Linux Journal

by George Whittaker

In an era where cyber threats are evolving rapidly, securing Linux systems goes far beyond basic user permissions. Traditional security mechanisms like Discretionary Access Control (DAC) offer limited safeguards against privilege escalation, compromised applications, and insider threats. To address these limitations, Security-Enhanced Linux (SELinux) offers a powerful, fine-grained framework for Mandatory Access Control (MAC) — and it's not just for Red Hat-based distributions anymore.

In this article, we'll explore how to integrate SELinux into Debian, one of the most widely used and respected GNU/Linux distributions. We'll break down its architecture, setup procedures, policy management, and troubleshooting techniques. Whether you're running a mission-critical server or seeking to harden your desktop environment, this guide will show you how SELinux can elevate your system security to enterprise-grade standards.

Understanding the Foundations of SELinux What Is SELinux?

SELinux is a kernel security module initially developed by the United States National Security Agency (NSA) in collaboration with the open-source community. It introduces the concept of mandatory access controls by enforcing policy-based rules that strictly define how processes and users can interact with files, directories, sockets, and devices.

Unlike DAC, where file owners control access, MAC policies are imposed by the system administrator and enforced by the kernel, regardless of user ownership or permissions.

Core Components of SELinux

• Subjects: Active entities (usually processes).

• Objects: Passive entities (like files, directories, devices).

• Contexts: Security labels assigned to subjects and objects.

• Types/Domains: Used to define access rules and behavior.

• Policies: Written rulesets that determine access control logic.

Enforcement Modes

• Enforcing: SELinux policies are applied and violations are blocked.

• Permissive: Policies are not enforced, but violations are logged.

• Disabled: SELinux is turned off entirely.

SELinux on Debian: A Reality Check

Debian has traditionally favored AppArmor for its simplicity and ease of integration. However, SELinux support is fully present in Debian’s repositories. As of Debian 12 (Bookworm) and later, integrating SELinux is more streamlined and better documented than ever.

Go to Full Article

by George Whittaker Introduction

In today's fast-paced IT environments, performance, reliability, and scalability are critical factors that determine the effectiveness of a network. Advanced Linux networking techniques such as VLAN trunking, interface bonding, and Quality of Service (QoS) are key tools in the hands of system administrators and network engineers who aim to build robust and efficient systems. Whether you're managing a data center, configuring high-availability clusters, or optimizing bandwidth for critical services, these technologies provide the foundation for high-performance networking on Linux.

This article explores each of these advanced networking capabilities, explaining their benefits, configurations, and practical use cases. By the end, you will have a comprehensive understanding of how to implement VLANs, bonding, and QoS effectively on your Linux systems.

Understanding VLAN Trunking in Linux What is VLAN Trunking?

Virtual LANs (VLANs) allow the segmentation of a physical network into multiple logical networks. VLAN trunking is the process of transporting multiple VLANs over a single network link—typically between switches or between a switch and a server. This allows a single network interface card (NIC) to handle traffic for multiple VLANs, optimizing resource usage and simplifying cabling.

Trunking is crucial in virtualized environments where multiple virtual machines (VMs) or containers need to reside in separate VLANs for security or organizational reasons.

Why Use VLAN Trunking?

• Isolation: Separates traffic for security and compliance.

• Efficiency: Reduces the number of physical interfaces needed.

• Scalability: Makes it easy to add or modify VLANs without physical changes.

Linux Support for VLANs

Linux supports VLANs natively via the kernel module 8021q. The modern toolset uses the ip command from the iproute2 package for configuration. Older systems may use the vconfig utility, though it's now deprecated.

Ensure the module is loaded:

sudo modprobe 8021q

Creating VLAN Interfaces

Use the ip command:

sudo ip link add link eth0 name eth0.10 type vlan id 10 sudo ip addr add 192.168.10.1/24 dev eth0.10 sudo ip link set dev eth0.10 up

Persistent Configuration

On Ubuntu (netplan):

Go to Full Article

by George Whittaker

Bash scripting is often seen as a convenient tool for automating repetitive tasks, managing simple file operations, or orchestrating basic system utilities. But beneath its surface lies a trove of powerful features that allow for complex logic, high-performance workflows, and robust script behavior. In this article, we’ll explore the lesser-known but incredibly powerful techniques that take your Bash scripting from basic automation to professional-grade tooling.

