Look Below

SECURE, SUCCINCT & SUSTAINABLE TECHNOLOGY SOLOUTIONS

ConsultED

ACTIONABLE INTELLIGENCE

INNOVATIVE SOLUTIONS

  • Cool 4 Code: I Really Don't Tek No (Mouthful of Diamonds)

    Cool 4 Code: I Really Don't Te...

    WORKING TO KEEP YOU WORKING

    Here's some techno for your teknow - playlists to keep you happy while coding and IT-building for a New World of Work.  Keep it Coding!

     

    COOL 4 CODE: I REALLY DON'T TEK NO [MOUTHFUL OF DIAMONDS]

    Would You Like Additional Information Related To This Topic? Then You May Also Find Helpful:

    12 Songs Inspired by Technology

    More ...
  • yumyum yellowdog update selinux

    Yumyum yellowdog update selinu

    Upgrades and Updates to Red Hat® Enterprise Linux®

    SECURITY-ENHANCED LINUX (SELinux)

    Firstly, let's just agree that there is likely going to be some disagreement here. Lots of technology topics will "top-off" people over the craziest things... this doesn't qualify as one of the bigger ones I can think of,

    # yum update selinux

    MANAGING SELINUX IN RHEL

    Security-Enhanced Linux (SELinux) is a project (initially developed by the NSA, fwiw) to implement mandatory access control (MAC) under Linux, executed in the kernel. A security context, or security "label", is the mechanism used by SELinux to classify resources (e.g., processes and files) on a SELinux-enabled system. This context allows SELinux to enforce rules for how and by whom a given resource should be accessed.

    On occassion, we may have need (I will leave out desire) to directly manage these security contextsRed Hat Global Support Services recommends disabling SELinux permanently only if you are certain you will never want to run SELinux in the future.  Per the Red Hat KB "How Do I Turn SELinux Off In Red Hat Enterprise Linux?,  "files created with SELinux disabled will not have the information necessary to function when SELinux is enabled; changing this requires a "relabel" of the filesystems, which can be a very time consuming operation." 

    That's good enough reasoning for me; if you start with SELinux enabled (as is by default in RHEL6), do not toggle it on and off again unecessarily! Our raison d'être here, however, is that there may be occassion where SELinux issues need to be looked into, and potentially addressed.  This a rather broad and fairly elusive topic, so this attempt is mainly in providing you with some SELinux Management Tools to get you started

    NOTE: It is highly advisable that you conduct your own study in this area as much as possible prior to making any changes in SELinux. Please reference the provided industry articles at the end of this post for a more complete reference of SELinux!

     

     What if we attempt to install or execute a program and receive a SELinux Unsupported error that looks like this?  If you want this addressed, you will need to manage SELinux!

    microblogs-cloud-yumyum yellowdog selinux error

    Let's take a look at how to Modify and Manage SELinux in a Real World Example:

    Ye Olde Terminal

    While attempting to install linux antivirus software, I ran into a "SELinux not supported" error that kept me from executing the installer.  To complete, we first have to temporarily disable SELinuxHow to do that, and why? Initially, I went about dealing with this via command-line by temporarily changing SELinux mode to "Permissive".  I will get into why you will want to do that a little bit later; for now we just want to make the appropriate changes so that I can finish the antivirus install.

    Run the following command to check if SELinux is running (returns Enforcing, Permissive or Disabled):

    # getenforce

    You can then effectively disable into Permissive mode by running:

    # setenforce 0

     When you have completed whatever tasks necessitated putting SELinux into "Permissive" in the first place, be certain to re-enable:

    # setenforce 1

     ∞ this blog post continues...

      SELinux Management Tools

    From just the initial foray into understanding what SELinux actually is and how best to use and manage, it was clear I would be spending time with SELinux and its policies often enough to need to be efficient and effective in those dealings.  My personal preference with all of this is to employ some handy tools already found in our available repos: selinux-config and system-config-selinux; these are part of the policycoreutils-gui package providing GUI utilities for managing the SELinux environment.  Install all of these through PackageKit:

     microblogs-cloud-yumyum yellowdog selinux configgui

    This also gives us access to the SELinux Management and SELinux Policy Generation Tools:

    microblogs-cloud-yumyum yellowdog selinux gui-installed

     Now we can use our SELinux Management GUI to change SELinux mode to Permissive via System »Administration »SELinux Management:

    microblogs-cloud-yumyum yellowdog selinux permissive

    SELinux is now temporarily disabled, while still logging access errors.  While in Permissive mode, I can complete the install my antivirus application.  We also now have available our SELinux Policy Generation Tool via Applications »System Tools »SELinux Policy Generation Tool:

    microblogs-cloud-yumyum yellowdog selinux policygeneration-tool

    ∞ this blog post continues... 

