Albal's Blog

For a long time I have seen that Ubuntu APT has declared it has not got a stable CLI interface and with 22.04LTS that has become a thing. If you try to a automate apt -y upgrade after an update your command will never complete as it will pop up a dialog window asking you which services you want to restart. Not very friendly for automation.
Now I don’t know if this the right way to do it, but it works for me in my homelab. What we do is leverage unattended-upgrade and change the settings before and after we run this command. By default unattended-upgrade is set only to apply security updates, something you want right. However, when you are creating a template usually you want all the other updates and patches that go with the default setup of your distro. So this is how I do it under packer with a shell script:

$spec = New-Object VMware.Vim.VirtualMachineConfigSpec
$spec.memoryReservationLockedToMax = $false
$spec.memoryAllocation = New-Object VMware.Vim.ResourceAllocationInfo
$spec.memoryAllocation.Reservation = 0
Get-VM | Get-View -Property Config.MemoryAllocation | %{$_.ReconfigVM_Task($spec)}

If you have an encrypted OPNsense configuration file then you can use the following to decrypt it. Note no password has been defined, add yours as required:

cat config.xml.aes | grep -Ev 'config.xml|:' | base64 -d | openssl enc -d -aes-256-cbc -out config.xml -pass pass: -salt -md sha512 -pbkdf2 -iter 100000

pvcreate /dev/sdb  
lvmdiskscan -l  
vgextend ubuntu-vg /dev/sdb  
lvm lvextend -l +100%FREE /dev/mapper/ubuntu--vg-ubuntu--lv  
resize2fs -p /dev/mapper/ubuntu--vg-ubuntu--lv  
df -h

The Dell version of VMware has been released and can be installed simply on a standalone ESXi server once it is maintenance mode.

First get the ZIP file from VMware:

https://customerconnect.vmware.com/downloads/details?downloadGroup=OEM-ESXI70U3-DELLEMC&productId=974

You should verify the checksum:

MD5SUM:

b9db1e378bc0cfccd979fe0660867641

SHA1SUM:

9f5121f0d9d39aa32c0d3f71c13e117bf4923737

SHA256SUM:

c9a0025d0946ab154520d6606a50b5dca0218294e90250bd5a9a8a6dd4dee50c

Checksums for ESXi ZIP file

Upload the ZIP file to a datastore that can be accessed by ESXi (local or remote) however don’t copy it to the boot media unless you know what you are doing.

Option a command prompt as Administrator.

wsl --install

Then reboot and open WSL to complete the installation. That is it, install Ubuntu 20.04 LTS by default.

cp -f /etc/xrdp/xrdp.ini /etc/xrdp/xrdp.ini.org
cp -f /etc/xrdp/sesman.ini /etc/xrdp/sesman.ini.org
sed -i "s/autorun=/autorun=Xorg/g" /etc/xrdp/xrdp.ini
sed -i "0,/allow\_channels=true/{s/allow\_channels=true/allow\_channels=false/}" /etc/xrdp/xrdp.ini
echo "PREFERRED=gnome-session" > /etc/sysconfig/desktop
echo "unset DBUS\_SESSION\_BUS\_ADDRESS; gnome-session" >> /etc/sysconfig/desktop
echo "allowed\_users=anybody" > /etc/X11/Xwrapper.config
sed -i "/param=96/ a param=-AcceptCutText=0\\nparam=-SendCutText=0\\nparam=-SendPrimary=0\\nparam=-SetPrimary=0" /etc/xrdp/sesman.ini
systemctl restart xrdp

So updating an OS sometimes changes the defaults used for various pieces of crypto. In fedora to set it back to how it used to be:

update-crypto-policies --set LEGACY

You should only do this as last resort or just for testing.

Simply scanned the new units to see what ports are open:

al@alex490:~$ nmap -p- 192.168.nnn.nnn

Starting Nmap 7.60 ( https://nmap.org ) at 2020-11-25 18:41 GMT  
Nmap scan report for MyCloud-R6GNH47Y.lab.tsew.net (192.168.0.132)  
Host is up (0.0011s latency).  
Not shown: 65527 closed ports  
PORT STATE SERVICE  
80/tcp open http  
139/tcp open netbios-ssn  
443/tcp open https  
445/tcp open microsoft-ds  
548/tcp open afp  
8080/tcp open http-proxy  
9999/tcp open abyss  
33284/tcp open unknown

Easy way to update LetsEncrypt certs: stop letsencrypt

%s/HTTPS_METHOD=redirect/HTTPS_METHOD=noredirect

start letsencrypt

%s/HTTPS_METHOD=noredirect/HTTPS_METHOD=redirect

quit and verify

echo | openssl s_client -servername HostName -connect HostName:443 2>/dev/null | openssl x509 -noout -dates