Fedora GNU/Linux: Disable/Stop or Enable/Start Bluetooth service

There was this Fedora box for which we were asked to disable most of the methods it had available for communicating with the outside world.
One of the features of the box that we decided to block was its Bluetooth device.
To make our life easy, and since the users would not have admin rights, we decided to simply stop and disable the Bluetooth service on the box and be over with it!

The way we stopped and disabled the Bluetooth service was with the following two devices.

#Stop Bluetooth service that is currently executing
systemctl stop bluetooth;
#Prevent Bluetooth service from starting after a reboot
systemctl disable bluetooth;

Once you disable the service and stop it, you will notice that on the GUI of the Gnome settings application it still shows the basic menu for the Bluetooth device.
That should not worry you though because if you enter the Bluetooth configuration tab you will notice that the user will not be able to turn the device on and make use of it.

Revert changes and re-enable / re-start the Bluetooth service:

In order to restore the Bluetooth service back to normal (to enable it and start it), just execute the following two commands:

#Start the Bluetooth service right now
systemctl start bluetooth;
#Make sure that Bluetooth service will start after each system restart
systemctl enable bluetooth;

Anonabox Pro – Disable Wi-Fi

The following video demonstrates how to disable the Wi-Fi on an  Anonabox Pro.

  1. Connect to the device via the LAN Ethernet port.
    It has a build DHCP server by default so you do not need to configure the IP.
    After you get connected, go to the default location of the device interface, which is http://192.168.19.84:1776/.
  2. After the interface loads, enter the root password and click on the Login button.
    (if you are using a brand new Anonabox or a box that was recently flashed then click on the Login button without entering a password (if you enter one, it will be ignored)).
  3. Then, go to the top menu Network and select the option Wireless
  4. At the new page, under the category Wireless Overview click on the Disable button.
  5. Finally, click on the OK button when you get the Really shut down network? confirmation box and wait for the changes to get applied, the image with the Wi-Fi logo will change to one that has a red stamp on it and right under the SSID field you will get the message Wireless is disabled or not associated.

To enable the WiFi, just repeat the steps above and click on the Enable button.

GNU/Linux Fedora 27: Prevent Network Manager from restarting after reboot

Recently we were working on a Fedora 27 GNU/Linux box where we needed to completely disable the Network Manager.
Initially, we just stopped the NetworkManager service and then disabled it thinking that it would be enough.
To our surprise after we rebooted the box, we noticed that the Network Manager was active again!

After some research we found out that another service called NetworkManager-wait-online was starting the NetworkManager as some sort of recovery mechanism.
So, in order to permanently block NetworkManager from starting on boot, we disabled NetworkManager-wait-online as well.

In the end our solution to disable the NetworkManager service came down to executing the following commands as root (or using sudo):

systemctl stop NetworkManager;
systemctl stop NetworkManager-wait-online;

systemctl disable NetworkManager;
systemctl disable NetworkManager-wait-online;

Anonabox Pro – Set Root Password On Initial Setup

The following video demonstrates how to setup the root password for a new (or recently flashed) Anonabox Pro.

  1. Connect to the device via the LAN Ethernet port.
    It has a DHCP server by default so you do not need to configure the IP.
    After you get connected, go to the default location of the device interface, which is http://192.168.19.84:1776/.
  2. After the interface loads, click on the Login button without entering a password (if you enter one, it will be ignored).
  3. Then go to the top menu System and select the option Administration
  4. At the new page, under the category Router Password enter the password you wish to use both at the Password and Confirmation fields.
  5. Finally, click on the Save & Apply button and wait for the changes to get applied, a confirmation message will appear at the top of the page under the top menu.

Ubuntu: install / start/stop enable/disable ssh server

OpenSSH is a freely available version of the Secure Shell (SSH) protocol family of tools for remotely controlling, or transferring files between, computers.

