Servers

SShield Review – AI-Powered Automated Security Tool

We’ll be reviewing SShield, which is a part of SPanel. After the great interest of our SPanel review, it’s a great idea to focus on individual parts of SPanel itself, like SShield. Read our detailed review below. What is SShield SShield is a security tool that monitors all your website in real-time, 24/7. The tool […]

Source

from ThisHosting.Rocks https://thishosting.rocks/sshield-review/…

0
Read More

Make Yourself In-Demand in a Post-COVID World With These Skills

If the death toll of the ongoing COVID-19 pandemic is not giving you serious bouts of depression, here’s something scarier: For the past month, 10% of the US workforce, or close to 15 million people do not have jobs anymore, also thanks to the pandemic. As of the end of April, over 26 million people have looked into unemployment benefits, and the figure is not showing any signs of decline. This is millions of us who are struggling on multiple fronts: how to stay healthy, how to pay the bills, and how to keep sane with everything that’s going on.

With the job market at its rockiest in history, laid-off employees may want to use this lockdown period as an opportunity to reassess themselves in terms of their careers, what they really want to do as work, what their skills are, what the job market needs, and what skills they can develop to make themselves more “marketable” when the “new normal” kicks in.

The same goes for you, still working reader. You may be “secure” in your current job, but with the way the world economy is going, no one is dispensable. The business and commercial landscape is evolving, all the more because of the COVID-19 crisis. Demands from companies are changing, and if you plan to stick around in the employed sector of the economy, you need to keep your skillset updated to these demands. It doesn’t matter if you are “not so technical” and past your prime; if you want to stay employed, you have to reskill, upskill, and get your available skills in line with what the market needs.  What skills are these? Take note of these skills that you need to acquire as soon as possible:

 

Up your critical thinking and problem-solving skills

According to a Society for Human Resource Management survey, the top soft skill that is absent among candidates according to 37% of employers is critical thinking and problem solving. The chance of someone with demonstrated problem solving and critical thinking skills getting hired is very high, as they are valued for providing options and solutions when companies face problems such as the current one everyone is facing.

Employers say they need a workforce fully equipped with skills beyond the basics of reading, writing, and arithmetic to grow their businesses. These skills include critical thinking and problem solving, according to a 2010 Critical Skills Survey by the American Management Association and others.

(Via: https://www.dol.gov/odep/topics/youth/softskills/problem.pdf)

 

Up your social media and digital marketing skills

With the current lockdown forcing businesses to shift to methods that do not require physical contact and the near future most probably seen to continue with this, efforts to encourage consumers to buy things have also shifted to online and digital.  Thus, in-demand skills involve search engine marketing (marketing that will allow your business to shine in Google and other search engines), search engine optimization (marketing that will allow your online assets (website, social media) to be optimized so that your business will rank high on search engines), and email marketing.

While certain industries like Travel and Hospitality and Retail were hit very hard and it felt like they may take a while to restart, many other industries it

0
Read More

How to Install and Configure Checkmk on CentOS 8 / RHEL 8

Developed in Python & C++ languages, Checkmk is an open-source monitoring server that is an improvement of Nagios operating system with enhanced plugins and monitoring capabilities. Checkmk uses agents to collect and ship remote systems’ metrics to the server. The agents are available for both Linux and Windows systems in 32 & 64-bit architectures.

Checkmk is used in monitoring applications, servers and even cloud infrastructure such as AWS and Azure. In this guide, we will walk you through how to install and configure Checkmk on CentOS 8 and later on, see how you can add both Linux and Windows hosts to checkmk server for monitoring.

We will install Checkmk using the OMD (Open Monitoring Distribution) bundle. This bundle ships with Nagios and all the necessary plugins required for monitoring various services.

Lab Setup details for Checkmk

This will be our set up

  • Checkmk Server – CentOS 8
  • Host 1 – CentOS  8
  • Host 2 – Windows Server 2019

Step 1) Update the system

To start off, it’s always advisable to update your package lists to start on a clean slate. Therefore, log in to the Checkmk server and run the off command below.

