security Archives • Linux Tips

Automate Updates In Linux Mint

Today’s article will be a fairly simple one and is limited to Linux Mint users as we learn how to automate updates in Linux Mint. That seems like a good idea to me. Ideally, this will continue working without any intervention, but we’ll see…

So, I’m not sure how long this has been an option. I only noticed it fairly recently. If you’re not already aware, you can automate updates in Linux Mint. It’s a pretty simple task and won’t require much more than a mouse – or maybe a terminal and then a mouse.

This can be a touchy subject. I’m firmly in the camp of immediately installing all updates. I want my system to be as secure as possible, which means applying the updates as soon as they are available. So far, this mostly appears to work.

Updates often come right before public disclosure and proof-of-concept samples. While it’s true that an update can bork your system, that’s easily fixed and such a rare thing that I don’t even consider it as a reasonable reason not to apply updates.

I also consider it my duty, my obligation, to keep my systems secure. An insecure system doesn’t just impact you. An unsecured computer can be used as a proxy, a command center, a spam relay, or a node in a DDoS attack, among other things. As a good netizen, I keep my systems updated.

So, why not automate that stuff when I can?

Automate Updates In Linux Mint:

In your system tray, down on the right, look to see if you have an icon that looks like a shield. If you do not see the icon, press CTRL + ALT + T and type in mintupdate. Both of those things will open the Update Manager in Linux Mint.

At some point along this path, you’ll be asked to enter your password. Do so.

That will open this window:

to automate updates in Linux Mint, start with opening up the update manager — Your theme may mean this has different colors or whatnot, but it should look like this.

Next, you’ll click on ‘Edit’.

You need to click on the Edit button to move to the next step of automating updates in Linus Mint — This is a pretty easy step. Heck, they’re all easy steps! You’ve got this! I’m sure of it!

You next want to open Preferences and click on Automation.

You'll need to edit the preferences to automate Linux Mint Updates. — Just in case you’re confused, I added an arrow for you! (My CDN is going to hate me.)

When you’ve done all of this, you’ll face a new screen.

This new screen is where you edit your automation settings. This new screen is where you enable automatic updates in Linux Mint. It looks like this when I’ve configured it to my liking:

Enabling automatic updates in Linux Mint via the Update Manager preferences. — You can configure those however you like, but I enable all of them. You do you, I guess.

Make sure you have a viable backup process.

As you can see, I’ve chosen all the things. I’ve chosen to automate all the updating that I can do. If anything, I wish I could increase the frequency. I suppose I could set up a cron job for this, but a handy GUI is fine for this task. This way will also update Spices ~~and Flatpaks~~. So, there’s that.

I’ve had this setting enabled for a little while now and I’ve verified that it has been working as expected. If you want to automate updates in Linux Mint, you can do that – and it’s not even difficult.

Update:

No, it doesn’t appear to update Flatpaks. I’ve given it a few tries and it does not.

Closure:

I like automatic updates. I use that sort of feature online with my various websites. Scheduled updates performing themselves is a good thing to me. You may be more cautious, but I throw caution to the wind. I haven’t had an update nuke my system beyond a 2-minute repair job in forever. I haven’t even had a 2-minute repair job in years. That’s good enough for me. You can make your own choices. Regardless of your choices, be sure to backup your system regularly.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

Prevent Brute-Force SSH Attacks With fail2ban

Today’s article is one I could have already written and it’s about how to prevent brute-force SSH attacks with fail2ban. The reason I haven’t written it yet is because it either has too much substance or too little substance. I think I can strike a middle-of-the-road here and write an article with just enough substance.

See, and we’ll get to this later in the article, most folks won’t need to do a whole lot more than just install it. You can configure it a great deal, but the defaults are just fine for most people. On top of that, you can even make fail2ban send you email reports but we won’t be covering that in this article. Instead, we’ll largely have directions for installing fail2ban so that you can “prevent” brute-force attacks via SSH. I put the “prevent” in quotes because a diligent attacker could time things, use varied IP addresses, and try brute forcing your login credentials.

I think we need to start at the beginning.

What is SSH:

SSH stands for “Secure Shell” and is a tool to connect to a server remotely. If you check the man page for SSH it is defined as:

ssh — OpenSSH remote login client

This allows you to connect two computers over the terminal. It also comes with SFTP so that you can securely transfer files. You can do a whole lot more with SSH, including forwarding the graphical environment.

