Creating Static Routes with Netplan on Ubuntu 18.04

Let me just start by saying that if there is one thing that has drove me crazy with Ubuntu Server 18.04, it is the fact that they went and changed how we configure network.  It’s been the same for so long, it worked well, and now I’m just sounding like a user so I’m going to cut myself off there!  Anywhow, Ubuntu 18.04 has moved to Netplan for their network configuration.  Now I used to use post-up pretty heavily in prior versions of Ubuntu, but hook scripts are no longer supported.  Thus I must use the configuration below to configure static routes.  I do not say this with disdain though, it really is pretty simple.

 

Step-By-Step Install ELK Stack on Ubuntu 18.04

Elasticsearch, Logstash, and Kibana (aka ELK Stack) are very powerful tools for storing, analyzing, and visualizing log data in a centralized location.  That being said, it can be quite the headache to actually get up and running if it is your first experience with it.  Having spent the time pouring over the documentation provided by Elastic, which I must say is quite impressive, and struggling through getting the ELK stack up and running I figured I would make a step-by-step.  Some things to note before we get started:

  • This will be for the current most recent version 6.3.2 released on July 24, 2018.
  • I will set up an nginx reverse proxy to access Kibana.
  • will not be including SSL setup.
  • I will be installing all components of the stack with DEB packages.
  • Java 8 is required prior to ELK setup.  See my post Install Java JDK/JRE on Ubuntu Server without APT.
    • Java 10 is not compatible with the Logstash 6.3.2.  I learned this the hard way, take my word for it.
  • I will be showing BEATS configurations in a separate post.  This will be only the ELK stack setup.

I am not using APT repositories for anything because I have been burned by the upgrade process in the past with ELK, so I just manually upgrade as necessary.  Now, let’s get this thing started.

Install & Configure Elasticsearch

1.  Start by navigating to the Elastic downloads page and select Elasticsearch.

2.  Login to your Ubuntu box and download the DEB package.  I put it in tmp for easy cleanup.

3.  Now download the checksum and compare against your downloaded package.  It should return OK.

4.  Install Elasticsearch.

5.  Open the Elasticsearch config file found at /etc/elasticsearch/elasticsearch.yml and uncomment/edit the following settings.

This will configure your cluster name as my-cluster-name, your node (or server) as my-node-name, your data storage location as /var/lib/elasticsearch, your log location as /var/log/elasticsearch, and your host as localhost (127.0.0.1).  These are pretty default settings and I don’t see many reasons to change them, but do so if you wish.

6.  Restart/Reload the service, daemon, and enable the service.

7.  Test Elasticsearch.

Which should return:

 

Install & Configure Kibana

1.  Download Kibana DEB package from Elastic downloads page.

2.  Install Kibana.

3.  Open the Kibana config file found at /etc/kibana/kibana.yml and uncomment the following:

4.  Restart/Reload daemon, enable and start the service.

 

Install & Configure Nginx (Source)

1.  Install nginx.

2.  Setup user for basic authentication.

Enter a password for the user when prompted.

3.  Configure nginx by clearing /etc/nginx/sites-available/default and inputting the following:

This will configure nginx as a reverse-proxy for Kibana, while also requiring the username and password set up in step two.

4.  Test nginx configuration and restart service.

 

Install & Configure Logstash

1.  Download the Logstash DEB package from the Elastic downloads page.

2.  Install Logstash.

3.  Create the file /etc/logstash/conf.d/10-beats.conf and input the following:

This will configure logstash to listen for beats applications on port 5044 without requiring SSL.

4.  Create the file /etc/logstash/conf.d/50-output.conf and input the following:

This will configure logstash to output beats data to elasticsearch on this host to index which named is determined by specified variables.  In this case, the beats application name – date.  Ex. winlogbeat-2018.08.23.

5.  Test your Logstash configuration.

6.  Restart and enable Logstash service.

 

At this point you should now have a functional ELK server that will accept input from BEATS!

 

 

 

Install Java JDK/JRE on Ubuntu Server without APT

As I’m sure many of you are well aware sometimes you need to pick and choose when to upgrade an application, particularly when you need to wait for application compatibility.  This being the case, you want to be able to update your OS for vulnerabilities without breaking the applications that run on it that may not support the newest version of certain dependencies (such as Java).  More work for you, but less work in the log run.  Anywho, below is a quick step-by-step for installing Java JDK/JRE without using an APT repository:

1.  Make your installation directory

2.  Navigate to the Java Downloads Page and download the needed version (jdk-VERSION-linux-x64.tar.gz)

NOTE: I had trouble with wget not downloading the file correctly.  I had to download on a Windows machine and use WinSCP to copy over the file.

3.  Move (or copy) the downloaded file to your installation directory if not already there

4.  Unpack the tarball

5.  Delete the tarball (optional)

6.  Configure Java with the following commands

7.  Create Java Environment Variables

Copy the following into the file and save, adjusting as necessary

8.  Then run the following to apply

 

Done!

Run the following to check the installed running version

Run the following to return Java variable locations

 

Installing VMware Tools on Ubuntu Server via CLI

Per usual this is more for my own reference because I’m forgetful, but it might help someone out if they happen to miss the very detailed instructions found here on VMware’s KB site.  For this I think I’ll do a numbered list of steps to make things simple:

1.) Mount VMware Tools installer in vSphere/vCenter by selecting the Install VMware Tools option

2.) SSH into your Linux VM and sudo up, or if you prefer put sudo in front of all your commands…I’m lazy

3.) Create a directory to use as a mount point

4.) Mount the CDROM to your newly created mount point

5.) Copy the zipped files to a temporary directory

6.) Move into your temp directory and extract the files

7.) Move into the vmware-tools-distrib directory and run the PERL install script

At this point you’ll be asked a whole bunch of questions to customize the install.  Select whatever works for your environment, though the defaults will work fine for most.  It’ll go through installing and you’re done!

HAProxy Configuration for Remote Desktop Services

Remote Desktop Services can be a touchy subject for some, but I find the solution to work well.  When the need to provide external access arises I will typically use HAProxy to, you never would have guessed it, proxy the traffic to the appropriate places.  It has proven to be rock solid in its performance, and offers decent logging when issues arise.  Please note that there should be additional security measures taken to secure this, so don’t just drop it in and think you’re done.

A lot of the configuration options are simply taken from the HAProxy documentation.  I do suggest taking some time and reading through a lot of the common options to help fine tune your config.  Before I drop the my “template” config, let’s do a quick overview of what it contains (though I will have comments in the config).  First things first, I set up the built in stats page.  This is very useful and I don’t see much reason not to set it up.  I then redirect port 80 traffic (http) to port 443 (https/SSL).  Next up is to proxy any https/SSL traffic in to the RDS server.  Finally, we proxy the RDP traffic through and we’re good to go!

 

Renewing Let’s Encrypt Certificates with certbot-auto

I had some trouble renewing a certificate on a web server today with a particularly “wonky” configuration if you will.  The standard certbot methods I would normally use just would not work for me so I had to dig a little deeper into the more “advanced” certbot setups.  This brought me to the certbot documentation where I read that the certbot-auto script might be able to help me out, so I gave it a shot and it worked!  I started by downloading the script and changing the permissions as instructed:

I threw it in a home directory, but that is really dealers choice.  Once I had that complete I simply ran the following command and was off to the races:

 

Upgrading ConnectWise Control (ScreenConnect) on Ubuntu Server 16.04.3 LTS

ConnectWise released the 6.4 upgrade yesterday and I realized I have not yet done a post on the upgrade process.  It’s rather straight forward, but why not.

1.) Navigate to the ConnectWise Download Page and copy the link address for the latest stable release.

2.) From your shell, run the following command to download the file.  I typically download it to the tmp directory for easy clean up.

3.) Then extract the contents.

4.) Move into the extracted directory and run the install.sh script found there.

5.) It will then ask you a few quick questions as seen below.  Answer them and you are done.  Simple!

 

Assigning a Static IP Address in Ubuntu Server 16.04

I always forget all the parameters.  File found at /etc/network/interfaces.

 

Setting Up Apache Virtual Hosts

Apache is likely the most popular method of serving web content on the internet at the moment.  Chances are if you’re here (at my blog), you’re enough of a nerd to have heard of it before.  Basically Apache “compartmentalizes” its functionality and components if you will.  These “compartments” that are indicative of individual domains/websites are known as Virtual Hosts.  Once you have them (or just the one for starters) set up, you can set up all the websites you wish.

To begin, we need to install Apache.

After it finishes installing, we’re going to look at the Document Root under /var/www.  The Document Root is the top-level directory that Apache looks at to find content to serve, and is by default set to /var/www/html.  What we would like to do is make directories for the domains that we wish to serve.

We have created our Document Root directories but currently they are owned by root.  If you would like a sudo user that you have created to be owner do the following replacing sudouser with the account username.  Alternatively, you can use $USER:$USER and it will sub-in the value of the currently logged in user when you press enter.

 

Next we need to make sure that read access is allowed for our general web directory so that the webpages we plan to host can be served properly.

Now we’re going to move away from our Document Roots and switch gears to the Virtual Host Files.  Think of these as the recipe that the Apache engine follows when receiving a request.  These files specify the configuration of our virtual hosts and how the Apache web server will respond to domain requests.  These files are stored in /etc/apache2/sites-available.  By default Apache creates a Virtual Host File called 000-default.conf.  We are going to copy this to make our lives a little bit easier.

I personally like to keep everything named after the domain I’m using, but you can choose whatever naming scheme you would like.  Open the file in an editor with root privileges and you should get something like the following:

Obviously this information is a little generic and we want to customize it.  You’ll want to change the ServerAdmin and DocumentRoot values to match your virtual host.  You will also need (or may like to) add ServerName and ServerAlias.  You should have something like the following when you’re finished:

Save and close your file.  Now copy the newly customized Virtual Host File and sub out all the domain1.com for domain2.com, then save and close the file.

Now all that there is left to do is enable our new Virtual Hosts in Apache and some cleanup work.  Enable the Virtual Hosts with the following command:

Disable the Apache default site:

Finally, restart Apache to have all of our changes take effect: