Hello Everyone, (or maybe someone if someone is reading me) It is a very long time ago that I didn't publish anything (probably one month in fact). As you probably didn't know, I host this blog on my own server. Or must I have to day, hosted. I will soon leave to another country and will not be able to host it in my own house. To keep all services online, I choose to migrate everything in a host in wich I trust. Maybe the time has passed since but I begin to think than creating technical article or hostings services is not the better way to contribute to the community. Nevertheless, I will continue to share my knowledge and discovery as much as possible and provide usefull services. Take Care Mirabellette
UsageToday, I want to talk about the SWAP, and to increase his size, reduce it or configure the system to load it at boot. Before talking about that, I would like to describe briefly what Ram and SWAP are used for. Ram, and in some situation SWAP, are used by processes to work. To understand better, a picture is often a good idea.
ManagementThe swap file could be stored in a specific partition. To keep this article as simple as possible, we will not talk about this case. To begin with, we have to determine how much ram and swap do we have ? We can use the top command to know that. In my case, I have ~= 2go (2009380) of ram and I have decided to fix the swap to ~= 512 mo (524284). Let's guess that 512 mo is not enough and we would like to increase the size to 1go. To do that, we have to follow this procedure:
- identify where is the swap file and his size swapon -s
- deallocate the swap swapoff /swap
- delete the previous swapp file rm /swap
- create a new file with specific size dd if=/dev/zero of=/pathToTheNewSwap bs=1024 count=1M*if you want 512 mo, replace 1M by 512k
- format the new file to a swap format mkswap /pathToTheNewSwap
- configure the system to use the new swap as swap swapon /pathToTheNewSwap
- configure the system to load it at each boot, you have to delete the line about the previous swap file and add a line for the new one.
vi /etc/fstab /pathToTheNewSwap swap swap sw 0 0
Some weeks since I hadn't published anything. I got a lot of work to do and I didn't take time to make an article. :( Since the last time, I have worked on two subjects. The first one is to make available a new service, Lufi. Lufi is a web application which allow for the user to store files securely. The file is encrypted in the server, the url is encrypted too, and you can add an authentification check to download it.
At the same time, I worked on securing my server. Even if I work in computer security and I have already done the basics, fail2ban install, backup automatic, logs, ssh key authentification etc, I want to go further. I think that security, confidentially and availability are the most important things when you have a server. I prefer to share less services but secure services with high availabity rather than a lot of services but often down or dangerous. To do that, I read about ISO 27000 and PCI-DSS (Payment Card Industry Data Security Standard). I will also read some books about that because I think it is essential to be ok with that before proposing services with more complexe features and risk.
That's why I am working on installing zabbix. Zabbix is a program which only the user to know easily if all services are up and everything is ok. As i used container and virtual machine, it required more and more time to monitor them and I hope that zabbix could help me to do that. As I have a container and a virtual machine, I have installed Zabbix and Zabbix proxy. I will makea very big tutorial soon I think to share how I did and what issues I got. I am very close to finish my installation.I keep working.
It is the second episode of "My 4 hours contribution per week". Even if am very busy at this moment, I try to continue to keep this new habbit.
During this 4 hours, I didn't get time to find new information about Yacy, I will let it aside. Otherwise, I configure my architecture to clearly divide two flux. One for my private services, and the second one for this blog and public services.
Even if my knowledge in network are limited, I succeed in it and that's made me happy. Moreover, create some bash script to automate the creation of contener and apache2 virtualhost with correct configuration. It will help me to make new services available faster.
Finaly, I am glad to announce a privatebin instance is now available . For those who didn't know what it is, PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. You can use it to store text securely and share it with the certainty no one can read it if he is not allowed.
You can access at privatebin.mirabellette.netlib.re
It is the first service I made available to the community. I hope it will you will find it usefull.
See you next week for a new contribution
For some months, I tought about how I can help others and how I can contribute to improve this world. This wish is something that it is really important for me. That's why I decided to give 4 hours each week. It is not a lot but step by step I hope I will be able to my part.
Before contributing, I think it is very important for me to protect my privacy and avoid risk to be personnaly involve. To do that, I will use a specific ip for this activity. I know it is very easy to find my real name from this website. However, clearly divide part of my own internet activity and my contribution is a good first step.
I also know that even though I know a lot, I know I do not know much more.. That's why I decided to be very carefull before involving myself in a community or host a new services. I could be jugde responsible for that so I need to be prudent.The first service I thought to host is Yacy. Yacy is an open source procet and free search engine. After installed it, I thought about crawling the web to index it. Nevertheless, a very big issue come to my mind. What will happen to me if I index an illegal website. Justice can find me with it and I can get trouble. I finally decide not to do crawl internet with yacy. Moreover, Yacy looks very old and an important part of his administration panel is accessible to anybody.
That's why I finally decided to disable it until it is more secure and I get answer to my question.
- create a specific openvpn client to isolate the network
- buy a specific IP which will only be used by this kind of services
- install YACY in a container (http://yacy.net/en/)
- put yacy accessible to internet and at the end disable it