DistroWatch Weekly |
DistroWatch Weekly, Issue 816, 27 May 2019 |
Welcome to this year's 21st issue of DistroWatch Weekly!
Earlier this month we discussed the release of Red Hat Enterprise Linux 8.0. Red Hat is a long-running, profitable Linux company and manages to make money through support contracts while giving away the business's source code free of charge. This has allowed Red Hat to sponsor many open source developers and contribute heavily to the Linux ecosystem. This week we begin with a review of Red Hat Enterprise Linux 8.0, exploring some of its workstation and server features. In our News section we link to a discussion in the Void community about security and cover a media update from the Guix team which fixes a path issue that could prevent the Xfce desktop from starting. We also share a questions and answers session with Fedora's Matthew Miller and bid a fond farewell to the Antergos distribution. This week we also discuss firewall rules and ask, in our Opinion Poll, whether our readers feel the need to use a firewall at home. Plus we are pleased to share the torrents we are currently seeding and list the releases of the past week. We wish you all a terrific week and happy reading!
Content:
- Review: Red Hat Enterprise Linux 8.0
- News: Void discusses security, Guix publishes path fix, Antergos closes doors, Matthew Miller answers questions about Fedora
- Questions and answers: Setting up a firewall and finding service ports
- Released last week: openSUSE 15.1, Tails 3.14, Kali Linux 2019.2
- Torrent corner: ArchBang, BlackArch, Clonezilla, DragonFly BSD, Guix, Kali, Obarun, openSUSE, OSMC, Septor, SmartOS, Tails, Trident
- Upcoming releases: FreeBSD 11.3-BETA2
- Opinion poll: Do you enable a firewall on your computer?
- New distributions: Adelie Linux, EducatuX, TSURUGI Linux
- Reader comments
|
Feature Story (by Jesse Smith) |
Red Hat Enterprise Linux 8.0
Red Hat, the world's most profitable Linux company, released a new version of the company's flag ship product, Red Hat Enterprise Linux (RHEL), in the first week of May. The new release, RHEL 8, is based on Fedora 28 and introduces some interesting changes. RHEL 8 makes GNOME on Wayland the default desktop environment, provides the Cockpit remote management service pre-installed, and replaces the iptables firewall with nftables. Additional changes can be found in the distribution's extensive release notes, which I think are well worth a read.
Getting started with Red Hat's latest release took me through some difficult turns. RHEL is commercial software and requires the user to have a Red Hat account if we want to access the free 30-day evaluation ISO file. At first I went to the Red Hat website, went into the Downloads section, picked Enterprise Linux 8, and clicked the Try button. I was asked for my username and password at which point I discovered my old Red Hat account was no longer active (or I've lost the credentials). At any rate, I signed up for a new account, waited for the verification e-mail and, when it arrived, clicked the verification link. This took me to a page which read: "Unexpected error when handling authentication request to identify provider." I assumed several people were probably also signing up for new accounts on launch day, so waited a few minutes and went back to the first browser tab and requested a new verification e-mail. At which point I was told my account was already signed in and verified.
I went back to the download page, clicked the Try button and was offered a download called BinaryDVD. I clicked the link, downloaded the ISO and got to work. Booting from the media launched the Anaconda installer which has been lightly modified from Fedora's version of the installer to include some enterprise options and install-time customizations. I soon ran into a problem though as one of the installer steps demanded I provide a network URL for the source media and refused to proceed without a URL. The install steps on the website hadn't mentioned setting up source media and the built-in help documentation did not provide any clues.
I asked on-line about this and was told what I had downloaded was the Boot disc, not the full DVD. So I went back to the download page and noticed something interesting. The BinaryDVD download link showed it as connecting to the full DVD in my browser's status bar, but clicking the link redircted me to the net-install Boot disc ISO. I checked back a few days later and this had been fixed so clicking the BinaryDVD option would download the full DVD as expected. At the time I got around this issue by finding a second download page which listed all the different editions of RHEL for the various supported architectures and downloaded the full edition. There are quite a few editions from which to choose, including Red Hat Enterprise Linux, Workstation, Desktop, Atomic Host, Real Time, High Availability, and Container Development Kit. Selecting most of these indicates they are only available as older (7.x) versions. I went with the generic, default option which is an available flavour for version 8.0 and was a 6.6GB download.
Installing
Booting from the RHEL 8 media brings up a menu asking if we would like to launch the installer, boot from the hard drive, or run the media through a self-test. One aspect of RHEL I appreciate is the self-test is the default option and, assuming the media passes, the system then proceeds to launch the installer. This insures we start off from a position where we know the media has not been corrupted.
Once the Anaconda graphical installer launches we are asked to confirm our keyboard's layout. We are then given the chance to set our time zone and preferred language. There is a configuration screen which asks if we would like to provide links to media sources, with the installer defaulting to using the DVD. Another module asks us to pick the operating system's role. A role can be a Server (with graphical interface), a Server with just a command line interface, a Minimal Install, Workstation, Virtualization Host, or Custom. Each of these can further be customized with optional groups of packages. I decided to try the Workstation role, with some added packages.
Additional modules provide us with the means to enable and configure networking, create a root password, and optionally create a user account. The packages then copy to the hard drive which, in my case where I was installing the Workstation software and some extra items, took a little under an hour. The installer finishes its work and prompts us to reboot. An issue I ran into early on was, when the system reboots, the DVD stays in the drive. I found if I selected the option to boot from a local drive from the DVD's boot menu no suitable media would be found. Removing the DVD and booting directly from the hard disk did work.
The first time RHEL 8 boots, a graphical first-run wizard appears. The wizard asks us to accept Red Hat's license agreement and then asks for our Red Hat username and password so our installation can be activated. We then wait a minute while the system registers itself with Red Hat and confirms we have the proper license. The operating system then reboots. In my case, when it came back on-line, I was presented with a graphical login screen.
