Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
linux_router:misc [2022-01-13 Thu wk02 08:00] – [Linux Router Setup links] baumkplinux_router:misc [2023-12-03 Sun wk48 13:58] (current) – [ntopng] baumkp
Line 22: Line 22:
 ====glances==== ====glances====
  
 +  * ''sudo apt install pipx''  ([[https://pypa.github.io/pipx/|pipx]] — Install and Run Python Applications in Isolated Environments)
 +  * ''pipx ensurepath'' 
 +  * ''pipx install glances''  (https://nicolargo.github.io/glances/|Glances]])
 +  * ''%%pipx inject glances "glances[web]"%%'' ([[https://waylonwalker.com/pipx-w/|Glances webui with pipx]])
 +
 +Like like the references for Debian 12 for glances install are out of date....
   * [[https://www.tecmint.com/glances-an-advanced-real-time-system-monitoring-tool-for-linux/|Glances – An Advanced Real Time System Monitoring Tool for Linux]]   * [[https://www.tecmint.com/glances-an-advanced-real-time-system-monitoring-tool-for-linux/|Glances – An Advanced Real Time System Monitoring Tool for Linux]]
   * [[https://wiki.crowncloud.net/?How_to_install_Glances_on_Debian_11|How to Install Glances System Monitor on Debian 11]]   * [[https://wiki.crowncloud.net/?How_to_install_Glances_on_Debian_11|How to Install Glances System Monitor on Debian 11]]
   * [[https://www.linuxcapable.com/how-to-install-glances-system-monitor-on-debian-11/|How to Install Glances on Debian 11]]   * [[https://www.linuxcapable.com/how-to-install-glances-system-monitor-on-debian-11/|How to Install Glances on Debian 11]]
 +  * [[https://www.linuxcapable.com/how-to-install-glances-on-debian-linux/|How to Install Glances on Debian 12, 11 or 10]]
   * [[https://github.com/nicolargo/glances|nicolargo glances]]   * [[https://github.com/nicolargo/glances|nicolargo glances]]
  
Line 63: Line 70:
  
 [Service] [Service]
-ExecStart=/usr/bin/glances -w -t 2+#ExecStart=/usr/local/bin/glances -w -t 2 
 +ExecStart=/home/baumkp/.local/bin/glances -w -t 2
 Restart=on-abort Restart=on-abort
  
Line 78: Line 86:
 ====ntopng==== ====ntopng====
  
-I tried ntopng.  Unfortunately this program suite simply uses too many resources on my router which loads it up close to 100%.  There are often reports of dropped packet and such, further indicating overload.\\ +I tried ntopng again in December 2023.  I ran in a Docker container on my Router, although markedly improved since trying a few years ago this this program suite still uses uses a lot of resources on my router which loads it up close to 50%.  There are occasional reports of dropped packet and such, further indicating overload.\\  noted a problem with installing the Docker version The Docker package documentation and defaults are to the ''latest''yet the available package is listed as ''stable'', e.g. ''docker run -it -p 3000:3000 --net=host ntop/ntopng:stable -i br0'' versus the instructed ''docker run -it -p 3000:3000 -v $(pwd)/ntopng.license:/etc/ntopng.license:ro --net=host ntop/ntopng:latest -i br0'' \\ 
-have decided to disable//Worse than this this package suite caused difficulties with my system updatesso I removed it entirely. Note that this may be as it was previously disabled.//\\ +Another thing I do not like about this package is that the free community version is a significantly cut down of the full paid version.  The cost on the paid versions are substantial and I can simply not justify for non-commercial home use.  There is no general individual personal free full use version available.  The Docker container image is 2GB in size, the biggest image I have seen to date. Seems a bit bloated....\\ 
-Another thing I do not like about this package is that the free version is a cut down of the full paid version.  There is no general individual personal free full use version available. +**Hence I have decided not to use this software.** 
  
