Saturday, 14 September 2019

Experimenting with Archlinux on Legacy Bios system

nano /etc/wpa_suppplicant/wpa_supplicant.conf
   ctrl_interface=/run/wpa_supplicant
   update_config=1

wpa_supplicant -B -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf

wpa_cli
   scan
   add_network
   set_network 0 ssid "home_net"
   set_network 0 psk "passphrase"
   enable_network 0
   save_config

dhcpcd wlan0

mkswap /dev/sd#
swapon /dev/sd#
mkfs.ext4 /dev/sd*
mkfs.ext4 /dev/sd*

mount /dev/sd* /mnt
mount /dev/sd* /mnt/home
mount /dev/sd^ /mnt/boot

pacstrap /mnt base
genfstab -U /mnt >> /mnt/etc/fstab
arch-chroot /mnt

ln -sf /usr/share/zoneinfo/Region/City /etc/localtime
timedatectl set-local-rtc 1

nano /etc/locale.gen
locale-gen
nano /etc/locale.conf
   LANG=en_SG.UTF-8
nano /etc/vconsole.conf
   KEYMAP=us-eng
nano /etc/hostname
   archlinux
nano /etc/hosts
   127.0.0.1 localhost.localdomain 
   :1 localhost.localdomain
   127.0.1.1 archlinux.localdomain

passwd

pacman -S grub grub-install --target=i386-pc --debug --force /dev/sda^
chattr +i /boot/grub/i386-pc/core.img

pacman -S linux
grub-mkconfig -o /boot/grub/grub.cfg

pacman -S wpa_supplicant

nano /etc/wpa_supplicant/wpa_supplicant.conf
   ctrl_interface=/run/wpa_supplicant
   update_config=1
   country=SG

useradd -m $USER
passwd $USER
usermod -aG wheel $USER

pacman -S sudo
visudo
   'uncomment wheel'

nano .config/lxqt/session.conf
   [Keyboard]
   numlock=true

pacman -S lxqt
pacman -S xorg-server
pacman -S openbox obconf xterm qt5-base mesa xorg-xinit ttf-dejavu xorg-utils xorg-twm xorg-xclock
pacman -S xf86-video-fbdev xf86-input-keyboard xf86-input-mouse
pacman -S xorg-apps linux-headers
pacman -S connman liblxqt qt5-svg cmake git qt5-tools lxqt-build-tools
pacman -S cmst
#pacman -S lxqt-connman-applet

pacman -S sddm
nano /etc/sddm.conf.d/autologin.conf
   [Autologin]
   User=$USER
   Session=lxqt.desktop

nano /etc/sddm.conf.d/avatar.conf
   [Theme]
   FacesDir=/home/$USER/pictures/self.face.icon

setfacl -m u:sddm:x ~/pictures/
setfacl -m u:sddm:r ~/pictures/.face.icon

pacman -S xscreensaver-arch-logo
pacman -S xdg-utils

nano .xinitrc
   exec startlxqt

pacman -S intel-ucode
pacman -S iucode-tool
exit
umount -R /mnt

sudo systemctl start sddm
sudo systemctl enable --now sddm
startx
sudo pacman -S tmux tree ibus ibus-libpinyin

Follow my blog with Bloglovin

Installing sshguard 2.4.0 on Fedora 30 using GNU Stow

Install GNU Stow to keep track of built-from-source-code applications using system default repository:

sudo dnf install stow

We install the following dependencies required for building sshguard application:

sudo dnf install byacc flex gcc make

We proceed to download sshguard 2.4.0 from sourceforge.net.

We can then extract to default home location /home/username.

Using terminal/console, set the location to the extracted folder using cd command:

cd sshguard-2.4.0/

We proceed to build the sshguard using source makefile by running configure  with installation location set at /usr/local/stow/sshguard and make command:

./configure --prefix=/usr/local/stow/sshguard

make

We proceed to install the sshguard application using make install command:

We edit the sshguard configuration file by setting backend executable file location at:

BACKEND="/usr/local/libexec/sshg-fw-firewalld"

We proceed to symlink the respective folders under /usr/local/stow/sshguard to various locations under /usr/local/ directory:

cd /usr/local/stow/

sudo stow sshguard

We have to ensure that the service file at sshguard.service has the following ExecStart location:

ExecStart=/usr/local/sbin/sshguard

When we make changes to SystemD service file, we need to run the following:

sudo systemctl daemon-reload

sudo systemctl restart sshguard.service

One final check is to ensure the sshguard application is running, we run the following:

systemctl status sshguard.service | less

For further reference on configuring sshguard with firewalld you may refer to the Ctrl blog article titled How to protect SSH remote login in Fedora with SSHGuard and FirewallD by Daniel Aleksandersen.

Follow my blog with Bloglovin

Sunday, 7 April 2019

Configuring Edgerouter X: Part 1

Setting up ssh restricted access to Edgerouter

Introduction to Edgerouter's EdgeOS commands

Running '?' shows commands available on EdgeOS in operational (upon logging in) and configuration mode ('configure' command)

Running 'configure' allows us to go into configure mode

Running 'commit' allows us to commit changes 

Running 'commit-confirm' allows the change to take effect before reboot (important if you are unsure of the changes made and the impact to the system)

Running 'save' allows us to save the change to persistent boot configuration

Creating ssh key

ssh-keygen

Setting permission on .ssh and its subfolders
chown -R username:usergroup .ssh/

Upload ssh key

ssh-copy-id -i ~/.ssh/clienthost.pub username@routerhostname

Loadkey 

configure

loadkey 

commit

save

Limit ssh to listen to one address

set service ssh listen-address 192.168.0.1


 

Follow my blog with Bloglovin

Experimenting with Archlinux on Legacy Bios system

nano /etc/wpa_suppplicant/wpa_supplicant.conf    ctrl_interface=/run/wpa_supplicant    update_config=1 wpa_supplicant -B -i wlan0 -c /e...