22-05-31 root@ada:/ada1TB/01_ada-spyder/ada# sudo blkid /dev/mapper/sda4_crypt: UUID="5brVfp-dLNX-NAIR-yNBx-NvX2-MOvx-V1vV2s" TYPE="LVM2_member" /dev/mapper/vgubuntu-swap_1: UUID="478a63fa-89ed-483e-909d-d0f7069b27da" TYPE="swap" /dev/mapper/vgubuntu-root: UUID="271b03d4-5c43-4cc1-905a-51a827c66dc8" BLOCK_SIZE="4096" TYPE="ext4" /dev/sdb1: LABEL="WD-1TB" UUID="bf6b5eb2-11bf-421e-ae4f-3aaf2bcfc653" BLOCK_SIZE="512" TYPE="xfs" PARTUUID="00071506-01" /dev/sda4: UUID="232f35ee-af64-470e-9242-8df6dab24848" TYPE="crypto_LUKS" PARTUUID="90d43379-dfc2-4227-ac27-89cc9a60d5a4" /dev/sda2: UUID="12AC-C008" BLOCK_SIZE="512" TYPE="vfat" PARTLABEL="EFI System Partition" PARTUUID="1dbdc39d-561b-4e76-b720-e4e6999e912e" /dev/sda3: UUID="91110aa8-e8eb-4568-8313-a0b5fdd3e8d1" BLOCK_SIZE="4096" TYPE="ext4" PARTUUID="4371d13b-e817-4a73-8aa3-2ab736a2ad47" /dev/sda1: PARTUUID="0ab71b84-53ef-40b0-bd34-dde8b5c398c1" Install NFS server root@ada:~# apt install nfs-kernel-server The following additional packages will be installed: keyutils libevent-core-2.1-7 libnfsidmap1 nfs-common rpcbind The following NEW packages will be installed: keyutils libevent-core-2.1-7 libnfsidmap1 nfs-common nfs-kernel-server rpcbind Creating config file /etc/idmapd.conf with new version Creating config file /etc/nfs.conf with new version Adding system user `statd' (UID 129) ... Adding new user `statd' (UID 129) with group `nogroup' ... Not creating home directory `/var/lib/nfs'. Created symlink /etc/systemd/system/multi-user.target.wants/nfs-client.target → /lib/systemd/system/nfs-client.target. Created symlink /etc/systemd/system/remote-fs.target.wants/nfs-client.target → /lib/systemd/system/nfs-client.target. auth-rpcgss-module.service is a disabled or a static unit, not starting it. nfs-idmapd.service is a disabled or a static unit, not starting it. nfs-utils.service is a disabled or a static unit, not starting it. proc-fs-nfsd.mount is a disabled or a static unit, not starting it. rpc-gssd.service is a disabled or a static unit, not starting it. rpc-statd-notify.service is a disabled or a static unit, not starting it. rpc-statd.service is a disabled or a static unit, not starting it. rpc-svcgssd.service is a disabled or a static unit, not starting it. rpc_pipefs.target is a disabled or a static unit, not starting it. var-lib-nfs-rpc_pipefs.mount is a disabled or a static unit, not starting it. Setting up nfs-kernel-server (1:2.6.1-1ubuntu1) ... Created symlink /etc/systemd/system/nfs-client.target.wants/nfs-blkmap.service → /lib/systemd/system/nfs-blkmap.service. Created symlink /etc/systemd/system/multi-user.target.wants/nfs-server.service → /lib/systemd/system/nfs-server.service. nfs-mountd.service is a disabled or a static unit, not starting it. nfsdcld.service is a disabled or a static unit, not starting it. Creating config file /etc/exports with new version Creating config file /etc/default/nfs-kernel-server with new version Install SSHD server root@ada:/home/rap# apt install openssh-server The following additional packages will be installed: ncurses-term openssh-sftp-server ssh-import-id Suggested packages: molly-guard monkeysphere ssh-askpass The following NEW packages will be installed: ncurses-term openssh-server openssh-sftp-server ssh-import-id Selecting previously unselected package openssh-sftp-server. Selecting previously unselected package openssh-server. Selecting previously unselected package ncurses-term. Selecting previously unselected package ssh-import-id. Setting up openssh-sftp-server (1:8.9p1-3) ... Setting up openssh-server (1:8.9p1-3) ... Creating config file /etc/ssh/sshd_config with new version Creating SSH2 RSA key; this may take some time ... 3072 SHA256:UcGLYyMKslNw6vW9jDXxvmi2gEdiHVCGdxWgrHW1IOQ root@ada (RSA) Creating SSH2 ECDSA key; this may take some time ... 256 SHA256:CO8EGShb2rvPqRcGTNO6VlKDOqAgrV/82RreBSYrL+4 root@ada (ECDSA) Creating SSH2 ED25519 key; this may take some time ... 256 SHA256:TOqwtyTDBi4WWpQEk5KPEdYIWRhqpe3AS0umbaUx3vI root@ada (ED25519) Created symlink /etc/systemd/system/sshd.service → /lib/systemd/system/ssh.service. Created symlink /etc/systemd/system/multi-user.target.wants/ssh.service → /lib/systemd/system/ssh.service. rescue-ssh.target is a disabled or a static unit, not starting it. ssh.socket is a disabled or a static unit, not starting it. Setting up ssh-import-id (5.11-0ubuntu1) ... Processing triggers for ufw (0.36.1-4build1) ... root@ada:/home/rap# ufw status Status: active root@ada:/home/rap# vim /etc/default/ufw root@ada:/home/rap# ufw allow ssh Rule added Rule added (v6) root@ada:/home/rap# ufw status Status: active To Action From -- ------ ---- 22/tcp ALLOW Anywhere 22/tcp (v6) ALLOW Anywhere (v6) root@ada:/home/rap# host spyder spyder.phas.ubc.ca has address 142.103.235.1 root@ada:/home/rap# ufw allow from 142.103.235.1 to any port nfs Rule added root@ada:/home/rap# ufw status Status: active To Action From -- ------ ---- 22/tcp ALLOW Anywhere 2049 ALLOW 142.103.235.1 22/tcp (v6) ALLOW Anywhere (v6) rap@ada:~$ sudo apt install neofetch The following additional packages will be installed: caca-utils chafa gsfonts imagemagick imagemagick-6-common imagemagick-6.q16 jp2a libchafa0 libde265-0 libfftw3-double3 libheif1 libid3tag0 libilmbase25 libimlib2 libjxr-tools libjxr0 liblqr-1-0 libmagickcore-6.q16-6 libmagickcore-6.q16-6-extra libmagickwand-6.q16-6 libnetpbm10 libopenexr25 libsixel-bin libsixel1 netpbm toilet toilet-fonts w3m w3m-img The following NEW packages will be installed: caca-utils chafa gsfonts imagemagick imagemagick-6-common imagemagick-6.q16 jp2a libchafa0 libde265-0 libfftw3-double3 libheif1 libid3tag0 libilmbase25 libimlib2 libjxr-tools libjxr0 liblqr-1-0 libmagickcore-6.q16-6 