Setting up WiFi and Ethernet Simultaneously on RPI/Raspberrypi

Look at the wpa_supplicant.conf file:

pi@raspberrypi ~ $ sudo cat /etc/wpa_supplicant/wpa_supplicant.conf 
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1

network={
    ssid="****"
    scan_ssid=1
    proto=RSN
    key_mgmt=WPA-PSK
    pairwise=CCMP TKIP
    group=CCMP TKIP
    psk="****"
    id_str="home"
    priority=5
}

Next my new update interfaces file

pi@raspberrypi ~ $ sudo cat /etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
allow-hotplug eth0
iface eth0 inet static
address 192.168.1.101
netmask 255.255.255.0

auto wlan0
allow-hotplug wlan0
iface wlan0 inet static
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
address 192.168.0.157
netmask 255.255.255.0
broadcast 192.168.0.255
gateway 192.168.0.1

iface default inet dhcp

And now comes the tricky part, you have to disable the hotplugging of the eth0 device (else it will disable your wlan0). You do this by edting the following file:

pi@raspberrypi ~ $ sudo cat /etc/default/ifplugd 
INTERFACES="eth0"
HOTPLUG_INTERFACES="eth0"
ARGS="-q -f -u0 -d10 -w -I"
SUSPEND_ACTION="stop"

I also have the following in my startup script, this will make sure my wifi does get started up (sometimes for no reason at all it would not start). You also have to kill the ifplugd daemon on the eth0 device:

pi@raspberrypi ~ $ sudo cat /etc/rc.local
#!/bin/sh -e

# Print the IP address
_IP=$(hostname -I) || true
if [ "$_IP" ]; then
  printf "My IP address is %s\n" "$_IP"
fi

# Disable the ifplugd eth0
sudo ifplugd eth0 --kill
sudo ifup wlan0

exit 0

if you’re getting ip from DHCP and dont want/cant ssh into the RPI you can use nmap from your host and scan the machine with OSdetect & fingerprint. like this

$nmap -sV -O -v 129.128.X.XX

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

DONE.

THANKS TO ( https://raspberrypi.stackexchange.com/questions/8851/setting-up-wifi-and-ethernet/24685#24685 )

Create And Setup A Samba Share On Ubuntu

To get started with creating private shares on Samba, follow the steps below:

To get started with creating a public share that can be fully accessed by everyone, continue with the steps below:

STEP 1: INSTALL SAMBA

The first thing you’ll need to do is install Samba. To install it run the commands below.

sudo apt-get update
sudo apt-get install samba

The commands above install Samba and all other dependencies.

STEP 2: CREATE THE  PRIVATE FOLDER

First, create the folder you want to share with select group of people. The folder can be anywhere but set its permission so that everyone can access it. For this this tutorial, our share folder will be called Private and created in the /home directory…

Run the commands below to create the folder you wish to share.

sudo mkdir /home/Private

Then set the share permission so that only members of a select group will have access to it…

STEP 3: CREATE A PRIVATE GROUP

After creating the private share above, you should then create a private group that should have access to the shared folder. Only members in the group will be able to access or delete content.

Run the commands below to create a group called security

sudo groupadd security

Next, grant the group access to the folder.

sudo chgrp security /home/Private
sudo chmod -R 0770 /home/Private

STEP 4: CONFIGURE SAMBA

Now that Samba is installed, you must now configure it to provide file and print services to clients. This can be done by editing its default configurations file. First create a backup of the configuration file by running the commands below.

sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.bak

Next, run the commands below to open/create a new configuration file.

sudo nano /etc/samba/smb.conf

Then add the content below into the file and save. Our share will be called Private as defined in the settings below  [Private]

[global]
workgroup = WORKGROUP
server string = Samba Server %v

netbios name = ubuntu  
#note this is your servername
#which you can find it by cat /etc/hostname

security = user
map to guest = bad user
name resolve order = bcast host
dns proxy = no
bind interfaces only = yes

# add to the end
[Private]
   path = /home/Private
   writable = yes
   guest ok = no
   read only = no
   browsable = yes
   create mode = 0777
   directory mode = 0777
   valid users = @security

Save the file and exit

STEP 5: ADD MEMBERS TO GROUP

Now that you’ve created and private group and only want certain users as member, run the commands below for each user you want to add to the group.

sudo usermod -aG security smbuser1

The commands above add the user name smbuser1 to the security group.

