Anonabox Pro – Set Root Password On Initial Setup

The following video demonstrates how to setup the root password for a new (or recently flashed) Anonabox Pro.

  1. Connect to the device via the LAN Ethernet port.
    It has a DHCP server by default so you do not need to configure the IP.
    After you get connected, go to the default location of the device interface, which is http://192.168.19.84:1776/.
  2. After the interface loads, click on the Login button without entering a password (if you enter one, it will be ignored).
  3. Then go to the top menu System and select the option Administration
  4. At the new page, under the category Router Password enter the password you wish to use both at the Password and Confirmation fields.
  5. Finally, click on the Save & Apply button and wait for the changes to get applied, a confirmation message will appear at the top of the page under the top menu.

Ubuntu: install / start/stop enable/disable ssh server

OpenSSH is a freely available version of the Secure Shell (SSH) protocol family of tools for remotely controlling, or transferring files between, computers.

Install SSH server

To install the openssh-server on an Ubuntu, you need execute the following command as root or using sudo:

apt-get install openssh-server -y;

Disable SSH server

To disable the ssh service, execute the following command as root or using sudo:

systemctl disable ssh;

Enable SSH server

To enable the ssh service, execute the following command as root or using sudo:

systemctl enable ssh;

Stop SSH server

To stop (or deactivate) the ssh service, execute the following command as root or using sudo:

systemctl stop ssh;

Start SSH server

To start (or activate) the ssh service, execute the following command as root or using sudo:

systemctl start ssh;

Status of SSH server

To check the status of the ssh service, execute the following command as root or using sudo:

systemctl status ssh;

CONCEPTS

In a nutshell:

  • enabled is a service that is configured to start when the system boots
  • disabled is a service that is configured to not start when the system boots
  • active is a service that is currently running
  • inactive is a service that is currently stopped and may be disabled, but it can be started and become active

In much more detail:

systemd provides a dependency system between various entities called “units” of 12 different types. Units encapsulate various objects that are relevant for system boot-up and maintenance. The majority of units are configured in unit configuration files, whose syntax and basic set of options is described in systemd.unit(5), however some are created automatically from other configuration, dynamically from system state or programmatically at runtime. Units may be “active” (meaning started, bound, plugged in, …, depending on the unit type, see below), or “inactive” (meaning stopped, unbound, unplugged, …), as well as in the process of being activated or deactivated, i.e. between the two states (these states are called “activating”, “deactivating”). A special “failed” state is available as well, which is very similar to “inactive” and is entered when the service failed in some way (process returned error code on exit, or crashed, or an operation timed out). If this state is entered, the cause will be logged, for later reference. Note that the various unit types may have a number of additional substates, which are mapped to the five generalized unit states described here.
— From man systemd

 


Ubuntu SSHD listen to multiple ports

Recently, we’ve setup an Ubuntu server behind CloudFlare that needed to listen for SSH connections.
Unfortunately, CloudFlare does not allow connections to the default SSH port which is 22.
So, to achieve what it was needed we either had to change the port that the SSH service was listening to or add an additional port.
We decided to go with the option of listening to multiple ports for SSH connections, this way users that were also behind the CloudFlare CDN could still continue to use their SSH clients without being forced to define the connection port manually.

The port listening setting is available in /etc/ssh/sshd_config, using sudo we edited the file with a text editor and searched for the following lines:

# What ports, IPs and protocols we listen for
Port 22

Right after the line that contains Port 22, we added another line for the new port (to see the list of all available open ports on CloudFlare, check this post)

And the file became as follows:

# What ports, IPs and protocols we listen for
Port 22
Port 2053

Afterwards, we restarted the SSHD service to apply the changes by executing the following command by using sudo:

systemctl restart ssh;


How we create bootable GNU/Linux USB flash drives from terminal

A very important tool in our everyday life are the LiveUSB GNU/Linux flash drives.
We keep an updated collection of several GNU/Linux flavors/distributions (Fedora, CentOS, (L/X)Ubuntu, Kali etc.) that are used depending on the scenario.

The command we use is the following:

sudo dd bs=4M if=path/to/OS.iso of=/dev/sdX conv=fdatasync;

dd allows you to convert and copy a file and we use it to copy the ISO file of the operating system onto the USB flash drive.

