Linux Laptop – Fedora

Howard Gibson

2018/11/24

Contents

1 Introduction 1

1.1 Objective . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

1.2 Copyright . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

1.3 Why Linux? . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

1.4 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

1.4.1 Installation . . . . . . . . . . . . . . . . . . . . . . . . 3

1.4.2 DVDs . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

1.4.3 MBR and GPT Formatted Disks . . . . . . . . . . . . 3

2 Hardware 4

2.1 Laptop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

2.2 CPU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

2.3 Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

2.4 Hard Drive . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

2.5 DVD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

2.6 Video Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

2.7 Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

2.8 Sound Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

i

2.9 Modem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

2.10 Keyboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

2.11 Webcam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

2.12 Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2.13 Battery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2.14 Slots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

3 Installation 7

3.1 Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

3.2 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

3.3 Partitioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

3.4 Sudo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

3.5 Install Media . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

3.6 Text Editing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

3.7 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

3.7.1 Booting for the First Time . . . . . . . . . . . . . . . . 12

3.8 As Installed Partitioning . . . . . . . . . . . . . . . . . . . . . 13

3.9 Re-installation . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

3.10 Exploring the Desktop . . . . . . . . . . . . . . . . . . . . . . 14

3.11 Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

3.12 Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

3.13 Terminal Sessions . . . . . . . . . . . . . . . . . . . . . . . . . 16

3.14 New Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

3.15 Bluetooth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

3.16 Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

3.17 More Software . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

3.18 Programming . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

3.19 Window Managers . . . . . . . . . . . . . . . . . . . . . . . . 19

3.19.1 XFCE . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

ii

3.19.2 LXDE . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

3.19.3 Other Window Managers . . . . . . . . . . . . . . . . . 20

3.20 Fortune Cookie . . . . . . . . . . . . . . . . . . . . . . . . . . 20

3.21 More Security . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

3.21.1 Disable Ping . . . . . . . . . . . . . . . . . . . . . . . . 21

3.21.2 Login Window (Display Managers) . . . . . . . . . . . 22

A Backups 23

B Mounting a USB Stick While Installing 24

C Encryption 25

iii

iv

1

1 Introduction

1.1 Objective

Test the default installation of a popular Linux distribution, in this case,Fedora 28 (32bit).

I have been installing Linux since 1995. I have been formally trained in UNIXadministration. I have developed all sorts of installation and usage habitswhich are of no interest to ordinary people who might be tempted to installLinux. The install instructions for my regular computers show all sorts ofcustomizations I like to do.

I want to know how easy it is for an ordinary mortal to install Linux. I willdo a standard installation. I will customize only if something important ismissing. I will not use vi.1 I will use the editor nano if absolutely necessary,but I will use easily located graphical administration tools whenever possible.

The OS is Fedora 28 (32bit), downloaded from Fedora’s website, 2018/08/31The installation was on 2018/09/02.

1.2 Copyright

This document is copyright © 2018 by Howard Gibson. You may post thison web pages and bulletin boards free of charge. All other rights are reserved.

1.3 Why Linux?

Linux is Free Software. Your computer should not be encumbered by copy-rights and Digital Rights Management (DRM). Proprietary software publish-ers are trying so hard to prevent unathorized copying that they can preventyou from installing and using copies you purchased, and are authorized touse. Also, if you cannot run the application you used to create your data,you don’t own your data!

1Bill Joy from Sun Microsystems, wrote vi back in the seventies. It is the standardUNIX system administration text tool, and UNIX/Linux administrators are expected toknow it.

2 1 INTRODUCTION

Linux is not hard to install on most computers. The latest “bleeding edge”video and sound cards may give you trouble. If you are buying a new com-puter, you should do some research on the hardware. If your computer isolder, Linux should have all the drivers you need. You need to research Linuxsupport on printers and scanners. Not everything works.

A basic Linux install will include some very good graphics programs, par-ticularly GIMP, a good substitute for Adobe Photoshop. Just about everyprogramming tool is available for Linux, except for the proprietary Microsoftones like Visual Basic and C#.

Linux can run efficiently on older, slower computers, because you can selectsmaller, faster user interfaces and applications. Install the window managersXFCE and LXDE. Libre Office is a credible alternative to Microsoft Officebecause it is just about as bloated as Microsoft Office. Try the word processorAbiWord, and the spreadsheet Gnumeric. You could learn to use LATEX,whose files are edited with a text editor.2

Linux is less capable at video games and multimedia. There are lots of FreeSoftware computer games out there, but the best stuff is commercial andproprietary. Few publishers support Linux.

The big problem with Linux and multi-media is ideological. Most mediaformats are proprietary. GNU and Linux are the work of Free Softwarepeople, who are reluctant to support proprietary formats. If you spend anhour or so surfing GNU.org , you will understand who you are dealing with.The GNU “Copyleft” really is a copyright. All copyrights are supported bythe Free Software community.

Linux can be made to support multi-media. I watch YouTube and Netflixon my Linux box. I can watch most commercial DVDs. Don’t expect theFree Software community to knock itself out to help you.

