About bentech4u

Feb.21

How to connect cisco AnyConnect using openconnect (Script)- ubuntu/fedora

Here i am giving simple script to manage openconnect on linux (cisco AnyVPN) with username and password.This will be helpful if you are running non-supported desktop environment like me,In my case i am using Cinnamon desktop on Ubuntu

Install below packages

# apt install openconnect network-manager-openconnect

and here comes the script content

#!/bin/bash
username=”user”
password=”P@ssw0rd”
url=”https://lvpn.kw.example.com/DC”
pidfile=”/tmp/openconnect-pid”case “$1” in
start)
#bad certs
echo “$password” | openconnect -b –pid-file=$pidfile –user=$username $url
;;
stop)
cat $pidfile | xargs kill -2
;;
*)
echo “$0 <start|stop>”
exit 1
esac

after that simply execute ./script.sh start or stop

Feb.13

Run webapps from the desktop – Ubuntu

When i switched completely to Linux, the only one thing i was missing is the evernote application. Even i tried Evernote alternative Linux application like NixNote and other’s , it is not giving the performance and usability as i expected.

And finally i found a project called running webapps on desktop .Basically this is a python-Qt application opening the webpage inside that container.

First download the Zip from git and give execute permission to qt5webview.py

Install missing dependencies

# apt install libqt5webkit5-dev python3-pyqt5.qtsvg python3-pyqt5.qtwebkit pip python3-pyqt5

start application

$ python3 qt5webview.py -u https://www.evernote.com

if this is working, you can try with other web links. Also create shortcut so that this application will be visible in app launcher.

create file evernote.desktop under “/home/<user>/.local/share/applications” with below entries

[Desktop Entry]
Version=1.0
Type=Application
Name=EverNote
Exec=/usr/bin/python3 /usr/sbin/qt5webview.py -u https://www.evernote.com
Icon=/usr/share/icons/Evernote-logo.png
Terminal=false
StartupNotify=false
Name[en_US]=EverNote

then give executable permission

# chmod +x evernote.desktop

On this stage your application will be visible on launcher and you can stat with mouse click 🙂

Also you can run qt5webview with desktop notification enabled.

# python qt5webview.py -u http://www.bennish.net/web-notifications.html -c

 

 

 

 

Feb.08

Ubuntu iscsi Target :Could not create /sys/kernel/config/target/core/iblock_0: [Errno 22] Invalid argument: ‘/sys/kernel/config/target/core/iblock_0’

As mentioned in the heading, i faced this issue while adding block device.

 

I have configured everything and some how the configuration got corrupted . So i decided to recreate iscsi target with all configuration.

 

I felt this is bug and the reason behind this is kernel module was unloaded from kernel. This module should load automatically while starting targetcli or the iscsi services. After spending log time i figured out iblock was not loaded.

 

Here comes the solution, Check currently loaded modules

 

# lsmod | grep target
iscsi_target_mod 299008 1
target_core_mod 352256 6 iscsi_target_mod,usb_f_tcm,tcm_loop
configfs 40960 6 rdma_cm,iscsi_target_mod,usb_f_tcm,target_core_mod,libcomposite

 

if target_core_iblock is not listed, load that manually by using below command .

 

# insmod /lib/modules/4.8.0-22-generic/kernel/drivers/target/target_core_iblock.ko

 

After that check the loaded modules

 

# lsmod | grep target
target_core_iblock 20480 0
iscsi_target_mod 299008 1
target_core_mod 352256 7 iscsi_target_mod,usb_f_tcm,target_core_iblock,tcm_loop
configfs 40960 6 rdma_cm,iscsi_target_mod,usb_f_tcm,target_core_mod,libcomposite

 

Then i can able to add block device

 

# targetcli /backstores/iblock create name=ubuntu-iscsi-2 dev=/dev/vg_root/lv_iscsi
Created iblock storage object ubuntu-iscsi-2 using /dev/vg_root/lv_iscsi.

 

 

Feb.07

Ubuntu: iscsiadm: initiator reported error (24 – iSCSI login failed due to authorization failure)

i was trying to export one iscsi share from centOS server and my client is Ubuntu server.

well i know this will work on  CentOS/Redhat without any changes and i was under impression that , on ubuntu also will get same behavior.

On CentOS, below are the commands to create Iscsi target

Server

Install and enable services:
yum -y install target*
systemctl start target && systemctl enable target
# targetcli /backstores/block create name=ubuntu-iscsi dev=/dev/cl_centos/lv_scsi
# targetcli /iscsi create iqn.2017-02.com.example.kw:centos
# targetcli /iscsi/iqn.2017-02.com.example.kw:centos/tpg1/acls create iqn.2017-02.com.example.kw:ubuntu-archive
# targetcli /iscsi/iqn.2017-02.com.example.kw:centos/tpg1/luns create /backstores/block/ubuntu-iscsi
# targetcli /iscsi/iqn.2017-02.com.example.kw:centos/tpg1/portals delete 0.0.0.0 3260
# targetcli /iscsi/iqn.2017-02.com.example.kw:centos/tpg1/portals create 192.168.1.66 3260
# targetcli saveconfig

Allow TCP port  if firewalld is enabled.

# firewall-cmd –permanent –add-port=3260/tcp

All set from from target(server) side.

