We had a great walk through this month. Spencer showed off a way to setup his own NTP server in-house. The details are hosted on a private GITHUB site. If you want access to follow Spencer’s instructions, please join our SLACK chat at https://elugyeg.slack.com and contact Spencer for the access to his GITHUB.
Meetup
Posts in regards to our regular monthly meeting
ELUG Meetup: September 23, 2021
This month we had an open forum. The focus was on general networking. There were a few questions around DHCP and static IPs. Some basics around network protocols were discussed as well as how these were developed. A few of the items that came up were token ring networking, OCI, TCP, UDP to name a few.
If you want to take a look into our Nextcloud instance you can find that here:
ELUG Meetup: August 26, 2021
In our meeting on August 26 Spencer walked us through how to setup different machines and ensure that they are equipped with certificates. Once accessed with a browser these devices show up as “secure” where as the default behaviour would highlight the site as not secure.
A video of that session was recorded so if you want to take a look at look check that out here:
Spencer also was kind enough to provide a high level overview:
# "something about a self-signed certificate and pi-hole"
## Objective
---
As a user I want to view the pi-hole admin page using https instead of http. As the creator of a local certificate authority, I accept the risk of installing its certificate on my local devices.
## Requirements (prework)
---
1. Lessons 1.1, 1.2, and 1.3 from *resource #1*
1. Check the device hostname
1. Sync your clock
1. Review your OpenSSL configuration (openssl version -a)
1. Create a directory structure to store the keys, signing requests, and certs
1. Lock it down (chmod 600)
## Create the private key and cert for the CA
---
``` sh
# Create a private key for the CA
openssl genrsa -aes256 -out private/cakey.pem 4096
# Create a certificate for the CA
openssl req -new -x509 -key /root/ca/private/cakey.pem -out cacert.pem -days 3650 -set_serial 0
```
## Create the private key and cert for the pihole
---
``` sh
# Create a new private key
openssl genpkey -algorithm RSA -out /root/ca/private/my_server.key
# Create a new certificate signing request (CSR)
openssl req -new -key /root/ca/private/my_server.key -out /root/ca/requests/my_server.csr
# CA signing the CSR
openssl ca -in /root/ca/requests/my_server.csr -out /root/ca/certs/my_server_NO-SAN.crt
# CA signing the CSR with configuration file with X509v3 extensions to add
# NET::ERR_CERT_COMMON_NAME_INVALID is resolved by adding 'subjectAltName'
openssl ca -in /root/ca/requests/my_server.csr -extfile /root/ca/my_server.ext -out /root/ca/certs/my_server_SAN.crt
```
> my_server.ext
``` sh
subjectAltName = DNS:my_server.local, DNS:pi.hole, IP:10.0.0.10
```
### Checking the certificate
---
``` sh
# Check for SAN
openssl x509 -text -in /root/ca/certs/my_server_SAN.crt -noout
```
> Expected output should include:
``` sh
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:my_server.local, DNS:pi.hole, IP Address:10.0.0.10
```
## lighttpd config
---
``` sh
nano /etc/lighttpd/external.conf
```
``` sh
server.modules += ("mod_openssl")
$HTTP["host"] == "my_server.local" {
$SERVER["socket"] == ":443" {
ssl.engine = "enable" # basic option
ssl.pemfile = "/usr/lib/ssl/certs/my_server_SAN.crt" # basic option
# ssl.pemfile = "/usr/lib/ssl/certs/my_server_NO-SAN.crt"
ssl.privkey = "/usr/lib/ssl/private/my_server.key" # basic option
ssl.ca-file = "/usr/lib/ssl/certs/cacert.pem" # (deprecated) renamed ssl.verifyclient.ca-file (since 1.4.60)
}
}
```
## Resources
---
1. [OpenSSL Certification Authority (CA) on Ubuntu Server](https://networklessons.com/uncategorized/openssl-certification-authority-ca-ubuntu-server)
1. Prerequisites
1. hostname, /etc/hosts, and ntp
1. OpenSSL Configuration
1. Specify the path, generate cakey.pem & cacert.pem
1. Install cacert.pem on your client machine(s)
2. [Enabling HTTPS for your Pi-hole Web Interface](https://discourse.pi-hole.net/t/enabling-https-for-your-pi-hole-web-interface/5771)
1. Which config file to edit (/etc/lighttpd/external.conf)
3. [OpenSSL man pages - genpkey](https://www.openssl.org/docs/man1.1.1/man1/genpkey.html)
1. Generate a private key using genpkey;
4. [Lighttpd wiki #Self-Signed-Certificates](https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_SSL#Self-Signed-Certificates)
1. Used the 'Quick Start'
1. Tip: keep your lighttpd -version in mind
5. [Firefox no longer trusts my internal certificate authority used for internal sites on our domain.](https://support.mozilla.org/en-US/questions/1175296)
1. See also *security.enterprise_roots.enabled* on the about:config page.
ELUG Meetup: June 24, 2021
Topic: open forum, speed talks
Presenter: various
This meeting around we will try something different. Whoever wants and is prepared can talk about a LINUX topic for about 5 minutes. Everyone is welcome to do so or just listen if you prefer. No need to register any talk just come, join and talk about a topic, near and dear to your LINUX heart.
ELUG Meetup: May 27, 2021
In our latest edition of ELUG virtual meetups, Rajiv gave us some insights into awk.
A video of that session was recorded so if you want to take a look at look check that out here:
ELUG Meetup: April 22, 2021
In our latest edition of ELUG virtual meetups, Manuel walked the participants through the developments of services in regards to server infrastructure. From the initial “one machine, one task” philosophy to the development and advantages of virtualization to containerization of applications and container orchestration through kubernetes.