Early impressions
When I first started using RHEL 8 I noticed that, despite the release notes reporting GNOME and the GNOME Display Manager would use Wayland by default, both the GNOME Shell and GNOME Classic session that were available were run on X.Org sessions. I was not sure why at first, but I eventually discovered that RHEL will detect if the necessary video drivers are available for running Wayland and, if they are not available, the Wayland session options are hidden. This means people using some NVIDIA drivers and the default VirtualBox drivers will not be able to sign into a Wayland session. However, people running RHEL with Intel, AMD or VirtualBox add-on modules should see both the Wayland and X.Org session options on the login screen.
Red Hat Enterprise Linux 8.0 -- Running GNOME Shell
(full image size: 533kB, resolution: 1280x1024 pixels)
I played with all four session options (GNOME Shell and GNOME Classic, each running on X.Org and Wayland). To the distribution's credit, there was little difference to be found most of the time. GNOME Shell running on Wayland performed a bit faster than the same desktop on X.Org. GNOME Classic offered the same performance, regardless of the display server, but the Classic desktop locked up a couple of times when I was using the Wayland session and would no longer respond to mouse or keyboard input. The Classic desktop running on X.Org did not present me with any issues.
The first time I signed into the GNOME desktop a wizard appeared and asked me for my preferred language and asked me to confirm my keyboard layout. I was then asked if I would like to leave the desktop's location services turned on, or turn them off. We are then offered a chance to connect GNOME with on-line account services such as Google and Nextcloud. The wizard then disappears and the GNOME Help documentation appears in a new window. The Help window presents new users with a good deal of tips and tutorials on how to navigate the desktop and will probably be quite useful for people new to GNOME.
GNOME Shell is presented in a fairly minimal fashion, as is typical of GNOME these days. The Activities menu is placed in the upper-left corner and a dock sits on the left side of the screen, providing quick access to application launchers. The dock also offers a button for opening a full-screen grid of application icons. For the most part I tended to use the GNOME Classic desktop which is presented with a two-panel layout and tended to offer me better performance. One of my few issues with GNOME early on was the desktop kept locking every five minutes if I was not interacting with it. This setting can be changed in GNOME's Settings panel under the Power module.
Red Hat Enterprise Linux 8.0 -- Running the GNOME Classic desktop
(full image size: 502kB, resolution: 1280x1024 pixels)
Hardware
When running RHEL 8 on my workstation, the distribution ran smoothly. All my hardware was detected and the installer was able to enable a network connection over both wired or wireless networks. Both versions of the GNOME desktop worked fairly well, whether running under a Wayland or X.Org session.
Working with the distribution in a VirtualBox environment presented more challenges. RHEL does not automatically integrate with VirtualBox and cannot use the host's full screen resolution and could not run Wayland sessions. The default repositories do not offer VirtualBox add-on modules and trying to install generic add-on modules failed until I had located and installed the elfutils-libelf-devel package using dnf. GNOME Shell was too slow to be used practically in VirtualBox, but the Classic shell worked well.
Disk and memory usage will vary a lot depending on which packages and services we enable at install time. In my case, running RHEL in a Workstation role, I found the distribution consumed 5.8GB of disk space. Running GNOME Shell used 980MB of RAM and GNOME Classic used 1,020MB of RAM. This is nearly double the RAM usage I see on most other distribution/desktop combinations and about about 20% higher than Ubuntu running the GNOME desktop on the same hardware.
One curious aspect of running RHEL 8 I found was boot times varied a lot. Sometimes the distribution started up and shutdown very quickly, starting faster than most other distributions I have tried recently, getting to the login screen in well under 20 seconds. Other times it could take nearly two minutes to start.
Applications
RHEL ships with a fairly standard set of open source applications. The Workstation edition offers Firefox, LibreOffice, Pidgin for instant messaging, the Evolution e-mail client and the HexChat IRC client. The Boxes virtual machine software is included along with a document viewer, the GNOME Files file manager and Java. The GNU Compiler Collection is installed too.
Red Hat Enterprise Linux 8.0 -- Running LibreOffice and viewing images
(full image size: 238kB, resolution: 1280x1024 pixels)
The distribution offers the Totem video player, the Cheese webcam utility, the Brasero disc burning software, and the Rhythmbox audio player. The available codecs are limited on RHEL. I was able to play audio files, including MP3 files, without any problem, but I was unable to play any local video files. Trying to open a video in Totem brings up a window letting us know the required codecs are missing and the system offers to search the repositories for the codec. This opens GNOME Software which reports it cannot find the necessary codec and invites us to read documentation about it. Clicking the documentation link opens Firefox to display a page from the Fedora website which discusses restricted codecs. That page, in turn, links to the Fedora Wiki, which then leads us to the RPMFusion website to get the missing codecs. RPMFusion does not have a repository compatible with RHEL 8, so the trail stops there.
In the past, I was able to get some third-party package support and restricted items through an extra Red Hat repository, but if it exists for RHEL it is not mentioned on any of the documentation pages we are shown, or mentioned in the software centre. When I searched for information on codecs on the Red Hat website all I found were documents for older versions which indicated media codecs could be downloaded from unnamed third-party repositories and were not supported.
Rounding out the collection of software, we find systemd is RHEL's init software and the distribution runs on version 4.18 of the Linux kernel.
One curious aspect to running programs on RHEL 8 was that, when I made a typo on the command line, the shell would pause for a few seconds (apparently trying to find a match for what I had typed in the repositories). The shell would then spew out the following error message:
Failed to search for file: cannot update repo 'rhel-atomic-7-cdk-3.5-source-rpms': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Status code: 404 for https://cdn.redhat.com/content/dist/rhel/atomic/7/7Server/x86_64/cdk/3.5/source/SRPMS/repodata/repomd.xml
I found this unpleasant for two reasons. The first is it slows down working at the shell every time a typo is made and, second, the error message makes it look as though the search function is looking in the wrong repository.
Red Hat Enterprise Linux 8.0 -- Trying to install Firefox extensions
(full image size: 130kB, resolution: 1280x1024 pixels)
When I first started using RHEL 8 I was unable to install any extensions in Firefox. This appeared to be a side effect of the Firefox certificate bug. However, after the Firefox update was installed a few days later I was still unable to install any extensions. Even with the certificate verification disabled I was still unable to install any extensions on Firefox, which may be the first time I have run into this problem on any distribution.
GNOME Settings
RHEL uses the GNOME Settings panel to customize and manage the desktop. The current Settings panel uses a two-pane layout with module names down the left side and specific settings on the right. The dual-pane layout makes it quicker to switch between modules and the whole Settings panel worked well for me. The options are generally well presented and easy to both understand and adjust.
Red Hat Enterprise Linux 8.0 -- Adjusting settings on GNOME Classic running on Wayland
(full image size: 274kB, resolution: 1280x1024 pixels)
Perhaps the only issue I ran into while using GNOME Settings was with the user account manager. The account manager would allow me to create new accounts, but when it came time to set a password, I had only two options: make a long, complex password that was not based on a dictionary word, or set no password at all and let the user make up one when they sign in. This everything-or-nothing approach continues when the user first signs in. A new user can login without a password, but they need to make up a long, complex one and, if their choice is not good enough, the user is logged out of the account, so they need to sign back in to try again. This seems like an unusually harsh way to introduce new users to the system. It is possible to adjust the password restrictions, but these feel like awkward defaults.
On a related topic, I noticed early on that RHEL is set up with the OpenSSH service running by default. The system allows remote logins using the root account. This too can be changed or disabled, but it is a potential security weakness that administrators should correct once they get the system set up with a non-root account. (Red Hat's upstream, Fedora, plans to disable remote, password-based logins in Fedora 31.)
Software management
When software updates are available a notification appears in the upper-right corner of the desktop. We can apply new software updates through either the GNOME Software graphical software centre, or through the dnf command line package manager. Installing updates through GNOME Software forces a restart if core packages are updated. Installing new versions of packages through dnf does not require us to restart the computer. On launch day there were 73 packages totalling 173MB in size available for download. More updates slowly tricked in over the next week I was using the distribution.
Red Hat Enterprise Linux 8.0 -- Trying to browse available software
(full image size: 141kB, resolution: 1280x1024 pixels)
I am sad to report GNOME Software did not work well for me at all. The software centre displayed no installed applications under its installed tab, and displayed no applications when I browsed through any of the available software categories. I also tried performing searches for common terms such as "firewall", "video", and "gimp" - each one returned no matches. At first I thought this strange behaviour might be a result of PackageKit not working properly (as it has caused problems on other distributions), but whether PackageKit was running or not, the software centre could not find any packages, installed or in the repositories.
This may be related to another problem I ran into. At first the dnf package manager could not find any packages either when I performed searches. I found dnf had to be run with sudo in order to return search results. For instance "dnf search firewall" would fail, but "sudo dnf search firewall" returned results. (I tried running GNOME Software with root/sudo privileges and it still failed to see any available or installed software.)
When run with sudo access, the dnf package manager typically worked well, successfully installing updates, downloading new programs and finding packages. Once, while installing the gimp package, dnf crashed before it was finished the installation and printed a Python traceback. Re-running the same install operation succeeded without further problems.
Red Hat Enterprise Linux 8.0 -- Searching for software
(full image size: 158kB, resolution: 1280x1024 pixels)
Incidentally, the Red Hat release notes refer to the package manager as being yum, the previous generation of package manager on RHEL, rather than dnf. However, on RHEL 8, both yum and dnf are symbolic links to the dnf-3 program and trying to open the yum manual page redirects us to the dnf page.
For people who like to use portable package formats, Flatpak is installed on RHEL by default. Users will probably want to enable third-party repositories in order to get the most out of Flatpak options. Snap support is not included by default and not available in the repositories.
Other features
Apart from the default firewall changing from iptables to nftables and RHEL adopting Wayland as the primary display technology, one of the features to catch my attention was Cockpit. The release notes describe Cockpit as follows:
Packages for the RHEL 8 web console, also known as Cockpit, are now part of Red Hat Enterprise Linux default repositories, and can therefore be immediately installed on a registered RHEL 8 system. In addition, on a non-minimal installation of RHEL 8, the web console is automatically installed and firewall ports required by the console are automatically open.
While Cockpit is indeed installed, it is not enabled by default. I started Cockpit using the systemctl command line service manager and found Cockpit listens for incoming web browser connections on network port 9090. We can sign into the web interface using our regular username and password.
Cockpit starts off by showing us a status board where we can get an overview of the system and its resource usage. Down the left side of the page we can see links that provide resources such as browsing logs, checking for software updates, managing background services, and manipulating user accounts. We can also make networking adjustments. There is a page for working with installed applications, but as with GNOME Software, no packages were visible on this page. There are a few other screens, one for checking for software updates, one for managing Red Hat subscriptions and one for running a terminal in the browser.
Red Hat Enterprise Linux 8.0 -- Viewing services with Cockpit
(full image size: 139kB, resolution: 1280x1024 pixels)
Apart from the software management page, the other resources generally worked well. I particularly liked the log browser which offers filters to help us find entries by time and type. I had not used Cockpit before, despite it being available on Fedora for a while, and was pleased with how quick the interface was and how easy it was to navigate. This was definitely a highlight of the trial for me.
However, there were two issues I ran into with Cockpit. I could start Cockpit whenever I wanted, but I could not enable the Cockpit service directly. Trying to enable Cockpit so it would be available at each boot resulted in an error from systemctl saying the service is not meant to be enabled. The Cockpit manual page says the web service is started on demand by systemd when we try to use it, which did not appear to be the case at first. I eventually found out that enabling the Cockpit service directly does not work, but enabling its socket does. Running "systemctl enable --now cockpit.socket" will cause the Cockpit interface to be available on demand at boot time. The other problem I ran into was with SELinux. At one point I wondered if SELinux might be causing some of the issues I was running into so went into Cockpit and toggled SELinux off. The web interface then told me to reboot to complete the action. When my system restarted SELinux was still enabled, indicating the Cockpit control had no effect.
Conclusions
My experiment with RHEL 8 got off to a rough start. Going through the on-line registration process produced some errors and ended up with me getting the wrong ISO which, in turn, resulted in some confusion and delays in getting the distribution installed.
Things then began to look up as RHEL 8 did a good job of detecting my system's hardware, registered itself without incident and offered good performance on physical hardware. I was particularly pleased that the distribution appears to detect whether our video card will work well with Wayland and either displays or hides Wayland sessions in response. I did have some trouble with the GNOME Classic Wayland session and GNOME Shell on X.Org was a bit sluggish. However, the Classic session on X.Org and GNOME Shell on Wayland both worked very well. In short, it's worthwhile to explore each of the four desktop options to see what works best for the individual.
The big issues I ran into with RHEL were with regards to software management. Both GNOME Software and the Cockpit screen for managing applications failed to work at all, whether run as root or a regular user. When using the command line dnf package manager, the utility failed to perform searches unless run with sudo and occasionally crashed. In a similar vein, the Bash feature that checks for matching packages when the user types a command name it doesn't recognize does not work and produces a lengthy error.
There were some security features or design choices that I think will mostly appeal to enterprise users, but are less favourable in home or small office environments. Allowing remote root logins by default on the Workstation role rubs me the wrong way, though I realize it is often useful when setting up servers. The enforced complex passwords are similarly better suited to offices than home users. One feature which I think most people will enjoy is SELinux which offers an extra layer of security, thought I wish the Cockpit feature to toggle SELinux had worked to make trouble-shooting easier.
I was not surprised that RHEL avoids shipping some media codecs. The company has always been cautious in this regard. I had hoped that trying to find and install the codecs would have provided links to purchase the add-ons or connect us with a Red Hat-supplied repository. Instead we are redirected through a chain of Fedora documentation until we come to a third-party website which currently does not offer the desired packages.
Ultimately, while RHEL does some things well, such as hardware support, desktop performance, and providing stable (if conservative) versions of applications, I found my trial highly frustrating. Many features simply do not work, or crash, or use a lot of resources, or need to be worked around to make RHEL function as a workstation distribution. Some people may correctly point out RHEL is mostly targeting servers rather than workstations, but there too there are a number of problems. Performance and stability are provided, but the issues I ran into with Cockpit, permission concerns, and command line package management are all hurdles for me when trying to run RHEL in a server role.
I find myself looking forward to the launch of CentOS 8 (which will probably arrive later this year), as CentOS 8 uses the same source code as RHEL, but is not tied to the same subscription model and package repositories. I am curious to see how much of a practical effect this has on the free, community version of the same software.
* * * * *
Hardware used in this review
My physical test equipment for this review was a desktop HP Pavilon p6 Series with the following specifications:
- Processor: Dual-core 2.8GHz AMD A4-3420 APU
- Storage: 500GB Hitachi hard drive
- Memory: 6GB of RAM
- Networking: Realtek RTL8111 wired network card, Ralink RT5390R PCIe Wireless card
- Display: AMD Radeon HD 6410D video card
* * * * *
Visitor supplied rating
Red Hat Enterprise Linux has a visitor supplied average rating of: 7.5/10 from 8 review(s).
Have you used Red Hat Enterprise Linux? You can leave your own review of the project on our ratings page.
|
Miscellaneous News (by Jesse Smith) |
Void discusses security, Guix publishes path fix, Antergos closes its doors, Matthew Miller answers questions about Fedora
There is always a balance to be found between security and convenience. For instance, complex passwords are more secure than simple ones, but less convenient to type. This week a discussion debating this balance has appeared in the Void project's issue tracker. The Void distribution, when installed from local live media, leaves a PolicyKit rule on the system which allows users in the wheel group to run commands as the root user without a password. Some see this passwordless access as a security concern while a few members of the development team see it as a convenience feature that makes working with the live system easier for users. Others have suggested that the default behaviour is not necessarily bad, but should be documented to better allow administrators to choose the right settings for their situation. The complete conversation can be found on Void's GitHub page.
* * * * *
The Guix project has published a bug fix release for Guix System just a few weeks after the distribution's 1.0.0 milestone was reached. The new version, 1.0.1, offers a number of fixes and improvements, but the main focus is on a bug which could prevent common command line utilities from being in the user's executable path, meaning the programs would not run if invoked without their full path name. The project's blog explains: "The 1.0.1 release was primarily motivated by bug #35541, which was reported shortly after the 1.0.0 release. If you installed Guix System with the graphical installer, chances are that, because of this bug, you ended up with a system where all the usual GNU/Linux commands - ls, grep, ps, etc. - were not in $PATH. That in turn would also prevent Xfce from starting, if you chose that desktop environment for your system. We quickly published a note in the system installation instructions explaining how to work around the issue."
* * * * *
Antergos, a rolling release distribution based on Arch Linux, is shutting down. The project has announced development of Antergos has ceased and website resources will be discontinued later this year. People currently using Antergos will be able to continue receiving package updates from Arch Linux repositories. "Today, we are announcing the end of this project. As many of you probably noticed over the past several months, we no longer have enough free time to properly maintain Antergos. We came to this decision because we believe that continuing to neglect the project would be a huge disservice to the community. Taking this action now, while the project’s code still works, provides an opportunity for interested developers to take what they find useful and start their own projects. For existing Antergos users: there is no need to worry about your installed systems as they will continue to receive updates directly from Arch. Soon, we will release an update that will remove the Antergos repos from your system along with any Antergos-specific packages that no longer serve a purpose due to the project ending."
* * * * *
Matthew Miller, Fedora's Project Leader, took to Reddit this past week to chat with the community and answer questions. Miller fielded questions on challenges Fedora faces, the project's release cycle length, Fedora's Silverblue edition, and reproducible builds, among other topics. The entire back and forth can be found in this Reddit thread.
* * * * *
These and other news stories can be found on our Headlines page.
|
Questions and Answers (by Jesse Smith) |
Setting up a firewall and finding service ports
Creating-firewall-rules asks: I've been setting up my firewall and started out by blocking everything, going out or coming in. Then added a rule allowing traffic out on port 80. When testing this, my web browser connects and shows me web pages. But doesn't this mean packets are coming into my computer too, even though I've only allowed outgoing traffic? Also, when I make new rules how should I go about finding out which ports need to be opened, for say NFS, and how do I know if it needs UDP or TCP?
DistroWatch answers: As far as troubleshooting your existing firewall rules are concerned, I see two possible explanations as to why your web traffic is getting through. The first, is that some firewall configuration tools will default to blocking all incoming traffic, or all outgoing traffic, but generally not both. You mentioned you began by blocking everything (which is a good start). But it could be that you are only blocking all traffic in one direction. If you are using a tool like gufw check to make sure both incoming and outgoing fields are set to Deny.
The second thing to consider is it sounds like you have successfully opened an outgoing port (80, in this case), but are not expecting traffic coming back from that connection to get through. Assuming I understand correctly, you are wondering why traffic comes back into your computer over port 80 when you have not yet created a rule allowing it. Firewall tools generally create rules based around initial connections rather than individual packets. So if you open a browser and try to form an outgoing connection over port 80, your firewall checks its rules and confirms this is allowed. When packets come back over this same connection, the firewall sees it has already allowed this connection and lets the packets into your computer. Likewise, if you allow traffic to come in on port 22 to allow secure shell access, you do not need to also explicitly allow outgoing traffic on port 22. The firewall rules cover how initial contact can be made rather than the back and forth packet traffic which results over the established connection.
As to how you can go about learning which ports to open in order to grant access to specific services, check out the text file /etc/services on your computer. It lists service names and their corresponding port numbers. NFS, for instance, is associated with port 2,049 and with both UDP and TCP. Its entry looks like this:
nfs 2049/tcp
nfs 2049/udp
The entry for secure shell (ssh) is:
ssh 22/tcp
This tells us that secure shell needs network port 22 open and only uses TCP. If a network service is not listed in the /etc/services file, connection requirements will probably be mentioned in the service's on-line documentation. If that fails, a trick you can use is to start the service and then run the command
nmap -p 1-65000 localhost
This scans your own computer on its first 65,000 ports to see which ports are in use. (Almost all services use port numbers less than 65,000.) Even when the firewall is blocking all ports, nmap can see the service trying to use the port and will let you know which port number it is using and which protocol (TCP or UDP) it expects to receive.
* * * * *
Additional answers can be found in our Questions and Answers archive.
|
Released Last Week |
Tails 3.14
The Amnesic Incognito Live System (Tails) is a Debian-based live DVD/USB with the goal of providing complete Internet anonymity for the user. The product ships with several Internet applications, including web browser, IRC client, mail client and instant messenger, all pre-configured with security in mind and with all traffic anonymised. The distribution's latest release is Tails 3.14 which includes fixes for various CPU hardware bugs, updates the kernel and streamlines the live disc. "Upgrades and changes: Update Linux to 4.19.37 and most firmware packages. This should improve the support for newer hardware (graphics, Wi-Fi, etc.). Enable all available mitigations for the MDS (Microarchitectural Data Sampling) attacks and disable SMT (simultaneous multithreading) on all vulnerable processors to fix the RIDL, Fallout and ZombieLoad security vulnerabilities. Update Tor Browser to 8.5. Remove the following desktop applications: Gobby, Pitivi, Traverso." Further details and a list of known issues can be found in the project's release announcement.
Kali Linux 2019.2
Kali Linux is a Debian-based distribution with a collection of security and forensics tools. The distribution has published a new update, Kali Linux 2019.2, which includes updated tools and changes to the project's ARM builds: "Tool upgrades: This release largely features various tweaks and bug fixes but there are still many updated tools including seclists, msfpc, and exe2hex. For the complete list of updates, fixes, and additions, please refer to the Kali Bug Tracker Changelog. ARM updates: For our ARM users, be aware that the first boot will take a bit longer than usual, as it is requires the reinstallation of a few packages on the hardware. This manifests as the login manager crashing a few times until the packages finish reinstalling and is expected behaviour." Further details can be found in the project's release announcement.
Kali Linux 2019.2 -- Exploring the Lite edition's menu
(full image size: 884kB, resolution: 1280x1024 pixels)
openSUSE 15.1
The openSUSE team have announced the release of openSUSE 15.1. The new version introduces updated graphics support, Network Manager will handle network connections on desktop computers by default and YaST now offers more options for handling services, taking advantage of systemd features. "An entirely new graphics stack update is available for this stable community- and enterprise-based open-source GNU/Linux distribution. Graphics hardware supported by the 4.19 Linux Kernel were backported for the release of Leap 15.1, which uses the 4.12 Linux Kernel and supports additional graphics drivers for Graphics Processing Unit (GPU) and improved support for AMD Vega chipset. GPU virtualization has become quite popular among vendors like AMD, Intel and NVIDIA and Leap 15.1 helps to delivers these implementation and support solutions for virtualized and cloud environments. Leap 15.1 will now use Network Manager by default for both laptops and desktops - previously only laptops defaulted to Network Manager. Server installations will continue to default to Wicked, the openSUSE advanced network configuration system. The release adds a few popular WiFi drivers for more modern wireless chipsets. A change that applies to both Wicked and Network Manager is that /etc/resolv.conf, yp.conf and some other files are a link to a file in /run and are managed by netconfig. The management of system services in YaST has been revamped to take advantage of many of the features offered by systemd in that area." Further details can be found in the release announcement and in the release notes.
