Category: Networking

How To: Enable NTP In Linux

Time is very important to the Linux operating system so keeping accurate time is important, which is why we want to enable NTP in Linux. This won’t be a major article and it should be simple enough to follow along. It’s pretty easy to enable NTP in Linux.

If you don’t know, NTP stands for Network Time Protocol. This allows your computer to connect to a networked device that tells your computer the accurate time and then syncs your computer’s clock with that accurate time.

This networked time server is usually just on the public web, but you could do things like run your own NTP server with a GPS device. (GPS uses really, really, really accurate time. In fact, that really accurate time is how GPS works.) Your company may even run its own NTP servers, but there are plenty of public servers available.

While we’re on the subject, your Linux computer keeps time in a very funny fashion. It counts the seconds since the epoch. The “UNIX Epoch” is an arbitrary date and time. Specifically, it counts the seconds since January 1st, 1970 at 00:00:00 UTC. I’ll write an article on the subject at some point. It is also sometimes referred to as “POSIX Time”. In the meantime, you can always look it up at your favorite search engine. 

Time is very important to Linux. After all, the kernel is a task scheduler. It’s also important for accurate record keeping, among other things. It’s also not difficult to enable NTP in Linux.

NOTE: This article assumes you’re using systemd, as most mainstream distros do. If this isn’t true, this article isn’t for you.

Enable NTP In Linux:

Yes, this is another article that requires an open terminal. You can usually just press CTRL + ALT + T to open your default terminal. If that’s not true, fix the keybindings!

If you’re a desktop user, you can probably skip this article. If you’re a desktop Linux user, odds are good that your distro came preconfigured to sync the time already. Let’s go ahead and verify that with this command:

What you’re looking for is these lines:

You’re especially interested in the last line. If that line says that the NTP service is active, you can ignore this article and read one of the prior articles on the timedatectl command:

How To: Find Your Timezone In The Terminal
How To: Change The Timezone

If the NTP service is not active, you can start the service with this command:

That’s all you need to do to enable NTP in Linux.

If you want to disable NTP, that’s just as easy. That command looks like this:

Next, you can run this command to confirm that you’ve enabled NTP:

That should output information that says the NTP service is active. It may not say that the clock has synchronized as that may take some time before the scheduled task runs and syncs your time with a dedicated time-keeping server.

If you want to muck about with the settings, they’re viewed here:

You’d edit that file with Nano, or some other terminal text editor. Before doing so, you should first read the man page, with this command:

There you go! You can enable NTP in Linux!

Closure:

It seems that I’ve developed a few different styles for my article writing. Longer articles get treated differently, as in they’re formatted differently. The shorter articles have been formatted like this for quite a while. I think that’s a comfortable mix, though it is (as always) subject to change. As I learn and grow, so too may the formatting.

Anyhow, this seemed like a fun article to write. I doubt it’ll be all that popular. It’s unlikely to rank all that well in the search engines. Still, it’ll be information that’s on the site, and the more information I have the better I think I’ll be doing.

It’s not always about the traffic. Indeed, it was never really about the traffic. The traffic is secondary. My primary objective is to share information. Today’s article covered how to enable NTP in Linux. Further, it is limited to just those who use systemd.

Most of my readers will have no use for this information. But, there will be someone – and maybe only that one someone – who will find this information and need it to enable NTP on their Linux device. Good. To that reader and my regulars, I say thanks for visiting.

Now my usual blurb at the bottom of every article…

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

Prevent Brute-Force SSH Attacks With fail2ban

Today’s article is one I could have already written and it’s about how to prevent brute-force SSH attacks with fail2ban. The reason I haven’t written it yet is because it either has too much substance or too little substance. I think I can strike a middle-of-the-road here and write an article with just enough substance.

See, and we’ll get to this later in the article, most folks won’t need to do a whole lot more than just install it. You can configure it a great deal, but the defaults are just fine for most people. On top of that, you can even make fail2ban send you email reports but we won’t be covering that in this article. Instead, we’ll largely have directions for installing fail2ban so that you can “prevent” brute-force attacks via SSH. I put the “prevent” in quotes because a diligent attacker could time things, use varied IP addresses, and try brute forcing your login credentials.

