Look status:

# systemctl status firewall

# firewall-cmd --state

running

View zones:

# firewall-cmd –list-all

public (active)

target: default

icmp-block-inversion: no

interfaces: eth0

sources:

services: dhcpv6-client ssh

ports: 8081/tcp 53/udp 53/tcp

protocols:

masquerade: no

forward-ports:

source-ports:

icmp-blocks:

rich rules:

It is seen that the open service: ssh (22/TCP),dhcpv6-client and ports 8081/tcp 53/udp 53/tcp, a Protocol is required without this the command will not be accepted

Allow connection to a specific port (for example 1732 ) is very simple:

# firewall-cmd --add-port=1732/tcp

# firewall-cmd --runtime-to-permanent

The second command will overwrite the Active settings to the saved and agreeme at boot

To remove a port from the rules, use the –remove-port parameter:

# firewall-cmd --remove-port=1732/tcp

# firewall-cmd --runtime-to-permanent

In General, many –add-* commands have values for checking the status of –query-*, –list-* — list, changing –change -*, or deleting –remove the corresponding value. For brevity, we will not continue to focus on this. After reload rules check:

# firewall-cmd --list-ports

Firewalld provides a mode that allows you to block all connections with a single command:

# firewall-cmd --panic-on

To check which mode the firewall is in, there is a special key:

# firewall-cmd --query-panic

Panic mode is disabled:

# firewall-cmd --panic-off

It is not necessary to know which port is associated with the service in firewalld, just specify the name of the service. The utility will take care of the rest. After installing firewall knows the settings of more than 50 services, we get a list of them.

# firewall-cmd --get-services

Allow http connection:

# firewall-cmd --add-service=http

Using braces, you can specify multiple services at once. Information on the settings of the services available through

# firewall-cmd --info-ser

Debian

One of the most universally compatible Linux distributions. it is long-term in support and the very first distribution. It has a graphical shell GHOME. From its advantages can be distinguished

• The presence of a modern Linux kernel
• Extra large package storage
• Big Tracking System
• Great support for architectures (x86, x64, ARM)

CentOS

Every third user of Linux will select this operating system. Absolutely all software products designed for work and support of the Linux environment will work in CentOS.

• Ensuring installation in UEFI Secure Boot mode on supported hardware
• Very easy transition to systemd, firewalld and GRUB2
• Very reliable server solution

Ubuntu

This operating system is the best solution for openStack public clouds. Today, many users for their personal computers use this particular operating system. The main advantages can be distinguished

• This operating system can always be easily downloaded, use is very simple, and configurations are easy
• It is one of the safest operating systems due to the fact that it has a built-in firewall and anti-virus software
• It is interesting that Ubuntu has been translated into more than 50 languages ​​of the world, and is available to many users
• In support of servers, Ubuntu is one of the most popular systems, because of its simplicity, reliability and security systems

FreeBSD

This distribution includes a security group that controls all of this software. A wide selection of additional applications and programs is installed by pkg packages or by compiling code. The main advantages can be distinguished

• Due to licensing, much of FreeBSD, the coded has become an integral part of other operating systems, such as Apple, and the Sony’s PlayStation software system
• FreeBSD has a large set of server software in the base system and a set of ports. This allows you to configure FreeBSD and use it as a mail server, web server, firewall, FTP server, DNS server and router, as well as other applications

KernelCare

KernelCare – the great option for hosting provaiders and businesses. KernelCare runs on Ubuntu, CentOS, Debian, and other popular flavors of Linux. It checks for updates every 4 hours and installs them automatically. Patches can be rolled back. KernelCare is free for nonprofits. To install KernelCare, run the installation script:

wget -qq -O - https://kernelcare.com/installer | bash

If you are using an IP based license, nothing else is required. Otherwise, if you are using a key based license, run the following command to register the service:

