Mirabellette

Free anonymous services and administration system stuffs

My 4 hours contribution per week - 4

Written by Mirabellette no comments

Hello Everyone, (or maybe someone if someone is reading me)

It is a very long time ago that I didn't publish anything (probably one month in fact). As you probably didn't know, I host this blog on my own server. Or must I have to day, hosted. I will soon leave to another country and will not be able to host it in my own house.

To keep all services online, I choose to migrate everything in a host in wich I trust. Maybe the time has passed since but I begin to think than creating technical article or hostings services is not the better way to contribute to the community.

Nevertheless, I will continue to share my knowledge and discovery as much as possible and provide usefull services.

Take Care
Mirabellette

SWAP : Usage and management

Written by Mirabellette no comments
System: Debian 8 - linux 3.16

Hello everyone,

Usage

Today, I want to talk about the SWAP, and to increase his size, reduce it or configure the system to load it at boot. Before talking about that, I would like to describe briefly what Ram and SWAP are used for. Ram, and in some situation SWAP, are used by processes to work. To understand better, a picture is often a good idea.
Swap
As you can see in the picture from wikipedia, the swap is a space disk used when the ram space is full. It is always slower than the ram (until disk access are faster than ram access, but it is not for tomorrow). The space disk for the swap must have a specific format and has a size. It is common to determine the size to 1,5 x ram. Nevertheless, this value could be very important, especially when you have a big amount of ram. For example, with 16 go of ram, 1,5 x this is 24 go, it is a lot !

Today, unless you have specific usage like using a lot of virtual machine or in a server architecture, it is very rare to use more than 16 go. (Of course, if you have a small amount of ram, this will happen more often). That's why, I recommend you to fix a small size, for example, 0,1 * ram size and to improve it depending of your usage. Of course, if you have many Giga octet free, you could increase this size, but if you never use it, it is a waste of space disk.

Management

The swap file could be stored in a specific partition. To keep this article as simple as possible, we will not talk about this case. To begin with, we have to determine how much ram and swap do we have ? We can use the top command to know that.

In my case, I have ~= 2go (2009380) of ram and I have decided to fix the swap to ~= 512 mo (524284). Ram and Swap usage
Let's guess that 512 mo is not enough and we would like to increase the size to 1go. To do that, we have to follow this procedure:
  • identify where is the swap file and his size
    swapon -s
  • Swap location and size
  • deallocate the swap
    swapoff /swap
  • delete the previous swapp file
    rm /swap
  • create a new file with specific size
    dd if=/dev/zero of=/pathToTheNewSwap bs=1024 count=1M
    *if you want 512 mo, replace 1M by 512k
  • format the new file to a swap format
    mkswap /pathToTheNewSwap
  • configure the system to use the new swap as swap
    swapon /pathToTheNewSwap
  • configure the system to load it at each boot, you have to delete the line about the previous swap file and add a line for the new one.
    vi /etc/fstab
    /pathToTheNewSwap swap swap sw 0 0
Now, you must have 1go of swap displayed when you launch top and you must see /pathToTheNewSwap as swap file when you do swapon -s

I hope this article help you to understand how is used the swap and how to manage it. Do not hesitate to comment the article.

sources:

My 4 hours contribution per week - 3

Written by Mirabellette no comments
Hello everyone,

Some weeks since I hadn't published anything. I got a lot of work to do and I didn't take time to make an article. :( Since the last time, I have worked on two subjects. The first one is to make available a new service, Lufi. Lufi is a web application which allow for the user to store files securely. The file is encrypted in the server, the url is encrypted too, and you can add an authentification check to download it.

At the same time, I worked on securing my server. Even if I work in computer security and I have already done the basics, fail2ban install, backup automatic, logs, ssh key authentification etc, I want to go further. I think that security, confidentially and availability are the most important things when you have a server. I prefer to share less services but secure services with high availabity rather than a lot of services but often down or dangerous. To do that, I read about ISO 27000 and PCI-DSS (Payment Card Industry Data Security Standard). I will also read some books about that because I think it is essential to be ok with that before proposing services with more complexe features and risk.

That's why I am working on installing zabbix. Zabbix is a program which only the user to know easily if all services are up and everything is ok. As i used container and virtual machine, it required more and more time to monitor them and I hope that zabbix could help me to do that. As I have a container and a virtual machine, I have installed Zabbix and Zabbix proxy. I will makea very big tutorial soon I think to share how I did and what issues I got. I am very close to finish my installation.

I keep working.

My 4 hours contribution per week - 2

Written by Mirabellette no comments
Hello everyone,

It is the second episode of "My 4 hours contribution per week". Even if am very busy at this moment, I try to continue to keep this new habbit.

During this 4 hours, I didn't get time to find new information about Yacy, I will let it aside. Otherwise, I configure my architecture to clearly divide two flux. One for my private services, and the second one for this blog and public services.

Even if my knowledge in network are limited, I succeed in it and that's made me happy. Moreover, create some bash script to automate the creation of contener and apache2 virtualhost with correct configuration. It will help me to make new services available faster.

Finaly, I am glad to announce a privatebin instance is now available . For those who didn't know what it is, PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. You can use it to store text securely and share it with the certainty no one can read it if he is not allowed.

You can access at privatebin.mirabellette.netlib.re

It is the first service I made available to the community. I hope it will you will find it usefull.

See you next week for a new contribution

My 4 hours contribution per week - 1

Written by Mirabellette no comments
Hello everyone,

For some months, I tought about how I can help others and how I can contribute to improve this world. This wish is something that it is really important for me. That's why I decided to give 4 hours each week. It is not a lot but step by step I hope I will be able to my part.

Before contributing, I think it is very important for me to protect my privacy and avoid risk to be personnaly involve. To do that, I will use a specific ip for this activity. I know it is very easy to find my real name from this website. However, clearly divide part of my own internet activity and my contribution is a good first step.

I also know that even though I know a lot, I know I do not know much more.. That's why I decided to be very carefull before involving myself in a community or host a new services. I could be jugde responsible for that so I need to be prudent.

The first service I thought to host is Yacy. Yacy is an open source procet and free search engine. After installed it, I thought about crawling the web to index it. Nevertheless, a very big issue come to my mind. What will happen to me if I index an illegal website. Justice can find me with it and I can get trouble. I finally decide not to do crawl internet with yacy. Moreover, Yacy looks very old and an important part of his administration panel is accessible to anybody.

That's why I finally decided to disable it until it is more secure and I get answer to my question.

    What I did during this first 4 hours :
  • create a specific openvpn client to isolate the network
  • buy a specific IP which will only be used by this kind of services
  • install YACY in a container (http://yacy.net/en/)
  • put yacy accessible to internet and at the end disable it
Rss feed of the articles