Arch linux: Difference between revisions
UFW |
|||
Line 331: | Line 331: | ||
Basically AUR helpers are the likes of yaourt, apacman, cower, PKGBUILD, etc. I have only used yaourt and PKGBUILD so far. I have heard that yaourt is not the best AUR helper, because it is said to to be insecure. The only problem that I see with yaourt is that it automatically downloads the PKGBUILD without inspecting it first, compared to if you had done it manually you could have read the Author's note and inspect it manually. This could be potentially dangerous, as you yaourt might be compiling malicious source code. As I am a very new to Arch Linux, I was not totally aware of this and used yaourt on a couple of occasions. With so many secure alternatives, it is better not to use yaourt. | Basically AUR helpers are the likes of yaourt, apacman, cower, PKGBUILD, etc. I have only used yaourt and PKGBUILD so far. I have heard that yaourt is not the best AUR helper, because it is said to to be insecure. The only problem that I see with yaourt is that it automatically downloads the PKGBUILD without inspecting it first, compared to if you had done it manually you could have read the Author's note and inspect it manually. This could be potentially dangerous, as you yaourt might be compiling malicious source code. As I am a very new to Arch Linux, I was not totally aware of this and used yaourt on a couple of occasions. With so many secure alternatives, it is better not to use yaourt. | ||
==Firewall== | |||
UFW is the uncomplicated firewall. It is terminal based and very user friendly. | |||
Install ufw <code>pacman -S ufw</code> | |||
View ip configuration <code> ip addr </code> | |||
For a simple rule where you allow traffic from 192.168.0.1 to 192.168.0.255 and incoming SSH and telnet connections | |||
<code> | |||
ufw default deny | |||
ufw allow from 192.168.0.0/24 | |||
ufw allow SSH | |||
ufw allow telnet | |||
</code> | |||
Now enable ufw <code> ufw enable </code> | |||
Check if ufw is running <code> ufw status </code> , it should be running | |||
You can add other apps the same way, just view the <code> ufw app list </code> | |||
To delete a rule, let's say SSH in this case <code>ufw delete allow SSH </code> | |||
Blacklisting IP address | |||
To blacklist an IP you need to edit the following file <code>vim /etc/ufw/before.rules</code> | |||
To blacklist 139.59.152.107 just before the COMMIT add the following <code>-A ufw-before-input -s 139.59.152.107 -j DROP</code> | |||
==Conclusion== | ==Conclusion== | ||
Line 349: | Line 380: | ||
If this doesn't exist, then you are missing some packages. | If this doesn't exist, then you are missing some packages. | ||
Finally run this command with the correct info from your router <code>wpa_supplicant -B -i wlp2s0 -c <(wpa_passphrase "the network SSID" "wpa passkey")</code> | Finally run this command with the correct info from your router <code>wpa_supplicant -B -i wlp2s0 -c <(wpa_passphrase "the network SSID" "wpa passkey")</code> | ||
Wifi Should work | Wifi Should work now. | ||
==My ArchBox Screenshots== | ==My ArchBox Screenshots== | ||
[https://ibb.co/cyxM85 UFW status] | |||
[http://enos.itcollege.ee/~fislam/9.png Gnome Installed] | [http://enos.itcollege.ee/~fislam/9.png Gnome Installed] |
Latest revision as of 18:55, 8 May 2017
Written by: Farhan Islam-C11 Group
Arch Linux Usage
What is Arch Linux?
Arch is a Unix like Linux distribution. Arch started it’s journey in 2002, and is usually used by advanced users. Arch Linux is not super user friendly to begin, and therefore not recommended for rookies. However, the deal with Arch Linux is that it’s free of bloat-wares and uses a very minimalist approach, moreover it pushes to user to put great effort into understanding how the system works.
Top Reasons To Use Arch
Community Based
Arch Linux is community based, and not market based. It doesn’t need to bother about the markets and customers, in fact it’s all about the development process. Furthermore, Arch doesn’t need to be patched, it is kind of like a stock Android, where the user uses what the upstream developed. Arch Linux probably has the best community support of all the linux distros, and the Arch WIKI contains pretty much everything a user might require.
