Can you trust the US Government with your data?

Since 2014, the US government has suffered 822 breaches affecting nearly 175 million records. Based on the average cost per breached record (as reported by IBM each year), Comparitech estimate these breaches have cost government entities over $26 billion from 2014 to October 2022.

In 2018 and 2019, the number of government breaches hit an all-time high with 116 and 118 breaches respectively. In 2020, breaches decreased to 107 before increasing again to 116 in 2021. So far this year, there have been 61 data breaches affecting 2.9 million people.

The amount of records affected during these data breaches has reduced significantly in the last few years. 2018 saw a colossal 83 million breached records. They mainly stemmed from one breach on the US Postal Service, affecting 60 million records. In 2019, this figure dropped to 1.4 million before hovering around the 3 million mark for the next three years.

Over the last four years, the average number of records involved per government data breach has increased. From 17,400 in 2019 to 42,097 in 2020 and 40,440 in 2021, the average number of records affected per breach in 2022 currently stands at 71,534. While the frequency of attacks may have declined, the impact of individual attacks has increased. The true extent of breaches often isn’t felt for months, if not years, so the average number of records affected per breach for this year could increase even further yet

Key findings include: 

From 2014 to October 2022:

  • 822 government entities suffered data breaches
  • 174,963,934 records were affected because of these breaches
  • The cost of these affected records was $26 billion
  • 2019 was the biggest year for breaches with 118 in total, followed closely by 2018 and 2021–both with 116
  • 2018 had the highest number of records affected– 83,293,815 in total
  • California had the most breaches overall (108) and the District of Columbia had the highest number of records affected overall (91.2 million). DC’s vast number of affected records stems from many government offices being based here
  • The most common type of breach was hacking with 256 breaches. Those involving inadvertent disclosure were the second-largest breach type with 192 breaches
  • Cities/towns were the most-affected government entity type from 2019 to Oct 2022 with 124 breached, while counties were breached 56 times during the same time period

From the start of 2014 to October 2022, data breaches have approximately cost US government organisations over $26 billion.

While this figure sounds relatively high for these 822 data breaches, the true costs are likely much higher. This is not just because of all of the other costs involved in a data breach (e.g. recovery costs and ransom payments) but because some figures are unavailable for the number of records involved in these breaches.

The post Can you trust the US Government with your data? appeared first on IT Security Guru.

How to Find Open Ports and Close Them in Linux

How to Find Open Ports and Close Them in Linux

So you are dealing with a critical server where you have to maintain security at any cost. And closing ports to block unwanted traffic is the first step you’d take.

sudo ufw deny 80
sudo ufw enable

So this guide will explain how you can find and close open ports in your server.

Find open ports in Linux

In this tutorial, I am going to use the ss command to find open ports.

You can use the -l option with the ss command to get listening ports. But to be more specific, I’m going with -lt to get listening TCP ports:

ss -tl
How to Find Open Ports and Close Them in Linux

Similarly, if you want to have a list of both TCP and UDP in the listening state, you can use the given command:

ss -tul
How to Find Open Ports and Close Them in Linux

And to get the listening port of each service, you can use -n and for more fine-tuned results, you can always use the grep command:

ss -tuln | grep LISTEN
How to Find Open Ports and Close Them in Linux

Enough of finding open ports, let’s jump to how you can close them.

Close open ports in Linux

To close the port, first, you will need to stop the service and to find the service name, you can use the same ss command with -p option:

sudo ss -tulnp | grep LISTEN
How to Find Open Ports and Close Them in Linux

As you can see, the NGINX is utilizing port number 80. So let’s stop it using the given command:

sudo systemctl stop nginx

As it will enable itself on every boot and you can alter this behavior using the given command:

sudo systemctl disable nginx

For better results, I would recommend changing firewall rules.

Here, I’m going to block port no 80 (used by NGINX) in UFW (which is pre-installed in Ubuntu).

First, let’s check the status of UFW:

sudo ufw status
How to Find Open Ports and Close Them in Linux

And if it shows inactive, you can use the given command to enable it:

sudo ufw enable

Now, you just have to pair the deny option with the port number:

sudo ufw deny 80
How to Find Open Ports and Close Them in Linux

And here’s the end result:

How to Find Open Ports and Close Them in Linux

No sign of NGINX!

Wrapping Up

This was my take on how you can find and close open ports in Linux. I hope you will find this helpful.

