Category: Linux

Categories
Linux

Writing multiple lines of code to a file in linux

Sometimes it’s needed to create multiple files, repeatadly with linux. This should work with any of the major distros: CentOS, Ubuntu, Fedora, Debian, etc.

This also assumes the file does not exist already, if it does exist, it will append this info to the end of the file that already exists.

cat >> ifcfg-eth0 << EOF
TYPE=Ethernet
DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
EOF

You can now type cat ifcfg-eth0 and it will output the 4 lines above.

If that is not to your liking, you could always use something like echo with append statements. Like this:

echo "TYPE=Ethernet" >> ifcfg-eth0
echo "DEVICE=eth0" >> ifcfg-eth0
echo "BOOTPROTO=none" >> ifcfg-eth0
echo "ONBOOT=yes" >> ifcfg-eth0

The >> option appends the echo information into a file name. But if you do > it will overwrite all lines in the file.

Enjoy!

Categories
Linux

CentOS 7 multiple VLANs on one interface

OK, so this was something I needed to do with CentOS 6: https://vivithemage.com/2014/08/08/centos-6-multiple-vlans-with-one-eth-device/

This is how to do it in CentOS 7. There are some slight changes required compared to CentOS 6, but they’re nominal. It’s possible it will work for CentOS 8, but it is untested. Where there is a command like vi bla/bla/file you will enter the following information in the line. 

vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.default.accept_source_route = 1
net.ipv4.conf.all.accept_source_route = 1

cd /etc/sysconfig/network-scripts/

vi ifcfg-em1
TYPE=Ethernet
DEVICE=em1
BOOTPROTO=none
ONBOOT=yes

vi ifcfg-em1.29
DEVICE=em1.29
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.119.161.2
PREFIX=24
NETWORK=192.119.161.0
GATEWAY=192.119.161.1
VLAN=yes
ARPCHECK=no
NM_CONTROLLED=no

vi ifcfg-em1.33
DEVICE=em1.33
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.119.165.2
PREFIX=24
GATEWAY=192.119.165.1
NETWORK=192.119.165.0
VLAN=yes
ARPCHECK=no
NM_CONTROLLED=no

vi ifcfg-em1.35
DEVICE=em1.35
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.119.167.2
PREFIX=24
NETWORK=192.119.167.0
GATEWAY=192.119.167.1
VLAN=yes
ARPCHECK=no
NM_CONTROLLED=no

vi ifcfg-em1.29-range
IPADDR_START=192.119.161.3
IPADDR_END=192.119.161.254
PREFIX=24
CLONENUM_START=3
ARPCHECK=no

vi ifcfg-em1.33-range
IPADDR_START=192.119.165.3
IPADDR_END=192.119.165.254
NETMASK=255.255.255.0
CLONENUM_START=254
ARPCHECK=no

vi ifcfg-em1.35-range
IPADDR_START=192.119.167.3
IPADDR_END=192.119.167.254
NETMASK=255.255.255.0
CLONENUM_START=506
ARPCHECK=no

echo ‘default via 192.119.161.1 dev em1.29 table 1’ > route-em1.29
echo ‘default via 192.119.165.1 dev em1.33 table 2’ > route-em1.33
echo ‘default via 192.119.167.1 dev em1.35 table 3’ > route-em1.35
echo ‘from 192.119.161.2 tab 1 priority 500’ > rule-em1.29
echo ‘from 192.119.165.2 tab 2 priority 501’ > rule-em1.33
echo ‘from 192.119.167.2 tab 3 priority 502’ > rule-em1.35
echo ‘from 192.119.161.0/24 table 1’ >> rule-em1.29
echo ‘from 192.119.165.0/24 table 2’ >> rule-em1.33
echo ‘from 192.119.167.0/24 table 3’ >> rule-em1.35
THIS WORKS FOR TESTING
ip route add default via 192.119.161.1 dev em1.29 table 1
ip route add default via 192.119.165.1 dev em1.33 table 2
ip route add default via 192.119.167.1 dev em1.35 table 3
ip rule add from 192.119.161.2 tab 1 priority 500
ip rule add from 192.119.165.2 tab 2 priority 501
ip rule add from 192.119.167.2 tab 3 priority 502
ip rule add from 192.119.161.0/24 table 1
ip rule add from 192.119.165.0/24 table 2
ip rule add from 192.119.167.0/24 table 3
THIS IS REQUIRED TO PING DURING TEST – THIS ONE WIL NOT SUSTAIN REBOOT
ip route add default via 198.50.31.1
## THIS WILL SUSTAIN REBOOT – ONLY NEEDED FOR TESTING
echo 'default via 198.50.31.1' > route-em1.15
### END TESTING STUFFS
Categories
Linux

cPanel absolute path for SFTP back up

My back up server uses keys, and SSH to allow for backups. By default, in my cPanel server running CENTOS 7.7 with v86.0.18 of cPanel, you really only have the option to do a path related to the SSH user’s home log in directory. My back up server has a mount point outside of /home/user/ so I needed to find a way to force it to go to /data/madhost613/ as an example.

Once you create your SFTP back up options under “backup settings” in the cPanel GUI, you can create an “additional destinations”. This will allow your back ups to be sent somewhere else.

I would advise using key based authentication when you set up SFTP as a destination. It is far more secure then password based authentication. Once you set up your SFTP and have validated it, SSH into your SOURCE server running cPanel to make the change to the validation configuration file. It should be in: /var/cpanel/backups/ The file itself will look simliar to this: backups_link_data_drive_UID_vxxxxxxxxxxxxxxxxxxxxxx Once you found it, edit it with your favorite editor. Which should be vi ;). In that configuration file is a path line, go ahead and modify it to your aboslute path. Mine now reads: path: /data/madhost613/ Some caveats with this, the SSH user must have r/w on that destination server. Once you make this change, you can run the validation in cPanel, and if successful, your back ups will be sent to that directory now.

cPanel informed me this should be an added feature at some point, but currently unknown when. But this work around works fine.

Categories
Linux

Upgrading CentOS 6 to CentOS 7

I am shamelessly stealing this from: https://fsfe.soup.io/post/651104763/Evaggelos-Balaskas-System-Engineer-CentOS-Dist-Upgrade

I wanted to keep this information around if their site goes tits up. I did this on a newly installed Cent OS 6.10 upgrade as of this morning and it worked fine. I had not tried it with odd packages installed, or abnormally outdated packages, so your mileage may vary. Good luck, and as always, no one “supports” this procedure, the best option to upgrade is a CLEAN install to CENTOS 8. At this point 8 is tried and true and will keep your server supported longer.

PRE TASKS

There are some tasks you can do to prevent from unwanted results. Like:

  • Disable selinux
  • Remove unnecessary repositories
  • Take a recent backup!

CENTOS UPGRADE REPOSITORY

Create a new centos repository:

cat > /etc/yum.repos.d/centos-upgrade.repo <<EOF
[centos-upgrade]
name=centos-upgrade
baseurl=https://buildlogs.centos.org/centos/6/upg/x86_64/
enabled=1
gpgcheck=0
EOF

INSTALL PRE-UPGRADE TOOL

First install the openscap version from dev.centos.org:

# yum -y install https://buildlogs.centos.org/centos/6/upg/x86_64/Packages/openscap-1.0.8-1.0.1.el6.centos.x86_64.rpm

then install the redhat upgrade tool:

# yum -y install redhat-upgrade-tool preupgrade-assistant-*

IMPORT CENTOS 7 PGP KEY

# rpm --import http://mirror.centos.org/centos/7/os/x86_64/RPM-GPG-KEY-CentOS-7

NOTE:

to bypass errors like:

Downloading failed: invalid data in .treeinfo: No section: ‘checksums’

append CentOS Mirror under mirrorlist:

mkdir -pv /var/tmp/system-upgrade/base/ /var/tmp/system-upgrade/extras/ /var/tmp/system-upgrade/updates/

echo http://mirror.centos.org/centos/7/os/x86_64/ >> /var/tmp/system-upgrade/base/mirrorlist.txt
echo http://mirror.centos.org/centos/7/extras/x86_64/ >> /var/tmp/system-upgrade/extras/mirrorlist.txt
echo http://mirror.centos.org/centos/7/updates/x86_64/ >> /var/tmp/system-upgrade/updates/mirrorlist.txt

PRE-UPGRADE

preupg is actually a python script!

