Ubuntu 24 server, 2 NICs, one is usual LAN/WAN to Internet, other is flat 10.1.1.* network of cameras and dumb switches with no routing or gateway (the server is a security video system running Zoneminder). My server seems to be confused about how to get to Internet addresses, and it is trying to route to addresses other than 10.1.1.* via the NIC that has no gateway or router.

NIC1 - enp1s0 - 10.1.1.115, nothing but 10.1.1.* addresses (10.1.1.100 is DHCP/NTP server for the cameras)

NIC2 - enp0s31f6 - 192.168.1.249, gateway is 192.168.1.1, rest of the world

My logs appear to indicate that the machine is trying to route to a remote external client like 12.75.125.XXX via NIC1, and the remote external client is timing out waiting. The log entries Im fretting over are example:

2024-09-28T13:17:35.321463-04:00 servername kernel: [UFW AUDIT] IN= OUT=enp1s0 SRC=192.168.1.249 DST=12.75.126.XXX LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=18563 DF PROTO=TCP SPT=443 DPT=64883 WINDOW=505 RES=0x00 ACK URGP=0 
2024-09-28T13:17:34.731460-04:00 servername kernel: [UFW AUDIT] IN= OUT=enp1s0 SRC=192.168.1.249 DST=12.75.126.XXX LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=18562 DF PROTO=TCP SPT=443 DPT=64883 WINDOW=505 RES=0x00 ACK URGP=0

ip route shows:

default via 10.1.1.100 dev enp1s0 proto dhcp src 10.1.1.115 metric 100
default via 192.168.1.1 dev enp0s31f6 proto dhcp src 192.168.1.249 metric 100 
10.1.1.0/24 dev enp1s0 proto kernel scope link src 10.1.1.115 metric 100 
10.1.1.100 dev enp1s0 proto dhcp scope link src 10.1.1.115 metric 100 
192.168.1.0/24 dev enp0s31f6 proto kernel scope link src 192.168.1.249 metric 100 
192.168.1.1 dev enp0s31f6 proto dhcp scope link src 192.168.1.249 metric 100

Is the route table the problem? I dont know how to fix this frustrating problem.

After attempting to fix the DHCP issue, ip a shows:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute 
       valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether a8:42:a1:06:23:46 brd ff:ff:ff:ff:ff:ff
    inet 10.1.1.115/24 metric 100 brd 10.1.1.255 scope global dynamic enp1s0
       valid_lft 2675237sec preferred_lft 2675237sec
    inet6 fe80::aa42:a1ff:fe06:2346/64 scope link 
       valid_lft forever preferred_lft forever
3: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 54:bf:64:76:e4:af brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.249/24 metric 100 brd 192.168.1.255 scope global dynamic enp0s31f6
       valid_lft 82280sec preferred_lft 82280sec
    inet6 2605:8600:5c0:a4fe:56bf:64ff:fe76:e4af/64 scope global dynamic mngtmpaddr noprefixroute 
       valid_lft 70696sec preferred_lft 49096sec
    inet6 fe80::56bf:64ff:fe76:e4af/64 scope link 
       valid_lft forever preferred_lft forever

Found a typo in the DHCP.conf (10.1.1.100 is the DHCP server, its a Ubuntu 18 box). It had a router option that I commented out. I restarted the webserver and the DHCP server, and....This seems to have fixed my problem of external clients being unable to access the webserver. ip route shows:

default via 192.168.1.1 dev enp0s31f6 proto dhcp src 192.168.1.249 metric 100 
10.1.1.0/24 dev enp1s0 proto kernel scope link src 10.1.1.115 metric 100 
10.1.1.100 dev enp1s0 proto dhcp scope link src 10.1.1.115 metric 100 
192.168.1.0/24 dev enp0s31f6 proto kernel scope link src 192.168.1.249 metric 100 
192.168.1.1 dev enp0s31f6 proto dhcp scope link src 192.168.1.249 metric 100 

So I think Im back in business. But someone suggested I should change the "metric" value? I want all 10.1.1.X going out NIC1 and everything else going out NIC2, what should I do with the metric settings to further optimize?

Thanks yall, you are educating me!!

Ubuntu 18.04 ssmtp is running, and following command works correctly:

echo "This is a test" | mail -s "test subject" [email protected]

[email protected] receives the message via gmail, but message appears to be from root@[servername] which surprisingly the SMTP gateway is OK with. But when logcheck runs, I get an error:

Jun 15 18:02:03 [servername] sSMTP[13901]: 550 5.1.0 <logcheck@> invalid address 'logcheck@'
Jun 15 18:02:03 [servername] sSMTP[13901]: SSL connection using ECDHE_RSA_AES_256_GCM_SHA384
Jun 15 18:02:02 [servername] sSMTP[13901]: Creating SSL connection to host

So how do I convince logcheck to send as "logcheck@servername" instead of just "logcheck@" ??

ETA:

Everything in logcheck.conf is commented out except:

REPORTLEVEL="server"
SENDMAILTO="[myemail]@gmail.com"
MAILASATTACH=0
FQDN=1
TMP="/tmp"

Ubuntu 18.04. DHCP server with static assignments. When a new device comes online, it gets a dynamic assignment. I take the info, and create a static assignment for that HW address. I delete the dynamic lease, expecting the static assignment to take over. But the server continues to ack the device request for its old address. How do I force it to assign the new static address? I have tried "arp -d ipaddress" and it just reassigns it again. I turn the DHCP server off, delete the arp, turn server back on, and immediately see

Apr 14 07:25:18 servername dhcpd[1891]: DHCPACK on 10.1.1.192 to 9c:8e:cd:25:ec:c4 (AMC039BE_0FA4B6) via enp2s0
Apr 14 07:25:18 servername dhcpd[1891]: DHCPREQUEST for 10.1.1.192 from 9c:8e:cd:25:ec:c4 via enp2s0

and the device is back online again with the wrong IP. I know I can force power off the device, but these devices are 30 miles away!

The following works fine as expected from command line:

mail < /home/incoming/mailprocoutput.txt -s "Message Processing results..." -r [email protected] [email protected]

cat filename pipe mail etc also works fine on command line. But either method results in an empty message body when used in a shell script:

#!/bin/bash
# This is to send an email from the mailproc python script with the results of message processing

timestamp=$( date +%T )
curDate=$( date +"%m-%d-%y" )

logger "Mailproc has run at $timestamp on $curDate, sending response back to the creator..."

mail < /home/incoming/mailprocoutput.txt -s "Message Processing results..." -r [email protected] [email protected]

exit

What am I doing wrong? Ubuntu 18.04, GNU mailutils version 3.4

Ubuntu 18.04, running postfix and procmail I have a .procmailrc and a .forward and all that. I configured procmail to log to a specific file, and the only way I can get it to work is by setting that file to be world readable and writable. Obviously this is no good. How do I determine what user account procmail is using to access files so I can lock it down to that account? (root:root and 644 didnt work....)

I have the same problem with a file written by a python script which procmail recipe calls - the only way to get it to work so far is to make the file 777. Again, I dont know how to figure out what account is trying to access this file when the python script runs.

ETA: The .procmailrc is as follows:

# Set to yes when debugging
VERBOSE=yes

# Default INBOX
INBOX=$MAIL

# Directory for storing procmail-related files
PMDIR=$HOME/procmail

# Uncomment the following line to get logging
LOGFILE=/var/log/procmail/pmlog

:0wc:
| /usr/bin/python /home/[MyUsername]/scripts/mailproc.py

mailproc.py is a simple python script which postprocesses the email message for a specific purpose. I added a call to "whoami" in the py file and discovered that the py is running under the user who owns the procmailrc file.

But I still cant figure out who should own the procmail log file. Having it root:root and 644 wont work.

for reasons that I cannot seem to divine, my postfix keeps trying to deliver messages to root to root@[MyISP].com, which of course is getting rejected as invalid username by the SMTP gateway at [MyISP].com. I cannot seem to figure out where its getting this [email protected] address from. I have a .forward file in /root/, and other stuff that uses mail command seems to get delivered properly. Where is this coming from?

Ubuntu 18.04 Any suggestions of how to fix would be appreciated.

I have an old reliable workstation that was 16.04 until a couple weeks ago. I upgraded to 18.04 and then after a few days to 20.04. On both 18 and 20, video in Firefox is horrible, like 1.5 frames per sec, and the mouse is very laggy, move it across the screen and it will disappear and reappear. None of this happened w/ 16.04. Also, none of this occurs in other apps. I thought I had clobbered the machine with the new OS, but I can run openshot and gimp at the same time and have no mouse/video issues. Also, audio seems fine, Pithos plays Pandora with no issues. Its an I3, 4 core, with 8GB RAM.

Any suggestions (beside upgrading the box!) would be appreciated.

lspci gives me: 00:02.0 VGA compatible controller [0300]: Intel Corporation HD Graphics 630 [8086:5912] (rev 04) DeviceName: Onboard IGD Subsystem: Gigabyte Technology Co., Ltd HD Graphics 630 [1458:d000] Kernel modules: i915

How do I update these, if that's what is required?

I have a device which is /dev/ttyACM0. I can "screen" to this device screen /dev/ttyACM0 and interact with the device. I need to be able to script the sending of a simple command and capture the response. The command is simple, like type "ver" and hit return, the device responds with a numerical version value. It works in screen.

I am trying to script this in bash, and cannot seem to figure out how to make it work. stuff like echo "ver" > /dev/ttyACM0 produces nothing. I have tried print, same thing. Can someone point me at how to do this?

Ubuntu 18.04, I get about a dozen or so of these a day:

Jul 17 21:58:29 [servername] NetworkManager[929]: <info> [1626577109.7049] connectivity: (enp3s0) timed out

I was getting these on the built-in NIC on the motherboard, so I replaced that with a daughter-card NIC, and disabled the onboard NIC, but I am still getting the same problem. I have replaced the network cable, still no joy. Router is essentially brand new. Any thoughts?

@Terrance:

> lspci | grep Ethernet
00:1f.6 Ethernet controller: Intel Corporation Ethernet Connection (7) I219-V (rev 10)
02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 07)
03:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. Device 8161 (rev 15)

> lshw -C network | grep configuration
configuration: autonegotiation=on broadcast=yes driver=r8169 duplex=full firmware=rtl8168e-3_0.0.4 03/27/12 ip=10.1.1.182 latency=0 link=yes multicast=yes port=MII speed=100Mbit/s
configuration: autonegotiation=on broadcast=yes driver=r8169 duplex=full firmware=rtl8168h-2_0.0.2 02/26/15 ip=192.168.1.120 latency=0 link=yes multicast=yes port=MII speed=1Gbit/s
configuration: autonegotiation=on broadcast=yes driver=e1000e driverversion=3.2.6-k firmware=0.2-4 latency=0 link=no multicast=yes port=twisted pair

> ifconfig
enp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.1.1.182  netmask 255.255.255.0  broadcast 10.1.1.255
        inet6 fe80::1efd:8ff:fe70:2173  prefixlen 64  scopeid 0x20<link>
        ether 1c:fd:08:70:21:73  txqueuelen 1000  (Ethernet)
        RX packets 222302237  bytes 320974231227 (320.9 GB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 98557310  bytes 6537060870 (6.5 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.120  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::a27a:416f:4a38:f590  prefixlen 64  scopeid 0x20<link>
        ether 00:31:92:46:96:a5  txqueuelen 1000  (Ethernet)
        RX packets 81523790  bytes 87489473670 (87.4 GB)
        RX errors 0  dropped 12  overruns 0  frame 0
        TX packets 82257248  bytes 88740819287 (88.7 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 10158  bytes 1314073 (1.3 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 10158  bytes 1314073 (1.3 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enp3s0 is the one giving me problems. enp2s0 almost never gives a timeout. The original onboard NIC is now disabled, so it doesnt seem to show in ifconfig.

