Once upon a time, disk space was at a premium (in fact, most compute resources were). Many times, companies and educational institutions provided access to systems via a shell (telnet or SSH) to their employees or students. Since those resources were at a premium, they had to be divided amongst the users in various forms. The most common resource that required strict controls was disk space. Even today, you may need to occasionally limit the disk space (or number of files) that a user account can use. It is one of those system administration functions that is used less often, but it is an important topic to understand (and is one of the objectives on the recently launched LPIC-1: System Administrator – Exam 1 Certification Prep Course here at Linux Academy). Let’s take a look at some of what goes into restricting disk space for your user community. (more…)
October 2016 saw several DDoS (Distributed Denial of Service) attacks of unprecedented magnitude and impact. When I am impacted by such things, I’m always a little irritated. “Well, if I were administering that (network|data center|server),” I tell myself, “this would never have happened.”
But let’s be real. I can’t say that. Not with any degree of certainty, anyway, and most certainly not without a LOT of hubris. Even with the best centralized logging and diligent engineering teams, during events like the October 2016 attack, any analysis or determination of causality will likely be post-mortem. Mitigation measures have proven themselves effective to varying degrees, but they all have one thing in common: they’re reactive, not proactive. (more…)
In our last article, we took a look at some of the most common compliance regulations that affect IT organizations and their cloud stratagem. Understanding the requirements around compliance can help to inform your cloud infrastructure plans, but is only part of the equation. Today, I want to talk about how the recently announced (AWS re:Invent 2016) AWS Shield can help organizations put some of the complex issues into perspective in a more comprehensive policy. (more…)
Compliance, in general, continues to be of heavy concern to most information technology organizations. The regulations tend to be “under-understood” and understanding their impact to your organization (both from a time, cost and personnel perspective) can be challenging, particularly as they apply to organizations migrating to the cloud. Today, we are going to take a look at some of the most common compliance regulations for information technology, while in a future article we will explore some of the protections and options we have when moving to the cloud. (more…)
Everyone has heard of Docker and the container revolution it has sparked. Using Docker to containerize server applications has revolutionized how applications are deployed in the Enterprise, due to increased speed and consistency without regard to underlying distribution or architecture. However, not many are really looking at how Docker can improve your desktop experience as much as your server deployments. Let’s take a look at some Docker desktop containers for popular applications and why we might use them. (more…)
A key part of SELinux is understanding and using SELinux contexts. Everything on your system contains a context, and these contexts are used to determine which users, applications and services have access to which files, directories and applications. Even without an understanding of detailed policy creation, most SELinux users can manage their systems through using and altering contexts. (more…)
Movements like HTTPS Everywhere are working to get all sites on HTTPS. Google is one of the major backers of this movement and will eventually mark all regular HTTP sites as insecure by default in their Chrome browser (see more here). It is important that everyone secure their websites so we can all enjoy a safer Internet.
This is where Let’s Encrypt comes in. From https://letsencrypt.org/about/: “Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. Let’s Encrypt is a service provided by the Internet Security Research Group (ISRG).” This means that anyone can request and receive a free SSL certificate to enable secure HTTP traffic. Now that there is no cost needed to receive a certificate, everyone can and should enable HTTPS on their websites.
This guide walks you through the basics of getting and applying a Let’s Encrypt SSL certificate to an existing web server. It assumes you already have the web server ready and the DNS records set appropriately. Since this is a getting started guide, we will stick with the Certbot recommended by Let’s Encrypt. There are many other solutions or you can even create your own. See here for more information on other clients. (more…)
What happens when you turn on a computer system? At the most basic level, we know that the computer’s components power on, and the operating system “boots up” so users have a way of interacting with the systems – whether that is to play games, run a web server, set up in-depth applications or otherwise. But how does a computer know what to boot? If a processor pulls data from the system’s memory, how can it work with a freshly booted computer that does not have any processes within its memory stores? For this, the computer uses a boot loader, which is a small amount of code designed to prepare the system and then pass it to the more complex kernel, which in turn manages the operating system itself. (more…)