For more information on the thinking behind Free Software, just follow thelinks. You can get support for most media formats. Just search Google forLinux multi-media support.

2This document is maintained in LATEX. The best reference on LATEX is A Guide toLATEX 2ε by Helmut Kopka and Patrick W. Daly, Addison Wesley books. This bookprovides good document templates. I have not found other references to be useful.

1.4 Summary 3

1.4 Summary

1.4.1 Installation

Fedora 28 (32bit) is installed fairly easily by ordinary people. The installsoftware was not absolutely stable. I had to restart the install a couple oftimes. If it acts weird, exit and start again. Definitely, Ubuntu is more stableand user-friendly.

The machine will have fairly well configured user accounts, and a workingfirewall. There are some nasty UNIX tricks that will improve security, butthese are not absolutely necessary.

Fedora’s default install creates a separate /home partition. This is whereyour data will be stored. This data can be preserved when you re-installGNU/Linux. This is very good.

Fedora’s default behaviour is to create user folders accessible only to theusers. This makes no sense to me. If you are a family or a working group,you want to see each other’s stuff. You can fix this, but it is one moreadministration step. I prefer Ubuntu’s behaviour on this.

1.4.2 DVDs

Download install ISO images from the internet. These can be burned toDVDs, or copied to USB sticks. New computers generally do not have DVDsor Blue-rays. There are instructions on the internet for creating bootableUSB sticks from ISO files.

If you are interested in Linux, buy one of the books. You get documenta-tion, and you support the community. Christopher Negus’ Linux Bible andUbuntu Bible continue to be updated as of 2020. I cannot find a Fedora Bibleless than ten years old. Google, or search the bookstore websites. Make sureyou are buying something recent. There are lots of older books for sale.

1.4.3 MBR and GPT Formatted Disks

If you are buying a new hard drive for an old computer, you need to readthe following carefully.

4 2 HARDWARE

New computers are being shipped with GPT formatted hard drives, andmotherboards that can use them. GPT is a more advanced disk format.Among other things, it allows many more primary partitions. The oldMBR format3 only allows four. For my Fedora 26 install onto my new harddrive, this was a very nasty surprise. My Gigabyte GA-990FXA-UD3 Ver-sion 1.1, motherboard4 did not work with my new hard drive, a WesternDigital WD2003FZEX-0. The installed system showed the boot screens,then “Loading Operating System ...”, then it stopped. After a week of futilehacking, I bought a new 2TB hard drive, and now everything works! theWD drive now is my /archive drive. It works. I just cannot boot from it.

If you are installing Linux on an old clunker computer and an old drive, youshould have no problems. If you are installing Linux on a new computer witha new, GPT capable motherboard and GPT formatted drive, you should haveno problems. The fun starts when you replace the hard drive on your oldclunker.

If you are buying a new hard drive for your old computer, ask questions at thestore. My non-functional drives were from Western Digital. My functionaldrive is from Seagate.

A crude rule of thumb is that if your “new” machine is working with whateveroperating system you have, your Linux install will work.

2 Hardware

This is a Lenovo Thinkpad T400. I purchased it second hand at Laptops forLess, at 3358 Lakeshore Blvd, in Etobicoke, Ontario.

The machine has a double density DVD burner, an Ethernet connection, andthree USB ports.

2.1 Laptop

Lenovo Thinkpad Model 6475GZ5, Serial Number R8-GEFYN 09/11

3MBR stands for Master Boot Record. GPT means GUID Partition Table. GUIDmeans Globally Uniquie IDentifiers. I don’t know the significance of any of this.

4The Gigabyte GA-990FXA-UD3 Version 3.0 is capable of booting GPT drives.

2.2 CPU 5

2.2 CPU

Intel Core 2 Duo CPU P8400 2.26GHz

2.3 Memory

It came with 4GB, in the form of two 2048MB DDR3 SD-RAM.

2.4 Hard Drive

ATA HDD0: Hitachi HTS723216L9SA60-(S1) listed at 160GB.

2.5 DVD

ATAPI CD0: Matshita DVD-RAM UJ862A-(S2)

2.6 Video Card

Intel HD graphics with up to 1.6 GB of shared video memory. This supportsan external monitor 1920x1200 16 million colours.

2.7 Monitor

14.1” 1280x800, and 16 million colours

2.8 Sound Card

Realtek codec ALC269 with 2-channel High-Definition (HD) audio

6 2 HARDWARE

2.9 Modem

Protocols & Specifications: ITU V.90, Max Transfer Rate: 56.0Kbps, Fea-tures: V.92 upgradable.

This is a “soft” modem requiring drivers, as opposed to a hardware modemthat just works. Linux drivers probably are available, but they are not FreeSoftware. When was the last time you used a modem?

I have gotten these modems working way back in the distant past.

