Spinning Up Ubuntu 16.04 on a VPS instance

  • Create keys for SSH (in this case on linux command-line)
    ssh-keygen -t rsa
  • Name server hostname (I used these instructions (archive) for hostname)
  • Set reverse DNS in VPS server console equal to FQDN
  • Change SSH port & disable password authentication with
    sudo nano "/etc/ssh/sshd_config"
    then restart ssh
    sudo systemctl restart ssh
  • create non root user, copy .ssh folder from root to their profile, making sure to chown newuser for the authorized_keys file, and add the user to group sudo – sudo addgroup groupname.
  • Add auto security updates.
    sudo apt-get install unattended-upgrades
    sudo dpkg-reconfigure unattended-upgrades
    sudo nano /etc/apt/apt.conf.d/50unattended-upgrades **requires root email for notifications*
  • Set time zone
    sudo dpkg-reconfigure tzdata

OpenVPN for Mikrotik client

From this setup for OpenVPN Server on Ubuntu 16.04..

We need to unbolt some of the security features of the server config for Mikrotik compatibility.

I guess this isn’t explained in bright colours on their wiki examples cos they’re not proud of not being up with latest crypto. Which is more annoying cos it took a day, where as getting the server online took 20 minutes on a digital ocean instructional.

Continue reading “OpenVPN for Mikrotik client”

OpenVPN Server on Ubuntu 16.04

Following this guide.

NOTE 1: In the part where they edit /etc/openvpn/server.conf

I edited the server directive to read:
server 192.168.155.0 255.255.255.0

then my UFW rules are

# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to ens3 (change to the interface you discovered!)
-A POSTROUTING -s 192.168.155.0/24 -o ens3 -j MASQUERADE
COMMIT
# END OPENVPN RULES
Continue reading “OpenVPN Server on Ubuntu 16.04”

Project Secure Backup. Part 6

I moved the project to some acrylic in what is possibly the final stage for the project.While I thought the software reset for the Ethernet chip would suffice for connection problems, it appears this isn’t the case. I’ll try reprogramming the chip with an interrupt reboot for the main program loop, currently the device isn’t sending info to ThingSpeak.

Once the code is running smoothly (for at least a week) I’ll add email notifications. In the future I won’t use this Ethernet chip, there is a similarly priced chip I have which is much more capable.

Continue reading “Project Secure Backup. Part 6”

Hardware shutdown switch for RPi

Sometimes I need to power off one of my Raspberry Pis, and since I run these computers headless, going to a remote SSH terminal to issue a shutdown command can be extra work. I saw a webpage mentioning using a simple 2 pin jumper to initiate a shutdown script for the Pi. So that’s what I did (green tab on the GPIO pins), I chose python due to the wait_for_edge function.

This script will shutdown the RPi when the tab is pulled. Strangely the RPi will boot if you plug the jumper back in after it has shutdown, or if you pull it out after it has completed shut down (putting it back before it has completed shutting down). If there is no jumper in during boot, then the script will close.

#!/usr/bin/env python
#note crontab for superuser required a new PATH variable as here http://unix.stackexchange.com/questions/43392#answer-43394
import subprocess
try:
 import RPi.GPIO as GPIO
except RuntimeError:
 print("Error importing RPi.GPIO! This is probably because you need superuser privileges. You can achieve this by using 'sudo' to run your script")

#http://raspberrypi.stackexchange.com/questions/12966/what-is-the-difference-between-board-and-bcm-for-gpio-pin-numbering
GPIO.setmode(GPIO.BOARD)
GPIO.setup(5, GPIO.IN) #Hardware Pullup on this pin..

ShutdownCommand = ['shutdown', '-h', 'now', '"System halted by GPIO action"']

if GPIO.input(5) == 0:
 #run script waiting for jumper removal
 GPIO.wait_for_edge(5, GPIO.RISING)
 GPIO.remove_event_detect(5)
 KillProcess = subprocess.Popen(ShutdownCommand, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
 MountData, MountError = KillProcess.communicate()
 GPIO.cleanup() 
else:
 GPIO.cleanup()

Then I simply added this script to the bottom of my root crontab (sudo crontab -e) to run at reboot:

@reboot python /usr/local/sbin/ShutdownJumper.py

Monitoring RPi Temp and CPU with Thingspeak

I made the following python script to update CPU Temperature and 5 minute average CPU load of my RPi to Thingspeak:

#!/usr/bin/env python
import subprocess
import httplib, urllib

GetTempCommand = "cat /sys/class/thermal/thermal_zone0/temp"
GetCPUCommand = "cat /proc/loadavg"

GetTempProcess = subprocess.Popen(GetTempCommand.split(), stdout=subprocess.PIPE)
GetTempOutput = GetTempProcess.communicate()[0]
Temp = float(GetTempOutput) / 1000
#print Temp
GetCPUProcess = subprocess.Popen(GetCPUCommand.split(), stdout=subprocess.PIPE)
GetCPUOutput = GetCPUProcess.communicate()[0]
CPU = GetCPUOutput.split()
#print CPU[1]

params = urllib.urlencode({'field1': CPU[1],'field2': Temp, 'key':'######'})     # use your API key generated in the thingspeak channels for the value of 'key'
# temp is the data you will be sending to the thingspeak channel for plotting the graph. You can add more than one channel and plot more graphs
headers = {"Content-typZZe": "application/x-www-form-urlencoded","Accept": "text/plain"}
conn = httplib.HTTPConnection("api.thingspeak.com:80")                
try:
    conn.request("POST", "/update", params, headers)
    response = conn.getresponse()
    data = response.read()
    conn.close()
except:
    print "connection failed"

The script is run every 5 mins using cron ($ crontab -e):

*/5 * * * * python "/home/ubuntu/logging/TempCPUtoThingspeak.py"

I borrowed some script from here and here.