Then run the commands below for each member of the group to create a Samba password. This is required.

sudo smbpasswd -a smbuser1

When prompted, create and confirm a new password forsmbuser1 account.

STEP 6: RESTART SAMBA

After configuring the setting above, restart Samba by running the commands below.

sudo systemctl restart smbd

Now go and test the share using smbuser1 account.

ubuntu samba private shares

Type the account name and password to access.

ubuntu samba shared

You can also map the network location

ubuntu samba shares

Access the mapped drive anytime from Windows

That’s it!

 

 

MANY THANKS TO websiteforstudents.com

 

LXD-installing Managing lxc-Containes

preparing system and installing LXD

if it’s needed as it for som new systems run:

##KERNEL UPGRADE $sudo apt-get install linux-image-generic

$sudo apt-get install software-properties-common

$sudo apt-get install python-software-properties

##and then add any repo you want

sudo add-apt-repository ppa:foo/bar

Installing LXD

sudo apt-add-repository ppa:ubuntu-lxc/stable
sudo apt update
sudo apt dist-upgrade
sudo apt install lxd
##now time for configuring LXD
sudo lxd init 
##most of it yes, change any conf you need like btrfs FOR STORAGE BACKEND.
.. 
##To reconfigure the bridge and add some ipv4
sudo dpkg-reconfigure -p medium lxd

##Or go through the whole LXD step by step setup (see below) with:

sudo lxd init


 

 

Management of LXC containers. 

#add remote image server to download images from

$ sudo lxc remote add lxc images.linuxcontainers.org

#install container from an image, choose distro system ARCH NAME etc.

$ sudo lxc launch lxc:debian/jessie/i386 debianSRV1

$ sudo lxc stop debianSRV1

#install anything on container with EXEC Command.

##like installing an upstart-bin.

$ sudo lxc exec CONTAINERNAME — apt-get -y install upstart-bin upstart-sysv

Running Google chrome in a container

##https://stgraber.org/2014/02/09/lxc-1-0-gui-in-containers/

lxc-create -t download -n precise-gui -- -d ubuntu -r precise -a i386

Terminal Based Multi-Factor Authentication Token; Linux

Here we will go over settting up a token generating app in a terminal. This saves me digging my phone out every time I log into something that has MFA enabled.

With only a couple MFA enabled sites it isn’t too bad, but pass ten and you start looking for your phone pretty regularly.

Install the software with the command : apt-get install oathtool

  1. Create a bash/shell file, per example, auth.sh wherever you want to have it on your system. In this example, the file will be on:
    /home/username/scripts/auth.sh
  2. Add the code below inside your file auth.sh
#!/bin/bash
 OPTIONS="Google Microsoft Dropbox Battlenet Facebook Quit"
 select opt in $OPTIONS; do
 if [ "$opt" = "Google" ]; then
 oathtool --base32 --totp "YOUR SECRET KEY" -d 6
 elif [ "$opt" = "Microsoft" ]; then
 oathtool --base32 --totp "YOUR SECRET KEY" -d 6
 elif [ "$opt" = "Dropbox" ]; then
 oathtool --base32 --totp "YOUR SECRET KEY" -d 6
 elif [ "$opt" = "Battlenet" ]; then
 oathtool --base32 --totp "YOUR SECRET KEY" -d 6
 elif [ "$opt" = "Facebook" ]; then
 oathtool --base32 --totp "YOUR SECRET KEY" -d 6
 elif [ "$opt" = "Quit" ]; then
 exit
 else
 clear
 echo "Choose an available option."
 fi
done

chmod +x auth.sh

oathtool_authenticator

IMPORTANT : your script file contains your secret key for your accounts (Google, Dropbox…) so you have to choose the correct permissions to limit the access to it. Don’t let non authorized people read the content of this file.

