Tag Archives: debian

Migrate Linux Subsystem from one PC to another

Are you enjoying your favorite Linux distro running within the Windows 10 Linux Subsystem?

Have you configured all nicely?

What happened if you get a new pc and you’d like to migrate your VM across?

This is what happened to me. And looking around, I found this post that gave me this kinda-dirty way, but did work!

After that, I decided to review the steps, and I’ve added these directories in the exclude’s list, to make clearer the process of export/import:

/dev
/proc
/sys
/run
/tmp
/media
/mnt
/var/cache
/var/run

/dev

/proc

/sys

/run

/tmp

/media

/mnt

/var/cache

/var/run

Of course, if you have important data in these folders and you want to move across too, just update the one-liner below accordingly. 😉

On your OLD PC

Open your Linux VM
Get inside your Downloads directory (replace <user> with your username): cd /mnt/c/Users/<user>/Dowloads
Make sure to be root (sudo su -)
Run:
tar -cvpzf backup.tar.gz --exclude=/backup.tar.gz --exclude=/dev --exclude=/proc --exclude=/sys --exclude=/run --exclude=/tmp --exclude=/media --exclude=/mnt --exclude=/var/cache --exclude=/var/run --one-file-system /
NOTE: you could achieve the same using the option --exclude-from=file.txt, and having the list of exclusions in this file. I used a one-liner as it’s quicker to copy and paste.
Once done, close your Linux VM
Verify that you have a new file called backup.tar.bz in Dowloads

On your NEW PC

Install from Microsoft Store the same Linux VM (or reinstall in the same way you have done originally on your old pc)
Copy across your backup.tar.bz within your new Downloads folder
Open the VM that you’ve just installed (minimal setup – this will be completely overwritten, so don’t be bothered too much)
Once you’re inside and your backup.tar.bz is in Download, run the following (replace <user> with your username):
sudo tar -xpzf /mnt/c/Users/<user>/Dowloads/backup.tar.gz -C / --numeric-owner
Ignore the errors
Close and re-open the VM: DONE! 🙂

Happy migration! 😉

Auto mount an encrypted IMG file stored on NFS share

Yes, here we are again.
Now that I have a NAS at home, it’s about time to get rid of all these single USB disks connected to my Raspberry PIs.

I have a share called nfsshare available from my NAS (IP: 192.168.1.10). The full share path is 192.168.1.10:/volume1/nfsshare. My NAS handles NFS version 4.

So, here what I’ve done, to setup my Banana Pro Pi with Armbian based on Debian 10 (buster).

Configure NFS client

First of all, we need to create the mount point where we’re going to access the nfs share (let’s use /nfs) and install the packages for NFS.

mkdir /nfs
apt-get install nfs-common

1 2	mkdir /nfs apt-get install nfs-common

Once done, a minimal tuning of idmapd.conf, if you have defined a domain/workgroup within your network. In this example I’m using mydomain.loc.

sed -i 's/#Domain = local.domain.edu/Domain = mydomain.loc/' /etc/idmapd.conf

1	sed -i 's/#Domain = local.domain.edu/Domain = mydomain.loc/' /etc/idmapd.conf

Update our /etc/fstab file, to make sure it mounts at boot, and test if all works as expected:

192.168.1.10:/volume1/nfsshare /nfs nfs4 auto,_netdev,nofail,noatime,nolock 0 0

1	192.168.1.10:/volume1/nfsshare /nfs nfs4 auto,_netdev,nofail,noatime,nolock 0 0

I have used _netdev to make sure that the system understands that this needs the network up before trying to mount, and, if something goes wrong, the boot continues (nofail). This is very handy on systems without a proper monitor where you rely on ssh connections.

Now, with a simple mount /nfs command, you should be able to get the share mounted. df -Th or mount commands are what I would you to verify.

Cool, we have now the share mounted. Issue a quick shutdown -r now to see if all works as expected. Once your device is back online, ssh into it and check with df -Th or mount commands again. Hopefully, you can see your nfs share mounted to /nfs.

Create and configure your Encrypted “space”

I have already discussed something about encrypted devices in another post. This will be a revised version of the previous post, without custom scripts, but simply using what Debian offers out of the box.

Create an empty IMG file to host our encrypted space

I have decided to create 500GB of encrypted space to store my data. To do so, I did the following:

install the required software for encryption
create a sparsefile (on my /nfs share)
encrypt it
format it (ext4)
setup the auto mount

apt-get install cryptsetup

dd of=/nfs/file_container.img bs=1 count=0 seek=500G

cryptsetup -y luksFormat /nfs/file_container.img
cryptsetup luksOpen /nfs/file_container.img cryptcontainer

mkfs.ext4 -L cryptarchive /dev/mapper/cryptcontainer

apt-get install cryptsetup

dd of=/nfs/file_container.img bs=1 count=0 seek=500G

cryptsetup -y luksFormat /nfs/file_container.img

cryptsetup luksOpen /nfs/file_container.img cryptcontainer

mkfs.ext4 -L cryptarchive /dev/mapper/cryptcontainer

During the above steps, you will be asked to set a passphrase, and use it to open the IMG file. Pretty straight forward, isn’t it?