And if you have any queries, let me know in the comments.

This Extension Tells Your App Startup Time in Ubuntu 22.04 | 20.04

Want to measure your application launch time in Linux? There’s an extension can do the job for GNOME desktop.

Meaning Ubuntu, Fedora workstation, and other Linux with GNOME desktop can easily tell how much time it takes for launching an application, which is useful for benchmark and/or software developing purpose.

With the extension enabled, every time you launching an application, an on-screen display pops up shows the loading time in millisecond. Not only for native .deb/.rpm, but also for Snap and Flatpak applications.

How to Install the App Start Time Measure extension

For Ubuntu 22.04, first search for and install “Extension Manager” from Ubuntu Software.

Install Extension Manager in Ubuntu 22.04+

Then launch “Extension Manager” and use it to search & install ‘application start time measure’:

For Ubuntu 20.04, first press Ctrl+Alt+T on keyboard to open terminal. When it opens, run command to install the agent package:

sudo apt install chrome-gnome-shell

Then, go to extension page in the link below and use ON/OFF switch to install it:

Install the browser extension if prompted via link in that page and refresh if you don’t see the ON/OFF switch.

After installing the extension, it should be enable automatically (verify via ‘Gnome Extensions’ or ‘Extension Manager’). You can then launch something and see the magic!

The Best Strategies To Keep Your Business Safe Online

Usually, any profit-making business is constantly exposed to several risks that can cause massive losses or total collapse of the organization. To protect themselves, it is paramount that businesses can identify the risk that can wipe out the organization’s income.

Some of the risks that pose a serious threat to the continuity of a business are a risk to the business premises caused by fires, technological risks, strategic risks, and prohibited substance use.

 

Typical Security And Safety Risks For A Business

There is a wide selection of prospective risks that may hinder business operations. Some of these risks have the potential to ruin the enterprise completely, and others may cause massive losses to the business. Examples of the most frequent safety and security risks in an organization are:

Physical Business Risks: The most obvious physical threats to a business include the perils that may befall the building, such as fires or explosions. You can lower the risk of loss of lives and assets by ensuring that the building has effective smoke detectors, fire alarms, and functional sprinkler systems. It is also important that all staffs and management know that their safety is a top priority as the location of the exit points of the building.

Risks Caused By Human Actions: A frequent business risk is employees’ use of drugs and alcohol during working hours. Members of staff or the management staff struggling with alcohol and/or drug abuse need to be encouraged to go for treatment. In addition, if possible, the business insurance policies can meet the total or partial treatment for the employee.

Theft, fraud, and embezzlement are other frequent risks caused by human actions: To prevent such risks, the company must conduct background research before hiring a new employee.

Technological Risks: Most technological risk is caused by power outages. For example, a power surge in a lightning storm may cause a total loss of important business information. To safeguard a business from data loss, the business proprietor should invest in an online data backup system to preserve crucial information.

Many business analysts insist on maintaining business performance, getting better leads, and improving customer service, which benefits the business. However, it is also quite important to invest enough in business security systems – this, too, is a fundamental part of the discussion. We must analyze how well we safeguard our businesses from theft, hackers, and other malicious activity. Unfortunately, this is an area that is still unaddressed.

For example, a recent survey showed that 78% of people said they knew of the potential risks of opening unknown links in their emails but still went ahead and clicked them nonetheless. This is where XDR can help to protect your business. Certainly, a need must be met to protect and improve our businesses’ security systems.

 

Everyone Must Play Their Role In Securing The Business

Creating the right working culture around your business’ security processes can protect your business from malicious and fraudulent activities. Precisely, it is best if the security clearance happens in all hierarchical levels of the business. In addition, ensure your staff members are knowledgeable about the frequent security threats affecting the business and how they can be nullified.

Most security breaches happen because the employees have become complacent, hence vulnerable to an attack. For this reason, encourage employees to participate in regular meetings and workshops that seek to help the employees remain cautious of potential security threats. Other than laying out the perfect strategy and technology, all employees must play an active role in keeping the business secure.

 

Invest In Quality Security Systems And Work With Experts Only

Businesses and company proprietors often make the mistake of handling all the security procedures by themselves. However, purchasing security systems or collaborating with experts is better to help you develop solid security solutions. Allowing a security expert to handle the security needs of your business gives you extra time to focus on running everyday business operations.

