How To Flush DNS Cache on Linux

DNS, short for the Domain Name System protocol, is used on Linux systems in order to retrieve IP addresses associated with names.

For example, when you are performing a ping request, it is quite likely that you are using the DNS protocol to retrieve the server IP.

In most cases, the DNS requests that you perform are stored in a local cache on your operating system.

However, in some cases, you may want to flush the DNS cache of your server.

It might be because you changed the IP of a server on your network and you want to changes to be reflected immediately.

In this tutorial, you are going to learn how you can easily flush the DNS cache on Linux, whether you are using systemd or dnsmasq.

Prerequisites

In order to be able to flush your DNS cache, you have to know how DNS resolution works on your Linux system.

Depending on your distribution, you may be facing different Linux services that act as a DNS resolver.

Before you start, it is quite important for you to know how DNS resolution will actually happen on your operating system.

How To Flush DNS Cache on Linux dns-resolution-linux
Inspired by this Wikipedia diagram
If you are reading this article, you are looking to flush the cache of your local DNS resolver. But as you can see, there are many different caches from your local application until the actual Internet DNS servers.

In this tutorial, we are going to focus on the yellow box meaning the local stub resolver implemented on every Linux system.

Finding your local DNS resolver

On most Linux systems, the DNS resolver is either “systemd-resolved” or dnsmasq. In order to know if you are dealing with one or another, you can execute the following command

$ sudo lsof -i :53 -S
Note : so why are we running this command? As DNS runs on port 53, we are looking for the commands associated with the service running on port 53, which is your local DNS resolver or “stub”.

Finding your local DNS resolver lsof-command
As you can see, on a recent Ubuntu 20.04 distribution, the service listening on port 53 is systemd-resolved. However, if you were to execute this command on Ubuntu 14.04, you would get a different output.
lsof-command-old-distribution

In this case, the local DNS used in dnsmasq and commands are obviously different.

local-dns-resolvers

Knowing this information, you can go the chapter you are interested in. If you were to have a different output on your server, make sure to leave a comment for us to update this article.

Flush DNS using systemd-resolved

The easiest way to flush the DNS on Linux, if you are using systemd-resolved, is to use the “systemd-resolve” command followed by “–flush-caches”.

Alternatively, you can use the “resolvectl” command followed by the “flush-caches” option.

$ sudo systemd-resolve --flush-caches

$ sudo resolvectl flush-caches

In order to verify that your Linux DNS cache was actually flushed, you can use the “–statistics” option that will highlight the “Current Cache Size” under the “Cache” section.

$ sudo systemd-resolve --statistics

flush-dns-systemd-resolve

Congratulations, you successfully flushed your DNS cache on Linux!

Flush DNS cache using signals

Another way of flushing the DNS cache can be achieved by sending a “USR2” signal to the “systemd-resolved” service that will instruct it to flush its DNS cache.

$ sudo killall -USR2 systemd-resolved

In order to check that the DNS cache was actually flushed, you can send a “USR1” signal to the systemd-resolved service. This way, it will dump its current state into the systemd journal.

$ sudo killall -USR1 systemd-resolved

$ sudo journalctl -r -u systemd-resolved

Flush DNS cache using signals flush-dns-using-signals

Awesome, your DNS cache was correctly flushed using signals!

Flush DNS using dnsmasq

The easiest way to flush your DNS resolver, when using dnsmasq, is send a “SIGHUP” signal to the “dnsmasq” process with the “killall” command.

$ sudo killall -HUP dnsmasq

Flush DNS using dnsmasq flush-dnsmasq

Similarly to systemd-resolved, you can send a “USR1” to the process in order for it to print its statistics to the “syslog” log file. Using a simple “tail” command, we are able to verify that the DNS cache was actually flushed.

Now what if you were to run dnsmasq as a service?

Dnsmasq running a service

In some cases, you may run “dnsmasq” as a service on your server. In order to check whether this is the case or not, you can run the “systemctl” command or the “service” one if you are on an SysVinit system.

$ sudo systemctl is-active dnsmasq

# On SysVinit systems
$ sudo service dnsmasq status

If you notice that dnsmasq is running as a service, you can restart it using the usual “systemctl” or “service” commands.

$ sudo systemctl restart dnsmasq

# On SysVinit systems
$ sudo service dnsmasq restart

After running those commands, always make sure that your services were correctly restarted.

$ sudo systemctl status dnsmasq

# On SysVinit systems
$ sudo service dnsmasq status

Conclusion

In this tutorial, you learnt how you can quickly and easily flush your DNS cache on Linux.

Using this article, you can easily clear the cache for systemd and dnsmasq local resolvers. However, you should know that there is another common DNS, named bind, that is purposefully omitted in this article.

Another article about setting up a local DNS cache server using BIND should come in the near future.

If you are interested in DNS queries and how they are performed, you can use this very useful article from “zwischenzugs” named the Anatomy of a DNS query. The article is particularly useful if you want to debug DNS queries and you wonder how they are performed.

Also if you are interested in Linux System Administration, we have a complete section about it on the website, so make sure to check it out.

How To Encrypt File on Linux

If you are a conscientious system administrator, you have probably already wondered how you can make your files secure.

Nowadays, as system attacks get more and more frequent, it isn’t probably a bad idea to think about encrypting your files.

On Linux, there are multiple of encrypting files, directories or filesystems : namely using the LUKS disk encryption specification or simple tools such as GnuPG.

In this tutorial, you will learn how you can easily encrypt files and directories on Linux using the GnuPG tool as well as the zip utility.

Encrypt Files using passphase protection

One of the easiest ways of encrypting a file on Linux is to use the “gpg” utility.

“gpg” is a simple utility that is part of the OpenPGP initiative that aims at providing easy methods to securely sign documents.

Files can be decrypted using two different methods : a password or a key file. In this section, we are going to focus on setting up a password protection for your encrypted files.

To encrypt files using a password, use the “gpg” command with the “-c” option specifying that you want to use a symmetric encryption for your file. After that, specify the name of the file that you want to encrypt.

$ gpg -c <file>

The “gpg” command will create a file with a “.gpg” extension which is the encrypted file that you want to store.

Encrypt Files using passphase protection encrypt-file-using-gpg

If you are running a Linux distribution with a graphical environment, you will be prompted with a window in order to specify the passphrase.

passphrase-encrypt-file

Note : make sure not to forget your passphrase. You won’t be able to recover the passphrase in any means.

Special tip : writing down your passphrase and storing it in a physical lock can be a solution.

If you were to inspect the content of the file using a simple “cat “command, you would not be able to see the content.

Encrypt Files using passphase protection encrypted-file

Awesome, you successfully encrypted a file on Linux using “gpg”!

Decrypt Encrypted File on Linux

In order to decrypt an encrypted file on Linux, you have to use the “gpg” command with the “-d” option for “decrypt” and specify the “.gpg” file that you want to decrypt.

$ gpg -d <file>.gpg

Decrypt Encrypted File on Linux decrypt-file-root

Again, you will be probably be prompted with a window (or directly in the terminal) for the passphrase. If you provide the correct one, you will be able to see the content of your file.

Decrypt Encrypted File on Linux decrypt-file-linux

Note : if you were not prompted for the passphrase for the file, it is because the GPG utility will create a set of keys for you in your home directory when you unlock a file (or create it)

Awesome, your file is now decrypted, you can inspect its content easily.

Encrypt Directory using gpg

In some cases, you may be interested in encrypting a whole directory, containing a lot of files.

In order to achieve that, you are going to create an archive first and encrypt it later on.

To create an archive, use the “tar” command along with the “-cvf” options that stand for “create a file in verbose mode”. Now that your archive is created, you can encrypt it using the “gpg” command with the “-c” option.

$ tar -cvf archive.tar <directory>

$ gpg -c archive.tar

Encrypt Directory using gpg encrypt-tar-archive

Again, you might be prompted for a specific passphrase that you will have to remember.

Congratulations, you successfully encrypted a directory using the tar and gpg commands!

Encrypt Directory using zip

In order to encrypt a file using zip, use the “zip” command with the “–encrypt” option and provide the zip name as well as the files to be encrypted.

$ zip -r --encrypt secure.zip <directory>

$ zip --encrypt secure.zip <file>...<file10>

Encrypt Directory using zip secure-zip

Awesome, you have successfully created an encrypted zip archive!

To open your encrypted archive, you can simply use the “unzip” command and provide the password you just used.