Make sure that the owner of the script is root and set the permissions such that only the owner can run it.

sudo chown root:root /path/to/auth.sh
sudo chmod 700 /path/to/auth.sh

If you look now at permissions with ls -l /path/to/auth.sh, you should see the following: -rwx------ root root, meaning that root can read, write and execute, and anyone else cannot even read that file.

thanks to analyth.com

Megacmd: A command-line client for mega.nz storage service

megacmd

megacmd is a utility for copying files to and from your Mega storage service.

How to obtain megacmd ?

Compile from source –

Mac OSX

Linux

Windows

 

Usage

Usage ./megacmd:
    megacmd [OPTIONS] list mega:/foo/bar/
    megacmd [OPTIONS] get mega:/foo/file.txt /tmp/
    megacmd [OPTIONS] put /tmp/hello.txt mega:/bar/
    megacmd [OPTIONS] delete mega:/foo/bar
    megacmd [OPTIONS] mkdir mega:/foo/bar
    megacmd [OPTIONS] move mega:/foo/file.txt mega:/bar/foo.txt
    megacmd [OPTIONS] sync mega:/foo/ /tmp/foo/
    megacmd [OPTIONS] sync /tmp/foo mega:/foo

  -conf="/Users/slakshman/.megacmd.json": Config file path
  -force=false: Force hard delete or overwrite
  -help=false: Help
  -ignore-same-size=false: Consider files with same size and path suffix as same
  -recursive=false: Recursive listing
  -verbose=1: Verbose
  -version=false: Version
  

Installation

megacmd is written against go 1.3 and exhibits bugs when compiled with newer versions. Additionally due to the amount of time since the last stable release and with no stable release obvious in the future is it preferable to compile the latest version from git to try and avoid known and fixed issues.

  1. Ensure you’re in your home directory
     cd
    
  2. Create ~/bin and add it to your shell’s PATH if you haven’t done so before.
     mkdir -p ~/bin && echo "PATH=\$HOME/bin:\$PATH" >> ~/.bashrc && source ~/.bashrc
    
  3. Install the required Go 1.3 compiler. We will fetch an official pre-compiled binary ready for use.
     wget https://storage.googleapis.com/golang/go1.3.3.linux-amd64.tar.gz
    
  4. Unpack the Go compiler
     tar xvf go1.3.3.linux-amd64.tar.gz
    
  5. Copy the Go binaries to the ~/bin directory
     cp ~/go/bin/* ~/bin/
    
  6. Clone the megacmd Git repository
     git clone https://github.com/t3rm1n4l/megacmd.git
    
  7. Change to the megacmd directory
     cd megacmd
    
  8. Compile megacmd
     GOROOT="${HOME}/go" make
    
  9. Copy the compiled megacmd to the ~/bin directory, allowing it to be used in any directory
     cp megacmd ~/bin/
    

Configuration

You can edit ~/.megacmd.json using your favourite editor like nano (eg: nano ~/.megacmd.json), and fill out your user credentials. It is not currently possible to store these encrypted so plain text is the only option when using this tool.

{
    "User" : "your-mega-username",
    "Password" : "your-mega-password",
    "DownloadWorkers" : 4,
    "UploadWorkers" : 4,
    "SkipSameSize" : true,
    "Verbose" : 1
}

 

 

author of this: whatbox.ca

Install VSFTPD server in Ubuntu 16.04 LTS

About VSFTPD

 

As you see in the above result, vsftpd service is running.

Configuration part is over. Next, we need to create a some FTP users.

Create FTP users

You shouldn’t allow enable ftp access for root user. It is insecure and dangerous fro your production server. So, Just create a normal user.

Let us create an user called “test”.

To do so, run:

sudo adduser test

Enter the password twice and other details.

Sample output:

Adding user `test' ...
Adding new group `test' (1003) ...
Adding new user `test' (1003) with group `test' ...
Creating home directory `/home/test' ...
Copying files from `/etc/skel' ...
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
Changing the user information for test
Enter the new value, or press ENTER for the default
 Full Name []: 
 Room Number []: 
 Work Phone []: 
 Home Phone []: 
 Other []: 
Is the information correct? [Y/n] y

 

Similarly, Create as many as you wanted and set password for them.

