DNS SETUP on UBUNTU 24.04

In Kali / Debian, old Ubuntu, we used to edit /etc/network(ing)/interfaces where we could simply change ip to static, add default gateway, change net-mask and so. Then in /etc/resolve.conf we just added two nameservers from openDNS. That was it. 

In Ubuntu, the IfUP/ifDOWN network manager got changed by the Netplan service and our precious stuff is all over the place. I recently worked a lot with non gui, ubuntu server, but just yesterday, I installed the latest 24.04 ubuntu as my main OS and it is again different. 

/etc/resolve.conf is maintained, but is a symlink, for apps that still use it. Same for stub-resolve.conf

So first of all, if we wanted to get our own DNS servers going, we kind of must disable DHCP as it provides DNS too. Static IP will be needed. However, as I started with a clean install of the Ubuntu, it just got set up all on it's own, no questions asked. I thought just like in ubuntu-server I can get my 00-netcfg.yaml modified and that is it. No !!!
We must create one, actually. 

nano /etc/netplan/01-netcfg.yaml
------------------------------------------------------------------

network:        
     version: 2                    # use of Netplan version 2
     renderer: networkd            # system service provided by systemd
     ethernets:                    # ethernet config
       enp0s3:                     # 'enp0s3' interface config
          addresses:               
            - 192.168.1.40/24      # IP address and subnet mask
          routes:                    
            - to: default          # gateway default   
            via: 192.168.1.254     #router ip
          nameservers:             # DNS
            addresses: [208.67.222.222,208.67.220.220]

------------------------------------------------------------------
save & exit

After applying this, still, my DNS was coming from DHCP. So I checked 50-cloud-init.yaml in the same folder. It had a "dhcp4: true" notation, that I turned false, but in the meantime we can read the beginning of the file, that a

nano /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg 

file should be created with this content:
------------------------------------------------------------------

network:
    ethernets:
        enp3s0:
            dhcp4: false
    version: 2

------------------------------------------------------------------
save&exit

netplan apply

Warning / Warning / Warning - about your config files being too open. So simply : '/etc/netplan/chmod 600 *'
so all files will be read and write for root, and no-one else.

NO DHCP / OpenDNS

All is nice and cute, but your router might still be set up to use 1.1.1.1 or 8.8.8.8 for name resolving. To assure more of your anonymity, you should change your router settings too, just in case other devices are on the same router as you and you are also connected to them in the meantime.

INSTALL CISCO PACKET TRACER on UBUNTU 24.04

Normally you'll have some issues while installing packet tracer and the Cisco or Ubuntu recommendations won't work. 

Download your packet tracer first, that is obligatory.

Then download this:

   https://packages.ubuntu.com/jammy-updates/amd64/libgl1-mesa-glx/download

If the website states error go here:
   https://packages.ubuntu.com/
   Search for this package: libgl1-mesa-glx

Use chown 777 on both files (anyways after you'll delete them)

Then simply install both packages with apt. Not with dpkg !!!

• sudo apt install /home/levi/Downloads/libgl1-mesa-glx_23.0.4-0ubuntu1~22.04.1_amd64.deb 
• sudo apt install /home/levi/Downloads/CiscoPacketTracer822_amd64_signed.deb

That is it. After this, no more issues should pop up. It will work just fine. 

 

LINUX LOGs - local / remote audit

LOG Files are crucial to auditing linux. Including not only error handling, but seeing who logged in when and what did he do, emails in and out, startup issues, server issues and more. 

Previously we found that log list in /etc/rsyslog.conf.

More Recently in /etc/rsyslog.d/50-default.conf 

grep "/var/log" /etc/rsyslog.d/50-default.conf

----------------------------

What can be great function to us, is to centralize logging of multiple servers to one single server. If you were running apache/mysql/GLPI under Debian and Snort/Nagios under 1 or 2 CentOS, you can have all of the logs under your Ubuntu Server:

First you edit simply your /etc/rsyslog.conf file on your central server.
You simply have to untag two lines under "provides UDP syslog reception". UDP as it is less gourmand in case of network resources than a TCP protocol, what can be crucial when running a lot of local servers. Then we restart the logging with :
    systemctl restart rsyslog

With an ss -lptun we can check open ports:

Port 514 ready for UDP reception, as marked in rsyslog

---------------------

Under a nude server, like what we need for nagios of glpi, rsyslog is not necessary installed. We must apt install rsyslog . This is what I did for my Debian server. Then edit again rsyslog.conf on this server.
Symply add a line of authpriv.* @192.168.1.40:514   -> to log our stuff to our goal server. @@ --> tcp logging @ --> udp logging.

systemctl restart rsyslog

----------------------------------

We can return to our goal server and run a tail and leave it open.
tail -f /var/log/auth.log
Then for instance initiate an SSH connection, one way or another from or to our client server. It will be logged:
ssh 192.168.1.33

We can now see all actions of authentication logged onto our server. This is how simple it is, but in further blogs, we will dive deeper into auditing our linux server.  

------------------------------------

Then in /var/log/auth.log we can find info on logins and ssh connections
(/var/log/secure in redhat/centos or probably other non-rsyslog systems)

• grep login /var/log/auth.log
• grep ssh /var/log/auth.log
• journalctl | grep login     # for even more dated history on login
  
• journalctl | grep ssh       # for even more dated history on ssh

-----------------------------------

SYSTEM / START INFO on NIC (Network interface cards)
    # dmesg = 'display message'
    dmesg | grep e1000         # for ethernet adapter detect par kernel           
    
    # Info on Detection of NIC
    kern.log
    grep e1000 /var/log/kern.log
    # Info on config of NIC
    syslog
    grep enp0s3 /var/log/syslog

 INFO on REBOOT connections
    # in file wtmp  --> it is a binary file
    # used by log file reboot in other OSs
    last   # to see this under Ubuntu / Debian

-------------------------------

W/HO is Connected Right Now and doing what
    who       # who is connected right now
    w         # work who is doing what

 

 _dnhyper