The Right Ports

nmap is a very useful tool to check the open ports. Yeah, bad guys could use it too but you want to make sure the host you have exposed to the Internet has the minimal number of ports open. When I scan my own host that hosts this blog site like nmap hayato-iriumi.net, I get the following output.

Starting Nmap 7.80 ( https://nmap.org ) at 2021-09-23 18:27 PDT
Nmap scan report for hayato-iriumi.net (150.136.86.255)
Host is up (0.097s latency).
Not shown: 996 filtered ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
443/tcp  open  https
8080/tcp open  http-proxy

I have the 4 ports open intentionally for my own management of my site. This makes me think what I should actually do down the road. I should close 22 and use a bastion to SSH into the host for management.

8080 is open for another management reason. Obviously, 80 is open for HTTP connection which redirects traffic to 443 (SSL, HTTPS). If you do nmap google.com, you can see port 80 and 443 are open to public as well.

Starting Nmap 7.80 ( https://nmap.org ) at 2021-09-23 18:28 PDT
Nmap scan report for google.com (142.250.69.206)
Host is up (0.026s latency).
Other addresses for google.com (not scanned): 2607:f8b0:400a:805::200e
rDNS record for 142.250.69.206: sea30s08-in-f14.1e100.net
Not shown: 998 filtered ports
PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

Here is the first paragraph of nmap man page. It tells you what it’s supposed to do.

Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

man page for nmap is pretty big so there must be a lot we can do with this tool.

How to Install htop on Oracle Linux 7

I wrote an article on how to install htop on Oracle Linux before. Thanks to Markus, I learned that installing htop is just a matter of enabling a repo on Oracle Linux 8. I have a Oracle Linux 7 host that I use for a customer and I wanted to install htop on it. I tried to look for epel repo in /etc/yum.repos.d/oracle-linux-ol7.repo but I could not find it. So the only option for me is to add the epel repo under /etc/yum.repo.d

I looked for EPEL repo for Oracle Linux 7 and added the following in /etc/yum.repos.d/oracle-epel-ol7.repo

[ol7_developer_EPEL]
name=Oracle Linux $releasever EPEL Packages for Development ($basearch)
baseurl=https://yum$ociregion.$ocidomain/repo/OracleLinux/OL7/developer_EPEL/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=1

Then run the following command.

sudo yum update
sudo yum install htop

Then, you get to install htop on Oracle Linux 7. 🙂

Troubleshooting Dockerized Blog

This blog is a dockerized WordPress blog. I noticed that my blog site was down this morning. I couldn’t even ssh into the host. I thought it was hacked somehow. After poking it around, I got it back up and running. Here is the things I did to get it back up.

  1. When I did ping hayato-iriumi.net, I got response back.
  2. After a while, I could hit the website but it wasn’t connecting to the database.
  3. I couldn’t even ssh into the host, so I restarted it.
  4. I was able to ssh into it now, so I checked the running containers with the following command.
    docker ps -a
  5. I noticed that NGINX container was failing because it could not start because port 80 was already in use.
  6. Checked which process was using port 80 with the following command.
    sudo netstat -pna | grep 80
  7. It turned out that another instance of NGINX was hogging the port. I stopped it and disabled it with the following command.
    sudo systemctl stop nginx
    sudo systemctl disable nginx
    sudo apt remove nginx
  8. I’m not sure what installed the instance of NGINX.
  9. Restarted the host.
  10. The site came back up.

I am seeing some errors in journalctl so something else may have caused the issue. This is a very common troubleshooting for Linux users but you should know where to look to troubleshoot Linux hosted service. I may rebuild this blog host again just in case it might have been hacked.

How to install Docker and Docker Compose on Oracle Linux 7

I have a need to install Docker and Docker Compose on Oracle Linux 7. Here is my note for future reference.

sudo yum -y update
sudo yum install -y docker-engine
sudo systemctl start docker
sudo systemctl enable docker
sudo usermod -aG docker $USER

Now, logout and log back in and execute a docker command to see if you don’t need sudo to execute it.

docker ps -a

Now install Docker Compose.

sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

Now check if docker-compose was successfully installed.

docker-compose -v

How to Set Default User for WSL (Ubuntu)

I have Ubuntu for WSL (Windows Subsystem for Linux). I’m not sure how it happened, but when I started the terminal, it started to default to the root user. I wanted to default the user to the one that’s not the root user.

ubuntu config --default-user hiriumi

Make sure to run it either from the Windows command line or PowerShell. Next time when you open Ubuntu terminal, it goes straight to the user you specified.

Cheapest Way to Blog with Your Own Domain

Most of the hosting services want you to buy domain and host your site there. As I was working on my blog site, I’ve learned how I could change DNS record to point to my free tier host on Oracle Cloud Infrastructure. I wanted to do it because iPage.com was too slow for me.