In addition, only buy robust and the latest security software and install them on all computers, whether at home or the workplace. After installing the software, you can relax and allow it to protect your business comprehensively. Avoid skimping through security solutions to ensure your business is always safe.

For example, finding a number of free, decent antivirus and other security programs is easy. Still, they may need to be stronger to safeguard your organization from security risks. Ensure you conduct sufficient research before you buy any security solution for your business – sometimes, a lowly-priced product may not necessarily be the best alternative.

 

Plan Broadly

We might live during the internet age, but it is no indication that all solutions should be limited to internet security. Many security levels are needed for a business organization to thrive.

For instance, a successful business will require a combination of strong security software programs and dependable physical security systems for the entire business. This is because many risks found online are also present in traditional business processes and networks. For this reason, ensure the business premises are always safe.

It is best to cultivate a culture of securing the business at the hiring stage of the employees. This means that, when looking for the right employees, ensure you recruit trustworthy employees only.

 

Develop The Supporting Workplace Policies

Policy formulation on security systems and procedures lies at the heart of maintaining a safe and secure workplace environment. It is a bad idea to leave security concerns to be handled by an individual. Instead, the most secure systems are implemented extensively using specific policies, profiles and guidelines.

Having all employees tied to the same policies ensure the entire business can forge a unified response to security threats. Many times, security at the workplace is a rather worrying subject. Everybody is worried that something might not go according to plan or that the business might need not be fully prepared to deal with the threat. However, we such tips, the organization can safeguard itself to thrive.

 

The post The Best Strategies To Keep Your Business Safe Online appeared first on IT Security Guru.

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

A recent scoop by Reuters revealed that mobile apps for the U.S. Army and the Centers for Disease Control and Prevention (CDC) were integrating software that sends visitor data to a Russian company called Pushwoosh, which claims to be based in the United States. But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan, malware designed to surreptitiously intercept and forward text messages from Android mobile devices.

Pushwoosh says it is a U.S. based company that provides code for software developers to profile smartphone app users based on their online activity, allowing them to send tailor-made notifications. But a recent investigation by Reuters raised questions about the company’s real location and truthfulness.

The Army told Reuters it removed an app containing Pushwoosh in March, citing “security concerns.” The Army app was used by soldiers at one of the nation’s main combat training bases.

Reuters said the CDC likewise recently removed Pushwoosh code from its app over security concerns, after reporters informed the agency Pushwoosh was not based in the Washington D.C. area — as the company had represented — but was instead operated from Novosibirsk, Russia.

Pushwoosh’s software also was found in apps for “a wide array of international companies, influential nonprofits and government agencies from global consumer goods company Unilever and the Union of European Football Associations (UEFA) to the politically powerful U.S. gun lobby, the National Rifle Association (NRA), and Britain’s Labour Party.”

The company’s founder Max Konev told Reuters Pushwoosh “has no connection with the Russian government of any kind” and that it stores its data in the United States and Germany.

But Reuters found that while Pushwoosh’s social media and U.S. regulatory filings present it as a U.S. company based variously in California, Maryland and Washington, D.C., the company’s employees are located in Novosibirsk, Russia.

Reuters also learned that the company’s address in California does not exist, and that two LinkedIn accounts for Pushwoosh employees in Washington, D.C. were fake.

“Pushwoosh never mentioned it was Russian-based in eight annual filings in the U.S. state of Delaware, where it is registered, an omission which could violate state law,” Reuters reported.

Pushwoosh admitted the LinkedIn profiles were fake, but said they were created by a marketing firm to drum up business for the company — not misrepresent its location.

Pushwoosh told Reuters it used addresses in the Washington, D.C. area to “receive business correspondence” during the coronavirus pandemic. A review of the Pushwoosh founder’s online presence via Constella Intelligence shows his Pushwoosh email address was tied to a phone number in Washington, D.C. that was also connected to email addresses and account profiles for over a dozen other Pushwoosh employees.

Pushwoosh was incorporated in Novosibirsk, Russia in 2016.

THE PINCER TROJAN CONNECTION

The dust-up over Pushwoosh came in part from data gathered by Zach Edwards, a security researcher who until recently worked for the Internet Safety Labs, a nonprofit organization that funds research into online threats.

Edwards said Pushwoosh began as Arello-Mobile, and for several years the two co-branded — appearing side by side at various technology expos. Around 2016, he said, the two companies both started using the Pushwoosh name.

