From 413a371db1223900f92deb3fca2ef8448496780d Mon Sep 17 00:00:00 2001 From: Sam Foo Date: Fri, 2 Feb 2018 12:11:35 -0500 Subject: [PATCH 1/2] Fix spelling to security section from Vale --- .../clients/install-roundcube-on-ubuntu.md | 4 +- .../garrys-mod-server-on-centos-7.md | 4 +- .../install-black-mesa-on-debian-or-ubuntu.md | 2 +- ...t-starve-together-game-server-on-ubuntu.md | 3 +- ...global-offensive-server-on-ubuntu-14-04.md | 4 +- ...-dead-2-multiplayer-server-installation.md | 6 +- .../minecraft-with-bungee-cord.md | 21 ++- .../minecraft-with-mcmyadmin-on-debian.md | 54 +++---- .../team-fortress2-on-debian-and-ubuntu.md | 22 +-- docs/getting-started.md | 2 +- docs/github-guide.md | 88 +++++------ docs/linode-writers-formatting-guide.md | 4 +- ...topng-for-network-monitoring-on-debian8.md | 2 +- .../how-to-mount-nfs-shares-on-debian-9.md | 2 +- docs/networking/ssh/using-sshfs-on-linux.md | 16 +- docs/networking/ssh/using-the-terminal.md | 2 +- docs/networking/vpn/pritunl-vpn-ubuntu.md | 2 +- ...pn-on-ubuntu-12-04-precise-and-debian-7.md | 2 +- .../vpn/set-up-a-hardened-openvpn-server.md | 2 +- .../vpn/set-up-a-streisand-gateway.md | 4 +- ...-killswitch-for-linux-and-macos-clients.md | 2 +- .../migrating-a-server-to-your-linode.md | 16 +- ...frastructure-using-terraform-and-linode.md | 2 +- .../longview/longview-app-for-nginx.md | 69 +++++---- .../getting-started-with-nodebalancers.md | 38 ++--- .../linux/how-to-change-selinux-modes.md | 2 +- .../gpg-key-for-ssh-authentication.md | 2 +- docs/security/getting-started-with-selinux.md | 140 +++++++++--------- ...g-bash-for-the-shellshock-vulnerability.md | 96 ++++++------ ...ching-glibc-for-the-ghost-vulnerability.md | 2 +- ...ow-to-upgrade-to-ubuntu-10-04-lts-lucid.md | 2 +- ...how-to-upgrade-to-ubuntu-10-10-maverick.md | 2 +- .../upgrading/upgrade-to-debian-8-jessie.md | 2 +- ...entos-7-with-an-elastic-stack-and-wazuh.md | 2 +- 34 files changed, 310 insertions(+), 313 deletions(-) diff --git a/docs/email/clients/install-roundcube-on-ubuntu.md b/docs/email/clients/install-roundcube-on-ubuntu.md index 8f4cc8b0fca..04f0ece411e 100644 --- a/docs/email/clients/install-roundcube-on-ubuntu.md +++ b/docs/email/clients/install-roundcube-on-ubuntu.md @@ -82,7 +82,7 @@ We will create a new virtual host for Roundcube in this section. This makes a ne sudo chmod 644 apache2-roundcube.sample.conf -5. Determine what type of Secure Socket Layer (SSL) encryption certificate is best for your Roundcube deployment. A [self-signed SSL certificate](/docs/security/ssl/how-to-make-a-selfsigned-ssl-certificate) is easy and free, but triggers an error in most modern browsers reporting that the connection is not private. [Let's Encrypt](https://letsencrypt.org/) offers browser trusted, free SSL certificates, but does not support [Extended Validatation](https://en.wikipedia.org/wiki/Extended_Validation_Certificate) (EV) or multi-domain ([wildcard](https://en.wikipedia.org/wiki/Wildcard_certificate)) certificates. To gain those features, a [commercial SSL certificate](/docs/security/ssl/obtaining-a-commercial-ssl-certificate) must be used. +5. Determine what type of Secure Socket Layer (SSL) encryption certificate is best for your Roundcube deployment. A [self-signed SSL certificate](/docs/security/ssl/how-to-make-a-selfsigned-ssl-certificate) is easy and free, but triggers an error in most modern browsers reporting that the connection is not private. [Let's Encrypt](https://letsencrypt.org/) offers browser trusted, free SSL certificates, but does not support [Extended Validation](https://en.wikipedia.org/wiki/Extended_Validation_Certificate) (EV) or multi-domain ([wildcard](https://en.wikipedia.org/wiki/Wildcard_certificate)) certificates. To gain those features, a [commercial SSL certificate](/docs/security/ssl/obtaining-a-commercial-ssl-certificate) must be used. 6. Once you have your SSL certificate, edit the following options in `apache2-roundcube.sample.conf` to match your desired configuration: @@ -151,7 +151,7 @@ PEAR is an acronym for "PHP Extension and Application Repository". Common PHP co PEAR will print an **install ok** confirmation message for each package that it successfully installs. In this case, a complete installation will look similar to this: - {{< output >}} + {{< output >}} install ok: channel://pear.php.net/Auth_SASL-1.1.0 install ok: channel://pear.php.net/Net_IDNA2-0.1.1 install ok: channel://pear.php.net/Mail_Mime-1.10.2 diff --git a/docs/game-servers/garrys-mod-server-on-centos-7.md b/docs/game-servers/garrys-mod-server-on-centos-7.md index 7814bb5f975..62e1249d244 100644 --- a/docs/game-servers/garrys-mod-server-on-centos-7.md +++ b/docs/game-servers/garrys-mod-server-on-centos-7.md @@ -43,7 +43,7 @@ From the SteamCMD guide, two additional steps are needed specifically for Gmod. sudo firewall-cmd --zone=public --add-port=27000 27030/udp --permanent -2. Install an additonal 32-bit package: +2. Install an additional 32-bit package: sudo yum install ncurses-libs.i686 @@ -144,7 +144,7 @@ writeip 2. Note the collection ID. It is located at the end of the url, denoted by the 'X's here: - http://steamcommunity.com/sharedfiles/filedetails/?id=XXXXXXXXX + http://steamcommunity.com/sharedfiles/filedetails/?id=XXXXXXXXX 3. Acquire a Steam API key from the [Steam API Keys](http://steamcommunity.com/dev/apikey) page. Note the key. diff --git a/docs/game-servers/install-black-mesa-on-debian-or-ubuntu.md b/docs/game-servers/install-black-mesa-on-debian-or-ubuntu.md index aab0b11215a..04cac8fb9b5 100644 --- a/docs/game-servers/install-black-mesa-on-debian-or-ubuntu.md +++ b/docs/game-servers/install-black-mesa-on-debian-or-ubuntu.md @@ -248,7 +248,7 @@ You can read the entire list of parameters on the [Valve Wiki](https://developer wget http://www.metamodsource.net/mmsdrop/1.10/mmsource-1.10.7-git951-linux.tar.gz {{< note >}} -This URL costantly changes as MetaMod is updated. Please check the downloads [page](http://www.metamodsource.net/snapshots) for the current URL. +This URL constantly changes as MetaMod is updated. Please check the downloads [page](http://www.metamodsource.net/snapshots) for the current URL. {{< /note >}} 3. Extract the downloaded archive: diff --git a/docs/game-servers/install-dont-starve-together-game-server-on-ubuntu.md b/docs/game-servers/install-dont-starve-together-game-server-on-ubuntu.md index 6c26eab8450..791ca2d34db 100644 --- a/docs/game-servers/install-dont-starve-together-game-server-on-ubuntu.md +++ b/docs/game-servers/install-dont-starve-together-game-server-on-ubuntu.md @@ -41,11 +41,10 @@ From the SteamCMD guide, two additional steps are needed specifically for DST. sudo dpkg-reconfigure iptables-persistent -3. Install some additonal 32-bit packages: +3. Install some additional 32-bit packages: sudo apt-get install libcurl4-gnutls-dev:i386 - ## Install Don’t Starve Together 1. Be sure you are in the directory `~/Steam`, then access the `Steam>` prompt. diff --git a/docs/game-servers/launch-a-counter-strike-global-offensive-server-on-ubuntu-14-04.md b/docs/game-servers/launch-a-counter-strike-global-offensive-server-on-ubuntu-14-04.md index a8c61d286c3..6dd27e623f1 100644 --- a/docs/game-servers/launch-a-counter-strike-global-offensive-server-on-ubuntu-14-04.md +++ b/docs/game-servers/launch-a-counter-strike-global-offensive-server-on-ubuntu-14-04.md @@ -79,7 +79,7 @@ CS:GO requires a server token unless you want to limit players to only clients c ## Configure the Server -1. Create a file called `server.cfg` using your prefered text editor. Choose a hostname and a unique RCON password that you don't use elsewhere. +1. Create a file called `server.cfg` using your preferred text editor. Choose a hostname and a unique RCON password that you don't use elsewhere. {{< file "~/Steam/csgo-ds/csgo/cfg/server.cfg" aconf >}} hostname "server_hostname" @@ -163,4 +163,4 @@ These settings are changed in the launch command. ### RCON -When logged into the server, you can open the RCON console with the backtic button (`), or your mapped key. To log in type `rcon_password` followed by your password. For more information regarding RCON, click [here](/docs/game-servers/team-fortress2-on-debian-and-ubuntu/#rcon). +When logged into the server, you can open the RCON console with the backtick button (`), or your mapped key. To log in type `rcon_password` followed by your password. For more information regarding RCON, click [here](/docs/game-servers/team-fortress2-on-debian-and-ubuntu/#rcon). diff --git a/docs/game-servers/left-4-dead-2-multiplayer-server-installation.md b/docs/game-servers/left-4-dead-2-multiplayer-server-installation.md index f7a134ba2a2..a3a5b417746 100644 --- a/docs/game-servers/left-4-dead-2-multiplayer-server-installation.md +++ b/docs/game-servers/left-4-dead-2-multiplayer-server-installation.md @@ -142,7 +142,7 @@ This guide requires additional libraries which are not included in our standard cd ~/Steam/L4D2-server/left4dead2/cfg - Choose one of the following example files: + Choose one of the following example files: wget https://www.gottnt.com/l4d2/basic-server.cfg wget https://www.gottnt.com/l4d2/detailed-server.cfg @@ -168,7 +168,7 @@ The `+port 27020` parameter is not required but is recommended so that your serv {{< /note >}} You can change the map to whichever one you prefer. - This script, when run, will execute the L4D2 server in a [Screen](/docs/networking/ssh/using-gnu-screen-to-manage-persistent-terminal-sessions) session. + This script, when run, will execute the L4D2 server in a [Screen](/docs/networking/ssh/using-gnu-screen-to-manage-persistent-terminal-sessions) session. 5. Make the script executable: @@ -202,7 +202,7 @@ You can connect to the server in any one of three easy methods: 3. A third method is to install the following add-on: [Link](https://steamcommunity.com/sharedfiles/filedetails/?id=121088946) and then launch the game. Next, click on the new `Server Browser` option on the main menu and find your server in the long list of servers. This method only works if you have set the `hostname`, `sv_search_key`, and `sv_tags` options in the config file. {{< note >}} -Your L4D2 server will only show up in the `Custom` list of servers. Therefore, we recomend that you add it to your favorites to avoid having to look for it again. +Your L4D2 server will only show up in the `Custom` list of servers. Therefore, we recommend that you add it to your favorites to avoid having to look for it again. {{< /note >}} Finally, invite friends to the game using the Steam Overlay (`SHIFT + TAB`). Let the playing begin! diff --git a/docs/game-servers/minecraft-with-bungee-cord.md b/docs/game-servers/minecraft-with-bungee-cord.md index b1a8cf0e634..db32cb588e6 100644 --- a/docs/game-servers/minecraft-with-bungee-cord.md +++ b/docs/game-servers/minecraft-with-bungee-cord.md @@ -52,18 +52,18 @@ On the Linode that is going to host BungeeCord: 4. Create another user for the BungeeCord proxy, so that it doesn't have the same privileges as your user. You'll need to keep this password for future reference. - sudo adduser bungeecord + sudo adduser bungeecord ### Configuring the Firewall on the BungeeCord Node If you're using iptables or ufw to act as a firewall, you'll need to make a rule on the Linode running BungeeCord, to permit TCP on port 25565. This can be done by running: - sudo iptables -A INPUT -p tcp --dport 25565 -j ACCEPT + sudo iptables -A INPUT -p tcp --dport 25565 -j ACCEPT ### Configuring the Firewall on the Spigot Server Linodes -For BungeeCord, the Spigot servers need to be in offline mode, as the BungeeCord proxy handles the authentication. This can make the servers vulnerable to people connecting directly, as they can connect with any username, potentially allowing for connection as a user with adminsitrative permissions. To prevent this, you can set up iptables to limit connections to only the BungeeCord server. +For BungeeCord, the Spigot servers need to be in offline mode, as the BungeeCord proxy handles the authentication. This can make the servers vulnerable to people connecting directly, as they can connect with any username, potentially allowing for connection as a user with administrative permissions. To prevent this, you can set up iptables to limit connections to only the BungeeCord server. {{< note >}} This section assumes that you've only got a Spigot server running on each Linode. If you have other services, you'll need to modify the rules to allow them to continue working. @@ -100,7 +100,7 @@ If you've configured your `iptables` firewall by following our [Securing Your Se Log into the BungeeCord Linode as the `bungeecord` user created earlier, and download BungeeCord: - wget -O BungeeCord.jar http://ci.md-5.net/job/BungeeCord/lastSuccessfulBuild/artifact/bootstrap/target/BungeeCord.jar + wget -O BungeeCord.jar http://ci.md-5.net/job/BungeeCord/lastSuccessfulBuild/artifact/bootstrap/target/BungeeCord.jar {{< note >}} This downloads the latest version of BungeeCord. You can find older versions for older Minecraft server versions, [here](http://ci.md-5.net/job/BungeeCord/). @@ -110,8 +110,7 @@ This downloads the latest version of BungeeCord. You can find older versions for 1. Start BungeeCord up, allowing it to generate the configuration files: - java -jar BungeeCord.jar - + java -jar BungeeCord.jar After the prompt `[INFO] Listening on /0.0.0.0:25577` is displayed in the console, type `end` and press Enter. @@ -119,7 +118,7 @@ This downloads the latest version of BungeeCord. You can find older versions for 3. Edit the following block of the configuration, in order to add our existing Spigot servers: - {{< file-excerpt "config.yml" yaml >}} + {{< file-excerpt "config.yml" yaml >}} servers: lobby: address: localhost:25565 @@ -137,7 +136,7 @@ servers: address: 203.0.113.112:25565 restricted: false motd: 'Just another BungeeCord - Forced Host' - games: + games: address: 203.0.113.198:25565 restricted: false motd: 'Just another BungeeCord - Forced Host' @@ -197,7 +196,7 @@ Connect to your BungeeCord address in Minecraft, and run `/server name` where `n To see who is online on any of the BungeeCord servers that you've linked, you can run: - /glist + /glist ## Troubleshooting @@ -213,7 +212,7 @@ If there is an issue connecting, then it's important to check that the login ser If the server shows the MOTD and a ping in the server list, as per the image above, it's likely that the problem lies between BungeeCord and your Spigot servers. To check, you can log into your BungeeCord server, and you'll most likely see a line similar to the following in the logs, where the IP `198.51.100.0` is replaced by your IP. This shows that your client is successfully pinging the BungeeCord server: - 00:20:34 [INFO] [/198.51.100.0:50677] <-> InitialHandler has connected + 00:20:34 [INFO] [/198.51.100.0:50677] <-> InitialHandler has connected If the logs look similar to above, the following error is likely occurring: @@ -239,6 +238,6 @@ If this happens, you should check that BungeeCord is actually running, and that Assuming that the issue is not solved, the issue is likely to be the firewall. You can flush your firewalls with: - iptables -F + iptables -F You should try again to reconnect. If you can connect now, then you'll need to reconfigure the firewall as detailed above. diff --git a/docs/game-servers/minecraft-with-mcmyadmin-on-debian.md b/docs/game-servers/minecraft-with-mcmyadmin-on-debian.md index d26c3afd8e5..38c9356c061 100644 --- a/docs/game-servers/minecraft-with-mcmyadmin-on-debian.md +++ b/docs/game-servers/minecraft-with-mcmyadmin-on-debian.md @@ -22,7 +22,7 @@ aliases: ['applications/game-servers/minecraft-with-mcmyadmin-on-debian/'] 1. Familiarize yourself with our [Getting Started](/docs/getting-started) guide and complete the steps for setting your Linode's hostname and timezone. -2. This guide will use `sudo` wherever possible. Complete the sections of our [Securing Your Server](/docs/security/securing-your-server) guide to create a standard user account, harden SSH access and remove unnecessary network services. Do **not** follow the *Configure a Firewall* section yet--this guide includes firewall rules specifcally for a Minecraft server. +2. This guide will use `sudo` wherever possible. Complete the sections of our [Securing Your Server](/docs/security/securing-your-server) guide to create a standard user account, harden SSH access and remove unnecessary network services. Do **not** follow the *Configure a Firewall* section yet--this guide includes firewall rules specifically for a Minecraft server. 3. Update your system. @@ -99,13 +99,13 @@ COMMIT 1. Install the Java Runtime Environment, OpenJDK: - sudo apt-get install openjdk-7-jre + sudo apt-get install openjdk-7-jre -2. [Mono](http://www.mono-project.com/). CubeCoders Limited, the company behind McMyAdmin, packages its own minimal installation of Mono with some necessary source and configuration files. This must be used instead of the generic Mono packages from Debian's repositories. +2. [Mono](http://www.mono-project.com/) is an open source implementation of the .NET framework. CubeCoders Limited, the company behind McMyAdmin, packages its own minimal installation of Mono with some necessary source and configuration files. This must be used instead of the generic Mono packages from Debian's repositories. - cd /usr/local - sudo wget http://mcmyadmin.com/Downloads/etc.zip - sudo unzip etc.zip; sudo rm etc.zip + cd /usr/local + sudo wget http://mcmyadmin.com/Downloads/etc.zip + sudo unzip etc.zip; sudo rm etc.zip ## Install and Start McMyAdmin @@ -113,48 +113,48 @@ This section should be completed as your standard user, **not** as root. McMyAdm 1. Create the installation directory and change location to it. - mkdir ~/mcmyadmin && cd ~/mcmyadmin + mkdir ~/mcmyadmin && cd ~/mcmyadmin 2. Download the McMyAdmin installer. You will want to double check its [Download](https://www.mcmyadmin.com/#/download) page to be sure you're grabbing the latest version. - wget http://mcmyadmin.com/Downloads/MCMA2_glibc26_2.zip + wget http://mcmyadmin.com/Downloads/MCMA2_glibc26_2.zip 3. Extract the archive and delete the original zip file. - unzip MCMA2_glibc26_2.zip; rm MCMA2_glibc26_2.zip + unzip MCMA2_glibc26_2.zip; rm MCMA2_glibc26_2.zip 4. Start the initial configuration of McMyAdmin. Replace `PASSWORD` with a strong password which you want for admin access to McMyAdmin's web interface. - ./MCMA2_Linux_x86_64 -setpass PASSWORD -configonly + ./MCMA2_Linux_x86_64 -setpass PASSWORD -configonly - This will return the output: + This will return the output: - The updater will download and install McMyAdmin to the current directory: - /home/your_user/mcmyadmin). + The updater will download and install McMyAdmin to the current directory: + /home/your_user/mcmyadmin). - Continue? [y/n] : + Continue? [y/n] : - Answer `y`. The installer will run and return you to the command prompt. If everything is as it should be, the only warning you'll see will be for a missing configuration file. As the output says, that would be normal since McMyAdmin was just started for the first time. + Answer `y`. The installer will run and return you to the command prompt. If everything is as it should be, the only warning you'll see will be for a missing configuration file. As the output says, that would be normal since McMyAdmin was just started for the first time. 5. Install screen, if it is not already installed. - sudo apt-get install screen + sudo apt-get install screen 6. Start a screen session for the McMyAdmin client. - screen -S mcma + screen -S mcma 7. Change into the McMyAdmin installation directory and start the program. - cd ~/mcmyadmin; ./MCMA2_Linux_x86_64 + cd ~/mcmyadmin; ./MCMA2_Linux_x86_64 - If successful, the last three lines of the output will be: + If successful, the last three lines of the output will be: - Notice : McMyAdmin has started and is ready for use. - Notice : This is the first time McMyAdmin has been started. - Notice : You must complete the first-start wizard via the web interface. + Notice : McMyAdmin has started and is ready for use. + Notice : This is the first time McMyAdmin has been started. + Notice : You must complete the first-start wizard via the web interface. - {{< note >}} + {{< note >}} To exit McMyAdmin and return to the command line, enter `/quit`. {{< /note >}} @@ -164,16 +164,16 @@ To exit McMyAdmin and return to the command line, enter `/quit`. 2. Log in with the username `admin` and the password that you provided in the installation step. - ![McMyAdmin Login Page](/docs/assets/mcmyadmin-login-page.png) + ![McMyAdmin Login Page](/docs/assets/mcmyadmin-login-page.png) 3. Once the initial configuration steps are completed, select your settings and then switch to the status page. - ![McMyAdmin Configuration Page](/docs/assets/mcmyadmin-config-page.png) + ![McMyAdmin Configuration Page](/docs/assets/mcmyadmin-config-page.png) 4. Select *Start Server* and accept the Minecraft Server EULA. - ![McMyAdmin Status Page](/docs/assets/mymyadmin-status-page.png) + ![McMyAdmin Status Page](/docs/assets/mymyadmin-status-page.png) - ![McMyAdmin Server Started](/docs/assets/mcmyadmin-server-running.png) + ![McMyAdmin Server Started](/docs/assets/mcmyadmin-server-running.png) Congratulations, you now have McMyAdmin running on your Minecraft server! diff --git a/docs/game-servers/team-fortress2-on-debian-and-ubuntu.md b/docs/game-servers/team-fortress2-on-debian-and-ubuntu.md index 9881d7ee833..83fdab80d68 100644 --- a/docs/game-servers/team-fortress2-on-debian-and-ubuntu.md +++ b/docs/game-servers/team-fortress2-on-debian-and-ubuntu.md @@ -37,7 +37,7 @@ From the SteamCMD guide, two additional steps are needed specifically for TF2. sudo dpkg-reconfigure iptables-persistent -3. Install an additonal 32-bit package: +3. Install an additional 32-bit package: sudo apt-get install lib32tinfo5 @@ -49,7 +49,7 @@ From the SteamCMD guide, two additional steps are needed specifically for TF2. 2. From the SteamCMD prompt, login anonymously: - login anonymous + login anonymous Or log in with your Steam username: @@ -57,8 +57,8 @@ From the SteamCMD guide, two additional steps are needed specifically for TF2. 3. Install TF2 to the `Steam` user's home directory: - force_install_dir ./tf2 - app_update 232250 + force_install_dir ./tf2 + app_update 232250 This can take some time. If the download looks as if it has frozen, be patient. Once the download is complete, you should see this output: @@ -68,9 +68,9 @@ From the SteamCMD guide, two additional steps are needed specifically for TF2. 4. Quit SteamCMD: - quit + quit - {{< note >}} + {{< note >}} To update TF2, run the above 4 commands again. {{< /note >}} @@ -84,11 +84,11 @@ In order to create a custom list of maps for your server, create `mapcycle.txt` 1. Navigate to `Steam/tf2/tf/cfg`: - cd ~/Steam/tf2/tf/cfg + cd ~/Steam/tf2/tf/cfg 2. Copy `mapcycle_default.txt`: - cp mapcycle_default.txt mapcycle.txt + cp mapcycle_default.txt mapcycle.txt 3. Open the file and add or remove maps as desired. @@ -124,7 +124,7 @@ screen -S "Team Fortress 2 Server" ./srcds_run -game tf +map ctf_2fort.bsp When run, the script will change directories to `~/Steam/tf2` and execute TF2 in a [Screen](/docs/networking/ssh/using-gnu-screen-to-manage-persistent-terminal-sessions) session. - Optionally, replace `cft_2fort.bsp` with the name of your chosen map’s file, or replace `+map ctf_2fort.bsp` with `+randommap` for a randomized map selection. + Optionally, replace `cft_2fort.bsp` with the name of your chosen map’s file, or replace `+map ctf_2fort.bsp` with `+randommap` for a randomized map selection. 2. Make the script executable: @@ -157,13 +157,13 @@ RCON allows you to make changes to your server from inside of the game. 1. To start using RCON, go to the **Options** setting in the game, and then select **Advanced...** - [![Enable the developer console.](/docs/assets/team-fortress-rcon-small.png)](/docs/assets/team-fortress-rcon.png) + [![Enable the developer console.](/docs/assets/team-fortress-rcon-small.png)](/docs/assets/team-fortress-rcon.png) 2. From here, check **Enable developer console** and apply these settings. 