/usr/bin/kcarectl --register <your-key>

Where is the registration code string <your-key>provided when signing up for a trial or purchasing a product. You can get it on this page. Below are some useful KernelCare commands. To check if a running KernelCare kernel is supported:

curl -s -L https://kernelcare.com/checker | python

To unregister a server:

sudo kcarectl --unregister

To check the status of the service:

sudo kcarectl --info

The software will automatically check for new patches every 4 hours. To update manually, run:

/usr/bin/kcarectl --update

Canonical Livepatch

Canonical Livepatch is a service that fixes a running kernel without rebooting your Ubuntu system. Livepatch is free to use on three Ubuntu systems. To use this service on more than three computers, you need to subscribe to the Ubuntu Advantage program. Before installing the service, you need to get a livepatch token from the Livepatch service website. After installing the token and enabling the service by running the following two commands:

sudo snap install canonical-livepatch
sudo canonical-livepatch enable <your-key>

To check the status of the service, run:

sudo canonical-livepatch status --verbose

Later, if you want to unregister the machine, use this command:

sudo canonical-livepatch disable <your-key>

The same instructions apply for Ubuntu 20.04 and Ubuntu 18.04.

In the Debian distribution, the root user can only connect using the keys and cannot connect using the password. The configuration file itself may contain settings that may be useful to you depending on the situation. Keys DennyUsers and AllowUsers – Allows you to restrict users and IP from which they can connect. For example, these lines:

DennyUsers login
AllowUsers "root@15.45.78.5,johnn,anny@78.65.55.0/24"

Only root, johnn, anny users can connect. In addition, the root user can only connect with IP 15.45.78.5 and anyy from the 78.65.55.0/24 subnet.

Key Match – Let’s redefine some settings and global restrictions for connections that fall under the filter.

For example:

PasswordAuthentication no
PermitRootLogin no
Match Address 1.2.3.4,9.8.7.6 Host vps12.hostry.com
PasswordAuthentication Yes
PermitRootLogin yes

For connections from addresses 1.2.3.4,9.8.7.6 and from the node vps12.hostry.com will allow you to use a password

X11Forwarding no
Match User John Address 172.16.1.*
X11Forwarding yes

Installation

To install vsftpd, you must enter the following command:

apt-get install vsftpd

Configuration

First you need to open the configuration file using your text editor. This example uses vim

vim /etc/vsftpd.conf

vsftpd allows anonymous users to access the server by default. This feature is considered a serious security vulnerability. To disable, you must enter an anonymous login by changing the following line:

anonymous_enable=NO

To enable local login, uncomment the following:

local_enable=YES

The following command enables the download:

write_enable=YES

Next, you need to save the file and close the text editor. Then run vsftpd as a daemon:

service vsftpd start

This step is final in order to enter the FTP server from your local computer.

Uninstall MySQL server

To get started, run these commands as root or use sudo

service mysql stop
apt-get remove mysql-server mysql-common libmysqlclient18

Install MariaDB

Run the following command

apt-get install software-properties-common

Add MariaDB Store Key

sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xcbcb082a1bb943db

Add MariaDB Repository

sudo add-apt-repository 'deb http://ftp.utexas.edu/mariadb/repo/10.0/ubuntu trusty main'

Install MariaDB

apt-get install mariadb-server libmariadbclient18

Handling Unsatisfied Dependencies

The MariaDB installer may fail (which often happens) with an error, such as this one:

mariadb-server : Depends: mariadb-server-10.0 (specific version) but it is not going to be installed.

This can be frustrating and may not look right. Next, you need to install all the adjacent dependencies. Add g ++ repository to server to resolve libstdc ++ 6 dependency.

