Sunday, March 28, 2021

rdesktop rdp client

 

for some reason the remmina rdp isn't working with linux clients (Raspbian version, latest as of March 2021).

There's a command line invoked utility, rdesktop that works well.

rdesktop -u <user id> <ip or dns name>

the -f will launch at the full screen of the local client screen.  <ctl><alt><enter> exits full screen so you can exit rdesktop.  Works fine with windows and linux systems rdp servers.

sudo apt install -y rdesktop
sudo dnf install rdesktop  <centos 8 and RHEL 8>
sudo yum install rdesktop <fedora, other RHEL>

https://www.tecmint.com/rdesktop-connect-windows-desktop-from-linux/

--30--


Monday, March 22, 2021

reset password and keyring pass phrase on fedora. Also change hostname


Fedora can have the password reset for root (when the logins are unknown) or access to root to reset the passwords if necessary with a mod to the grub entry that boots the system.

Break into the system (using grub entry edit)

https://docs.fedoraproject.org/en-US/quick-docs/reset-root-password/

  1. Use the arrow keys to select the boot entry you want to edit

  2. Press e to edit that entry

  3. Use the arrow keys to go to the line that starts with linuxlinux16, or linuxefi

  4. Go the the end of that line, add a space then type rw init=/bin/bash. If your disk is encrypted, you may need to add plymouth.enable=0

  5. Press Ctrl-x or F10 to boot that entry

  6. Run the command:

    passwd

    It will prompt you to enter the new root password twice.

  7. Restore the SELinux context and permissions with:

    touch /.autorelabel
  8. Reboot the machine with:

    /sbin/reboot -f

I was fortunate to not only have a rescue mode boot entry (which still booted before the above procedure as normal) so didn't have to resort to the "Live Disk" procedure.  Refer to the link above for that procedure.

Once that is done, if auto login is set up, sometimes the pass phrase is locked for the keyring.  Some secret keys are stored in that structure, and it is protected before one can log in by a pass phrase.

 The Keyring may either be deleted (and subsequently have to reenter some previous logins), or if one can get to a gui there is a formula for resetting the passphrase for a users keyring.

https://www.linuxquestions.org/questions/ubuntu-63/any-way-to-change-the-gnome-keyring-password-410266/

root@debian:~# rm -r /home/USERDIR/.local/share/keyrings

 If the autologin is set, and you get stuck when your account automatically logs in, you get stuck at a page demanding the passphrase before your desktop can function.  Pretty much have to delete the key file and follow tat formula.

 Also need to change the hostname.

https://www.cyberciti.biz/faq/howto-change-hostname-in-fedora-linux-permanently/

show hostname

hostnamectl

change hostname

hostnamectl set-hostname new-name


--30--

Saturday, March 13, 2021

install squirrelmail postfix, etc for server for outward facing mail retrieval

 

https://peppe8o.com/mailserver-on-raspberry-pi-with-postfix-dovecot-and-squirrelmail/

 

 

Private mail server on Raspberry PI with Postfix, Dovecot and Squirrelmail

Check my RPI articles in Best Raspberry PI projects article or peppe8o.com home page. Or subscribe my newsletter (top right in this page) to be notified when new projects are available! Also interested to start 3D printing with a cheap budget? Visit my cheap 3D printers list
5
(2)

Today we are used to send and receive email from internet by the great number of providers offering free mailbox services (Gmail, Hotmail, etc). However it could interesting (and funny) setting up a private email server at your home able to provide privacy to your messages (your mail will reside in your Raspberry PI server).

This week my challenge has been building a basic mail server with a web interface able to accomplish simple works expected from this service: sending and receiving email. Bonus, this will be set up on a 30$ hardware plus a smartphone charger 😀

RPI 3 model A+

Going directly to the article, this is intended for medium-low experienced people, able just to work with an ssh connection to a debian OS. If you want to study in deep components features and details, you can check their official sites:

What We Need

Before starting, we must take in consideration a few factors:

  • if you want to receive emails from internet, you must have a Domain registered (may also be one of those of No-IP free service). You could also need to consider networking tasks (firewall management, port forwarding, etc), but in a standard environment you should be able to send and receive mail inside your network and (at least) sending mail to external addresses
  • consider that Raspberry Pi Zero W has very poor hardware. Even if this procedure has been tested by me and is working, you could experience a bit of latency on terminal after postfix installation. However, you can test also this procedure on Raspberry PI 3 Model A+, Raspberry Pi 3 Model B or Raspberry Pi 4 Model B to improve performances
  • this is a test context, so no security features (antispam, antivirus, etc) has been deployed. For production environments you should consider adding security components

That said, we’ll start from very cheap hardware. I suggest adding to your shopping chart all needed hardware, so that at the end you will be able to evaluate overall costs and decide if continuing with the project or removing them from shopping chart.

We’ll use for our mailserver a generic FQDN “example.com“, that must be changed with whatever you decide to use (“example.com” must be changed with your domain name). So, mail addresses will appear something like user@example.com.

 

Step-by-step guide

Start from a fresh Raspberry PI OS Lite installation.

