What’s the best Linux distro for you?

First, let’s clarify something: Linux is not an operating system! Linux is a kernel, to get an operating system, you need to choose a distrubution which will pack Linux as the kernel. There’s also other Unix-like operating systems which will pack BSD as the kernel instead of Linux. Both are good, but they have differents pros and cons.

I’ve been using Linux both profesionnally and personally for 12 years now, Linux have evolved overtime. My answer to “What is the best Linux distro” would have been different 10 years ago.

There’s so many distribution, you will certainly one that will more likely fit your needs. In this posts, I will try to help you clarify which one is the best for you.

Here’s a lot of the best Linux distribution out there right now :

Ubuntu

Pros

  • Simplicity
  • Just works out of the box
  • Care about stable drivers
  • You can pay for support
  • Good documentation
  • Good release cycle (5 years support for LTS)

Cons

  • History of bad decisions made by Canonical
  • Include a spyware (more info)
  • Canonical dosen’t care about FOSS philosophy

Debian

Pros

  • Highly stable and secure
  • The largest number of installed packages
  • Developed by a mature community
  • Massively supported
  • Works on all architectures
  • Great degree of Freedom (100% FOSS)

Cons

  • No default support for proprietary drivers
  • Archaic installer

More to be added soon.

How to Delete Certbot Certificate by Domain Name (Let’s Encrypt)

First, list your certificates by running this command :

$ sudo certbot certificates
This command will show you all your certificates and their names

Here’s an immediate way to delete a Certbot certificate by including the domain name in the command like this:

$ sudo certbot delete --cert-name example.com

To avoid problems, you should also delete the Apache configuration associated with this certificate, here’s an exemple for exemple.conf :

$ sudo rm /etc/apache2/sites-available/exemple-le-ssl.conf

This could be useful if the domain name does not appear in the index.

If you need to generate a new certificate, here’s the command :

$ sudo certbot --apache -d exemple.com

If the command dosen’t work, make sure the site is enabled, verify /etc/apache2/sites-available to find the config name:

$ sudo a2ensite exemple.conf 
$ sudo systemctl reload apache2

If you run into some problems, you can type “systemctl status apache2”, this should give you information about the problem.

Here’s an exemple of a virtual host configuration /etc/apache2/sites-available/maximef.conf :

<VirtualHost *:80>
   ServerName maximef.com
   ServerAlias www.maximef.com
   ServerAdmin maximef@outlook.com
   DocumentRoot /var/www/maximef.com
   ErrorLog ${APACHE_LOG_DIR}/error.log
   CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.maximef.com [OR]
RewriteCond %{SERVER_NAME} =maximef.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

Here’s an exemple of the SSL virtual host configuration /etc/apache2/sites-available/maximef-le-ssl.conf :

<IfModule mod_ssl.c>
<VirtualHost *:443>
   ServerName maximef.com
   ServerAlias www.maximef.com
   ServerAdmin maximef@outlook.com
   DocumentRoot /var/www/maximef.com
   ErrorLog ${APACHE_LOG_DIR}/error.log
   CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
SSLCertificateFile /etc/letsencrypt/live/maximef.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/maximef.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

How to update GLPI to latest version (2020)

GLPI post image

Note

As for every update process, you have to backup some data before processing any upgrade:

  • backup your database;
  • backup your files directory;
  • backup your configuration.

I will provide you with the information to update GLPI to the latest version. In this exemple, I will be upgrading from GLPI version 9.5.1 to 9.5.2. I will be using the Linux distibution Redhat 7.8, but this method should work with all distros.

Redhat 7.8 distro

Here’s how to upgrade to GLPI 9.5.2.

First things first, you need to login into your GLPI Linux virtutal machine using SSH and make sure you have sudo privileges.

Go in your GLPI installation folder, but up one level, in this instance :

$ cd /var/www/

Create a backup of your files, in case things do not go as planned :

$ cp -r glpi/ glpi9.5.1/

Go in your GLPI installation folder, in this instance :

$ cd /var/www/glpi/

Download the latest GLPI version, you can get the link from the official GLPI website at https://glpi-project.org/downloads/:

$ wget https://github.com/glpi-project/glpi/releases/download/9.5.2/glpi-9.5.2.tgz

“Unzip” the archive in the current folder :

$ tar zxvf glpi-9.5.2.tgz

The new GLPI version in now located in /var/www/glpi/glpi/, we need to move the files and subfolders one level up :

$ yes | cp -rg glpi/* .
$ yes | rm -r glpi

Modify the owner of the files and give the correct permissions :

If you run Redhat/centos : 
$ chown -R apache:apache /var/www/glpi/

If you run Ununtu : 
$ chown -R www-data:www-data /var/www/glpi/

Using your web browser, you now need to access your GLPI website, once you get to your website, you should be automatically redirected to the update webpage, make sure all the requierements are met and proceed to the upgrade.

Once your done, if you were successful, you should land to a webpage like this one :

click on “use GLPI” at the bottom of the page.

You now need to delete install.php :

cd /var/www/glpi/install/
rm install.php

Congratulations, you successfully updated GLPI to the latest version.

Non exhaustive list of changes in GLPI 9.5.2 (changelog) :

  • [security] SQL injection with a query parameter of user form (CVE-2020-15176)
  • [security] Removal of .htaccess file in the files folder via a plugin endpoint (CVE-2020-15175)
  • [security] Leakage issue with knowledge base (CVE-2020-15217)
  • [security] Stored XSS in install script (CVE-2020-15177)
  • [security] Minor SQL Injection in Search API (CVE-2020-15226)
  • several mailgate issues
  • several dashboards issues
  • dashboards improvements: personnal filters, new summary and articles widgets, …

If things didn’t went as planned, here’s some commands that could help you do things manually.

Verify that you meet the requirements :

from /var/www/glpi/ type this command : 
php bin/console glpi:system:check_requirements
If something is not okay, you shoud fix it.

To switch from SELinux between enforcing or permissive mode :

$ setenforce 1
 (enforcing)
$ setenforce 0 (permissive)

To verify SELinux mode :

$ sestatus

Upgrade the database :

In your GLPI installation folder, go in the /var/www/glpi/ type : 
php bin/console db:update
or
./console db:update
If you have a timestamp or timezone problem, here’s how to fix it.

Log in to Mysql

mysql -u root -p

type this command (replace ‘glpi’ by your glpi database user) :

GRANT SELECT ON mysql.time_zone_name TO 'glpi'@'localhost'; 

Then from /www/var/glpi/ type this command :

php bin/console glpi:migration:timestamps