PCI DSS.
FirewallD is a complete firewall solution that manages the system's iptables rules and provides a D-Bus interface for operating on them. Starting with CentOS 7, FirewallD replaces iptables as the default firewall management tool.
Firewalld services are predefined rules that apply within a zone and define the necessary settings to allow incoming traffic for a specific service.
How to install Firewalld on CentOS?
Firewalld is installed by default on CentOS 7, but if it is not installed on your system, you can install the package by running the command:
$ sudo yum install firewalld
Firewalld service is disabled by default. You can check the firewall status with:
$ sudo firewall-cmd --state
If you just installed or never activated before, the command will print not running. Otherwise, you will see running.
To start the FirewallD service and enable it on boot type:
$ sudo systemctl start firewalld
$ sudo systemctl enable firewalld
To open HTTP and HTTPS ports add permanent service rules to the dmz zone:
$ sudo firewall-cmd --permanent --zone=dmz --add-service=http
$ sudo firewall-cmd --permanent --zone=dmz --add-service=https
Make the changes effective immediately by reloading the firewall:
$ sudo firewall-cmd --reload
Zones provided by FirewallD:
1. drop: All incoming connections are dropped without any notification. Only outgoing connections are allowed.
2. block: All incoming connections are rejected with an icmp-host-prohibited message for IPv4 and icmp6-adm-prohibited for IPv6n. Only outgoing connections are allowed.
3. public: For use in untrusted public areas. You do not trust other computers on the network, but you can allow selected incoming connections.
4. external: For use on external networks with NAT masquerading enabled when your system acts as a gateway or router. Only selected incoming connections are allowed.
5. internal: For use on internal networks when your system acts as a gateway or router. Other systems on the network are generally trusted. Only selected incoming connections are allowed.
6. dmz: Used for computers located in your demilitarized zone that have limited access to the rest of your network. Only selected incoming connections are allowed.
7. work: Used for work machines. Other computers on the network are generally trusted. Only selected incoming connections are allowed.
8. home: Used for home machines. Other computers on the network are generally trusted. Only selected incoming connections are allowed.
9. trusted: All network connections are accepted. Trust all of the computers in the network.
Install and Use Veracrypt on Ubuntu 20.04 - Step by Step process to do it ?
This article covers how to Install and Setup VeraCrypt on Ubuntu 20.04. VeraCrypt, a fork of TrueCrypt, is a free and open source on-the-fly disk encryption (OTFE) tool.
Main features offered by VeraCrypt include:
1. Creates a virtual encrypted disk within a file and mounts it as a real disk.
2. Encrypts an entire partition or storage device such as USB flash drive or hard drive.
3. Encrypts a partition or drive where Windows is installed (pre-boot authentication).
4. Encryption is automatic, real-time(on-the-fly) and transparent.
5. Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted.
6. Encryption can be hardware-accelerated on modern processors.
7. Provides plausible deniability, in case an adversary forces you to reveal the password: Hidden volume (steganography) and hidden operating system.
To Install VeraCrypt Using DEB binary Package on Ubuntu:
Debian/Ubuntu packages for VeraCrypt are also available for download on download’s page. However, as of this writing, there is not available a binary package for Ubuntu 20.04 yet. As such, we using binary package for Ubuntu 19.04.
Note that the installers are also available, both for GUI and console based installations.
To install console-based VeraCrypt;
wget https://launchpad.net/veracrypt/trunk/1.24-update4/+download/veracrypt-console-1.24-Update4-Ubuntu-19.10-amd64.deb
Then install it;
$ dpkg -i veracrypt-console-1.24-Update4-Ubuntu-19.10-amd64.deb
To install GUI based;
$ wget https://launchpad.net/veracrypt/trunk/1.24-update4/+download/veracrypt-1.24-Update4-Ubuntu-19.04-amd64.deb
Next, use APT package manager to ensure that any would-be dependency is dealt with automatically:
$ apt install ./veracrypt-1.24-Update4-Ubuntu-19.04-amd64.deb
You can uninstall GUI based VeraCrypt by executing;
$ apt remove --purge veracrypt
$ apt autoremove
Use Speedtest CLI to Test Internet Speed on Ubuntu 20.04 - How to perform this task ?
This article covers how to install and use the Speedtest CLI utility to test your Internet speed while using Ubuntu 20.04.