3. To make changes in-game, it is recommended that you switch to spectator mode, and then press the backtick button (`) to access the developer's console. - [![Press `~` to access the console](/docs/assets/team-fortress-rcon-console-small.png)](/docs/assets/team-fortress-rcon-console.png) + [![Press `~` to access the console](/docs/assets/team-fortress-rcon-console-small.png)](/docs/assets/team-fortress-rcon-console.png) 4. Log in to RCON by typing in `rcon_password` followed by your password. diff --git a/docs/getting-started.md b/docs/getting-started.md index b291182ed3e..5bc1aa7cc1d 100644 --- a/docs/getting-started.md +++ b/docs/getting-started.md @@ -197,7 +197,7 @@ Ubuntu may prompt you when the Grub package is updated. If prompted, select `kee emaint sync -a -After running a sync, it may end with a message that you should upgrade Portage using a `--oneshot` emerge comand. If so, run the Portage update. Then update the rest of the system: +After running a sync, it may end with a message that you should upgrade Portage using a `--oneshot` emerge command. If so, run the Portage update. Then update the rest of the system: emerge --uDN @world diff --git a/docs/github-guide.md b/docs/github-guide.md index 55b3b8e0e35..9986c7d99af 100644 --- a/docs/github-guide.md +++ b/docs/github-guide.md @@ -30,23 +30,23 @@ If you are following these instructions on a Windows system, all commands will n 1. If you have not done so already, generate an SSH key on your local system: - ssh-keygen + ssh-keygen 2. View the contents of the newly-created public key file: - cat ~/.ssh/id_rsa.pub + cat ~/.ssh/id_rsa.pub 3. In a browser window, select your user account icon in the upper right-hand corner of the screen, then click **Settings**. Your user account icon may look different than the one below: - [![GitHub Settings](/docs/assets/github-settings.png)](/docs/assets/github-settings.png) + [![GitHub Settings](/docs/assets/github-settings.png)](/docs/assets/github-settings.png) 4. Select the **SSH keys** option from the **Personal settings** menu, then click the **Add SSH key** button: - [![SSH key settings](/docs/assets/github-ssh-key.png)](/docs/assets/github-ssh-key.png) + [![SSH key settings](/docs/assets/github-ssh-key.png)](/docs/assets/github-ssh-key.png) 5. Copy the contents of your public key file from your terminal window, and paste them into the **Key** text box. Add a descriptive title for your key in the **Title** text box: - [![Add Key](/docs/assets/github-load-key.png)](/docs/assets/github-load-key.png) + [![Add Key](/docs/assets/github-load-key.png)](/docs/assets/github-load-key.png) ### Setting Up Your Repository @@ -59,20 +59,20 @@ In order to edit or create documents for Linode Guides and Tutorials, you will n 3. Once the fork process has completed, visit the **docs** repository under your repository list on the GitHub homepage: - [![Your repository on GitHub](/docs/assets/github-your-repository.png)](/docs/assets/github-your-repository.png) + [![Your repository on GitHub](/docs/assets/github-your-repository.png)](/docs/assets/github-your-repository.png) 4. Clone your forked branch to your local machine by copying the clone URL, and appending it to the following command. We recommend cloning via SSH for this particular step. This command will create a local copy of your cloned repository that you can work with directly in the directory where the command is run: - [![GitHub Clone URL](/docs/assets/github-clone-url.png)](/docs/assets/github-clone-url.png) + [![GitHub Clone URL](/docs/assets/github-clone-url.png)](/docs/assets/github-clone-url.png) - git clone + git clone - You will need to accept the host identification key on your first connection. + You will need to accept the host identification key on your first connection. 5. Move to the cloned directory and configure the Linode Docs repository as your upstream repository: - cd docs - git remote add upstream https://github.com/linode/docs + cd docs + git remote add upstream https://github.com/linode/docs ### Creating Your Branch @@ -80,23 +80,23 @@ Once you've cloned a local copy of your repository, you will need to make a bran 1. Verify that you are in the master branch: - git status + git status - You should receive output similar to that show below: + You should receive output similar to that show below: - On branch master - Your branch is up-to-date with 'origin/master'. + On branch master + Your branch is up-to-date with 'origin/master'. - nothing to commit, working directory clean + nothing to commit, working directory clean 2. Check out a new branch with a descriptive title matching the guide that you are editing or creating: - git checkout -b guide-title + git checkout -b guide-title -3. Rerun the `git status` command to confirm that you have been moved to the new branch. You should receive output maching the following: +3. Rerun the `git status` command to confirm that you have been moved to the new branch. You should receive output matching the following: - On branch guide-title - nothing to commit, working directory clean + On branch guide-title + nothing to commit, working directory clean 4. Using your preferred text editor, you should now be able to edit and create documents within your new branch: @@ -107,29 +107,29 @@ The folder structure within the repository's `docs` folder matches the structure 5. Once you have completed composing or making edits to a guide, you can use the `git status` command to view the status of your changes. You should receive output resembling the following: Untracked files: - (use "git add ..." to include in what will be committed) + (use "git add ..." to include in what will be committed) - guide-title.md + guide-title.md - nothing added to commit but untracked files present (use "git add" to track) + nothing added to commit but untracked files present (use "git add" to track) 6. Add your guide to the list of files to be committed with the 'git add' command: - git add guide-title.md + git add guide-title.md 7. Commit your file to officially make it part of your changes. Utilize the `-m` flag with the `git commit` command to add a commit message. Commit messages will need to be encased in quotation marks, as shown below: - git commit -m "First draft of guide" + git commit -m "First draft of guide" - You should receive output resembling the following: + You should receive output resembling the following: - [guide-title 40b1932] First draft of guide - 1 file changed, 1 insertion(+) - Create mode 100644 docs/guide-title.md + [guide-title 40b1932] First draft of guide + 1 file changed, 1 insertion(+) + Create mode 100644 docs/guide-title.md 8. Push your guide to GitHub. You will need to replace `guide-title` below with the name of your branch: - git push origin guide-title + git push origin guide-title ### Submitting Your First Pull Request @@ -137,19 +137,19 @@ Now that you've completed the composition of your guide, it's time to make your 1. Within the GitHub web interface, navigate to your fork of the **linode/docs** repository: - [![GitHub - Your Repository](/docs/assets/github-your-repository.png)](/docs/assets/github-your-repository.png) + [![GitHub - Your Repository](/docs/assets/github-your-repository.png)](/docs/assets/github-your-repository.png) 2. Select the branch containing your changes: - [![GitHub - Switch Branches](/docs/assets/github-switch-branches.png)](/docs/assets/github-switch-branches.png) + [![GitHub - Switch Branches](/docs/assets/github-switch-branches.png)](/docs/assets/github-switch-branches.png) 3. Select the **Pull Request** option to generate your first PR: - [![GitHub - Pull Request](/docs/assets/github-pull-request.png)](/docs/assets/github-pull-request.png) + [![GitHub - Pull Request](/docs/assets/github-pull-request.png)](/docs/assets/github-pull-request.png) 4. Ensure that your pull request is being submitted against the **Base fork: linode/docs**, and the **Base: master**. Enter the title of your guide, along with a brief description, and click the **Create Pull Request** button: - [![GitHub - Pull Request Submission](/docs/assets/github-pull-request2.png)](/docs/assets/github-pull-request2.png) + [![GitHub - Pull Request Submission](/docs/assets/github-pull-request2.png)](/docs/assets/github-pull-request2.png) Congratulations! Your guide has been submitted as a pull request against the Linode Docs repository! @@ -169,30 +169,30 @@ If you are working on multiple guide submissions or changes, you will need to ut 1. To avoid merge conflicts, switch to your master branch and pull in the latest changes from the Linode Docs master branch: - git checkout master - git fetch upstream + git checkout master + git fetch upstream 2. Create and switch to a new branch to store your new changes: - git checkout -b guide-title-2 + git checkout -b guide-title-2 - You should receive output resembling the following: + You should receive output resembling the following: - Switched to a new branch 'guide-title-2' + Switched to a new branch 'guide-title-2' 3. To confirm what branch you are currently using, run `git status`. The output should resemble the following: - On branch guide-title-2 - nothing to commit, working directory clean + On branch guide-title-2 + nothing to commit, working directory clean 4. To list all of your available branches, utilize the `git branch` command. This will list all of your branches, and highlight your active branch: - git branch + git branch 5. Once you have completed working with a branch, you can remove your local copy of that branch by switching to a different branch, such as master, and using the `-d` flag to remove the unused branch: - git checkout master - git branch -d guide-title-2 + git checkout master + git branch -d guide-title-2 {{< note >}} Git will warn you if you attempt to delete a branch with unmerged changes. If you wish to remove a branch with unmerged changes, you can force removal by substituting the `-D` flag. diff --git a/docs/linode-writers-formatting-guide.md b/docs/linode-writers-formatting-guide.md index 9a91dc8730f..cab5c1e8b2c 100644 --- a/docs/linode-writers-formatting-guide.md +++ b/docs/linode-writers-formatting-guide.md @@ -85,7 +85,7 @@ The *Before You Begin* section is an area for basic prerequisites a reader shoul If using example variables which should be changed throughout the guide, declare them in the Before You Begin section. -Variables that the reader will need to change for their system or preference should be formatted using backtics. This includes: +Variables that the reader will need to change for their system or preference should be formatted using backticks. This includes: * [Example IPs](#example-ip-addresses) * User names @@ -184,7 +184,7 @@ For example: > > yum update -Inline commands should be denoted by backtics. +Inline commands should be denoted by backticks. | Formatting | Example | |:--------------|:------------| diff --git a/docs/networking/diagnostics/install-ntopng-for-network-monitoring-on-debian8.md b/docs/networking/diagnostics/install-ntopng-for-network-monitoring-on-debian8.md index 4ef5e7bf964..730fcd842bd 100644 --- a/docs/networking/diagnostics/install-ntopng-for-network-monitoring-on-debian8.md +++ b/docs/networking/diagnostics/install-ntopng-for-network-monitoring-on-debian8.md @@ -40,7 +40,7 @@ In this tutorial you will configure and install ntopng on your Linode. The tutor {{< note >}} -The steps in this guide require root privileges. Be sure to run the steps below as `root` or with `sudo`. If two commands are presented in the same instance (seperated by `&&`), you must prefix each command with `sudo` (ex. `sudo [command] && sudo [command]`). For more information on privileges, see our [Users and Groups](/docs/tools-reference/linux-users-and-groups) guide. +The steps in this guide require root privileges. Be sure to run the steps below as `root` or with `sudo`. If two commands are presented in the same instance (separated by `&&`), you must prefix each command with `sudo` (ex. `sudo [command] && sudo [command]`). For more information on privileges, see our [Users and Groups](/docs/tools-reference/linux-users-and-groups) guide. {{< /note >}} ### Add the ntopng Repository diff --git a/docs/networking/nfs/how-to-mount-nfs-shares-on-debian-9.md b/docs/networking/nfs/how-to-mount-nfs-shares-on-debian-9.md index c5f2c8c1ec5..201acfb0968 100644 --- a/docs/networking/nfs/how-to-mount-nfs-shares-on-debian-9.md +++ b/docs/networking/nfs/how-to-mount-nfs-shares-on-debian-9.md @@ -164,4 +164,4 @@ Now let's replace **root\_squash** with **no\_root\_squash** in `/etc/exports` o sudo echo "Hi everyone" > /mnt/remotenfs/testfile2.txt -If you check the ownership of `testfile2.txt` either on the client or the server, you'll see that it is now owned by `root:root`. These simple examples illustrate the use and implications of **root\_squash** and **no\_root\_squash**. For your security, don't forget to remove the latter and readd the former in your `/etc/exports` as soon as possible. +If you check the ownership of `testfile2.txt` either on the client or the server, you'll see that it is now owned by `root:root`. These simple examples illustrate the use and implications of **root\_squash** and **no\_root\_squash**. For your security, don't forget to remove the latter and read the former in your `/etc/exports` as soon as possible. diff --git a/docs/networking/ssh/using-sshfs-on-linux.md b/docs/networking/ssh/using-sshfs-on-linux.md index aa4f7d5886c..452c2222dff 100644 --- a/docs/networking/ssh/using-sshfs-on-linux.md +++ b/docs/networking/ssh/using-sshfs-on-linux.md @@ -50,23 +50,23 @@ If you are unfamiliar with users, groups and file permissions, be sure to visit To check if the `fuse` group exists run: - cat /etc/group | grep 'fuse' + cat /etc/group | grep 'fuse' -If the group exists, execute the following command with `sudo`, subsituting your user account name in place of "someuser": +If the group exists, execute the following command with `sudo`, substituting your user account name in place of "someuser": - sudo usermod -a -G fuse someuser + sudo usermod -a -G fuse someuser If the group does not exist it has to be created and added to the `fuse` group: - sudo groupadd fuse - sudo usermod -a -G fuse user + sudo groupadd fuse + sudo usermod -a -G fuse user Log out and log back in before proceeding using a normal user account. ### Mounting the Remote File System To mount a remote file system execute the command `sshfs`. The syntax for `sshfs` is: - sshfs [user@]host:[directory] mountpoint [options] + sshfs [user@]host:[directory] mountpoint [options] To Mount the home directory of a user named "user" on a remote server at "usersLinode.example.com", create a directory as a destination for the mounted folder. @@ -74,12 +74,12 @@ To Mount the home directory of a user named "user" on a remote server at "usersL Then we use the `sshfs` command to mount the directory from our remote server, to the directory on our local client. The syntax for `sshfs` is: `sshfs [user@]host:[directory] mountpoint [options]` Read more about `sshfs` here: [sshfs Manual](https://linux.die.net/man/1/sshfs) - sshfs user@usersLinode.example.com:/home/user ssfhsExample + sshfs user@usersLinode.example.com:/home/user ssfhsExample You can also `sshfs` to your Linode server's IP address: - sshfs user@192.168.0.0:/home/user sshfsExample + sshfs user@192.168.0.0:/home/user sshfsExample To unmount the filesystem, use the `umount` command: diff --git a/docs/networking/ssh/using-the-terminal.md b/docs/networking/ssh/using-the-terminal.md index aa0295c555b..a2da030de9d 100644 --- a/docs/networking/ssh/using-the-terminal.md +++ b/docs/networking/ssh/using-the-terminal.md @@ -206,7 +206,7 @@ If you append double ampersands (`&&`) to the end of a command, the shell will w ### Emacs Key Bindings -In general, the `bash` terminal provides emacs-like key bindings for navigation. In addition to `C-n` and `C-p` to access next and previous commands in the history the following key binding make it easier to navigate the text in the bash-terminal (`C-` refers to a Control- modifer, and `M-` refers to a "meta" or Alt- modifier): +In general, the `bash` terminal provides emacs-like key bindings for navigation. In addition to `C-n` and `C-p` to access next and previous commands in the history the following key binding make it easier to navigate the text in the bash-terminal (`C-` refers to a Control- modifier, and `M-` refers to a "meta" or Alt- modifier): - `C-a` Cursor to the beginning of the line (`C-a a` in screen) - `C-e` Cursor to the end of the line diff --git a/docs/networking/vpn/pritunl-vpn-ubuntu.md b/docs/networking/vpn/pritunl-vpn-ubuntu.md index 4d3f6f641d2..4523d9e5b74 100644 --- a/docs/networking/vpn/pritunl-vpn-ubuntu.md +++ b/docs/networking/vpn/pritunl-vpn-ubuntu.md @@ -78,7 +78,7 @@ If you've configured the firewall according to the [Securing Your Server](/docs/ - **Username:** *pritunl* - **Password:** *pritunl* -2. The Inital Setup form will appear: +2. The Initial Setup form will appear: ![Pritunl setup screen](/docs/assets/pritunl-setup.png) diff --git a/docs/networking/vpn/secure-communications-with-openvpn-on-ubuntu-12-04-precise-and-debian-7.md b/docs/networking/vpn/secure-communications-with-openvpn-on-ubuntu-12-04-precise-and-debian-7.md index 197118fca95..3ff9672a3d9 100644 --- a/docs/networking/vpn/secure-communications-with-openvpn-on-ubuntu-12-04-precise-and-debian-7.md +++ b/docs/networking/vpn/secure-communications-with-openvpn-on-ubuntu-12-04-precise-and-debian-7.md @@ -228,7 +228,7 @@ Most network management tools provide some facility for managing connections to If you use OS X on a Mac, we have found that the [Tunnelblick](http://code.google.com/p/tunnelblick/) tool provides an easy method for managing OpenVPN connections. If you use Windows, the [OpenVPN GUI](http://openvpn.se/) tool may be an effective tool for managing your connections too. Linux desktop users can install the OpenVPN package and use the network management tools that come with the desktop environment. -Here we will go through installing Tunneblick on OSX: +Here we will go through installing Tunnelblick on OSX: 1. To download the latest version of Tunnelblick, [click here](https://tunnelblick.net/downloads.html#Tunnelblick_Stable_Release). After opening the dmg file you can drag it into applications or open it immediately and it will copy itself. 2. After starting, you will see this splash screen: diff --git a/docs/networking/vpn/set-up-a-hardened-openvpn-server.md b/docs/networking/vpn/set-up-a-hardened-openvpn-server.md index edf82d20aa0..86380922965 100644 --- a/docs/networking/vpn/set-up-a-hardened-openvpn-server.md +++ b/docs/networking/vpn/set-up-a-hardened-openvpn-server.md @@ -207,7 +207,7 @@ According to OpenSSL's man page, `genpkey -genparam` supersedes `dhparam`. ## VPN Certificate Authority -Client certificates and keys should be not be managed directly on your VPN server. They should be created locally on a computer and stored offline. For the best quality entropy, they should be created on a computer which has a powerful CPU. You should avoid doing this on a virutal machine. +Client certificates and keys should be not be managed directly on your VPN server. They should be created locally on a computer and stored offline. For the best quality entropy, they should be created on a computer which has a powerful CPU. You should avoid doing this on a virtual machine. You can generate certificates and keys two ways: by using [EasyRSA](https://github.com/OpenVPN/easy-rsa) scripts, or by creating your own public key infrastructure for your VPN, which includes customizations not included in the default OpenSSL configuration file. diff --git a/docs/networking/vpn/set-up-a-streisand-gateway.md b/docs/networking/vpn/set-up-a-streisand-gateway.md index 4818859584a..e19c24df620 100644 --- a/docs/networking/vpn/set-up-a-streisand-gateway.md +++ b/docs/networking/vpn/set-up-a-streisand-gateway.md @@ -28,7 +28,7 @@ However, the configuration process is time-consuming, especially for those with Streisand uses open-source platform Ansible to automate much of the process that creates and configures a Linode. This means, unlike normal VPN setup, you should **not** create a Linode before beginning this guide, or go through the usual steps of connecting to and securing your server. All of the commands will be run from your local machine. You will, however, need the API key from your Linode account: -1. Open the Linode Manager and select "My Profile," in the upper right corner of the screen next to your account name. You will need to re-aunthenticate before viewing this section. +1. Open the Linode Manager and select "My Profile," in the upper right corner of the screen next to your account name. You will need to re-authenticate before viewing this section. 2. Select the "API Keys" tab on the far right of the menu. @@ -119,7 +119,7 @@ Streisand will create a new Linode under your account early in the configuration {{< /caution >}} {{< note >}} -You should not recieve any errors during the install. If you receive an error related to `Alert_cpu_threshold must be between 0 and 2000`, visit this [link](https://github.com/jlund/streisand/issues/626#issuecomment-319812261) to address the issue. +You should not receive any errors during the install. If you receive an error related to `Alert_cpu_threshold must be between 0 and 2000`, visit this [link](https://github.com/jlund/streisand/issues/626#issuecomment-319812261) to address the issue. {{< /note >}} ## Connect to Your Streisand Gateway diff --git a/docs/networking/vpn/vpn-firewall-killswitch-for-linux-and-macos-clients.md b/docs/networking/vpn/vpn-firewall-killswitch-for-linux-and-macos-clients.md index 7dee743bdce..c2edab594e1 100644 --- a/docs/networking/vpn/vpn-firewall-killswitch-for-linux-and-macos-clients.md +++ b/docs/networking/vpn/vpn-firewall-killswitch-for-linux-and-macos-clients.md @@ -16,7 +16,7 @@ external_resources: - '[Ubuntu Help Page for iptables](https://help.ubuntu.com/community/IptablesHowTo)' --- -A virtual private network is often used to evade censorship, surveillance, or geolocation by routing internet traffic from your local device to the remote VPN server through an encrypted tunnel. In this scenario, the VPN server is the internet gateway for all connected client devices, and it forwards traffic from clients out to the interent, then receives and routes the traffic back to the client devices. However, there is always a risk that the VPN connection will unexpectedly drop, which can result in your traffic being communicated over the public internet instead of through the encrypted VPN connection. +A virtual private network is often used to evade censorship, surveillance, or geolocation by routing internet traffic from your local device to the remote VPN server through an encrypted tunnel. In this scenario, the VPN server is the internet gateway for all connected client devices, and it forwards traffic from clients out to the internet, then receives and routes the traffic back to the client devices. However, there is always a risk that the VPN connection will unexpectedly drop, which can result in your traffic being communicated over the public internet instead of through the encrypted VPN connection. For this reason, VPN clients often use firewall rules to ensure that internet traffic is allowed only to the VPN gateway. This protects the client's traffic from being compromised in the event of a sudden disconnection from the VPN server. This functionality is sometimes referred to as a VPN "kill switch," because it has the effect of instantly blocking all connections to the internet if the VPN connection should fail. diff --git a/docs/platform/disk-images/migrating-a-server-to-your-linode.md b/docs/platform/disk-images/migrating-a-server-to-your-linode.md index 215bf8201bf..60054a538f7 100644 --- a/docs/platform/disk-images/migrating-a-server-to-your-linode.md +++ b/docs/platform/disk-images/migrating-a-server-to-your-linode.md @@ -43,14 +43,14 @@ We assume that your existing server has a single root partition. If you have mul 3. Select a Linode. The Linode's dashboard appears. 4. Create a disk to hold the files from the existing server. Select **Create a new Disk**. The webpage shown below appears. - [![Creating a disk](/docs/assets/1039-migrate1.png)](/docs/assets/1039-migrate1.png) + [![Creating a disk](/docs/assets/1039-migrate1.png)](/docs/assets/1039-migrate1.png) 5. Enter a descriptive name for the disk in the **Label** field. 6. Enter a size for the disk in the **Size** field. You should make the disk large enough to hold the contents of your current server's root partition. 7. Click **Save Changes** to create the disk. The Linode's dashboard appears. You can monitor the disk creation process by watching the *Host Job Queue*. 8. Now create a swap disk for your existing server. Select **Create a new Disk**. The webpage shown below appears. - [![Creating a disk](/docs/assets/1040-migrate2.png)](/docs/assets/1040-migrate2.png) + [![Creating a disk](/docs/assets/1040-migrate2.png)](/docs/assets/1040-migrate2.png) 9. Enter a name for the swap disk in the **Label** field. 10. From the **Type** menu, select **swap**. @@ -66,12 +66,12 @@ You'll need a configuration profile to boot your existing server after you uploa 1. In the [Linode Manager](https://manager.linode.com), select the Linode's dashboard. 2. Select **Create a new Configuration Profile**. The webpage shown below appears. - [![Creating a configuration profile](/docs/assets/migrate-configuration-profile-small.png)](/docs/assets/migrate-configuration-profile.png) + [![Creating a configuration profile](/docs/assets/migrate-configuration-profile-small.png)](/docs/assets/migrate-configuration-profile.png) 3. Enter a name for the configuration profile in the **Label** field. 4. *Optional:* Enter notes for the configuration profile in the **Notes** field. - {{< note >}} + {{< note >}} Make sure that you select the correct kernel for your existing server. There are 32-bit and 64-bit versions available. The 64-bit version has `x86_64` in the name. {{< /note >}} @@ -137,7 +137,7 @@ After the network copy is complete and the files from the existing server have b The entire mounted filesystem will be recursively searched for any instances of your old IP address. Note that this replacement operation can take a while to complete. -3. You can find your IP information in the Linode Manger under the remote access tab. You'll need your public IP, gateway, and dns server. On the Linode, open the releveant network configuration files for your distribution and adjust them accordingly. +3. You can find your IP information in the Linode Manger under the remote access tab. You'll need your public IP, gateway, and dns server. On the Linode, open the relevant network configuration files for your distribution and adjust them accordingly. ### Configuring Mount Points @@ -149,7 +149,7 @@ Now you should configure mount points for the new disks. Here's how: 2. Change the mount point for `root` to `/dev/sda`, and the mount and `swap` to `/dev/sdb`, as shown below: - {{< file-excerpt "/media/sda/etc/fstab" >}} + {{< file-excerpt "/media/sda/etc/fstab" >}} # /etc/fstab: static file system information. # # @@ -211,7 +211,7 @@ Here's how to fix persistent rules: 3. Modify the file to remove `eth*` from the beginning of the kernel whitelist so that it does not create persistent rules for `eth*`. In this case we simply removed `eth*` from the beginning of the kernel whitelist. The relevant section in the file should resemble the following: - {{< file-excerpt "udev network rules" >}} + {{< file-excerpt "udev network rules" >}} # device name whitelist KERNEL!