Hello,

In this week’s feature highlight, we look at How to Install Linux kernel 6.0 on Ubuntu 22.10

Kernel is central component of an operating system that manages operations of computer and hardware. It basically manages operations of memory and CPU time. It is core component of an operating system. Kernel acts as a bridge between applications and data processing performed at hardware level using inter-process communication and system calls.

Step 1 – Update your system

First, Update the system packages to the latest versions using the below apt commands,

 apt update
 apt upgrade

Install some of the packages required for the Kernel upgrade,

 apt install gcc make perl wget

Step 2 – Installing Linux Kernel 6.0

By default on Ubuntu 22.10, The kernel version it ships with is version 5.19

Linux Kernel 6.0 is not available on Ubuntu 22.10 base repository. So we will manually download the required Linux Kernel packages from the official site and install.

You can check their official site for a list of available kernel versions that can be installed, kernel.ubuntu.com.

At the time of writing this article, version 6.0.9 was the only latest kernel we could install with.

If you find any newer versions that can be installed, please go ahead with it.

Some points to note, for selecting a different version of kernel.
Open the site kernel.ubuntu.com and scroll to the bottom of the page.
Find a version whose builds are successful, under that, navigate to “amd64” folder.
You will find the required four files to download on the ubuntu system, Linux Headers, Linux Image and Linux Modules.
A successful build looks like below:

Test amd64/build succeeded (rc=0, on=amd64, time=0:12:37, log=amd64/log)
amd64/linux-headers-6.0.9-060009-generic_6.0.9-060009.202211161102_amd64.deb
amd64/linux-headers-6.0.9-060009_6.0.9-060009.202211161102_all.deb
amd64/linux-image-unsigned-6.0.9-060009-generic_6.0.9-060009.202211161102_amd64.deb
amd64/linux-modules-6.0.9-060009-generic_6.0.9-060009.202211161102_amd64.deb

For upgrading to the latest kernel on Ubuntu, follow the given instructions:

wget https//:kernel.ubuntu.com/~kernel-ppa/mainline/v6.0.9/amd64/linux-headers-6.0.9-060009_6.0.9060009.202211161102_all.deb

wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v6.0.9/amd64/linux-headers-6.0.9-060009-generic-6.0.9060009.202211161102_amd64.deb

wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v6.0.9/amd64/linux-image-unsigned-6.0.9-060009-generic_6.0.9060009.202211161102_amd64.deb

wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v6.0.9/amd64/linux-modules-6.0.9-060009-generic_6.0.9060009.202211161102_amd64.deb

Now, install the downloaded files using the dpkg command as shown below,

Ensure that there are no other .deb files apart from the ones that were downloaded.
If there are any other .deb files, recommended to remove them before proceeding.

dpkg -i *.deb

After installing the Linux Kernel 6.0, reboot the system to run the new Kernel

reboot

Step 3 – Verify the Kernel version

To verify the kernel installed and running after the reboot, use the uname command as shown below,

uname -r

Output:

root@vps:~# uname -r
6.0.9-060009-generic

This concludes the topic of installing the latest version of Kernel on a Ubuntu System.

Hello,

In this week’s feature highlight, we look at How To Install and Configure Elasticsearch on Ubuntu 22.10

Elasticsearch is a platform for real-time, distributed data analysis. Because of its usability, potent features, and scalability, it is a well-liked option. Installing Elasticsearch, configuring it for your use case, securing your installation, and beginning to work with your Elasticsearch server.

First, check for any pending system upgrade

Let’s update software packages first. To perform updates, run the following command:

apt update
apt dist-upgrade

Install the APT HTTPS Transport package, with the following command,

apt install apt-transport-https

Install from APT Repository

Download and install the public signing key:

Wget -qo - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg

To Save the repository definition to

echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list

Install Elasticsearch on Ubuntu 22.10

apt install elasticsearch

During the installation, you will be provided with the elastic superuser password. Kindly note it down for future usage.

Update Firewall Settings

Allow port 9200 for Elasticsearch by running the following ufw command

ufw allow from <yourserver.ip.address> to any port 9200

Enable the firewall service:

ufw enable

Next, view firewall service status:

ufw status

Configuring Elasticsearch

Let us configure Elasticsearch, we will edit its main configuration file elasticsearch.yml, which contains the majority of its configuration options. This file is located in the directory /etc/elasticsearch.

Edit the Elasticsearch configuration file with your preferred text editor. We’ll use nano in this case:

nano /etc/elasticsearch/elasticsearch.yml

Note: Elasticsearch’s configuration file is in YAML format, which means that we need to maintain the indentation format. Be sure that you do not add any extra spaces as you edit this file.

Output:

# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: localhost
#

Because we specified localhost, Elasticsearch will listen on all interfaces and bound IPs. If you only want it to listen on one interface, use its IP address instead of localhost. Elasticsearch.yml should be saved and closed. If you’re using nano, you can do so by pressing CTRL+X, then Y, and finally ENTER.

These are the bare minimum settings you can use to get started with Elasticsearch. You can now launch Elasticsearch for the first time.

Systemctl will start the Elasticsearch service. Allow Elasticsearch a few moments to load. Otherwise, you may receive errors indicating that you are unable to

Start the Elasticsearchservice,

systemctl start elasticsearch

Enable the Elasticsearchservice,

systemctl enable elasticsearch

Verify that the Elasticsearch has been installed and running on the server by running the following command:

curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200

You will be prompted to enter the password for the elastic user. Use the password that was provided to you during the installation from earlier.

Output:

root@vps:~# curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200
Enter host password for user 'elastic':
{
  "name" : "vps.server.com",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "HZcPm0lAQMCcsx94chOPPA",
  "version" : {
    "number" : "8.5.1",
    "build_flavor" : "default",
    "build_type" : "deb",
    "build_hash" : "c1310c45fc534583afe2c1c03046491efba2bba2",
    "build_date" : "2022-11-09T21:02:20.169855900Z",
    "build_snapshot" : false,
    "lucene_version" : "9.4.1",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"
}
root@vps:~#

This concludes the Installation and Configure Elasticsearch on Ubuntu 22.10.

Hello,

In this week’s feature highlight, we look at How to Install Gogs Git on Ubuntu 22.10

This tutorial will walk you through the steps necessary to install the Gogs self-hosted Git service on an Ubuntu 22.10 server. The Gogs project, written in Go, aims to create a simple, stable, and extensible self-hosted Git service with a simple setup process.

Gogs performs admirably and is extremely light. It uses very little RAM and CPU power. 

Checkout the Gogs Project at https://gogs.io/ for more information.

Prerequisites

• Full SSH root access or a user with sudo privileges is required.
• Gogs supports the following databases.
  • SQLite3
  • PostgreSQL
  • MySQL
  • MariaDB

First, check for any pending system upgrade

Let’s update software packages first. To perform updates, run the following command:

apt update
apt upgrade

Install MariaDB Database Server

Use the below command to install MariaDB.

apt install mariadb-server mariadb-client

Check the status of MariaDB service.

root@crown~# systemctl status mariadb
● mariadb.service - MariaDB 10.6.9 database server
     Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; preset: enab>
     Active: active (running) since Sat 2022-11-19 17:44:57 UTC; 8s ago
       Docs: man:mariadbd(8)
             https://mariadb.com/kb/en/library/systemd/
    Process: 1808 ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var>
    Process: 1811 ExecStartPre=/bin/sh -c systemctl unset-environment _WSREP_ST>
    Process: 1818 ExecStartPre=/bin/sh -c [ ! -e /usr/bin/galera_recovery ] && >
    Process: 1876 ExecStartPost=/bin/sh -c systemctl unset-environment _WSREP_S>
    Process: 1878 ExecStartPost=/etc/mysql/debian-start (code=exited, status=0/>
   Main PID: 1862 (mariadbd)
     Status: "Taking your SQL requests now..."
      Tasks: 15 (limit: 2227)
     Memory: 61.6M
        CPU: 418ms
     CGroup: /system.slice/mariadb.service
             └─1862 /usr/sbin/mariadbd

Secure the MariaDB Installation with the below command,

mysql_secure_installation

Output:

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!