Here are a few SSH articles:

Install SSH to Remotely Control Your Linux Computers
Check Your SSH Server Configuration
Show Failed SSH Login Attempts

Then, there are a whole lot more SSH articles. I love SSH, so there have been quite a few articles on the subject. It’s a tool that I use quite often. I encourage familiarity with SSH as it’s sometimes a useful tool to effect a repair on a computer that is otherwise unresponsive to local inputs.

Servers are typically managed with SSH. As you can imagine, servers are a juicy target for malicious people. This means that SSH is a means with which malicious people will use to attack servers. One of the ways they do that is with ‘brute-force’.

What is Brute-Force:

There are many ways that one can try brute-forcing something. The name is as it implies. Rather than knowing the login credentials, they try to brute force them. That means they’ll try one combination of username and password and then keep trying various combinations until they eventually crack the system and figure out the login information.

That is the goal. Their goal is to find the login credentials. Instead of finesse, they use brute force.

This can include a dictionary attack. This can include a progressive attack where they start at the letter a, then try aa, then try aaa, etc. until they find the login credentials. They may also have a list of commonly used usernames and passwords and will systemically work their way through this until they find their way in.

This is one of many attacks and a modern computer can make many attempts in a short amount of time. Add to this modern bandwidth speeds and you can get thousands of attacks in just a short amount of time. It goes even faster if they know one part of the data, such as the username of a privileged account.

Enter fail2ban:

If you’re using a major distro, you have fail2ban available, one way or another. It’s usually easily installed and in your default repositories. When you do install it, you can check the man page. However, fail2ban is described as:

fail2ban – a set of server and client programs to limit brute force authentication attempts.

So, as you can see, fail2ban is the correct tool for the job. After all, and as the headline suggests, we’re trying to prevent brute-force SSH attacks with fail2ban.

Installing fail2ban:

We’ll be using a terminal to install fail2ban. You may also need to remotely connect to the server on which you want to install fail2ban. That too will require a terminal (or some SSH application like PuTTY). Simply press CTRL + ALT and your default terminal should open. If not, you can open a terminal from your application menu.

With your terminal now open, we can install fail2ban.

Debian/Ubuntu/etc:

sudo apt install fail2ban

1	sudo apt install fail2ban

RHEL/CentOS/etc:

sudo yum install epel-release -y
sudo yum install fail2ban

1 2	sudo yum install epel-release -y sudo yum install fail2ban

Fedora with dnf:

dnf install fail2ban

1	dnf install fail2ban

I believe those are correct. That’s what is in my notes. If they’re not correct, please leave a comment and I’ll update the article. Other distros will have fail2ban available, just search your default repositories and you’ll likely find fail2ban available for installation.

Using fail2ban:

Now that you’ve installed fail2ban, you’re pretty much done. The default configuration is pretty much all you need – but you can customize it. There are a bunch of options available, so you can configure fail2ban in many ways. There are so many ways that we won’t be covering them. They’re reasonably obvious.

Once installed, fail2ban should start automatically. If it doesn’t, run this command to start it:

sudo systemctl start fail2ban

1	sudo systemctl start fail2ban

Next, we’ll make sure to enable fail2ban to start at boot time. That’s this command:

sudo systemctl enable fail2ban

1	sudo systemctl enable fail2ban

I assume that you’ll want to at least examine the configuration files and I’ll get you started with that. The first thing you want to do is cd to the right directory.

cd /etc/fail2ban/

1	cd /etc/fail2ban/

If you run ls you’ll see that there’s a file called jail.conf and you do not want to edit this file itself. Instead, fail2ban will look for configurations in a file called jail.local first. To make that file, you run the following command:

sudo cp jail.conf jail.local

Next, you might want to make a backup of that jail.local file.

sudo cp jail.local jail.local.backup

1	sudo cp jail.local jail.local.backup

You can now use Nano to edit your fail2ban configurations:

sudo nano jail.local

1	sudo nano jail.local

As you can now see, there are a bunch of options available. They’re far too many to explain here but they’re fairly well described. If any of the options confuse you, you can get help on the man page (man fail2ban ).

