Add, List, and Delete iptable rules

Add iptable rule

The following rule rejects access to port 22 on all devices except ones on the 192.168.1.0/24 network.  Note the “!”.  This command can be useful for a WHM/cPanel server to limit ssh access.

iptables -A INPUT ! -s 192.168.1.0/24 -p tcp --dport 22 -j REJECT

List iptable rules with line numbers

iptables -L --line-numbers

Example output

root@localhost [~]# iptables -L --line-numbers
Chain INPUT (policy ACCEPT)Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 REJECT tcp -- !192.168.1.11 anywhere tcp dpt:ssh reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)
num target prot opt source destination

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- anywhere anywhere multiport dports smtp,urd,submission owner GID match mailman
2 cpanel-dovecot-solr all -- anywhere anywhere

Chain cpanel-dovecot-solr (1 references)
num target prot opt source destination
1 ACCEPT tcp -- anywhere anywhere multiport sports 8984,7984 owner UID match cpanelsolr

Remove iptable rule

To delete a rule use the -D option with the Chain and the line number.  So to delete the first rule in the example output above, we would specify the INPUT chain and the the line number 1

 iptables -D INPUT 1

 

Upgrade Firmware on Ubiquiti Airmax Equipment from the Command Line/SSH

Upgrading the firmware via the command line is super easy.  Basic steps are

  1. Upload firmware file to radio using ftp, scp, or download directly to radio using wget
  2. Move the firmware the /tmp and rename to fwupdate.bin
  3. Upgrade the firmware by running
ubntbox fwupdate.real -m fwupdate.bin

More Detail explanation

Downloading Firmware to Radio

There are a couple of ways to get the firmware uploaded to the radio

  1. Download from Ubiquiti’s website and upload via ftp, scp, filezilla or like
  2. Download directly to the radio using wget

Using wget

ssh into the radio.  Change username and ip address as needed.

ssh ubnt@192.168.1.20

cd to the /tmp directory

cd /tmp

Find the firmware file on Ubiquiti’s website, accept the terms, copy the link and paste the link in the terminal after wget.  Replace the below link with the appropriate firmware link.

wget https://dl.ubnt.com/firmwares/XC-fw/v8.4.2/WA.v8.4.2.35930.171017.1722.bin

Installing Firmware

Rename firmware

mv *.bin fwupdate.bin

Start the upgrade

ubntbox fwupdate.real -m fwupdate.bin

The radio will now upgrade and reboot

Another Method.  Using the ubntmod.sh script

Another way to upgrade a radios firmware from the command line is to use the UBNTMOD tool.  More info on the UBNTMOD script is available here.

Make sure you have the firmware downloaded to your computer and run ubntmod.sh with the “-U” upgrade option.

Example,

bob@localhost:~$ ./ubntmod.sh -i 192.168.1.20 -U WA.v8.4.2.35930.171017.1722.bin

Moving emails to new host with imapsync

More info about imapsync here

Install imapsync

CentOS 7, Works on cPanel servers too

yum install epel-release && yum install imapsync

Once installed check and make sure it works.

imapsync --version

If it gives you the version number you should be good to go.

Move email account

imapsync --host1 mail.emaildomain.com --user1 username@emaildomain.com --password1  "password1" --host2 mail.exampledomain.com --user2 username@movetodomain.com --password2  "password2"

Example :

imapsync --host1 mail.myemail.com --user1 bob@myemail.com --password1  "password1" --host2 mail.incredigeek.com --user2 bob@incredigeek.com --password2  "password2"

Moving Multiple accounts

Best way to move multiple accounts is to use a script and and a list that contains all the usernames and passwords to the accounts you want to move.

example scripts can be found on the imapsync website here is a script example and here is the example file.txt

Example script.

#!/bin/sh
#
# $Id: sync_loop_unix.sh,v 1.6 2015/11/04 18:23:04 gilles Exp gilles $

# Example for imapsync massive migration on Unix systems.
# See also http://imapsync.lamiral.info/FAQ.d/FAQ.Massive.txt
#
# Data is supposed to be in file.txt in the following format:
# host001_1;user001_1;password001_1;host001_2;user001_2;password001_2;
# ...
# Separator is character semi-colon ";" it can be changed by any character changing IFS=';' 
# in the while loop below.
# # Each line contains 6 columns, columns are parameter values for 
# --host1 --user1 --password1 --host2 --user2 --password2
# and a trailing empty fake column to avaid CR LF part going 
# in the 6th parameter password2. Don't forget the last semicolon.
#
# You can add extra options after the variable "$@" 
# Use character backslash \ at the end of each suplementary line, except for the last one.
# You can also pass extra options via the parameters of this script since
# they will be in "$@"

