How to setup minicom on Linux for EdgeRoute from Ubnt (EdgeOS)

The edge router comes with a console port where you can see all the information from startup to any error message.

ubiquiti-edgerouter-lite

I have had some trouble finding linux on how to set the minicom to see what the router console looks like.
The correct settings go into the configuration file. /etc/minicom/minirc.dfl

pu port /dev/ttyUSB0
pu baudrate 115200
pu bits 8
pu parity N
pu stopbits 1
pu rtscts No
pu xonxoff No

source of information: here

On your linux may differ in serial port so i recommend you to look for it so:

root@debian:~# setserial -g /dev/ttyS[0123]
/dev/ttyS0, UART: 16550A, Port: 0x03f8, IRQ: 4
/dev/ttyS1, UART: unknown, Port: 0x02f8, IRQ: 3
/dev/ttyS2, UART: unknown, Port: 0x03e8, IRQ: 4
/dev/ttyS3, UART: unknown, Port: 0x02e8, IRQ: 3

I hope the information was helpful. An excellent day.

Yum update failed!

If you get next error:

–> Processing Dependency: libsemanage >= 2.5-13 for package: selinux-policy-3.13.1-229.el7_6.6.noarch
—> Package selinux-policy-targeted.noarch 0:3.13.1-192.el7_5.6 will be updated
—> Package selinux-policy-targeted.noarch 0:3.13.1-229.el7_6.6 will be an update
–> Processing Dependency: policycoreutils >= 2.5-24 for package: selinux-policy-targeted-3.13.1-229.el7_6.6.noarch
—> Package tzdata.noarch 0:2018f-2.el7 will be updated
—> Package tzdata.noarch 0:2018g-1.el7 will be an update
–> Finished Dependency Resolution
Error: Package: selinux-policy-3.13.1-229.el7_6.6.noarch (updates)
Requires: policycoreutils >= 2.5-24
Installed: policycoreutils-2.5-22.el7.x86_64 (@base)
policycoreutils = 2.5-22.el7
Error: Package: selinux-policy-targeted-3.13.1-229.el7_6.6.noarch (updates)
Requires: policycoreutils >= 2.5-24
Installed: policycoreutils-2.5-22.el7.x86_64 (@base)
policycoreutils = 2.5-22.el7
Error: Package: kernel-3.10.0-957.1.3.el7.x86_64 (updates)
Requires: linux-firmware >= 20180911-68
Installed: linux-firmware-20180220-62.2.git6d51311.el7_5.noarch (@updates)
linux-firmware = 20180220-62.2.git6d51311.el7_5
Available: linux-firmware-20180220-62.git6d51311.el7.noarch (base)
linux-firmware = 20180220-62.git6d51311.el7
Error: Package: selinux-policy-3.13.1-229.el7_6.6.noarch (updates)
Requires: libsemanage >= 2.5-13
Installed: libsemanage-2.5-11.el7.x86_64 (@base)
libsemanage = 2.5-11.el7
You could try using –skip-broken to work around the problem
You could try running: rpm -Va –nofiles –nodigest

Solutions for this in next pictures:

yum update

[root@cx21 ~]# yum clean all
[root@cx21 ~]# rm -rf /var/cache/yum

Unable to login to Roundcube: PHP Error: Failed to create a user record.

Error found in error logs:

[28-Nov-2018 14:14:25 +0200]: <4d284o3h> DB Error: [1364] Field 'alias' doesn't have a default value (SQL Query: INSERT INTO `users` (`created`, `last_login`, `username`, `mail_host`, `language`) VALUES (now(), now(), 'microsoft@orsharlogistic.ro', 'localhost', 'en_US')) in /var/www/html/roundcubemail-1.0.3/program/lib/Roundcube/rcube_db.php on line 543 (POST /?_task=login&_action=login)
[28-Nov-2018 14:14:25 +0200]: <4d284o3h> PHP Error: Failed to create new user in /var/www/html/roundcubemail-1.0.3/program/lib/Roundcube/rcube_user.php on line 686 (POST /?_task=login&_action=login)
[28-Nov-2018 14:14:25 +0200]: <4d284o3h> PHP Error: Failed to create a user record. Maybe aborted by a plugin? in /var/www/html/roundcubemail-1.0.3/program/include/rcmail.php on line 650 (POST /?_task=login&_action=login)

List from useres table in roundcube database.
MariaDB [roundcube]> describe users;
+----------------------+------------------+------+-----+---------------------+----------------+
| Field | Type | Null | Key | Default | Extra |
+----------------------+------------------+------+-----+---------------------+----------------+
| user_id | int(10) unsigned | NO | PRI | NULL | auto_increment |
| username | varchar(128) | NO | MUL | NULL | |
| mail_host | varchar(128) | NO | | NULL | |
| alias | varchar(128) | NO | MUL | NULL | |
| created | datetime | NO | | 1000-01-01 00:00:00 | |
| last_login | datetime | YES | | NULL | |
| language | varchar(5) | YES | | NULL | |
| preferences | text | YES | | NULL | |
| failed_login | datetime | YES | | NULL | |
| failed_login_counter | int(10) unsigned | YES | | NULL | |
+----------------------+------------------+------+-----+---------------------+----------------+

Solutions: Remove alias column from users table.

Connect database:
mysql -u root -p

Use database you need to make change:
MariaDB [(none)]> use roundcube;

Alter table users;
ALTER TABLE roundcube.users DROP COLUMN roundcube.users.alias;

Now problem solved !

 

Source: https://support.plesk.com/hc/en-us/articles/360005898674-Unable-to-login-to-Roundcube-PHP-Error-Failed-to-create-a-user-record

How to install Shrew Cisco VPN client in Ubuntu 16.04

Source of inspiration  for this page: https://github.com/lmmx/devnotes/wiki/Installing-Shrew-Soft-VPN-on-Linux

First Step: prepare for instalation!

apt-get install g++
apt-get install build-essential linux-headers-$(uname -r)
apt-get install flex
apt-get install libedit2 libedit-dev
apt-get install bison
apt-get install cmake
apt-get install openssl
apt-get install qt-sdk

Second step: Download and install ike from Shrew.
Go to page https://www.shrew.net/download/ike and download last version !

Unpacking the package

tar -zxvf ike-2.2.1-release.tgz
cd ike
cmake -DCMAKE_INSTALL_PREFIX=/usr -DQTGUI=YES -DETCDIR=/etc -DNATT=YES
make
make install

Now finish
### Start IKE daemon
## /home/$user/Documents/Lucian/Linux/ike/script/linux/iked start

You need to start ike daemon.
Now start client:
qikea &

Enjoy !

Setup Vacation on Postfixadmin 3.2 Centos 7.x

This year we set up a new server with Postfixadmin 3.2 and I recently also had to set the vacation module.
I want to outline how I’ve solved the problem that appears on setup.

1. Install perl library dependancies:

yum install perl-Email-Valid perl-Email-Sender perl-Email-Simple perl-Test-Email perl-Try-Tiny perl-MIME-Charset perl-MIME-EncWords perl-Log-Log4perl perl-Log-Dispatch perl-Test-mysqld

For Debian:

apt-get installlibmail-sender-perl
libdbd-mysql-perl libemail-valid-perl libmime-perl liblog-log4perl-perl
liblog-dispatch-perl libgetopt-argvfile-perl libmime-charset-perl
libmime-encwords-perl

2.  Add user and group, crete folder.
groupadd -r -g 65501 vacation
useradd -r -u 65501 -g vacation -d /var/spool/vacation -s /sbin/nologin vacation

mkdir /var/spool/vacation
cp /var/www/html/postfixadmin/VIRTUAL_VACATION/vacation.pl /var/spool/vacation
chown -R vacation:vacation /var/spool/vacation

chmod -R 750 /var/spool/vacation/vacation.pl

3. Setup script.

vim /var/spool/vacation/vacation.pl

our $db_type = ‘mysql’;
our $db_username = ‘postfix’;
our $db_password = ‘yourdbpasswd’;
our $db_name = ‘postfix’;

our $vacation_domain = ‘autoreply.yourdomain.com’;

close file with :wq

Setup config.local.php
vim /var/www/html/postfixadmin/config.local.php

$CONF[‘vacation’] = ‘YES’;
$CONF[‘vacation_domain’] = ‘autoreply.yourdomain.com’;

4. Config vacation in postfix

vim /etc/postfix/master.cf

add:

vacation unix – n n – – pipe
flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} — ${recipient}

( do not forget to add some space in front  “flags=….. ” )

Make sure you have this line in /etc/postfix/main.cf

transport_maps = hash:/etc/postfix/transport

vim /etc/postfix/transport

autoreply.domain.org    vacation:

Save file and close. After this:

postmap /etc/postfix/transport

Restart Postfix

systemctl restart postfix.service.

Follow these steps if you get an error in logs like this:

Aug 20 14:25:01 mail postfix/pipe[24086]: 43AF03E0B63: to=<lucian#domain.ro@autoreply.domain.ro>, orig_to=<lucian@domain.ro>, relay=vacation, delay=2, delays=1.4/0.01/0/0.56, dsn=5.3.0, status
=bounced (Command died with status 255: “/var/spool/vacation/vacation.pl”. Command output: Attribute (ssl) does not pass the type constraint because: Validation failed for ‘Bool’ with value “starttls” at
constructor Email::Sender::Transport::SMTP::new (defined at /usr/share/perl5/vendor_perl/Email/Sender/Transport/SMTP.pm line 200) line 98, <STDIN> line 38. Email::Sender::Transport::SMTP::new(‘Email::Sen
der::Transport::SMTP’, ‘HASH(0x433e128)’) called at /var/spool/vacation/vacation.pl line 474 main::send_vacation_email(‘lucian@domain.ro’, ‘lucian@domainsender.com’, ‘lucian@domain.ro’, ‘<b2f160c
a41b1e4773765ad634564ff1a@domainsender.com>’, 456, 0) called at /var/spool/vacation/vacation.pl line 657 )

Solution:

vim /var/spool/vacation/vacation.pl

and change

our $smtp_ssl = ‘ssl’
with
our $smtp_ssl = ‘0’

Free SSL for web, easy way !