    In my case, I needed to make SELinux changes to install software, but it wasn't without some trepidation.  Fiddling with SELinux settings requires some dedication and persistence in understanding what SELinux is and does, and how best to manage it.   Unless you are already experienced and knowlegeable here, my recommendation is to make use of the security ehnancements SELinux provides (by staying in the default of "Enforce"), and always utilize "Permissive" mode should you really need to disable it.  Review your access/error logs as habit.

    Permission to be Permissive

    Instead of disabling SELinux, it is more advisable to put SELinux in "Permissive" mode. In this mode:

    The SELinux policies will remain loaded,

    Access attempts that violate the configured SELinux policy will still be logged, but

    Access attempts that violate the configured SELinux policy will not be denied, thus disabling the protections offered by SELinux.

     

    Here's how to review your Access Logs to see what policies were logging while in Permissive -

    Search for auditd (the Linux Auditing System) and install if necessary - the audit RPM should be installed by default on most Red Hat Enterprise systems:

    microblogs-cloud-yumyum yellowdog selinux auditpkg

     

    Next, check for the setools-gui pkg, and install - this will provide a collection of graphical and command-line tools to efficiently address SELinux policy analysis:

    microblogs-cloud-yumyum yellowdog selinux setools

    Once installed, run your seaudit gui to access and review your logs (Applications »System Tools »SELinux Audit Log Analysis):

    microblogs-cloud-yumyum yellowdog selinux seaudit

     We also now have several other SELinux tools available for use - SELinux Policy Analysis (examine, search and relate policy components and rules) and SELinux Policy Difference (allows you to compare two policy files):

     

    microblogs-cloud-yumyum yellowdog selinux systemtools

     

     Lend Me Your Thoughts & Advice... How are You Handling SELinux in RHEL?

    My own approach and advice is to employ the default "Enforce" of SELinux and its policies, entering "Permissive" mode temporarily and only when entirely necessary, and habitually reviewing access logs for errors while doing so.  That being said, there certainly exists strong opinion that it takes more in managing SELinux than rewarded ultimately in security concerns.   I have yet to encounter any issues, and consider SELinux as a welcome, albeit additional, security layer versus online content and application bugs - my fear in looking into SELinux, is that if and when I do ever encounter any SELinux related issues? I could have more trouble than it's worth on my hands.  Let's hope I didn't just jinx myself... opinions differ on SELinux, some of it strongly:

    stopdisablinglinux - from "Seriously, stop disabling SELinux"

    SELinux Fails Again - excerpts from a frustrated SELinux user

    RHEL FOR REAL

    microblogs-cloud-yumyum yellowdog selinux yellowdogHaving generically delved into SELinux making minor adjustments, it was clear from colleagues and my own hands-on experience I really need to learn a lot more about it. Even for Desktop services, I would recommend employing SELinux as Red Hat provides, but haven't found any harm thus far in the occassional disabling in Permissive mode. Frankly, I really wouldn't want to have to tackle SELinux Policies/Policy Management but, should situations dicatate otherwise I feel pretty good I have the tools now to help drill down on resolving those changes fairly quickly. 