libmagickcore-6.q16-6-extra libmagickwand-6.q16-6 libnetpbm10 libopenexr25 libsixel-bin libsixel1 neofetch netpbm toilet toilet-fonts w3m w3m-img ============================================================ 22-06-01 rap@ada:~$ sudo efibootmgr BootCurrent: 0000 Timeout: 1 seconds BootOrder: 0000,000F,0010,0011 Boot0000* ubuntu Boot000F* SATA : PORT 6G 0 : Samsung SSD 840 EVO 500GB : PART 0 : Boot Drive Boot0010* SATA : PORT 6G 1 : WDC WD1002FAEX-00Y9A0 : PART 0 : Boot Drive Boot0011* UEFI : SATA : PORT 6G 0 : Samsung SSD 840 EVO 500GB : PART 1 : OS Bootloader ============================================================ 22-06-02 root@ada:~# apt install teams teams is already the newest version (1.5.00.10453). You might want to run 'apt --fix-broken install' to correct these. The following packages have unmet dependencies: teams : Depends: libgdk-pixbuf2.0-0 (>= 2.22.0) but it is not going to be installed E: Unmet dependencies. Try 'apt --fix-broken install' with no packages (or specify a solution). root@ada:~# apt --fix-broken install The following additional packages will be installed: libgdk-pixbuf-xlib-2.0-0 libgdk-pixbuf2.0-0 The following NEW packages will be installed: libgdk-pixbuf-xlib-2.0-0 libgdk-pixbuf2.0-0 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. 1 not fully installed or removed. Need to get 45.1 kB of archives. After this operation, 129 kB of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 http://ca.archive.ubuntu.com/ubuntu jammy/main amd64 libgdk-pixbuf-xlib-2.0-0 amd64 2.40.2-2build4 [42.6 kB] Get:2 http://ca.archive.ubuntu.com/ubuntu jammy/universe amd64 libgdk-pixbuf2.0-0 amd64 2.40.2-2build4 [2,454 B] Fetched 45.1 kB in 0s (97.9 kB/s) Setting up libgdk-pixbuf-xlib-2.0-0:amd64 (2.40.2-2build4) ... Setting up libgdk-pixbuf2.0-0:amd64 (2.40.2-2build4) ... Setting up teams (1.5.00.10453) ... Processing triggers for libc-bin (2.35-0ubuntu3) ... ------------------- root@ada:~# fdisk -l | grep sd Disk /dev/sda: 465.76 GiB, 500107862016 bytes, 976773168 sectors /dev/sda1 2048 4095 2048 1M BIOS boot /dev/sda2 4096 1054719 1050624 513M EFI System /dev/sda3 1054720 4554751 3500032 1.7G Linux filesystem /dev/sda4 4554752 976771071 972216320 463.6G Linux filesystem Disk /dev/sdb: 931.51 GiB, 1000204886016 bytes, 1953525168 sectors /dev/sdb1 2048 1953523711 1953521664 931.5G 83 Linux Disk /dev/mapper/sda4_crypt: 463.57 GiB, 497757978624 bytes, 972183552 sectors root@ada:~# cryptsetup luksDump /dev/sda1 Device /dev/sda1 is not a valid LUKS device. root@ada:~# cryptsetup luksDump /dev/sda2 Device /dev/sda2 is not a valid LUKS device. root@ada:~# cryptsetup luksDump /dev/sda3 Device /dev/sda3 is not a valid LUKS device. root@ada:~# cryptsetup luksDump /dev/sda4 LUKS header information Version: 2 Epoch: 4 Metadata area: 16384 [bytes] Keyslots area: 16744448 [bytes] UUID: 232f35ee-af64-470e-9242-8df6dab24848 Label: (no label) Subsystem: (no subsystem) Flags: (no flags) Data segments: 0: crypt offset: 16777216 [bytes] length: (whole device) cipher: aes-xts-plain64 sector: 512 [bytes] Keyslots: 0: luks2 Key: 512 bits Priority: normal Cipher: aes-xts-plain64 Cipher key: 512 bits PBKDF: argon2id Time cost: 4 Memory: 1048576 Threads: 4 Salt: 8e 02 d9 94 e2 ef e7 9e 10 61 18 79 80 0d 53 c9 ff 86 60 e8 68 79 bf 1a 0f 50 ab 97 fa 4a 67 65 AF stripes: 4000 AF hash: sha256 Area offset:32768 [bytes] Area length:258048 [bytes] Digest ID: 0 1: luks2 Key: 512 bits Priority: normal Cipher: aes-xts-plain64 Cipher key: 512 bits PBKDF: argon2id Time cost: 4 Memory: 1048576 Threads: 4 Salt: 8b bc d7 b7 6e 0b 39 63 c7 c2 3f f4 bf 18 c9 77 cb 3b c3 35 d4 66 75 d5 98 84 a4 66 62 0b 8c e1 AF stripes: 4000 AF hash: sha256 Area offset:290816 [bytes] Area length:258048 [bytes] Digest ID: 0 Tokens: Digests: 0: pbkdf2 Hash: sha256 Iterations: 98107 Salt: c8 b2 cd a5 e5 03 e2 44 56 cb 81 50 9c 45 66 da 53 51 c6 0e 06 a3 33 21 b5 41 79 2f b9 06 05 f4 Digest: 73 b5 63 6d 05 d3 94 04 fb 81 9d 22 9f 01 28 ff 6d 9f 03 d8 06 6e a2 ee 39 4e de a3 68 e9 96 df # cryptsetup luksAddKey /dev/sda4 ============================================================ 22-06-07 cheat - https://opensource.com/article/22/6/linux-cheat-command rap@ada$ mkdir cheat-master rap@ada$ cd cheat-master/ rap@ada$ mv cheat-master.tar Downloads/cheat-master/ rap@ada$ cd cheat-master rap@ada$ chmod +x install-cheat.sh rap@ada$ ./install-cheat.sh ./install-cheat.sh: 7: aclocal: not found rap@ada$ vim install-cheat.sh rap@ada$ apt-cache search aclocal rap@ada$ acloca Command 'acloca' not found, did you mean: command 'aclocal' from deb automake (1:1.16.5-1.3) command 'aclocal' from deb automake1.11 (1:1.11.6-6) rap@ada$ sudo apt install automake rap@ada$ ./install-cheat.sh configure.ac:3: installing './compile' configure.ac:2: installing './install-sh' configure.ac:2: installing './missing' checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for a race-free mkdir -p... /usr/bin/mkdir -p checking for gawk... no checking for mawk... mawk checking whether make sets $(MAKE)... yes checking whether make supports nested variables... yes checking for gcc... gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether the compiler supports GNU C... yes checking whether gcc accepts -g... yes checking for gcc option to enable C11 features... none needed checking whether gcc understands -c and -o together... yes checking whether make supports the include directive... yes (GNU style) checking dependency style of gcc... none checking that generated files are newer than configure... done configure: creating ./config.status config.status: creating Makefile config.status: executing depfiles commands mkdir -p /home/rap/.local/share/cheat mkdir -p /home/rap/.local/share/cheat