Linux Cockpit Terminal screen illegible

Posted on by Jeff

If the Terminal screen on a server’s Cockpit page is illegible, you’ll need to set the site permissions from your client web browser.

Go to the site at http://x.x.x.x:9090, login, click the Terminal option.

Click the lock icon in the address bar.

Click on Connection Not Secure.

Click on More Information.

Click on the Permissions icon.

Under “Extract Canvas Data”, unselect “Use Default” and select “Allow”.

Refresh the page. You may have to change the font size.

upgrade to Debian 13 Trixie

Posted on by Jeff
Pre-Upgrade System Preparation

elevate to root

Create System Backup
mkdir mkdir /mnt/athena_backups/"$HOSTNAME"_backups
tar -czf /mnt/athena_backups/"$HOSTNAME"_backups/etc-backup-$(date +%Y%m%d).tar.gz /etc
dpkg --get-selections > /mnt/athena_backups/"$HOSTNAME"_backups/package-selections-$(date +%Y%m%d).txt
Ensure Debian 12 is fully updated before proceeding
apt update
apt upgrade -y
apt dist-upgrade -y
apt clean
apt autoremove -y
Verify system integrity before upgrade
apt --fix-broken install
dpkg --configure -a
Create safety copy of repository settings
cp /etc/apt/sources.list /etc/apt/sources.list.bookworm-backup
cp -r /etc/apt/sources.list.d /etc/apt/sources.list.d.bookworm-backup
Update Main Sources List and Additional Repositories
sed -i 's/bookworm/trixie/g' /etc/apt/sources.list
find /etc/apt/sources.list.d -name "*.list" -exec sed -i 's/bookworm/trixie/g' {} ;

This systematically updates all repository references from Bookworm to Trixie across all configuration files.

apt update

Third-party repositories may not immediately support Trixie. Consider temporarily disabling them by adding ‘#’ at the beginning of their lines in sources configuration files.

Minimal Upgrade First
apt upgrade --without-new-pkgs
Full Distribution Upgrade
apt full-upgrade
Confirm successful upgrade completion
cat /etc/debian_version
lsb_release -a
cat /etc/os-release
Clean Obsolete Packages
apt autoremove -y
apt autoclean
Update Package Cache
apt update
apt list --upgradable
System Reboot: Complete the upgrade process
systemctl reboot

Backup Nextcloud

Posted on by Jeff 
sudo su -
cd /var/www/html/nextcloud/

turn maintenance mode on

sudo -u www-data php occ maintenance:mode --on

run backups

tar -cvpzf /mnt/athena_backups/nextcloud_backup/nextcloud-$(date +"%Y-%m-%d").tar.gz -C /var/www/html/nextcloud/ .

turn maintenance mode off

cd /var/www/html/nextcloud/
sudo -u www-data php occ maintenance:mode --off
OR:
cd /var/www/html/nextcloud/config/
sed -i s/"'maintenance' => true"/"'maintenance' => false"/ config.php

mkvtoolnix

Posted on by Jeff

MKVToolNix GUI
is a Qt GUI for mkvmerge and a successor of mmg.
mkvmerge
merges multimedia streams into a Matroska file.
mkvinfo
lists all elements contained in a Matroska file.
mkvextract
extracts specific parts from a Matroska file to other formats.
mkvpropedit
allows to analyze and modify some Matroska file properties.

General Format for mkvmerge:

mkvmerge -o video_merged.mkv original.mkv original.srt

where -o or –output file-name is write to the file file-name.

add subs to a video:

mkvmerge -o Max\ Headroom\ -\ S01E01\ -\ Blipverts-merged.mkv Max\ Headroom\ -\ S01E01\ -\ Blipverts.mkv Max\ Headroom\ -\ S01E01\ -\ Blipverts.srt

extract subs from simple file:

mkvmerge -i Star\ Trek\ Lower\ Decks\ -\ S01E01\ -\ Second\ Contact.mkv
mkvextract tracks Star\ Trek\ Lower\ Decks\ -\ S01E01\ -\ Second\ Contact.mkv 2:Star\ Trek\ Lower\ Decks\ -\ S01E01\ -\ Second\ Contact.srt

extract subs from complex file:

mkvmerge -i Cowboy\ Bebop\ (2021)\ -\ S01E01\ -\ Cowboy\ Gospel.mkv
mkvextract tracks Cowboy\ Bebop\ (2021)\ -\ S01E01\ -\ Cowboy\ Gospel.mkv 7:Cowboy\ Bebop\ (2021)\ -\ S01E01\ -\ Cowboy\ Gospel.srt

convert mp4 to mkv with srt:

mkvmerge -o "result.mkv" "orig.mp4" "subs.srt" << reboot

Adjust History file to erase duplicates and set larger capacity

Posted on by Jeff 
vim .bashrc

look for the following lines and adjust HISTCONTROL, HISTSIZE, and HISTFILESIZE accordingly:

