dah85.com

*not* just another blog ;)

I have recently aquired a NAT VPS, which I will talk more about in a future post, but for now, I need to change the port that apache listens on from the default port 80.

Here's how I did it.

nano /etc/apache2/ports.conf

And change the "Listen" value from 80 to, in my case, 50781

Save the file, and we'll move on to the next part.

nano /etc/apache2/sites-enabled/000-default.conf

And then change the first line, which will be to (Change the port to what you'll be using)

After that's done, we need to restart Apache

systemctl restart apache2

And you should be able to access the website on your new port!

Finding text in all files

- Posted in Quick Tip by with comments

I recently had to find a particular word in a bunch of files, and instead of manually going into each one to find it, I found a simple way!

Let's say I want to find the word "Proudly" (case sensitive) I would type this:

grep -r 'Proudly'

This will search all files in the current directory, plus all subdirectories and will output the location of the files.

Then, I will open the file in nano and Control - W to search for the word.

I hope that helps someone!

Setting up Fail2Ban

- Posted in Quick Tip by with comments

If you have a look in your server logs, you will most likely see an intrusion attempt every couple of seconds. This is anti-social behaviour which seems to stem from Chinese "hackers".

Here's how to make it a lot harder for them to actually gain access.

sudo apt update && sudo apt install fail2ban

Check that all is good and that it's running

systemctl status fail2ban

And we can watch it work by looking at the log file, which in my case is at

nano /var/log/fail2ban.log

You can see that it's finding patterns that match abuse, and will ban these bastards for 5 mins at a time. It won't stop them, but it will make it harder for them to brute force a password that way.

This is an excerpt from my log:

2017-10-12 13:59:42,654 fail2ban.filter [15200]: INFO [sshd] Found 221.194.47.236 2017-10-12 13:59:43,158 fail2ban.actions [15200]: NOTICE [sshd] Ban 221.194.47.236
2017-10-12 13:59:44,836 fail2ban.filter [15200]: INFO [sshd] Found 221.194.47.236 2017-10-12 13:59:56,473 fail2ban.filter [15200]: INFO [sshd] Found 59.45.175.95
2017-10-12 13:59:58,575 fail2ban.filter [15200]: INFO [sshd] Found 59.45.175.95
2017-10-12 14:00:01,356 fail2ban.filter [15200]: INFO [sshd] Found 59.45.175.95
2017-10-12 14:00:03,747 fail2ban.filter [15200]: INFO [sshd] Found 59.45.175.95
2017-10-12 14:00:06,404 fail2ban.filter [15200]: INFO [sshd] Found 59.45.175.95
2017-10-12 14:00:07,399 fail2ban.actions [15200]: NOTICE [sshd] Ban 59.45.175.95
2017-10-12 14:00:08,511 fail2ban.filter [15200]: INFO [sshd] Found 59.45.175.95
2017-10-12 14:00:57,705 fail2ban.filter [15200]: INFO [sshd] Found 59.45.175.11
2017-10-12 14:00:59,516 fail2ban.filter [15200]: INFO [sshd] Found 59.45.175.11
2017-10-12 14:01:05,281 fail2ban.filter [15200]: INFO [sshd] Found 59.45.175.11
2017-10-12 14:01:07,856 fail2ban.filter [15200]: INFO [sshd] Found 59.45.175.11
2017-10-12 14:01:13,863 fail2ban.filter [15200]: INFO [sshd] Found 59.45.175.11
2017-10-12 14:01:14,693 fail2ban.actions [15200]: NOTICE [sshd] Ban 59.45.175.11 2017-10-12 14:01:15,203 fail2ban.filter [15200]: INFO [sshd] Found 59.45.175.11

I have been using the program gtop to show all sorts of nice stats in a neat graph format in the terminal, but on some of the machines it just shows a ? instead of the . or bars.

Here's how I fixed it.

sudo dpkg-reconfigure locales

Then I selected my locale "en_AU UTF-8"

After doing that, and rebooting (I really wish I didn't have to do that!) it works as it should!

Thanks to the guys on ##linux on freenode for pointing me in the right direction.

Hopefully this helps someone else!

Installing gtop to monitor a system

- Posted in Quick Tip by with comments

I recently came across a nifty app called gtop which shows some really cool information and graphs about your system, such as cpu usage, disk, network, etc in real time.

Here's how I installed it:

sudo apt update
sudo apt install npm
npm install -g gtop

Then run it with

gtop

If you get an error saying "/usr/bin/env: ‘node’: No such file or directory" then try this:

ln -s /usr/bin/nodejs /usr/bin/node

This will symlink it and if you re-run the app it should work!

I've recently upgraded to using Ubuntu Server 17.04 and I have noticed that by default you must create a user instead of being able to login as root, which is a great idea for security, but makes things harder for permissions, etc.

Once the Ubuntu 17 server has been set up, all we need to do is modify /etc/ssh/sshd_config and add the line PermitRootLogin yes underneath the Authentication heading.

sudo nano /etc/ssh/sshd_config

sshd_config:

#Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

Once that's done, we just need to restart the ssh server

sudo systemctl restart sshd

Now, we need to make sure the root user has a password, if not, we can set one now.

sudo passwd

Enter the new root password, once that's done, try logging in as root with SSH, it should work now!