User Repository
Arch has massive software repositories. Arch has pretty much every application that is available through the packaging system on other distros, if not more. Arch calls it the Arch User Repository. It is a repository maintained by users, whereby users can compile and install packages from the source. Of course, users can also use Yaort command, if they prefer.
Different Desktop Environments
Support for majority of desktop environments. Mainstream linux distro like Ubuntu uses Unity uptill 16.10, and Unity by far the slowest desktop environment I’ve used. Although, users have the option to install Plasma, XFCE, MATE. Other environments like Gnome doesn’t work well on ubuntu. However, as of Ubuntu 17.04, Ubuntu has switched back to Gnome. Arch Linux supports LXDE,XFCE,Gnome,Mate and Cinnamon, and nothing seems to make it laggy, or break it.
Power User
Total User Control. Arch puts you in the pilot’s chair. The user has the ability to build everything from scratch, hence they can choose whatever they want instead of having to deal with unnecessary packages.
Rolling Releases
Rolling Releases. Unlike other distros, you do not come across a major update every 6 months. Arch uses rolling updates. That means, you are always running the latest packages, both desktop and kernel, as you don’t have to wait for a new distro, and you automatically get the latest packages.
Arch Linux Installation
Preparing VM
Download ISO
This is a long process, but first of all you need to get the official Arch Linux ISO from [1]
VM Specs
On Virtual Box you will need to create a EFI enabled virtual machine. In my case, I used 20GB dynamically allocated hard drive, 1.5GB RAM (EDIT: For Gnome I used 2.4gb ram, and later went back down to 1.5GB) and 85% Processor power. Once that's all done,mount the ISO and fire up the virtual machine.
Pre-Installation
Checking internet connection
Once inside the virtual machine, you will see a promt like root@archoiso ~ #
first thing you want to do is check whether the internet is working by simply doing ping -c 3 www.google.com
Partitioning
I recommend cgdisk or gdisk for EFI systems, it is very user friendly and straightforward. First of all you need to check your block devices and partitions.
lsblk
to view block devices
cgdisk /dev/sda
In my case it was /dev/sda
Now you need to start creating the partitions. You basically need just 3 partitions, boot, swap and root. For all of the partitions leave the first sector empty. Now create a partition.
Remember first sector empty
KGMTP 512MB
512MB is recommended by Arch Linux wiki for a EFI boot.
Hexcode: L to view all. Go with ef00
Partition name : boot
Create another partition /dev/sda2
Size in sectors(KMGTP): 2GB The rule is to allocate around 1.5 times the RAM for your Swap partition, so in my case it was 2GB approx.
Hexcode: 8200
Partition name : swap
Create the final partition /dev/sda3
Size in sectors(KMGTP): leave blank By leaving blank it will allocate the remaining space to this partition.
Hexcode: 8300
This is the main linux file system and is suitable for our root partition.
Partition name : root
EDIT: It is is a nice practice to separate the home and root partitions. I did not do it because I do not really intend on using this VM a lot. If you however, want Arch as your primary VM then do create a home partition separate from root and mount in the mount point.
lsblk
To verify the partitions exist
Formatting
Format boot partition mkfs.fat -F32 /dev/sda1
FAT32 is used for EFI boot.
Format swap partition mkswap /dev/sda2
Initialize swap swapon /dev/sda2
Format root partition mkfs.ext4 /dev/sda3
Ext4 journalling file system is used for root.
Mounting
Mount root mount /dev/sda3 /mnt
Now make directory mkdir /mnt/boot
Mount boot mount /dev/sda1 /mnt/boot
Installation
Listing Mirrors
You can skip this step if you want.Now you have the option to rank the mirrorlist, even though you do not really have to do this. To do so you need to edit /etc/pacman.d/mirrorlist
and un-comment the mirrors you want to rank. I suggest un-commenting at least 20 countries. Use rankmirrors -n 5 /etc/pacman.d/mirrorlist
to rank the top five mirrors , could take a few minutes.
