Archive for category Tips

How to install LetsEncrypt certificate on Fedora Linux

Here are some quick notes on how I installed letsencrypt certificates on a couple of my old Fedora servers. This is meant to get you started fairly quickly especially if you know how to install web servers on Linux systems. While there is a client already available for Fedora 23, I found that on older versions, the apache plugin for letsencrypt does not work. For instance, when you run the command:

./letsencrypt-auto --apache -d mydomainname.com, you get an error like:

The apache plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError()

For earlier versions, you need to install the manual way i.e. generate a certificate. While that’s a few steps from the easy and automated promise of lets encrypt, you still can’t beat the price tag of Free!

Pull the sources for letsencrypt:

git clone https://github.com/letsencrypt/letsencrypt

Change to directory:

cd letsencrypt

Run the following command, and ofcourse replace the string mydomain.com with your domain:

./letsencrypt-auto certonly --standalone --agree-tos --email joe@mydomain.com -d mydomain.com

NOTE: For multiple domains, just add ‘-d mydomain.net’
Get help by running:

./letsencrypt-auto --help

If all goes well, you should see a congratulatory message, with the location of your free certificate chain! Use this in apache or nginx configuration

Keep in mind that the certificates are only vailid for three months, and you will need to do this again.

Use systemd in Linux like a Pro – A cheat sheet

As systemd becomes the default method of handling services in all major Linux distributions, below are some quick and easy-to-remember commands that will make you look like a pro.

systemctl

  • check for all running units
    systemctl
    TIP: To show all units, including in-active ones:
    systemctl list-unit-files
  • Check for failed units
    systemctl --failed
  • Start, stop, restart units
    systemctl start postfix.service
    systemctl restart postfix.service
    systemctl stop postfix.service
  • Check status of a specific unit
    systemctl status mysqld.service
    TIP: Use -l for detailed status
  • Enable or disable services
    systemctl enable firewalld.service
    systemctl disable NetworkManager.service
    TIP: If you disable a service, and it still runs,
    systemctl mask NetworkManager.service
    Use ‘unmask’ to restore it
  • See if a specific unit is enabled
    systemctl is-enabled iptables.service
  • Create a snapshot – useful for testing various targets
    systemctl snapshot example.snapshot
    TIP: To activate it:
    systemctl isolate example.snapshot
  • Reboot/poweroff/suspend your machine
    systemctl reboot
    systemctl poweroff
    systemctl suspend
  • Change current target – i.e. runlevel
    systemctl isolate graphical.target
  • To list current target
    systemctl list-units --type=target

systemd

  • See which units take a long time to start during boot up
    systemd-analyze blame
    TIP: You can plot the boot up using:
    systemd-analyze plot
  • See when a unit started and how long it took
    systemd-analyze critical-chain

journalctl

  • Create a running log like ‘tail -f /var/log/messages’
    journalctl -f -o cat --no-pager
  • Running log for a specific unit
    journalctl -f -o cat --no-pager -u httpd.service
  • See boot messages – like ‘dmesg’
    journalctl -b

Manage remote systems:
systemctl status sshd -H root@1.2.3.4

For detailed instructions on these and more commands, man as always is your best friend.

Customize your Linux desktop using the command line

With most Linux distros now using GNOME 3.10+, here are a few commands on changing the look and feel of your desktop using gsettings. Other CLI methods exist such as the popular GNOME tweak tool and Dconf.

Add apps to favorites bar
$ gsettings set org.gnome.shell favorite-apps "['google-chrome.desktop', 'evolution.desktop', 'nautilus.desktop', 'libreoffice-writer.desktop', 'libreoffice-calc.desktop', 'firefox.desktop', 'gnome-terminal.desktop', 'vlc.desktop', 'jitsi.desktop', 'gedit.desktop', 'gcalctool.desktop']"

Change show date and clock format
$ gsettings set org.gnome.desktop.interface clock-show-date true
gsettings set org.gnome.desktop.interface clock-format '12h'

Change background picture
$ gsettings set org.gnome.desktop.background picture-uri 'file:///usr/share/backgrounds/gnome/Sandstone.jpg'

Those are just but a few of the settings available for you to tweak. To see all of them, type:
$ gsettings list-keys .

