Linux

OpenVPN Access Server on Ubuntu

I recently retired my OpenVPN Turnkey appliance and needed to get my VPN solution up and running again. I decided to go with installing OpenVPN Access Server on a clean install of Ubuntu Server to create a stable and light weight Virtual Private Network (VPN) to access my network.

I chose to go with OpenVPN AS because its using the OpenVPN I know and trust, but it also has the value added feature of an administrative server used for user and access management.

Setup is straight forward after a few small prerequisites are established.

Requirements:

  • Ubuntu Server – Running the latest version and updates. I am using 16.04.2-as my base
  • Root or possibly sudo access

Software:

Download the latest release of the OpenVPN AS Server
https://openvpn.net/index.php/access-server/download-openvpn-as-sw.html

The direct Ubuntu installs here

 

The following steps can be used to download and install:

  1. Download the install package: wget http://swupdate.openvpn.org/as/openvpn-as-2.1.9-Ubuntu16.amd_64.deb
  2. Install the downloaded package: dpkg -i openvpn-as-2.1.9-Ubuntu16.amd_64.deb
  3. Change the password for the openvpn user: passwd openvpn

When the installation has completed, the Access Server web UIs will be available here:
Admin UI: https://<yourip>:943/admin
Client UI: https://<yourip>:943/

 

And just like that you now can take better control over your privacy, security.

Note: I did not go over the configuration of OpenVPN AS, I may do this in another post. I just wanted to run though the steps of getting this software installed.

Ubuntu Linux for Windows 10 Released On Windows App Store

We can now get Ubuntu Linux for Windows 10 from the Windows App Store. Hows that for an amazing new feature. Simply open the Windows store and search for “Ubuntu”. I would be remiss if i didn’t mention that Windows Insiders Members get first go at this new application.

Also to note that this is not a full version of the Linux Operating System “Ubuntu”. This application is mainly utilizing terminal via bash with included gui-less utilities such as  ssh, git, apt, etc…

  • Navigate to Control Panel > Program and Features
  • Select Turn Windows features on or off
  • Select Windows Subsystems for Linux and Click OK
  • Reboot

 

 

 

Linux Commands, And More Commands

I have posted about commands in the past. I am now ‘rebooting’ that post adding additional commands that I find useful.

File Transfer:

$ scp somefile.txt server:/tmp Secure copies somefile.txt to remote host /tmp folder

$ scp sysadmin@server:/www/*.html /www/tmp Copies *.html files from remote host to current system /www/tmp folder

$ scp -r sysadmin@server:/www /www/tmp Copies all files and folders recursively from remote server to the current system /www/tmp folder

$ rsync -a /home/backup /backup/ Synchronizes source to destination

 

File and Folder Archive:

$ tar cf home.tar home Creates tar named home.tar containing home/

$ tar xf file.tar Extracts the files from file.tar

$ tar czf file.tar.gz files Creates a tar with gzip compression

$ gzip file Compresses the file and renames it to file.gz

 

Networking Stuff:

$ ifconfig -a Display all network ports and ip address

$ ifconfig eth0 Display specific ethernet port ip address and details

$ ip addr show Display all network interfaces and ip address(available in iproute2 package,powerful than ifconfig)

$ ip address add 10.0.0.1 dev eth0 Set ip address

$ ethtool eth0 Linux tool to show ethernet status

$ mii-tool eth0 Linux tool to show ethernet status

$ ping host Sends echo request to test connection

$ whois domain Get who is information for domain

$ dig domain Get DNS information for domain

$ dig -x host Reverse lookup host

$ host google.com Lookup DNS ip address for the name

$ hostname -i Lookup local ip address

$ wget file Download file

$ netstat -tupl Listing all active listening ports(tcp,udp,pid)

$ ssh user@host Connects to host as user

$ ssh -p port user@host Connects to host using specific port

$ telnet host Connects to the system using telnet port

 

Permissions:

$ chmod 777 /data/test.c Sets rwx permission for owner , rwx permission for group, rwx permission for world

$ chmod 755 /data/test.c Sets rwx permission for owner,rx for group and world

$ chown owner-user file Changes the owner of the file

$ chown owner-user:owner-group file-name Changes the owner and group owner of the file

$ chown owner-user:owner-group directory Changes the owner and group owner of the directory

 

Process Management:

$ ps Displays your currently active processes

$ ps aux | grep ‘telnet’ Finds all process id related to telnet process

$ pmap Memory map of process

$ top Display all running processes

$ kill pid Kill process with mentioned pid id

$ killall proc Kill all processes named proc

$ sleep 10 & Sleeps at the background

$ kill ‘JobNumber ‘ Terminates the job

$ jobs Display the jobs

$ pkill processname Send signal to a process with its name

$ bg Resumes suspended jobs without bringing them to foreground

$ fg Brings the most recent job to foreground

$ fg n Brings job n to the foreground

 

Useful File Commands:

$ cd .. To go up one level of the directory tree

$ cd Goes to $HOME directory

$ cd /test Changes to /test directory

$ ls gives the contents of a folder.