BlackArch Linux 2019.06.01
The developers of BlackArch Linux, an Arch Linux-based distribution designed for penetration testers and security researchers, and containing a large collection of penetration-testing and security utilities, have announced the release of version 2019.06.01. As usual, the new release updates the underlying Linux system and brings several new tools: "Today we have released the new BlackArch Linux ISO and OVA images. Here is the changelog: added more than 150 new tools; added 'jedi-vim' plugin; updated vim plugins; included Linux kernel 5.1.4; ISO image file cleanups and tweaks; updated blackarch-installer to vercion 1.1.1; updated Xresources and Xdefaults, plus added support for rxvt-unicode; package quality assurance (runtime checks) was performed prior the ISO image build; updated all BlackArch tools and packages, including configuration files; updated all system packages; updated all window manager menus (Awesome, Fluxbox, Openbox)." Visit the project's blog to read the full release announcement. The full BlackArch ISO image is now over 11 GB in size and only suitable for USB media or VirtualBox, but the project also provides a CD-size "netinst" image that pulls packages from the distribution's mirrors during installation.
* * * * *
Development, unannounced and minor bug-fix releases
|
Torrent Corner |
Weekly Torrents
The table below provides a list of torrents DistroWatch is currently seeding. If you do not have a bittorrent client capable of handling the linked files, we suggest installing either the Transmission or KTorrent bittorrent clients.
Archives of our previously seeded torrents may be found in our Torrent Archive. We also maintain a Torrents RSS feed for people who wish to have open source torrents delivered to them. To share your own open source torrents of Linux and BSD projects, please visit our Upload Torrents page.
Torrent Corner statistics:
- Total torrents seeded: 1,431
- Total data uploaded: 25.7TB
|
Upcoming Releases and Announcements |
Summary of expected upcoming releases
|
Opinion Poll |
Do you enable a firewall on your computer?
For devices connected directly to the Internet, particularly ones which run network services, it is important to have a firewall in place to filter out unwanted traffic and prevent attacks against services. However, many personal computers run behind a router or other firewalled device and may not run any network services. This has led some people (and some distribution maintainers) to prefer to not use a firewall on their operating system.
We would like to know if you run a firewall on your personal desktop or laptop computer, or if you feel it is unnecessary.
You can see the results of our previous poll on running GNU/Linux distributions on mobile devices in last week's edition. All previous poll results can be found in our poll archives.
|
Using a firewall at home
I do enable a firewall on my home computer: | 1179 (56%) |
I do not enable a firewall on my home computer: | 679 (32%) |
I use one on some home machine but not all: | 195 (9%) |
Unsure: | 61 (3%) |
|
|
DistroWatch.com News |
Distributions added to waiting list
- Adelie Linux. Adelie Linux is a distribution which strives to use free software exclusively. It uses the musl library and offers several desktop environments running on multiple hardware architectures.
- EducatuX. EducatuX is a Debian-based Brazilian distribution for use in classrooms. It features the Cinnamon desktop environment.
- TSURUGI Linux. TSURUGI Linux is an Ubuntu-based distribution used for forensics, malware analysis, and incident response investigation.
* * * * *
DistroWatch database summary
* * * * *
This concludes this week's issue of DistroWatch Weekly. The next instalment will be published on Monday, 3 June 2019. Past articles and reviews can be found through our Article Search page. To contact the authors please send e-mail to:
- Jesse Smith (feedback, questions and suggestions: distribution reviews/submissions, questions and answers, tips and tricks)
- Ladislav Bodnar (feedback, questions, donations, comments)
- Bruce Patterson (podcast)
|
|
Tip Jar |
If you've enjoyed this week's issue of DistroWatch Weekly, please consider sending us a tip. (Tips this week: 0, value: US$0.00) |
|
|
|
bc1qxes3k2wq3uqzr074tkwwjmwfe63z70gwzfu4lx lnurl1dp68gurn8ghj7ampd3kx2ar0veekzar0wd5xjtnrdakj7tnhv4kxctttdehhwm30d3h82unvwqhhxarpw3jkc7tzw4ex6cfexyfua2nr 86fA3qPTeQtNb2k1vLwEQaAp3XxkvvvXt69gSG5LGunXXikK9koPWZaRQgfFPBPWhMgXjPjccy9LA9xRFchPWQAnPvxh5Le paypal.me/distrowatchweekly • patreon.com/distrowatch |
|
Extended Lifecycle Support by TuxCare |
| |
TUXEDO |
TUXEDO Computers - Linux Hardware in a tailor made suite Choose from a wide range of laptops and PCs in various sizes and shapes at TUXEDOComputers.com. Every machine comes pre-installed and ready-to-run with Linux. Full 24 months of warranty and lifetime support included!
Learn more about our full service package and all benefits from buying at TUXEDO.
|
Archives |
• Issue 1090 (2024-09-30): Rhino Linux 2024.2, commercial distros with alternative desktops, Valve seeks to improve Wayland performance, HardenedBSD parterns with Protectli, Tails merges with Tor Project, Quantum Leap partners with the FreeBSD Foundation |
• Issue 1089 (2024-09-23): Expirion 6.0, openKylin 2.0, managing configuration files, the future of Linux development, fixing bugs in Haiku, Slackware packages dracut |
• Issue 1088 (2024-09-16): PorteuX 1.6, migrating from Windows 10 to which Linux distro, making NetBSD immutable, AlmaLinux offers hardware certification, Mint updates old APT tools |
• Issue 1087 (2024-09-09): COSMIC desktop, running cron jobs at variable times, UBports highlights new apps, HardenedBSD offers work around for FreeBSD change, Debian considers how to cull old packages, systemd ported to musl |
• Issue 1086 (2024-09-02): Vanilla OS 2, command line tips for simple tasks, FreeBSD receives investment from STF, openSUSE Tumbleweed update can break network connections, Debian refreshes media |
• Issue 1085 (2024-08-26): Nobara 40, OpenMandriva 24.07 "ROME", distros which include source code, FreeBSD publishes quarterly report, Microsoft updates breaks Linux in dual-boot environments |
• Issue 1084 (2024-08-19): Liya 2.0, dual boot with encryption, Haiku introduces performance improvements, Gentoo dropping IA-64, Redcore merges major upgrade |
• Issue 1083 (2024-08-12): TrueNAS 24.04.2 "SCALE", Linux distros for smartphones, Redox OS introduces web server, PipeWire exposes battery drain on Linux, Canonical updates kernel version policy |
• Issue 1082 (2024-08-05): Linux Mint 22, taking snapshots of UFS on FreeBSD, openSUSE updates Tumbleweed and Aeon, Debian creates Tiny QA Tasks, Manjaro testing immutable images |
• Issue 1081 (2024-07-29): SysLinuxOS 12.4, OpenBSD gain hardware acceleration, Slackware changes kernel naming, Mint publishes upgrade instructions |
• Issue 1080 (2024-07-22): Running GNU/Linux on Android with Andronix, protecting network services, Solus dropping AppArmor and Snap, openSUSE Aeon Desktop gaining full disk encryption, SUSE asks openSUSE to change its branding |
• Issue 1079 (2024-07-15): Ubuntu Core 24, hiding files on Linux, Fedora dropping X11 packages on Workstation, Red Hat phasing out GRUB, new OpenSSH vulnerability, FreeBSD speeds up release cycle, UBports testing new first-run wizard |
• Issue 1078 (2024-07-08): Changing init software, server machines running desktop environments, OpenSSH vulnerability patched, Peppermint launches new edition, HardenedBSD updates ports |
• Issue 1077 (2024-07-01): The Unity and Lomiri interfaces, different distros for different tasks, Ubuntu plans to run Wayland on NVIDIA cards, openSUSE updates Leap Micro, Debian releases refreshed media, UBports gaining contact synchronisation, FreeDOS celebrates its 30th anniversary |
• Issue 1076 (2024-06-24): openSUSE 15.6, what makes Linux unique, SUSE Liberty Linux to support CentOS Linux 7, SLE receives 19 years of support, openSUSE testing Leap Micro edition |
• Issue 1075 (2024-06-17): Redox OS, X11 and Wayland on the BSDs, AlmaLinux releases Pi build, Canonical announces RISC-V laptop with Ubuntu, key changes in systemd |
• Issue 1074 (2024-06-10): Endless OS 6.0.0, distros with init diversity, Mint to filter unverified Flatpaks, Debian adds systemd-boot options, Redox adopts COSMIC desktop, OpenSSH gains new security features |
• Issue 1073 (2024-06-03): LXQt 2.0.0, an overview of Linux desktop environments, Canonical partners with Milk-V, openSUSE introduces new features in Aeon Desktop, Fedora mirrors see rise in traffic, Wayland adds OpenBSD support |
• Issue 1072 (2024-05-27): Manjaro 24.0, comparing init software, OpenBSD ports Plasma 6, Arch community debates mirror requirements, ThinOS to upgrade its FreeBSD core |
• Issue 1071 (2024-05-20): Archcraft 2024.04.06, common command line mistakes, ReactOS imports WINE improvements, Haiku makes adjusting themes easier, NetBSD takes a stand against code generated by chatbots |
• Issue 1070 (2024-05-13): Damn Small Linux 2024, hiding kernel messages during boot, Red Hat offers AI edition, new web browser for UBports, Fedora Asahi Remix 40 released, Qubes extends support for version 4.1 |
• Issue 1069 (2024-05-06): Ubuntu 24.04, installing packages in alternative locations, systemd creates sudo alternative, Mint encourages XApps collaboration, FreeBSD publishes quarterly update |
• Issue 1068 (2024-04-29): Fedora 40, transforming one distro into another, Debian elects new Project Leader, Red Hat extends support cycle, Emmabuntus adds accessibility features, Canonical's new security features |
• Issue 1067 (2024-04-22): LocalSend for transferring files, detecting supported CPU architecure levels, new visual design for APT, Fedora and openSUSE working on reproducible builds, LXQt released, AlmaLinux re-adds hardware support |
• Issue 1066 (2024-04-15): Fun projects to do with the Raspberry Pi and PinePhone, installing new software on fixed-release distributions, improving GNOME Terminal performance, Mint testing new repository mirrors, Gentoo becomes a Software In the Public Interest project |
• Issue 1065 (2024-04-08): Dr.Parted Live 24.03, answering questions about the xz exploit, Linux Mint to ship HWE kernel, AlmaLinux patches flaw ahead of upstream Red Hat, Calculate changes release model |
• Issue 1064 (2024-04-01): NixOS 23.11, the status of Hurd, liblzma compromised upstream, FreeBSD Foundation focuses on improving wireless networking, Ubuntu Pro offers 12 years of support |
• Issue 1063 (2024-03-25): Redcore Linux 2401, how slowly can a rolling release update, Debian starts new Project Leader election, Red Hat creating new NVIDIA driver, Snap store hit with more malware |
• Issue 1062 (2024-03-18): KDE neon 20240304, changing file permissions, Canonical turns 20, Pop!_OS creates new software centre, openSUSE packages Plasma 6 |
