sed Shennanigans…

Escaping…

For anyone familiar with regular expressions, the need to escape characters, that might otherwise be construed as some “special command”, is a regular affair…

sed posed a particular challenge for me when attempting to escape variables that are used as a replacement string. So, to cut the long story short, after 8 hours of trying, testing and re-testing, I finally got the solution…

In a bash shell, try the following:

TESTSTRING='\/12345678\90!@#$%^&*()-_=+{}[];:",.<>? `~abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
sed "s#\([^[:alnum:]]\)#\\\\\1#g"<<<$TEST

Otherwise, in a script, try the following:

TESTSTRING='\/12345678\90!@#$%^&*()-_=+{}[];:",.<>? `~abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
TESTSTRING=`echo $TESTSTRING|sed 's#\([^[:alnum:]]\)#\\\\\1#g'

WARNING: This does not work with intended backreferences (e.g. \1, \2, … \9, etc.) as the leading backslash will also be escaped (see the \9 in the tests above).

NOTE: The single-quote character was not part of the tests as I could not find a way to escape that as part of the variable assignment.

Adding 4G/LTE Back Up Internet Link to pfSense VM…

Updates Fartdates…

So, my Ubuntu LTS 18.04 decided to have a brain fart during a “routine” system update just past midnight on Saturday morning… Rebooted the modem, switches, VM, VM host… nada

Wither Thou Internet…

With the ‘net down, I could not seem to see the list of update details, nor try and roll anything back… Worst yet, I was actually doing work (which needs a ‘net connection)… So the troubleshooting ensued…

Troubleshooting using my work laptop via my handphone hotspot was no fun… So, four-and-a-half hours later, I retired, disgruntled at not solving the issue (and also having to do three rounds of laundry, get woken up a mere 15 minutes later by my young daughter who wet her bed, and get awakened again 30 minutes after that due to one inconsiderate neighbour’s noisy pet birds – but that’s a totally different story and I digress)…

Saving Grace…

Just a few days ago, I had applied for a free 12-month trial from TPG (Singapore’s fourth telco), so at 10AM in the morning, I dragged myself out of bed, went to church, and then picked up the TPG SIM card… All this to use in a Huawei E3372-607 USB LTE/4G modem (together with a high-gain indoor antenna) purchased nearly two years ago that was meant to fix this exact situation (i.e. be a back-up Internet link).

Continue reading

Unifi Controller vs. MongoDB Debacle

Ubiquiti’s Motto: If It Ain’t Broke, Don’t Won’t Fix It

After my upgrade of my Ubuntu LTS 16.04 to 18.04, I discovered some things had broken, including the Unifi Controller used for my UAP-HD. Apparently, the entire /usr/lib/unifi directory disappeared (alongside with MongoDB)!

Rooting around the Internet turned this thread up… And accordingly, there is a work-around, with some “clean-up” work.

The “official” fix is relatively useless, but that is another shouting match argument with another idiot person for a different time…

Anyway, on to the fix!

NOTE

The “fix” offerred below is not really one – it does not restore your data, although you could conceivably do so if you got creative in restoring some data files before re-installing MongoDB version 3.4 as per below…
Continue reading

Upgrading Ubuntu Server LTS 16.04 to 18.04 (aka GDM and x11vnc)

So, the time has come to upgrade my Ubuntu Server LTS 16.04 to the latest LTS 18.04…

It’s a straight-forwards upgrade, easy-peasy, right?

The Triumph Defeat of Hope Over Reality

Compared to what Linux used to be in the recent past, the upgrade via the stock 16.04 UI went fairly smooth…

I already knew that I had to do the standard ZFS pool upgrade:

sudo zpool upgrade <poolname>

But after the whole upgrade was done, I tried to VNC into the machine again after it rebooted… and failed.

2018/12/25 Update:

I suddenly noted that my Unifi Controller was no longer working… I later discovered that it was due to the Ubuntu LTS upgrade… Another day, another battle

Continue reading

Securing pfSense SSH2…

So, as exposing the HTTPS administration page of pfSense to the big, bad, Internet is a big “no no”, the only proper way should be to set up SSH2 and allow port forwarding.

Now, there are already articles out there telling you that using username+passwords to secure SSH2 is not the way to go… Using certificates is. However, I wanted more… I wanted both… Why is it that pfSense will only allow one or the other when sshd already allows enforcement of both?

So, once again, rolling up my sleeves, I dived into the murky waters of the pfSense shell…

Continue reading

Software Firewall…

The Problem

I have been using an Asus RT-AC68U, followed by an RT-AC87U, running Merlin’s firmware with customised firewall scripts for the longest time. However, both units had a persistent issue with some (not all) sites being inaccessible, total resets and re-configuration from scratch regardless.

Having confirmed it was an issue with the router(s) and not the firmware nor firewall rules nor server-side blocks, and not being able to find a solution, I decided to just utilise a software firewall. One that I knew well and trusted was/is pfSense.

The Other Problem

At the very same time, I finally discovered that the boot failures of my server was actually due to the PSU (read other Amazon reviews citing similar fan-spin-up-then-dies failures). Having not had time to look at the frequently (and randomly rebooting server), I finally purchased whatever SFX module that was in stock at the local “IT complex” – another Silverstone SST-SX600-G unit… Crossing my fingers that the PSU was the culprit…

2018/06/04 Update: Nope, false hope again… Server is still rebooting rather “randomly” despite using a brand new Corsair SF600

Continue reading

Ubuntu and UPS…

No, I am not talking about the delivery kind

With an existing PROLiNK 902S 2000VA online UPS providing clean power to my (aging) desktop, I thought it time to finally get a proper UPS for my NAS instead of the old, line-interactive PROLiNK PRO1200SVU that already had to have its dying battery replaced once.

Fortunately, I managed to get a PROLiNK 903S 3000VA unit.

Like the 902S and my desktop, the 903S has its USB cable plugged directly into a/the computer, in the hope of using the provided ViewPower software to monitor the UPS and cleanly and safely shutdown the host should power interruptions occur.

Unfortunately, installation was not at all simple, particularly not since the user manual has no mention of installing the software on Linux (even if the software is “compatible” with Linux, being Java-based).

Googling did not help much, with most/all the returned pages referencing the use of NUTS instead of the intended/provided ViewPower, not to mention needing to “hack” your own “configuration file”, with no guarantee that the runtime calculations are correct.

After much fumbling around, searching and testing, I managed to get it to work…

Continue reading

KVM: Installing Windows…

So, I had a spare, official Windows 7 Pro key that was never installed on the intended laptop. I was thinking that it was a good chance to install it on KVM…

So, what was supposed to be a straight-forward “new VM” + “install Windows 7” + “Windows 10 upgrade” turned into another headache…

Fortunately (and probably yet another reason to stick with the “tried-and-tested”/popular VM solutions), KVM has a “large enough” community, with lots of help online…

Continue reading

There Is No Spoon…

So, attempting to set up a virtual machine on Ubuntu now leaves me some choices (again, which is mostly a good thing).

Attempting to set up a secure Windows environment is never easy. Maybe one of the better/best ways to do this is to simply use VMs and virtualised software…

First, I need virtualisation host software. VMware ESXi and any other hypervisors are out of the question, because we already have an OS. Besides, despite being comfortable with ESXi (and also have somewhat generous “limits” on their “free” version from v5.5 and up), ESXi is pretty strict in terms of supported hardware.

Having looked at some of the “popular” ones out there, including Oracle’s VirtualBox, Citrix’s Xen, and Red Hat’s KVM (not to be confused with the common abbreviation KVM), I finally decided on KVM.

Even with VirtualBox’s ability to use “integrated mode“, I still believe that having low-level integration with the kernel and open source is more important than reliance on a specific kernel version (note: linked search only shows results from past year to show “current” reported issues as at time of search).

Continue reading