Category Archives: Linux

Gnome: Start ownCloud Desktop Client minimized

Today I solved the annoying behave of not minimized ownCloud Desktop Client under Gnome during logon startup.

System: Arch Linux
Gnome: 3.26.2
ownCloud Desktop Client: 2.4.0

1. Create a helper script

touch ~/scripts/start_owncloud_minimized.sh
chmod u+x ~/scripts/start_owncloud_minimized.sh
vim ~/scripts/start_owncloud_minimized.sh

Content of start_owncloud_minimized.sh:

#!/bin/bash
FULLSCREEN_TIMEOUT=5
WINDOW_NAME=”ownCloud”

owncloud &

sleep $FULLSCREEN_TIMEOUT
wmid=`wmctrl -l | grep $WINDOW_NAME | cut -f 1 -d ” “`
xdotool windowfocus $wmid; xdotool key “Escape”

2. Create the startup routine

vim ~/.config/autostart/ownCloud.desktop

Content of ownCloud.desktop:

IMPORTANT: Set your home folder in “Exec” line.

[Desktop Entry]
Name=ownCloud
GenericName=File Synchronizer
Exec=/home/username/scripts/start_owncloud_minimized.sh
Terminal=false
Icon=owncloud
Categories=Network
Type=Application
StartupNotify=false
X-GNOME-Autostart-enabled=true

3. Done

Re-Login and see how the ownCloud Desktop Client magically disappear into the background.

UniFi Security Gateway: Add an additional public IP with NAT

The UniFi Controller has no UI configuration to assign an additional IP for the UniFi Security Gateway (USG). Hopefully this will be added from Ubiquiti in the future.

Date: 25.12.2017
Controller Version: 5.6.26
Firmware: 4.4.12.5032482

 

After many hours of reading, try and error I was able to solve this task. This guide is focused on people with network basics, therefore I will not cover technically explanations.

Goal:

NAT Public IP 10.0.0.2 on Port 80/TCP to internal server 192.168.0.2 on Port 8080/TCP.

Solution:

Overview:

  1. Test if the Port is closed
  2. Add the additional IP to the gateway
  3. Create a DNAT rule from WAN to LAN
  4. Create a SNAT rule from LAN to WAN
  5. Create a Firewall rule to allow traffic from WAN to LAN
  6. Apply changes
  7. Test if the Port is now open

NOTE: You can also add this with CLI commands but it will not persist after changes made from the Web-Interface.

Step 1

Test with NMAP from WAN/Internet

nmap -n -Pn -p 80 10.0.0.2

If this Port is open you should check your network setup because something is responding to 80/TCP and the next steps will potentially lead to undesired results.

Step 2-4

We need to create or append config.gateway.json inside the UniFi Controller. Place this file inside the site configuration, e.g. for the default page but the file inside “data/sites/default”

Content of config.gateway.json:

{
    "interfaces": {
        "ethernet": {
            "eth0": {
                "address": [
                    "10.0.0.1/29",
                    "10.0.0.2/29"
                ],
                "firewall": {
                    "in": {
                        "name": "WAN_IN"
                    },   
                    "local": {
                        "name": "WAN_LOCAL"
                    },   
                    "out": {
                        "name": "WAN_OUT"
                    }
                }
            }
        }
    },
    "service": {
        "nat": {
            "rule": {
                "3000": {
                    "description": "DNAT 10.0.0.2 TCP/8080 to 192.168.0.2",
                    "destination": {
                        "address": "10.0.0.2",
                        "port": "80"
                    },   
                    "inbound-interface": "eth0",
                    "inside-address": {
                        "address": "192.168.0.2",
                        "port": "8080"
                    },   
                    "log": "enable",
                    "protocol": "tcp",
                    "type": "destination"
                },
                "5000": {
                    "description": "SNAT 192.168.0.2 TCP/8080 to 10.0.0.2",
                    "log": "enable",
                    "outbound-interface": "eth0",
                    "outside-address": {
                        "address": "10.0.0.2",
                        "port": "80"
                    },   
                    "protocol": "tcp",
                    "source": {
                        "address": "192.168.0.2",
                        "port": "8080"
                    },   
                    "type": "source"
                }
            }
        }
    },
    "firewall": {
        "name": {
            "WAN_IN": {
                "default-action": "drop",
                "rule": {
                    "1000": {
                        "action": "accept",
                        "description": "NAT 10.0.0.2 TCP/8080 to 192.168.0.2",
                        "destination": {
                            "address": "192.168.0.2",
                            "port": "8080"
                        },
                        "log": "enable",
                        "protocol": "tcp"
                    },   
                }
            }
        }
    }
}