="ath*|wlan*[0-9]|msh*|ra*|sta*|ctc*|lcs*|hsi*", \ GOTO="persistent_net_generator_end" @@ -239,7 +239,7 @@ Now it's time to boot your Linode from the new disks. All you have to do is sele 3. Select a Linode. The Linode's dashboard appears. 4. Select the configuration profile you created earlier, as shown below. - [![Selecting the configuration profile](/docs/assets/1047-migrate6-small.png)](/docs/assets/1048-migrate6.png) + [![Selecting the configuration profile](/docs/assets/1047-migrate6-small.png)](/docs/assets/1048-migrate6.png) 5. Click **Reboot** to restart your Linode with the configuration profile and disks you just created. diff --git a/docs/platform/how-to-build-your-infrastructure-using-terraform-and-linode.md b/docs/platform/how-to-build-your-infrastructure-using-terraform-and-linode.md index b888edd9890..9f6df4f8bc6 100644 --- a/docs/platform/how-to-build-your-infrastructure-using-terraform-and-linode.md +++ b/docs/platform/how-to-build-your-infrastructure-using-terraform-and-linode.md @@ -21,7 +21,7 @@ external_resources: Infrastructure as code (IaC) is software that gives the developer the ability to build, manage, and provision computing environments with a high-level programming language. Some benefits of this technology are: enforcing DevOps best practices, process automation and the opportunity to use version control systems for greater visibility and collaboration within a team. Terraform stands out from other IaC solutions because it's an orchestration tool, which means *it's designed specifically for bare-metal server and virtual machines*. The configuration of the servers can be achieved using Terraform, but implementing specialized software for tasks like Puppet, Chef, or Ansible are easily done through a provisioner architecture. -This guide will showcase Terraform, and its benefits when used in conjuction with Linode's cloud technology. +This guide will showcase Terraform, and its benefits when used in conjunction with Linode's cloud technology. {{< caution >}} diff --git a/docs/platform/longview/longview-app-for-nginx.md b/docs/platform/longview/longview-app-for-nginx.md index 053fc22692d..0e3a6d9452e 100644 --- a/docs/platform/longview/longview-app-for-nginx.md +++ b/docs/platform/longview/longview-app-for-nginx.md @@ -13,27 +13,27 @@ published: 2013-11-05 title: Longview App for Nginx --- -Longview for Nginx is a Longview App. The Longview Nginx tab appears in the Linode Manager when Longview detects that you have Nginx installed on your Linode. With the Longview Nginx App, you'll be able to view statistics for Nginx on your Linode. It can help you keep track of Nginx's settings, workers and requests, system resource consumption, and other information. +Longview for NGINX is a Longview App. The Longview NGINX tab appears in the Linode Manager when Longview detects that you have NGINX installed on your Linode. With the Longview NGINX App, you'll be able to view statistics for NGINX on your Linode. It can help you keep track of NGINX's settings, workers and requests, system resource consumption, and other information. ## Installing Prerequisites: -- Install and start [Nginx](/docs/websites/nginx) +- Install and start [NGINX](/docs/websites/nginx) - Install the [Longview client](/docs/platform/longview/longview/#installing-the-client) ### Debian and Ubuntu Automatic Configuration -If Nginx is installed and running when you install the Longview client, the Nginx App should enable and configure itself automatically. +If NGINX is installed and running when you install the Longview client, the NGINX App should enable and configure itself automatically. -If you already have Longview installed, and later want to install Ngnix and enable the Longview App for it, you can run Longview through its automatic configuration sequence again. Depending on how Nginx's status module is configured, it will either find everything it needs to get the Nginx App started, or it will pop up a request to make some additional configurations. And don't worry - your old Longview data will stay safe. +If you already have Longview installed, and later want to install NGINX and enable the Longview App for it, you can run Longview through its automatic configuration sequence again. Depending on how NGINX's status module is configured, it will either find everything it needs to get the NGINX App started, or it will pop up a request to make some additional configurations. And don't worry - your old Longview data will stay safe. 1. Make sure that Nginx is running. 2. Run the automatic Longview configuration command on your Linode via SSH: dpkg-reconfigure -phigh linode-longview -3. For most people, this will prompt a popup asking whether you would like Longview to attempt an automatic configuration of the Nginx status module: +3. For most people, this will prompt a popup asking whether you would like Longview to attempt an automatic configuration of the NGINX status module: [![Longview has detected Nginx running on this server but was unable to access the server status page. Would you like to attempt to automatically configure the Nginx status module? This will require restarting Nginx to enable. Autoconfigure Mod\_Status: \ \](/docs/assets/1456-longview_ngnix_popup_crop.png)](/docs/assets/1456-longview_ngnix_popup_crop.png) @@ -41,10 +41,10 @@ If you already have Longview installed, and later want to install Ngnix and enab It's also possible that Longview will be able to locate the status page on its own. In that case, you won't get the popup, and you can go directly to Step 5. {{< /note >}} -4. This popup occurs when Longview can't locate the Nginx status page. In turn, this could indicate that the status page is in an unusual and unspecified location, or that the status module isn't enabled, or that Nginx itself is misconfigured. Select one of the options: +4. This popup occurs when Longview can't locate the NGINX status page. In turn, this could indicate that the status page is in an unusual and unspecified location, or that the status module isn't enabled, or that NGINX itself is misconfigured. Select one of the options: - - **\**: the Longview tool will quit, and you can do a [manual configuration](#manual-configuration-all-distributions), which is safer if you have a delicate Nginx setup. - - **\**: the Longview tool will attempt to enable the status module, set the status page location in a new vhost configuration file, and restart Nginx. This option is easier, but has the potential to disrupt your current Nginx configuration. If you choose yes, and the configuration is successful, you should see output like the following: + - **\**: the Longview tool will quit, and you can do a [manual configuration](#manual-configuration-all-distributions), which is safer if you have a delicate NGINX setup. + - **\**: the Longview tool will attempt to enable the status module, set the status page location in a new vhost configuration file, and restart NGINX. This option is easier, but has the potential to disrupt your current NGINX configuration. If you choose yes, and the configuration is successful, you should see output like the following: [ ok ] Stopping Longview Agent: longview. Checking Nginx configuration... @@ -63,13 +63,13 @@ If instead you receive a failure message, such as: [FAIL] Reloading web server config: nginx failed! -You will need to double-check your Nginx installation, and then do a [manual configuration](#manual-configuration-all-distributions). You can also visit the [Troubleshooting](#troubleshooting) section at the end of this article. +You will need to double-check your NGINX installation, and then do a [manual configuration](#manual-configuration-all-distributions). You can also visit the [Troubleshooting](#troubleshooting) section at the end of this article. ### Manual Configuration (All Distributions) -To enable the Nginx Longview app manually, follow these steps on your Linode via SSH: +To enable the NGINX Longview app manually, follow these steps on your Linode via SSH: -1. Add the following lines to your Nginx configuration to enable the status module and set the location of the status page. The lines can go at the end of the main configuration file at `nginx.conf` or in a separate vhost configuration file: +1. Add the following lines to your NGINX configuration to enable the status module and set the location of the status page. The lines can go at the end of the main configuration file at `nginx.conf` or in a separate vhost configuration file: {{< file-excerpt "nginx.conf" >}} server { @@ -85,7 +85,7 @@ server { {{< /file-excerpt >}} -2. Restart Nginx: +2. Restart NGINX: service nginx restart @@ -103,7 +103,7 @@ location http://127.0.0.1/nginx_status 5. Refresh the Longview Nginx tab in the Linode Manager. -You should now be able to see Longview data for Nginx. If that's not the case, proceed to the [Troubleshooting](#troubleshooting) section at the end of this article. +You should now be able to see Longview data for NGINX. If that's not the case, proceed to the [Troubleshooting](#troubleshooting) section at the end of this article. ## Viewing Statistics @@ -117,21 +117,21 @@ Click the image for a full-size view. [![The Longview Nginx App.](/docs/assets/1455-longview_nginx_stats_sm.png)](/docs/assets/1454-longview_nginx_stats.png) -You'll see the current version of Nginx listed on the upper right. +You'll see the current version of NGINX listed on the upper right. Mouse over a data point to see the exact numbers for that time. You can also zoom in on data points, or view older time periods with Longview Pro. For details, jump to this section in the main article about [navigating the Longview interface](/docs/platform/longview/longview#using-the-interface). The next sections cover the Longview Nginx App in detail. ### Requests -The **Requests** graph shows the total number of requests Nginx handled at the selected time. This is every HTTP and HTTPS request to your Linode. +The **Requests** graph shows the total number of requests NGINX handled at the selected time. This is every HTTP and HTTPS request to your Linode. ### Connections -The **Connections** graph shows the amount of data that Nginx accepted and handled via web requests at the time selected. +The **Connections** graph shows the amount of data that NGINX accepted and handled via web requests at the time selected. ### Workers -The **Workers** graph shows all of the Nginx workers at the selected time. The workers are broken down by state: +The **Workers** graph shows all of the NGINX workers at the selected time. The workers are broken down by state: - Waiting - Reading @@ -139,27 +139,27 @@ The **Workers** graph shows all of the Nginx workers at the selected time. The w ### CPU -The **CPU** graph shows the percentage of your Linode's CPU being used by Nginx at the selected time. If you want to see the total CPU use instead, check the [Overview tab](/docs/platform/longview/longview#overview-tab). +The **CPU** graph shows the percentage of your Linode's CPU being used by NGINX at the selected time. If you want to see the total CPU use instead, check the [Overview tab](/docs/platform/longview/longview#overview-tab). ### Memory -The **Memory** graph shows the amount of RAM being used by Nginx at the selected time. If you want to see your Linode's total memory use instead, check the [Overview tab](/docs/platform/longview/longview#overview-tab). +The **Memory** graph shows the amount of RAM being used by NGINX at the selected time. If you want to see your Linode's total memory use instead, check the [Overview tab](/docs/platform/longview/longview#overview-tab). ### Disk IO -The **Disk IO** graph shows the amount of input to and output from the disk caused by Nginx at the selected time. To see the total IO instead, visit the [Disks tab](/docs/platform/longview/longview#disks-tab). +The **Disk IO** graph shows the amount of input to and output from the disk caused by NGINX at the selected time. To see the total IO instead, visit the [Disks tab](/docs/platform/longview/longview#disks-tab). ### Process Count -The **Process Count** graph shows the total number of processes on your Linode spawned by Nginx at the selected time. If you want to see more details, and how this stacks up against the total number of processes on your Linode, see the [Process Explorer tab](/docs/platform/longview/longview#process-explorer-tab). +The **Process Count** graph shows the total number of processes on your Linode spawned by NGINX at the selected time. If you want to see more details, and how this stacks up against the total number of processes on your Linode, see the [Process Explorer tab](/docs/platform/longview/longview#process-explorer-tab). ## Troubleshooting If you don't see Longview data for Nginx, you'll instead get an error on the page and instructions on how to fix it. As a general tip, you can check the `/var/log/linode/longview.log` file for errors as well. -### Unable to Access Server Status Page for Nginx +### Unable to Access Server Status Page for NGINX -More