Configuring UFW Firewall on Ubuntu for UniFi and UniFi-Video

Posted on October 19, 2020 by admin

You should be able to copy and paste all the following commands in. You can check the status of the commands after with

sudo ufw status

Allowing access to UniFi ports

sudo ufw allow 3478/UDP
sudo ufw allow 5514/UDP
sudo ufw allow 8080/TCP
sudo ufw allow 8443/TCP
sudo ufw allow 8880/TCP
sudo ufw allow 8843/TCP
sudo ufw allow 6789/TCP
sudo ufw allow 27117/TCP
sudo ufw allow 10001/UDP
sudo ufw allow 1900/UDP

UniFI Video ports

sudo ufw allow 7080/TCP
sudo ufw allow 7443/TCP
sudo ufw allow 7445/TCP
sudo ufw allow 7446/TCP
sudo ufw allow 7447/TCP
sudo ufw allow 10001/UDP
sudo ufw allow 6666/TCP
sudo ufw allow 7004/UDP
sudo ufw allow 7442/TCP

Helpful links

https://help.ui.com/hc/en-us/articles/217875218-UniFi-Video-Ports-Used
https://help.ui.com/hc/en-us/articles/218506997-UniFi-Ports-Used

Configure UFW Firewall on Ubuntu

Posted on October 19, 2020 by admin

Below are some simple commands around working with UFW. UFW is included in Ubuntu. However it may need to be enable.

Show status

sudo ufw status

Disable UFW Service

sudo systemctl stop ufw && sudo systemctl disable ufw

Stop UFW Service

sudo systemctl stop ufw

Start UFW service

sudo systemctl stop ufw

Enable UFW

sudo ufw enable

Allow SSH

sudo ufw allow 22/tcp

Show status

sudo ufw status numbered

Example output

sudo ufw status numbered
Status: active
To            Action   From 
--            ------   ----
[1] 3478/udp  ALLOW IN  Anywhere
[2] 5514/udp  ALLOW IN  Anywhere
[3] 8080/tcp  ALLOW IN  Anywhere
[4] 8443/tcp  ALLOW IN  Anywhere
[5] 8880/tcp  ALLOW IN  Anywhere
[6] 8843/tcp  ALLOW IN  Anywhere
[7] 6789/tcp  ALLOW IN  Anywhere
[8] 27117/tcp ALLOW IN  Anywhere
[9] 22/tcp    ALLOW IN  Anywhere

Delete rule

You need to know the number of the rule you want to delete. Replace number with the number of the rule from the status command

sudo ufw delete number

Reset rules

sudo ufw reset

Allow access to port from specific IP address

Example command allows access to SSH (port 22) from the 172.16.0.0/12 ip range.

sudo ufw allow proto tcp from 172.16.0.0/12 to any port 22

One note: It appears that you need to run the rule with every IP range you want to allow.

Allow access to port from all private IP ranges (RFC 1918)

If we wanted to allow SSH (port 22) from all local IP addresses, we would need to run the following three commands.

sudo ufw allow proto tcp from 10.0.0.0/8 to any port 22
sudo ufw allow proto tcp from 172.16.0.0/12 to any port 22
sudo ufw allow proto tcp from 192.168.0.0/16 to any port 22

The following link has more information regarding UFW firewall and subnets.
https://www.cyberciti.biz/faq/ufw-allow-incoming-ssh-connections-from-a-specific-ip-address-subnet-on-ubuntu-debian/

Configure Timezone on Ubuntu 20.04

Posted on October 19, 2020 by admin

You can set the timezone using timedatectl

List time zones

timedatectl list-timezones

Set time zone. Replace America/Chicago with your timezone.

timedatectl set-timezone America/Chicago

Ubuntu 16.04 Set Static IP address using Network Manager

Posted on October 12, 2020 by admin

Replace ens160 with the connection name. “vmcli con show”

sudo nmcli connection mod ens160 ipv4.method auto

Should be able to restart the networking service or reboot the server

Kotlin, Launching Settings Activity is Showing Main Activity

Posted on October 3, 2020 by admin

The problem is that the code in SettingsActivity is not tied to the settings_activity.xml file. So it is using the activity_main.xml instead. It does in fact switch activities, the header at the top shows that it is in the Settings, but it shows the same information on the Main Activity. Problem showed up after copying and pasting code.

Check the following line under the initial onCreate function

override fun onCreate(savedInstanceState: Bundle?) {
        super.onCreate(savedInstanceState)
        setContentView(R.layout.activity_main)  // <-- Should be R.layout.settings_activity

The setContentView line should reflect the Layout XML file under res -> layout -> settings_activity.xml

You need to use a Theme.AppCompat theme (or descendant) with this activity.

Posted on September 25, 2020 by admin

https://stackoverflow.com/questions/21814825/you-need-to-use-a-theme-appcompat-theme-or-descendant-with-this-activity

You need to use a Theme.AppCompat theme (or descendant) with this activity.

