Knowledge base

tips & tricks

Set system time automatically on Linux

Introduction

It is possibly to set and synchronize the time in Linux automatically through the systemd service. It's the successor of NTP daemon. In my network the mt-engine01.simmy.ch provides system time. Hence the device can change, I created an DNS alias ntp.simmy.ch. Using this alias allows changes of the time source without problems.

Ubuntu 22.04 LTS

nano /etc/systemd/timesyncd.conf
This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it under the
#  terms of the GNU Lesser General Public License as published by the Free
#  Software Foundation; either version 2.1 of the License, or (at your option)
#  any later version.
#
# Entries in this file show the compile time defaults. Local configuration
# should be created by either modifying this file, or by creating "drop-ins" in
# the timesyncd.conf.d/ subdirectory. The latter is generally recommended.
# Defaults can be restored by simply deleting this file and all drop-ins.
#
# See timesyncd.conf(5) for details.

[Time]
NTP=ntp.simmy.ch
FallbackNTP=0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org
#RootDistanceMaxSec=5
#PollIntervalMinSec=32
#PollIntervalMaxSec=2048
systemctl restart systemd-timesyncd

Debian

apt install systemd-timesyncd
nano /etc/systemd/timesyncd.conf
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it under the
#  terms of the GNU Lesser General Public License as published by the Free
#  Software Foundation; either version 2.1 of the License, or (at your option)
#  any later version.
#
# Entries in this file show the compile time defaults. Local configuration
# should be created by either modifying this file, or by creating "drop-ins" in
# the timesyncd.conf.d/ subdirectory. The latter is generally recommended.
# Defaults can be restored by simply deleting this file and all drop-ins.
#
# See timesyncd.conf(5) for details.

[Time]
NTP=ntp.simmy.ch
FallbackNTP=0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org
#RootDistanceMaxSec=5
#PollIntervalMinSec=32
#PollIntervalMaxSec=2048

systemctl restart systemd-timesyncd

Set the correct timezone

Figure out the timezone:

timedatectl list-timezones | grep Europe

Set the timezone

timedatectl set-timezone Europe/Zurich

Useful commands / checks

root@iVentoy ~# timedatectl status
               Local time: Sat 2024-01-06 16:21:29 CET
           Universal time: Sat 2024-01-06 15:21:29 UTC
                 RTC time: Sat 2024-01-06 15:21:29
                Time zone: Europe/Zurich (CET, +0100)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no
root@iVentoy ~#
root@iVentoy ~# systemctl status systemd-timesyncd
* systemd-timesyncd.service - Network Time Synchronization
     Loaded: loaded (/lib/systemd/system/systemd-timesyncd.service; enabled; preset: enabled)
     Active: active (running) since Sat 2024-01-06 15:51:09 CET; 31min ago
       Docs: man:systemd-timesyncd.service(8)
   Main PID: 3022 (systemd-timesyn)
     Status: "Contacted time server 46.140.15.108:123 (0.debian.pool.ntp.org)."
      Tasks: 2 (limit: 4650)
     Memory: 1.3M
        CPU: 39ms
     CGroup: /system.slice/systemd-timesyncd.service
             `-3022 /lib/systemd/systemd-timesyncd

Jan 06 15:51:09 iVentoy systemd[1]: Starting systemd-timesyncd.service - Network Time Synchronization...
Jan 06 15:51:09 iVentoy systemd[1]: Started systemd-timesyncd.service - Network Time Synchronization.
Jan 06 15:51:09 iVentoy systemd-timesyncd[3022]: Contacted time server 46.140.15.108:123 (0.debian.pool.ntp.org).
Jan 06 15:51:09 iVentoy systemd-timesyncd[3022]: Initial clock synchronization to Sat 2024-01-06 14:51:09.538088 UTC.
root@iVentoy ~#
date

 

https://www.digitalocean.com/community/tutorials/how-to-set-up-time-synchronization-on-debian-10

 

Linux Tips and Tricks

Linux Tips and Tricks

Set system time automatically

​Introduction

It is possibly to set and synchronize the time in Linux automatically through the systemd service. It's the successor of NTP daemon. In my network the mt-engine01.simmy.ch provides system time. Hence the device can change, I created an DNS alias ntp.simmy.ch. Using this alias allows changes of the time source without problems.

Ubuntu 22.04 LTS

nano /etc/systemd/timesyncd.conf

#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it under the
#  terms of the GNU Lesser General Public License as published by the Free
#  Software Foundation; either version 2.1 of the License, or (at your option)
#  any later version.
#
# Entries in this file show the compile time defaults. Local configuration
# should be created by either modifying this file, or by creating "drop-ins" in
# the timesyncd.conf.d/ subdirectory. The latter is generally recommended.
# Defaults can be restored by simply deleting this file and all drop-ins.
#
# See timesyncd.conf(5) for details.

[Time]
NTP=ntp.simmy.ch
FallbackNTP=0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org
#RootDistanceMaxSec=5
#PollIntervalMinSec=32
#PollIntervalMaxSec=2048
systemctl restart systemd-timesyncd
timedatectl timesync-status

      Server: 192.168.1.74 (192.168.1.74)
Poll interval: 1min 4s (min: 32s; max 34min 8s)
         Leap: normal
      Version: 4
      Stratum: 3
    Reference: 2E8C0F6C
    Precision: 1us (-24)
Root distance: 76.324ms (max: 5s)
       Offset: +1.117ms
        Delay: 326us
       Jitter: 0
 Packet count: 1
    Frequency: -25.696ppm

Debian 10

https://www.digitalocean.com/community/tutorials/how-to-set-up-time-synchronization-on-debian-10

apt purge ntp
apt install systemd-timesyncd
nano /etc/systemd/timesyncd.conf
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it under the
#  terms of the GNU Lesser General Public License as published by the Free
#  Software Foundation; either version 2.1 of the License, or (at your option)
#  any later version.
#
# Entries in this file show the compile time defaults. Local configuration
# should be created by either modifying this file, or by creating "drop-ins" in
# the timesyncd.conf.d/ subdirectory. The latter is generally recommended.
# Defaults can be restored by simply deleting this file and all drop-ins.
#
# See timesyncd.conf(5) for details.

[Time]
NTP=ntp.simmy.ch
FallbackNTP=0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org
#RootDistanceMaxSec=5
#PollIntervalMinSec=32
#PollIntervalMaxSec=2048
systemctl start systemd-timesyncd
systemctl status systemd-timesyncd
date
​


Linux Tips and Tricks

Set correct Timezone

Howto set the correct timezone in Linux Ubuntu

Get all possible timezones:

 

timedatectl list-timezones

Set the local timezine:

 

timedatectl set-timezone Europe/Zurich

Check the local timezone:

timedatectl

Howto set the correct timezone in Debian 10

dpkg-reconfigure tzdata

https://linuxize.com/post/how-to-set-or-change-timezone-on-ubuntu-20-04/

Linux Tips and Tricks

Flush DNS Cache Unbuntu

Introduction

Ubuntu caches DNS queries local. As long as the DNS address of a node does not change, this is very useful. Unless there is a change and the client should react very quickly, you have to flush/delete to cache. This manual describes hot to do that.

Method I: Flush the cache

Take a look at the cache:

resolvectl statistics

Clear the cache:

resolvectl flush-caches

Method II: Flush the cache

systemd-resolve --flush-caches
systemd-resolve --statistics

Method III: Flush the cache

killall -USR2 systemd-resolved
Linux Tips and Tricks

Start / Stop /Restart BIND DNS Server

Introduction

For testing purposes I am using Univention with bind9. The greater goal is to use AD/SAMBA from Univention. After testing for a couple of weeks suddenly some DNS addresses do not get resolved. The same problems occurred on Zentyal.

So far I couldn't find a reason for this misbehavior. However, a restart of the bind9 service seems to patch the problem.

Debian based Linux

Start the service

service bind9 start

Stop the service

service bind9 stop

Restart the service

service bind9 restart

Reload the service

This will become necessary of a configuration file is changed.

service bind9 reload

Check status

service bind9 status

Fedora based Linux

Start the service

systemctl start named

Stop the service

systemctl stop named

Restart the service

systemctl restart named

Check status

systemctl status named

 

Linux Tips and Tricks

Hardening of Linux

Introduction

Despite the fact that Linux is Open Source and Linux it comes as a surprise that in the default installation are some hidden trackers and spy software.

Hardening

There is a script that will remove all malware. Originally written for Linux, but it can easily adopted for other distributions.

Ubuntu Secure

This script does:

Here is a version for rpm based systems:

#!/bin/bash

# This script removes telemetry and enhances system security on an RPM-based Linux distribution.

# System Up to Date:
sudo dnf -y update
sudo dnf -y upgrade
# ========

# Remove any pre-installed telemetry or unwanted software (no direct equivalents for `unity-lens-shopping` and `unity-webapps-common` on RPM-based systems):
# Remove pre-installed software that may be tracking or unwanted:
sudo dnf -y remove gnome-online-accounts
sudo dnf -y remove gnome-shell-extension-prefs
sudo dnf -y remove gnome-software
# ========

# Disable Guest session & remote login for LightDM (if LightDM is in use):
if [ -f /etc/lightdm/lightdm.conf.d/50-no-guest.conf ]; then
    sudo sh -c 'printf "[Seat:*]\nallow-guest=false\ngreeter-show-remote-login=false\n" > /etc/lightdm/lightdm.conf.d/50-no-guest.conf'
    sudo dnf -y remove lightdm-remote-session-freerdp
    sudo dnf -y remove lightdm-remote-session-uccsconfigure
fi
# ========

# Remove any equivalent telemetry-related packages:
# Note: zeitgeist is generally specific to Ubuntu/Debian, so we focus on similar tools on RPM systems.

# Remove `tracker`, a GNOME-based file indexing and search tool that collects metadata:
sudo dnf -y remove tracker
sudo dnf -y remove tracker-miners
sudo dnf -y remove tracker3
sudo dnf -y remove tracker3-miners

# Remove `gnome-usage`, a system resource monitor that could collect usage data:
sudo dnf -y remove gnome-usage

# Remove `PackageKit`, which can send data back to package servers:
sudo dnf -y remove PackageKit
# ========

# DNS encryption:
sudo dnf -y install dnscrypt-proxy
# ========

# FireWall (using firewalld):
sudo dnf -y install firewalld
sudo systemctl start firewalld
sudo systemctl enable firewalld
sudo firewall-cmd --permanent --set-default-zone=block
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload
# ========

# ClamAV Antivirus Installation:
sudo dnf -y install clamav
sudo dnf -y install clamav-daemon
sudo systemctl enable clamav-daemon
sudo systemctl start clamav-daemon
# ========

# Fail2Ban installation (protects from brute force login):
sudo dnf -y install fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
# ========

# Remove other potentially problematic or unused packages:
# Removing `cups` if you don't need printer support:
# sudo dnf -y remove cups

# Remove `remmina` if you don't use it for remote connections:
# sudo dnf -y remove remmina

# Remove unnecessary GNOME components:
sudo dnf -y remove evolution
sudo dnf -y remove evolution-data-server
sudo dnf -y remove gvfs-fuse
sudo dnf -y remove vino  # VNC server (remote desktop sharing)
sudo dnf -y remove gnome-shell-extension-background-logo  # Fedora logo on desktop background
sudo dnf -y remove gnome-user-share  # Potentially shares user data over the network
sudo dnf -y remove libreport-plugin-bugzilla  # Automatic bug reporting to Bugzilla
sudo dnf -y remove abrt-addon-xorg  # Automatic bug reporting for Xorg
sudo dnf -y remove abrt-cli  # Command-line tool for automatic bug reporting
sudo dnf -y remove abrt-addon-ccpp  # Automatic bug reporting for C/C++ programs
sudo dnf -y remove abrt-addon-kerneloops  # Automatic bug reporting for kernel oopses
sudo dnf -y remove abrt-addon-pstoreoops  # Automatic bug reporting for pstore oopses
# ========

# Autoremove unnecessary dependencies:
sudo dnf -y autoremove

# ========

# Troubleshooting:
# If the internet does not work, try restarting dnscrypt-proxy:
#   sudo systemctl restart dnscrypt-proxy
# Also, the tool may use another port, detect the port in this output:
#   sudo ss -ntulp
# Then add the port to firewalld:
#   sudo firewall-cmd --permanent --add-port=[portnumber]/tcp
#   sudo firewall-cmd --reload
# ========

Linux Tips and Tricks

Tutorial on ufw

UFW, or Uncomplicated Firewall, is a simplified firewall management interface that hides the complexity of lower-level packet filtering technologies such as iptables and nftables. If you’re looking to get started securing your network, and you’re not sure which tool to use, UFW may be the right choice for you.