-There seem to be 2 main services to enable/disable/start/stop, nprobe and ntopng:+**tl;dr** ++++Systemd stuff, not relevant with use of Docker version| 
 +<code>There seem to be 2 main services to enable/disable/start/stop, nprobe and ntopng:
   * ''sudo systemctl stop ntopng'' | to stop (or start)   * ''sudo systemctl stop ntopng'' | to stop (or start)
   * ''sudo systemctl disable ntopng'' | to disable (or enable) starting on computer startup   * ''sudo systemctl disable ntopng'' | to disable (or enable) starting on computer startup
Line 90: Line 99:
 We can also turn-off the redis service unless something else wnat to also use. We can also turn-off the redis service unless something else wnat to also use.
   * ''sudo systemctl stop redis'' | to stop (or start)   * ''sudo systemctl stop redis'' | to stop (or start)
-  * ''sudo systemctl disable redis'' | to disable (or enable) starting on computer startup+  * ''sudo systemctl disable redis'' | to disable (or enable) starting on computer startup </code> 
 +++++
  
 ---- ----
Line 98: Line 108:
 The Docker installation instructions for Ubuntu from Docker [[https://docs.docker.com/engine/installation/linux/docker-ce/ubuntu/#uninstall-old-versions|Get Docker CE for Ubuntu]]. The Docker installation instructions for Ubuntu from Docker [[https://docs.docker.com/engine/installation/linux/docker-ce/ubuntu/#uninstall-old-versions|Get Docker CE for Ubuntu]].
  
-__**This is pretty old, I played with it circa 2017, and have not used Docker since. have successfully been using full KVM based VMs for my main machines and so have not had much need for Docker**__ \\ +__**This is pretty old, I played with it circa 2017, and have not used Docker since. was successfully been using full KVM based VMs for my main machines and so did not have much need for Docker**__ \\ 
 That being said, I can see the benefits of containerisation, such as Docker, versus full virtual machines, such as KVM. Of course there are also benefits with full VMs!. That being said, I can see the benefits of containerisation, such as Docker, versus full virtual machines, such as KVM. Of course there are also benefits with full VMs!.
 +
 +In 2022 I revisited Docker and basically have move my various VM applications to Docker containers/ stacks.  I run my Docker instance in a VM to isolate Docker from bare metal.  This is primarily as Docker plays around with iptables. I do not like this, particularly on my main router machine that I use on bare metal nftables as the router/fire software.
 ====Docker Host Security==== ====Docker Host Security====
  
Line 124: Line 136:
 Comparison of [[https://www.ivpn.net/pptp-vs-l2tp-vs-openvpn|VPN protocols]] Comparison of [[https://www.ivpn.net/pptp-vs-l2tp-vs-openvpn|VPN protocols]]
  
-Algo VPN is a set of Ansible scripts that simplify the setup of a personal IPSEC VPN. It uses the most secure defaults available, works with common cloud providers, and does not require client software on most devices.+++++ Algo VPN old tl;dr;|is a set of Ansible scripts that simplify the setup of a personal IPSEC VPN. It uses the most secure defaults available, works with common cloud providers, and does not require client software on most devices.
  
 "docker pull mutemule/algo" to download docker repository  "docker pull mutemule/algo" to download docker repository 
Line 166: Line 178:
  
 The Mutemul Algo Docker page [[file://///kpts/shared/html_kptree.net/router_ppp_nft_private_w3.html|mutemule/algo]]. Unfortunately has no instructions on how to setup the Docker installation!!!!. The Mutemul Algo Docker page [[file://///kpts/shared/html_kptree.net/router_ppp_nft_private_w3.html|mutemule/algo]]. Unfortunately has no instructions on how to setup the Docker installation!!!!.
 +++++
  
 Docker Docs [[https://docs.docker.com/engine/reference/commandline/cli/|Use the Docker command line]] Docker Docs [[https://docs.docker.com/engine/reference/commandline/cli/|Use the Docker command line]]
Line 221: Line 234:
 IPv4 uses some of these special addresses for private LANs (Local Area Network)s with NAT (Network Address Translation) used to connect the LANs to the WAN (Wide/World Area Network) via a router. This was required to compensate for the limited address space in IPv4. IPv4 NAT also provide some security benefits by obscuring the private LAN addresses from the public WAN. IPv4 uses some of these special addresses for private LANs (Local Area Network)s with NAT (Network Address Translation) used to connect the LANs to the WAN (Wide/World Area Network) via a router. This was required to compensate for the limited address space in IPv4. IPv4 NAT also provide some security benefits by obscuring the private LAN addresses from the public WAN.
  