make[1]: Entering directory '/home/rapNew/Downloads/cheat-master/cheat-master' /usr/bin/mkdir -p '/home/rap/.local/bin' /usr/bin/install -c bin/cheat '/home/rap/.local/bin' make[1]: Nothing to be done for 'install-data-am'. make[1]: Leaving directory '/home/rapNew/Downloads/cheat-master/cheat-master' Cheat command install to /home/rap/.local/bin You may now run: cheat --fetch and then cheat --help rap@ada$ cheat --fetch Cloning into '/home/rap/.local/share/cheat/cheat_cheatsheets'... remote: Enumerating objects: 245, done. remote: Counting objects: 100% (245/245), done. remote: Compressing objects: 100% (243/243), done. remote: Total 245 (delta 1), reused 204 (delta 1), pack-reused 0 Receiving objects: 100% (245/245), 100.87 KiB | 800.00 KiB/s, done. Resolving deltas: 100% (1/1), done. Cloning into '/home/rap/.local/share/cheat/opensource.com_cheatsheets'... warning: redirecting to https://gitlab.com/opensource.com/cheatsheets.git/ remote: Enumerating objects: 3, done. remote: Counting objects: 100% (3/3), done. remote: Compressing objects: 100% (2/2), done. remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 0 Receiving objects: 100% (3/3), done. rap@ada$ cheat --help /home/rap/.local/bin/cheat [OPTIONS] COMMAND /home/rap/.local/bin/cheat foo = show a cheatsheet for the foo command /home/rap/.local/bin/cheat --fetch = update cheatsheets from online repository /home/rap/.local/bin/cheat --list = list all cheatsheets /home/rap/.local/bin/cheat --verbose = provide verbose output rap@ada$ cheat tar rap@ada$ cheat --list | less rap@ada$ cheat zfs ============================================================ 22-06-21 rap@ada:~$ sudo apt install unattended-upgrades unattended-upgrades is already the newest version (2.8ubuntu1). rap@ada:~$ systemctl status unattended-upgrades ● unattended-upgrades.service - Unattended Upgrades Shutdown Loaded: loaded (/lib/systemd/system/unattended-upgrades.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2022-06-20 16:01:22 PDT; 17h ago Docs: man:unattended-upgrade(8) Main PID: 1144 (unattended-upgr) Tasks: 2 (limit: 38349) Memory: 11.4M CPU: 82ms CGroup: /system.slice/unattended-upgrades.service └─1144 /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal Jun 20 16:01:22 ada systemd[1]: Started Unattended Upgrades Shutdown. rap@ada:~$ sudo dpkg-reconfigure --priority=low unattended-upgrades By default, installing the unattended-upgrades package on your Ubuntu system pre-configures and enables only security updates. However, if you want to allow automatic installation of standard updates, you need to modify the configuration file. ----------------------- Configure automatic installation of std updates sudo vim /etc/apt/apt.conf.d/50unattended-upgrades remove the comment characters from the beginning of the "${distro_id}:${distro_codename}-updates"; line if you want to enable automatic installation of standard updates as well. ----------------------- Configure Automatic Reboot After Applying Updates In Ubuntu, the automatic security updates contain a mechanism that detects whether any automatic updates that have been received require a system restart. And if there are any, you can instruct the system to restart automatically. Of course, this functionality is disabled by default. sudo vim /etc/apt/apt.conf.d/50unattended-upgrades uncomment the following lines: //Unattended-Upgrade::Automatic-Reboot "false"; //Unattended-Upgrade::Automatic-Reboot-WithUsers "true"; //Unattended-Upgrade::Automatic-Reboot-Time "02:00"; The first line enables our Ubuntu system to restart automatically after installing updates that require it. The second line confirms the reboot even users are logged in at the time. Otherwise, the machine will not reboot if there are any. The last third line specifies the time at which the restart should occur. restart the unattended-upgrades service to apply the changes. sudo systemctl restart unattended-upgrades ----------------------- Keep an Eye on the Log File All automated updates performed on your Ubuntu system are recorded in the log file /var/log/unattended-upgrades/unattended-upgrades.log tail /var/log/unattended-upgrades/unattended-upgrades ----------------------- Disable Automatic Updates You may disable automatic updates on your Ubuntu system at some point. For example, if you manage a many servers, you may have automated the entire process with an automation tool such as Ansible. Stopping automatic updates: sudo dpkg-reconfigure --priority=low unattended-upgrades Choose “No” from the interactive dialog that opens and confirms by pressing “Enter.” ----------------------- sudo unattended-upgrades --dry-run --debug ----------------------- rap@ada:~$ sudo vim /etc/apt/apt.conf.d/20auto-upgrades rap@ada:~$ cat /etc/apt/apt.conf.d/20auto-upgrades APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Unattended-Upgrade "1"; APT::Periodic::AutocleanInterval "7"; ============================================================ 22-07-08 root@ada:~# systemctl list-unit-files | grep ava avahi-daemon.service enabled enabled blk-availability.service enabled enabled avahi-daemon.socket enabled enabled root@ada:~# systemctl stop avahi-daemon Job for avahi-daemon.service canceled. root@ada:~# systemctl disable avahi-daemon Synchronizing state of avahi-daemon.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install disable avahi-daemon Removed /etc/systemd/system/dbus-org.freedesktop.Avahi.service. Removed /etc/systemd/system/sockets.target.wants/avahi-daemon.socket. Removed /etc/systemd/system/multi-user.target.wants/avahi-daemon.service. ============================================================ install joplin https://joplinapp.org/terminal/ rap@ada:~$ curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash - Command 'curl' not found, but can be installed with: sudo snap install curl # version 7.84.0, or sudo apt install curl # version 7.81.0-1ubuntu1.3 See 'snap info curl' for additional versions. rap@ada:~$ sudo apt install curl Setting up curl (7.81.0-1ubuntu1.3) ... Processing triggers for man-db (2.10.2-1) ... rap@ada:~$ curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash - ## Installing the NodeSource Node.js 18.x repo... ## Populating apt-get cache... + apt-get update Hit:1 http://ca.archive.ubuntu.com/ubuntu jammy InRelease Hit:2 https://packages.microsoft.com/repos/ms-teams stable InRelease Hit:3 https://dl.google.com/linux/chrome/deb stable InRelease Get:4 http://ca.archive.ubuntu.com/ubuntu jammy-updates InRelease [114 kB] Get:5 http://security.ubuntu.com/ubuntu jammy-security InRelease [110 kB] Get:6 http://ca.archive.ubuntu.com/ubuntu jammy-backports InRelease [99.8 kB] Get:7 http://ca.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages [514 kB] Get:8 http://ca.archive.ubuntu.com/ubuntu jammy-updates/main i386 Packages [276 kB] Get:9 http://ca.archive.ubuntu.com/ubuntu jammy-updates/main amd64 DEP-11 Metadata [91.6 kB] Get:10 http://ca.archive.ubuntu.com/ubuntu jammy-updates/main amd64 c-n-f Metadata [7,480 B] Get:11 http://ca.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages [214 kB] Get:12 http://ca.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 DEP-11 Metadata [145 kB] Get:13 http://ca.archive.ubuntu.com/ubuntu jammy-updates/multiverse amd64 DEP-11 Metadata [940 B] Get:14 http://ca.archive.ubuntu.com/ubuntu jammy-backports/universe amd64 DEP-11 Metadata [12.5 kB] Get:15 http://security.ubuntu.com/ubuntu jammy-security/main amd64 DEP-11 Metadata [11.4 kB] Get:16 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 DEP-11 Metadata [10.1 kB] Fetched 1,607 kB in 1s (1,368 kB/s) Reading package lists... Done ## Confirming "jammy" is supported... + curl -sLf -o /dev/null 'https://deb.nodesource.com/node_18.x/dists/jammy/Release' ## Adding the NodeSource signing key to your keyring... + curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | gpg --dearmor | tee /usr/share/keyrings/nodesource.gpg >/dev/null gpg: WARNING: unsafe ownership on homedir '/home/rap/.gnupg' ## Creating apt sources list file for the NodeSource Node.js 18.x repo... + echo 'deb [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_18.x jammy main' > /etc/apt/sources.list.d/nodesource.list + echo 'deb-src [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_18.x jammy main' >> /etc/apt/sources.list.d/nodesource.list ## Running `apt-get update` for you... + apt-get update Get:1 https://deb.nodesource.com/node_18.x jammy InRelease [4,563 B] Hit:2 https://dl.google.com/linux/chrome/deb stable InRelease Hit:3 https://packages.microsoft.com/repos/ms-teams stable InRelease Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease Hit:5 http://ca.archive.ubuntu.com/ubuntu jammy InRelease Get:6 https://deb.nodesource.com/node_18.x jammy/main amd64 Packages [771 B] Hit:7 http://ca.archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:8 http://ca.archive.ubuntu.com/ubuntu jammy-backports InRelease Fetched 5,334 B in 1s (10.5 kB/s) Reading package lists... Done ## Run `sudo apt-get install -y nodejs` to install Node.js 18.x and npm ## You may also need development tools to build native addons: sudo apt-get install gcc g++ make ## To install the Yarn package manager, run: curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor | sudo tee /usr/share/keyrings/yarnkey.gpg >/dev/null echo "deb [signed-by=/usr/share/keyrings/yarnkey.gpg] https://dl.yarnpkg.com/debian stable main" | sudo tee /etc/apt/sources.list.d/yarn.list sudo apt-get update && sudo apt-get install yarn rap@ada:~$ sudo apt-get install -y nodejs Reading package lists... Done Building dependency tree... Done Reading state information... Done The following NEW packages will be installed: nodejs 0 upgraded, 1 newly installed, 0 to remove and 29 not upgraded. Need to get 28.3 MB of archives. After this operation, 179 MB of additional disk space will be used. Get:1 https://deb.nodesource.com/node_18.x jammy/main amd64 nodejs amd64 18.7.0-deb-1nodesource1 [28.3 MB] Fetched 28.3 MB in 1s (22.5 MB/s) Selecting previously unselected package nodejs. (Reading database ... 251377 files and directories currently installed.) Preparing to unpack .../nodejs_18.7.0-deb-1nodesource1_amd64.deb ... Unpacking nodejs (18.7.0-deb-1nodesource1) ... Setting up nodejs (18.7.0-deb-1nodesource1) ... Processing triggers for man-db (2.10.2-1) ... rap@ada:~$ rap@ada:~$ NPM_CONFIG_PREFIX=~/.joplin-bin npm install -g joplin npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated npm WARN deprecated har-validator@5.1.5: this library is no longer supported npm WARN deprecated @braintree/sanitize-url@3.1.0: Potential XSS vulnerability patched in v6.0.0. npm WARN deprecated request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142 npm WARN deprecated source-map-resolve@0.6.0: See https://github.com/lydell/source-map-resolve#deprecated npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead. npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142 npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated npm WARN deprecated @types/nanoid@3.0.0: This is a stub types definition. nanoid provides its own type definitions, so you do not need this installed. npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated highlight.js@9.12.0: Version no longer supported. Upgrade to @latest npm WARN deprecated highlight.js@9.12.0: Version no longer supported. Upgrade to @latest added 797 packages, and audited 798 packages in 22s 68 packages are looking for funding run `npm fund` for details 22 vulnerabilities (2 low, 16 moderate, 2 high, 2 critical) To address issues that do not require attention, run: npm audit fix To address all issues possible (including breaking changes), run: npm audit fix --force Some issues need review, and may require choosing a different dependency. Run `npm audit` for details. npm notice npm notice New minor version of npm available! 