Install base packages, Generate fstab
To install base packages pacstrap -i /mnt base base-devel
These are the core packages of an Arch Linux Installation.
FSTAB basically lists all the partitions and data sources and show how they are being used.
To generate fstab genfstab -U /mnt >> /mnt/etc/fstab
Check if fstab generated in /mnt/etc
Post installation of base packages
Mount Root Partition
First of all you need to get inside the newly installed system arch-chroot /mnt
You should see a slightly different prompt now.
Change language
Use the command nano /etc/locale.gen
Un-comment en_US.UTF-8
There should be two of these
Generate the locale locale-gen
Now the output needs to be saved echo LANG=en_US.UTF-8 > /etc/locale.conf
and exported export LANG=en_US.UTF-8
Set the Time Zone
Now change to Tallinn by creating a soft link ln -s /usr/share/zoneinfo/Europe/Tallinn > /etc/localtime
This might already exists
Now set hardware clock to utc hwclock –systohc –utc
Hostname
Setup the hostname by simply echoing the hostname and then outputting in etc echo bossman-arch > /etc/hostname
Double check /etc folder to see if hostname exists
32 bit support and Custom Repository
Type in nano /etc/pacman.conf
Find and uncomment multlib, not the testing, just the multilib and line beneath of course. Multilib makes sure you have access to 32bit programs
Custom Repository Configuration
In the same file, all the way in the bottom add a custom repository :
[archlinuxfr]
SigLevel= Never
Server= http://repo.archlinux.fr/$arch
Save changes and exit,and of course if you are editing a file you are expected to save it, so I might not always write save changes.
Installing yaourt
Run pacman to get yaourt pacman -Sy yaourt
Yaourt is basically the Arch Linux Users version of pacman. It is slighltly different, more on that later.
Setup root password
Setup root password passwd root
Simply type in the password and confirm it.
Add a Regular User
Add a regular user It is recommend to add a regular user for security reasons. You should never the use the computer as root user unless you have to, because the root user has absolute control over the system.
useradd -m -g users -G wheel,storage -s /bin/bash axon
-m flag is to create -g is the group flag -G on the other hand is the secondary group. Wheel is the Arch equivalent of nano, storage gives access to removable devices, and bash is the shell environment. Now set up a password for the user, passwd axon
Sudo Permissions
We need to make sure to edit one file so that the sudo password is asked everytime when doing a sudoers task.
EDITOR=nano.visudo
find %wheel and add on the line below Defaults rootpw
Now the sudo password will be prompted when doing sudeoers task.
At this point you might have to restart the system, you may encounter some error messages in the next step just reboot, remount and get chroot back in if it happens.
Bootloader Installation and Configuration
Verify EFI
mount -t efivarfs efivarfs /sys/firmware/efi/efivars
This should return that it's busy or already in use,it's a good thing if that happens, otherwise you need to recheck all the steps.
Install Bootctl
Now install the bootloader bootctl install
Export PARTUUID
blkid
Make a note of the UUID of /dev/sda3. The following steps must be done exactly this way except you will have a very different UUID.
blkid -s PARTUUID -o value /dev/sda3 > /boot/loader/entries/arch.conf
You just outputted the PARTUUID in arch.conf.
Edit Arch.conf
This needs to be done correctly, you should double check to make sure you have all the necessary files in the right directory.
nano /boot/loader/entries/arch.conf
You need to edit this configuration file. You will see the PARTUUID generated and nothing else on it. It should look like the following.
title Arch Linux
linux /vmlinuz-linux
initrd /initramfs-linux.img
options root=PARTUUID=*YOURUUID* rw
Save and exit. Vmlinuz is the name of a linux kernel executable. You should know that kernel is like the heart of an OS. Vmlinuz is compressed and bootable. Initrd is a scheme for temporary root file system into memory, which may be used as part of the Linux startup process. initrd and initramfs refer to two different methods of achieving this.