2.10 Keyboard

Laptop keyboard with touch-pad and nipple. Cool! Also, there are two sets ofmouse buttons. The buttons near the nipple include a middle button. Withthe X Windows System graphical user interface, this is very good indeed.

2.11 Webcam

Oh oh!

1.3 megapixels with digital microphone. This camera has an LED that goeson when the camera is running.

Gnome comes with something called cheese to operate webcams.

I have tried running cheese remotely, using another computer as the display.It could not find a device. This is good. We do not want the webcam runningremotely.

Recent articles in the news show that webcams and impressionable younggirls are a bad combination. I don’t have a young girl, impressionable orotherwise, so there is no problem for me. I will refrain from taking myclothes off when asked. I promise!

Facebook is being blamed for recent teen suicides. Facebook does not havea live “please take your clothes off” feature. I suspect that the real culpritis Skype, which is available for Linux.

Like all other web-enabled devices, the webcam in your daughter’s bedroomwill be inaccessible to the internet if it does not exist. My newer Lenovolaptop does not have a webcam.

2.12 Network 7

2.12 Network

Integrated 10/100 Ethernet LAN

Atheros XSPAN BGN (802.11BGN) wireless

Bluetooth V2.1 technology

Wireless: 802.11 a/b/g/n (draft), Bluetooth 2.0, Network Interface: GigabitEthernet

2.13 Battery

6-cell Lithium ion

I have replaced this with a higher capacity battery, which give me a lifespanof around four and a half hours.

2.14 Slots

ExpressCard/54

3 Installation

3.1 Planning

I have replaced this machine with a newer, faster laptop. This now is a playtoy.

Newer machines all are 64 bit. Linux is a good way to extend the functionallife of older machines. Google Chrome is available for Linux in 64 bit, only.

I will treat this as a user’s primary computer. The machine must have emailand web surfing tools, as well as a Microsoft Windows compatible office suite.The ability to read and to save files in Microsoft DOCX, XLSX and PPTXis necessary.5

The user may have a family, and they may want to create extra accounts.

Programming is not necessary, but I will look at this as an option.

5If you share office files, you should stick with the older DOC, XLS and PPT formats.If people’s computers ain’t broke, they don’t fix them.

8 3 INSTALLATION

3.2 Security

This machine is a laptop. I expect it to be transported out of the home, andconnected to the internet in coffee shops, and in schools and colleges.6 Evenif the machine is kept at home, it may be plugged directly into an internetmodem. Wireless routers act as firewalls, but not everybody has one. Wewill activate and test the firewall.

If your laptop gets stolen, the best thing you can have is an encrypted harddrive. The bad guy will have your hardware, but your data will not beaccessible. An encrypted installation is not necessary for a desktop or serverthat stays at home, but this is a laptop.

3.3 Partitioning

Linux installers break the hard drive up into separate partitions.

There are two important issues with partitioning. I assume you plan to useyour computer for a fairly long time. Eventually, you will want to re-installLinux to get a more advanced version, or perhaps, a different distribution.

1. You need a root partition large enough to hold the newer version of theOS.

2. You do not want to harm your /home partition. This is where all ofyour data will be stored.

Fedora’s default behaviour is to create an extended partition with a root (/),and a /home partition. This means that we can replace the operating systemon root, leaving all your working data on /home intact.

3.4 Sudo

There are two ways to administer UNIX/Linux. You can have a root account,or you can use sudo.

Historically, UNIX type systems are installed with a super user account calledroot. This account has complete write access to everything on the computer.

6The Toronto Transit Commission provides WiFi in its subway stations.

3.5 Install Media 9

This is dangerous. Good practise is not use this account for anything otherthan system administration. When you are logged in as a regular user, yourability to damage your system is drastically reduced.

When you open any sort of UNIX/Linux terminal or shell, you are promptedby a text string ending in a dollar sign, $.7

When you log in as root, the prompt changes to a pound sign, #, also calleda hash sign in the computer world. This is a sign of danger. The hash signsays you are root, and that you can trash the system if you are not careful.

An alternate approach for all this is to not have a root account. A group ofusers are designated as administrators. To issue a root command, they go. . .

$ sudo nano /etc/group

The system prompts for the user password. The resulting increased accesscontinues for several minutes.

This is used on MacOS, Ubuntu and now, Fedora. I would prefer to keepthe root account. When I am logged in as root, I can see the hash sign, andI know there is a threat. On a single user machine, like mine, sudo makesadministration easier, and reduces the number of strong passwords I need totrack. This may be one of those six of one, half dozen other issues.

3.5 Install Media

The files you download from the distribution websites are ISO files. These areused to create potable DVDs or USB sticks. I find DVDs easier to manage.If your machine lacks a DVD reader, you will have to search the internetto find out how to install an ISO image onto your USB stick. The ISO forUbuntu 16.04.5, 32bit, is 1.6GB. Any cheap old USB stick will work. Ifyour computer will not boot from USB, you will have to pick up a USBDVD reader.

7The command line prompt is configurable. Fedora’s current default is to show theuser name, the computer name and the current directory. If you want to change this, youwill have to read up on it.