I think we need to start at the beginning.

What is SSH:

SSH stands for “Secure Shell” and is a tool to connect to a server remotely. If you check the man page for SSH it is defined as:

ssh — OpenSSH remote login client

This allows you to connect two computers over the terminal. It also comes with SFTP so that you can securely transfer files. You can do a whole lot more with SSH, including forwarding the graphical environment.

Here are a few SSH articles:

Install SSH to Remotely Control Your Linux Computers
Check Your SSH Server Configuration
Show Failed SSH Login Attempts

Then, there are a whole lot more SSH articles. I love SSH, so there have been quite a few articles on the subject. It’s a tool that I use quite often. I encourage familiarity with SSH as it’s sometimes a useful tool to effect a repair on a computer that is otherwise unresponsive to local inputs.

Servers are typically managed with SSH. As you can imagine, servers are a juicy target for malicious people. This means that SSH is a means with which malicious people will use to attack servers. One of the ways they do that is with ‘brute-force’.

What is Brute-Force:

There are many ways that one can try brute-forcing something. The name is as it implies. Rather than knowing the login credentials, they try to brute force them. That means they’ll try one combination of username and password and then keep trying various combinations until they eventually crack the system and figure out the login information.

That is the goal. Their goal is to find the login credentials. Instead of finesse, they use brute force.

This can include a dictionary attack. This can include a progressive attack where they start at the letter a, then try aa, then try aaa, etc. until they find the login credentials. They may also have a list of commonly used usernames and passwords and will systemically work their way through this until they find their way in.

This is one of many attacks and a modern computer can make many attempts in a short amount of time. Add to this modern bandwidth speeds and you can get thousands of attacks in just a short amount of time. It goes even faster if they know one part of the data, such as the username of a privileged account.

Enter fail2ban:

If you’re using a major distro, you have fail2ban available, one way or another. It’s usually easily installed and in your default repositories. When you do install it, you can check the man page. However, fail2ban is described as:

fail2ban – a set of server and client programs to limit brute force authentication attempts.

So, as you can see, fail2ban is the correct tool for the job. After all, and as the headline suggests, we’re trying to prevent brute-force SSH attacks with fail2ban.

Installing fail2ban:

We’ll be using a terminal to install fail2ban. You may also need to remotely connect to the server on which you want to install fail2ban. That too will require a terminal (or some SSH application like PuTTY). Simply press CTRL + ALT and your default terminal should open. If not, you can open a terminal from your application menu.

With your terminal now open, we can install fail2ban.

Debian/Ubuntu/etc:

RHEL/CentOS/etc:

Fedora with dnf:

I believe those are correct. That’s what is in my notes. If they’re not correct, please leave a comment and I’ll update the article. Other distros will have fail2ban available, just search your default repositories and you’ll likely find fail2ban available for installation.

Using fail2ban:

Now that you’ve installed fail2ban, you’re pretty much done. The default configuration is pretty much all you need – but you can customize it. There are a bunch of options available, so you can configure fail2ban in many ways. There are so many ways that we won’t be covering them. They’re reasonably obvious.

Once installed, fail2ban should start automatically. If it doesn’t, run this command to start it:

Next, we’ll make sure to enable fail2ban to start at boot time. That’s this command:

I assume that you’ll want to at least examine the configuration files and I’ll get you started with that. The first thing you want to do is cd to the right directory.

If you run ls you’ll see that there’s a file called jail.conf and you do not want to edit this file itself. Instead, fail2ban will look for configurations in a file called jail.local first. To make that file, you run the following command:

sudo cp jail.conf jail.local 

Next, you might want to make a backup of that jail.local file. 

You can now use Nano to edit your fail2ban configurations:

As you can now see, there are a bunch of options available. They’re far too many to explain here but they’re fairly well described. If any of the options confuse you, you can get help on the man page (man fail2ban ).

After you’ve set fail2ban’s configuration files the way you want them, you’ll need to restart the service for the changes to take effect. That’s done like this:

If you screw up the configuration, just remove the jail.local with this command:

Then restore from your backup like this:

Then, of course, restart the service with this command:

There are a lot of options with this application. You can explore them at your leisure, though I find the defaults to be adequate for most of my needs. As mentioned above, you can install sendmail and have the system send you notification emails. There are many other options as well.

Closure:

Like I said in the beginning, there’s a lot of substance with fail2ban. There’s a lot to it. If I added more to the article, it’d end up quite long. I may write a bit more about this application, but I don’t want to end up with a 2500-word article that will make your eyes gloss over. That doesn’t do me any good and it doesn’t do most people any good. Most folks are going to be fine with the basics before they explore the configuration options on their own.

If you do have a server (or even a personal computer) that’s running SSH, it’s worth your time to install fail2ban. If there’s any chance that someone can try to brute-force your system, they will.

Some bots crawl the ‘net looking for servers that respond on the default SSH ports. They can and will find you. You can also change the port SSH uses for some added obscurity (but remember that obscurity isn’t really security). So, it’s a good idea to prevent brute-force SSH attacks with fail2ban. Yes, it’s a good idea even for us ‘little guys’ who aren’t running servers with valuable information on them.  

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

Send A Message To Logged In Users

Today’s article will have limited use for my regular readers, as we talk about how you can send a message to logged-in users. The thing is, this is only valid for those users who are logged into the terminal. It doesn’t pop up a handy GUI window (like the old messenger service from Windows, though I’m sure there’s a way to do so). This is only valid for users who have logged into the terminal.

Got it?

Good!

So, who is this useful for? Well, those of you who have shell users. This is useful for system admins who want to send mass messages to the people who are currently logged in. For example, maybe you want to message folks to let them know that you’ll be doing routine maintenance and rebooting the system at a specific time.

While this is a bit archaic, it’s still useful under some circumstances.

Why do I include it if it’s so archaic and has limited use?

Well, because I can. You never know when someone doesn’t know something and will hit up their favorite search engine to learn something. I care that each article teaches you something, even if that something isn’t all that grandiose. 

Plus, it’s nice to have an easy article now and then. This is going to be a pretty easy article! There are just a couple of tips that I have for folks and that’s the end of it.

Send A Message To Logged In Users:

You’ll need an open terminal if the opening wasn’t descriptive enough. After all, we’re sending messages to users who are logged in with the terminal. So, open said terminal. Most often, you can press CTRL + ALT + T and your default terminal should open.

With your terminal open, you can be reasonably sure that the wall command is available. Run this command to be certain that the wall command is available:

You can then check the man page to ensure that this is the correct tool for the job. As you’ll see, if you run man wall, this is the tool for the job:

wall – write a message to all users

See? It is the right tool for the job. The syntax is even remarkably simple:

Or, if you do this often and want consistency:

So, you can try something like:

Or, if you do this often, you can make a .txt file with your message and just reference that file in the wall command. That’d look like the above example.

See? That’s it. That’s all you need to know to send a message to logged in users. If you’re new to your admin job or maybe have started running a public-access shell, you’re now able to send those messages to your users.

Closure:

I figured it was a good day for a nice easy article. They can’t all be complicated, because not everything is complicated. Sometimes, it doesn’t take 1000+ words to describe a task. I could probably bloviate and digress, but that’d just make the article longer with no real value.

As much as it might seem otherwise, I value your time. I try to remain on topic and I try to include no more than the information you need – with just a bit of digression in the intro. I figure most of you skip the intro anyhow!

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

Monitor Bandwidth In Real Time

Today we’re going to have a fun article, an easy enough article, where we simply talk about one way to monitor bandwidth in real time. This is not something you’re normally going to do unless you’re in an unusual situation. It’s still something fun and easy, so why not cover it?

