This command line can be used to look up the operating system.
The command is here.
hostnamectl
This command line can be used to look up the operating system.
The command is here.
hostnamectl
I would prefer if my server utilized DNS over TLS instead of Plain 53 port. I did it, and it works really well. Furthermore, I no longer have an attack from 53 ports now.
So for Specific Ubuntu 22.04.4 LTS
/etc/systemd/resolved.conf
[Resolve]
DNS=1.1.1.1 1.0.0.1 8.8.8.8
#FallbackDNS=1.1.1.1 9.9.9.10 8.8.8.8 2606:4700:4700::1111 2620:fe::10 2001:4860:4860::8888
#Domains=
#LLMNR=yes
#MulticastDNS=yes
#DNSSEC=allow-downgrade
#DNSOverTLS=opportunistic
#DNSSEC=yes
#DNSOverTLS=yes
#Cache=yes
#DNSStubListener=yes
#ReadEtcHosts=yes
Ubuntu 22.04.04 LTS specific resolved.conf
remove hashtag on these highlights.
[Resolve]
DNS=1.1.1.1 1.0.0.1 8.8.8.8
FallbackDNS=1.1.1.1 8.8.8.10 8.8.8.8
#Domains=
#LLMNR=no
#MulticastDNS=no
DNSSEC=yes
DNSOverTLS=yes
#Cache=yes
#DNSStubListener=yes
#ReadEtcHosts=yes
systemd-resolved
is enabled, restart the servicesystemctl restart systemd-resolved.service
systemd-resolved
provides a local DNS stub listener on IP address 127.0.0.53 on the local loopback interface, so to use the DNS over TLS capable stub resolver, we’ll need to somehow manage /etc/resolv.conf
and make sure 127.0.0.53
is used as a nameserver.
NOTE: systemd maintains /run/systemd/resolve/stub-resolv.conf
for compatibility with traditional Linux programs. We can simply link to this file by symlinking.
ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
Done.
Well, it’s easy, let get this start,
Example:
version: "3"
services:
watchtower:
image: containrrr/watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /etc/localtime:/etc/localtime:ro
env_file:
- stack.env
WATCHTOWER_SCHEDULE=* 22 * * *
WATCHTOWER_NOTIFICATIONS=shoutrrr
WATCHTOWER_NOTIFICATION_SKIP_TITLE=True
WATCHTOWER_NOTIFICATION_URL=ntfy://ntfy.sh/my_watchtower_topic?title=WatchtowerUpdates
Then the second file is a stack.env, make sure it is a same path.
WATCHTOWER_SCHDULE: cron job I choose at night, so I can work on the server without being outrage services.
WATCHTOWER_NOTIFICATIONS: We use Shoutrrr
WATCHTOWER_NOTIFICATION_SKIP_TITLE: True (I leave it as default)
WATCHTOWER_NOTIFICATION_URL: ntfy://ntfy.sh/my_watchtower_topic?title=WatchtowerUpdates
After you run, you should get a notification from your ntfy app or your ntfy browser.
I am using Ntfy for my SSH alert and watchtower update. It is pretty cool to have this feature, so I can know who is accessing my server without my authorization. And know my docker needs to be updated as well.
Command this to open code,
nano /etc/pam.d/sshd
Please add this code to the bottom of the page.
session optional pam_exec.so /usr/local/bin/ntfy-ssh-login.sh
You should create a script file called /usr/local/bin/ntfy-ssh-login.sh
nano /usr/local/bin/ntfy-ssh-login.sh
Here code, make sure you change the server URL and username and password for nginx auth.
#!/bin/bash
# This is a PAM script hook that shows how to notify you when
# somebody logs into your server. Place at /usr/local/bin/ntfy-ssh-login.sh (with chmod +x!).
TOPIC_URL=yourntfydomain
NGINXUSER=yourusername
NGINXPASSWORD=yourpassword
if [ "${PAM_TYPE}" = "open_session" ]; then
curl -u ${NGINXUSER}:${NGINXPASSWORD} -H tags:warning -H prio:high -d "SSH login to $(hostname): ${PAM_USER} from ${PAM_RHOST}" "${TOPIC_URL}"
fi
Then Now you save Ctrl +x then yes
Make sure you have chmod permissions. Here is the command.
chmod +x /usr/local/bin/ntfy-ssh-login.sh
Go try logging into another terminal and see if it notifications you, then try logging in again and see if it notifications you. 🙂
It works well. It shows the username and IP address, so the IT team can protect the account if they don’t have permission to access our server.
Step by step:
So easy, I recommend you guy to do use Repo and then enjoy the services you use.
Step-by-step Instructions:
I upgraded his PC, Graphic Card, Power Supply, RAM, WiFi6 Network Card to improve speed and stabilized his golf game.
This is most important for me to work on troubleshooting with PC Sticks. So I don’t want an expose password that i type. This is great.
I’ve also set up three more rust desk relay servers on my machine so we can connect without any issues between Washington State and Arionza.
We commenced utilizing rustdesk in August 2023, and their updates have been impeccable. We desire the service we receive, and I am grateful for their dedication to their work. I recommend that you consider purchasing a professional license if you wish to construct your own server.
https://rustdesk.com/pricing.html
Check it out and good price!
Goal to set up
Blue Dot: Starlink connected to ubiquiti dream station, that we want
Green Dot: Xfinity connected to ubiquiti dream station.
We want to get rid of Comcast’s business on Green Dot, so Blue Dot can send its internet to Green Dot.
He is thinking about setting up this wifi bridge between those two roofs, but he needs my help to send a signal from Blue (Starlink) ubiquiti to Green ubiquiti so he can remove Xfinity plans.
I have successfully installed a new wire, and I had to visit the attic. This was my first time experiencing such an activity, as I had to drill in order to install 2 cat6 wire for client AP and NanoBeam 5AC Gen 2 on a cottage house. As a result, I proceeded to install 10 cat6 wires altogether for both the cottage and Hotel Laundry build.
I have finally been able to communicate with the owner, reassuring him that it is safe to cancel his Comcast business plans. This allows him to utilize Starlink with their new Advanced Protocols now.