#don't put duplicate lines or lines starting with space in the history.
#See bash(1) for more options
HISTCONTROL=ignoreboth:erasedups
#append to the history file, don't overwrite it
shopt -s histappend
#for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
HISTSIZE=9999
HISTFILESIZE=9999

Remove invalid files by inode

Posted on by Jeff

This is for when you find files with invalid names that regular ‘rm’ won’t touch, eg.:

387090 drwx------ 3 root root 4.0K Aug 4 17:14 ''$'\033''[?25h'$'\033''[?7h'/

First you need to get the inode, using:

ls -il

this will show the inode at the left.

To remove the file, use the ‘find’ command. First we’ll see what ‘find’ can see:

find . -inum (inode number from before)

You should see just your invalid file. Remove it with:

find . -inum (inode number from before)  -exec rm -rf {} \;

Installing an M.2 HAT+ on a Raspberry Pi 5

Posted on by Jeff

Setup a Raspberry Pi 5 system with standard SD card configuration. Use the Raspberry Pi Imager to configure the Pi.

update the raspi:

sudo apt update && sudo apt full-upgrade

and also update the firmware:

sudo rpi-eeprom-update -a

Shut down the Raspberry Pi.

Install and connect the Raspberry Pi Active Cooler.

The M.2 HAT+ should come with at least four short screws and four long screws, along with four threaded standoffs. Attach the standoffs to the Pi so that they are on top of the Pi.

Add the GPIO extender to the Pi’s GPIO pins. Push down on either end, or with a small screwdriver, to get the extender securely attached.

Open the PI’s PCIe connector using your fingernails. Connect the HAT+ ribbon cable to the PCIe connector, and close the connector.

Align the HAT+’s GPIO over the GPIO connector and push down evenly.

Use the short screws to connect the HAT+ to the standoffs.

Install the Raspberry Pi into its case.

Boot the Raspberry Pi using the SD card as your boot device.

Use the Raspberry Pi Imager to install the Raspberry Pi software to the NVME drive.

Run from a command prompt:

sudo raspi-config

Under Advanced Options, go to Boot Order, then choose NVMe/USB boot.

Exit raspi-config, then shutdown. Remove the SD card, and boot the Pi.

Show Git Branch Names in Your Bash Prompt

Posted on by Jeff

from: https://tecadmin.net/how-to-show-git-branch-names-in-your-bash-prompt/

vim ~/.bashrc

add the following:

#Function to show the current Git branch
parse_git_branch() {
git branch 2> /dev/null | sed -e '/^[^]/d' -e 's/ (.*)/(\1)/'
}
#Custom PS1 prompt
export PS1="[\033[1;36m]\u[\033[1;31m]@[\033[1;34m]\h:[\033[1;35m][\e[32m]\w [\e[91m]\$(parse_git_branch)[\e[00m]$ "

load the new settings:

source ~/.bashrc
Posted in git

libvirt / qemu guest won’t start

Posted on by Jeff

If you see the error message “Error starting domain: Requested operation is not valid: network ‘default’ is not active”, it means the network hasn’t started.

Do the following:

sudo virsh net-list --all

You will see:

Name State Autostart Persistent

default inactive no yes

sudo virsh net-start default

Network default started

Set it to autostart:

sudo virsh net-autostart default

Check status:

sudo virsh net-list --all

Name State Autostart Persistent

default active yes yes

Posted in KVM

Bambu Labs P1S Filament Chart

Posted on by Jeff

(taken from https://wiki.bambulab.com/en/general/filament-guide-material-table and modified slightly)

