This post started off in my head as a guide to firewalling your home server, but it gradually evolved, mentally, into a workshop for securing the information on your Linux laptop with GRUB, KeePass and Truecrypt. Click the (awesome Hackers) image below to RSVP your place for this once-off workshop!
…and secure it too.
When Aaron, Matthew and I incepted our Linux classes, we did so with a nebulous aim of offering a course of comprehensive beginner material, with our ultimate, nebulous goal being to offer “more advanced stuff”. Well, here we are. I dove into the basics of manipulating the Bash shell, simple scripting, SSH, and confidently administering a headless system as root. In the midst of my preparations for these classes, I had a theatric lightbulb-over-head moment: How hard would it be, really, to turn a desktop into a basic home server? Set aside performance and security concerns for a moment and just consider accessibility and turnaround time to live access on the Internet.
As it turns out, this takes about one hour. Maybe two if you are installing Linux from scratch. All you need to begin is a method to connect your dynamic home IP to a static domain and then a method to remotely access your home server:
apt-get install openssh-server openssh-client
Sign up for a free DynDNS account and domain (remember to complete checkout!).
apt-get install ddclient
Populate three lines in
- Your DynDNS user name.
- Your DynDNS password.
- Your DynDNS domain.
Now give DynDNS and ddclient about five minutes (on the safe side) to update. Congratulations, you have a live Internet server for your file-access, media streaming, jerking-around-while-at-work, and general geek needs.
Now, we have a server. Locking down its Internet connection? Mmm, ten minutes. It was actually over an hour for me because I was engrossed in crash-learning netfilter/iptables syntax from scratch.
# Clear all existing iptable rules.
# Drop all incoming, outgoing and forwarded packets.
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
# Permit loopback activity (client and server programs on this machine).
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Permit TCP connections to and from this machine on port 22 (SSH).
iptables -A INPUT -p tcp -dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp -sport 22 -j ACCEPT
You’ll eventually need to open up ports for NTP, mail, DNS and others, but really: This is all there is to it. And because I am awesome, I wrote all of this up on Google Docs and made it freely available for download. Any notes suggesting alterations, additions or deletions can be made directly on the document, or by email to me directly.
As part of 091 Labs’ series of workshops for Irish Hackerspace Week, one event for which we received a great deal of positive feedback was our “Introduction to Linux” class, tutored by Matthew Kolder, Barry Coughlan and Aaron Hastings. The class, which we are looking to hold more of in the future, covered the very basics of Linux and Ubuntu (our Operating System of choice) – installation, initial setup, cool applications and benefits of running Linux over Windows and Mac.
By putting an 091 Labs laptop and an Ubuntu disc in front of each attendee, we guaranteed that everyone could get hands-on with the system, while having comfort in the fact they weren’t messing up their own computer.
A summary of the topics covered can be found on our Wiki, at the following link:
If you would be interested in attending a future “Introduction to Linux” event or have any suggestions for Linux or Ubuntu-themed workshops, we’d love to hear from you at email@example.com
Maybe one of the most consistently popular workshops that 091 Labs has been holding to date have been those for Linux beginners. Come in, meet the members, and learn to use Linux while under the supervision of one of our Linux gurus. Although if you wind up with me assisting you, you are expected to stoically endure a certain amount of baleful stares and dark imprecations as I bravely
ls my way through your folders.
The majority of 091 Labs members choose and use Ubuntu Linux for its ease of use and installation, its broad user base – and implied support base, and the depth of its software repositories. In addition to our own personal laptops and workstations, Ubuntu also powers all of the work machines here at the Labs.
091 Labs <3 Ubuntu, in short. In the next few months, we are hopeful of extending our Linux offerings for both Labs members and the public alike. They include:
- A regular series of beginners Linux workshops with a focus on Ubuntu.
- Shell accounts for Labs members to learn remote administration on.
- Advanced Linux courses that will delve into security, advanced command line usage and kernel compilation using enterprise Linux distributions.
- A local repository of current distributions for members.