Notes:

  1. You need to unmount the USB flash drive before formatting it, e.g.:
    sudo umount /dev/sdXY;
  2. You need to use the device filename and not a partition filename:
    e.g. You need to use /dev/sdX and NOT /dev/sdX1
  3. You need to use either the root account or execute the command with sudo
  4. If you do not know the filename associated with your flash drive, use an application like the following ones to determine which /dev file is mapped to the USB flash drive:
    gnome-disks; or
    lsblk; or
    sudo fdisk -l;

The parameters we use are the following:

  • bs=SIZE_IN_BYTES defines up to how many bytes should be read and written at a time.
    In our case we used 4 Megabytes (4M).
  • if=INPUT_FILE defines the file to be read, we use this parameter to point to the OS ISO file that we want to write on the USB drive.
  • of=OUTPUT_FILE defines the filename where the data is to be written in.
    In GNU/Linux, devices are accessible like files as well so we used /dev/sdX here that happened to be the device file assigned to our USB device.
  • conv=CONVS converts the file as per the comma separated symbol list
    fdatasync physically writes output file data before finishing, we use this parameter to be sure that all I/O operations are done well before dd terminates, this way we are certain that our USB device will be ready to use as soon as the application is done.

How we sync files between two drives

We have two external hard disks that we use to keep backups of our data.
The way we do that is by using the command rsync that makes our life easy.

Specifically, we use the following command to synchronize the first hard disk with the second one:

rsync -avh --delete --progress "path/to/source" "path/to/destination";

rsync is a fast, versatile, remote (and local) file-copying tool, it is available in almost every system (GNU/Linux, Unix (MacOS as well) and Windows).

The parameters we use are the following:

  • -a, --archive enables archive mode which is equal to -rlptgoD (no -H,-A,-X)
    In more detail it enables all of the following options
    -r, --recursive recurse into directories
    -l, --links copy symlinks as symlinks
    -p, --perms preserve permissions
    -t, --times preserve modification times
    -g, --group preserve group
    -o, --owner preserve owner (super-user only)
    -D same as --devices --specials
    --devices preserve device files (super-user only)
    --specials preserve special files
  • -v, --verbose it increases verbosity of the output
  • -h, --human-readable outputs numbers in a human-readable format
  • --delete deletes extraneous files from destination directories
  • --progress shows progress during transfer

MTN Cyprus – Get SIM Card IMSI and MSISDN using USSD codes

Because of reasons we wanted to find the IMSI of a SIM card and the MSISDN of its connection on a phone we had in our hands.
We did not wish to install additional applications on that phone to get this information so we had to find an alternative method in getting the IMSI and the MSISDN.
Luckily for us there was a way using the USSD codes that were provided by MTN Cyprus.

Using the dialer (phone application) of our phone we typed the following two commands (one at a time) and then pressed the call (green) button.

To get the MSISDN we called:

*1#

To get the IMSI we called:

*888#

After each call a popup message would appear from the provider (MTN) showing us the information asked.

References

Unstructured Supplementary Service Data (USSD), sometimes referred to as “Quick Codes” or “Feature codes”, is a communications protocol used by GSM cellular telephones to communicate with the mobile network operator’s computers. USSD can be used for WAP browsing, prepaid callback service, mobile-money services, location-based content services, menu-based information services, and as part of configuring the phone on the network.

From: https://en.wikipedia.org/wiki/Unstructured_Supplementary_Service_Data

 

MSISDN is a number uniquely identifying a subscription in a GSM or a UMTS mobile network. Simply put, it is the mapping of the telephone number to the SIM card in a mobile/cellular phone. This abbreviation has a several interpretations, the most common one being “Mobile Station International Subscriber Directory Number”.

From: https://en.wikipedia.org/wiki/MSISDN

 

The International Mobile Subscriber Identity or IMSI is used to identify the user of a cellular network and is a unique identification associated with all cellular networks. It is stored as a 64 bit field and is sent by the phone to the network. It is also used for acquiring other details of the mobile in the home location register (HLR) or as locally copied in the visitor location register. To prevent eavesdroppers identifying and tracking the subscriber on the radio interface, the IMSI is sent as rarely as possible and a randomly generated TMSI is sent instead.