Install Ucode
For Intel processors only pacman -S intel-ucode
Is basically a microcode update file for Intel CPUs. I recommend doing this for compatibility issues.
Re-Edit Arch.conf
Now you have add ucode to config file /boot/loader/entries/arch.conf
and add another initrd above the former initrd like initrd /intel-ucode.img
Post Installation
The installation process is complete, but please make sure you safely shutdown the system instead of force quitting.
Exit chroot exit
Unmount everything umount -R /mnt
Mnt was a placeholder for root, now that we have the actual system waiting we do not need it.
Shutdown the system Shutdown now
Power off virtual machine
Eject ISO
Arch Linux Installation should be complete,however it is time to power up the VM without ISO, double check to see if the ISO is ejected and and the boot is set to hard drive.
Login the Newly Installed System
If you have done everything correctly a login prompt should appear. You can login using the your credentials.
Enable Internet
sudo su
For the sake of convenience become sudo as soon as you can.
Now that you are logged in if you try to ping something or get a package with pacman, it will fail, you must re-enable the internet connection.
First check ip link
The correct interface is not the first one or the loopback, it is the one with broadcast and in my case it was enp0s3, and the interface was down.
To re-enable systemctl enable dhcpcd@enp0s3.service
reboot
Reboot and ping google or some other site it should work fine.
Pre GUI Installation
For a traditional user who is coming from Windows or MAC, GUI is everything. Certain steps need to followed for this.
Xserver installation
pacman -S xorg-server xorg-server-utils xorg-xinit xterm mesa xorg-clock xorg-twm alsa-utils tmux
The following ar the reccomended packages,and they should all be installed.
Install Linux Headers
pacman -S linux-headers
header files used to compile the kernel -and other applications which depend on the structures defined in theseheader files, like kernel modules. An example can be graphic card drivers.
VBox Guest Additions Installations
Virtual Box guest additions allows the changing of resolution and using USB devices within the VM. Hence it must be done for GUI. To do so, simply insert the Virtual Box Guest Addition CD from the upper menu. It should be inserted. If you get an error it's probably because you have to IDE cdrom, just go back to virtualbox and create a blank IDE drive without mounting anything, then boot back into Arch VM and insert the guest additions cd, this will work.
Now you have to mount the cdrom mount /dev/cdrom /mnt
Navigate to /mnt examine and run the script ./VBoxLinuxAdditions.run
This should install virtual box guest additions.
pacman -Syu
Check for updates.
Checking Xserver
At this point you need to reboot again.Once back in the system startx
you should see some colored windows, this means xserver is ready for GUI.
Installing GUI/Desktop Environment
LXDE
Unlinke gnome lxde doesn't need so much space and this should be a straightforward installation. pacman -S lxde
Start LXDE by systemctl enable lxdm.service
Gnome
Gnome looks really nice, but it s also more power hungry. Note that installing the extra packages are optional,but they include essentials. pacman -S gnome gnome-extra gdm
Do not select nvidia even if you have an nvidia GPU. Also I found Gnome not working with VBox 3d Acceleration, and hence it lags when streaming videos.
Start gnome by systemctl enable gdm.service
Once the installation is done, all you need to do is a Reboot and you should see a Graphical login prompt. If you login and everything works, congratulations, the worst is over.
Post GUI Login
Installing Packages
This is only an example of how to use pacman, pkgbuild and yaourt, later I shall talk about AUR helpers, and other alteratives. Pacman is the official Arch Linux package manager, Yaourt is a AUR helper.
Pacman
Open up the terminal and sudo pacman -S firefox
Firefox will be installed just like that
PKGBUILD
PKGBUILD is a schell script built using makepkg utility. Geekbench 4 is a terminal based CPU benchmark app. This is a basic demonstration of how to install using makepkg.
Install Geekbench. Firstly get snapshot from this link [2] Navigate to downloaded location on terminal and do tar xf geekbench.tar.gz
and then navigate to this new folder makepkg -sci
-S flag to get all the dependencies,-c flag clean everything up afterwards, i flag to install after it's being built.