This might be useful if you want to monitor bandwidth at an edge system. Let’s say you have a public-facing server and you’re not behind a router that gives you this information in a fancy widget or whatnot and you want to monitor the bandwidth in real time. Well, you can do that. In fact, there are all sorts of tools that will let you do this. Heck, I think I may have even shared some of this type of stuff in the past.

Maybe take a gander at some of the following articles:

Monitor Bandwidth With nload
‘vnStat’ A Tool For Monitoring Your Bandwidth Usage
Visualize Your Network Traffic With ‘darkstat’

(There are more, just search the site for ‘bandwidth’ – which is how I came up with those links. I wasn’t picky, I just picked the first few that looked like they might interest people and be similar to this one.)

As I mentioned, it’s easy to monitor your bandwidth. It’s easy to monitor your bandwidth in real time. There are countless options and applications for this, so today we’re just going to cover one more option from the myriad options available to you as a Linux user.

Today’s article will be about ‘cbm’… Trust me, it’s easy. It’s very easy!

What Is This cbm?

Well, cbm stands for Color Bandwidth Monitor and it’s not a new application. In fact, the GitHub page indicates that it hasn’t been updated in a while. That’s not necessarily a bad thing, as it could mean that it’s just feature complete and in need of nothing.

I’ve only checked on Ubuntu (technically Lubuntu) and Mint, but cbm is in the default repositories. I’m a bit of a slacker, so I haven’t checked elsewhere, but it’s probably in their default repositories too. It’s just a tiny application with a very specific purpose. Those are the kinds of apps that make it into default repositories.

If you check the man page, you’ll see that cbm defines itself simply as:

cbm – display in real time the network traffic speed

Supposing you’re using Ubuntu (or Debian, or Mint, or any other distro with those repositories and using the apt package manager) it’d be easy enough to install.

You’d simply install cbm with the following command:

So, let’s pretend you’ve already got that cbm application installed…

Monitor Bandwidth In Real Time:

So, we’ll assume you’ve already installed cbm but you’re still going to need an open terminal to use cbm. Funny how that works! You know what, I’m just going to assume you’ve opened a terminal to install the application and skip that whole cookie-cutter silliness.

Well, now that you have cbm installed and you’ve run cbm in the terminal (which is your only option – I did mention this was absurdly simple), you’ll see an output similar to this:

cbm letting you monitor bandwidth in real time
It’s not polite to laugh at another man’s paltry bandwidth! Be polite!

Yes, yes I work just fine within these bandwidth constraints… Mostly…

As you can see, it shows each network interface.

How To: Show Your Network Interfaces

You can see that it shows how much data you receive, how much data you transmit, and the total. I did not let it run all that long for the screenshot, as that’s not necessary.

That’s pretty much it. There are few options and that’s a good thing.

You can press the + or to change the refresh rate.

You can press B to change from bits to bytes.

When you’re done monitoring your bandwidth in real time, press Q to exit the application.

That’s it. That’s all you need to know. It’s a very purpose-built application. There aren’t a bunch of frills and options. This is one of those tools that does exactly what it says on the tin and nothing else. If you want to monitor bandwidth in real time, this is one way to do so.

Closure:

See? I told you this would be a nice and simple article. It’s easy to follow and easy to learn. There isn’t a whole lot to it. You can monitor bandwidth in real time with all sorts of tools, but this might be one of the easiest. The program doesn’t need to be updated. It doesn’t need additional bells and whistles.

Sorry for not checking on alternative distros. That takes a while and I have limited time to write these things. If you use other distros, you can help by leaving a comment to indicate if it is in your default repos or not. You can even go so far as showing how to install cbm. It won’t hurt and you don’t even have to use real information!

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

Let’s Talk About The Deep Web vs Dark Web

Today’s article is going to be quite different than a normal article, as I discuss the differences between the Deep Web vs Dark Web. The reason I wrote this article is because I was having an online conversation with someone and they didn’t know the difference. In fact, they weren’t familiar with either of the terms but used them both for the same thing.