Then, I thought what if I could use a service that allows me to just buy domains and manage my own DNS records without any hosting and host my site on OCI’s free tier?

When I was watching Scott Hanselman‘s YouTube video, I noticed something. He was using DNSimple for his DNS management. So this is a site where you can buy domains and manage DNS records and SSL certs.

So I pay $6 every month for the service and I pay $16 every year for my domain. $6×12+$16=$88 My blog site is hosted at OCI’s free tier host, so it does not cost anything. So I can have my own blog with my domain name for $88 per year. I think it’s quite reasonable.

Of course, this method requires pretty good knowledge of DNS, Web Server and SSL but if you are an engineer or planning to be one, I’d highly recommend it.

zsh

I like z shell. z shell (zsh) is built on top of bash, so your bash script should run without any modification. Here is how you can install zsh.

sudo apt install zsh

Here is how you can make zsh your default shell.

sudo sh -c "echo $(which zsh) >> /etc/shells" && chsh -s $(which zsh)

You may be prompted to create ~/.zshrc (equivalent to ~/.bashrc) when you start your terminal with zsh.

Once you have zsh installed, it’s time to install oh-my-zsh. It’s another cool open source project that allows you to have cool prompt on your terminal.

sh -c "$(curl -fsSL https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"

We don’t stop here. To make your prompt even cooler especially for your git operations, we install p10k.

Install p10k manually.

git clone --depth=1 https://github.com/romkatv/powerlevel10k.git ~/powerlevel10k
echo 'source ~/powerlevel10k/powerlevel10k.zsh-theme' >>~/.zshrc

Close your terminal and restart it.

Now you get a prompt like the following. It doesn’t show the right glyphs because you don’t have the right fonts and set to be used on your terminal.

Let’s download and install Nerd Fonts. First, clone this repo.

git clone https://github.com/ryanoasis/nerd-fonts.git

It takes some time for the whole repo to be downloaded.

Install the fonts by running the script.

cd nerd-fonts
./install.sh FiraCode

Now change your font of your terminal profile to FiraCode Nerd Font Mono Regular and then run the following command.

p10k configure

If you run through the wizard, you get your cool prompt! 🙂

Linux is Ready for Prime Time

Over the years, I have had a lot of interest in Linux. I would download and install some distribution on my PC or virtual machines to try them out but it was hard mostly because of issues with drivers. And the desktop environments were not there yet.

About 5 to 6 years ago, I wanted a media PC for my TV and I gave Linux Mint a try. It was a great pleasant surprise that I didn’t have to struggle with drivers and the software I needed. I also tried Hacintosh for 10 years, so that gave me a good experience. A long time Windows guy slowly transitioned to Mac and Linux.

Please don’t get me wrong, but I’m not completely defying Windows at all. I do like Windows too but when it comes to performance and freedom I get from Linux, nothing can beat it. And I think Linux desktop environments are ready for prime time.

I’ve done quite a bit of distro hopping but I realized that it’s no use. What you can do with Linux distros are pretty much the same but what makes things different is the desktop environments such as GNOME, MATE and Xfce. You can install all of them and switch as you go. Unlike distro hopping, you don’t have to wipe out your disk to try them out.

Once you install Windows or macOS, you are stuck with it. But with Linux, you can use any desktop environment available. And all of them are free.

I have a Windows machine, Macbook Pro and 2 Linux Mint machines at home. I love what I have and I keep digging everyday. 🙂

How to Copy cat Output to Clipboard on Linux Mint

There may be times when you want to copy the output of cat command to your clipboard. cat foo.txt | pbcopy is available on macOS but how do we do something like that on Linux Mint (or Ubuntu)? xclip can be installed to accomplish that.

Install xclip.

sudo apt install xclip

By doing something like the following, you can copy the content of a text file to clipboard.

cat foo.txt | xclip -selection cliboard

This is too much typing just to copy contents from the text file. You could add the following alias in your ~/.bashrc or ~/.zshrc if you use zshell (which is my favorite shell).

alias "cs=xclip -selection clipboard"

Once you add the line, you can do source ~/.bashrc (or ~/.zshrc) and you should start to be able to use it like below.

cat foo.txt | cs

How to Install Google Chrome on Linux Mint

Linux Mint (and any Debian derivatives) does not come with Google Chrome. You can’t install it even from Software Manager. In this blog, I will show you how to install it from terminal.

Make sure you have vim installed on your machine. (sudo apt install vim)

Next create a new file under the directory.

sudo vim /etc/apt/sources.list.d/chrome.list

Paste the following source in the file.

deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main

Add the key.

wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | sudo apt-key add -

Execute update.

sudo apt update

Install Google Chrome.

sudo apt install google-chrome-stable

Start Google Chrome

google-chrome

I’m not sure how you can add Google Chrome in the favorite menu yet. I will update this article when I find out.

Edit: It showed up in the menu the next day, so I am guessing it takes some time for the DE to cache the newly installed applications.