Let's make the world a better place using digital technologies!

Category: Linux

Useful Docker Commands

  • docker pull image_name
  • docker create ….. (create container from image)
  • docker run …. (create container and run from image)
  • docker ps -a (list all container, including stopped)
  • docker images (list all images)
  • docker rm container_name (delete container)
  • docker start container_name (start/resume container)
  • docker stop container_name  (stop container)
  • docker rmi image_name (delete image)
  • docker exec -it container_name bash (connect to running conatiner_name container and jump to a bash shell)
Continue Reading

Fixing Unwanted Linux System Suspend Caused by gdm / lightdm

After upgrading to a newer Ubuntu, I found myself facing automatic system suspend events (look at /var/log/syslog) every 20 or 30 minutes. Here is how to fix them:

sudo -H -u lightdm dbus-launch --exit-with-session dbus-launch gsettings set com.canonical.unity-greeter idle-timeout 0

sudo -H -u lightdm dbus-launch --exit-with-session dbus-launch gsettings set org.gnome.settings-daemon.plugins.power lid-close-ac-action nothing

sudo -H -u lightdm dbus-launch --exit-with-session dbus-launch gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout 0

sudo -H -u lightdm dbus-launch --exit-with-session dbus-launch gsettings set org.gnome.settings-daemon.plugins.power time-low 0

 

You might want to look at the power settings first which can be shown by:

sudo -H -u lightdm dbus-launch --exit-with-session gsettings list-recursively org.gnome.settings-daemon.plugins.power

If needed, login to the lightdm user by:

su lightdm -s /bin/bash

 

Continue Reading

Replacing Hard Disk on Linux Server and Expanding Partitions

Not frequently but once in a while you would need to replace your “troubling” hard disk with a new shiny one. In order to keep all your mapping intact, you would like to use the same UUIDs and even the partition map. But as the new hard disk is generally a larger size, it makes sense to expand the main partition to the end of the drive. So here are some commands to do this job.

First make a copy of the existing partition table:

sfdisk -d /dev/sda > sda.dump

Now shutdown the computer, remove the old disk, and install the new disk. After booting, copy the partition table to the new disk.

sfdisk /dev/sda < sda.dump

Now open parted and expand the last partition through the end of the available space

parted /dev/sda
..print (to see the table)
..resizepart (use the end figure from the table to expand to the end)

Format the newly created partitions.

mkfs.ext4 /dev/sda1
mkfs.ext4 /dev/sda2

Everything should be alright now but if needed, you can also manually apply the UUIDs.

tune2fs /dev/sda1 -U xxxxe50b-89d4-xxxx-8d8e-e6c4d547xxxx
tune2fs /dev/sda2 -U xxxxae63-xxxx-4054-b55d-b52f751xxxxx

Continue Reading

Simple URL Monitor and Mobile Push Notifications using Pushover

Often we would like to monitor the online status of one or more websites or urls in order to be able to fix any issues as soon as a problem arises. I created the following simple mechanism to probe a list of url’s and send push notifications in case of an error.

#!/usr/bin/env python3

# Script to check url health and send push notifications using pushover servrice
# Author: Dr. Asif Rana (aiqbalrana@gmail.com)
# License: MIT License 
# Date: 20180213, 12:06 CET

import urllib.request
import http.client, urllib
import sys
sitelist = {
  'http://site1url/' : 'site1 label',
  'http://site2url/' : 'site2 label', }
for x in sitelist:
  statuslive = 0
  try:
    url = urllib.request.urlopen(x)
    code = url.getcode()
    if (code == 200):
      statuslive = 1
  except:
    statuslive = 0
 
  if (statuslive == 0):
    conn = http.client.HTTPSConnection("api.pushover.net:443")
    conn.request("POST", "/1/messages.json", urllib.parse.urlencode({
    "token": "your pushover.net application token",
    "user": "your pushover.net user key", "
    message": "Site down: " + sitelist[x], }), { "Content-type": "application/x-www-form-urlencoded" })
    conn.getresponse()

Ideally, you would run this script on a different server than the site you would like to monitor. A pushover.net account will be needed to get your token and key. In addition, you would need to install the pushover app on your iOS or Android device to get the notifications.

Tested and works great for a simple URL monitoring and getting notifications about website crashes, etc.!

You need to add this script as a cronjob using crontab tool and run it on regular intervals (e.g., every 5 minutes) to check the urls.

Continue Reading

Managing Repeat Offender in OSSEC

In ossec.conf:

<active-response>
    <repeated_offenders>60,120,1440</repeated_offenders>
 </active-response>

where 60, 120, 1440 indicate minutes banned after first, second, and third offense. Adapt these values to your taste.

Continue Reading

Create REST Service on Raspberry Pi with Flask

Creating the REST script using Flask

  • First install Flask on raspi:
pip3 install flask
  • Create a REST service using the following code. This is a very simple service that provides one command. In addition, I’ve created another interface also for providing psutil functions, as a demo.
# Script to provide a rest interface to raspberry 
# Author: Dr. Asif Rana (aiqbalrana@gmail.com) 
# License: MIT License
# Date: 20180217 
 
from flask import Flask, url_for 
import os 
import sys 
import psutil 
 
raspicmds = { 
 'reboot' : '/sbin/reboot' 
 } 
 
app = Flask(__name__) 
 
@app.route('/osinfo/<cmd>', methods=['GET', 'POST']) 
def api_osinfo(cmd): 
 cmdstr = 'psutil.' + cmd 
 cmdresp = eval(cmdstr) 
 return str(cmdresp) 
 
@app.route('/raspi/<kcmd>', methods=['GET', 'POST']) 
def api_raspicmd(kcmd): 
 if kcmd in raspicmds: 
 os.system("sudo " + raspicmds[kcmd]) 
 return str(kcmd + 'executed') 
 
if __name__ == '__main__': 
 app.run(debug=True, host='0.0.0.0') 
  • Caution: do not expose your raspi to the internet without taking good care of security. This example is just for illustration purposes.
  • Making the script a service (daemon)

  • Create this file: /lib/systemd/system/raspirest.service with following contents:
[Unit]
Description=Raspi REST Interface
[Service]
Type=simple
ExecStart=/usr/src/scripts/raspirest.py
[Install]
WantedBy=multi-user.target
  • Add and enable the service to start at boot:
sudo systemctl daemon-reload
sudo systemctl enable raspirest
  • Check if the service is running by calling it at: http://IP:Port/raspi/<yourcmd>
Continue Reading

Using Let’s Encrypt Free SSL Certificates

apt install software-properties-common
add-apt-repository ppa:certbot/certbot
apt update
apt-get install python-certbot-apache
certbot-auto -d www.domain.com -d subdomain.domain.com -d subdomain2.domain.com  -d domain.com

This should install the certificates for all the domains in their respective sections (443) in the apache config file.

Now the certificates should be renewed every 90 days: Test renewal by doing a dry run:
certbot renew --dry-run

If everything works, then configure a fully automatic renewal via a cron job, e.g.,
0 0 15 * * /usr/bin/certbot renew --quiet

Continue Reading
Continue Reading

Creating systemd services for Confluence and Jira

Place the following two files (confluence.service and jira.service) under /etc/systemd/system folder.

confluence.service

[Unit]                                                               
Description=Confluence                                               
After=mysql.service                                                  
                                                                     
[Service]                                                            
Type=forking                                                         
User=confluence                                                      
PIDFile=/opt/atlassian/confluence/work/catalina.pid                  
ExecStart=/opt/atlassian/confluence/bin/start-confluence.sh          
ExecStop=/opt/atlassian/confluence/bin/stop-confluence.sh            
                                                                     
[Install]                                                            
WantedBy=default.target

jira.service

[Unit]                                                                                  
Description=Jira                                                                        
After=network.target ossec.service apache2.service mysql.service confluence.service     
                                                                                        
[Service]                                                                               
Type=forking                                                                            
User=jira                                                                               
PIDFile=/opt/atlassian/jira/work/catalina.pid                                           
ExecStart=/opt/atlassian/jira/bin/start-jira.sh                                         
ExecStop=/opt/atlassian/jira/bin/stop-jira.sh                                           
                                                                                        
[Install]                                                                               
WantedBy=default.target

Enable and start services using the following commands. The services will be enabled on next bootup.

systemctl enable jira.service
systemctl enable confluence.service
systemctl start jira.service
systemctl start confluence.service

Some other useful commands:

systemctl disable jira.service
systemctl daemon-reload
Continue Reading

Installing Redis for Increasing Owncloud and Gallery Performance

  • Download, make, test, and install latest stable Redis:
cd /tmp
curl -O http://download.redis.io/redis-stable.tar.gz
tar -xvf redis-stable.tar.gz
cd redis-stable
make
make test
make install
  • Check that it is running by:apt install php-redis
redis-server -v
  • Install Redis support for php
apt install php-redis
  • Check that its working and enabled:
    php --ri redis
  • Add the following to /var/www/owncloud/config/config.php:
'memcache.local' => 'OC\\Memcache\\Redis', 
'filelocking.enabled' => 'true', 
'memcache.locking' => 'OC\\Memcache\\Redis', 
'redis' => 
 array ( 
 'host' => 'localhost', 
 'port' => REDIS_PORT, 
 ),

In addition, enable asset pipelining in owncloud by putting in:

$CONFIG = array (

the following line:

asset-pipeline.enabled' => true,
  • Open Admin panel in owncloud and see the logs for any anomalies or to confirm good status.
Continue Reading