HOW-TOs

Linux vs. Windows: What's the difference in 2025?

George Whittaker — Sat, 15 Mar 2025 23:36:15 +0000

For users who are looking to try something new, or who are tired of their Mac OS or Windows operating systems, now just might be the time to switch to something else. The Mac OS system currently uses a UNIX core, which would make switching from Mac OS to Linux a fairly smooth transition. Windows users, on the other hand, will need to make some adjustments.

The following tutorial will compare the Linux operating system to Microsoft Windows.

Microsoft Windows vs. Linux File System

Microsoft Windows files are stored on different data drives (C: D: E:). On Linux, beginning with the root directory, files are organized in a tree structure. This directory is the beginning of the file system. It branches out further across a variety of other subdirectories. The root directory is designated with a forward slash (/).

Key Differences

Linux, an open-source operating system, can change source code as required, while Windows OS doesn’t have access to source code, as it is a commercial operating system.
Linux can detect bugs and fix them easier because of its stellar security, while Windows’ large userbase can be easily attacked by hackers.
Windows runs slowly, especially with older hardware, while Linux runs significantly faster.
With Windows operating systems, printers, CD-ROMs, and hard drives, are considered devices. Linux peripherals, including printers, CD-ROMs, and hard drives are considered files.
Windows uses data drives (C: D: E:) and folders to store files. Linux uses a tree structure beginning with the root directory to keep files organized.
There can be two files in the same directory with the same name in Linux. In Windows, users cannot have two files in the same folder with the exact same name.
In Microsoft Windows, program and system files are almost always stored in the C: drive, while program and system files on Linux can be found in different directories.

File Types

Everything is considered a file in UNIX and Linux. The keyboard, mouse, and printer are files, files are files, and directories are files.

General Files

Also known as Ordinary Files, General Files can contain simply text, or programs, videos, and images. These files can be in Binary or ASCII format, as they are the most commonly used files on Linux.

Directory Files

Directory Files are like a warehouse that can be used for other types of files. Users can have a subdirectory (a directory within a directory). Files can also be taken as folders found inside of the user’s Microsoft Windows operating system.

Go to Full Article

Setting up a Multi-Server Security Engine Installation

Manuel Sabban — Thu, 14 Mar 2024 16:00:00 +0000

by Manuel Sabban

With the launch of Security Engine 1.0.x, we enabled the Security Engine to function as an HTTP REST API, allowing it to gather signals from other Security Engines.

I will guide you through the steps to set up the CrowdSec Security Engine across multiple servers, where one server will serve as the parent and two additional machines will forward alerts to it.

Benefits

Sharing cybersecurity incidents across machines using the CrowdSec Security Engine is a highly effective strategy to enhance collective security defenses. By leveraging CrowdSec's capability to distribute remediations among connected machines, each machine benefits from real-time updates about new threats detected elsewhere in the network.

Architecture

In the diagram above, the parent Security Engine, designated as server-1, will be set up as the HTTP REST API, commonly known as the LAPI (Local API). This engine will be in charge of storing and distributing the gathered signals. Remediation is managed through the Remediation Components, which depend on the LAPI offered by server-1. It's crucial to understand that mitigation can occur independently from detection.

Server-2 and server-3 are designated as internet-facing machines that will host services available to the public and will be known as the child Log Processors. On these servers, we will install CrowdSec Security Engine and Remediation Components, which will interact with the server-1 LAPI.

Note: The phrase child Log Processors refers to a CrowdSec Security Engine that operates with its LAPI turned off. For more information on this, consult our Taxonomy Update Article.

We strongly encourage you to explore the CrowdSec Hub to learn about the extensive range of services the Security Engine can protect. This platform showcases the diverse capabilities of the Engine in securing everything from web applications to databases against cyber threats.

Go to Full Article

Demystifying Kubernetes Operators: Creation, Benefits, and Use Cases

George Whittaker — Tue, 11 Apr 2023 16:00:00 +0000

by George Whittaker

Introduction

Kubernetes is a powerful container orchestration platform that automates the deployment, scaling, and management of containerized applications. As Kubernetes continues to evolve, one of the concepts that has gained significant traction is the Kubernetes Operator. Operators extend the functionality of Kubernetes and provide a way to automate complex tasks, allowing users to manage applications and resources more efficiently. In this article, we will delve into the world of Kubernetes Operators, explore how they can be created, and examine their benefits and use cases.

Understanding Kubernetes Operators

What are Kubernetes Operators?

Kubernetes Operators are software extensions that enable automated management of complex applications and resources within a Kubernetes cluster. Operators encapsulate both the operational logic and domain-specific knowledge required to manage specific applications or services.

Operators are built using the Kubernetes custom resource definition (CRD) and custom controllers. A CRD defines a new resource type in the cluster, while the custom controller is responsible for watching and reconciling the state of the custom resource based on the desired state specified by the user. Together, these components provide a declarative way to manage applications and resources.

Why Use Kubernetes Operators?

Kubernetes Operators offer several benefits:

Automation: Operators automate complex operational tasks, such as backup, scaling, and configuration management, reducing manual intervention and human error.
Extensibility: Operators extend the capabilities of Kubernetes, allowing for the management of custom resources and services.
Consistency: Operators provide a consistent and standardized approach to managing applications across different environments.
Domain-Specific Knowledge: Operators encapsulate expert knowledge about the application or service they manage, making it accessible to users who may not be experts in that domain.

Creating a Kubernetes Operator

Steps to Build an Operator

Creating a Kubernetes Operator involves the following steps:

Go to Full Article

Kubernetes vs. Docker: Exploring the Synergy in Containerization

George Whittaker — Fri, 07 Apr 2023 16:00:00 +0000

by George Whittaker

Introduction to Containerization

Containerization is a revolutionary technology that allows software to be packaged and deployed in a consistent manner across various environments. It resolves challenges such as dependency conflicts and platform discrepancies by encapsulating applications along with their dependencies in lightweight, portable containers. In this article, we will explore two prominent tools in the field of containerization: Kubernetes and Docker. We will delve into their roles, their differences, and how they work in harmony to facilitate containerized application deployments.

Understanding Docker: Creating and Running Containers

What is Docker?

Docker is an open-source platform that automates the creation, deployment, and running of containerized applications. Docker provides the capability to build and package applications along with their dependencies into standardized units called containers. Containers can be thought of as lightweight, standalone executables that are isolated from the host system, yet share the same OS kernel.

Key Features of Docker

Portability: Docker containers can be run on any system that supports Docker, ensuring consistent behavior across different environments.
Isolation: Each container runs in isolation with its own filesystem, ensuring that application dependencies do not interfere with each other.
Scalability: Docker containers can be rapidly started, stopped, and scaled up or down as needed.
Version Control: Docker images can be versioned and stored in a registry, enabling easy rollback to previous versions.

Exploring Kubernetes: Orchestrating Containers at Scale

What is Kubernetes?

Kubernetes, often abbreviated as K8s, is an open-source container orchestration platform that automates the deployment, scaling, and management of containerized applications. Kubernetes provides a powerful framework for managing distributed systems by organizing containers into groups called "pods" and managing their lifecycle across a cluster of machines.

Key Features of Kubernetes

Cluster Management: Kubernetes clusters consist of one or more master nodes and multiple worker nodes that host containers.
High Availability: Kubernetes ensures that applications are highly available by automatically restarting failed containers and rescheduling them to healthy nodes.
Load Balancing: Kubernetes distributes network traffic among multiple pods to ensure optimal resource utilization and responsiveness.

Go to Full Article

SFTP Port Forwarding: Enabling Suppressed Functionality

Charles Fisher — Wed, 22 Feb 2023 17:00:00 +0000

by Charles Fisher

Introduction

The SSH protocol enables three major classes of remote server activities: a) command execution (including a login shell), b) network forwarding and manipulation, and c) file transfer.

The OpenSSH maintainers have determined that sftp and scp have no legitimate use for port forwarding (via the -L and -R options). A flag to explicitly disable these features is unconditionally passed to the child SSH executable during file transfers with these utilities.

There may be users with a legitimate need for these features. An obvious subset are penetration testers tasked to verify that this capability is explicitly disabled on public SFTP servers.

Below are two techniques to enable these suppressed features, by either modifying strings in the sftp binary itself, or by redirection through shells that are able to easily edit the command line. Depending upon the capabilities of the platform, either technique might be required to achieve this goal.

Suppression Details

To begin, it is important to locate running processes of interest. The shell function below will reveal PIDs that match a shell pattern (and note this is not a regex). This runs under Debian dash (and most other common shells) and relies on BSD options to ps:

pps () { local a= b= c= IFS=$'\r'; ps ax | while read -r a
    do [ "$b" ] || c=1; for b; do case "$a" in *"$b"*) c=1;;
        esac; done; [ "$c" ] && printf '%s\n' "$a" && c=; done; }

A conventional SFTP session is launched, in order to examine the processes associated with it:

$ id
uid=1001(aturing) gid=1001(aturing) groups=1001(aturing)...

$ sftp aturing@sftp.victimandum.com
aturing@sftp.victimandum.com's password:
Connected to sftp.victimandum.com.
sftp>

We assume above that the local UNIX user has an account on the remote SFTP server of the same username.

Once the session is running, a local process search for the username reveals the child SSH process that is spawned by SFTP:

Go to Full Article

How To Pick a Linux Distribution for Non-Techies

Ujjwal Anand — Mon, 30 Jan 2023 17:00:00 +0000

by Ujjwal Anand

I have suffered from distrohopping. Now that I have settled for the last two years, here are some tips to save your time.

All distros run the same operating system at their core, Linux. They are more similar than different. Hence, the marginal cost (time) of looking for a better distro is much more than the marginal benefit of it.
Say no to distributions made for specific purposes like Kali, CentOS, and OpenSuse. OpenSuse is great, but it is made for enterprise use. An everyday user won't ever need most of its features. To maintain it would be a waste of time. The same goes for the RedHat family.
Instead of trimming Suse, you better pick a distro made for everyday people, such as AntiX and SolusOS. Read their descriptions and target users on Distrowatch.
Avoid technical distributions like arch, its forks, and Gentoo. They are for the programmer types. If you are not one, you will likely break it. Updates tend to be massive and very frequent. And you can't install a new package without updating first. You don't want to deal with this. If you want it only for AUR, just learn to compile a little bit.
Say no to most desktop environments (DEs) besides LXDE and LXQT. Prefer window managers (WMs) for maximum performance. DEs can be buggy and cause distraction. They increase boot time and update size. It may be reasonable to rule out all distros that don't come with a window manager so you don't have to do the work post-installation. Know the rule; the less stuff you have, the fewer things you can break, the fewer problems you will face. Keep it minimal. Don't allow the bling-bling to distract you.
Avoid forks because they simply are not different enough. In addition, they tend to carry their parent distro's issues on top of their own issues. Developers can do only so much about it. Independent distributions can fix issues more quickly because they can. Prefer original and independent distros.
Don't worry about software availability. Every distro hosts tools to help you install packages not present in their repos. Furthermore, package managers like Appimage and Flatpak allow you to install packages on all distros. Avoid snap. It slows down bootup and doesn't allow you to control app updates. This may change in the future though.
Prefer rolling distros. Reinstallation is boring and it takes a long time to set everything as you want. The process of making a bootable drive has also damaged a couple of my USB drives, though I can't prove the causality.

Go to Full Article

Fault-Tolerant SFTP scripting - Retry Failed Transfers Automatically

Charles Fisher — Wed, 04 Jan 2023 17:00:00 +0000

by Charles Fisher

Introduction

The whole of modern networking is built upon an unreliable medium. Routing equipment has free license to discard, corrupt, reorder, or duplicate data which it forwards. The understanding of the IP layer in TCP/IP is that there are no guarantees of accuracy. No IP network can claim to be 100% reliable.

The TCP layer acts as a guardian atop IP, ensuring data that it produces is correct. This is achieved with a number of techniques that sometimes purposely lose data in order to determine network limits. As most might know, TCP provides a connection-based network with guaranteed delivery atop an IP connectionless network that can and does discard traffic at will.

How curious it is that our file transfer tools are not similarly robust in the face of broken TCP connections. The SFTP protocol resembles both its ancestors and peers in that no effort is made to recover from TCP errors that cause connection closure. There are tools to address failed transfers (reget and reput), but these are not triggered automatically in a regenerated TCP session (those requiring this property might normally turn to NFS, but this requires both privilege and architectural configuration). Users and network administrators alike might be rapt with joy should such tools suddenly become pervasive.

What SFTP is able provide is a return status, an integer that signals success when it is the value of zero. It does not return status by default for file transfers, but only does so when called in batch mode. This return status can be captured by a POSIX shell and retried when non-zero. This check can even be done on Windows with Microsoft's port of OpenSSH with the help of Busybox (or even PowerShell, with restricted functionality). The POSIX shell script is deceptively simple, but uncommon. Let's change that.

Failure Detection with the POSIX Shell

The core implementation of SFTP fault tolerance is not particularly large, but batch mode assurance and standard input handling add some length and complexity, as demonstrated below in a Windows environment.

Go to Full Article

Installing LibreOffice On Slackware 15

Terrell Prude' Jr. — Tue, 04 Oct 2022 16:00:00 +0000

by Terrell Prude' Jr.

Slackware has been one of my favorite GNU/Linux distributions for a very long time, especially since Version 8.0 came out, many moons back. The reason is that it embodies the "KISS" method of designing a distribution. "KISS" means, "Keep It Simple, Stupid!", and that's what the Slackware team has done since the distribution's inception. When Slackware 15.0 came out in February 2022, I celebrated like other "Slackers", and I'd been running the beta and release candidates (the then-"Slackware-current") since early 2021.

I've even used Slackware at work in a "Microsoft shop". Yes, it can be done, and it can be done well. To do so, I needed something compatible with Microsoft Office file formats. OpenOffice.org was the ticket back then even in its Beta Build 638c days (yes, I've been using it for a long time!), and the tradition continues today, 21 years later with today's LibreOffice. It is this office productivity suite that really makes using Free Software platforms (e. g. GNU/Linux, the BSD's) on general-purpose business computers possible.

Sadly, Slackware didn't include OpenOffice.org back then, and it doesn't include LibreOffice now. This is speculation on my part, but several years ago, Patrick Volkerding stopped including GNOME because it was too much of a pain to package and distribute for a project that doesn't have the resources of Red Hat, Debian, or Ubuntu. I suspect this may also be true for LibreOffice. Also, the binary packages from LibreOffice come in RPM and DEB format. This choice by the LibreOffice developers is quite understandable, as Red Hat- and Debian-based distros are by far the dominant presence on personal computers. That still leaves us "Slackers" out in the cold, though.

I realize that nowadays there are "Slackbuilds", analogous to BSD's "Packages" collection, and the people who maintain those are definitely to be thanked and appreciated (and I do). The reality is that those aren't always updated to the latest versions of applications, given time constraints. Remember that Slackware is a relatively small all-volunteer project, like OpenBSD. Also, I prefer to stay as up-to-date as possible.

So, what to do?

Fortunately, there is a way to install a fully-functional, latest-greatest, LibreOffice on our Slackware 15.0 computers and use it. The best part is that it's not difficult to do...at least, not now that you have this handy-dandy HOW-TO document to follow.

Go to Full Article

SQLite for Secrecy Management - Tools and Methods

Charles Fisher — Wed, 28 Sep 2022 16:00:00 +0000

by Charles Fisher

Introduction

Secrets pervade enterprise systems. Access to critical corporate resources will always require credentials of some type, and this sensitive data is often inadequately protected. It is rife both for erroneous exposure and malicious exploitation. Best practices are few, and often fail.

SQLite is a natural storage platform, approved by the Library of the U.S. Congress as a long-term archival medium. “SQLite is likely used more than all other database engines combined.” The software undergoes extensive testing as it has acquired DO-178B certification for reliability due to the needs of the avionics industry, and is currently used on the Airbus A350's flight systems. The need for SQLite emerged from a damage control application tasked for the U.S. battleship DDG-79 Oscar Austin. An Informix database was running under HP-UX on this vessel, and during ship power losses, the database would not always restart without maintenance, presenting physical risks for the crew. SQLite is an answer to that danger; when used properly, it will transparently recover from such crashes. Despite a small number of CVEs patched in CentOS 7 (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2019-13734), few databases can match SQLite's reliability record, and none that are commercially prevalent.

SQLite specifically avoids any question of access control. It does not implement GRANT and REVOKE as found in other databases, and delegates permissions to the OS. Adapting it for sensitive data always requires strong security to be implemented upon it.

The free releases of CyberArk Conjur and Summon build a basic platform for secrecy management. These tools are somewhat awkward, as conjur requires a running instance of PostgreSQL, which brings an attack surface that is far larger than hoped. Slaving an enterprise to a free, centralized instance of conjur and PostgreSQL is a large risk, as CyberArk's documentation attests.

CyberArk summon, however, can be configured with custom backend providers, which have simple interfacing requirements. SQLite is a fit both for summon and as a standalone secrecy provider.

Go to Full Article

Pwndrop on Linode

David Burgess — Tue, 27 Sep 2022 16:00:00 +0000

by David Burgess

When I first ran across PwnDrop, I was intrigued at what the developers had in mind with it. For instance, if you're a white-hat hacker and are looking to share exploits safely with your client, you might use a service like PwnDrop. If you're a journalist communicating with, well, just about anyone who is trying to keep their identity secret, you might use a service like PwnDrop.

In this tutorial, we're going to look at how easy it is to set up and use in just a few minutes.

Prerequisites for PwnDrop in Docker

First things first, you’ll need a Docker server set up. Linode has made that process very simple and you can set one up for just a few bucks a month and can add a private IP address (for free) and backups for just a couple bucks more per month.

Another thing you’ll need is a domain name, which you can buy from almost anywhere online for a wide range of prices depending on where you make your purchase. Be sure to point the domain's DNS settings to Linode. You can find more information about that here: https://www.linode.com/docs/guides/dns-manager/

You’ll also want a reverse proxy set up on your Docker Server so that you can do things like route traffic and manage SSLs on your server. I made a video about the process of setting up a Docker server with Portainer and a reverse proxy called Nginx Proxy Manager that you can check out here: https://www.youtube.com/watch?v=7oUjfsaR0NU

Once you’ve got your Docker server set up, you can begin the process of setting up your PwnDrop password manager on that server.

There are 2 primary ways you can do this:

In the command line via SSH.
In Portainer via the Portainer dashboard.

We're going to take a look at how to do this in Portainer so that we can have a user interface to work with.

Head over to http://your-server-ip-address:9000 and get logged into Portainer with the credentials we set up in our previous post/video.

On the left side of the screen, we're going to click the "Stacks" link and then, on the next page, click the "+ Add stack" button.

This will bring up a page where you'll enter the name of the stack. Below that that you can then copy and paste the following:

Go to Full Article