A Simple Python script to blink a Raspberry Pi LED.
import RPi.GPIO as GPIO
from time import sleep
GPIO.setwarnings(False)
GPIO.setmode(GPIO.BOARD) # Uses the physical pin numbering
GPIO.setup(7, initial=GPIO.LOW) # Set GPIO pin to off
while True:
GPIO.output(7, GPIO.HIGH)
sleep(0.2)
GPIO.output(7, GPIO.LOW)
sleep(0.2)
Change pin numbers as needed.
We can also do this with BASH.
You can install audit2why by installing the policycoreutils package
sudo dnf install policycoreutils-python-utils
Show what and why something is failing
audit2why < /var/log/audit/audit.log
Search with ausearch
ausearch -m avc --start recent
Create and apply a module to fix the failure
This creates two files, a .pp and .te. The .pp is the compiled version of the .te
audit2allow -M mymodule < /var/log/audit/audit.log
semodule -i mymodule.pp
Note that “mymodule.pp” will replace any previous “mymodule.pp”. If your needing to create multiple modules/allow multiple exceptions, you can change the name of each module.
You can also add the rules together then manually compile it. Refer to the first link for more details.
Links with more info
https://danwalsh.livejournal.com/24750.html
systemctl status peertube shows the following error.
Error: ENOENT: no such file or directory, open ‘/var/www/peertube/storage/tmp/plugins-global.css’
Looks like an error because the global.css file is not there. You can temporarily fix the issue by creating the file.
su peertube
touch /var/www/peertube/storage/tmp/plugins-global.css
Probably an issue with a plugin being installed or something of the sort.
There are some differences on setting up RRDReST on CentOS 8, Almalinux 9 vs CentOS 7
If you are setting this up to use with LibreNMS and Grafana, check out the rest of the this article. https://www.incredigeek.com/home/setting-up-grafana-on-librenms/
All the docker commands have been swapped out for podman.
Podman is default on CentOS 8 and later and is, for the most part, a drop in replacement for Docker.
sudo yum install -y podman podman-compose sudo systemctl enable podman
Create a Podman / Docker network to use. We’ll use this to assign a static IP address to the container. We’ll call the network rrdnet, and we’ll use the 10.89.2.0/24 range.
sudo podman network create --subnet=10.89.2.0/24 rrdnet
Create a docker compose file
vi podman-compose.yml
Add the following
version: "3.5"
services:
rrdrest:
image: michaelwadman/rrdrest:latest
container_name: rrdrest
restart: always
volumes:
- "/opt/librenms/rrd:/opt/librenms/rrd:Z"
environment:
- TZ=America/Denver
networks:
rrdnet:
ipv4_address: 10.89.2.2
ipam:
driver: default
config:
- subnet: 10.89.2.0/24
networks:
rrdnet:
external: true
Change the TZ to your time zone. If you have issues with the graphs, most likely something is off with the time zone between this container and Grafana/LibreNMS server
Note that the :Z is needed for SELinux to allow RRDReST to access the sub folders. AKA. the rrd files.
The container should have a 10.89.2.2 IP address. You can take all the networking sections out, and the container will receive DHCP. The problem is that the IP can change, breaking our graphs in Grafana.
Save the file. Then start and setup the container with
sudo podman-compose up -d
You will need your docker container IP address to setup the connection in Grafana. If you used the above docker-compose config, then it should be 10.89.2.2.
sudo docker exec -it rrdrest ip addr | grep eth0
The “restart: always” option does not appear to work on systems with podman. We can create a systemd service instead.
Use the following command to automatically create a systemd file.
sudo podman generate systemd rrdrest
Copy the contents to a new file in /etc/systemd/system/
/etc/systemd/system/rrdrest.service
If you end up deleting the rrdrest container, you’ll need to update the systemd file again. You may need also need to run “systemctl daemon-reload”
Enable the new service with
systemctl enable rrdrest
Congratulations. RRDReST is now setup and running.
