7 July 2024

Emptying a File Without Deleting it

Working in IT, there will be a day when you will need to purge a file on one of your systems. As an administrator, managing file sizes and content is crucial for maintaining the system performance and stability you require. Regardless of what you call it – emptying, clearing, wiping, purging; There are various reasons why you might want to clear a file without actually deleting it:

  1. Log Management: Logs can grow excessively large, consuming valuable disk space. Clearing logs without deleting them ensures continuity in logging.
  2. Data Reset: Some applications might require periodic resets while keeping the file structure intact.
  3. Error Resolution: Clearing files with erroneous or corrupted data can be a quick way to restore normal operations without affecting the file’s existence or permissions.

Here are nine methods to empty a file from the command line:

  1. Using the truncate Command:
    The truncate command can be used to resize files. Setting the size to zero effectively clears the file.
   truncate -s 0 file.txt

This command is straightforward and efficient for emptying a file while preserving its metadata.

  1. Using the echo Command:
    The echo command can output an empty string to a file, thereby clearing its contents.
   echo -n > file.txt

The -n option ensures that no newline character is added, leaving the file empty.

  1. Using Vim Editor:
    Vim, a powerful text editor, can also be used to clear a file.
    Open the file with vim.
    In Vim, type the following command to delete all lines:
vim file.txt
:1,$d 

This command deletes all lines from the first to the last line in the file.

  1. Using the dd Command:
    The dd command is useful for low-level data manipulation and can clear a file by reading from /dev/null.
   dd if=/dev/null of=file.txt

This reads from /dev/null and writes to file.txt, making it empty.

  1. Using the cp Command with /dev/null:
    The cp command can replace the file’s contents with the empty contents of /dev/null.
   cp /dev/null file.txt

This is an efficient way to clear a file while maintaining its attributes.

  1. Using the > Operator:
    The simplest method involves using the redirection operator to truncate the file.
   > file.txt

This method is quick and commonly used for clearing file contents.

  1. Using the cat Command:
    By redirecting the contents of /dev/null to the file, you can clear its contents.
   cat /dev/null > file.txt

This is another straightforward method to empty a file.

  1. Using the : (Colon) Command:
    The colon (:) is a built-in shell command that does nothing but return a true exit status. When combined with the redirection operator, it can clear a file.
   : > file.txt

This command is both simple and efficient for emptying files.

  1. Using the sed Command:
    The sed command can delete all lines in a file.
   sed -i d file.txt

The -i option tells sed to edit the file in place, and the d command deletes all lines.

Conclusion

Emptying files without deleting them is a common administrative task in Linux. Each of these methods allows you to clear file contents while preserving the file itself, along with its permissions and ownership. Whether you are managing log files, resetting data, or addressing errors, these commands provide efficient ways to handle files without removing them. The choice of method simply depends on your specific needs and the tools you are comfortable with. Hopefully this helps you somewhere in your day-to-day linux administration.

24 July 2022

Install Docker CE on Amazon Linux 2

Here is how to install docker and docker-compose on the (AWS) Amazon Linux 2 OS running on either an EC2 or Lightsail instance.

Let’s begin by opening a console or SSH session to your EC2 or Lightsail instance. You can do this from within your AWS portal or an SSH tool like Putty. The actual “how to connect” to your server is outside the scope of this article.

Once you are connected, let us start by installing any pending updates on your host.

sudo yum update

Next, we will install Docker.

sudo yum install docker

Create a new membership group for docker and add the ec2-user to it so you can run all of the docker commands without needing to use the sudo command.

sudo usermod -a -G docker ec2-user
id ec2-user
newgrp docker

Now it’s time to add docker-compose.

wget https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m) 
sudo mv docker-compose-$(uname -s)-$(uname -m) /usr/local/bin/docker-compose
sudo chmod -v +x /usr/local/bin/docker-compose

Enable the docker service.

sudo systemctl enable docker.service

Start the docker service.

sudo systemctl start docker.service

Verify that the service is running.

sudo systemctl status docker.service

You can check the docker version with this command.

