Linux

Need a small and smart utility to manage you ssh keys under linux ? got some scripts and cronjobs which requires an local ssh key ? have a look at keychain !

Install Software

depending on your OS …

macos$ brew install keychain
debian$ sudo apt-get install keychain
openbsd$ pkg_add keychain
freebsd$ pkg install keychain

edit startup Scripts

$HOME/.bashrc $HOME/.bash_profile /etc/profile $HOME/.profile

cat << 'EOF' >> $HOME/.bashrc
# Keychain Startup
eval `keychain --eval id_ed25519`
EOF

check service

$ keychain
$ ssh-add -L

add to .profile

cat << 'EOF' >> .profile

# Keychain Loaded ? Load and show Key ...
eval $(keychain --eval id_ed25519)
echo -e "loaded keys: `ssh-add -L |cut -c 1-12,77-`\n"
EOF

List Keys

keychain --list

List Finterprints (Public Key ?)

$ keychain --list-fp

Set Timeout

Timeout for SSH Agent

Clear History

have you ever checked in some binarys, confidential stuff or something else by mistake ? Git will keep all your history, that’s their design and purpose.

how ever, if you need to cleanup once, here is a short tutorial.

Kill Git Config

cd myrepo
cat .git/config -> note down the url
url=$(git config --get remote.origin.url)
rm -rf .git

Create New Repo

git init
git add .
git commit -m "Removed history, ..."

Push Remote

git remote add origin git@host/yourrepo  <- URL you noted down above
git remote add origin $url
git push -u --force origin master

All in One

_url=$(git remote -v |awk '/fetch/ { print $2 }')
rm -rf .git
git init
git add .
git commit -m "Removed history ..."
git remote add origin ${_url}
git push -u --force origin main
unset _url

and you’re done :)

Some Install Notes

https://checkmk.de/cms_install_packages_debian.html

download and scp check-mk-enterprise-1.6.0p15.demo_0.buster_amd64.deb -> enterprise microkernel, 2 x 10 Hosts download and scp check-mk-raw-1.6.0p15_0.buster_amd64.deb -> raw edition, nagios kernel

ssh root@localhost

apt-get install dpkg-sig libnet-snmp-perl snmp
wget https://checkmk.com/support/Check_MK-pubkey.gpg
gpg --import Check_MK-pubkey.gpg
dpkg-sig --verify /tmp/check-mk-enterprise-1.6.0p15.demo_0.buster_amd64.deb
apt-get install gdebi-core
gdebi /tmp/check-mk-raw-1.6.0p15_0.buster_amd64.deb
omd version

omd create mysite
omd config

oder

omd restore /tmp/mysite.tar.gz

Install v2.0 and migrate existing Config

https://checkmk.de/cms_install_packages_debian.html

download file: check-mk-raw-2.0.0p5_0.buster_amd64.deb

scp check-mk-raw-2.0.0p5_0.buster_amd64.deb host227:/tmp/

Prepare New Host

apt install -y dpkg-sig libnet-snmp-perl snmp

wget https://checkmk.com/support/Check_MK-pubkey.gpg
gpg --import Check_MK-pubkey.gpg
dpkg-sig --verify /tmp/check-mk-raw-2.0.0p5_0.buster_amd64.deb

apt-get install gdebi-core
gdebi /tmp/check-mk-raw-2.0.0p5_0.buster_amd64.deb

omd version

Backup old Server

Backup and copy to new Server

wanna switch a local folder to a remote git repo ?

https://docs.github.com/en/github/using-git/adding-a-remote

GitoLite

create git repo with gitolite (myproject)

add Folder

cd myproject

git init
git remote add origin git@your-git-server:myproject

check Status

git remote -v
git status

add all existing Files, commit and push to remote

git add .
git commit -m "initial commit"
git push --set-upstream origin master

sha256: ba5ff311face100add7e9b21efbbb86af94545d3aec2cf8d920ea55ba5353464

debian on apu

boot

menu -> tab

-> debian-installer/i386/linux vga=788 initrd=debian-installer/i386/initrd.gz — console=ttyS0,115200

enter

space

:)

english

country switzerland

nic0

hostname apu005

domain planet

mirror ch -> ftp.ch.debian.org

root password

Partitioning: entire Disk & LVM

Separate /home /var /tmp

survey no

soft: standard system utilities & ssh server

grub yes

braucht ca. 30min !

automated

https://www.debian.org/releases/stable/amd64/apbs02.en.html https://www.debian.org/releases/buster/example-preseed.txt

Packages

apt-get -y install net-tools git htop

Reboot

geht 40 Sekunden

sha256: de990ff6c33196dbecc6d133f0fc29686ded54fa7357d30e7dc36a59f0368eb0

Troubleshooting Crontab Problems

Dump the Environment

add this line to root’s crontab

* * * * * env > /root/cronenv

Load the Environment

env - $(cat /root/cronenv) /bin/sh

Run your script

./script_with_env_problems.sh

and check it’s output …

sha256: de1667fb4003135420244f48280d72e03d7559b675ab6b4a9c020b0725866525

How to Kickstart a Ubuntu Installation …

edit dhcpd.conf

host ubuntu {
  hardware ethernet 4E:E5:80:xx:xx:xx;
  fixed-address x.x.x.x;
  filename "ubuntu/pxelinux.0";
  next-server x.x.x.200;
}

restart dhcpd

prepare env on tftp server (x.x.x.200)

mkdir -p /tftpboot/ubuntu/
cd /tftpboot/ubuntu/
ftp http://archive.ubuntu.com/ubuntu/dists/bionic-updates/main/installer-amd64/current/images/netboot/netboot.tar.gz
tar xfz netboot.tar.gz

kickstart cfg

put the following file in a webroot available from the client machine

cat <<'EOF' > /var/www/htdocs/ks.cfg
#Generated by Kickstart Configurator
#platform=AMD64 or Intel EM64T

#System language
lang en_US
#Language modules to install
langsupport en_US
#System keyboard
keyboard ch
#System mouse
mouse
#System timezone
timezone Europe/Zurich
#Root password (here 123456)
rootpw --iscrypted $1$r6te7M.4$C55eKRGO2xdodwc3tBe48/
#Initial user
user --disabled
#Reboot after installation
reboot
#Use text mode install
text
#Install OS instead of upgrade
install
#Use Web installation
url --url http://mirror.init7.net/ubuntu/
#System bootloader configuration
bootloader --location=mbr
#Clear the Master Boot Record
zerombr yes
#Partition clearing information
clearpart --all --initlabel
#Disk partitioning information
part swap --size 1024
part /boot --fstype ext4 --size 512
part / --fstype ext4 --size 1 --grow
#System authorization infomation
auth  --useshadow  --enablemd5
#Network information
network --bootproto=dhcp --device=eth0
#Firewall configuration
firewall --disabled
#Do not configure the X Window System
skipx
EOF

start and install client

• pxe boot client
• on the install screen, press tab and add ‘ks=http://x.x.x.x/ks.cfg’
• Enter and wait until done

sha256: c58f8a064ddcae5b682a1699da8d10b3abb12ce131826e2a6098ed9b930f4e10

How to configure a Vlan on Linux Mint ?

Wiki

Install vlan

sudo apt-get install vlan

Configuration

root@mint:~# sudo modprobe 8021q

root@mint:~# ifconfig
ens19: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.10.18.83  netmask 255.255.255.0  broadcast 10.10.18.255
        inet6 2001:db8:1:2:9506:5fcd:1c61:1279  prefixlen 64  scopeid 0x0<global>
        inet6 2001:db8:1:2:a9:c50b:1348:1ec6  prefixlen 64  scopeid 0x0<global>
        inet6 2001:db8:1:2:e064:b0ec:a08f:7fd8  prefixlen 64  scopeid 0x0<global>
        inet6 2001:db8:1:2:a015:7ec:eef0:1a75  prefixlen 64  scopeid 0x0<global>
        inet6 2001:db8:1:2:a028:b890:ffe8:5231  prefixlen 64  scopeid 0x0<global>
        inet6 2001:db8:1:2:c80:addb:1273:95d5  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::9cc2:b22d:cc15:2946  prefixlen 64  scopeid 0x20<link>
        ether 4e:e5:10:00:06:83  txqueuelen 1000  (Ethernet)
        RX packets 181  bytes 58337 (58.3 KB)
        RX errors 0  dropped 7  overruns 0  frame 0
        TX packets 271  bytes 48413 (48.4 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 138  bytes 13723 (13.7 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 138  bytes 13723 (13.7 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

root@mint:~# vconfig add ens19 158
Added VLAN with VID == 158 to IF -:ens18:-
root@mint:~#

root@mint:~# ip addr add 100.60.100.83/24 dev ens19.158
root@mint:~#

root@mint:~# ip link set up ens19.158
root@mint:~#

Make Permanent

sudo su -c 'echo "8021q" >> /etc/modules'

/etc/network/interfaces
auto ens19.158
iface ens19.158 inet static
    address 100.60.100.83
    netmask 255.255.255.0
    vlan-raw-device ens19.158
    up route add -net 10.0.0.0 netmask 255.0.0.0 gw 100.60.100.1

sha256: e69d61613b45307405014943049154d70c8cf140d2a3bcf5bbf7679fbefa798f

doas, an alternative to sudo

Everybody knows sudo … right ? but the openbsd guys hacked a small and secure replacement called doas …

simple, secure and clever

here a good and quick tutorial

An introduction on Vultr, the Source Code on Github and the Man Page

Installation OpenBSD

On OpenBSD, it’s already in the Base System and no need to install anything.

Installation Linux

On Linux, for Example, you have to add the Package

How to Install LibreNMS on Debian

https://docs.librenms.org/Installation/Installation-Ubuntu-1804-Apache/

Packages

apt-get install acl apache2 borgbackup curl fping hping3 htop ipcalc jq lftp lynx mlocate mtr nmap pwgen rsync sipcalc tmate tree tshark unzip vim vnstat wget zip curl apache2 composer fping git graphviz imagemagick python-memcache python-mysqldb rrdtool snmp snmpd whois mariadb-client mariadb-server mtr-tiny nmap libapache2-mod-php7.3

apt-get install php7.3-cli php7.3-curl php7.3-gd php7.3-json php7.3-mbstring php7.3-mysql php7.3-snmp php7.3-xml php7.3-zip

add User

useradd librenms -d /opt/librenms -M -r
usermod -a -G librenms www-data

get Git

cd /opt
git clone https://github.com/librenms/librenms.git

set Permission

chown -R librenms:librenms /opt/librenms
chmod 770 /opt/librenms
setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/

add Dependencis

su - librenms
./scripts/composer_wrapper.php install --no-dev
exit

Configure MySQL

systemctl restart mysql
mysql -uroot -p

CREATE DATABASE librenms CHARACTER SET utf8 COLLATE utf8_unicode_ci;
CREATE USER 'librenms'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost';
FLUSH PRIVILEGES;
exit

MySQL Conf

vi /etc/mysql/mariadb.conf.d/50-server.cnf

Within the [mysqld] section please add:
innodb_file_per_table=1
lower_case_table_names=0

systemctl restart mysql

PHP Ini

vi /etc/php/7.3/apache2/php.ini
[Date]
date.timezone = Europe/Zurich

vi /etc/php/7.3/cli/php.ini
[Date]
date.timezone = Europe/Zurich

Update Apache

a2enmod php7.3
a2dismod mpm_event
a2enmod mpm_prefork

Configure Apache

cat << EOF > /etc/apache2/sites-available/librenms.conf
<VirtualHost *:80>
  DocumentRoot /opt/librenms/html/
  ServerName  host211.planet

  AllowEncodedSlashes NoDecode
  <Directory "/opt/librenms/html/">
    Require all granted
    AllowOverride All
    Options FollowSymLinks MultiViews
  </Directory>
</VirtualHost>
EOF

Enable Site librenms.conf

a2ensite librenms.conf
a2enmod rewrite
systemctl restart apache2

SNMP

cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf
vi /etc/snmp/snmpd.conf

curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
chmod +x /usr/bin/distro
systemctl restart snmpd

Crontab

cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms

Logrotate

cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms

Configure Web

http://host211.planet/install.php

Fix Permission

chown librenms:librenms /opt/librenms/config.php

sha256: 9f39db52f8279c0fbb2f3072bc1da003c2334bb210d5aef9a3878e7ff55fbd13