MaterialEnclosed printer
(X1C, X1, X1E, P1S, enclosed P1P, etc.)		0.2 mm Nozzle0.4 mm Nozzle 0.6 mm Nozzle0.8 mm Nozzle Hardened Steel Nozzle Required? *Nozzle Temperature
(± 10 °C)		Compatible with AMS / AMS lite? **
PLA***YESYESYESYESYESNO190 – 240YES
Wood / Rock / Metal-filled PLAYESNOYESYESYESYES for Metal-filled PLA190 – 240YES  when not very brittle, rough or soft
PLA-CF/GFYESNORecommended for Bambu PLA-CFYESYESYES210 – 240YES for Bambu PLA-CF
PLA Glow / Glow-in -the-darkYESNORecommendedYESYESRecommended for long-term printing210 – 240YES for AMS, not recommended for AMS lite
PVA, BVOH
Dry State		YESYES 
(Dry State)		YESYESYESNO190 – 240YES 
(Dry State)
Support W, Support for PLA, Support for PLA/PETGYESYESYESYESYESNO190 – 240YES
PETGYES
Recommended		YESYESYESYESNO240 – 270YES
PETG-CFYES
Recommended		NORecommended for Bambu PETG-CFYESYESYES240 – 270YES for AMS, not recommended for AMS lite
TPUYESNot recommendedYESYESYESNO200 – 250NO
ABS RecommendedYESYESYESYESNO240 – 280YES
ABS-GF RecommendedNOYESYESYESYES240 – 280YES
ASA RecommendedYESYESYESYESNO240 – 280YES
PC RecommendedNot recommendedYESYESYESNO260 – 290YES
PA RecommendedNOYESYESYESNO260 – 290YES
Support for PA/PET RecommendedNOYESHighly recommendedYESYES260 – 300YES for Bambu PA-CF, PAHT-CF
PA-CF/GF
PA6-CF/GF
PAHT-CF/GF		 RecommendedNOYESHighly recommendedYESYES260 – 300YES for Bambu PA-CF, PAHT-CF
PET-CF/GF RecommendedNOYESHighly recommendedYESYES260 – 300NO
PPA-CF/GF RecommendedNOYESHighly recommendedYESYES285 – 320NO
PPS RecommendedNOYESYESYESNO285 – 330YES
PPS-CF/GF RecommendedNOYESHighly recommendedYESYES310 – 350
* (Common nozzle materials include hardened steel, stainless steel and brass)

** Please note that it only explains the filament compatibility with AMS / AMS lite from the perspective of filament loading and unloading. In actual use, the compatibility between the printers and the filaments must also be considered.

***The PLA here refers to normal PLA, that is, PLA that does not contain carbon fiber (CF), glass fiber (GF) or other metal, inorganic non-metal fillers with high hardness and big particle size, , including PLA Basic, PLA Matte , PLA Tough, PLA Metal, PLA Silk, PLA Aero, PLA Dynamic, etc., excluding PLA-CF, PLA-GF, PLA Sparkle, PLA Marble, etc.

Collect all .ssh folders

Posted on by Jeff

Set up a folder call ~/Documents/keys on the collector system

Using tmux-cssh, log in to all source systems.

On all source systems, enter:

tar -cvzf $HOSTNAME.tar.gz ~/.ssh/* && scp $HOSTNAME.tar.gz jeff@calypso:/home/jeff/Documents/keys

You should now have all systems (assuming that they could scp to the collector) listed in the keys folder, with the source hostname in the filename.

Install Teams For Linux

Posted on by Jeff

Debian/Ubuntu and other derivatives

sudo mkdir -p /etc/apt/keyrings
sudo wget -qO /etc/apt/keyrings/teams-for-linux.asc https://repo.teamsforlinux.de/teams-for-linux.asc
echo "deb [signed-by=/etc/apt/keyrings/teams-for-linux.asc arch=$(dpkg --print-architecture)] https://repo.teamsforlinux.de/debian/ stable main" | sudo tee /etc/apt/sources.list.d/teams-for-linux-packages.list
sudo apt update
sudo apt install teams-for-linux

RHEL/Fedora and other derivatives

curl -1sLf -o /tmp/teams-for-linux.asc https://repo.teamsforlinux.de/teams-for-linux.asc; rpm --import /tmp/teams-for-linux.asc; rm -f /tmp/teams-for-linux.asc
curl -1sLf -o /etc/yum.repos.d/teams-for-linux.repo https://repo.teamsforlinux.de/rpm/teams-for-linux.repo
yum update
yum install teams-for-linux

Using KVM/libvirt/qemu

Posted on by Jeff

Setup KVM in Linux

Install virsh:

$ sudo apt-get install libvirt-bin
This can be local, or even remote. In most cases, if you want to manage VMs running on the local hypervisor:
$ virsh connect qemu:///system
List any existing VMs:
$ virsh list

You can export the XML of an existing virtual machine:

$ virsh dumpxml myoldvm > ~/myoldvm.xml

And then edit myoldvm.xml, which should be rather straightforward. For more information about libvirt XML format, see:
http://libvirt.org/format.html

Once you have an XML file describing the new virtual machine you want to create, import it into virsh, and run it immediately:

$ virsh create ~/myoldvm.xml
See if it worked:
$ virsh list

Working with a Running Virtual Machine:

$ virsh start mynewvm
$ virsh reboot mynewvm
$ virsh shutdown mynewvm
$ virsh suspend mynewvm
$ virsh resume mynewvm

To delete a virtual machine, first terminate it (if running), and then undefine it:

$ virsh destroy mynewvm
$ virsh undefine mynewvm
Posted in KVM

conky config for raspberry pi

Posted on by Jeff

conky.config ={
— CONKY SETTINGS

background = false,
update_interval = 1,
total_run_times = 0,

cpu_avg_samples = 2,
net_avg_samples = 2,

override_utf8_locale = true,

double_buffer = true,
no_buffers = true,

text_buffer_size = 32768,

— CONKY: WINDOW SPECIFICATIONS
own_window = true,
own_window_argb_value = 192,
own_window_argb_visual = true,
own_window_class = ‘conky-semi’,
own_window_colour = ‘#0b0d18’,
own_window_hints = ‘undecorated,below,sticky,skip_taskbar,skip_pager’,
— own_window_transparent = true,
own_window_transparent = true,
own_window_type = ‘normal’,
— own_window_type = ‘desktop’,
double_buffer = true,

border_inner_margin = 6,
border_width = 5,

minimum_height = 1000,

minimum_width = 280,
maximum_width = 280,

alignment = ‘top_right’,
gap_x = -1910,
gap_y = 40,

— GRAPHICS SETTINGS
draw_shades = false,
draw_outline = true,
draw_borders = false,
draw_graph_borders = true,
— draw_graph_borders = false,

— TEXT SETTINGS
use_xft = true,
font = ‘Montserrat Regular:size=10’,
xftalpha = 0.2,

uppercase = false,

— Pad percentages to this many decimals (0 = no padding)
pad_percents = 2,

— COLOUR SETTINGS
default_color = ‘AAAAAA’,
default_shade_color = ‘333333’,
— default_outline_color = ‘111111’,
default_outline_color = ‘010101’,
color1 = ‘999999’,
color2 = ‘CCCCCC’,
color3 = ‘EEEEEE’,
color4 = ‘444444’,
color5 = ‘555555’,
color6 = ‘666666’,
color7 = ‘3b71a1’,
};

conky.text = [[

${alignc}${font Arial:size=20}${color #0040FF}Raspberry Pi OS ${color #0040FF}
${alignc}${color #0040FF}Hostname: ${color #0040FF}${nodename}
${color6}${hr 2}${color}
${alignc}${color1}${font Montserrat Bold:size=20}${time %H:%M:%S}${font}${color}${alignc}
${voffset -9}
${alignc}${font Montserrat Light:size=10}${time %A %d %B %Y}${font}${alignc}
${color6}${hr 2}${color}
${voffset -6}
${font Arial:bold:size=9}${color #00AAFF}System ${color #0000AA}${hr 2}

