How to Change WebUI Port on Edge Router – Ubiquiti EdgeRouter

Today we show you how to change default WebUI port for Ubiquiti EdgeRouter.

1. Log into router via ssh

# ssh  ubnt@192.168.0.1

2. Enter configure mode

ubnt@Edge-ROUTER:~$ configure
[edit]
ubnt@Edge-ROUTER#

3. Set the Web UI port; change 7443 to whatever you would like

set service gui https-port 7443

4. Commit and save your change

 commit
save

If you require access to the Web GUI from an external location, you will need to create a firewall rule to allow the traffic.
5. Create the firewall rule to allow inbound traffic

edit firewall name WAN_LOCAL rule 55
set description "Inbound traffic to WEB GUI"
set action  accept
set log disable
set protocol tcp_udp
set destination port 7443

And do not forget to commit and save !

Source: https://blog.laslabs.com/2013/04/change-webui-port-ubiquiti-edge-router-lite/

How to setup PureFTPD with mysql user.

Now we setup pure-ftpd with mysqld user.
1. Install packet:

# yum install epel-release
# yum install pure-ftpd

2. Now we create user and group for Pure-FTPD

# groupadd -g 3800 grupftp 
# useradd -u 3800 -s /bin/false -d /bin/null -c "User Purefptd" -g grupftp userftp

3. Create database

CREATE DATABASE pureftpd;
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON pureftpd.* TO 'pureftpd'@'localhost' IDENTIFIED BY 'ftpdpass';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON pureftpd.* TO 'pureftpd'@'localhost.localdomain' IDENTIFIED BY 'ftpdpass';
FLUSH PRIVILEGES;

USE pureftpd;

CREATE TABLE ftpd (
User varchar(16) NOT NULL default '',
status enum('0','1') NOT NULL default '0',
Password varchar(64) NOT NULL default '',
Uid varchar(11) NOT NULL default '-1',
Gid varchar(11) NOT NULL default '-1',
Dir varchar(128) NOT NULL default '',
ULBandwidth smallint(5) NOT NULL default '0',
DLBandwidth smallint(5) NOT NULL default '0',
comment tinytext NOT NULL,
ipaccess varchar(15) NOT NULL default '*',
QuotaSize smallint(5) NOT NULL default '0',
QuotaFiles int(11) NOT NULL default 0,
vizibil enum('0','1') NOT NULL DEFAULT '1',
parola varchar(255) NOT NULL,
PRIMARY KEY (User),
UNIQUE KEY User (User)
) TYPE=MyISAM;

If you use mariadb database:

CREATE TABLE ftpd ( User varchar(16) NOT NULL default '', status enum('0','1') NOT NULL default '0', Password varchar(64) NOT NULL default '', Uid varchar(11) NOT NULL default '-1', Gid varchar(11) NOT NULL default '-1', Dir varchar(128) NOT NULL default '', ULBandwidth smallint(5) NOT NULL default '0', DLBandwidth smallint(5) NOT NULL default '0', comment tinytext NOT NULL, ipaccess varchar(15) NOT NULL default '*', QuotaSize smallint(5) NOT NULL default '0', QuotaFiles int(11) NOT NULL default 0, vizibil enum('0','1') NOT NULL DEFAULT '1', parola varchar(255) NOT NULL, PRIMARY KEY (User), UNIQUE KEY User (User) ) ENGINE = MyISAM;

4. Edit /etc/pure-ftpd/pure-ftpd.conf

# vim /etc/pure-ftpd/pure-ftpd.conf
 [...]
ChrootEveryone              yes
[...]
MySQLConfigFile               /etc/pure-ftpd/pureftpd-mysql.conf
[...]
CreateHomeDir               yes
[...]

5. Next step you have to edit /etc/pure-ftpd/pureftpd-mysql.conf

 MYSQLSocket      /var/lib/mysql/mysql.sock
MYSQLUser       pureftpd
MYSQLPassword   ftpdpass
MYSQLDatabase   pureftpd
MYSQLCrypt      md5
MYSQLGetPW      SELECT Password FROM ftpd WHERE User="\L" AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MYSQLGetUID     SELECT Uid FROM ftpd WHERE User="\L" AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MYSQLGetGID     SELECT Gid FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MYSQLGetDir     SELECT Dir FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MySQLGetBandwidthUL SELECT ULBandwidth FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MySQLGetBandwidthDL SELECT DLBandwidth FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MySQLGetQTASZ   SELECT QuotaSize FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MySQLGetQTAFS   SELECT QuotaFiles FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")

6. Add user to database:

 INSERT INTO `ftpd` (`User`, `status`, `Password`, `Uid`, `Gid`, `Dir`, `ULBandwidth`, `DLBandwidth`, `comment`, `ipaccess`, `QuotaSize`, `QuotaFiles`,`vizibil`,`parola`) VALUES ('usertest', '1', MD5('newparola'), '3800', '3800', '/srv/ftp/testuser', '100', '100', '', '*', '50', '0','1','newparola');

Add user without limit quota:

 INSERT INTO `ftpd` (`User`, `status`, `Password`, `Uid`, `Gid`, `Dir`, `ULBandwidth`, `DLBandwidth`, `comment`, `ipaccess`, `QuotaSize`, `QuotaFiles`,`vizibil`,`parola`) VALUES ('userboss', '1', MD5('bosspass'), '3800', '3800', '/srv/ftp', '0', '0', '', '*', '0', '0','1','bosspass');

7. Few tips.
How we change password one user already exist

 update ftpd set password=MD5('NewPass8634word') where User='USERFTP';

8. Start and enable service

# systemctl status pure-ftpd.service 
# systemctl enable pure-ftpd.service
# systemctl start pure-ftpd.service

For centos 6

# chkconfig on pure-ftpd 
# service pure-ftpd start
# service pure-ftpd status 

Enjoy, that it is!

How to buy a cheap linux vps.

How to buy a cheap linux vps?
This it is the topic of this days.

The first thing you can look for a discount code on www.retailmenot.com
You cand find free discount code to buy VPS server on Linode or cheap domain on godaddy.com.  Other tips, you can search on Google “promo code provider” Ex: promo code godaddy, promo code linode, promo code ovh …… and so on.

  1. Hetzner Germany, from 3.9 Euro to 49.9 Euro, you have Control Panel to control your VPS. Transfer Limit from 2 TB to 30 TB.  If you are from other country than Germany you can pay with TransferGO.
  2. Linode Germany. Price from 5$/month to 960 $/month. Transfer limit from 1 TB to 9 TB.  Very good CPU on VPS hosting.  You can buy cheap with “promote code”.
  3. OVH Price from 2.99 to 11.99. Unlimited traffic 
  4. A2hosting VPS, I suggest to buy Unmanaged VPS Hosting and you will config you services in your server. Price from 4.45 Euro to 13.36 Euro. Transfer limit just 2 TB.
  5. Google Cloud Platform, I like this inteface, eazy to setup, you can try it free ( you will receive $300 credit for free ) for first month.

You can look to Amazon AWS or Digital Ocean but you can waste your time. ( they are good but not cheap )

From now this it is what I found.

Samba Tips

Hello, in this page we show few tips for samba.

Q: How to force the master browser to re-run?
A: Run next command

# smbcontrol nmbd force-election

Q: How do we find out who the master browser is in the network ?
A: Run next command

 # nmblookup -M -- -
querying __MSBROWSE__ on 192.168.1.255
192.168.1.130 __MSBROWSE__
192.168.1.1 __MSBROWSE__
192.168.1.22 __MSBROWSE__
192.168.1.66 __MSBROWSE__

In this case I found some master computer browser.
Q: How do you know the name of netbios if you know IP address ?
A: Run next command

# nmblookup -A 192.168.3.28
Looking up status of 192.168.3.28
        OTL-DEPOZIT-2   -         B 
        OTL           -  B 
        OTL-DEPOZIT-2   -         B 
        OTL           -  B 

        MAC Address = 50-E5-49-90-E2-03

Q: And vice versa ?
A: See next

nmblookup -S OTL-DEPOZIT-2
querying ORSH-DEPOZIT-2 on 192.168.3.255
192.168.3.28 OTL-DEPOZIT-2
Looking up status of 192.168.3.28
        OTL-DEPOZIT-2   -         B 
        OTL           -  B 
        OTL-DEPOZIT-2   -         B 
        OTL           -  B 

        MAC Address = 50-E5-49-90-E2-03

Other userful command, smbtree, smbstatus.

Enjoy.

Renewing a SSL Certificate on Centos

We receive a mail with next message in mail:

Certificate for hostname 'server.domain.com', in file (or by nickname):
     /etc/pki/tls/certs/ca.crt

The certificate needs to be renewed; this can be done
  using the 'genkey' program.

We find files in:

 [root@server ~]# ls -lh /etc/pki/tls/private/ca.key
-rw------- 1 root root 1,7K ian 29  2016 ca.key

Now we renew certificate:

# openssl req -new -days 365 -x509 -nodes -newkey rsa:2048 -out /etc/pki/tls/certs/ca.crt -keyout /etc/pki/tls/private/ca.key

We need to update their permissions.

chmod 600 /etc/pki/tls/certs/ca.crt
chmod 600 /etc/pki/tls/private/ca.key

How to see details about new certificate?
A: type this

 # openssl x509 -text -in /etc/pki/tls/certs/ca.crt

Enhoy !

How to compile latest version of bind in Centos 7

We want to add latest version of bind in Centos 7.

First Step.  Install builds require the GeoIP, python-argparse and python-ply packages, available from the epel repositories.

# yum install openssl-devel libcap-devel libidn-devel krb5-devel  krb5-devel docbook-style-xsl GeoIP-devel python-ply perl-Net-DNS-Nameserver fstrm-devel

Now we have to download source rpm of new bind.

# wget http://www.five-ten-sg.com/util/bind-9.11.1-0.1.el6.src.rpm

This version contains two patches for Python 2.4 compatibility required to run on Centos 5. It can be built via:

 EL5:
rpmbuild --rebuild --define 'dist .el5' \
bind-9.11.1-0.1.el6.src.rpm

EL6:
rpmbuild --rebuild --define 'dist .el6' \
bind-9.11.1-0.1.el6.src.rpm

EL7:
rpmbuild --rebuild --define 'dist .el7' \
bind-9.11.1-0.1.el6.src.rpm

And now you have to wait few hours to compile new rpm.

Enjoy!
Source: http://www.five-ten-sg.com/mapper/bind

How to upgrade OpenSSL on Centos 7

We make update to last OpenSSL, now we have latest varsion intalled with yum.

[root@mail src]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

But we want to update to openssl-1.0.2k. We have to compile OpenSSL.

# cd /usr/local/src
# wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
# tar -zxf openssl-1.0.2-latest.tar.gz

To manually compile OpenSSL and install/upgrade OpenSSL, do as follows:

# cd openssl-1.0.2k
# ./config
# make
# make test
# make install

We now copy older version on other path.

# mv /usr/bin/openssl  /usr/bin/openssl-1.0.1e
# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

Now verify the OpenSSL version:

# openssl version
OpenSSL 1.0.2k  26 Jan 2017

Enjoy !
Source: https://syslint.com/blog/tutorial/how-to-upgrade-openssl-on-centos-7-or-rhel-7/

How to setup “Response Policy Zone” in Bind 9.

Hello,
Today we show how to setup Response Policy Zone for bind. This works for bind 9.8.0 an newer.

# vim /etc/named.conf

and add this line:

 response-policy { zone "rpz.ceae.info"; };

now we have to declare zone

# vim /etc/named.rfc1912.zones

add

 ## RPZ Ceae Zone ##
zone "rpz.ceae.info" IN {
        type master;
        file "rpz.db";
        allow-query { any; };
};

Now we have to create rpz.db

# vim /var/named/rpz.db

and add

$TTL 1D
@       IN SOA  rpz.ceae.info. root.ceae.info. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
@       IN      NS      rpz.ceae.info.
@       IN      A       82.16.185.188

facebook.com    IN      CNAME   redirected.ceae.info.
www.facebook.com        IN      CNAME   redirected.ceae.info.
ro-ro.facebook.com      IN      CNAME   redirected.ceae.info.
twitter.com     IN      CNAME   redirected.ceae.info.
www.twitter.com IN      CNAME   redirected.ceae.info.
www.linkedin.com        IN      CNAME   redirected.ceae.info.
linkedin.com    IN      CNAME   redirected.ceae.info.

And now restart service

systemctl restart named

Info: http://www.zytrax.com/books/dns/ch7/rpz.html

How to setup bind9 on Debian 8

This tutorial explains how to setup a DNS server using Bind9 on Debian 8.

# apt update && apt-get install bind9 bind9utils resolvconf
# apt install dnsutils

Start BIND on boot:

# systemctl enable bind9

Backup current Bind9 settings and edit file.

# cp /etc/bind/named.conf.options /etc/bind/named.conf.options.orig
# vim /etc/bind/named.conf.options

And add:

options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        // forwarders {
        //      0.0.0.0;
        // };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { none; };
        statistics-file "/var/cache/bind/named.stats";
        rrset-order {order cyclic;};
        allow-transfer { your-nameserver-sec; };

        # Disable built-in server information zones.
        version none;
        hostname none;
        server-id none;

        # Maximum number of simultaneous client TCP connections to accept.
        tcp-clients 50;

        # Attempt to do all the work required to answer the query.
        recursion yes;
        recursive-clients 500;
        allow-recursion { your-network-client; };
        allow-query { any; };
};

logging {
        channel b_query {
                file "/var/log/bind9/query.log" versions 2 size 1m;
                print-time yes;
                severity info;
        };
        category queries { b_query; };
};

Create the log directory for Bind9.

# mkdir /var/log/bind9
# chown bind. /var/log/bind9

Edit vim /etc/bind/named.conf to add your domain zone file location.

 zone "your-domain.tld" {
        type master;
        file "/etc/bind/zones/db.your-domain.tld";
};

And now restart your nameserver:

# systemctl restart bind9
# systemctl status bind9

Enjoy!
Source: https://www.vultr.com/docs/setup-your-own-dns-server-on-debian-ubuntu

Configure BIND as a Catching-only DNS Server on Debian Wheezy

How to reset Unifi Controller from CLI on Debian / Ubuntu.

If you forget password to access unifi controller here you can find way to reset.

First thing generate a new hash password.

root@Debian-unifi:~# mkpasswd -m sha-512
Password:
$6$VnviByhb$y1RgT6vvxNpAAKOB9nnizR6zdAeGYTArQBiIyeSiPuaki49Lnfkh.DqdcPXISVacESE82aH96RqZtt85CfT8c1

Next step you have to log in MongoDB database and change it:

root@Debian-unifi:~# mongo –port 27117
MongoDB shell version: 2.4.10
connecting to: 127.0.0.1:27117/test
Welcome to the MongoDB shell.
For interactive help, type “help”.
For more comprehensive documentation, see
http://docs.mongodb.org/
Questions? Try the support group
http://groups.google.com/group/mongodb-user
Server has startup warnings:
Mon May 8 16:26:44.340 [initandlisten]
Mon May 8 16:26:44.340 [initandlisten] ** NOTE: This is a 32 bit MongoDB binary.
Mon May 8 16:26:44.340 [initandlisten] ** 32 bit builds are limited to less than 2GB of data (or less with –journal).
Mon May 8 16:26:44.340 [initandlisten] ** Note that journaling defaults to off for 32 bit and is currently off.
Mon May 8 16:26:44.341 [initandlisten] ** See http://dochub.mongodb.org/core/32bit
Mon May 8 16:26:44.341 [initandlisten]
> use ace
switched to db ace
> db.admin.update( { name: “admin” }, {$set: { x_shadow: “$6$VnviByhb$y1RgT6vvxNpAAKOB9nnizR6zdAeGYTArQBiIyeSiPuaki49Lnfkh.DqdcPXISVacESE82aH96RqZtt85CfT8c1” } } )
> exit
bye

And now you are ready to login with new password. Enjoy !