$ ls -a gives all the contents of a folder.

$ mkdir FolderName creates the folder FolderName.

$ cd Directory makes the Directory current directory

$ pwd prints the working directory

$ cp ~/Desktop/Berk/backups/science.txt . copy science.txt to the current directory

$ mv backups/science.txt /Desktop/Emi moves science.txt to folder Emi

$ rm temp.txt removes the temp.txt file

$ clear clear screen

$ cat science.txt Display contents of a file on the screen

$ less science.txt Displays on a different page ( type q to close the page)

$ less science.txt and then /name finds the occurences of name

$ head science.txt displays the first ten lines of the file

$ tail science.txt displays the last ten lines of the file

$ tail -20 science.txt displays the last 20 lines of the file

$ grep ‘searchedkeyword’ science.txt searches and finds the keyword in the file.(case sensitive)

$ grep -i SeaRchEdKeyWoRd science.txt case insensitive search

$ grep -i ‘SeaRched Sentence is this one’ science.txt case insensitive search

instead of i we can use;
-n precede each matching line with the line number
-v display those lines that do not match
-c print only the total count of matching lines

$ find -name “*.txt” -print finds the text files in the current directory

$ diff a.txt b.txt gives the different lines

$ wc -w science.txt gives the word count

$ wc -l science.txt gives the line count

$ cat > list1
pear
banana

ctrl+d

creates a list and we can print this list by using:

$ cat list1 command line.

$ cat biglist | grep p | sort gives sorted list elements which include p

$ sort < biglist > sortedlist sorts the biglist and writes it to the sortedlist

$ ls list* outputs the filenames starting with ‘list’

$ ls *list outputs the filenames ending with ‘list’

$ ls ?un outputs the filenames ending with ‘un’ but just one letter. (e.g. sun, gun, bun)

$ man ____ gives information about the command in the underlined section.

$ whatis ____ gives information about the command in the underlined section.

$ ls -l gives detailed information about the gfiles in the directory

u:user
g:group
o:other people
rwx: read write execute
rw: read write
r: read
x: execute

$ chmod u+x TheFile adds writing permission to the user(owner) of TheFile

$ chmod go-rwx biglist to remove read write and execute permissions on the file biglist for the group and others

$ chmod 754 TheFile 7, 5, 4 represents the individual permissions for user, group, other (7:rwx, 5:rx, 4:r)

4 – stands for “read”
2 – stands for “write”
1 – stands for “execute”
0 – no permissions

$ du -s * The du command outputs the number of kilobyes used by each subdirectory.

$ df . The df command reports on the space left on the file system.

$ gzip science.txt Compresses into a gzip file

$ gunzip science.txt.gz De-compresses into the original file

$ tar cvf New.tar addthisfileintotar Create a tar file called New and add this file.

$ tar xvf New.tar Extracts the tar file

$ zcat science.txt.gz reads zipped files without unzipping

$ file * Classifies the files in the current directory ( folder, text, gzip, etc.)

$ name=Berk
$ echo Hello $name Prints ‘Hello Berk’

$ sha1sum FileName | grep e509760917361307015 Compares the checksum of a downloaded file and the calculated one.

$ gpg -c file Encrypts file

$ gpg file.gpg Decrypts file

 

User Related:

$ id Shows the active user id with login and group

$ last Shows last logins on the system

$ who Shows who is logged on the system

$ groupadd admin Adds group “admin”

$ useradd -c “Jermal Smith” -g admin -m sam Creates user “sam” and adds to group “admin”

$ userdel sam Deletes user sam

$ adduser sam Adds user “sam”

$ usermod Modifies user information

 

System Statistics:

$ top Displays the top CPU processes (Ctrl+C to exit)

$ vmstat 2 Displays virtual memory statistics

$ sudo tcpdump -i eth0 Captures all packets flows on interface eth0

$ sudo tcpdump -i eth0 ‘port 80’ Monitors all traffic on port 80 ( HTTP )

$ lsof Lists all open files belonging to all active processes.