$ sudo dnf update -y

Once the update is completed successfully and reboot the system once.

Step 2) Install prerequisite packages

Once the update is complete, you need to install a couple of packages for the installation of Checkmk monitoring tool to go smoothly.

First, you need to install EPEL. This is short for Extra Packages for Enterprise Linux. This is a package repository that provides additional packages that are not present in the default AppStream repositories for CentOS 8. This will prove beneficial as some of the packages required by OMD are contained in EPEL.

To install the EPEL repository, execute the command:

$ sudo dnf install epel-release

install-epel-release-centos8-rhel8

Press ‘y’ on the keyboard and hit ENTER to proceed with the installation.

Next, ensure that you install xinetd and OpenSSL packages. Therefore, run the command:

$ sudo dnf install xinetd openssl -y

Also, ensure that Python 3 is installed (It comes preinstalled by default on CentOS 8). In case it is not installed on your CentOS 8 / RHEL 8 system then run following command to install it,

$ sudo dnf install python3 -y

Run following command to verify the python version

[[email protected] ~]$ python3 -V
Python 3.6.8
[[email protected] ~]$

Don not forget to install ‘graphiz-gd’ package from PowerTools repository, run the following dnf command

$ sudo dnf --enablerepo=PowerTools install graphviz-gd -y

Step 3) Set SELinux and firewall rules for checkmk

SELinux is a kernel security module that enhances the security of your CentOS 8 and RHEL 8 system. Set the following selinux rule to allow web server to access network interfaces,

$ sudo setsebool -P httpd_can_network_connect 1

Now allow http service or its port in firewall, run

$ sudo firewall-cmd --zone=public --add-service=http --permanent
$ sudo firewall-cmd --reload

Note: You can skip this only if Selinux and firewalld is disabled on your system.

Step 4) Installing Checkmk monitoring tool

With all the prerequisites out of the way, it’s time now to install Checkmk First, download the RPM package from the Official site.

$ wget https://checkmk.com/support/1.6.0p14/check-mk-raw-1.6.0p14-el8-38.x86_64.rpm

Download-check-mk-raw-package-centos8-wget-coomand

Once downloaded install Checkmk rpm package with …

0
Read More

Top 7 Security Hardening Tips for CentOS 8 / RHEL 8 Server

Once you have installed your CentOS 8 / RHEL 8 server, securing it to prevent unauthorized access and intrusions comes second. As the adage goes , “Prevention is better than cure” so is prevention of hacks better that taking remediation attempts.

Let explore a few steps that you can take to harden and secure CentOS 8 / RHEL 8 server and thwart hacking attempts.

1) Set up a firewall

As a security-minded Linux user, you wouldn’t just allow any traffic into your CentOS 8 / RHEL 8 system for security reasons. In fact, setting up a firewall is one of the initial server setup tasks that a systems administrator needs to perform to only open specific ports and allow services currently in use.

By default, CentsO8 / RHEL 8 system ship with firewalld firewall which can be started and enabled on startup by running the commands:

$ sudo systemctl start firewalld
$ sudo systemctl enable firewalld

To check the services allowed on the firewall, simply run the command:

$ sudo firewall-cmd --list all

To open a port on the firewall e.g port 443, execute the command:

$ sudo firewall-cmd --add-port=443/tcp --zone=public --permanent

To allow a service e.g ssh , use the command:

$ sudo firewall-cmd --add-service=ssh  --zone=public --permanent

To remove a port and a service , use the –remove-port  and –remove-service attributes respectively.

For the changes to take effect , always reload the firewall as shown.