@heynnema

> lshw -C network
  *-network
       description: Ethernet interface
       product: RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller
       vendor: Realtek Semiconductor Co., Ltd.
       physical id: 0
       bus info: pci@0000:02:00.0
       logical name: enp2s0
       version: 07
       serial: 1c:fd:08:70:21:73
       size: 100Mbit/s
       capacity: 1Gbit/s
       width: 64 bits
       clock: 33MHz
       capabilities: pm msi pciexpress msix vpd bus_master cap_list ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd 1000bt 1000bt-fd autonegotiation
       configuration: autonegotiation=on broadcast=yes driver=r8169 duplex=full firmware=rtl8168e-3_0.0.4 03/27/12 ip=10.1.1.182 latency=0 link=yes multicast=yes port=MII speed=100Mbit/s
       resources: irq:17 ioport:4000(size=256) memory:a2200000-a2200fff memory:a0000000-a0003fff
  *-network
       description: Ethernet interface
       product: Realtek Semiconductor Co., Ltd.
       vendor: Realtek Semiconductor Co., Ltd.
       physical id: 0
       bus info: pci@0000:03:00.0
       logical name: enp3s0
       version: 15
       serial: 00:31:92:46:96:a5
       size: 1Gbit/s
       capacity: 1Gbit/s
       width: 64 bits
       clock: 33MHz
       capabilities: pm msi pciexpress msix vpd bus_master cap_list ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation
       configuration: autonegotiation=on broadcast=yes driver=r8169 duplex=full firmware=rtl8168h-2_0.0.2 02/26/15 ip=192.168.1.120 latency=0 link=yes multicast=yes port=MII speed=1Gbit/s
       resources: irq:18 ioport:3000(size=256) memory:a2104000-a2104fff memory:a2100000-a2103fff
  *-network DISABLED
       description: Ethernet interface
       product: Ethernet Connection (7) I219-V
       vendor: Intel Corporation
       physical id: 1f.6
       bus info: pci@0000:00:1f.6
       logical name: eno1
       version: 10
       serial: 2c:f0:5d:98:b6:ee
       capacity: 1Gbit/s
       width: 32 bits
       clock: 33MHz
       capabilities: pm msi bus_master cap_list ethernet physical tp 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation
       configuration: autonegotiation=on broadcast=yes driver=e1000e driverversion=3.2.6-k firmware=0.2-4 latency=0 link=no multicast=yes port=twisted pair
       resources: irq:126 memory:a2300000-a231ffff

@heynnema "Do you currently have 3 ethernet ports... one on-board and two PCI?" Correct. "How did you disable the on-board port?" ifconfig eno1 disable "Why is enp2s0 only running at 100Mb?" Uhm... I dont know, that may be an important part of the puzzle. Its got a new cable, and I have switched it out with another new cable and it made no difference. The router is a Linksys WRT3200ACM.

Ubuntu 18.04LTS server, My log is suddenly flooded with rsyslog errors:

Jan  5 19:17:01 servername rsyslogd: action 'action 13' resumed (module 'builtin:omfile') [v8.32.0 try http://www.rsyslog.com/e/2359 ]
Jan  5 19:17:01 servername rsyslogd: action 'action 13' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.32.0 try http://www.rsyslog.com/e/2007 ]

There are thousands of these action 13 entries in the log. I think the root of the problem is these two permissions issues:

Jan  6 06:27:05 servername rsyslogd: file '/var/log/apache2/access.log': open error: Permission denied [v8.32.0 try http://www.rsyslog.com/e/2433 ]
Jan  6 06:27:05 servername rsyslogd: file '/var/log/apache2/cgi.log': open error: Permission denied [v8.32.0 try http://www.rsyslog.com/e/2433 ]

I have done nothing to change anything related to rsyslog that I know of These errors began after applying some Ubuntu updates/patches.

What should /var/log/apache2 and sub-folder/files permissions and ownership look like?

Why is rsyslog flooding my logs with thousands of these errors, its obscuring other potentially important stuff!

Can someone tell me what this means, and how to fix it? Ubuntu 18.04.

Dec  4 14:37:16 myserver systemd-networkd[28369]: enp2s0: DHCPv6 address xxxx:xxxx:xxxx:xxxx::49/128 timeout preferred 3600 valid 3600

Lots of these in the log.

Ubuntu 18.04, ssmtp installed, mailutils installed and everything works, can send through gmail. My problem is that the messages when received appear to be from "Root ([email protected])" I am trying to change "root" to a name that wont set off my spam filters at work, which "root" seems to do.

How do I set the username so it appears in the outgoing message as something other than "Root"?

within a bash script, the following line

 somecommand 2>/dev/null

directs error output (FD2, stderror) from somecommand to /dev/null, but also apparently directs stderror from every subsequent line of the script to same. How do I "turn off" this redirection in order to get error messages resulting from subsequent commands within the script?

If I enter from the command line

logger "This is a test"

in my syslog I get:

Aug  9 07:54:22 computername root: This is a test

but if I use the exact same line in a script, when the script is run, I get:

Aug  9 08:00:01 computername root: This is a test
Aug  9 08:00:01 computername sSMTP[3820]: Creating SSL connection to host
Aug  9 08:00:01 computername sSMTP[3820]: SSL connection using DHE_RSA_AES_256_GCM_SHA384
Aug  9 08:00:03 computername sSMTP[3820]: Sent mail for [email protected] (221 2.0.0 mx4.smtphost.com cmsmtp closing connection) uid=0 username=root outbytes=642

Can someone enlighten me as to what is happening here? How do I prevent invoking mail command?