So, sit back and relax. This article might be informative if you’re not already aware of these words and what they mean. If you’re already familiar with these words, you can skip this article – or scroll to the comment section to add your thoughts on the matter.

There’s a subset of people who would think these names are interchangeable. They share some similarities but they’re decidedly different. I’ll do my best to explain the difference between the deep web and the dark web. It sounds like a good article to write.

The Public Web:

Before we can talk about either of those two things, we should probably talk about the public web. That’s just the tip of the iceberg, but the public web is the sites you visit while you’re online. These are sites that are open to anyone. They’re sites you can find with your normal search engine.

For example, this site is a part of the public web. You can search for it and find results. It’s possible to visit the site directly. You can interact with the site, browsing around as you see fit.

Everyone’s familiar with the public web. This is all the major sites, the sites that get the vast majority of traffic. They’re the places we hang out, meet with friends and family, and exchange information. They’re just your typical websites.

All of these things have one thing in common. You connect to your ISP to access them – but they use vastly different technology underneath. The public web uses just plain web servers, a markup language, and is delivered via HTTP or HTTPS. You know, the sites you regularly visit.

The Deep Web:

The Deep Web is something we all encounter. Simply put, the Deep Web is stuff that doesn’t get indexed by public search engines. This is also true of the Dark Web, but we’ll discuss that in a minute.

For example, your banking is technically in the Deep Web. I mean, ideally, it is. It’s a site with data that’s not indexed by search engines. This is true for IRC (Internet Relay Chat), SMTP/POP3 (email), IMAP, (more email), and even the old gopher network that still exists.

This Deep Web also includes stuff behind a paywall. This could be a private stock exchange portal or it could be the archives at your favorite newspaper. This also includes things like private forums. If a public forum has a private section then that section would technically fall under the title of Deep Web.

There’s nothing wrong with the Deep Web. There’s nothing inherently wrong with any of these categories. They are what they are. I have a private forum and no you can’t join it. It’s for friends and family. As such, it’s a part of the Deep Web.

The Dark Web:

Now, the Dark Web is a whole different animal. The Dark Web requires different protocols and special software to access it. It will also include encryption and will (generally speaking) be poorly indexed (if at all) by public search engines.

The Dark Web includes various P2P connections. A few examples would be Tor, I2P, or even Freenet. While this data does transmit over the internet, it uses various protocols that are unlike those used for the public web. Encryption is enforced and a stated goal for many of these services is anonymity.

It is NOT illegal (at least not in my country) to access the Dark Web. In and of itself, accessing the Dark Web violates zero laws. Just like you can access IMAP for your email, you can access the Dark Web.

HOWEVER…

The Dark Web is where you’ll find a concentration of illegal activities, from drug sales to firearm sales to worse. Performing those illegal activities is still very much illegal. The level of security you’d have to maintain at all times is so burdensome that people are caught every day for performing illegal activities on the Dark Web.

Yes, you can find illegal activities on the public web. You’ll find a concentration of them on the Dark Web.

So, Deep Web vs Dark Web:

So, accessing the Deep Web is perfectly normal. That behavior doesn’t stand out at all. Just accessing your bank means you’re accessing the deep web – and that’s a good thing. You don’t want that banking information to be available with a simple Google search.

Accessing the Dark Web isn’t illegal, but that’s where a lot of illegal activities take place. You’re unlikely (I’m sure some jurisdictions make this illegal) to attract any attention unless you’re dumb enough to try using it for illegal activities. Before you think you’re smart and will keep your “OPSEC” squared away, every other person thought the same thing before the law was knocking on their door.

So, when it comes to Deep Web vs Dark Web, you might as well know the difference in terms and what those terms mean. 

Closure:

Yes, this could have been so much more technical. The idea for the article stemmed from a conversation and I don’t want to be all that technical. This is meant to be a light discussion about the Deep Web vs Dark Web. Nothing more. Nothing less…

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

Linux Tips
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.