Enable Logging for firewalld

Posted on October 6, 2021 by admin

Enabling logging on firewall rules can be beneficial for tracking why a certain rule is not behaving as you intended.

Enabling logging is relatively straight forward.

Enable Firewall Logging
Check Logs
Disable Firewall Logging (Optional)

Enable Firewall Logging

Quickest way to enable logging is to run

sudo firewall-cmd --set-log-denied=all

This changes the options in the /etc/firewalld/firewalld.conf config file. Options include all, unicast, broadcast, multicast, and off

The command also reloads the firewall so manually restarting the firewall is necessary.

Checking Logs

You can use dmesg to view the failed attempts or you can follow the messages log and filter to just show the rejects

sudo tail -f /var/log/messages | grep -i REJECT

You can now try to access the server or run a test to trigger a log event. In my case I tried initiating a SSH connection.

Oct  1 16:32:10 localhost kernel: FINAL_REJECT: IN=eno1 OUT= MAC=f8:ab:98:12:fe:11:a1:ec:a6:00:67:3e:97:00 SRC=192.168.1.1 DST=192.168.88.2 LEN=60 TOS=0x08 PREC=0x40 TTL=59 ID=43080 DF PROTO=TCP SPT=38192 DPT=22 WINDOW=52240 RES=0x00 SYN URGP=0

Interesting bits are bolded. Our destination port it 22 “ssh” and our source address is 192.168.1.1. If I want this IP to access the server, I’ll need to add the 192.168.1.1 IP range in the allowed IP ranges.

Disable Logging (Optional)

After you have finished troubleshooting your problem, you may want to turn the logging feature off so you don’t fill up the logs with failed entries.

You can turn it off with

sudo firewall-cmd --set-log-denied=off

We can verify that logging is off by running

sudo firewall-cmd --get-log-denied

If the firewall logging option is off it will return “off”

The following site has some more information and alternative ways

https://www.cyberciti.biz/faq/enable-firewalld-logging-for-denied-packets-on-linux/

Set coolbits value on Fedora Linux

Posted on September 16, 2021 by admin

You sometimes need to set the coolbits value to overclock your GPU on Linux

You’ll need to install nvidia-xconfig

sudo dnf install nvidia-xconfig

Then you can set the cool bits value with the following command. Change 24 to the appropriate cool bits value. Refer to the link below.

sudo nvidia-xconfig --cool-bits=28

It’ll create a new xorg config file. Reboot to take advantage of cool bits being enabled.

Multiple GPUs

If you have multiple GPUs, you will need to do the following to enable cool bits on each GPU.

sudo nvidia-xconfig -a --cool-bits=28 --allow-empty-initial-configuration

https://wiki.archlinux.org/title/NVIDIA/Tips_and_tricks#Enabling_overclocking

LibreNMS Error Running ./validate.php – Database: incorrect column…

Posted on September 9, 2021 by admin

LibreNMS error while running ./validate.php

Recently I started getting the following error while running ./validate.php.

$ sudo -u librenms ./validate.php
====================================
Component | Version
--------- | -------
LibreNMS  | 21.8.0-41-g0a76ca4
DB Schema | 2021_08_26_093522_config_value_to_medium_text (217)
PHP       | 7.4.20
Python    | 3.6.8
MySQL     | 10.5.10-MariaDB
RRDTool   | 1.4.8
SNMP      | NET-SNMP 5.7.2
====================================

[OK]    Composer Version: 2.1.6
[OK]    Dependencies up-to-date.
[OK]    Database connection successful
[FAIL]  Database: incorrect column (notifications/datetime)
[FAIL]  Database: incorrect column (users/created_at)
[FAIL]  We have detected that your database schema may be wrong, please report the following to us on Discord (https://t.libren.ms/discord) or the community site (https://t.libren.ms/5gscd):
        [FIX]:
        Run the following SQL statements to fix.
        SQL Statements:
         SET TIME_ZONE='+00:00';
         ALTER TABLE `notifications` CHANGE `datetime` `datetime` timestamp NOT NULL DEFAULT '1970-01-02 00:00:00' ;
         ALTER TABLE `users` CHANGE `created_at` `created_at` timestamp NOT NULL DEFAULT '1970-01-02 00:00:01' ;

Reading online it sounds like some of the recent changes are causing the issue. Looks fairly easy to resolve though.

First we’ll need to get a MySQL prompt. We’ll do that by running

mysql -u librenms -p librenms

It’ll ask use for the librenms user’s mysql password.

Once we have the MySQL prompt we can just copy and paste the commands in.

