Pages

Wednesday, January 3, 2018

Fedora 27 : Fix your distro with package-cleanup command.

Happy New Year 2018 !
A new beginning for us, fedora distribution users, and I prefer to write about what we all use in Fedora and maybe is less well known by new  readers.
Let's start with the development process of Fedora distro come and all the installed kernels.
Normally reason why you maybe want remove kernels is limited disk space, fix problems and see what is wrong with your Fedora distro.
First issue is about installed kernels, use this command:
#rpm -q kernel
Install this package tool named dnf-utils (is a collection of add-on tool for dnf tool).
#dnf install dnf-utils
Let's start with this command, we see that several packages are seemingly installed more than once:
#package-cleanup --cleandupes
If there’s any remaining trouble with the yum database you can see with this command:
#package-cleanup --problems
To remove installed kernels from old Fedora distros use this command:
#package-cleanup --oldkernels --count=2
... the Fedora 27 use this command:
#package-cleanup --oldkernels 2
To obtain list of orphaned packages currently residing in the system:
#package-cleanup --leaves

Tuesday, December 19, 2017

Fedora 27 : Firefox and selinux : sepolgen tool .

To writing the actual policy for SELinux application, you can get many of the permissions your application needs by running.
First test if is installed into your Fedora distro.
I used Fedora 27 with SELinux set Enforcing.
If your application is named my_app then use this command:
sepolgen --init  /path/to/my_app
The result of this command will be this:
app.fc
my_app.sh
my_app.if
my_app_selinux.spec
my_app.te
If your application will be a rpm package, you can delete app.spec and app.sh.
The file with extension .te is a Type Enforcement file.

About this five files, the Linux help tells us:

Type Enforcing File NAME.te 
This file can be used to define all the types rules for a particular domain.

Note: Policy generated by sepolicy generate will automatically add a permissive DOMAIN
 to your te file. When you are satisfied that your policy works, you need to remove 
the permissive line from the te file to run your domain in enforcing mode.

Interface File NAME.if 
This file defines the interfaces for the types generated in the te file, which can 
be used by other policy domains.

File Context NAME.fc 
This file defines the default file context for the system, it takes the file types 
created in the te file and associates file paths to the types. Tools like restorecon
 and RPM will use these paths to put down labels.

RPM Spec File NAME_selinux.spec 
This file is an RPM SPEC file that can be used to install the SELinux policy on to
 machines and setup the labeling. The spec file also installs the interface file and
 a man page describing the policy. You can use sepolicy manpage -d NAME to generate 
the man page.

Shell File NAME.sh 
This is a helper shell script to compile, install and fix the labeling on your test 
system. It will also generate a man page based on the installed policy, and compile
 and build an RPM suitable to be installed on other machines
Open the my_app.te file will see something like this:
policy_module(my_app, 1.0.0)

########################################
#
# Declarations
#

type my_app_t;
type my_app_exec_t;
init_daemon_domain(my_app_t, my_app_exec_t)

# Please remove this once your policy works as expected.
permissive my_app_t;

########################################
#
# my_app local policy
#
allow my_app_t self:fifo_file rw_fifo_file_perms;
allow my_app_t self:unix_stream_socket create_stream_socket_perms;

domain_use_interactive_fds(my_app_t)
files_read_etc_files(my_app_t)
auth_use_nsswitch(my_app_t)
miscfiles_read_localization(my_app_t)
sysnet_dns_name_resolve(my_app_t)

The first line uses the name of the binary and will be the name of the policy and the version.
policy_module(my_app, 1.0.0)
The nest rows come with this:

type my_app_t;
type my_app_exec_t;
init_daemon_domain(my_app_t, my_app_exec_t)
- the unique type to describe this application is my_app_t.
- SELinux tells us we’ll be executing this file with my_app_exec_t.
- this program will run as a service: init_daemon_domain(my_app_t, my_app_exec_t).

The next row is about log permission errors ( but let the application continue to run).
permissive my_app_t;

The next rows show how the application use file permissions and if the application will use Unix steam.
Don't change it , you can get a google search to see more examples with this type of allow.
allow my_app_t self:fifo_file rw_fifo_file_perms;
allow my_app_t self:unix_stream_socket create_stream_socket_perms;

Abou this rows:
domain_use_interactive_fds(my_app_t)
files_read_etc_files(my_app_t)
auth_use_nsswitch(my_app_t)
miscfiles_read_localization(my_app_t)
sysnet_dns_name_resolve(my_app_t)

The domain_use_interactive_fds and term_use_all_terms support operations where SSH allocates a tty for the user( example the allow fifo_file supports the opposite).
The my_app want to read from /etc folder with files_read_etc_files.
The auth_use_nsswitch also can adds rules allowing access to NIS/YPBIND ports.
The miscfiles_read_localization is about localization code.