Mastering Arrays for Structured Data Indexed and Associative Arrays

Bash supports both indexed arrays (traditional, numeric indexes) and associative arrays (key-value pairs), which are ideal for structured data manipulation.

# Indexed array fruits=("apple" "banana" "cherry") # Associative array declare -A user_info user_info[name]="Alice" user_info[role]="admin"

Looping Through Arrays

# Indexed for fruit in "${fruits[@]}"; do echo "Fruit: $fruit" done # Associative for key in "${!user_info[@]}"; do echo "$key: ${user_info[$key]}" done

Use Case: Managing dynamic options or storing configuration mappings, such as service port numbers or user roles.

Indirect Expansion and Parameter Indirection

Ever needed to reference a variable whose name is stored in another variable? Bash allows this with indirect expansion using the ${!var} syntax.

user1="Alice" user2="Bob" var="user1" echo "User: ${!var}" # Outputs: Alice

Use Case: When parsing dynamically named variables from a configuration or runtime-generated context.

Process Substitution: Piping Like a Pro

Process substitution enables a command’s output to be treated as a file input for another command.

diff <(ls /etc) <(ls /var)

Instead of creating temporary files, this technique allows on-the-fly data streaming into commands that expect filenames.

Use Case: Comparing outputs of two commands, feeding multiple inputs to grep, diff, or custom processors.

Using Traps for Cleanup and Signal Handling

Traps let you capture signals (like script termination or interruption) and execute custom handlers.

temp_file=$(mktemp) trap "rm -f $temp_file" EXIT # Do something with $temp_file

Common signals:

• EXIT: Always triggered when the script ends

• ERR: Triggered on any command failure (with set -e)

• INT: Triggered by Ctrl+C

Use Case: Cleaning up temporary files, resetting terminal states, or notifying external systems on exit.

Go to Full Article

by George Whittaker

In an age where data breaches and cyber threats are growing both in frequency and sophistication, securing your Linux system is more important than ever. Ubuntu, one of the most popular Linux distributions, comes with a powerful security tool that many users overlook — AppArmor. Designed to provide a robust layer of defense, AppArmor enhances Ubuntu's built-in security model by confining programs with access control profiles.

This article will walk you through the ins and outs of AppArmor, explain why it's a crucial part of a hardened Ubuntu system, and teach you how to leverage it to protect your environment.

Understanding AppArmor: What It Is and Why It Matters

AppArmor (Application Armor) is a Mandatory Access Control (MAC) system that supplements the traditional Discretionary Access Control (DAC) provided by Linux file permissions. While DAC relies on user and group ownership for access control, MAC goes a step further by enforcing rules that even privileged users must obey.

AppArmor operates by loading security profiles for individual applications, specifying exactly what files, capabilities, and system resources they are allowed to access. This approach prevents compromised or misbehaving applications from harming the rest of the system.

AppArmor vs. SELinux

While SELinux (Security-Enhanced Linux) is another MAC system popular on Red Hat-based distributions, AppArmor is often preferred in Ubuntu environments for its ease of use, human-readable syntax, and simple profile management. Where SELinux can be daunting and complex, AppArmor offers a more user-friendly approach to strong security.

Core Concepts of AppArmor

Before diving into how to use AppArmor, it's important to understand its core concepts:

Profiles

A profile is a set of rules that define what an application can and cannot do. These are usually stored in the /etc/apparmor.d/ directory and loaded into the kernel at runtime.

Modes

• Enforce: The profile is actively enforced, and actions outside the defined rules are blocked.

• Complain: The profile logs rule violations but doesn’t enforce them, which is useful for debugging.

Profile Components

Profiles specify permissions for:

• File access (read, write, execute)

• Capabilities (e.g., net_admin, sys_admin)

• Network operations

• Signals and inter-process communications

Go to Full Article

by George Whittaker

Ubuntu has long relied on APT and DEB packages for software management, with Snap becoming increasingly prevalent in recent releases. However, a third contender has risen to prominence in the Linux world: Flatpak. Designed as a universal software packaging and distribution framework, Flatpak offers a fresh, sandboxed approach to application management that works seamlessly across distributions. In this article, we’ll dive into how to manage software with Flatpak on Ubuntu, providing everything you need to get started, optimize your workflow, and compare it with existing solutions.