A video of that session was recorded so if you want to take a look at look check that out here:
Virtualization vs Containerization
The presentation can be found here:
ELUG Meetup: March 25, 2021
In our last meeting on March 25, Rajiv presented advanced concepts of VIM. He walked the participants through how and when using the mouse, search, replace, open documents in tabs, vertically split the screen an a lot more. Fortunately, Rajiv also recorded the session as it would be too much to document everything in a post.
If you want to take a look at how great vim can be head over to our Nextcloud instance and check out the video here:
ELUG Meetup: February 25, 2021
In our meeting, Rob provided the group with an overview on Regular Expression. Walking through what regular expressions are, Rob provided the basics to understand where these come from, where these are used and how they can be applied in the context of linux and programming.
The presentation can be accessed through the ELUG’s Nextcloud instance:
ELUG Meetup: January 28, 2021
In our last meeting Rajiv was kind enough to give a fantastic overview of all the functionality that vi/vim offers. With it’s advanced features vim offers a lot of options to read but more importantly to manipulate text documents, such as log files, scripts, programs and more. Here are some useful commands
The different modes of vim
Normal /command mode - (press <ESC> to get to this mode)
Ex/last line Mode - (press :)
Input mode - (press, i,I,a,A,o,O,s)
Input modes explained
:q - quit
:w - write (save)
:saveas - save as
:q! - quit without saving
:w! - write a read only file
:wq - Save and quit
:wq! - save a read only file and quit
ZZ - save and quit
o - opens a new line below the current cursor line
O - opens/inserts a new line above the current cursor line
vim can be intimidating at first. Once you get used to the tool Using vim is fairly simple and straight forward. In the normal mode you can enter certain syntax
[optional number] verb + nound – deletew - wordcombine them (dw) to delete word commands are repeat-able (.) and undo-able (u)
This syntax executes a command, in the above example deleting a word. If you put a number in front, for example 2, the command will delete 2 words.
How do you know what verbs to use? Here they come.
d - delete
c - change
v - visual select
y - yank (copy)
p - paste
>> - right indent
<< - left indent
Once you know how you can change a document it is time to look at how to get to the position that you want to got to. There are a few commands to move around in the document.
h - left
j - down
k - up
l - right
ctrl+u - Page up (80x24)
ctrl+d - Page dn (80x24)
ctrl+f - screen up
ctrl+b - Screen dn
^,0 - beginning of line
$ - end of line
gg - beginning of the file
G - end of the file
Lets look at an example how to use these movements. By entering 5j in the normal mode you will now move 5 lines down. Entering 10k moves your cursor 10 lines up.
Combining commands
Verbs can be combined. Lets take a look at some examples:
d$ - delete to end of line
y$ - yank/copy to end of line
#dd - delete # number of lines
#yy - yank # number of lines
Nouns
Where there are verbs there are nouns. vim offers the whole set of language. Let’s take a look at what nouns can be used in vim.
d - word
p - paragraph
b - back
iw - inner word (defines a region)
i - inner (can be used with pretty much anything)
ip - inner paragraph
a - around
as - around sentence
Parameterized Objects
f,F<phrase> - find (next character, capitals for backwards)
t,T<phrase> - find (up to but not including the next character)
/,?<phrase> - Search (up to next match)
/,?<phrase>\c - search but ignore case
n - next search item
N - previous search item
Examples:
Parameterized objects can be combined with other items.
“the quick brown fox jumped over the lazy sleeping dog“
Assuming the cursor is at the beginning of the line the command ctc will take cursor to the 1st c in the statement.
Advanced commands
:set number - absolute line number
:set relativenumber - set relative line number
ctrl+v - visual block
:set mouse+=a - enable mouse
:s/find/replace/g - find and replace string in a file
:s/find/replace/gc - same as above but interactive
:#,#s/find/replace/g - same as above within those lines
:set incsearch - incremental search
:set hlsearch - highlighted search
:noh - removes highlights
:sp - split windows (horizontally)
:vsp - split vertically
ctrl+w w - move cursor to next vim window
ctrl+w r - move the current window to vertically
ctrl+w x - move the current window to horizontally
:tabedit - open new vim tab
gt - move between tabs
:!<commmands> - run bash commands
:%!<commands> - run bash commands on current file
and return results back to vim buffer
~ - change case
q<character> - records macro
q - stops macro
@<character> - plays macro
q<character>q - clears a macro
|topic|, *topic* - create tags in a text file
:helptags ./ - create tags file
% - follow the parantheses, brackets
or quotes
J - join two lines
" - multiple clipboards
/pl[abc]ce - search for place, plbce, plcce
ctrl+p - in insert mode - complete the word
* - search for the current word
under the cursor
ctrl+o,ctrl+i - jump back and forward between open
files with e
:set ignorecase - ignore case
:'a,'bs/find/replace/g - find and replace between two mark
points marked 'a' and 'b' (mark with m)
"ay - copy to register 'a' (paste with "ap)
ELUG Meetup: December 17, 2020
Topic: general conversation
During December’s meetup no presentation was prepared. Instead the group discussed anything and everything on their “Linux-minds” at the time. The big hack of SolarWinds was a topic of course. The security breach impacted a lot of companies worldwide and some participants of the meeting had to do overtime because of the hack. The most interesting aspect was the longevity of the intrusion. The hackers had access to SolarWind’s systems since March of 2020 and were only caught late in the year.
There were some general questions asked by the participants and together as a group we tried to answer them as good as possible or to the best of knowledge available.
The meeting was finalized around 8:30pm.
The next meeting will happen on January 28, 2021 and be posted on ELUG.ca and on groups.io.