specifically, the error will state `Unable to access server status page (http://example.com/example) for Nginx: `. This error occurs when Nginx's status setting is disabled or has been changed from the default location. +More specifically, the error will state `Unable to access server status page (http://example.com/example) for Nginx: `. This error occurs when NGINX's status setting is disabled or has been changed from the default location. {{< note >}} This error occurs when Longview attempts to check the status page `location` listed in `/etc/linode/longview.d/Nginx.conf`, or the default page at `http://127.0.0.1/nginx_status`, but receives a non-200 HTTP response code. Basically, it means that the status page Longview is checking doesn't exist. @@ -167,11 +167,11 @@ This error occurs when Longview attempts to check the status page `location` lis To fix this, follow these steps: -1. Make sure Nginx is running: +1. Make sure NGINX is running: service nginx restart -2. Check the status page location, and make sure it's available over Port 80. The default location Longview checks is `http://127.0.0.1/nginx_status` on localhost, but Nginx doesn't typically have a status page location set up by default. In the Nginx configuration file (typically `nginx.conf` or a vhost configuration file), this is designated with the lines: +2. Check the status page location, and make sure it's available over Port 80. The default location Longview checks is `http://127.0.0.1/nginx_status` on localhost, but NGINX doesn't typically have a status page location set up by default. In the NGINX configuration file (typically `nginx.conf` or a vhost configuration file), this is designated with the lines: {{< file-excerpt "nginx.conf" >}} server { @@ -187,9 +187,8 @@ server { {{< /file-excerpt >}} - 3. Longview is designed to check the default location automatically. If you use the default location shown above, you should be done. Refresh the Longview Nginx tab in the Linode Manager to verify that it's working now. -4. If you're not using the default location, you need to create a new file, `/etc/linode/longview.d/Nginx.conf`, and set the `location` variable to match what you set in the Nginx configuration file: +4. If you're not using the default location, you need to create a new file, `/etc/linode/longview.d/Nginx.conf`, and set the `location` variable to match what you set in the NGINX configuration file: {{< file "/etc/linode/longview.d/Nginx.conf" >}} location http://127.0.0.1/url-goes-here @@ -204,10 +203,10 @@ location http://127.0.0.1/url-goes-here 6. Refresh the Longview Nginx tab in the Linode Manager to verify that it's working now. {{< note >}} -If you originally compiled Nginx without the status module, you will need to recompile it with `--with-http_stub_status_module` and all your other settings. Then go back and try to enable the Longview Nginx App. +If you originally compiled NGINX without the status module, you will need to recompile it with `--with-http_stub_status_module` and all your other settings. Then go back and try to enable the Longview Nginx App. {{< /note >}} -### The Nginx Status Page Doesn't Look Right +### The NGINX Status Page Doesn't Look Right More specifically, the error will state `The Nginx status page doesn't look right. Check and investigate any redirects for misconfiguration.` This error occurs when Longview is able to reach the status page, but doesn't receive the expected content. @@ -217,21 +216,21 @@ This error occurs when Longview attempts to check the status page, and receives To resolve this issue, follow these steps: -1. Visit the URL shown in the error. See if it directs or redirects you to a page that isn't the Nginx status page. -2. Update your Nginx and Longview settings so that they specify the same location: +1. Visit the URL shown in the error. See if it directs or redirects you to a page that isn't the NGINX status page. +2. Update your NGINX and Longview settings so that they specify the same location: - - The **server\_name** and **location** lines in your Nginx configuration file + - The **server_name** and **location** lines in your NGINX configuration file - The **location** line in `/etc/linode/longview.d/Nginx.conf` If the location line isn't set in `/etc/linode/longview.d/Nginx.conf`, Longview will check the default location of `http://127.0.0.1/nginx_status` on localhost. -3. Make sure there aren't any Nginx redirects or other settings that are affecting this page. +3. Make sure there aren't any NGINX redirects or other settings that are affecting this page. 4. Restart Longview: service longview restart 5. Refresh the Longview Nginx tab in the Linode Manager to verify that it's working now. -### Nginx Tab is Missing +### NGINX Tab is Missing -If the Longview Nginx tab is missing entirely, this indicates that Nginx is either not installed, or has stopped. If you restart Nginx, you will be able to see the tab again and view all of your old data. +If the Longview Nginx tab is missing entirely, this indicates that NGINX is either not installed, or has stopped. If you restart NGINX, you will be able to see the tab again and view all of your old data. diff --git a/docs/platform/nodebalancer/getting-started-with-nodebalancers.md b/docs/platform/nodebalancer/getting-started-with-nodebalancers.md index d5a46893857..f792f79850a 100644 --- a/docs/platform/nodebalancer/getting-started-with-nodebalancers.md +++ b/docs/platform/nodebalancer/getting-started-with-nodebalancers.md @@ -45,29 +45,29 @@ Sticking with the simple web application example above, the backend Linode curre 1. Visit the NodeBalancers tab in the Linode Manager. - [![The NodeBalancer tab.](/docs/assets/796-1.png)](/docs/assets/770-nodebalancer-tab.png) + [![The NodeBalancer tab.](/docs/assets/796-1.png)](/docs/assets/770-nodebalancer-tab.png) 2. For the example web application, only one NodeBalancer is needed. Add one in the same datacenter that your backend Linodes are located in. Once purchased, you will be able to see the public IP address that has been assigned to your NodeBalancer. - [![The NodeBalancer has been added.](/docs/assets/797-2.png)](/docs/assets/772-nodebalancer-added.png) + [![The NodeBalancer has been added.](/docs/assets/797-2.png)](/docs/assets/772-nodebalancer-added.png) 3. Now choose **Create Configuration**. A NodeBalancer is configured using ports, and let's say our example web application uses only one: port 80 for regular HTTP traffic. - [![Adding a port configuration to a NodeBalancer.](/docs/assets/798-3.png)](/docs/assets/774-add-port.png) + [![Adding a port configuration to a NodeBalancer.](/docs/assets/798-3.png)](/docs/assets/774-add-port.png) - **HTTP** + **HTTP** - For the traditional web application, the settings in the screenshot above are a good start. HTTP cookie stickiness is preferred so that the same client will always land on the same backend -- for a simple web application that keeps sessions in memory, this is necessary to avoid session errors on clients. + For the traditional web application, the settings in the screenshot above are a good start. HTTP cookie stickiness is preferred so that the same client will always land on the same backend -- for a simple web application that keeps sessions in memory, this is necessary to avoid session errors on clients. - **HTTPS** + **HTTPS** - If you select the HTTPS protocol, two new fields will appear where you can add your SSL certificate, chained certificates (if applicable) and a private key (which must not have passphrase protection). + If you select the HTTPS protocol, two new fields will appear where you can add your SSL certificate, chained certificates (if applicable) and a private key (which must not have passphrase protection). - Once you have configured your certificates, you must then choose a general security and compatibility level for your NodeBalancer's TLS cipher suite pools. If you must support users accessing your application with older browsers such as Internet Explorer 6-8, you can select the **Legacy** option. However, bear in mind that by gaining backwards compatibility, your NodeBalancer will use weaker SSL/TLS cipher suites. + Once you have configured your certificates, you must then choose a general security and compatibility level for your NodeBalancer's TLS cipher suite pools. If you must support users accessing your application with older browsers such as Internet Explorer 6-8, you can select the **Legacy** option. However, bear in mind that by gaining backwards compatibility, your NodeBalancer will use weaker SSL/TLS cipher suites. - For all other implementations, the default **Recommended** cipher suite option should be used. You can see the cipher suites available with each option in our [NodeBalancer Reference Guide](/docs/platform/nodebalancer/nodebalancer-reference-guide#tls-cipher-suites). + For all other implementations, the default **Recommended** cipher suite option should be used. You can see the cipher suites available with each option in our [NodeBalancer Reference Guide](/docs/platform/nodebalancer/nodebalancer-reference-guide#tls-cipher-suites). - [![SSL Cipher Suite](/docs/assets/ssl-cipher-suite-resized.png)](/docs/assets/ssl-cipher-suite.png) + [![SSL Cipher Suite](/docs/assets/ssl-cipher-suite-resized.png)](/docs/assets/ssl-cipher-suite.png) Every ten seconds, NodeBalancer will request the root of the web application and look for a valid response code. With our example setup, there is only one backend node (which we will add shortly); if the backend goes down, NodeBalancer will serve a plain 503 Service Unavailable error page. This is more desirable than refusing connections or making browsers wait for a timeout. @@ -75,17 +75,17 @@ Every ten seconds, NodeBalancer will request the root of the web application and 1. Now we must add the single backend node to the NodeBalancer's configuration. Point this at the private IP address of your web server Linode. - [![Adding a backend node to a NodeBalancer.](/docs/assets/799-4.png)](/docs/assets/776-backend.png) + [![Adding a backend node to a NodeBalancer.](/docs/assets/799-4.png)](/docs/assets/776-backend.png) - These configuration changes will take a few moments to be reflected by your NodeBalancer. If everything is configured on your backend correctly, once the changes have gone through, the **Status** column will update from **Unknown** to **UP**. + These configuration changes will take a few moments to be reflected by your NodeBalancer. If everything is configured on your backend correctly, once the changes have gone through, the **Status** column will update from **Unknown** to **UP**. - [![The backend node has been added, and is now status UP.](/docs/assets/800-5.png)](/docs/assets/778-backend-up.png) + [![The backend node has been added, and is now status UP.](/docs/assets/800-5.png)](/docs/assets/778-backend-up.png) - If the backend status reports **DOWN**, check to make sure that your web application is configured to respond on the Linode's private IP address. There might be a virtual host mismatch as well -- check the notes in the next section. + If the backend status reports **DOWN**, check to make sure that your web application is configured to respond on the Linode's private IP address. There might be a virtual host mismatch as well -- check the notes in the next section. 