GNU/Linux


Enhancing KeePassXC with YubiKey on Ubuntu: Enabling the Raw-USB Interface

In digital security, combining hardware-based authentication devices like YubiKey with robust password management solutions such as KeePassXC represents a gold standard. YubiKey provides a physical, secure element for two-factor authentication, significantly enhancing security over traditional password-only systems. KeePassXC, a free and open-source password manager, allows users to manage their passwords securely. However, when running KeePassXC as a Snap package on Ubuntu, users may encounter an unexpected hurdle due to Snap’s inherent security and isolation features. This post aims to guide you through enabling your YubiKey hardware to work seamlessly with KeePassXC installed via Snap by manually allowing the raw-usb to interface.

Understanding the Challenge

Snap, a package management and deployment system developed by Canonical, allows for the consistent, secure distribution and installation of applications across different Linux distributions. Snap packages are containerized to ensure isolation from the rest of the system, enhancing security by restricting the application’s access to the host system’s resources and hardware interfaces.

While these isolation features benefit security, they can also impose limitations. Specifically, for KeePassXC users wishing to utilize a YubiKey for added security, Snap’s default restrictions prevent the application from accessing the USB hardware directly. This is where the raw-usb interface comes into play.

The raw-usb Interface

The raw-usb interface in Snap allows a snap-packaged application to communicate with USB hardware directly, bypassing the usual restrictions. By enabling this interface for KeePassXC, the application can interact with your YubiKey, utilizing it for secure two-factor authentication.

Step-by-Step Guide to Enabling the raw-usb Interface

  1. Open Your Terminal: First, access your terminal. You can do this by pressing Ctrl + Alt + T on your keyboard or searching for “Terminal” in your applications menu.
  2. Execute the Command: In the terminal, type the following command:
 sudo snap connect "keepassxc:raw-usb" "core:raw-usb"

This command instructs your system to enable the raw-usb interface specifically for KeePassXC. Here’s a breakdown of the command:

  • sudo: This prefix grants administrative (superuser) permissions for the operation, which is necessary for modifying system-wide settings.
  • snap connect: This is the command to link a Snap package to a specific interface.
  • "keepassxc:raw-usb": Specifies the KeePassXC snap package and the raw-usb interface within it.
  • "core:raw-usb": Refers to the raw-usb interface the core Snap provides, which grants access to USB devices.
  1. Enter Your Password: After entering the command, you’ll be prompted to enter your password. This is the password you use to log in to your Ubuntu account. Since you’re executing a command with sudo, your password is required to confirm that you have the necessary permissions to make system-level changes.
  2. Confirmation: If successful, you won’t see a detailed message; the lack of error messages typically indicates that the operation was successful. You’ve now enabled KeePassXC to access USB devices directly.

Testing the Configuration

After enabling the raw-usb interface, launch KeePassXC and attempt to use your YubiKey as part of your two-factor authentication setup. If everything is configured correctly, KeePassXC should recognize your YubiKey without any issues.

Conclusion

The security of your digital life is paramount in an era where online threats are increasingly sophisticated. By integrating YubiKey with KeePassXC on Ubuntu, you significantly enhance your digital security posture. The process of enabling the raw-usb interface for KeePassXC, while a bit technical, is a small step with significant benefits for your security setup. It exemplifies the balance between security and usability, allowing you to leverage cutting-edge security hardware without compromising on the convenience and ease of use offered by modern Linux distributions and applications.


How to Free Space from /var/log by Removing Old Log Files

Introduction

Managing disk space is a critical task for system administrators and users alike. In Linux systems, the /var/log directory can become a source of space consumption due to the accumulation of log files. In this post, we’ll explore a simple command to free up space by deleting old compressed log files and discuss its pros and cons.

The Command

The command find /var/log -type f -name "*.gz" -delete is a powerful way to clean up space in the /var/log directory. Here’s a breakdown of what this command does:

  • find /var/log: Searches in the /var/log directory.
  • -type f: Restricts the search to files.
  • -name "*.gz": Looks for files ending with .gz, which are typically compressed log files.
  • -delete: Deletes the files that match the search criteria.

Pros

  1. Efficient Space Management: This command quickly frees up disk space consumed by old, compressed log files, which is essential for the smooth functioning of the system.
  2. Automatable: The command can be automated through a cron job or a script, making regular maintenance easier.
  3. Selective Deletion: It specifically targets .gz files, which are usually older log files that have been compressed, thus keeping the most recent logs intact.

Cons

  1. Potential Data Loss: Important historical data in the log files could be lost if they are deleted without proper review.
  2. Lack of Control Over File Age: This command does not discriminate based on the age of the log files. It deletes all .gz files, regardless of how recently they were compressed.
  3. No Backup: The command executes a direct deletion without creating backups, which could be problematic if a file is deleted accidentally.