To better understand this tutorial, you can create a folder in your home directory and then test it with a different application from Fedora 27.
One good example: sepolgen --init /opt/firefox .

Sunday, December 17, 2017

Fedora 27 : Go and atom editor.

The Go programming language was created at Google in 2009 by Robert Griesemer, Rob Pike, and Ken Thompson.
The Go often referred to as golang is a programming language created at Google.
Using go with Fedora 27 is very simple , just install it with dnf tool.
#sudo dnf install golang
To use it with atom editor you need to install the atom editor , see this tutorial.
The next step is to set the atom editor with the packages for go programming language, like:
  • go-plus
  • go-get
  • go-imports
  • platformio-ide-terminal
The go command come with this help:
Go is a tool for managing Go source code.

Usage:

go command [arguments]
The commands are:

build       compile packages and dependencies
clean       remove object files
doc         show documentation for package or symbol
env         print Go environment information
bug         start a bug report
fix         run go tool fix on packages
fmt         run gofmt on package sources
generate    generate Go files by processing source
get         download and install packages and dependencies
install     compile and install packages and dependencies
list        list packages
run         compile and run Go program
test        test packages
tool        run specified go tool
version     print Go version
vet         run go tool vet on packages
Use "go help [command]" for more information about a command.

Additional help topics:

c           calling between Go and C
buildmode   description of build modes
filetype    file types
gopath      GOPATH environment variable
environment environment variables
importpath  import path syntax
packages    description of package lists
testflag    description of testing flags
testfunc    description of testing functions
The next step is to install your packages with go command and get:
go get -u golang.org/x/tools/
go get -u github.com/golang/lint/golint
Let's make a simple example:
package main
import "fmt"
func main() {
    fmt.Println("Hello world !")
}
Let's test it with go command. To run the program, create a file named hello-world.go put the code in and use go run:
$ go run hello-world.go
hello world
If you want to build our programs into binaries, we can do this using go build :
$ go build hello-world.go
$ ls
hello-world hello-world.go
Finally, we can then execute the built binary directly.
$ ./hello-world
hello world
After I searched the internet I found a website with many examples and I recommend it. You can find him here.

Thursday, December 14, 2017

Fedora 27 : Using atom editor with teletype.

The atom editor is a very good free and open-source text and source code editor for macOS, Linux, and Microsoft Windows.
This editor come with support for plug-ins written in Node.js, and embedded Git Control, developed by GitHub and more features.
Today I will show you how to install this tool with teletype into Fedora 27 distro linux.
Go to the Atom homepage from your web browser and click to download the RPM version.
Use this command to install it:
$sudo su 
#cd Download 
# dnf install atom.x86_64.rpm
Let's see this install:


The next step is to use teletype from atom.

Just install the teletype package into atom editor into settings area.
The teletype tool introduces the concept of real-time "portals" for sharing workspaces.
This tool uses WebRTC to encrypt all communication between collaborators.
Use the teletype with one click on the radio tower icon in the Atom status bar.
This will open a dialog into the right of the screen and ask you for teletype token.
You can get this token from here.
After you put the token then use the check button to share your content and atom teletype will get a ID.
Just share this ID with your development team to share your work.

Tuesday, December 12, 2017

Fedora 27 : About Cockpit linux tool.