A search on Pushwoosh’s code base shows that one of the company’s longtime developers is a 41-year-old from Novosibirsk named Yuri Shmakov. In 2013, KrebsOnSecurity interviewed Shmakov for the story, “Who Wrote the Pincer Android Trojan?” wherein Shmakov acknowledged writing the malware as a freelance project.

Shmakov told me that, based on the client’s specifications, he suspected it might ultimately be put to nefarious uses. Even so, he completed the job and signed his work by including his nickname in the app’s code.

“I was working on this app for some months, and I was hoping that it would be really helpful,” Shmakov wrote. “[The] idea of this app is that you can set it up as a spam filter…block some calls and SMS remotely, from a Web service. I hoped that this will be [some kind of] blacklist, with logging about blocked [messages/calls]. But of course, I understood that client [did] not really want this.”

Shmakov did not respond to requests for comment. His LinkedIn profile says he stopped working for Arello Mobile in 2016, and that he currently is employed full-time as the Android team leader at an online betting company.

In a blog post responding to the Reuters story, Pushwoosh said it is a privately held company incorporated under the state laws of Delaware, USA, and that Pushwoosh Inc. was never owned by any company registered in the Russian Federation.

“Pushwoosh Inc. used to outsource development parts of the product to the Russian company in Novosibirsk, mentioned in the article,” the company said. “However, in February 2022, Pushwoosh Inc. terminated the contract.”

However, Edwards noted that dozens of developer subdomains on Pushwoosh’s main domain still point to JSC Avantel, an Internet provider based in Novosibirsk, Russia.

WAR GAMES

Pushwoosh employees posing at a company laser tag event.

Edwards said the U.S. Army’s app had a custom Pushwoosh configuration that did not appear on any other customer implementation.

“It had an extremely custom setup that existed nowhere else,” Edwards said. “Originally, it was an in-app Web browser, where it integrated a Pushwoosh javascript so that any time a user clicked on links, data went out to Pushwoosh and they could push back whatever they wanted through the in-app browser.”

An Army Times article published the day after the Reuters story ran said at least 1,000 people downloaded the app, which “delivered updates for troops at the National Training Center on Fort Irwin, Calif., a critical waypoint for deploying units to test their battlefield prowess before heading overseas.”

In April 2022, roughly 4,500 Army personnel converged on the National Training Center for a war games exercise on how to use lessons learned from Russia’s war against Ukraine to prepare for future fights against a major adversary such as Russia or China.

Edwards said despite Pushwoosh’s many prevarications, the company’s software doesn’t appear to have done anything untoward to its customers or users.

“Nothing they did has been seen to be malicious,” he said. “Other than completely lying about where they are, where their data is being hosted, and where they have infrastructure.”

GOV 311

Edwards also found Pushwoosh’s technology embedded in nearly two dozen mobile apps that were sold to cities and towns across Illinois as a way to help citizens access general information about their local communities and officials.

The Illinois apps that bundled Pushwoosh’s technology were produced by a company called Government 311, which is owned by Bill McCarty, the current director of the Springfield Office of Budget and Management. A 2014 story in The State Journal-Register said Gov 311’s pricing was based on population, and that the app would cost around $2,500 per year for a city with approximately 25,000 people.

McCarty told KrebsOnSecurity that his company stopped using Pushwoosh “years ago,” and that it now relies on its own technology to provide push notifications through its 311 apps.

But Edwards found some of the 311 apps still try to phone home to Pushwoosh, such as the 311 app for Riverton, Ill.

“Riverton ceased being a client several years ago, which [is] probably why their app was never updated to change out Pushwoosh,” McCarty explained. “We are in the process of updating all client apps and a website refresh. As part of that, old unused apps like Riverton 311 will be deleted.”

FOREIGN ADTECH THREAT?

Edwards said it’s far from clear how many other state and local government apps and Web sites rely on technology that sends user data to U.S. adversaries overseas. In July, Congress introduced an amended version of the Intelligence Authorization Act for 2023, which included a new section focusing on data drawn from online ad auctions that could be used to geolocate individuals or gain other information about them.

Business Insider reports that if this section makes it into the final version — which the Senate also has to pass — the Office for the Director of National Intelligence (ODNI) will have 60 days after the Act becomes law to produce a risk assessment. The assessment will look into “the counterintelligence risks of, and the exposure of intelligence community personnel to, tracking by foreign adversaries through advertising technology data,” the Act states.