10 3 INSTALLATION

3.6 Text Editing

This document is written mostly with the text editor vim, a version of vi.This is an extremely efficient and productive editor once you learn it, espe-cially if you are a touch typist, like me. It is especially efficient with largedocuments, since you can navigate by doing the text seaches through thecommand line. It is the text editor of UNIX and Linux geeks everywhere.Unfortunately, it is mindbogglingly not user friendly.

Linux newbies need to try something else. You need a text editor that runsin a terminal session. You don’t always have the X Window System runningwhen you do administration.

The text editor nano, is available and strongly recommended. You navigatearound the text file using the arrow keys, just like you think it should. Ithas a CTRL key menu at the bottom of the screen.

When you are told to edit configuration files, use nano.

3.7 Installation

I mean to do a wireless installation. Plugging into your wired network isfaster and way more reliable, but sometimes, you have to do wireless.

1. You may have to go into your BIOS and select the boot device withyour OS on it.

2. Insert the DVD or USB stick, and boot the machine.

3. You have the following options. . .

• Start Fedora-Workstation-Live 28

• This this media & Start Fedora-Workstation-Live 28

• Troubleshooting

Let’s test the media and start Fedora. The test takes a while, and theboot takes a while longer.

4. The system boots up into a graphical screen with a window entitled“Welcome to Fedora”. From here you have two options Try Fedora,and Install to Hard Drive. Click on Install.

3.7 Installation 11

5. While the installation program loads, connect to the network.

(a) Click on “Applications” at the top left hand side of your computerscreen.

(b) There should be a stack of buttons running down the left hand sideof your screen. Click on the bottom one, “Show Applications”.

(c) Locate and click on [Settings].

(d) Click on [Wi-Fi], and select a network.

(e) If you not immediately prompted for a key, click on the sort ofwheel/light icon next to your network. When the configurationwindow comes up, select the “Security” tab.8

(f) Type in your security key.

(g) Click [Apply].

6. We are now in the first installation window, still titles “Welcome toFedora”. You have a list of languages to use during the installation.Select one and hit [Continue].

7. You are now in the “INSTALLATION SUMMARY” window.

LOCALIZATIONKEYBOARD TIME & DATEEnglish (US) America/New York timezoneSYSTEMINSTALLATION DESTINATIONAutomatic partitioning selected

My keyboard is English (US), so that is okay. Click on “TIME &DATE”.

8. Click on the map somewhere close to where you live, in my case,Toronto. Click [Done].

9. Click on “INSTALLATION DESTINATION”

10. Make sure your hard drive is selected. There should be a check markon it.

8You can pull down the menu at the top right-hand of your screen and activate thenetwork, but Fedora is finnicky. The “Setup” window provides more resources.

12 3 INSTALLATION

11. Under “Storage Configuration” you have the choices of Automatic,Custom, and Advanced Custom (Blivet-GUI). Select Automatic, andI would like to make additional disk space available.

12. Look at the “Encryption” button. See my remarks below on Encryp-tion. If your machine is a laptop and exposed to theft, you shouldencrypt it. If you have a desktop that stays in a nice, safe computerroom, you don’t want to encrypt it. I am setting up a laptop, so I amencrypting.

13. Click [Done] at the top of the screen.

14. Since I am encrypting, I get the “DISK ENCRYPTION PASSPHRASE”window. Type in your passphrase, Read my Encryption notes again :).

15. The “RECLAIM DISK SPACE” window comes up. Click [Delete All],the click [Reclaim Space].

16. In a few seconds, the error triangle on “INSTALLATION DESTINA-TION” goes away, and you are ready to start installing. At this point,nothing on your computer has been touched. You can remove the Fe-dora DVD and reboot back into the old operating system.

17. Click [Begin Installation]

18. When the installation is finished, the progress slide will show “Com-plete”. Hit [Quit] at the bottom right, to get out of the installer.9

19. Pull down the top right hand menu and click on the power-off icon toreboot. You may have to power your machine off and on again.

3.7.1 Booting for the First Time

Older versions of Fedora ask for a root password and a new user while youare installing.

1. On your first boot, you get a “Welcome” window. Nothing else shows.You might as well hit [Next].

9On my first install attempt, the system acted weird. It ejected the DVD and itrebooted. You may have to reboot the DVD and try again.

3.8 As Installed Partitioning 13

2. On the “Privacy” window, you can select or deselect Location Services,and Automatic Problem Reporting. I left these on. You don’t needto.

3. The “Online Accounts” window comes up. I can connect to my Google,Nextcloud, Microsoft and Facebook accounts. I am puzzled about this,since we have not yet set up a user. I hit [Skip].

4. “About You” comes up. You must enter your full name and your username. Don’t bother with [Enterprise Login]. Just hit [Next].

5. “Password”. Enter one.

The system now is ready for you to login.

3.8 As Installed Partitioning

I am showing you here how the disk drive got partitioned. There is no needfor you to do this.

The following output was done immediately after installing Linux, Note howI use sudo to get into fdisk. This command can wipe out everything on yourhard drive, so use it with extreme caution. Here, I read the partition table,then I exited without saving anything. I see no reason why an ordinary usershould run fdisk.10

[howard@LenovoW ~]$ sudo fdisk /dev/sda

[sudo] password for howard:

Welcome to fdisk (util-linux 2.32).

Changes will remain in memory only, until you decide to write them.

Be careful before using the write command.

Command (m for help): p

Disk /dev/sda: 149.1 GiB, 160041885696 bytes, 312581808 sectors

Units: sectors of 1 * 512 = 512 bytes

10If you are in fdisk, Enter the command “q” to quit without saving changes.

14 3 INSTALLATION

Sector size (logical/physical): 512 bytes / 512 bytes

I/O size (minimum/optimal): 512 bytes / 512 bytes

Disklabel type: dos

Disk identifier: 0x95196d6f

Device Boot Start End Sectors Size Id Type

/dev/sda1 * 2048 2099199 2097152 1G 83 Linux

/dev/sda2 2099200 312580095 310480896 148.1G 83 Linux

Command (m for help): q

[howard@LenovoW ~]$ df

Filesystem 1K-blocks Used Available Use% Mounted on

devtmpfs 1517592 0 1517592 0% /dev

tmpfs 1529984 6696 1523288 1% /dev/shm

tmpfs 1529984 2644 1527340 1% /run

tmpfs 1529984 0 1529984 0% /sys/fs/cgroup

/dev/mapper/fedora...-root 51343840 5548784 43157232 12% /

tmpfs 1529984 148 1529836 1% /tmp

/dev/sda1 999320 130032 800476 14% /boot

/dev/mapper/fedora...-home 97522996 121872 92404212 1% /home

tmpfs 305996 6112 299884 2% /run/user/1000

tmpfs 305996 16 305980 1% /run/user/42

[howard@LenovoW ~]$

Fedora has separated the /home partition from root. This is good. Fedorahas allowed around 51GB for /, and around 97GB for /home.

3.9 Re-installation

In a bit!

3.10 Exploring the Desktop

Gnome 3 shows a blank screen with a title bar across the top. On the lefthand side of the screen, you see the word “Activities”. Click on this.

You should see a stack of icons down the left hand side of the screen.

3.11 Firewall 15

• A Firefox logo – web browser

• An envelope – Evolution (emai)

• A speaker – Rhythmbox

• A file cabinet – it says “Files”.

• A shopping bag – Software

• An array of nine dots – “Show Applications”.

On the right hand side of the screen, you should see the right hand edge oftwo screens. You can select select these and scatter your running applicationsbetween multiple virtual windows.

3.11 Firewall

On any machine not located behind a firewall, this is absolutely critical.

I cannot find a Firewall icon. I clicked “Activities” at the top left hand of thescreen. I typed firewall in the “Type to search...” window. This broughtup a Firewall install window. I installed the graphical configuration tool byclicking [Install]. After it installed, I clicked [Launch].

Under “Zones”, I selected “external”. I went down through Services, Ports,Protocols and Source Ports, and I made sure everything was turned off.The only thing turned on was ssh, the secure remote shell. I turned thisoff.11 Next to “Configuration” at the top, pull down the button and select[Permanent].

3.12 Networking

Ubuntu automatically connects to your Ethernet and WiFi networks.

11The secure shell allows you to login remotely to your computer. If you do not under-stand UNIX shells, this feature is useless.

16 3 INSTALLATION

3.13 Terminal Sessions

Operating system and desktop developers try hard to make adminstrationtasks work from graphic users interfaces (GUIs). The time comes when youmust open a terminal and deal with the command line.

On a Gnome desktop, there are two ways to open a terminal.

1. Hit Alt-Ctrl-F2. A GNU/Linux destop has seven terminals, num-bered from 1 to 7. Typically, terminal 1 is your graphical desktop.Terminals 2 to 7 provide you with command line logins. For most dis-tributions, Alt-Ctrl-F1 gets you back to the graphical window. Makesure you logged out of the terminal.

2. Click on “Activities”. Click on [Show Applications]. Search for aterminal. The terminal may be located under Utilities.

I have written a HOWTO on the UNIX/Linux command line.

Now that we have a terminal running, we need to do a couple of things.Fedora 28 does not include by default, the editor nano. Also, we want toupgrade your operating system, installation all the latest patches and such.nano

1. Open a terminal.

2. Install nano

$ sudo dnf -y install nano

$ sudo dnf -y update

3. Exit the terminal.

The program dnf is Red Hat’s (Fedora’s) package installer. The -y switchdisables the “Are you sure” feature. The update takes a long time.

3.14 New Users 17

3.14 New Users

Let’s create some user accounts. You have sudo access. Your new usersprobably should not have this.

Click on “Activities” at the top left of the screen. In the “Type to search...”window, type users. You should see an icon for “Add or remove users andchange your password”. Click on this.

