Categories
Linux

Transmission NordVPN Service

The following is a script I wrote to update the transmission-daemon ipv4 bind address with whatever is assigned to my devices tun0 interface.

#!/bin/bash

############################################################################################################
#A script to update the transmission bind-address-ipv4 value with the active tun0 IP from NordVPN.
#
#This script:
#
#       - Hard codes the transmission-daemon settings.json path
#       - Grabs the "bind-address-ipv4" line from the settings.json file
#       - Grabs the active IP on NordVPNs tun0 iface
#       - exits if there is no ip on tun0 iface and logs an error
#       - compares the settings.json ip with the tun0 ip:
#               If theyre different:
#                       - stops the transmission-daemon service
#                       - updates settings.json line "bind-address-ipv4" with the tun0 IP
#                       - starts the ransmission-daemon service
#                       - logs the change as local0.info and exits cleanly
#               If theyre the same:
#                       - logs the match as local0.info and exits cleanly
############################################################################################################
# Called via the simple service:
#
# NAME: /etc/systemd/system/update-transd-wnordvpnip.service
#
#[Unit]
#Description=Run script to update transmission config with nordvpn IP after nordvpnd.service has connected
#Requires=nordvpnd.service
#After=transmission-daemon.service
#
#[Service]
#Type=simple
#RemainAfterExit=yes
#ExecStart=/usr/local/bin/update_transmission_with_vpnip.sh
#Restart=on-failure
#RestartSec=10
#KillMode=process
#
#[Install]
#WantedBy=multi-user.target
#/etc/systemd/system/update-transd-wnordvpnip.service
############################################################################################################

############################################################################################################
# Define with the variables - these could be moved to script arguments in the future
############################################################################################################
# The transmission setttings file
transconf="/var/lib/transmission/.config/transmission-daemon/settings.json"

# locate the IP bind address and assign it
transbindip=$(grep "bind-address-ipv4" ${transconf})

# Get the ipv4 address of vpn tun0:
tunip=$(ifconfig tun0 | grep 'inet' | awk '{print $2}')

############################################################################################################
# Define the functions of the script
############################################################################################################
check_service_response(){

        if [ $? == 0 ]; then
                printf "\n$1 service $2"
        else
                printf "\n$1 service failed $2, exiting...\n\n"
                logger -p local0.err "transmission-ip-update : Failed to $2 the $1 service"
                exit 2
        fi
}

change_service_state(){

        if [ $(systemctl is-active $1)  == "active" ]; then
		
                printf "\nStopping the $1 service...\n\n"
                systemctl stop $1
                check_service_response transmission-daemon 'stop'
				
        else
		
                printf "\nStarting the $1 service...\n\n"
                systemctl start $1
                check_service_response transmission-daemon 'start'
				
        fi
}

update_transd_bindip(){
        change_service_state transmission-daemon

        printf "\nUpdating the $transconf file with the new IP $tunip\n\n"
        # update the $transconf with the $tunip
        sed -i "s/\"bind-address-ipv4\": \".*\",/\"bind-address-ipv4\": \"$tunip\",/g" ${transconf}

        # start the transmission-daemon service
        change_service_state transmission-daemon
}

eval_and_update_transdbindip(){
        # If there is not tun0 IP then log the error and wait 5 mins
        if [[ ${tunip} == "" || ${tunip} == "0.0.0.0"  ]]; then

                printf "\nThere is no IP assigned to tun0\n\n"
                # Log the failure as an error and exit on code 2
                logger -p local0.err "transmission-ip-update : NordVPNs tun0 interface has no IP assigned"

        # if the transmission-daemon ipv4bindIP is the same as the tun0 IP on the VPN just log and wait 5 mins
        elif  [ "${transbindip}" == "    \"bind-address-ipv4\": \"${tunip}\"," ]; then

                printf "\nThe Transmission daemon and tun0 IP match\n\n"
                logger -p local0.info "transmission-ip-update : NordVPNs tun0 ip ${tunip} matches the file (${transconf} = ${transbindip})"