-IPv6 does not use NAT as its native address space is suffiently large never to require in the foreseeable future.+IPv6 does not use NAT as its native address space is sufficiently large never to require in the foreseeable future.
  
-Another interesting link, **IANA [[https://www.iana.org/protocols]]**+Another interesting links: 
 +  * **IANA [[https://www.iana.org/protocols]]** 
 +  * Redhat [[https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/4/html/security_guide/ch-ports|Appendix C. Common Ports]] 
 +  * [[https://linuxhandbook.com/common-ports/|Common Networking Port Numbers in Linux]] 
 +  * [[https://www.stationx.net/common-ports-cheat-sheet/|Common Ports Cheat Sheet: The Ultimate Ports & Protocols List]] 
 +  * [[https://www.geeksforgeeks.org/50-common-ports-you-should-know/|50 Common Ports You Should Know]] 
 +  * Distribution List of Ports (information only) 
 +    * <fc #ff00ff>Gentoo</fc> [[https://wiki.gentoo.org/wiki/Project:Quality_Assurance/UID_GID_Assignment|Project:Quality Assurance/UID GID Assignment]] 
 +    * <fc #4682b4>Archlinux</fc> [[https://wiki.archlinux.org/title/DeveloperWiki:UID_/_GID_Database|DeveloperWiki:UID / GID Database]] 
 +    * <fc #ff0000>Red Hat</fc> [[https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/html/deployment_guide/s1-users-groups-standard-users|37.3. Standard Users]]
  
 ---- ----
Line 304: Line 326:
   *Ubuntu documentation [[https://help.ubuntu.com/community/UbuntuBonding|Bonding]], [[https://help.ubuntu.com/community/KVM/Networking|KVM networking]], [[https://help.ubuntu.com/community/NetworkConnectionBridge|network bridging]] and [[https://help.ubuntu.com/community/BridgingNetworkInterfaces|bridging network interfaces]]   *Ubuntu documentation [[https://help.ubuntu.com/community/UbuntuBonding|Bonding]], [[https://help.ubuntu.com/community/KVM/Networking|KVM networking]], [[https://help.ubuntu.com/community/NetworkConnectionBridge|network bridging]] and [[https://help.ubuntu.com/community/BridgingNetworkInterfaces|bridging network interfaces]]
   *Linux.com [[https://www.linux.com/learn/create-secure-linux-based-wireless-access-point|Create a secure Linux-based wireless access point]]   *Linux.com [[https://www.linux.com/learn/create-secure-linux-based-wireless-access-point|Create a secure Linux-based wireless access point]]
-  *Gentoo [[https://wiki.gentoo.org/wiki/Home_Router|Home Router]]+  *Gentoo [[https://wiki.gentoo.org/wiki/Home_router|Home Router]]
   *Stackexchange [[https://unix.stackexchange.com/questions/128439/good-detailed-explanation-of-etc-network-interfaces-syntax|Good detailed explanation of /etc/network/interfaces syntax?]] and [[https://unix.stackexchange.com/questions/192671/what-is-a-hotplug-event-from-the-interface/192913#192913|What is a hotplug event from the interface?]]   *Stackexchange [[https://unix.stackexchange.com/questions/128439/good-detailed-explanation-of-etc-network-interfaces-syntax|Good detailed explanation of /etc/network/interfaces syntax?]] and [[https://unix.stackexchange.com/questions/192671/what-is-a-hotplug-event-from-the-interface/192913#192913|What is a hotplug event from the interface?]]