Encrypt Directory using zip unzip-encrypted-zip

Encrypt Files using private key

As explained in other tutorials, generating key pairs (a public key and a private key) remain a very efficient way of preventing people from accessing your files.

To encrypt files on Linux using a private key, you have to execute the “gpg” command with the “–full-gen-key” option. You have multiple options for key generation (such as “–quick-generate-key”) but the full one gives you more options.

$ gpg --full-gen-key

Encrypt Files using private key gpg-generate-key

By default, the GPG utility will ask you a couple of questions. First, it wants you to choose an encryption method for your key.

We are going to choose “RSA” as it can be trusted as one of the best encryption methods available.

Encrypt Files using private key rsa-encryption-method

On the next step, you are asked for the size of the key that you want, we are going to remain with the defaults one and press Enter.

Encrypt Files using private key expiration-key

Finally, you are asked if you want to configure an expiration for the key that you are going to create. In this case, we want to use the same key forever, so you can choose the “0” option.

Encrypt Files using private key information-gpg-key

Now that you specified the key parameters, you are going to provide your name, your email address as well as a comment that is describing your key.

If everything is okay, you can press “O” and proceed to choose a passphrase.

passphrase-key-encryption

So why would you need a passphrase? A passphrase is used in order to protect your key from being stolen. Having a key alone is not enough, not that it could be brute-forced, but somebody could steal your key and use it to decrypt your files. A passphrase prevents this operation.

Encrypt Files using private key generated-key-linux

Congratulations, you successfully created your set of keys for encryption, you can now use them in order to encrypt your files.

To encrypt your file using your created key, you have to use the “gpg” command with the “-e” option for “encrypt” and specify the key to be used with the “–recipient” option.

$ gpg -e --recipient <email or name> <file>

In this case, we used the “devconnected” name along with the “devconnected@example.com” email address. To encrypt the file, we are going to execute the following command :

$ gpg -e --recipient devconnected@example.com

encrypt-using-key

Awesome, you have successfully encrypted your file using your key!

Decrypt File using key

In order to decrypt the file you just encrypted using your key, you have to use the “gpg” command with the “-d” option for decrypt.

$ gpg -d <file>.gpg

In this case, you will be prompted with a window that contains many more information, more specifically the key used.

passphrase-2

When providing the correct passphrase, you will be able to decrypt your file, great!

Decrypt File using key decrypt-file-gpg

Encrypt Files using Nautilus GUI

If you are not into using the terminal, you might want to have a beautiful GUI in order to encrypt your files.

To encrypt using a graphical interface, you are going to use the “Nautilus” file manager along with the “seahorse-nautilus” extension. This extension brings GPG features right into your graphical file explorer.

$ sudo apt-get install nautilus

$ sudo apt-get install seahorse-nautilus

Encrypt Files using Nautilus GUI seahorse-nautilus

When you are done, restart Nautilus by using the “nautilus” command with the “-q” option for “quit”.

$ nautilus -q

Open Nautilus again, using the command line or your left vertical bar, and right click on a file to see the “Encrypt” option.
Encrypt Files using Nautilus GUI nautilus-encryption
When clicking on “Encrypt“, you are asked if you want to choose a passphrase or if you want to encrypt the file using a key.
Encrypt Files using Nautilus GUI nautilus-encryption-2-1

In this case, select the key that you created in the steps before, and click on “Ok” when you are done.

That’s it! You now have an encrypted version of your file.

gpg-file

But did you know that you could decrypt your file using a GUI interface also?

Decrypt using GUI Interface

In order to decrypt your file, you can simply double-click or right-click and select the “Open with Decrypt File”.

Decrypt using GUI Interface open-with-decrypt-file

By using this option, you will be asked the name of the file to be created when decrypting the file. In this case we are going to choose file named “custom.txt

custom-file

When clicking on “Save“, you will be asked for the passphrase that you specified when creating your public key. Provide the specified passphrase and your file should be decrypted!

file-decrypted

Conclusion

In this tutorial, you learnt how you can simply encrypt and decrypt a file on Linux using console line commands or GUI tools.

Encryption is a big part of security : if you are storing sensitive information on your computer or server, you should seriously think about encryption for your disks.

If you are interested in disk encryption, maybe you should take a look at the LUKS project that aims at providing a simple API for it.

If you are interested in Linux System Administration, we have a complete section dedicated to it on the website, so make sure to check it out!

How To Add User To Sudoers On Ubuntu 20.04

This tutorial focuses on adding sudoers rights to a user on Ubuntu 20.04 Focal Fossa.

When managing an Ubuntu 20.04 server, it is actually quite important to know how to add sudoers to it.

The sudo command is a very popular command on Linux.

It allows unauthorized users to perform commands as another user, by default being the root user.

On Ubuntu 20.04, we will focus on three different ways to add a user as sudo : add it to the sudo group, to the sudoers file or using the graphical interface.

Here are the details of the three different methods.

Adding an existing user to the sudo group

On most distributions, it is very likely that the sudo command is available by default.

$ which sudo
Note : the “which” command can be used in order to verify the existence of the sudo command on your host.

Adding an existing user to the sudo group which-sudo

If you notice that this is not the case, you can install sudo by running the following commands.

$ apt-get update
$ apt-get install sudo

In order to add a user to sudoers, you have to use the “usermod” command and the capital G (for secondary groups).

$ sudo usermod -a -G sudo <user>

Adding an existing user to the sudo group usermod-sudo

In order to verify that your user was correctly added to the sudo group, you have to use the “groups” command.

If you see “sudo” as a secondary group for your user, congratulations, you successfully added your user to sudoers!

Adding a user to sudoers using gpasswd

A less popular, yet very powerful way to add a user to sudoers is to use the gpasswd command.

$ sudo gpasswd -a <user> sudo

Adding a user to sudoers using gpasswd

As a quick reminder, gpasswd is used in order to administer the “/etc/group” file on your filesystem.

Adding an existing user to the sudoers file

By default, on Ubuntu 20.04, the sudoers file is located at /etc/sudoers.

Adding an existing user to the sudoers file sudoers

This file contains a set of rules that are applied in order to determine who has sudo rights on your system.

Also, the sudoers file can define privileges such as the commands that can be executed with or without sudo, or if you should be prompted with a password.

By default, you should not modify the sudoers file by yourself (the same logic applies to cron jobs for example).

If you were to corrupt this file, you might would not be able to get sudo rights again.

Instead, you are going to use “visudo” : a tool designed to make sure that you don’t make any mistakes.

$ sudo visudo

sudo-visudo

At the end of the file, add a new line for the user.

john       ALL=(ALL:ALL) ALL

Adding an existing user to the sudoers file sudoers-syntax

By saving and exiting the file, the user “john” will be automatically added to the sudo group.

By default, the account password will be asked every five minutes in order to perform sudo operations.

If you want to remove the password verification, you can simply add the “NOPASSWD” option.

john       ALL=(ALL:ALL) NOPASSWD:ALL
Note : if you add a user to the sudoers file, it does not mean that the user will belong to the sudo group on the system. It will be authorized to perform sudo operations, but it won’t be listed if you use the “groups” command.

Tweaking password verification

If you want to tweak the password verification period, or if you want to increase the verification, you have to modify the “timestamp_timeout” parameter.

# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#

Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path = /sbin:/bin:/usr/sbin:/usr/bin
Defaults        timestamp_timeout=30

In this case, the password will be asked every thirty minutes.

Adding a user to sudoers using the graphical interface

On recent Ubuntu distributions, it is possible to add a user to the sudo group very easily.

First, head over to the “Activities” tab located at the top left corner of your screen and type “Users“.

You should see a screen similar to this one.

Adding a user to sudoers using the graphical interface users

Next, you will have to unlock the panel by clicking on “Unlock”.

Adding a user to sudoers using the graphical interface unlock (1)

You will be asked for your password, note that the account has to be a privileged account in order to perform this operation.

Adding a user to sudoers using the graphical interface authentication-required

Now that the panel is unlocked, you can tick the “Administrator” radio button in order for your user to be part of the administrators!
Adding a user to sudoers using the graphical interface john-sudo
You can even verify that your user is part of the sudo group using the “groups” command.

$ groups john

groups-john

Congratulations, your user is now part of the sudo group!

Adding a group to the sudoers file

In the previous section, we added a user to the sudoers file, but what if you wanted to give those rights to an entire group?

To add a group to the sudoers file, add a “percent” symbol at the beginning of the line, just before the name of the group.

%sysadmins       ALL=(ALL:ALL) NOPASSWD:ALL

Next, make sure that you are part of the designed group and execute your command using “sudo”.

$ groups
user sysadmins

$ sudo passwd

Congratulations, you set “sudo” privileges to an entire group!

Conclusion

In this tutorial, you learnt how you can easily add a user to sudoers using three different methods : using the command-line, the visudo command or using the graphical interface.

If you are interested in Ubuntu 20.04, we wrote a guide on installing and enabling a SSH server.

Also, if you are interested in Linux System Administration, we have an entire section dedicated to it on the website, so make sure to check it out!

How To Add a User to Sudoers On Debian 10 Buster

In today’s tutorial, we are going to see how you can add a user to sudoers on Debian distributions.

The sudo command allows authorized users to perform commands as another user, which is by default the root user.

There are two ways to add a user to sudoers : you can add this user to the sudo group or you can add this user to the sudoers file located at etc.

Here are the details of the two methods.

I – Adding an existing user to the sudo group

As a prerequisites, make sure that the sudo command is available by default. If it’s not the case, you can install it by running (with an account with admin rights)

$ apt-get update
$ apt-get install sudo

The first method is to add the user to the sudo group.

To do that, you are going to use the “usermod” command with the capital G flag (for groups)

$ sudo usermod -a -G sudo user

You can also use the gpasswd command to grand sudo rights.

$ sudo gpasswd -a bob sudo
Adding user to the group sudo

Make sure that the user belongs to the sudo group with the groups command.

$ su - user
(password for user)

$ groups
user sudo

You should now be able to perform a sudo request on Debian 10.

Depending on the configuration you chose during your Debian 10 installation process, you may or may not have access to a root account. If you chose a password for your root account, you will be able to connect to it. Otherwise, the default admin account is the one you created during the installation process.

The sudoers file is located at /etc/sudoers.

This file contains a set of rules that are applied to determine who has sudo rights on a system, which commands they can execute with sudo privileges, and if they should be prompted a password or not.

However, you should never modify the sudoers file with a text editor.

Saving a bad sudoers may leave you with the impossibility of getting sudo rights ever again.

Instead, you are going to use visudo, a tool designed to make sure you don’t do any mistakes.

$ sudo visudo

This is what you should see.

II – Adding an existing user to the sudoers file visudo

At the end of the file, add a new line for the user.

john       ALL=(ALL:ALL) ALL

II – Adding an existing user to the sudoers file sudoers-syntax

By default, the account password will be asked every five minutes to perform sudo operations.

However, if you want to remove this password verification, you can set the NOPASSWD option.

john       ALL=(ALL:ALL) NOPASSWD:ALL

If you want the password verification to be skipped for longer periods of time, you can overwrite the timestamp_timeout (in minutes) parameter in your sudoers file.

# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#

Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path = /sbin:/bin:/usr/sbin:/usr/bin
Defaults        timestamp_timeout=30

III – Adding a group to the sudoers file

Via the visudo, you can add an entire group to the sudoers.

This might be handy if you have a group for system administrators for example. In this case, you simply have to add a user to the system administrators group for him/her to be granted sudo privileges.

To add a group to the sudoers file, simply add a percent symbol at the beginning of the file.

%sysadmins       ALL=(ALL:ALL) NOPASSWD:ALL

Make sure that your user is part of the designed group with the groups command.

$ su - user
$ groups
user sysadmins

You can test your new sudo rights by changing your password for example

$ sudo passwd

IV – Most Common Errors

  • user is not in the sudoers file. This incident will be reported.

IV – Most Common Errors not-in-sudoers

This is the standard error message you get when a user does not belong to the sudo group on Debian 10.

By adding this user to the sudoers file on Debian, this error message should not be raised anymore.

Arping Command on Linux Explained

As a network administrator, you are probably already very familiar with the ARP protocol.

ARP is commonly used by layer two devices in order to discover as well as communicating with each other easily.

When you are dealing with a small office network, you might be tempted to ping hosts in order to verify that they are available.

If you are using the ICMP protocol, you might be aware that you are actually performing ARP requests in order to probe devices on your network.

If you are looking for a more straightforward way to create ARP pings, you might be interested in the arping command.

In this tutorial, we are going to focus on the arping command : how to install it and how to use it effectively.

Prerequisites

In order to install the arping command on your system, you will obviously need sudo privileges on your server.

In order to check if you are sudo or not, you can simply execute the following command

$ groups

user sudo

If this is not the case, you can read our guide on getting sudo privileges for Debian or CentOS hosts.

Installing arping on Linux

In order to install the arping command on your server, execute the “apt-get install” command and specify the “arping” package.

$ sudo apt-get install arping

Installing arping on Linux arping

Now that the command is installed, you can execute the “arping” command in order to check the current version used.

$ arping -v

ARPing 2.19, by Thomas Habets <thomas@habets.se>

Great!

The arping command is now installed on your server.

By default, the arping command is going to send an ARP (or ICMP) request every second, but it can obviously be configured.

Using arping to discover hosts

First of all, as any device communicating over Ethernet, your device has an internal ARP table used to communicate over the network.

In order to see your current ARP entries, you can simply execute the “arp” command with the “-a” option for all devices.

$ arp -a

When using the ARP command, you are presented with a list of hostnames, followed by IPs and MAC addresses.

Using arping to discover hosts arp-table

In this case, I am presented with the only entry in my ARP table : a router accessible via the 192.168.178.1 IP address.

However, I might be interested in finding other hosts on my local network : to achieve that, you are going to use the arping command.

Pinging hosts using IP addresses

In order to ping hosts over your network, you can simply use the “arping” command and specify the IP address to be pinged.

Additionally, you can specify the number of pings to be sent using the “-c” option for “count”.

$ arping -c 2 <ip_address>
Note : if you are not sure about the way of finding your IP address on Linux, we have a complete guide on the subject.

For example, using the “192.168.178.27” IP address over your local network, you would execute the following command

Pinging hosts using IP addresses arping-example

As you can see, if you are getting response pings, you are presented with the MAC address of the corresponding device.

Note that using the arping command will not automatically update your ARP table : you would have to use a command such as ping in order to update it.

$ arp -a

Pinging hosts using IP addresses arp-update

Awesome, you successfully used the arping command in order to issue ARP requests over the network!

ARP timeouts using arping

If the arping command is not able to resolve the IP address of the target defined, you will get an ARP timeout.

As an example, executing an ARP request on an unknown host would give you the following output

$ arping -c 5 <ip_address>

ARP timeouts using arping-timeout

As you can see, in some cases, you will be presented with a warning if you don’t specify any network interface.

This is quite normal because the arping command expects a network interface to be specified.

If you were to deal with a router, or if you chose to install your Linux server as a router, two network interface cards can be installed in order to route to two different networks.

If this is the case, the arping needs to know the network interface it needs to use in order to send the ARP ping.

As you can see, the arping command will try to “guess” the network interface if it is not provided with one.

Specifying the network interface

If you have multiple network interfaces on your server, the arping won’t be able to “guess” the network interface card to be used.

As a consequence, you might get an error message stating that the arping was not able to guess the correct one.

Specifying the network interface suitable-device-guess

In order to specify the network interface to be used, you will have to use the “-I” option followed by the name of the network interface.

If you need some help on how to enumerate network interfaces, you can use this guide on finding your IP address on Linux.

$ arping -I <interface_name> <ip_address>

If our interface is named “enp0s3”, the command would be the following one :

$ arping -I enp0s3 192.168.178.22

Specifying the network interface arping-network-interface

Awesome, you have pinged your distant server and you have specified the network interface to be used!

Sending ARP pings from Source MAC

In some cases, you may want to specify the source MAC address you are sending packets from.

In order to achieve that, you need to execute the “arping” command with the “-s” option for “source” followed by the MAC address you want to ping.

$ arping -c 2 -s 00:60:70:12:34:56 <ip_address>

In this case, you have two possibilities :

  • You are the owner of the MAC address and you can simply use the “-s” option.
  • You are not the owner of the MAC address and you are trying to spoof the MAC address. In this case, you need to use the promiscuous mode. As a short reminder, the promiscuous mode is set to transmit all frames received by the NIC rather than the ones it was meant to receive.

In order to enable the promiscuous mode with the “arping” command, you need to use the “-p” option.

Using the options we used previously, this would lead us to the following command.

$ arping -c 2 -s 00:60:70:12:34:56 -p <ip_address>

Conclusion

In this tutorial, you learnt how you can easily use the arping in order to ping IP addresses on your local network.

