Resize sdcard with parted

So I had to reinstall Debian in the sdcard of my Orange Pi Lite. Thing is original image / fs is only 4Gb, which on a 64Gb sdcard leaves 60Gb unused.

Here is where parted comes to the rescue. Easier than fdisk for me. Below example extends ext4 partition to 62Gb and creates a 2Gb swap partition.

sudo parted  /dev/mmcblk0 
GNU Parted 3.2 
Using /dev/mmcblk0 
Welcome to GNU Parted! Type 'help' to view a list of commands. (parted) print
Model: SD BC2QT (sd/mmc) 
Disk /dev/mmcblk0: 64,0GB 
Sector size (logical/physical): 512B/512B 
Partition Table: msdos 
Disk Flags:  

Number  Start   End     Size    Type     File system  Flags  
1      21,0MB  73,4MB  52,4MB  primary  fat16        lba  
2      73,4MB  3743MB  3670MB  primary  ext4 

(parted) resizepart
Partition number? 2
End?  [3743MB]? 62000MB
(parted) print
Model: SD BC2QT (sd/mmc)
Disk /dev/mmcblk0: 64,0GB 
Sector size (logical/physical): 512B/512B 
Partition Table: msdos 
Disk Flags:  

Number  Start   End     Size    Type     File system  Flags  
1      21,0MB  73,4MB  52,4MB  primary  fat16        lba  
2      73,4MB  62,0GB  61,9GB  primary  ext4 

(parted) mkpart                                                            Partition type?  primary/extended? primary
File system type?  [ext2]? linux-swap
Start? 62.0GB
End? 64.0GB
(parted) print
Model: SD BC2QT (sd/mmc)
Disk /dev/mmcblk0: 64,0GB 
Sector size (logical/physical): 512B/512B 
Partition Table: msdos 
Disk Flags:  

Number  Start   End     Size    Type     File system     Flags  
1      21,0MB  73,4MB  52,4MB  primary  fat16           lba  
2      73,4MB  62,0GB  61,9GB  primary  ext4  
3      62,0GB  64,0GB  2022MB  primary  linux-swap(v1)  lba 
(parted)  
(parted) quit 
Information: You may need to update /etc/fstab. 

Continue reading

Running vsftpd on Docker

Happy 2019!!

Lately I’ve been playing around with docker and decided to create a dockerfile to have vsftpd running on CentOS. Below is my dockerfile:

# Dockerfile for vsftpd on CentOS
FROM centos:7

MAINTAINER xavi@xavignu.com

RUN yum -y update; yum -y install which vsftpd net-tools vsftpd-sysvinit; yum clean all

COPY vusers.txt /etc/vsftpd/
RUN db_load -T -t hash -f /etc/vsftpd/vusers.txt /etc/vsftpd/vsftpd-virtual-user.db; rm -v /etc/vsftpd/vusers.txt; \ 
	chmod 600 /etc/vsftpd/vsftpd-virtual-user.db
COPY vsftpd.conf /etc/vsftpd/
COPY vsftpd.virtual /etc/pam.d/
RUN mkdir -p /home/vftp/ftpuser; chown -R ftp:ftp /home/vftp

EXPOSE 20 21

CMD ["/usr/sbin/vsftpd","-obackground=NO"]

We need to create three files before building the image, one for vsftpd virtual users PAM, another vsftpd.conf file and another with the virtual users. vsftpd.conf below:

anonymous_enable=NO
local_enable=YES
virtual_use_local_privs=YES
write_enable=YES
local_umask=022
pam_service_name=vsftpd.virtual
guest_enable=YES
user_sub_token=$USER
local_root=/home/vftp/$USER
chroot_local_user=YES
allow_writeable_chroot=YES
hide_ids=YES
xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log

Pam file, store as vsftpd.virtual

#%PAM-1.0
auth       required     pam_userdb.so db=/etc/vsftpd/vsftpd-virtual-user
account    required     pam_userdb.so db=/etc/vsftpd/vsftpd-virtual-user
session    required     pam_loginuid.so

And at last a file with user and password, which we will store as vusers.txt

ftpuser
letmein

All these files shall be stored into the same directory in order for build to be successful. We proceed building.

docker build -t centos-vsftpd -f  centos-vsftpd . 
Sending build context to Docker daemon  10.24kB
Step 1/10 : FROM centos:7
 ---> 1e1148e4cc2c
Step 2/10 : MAINTAINER xavi@xavignu.com
 ---> Using cache
 ---> cb00764989e4
Step 3/10 : RUN yum -y update; yum -y install which vsftpd net-tools vsftpd-sysvinit; yum clean all
 ---> Using cache
 ---> 84bc55dc256f
Step 4/10 : COPY vusers.txt /etc/vsftpd/
 ---> Using cache
 ---> 922453bc2ba3
Step 5/10 : RUN db_load -T -t hash -f /etc/vsftpd/vusers.txt /etc/vsftpd/vsftpd-virtual-user.db; rm -v /etc/vsftpd/vusers.txt; 	chmod 600 /etc/vsftpd/vsftpd-virtual-user.db
 ---> Using cache
 ---> 3f0f5a3743af
Step 6/10 : COPY vsftpd.conf /etc/vsftpd/
 ---> Using cache
 ---> f6241c5dc497
Step 7/10 : COPY vsftpd.virtual /etc/pam.d/
 ---> b768b27a3496
Removing intermediate container 45326ecc02a0
Step 8/10 : RUN mkdir -p /home/vftp/ftpuser; chown -R ftp:ftp /home/vftp
 ---> Running in fb940a0b999f
 ---> 8afff06f270a
Removing intermediate container fb940a0b999f
Step 9/10 : EXPOSE 20 21
 ---> Running in 0a9bd172c74e
 ---> d07e65112275
Removing intermediate container 0a9bd172c74e
Step 10/10 : CMD /usr/sbin/vsftpd -obackground=NO
 ---> Running in 50f124e366ee
 ---> 0a571ecf1fed
Removing intermediate container 50f124e366ee
Successfully built 0a571ecf1fed
Successfully tagged centos-vsftpd:latest

We now start the vsftpd container and check its running.

docker run -d --name myftp centos-vsftpd:latest; docker ps 
1034cc745e43f67ae3a432ce8ebe37755b36eca2dc04f21102da2eaafe9dd832
CONTAINER ID        IMAGE                  COMMAND                  CREATED                  STATUS                  PORTS               NAMES
1034cc745e43        centos-vsftpd:latest   "/usr/sbin/vsftpd ..."   Less than a second ago   Up Less than a second   20-21/tcp           myftp

We connect to newly created ftp server and upload a test file.

ftp 172.17.0.2 
Connected to 172.17.0.2.
220 (vsFTPd 3.0.2)
Name (172.17.0.2:xavi): ftpuser
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> mput test.txt
mput test.txt? y
200 PORT command successful. Consider using PASV.
150 Ok to send data.
226 Transfer complete.
10 bytes sent in 0.00 secs (187.8005 kB/s)
ftp> 

And we check the creation and content of the uploaded file.

docker exec myftp cat  /home/vftp/ftpuser/test.txt
Test File

References:

OpenDKIM in Debian

Lately I’ve been playing with postfix and ways to validate my mail. That’s how I reached DKIM records. Something like ssh keys (a public and private key) but for mail. Installation in Debian GNU/Linux is pretty simple via apt-get as usual, we need to install opendkim and opendkim-tools.

dpkg -l | grep dkim
ii  libmail-dkim-perl              0.40-1                           all          cryptographically identify the sender of email - perl library
ii  libopendkim9                   2.9.2-2+deb8u1                   amd64        Library for signing and verifying DomainKeys Identified Mail signatures
ii  opendkim                       2.9.2-2+deb8u1                   amd64        Milter implementation of DomainKeys Identified Mail
ii  opendkim-tools                 2.9.2-2+deb8u1                   amd64        Set of command line tools for OpenDKIM

We need to open a port for opendkim (8891 in my case), we need to edit /etc/default/opendkim in order to do this as below.

grep -v "^#" /etc/default/opendkim 
SOCKET="inet:8891@localhost" # listen on loopback on port 8891

Continue reading

Spamassassin logs to a different file

Lately I’ve been looking at my mail logs and noticed that on them it gets written spam, postfix and dovecot messages among other, which is a little uncomfortable. We can use grep to filter, but perhaps a better approach is to send spamassassin logs to a different file.