8.15.0 -> 8.18.0 npm notice Changelog: https://github.com/npm/cli/releases/tag/v8.18.0 npm notice Run npm install -g npm@8.18.0 to update! npm notice rap@ada:~$ sudo npm install -g npm@8.18.0 changed 36 packages, and audited 206 packages in 2s 11 packages are looking for funding run `npm fund` for details found 0 vulnerabilities sudo ln -s ~/.joplin-bin/bin/joplin /usr/bin/joplin ============================================================ 22-12-08 rap@ada:~$ sudo apt install tasksel The following NEW packages will be installed: tasksel tasksel-data Setting up tasksel (3.68ubuntu2) ... Setting up tasksel-data (3.68ubuntu2) ... Processing triggers for man-db (2.10.2-1) ... rap@ada:~$ sudo tasksel install samaba-server (didn't do anything) root@ada:~# apt install samba smbclient cifs-utils The following additional packages will be installed: attr ibverbs-providers libcephfs2 libgfapi0 libgfrpc0 libgfxdr0 libglusterfs0 libibverbs1 librados2 librdmacm1 libsmbclient liburing2 libwbclient0 python3-dnspython python3-gpg python3-markdown python3-pygments python3-requests-toolbelt python3-samba python3-tdb samba-common samba-common-bin samba-dsdb-modules samba-libs samba-vfs-modules tdb-tools Suggested packages: winbind python3-sniffio python3-trio python-markdown-doc python-pygments-doc ttf-bitstream-vera bind9 bind9utils ctdb ldb-tools ntp | chrony smbldap-tools heimdal-clients The following NEW packages will be installed: attr cifs-utils ibverbs-providers libcephfs2 libgfapi0 libgfrpc0 libgfxdr0 libglusterfs0 libibverbs1 librados2 librdmacm1 liburing2 python3-dnspython python3-gpg python3-markdown python3-pygments python3-requests-toolbelt python3-samba python3-tdb samba samba-common samba-common-bin samba-dsdb-modules samba-vfs-modules smbclient tdb-tools The following packages will be upgraded: libsmbclient libwbclient0 samba-libs 3 upgraded, 26 newly installed, 0 to remove and 28 not upgraded. ... Checking smb.conf with testparm Load smb config files from /etc/samba/smb.conf Loaded services file OK. Weak crypto is allowed Server role: ROLE_STANDALONE Done Setting up samba (2:4.15.9+dfsg-0ubuntu0.3) ... Samba is not being run as an AD Domain Controller: Masking samba-ad-dc.service Please ignore the following error about deb-systemd-helper not finding those services. (samba-ad-dc.service masked) Created symlink /etc/systemd/system/multi-user.target.wants/nmbd.service → /lib/systemd/system/nmbd.service. Failed to preset unit: Unit file /etc/systemd/system/samba-ad-dc.service is masked. /usr/bin/deb-systemd-helper: error: systemctl preset failed on samba-ad-dc.service: No such file or directory Created symlink /etc/systemd/system/multi-user.target.wants/smbd.service → /lib/systemd/system/smbd.service. samba-ad-dc.service is a disabled or a static unit, not starting it. Processing triggers for ufw (0.36.1-4build1) ... Processing triggers for man-db (2.10.2-1) ... Processing triggers for libc-bin (2.35-0ubuntu3.1) ... root@ada:/etc/ufw# ufw allow from 142.103.235.56 to any port 445 Rule added root@ada:/etc/ufw# ufw status Status: active To Action From -- ------ ---- 22/tcp ALLOW Anywhere 2049 ALLOW 142.103.235.1 2049 ALLOW 142.103.235.46 445 ALLOW 142.103.235.56 22/tcp (v6) ALLOW Anywhere (v6) ============================================================ 23-03-23 error msgs in /var/log/syslog: Mar 23 12:58:33 ada systemd[2125]: snap.snapd-desktop-integration.snapd-desktop-integration.service: Scheduled restart job, restart counter is at 16. Mar 23 12:58:33 ada systemd[2125]: Stopped Service for snap application snapd-desktop-integration.snapd-desktop-integration. Mar 23 12:58:33 ada systemd[2125]: Started Service for snap application snapd-desktop-integration.snapd-desktop-integration. Mar 23 12:58:33 ada snapd-desktop-i[3790]: Not loading module "atk-bridge": The functionality is provided by GTK natively. Please try to not load it. Mar 23 12:58:33 ada snapd-desktop-integration.snapd-desktop-integration[3790]: Failed to do gtk init Mar 23 12:58:35 ada systemd[2125]: snap.snapd-desktop-integration.snapd-desktop-integration.service: Scheduled restart job, restart counter is at 17. Mar 23 12:58:35 ada systemd[2125]: Stopped Service for snap application snapd-desktop-integration.snapd-desktop-integration. Mar 23 12:58:35 ada systemd[2125]: Started Service for snap application snapd-desktop-integration.snapd-desktop-integration. Mar 23 12:58:35 ada snapd-desktop-i[3865]: Not loading module "atk-bridge": The functionality is provided by GTK natively. Please try to not load it. Mar 23 12:58:35 ada snapd-desktop-integration.snapd-desktop-integration[3865]: Failed to do gtk init rap@ada:~$ sudo snap remove snapd-desktop-integration [sudo] password for rap: snapd-desktop-integration removed ============================================================ Chrome Remote Desktop installation root@ada:/usr/local/src# apt install ./chrome-remote-desktop_current_amd64.deb Reading package lists... Done Building dependency tree... Done Reading state information... Done You might want to run 'apt --fix-broken install' to correct these. The following packages have unmet dependencies: chrome-remote-desktop : Depends: xvfb Depends: xserver-xorg-video-dummy (>= 1:0.3.8-1) but it is not installed Depends: xbase-clients but it is not installed Depends: python3-psutil but it is not installed Depends: libutempter0 (>= 1.1.5) but it is not installed Recommends: xserver-xorg-video-dummy (>= 1:0.4.0) but it is not installed E: Unmet dependencies. Try 'apt --fix-broken install' with no packages (or specify a solution). root@ada:/usr/local/src# apt --fix-broken install Reading package lists... Done Building dependency tree... Done Reading state information... Done Correcting dependencies... Done The following additional packages will be installed: libutempter0 python3-psutil xbase-clients xserver-xorg-video-dummy xvfb Suggested packages: python-psutil-doc x11-xfs-utils The following NEW packages will be installed: libutempter0 python3-psutil xbase-clients xserver-xorg-video-dummy xvfb 0 upgraded, 5 newly installed, 0 to remove and 10 not upgraded. 