Ετήσια αρχεία: 2021

How to Start/Stop or Enable/Disable firewalld on CentOS 8

12 Νοεμβρίου 2021 στο GNU/Linux επισημασμένο με ετικέτα CentOS / centos 8 / firewall / firewalld / GNU/Linux Από Tux

firewalld (Dynamic Firewall Manager) tool provides a dynamically managed firewall. The tool enables network/firewall zones to define the trust level of network connections and/or interfaces. It has support both for IPv4 and IPv6 firewall settings. Also, it supports Ethernet bridges and allow you to separate between runtime and permanent configuration options. Finally, it supports an interface for services or applications to add firewall rules directly.

Disable firewalld

To disable firewalld, execute the following command as root or using sudo:

systemctl disable firewalld

Enable firewalld

To enable firewalld, execute the following command as root or using sudo:

systemctl enable firewalld

Stop firewalld

To stop (or deactivate) firewalld,execute the following command as root or using sudo:

systemctl stop firewalld

Start firewalld

To start (or activate) firewalld, execute the following command as root or using sudo:

systemctl start firewalld

Status of firewalld

To check the status of firewalld, execute the following command as root or using sudo:

systemctl status firewalld

CONCEPTS

systemd provides a dependency system between various entities called “units” of 12 different types. Units encapsulate various objects that are relevant for system boot-up and maintenance. The majority of units are configured in unit configuration files, whose syntax and basic set of options is described in systemd.unit(5), however some are created automatically from other configuration, dynamically from system state or programmatically at runtime. Units may be “active” (meaning started, bound, plugged in, …, depending on the unit type, see below), or “inactive” (meaning stopped, unbound, unplugged, …), as well as in the process of being activated or deactivated, i.e. between the two states (these states are called “activating”, “deactivating”). A special “failed” state is available as well, which is very similar to “inactive” and is entered when the service failed in some way (process returned error code on exit, or crashed, or an operation timed out). If this state is entered, the cause will be logged, for later reference. Note that the various unit types may have a number of additional substates, which are mapped to the five generalized unit states described here.
— From man systemd

The above, in a nutshell:

enabled is a service that is configured to start when the system boots
disabled is a service that is configured to not start when the system boots
active is a service that is currently running
inactive is a service that is currently stopped and may be disabled, but it can be started and become active

Some notes on how to record audio from a terminal in Ubuntu 20.04LTS

2 Νοεμβρίου 2021 στο Bash / GNU/Linux επισημασμένο με ετικέτα audio / bash / ffmpeg / GNU/Linux / linux / pactl / record / terminal / ubuntu / ubuntu 20.04LTS Από Tux

Recently, we were trying to record the audio that was played on the system speakers using an Ubuntu 20.04LTS desktop. In the installation, there was no dedicated audio recorder installed and we did not want to install any. To record, we used the following command to get the list of all audio sources available to the system:

pactl list short sources;

The pactl command produced results like so:

3	alsa_output.pci-0000_00_1f.3.analog-stereo.monitor	module-alsa-card.c	s16le 2ch 44100Hz	SUSPENDED
4	alsa_input.pci-0000_00_1f.3.analog-stereo	module-alsa-card.c	s16le 2ch 44100Hz	SUSPENDED
10	alsa_input.usb-Dell_DELL_PROFESSIONAL_SOUND_BAR_AE515-00.iec958-stereo	module-alsa-card.c	s16le 2ch 44100Hz	SUSPENDED
12	alsa_output.usb-Dell_DELL_PROFESSIONAL_SOUND_BAR_AE515-00.analog-stereo.monitor	module-alsa-card.c	s16le 2ch 44100Hz	IDLE

We knew that the system was using the Dell soundbar in analog mode to play the music (as we could see in the Settings under the Sound category, which is depicted below), so we copied the following name from the line that starts with the number 12:

alsa_output.usb-Dell_DELL_PROFESSIONAL_SOUND_BAR_AE515-00.analog-stereo.monitor

Then we used that monitor name as an input device for FFmpeg like so:

ffmpeg -f pulse -i alsa_output.usb-Dell_DELL_PROFESSIONAL_SOUND_BAR_AE515-00.analog-stereo.monitor test.mp3;

When we were done recording, we pressed CTRL+C to stop the recording.

Hikvision web UI cannot change admin password

29 Οκτωβρίου 2021 στο Other επισημασμένο με ετικέτα curl / DS-KB8112-IM / hikvision / Video Intercom Vandal-Resistant Door Station Από Tux

Note / Disclaimer / Caution / Warning:
We are not sure if the same commands will work on your device!
Following these instructions has some risk as not everything is well documented and could damage your device and make it unable to be repaired or used!
We are posting about our experiences as it might help someone else but we cannot guarantee positive results to other people.
We got lucky, we cannot be sure if this works for everyone...

Recently, we were performing maintenance on a Hikvision DS-KB8112-IM Vandal-Resistant Door Station. When we tried to change the password for the default administrator (called admin) we noticed that we could not edit the user. There was a bug in the list of users which was not showing the username of the admin.

That bug caused the Modify functionality to fail as well. It would leave the User Name field as blank which would trigger an error after pressing the OK button. The system complained that the User Name field is empty while it is required making the change of password to fail.

We could not figure out a way to fix it through the menus of Hikvision nor could we flash or update the device firmware, so after some search, we found the documentation of some API (which we are not sure if is actively maintained) that allowed us to get the settings of the device and update them.

Specifically, using the following command, we got the list of users on the Hikvision device:

curl -k 'https://admin:[email protected]/ISAPI/Security/users';

The GET of ISAPI/Security/users gave us the list of all users like so:

<?xml version="1.0" encoding="UTF-8" ?>
<UserList version="2.0" xmlns="http://www.isapi.org/ver20/XMLSchema">
<User version="2.0" xmlns="http://www.isapi.org/ver20/XMLSchema">
<id>1</id>
<userName>admin</userName>
<bondIpAddressList>
<bondIpAddress>
<id>1</id>
<ipAddress>0.0.0.0</ipAddress>
</bondIpAddress>
</bondIpAddressList>
<bondMacAddressList>
<bondMacAddress>
<id>1</id>
<macAddress>00:00:00:00:00:00</macAddress>
</bondMacAddress>
</bondMacAddressList>
<userLevel>Administrator</userLevel>
<attribute>
<inherent>true</inherent>
</attribute>
</User>
</UserList>

Then, for fun, we issued the command that returns the information for the admin user (that has the ID = 1):

curl -k 'https://admin:[email protected]/ISAPI/Security/users/1';

<?xml version="1.0" encoding="UTF-8" ?>
<User version="2.0" xmlns="http://www.isapi.org/ver20/XMLSchema">
<id>1</id>
<userName>admin</userName>
<userLevel>Administrator</userLevel>
<attribute>
<inherent>true</inherent>
</attribute>
</User>

Then we went for the risky part, to issue a command that would edit the settings of the device with great risk!

curl -k 'https://admin:[email protected]/ISAPI/Security/users/1' -X PUT --data-raw $'<User version="2.0" xmlns="http://www.isapi.org/ver20/XMLSchema">\n<id>1</id><userName>admin</userName><password>4321</password></User>';

The PUT command for ISAPI/Security/users/1 loaded the following XML to the device:

<User version="2.0" xmlns="http://www.isapi.org/ver20/XMLSchema">
<id>1</id>
<userName>admin</userName>
<password>4321</password>
</User>

To our pleasant surprise, it worked! After executing the above command, we were able to log in to the device using the new password. To an even more pleasant surprise, the list of users bug disappeared and we were able to use the web GUI to make changes to the administrator user!

Quick notes on optimizing a mysql/mariadb database in a docker container

19 Οκτωβρίου 2021 στο Docker επισημασμένο με ετικέτα docker / MariaDB / mysql / mysqlcheck / optimize Από Tux

First, to avoid opening the network of the container to another network, you need to open a shell to the docker container itself. To do so, use the following command:

docker exec -it website_db /bin/bash;

After executing the exec command, you will get a shell to the docker container. Use the following command to optimize all databases and their tables:

mysqlcheck -p -o --all-databases;

The -p parameter instructs the command to ask for a password (which probably and hopefully have set).

To exit the console and close the connection just type exit; after you are done with the above command.

Note: Where we used the word website_db you need to use the name of your container. If you are not sure of the name of the container, you can list all of the containers with their names using the following command:

docker container ls;

Bytefreaks.net – a place for hacks