Best Practices

  • Review Files Before Deletion: Run the command without the -delete flag first to review which files will be deleted.
  • Implement Log Rotation: Set up log rotation to manage log files systematically, compressing and archiving older logs while deleting the oldest ones.
  • Backup Important Logs: Always keep a backup of important logs before running any deletion command.

Conclusion

While the command find /var/log -type f -name "*.gz" -delete is an effective way to free up space in the /var/log directory, it’s important to use it judiciously. Understanding its pros and cons helps in making informed decisions about log management in a Linux environment.


How to Create a WiFi Hotspot in Ubuntu 22.04

Creating a WiFi hotspot on Ubuntu 22.04 is a straightforward process that can be very useful for sharing your internet connection with other devices. Turning your Ubuntu machine into a WiFi access point is a handy solution, whether at home or in a setting where a traditional WiFi network isn’t available. Here’s a detailed guide on configuring WiFi Access Points using the network-manager snap.

Prerequisites

Before we begin, ensure that you have the following:

  • A computer running Ubuntu 22.04.
  • A wireless network interface on your Ubuntu device.
  • The network-manager snap installed on your system.

Step-by-Step Guide to Create a WiFi Hotspot

Open the Terminal: First, open your terminal. You can do this by pressing Ctrl + Alt + T or searching for ‘Terminal’ in your applications menu.

Identify Your WiFi Interface: You need to know the name of your WiFi network interface. You can find this by running the command nmcli device status. Look for the device under the “DEVICE” column that has “wifi” listed in the “TYPE” column.

Configure the WiFi Hotspot: Use the following command to set up your WiFi hotspot:php

nmcli d wifi hotspot ifname <wifi_iface> ssid <ssid> password <password>;

Replace <wifi_iface> with your WiFi interface name, <ssid> with your desired network name (SSID) and <password> with your chosen password. Remember, the password should be between 8-63 characters or 64 hexadecimal characters.

For example, if your WiFi interface is wlan0, your desired SSID is MyHotspot, and your password is MyStrongPassword123, the command will look like this:

Connection Verification: If the command is successful, network-manager will create a connection named ‘Hotspot <N>’, where <N> is a number. This indicates your hotspot is active.

Shared Internet Connection: The created hotspot offers a shared connection by default. This means any device connected to your hotspot should be able to access the internet if your Ubuntu device has internet access.

Connecting Devices: Search for available WiFi networks on your other devices (like smartphones or laptops). You should see the SSID you set (MyHotspot in our example). Connect to it using the password you configured.

Tips and Considerations

  • Ensure your device has a stable internet connection if you intend to share it via the hotspot.
  • Keep your hotspot secure by using a strong, unique password.
  • Remember that using your computer as a hotspot may impact its battery life more quickly if not plugged in.

Conclusion

Creating a WiFi hotspot on Ubuntu 22.04 is a useful feature, especially when you need to share your internet connection quickly and efficiently. Following these simple steps, you can turn your Ubuntu machine into a reliable WiFi access point for various devices.

ncmli device wifi hotspot [ifname ifname] [con-name name] [ssid SSID] [band {a | bg}] [channel channel] [password password]
   Create a Wi-Fi hotspot. The command creates a hotspot connection profile according to Wi-Fi device capabilities and activates it on the device. The hotspot is secured with WPA if device/driver supports that, otherwise WEP is used. Use connection down or device down to stop the hotspot.

   Parameters of the hotspot can be influenced by the optional parameters:

   ifname
       what Wi-Fi device is used.

   con-name
       name of the created hotspot connection profile.

   ssid
       SSID of the hotspot.

   band
       Wi-Fi band to use.

   channel
       Wi-Fi channel to use.

   password
       password to use for the created hotspot. If not provided, nmcli will generate a password. The password is either WPA pre-shared key or WEP key.

       Note that --show-secrets global option can be used to print the hotspot password.
       It is useful especially when the password was generated.

How to Keep Firefox Windows on Top in Ubuntu 18.04LTS and Newer

If you’re a frequent user of Mozilla Firefox on Ubuntu 18.04LTS or newer versions (tested up to Ubuntu Desktop 22.04LTS and 23.04), you might have encountered situations where you wished you could keep your Firefox window on top of all other open applications. This can be particularly useful when you want to reference information from a web page while working on other tasks. In this blog post, we’ll guide you through the steps to set Firefox windows on top using native GNOME features.

Gnome has a built-in feature that lets you keep any window on top of others. Here’s how to do it with Firefox:

  1. Open Firefox: Launch Firefox by clicking on its icon in the Ubuntu application launcher or by pressing Super (Windows key) and searching for “Firefox.”
  2. Open the webpage you want to keep on top.
  3. While holding down the Super (Windows key), Right-click on the Firefox application.
  4. The usual menu with the options to manage the window will appear. Select the option “Always on top”.

Please note that the “Always on top” option will appear grayed out if your window is maximized.