1 not fully installed or removed. Need to get 1,043 kB of archives. After this operation, 3,406 kB of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 http://ca.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 xvfb amd64 2:21.1.4-2ubuntu1.7~22.04.1 [863 kB] Get:2 http://ca.archive.ubuntu.com/ubuntu jammy/main amd64 xserver-xorg-video-dummy amd64 1:0.3.8-2build1 [9,578 B] Get:3 http://ca.archive.ubuntu.com/ubuntu jammy/universe amd64 xbase-clients all 1:7.7+23ubuntu2 [4,242 B] Get:4 http://ca.archive.ubuntu.com/ubuntu jammy/main amd64 python3-psutil amd64 5.9.0-1build1 [158 kB] Get:5 http://ca.archive.ubuntu.com/ubuntu jammy/main amd64 libutempter0 amd64 1.2.1-2build2 [8,848 B] Fetched 1,043 kB in 1s (1,217 kB/s) Selecting previously unselected package xvfb. (Reading database ... 254116 files and directories currently installed.) Preparing to unpack .../xvfb_2%3a21.1.4-2ubuntu1.7~22.04.1_amd64.deb ... Unpacking xvfb (2:21.1.4-2ubuntu1.7~22.04.1) ... Selecting previously unselected package xserver-xorg-video-dummy. Preparing to unpack .../xserver-xorg-video-dummy_1%3a0.3.8-2build1_amd64.deb ... Unpacking xserver-xorg-video-dummy (1:0.3.8-2build1) ... Selecting previously unselected package xbase-clients. Preparing to unpack .../xbase-clients_1%3a7.7+23ubuntu2_all.deb ... Unpacking xbase-clients (1:7.7+23ubuntu2) ... Selecting previously unselected package python3-psutil. Preparing to unpack .../python3-psutil_5.9.0-1build1_amd64.deb ... Unpacking python3-psutil (5.9.0-1build1) ... Selecting previously unselected package libutempter0:amd64. Preparing to unpack .../libutempter0_1.2.1-2build2_amd64.deb ... Unpacking libutempter0:amd64 (1.2.1-2build2) ... Setting up xvfb (2:21.1.4-2ubuntu1.7~22.04.1) ... Setting up xbase-clients (1:7.7+23ubuntu2) ... Setting up xserver-xorg-video-dummy (1:0.3.8-2build1) ... Setting up python3-psutil (5.9.0-1build1) ... Setting up libutempter0:amd64 (1.2.1-2build2) ... Setting up chrome-remote-desktop (112.0.5615.18) ... Restarting Chrome Remote Desktop hosts (sessions will be unaffected)... Processing triggers for man-db (2.10.2-1) ... Processing triggers for libc-bin (2.35-0ubuntu3.1) ... root@ada:/usr/local/src# apt install ./chrome-remote-desktop_current_amd64.deb Reading package lists... Done Building dependency tree... Done Reading state information... Done Note, selecting 'chrome-remote-desktop' instead of './chrome-remote-desktop_current_amd64.deb' chrome-remote-desktop is already the newest version (112.0.5615.18). 0 upgraded, 0 newly installed, 0 to remove and 10 not upgraded. root@ada:/usr/local/src# DISPLAY= /opt/google/chrome-remote-desktop/start-host --code="4/0AbUR2VPxu-4jyk8CMKMS0N0YNPY0Eoz1rjZVNGfUYBkIGjVT5-joMFegNsKJ3ONvjPLJ_Q" --redirect-url="https://remotedesktop.google.com/_/oauthredirect" --name=$(hostname) Must specify the --user-name option when running as root. root@ada:/usr/local/src# exit logout rap@ada:~$ DISPLAY= /opt/google/chrome-remote-desktop/start-host --code="4/0AbUR2VPxu-4jyk8CMKMS0N0YNPY0Eoz1rjZVNGfUYBkIGjVT5-joMFegNsKJ3ONvjPLJ_Q" --redirect-url="https://remotedesktop.google.com/_/oauthredirect" --name=$(hostname) Enter a PIN of at least six digits: Enter the same PIN again: [sudo] password for rap: [0503/150533.406124:INFO:daemon_controller_delegate_linux.cc(97)] Created symlink /etc/systemd/system/multi-user.target.wants/chrome-remote-desktop@rap.service → /lib/systemd/system/chrome-remote-desktop@.service. ============================================================ 23-08-10 # Enable Command Logging in the Shell # https://askubuntu.com/questions/93566/how-to-log-all-bash-commands-by-all-users-on-a-server/93570#93570 # https://unix.stackexchange.com/questions/664581/how-do-i-log-all-commands-executed-by-all-users # https://www.baeldung.com/linux/log-all-user-commands # https://devconnected.com/linux-logging-complete-guide/ vim /etc/bash.bashrc # Set PROMPT_COMMAND to log every command to syslog export PROMPT_COMMAND='RETRN_VAL=$?;logger -p local6.debug "$(whoami) [$$]: $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" ) [$RETRN_VAL]"' ============================================================ 23-09-25 Failed to add new printer #sudo lpadmin -p LP -E -v https://142.103.51.53:631/printers/lp ============================================================ 24-02-29 Configure SSH to use two-factor authentication https://ubuntu.com/tutorials/configure-ssh-2fa#2-installing-and-configuring-required-packages rap@ada:~$ w 09:12:30 up 22:49, 1 user, load average: 0.13, 0.16, 0.17 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT rap pts/0 142.103.235.46 09:12 4.00s 0.04s 0.00s w rap@ada:~$ cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=22.04 DISTRIB_CODENAME=jammy DISTRIB_DESCRIPTION="Ubuntu 22.04.4 LTS" rap@ada:~$ vim /etc/apt/sources.list.d/duosecurity.list rap@ada:~$ sudo vim /etc/apt/sources.list.d/duosecurity.list [sudo] password for rap: rap@ada:~$ arch running cat /proc/verion Linux version 6.5.0-21-generic (buildd@lcy02-amd64-091) (x86_64-linux-gnu-gcc-12 (Ubuntu 12.3.0-1ubuntu1~22.04) 12.3.0, GNU ld (GNU Binutils for Ubuntu) 2.38) #21~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Fri Feb 9 13:32:52 UTC 2 rap@ada:~$ sudo curl -s https://duo.com/DUO-GPG-PUBLIC-KEY.asc | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/duo.gpg rap@ada:~$ pwd /home/rap root@ada:~# apt install libpam-google-authenticator libpam-google-authenticator is already the newest version (20191231-2). root@ada:/etc/pam.d# tail sshd ==> sshd <== # added the following 24-02-29, rdp auth required pam_google_authenticator.so root@ada:/etc/ssh# vim sshd_config root@ada:/etc/ssh# diff sshd_config sshd_config.preGoogleAuth 58d57 < PasswordAuthentication no 124,128d122 < < # added for Google multi-fctor auth < # Change to yes to enable challenge-response passwords (beware issues with < # some PAM modules and threads) < ChallengeResponseAuthentication yes root@ada:/etc/ssh# systemctl restart sshd.service rap@ada:~$ google-authenticator Do you want authentication tokens to be time-based (y/n) y Warning: pasting the following URL into your browser exposes the OTP secret to Google: https://www.google.com/chart?chs=200x200&chld=M|0&cht=qr&chl=otpauth://totp/rap@ada%3Fsecret%3DORDFVL32EATNLHE4EKNHNFEVK4%26issuer%3Dada Your new secret key is: Enter code from app (-1 to skip): 408386 Code confirmed Your emergency scratch codes are: Do you want me to update your "/home/rap/.google_authenticator" file? (y/n) y Do you want to disallow multiple uses of the same authentication token? This restricts you to one login about every 30s, but it increases your chances to notice or even prevent man-in-the-middle attacks (y/n) y By default, a new token is generated every 30 seconds by the mobile app. In order to compensate for possible time-skew between the client and the server, we allow an extra token before and after the current time. This allows for a time skew of up to 30 seconds between authentication server and client. If you experience problems with poor time synchronization, you can increase the window from its default size of 3 permitted codes (one previous code, the current code, the next code) to 17 permitted codes (the 8 previous codes, the current code, and the 8 next codes). This will permit for a time skew of up to 4 minutes between client and server. Do you want to do so? (y/n) n If the computer that you are logging into isn't hardened against brute-force login attempts, you can enable rate-limiting for the authentication module. By default, this limits attackers to no more than 3 login attempts every 30s. Do you want to enable rate-limiting? (y/n) y ============================================================ 25-02-06 root@ada:/usr/local/sbin# ./scheduledReboot.sh Reboot scheduled for Thu 2025-02-06 23:49:00 PST, use 'shutdown -c' to cancel. USEC=1738914540000000 WARN_WALL=1 MODE=reboot WALL_MESSAGE=Maintenance reboot at 11:49pm 2025-02-06 date -d @USEC root@ada:/usr/local/sbin# date -d @1738914540000000 Wed 22 Feb 55105978 02:40:00 AM PST root@ada:/usr/local/sbin# shutdown -c Broadcast message from root@ada on pts/1 (Thu 2025-02-06 10:21:51 PST): The system shutdown has been cancelled ================================================================ shutdown -r 23:49 "Maintenance reboot at 11:49pm 2025-02-06" USEC=1738914540000000 WARN_WALL=1 MODE=reboot WALL_MESSAGE=Maintenance reboot at 11:49pm 2025-02-06 date -d @USEC ================================================================ 25-03-06 root@ada:~# apt install arp-scan Setting up ieee-data (20210605.1) ... Setting up arp-scan (1.9.7-2) ... ========================================================================================== 25-04-09 Install Chrome Remote Desktop root@ada:~# cd /usr/local/src root@ada:/usr/local/src# wget https://dl.google.com/linux/direct/chrome-remote-desktop_current_amd64.deb --2025-04-09 11:45:25-- https://dl.google.com/linux/direct/chrome-remote-desktop_current_amd64.deb Resolving dl.google.com (dl.google.com)... 142.251.215.238, 2607:f8b0:400a:800::200e Connecting to dl.google.com (dl.google.com)|142.251.215.238|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 19569668 (19M) [application/vnd.debian.binary-package] Saving to: ‘chrome-remote-desktop_current_amd64.deb.1’ chrome-remote-desktop_current_amd64.deb.1 100%[===========================================================================================>] 18.66M 84.4MB/s in 0.2s 2025-04-09 11:45:26 (84.4 MB/s) - ‘chrome-remote-desktop_current_amd64.deb.1’ saved [19569668/19569668] root@ada:/usr/local/src# apt install ./chrome-remote-desktop_current_amd64.deb Note, selecting 'chrome-remote-desktop' instead of './chrome-remote-desktop_current_amd64.deb' The following additional packages will be installed: libutempter0 python3-psutil xbase-clients xserver-xorg-video-dummy Suggested packages: python-psutil-doc x11-xfs-utils Recommended packages: xserver-xorg-video-dummy The following NEW packages will be installed: chrome-remote-desktop libutempter0 python3-psutil xbase-clients xserver-xorg-video-dummy 0 upgraded, 5 newly installed, 0 to remove and 7 not upgraded. Need to get 181 kB/18.2 MB of archives. After this operation, 52.3 MB of additional disk space will be used. Do you want to continue? [Y/n] Y Get:1 http://ca.archive.ubuntu.com/ubuntu jammy/main amd64 xserver-xorg-video-dummy amd64 1:0.3.8-2build1 [9,578 B] Get:2 http://ca.archive.ubuntu.com/ubuntu jammy/universe amd64 xbase-clients all 1:7.7+23ubuntu2 [4,242 B] Get:3 http://ca.archive.ubuntu.com/ubuntu jammy/main amd64 python3-psutil amd64 5.9.0-1build1 [158 kB] Get:4 http://ca.archive.ubuntu.com/ubuntu jammy/main amd64 libutempter0 amd64 1.2.1-2build2 [8,848 B] Get:5 /usr/local/src/chrome-remote-desktop_current_amd64.deb chrome-remote-desktop amd64 112.0.5615.18 [18.0 MB] Selecting previously unselected package xserver-xorg-video-dummy. (Reading database ... 