To check my Internet speed in Ubuntu:
1. Open the Ubuntu Terminal by pressing Ctrl+alt+T or through the Dash.
2. Then enter the command to install python:
$ sudo apt-get install python-pip
Once python is successfully installed, use the command to install the speedtest-cli tool:
$ sudo pip install speedtest-cli
The tool will be installed in your system.
To check Your Internet Speed:
Run the following command to test your internet speed:
$ speedtest-cli
To share Internet Speed Test Results:
The speedtest-cli also lets you share your internet speed by providing a link on the speedtest.net website through the following command:
$ speedtest-cli --share
Automatically Empty the Trash in Ubuntu 20.04 - How to do this ?
This article covers how to install Autotrash on Ubuntu system. With Autotrash, you can automatically delete the files residing in the Trash based on the conditions you specified.
trash-cli is a command-line interface to the trash-can used by Linux Systems.
The trash-cli is present in repositories of most of the Linux Distributions.
To remove Autotrash from Ubuntu:
Run the command:
$ sudo snap remove autotrash-unofficial
Change Host Name on Ubuntu 20.04 - How to perform this task ?
This article covers both the CLI and GUI based methods of changing the hostname on Ubuntu 20.04.
To change the hostname on Ubuntu Linux:
1. Type the following command to edit /etc/hostname using nano or vi text editor: $ sudo nano /etc/hostname. Delete the old name and setup new name.
2. Next Edit the /etc/hosts file: sudo nano /etc/hosts.
3. Reboot the system to changes take effect: sudo reboot.
To change the hostname on Ubuntu:
1. To change the hostname invoke the hostnamectl command with the set-hostname argument followed by the new hostname.
2. Only the root or a user with sudo privileges can change the system hostname.
3. The hostnamectl command does not produce output.
To change the localhost hostname (static name in the hostname file)?
1. You can also set the static hostname manually by editing /etc/hostname .
2. This file contains exactly one line by default.
3. If you have not changed the hostname yet, then that line probably reads localhost. localdomain .
To display the current Ubuntu hostname:
Simply type the following command:
$ hostnamectl
To change Ubuntu LTS hostname permanently:
1. Type the hostnamectl command :
$ sudo hostnamectl set-hostname newNameHere
2. Delete the old name and setup new name.
3. Next Edit the /etc/hosts file:
$ sudo nano /etc/hosts
Replace any occurrence of the existing computer name with your new one.
4. Reboot the system to changes take effect:
$ sudo reboot
To change hostname on Ubuntu without a system restart:
1. Let us see current setting just type the following command:
$ hostnamectl
2. Next change hostname from localhost to linuxapt, enter:
$ hostnamectl set-hostname linuxapt
3. Verify new changes:
$ hostnamectl
Install ClamAV Anti-Malware Protection on Ubuntu 20.04 - How to do this ?
This article covers how to install and configure ClamAV and ClamTK to scan for malware on Ubuntu 20.04.
There aren't many viruses made for Linux distributions and as such, most people who use such systems don't even bother using antivirus software.
Those however who do want to be able to scan their system or other Windows-based systems that are connected to a Linux PC through a network can use ClamAV.
ClamAV is an open-source anti-virus engine that is built to detect viruses, trojans, malware, and other threats.
It supports multiple file formats (documents, executables, or archives), utilizes multi-thread scanner features, and receives updates for its signature database at least 3-4 times a day.
To ClamAV Antivirus on Ubuntu:
The first step is to install and get the latest signature updates. To do this on Ubuntu, you can open a terminal and insert "sudo apt-get install clamav" and press enter.
$ sudo apt install clamav
You may also build ClamAV from sources to benefit from better scanning performance.
To update the signatures, you type "sudo freshclam" on a terminal session and press enter.
$ sudo freshclam
Now we are ready to scan our system.
To do this, you can use the "clamscan" command.
This is a rich command that can work with many different parameters so you'd better insert "clamscan –-help" on the terminal first and see the various things that what you can do with it:
$ clamscan –-help
To Update ClamAV Signature Database:
1. Stop the ClamAV process:
$ systemctl stop clamav-freshclam
2. Manually update the ClamAV signature database:
$ freshclam
3. Restart the service to update the database in the background:
$ systemctl start clamav-freshclam