Access FTP server

Let us check if our VSFTPD server is working from the server itself.

To do so, run the following command from the Terminal:

sudo telnet localhost 21

Sample output:

Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 Welcome to OSTechNix FTP service.

 

Success! We can able to access the FTP server locally. To exit from FTP console, just type: quit.

Let us try to access it from any remote system. Go to the remote system, and open up the Terminal, and access the FTP server as shown below.

ftp 192.168.43.2

Here, 192.168.43.2 is my FTP server’s IP address.

Enter the FTP server’s username and password:

Connected to 192.168.43.2.
220 Welcome to OSTechNix FTP service.
Name (192.168.43.2:sk): test
331 Please specify the password.
Password: 
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

 

Success! We can able to access the FTP server locally. To exit from FTP console, just type: quit.

Let us try to access it from any remote system. Go to the remote system, and open up the Terminal, and access the FTP server as shown below.

ftp 192.168.43.2

Here, 192.168.43.2 is my FTP server’s IP address.

Enter the FTP server’s username and password:

Connected to 192.168.43.2.
220 Welcome to OSTechNix FTP service.
Name (192.168.43.2:sk): test
331 Please specify the password.
Password: 
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

 

Access FTP server via a Web browser

Open up your Web browser, and navigate to URL: ftp://ftp-server-ip/. You should see a screen like below. Enter the FTP username and password, and click Login.

You can now download or view the FTP server’s contents.

That’s all for now. Our FTP server is ready to use. Hope this helps.

If you find this guide useful, please share it on your social networks and support OSTechNix.

 

 

author credits:   https://www.ostechnix.com/

Allowing FTP Access to Files Outside the Home Directory Chroot

When we setup an FTP server software (regardless if this is proftpd, vsftpd, etc.) we might face a dilemma: we want to restrict the access that ftp users will have (limited access to files normally in their own home directory) but also we want to allow them access to another folder that is normally in a different location (like development files for whatever work they are doing).

The problem is that if we configure the chroot restriction for the ftp users we will notice that as expected they will be locked in the chrooted folder (let’s say their home directory). If we try to create a symlink to the other folder they need access, this will just not allow them to change into that folder (break out the chroot) and this is very normal. To exemplify this let’s consider that I am using vsftpd and one user ftp_user. Chroot restriction is enabled on ftp accounts and his home is in /home/ftp_user. But I need to provide him access for another folder/var/www/dev/. Even though I am using here vsftpd the same concept applies to any other ftp server software.

 

The configurations for vsftpd are basic ones (but I will include them at the end of the post for reference). The important one here is:

chroot_local_user=YES

Of course that one solution to overcome this limitation is to disable chroot and allow the ftp users full access to all the system files. This is not at all recommended and this little tip will show you how you can achieve this with chroot enabled. The solution to this little problem is tomount the needed directory using the —bind parameter… from the man page of mount: “—bind Remount a subtree somewhere else (so that its contents are available in both places)”.

So we might do something like:

mkdir /home/ftp_user/www_dev
mount --bind /var/www/dev/ /home/ftp_user/www_dev

After this the ftp user will be able to see the needed files in his home directory and use them in his ftp client as if they were local files.

If you need to make this configuration permanent you can either add the mount command in some startup script or you can just include a line in /etc/fstab:

/var/www/dev  /home/ftp_user/www_dev    none    bind    0       0

I hope that you have found this tip useful in case you have a similar issue… Just for the reference here is the vsftpd configuration used (the important parameter is only the one noted abovechroot_local_users):

/etc/vsftpd.conf
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/vsftpd.pem

 

————————————————————————-


  • Authorship credits   http://www.ducea.com/2006/07/27/allowing-ftp-access-to-files-outside-the-home-directory-chroot/

Pyrite – Python/GTK+ encryption/signing frontend for GnuPG and OpenSSL With Nice Gui For Linux

FEDORA/RHEL7 INSTALLATION

There’s an RPM (and yum repository) @ people.redhat.com/rsawhill/rpms. To configure it and install Pyrite, simply run the following as root:

yum install http://people.redhat.com/rsawhill/rpms/latest-rsawaroha-release.rpm
yum install pyrite

Requirements and package names:

  • gtk2 >= v2.24: gtk2
  • python2 >= v2.7: python
  • pygtk: pygtk2
  • gpg/openssl: gnupg2 or gnupg or openssl

As per above, Pyrite is not compatible with RHEL6.

