Linux Tips and Tricks The Linux Tips and Tricks section is a valuable resource for enhancing your Linux operating system knowledge, which is essential for optimizing your experience with FileWave Server, Boosters, and IVS. This section provides a wide range of tips and tricks that cover various aspects of Linux, including system administration, command-line usage, package management, troubleshooting, and security. By familiarizing yourself with Linux best practices, customization options, and efficient workflows, you can improve your proficiency in managing and maintaining your Linux-based FileWave infrastructure. Discover valuable insights to maximize the performance, security, and efficiency of your Linux environment, ultimately enhancing your FileWave deployment. How to Disable Apache Version Number Disclosure on FileWave Server What FileWave Server can expose Apache version details in its HTTP response headers by default. This article shows how to reduce that disclosure so the server reports only Apache instead of the full component and version string. When/Why Use this when you want to reduce unnecessary version disclosure on a FileWave Server. Exposing detailed version information can make targeted reconnaissance easier, so tightening the Apache response is a reasonable hardening step. Date: Fri, 14 Jul 2023 00:05:55 GMT Server: Apache/2.4.57 (Unix) OpenSSL/3.0.9 mod_wsgi/4.9.4 Python/3.10 Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: SAMEORIGIN Content-Length: 362 The example above shows the kind of response header Apache can return before this hardening change is applied. Revealing version numbers can potentially expose the server to targeted attacks, as this information helps attackers focus their efforts. How SSH into your FileWave server. If you are unsure how to do this, contact FileWave Technical Support. Open /usr/local/filewave/apache/conf/httpd_custom.conf in a text editor, for example: sudo vi /usr/local/filewave/apache/conf/httpd_custom.conf Add these lines to the file: ServerTokens Prod ServerSignature Off Save the file. Restart Apache: fwcontrol apache restart After the restart, a new header check should return a shorter Server header similar to this: HTTP/1.1 400 Bad Request Date: Fri, 14 Jul 2023 00:11:38 GMT Server: Apache Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: SAMEORIGIN Content-Length: 362 Related link: FileWave Technical Support How to Setup a LAMP Server on a Ubuntu Linux system The purpose of this brief guide is to take you through the process of setting up a LAMP (Linux, Apache, MySQL, PHP) server on a local Ubuntu Linux machine or virtual machine. This will allow you to develop using PHP and MySQL (with phpMyAdmin). This is a common stack that is necessary for Wordpress development. Install the necessary packages You will need to install the following packages for the LAMP server. You can install them all at once by separating each package by a space, or one at a time like shown. I prefer to download one at a time because it is easier to see if there were any errors. Enter the terminal and type the following: sudo apt-get install apache2 sudo apt-get install php sudo apt-get install php-mysql sudo apt-get install mysql-server You should then be prompted to set a password for the MySQL root user. After setting the password continue to install: sudo apt-get install libapache2-mod-php sudo apt-get install php-mcrypt sudo apt-get install phpmyadmin You should then be prompted which server to use. Select Apache by pressing enter. Select no for advanced server setup. Change permissions to the /var/www/html In order for PHP scripts and files to be run by the LAMP server they need to be saved in the /var/www/html directory. You can think of this location as your local server. In order to make changes to this directory we need to change the permissions on it. In the terminal enter the command: sudo chown {your ubuntu username} /var/www/html Create a symbolic link to phpMyAdmin By default, phpMyAdmin is installed in the /usr/share/ directory. We need to move it to our local server directory. We navigate to the server directory that we want the link in by:  cd /var/www/html Then create the link by entering the command  ln -s /usr/share/phpmyadmin phpmyadmin. Restart Apache and test Run the following command to restart Apache, setting the changes that were made: sudo systemctl restart apache2 You should then be able to create an info.php file in the /var/www/html directory with this command:  touch /var/www/html/info.php In the file type the following php code: Then, open a browser and type in localhost/info.php You should see a page from the php file you just wrote that gives you information about php. Finally, to access phpMyAdmin go to localhost/phpmyadmin in your browser. The default root username is ‘root’ and the password is the password you chose earlier for the MySQL database. Example Script #!