Category: Linux

  • Linux KVM Bridge network on Ubuntu

    On Ubuntu 18.04 server, first i get Ubuntu to use /etc/network/interface, by default Ubuntu 18.04 and newer use netplan.

    First install ifdown

    apt install ifupdown -y

    Install bridge utils and resolvconf.

    apt install bridge-utils resolvconf

    Now you can configure your network interface by editing file

    vi  /etc/network/interface

    Here is my network configuration on an OVH server.

    root@ns3048991:~# cat /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)
# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d

auto eno3
iface eno3 inet static
    address 149.202.199.137
    netmask 255.255.255.255
    broadcast 149.202.199.137
    gateway 149.202.199.254
    dns-nameservers 8.8.8.8 8.8.4.4
root@ns3048991:~#

    To convert this interface to bridge network, do the following

    1) Replace all occurance of “eno3” with “br0”

    2) Add following lines 

        bridge_ports eno3
    bridge_stp off
    bridge_maxwait 5

    In above, replace “eno3” with name of your physical interface.

    Here is my final network configuration.

    root@ns3048991:~# cat /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)
# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d

auto br0
iface br0 inet static
    address 149.202.199.137
    netmask 255.255.255.255
    broadcast 149.202.199.137
    gateway 149.202.199.254
    bridge_ports eno3
    bridge_stp off
    bridge_maxwait 5
    dns-nameservers 8.8.8.8 8.8.4.4
root@ns3048991:~#

    See Linux KVM, Networking @ linux-kvm.org

  • Install Xfce VNC remote desktop on Ubuntu

    Install Xfce VNC remote desktop on Ubuntu

    XFCE is a lightweight Desktop Environment for Linux. XFCE + vnc allows you to set up a remote desktop on a VPS or dedicated server located in a remote data center or cloud. You can connect to remote desktop using a VNC client and work like it is a local computer, similar to Windows Remote Desktop (RDP).

    To install XFCE run

    apt install -y xfce4 xfce4-goodies

    You will be asked to select Default Display Manager. You can select any of the options.

    Next install vncserver

    apt install tightvncserver autocutsel

    It is a bad idea to use root user for logging into the desktop. Create a normal user with sudo privileges to be used as desktop user.

    useradd -m -s /bin/bash USERNAME

    It will be good to make this user an admin, so the user can install software or update the system.

    usermod -aG sudo USERNAME

    Set a password for the user

    passwd USERNAME

    Now login as the user

    su - USERNAME_HERE

    Create a vnc password for this user.

    vncpasswd

    Create vnc startup file

    vi ~/.vnc/xstartup

    Add

    #!/bin/bash

xrdb $HOME/.Xresources
autocutsel -fork
startxfce4 &

    Make it executable

    chmod 755 ~/.vnc/xstartup

    Auto start VNC Server

    To autostart vncserver on boot, you need to create a service file. You need to do the following as user root.

    vi /etc/systemd/system/[email protected]

    Add

    [Unit]
Description=Start VNC server at startup
After=syslog.target network.target

[Service]
Type=forking
User=USERNAME
Group=USERNAME
WorkingDirectory=/home/USERNAME

PIDFile=/home/USERNAME/.vnc/%H:%i.pid
ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1
ExecStart=/usr/bin/vncserver -depth 24 -geometry 1920x1080  :%i
ExecStop=/usr/bin/vncserver -kill :%i

[Install]
WantedBy=multi-user.target

    In the above, replace USERNAME with the actual user name you created above.

