Configure UFW Firewall on Ubuntu

Posted on by
Reply
UFW Firewall Status

Below are some simple commands around working with UFW. UFW is included in Ubuntu. However it may need to be enable.

Show status

sudo ufw status

Disable UFW Service

sudo systemctl stop ufw && sudo systemctl disable ufw

Stop UFW Service

sudo systemctl stop ufw

Start UFW service

sudo systemctl stop ufw

Enable UFW

sudo ufw enable

Allow SSH

sudo ufw allow 22/tcp

Show status

sudo ufw status numbered

Example output

sudo ufw status numbered
Status: active
To            Action   From 
--            ------   ----
[1] 3478/udp  ALLOW IN  Anywhere
[2] 5514/udp  ALLOW IN  Anywhere
[3] 8080/tcp  ALLOW IN  Anywhere
[4] 8443/tcp  ALLOW IN  Anywhere
[5] 8880/tcp  ALLOW IN  Anywhere
[6] 8843/tcp  ALLOW IN  Anywhere
[7] 6789/tcp  ALLOW IN  Anywhere
[8] 27117/tcp ALLOW IN  Anywhere
[9] 22/tcp    ALLOW IN  Anywhere

Delete rule

You need to know the number of the rule you want to delete. Replace number with the number of the rule from the status command

sudo ufw delete number

Reset rules

sudo ufw reset

Allow access to port from specific IP address

Example command allows access to SSH (port 22) from the 172.16.0.0/12 ip range.

sudo ufw allow proto tcp from 172.16.0.0/12 to any port 22

One note: It appears that you need to run the rule with every IP range you want to allow.

Allow access to port from all private IP ranges (RFC 1918)

If we wanted to allow SSH (port 22) from all local IP addresses, we would need to run the following three commands.

sudo ufw allow proto tcp from 10.0.0.0/8 to any port 22
sudo ufw allow proto tcp from 172.16.0.0/12 to any port 22
sudo ufw allow proto tcp from 192.168.0.0/16 to any port 22

The following link has more information regarding UFW firewall and subnets.
https://www.cyberciti.biz/faq/ufw-allow-incoming-ssh-connections-from-a-specific-ip-address-subnet-on-ubuntu-debian/

Kotlin, Launching Settings Activity is Showing Main Activity

Posted on by
Reply

The problem is that the code in SettingsActivity is not tied to the settings_activity.xml file. So it is using the activity_main.xml instead. It does in fact switch activities, the header at the top shows that it is in the Settings, but it shows the same information on the Main Activity. Problem showed up after copying and pasting code.

Check the following line under the initial onCreate function

override fun onCreate(savedInstanceState: Bundle?) {
        super.onCreate(savedInstanceState)
        setContentView(R.layout.activity_main)  // <-- Should be R.layout.settings_activity

The setContentView line should reflect the Layout XML file under res -> layout -> settings_activity.xml

You need to use a Theme.AppCompat theme (or descendant) with this activity.

Posted on by
Reply

https://stackoverflow.com/questions/21814825/you-need-to-use-a-theme-appcompat-theme-or-descendant-with-this-activity

You need to use a Theme.AppCompat theme (or descendant) with this activity.

Looks like you can get the above error resolved by adding the following to the Android Manifest file.

android:theme="@style/Theme.AppCompat.Light

LibreNMS upgrade PHP from 7.2 to 7.4 – CentOS 7

Posted on by
Reply

First you’ll need to install the remi repo

sudo wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo wget http://rpms.remirepo.net/enterprise/remi-release-7.rpm
rpm -Uvh remi-release-7.rpm epel-release-latest-7.noarch.rpm

You’ll need to install yum-utils, disable all old php versions, and enable the remi-php74

sudo yum install -y yum-utils
sudo yum-config-manager --disable remi-php56
sudo yum-config-manager --disable remi-php71
sudo yum-config-manager --disable remi-php72
sudo yum-config-manager --disable remi-php73
sudo yum-config-manager --enable remi-php74

If you run into issues you may want to see if you have the webtatic repo installed. I had to disable it to get php to update.

vi /etc/yum.repos.d/webtatic
[webtatic]
name=Webtatic Repository EL7 - $basearch
baseurl=https://repo.webtatic.com/yum/el7/$basearch/
mirrorlist=https://mirror.webtatic.com/yum/el7/$basearch/mirrorlist
failovermethod=priority
enabled=0   <- Disabled by changing to a 0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-webtatic-el7

And running the yum update should update it to php 7.4

sudo yum update

More information available here.

https://www.mysterydata.com/how-to-install-upgrade-to-php-7-4-on-rhel-centos-vestacp/

How To tell if an email on a cPanel server has been read from the command line

Posted on by
Reply

All of the emails in the email directories contain one of the following at the end of the filename

$ ls cur/ | cut -d: -f 2 | sort | uniq -c
54 2,               <- Not Read
12 2,ab             <- Not Read
83 2,S              <- Read
61 2,Sab            <- Read

The first two “2, and 2,ab” mean that the message has not been read. The bottom 2 “2,S and s,Sab” mean that the message has been read or “seen?”. Guess that is what the S is for. Not sure what ab is for.

Using SA-Learn to improve spam filtering in cPanel

Posted on by
Reply

More information available at the following link
https://forums.cpanel.net/resources/how-to-train-spamassassin-with-sa-learn.623/

Training on Spam

Train Spam from Junk email directories for email account. Replace USER with the domain admin username, DOMAIN.TLD with domain name, and ACCOUNT with the email address.

/usr/local/cpanel/3rdparty/bin/sa-learn -p /home/USER/.spamassassin/user_prefs --spam /home/USER/mail/DOMAIN.TLD/.ACCOUNT@DOMAIN.TLD/.Junk/{cur,new}

Use read emails in inbox as Ham

You can use the following script to feed sa-learn ham. The script looks at all the read messages for the current year in the default inbox and then feeds them individually to sa-learn

cd /home/USER/mail/
for emailHam in `ls -lt --time-style=long-iso {cur/,new/} | grep $(date | awk '{print $6}') | grep "2,S" | awk '{print $8}'`
do
/usr/local/cpanel/3rdparty/bin/sa-learn -p /home/${cpanelUser}/.spamassassin/user_prefs --ham ${mailbox}/{cur,new}/${emailHam}
done

Script to automate the process

You can use the following script to automatically train sa-learn. Create the script and then use Crontab to launch it.

Script

Create a file named sa-learn.sh and add the following contents to it.

#!/bin/bash

# Notes on cpanel mail
# - /home/cpanel_user/mail <- Default mail directory, all the email accounts are located in the domain.com directory, although there are hidden files in here that point to that.
# - the default catch all is in ..../mail

dateYear=`date +%Y`

echo "Starting Training"
for mailbox in `cat mailboxes.txt`; do
        cd ${mailbox}
        echo "training on Ham" for ${mailbox}
        cpanelUser=`echo ${mailbox} | cut -d\/ -f3`
        # Check Spam
        echo "Trainging on Spam, SPAM, spam, junk, Junk Email, and Junk folders"
        /usr/local/cpanel/3rdparty/bin/sa-learn -p /home/${cpanelUser}/.spamassassin/user_prefs --spam ${mailbox}/{".Junk Email"/{new/,cur/},.Junk/{new/,cur/},.junk/{new/,cur/},.spam/{new/,cur/},.Spam/{new/,cur/},.SPAM/{new/,cur/}}
        cd
        # Gets a list of seen messages for the current year to use as Ham
        for emailHam in `ls -lt --time-style=long-iso {cur/,new/} |  grep $(date | awk '{print $6}') | grep "2,S" | awk '{print $8}'`
        do
            /usr/local/cpanel/3rdparty/bin/sa-learn -p /home/${cpanelUser}/.spamassassin/user_prefs --ham ${mailbox}/{cur,new}/${emailHam}
        done
done

Create text file to hold mailbox paths

You’ll need to create a file called mailboxes.txt and put the email paths for the email accounts you want to run sa-learn against. The following is an example of what the file should look like.

/home/incredigeek/mail/.bob@incredigeek_com/
/home/incredigeek/mail/.larry@incredigeek_com/
/home/incredigeek/mail/.steve@incredigeek_com/
/home/incredigeek/mail/.admin@incredigeek_com/

Create Crontab

Add script to cron by running

crontab -e

and paste in the following to launch the script every day at 1AM

0 1 * * * /root/sa-learn.sh train && echo "training run at $(date)" >> /root/email_report.log

Save and you should be ready to go.

Cambium R195W cnPilot Routers Randomly Dropping

Posted on by
Reply

The Problem

We have been experiencing a problem with our Cambium routers where they randomly drop and are unresponsive till a reboot. They’ll also stop handing out addresses on the LAN side.

A reboot “fixes” the problem, until it does it again. You can trigger the behavior by running a port scan against the router. Wondering if the CPU/Memory get overloaded?

nmap -T4 -A -v 192.168.11.1

While running a scan on the LAN side, the web interface slows down, but doesn’t seem to take it down as fast as a scan on the WAN side.

goahead.sh is a script that may be maxing out the cpu, but could be completely unrelated.

Resolution

Configuring the “Allowed Remote IP(IP1;IP2;)” to limit WAN access effectively blocks port scans and resolves the issue. Setting is under Administration -> Management -> Web Settings. You can add multiple ranges with

10.0.0.0/8;172.16.0.0/12;192.168.0.0/16
Configure Allowed Remote IP cnPilot R195W

It looks like the public ip ranges are limited to /24’s so if you you have a block of public IP addresses larger than a /24, you’ll need to break it down into 24’s to work properly.

Template for cnMaestro

You can also create a template in the Cambium Cloud so you can apply the change to multiple routers fairly easily.

Go to Configuration -> Templates and add a new template.

WebRemoteLegalIP=10.0.0.0/8;192.168.0.0/16;172.16.0.0/12
WebRemoteLegalIP template for cnMaestro

And then you can go to your device -> Configuration and apply your new config.

Apply Allowed WAN IPs Template

Do note that if you run a scan from an allowed range, it still seems to cause problems. But at least setting the Allowed Remote IPs will keep others from scanning your network and causing problems on your R195’s.