/bin/bash # This will install Apache / MySQL / PHP on Linux (LAMP) # It includes ImageMagick and enables .htaccess redirect files # Many apps use those. # Update repositories sudo apt-get update -y # Upgrade packages sudo apt-get upgrade -y # Install packages sudo apt-get install -y apache2 sudo apt-get install -y php sudo apt-get install -y php-mysql sudo apt-get install -y php-cli sudo apt-get install -y php-gd sudo apt-get install -y php-curl sudo apt-get install -y php-zip sudo apt-get install -y mysql-server sudo apt-get install -y libapache2-mod-php sudo apt-get install -y phpmyadmin sudo apt-get install -y imagemagick sudo apt-get install -y php-imagick # Prompt for MySQL root password echo "Please enter the new password for the MySQL root user:" read -s root_password # Change authentication for root user sudo mysql <" > /var/www/html/index.php # Output completion message echo "Setup completed. Visit localhost/index.php to check PHP info. Access phpMyAdmin at localhost/phpmyadmin with the root password you entered." Installing SSL #!/bin/bash # Install Certbot and the Certbot Apache plugin sudo apt-get install -y certbot python3-certbot-apache # Prompt for the domain name echo "Please enter the domain name for the SSL certificate:" read domain_name # Run Certbot for the domain sudo certbot --apache -d $domain_name # Test automatic renewal sudo certbot renew --dry-run # Check if ufw is installed if command -v ufw &> /dev/null then # Allow HTTPS through the firewall sudo ufw allow 'Apache Full' else echo "ufw not found. If you have another firewall, please manually open port 443 (HTTPS)." fi # Output completion message echo "SSL setup completed. Visit https://$domain_name to check the SSL status." Mount macOS & Windows shares on Debian Mount macOS & Windows shares on Debian e.g. in case you need to save backups on a network share. Step-by-Step Guide for Debian Mounting Windows Shares Install CIFS Utilities: Open a terminal and install the CIFS utilities package if it's not already installed. sudo apt-get update sudo apt-get install cifs-utils Mount the Windows Share: Use the mount command to mount the Windows share. Replace the placeholders with your actual values. sudo mount -t cifs -o username=yourusername,password=yourpassword //yourIPAddress/yoursharedfolder /yourfoldertomount Mounting macOS Shares Install CIFS Utilities: Ensure the CIFS utilities package is installed (this step is the same as above). sudo apt-get update sudo apt-get install cifs-utils Mount the macOS Share: Use the mount command to mount the macOS share. Replace the placeholders with your actual values. sudo mount -t cifs //yourIPAddress/yoursharedfolder /yourfoldertomount -o username=yourusername,password=yourpassword,nounix,sec=ntlmssp Creating and Sharing a Folder Create a Folder: Create the folder where you want to mount the share. sudo mkdir /yourfoldertomount Replace the Placeholder: Replace yourfoldertomount with the actual path of the folder you created in the mount commands above. Example If you want to mount a Windows share with IP 192.168.1.100 and shared folder name backup to a local directory /mnt/backup: Create Local Directory: sudo mkdir /mnt/backup Mount the Share: sudo mount -t cifs -o username=myuser,password=mypassword //192.168.1.100/backup /mnt/backup Similarly, for a macOS share: Create Local Directory: sudo mkdir /mnt/backup Mount the Share: sudo mount -t cifs //192.168.1.100/backup /mnt/backup -o username=myuser,password=mypassword,nounix,sec=ntlmssp Additional Tips FSTAB Entry for Persistent Mounts: To make the mount persistent across reboots, add an entry to /etc/fstab: //yourIPAddress/yoursharedfolder /yourfoldertomount cifs username=yourusername,password=yourpassword,nounix,sec=ntlmssp 0 0 Security Note: Storing passwords in plain text can be a security risk. Consider using a credentials file: //yourIPAddress/yoursharedfolder /yourfoldertomount cifs credentials=/etc/cifs-credentials,nounix,sec=ntlmssp 0 0 And create /etc/cifs-credentials with the following content: username=yourusername password=yourpassword Ensure the credentials file has appropriate permissions: sudo chmod 600 /etc/cifs-credentials CentOS Details If you are on CentOS