The “Users” window should show of your user account. At the top right ofthe window, you should see an “Unlock” icon. Click on this. Type in yourpassword to get system access.

At the top right, you should be the button [Add User...]. Click on this.

Type in the user name. Type in a password that is strong enough the systemwill accept it. Verify that the account type is [Standard]. Hit [Add] at thetop right of the window.

I have tested it, but I assume that an [Administrator] user has sudo access.

Ubuntu’s default is to leave user accounts readable, but not writable, by theoutside world. This is good. You can set more restrictive permissions on filesand folders. Your email program probably will lock your email account sothat only you, and people with administration access, can read it. Meanwhile,you all can share information.

The user configuration window allows you to attach pictures of your users, oryour users to attach pictures of themselves. This is cute, and it is a securityhole if your machine is exposed to jerks and assholes.

Open a file manager and try reading the folders of other users. These arefound under /home. Fedora’s default behaviour is to allow user access onlyto folders. This is a pain of your users are co-workers, friends, or familymembers.

3.15 Bluetooth

I tested Bluetooth. Just pull down the network icons at the top right of thescreen, and select Bluetooth. It works!

18 3 INSTALLATION

3.16 Printer

You probably have one.

If your printer is plugged into your USB, Ubuntu will find it and configureit.12 This takes a while, so be patient. When I set up my Hewlett Packard HPDeskjet 6940, it claimed it was missing drivers. When I launched “Settings”from the left side buttons, I went “Devices”, and “Printer”, and I requesteda test page, everything worked!

1. Click on the [Settings] icon on the left of the screen.

2. Click Devices.

3. Click Printers.

4. The window should indicate at this point that there are no printers.Click [Additional Printer Settings...].13

5. Click the Un-Lock icon. Enter your password at the prompt.

6. Hit [Add Printer].

7. Wait. It found my network printer!

8. Click on your printer. At this point, you should be able to open anapplication and print something.

9. Done!

3.17 More Software

Click on “Activities”, then click on the [Software]icon. Click [Let’s go shop-ping] Search through this for cool software packages to install. The GIMP (GNUImage Manipulation Program) is strongly recommend.

You can enable third party software. Some of this is not Free Software, asexplained on GNU.org If you want to play proprietary sound and videoformats, hit [Enable].

12I find that not every USB ports works on this stuff. If the printer is not seen, tryanother USB port.

13Hitting [Add a Printer...] looks like the right button, but it isn’t.

3.18 Programming 19

3.18 Programming

GNU/Linux is notoriously a good programmer’s environment. I did a searchand I found make, gcc, perl and python. I did not find g++, GNU’sC++ compiler.

The original GNU text editor Emacs is not installed. If you are serious aboutprogramming, you want Emacs and C++.

Open a terminal.

$ sudo dnf -y install emacs gcc-g++

3.19 Window Managers

Fedora’s standard window manager is Gnome 3. There are other windowmanagers out there that are worth looking at. I don’t like Gnome 3 verymuch. You may be installing Fedora as a way of making an older, slowermachine continue working. Some other window managers are smaller, faster,and they behave enough like Microsoft Windows that you understand whatthey are doing.

When you login, you will see a little gear next to the [Sign In] button. Clickon this, and you will see a list of desktops. Let’s add some. You will need toreboot to get these onto the login menu.

In all cases below, you need to open a terminal.

3.19.1 XFCE

XFCE describes itself as a lightweight window manager. Locate and open aterminal. . .

$ sudo dnf -y install @xfce

When you log into this thing, look carefully at the top menu bar. You havefour virtual windows you can click on. This way more convenient than Unity.

20 3 INSTALLATION

3.19.2 LXDE

This is another lightweight window manager. Again, locate and open a ter-minal. . .

$ sudo dnf -y install lxde-common

On first login, the virtual windows are at the bottom left of the menu bar.Right click on it. The “Desktop Pager” is configurable.

3.19.3 Other Window Managers

There are other window managers available for Ubuntu. KDE is the otherfancy, heavyweight manager. I run FVWM. You can Google all this stuff ifyou are interested.

3.20 Fortune Cookie

It ain’t *NIX if there is no joke printed at the opening of each commandshell.

If worst comes to worst, this is installable from a command line terminal,such as the Gnome terminal.

Red Hat (Fedora) Debian (Ubuntu)

$ sudo dnf -y install fortune-mod

I activated the fortune cookie byadding the following lines to thevery bottom of /etc/profile

$ sudo nano /etc/profile

FORTUNE=/usr/bin/fortune

if [ -x ${FORTUNE} ]; then

${FORTUNE}

fi

$ sudo apt -y install fortune-mod

I activated the fortune cookie byadding the following lines to thevery bottom of /etc/profile

$ sudo nano /etc/profile

FORTUNE=/usr/games/fortune

if [ -x ${FORTUNE} ]; then

${FORTUNE}

fi

3.21 More Security 21

Make sure you scroll all the way to the bottom of /etc/profile beforetyping anything in.

