Showing headlines posted by netblue30

Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table.

In part 1 of this article series I’ve described a minimal Debian installation using network install image. I started with a regular server, added the desktop environment, and installed some more common desktop applications. In this article I will continue with several enhancements to the previous setup.

If you have some ancient hardware that you need to breathe new life into, or if you need to fit a distro on a modestly sized memory stick, the first thing you should look at is the window manager/desktop environment.

The traditional Linux security model starts with file permissions. The model lets the kernel decide whether or not a process may access a resource based on permissions set as part of the filesystem. The coarse-grained granularity of this model often causes Linux processes to have too many rights. If more granularity is needed, one has to resort to adding security related code into the program source.

Linux ptrace() system call provides a means by which one process may observe and control the execution of another process. It is primarily used to implement breakpoint debugging with gdb and system call tracing with strace. In this article I will look at the security implications of ptrace, and how to overcome them using Linux PID namespaces.

Three syscalls are used to create Linux namespaces, unshare(), clone() and setns(). In this article I will take a look at unshare() and show how to use it directly in your scripts and programs without going through LXC or any other higher level virtualization tool.

It might not get the attention Fedora and Ubuntu do, but its parent is still one of the major enterprise Linux distributions. Released on schedule as always, openSUSE is considered by many as being the best KDE distribution, constantly contributing directly to upstream KDE project. A number of other desktops are also supported, I will take a look at some of them in this article.

GNOME desktop memory comparison across several Fedora releases: 13, 15, 17, 19 and 20.

Simple Network Management Protocol is an Internet-standard protocol for managing devices on IP networks. net-snmp is the main SNMP implementation for Linux and BSD platforms. For licensing reasons, net-snmp package installs only a small number of MIBs in /usr/share/mibs directory. This article describes the steps to add additional MIBs to the standard installation.

Ethernet networks can be partitioned into multiple distinct broadcast domains using VLANs. VLAN domains are mutually isolated. Whenever a hosts in one VLAN domain needs to communicate with a hosts in another VLAN domain, the traffic must be routed between the two domains. This is known as inter-VLAN routing.

This article discusses LXC, a lightweight virtualization technology built into Linux kernel.The virtual machine I describe uses a root filesystem build using debootstrap (apt-get install debootstrap). The procedure is simple and it should work on any Debian machine.

Hundreds of new open source software projects are published on Internet each day. The vast majority are built by private individuals in their spare time, or at least this is how the projects are starting. The usefulness of these projects is secondary in nature, most of the time the goal is learning and personal development, or how somebody else put it, scratching one developer’s personal itch.

An SNMP MIB browser is an indispensable tool for engineers and system administrators to manage SNMP enabled network devices such as routers, switches, servers and workstations. In this tutorial, I introduce qtmib, an easy-to-use SNMP browser available for Linux and published under GPLv2 license. The program is build as a front-end for net-snmp tools using QT4 library.

A live CD or live DVD is a complete bootable Linux operating system loaded from a CD or DVD. Although there are a lots of live Linux CDs, for seemingly every taste and purpose, it might still be useful on occasion to build your own. This guide details the steps to build a bootable live CD/DVD based on Debian “wheezy”.

This article describes how to run desktop applications such as Mozilla Firefox and LibreOffice in Linux containers virtual machines. LXC is a lightweight virtualization technology built into Linux kernel.The virtual machines run in parallel alongside the regular host applications, without affecting the host system.

Linux containers (LXC) is a lightweight virtualization technology built into Linux kernel. In my previous article, I have detailed the steps to configure and run a simple application container using LXC. LXC application containers are very lean and consume strictly the resources the application requires. This is in sharp contrast with other virtualization technologies which are running a full Linux distribution in VM.

Linux containers (LXC) is a lightweight virtualization technology built into Linux kernel. Unlike other similar technologies, the virtual machines (VM) are driven without any overhead by the kernel already running on the computer. In VM you run only the processes you need, most of the time without even going through the regular SysV or Linux init. This means that memory is used very conservatively.

Home, Trash and Web icons used to be enabled by default on most Linux desktops – not anymore! I am often asked to add them back when I install Linux for some other people. They are part of the workflow, and I am not interested in changing workflows. I am simply interested in moving the user from Windows to Linux.

Most of my software development takes place on a Ubuntu 12.04 running LXDE. It is stable and provides me with everything I need. I also keep a copy of Fedora on a different partition on my hard disk. The attraction is the latest versions of gcc and glibc. With a new Fedora version just released, it is time to check it out.

A friend of yours tells you one day he’s heard so much about Linux and he’s decided to install it on his Windows machine. His computer is already a few years old, a Windows 7 or maybe a Windows XP, and he’s come to you for advice. Could you please help him to install it? No problem, happy to oblige!