My notes, things I have learned, and documentation I have created.

# fdisk /dev/sdb

# cryptsetup luksOpen /dev/sdb1 new_disk

# mkfs.ext4 /dev/mapper/new_disk
# mkdir /newdsk

Use the following to get the UUID for the partition/disk.
# blkid -s UUID -o value /dev/sdb1
# vi /etc/crypttab
…
new_disk UUID={result from blkid command above} none luks
…

# vi /etc/fstab
…
/dev/mapper/new_disk /newdsk ext4 defaults 0 2
…

# systemctl daemon-reload
# mount /newdsk

When you add a disk to a system that already has an encrypted disk, say the system disk, you will prompted twice for the passphrase. Once for each disk.

Upgrade Mint Linux from 19 to 20:

sudo apt update
sudo apt upgrade
sudo shutdown -r now
sudo apt install mintupgrade
sudo mintupgrade check
sudo mintupgrade upgrade
sudo reboot

Upgrade Debian from 10 (buster) to 11 (bullseye):

sudo apt update
sudo apt upgrade
sudo apt full-upgrade
sudo apt autoremove
sudo shutdown -r now
sudo cat /etc/os-release

Replace buster with bullseye and make a change to the security section.
Where the security section had “buster-updates”, it should be changed to “bullseye-security”.
Note: You may be using a different mirror.

sudo vi /etc/apt/sources.list
…
deb http://deb.debian.org/debian/ bullseye main
deb-src http://deb.debian.org/debian/ bullseye main
…
deb http://security.debian.org/debian-security bullseye-security main
deb-src http://security.debian.org/debian-security bullseye-security main
…
deb http://deb.debian.org/debian/ bullseye-updates main
deb-src http://deb.debian.org/debian/ bullseye-updates main
…

Remove any old versions of docker:

sudo apt-get remove docker docker-engine docker.io containerd runc

Install dependencies:

sudo apt-get install apt-transport-https ca-certificates curl gnupg lsb-release

Add the docker key:

curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg –dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

Add the docker repository to the apt configuration:

echo “deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable” | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

Update the repository list:

sudo apt-get update

Install docker:

sudo apt-get install docker-ce docker-ce-cli containerd.io

Test docker by installing and running the hello-world image from Docker Hub:

sudo docker run hello-world

Install docker-compose from https://github.com/docker/compose/releases/:

Download the docker-compose binary and sha256sum file:

cd /usr/local/src/
wget https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64
wget https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64.sha256

Verify the sha256sum for the binary:

sha256sum -c docker-compose-Linux-x86_64.sha256sum

Copy the binary to your path (/usr/local/bin) and set the execute permissions:

cp -p docker-compose-Linux-x86_64 /usr/local/bin/docker-compose
chmod 744 /usr/local/bin/docker-compose

This will address a few basic MSSQL configuration changes when running MSSQL on a linux platform.

The first one involves changing the default database and log locations:
To set the default directories:

sudo /opt/mssql/bin/mssql-conf set filelocation.defaultdatadir /{SOMENEWDATADIRECTORY}
sudo /opt/mssql/bin/mssql-conf set filelocation.defaultlogdir /{SOMENEWLOGDIRECTORY}
sudo /opt/mssql/bin/mssql-conf set filelocation.defaultbackupdir /{SOMENEWBACKUPDIRECTORY}
sudo systmectl restart mssql-server

For example:

sudo /opt/mssql/bin/mssql-conf set filelocation.defaultdatadir /Data
sudo /opt/mssql/bin/mssql-conf set filelocation.defaultlogdir /Logs
sudo /opt/mssql/bin/mssql-conf set filelocation.defaultbackupdir /Backup
sudo systmectl restart mssql-server

Next up is enabling the SQL Agent:
Enable the SQL Agent:

/opt/mssql/bin/mssql-conf set sqlagent.enabled true
sudo systemctl restart mssql-server

Lastly is moving the default databases to a new location. For instance to the default directories you configured above. This is a bit more involved, so you have to pay attention to the details. Unless otherwise specified these are run from the linux command line.

First, you need to ensure that the new directory locations are owned by mssql, and group access is allowed for mssql group as well.

sudo chown mssql.mssql /Data
sudo chown mssql.mssql /Logs
sudo chown mssql.mssql /Backup

Determine where the tempdb data and logs files are currently:
Access the SQL server and update the tempdb location:

sqlcmd -S localhost -U SA -P {PASSWORD}
> SELECT name, physical_name AS CurrentLocation FROM sys.master_files WHERE database_id = DB_ID(N’tempdb’);
> GO

> USE master;
> GO
> ALTER DATABASE tempdb
> MODIFY FILE (NAME = tempdev, FILENAME = ‘/Data/tempdb.mdf’);
> GO
> ALTER DATABASE tempdb
> MODIFY FILE (NAME = templog, FILENAME = ‘/Logs/templog.ldf’);
> GO