Easily convert from VirtualBox to KVM in Linux

KVM
I have been converting some of my old VirtualBox images to KVM, which is the virtualization standard in Linux.

Its really easy, although, if you run into booting issues of the converted image, the last tip here will save you some time.

To convert from VirtualBox to KVM, look for your VDI images.

qemu-img convert -f vdi -O qcow2 [VBOX-IMAGE.vdi] [KVM-IMAGE.qcow2]

e.g. qemu-img convert -f vdi -O qcow2 FreeBSD-7.2.vdi FreeBSD-7.2.qcow2

You can now import the converted image using virt-manager or the CLI tool virt-install.

In Virtual Machine Manager, go to Disk 1 >> Advanced options and change ‘Storage format’ to qcow2.

This prevents boot errors like ‘boot failed: not a bootable disk’ when you launch the VM.

How to create an encrypted USB drive in Linux using the command line

Recently, I was tasked to write a backup program for a small office. A key requirement was that the portable backup drive they are using needed to be encrypted since it would have to be ferried off site on a daily basis. The idea was that, if the drive fell in the ‘wrong hands’ during transportation, the client’s data would be secure. With encryption, I was able to meet this need.
I thought I would break the silence with a how-to on encryption using the Linux command line interface – not exciting but quite necessary these days.

Encrypting data in Linux is very simple, and I would highly recommend it for such things as USB flash and portable hard disks. Most Linux distributions come with an encryption tool called cryptsetup.
If you do not have it , install it using yum or apt-get depending on your package manager. For Red hat based distros, use

# yum install cryptsetup

As always, you need to backup your data before you proceed. I will assume you have already created a new partition on your device e.g. /dev/sdX1. If you need to partition, refer to the venerable ‘fdisk’ utility

Create the encrypted volume

# cryptsetup -v -y luksFormat /dev/sdX1
Confirm that you want to proceed by typing “YES”
Enter your passphrase when prompted. You will be asked to verify it
Once you have created the encrypted volume, you can proceed to format it

# cryptsetup luksOpen /dev/sdX1 mydata
# mkfs.ext3 /dev/mapper/mydata

Here you can choose other file formats such as FAT32, EXT4 etc

Create a mount point

# mkdir /mnt/mydata

Mount the new volume

# mount /dev/mapper/mydata /mnt/mydata
You can then write your data to the mounted and encrypted volume at /mnt/mydata

To close the volume

# umount /dev/mapper/mydata
# cryptsetup luksClose mydata

Note: if you are using a desktop such as GNOME, you will be prompted for a passphrase every time you insert the disk, so you do not have to mount the disk manually, but then again, we are talking about the command line here!

That’s it for now

Mobile SMS gateway server using Linux

Like many parts of Africa, SMS messages in Uganda continue to play a big role in the way people communicate. For the majority, the mobile phone is the first tech device and as such the use of SMS messages to send information in bulk and real time makes it ideal in fields such as health. As a Linux administrator, this is something you can do at little or no cost.

I thought, I would share these GSM SMS/WAP gateways available for Linux

1.Kannel: By far the most widely used open source software. It can be used to serve the established user base with SMS capable handsets as well as the early adopters with their WAP terminals. Learn more at:
Kannel
2.SMS Server Tools: SmsTools
3.PointSMS: an easy-to-use program that enables you build your own SMS gateway. Learn more at PontSMS

Setting up an SMS gateway using Linux is fairly easy, and if you use kannel for example, you will be able to send and receive bulk SMS messages in no time. I have tested Kannel with our local mobile operators like Uganda Telecom, and it works pretty well using your typical 3G modem dongles, like Huawei E220, and E173s.

If you are interested in instructions on how to install and configure the server… drop me a comment.

PulseAudio – How to control the volume of individual applications via CLI

Using the Gnome interface, its pretty easy to adjust the volume of running audio based applications i.e. Go to sound Preferences >> Applications Tab. When using the Command Line interface (CLI) on the other hand, Its not that straight forward.