Cool. Now we have 500GB sparsefile called file_container.img store on our share /nfs ready to be mounted somewhere and utilised.

To make sure we can mount at boot, we need a secret key that we are going to use to decrypt the IMG file without typing any passphrase.

Let’s create this key stored under /root (in this example). You can store wherever you want, as long as it’s accessible before the decryption start. Another good place is /boot.

dd if=/dev/urandom of=/root/keyfile bs=1024 count=4
chmod 0400 /root/keyfile

1 2	dd if=/dev/urandom of=/root/keyfile bs=1024 count=4 chmod 0400 /root/keyfile

Now we need to add this key within the IMG file

cryptsetup luksAddKey /nfs/file_container.img /root/keyfile

1	cryptsetup luksAddKey /nfs/file_container.img /root/keyfile

Next step, is to instruct /etc/crypttab, with the details about our encrypted file and its key.
Just add the following line at the end of /etc/crypttab file.

cryptcontainer /nfs/file_container.img /root/keyfile luks

1	cryptcontainer /nfs/file_container.img /root/keyfile luks

Now, there is a problem. Your OS needs to know that the IMG file isn’t stored locally and has a dependency on the NFS share. In fact, if the OS tries to decrypt the IMG file before mounting the NFS share, it will fail, and you might get stuck in a no-end booting, forcing sometimes to get your mini monitor for troubleshooting, a spare keyboard and anti-human positions to reach your small Pi etc etc… basically, a nightmare!

So, here a trick that seems working.
In Debian, there is a file called /etc/default/cryptdisks
Within this file, we are going to make sure that CRYPTDISKS_ENABLE is set to yes and CRYPTDISKS_MOUNT is set to our NFS mount (/nfs). In this way, the service that handles the encryption/decription will wait for /nfs mounted before starting.
IMPORTANT: this must be a mountpoint within /etc/fstab

Here the content of my /etc/default/cryptdisks file

# Run cryptdisks initscripts at startup? Default is Yes.
CRYPTDISKS_ENABLE=Yes

# Mountpoints to mount, before cryptsetup is invoked at initscripts. Takes
# mountpoins which are configured in /etc/fstab as arguments. Separate
# mountpoints by space.
# This is useful for keyfiles on removable media. Default is unset.
CRYPTDISKS_MOUNT="/nfs"

# Default check script. Takes effect, if the 'check' option is set in crypttab
# without a value.
CRYPTDISKS_CHECK=blkid

# Run cryptdisks initscripts at startup? Default is Yes.

CRYPTDISKS_ENABLE=Yes

# Mountpoints to mount, before cryptsetup is invoked at initscripts. Takes

# mountpoins which are configured in /etc/fstab as arguments. Separate

# mountpoints by space.

# This is useful for keyfiles on removable media. Default is unset.

CRYPTDISKS_MOUNT="/nfs"

# Default check script. Takes effect, if the 'check' option is set in crypttab

# without a value.

CRYPTDISKS_CHECK=blkid

Amazing! Now, just the last bit: update /etc/fstab with the reference of our device. Because now we have setup all the necessary to open the encrypted IMG file and associate it to a mountable device. But we haven’t mounted it yet!

Create the mount point:

mkdir /cryptoarchive

1	mkdir /cryptoarchive

Update /etc/fstab, appending this line:

/dev/mapper/cryptcontainer /cryptoarchive ext4 defaults,nofail 0 2

1	/dev/mapper/cryptcontainer /cryptoarchive ext4 defaults,nofail 0 2

Again, the nofail, as for the NFS share, to avoid the boot process to get stuck in case of errors, and allow you to ssh into the device and troubleshoot.

Now we’re ready to try a mount /cryptoarchive, a df -Th and mount checks, and also a shutdown -r now, to verify that the NFS share gets mounted and the IMG encrypted disk mounted and available too.

Happy playing! 😉

Fail2ban Debian 9

Scratch pad with conf files to configure Fail2ban on Debian 9

This setup will configure Fail2ban to monitor SSH and keep track of the bad guys. Every time an IP gets banned, it will be stored in /etc/fail2ban/ip.blacklist .
This files gets processed every time Fail2ban restarts.
A cron will sanitise the file daily.

HOW TO

1) Create a custom action file: /etc/fail2ban/action.d/iptables-allports-CUSTOM.conf

# Fail2Ban configuration file

[INCLUDES]

before = iptables-common.confhttps://docs.google.com/document/d/1DjP5z7tvkaMWJMZXVAnMOCgfynfQNHvRkqJyxQdEB84/edit?usp=sharing


[Definition]

# Option:  actionstart
# Notes.:  command executed once at the start of Fail2Ban.
# Values:  CMD
#
actionstart = <iptables> -N f2b-<name>
              <iptables> -A f2b-<name> -j <returntype>
              <iptables> -I <chain> -p <protocol> -j f2b-<name>
              # Persistent banning of IPs
              cat /etc/fail2ban/ip.blacklist | grep -v ^\s*#|awk '{print $1}' | while read IP; do <iptables> -I f2b-<name> 1 -s $IP -j DROP; done