Looks like you can get the above error resolved by adding the following to the Android Manifest file.

android:theme="@style/Theme.AppCompat.Light

LibreNMS upgrade PHP from 7.2 to 7.4 – CentOS 7

Posted on September 25, 2020 by admin

First you’ll need to install the remi repo

sudo wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo wget http://rpms.remirepo.net/enterprise/remi-release-7.rpm
rpm -Uvh remi-release-7.rpm epel-release-latest-7.noarch.rpm

You’ll need to install yum-utils, disable all old php versions, and enable the remi-php74

sudo yum install -y yum-utils
sudo yum-config-manager --disable remi-php56
sudo yum-config-manager --disable remi-php71
sudo yum-config-manager --disable remi-php72
sudo yum-config-manager --disable remi-php73
sudo yum-config-manager --enable remi-php74

If you run into issues you may want to see if you have the webtatic repo installed. I had to disable it to get php to update.

vi /etc/yum.repos.d/webtatic

[webtatic]
name=Webtatic Repository EL7 - $basearch
baseurl=https://repo.webtatic.com/yum/el7/$basearch/
mirrorlist=https://mirror.webtatic.com/yum/el7/$basearch/mirrorlist
failovermethod=priority
enabled=0   <- Disabled by changing to a 0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-webtatic-el7

And running the yum update should update it to php 7.4

sudo yum update

More information available here.

https://www.mysterydata.com/how-to-install-upgrade-to-php-7-4-on-rhel-centos-vestacp/

How To tell if an email on a cPanel server has been read from the command line

Posted on September 24, 2020 by admin

All of the emails in the email directories contain one of the following at the end of the filename

$ ls cur/ | cut -d: -f 2 | sort | uniq -c
54 2,               <- Not Read
12 2,ab             <- Not Read
83 2,S              <- Read
61 2,Sab            <- Read

The first two “2, and 2,ab” mean that the message has not been read. The bottom 2 “2,S and s,Sab” mean that the message has been read or “seen?”. Guess that is what the S is for. Not sure what ab is for.

cPanel Email Directories

Posted on September 24, 2020 by admin

In cPanel a users email files are stored in

/home/USER/mail/domain.com/user/

There is a hidden linked shortcut in

/home/USER/mail/.username.domain.com/

Spam Assassin settings are stored in

/home/username/.spamassassin/user_prefs

Email Logs

/var/log/exim_mainlog
/usr/local/cpanel/logs/login_log

Using SA-Learn to improve spam filtering in cPanel

Posted on September 23, 2020 by admin

More information available at the following link
https://forums.cpanel.net/resources/how-to-train-spamassassin-with-sa-learn.623/

Training on Spam

Train Spam from Junk email directories for email account. Replace USER with the domain admin username, DOMAIN.TLD with domain name, and ACCOUNT with the email address.

/usr/local/cpanel/3rdparty/bin/sa-learn -p /home/USER/.spamassassin/user_prefs --spam /home/USER/mail/DOMAIN.TLD/.ACCOUNT@DOMAIN.TLD/.Junk/{cur,new}

Use read emails in inbox as Ham

You can use the following script to feed sa-learn ham. The script looks at all the read messages for the current year in the default inbox and then feeds them individually to sa-learn

cd /home/USER/mail/
for emailHam in `ls -lt --time-style=long-iso {cur/,new/} | grep $(date | awk '{print $6}') | grep "2,S" | awk '{print $8}'`
do
/usr/local/cpanel/3rdparty/bin/sa-learn -p /home/${cpanelUser}/.spamassassin/user_prefs --ham ${mailbox}/{cur,new}/${emailHam}
done

Script to automate the process

You can use the following script to automatically train sa-learn. Create the script and then use Crontab to launch it.

Script

Create a file named sa-learn.sh and add the following contents to it.

#!/bin/bash

# Notes on cpanel mail
# - /home/cpanel_user/mail <- Default mail directory, all the email accounts are located in the domain.com directory, although there are hidden files in here that point to that.
# - the default catch all is in ..../mail

dateYear=`date +%Y`

echo "Starting Training"
for mailbox in `cat mailboxes.txt`; do
        cd ${mailbox}
        echo "training on Ham" for ${mailbox}
        cpanelUser=`echo ${mailbox} | cut -d\/ -f3`
        # Check Spam
        echo "Trainging on Spam, SPAM, spam, junk, Junk Email, and Junk folders"
        /usr/local/cpanel/3rdparty/bin/sa-learn -p /home/${cpanelUser}/.spamassassin/user_prefs --spam ${mailbox}/{".Junk Email"/{new/,cur/},.Junk/{new/,cur/},.junk/{new/,cur/},.spam/{new/,cur/},.Spam/{new/,cur/},.SPAM/{new/,cur/}}
        cd
        # Gets a list of seen messages for the current year to use as Ham
        for emailHam in `ls -lt --time-style=long-iso {cur/,new/} |  grep $(date | awk '{print $6}') | grep "2,S" | awk '{print $8}'`
        do
            /usr/local/cpanel/3rdparty/bin/sa-learn -p /home/${cpanelUser}/.spamassassin/user_prefs --ham ${mailbox}/{cur,new}/${emailHam}
        done
done

Create text file to hold mailbox paths

You’ll need to create a file called mailboxes.txt and put the email paths for the email accounts you want to run sa-learn against. The following is an example of what the file should look like.

/home/incredigeek/mail/.bob@incredigeek_com/
/home/incredigeek/mail/.larry@incredigeek_com/
/home/incredigeek/mail/.steve@incredigeek_com/
/home/incredigeek/mail/.admin@incredigeek_com/

Create Crontab

Add script to cron by running

crontab -e

and paste in the following to launch the script every day at 1AM

0 1 * * * /root/sa-learn.sh train && echo "training run at $(date)" >> /root/email_report.log

Save and you should be ready to go.