and are migrating off of it and need to do it here is the old documentation on this same process: For Linux to Windows: mount -t cifs -o username=yourusername,password=yourpassword //yourIPAdress/yoursharedfolder /yourfoldertomount For  Linux to macOS sudo yum install cifs-utils  mount -t cifs //yourIPAddress/yoursharedfolder /yourfoldertomount -o username=yourusername,password=yourpassword,nounix,sec=ntlmssp Create a folder and share it then replace this value "yourfoldertomount" with the right shared folder name. Related Content FileWave Server Backup and Restore Upgrading or Updating MariaDB on AlmaLinux 9 What Use this procedure to move an AlmaLinux 9 server to a newer MariaDB release from the MariaDB repository. Plan downtime and take backups first. When/Why Use this when you need a newer MariaDB release for fixes, security updates, or feature changes that are not available in the currently installed packages. How 1. Check the current MariaDB and AlmaLinux versions Confirm the current MariaDB version and the AlmaLinux release: mysql -V cat /etc/almalinux-release 2. Back up the databases and MariaDB configuration Back up the databases before changing packages or repositories: mysqldump -u root -p --all-databases > /tmp/database-backup.sql cp -a /var/lib/mysql /var/lib/mysql.backup cp -a /etc/my.cnf /etc/my.cnf_bk 3. Stop MariaDB and move the old repository file out of the way Stop MariaDB and move the existing repository definition aside: systemctl stop mariadb mv /etc/yum.repos.d/mariadb.repo /etc/yum.repos.d/mariadb_bk dnf update 4. Create the new MariaDB repository file Create or update /etc/yum.repos.d/MariaDB.repo for the major release you want to install. Example for MariaDB 10.11: [mariadb] name = MariaDB baseurl = https://yum.mariadb.org/10.11/rhel9-amd64 module_hotfixes=1 gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB gpgcheck=1 5. Remove the old MariaDB server package Remove the current MariaDB server package and clean the metadata cache: dnf remove mariadb-server dnf clean all 6. Install the new MariaDB packages and run the upgrade step Install the MariaDB packages from the new repository, then start and enable the service: dnf install MariaDB-server galera-4 MariaDB-client MariaDB-shared MariaDB-backup MariaDB-common systemctl start mariadb systemctl enable mariadb mariadb-upgrade -u root -p On MariaDB 10.5 and later, mariadb-upgrade is the current command. mysql_upgrade may still exist as a compatibility alias. Verify the installed MariaDB version and service status: mysql -V systemctl status mariadb Related Links MariaDB yum/dnf installation and upgrade docs: https://mariadb.com/docs/server/server-management/install-and-upgrade-mariadb/installing-mariadb/binary-packages/rpm/yum mariadb-upgrade reference: https://mariadb.com/docs/server/clients-and-utilities/deployment-tools/mariadb-upgrade AlmaLinux wiki: https://wiki.almalinux.org/ Updating CentOS Repo Files After Mirrorlist End of Life What CentOS reached the end of life on June 30, 2024. This will cause issues when attempting to download install packages from repositories. The CentOS mirror list feature allows yum, the package manager, to find and use the nearest and fastest mirror automatically. However, there can be circumstances where disabling this feature is necessary, such as: Mirror Issues: Sometimes, specific mirrors can be slow, outdated, or unreliable, causing issues with package installations and updates. When/Why Since mirrorlist.centos.org no longer exists, you will need to update the repo files on your CentOS server. Follow the steps below to update the repo file accordingly. How To resolve the issue, you can mass update all .repo files with the following commands run as root or with sudo when SSH'd to your Server, IVS or Booster: sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo sed -i s/^#.*baseurl=http/baseurl=http/g /etc/yum.repos.d/*.repo sed -i s/^mirrorlist=http/#mirrorlist=http/g /etc/yum.repos.d/*.repo yum clean all && yum -y update Explanation: The commands provided will perform the following actions: Replace all instances of mirror.centos.org with vault.centos.org in the .repo files. Uncomment (sed -i s/^#.*baseurl=http/baseurl=http/g) the baseurl lines in the .repo files. Comment out (sed -i s/^mirrorlist=http/#mirrorlist=http/g) the mirrorlist lines in the .repo files. Related Content mirrorlist.centos.org error FileWave Server on CentOS - EOL Migrating a Debian 12 Server to Debian 13 Please note that this is here for educational purposes. We are transitioning to Debian 13 with FileWave 16.3.0. This guide is published to get feedback from others and develop this process to be as safe as possible. The learnings from this article have gone in to our 1-liner upgrade scripts on the download pages. Those simple 1-liners are the way we expect you would get to Debian 13. What This guide explains how to upgrade a FileWave appliance running Debian 12 (“bookworm”) to Debian 13 (“trixie”). It focuses on the operating system upgrade process only — additional steps may be required for applications, services, or integrations you have installed. This is meant for the FileWave Appliances, but the idea should be able to apply to your Debian instance running FileWave or any other solutions. For production appliances, we recommend: Take a full VM snapshot or backup before starting. Perform the upgrade in a staging environment first if you have one. Schedule downtime in case of post-upgrade adjustments. When/Why You should use this guide when: Your FileWave appliance is currently on Debian 12, and you want to move to Debian 13 to take advantage of updated security patches, improved package support, and upstream enhancements. Upgrading ensures long-term security compliance and keeps your system in a supported state for both Debian and FileWave. How Please note that this is here for educational purposes. We are transitioning to Debian 13 with FileWave 16.3.0. This guide is published to get feedback from others and develop this process to be as safe as possible. The learnings from this article have gone in to our 1-liner upgrade scripts on the download pages. 1. (Optional) Use screen to Avoid SSH Disconnects For all of the steps below you would be logged in via VMWare or HyperV console sessions which are safer than an SSH session. If you use SSH then be sure to use this step so you can reconnect if needed to a lost session. The steps below are very easy but fully explained which makes this document seem longer. If at any step you feel lost or stuck please reach out to Technical Support to ask questions. sudo apt-get install -y screen && screen If you were to disconnect and were doing an SSH session using the above command you could reconnect and type; screen -ls This would show you; There is a screen on: 1234.pts-0.servername (Detached) 1 Socket in /run/screen/S-user. And then you could reconnect with; screen -r 1234 And then you can keep working with your prior session.  2. Check Free Disk Space Run: df -h A minimum of 5 GiB free is required. If needed, free space with: sudo apt clean sudo apt autoremove And if you still need space consider expanding the disk: Expanding the Disk on a FileWave Appliance - Debian 3. Identify 3rd-Party Repositories Just in case you have any added that might need to be adjusted for Trixie. You'll want to see if you have anything there that should be considered. In my Linode lab I found that they add an Akamai repo that did not initially have a Trixie option. This step is here to just have a sanity check to make sure you haven't installed any additional repos that might not have a Trixie option.  ls /etc/apt/sources.list.d On the IVS I have the below repo which is not specific to Bookwork or Trixie so it's fine that it is there and doesn't need to change and does not prevent you from upgrading to Debian 13. root@filewave:/etc# cat /etc/apt/sources.list.d/filewave-release.list deb [arch=amd64 signed-by=/etc/apt/keyrings/filewave.gpg] https://fwdl.filewave.com/debian/apt-repo main main 4. Update Current Distribution In this step you will upgrade all the software to the latest Debian 12 version and then reboot the server to be sure that is what is running when you get to the next step; sudo apt-get update && sudo apt-get dist-upgrade --autoremove -y Reboot after the updates install; sudo reboot When you reconnect make sure to run screen again if you are using SSH to connect; screen 5. Update Debian Repository to “trixie” In this step we're changing any bookworm references to trixie for the sources used by apt which is the software that handles updates on Debian; sudo sed -i 's/bookworm/trixie/g' /etc/apt/sources.list 6. Update All 3rd-Party Repositories The line below assumes the repository supports Debian 13 (“trixie”). For instance on the IVS nothing would happen here unless you have additional repos installed.  sudo find /etc/apt/sources.list.d -type f -exec sed -i 's/bookworm/trixie/g' {} \; Afterward, run this to have it learn all of the Trixie updates that are available: sudo apt-get update Resolve any missing repository errors before continuing. If you get stuck on this step where it throws errors you should reach out to Technical Support to ask for advice.  