tail /var/log/mail.log
Oct 16 17:13:11 myserver postfix/smtpd[29869]: connect from unknown[185.234.219.254]
Oct 16 17:13:11 myserver postfix/smtpd[29869]: warning: unknown[185.234.219.254]: SASL LOGIN authentication failed: Invalid authentication mechanism
Oct 16 17:13:11 myserver postfix/smtpd[29869]: lost connection after AUTH from unknown[185.234.219.254]
Oct 16 17:13:11 myserver postfix/smtpd[29869]: disconnect from unknown[185.234.219.254]
Oct 16 17:15:53 myserver postfix/smtpd[29896]: warning: hostname 204.152.209.101.static.quadranet.com does not resolve to address 204.152.209.101
Oct 16 17:15:53 myserver postfix/smtpd[29896]: connect from unknown[204.152.209.101]
Oct 16 17:15:53 myserver postfix/smtpd[29896]: warning: unknown[204.152.209.101]: SASL LOGIN authentication failed: Invalid authentication mechanism
Oct 16 17:15:54 myserver postfix/smtpd[29896]: disconnect from unknown[204.152.209.101]
Oct 16 17:16:41 myserver postfix/smtpd[29896]: warning: hostname unassigned.quadranet.com does not resolve to address 192.161.170.229
Oct 16 17:16:41 myserver postfix/smtpd[29896]: connect from unknown[192.161.170.229]
Oct 16 17:16:42 myserver postfix/smtpd[29896]: Anonymous TLS connection established from unknown[192.161.170.229]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Oct 16 17:17:03 myserver postfix/smtpd[29896]: warning: eotzqh.kylieslowcase.fun.blackhole.securitysage.com: RBL lookup error: Host or domain name not found. Name service error for name=eotzqh.kylieslowcase.fun.blackhole.securitysage.com type=A: Host not found, try again
Oct 16 17:17:05 myserver postfix/smtpd[29896]: DA88C2607C5: client=unknown[192.161.170.229]
Oct 16 17:17:06 myserver postfix/cleanup[29903]: DA88C2607C5: message-id=
Oct 16 17:17:06 myserver postfix/qmgr[1238]: DA88C2607C5: from=, size=32258, nrcpt=1 (queue active)
Oct 16 17:17:06 myserver postfix/smtpd[29896]: disconnect from unknown[192.161.170.229]
Oct 16 17:17:08 myserver postfix/pickup[29368]: 3D6B4260878: uid=5001 from=
Oct 16 17:17:08 myserver postfix/pipe[29904]: DA88C2607C5: to=, relay=spamassassin, delay=26, delays=24/0.01/0/1.9, dsn=2.0.0, status=sent (delivered via spamassassin service)
Oct 16 17:17:08 myserver postfix/qmgr[1238]: DA88C2607C5: removed
Oct 16 17:17:08 myserver postfix/cleanup[29903]: 3D6B4260878: message-id=
Oct 16 17:17:08 myserver postfix/qmgr[1238]: 3D6B4260878: from=, size=32672, nrcpt=1 (queue active)
Oct 16 17:17:08 myserver postfix/pipe[29908]: 3D6B4260878: to=, relay=dovecot, delay=0.22, delays=0.07/0.01/0/0.14, dsn=2.0.0, status=sent (delivered via dovecot service)
Oct 16 17:17:08 myserver postfix/qmgr[1238]: 3D6B4260878: removed
Oct 16 17:17:51 myserver postfix/smtpd[29896]: connect from unknown[185.36.81.87]
Oct 16 17:17:51 myserver postfix/smtpd[29896]: warning: unknown[185.36.81.87]: SASL LOGIN authentication failed: Invalid authentication mechanism
Oct 16 17:17:51 myserver postfix/smtpd[29896]: lost connection after AUTH from unknown[185.36.81.87]
Oct 16 17:17:51 myserver postfix/smtpd[29896]: disconnect from unknown[185.36.81.87]
Oct 16 17:18:49 myserver postfix/smtpd[29896]: connect from unknown[187.55.179.130]
Oct 16 17:18:50 myserver postfix/smtpd[29896]: warning: unknown[187.55.179.130]: SASL LOGIN authentication failed: Invalid authentication mechanism
Oct 16 17:18:50 myserver postfix/smtpd[29896]: lost connection after AUTH from unknown[187.55.179.130]
Oct 16 17:18:50 myserver postfix/smtpd[29896]: disconnect from unknown[187.55.179.130]
Oct 16 17:19:50 myserver postfix/smtpd[29896]: warning: hostname 204.152.209.101.static.quadranet.com does not resolve to address 204.152.209.101
Oct 16 17:19:50 myserver postfix/smtpd[29896]: connect from unknown[204.152.209.101]
Oct 16 17:19:51 myserver postfix/smtpd[29896]: warning: unknown[204.152.209.101]: SASL LOGIN authentication failed: Invalid authentication mechanism
Oct 16 17:19:51 myserver postfix/smtpd[29896]: disconnect from unknown[204.152.209.101]
Oct 16 17:21:21 myserver postfix/anvil[29719]: statistics: max connection rate 1/60s for (smtp:177.143.199.94) at Oct 16 17:12:24

Continue reading

Allow IFrame in nginx

So the other day while working on this post I faced the issue that the map wasn’t showing as an IFrame, it was showing nothing but and empty white rectangle. This because by default nginx doesn’t allow X-Frames. In order to do this it is needed to edit file /etc/nginx/snippets/ssl-params.conf and change DENY to SAMEORIGIN as below:

grep "SAMEORI" /etc/nginx/snippets/ssl-params.conf 
add_header X-Frame-Options SAMEORIGIN;

References:
1) Nginx web
2) geekflare.com