Archive
restoring rc.local with systemd
To enable rc.local on a Debian 10 new install you must add the following to /etc/systemd/system. Name the file rc-local.service. [Unit] Description=/etc/rc.local ConditionPathExists=/etc/rc.local [Service] Type=forking ExecStart=/etc/rc.local start TimeoutSec=0 StandardOutput=tty RemainAfterExit=yes SysVStartPriority=99 [Install] WantedBy=multi-user.target After adding the above to enable rc.local execute systemctl enable rc.local.service. You then should be able to utilize /etc/rc.local. This should return rc.local functionality.
Add network tools
Debian 10 (or other late versions) is missing ifconfig and other network utilities.
apt install net-tools -y and apt install dnsutils.
This will give you the familiar set of networking tools.
Upgrading to Debian Buster
Upgrading my cloud server (Linode) to Debian Buster was not too difficult. There were a few problems. Having a backup image and the ability to take a snapshot of your present system is essential if you are using your server for essential services.
Here is my experience.
First login and edit /etc/apt/sources.list and change all occurrences of stretch to buster. I use vi so just use this command %s/stretch/buster/g and save your work.
Next step user apt update and apt upgrade to install “buster”. It goes pretty quickly. After in installation is complete reboot the system. Run apt full-upgrade. You may see addition packages, then run apt autoremove to remove any old packages.
I ran into three issues. These included problems with dovecot, nsd, and nginx as I use my server for mail, nameservice and a web server.
First nsd nameserver. If you already have it configured under stretch. Simply remove the *.pem and *.key files and rerun nsd-control-setup. Then restart nsd and it should start as it should. The only problem I have found is logging. I had created /var/log/nsd.log and that seems to fail now. You can simply continue to use nsd with syslog as your logging method and that works fine.
On one upgrade I did have to reinstall nginx. However on several other upgrades, there was no problem. Just make a backup of sites-available for both apache2 and nginx, just in case.
As for Dovecot. I use dovecot ssl. It seems you need to regenerate dh.pem the dovecot ssl wiki as follows:
ssl_dh = </etc/dovecot/dh.pem (this will take a while)
Add the following to /etc/dovecot/conf.d/10-ssl.conf
ssl_dh = </etc/dovecot/dh.pem
ssl_min_protocol = TLSv1.2
ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:
!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
ssl_prefer_server_ciphers = yes
ssl_min_protocol = TLSv1.2
Restart dovecot and it should function properly.
Cloning a linux drive
It’s easy to clone a linux drive to a new hd or ssd. One of the fastest ways is to create a clonezilla flash drive (see clonezilla.org), add your new drive to the system either via a usb sata adapter or plug the drive in your system, and then create and boot your clonezilla usb stick.
Use the default options on clonezilla and copy your source drive to the new drive. If the new drive is a larger drive you will have to resize it either with clonezilla or manually. The clonezilla method it kind of tricky but works fine. I am going to give you an alternative.
Once you boot the new larger drive the partition will be identical to the old drive (in my case I was updating from a 100G drive to a 500G drive).
Here are the steps:
Run fdisk /dev/sda and delete all the existing partitions (on your live system). Add a new primary partition leaving enough room for the extended partition and swap partition. Then add the extended partition using the rest of the unused space and finally add the last partition. Toggle the last partition (probably sda5) to make it swap space. Then save your changes in fdisk with the “w” command. Your drive should look like this:
/dev/sda1 2048 964691967 964689920 460G 83 Linux
/dev/sda2 964691968 1000215215 35523248 17G 5 Extended
/dev/sda5 964694016 1000215215 35521200 17G 82 Linux swap / Solaris
Reboot the system. It may take a little longer than usual. Log on. You will have to run mkswap to format your swap space ie mkswap /dev/sda5. Copy the UUID after you finish and edit /etc/fstab to show the new swap UUID.
The to utilize the new disk size you need to run resize2fs /dev/sda. This will expand your first partition to it’s full capacity. Reboot again and everything should look normal. Use the “free” and “df” commands to confirm.
OSX Mojave. Brew install wget
There are some issues when using brew to install wget with OSX Mojave.
I found installing pcre (brew install pcre) fixed my issues.
Null route ssh attacks on your debian server
I Use these scripts to catch and null route failed ssh attempts.
I have my data stored in /root/firewall. You may need to direct the script at mail.log depending on your Postfix mail filtering options. If so just change the target.
The first script “NULLAUTH” retrieves the IP address of failed ssh attempts.
The second script “RMNULL” erases previously stored null routes.
I recommend creating a crontab entry for NULLAUTH and running it periodically.
##NULLAUTH
cd /root/firewall
BLACKLIST=’cat BLACKLIST’
RMNULL
egrep “authentication failure” /var/log/auth.log | grep -Eo “([0-9]{1,3}\.){3}[0-9]{1,3}” > authfailure
sort -u authfailure | uniq -u > BLACKLIST
## Null route BLACKLIST
for x in `$BLACKLIST`; do
echo “Null routing $x…”
ip route add blackhole $x
done
##RMNULL
#!/bin/bash
cd /root/firewall
BLACKLIST=’cat BLACKLIST’
for x in `$BLACKLIST`; do
echo “unblocking $x…”
ip route delete $x
done
Fix eth0 on fresh install of Debian 9
You can disable these stable names and go back to the kernel-provided ones
(which don’t have a stable order) in one of two ways:
– Put “net.ifnames=0″ into the kernel command line (e. g. in
and add
GRUB_CMDLINE_LINUX=”net.ifnames=0”
the run “update-grub”
– Disable the default *.link rules with
“ln -s /dev/null /etc/systemd/network/99-default.link”
and rebuild the initrd with “update-initramfs -u”.
The above is from a debian readme file.
Use CSS to keep footer on the bottom of a container when you vary the size
You can keep the footer on the bottom of a CSS container like this example. The
Height statement in the the #topofpage ID (1280px) controls the whole page container.
The #pages statement is the lower page half below the horizontal navigation bar.
If you vary the page size with the #topofpage height the #pages and #footer sections
will keep the footer on the bottom.
#topofpage {
width:870px;max-width:100%;height:1280px;max-height:100%;margin-right:auto;margin-left:auto;margin-bottom:auto;border-bottom:1px solid black;box-shadow: 400px 0px 0px 0px rgb(100,125,100), -400px 0px 0px 0px rgb(100,125,100);border:1px solid black;
#pages {
font-family: “Helvetica”, “Arial”, sans-serif;
height:calc(100% – 340px);
# height:940px;
position:relative;
margin-bottom:0px;
margin-top: 0px;
margin-bottom: 0px;
border:none;
# border-radius: 20px;
font-size:13pt;
text-align:justify;
}
#footer {
clear;
height:40px;
font-size: 15px;
bottom:0;
font-family:”Times New Roman”;
text-align:center;
border:none;
# border-radius: 20px;
}
Use SMS for a reminder for meds, birthdays, etc. *
You can use SMS to remind yourself with a text message if you have access to one the cellphone
gateways for SMS and run your own mail server (you can use a client too but this example
is for a linux server).
Here are the major US SMS gateways. Most all the MNVO providers are listed on line too.
Sprint [insert 10-digit number]@messaging.sprintpcs.com
T-Mobile [insert 10-digit number]@tmomail.net
U.S. Cellular [insert 10-digit number]@email.uscc.net
Verizon [insert 10-digit number]@vtext.com
Just use the sendmail command and set up a crontab entry (Debian example):
30 22 * * * echo “take your meds” | /usr/sbin/sendmail 12345678910@cellgateway
will send you “take your meds” at 10:30pm every day.
* Works for android. Iphone’s work however text may not be formatted correctly.
Other reminders can be added.
I find this more useful than email or cell phone alarms.
Easily add to pdf file
You can easily add to a pdf file with pdftk (Debian apt install pdftk).
Simple syntax:
pdftk file1 file2 cat output file3.pdf
It does much more than that. Read the man pages for more info.