7. Upgrade to Debian 13 Say Yes to restarting services when prompted, and keep existing configuration files unless you know you need the defaults. sudo apt-get dist-upgrade --autoremove -y You may see a prompt like the below because we customize /etc/issue on some images. Just press enter for the question about /etc/issue  Installing new version of config file /etc/debian_version ... Configuration file '/etc/issue' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** issue (Y/I/N/O/D/Z) [default=N] ? You may also see a question like this and you can pick Yes here; There are services installed on your system which need to be restarted when certain libraries, such as libpam, libc, and libssl, are upgraded. Since these restarts may cause interruptions of service for the system, you will normally be prompted on each upgrade for the list of services you wish to restart. You can choose this option to avoid being prompted; instead, all necessary restarts will be done for you automatically so you can avoid being asked questions on each library upgrade. You may also see a question like this and you can just hit Enter to pick "Keep the local version currently installed" so that the SSHd configuration stays the same; A new version (/tmp/tmp.ud6fJgwKB8) of configuration file /etc/ssh/sshd_config is available, but the version installed currently has been locally modified. What do you want to do about modified configuration file sshd_config? You may also see a question like this and again can just hit Enter to pick "Keep the local version currently installed" so that the NFS server configuration remains the same; A new version (/usr/share/nfs-common/conffiles/nfs.conf) of configuration file /etc/nfs.conf is available, but the version installed currently has been locally modified. What do you want to do about modified configuration file nfs.conf? If you see any other questions asked that do not make sense then please reach out to Technical Support to ask and we will use those questions to improve this article. Reboot after the Trixie updates install; sudo reboot 8. Modernize Debian Sources This will create /etc/apt/sources.list.d/debian.sources and /etc/apt/sources.list.d/debian-backports.sources. sudo apt modernize-sources You will be prompted with a Y/n and should type Y and then enter to continue; root@filewave:~# sudo apt modernize-sources The following files need modernizing: - /etc/apt/sources.list - /etc/apt/sources.list.d/filewave-release.list Modernizing will replace .list files with the new .sources format, add Signed-By values where they can be determined automatically, and save the old files into .list.bak files. This command supports the 'signed-by' and 'trusted' options. If you have specified other options inside [] brackets, please transfer them manually to the output files; see sources.list(5) for a mapping. For a simulation, respond N in the following prompt. Rewrite 2 sources? [Y/n] Modernizing /etc/apt/sources.list... - Writing /etc/apt/sources.list.d/debian.sources Modernizing /etc/apt/sources.list.d/filewave-release.list... - Writing /etc/apt/sources.list.d/filewave-release.sources Finally do one last update to ensure you see no errors; sudo apt-get update && sudo apt-get upgrade --autoremove -y And a final reboot and you are all done! sudo reboot Troubleshooting Errors Updating after going to Trixie When updating Debian after going to Trixie, apt update fails for trixie-backports with an error about “missing Signed-By” or “NO_PUBKEY”. Edit the /etc/apt/sources.list (or .list file in /etc/apt/sources.list.d/) for the trixie-backports line and change it to look like: deb [signed-by=/usr/share/keyrings/debian-archive-keyring.gpg] http://deb.debian.org/debian trixie-backports main contrib non-free-firmware Save the file, then run: sudo apt update You should not see the error any more.  Related Content Debian 13 Release Notes Debian 13 Upgrade Notes Debian 12 to 13 Upgrade Guide Digging Deeper The upgrade path from Debian 12 to Debian 13 is generally smooth for systems that are close to “vanilla” Debian. The biggest potential issues come from: Third-party repositories: These must have a trixie branch. If not, you may need to comment them out temporarily. Custom applications: Each application’s compatibility with Debian 13 should be verified before upgrading. Kernel changes: Debian 13 may introduce new kernel defaults — test in a lab environment if you have kernel-level drivers or modules.