Tag Archives: linux

Static IP with NetworkManager

Couple of days ago I had to configure a static IP on the Orange PI wifi interface. Had to use cli, since it is running as a server and there’s no need for a graphical interface. Below is the bash script I made:

#!/bin/bash

CONN="conn_name" # Enter connection name
SSID="myessid" # Define WIFI SSID
IP="192.168.1.15/24" # Enter IP, example "192.168.0.100/24"
GW="192.168.1.1" # Enter gateway
DNS="1.1.1.1,9.9.9.9" # Define DNS servers

nmcli dev wifi list
echo "Adding wifi ${CONN} to SSID ${SSID}."
nmcli connection add type wifi con-name ${CONN} ifname wlan0 ssid ${SSID}
echo "Configuring ${CONN} IP, GW and DNS."
nmcli connection modify ${CONN} ipv4.method manual ipv4.addresses ${IP} ipv4.gateway ${GW} ipv4.dns ${DNS}
echo "Configuring wifi security."
nmcli connection modify ${CONN} wifi-sec.key-mgmt wpa-psk
read -s -p "Enter wifi password: " PASSWORD
nmcli connection modify ${CONN} wifi-sec.psk  ${PASSWORD}
echo "Bringing up connection ${CONN}."
nmcli connection up ${CONN} 

Here are some resources I used:

Debian Wifi HowTo

Debian NetworkManager

networking with nmcli

LeetCode problem 167

Back online after quite some time. Lately I’ve been playing with leetcode, so below is solution to problem 167. This problem is an easy one and no complex structures are needed in order to solve it.

#!/usr/bin/env python

''' LeetCode problem 167 
Given a 1-indexed array of integers numbers that is already sorted in non-decreasing order, 
find two numbers such that they add up to a specific target number. 
Let these two numbers be numbers[index1] and numbers[index2] where 1 <= first < second <= numbers.length.
2 <= numbers.length <= 3 * 104
-1000 <= numbers[i] <= 1000
numbers is sorted in non-decreasing order.
-1000 <= target <= 1000
The tests are generated such that there is exactly one solution. '''

def twoSum(numbers, target):
	for i in numbers:
		if (target - i) in numbers[numbers.index(i)+1:]:
			return [numbers.index(i), numbers.index(i) + numbers[numbers.index(i)+1:].index(target - i)+1]


#twoSum([-5, -3, -1, 0, 10], -1)
print(f"{twoSum([-5, -3, -1, 0, 10], -1)}")
#twoSum([2, 7, 11, 15], 9)
print(f"{twoSum([2,7,11,15], 9)}")
#twoSum([2, 3, 4], 6)
print(f"{twoSum([2, 3, 4], 6)}")
#twoSum([5, 25, 75], 100)
print(f"{twoSum([5, 25,75], 100)}")
#twoSum([0, 0, 3, 4], 0)
print(f"{twoSum([0, 0, 3, 4], 0)}")

I'll try to post more often from now on. I'll try to make it at least once a week.

Running vsftpd on Docker

Happy 2019!!

Lately I’ve been playing around with docker and decided to create a dockerfile to have vsftpd running on CentOS. Below is my dockerfile:

# Dockerfile for vsftpd on CentOS
FROM centos:7

MAINTAINER xavi@xavignu.com

RUN yum -y update; yum -y install which vsftpd net-tools vsftpd-sysvinit; yum clean all

COPY vusers.txt /etc/vsftpd/
RUN db_load -T -t hash -f /etc/vsftpd/vusers.txt /etc/vsftpd/vsftpd-virtual-user.db; rm -v /etc/vsftpd/vusers.txt; \ 
	chmod 600 /etc/vsftpd/vsftpd-virtual-user.db
COPY vsftpd.conf /etc/vsftpd/
COPY vsftpd.virtual /etc/pam.d/
RUN mkdir -p /home/vftp/ftpuser; chown -R ftp:ftp /home/vftp

EXPOSE 20 21

CMD ["/usr/sbin/vsftpd","-obackground=NO"]

We need to create three files before building the image, one for vsftpd virtual users PAM, another vsftpd.conf file and another with the virtual users. vsftpd.conf below:

anonymous_enable=NO
local_enable=YES
virtual_use_local_privs=YES
write_enable=YES
local_umask=022
pam_service_name=vsftpd.virtual
guest_enable=YES
user_sub_token=$USER
local_root=/home/vftp/$USER
chroot_local_user=YES
allow_writeable_chroot=YES
hide_ids=YES
xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log

Pam file, store as vsftpd.virtual

#%PAM-1.0
auth       required     pam_userdb.so db=/etc/vsftpd/vsftpd-virtual-user
account    required     pam_userdb.so db=/etc/vsftpd/vsftpd-virtual-user
session    required     pam_loginuid.so