# Option:  actionstop
# Notes.:  command executed once at the end of Fail2Ban
# Values:  CMD
#
actionstop = <iptables> -D <chain> -p <protocol> -j f2b-<name>
             <iptables> -F f2b-<name>
             <iptables> -X f2b-<name>

# Option:  actioncheck
# Notes.:  command executed once before each actionban command
# Values:  CMD
#
actioncheck = <iptables> -n -L <chain> | grep -q 'f2b-<name>[ \t]'

# Option:  actionban
# Notes.:  command executed when banning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    See jail.conf(5) man page
# Values:  CMD
#
actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>
            # Persistent banning of IPs
            echo '<ip>' >> /etc/fail2ban/ip.blacklist

# Option:  actionunban
# Notes.:  command executed when unbanning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    See jail.conf(5) man page
# Values:  CMD
#
actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype>

[Init]

# Fail2Ban configuration file

[INCLUDES]

before = iptables-common.confhttps://docs.google.com/document/d/1DjP5z7tvkaMWJMZXVAnMOCgfynfQNHvRkqJyxQdEB84/edit?usp=sharing

[Definition]

# Option: actionstart

# Notes.: command executed once at the start of Fail2Ban.

# Values: CMD

actionstart = <iptables> -N f2b-<name>

# Persistent banning of IPs

cat /etc/fail2ban/ip.blacklist | grep -v ^\s*#|awk '{print $1}' | while read IP; do <iptables> -I f2b-<name> 1 -s $IP -j DROP; done

# Option: actionstop

# Notes.: command executed once at the end of Fail2Ban

# Values: CMD

actionstop = <iptables> -D <chain> -p <protocol> -j f2b-<name>

# Option: actioncheck

# Notes.: command executed once before each actionban command

# Values: CMD

actioncheck = <iptables> -n -L <chain> | grep -q 'f2b-<name>[ \t]'

# Option: actionban

# Notes.: command executed when banning an IP. Take care that the

# command is executed with Fail2Ban user rights.

# Tags: See jail.conf(5) man page

# Values: CMD

actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>

# Persistent banning of IPs

echo '<ip>' >> /etc/fail2ban/ip.blacklist

# Option: actionunban

# Notes.: command executed when unbanning an IP. Take care that the

# command is executed with Fail2Ban user rights.

# Tags: See jail.conf(5) man page

# Values: CMD

actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype>

[Init]

2) Create /etc/fail2ban/jail.local

# Fail2Ban custom configuration file.


[DEFAULT]

# "ignoreip" can be an IP address, a CIDR mask or a DNS host
ignoreip = 127.0.0.1 192.168.1.0/24 192.168.2.0/24

# Ban forever => -1
#bantime=-1

# Ban 3 days => 259200
bantime = 259200 

# A host is banned if it has generated "maxretry" during the last "findtime" seconds.
findtime = 30

banaction = iptables-allports-CUSTOM

[sshd]
enabled = true
filter = sshd
logfile = /var/log/auth.log
maxretry = 3

# Fail2Ban custom configuration file.

[DEFAULT]

# "ignoreip" can be an IP address, a CIDR mask or a DNS host

ignoreip = 127.0.0.1 192.168.1.0/24 192.168.2.0/24

# Ban forever => -1

#bantime=-1

# Ban 3 days => 259200

bantime = 259200

# A host is banned if it has generated "maxretry" during the last "findtime" seconds.

findtime = 30

banaction = iptables-allports-CUSTOM

[sshd]

enabled = true

filter = sshd

logfile = /var/log/auth.log

maxretry = 3

3) Remove the default debian jail configuration (is integrated in the above custom jail.local file):

rm -f /etc/fail2ban/jail.d/defaults-debian.conf

1	rm -f /etc/fail2ban/jail.d/defaults-debian.conf

4) Set this cron:

# Daily rotate of ip.blacklist
0 20 * * * tail -100 /etc/fail2ban/ip.blacklist | sort | uniq > /tmp/ip.blacklist ; cat /tmp/ip.blacklist > /etc/fail2ban/ip.blacklist ; rm -f /tmp/ip.blacklist > /dev/null 2>&1

1 2	# Daily rotate of ip.blacklist 0 20 * * * tail -100 /etc/fail2ban/ip.blacklist \| sort \| uniq > /tmp/ip.blacklist ; cat /tmp/ip.blacklist > /etc/fail2ban/ip.blacklist ; rm -f /tmp/ip.blacklist > /dev/null 2>&1

5) Run the cron manually once, just to be sure all works AND to have an empty file

