Difference Between Ubuntu and Kali Linux

Ubuntu is a Linux based Operating System and belongs to the Debian family of Linux. As it is Linux based, so it is freely available for use and is open source. It was developed by a team “Canonical” lead by Mark Shuttleworth. The term “ubuntu” is derived from an African word meaning ‘humanity to others’. The Chinese version of Ubuntu is used for running the world’s fastest supercomputer. Google’s self-driving car uses the stripped version of ubuntu.

Difference between Ubuntu and Kali Linux

Ubuntu	Kali Linux
Developed by canonical.	Developed by Offensive Security.
Ubuntu was initially released on 20 October 2004.	Kali was initially released on 13 March 2013.
Ubuntu is used for daily use or on server.	Kali is used by security researchers or ethical hackers for security purposes
Latest version(2020.04) of ubuntu uses Gnome-terminal by default.	Latest version(2020.2) of kali uses qterminal by default.
Latest Ubuntu consists of the Gnome environment by default, though it allows you to change the same.	Latest Kali consists of the xfce environment by default, though it allows you to change the same.
Ubuntu doesn’t comes packed with hacking and penetration testing tools.	Kali comes packed with hacking and penetration testing tools.
Comes with a user friendly Interface	Comes with a less user friendly Interface as compared to ubuntu.
Ubuntu is a good option for beginners to Linux.	Kali Linux is a good option for those who are intermediate in Linux.
Latest Ubuntu live has the default username as root.	Latest Kali Linux has a default username as kali.
Latest Ubuntu live has the default password as (blank).	Latest Kali Linux has a default password as kali.

Source: geeksforgeeks.org

Continue reading

LPIC-3 Mixed Environments 3.0 Introduction #03: 303 Samba Share Configuration

This blog posting is the third in a series that will help you to prepare for the new version 3.0 of the LPIC-3 Mixed Environments exam. In the previous posts we set up a virtual lab, installed Samba, and set up an Active Directory domain. The lab also contains a file server as a domain member. This week’s posting is all about the file server’s share configuration.

Samba File Share Configuration

To get started, let’s review how shares are declared. Usually, each share is a dedicated section in the smb.conf file. The name of the share is the section name surrounded by square brackets. Within each file share, the path option specifies what part of the server’s file system is accessible through the share.

Let’s first of all determine who can connect to the share at all. The smb.conf options valid users and invalid users are the initial doorman deciding who can connect. Try to configure a share to allow or reject connections from specific users and test that the users are connected or rejected as expected. Remember the notation of users mapped from your domain as well as the ability to specify groups in these options.

File Access and Permissions

Once a user is connected, access to the individual files requires further permissions. These permissions are managed in multiple layers. First of all, Samba uses the read list and write list options in smb.conf to determine which users have which kind of access in general. Once a user passes this hurdle, the access to a specific file is subject to file system permissions. The simplest form of these permissions are the classic file ownership and permissions, as managed by chown and chmod.

When accessing a share, Samba uses the identity of the user connected to the share to perform operations on the Linux file system. Thanks to ID mapping on the file server, each domain user has an equivalent in the Linux file server’s user database.

When multiple users access the same share, they might end up creating files they can not mutually access, due to the files’ different owners and permissions assigned to the owning user and group only. An easy way to force a standard owner and permissions is to use the smb.conf options create mask / create mode, directory mask / directory mode, force create mode, force directory mode, force user, and force group / group, which manage the ownership and permissions of files stored in a share independent from the connecting user. If you would like to practice, create a file share for your accounting department and grant several users access to it. Now configure the share to enforce that all files belong to the same group (maybe create an accounting group in your AD and add the users) and that all files are writable by the group.

Access Control Lists

More complex than classic Unix permissions, Access Control Lists (ACLs) allow you to set individual permissions for specific users and groups. Linux uses Extended POSIX ACLs, which are managed by getfacl and setfacl. Adopt the previous example by creating another share that uses ACLs to grant access to all group members, without Samba enforcing any specific ownership and permissions. Review the smb.conf option inherit acls and enable it if necessary. The Samba wiki contains more information about POSIX ACLs on file shares.