I want say very short steps to make you page secure SSL with “Let’s Encrypt

Free-SSL
Free-SSL

Our case, we consider a server where we have ssh access, and we can modify configuration files from apache and restart services.

First step, install certbot.
yum install certbot

Second, request key for you webpage:
certbot certonly –webroot -w /var/www/html/roundcubemail/ -d webmail.your-domain.com

If you run for the first time here, you will get some questions:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to
cancel): postmaster@your-domain.com
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org

——————————————————————————-
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
——————————————————————————-
(A)gree/(C)ancel: A


Next step you will get the key !

IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/webmail.your-domain.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/webmail.your-domain.com/privkey.pem
Your cert will expire on 2018-10-07. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
“certbot renew”
– Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
– If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

Final step create you own VHOST config in web server.

webmail
<VirtualHost 192.168.0.1:443>
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/webmail.your-domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/webmail.your-domain.com/privkey.pem
ServerAdmin postmaster@your-domain.com
ServerName webmail.your-domain.com
DocumentRoot /var/www/html/roundcubemail
CustomLog /var/log/httpd/webmailssl_access.log common
ErrorLog /var/log/httpd/webmailssl_error.log
</VirtualHost>

and restart you apache server:  systemctl restart httpd

Postfix user sender resctriction

Hello all !

Today we want to restrict local user to send mail to more destinations!

1 First step

postconf -e 'smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/restricted_senders'
postconf -e 'smtpd_restriction_classes = local_only'
postconf -e 'local_only = check_recipient_access hash:/etc/postfix/local_domains, reject'

2. Step 2 Then create the file /etc/postfix/restricted_senders which looks similar to this one:

user@ceae.info        local_only
lucian@ceae.info       local_only

3. Final step Afterwards create /etc/postfix/local_domains which should look similar to this:

ceae.info                  OK
domain.com                 OK
otherdomain.de             OK

After this restart your server postfix! Enjoy!
(Source https://www.howtoforge.com/community/threads/postfix-users-restriction.3947/ Thanks falko )

How to add repository to your Edge Router Lite!

Hello in new year 2018 !

Today we add repository to Edge router lite for install more apps used in cli mode.

Log with ssh to your edge router lite or with cli:

type

sudo bash

and paste next commands

set system package repository wheezy components 'main contrib non-free'
set system package repository wheezy distribution wheezy
set system package repository wheezy password ''
set system package repository wheezy url 'http://ftp.us.debian.org/debian/'
set system package repository wheezy username ''
set system package repository wheezy-backports components main
set system package repository wheezy-backports distribution wheezy-backports
set system package repository wheezy-backports password ''
set system package repository wheezy-backports url 'http://http.us.debian.org/debian'
set system package repository wheezy-backports username ''
set system package repository wheezy-updates components 'main contrib'
set system package repository wheezy-updates distribution wheezy/updates
set system package repository wheezy-updates password ''
set system package repository wheezy-updates url 'http://security.debian.org/'
set system package repository wheezy-updates username ''

after this type

apt-get update

Now you can install nmap.

apt-get install nmap

Enjoy !

Update Centos 6.x to 6.9 and fail connect to Openvpn!

This week update to last vesion of centos 6.9 and find Openvpn do not work.

Error: ERROR: depth=0, error=certificate signature failure:
OpenSSL: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned

RHEL 6.9 / Centos 6.9 remove Deprecated Insecure Algorithms and Protocols link.

More info: CentOS 6.9 Release Notes

Solution 1:  Remove old keys from your Openvpn server and create new key.
Solution 2: Add exception for keys you have now but don’t forget to change keys in soon as posible.

Exception:

echo -e “LegacySigningMDs md2 md5\nMinimumDHBits 512\n” >> /etc/pki/tls/legacy-settings
service openvpn restart

Enjoy for today !

Adding the new MySQL user with access in database and just one table!

Q: I would like to know how to give permission to the database user logged in to access only one table and not whole database?
A: 1. Create user:
CREATE USER 'userlimit'@'%' IDENTIFIED BY 'NewPassword';
2. Now run the following to grant the SELECT privilage to the table and database selected ( where you wish ).
GRANT SELECT ON database_name.table_name TO 'userlimit'@'%';
Enjoy!

Test:
MariaDB [database_name]> select * from loturi;
ERROR 1142 (42000): SELECT command denied to user 'userlimit'@'localhost' for table 'loturi'