Webmin, Virtualmin and APT for Ubuntu and Debian

I often use Webmin and Virtualmin to manage basic stuff on Linux servers, mostly so because others sometime need to change minor settings on these servers, and they may or may not be very familiar with doing things from the CLI.

You can, of course, update Webmin and Virtualmin manually, from within Webmin. But if you’re using APT, there is an automated, better, way of keeping these lovely software packages up to date.

Webmin

Create a file in /etc/apt/sources.list.d/ like webmin.list

Add the following line to that file:

deb https://download.webmin.com/download/repository sarge contrib

Add Jamie Cameron’s GPG key for the repository like so:

cd /root
wget https://download.webmin.com/jcameron-key.asc
apt-key add jcameron-key.asc

Finalize everything with

apt-get install apt-transport-https
apt-get update

You may now install/update Webmin with via APT (apt-get, aptitude, etc).

Virtualmin

Create a file in /etc/apt/sources.list.d/ like virtualmin.list

For Ubuntu 18.04.LTS (“Xenial”), add the following to that file:

deb http://software.virtualmin.com/vm/6/gpl/apt virtualmin-xenial main
deb http://software.virtualmin.com/vm/6/gpl/apt virtualmin-universal main

There are, of course, sources available for other distributions too. Simply replace xenial above, with the name of the distribution you’re running. You can find a list of the Debian based distributions here: software.virtualmin.com/vm/6/gpl/apt/dists/

Add the virtualmin GPG key for the repository like so:

cd /root
wget http://software.virtualmin.com/lib/RPM-GPG-KEY-virtualmin-6
apt-key add RPM-GPG-KEY-virtualmin-6

Finalize everything with

apt-get update

You may now install/update Virtualmin via APT (apt-get, aptitude, etc). You can find some more information about this in relation to Virtualmin on the Virtualmin forum.

Forcing apt-get to use IPv4

When or if you run into trouble with apt-get and IPv6 connections timing out or not resolving properly at all, it may be a good idea to simply prevent apt-get from using IPv6.

Use

-o Acquire::ForceIPv4=true

when running apt-get, or create /etc/apt/apt.conf.d/99force-ipv4 and put

Acquire::ForceIPv4 "true"

in it.

If this does not work for you, you may want to have a look at /etc/gai.conf (this will, however, affect your system on a deeper level for IPv4 vs IPv6 connectivity). If you’re not interested in IPv6, it should cause no problems.

See more from @geek1968 on Instagram

Resizing windows in XFCE / XFWM4

This does not seem to be a problem for everyone nor for every XFCE theme, but sometimes it can be a real drag (no pun intended) to resize the windows in XFCE / XFWM4. For no apparent reason whatsoever, this seems to be known by the developers but marked as “wontfix” … #WTF

Anyway, hold down the (left) Alt key (PC keyboard), right click the mouse and then drag in the desired direction to “easily” resize the windows. This is a lot easier with an actual pointing device rather than a “touchpad”, but at least there’s a way.

You can also use Alt+Space and then press R to resize the current window.

This sort of “behavior” is one of (many small) things that annoys and frustrates people with “Linux Desktops”, and in all honesty, this should not be an issue in 2019! #FFS

So, remember:

ALT + [RIGHT-CLICK] + DRAG

or

ALT + [SPACE] followed by the [R] key

Using sfdisk to recover a partition table on Linux

As he re-entered the sfdisk dump manually in the remote recovery console, using the devil’s editor (vi), he was silently thanking the Linux developers for not screwing around with the file system when it cannot be mounted.

Messing around with partition tables, disk volumes, and similar critical configuration parameters can lead to quite unexpected and unintended results. So, it may be a good idea to actually dump the current configuration before you begin your magic.

Using sfdisk, you can dump your Linux partition configuration in a fairly straightforward way. You can try the command by typing just sfdisk -d /dev/disk, where disk is one of the disks in your Linux system. For a list of disks in your system, use the lsblk command. They are identified as “disk” (surprise).

sfdisk -d /dev/sda > sda.txt

This would dump the partition table data for the /dev/sda disk to the file sda.txt. Your output will look something like this:

label: dos
label-id: 0xa828a5d8
device: /dev/sda
unit: sectors

/dev/sda1 : start= 2048, size= 997376, type=83, bootable
/dev/sda2 : start= 999424, size= 999424, type=82
/dev/sda3 : start= 1998848, size= 249659359, type=83

The partition table information can then later be restore by issuing the reverse, i.e.

sfdisk /dev/sda < sda.txt

DO NOT PERFORM THE ABOVE COMMAND IF YOU DON’T KNOW WHAT YOU ARE DOING!

This procedure may come in handy if you, like me, manage to screw up the partition table and find yourself at the (initramfs) prompt when you restart your Linux machine. You will (obviously) need to save the dump file (sda.txt above) in a location other than your computer. Using this method, it’s often possible to recover your partition table from a rescue boot (be it on CD, DVD or a flash drive).

I happened to have a previous terminal session window open with the above information, so I hand-typed it from one window to another, where I was running the remote recovery console.

There are a lot more complex partition setups than the above, and sfdisk may not work in those cases or for certain RAID and LVM setups. But it it’s a good procedure in applicable situations.

Show which process/program is listening to what port using netstat and lsof

lsof -Pnl +M -i4
lsof -Pnl +M -i6

or

netstat -tulpn
netstat -npl

There are obviously a number of ways to accomplish this, but these variations will cover a lot of ground. You can also combine this with grep to filter out things you don’t need to see, or to only include specific processes and/or ports.

See post from @geek1968 on Instagram

SSH tunnel to use other mailserver than localhost

Because I have a lot of virtual machines, laptops, work environments, and so on, I never seem to find the time to setup SMTP authentication everywhere. I typically use Linux for everything except hardcore gaming, so it’s only natural that I have some sort of mail server installed like Postfix. The problem in using that mail server to send e-mail is that I also quite often have dynamic IP addresses on these machines, which doesn’t work well with “e-mail protection” (well..) like SPF.

So instead of making my life very complicated, I have a trusted server on the Internet through which I send e-mail.

If you were looking for something fancy in this article, you can move along now, there’s nothing to see 🙂

To make all my Linux work instances believe they’re talking to an SMTP server locally, I simply setup a tunnel from the given Linux instance to this trusted server on the Internet using the ever so versatile OpenSSH / SSH. I know there are a lot of ways to do this, but this is what works for me:

Local machine or “where I work”

I have a private/public key keypair on all of these machines. The public key is placed in the /root/.ssh/authorized_keys file on the trusted server that is running the mail server.

On this machine, as root, I setup a tunnel that looks like this:

ssh -N -L 25:localhost:25 root@mail.example.org -p 2222

This will create a tunnel from “localhost” port 25 (where I work) to “localhost” port 25 on mail.example.org. It will connect the end point of the tunnel to mail.example.org on port 2222. If the mail.example.org server is running an SSH server on its standard port (22), you can remove the “-p 2222” part.

Mail server

On this server, I only need to put the public key from the local machine “where I work” into /root/.ssh/authorized_keys to allow the tunnel to come up.

When I access port 25 on my local machine “where I work”, it will be sent through the tunnel and then attempt to access “localhost” port 25 on the mail server. The mail server software, Postfix in my case, will never know this connection did not actually originate from “inside” the machine, but rather through the tunnel.

Closing thoughts

You can (obviously) make this somewhat more automated with tools like AutoSSH, init scripts, and what not. The above only intends to show how uncomplicated it is to create useful SSH/SMTP tunnels 🙂