• Issue 1061 (2024-03-11): Using a PinePhone as a workstation, restarting background services on a schedule, NixBSD ports Nix to FreeBSD, Fedora packaging COSMIC, postmarketOS to adopt systemd, Linux Mint replacing HexChat |
• Issue 1060 (2024-03-04): AV Linux MX-23.1, bootstrapping a network connection, key OpenBSD features, Qubes certifies new hardware, LXQt and Plasma migrate to Qt 6 |
• Issue 1059 (2024-02-26): Warp Terminal, navigating manual pages, malware found in the Snap store, Red Hat considering CPU requirement update, UBports organizes ongoing work |
• Issue 1058 (2024-02-19): Drauger OS 7.6, how much disk space to allocate, System76 prepares to launch COSMIC desktop, UBports changes its version scheme, TrueNAS to offer faster deduplication |
• Issue 1057 (2024-02-12): Adelie Linux 1.0 Beta, rolling release vs fixed for a smoother experience, Debian working on 2038 bug, elementary OS to split applications from base system updates, Fedora announces Atomic Desktops |
• Issue 1056 (2024-02-05): wattOS R13, the various write speeds of ISO writing tools, DSL returns, Mint faces Wayland challenges, HardenedBSD blocks foreign USB devices, Gentoo publishes new repository, Linux distros patch glibc flaw |
• Issue 1055 (2024-01-29): CNIX OS 231204, distributions patching packages the most, Gentoo team presents ongoing work, UBports introduces connectivity and battery improvements, interview with Haiku developer |
• Issue 1054 (2024-01-22): Solus 4.5, comparing dd and cp when writing ISO files, openSUSE plans new major Leap version, XeroLinux shutting down, HardenedBSD changes its build schedule |
• Issue 1053 (2024-01-15): Linux AI voice assistants, some distributions running hotter than others, UBports talks about coming changes, Qubes certifies StarBook laptops, Asahi Linux improves energy savings |
• Issue 1052 (2024-01-08): OpenMandriva Lx 5.0, keeping shell commands running when theterminal closes, Mint upgrades Edge kernel, Vanilla OS plans big changes, Canonical working to make Snap more cross-platform |
• Issue 1051 (2024-01-01): Favourite distros of 2023, reloading shell settings, Asahi Linux releases Fedora remix, Gentoo offers binary packages, openSUSE provides full disk encryption |
• Issue 1050 (2023-12-18): rlxos 2023.11, renaming files and opening terminal windows in specific directories, TrueNAS publishes ZFS fixes, Debian publishes delayed install media, Haiku polishes desktop experience |
• Issue 1049 (2023-12-11): Lernstick 12, alternatives to WINE, openSUSE updates its branding, Mint unveils new features, Lubuntu team plans for 24.04 |
• Issue 1048 (2023-12-04): openSUSE MicroOS, the transition from X11 to Wayland, Red Hat phasing out X11 packages, UBports making mobile development easier |
• Issue 1047 (2023-11-27): GhostBSD 23.10.1, Why Linux uses swap when memory is free, Ubuntu Budgie may benefit from Wayland work in Xfce, early issues with FreeBSD 14.0 |
• Issue 1046 (2023-11-20): Slackel 7.7 "Openbox", restricting CPU usage, Haiku improves font handling and software centre performance, Canonical launches MicroCloud |
• Issue 1045 (2023-11-13): Fedora 39, how to trust software packages, ReactOS booting with UEFI, elementary OS plans to default to Wayland, Mir gaining ability to split work across video cards |
• Issue 1044 (2023-11-06): Porteus 5.01, disabling IPv6, applications unique to a Linux distro, Linux merges bcachefs, OpenELA makes source packages available |
• Issue 1043 (2023-10-30): Murena Two with privacy switches, where old files go when packages are updated, UBports on Volla phones, Mint testing Cinnamon on Wayland, Peppermint releases ARM build |
• Issue 1042 (2023-10-23): Ubuntu Cinnamon compared with Linux Mint, extending battery life on Linux, Debian resumes /usr merge, Canonical publishes fixed install media |
• Issue 1041 (2023-10-16): FydeOS 17.0, Dr.Parted 23.09, changing UIDs, Fedora partners with Slimbook, GNOME phasing out X11 sessions, Ubuntu revokes 23.10 install media |
• Issue 1040 (2023-10-09): CROWZ 5.0, changing the location of default directories, Linux Mint updates its Edge edition, Murena crowdfunding new privacy phone, Debian publishes new install media |
• Issue 1039 (2023-10-02): Zenwalk Current, finding the duration of media files, Peppermint OS tries out new edition, COSMIC gains new features, Canonical reports on security incident in Snap store |
• Issue 1038 (2023-09-25): Mageia 9, trouble-shooting launchers, running desktop Linux in the cloud, New documentation for Nix, Linux phasing out ReiserFS, GNU celebrates 40 years |
• Issue 1037 (2023-09-18): Bodhi Linux 7.0.0, finding specific distros and unified package managemnt, Zevenet replaced by two new forks, openSUSE introduces Slowroll branch, Fedora considering dropping Plasma X11 session |
• Issue 1036 (2023-09-11): SDesk 2023.08.12, hiding command line passwords, openSUSE shares contributor survery results, Ubuntu plans seamless disk encryption, GNOME 45 to break extension compatibility |
• Full list of all issues |
Star Labs |
Star Labs - Laptops built for Linux.
View our range including the highly anticipated StarFighter. Available with coreboot open-source firmware and a choice of Ubuntu, elementary, Manjaro and more. Visit Star Labs for information, to buy and get support.
|
Random Distribution |
Metadistro-Pequelin
Pequelin was a Knoppix-based Spanish live CD distribution designed specifically for children and educational use.
Status: Discontinued
|
TUXEDO |
TUXEDO Computers - Linux Hardware in a tailor made suite Choose from a wide range of laptops and PCs in various sizes and shapes at TUXEDOComputers.com. Every machine comes pre-installed and ready-to-run with Linux. Full 24 months of warranty and lifetime support included!
Learn more about our full service package and all benefits from buying at TUXEDO.
|
Star Labs |
Star Labs - Laptops built for Linux.
View our range including the highly anticipated StarFighter. Available with coreboot open-source firmware and a choice of Ubuntu, elementary, Manjaro and more. Visit Star Labs for information, to buy and get support.
|
|