Linux Setup: Difference between revisions

From bibbleWiki
Jump to navigation Jump to search
← Older editNewer edit →
VisualWikitext
Line 146: Line 146:
Install kernel 5.2.x</br>
Install kernel 5.2.x</br>


== Cerificates ==
==Cerificates==
 
===Initial===
<syntaxhighlight lang="bash">
  apt-get install software-properties-common python-software-properties
  apt-get install software-properties-common python-software-properties
  add-apt-repository ppa:certbot/certbot
  add-apt-repository ppa:certbot/certbot
Line 153: Line 154:
  apt-get install python-certbot-apache  
  apt-get install python-certbot-apache  


  certbot -n  --agree-tos --standalone certonly -d imap.bibble.co.nz
  certbot -n  --agree-tos --standalone certonly -d <site1.domain.com>
  certbot -n  --agree-tos --standalone certonly -d www.bibble.co.nz
  certbot -n  --agree-tos --standalone certonly -d <site2.domain.com>
</syntaxhighlight>
===Renew===
<syntaxhighlight lang="bash">
certbot -n  --agree-tos --standalone certonly -d <site1.domain.com>
systemctl restart dovecot
systemctl restart apache2
</syntaxhighlight>


==Building r8168==
==Building r8168==

Revision as of 23:04, 6 September 2020

Set up Apache HSTS

In Apache 2 000-default.conf 

<VirtualHost *:80> 
ServerName example.com 
Redirect permanent / https://example.com/
</VirtualHost>

In Apache 2 default-ssl.conf 

Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"

On time setups on 19.04 upwards

To add scaling

gsettings set org.gnome.mutter experimental-features "['x11-randr-fractional-scaling']"

Auto hide taskbar

Go to settings->dock->auto-hide the dock

Hide top bar

sudo apt install gnome-shell-extension-autohidetopbar
  • log out
  • log in
  • run gnome-tweak
  • extension->Hide to bar

On time setups on 20.04 upwards

Mediwiki

  • Create database
CREATE DATABASE my_wiki
CREATE USER 'newuser'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON * . * TO 'newuser'@'localhost';
  • Restore database
mysql -u root -p XXXX < db_backup_XXXX_23_10_2019_04_21_44
  • Copy Wiki files
cp <backup>/mediawiki /var/lib/mediawiki

Postfix

  • Create database
CREATE DATABASE mail
CREATE USER 'newuser'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'newuser'@'localhost';
mysql -u root -p XXXX < db_backup_my_XXXX_23_10_2019_04_21_44
  • Setup mail user and directory
cd /var
ln -s /mnt/<RAID ARRAY>/vmail .

groupadd -g 5000 vmail
useradd -m -d /var/vmail -s /bin/false -u 5000 -g vmail vmail
  • Setup SSL
systemctl stop apache2
apt-get install python3-certbot-apache

certbot -n  --agree-tos --standalone certonly -d www.bibble.co.nz
certbot -n  --agree-tos --standalone certonly -d mail.bibble.co.nz
certbot -n  --agree-tos --standalone certonly -d imap.bibble.co.nz
  • Install postfix
apt-get install postfix
apt-get install postfix-mysql 
apt-get install postfix-policyd-spf-python
apt-get install postgrey 
apt-get install sasl2-bin libsasl2.2 libsasl2-modules
  • Install opendkim
apt-get install opendkim

cp -r /tmp/fred/Backup20200606/etc/opendkim /etc

Change /etc/opendkim.conf
Socket    local:/var/spool/postfix/opendkim/opendkim.sock

Change /etc/default/opendkim
Socket    local:/var/spool/postfix/opendkim/opendkim.sock

Change /etc/postfix/main.cf
smtpd_milters = local:opendkim/opendkim.sock
  • Install spamassasin
apt-get install spamassassin

Dovecot

apt install dovecot-imapd dovecot-pop3d
apt install dovecot-sieve dovecot-solr dovecot-antispam
apt-get install dovecot-mysql
apt-get install dovecot-lmtpd

Setting netplan to render through network manager

network:
    version: 2
    renderer: NetworkManager
    ethernets:
        enp4s0:
            addresses: [10.1.1.70/24]
            gateway4: 10.1.1.99
            nameservers:
                    search: [bibble.local] 
                    addresses: [10.10.1.2]
            dhcp4: yes

Setting up repo for current packages on ubuntu

Get list of package installd 

$ apt list --installed > install.list

Then translate it into apt understandable format: 

$ sed -r  's/ \[.*?\]//g' install.list | sed -r 's/(^.*?)\/.*?[ ](.*?)[ ](.*?)$/\1:\3=\2/g' > install.list.to.dl

Then download the current packages versions: 

$ xargs apt download < install.list.to.dl

You would need to create a Packages.gz file in order to add this folder as a source for apt. E.g. 

$ cd ~/deb_server/debs/
$ dpkg-scanpackages -m . /dev/null | gzip -9c >  Packages.gz

EDIT: path for dpkg-scanpackages must be relative, otherwise this will break the download process later (-m allows you to have multiple versions, if you want the most recent version, remove the -m) Now you have to bring up a file server for example apache2 and configure it to index files. 

/etc/apache2/sites-enabled/000-debserver.conf

Containing: 

DocumentRoot /var/www
  <Directory /var/www/>
    Options +Indexes +FollowSymLinks
    Require all granted
  </Directory>

And finally you need to symlink the deb folder to /var/www. (Or configure the server to the current deb download location) e.g. 

$ ln -s ~/deb_server/debs/ /var/www/repo

The last bit is to add the server machine as the only source for apt updates on each target machine. 

$ deb [trusted=yes] http://deb_server_ip/repo /

If you want to update the packages, you need to re-run apt download of the list, but without the version. 

$ sed -r  's/ \[.*?\]//g' install.list | sed -r 's/(^.*?)\/.*?[ ](.*?)[ ](.*?)$/\1:\3/g' > install.list.for.update
$ apt update && xargs apt download < install.list.for.update

Setting up Iot Edge on 19.04

Not yet released so here is how to do it

Install docker

wget https://packages.microsoft.com/ubuntu/18.04/multiarch/prod/pool/main/i/iotedge/iotedge_1.0.8-2_amd64.deb
wget https://packages.microsoft.com/ubuntu/18.04/multiarch/prod/pool/main/libi/libiothsm-std/libiothsm-std_1.0.8-1_amd64.deb
wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl1.0/libssl1.0.0_1.0.2n-1ubuntu5.3_amd64.deb

Fixing ubuntu 19.04 mouse

Install kernel 5.2.x

Cerificates

Initial

 apt-get install software-properties-common python-software-properties
 add-apt-repository ppa:certbot/certbot
 apt-get update
 apt-get install python-certbot-apache 

 certbot -n  --agree-tos --standalone certonly -d <site1.domain.com>
 certbot -n  --agree-tos --standalone certonly -d <site2.domain.com>

Renew

certbot -n  --agree-tos --standalone certonly -d <site1.domain.com>
systemctl restart dovecot
systemctl restart apache2

Building r8168

This is not necessary as you can use the command 

apt-get install r8168-dkms

Updating DNS

This script runs in crontab once every 15 minutes 

#!/bin/bash
lynx -source -auth=user_xxx:pass_xxxx 'http://dynamic.zoneedit.com/auth/dynamic.html?host=bibble.co.nz'
lynx -source -auth=user_xxx:pass_xxxx 'http://dynamic.zoneedit.com/auth/dynamic.html?host=denise.bibble.co.nz'
lynx -source -auth=user_xxx:pass_xxxx 'http://dynamic.zoneedit.com/auth/dynamic.html?host=www.bibble.co.nz' 
lynx -source -auth=user_xxx:pass_xxxx 'http://dynamic.zoneedit.com/auth/dynamic.html?host=sync.bibble.co.nz'

Backup MySQL

I use the following script to back up the databases 

#!/bin/sh

myBackupFolder="/home/iwiseman/backups"
myBackupLogFileName="$myBackupFolder/"backup_log_"$(date +'%Y_%m')".txt

DoBackup()
{
        myDatabaseName=$1

        myCurrentDateTime="$(date +'%d_%m_%Y_%H_%M_%S')"
        myBackupFileName="db_backup_${myDatabaseName}_${myCurrentDateTime}".gz
        myFullyQualifieldBackupFileName="$myBackupFolder/$myBackupFileName"

        echo "mysqldump of $myDatabaseName started at $(date +'%d-%m-%Y %H:%M:%S')" >> "$myBackupLogFileName"
        mysqldump --user=root --password=xxxx --default-character-set=utf8 --single-transaction $myDatabaseName  | gzip > "$myFullyQualifieldBackupFileName"
        echo "mysqldump of $myDatabaseName finished at $(date +'%d-%m-%Y %H:%M:%S')" >> "$myBackupLogFileName"
 
        chown iwiseman "$myFullyQualifieldBackupFileName"
        chown iwiseman "$myBackupLogFileName"
        echo "file permission changed" >> "$myBackupLogFileName"
 
        find "$myBackupFolder" -name db_backup_* -mtime +8 -exec rm {} \;
        echo "old files deleted" >> "$myBackupLogFileName"
 
        echo "operation finished at $(date +'%d-%m-%Y %H:%M:%S')" >> "$myBackupLogFileName"
        echo "*****************" >> "$myBackupLogFileName"
}


DoBackup mail
DoBackup wordpress424

exit 0

Fix Playstation

The works when enp1s0 is the interface of the second NIC and enp2s0 is the main NIC.

To fix the playstation create the following script 

#!/bin/bash
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i enp1s0 -o enp2s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i enp2s0 -o enp1s0 -j ACCEPT

Put this into /etc/rc.local e.g 

#!/bin/bash
/usr/local/bin/fix_playstation.sh

Setting up L2TP VPN

You will need the following 

Connection Name: xxxxxx
Username: xxxxxxx
Password: xxxxxxx
ServerAddress: xxxxxxx
VPN Type: L2TP/IPsec with pre-shared key
Pre-shared key: xxxxxx
Under IPSec Settings (Linux)
3des-sha1-modp1024 for phase 1 (Linux)
3des-sha1 for phase 2 (Linux)
Authentication Methods: Pap, MSChapV2, Chap (Windows only)
EncryptionLevel: Optional (Windows only)

sudo apt-get install network-manager-l2tp
sudo apt-get install network-manager-l2tp-gnome
sudo service xl2tpd stop
sudo update-rc.d xl2tpd disable
Retrieved from "https://www.bibble.co.nz/mediawiki/index.php?title=Linux_Setup&oldid=2037"