6) Restart Fail2ban … and good luck 😉

Automatic Updates on Raspberry Pi

How to configure automatic updates on your raspberry pi and make sure it reboots in the night (if required)

apt-get install unattended-upgrades apt-listchanges

sed -i 's/^\/\/      "o=Raspbian,n=jessie"/      "o=Raspbian,n=jessie"/g' /etc/apt/apt.conf.d/50unattended-upgrades
sed -i 's/^\/\/Unattended-Upgrade::Mail "root";/Unattended-Upgrade::Mail "root";/g' /etc/apt/apt.conf.d/50unattended-upgrades
sed -i 's/^\/\/Unattended-Upgrade::Automatic-Reboot "false";/Unattended-Upgrade::Automatic-Reboot "true";/g' /etc/apt/apt.conf.d/50unattended-upgrades
sed -i 's/^\/\/Unattended-Upgrade::Automatic-Reboot-Time "02:00";/Unattended-Upgrade::Automatic-Reboot-Time "02:00";/g' /etc/apt/apt.conf.d/50unattended-upgrades

tee /etc/apt/apt.conf.d/20auto-upgrades > /dev/null <<EOF
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
EOF

apt-get install unattended-upgrades apt-listchanges

sed -i 's/^\/\/ "o=Raspbian,n=jessie"/ "o=Raspbian,n=jessie"/g' /etc/apt/apt.conf.d/50unattended-upgrades

sed -i 's/^\/\/Unattended-Upgrade::Mail "root";/Unattended-Upgrade::Mail "root";/g' /etc/apt/apt.conf.d/50unattended-upgrades

sed -i 's/^\/\/Unattended-Upgrade::Automatic-Reboot "false";/Unattended-Upgrade::Automatic-Reboot "true";/g' /etc/apt/apt.conf.d/50unattended-upgrades

sed -i 's/^\/\/Unattended-Upgrade::Automatic-Reboot-Time "02:00";/Unattended-Upgrade::Automatic-Reboot-Time "02:00";/g' /etc/apt/apt.conf.d/50unattended-upgrades

tee /etc/apt/apt.conf.d/20auto-upgrades > /dev/null <<EOF

APT::Periodic::Update-Package-Lists "1";

APT::Periodic::Unattended-Upgrade "1";

EOF

Check the next day the log /var/log/unattended-upgrades/unattended-upgrades.log to see if it worked 🙂

Source: here

Improve/Ubuntu-like Font Rendering in Debian using Infinality Font

/etc/apt/sources.list

#Infinality Fonts
deb http://ppa.launchpad.net/no1wantdthisname/ppa/ubuntu saucy main

apt-get install fontconfig-infinality

cd /etc/fonts/infinality/
bash infctl.sh setstyle

chose 3 (i.e. linux).

In /etc/profile.d/infinality-settings.sh --> search for “USE_STYLE” or scroll (around line 710) till you see the option to set the style => USE_STYLE=”UBUNTU”


Settings -> Appearance.

    Tick the checkbox to Enable anti-aliasing
    Set Sub-pixel order to RGB
    Set Hinting to Slight


======================================

Personally installed before also: cabextract fonts-liberation ttf-mscorefonts-installer


======================================

Other fonts:

1) Install pretty fonts (you'll need non-free for mscorefonts): apt-get install ttf-dejavu ttf-liberation ttf-mscorefonts-installer xfonts-terminus
2) dpkg-reconfigure fontconfig-config, select Autohinter, Automatic and No
3) dpkg-reconfigure fontconfig
4) Restart Xorg
5) Gnome-specific (these are largely personal preferences): System -> Preferences -> Appearances -> Fonts: Enable 'Best Shapes', Details -> Dots per Inch: 110, Smoothing -> Grayscale

======================================

/etc/apt/sources.list

#Infinality Fonts

deb http://ppa.launchpad.net/no1wantdthisname/ppa/ubuntu saucy main

apt-get install fontconfig-infinality

cd /etc/fonts/infinality/

bash infctl.sh setstyle

chose 3 (i.e. linux).

In /etc/profile.d/infinality-settings.sh --> search for “USE_STYLE” or scroll (around line 710) till you see the option to set the style => USE_STYLE=”UBUNTU”

Settings -> Appearance.

Tick the checkbox to Enable anti-aliasing

Set Sub-pixel order to RGB

Set Hinting to Slight

======================================

Personally installed before also: cabextract fonts-liberation ttf-mscorefonts-installer

======================================

Other fonts:

1) Install pretty fonts (you'll need non-free for mscorefonts): apt-get install ttf-dejavu ttf-liberation ttf-mscorefonts-installer xfonts-terminus

2) dpkg-reconfigure fontconfig-config, select Autohinter, Automatic and No

3) dpkg-reconfigure fontconfig

4) Restart Xorg

5) Gnome-specific (these are largely personal preferences): System -> Preferences -> Appearances -> Fonts: Enable 'Best Shapes', Details -> Dots per Inch: 110, Smoothing -> Grayscale

======================================

Source: http://linuxpanda.wordpress.com/2014/03/14/improve-ubuntu-like-font-rendering-in-debian-using-infinality-font/

Dynamic MOTD on Debian

Here a simple script that setup a dynamic MOTD message ‘ubuntu-like’ on Debian servers:

#!/bin/bash

# Script to install Dynamic MOTD on Debian servers

# This version uses figlet

if [[ $EUID -ne 0 ]]; then
   echo "This script must be run as root or using sudo"
   exit 1
fi

if [ ! -f /etc/debian_version ] ; then
   echo "This script can run ONLY on Debian OS"
   exit 1
fi

# Install required packages:
# - figlet: ASCII art for hostname
# - lsb-release: get distro details (fallback)
apt-get install figlet lsb-release

# Backup MOTD file
mv -f /etc/motd{,.ORIG}

# Symlink dynamic MOTD file
ln -s /var/run/motd /etc/motd

# Create dynamic motd environment
mkdir /etc/update-motd.d/
cd /etc/update-motd.d/

cat <<'EOF' > 00-header
#!/bin/sh
#
#    00-header - create the header of the MOTD
#
[ -r /etc/os-release ] && . /etc/os-release
OS=$PRETTY_NAME

if [ -z "$OS" ] && [ -x /usr/bin/lsb_release ]; then
        OS=$(lsb_release -s -d)
fi

figlet -f slant $(hostname)
printf "\n"
printf "\t- %s\n\t- OS version %s\n\t- Kernel %s\n" "$OS" "$(cat /etc/debian_version)" "$(uname -r)"
printf "\n"
EOF

cat <<'EOF' > 10-sysinfo
#!/bin/bash
#
#    10-sysinfo - generate the system information
#
date=`date`
load=`cat /proc/loadavg | awk '{print $1}'`
root_usage=`df -h / | awk '/\// {print $(NF-1)}'`
home_usage=`df -h /home | awk '/\// {print $(NF-1)}'`
memory_usage=`free -m | awk 'NR==2{printf "%.2f%%\n", $3*100/$2 }'`
swap_usage=`free -m | awk '/Swap/ { printf("%3.1f%%", "exit !$2;$3/$2*100") }'`
users=`users | wc -w`
time=`uptime | grep -ohe 'up .*' | sed 's/,/\ hours/g' | awk '{ printf $2" "$3 }'`
processes=`ps aux | wc -l`
ip=`ifconfig $(route -n | grep '^0.0.0.0' | awk '{ print $8 }') | grep "inet addr" | awk -F: '{print $2}' | awk '{print $1}'`


printf "System information as of %s\n\n" "$date"
printf "IP Address:\t%s\tSystem uptime:\t%s\n" "$ip" "$time"
printf "System load:\t%s\tProcesses:\t%s\n" "$load" "$processes"
printf "RAM used:\t%s\tSwap used:\t%s\n" "$memory_usage" "$swap_usage"
printf "Usage on /:\t%s\tUsage on /home:\t%s\n" "$root_usage" "$home_usage"
printf "Local Users:\t%s\tProcesses:\t%s\n" "$users" "$processes"
EOF


cat <<'EOF' > 90-footer
#!/bin/sh
#
#    90-footer - write the admin's footer to the MOTD
#
[ -f /etc/motd.tail ] && cat /etc/motd.tail || true
EOF


chmod +x /etc/update-motd.d/*

clear
echo "Installation completed. Please logout and login again to test."

#!/bin/bash

# Script to install Dynamic MOTD on Debian servers

# This version uses figlet

if [[ $EUID -ne 0 ]]; then

echo "This script must be run as root or using sudo"

exit 1

if [ ! -f /etc/debian_version ] ; then

echo "This script can run ONLY on Debian OS"

exit 1

# Install required packages:

# - figlet: ASCII art for hostname

# - lsb-release: get distro details (fallback)

apt-get install figlet lsb-release

# Backup MOTD file

mv -f /etc/motd{,.ORIG}

# Symlink dynamic MOTD file

ln -s /var/run/motd /etc/motd

# Create dynamic motd environment

mkdir /etc/update-motd.d/

cd /etc/update-motd.d/

cat <<'EOF' > 00-header

#!/bin/sh

# 00-header - create the header of the MOTD

[ -r /etc/os-release ] && . /etc/os-release

OS=$PRETTY_NAME

if [ -z "$OS" ] && [ -x /usr/bin/lsb_release ]; then

OS=$(lsb_release -s -d)

figlet -f slant $(hostname)

printf "\n"

printf "\t- %s\n\t- OS version %s\n\t- Kernel %s\n" "$OS" "$(cat /etc/debian_version)" "$(uname -r)"

printf "\n"

EOF

cat <<'EOF' > 10-sysinfo

#!/bin/bash

# 10-sysinfo - generate the system information

date=`date`

load=`cat /proc/loadavg | awk '{print $1}'`

root_usage=`df -h / | awk '/\// {print $(NF-1)}'`

home_usage=`df -h /home | awk '/\// {print $(NF-1)}'`

memory_usage=`free -m | awk 'NR==2{printf "%.2f%%\n", $3*100/$2 }'`

swap_usage=`free -m | awk '/Swap/ { printf("%3.1f%%", "exit !$2;$3/$2*100") }'`

users=`users | wc -w`

time=`uptime | grep -ohe 'up .*' | sed 's/,/\ hours/g' | awk '{ printf $2" "$3 }'`

processes=`ps aux | wc -l`

ip=`ifconfig $(route -n | grep '^0.0.0.0' | awk '{ print $8 }') | grep "inet addr" | awk -F: '{print $2}' | awk '{print $1}'`

printf "System information as of %s\n\n" "$date"

printf "IP Address:\t%s\tSystem uptime:\t%s\n" "$ip" "$time"

printf "System load:\t%s\tProcesses:\t%s\n" "$load" "$processes"

printf "RAM used:\t%s\tSwap used:\t%s\n" "$memory_usage" "$swap_usage"

printf "Usage on /:\t%s\tUsage on /home:\t%s\n" "$root_usage" "$home_usage"

printf "Local Users:\t%s\tProcesses:\t%s\n" "$users" "$processes"

