Page 1
Standard

HowTo SiriControl with Raspberry Pi 3

We can use Siri for a lot of things on our Apple device, but you can also use Siri to control IoT things that dont have support for HomeKit! This can be done by using SiriControl! SiriControl is a Python script that runs on your Raspberry and polls your Gmail account for newly created notes.

Notes? How does it work?

You can use Siri to make notes for you, and we can also use Gmail to store the notes. Now we have Siri that can store commands on a Cloud Based system like Gmail. As Gmail is IMAP aware we can use a python script to read the notes. This is the basic of SiriControl.

How to…

Below the steps you need to take to setup SiriControl on your Raspberry and the requirements for you Gmail account.

Create a Gmail account

Lets start with creating a Gmail account. Due to security reasons I recommend to use a new Gmail account because you have to enter your e-mail address and password in a Phyton script (yes unencrypted 🙁 ).

After creating make sure you do the following:

  1. Enable Less Secure Apps for you newly created account
  2. Enable IMAP in your settings so your iOS device can push the Notes

Add Gmail to your iOS device

Now we have created a Gmail account, we have to make sure that if we tell Siri to make a note for our command it gets send to Gmail. So grab your iOS device and go to: Settings –> Notes –> Accounts –> Add Account and create a new Google account on your device. Make sure it only Syncs the Notes! After creating the account set this account as Default Notes account in your iOS device under Settings –> Notes.

Now the fun part begins!

Get your Raspberry Pi up and running!

Now we have to configure the Python script to run on the Raspberry Pi. Follow below steps.

  1. Make sure python is installed
  2. Copy the files from Github https://github.com/theraspberryguy/SiriControl-System to your Raspberry
    1. Don’t forget to also copy the modules folder and the included files!
  3. Modify siricontrol.py to include your Gmail account credentials
  4. Run the script!
    # python siricontrol.py

It will now run in your SSH session, you can run this also by Cronjob in the background for example on boot.

What did I do with SiriControl? (some ideas)

As I’m using Kodi (LibreElec) in my home for watching movies / photos / listening music from my NAS and Kodi on Raspberry i would like to update the library as needed and not auto every x hours because I might be watching a movie and slowing down the performance or whatever. Now Python as a library for XBMC, called xbmc-json.

Also I’m trying to figure out if I can connect Volumio some way. Because Volumio has an App for iOS it should be possible as the system is receiving commands through some interface. Just have to figure out how this works so I can build a module for this.

Kodi and python

First of all we need a library and then we can connecti with a remote kodi setup through json.

  1. Install xbmc-json (if you havent done yet)
    Run the following as root / or with sudo
    # pip install xbmc-json
  2. Create your own script for SiriControl and import the module with:
    from xbmcjson import XBMC
  3. Next make a connection to your Kodi system so you can start giving commands (change the IP to your Kodi systems IP)
    xbmc = XBMC(“http://192.168.1.11/jsonrpc”)
    If you are using authentication your can also pass it with http://<user>:<pass>@192.168.1.11/jsonrpc and if you are using a custom port like 8080 add :8080 to the end of the ip address.
  4. enter the commands, for example for scanning a VideoLibrary for new content
    xbmc.VideoLibrary.Scan()

Volumio and SiriControl

As volumio has a REST API you can call it by simple HTTP requests like play and stop. Also you can start a Playlist (you have to configure one before), but just calling this with the import subprocess and then subprocess.call wget <volumio.local/api/v1/?cmd=… you can start and control it by Siri!

https://volumio.github.io/docs/API/REST_API.html

Some usefull links:

https://www.cyberciti.biz/faq/python-execute-unix-linux-command-examples/

https://howchoo.com/g/zdi2zgq2mjb/how-to-use-siri-to-control-anything-from-iftt-to-custom-programs-and-devices

http://www.instructables.com/id/SiriControl-Add-Siri-Voice-Control-to-Any-Raspberr/

Standard

HowTo: Raspberry Pi 3 UniFi Controller AC-AP PRO

As I was using a Miraki AP (MR12) and the license was about to end I started looking for a new AP. The Web GUI for Meraki is really nice, but the MR12 is slow and already 3 years old. Also the licenses are pretty expensive so I decided it is time to upgrade. When searching I found the Ubiquiti UniFi AC AP Pro as a good solution. I noticed there is a controller software required to configure the AP. Also I found some tutorials to add the Controller software to my RPi 3 running as a VPN server (OpenVPN) and local DNS server (Bind).