Edwards says he’s hoping those changes pass, because what he found with Pushwoosh is likely just a drop in a bucket.

“I’m hoping that Congress acts on that,” he said. “If they were to put a requirement that there’s an annual audit of risks from foreign ad tech, that would at least force people to identify and document those connections.”

qBittorrent 4.5.0 is out! How to Install in Ubuntu 22.04 | 22.10

qBittorrent got a new major release this weekend. Here’s the new features and how to install guide for Ubuntu 22.04 & Ubuntu 22.10.

qBittorrent 4.5.0 features new icon theme, new color theme, better startup time, and export torrent support. And, it now uses libtorrent 2.0.x in the default binary packages.

Other changes include:

  • Add ‘View’ menu option to show/hide filter sidebar.
  • Add Auto resize columns functionality
  • Allow to use Category paths in Manual mode
  • Allow to disable Automatic mode when default “temp” path changed
  • Add right click menu for status filters
  • Allow setting the number of maximum active checking torrents
  • Allow to set working set limit on non-Windows OS
  • Allow to use POSIX-compliant disk IO type
  • Add Filter files field in new torrent dialog
  • Add file name filter/blacklist
  • Add support for custom SMTP ports
  • Add ability to run external program on torrent added
  • Add infohash and download path columns
  • Allow to set torrent stop condition
  • Add a Moving status filter
  • Add a Use proxy for hostname lookup option
  • Introduce a change listen port cmd option
  • Implement Peer ID Client column for Peers tab
  • Add port forwarding option for embedded tracker

As well, there are various bug-fixes in the release. See more in the news page.

How to install qBittorrent 4.5.0 in Ubuntu 22.04 | 22.10

The software has an official Ubuntu PPA which however updates the latest package so far only for Ubuntu 22.04, Ubuntu 22.10, Linux Mint 21 and their based systems.

1. First, press Ctrl+Alt+T on keyboard to open a terminal window. When it opens, run command to add the PPA:

sudo add-apt-repository ppa:qbittorrent-team/qbittorrent-stable

Type user password when it asks (no asterisk feedback) and hit Enter to continue.

2. Then, either run software updater (Update Manager) to update the bittorrent client if an old version was installed.

Or install it using command:

sudo apt install qbittorrent

For Linux Mint, either use Software Manager after refreshing package cache, or run sudo apt update before running the command above.

Uninstall/Restore:

Option 1: If you want to downgrade qBittorrent package to stock version in system repository, install ppa-purge tool and purge the PPA by running command in terminal:

sudo apt install ppa-purge && sudo ppa-purge ppa:qbittorrent-team/qbittorrent-stable

Option 2: Or, remove the client package either via Ubuntu Software or by running command:

sudo apt remove --autoremove qbittorrent

And, remove the PPA either via ‘Software & Updates‘ utility under ‘Other Software’ tab or by running command:

sudo add-apt-repository --remove ppa:qbittorrent-team/qbittorrent-stable

How to Hide App Shortcut Icon in Ubuntu 22.04 | 20.04 & Other Linux

Got an application, but you want to make it in-visible from start menu, app grid, app launcher search result, and dock launcher?

It’s easy to do the trick by adding rule NoDisplay=true or Hidden=true into the ‘.desktop’ file for that application. And, here’s how to do it step by step.

Hide Shortcut Icon for native Deb/RPM & Snap apps

For applications installed as the native .deb (or .rpm for RPM based systems), and Snap packages, the ‘.desktop’ files are usually stored in /usr/share/applications directory.

1. First, open terminal either from start menu or by pressing Ctrl+Alt+T on keyboard in Ubuntu. When it opens, run command to navigate to that folder:

cd /usr/share/applications/

2. Then, find out the .desktop file by either listing all of them via ls command. Or, filter via:

ls | grep 'keyword_here'

3. Once you find out the .desktop file for your applications, edit it via command:

sudo gedit your_application.desktop

Replace gedit with your system text editor, or use nano command line editor that works in most Linux.

4. Finally, add (or change value if the key already exist) the line below:

NoDisplay=true

Finally, save the file. For nano text editor, press Ctrl+X, type y and hit Enter.