    There does seem to be differences in opinion about using SELinux and/or its inherent complexity.  Stay tuned; there's quite a bit more I need to understand here before being more comfortable with applying policy changes and mods within SELinux.  For now, in RHEL I am managing SELinux policies with the above SELinux Management and Policy Generation Tools, while expecting SELinux to be of greater value being Enforced and only occassionally Permissive, over ever being entirely Disabled#yumyumyellowdog

    Would You Like Additional Information Related To This Topic? Then You May Also Find Helpful:

    SYSCONFIG: the as-is testing enviro system configuration at the time of this article =

    HARDWARE: Alienware X51 [Memory: 16GB RAM; Processer: 4th Gen Intel® Core™ i7 4770 Quadcore 8MB Cache @ 4.00GHz; Graphics: NVIDIA® GeForce® GTX 760 Ti with 2GB GDDR5; SSD: Samsung 850 Pro 512GB; HDD: Western Digital Black 1TB]

    SOFTWARE: Operating System [RHEL Workstation 6.5-x86_64 (Santiago)]

    This information is not an advertisement on ConsultED's part but merely alerts Members to a potentially useful company, website, application or idea.
    More ...
  • yumyum yellowdog update eset

    Yumyum yellowdog update eset

    Upgrades and Updates to Red Hat® Enterprise Linux®

    ESET BUSINESS DESKTOP ANTIVIRUS

    Recently, I've been putting ESET Antivirus Business Edition for Linux Desktop on Ubuntu laptops.

    # yum update eset

    INSTALLING ESET ANTIVIRUS (Business Edition for Linux Desktop)

    Having previously installed a Free Trial Version of ESET Home Desktop for Linux on this Red Hat machine, I will need to perform an uninstall first.  You can obviously run Terminal here, but I'd like to see how ESET's Uninstaller handles itself.   

      From »Applications »System Tools locate and execute the "ESET NOD32 Antivirus Uninstaller".

     microblogs-cloud-yumyum yellowdog eset uninstallmenu

    As discussed in a prior post, the root password is required for ESET to Install/Uninstall: 

    microblogs-cloud-yumyum yellowdog eset runasroot

     Run through the uninstaller with your options (if any other than default) until done; a system restart will be needed now so get yourself rebooted:

    microblogs-cloud-yumyum yellowdog eset systemrestart

    For the ESET Antivirus Business Edition for Linux software we now want to install, you will first need a Username/Password from ESET to secure the download and rip an install:

    microblogs-cloud-sudo-apt-get-update eset-biz-desktop access

    Post obligatory sign up/info forms, ESET will send you a Username and Password via email with your license files/keys - I went ahead and purchased a minimum 5 user license, but you can certainly opt for the Free Business Trial instead.

    In the interest of time and clarity, all you really need to do here is follow the download and installation KB ESET has provided.  Installation is as easy as it gets, aside from a minor issue with SELinux, described separately below.

    With your newly received credentials and license files, simply download the ESETsoftware correctly to match your architecture and follow the installation guide; for me this will be 64-bit: http://download.eset.com/download/unix/eavbe/ueavbe.x86_64.en.linux

    NOTE: I was missing a library - yum install glibc.i686; keep an eye out for additional libraries that your system may require.

     

    Post-installation and restart you should be all set, with ESET!  

    microblogs-cloud-yumyum yellowdog eset installationscan

     

    MANAGING SELINUX

    SELinux is an enhanced security implementation that allows system admins to define how applications and users can access different resources such as files, devices, networks and inter-process communication. As with ESET, some installers and programs will require root access to execute; as you should have encountered, this will cause a conflict and an unsupported error ("SELinux not supported") when attempting to run the installer:

    microblogs-cloud-yumyum yellowdog eset selinux

    The ESET KB Installation Guide takes the position of disabling SELinux.  I'm still exploring the security advantages of SELinux and prefer to have this functionality "always on", so for the time being I utilize SELinux Management to temporarily allow for Permissive mode.

     Interestingly, take note on the Permissions tab of an option for "SELinux Context" while changing the installer's file permissions, as shown in the ESET KB installation instructions article.   "Not knowing, I hesitate to answer" is an applicable old saying here: not knowing what these values mean, or repurcussions for changing them, I left this item at its default "User data" setting.

     microblogs-cloud-yumyum yellowdog eset properties

     REFERENCE: For ways to manage SELinux in RHEL, please see "yumyum yellowdog update selinux"

     

    RHEL FOR REAL

    microblogs-cloud-yumyum yellowdog eset yellowdogThe ESET Remote Administrator (ERA) is but one of the reasons I chose ESET for linux antivirus protection; a singular console to remotely install and administer antivirus software across my entire network was highly appealing over other open source and proprietary linux antivirus offerings I looked into.  No network, and all of the devices the comprise it, is completely immune to digital threats; appropriately protecting your linux devices, systems and networks is essential.  This post serves for your reference as one method for installing ESET NOD32 Antivirus Business Edition for Linux Desktop, in RHEL. I will absolutely post back similar once I've installed the ESET Remote Administrator#yumyumyellowdog

