The reboot script of Wi-Fi routers TP-Link

Below is an example of the TP-Link router reboot script, I will test it on TL-WR720N 2.0 from Ubuntu Server.

#!/bin/sh
ROUTER_IP="192.168.24.174"
USERNAME="admin"
PASSWORD="admin"

# exit if router is down
ping -q -c 1 "$ROUTER_IP" > /dev/null || exit

curl --basic --user "$USERNAME:$PASSWORD" -A "Mozilla/4.73 [en] (X11; U; Linux 2.2.15 i686)" --refer "http://$ROUTER_IP" "$ROUTER_IP/userRpm/SysRebootRpm.htm?Reboot=reboot"

The contents of the script will be placed in a new file, for example, using the nano editor (“CTRL+X” to exit and “y” to save the changes):

nano file.sh

And make it executable:

chmod 777 file.sh

After this, we execute:

./file.sh

Similarly, you can perform other functions instead of rebooting.

How to close the link from indexing

To search engines Google, Yahoo!, Yandex and Bing, do not go through specific links and do not index them, and also to not pass on them PageRank, you need to add a special attribute to the link:

rel="nofollow"

For example:

<a href="example.com" rel="nofollow">Link text</a>

See also the information in this attribute in the Google Help Center – Attribute rel=”nofollow”
Information on Yandex – Using HTML tags

HP Pavilion dv7 Repair – White Screen

Noticed recently the appearance of a white screen at the time of work on the laptop HP Pavilion dv7.
When switching to an external monitor and back by a combination with the Fn key, the image was displayed normally, but after a while the problem appeared again.

The main reason for this phenomenon is likely to be a damaged or poor contact on the plume going to the display.
In my case, its disconnection/connection did not solve the problem, I had to order it on Aliexpress, it’s not expensive there.
Under the battery is written the full name of the laptop model for which you need to order a cable.

After replacing the loop, the problem was solved.

Configuring SSH checks in Zabbix

It took somehow some Linux servers to configure SSH checks to not install Zabbix-agent on them.
Zabbix-server itself is installed on Ubuntu Server.

Below in order I will describe how to configure SSH checks in Zabbix.

Authorization for SSH will be configured by key instead of password, for this we stop zabbix-agent and zabbix-server:

sudo service zabbix-agent stop
sudo service zabbix-server stop

Create a Zabbix user home directory (for storing ssh keys):

sudo usermod -m -d /home/zabbix zabbix
sudo chown zabbix:zabbix /home/zabbix
sudo chmod 700 /home/zabbix

Run back zabbix-agent and zabbix-server:

sudo service zabbix-agent start
sudo service zabbix-server start

Open the configuration file /etc/zabbix/zabbix_server.conf (in the nano editor, press Ctrl+O and Enter means save, Ctrl+X to exit):

sudo nano /etc/zabbix/zabbix_server.conf

Uncomment the string SSHKeyLocation and specify the path to the directory with the keys:

SSHKeyLocation=/home/zabbix/.ssh

Restart zabbix-server:

sudo service zabbix-server restart

Generate the ssh key:

sudo -u zabbix ssh-keygen -t rsa

Press Enter if the path is /home/zabbix/.ssh/id_rsa
On the offer to encrypt the key file, press Enter to not encrypt it or enter twice any password (it will encrypt the key file and you will have to specify it when connecting it)

Copy the generated key to the server we will be watching:

sudo -u zabbix ssh-copy-id -i /home/zabbix/.ssh/id_rsa.pub -p 22 root@192.168.0.55

If an error occurs while copying the key, you can manually copy the line from id_rsa.pub to the remote server in the authorized_keys file.

And we will try to connect to the remote server without entering the password with the command:

sudo -u zabbix ssh -p 22 root@192.168.0.55

Now in Zabbix we add the data element to the template or host:
Name: any
Type: SSH agent
Key: ssh.run[description,ip,port,encoding] (eg ssh.run[cpu,192.168.0.55,22,utf8]
Authentication method: Public key
User name (on remote host): root
Public key file: id_rsa.pub
Private key file: id_rsa
Phrase key password: leave blank if you did not encrypt the key with a password
Executed script: command running on a remote server, examples below

Below is an example of commands for Linux that you can execute and get various information.
CPU load for 1min / 5min / 15min:

cat /proc/loadavg |cut -d " " -f1
cat /proc/loadavg |cut -d " " -f2
cat /proc/loadavg |cut -d " " -f3

Number of currently running processes of the specified program:

pgrep apache2|wc -l
pgrep -c sshd

Free space at the mount point “/” (in megabytes):

df -m|grep "/$"|awk '{print $4}'

Occupied space at the mount point “/” (in percent):

df|grep "/$"|awk '{print $5}'|tr -d "%"

Received byte on the network interface eth0:

cat /proc/net/dev|grep eth0|awk '{print $2}'

Bytes sent to the network interface eth0:

cat /proc/net/dev|grep eth0|awk '{print $10}'

Amount of free RAM:

free |grep "Memory:"|awk '{print $4}'
free |grep "Mem:"|awk '{print $4}'

See also:
Connect to SSH using the keys

Configuring a VPN Server in Windows Server

On the test I give an example of setting up a VPN server in Windows Server 2008 R2.

First of all, install the role:

1) Open the server manager and click on the link “Add role“.

2) Select the Network Policy and Access Services role and click “Next“.

3) Select “Remote Access” and click “Next“.

4) Click “Install” and after the installation is complete, click the “Close” button.

Now go to the setup:

1) Open the server manager, open the “Roles” branch, select the Network Policy and Access Services role, right-click on “Routing and Remote Access“, select “Configure and enable routing and remote access“.

2) In the first window click “Next“, in the next we’ll select “Custom configuration“, click the “Next” button, tick three items: Network Address Translation (NAT) and Local Area Networking (LAN routing), click Next and “Done“.
In the window that appears, click “Launch service“.

3) We’ll add an address pool for clients by opening the “Server Manager” – “Roles” – “Network Policy and Access Services“, right-click on “Routing and Remote Access” and select “Properties“.
In the “IPv4 tab, select” Static address pool “and add any range after clicking the “Add” button.
In order to be able to connect to a VPN server, for example, from the iPhone (via L2TP), in the “Security” tab, tick “Allow custom IPSec policies for L2TP connection” and specify the key .

4) Now configure permissions for users. Go to “Server Manager – Configuration – Local Users and Groups – Users“:
Open “Properties” of the desired user and on the Dial-in tab, where “Network Access permission” select “Allow access“.

5) Add NAT rules, the necessary routes and restart the service by right-clicking on “Routing and Remote Access” – “All Tasks” – “Restart “.

For the VPN to work, ports are used and should be opened:
TCP 1723 (for PPTP)
TCP 1701 and UDP 500 (for L2TP)
TCP 443 (for SSTP)

Done.

Connection logs can be seen in the C:\Windows\System32\LogFiles directory

Solution of the error “Invalid command ‘AuthGroupFile'”

I noticed once the following error:

AH00526: Syntax error on line 26 of /etc/apache2/sites-enabled/000-default.conf:
Invalid command ‘AuthGroupFile’, perhaps misspelled or defined by a module not included in the server configuration
Action ‘configtest’ failed.
The Apache error log may have more information.

It is solved simply by activating the module:

sudo a2enmod authz_groupfile

Restart apache2 to apply the changes:

sudo service apache2 restart

Done.

The solution to the error “IP overlaps with VlanXXX. VlanXXX: incorrect IP address assignment”

It was necessary to replace the L3 switch of HP with Cisco once and after a similar switch configuration Cisco noticed an error:

172.16.63.0 overlaps with Vlan111
Vlan121: incorrect IP address assignment

As it turned out the network Vlan111 172.16.0.0/18 was ending at 172.16.63.254, it crossed with Vlan121 172.16.63.0/24.

The HP 5800 switch was configured before that and he did not say anything about it, and Cisco refused to accept the command.

Therefore, since IP addresses were used little in the Vlan111 172.16.0.0/18 network, the problem was solved by reducing the mask to 172.16.0.0/19.

After that, the IP address was successfully registered to the Vlan121 interface.

Done.

Preventing attacks on WordPress xmlrpc.php and wp-login.php

I noticed once on some servers with WordPress sites a large number of calls to the file xmlrpc.php and wp-login.php

As it turned out, someone tried to pick up a password and gain access to the site, usually such things block Jetpack, limited access to the IP in the admin area of the web server, but for some reason, there was no protection.

To count the number of accesses to a file in the logs, you can use the command:

grep 'xmlrpc.php' /var/log/apache2/access.log | wc -l

By the way, the command above can be performed for example from the monitoring system Zabbix , draw a graph on the received data, and also notify of an increase in the number of hits.

Count the number for each IP and list the following:

grep 'xmlrpc.php' /var/log/apache2/access.log | cut -d' ' -f1 | sort | uniq -c | sort -r

Count the number for each IP and list for the wp-login.php file:

grep 'wp-login.php' /var/log/apache2/access.log | cut -d' ' -f1 | sort | uniq -c | sort -r
grep 'wp-login.php' /var/log/apache2/access.log | awk '{print $1}' | sort -n | uniq -c | sort -nr | head -20

In the apache2 configuration or through the .htaccess file, you can restrict access to /wp-admin/ by IP, for example:

<Directory /var/www/site/wp-admin/>
  Options -Indexes
  AllowOverride All
  Order allow,deny
  allow from 127.0.0.1 192.168.11.25
</Directory>

Completely deny access to files like this:

<Files wp-login.php>
Order Deny,Allow
Deny from all
</Files>
<Files xmlrpc.php>
Order Deny,Allow
Deny from all
</Files>

If you use for example Jetpack, then it is better not to limit wp-login.php, as there can be errors when updating the plug-in and will affect its operation.
In this case, you can activate password protection in the Jetpack settings.

If Jetpack is not in use, you can install other plug-ins, for example, “WP Limit Login Attempts”, which displays captcha during authorization, and also blocks incorrect login attempts.
For example, the “Disable XML-RPC Pingback” plug-in can disable XML-RPC functions if they are not needed.

Also in the robots.txt file, you can prevent indexing by the search engines of these files:

User-agent: *
Disallow: /xmlrpc.php
Disallow: /wp-login.php