NTP : Network Time Protocol: Install NTP server on Linux machines

Network Time Protocol: Install NTP server on Linux machines

NTP or Network Time Protocol is a very important service that is used to keep the system time accurate. NTP service is used to synchronize time on all local servers with respect to a designated server called, NTP server. That NTP server itself syncs time from a public NTP server.

NTP synchronized systems clocks are synchronized upto millisecond precision. Most big organizations have NTP servers for managing time for their IT infra. In this tutorial, we will learn to install & configure NTP server on CentOS & Ubuntu machines.

Installation

We need to install a package named ‘ntp’ on the machine which will be configured as NTP servers. To install ntp on the CentOS/RHEL servers, open terminal & run the following command,

$ sudo yum install ntp

For Ubuntu systems, execute the following command from the terminal,

$ sudo apt-get install ntp

Now start the ntp service & enable it for boot time with the following commands,

$ sudo systemctl start ntpd

$ sudo systemctl enable ntpd

Configuration

After we have installed the ntp server, we will now configure it & first thing we need is the address for public ntp servers closest to us or at a desired location. To get the list of all the ntp server, goto the following url,

http://www.pool.ntp.org/zone/@

& select the ntp server of your choosing. We will now make the server entries in ntp configuration file i.e. ‘/etc/ntp.conf’. For this tutorial, we will be using the ntp servers from North Ameraica/United states,

$ sudo vim /etc/ntp.conf

server 0.us.pool.ntp.org

server 1.us.pool.ntp.org

server 2.us.pool.ntp.org

server 3.us.pool.ntp.org

Also enable logging to troubleshoot any issues with ntp, to do this make the entry for following line in the same file,

logfile /var/log/ntp.log

Save the file & exit. Restart the ntp service to implement the changes made,

$ sudo systemctl restart ntpd

Now to make sure that our ntp server is synchronized with the public ntp server, run the following command from the terminal,

$ ntpq –p

This command will show complete information for time sync between local ntp server & public nt server.

Note:- If using firewall on the system, make sure that UDP port 123 is open for ntp to work. Open the ntp port with the following command,

$ firewall-cmd –add-service=ntp –permanent

$ firewall-cmd –reload

Configuring a local client

Once our local ntp server is ready, we will configure it on Linux client machine. But before we do that, we need to make sure that our local ntp server is available for synchronizing time on local network. Open the ntp server & make an entry for following line on ntp.conf,

$ sudo vim /etc/ntp.conf

# Hosts on local network are less restricted.

restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

Here, 192.168.1.0 is the local network. Now restart the ntp service after saving the file & login to client machine on which ntp will be configured.

Similarly as we did on ntp server, we also need to install ntp service on client machine as well. After the service has been installed, open the file ‘ntp.conf’ & add the ntp server IP address to the bottom of the file (its 192.168.1.100 in our case),

$ sudo vim /etc/ntp.conf

server 192.168.1.100

Now restart the ntp service after saving the file. That’s it, our ntp client server is configured & will now sync the time from our local ntp server instead of internet or other sources.

Note:- We can also run the following command to update the time manually on client machine from our local ntp server,

$ ntpdate 192.168.1.100

That’s it guys, with this we end our tutorial on how to install & configure ntp server.

Linux Directory : Reference guide to Linux Directory structure

Reference guide to Linux Directory structure

When we install a Linux distribution we see that a number of directories are created. These created directories may be same or partially different on various Linux distributions. You might know about the directory structures & what purpose they serve. For those of you who don’t know about the Linux directory structure or have partial knowledge or just want to relook on Linux directory structure & its usage, this article will act as a reference guide.

We will start out this article with the Linux directories/partitions that are must for every Linux system & are required for Linux system to work properly. These partitions are ‘/’ (root), ‘/boot’, ‘/swap’. Though the ‘/’ (root), ‘/boot’ partitions are absolutely required but a system might work without swap partition, but its recommended that we have one for our Linux system. So let’s start out with these Linux partitions & their purpose,

Linux Directory structure

‘/’ (root) – / or root partition is one of the most important partition for a Linux machine. This is the partition where all other Linux partitions are. So this is the basis of Linux directory structure.

‘/boot’- Another important partition, boot partition contains all the startup files, kernel files & VMLinuz. In the recent, new Linux distribution, it also holds the Grub data as well.

‘/swap’- Swap partition acts as a virtual memory/RAM for the system & is used when your system runs out of the physical RAM. Though usually it’s a separate partition, we can also use a file to act as swap space.

These are the minimum partitions that are required to run a Linux system. Below mentioned are other partitions in Linux directory structure,

‘/root’- This is the home directory/partition for the administrative user i.e. root.

‘/home’- This is the directory that contains the home directory for all users other than super user root.