    Would You Like Additional Information Related To This Topic? Then You May Also Find Helpful:

    SYSCONFIG: the as-is testing enviro system configuration at the time of this article =

    HARDWARE: Alienware M11x [Memory: 8GB RAM; Processer: Intel® Core™ i7 Quadcore CPU U640 @ 1.200GHz × 4; SSD: Samsung 840 Pro 250GB]

    SOFTWARE: Operating System [RHEL Desktop 6.5-x86_64 (Santiago)]

     This information is not an advertisement on ConsultED's part but merely alerts Members to a potentially useful company, website, application or idea.
    More ...
  • sudo apt-get update eset business desktop antivirus for linux

    Sudo apt-get update eset busin...

     Upgrades and Updates in Ubuntu

    ESET BUSINESS DESKTOP ANTIVIRUS FOR LINUX

    After recently installing ESET Antivirus for Linux in the home desktop flavor, I wanted to make use of ESET's Remote Administrator available in their Linux Business Desktop edition to better manage network security from a single location.  Cross-platform security with unified management sounds really good to me.  Delving into the ERA (ESET Remote Administrator) is going to call for its own separate blog post(s), however; here we are just doing a straight install of the Linux Business Desktop Edition of the antivirus onto one machine.  A rather old Alienware m9750 running 64bit Ubuntu 14.04 Desktop is what we're working with to try this out, so here goes some #sumosudo

     

    sudo apt-get update eset

    UPGRADING TO ESET NOD32 ANTIVIRUS 4 - BUSINESS EDITION FOR DESKTOP

    To upgrade to the Business Desktop Edition, we will first need to uninstall the pre-existing ESET Home Desktop.  If you are coming into this without an existing ESET installation, just take this jumper to the "section" for a fresh install. 

     Locate ESET via the Unity Dash, and execute the "ESET NOD32 Antivirus Uninstaller".

     

    As discussed in a prior post, the root password is required for ESET to Install/Uninstall, something we don't normally want to do in Ubuntu - I purposefully left my root password enabled from before so nothing to do here but enter it.  

    microblogs-cloud-sudo-apt-get-update eset-biz-desktop root

    Please reference "sudo apt-get update eset home desktop" if you are needing to set a root password.

     

    Run through the uninstaller with your options (if any other than default) until done; a system restart will be needed now so get yourself rebooted.

    microblogs-cloud-sudo-apt-get-update eset-biz-desktop restart

    For the ESET Antivirus Business Edition for Linux software we want to upgrade to, you are first going to need a Username/Password from ESET to secure the download and rip an install.

    microblogs-cloud-sudo-apt-get-update eset-biz-desktop access

    Post obligatory sign up/info forms, ESET will send you a Username and Password via email with your license files/keys - I went ahead and purchased a minimum 5 user license, but you can certainly opt for the Free Business Trial instead.

    From here, this is essentially a repeat of the steps from my prior blog post, "sudo apt-get update eset home desktop". 

    In the interest of time and clarity, all you really need to do here is follow the download and installation KB ESET has provided.  With your newly received credentials and license files, download the ESET software correctly to match your architecture and follow the installation guide; for me this will be 64-bit: http://download.eset.com/download/unix/eavbe/ueavbe.x86_64.en.linux  

     Interestingly, I note on the Permissions tab an option for "SELinux Context", as shown in the above kb article.  SELinux isn't an issue for Ubuntu-based installs; Debian packaged Linux kernels have SELinux support compiled in, but disabled by default.  This did not appear during my Properties change as I'm in Debian/Ubuntu here; if you are interested in this item please reference "yumyum yellowdog update selinux" for enhanced details of SELinux.  