Login to MariaDB as root user,

mariadb -u root -p

Enable global variables as shown below,

SET GLOBAL innodb_file_per_table = ON;

Create a database called gogs which will be used for this project,

CREATE DATABASE IF NOT EXISTS gogs CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;

Create a user and grant all the privileges of the gogs database,

GRANT ALL PRIVILEGES ON gogs.* TO 'gogs'@'localhost' IDENTIFIED BY "StrongPassword";

Replace “StrongPassword” with an actual password that is long and strong.

FLUSH PRIVILEGES;
EXIT

Download and Install Gogs from GitHub

Use curl to download the Gogs file from their official github repository.

curl -s https://api.github.com/repos/gogs/gogs/releases/latest | grep browser_download_url | grep '\linux_amd64.tar.gz' | cut -d '"' -f 4 | wget -i -

Un-tar the downloaded Gogs file.

tar xvf gogs_*_linux_amd64.tar.gz

Create a new user called git,

adduser git

Create a dedicated logs directory for it’s user,

mkdir /var/log/gogs

Permit created directory access to the added user,

chown -R git:git /var/log/gogs/

Add the gogs systemd service file to the system directory at /etc/systemd/system/,

cp gogs/scripts/systemd/gogs.service /etc/systemd/system

Create a configuration file for Gogs,

nano /etc/systemd/system/gogs.service

If you want to make use of a different port to host Gogs, refer below.

You can use any other port you want to, this is to keep the site a bit safer.

Edit the ExecStart=/home/git/gogs web port, you can set a custom port such as 3001

ExecStart=/home/git/gogs/gogs web -port 3001

Move the Gogs binary file to /home/git,

mv gogs /home/git/

Change the permission of the site directory.

chown -R git:git /home/git/

To start the Gogs service.

systemctl daemon-reload
systemctl start gogs

Enable Gogs service to run on boot and check the Status,

systemctl enable gogs
systemctl status gogs

Output:

root@crown:~# systemctl status gogs
● gogs.service - Gogs
     Loaded: loaded (/etc/systemd/system/gogs.service; enabled; preset: enabled)
     Active: active (running) since Sat 2022-11-19 17:51:21 UTC; 10s ago
   Main PID: 3281 (gogs)
      Tasks: 6 (limit: 2227)
     Memory: 34.5M
        CPU: 271ms
     CGroup: /system.slice/gogs.service
             └─3281 /home/git/gogs/gogs web -port 3001

Configure Gogs

Navigate to your browser and load the server’s IP address or the domain name with 3001 port.

http://server-ip-address:3001 and you will see the Gogs installation screen.

In Database Settings we’ll first enter the Database information that was created earlier.

Next, In Application General Settings

• Application Name – enter the Project name of your choice.
• Run User – will be the new user that was added earlier, git.
• Domain – enter the Domain name that should be associated with the application. If you do not have any domain, use localhost.
• Application URL – enter the IP address of the server or the Domain name with the port to be used. Do not use localhost in Application URL.
• Log Path – enter the directory path that was created earlier, /var/log/gogs.

In Optional Settings,

• Enable or Disable the required settings that goes with your application usage.
• Create an Admin Account which you will be using as first user with Admin privileges.

Now click on Install Gogs button to start the installation. Once the installation is complete, you will be redirected to login screen.

Login with the Admin user that was just created in the last step.

This concludes the Installation and Gogs on Ubuntu 22.10

Hello,

In this week’s feature highlight, we look at How To Protect SSH With Fail2Ban on Ubuntu 22.10

Fail2Ban is an intrusion prevention framework written in the Python programming language. It works by reading SSH, ProFTP, Apache logs, etc. And uses iptables profiles to block brute-force attempts.