Here is a link that shows how to set up the firewall on Ubuntu:

How To Set Up a Firewall with UFW on Ubuntu 22.04

 

Linux Tips and Tricks

Fix Error fwupd-refresh

Introduction

After installing monitoring (check_mk) I realized that the servis fwupd-refresh produces a critical error. However, this is based on a configuration mishap in the service itself. Here is the fix.

The service is able to perform a firmware update on UEFI machines. The service is totally useless on VMs.

Correction Step-by-Step

Edit file /lib/systemd/system/fwupd-refresh.service

Replace SuccessExitStatus=2 with SuccessExitStatus=1

Restart the service: 

systemctl daemon-reload && sudo systemctl start fwupd-refresh.service

Check the service

systemctl status fwupd-refresh.service

Disable the service

Another possibility is to disable the service:

systemctl disable fwupd

https://askubuntu.com/questions/1404691/fwupd-refresh-service-failed

https://askubuntu.com/questions/1227508/consequences-of-disabling-fwupd

Linux Tips and Tricks

Enable ssh login with a public key

image.png

Introduction

it is more secure and easier to login to a server over ssh if you place your public key on this server. This how-to shows in simple steps how to do this.

Generate keys

You only have to do this one time. You can and should reuse your public key for all ssh-servers.

Step 1 - creating SSH key pair

Make sure you are in your home directory.

ssh-keygen -t rsa
If you want so secure the access to your key with password, enter a password. Otherwise press enter two times.

Step 2 - Copying the SSH public key to the ssh server

The real magic happens here:

ssh-copy-id <username>@<ssh-server>
Basically this command copies the file .ssh/id_rsa.pub to your ssh-server. You can either use an ip address or an FQDN (e.g. hcloud.simmy.ch) as ssh-server

Connect to the server

ssh <username>@<ssh-server>

 https://www.linuxshelltips.com/passwordless-ssh-login/

Linux Tips and Tricks

Mount SAMBA shares

Introduction

There a several ways of mounting SAMBA shares on a Linux machine. This manual gives an overview. 

Prerequisite

It makes things easier if the Linux client is a member of an Active Directory domain. Hence I use Zorin OS, this can easily be achieved with the correct setting during the installation:

Use Active Directory checkbox

If you want to join a Linux computer to an Active directory, please refer to:

AD Join

Mount SAMBA shares

Manual mount

mount -t cifs -o username=<user>,password=<secret-password> //xigma-prime.simmy.ch/backup /mnt/backup

Permanent mount with fstab

In the fstab, I use the following command:

//xigma-prime.simmy.ch/images /mnt/images cifs credentials=/root/.smbcredentials,uid=1000,forceuid,gid=1000,forcegid 0 0

This will mount the share images to the mountpoint /mnt/images. The credentials are saved in the file .smbcredentials:

username=<username>
password=<password in cleartext>
domain=simmy.ch
The file itself is placed in the home directory of root. The access right are limited to read only for the root user. So there is minimal protection for the password in clear text. Only the root user can read it. 

The share(s) will be mounted during the boot process. This works most of the times, but not always.

Permanent mount with pam_mount

It is more desirable to mount the SAMBA shares when the user logs in, rather during boot.

Installation of the necessary modules

apt install -y libpam-mount keyutils cifs-utils smbclient

Configuration entry in /etc/security/pam_mount.conf.xml

The following lines have to be added to the file after the line <mkmountpoint enable="1" remove="true" />:

<volume
fstype="cifs"
server="xigma-prime.simmy.ch"
path="images"
mountpoint="~/mnt/images"
options="sec=krb5,cruid=%(USERUID),workgroup=SIMMY,vers=3.0" />
<mkmountpoint enable="1" remove="true" /> means that the mount point is created and removed automatically. Also there is no password saved on the computer. I also placed the mount point into the user home directory.

Permanent mount with GPO

It is possible to utilize GPOs to mount SAMBA shares on a Linux machine, that is joined to an Active Directory. However, I did not try this possibility.

Temporary mount

It is possible to mount a share with a file manager. This mount will be lost after log off or a reboot.

Useful resources


Linux Tips and Tricks

Check for open ports

https://phoenixnap.com/kb/linux-check-open-ports

 lsof -nP -iTCP -sTCP:LISTEN

 netstat -tunpl

 ss -tunlp

 nc -z -v localhost 1-65535 2>&1 | grep succeeded

Linux Tips and Tricks

Network browsing not working

Sometimes network browsing or the mapping of a SMB share with a file manager in Linux is not working. I found one of the most likely causes for this problem is a missing package. 

After installing gvfs-smb network browsing was working fine.

Installation on Fedora

sudo dnf install gvfs-smb

 

Linux Tips and Tricks

Display IP address on Panel in Xfce

Create a small shell script show_ip.sh :

#!/bin/bash

# Get all addresses from hostname -I
IP_ADDRESSES=$(hostname -I)

# Split into individual IP addresses
IFS=' ' read -r -a IP_ADDRS <<< "$IP_ADDRESSES"

# Find the first IPv4 address
for IP in "${IP_ADDRS[@]}"; do
  if [[ "$IP" =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
    echo "$IP"
    break
  fi
done

#!/bin/bash

ip -4 addr show scope global | grep -oP '(?<=inet\s)\d+(\.\d+){3}'

 

chmod +x show_ip.sh

Add a generic monitor:

image.png

That's it.

Linux Tips and Tricks

Biometrics: Fingerprint

Introduction

Enabling fingerprint login is quite simple on Fedora, hence all necessary software is installed and all configurations are pre-configured.

Configuration

To add a signature for a finger, run:

fprintd-enroll

To verify the newly created fingerprint, use:

fprintd-verify

By default every user is allowed to enroll new fingerprints without prompting for the password or the fingerprint.

How to enable fingerprint login?

Linux Tips and Tricks

Disable SELinux on Fedora

Permanently Disable SELinux on Fedora

Update the SELinux configuration file and set SELINUX=disabled to permanently disable the SELinux on your system. This will completely disable all the SELinux contexts.

sudo nano /etc/selinux/config

Set SELINUX value to disabled:

SELINUX=disabled

Disable SELinux in Fedora

Reboot your instance after making changes.

Note – You can again activate the SELinux by setting SELINUX=enforcing in configuration file.

How to Disable SELinux on Fedora

Linux Tips and Tricks

Create boot USB

sudo lsblk
sudo dd if=./Fedora-KDE-Live-x86_64-41-1.4.iso of=/dev/sdb bs=4M status=progress oflag=sync
Linux Tips and Tricks

Install PVE-VDIClient on Arch Linux

Introduction

This VDI client connects directly to Proxmox VE and allows users to connect (via Spice) to any VMs they have permission to access.

PVE-VDIClient

Installation

Install this first:

python3-pip python3-tk virt-viewer git

sudo pacman -S python tk virt-viewer git
git clone https://github.com/joshpatten/PVE-VDIClient.git
cd ./PVE-VDIClient/
chmod +x requirements.sh
./requirements.sh
sudo cp vdiclient.py /usr/local/bin
sudo chmod +x /usr/local/bin/vdiclient.py
cp vdiicon.ico ~/icons/

Configuration

On the client

~/.config/VDIClient/vdiclient.ini

[General]
# This is the title that is diplayed to the user
title = VDI Login
# This is the PySimpleGui Theme that is used. Run vdiclient.py with flag `--list_themes` for a list of themes
theme = LightBlue
# Program Icon
icon = vdiicon.ico
# Logo displayed on all windows
logo = vdiclient.png
# Enable Kiosk mode, which does not allow the user to close anything
kiosk = False
# Enable/Disable Fullscreen mode (not applicable in Kiosk mode)
fullscreen = False
# Disable viewer_kiosk mode if kiosk is set to true, this allows overriding remote_viewer kiosk mode
#viewer_kiosk = False
# Enable displaying SPICE ini file before opening virt-viewer
inidebug = False
# Select which guest types to display. Acceptable values: both, lxc, qemu
guest_type = both
# Show VM option for resetting VM
#show_reset = True
# Set Window Dimensions. Only use if window isn't sizing properly
#window_width = 800
#window_height = 600

# PVE-VDIClient supports multiple clusters. Define them with sections that start with Hosts. followed by the name
# you wish to display to your end users. This example is Hosts.PVE which would display PVE to your users
[Hosts.PVE]
# JSON dictionary of servers in the cluster
# Format is 'IP/FQDN': PORT
# NOTE: MAKE SURE THAT ALL LINES ARE INDENTED
hostpool = {
               "pve01.simmy.ch" : 8006,
               "pve02.simmy.ch" : 8006
           }
# This is the authentication backend that will be used to authenticate
auth_backend = pve
# If enabled, 2FA TOTP entry dialog will show
auth_totp = false
# If disabled, TLS certificate will not be checked
tls_verify = false
# User name (if using token)
# NOTE: If only one cluster is defined, this will auto-login
# If user, token_name, and token_value are set
#user = user
# API Token Name
#token_name = dvi
# API Token Value
#token_value = xxx-x-x-x-xxx
# Password Reset Command Launch. Has to be full executable Command
#pwresetcmd = start chrome --app=http://pwreset.example.com
# Automatically connect to a VMID upon authentication
#auto_vmid = 100

# An additional cluster definition
#[Hosts.PVE2]
# JSON dictionary of servers in the cluster
# Format is 'IP/FQDN': PORT
#hostpool = {
#               "10.10.10.100" : 8006,
#               "10.10.10.111" : 8006,
#               "pve1.example.com" : 8006
#           }
# This is the authentication backend that will be used to authenticate
#auth_backend = pve
# If enabled, 2FA TOTP entry dialog will show
#auth_totp = false
# If disabled, TLS certificate will not be checked
#tls_verify = false
# User name (if using token)
# NOTE: If only one cluster is defined, this will auto-login
#user = user
# API Token Name
#token_name = dvi
# API Token Value
#token_value = xxx-x-x-x-xxx
# Password Reset Command Launch. Has to be full executable Command
#pwresetcmd = start chrome --app=http://pwreset.example.com
# Automatically connect to a VMID upon authentication
#auto_vmid = 100


[SpiceProxyRedirect]
# The Spice Proxy provided by the Proxmox API may need to have its host/port rewritten
# These rewrite rules are written `IP:port = IP:port`
# 1. Use the inidebug and read the current proxy=pve1.example.com:3128
# 2. Add your proxmox ip to the right side e.g. 123.123.123.123:6000
pve1.example.com:3128 = 192.168.1.99:6000

#[AdditionalParameters]
# If you wish to define additional parameters to pass to virt-viewer you may define them here
# More parameter definitions here: https://www.mankier.com/1/remote-viewer
# Some Examples:
# Enable USB passthrough
#enable-usbredir = true
# Enable auto USB device sharing
#enable-usb-autoshare = true

On the Proxmox VE server

  1. Create a user (e.g. pvi) in the realm Proxmox VE authentication server
  2. Create a group (e.g. Spice Access)
  3. Add the group to permissions of all SPICE enabled virtual machines
  4. Add the role PVEVMUser

    image.png

Licensing

In case there is a warning about Licensing or trial period, you can enter your license key into this file:

~/.config/PySimpleGUI/settings/_PySimpleGUI_settings_global_.json

{"-temp2-": 31082748, "-LICENSE KEY-": "egyhJ1MnawWiNflobjnzN7lSVpHQlbwwZGSvIi6FIjkxR3l9dnmhVpsybz3JBKlgcMibIeslIJkSxmpPYb2BVVuMcV22V6JVRrCsIc6QMITNciyMNpDRQrzyMXzGAVwnOsCPwUi8TyG9lfj7ZPWU5qzuZpUSRllOcdGvx9vneDW21MlyblnkRXWOZgXDJUzgaNWA9Nu2IJjcoSxKLiCIJpObYAWE12laRumblByOck3ZQYiFOQisJdIrbc2bxMn6ZsXWI6iULRC4JDOhY6Wu1IlmThGvFmzWdiCXI36WI7l4N1jcazG8luupZbG8xKlKcOiOIQsmIrkKNYvRbAXtBPh5bSn3kHi6Oli3IfiULOCFJwDddVXoNT0PbQ2b1Yl2c2kBlDERIfj9oliZM8zkUj1YOQDuMeiNLPCgJPEJYnXNRulESeX6NtzcdKWkVgkMIrjvoYigMWDEgxvnMKjrMHvnM2jqAsyWNDCtIoskIhkYRFh3dLGNVzFAetHSBVpvcam6VkzbIgjQofiGMFDPg3vPMmjpMOvnMgjWA5yQNGSKIrsjIxktVOt8YHW6lqsvQnWyRHkCcSmdV1zIcZyYI56LIYmmgGuSc62AN4o3axWM5mkTbPGOVpy7QGH4BvyObp3iR9vxbOmZ1LhwaIWHwsuDYE2egEi8LmC9JoJEU4EDF0k8ZNHjJLlUcy39MdizOHiSI44TN5S04SxjODTDUMurMEjBIw5HLvjZQhyeIpnN0u=9733ae7aa77212d35ae97ed325e69a9c0312af879bbac5a6c389d1873619b5313d3d32322e397b013ac43265bdb0d19b7df45c9157a6d7552fb5591b6aef5d42ef48fd5424265a1e0e849562dbdecd12dfd6c7cbb06fd9e1a7dbc51e63716e69c978ca072cc2a331c2cb052198431513cfa57e240d98e6cb0aa665ad0ec7db0ff287cd411666fa5134e064b34611674246dc4a3db98c8b3501a388f3812e4c63adf046a9eab973b76077bbb67bd874499f59f5801b37b795ab9cdf0d87b549cd02cbc6794ad2a3a71ad3f9833c76fa0e760b0f950c7e06a9d4beb299d22c41f33cf346af4c9219de9ea396268f67a6adc22ac97931a742841b591f63e816bf9891205e18d4ad8dedf1e7b43c76bab43ac99e77e28476746b1400d6b6ea06c9c26464b922f858c3ff0b9a9b4bbb49831cd7db5729570d05e1ffcc6fb8635108d60337c74ad81154b003d567b7a8fb5d098d0296e3ab9925f71c442676c697930856642d68a4132d4156226466402f057637933319b1906df45679665d18cfbdcf06a6bb4b9188134f18a71e9605fc4697bd5de6340f824693e18de579155294b7e4606b305c90cbfd82bb9298a9b01237deee29bb3a0c51cd20e0ba4622954724165a36a2f3fe9ea1c4c64f90c6c5ba6e2cbdbcbff782a0e63c758e58f0d300274a9c4b6d5384b31968e294f4117ce898864c622245a50d0772882cedba63aa00f", "-temp1-": "67707579", "-trial period warned-": false}

 

Linux Tips and Tricks

Install network scanner on Archlinux

Install the drivers with pamac

run the commandline:

sudo brsaneconfig4 -a name=Brother model=MFC-9330CDW ip=192.168.1.108

check if it is working

scanimage -L
device `brother4:net1;dev0' is a Brother Brother MFC-9330CDW
device `v4l:/dev/video2' is a Noname Logitech BRIO virtual device
device `v4l:/dev/video0' is a Noname Logitech BRIO virtual devi

 

Linux Tips and Tricks

Install xrdp

Introduction

Fedora

sudo dnf install -y xrdp xorgxrdp
sudo systemctl enable xrdp
sudo systemctl start xrdp
sudo systemctl status xrdp

Create the group tsusers and add all users using Remote Desktop to it

Open Firewall on port 3389

Check if the service is listening on tcp4

sudo nano /etc/xrdp/xrdp.ini

 

port=tcp://:3389


; Some session types such as Xorg and Xvnc start a display server.
; Startup command-line parameters for the display server are configured
; in sesman.ini. See and configure also sesman.ini.
[Xorg]
name=Xorg
lib=libxup.so
username=ask
password=ask
port=-1
code=20
Linux Tips and Tricks

Install Cockpit and Firewalld on Debian 12

Install Cockpit, Firewalld, and Open Ports on Debian 12

1. Update the System

sudo apt update
sudo apt upgrade -y

2. Install Cockpit

sudo apt install -y cockpit

3. Enable and Start Cockpit

sudo systemctl enable --now cockpit.socket

4. Install firewalld

sudo apt install -y firewalld
sudo systemctl enable --now firewalld
sudo install cockpit-machines cockpit-pcp network-manager cockpit-networkmanager -y
Note: If you previously used another firewall (like UFW), remove it first:
sudo apt remove --purge ufw

5. Open Required Ports in firewalld

sudo firewall-cmd --zone=public --add-service=ssh --permanent
sudo firewall-cmd --zone=public --add-service=http --permanent
sudo firewall-cmd --zone=public --add-service=https --permanent
sudo firewall-cmd --zone=public --add-service=cockpit --permanent
sudo firewall-cmd --zone=public --add-port=12321/tcp --permanent
sudo firewall-cmd --reload

6. Verify firewalld Rules

sudo firewall-cmd --list-all

7. Access Cockpit and Webmin

References

Linux Tips and Tricks

Install xrdp on Fedora 42

How to Set Up XRDP on Fedora 42 XFCE

Follow these steps for a reliable and quick XRDP setup with XFCE on Fedora 42:

  1. Install XRDP and XFCE (if not already installed)
sudo dnf install xrdp xorgxrdp

 

2. Enable and Start XRDP Service

sudo systemctl enable --now xrdp

 

3. Configure the Firewall

open Port 3389 for rdp

4. Set Up the XFCE Session for XRDP
Create a file named .Xclients in your home directory with the following content:

 echo "xfce4-session" > ~/.Xclients

 echo "xfce4-session" > ~/.Xclients
 chmod +x ~/.Xclients

6. Restart XRDP Services

sudo systemctl restart xrdp
sudo systemctl restart xrdp-sesman

 

7. Connect via RDP

  • Use Devolutions RDM or any RDP client.

  • Enter your Fedora machine's IP address and credentials.

 

Summary Table

Step Command/Action
Install XRDP sudo dnf install xrdp xorgxrdp
Enable & start service sudo systemctl enable --now xrdp
Firewall open port sudo firewall-cmd --permanent --add-port=3389/tcp; sudo firewall-cmd --reload
Configure session echo "xfce4-session" > ~/.Xclients; chmod +x ~/.Xclients
(Optional) SELinux fix sudo chcon --type=bin_t /usr/sbin/xrdp*
Restart XRDP sudo systemctl restart xrdp xrdp-sesman

This setup gives you a fast, graphical remote desktop on Fedora XFCE with minimal hassle.

 

Linux Tips and Tricks

Install send mail service on Fedora

Fedora: Install and Configure Authenticated Mail Sending with msmtp and s-nail

Overview

This guide explains how to set up authenticated email sending from the command line on Fedora using msmtp (a lightweight SMTP client) and s-nail (a mailx-compatible mail utility). This method is ideal for scripts and system notifications in environments where only authenticated SMTP is allowed.

1. Install Required Packages

sudo dnf install msmtp s-nail

2. Configure msmtp

  1. Copy the example configuration (optional): 
    sudo cp /usr/share/doc/msmtp/msmtprc-system.example /etc/msmtprc
  2. Edit /etc/msmtprc and adjust to your SMTP provider: 
    sudo nano /etc/msmtprc

    Example configuration:

    defaults
auth           on
tls            on
tls_trust_file /etc/ssl/certs/ca-bundle.crt
logfile        /var/log/msmtp.log

account        default
host           mail.hosting.de
port           587
from           admin@simmy.org
user           admin@simmy.org
password       <super-secret>

  3. Set permissions to protect your password: 
    sudo chmod 600 /etc/msmtprc

3. Configure s-nail to Use msmtp

Add the following line to /etc/s-nail.rc or your ~/.mailrc:

set mta=/usr/bin/msmtp

4. Send a Test Email

echo "This is the body" | mail -s "Test Subject" recipient@example.com

5. Notes

References

Add E-Mail account to MS Outlook

Introduction

Microsoft 365, Azure or Exchange Server uses a proprietary protocol for E-Mail, Calendar and Contacts/Address Book. It is possible to add multiple E-Mail accounts, either with IMAP, POP3 or M365 to MS Outlook.

Configuration

Goto "Settings" --> Accounts --> Add Account

It looks slightly different on Windows or MacOS

Bildschirmfoto 2024-10-03 um 13.54.59.png

Enter your E-Mail address and click on "continue".

If Outlook does not determine the account type automatically, enter "Microsoft 365".

Follow the instruction on the screen. It will guide you through the log in process. If Outlook ask for the profile type, I recommend "business profile".

You will need your E-Mail address and your password.

Functionality

All functions provided by M365 are supported:

The addressbook shows only contacts, that you have already contacted. However, you can search the addressbook in the name field by writing three characters of the name of the person you are looking for.

Add M365 account to Apple Mail

Introduction

Microsoft 365, Azure or Exchange Server uses a proprietary protocol for E-Mail, Calendar and Contacts/Address Book. It is possible to add and use E-Mail functionality from Microsoft by adding it to Apple Mail.

Configuration

Open Menu "Mail" --> Settings --> Accounts --> "+"

Bildschirmfoto 2024-10-03 um 14.12.48.png

Select "Micosorft Exchange" --> "Continue"

Bildschirmfoto 2024-10-03 um 14.14.42.png

Enter your E-Mail address. Click on "Sign in".

Bildschirmfoto 2024-10-03 um 14.15.56.png

Click "Sign in".

Follow the instruction on the screen to log in. And finally "Accept" the permissions, that Microsoft requests on your Mac Computer.

Bildschirmfoto 2024-10-03 um 14.19.12.png

Click "Done".

Functionality

All functions provided by M365 are supported:

Calendar

To use the Exchange calendar, you have to utilize "Calendar" on MacOS.

The functionality is limited. It will show all the appointments you have. However, it will not show free or reserved time of other people, hence "Calendar" does not access the address book of the M365 Exchange server. If you create a new appointment, you are also not able to invite other people from the M365 tenant. You have to copy the E-Mail addresses from "Apple Mail" to the invitation.

Address book

To use the address book, you have to utilize "Contacts" on MacOS. Select the correct address book (from the Exchange server). In my case it was: Directories --> Exchange Global Address List.

You can search the address book in the name field by writing three characters of the name of the person you are looking for.

MacOS Tips & Tricks

MacOS Tips & Tricks

How to Disable SIP

Introduction

System Integrity Protection (SIP)

SIP protects MacOS from cyber attacks. However, it also prevents the installation of certain software. So it can become necessary to disable SIP temporarily.

Boot into recovery mode

Silicon M1, M2, M3

Shut down your Mac and wait for 20 seconds. Then, hold the power button until you see the "Loading startup options" message under the Apple logo. Then, select Options and click Continue to enter the macOS Recovery screen.

Intel based

Restart your Mac and wait for 30 seconds. Press the power button and immediately hold Command + R keys on the keyboard until you see the Apple logo. Your Mac will boot into macOS Recovery after a while.

Open a terminal

Under utilities, you will find "Terminal". Open it.Type the following command:

csrutil disable

After that reboot the Mac, make all the necessary changes and enable SIP after that by entering the command:

csrutil enable

 

MacOS Tips & Tricks

Boot into recovery mode

Intel based

Reboot and press:

Silicon based

  1. Turn off your Mac.
  2. Press and hold the Power button.
  3. A message stating you'll be able to access startup options soon will appear. Keep holding the button down.
  4. Click Options > Continue to open up Recovery. 

All startup key codes

 

 

MacOS Tips & Tricks

MacOS - Flush DNS Cache

Introduction

For some reasons Apple nurses a bug in the DNS resolver. This leads to the problem, that some FQDNs cannot be resolved correctly. The workaround is quite simple.

Resolution

sudo dscacheutil -flushcache
sudo killall -HUP mDNSResponder
MacOS Tips & Tricks

MacOS - Privacy hint / OCSP patch

Introduction

The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate.It is described in RFC 6960 and is on the Internet standards track. It was created as an alternative to certificate revocation lists (CRL), specifically addressing certain problems associated with using CRLs in a public key infrastructure (PKI). Messages communicated via OCSP are encoded in ASN.1 and are usually communicated over HTTP. The "request/response" nature of these messages leads to OCSP servers being termed OCSP responders.

Wikipedia OCSP Protocol

The OCSP protocol is used to check whether or not a certificate has been revoked. In this context, it is used to give Apple the opportunity to revoke the “blessing” it has given to a specific piece of software. Whenever you start an application, MacOS checks back with the OCSP server.

Resolution

There are two ways to prevent MacOS from checking back to Apple.

Local patch

echo 0.0.0.0 ocsp.apple.com | sudo tee -a /etc/hosts

Router patch

Discussion

In fact, Apple does not associate the information coming with this request to any person or any IP address. Apple does also not track, when you start an application. Apple could figure out, which software vendor an application is coming from (thinking about Microsoft, that leaves a lot of possibilities).

In the end, it is a simple check whether a certificate is valid or not.

Security professional criticized that a man in the middle attack is possible and you might start an application of which the certificate is revoked. The data itself is also transferred over HTTP without encryption. So a 3rd party could get an idea than somebody runs software from a specific software vendor.

Keeping aside the security concerns, it could be a little bit slower to start an application with a low bandwidth internet connection. In that case, it could make sense to block the request.

https://www.sentinelone.com/blog/what-happened-to-my-mac-apples-ocsp-apocalypse/

https://www.theverge.com/2020/11/16/21569316/apple-mac-ocsp-server-developer-id-authentication-privacy-concerns-encryption-promises-fix

MacOS Tips & Tricks

Map a shared drive on MacOS

Introduction

Mapping of network drive seems to be a big issue. Hopefully this manual brings a little light into the fog.

Requirements

Any kind of network resource, that offers any kind of network share. A network resource can be:

  • Windows Server
  • Linux Server
  • NAS (Network attaches storage)

A network share can be provided by one of the following protocols:

  • SMB or SAMBA
  • CIFS
  • NFS
  • (FTP (SFTP))
  • AFP (Apple File Protocol)

This manual will focus on SMB

Map a drive with MacOS and Finder

Open Finder and go to this menu or simply press cmd-k

image.png

Finder will provide you with a list of network resources it already found:

image.png

If you can already see your resource, you can click on it. If not, you will need to input the resource manually. You will need the protocol and ether the IP Address or an DNS name.

Finder understands these protocols:

  • smb
  • cifs (http, https)
  • ftp
  • afp

If our resource is located on nas01.simmy.ch and the protocol is smb, you will have to type in:

smb://nas01.simmy.ch

image.png

image.png

Most resources are protected with username and password:

image.png

If you manage to enter your username and password correct, please select the resource, you want to access:

image.png

Next thing you will see is the data, that is located on the network share:

image.png

Proxmox Virtual Environment - PVE

Proxmox Virtual Environment - PVE

PVE - VM does not stop

Introduction

Sometimes a virtual machine cannot be stopped from the GUI.

Resolution

qm stop <number>

https://bobcares.com/blog/proxmox-cant-stop-vm/

 

Proxmox Virtual Environment - PVE

PVE - No quorum error

Introduction

A typical error on a PVE cluster is

No Quorum error

It can happen, when other machines of the cluster stop functioning.

Resolution

pvecm expect 1

No quorum error

Definition Quorum

Proxmox Virtual Environment - PVE

PVE - Can't lock file

Can't lock file

https://dannyda.com/2020/05/1 1/how-to-fix-proxmox-pve-cant-lock-file-var-lock-qemu-server-lock-xxx-conf-got-timeout-proxmox-cant-shutdown-virtual-machine/

manual SSH:

goto /run/lock/qemu-server

delete lock-xxx.conf

qm unlock xxx

Simple script:

#!/bin/sh
echo
echo '-----AUTHOR: https://dannyda.com-----'
echo
echo '---Existing locks---'
qm unlock $1
ls -l /run/lock/qemu-server
rm -f /run/lock/qemu-server/lock-$1.conf
qm unlock $1
echo
echo '---Remaining locks---'
ls -l /run/lock/qemu-server
./killvm.sh xxx

Import the voyager Root Certificate into your system

Introduction

To ease the use of servers/services of this domain it is recommended to trust the root certificate of this domain. This text describes how-to import the root certificate and start trust the different serves/services

Vivaldi

The Vivaldi browser is not so straight forward. You have to enter 

chrome://settings/certificates

Then it will display the certificate management; goto "Authorities":

image.png

"Import" all certificates you need.

Don't forget to trust them.

Brave

Goto to the settings menu of your browser. Usually on the right upper corner.

grafik.png

From the opening menu choose "Settings".

Search for "certificate" or go to Privacy and Security Settings and choose "Manage certificates".

grafik.png

Goto "Authorities"

grafik.png

Select ca_simmy.ch.crt

Make sure that under trust settings "Trust this certificate for identifying websites" is enabled. The other options are for future use.

grafik.png


Windows

Import the certificate to your local certificate store.

Dafür "Computerzertifikate verwalten" aufrufen. Beim Punkt "Vertrauenswürdige Stammzertifizierungsstellen" mit der rechten Maustaste klicken: Alle Aufgaben - Importieren

grafik.png


ACHTUNG: Nicht unter "Eigene Zertifikate" speichern, das Zertifikat funktioniert dort nicht!


Danach einfach die Masken jeweils bestätigen. Hier nochmals der Pfad:

grafik.png

Schliesslich auf "Fertig stellen" und freuen, dass die Verbindung nun verschlüsselt ist.
 

iOS

bei iphone kann ich dir sagen: pack dir das irgendwo per web erreichbar, am besten in deinem LAN, rufe dann die .crt-datei mit -safari- auf und sage dem browser dann, dass er das crt installieren darf. das ist bisher die zuverlässigste variante. alles andere via "apple dateien" oder seafile oder oder funktionieren nicht, da der trigger nicht initiiert wird

Patrick Beck, 23.10.2022

Download certificate

Upper left corner, ca_simmy.crt.

Add custom certificates to Apache

grafik.png

Introduction

In numerous cases you want to enable https on a webserver like Apache. So I decided a once and for all documentation for it.

Configuration

a2enmod ssl
a2enmod rewrite
systemctl restart apache2

Edit the Apache configurationf file /etc/apache2/apache2.conf

Add at the end:

<Directory /var/www/html>
         AllowOverride All
</Directory>

Edit the Apache configuration file for the default website: /etc/apache2/sites-enabled/000-default.conf

<VirtualHost *:443>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on
        SSLCertificateFile /var/lib/zentyal/conf/ssl/ssl.cert
        SSLCertificateKeyFile /var/lib/zentyal/conf/ssl/ssl.key

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
</VirtualHost>

You have to add the lines 22, 23 and 24. I use the same certificate all over the system, so I point to already existing certificates.

Restart the service:

service apache2 restart

You might want to insert this at the beginning of the file:

<VirtualHost *:80>
        RewriteEngine On
        RewriteCond %{HTTPS} !=on
        RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
</virtualhost>

https://techexpert.tips/apache/enable-https-apache/

Add metager as search engine to your browser

Introduction

MetaGer is a meta-search engine focused on protecting users' privacy. Based in Germany, and hosted as a cooperation between the German NGO 'SUMA-EV - Association for Free Access to Knowledge' and the University of Hannover, the system is built on 24 small-scale web crawlers under MetaGer's own control.

With MetaGer as default searchengine you can instruct your browser to automatically use MetaGer when search queries are entered i.e. into the address bar.

I used to recommend MetaGer as default search engine for the browser. However, it proved to be unreliable. The search result were incomplete.

Features

Search queries are relayed to as many as 50 search engines.The results are filtered, compiled and sorted before being presented to the user. Users can select the search engines to query according to their individual choices among other options (such as "check for availability and sort by date"). Privacy protection is implemented by several features: MetaGer provides access to their services only through encrypted connections. As of December 2013, there is also a TOR Hidden Service (b7cxf4dkdsko6ah2.onion/tor/) that allows users to access the MetaGer search functionality from within the TOR network. Since February 2014 MetaGer additionally offers the option to open the result webpages anonymously ("open anonymously").

Add Metager as search engine

Goto settings --> Search engine --> Add

image.png

Enter:

Search engine: Metager

Shortcut: :mt

URL: https://metager.org/?q=%s

Set MetaGer as default search engine

  1. Navigate to the top right corner of your browser, click "" and choose "Settings".
  2. Under "Search engine" click the button "Manage search engines".
  3. Click on "" next to the MetaGer entry and choose "Make default".

MetaGer Apps

MetaGer App

This App brings the full Metager power to your smartphone. Search the web with one touch while preserving your privacy. There are two ways to get our App: install via the Google Playstore or (better for your privacy) get it directly from our server.

F-Droid Store

Google Playstore

Manual Installation

MetaGer Maps App

This App provides a native integration of MetaGer Maps (powered by Openstreetmap) on your mobile Android device.

Therefore, the route planner and the navigation service is running very fast on your smartphone. The app is faster compared against the use in a mobile web browser. And there are some more advantages- check it out!

Google Playstore

Manual Installation

After the first start you will be asked for the following permissions:

https://metager.org/plugin

https://metager.de/plugin

https://metager.de/

https://restoreprivacy.com/private-search-engine/

 

 

 

Thunderbird

Thunderbird

Installation of Thunderbird

Introduction

Prerequisites

Download the newest Version of Thunderbird directly from their Webpage.

Download Thunderbird

Installation

Installation on MacOS

Just click on the downloaded .dmg file and copy it to your programs directory.

Installation on Fedora

tar -xvjf thunderbird-128.3.0esr.tar.bz2

Thunderbird

Add Microsoft Outlook Account/Teams to Thunderbird

Introduction

Microsoft 365, Azure or Exchange Server uses a proprietary protocol for E-Mail, Calendar and Contacts/Address Book. It is possible to connect to a Microsoft E-Mail account with Thunderbird. It is also possible to connect to more than one account. Especially if it comes to Teams, which can be used inside of Thunderbird, this feature becomes very useful.

Configuration

image.png

Goto account setting and "Add Mail Account".

image.png

You will need your E-Mail address and your password.

After clicking continue, you will be asked to enter your password again. No matter what happens next, you will return to Thunderbird.

image.png

Select "Exchange/Office365" and click on "Done".

If you are asked to install "OWL", please do it.

image.png

Hint

You are now able to use E-Mail and Calendar functionality. So far Contacts/Address book are not working.

Teams:

On the left side you should find the Teams icon. Hover gently over it. It will then show all connected Microsoft Accounts. If you click on one of those account, a new tab will open for teams. Repeat until you opened all the Teams for your tenants.

image.png

CSA Webflow

CSA Webflow

Webflow User Guide

1. Logging In and Dashboard

visit webflow.com/login

image.png

Enter username and password. 

image.png

Enter your TOTP Token.

2. Page Settings

3. Designer

3.1 Design Options

3.2 Components

3.3 Variables

3.4 Style Selectors

3.5 Images

4. CMS Functions

4.1 Collections

4.2 Creating and Editing Items

4.3 Text Formatting

4.4 Image Upload

5. Multilingual Support

6. Video Integration

7. Customizing Fields

8. Publishing

9. SEO and Social Media Optimization

9.1 SEO Settings

9.2 Open Graph Settings

9.3 Testing

Tips and Tricks



 

Manual installation of WinBox

WinBox

Winbox is a very useful application from mikrotik for the purpose to manage their devices. It is currently in beta stage, so this installation guide might be subject of change.

Download the application from Mikrotik download page. Extract the package to ~/bin. Copy the icon file from the assets/img directory to ~/icons.

ln -s /home/hschindler/bin/WinBox_Linux/WinBox /home/hschindler/bin/winbox

Create the launcher:

image.png

Vivaldi - HSTS problem

 

 

vivaldi:net-internals/#hsts