Please note, you can't be sudo and run this command, you will need to exit out of sudo. It will take some time to build packages and then a prompt will ask you if you want to install, of course press y. Installation will be done, and geekbench should be ready. Make sure you have the base devel
package also, without it you will not be able to make package.
yaourt
Yaourt doesn't need you to go look online for a snapshot instead if you already know what you're looking for it can be fetched just like pacman.It is similar to PKGBUILD but not secure, since you do not know what source code you're compiling, more on that in AUR Helpers.
yaourt -Sb google-chrome
This is to get google chrome with Yaourt, S flag to sync with AUR and B to backup. You will get a few warning just press y and continue, you will even get to edit the config file, but you dont really have to do anything you can have a look and exit anc continue and then there will be a password prompt for installation. Sit back and relax, the installation will be done in a few minutes.
Removing packages
To remove a single package without dependency pacman -R package
To remove a package with dependencies that which are not required by other applications pacman -Rs package
To recursively remove a package and dependencies, meaning the other applications using it will be potentially worthless pacman -Rsc package
Removing yaourt packages, basically the same except you replace pacman with yaourt yaourt -R package
If you installed with makepkg pacman should take care of the uninstalling.
AUR Helper
Basically AUR helpers are the likes of yaourt, apacman, cower, PKGBUILD, etc. I have only used yaourt and PKGBUILD so far. I have heard that yaourt is not the best AUR helper, because it is said to to be insecure. The only problem that I see with yaourt is that it automatically downloads the PKGBUILD without inspecting it first, compared to if you had done it manually you could have read the Author's note and inspect it manually. This could be potentially dangerous, as you yaourt might be compiling malicious source code. As I am a very new to Arch Linux, I was not totally aware of this and used yaourt on a couple of occasions. With so many secure alternatives, it is better not to use yaourt.
Firewall
UFW is the uncomplicated firewall. It is terminal based and very user friendly.
Install ufw pacman -S ufw
View ip configuration ip addr
For a simple rule where you allow traffic from 192.168.0.1 to 192.168.0.255 and incoming SSH and telnet connections
ufw default deny
ufw allow from 192.168.0.0/24
ufw allow SSH
ufw allow telnet
Now enable ufw ufw enable
Check if ufw is running ufw status
, it should be running
You can add other apps the same way, just view the ufw app list
To delete a rule, let's say SSH in this case ufw delete allow SSH
Blacklisting IP address
To blacklist an IP you need to edit the following file vim /etc/ufw/before.rules
To blacklist 139.59.152.107 just before the COMMIT add the following -A ufw-before-input -s 139.59.152.107 -j DROP
Conclusion
If you have managed to come this far and you have some prior Linux experience, you are going to be all right using Arch Linux. However, if you want a OS that is basically a replacement for Windows, then you should stick to Ubuntu or Mint. Arch Linux is very powerful, capable and customizable. All in all a very nice Operating System, and by using it you can learn a lot.
Questions
Why not use GRUB for bootloader? I understand the Installation manual on Arch Linux wiki suggest to install grub as the bootloader, and most linux distros use grub by default. However, if you want something plain and simple, you do not really need GRUB, you can stick to bootctl, and it will do just fine.
How do I set up wifi in case of a non virtualbox based installation?
You need to check to see if iw and wpa supplicants are installed pacman -S iw wpa_supplicant linux-firmware
If they are not there, please install them.
Afterwards do pacman -Syy
Then view the wpa supplication cat /etc/wpa_supplicant/wpa_supplicant-wlp2s0.conf
If this doesn't exist, then you are missing some packages.
Finally run this command with the correct info from your router wpa_supplicant -B -i wlp2s0 -c <(wpa_passphrase "the network SSID" "wpa passkey")
Wifi Should work now.
My ArchBox Screenshots
Arch Linux chroot mount prompt
References
Arch Linux WIki[3]
Five reasons to Use Arch[4]
Arch User Repository[5]