What is Flatpak?

Flatpak is a modern application packaging system developed by the Free Desktop Project. Its goal is to enable the distribution of desktop applications in a sandboxed environment, ensuring greater security, consistency, and compatibility across Linux distributions.

Key Benefits of Flatpak

• Cross-distribution compatibility: A single Flatpak package works on any Linux distribution with Flatpak support.

• Sandboxing: Applications run in isolation, reducing the risk of affecting or being affected by other software or the host system.

• Bundle dependencies: Flatpak packages include all necessary dependencies, reducing compatibility issues.

• Version control: Developers can ship and maintain multiple versions easily.

Limitations

• Storage overhead: Applications may use more disk space due to bundled runtimes.

• Redundancy: Ubuntu users already have Snap, which can lead to confusion or duplication.

Installing Flatpak on Ubuntu

Although Flatpak isn't pre-installed on Ubuntu, setting it up is straightforward.

Step 1: Install Flatpak

Open a terminal and run:

sudo apt update sudo apt install flatpak

Step 2: Install GNOME Software Plugin (Optional)

To integrate Flatpak apps into the Ubuntu Software GUI:

sudo apt install gnome-software-plugin-flatpak

This step allows Flatpak apps to appear alongside APT and Snap apps in GNOME Software.

Step 3: Reboot or Log Out

Restart your session to apply system changes and enable Flatpak integration fully.

Adding the Flathub Repository

Most Flatpak applications are hosted on Flathub, the central repository for Flatpak packages.

To add Flathub:

Go to Full Article

by Nawaz Abbasi

The Linux boot process is a sequence of events that initializes a Linux system from a powered-off state to a fully operational state. The knowledge of Linux boot process is essential when it comes to technical interviews, but sometimes it becomes difficult to remember or recall the key steps in the process. This article discusses a quick and easy way to remember it - Best Geeks Know It! Yes, you only need to remember that.

Best Geeks Know It -> B – G – K – I -> BIOS – GRUB – KERNEL – INIT

This BGKI acronym provides a high-level overview of the Linux boot process. Each step builds upon the previous one, gradually bringing the system to a fully operational state. Of course, there are more detailed processes within each step, but this simplified version should give you a good foundation for understanding and remembering the Linux boot sequence.

 

Here's a concise expansion of B-G-K-I:

B - BIOS/UEFI

• Performs Power-On Self-Test (POST)
• Checks hardware: CPU, RAM, storage
• Loads MBR (Master Boot Record) or GPT (GUID Partition Table)
• Transfers control to bootloader

G - GRUB

• Located in first 512 bytes of boot drive
• Reads /boot/grub/grub.conf
• Shows menu with kernel options
• Loads selected kernel + initramfs (temporary root filesystem) into RAM
• Passes boot parameters to kernel
• Can handle multiple OS boot options

K - KERNEL

• Decompresses itself into RAM
• Initializes hardware and drivers
• Mounts root filesystem, loads initramfs
• Sets up memory management
• Starts device detection
• Creates kernel threads

I - INIT (systemd in modern systems)

• PID 1 (first process)
• Reads /etc/inittab (traditional) or unit files (systemd)
• Sets default runlevel/target
• Starts essential services in order:
  • System services
  • Network services
  • Display manager
  • User interface (CLI/GUI)
• Reaches default target state

 

Key files to remember

/boot/grub/grub.conf  - GRUB configuration

/etc/systemd/system/  - systemd unit files

/etc/inittab                  - Init configuration (traditional)

Go to Full Article

by George Whittaker Introduction

In a world teeming with Linux distributions — from Ubuntu to Arch, Debian to Fedora — the idea of building your own may seem daunting, if not redundant. Yet, for many technologists, enthusiasts, and developers, creating a custom Linux distribution isn't just an exercise in reinvention; it's an act of empowerment. Whether your goal is to tailor a lightweight OS for embedded devices, create a secure workstation, develop an education-focused system, or simply understand Linux more intimately, building your own distribution is one of the most fulfilling journeys in open-source computing.

This guide walks you through every stage of creating your own Linux distribution — from selecting core components to building, customizing, and distributing your personalized operating system.

Understanding the Basics What is a Linux Distribution?

