Both sides previous revision Previous revision Next revision | Previous revision |
linux_router:misc [2023-04-22 Sat wk16 12:41] – [Reserved Ports and IPv4 Reserved Addresses] baumkp | linux_router:misc [2023-12-03 Sun wk48 13:58] (current) – [ntopng] baumkp |
---|
====glances==== | ====glances==== |
| |
| * ''sudo apt install pipx'' ([[https://pypa.github.io/pipx/|pipx]] — Install and Run Python Applications in Isolated Environments) |
| * ''pipx ensurepath'' |
| * ''pipx install glances'' (https://nicolargo.github.io/glances/|Glances]]) |
| * ''%%pipx inject glances "glances[web]"%%'' ([[https://waylonwalker.com/pipx-w/|Glances webui with pipx]]) |
| |
| Like like the references for Debian 12 for glances install are out of date.... |
* [[https://www.tecmint.com/glances-an-advanced-real-time-system-monitoring-tool-for-linux/|Glances – An Advanced Real Time System Monitoring Tool for Linux]] | * [[https://www.tecmint.com/glances-an-advanced-real-time-system-monitoring-tool-for-linux/|Glances – An Advanced Real Time System Monitoring Tool for Linux]] |
* [[https://wiki.crowncloud.net/?How_to_install_Glances_on_Debian_11|How to Install Glances System Monitor on Debian 11]] | * [[https://wiki.crowncloud.net/?How_to_install_Glances_on_Debian_11|How to Install Glances System Monitor on Debian 11]] |
| |
[Service] | [Service] |
ExecStart=/usr/bin/glances -w -t 2 | #ExecStart=/usr/local/bin/glances -w -t 2 |
| ExecStart=/home/baumkp/.local/bin/glances -w -t 2 |
Restart=on-abort | Restart=on-abort |
| |
====ntopng==== | ====ntopng==== |
| |
I tried ntopng. Unfortunately this program suite simply uses too many resources on my router which loads it up close to 100%. There are often reports of dropped packet and such, further indicating overload.\\ | I tried ntopng again in December 2023. I ran in a Docker container on my Router, although markedly improved since trying a few years ago this this program suite still uses uses a lot of resources on my router which loads it up close to 50%. There are occasional reports of dropped packet and such, further indicating overload.\\ I noted a problem with installing the Docker version. The Docker package documentation and defaults are to the ''latest'', yet the available package is listed as ''stable'', e.g. ''docker run -it -p 3000:3000 --net=host ntop/ntopng:stable -i br0'' versus the instructed ''docker run -it -p 3000:3000 -v $(pwd)/ntopng.license:/etc/ntopng.license:ro --net=host ntop/ntopng:latest -i br0'' \\ |
I have decided to disable. //Worse than this this package suite caused difficulties with my system updates, so I removed it entirely. Note that this may be as it was previously disabled.//\\ | Another thing I do not like about this package is that the free community version is a significantly cut down of the full paid version. The cost on the paid versions are substantial and I can simply not justify for non-commercial home use. There is no general individual personal free full use version available. The Docker container image is 2GB in size, the biggest image I have seen to date. Seems a bit bloated....\\ |
Another thing I do not like about this package is that the free version is a cut down of the full paid version. There is no general individual personal free full use version available. | **Hence I have decided not to use this software.** |
| |
There seem to be 2 main services to enable/disable/start/stop, nprobe and ntopng: | **tl;dr** ++++Systemd stuff, not relevant with use of Docker version| |
| <code>There seem to be 2 main services to enable/disable/start/stop, nprobe and ntopng: |
* ''sudo systemctl stop ntopng'' | to stop (or start) | * ''sudo systemctl stop ntopng'' | to stop (or start) |
* ''sudo systemctl disable ntopng'' | to disable (or enable) starting on computer startup | * ''sudo systemctl disable ntopng'' | to disable (or enable) starting on computer startup |
We can also turn-off the redis service unless something else wnat to also use. | We can also turn-off the redis service unless something else wnat to also use. |
* ''sudo systemctl stop redis'' | to stop (or start) | * ''sudo systemctl stop redis'' | to stop (or start) |
* ''sudo systemctl disable redis'' | to disable (or enable) starting on computer startup | * ''sudo systemctl disable redis'' | to disable (or enable) starting on computer startup </code> |
| ++++ |
| |
---- | ---- |
The Docker installation instructions for Ubuntu from Docker [[https://docs.docker.com/engine/installation/linux/docker-ce/ubuntu/#uninstall-old-versions|Get Docker CE for Ubuntu]]. | The Docker installation instructions for Ubuntu from Docker [[https://docs.docker.com/engine/installation/linux/docker-ce/ubuntu/#uninstall-old-versions|Get Docker CE for Ubuntu]]. |
| |
__**This is pretty old, I played with it circa 2017, and have not used Docker since. I have successfully been using full KVM based VMs for my main machines and so have not had much need for Docker**__ \\ | __**This is pretty old, I played with it circa 2017, and have not used Docker since. I was successfully been using full KVM based VMs for my main machines and so did not have much need for Docker**__ \\ |
That being said, I can see the benefits of containerisation, such as Docker, versus full virtual machines, such as KVM. Of course there are also benefits with full VMs!. | That being said, I can see the benefits of containerisation, such as Docker, versus full virtual machines, such as KVM. Of course there are also benefits with full VMs!. |
| |
| In 2022 I revisited Docker and basically have move my various VM applications to Docker containers/ stacks. I run my Docker instance in a VM to isolate Docker from bare metal. This is primarily as Docker plays around with iptables. I do not like this, particularly on my main router machine that I use on bare metal nftables as the router/fire software. |
====Docker Host Security==== | ====Docker Host Security==== |
| |
IPv4 uses some of these special addresses for private LANs (Local Area Network)s with NAT (Network Address Translation) used to connect the LANs to the WAN (Wide/World Area Network) via a router. This was required to compensate for the limited address space in IPv4. IPv4 NAT also provide some security benefits by obscuring the private LAN addresses from the public WAN. | IPv4 uses some of these special addresses for private LANs (Local Area Network)s with NAT (Network Address Translation) used to connect the LANs to the WAN (Wide/World Area Network) via a router. This was required to compensate for the limited address space in IPv4. IPv4 NAT also provide some security benefits by obscuring the private LAN addresses from the public WAN. |
| |
IPv6 does not use NAT as its native address space is suffiently large never to require in the foreseeable future. | IPv6 does not use NAT as its native address space is sufficiently large never to require in the foreseeable future. |
| |
Another interesting links: | Another interesting links: |
* [[https://www.stationx.net/common-ports-cheat-sheet/|Common Ports Cheat Sheet: The Ultimate Ports & Protocols List]] | * [[https://www.stationx.net/common-ports-cheat-sheet/|Common Ports Cheat Sheet: The Ultimate Ports & Protocols List]] |
* [[https://www.geeksforgeeks.org/50-common-ports-you-should-know/|50 Common Ports You Should Know]] | * [[https://www.geeksforgeeks.org/50-common-ports-you-should-know/|50 Common Ports You Should Know]] |
| * Distribution List of Ports (information only) |
| * <fc #ff00ff>Gentoo</fc> [[https://wiki.gentoo.org/wiki/Project:Quality_Assurance/UID_GID_Assignment|Project:Quality Assurance/UID GID Assignment]] |
| * <fc #4682b4>Archlinux</fc> [[https://wiki.archlinux.org/title/DeveloperWiki:UID_/_GID_Database|DeveloperWiki:UID / GID Database]] |
| * <fc #ff0000>Red Hat</fc> [[https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/html/deployment_guide/s1-users-groups-standard-users|37.3. Standard Users]] |
| |
---- | ---- |