The New Stack has posted a guide on how to harden n Ubuntu server. Ubuntu is a popular choice for container deployments, but many admins and DevOps teams overlook the importance of securing the operating system itself. The article provides a guide to hardening Ubuntu to ensure a secure foundation for deployments. The steps include:

1. Schedule regular upgrades to ensure the server is patched against the latest threats.

2. Change sudo and SSH settings.

3. Install and configure fail2ban to automatically ban IP addresses that attempt to compromise the server via SSH.

4. Secure shared memory by mounting /run/shm with certain privileges.

5. Enable and configure the Uncomplicated Firewall (UFW) and allow SSH connections.

By following these steps, admins and DevOps teams can significantly enhance the security of their Ubuntu Server deployments. Head over to The New Stack and read the guide!

Source: The New Stack.

Phoronix reports that early testing of the Linux 6.6 kernel shows impressive gains for AMD’s high core count server processors, particularly the EPYC 9754 “Bergamo.” The new Linux 6.6 kernel features the Earliest Eligible Virtual Deadline First (EEVDF) scheduler, which is a major improvement over the existing Completely Fair Scheduler (CFS). The EEVDF scheduler has shown to help with latency sensitive tasks and has led to a lot of CFS code being removed. Additionally, the Linux 6.6 workqueue improvements benefit AMD CPUs and other chiplet-based CPUs with multiple L3 caches. In testing, Linux 6.6 has shown dramatic improvements on higher core count processors like the AMD EPYC 9754.

The article discusses the testing of the Linux 6.6 kernel on an AMD EPYC 9754 server configuration with 128 cores and 256 threads per socket. The benchmarks were carried out using Linux 6.5.1 stable and then with Linux 6.6-rc1. The results showed significant performance improvements with the Linux 6.6 kernel.

Source: Phoronix.

A post on Hackaday shows an interactive map of the Linux kernel that has been created by Costa Shulyupin. The map shows the structure of the kernel and includes over 400 prominent functions, each of which is a link to a cross-reference site for further information. The kernel is divided into 7 rows and 7 columns, with domains such as security, debugging, block devices, and address families. The map also includes arrows to show the relationships between different functions.

This interactive map of the Linux kernel is a valuable resource for those interested in understanding the structure and functionality of the kernel. It provides a visual representation of the major levels of abstraction and includes links to definitions and usages of specific functions. By exploring the map, users can gain a deeper understanding of how the kernel operates and how different functions are interconnected. This knowledge can help in troubleshooting, optimizing performance, and developing software that interact with the kernel. Additionally, the map serves as a gateway to further learning, allowing users to delve into specific domains and terms related to the Linux kernel.

If you would like to learn more about the Linux kernel, consider one of these books ☺️

• How Linux Works: What Every Superuser Should Know by Brian Ward
• Linux Kernel Development by Robert Love
• Understanding the Linux Kernel by Daniel Bovet and Marco Cesati

Source: Hackaday.

This little tutorial will show you how to turn an Ubuntu Droplet (VM) on DigitalOcean into a NixOS Droplet using nixos-infect. NixOS is a Linux distribution declaratively configured using a specification written in the Nix expression language describing the system’s desired state. It supports automatic upgrades and rollbacks. Aside from DigitalOcean, you can run NixOS on most common computers. It’s possible to run NixOS on ARM64 computers, like on the Raspberry Pi 3 and Raspberry Pi 4.

In this tutorial, we’ll create a NixOS virtual machine using Vagrant. This setup can be helpful to set up an environment for learning NixOS. NixOS is a Linux distribution declaratively configured using a specification written in the Nix expression language describing the system’s desired state. It supports automatic upgrades and rollbacks. If something goes wrong, just revert to the working state. NixOS runs on common computers and architectures and can be used both on laptops or workstations with a desktop environment or on servers, both x86_64 and ARM64, like on the Raspberry Pi 4.

This guide will help you set up a Kubernetes cluster, including a service mesh using k3s (at the time of writing at version 0.10.2) and Rio. We’ll deploy the cluster on DigitalOcean. Ubuntu 18.04 LTS will be the OS during this tutorial. If you sign up to DigitalOcean using this link, you’ll receive $50 to spend on their services over 30 days. If you wish to run your cluster on your own hardware, you could do so on Raspberry Pis (ARM64) or Intel NUCs (x86_64) for example.