IT.TheLibrarie.Com Ramblings Of An IT Person

March 2, 2020

List Ubuntu Version

Filed under: Linux — bsdman @ 10:24 am

When logging into a system it generally would show you the current version in a MOTD style window. This server had the MOTD changed so I needed to grab the pertinent information.

lsb_release -d
cat /etc/issue

Or on newer systems (16.04 or later)

cat /etc/os-release
hostnamectl

June 7, 2019

Joan Room Booking

Filed under: Linux — bsdman @ 11:52 am

I wanted to add some room booking assistants to our conference rooms. My last place used evoko units – which worked quite well – but they required 1) PoE ethernet drops and 2) $1100 each.

So after reading about Joan I decided to get one to try out. They offer both SaaS and on-prem hosting options; I opted for the on-prem because it is free and I haven’t setup a linux server in a while.

They don’t have installation steps for the software running on the host, but they do offer an OVF just for our needs (currently running VMWare 6.7 with VCenter). Great!

Followed along with (https://support.getjoan.com/hc/en-us/articles/115003534485-On-premises-hosting) the getjoan install site. Downloaded the OVF tgz file.
Already I was a bit upset – why is this compressed with tgz? I should note there is no space savings realized by performing these actions; we’re still at just over 2GB for the entire file, but now I have 3 copies of it..
Uncompressed it and now it’s a .tar file. Inside the .tar is the OVF and VMDK files I need, so I simply renamed this .tar to .ova and went about importing into VMWare.

Selected my files for import and during validation it FAILED!
Issues detected with selected template. Details: – 60:7:VALUE_ILLEGAL: Value ”lsilogic” of ResourceSubType element not found in []. – 69:7:VALUE_ILLEGAL: Value ”lsilogic” of ResourceSubType element not found in []. – 78:7:VALUE_ILLEGAL: Value ”3” of Parent element does not refer to a ref of type DiskControllerReference.

Super helpful. So I untar’d the file to be able to edit the .ovf manifest in my favorite text editor. I changed it from lsilogic to lsilogicsas and re-ran. Received a different error, but still no dice. Some google searches later led me to attempt to bypass vsphere completely and import directly onto one of my hosts.

http://host/ui and a login later, I had the OVA imported successfully! Yay!

Booted it up and it has the virtualbox tools already installed. This delays the startup of the machine while it waits:
“A start job is running for the raise network”
Five. Minutes. Later.

I’m on VMware, so this virtualbox bridged network won’t ever work!

Well, let’s install vmtools so that I can at least stop using the console and SSH in like a normal person: Failed!

Need to add the cdrom drive to the machine, but I can’t do that while it’s running. Stop the machine, add the CDROM drive, and start it back up.

Another. Five. Minutes. FML!

Fix the waiting game for Networking:
sudo mkdir -p /etc/systemd/system/networking.service.d/
sudo bash -c 'echo -e "[Service]\nTimeoutStartSec=20sec" > /etc/systemd/system/networking.service.d/timeout.conf'
sudo systemctl daemon-reload

Stop virtualbox from starting up and failing:
sudo systemctl disable vboxadd.service

Now to install vmware’s tools:
Using vcenter, select to install vmware tools on the running vm
Then, using command line:
sudo mkdir /mnt/cdrom
sudo mount /dev/cdrom /mnt/cdrom
tar xzvf /mnt/cdrom/VMWareTools-* -C /tmp
cd /tmp/vmware-tools-distrib/
sudo ./vmware-install.pl
Follow along with the wizard to install
Reboot

I’ll potentially update this when/if I actually get into the configuration of Joan.

January 29, 2018

Reset WordPress Password

Filed under: Linux,Miscellaneous — bsdman @ 1:55 pm

Taking over the IT department when the previous IT regime had zero plans on how to integrate the series of businesses they had taken over in the past several years makes for some fun times. I have 4 different godaddy accounts, a couple DH accounts, and even one from a German company I had never heard of. And I had to fight, beg, talk, email, reverse engineer, and guess on several logins. Something something “no documentation”.

That being said, I’ve also had the responsibility of migrating and managing some of our wordpress sites and was SOL when it came to logins. Luckily GD, DH, and even the German cpanel host company all allowed for some sort of mysql access – whether that was shell access or phpmyadmin – so I could “easily” reset the credentials.

On Dreamhost using SSH:
mysql -h MYSQL.DOMAINNAME.TLD -u MYDBUSERPASSWORDFROMTHEPANEL -p
Enter your DB User password
show databases;
use DATABASENAMEHERE;
show tables;
Look for one with “users” at the end (eg wp_users)
List the Users Table along with the ID you’ll need later (First Column)
select id, user_login, user_pass from NAMEOFUSERTABLE;
update NAMEOFUSERTABLE set user_pass = MD5('YOURNEWPASSWORDHERE') where ID = NUMBERFOUNDABOVE

Through PHPMYADMIN
Open PHPMyAdmin and click on the WP database
Find the “Users” table (eg wp_users)
Click on Browse
Click on edit by the user for which you desire to change the password
Where it says “user_pass” change the function drop down to MD5 and then type in a plain text password.
Hit save/submit

Unifi Linux and Windows Certificates

Filed under: Linux,Miscellaneous,Networking — bsdman @ 9:49 am

I thought I knew it all about certificates, but then I was humbled once again.

I needed to “secure” an internal linux webserver using our Windows 2016 CA as to remove the “this is an unverified site” messages that liked to pop up when browsing the various sites.

The process I had done in the past was to create the CSR using openssl, then copy the encryption data, open up my trusty http://certserverhere/certsrv/ site and go through the process of making a webserver certificate. Then, when finished, just download the certificate and the CA + chain, import on linux, and profit.

Well, the new versions of the templates (V3 and V4 specifically) no longer allowed the web enrollment using my trusty http://certserverhere/certsrv site. Booo.

I could probably get it to work by just requesting my own certificates using the MMC, but I’m still leaning towards the whole CLI phase of life. I should also note that I find the performance and management of Unifi on Linux to be significantly better and easier than that on Windows. YMMV.

By the way, this is technically how I published a certificate on our Unifi wireless controller. The CA Certificate Authority is a 2016 Windows Server that’s been published in AD. The unifi machine is running Ubuntu 17.10 and unifi version 5.6.29. I also used WinSCP, Putty, and my base machine is Win10 (not super applicable).

SSH to the Unifi Machine
(I did this as root, so add “sudo” before commands if you’re not the root god)
cd /usr/lib/unifi
java -jar lib/ace.jar new_cert unifi.domain.tld CompanyName Town State Country
This creates unifi_certificate.csr.der and unifi_certificate.csr.pem – the DER is encrypted and the PEM is what we need.

Get the PEM over to your CA Server
I just used nano to view all the data and then copy pasted, but feel free to WinSCP it over as well
nano unifi_certificate.csr.pem
Copy this text, then on the CA create a new text file and paste the data there. Save.

Certreq
Open an administrative Command Prompt on your CA server
certreq -submit -attrib "SAN:dns=unifi.yourdomain.tld&dns=unifi" -attrib "CertificateTemplate:WebServer2018" unifi_certificate.csr.pem
By default your Certificate Template will be “WebServer” instead of the one I listed above – I created my own template with the year it’s valid for the sake of record keeping.

Save the Certificate
Assuming the request went through, you’ll be able to name and save your signed certificate. In my case I named it unifi_withSAN.domain.tld.cer. I also navigated to the http://certserverhere/certsrv site and downloaded the CA certificate, Certificate chain, or CRL (I just downloaded the CA Certificate as it’s a single host with no subs).

Copy it back to Unifi
I used WinSCP to copy both the signed certificate as well as the CA Certificate I downloaded back to my /home directory on the Unifi server.

Final Touches
Back on your Unifi SSH session (in the /usr/lib/unifi directory)
java -jar lib/ace.jar import_cert /home/unifi_withSAN.domain.local.cer /home/srv-cert01-ca.cer
Replace srv-cert01-ca with the name of your CA certificate.
If successful, restart the unifi services
service unifi restart

Close your browser and open back up to https://unifi:8443 and no more error!

September 13, 2017

Xibo Install Ubuntu 17.04

Filed under: Linux — bsdman @ 10:58 am

Technically this guide could be used for 16.04 and 16.10 (maybe even 17.10 when it arrives), but I tested on 17.04. I wanted to get Xibo installed to stop using a monthly subscription for terrible service, save some money, be the hero, and get a slightly larger bonus.

Install Ubuntu 17.04
LAMP
Mail
Standard
OpenSSH

Enable Root, SSHD Config (optional, may make your configuration less secure)
sudo passwd root
newpassword
sudo su -
nano /etc/ssh/sshd_config
PermitRootLogin yes
Ctrl x
y
service sshd restart

Update Your Server
apt-get update && apt-get dist-upgrade
y

Install PHP 5.6
I know, by default LAMP installs PHP 7 now. We need PHP 5.6+ but less than 7.
add-apt-repository ppa:ondrej/php
apt-get update
apt-get install php7.0 php5.6 php5.6-mysql php-gettext php5.6-mbstring php-mbstring php7.0-mbstring php-xdebug libapache2-mod-php5.6 libapache2-mod-php7.0

Install PHP 7 (NOTE: XIBO CURRENTLY DOES NOT SUPPORT PHP 7+, SO THESE NOTES ARE TO BE DISREGARDED)
apt-get install php-gd php-mcrypt php-soap php-dom php-curl php-zip

Switch From PHP7 to PHP5.6
a2dismod php7.0 ; sudo a2enmod php5.6 ; sudo service apache2 restart
update-alternatives --set php /usr/bin/php5.6

Switch From PHP5.6 to PHP7 (OPTIONAL)
a2dismod php5.6 ; sudo a2enmod php7.0 ; sudo service apache2 restart
update-alternatives --set php /usr/bin/php7.0

Download XIBO, Change Permissions on Apache (Currently version 1.8.2)
wget https://github.com/xibosignage/xibo-cms/releases/download/1.8.2/xibo-cms-1.8.2.tar.gz
tar xvzf xibo-cms-1.8.2.tar.gz
mv xibo-cms-1.8.2 /var/www/html/xibo-server
chown -R www-data:www-data /var/www/html/xibo-server
apache2ctl restart

Create XIBO Uploads Directory
mkdir /var/www/xibouploads
My Default www (documentroot) location is /var/www/html, so this created directory is outside of the www realm (good thing).
chown -R www-data:www-data /var/www/xibouploads

Configure XIBO Installation
Open a web browser to http://YOURSERVERIP/xibo-server/web/install/index.php
You may want to change your document root or apache virtual host at a later time because remembering http://YOURSERVERIP/xibo-server/web/index.php/login is a PITA.
Follow the white rabbit wizard to complete the setup.

Edit Apache and Redirect
I ended up creating a virtual host for my system and adding a redirect (there was a pesky “I want to load /login instead of index.php” issue).
nano /etc/apache2/sites-enabled/000-default.conf
At the bottom add:

<VirtualHost *:80>
ServerAdmin ITSUPPORT@yourcompany.tld
DocumentRoot /var/www/html/xibo-server/web
ServerName xibo
ServerAlias xibo.yourdomain.local
<Directory “/var/www/html/xibo-server/web”>
Options -Indexes +FollowSymLinks -MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>

Enable modrewrite in apache with a2enmod rewrite, or cp /etc/apache2/mods-available/rewrite.load /etc/apache2/mods-enabled/ | apache2ctl restart
sudo a2enmod rewrite

Add the /login redirect
nano /var/www/html/xibo-server/web/.htaccess
At the bottom add the following:

Redirect /login/ /index.php

September 1, 2017

Tweaking Ubuntu 16.04LTS

Filed under: Linux — bsdman @ 9:19 pm

Still on my Ubuntu kick even 8 months later. I figured it’s about time to redo the laptop so I should mark down my notes.

I ended up installing the Unity Tweak Tool to make many changes I felt would benefit myself (yeah I even installed the Windows10 Icons Theme…)
sudo apt-get install unity-tweak-tool

I also fixed the scrolling issues with firefox. On the 7370 with touchscreen, touching the screen on any webpage in FF I was only selecting text and images which made my life more interesting.

sudo nano /usr/share/applications/firefox.desktop
Search for Exec
Exec=env MOZ_USE_XINPUT2=1 firefox %u
Save and close

Someone also pointed out that single vs double fingers may make a difference. It didn’t for me, but I’ll still make a note of it.
about:config to set dom.w3c_touch_events.enabled=1 (default was 2)

I’ll eventually have to set this up as my primary workstation and get Office to function correctly under wine.

August 24, 2017

Install Cacti Ubuntu 17.04

Filed under: Linux — bsdman @ 9:03 am

Yeah I know, I’m usually not one to use a non-LTS ubuntu installation. But I needed to utilize some of the newest tech, so it happened to be on my test machine. And I needed Cacti and LDAP authentication.

Either way, do the usual updates first:
apt-get update && apt-get dist-upgrade

Install Cacti from the repo (good enough, although AZ would tell me not to)
apt-get install cacti-spine
There are some wizard questions it asks here, just fill them out.
apt-get install php-ldap

Configure Cacti
http://theserversIP/cacti
Login with your admin account – in my case I forgot I had set the password to my root one, so that’s what I used.

To reset the admin account password back to the default of ‘admin’:

mysql -u root -p cacti
update user_auth set password=md5('admin') where username='admin';
Profit

LDAP Settings:

I should note that these work on a Server 2012 R2 Std Active Directory domain with Cacti running version 0.8.8h PHP 7.0.22.
(Configuration > Settings > Authentication)
Select LDAP Authentication
I picked Guest user “guest” and User Template “admin” because I just wanted to get this to work for testing – just allowing all users admin access is NOT a good idea.

Server: FQDN or IP of a domain controller
Port Standard: 389
Port SSL (not used): 636
Protocol Version: Version 3
Encryption: None (plain text ftw)
Referrals: Disabled
Mode: Specific Searching
Distinguished Name (DN): blank
Require Group Membership: unchecked

Group Distinguished Name (DN): CN=Information Technology,OU=Groups,OU=LocalUsers,DC=DOMAINNAME,DC=LOCAL
Group Member Attribute: member
Group Member Type: Distinguished Name

Search Base: OU=LocalUsers,DC=DOMAINNAME,DC=LOCAL
Search Filter: (&(objectclass=user)(objectcategory=user)(userPrincipalName=*))
Search Distinguished Name (DN): svc.cactildap@domainname.local (this is your ldap service account)
Search Password: ******* (this is your ldap service account password)

I should note that the Search Filter could replace “userPrincipalName” with sAMAccountName, but this one worked for me. I should also note you should have a service account created for your LDAP lookups – I create a new svc account for each one (svc.cactildap@domain.tld) so if account lockouts happen etc, AND I have this logon to permissions set to just the domain controllers and my cacti box.

I then opened my browser to the http://theserversIP/cacti and used my login svc.cactildap with the password to test. I just used my bsdman account and it worked – no need to add the domain\user or user@domain.

Older Posts »

Powered by WordPress