And at last a file with user and password, which we will store as vusers.txt

ftpuser
letmein

All these files shall be stored into the same directory in order for build to be successful. We proceed building.

docker build -t centos-vsftpd -f  centos-vsftpd . 
Sending build context to Docker daemon  10.24kB
Step 1/10 : FROM centos:7
 ---> 1e1148e4cc2c
Step 2/10 : MAINTAINER xavi@xavignu.com
 ---> Using cache
 ---> cb00764989e4
Step 3/10 : RUN yum -y update; yum -y install which vsftpd net-tools vsftpd-sysvinit; yum clean all
 ---> Using cache
 ---> 84bc55dc256f
Step 4/10 : COPY vusers.txt /etc/vsftpd/
 ---> Using cache
 ---> 922453bc2ba3
Step 5/10 : RUN db_load -T -t hash -f /etc/vsftpd/vusers.txt /etc/vsftpd/vsftpd-virtual-user.db; rm -v /etc/vsftpd/vusers.txt; 	chmod 600 /etc/vsftpd/vsftpd-virtual-user.db
 ---> Using cache
 ---> 3f0f5a3743af
Step 6/10 : COPY vsftpd.conf /etc/vsftpd/
 ---> Using cache
 ---> f6241c5dc497
Step 7/10 : COPY vsftpd.virtual /etc/pam.d/
 ---> b768b27a3496
Removing intermediate container 45326ecc02a0
Step 8/10 : RUN mkdir -p /home/vftp/ftpuser; chown -R ftp:ftp /home/vftp
 ---> Running in fb940a0b999f
 ---> 8afff06f270a
Removing intermediate container fb940a0b999f
Step 9/10 : EXPOSE 20 21
 ---> Running in 0a9bd172c74e
 ---> d07e65112275
Removing intermediate container 0a9bd172c74e
Step 10/10 : CMD /usr/sbin/vsftpd -obackground=NO
 ---> Running in 50f124e366ee
 ---> 0a571ecf1fed
Removing intermediate container 50f124e366ee
Successfully built 0a571ecf1fed
Successfully tagged centos-vsftpd:latest

We now start the vsftpd container and check its running.

docker run -d --name myftp centos-vsftpd:latest; docker ps 
1034cc745e43f67ae3a432ce8ebe37755b36eca2dc04f21102da2eaafe9dd832
CONTAINER ID        IMAGE                  COMMAND                  CREATED                  STATUS                  PORTS               NAMES
1034cc745e43        centos-vsftpd:latest   "/usr/sbin/vsftpd ..."   Less than a second ago   Up Less than a second   20-21/tcp           myftp

We connect to newly created ftp server and upload a test file.

ftp 172.17.0.2 
Connected to 172.17.0.2.
220 (vsFTPd 3.0.2)
Name (172.17.0.2:xavi): ftpuser
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> mput test.txt
mput test.txt? y
200 PORT command successful. Consider using PASV.
150 Ok to send data.
226 Transfer complete.
10 bytes sent in 0.00 secs (187.8005 kB/s)
ftp> 

And we check the creation and content of the uploaded file.

docker exec myftp cat  /home/vftp/ftpuser/test.txt
Test File

References:

OpenDKIM in Debian

Lately I’ve been playing with postfix and ways to validate my mail. That’s how I reached DKIM records. Something like ssh keys (a public and private key) but for mail. Installation in Debian GNU/Linux is pretty simple via apt-get as usual, we need to install opendkim and opendkim-tools.

dpkg -l | grep dkim
ii  libmail-dkim-perl              0.40-1                           all          cryptographically identify the sender of email - perl library
ii  libopendkim9                   2.9.2-2+deb8u1                   amd64        Library for signing and verifying DomainKeys Identified Mail signatures
ii  opendkim                       2.9.2-2+deb8u1                   amd64        Milter implementation of DomainKeys Identified Mail
ii  opendkim-tools                 2.9.2-2+deb8u1                   amd64        Set of command line tools for OpenDKIM

We need to open a port for opendkim (8891 in my case), we need to edit /etc/default/opendkim in order to do this as below.

grep -v "^#" /etc/default/opendkim 
SOCKET="inet:8891@localhost" # listen on loopback on port 8891

Continue reading

Spamassassin logs to a different file

Lately I’ve been looking at my mail logs and noticed that on them it gets written spam, postfix and dovecot messages among other, which is a little uncomfortable. We can use grep to filter, but perhaps a better approach is to send spamassassin logs to a different file.

tail /var/log/mail.log
Oct 16 17:13:11 myserver postfix/smtpd[29869]: connect from unknown[185.234.219.254]
Oct 16 17:13:11 myserver postfix/smtpd[29869]: warning: unknown[185.234.219.254]: SASL LOGIN authentication failed: Invalid authentication mechanism
Oct 16 17:13:11 myserver postfix/smtpd[29869]: lost connection after AUTH from unknown[185.234.219.254]
Oct 16 17:13:11 myserver postfix/smtpd[29869]: disconnect from unknown[185.234.219.254]
Oct 16 17:15:53 myserver postfix/smtpd[29896]: warning: hostname 204.152.209.101.static.quadranet.com does not resolve to address 204.152.209.101
Oct 16 17:15:53 myserver postfix/smtpd[29896]: connect from unknown[204.152.209.101]
Oct 16 17:15:53 myserver postfix/smtpd[29896]: warning: unknown[204.152.209.101]: SASL LOGIN authentication failed: Invalid authentication mechanism
Oct 16 17:15:54 myserver postfix/smtpd[29896]: disconnect from unknown[204.152.209.101]
Oct 16 17:16:41 myserver postfix/smtpd[29896]: warning: hostname unassigned.quadranet.com does not resolve to address 192.161.170.229
Oct 16 17:16:41 myserver postfix/smtpd[29896]: connect from unknown[192.161.170.229]
Oct 16 17:16:42 myserver postfix/smtpd[29896]: Anonymous TLS connection established from unknown[192.161.170.229]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Oct 16 17:17:03 myserver postfix/smtpd[29896]: warning: eotzqh.kylieslowcase.fun.blackhole.securitysage.com: RBL lookup error: Host or domain name not found. Name service error for name=eotzqh.kylieslowcase.fun.blackhole.securitysage.com type=A: Host not found, try again
Oct 16 17:17:05 myserver postfix/smtpd[29896]: DA88C2607C5: client=unknown[192.161.170.229]
Oct 16 17:17:06 myserver postfix/cleanup[29903]: DA88C2607C5: message-id=
Oct 16 17:17:06 myserver postfix/qmgr[1238]: DA88C2607C5: from=, size=32258, nrcpt=1 (queue active)
Oct 16 17:17:06 myserver postfix/smtpd[29896]: disconnect from unknown[192.161.170.229]
Oct 16 17:17:08 myserver postfix/pickup[29368]: 3D6B4260878: uid=5001 from=
Oct 16 17:17:08 myserver postfix/pipe[29904]: DA88C2607C5: to=, relay=spamassassin, delay=26, delays=24/0.01/0/1.9, dsn=2.0.0, status=sent (delivered via spamassassin service)
Oct 16 17:17:08 myserver postfix/qmgr[1238]: DA88C2607C5: removed
Oct 16 17:17:08 myserver postfix/cleanup[29903]: 3D6B4260878: message-id=
Oct 16 17:17:08 myserver postfix/qmgr[1238]: 3D6B4260878: from=, size=32672, nrcpt=1 (queue active)
Oct 16 17:17:08 myserver postfix/pipe[29908]: 3D6B4260878: to=, relay=dovecot, delay=0.22, delays=0.07/0.01/0/0.14, dsn=2.0.0, status=sent (delivered via dovecot service)
Oct 16 17:17:08 myserver postfix/qmgr[1238]: 3D6B4260878: removed
Oct 16 17:17:51 myserver postfix/smtpd[29896]: connect from unknown[185.36.81.87]
Oct 16 17:17:51 myserver postfix/smtpd[29896]: warning: unknown[185.36.81.87]: SASL LOGIN authentication failed: Invalid authentication mechanism
Oct 16 17:17:51 myserver postfix/smtpd[29896]: lost connection after AUTH from unknown[185.36.81.87]
Oct 16 17:17:51 myserver postfix/smtpd[29896]: disconnect from unknown[185.36.81.87]
Oct 16 17:18:49 myserver postfix/smtpd[29896]: connect from unknown[187.55.179.130]
Oct 16 17:18:50 myserver postfix/smtpd[29896]: warning: unknown[187.55.179.130]: SASL LOGIN authentication failed: Invalid authentication mechanism
Oct 16 17:18:50 myserver postfix/smtpd[29896]: lost connection after AUTH from unknown[187.55.179.130]
Oct 16 17:18:50 myserver postfix/smtpd[29896]: disconnect from unknown[187.55.179.130]
Oct 16 17:19:50 myserver postfix/smtpd[29896]: warning: hostname 204.152.209.101.static.quadranet.com does not resolve to address 204.152.209.101
Oct 16 17:19:50 myserver postfix/smtpd[29896]: connect from unknown[204.152.209.101]
Oct 16 17:19:51 myserver postfix/smtpd[29896]: warning: unknown[204.152.209.101]: SASL LOGIN authentication failed: Invalid authentication mechanism
Oct 16 17:19:51 myserver postfix/smtpd[29896]: disconnect from unknown[204.152.209.101]
Oct 16 17:21:21 myserver postfix/anvil[29719]: statistics: max connection rate 1/60s for (smtp:177.143.199.94) at Oct 16 17:12:24

Continue reading