$ sudo firewall-cmd --reload

2) Disable unused / undesirable services

It’s always advised to turn off unused or unnecessary services on your server. This is because the higher the number of services running, the more the number of ports open on your system which can be exploited by an attacker to gain entry to your system. Additionally, desist from using old and insecure service like telnet which send traffic in plain text

Best security practices recommend disabling unused services and getting rid of all the insecure services running on your system. You can use the nmap tool to scan your system and check which ports are open and being listened to.

3) Secure critical files

It’s essential to lock down critical files to prevent accidental deletion or editing. Such files include the /etc/passwd and /etc/gshadow which contain hashed passwords. To make the files immutable ( i.e prevent modification or accidental deletion ) use the chattr command as shown:

$ sudo chattr +i /etc/passwd
$ sudo chattr +i /etc/shadow

This ensures that a hacker cannot change any of the users’ password or delete them leading to denial of login to the system.

4) Secure SSH protocol

SSH protocol is a popularly used protocol for remote logins. By default , the protocol has native weaknesses that can be exploited by a hacker.

By default, SSH allows remote login by the root user. This is a potential loophole and if a hacker can get a hold of the root’s password to your system, your server is pretty much at their mercy. To prevent this, it’s advisable to deny remote root login and instead create a login regular user with sudo privileges. You can effect this  by modifying the SSH configuration file /etc/ssh/sshd_config and disable root login as shown:

PermitRootLogin

Another way you can secure SSH is …

0
Read More

Self-Hosted and Open-Source Alternatives to Popular Services

The internet is a prominent place. And while it may feel like a few huge names like Netflix, Dropbox, and Facebook run the show, they are far from the only option you have available. It’s now easier than ever to find a self-hosted alternative to just about any online platform. What does self-hosted mean? Self-hosted […]

Source

from ThisHosting.Rocks https://thishosting.rocks/self-hosted-open-source-alternatives-to-popular-services/…

0
Read More

How to Setup Highly Available Kubernetes Cluster with Kubeadm

When we setup Kubernetes (k8s) cluster on-premises for production environment then it is recommended to deploy it in high availability. Here high availability means installing Kubernetes master or control plane in HA. In this article I will demonstrate how we can setup highly available Kubernetes cluster using kubeadm utility.

For the demonstration, I have used five CentOS 7 systems with following details:

  • k8s-master-1 – Minimal CentOS 7 – 192.168.1.40 – 2GB RAM, 2vCPU, 40 GB Disk
  • k8s-master-2 – Minimal CentOS 7 – 192.168.1.41 – 2GB RAM, 2vCPU, 40 GB Disk
  • k8s-master-3 – Minimal CentOS 7 – 192.168.1.42 – 2GB RAM, 2vCPU, 40 GB Disk
  • k8s-worker-1 – Minimal CentOS 7 – 192.168.1.43 – 2GB RAM, 2vCPU, 40 GB Disk
  • k8s-worker-2 – Minimal CentOS 7 – 192.168.1.44 – 2GB RAM, 2vCPU, 40 GB Disk

HA-Kubernetes-Cluster-Setup

Note: etcd cluster can also be formed outside of master nodes but for that we need additional hardware, so I am installing etcd inside my master nodes.

Minimum requirements for setting up Highly K8s cluster

  • Install Kubeadm, kubelet and kubectl on all master and worker Nodes
  • Network Connectivity among master and worker nodes
  • Internet Connectivity on all the nodes
  • Root credentials or sudo privileges user on all nodes

Let’s jump into the installation and configuration steps

Step 1) Set Hostname and add entries in /etc/hosts file

Run hostnamectl command to set hostname on each node, example is shown for k8s-master-1 node,

$ hostnamectl set-hostname "k8s-master-1"
$ exec bash

Similarly, run above command on remaining nodes and set their respective hostname. Once hostname is set on all master and worker nodes then add the following entries in /etc/hosts file on all the nodes.