Benchmarking Linux with bench.sh

- Posted in Quick Tip by with comments

When I set up a new Linux machine, I always like to run a benchmark to see how it's performing. This is mostly true if I get a new VPS, or if I'd like to check the performance of a computer for the fun of it.

Normally, I use this one-liner benchmark (after installing bzip2 and time):

bash <(wget --no-check-certificate -O - https://raw.github.com/mgutz/vpsbench/master/vpsbench)

The output looks like this:

CPU model:  AMD Phenom(tm) II X4 970 Processor
Number of cores: 4
CPU frequency:  3499.966 MHz
Total amount of RAM: 7986 MB
Total amount of swap:  MB
System uptime:   4:51,       
I/O speed:  229 MB/s
Bzip 25MB: 5.35s
Download 100MB file: 9.48MB/s

Today, I'll be looking at another one called bench.sh

It's another simple one-liner:

wget -qO- bench.sh | bash

The output looks like this:

----------------------------------------------------------------------
CPU model            : AMD Phenom(tm) II X4 970 Processor
Number of cores      : 4
CPU frequency        : 3499.966 MHz
Total size of Disk   : 219.8 GB (107.0 GB Used)
Total amount of Mem  : 7986 MB (2137 MB Used)
Total amount of Swap : 8240 MB (0 MB Used)
System uptime        : 0 days, 4 hour 46 min
Load average         : 0.18, 0.29, 0.39
OS                   : Manjaro Linux 
Arch                 : x86_64 (64 Bit)
Kernel               : 4.13.3-2-MANJARO
----------------------------------------------------------------------
I/O speed(1st run)   : 234 MB/s
I/O speed(2nd run)   : 218 MB/s
I/O speed(3rd run)   : 221 MB/s
Average I/O speed    : 224.3 MB/s
----------------------------------------------------------------------
Node Name                       IPv4 address            Download Speed
CacheFly                        205.234.175.175         9.49MB/s      
Linode, Tokyo, JP               106.187.96.148          5.71MB/s      

It will test more locations, but I snipped them out to make this a bit smaller, plus, to be honest, they took too long to finish.

The tests I have done here are for my desktop with an SSD, connected on the NBN at 100/40 using VDSL with Myrepublic as the ISP.

Maybe I will re-benchmark all the VPS's I currently have (11 at last count!) and post them on here.

Using Rsync

- Posted in Quick Tip by with comments

I found myself needing a copy a folder from one server to another, but keeping all of the file attributes intact and not copying files already transferred, or deleting anything.

I came across this command:

rsync --progress -havz /var/www user@remotehost:/var/www

Which shows the progress as it goes, keeps the file attributes and doesn't copy anything that's already there.

Encrypted backups to another server

- Posted in Quick Tip by with comments

I am trying to back up one of my storage servers to another storage server, but I would like to encrypt the backup files for extra protection.

To do this, I will be using duplicity. Duplicity works great for backing up my desktop to my storage VPS so I'd like to use it for my server also.

First, we need to install duplicity and make sure gnupg is installed, as well as python-maramiko otherwise it may error advising it's not available as a backend.

apt install duplicity gnupg python-paramiko

Then we need to generate a key

gpg --gen-key

For the next part, I took the defaults except the keysize is 4096.

Take note of the public key that was generated as we'll use this to encrypt the backup.

This is the command I would use to back up the /var/www folder to the path /home/root/www on the destination.

duplicity --ssh-askpass --encrypt-key=CE69XXXX --sign-key=CE69XXXX /var/www sftp://root@destination.com/www

The --ssh-askpass option is if you don't use SSH keys, otherwise it will complain that it can't connect.

The output will be pretty quiet, not showing any progress, so for the first backup I will use -v8 which is verbosity level 8 (info) which shows each file as it's backing up.

In another post, I'll look at decrypting the backup.

I have a Logitech G15 keyboard which has an LCD screen built into the top of it. Under Ubuntu, getting it to work is a simple matter of running

apt install g15daemon

Under Manjaro, it's a bit different. I can install the g15daemon but it won't start automatically without requring the root password. What we need to do is use a tool called visudo. This is what I did.

sudo visudo

Then go to the bottom of the file, press o to insert and put:

ALL ALL= NOPASSWD: /usr/sbin/g15daemon

Press escape, then :x to save and quit.

Now we enable it as a service in systemctl

sudo systemctl enable g15daemon

And test it by running

sudo systemctl start g15daemon

The LCD on the keyboard now shows me the time and date. To get this to start when I log in, because I'm using Manjaro XFCE I will open "Session and Startup", go to the "Application Autostart" tab and create a new entry with "sudo systemctl start g15daemon" as the command to run, giving it a suitable name.

After a reboot to test it, it's all working!

I originally followed this post on the Manjaro forums with no success, I found my way to be much cleaner.