Well let’s install the Unifi software! This is how I did add / install the software.

Note: I did follow some steps from this tutorial but added some extra info to get it working on my home setup: http://www.lowefamily.com.au/2016/06/02/installing-ubiquiti-unifi-controller-5-on-raspberry-pi/3/

Let’s Start!

Update your RPi system

First of all make sure your Raspberry Pi is up-to-date.

sudo apt-get update && sudo apt-get upgrade -y

After the packages are updated also run the latest firmware for your RPi

sudo rpi-update

This can take some time so please wait and reboot your system after it is done (just run “reboot”)

Install Unifi Controller Software

Now let’s add the Unifi controller software. First we need to make sure to add the Repository to the RPi so we can use apt-get.

echo ‘deb http://www.ubnt.com/downloads/unifi/debian unifi5 ubiquiti’ | sudo tee -a /etc/apt/sources.list.d/ubnt.list > /dev/null
sudo apt-key adv –keyserver keyserver.ubuntu.com –recv C0A52C50
sudo apt-get update

After we have added the Repository we can start the installation. Keep in mind we just updated apt-get already so running the install is sufficient. This will install the Unifi software including JAVA7. If you need / want JAVA8, i’m sorry out of scope here 🙂

sudo apt-get install unifi -y

Next reboot your system again 🙂

sudo reboot

When trying to reach http://rpi-hostname:8443 i was not able to get an webinterface, this was due to the fact i’m running IPtables on my RPi. So let’s add the TCP port to allow it. Also you have some other ports to allow like 8080 with the inform URL. See for port info: https://help.ubnt.com/hc/en-us/articles/218506997-UniFi-Ports-Used
Note:
Change eth0 to your interface nic where you are connecting to!

sudo iptables -A INPUT -i eth0 -p tcp –dport 8443 -j ACCEPT

sudo iptables -A INPUT -i eth0 -p tcp –dport 8080 -j ACCEPT

sudo iptables -A INPUT -i eth0 -p tcp –dport 8880 -j ACCEPT

sudo iptables -A INPUT -i eth0 -p tcp –dport 8843 -j ACCEPT

Don’t forget to save the rules 🙂

When done you can visit the webinterface to start configuring your Unifi AP. Browse to http://rpi-hostname:8443 and start configuring!

Configure Unifi Controller

Now we have a running Controller on our Raspberry Pi 3 it’s time to configure your AP.

The controller will detect your new AP and you can follow the On-Screen instructions to configure your AP.

Standard

Enable Let’s Encrypt on DirectAdmin 1.50.1

As there is a change within the law we need to have make sure all Personal Data  send through a website is securely send. Now as I’m running several DirectAdmin Servers we have the option to use Let’s Encrypt. A great addon / feature to DirectAdmin to generate and secure a website! Except for the thing that my DA server was failing in securing sites… I had to do the following to make sure I could enable this website (https://blog.bram.co.nl and my personal site https://www.bram.co.nl).

Steps taken:

  1. Enable Let’s Encrypt in the DirectAdmin config

    echo “letsencrypt=1” >> /usr/local/directadmin/conf/directadmin.conf

  2. Restart DirectAdmin to reload the configuration and update some configs

    echo “action=directadmin&value=restart” >> /usr/local/directadmin/data/task.queue; /usr/local/directadmin/dataskq d2000

  3. Now you should be able to see the SSL option Lets Encrypt if logged in as a User (User Level -> SSL Certificates -> Check for the Lets Encrypt options

When trying out i got some Agreement error…

{
“type”: “urn:acme:error:malformed”,
“detail”: “Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf]”,
“status”: 400

}.

