Adding Email Disclaimer for Entire Domain on WHM/cPanel

Posted on November 30, 2021 by admin

Altermime is a small utility that allows you to append a disclaimer to all outbound emails on a cPanel server.

1. Installing altermime

You should be able to copy and paste the following commands in. You’ll need to be root.

cd /usr/local/src/ 
wget pldaniels.com/altermime/altermime-0.3.10.tar.gz 
tar xvfz altermime-0.3.10.tar.gz 
cd altermime-0.3.10 
make 
make install

2. Setup Disclaimer Text

Create two disclaimer files. One is text and the other is for HTML.

Text file

nano /usr/local/etc/exim/textdisclaimer

Add your disclaimer text.

-------------
incredigeek.com

HTML File

Create the HTML disclaimer file with

nano /usr/local/etc/exim/htmldisclaimer

And add your disclaimer HTML to the file. Example:

<p>
-----
<br />
  <a href="http://www.incredigeek.com">incredigeek.com </a>
</p>

3. Modify Exim Configuration

Now that we have the disclaimer files set up, we can move on to configuring Exim so the disclaimer text gets added to every email sent out.

Open up WHM and go to Exim Configuration Editor -> Advanced Editor

A. Configuring Routers Configuration

Find the ROUTERS CONFIGURATION section. We will add some configuration in the “Section: PREROUTERS”

Add disclaimer to Single Domain

Paste in the following to add the disclaimer to a single domain. Replace “incredigeek.com” with your domain.

disclaimer:
driver = dnslookup
domains = ! +local_domains
transport = ${if eq {$sender_address_domain}{incredigeek.com}{disclaimer_smtp}{remote_smtp}}
no_more

Add Disclaimer to Entire Server (Optional)

If you would rather apply the disclaimer to the entire server, use the following.

disclaimer:
driver = dnslookup
domains = ! +local_domains
transport = disclaimer_smtp

B. Configure Transports Configuration

Once we have that added we can find the “TRANSPORTS CONFIGURATION” section and under the first “Section: TRANSPORTSTART” add

disclaimer_smtp:
driver = smtp
transport_filter = /usr/local/bin/altermime  --input=- --disclaimer=/usr/local/etc/exim/textdisclaimer --disclaimer-html=/usr/local/etc/exim/htmldisclaimer
size_addition = 1

That should be everything that you need. Send a test email to an external email account to verify that it works.

Note that it looks like sending an email locally to email addresses on the same domain or to yourself bypass the filter and do not get the disclaimer added.

The following links were helpful for getting this set up.

https://forums.cpanel.net/threads/howto-footer-disclaimer-in-outgoing-mails.98465/

https://pldaniels.com/altermime/

Installing (WSL) Windows Subsystem for Linux

Posted on November 16, 2021 by admin

Installing the Windows Subsystem for Linux is a lot easier then it used to be.

Simply run Powershell as administrator

wsl --install

Reboot the computer after it finishes installing.

https://docs.microsoft.com/en-us/windows/wsl/install

Get list of IP DHCP Leases from Mikrotik RouterOS Command Line

Posted on November 11, 2021 by admin

Sometimes it is nice to have a list of just the IP addresses and the hostname or mac address. Can be especially helpful when you are trying to get a list of devices to do a bulk update in LibreNMS. Helpful LibreNMS links for renaming and showing down devices

we are going to run the command to pull the DHCP information and then use Unix utilities to parse the data out.

Replace dhcp8 with the correct dhcp server in the mikrotik.

First, SSH into your Mikrotik router.

ssh user@mikrotik

Next we’ll want to go to the ip dhcp-server lease directory

/ip dhcp-server lease

Now we can run the following command to loop through and pull out all the info we need.
You can change the info like “mac-address” for something like “status”. You can use Tab to see what options are available. Just delete mac-address and hit tab twice.

:foreach i in=[find] do={ :put ([get $i address].",".[get $i mac-address].",".[get $i server].",".[get $i host-name ])}

Found the above helpful info from the following pdf file.

https://mum.mikrotik.com/presentations/PH18/presentation_5113_1516612695.pdf

How to Find Yesterdays Date in Linux

Posted on November 8, 2021 by admin

The wrong way to find yesterdays date:

I had a command that was used to see if. It used some arithmetic operators to subtract 1 from the current day. That would give us yesterdays day which we could then use to check if a backup was created then.

day=$(date +%d) ; date=$(($day - 1)) ; echo "yesterday date is $date"

It worked great, unless you happened to be on the 8th or 9th of the month. Looks like bash is interpreting 08 and 09 in octal format. https://stackoverflow.com/questions/24777597/value-too-great-for-base-error-token-is-08

-bash: 08: value too great for base (error token is "08")

The better way

Fortunately there is an easier and more reliable way to do this. Using the date command, you can specify yesterday and it will print out yesterdays date.

date --date=yesterday +%d

Much easier to use.