${color #00AAFF}${font Montserrat Light:size=9}Hostname:${alignr}$font${color #505050}$nodename
${color #00AAFF}${font Montserrat Light:size=9}Uptime:${alignr}$font${color #505050}$uptime_short
${color #00AAFF}${font Montserrat Light:size=9}Kernel:${alignr}$font${color #505050}$kernel ${voffset 5}
${color #00AAFF}${font Montserrat Light:size=9}Distro:${alignr}$font${color #505050}${exec lsb_release -a 2>/dev/null | grep -i description | cut -s -f2}
${color #00AAFF}${font Montserrat Light:size=9}Frequency:${alignr}$font${color #505050}${freq_g cpu0}Ghz
${color #00AAFF}${font Montserrat Light:size=9}Uptime:${alignr}$font${color #505050}${uptime}
${font Arial:bold:size=9}${color #00AAFF}CPU ${color #0000AA}${hr 2}
${voffset -15}
${font Montserrat Light:size=9}${color1}CPU TEMP:${color}${font} ${font :size=10}${alignr}${hwmon 1 temp 1}°${color4}C${color}${voffset 5}
${voffset -15}
$font${color #505050}CPU1 ${color #AAAAAA}${cpu cpu1}%${color #505050} ${cpubar cpu1}
CPU2 ${color #AAAAAA}${cpu cpu2}%${color #505050} ${cpubar cpu2}
CPU3 ${color #AAAAAA}${cpu cpu3}%${color #505050} ${cpubar cpu3}
CPU4 ${color #AAAAAA}${cpu cpu4}%${color #505050} ${cpubar cpu4}
${voffset -8}
${font Arial:bold:size=9}${color #00AAFF}Network ${color #0000AA}${hr 2}
${voffset -15}
${font Montserrat Light:size=10}${color1}IP ADDRESS:${color}${font} ${alignr}${addr eth0}
${voffset 5}${font Montserrat Light:size=10}${font}Download ${alignr}${downspeedf eth0}k/s (${totaldown eth0})
${color3}${downspeedgraph eth0 50,280 ADFF2F 32CD32 -t}
${font Montserrat Light:size=10}${font}Upload ${alignr}${upspeedf eth0}k/s (${totalup eth0})
${color3}${upspeedgraph eth0 50,280 FF0000 8B0000 -t}
${font Arial:bold:size=9}${color #00AAFF}HDD ${color #0000AA}${hr 2}
${color1}Used: ${color3}${fs_used /}${color1}${goto 175}Free:${goto 225}${color3}${fs_free /}
${color2}${fs_bar /}
${font Montserrat Light:size=8}${color1}DISK I/O:${color}${font} ${alignr}$diskio
${voffset 2}${font Montserrat Light:size=8}${color1}READ: ${color}${font} ${goto 80}${color4}${diskiograph_read 15,210 ADFF2F 32CD32 750}${color}
${voffset 2}${font Montserrat Light:size=8}${color1}WRITE:${color}${font} ${goto 80}${color4}${diskiograph_write 15,210 FF0000 8B0000 750}${color}
${font Arial:bold:size=9}${color #00AAFF}Memory ${color #0000AA}${hr 2}
$font${color DimGray}RAM $alignc $mem / $memmax $alignr ${color 188f18}$memperc%
${color 188f18}$membar${voffset 1}
${font Arial:bold:size=9}${color #00AAFF}Processes ${color #0000AA}${hr 2}
${voffset -15}
${font :size=10}${font Montserrat Light:size=8}${color1}TOTAL:${color}${font} ${alignr}${processes}
${voffset -10}
${font Montserrat Light:size=9}${color1}APP NAME: ${goto 160}MEMORY: ${goto 245}CPU: ${color}${font}
${voffset -16}
${font Montserrat Light:size=9}${color1}${top_mem name 1} ${color}${font} ${goto 160}${top mem 1} % ${goto 235}${top cpu 1} %
${font Montserrat Light:size=9}${color1}${top_mem name 2} ${color}${font} ${goto 160}${top mem 2} % ${goto 235}${top cpu 2} %
${font Montserrat Light:size=9}${color1}${top_mem name 3} ${color}${font} ${goto 160}${top mem 3} % ${goto 235}${top cpu 3} %
${font Montserrat Light:size=9}${color1}${top_mem name 4} ${color}${font} ${goto 160}${top mem 4} % ${goto 235}${top cpu 4} %
${font Montserrat Light:size=9}${color1}${top_mem name 5} ${color}${font} ${goto 160}${top mem 5} % ${goto 235}${top cpu 5} %

]];

when ubuntu software comes up empty

Posted on by Jeff

Ubuntu Software aka Snap Store opens up essentially blank.

Close the Snap Store application

Open the terminal (Ctrl+Alt+T)

Type the command:

ps -ef|grep snap-store|grep -v grep

…to check if snap-store process is still running

If you get anything in the output, that indicates that snap-store is still running. The output may be like:

username 24225 1871 2 21:41 ? 00:00:23 /snap/snap-store/542/usr/bin/snap-store

in that case type the command

kill (number)

…where number is the first number shown in the line above, right after the username (in this case 24225)

repeat step 3 to confirm that snap-store is not running anymore

type the command:

snap-store

…and watch the output for “access denied” messages.

#########

On Ubuntu 20.04LTS the app called “Ubuntu software” is in reality snap-store (the terminal command running it is “snap-store”, not “gnome-software”). Ubuntu 20.04 does not seem to come with gnome-software installed by default. For me, closing the app, then typing

killall snap-store

in a terminal and then re-launching the app solved the problem without a reboot.

ubuntu Nautilus won’t open, or fails often

Posted on by Jeff

“Files” File manager (Nautilus) is not working on an Ubuntu system. Files either stops working, or won’t load at all.

try:

  1. reinstalling nautilus-data using below command
sudo apt-get install --reinstall nautilus-data  ## this one worked in 22.04
  1. terminating the running nautilus process
ps awx | grep nautilus
sudo kill (process ID)
  1. Uninstalling and reinstalling Nautilus

sudo apt-get remove nautilus

sudo apt-get autoremove
sudo apt-get clean
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install nautilus

rsync standard setting

Posted on by Jeff

rsync -Pavuc <source> <target>

What does it mean?

-P  --same as --partial --progress
-a, --archive archive mode; equals -rlptgoD (no -H,-A,-X)
-v, --verbose increase verbosity
-u, --update skip files that are newer on the receiver
-c, --checksum skip based on checksum, not mod-time & size
-a includes:
-r, --recursive recurse into directories
-l, --links copy symlinks as symlinks
-p, --perms preserve permissions
-t, --times preserve modification times
-g, --group preserve group
-o, --owner preserve owner (super-user only)
-D  --same as --devices --specials
      --devices preserve device files (super-user only)
      --specials preserve special files

Change the site tab icon in WordPress

Posted on by Jeff

Upload the image you want to use to your site’s media collection.

In your site’s WP editor, go to Appearance > Customize

Choose Site Identity

Select Site Icon down near the bottom of the sidebar (depending on your theme, version, etc.)

Choose your image. You may have to crop it down a bit.

Publish/Update and you’re done.

Ubuntu install qemu/libvirtd

Posted on by Jeff 
egrep -c '(vmx|svm)' /proc/cpuinfo # to confirm virtualization is enabled in BIOS > you need anything greater than zero returned
sudo apt update
sudo apt install -y qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils
sudo apt install -y qemu-kvm
qemu-system-x86_64 --version ## verify install
sudo apt install -y  virtinst libvirt-daemon
sudo systemctl enable --now libvirtd # enable service
sudo apt install -y virt-manager ## install the GUI
reboot



when transferring from old machine:

copy over the qcow files to appropriate path

restore backups of folder /etc/libvirt/qemu

make sure the paths in the xml files are correct

fix/import the xml files with:

virsh define rhel901.xml
Posted in KVM

Create comic book files

Posted on by Jeff

After downloading comic book or anime images as a mix of .webp and .jpg, run the following:

find . -name "* *" -type f | rename -v -f 's/ /_/g' && for f in *.webp; do dwebp $f -o $f.jpg;done && rename -v 's/\.webp\.jpg/\.jpg/' * && rm *.webp && sudo chown -R jeff:users * && sudo chmod -R 777 *

This will change any spaces to underscores, convert any .webp to .webp.jpg, rename those to just .jpg, set permissions and ownership.

Use the compress option in Gnomes Files to compress the jpg’s into a .zip, then rename the .zip to .cbz

or:

zip bookname.cbz *.jpg

Install cryptsetup on Linux

Posted on by Jeff

In this example, we’ll set up a 16Gb encrypted partition on a separate disk.

Note that this will wipe everything on your partition.

As root, use fdisk to determine which partition you want to use:

# fdisk -l

You could also use lsblk to show your installed drives:

# lsblk

In our case, we’re going to encrypt /dev/sde1, a 16GB USB stick.

First thing you need to do is to come up with a passphrase that you can remember.

Next, we’ll start the encryption process.

In our case, we want:

# cryptsetup -v luksFormat --type=luks2 /dev/sde1

Pay attention to the prompts.

You can check the man page for more options.

Now let’s open the encrypted volume, and give it a name for mapping the partition:

# cryptsetup open /dev/sde1 mypart

Next, give it a filesystem, using ext4:

# mkfs.ext4 /dev/mapper/mypart

Now create a mount point:

# mkdir /mnt/testenc
To mount the encrypted volume, you can use the cryptsetup with the mount command.
# cryptsetup --type luks open /dev/sde1 mypart
# mount -t ext4 /dev/mapper/mypart /mnt/testenc

To close the partition, do the following:

# umount /place/to/mount
# cryptsetup close mypart

Weird folder names in Raspberry Pi file list

Posted on by Jeff

raspi occasionally creates weird folders under /root with incomprehensible names:

drwx------ 3 root root 4.0K Jul 7 2022 ''$'\033''[?25h'$'\033''[?7h'/

You can’t easily delete the folder with rm -rf.

First, you need to find the inode to the folder:

# ls -ihalF
total 80K
15     drwx------ 11 root root 4.0K Apr 18 10:42 ./
2      drwxr-xr-x 18 root root 4.0K Jul 21 08:34 ../
524545 drwx------ 3 root root 4.0K Jul 7 2022 ''$'\033''[?25h'$'\033''[?7h'/

So in this case the inode is 524545

Use ‘find’ to get rid of it:

find . -maxdepth 1 -type d -inum 524545 -exec rm -rf {} \;

Folder is now deleted

Adventures in hacking

Posted on by Jeff

Just sharing a story of some hacking I’ve been doing over the last few weeks…

Some of you may know, one of my NAS’s (a D-link DNS-322) died a few weeks back.. I was able to save much of the data, but not all.  It was a very old box, so I’m not too upset that it died.  What data I could salvage I farmed out to my other systems, but now I’m running out of disk space in several places.