  1. To Fix this issue I had to update the SH script for Let’s Encrypt

    wget -O /usr/local/directadmin/scripts/letsencrypt.sh http://files.directadmin.com/services/all/letsencrypt.sh

Now I could generate a certificate but still ran into a problem about the .well-known file… This was missing

  1. Modify the httpd-alias.conf file and add a well-known file

    Modify: /etc/httpd/conf/extra/httpd-alias.conf and add:
    Alias /.well-known “/var/www/html/.well-known”

  2. Now restart Apache and DirectAdmin

Now you will be able to generate a Let’s Encrypt certificate for you website.

 

Standard

HowTo Homebridge on Raspberry Pi 3 for iOS and Smart Devices

In the Easter weekend I suffered some eye injury on both my left and right eye. My sight went fro 100% back to 5% on the left and right eye. From that day i knew it was going to be a long recovery with several surgery’s. As a tech guy i already have some Smart Devices and wanted to use them with my Apple Devices. Considering the HomeKit does not support mutch I did some research and found HomeBridge. My devices currently connected to my home network are:

  • Philips Hue lights
  • Kodi MediaCenter
  • NetAtmo Weather Station
  • IFTTT
  • Temp Sensors connected to my Pi

Let’s use Siri to talk with those devices and get information out of them! Too bad Apple does only support Hue, this is where HomeBridge comes in Handy. HomeBridge serves as an extra layer to control devices through plugins with Siri from your iOS device like iPad / iPhone.

I’m running a Raspberry Pi 3 already as a private DNS (to manage my devices by DNS instead of IP address (Kodi, Printer, Switches, Server(s), and so on..), this device can do a lot more.

Installing HomeBridge (Raspberry Pi 3)

First of all update your Raspbian installation

sudo apt-get update

sudo apt-get upgrade

This can take a while…

Next we start installing NodeJS and a prereq for HomeBridge

wget https://nodejs.org/dist/v4.0.0/node-v4.0.0-linux-armv6l.tar.gz

tar -xzf node-v4.0.0-linux-armv7l.tar.gz

cd node-v4.0.0-linux-armv7l

Now we have downloaded NodeJS and extracted it. Next step is to copy all the files to /usrlocal Use the following command:

sudo cp -R * /usr/local/

The -R stands for Recursive so we will copy all files in all directorys. After we have copied them we have nodejs installed. You can check your version with

node -v

Let’s continue with the installation of the PreReqs.

sudo apt-get install libavahi-compat-libdnssd-dev

Now we have the PreReq qe can install Homebridge

As we already installed NodeJS, we now have some new commands available. With these commands we can install the Homebridge server.

sudo npm install -g homebridge

This can take some time, on my RPi 3 it took about 5 to 10 minutes. When the installation is done we can start Homebridge by entering the following command:

homebridge

When you run this command it will try to start Homebridge, this will fail because we have no plugins installed and a valid config.json file with the homebridge configuration. You will see a similar error “No plugins found. See the README for information on installing plugins.”

Homebridge Config.json

Now we have installed Homebridge we need a configuration for Homebridge. Also if we install any plugin we have to add it in the config file.

cd /home/pi/.homebridge
nano config.json

Paste the following code


{
"bridge": {
"name": "Homebridge",
"username": "CC:22:3D:E3:CE:30",
"port": 51826,
"pin": "031-45-154"
},

“description”: “This is my Homebridge Config file”,

“accessories”: [

],

“platforms”: [

]
}

Now we have the default config ready, but we still need a plugin to make it work properly. I did setup my NetAtmo weather station, you can use the following commands to setup your NetAtmo plugin, or download any other NPM plugin and follow the this guide as a how to. Make sure to download the right config example from the NPM website and replace the NetAtmo config with your plugin config file. This config is provided on the NPM Plugin website.

Configure Netatmo

Search for the Homebridge-netatmo NPM website and you will get information on how to install the plugin. This is also outlined below. First we have to install the plugin, and next we have to modify the config file. Let’s start by installing the plugin.

sudo npm install -g homebridge-netatmo

This will take a few seconds to install, after this is done we only have to configure this. On the website you will see an example config. You can use this one and modify it for you NetAtmo setup. Enter your Username and Password, and create an Application through the NetAtmo dev website so you can allow homebridge to connect to the NetAtmo API.