$ lsof -u myuser Lists files opened by specific user

$ watch df -h Shows changeable data continuously

 

System Info:

$ uname -a Displays Linux system information

$ uname -r Displays kernel release information

$ uptime Shows how long system running + load

$ hostname Shows system host name

$ hostname -i Displays the IP address of the host

$ last reboot Shows system reboot history

$ date Shows the current date and time

$ cal Shows this month calendar

$ whoami Shows who you are logged in as

 

Hardware Info:

$ dmesg Detected hardware and boot messages

$ cat /proc/meminfo Hardware memory information

$ cat /proc/cpuinfo CPU model information

$ cat /proc/interrupts Lists the number of interrupts per CPU per I/O device

$ sudo lshw Displays information on hardware configuration of the system

$ lsblk Displays block device related information in Linux (sudo yum install util-linux-ng)

$ free -m Displays used and free memory (-m for MB)

$ lsusb -tv Shows USB devices

$ dmidecode Shows hardware info from the BIOS

$ hdparm -i /dev/sda # Shows info about disk sda

$ hdparm -tT /dev/sda # Do a read speed test on disk sda

$ badblocks -s /dev/sda # Test for unreadable blocks on disk sda

 

My eth0 is now called eno16777736

Interesting and new to me is that my network interface which was known to be called eth0 is now called eno16777736 in my new installs.

The following document indicates that 16777736 is the device’s acpi_index as provided by the firmware (BIOS/EFI)

This seems to happen on my VMware hosts where I’ve installed the latest Ubuntu OS releases. I am still looking into why this is happening and will update as soon as I have a better understanding.

For now, here is some info I found:

What does “eno” stand for?

en is for Ethernet
o is for on-board
The number is a firmware/BIOS provided index.

 

The su Command: Elevate Yourself

OS:  Unix / Linux

Often called the “Super User” command. The su (short for substitute user) command makes it possible to change a login session’s owner without the owner having to first log out of that session.

Although su can be used to change the ownership of a session to any user, it is most commonly used to change the ownership from an ordinary user to the root (i.e., administrative) user, thereby providing access to all parts of and all commands on the computer or system.

And like that of Goku from Dragon Ball Z you elevate yourself to be a powerful user.

Usage example:

sysadmin@jermsmit:~$ su
Password:
root@jermsmit:/home/sysadmin#

 

TunnelBear – Simple, Private and Free

TunnelBear has just launched a Chrome extension that helps to protect your privacy on a Chromebook, Android, iPhone, iPad, PC & Mac

TunnelBear is a Canadian company famous for making super easy to use privacy tools. They specialize in VPN services that allow your phone and computers to be secure when using public WiFi hotspots. Their service also allows you to “tunnel” into another country to get around content blocking by governments or media companies.

Today TunnelBear is launching a public beta version of their new Chrome extension. When installed, it will protect everything you do in Chrome by running it through an encrypted web proxy.

For Chromebook users, almost everything you do should be encrypted, making it a great tool to have. For Windows, Mac, or Linux users, please note that only your Chrome connection will be secured – not the rest of your system’s traffic.

TunnelBear offers a free plan for those with low data usage, or a very cheap paid plan for everyone else.

Credit for the original post: https://plus.google.com/+CraigTumblison  Thanks dude

Tech Short: Generate Pi to a given number in Linux

Its Pi day – Saturday, March 14 is Pi Day 2015

Why not do something cool in Linux like generate pi to a given number of decimal places.  This can be done by using the tool  bc (Bench Calculator) which is installed in most Linux distributions I have used.

The following command will calculate π to 10 decimal places

The results:  3.1415926532

So enjoy some pi

 

More and Resources Use –
scale=100 – this specifies the number of decimal places to use for the result
4*a(1) – this returns the arctangent of 1 [which equals 45°: 45 x (π/180), or ¼π] then multiplies by 4 to get π.
bc -l – pipe the complete function string into the bc utility, -l specifies to load the standard math library that’s needed for the arctangent function, a().

Info from: http://superuser.com/questions/275516/how-can-i-generate-pi-to-a-given-number-of-decimal-places-from-a-script

Retrieve MX records using nslookup

One of my new kids on the block asked me a question tonight; “Jermal, how do I get the mx record of a domain?”

To retrieve mx record information we need to use a tool called nslookup which is available in Windows and Linux

The quick syntax use is

 

Example of its usage

And what it looks like in

Linux

Windows

 

The mcrypt extension is missing. Please check your PHP configuration

After a quick LAMP install, I decided to install PhpMyAdmin. Logging into I noticed a warring message that read:

The mcrypt extension is missing. Please check your PHP configuration

To resolve this I attempted the following:

  • Elevated my console to root (sudo -i)
  • apt-get install mcrypt
  • apt-get install php5-mcrypt (no need because the previous command did it for me)
  • php5enmod mcrypt
  • service apache2 restart

If the above steps don’t work introduce the following: ln -s /etc/php5/conf.d/mcrypt.ini /etc/php5/mods-available

Now my LAMP install is complete.

 

HowTo Upgrade OpenMediaVault

Here are some quick and simple steps to upgrade your OpenMediaVault (OMV) to the latest version; OMV 1.0  (Kralizec).

SSH into your OpenMediaVault server; in my case I am running OMV 0.5 and run the following command:

apt-get update && apt-get dist-upgrade && omv-update

Then type the following command:

omv-release-upgrade

Once completed you can either restart the web services or reboot the system and your all set.