The terminal that is launched by Gnome does not automatically run theFortune Cookie. Pull down the edit menu. Select Preferences. Select Pro-files. You should see highlighted a profile called “Unnamed”. Click the Editbutton. Select Command. Ensure you have highlighted the button “Runcommand as a login shell”.

It will be worth it.

3.21 More Security

We now have a nice machine with separate user accounts, login security, anda firewall. This works fine on a home computer that sits behind a firewall. Ifyour home computer is plugged directly into a DSL or cable modem, or youare using outside Wi-Fi, you can improve security. I have two issues that arefairly easily corrected.

1. Even with a fully configured firewall, Ubuntu, and other Linux boxes,respond to ping. The ping command tests network addresses to see ifthere is a computer there. If your machine does not respond to this,crackers14 will need some other way to find out you are there. You havemade their lives more difficult.

2. The login window should not display user names. If a black-hat wantsto try to login to your machine, they should have to guess the passwordand the user name.

3.21.1 Disable Ping

Ping is a useful network debugging tool. If your computer sits behind afirewall, you should not disable this. If you are exposed to potentially hostileWi-Fi, you may want to do the following.

14Free Software people regard themselves as “hackers” to signify that they like hack-ing with computers. Criminals who break into other people’s machines should be called“crackers”. I don’t know what southern USA white people think about his.

22 3 INSTALLATION

To do this, we need to edit a configuration file. You must use sudo, and youmust be very, very careful. You need to edit sysctl.conf, scrolling to thevery bottom of the file to add this. . .

$ sudo nano /etc/sysctl.conf

###################################################################

# Disable ping

net.ipv4.icmp_echo_ignore_all=1

3.21.2 Login Window (Display Managers)

The standard Gnome/Unity login window shows a list of usernames, andit can display user photos and other graphics. This is fun and cute if themachine resides in a safe area. If it is exposed to unauthorized users, youmay want to force them to guess user names.

I investigated, and found out how to turn off user display on GDM, whichis what Ubuntu uses. This used to not be possible. I got the following fromthe help files on http://www.gnome.org.

This all is command line stuff, so you need sudo access, and you need to bevery, very careful.

1. Create the GDM profile /etc/dconf/profile/gdm, with the follow-ing. . .

$ sudo nano /etc/dconf/profile/gdm

user-db:user

system-db:gdm

file-db:/usr/share/gdm/greeter-dconf-defaults

2. Create the directory /etc/dconf/db/gdm.d.

$ sudo mkdir /etc/dconf/db/gdm.d

23

3. Create the keyfile /etc/dconf/db/gdm.d/00-login-screen contain-ing the following. . .

$ sudo nano /etc/dconf/db/gdm.d/00-login-screen

[org/gnome/login-screen]

# Do not show the user list

disable-user-list=true

4. Exit any applications you are running. When you restart GDM, youwill be logged out.

5. Update the system databases, and restart GDM. . .

$ sudo dconf update

$ sudo systemctl restart gdm.service

Weird things can happen if you do not reboot at this point.

This works better if you give yourself a creative, hard to guess user name.

A Backups

You need a strategy for backing up your hard drive.

I have had an administered, backed up hard drive since 1996. I was takingsome college courses, and getting involved in a ski club in 1998. My emailsand working files are still on my hard drive, although I used at least onecommercial application I cannot get working at the moment.

The primary threat to my data has been me stupidly deleting things, some-times realizing this months later. My primary hard drive has died on me. Ilost no data.

At present, I have two backup devices on my primary computer, a 4 terabytehard drive, and a Blue-ray burner. My automatic nightly backup is doneto the 4TB drive. Periodically, I copy my latest backup to a double density

24 B MOUNTING A USB STICK WHILE INSTALLING

Blue-ray disk, which has a capacity of 50GB. These are stored in my house,away from my computer. If I really wanted to be thorough, I could rent asafety deposit box at the bank, and store my backup Blue-rays there.

Optical disks, like Blue-rays, are disappearing off of new computers. I amconcerned that it will become hard to find Blue-ray disks, especially thedouble density ones. I love Blue-rays because the individual disks are cheap,and suitable for single use. I have recovered data months after having deletedit.

The Blue-ray requires me to limit the disk space I use. My biggest directoriesare my digital photo directory, and my email, which is archived at least backto 1997. I archive my digital photos to DVD. I am not intensively doinggraphical design, or engineering CAD.

The Cloud is an excellent resource for temporary sharing of information.As a long-term backup of information with security issues, it is risky. Askyourself why such a service is provided free. Assume that data uploaded toa free server is being scanned. Can you say “data mining”? An NDA15 willbe worthless when the owners of the server go out of business, and the bailiffsells their equipment to the highest bidder .

Consider how you store your backup media at home. If you are concernedabout security, you should store your backups in a locked cabinet or a safe.Once your backup has been transported to another Linux machine, it isaccessible to whoever has that root access.