Some more info.

https://www.cyberciti.biz/tips/linux-unix-get-yesterdays-tomorrows-date.html?cf_chl_captcha_tk=N9iBfod_b0qUxjB2jIGlETgiZ.JXSxGpLmvQ83CzBvY-1636407896-0-gaNycGzNBmU

https://stackoverflow.com/questions/18180581/subtract-days-from-a-date-in-bash

Linux commands for CPU, RAM and GPU info

Posted on October 30, 2021 by admin

Some helpful commands for showing hardware information on Linux.

Show memory speed

sudo dmidecode --type 17

Show CPU Frequency in MHz

cat /proc/cpuinfo | grep MHz

Show a bunch of system info with inxi, may need to install it.

inxi

Another cool program is screenfetch. Gives a nice overview of system specs

sudo dnf install screenfetch

and run with

screenfetch

Error Setting up Base Repository While Installing CentOS Stream 8

Posted on October 22, 2021 by admin

https://www.networkshinobi.com/centos-8-error-setting-up-base-repository/

Not sure why it was giving an error. But to resolve the issue

click on “Software Sources”

On the Network line put http://mirror.centos.org/centos-8/8/BaseOS/x86_64/os/

Should be able to go back to the previous page and select what you want to install.

Decrypting Cambium router config passwords

Posted on October 19, 2021 by admin

In the cambium cloud you can retrieve a config from a router, modify it and reapply it or make a template from it. All the passwords are “encrypted” so you can’t read what the WiFi password is for example.

Example config line looks like

WPAPSK1=[c760ba8ffe65c669]

Looks like it uses some sort of des3 hex encryption.

Fortunately there is a utility on the routers we can use to decrypt the encrypted string.

First we need a router that we can SSH into.

Info on the encryption

The Cambium router uses the 3des_hex utility to decrypt and encrypt strings

It is located /sbin/3des_hex

Decrypting a password

Decrypting is super easy.

3des_hex -d "c760ba8ffe65c669"

Replace the key with the key you want to decrypt.

Encrypting a password

Not really sure if this would ever be needed, but you can use the -e option to encrypt a string

3des_hex -e "12345678"

More info.

It looks like it needs the lib file “/lib/libuClibc-0.9.33.2.so”

/sbin/3des_hex is where the main file is stored though.

The config_manager.sh script in /sbin has the functions that encrypt and decrypt the config lines.

TMP_FILE="/tmp/tmp_cfg"
TMP_FILE2="/tmp/tmp_cfg2"
TMP_FILE_DECRYPT="/tmp/tmp_cfg_decrypt"
TMP_MFK_FILE="/tmp/multi_function_key.cfg"
decrypt_key="asdfghjkl";
SNMP_DECRYPT_FILE="/etc/cambium/cambium_default.decrypt"
DotFactoryFile="/etc_ro/DoNotFactory.name"

# when security encrypt enable , decrypt.
handle_file_dec()
{
        local enc_enable=`dev_manage_stat_get has_config_enc`
        if [ "$enc_enable" != "1" ]; then
                return 0
        fi
        SecParamListFile="/etc_ro/ConfigFileSecParam"
        [ -x "/sbin/3des_hex" ] || return 0
        [ -f $SecParamListFile ] || return 0
        [ -z "$1" ] && return 1
        awk -F '=' 'ARGIND==1{pname[$0]}ARGIND>1&&($1 in pname){print $0}' $SecParamListFile $1 > $1.tmp
        awk '{if($0~/.+\=\[.*\]/){sub("\=","\|");print $0;}else{print $0}}' $1.tmp > $1.tmp1
        rm -f $1.tmp
        awk -F'|' '{if($2~/\[.*\]/){len=length($2);value=substr($2,2,len-2);while(("3des_hex -d \""value"\""|getline line)>0){printf("%s=%s\n",$1,line);}close("3des_hex -d \""value"\"");}else{print $0}}' $1.tmp1 > $1.tmp2
        rm -f $1.tmp1
        echo "" >> $1
        cat $1.tmp2 >> $1
        rm -f $1.tmp2
}