‘/etc’- This partitions holds all the important configuration files for the system. Once can also compare this partition to control panel on Windows system.

‘/bin’- This directory contains the common programs that are shared among administrative users, common users & the system.

‘/sbin’- contains all the programs that are used by system & system administrator.

‘/initrd’- This directory contains the system library files, files for the system that are needed by system or other programs to run.

‘/mnt’- this directory acts as a default mount point for all external devices like usb storage device, CD-DVD rom etc.

‘/opt’- Its used as installation folder for extra software & 3^rd party softwares.

‘/var’- This folder is the default storage for all the variable files created by users, like log files, mail queue etc. This folder also contains some temporary files.

‘/proc’- This virtual file system contains complete information regarding the system resources.

‘/tmp’- This partition acts as a temporary space for use by the system. Files are stored temporarily on this partition & are cleaned upon every reboot.

‘lost+found’- Every partition has a lost+found directory in its upper directory. This serves as a storage for those files that were saved during failures.

‘/usr’ – This partition mainly has all documentation to user- related programs. It also contains some user-related programs & libraries.

‘/misc’- This partition is used by system for miscellaneous purposes.

This is our article that will act as reference guide for Linux directory structure.

User & Group management : Complete Beginner’s Guide

One of the major work of a System Administrator is User & Group Management. We have to create new users & groups, delete old ones, providing users access to a group or folder etc etc. So, in this tutorial, we will learn how we can manage users & groups.

Linux systems have two types of users, general/normal user and root/super user . While general users have limited access to the Linux system, root users have access to anything & everything on the Linux system.

When a user is created a group with the same user name is also created. Every user has its own home directory, for user root its /root & for general users its located in /home/. Records with all the user information for all the users is maintained in /etc/passwd file & records for all the groups are kept /etc/group.

Let’s discuss these files in brief before we discuss the commands for user & group management.

/etc/passwd

This file contains list of all users with every line of the file containing information regarding single user. Format for each line is

Username:x:UID:GID:Comment:Home Directory: Default shell

Here, x is password for the user in encrypted form (stored in /etc/shadow file)

UID, is the user id

& GID is the group id for the user.

/etc/group

Just like /etc/passwd, it contains information for groups with each line having information for single group. Format for entries in this file is

Group name:x:GID:members

Where, x again means password in encrypted format.

Now let’s discuss commands for user & group management.

USER Management

Below mentioned are the commands that are used for user management,

Purpose                                                              Command

• Adding a user                                               useradd dan
• Assigning password to user                       passwd dan
• Changing home directory for user             useradd dan –d /home/new
• Setting expiry for user                                 useradd dan –e 2017-11-25
• Addding inactive period before expiry      useradd dan –f 2
• Changing default shell                                useradd dan –s /bin/sh
• Removing user                                             userdel dan
• Removing user with home directory         userdel –r dan

We can also modify default settings of a user after it has bee added with usermod command

• Setting expiry for user                      usermod –e 2017-11-25 dan
• Changing home directory                 usermod –d /home/new dan
• Changing default shell                      usermod –s /bin/sh dan
• Locking an account                           usermod –L dan
• Unlocking a locked account             usermod –u dan

Group Management

Following are the commands for managing groups

• Adding a group                                  groupadd  linuxgroup
• Adding user to group                        usermod –aG linuxgroup dan
• Changing owner & group of a file    chown dan:linuxgroup newfile.txt
• Changing only owner of a file          chown dan: newfile.txt
• Changing only group of a file          chown :linuxgroup newfile.txt
• Deleting a group                               groupdel linuxgroup

This completes our tutorial on user & group management. 

How to Install and Enable OpenSSH on Ubuntu 17.04, Ubuntu 16.04

Before we proceed on how to install and enable OpenSSH on Ubuntu 17.04, Ubuntu 16.04, first we need to understand what OpenSSH (a fork of free SSH) is.

OpenSSH (also known as OpenBSD Secure Shell) is a connectivity tool that enables remote login via the SSH protocol, hence eliminating eavesdropping, connection hijacking, and other attacks. It helps to secure all network communications by encrypting all network traffic over multiple authentication methods through a secured tunnel.

The OpenSSH suite consists of the following tools:

• Remote operations are done using ssh, scp, and sftp.
• Key management with ssh-add, ssh-keysign, ssh-keyscan, and ssh-keygen.
• The service side consists of sshd, sftp-server, and ssh-agent.