The config will look like the config below:

{
"bridge": {
"name": "Homebridge",
"username": "CC:22:3D:E3:CE:30",
"port": 51826,
"pin": "031-45-154"
},

“description”: “This is my Homebridge Config file”,

“accessories”: [

],

“platforms”: [
{
“platform”: “netatmo”,
“name”: “netatmo weather”,
“ttl”: 5,
“auth”: {
“client_id”: “CREATE ID AT https://dev.netatmo.com/”,
“client_secret”: “CREATE SECRET AT https://dev.netatmo.com/”,
“username”: “your netatmo username”,
“password”: “your netatmo password”
}
}

]
}

If we now start Homebridge we will see there is a NetAtmo Weather Station plugin loaded. Now you can start your Apple iOS application to connect to HomeBridge.

I’m using Insteon+ add a new device and it will find your Homebridge. Connect to Homebridge and enter the pin code in the config or check your SSH session to your RPi. Now you can start configuring the Siri Commands and create your Home with Rooms / Scenes and so on.

Autostart / start Homebridge

The final thing we need to do is to create an init.d script to start Homebridge. We use the following commands to create a script and add it to the defaults so it will start with a reboot from your RPi.

sudo nano /etc/init.d/homebridge

Paste the following code into this file and chmod it to 755 so we can execute it.

#!/bin/sh
### BEGIN INIT INFO
# Provides: homebridge
# Required-Start: $network $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start daemon at boot time
# Description: Enable service provided by daemon.
### END INIT INFO

dir=”/home/pi”
cmd=”DEBUG=* /usr/local/bin/homebridge”
user=”pi”

name=`basename $0`
pid_file=”/var/run/$name.pid”
stdout_log=”/var/log/$name.log”
stderr_log=”/var/log/$name.err”

get_pid() {
cat “$pid_file”
}

is_running() {
[ -f “$pid_file” ] && ps `get_pid` > /dev/null 2>&1
}

case “$1” in
start)
if is_running; then
echo “Already started”
else
echo “Starting $name”
cd “$dir”
if [ -z “$user” ]; then
sudo $cmd >> “$stdout_log” 2>> “$stderr_log” &
else
sudo -u “$user” $cmd >> “$stdout_log” 2>> “$stderr_log” &
fi
echo $! > “$pid_file”
if ! is_running; then
echo “Unable to start, see $stdout_log and $stderr_log”
exit 1
fi
fi
;;
stop)
if is_running; then
echo -n “Stopping $name..”
kill `get_pid`
for i in {1..10}
do
if ! is_running; then
break
fi

echo -n “.”
sleep 1
done
echo

if is_running; then
echo “Not stopped; may still be shutting down or shutdown may have failed”
exit 1
else
echo “Stopped”
if [ -f “$pid_file” ]; then
rm “$pid_file”
fi
fi
else
echo “Not running”
fi
;;
restart)
$0 stop
if is_running; then
echo “Unable to stop, will not attempt to start”
exit 1
fi
$0 start
;;
status)
if is_running; then
echo “Running”
else
echo “Stopped”
exit 1
fi
;;
*)
echo “Usage: $0 {start|stop|restart|status}”
exit 1
;;
esac

exit 0

chmod with the following command:

sudo chmod 755 /etc/init.d/homebridge

Next we have to tell the OS to start it at boot, we can do this with the following command

sudo update-rc.d homebridge defaults

Enjoy your Homebridge setup on your RPi 3!

 

EDIT 12-27-2016

For some reason my homebridge got killed after some hours, or some days or even after some minutes. I’m not sure why and was not in the mood to do research. I made a cronjob to check every hour if my homebridge is running (with the status), and if it was not running to just start it. You could set it to more ofter check for the status, like every 15 or even 5 minutes, but as i’m not checking every 5 minutes my iPhone or Apple Device for the Temps on my NetAtmo every hour was sufficient for me 🙂

You could also just run the /etc/init.d/homebridge restart command to make sure it gets restarted or started. Script i made is a bit buggy so not posting it here 🙂

Standard

SNMP Cannot adopt OID in UCD-SNMP-MIB errors on Raspberry Pi

As I’m a fan of new tech stuff I also have several Raspberry Pi’s in my home. One offcourse as mediacenter, but also I have one that is acting as FTP box for backups and my Private Cloud on my 100/100 home fiber connection. This Pi is running also Cacti and as the Raspberry Pi has an internal temperature sensor I was interested in showing this on my Cacti installation.