Client

On client side install iscsi packages

# apt-get -y install open-iscsi

edit /etc/iscsi/iscsid.conf and change like below

# To request that the iscsi initd scripts startup a session set to “automatic”.
# node.startup = automatic
 node.startup = automatic

and i manually edited /etc/iscsi/initiatorname.iscsi , added iqn number taken from server.Which is

InitiatorName=iqn.2017-02.com.example.kw:centos

restart service

# service iscsid restart

Do the discovery

# iscsiadm -m  discovery –type sendtargets –portal 192.168.1.66

And finally Login to target

# iscsiadm -m node –targetname iqn.2017-02.com.example.kw:centos –portal 192.168.1.66 –login

 

After this , the newly added disk will be displayed under fdisk. Below is the syslog

Feb 7 14:08:51 ubuntu kernel: [89946.433408] scsi host4: iSCSI Initiator over TCP/IP
Feb 7 14:08:51 ubuntu kernel: [89946.693040] scsi 4:0:0:0: Direct-Access LIO-ORG ubuntu-iscsi 4.0 PQ: 0 ANSI: 5
Feb 7 14:08:51 ubuntu kernel: [89946.745641] sd 4:0:0:0: Attached scsi generic sg4 type 0
Feb 7 14:08:51 ubuntu kernel: [89946.746061] sd 4:0:0:0: [sdb] 993222656 512-byte logical blocks: (509 GB/474 GiB)
Feb 7 14:08:51 ubuntu kernel: [89946.748472] sd 4:0:0:0: [sdb] Write Protect is off
Feb 7 14:08:51 ubuntu kernel: [89946.748475] sd 4:0:0:0: [sdb] Mode Sense: 43 00 00 08
Feb 7 14:08:51 ubuntu kernel: [89946.749300] sd 4:0:0:0: [sdb] Write cache: disabled, read cache: enabled, doesn’t support DPO or FUA
Feb 7 14:08:51 ubuntu kernel: [89946.771007] sd 4:0:0:0: [sdb] Attached SCSI disk
Feb 7 14:08:52 ubuntu iscsid: Connection9:0 to [target: iqn.2017-02.com.example.kw:centos, portal: 192.168.1.66,3260] through [iface: default] is operational now

 

Fedora/Redhat Change proxy based on IP detection

HI All, i am giving some to tricks to simplify life of a Linux desktop user.

In my office environment , all networks are based on Class A and in home Class C. So everytime changing the proxy was little difficult for me. and finally i wrote something like below.

This will detect the IP class and change the system wide proxy.

#!/bin/bash
export DISPLAY=:0.0
IP_ADDRESS=$(ip addr | grep ‘state UP’ -A2 | tail -n1 | awk ‘{print $2}’ | cut -f1 -d’/’)
#echo $IP_ADDRESS
IP_CLASS=$(/usr/bin/ipcalc $IP_ADDRESS| egrep “Address class:” | awk ‘{print $3$4}’)
if [ $IP_CLASS == “ClassA” ];then
echo “Class A IP”
gsettings set org.gnome.system.proxy mode ‘manual’
gsettings set org.gnome.system.proxy.http host ‘proxy.example.com’
gsettings set org.gnome.system.proxy.http port 1234
gsettings set org.gnome.system.proxy.https host ‘proxy.example.com’
gsettings set org.gnome.system.proxy.https port 1234
gsettings set org.gnome.system.proxy.ftp host ‘proxy.example.com’
gsettings set org.gnome.system.proxy.ftp port 1234
gsettings set org.gnome.system.proxy.socks host ‘proxy.example.com’
gsettings set org.gnome.system.proxy.socks port 1234
else
echo “Class C”
gsettings set org.gnome.system.proxy mode ‘none’
EOF

 

i know this is not a neat script. But you can get some idea and develop more from this. 🙂

Configure SFTP only + Chroot(Jail)

This tutorial describes how to give users chrooted SSH and/or chrooted SFTP access on Redhat/Centos(or more). With this setup, you can give your users shell access without having to fear that they can see your whole system. Your users will be jailed in a specific directory which they will not be able to break out of. I will also show how to restrict users to SFTP so that they cannot use SSH

create a group for sftp users

# groupadd sftp-only

Create user (test1 is our user)

# useradd -c “SFTP User” -G sftp-only -s /bin/nologin test1

edit the sshd_config and add below changes

Subsystem sftp internal-sftp
Match Group sftp-only
ChrootDirectory /appl/data/input (or your directory)
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no

 

example of sftp connection

screenshot_79

 

ssh connection. And it’s dropped

screenshot_80

Aug.30

Transmission settings.json Reverting to Defaults

The transmission-daemon package from EPEL makes it easy to setup a command line bittorrent client on RHEL  or CentOS . However, I have encountered situations where modified settings in/var/lib/transmission/.config/transmission/settings.json revert back to their defaults upon starting the transmission-daemon service.

In particular, the rpc-authentication-required parameter will always revert back to false if set to true when using a default transmission-daemon install. This occurs because of certain switches being passed by the transmission-daemon init script found at /etc/init.d/transmission-daemon.

The particular line in /etc/init.d/transmission-daemon that is overriding certain parameters in /var/lib/transmission/.config/transmission/settings.json is the following:

 

DAEMON_ARGS="-T --blocklist -g $TRANSMISSION_HOME/.config/transmission"

The -T switch causes transmission-daemon to never require authentication, and the –blocklist switch enables peer blocklists. If you would rather your settings only be defined in /var/lib/transmission/.config/transmission/settings.json, remove those switches. I would suggest copying this line, commenting it out, pasting a new line, and removing the switches from the new line in case you ever want to revert to the default settings. The new DAEMON_ARGS line would then look like the following:

 

DAEMON_ARGS="-g $TRANSMISSION_HOME/.config/transmission"

Now, all settings will only be defined in /var/lib/transmission/.config/transmission/settings.json.

Take note, in order to change any settings in /var/lib/transmission/.config/transmission/settings.json, the transmission-daemon service must be stopped. Changes made while the service is running will be ignored and set back to their previous settings upon restart.