Prep Raspberry for PiHole

Raspberry Pi is great for filtering adds (and more). Build your PiHole on a Raspberry Pi !

First purchase your Raspberry Pi (starterkit with all you need or grab the stuff you need yourselves).

During the first boot of Raspbian (the operating system), answer all questions (defaults are OK in most cases).

Now launch the settings menu and set a fixed IP address and enable SSH

Update all packages on you Raspberry (from a terminal) :

$ sudo apt-get update && dist-upgrade or sudo apt-get update && sudo apt-get upgrade

open a terminal and install “Webmin” for easy maintenance :

$ sudo apt-get install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl apt-show-versions python
$ wget -qO- http://www.webmin.com/jcameron-key.asc | sudo apt-key add
$ sudo add-apt-repository "deb http://download.webmin.com/download/repository sarge contrib"
$ sudo apt update
$ sudo apt -y install webmin

Install PiHole (still in the terminal) :

$ curl -sSL https://install.pi-hole.net | bash

answer all questions (again defaults are OK in most cases).

 

How do I remove old kernel versions to clean up the boot menu

When running a Ubuntu instance with limited disc space, the /boot can get filled with old (obsolete) kernels. If you run out of disk space on /boot, this is hou to clean up space.

First make sure there is still about 20 percent of disk space left on /boot by removing old kernel files (pick the large ones, but don’t delete the files with the highest kernel version !!)

If needed, fix any pending updates :
sudo apt-get install -f

Now run this command to “cleanup” old kernel versions :
dpkg –list|grep linux-image|awk ‘{print $2}’|sort -V|sed -n ‘/’`uname -r`’/q;p’|xargs sudo apt-get -y purge

Only uname -r is between quotes on ~ key, rest are regular single quotes

greetz, M.

helpful tcpdump command options

When creating a tcpdump, you don’t want to exclude to much information, to prevent a trace becoming useless. However large output files can be a pain to load and examine in Wireshark. There are some solutions though.

Create multiple files

tcpdump -n -C 128 -W 100 -i eth0 -w /tmp/packetlog.pcap &

  • -n don’t do reverse lookup on IPs, don’t convert port numbers to text descriptions, don’t convert MAC addesses to names, etc..
  • -C 128 rotate capture files every 128,000,000 bytes (128MB)
  • -W 100 limit the number of capture files being rotated (see -C) to 100
  • -i eth0 capture on interface eth0
  • -w /tmp/packetlogs/packetlog.pcap use file name /tmp/packetlogs/packetlog.pcap
  • & this is parsed by bash; indicates that the command should be run in the background (asynchronously)

Split the output file into smaller chunks

how to split a pcap file into a set of smaller ones :

tcpdump -r old_file -w new_files -C 10

The “-C” option specifies the size of the file to split into. Eg: In the above case new files size will be 10 million bytes each.

Enjoy ! M.

HP iLO2: Firmware Upgrade Via Webpage Failed

Trying to firmware upgrade HP iLO2 to the latest version results in the error message ‘firmware upgrade via webpage failed’  Using a .bin file via a Windows Server.

Troubleshooting Steps

  • Enabled compatibility mode in IE9, this resulted in Firmware loading to 99% and then timing out
  • Enabled compatibility mode in IE10, again this resulted in Firmware loading to 99% and then timing out
  • Tried using Google Chrome, again this resulted in Firmware loading to 99% and then timing out

Resolution :
It seems strange but the firmware upgrade will work using Mozilla Firefox.  Using this browser results in success.

Greetz, M.

Roundcube fixes (Strict standards: Non-static method PEAR messages)

When running the Roundcube installer, the third step displays lots op ” Strict standards: Non-static method PEAR” error messages on various php files.

To solve this, edit two files:

  • /var/www/webmail/installer/index.php
  • /var/www/webmail/program/include/iniset.php

in both files change the line :

ini_set(‘error_reporting’, E_ALL&~E_NOTICE);

to

ini_set(‘error_reporting’, E_ALL &~ (E_NOTICE | E_STRICT));

save the files and reload the installer page (no need to restart webserver).

regards, M.

Fix date time missing in the menu bar in Ubuntu 14.04

Open a terminal and use the command given below. This is optional and just to make sure that you have the indicator installed already.

sudo apt-get install indicator-datetime

Once we have made sure that the indicator is installed, next step is to reconfigure it:

sudo dpkg-reconfigure --frontend noninteractive tzdata

And the last step is to restart Unity:

sudo killall unity-panel-service

That should be it. Now the date time should be appearing in the top panel.

Greetz, M.

Move or migrate user accounts from old Linux server to a new Linux server

in BASH Shell, CentOS, Debian / Ubuntu

Q. How do I Move or migrate user accounts to from old Linux server a new Cent OS Linux server including mails? This new system a fresh installation.

A. You can migrate users from old Linux server to new Linux sever with standard commands such as tar, awk, scp and others. This is also useful if you are using old Linux distribution such as Redhat 9 or Debian 2.x.

Following files/dirs are required for traditional Linux user management:
* /etc/passwd – contains various pieces of information for each user account
* /etc/shadow – contains the encrypted password information for user’s accounts and optional the password aging information.
* /etc/group – defines the groups to which users belong
* /etc/gshadow – group shadow file (contains the encrypted password for group)
* /var/spool/mail – Generally user emails are stored here.
* /home – All Users data is stored here.

