Tips

Here are some quick notes on how I installed letsencrypt certificates on a couple of my old Fedora servers. This is meant to get you started fairly quickly especially if you know how to install web servers on Linux systems. While there is a client already available for Fedora 23, I found that on older versions, the apache plugin for letsencrypt does not work. For instance, when you run the command:

./letsencrypt-auto --apache -d mydomainname.com, you get an error like:

The apache plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError()

For earlier versions, you need to install the manual way i.e. generate a certificate. While that’s a few steps from the easy and automated promise of lets encrypt, you still can’t beat the price tag of Free!

Pull the sources for letsencrypt:

git clone https://github.com/letsencrypt/letsencrypt


Change to directory:

cd letsencrypt

Run the following command, and ofcourse replace the string mydomain.com with your domain:

./letsencrypt-auto certonly --standalone --agree-tos --email joe@mydomain.com -d mydomain.com

NOTE: For multiple domains, just add ‘-d mydomain.net’
Get help by running:

./letsencrypt-auto --help

If all goes well, you should see a congratulatory message, with the location of your free certificate chain! Use this in apache or nginx configuration

Keep in mind that the certificates are only vailid for three months, and you will need to do this again.

As systemd becomes the default method of handling services in all major Linux distributions, below are some quick and easy-to-remember commands that will make you look like a pro.

systemctl

• check for all running units
  systemctl
  TIP: To show all units, including in-active ones:
  systemctl list-unit-files

• Check for failed units
  systemctl --failed

• Start, stop, restart units
  systemctl start postfix.service
systemctl restart postfix.service
systemctl stop postfix.service

• Check status of a specific unit
  systemctl status mysqld.service
  TIP: Use -l for detailed status

• Enable or disable services
  systemctl enable firewalld.service
systemctl disable NetworkManager.service
TIP: If you disable a service, and it still runs,
  systemctl mask NetworkManager.service
  Use ‘unmask’ to restore it

• See if a specific unit is enabled
  systemctl is-enabled iptables.service

• Create a snapshot – useful for testing various targets
  systemctl snapshot example.snapshot
  TIP: To activate it:
  systemctl isolate example.snapshot


• Reboot/poweroff/suspend your machine
  systemctl reboot
systemctl poweroff
systemctl suspend

• Change current target – i.e. runlevel
  systemctl isolate graphical.target

• To list current target
  systemctl list-units --type=target

systemd

• See which units take a long time to start during boot up
  systemd-analyze blame
  TIP: You can plot the boot up using:
  systemd-analyze plot

• See when a unit started and how long it took
  systemd-analyze critical-chain

journalctl

• Create a running log like ‘tail -f /var/log/messages’
  journalctl -f -o cat --no-pager

• Running log for a specific unit
  journalctl -f -o cat --no-pager -u httpd.service

• See boot messages – like ‘dmesg’
  journalctl -b

Manage remote systems:
systemctl status sshd -H root@1.2.3.4

For detailed instructions on these and more commands, man as always is your best friend.

With most Linux distros now using GNOME 3.10+, here are a few commands on changing the look and feel of your desktop using gsettings. Other CLI methods exist such as the popular GNOME tweak tool and Dconf.

Add apps to favorites bar
$ gsettings set org.gnome.shell favorite-apps "['google-chrome.desktop', 'evolution.desktop', 'nautilus.desktop', 'libreoffice-writer.desktop', 'libreoffice-calc.desktop', 'firefox.desktop', 'gnome-terminal.desktop', 'vlc.desktop', 'jitsi.desktop', 'gedit.desktop', 'gcalctool.desktop']"

Change show date and clock format
$ gsettings set org.gnome.desktop.interface clock-show-date true
gsettings set org.gnome.desktop.interface clock-format '12h'


Change background picture
$ gsettings set org.gnome.desktop.background picture-uri 'file:///usr/share/backgrounds/gnome/Sandstone.jpg'

Those are just but a few of the settings available for you to tweak. To see all of them, type:
$ gsettings list-keys .

I have been converting some of my old VirtualBox images to KVM, which is the virtualization standard in Linux.