docker version

And lastly you can check the docker-compose version with this command..

docker-compose version

You have now installed docker and docker-compose on Amazon Linux 2.
I am going to leave off with some helpful controls manage docker on your machine.

sudo systemctl start docker.service #start docker
sudo systemctl stop docker.service #stop docker
sudo systemctl restart docker.service #restart docker
sudo systemctl status docker.service #get the status of docker
24 July 2022

Install Docker CE on Ubuntu

So how does someone install Docker on Ubuntu? Let me show you… We’re starting off with a freshly installed Ubuntu 20.04 virtual machine that has been updated but has not had anything additional added to it yet.

We will start with adding some packages that are prerequisites for using the ‘apt’ commands over HTTPS and thus for Docker.

sudo apt install apt-transport-https ca-certificates curl software-properties-common

Next, we’ll add the GPG key for the Official Docker repository.

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

Then we’ll add the Docker repo to the sources for APT.

echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

We’ll rerun our ‘update’ command.

sudo apt update

And the step everyone was waiting for, installing Docker.

sudo apt install docker-ce

Now we need to allow our user to run Docker commands without always needing to ‘sudo’. We can add the user we are logged in as by using this command.

sudo usermod -aG docker ${USER}

Okay now as an optional step, you can install Docker-Compose. At the time of writing this, it is on v2.7.0. You will want to check their release page and update the command below to the current version number.

mkdir -p ~/.docker/cli-plugins/
curl -SL https://github.com/docker/compose/releases/download/v2.7.0/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose

Then we can set the correct permissions on docker-compose so that it will be executable.

chmod +x ~/.docker/cli-plugins/docker-compose

Now we can verify our Docker and Docker-Compose are installed by checking their versions with these commands.

docker compose version
docker version

And that is how you install Docker on your Ubuntu machine

10 July 2022

Install Git on CentOS

Okay, it’s time to install Git so you can play with some pull and merge requests for some projects you are working on. This set of instructions should work on your system regardless if you are running CentOS 7, 8, or 9.

The first thing to do is elevate…

sudo su

Then update your system.

dnf update

Install Git

dnf install git

Check the installed version

git --version

Just like that, you are ready to “Git” yourself back to coding something grand!

Category: CentOS, Git | LEAVE A COMMENT
9 July 2022

Install Docker CE on CentOS 9 Stream

Docker is an operating system virtualization tool that allows us to run applications as containers. In simplest terms, that means you are virtualizing only the application, and not creating an entire virtual machine as you would traditionally do in hypervisors like VMware, Hyper-V, or Nutanix.

Okay, that’s cool… How do we install Docker so we can start to test workloads on it? Well, let me show you how to install Docker on a virtual machine running CentOS 9 Stream.
**While I have not tested to confirm, this Docker installation method should be identical on CentOS 8 Stream, as well as for CentOS 7.x

Let us begin by shifting to Sudo mode by running this command first…

sudo su

Then the first thing to do is remove PodMan as it conflicts with Docker.

dnf -y remove podman runc

The next step is to add the Docker repo.

curl https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo

Update SELinux in regards to the Docker repo.

sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/docker-ce.repo

Enable the Docker repo and install Docker.

dnf --enablerepo=docker-ce-stable -y install docker-ce

With Docker installed, it is time to enable it.

systemctl start docker
systemctl enable docker

Let us view what we installed by running these two commands.

rpm -q docker-ce
docker version

Congratulations! You now have Docker installed on your machine.

You’ll probably want to install Docker Compose on your machine too so you can build and run a docker image. You can install it with this simple command.

dnf install docker-compose
4 May 2022

Install AdGuard-Home on RaspberryPi

I’ve used Pi-Hole for longer than I can remember, so it’s time to test drive another solution, AdGuard Home, to see how it compares on my network.

To start, as the title suggests you’ll need a RaspberryPi. While not required, I recommend starting with a new fresh image of the RaspbianOS on it. The next thing you’ll want to do, which I won’t cover in this article, is set up your RaspberryPi with a static IP address and then enable SSH on it so that you can connect to it.