As it happens, I have an old Windows Home Server (an Acer Aspire H341) with 4 hot-swappable bays collecting dust.  I haven’t used it since I discovered Linux many years ago.  The problem with the WHS is that it’s headless, i.e. no video.

So.. I took an old HDD and bought a USB>SATA converter.  Originally, I tried to just hook up a live USB and the HDD to a laptop, but the Ubuntu installer insisted on wiping out the EFI partition on the laptop’s HDD.  There is apparently some trick to get around that, but what I saw looked pretty scary, so I avoided it.

Next, I tried to use the Raspi disk imager app to load Ubuntu Server onto the HDD.  The disk imager is actually a pretty slick app, but in this case wouldn’t work.  I think it doesn’t like Atom CPUs..

Next, I remembered that in the garage I have a disk-less desktop that a friend from work asked me to take to the recycle centre (and I will someday!)  I took the HDD and plugged it into the desktop via USB, added the live USB stick, wired the desktop up to one of my monitors and hooked up one of those tiny Bluetooth keyboards..  I could then load Ubuntu on to the HDD. Next step was to take said HDD over to the WHS and fire it up from there.  The lights did what lights usually do, but for the life of me I couldn’t get the thing to talk to the network.  I actually did a wipe and load at one point just to prove myself wrong, but I still couldn’t see the WHS on the network.

Eventually, I got the idea that maybe the built-in NIC (on the Acer) was buggerski.  So I bought a USB<>Ethernet adapter and tried to get connectivity that way.  Still no dice.  I thought maybe the adapter doesn’t get magically picked up by the OS, so I brought the adapter and the HDD back to the desktop computer, found that the adapter was seen, but disabled.  So using Netplan, (which I still don’t like), I configured it to talk to the adapter as the primary NIC (learned a lesson about having the gateway listed twice as well).  I then ran the whole lot back to the WHS, booted it up and whammo, I can now SSH into it.  

Sweet zombie servers, Batman!  The WHS lives again!

Now to reorganize all the cables and crap that I scattered all over the place…

The only drawback, I think, is that the WHS only has USB 2, so not going to see 1gb speeds.  That’ll hurt during the mass file copying, but I can probably live with it for regular duty work.  And since there are four bays, I can use LVM to make one big pile for backups and whatnot.

RHEL 9 – change root password when not known

Posted on by Jeff

Reboot the system using either hard boot or soft boot.

Interrupt the boot process when the grub kernel choice comes up by using the down arrow key.

Go back to the top line (or other kernel if you prefer) and hit ‘e’ to temporarily edit that kernel’s boot parameters.

Find the line that starts with ‘linux’ (usually the fourth line) and go to the end of the line with the ‘end’ key.

Add the following to the end of the line:

init=/bin/sh

Then hit Ctrl-x to proceed. This should bring you to a blank screen with only ‘sh-5.1#’ (or whatever kernel version)

Enter the following lines:

/usr/sbin/load_policy -i
mount -o remount,rw /
passwd root (then enter your password twice)
/sbin/reboot -f

After the system reboots, test your new root password. If you boot to grub there may be a different user showing in the login screen, be sure to switch to root before you login.

Raspberry Pi top Panel freezes or slows

Posted on by Jeff

Some of the widgets/plugins in the Raspi’s top Panel cause system instability. You’ll have to try to get a terminal to open, or else try to ssh in.

You can delete the user’s lxpanel config file, then reboot. This will recreate the default Panel, which you can now break again…

sudo rm -r ~/.config/lxpanel

From here you can either restart the X session with:

startx

or else reboot:

sudo reboot

A new default Panel will be generated.

Raspberry Pi changes Wi-Fi MAC address on boot

Posted on by Jeff

This is a new security feature in Network Manager.

Disable the MAC address randomization by creating the file

/etc/NetworkManager/conf.d/100-disable-wifi-mac-randomization.conf

with the content:

[connection]
wifi.mac-address-randomization=1

[device]
wifi.scan-rand-mac-address=no

or:

mv /etc/NetworkManager/conf.d/100-disable-wifi-mac-randomization.conf /etc/NetworkManager/conf.d/100-disable-wifi-mac-randomization.conf.bak

echo "[connection]" >/etc/NetworkManager/conf.d/100-disable-wifi-mac-randomization.conf

echo "wifi.mac-address-randomization=1" >>/etc/NetworkManager/conf.d/100-disable-wifi-mac-randomization.conf

echo -e "\n[device]" >>/etc/NetworkManager/conf.d/100-disable-wifi-mac-randomization.conf

echo "wifi.scan-rand-mac-address=no\n" >>/etc/NetworkManager/conf.d/100-disable-wifi-mac-randomization.conf

Afterwards you may need to update your device’s MAC in your DHCP server.