Using arping, you are able to populate your local ARP cache with the matching MAC address.

You also learnt that you are able to “spoof” your MAC address by using the promiscuous mode.

If you are interested in Linux System Administration, we have a complete section dedicated to it on the website, so make sure to check it out!

How To Install Samba on Debian 10 Buster

If you are working on a small to medium entreprise network, you probably have dozens of drives and printers that need to be shared.

Besides the NFS protocol, there are plenty of other network protocols that can be used in order to share resources over a network.

The CIFS, short for Common Internet File System, is a network filesystem protocol used to share resources among multiple hosts, sharing the same operating system or not.

The CIFS, also known as the SMB protocol, is implemented by one popular tool : the Samba server.

Started in 1991, Samba was developed in the early days in order to ease the interoperability of Unix and Windows based systems.

In this tutorial, we are going to focus on the Samba installation and configuration for your network.

Prerequisites

In order to install new packages on your system, you will need to be a user with elevated permissions.

To check if you are already a sudo user, you can run the “groups” command and check if “sudo” belongs to the list.

$ groups

user sudo netdev cdrom

If you don’t belong to the sudo group, you can check one of our tutorials in order to gain sudo privileges for Debian instances.

Now that you have sudo privileges, let’s jump right into the Samba server installation.

Installing Samba on Debian

Before installing Samba, you will need to make sure that your packages are up-to-date with the Debian repositories.

$ sudo apt-get update

Now that your system is up-to-date, you can run the “apt-get install” command on the “samba” package.

$ sudo apt-get install samba

When installing Samba, you will be presented with the following screen.

Installing Samba on Debian samba

In short, this window is used in order to configure retrieval of NetBIOS name servers over your network.

Nowadays, your entreprise network is most likely using DNS name servers in order to store static information about hostnames over your network.

As a consequence, you are most likely not using a WINS server, so you can select the “No” option.

When resuming the installation, APT will unpack and install the packages needed for Samba.

Additionnally, a “sambashare” group will be created.

After the installation, you can check the version used on your system by running the “samba” command with the “-v” option.

$ samba -V

Installing Samba on Debian samba-version

You can also verify that the Samba server is running by checking the status of the Samba SMB Daemon with systemctl.

$ systemctl status smbd

Installing Samba on Debian samba-service

Great, Samba is now correctly installed on your Debian server!

Opening Samba Ports on your firewall

This section only applies if you are using UFW or FirewallD on your server.

In order for Samba to be reachable from Windows and Linux hosts, you have to make sure that ports 139 and 445 are open on your firewall.

On Debian and Ubuntu, you are probably using the UFW firewall.

In order to open ports on your UFW firewall, you have to use the “allow” command on ports 139 and 445.

$ sudo ufw allow 139
$ sudo ufw allow 445

$ sufo ufw status

Opening Samba Ports on your firewall ufw-status

If you are working on a CentOS or a RHEL server, you will have to use the “firewall-cmd” in order to open ports on your computer.

$ sudo firewall-cmd --permanent --add-port=139/tcp
success
$ sudo firewall-cmd --permanent --add-port=445/tcp
success
$ sudo firewall-cmd --reload
success

Opening Samba Ports on your firewall-centos

Configuring Samba on Debian

Now that your Samba is correctly installed, it is time to configure it in order to configure it in order to be able to export some shares.

Note : Samba can also be configured in order to act as a domain controller (like Active Directory) but this will be explained in another tutorial.

By default, the Samba configuration files are available in the “/etc/samba” folder.

Configuring Samba on Debian conf-folder

By default, the Samba folder contains the following entries :

  • gdbcommands : a file containing a set of entries for the GDB debugger (won’t be used at all here);
  • smb.conf : the main Samba configuration file;
  • tls : a directory used in order to store TLS and SSL information about your Samba server.

For this section, we are going to focus on the content of the smb.conf file.

The Samba configuration file is composed of different sections :

  • global : as its name indicates, it is used in order to define Samba global parameters such as the workgroup (if you are using Windows), the log location, as well as PAM password synchronization if any;
  • shares definitions : in this section, you will list the different shares exported by the Samba server.

Defining the Windows workgroup

If you plan on including the Samba server into a Windows workgroup, you will need to determine the workgroup your computers belong to.

If you are working on a Unix-only network, you can skip this section and jump right into share definition.

Note : if you are using a domain controller, those settings do not apply to you.

In order to find your current workgroup, head over to the Windows Start Menu, and search for “Show which workgroup this computer is on”.

Defining the Windows workgroup

Select the option provided by the search utility and you should be able to find your workgroup in the next window.

Defining the Windows workgroup-2

In this case, the workgroup name is simply “WORKGROUP“.

However, you will have to make sure that this name is reflected in the Samba configuration file.

Defining the Windows workgroup-3

Now that your workgroup is properly configured, let’s start by defining simple share definitions for your Samba server.

Defining Samba share definitions

On Samba, a share is defined by specifying the following fields :

  • Share name : the name of the share as well as the future address for your share (the share name is to be specified into brackets);
  • Share properties : the path to your share, if it is public, if it can be browsed, if you can read files or create files and so on.

In order to start simply, let’s create a Samba share that will be publicly available to all machines without authentication.

Note : it is recommended to setup Samba authentication if you are exporting shares containing sensitive or personal information.

Creating a public Samba share

First of all, you will need to decide on the folder to be exported on your system, for this tutorial we are going to choose “/example”.

In order for users to be able to write files to the share, they will need to have permissions on the share.

However, we are not going to set full permissions to all users on the folder, we are going to create a system account (that has write permissions) and we are going to force user to use this account when logging to Samba.

In order to create a system account, use the “useradd” command with the “-r” option for system accounts.

$ sudo useradd -rs /bin/false samba-public

$ sudo chown samba-public /example

$ sudo chmod u+rwx /example

In order to create a public Samba share, head over to the bottom of your Samba configuration file and add the following section.

$ nano /etc/samba/smb.conf

[public]
   path = /example
   available = yes
   browsable = yes
   public = yes
   writable = yes
   force user = samba-public

Here is an explanation of all the properties specified in this Samba share definition :

  • path : pretty self-explanatory, the path on your filesystem to be exported with Samba;
  • available : meaning that the share will be exported (you can choose to have shares defined but not exported);
  • browsable : meaning that the share will be public in network views (such as the Windows Network view for example);
  • public : synonym for “guest ok”, this parameter means that everyone can export this share;
  • writable : meaning that all users are able to create files on the share.
  • force user : when logging, users will take the identify of the “samba-public” account.

Before restarting your smbd service, you can use the “testparm” in order to check that your configuration is syntactically correct.

$ testparm

Creating a public Samba share testparm

As you can see, no syntax errors were raised during the configuration verification, so we should be good to go.

Now that your share definition is created, you can restart your smbd service in order for the changes to be applied.

$ sudo systemctl restart smbd

$ sudo systemctl status smbd

Your share should now be accessible : in order to verify it, you can install the “samba-client” package and list the shares exported on your local machine.

$ sudo apt-get install smbclient

$ smbclient -L localhost
Note : you will be asked to provide a password for your workgroup. In most cases, you have no password for your workgroup, you can simply press Enter.

Creating a public Samba share smbclient

Connecting to Samba from Linux

In order to be able to mount CIFS filesystems, you have to install CIFS utilities on your system.

$ sudo apt-get install cifs-utils

Now that CIFS utilities are installed, you will be able to mount your filesystem using the mount command.

$ sudo mount -t cifs //<server_ip>/<share_name> <mountpoint>

Using our previous example, our exported share was named “public” and it was available on the 192.168.178.35 IP address.

Note : you can follow this tutorial if you are not sure how you can find your IP address on Linux.

If we were to mount the filesystem on the “/mnt” mountpoint, this would give

$ sudo mount -t cifs //192.168.178.35/public /mnt -o uid=devconnected

Password for root@//192.168.178.35/public : <no_password>

Now that your drive is mounted, you can access it like any other filesystem and start creating files on it.

Congratulations, you successfully mounted a CIFS drive on Linux!

Connecting to Samba from Windows

If you are using a Windows host, it will be even easier for you to connect to a Samba share.

In the Windows Search menu, look for the “Run” application.

Connecting to Samba from Windows run-app

In the Run windows, connect to the Samba share using the same set of information than the Linux setup.

Be careful : on Windows, you have to use backslashes instead of slashes.

Connecting to Samba from Windows run-app-2

When you are done, simply click on “Ok” in order to navigate your share!

Awesome, you successfully browsed your Samba on Windows!

Securing Samba shares

In the previous sections, we have created a public share.

However, in most cases, you may want to build secure share that are accessible only by a restricted number of users on your network.

By default, Samba authentication is separated from Unix authentication : this statement means that you will have to create separate Samba credentials for your users.

Note : you may choose to have Samba built as an AD/DC but this would be a completely different tutorial.

In order to create a new Samba, you need to use the “smbpasswd” command and specify the name of the user to be created.

$ smbpasswd <user>
Note : the user you are trying to create with Samba needs to have a Unix account already configured on the system.

Now that your user is created, you can edit your Samba configuration file in order to make your share secure.

$ nano /etc/samba/smb.conf

[private]
   path = /private
   available = yes
   browsable = yes
   public = no
   writable = yes
   valid users = <user>

Most of the options were already described in the previous section, except for the “valid users” one which, as its name specifies, authorizes the Samba access to a restricted list of users.

Again, you can test your Samba configuration with the “testparm” command and restart your Samba service if everything is okay.

$ testparm

$ sudo systemctl restart smbd

$ sudo systemctl status smbd

Now that your drive is secured, it is time for you to start accessing it from your remote operating systems.

Connecting to secure Samba using Windows

On Windows, you will have to use the same procedure than the previous step : execute the “Run” application and type the address of your share drive.

Connecting to secure Samba using Windows private

When clicking on “Ok”, you will be presented with a box asking for your credentials : you have to use the credentials you defined in the previous section with smbpasswd.

Connecting to secure Samba using windows-pass-1

If you provided the correct password, you should be redirected to your network drive, congratulations!

Connecting to secure Samba using Linux

In order to connect to a secure Samba share using Linux, you have to use the “mount” command and provide the address of the share as well as the mount point to be used.

$ sudo mount -t cifs //<share_ip>/<share_name> <mount_point> -o username=<user>

Using the example of our “private” share on the 192.168.178.35 IP address, this would result in the following command :

$ sudo mount -t cifs //192.168.178.35/private /mnt -o username=user

Password for user@//192.168.178.35/private: <provide_password>

That’s it!

Your drive should now be correctly mounted.

You can verify that it was correctly mounted with the “findmnt” command that lists mounted filesystems.

$ findmnt /mnt

Connecting to secure Samba using Linux findmnt

Congratulations, you successfully mounted a secure Samba share on your server!

Conclusion

In this tutorial, you learnt how you can easily install and configure a Samba server in order to share your drives.

You also learnt that you can tweak Samba share options in order to make your shares secure, whether you are using Windows or Linux.

Samba is an important tool working on the interoperability of operating systems : if you are interested in the Samba project, you should definitely check their website.

They are also providing a free alternative to Active Directory where Samba can be configured to act as a domain controller.

If you are interested in Linux System Administration, we have a complete section dedicated to it on the website, so make sure to check it out!

Linux Logging Complete Guide

As a Linux system administrator, inspecting log files is one of the most common tasks that you may have to perform.

Linux logs are crucial : they store important information about some errors that may happen on your system.

They might also store information about who’s trying to access your system, what a specific service is doing, or about a system crash that happened earlier.

As a consequence, knowing how to locatemanipulate and parse log files is definitely a skill that you have to master.

In this tutorial, we are going to unveil everything that there is to know about Linux logging.

You will be presented with the way logging is architectured on Linux systems and how different virtual devices and processes interact together to log entries.

We are going to dig deeper into the Syslog protocol and how it transitioned from syslogd (on old systems) to journalctl powered by systemd on recent systems.

Linux Logging Types

When dealing with Linux logging, there are a few basics that you need to understand before typing any commands in the terminal.

On Linux, you have two types of logging mechanisms :

  • Kernel logging: related to errors, warning or information entries that your kernel may write;
  • User logging: linked to the user space, those log entries are related to processes or services that may run on the host machine.

By splitting logging into two categories, we are essentially unveiling that memory itself is divided into two categories on Linux : user space and kernel space.

Linux Logging Types linux-spaces

Kernel Logging

Let’s start first with logging associated with the kernel space also known as the Kernel logging.

On the kernel space, logging is done via the Kernel Ring Buffer.

The kernel ring buffer is a circular buffer that is the first datastructure storing log messages when the system boots up.

When you are starting your Linux machine, if log messages are displayed on the screen, those messages are stored in the kernel ring buffer.

Kernel Logging

Kernel logs during boot process

The Kernel logging is started before user logging (managed by the syslog daemon or by rsyslog on recent distributions).

The kernel ring buffer, pretty much like any other log files on your system can be inspected.

In order to open Kernel-related logs on your system, you have to use the “dmesg” command.

Note : you need to execute this command as root or to have privileged rights in order to inspect the kernel ring buffer.
$ dmesg

Kernel Logging dmesg

As you can see, from the system boot until the time when you executed the command, the kernel keeps track of all the actions, warnings or errors that may happen in the kernel space.

If your system has trouble detecting or mounting a disk, this is probably where you want to inspect the errors.

As you can see, the dmesg command is a pretty nice interface in order to see kernel logs, but how is the dmesg command printing those results back to you?

In order to unveil the different mechanisms used, let’s see which processes and devices take care of Kernel logging.

Kernel Logging internals

As you probably heard it before, on Linux, everything is a file.

If everything is a file, it also means that devices are files.

On Linux, the kernel ring buffer is materialized by a character device file in the /dev directory and it is named kmsg.

$ ls -l /dev/ | grep kmsg

Kernel Logging internals kmsg

If we were to depict the relationship between the kmsg device and the kernel ring buffer, this is how we would represent it.

kernel-logging-internals

As you can see, the kmsg device is an abstraction used in order to read and write to the kernel ring buffer.

You can essentially see it as an entrypoint for user space processes in order to write to the kernel ring buffer.

However, the diagram shown above is incomplete as one special file is used by the kernel in order to dump the kernel log information to a file.

Kernel Logging internals

If we were to summarize it, we would essentially state that the kmsg virtual device acts as an entrypoint for the kernel ring buffer while the output of this process (the log lines) are printed to the /proc/kmsg file.

This file can be parsed by only one single process which is most of the time the logging utility used on the user space. On some distributions, it can be syslogd, but on more recent distributions it is integrated with rsyslog.

The rsyslog utility has a set of embedded modules that will redirect kernel logs to dedicated files on the file system.

Historically, kernel logs were retrieved by the klogd daemon on previous systems but it has been replaced by rsyslog on most distributions.

Kernel Logging internals klogd

klogd utility running on Debian 4.0 Etch

On one hand, you have logging utilities reading from the ring buffer but you also have user space programs writing to the ring buffer : systemd (with the famous systemd-journal) on recent distributions for example.

Now that you know more about Kernel logging, let’s see how logging is done on the user space.

User side logging with Syslog

Logging on the userspace is quite different from logging on the kernel space.

On the user side, logging is based on the Syslog protocol.

Syslog is used as a standard to produce, forward and collect logs produced on a Linux instance.

Syslog defines severity levels as well as facility levels helping users having a greater understanding of logs produced on their computers.

Logs can later on be analyzed and visualized on servers referred as Syslog servers.

User side logging with Syslog-card

In short, the Syslog protocol is a protocol used to define the log messages are formatted, sent and received on Unix systems.

Syslog is known for defining the syslog format that defines the format that needs to be used by applications in order to send logs.

This format is well-known for defining two important terms : facilities and priorities.

Syslog Facilities Explained

In short, a facility level is used to determine the program or part of the system that produced the logs.

On your Linux system, many different utilities and programs are sending logs. In order to determine which process sent the log in the first place, Syslog defines numbers, facility numbers, that are used by programs to send Syslog logs.

There are more than 23 different Syslog facilities that are described in the table below.

Numerical Code Keyword Facility name
0 kern Kernel messages
1 user User-level messages
2 mail Mail system
3 daemon System Daemons
4 auth Security messages
5 syslog Syslogd messages
6 lpr Line printer subsystem
7 news Network news subsystem
8 uucp UUCP subsystem
9 cron Clock daemon
10 authpriv Security messages
11 ftp FTP daemon
12 ntp NTP subsystem
13 security Security log audit
14 console Console log alerts
15 solaris-cron Scheduling logs
16-23 local0 to local7 Locally used facilities

Most of those facilities are reserved to system processes (such as the mail server if you have one or the cron utility). Some of them (from the facility number 16 to 23) can be used by custom Syslog client or user programs to send logs.

Syslog Priorities Explained

Syslog severity levels are used to how severe a log event is and they range from debug, informational messages to emergency levels.

Similarly to Syslog facility levels, severity levels are divided into numerical categories ranging from 0 to 7, 0 being the most critical emergency level.

Again, here is a table for all the priority levels available with Syslog.

Here are the syslog severity levels described in a table:

Value Severity Keyword
0 Emergency emerg
1 Alert alert
2 Critical crit
3 Error err
4 Warning warning
5 Notice notice
6 Informational info
7 Debug debug

Syslog Architecture

Syslog also defines a couple of technical terms that are used in order to build the architecture of logging systems :

  • Originator : also known as a “Syslog client”, an originator is responsible for sending the Syslog formatted message over the network or to the correct application;
  • Relay : a relay is used in order to forward messages over the network. A relay can transform the messages in order to enrich it for example (famous examples include Logstash or fluentd);
  • Collector : also known as “Syslog servers”, collectors are used in order to store, visualize and retrieve logs from multiple applications. The collector can write logs to a wide variety of different outputs : local files, databases or caches.

Syslog Architecture syslog

As you can see, the Syslog protocol follows the client-server architecture we have seen in previous tutorials.

One Syslog client creates messages and sends it to optional local or distant relays that can be further transferred to Syslog servers.

Now that you know how the Syslog protocol is architectured, what about our own Linux system?

Is it following this architecture?

Linux Local Logging Architecture

Logging on a local Linux system follows the exact principles we have described before.

Without further ado, here is the way logging is architectured on a Linux system (on recent distributions)

Linux Local Logging Architecture linux-logging-2

Following the originator-relay-collector architecture described before, in the case of a local Linux system :

  • Originators are client applications that may embed syslog or journald libraries in order to send logs;
  • No relays are implemented by default locally;
  • Collectors are rsyslog and the journald daemon listening on predefined sockets for incoming logs.

So where are logs stored after being received by the collectors?

Linux Log File Location

On your Linux system, logs are stored in the /var/log directory.

Logs in the /var/log directory are split into the Syslog facilities that we saw earlier followed by the log suffix : auth.log, daemon.log, kern.log or dpkg.log.

If you inspected the auth.log file, you would be presented with logs related to authentication and authorization on your Linux system.

Linux Log File Location auth

Similarly, the cron.log file displays information related to the cron service on your system.

However, as you can see from the diagram above, there is a coexistence of two different logging systems on your Linux server : rsyslog and systemd-journal.

Rsyslog and systemd-journal coexistence

Historically, a daemon was responsible for gathering logs from your applications on Linux.

On many old distributions, this task was assigned to a daemon called syslogd but it was replaced in recent distributions by the rsyslog daemon.

When systemd replaced the existing init process on recent distributions, it came with its own way of retrieving and storing logs : systemd-journal.

Now, the two systems are coexisting but their coexistence was thought to be backwards compatible with the ways logs used to be architectured in the past.

The main difference between rsyslog and systemd-journal is that rsyslog will persist logs into the log files available at /var/log while journald will not persist data unless configured to do it.

Journal Log Files Location

As you understood it from the last section, the systemd-journal utility also keeps track of logging activities on your system.

Some applications that are configured as services (an Apache HTTP Server for example) may talk directly to the systemd journal.

The systemd journal stores logs in a centralized way is the /run/log/journal directory.

The log files are stored as binary files by systemd, so you won’t be able to inspect the files using the usual cat or less commands.

Instead, you want to use the “journalctl” command in order to inspect log files created by systemd-journal.

$ journalctl

There are many different options that you can use with journalctl, but most of the time you want to stick with the “-r” and “-u” option.

In order to see the latest journal entries, use “journalctl” with the “-r” option.

$ journalctl -r

Journal Log Files Location journalctl-r

If you want to see logs related to a specific service, use the “-u” option and specify the name of the service.

$ journalctl -u <service>

For example, in order to see logs related to the SSH service, you would run the following command

$ journalctl -u ssh

Now that you have seen how you can read configuration files, let’s see how you can easily configure your logging utilities.

Linux Logging Configuration

As you probably understood from the previous sections, Linux logging is based on two important components : rsyslog and systemd-journal.

Each one of those utilities has its own configuration file and we are going to see in the following chapters how they can be configured.

Systemd journal configuration

The configuration files for the systemd journal are located in the /etc/systemd directory.

$ sudo vi /etc/systemd/journald.conf

The file named “journald.conf” is used in order to configure the journal daemon on recent distributions.

One of the most important options in the journal configuration is the “Storage” parameter.

As specific before, the journal files are not persisted on your system and they will be lost on the next restart.

To make your journal logs persistent, make sure to modify this parameter to “persistent” and to restart your systemd journal daemon.

Systemd journal configuration persistent

To restart the journal daemon, use the “systemctl” command with the “restart” option and specify the name of the service.

$ sudo systemctl restart systemd-journald

As a consequence, journal logs will be stored into the /var/log/journal directory next to the rsyslog log files.

$ ls -l /var/log/journal

Systemd journal configuration var-log-journal

If you are curious about the systemd-journal configuration, make sure to read the documentation provided by FreeDesktop.

Rsyslog configuration

On the other hand, the rsyslog service can be configured via the /etc/rsyslog.conf configuration file.

$ sudo vi /etc/rsyslog.conf

As specified before, rsyslog is essentially a Syslog collector but the main concept that you have to understand is that Rsyslog works with modules.

Rsyslog configuration rsyslog-card

Its modular architecture provides plugins such as native ways to transfer logs to a file, a shell, a database or sockets.

Working with rsyslog, there are two main sections that are worth your attention : modules and rules.

Rsyslog Modules

By default, two modules are enabled on your system : imuxsock (listening on the syslog socket) and imjournal (essentially forwarding journal logs to rsyslog).

Note : the imklog (responsible for gathering Kernel logs) might be also activated.

Rsyslog configuration modules-rsyslog

Rsyslog Rules

The rules section of rsyslog is probably the most important one.

On rsyslog, but you can find the same principles on old distributions with systemd, the rules section defines which log should be stored to your file system depending on their facility and priority.

As an example, let’s take the following rsyslog configuration file.

Rsyslog Rules rules-rsyslog

The first column describes the rules applied : on the left side of the dot, you define the facility and on the right side the severity.

Rsyslog Rules rsyslog-rules

A wildcard symbol “*” means that it is working for all severities.

As a consequence, if you want to tweak your logging configuration in order, say for example that for example you are interested in only specific severities, this is the file you would modify.

Linux Logs Monitoring Utilities

In the previous section, we have seen how you can easily configure your logging utilities, but what utilities can you use in order to read your Linux logs easily?

The easiest way to read and monitor your Linux logs is to use the tail command with the “-f” option for follow.

$ tail -f <file>

For example, in order to read the logs written in the auth.log file, you would run the following command.

$ tail -f /var/log/auth.log

Another great way of reading Linux logs is to use graphical applications if you are running a Linux desktop environment.

The “Logs” application is a graphical application designed in order to list application and system logs that may be stored in various logs files (either in rsyslog or journald).

Linux Logs Monitoring Utilities logs-application

Linux Logging Utilities

Now that you have seen how logging can be configured on a Linux system, let’s see a couple of utilities that you can use in case you want to log messages.

Using logger

The logger utility is probably one of the simpliest log client to use.

Logger is used in order to send log messages to the system log and it can be executed using the following syntax.

$ logger <options> <message>

Let’s say for example that you want to send an emergency message from the auth facility to your rsyslog utility, you would run the following command.

$ logger -p auth.emerg "Somebody tried to connect to the system"

Now if you were to inspect the /var/log/auth.log file, you would be able to find the message you just logged to the rsyslog server.

$ tail -n 10 /var/log/auth.log | grep --color connect>

Linux Logging Utilities var-log-auth

The logger is very useful when used in Bash scripts for example.

But what if you wanted to log files using the systemd-journal?

Using systemd-cat

In order to send messages to the systemd journal, you have to use the “systemd-cat” command and specify the command that you want to run.

$ systemd-cat <command> <arguments>

If you want to send the output of the “ls -l” command to the journal, you would write the following command

$ systemd-cat ls -l

Using systemd-cat journalctl-2

It is also possible to send “plain text” logs to the journal by piping the echo command to the systemd-cat utility.

$ echo "This is a message to journald" | systemd-cat

Using wall

The wall command is not related directly to logging utilities but it can be quite useful for Linux system administration.

The wall command is used in order to send messages to all logged-in users.

$ wall -n <message>

If you were for example to write a message to all logged-in users to notify them about the next server reboot, you would run the following command.

$ wall -n "Server reboot in five minutes, close all important applications"

Using wall wall-message

Conclusion

In this tutorial, you learnt more about Linux logging : how it is architectured and how different logging components (namely rsyslog and journald) interact together.

You learnt more about the Syslog protocol and how collectors can be configured in order to log specific events on your system.

Linux logging is a wide topic and there are many more topics for you to explore on the subject.

Did you know that you can build centralized logging systems in order to monitor logs on multiple machines?

If you are interested about centralized logging, make sure to read our guide!

Also, if you are passionate about Linux system administration, we have a complete section dedicated to it on the website, so make sure to check it out!

How To List Disks on Linux

For the system administrator, checking that disks are working properly is a big concern.

In many cases, you will have to list all the disks available on your computer, with their sizes, in order to make sure that they don’t run out of space.

If they were to run out of space, you could essentially have your server down, preventing all your users from accessing it.

In this tutorial, we are going to see how you can easily list disks available on your Linux machine.

Prerequisites

For some of the commands used in this tutorial, you will need administrator rights in order to have the full output of the command.

In order to check that you have sudo rights, you can execute the “sudo” command with the “-l” option.

$ sudo -l

check-sudo-rights

If you see matching entries, it means that you are a privileged account on this machine.

However, if you are notified that you “can’t run sudo on this computer“, have a read at our dedicated tutorials for Ubuntu or CentOS (RHEL equivalent).

List Disks on Linux using lsblk

The easiest way to list disks on Linux is to use the “lsblk” command with no options. The “type” column will mention the “disk” as well as optional partitions and LVM available on it.

$ lsblk

List Disks on Linux using lsblk-command

Optionally, you can use the “-f” option for “filesystems“. This way, your disks will be listed as well as partitions and filesystems formatted on them.

$ lsblk -f

list-disks-lsblk-command

By executing the “lsblk” command, you are presented with multiple different columns :

  • Name : the name of the device. It is quite important for you to know that Linux devices have a specific prefix depending on the nature of the device. “sd” in this case refers to SCSI devices but it is also short for SATA connections as most drives use SATA nowadays;
  • Filesystem type : if your partition contains a filesystem, it should be listed in this column (xfs, swap or encrypted devices);
  • Label : in some cases, in order to avoid using a UUID, you can choose to have a label for your device;
  • UUID : a universal unique identifier. This identifier should be unique worldwide and uniquely identify your device;
  • Mountpoint : if your filesystem is mounted, you should be able to see the actual mountpoint.

Awesome, you successfully listed your disks on Linux using “lsblk”.

However, in some cases, you are interested in listing your disks with the actual hardware information linked to it.

If I want to remove a disk from my Linux machine, knowing the actual physical port or the vendor can be quite useful.

List Disks Information using lshw

In order to list disk information on Linux, you have to use the “lshw” with the “class” option specifying “disk”. Combining “lshw” with the “grep” command, you can retrieve specific information about a disk on your system.

$ sudo lshw -class disk

$ sudo lshw -class disk | grep <disk_name> -A 5 -B

lshw-command-linux-1

As you can see, by running the “lshw” with no grep filters, you are presented with all the disks available on your computer.

If you want to target a specific disk on your computer, you can “pipe” the command with “grep” in order to only list the disks that you want.

list-disks-using-lshw-1

As you can see, using this command, you have way more information about your disks : the description, the product and its vendor as well as the actual bus info (where it might be plugged on your mother board).

Using this information, you can unplug it and replace it with another one very easily.

Awesome, you know how to list your disk information using “lshw” now.

Alternatives to lsblk : fdisk or hwinfo

The “lsblk” command is not the only command that you can use in order to have a listing of your disks on Linux. There are two other commands : fdisk (that is often used for partitioning) and hwinfo.

First, if you use the “fdisk” command with the “-l” option, you will be presented with all the partitions available on your machine as well as disks.

$ sudo fdisk -l

fdisk-command

As you can see there, you have a very detailed description of your main disk. You can even verify the partitions available on it as well as the bootable flag for example.

However, “fdisk” is not the only way for you to list disks, you can also use the “hwinfo” command with the “–disk” option.

$ sudo hwinfo --disk

hwinfo-command-linux

Using the “hwinfo” command without any options is quite hard to read. Luckily for you, there is an option that you can use in order to restrict the output to the disk list.

In order to achieve that, you have to use the “–short” option.

$ sudo hwinfo --disk --short

hwinfo-disk

As you can see, the output is quite concise but it gives you a clear idea on disks available.

Finally, for advanced system administrators, you can have a look at the “/dev/disk” folder.

$ ls -l /dev/disk/

dev-disk-folder

In this folder, you can check the “by-id” folder if you are looking for disks or the “by-uuid” one if you are looking for partitions.

$ ls -l /dev/disk/by-id

dev-disk-by-id

List Disk Using Graphical Interface

To list disks on Linux using the graphical interface, you have to go to the “Activities” and look for a program called “Disks”.

activities-menu-linux

When in the “Activities” menu, you can type “Disks” and look for an output similar to the one depicted below.

disks-activity-linux

When clicking on “Disks”, you will be presented with the list of disks available on your Linux machine.

disks-window

As you can see, in the “Disks” window, you have the “hard disk” as well as “block devices” which are the LVM devices that you may have created during the distribution installation.

When clicking on a specific disk, you can see its disk size, the serial number as well as the partitions and the contents that may be stored on it.

Great! You now have the list of disks that are plugged on your computer.

Conclusion

In this tutorial, you learnt how you can easily list your disks on Linux using the “lsblk” command.

You have learnt that the same result can be achieved using many different commands : hwinfo, fdisk or lshw.

If you read this tutorial in order to learn how you can see your disk usage on Linux, you should read our tutorial on the subject.

If you are interested in Linux System Administration, we have a complete section dedicated to it, make sure to have a look.

How To Add Route on Linux

As a network engineer, you probably spend a lot of time thinking and planning your network infrastructure.

You plan how computers will be linked, physically using specific cables but also logically using routing tables.

When your network plan is built, you will have to implement every single link that you theorized on paper.

In some cases, if you are using Linux computers, you may have to add some routes in order to link it to other networks in your company.

Adding routes on Linux is extremely simple and costless : you can use the Network Manager daemon (if you are running a recent distribution) or the ifconfig one.

In this tutorial, you will learn how you can easily add new routes on a Linux machine in order to link it to your physical network.

Prerequisites

In order to add routes on your Linux machine, you need to have administrator rights.

In order to verify it, you can run the “sudo” command followed by the “-v” option (in order to update your cached credentials).

$ sudo -v

If you don’t have sudo rights, you can have a look at our dedicated articles on getting administrator rights on Ubuntu or CentOS.

Add route on Linux using ip

The easiest way to add a route on Linux is to use the “ip route add” command followed by the network address to be reached and the gateway to be used for this route.

$ ip route add <network_ip>/<cidr> via <gateway_ip>

# Example
$ ip route add 10.0.3.0/24 via 10.0.3.1

By default, if you don’t specify any network device, your first network card, your local loopback excluded, will be selected.

However, if you want to have a specific device, you can add it to the end of the command.

$ ip route add <network_ip>/<cidr> via <gateway_ip> dev <network_card_name>

As an example, let’s say that you want two LAN networks to be able to communicate with each other.

The network topology has three different Linux machines :

  • One Ubuntu computer that has the 10.0.2.2/24 IP address;
  • Another Ubuntu computer that has the 10.0.3.2/24 IP address;
  • One RHEL 8 computer that will act as a simple router for our two networks.

simple-lan-network

The first computer cannot ping the other computer, they are not in the same subnet : 10.0.2.0 for the first computer network and 10.0.3.0 for the second one network.
ping-unreachable

As the two hosts are not part of the same subnet, the ping command goes to the default gateway.

In order to see the routes already defined on your machine, use the “ip route” command with no arguments. You can also use the “ip r” command as an abbreviation.

$ ip r

ip-routes

This is the routing table of your Linux computer : every computer has one. A router happens to manage many more routes than that but it is essentially using the same routing syntax.

So how does one read that?