At the command prompt, run the following command:
pactl list | grep -A16 ‘Sink Input’ | more

The above command will give you details of your running streams or in ‘pulseaudio speak’ Sink Inputs (go figure). Take note of the Index number of the Sink Input you wish to control.

To control the volume of your application:
To mute: pactl set-sink-input-mute [sink Index no.] 1
To unmute: pactl set-sink-input-mute [sink Index no.] 0
To set Volume: pactl set-sink-input-volume [sink Index no.] 65535 (0-65535)

Hauppauge WinTV MiniStick on Linux – Digital TV in Uganda

As Uganda prepares to migrate to digital TV broadcasts in 2012, I have been testing some of the pilot broadcasts out there. I’m using Linux i.e. Fedora 12 – Kernel version: 2.6.32.21-168.fc12.i686 and an off-the shelf USB Hauppauge WinTV MiniStick.

– The first major task is to get the DVB-T USB stick to be recognized.
– Open the terminal: run the command ‘tail -f /var/log/messages’

The first time you insert the USB Stick. It will not be recognized out of the box as shown in the following errors:

firmware: requesting sms1xxx-hcw-55xxx-dvbt-02.fw
firmware.sh[4212]: Cannot find firmware file ‘sms1xxx-hcw-55xxx-dvbt-02.fw

– Remove WinTV USB stick

– cd /lib/firmware/

– wget -c http://www.steventoth.net/linux/sms1xxx/sms1xxx-hcw-55xxx-dvbt-02.fw

– Plug in Stick again

– This time it is recognized and you’ll see the following in the log:

kernel: DVB: registering new adapter (Hauppauge WinTV MiniStick)
kernel: DVB: registering adapter 0 frontend 0 (Siano Mobile Digital MDTV Receiver)…

– OK, time to scan for some channels. I have whipped up a quick and dirty script that will allow you to scan for free view channels in your area.

– Download the script at: My DVB-T Scan Script
NOTE: For this script you need to first install w_scan utility i.e. In Fedora, yum -vy install w_scan

– Run the script i.e. sh vb_scan_ug.sh (You may need to first make it executable – chmod 755 vb_scan_ug.sh)

– After a successful run, the script will place your channels file to the appropriate location.

– Time to play. Open your favorite media application. I am using xine.
Run the command: xine dvb:// (You can also use the GUI – click on DVB)

Enjoy

Huawei E1752 USB Modem supported on Linux

Its been a while, but as always, am back with a linux tip especially for all users who are served by Orange telecommunication company. Here in Uganda, Orange recently started selling these USB 3G Modems from Huawei. These E1752 models are not automatically detected in stock linux distributions such Fedora, Ubuntu, etc.

The Fix is simple.

1.Make sure you install the packages for usb_modeswitch. In Fedora, at the command prompt type:
yum -vy install usb_modeswitch

2.Finally append the following text to: /etc/usb_modeswitch.conf
###################
## Huawei E1752 #
###################

DefaultVendor= 0x12d1
DefaultProduct= 0x1446

TargetVendor= 0x12d1
TargetProdct= 0x1001

MessageEndpoint= 0x01

MessageContent=
“55534243000000000000000000000011060000000000000000000000000000”

3.That’s it! Next time you plug that little thing in any usb port, it will detect it as a modem. Then you can proceed to setup your connection using your favorite tool. In Fedora, I use Network Manager

TIP: FM Radio sound using SAA713X based Tuner cards in Linux

During setup and configuration of the AExBox, a multimedia home entertainment and Automation box, I ran across an issue where no sound was emitted from an SAA7134 chipset based card in linux.

The solution is simple.

Use a either radio or fm (part of the fmtools package) to tune the card. For example, ‘fm -q -d /dev/radioX’ -T forever 94.8 65535′. Then using the command line, run ‘aplay /dev/dspX’ where X is the SAA7134 device no. of the tuner card. You can script this process for convenience.

Hope this helps you all home media center enthusiasts out there.