OpenSSH Key Features

• Offers strong cryptography (AES, ChaCha20, RSA, ECDSA, Ed25519…)
• Supports X11 forwarding (which also encrypts X Window System traffic)
• Port forwarding (encrypted channels for legacy protocols)
• Strong authentication (public keys, one-time passwords)
• Agent forwarding
• Interoperability
• SFTP client and server support in both SSH1 and SSH2 protocols
• Optional data compression
• See list for full details

The most recent release is OpenSSH 7.5 and its mainly bugfix release

Install OpenSSH on Ubuntu 17.04, Ubuntu 16.04

Now lets proceed with how to install and enable OpenSSH

How to enable root password

• First you need to ensure the root password is enabled if not already done, by running the following commands

sudo passwd root
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

Install OpenSSH on Ubuntu

• Next we need to install openssh server / client on ubuntu by running the following commands on terminal

su - #enter your root password
sudo apt-get install openssh-server openssh-client

• Now start and enable SSH service by running following commands

systemctl start sshd
systemctl enable ssh.service

• Last step is to open up the ssh firewall port

ufw allow ssh
ufw reload

Configure OpenSSH Server

• To configure OpenSSH, you need to edit the file “sshd_config” located in “/etc/ssh”

sudo gedit /etc/ssh/sshd_config

• There are quite a few config settings in there but for the purpose of this tutorial, we will enable the following settings for a basic setup

 Port 22                    # Tells sshd on what port to listen on
 AddressFamily any          # sshd listens on either IPv4 or IPv6 or both interface
 ListenAddress 0.0.0.0      # Tells sshd to listen on all ip address
 PermitRootLogin no         # For security, allows set this to no
 MaxAuthTries 6             # To prevent DDOS attack, set the desired value to restrict the number of tries allowed during login
 MaxSessions 10             # This sets the maximum number of simultaneous connections
 PasswordAuthentication yes # This will enforce key-based if set to no and ask passwords if set to yes

• Save changes and reload sshd for changes to take effect

systemctl reload sshd

Test run OpenSSH setup

• For purpose of testing to see if this works as expected, we will enable ssh root access temporary but in a production setup, DO NOT enable it.
• Edit the file “sshd_config” located in “/etc/ssh” and change “PermitRootLogin without-password” to “PermitRootLogin yes“
• Restart the SSH server

sudo service ssh restart



or

systemctl reload sshd

• Run the command to connect to it

ssh root@localhost



 

Ubuntu 17.04 (rc.local) : ubuntu 17.04 /etc/rc.local set

Configure /etc/rc.local in ubuntu 17.04

Due to systemd , the default /etc/rc.local not exists in ubuntu 17.04 .

If you want to make /etc/rc.local execute at the boot time.


You need create a service /etc/systemd/system/rc.local.service

[Unit]
Description=/etc/rc.local Compatibility
ConditionPathExists=/etc/rc.local

[Service]
Type=forking
ExecStart=/etc/rc.local start
TimeoutSec=0
StandardOutput=tty
RemainAfterExit=yes
SysVStartPriority=99

[Install]
WantedBy=multi-user.target

And create a file /etc/rc.local

#!/bin/sh
echo  deadline > /sys/block/sda/queue/scheduler

Enable and start service, then check it status

systemctl enable rc.local.service

systemctl start rc.local.service

systemctl status rc.local.service

How To Display Asterisks When You Type Password In terminal

When you type passwords in a web browser login or any GUI login, the passwords will be masked as asterisks like ******** or bullets like •••••••••••••. This is the built-in security mechanism to prevent the users near you to view your password. But when you type the password in Terminal to perform any administrative task with sudo or su, you won’t even the see the asterisks or bullets as you type the password. There won’t be any visual indication of entering passwords, there won’t be any cursor movement, nothing at all. You will not know whether you entered all characters or not. All you will see just a blank screen!

Look at the following screenshot.

As you see in the above image, I’ve already entered the password, but there was no indication (either asterisks or bullets). Now, I am not sure whether I entered all characters in my password or not. This security mechanism also prevents the person near you to guess the password length. Of course, this behavior can be changed. This is what this guide all about. It is not that difficult. Read on!

Display Asterisks When You Type Password In terminal

To display asterisks as you type password in Terminal, we need to make a small modification in “/etc/sudoers” file. Before making any changes, it is better to backup this file. To do so, just run:

sudo cp /etc/sudoers{,.bak}

The above command will backup /etc/sudoers file to a new file named /etc/sudoers.bak. You can restore it, just in case something went wrong after editing the file.

Next, edit “/etc/sudoers” file using command:

sudo visudo

Find the following line:

Defaults env_reset

Add an extra word “,pwfeedback” to the end of that line as shown below.

Defaults env_reset,pwfeedback

Then, press “CTRL+x” and “y” to save and close the file. Restart your Terminal to take effect the changes.

Now, you will see asterisks when you enter password in Terminal.

If you’re not comfortable to see a blank screen when you type passwords in Terminal, the small tweak will help. Please be aware that the other users can predict the password length if they see the password when you type it. If you don’t mind it, go ahead make the changes as described above to make your password visible (masked as asterisks, of course!).

And, that’s all for now. More good stuffs to come. Stay tuned!