Using Address Ranges and Port Ranges with Iptables

Iptables is the name of the firewall built into the Linux kernel. It is also the tool used for firewall configuration. This post explains how to use iptables with a range of IP addresses and/or ports. It could be used, for example, to allow SSH traffic from a number of systems. Or to open up a range of ports with a single firewall rule.

Note: This article is not about blacklisting. If you are looking to set up a blacklist, perhaps to protect your server from a number of unrelated IP addresses, my related procedure on how to protect your webserver with IPset might be more appropriate.

The Linux firewall (part of the Netfilter project) is important on Internet facing systems, “edge” servers and “jump” boxes. Particularly when they do not sit behind another protective network element such as a load balancer or discrete firewall. For example, standaline cloud instances that are not part of a protected VPC infrastructure. Continue reading

Set Up Your Own Link Shortening Service with a Raspberry Pi

“Link shortening” happens when a short URL, such as http://bit.ly/2bo3XYY, points to the same web page as a longer link, such as https://en.wikipedia.org/wiki/BBC.  Short links are often used where there are a limited number of characters available, such as an SMS text or a Twitter post.  Short links are also quicker to type and neater than the associated full length links.

Two of the main providers of short links are Bitly and Google (Goo.gl).  For example, I used Bitly to create the short link in the above paragraph.  However, if you have a Raspberry Pi (or any kind of Linux server), you don’t need to use a provider.  You can create your own short links.  This article explains how. Continue reading

Perl: Sort Hash Values by Key with a Hash Slice

In Perl, hash (associative array) sorting is a common and easy practice. Sorting values by key is easy. And so is sorting by value. But how do you sort the values of a hash by key? One answer is to use a hash slice. Continue reading

Using a Domain Name with a Raspberry Pi Web Server

The Raspberry Pi’s low power consumption makes it well suited to the role of always-on web server. This post describes how to use a domain name with your Pi-based web site. Setting up a web site on the Pi is very easy and was explained in an earlier post of mine, just here.

This article explains how to set up a domain name with your web site, so that you can surf to http://your.domain.name instead of http://your.ip.address. It assumes that you have already have an Apache web site running. If not, please read the above post, before coming back here. Continue reading

Predicting a Red Hat/CentOS Point Release Upgrade

Upgrading a Red Hat or CentOS system isn’t difficult. Just type yum update, it’s easy. So easy, in fact, that is quite possible to upgrade a system you didn’t intend to, or to upgrade a system further than was wanted, which is the subject of this post.

Point Upgrades

Yum update, used on a system which has not been updated for months or years, will cause hundreds of packages to be upgraded. It will also result in a point release upgrade. For example, a system running Red Hat/CentOS 6.2 might change to 6.5 after the update, or even to 6.7 or 6.9. Continue reading

Patching for Dirty Cow on Debian, Red Hat, Ubuntu, CentOS

“Dirty Cow” is the common name given to Linux vulnerability CVE-2016-5195. It is a “privilege escalation” that allows a non-root user to gain root access on a system. An attacker must have system access first, as a normal user. Then they use the bug to obtain root rights. It is dangerous and should be patched.

The Linux kernel itself was fixed in October 2016. Since then, Linux vendors have all released patches. Many Internet articles suggest addressing the bug by doing a general system update. While that might be fine for a test machine or Linux desktop, it isn’t ideal for a production server. This article describes how to fix the bug in the least invasive way possible – by updating the kernel only. Continue reading

Simple Nextcloud Installation on Raspberry Pi

This article explains how to install Nextcloud on the Raspberry Pi. It has been tested with the latest version of Nextcloud (20.1 at the time of writing), but should work for future versions too.  It has also been successfully tested on the latest Pi hardware, the Raspberry Pi 4, and on earlier Pi versions, and on the latest OS, Raspbian/Raspberry Pi OS 10 “Buster”.  Article last updated 21/6/2021.

Nextcloud is an open source software package providing remote file sharing services, similar to Dropbox. But with Nextcloud, you retain ownership, security and control of the shared data. Nextcloud works well on a Pi 2, Pi 3 and especially a Pi 4 but will run very slowly on a Pi 1.

Note: This is a manual, step-by-step procedure. If you would rather do the installation automatically, please see my recent article Automatic Nextcloud Installation on Raspberry Pi, which explains how to install Nextcloud with 3 commands. It is the quickest and easiest way to get Nextcloud running. Both procedures achieve the same overall result, however.
Continue reading

ESXi Embedded Host Client

*UPDATED* December 2017. The ESXi embedded host client is a web application served direct from an ESXi server that allows basic management of virtual infrastructure. It is somewhat similar in appearance to Vsphere. Vmware has released it as a “fling“, which can be easily added to an existing ESXi server as follows. NB it is recommended to try this in a lab environment rather than a production machine. Continue reading