Tungsol Filaments

To enable rc.local on a Debian 10 new install you 
must add the following to /etc/systemd/system. 
Name the file rc-local.service.


[Unit]
Description=/etc/rc.local
ConditionPathExists=/etc/rc.local
[Service]
Type=forking
ExecStart=/etc/rc.local start
TimeoutSec=0
StandardOutput=tty
RemainAfterExit=yes
SysVStartPriority=99
[Install]
WantedBy=multi-user.target

After adding the above to enable rc.local execute systemctl enable rc.local.service.
You then should be able to utilize /etc/rc.local.
This should return rc.local functionality.

Debian 10 (or other late versions) is missing ifconfig and other network utilities.

apt install net-tools -y and apt install dnsutils.

This will give you the familiar set of networking tools.

Upgrading my cloud server (Linode) to Debian Buster was not too difficult. There were a few problems. Having a backup image and the ability to take a snapshot of your present system is essential if you are using your server for essential services.

Here is my experience.

First login and edit /etc/apt/sources.list and change all occurrences of stretch to buster. I use vi so just use this command %s/stretch/buster/g and save your work.

Next step user apt update and apt upgrade to install “buster”. It goes pretty quickly. After in installation is complete reboot the system. Run apt full-upgrade. You may see addition packages, then run apt autoremove to remove any old packages.

I ran into three issues. These included problems with dovecot, nsd, and nginx as I use my server for mail, nameservice and a web server.

First nsd nameserver. If you already have it configured under stretch. Simply remove the *.pem and *.key files and rerun nsd-control-setup. Then restart nsd and it should start as it should. The only problem I have found is logging. I had created /var/log/nsd.log and that seems to fail now. You can simply continue to use nsd with syslog as your logging method and that works fine.

On one upgrade I did have to reinstall nginx. However on several other upgrades, there was no problem. Just make a backup of sites-available for both apache2 and nginx, just in case.

As for Dovecot. I use dovecot ssl. It seems you need to regenerate dh.pem the dovecot ssl wiki as follows:

ssl_dh = </etc/dovecot/dh.pem (this will take a while)

Add the following to /etc/dovecot/conf.d/10-ssl.conf

ssl_dh = </etc/dovecot/dh.pem

ssl_min_protocol = TLSv1.2

ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:

!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH

ssl_prefer_server_ciphers = yes

ssl_min_protocol = TLSv1.2

Restart dovecot and it should function properly.

It’s easy to clone a linux drive to a new hd or ssd. One of the fastest ways is to create a clonezilla flash drive (see clonezilla.org), add your new drive to the system either via a usb sata adapter or plug the drive in your system, and then create and boot your clonezilla usb stick.

Use the default options on clonezilla and copy your source drive to the new drive. If the new drive is a larger drive you will have to resize it either with clonezilla or manually. The clonezilla method it kind of tricky but works fine. I am going to give you an alternative.

Once you boot the new larger drive the partition will be identical to the old drive (in my case I was updating from a 100G drive to a 500G drive).

Here are the steps:

Run fdisk /dev/sda and delete all the existing partitions (on your live system). Add a new primary partition leaving enough room for the extended partition and swap partition. Then add the extended partition using the rest of the unused space and finally add the last partition. Toggle the last partition (probably sda5) to make it swap space. Then save your changes in fdisk with the “w” command. Your drive should look like this:

/dev/sda1            2048  964691967 964689920  460G 83 Linux

/dev/sda2       964691968 1000215215  35523248   17G  5 Extended

/dev/sda5       964694016 1000215215  35521200   17G 82 Linux swap / Solaris

Reboot the system. It may take a little longer than usual. Log on. You will have to run mkswap to format your swap space ie mkswap /dev/sda5. Copy the UUID after you finish and edit /etc/fstab to show the new swap UUID.

The to utilize the new disk size you need to run resize2fs /dev/sda. This will expand your first partition to it’s full capacity. Reboot again and everything should look normal. Use the “free” and “df” commands to confirm.

I Use these scripts to catch and null route failed ssh attempts.
I have my data stored in /root/firewall. You may need to direct the script at mail.log depending on your Postfix mail filtering options. If so just change the target.

The first script “NULLAUTH” retrieves the IP address of failed ssh attempts.
The second script “RMNULL” erases previously stored null routes.
I recommend creating a crontab entry for NULLAUTH and running it periodically.

##NULLAUTH
cd /root/firewall
BLACKLIST=’cat BLACKLIST’
RMNULL
egrep “authentication failure” /var/log/auth.log | grep -Eo “([0-9]{1,3}\.){3}[0-9]{1,3}” > authfailure
sort -u authfailure | uniq -u > BLACKLIST
## Null route BLACKLIST
for x in `$BLACKLIST`; do
echo “Null routing $x…”
ip route add blackhole $x
done

##RMNULL
#!/bin/bash
cd /root/firewall
BLACKLIST=’cat BLACKLIST’
for x in `$BLACKLIST`; do
echo “unblocking $x…”
ip route delete $x
done

You can disable these stable names and go back to the kernel-provided ones
(which don’t have a stable order) in one of two ways:

– Put “net.ifnames=0″ into the kernel command line (e. g. in
and add
GRUB_CMDLINE_LINUX=”net.ifnames=0”
the run “update-grub”

– Disable the default *.link rules with
“ln -s /dev/null /etc/systemd/network/99-default.link”
and rebuild the initrd with “update-initramfs -u”.

The above is from a debian readme file.

You can keep the footer on the bottom of a CSS container like this example. The
Height statement in the the #topofpage ID (1280px) controls the whole page container.
The #pages statement is the lower page half below the horizontal navigation bar.
If you vary the page size with the #topofpage height the #pages and #footer sections
will keep the footer on the bottom.

#topofpage {
width:870px;max-width:100%;height:1280px;max-height:100%;margin-right:auto;margin-left:auto;margin-bottom:auto;border-bottom:1px solid black;box-shadow: 400px 0px 0px 0px rgb(100,125,100), -400px 0px 0px 0px rgb(100,125,100);border:1px solid black;

#pages {
font-family: “Helvetica”, “Arial”, sans-serif;
height:calc(100% – 340px);
# height:940px;
position:relative;
margin-bottom:0px;
margin-top: 0px;
margin-bottom: 0px;
border:none;
# border-radius: 20px;
font-size:13pt;
text-align:justify;
}
#footer {
clear;
height:40px;
font-size: 15px;
bottom:0;
font-family:”Times New Roman”;
text-align:center;
border:none;
# border-radius: 20px;
}

You can use SMS to remind yourself with a text message if you have access to one the cellphone
gateways for SMS and run your own mail server (you can use a client too but this example
is for a linux server).

Here are the major US SMS gateways. Most all the MNVO providers are listed on line too.

Sprint [insert 10-digit number]@messaging.sprintpcs.com
T-Mobile [insert 10-digit number]@tmomail.net
U.S. Cellular [insert 10-digit number]@email.uscc.net
Verizon [insert 10-digit number]@vtext.com

Just use the sendmail command and set up a crontab entry (Debian example):

30 22 * * * echo “take your meds” | /usr/sbin/sendmail 12345678910@cellgateway
will send you “take your meds” at 10:30pm every day.
* Works for android. Iphone’s work however text may not be formatted correctly.

Other reminders can be added.

I find this more useful than email or cell phone alarms.

You can easily add to a pdf file with pdftk (Debian apt install pdftk).

Simple syntax:

pdftk file1 file2 cat output file3.pdf

It does much more than that. Read the man pages for more info.