Archive

Archive for the ‘sysadmin’ Category

Upgrading to Debian Buster

July 10, 2019 Comments off

Upgrading my cloud server (Linode) to Debian Buster was not too difficult. There were a few problems. Having a backup image and the ability to take a snapshot of your present system is essential if you are using your server for essential services.

Here is my experience.

First login and edit /etc/apt/sources.list and change all occurrences of stretch to buster. I use vi so just use this command %s/stretch/buster/g and save your work.

Next step user apt update and apt upgrade to install “buster”. It goes pretty quickly. After in installation is complete reboot the system. Run apt full-upgrade. You may see addition packages, then run apt autoremove to remove any old packages.

I ran into three issues. These included problems with dovecot, nsd, and nginx as I use my server for mail, nameservice and a web server.

First nsd nameserver. If you already have it configured under stretch. Simply remove the *.pem and *.key files and rerun nsd-control-setup. Then restart nsd and it should start as it should. The only problem I have found is logging. I had created /var/log/nsd.log and that seems to fail now. You can simply continue to use nsd with syslog as your logging method and that works fine.

On one upgrade I did have to reinstall nginx. However on several other upgrades, there was no problem. Just make a backup of sites-available for both apache2 and nginx, just in case.

As for Dovecot. I use dovecot ssl. It seems you need to regenerate dh.pem the dovecot ssl wiki as follows:

ssl_dh = </etc/dovecot/dh.pem (this will take a while)

Add the following to /etc/dovecot/conf.d/10-ssl.conf

ssl_dh = </etc/dovecot/dh.pem

ssl_min_protocol = TLSv1.2

ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:

!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH

ssl_prefer_server_ciphers = yes

ssl_min_protocol = TLSv1.2

Restart dovecot and it should function properly.

Categories: sysadmin

Cloning a linux drive

January 18, 2019 Comments off

It’s easy to clone a linux drive to a new hd or ssd. One of the fastest ways is to create a clonezilla flash drive (see clonezilla.org), add your new drive to the system either via a usb sata adapter or plug the drive in your system, and then create and boot your clonezilla usb stick.

Use the default options on clonezilla and copy your source drive to the new drive. If the new drive is a larger drive you will have to resize it either with clonezilla or manually. The clonezilla method it kind of tricky but works fine. I am going to give you an alternative.

Once you boot the new larger drive the partition will be identical to the old drive (in my case I was updating from a 100G drive to a 500G drive).

Here are the steps:

Run fdisk /dev/sda and delete all the existing partitions (on your live system). Add a new primary partition leaving enough room for the extended partition and swap partition. Then add the extended partition using the rest of the unused space and finally add the last partition. Toggle the last partition (probably sda5) to make it swap space. Then save your changes in fdisk with the “w” command. Your drive should look like this:

/dev/sda1            2048  964691967 964689920  460G 83 Linux

/dev/sda2       964691968 1000215215  35523248   17G  5 Extended

/dev/sda5       964694016 1000215215  35521200   17G 82 Linux swap / Solaris

Reboot the system. It may take a little longer than usual. Log on. You will have to run mkswap to format your swap space ie mkswap /dev/sda5. Copy the UUID after you finish and edit /etc/fstab to show the new swap UUID.

The to utilize the new disk size you need to run resize2fs /dev/sda. This will expand your first partition to it’s full capacity. Reboot again and everything should look normal. Use the “free” and “df” commands to confirm.

Categories: sysadmin

OSX Mojave. Brew install wget

January 9, 2019 Comments off

There are some issues when using brew to install wget with OSX Mojave.
I found installing pcre (brew install pcre) fixed my issues.

Categories: sysadmin, Uncategorized

Null route ssh attacks on your debian server

October 29, 2018 Comments off

I Use these scripts to catch and null route failed ssh attempts.
I have my data stored in /root/firewall. You may need to direct the script at mail.log depending on your Postfix mail filtering options. If so just change the target.

The first script “NULLAUTH” retrieves the IP address of failed ssh attempts.
The second script “RMNULL” erases previously stored null routes.
I recommend creating a crontab entry for NULLAUTH and running it periodically.

##NULLAUTH
cd /root/firewall
BLACKLIST=’cat BLACKLIST’
RMNULL
egrep “authentication failure” /var/log/auth.log | grep -Eo “([0-9]{1,3}\.){3}[0-9]{1,3}” > authfailure
sort -u authfailure | uniq -u > BLACKLIST
## Null route BLACKLIST
for x in `$BLACKLIST`; do
echo “Null routing $x…”
ip route add blackhole $x
done

##RMNULL
#!/bin/bash
cd /root/firewall
BLACKLIST=’cat BLACKLIST’
for x in `$BLACKLIST`; do
echo “unblocking $x…”
ip route delete $x
done

Categories: sysadmin

Fix eth0 on fresh install of Debian 9

April 24, 2018 Comments off

You can disable these stable names and go back to the kernel-provided ones
(which don’t have a stable order) in one of two ways:

– Put “net.ifnames=0″ into the kernel command line (e. g. in
and add
GRUB_CMDLINE_LINUX=”net.ifnames=0”
the run “update-grub”

– Disable the default *.link rules with
“ln -s /dev/null /etc/systemd/network/99-default.link”
and rebuild the initrd with “update-initramfs -u”.

The above is from a debian readme file.

Categories: sysadmin

Use CSS to keep footer on the bottom of a container when you vary the size

April 2, 2018 Comments off

You can keep the footer on the bottom of a CSS container like this example. The
Height statement in the the #topofpage ID (1280px) controls the whole page container.
The #pages statement is the lower page half below the horizontal navigation bar.
If you vary the page size with the #topofpage height the #pages and #footer sections
will keep the footer on the bottom.

#topofpage {
width:870px;max-width:100%;height:1280px;max-height:100%;margin-right:auto;margin-left:auto;margin-bottom:auto;border-bottom:1px solid black;box-shadow: 400px 0px 0px 0px rgb(100,125,100), -400px 0px 0px 0px rgb(100,125,100);border:1px solid black;

#pages {
font-family: “Helvetica”, “Arial”, sans-serif;
height:calc(100% – 340px);
# height:940px;
position:relative;
margin-bottom:0px;
margin-top: 0px;
margin-bottom: 0px;
border:none;
# border-radius: 20px;
font-size:13pt;
text-align:justify;
}
#footer {
clear;
height:40px;
font-size: 15px;
bottom:0;
font-family:”Times New Roman”;
text-align:center;
border:none;
# border-radius: 20px;
}

Categories: sysadmin

Use SMS for a reminder for meds, birthdays, etc. *

March 17, 2018 Comments off

You can use SMS to remind yourself with a text message if you have access to one the cellphone
gateways for SMS and run your own mail server (you can use a client too but this example
is for a linux server).

Here are the major US SMS gateways. Most all the MNVO providers are listed on line too.

Sprint [insert 10-digit number]@messaging.sprintpcs.com
T-Mobile [insert 10-digit number]@tmomail.net
U.S. Cellular [insert 10-digit number]@email.uscc.net
Verizon [insert 10-digit number]@vtext.com

Just use the sendmail command and set up a crontab entry (Debian example):

30 22 * * * echo “take your meds” | /usr/sbin/sendmail 12345678910@cellgateway
will send you “take your meds” at 10:30pm every day.
* Works for android. Iphone’s work however text may not be formatted correctly.

Other reminders can be added.

I find this more useful than email or cell phone alarms.

Categories: sysadmin