After you’ve set fail2ban’s configuration files the way you want them, you’ll need to restart the service for the changes to take effect. That’s done like this:

sudo systemctl restart fail2ban

1	sudo systemctl restart fail2ban

If you screw up the configuration, just remove the jail.local with this command:

sudo rm jail.local

1	sudo rm jail.local

Then restore from your backup like this:

sudo cp jail.local.backup jail.local

1	sudo cp jail.local.backup jail.local

Then, of course, restart the service with this command:

sudo systemctl restart fail2ban

1	sudo systemctl restart fail2ban

There are a lot of options with this application. You can explore them at your leisure, though I find the defaults to be adequate for most of my needs. As mentioned above, you can install sendmail and have the system send you notification emails. There are many other options as well.

Closure:

Like I said in the beginning, there’s a lot of substance with fail2ban. There’s a lot to it. If I added more to the article, it’d end up quite long. I may write a bit more about this application, but I don’t want to end up with a 2500-word article that will make your eyes gloss over. That doesn’t do me any good and it doesn’t do most people any good. Most folks are going to be fine with the basics before they explore the configuration options on their own.

If you do have a server (or even a personal computer) that’s running SSH, it’s worth your time to install fail2ban. If there’s any chance that someone can try to brute-force your system, they will.

Some bots crawl the ‘net looking for servers that respond on the default SSH ports. They can and will find you. You can also change the port SSH uses for some added obscurity (but remember that obscurity isn’t really security). So, it’s a good idea to prevent brute-force SSH attacks with fail2ban. Yes, it’s a good idea even for us ‘little guys’ who aren’t running servers with valuable information on them.

Make Passwords In The Linux Terminal

Today’s article should be fairly simple and is about something we all use because it’s about how to make passwords in the Linux terminal. Assuming my writing chops are up for it, this article should be easy for everyone to follow. I’ll do my best. It might not even be a very long article.

I don’t think I need to explain passwords to any modern computer user. Even mobile users use passwords. The rare people who don’t use this technology will likely still use a PIN for things like their ATMs and credit cards. A PIN is just a numeric password.

I think it’s safe to say that we all know what a password is and why we use one. I’m not sure we all understand how to create good passwords, but we all use them. Perhaps this xkcd comic will amuse you:

xkcd's thoughts on passwords — Hopefully, this works as a hotlink, per xkcd’s request. I also can’t resize it. Ah well…

I have written about passwords in the past. One of the first articles on this site was about generating complex passwords. Here’s a link:

How To: Generate Sufficiently Complex Passwords In The Terminal

There isn’t much to add about passwords. It’s safe to assume we’re on the same page and that we’ve all used many passwords in our lives. I guess it’s then time to move along to the software we’ll be using to generate passwords in the Linux terminal.

Installing makepasswd:

In a previous article, we made complex passwords (with some degree of randomness) in the Linux terminal with a tool known as ‘pwgen’. You’ll find that pwgen is perfectly adequate and does a fine job at creating unique passwords in the terminal.

This time around, as we accomplish the very same task, we’ll be using a tool known as makepasswd. When you install makepasswd you’ll see that it has some small dependencies involving encryption and randomness. That makes some sense when you see how makepasswd is described on the man page.

makepasswd – generate and/or encrypt passwords

We’ll be doing that first bit – that is generating passwords.

You will need an open terminal to follow along in this next section. You can also use your graphical software installer, assuming you have one. To open your terminal, you can usually just press CTRL + ALT + T.

With your terminal now open, choose the right command for your distro:

Debian/Ubuntu/etc:

sudo apt install makepasswd

1	sudo apt install makepasswd

OpenSUSE/SUSE/etc:

sudo zypper install makepasswd

1	sudo zypper install makepasswd

Arch/Manjaro/etc:

sudo pacman -S makepasswd

1	sudo pacman -S makepasswd

RHEL/CentOS/etc:

sudo yum install makepasswd

1	sudo yum install makepasswd

You’ll find that makepasswd is available for other distros, but I’m not sure of the installation commands and don’t want to steer you wrong. As it stands, I’m pulling these from my notes and haven’t tested them to ensure the commands are current. If they’re not current, please leave a comment so that I can update them accordingly.

Now that you have makepasswd installed…

Make Passwords In The Linux Terminal:

If you used a GUI tool to install makepasswd, or if you closed the terminal after installing makepasswd, you’ll need to open a terminal. Fortunately, I told you how to do that in the previous section. If you want to use makepasswd to make passwords in the Linux terminal, you will of course need an open Linux terminal.

