Installing LibreNMS on Docker

As its website explains, LibreNMS is “a fully featured network monitoring system that provides a wealth of features and device support”. It can be used to monitor servers and services so make sure they are functioning as intended.

Setting up LibreNMS

To set LibreNMS up, we will follow the official guide, correcting some of the commands and installing some additional software.

First, we will download the latest LibreNMS code from its GitHub repository, then we will extract the Docker-related files and delete the rest of the files:

mkdir ./librenms-temp
cd ./librenms-temp
wget https://github.com/librenms/docker/archive/refs/heads/master.zip
unzip master.zip
cd ..
cp -r ./librenms-temp/docker-master/examples/compose ./librenms
rm -rf ./librenms-temp
cd librenms

We can now optionally edit the .env file (e.g. to change the default database password):

nano .env

Now let’s launch the containers of LiberNMS:

sudo docker compose -f compose.yml up -d

As soon as all the containers are up, visit http://localhost:8000/ (or replace localhost with your server’s IP) and initialise LibreNMS by creating an admin account.

Installing Nagios plugins on LibreNMS Docker

After completing the LibreNMS setup, we can shut it down temporarily to install the Nagios plugins. To shut LibreNMS down, we can turn off its containers:

sudo docker compose -f compose.yml down

Let’s now install nagios-plugins that will allow us to create some service checks inside LiberNMS. To do so, we will create a temporal Ubuntu container (named tmp) to install nagios-plugins copy the binaries we need to LibreNMS files and delete them:

sudo docker run --name tmp -v $(pwd)/librenms:/opt/librenms -i -t ubuntu bash
apt update
apt install nagios-plugins -y
cp -P /usr/lib/nagios/plugins/* /opt/librenms/monitoring-plugins/
exit
sudo docker rm tmp

Then, we can start LibreNMS again:

sudo docker compose -f compose.yml up -d

The plugins will now be available inside the “Add Service” menu, under “Type”.

Setting up Website checks

Now that Nagios plugins are installed, we can use the Nagios check_http plugin to monitor the status of our websites.

Certificate Check

Let’s create a service to check our website certificate.

  • Click + Add Service from the menu
  • Give a name to the service
  • Select a device from the list (maybe the server hosting the website)
  • Select http as a Check Type
  • Input the domain of your website inside the Remote Host input
  • Input the parameters --sni -S -p 443 -C 30,14 -t 20 inside the Parameters input
  • Click Add Service

This will check the certificate of the website and generate a critical alert if it is about to expire in less than 14 days or generate a warning if it is about to expire in less than 30 days.

Website Check (HTTP/HTTPS)

Let’s create a service to check our website status over HTTP or HTTPS.

  • Click + Add Service from the menu
  • Give a name to the service
  • Select a device from the list (maybe the server hosting the website)
  • Select http as a Check Type
  • Input the domain of your website inside the Remote Host input
  • Input the parameters inside the Parameters input
    • to check an HTTP website insert the: -E -p 80 -t 20
    • to check an HTTPS website insert the: --sni -E -S -p 443 -t 20
  • Click Add Service

This will check the website and generate an alert in case it throws an error or if the website is unresponsive.

Sum up

LibreMNS is an easy to setup tool that can assist you in monitoring your servers and services. Plus, it can be easily set up using Docker. You can give it a try! 😊

Installing Portainer on Docker

I found Portainer to be just what I needed to manage the containers of my small Docker servers. You can install it easily as a container running on the same Docker server that you want it to manage.

Setting Portainer up

To install it, you first need to create a volume so that it can store your accounts and preferences:

sudo docker volume create portainer_data

Then you can deploy the container using the official Portainer image (please note that in the following command, I removed the -p 8000:8000 port mapping as I will only be using the HTTPS protocol to connect to it):

sudo docker run -d -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest

Now, you can visit though https (under port 9443) the deployed Portainer app to create an admin account. For example, if your server is located at 10.10.1.30, you can access Portainer at:

https://10.10.1.30:9443/

Please note that your browser will not trust the certificate, thus you will have to “Accept the risks” and proceed.