About the Cockpit the official website tell us:
Cockpit makes Linux discoverable, allowing sysadmins to easily perform tasks such as starting containers, storage administration, network configuration, inspecting logs and so on.
If you use Fedora 27 the this tool can be used very easy.
If your Fedora Spin don't come with this tool then you can install it with this command:
#dnf -y install cockpit
First you need to follow this steps:
- starting Cockpit requires only a single command:
#systemctl start cockpit
- we’ll configure it to start on boot with:
#systemctl enable cockpit.socket
- you can check the status of Cockpit with:
#systemctl status cockpit
- the Cockpit tool runs on port 9090, so you’ll need to allow it through the firewall with this command:
#firewall-cmd --add-service=cockpit
- or simply add with the open port with:
#firewall-cmd --permanent --add-port=9090/tcp
- you now should reload the firewall for the rule to take effect:
#firewall-cmd --reload
Testing is the next step by log into Cockpit from your localhost (your server’s IP address) with your server’s root credentials.
Once you logged in you’ll see the Dashboard web page containing information about the server itself and graphs showing CPU and Memory Usage as well as Disk I/O and Network Traffic.
Let's see the Dashboard:
  • System come with infos about your system;
  • Logs displays the server’s system and service logs. That allows you to click on any entry for more detailed information, such as the process ID. 
  • Storage gives you a graphical look at disk reads and writes, and also allows you to view relevant logs. Also, you can set up and manage RAID devices and volume groups, and format, partition, and mount/unmount drives. 
  • Networking contains an overview of inbound and outbound traffic, logs and network interface information. You also can configure the network interface from this page. 
  • Containers allows you to manage your Docker containers. You can search for new containers, add or remove containers, start and stop them, and set runtime variables on this page. 
  • Accounts lets you to : add and manage users, set up and change passwords, and add and manage public SSH keys for each user. 
  • Services lists all services, and clicking on any entry takes you to a detail page showing the service log and allowing you to start/stop, enable/disable, reload/isolate, or mask/unmask each service.
  • Terminal let you a fully functional terminal, with tab completion, allowing you to perform any task you could perform through its web interface.This come with the same privileges your login credentials would allow via SSH.
You can take a look at documentation for Cockpit to learn more about this tool.

Friday, December 8, 2017

Fedora 27 : Firefox and selinux intro .

Today I made a summary of selinux.
This is a protection and security utility in linux operating systems.
It is quite complex and requires a little guidance in learning.
The basic thing is to secure a grid that matches the security gaps.
The tutorial today simply exemplifies how you can change these rules.
First, check with these commands for the status of selinux:
#getenforce
#sestatus
#sestatus -b
#cat /etc/selinux/config
#ls -lZ /usr/bin/firefox
#chcon -v -t user_home_t /user/bin/firefox
This will change the selinux target type to user_home_t . That will allow firefox to run with this label (like that users) are allowed to read/write and manage. This is the default label for all content in a users home directory. This last command try to prevent confined applications from being able to read and write this content just from users home.

Thursday, December 7, 2017

Fedora 27 : Testing Swift with Fedora linux .

I tested today a simple instalation of this package: dnf install swift.
This install come with all additional packets required for running .
This is an application ...
First, I thought in the first phase that they implemented a programming language from Apple .
Take a look at this screenshot:

Saturday, December 2, 2017

Fedora 27 : Test install with dotnet from microsoft.

Today I test how to install dotnet from Microsoft team development with Fedora 27.
The Microsoft team come with RedHat packages version - 7.3 and is an old type of packages.
They show us this old way how to deal with this issue , see this link.
I used this command lines into sudo user:
#rpm --import https://packages.microsoft.com/keys/microsoft.asc
#sh -c 'echo -e "[packages-microsoft-com-prod]\nname=packages-microsoft-com-prod 
\nbaseurl=https://packages.microsoft.com/yumrepos/microsoft-rhel7.3-prod\nenabled=1
\ngpgcheck=1\ngpgkey=https://packages.microsoft.com/keys/microsoft.asc" > 
/etc/yum.repos.d/dotnetdev.repo'
#dnf update
#dnf install libunwind libicu compat-openssl10
#dnf install dotnet-sdk-2.0.2
#dotnet new console -o myApp
#cd myApp
#dotnet run
As you can see the dotnet working well with Fedora 27.
I would have preferred a classic dnf installation for reasons of later incompatibility.
This fact only indicates a tangential interest and a clear reason in microsoft capabilities to cover dotnet's area of interest versus linux distributions.

Saturday, November 25, 2017

Fedora 27 : Nettacker tool .

This tool for internet of things is a network of physical objects such as household devices.
This goal let Nettacker tool to automated for information gathering, vulnerability scanning and eventually generating report for networks, including services, bugs, vulnerabilities, misconfigurations and information. Is able to use SYN, ACK, TCP, ICMP and many other protocols to detect and bypass the Firewalls/IDS/IPS and devices.
The project is at the moment in research and development phase and most of results/codes are not published yet.
  • is a IoT Scanner - Internet of Things Scanner;
  • Python Multi Thread and Multi Process Network Information Gathering Vulnerability Scanner;
  • Service and Device Detection ( SCADA, Restricted Areas, Routers, HTTP Servers, Logins and Authentications, None-Indexed HTTP, Paradox System, Cameras, Firewalls, UTM, WebMails, VPN, RDP, SSH, FTP, TELNET Services, Proxy Servers and Many Devices like Juniper, Cisco, Switches and more);
  • Network Service Analysis;
  • Services Vulnerability Testing;
  • Services Brute Force Testing;
  • HTTP/HTTPS Crawling, Fuzzing, Information Gathering and more;
  • Python and Nmap Module Version [ .nse  Lua language ];
  • HTML and text outputs;
How to install into fedora 27.
git clone https://github.com/Nettacker/Nettacker.git
cd Nettacker
pip install -r requirements.txt
python nettacker.py -h
If you run it you will see the help of this tool:

Let's test it:
python nettacker.py --graph d3_tree_v1_graph' -i 127.0.0.1 -m all
The result of this is show in the next image:

Wednesday, November 22, 2017

Fedora 27 : the Docker platform .

