Secure File Deletion on Ubuntu

 Linux, Security  Comments Off on Secure File Deletion on Ubuntu
Nov 072022
 

In an age of rampant security attacks, safeguarding data is paramount.

After all, data is the new Kohinoor for organizations of all sizes in the modern era.

secure-delete is one of the command line tools available for Ubuntu and its derivatives like Linux Mint to securely erase data.

Secure file and folder deletion is also important when disposing older or end-of-life PCs or servers or reselling them on auction sites like eBay.

Ensuring data security is an integral piece of data sanitization to ensure precious data does not fall into wrong hands.

Simply deleting a file or folder is not enough. There are plenty of tools that’ll allow the bad guys to easily retrieve a deleted file/folder.

So you need a robust tool to ensure that erased data is gone forever to prevent it from falling into wrong hands.

Many Options

Data sanitization is a broad category and includes many options.

Hard-drive shredding and incineration are two options for extreme-security conscious organizations like the NSA, FBI or CIA.

In this post, we’ll consider a simple software technique to securely remove a file or folder from your Ubuntu Linux system.

We’ll use a CLI utility called secure-delete for an Ubuntu system.

Install and Verify Download:
You can download secure-delete and verify installation via the CLI with the following commands:

$ sudo apt install secure-delete

It’s possible your organization may have already installed secure-delete on your key servers and endpoints.

If you’re verifying a previous installation, go with the below command:

$ apt-cache policy secure-delete
secure-delete:
  Installed: 3.1-6ubuntu2
  Candidate: 3.1-6ubuntu2
  Version table:
 *** 3.1-6ubuntu2 500
        500 http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages
        100 /var/lib/dpkg/status
Secure-delete CLI Options

Here are a few key options for the secure-delete utility that I grabbed from its man pages:

-d ignore the two special dot files . and .. on the commandline. (so you can execute it like “srm -d .* *”)

-f fast (and insecure mode): no /dev/urandom, no synchronize mode.

-l lessens the security. Only two passes are written: one mode with 0xff and a final mode random values.

-l -l for a second time lessons the security even more: only one random pass is written.

-r recursive mode, deletes all subdirectories.

-v verbose mode

-z wipes the last write with zeros instead of random data

Test File Deletion

Let’s now do a test run of secure-delete.

I created a file called Test-Delete.

Next step is to go ahead and delete it via secure-delete.

I opted to use the command srm -vz since it does 38-passes and then wipes the last write with zeros instead of random data.

$ srm -vz Test-Delete
Using /dev/urandom for random input.
Wipe mode is secure (38 special passes)
Wiping Test-Delete ***************************** Removed file Test-Delete ... Done

If you want to delete an entire folder along with all the files inside it then you must add the -r option to your command:

$ srm -vzr [folder_name]

I suggest you take a deko at the man pages of secure-delete to learn more about this important security tool.

Note of Caution
As with some security tools, secure-delete too has limitations.

Read the man pages at man srm for secure-delete for details on the limitations.

Here’s an excerpt from the secure-delete man pages:
“Some of your data might have a temporary (deleted) copy somewhere on the disk. You should use sfill which comes with the secure_deletion package to ensure to wipe also the free diskspace. However, If already a small file acquired a block with your precious data, no tool … can help you here. For a secure deletion of the swap space sswap is available.”

secure-delete is a powerful tool and it’s unlikely you’ll be able to restore a file or folder if you accidentally delete it.

So act with caution before hitting the enter key and always ensure your organization has a robust backup policy.

Installing VMware Workstation 16 Pro is Easy on Linux Mint 21

 Linux, Virtualization  Comments Off on Installing VMware Workstation 16 Pro is Easy on Linux Mint 21
Sep 052022
 

Understanding the basics of virtualization is a good skill to possess in an age when it seems like everything is going virtual or to the cloud.

While Virtualbox may cut it for hobbyists, VMware is the numero uno vendor when it comes to virtualization.

If you ask me, VMware is to virtualization what Cisco is to networking gear.

Install VMware Workstation 16 Pro on Linux Mint 21 Host

VMware – Multiple Offerings

VMware ESXi is for the enterprise while Workstation 16 Pro and Workstation Player do the job well in smaller outfits.

VMware ESXi is overkill for my requirements and its installation is also more complex.

So I opted for VMware Workstation 16 Pro (a Type-2 hypervisor) unlike VMware ESXi, which is a Type-1 hypervisor aka bare metal hypervisor for my Linux Mint 21 computer.

By the way, VMware Workstation 16 Pro is also available for Windows.

Download Workstation 16 Pro

VMware offers two locations to download Workstation 16 Pro software for Linux:
1. https://www.vmware.com/products/workstation-pro/workstation-pro-evaluation.html
2. https://customerconnect.vmware.com/en/downloads/info/slug/desktop_end_user_computing/vmware_workstation_pro/16_0

You can download a 30-day free evaluation copy of VMware Workstation 16 Pro or buy the software outright from VMware or resellers.

After downloading Workstation 16 Pro, make sure you do a sha256sum check to ensure file integrity of the download.

Install VMware Workstation 16 Pro

These are the five steps I followed in installing and testing VMware Workstation 16 Pro on my Linux Mint 21 computer:

Step 1: I made sure I had installed gcc (GNU C compiler) and build-essential. gcc was already on my computer but build-essential was not. So I quickly installed it.

$ sudo apt install build-essential

Step 2: Next, I went to to my Downloads folder (where I had downloaded Workstation 16 Pro) and ran the below command:

$ sudo chmod a+x VMware-Workstation-Full-16.2.4-20089737.x86_64.bundle

Step 3: Complete the Installation:

$ sudo ./VMware-Workstation-Full-16.2.4-20089737.x86_64.bundle
Extracting VMware Installer…done.
Installing VMware Workstation 16.2.4
Configuring…
[######################################################################] 100%
Installation was successful.

Although there was no need to do so, I now did a reboot of my Linux Mint 21 system.

Step 4: Go to Menu in bottom left of your Linux Mint 21 PC and select VMware WorkStation and go through the various install prompts to launch the virtualization software.

Step 5: Test Out VMware Workstation 16 Pro by installing a Guest OS on it.

Install VMware Workstation 16 Pro

I’ve already downloaded  AlmaLinux 9, RockyLinux 9 (both Alma and Rocky are Red Hat 9 clones) and Manjaro ISOs.

In my next post, I will write about installing one of them as a guest OS on my new Linux Mint 21 host via VMware Workstation 16 Pro.

List, Research and Install Only Security Updates on Red Hat 9

 Linux, Security  Comments Off on List, Research and Install Only Security Updates on Red Hat 9
Sep 042022
 

One of the nice features of Red Hat Enterprise Linux 9 (RHEL 9) OS is the ability to check, research and install only security updates from the command line.

As a systems administrator, there’s always a risk that installing an update might break something important in the enterprise and lead to undesirable consequences.

So tread carefully when it comes to change management of your enterprise servers.

At the same time, it’s good to know the security updates and get some details about them right from within the CLI.

RHEL 9 List & Install Security Updates in Red Hat 9

By the way, the ability to install only security updates in RHEL was available in some older versions of RHEL like RHEL 8 and 7 as well.

Four Security Tasks

In this post, we’ll consider four important security aspects in Red Hat 9:
1. How to List Only Security Updates in RHEL 9
2. How to List Already Installed Security Updates in RHEL 9
3. How to Install Only All Security Updates in RHEL 9
4. How to Research and Install Only a Single Security Update in RHEL 9

Task 1: List Only Security Updates
[jack@localhost ~]$ sudo dnf updateinfo list updates security

Updating Subscription Management repositories.
Red Hat Enterprise Linux 9 for x86_64 – BaseOS (RPMs) 16 kB/s | 4.1 kB 00:00
Red Hat Enterprise Linux 9 for x86_64 – AppStream (RPMs) 21 kB/s | 4.1 kB 00:00
RHSA-2022:6157 Moderate/Sec. curl-7.76.1-14.el9_0.5.x86_64
RHSA-2022:6174 Important/Sec. firefox-91.13.0-1.el9_0.x86_64
RHSA-2022:6157 Moderate/Sec. libcurl-7.76.1-14.el9_0.5.x86_64
RHSA-2022:6181 Important/Sec. rsync-3.2.3-9.el9_0.2.x86_64

Task 2: List Security Updates already installed

You can also check for a list of security updates that you have already installed.

[jack@localhost ~]$ dnf updateinfo list security --installed

Not root, Subscription Management repositories not updated
Red Hat Enterprise Linux 9 for x86_64 – BaseOS (RPMs) 18 kB/s | 4.1 kB 00:00
Red Hat Enterprise Linux 9 for x86_64 – AppStream (RPMs) 21 kB/s | 4.1 kB 00:00
RHSA-2022:4990 Important/Sec. cups-1:2.3.3op2-13.el9_0.1.x86_64
RHSA-2022:4990 Important/Sec. cups-client-1:2.3.3op2-13.el9_0.1.x86_64
RHSA-2022:4990 Important/Sec. cups-filesystem-1:2.3.3op2-13.el9_0.1.noarch
RHSA-2022:4990 Important/Sec. cups-ipptool-1:2.3.3op2-13.el9_0.1.x86_64
RHSA-2022:4990 Important/Sec. cups-libs-1:2.3.3op2-13.el9_0.1.x86_64
RHSA-2022:4873 Important/Sec. firefox-91.10.0-1.el9_0.x86_64
RHSA-2022:5481 Important/Sec. firefox-91.11.0-2.el9_0.x86_64
RHSA-2022:5767 Important/Sec. firefox-91.12.0-2.el9_0.x86_64
RHSA-2022:4590 Important/Sec. firefox-91.9.0-1.el9_0.x86_64
RHSA-2022:4765 Critical/Sec. firefox-91.9.1-1.el9_0.x86_64
RHSA-2022:5099 Important/Sec. grub2-common-1:2.06-27.el9_0.7.noarch
….[Output truncated]

Task 3. How to Install Only Security Updates

Now it’s time to consider the most important task of this post.

How do we install only ALL security updates on Red Hat Enterprise Linux 9?

[jack@localhost ~]$ sudo dnf update --security

……
[Output truncated]
===================================================================================================================================================================================================================
Package Architecture Version Repository Size
===================================================================================================================================================================================================================
Installing:
kernel x86_64 5.14.0-70.22.1.el9_0 rhel-9-for-x86_64-baseos-rpms 595 k
Upgrading:
bpftool x86_64 5.14.0-70.22.1.el9_0 rhel-9-for-x86_64-baseos-rpms 1.3 M
curl x86_64 7.76.1-14.el9_0.4 rhel-9-for-x86_64-baseos-rpms 300 k
expat x86_64 2.2.10-12.el9_0.2 rhel-9-for-x86_64-baseos-rpms 109 k
grafana x86_64 7.5.11-5.el9_0 rhel-9-for-x86_64-appstream-rpms 39 M
kernel-headers x86_64 5.14.0-70.22.1.el9_0 rhel-9-for-x86_64-appstream-rpms 2.2 M
kernel-tools x86_64 5.14.0-70.22.1.el9_0 rhel-9-for-x86_64-baseos-rpms 824 k
kernel-tools-libs x86_64 5.14.0-70.22.1.el9_0 rhel-9-for-x86_64-baseos-rpms 605 k
libarchive x86_64 3.5.3-2.el9_0 rhel-9-for-x86_64-baseos-rpms 392 k
[Output truncated]

Task 4. How to Research & Install Only a Single Security Update

RHEL 9 also lets you research and install a single security update out of many possible security updates.

For instance, Red Hat classified Firefox as an important security update.

Since the Firefox browser was a crucial element of my organization’s security policy I went ahead and installed it without researching it further.

[jack@localhost ~]$ sudo dnf install firefox-91.13.0-1.el9_0.x86_64

……[output truncated]
Upgraded:
firefox-91.13.0-1.el9_0.x86_64

Dig Deeper

By the way, you can also dig deeper to research into a Red Hat security update recommendation from within the CLI itself.

When I found that Red Hat put up the rsync file copy and synchronize utility as an important security update I was curious to see what the issue was.

So I went back to Task 1 (see above) to get the Update ID for the rsync security update and then ran the below command.

[jack@localhost ~]$ sudo dnf updateinfo info RHSA-2022:6181

Update ID: RHSA-2022:6181
Type: security
Updated: 2022-08-24 13:06:01
Bugs: 2110928 – CVE-2022-29154 rsync: remote arbitrary files write inside the directories of connecting peers
CVEs: CVE-2022-29154
Description: The rsync utility enables the users to copy and synchronize files locally or across a network.
…[Output truncated]

Now I know that the security hole in rsync relates to “remote arbitrary files write inside the directories of connecting peers.”

Depending on my organization’s security policy and requirements, I can then decide to either ignore or upgrade rsync.

Does Ubuntu offer the capability to list, research and install only security updates via the command line?

I doubt it.

But I have noticed that Linux Mint offers the ability to view and install only security updates via its GUI-based Update Manager.

14 Methods to Verify If You’re Running Red Hat 9 OS

 Command Line, Linux  Comments Off on 14 Methods to Verify If You’re Running Red Hat 9 OS
Sep 032022
 

Red Hat Enterprise Linux 9 (RHEL 9) is the latest iteration of the solid Linux OS that powers thousands of Linux servers and workstations at a gazillion companies and organizations worldwide.

So how to quickly verify if the version of Red Hat Enterprise Linux OS you’re running is the latest release, i.e., RHEL 9 aka plow?

There are several ways to confirm if your server has the latest version of the Red Hat OS, i.e., RHEL 9.

Most of the methods do not require sudo (elevated) permission and can be run by all users.

Verify RHEL OS: Many Options

Let’s consider at least 14 ways to verify if your Red Hat workstation or server is running Red Hat Enterprise Linux 9 (RHEL 9).

By the way, all the options below should work well with previous versions of Red Hat OS like RHEL 7 or RHEL 8 as well as CentOS, Rocky Linux and AlmaLinux.

Option 1: Old is Gold
There is one crisp and neat CLI command that’s been providing the answer to the version of Red Hat OS on your server for over 20 years.

That command is cat /etc/redhat-release and it’s been available on RHEL 5, 6, 7, 8 and now on RHEL 9.

$ cat /etc/redhat-release
Red Hat Enterprise Linux release 9.0 (Plow)

Option 2: Via Subscription Manager
The subscription-manager option requires you to have registered your system with Red Hat and also needs administrator privileges.

So what is the Red Hat Subscription Manager?

According to the Red Hat 9 OS man pages, subscription-manager “is a client program that registers a system with a subscription management service such as the Customer Portal Subscription Management service or on-premise Subscription Asset.”

Besides the version of Red Hat OS, the output of sudo subscription-manager facts gives you a ton of other information including CPU, kernel, bios, motherboard and memory.

Since the output is long, I’ve truncated it so you won’t be able to see most of the other information.

$ sudo subscription-manager facts
cpu.core(s)_per_socket: 4
cpu.cpu(s): 8
cpu.cpu_socket(s): 1
cpu.thread(s)_per_core: 2
cpu.topology_source: kernel /sys cpu sibling lists
distribution.id: Plow
distribution.name: Red Hat Enterprise Linux
distribution.version: 9.0
…..[Output Truncated]

Option 3: hostnamectl
hostctl is an elegant CLI command that outputs more than just the Red Hat OS version your system is running.

This command also provides information on the system hardware, kernel, CPU architecture, and Machine and Boot IDs.