Install AdGuard Home

Before you get started make sure to update your RaspberryPi using these two commands. After that you will be ready to get started.

sudo apt-get -y update
sudo apt-get -y upgrade 

The easiest way to begin the installation of AdGuard Home and get it ready to go is to copy and paste the command below and then run it. It will take care of everything; downloading the proper version for your RaspberryPi, installing it, starting it as a service on boot.

curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -v

After a few minutes, the installation completes and you are ready to proceed. Towards the bottom of the output from the install, there are a few lines that tell us what IP the RPi is listening on, on port 3000. Open your browser and go to the third entry which should be the same as the static IP address you applied to your RaspberryPi before we got started. Referencing the example in my image above, I would be going to: http://192.168.1.2:3000. You should be greeted by a five-step getting started wizard.

Using my RaspberryPi 3, I prefer to only use my wired ethernet connection. I usually go into the OS and disable the WiFi. So on this page, I will select my ‘eth0’ interface as the one that I want to listen to for DNS calls on.

Create your username and a password.

Time to set up your devices to point their DNS to your “new” AdGuard Home.
At this point, this is when you should be repointing the DNS in your router to now be pointing at your RaspberryPi’s IP address. This will make all of the devices on your network that is pulling a DHCP address from your router start to use AdGuard Home.

Note: This is also when I like to go back into my RaspberryPi’s NIC to statically repoint it’s DNS setting to its own IP address since it is now able to resolve DNS.

The last step is to open the dashboard and login.

Dashboard

The dashboard is what you see as soon as you log into your AdGuard Home. It is where you get to see at a single glance the summary of all of the statistics it has collected. From the number of allowed and blocked DNS queries, to what the top queried and blocked domains are, you can even see which clients are being the “chattiest” and making the most DNS requests. Being the summary page, you can use it as the launchpad to click around and dive deeper into what the devices on your network are doing and who they are talking to.

The only other thing really worth mentioning on the dashboard is the “Disable Protection” button that is near the top of the page next to the ‘Dashboard’ title. If you ever need to troubleshoot an issue with one of the devices on your network, this is how you can easily disable all of the DNS blocking/filters that AdGuard Home is doing so that you can [hopefully] rule it out as the culprit.

Settings

Under ‘General Settings’ I like to enable the longest log and statistic retention. Being that this is for a home network, I’m not too concerned about anonymizing the client IP info.

Under the ‘DNS Settings’ I like to set my upstream DNS servers. I personally use Cisco’s OpenDNS. Here is a link to known DNS providers that you could choose from if you don’t want to use Cisco. I also have it run the requests in parallel for faster results. However, I tend to leave almost everything else set to its default values.

Examples you can set as your Upstream DNS Servers:

  • regular DNS (over UDP) –
    • 94.140.14.140
  • regular DNS (over TCP) –
    • tcp://94.140.14.140
  • encrypted DNS-over-TLS
    • tls://dns-unfiltered.adguard.com
  • encrypted DNS-over-HTTPS
    • https://dns-unfiltered.adguard.com/dns-query
  • encrypted DNS-over-QUIC (experimental) –
    • quic://dns-unfiltered.adguard.com:784
  • DNS Stamps for DNSCrypt or DNS-over-HTTPS resolvers –
    • sdns://...
  • an upstream for specific domains
    • [/example.local/]94.140.14.140
  • a comment –
    • #comment

One of the final ‘DNS Settings’ I like to apply is at the very bottom of the page. I want to limit the use of my DNS to only machines that are on my home network. To do this, under “Allowed clients” I’m adding the CIDR notation for my home network.

I’m adding “192.168.0.0/16” so that it will apply to every address from 192.168.0.0 thru 192.168.255.255. However, while not wrong, this is probably going to be overkill for most home networks that only use a single subnet.