EOF

cat <<'EOF' > 90-footer

#!/bin/sh

# 90-footer - write the admin's footer to the MOTD

[ -f /etc/motd.tail ] && cat /etc/motd.tail || true

EOF

chmod +x /etc/update-motd.d/*

clear

echo "Installation completed. Please logout and login again to test."

If you are running CentOS7, here the how to for that OS.

Banana Pi Pro – WLAN configuration

Add ‘ap6210‘ to /etc/modules to enable WiFi, and use modprobe ap6210 to force load the module.

Check dmesg to see if all has been loaded correctly. If not, reboot and check again.

dmesg|grep WLAN

1	dmesg\|grep WLAN

Install the required packages:

apt-get install wireless-tools iw wpasupplicant

1	apt-get install wireless-tools iw wpasupplicant

Modify /etc/network/interfaces

# Dinamic IP:
auto wlan0
allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-ap-scan 1
wpa-scan-ssid 1
wpa-ssid "WIFI_NETWORK_NAME"
wpa-psk "WLAN-KEY"

# Static IP:
auto wlan0
allow-hotplug wlan0
iface wlan0 inet static
address 192.168.xx.yy
netmask 255.255.255.0
gateway 192.168.0.1
wpa-ap-scan 1
wpa-scan-ssid 1
wpa-ssid "WIFI_NETWORK_NAME"
wpa-psk "WLAN-KEY"

# Dinamic IP:

auto wlan0

allow-hotplug wlan0

iface wlan0 inet dhcp

wpa-ap-scan 1

wpa-scan-ssid 1

wpa-ssid "WIFI_NETWORK_NAME"

wpa-psk "WLAN-KEY"

# Static IP:

auto wlan0

allow-hotplug wlan0

iface wlan0 inet static

address 192.168.xx.yy

netmask 255.255.255.0

gateway 192.168.0.1

wpa-ap-scan 1

wpa-scan-ssid 1

wpa-ssid "WIFI_NETWORK_NAME"

wpa-psk "WLAN-KEY"

Bring the interface up:

ifconfig wlan0 up

1 2	ifconfig wlan0 up

Source: http://oyox.de/882-wlan-auf-bananian-banana-pi-einrichten/

Nagios3 and Lighttpd

This guide will explain how to install Nagios3 on a machine with Debian and Lighttpd webserver.

If you haven’t installed Lighttpd yet, please follow this tutorial.

Install Nagios server

Now, let’s install Nagios.

apt-get install nagios3 nagios-plugins nagios-nrpe-plugin

1	apt-get install nagios3 nagios-plugins nagios-nrpe-plugin

This will automatically install all the required dependencies.

Enable check_external_commands in /etc/nagios3/nagios.cfg

check_external_commands=1

1	check_external_commands=1

Add www-data in nagios’ group:

usermod -a -G nagios www-data

1	usermod -a -G nagios www-data

And fix some permission issues to avoid some errors like “error: Could not stat() command file”

chmod g+x /var/lib/nagios3/rw

1	chmod g+x /var/lib/nagios3/rw

Let’s configure a bit Lighttpd.
Make sure cgi and php modules are enabled.

Then, create a new conf file and enable it:

vim /etc/lighttpd/conf-available/10-nagios3.conf

1	vim /etc/lighttpd/conf-available/10-nagios3.conf

# Nagios3
 
alias.url =     (
                "/cgi-bin/nagios3" =&gt; "/usr/lib/cgi-bin/nagios3",
                "/nagios3/cgi-bin" =&gt; "/usr/lib/cgi-bin/nagios3",
                "/nagios3/stylesheets" =&gt; "/etc/nagios3/stylesheets",
                "/nagios3" =&gt; "/usr/share/nagios3/htdocs"
                )
 
$HTTP["url"] =~ "^/nagios3/cgi-bin" {
        cgi.assign = ( "" =&gt; "" )
}
 
$HTTP["url"] =~ "nagios" {
        auth.backend = "htpasswd"
        auth.backend.htpasswd.userfile = "/etc/nagios3/htpasswd.users"
        auth.require = ( "" =&gt; (
                "method" =&gt; "basic",
                "realm" =&gt; "nagios",
                "require" =&gt; "user=nagiosadmin"
                )
        )
        setenv.add-environment = ( "REMOTE_USER" =&gt; "user" )
}

