Enable Logging for firewalld

Enabling logging on firewall rules can be beneficial for tracking why a certain rule is not behaving as you intended.

Enabling logging is relatively straight forward.

  • Enable Firewall Logging
  • Check Logs
  • Disable Firewall Logging (Optional)

Enable Firewall Logging

Quickest way to enable logging is to run

sudo firewall-cmd --set-log-denied=all

This changes the options in the /etc/firewalld/firewalld.conf config file. Options include all, unicast, broadcast, multicast, and off

Enable Log option for firewalld

The command also reloads the firewall so manually restarting the firewall is necessary.

Checking Logs

You can use dmesg to view the failed attempts or you can follow the messages log and filter to just show the rejects

sudo tail -f /var/log/messages | grep -i REJECT

You can now try to access the server or run a test to trigger a log event. In my case I tried initiating a SSH connection.

Oct  1 16:32:10 localhost kernel: FINAL_REJECT: IN=eno1 OUT= MAC=f8:ab:98:12:fe:11:a1:ec:a6:00:67:3e:97:00 SRC=192.168.1.1 DST=192.168.88.2 LEN=60 TOS=0x08 PREC=0x40 TTL=59 ID=43080 DF PROTO=TCP SPT=38192 DPT=22 WINDOW=52240 RES=0x00 SYN URGP=0

Interesting bits are bolded. Our destination port it 22 “ssh” and our source address is 192.168.1.1. If I want this IP to access the server, I’ll need to add the 192.168.1.1 IP range in the allowed IP ranges.

Disable Logging (Optional)

After you have finished troubleshooting your problem, you may want to turn the logging feature off so you don’t fill up the logs with failed entries.

You can turn it off with

sudo firewall-cmd --set-log-denied=off

We can verify that logging is off by running

sudo firewall-cmd --get-log-denied 

If the firewall logging option is off it will return “off”

The following site has some more information and alternative ways

https://www.cyberciti.biz/faq/enable-firewalld-logging-for-denied-packets-on-linux/

Set coolbits value on Fedora Linux

You sometimes need to set the coolbits value to overclock your GPU on Linux

You’ll need to install nvidia-xconfig

sudo dnf install nvidia-xconfig

Then you can set the cool bits value with the following command. Change 24 to the appropriate cool bits value. Refer to the link below.

sudo nvidia-xconfig --cool-bits=28

It’ll create a new xorg config file. Reboot to take advantage of cool bits being enabled.

https://wiki.archlinux.org/title/NVIDIA/Tips_and_tricks#Enabling_overclocking

LibreNMS Error Running ./validate.php – Database: incorrect column…

LibreNMS error while running ./validate.php

Recently I started getting the following error while running ./validate.php.

$ sudo -u librenms ./validate.php
====================================
Component | Version
--------- | -------
LibreNMS  | 21.8.0-41-g0a76ca4
DB Schema | 2021_08_26_093522_config_value_to_medium_text (217)
PHP       | 7.4.20
Python    | 3.6.8
MySQL     | 10.5.10-MariaDB
RRDTool   | 1.4.8
SNMP      | NET-SNMP 5.7.2
====================================

[OK]    Composer Version: 2.1.6
[OK]    Dependencies up-to-date.
[OK]    Database connection successful
[FAIL]  Database: incorrect column (notifications/datetime)
[FAIL]  Database: incorrect column (users/created_at)
[FAIL]  We have detected that your database schema may be wrong, please report the following to us on Discord (https://t.libren.ms/discord) or the community site (https://t.libren.ms/5gscd):
        [FIX]:
        Run the following SQL statements to fix.
        SQL Statements:
         SET TIME_ZONE='+00:00';
         ALTER TABLE `notifications` CHANGE `datetime` `datetime` timestamp NOT NULL DEFAULT '1970-01-02 00:00:00' ;
         ALTER TABLE `users` CHANGE `created_at` `created_at` timestamp NOT NULL DEFAULT '1970-01-02 00:00:01' ;

Reading online it sounds like some of the recent changes are causing the issue. Looks fairly easy to resolve though.

First we’ll need to get a MySQL prompt. We’ll do that by running

mysql -u librenms -p librenms

It’ll ask use for the librenms user’s mysql password.

Once we have the MySQL prompt we can just copy and paste the commands in.

SET TIME_ZONE='+00:00';
ALTER TABLE `notifications` CHANGE `datetime` `datetime` timestamp NOT NULL DEFAULT '1970-01-02 00:00:00' ;
ALTER TABLE `users` CHANGE `created_at` `created_at` timestamp NOT NULL DEFAULT '1970-01-02 00:00:01' ;

Type ‘quit’ to exit MySQL and lets run the validate script again.

sudo -u librenms ./validate.php

Everything should check out OK.