So depending on your home network’s IP address space, you could probably choose to just use a /24 – so it would look more like 192.168.0.0/24. In this example, it would allow all the addresses from 192.168.0.0 thru 192.168.0.255. Again, match up that address space (ie the third octet) to what is in use on your network if you use the /24. If your home network uses a different

Filters

Filters are an easy way to quickly block or allow, many different popular sites and services. For example, if you had a hatred for social media, by flipping a toggle in this menu, you could completely cut off and block all services from Facebook on your network.

Note this is not blocking applications, aka Layer 7, it is simply blocking a list of know domains that are owned and/or used by the specific service or website.

The ‘Filters’ is also where you can add/remove DNS blocklists. AdGuard Home comes with quite a few pre-defined lists that you can choose to enable if desired. To get there, click on ‘Filters’, then ‘DNS blocklists’, then click on the ‘Add blocklist’ at the bottom of the page.

Next, you will click ‘Choose from the list’ to start adding the pre-defined blocklists. Alternatively, if you had a custom list you wanted to add, you could do so right here using the ‘Add a custom list’ button.

Here is where the magic happens. This is where you can select any or all of the pre-defined block lists. When you are done, click the save button.

Query Log

This page is a comprehensive log of everything that AdGuard is doing. You can see what client on your network is making what DNS query. You can filter to see what DNS queries are getting processed or blocked. It is also here that you can see what external resolver answered a particular DNS query. It’s not as snazzy or flashy as the graphs and top charts on the dashboard, but if you are trying to look for the dirty details of whats going on, then your answer is definitely going to be here in this query log.

AdGuard Home service – Start/Stop/Restart/Status

To control the AdGuard Home service and manage it from the command line of your RaspberryPi you can use the following commands.

sudo /opt/AdGuardHome/AdGuardHome -s status
sudo /opt/AdGuardHome/AdGuardHome -s start
sudo /opt/AdGuardHome/AdGuardHome -s stop
sudo /opt/AdGuardHome/AdGuardHome -s restart

Likewise, if you need to you could also uninstall or re-install the AGH service.

sudo /opt/AdGuardHome/AdGuardHome -s uninstall
sudo /opt/AdGuardHome/AdGuardHome -s install

Test if AdGuard Home is working

So your devices should be pointing to AdGuard Home. To test if the ad-blocking is working you have a couple of options.

On your Windows machine open a command prompt, then type this command.

nslookup doubleclick.net

If AdGuard Home is working, it should return “0.0.0.0” as the answer. Meaning that it can not lookup the IP address of the domain “doubleclick.net”.

The other way that you can test your new ad-blocking abilities is by going to a URL and checking how well it blocks ads. A quick google search returned this site as one option to test ad-blocking: https://adblock-tester.com/ I’m sure you can find others…

What is AdGuard Home missing

  • No Layer 7 Application filtering capabilities

AdGuard does not have any packet inspection capability. Because it can not inspect packets it can not actually block or filter based on content or applications. AdGuard relies completely on DNS and the reputation of the actual domain/URL that is being called. Instead of blocking the content itself, it blocks the IP address lookup for the domain being requested. If you need to block/filter content you will need to look into some sort of Next-Gen Firewall as a solution.

  • Blocking all Ads

AdGuard and Pi-Hole both suffer from the inability to block ALL ads. This is because sometimes the advertisements, and the content you are actually wanting, come from the same domain. Because they are coming from the same place we are unable to block the actual domain name.

Some examples of a few sites that serve ads and content from the same domain name include:

  • YouTube
  • Twitter
  • Facebook
  • Instagram.
20 April 2022

Install ClamAV on CentOS 7

Here is how to add the open source antivirus tool ClamAV to the CentOS machine and configure it automatically run a virus scan on newly uploaded files. ClamAV detects all forms of malware including Trojan horses, viruses, and worms, and it operates on all major file types including Windows, Linux, and Mac files, compressed files, executables, image files, Flash, PDF, and many others. ClamAV’s Freshclam daemon automatically updates its malware signature database at scheduled intervals.

yum -y install clamav clamav-scanner clamav-scanner-systemd clamav-server clamav-server-systemd clamav-update

First edit freshclam.conf and configure your options.

vi /etc/freshclam.conf

Freshclam updates your malware database, so you want it to run frequently to get updated malware signatures. Run it manually post-installation to download your first set of malware signatures:

freshclam

Next, edit scan.conf.

vi /etc/clamd.d/scan.conf

Uncomment this line

LocalSocket /run/clamd.scan/clamd.sock

When you’re finished you must enable the clamd service file and start clamd:

systemctl enable clamd@scan.service
systemctl start clamd@scan.service

Note, the default cron job for ClamAV runs every 3 hours to check for updates.