# yes | preupg -v
Preupg tool doesn't do the actual upgrade.
Please ensure you have backed up your system and/or data in the event of a failed upgrade
that would require a full re-install of the system from installation media.
Do you want to continue? y/n
Gathering logs used by preupgrade assistant:
All installed packages : 01/11 ...finished (time 00:00s)
All changed files : 02/11 ...finished (time 00:18s)
Changed config files : 03/11 ...finished (time 00:00s)
All users : 04/11 ...finished (time 00:00s)
All groups : 05/11 ...finished (time 00:00s)
Service statuses : 06/11 ...finished (time 00:00s)
All installed files : 07/11 ...finished (time 00:01s)
All local files : 08/11 ...finished (time 00:01s)
All executable files : 09/11 ...finished (time 00:01s)
RedHat signed packages : 10/11 ...finished (time 00:00s)
CentOS signed packages : 11/11 ...finished (time 00:00s)
Assessment of the system, running checks / SCE scripts:
001/096 ...done (Configuration Files to Review)
002/096 ...done (File Lists for Manual Migration)
003/096 ...done (Bacula Backup Software)
...
./result.html
/bin/tar: .: file changed as we read it
Tarball with results is stored here /root/preupgrade-results/preupg_results-180508202952.tar.gz .
The latest assessment is stored in directory /root/preupgrade .
Summary information:
We found some potential in-place upgrade risks.
Read the file /root/preupgrade/result.html for more details.
Upload results to UI by command:
e.g. preupg -u http://127.0.0.1:8099/submit/ -r /root/preupgrade-results/preupg_results-*.tar.gz .
this must finish without any errors.

CENTOS UPGRADE TOOL

We need to find out what are the possible problems when upgrade:

# centos-upgrade-tool-cli --network=7 --instrepo=http://vault.centos.org/7.0.1406/os/x86_64/

Then by force we can upgrade to it’s latest version:

# centos-upgrade-tool-cli --force --network=7 --instrepo=http://vault.centos.org/7.0.1406/os/x86_64/ --cleanup-post

Output:

setting up repos...
base | 3.6 kB 00:00
base/primary_db | 4.9 MB 00:04
centos-upgrade | 1.9 kB 00:00
centos-upgrade/primary_db | 14 kB 00:00
cmdline-instrepo | 3.6 kB 00:00
cmdline-instrepo/primary_db | 4.9 MB 00:03
epel/metalink | 14 kB 00:00
epel | 4.7 kB 00:00
epel | 4.7 kB 00:00
epel/primary_db | 6.0 MB 00:04
extras | 3.6 kB 00:00
extras/primary_db | 4.9 MB 00:04
mariadb | 2.9 kB 00:00
mariadb/primary_db | 33 kB 00:00
remi-php56 | 2.9 kB 00:00
remi-php56/primary_db | 229 kB 00:00
remi-safe | 2.9 kB 00:00
remi-safe/primary_db | 950 kB 00:00
updates | 3.6 kB 00:00
updates/primary_db | 4.9 MB 00:04
.treeinfo | 1.1 kB 00:00
getting boot images...
vmlinuz-redhat-upgrade-tool | 4.7 MB 00:03
initramfs-redhat-upgrade-tool.img | 32 MB 00:24
setting up update...
finding updates 100% [=========================================================]
(1/323): MariaDB-10.2.14-centos6-x86_64-client.rpm | 48 MB 00:38
(2/323): MariaDB-10.2.14-centos6-x86_64-common.rpm | 154 kB 00:00
(3/323): MariaDB-10.2.14-centos6-x86_64-compat.rpm | 4.0 MB 00:03
(4/323): MariaDB-10.2.14-centos6-x86_64-server.rpm | 109 MB 01:26
(5/323): acl-2.2.51-12.el7.x86_64.rpm | 81 kB 00:00
(6/323): apr-1.4.8-3.el7.x86_64.rpm | 103 kB 00:00
(7/323): apr-util-1.5.2-6.el7.x86_64.rpm | 92 kB 00:00
(8/323): apr-util-ldap-1.5.2-6.el7.x86_64.rpm | 19 kB 00:00
(9/323): attr-2.4.46-12.el7.x86_64.rpm | 66 kB 00:00
...
(320/323): yum-plugin-fastestmirror-1.1.31-24.el7.noarch.rpm | 28 kB 00:00
(321/323): yum-utils-1.1.31-24.el7.noarch.rpm | 111 kB 00:00
(322/323): zlib-1.2.7-13.el7.x86_64.rpm | 89 kB 00:00
(323/323): zlib-devel-1.2.7-13.el7.x86_64.rpm | 49 kB 00:00
testing upgrade transaction
rpm transaction 100% [=========================================================]
rpm install 100% [=============================================================]
setting up system for upgrade
Finished. Reboot to start upgrade.