You need to backup all of the above files and directories from old server to new Linux server.
Commands to type on old Linux system

First create a tar ball of old uses (old Linux system). Create a directory:
# mkdir /root/move/

Setup UID filter limit:
# export UGIDLIMIT=1000

Now copy /etc/passwd accounts to /root/move/passwd.mig using awk to filter out system account (i.e. only copy user accounts)
# awk -v LIMIT=$UGIDLIMIT -F: ‘($3>=LIMIT) && ($3!=65534)’ /etc/passwd > /root/move/passwd.mig

Copy /etc/group file:
# awk -v LIMIT=$UGIDLIMIT -F: ‘($3>=LIMIT) && ($3!=65534)’ /etc/group > /root/move/group.mig

Copy /etc/shadow file:
# awk -v LIMIT=$UGIDLIMIT -F: ‘($3>=LIMIT) && ($3!=65534) {print $1}’ /etc/passwd | tee – |egrep -f – /etc/shadow > /root/move/shadow.mig

Copy /etc/gshadow (rarely used):
# cp /etc/gshadow /root/move/gshadow.mig

Make a backup of /home and /var/spool/mail dirs:
# tar -zcvpf /root/move/home.tar.gz /home
# tar -zcvpf /root/move/mail.tar.gz /var/spool/mail

Where,

  • Users that are added to the Linux system always start with UID and GID values of as specified by Linux distribution or set by admin. Limits according to different Linux distro:

RHEL/CentOS/Fedora Core : Default is 500 and upper limit is 65534 (/etc/libuser.conf).

Debian and Ubuntu Linux : Default is 1000 and upper limit is 29999 (/etc/adduser.conf).

  • You should never ever create any new system user accounts on the newly installed Cent OS Linux. So above awk command filter out UID according to Linux distro.
  • export UGIDLIMIT=500 – setup UID start limit for normal user account. Set this value as per your Linux distro.
  • awk -v LIMIT=$UGIDLIMIT -F: ‘($3>=LIMIT) && ($3!=65534)’ /etc/passwd > /root/move/passwd.mig – You need to pass UGIDLIMIT variable to awk using -v option (it assigns value of shell variable UGIDLIMIT to awk program variable LIMIT). Option -F: sets the field separator to : . Finally awk read each line from /etc/passwd, filter out system accounts and generates new file /root/move/passwd.mig. Same logic is applies to rest of awk command.
  • tar -zcvpf /root/move/home.tar.gz /home – Make a backup of users /home dir
  • tar -zcvpf /root/move/mail.tar.gz /var/spool/mail – Make a backup of users mail dir

Use scp or usb pen or tape to copy /root/move to a new Linux system.
# scp -r /root/move/* user@new.linuxserver.com:/path/to/location

Commands to type on new Linux system

First, make a backup of current users and passwords:
# mkdir /root/newsusers.bak
# cp /etc/passwd /etc/shadow /etc/group /etc/gshadow /root/newsusers.bak

Now restore passwd and other files in /etc/
# cd /path/to/location
# cat passwd.mig >> /etc/passwd
# cat group.mig >> /etc/group
# cat shadow.mig >> /etc/shadow
# /bin/cp gshadow.mig /etc/gshadow

Please note that you must use >> (append) and not > (create) shell redirection.

Now copy and extract home.tar.gz to new server /home
# cd /
# tar -zxvf /path/to/location/home.tar.gz

Now copy and extract mail.tar.gz (Mails) to new server /var/spool/mail
# cd /
# tar -zxvf /path/to/location/mail.tar.gz

Now reboot system; when the Linux comes back, your user accounts will work as they did before on old system:
# reboot

Please note that if you are new to Linux perform above commands in a sandbox environment. Above technique can be used to UNIX to UNIX OR UNIX to Linux account migration. You need to make couple of changes but overall the concept remains the same.

Greetz, M.

All the passwords you should change because of Heartbleed (OpenSSL bug)

The Heartbleed security flaw was fixed in the newest version of OpenSSL, but you should still change your passwords on all of the sites affected by the bug.

If you’re still not sure which sites were affected, here’s the perfect chart for you. Major sites ranging from Facebook and Google to Pinterest and Flickr were affected. Luckily, many financial institutions were not.

HeartbleedFor more information about the Heartbleed OpenSSL bug, visit the Heartbleed.com website.

Greetz, M.

Linux Commands In Structured Order with Detailed Reference

Linux command shelf is a quick reference guide for all linux user who wish to learn linux commands. Commands are divided into 15 categories , which would be more easier to understand what commands to be used in specific requirement. – See more at: LinOxide (you can also download Linux command shelf and Linux cheat sheet as a PDF).
Greetz, M.

Ping with timestamp

When running a ping command for a longer time to trace timeouts, it is hard to determine the actual date and time the timeout occurred.

Using a simple Bash script will solve this issue.

#!/bin/bash
while :
do
	ping -c 10 127.0.0.1
	date
done

This will ping the localhost address ten times and then print date and time. After that the script starts over (infinite loop).

Greetz, M.