# Nagios3

alias.url = (

"/cgi-bin/nagios3" => "/usr/lib/cgi-bin/nagios3",

"/nagios3/cgi-bin" => "/usr/lib/cgi-bin/nagios3",

"/nagios3/stylesheets" => "/etc/nagios3/stylesheets",

"/nagios3" => "/usr/share/nagios3/htdocs"

)

$HTTP["url"] =~ "^/nagios3/cgi-bin" {

cgi.assign = ( "" => "" )

}

$HTTP["url"] =~ "nagios" {

auth.backend = "htpasswd"

auth.backend.htpasswd.userfile = "/etc/nagios3/htpasswd.users"

auth.require = ( "" => (

"method" => "basic",

"realm" => "nagios",

"require" => "user=nagiosadmin"

)

setenv.add-environment = ( "REMOTE_USER" => "user" )

}

lighttpd-enable-mod nagios3

1	lighttpd-enable-mod nagios3

Let’s apply the changes:

/etc/init.d/lighttpd force-reload

1	/etc/init.d/lighttpd force-reload

We need to setup the “nagiosadmin” password:

htpasswd -c /etc/nagios3/htpasswd.users nagiosadmin

1	htpasswd -c /etc/nagios3/htpasswd.users nagiosadmin

Now, open your browser and digit http://yourserver/nagios3
Insert username: nagiosadmin and the password you’ve just chosen… and voila`… 🙂

And now we have installed our nagios server. As you can see, it’s currently monitoring itself.

But what about the other hosts in the network?

Adding hosts

Host configuration

To let our Nagios server to monitor other hosts, we need to follow these steps on any client we want to add:

apt-get install -y nagios-plugins nagios-nrpe-server

1	apt-get install -y nagios-plugins nagios-nrpe-server

Once completed, we need to add the IP of our monitoring host in /etc/nagios/nrpe.cfg under allowed_hosts=xxx.xxx.xxx.xxx.

Also, add this line in /etc/nagios/nrpe_local.cfg:

command[check_all_disks]=/usr/lib/nagios/plugins/check_disk -w '20%' -c '10%' -e -A

1	command[check_all_disks]=/usr/lib/nagios/plugins/check_disk -w '20%' -c '10%' -e -A

This will be used from our monitor server to query nrpe and provide info about ALL the disks.
You can use also -I flag to exclude a specific path. For example on my Time Capsule Pi, I’ve used the following line, to exclude the mount point “TimeMachine” from the checks:

command[check_all_disks]=/usr/lib/nagios/plugins/check_disk -w '20%' -c '10%' -e -A -I '/TimeMachine/*

1	command[check_all_disks]=/usr/lib/nagios/plugins/check_disk -w '20%' -c '10%' -e -A -I '/TimeMachine/*

Monitoring configuration for new host

Now back to our Nagios monitoring machine
In /etc/nagios3/conf.d create a file called for example host1_nagios2.cfg and add the following basic services (add/remove/modify based on your local configuration):

define host{
        use             generic-host
        host_name       host1
        alias           host1
        address         xxx.xxx.xxx.xxx
}

define service{
        use                     generic-service
        host_name               host1
        service_description     Current Load
        check_command           check_nrpe_1arg!check_load
}

define service{
        use                     generic-service
        host_name               host1
        service_description     Current Users
        check_command           check_nrpe_1arg!check_users
}
define service{
        use                     generic-service
        host_name               host1
        service_description     Disk Space
        check_command           check_nrpe_1arg!check_all_disks
}
define service{
        use                     generic-service
        host_name               host1
        service_description     Total Processes
        check_command           check_nrpe_1arg!check_total_procs
}

define host{

use generic-host

host_name host1

alias host1

address xxx.xxx.xxx.xxx

}

define service{

use generic-service

host_name host1

service_description Current Load

check_command check_nrpe_1arg!check_load

}

define service{

use generic-service

host_name host1

service_description Current Users

check_command check_nrpe_1arg!check_users

}

define service{

use generic-service

host_name host1

service_description Disk Space

check_command check_nrpe_1arg!check_all_disks

}

define service{

use generic-service

host_name host1

service_description Total Processes

check_command check_nrpe_1arg!check_total_procs

}

Also, you can add the new host host1 to be part of any related groups, modifying /etc/nagios3/conf.d/hostgroups_nagios2.cfg

For example, we can add it to debian-servers and ssh-servers groups. This will automatically get some checks like SSH.