2. Now that the backend is up, go directly to your NodeBalancer's IP address in a browser. You should see your web application as the NodeBalancer proxies the traffic through. - [![Viewing the NodeBalancer-driven web site in a browser.](/docs/assets/801-6.png)](/docs/assets/780-success.png) + [![Viewing the NodeBalancer-driven web site in a browser.](/docs/assets/801-6.png)](/docs/assets/780-success.png) ### A Note about Virtual Hosts @@ -107,11 +107,11 @@ Once you are satisfied that NodeBalancer is working normally, you can switch you 2. Edit or create an A record for `www.example.org`, pointing to your NodeBalancer's IP address. - [![Adding an A Record.](/docs/assets/nodebalancer-a-record_small.png)](/docs/assets/nodebalancer-a-record.png) + [![Adding an A Record.](/docs/assets/nodebalancer-a-record_small.png)](/docs/assets/nodebalancer-a-record.png) - Also add an AAAA record for the IPv6 address. + Also add an AAAA record for the IPv6 address. - [![Adding an AAAA record for the NodeBalancer.](/docs/assets/804-9.png)](/docs/assets/786-dns-aaaa.png) + [![Adding an AAAA record for the NodeBalancer.](/docs/assets/804-9.png)](/docs/assets/786-dns-aaaa.png) Once the DNS changes propagate, traffic will begin flowing through the NodeBalancer. At this point, you will want to wait at least 24 hours for all caches to catch up to the NodeBalancer before proceeding. @@ -123,4 +123,4 @@ On another Linode, make an exact copy of your current web server. The Linode bac Once the configuration is sent to the backend, users will be transparently balanced over the two Linodes and each will be monitored for health. This configuration is very easy to work with, as upgrades can be rolled out to each backend without disrupting service and backends can be taken in and out of rotation at will. -This is just the beginning; NodeBalancers are extremely flexible and cater to a lot of needs. From here, the API can be used to add many backends. Multiple ports on one backend can be balanced for speciality setups. Additionally, new tools like *memcached* can be introduced to the application to allow session stickiness to become irrelevant. +This is just the beginning; NodeBalancers are extremely flexible and cater to a lot of needs. From here, the API can be used to add many backends. Multiple ports on one backend can be balanced for complex setups. Additionally, new tools like *memcached* can be introduced to the application to allow session stickiness to become irrelevant. diff --git a/docs/quick-answers/linux/how-to-change-selinux-modes.md b/docs/quick-answers/linux/how-to-change-selinux-modes.md index 65c3693fbe3..fdbd689278b 100644 --- a/docs/quick-answers/linux/how-to-change-selinux-modes.md +++ b/docs/quick-answers/linux/how-to-change-selinux-modes.md @@ -16,7 +16,7 @@ external_resources: - '[SELinux, CentOS Wiki](https://wiki.centos.org/HowTos/SELinux)' --- -[Security Enhanced Linux](https://selinuxproject.org/page/Main_Page) is a Linux security module for [mandatory](https://en.wikipedia.org/wiki/Mandatory_access_control) or [role-baed](https://wiki.centos.org/HowTos/SELinux#head-91a597b2b6f140484d62d59a0b9a1dfea4dffc50) access control. SELinux is packaged with CentOS and Fedora by default, and can be running in one of three [modes](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Introduction-SELinux_Modes.html): *disabled*, *permissive* or *enforcing*. +[Security Enhanced Linux](https://selinuxproject.org/page/Main_Page) is a Linux security module for [mandatory](https://en.wikipedia.org/wiki/Mandatory_access_control) or [role-based](https://wiki.centos.org/HowTos/SELinux#head-91a597b2b6f140484d62d59a0b9a1dfea4dffc50) access control. SELinux is packaged with CentOS and Fedora by default, and can be running in one of three [modes](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Introduction-SELinux_Modes.html): *disabled*, *permissive* or *enforcing*. Ideally, you want to keep SELinux in enforcing mode, but there may be times when you need to set it to permissive mode, or disable it altogether. Note that the *disabled* state means the daemon is still running and is still enforcing rules for [discretionary access control](https://en.wikipedia.org/wiki/Discretionary_access_control), however no MAC security policies are being used, and no violations are being logged. diff --git a/docs/security/authentication/gpg-key-for-ssh-authentication.md b/docs/security/authentication/gpg-key-for-ssh-authentication.md index 27cff9b0ea6..14f4f10b2f5 100644 --- a/docs/security/authentication/gpg-key-for-ssh-authentication.md +++ b/docs/security/authentication/gpg-key-for-ssh-authentication.md @@ -284,7 +284,7 @@ You can reimport it with the ever-handy `gpg2 --import key-file` command. ## Move Your Key to a Smartcard or YubiKey (Optional) {{< note >}} -If you're using a brand new YubiKey, you'll need to enable OpenPGP Card / CCID Mode first. This can be done through the YubiKey Personlisation Tool, or by running `ykpersonalise -m82`. `ykpersonalise` can be installed through your package manager. +If you're using a brand new YubiKey, you'll need to enable OpenPGP Card / CCID Mode first. This can be done through the YubiKey Personlization Tool, or by running `ykpersonalise -m82`. `ykpersonalise` can be installed through your package manager. {{< /note >}} ### Secure Your Card diff --git a/docs/security/getting-started-with-selinux.md b/docs/security/getting-started-with-selinux.md index ae3334098a4..43650f1e3d6 100644 --- a/docs/security/getting-started-with-selinux.md +++ b/docs/security/getting-started-with-selinux.md @@ -24,7 +24,7 @@ SELinux is a Mandatory Access Control (MAC) system, developed by the NSA. SELinu The difference between Discretionary Access Controls and Mandatory Access Controls is the means by which users and applications gain access to machines. Traditionally, the command `sudo` gives a user the ability to heighten permissions to `root`-level. Root access on a DAC system gives the person or program with root access permission to perform as desired on a machine. -Ideally, the person with root access should be trusted with it. But if security has been compromised, so too has the system. SELinux and MACs resolve this issue by both confining privleged proccesses and automating security policy creation. +Ideally, the person with root access should be trusted with it. But if security has been compromised, so too has the system. SELinux and MACs resolve this issue by both confining privileged processes and automating security policy creation. SELinux defaults to denying anything that is not explicitly allowed. SELinux has global modes, `permissive` and `enforcing`. `Permissive` mode allows the system to function like a Discretionary Access Control system, while logging every violation to SELinux. The `enforcing` mode enforces a strict denial of access to anything that isn't explicitly allowed. To explicitly allow certain behavior on a machine, you, as the system administrator, have to write policies that allow it. @@ -45,20 +45,20 @@ We do not recommend you disable SELinux. But if you wish to disable SELinux, ple On CentOS 7 most of the SELinux packages are installed by default. Look to see what packages are installed: - rpm -aq | grep selinux + rpm -aq | grep selinux If you are dealing with a freshly installed CentOS 7 Linode, your output should be: - [root@centos ~]# rpm -aq | grep selinux - libselinux-utils-2.5-6.el7.x86_64 - libselinux-2.5-6.el7.x86_64 - libselinux-python-2.5-6.el7.x86_64 - selinux-policy-3.13.1-102.el7_3.16.noarch - selinux-policy-targeted-3.13.1-102.el7_3.16.noarch + [root@centos ~]# rpm -aq | grep selinux + libselinux-utils-2.5-6.el7.x86_64 + libselinux-2.5-6.el7.x86_64 + libselinux-python-2.5-6.el7.x86_64 + selinux-policy-3.13.1-102.el7_3.16.noarch + selinux-policy-targeted-3.13.1-102.el7_3.16.noarch Install the following packages and their associated dependencies: - yum install policycoreutils policycoreutils-python selinux-policy selinux-policy-targeted libselinux-utils setools setools-console + yum install policycoreutils policycoreutils-python selinux-policy selinux-policy-targeted libselinux-utils setools setools-console Optionally, install `setroubleshoot-server` and `mctrans`. The `setroubleshoot-server` allows, among many other things, for email notifications to be sent from the server to notify you of any policy violations. The `mctrans` daemon translates the output of SELinux to human readable text. @@ -71,60 +71,60 @@ SELinux has two modes: `Enforcing` and `Permissive`: You can check what mode your system is in by running the `getenforce` command: - [root@centos ~ ]# getenforce - Enforcing + [root@centos ~ ]# getenforce + Enforcing You can also retrieve even more information using `sestatus`: - [root@centos ~]# sestatus - SELinux status: enabled - SELinuxfs mount: /sys/fs/selinux - SELinux root directory: /etc/selinux - Loaded policy name: targeted - Current mode: enforcing - Mode from config file: permissive - Policy MLS status: enabled - Policy deny_unknown status: allowed - Max kernel policy version: 28 + [root@centos ~]# sestatus + SELinux status: enabled + SELinuxfs mount: /sys/fs/selinux + SELinux root directory: /etc/selinux + Loaded policy name: targeted + Current mode: enforcing + Mode from config file: permissive + Policy MLS status: enabled + Policy deny_unknown status: allowed + Max kernel policy version: 28 You have to set SELinux to `permissive`, so that you can create policies on your system for SELinux to enforce. After changing SELinux's mode, you have to reboot your system. - [root@centos ~]# setenforce 0 - [root@centos ~]# getenforce - Permissive - [root@centos ~]# reboot + [root@centos ~]# setenforce 0 + [root@centos ~]# getenforce + Permissive + [root@centos ~]# reboot Now that SELinux is set to `Permissive`, you can see the log of privacy violations by using: - grep "selinux" /var/log/messages + grep "selinux" /var/log/messages The output will look very similar to this: - [root@centos ~]# grep "selinux" /var/log/messages - Jun 26 12:27:16 li482-93 yum[4572]: Updated: selinux-policy-3.13.1-102.el7_3.16.noarch - Jun 26 12:27:38 li482-93 yum[4572]: Updated: selinux-policy-targeted-3.13.1-102.el7_3.16.noarch - Jun 26 16:38:15 li482-93 systemd: Removed slice system-selinux\x2dpolicy\x2dmigrate\x2dlocal\x2dchanges.slice. - Jun 26 16:38:15 li482-93 systemd: Stopping system-selinux\x2dpolicy\x2dmigrate\x2dlocal\x2dchanges.slice. - Jun 26 16:54:46 li482-93 systemd: Removed slice system-selinux\x2dpolicy\x2dmigrate\x2dlocal\x2dchanges.slice. - Jun 26 16:54:46 li482-93 systemd: Stopping system-selinux\x2dpolicy\x2dmigrate\x2dlocal\x2dchanges.slice. - Jun 26 16:55:45 li482-93 kernel: EVM: security.selinux - Jun 26 17:33:43 li482-93 kernel: EVM: security.selinux - Jun 26 17:36:21 li482-93 kernel: EVM: security.selinux + [root@centos ~]# grep "selinux" /var/log/messages + Jun 26 12:27:16 li482-93 yum[4572]: Updated: selinux-policy-3.13.1-102.el7_3.16.noarch + Jun 26 12:27:38 li482-93 yum[4572]: Updated: selinux-policy-targeted-3.13.1-102.el7_3.16.noarch + Jun 26 16:38:15 li482-93 systemd: Removed slice system-selinux\x2dpolicy\x2dmigrate\x2dlocal\x2dchanges.slice. + Jun 26 16:38:15 li482-93 systemd: Stopping system-selinux\x2dpolicy\x2dmigrate\x2dlocal\x2dchanges.slice. + Jun 26 16:54:46 li482-93 systemd: Removed slice system-selinux\x2dpolicy\x2dmigrate\x2dlocal\x2dchanges.slice. + Jun 26 16:54:46 li482-93 systemd: Stopping system-selinux\x2dpolicy\x2dmigrate\x2dlocal\x2dchanges.slice. + Jun 26 16:55:45 li482-93 kernel: EVM: security.selinux + Jun 26 17:33:43 li482-93 kernel: EVM: security.selinux + Jun 26 17:36:21 li482-93 kernel: EVM: security.selinux The file that contains the security states of the system is located at `/etc/selinux/config`, you can edit that file to change the state of the system. - vi /etc/selinux/config - # This file controls the state of SELinux on the system. - # SELINUX= can take one of these three values: - # enforcing - SELinux security policy is enforced. - # permissive - SELinux prints warnings instead of enforcing. - # disabled - No SELinux policy is loaded. - SELINUX=permissive - # SELINUXTYPE= can take one of three two values: - # targeted - Targeted processes are protected, - # minimum - Modification of targeted policy. Only selected processes are protected. - # mls - Multi Level Security protection. - SELINUXTYPE=targeted + vi /etc/selinux/config + # This file controls the state of SELinux on the system. + # SELINUX= can take one of these three values: + # enforcing - SELinux security policy is enforced. + # permissive - SELinux prints warnings instead of enforcing. + # disabled - No SELinux policy is loaded. + SELINUX=permissive + # SELINUXTYPE= can take one of three two values: + # targeted - Targeted processes are protected, + # minimum - Modification of targeted policy. Only selected processes are protected. + # mls - Multi Level Security protection. + SELINUXTYPE=targeted The uncommented lines can be changed to any state. After changing the state of SELinux, `reboot` the machine for the changes to take effect. @@ -133,11 +133,11 @@ The uncommented lines can be changed to any state. After changing the state of S Before switching to the `enforce` state in SELinux, you have to understand contexts, as they pertain to SELinux. - [root@centos ~]# useradd user - [root@centos ~]# su user - [user@centos ~]$ cd ~/ && mkdir test - [user@centos ~]$ ls -Z - drwxrwxr-x. user user unconfined_u:object_r:user_home_t:s0 test + [root@centos ~]# useradd user + [root@centos ~]# su user + [user@centos ~]$ cd ~/ && mkdir test + [user@centos ~]$ ls -Z + drwxrwxr-x. user user unconfined_u:object_r:user_home_t:s0 test The output of `ls -Z` may look familiar, but the `-Z` context flag prints out the SELinux security context of any file. @@ -149,31 +149,31 @@ SELinux marks every single object on a machine with a *context*. That means ever An SELinux Boolean is a variable that can be toggled on and off without needing to reload or recompile an SELinux polcy. You can view the list of boolean variables using the `getsebool -a` command. It's a long list, so you can pipe it through `grep` to narrow down the results: - [root@centos ~]# getsebool -a | grep xdm - xdm_bind_vnc_tcp_port --> off - xdm_exec_bootloader --> off - xdm_sysadm_login --> off - xdm_write_home --> off + [root@centos ~]# getsebool -a | grep xdm + xdm_bind_vnc_tcp_port --> off + xdm_exec_bootloader --> off + xdm_sysadm_login --> off + xdm_write_home --> off You can change the value of any variable using the `setsebool` command. If you set the `-P` flag, the setting will persist through reboots. If you want to