192.168.1.40   k8s-master-1
192.168.1.41   k8s-master-2
192.168.1.42   k8s-master-3
192.168.1.43   k8s-worker-1
192.168.1.44   k8s-worker-2
192.168.1.45   vip-k8s-master

I have used one additional entry “192.168.1.45   vip-k8s-master” in host file because I will be using this IP and hostname while configuring the haproxy and keepalived on all master nodes. This IP will be used as kube-apiserver load balancer ip. All the kube-apiserver request will come to this IP and then the request will be distributed among backend actual kube-apiservers.

Step 2) Install and Configure Keepalive and HAProxy on all master / control plane nodes

Install keepalived and haproxy on each master node using the following yum command,

$ sudo yum install haproxy keepalived -y

Configure Keepalived on k8s-master-1 first, create check_apiserver.sh script will the following content,

[[email protected] ~]$ sudo vi /etc/keepalived/check_apiserver.sh
#!/bin/sh
APISERVER_VIP=192.168.1.45
APISERVER_DEST_PORT=6443

errorExit() {
    echo "*** $*" 1>&2
    exit 1
}

curl --silent --max-time 2 --insecure https://localhost:${APISERVER_DEST_PORT}/ -o /dev/null || errorExit "Error GET https://localhost:${APISERVER_DEST_PORT}/"
if ip addr | grep -q ${APISERVER_VIP}; then
    curl --silent --max-time 2 --insecure https://${APISERVER_VIP}:${APISERVER_DEST_PORT}/ -o /dev/null || errorExit "Error GET https://${APISERVER_VIP}:${APISERVER_DEST_PORT}/"
fi

save and exit the file.

Set the executable permissions

$ sudo chmod +x /etc/keepalived/check_apiserver.sh

Take the backup of keepalived.conf file and then truncate the file.

[[email protected] ~]$ sudo cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf-org
[[email protected] ~]$ sudo sh -c '> /etc/keepalived/keepalived.conf'

Now paste the following contents to /etc/keepalived/keepalived.conf file

[[email protected] ~]$ sudo vi /etc/keepalived/keepalived.conf
! /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
    router_id LVS_DEVEL
}
vrrp_script check_apiserver {
  script "/etc/keepalived/check_apiserver.sh"
  interval 3
  weight -2
  fall 10
  rise 2
}

vrrp_instance VI_1 {
    state MASTER
    interface enp0s3
    virtual_router_id 151
    priority 255
    authentication {
        auth_type PASS
        
0
Read More

Cache-Free Your Way to Device Spring Cleaning

Every time you browse a website for the first time, information from it is stored in temporary files, and these files are called cache.  Why is there cache, you ask? Isn’t this a little invasion of your privacy because your browser or gadget retains some information about the sites you have visited? Shouldn’t this be prohibited? Cache files, terrible as they may seem when it comes to your security, is helpful when it comes to your browsing speed. See, those temporary files allow you to load the website faster and directly the next time you visit it, leading to a more satisfying browsing experience from you since you don’t have to wait that long for the site to load. If cache files are not present, the browser would need to connect to the site’s server again for proper reloading.

But then, security is not the only downside to cache files, as helpful as they may be. They also slow down your apps and device systems since they use memory and RAM.  Besides, a good number of sites only get visited by a user once, so there is not really a necessity for the cache of these sites to be saved.  Now, the question is, is it a good habit to clear your device’s cache? The answer is yes, and regularly. Why?

You will not see all changes made to the webpage if you rely on the cache. If you frequent a website and are religious in clearing the cache memory of your device, the browser, or the app you are using will be alerted to fetch the webpage’s latest version all the time. Also, when you are using a device that other people may have access to, as mentioned earlier, the next user may get access to your information, as the cache can store information such as your payment modes (e.g., debit and credit card information) and log-in credentials. That’s an additional privacy threat!