In next time you logging into the system, the app shortcut will no longer exist in start menu, app grid, the left/bottom dock, and ‘Activities’ overview search result.

Hide Shortcut Icon for Flatpak Apps

For the universal Flatpak applications, the ‘.desktop’ files are located in ‘/var/lib/flatpak/exports/share/applications/‘ directory.

1. So, first open terminal and run command to navigate to that folder:

cd /var/lib/flatpak/exports/share/applications/

2. Use ls or ls |grep 'keyword' to find out the file.

3. Finally, edit it either via Gedit or other text editor:

sudo gedit your_application.desktop

Add the NoDisplay=true line and save the file. Also, log out and back in to see result.

Copy & paste the .desktop file into local folder

The previous change may be overridden after updating the software package. As a workaround, you may copy & paste the .desktop file into local folder and then do the change. Your system will always take use of the local one.

For native package and Snap, open terminal and run command to copy the file:

sudo cp /usr/share/applications/your_app.desktop ~/.local/share/applications/

Then, navigate to local directory, change the ownership, and finally edit the file:

cd ~/.local/share/applications/ && sudo chown $USER:$USER your_app.desktop && gedit your_app.desktop

For Flatpak applications, the local folder is “~/.local/share/flatpak/exports/share/applications/“. So, do the commands below instead:

sudo cp /var/lib/flatpak/exports/share/applications/your_app.desktop ~/.local/share/flatpak/exports/share/applications/
cd ~/.local/share/flatpak/exports/share/applications/ && sudo chown $USER:$USER your_app.desktop && gedit your_app.desktop

Installing LAMP Server on Localhost on Ubuntu

Installing LAMP Server on Localhost on Ubuntu

When you start learning Linux sysadmin, one of the common tasks you’ll come across is installing the LAMP server.

LAMP is a tech stack that refers to the collection of the following software required to run a web application: Linux, Apache, MySQL, and PHP.

While these days, you can deploy servers preconfigured with a web service or run services in containers, installing the LAMP stack is classic.

It may seem complicated at the beginning but it gives you a good way to test and practice your Linux knowledge.

The best thing is that you don’t need a cloud server for that. You can install LAMP on your own computer to create a local development environment.

In this guide, you’ll get a LAMP stack up and running on an Ubuntu 22.04 machine. At the end of this process, you will have a web server running with a MySQL database backend and the PHP programming language to write dynamic content.

Setting up LAMP stack on Ubuntu

🚧
You need to have an Ubuntu system with root or sudo access.

Which also means that you have taken care of L in LAMP. Let’s move to the A (Apache)

Step 1: Installing Apache

Apache is a popular open-source web server. It is known for its stability, rich feature set, and flexibility.

To install Apache, update your local package index and then install the apache2 package using apt:

sudo apt update

sudo apt install apache2 -y
Installing LAMP Server on Localhost on Ubuntu

After the installation completes, the Apache service should start automatically. You can check whether the service is running by running the below command.

sudo systemctl status apache2.service

The output will look something like this.

Installing LAMP Server on Localhost on Ubuntu

You can also check the status of the service by visiting localhost in your web browser. If Apache is running, you will see the default Ubuntu Apache web page as shown.

Installing LAMP Server on Localhost on Ubuntu

Great! L and A are done. Let’s move to M in LAMP.

Step 2: Installing MySQL

MySQL, a database management system, is a necessary component of a LAMP stack because it is used by PHP to store information persistently.

Installing MySQL on Ubuntu is pretty straightforward.

sudo apt install mysql-server -y
Installing LAMP Server on Localhost on Ubuntu

To start and enable the MySQL service, run the following commands.

sudo systemctl start mysql

sudo systemctl enable mysql

Verify that the MySQL service is running by checking its status.

sudo systemctl status mysql

You will see output similar to this:

Installing LAMP Server on Localhost on Ubuntu

Hardening MySQL (optional if you are testing)

The default configuration of MySQL leaves your installation insecure. To secure it, you need to run a pre-installed security script that comes with MySQL. It changes some of the less secure default options for things like remote root logins and sample user databases.

Now you may not need to do this if you are just testing LAMP stack deployment on local server. But if you are going to use it in real-world scenarios, you should harden the MySQL install.

Run the mysql_secure_installation command to improve the security of your MySQL installation:

sudo mysql_secure_installation

You will be presented with a series of questions.

The first question asks if you want to enable the VALIDATE PASSWORD PLUGIN. This plugin tests passwords for strength and allows you to set only strong passwords for MySQL users.

Installing LAMP Server on Localhost on Ubuntu

Next, you will be asked to select a level of password validation policy.

There are three levels of password validation policy: low, medium, and strong. Type the number that corresponds to the password policy you want to implement and press Enter.

Installing LAMP Server on Localhost on Ubuntu

You will be asked to provide a strong password for the MySQL user. A strong password should be at least eight characters long and contain a mix of uppercase letters, lowercase letters, numbers, and special characters.

Type the new strong password for the MySQL user and press Enter. Next, retype the password to confirm it and press Enter again.

Installing LAMP Server on Localhost on Ubuntu

For the rest of the questions, you just press Y and hit Enter. This will remove the anonymous user accounts, disable root logins outside of localhost, remove the test databases, and reload the privilege tables.

Installing LAMP Server on Localhost on Ubuntu

You have now completed the basic MySQL installation and configuration. You can now move on to installing PHP.

Step 3: Installing PHP

PHP is a server-side scripting language that is used to process dynamic content requests. It can be embedded into HTML code or used as a standalone programming language. This is the last component of the LAMP stack.

To install PHP and the necessary modules, run the following command.

sudo apt install php libapache2-mod-php php-mysql -y
Installing LAMP Server on Localhost on Ubuntu

The php-mysql module allows PHP to communicate with MySQL databases. The libapache2-mod-php module lets Apache process PHP code.

Once the installation completes, you can check the version of PHP that was installed by typing:

php --version

Step 4: Test your LAMP stack by creating a PHP file

Now you have all of the components of the LAMP stack installed on your Ubuntu system.

But is it working? Let’s create a PHP file and test it out.

PHP files usually have the extension .php. Create a file called info.php in the /var/www/html directory. This is the default Apache document root directory.

Open the file in Nano or any other terminal based text editor.

sudo nano /var/www/html/info.php

Add the following line of code to the file and save it. This line will output the text “PHP is working” if the file is accessed through a web browser.

<?php echo "PHP is working"; ?>

Restart the Apache web server to make sure the changes take effect.

sudo systemctl restart apache2

Now, visit your localhost address in a web browser, and you will see the text “PHP is working,” as shown below.

Installing LAMP Server on Localhost on Ubuntu

You have now successfully set up a LAMP stack on your Ubuntu machine.

Conclusion

Apache is not the only web server. Lately, OpenLiteSpeed has also gotten quite popular. If you want to try it, you can replace the LAMP stack with LOMP stack.

The LOMP stack installation on Ubuntu is similar to this tutorial. In case you feel experimental, you can test your hands on it.

With this basic LAMP installation complete, you can now install a content management system like WordPress or Drupal, or even start coding your own PHP application.

traceroute Command Examples in Linux

traceroute Command Examples in Linux

The traceroute is similar to the ping command but offers more detailed output. It traces the route from the origin to the target system.

If you didn’t know, when you connect to a remote system, the data travels through several intermediate nodes (your router, your ISP’s router, etc.).

traceroute Command Examples in Linux

Traceroute is used by system admins and networking professionals to troubleshoot the network.

Install traceroute in Linux

The traceroute utility does not come pre-installed in most modern Linux distros.

If you are on an Ubuntu-based distro, the given command should get your job done:

sudo apt install traceroute

Similarly, if you are on Fedora, you can benefit from the given command:

sudo yum install traceroute

Now, let’s jump to the examples part.

Use the traceroute command in Linux

Let me start with the most basic one, where I will append the hostname to the traceroute command and it will show me the list of routers (with IP) it took to reach the destination:

traceroute google.com
traceroute Command Examples in Linux

It took 7 routers to reach the destination and by default, it sent 3 packages to each one and returned the time it took to respond.

There are more ways of using the tarecroute command in Linux. Let’s see the examples.

1. Configure wait time

The default wait time in traceroute is 3 seconds meaning it will wait for 5 seconds before jumping to the next one.

And if you want to change the defaults, you can append the number of seconds with the -w option:

For example, I changed the wait time to 1 second for google.com:

traceroute -w 1 google.com
traceroute Command Examples in Linux

2. Change the number of packages sent/received

By default, traceroute sends 3 packages for a hop and if you want to change this behavior, you will have to use -q option.

For reference, I will send 4 packets per hop over the google domain:

traceroute -q 4 google.com
traceroute Command Examples in Linux

3. Specify the maximum number of hops

The default maximum number of hops for a single query is 30 in traceroute which can be extended to 255.

For that, you can append the max number of hope with -m option:

traceroute -m 4 google.com
traceroute Command Examples in Linux

4. Specify with what TTL to start

By default, the traceroute will start with the first TTL but you can change this behavior using -f option.

For reference, I wanted to start tracerouting on google’s domain from the 5th TTL so had to use the given command:]

traceroute -f 5 google.com
traceroute Command Examples in Linux

5. Add alternate source IP address for tracerouting

If you want to add an alternate source along with what you generally add for tracerouting, you will need to append the alternate IP with -s option.

For example, I have added an alternate source IP 192.168.1.7 alongside google.com:

traceroute -s 192.168.1.7 google.com
traceroute Command Examples in Linux

6. Disable hostname mapping to IP address while tracerouting

If you want to disable hostname mapping while tracerouting for some reason, you can use the -n option:

traceroute -n google.com
traceroute Command Examples in Linux

7. Route packages through the gateway using traceroute

You can specify the gateway address using -g option alongside the domain you want to traceroute.

For example, I have added 192.168.1.7 as a gateway address:

traceroute -g 192.168.1.7 google.com
traceroute Command Examples in Linux

8. Change the destination port in traceroute

If you want to change the destination port of your source domain while tracerouting, you will have to use -p to specify the port.

For example, I have changed my destination port to 29879:

traceroute -p 29879 google.com
traceroute Command Examples in Linux

9. Set maximum packet length

By default, traceroute will use a packet length of 60 bytes and you can alter this behavior by just appending packet size to the source IP.

For example, I changed to 100 bytes of maximum packet length while tracerouting:

traceroute google.com 100
traceroute Command Examples in Linux

10. Disable probe packet fragmentation

If you don’t want to allow probe packet fragmentation, there is a straightforward way to stop it.

You just have to use -F and there will be no probe packet fragmentation:

traceroute -F google.com
traceroute Command Examples in Linux

Wrapping Up

If you are curious to know how the traceroute works, you can refer to the other guide where I’ve explained the working of the traceroute.

I hope you will find this helpful and if you have any queries, let me know in the comments.

Panorama photo stitcher – Hugin 2022 in Beta Now [Ubuntu PPA]

Hugin, the popular free and open-source panorama photo stitcher application, now is in beta stage for the upcoming 2022 version.

Changes in this release according to the launchpad milestone include:

  • Add simple edge fill option to fill black edges in panorama with homogenous color.
  • Simplified the assistant page with only the necessary GUI controls to make it more clear for beginners and casual users.
  • Several improvements to control points tab (e.g. magnifier displays now warped image for better judgement of wide angle/fisheye images).
  • Improved handling of duplicate control points when running cpfind.
  • Extended command line tools pto_mask (--delete-mask) and pano_modify (allow specifying crop relative to canvas size).

There are as well some bug-fixes in the release, including fulla flatfield extremely dark, and high DPI display support for Windows.

How to install Hugin 2022 in Ubuntu:

For the source tarball as well as Windows msi packages, go the sourceforge download page.

For all current Ubuntu releases, including Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04, Ubuntu 22.10, and their based systems, I’ve made the unofficial package into this PPA repository.

I’ll continue updating this PPA when the stable release is out! And sync the package (stable) with may apps ppa.

1. First, press Ctrl+Alt+T on keyboard to open terminal. When it opens, run command to add the PPA:

sudo add-apt-repository ppa:ubuntuhandbook1/hugin

Type user password (no asterisk feedback) when it asks and hit Enter to continue.

2. Update system package cache for Ubuntu 18.04 and Linux Mint, though it’s done automatically while adding PPA in Ubuntu 20.04+:

sudo apt update

3. Finally, either run the command below in terminal to install the panorama photo stitcher:

sudo apt install hugin

Or, upgrade the software (if an old version was installed) via Software Updater (Update Manager) app:

Uninstall hugin:

To remove the software package, simply run command:

sudo apt remove --autoremove hugin hugin-data

And, remove the PPA either by running command in terminal:

sudo add-apt-repository --remove ppa:ubuntuhandbook1/hugin

Or remove the source line from ‘Software & Updates‘ utility under Other Software tab.