It is perfectly fine to use POSIX ACLs on the Linux side to manage access to files on a Samba share. However, POSIX ACLs are different from Windows ACLs. To use Windows ACLs, Samba needs to store additional ACL information besides the POSIX ACLs. The VFS module acl_xattr uses extended file system attributes for this information. setfacl does not update the respective Windows ACLs, which is why ACLs on a share using Windows ACLs should always be set through Samba, by using either a Windows client or the samba-tool ntacl command. The smbcacls command is another tool that manages ACLs on SMB shares. Again, the Samba wiki has some great information about Windows ACLs on SMB shares.

Make Shares Appear Nicely

Once permissions are set, situations may occur where users see files they cannot access. The smb.conf options hide unreadable and hide unwritable files are used to hide these files from the user. Similarly, the options hide dot files and hide special files ensure that users are not bothered by other irrelevant files. Some file managers tend to create hidden files, such as indexes or file thumbnails. Uploading these files to a file share is usually undesirable, so the options veto files and delete veto files can reject or delete such files.

In a real world scenario, multiple file servers likely exist to satisfy all storage requirements. In this case, users need to know which shares are located on which servers. In addition, when shares are reorganized between servers, client configurations need to be changed. The Distributed File System (DFS) allows a server to offer shares that are actually just redirects to the actual share, potentially on another server. This allows users to always access their data using the same path via the DFS share, even if the data is reorganized. Again, the Samba wiki has more information about DFS on Samba.

Printer Shares and Print Drivers

In addition to files, Samba can also provide printable shares. The pattern is the same as for files: for each printer, a share with the printer’s name exists. Samba, however, needs a print server to handle the actual printing. Nowadays, CUPS is the de facto standard for printing on Linux. Samba can query CUPS to determine which printers are available and automatically offer the printers as individual shares. However, it is also possible to manually configure printer shares. The Samba wiki provides an example for configuring a PDF printer share.

In most cases, the printer clients prepare the print jobs so that they are ready to be forwarded to the printer without additional processing. This is called “raw printing”, because the print server passes the print jobs on as they are. In order to prepare the print jobs, the client needs the drivers of the specific printer. These drivers can be distributed by Samba. The Samba wiki has a guide to setting up this configuration.

A security issue called Printnightmare recently used Microsoft’s driver distribution mechanisms to allow users to escalate their privileges. You can read about how this issue was discovered but not yet fixed. But keep in mind that the current exam was developed before the issue was discovered. Therefore, for now, assume that there are no restrictions in place to mitigate Printnightmare.

Moving On

This post concludes the part of this series about Samba server configuration. As usual, the exam objectives include some additional options and commands in addition to those covered in here. Take some time to review the exam objectives and make sure you’ve tried everything mentioned there. The result will be a fully configured Active Directory domain along with a file server.

Next week we will focus on the client side and learn how we can access our shares from Linux and Windows, how to authenticate against an Active Directory domain, and how to use Active Directory to manage Windows systems.

Read More: LPIC-3 Mixed Environments 3.0 Introduction #02: 302 Samba and Active Directory Domains

Source: lpi.org

Continue reading

The People behind the Learning Portal: Dr. Markus Wirtz - Manager Learning Materials

Linux Professional Institute (LPI) launched the Learning Portal in June 2019. The Learning Portal is the repository of all the Learning Materials for our exams. The whole project is managed by Dr. Markus Wirtz, Manager Learning Materials at LPI. We designed it as an international endeavour - learning is easier in your mother tongue! - hence we needed a team of authors, editors, and translators to design, write, and localize the body of lessons.

This series of interviews is a journey toward knowing better the People behind the Portal: the Linux and Open Source enthusiastic professionals who are making the Learning Portal possible.

By reading this series of interviews, you will know more about Contributors’ work, the peculiarities of translating IT educational material, and the challenges Contributors have to face restoring what could be lost in translation. And about why working on the Learning Portal is quite cool and nerdy. 

This is the interview with Markus Wirtz. Learn more about the Learning Portal and him here!

Was the idea of doing translations planned from the start, when you decided to write Learning Materials? Is the same team translating both Learning Materials and exams? How do they work together?

With our Learning Materials at learning.lpi.org, we want to make preparing for the LPI exams as easy as possible. In addition to the clear didactic concept that works both in class and in self-study, this also includes avoiding language barriers – and here translations into as many languages as possible is crucial. Thus, we published the first Learning Materials for “Linux Essentials” 2019 in English and German at the same time. There are now 9 languages, and counting. So, yes, translations have been an important part of the concept from the beginning.

In terms of translating Learning Materials and exams in fact there are very different requirements and processes behind it. The development as well as the translation of the pool of exam questions is by far the most important task in the area of product development. What is created here must meet the high standards for which LPI certifications have stood worldwide for two decades. Evaluation, standardization, but also confidentiality, for example, are aspects that must be taken into account here at every step of the process. The translation of Learning Materials, on the other hand, is much less critical: here, an error can be corrected in a matter of minutes – this is not so easy with exam questions, which are delivered worldwide and are crucial for candidates and their exam results.

Nevertheless both areas are of course closely related and therefore both belong to LPI’s product development. To give a concrete example, technical terms should always be translated in the same way within a language - both in the exam questions and in the Learning Materials. Attentive translators, but also appropriate software (keyword: translation memory) support us in this.

Are regional staff (Europe, East Asia, etc.) coordinating the translations, recruiting people, etc.?

LPI is a worldwide network of experts – this applies to the small team of employees, the numerous partners, for example in the training sector, as well as the many volunteers. Of course, the translation projects also benefit from this, in that someone always knows someone who is qualified for a specific task. This is wonderful! But the actual coordination and organization of all Learning Materials is actually done in the Product Development department. An author once described our task quite aptly as "herding cats": From the search for translators to the necessary contracts and the familiarization with our firmly defined technical processes to the presentation of our supporters on learning.lpi.org, everything runs through us. With currently about 50 projects on which authors, reviewers and translators are working, there is quite a bit to do in terms of coordination and communication.

Do translators find errors in the English text that tech reviewers failed to find? This was often true when I worked at O'Reilly.

Yes, this happens, of course. Just like the numerous readers who use our Learning Materials, the translators also find mistakes from time to time. But this is hardly surprising, because translators are certainly the text workers who have to deal with every single word most carefully. Fortunately, these are rarely technical errors, but rather inaccuracies that can lead to misunderstandings.

Besides helping people learn skills and pass exams, have the translations helped LPI's reputation and provided less tangible benefits?

Since these benefits are not tangible, they are also hard to describe in concrete terms ;). But, yes, I am firmly convinced of that! The fact that we provide free Learning Materials as a non-profit organization underlines our real concern: “promote the use of open source by supporting the people who work with it”. That can only be a good thing. :) Furthermore, the Learning Materials enable a lot of new ways of collaboration: For our partners all over the world, translations into their respective languages are of course very welcome and often an incentive to support us.

The translation projects are also interesting for the many helpers from the community: not only to deal intensively with the content, but also as an opportunity to network even more closely with experts worldwide or to document their own commitment.

Source: lpi.org

Continue reading

What is Arch Linux?

Arch Linux is an independent Linux distribution that adheres to the principles of simplicity, modernity, pragmatism, user centrality, and versatility. It is a minimalist, lightweight, and bleeding edge distro targeting proficient GNU/Linux users over the idea of trying to be appealing to as many users as possible. Arch promotes the do-it-yourself (DIY) attitude among its users and thus provides you with the freedom to tweak your system according to your needs.