Restart the MSSQL server:

sudo systemctl restart mssql-server.service

You can make subdirectories for each database if you want as well. You just have to make certain that the ownership is correct.

sudo mkdir /Data/msdb
sudo mkdir /Logs/msdb
sudo chown -R mssql.mssql /Data/
sudo chown -R mssql.mssql /Logs/

Access the SQL server:

sqlcmd -S localhost -U SA -P {PASSWORD}

Determine where the msdb data and logs files are currently:

> SELECT name, physical_name AS CurrentLocation FROM sys.master_files WHERE database_id = DB_ID(N’msdb’);
> GO

Continuing from the SQL server:
Move msdb:

> USER master
> GO
> ALTER DATABASE msdb
> MODIFY FILE (NAME = MSDBData, FILENAME = ‘/Data/msdb/MSDBData.mdf’);
> GO
> ALTER DATABASE msdb
> MODIFY FILE (NAME = MSDBLog, FILENAME = ‘/Logs/msdb/MSDBLog.ldf’);
> GO

Move the existing database files to their new locations:

sudo sudo cd /var/opt/mssql/data/
sudo systemctl stop mssql-server.service
sudo mv msdbdata.mdf /Data/msdb/
sudo mv msdblog.ldf /Logs/msdb/
sudo systemctl restart mssql-server.service
sudo systemctl status mssql-server.service

Access the SQL server:

sqlcmd -S localhost -U SA -P {PASSWORD}

Determine where the model data and logs files are currently:

> SELECT name, physical_name AS CurrentLocation FROM sys.master_files where database_id = DB_ID(N’model’)
> GO

Continuing from the SQL server:
Move model:

> USE master
> ALTER DATABASE model
> MODIFY file (NAME = modeldev, FILENAME = ‘/Data/model/model.mdf’)
> GO
> ALTER DATABASE model
> MODIFY file (NAME = modellog, FILENAME = ‘/Logs/model/modellog.ldf’)
> GO

Move the existing database files to their new locations:

sudo sudo cd /var/opt/mssql/data/
sudo systemctl stop mssql-server.service
sudo mkdir /Data/model
sudo mkdir /Logs/model
sudo chown mssql.mssql /Data
sudo chown mssql.mssql /Logs
sudo mv msdbdata.mdf /Data/model/
sudo mv msdblog.ldf /Logs/model/
sudo systemctl restart mssql-server.service
sudo systemctl status mssql-server.service

Access the SQL server:

sqlcmd -S localhost -U SA -P {PASSWORD}

Determine where the master data and log files are currently:

> SELECT name, physical_name AS CurrentLocation FROM sys.master_files where database_id = DB_ID(N’master’)
> GO

The master database is a little different than the others. You set the configuration after stopping the mssql-server process and moving the files.

sudo cd /var/opt/mssql/data
sudo mkdir /Data/master
sudo mkdir /Logs/master
sudo chown -R mssql.mssql /Data
sudo chown -R mssql.mssql /Logs
sudo mv master.mdf /Data/master
sudo mv master.mdf /Logs/master
sudo /opt/mssql/bin/mssql-conf set filelocation.masterdatafile /Data/master/master.mdf
sudo /opt/mssql/bin/mssql-conf set filelocation.masterlogfile /Logs/master/mastlog.ldf
sudo systemctl stop mssql-server
sudo systemctl start mssql-server
sudo systemctl status mssql-server

The installation itself is not too bad. It is pretty straightforward.
This process worked well on Ubuntu 18.x installing Microsoft SQL 2017 and 2019. The details in this post are for the 2017 version. The only thing that is different is the repository configuration, and in particular what you download configure the repository to support installing 2019.

Download and add the Microsoft public repository GPG key:

wget -qO- https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add –

Add the Micorosft apt repository:

sudo add-apt-repository “$(wget -qO- https://packages.microsoft.com/config/ubuntu/18.04/mssql-server-2017.list)”

Update repository mirror list:

sudo apt-get update

Install MSSQL 2017:

sudo apt-get install -y mssql-server

Run the MSSQL setup:

sudo /opt/mssql/bin/mssql-conf setup

The setup will ask just a couple questions. One is which version you want to run. I installed the Developer version. The second this is to accept the license agreement.

Check MSSQL status to verify it is running:

systemctl status mssql-server

Add the MSSQL tools repository:

curl https://packages.microsoft.com/config/ubuntu/18.04/prod.list | tee /etc/apt/sources.list.d/msprod.list

Update repository mirror list:

sudo apt-get update

Install MSSQL 2017 tools:

sudo apt-get install mssql-tools unixodbc-dev

Add tools directory to account path:

echo ‘export PATH=”$PATH:/opt/mssql-tools/bin”‘ >> ~/.bash_profile

Add tools directory to account path for non-interactive execution:

echo ‘export PATH=”$PATH:/opt/mssql-tools/bin”‘ >> ~/.bashrc
source ~/.bashrc

Connect to MSSQL via command line:

sqlcmd -S localhost -U SA -P ‘‘

I was mounting an external drive using the partition device file. I found that over time the mounted partition would give an I/O error. It turned out it was because the device file had changed. I decided to mount it using UUID to see if took care of the issue.

Here what I did to mount it and add it to the startup:

# fdisk /dev/sdc

Welcome to fdisk (util-linux 2.33.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Command (m for help): p
Disk /dev/sdc: 3.7 TiB, 4000787029504 bytes, 7814037167 sectors
Disk model: One Touch HDD
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: gpt
Disk identifier: E396A756-646C-40DC-A8F8-59CC11D40FA8

Device Start End Sectors Size Type
/dev/sdc1 2048 7814035455 7814033408 3.7T Linux filesystem

Command (m for help): quit

Use this command to determine the UUID:

# blkid
…
/dev/sdc1: UUID=”20f17e14-71c3-498f-8872-97dcd80c1d3e” TYPE=”ext4″ PARTUUID=”ccbd82af-94e0-431a-a54b-b9100a087133″
…

You can use lsblk as well:

# lsblk -fs
NAME FSTYPE LABEL UUID FSAVAIL FSUSE% MOUNTPOINT
…
sdc1 ext4 20f17e14-71c3-498f-8872-97dcd80c1d3e
└─sdc
…

Add the entry to the fstab:

# vi /etc/fstab
…
UUID=20f17e14-71c3-498f-8872-97dcd80c1d3e /external ext4 defaults 0 0

Then mount it:

# mount /external

Here a nice trick to get around the seemingly impossible “Your connection is not private” page when you try to access a site with a self signed certificate. I really don’t understand why nobody comes up with a better way to deal with this. We need the transport on our LANs to be encrypted using https. It should be easier to get this done.

Anyway, this is how you get the screen:

This applies to the “Your connection is not private” that has the “NET::ERR_CERT_INVALID” message in it.

Click anywhere on the background of the page, and type “thisisunsafe” and hit Enter. Then, you will proceed to site.

Note: This happens in MacOS, and I seen this is the latest versions of Chrome on linux.

I needed to cleanup an issue with an OpenVPN user. I cleaned was using a multi-factor solution with OpenVPN. The multi-factor solution was case sensitive, while the VPN was not. To clean up the mess, I needed to remove the certificates from the certs SQLite database.

Database location:

# cd /usr/local/openvpn_as/etc/db

Connect to the database:

# sqlite3 certs.db

List the tables in the database:

sqlite> .tables

List column names in the table:
sqlite> pragma table_info(certificates);

List all the common_name records in the database:
sqlite> select common_name from certificates ;

Delete records with the common name somename:
sqlite> delete from certificates where common_name=’somename‘;

This worked well to clean up the database, and get the user working with a correct ovpn file.

Note: You could also edit the ovpn with data from the database as well.

Here is how you display a table (log in this instance) layout:

sqlite> .schema log

I used the following to query the login activity. You have to convert the timestamp in the start_time column. Also, the duration is stored in seconds, so I converted it to minutes.

sqlite> select username,strftime(‘%m-%d-%Y’, datetime(start_time, ‘unixepoch’)),duration/60 from log;

To run it from a script, save your query in a file (zreport) and run the following:

sqlite3 log.db < zreport

# cd /usr/share/polkit-1/actions/

Make a backup copy of the org.freedesktop.NetworkManager.policy file:

# cp -p org.freedesktop.NetworkManager.policy org.freedesktop.NetworkManager.policy.orig

Edit the org.freedesktop.NetworkManager.policy file:

# vi org.freedesktop.NetworkManager.policy

In the <action id=”org.freedesktop.NetworkManager.settings.modify.system”> section, look for
<allow_active>auth_admin_keep</allow_active> toward the end of the section.

Change that line to:
<allow_active>yes</allow_active>

# shutdown -r now

Install the Microsoft repository into your yum configuration:

# curl https://packages.microsoft.com/config/rhel/7/prod.repo > /etc/yum.repos.d/mssql-release.repo

Disable the repository:

vi /etc/yum.repos.d/mssql-release.repo
…
enabled=0
…

Remove the unixODBC packages if applicable:

# yum remove unixODBC-utf16 unixODBC-utf16-devel

Install the driver and command line tools (if wanted):

# yum –enablerepo packages-microsoft-com-prod install msodbcsql17
# yum –enablerepo packages-microsoft-com-prod install mssql-tools

Add the tools directory to your PATH variable as required:

vi ~/.bash_profile ~/.bashrc
…
export PATH=”$PATH:/opt/mssql-tools/bin”
..

Add the tools to your current session:

export PATH=”$PATH:/opt/mssql-tools/bin”

Test with sqlcmd:

sqlcmd -U username -P password -S server -d database