In this week’s feature highlight, we look at How to Install Linux kernel 6.0 on Ubuntu 22.10
Kernel is central component of an operating system that manages operations of computer and hardware. It basically manages operations of memory and CPU time. It is core component of an operating system. Kernel acts as a bridge between applications and data processing performed at hardware level using inter-process communication and system calls.
Step 1 – Update your system
First, Update the system packages to the latest versions using the below apt commands,
apt update
apt upgrade
Install some of the packages required for the Kernel upgrade,
apt install gcc make perl wget
Step 2 – Installing Linux Kernel 6.0
By default on Ubuntu 22.10, The kernel version it ships with is version 5.19
Linux Kernel 6.0 is not available on Ubuntu 22.10 base repository. So we will manually download the required Linux Kernel packages from the official site and install.
You can check their official site for a list of available kernel versions that can be installed, kernel.ubuntu.com.
At the time of writing this article, version 6.0.9 was the only latest kernel we could install with.
If you find any newer versions that can be installed, please go ahead with it.
Some points to note, for selecting a different version of kernel. Open the site kernel.ubuntu.com and scroll to the bottom of the page. Find a version whose builds are successful, under that, navigate to “amd64” folder. You will find the required four files to download on the ubuntu system, Linux Headers, Linux Image and Linux Modules. A successful build looks like below:
Now, install the downloaded files using the dpkg command as shown below,
Ensure that there are no other .deb files apart from the ones that were downloaded. If there are any other .deb files, recommended to remove them before proceeding.
dpkg -i *.deb
After installing the Linux Kernel 6.0, reboot the system to run the new Kernel
reboot
Step 3 – Verify the Kernel version
To verify the kernel installed and running after the reboot, use the uname command as shown below,
uname -r
Output:
root@vps:~# uname -r
6.0.9-060009-generic
This concludes the topic of installing the latest version of Kernel on a Ubuntu System.
Greetings, As part of our commitment to provide you with the latest and most ready-to-use service, we’ve updated the following templates for CentOS 7, CentOS 8-Stream, and CentOS 9-Stream.
This template update process ensures that any new VPS deployed will come along with the latest available packages so you don’t have to spend time running a large initial update.
As always, any existing VPS can be updated at any time by the user, you may follow our guide for the steps required to update your VPS, Click here.
If you require any assistance at any time, please feel free to contact our support team via the client area and we’ll help you out.
As part of our commitment to providing you with the latest and most ready-to-use service, we’ve updated our AlmaLinux Templates for AlmaLinux 8 and AlmaLinux 9.
This template update process ensures that any new VPS deployed will come along with the latest available packages so you don’t have to spend time running a large initial update.
As always, any existing VPS can be updated at any time by the user, you may follow our guide for the steps required to update your VPS, Click here.
If you require any assistance at any time, please feel free to contact our support team via the client area and we’ll help you out.
As part of our commitment to providing you with the latest and most ready-to-use service, we’ve updated the Rocky Linux Templates for Rocky Linux 8 and Rocky Linux 9.
This template update process ensures that any new VPS deployed will come along with the latest available packages so you don’t have to spend time running a large initial update.
As always, any existing VPS can be updated at any time by the user, you may follow our gfuide for the steps required to update your VPS, Click here.
If you require any assistance at any time, please feel free to contact our support team via the client area and we’ll help you out.
As part of our commitment to ensuring the latest operating system images are available for your usage, we have updated the ISOs for the following operating system images,
AlmaLinux 8/9
Rocky Linux 8/9
CentOS 7, 8-Stream, 9-Stream
Ubuntu 20.04, 21.04, 21.10, 22.04, 22.10
Archlinux x86_64
Debian 10/11 amd64
Fedora 36/37 x86_64
FreeBSD 12 amd64
gParted
GRML full
Netboot.xyz
SystemRescue CD
VirtIO Drivers
As always, any existing VPS can be updated at any time by the user, you may follow our guide for the steps required to update your VPS, Click here.
If you require any assistance at any time, please feel free to contact our support team via the client area and we’ll help you out.
In this week’s feature highlight, we look at How To Install and Configure Elasticsearch on Ubuntu 22.10
Elasticsearch is a platform for real-time, distributed data analysis. Because of its usability, potent features, and scalability, it is a well-liked option. Installing Elasticsearch, configuring it for your use case, securing your installation, and beginning to work with your Elasticsearch server.
First, check for any pending system upgrade
Let’s update software packages first. To perform updates, run the following command:
apt update
apt dist-upgrade
Install the APT HTTPS Transport package, with the following command,
echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list
Install Elasticsearch on Ubuntu 22.10
apt install elasticsearch
During the installation, you will be provided with the elastic superuser password. Kindly note it down for future usage.
Update Firewall Settings
Allow port 9200 for Elasticsearch by running the following ufw command
ufw allow from <yourserver.ip.address> to any port 9200
Enable the firewall service:
ufw enable
Next, view firewall service status:
ufw status
Configuring Elasticsearch
Let us configure Elasticsearch, we will edit its main configuration file elasticsearch.yml, which contains the majority of its configuration options. This file is located in the directory /etc/elasticsearch.
Edit the Elasticsearch configuration file with your preferred text editor. We’ll use nano in this case:
nano /etc/elasticsearch/elasticsearch.yml
Note: Elasticsearch’s configuration file is in YAML format, which means that we need to maintain the indentation format. Be sure that you do not add any extra spaces as you edit this file.
Output:
# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: localhost
#
Because we specified localhost, Elasticsearch will listen on all interfaces and bound IPs. If you only want it to listen on one interface, use its IP address instead of localhost. Elasticsearch.yml should be saved and closed. If you’re using nano, you can do so by pressing CTRL+X, then Y, and finally ENTER.
These are the bare minimum settings you can use to get started with Elasticsearch. You can now launch Elasticsearch for the first time.
Systemctl will start the Elasticsearch service. Allow Elasticsearch a few moments to load. Otherwise, you may receive errors indicating that you are unable to
Start the Elasticsearchservice,
systemctl start elasticsearch
Enable the Elasticsearchservice,
systemctl enable elasticsearch
Verify that the Elasticsearch has been installed and running on the server by running the following command:
In this week’s feature highlight, we look at How to Install Gogs Git on Ubuntu 22.10
This tutorial will walk you through the steps necessary to install the Gogs self-hosted Git service on an Ubuntu 22.10 server. The Gogs project, written in Go, aims to create a simple, stable, and extensible self-hosted Git service with a simple setup process.
Gogs performs admirably and is extremely light. It uses very little RAM and CPU power.
Checkout the Gogs Project at https://gogs.io/ for more information.
Prerequisites
Full SSH root access or a user with sudo privileges is required.
Gogs supports the following databases.
SQLite3
PostgreSQL
MySQL
MariaDB
First, check for any pending system upgrade
Let’s update software packages first. To perform updates, run the following command:
Secure the MariaDB Installation with the below command,
mysql_secure_installation
Output:
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
Login to MariaDB as root user,
mariadb -u root -p
Enable global variables as shown below,
SET GLOBAL innodb_file_per_table = ON;
Create a database called gogs which will be used for this project,
CREATE DATABASE IF NOT EXISTS gogs CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
Create a user and grant all the privileges of the gogs database,
GRANT ALL PRIVILEGES ON gogs.* TO 'gogs'@'localhost' IDENTIFIED BY "StrongPassword";
Replace “StrongPassword” with an actual password that is long and strong.
FLUSH PRIVILEGES;
EXIT
Download and Install Gogs from GitHub
Use curl to download the Gogs file from their official github repository.
Drupal is a Content Management System (CMS) to maintain and publish an internet website. It’s an open-source content management system (CMS) with a large, supportive community. It’s used by millions of people and organizations around the globe to build and maintain their websites.
Update the System
Let us update the system packages to the latest by running the below commands,
apt update -y
apt upgrade -y
Install MariaDB Server
Next is to install MariaDB or MySQL. I will be using MariaDB for this process. So let’s install MariaDB with the following command.
apt install -y mariadb-server mariadb-client
Secure your database server by setting a root password, disabling root remote logins, and removing test databases.
mysql_secure_installation
Output:
root@crown:~# sudo mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
To log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
You already have a root password set, so you can safely answer 'n'.
Change the root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] Y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] Y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
Check that you can log in to the database as a root user with a password set.
mysql -u root -p
Now that we are able to log in as regular users, we can now create a Drupal database that Drupal can use once we installed it into our system. To create one using the following command.
Create Database for Drupal
Create a database for Drupal and grant all privileges to the Drupal user.
mysql -u root -p
CREATE DATABASE drupal;
CREATE USER 'drupal_user'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON drupal.* to drupal_user@'localhost';
FLUSH PRIVILEGES;
\q
Replace “password” with a real and strong password.
Output:
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 41
Server version: 10.6.9-MariaDB-1 Ubuntu 22.10
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE drupal;
Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> CREATE USER 'drupal_user'@'localhost' IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.003 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON drupal.* to drupal_user@'localhost';
Query OK, 0 rows affected (0.002 sec)
MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> \q
Bye
Install PHP
By default, Ubuntu 22.10 comes with PHP version 8.1. We will install PHP and other necessary modules required to run Drupal.
root@crown:~# apt install php php-{cli,fpm,json,common,mysql,zip,gd,intl,mbstring,curl,xml,pear,tidy,soap,bcmath,xmlrpc}
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
php is already the newest version (2:8.1+92ubuntu1).
php-cli is already the newest version (2:8.1+92ubuntu1).
php-json is already the newest version (2:8.1+92ubuntu1).
php-common is already the newest version (2:92ubuntu1).
php-mysql is already the newest version (2:8.1+92ubuntu1).
php-zip is already the newest version (2:8.1+92ubuntu1).
php-gd is already the newest version (2:8.1+92ubuntu1).
php-mbstring is already the newest version (2:8.1+92ubuntu1).
php-curl is already the newest version (2:8.1+92ubuntu1).
Install Apache Web Server
As for the Web Server, we will use Apache as it is easy to configure and use.
To install, run the below commands
apt install apache2 libapache2-mod-php
Output:
root@crown:~# apt install apache2 libapache2-mod-php
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
apache2 is already the newest version (2.4.54-2ubuntu1).
libapache2-mod-php is already the newest version (2:8.1+92ubuntu1).
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
Update PHP Timezone and Memory Limit.
Enter the TimeZone you want Drupal to use as default.
nano /etc/php/*/apache2/php.ini
memory_limit = 256
date.timezone = UTC
Download the Latest Version of Drupal and extract it on Ubuntu 22.10.
wget https://www.drupal.org/download-latest/tar.gz -O drupal.tar.gz
tar xvf drupal.tar.gz
mv drupal-*/ /var/www/html/drupal
Update ownership for a drupal directory to Apache user and group.
In this week’s feature highlight, we look at How To Protect SSH With Fail2Ban on Ubuntu 22.10
Fail2Ban is an intrusion prevention framework written in the Python programming language. It works by reading SSH, ProFTP, Apache logs, etc. And uses iptables profiles to block brute-force attempts.
Installing the Fail2Ban package
Check for system updates and install them.
apt update -y
apt upgrade -y
Command to install the Fail2Ban
apt install fail2ban -y
To enable fail2ban, run the following command.
systemctl enable fail2ban
To check the status of the service, run the following command.
systemctl status fail2ban
Output:
root@crown:~# systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor pres>
Active: active (running) since Thu 2022-10-19 13:37:13 UTC; 14s ago
Docs: man:fail2ban(1)
Main PID: 2557 (fail2ban-server)
Tasks: 5 (limit: 1034)
Memory: 13.2M
CPU: 442ms
CGroup: /system.slice/fail2ban.service
└─2557 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
Configuring Fail2Ban
Jail.conf contains a section in which Configuration settings can be done for the fail2ban, we are not going to edit this file because package upgrades can overwrite this file.
Jail.local contains the same sections where “jail.conf” file contains and it can override these values.
Command to create a jail.local configuration file by copying the default jail.conf file.
cp /etc/fail2ban/jail.{conf,local}
Open the file to configure.
nano /etc/fail2ban/jail.local
Whitelisting IP addresses
Find the following line in the config file /etc/fail2ban/jail.local and uncomment it to whitelist the IP address.
#ignoreip = 127.0.0.1/8 ::1
Once you uncomment it, add your IP address at the last of the command For ex.
ignoreip = 192.168.0.100 192.168.1.0/24
Multiple IP addresses can be whitelisted with the above configuration, they have to be separated with a single white space. You can also white list an IP block as shown above.
Ban settings
3 main options in these settings,
bantime: is the number of sec/hours/day that an IP address is banned.
findtime: is the window that fail2ban will pay attention to when looking for repeated failed authentication attempts.
maxretry: is the maximum try which will be given before blocking.
Find these lines in the config file /etc/fail2ban/jail.local and change them as you required.
Default values of the option are,
bantime = 10m
findtime = 10m
maxretry = 5
Note: If you want to block an IP address permanently use a negative value in the bantime option.
Get e-mail notifications
Note: To receive email alerts, you need to have an SMTP installed on your server.
To receive email alerts with relevant logs, find the following line in the config file /etc/fail2ban/jail.local and make sure that the following line is present.
# ban & send an e-mail with whois report and relevant log lines
# to the destemail.
action_mwl = %(action_)s
%(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"]
To configure sending and receiving email addresses.
Find the following line in the config file /etc/fail2ban/jail.local and update the details.
Example:
destemail = admin@xyz.com
sender = root@xyz.com
Fail2ban Client
To interact with the Fail2ban service there is a command-line tool called fail2ban-client.
To check its available options enter the following command.
fail2ban-client -h
Here is a few examples that can be performed by using this tool,
Check the jail status.
fail2ban-client status sshd
To unban an IP.
fail2ban-client set sshd unbanip "IP address here"
In this week’s feature highlight, we look at How to Install BBR on Ubuntu 22.10
BBR stands for Bottleneck Bandwidth and RTT is a congestion control system. You can enable TCP BBR on your Linux desktop to improve the overall web surfing experience. By default, Linux uses the Reno and CUBIC congestion control algorithm.
Run the following command to check available congestion control algorithms,