Advantages of Arch Linux:

Arch is bleeding-edge:

Arch Linux follows a rolling release model, this essentially means that you get all the new features and updates as soon as they roll out. There is no need for versions when updating and upgrading your system boils down to a simple command mentioned below.

pacman -Syu

Arch is what you want it to be:

Arch Linux offers absurd amounts of customizability to its users. A clean installation of Arch doesn’t even include a Desktop Environment or a Window Manager. The user builds their system from the ground up. This approach also makes Arch extremely lightweight because there is no preinstalled bloat on the system, you the user have full freedom of what you want and when you want it.

The Arch User Repository (AUR):

A unique feature that makes Arch stand out among other distros is the Arch User Repository (AUR). It is a community-driven repository for Arch users. It contains package descriptions (PKGBUILDs) that allow you to compile a package from source with makepkg and then install it via pacman. The AUR was created to organize and share new packages from the community and to help expedite popular packages’ inclusion into the community repository. AUR extends the software offerings of Arch’s official repository much further and beyond.

The Holy Arch Wiki:

Arch Linux is one of the, if not the most well documented Linux distros out there. The Arch wiki is the stuff of legends among the Linux enthusiasts. It is extremely well documented and massive. Its offerings extend beyond Arch Linux itself at times. If you run into some trouble with your system, the Arch Wiki probably has the solution already.

It is a bridge:

Package Manager (pacman), the package manager of Arch Linux is pretty unique in its own right. It is flexible enough to support the installation of binary packages from the Arch repository, as well as binaries compiled from source via makepkg. This makes Arch a bridge between the distros which allow the installation of binary packages via their package management systems and the distros which trade ease of users to allow their users to compile binaries from source with variable configurations. 

Improve your understanding of Linux:

You won’t know how rewarding it is to get a clean installation of an Arch system unless you experience it yourself. The installation process is pretty complex since most of the things you will be doing won’t be GUI-assisted and you will be using CLI commands. Although this kind of complexity might sound scary to new users, it still has its own perks. The installation teaches you a lot about how Linux actually works, which you won’t bother learning because modern-day GUI installers take care of that for you. You are introduced to concepts like display managers, chroot, configuring networks, and much more during the installation itself. 

Note: Arch Linux still has GUI installers for new Linux users who are not ready to do it the hard way but where is the fun?

Bonus:

If you are into cybersecurity, you must have heard of Black Arch. The Black Arch repository contains a massive list of security tools for penetration testers and security researchers. The downside of installing Black Arch for some users might be its massive size as it comes with all the tools which include the ones you are never going to use. The good news is you can integrate the Black Arch repository in your Arch system and fetch tools you need on-demand from the repository.

Other popular Linux distributions based on Arch:

◉ Manjaro Linux

◉ ArcoLinux

◉ EndeavourOS

◉ RebornOS

Disadvantages of Arch Linux:

It is an advanced distribution:

Although, you might find Arch to be a very likely contender for your next distro hop, let me remind you that it is not at all a newbie-friendly distro. It is not recommended that an absolute Linux newbie tries out Arch. With the amount of customizability Arch offers in question, it is highly likely that a new user might potentially break their system trying to configure it in a totally wrong way. If you really want to try out Arch and you are not confident with your Linux skills, it is a much better idea to try out the installation in a virtual machine and then make the jump on a real system once you are confident enough.

Source: geeksforgeeks.org

Continue reading

LPIC-3 Mixed Environments 3.0 Introduction #02: 302 Samba and Active Directory Domains

This blog posting is the second in a series that will help you to prepare for the new version 3.0 of the LPIC-3 Mixed Environments exam. Active Directory is one of the major topics on LPI’s LPIC-3 Mixed Environments exam. While preparing tof the exam, you should not just understand the concepts, but actually implement an Active Directory domain using Samba 4.

Understand and Plan an Active Directory Domain

First of all, focus on the architecture and the various components of Active Directory. This is not easy, since Active Directory integrates various services such as DNS, LDAP, Kerberos, and CIFS, along with a very specific layout of the contents served through these components. Microsoft offers a long, but comprehensive read on the Active Directory Architecture. Don’t worry about the age of that document: the principles are still the same and it is one of the few places where you can get all of the information about the topic in a single document.

After you have worked through the dry theory, it’s time to design your very own Active Directory. In a production environment, your first step will be to name the directory. The Samba wiki has some great advice on Active Directory Naming. For your studies, consider just going ahead with ad.example.com or something similar.

Setting up the Domain

Now that you have chosen a name for your domain, set up your first domain controller. We have already covered the setup of the virtual machine (VM) in last week’s post. Now is the time to log into your first domain controller and work through the guide for Setting up Samba as an Active Directory Domain Controller. Enable the RFC2307 schema and make sure you perform all the tests described in the guide. Remember that you’ve used the Samba packages of your Linux distribution, so you can most likely use systemctl to start the Samba services.

After your first domain controller passes all tests, log into the second domain controller VM and join it as a second domain controller. Remember to review the various types of SysVol replication and set up unidirectional rsync replication. Also make sure all your computers’ clocks are in sync.

Populating the Domain

Once you’ve confirmed that your directory replication works well, it is time for the first regular member. Boot up your Windows VM and join the machine to our domain. Once it is rebooted, use your domain’s administrator account to sign into the VM. 

Now you can populate the domain. Create a couple of user accounts, as well as security groups containing some of your new users. Try to create accounts for some of your colleagues and group them according to their departments, or create accounts for your family members and some groups for their favorite hobbies. Use both samba-tool user and samba-tool group on one of your domain controllers as well as Active Directory Users and Computers utility on your Windows machine. Confirm that your user accounts work correctly by using these accounts to sign into the Windows machine.

Make sure also to review what happened underneath the hood: Find your user accounts in your domain’s LDAP tree, then review the objects’ attributes and how they relate to groups. On the Windows side, ADSI Edit and LDP allow you to access these objects. Don’t forget to do some practice on the Linux command line using ldbsearch, too. Adding RFC2307 attributes to your users and groups is a great chance to do so. The Samba wiki holds instruction for both the graphical interface on the Windows client and the cool ldbmodify command-line technique.

Joining the File Server

The next big step is joining the file server to the domain. Again, the Samba wiki explains all the steps for setting up Samba as a Domain Member. As you work through this guide, remember to use the ad mapping backend. Take some time to really understand ID mapping in Samba, including the various backends.

Once the server is joined into the domain, create a simple write file share and place a file there using the Windows client. Check the ownership of the file and try adding more files using other domain users. Finally, configure PAM Authentication to allow domain users to log into your server and try to log into your file server using one of your domain users.

DNS and Beyond

Topic 302 contains some more aspects that are important. One of them is DNS management, which offers you a chance to revisit your LPIC-3 DNS skills. Create some DNS records in your Active Directory and use dig to confirm their existence. You should also take a closer look at FSMO roles and running a standalone Samba server with local user management.

We’ve covered a lot of material this week and worked through a lot of extensive resources. However, we’re not done yet. The exam objectives contain some options, tools, and aspects you must be aware of in your exam. Take your time to carefully review the exam objectives and research anything you’re not certain about. With the materials covered today, you have a fully functional lab environment that you can use for your own studies. Next week we are going to extend this setup even further by going into the details of the share configuration on our file server.

Source: lpi.org

Continue reading

Simone "Simo" Bertulli and Kenny Armstrong: A conversation among LPI Members

How LPI members benefit from a growing membership program

The young LPI Membership program was announced in late summer 2020. Lots of Members joined. What benefits do they get? In particular, what can they do to earn Professional Development Units (PDUs) and how do PDUs bolster certifications? Finally, what is LPI doing to continue strengthening the Membership program and enhancing its value?

Continue reading