# The credentials filename "file.txt" used for the loop can be renamed 
# by changing "file.txt" below.


echo Looping on account credentials found in file.txt
echo

{ while IFS=';' read  h1 u1 p1 h2 u2 p2 fake
    do 
        { echo "$h1" | egrep "^#" ; } > /dev/null && continue # this skip commented lines in file.txt
        echo "==== Starting imapsync from host1 $h1 user1 $u1 to host2 $h2 user2 $u2 ===="
        imapsync --host1 "$h1" --user1 "$u1" --password1 "$p1" \
                 --host2 "$h2" --user2 "$u2" --password2 "$p2" \
                 "$@"  
        echo "==== Ended imapsync from host1 $h1 user1 $u1 to host2 $h2 user2 $u2 ===="
        echo
    done 
} < file.txt

Example list of accounts to

mail.maildomain.com;user1@incredigeek.com;password1;mail.incredigeek.com;user2@incredigeek.com;password2;

 

How to use,

You can run these command from a Linux computer

Download script

wget www.incredigeek.com/home/downloads/imapsync/imapsync_loop.sh

Make the script executable

chmod +x imapsync_loop.sh

Create a text file named “imapsync_list.txt”

This file will contain the mail server to transfer from, username, and password, and then the mail server to transfer to, username and password.  Add one line per account.

Example:

mail.servertotransferfrom.com;Username1;Password1;mail.servertomoveto.com;Username2;Password2;
mail.servertotransferfrom.com;testuser;123456;mail.servertomoveto.com;bob;123456;

Execute the script to start moving mail

./imapsync_loop.sh

Troubleshooting

In the username you may need to use the username@domainname.tld, so if the username is bob, and the mail domain is incredigeek.com, use bob@incredigeek.com for the username in the imapsync_list.txt.

Install Slackcat on Raspberry Pi (Raspbian)

Slackcat allows you to send Slack messages from the Linux command line.

Update pi

sudo apt-get update

Install Ruby and other components

sudo apt-get install ruby1.9.1 ruby ruby-dev rubygems

Install Slackcat

sudo gem install slackcat

Use Slackcat.  You will need to generate an API Key from Slacks website.

echo "Hello World" | slackcat -k API-KEY -p --channels=#CHANNEL_NAME

Examples :
Send to Channel

echo "Hello World" | slackcat -k xoxp-94827839414-94819543146-441447827184-h7dt2hg2h8ggs7d24ce638edrw9q8def -p --channels=#General

Send Direct Message

echo "Hello World" | slackcat -k xoxp-94827839414-94819543146-441447827184-h7dt2hg2h8ggs7d24ce638edrw9q8def -p --users=#General

 

Run Speedtest on Ubiquiti Devices from Command Line

This utilizes iperf to test the speed between two Ubiquiti devices.

SSH into first device and start iperf server on one device

iperf -s

SSH into the second device and run the following command to start the speedtest.  Change the ip address to the iperf server ip.

iperf -c 192.168.1.20 -P5

The “-P” Option sets the thread count to 5.  It makes the test a little bit more realistic.

Example:

XM.v5.6.9# iperf -c 192.168.1.20 -P5
------------------------------------------------------------
Client connecting to 192.168.1.20, TCP port 5001
TCP window size: 16.0 KByte (default)
------------------------------------------------------------
[  5] local 192.168.1.1 port 51493 connected with 192.168.1.20 port 5001
[  9] local 192.168.1.1 port 51497 connected with 192.168.1.20 port 5001
[  6] local 192.168.1.1 port 51494 connected with 192.168.1.20 port 5001
[  8] local 192.168.1.1 port 51496 connected with 192.168.1.20 port 5001
[  7] local 192.168.1.1 port 51495 connected with 192.168.1.20 port 5001

[ ID] Interval       Transfer     Bandwidth
[  9]  0.0-10.0 sec  4.91 MBytes  4.12 Mbits/sec
[ ID] Interval       Transfer     Bandwidth
[  6]  0.0-10.0 sec  4.97 MBytes  4.16 Mbits/sec
[ ID] Interval       Transfer     Bandwidth
[  8]  0.0-10.0 sec  4.86 MBytes  4.08 Mbits/sec
[ ID] Interval       Transfer     Bandwidth
[  7]  0.0-10.0 sec  4.94 MBytes  4.13 Mbits/sec
[ ID] Interval       Transfer     Bandwidth
[  5]  0.0-10.0 sec  5.00 MBytes  4.19 Mbits/sec
[SUM]  0.0-10.0 sec  24.7 MBytes  20.7 Mbits/sec
XM.v5.6.9# 

 

Cannot open mailbox /var/mail/pi: Permission denied

This is on a Raspberry Pi, but should be the same on any Linux distro.

Error :

pi@raspberrypi:~ $ mail
Cannot open mailbox /var/mail/pi: Permission denied
No mail for pi
pi@raspberrypi:~ $ 

Fix :

sudo touch /var/mail/$USER
sudo chown $USER:mail /var/mail/$USER
sudo chmod 660 /var/mail/$USER

You can replace “$USER” if you need to run the commands for a different account.
Example:

sudo touch /var/mail/pi
sudo chown pi:mail /var/mail/pi
sudo chmod 660 /var/mail/pi

How To export private SSH key on Linux

All that needs to be done is the “id_rsa” key needs to be copied to the “new” host.  You can do this with SCP or sftp.

Example with SCP

The following examples are showing how to export a RSA private key, if your using DSA, then replace id_rsa with id_dsa.

Copy private key from remote server to local machine for the local user

scp root@192.168.1.1:~/.ssh/id_rsa ~/.ssh/

Copy private key from localhost to remote host.  This command copies the local users private key to the root user @ 192.168.1.1

scp ~/.ssh/id_rsa root@192.168.1.1:~/.ssh/

 

How to install WordPress via ssh

Quick look at the commands.  Skip below to view the explanation of the commands

ssh steve@incredigeek.com
cd ~/
wget https://wordpress.org/latest.tar.gz
tar zxvf latest.tar.gz
vi wordpress/wp-config.php   <-- Edit MySQL settings
mv -R wordpress/ /var/www/html/
exit
steve@localhost ~: chrome incredigeek.com/

 

SSH into your webserver

ssh bob@yourserver.com

Download the latest version of WordPress

cd ~/ && wget https://wordpress.org/latest.tar.gz

Extract the WordPress archive

tar zxvf latest.tar.gz

Create MySQL database and user

Refer to here if you want to do it from the command line.  The recommended way is through your web control panel i.e. cPanel, Plesk, EHCP etc.

Edit wp-config.php

Enter in the DB information.

vi wordpress/wp-config.php

Move WordPress files to web directory

mv -R wordpress/* /path/to/webdir

If you want to install WordPress inside a sub directory on your website i.e. instead of going to “example.com” to access your WordPress site, you go to “example.com/wordpress”, then create a sub directory in your root web directory and move the WordPress files there.

Open up a browser and go to your website (example.com) to finish the WordPress installation.

 

How to add extra space to Linux VM in XenServer

Before we start you will need to do the following in XenCenter

  • Shutdown the VM
  • Increase the virtual hard drive size of the Linux VM
  • Boot the VM back up

Before starting any of the following, it is a good idea to backup any data you would not want to lose.  You should not lose any data following these steps, but there is always the possibility for something to go wrong.

What is going to happen

  1. Delete the main partition.  We are going to recreate it.
  2. Create a new partition that starts on the same boundary as the previous partition
  3. Write changes to disk and reboot
  4. Resize the Disk
  5. Check that everything went well

The path to the disk is “/dev/xvda” the LVM path/name is “/dev/VolGroup/lv_root”  The goal is to increase lv_root’s size from about 8GB to about 12GB. If for some reason your drive is not “xvda” or your LVM name is different, change the commands accordingly.

Here are the commands in a nutshell.

fdisk /dev/xvda                        <-- Edit the Partition Table
reboot                                 <-- Reboot to apply the partition table updates
pvdisplay                              <-- Display Physical Volume info
pvresize /dev/xvda2                    <-- Resize Physical Volume
lvresize /dev/xvda2 -l +100%FREE       <-- Resize Logical Volume
resize2fs /dev/VolGroup/lv_root        <-- Resize File System

 

Example:

All the keys and command that were hit and executed are in bold.

[root@localhost ~]# fdisk /dev/xvda

WARNING: DOS-compatible mode is deprecated. It's strongly recommended to
         switch off the mode (command 'c') and change display units to
         sectors (command 'u').

Command (m for help): p

Disk /dev/xvda: 12.9 GB, 12884901888 bytes
255 heads, 63 sectors/track, 1566 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00066ace

    Device Boot      Start         End      Blocks   Id  System
/dev/xvda1   *           1          64      512000   83  Linux
Partition 1 does not end on cylinder boundary.
/dev/xvda2              64        1045     7875584   8e  Linux LVM
Command (m for help): d
Partition number (1-4): 2

Command (m for help): p

Disk /dev/xvda: 12.9 GB, 12884901888 bytes
255 heads, 63 sectors/track, 1566 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00066ace

    Device Boot      Start         End      Blocks   Id  System
/dev/xvda1   *           1          64      512000   83  Linux
Partition 1 does not end on cylinder boundary.

Command (m for help): n
Command action
   e   extended
   p   primary partition (1-4)
p
Partition number (1-4): 2
First cylinder (64-1566, default 64): 
Command (m for help): p

Disk /dev/xvda: 12.9 GB, 12884901888 bytes
255 heads, 63 sectors/track, 1566 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00066ace

    Device Boot      Start         End      Blocks   Id  System
/dev/xvda1   *           1          64      512000   83  Linux
Partition 1 does not end on cylinder boundary.
/dev/xvda2              64        1566    12065871   83  Linux

Command (m for help): wq
The partition table has been altered!

Calling ioctl() to re-read partition table.

WARNING: Re-reading the partition table failed with error 16: Device or resource busy.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.
[root@localhost ~]# reboot

Show the current size of the Physical Volume

pvdisplay
[root@localhost ~]# pvdisplay
  --- Physical volume ---
  PV Name               /dev/xvda2
  VG Name               VolGroup
  PV Size               7.51 GiB / not usable 3.00 MiB
  Allocatable           yes (but full)
  PE Size               4.00 MiB
  Total PE              1922
  Free PE               0
  Allocated PE          1922
  PV UUID               zKmGEt-Uf0A-I14h-NDYc-53rf-micT-VxNqsP
   
[root@localhost ~]#

Resize the Phisical Volume

pvresize /dev/xvda2
[root@localhost ~]# pvresize /dev/xvda2
  Physical volume "/dev/xvda2" changed
  1 physical volume(s) resized / 0 physical volume(s) not resized
[root@localhost ~]#

Run pvdisplay again.  You should see more space under PV Size.

[root@localhost ~]# pvdisplay
  --- Physical volume ---
  PV Name               /dev/xvda2
  VG Name               VolGroup
  PV Size               11.51 GiB / not usable 2.08 MiB
  Allocatable           yes 
  PE Size               4.00 MiB
  Total PE              2945
  Free PE               1023
  Allocated PE          1922
  PV UUID               zKmGEt-Uf0A-I14h-NDYc-53rf-micT-VxNqsP
   
[root@localhost ~]#

Notice the “Free PE” section above.  If it says 0 then you won’t be able to run the next command.

Resize LVM

the “+100%FREE” part of the command tells it to uses up all of the free space available

lvresize /dev/VolGroup/lv_root -l +100%FREE
[root@localhost ~]# lvresize /dev/VolGroup/lv_root -l +100%FREE
  Extending logical volume lv_root to 10.71 GiB
  Logical volume lv_root successfully resized
[root@localhost ~]#

Resize the File System

resize2fs /dev/VolGroup/lv_root
[root@localhost ~]# lvresize /dev/VolGroup/lv_root -l +100%FREE
  Extending logical volume lv_root to 10.71 GiB
  Logical volume lv_root successfully resized
[root@localhost ~]#

And that is it.  Check out the extra space.

[root@localhost ~]# df -h /
Filesystem                    Size  Used Avail Use% Mounted on
/dev/mapper/VolGroup-lv_root   11G  733M  9.3G   8% /
[root@localhost ~]# exit

 

 

How to Backup and Restore UniFi data from the Command Line

Backup

backup the UniFi directory

tar zcvf unifi-backup.tgz /usr/UniFi/

Move the tar archive off site.

Restore

Upload the backup file to the server.

Note: You will need to have the UniFi controller install already.

Copy the archive to the root directory and then extract it.

mv unifi-backup.tgz /
cd /
tar zxvf unifi-backup.tgz

Reboot the server and login to the UniFi controller.

reboot