Updating Portainer

Updating Portainer to the latest version is relatively simple. First, you will have to pull the latest version of the container using:

 sudo docker pull portainer/portainer-ce:latest

Then you can just recreate the container without deleting the volume holding your configuration:

sudo docker stop portainer
sudo docker rm portainer
sudo docker run -d -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest

As simple as that! 🙂

Installing Gogs Git Server on Raspberry Pi

Git is a must-have utility for programmers. It allows you to track code changes and easily share your code with others enabling remote collaboration. Online git services like GitHub, GitLab, and Bitbucket are nowadays accessible for everyone, though sometimes the need to self-host a private service arises.

Gogs is an open-source git server, light enough to run on a Raspberry Pi. It is written in Go Lang and provides pre-compiled binaries for arm architectures.

In this tutorial, we will install Gogs on a Raspberry Pi 2. So, first, connect to your Raspberry, and let’s start!

Update your system

To start with, update our system and install any missing dependencies.

sudo apt update
sudo apt install wget unzip git -y

Prepare for installation

We will create a special user called git to operate the Gogs server. The following command will create the user and disable his password:

sudo adduser --system --shell /bin/bash --gecos "User for managing of gogs server" --group --disabled-password --home /home/git git

The next thing we will have to do is to download the pre-compiled Gogs package. Check the latest versions available at https://dl.gogs.io/. At the time of writing this report the latest version is 0.12.3 so we downloaded the gogs_0.12.3_linux_armv7.zip package (armv7architecture is compatible with Raspberry Pi 2, 3, and 4).

sudo su -c 'su git -c "wget https://dl.gogs.io/0.12.3/gogs_0.12.3_linux_armv7.zip -O ~/gogs_download.zip"'

After the download completes, unzip the package and then you may delete it.

sudo su -c 'su git -c "unzip ~/gogs_download.zip -d ~/"'
sudo su -c 'su git -c "rm ~/gogs_download.zip"'

Start the server

Now let’s setup the Gogs service to manage the server. Download the service script from the Gogs repo:

sudo wget https://raw.githubusercontent.com/gogs/gogs/main/scripts/systemd/gogs.service -O /lib/systemd/system/gogs.service

And then, enable the service and run it.

sudo systemctl enable gogs
sudo service gogs start

Follow the web installer

Now browse to the installation located at http://<your-raspbery-ip>:3000/install and complete the installation steps.

BIOS Flashing on Chuwi Hi10 Air

Back in 2019, I bought a cheap Windows 10 tablet, the Chuwi Hi10 Air. Although Windows in tablet mode offers a very nice touchscreen experience, the low specification of the Hi10 Air makes it quite slow by today’s standards. For this reason, I started searching for alternative operating systems to improve the performance. After successfully testing several Linux versions, I found a guide about installing Android and I thought to give it a go, thus I got the suggested bios file and flashed it on my Chuwi, and then… nothing…

I searched on the Chuwi forum and found a little information on what to use to flash new bios to unbrick my device. Since the bios chip was on the motherboard, I planned to use the CAMP bios flash method. The first thing to do was to buy a USB programmer for the bios chip. I found an “EEPROM BIOS USB Programmer CH341A + SOIC8 Clip + 1.8V Adapter + SOIC8 Adapter Kit” on eBay for $12 with free shipping which seemed exactly what I needed. I bought one and waited for it to arrive. Additionally, I found the appropriate Chuwi Hi10 Air BIOS for my model number (found at the back of the device) at the Chuwi forum and saved it.

You shall now be called the “Jenga BIOS programmer“!
The CH341A programmer with the needed adapters is attached.

A few months later (it takes 1-2 months for me to get my orders from China) I received the programmer, I assembled it based on some images I found on a Chuwi flash guide and I was ready. Since the proposed guides used some questionable untrusted signed programs on Windows, I thought to give myself a break and just use Linux instead. I booted by Ubuntu and installed `flashrom`:

sudo apt install flashrom

Based on the guide I saw the BIOS flashing steps were simple:

  1. Buy an appropriate chip programmer
  2. Download the appropriate BIOS file
  3. Disassemble the tablet (be careful not to break the screen)
  4. Unplug the battery from the motherboard
  5. Clamp programmer on the BIOS chip
  6. Program the BIOS chip
  7. Detach the programmer & connect the battery cable back to the motherboard
  8. (optionally) Try to power on the tablet and see if it boots up
  9. Assemble the tablet
  10. Install the OS of your preference

I disassembled the tablet and unplugged the battery cable. Now it was time to connect the programmer on the chip. Be sure to clamp it correctly, it may take some tries.