348986 files and directories currently installed.) Preparing to unpack .../xserver-xorg-video-dummy_1%3a0.3.8-2build1_amd64.deb ... Unpacking xserver-xorg-video-dummy (1:0.3.8-2build1) ... Selecting previously unselected package xbase-clients. Preparing to unpack .../xbase-clients_1%3a7.7+23ubuntu2_all.deb ... Unpacking xbase-clients (1:7.7+23ubuntu2) ... Selecting previously unselected package python3-psutil. Preparing to unpack .../python3-psutil_5.9.0-1build1_amd64.deb ... Unpacking python3-psutil (5.9.0-1build1) ... Selecting previously unselected package libutempter0:amd64. Preparing to unpack .../libutempter0_1.2.1-2build2_amd64.deb ... Unpacking libutempter0:amd64 (1.2.1-2build2) ... Selecting previously unselected package chrome-remote-desktop. Preparing to unpack .../chrome-remote-desktop_current_amd64.deb ... Unpacking chrome-remote-desktop (112.0.5615.18) ... Setting up xbase-clients (1:7.7+23ubuntu2) ... Setting up xserver-xorg-video-dummy (1:0.3.8-2build1) ... Setting up python3-psutil (5.9.0-1build1) ... Setting up libutempter0:amd64 (1.2.1-2build2) ... Setting up chrome-remote-desktop (112.0.5615.18) ... Installing new version of config file /etc/cron.daily/chrome-remote-desktop ... Restarting Chrome Remote Desktop hosts (sessions will be unaffected)... Processing triggers for desktop-file-utils (0.26-1ubuntu3) ... Processing triggers for gnome-menus (3.36.0-1ubuntu3) ... Processing triggers for libc-bin (2.35-0ubuntu3.9) ... Processing triggers for mailcap (3.70+nmu1ubuntu1) ... root@ada:/usr/local/src# DISPLAY= /opt/google/chrome-remote-desktop/start-host --code="4/0Ab_5qlm0ZkaZ3F1rzkj5v6SOC8hlWb2f2NmFPDsyXdkuymQ3qTPsosX9TEaFj9H4-0gjFw" --redirect-url="https://remotedesktop.google.com/_/oauthredirect" --name=$(hostname) Must specify the --user-name option when running as root. root@ada:/usr/local/src# exit logout rap@ada:~$ DISPLAY= /opt/google/chrome-remote-desktop/start-host --code="4/0Ab_5qlm0ZkaZ3F1rzkj5v6SOC8hlWb2f2NmFPDsyXdkuymQ3qTPsosX9TEaFj9H4-0gjFw" --redirect-url="https://remotedesktop.google.com/_/oauthredirect" --name=$(hostname) Enter a PIN of at least six digits: Enter the same PIN again: [0409/114735.237329:INFO:host_stopper.cc(37)] Stopping existing host: 4b9a45f8-b4da-41bd-b522-e25dfff32937. This may take a few seconds. [0409/114735.989465:INFO:daemon_controller_delegate_linux.cc(97)] The daemon is not currently running [sudo] password for rap: [0409/114744.909477:INFO:daemon_controller_delegate_linux.cc(97)] ========================================================================================== 25-04-15 rap@ada:~$ sudo cat /proc/sys/fs/file-max 9223372036854775807 rap@ada:~$ ulimit -Hn 1048576 rap@ada:~$ ulimit -Sn 1024 ========================================================================================== 25-04-25 root@ada:~# ufw allow from 142.103.235.200 to any port nfs Rule added ========================================================================================== 25-04-30 rsyslogd: action 'action-0-builtin:omfile' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2112.0 try https://www.rsyslog.com/e/2007 ] https://ubuntuforums.org/showthread.php?t=2479123 root@ada:/etc# vim rsyslog.conf root@ada:/etc# pwd /etc root@ada:/etc# diff rsyslog.conf rsyslog.conf.orig 43,49c43,49 < $fileOwner syslog < $fileGroup adm < $fileCreateMode 0640 < $dirCreateMode 0755 < $umask 0022 < #$PrivDropToUser syslog < #$PrivDropToGroup syslog --- > $FileOwner syslog > $FileGroup adm > $FileCreateMode 0640 > $DirCreateMode 0755 > $Umask 0022 > $PrivDropToUser syslog > $PrivDropToGroup syslog root@ada:/etc/cron.daily# systemctl restart rsyslog.service root@ada:/etc/cron.daily# systemctl status rsyslog.service ● rsyslog.service - System Logging Service Loaded: loaded (/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2025-04-30 09:56:17 PDT; 6s ago TriggeredBy: ● syslog.socket Docs: man:rsyslogd(8) man:rsyslog.conf(5) https://www.rsyslog.com/doc/ Main PID: 9214 (rsyslogd) Tasks: 4 (limit: 38263) Memory: 1.0M CPU: 5ms CGroup: /system.slice/rsyslog.service └─9214 /usr/sbin/rsyslogd -n -iNONE Apr 30 09:56:17 ada systemd[1]: Starting System Logging Service... Apr 30 09:56:17 ada rsyslogd[9214]: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' (fd 3) from systemd. [v8.2112.0] Apr 30 09:56:17 ada rsyslogd[9214]: [origin software="rsyslogd" swVersion="8.2112.0" x-pid="9214" x-info="https://www.rsyslog.com"]> Apr 30 09:56:17 ada systemd[1]: Started System Logging Service. ========================================================================================== 25-10-10 root@ada:~# ufw allow from 142.103.51.25 to any port 873 Rule added root@ada:~# systemctl start rsync root@ada:~# systemctl enable rsync Synchronizing state of rsync.service with SysV service script with /usr/lib/systemd/systemd-sysv-install. Executing: /usr/lib/systemd/systemd-sysv-install enable rsync Created symlink /etc/systemd/system/multi-user.target.wants/rsync.service → /usr/lib/systemd/system/rsync.service. root@ada:~# vim /etc/rsyncd.conf root@ada:~# systemctl restart ufw root@ada:~# ufw status Status: active To Action From -- ------ ---- 22/tcp ALLOW Anywhere 2049 ALLOW 142.103.235.1 2049 ALLOW 142.103.235.46 445 ALLOW 142.103.235.56 445 ALLOW 128.189.122.32/27 2049 ALLOW 142.103.235.200 873 ALLOW 142.103.51.25 22/tcp (v6) ALLOW Anywhere (v6) root@ada:~# systemctl restart rsync