Take a look below:

[jack@localhost ~]$ hostnamectl
Static hostname: n/a
Transient hostname: localhost
Icon name: computer-desktop
Chassis: desktop 🖥
Machine ID: 34cbcd014bc4485799485d4322d9d700
Boot ID: aff0229c0ce940c5882014ce732cf194
Operating System: Red Hat Enterprise Linux 9.0 (Plow)
CPE OS Name: cpe:/o:redhat:enterprise_linux:9::baseos
Kernel: Linux 5.14.0-70.22.1.el9_0.x86_64
Architecture: x86-64
Hardware Vendor: Dell Inc.
Hardware Model: OptiPlex 9020

Option 4: Via Gnome Control Center
Our fourth option, gnome-control-center, is actually a combination of CLI and GUI.

You start with the CLI and the output comes in the form of a GUI.

$ gnome-control-center

RHEL Gnome Control Center

Option 5: RPM Commands
Let’s now consider a couple of rpm methods to verify the Red Hat release on your server or workstation.

The first method is running a rpm –query:

$ rpm --query redhat-release
redhat-release-9.0-2.17.el9.x86_64

Option 6: Another RPM Method
Here’s another rpm way to confirm your RHEL OS version.

This rpm method provides a super-brief answer.

$ rpm -E %{rhel}
9

Option 7: Yet Another cat command
It seems like there’s no end to what you can do with cat, right?

$ cat /etc/os-release
NAME=”Red Hat Enterprise Linux”
VERSION=”9.0 (Plow)
ID=”rhel”
ID_LIKE=”fedora”
VERSION_ID=”9.0
PLATFORM_ID=”platform:el9″
PRETTY_NAME=”Red Hat Enterprise Linux 9.0 (Plow)”
ANSI_COLOR=”0;31″
LOGO=”fedora-logo-icon”
CPE_NAME=”cpe:/o:redhat:enterprise_linux:9::baseos”
HOME_URL=”https://www.redhat.com/”
DOCUMENTATION_URL=”https://access.redhat.com/documentation/red_hat_enterprise_linux/9/”
BUG_REPORT_URL=”https://bugzilla.redhat.com/”

Option 8: More the Merrier
The below More command gets to the point quickly.

$ more /etc/redhat-release
Red Hat Enterprise Linux release 9.0 (Plow)

Option 9: Quick One with system-release

$ cat /etc/system-release
Red Hat Enterprise Linux release 9.0 (Plow)

Option 10: cat Offers More
Depending on the cat command, you can get more or less information when you try to verify your version of Red Hat Enterprise Linux.

The below command offers you Red Hat OS version plus provides URL links to Red Hat bug reports and documentation, all right from the terminal.

$ cat /etc/*release
NAME=”Red Hat Enterprise Linux”
VERSION=”9.0 (Plow)
ID=”rhel”
ID_LIKE=”fedora”
VERSION_ID=”9.0
PLATFORM_ID=”platform:el9″
PRETTY_NAME=”Red Hat Enterprise Linux 9.0 (Plow)”
ANSI_COLOR=”0;31″
LOGO=”fedora-logo-icon”
CPE_NAME=”cpe:/o:redhat:enterprise_linux:9::baseos”
HOME_URL=”https://www.redhat.com/”
DOCUMENTATION_URL=”https://access.redhat.com/documentation/red_hat_enterprise_linux/9/”
BUG_REPORT_URL=”https://bugzilla.redhat.com/”

REDHAT_BUGZILLA_PRODUCT=”Red Hat Enterprise Linux 9
REDHAT_BUGZILLA_PRODUCT_VERSION=9.0
REDHAT_SUPPORT_PRODUCT=”Red Hat Enterprise Linux”
REDHAT_SUPPORT_PRODUCT_VERSION=”9.0
Red Hat Enterprise Linux release 9.0 (Plow)
Red Hat Enterprise Linux release 9.0 (Plow

Option 11: uname it
When you want the RHEL version PLUS the running kernel, go with uname -r

$ uname -r
5.14.0-70.22.1.el9_0.x86_64

Option 12: Another uname CLI
With uname -a, you get the OS version plus today’s date, Kernel and the CPU architecture on your system.

$ uname -a
Linux localhost.localdomain 5.14.0-70.22.1.el9_0.x86_64 #1 SMP PREEMPT Tue Aug 2 10:02:12 EDT 2022 x86_64 x86_64 x86_64 GNU/Linux

Option 13: More cat Stuff
Looks like we’re not going to run out of cat options to verify the Red Hat OS version.

$ cat /etc/system-release-cpe
cpe:/o:redhat:enterprise_linux:9::baseos

Option 14:  ls, the Final Method
$ sudo ls /boot/loader/entries | grep el
34cbcd014bc4485799485d4322d9d700-5.14.0-70.13.1.el9_0.x86_64.conf
34cbcd014bc4485799485d4322d9d700-5.14.0-70.22.1.el9_0.x86_64.conf

If you’re a developer you can get access to a free version of Red Hat Enterprise Linux.

Otherwise you’ll have to fork out an annual fee.

Compared to other Linux distros like Ubuntu, familiarity with RHEL OS gives you a better chance of landing a job at a big company or MSP.

Uncomplicated Firewall Stays True to its Name

 Command Line, Linux, Security  Comments Off on Uncomplicated Firewall Stays True to its Name
Sep 032022
 

Having a Ubuntu or Linux Mint desktop without the UFW (short for Uncomplicated Firewall) is like buying a nice home without a front door.

UFW, a host-based netfilter firewall, comes standard with Ubuntu and its derivatives like Linux Mint 21.

The program comes in both CLI and GUI versions.

True to its name, UFW is simple to use and supports both IPv4 and IPv6 addresses.

UFW – Inactive by Default

On a newly installed Linux Mint 21 desktop computer, UFW was bizarrely inactive by default (see below).

$ sudo ufw status
Status: inactive

I don’t understand the logic of Linux Mint developers in providing a firewall that comes disabled by default.

So I set to quickly enable the UFW firewall on Linux Mint 21 with the below command:

$ sudo ufw enable
Firewall is active and enabled on system startup

In contrast to Linux Mint, the firewall on Red Hat Enterprise Linux 9 is enabled by default. On the flip side, the firewall in RHEL 9 is anything but uncomplicated.

When you enable UFW, the program reloads the firewall and enables it on boot

Now when we re-run the status command after adding the verbose option we see that UFW is active and note its default configurations: deny (incoming), allow (outgoing), disabled (routed)

$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

That is all nice and dandy but what if we want to do more than stick with the defaults.

Block Cat Videos on YouTube

UFW supports both inbound and outbound filtering.

Let’s say you want to block all outbound web traffic on your new employee’s PC (she doesn’t need the Internet for her work).

In that scenario, you’d add the following lines:

$ sudo ufw deny out https
$ sudo ufw deny out http

The above lines will prevent your employee from wasting time looking at cat videos on YouTube during work hours.

By the way, you’ll get the same results by using the Port Numbers 443 and 80 for https and https respectively:

$ sudo ufw deny out 443
$ sudo ufw deny out 80

Lots of Options

There’s plenty of other CLI options that you can tweak in UFW.

You can delete or prepend a rule by its number or by using the actual rule itself.

You can also adjust logging levels, rate-limit connections, do a dry-run feature without actually modiying the rules, reset to installation defaults) and more.

If for some reason, you want to get back to the default install, use the ufw reset command:

$ sudo ufw reset
Resetting all rules to installed defaults. Proceed with operation (y|n)? y
Backing up ‘user.rules’ to ‘/etc/ufw/user.rules.20220902_154828’
Backing up ‘before.rules’ to ‘/etc/ufw/before.rules.20220902_154828’
Backing up ‘after.rules’ to ‘/etc/ufw/after.rules.20220902_154828’
Backing up ‘user6.rules’ to ‘/etc/ufw/user6.rules.20220902_154828’
Backing up ‘before6.rules’ to ‘/etc/ufw/before6.rules.20220902_154828’
Backing up ‘after6.rules’ to ‘/etc/ufw/after6.rules.20220902_154828’

For traffic not destined to the host itself but meant to be routed through the firewall, make sure you prepend route before the rule. So your syntax would lok like:

$ sudo ufw route [Rule}

According to UFW’s man pages, the rate-limit feature kicks in if an IP address tries to initiate 6 or more connections within 30 seconds.

For instance, if you want to rate-limit ssh connections, you’d use:

$ sudo ufw limit ssh/tcp

You can verify the ssh rate-limit you configured above by running:

$ sudo ufw status numbered
Status: active
To Action From
— —— —-
[ 1] 22/tcp LIMIT IN Anywhere
[ 2] 22/tcp (v6) LIMIT IN Anywhere (v6)

Clearly, UFW is a richly featured firewall with plenty of options.

We have barely scratched the surface of UFW’s capabilities in this post.

I’d encourage you to login to your Ubuntu 22.04 or Linux Mint 21 system and check out the man pages of UFW and play around with the various options.

GUI Version of UFW

If you think the CLI version of UFW is no biggie to configure, wait till you see the GUI version, which is appropriately named Gufw Firewall.

It takes just a few seconds to set up. If you’re using Linux Mint 21, go to Menu (bottom-left usually) and search for gufw or firewall.

UFW Uncomplicated Firewall
The GUI version has three profiles: Home, Office and Public.

By default, Outgoing traffic is allowed for all three profiles while Incoming traffic is denied for Public and Office.

Home profile is turned off by default but you can turn it on and pick deny for Incoming traffic IF that is your preference.

UFW Verdict

All in all, UFW is one of the security utilities that make Ubuntu or Linux Mint 21 a worthy desktop Linux distribution.

Unlike the default firewall in RHEL 9 (which uses the concept of zones and a difficult syntax), UFW is easy to use whether in GUI or CLI mode.

I only wish UFW came enabled by default.

Before concluding, I’d like to share a bunch of key UFW commands I found on the firewall’s man pages:

$ sudo ufw –help
Usage: ufw COMMAND

Commands:
enable enables the firewall
disable disables the firewall
default ARG set default policy
logging LEVEL set logging to LEVEL
allow ARGS add allow rule
deny ARGS add deny rule
reject ARGS add reject rule
limit ARGS add limit rule
delete RULE|NUM delete RULE
insert NUM RULE insert RULE at NUM
prepend RULE prepend RULE
route RULE add route RULE
route delete RULE|NUM delete route RULE
route insert NUM RULE insert route RULE at NUM
reload reload firewall
reset reset firewall
status show firewall status
status numbered show firewall status as numbered list of RULES
status verbose show verbose firewall status
show ARG show firewall report
version display version information

Find DNS Server in Linux Mint

 Command Line, Linux  Comments Off on Find DNS Server in Linux Mint
Feb 242021
 

If you’re a networking or sys admin student, you might want to know how to identify the DNS server address of your Linux system on the Command Line.

DNS refers to the Domain Name System, which resolves domain names into IP addresses.

In this case, we’re talking specifically about finding the DNS server on the Linux Mint or Ubuntu desktop via the command line interface.

Identify DNS Server Address via CLI

Here are a few command line tools that should help you identify the DNS server on your Linux Mint system.

I’ve tested the following commands on Linux Mint and Ubuntu.

1. nmcli dev show | grep DNS

$ nmcli dev show | grep DNS
IP4.DNS[1]: 208.67.220.220
IP4.DNS[2]: 208.67.222.222

2. nmcli dev show | grep DNS | sed ‘s/\s\s*/\t/g’ | cut -f 2

$ nmcli dev show | grep DNS | sed 's/\s\s*/\t/g' | cut -f 2
208.67.220.220
208.67.222.222

3. nmcli device show | grep IP4.DNS

$ nmcli device show eno3 | grep IP4.DNS
IP4.DNS[1]: 208.67.220.220
IP4.DNS[2]: 208.67.222.222

4. systemd-resolve –status

You may have to scroll down (press the tab key) to see full output.

systemd-resolve --status
Global
          DNSSEC NTA: 10.in-addr.arpa
                      16.172.in-addr.arpa
                      168.192.in-addr.arpa
                      17.172.in-addr.arpa
                      [output truncated]
         DNS Servers: 208.67.220.220
                      208.67.222.222
          DNS Domain: ~.