SET TIME_ZONE='+00:00';
ALTER TABLE `notifications` CHANGE `datetime` `datetime` timestamp NOT NULL DEFAULT '1970-01-02 00:00:00' ;
ALTER TABLE `users` CHANGE `created_at` `created_at` timestamp NOT NULL DEFAULT '1970-01-02 00:00:01' ;

Type ‘quit’ to exit MySQL and lets run the validate script again.

sudo -u librenms ./validate.php

Everything should check out OK.

Install Linux GUI application on Windows 10 WSL

Posted on August 2, 2021 by admin

Installing Linux GUI applications seems fairly easy on WSL 2. Main requirement is to have the graphics driver installed and the WSL being on version 2.

https://docs.microsoft.com/en-us/windows/wsl/tutorials/gui-apps

You can list WSL versions by running

wsl --list --verbose

Simple SH Ping script to scan a /24

Posted on July 14, 2021 by admin

This is a very simple ping script I created to run on a remote UniFi device to scan for other IP addresses on it’s network. It works on SH environments as well as Bash.

Paste the script in a ping.sh file and then

chmod +x ping.sh

run like so, replacing 192.168.1. with the IP range you want to scan.

sh ping.sh 192.168.1.

#!/bin/sh
# simple ping scan utility

# i.e. 192.168.0.
ipFirstPart=$1

ip=0
while [ $ip -ne 255 ] 
do 
  ip=$(($ip+1))
  ping -w1 $ipFirstPart${ip} | grep "64 bytes from"
done

Using sed to format a phone number

Posted on May 28, 2021 by admin

Formatting an unformated “phone” number using sed.

There may be a different and easier way to do this, but the main thing to learn here is the ^, $, and [[:digit:]] options.

^ refers to the first part of a line
& which is our searched for pattern
$ refers to an end part of the line
[[:digit:]] searches for, you guessed it. Digits!

The following command reads the incoming 10 digit number form echo and does the following.

the ^ tells it that the pattern needs to match at the beginning of the line
[[:digit:]] repeated tells it to search for three consecutive digits
(&) tells it to put brackets around the & which is our searched for pattern in the first part.
We then pipe that to another sed command which
searches for 4 consecutive digits
the $ tells it that it needs to be at the end of the line.

echo "1234567890" | sed -e 's/^[[:digit:]][[:digit:]][[:digit:]]/(&) /g' | sed -e 's/[[:digit:]][[:digit:]][[:digit:]][[:digit:]]$/-&/g'

Resulting output is

(123) 456-7890

The following link was helpful while searching what the ^ and $ options do.

https://www.computerhope.com/unix/used.htm

Give Linux user access (Write) to Hard Drives

Posted on May 13, 2021 by admin

This is fairly straight forward to resolve. You can run the following command and replace /media/username/drive with the path to your drive.

sudo chmod ugo+wx /media/username/drive

If you need to locate the path to your drive, try running

lsblk

It should show all the hard drives mount points

https://askubuntu.com/questions/90339/how-do-i-set-read-write-permissions-my-hard-drives

Snapper reverting changes on Fedora

Posted on April 26, 2021 by admin

List snapper BTRFS snapshots with

snapper list

If you are in recovery mode on Fedora, add –no-dbus right after the snapper command. e.g.

snapper --no-dbus list

You can use the diff command to list the changes that happened between snapshots.

snapper --no-dbus diff 108..109

And to undo a change or all the changes between a snapshot, do the following. Where 108..109 are all the changes you want to remove. So essentially going back to snapshot 108.

snapper --no-dbus -v undochange 108..109

https://documentation.suse.com/sles/11-SP4/html/SLES-all/cha-snapper.html

Error: Could not create the Java Virtual Machine

Posted on March 24, 2021 by admin

Apparently on some versions of Java checking the Java version will give you the following error.

root@local:~# java -v
Unrecognized option: -v
Error: Could not create the Java Virtual Machine.
Error: A fatal exception has occurred. Program will exit.
root@local:~#

The issue being the -v or –version options are not recognized. On newer versions of Java it is recognized.

The proper way to do it is -version with only one dash

root@local:~# java -version
openjdk version "1.8.0_252"
OpenJDK Runtime Environment (build 1.8.0_252-8u252-b09-1ubuntu1-b09)
OpenJDK 64-Bit Server VM (build 25.252-b09, mixed mode)
root@local:~#

https://askubuntu.com/questions/324858/installed-jdk-by-and-have-error-could-not-create-the-java-virtual-machine

Install KDE Desktop on Fedora 33

Posted on March 22, 2021 by admin

Installing KDE on Fedora is super simple. You can run the following command to install the whole KDE Plasma Workspace.

sudo dnf -y group install "KDE Plasma Workspaces"

Once installed, reboot and on the login screen select the Gear options and select Plasma

Incredigeek

Tag Archives: linux