From: https://en.wikipedia.org/wiki/International_mobile_subscriber_identity

 


Install Required Plugins of Gillion | Multi-Concept Blog/Magazine & Shop WordPress Theme

For Gillion (the Multi-Concept Blog/Magazine & Shop WordPress Theme) to properly work, it needs the WPBakery Page Builder (formerly Visual Composer) and the Unison plugins. In a clients’ page, they did not get the message prompting to install the required plugins and could not find it again. Unison is available through WordPress Plugin Directory so that was easy to setup. On the other hand, WPBakery (and the Revolution slider) it is not available through the directory as it is a commercial product. After reading through the support forums we realised that they should not need to make a separate purchase of the plugin, the theme will be able to pull it automatically from a CDN of shufflehound (without getting support from the WPBakery team).

Solution: In case you are facing the same issue, you can find the installation link under the left side menu Appearance where a new option will be available called Install Plugins (the link will be similar to this http://example.com/wp-admin/themes.php?page=tgmpa-install-plugins). We installed for them the two required plugins and their theme was operational.

Links:


Lubuntu LVM Encrypted

While trying to setup a lubuntu GNU/Linux that would use an encrypted LVM file-system we run into several problems that should have not been there.
For example, the installer would not continue as swap memory was not encrypted and it was blocking the operation.
An other issue was that the LVM support package was not installed by default although it is needed by the installer.

Our solution requires an active internet connection so that you can install the lvm2 package.

Methodology

After booting into the live session, before we started the installation process, we opened a terminal from the main menu (Start Menu) and executed the following two commands:

sudo apt-get install lvm2 -y;

sudo swapoff --all;

These two commands disabled all swap (so that we do not get the error that swap is not encrypted) and it installed the lvm2 package that is needed by the installer to create our LVM setup.

The following video presents the full successful installation procedure by making the changes before starting the procedure.

The next video, shows our attempts to fix the installation after encountering the errors instead of fixing them beforehand.


CloudFlare does not allow port 22 (usual SSH port) on domain 2

When you try to connect via ssh on a domain for which you are using CloudFlare as a HTTP proxy, you will get the following error:

$ ssh [email protected]
 ssh_exchange_identification: Connection closed by remote host

You have a few options to resolve for this issue:

  1. Either connect directly to the IP of the machine.
  2. Or, setup a CNAME record with no HTTP proxy for the SSH (so that you do not need to remember the IP).
    This solution does not offer any additional benefits than connecting directly to the IP of the server.
    To do that, you need to visit the configure DNS page for your site: e.g. https://www.cloudflare.com/a/dns/example.com,
    then create the CNAME named ssh, use as target your domain (e.g. example.com) and disable HTTP proxy by clicking on the orange cloud and making it gray before pressing the Add Record button.

    Then, you will be able to connect via ssh [email protected].
  3. Last solution but not least is configuring your server to listen for SSH on one of the ports of CloudFlare that are open.
    When this post was written, the following ports were available/open for any site in CloudFlare:
    For requests made via HTTP:

    80
    8080
    8880
    2052
    2082
    2086
    2095

    For requests made via HTTPS:

    443
    2053
    2083
    2087
    2096
    8443

    At the time, we were using an Ubuntu GNU/Linux server, to instruct Ubuntu SSHD to listen to multiple ports we edited the file /etc/ssh/sshd_config and right after the lines:

    # What ports, IPs and protocols we listen for
    Port 22

    we added another line with the new port we wanted to use:

    # What ports, IPs and protocols we listen for
    Port 22
    Port 2053

    After restarting the service
    service ssh restart;
    we were able to connect to our page as follows:
    ssh -p 2053 [email protected];

 


Cannot verify domain with Yandex when domain is behind CloudFlare 2

Recently we were trying to verify the ownership of a domain through yandex. We tried the CNAME approach which would be more universal and so we added a new CNAME record in the DNS configuration in CloudFlare.

The record had the following configuration:

  • Type: CNAME
  • Name: yamail-dd63c3831dbd
  • Value: mail.yandex.com
  • TTL: Automatic
  • Status: DNS and HTTP proxy (CDN)

We tried several times the verify domain button in https://domain.yandex.com/domain/example.com/ but it kept on failing saying that the CNAME record was not found. Only after we disabled the DNS and HTTP proxy (CDN) did it work.

So in the end, the properly working record was as follows:

  • Type: CNAME
  • Name: yamail-dd63c3831dbd
  • Value: mail.yandex.com
  • TTL: Automatic
  • Status: DNS Only