    Enable the service with

    systemctl enable vncserver@1

    Start the VNC server

    systemctl start vncserver@1

    Now reboot the server. You should be able to connect to VNC server using SERVER_IP:1

    OPTIONAL: Using RDP instead of VNC

    If you want to use RDP (Windows Remote Desktop) to connect instead of VNC, install xrdp

    apt install -y xrdp

    Edit

    vi /etc/xrdp/xrdp.ini

    Set value of new_cursors to false.

    new_cursors=false

    Change to desktop user

    su - USERNAME

    Create file

    vi ~/.xsession

    Add following content

    xfce4-session
export XDG_SESSION_DESKTOP=xubuntu
export XDG_DATA_DIRS=/usr/share/xfce4:/usr/local/share:/usr/share:/var/lib/snapd/USERNAME:/usr/share
export XDG_CONFIG_DIRS=/etc/xdg/xfce4:/etc/xdg:/etc/xdg

    Enable and restart XRDP

    systemctl enable xrdp
systemctl restart xrdp

    See VNC Server

  • Install HandBrake on Ubuntu 18.04

    HandBreak is an OpenSource Video transcoder available from https://handbrake.fr. It can convert video to various format.

    Latest version of Handbreak available in Ubuntu PPA. To install, enable Handbreak PPA

    add-apt-repository ppa:stebbins/handbrake-releases

    Install handbreak with

    apt install handbrake-gtk handbrake-cli
  • Install Linux KVM on Ubuntu

    Install Linux KVM on Ubuntu

    Linux KVM is virtualisation software that allow you to create virtual machine under linux. To install on Ubuntu, run

    apt install -y qemu-kvm qemu-utils

    Install libvirtd, this allow you to easily create KVM virtual machines and allow remote connection from virt-manager GUI application.

    For Ubuntu 20.04

    apt install -y libvirt-daemon libvirt-daemon-system

    For Ubuntu 18.04

    apt install -y libvirt-bin

    Enable and start libvirt

    systemctl enable libvirtd
systemctl start libvirtd
systemctl is-active libvirtd
systemctl status libvirtd

    At this stage, you should be able to connect to KVM server form your computer using virt-manager.

    You need to create a bridge network interface (“br0”), for this, follow instructions at Linux KVM Bridge network on Ubuntu.

    Downloading ISO

    Before you can setup any VM, you need to download ISO image for the OS. Here i downloaded ISO image for Ubuntu 19.04

    cd /var/lib/libvirt/images
wget http://mirrors.piconets.webwerks.in/ubuntu-mirror/ubuntu-releases/19.04/ubuntu-19.04-live-server-amd64.iso

    Once downloaded, you should be able to select this ISO image in virt-manager when creating a VM.

    See Linux KVM

  • Disable IP Block Alerts in CSF Firewall

    To disable IP block alert in CSF firewall, run

    sed -i "s/LF_PERMBLOCK_ALERT\s*=.*$/LF_PERMBLOCK_ALERT = \"0\"/g" /etc/csf/csf.conf

    Restart lfd and csf

    systemctl restart lfd
csf -r

    See csf firewall

  • Ignore a folder in maldet

    maldet is malware scanner for linux. On a shared hosting server, maldet detected one cusomer files as malware, on checking i found it is false positive. It is just a log file written by the application. To avoid getting further email from this application, i added this folder to maldet ignore_paths.

    To add a folder to ignore list, edit file

    vi /usr/local/maldetect/ignore_paths

    Add the folder you need to ignore to end of this file as a new line.

    Example

    root@server74 [~]# cat /usr/local/maldetect/ignore_paths
/home/welgreenkerala/public_html/login/
/usr/local/maldetect
/usr/local/sbin/maldet
/home/shopatke/public_html/application/logs/
root@server74 [~]#

    See maldet

  • Download RPM package from yum repository

    To download RPM file from yum repo, you need to install yum-utils package.

    yum install -y yum-utils

    Now you can use command

    yumdownloader --resolve --destdir=/path/ PACKAGE_NAME

    Example

    yumdownloader --resolve --destdir=/root/yum/ nginx

    This will download and store all rpm files in /var/yum folder. –resolve will resolve dependency and download them. This will be helpful if you need to install a package on a system with no direct internet connection.

    See yum

  • Enable Passive FTP in ISPConfig

    To enable Passive FTP in Debian/Ubuntu installation of ISPConfig, run

    echo "40110 40210" > /etc/pure-ftpd/conf/PassivePortRange

    Restart pure-ftpd

    service pure-ftpd-mysql restart

    Now open ports 40110-40210 in firewall.