Then reboot.

ansible cheat sheet

Posted on by Jeff

Command
ansible-playbook file.yamlRun an Ansible playbook called file.yaml

Authentication options
–user, -u <username>Log in as username
–private-key, –key-file <key>Log in using SSH key (usually in ~/.ssh)
–ssh-extra-argsPass extra command options to SSH
–vault-id <id>Use vault identity ID
–vault-password-file <key>Use vault password file key
–ask-vault-passPrompt for a vault password
–becomeEscalate privileges
–ask-become-passPrompt for a password for become
–become-methodEscalate privilege using a specific method
ansible-doc –-type foo –listList choices for become, connection, and other Ansible options

Control options
–syntax-checkVerify syntax of a playbook, but do not run it
–list-hostsShow hosts listed in a playbook
–list-tasksShow tasks defined in a playbook
–start-at-task <task_name>Run playbook starting at task name
–checkRun the playbook but don’t make changes
–diffShow diffs for what changes are made
–module-pathPrepend colon-separated path to default path
–connection <method>Connect over method

Playbook and YAML
Parameter: valueA YAML mapping entry is a key and a value
– fooA YAML sequence entry is an itemized list
– bar
– baz
Distro:A mapping entry can contain a sequence
– Fedora
– RHEL
– Debian
– Slackware
OS:Sequence items can contain mappings
– Linux: Fedora
– BSD: NetBSD

Playbook structure
YAML files start with three dashes
– name: “My play”Use the name mapping to name your play
hosts: allIndent, and define which hosts the play runs on. List target hosts in etc/ansible/hosts
tasks:Open a tasks mapping, which will contain a sequence
– name:“My task” Give the task a name with the name mapping
some_module:Import a module as a new mapping containing a sequence of parameters. Find required and optional parameters in the module’s documentation.
path: ‘/example/’Parameters are usually mappings using the command option as the key and an argument as the value.
– name: “My other task”A play may contain more than one task
other_module:A task usually imports a module
foo: ‘bar’

grep cheat sheet

Posted on by Jeff
Basics
grep [pattern] FILE
grep ‘^[A,E].*o’ f.txtFind a string starting with A or E and ending in o
grep -f pat.txt f.txtScan f.txt, using contents of pat.txt as regex
grep -i Gnu f.txtFind “gnu” in f.txt, ignoring capitalization
grep -v gnu f.txtFind all lines not containing “gnu” (invert match)
grep -w ‘a.*o’ f.txtFind whole word matches only, ignoring substrings
grep -x ‘a.*o’ f.txtFind whole line matches only, as in ^(a.*o)$

Output
-cPrint only the number of lines containing a match
–colo[u]rDisplay matches in color
-lPrint the names of files with matches
-LPrint the names of files searched that contained no matches
-oPrint only the matched part of a line
-sSuppress errors (such as non-existent or unreadable files)
-A nPrint n number of lines after a matching line
-B nPrint n number of lines before a matching line
-C nPrint n number of lines before and after a matching line

Output prefixes
-bPrint the byte offset of the match within the input file
-HPrint the filename containing a match
-hDo not print the filename containing a match
-nPrint the line number of each match
-TPrint an initial Tab before matches so that output is neatly aligned

File and directory selection
-aProcess a binary file as if it were text
-D <skip|read>Skip or read a FIFO, device, or socket
-d <skip|read|recurse>Skip, read, or recurse through a directory
–exclude ‘*.sh’Do not search any file with the .sh suffix
–exclude-from FILESkip any file listed in FILE
–exclude-dir *fooSkip any directory ending in foo
-rWhen a directory is encountered, search files in it
-RSearch directories and follow symlinks

Variants
-GUse basic regex (this is the default)
-EExtended regex
-FInterpret the search pattern as a fixed string, not regex
-PUse Perl regex (PCRE)

Regular expression
.Any single character
?Match preceding item zero or one time
*Match preceding item zero or more times
+Match preceding item one or more times
{2}Match preceding item two times
{3,}Match preceding item three or more times
{,4}Match preceding item at most four times
{1,5}Match preceding item at least once, but no more than five times
[A,B]Match A or B
[3-9]Match all digits 3 to 9
^Start of a line
$End of a line
\sSpace
[:alnum:]Alphanumeric character
[:alpha:]Alphabetic character
[:digit:]Digits 0 through 9
[:punct:]Punctuation
[:space:]Space