# Some generic hostgroup definitions

# A simple wildcard hostgroup
define hostgroup
        hostgroup_name  all
		alias           All Servers
		members         *
        }

# A list of your Debian GNU/Linux servers
define hostgroup {
        hostgroup_name  debian-servers
		alias           Debian GNU/Linux Servers
		members         localhost,host1
        }

# A list of your web servers
define hostgroup {
        hostgroup_name  http-servers
		alias           HTTP servers
		members         localhost
        }

# A list of your ssh-accessible servers
define hostgroup {
        hostgroup_name  ssh-servers
		alias           SSH servers
		members         localhost,host1
        }

# Some generic hostgroup definitions

# A simple wildcard hostgroup

define hostgroup

hostgroup_name all

alias All Servers

members *

}

# A list of your Debian GNU/Linux servers

define hostgroup {

hostgroup_name debian-servers

alias Debian GNU/Linux Servers

members localhost,host1

}

# A list of your web servers

define hostgroup {

hostgroup_name http-servers

alias HTTP servers

members localhost

}

# A list of your ssh-accessible servers

define hostgroup {

hostgroup_name ssh-servers

alias SSH servers

members localhost,host1

}

Sources:
http://zeldor.biz/2010/11/nagios3-with-lighttpd/comment-page-1/
https://www.digitalocean.com/community/articles/how-to-install-nagios-on-ubuntu-12-10
http://cloud101.eu/blog/2012/03/01/setting-up-nagios-on-debian-or-ubuntu/
http://technosophos.com/2010/01/13/nagios-fixing-error-could-not-stat-command-file-debian.html

VIM as default editor in Debian/Ubuntu

This command will allow you to change the default editor in your Debian/Ubuntu machine

update-alternatives --config editor

1	update-alternatives --config editor

Lighttpd and virtualhosts

Here a quick how to, about how to configure Lighttpd to run with Virtualhosts.
This has been installed and tested on a Raspberry Pi.

apt-get install lighttpd php5 php5-cgi

1	apt-get install lighttpd php5 php5-cgi

Enable modules:

lighttpd-enable-mod auth cgi fastcgi fastcgi-php nagios3 simple-vhost ssl status

1	lighttpd-enable-mod auth cgi fastcgi fastcgi-php nagios3 simple-vhost ssl status

Content of /etc/lighttpd/lighttpd.conf

server.modules = (
        "mod_access",
        "mod_alias",
        "mod_compress",
        "mod_redirect",
#       "mod_rewrite",
)

server.document-root        = "/var/www"
server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
server.errorlog             = "/var/log/lighttpd/error.log"
server.pid-file             = "/var/run/lighttpd.pid"
server.username             = "www-data"
server.groupname            = "www-data"
server.port                 = 80


index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
url.access-deny             = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

compress.cache-dir          = "/var/cache/lighttpd/compress/"
compress.filetype           = ( "application/javascript", "text/css", "text/html", "text/plain" )

# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.assign.pl"
include_shell "/usr/share/lighttpd/include-conf-enabled.pl"

server.modules = (

"mod_access",

"mod_alias",

"mod_compress",

"mod_redirect",

# "mod_rewrite",

)

server.document-root = "/var/www"

server.upload-dirs = ( "/var/cache/lighttpd/uploads" )

server.errorlog = "/var/log/lighttpd/error.log"

server.pid-file = "/var/run/lighttpd.pid"

server.username = "www-data"

server.groupname = "www-data"

server.port = 80

index-file.names = ( "index.php", "index.html", "index.lighttpd.html" )

url.access-deny = ( "~", ".inc" )

static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

compress.cache-dir = "/var/cache/lighttpd/compress/"

compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )

# default listening port for IPv6 falls back to the IPv4 port

include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port

include_shell "/usr/share/lighttpd/create-mime.assign.pl"

include_shell "/usr/share/lighttpd/include-conf-enabled.pl"

To easily manage virtual hosts, edit /etc/lighttpd/conf-available/10-simple-vhost.conf

server.modules += ( "mod_simple_vhost" )
simple-vhost.server-root = "/var/www/vhost"
simple-vhost.default-host = "error.default.loc"
simple-vhost.document-root = "/"

server.modules += ( "mod_simple_vhost" )

simple-vhost.server-root = "/var/www/vhost"

simple-vhost.default-host = "error.default.loc"

simple-vhost.document-root = "/"

This configuration above will allow you to manage your virutalhosts simply storing them in a folder under /var/www/vhost
No extra configuration is needed from the server side.
Simply go into /var/www/vhost and create a folder named as the virtualhost you would like to manage.
In this particular case, please make sure to have a folder called error.default.loc with a page inside which will be displayed in case of ANY error.
For example, if you want to manage mysite.example.com, simply do the following:

cd /var/www/vhost
mkdir mysite.example.com
chown www-data:www-data mysite.example.com

cd /var/www/vhost

mkdir mysite.example.com

chown www-data:www-data mysite.example.com

…and put the html/php files inside that new folder! 🙂

To test if our webserver works, you can always use curl command as explained here.

My notepad

Chris' IT notes…

Tag Archives: debian

Migrate Linux Subsystem from one PC to another

On your OLD PC

On your NEW PC

Auto mount an encrypted IMG file stored on NFS share

Configure NFS client

Create and configure your Encrypted “space”

Create an empty IMG file to host our encrypted space

Fail2ban Debian 9

HOW TO

Automatic Updates on Raspberry Pi

Improve/Ubuntu-like Font Rendering in Debian using Infinality Font

Dynamic MOTD on Debian

Banana Pi Pro – WLAN configuration

Nagios3 and Lighttpd

Install Nagios server

Adding hosts

Host configuration

Monitoring configuration for new host

VIM as default editor in Debian/Ubuntu

Lighttpd and virtualhosts