    Post-installation and restart you should be all set, with ESET!  

    microblogs-cloud-sudo-apt-get-update eset-biz-desktop installed

     Optional, but I typically like to ensure newly installed applications that weren't handled through Software Center are showing correctly from within the Dash.  From the Unity interface quick launch bar, Search the Dash Applications for ESET just to make sure it is there:

    microblogs-cloud-sudo-apt-get-update eset screencap04

    ESETAntivirus Business Edition for Linux Desktop prevents malware through detection of multi-platform threats, regardless of what system is being targeted - Windows®, Linux or Mac® OS. Now that's some #sumosudo! Lend me your thoughts on this approach, as well as functional alternatives.

    UNTO UBUNTU

    microblogs-cloud-sudo-apt-get-update eset-biz-desktop robotAccording to ESET, both the Home Desktop and Business Desktop for Linux distros are exactly the same antivirus offering.  The differentiator is in the ESET Remote Administrator that you get with the Business Edition for Desktop Linux.  The ERA is one of the reasons I chose ESET for linux antivirus protection; a singular console to remotely install and administer antivirus software across my entire network was highly appealing over other open source and proprietary linux antivirus offerings I looked into.  No network, and all of the devices the comprise it, is completely immune to digital threats; appropriately protecting your linux devices, systems and networks is essential.  This post serves for your reference as one method for installing ESET NOD32 Antivirus Business Edition for Linux Desktop, in Ubuntu. I will absolutely post back similar once I've installed the ESET Remote Administrator#sumosudo

    Would You Like Additional Information Related To This Topic? Then You May Also Find Helpful:

    SYSCONFIG: the as-is testing enviro system configuration at the time of this article =

    HARDWARE: Alienware Area-51 M9750 [Memory: 4GB RAM; Processer: Intel® Core™2 CPU T7200 @ 2.00GHz × 2; Graphics: Gallium 0.4 on NV49; SSD: Samsung 840 Evo 120GB; HDD: Western Digital Blue 500GB]

    SOFTWARE: Operating System [Ubuntu Desktop 14.04 LTS 64-bit]; Antivirus [ESET NOD32 Business Desktop Antivirus 4.0.81.0]

    This information is not an advertisement on ConsultED's part but merely alerts Members to a potentially useful company, website, application or idea.
    More ...
  • Cool 4 Code: Lights & Music

    Cool 4 Code: Lights & Music

    WORKING TO KEEP YOU WORKING

    Thought I'd drop some playlists of stuff to keep you happy while coding and IT building for a New World of Work.  Crank while you are cranking code!

     

    COOL 4 CODE: BAM! JAM [LIGHTS & MUSIC]

     

    And remember, when a problem comes along? you must Whip-IT: #cool4code

     

    More ...
  • sudo apt-get update filezilla

    Sudo apt-get update filezilla

    Upgrades and Updates in Ubuntu

    FILEZILLA FTP CLIENT

    Thanks to a quick search within Ubuntu Software Center, you can easily and safely install some other "stock & standard" applications I always like to employ. For FTP purposes, an obvious open source choice and a long-time industry standard is FileZilla. It remains one of the better full-featured, cross-platform ftp clients with an extremely comfortable GUI. that's right, it's #sumosudo

    sudo apt-get update filezilla

    INSTALLING FILEZILLA

    FileZilla is readily available as one of the featured and most popular downloads in the Ubuntu Software Center.  Go ahead; get it installed.

     

    Making An FTP Connection

    Just in case you don't know how to do this, once installed just open and access FileZilla's easy Site Manager where you'll want to set your permanent connections. I will assume the screenshot below is sufficient to get anyone through adding a New Site and setting your params (Port is typically 21; check your Firewall settings if you have any issues).

    microblogs-cloud-sudo-apt-get-update filezilla ftp

    Wherefore Art Thou, ExpanDrive?

    microblogs-cloud-sudo-apt-get-update filezilla robotWhat I'm really-really-really looking forward to, is the eventual (albeit already overdue) release of the linux version of ExpanDrive. A "mid-2014" notice for release of Version 4 is still showing on ExpanDrive's Website, etc. - this tool still isn't linux-available as far as I can tell, but when it is? INSTALL IT! I'll take tools to enhance productivity over a minimal amount of cost every day (and even if this were freeware, shouldn't we all be giving back to the developers in donation for its use anyway?!).  For cloud-based work, ExpanDrive is seriously indispensible and one of my favorite tools, by far. Here's hoping this will be available for linux soon.  Yes, and Please. #sumosudo

     ExpanDrive is the fastest way to upload and manage files in the Cloud, and is continually adding new cloud storage providers:

    microblogs-cloud-sudo-apt-get-update filezilla expandrive

    SYSCONFIG: the as-is testing enviro system configuration at the time of this article =

    HARDWARE: Alienware Area-51 M9750 [Memory: 4GB RAM; Processer: Intel® Core™2 CPU T7200 @ 2.00GHz × 2; Graphics: Gallium 0.4 on NV49; SSD: Samsung 840 Evo 120GB; HDD: Western Digital Blue 500GB]

    SOFTWARE: Operating System [Ubuntu Desktop 14.04 LTS 64-bit]

    This information is not an advertisement on ConsultED's part but merely alerts Members to a potentially useful company, website, application or idea.
    More ...
  • sudo apt-get update spotify

    Sudo apt-get update spotify

    Upgrades and Updates in Ubuntu

    INTERNET MUSIC STREAMING IN LINUX

    Ok. I can admit it. I'm a self-proclaimed Spotify addict. Simply put, I must have, need to have, have to have and will have my Spotify in Linux! Use of the Spotify plugin in Clementine has gotten me through some separation anxiety moving fully over to Linux distros, but there was barely even a honeymoon phase here; I really need full-flavored. A rather old Alienware m9750 running 64bit Ubuntu 14.04 Desktop is what we're working with to try this out (figuring that if it will run on this dated hardware it will have no issues with pretty much anything else after it!), so here goes some #sumosudo

    sudo apt-get update spotify

    INSTALLING SPOTIFY STREAMING MUSIC CLIENT

    Currently, Spotify is available only for Windows and Mac as supported downloads. Spotify has, however, conveniently packaged it for Debian Squeeze/Ubuntu; as a preview release this version is still unsupported, but the Team at Spotify runs this internally themselves, committed to working to make sure it keeps pace with its Mac and Windows siblings.

    First we will need to add the Spotify repo to our sources list.  From Terminal, gedit /etc/apt/sources.list to add the Spotify repo (end of list):

    $ deb http://repository.spotify.com stable non-free

    Save to update the add. Add the Spotify repository key to verify authenticity of the package(s):

    $ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 94558F59

    Now Run your Update:

    $ sudo apt-get update

    Install Spotify!

    $ sudo apt-get install spotify-client

    From the Dash, search the installed applications for the Spotify app. From here, you can drag & drop the Spotify icon onto your quick launch bar and it will dock the launcher for future access. 

     

    UNTO UBUNTU

    microblogs-cloud-sudo-apt-get-update spotify robotSpotify continues to keep my sanity during long bouts of coding and from the "terminally insane" (pun, intended) of linux learning.  For internet music streaming, I.just.have.to.have.my.Spotify.  Since installing, I've put Spotify for Linux on Ubuntu through the paces quite a bit, and haven't found anything funky or clunky; working! #sumosudo

    Would You Like Additional Information Related To This Topic? Then You May Also Find Helpful:

    SYSCONFIG: the as-is testing enviro system configuration at the time of this article =

    HARDWARE: Alienware Area-51 M9750 [Memory: 4GB RAM; Processer: Intel® Core™2 CPU T7200 @ 2.00GHz × 2; Graphics: Gallium 0.4 on NV49; SSD: Samsung 840 Evo 120GB; HDD: Western Digital Blue 500GB]

    SOFTWARE: Operating System [Ubuntu Desktop 14.04 LTS 64-bit]

    This information is not an advertisement on ConsultED's part but merely alerts Members to a potentially useful company, website, application or idea.
    More ...

EMPOWERING INFORMATION

More Info

COMMENDATIONS

Social SignOn

SignIn Here

ED bubble transparent2WE ARE INFORMATION EMPOWERED. Providing innovative solutions to innovative business, ConsultED delivers a power play of game changing open source, cloud-based technology strategies and solutions to empower organizations with global competitive advantage. Our Mission is Your Success: Business Intelligence, Cloud Computing, Mobile Systems, Open Source, OpenStack, Security & Compliance, Social Networks & Media, Sustainability, Web Services, and Electronic Discovery Consulting.

THE AGILITY OF SMART