REBOOT

The upgrade procedure, will download all rpm packages to a directory and create a new grub entry. Then on reboot the system will try to upgrade the distribution release to it’s latest version.

# reboot

Categories
Linux Software

423 locked file when trying to update in owncloud

Client = windows 10 64bit, running 2.4.0 owncloud client.
Server = Cent OS 7 running owncloud 10.4.0 server

When I deleted a file in the sync directory, it is throwing an error on the client:

2/3/2018 9:24:58 PM,tools-keys-etc/software/CISCO VPN/vpnclient-winx64-msi-5.0.07.0290-k9.exe,E:\DUDES\backups-resume-drivers,Server replied “423 Locked” to “DELETE https://chi.swamp.xyz/owncloud/remote.php/dav/files/vivithemage/backups-resume-drivers/tools-keys-etc/software/CISCO VPN/vpnclient-winx64-msi-5.0.07.0290-k9.exe”

Everything else is going fine. I also noticed though, that I deleted a directory on the client, and it would not sync, also threw an error, but I ignored it, and just removed it from syncing in the interface.

I do have encryption on the server enabled, for whatever that’s worth. I also have been using this instance since 7.x I think, before the merger, and beyond, haha. It’s worked great up to this point.

Looks like my cron jobs may have never ran. So I ran it manually.

I dumped myself into the apache user:

su -s /bin/bash apache

then ran the cron job script, which took about 30 minutes or so.

php -f /var/www/html/owncloud/cron.php

I then added it to crontab for apache:

crontab -e -u apache
*/15 * * * * php -f /var/www/html/owncloud/cron.php

Categories
camera Electronics pfsense

FDT 1080P HD FD8901 Review vs Motorola baby monitor

I purchased two of these guys for my two lil kiddos, as the second came, I did not want to pay $100+ for another camera in my Motorola baby cam setup.

What I like:
Picture quality is great
local recording on movement works great
360 degree angles are awesome
Night version works great
movement + audio alarms work great using Tinycam pro

I have a few issues:
The web app for moving the camera does not work well at all.
I cannot get two way working, even in the tinycam pro app.
I wish it had 5ghz, 2.4ghz is pretty saturated, and N just isn’t that fast.

I still prefer it over my Motorola baby monitor, much more versatile, and quality picture. I bought a Amazon Fire to use as a 24/7 baby cam, and it works great. It will vibrate on movement/noise.

I also have all traffic blocked going out to the internet, and coming in. I do have DNS and NTP protocols open to keep the time in sync on my firewall. Because of this though, I am also logging ANY traffic the FDT tries to reach out with, and so far they have not tried reaching out, it has been about 4 months too. I was slightly worried with all of the Chinese cameras that have been known to reach out and call home.

Categories
Linux linux pfsense

Creating firewall rules for pfsense to block cameras from going out

I installed pfSense 2.4.1, to replace my Asus AC68U as my router, and purchased an Ubiquiti UAP-AC-PRO for my wireless. So far so good, but I had one thing I REALLY wanted done with this new firewall, that my old one could not, and that was properly blocking all traffic going OUT, except NTP, and DNS to resolve those NTP entries. So my set up was as follows:

If you want me to get into each of the rules, let me know and I can. It works great, as I can see it allowing the NTP and DNS entries. This works best if your DNS server is your router/gateway. If it is not, you will have to substitute in what your DNS servers are. I am waiting for something to call home, so I can then report that to FDT, my camera manufacturer, and ask them WHY is it calling home?!