A Linux distribution (or "distro") is a complete operating system built on the Linux kernel. It includes:

• Kernel – The core interface between hardware and software.

• Init System – Handles booting and service management (e.g., systemd, OpenRC).

• Userland Tools – Basic utilities from projects like GNU Coreutils and BusyBox.

• Package Manager – Tool to install, upgrade, and remove software (e.g., APT, Pacman, DNF).

• Optional GUI – A desktop environment or window manager (e.g., GNOME, XFCE, i3).

Why Create Your Own Distribution?

Reasons vary, but common motivations include:

• Learning – Deepen your understanding of system internals.

• Performance – Remove bloat for a leaner, faster system.

• Branding – Create a branded OS for an organization or product.

• Customization – Tailor software stacks for specific use-cases.

• Embedded Applications – Create firmware or OS images for hardware devices.

Planning Your Custom Linux Distro Define Your Goals

Start by asking:

• Who is the target user?

• What hardware should it support?

• Will it be a desktop, server, or headless system?

• Should it boot live or be installed?

Choose a Foundation

You can either:

• Build from scratch: Using projects like Linux From Scratch (LFS).

Go to Full Article

by George Whittaker

Data loss is a nightmare for any computer user, and Linux users are no exception. Despite the robust architecture of Linux operating systems, disasters can strike in the form of accidental deletions, corrupted partitions, or failing storage devices. Whether you're a system administrator, developer, or everyday Linux user, understanding how to recover data can be the difference between a minor inconvenience and a major setback.

This guide will walk you through the practical strategies and essential tools for recovering lost or corrupted files on Linux.

Understanding Data Loss on Linux Common Causes of Data Loss

Data loss can occur for various reasons:

• Accidental Deletion: Files removed with rm or cleared trash.

• Filesystem Corruption: Caused by improper shutdowns, power failures, or software bugs.

• Partition Issues: Misconfigured or overwritten partition tables.

• Hardware Failures: Hard drive degradation, bad sectors, or failing SSDs.

How Deletion Works on Linux

Linux filesystems like ext4 don’t immediately erase data when a file is deleted. Instead, the filesystem marks the file's space as free. Until that space is overwritten, the data may be recoverable. This behavior is the cornerstone of most recovery techniques.

First Steps After Data Loss

The most critical step is to minimize system activity on the affected drive. Any write operation can potentially overwrite recoverable data.

Disconnect and Mount Read-Only

If the loss happened on a secondary drive, physically disconnect it and mount it read-only on another machine:

sudo mount -o ro /dev/sdX1 /mnt/recovery

Create a Disk Image

Use tools like dd or ddrescue to create a complete image of the drive for analysis:

sudo dd if=/dev/sdX of=/mnt/external/backup.img bs=4M status=progress

Or with ddrescue, which handles read errors more gracefully:

sudo ddrescue /dev/sdX /mnt/external/recovery.img /mnt/external/logfile

Work from the image to preserve the original drive.

Boot from a Live Environment

To avoid using the target system, boot into a Live Linux distribution like:

• SystemRescueCD – tailored for system repair.

• Ubuntu Live CD – user-friendly and widely available.

Go to Full Article

by George Whittaker Introduction

Email remains a cornerstone of modern communication. From business notifications to personal messages, having a robust and reliable mail server is essential. While cloud-based solutions dominate the mainstream, self-hosting a mail server offers control, customization, and learning opportunities that managed services can't match.

In this guide, we will explore how to set up a secure and efficient mail server using Dovecot on an Ubuntu Server. Dovecot is a lightweight and high-performance IMAP and POP3 server that provides secure access to mailboxes. When paired with Postfix, it forms a powerful mail server stack capable of sending and receiving messages seamlessly.

Whether you're a system administrator, a DevOps enthusiast, or simply curious about running your own mail infrastructure, this article provides a deep dive into configuring Dovecot on Ubuntu.

Prerequisites

Before we dive into configuration and deployment, ensure the following requirements are met:

• Ubuntu Server (20.04 or later recommended)

• Root or sudo access

• Static IP address assigned to your server

• Fully Qualified Domain Name (FQDN) pointing to your server

• Proper DNS records:

  • A record pointing your domain to your server IP

  • MX record pointing to your mail server’s FQDN

  • Optional: SPF, DKIM, and DMARC for email authentication

You should also ensure that your system is up-to-date:

sudo apt update && sudo apt upgrade -y

Understanding the Mail Server Stack

A modern mail server is composed of several components:

• Postfix: SMTP server responsible for sending and routing outgoing mail.

