My Little Pocket Universe
While I was updating some settings with my bind server on Ubuntu 20, I noticed a lot of queries for “pizzaseo.com”, which appears to be some kind of marketing company trying to scrape for data. On reading out in forums about it, apparently they’re looking for vulnerable pi-hole servers that are exposed to the internet. … Read more
Sometimes it’s desirable to have a back door into a system that is behind a firewall. ssh is a security person’s best friend, and worst nightmare. This is more in the latter category, but as an admin, incredibly useful. I have a server that I can get outbound connections to anywhere, but do not have … Read more
When I was installing Ubuntu linux, I tried to set up 20.04.2 with LACP bonding during the install, and the installer kept crashing. So, to get through the install, I just configured one port with the basic info, and then updated the OS after to have the bonding. I do recommend that you make the … Read more
Traditionally, on *nix systems, cron (or one of its derivatives) is used. It’s possible to use cron on the Mac, but it’s deprecated. launchd is the preferred method. The set up is a little more complex because it’s a bit of XML code, but it’s very straightforward. See the launchd.plist man page or the launchd … Read more
Finding good documents on how to set up a site-to-site VPN with a Ubiquiti UDM to a non-Ubiquiti node (i.e. linux) has been a challenge. The documents on Ubiquiti’s site are laughably incomplete (and generally way out of date). So I am working through each of the steps and trying to shoe horn in a … Read more
For Ubuntu: Update /etc/default/grub and add the quoted text to whatever is already there. GRUB_CMDLINE_LINUX_DEFAULT=”consoleblank=0 vt.cur_default=6 vt.color=2″ This will also set it so the console never blanks; adjust “consoleblank” to your own tastes (in seconds). After updating, you need to run a command to commit the changes to the kernel at next boot: /usr/sbin/update-grub For … Read more
I used these two sites to figure out how to get DKIM working: https://wiki.debian.org/opendkim https://www.linuxbabe.com/mail-server/setting-up-dkim-and-spf Install opendkim and opendkim-tools cd /etc/dkimkeys opendkim-genkey -t -s mail -d technomancer.com Edit /etc/opendkim.conf: Domain technomancer.com KeyFile /etc/dkimkeys/mail.private Selector mail Socket local:/var/spool/postfix/opendkim/opendkim.sock # Specify the list of keys KeyTable file:/etc/dkimkeys/keytable # Match keys and domains. To use regular expressions in … Read more
Install the bind9 packages. Make sure it’s enabled in named.conf.options: dnssec-validation auto; dnssec-lookaside auto; # Need to look up what this one is Generate the keys (pick an appropriate algorithm; today (22 Mar 2021),ECDSAP384SHA384 seems to be the “ideal”): dnssec-keygen -a ECDSAP384SHA384 -b 4096 -n ZONE technomancer.comdnssec-keygen -f KSK -a ECDSAP384SHA384 -b 4096 -n ZONE … Read more
Add client to /etc/freeradius/3.0/clients.conf client someclient.tek { ipaddr=172.22.42.4 secret=xxxxxxxxxxxxxxxxx shortname=internal-network login = !root } Set daemon to run with group shadow in /etc/freeradius/3.0/radiusd.conf Uncomment unix type in /etc/freeradius/3.0/sites-available/default to enable reading of passwd/shadow information.
To set the timezone in Ubuntu 20: timedatectl set-timezone America/New_York