Ubuntu 16.04, munged names to anonymize the log data...

16.04 server...What is "ACPI event daemon" and why do I need it? Can I turn it off somehow? I am seeing lots of these:

Nov 16 06:05:03 signal-security systemd[1]: Started ACPI event daemon.
Nov 16 06:05:03 signal-security systemd[1]: Stopping LSB: automatic crash report generation...
Nov 16 06:05:03 signal-security apport[28990]:  * Stopping automatic crash report generation: apport
Nov 16 06:05:03 signal-security apport[28990]:    ...done.
Nov 16 06:05:03 signal-security systemd[1]: Stopped LSB: automatic crash report generation.
Nov 16 06:05:03 signal-security systemd[1]: Reloading.
Nov 16 06:05:03 signal-security systemd[1]: Started ACPI event daemon.
Nov 16 06:05:03 signal-security systemd[1]: Reloading.
Nov 16 06:05:03 signal-security systemd[1]: Started ACPI event daemon.
Nov 16 06:05:03 signal-security systemd[1]: Reloading.
Nov 16 06:05:03 signal-security systemd[1]: Started ACPI event daemon.
Nov 16 06:05:04 signal-security systemd[1]: Reloading.
Nov 16 06:05:04 signal-security systemd[1]: Started ACPI event daemon.
Nov 16 06:05:04 signal-security systemd[1]: Reloading.
Nov 16 06:05:04 signal-security systemd[1]: Started ACPI event daemon.
Nov 16 06:05:04 signal-security systemd[1]: Starting LSB: automatic crash report generation...
Nov 16 06:05:04 signal-security apport[29403]:  * Starting automatic crash report generation: apport
Nov 16 06:05:04 signal-security apport[29403]:    ...done.
Nov 16 06:05:04 signal-security systemd[1]: Started LSB: automatic crash report generation.
Nov 16 06:05:04 signal-security systemd[1]: Reloading.

And how do I fix it?

snap-repair[17970]: error: cannot use snap-repair on a classic system

I find this 3-4 times per day in my syslog.

DISA maintains all the STIGs on their website. There currently is no STIG for Ubuntu. The closest thing (am I right on this?) is the one for Debian, dated Mar 27, 2017 ("SCC 4.2 Debian AMD64"). Has anyone attempted to run the SCAP Compliance Checker (SCC) for Debian against an Ubuntu install?

The DISA STIG site is here: http://iase.disa.mil/stigs/Pages/index.aspx, look under the "STIGs" pulldown, "STIGS Master List A-Z", second page lists the various SCCs. I realize that these SCCs are behind the PKI firewall, so I am not asking anyone to provide them to me! I am just asking if anyone has tried running the Linux-related ones against Ubuntu, and if so, how did it go?

Ubuntu 16.04, Apache2

App that I am using employs Java to run, and uses some kind of a license file. When you run the app, it writes and then reads from a file in the user's home dir. So I am trying to run the app as part of a cgi script, therefore it runs under www-data account, which by default has no home dir ($home is blank for user www-data). So the app tries to write to /var/www for which www-data has no write rights, causing the app to crash. Its a big deal to get the app changed. App runs fine under ordinary user account, leaving behind a [gibberish].dat file in $home App is Denkovi v2.6

So what is the risk of me creating /home/www-data and setting it as the home dir for www-data via usermod? Am I exposing my system to a major risk through the web interface by doing so?

If there is a simpler/better way to do this, please educate me!

16.04.2 When one clicks on the gearswitch thing at top right (to log out or shutdown), there is a list of users, can this list be suppressed somehow?

Edited to add: Need to set this for all users, not just the logged in user.

Ubuntu 16.04.... If I enter sudo ssmtp [email protected] and type some text, then hit ctrl-d I get in the syslog:

Nov  4 15:18:58 garage-security sSMTP[27717]: 550 5.6.0 Invalid header found (see RFC2822 section 3.6)

But if I look at the message from cron in the syslog, I see

Nov  4 15:01:03 garage-security sSMTP[20685]: Sent mail for [email protected] (221 2.3.0 smtp01.wow.cmh.synacor.com closing connection) uid=0 username=root outbytes=761

Both ssmtp and sendmail fail in the same way. I dont understand why cron can send email but I cant from the command line - don't they both use the same config file? Can someone clue me in?