security

USB stick encryption using Linux

by

If you were to ever lose your USB stick, all data stored on it will be lost. More importantly, your USB stick may end up in the hands of some other person, which will have access to your private files, and use that information in any way they please. This is one of many fears of USB stick users. One of the simplest solutions to this dilemma is to keep only non-private information on the USB stick. Obviously, this would defeat a primary purpose for the storage device.

Another solution is to encrypt your USB stick so it will be accessible only to those users who possess the correct password which will fit to decrypt the USB stick’s encryption. This article will deal with the second solution and that is encryption of a USB stick device. Although encrypting an USB stick seems to be the best and easiest solution, it must be said that it also comes with number of disadvantages. The first disadvantage is that decryption of the USB key must be done using a Linux system that has the dm-crypt module installed.

In other words, you cannot use your encrypted USB stick on any Windows machine and UNIX-like system with older kernels. Therefore, to encrypt only a part of the USB stick which holds only private information seems to be a good solution. In this article, we will go through the step by step instructions of encrypting part of a USB device on Linux. Read on to see how it’s done.

In this tutorial you will learn:

  • How to install cryptsetup on major linux distros
  • How to partition a USB stick
  • How to encrypt a USB stick partition
  • How to mount encrypted partition

Read more

How to reset Kali Linux root password

by

It’s possible to reset Kali Linux password in the event that you are no longer able to login to the root user account. This happens if you haven’t logged in for a while and have since forgot Kali Linux password. In case you have not already tried, the default Kali password for root user is toor (root backwards) on VMWare and live images. Try logging in with this password before resetting the Kali Linux password.

Read more

How to configure Certificate Authority on Ubuntu/Debian

How to configure Certificate Authority on Ubuntu/Debian

by

A Certificate Authority plays a vital role in ensuring and verifying secure connections between clients and servers. When you try to connect to a remote server – let’s say a website, for example – how does your system know that it is connecting to the right place? After all, there is nothing stopping any rogue system from claiming itself as a website which it is actually not. This is where certificate authority servers come into play, by helping our client system verify that we are connecting to the intended server. This particular example is in the context of a website connection, so would involve the HTTPS protocol, but certificate authorities can also be used to authenticate other types of connections, such as VPN.

Read more

Install firewalld on CentOS Linux system

by

firewalld is a front-end for the built in netfilter firewall on Linux systems. The main advantage of firewalld over using raw nftables/iptables commands is that it’s easier to use, especially for more complex firewall features like timed rules. In this regard, it’s similar to the uncomplicated firewall (ufw) that comes installed by default on Ubuntu systems.

On CentOS, firewalld is the default firewall interface and should already be installed on your system. In this guide, we’ll take you through the installation of firewalld on CentOS, which includes some basic usage commands so you can get started managing the firewall.

In this tutorial you will learn:

  • How to install and update firewalld
  • firewalld basic usage commands

Read more

Advanced Firewall Management with nftables: Transitioning from iptables

Advanced Firewall Management with nftables: Transitioning from iptables

by

nftables is the successor to iptables on Linux systems, and has since become the default firewall. If you have not yet transitioned over to nftables, you are missing out on improved performance, easier command syntax, and an overall simpler way to manage firewall rules. In this tutorial, you will learn how to transition to nftables from iptables commands. To do so, we must become familiar with how nftables differs from iptables from a functional standpoint, as well as the new command syntax for configuring rules. The iptables command can still be used on most systems, but it is now linked to a tool that translates the input to equivalent nftables rules, before handing the configuration off to nftables for enforcement.

Read more

Ubuntu 22.04 Enable full disk encryption

by

The best way to keep your Ubuntu 22.04 system and files completely secure in the case of theft is to enable full disk encryption. This way, if your device is stolen or someone is sitting at your desk and trying to boot into your PC, they will need to know your password in order to mount any partitions. Even if they access the hard drive content through other means, all files would be encrypted and no one could read their contents.

Read more

How to fix: The requested nginx plugin does not appear to be installed

How to fix: The requested nginx plugin does not appear to be installed

by

Encountering an error stating “the requested NGINX plugin does not appear to be installed” can be a stumbling block when setting up or configuring your web server. This issue often arises during the installation of Let’s Encrypt SSL certificates using Certbot or when configuring certain modules within NGINX. Fortunately, with a systematic approach, this problem can be resolved efficiently.

Read more

Setting Up a Linux Intrusion Detection System with AIDE

Setting Up a Linux Intrusion Detection System with AIDE

by

An intrusion detection system (IDS) is an important security tool for system administrators. Its purpose is to notify us whenever it detects that a potential intrusion has occurred. When an attacker compromises a system, one of the first things they will usually do is attempt to change file permissions, attempt to escalate to the root user account, or start modifying system files. The IDS is configured to monitor for these changes and make us aware of them if they occur.

Read more

How to disable/enable SELinux on Ubuntu 20.04 Focal Fossa Linux

by

The objective of this article is to install, enable and disable SELinux on Ubuntu 20.04 Focal Fossa Linux.

WARNING
Make sure that you know what you are doing! Ubuntu offers AppArmor as an alternative to SELinux. While SELinux is available on Ubuntu, it is rather in an experimental stage and most likely will beak your system if set to enforcing mode. In case you must use SELinux, make sure to disable AppArmor first. Also set SELinux first to permissive mode and check your logs for potential issues before you enable enforcing mode. If needed, you can always disable selinux and revert back to AppArmor.

In this tutorial you will learn:

Read more

Encrypting and Decrypting Files and Directories on Linux Using mcrypt

Encrypting and Decrypting Files and Directories on Linux Using mcrypt command

by

Encryption is a crucial aspect of securing sensitive information on your Linux system. One of the tools you can use for this purpose is mcrypt, which provides symmetric encryption and decryption capabilities. This guide will walk you through the process of using mcrypt to encrypt and decrypt files and directories on Linux, covering a range of options and examples.

Read more

How to backup your data with Kopia on Linux

How to backup your data with Kopia on Linux

by

When talking about backup solutions, on Linux we are spoiled for choice: in the previous tutorials, for example, we talked about creating  encrypted and efficient backups with Borg and Restic. Kopia is another free and open source alternative to those applications: it is written in Go, and it is able to create secure backups, both to local filesystems and to cloud-based storage services like Amazon S3, Azure Blob Storage, Backblaze B2 and Google Cloud Storage. Unlike Borg and Restic, Kopia comes also with an officially supported GUI interface: KopiaUI.

Read more