Its really easy, although, if you run into booting issues of the converted image, the last tip here will save you some time.

To convert from VirtualBox to KVM, look for your VDI images.

qemu-img convert -f vdi -O qcow2 [VBOX-IMAGE.vdi] [KVM-IMAGE.qcow2]

e.g. qemu-img convert -f vdi -O qcow2 FreeBSD-7.2.vdi FreeBSD-7.2.qcow2

You can now import the converted image using virt-manager or the CLI tool virt-install.

In Virtual Machine Manager, go to Disk 1 >> Advanced options and change ‘Storage format’ to qcow2.

This prevents boot errors like ‘boot failed: not a bootable disk’ when you launch the VM.

Recently, I was tasked to write a backup program for a small office. A key requirement was that the portable backup drive they are using needed to be encrypted since it would have to be ferried off site on a daily basis. The idea was that, if the drive fell in the ‘wrong hands’ during transportation, the client’s data would be secure. With encryption, I was able to meet this need.
I thought I would break the silence with a how-to on encryption using the Linux command line interface – not exciting but quite necessary these days.

Encrypting data in Linux is very simple, and I would highly recommend it for such things as USB flash and portable hard disks. Most Linux distributions come with an encryption tool called cryptsetup.
If you do not have it , install it using yum or apt-get depending on your package manager. For Red hat based distros, use

# yum install cryptsetup

As always, you need to backup your data before you proceed. I will assume you have already created a new partition on your device e.g. /dev/sdX1. If you need to partition, refer to the venerable ‘fdisk’ utility

Create the encrypted volume

# cryptsetup -v -y luksFormat /dev/sdX1
Confirm that you want to proceed by typing “YES”
Enter your passphrase when prompted. You will be asked to verify it
Once you have created the encrypted volume, you can proceed to format it

# cryptsetup luksOpen /dev/sdX1 mydata
# mkfs.ext3 /dev/mapper/mydata
Here you can choose other file formats such as FAT32, EXT4 etc

Create a mount point

# mkdir /mnt/mydata

Mount the new volume

# mount /dev/mapper/mydata /mnt/mydata
You can then write your data to the mounted and encrypted volume at /mnt/mydata

To close the volume

# umount /dev/mapper/mydata
# cryptsetup luksClose mydata

Note: if you are using a desktop such as GNOME, you will be prompted for a passphrase every time you insert the disk, so you do not have to mount the disk manually, but then again, we are talking about the command line here!

That’s it for now

Like many parts of Africa, SMS messages in Uganda continue to play a big role in the way people communicate. For the majority, the mobile phone is the first tech device and as such the use of SMS messages to send information in bulk and real time makes it ideal in fields such as health. As a Linux administrator, this is something you can do at little or no cost.

I thought, I would share these GSM SMS/WAP gateways available for Linux

1.Kannel: By far the most widely used open source software. It can be used to serve the established user base with SMS capable handsets as well as the early adopters with their WAP terminals. Learn more at:
Kannel
2.SMS Server Tools: SmsTools
3.PointSMS: an easy-to-use program that enables you build your own SMS gateway. Learn more at PontSMS

Setting up an SMS gateway using Linux is fairly easy, and if you use kannel for example, you will be able to send and receive bulk SMS messages in no time. I have tested Kannel with our local mobile operators like Uganda Telecom, and it works pretty well using your typical 3G modem dongles, like Huawei E220, and E173s.

If you are interested in instructions on how to install and configure the server… drop me a comment.

Using the Gnome interface, its pretty easy to adjust the volume of running audio based applications i.e. Go to sound Preferences >> Applications Tab. When using the Command Line interface (CLI) on the other hand, Its not that straight forward.

At the command prompt, run the following command:
pactl list | grep -A16 ‘Sink Input’ | more

The above command will give you details of your running streams or in ‘pulseaudio speak’ Sink Inputs (go figure). Take note of the Index number of the Sink Input you wish to control.

To control the volume of your application:
To mute: pactl set-sink-input-mute [sink Index no.] 1
To unmute: pactl set-sink-input-mute [sink Index no.] 0
To set Volume: pactl set-sink-input-volume [sink Index no.] 65535 (0-65535)