You can verify it’s running by checking with Podman / Docker.
sudo podman ps
You can also ping it
ping 10.89.2.2
In Firewalld we can use multiple zones for different types of traffic. For instance, we can setup an “internal” zone with our local IP addresses that are trusted, and then setup the public facing interface to the “drop” or “block” zone to block everything not from our internal network.
Add all of our trusted IP addresses to the internal zone. The following example adds all of the private IP addresses “RFC 1918” to the internal zone. Change as needed.
firewall-cmd --zone=internal --add-source=192.168.0.0/16 --add-source=172.16.0.0/12 --add-source=10.0.0.0/8 --permanent
Next we need to specify which services or ports should be accessible in our trusted zone.
Here is an example to allow https, ssh, and cockpit services
firewall-cmd --zone=internal --add-service=https --add-service=ssh --add-service=cockpit --permanent
Here is an example to allow port 8080 tcp
firewall-cmd --zone=internal --add-port=8080/tcp --permanent
The final configuration piece we need to do is set the default zone. Anything not specified in other zones will get processed by the default zone.
firewall-cmd --set-default-zone=drop
The drop zone drops everything.
Reload the firewall with
firewall-cmd --reload
Let’s verify the changes with the firewall-cmd –get-active-zones command
# firewall-cmd --get-active-zones drop interfaces: en0 internal sources: 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8
You can also use
firewall-cmd --list-all-zones
to list all the zones. Active zones show (active) next to them.
You can verify that your changes worked by doing an internal and external nmap scan.
If you have issues with services still being accessible from the outside, try disabling Network Manager for that specific interface
You can edit the ifcfg-eth0 file and add
NM_CONTROLLED=no
With REHL 9 and AlmaLinux 9 and presumably other RedHat derivative, DES is no longer available for net-snmp communication. DES or Data Encryption Standard is an old encryption standard and has been superseded by AES.
So when you try running snmpwalk with “-x DES” option, you get the following error
Invalid privacy protocol specified after -3x flag: DES USAGE: snmpwalk [OPTIONS] AGENT [OID] Version: 5.9.1
To fix the issue, you’ll need to upgrade your devices to AES.
https://serverfault.com/questions/1119288/snmp-des-algorithm-no-longer-working
The local team wizard Mark, ran into some issues while trying to setup a system with AlmaLinux 9. Tar wasn’t installed! What?! No worries. We can solve this by just installing tar with dnf. While we are at it, lets install some other helpful utilities.
sudo dnf install -y tar wget htop
Tada! We are back in business.
If you are getting the following response when trying to use the yum or dnf command,
This system is not registered with an entitlement server. You can use subscription-manager to register.
Try editing the subscription-manager.conf file, and disable it by changing enable=1 to enable=0
sudo nano /etc/yum/pluginconf.d/subscription-manager.conf
After you may run
yum clean
That should take care of the problem.
Since Peertube uses a Postgres database, we can log in and manually do bulk changes to videos. Things like updating a channel ID, Category, or Privacy can all be easily changed and it is easy to do bulk changes.
Login as the peertube user via ssh
ssh peertube@peertube-ip
Connect to postgres
psql peertube_prod
View videos
select * from video;
There is a bit much information, lets clean it up a bit
select name,category,id,"channelId" from video;
View all the channels. The id field is the channelId that is used in the above video table.
select id,name from "videoChannel";
Change video channel
update video set "channelId" = 100 where id = 123;
Replace 100 with the actual channelId and 123 with the id of the video. Can use the above commands to find that info.
Change Privacy Settings
The privacy settings are what determine if a video is Public, Private etc.
The following command can update the privacy setting for a video
update video set privacy = 3 where id = 101;
There are 4 privacy settings. Change 3 to one of the following.
1 = Public
2 = Unlisted
3 = Private
4 = Internal
Change 101 to the video id you want to change.
You can change the privacy settings for all videos in a channel with something like the following
update video set privacy = 4 where "channelId" = 100;
Just is a “handy way to save and run project-specific commands.”
https://github.com/casey/just#installation
Just is similar to make. On Ubuntu you can install it from the Snap store, however you’ll need install it with the following options.
sudo snap install --edge just --classic