DEBIAN/UBUNTU/OTHER LINUX INSTALLATION

There is a simple interactive shell installer. Before using it, ensure you have the following on your Linux system (Ubuntu package names):

  • gtk2 >= v2.24: libgtk2.0-bin
  • python2 >= v2.7: python
  • pygtk: python-gtk2
  • gpg/openssl: gnupg2 or (gnupg and gnupg-agent) or openssl

If requirements are met, clone the Pyrite repo with git clone git://github.com/ryran/pyrite.git OR download a zip of the source.

From the root source folder execute the interactive INSTALL script.

pyrite command-line options:

[rsaw:~]$ pyrite --help
usage: pyrite [-h] [-d | -t] [-e | -s] [-c] [-r RECIP] [-k KEYUID]
              [-b {gpg,openssl}]
              [INPUT]

GnuPG/OpenSSL GUI to encrypt, decrypt, sign, or verify files/ASCII text input.

positional arguments:
  INPUT                 ascii input file to populate Message area with (NOTE:
                        treatment of INPUT is modified by '-t' & '-d')

optional arguments:
  -h, --help            show this help message and exit
  -d, --direct-file     flag INPUT as a file path to open in direct-mode
  -t, --text-input      flag INPUT as text instead of a file path
  -e, --encdec          enable encrypt/decrypt mode
  -s, --signverify      enable sign/verify mode
  -c, --symmetric       enable symmetric encryption mode
  -r RECIP, --recipients RECIP
                        recipients for asymmetric mode (semicolon-separated)
  -k KEYUID, --defaultkey KEYUID
                        override default gpg private key
  -b {gpg,openssl}, --backend {gpg,openssl}
                        backend program to use as encryption engine

FEATURES

Pyrite acts as a frontend for GnuPG, doing symmetric or asymmetric encrypting/decrypting, as well as signing and verifying. Additionally, it can use OpenSSL for simple symmetric encryption/decryption.

Pyrite can operate on text input or can take input and output filenames (text or binary) to pass directly to the backend program (i.e., gpg/gpg2 or openssl).

As you can see from the screenshots, Pyrite can utilize virtually all of the encrypting features of GnuPG — you can mix and match passphrase & public-key encryption & signing with one file, just like gpg, which will require interacting with your gpg-agent. Or you can keep it simple and just use a passphrase as a shared key, in which case gpg-agent is bypassed and you only have to type the passphrase once.

Also shown in the screenshots is a Sign/Verify mode, where you can choose between the three types of signing: normal (Pyrite calls it “embedded”), where a signed copy of the message is created; clearsign, where the message is wrapped with a plaintext ASCII sig; or detached-sign, where a separate sig file is created.

If you’re operating directly on files (in sign or encrypt mode) instead of ASCII text in the Pyrite window, you can choose what kind of output you want — ASCII-armored (base64-encoded) text or normal binary output.

Not shown in the screenshots is drag & drop. You can drag text files onto the Message area and they are loaded up and you can drag text or binary files onto the Input File For Direct Operation button to set that.

If you end up working on very large input, you’ll get a chance to really see the progress bar + pause/cancel buttons. At the moment the progress bar doesn’t report actual progress (that’s coming), but the buttons do what they advertise, pausing or canceling the backend processing.

To top it all off, everything is configurable. There’s a preferences dialog that lets you play with all the settings, from tweaking gpg verbosity to setting the default operating mode to choosing your favorite cipher to configuring font size/color and window opacity.

If you find yourself wondering about a particular feature, just hover your mouse over its widget — there are detailed tooltips for everything.

LICENSE

Copyright (C) 2012, 2013 Ryan Sawhill Aroha

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License @gnu.org/licenses/gpl.html for more details.

Thanks to the developer of this Amazing tool

ryran, aka rsaw, aka Ryan Sawhill Aroha.

https://github.com/ryran/pyrite