Simple iptables Rules for Ubuntu/ Debian VPS

  • 0

Simple iptables Rules for Ubuntu/ Debian VPS

Get Social!

The following iptables rules are are a starting point to add basic firewall security to a public facing server, such as a public VPS. The primary focus is to stop any inbound traffic other than SSH, which is required for shell access.

The biggest issue with public VPS providers is that often some iptables features are disabled – many OpenVZ container providers don’t allow state checking in iptables, for example. If you’ve got one of these VPS’s you’ll likely see the following error:

These rules are engineered so that they will work with most VPS’s where iptables is installed.

The following rules will block all incoming connections except SSH, including PING requests. Outgoing is open for HTTP and HTTPS TCP requests and DNS UDP requests.

See the links at the bottom of the page for a more in depth look at iptables rules.

If you’re using Ubuntu, you can easily make the rules persist:

 


  • 1

Install DataStax Cassandra 3 on Debain/ Ubuntu

Get Social!

datastax-logoThe following process will install the DataStax distribution of Cassandra on any Debian based system, such as Debian or Ubuntu. We’ll use the official DataStax apt repositories to install Cassandra using apt-get.

Cassandra is written in Java and the latest version (at the time of writing) of Cassandra requires Java 8. You can use either OpenJDK or visit my Oracle Java post on installing the Oracle distribution of Java 8.

Once you have Java 8 installed and confirmed you can continue to install Cassandra. Use java -version on the command line to check your Java version.

Install DataStax Cassandra 3.4

Note: You can use the simple Bash script to install Java 8 and a single instance of Cassandra found here.

The first step to installing Cassandra with apt is to add the DataStax Cassandra repository and repository key to your local apt list. Run the following command to add the required repository and update your local apt cache. Change the version 3.4 on the first line to match the version you’d like to install.

Once you’re updated then run the install command and begin the Cassandra install.

Debian’s policy is for software to be available locally after the install has completed and therefore your Cassandra instance will be running as a single stand alone node.

You can run the nodetool to check the install has completed and that the Cassandra instance is available.

The next step is to configure your Cassandra instance by editing the yaml config file /etc/cassandra/cassandra.yaml but that’s a blog post for another day.


  • 0

Start Ubuntu Without Starting The Gnome Desktop (text mode)

Get Social!

If you’ve installed a desktop, such as Gnome, on Linux you may not need it all the time. Some of the time taken to boot your machine when you first turn it on is used by loading the GUI and everything that comes with it. In addition, once it’s loaded it will consume resources such as RAM.

Once you install a desktop such as Gnome, especially on Ubuntu/ Debian, the default is to boot your computer into the GUI.

You could set the desktop not to load by default so that you’re presented with a terminal login screen on boot.console-login

You can then load the desktop, such as Gnome, if you need to or just use the terminal if you don’t.

To disable the Desktop on boot you’ll need to edit the grub config file and edit the GRUB_CMDLINE_LINUX_DEFAULT parameter.

GRUB_CMDLINE_LINUX_DEFAULT will likely be quiet splash and you’ll need to change that to quiet splash text.

Save and close the file.

The last step is to run the update-grub command to update the grub bootloader config.

Your computer will now always boot in text mode, that is, without a desktop.

Start the Desktop

If you ever want to start the desktop, log in to the terminal session with your user name and password and run the following:

 


  • 0

How To Fix A Full /boot Partition on Linux

Get Social!

full-boot-mountUtilities such as apt-get generally install kernel updates by adding the new kernel to the Linux boot list and set it as the default. This means that the next time the system boots, the new kernel will be loaded. The problem is that the old kernel is still there (just incase the new one doesn’t work, you’ve got a fall back!), and the kernel before that, and the kernel before that…

The current 3.x kernel for Ubuntu is around 20MB so it doesn’t take long for the kernel updates to fill a tiny 200-or-so-Mb boot partition where they are stored.

The good news is that it’s easy to clear out the old updates, but it’s important to not remove the latest one that you’re using.

Which Kernel am I Running?

It’s quick and easy to see which kernel version you are running. Use the uname command with the -a switch and pay attention to the version numbers reported.

This shows that you’re using version 3.19.0-47.

List Currently Installed Kernels

Next you’ll need to list the kernel packages that are currently installed so that you can remove any outdated ones to free up the space on the /boot partition.

Run the below dpkg command to list the installed kernel packages and their versions.

dpkg-kernel-package-listThe above output shows several versions of kernel that are all taking up space on the /boot partition however we only really need the current running version given by the above uname -a command. It’s a good idea to keep the last 2 kernels just incase you notice an issue down the line, but the above list is quite excessive.

Remove Unused Kernel Packages to Free Space on /boot

Once you’ve identified your current kernel and the kernel packages you have installed it’s time to remove the ones you don’t need.

Using apt-get enter the package names of the kernel packages to remove.

If you get an error running this command then see the next section.

note: the above screenshot of the installed packages cropped the full version name – it’s missing the generic part. You can use tab completion with the apt-get command, or use an asterisk after the version number to remove the required package. 

Errors Removing Packages

If you get an error warning about dependencies similar to the below then you may need to manually remove a few kernel packages to free up some space.

The problem here is that the original update failed to install the latest version of the kernel (version 3.19.0-49-generic in this case) and apt-get doesn’t like doing anything else until that problem has been resolved.

First we need to free up some space. Carefully delete 2 of the older kernel packages with a command similar to the below, but with old version numbers from your system returned by the above section List Currently Installed Kernels.

Check and double check this command because there’s no going back once it’s ran! It’s perfectly safe to do as long as you are using old version numbers that you’re no longer using.

You can now run apt-get to complete the original upgrade now that it has the space. This will remove the error when trying to remove the unused kernel packages in the above section.

Now go back to the above section and remove the old kernel packages that you no longer need.


  • 0

Download Oracle Java From The Terminal With wget

Get Social!

java-logoOracle have a very restrictive license that applies to most of their software downloads which prohibits you from distributing the binaries yourself. What this means, for example, is that you could not download the Java binaries and upload them to your own APT repository for others to use.

There are a few workarounds that exist to help making this install easier, but here we’re going to look at downloading the Java runtime environment (JRE) binaries and installing them all from a command line.

Use wget to download the binaries, so make sure that’s available on your system. If it isn’t, simply apt-get install wget.

One of the important things to note is that the Java version changes over time and therefore the links and commands below may need to be changed to ensure you’re always getting the latest version. Check out the Java Download Page to make sure you have the latest.

I’m using an minimal version of Debian that doesn’t have the worlds Certificate Authorities installed and therefore wget gives me an error:

The fix is to either install the correct CA certificate on the machine or add the no-check-certificate switch to wget to avoid checking the certificate:

Once you have the Java archive downloaded you’ll need to create a target folder and extract the downloaded archive with tar:

The last couple of steps are to tell your OS to use the Java binaries you’ve just moved into place.

Running anything in Java, or using the -version switch should now use your newly installed binaries.

 

 

 


  • 0

Installing MariaDB on Ubuntu

Category : How-to

Get Social!

mariadb-logoMariaDB is termed a drop in replacement for MySQL – that means that you can deploy MariaDB without changing all of your client applications as MariaDB is compatible with most MySQL features and commands.

MariaDB was forked from MySQL when Oracle took over Sun Microsystems in 2010 and was born of the fear that Oracle would not adhere to the development ethos that was used by Sun. I discuss this in more detail in my blog post on MySQL alternative. There are a few gotchas with the new versioning system used by MariaDB and I’d recommend reading the blog post to familiarise yourself.

MariaDB has not yet made it into Ubuntu’s main repositories but is available as an add-in repository from MariaDB directly.

Installing MariaDB on Ubuntu couldn’t be easier – follow one of the below instructions for your version of Ubuntu.

Install MariaDB 10 on Ubuntu 14.04

Use the below commands to add the MariaDB repository to your Ubuntu 14.04 installation.

Run the following commands to install MariaDB.

Install MariaDB 10 on Ubuntu 12.04

Use the below commands to add the MariaDB repository to your Ubuntu 14.04 installation.

Run the following commands to install MariaDB.

Install a different version of MariaDB or a use a different target operating system

MariaDB supports all common Linux distributions and they maintain a repository for each. You can see the full list of distro repositories on their repository configuration tool.


Visit our advertisers

Search

Visit our advertisers