Using sed to format a phone number

Formatting an unformated “phone” number using sed.

There may be a different and easier way to do this, but the main thing to learn here is the ^, $, and [[:digit:]] options.

^ refers to the first part of a line
& which is our searched for pattern
$ refers to an end part of the line
[[:digit:]] searches for, you guessed it. Digits!

The following command reads the incoming 10 digit number form echo and does the following.

the ^ tells it that the pattern needs to match at the beginning of the line
[[:digit:]] repeated tells it to search for three consecutive digits
(&) tells it to put brackets around the & which is our searched for pattern in the first part.
We then pipe that to another sed command which
searches for 4 consecutive digits
the $ tells it that it needs to be at the end of the line.

echo "1234567890" | sed -e 's/^[[:digit:]][[:digit:]][[:digit:]]/(&) /g' | sed -e 's/[[:digit:]][[:digit:]][[:digit:]][[:digit:]]$/-&/g'

Resulting output is

(123) 456-7890

The following link was helpful while searching what the ^ and $ options do.

https://www.computerhope.com/unix/used.htm

Ping multiple IP addresses to see if they are up or down

An easy way to do this is by using fping. fping is a little bit easier ping utility to use then normal ping when trying to verify that a host is actually down.

By default fping returns if a host is “alive” or “unreachable”

Example:

$ fping 192.168.1.4
192.168.1.4 is alive

Or for a host that is down it returns something like the following

$ fping 192.168.1.5
ICMP Host Unreachable from 192.168.1.2 for ICMP Echo sent to 192.168.1.5
ICMP Host Unreachable from 192.168.1.2 for ICMP Echo sent to 192.168.1.5
ICMP Host Unreachable from 192.168.1.2 for ICMP Echo sent to 192.168.1.5
ICMP Host Unreachable from 192.168.1.2 for ICMP Echo sent to 192.168.1.5
192.168.1.5 is unreachable

You can adjust the retry rate with the -r option, default is 3 which it has multiple of the Host Unreachable lines. Changing it to 1 or 2 gets rid of those lines so it just shows that the host is unreachable.

$ fping -r 1 192.168.1.5
192.168.1.5 is unreachable

Ping multiple addresses

Fortunately pinging multiple addresses with fping is as easy as adding them to the end of the command. For example

fping -r1 192.168.1.1 192.168.1.2

will ping both the specified addresses one after the other and print the results to the terminal.

Example:

$ fping -r 192.168.1.1 192.168.1.10 192.168.1.45  
192.168.1.1 is alive
192.168.1.10 is alive
192.168.1.45 is unreachable

Snapper reverting changes on Fedora

List snapper BTRFS snapshots with

snapper list

If you are in recovery mode on Fedora, add –no-dbus right after the snapper command. e.g.

snapper --no-dbus list

You can use the diff command to list the changes that happened between snapshots.

snapper --no-dbus diff 108..109

And to undo a change or all the changes between a snapshot, do the following. Where 108..109 are all the changes you want to remove. So essentially going back to snapshot 108.

snapper --no-dbus -v undochange 108..109

https://documentation.suse.com/sles/11-SP4/html/SLES-all/cha-snapper.html

Installing a specific package version on Ubuntu

On Ubuntu and potentially other Debian based distributions, you can check the available versions of a package with the apt show command

apt show -a

Example showing firefox versions

~$ apt show -a firefox
Package: firefox
Version: 87.0+build3-0ubuntu0.20.04.2
Priority: optional
Section: web
Origin: Ubuntu
Maintainer: Ubuntu Mozilla Team <ubuntu-mozillateam@lists.ubuntu.com>
..................
 More information
..................

Package: firefox
Version: 75.0+build3-0ubuntu1
Priority: optional
Section: web
Origin: Ubuntu
Maintainer: Ubuntu Mozilla Team <ubuntu-mozillateam@lists.ubuntu.com>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
..................

To install a specific version, use the version number

sudo apt install firefox=75.0+build3-0ubuntu1

Error: Could not create the Java Virtual Machine

Apparently on some versions of Java checking the Java version will give you the following error.

root@local:~# java -v
Unrecognized option: -v
Error: Could not create the Java Virtual Machine.
Error: A fatal exception has occurred. Program will exit.
root@local:~#

The issue being the -v or –version options are not recognized. On newer versions of Java it is recognized.

The proper way to do it is -version with only one dash

root@local:~# java -version
openjdk version "1.8.0_252"
OpenJDK Runtime Environment (build 1.8.0_252-8u252-b09-1ubuntu1-b09)
OpenJDK 64-Bit Server VM (build 25.252-b09, mixed mode)
root@local:~#

https://askubuntu.com/questions/324858/installed-jdk-by-and-have-error-could-not-create-the-java-virtual-machine