Step 5

Now it’s time to apply these rules to the USG. To do this log in to your UniFi Controller and force provisioning

Step 6

Test with NMAP from WAN/Internet

nmap -n -Pn -p 80 10.0.0.2

Install self-signed certificate for curl (and others)

These are the steps to install a self-signed certificate so you can avoid using the “–insecure” switch for curl and others which communicate over SSL/TLS.

For me it was necessary to communicate safe over the network with my tool written in  ruby

Test environment:

  • Server: debian 7 (Raspberry PI) with owncloud 9
  • Client: centOS 7

HOST=rpi01
PORT=443
FILE=$HOST.pem
# Test first if you get an certificate error
curl -v -O remote.php https://$HOST/owncloud/remote.php
# Download the certificate
openssl s_client -showcerts -connect $HOST:$PORT </dev/null | openssl x509 -outform PEM > $FILE
# Install the certificate into nssdb
certutil -d sql:/etc/pki/nssdb -A -t “P,,” -n $HOST -i $FILE
# List if the certificate are inside the database
certutil -d sql:/etc/pki/nssdb -L -n $HOST
# Download the test file again.
curl -v -O remote.php https://$HOST/owncloud/remote.php

Registrierkassen-Software cbird unter Linux verwenden

tux-cbirdDa ich bei einigen meiner Kunden die hervorragende Registrierkassen-Software cbird der Firma usoft e.U. verwende und diese in Java geschrieben musste ich natürlich gleich testen ob diese nicht auch unter Linux laufen könnte.

Mit ein paar kleinen Kniffen läuft Sie auch unter Linux ohne Funktionseinschränkungen, Drucken, Sichern, PDF export, …

Dank der Genehmigung von usoft habe ich Skripts, eine Anleitung und weitere Informationen auf einem GitHub Repository veröffentlicht.

Falls Ihr Wünsche, Fehler oder sonstiges anmerken möchtet erstellt bitte auf GitHub einen Eintrag oder direkt hier im Blog. Direkt im Blog kann es etwas dauern da ich Aufgrund der vielen Blog-Spambots nur ab und zu die Kommentare durchsehe 😉

zum GitHub Repository

Nagios check to verify open files counter

I published my Nagios checks to monitor the open files counter for special users and for the whole system. You can chek it out on github and nagiosexchange.

check_open_files

https://github.com/wefixit-AT/nagios_check_all_open_files

https://exchange.nagios.org/directory/Plugins/Operating-Systems/check_open_files-2Esh/details

check_all_open_files

https://github.com/wefixit-AT/nagios_check_all_open_files

https://exchange.nagios.org/directory/Plugins/Operating-Systems/check_all_open_files-2Esh/details

oVirtBackup: online full-backup tool for oVirt

I wrote the last days a little Tool to get in touch with Python (first time) and solved a little backup problem since I switched from vmware esxi to oVirt.

The Tool creates a full backup and export it to a NFS share (export domain).

Requests:

  • NFS share which are connected to the ovirt-engine where the backups will be stored

Workflow:

  • Create a snapshot
  • Clone the snapshot into a new VM
  • Delete the snapshot
  • Export the VM to the NFS share
  • Delete the VM

Configuration:

  • It is possible to set the age in days how long the backup should be hold

You can find it on github:

https://github.com/wefixit-AT/oVirtBackup

WARNING: Wrong configuration can delete your existent backup !!! Please test it first with a new clean VM !!!

Note: With the current Python API (ovirtsdk) it is not possible to export a snapshot directly to the NFS share so it is necessary to create first a temporary VM

BackupPC broken after upgrade

If you get this error after you installed the latest update:

Error: Unable to connect to BackupPC server

This CGI script (/BackupPC) is unable to connect to the BackupPC server on server port -1.
The error was: unix connect: No such file or directory.
Perhaps the BackupPC server is not running or there is a configuration error. Please report this to your Sys Admin.

Maybe this will help

mkdir /var/run/BackupPC

chown backuppc:backuppc /var/run/BackupPC

systemctl restart backuppc

BackupPC for workstations

Today I publish my script to do daily backups on a BackupPC Server http://backuppc.sourceforge.net/ on workstations which are not online all the time. BackupPC is normally used to do daily backups from servers, but this is a problem for workstations which are normally offline on backup times like 3:00AM (I heard people sleep during this time (wired)).

Therefore there are some solutions:

  1. Disable automatically backup in BackupPC and make in manually by clicking on the backup button in the webinterface
  2. Turn on the workstations in the night with wake-on-lan and power them off after the backup is done. This was my solution before i wrote this script which is also not so easy for example: whats do you do when somebody is working on the workstation after backup is finished. You can’t turn them off, but you can try 😀
  3. Use my script which can be used in a cronjob to run every minute, add it to the startup script, run it only at a given time and many more

What will the script do?

It starts the backup process on the BackupPC server as a ssh command, checks the backup state, save the last backup time to avoid to often backups and stores a pid so it run as singleton

Preparation for BackupPC:

  • Configure the workstations in BackupPC like a normal server
  • Test the backup
  • Disable the automatically backup “BackupsDisable=1”
  • Done

Where to find the script?

Indeed on github 😉 https://github.com/wefixit-AT/backupPCworkstationScript

I hope this will help others to, comments are welcome

Missing predefs.h during compiling sources

Today I compiled freerdp (www.freerdp.com) from the latest sources to connect to a rdp connection through a rdp-gateway.

Durring compilation I get the following error:

[  0%] Building C object winpr/libwinpr/CMakeFiles/winpr.dir/synch/address.c.o
In file included from /usr/include/stdio.h:28:0,
from <folder>/FreeRDP.git/winpr/include/winpr/synch.h:25,
from <folder>/FreeRDP.git/winpr/libwinpr/synch/address.c:24:
/usr/include/features.h:323:26: fatal error: bits/predefs.h: No such file or directory
#include <bits/predefs.h>
^
compilation terminated.
make[2]: *** [winpr/libwinpr/CMakeFiles/winpr.dir/synch/address.c.o] Error 1
make[1]: *** [winpr/libwinpr/CMakeFiles/winpr.dir/all] Error 2
make: *** [all] Error 2

It was clear that the problem must be anywhere around the libc6 libraries, but where 🙂

Remove and install of libc6-dev, build-essential and gcc-multilib doesn’t help. But after many hourse (no a joke after some minutes) I found it.

Here are the solution (yes it can be so easy):

apt-get install –reinstall libc6-dev

have a nice day

(This was all done under Ubuntu 14.04 amd64)

802.1x Repeater Version 0.2

v0.2 ist fertig, habe den zusätzlichen Router aus v0.1 durch einen besseren WLAN-Stick ersetzt. Es war nicht so einfach einen Stick zu finden der den passenden Chip verwendet um einen AccessPoint zu erstellen. Anschließend noch ein paar Stunden investiert um den Treiber ein wenig zu ändern und am Raspberry Pi kompiliert zu bekommen.

So sieht ihr v0.2:

DSC_6838

Nützliche Links: