IT-Dan Software - Linux

EdgeRouter X VTI IPSec VPN and Dynamic IP Address

IT Dan — Mon, 03 Oct 2022 14:31:54 +0000

This is a used on an EdgeRouter X with three WAN connections. Only one is ever active at a time. They are all DHCP. The BASH script cycles between the three WAN connections until a stable VPN is made.

Script below:

#!/bin/bash
# /config/scripts/VTI-update.sh

source /opt/vyatta/etc/functions/script-template
run=/opt/vyatta/bin/vyatta-op-cmd-wrapper

inf="eth1"
if [[ -e /config/scripts/.VTI-inf ]]
then
  inf="$(cat /config/scripts/.VTI-inf)"
fi

cnt="0"
if [[ -e /config/scripts/.VTI-cnt ]]
then
  cnt="$(cat /config/scripts/.VTI-cnt)"
fi

current_ip="$(run show interfaces ethernet "$inf" | grep "global "$inf"" | sed 's/  inet //g' | cut -d "/" -f1 | tr -d '\n' | sed 's/^ *//')"
configured_ip="$(cat /opt/vyatta/config/active/vpn/ipsec/site-to-site/peer/123.123.123.123/local-address/node.val)"

if [[ -n $current_ip && $configured_ip != $current_ip ]]
then
  echo $(date +"%Y-%m-%d %T") "Old IP: '$configured_ip'."
  echo $(date +"%Y-%m-%d %T") "New IP: '$current_ip'."
  configure
  set vpn ipsec site-to-site peer 123.123.123.123 local-address ${current_ip}
  commit
  save
elif [[ -n $current_ip ]]
then
  # ping the remote vti
  /bin/ping -n -c 1 -W 1 -w1 10.6.101.1 >/dev/null 2>&1
  if [ $? -ne 0 ]
  then
    if [[ $cnt -le 1 ]]
    then
      echo $(date +"%Y-%m-%d %T") "Restarting VPN."
      run restart vpn
      cnt=$[$cnt +1]
      echo "$cnt" > /config/scripts/.VTI-cnt
    else
      case $inf in
        "eth1")
          echo "eth2" > /config/scripts/.VTI-inf
          echo "0" > /config/scripts/.VTI-cnt
          ;;
        "eth2")
          echo "eth0" > /config/scripts/.VTI-inf
          echo "0" > /config/scripts/.VTI-cnt
          ;;
        *)
          echo "eth1" > /config/scripts/.VTI-inf
          echo "0" > /config/scripts/.VTI-cnt
          ;;
      esac
    fi
  else
    echo "0" > /config/scripts/.VTI-cnt
  fi
fi
exit 0

Category:

Linux

Tags:

Ubiquiti

Migrate Wordpress Database and Files

IT Dan — Tue, 19 Jun 2018 09:49:04 +0000

I wanted a script to automate the copying of a live WordPress website to a "staging" site on the same machine. This was tested on Debian Jessie.

Before you begin:
In this case make sure the same database user has the appropriate permissions on both databases. And also note that the RELOAD privilege is needed to use the `mysqldump --lock-all-tables` option on the existing live database.

Script below:

#!/bin/sh
old_host="www.example.com"
new_host="staging.example.com"
db_name_old="wordpress_old"
db_name_new="wordpress_new"
db_user="wordpress_user"
db_pass="securepassword"
db_prefix="wp_"
base_directory="/home/user/public_html"
old_directory="live"
new_directory="staging"

echo "deleting old files"
rm --recursive --force $base_directory/$new_directory
mkdir $base_directory/$new_directory
echo "copying new files"
cp --archive $base_directory/$old_directory/. $base_directory/$new_directory/
echo "dumping old database"
mysqldump --lock-all-tables --result-file=$db_name_old.sql --user=$db_user --password=$db_pass $db_name_old 
echo "droping new database"
mysql --user=$db_user --password=$db_pass -e "DROP DATABASE IF EXISTS $db_name_new"
mysql --user=$db_user --password=$db_pass -e "CREATE DATABASE $db_name_new"
echo "importing database"
mysql --user=$db_user --password=$db_pass $db_name_new < $db_name_old.sql
mysql --user=$db_user --password=$db_pass -e "USE $db_name_new; UPDATE ${db_prefix}options SET option_value = replace(option_value, 'https://$old_host', 'https://$new_host') WHERE option_name = 'home' OR option_name = 'siteurl';"
mysql --user=$db_user --password=$db_pass -e "USE $db_name_new; UPDATE ${db_prefix}posts SET guid = replace(guid, 'https://$old_host','https://$new_host');"
mysql --user=$db_user --password=$db_pass -e "USE $db_name_new; UPDATE ${db_prefix}posts SET post_content = replace(post_content, 'https://$old_host', 'https://$new_host');"
mysql --user=$db_user --password=$db_pass -e "USE $db_name_new; UPDATE ${db_prefix}postmeta SET meta_value = replace(meta_value,'https://$old_host','https://$new_host');"
echo "updating config file"
sed --in-place s/$old_directory/$new_directory/g $base_directory/$new_directory/wp-config.php
sed --in-place "s/'DB_NAME', '$db_name_old'/'DB_NAME', '$db_name_new'/g" $base_directory/$new_directory/wp-config.php
echo "done"

Should be pretty easy to follow.

Some notes:

Your password will be visible to anyone else logged into the server by including it in the mysql commands. If not an acceptable risk, search for the `~/.my.cnf` method.
It doesn't delete the dumped database, I thought it is nice to have a backup of the original database just in case.
The first `sed` command was to update the WP Super Cache line that points to the cache location.
The second `sed` command is to replace the database name. I'm using the same database user and password, but the script could be modified to allow different credentials by copying and editing this line to replace them.

Category:

Linux

vsFTPd Passive Mode with Dynamic IP

IT Dan — Wed, 13 Jun 2018 07:08:08 +0000

Below is a script that checks the current external IP address, and if it has changed since last check, updates the pasv_address line in the vsftpd.conf file.

I'm using Debian Stretch. For dig you may need to install dnsutils like so:

apt-get install dnsutils

Create the shell script file:

vi /root/vsftpd-pasv_address.sh

#!/bin/bash

[[ -f /root/last_ip.txt ]] && last_ip=$( /dev/null)
if [ $? -ne 0 ]
then
    # Exit if the dig command failed
    exit 1
fi

# If not empty and IP changed
if [[ -n "$this_ip" && "$last_ip" != "$this_ip" ]]
then
    echo $(date +"%Y-%m-%d %T") "Old IP: $last_ip"
    echo $(date +"%Y-%m-%d %T") "New IP: $this_ip"
    echo "$this_ip" > /root/last_ip.txt
    sed -ri "s/^(pasv_address=*).*$/\1${this_ip}/" /etc/vsftpd.conf
    /etc/init.d/vsftpd restart
fi
exit 0

Make the file executable:

chmod +x /root/vsftpd-pasv_address.sh

I added the following cronjob:

*/10 * * * * /root/vsftpd-pasv_address.sh

The script will run every 10 minutes, and update vsftpd.conf if your external IP address changes.

Category:

Linux

Block Ads with Linux and Bind9

IT Dan — Wed, 30 Dec 2015 08:18:56 +0000

Learn how to block ads and trackers using a Debian based system and bind9 (DNS caching) service. This is handy if you want to block ads for everyone on your network.

Prerequisites:

A basic understanding of Linux shell commands
A basic understanding of the Vi text editor
A Debian based system. In this example a Raspberry Pi running Raspbian *

Step 1:

Ensure you have a working bind9 caching DNS service. The following is a guide to do that.

https://youtu.be/-OQf2IBk-fs

Step 2:

Now that you have the basics ready, we will create our shell script that will download the ad block list** and convert it to bind9 format.

The following commands need to be run as root user, or prefix them with 'sudo'.

Create the shell script file:

vi /etc/bind/make-block-list.sh

#!/usr/bin/env bash
wget -O - http://someonewhocares.org/hosts/zero/hosts | grep '^0.0.0.0' | tr "[A-Z]" "[a-z]" | awk '!a[$0]++' | awk '{print "zone \""$2"\" { type master; notify no; file \"/etc/bind/blocked.zone\"; };"}' > /etc/bind/named.conf.blocked
rndc reload

Each part is explained below:

# download the list to STDOUT.
wget -O - http://someonewhocares.org/hosts/zero/hosts
# filter out any lines that don't start with the '0.0.0.0', such as comments and empty lines.
grep '^0.0.0.0'
# convert to lowercse
tr "[A-Z]" "[a-z]"
# filter out any duplicate lines
awk '!a[$0]++'
# format the line to bind9 style
awk '{print "zone \""$2"\" { type master; notify no; file \"/etc/bind/blocked.zone\"; };"}'
# save the output to /etc/bind/named.conf.blocked
> /etc/bind/named.conf.blocked
# reload the bind9 service
rndc reload

Make the file executable:

chmod +x /etc/bind/make-block-list.sh

Now we need to tell bind9 to load our block list:

vi /etc/bind/named.conf.local

And add this to the end of the file:

include "/etc/bind/named.conf.blocked";

Similar to the video, we will create a new zone that will be used to block URLS:

vi /etc/bind/blocked.zone

$TTL    86400   ; one day
@       IN      SOA     ads.example.com. hostmaster.example.com. (
                        2014090102
                        172800
                        14400
                        3628800
                        604800
                        )
                NS      my.dns.server.org
                A       0.0.0.0
@       IN      A       0.0.0.0
*       IN      A       0.0.0.0

All that's left is to run the shell script, which will create our list and reload the service:

/etc/bind/make-block-list.sh

* I installed this version of Raspbian, the minimal Raspbian unattended netinstaller for Raspberry Pi Model 1B, 1B+ and 2B.

** I'm using the list from here: someonewhocares.org/hosts/zero/

Category:

Linux