Clamp dat chip!
The CH341A programmer attached to the Chuwi’s BIOS chip.

To be sure that the clamp is attached correctly, first try to read the BIOS already flashed on the chip. Here is an example of an incorrect connection that is not able to read from the chip:

bannana@thanos:~/$ sudo flashrom --programmer ch341a_spi
flashrom v0.9.9-r1954 on Linux 4.15.0-130-generic (x86_64)
flashrom is free software, get the source code at https://flashrom.org

Calibrating delay loop… OK.
No EEPROM/flash device found.
Note: flashrom can never write if the flash chip isn't found automatically.
bannana@thanos:~/$

Clamp correctly the programmer and try again. After a successful connection, it’s time to flash the correct BIOS for my device that I got from an official source on the forum. My BIOS file was `BIOS_1906.BIN`, thus I called once again the `flashrom` with the BIOS file to flash:

bannana@thanos:~/$ sudo flashrom --programmer ch341a_spi -w BIOS_1906.BIN 
flashrom v0.9.9-r1954 on Linux 4.15.0-130-generic (x86_64)
flashrom is free software, get the source code at https://flashrom.org

Calibrating delay loop... OK.
Found GigaDevice flash chip "GD25LQ64(B)" (8192 kB, SPI) on ch341a_spi.
Reading old flash chip contents... done.
Erasing and writing flash chip... Erase/write done.
Verifying flash... VERIFIED.
bannana@thanos:~/$

Success! Now my stupidly slow tablet boots!

Please be careful when closing the tablet. If during the disassembly one of the magnets is unseated, be sure to place them with the correct polarity (to match the polarity of the magnetic keyboard). Additionally, do not forget to place the power and volume buttons at their respective place.

Conclusion

Flashing the bios on the Chuwi was relatively easy assuming that you have the correct tools. Acquiring the appropriate tools and software though, requires research and thus time.

TP-Link TL-WN722N v2 & v3 monitor mode

What is monitor mode?

Putting your network card in monitor mode allows you to capture all the wireless traffic in the surrounding area. Monitor mode can be used to detect nearby devices, where they are connected, capture their MAC addresses (which can be used to identify the device), or even monitor network traffic of unprotected networks. Thus, monitor mode is essential for wireless network hacking.

The TL-WN722N

TL-WN722N is a nice, easy-to-use, and relatively cheap wireless USB adapter that can be used to monitor wireless channels. But there is one problem, for the v2 and v3, the default driver on Debian-based systems (like Ubuntu or Kali Linux) does not work as intended. Let’s fix it!

Fixing TL-WN722N v2 & v3 monitor mode on Debian-based systems

Prepare your system

The first thing to do is make sure our apt is updated and also that the required programs are installed:

sudo apt update
sudo apt install bc
sudo apt install linux-headers-$(uname -r)
sudo apt install build-essential git dkms -y

Get and build the right driver

A working driver for your TL-WN722N v2 or v3 exists on Aircrack-ng’s Github. You can download the driver and compile it.

cd ~/Downloads
git clone https://github.com/aircrack-ng/rtl8188eus
cd rtl8188eus
make

Alternatively, you may also use a driver from lwfinger’s Github.

Blacklist current driver

To disable the current not working driver from loading after reboot, blacklist it.

sudo sh -c "echo 'blacklist r8188eu' >> /etc/modprobe.d/realtek-wn722n-fix.conf"

Permanently install the working driver

Now the only thing left to do is install the driver we compiled:

cd ~/Downloads/rtl8188eus
sudo make install
sudo modprobe 8188eu

Then reboot the system and check if the monitor mode works.

Reverting back to the old driver

If you for any reason want to enable back the old not working driver, just remove the black list file.

sudo rm /etc/modprobe.d/realtek-wn722n-fix.conf