Connect via SSH to our Raspberry and, after login, update your system. From termina, use following command:

sudo apt update -y && sudo apt upgrade -y

Installing Postfix

Postfix is the default Mail Transfer Agent (MTA) for Ubuntu (the most known Debian distro). It is used to route email messages between different computers.

In this first installation process a few setup questions will be prompted to you. Use default settings, it will be completely configured in next step. To install it:

sudo apt install postfix

Now we’ll go to detail configurations. From terminal:

sudo dpkg-reconfigure postfix

After first setup notification, insert the following details when asked (replacing <admin_user_name> and server.example.com with your domain name if you have one):

  • General type of mail configuration: Internet Site
  • System mail name: example.com
  • Root and postmaster mail recipient: <admin_user_name>
  • Other destinations for mail: server.example.com, example.com, localhost.example.com, localhost, raspberrypi
  • Force synchronous updates on mail queue?: No
  • Local networks: 127.0.0.0/8
  • Mailbox size limit (bytes): 0
  • Local address extension character: +
  • Internet protocols to use: all

Now is a good time to decide which mailbox format you want to use. By default Postifx will use mbox for the mailbox format. Rather than editing the configuration file directly, you can use the postconf command to configure all postfix parameters. The configuration parameters will be stored in /etc/postfix/main.cf file. Later if you wish to re-configure a particular parameter, you can either run the command or change it manually in the file.

To configure the mailbox format for Maildir:

sudo postconf -e 'home_mailbox = Maildir/'

You may need to issue this as well:

sudo postconf -e 'mailbox_command ='

Note: This will place new mail in /home/username/Maildir so you will need to configure your Mail Delivery Agent to use the same path.

Configure Postfix to do SMTP AUTH using SASL (saslauthd):

sudo postconf -e 'smtpd_sasl_local_domain ='
sudo postconf -e 'smtpd_sasl_auth_enable = yes'
sudo postconf -e 'smtpd_sasl_security_options = noanonymous'
sudo postconf -e 'broken_sasl_auth_clients = yes'
sudo postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
sudo postconf -e 'inet_interfaces = all'

Next edit smtpd.conf:

sudo nano /etc/postfix/sasl/smtpd.conf

and add the following lines:

pwcheck_method: saslauthd
mech_list: plain login

Generate certificates to be used for TLS encryption and/or certificate Authentication (launch each command line by line and insert user description when required at your choise):

touch smtpd.key
chmod 600 smtpd.key
openssl genrsa 1024 > smtpd.key
openssl req -new -key smtpd.key -x509 -days 3650 -out smtpd.crt

Last command will require you some preferences to create your Distinguished Name. Compile them according your preferences. Now following command:

openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

This command will again ask you for a PEM passphrase (at your choice) and again your Distinguished Name configuration. Move keys to ssl folder:

sudo mv smtpd.key /etc/ssl/private/
sudo mv smtpd.crt /etc/ssl/certs/
sudo mv cakey.pem /etc/ssl/private/
sudo mv cacert.pem /etc/ssl/certs/

Configure Postfix to do TLS encryption for both incoming and outgoing mail (remember to modify last command with your hostname):

sudo postconf -e 'smtp_tls_security_level = may'
sudo postconf -e 'smtpd_tls_security_level = may'
sudo postconf -e 'smtpd_tls_auth_only = no'
sudo postconf -e 'smtp_tls_note_starttls_offer = yes'
sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/smtpd.key'
sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt'
sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'
sudo postconf -e 'smtpd_tls_loglevel = 1'
sudo postconf -e 'smtpd_tls_received_header = yes'
sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
sudo postconf -e 'tls_random_source = dev:/dev/urandom'
sudo postconf -e 'myhostname = example.com' # remember to change this to yours

Restart the postfix daemon:

sudo systemctl restart postfix.service

Next steps are to configure Postfix to use SASL for SMTP AUTH.

First you will need to install the libsasl2-2, sasl2-bin and libsasl2-modules from the Main repository [i.e. sudo apt-get install them all].

sudo apt install libsasl2-2 sasl2-bin libsasl2-modules

We have to change a few things to make it work properly. Because Postfix runs chrooted in /var/spool/postfix we have to change a couple of paths to live in the false root. (ie. /var/run/saslauthd becomes /var/spool/postfix/var/run/saslauthd):
First, we edit /etc/default/saslauthd in order to activate saslauthd. Remove # in front of START=yes, add the PWDIR, PARAMS, and PIDFILE lines and edit the OPTIONS line at the end:

sudo nano /etc/default/saslauthd

so that not commented lines appears like the following:

START=yes
PWDIR="/var/spool/postfix/var/run/saslauthd"
PARAMS="-m ${PWDIR}"
PIDFILE="${PWDIR}/saslauthd.pid"
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="pam"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"

Next, we update the dpkg “state” of /var/spool/postfix/var/run/saslauthd. The saslauthd init script uses this setting to create the missing directory with the appropriate permissions and ownership:

sudo dpkg-statoverride --force-all --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd

This could give a warning that “–update given” and the “/var/spool/postfix/var/run/saslauthd” directory does not exist. You can ignore this because when you start saslauthd next it will be created. Finally, start saslauthd:

sudo systemctl start saslauthd.service

Installing Mail Delivery Agent (Dovecot)

In order to allow you or others to download email from other locations, you need to setup an IMAP or POP3 server.