So, how do you clear your cache? With a laptop, since most online activities are done through browsing, then clearing the cache of your web browser is the way to go. Otherwise, you can also clear the cache of your iDevice or Android device. Here’s how:

 

Remove your cache in Chrome

Personal laptops run on Chrome. I mean, who uses IE or Microsoft Edge on their personal laptops? To remove cache on your Chrome browser, here are the steps:

To clear the cache and cookies in Chrome, you’ll need to access the browser’s Settings menu. There are three different ways you can get here.

The first way is to click the three vertical dots icon in the top-right corner of the screen, hovering over “More Tools,” and then selecting “Clear Browsing Data.”

(Via: https://www.howtogeek.com/661729/how-to-clear-cache-and-cookies-in-chrome/)

 

Remove your cache in Firefox

Firefox is another popular browser. Here are the steps to remove cache when your browser of choice is Firefox:

Like all internet browsers, Firefox temporarily stores items (such as images) in a cache to help speed up browsing. If Firefox is your preferred browser of choice, you can choose to clear this cache manually by accessing your “Privacy & Security” tab in the browser preferences. Additionally, you can set up custom settings to clear …

0
Read More

How to Dual Boot Linux Mint 20 with Windows 10

Linux Mint 20, also referred to as Ulyana, was released in June 2020 and packs with a basket of new features and enhancements to improve your overall user experience. If you have Windows 10 already on your PC and would like to reap the full benefits of the latest Mint release, you can install it alongside Windows 10.

Upon booting, you will be presented with the option of booting into either Linux Mint 20 or Windows 10. In this guide, we show you how to dual boot Windows 10 and Linux Mint 20.

Prerequisites

Before embarking on configuring the dual-boot setup, ensure that the following requirements are met:

  • A bootable installation medium of Linux Mint 20 (Either USB or DVD)
  • A fast and stable internet connection

Note : In Windows 10, we can make a bootable USB drive from ISO file using Rufus software. Use the following URL to download Linux Mint 20:

Step 1) Create a free partition on Windows for Linux installation

To start off, we need to partition the hard drive and create a separate partition for installation of Linux Mint. So, launch the disk management utility by pressing ‘Windows key + R’ to open the run dialogue. Then type diskmgmt.msc and hit ‘ENTER’.

diskmgmt-msc-command

The Disk Management utility lists all the hard drives attached to the PC and their partitions. In our example, we only have a single hard drive with one partition. We are going to shrink this partition and create a free partition for our Linux Mint 20 installation. Right click on the partition and select the ‘Shrink’ option

Shrink-Volumes-options-windows10

On the pop-up that appears, specify the amount of space that you’d like to shrink the partition to. In this case, we have allocated 15593 MB to the partition that we are going to install Linux Mint on. Once done, click on the ‘Shrink’ button to shrink the volume and create the free partition.

Specify-amount-of-space-shrink-windows10

The unallocated space is now ready to be used for the installation of Linux Mint.

Unallocated-Space-After-Shrinking-Windows10

All you have to do now is to plug in your bootable USB drive and reboot your PC. Be sure to change the BIOS settings and assign your USB/DVD medium the highest boot priority. Thereafter, save the changes and once again, reboot your system.

Step 2) Begin the Installation of Linux Mint 20

Upon rebooting, a grub menu will be displayed with a list of options shown. Select the first option to begin the installation.

Welcome-Screen-LinuxMint20-Installation

This ushers you to the Linux Mint 20 desktop. Mint gives you an option to try out Mint without necessarily installing it. You can explore the new look and various features. But since we are interested in installing Mint, simply click on the ‘Install Linux Mint’ icon as shown.

Install-LinuxMint20-Installation-option

Step 3) Choose Language and Keyboard Layout

On the welcome page, select your preferred installation language and click on the ‘Continue’ button.

Choose-Language-LinuxMint20-Installation

Next, select your keyboard layout as shown and click ‘Continue’.

Keyboard-Layout-during-linuxmint20-installation

Step 4) Choose to ‘Install multimedia codecs’ during the installation

In the this step, check off the ‘Install multimedia codecs’ checkbox to install the latest multimedia codecs to enable you to play …

0
Read More

BitLaunch Review – Pay with Cryptocurrencies for Cloud Servers

BitLaunch is a cloud server hosting provider that offers servers from themselves, Vultr, DigitalOcean, and Linode. Essentially, with BitLaunch, you can use cryptocurrencies to pay for servers by Vultr and other popular cloud server providers. Read our detailed review below. About BitLaunch BitLaunch was launched in late 2017.  Being a VPS provider that accepts cryptocurrencies […]

Source

from ThisHosting.Rocks https://thishosting.rocks/bitlaunch-review/…

0
Read More

How to Setup Kubernetes Cluster on Google Cloud Platform (GCP)

Popularly known as K8s or Kube, Kubernetes is an opensource orchestration platform that automates the deployment, scaling, and monitoring of containerized applications.

In simple terms, Kubernetes allows users to efficiently manage clusters which are made up of groups of running containers such as Linux containers.

Kubernetes clusters can be deployed both on-premise and on public cloud platforms such as AWS, Google Cloud (GCP), and Microsoft Azure. In this guide, we take you through a step-by-step procedure of how you can set up a Kubernetes cluster on Google Cloud Platform (GCP).

Prerequisites

Before proceeding, ensure that you have a Google Cloud Account. You can always create one upon which you get started with $300 worth of credits for a period of 365 days.

Create your first cluster

The first step in deploying your first Kubernetes Cluster is to log in to your Google Cloud Platform. Upon logging in, you will see the dashboard displayed as shown.

Click on the top left button & navigate to Kubernetes Engine –> Clusters

GCP-Kubernetes-Cluster-Option

This opens the ‘Clusters’ section shown below. If you are creating a Kubernetes Cluster for the first time, Google Cloud will take a few minutes enabling the Kubernetes Engine API, so some patience will do.

Enabling-Kuberntes-API-GCP

Once done, click on the ‘Create Cluster‘ button to deploy your first Kubernetes cluster.

In the next section, the default details of the cluster will be displayed as shown.

k8s-cluster-basics-gcp

You can click on the left sidebar to verify further details on your cluster. For example, you can click on the ‘Default-pool’ option to display more information about the node-pool.

Node-Pool-details-GCP

Feel free to make a few tweaks depending on your needs. You can increase the number of nodes, and make a few tweaks to suit your needs. Once you are satisfied with your selections, click the ‘CREATE’ button to create your Kubernetes Cluster.

Choose-Create-Zonal-K8s-Cluster-GCP

This takes a few minutes, so go ahead and grab some tea as Google Cloud begins to initialize and create the Cluster. After a successful deployment of the Kubernetes cluster, the cluster will be listed as shown.

K8s-Cluster-After-deployment-GCP

Connecting to the Kubernetes Cluster

Our cluster is up and running, but it doesn’t help much if you don’t have command-line access. There are 2 ways you can connect to your cluster: Using the Google Cloud Shell and connecting remotely from a Linux system using the Google Cloud SDK kit.

To connect to the Kubernetes cluster using the Google Cloud Shell, click on the ‘Connect’ button adjacent to the cluster.

Connect-k8s-console-gcp

This opens a pop-up screen as shown with a command that you should run in the Cloud Shell to start managing your cluster.

Command-line-access-k8s-gcp

To run the command, click on the ‘Run in Cloud Shell’ button. Google Cloud will start initializing and establishing a connection to the cloud shell.

Connecting-Google-Cloud-Shell-K8S

Finally, the Cloud shell will be displayed with the command already pasted on the shell. Hit ‘ENTER’ to run the command and begin managing your cluster and performing cluster administrative tasks. For example, to display the number of nodes, run the command:

$ kubectl get nodes

K8s-google-cloud-console-access-gcp

As you might have observed, the Kubernetes cluster comprises of 3 nodes as configured by default …

0
Read More