You can encrypt your backups, but this makes it more difficult to do recov-eries. I try to avoid compressing my backups, because this takes time, andit can introduce data errors.

I may have to switch to portable USB drives. Tape drives still are available,and they have huge capacity. The tapes do not appear to be particularlycheap.

B Mounting a USB Stick While Installing

Maybe you will need to do this.

15Non Disclosure Agreement

25

I was having some problems with an install, and I decided to mount myUSB stick. During the install routine, this is fairly easy. Hit ctrl+alt+f4.Log in as root. You should not need a password. Insert your USB stick. Youwill see a gibberish message on the screen with something like /dev/sdb.This is your USB device. You need to create a file system as a mount point,then mount your stick.

# mdkir /usb

# mount /dev/sdb1 -o auto /usb

The mount command, above, specifies the device. Note that it is /dev/sdb1,not /dev/sdb. The -o auto tells Fedora to figure out the file system type.You could specify vfat, which probably is what it is, but why?

Now, you can copy files, or back up data. See my article on the UNIXCommand Line.

Now, you need to get back to your installation window. On Fedora andUbuntu, ctrl+alt+f1 should do it. Anything up to ctrl+alt+f7 will pro-duce a terminal.

C Encryption

These are general comments about encrypted file systems. Most of thesecomments apply to Microsoft Windows and Apple machines, as well as Linux.

As of 2018/02/07, I have encrypted my entire hard drive. My original Fedorasetup was an encrypted /home partition. When I attempted a Ubuntu install,it refused. If the /tmp and swap partitions are not encrypted, some of thenaughty stuff on /home can be accessed. Fedora does not care about this,but Ubuntu has a point.

When I first encrypted a file system on Fedora 10 on an older laptop, Imistyped the encryption key. Upon booting, I was unable to decrypt /home.After repeated attempts, the machine shut down the X Window system andprompted me for root’s password. As root, there was no way to change theencryption key or otherwise, decrypt the file system. It was possible to bootinto single user mode and log in as root. There was no way to mount the

26 C ENCRYPTION

partition. I loaded in the install DVD and tried to repair the install. Again,I was prompted for the /home partition encryption key. It was impossible tore-install Linux without the encryption key.

I booted into single user mode, again without the install DVD. As root,I reformatted the /home partition. I rebooted with the install DVD, and Irepeated the entire install process. It would have been possible to format andencrypt the /home partition from the command line, but I did not bother.

If you are running Fedora with an encrypted /home partition, it is not possibleto boot the machine into multi-user mode without the encryption key. Youcan boot into single user mode, but this is just a rescue procedure, andwhoever is doing it requires root’s password. No booting at all is possiblewith a fully encrypted drive, without the encryption key.

Once the machine is booted, anyone with a user password can access yoursystem and read your data.

Anyone who must be able to boot your computer must be told the encryptionkey. This is not an issue with a personal laptop. It will be an issue on aserver if the wrong people are on vacation, out at lunch and/or run over bytrucks.

If you write the raw partition out to tape or some other device, the data willbe encrypted. There is no convenient way to recover individual files from anencrypted backup. The backup media is unreadable without the encryptionkey.

If you write /home out to tape or some other device, the data will not beencrupted. If your backup is not encrypted, your backup media is readableby whoever can get at it. Almost all of my backup recoveries have consistedof me recovering individual files I have messed up somehow. If your datamust be secure, you must keep your un-encrypted backups in a secure place.

Passwords and encryption keys16 are not the same thing. A password isstored on your drive somewhere, usually encrypted. When you log in, you areprompted for the password, and what you type in is encrypted and comparedwith the stored, encrypted password.17 You can easily change your password.

16A lot of install instructions refer to keys as passwords.17Not all applications encrypt passwords. Probably, there are online applications out

there that don’t. The passwords are visible in plain text to whoever is administering them.This is one of the reasons you do not re-use passwords.

27

An encryption key is used to encrypt your data. If your encryption key iscompromised, you must re-install the file system. Be very careful with yourencryption key.

Shutting down a laptop such that it must be rebooted in the presence ofpotential hackers probably is a bad idea. If the laptop is being transportedand operated outside a secure environment, it should be put to sleep, ratherthan shut down.

My old Acer Aspire had a bad keyboard. Often, it took multiple tries to typein the encryption key and get the thing booted. On at least one occasion, Ihad to give up on using the laptop. If hackers had been watching me, theywould have had multiple opportunities to watch me type the key.

An encryption key is more secure if you are a touch typist, and you have agood keyboard.

Even an encrypted /home partition renders a laptop useless to anyone whodoes not have the key. A thief will be unable to boot the computer, muchless read data off of it. If the bad guys have stolen your computer, they canremove your drive, install it in their machine, and hack your encryption keyby brute force.

Encrypting a workstation or file server probably is not worth the trouble.Encryption really only works when the machine is shut down. Servers gen-erally are kept running. There should be no need to move these machinesout of a secure area. An encryption key must be written out and stored in acompany safe, or some other secure area.