Restoring a Pixel to the factory image is a pretty straight forward operation if you are familiar with fastboot and adb. This guide assumes you have fastboot already installed and setup in your user path. If not you can refer to the following link for more information.
WARNING – THESE STEPS WILL DELETE ALL USER DATA OFF THE DEVICE.
For some reason I ran into an issue where I can not remove authorized SSH Keys in AirOS version 6.3. It redirects to a 404 page and then to the main page.
Attempting to remove SSH keys in AirOS404 Error while attempting to remove SSH keys
Thankfully, we can still remove the authorized keys from the command line. For more information on making changes over SSH, refer to the following post.
We now need a user to connect to the Samba share with. You can use the commands below to to create a new user.
pdbedit only configures a current Linux system user for Samba. You can skip creating a new Linux user, but only if there is one already created that you can use.
You can now test to see if the share works. Open up Windows Explorer. Type in the IP address of the server and connect.
\\ip-address\sambaUser
It should prompt you for a login. Enter the user and password you set up.
Connecting to Fedora Samba/CIFS server
If it loads, then congratulations! You have successfully setup a Samba/CIFS Share on Fedora Server. Create new directories or files or whatever else you need.
Successfully Connected to Fedora Samba/CIFS Server
Check out the following links for more information about setting up Samba.
You can earn Microsoft rewards by using Bing for searching. What if you could automate Bing searches to automatically get rewards? Oh wait. PowerShell can launch Edge with a Bing search! So we can acquire Microsoft Rewards with PowerShell!
Create a new PowerShell file and past the following in.
The script will launch 30 Edge tabs with a Bing search of “Bing 1” next tab will be “Bing 2” etc. You could definitely be more creative with what and how you search for things, but this works as a proof of concept.
I created and ran this script from Visual Studio Code. But you should be able to create it with a normal text file and launch it in PowerShell.
The person at the following link did an excellent job at creating a system for this. Looks really cool.
There are a few different ways to view RAID information on Fedora. Here are two commands that can help.
1. Print Mdadm config
You can copy and past the following command to print the mdadm configuration.
cat /etc/mdadm.conf
It should return something similar to the following.
$ cat /etc/mdadm.conf
# mdadm.conf written out by anacondaMAILADDR root
AUTO +imsm +1.x -all
ARRAY /dev/md/Boot level=raid0 num-devices=6 UUID=21ce258a:015d0dd4:90d5b80e:ab04b7f7
ARRAY /dev/md/Root level=raid0 num-devices=6 UUID=4be32ad0:f3aa77bd:139d749d:4a6aab60
We see from the above output that we have two raid arrays. Both RAID 0 over 6 drives.
2. Print mdstats
You can show the mdstats by running
cat /proc/mdstat
Should get output similar to the following.
$ cat /proc/mdstat
Personalities : [raid0]
md126 : active raid0 sdc2[0] sdf2[5] sde2[4] sdd2[1] sda2[2] sdb2[3]
5856552960 blocks super 1.2 512k chunks
md127 : active raid0 sdc1[0] sdf1[5] sde1[4] sdd1[1] sdb1[3] sda1[2]
3133440 blocks super 1.2 512k chunks
unused devices:
This shows us the RAID size. About 5TB on one and 3GB on the other. The 3GB is used for the boot partition.
Other Notes
Apparently there is a difference between “mdadm” and “dm-raid” Mdadm is for managing and creating software raids, while dm-raid interacts if a device like a laptop has a “fake RAID”
Unsupported DEB-based OS: /etc/os-release ID ‘kali’. You can get the above error if you try to install AMD drivers on Kali Linux. Looks like by default they are looking for a system that is Ubuntu, LinuxMint or Debian.
You can resolve the issue by opening up the “amdgpu-pro-install” file and adding more OS’s that it can check for.
vi ./amdgpu-pro-install
Scroll down to line 147 where is says
ubuntu|linuxmint|debian)
and change it to
ubuntu|linuxmint|debian|kali)
The code function should look like the following.
142 function os_release() {
143 if [[ -r /etc/os-release ]]; then
144 . /etc/os-release
145
146 case "$ID" in
147 ubuntu|linuxmint|debian|kali)
148 :
149 ;;
150 *)
151 echo "Unsupported DEB-based OS: `
152 `/etc/os-release ID '$ID'" | stderr
153 exit 1
154 ;;
155 esac
156 else
157 echo "Unsupported OS" | stderr
158 exit 1
159 fi
160 }
Unfortunately once a version of Ubuntu becomes unsupported you can run into problems upgrading to the latest version. As is the case when you try to upgrade disco to focal. Ubunut 19.04 to 20.04.
A work around is to update the apt sources and then run an update
Update Apt Sources with.
sudo sed -i 's/disco/focal/g' /etc/apt/sources.list
Problem : Lots of CPU utilization. Profile shows a good bit of it is DNS related.
DNS eating CPU on Router
The router is setup to allow DNS to pass through to web servers so rDNS and other records can be looked up and resolved. This is a specific IP block that gets it’s addresses from the router. The firewall rules explicitly allow this address range. We’ll say 192.168.88.0/24, and blocks everything else. This works for the web servers. But why are we still getting a bunch of CPU utilization with DNS?
As it turns out, the firewall rule that allows the server address range also includes routers own address! So we have unintentionally whitelisted DNS access to our router.
To resolve the issue we can add another firewall rule that explicitly blocks DNS traffic to the routers IP address. We are using two rules, one to block TCP and the other UDP.
ip firewall filter add chain=input dst-address=192.168.88.1 protocol=6 dst-port=53 in-interface-list=WAN action=drop
ip firewall filter add chain=input dst-address=192.168.88.1 protocol=17 dst-port=53 in-interface-list=WAN action=drop
Rules 6 & 7 are the two new rules we just applied. 14 & 15 block input to the router, however rules 8 & 9 inadvertently allowed access to the router’s public IP.
Firewall Rules for Router
The Result? Our CPU usage dropped!
CPU Usage dropped after adding DNS firewall rules.
Quite dramatically too as the following LibreNMS screenshot shows.
LibreNMS CPU graph showing the overall CPU utilization improvement
For more information about DNS Amplification attacks, refer to the following links.
