Category Archives: Linux

Postgresql in Docker

Let’s run up the Docker image with an instance of PostgreSQL

docker run --name mypostgres -d postgres

Now, connect to the instance so we can create a database etc.

docker exec -it mypostgres bash
createdb -U postgres MyDatabase

Note: if you find this error message psql: FATAL: role “root” does not exist, you’ll need to switch to the postgres user, see below.

Switch to the postgres user (su substitute user).

su postgres
psql

At which point, we’re now in the psql application and can create databases etc.

Setting up Ubuntu Server firewall

UFW is used as the firewall on Linux and in my case on Ubuntu server. UFW comes with a UI, but we’re going to use this on a headless server (hence no UI being used).

Status and enabling/disabling the firewall

Simply run the following to check whether your firewall is active or not

sudo ufw status

To enable the firewall simply use the following

sudo ufw enable

Use disable to disable the firewall (as you probably guessed).

Once enabled run the status command again and you should see a list showing which ports we have defined rules for and these will show whether to ALLOW or REJECT connections to port. For example

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
80/tcp                     ALLOW       Anywhere
443/tcp                    ALLOW       Anywhere
80                         ALLOW       Anywhere

Allow and reject access

We can allow access to a port, reject access to ports and reject outgoing traffic on ports. When we allow, reject incoming or reject outgoing access we’re creating firewall rules.

To allow access to SSH, for example we do the following

sudo ufw allow 22

This will allow tcp and udp access, but we can be more precise and just allow tcp by using

sudo ufw allow 22/tcp

As you can see from the previous output from the status option, we’ve enabled 22/tcp already.

To reject access to a port we use reject.

Note: If you’re access your server using SSH you probably don’t want to reject access to port 22, for obvious reasons, i.e. port 22 is used by SSH and this will block your access via SSH.

sudo ufw reject 80

Application profiles

UFW includes application profiles which allow us to enable predefined lists of permissions

sudo ufw app list

The applications listed from this command can also be seen by listing /etc/ufw/applications.d, so for example on my system I have a file name openssh-server, if you open this with nano (or your preferred editor), you’ll see an INI file format, for example

[OpenSSH]
title=Secure shell server, an rshd replacement
description=OpenSSH is a free implementation of the Secure Shell protocol.
ports=22/tcp

We can also use

sudo ufw app info OpenSSH

Replacing OpenSSH with the name of the application profile you want to view

As you can see, if our application profiles are just INI files, then you can create your own file and place it into the aforementioned folder and make it available to UFW. Once you’ve created your file you’ll need to tell UFW to load the application definitions using

sudo ufw app update MyApp

Replace MyApp with your application name in the above.

Ofcourse once we have these profiles we can allow, reject etc. using the application name, i.e.

sudo ufw allow OpenSSH

Logging

By default logging is disabled, we can turn it on using

sudo ufw logging on

Setting up swift on Ubuntu 20.04

This is an update to Setting up swift on Ubuntu 18.04 – installing Swift on Ubuntu 20.04.

Check out Downloads for the current info. from swift.org.

  • We need to install dependencies, so start with
    apt-get install binutils git gnupg2 libc6-dev libcurl4 libedit2 libgcc-9-dev libpython2.7 libsqlite3-0 libstdc++-9-dev libxml2 libz3-dev pkg-config tzdata uuid-dev zlib1g-dev
    
  • Next we need to download the tar for the version of Swift you’re targeting, mine’s Swift 5.5.2
    wget https://download.swift.org/swift-5.5.2-release/ubuntu2004/swift-5.5.2-RELEASE/swift-5.5.2-RELEASE-ubuntu20.04.tar.gz
    

Next up we should verify this download

  • First download the signature using
    wget https://swift.org/builds/swift-5.5.2-release/ubuntu2004/swift-5.5.2-RELEASE/swift-5.5.2-RELEASE-ubuntu20.04.tar.gz.sig
    
  • Now import the key
    wget -q -O - https://swift.org/keys/all-keys.asc | gpg --import -
    
  • Now run the following
    gpg --keyserver hkp://keyserver.ubuntu.com --refresh-keys Swift
    gpg --verify swift-5.5.2-RELEASE-ubuntu20.04.tar.gz.sig
    

Assuming everything’s verified we now want to extract the download into our preferred location – in my case I am just creating a folder name ~/Swift and extracting the tar to this location, running the following from this location

tar xzf swift-5.5.2-RELEASE-ubuntu20.04.tar.gz

Finally let’s update the path – I’ve added this to the last line of my .bashrc

export PATH=~/Swift/swift-5.5.2-RELEASE-ubuntu20.04/usr/bin:"${PATH}"

Checking who last logged in and when on Ubuntu Server

You might want to see a list of who logged into your Ubuntu server last or over a time period. Or maybe you want to take a look at more than just that and see more of an audit trail…

last

We can use the command last to display a “listing of last logged in users”. For example let’s just get the tail of the list using

last | tail

or ofcourse we might simple look through all entries using

last | less

What about if we know the user we’re interested in, then we can simply use

last -x Bob

Replacing Bob with the username you wish to look for.

There’s options to specify listing data after a specific time or before a time and more see

last --help

What if we want even more information.

/var/log/auth.log

Last works well if you’re interested in users logging into the server, but what about if we just want to check who’s access a shared drive or the likes, then we can check the /var/log/auth.log like this

sudo cat /var/log/auth.log
// or 
sudo less /var/log/auth.log
// or
sudo tail /var/log/auth.log

As per standard piping of commands, I’ve included an example of using less and tail, but basically we want to list the contents of the auth.log file. Ofcourse as it’s a file we can grep it (or whatever) as required.

This auth.log file lists sessions being opened and closed, cron jobs and lots more besides.

Ubuntu server auto upgrade

I have an Ubuntu server happily living it’s life as a NAS (and more) server which every now and then (if I forget to keep track of updates) it runs out of space on /boot causing issues removing old releases or partial updates to be a bit of a problem. So how do we either turn on or off automatic upgrades?

The configuration for this is stored in the file 20auto-upgrades. So we can edit the file using

sudo nano /etc/apt/apt.conf.d/20auto-upgrades

Within the file you’ll see something like this

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

Note: The “1” in the above are not True/False but the minimum number of days. So we could change from “1” to run weekly by changing this value to “7”. A value of “0” will disable the feature.

You can create the file yourself or run the following command to create the file (it can be used to turn on/off by running it on an existing file but that’s all)

sudo dpkg-reconfigure -plow unattended-upgrades

If you want to change the frequency of checks for updates you’ll need to edit the 20auto-upgrades manually (as already discussed).

References

AutomaticSecurityUpdates.
UnattendedUpgrades

Mounting a USB HDD on Ubuntu server

I’m running up my latest Raspberry Pi with a connected USB SSD and forgot how to mount the thing. So this post is a little reminder. Ofcourse the instruction are not exclusive to Raspberry Pi’s or Ubuntu, but hey I just wanted a back story to this post.

So you’ve connected your USB drive and you’ve got a SSH terminal (i.e. via PuTTY) session connected to you Ubuntu server, what’s next?

Where’s my drive

The first thing you need to figure out is where your drive is, i.e. what /dev/ location it’s assigned to.

  • Try running df, which reports disk space and usage, from this you might be able to spot your drive, in my case it’s /dev/sda1 and its obvious by the size of the drive
  • If this is not conclusive then run sudo fdisk -l this may help locate the disk

Mounting the drive

Assuming we’ve located the device, and for this example it is on /dev/sda1, how do we mount this drive?

  • Create a folder that will get mapped to our mounted drive, for example mkdir /media/external or whatever you want to name it
  • To mount the drive we now use
    sudo mount -t ntfs-3g /dev/sda1 /media/external
    

    Obviously this drive I’m mounting is an NTFS formatted drive, you might be using vfat or something else instead, so check. Then we simply have the source (/dev/sda1) mapping to the destination (/media/external) that we created.

    Note: without the mount taking place, ls the destination and you’ll see no files (if they exist on your drive). After you mount the drive. ls the destination to see the files on the USB drive.

As it currently stands, when you reboot you’ll have to mount the drive again.

Auto-mounting the drive

In scenarios where we’re not removing the drive and simply want the OS to automount our drive, we need to do a couple of things.

  • Find the UUID for the drive by running sudo blkid, next to the device, i.e. /dev/sda1 should be a UUID, copy or note down the string.
  • Run sudo nano fstab
  • Add a new line to the bottom of the file along these lines
    UUID=ABCDEFGHIJK /media/external auto nosiud,nodev,nofail 0 0
    

    and save the file

  • Run sudo mount -a to check for errors

Now when you reboot the machine the USB drive should be mounted automatically.

Using the Windows Subsystem for Linux

Whilst I have Linux machines available to me, they’re not always powered up or the remoting

See Windows Subsystem for Linux Installation Guide for Windows 10 for details on installing the WSL.

For completeness here’s the steps I took.

  • Run PowerShell as Admin and then execute the following

    Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux
    
  • Go to the Microsoft Store and type Run Linux on Windows into the search text box. In the store currently, there’s the options of Ubuntu, openSUSE Leap 42, SUSE Linux Enterprise Server 12, Debian and Kali Linux.

    Install your preferred distro – I went for Ubuntu simply because that’s what I have on most of my Linux boxes.

  • Once installed you’ll need to go to the command prompt | Properties and select the Options tab. From here ensure that Use legacy console (requires relaunch) is unchecked.

Once everything is initialized you’ll be in the user’s (whatever user name you created) home folder – on Windows this folder is stored in C:\Users\{username}\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\rootfs\home

We can access the C drive using

cd /mnt/c

Running the Linux from Windows

When you want to run the Windows Subsystem for Linux going forward, simply execute

wsl

Listing environment variables

Occasionally we might wish to see a list of all the current environment variables.

Windows

In Windows, from the command prompt, execute

set | more 

or from Powershell

Get-ChildItem Env:

Linux

Within Linux, from the shell, execute

printenv

How to log into a Linux server without a password

Let’s assume we have two Linux systems, client and server.

On the client, carry out the following steps

  • ssh-keygen
  • By default saves to /home/username/.ssh/id_rsa
  • Enter a passphrase (if you want to add one to the key)
  • ssh-copy-id root@server (replace root@server with your user name and server IP or host name)
  • You should get prompted for the server’s password, enter this and the key will be copied

To test everything worked, execute the following

ssh root@server

(obviously, replacing root@server with your user name and server IP or host name) and if all worked you should log into the server without having to enter a password.

Now for each server that you need ssh access without a password, simple run ssh-copy-id root@server with the username and server that you want to connect to.

Turning my Raspberry Pi Zero W into a Tomcat server

I just got hold of a Raspberry Pi Zero W and decided it’d be cool/fun to set it up as a Tomcat server.

Docker

I am (as some other posts might show) a bit of a fan of using Docker (although still a novice), so I went the same route with the Pi.

As per the post Docker comes to Raspberry Pi, run the following from you Pi’s shell

curl -sSL https://get.docker.com | sh

Next, add your username to the docker group (I’m using the standard pi user)

sudo usermod -aG docker pi

Pull Tomcat for Docker

Don’t forget, the Raspberry Pi uses an ARM processor, so whilst Docker can help in deploying many things, the image still needs to have been built on the ARM processor. Hence just trying to pull Tomcat will fail with a message such as

exec user process caused “exec format error”

So to install Tomcat use the izone image

docker pull izone/arm:tomcat

Let’s run Tomcat

To run Tomcat (as per the izone docker page). Run

docker run --rm --name Tomcat -h tomcat \
-e PASS="admin" \
-p 8080:8080 \
-ti izone/arm:tomcat

You’ll may need to wait a while before the Tomcat server is up and running, but once it is simply use your browser to navigate to

http://<pi-zero-ip-address>:8080/

and you should see the Tomcat home page.