        # if the transmission-daemon ipv4bindIP is not the same as the tun0 IPs then update the config and service
        elif [ "${transbindip}" != "    \"bind-address-ipv4\": \"${tunip}\"," ]; then

                printf "\nThe transmission-daemon $transbindip does not match $tunip\n\n"
                logger -p local0.info "transmission-ip-update : new tun0 IP ${tunip} discovered, updating ${transconf}"
                update_transd_bindip

        fi
}

############################################################################################################
# Main Section, 5 minute infinite while loop calling functions & resetting $tunip variable
############################################################################################################
while true; do

	# First refresh the $tunip & $transbindip variables with the latest values
	tunip=$(ifconfig tun0 | grep 'inet' | awk '{print $2}')
	transbindip=$(grep "bind-address-ipv4" ${transconf})

	# Then call the function to compare the tun0 iface IP ($tunip) with the
	# transmission-daemon settings.json bind ipv4 ($transbindip) and take action
	eval_and_update_transdbindip

	# Then sleep for 5 mins and repeat these checks forever
	sleep 5m

done
############################################################################################################
# END
############################################################################################################
Categories
Linux

Vi reminders

Cursor movement

  • h – move left
  • j – move down
  • k – move up
  • l – move right
  • w – jump by start of words (punctuation considered words)
  • W – jump by words (spaces separate words)
  • e – jump to end of words (punctuation considered words)
  • E – jump to end of words (no punctuation)
  • b – jump backward by words (punctuation considered words)
  • B – jump backward by words (no punctuation)
  • 0 – (zero) start of line
  • ^ – first non-blank character of line
  • $ – end of line
  • G – Go To command (prefix with number – 5G goes to line 5)

Note: Prefix a cursor movement command with a number to repeat it. For example, 4j moves down 4 lines.

Insert Mode – Inserting/Appending text

  • i – start insert mode at cursor
  • I – insert at the beginning of the line
  • a – append after the cursor
  • A – append at the end of the line
  • o – open (append) blank line below current line (no need to press return)
  • O – open blank line above current line
  • ea – append at end of word
  • Esc – exit insert mode

Editing

  • r – replace a single character (does not use insert mode)
  • J – join line below to the current one
  • cc – change (replace) an entire line
  • cw – change (replace) to the end of word
  • c$ – change (replace) to the end of line
  • s – delete character at cursor and subsitute text
  • S – delete line at cursor and substitute text (same as cc)
  • xp – transpose two letters (delete and paste, technically)
  • u – undo
  • . – repeat last command

Marking text (visual mode)

  • v – start visual mode, mark lines, then do command (such as y-yank)
  • V – start Linewise visual mode
  • o – move to other end of marked area
  • Ctrl+v – start visual block mode
  • O – move to Other corner of block
  • aw – mark a word
  • ab – a () block (with braces)
  • aB – a {} block (with brackets)
  • ib – inner () block
  • iB – inner {} block
  • Esc – exit visual mode

Visual commands

  • > – shift right
  • < – shift left
  • y – yank (copy) marked text
  • d – delete marked text
  • ~ – switch case

Cut and Paste

  • yy – yank (copy) a line
  • 2yy – yank 2 lines
  • yw – yank word
  • y$ – yank to end of line
  • p – put (paste) the clipboard after cursor
  • P – put (paste) before cursor
  • dd – delete (cut) a line
  • dw – delete (cut) the current word
  • x – delete (cut) current character

Exiting

  • :w – write (save) the file, but don’t exit
  • :wq – write (save) and quit
  • :q – quit (fails if anything has changed)
  • :q! – quit and throw away changes

Search/Replace

  • /pattern – search for pattern
  • ?pattern – search backward for pattern
  • n – repeat search in same direction
  • N – repeat search in opposite direction
  • :%s/old/new/g – replace all old with new throughout file
  • :%s/old/new/gc – replace all old with new throughout file with confirmations