The Docker team company tell us:

Docker is the company driving the container movement and the only container platform provider to address every application across the hybrid cloud. Today’s businesses are under pressure to digitally transform but are constrained by existing applications and infrastructure while rationalizing an increasingly diverse portfolio of clouds, datacenters and application architectures. Docker enables true independence between applications and infrastructure and developers and IT ops to unlock their potential and creates a model for better collaboration and innovation.

The Docker platform come many features, so let's see them:
  • use containers; 
  • containers are lightweight;
  • containers are standalone packages;
  • each containers contain everything needed to run an application (code, libraries, runtime, system settings, and dependencies);
  • the biggest difference between a container and a virtual machine: containers is not a full-blown operating system platform;
  • applications are isolated in containers;
  • docker come with: Pricing Plans;
Let's start with the installation and testing of the docker (you need a sudo account):
#sudo dnf install docker
#newgrp docker
#sudo groupadd docker && sudo gpasswd -a ${USER} docker && sudo systemctl restart docker
#sudo usermod -a -G docker $USER
#sudo systemctl start docker
#sudo systemctl enable docker
#sudo systemctl stop docker
#sudo systemctl restart docker

This commands will install docker with dnf tool and will add your user to group docker.
The command with systemctl is used to test the docker services.
You can test the docker by searching and start applications:
#sudo docker search hello-world
#sudo docker run hello-world

The result of the run hello-world is this:

Tuesday, November 21, 2017

Fedora 27 : load81 simple lua game engine .

Today I tested something simple with Fedora 27 and scheduling in.
This is a SDL based Lua programming environment for children called load81.

The author teel us:

The name Load81 originates from the fact that in popular Commodore home computers the command LOAD "*",8,1 would load the first program on the disk starting from the file-specified memory location.

Load81 is written in ANSI C and uses SDL and SDL_gfx and SDL_image libraries.
I installed all these libraries and everything worked very well.
Once taken from github with clones I tested the examples in the examples folder and worked well from the first time.
The examples folder come with simple examples and some simple games.
Create your lua script and use this command to run it:
./load81 example.lua
All running scripts require a graphical display account.
They worked very well on my normal account and I got a run-time error on my root account.
From examples, I took the triangles.lua script to illustrate how this game engine looks and works.

function setup()
    background(0,0,0);
end

function draw()
    fill(math.random(255),math.random(255),math.random(255),math.random())
    triangle(math.random(WIDTH),math.random(HEIGHT),
             math.random(WIDTH),math.random(HEIGHT),
             math.random(WIDTH),math.random(HEIGHT))
end

This is screenshot of triangles.lua script:

Monday, November 20, 2017

Fedora 27 : lua programming with torch and love 2d.

The Lua programming language is a good programming tool to start and test your programming skills.
Lately, the capabilities of computers and computer networks have increased exponentially.
The programming language allows the user simple programming possibilities with essential advantages.
I will illustrate some programs and frameworks that may be of special interest to you:
  • Wireshark has an embedded Lua interpreter and you can be used to write dissectors (to decode packet data), post-dissectors and taps;
  • Torch is a scientific computing framework with wide support for machine learning algorithms;
  • Love 2D is a framework for making 2D games for windows, linux and android;
Today I start with install lua , torch and love 2D.
This work very well. If you use root accont then love command will work only with display SDL. This means you have to use a normal user, not a root user.
I used dnf install tool for lua and love 2d and github for torch.
The result can be seen in the following screenshots:

Thursday, November 16, 2017

News: About the new Fedora 27 .

Today I tried to make a simple installation of Fedora 26 which I did without problems.
After that, the software update come with the option to upgrade all of your Fedora system software to the new Fedora 27.
The work of the Fedora team is appreciated for the work being done to create this new version.
For those who have been following the evolution of the design team over the course of Fedora's development, they will see evolution and quality in the new Fedora design.
Most software used by me was implemented without errors and everything seems to work very well.
Here are some screenshots made during the installation process: