The file /etc/localtime is a symbolic link to the timezone. All the timezones are listed in /usr/share/zoneinfo/
Replace America/New_York with the appropriate timezone.
ln -sf /usr/share/zoneinfo/America/New_York /etc/localtime
You can view the current time zone with the following command
timedatectl
or with date
date +"%Z %z"
If your having issues in the LibreNMS web interface changing a devices IP address or you can’t add a new one because it says it can’t ping the device, it is probably because SELinux is causing issues.
As far as changing a devices ip address, it looks like SELinux is not allowing Apache write access to the /opt/librenms/rrd directory
Temporary fix is to run
setenforce 0
You can permenatly disable SElinux by opening up “/etc/selinux/config” and changing “SELINUX=enforcing” to “SELINUX=disabled” and rebooting.
Renaming of x.x.x.x failed . Does your web server have permission to modify the rrd files?
It looks like there may be a bug where you’ll try to change the IP of a device and get the above error. It looks like the issue has something to do with the ip address. If your trying to change the IP on a router that has multiple IP addresses, try a different address in LibreNMS.
For some reason the hosts.allow and hosts.deny files don’t seem to work on cPanel. One of the alternative methods to limit ssh logins to specific addresses is to use iptables.
Allow access from specific IP addresses.
Replace 192.168.1.0/24 and 192.168.0.0/24 with your addresses. You can add more addresses using the “,”. Also if your ssh port is not the default port, be sure to change it.
iptables -A INPUT -s 192.168.1.0/24,192.168.0.0/24 -p tcp --dport 22 -j ACCEPT
Reject access from everywhere else
iptables -A INPUT -s 0.0.0.0/0 -p tcp --dport 22 -j REJECT
You can see your rules with
iptables -L --line-numbers
If you need to add another rule after the fact, you’ll need to make sure that it is above the REJECT rule. you can use the “-I” to insert it between rules.
Example: inserts rule as the second rule in the INPUT chain
iptables -I INPUT 2 -s 192.168.42.0/24 -p tcp --dport 22 -j ACCEPT
Add iptable rule
The following rule rejects access to port 22 on all devices except ones on the 192.168.1.0/24 network. Note the “!”. This command can be useful for a WHM/cPanel server to limit ssh access.
iptables -A INPUT ! -s 192.168.1.0/24 -p tcp --dport 22 -j REJECT
List iptable rules with line numbers
iptables -L --line-numbers
Example output
root@localhost [~]# iptables -L --line-numbers Chain INPUT (policy ACCEPT)Chain OUTPUT (policy ACCEPT) num target prot opt source destination 1 REJECT tcp -- !192.168.1.11 anywhere tcp dpt:ssh reject-with icmp-port-unreachable Chain FORWARD (policy ACCEPT) num target prot opt source destination Chain OUTPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT tcp -- anywhere anywhere multiport dports smtp,urd,submission owner GID match mailman 2 cpanel-dovecot-solr all -- anywhere anywhere Chain cpanel-dovecot-solr (1 references) num target prot opt source destination 1 ACCEPT tcp -- anywhere anywhere multiport sports 8984,7984 owner UID match cpanelsolr
Remove iptable rule
To delete a rule use the -D option with the Chain and the line number. So to delete the first rule in the example output above, we would specify the INPUT chain and the the line number 1
iptables -D INPUT 1
Install CIFS utils
sudo apt-get install -y cifs-utils
You can manually test it with the following command. Change the ip address, mount points, username, and password.
mount.cifs /192.168.1.102/mount/point /mnt -o user=john,pass=password3,uid=john
Note that specifying the uid in the options, allows the user to add, delete, and modify the files and folders of that specific mount point.
To auto mount on system startup, add the following line to /etc/fstab. Change the appropriate lines.
//192.168.1.102/mount/point /mnt auto user=john,pass=password3,uid=john 0 0
You can test it by mounting everything in fstab
sudo mount -a
Connect to Mongo database
mongo
Connect to Mongo on a different port (May be needed. Port is for UniFi server)
mongo -port 27117
Show Databases
show dbs
Use database
use dbname
Show tables/collections
show collections
or
show tables
List contents of table/collection
db.collection.find()
Example: (This example prints everything in the “admin” collection)
db.admin.find()
Find info that line that whose name is admin
db.admin.find({name : "admin" })
Find everything in a table, but only print columns that are named “name, email, and x_shadow”
db.admin.find({ }, { name : "", email : "", "x_shadow" : "" })
List users
show users
Authenticate
db.auth("username","password")
Insert into table/collection
d = {"data":"data"}
db.collection.insert(d)
Update a line, for example a users password. Swap out the ObjectId for the ID that mongo gives you when you list the admins or users. You will need to swap out the hash for the hash of the password you want.
db.admin.update({"_id" : ObjectId("a328bf90547ehc429a03ed85")}, {$set: { "x_shadow" : "$6$XB32GMXr$8dUt9huJzzL6O.gGZbs7QH1npldbzBzNDt/uUO1bI3b7Ij3YipgubtVHwincUUZjnDLh.KDI36uh2gUCID9yb1"}});
Example:
d = {"name":"admin","lang":"en_US","x_password":"password","time_created":"","last_site_name":"default"}
db.admin.insert(d)
Delete line from table/collection
db.collection.remove()
Example: (This will look for all the “rows” where the “name” contains “admin” and remove it)
db.admin.remove({ name: "admin"})
UniFI Specific
The following commands are specifically for a UniFi server.
Show UniFi Sites
db.site.find().forEach(printjson);
Or
mongo --port 27117 ace --eval "db.site.find().forEach(printjson);"
Show UniFi admins
db.admin.find().forEach(printjson);
Or
mongo --port 27117 ace --eval "db.admin.find().forEach(printjson);"
You can run all the commands from the terminal, or ssh into the server
See here if you need to setup SSH on the server.
Install prerequisites
sudo apt-get install mongodb mongodb-server openjdk-8-jre-headless jsvc
Download UniFi Video installer
Note the Debian package works on Ubuntu, and has been tested on the latest Ubuntu
wget https://dl.ubnt.com/firmwares/ufv/v3.8.5/unifi-video.Debian7_amd64.v3.8.5.deb
Install package
sudo dpkg -i unifi-video.Debian7_amd64.v3.8.5.deb
Login to the UniFi Video controller using your web browser and going to the following address to finish configuring the NVR.
https://your-server-address:7443
Debian / Ubuntu
sudo apt-get install -y openssh-server
RPM based Distros, Fedora / CentOS / RedHat
sudo dnf install -y openssh-server
or use yum
sudo yum install -y openssh-server
Start ssh service
sudo systemctl start sshd
By default the SSH service should start when the system starts, but if not try the following command to enable the service on boot up.
Debian / Ubuntu
systemctl enable ssh
Fedora, CentOS, RedHat
systemctl enable sshd
Change SSH port
Not necessary, but it is a good idea to change the default ssh port. To change the port edit the sshd file.
vi /etc/ssh/sshd_config
If you change the port, you’ll need to allow it in the firewall (firewalld, iptables) and if SELinux is enabled, semanage.
Stop the unifi-video service
sudo service unifi-video stop
Delete the journal with
rm -rf /usr/lib/unifi-video/data/db/journal/*
Switch to the unifi-video user
sudo su unifi-video
Repair the database
mongod --dbpath /var/lib/unifi-video/db --repair
Exit the user
exit
Start the unifi-video service
service unifi-video start
The Linux fsck command is similar to the Windows chkdsk utility. To run, specify the disk partition after the fsck command.
fsck /dev/sda1