Ubuntu 18.x – netplan to set static IP address

Here we go again. A completely different way to configure the network using netplan. I used the following on an Ubuntu 18.x LTS server to configure the static IP address:

$ cd /etc/netplan

If this directory, there will be a yaml file. I have seen this have a couple different names, but it has always been the only file in the directory. In this case, the file was named: 00-installer-config.yaml

If you brought the machine using DHCP, you need to change the “dhcp4: yes” line to “dhcpv: no”. Below, is an example setting the IP address, mask via the CIDR designation (subnet bits) after the IP address, the gateway, the nameservers and a search domain.

$ sudo vi 00-installer-config.yaml

dhcp4: no
addresses: [aaa.bbb.ccc.ddd/mm]
gateway4: eee.fff.ggg.hhh
addresses: [www.xxx.yyy.zzz, mmm.nnn.ooo.ppp]
search: [my.domain, my.otherdomain]
version: 2

Note: Make sure you do the following from the console, if modifying the IP address.
Apply the configuration:
$ sudo netplan apply

Mount a disk partition using the UUID in linux.

I was mounting an external drive using the partition device file. I found that over time the mounted partition would give an I/O error. It turned out it was because the device file had changed. I decided to mount it using UUID to see if took care of the issue.

Here what I did to mount it and add it to the startup:

# fdisk /dev/sdc

Welcome to fdisk (util-linux 2.33.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Command (m for help): p
Disk /dev/sdc: 3.7 TiB, 4000787029504 bytes, 7814037167 sectors
Disk model: One Touch HDD
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: gpt
Disk identifier: E396A756-646C-40DC-A8F8-59CC11D40FA8

Device Start End Sectors Size Type
/dev/sdc1 2048 7814035455 7814033408 3.7T Linux filesystem

Command (m for help): quit

Use this command to determine the UUID:

# blkid

/dev/sdc1: UUID=”20f17e14-71c3-498f-8872-97dcd80c1d3e” TYPE=”ext4″ PARTUUID=”ccbd82af-94e0-431a-a54b-b9100a087133″

You can use lsblk as well:

# lsblk -fs

sdc1 ext4 20f17e14-71c3-498f-8872-97dcd80c1d3e

Add the entry to the fstab:

# vi /etc/fstab

UUID=20f17e14-71c3-498f-8872-97dcd80c1d3e /external ext4 defaults 0 0

Then mount it:

# mount /external

Chrome and Brave – Your connection is not private.

Here a nice trick to get around the seemingly impossible “Your connection is not private” page when you try to access a site with a self signed certificate. I really don’t understand why nobody comes up with a better way to deal with this. We need the transport on our LANs to be encrypted using https. It should be easier to get this done.

Anyway, this is how you get the screen:

This applies to the “Your connection is not private” that has the “NET::ERR_CERT_INVALID” message in it.

Click anywhere on the background of the page, and type “thisisunsafe” and hit Enter. Then, you will proceed to site.

Note: This happens in MacOS, and I seen this is the latest versions of Chrome on linux.

Debian 10 – RDP

OS: Debian 10
Desktop Environment: XFCE

Install RDP on a system running a desktop environment is really pretty simple with one caveat. It seems that you cannot steal a session from the console by logging with that same username. So, if you know you are going to need the desktop environment, make sure you log off the console, if logged into the desktop environment, before attempting to login remotely. If you do forget, you make only get part of the environment, but have no way really do anything until you logoff from the console session.

Install RDP:

# apt install xrdp xterm

Enable xrdp and xrdp-sesman:

# systemctl enable xrdp
# systemctl enable xrdp-sesman

Start both services:

# systemctl start xrdp
# systemctl start xrdp-sesman

If you do not have a desktop environment setup:

# apt install xfce4 xfce4-goodies xorg dbus-x11 x11-xserver-utils

Verify that xrdp is running:

# systemctl status xrdp
● xrdp.service – xrdp daemon
Loaded: loaded (/lib/systemd/system/xrdp.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2021-03-28 19:49:01 PDT; 4 weeks 0 days ago
Docs: man:xrdp(8)
Main PID: 724 (xrdp)
Tasks: 2 (limit: 4915)
Memory: 22.2M
CGroup: /system.slice/xrdp.service
├─ 724 /usr/sbin/xrdp
└─19572 /usr/sbin/xrdp

Apr 26 10:22:30 lm xrdp[19572]: (19572)(140553222580032)[DEBUG] xrdp_wm_log_msg: connecting to sesman ip port 3350
Apr 26 10:22:31 lm xrdp[19572]: (19572)(140553222580032)[INFO ] xrdp_wm_log_msg: sesman connect ok
Apr 26 10:22:31 lm xrdp[19572]: (19572)(140553222580032)[DEBUG] xrdp_wm_log_msg: sending login info to session manager, please wait…
Apr 26 10:22:31 lm xrdp[19572]: (19572)(140553222580032)[DEBUG] return value from xrdp_mm_connect 0
Apr 26 10:22:31 lm xrdp[19572]: (19572)(140553222580032)[INFO ] xrdp_wm_log_msg: login successful for display 10
Apr 26 10:22:31 lm xrdp[19572]: (19572)(140553222580032)[DEBUG] xrdp_wm_log_msg: started connecting
Apr 26 10:22:31 lm xrdp[19572]: (19572)(140553222580032)[INFO ] lib_mod_log_peer: xrdp_pid=19572 connected to X11rdp_pid=19575 X11rdp_uid=1000 X11rdp_gid=1000 client_i
Apr 26 10:22:31 lm xrdp[19572]: (19572)(140553222580032)[DEBUG] xrdp_wm_log_msg: connected ok
Apr 26 10:22:31 lm xrdp[19572]: (19572)(140553222580032)[DEBUG] xrdp_mm_connect_chansrv: chansrv connect successful
Apr 26 10:22:31 lm xrdp[19572]: (19572)(140553222580032)[DEBUG] Closed socket 18 (AF_INET6 ::1 port 59468)

Add xrdp to ssl-cert group:

# usermod -a -G xrdp ssl-cert


# shutdown -r now

Connect MySQL Workbench to an AWS Instance

  • Download and install MySQL Workbench.
  • Open MySQL Workbench.
  • Select MySQL New Connection and enter a connection name.
  • Choose the Connection Method, and select Standard TCP/IP over SSH.
  • For SSH Hostname, enter the public IP address of your EC2 instance.
  • For SSH Username, enter the default SSH user name to connect to your EC2 instance.
  • Choose SSH Key File, and select the .pem file used to connect from your file system.
  • For MySQL Hostname, enter the database endpoint name.
  • To find the endpoint name:
    Login in AWS console.
    Click Services, and search for RDS (Managed Relational Database Service).
    Click on Databases.
    Click on the DB Identifier under the cluster DB Identifier you to connect to using MySql Workbench.
    The endpoint for that database will be displayed under Connectivity & security.

  • For MySQL Server Port, enter the port number that you use to connect to your database.
  • This will be in the same location as the identifier.

  • For Username, enter the user name that you use to connect to your database.
  • For Password, enter the MySQL user password.
  • Choose Test Connection. After the test is successful, choose OK to save the connection.
  • Howto extend an XFS partition in AWS.

    Login to the EC2 Console.
    Go down to Elastic Block Store.
    Select Volumes.
    Select the volume
    Click Actions and then Modify Volume.
    Enter the new size and click Modify.

    At this point, you will need to extend your volumes and partitions.

    In this case, I was not using LVM, so it was a pretty simple process.

    Check to see which partition you want to extend:

    $ df -hT
    /dev/xvda1 xfs 8G 8.7G 8G 97% /

    Determine the block device and the partition number:

    $ lsblk
    xvda 202:0 0 8G 0 disk
    └─xvda1 202:1 0 8G 0 part /

    Expand to partition to all the available unallocated storage on the disk:

    $ sudo growpart /dev/xvda 1

    Verify to see if the partition has been extended.

    $ lsblk
    xvda 202:0 0 30G 0 disk
    └─xvda1 202:1 0 30G 0 part /

    Extend the filesystem on the partition:

    $ sudo xfs_growfs -d /


    $ df -h
    Filesystem Type Size Used Avail Use% Mounted on
    /dev/xvda1 xfs 30G 9.1G 21G 31% /

    MySQL/MariaDB logging to a table

    OS: CentOS 7
    There are a few ways to enable query logging in MariaDB. I did it by editing the server.cnf file.

    # cd /etc/my.cnf.d
    vi server.cnf


    Restart mariadb:

    # systemctl restart mariadb

    The output is put in the mysql.general_log table. Fortunately, I had used unique userid for each of my applications. This allowed me to be able to query the table to find those queries for a particular database. For example, an application using dbuser for database access:

    MariaDB [mysql]> SELECT * FROM general_log WHERE user_host like ‘%dbuser%localhost%’;

    You are going to want to truncate this log once in a while, because it will get very large depending the on the activity.

    MariaDB [mysql]> TRUNCATE mysql.general_log

    Awk To Get The Last Elemet After a Delimiter

    I have to write these things, so I can find them when I inevitably need them again.

    This will give you the last element in a delimited string:

    awk -F “:” ‘{print $NF}’

    Here is an example:

    $ echo “elemet1:element2:element3:element4” | awk -F “:” ‘{print $NF}’

    Ubuntu: Disable Automatic Updates

    UPDATE: What outlined below did not work, so here is what I ended up doing:

    Change directory to:

    $ cd /etc/apt/apt.conf.d

    Edit the 20auto-upgrades, and change the Lists setting from 1 to 0:

    $ sudo vi 20auto-upgrades
    APT::Periodic::Update-Package-Lists “0”;
    APT::Periodic::Unattended-Upgrade “1”;

    Now, with the list disabled the service should never find anything to update.

    Another option is just get rid of the service:

    $ sudo apt remove unattended-upgrades

    Note: The following did not work in Ubuntu 18.x:

    For reason, I don’t know if this an Azure deployment issue or an Ubuntu decision, but I have found automatic updates turned on by default in a couple VMs. Not sure why you would ever want your production server automatically updating, so:

    Check to status of the unattended-upgrades service:

    $ sudo systemctl status unattended-upgrades

    Stop the service:

    $ sudo systemctl stop unattended-upgrades

    Disable the service. NOTE: Services that have this as a dependency will start the service despite it being disabled. I am not aware of any for this service, but just putting it out there.

    $ sudo systemctl disable unattended-upgrades

    To prevent the unintended situation above, mask will create a link to /dev/null to prevent the service from being started whether there are dependencies or not.

    $ sudo systemctl mask unattended-upgrades

    SQLite3 and OpenVPN

    I needed to cleanup an issue with an OpenVPN user. I cleaned was using a multi-factor solution with OpenVPN. The multi-factor solution was case sensitive, while the VPN was not. To clean up the mess, I needed to remove the certificates from the certs SQLite database.

    Database location:

    # cd /usr/local/openvpn_as/etc/db

    Connect to the database:

    # sqlite3 certs.db

    List the tables in the database:

    sqlite> .tables

    List column names in the table:
    sqlite> pragma table_info(certificates);

    List all the common_name records in the database:
    sqlite> select common_name from certificates ;

    Delete records with the common name somename:
    sqlite> delete from certificates where common_name=’somename‘;

    This worked well to clean up the database, and get the user working with a correct ovpn file.

    Note: You could also edit the ovpn with data from the database as well.

    Here is how you display a table (log in this instance) layout:

    sqlite> .schema log

    I used the following to query the login activity. You have to convert the timestamp in the start_time column. Also, the duration is stored in seconds, so I converted it to minutes.

    sqlite> select username,strftime(‘%m-%d-%Y’, datetime(start_time, ‘unixepoch’)),duration/60 from log;

    To run it from a script, save your query in a file (zreport) and run the following:

    sqlite3 log.db < zreport

    Return top