In order to understand this output, you have to read from top to bottom :

  • By default, network calls will be forwarded to the local default gateway which is 10.0.2.1
  • UNLESS your call is for the 10.0.2.0/24 network. In this case, it will simply be sent on your local network via your default physical link (physically a CAT network cable)
  • UNLESS your call is for the 169.254.0.0/16 network. In this case, it will also be sent on your local network using your default physical link.
Note : did you know? The 169.254.0.0/16 address is called APIPA (for Automatic IP Address Addressing). It is the default IP used by a system that failed to reach a DHCP server on the network.

In our case, in order to call the 10.0.3.2/24 IP address, the call will be forwarded to our 10.0.2.1 router.

However, is our router able to forward calls addressed to the 10.0.3.0/24 network?

A simple “ip r” command on the router can give us a hint.

ip-route-router

As you can see, the router is only linked to the 10.0.2.0/24 network which is obviously an issue.

In order to add a route on our Linux router, we use the “ip route add” command.

$ sudo ip route add 10.0.3.0/24 via 10.0.3.1

ip-route-add

Now, if you were to ping your second computer on the first computer, you would be able to reach it.

ping-first-computer

Awesome, you have successfully added a route from one Linux computer to another!

Adding permanent route configuration on Ubuntu

On Ubuntu, there are three ways of adding a permanent route to your Linux machine :

  • You can add it to your Network Manager configuration file;
  • You can edit your Netplan YAML configuration file;
  • You can add your route to the “/etc/network/interfaces” file if you are using an old Ubuntu distribution.

Using Network Manager

To add a permanent route to the Network Manager, you have to navigate to the connection file located at “/etc/NetworkManager/system-connections”.

listing-network-manager-connections

Edit your “Wired connection” file and add a “route1” property in the IPv4 part of the network configuration.

route1-property-network

The route has to be defined as : the network IP address followed by the CIDR, next the default gateway and finally the next-hop.

In order for the changes to be applied, you can restart your network connection, and execute the “route -n” command in order to see your route.

$ sudo nmcli connection reload

adding-route-network-manager

Awesome, you have added a permanent route to your Linux server!

Using Netplan

Netplan is an Ubuntu exclusive but it can be quite useful if you want to configure your network using a simple YAML file.

To add a permanent route using Netplan, add the following section to your “/etc/netplan” configuration file.

$ sudo vi /etc/netplan/<configuration_file>.yaml

netplan-configuration

For the changes to be applied, you will have to execute the “netplan” command with the “apply” argument.

$ sudo netplan apply

netplan-permanent-route

Congratulations, you have configured your network using Netplan. If you want to read more about Netplan and its objectives, you can have a look at the dedicated documentation.

Using /etc/network/interfaces

To add a permanent route to a distribution using ifup and ifdown, edit the “/etc/network/interfaces” file and add the following section.

$ sudo vi /etc/network/interfaces

auto eth0
iface eth0 inet static
      address 10.0.2.2
      netmask 255.255.255.0
      up route add -net 10.0.3.0 netmask 255.255.0.0 gw 10.0.2.1

Adding permanent route configuration on RHEL

By adding the route in the previous section, there is a chance that your distribution created a file for the route to be persisted.

However, if it is not the case, you need to add it in order to keep your route when restarting your server.

On RHEL and CentOS distributions, you need to create a file named “route-<device>” in the “/etc/sysconfig/network-scripts” folder.

$ sudo vi /etc/sysconfig/network-scripts/route-enp0s3

persistent-routes-linux

Add route on Linux using nmcli

Another way of adding a route on Linux is to use the “nmcli” utility and add an IPV4 route using the “modify” command.

$ sudo nmcli connection modify <interface_name> +ipv4.routes "<network_ip> <gateway_ip>"
Note : need a complete article about the Network Manager? We have a complete article about configuring your network using Network Manager.

For example, using the infrastructure of the previous section, in order to add a route, we would execute the following command.

$ sudo nmcli connection modify enp0s3 +ipv4.routes "10.0.3.0/24 10.0.3.1"

As changes are not made live, you will need to reload your network connections from disk using the “nmcli reload” command.

$ sudo nmcli connection reload

add-route-linux-nmcli-1

Awesome! Now there is a route between your first and second network.

As a consequence, you will be able to ping your second computer from the first computer.

ping-first-network

Adding a route using the network graphical interface

If you are not into executing commands in the terminal, luckily for you, there is a way to add a route on Linux using a graphical interface.

Whether you are on Ubuntu, Debian or RHEL makes no difference as they all share the same network panel on GNOME.

At the top right corner of your screen, look for a small network icon and click on it.

wired-connection-panel

Click on “Wired Connected” and look for the “Wired Settings” panel under it.

wired-settings-rhel

When the panel opens, look for the “Wired” section and click on the small gear wheel right next to it.

network-gear-wheel

In the “Wired” panel, you will be presented with many different parameters : your current IPv4 address, your current MAC address, an optional IPv6 address and your link speed.

local-network-parameters

In the “IPv4” tab, you will be presented with your current IP configured (most likely two for your computer to act as a Linux router).

Right under it, you will see the “Routes” section. In there, you can specify the input of the previous sections.

add-route-graphical-interface

When you are done, click on the “Apply” blue button at the top right corner of the window.

In order for the changes to be applied, you will need to restart your network. You can achieve that by clicking on the “on/off” toggle in the “Wired” window of the network parameters.

restart-network-linux

Done!

You have successfully added a route on Linux using the graphical interface, your computers should now be able to talk to each other.

Troubleshooting Internet issues on Linux

In some cases, you may want to add a route on your Linux because you want to be able to reach websites outside of your local network, say 8.8.8.8 for example.

As an example, let’s say that you have a local router linked to “Internet” that resides at 192.168.178.1/24.

Inspecting your current routes is an easy way for you to guess why you are not able to reach Internet websites.

The thought process is quite simple :

  • Is the IP that I am trying to reach a part of my subnet or not?
  • If yes, I should be able to reach it without any routes, everything will be handled by the ARP protocol and Ethernet.
  • If not, I need to have a route from my computer to a router that is able to forward requests to Internet.

However, remember that routes are two-lane highways : you need to be able to reach an external IP, but the external IP needs to be able to reach back to you.

As a consequence, routes need to be correctly defined on your local network architecture. As a diagram is more useful that a thousand words, here is a way to understand it.

troubleshoot-internet-issues

Whenever you are troubleshooting Internet issues, you have to think with routes : do I have a route from my computer to the computer that I am trying to reach?

Are the computers or routers between me and the target configured to handle my calls?

Reaching a part of the network is great, but is this part of the network able to answer me back?

In our diagram detailed above, our router may receive an answer from Google, but it has to know what to do with the request. In your local home network, you don’t have to worry about it as most of the requests are forwarded using the NAT protocol (short for Network Address Translation Protocol).

Conclusion

In this tutorial, you learnt how you can easily add a new route on many different Linux distributions.

Right now, as for other topics, some tools co-exist on Linux making the network configuration a bit convoluted sometimes.

However, we listed most of the options that you may encounter. If we forgot about an option, make sure to leave a comment for us to know.

If you are interested in Linux System Administration, make sure to have a look at our dedicated section on the website.

How To Zip Multiple Files on Linux

ZIP is by far one of the most popular archive file format among system administrators.

Used in order to save space on Linux filesystems, it can be used in order to zip multiple files on Linux easily.

In this tutorial, we are going to see how can easily zip multiple files on Linux using the zip command.

Prerequisites

In order to zip multiple files on Linux, you need to have zip installed.

If the zip command is not found on your system, make sure to install it using APT or YUM

$ sudo apt-get install zip

$ sudo yum install zip

Zip Multiple Files on Linux

In order to zip multiple files using the zip command, you can simply append all your filenames.

$ zip archive.zip file1 file2 file3

adding: file1 (stored 0%)
adding: file2 (stored 0%)
adding: file3 (stored 0%)

Alternatively, you can use a wildcard if you are able to group your files by extension.

$ zip archive.zip *.txt

adding: file.txt (stored 0%)
adding: license.txt (stored 0%)

$ zip archive.zip *.iso

adding: debian-10.iso (stored 0%)
adding: centos-8.iso (stored 0%)

Zip Multiple Directories on Linux

Similarly, you can zip multiple directories by simply appending the directory names to your command.

$ zip archive.zip directory1 directory2

adding: directory1/ (stored 0%)
adding: directory2/ (stored 0%)

Conclusion

In this tutorial, you learnt how you can easily zip multiple files on Linux using the zip command.

You also learnt that wildcards can be used and that you can zip multiple directories similarly.

If you are interested in Linux System Administration, we have a complete section dedicated to it on the website, so make sure to have a look.