    On CSF Firewall, edit

    vi /etc/csf/csf.conf

    Add

    40110:40210

    At ened of TCP_IN line.

    Example

    TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,3333,8080,8090,19999,40110:40210"

    if you are using AWS, you need to run

    echo "YOUR_EXTERNAL_IP_ADDR" > /etc/pure-ftpd/conf/ForcePassiveIP
service pure-ftpd-mysql restart

    See ispconfig

  • Set default editor in Ubuntu

    To set default editor in Ubuntu/Debian, run

    update-alternatives --config editor

    Ubuntu default editor

    See update-alternatives

  • Reorder windows in tmux

    To reorder windows in tmux, you can use following command

    CTRL + B + .

    Press CTRL + B or whatever prefix you use, then press . (dot). This will ask you number/position where you need current window moved.

    Another method is

    CTRL + B + :

    This will give you tmux command promt. Now enter

    move-window -t 0

    This will move current window to position 0. This only work if position 0 is empty. If another window already present in position 0, use swap-window command.

    swap-window -t 0

    This with swap current window with window in position 0.

    Another useful command is

    CTRL + B + ,

    This will allow you to rename current tmux window.

    Using shortcuts

    You can edit .tmux.conf file and add following

    bind-key -n C-S-Left swap-window -t -1
bind-key -n C-S-Right swap-window -t +1

    Now you can use CTRL + SHIFT + LEFT OR RIGHT arrow to move windows.

    See tmux

  • Setup Tor Hidden Service on CentOS 7

    Tor is provided by EPEL repository on CentOS 7. Install EPEL repo with command

    yum install epel-release

    Install tor

    yum install tor

    Edit tor config file

    vi /etc/tor/torrc

    Uncomment or add following lines

    HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80

    Restart tor with command

    systemctl restart tor

    Now your tor hidden service is ready to use. You need to run your web application on 127.0.0.1:80

    To see URL of your tor hidden service, run

    cat /var/lib/tor/hidden_service/hostname

    Make sure to make a backup of folder “/var/lib/tor/hidden_service/” as it comtains keys for this .onion domain. If you lost it, you will lose your domain name. So it is very important you keep the files safe.

    To stop/start tor, run

    systemctl stop tor
systemctl start tor

    See tor

  • Tor Hidden Service in Ubuntu/Debian

    Tor Hidden Service in Ubuntu/Debian

    tor browser

    To install tor on Ubuntu/Debian, run

    apt install tor

    Default configuration file for tor is /etc/tor/torrc

    To enable hidden service, edit /etc/tor/torrc

    vi /etc/tor/torrc

    uncomment lines

    HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80

    Create folder for your hidden service

    mkdir /var/lib/tor/hidden_service/
chmod 700 /var/lib/tor/hidden_service/
chown -R debian-tor:debian-tor /var/lib/tor/hidden_service/

    You need to install Apache/Nginx etc.. to serve your web application. Make sure to configure web application listen on 127.0.0.0:80

    Now restart tor with command

    systemctl start tor@default

    Ubuntu/Debian support multiple instances of tor. You can use command “/usr/sbin/tor-instance-create” to create new tor instance. Configuration for instanced tor available at /etc/tor/instances/INSTANCE_NAME/torrc

    To see URL for your Hidden service, run

    cat /var/lib/tor/hidden_service/hostname

    Example

    root@lab:~# cat /var/lib/tor/hidden_service/hostname 
3w2pkr2qcusd6rx7zq4rulq7kt4xjpsgv7nxubcy2bdbgipy4wto4aid.onion
root@lab:~#

    You should be able to visit the application using .onion link in Tor Browser.

    You need to take backup of tor folder (/var/lib/tor/hidden_service) as it contains your secret keys, this is needed to use the .onion domain name. If you lose this, you will lose the .onion url.

    To start the service on boot, run

    systemctl enable tor@default

    See Tor