With the terminal now open, you can check the man page for more information about the makepasswd application. That’s done like so:

man makepasswd

1	man makepasswd

The application is pretty simple, at least for our needs. If you just want to generate a password that’s 12 characters long, you’d run this command:

makepasswd --chars=12

1	makepasswd --chars=12

An example output might be something like this:

$ makepasswd --chars=12
cwvcKaPiVVrX

1 2	$ makepasswd --chars=12 cwvcKaPiVVrX

If you want to use certain characters, you can use the --string flag. So, if you wanted to generate a 12 character password with just numbers, you’d use a command that looks like this:

makepasswd --chars=12 --string='1234567890'

1	makepasswd --chars=12 --string='1234567890'

An example output might be something like this:

$ makepasswd --chars=12 --string='1234567890'
398686687302

1 2	$ makepasswd --chars=12 --string='1234567890' 398686687302

So, I suppose, you could even use this as a tool to generate a pseudorandom PIN for your debit card.

makepasswd --chars=4 --string='1234567890'

1	makepasswd --chars=4 --string='1234567890'

If you want to generate a list of passwords so that you can pick the one you like from the list, you can do that as well. That command would look a little bit like the following command:

makepasswd --count=10 --minchars=10

1	makepasswd --count=10 --minchars=10

For some reason, it seems to only want to output a maximum number of characters in that command and the maximum number is 10. Do not ask me why, but the option is there and the output of that command might look a bit like this:

$ makepasswd --count=10 --minchars=10
BQa1CLhgK3
ybuxsIGXKB
A7sgcx3R88
i679AThi7J
RuBFVHGF0N
0qCQEtq2YI
Hm0I25yvWj
bxdjtcfeRp
sgoM4omWWt
gaLfKrdiwT

$ makepasswd --count=10 --minchars=10

BQa1CLhgK3

ybuxsIGXKB

A7sgcx3R88

i679AThi7J

RuBFVHGF0N

0qCQEtq2YI

Hm0I25yvWj

bxdjtcfeRp

sgoM4omWWt

gaLfKrdiwT

You can do quite a bit more with the makepasswd application. As mentioned above, check the man page. You can seed your passwords, you can encrypt them, get the hashed password value, and more. You could even take the above command and output it to a text file called passwords.txt. You’d do that like this:

makepasswd --count=10 --minchars=10 --maxchars=24 > password.txt

1	makepasswd --count=10 --minchars=10 --maxchars=24 > password.txt

As you can see in that command, I’ve included the --maxchars flag. You can set both the minimum number of characters and the maximum number of characters with the two flags used in the above two commands.

See? You’ll find makepasswd to be a handy way to make passwords in the Linux terminal. There are all sorts of ways to do this. This is just one more way.

Closure:

I wasn’t sure what I’d write when I sat down to write this article. I started it much earlier in the day than I usually would and flipped through all sorts of text files to find an interesting article to write. The first two articles that piqued my writer’s interest were topics I’d previously covered. I eventually settled on makepasswd. After all, you never know when you will want to make passwords in the Linux terminal. It could happen!

Some Opinions (News?) About Purism.

Today’s article isn’t like a regular article, it’s just some news about Purism. There’s not going to be much written about this company by me, as I’m not wanting to get sued by angry people. I’m mostly going to give you some information and then share a video. With that information, you’ll be free to make your own choices.

Let’s start with the basics…

I have been paying a little bit of attention to Purism for quite some time. I have considered giving them money, but there were already enough complaints that I never felt comfortable doing that.

Purism SPC, the company, is located in San Francisco, California. They have been around since 2014 and they sell products that are based on ‘opensource’, hardware such as laptops and phones.

Their site can be found at https://puri.sm/

Purism claim to be interested in protecting your privacy and liberties, by using open-source software. There are lots of thoughts about this.

I have seen a few people mention this company lately, as though they were interested in their products. I feel an obligation to inform, thus this news article about Purism.

I will not be offering my opinions on the matter. As much as free speech exists in my country, I don’t really feel like spending money on legal fees and I don’t want to deal with a cease-and-desist notice that tells me to take the site down.

What I am going to do is share a video with you.

Warning, this video uses adult language – but provides sources for their claims. I would suggest watching this video if you’re interested in Purism products.

Now, you take that information and do with it what you will. You can view a bunch of old/current complaints at the Purism Subreddit. There are also a number of topics over on HackerNews but I don’t have links to those. I’m not trying to do an expose, I’m trying to help people make wise choices. This means doing your research – and real research.

Closure:

My opinions are my own, though I’m sure it’s okay to say that I do not now own any Purism products and I do not intend to buy any in the near future. This is simply one of many videos, articles, and comment chains that finally made me realize that I should probably share this with others – as we don’t all dive deep into things prior to making a purchase decision.

What you do with this information is up to you.

I will further suggest that any comments on this matter should be left here. It’s well known that I share my articles elsewhere but I don’t know if Purism is lawsuit happy and I don’t think I’d like to put other sites at risk. I’m sure it’s fine, but we’ll see…

Linux Tips: A Comprehensive Guide for Optimizing Your System

Welcome to Linux Tips, your ultimate resource for unlocking the full potential of your Linux system. Whether you are a seasoned Linux user or a beginner exploring the world of open-source operating systems, this comprehensive guide will provide you with valuable insights and tips to optimize your Linux experience. From boosting performance to enhancing security, we’ve got you covered. Let’s dive in!

Just for fun, this article was written by an AI with the prompt being:

“Write an article for Linux-Tips.us that is optimized for Google’s search engine results.”

Enhance Performance:

Optimize Startup: Speed up your system boot time by disabling unnecessary services and applications that launch at startup. Use tools like systemd-analyze to identify bottlenecks and systemd commands to manage services effectively.

Monitor System Resources: Keep track of your system’s resource usage with tools like htop and top. Identify resource-intensive processes and consider optimizing or terminating them to free up valuable resources.

Utilize Swap Space: Configure and optimize your swap space to prevent system slowdowns. Tune the swappiness parameter to strike a balance between using RAM and swap effectively.

Improve Security:

Keep Software Up to Date: Regularly update your Linux distribution, applications, and packages to ensure you have the latest security patches and bug fixes. Utilize package managers like apt or dnf to simplify the update process.

Enable the Firewall: Activate the built-in firewall (e.g., iptables or nftables) to safeguard your system against unauthorized access. Configure firewall rules to allow only necessary incoming and outgoing connections.

Utilize SSH Key Authentication: Strengthen the security of your SSH connections by using key-based authentication instead of passwords. Generate SSH keys and disable password-based authentication to prevent brute-force attacks.

Boost Productivity:

Master the Command Line: Linux’s command-line interface is a powerful tool for executing tasks efficiently. Familiarize yourself with essential commands like ls, cd, grep, and find to navigate the file system, search for files, and perform various operations.

Utilize Shell Scripting: Automate repetitive tasks by writing shell scripts. Bash, the default Linux shell, allows you to create powerful scripts to streamline your workflow and save time.

Take Advantage of Package Managers: Leverage package managers like apt, dnf, or yum to install, update, and remove software effortlessly. Explore repositories and learn package management commands to manage your software ecosystem effectively.

Customize Your Environment:

Choose the Right Desktop Environment: Linux offers a variety of desktop environments, each with its own look and feel. Experiment with different options like GNOME, KDE, or Xfce to find the one that suits your preferences and maximizes your productivity.

Tweak Your Window Manager: Customize your window manager settings to enhance your workflow. Configure keyboard shortcuts, window behavior, and appearance options to create a personalized Linux experience.

Explore Themes and Icons: Customize the visual aesthetics of your Linux system by applying themes and icon packs. Tools like GNOME Tweaks or KDE System Settings allow you to easily switch between different themes and icons.

Conclusion:

By implementing the Linux tips outlined in this comprehensive guide, you can optimize your system’s performance, enhance security, and boost productivity. Remember to keep your system up to date, monitor resource usage, and leverage the power of the command line. With Linux’s flexibility and customization options, you can create an environment that truly suits your needs. Embrace the open-source philosophy and unlock the full potential of your Linux-based machine today!

The Real Closure:

So, I just wanted to share this with you. We worry about AI, but do you think this is an appropriate article for this site? Better still, do you think this is optimized for Google? It’s none of those things. You can tell by the wording that it wasn’t written by a human. Even better, you can tell right away that it wasn’t written by me.

But, let’s see how well this article does in Google’s search results. I’ll report the results (if they’re worth reporting) and I suspect this article won’t rank all that well – if at all. I doubt it shows up in the top ten results for any keywords. If it does, I’ll let you know. I pay attention to that sort of stuff.

Of course, you could say that it’s contaminated by the actual real closure, but the whole article is failing the formula I’ve been using since my earliest articles. It is what it is and I’ll say that it’s ‘close enough for government work’ and we’ll see how well it ends up doing in Google’s search results. It barely qualifies as an article for this site. My articles are very different – and, well, I’d say they’re much better.