Categories
Linux

Centos 6 multiple vlans with one eth device

UPDATED for CentOS 7:

CentOS 7 multiple VLANs on one interface

The scenario I had was 1 eth0 device, and my port trunk’d to allow 9 and 10 vlans. I wanted to assign the full /24 to this box, using only eth0 and the trunk port in CentOS 6. This is what I had to do.

in linux NEED eth0 and one VLAN’d CFG:

cd /etc/sysconfig/network-scripts/

ifcfg-eth0.9 the .9 is the vlan

# Broadcom Corporation NetXtreme BCM5721 Gigabit Ethernet PCI Express
DEVICE=eth0.9
BOOTPROTO=none
HWADDR=00:1d:xx:xx:xx:xx
ONBOOT=yes
TYPE=Ethernet
IPADDR=173.243.116.2
NETMASK=255.255.255.0
VLAN=yes

ifcfg-eth0.10

# Broadcom Corporation NetXtreme BCM5721 Gigabit Ethernet PCI Express
DEVICE=eth0.10
BOOTPROTO=none
HWADDR=00:1d:xx:xx:xx:xx
ONBOOT=yes
TYPE=Ethernet
IPADDR=173.243.117.2
NETMASK=255.255.255.0
VLAN=yes

ifcfg-eth0
# Broadcom Corporation NetXtreme BCM5721 Gigabit Ethernet PCI Express
DEVICE=eth0
BOOTPROTO=none
HWADDR=00:1d:xx:xx:xx:xx
ONBOOT=yes
TYPE=Ethernet

ifcfg-eth0.9-range0
IPADDR_START=173.243.116.3
IPADDR_END=173.243.116.254
NETMASK=255.255.255.0
CLONENUM_START=3

ifcfg-eth0.11-range0
IPADDR_START=199.96.80.3
IPADDR_END=199.96.80.254
NETMASK=255.255.255.0
CLONENUM_START=257

******************************************************************************************

CENTOS 6 REQUIRES NO GATEWAY in ifcfg-eth0.xx so remove it

CENTOS 6 REQUIRES ROUTES ADDED:

You can do this to test, as once the server is rebooted, or network restarted these rules drop:
ip route add default via 192.119.164.1 dev eth0.8 table 1
ip route add default via 192.119.165.1 dev eth0.9 table 2
ip rule add from 192.119.164.2 tab 1 priority 500
ip rule add from 192.119.165.2 tab 2 priority 501
ip rule add from 192.119.164.0/24 table 1
ip rule add from 192.119.165.0/24 table 2

To make it permanent:
cd /etc/sysconfig/network-scripts/

echo ‘default via 192.119.169.1 dev eth0.3 table 1’ > route-eth0.3
echo ‘default via 192.119.174.1 dev eth0.6 table 2’ > route-eth0.6
echo ‘from 192.119.169.2 tab 1 priority 500’ > rule-eth0.3
echo ‘from 192.119.174.2 tab 2 priority 501’ > rule-eth0.6
echo ‘from 192.119.169.0/24 table 1’ > rule-eth0.3
echo ‘from 192.119.174.0/24 table 2’ > rule-eth0.6

******************************************************************************************

Categories
Linux

history command with timestamp linux

I always find it easier when my history has a time stamp, you can coorolate a lot of things, like last, start/stops of services, who done it, etc.

export HISTTIMEFORMAT=”%F %T ”

This will work for the session, but if you want it saved for every log in add to respective bash_profile:
~/.bash_profile or /root/.bash_profile

Categories
Linux

Firewall Status: Enabled but Stopped in CSF with cPanel

I kept getting: Firewall Status: Enabled but Stopped in my CSF in cPanel. I am currently running WHM 11.40.1 (build 11) and csf v7.03.

I tried just clicking start, no luck it would just flip back a few minutes later. So I ended up dropping to shell and running

service csf stop
iptables –flush
service csf start

that seemed to work, there must have been a hung iptables rule, or a bad rule that caused CSF to flip to disabled.