Working with multiple files

  • :e filename – Edit a file in a new buffer
  • :bnext (or :bn) – go to next buffer
  • :bprev (of :bp) – go to previous buffer
  • :bd – delete a buffer (close a file)
  • :sp filename – Open a file in a new buffer and split window
  • ctrl+ws – Split windows
  • ctrl+ww – switch between windows
  • ctrl+wq – Quit a window
  • ctrl+wv – Split windows vertically

thanks to Tim at https://www.worldtimzone.com

Categories
Dell Linux

iDrac 6, Linux, Firefox & Natively Unsupported Virtual Console

So after a couple of hours toying and reading online (links to other pages which aided me in this assessment at the end of this post) I’d like to record the specific binaries and config changes I needed to make to access an elderly iDrac6 Virtual Console session from Firefox.

My environment:
Client:
Fedora 32
Firefox 80

Elderly Dell Server:
iDrac 6
Firmware 3.75 (Build 5)

  1. Downloaded, verified & installed the latest Oracle Java version in a .rpm format from
    https://www.java.com/en/download/linux_manual.jsp
  2. Run the /usr/java/latest/bin/jcontrol to open the Oracle Java control panel.
    Navigate to the “Security” tab, ensure “High” is the selected security level and then add your iDrac website address to the “Exception Site List” as shown in the example image below:
Oracle Java Control Panel Site Exception Example

3. Next, for my version of iDrac which uses the MD5 algorithm for security I needed to permit this, it is disabled by default in modern Java.
Edit /usr/java/jre1.8.0_261-i586/lib/security/java.security (your version may vary of course) and locate the following line, around about line number 612:

jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024

4. Copy and paste this line below itself, comment out the original and then edit the copy to read as follows (removing the MD5 entry)

jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024, DSA keySize < 1024

5. That’s it, now visit the iDrac web interface, download the .jnlp file and run it with the following command:

javaws /path/to/the/downloaded/filename.jnlp

Do remember to restore the commented line and comment the edited line in your /usr/java/jre1.8.0_261-i586/lib/security/java.security file after use – not good to leave insecure algorithms available to a commonly exploited platform!

References:
https://velenux.wordpress.com/2017/06/07/workaround-for-javaws-jnpl-error-cannot-grant-permissions-to-unsigned-jars/

https://unix.stackexchange.com/questions/143805/running-unsigned-javaws-code

Categories
Linux

Dell Perc RAID CLI

The following are a few commands using the Dell perccli64 tool which can be downloaded from Dell (https://www.dell.com/support/home/en-uk/drivers/driversdetails?driverId=F48C2)

/opt/MegaRAID/perccli/perccli64 /c0 show 
/opt/MegaRAID/perccli/perccli64 /c0 /e32 show

Categories
Linux Software

OSSEC Rule Examples

Direct copy from the blog https://akmalhisyam.my/blog/ossec-creating-custom-rules for my reference – thanks Akmal!

When parsing log, OSSEC will look at level 0 first, and then highest level -> lowest levelOSSEC will not produce alert for rules with level 0It is best to put custom rules in local_rules.xml or other file to avoid being overwritten during upgradeossec-logtest is a very useful tool to test your rules & decoder

Example

Silencing certain rules

<rule id="100030" level="0">
  <if_sid>503,502</if_sid>
  <description>List of rules to be ignored.</description>
</rule>

OSSEC will not produce any alert when rule 502 and 503 is triggered


Ignore alert if rules triggered by certain IP

<rule id="100225" level="0">
  <if_sid>40101</if_sid>
  <srcip>127.0.0.1</srcip>
  <description>Ignore this</description>
</rule>

If rule 40101 triggered by 127.0.0.1, dont produce any alert


Ignore alert if contains certain strings

<rule id="100223" level="0">
  <if_sid>1002</if_sid>
  <match>terrorist|terror|femmefatale|heart-attack</match>
  <description>Ignore 1002 false positive</description>
</rule>

OSSEC is using OS_match/sregex syntax in <match>


Ignore alert if contains certain strings (using regex)

<rule id="100207" level="4">
  <if_sid>1002,1003</if_sid>
  <regex>^WordPress database error You have an error in your SQL syntax(\.*)functionName$</regex>
  <description>Unescaped SQL query, known issue</description>
</rule>

OSSEC is using OS_regex/regex syntax in <regex>


Trigger custom rule when certain field match certain value in cdb list

<rule id="100215" level="5">
  <if_sid>31101</if_sid>
  <list lookup="match_key" field="url">rules/badurl</list>
  <description>URL is in badurl</description>
</rule>

Trigger custom rule when certain rules is fired x time within n second from same srcip

<rule id="100216" level="10" frequency="4" timeframe="90">
  <if_matched_sid>100215</if_matched_sid>
  <same_source_ip />
  <description>Multiple badurl access </description>
  <description>from same source ip.</description>
  <group>web_scan,recon,</group>
</rule>

Overriding rules

<rule id="1003" level="13" overwrite="yes" maxsize="2000">
  <description>Non standard syslog message (size too large).</description>
</rule>

Original rule 1003 have 10245 as its maxsize. Using overwrite=”yes” will make OSSEC overwrite certain field in original rule


Custom rule group

<group name="app_error">
  <rule id="100207" level="4">
    <if_sid>1002,1003</if_sid>
    <regex>^WordPress database error You have an error in your SQL syntax(\.*)functionName$</regex>
    <description>Unescaped SQL query, known issue</description>
  </rule>

  <rule id="100218" level="0">
    <if_sid>1003</if_sid>
    <match>WUID | WTB</match>
    <description>ignorance is bliss</description>
  </rule>
</group>
Categories
Linux

Linux firewall-cmd

A few useful firewall-cmd syntax examples:

firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" service name="https" source address="<<CIDR SUBNET HERE>>"  accept'
Categories
Linux

RHEL Subscription Manager Useful Commands

The following was copied from <https://access.redhat.com/discussions/3312101?tour=8> and provides a method of cleaning all subscription manager configuration and re-subscribing – you’ll need an active account with Red Hat to complete this though they do offer free developer accounts (use your account name and not your email address as the username!)

sudo subscription-manager remove --all
sudo subscription-manager unregister
sudo subscription-manager clean

sudo subscription-manager register
sudo subscription-manager refresh
sudo subscription-manager attach --auto
Categories
Linux

verifying RPM files

The following command will report back the signing key and other useful details for an rpm package:

rpm -qp1 <rpm package name>

Categories
Linux

Linux Ubuntu Kernel Management

To revert to the latest recommended kernel:

sudo apt-get install --install-recommends linux-generic-hwe-18.04

To maintain the kernel and cleanse the unused:

You should check partially removed kernels with

dpkg -l linux-image-\* | grep ^rc

and remove them with for example sudo apt-get purge linux-image-4.4.0-101-generic.

Purging will remove initramfs generation rules from /var/lib/initramfs-tools/.

If it does not help, you can remove them manually from initramfs list:

sudo rm /var/lib/initramfs-tools/3.13.0-39-generic
sudo rm /var/lib/initramfs-tools/4.4.0-101-generic
sudo rm /var/lib/initramfs-tools/4.4.0-103-generic
sudo rm /var/lib/initramfs-tools/4.4.0-38-generic
sudo rm /var/lib/initramfs-tools/4.4.0-45-generic
sudo rm /var/lib/initramfs-tools/4.4.0-59-generic
sudo rm /var/lib/initramfs-tools/4.4.0-77-generic
sudo rm /var/lib/initramfs-tools/4.4.0-78-generic
sudo rm /var/lib/initramfs-tools/4.4.0-81-generic

Usually I run purge-old-kernels followed by sudo apt-get autoremove to have only 2 recent kernels.

You can reinstall installed kernels with their initramfses:

sudo apt-get install --reinstall \
$(dpkg -l linux-image-\* | grep ^ii | awk '{print $2}')

ref: https://askubuntu.com/questions/1001285/why-are-old-initrd-files-of-uninstalled-kernels-filling-up-boot-partition

Categories
Linux

Linux du folder sizes

List all folders in the /path/to/parent directory along with their size in (h)uman readable (m)egabytes

du -mh /path/to/parent --max-depth=1