Add g ++

add-apt-repository ppa:ubuntu-toolchain-r/test
apt-get update
apt-get install g++-4.9

Pin the MariaDB repository

This is done by creating a file with MariaDB.pref in /etc/apt/preferences.d/ with the contents shown below:

Package: *
Pin: origin <mirror-domain>
Pin-Priority: 1000

Replace the <mirror-domain> that is displayed when accessing the MarizDB repository selection page

In my case, I chose the “University of Dallas”. After updating, the file now has the following contents:

Package: *
Pin: origin http://ftp.udallas.edu/mariadb/repo/10.0/ubuntu
Pin-Priority: 1000

Save the file, upgrade your system.

apt-get update

Now, dependency problems have been resolved. If you use 12.04, then pay attention to the fact (it is important) that there were reports that g ++ was excluded from this version.

Install MariaDB again

apt-get install mariadb-server

Check your installation of MariaDB

service mysql start
mysql -u root -p

Now, you can see the following (or the same) output

Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is XXXX
Server version: 10.0.X


Copyright (c) 2000, 2014, Oracle, Monty Program Ab and others.


Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>

So, after the snapshot recovery period has passed on the new VPS, problems may arise caused by changing the MAC address of the network adapter. Typically, when you change a network adapter, the operating system creates a new network adapter for it. Typically you will see the network adapter on “eth1” (or eth2 if you have a private network enabled).

CentOS

This operating system describes the following steps to correct network configuration after snapshot recovery:

1. First you need to log into your server, this can be done as a consequence of this;
2. Delete the contents of /etc/udev/rules.d/70-persistent-net.rules
3. Open /etc/sysconfig/network-scripts/ifcfg-eth0 and change the content to the following:

DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=dhcp
DNS1=8.8.8.8
NAME="System eth0"

After this three steps, you need to restart VPS

Debian & Ubuntu

This operating system describes the following steps to correct network configuration after snapshot recovery:

1. First you need to log into your server, this can be done as a consequence of this;
2. Delete the contents of /etc/udev/rules.d/70-persistent-net.rules
3. Review the contents of /etc/network/interfaces and update all IP addresses to match the current server.

After this three steps, you need to restart VPS

Add a New User Account

To create a user account, you need to use the adduser command. We recommend using a strong password for the user! An example of a strong password is aoQ7w52!OKvA$Pfz. Next, you can enter values ​​for user information, or press ENTER to leave these fields blank.

# adduser example_user
Adding user `example_user' ...
Adding new group `example_user' (1001) ...
Adding new user `example_user' (1001) with group `example_user' ...
Creating home directory `/home/example_user' ...
Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for example_user
Enter the new value, or press ENTER for the default
        Full Name []: Example User
        Room Number []:
        Work Phone []:
        Home Phone []:
        Other []:
Is the information correct? [Y/n] y

Add User to Sudo Group

You can add a new user to the sudo group using the usermod command

# usermod -aG sudo example_user

Test

Switch to a New user

# su - example_user

Make sure you are the new whoami user, then test sudo access with sudo whoami which should return root

$ whoami
example_user
$ sudo whoami
[sudo] password for example_user:
root

Done!

Linux presents opportunities to work on this platform. They are very numerous, and many of them have been added since their initial release.

Some features will be presented below:

• CAP_KILL: Bypassing permission checks for sending signals to processes
• CAP_SYS_NICE: Enhance the nobility of processes (an explanation of the nobility can be found here)
• CAP_DAC_OVERRIDE: Override discretionary access control, For example, vto bypass the read / write / execute permissions check.

If you enter in the terminal “man 7 capabilities” then more additions and entries will appear

We also want to introduce a list of supported hardware called “Linux Hardware Howto” http://www.ibiblio.org/mdw/%20HOWTO%20/%20Hardware-HOWTO.html

Regarding graphic of programs in this system, there are a lot of them! From simple to powerful editors. We provide the 42 best programs, but in fact, there are many more! http://www.linuxlinks.com/GraphicsSoftware/

To view the contents in your file, you must enter:

less your-file-name

To see line numbers in each line, use the –N option:

less -N your-file-name

Less Keyboard Navigation