permit a service like [openVPN](https://www.linode.com/docs/networking/vpn/tunnel-your-internet-traffic-through-an-openvpn-server) to run unconfined in your system, you have to edit the policies boolean variable: - [root@centos ~]# getsebool -a | grep "vpn" - openvpn_can_network_connect --> on - openvpn_enable_homedirs --> on - openvpn_run_unconfined --> off + [root@centos ~]# getsebool -a | grep "vpn" + openvpn_can_network_connect --> on + openvpn_enable_homedirs --> on + openvpn_run_unconfined --> off - [root@centos ~]# setsebool -P openvpn_run_unconfined ON + [root@centos ~]# setsebool -P openvpn_run_unconfined ON - [root@centos ~]# getsebool -a | grep "vpn" - openvpn_can_network_connect --> on - openvpn_enable_homedirs --> on - openvpn_run_unconfined --> on + [root@centos ~]# getsebool -a | grep "vpn" + openvpn_can_network_connect --> on + openvpn_enable_homedirs --> on + openvpn_run_unconfined --> on Now, you are able to use OpenVPN **unconfined** or in **permissive** mode on your system, even if it is actively in **enforcing** mode. Set your system to `enforce`, and let SELinux protect your system. - [root@centos ~]# setenforce 1 - [root@centos ~]# getenforce - Enforcing + [root@centos ~]# setenforce 1 + [root@centos ~]# getenforce + Enforcing ### Next Steps diff --git a/docs/security/security-patches/patching-bash-for-the-shellshock-vulnerability.md b/docs/security/security-patches/patching-bash-for-the-shellshock-vulnerability.md index 0605cd52e04..f2b0ffd3462 100644 --- a/docs/security/security-patches/patching-bash-for-the-shellshock-vulnerability.md +++ b/docs/security/security-patches/patching-bash-for-the-shellshock-vulnerability.md @@ -24,18 +24,18 @@ You must first see if you are vulnerable. As there are several vulnerabilities, To check if your Linode is vulnerable, run the following in Bash: - env x='() { :;}; echo vulnerable' bash -c 'echo this is a test' + env x='() { :;}; echo vulnerable' bash -c 'echo this is a test' If your Linode is vulnerable, you will see: - vulnerable - this is a test + vulnerable + this is a test If your Linode is not vulnerable, you will see: - bash: warning: x: ignoring function definition attempt - bash: error importing function definition for `x' - this is a test + bash: warning: x: ignoring function definition attempt + bash: error importing function definition for `x' + this is a test In some distributions, such as Ubuntu 12.04, you may not see the bash warning errors. As long as you do not see `vulnerable` in your output, you are running an upgraded version for CVE-2014-6271. @@ -45,19 +45,19 @@ While working on CVE-2014-6271, a new bug was discovered and given the CVE ident To check for the vulnerability, run the following in Bash: - env X='() { (a)=>\' sh -c "echo date"; cat echo + env X='() { (a)=>\' sh -c "echo date"; cat echo If your Linode is vulnerable, you will see: - bash: X: line 1: syntax error near unexpected token `=' - bash: X: line 1: `' - bash: error importing function for `X' - Sun Sep 08:17:32 EST 2014 + bash: X: line 1: syntax error near unexpected token `=' + bash: X: line 1: `' + bash: error importing function for `X' + Sun Sep 08:17:32 EST 2014 -If your Linode is not vulernable, you will see: +If your Linode is not vulnerable, you will see: - date - cat: echo: No such file or directory + date + cat: echo: No such file or directory ### CVE-2014-7186 @@ -67,24 +67,24 @@ The vulnerability allowed out-of-bounds memory access by using a fixed-sized red To test the vulnerability, run the following in Bash: - bash -c 'true <=app-shells/bash-3.1_p18-r1" + emerge --sync + emerge --ask --oneshot --verbose ">=app-shells/bash-3.1_p18-r1" Re-run the commands in the "Checking the Vulnerability" section of this documentation to ensure it has been patched. @@ -149,17 +149,17 @@ Re-run the commands in the "Checking the Vulnerability" section of this document To patch the vulnerability in Bash 3.2 on Gentoo, run: - emerge --sync - emerge --ask --oneshot --verbose ">=app-shells/bash-3.2_p52-r1" + emerge --sync + emerge --ask --oneshot --verbose ">=app-shells/bash-3.2_p52-r1" -Re-run the commands in the "Checking the Vulnerabilty" section of this documentation to ensure it has been patched. +Re-run the commands in the "Checking the Vulnerability" section of this documentation to ensure it has been patched. #### Bash 4.0 To patch the vulnerability in Bash 4.0 on Gentoo, run: - emerge --sync - emerge --ask --oneshot --verbose ">=app-shells/bash-4.0_p39-r1" + emerge --sync + emerge --ask --oneshot --verbose ">=app-shells/bash-4.0_p39-r1" Re-run the commands in the "Checking the Vulnerability" section of this documentation to ensure it has been patched. @@ -167,8 +167,8 @@ Re-run the commands in the "Checking the Vulnerability" section of this document To patch the vulnerability in Bash 4.1 on Gentoo, run: - emerge --sync - emerge --ask --oneshot --verbose ">=app-shells/bash-4.1_p12-r1" + emerge --sync + emerge --ask --oneshot --verbose ">=app-shells/bash-4.1_p12-r1" Re-run the commands in the "Checking the Vulnerability" section of this documentation to ensure it has been patched. @@ -176,8 +176,8 @@ Re-run the commands in the "Checking the Vulnerability" section of this document To patch the vulnerability in Bash 4.2 on Gentoo, run: - emerge --sync - emerge --ask --oneshot --verbose ">=app-shells/bash-4.2_p48-r1" + emerge --sync + emerge --ask --oneshot --verbose ">=app-shells/bash-4.2_p48-r1" Re-run the commands in the "Checking the Vulnerability" section of this documentation to ensure it has been patched. @@ -186,7 +186,7 @@ Re-run the commands in the "Checking the Vulnerability" section of this document To upgrade Bash against the vulnerability on OpenSUSE, run: - zypper patch --cve=CVE-2014-7187 + zypper patch --cve=CVE-2014-7187 Re-run the commands in the "Checking the Vulnerability" section of this documentation to ensure it has been upgraded. @@ -195,7 +195,7 @@ Re-run the commands in the "Checking the Vulnerability" section of this document To upgrade against the vulnerability on Slackware, you must upgrade the Bash package using `slackpkg`: - slackpkg update - slackpkg upgrade bash + slackpkg update + slackpkg upgrade bash Once you have done so, re-run the commands in the "Checking the Vulnerability" section of this documentation to ensure it has been upgraded. diff --git a/docs/security/security-patches/patching-glibc-for-the-ghost-vulnerability.md b/docs/security/security-patches/patching-glibc-for-the-ghost-vulnerability.md index fc0d2cce0d7..e7ce9977b26 100644 --- a/docs/security/security-patches/patching-glibc-for-the-ghost-vulnerability.md +++ b/docs/security/security-patches/patching-glibc-for-the-ghost-vulnerability.md @@ -149,7 +149,7 @@ int main(void) { gcc GHOST.c -o GHOST -3. Execute the compiled GHOST script. Your terminal should print "vulnerable" or "not vulnerable" depening on your system's status. +3. Execute the compiled GHOST script. Your terminal should print "vulnerable" or "not vulnerable" depending on your system's status. ./GHOST diff --git a/docs/security/upgrading/how-to-upgrade-to-ubuntu-10-04-lts-lucid.md b/docs/security/upgrading/how-to-upgrade-to-ubuntu-10-04-lts-lucid.md index ad84878cbfb..8ca4434040b 100644 --- a/docs/security/upgrading/how-to-upgrade-to-ubuntu-10-04-lts-lucid.md +++ b/docs/security/upgrading/how-to-upgrade-to-ubuntu-10-04-lts-lucid.md @@ -24,7 +24,7 @@ Ubuntu recommends waiting until the ".1" release of any version increment before # Upgrade Instructions -You should stop as many services as possible before upgrading your system. This should include web server deaemons (Apache, nginx, etc), database servers (PostgreSQL, MySQL, etc), and any other non-critical services. +You should stop as many services as possible before upgrading your system. This should include web server daemons (Apache, NGINX, etc), database servers (PostgreSQL, MySQL, etc), and any other non-critical services. If you are running Ubuntu 8.04 or 9.10, edit your `/etc/fstab` file to include the following line (see later notes on Ubuntu 9.04). diff --git a/docs/security/upgrading/how-to-upgrade-to-ubuntu-10-10-maverick.md b/docs/security/upgrading/how-to-upgrade-to-ubuntu-10-10-maverick.md index 095094c6bb2..e6374b77a56 100644 --- a/docs/security/upgrading/how-to-upgrade-to-ubuntu-10-10-maverick.md +++ b/docs/security/upgrading/how-to-upgrade-to-ubuntu-10-10-maverick.md @@ -22,7 +22,7 @@ This guide explains how to upgrade your Linode to Ubuntu 10.10 (Maverick). As wi # Upgrade Instructions -You should stop as many services as possible before upgrading your system. This should include web server deaemons (Apache, nginx, etc), database servers (PostgreSQL, MySQL, etc), and any other non-critical services. +You should stop as many services as possible before upgrading your system. This should include web server daemons (Apache, NGINX, etc), database servers (PostgreSQL, MySQL, etc), and any other non-critical services. If you are running Ubuntu 8.04 or 9.10, edit your `/etc/fstab` file to include the following line (see later notes on Ubuntu 9.04). diff --git a/docs/security/upgrading/upgrade-to-debian-8-jessie.md b/docs/security/upgrading/upgrade-to-debian-8-jessie.md index ae87c330853..d814b82a402 100644 --- a/docs/security/upgrading/upgrade-to-debian-8-jessie.md +++ b/docs/security/upgrading/upgrade-to-debian-8-jessie.md @@ -14,7 +14,7 @@ title: 'Upgrading to Debian 8 (Jessie)' Debian 8 (Jessie) is the most recent version of Debian, released in April 2015. This guide explains how to upgrade your system from Debian 7 (Wheezy) to Debian 8. -Bear in mind that while package and distribution maintainers try to ensure cross-compatibility and problem-free upgrades, there is always the lingering possiblity of something not working out as planned. This is one reason why backing up your data is so important. +Bear in mind that while package and distribution maintainers try to ensure cross-compatibility and problem-free upgrades, there is always the lingering possibility of something not working out as planned. This is one reason why backing up your data is so important. {{< note >}} If you use the Apache web server, be aware that Debian 8 moves from Apache 2.2 to 2.4. This version change requires several adjustments to configuration files, and can break an existing website. Please follow our [Upgrading Apache](/docs/security/upgrading/updating-virtual-host-settings-from-apache-2-2-to-apache-2-4) guide before continuing. diff --git a/docs/security/visualize-server-security-on-centos-7-with-an-elastic-stack-and-wazuh.md b/docs/security/visualize-server-security-on-centos-7-with-an-elastic-stack-and-wazuh.md index e1b7d96bb08..a56346c9533 100644 --- a/docs/security/visualize-server-security-on-centos-7-with-an-elastic-stack-and-wazuh.md +++ b/docs/security/visualize-server-security-on-centos-7-with-an-elastic-stack-and-wazuh.md @@ -39,7 +39,7 @@ An Elastic Stack, formerly known as an ELK Stack, is a combination of Elasticsea ## What is Wazuh OSSEC -Wazuh is an open source branch of the orignal [OSSEC HIDS](https://ossec.github.io/) developed for integration into the Elastic Stack. Wazuh provides the OSSEC software with the OSSEC ruleset, as well as a RESTful API Kibana plugin optimized for displaying and analyzing host IDS alerts. +Wazuh is an open source branch of the original [OSSEC HIDS](https://ossec.github.io/) developed for integration into the Elastic Stack. Wazuh provides the OSSEC software with the OSSEC ruleset, as well as a RESTful API Kibana plugin optimized for displaying and analyzing host IDS alerts. ## Before You Begin From 04e6e930d83a78bd60deb003493f57d375b2d2a3 Mon Sep 17 00:00:00 2001 From: Jared Date: Fri, 2 Feb 2018 17:20:15 -0500 Subject: [PATCH 2/2] Typo fix --- docs/networking/nfs/how-to-mount-nfs-shares-on-debian-9.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/networking/nfs/how-to-mount-nfs-shares-on-debian-9.md b/docs/networking/nfs/how-to-mount-nfs-shares-on-debian-9.md index 201acfb0968..e2720acf86c 100644 --- a/docs/networking/nfs/how-to-mount-nfs-shares-on-debian-9.md +++ b/docs/networking/nfs/how-to-mount-nfs-shares-on-debian-9.md @@ -164,4 +164,4 @@ Now let's replace **root\_squash** with **no\_root\_squash** in `/etc/exports` o sudo echo "Hi everyone" > /mnt/remotenfs/testfile2.txt -If you check the ownership of `testfile2.txt` either on the client or the server, you'll see that it is now owned by `root:root`. These simple examples illustrate the use and implications of **root\_squash** and **no\_root\_squash**. For your security, don't forget to remove the latter and read the former in your `/etc/exports` as soon as possible. +If you check the ownership of `testfile2.txt` either on the client or the server, you'll see that it is now owned by `root:root`. These simple examples illustrate the use and implications of **root\_squash** and **no\_root\_squash**. For your security, don't forget to remove the latter and re-add the former in your `/etc/exports` as soon as possible.