Unity Fails to Build iOS Game due to “LocationService” being used

Posted on October 8, 2021 by admin

Ran into an interesting problem while trying to compile a Unity project for iOS. It failed to build because

“LocationService class is used but Locations Usage Description is empty. App will not work on iOS 10+.
UnityEngine.GUIUtility:ProcessEvent (int,intptr,bool&)”

Well as far as I know there is not anything calling or requesting location services. I probably could have just put a reason for requesting the service under the build options in Project Settings. But why “use” something we don’t need?

Using the handy grep tool from a terminal, I was able to search through the project for “LocationService” and that returned a couple hits for files in the PlayMaker folder.

Looks like PlayMaker has a couple preconfigured “scripts” for Starting, Stopping, and Requesting Location.

Deleting the following four C# files resolved the error and it built fine afterwards.

GetLocationInfo
StopLocationServiceUpdates
StartLocationServiceUpdates
ProjectLocationToMap

You can find these files in your project under Assets > PlayMaker > Actions > Device

Unity Android Build – Required API Level 30

Posted on October 8, 2021 by admin

Android SDK missing required platform API

Ran into the above issue while trying to build a Unity project. Android studio had the correct version installed, why was it not able to use API level 30?

Ok So hit Update Android SDK. Unity Launches a PowerShell window and tries to upgrade the Android SDK level, but fails with

“Unable to install additional SDK platform. Please run the SDK Manager manually to make sure you have the latest set of tools and the required platforms installed.”

Looks like there was a bug with the space in the path to the command Unity was running.

https://forum.unity.com/threads/android-sdk-29-unable-to-install-additional-sdk-platform-issue-workaround.963626/

Looks like there are a couple of work arounds for this. I had Android Studio installed so I opened up that folder and copied that platform version to my unity folder.

Copy Android platform from Android Studio to Unity Folder

Android Studio folder should be in AppData\Local\Android\Sdk\platforms

Unity Project folder should be “C:\Program Files\Unity\Hub\Editor\2020.3.19f1\Editor\Data\PlaybackEngines\AndroidPlayer\SDK\platforms”

You should now be able to build the project in Unity now with the appropriate API version.

Enable Logging for firewalld

Posted on October 6, 2021 by admin

Enabling logging on firewall rules can be beneficial for tracking why a certain rule is not behaving as you intended.

Enabling logging is relatively straight forward.

Enable Firewall Logging
Check Logs
Disable Firewall Logging (Optional)

Enable Firewall Logging

Quickest way to enable logging is to run

sudo firewall-cmd --set-log-denied=all

This changes the options in the /etc/firewalld/firewalld.conf config file. Options include all, unicast, broadcast, multicast, and off

The command also reloads the firewall so manually restarting the firewall is necessary.

Checking Logs

You can use dmesg to view the failed attempts or you can follow the messages log and filter to just show the rejects

sudo tail -f /var/log/messages | grep -i REJECT

You can now try to access the server or run a test to trigger a log event. In my case I tried initiating a SSH connection.

Oct  1 16:32:10 localhost kernel: FINAL_REJECT: IN=eno1 OUT= MAC=f8:ab:98:12:fe:11:a1:ec:a6:00:67:3e:97:00 SRC=192.168.1.1 DST=192.168.88.2 LEN=60 TOS=0x08 PREC=0x40 TTL=59 ID=43080 DF PROTO=TCP SPT=38192 DPT=22 WINDOW=52240 RES=0x00 SYN URGP=0

Interesting bits are bolded. Our destination port it 22 “ssh” and our source address is 192.168.1.1. If I want this IP to access the server, I’ll need to add the 192.168.1.1 IP range in the allowed IP ranges.

Disable Logging (Optional)

After you have finished troubleshooting your problem, you may want to turn the logging feature off so you don’t fill up the logs with failed entries.

You can turn it off with

sudo firewall-cmd --set-log-denied=off

We can verify that logging is off by running

sudo firewall-cmd --get-log-denied

If the firewall logging option is off it will return “off”

The following site has some more information and alternative ways

https://www.cyberciti.biz/faq/enable-firewalld-logging-for-denied-packets-on-linux/