Install SSH server

To install the openssh-server on an Ubuntu, you need execute the following command as root or using sudo:

apt-get install openssh-server -y;

Disable SSH server

To disable the ssh service, execute the following command as root or using sudo:

systemctl disable ssh;

Enable SSH server

To enable the ssh service, execute the following command as root or using sudo:

systemctl enable ssh;

Stop SSH server

To stop (or deactivate) the ssh service, execute the following command as root or using sudo:

systemctl stop ssh;

Start SSH server

To start (or activate) the ssh service, execute the following command as root or using sudo:

systemctl start ssh;

Status of SSH server

To check the status of the ssh service, execute the following command as root or using sudo:

systemctl status ssh;

CONCEPTS

In a nutshell:

  • enabled is a service that is configured to start when the system boots
  • disabled is a service that is configured to not start when the system boots
  • active is a service that is currently running
  • inactive is a service that is currently stopped and may be disabled, but it can be started and become active

In much more detail:

systemd provides a dependency system between various entities called “units” of 12 different types. Units encapsulate various objects that are relevant for system boot-up and maintenance. The majority of units are configured in unit configuration files, whose syntax and basic set of options is described in systemd.unit(5), however some are created automatically from other configuration, dynamically from system state or programmatically at runtime. Units may be “active” (meaning started, bound, plugged in, …, depending on the unit type, see below), or “inactive” (meaning stopped, unbound, unplugged, …), as well as in the process of being activated or deactivated, i.e. between the two states (these states are called “activating”, “deactivating”). A special “failed” state is available as well, which is very similar to “inactive” and is entered when the service failed in some way (process returned error code on exit, or crashed, or an operation timed out). If this state is entered, the cause will be logged, for later reference. Note that the various unit types may have a number of additional substates, which are mapped to the five generalized unit states described here.
— From man systemd

 

Ubuntu SSHD listen to multiple ports

Recently, we’ve setup an Ubuntu server behind CloudFlare that needed to listen for SSH connections.
Unfortunately, CloudFlare does not allow connections to the default SSH port which is 22.
So, to achieve what it was needed we either had to change the port that the SSH service was listening to or add an additional port.
We decided to go with the option of listening to multiple ports for SSH connections, this way users that were also behind the CloudFlare CDN could still continue to use their SSH clients without being forced to define the connection port manually.

The port listening setting is available in /etc/ssh/sshd_config, using sudo we edited the file with a text editor and searched for the following lines:

# What ports, IPs and protocols we listen for
Port 22

Right after the line that contains Port 22, we added another line for the new port (to see the list of all available open ports on CloudFlare, check this post)

And the file became as follows:

# What ports, IPs and protocols we listen for
Port 22
Port 2053

Afterwards, we restarted the SSHD service to apply the changes by executing the following command by using sudo:

systemctl restart ssh;

How we create bootable GNU/Linux USB flash drives from terminal

A very important tool in our everyday life are the LiveUSB GNU/Linux flash drives.
We keep an updated collection of several GNU/Linux flavors/distributions (Fedora, CentOS, (L/X)Ubuntu, Kali etc.) that are used depending on the scenario.

The command we use is the following:

sudo dd bs=4M if=path/to/OS.iso of=/dev/sdX conv=fdatasync;

dd allows you to convert and copy a file and we use it to copy the ISO file of the operating system onto the USB flash drive.

Notes:

  1. You need to unmount the USB flash drive before formatting it, e.g.:
    sudo umount /dev/sdXY;
  2. You need to use the device filename and not a partition filename:
    e.g. You need to use /dev/sdX and NOT /dev/sdX1
  3. You need to use either the root account or execute the command with sudo
  4. If you do not know the filename associated with your flash drive, use an application like the following ones to determine which /dev file is mapped to the USB flash drive:
    gnome-disks; or
    lsblk; or
    sudo fdisk -l;

The parameters we use are the following:

  • bs=SIZE_IN_BYTES defines up to how many bytes should be read and written at a time.
    In our case we used 4 Megabytes (4M).
  • if=INPUT_FILE defines the file to be read, we use this parameter to point to the OS ISO file that we want to write on the USB drive.
  • of=OUTPUT_FILE defines the filename where the data is to be written in.
    In GNU/Linux, devices are accessible like files as well so we used /dev/sdX here that happened to be the device file assigned to our USB device.
  • conv=CONVS converts the file as per the comma separated symbol list
    fdatasync physically writes output file data before finishing, we use this parameter to be sure that all I/O operations are done well before dd terminates, this way we are certain that our USB device will be ready to use as soon as the application is done.

How we sync files between two drives

We have two external hard disks that we use to keep backups of our data.
The way we do that is by using the command rsync that makes our life easy.

Specifically, we use the following command to synchronize the first hard disk with the second one:

rsync -avh --delete --progress "path/to/source" "path/to/destination";

rsync is a fast, versatile, remote (and local) file-copying tool, it is available in almost every system (GNU/Linux, Unix (MacOS as well) and Windows).

The parameters we use are the following:

  • -a, --archive enables archive mode which is equal to -rlptgoD (no -H,-A,-X)
    In more detail it enables all of the following options
    -r, --recursive recurse into directories
    -l, --links copy symlinks as symlinks
    -p, --perms preserve permissions
    -t, --times preserve modification times
    -g, --group preserve group
    -o, --owner preserve owner (super-user only)
    -D same as --devices --specials
    --devices preserve device files (super-user only)
    --specials preserve special files
  • -v, --verbose it increases verbosity of the output
  • -h, --human-readable outputs numbers in a human-readable format
  • --delete deletes extraneous files from destination directories
  • --progress shows progress during transfer

Lubuntu LVM Encrypted

While trying to setup a lubuntu GNU/Linux that would use an encrypted LVM file-system we run into several problems that should have not been there.
For example, the installer would not continue as swap memory was not encrypted and it was blocking the operation.
An other issue was that the LVM support package was not installed by default although it is needed by the installer.

Our solution requires an active internet connection so that you can install the lvm2 package.

Methodology

After booting into the live session, before we started the installation process, we opened a terminal from the main menu (Start Menu) and executed the following two commands:

sudo apt-get install lvm2 -y;

sudo swapoff --all;

These two commands disabled all swap (so that we do not get the error that swap is not encrypted) and it installed the lvm2 package that is needed by the installer to create our LVM setup.

The following video presents the full successful installation procedure by making the changes before starting the procedure.

The next video, shows our attempts to fix the installation after encountering the errors instead of fixing them beforehand.

CloudFlare does not allow port 22 (usual SSH port) on domain

When you try to connect via ssh on a domain for which you are using CloudFlare as a HTTP proxy, you will get the following error:

$ ssh [email protected]
 ssh_exchange_identification: Connection closed by remote host

You have a few options to resolve for this issue:

  1. Either connect directly to the IP of the machine.
  2. Or, setup a CNAME record with no HTTP proxy for the SSH (so that you do not need to remember the IP).
    This solution does not offer any additional benefits than connecting directly to the IP of the server.
    To do that, you need to visit the configure DNS page for your site: e.g. https://www.cloudflare.com/a/dns/example.com,
    then create the CNAME named ssh, use as target your domain (e.g. example.com) and disable HTTP proxy by clicking on the orange cloud and making it gray before pressing the Add Record button.

    Then, you will be able to connect via ssh [email protected].
  3. Last solution but not least is configuring your server to listen for SSH on one of the ports of CloudFlare that are open.
    When this post was written, the following ports were available/open for any site in CloudFlare:
    For requests made via HTTP:

    80
    8080
    8880
    2052
    2082
    2086
    2095

    For requests made via HTTPS:

    443
    2053
    2083
    2087
    2096
    8443

    At the time, we were using an Ubuntu GNU/Linux server, to instruct Ubuntu SSHD to listen to multiple ports we edited the file /etc/ssh/sshd_config and right after the lines:

    # What ports, IPs and protocols we listen for
    Port 22

    we added another line with the new port we wanted to use:

    # What ports, IPs and protocols we listen for
    Port 22
    Port 2053

    After restarting the service
    service ssh restart;
    we were able to connect to our page as follows:
    ssh -p 2053 [email protected];