The installation is extremely simple, just install the following packages:

  • dovecot-imapd
  • dovecot-pop3d

From terminal:

sudo apt install dovecot-imapd dovecot-pop3d

Let’s select protocols to be enabled when dovecot is started

sudo nano /etc/dovecot/dovecot.conf

add at the end of file the following lines:

protocols = pop3 pop3s imap imaps
pop3_uidl_format = %08Xu%08Xv
mail_location = maildir:/home/%u/Maildir

It is necessary to set mail_location in /etc/dovecot/conf.d/10-mail.conf or comment the line out. 10-mail.conf will override the mail_location in dovecot.conf:

sudo nano /etc/dovecot/conf.d/10-mail.conf

and change the following line:

mail_location = mbox:~/mail:INBOX=/var/mail/%u

to the following:

mail_location = maildir:~/Maildir

It’s a good idea to pre-create the Maildir for future users:

sudo maildirmake.dovecot /etc/skel/Maildir
sudo maildirmake.dovecot /etc/skel/Maildir/.Drafts
sudo maildirmake.dovecot /etc/skel/Maildir/.Sent
sudo maildirmake.dovecot /etc/skel/Maildir/.Trash
sudo maildirmake.dovecot /etc/skel/Maildir/.Templates

Let’s create a sample user with our pi default user:

sudo cp -r /etc/skel/Maildir /home/pi/
sudo chown -R pi:pi /home/pi/Maildir
sudo chmod -R 700 /home/pi/Maildir

Start dovecot:

sudo systemctl start dovecot.service

Install Webmail (Squirrelmail)

Finally, we’re going to install our webmail application.
We need to start from Apache2 installation:

sudo apt install apache2

Because of some php5 dependencies, we need to enable jessie repository before proceeding in squirrelmail installation:

sudo nano /etc/apt/sources.list

add the following line to the end:

deb http://mirrordirector.raspbian.org/raspbian/ jessie main contrib non-free rpi

update packages list:

sudo apt-get update

Now we can install squirrelmail packages:

sudo apt-get install squirrelmail

Squirrelmail comes with a sample apache configuration file in /etc/squirrelmail/apache.conf. You can copy this file to /etc/apache2/sites-available/squirrelmail with the command:

sudo cp /etc/squirrelmail/apache.conf /etc/apache2/sites-available/squirrelmail.conf

then link it to the sites-enabled directory with the command:

sudo ln -s /etc/apache2/sites-available/squirrelmail.conf /etc/apache2/sites-enabled/squirrelmail.conf

Reload Apache Configuration:

sudo /etc/init.d/apache2 force-reload

Now test logging with a browser to “http://<<yourserver>>/squirrelmail” and using you “pi” user and password.
Enjoy!
PS: as said, be aware of

  • to receive mails from internet, you must set a port forwarding rule on your router with port 25 (UDP and TCP) forwarded to your RPI server
  • this is a test environment, it is strongly recommended to improve security, antivirus and antispam for production environments
  • Raspberry PI Zero W hardware is really poor. It seems to work with low loads, but it has to be tested with increasing traffic and antispam enabled
  • mail sent can be classified as “spam” by some mail providers (Gmail, hotmail, etc), so if you test your configuration, check recipients Spam directory

 

 

 
 
--30--

Tuesday, March 2, 2021

Clean up the output of rsync to get rid of the useless directores with no change.

 

https://stackoverflow.com/questions/8580873/do-not-show-directories-in-rsync-output

cefn@cefn-natty-dell:~$ mkdir rsynctest
cefn@cefn-natty-dell:~$ cd rsynctest/
cefn@cefn-natty-dell:~/rsynctest$ mkdir 1
cefn@cefn-natty-dell:~/rsynctest$ mkdir 2
cefn@cefn-natty-dell:~/rsynctest$ mkdir -p 1/first 1/second
cefn@cefn-natty-dell:~/rsynctest$ touch 1/first/file1
cefn@cefn-natty-dell:~/rsynctest$ touch 1/first/file2
cefn@cefn-natty-dell:~/rsynctest$ touch 1/second/file3
cefn@cefn-natty-dell:~/rsynctest$ touch 1/second/file4

cefn@cefn-natty-dell:~/rsynctest$ rsync -r -v 1/ 2
sending incremental file list
first/
first/file1
first/file2
second/
second/file3
second/file4

sent 294 bytes  received 96 bytes  780.00 bytes/sec
total size is 0  speedup is 0.00


cefn@cefn-natty-dell:~/rsynctest$ rsync -r -v 1/ 2 | grep -E -v '/$'
sending incremental file list
first/file1
first/file2
second/file3
second/file4

sent 294 bytes  received 96 bytes  780.00 bytes/sec
total size is 0  speedup is 0.00

gets rid of the crap

example gets rid of crap.  the n parameter makes it a report instead of moving data.
cd <directory>
rsync -anzv ./misc/* /e13/misc| grep -E -v '/$'

 

 

--30--