Installing the Fail2Ban package

Check for system updates and install them.

apt update -y

apt upgrade -y

Command to install the Fail2Ban

apt install fail2ban -y

To enable fail2ban, run the following command.

systemctl enable fail2ban

To check the status of the service, run the following command.

systemctl status fail2ban

Output:

root@crown:~# systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
     Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor pres>
     Active: active (running) since Thu 2022-10-19 13:37:13 UTC; 14s ago
       Docs: man:fail2ban(1)
   Main PID: 2557 (fail2ban-server)
      Tasks: 5 (limit: 1034)
     Memory: 13.2M
        CPU: 442ms
     CGroup: /system.slice/fail2ban.service
             └─2557 /usr/bin/python3 /usr/bin/fail2ban-server -xf start

Configuring Fail2Ban

Jail.conf contains a section in which Configuration settings can be done for the fail2ban, we are not going to edit this file because package upgrades can overwrite this file.

Jail.local contains the same sections where “jail.conf” file contains and it can override these values.

Command to create a jail.local configuration file by copying the default jail.conf file.

cp /etc/fail2ban/jail.{conf,local}

Open the file to configure.

nano /etc/fail2ban/jail.local

Whitelisting IP addresses

Find the following line in the config file /etc/fail2ban/jail.local and uncomment it to whitelist the IP address.

#ignoreip = 127.0.0.1/8 ::1 

Once you uncomment it, add your IP address at the last of the command For ex.

ignoreip = 192.168.0.100 192.168.1.0/24

Multiple IP addresses can be whitelisted with the above configuration, they have to be separated with a single white space. You can also white list an IP block as shown above.

Ban settings

3 main options in these settings,

• bantime: is the number of sec/hours/day that an IP address is banned.
• findtime: is the window that fail2ban will pay attention to when looking for repeated failed authentication attempts.
• maxretry: is the maximum try which will be given before blocking.

Find these lines in the config file /etc/fail2ban/jail.local and change them as you required.

Default values of the option are,

bantime  = 10m

findtime  = 10m

maxretry = 5

Note: If you want to block an IP address permanently use a negative value in the bantime option.

Get e-mail notifications

Note: To receive email alerts, you need to have an SMTP installed on your server.

To receive email alerts with relevant logs, find the following line in the config file /etc/fail2ban/jail.local and make sure that the following line is present.

# ban & send an e-mail with whois report and relevant log lines
# to the destemail.
action_mwl = %(action_)s
             %(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"]

To configure sending and receiving email addresses.

Find the following line in the config file /etc/fail2ban/jail.local and update the details.

Example:

destemail = admin@xyz.com

sender = root@xyz.com

Fail2ban Client

To interact with the Fail2ban service there is a command-line tool called fail2ban-client.

To check its available options enter the following command.

fail2ban-client -h

Here is a few examples that can be performed by using this tool,

Check the jail status.

fail2ban-client status sshd

To unban an IP.

fail2ban-client set sshd unbanip "IP address here"

To Ban an IP.

fail2ban-client set sshd banip "IP address here"

Hello,

In this week’s feature highlight, we look at How to Install BBR on Ubuntu 22.10

BBR stands for Bottleneck Bandwidth and RTT is a congestion control system. You can enable TCP BBR on your Linux desktop to improve the overall web surfing experience. By default, Linux uses the Reno and CUBIC congestion control algorithm.

Run the following command to check available congestion control algorithms,

sysctl net.ipv4.tcp_available_congestion_control

Output:

root@crown:~# sysctl net.ipv4.tcp_available_congestion_control
net.ipv4.tcp_available_congestion_control = reno cubic bbr

Run the below command to check the current congestion control algorithm used in your system,

sysctl net.ipv4.tcp_congestion_control

Output:

root@crown:~# sysctl net.ipv4.tcp_congestion_control
net.ipv4.tcp_congestion_control = bbr

Enabling TCP BBR in Ubuntu

Open the following configuration file /etc/sysctl.conf to enable TCP BBR.

 nano /etc/sysctl.conf

At the end of the config file, add the following lines.

net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr

Save the file, and refresh your configuration by using this command,

sysctl -p

Output:

root@crown:~# sysctl -p
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr

Now, Verify if BBR is enabled in your system,

sysctl net.ipv4.tcp_congestion_control

Output:

root@crown:~# sysctl net.ipv4.tcp_congestion_control
net.ipv4.tcp_congestion_control = bbr

---