I followd this great tutorial on howto read the temp and output it. Check it out at: http://www.onestep2.at/en/blog/remote-sensor-raspberry-pi-locale-temperature-monitoring-snmp-and-cacti

But before i got to setting this up i had some issues with SNMP. My snmpwalk for testing showed a lot of errors:

Cannot adopt OID in UCD-SNMP-MIB

To fix this you can simply run the following command:

sudo apt-get install snmp-mibs-downloader

This will download the missing MIBs and apply them into your system. With the next SNMPWALK a lot of errors where gone, and the SH script for reading my Raspberry Internal Temperature was showing its correct value output, something like: Temp:40.1

Standard

DDoS / rootkit infection mikrjcfxwr

This week one of my XenServers for testing environments was suffering from Network loss and packet loss. My ISP did only see some broadcast traffic and was not sure what was going on.

The machine was sometimes responding and had most of the time a very high ICMP reply. After checking into this I found some strange cron jobs and strange files in /usr/bin and /lib after killing they came back under a new name. Also in /etc/init.d/ i found some strange scripts. They all appeared under strange names like:

  • mikrjcfxwr
  • smtqqusisa
  • getty
  • jfcqxcpocz

Now the steps to clean this machine where:

  1. Check the file /etc/crontab to see if you have an entry that runs every 3 minutes and delete this line:
    * /3 * * * * root /etc/cron.hourly/cron.sh
  2. Now use the ps -ej command to find the Parent process of the rootkit. This will be the first entry you see when running ps -ej
  3. Important step is to STOP the process and NOT kill it! Stop it with the PID from the previous command
    kill -STOP 1462
  4. Now check again to see the children have died, and the parent is still alive.
    ps -ej
  5. Next step is to delete all the files related to this virus. Check the following folders:
    /usr/bin
    /etc/init.d/
    /bin/
    /lib/libgcc4.so OR /lib/libgcc4.4.so
  6. Check the /etc/cron.hourly/cron.sh file to see what is was calling. Also check the init.d folder to see where the files are stored and remove them.
  7. Now kill the parent process and you should be clean and up and running!

Reminder!

The process can use different names!

Standard

Linux: Error, some other host already uses address

The last week I did a migration from a Virtual Machine (VMware based) from ISP A to ISP B, and after starting the machine it worked fine. Then I needed to add a new IP to the eth0 interface so I made an ifcfg-eth0:0 config file with the new IP.

After starting the eth0:0 i got the message:

Error, some other host already uses address

I was sure the IP was free, and I needed the IP attached to an interface so i could get a license for some software i was using.

Then I did some checkup in the ifup-eth file to see if I could bypass the check, and this was possible!

In the script ifup-eth I found a query and did modify this:

/etc/sysconfig/network-scripts/

# if ! /sbin/arping -q -c 2 -w 3 -D -I ${REALDEVICE} ${ipaddr[$idx]} ; then
# net_log $”Error, some other host already uses address ${ipaddr[$idx]}.”
# exit 1
# fi

As you can see we did comment out the check only! So the command works and can bring up the device. Now i finally could retrieve the file and my software started working.

Now i wanted to know what Device is using the IP address. To check this i took the command in the ifup-eth file and modified it:

/sbin/arping -c 2 -w 3 -D -I eth0 123.123.123.123

Replace 123.123.123.123 with your IP address of the device that is not willing to start.

This will show you the MAC address. Now Happy Hunting!

Standard

iLO3 not responding on HTTPS

As i’m running several servers in a datacenter, and the DC is a 2 hour drive, I decided to add an iLO interface to my servers (yes it is HP).

But for some maintenance preparation i decided to verify the iLO is up and running (just to save my ass for a 2 hour drive), but got noticed i was not able to access it through it’s HTTPS interface….

Running NMAP showed HTTPS port was stil open and also the HTTP port was responding but i got no webinterface so i could check the console.

Now how can i fix this? I did see some posts about powercycling the machine, but that would again be a 2 hour drive. After some d igging and checkin on SSH i found the magic command.

Using “reset map1” at the SSH does give the iLO interface a reboot. This solved my issue and the webinterface is up & running again.

Standard

Expanding LVM with new harddisk

In this post I will describe how to expand a LVM with adding a new harddisk. This for example on a running VMware Virtual Machine.

So after this post you will have 2 disks running in 1 LVM.

Notice! Make sure to take a backup and snapshot your machine, just in case…

Confirm running Partition type

First of all confirm that you are working with an LVM.

# fdisk -l

lvm1

 

 

 

As you can see we have a “Linux LVM” listed as 8e (HEX code for an LVM).

Add the new Harddisk

Now we know that it is an LVM, you can start adding a new harddisk. Just create a new harddisk in VMware and select the right amount of space you would like to add.

Detecting new disk

Now that we have added a new harddisk it is time to verify we have a new disk. If you now run:

# fdisk -l

If you do not see the new disk (/dev/sdb) then you might have not rebooted your machine. Try running the following command:

# echo “- – -” > /sys/class/scsi_scsi_host/host0/scan

If you now run the fdisk command again you should see the new /dev/sdb disk with the message “Doesn’t contain a valid partition table”.

Partition the new disk

Now we have the new disk ready for use, we  can start making a partition on it by using fdisk.

# fdisk /dev/sdb

This should give  you the message: (the commands are highlighted in bold

root@ws-01:~# fdisk /dev/sdb
Command (m for help): n

Now use the following commands

for creating a nw partition

As we now have a new partition we need to give it a number. Because it is a new disk we give it the number 1

Partition number

Next we have 2 questions about the First and Last cylinder. You can hit ENTER key twice to confirm the defaults.

First Cylinder: “enter
Last Cylinder: “enter

Now we need to change the partitions system ID.

Command (m for help): t
selected partition 1

Now we need to enter the HEX code to confirm it is an LVM partition.

Hex code (type L to list codes: 8e
Changed system type of partition 1 to 8e (Linux LVM

Now we need to write these changes to the disk and all will be saved.

Command (m for help): 
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks

If you now run “fdisk -l” you will see there is an /dev/sdb1 listed with Linux LVM as system.

Increase the logical volume

Now we will use the pvcreate command to create a physical volume for use by the LVM. We issue this command on the /dev/sdb1 we just created.

root@ws-01:~# pvcreate /dev/sdb1
Physical volume “/dev/sdb1” succesfully created

Now we have created a physical volume we have to check the current name of our Volume Group. We can do this with vgdisplay. Just watch for the VG Name

root@ws-01:~# vgdisplay 
— Volume group —
VG Name     vg_ws01
VG Size        10GiB

Now we are going to extend the Volume Group with vgextend.

root@ws-01:~# vgextend vg_ws01 /dev/sdb1
Volume group “vg_ws01” successfully extended

If we now issue the pvscan command we can see the new disk. Just run pvscan

root@ws-01:~# pvscan 

This should give you also the new disk /dev/sdb1 and the current disk (in my case /dev/sda2).

Next we are going to increase the Logical Volume so the new space is added to the LV group.

First confirm the name / path of the Logical Volume by using the lvdisplay command

root@ws-01:~# lvdisplay

Check for the LV Name and LV Path

in my case the path was: /dev/vg_ws01/lv_root
We want to increase this by adding the new disk.

root@ws-01:~# lvextend /dev/vg_ws01/lv_root /dev/sdb1

This should give you the output that the Logical Volume root successfully resized. If you now run VGDISPLAY you wil see the new size of the Volume Group.

However if you run the df -h command you won’t see the new space! We first have to resize the file system by using the resize2fs command.

root@ws-01:~# resize2fs /dev/vg_ws01/lv_root

if you now run the df -h command you will see the new space.

Summary

We now have increased the disk space for the virtual machine by adding a new harddisk through VMware and then added the space to the Volume Group. As we did this we dont need a reboot and this can be very usefull in production environments that can not afford any downtime.