• Dovecot: Handles retrieval of mail via IMAP/POP3 and secure authentication.

• SpamAssassin / ClamAV: For filtering spam and malware.

• TLS/SSL: Provides encrypted communication channels.

Here's how they work together:

1. Postfix receives email from external sources.

2. It stores messages into local mailboxes.

3. Dovecot lets users access their mail securely using IMAP or POP3.

4. TLS/SSL encrypts the entire process, ensuring privacy.

Step 1: Installing Postfix and Dovecot Install Postfix

sudo apt install postfix -y

During installation, you will be prompted to choose a configuration. Select:

Go to Full Article

by George Whittaker

Debugging and profiling are critical skills in a developer's toolbox, especially when working with low-level system applications. Whether you're tracking down a segmentation fault in a C program or understanding why a daemon fails silently, mastering tools like GDB (GNU Debugger) and strace can dramatically improve your efficiency and understanding of program behavior.

In this guide, we’ll dive deep into these two powerful tools, exploring how they work, how to use them effectively, and how they complement each other in diagnosing and resolving complex issues.

The Essence of Debugging and Profiling What is Debugging?

Debugging is the systematic process of identifying, isolating, and fixing bugs—errors or unexpected behaviors in your code. It’s an integral part of development that ensures software quality and stability. While high-level languages may offer interactive debuggers, compiled languages like C and C++ often require robust tools like GDB for line-by-line inspection.

What is Profiling?

Profiling, on the other hand, is about performance analysis. It helps you understand where your application spends time, which functions are called frequently, and how system resources are being utilized. While GDB can aid in debugging, strace provides a view of how a program interacts with the operating system, making it ideal for performance tuning and root cause analysis of runtime issues.

Getting Hands-On with GDB What is GDB?

GDB is the standard debugger for GNU systems. It allows you to inspect the internal state of a program while it’s running or after it crashes. With GDB, you can set breakpoints, step through code, inspect variables, view call stacks, and even modify program execution flow.

Preparing Your Program

To make your program debuggable with GDB, compile it with debug symbols using the -g flag:

gcc -g -o myapp myapp.c

This embeds symbol information like function names, variable types, and line numbers, which are essential for meaningful debugging.

Basic GDB Commands

Here are some fundamental commands you'll use frequently:

gdb ./myapp # Start GDB with your program run # Start the program inside GDB break main # Set a breakpoint at the 'main' function break filename:line# Break at specific line next # Step over a function step # Step into a function continue # Resume program execution print varname # Inspect the value of a variable backtrace # Show the current function call stack quit # Exit GDB

Go to Full Article

by George Whittaker

Package management is at the heart of every Linux system. It’s what makes installing, updating, and managing software on Linux-based distributions not just possible but streamlined and elegant. For users of Debian and its popular derivative Ubuntu, two powerful tools often stand at the center of debate: apt-get and aptitude. Though both are capable of managing packages effectively, they have unique characteristics that make them better suited to different use cases.

This article provides a comparison of apt-get and aptitude, helping you understand their roles, differences, and when to use one over the other.

Understanding the Debian Package Management Ecosystem

Before diving into the specifics, it's helpful to understand the ecosystem in which both tools operate.

What is a Package Manager?

A package manager is software that automates the process of installing, upgrading, configuring, and removing software packages from a computer. In Debian-based systems, packages are distributed in .deb format.

The APT System

APT, or Advanced Package Tool, is the foundation of package management in Debian-based systems. It works with core components such as:

• dpkg – the base tool that installs and manages .deb files

• apt-get / apt – command-line front-ends for retrieving and managing packages from repositories

• apt-cache – used for searching and querying package information

• aptitude – a higher-level package manager that interacts with APT and dpkg under the hood

What is apt-get? A Brief History

apt-get has been a trusted part of Debian since the late 1990s. It was designed to provide a consistent command-line interface to the APT system and has been widely used in scripts and system automation.

Core Features

• Handles package installation, upgrade, and removal

• Fetches and resolves dependencies automatically

• Interacts directly with APT repositories

Common Commands

Here are some frequently used apt-get commands:

Go to Full Article