12 April 2022

Install PHP 8.1 on CentOS 7

To install PHP 8, you will need to add the EPEL and Remi repositories to your machine.

yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm --import http://download.fedoraproject.org/pub/eprl/RPM-GPG-KEY-EPEL-7

yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
rpm --import https://rpms.remirepo.net/RPM-GPG-KEY-remi

You can verify the repositories were added by using the command below to look for the “php8” packages are there.

sudo yum list php

Install “yum-utils”

sudo yum -y install yum-utils

Enable the Remi repo for PHP, after disabling any existing repo for PHP.

sudo yum-config-manager --disable 'remi-php*'
sudo yum-config-manager --enable remi-php81

Install PHP and all of the required extensions

sudo yum -y install php php-{bcmath,cli,common,curl,devel,gd,imagick,intl,json,mbstring,mcrypt,mysql,mysqlnd,pdo,pear,pecl-apcu,pecl-apcu-devel,ldap,xml,zip} 

Verify PHP is installed and the version. You can see I was able to install PHP v8.1.4

sudo php -v
PHP version info

Open the php.ini config file and set your timezone. You will need to uncomment the line for date.timezone and set it to your timezone of choice and set it to your timezone of choice. .

sudo vi /etc/php.ini
date.timezone = Pacific/Honolulu

12 April 2022

Install PHP 8.0 on CentOS 7

To install PHP 8, you will need to add the EPEL and Remi repositories to your machine.

yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm --import http://download.fedoraproject.org/pub/eprl/RPM-GPG-KEY-EPEL-7

yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
rpm --import https://rpms.remirepo.net/RPM-GPG-KEY-remi

You can verify the repositories were added by using the command below to look for the “php8” packages are there.

sudo yum list php

Install “yum-utils”

sudo yum -y install yum-utils

Enable the Remi repository for PHP, after disabling any existing repo for PHP.

sudo yum-config-manager --disable 'remi-php*'
sudo yum-config-manager --enable remi-php80

Install PHP and all of the required extensions

sudo yum -y install php php-{bcmath,cli,common,curl,devel,gd,imagick,intl,json,mbstring,mcrypt,mysql,mysqlnd,pdo,pear,pecl-apcu,pecl-apcu-devel,ldap,xml,zip}

Verify PHP is installed and the version. You can see I was able to install PHP v8.0.17

sudo php -v

Open the php.ini config file and set your timezone. You will need to uncomment the line for date.timezone and set it to your timezone of choice.

sudo vi /etc/php.ini
date.timezone = Pacific/Honolulu
12 April 2022

Install MariaDB on CentOS 7

Add the MariaDB repository to your machine

sudo cat <<EOF | sudo tee /etc/yum.repos.d/MariaDB.repo
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.6/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
EOF

Clean the yum cache

sudo yum makecache fast

Install MariaDB 10.6

sudo yum -y install MariaDB-server MariaDB-client

Start and enable MariaDB service:

sudo systemctl start mariadb
sudo systemctl enable mariadb

Secure or instance of Maria DB by running the ‘mariadb_secure_installation‘ command.

sudo mariadb-secure-installation
mariadb secure installation script

Enter your root credentials when prompted. For the next two prompts, if you have your root account protected correctly, it will tell you so and you can follow the recommendation to enter ‘n’ for them.

more mariadb secure installation script

For the next four prompts, enter ‘Y’ for them.

last of the mariadb secure installation script

Check your MariaDB and what version it is running this command below or login into the database and check as shown in the image below.

sudo mysql -V
Checking MariaDB version