Author: rdircio

You need to install ip full by issuing: opkg update; opkg install ip-full

/etc/config/mwan3

config globals ‘globals’

config interface ‘wan’
option family ‘ipv4’
option initial_state ‘online’
option track_method ‘ping’
option check_quality ‘0’
option enabled ‘1’
option count ‘1’
option recovery_interval ‘1’
option reliability ‘1’
option interval ’20’
option size ‘8’
option max_ttl ’70’
option down ‘5’
option up ‘1’
option timeout ’10’
option failure_interval ‘3’
list track_ip ‘8.8.4.4’

config interface ‘wanb’
option family ‘ipv4’
option count ‘1’
option initial_state ‘online’
option track_method ‘ping’
option check_quality ‘0’
option enabled ‘1’
option reliability ‘1’
option recovery_interval ‘1’
option failure_interval ‘5’
option down ‘3’
option size ‘8’
option max_ttl ’70’
option timeout ‘8’
option interval ’60’
option up ‘1’
list track_ip ‘8.8.8.8’

config policy ‘balanced’
option last_resort ‘unreachable’
list use_member ‘wanb_m2_w2’
list use_member ‘wan_m1_w1’

config rule ‘default_rule’
option dest_ip ‘0.0.0.0/0’
option proto ‘all’
option use_policy ‘balanced’
option sticky ‘0’

config member ‘wan_m1_w1’
option interface ‘wan’
option metric ‘1’
option weight ‘1’

config member ‘wanb_m2_w2’
option interface ‘wanb’
option weight ‘2’
option metric ‘1’

config rule ‘https’
option dest_ip ‘0.0.0.0/0’
option dest_port ‘443’
option proto ‘tcp’
option sticky ‘1’
option use_policy ‘balanced’

This is the status:

root@router:~# mwan3 status
Interface status:
interface wan is online 00h:04m:25s, uptime 00h:36m:51s and tracking is active
interface wanb is online 00h:04m:20s, uptime 00h:37m:01s and tracking is active

Current ipv4 policies:
balanced:
wan (33%)
wanb (66%)

Current ipv6 policies:
balanced:
unreachable

Directly connected ipv4 networks:
127.0.0.0/8
192.168.0.0/24
224.0.0.0/3
192.168.3.0/24
192.168.5.0/24

Directly connected ipv6 networks:
fe80::/64

Active ipv4 user rules:
314 45085 – balanced all — * * 0.0.0.0/0 0.0.0.0/0
0 0 S https tcp — * * 0.0.0.0/0 0.0.0.0/0 multiport dports 443

Active ipv6 user rules:
12 1823 – balanced all * * ::/0 ::/0
0 0 S https tcp * * ::/0 ::/0 multiport dports 443

opkg list-upgradable | cut -f 1 -d ‘ ‘ | xargs opkg upgrade

# apt install unattended-upgrades

in /etc/apt/apt.conf.d/50unattended-upgrades

“Ubuntu:bionic-updates”;”Ubuntu:bionic-updates”;
Unattended-Upgrade::Remove-Unused-Kernel-Packages “true”;
Unattended-Upgrade::Automatic-Reboot “true”;
Unattended-Upgrade::Automatic-Reboot-Time “03:00”;

in /etc/apt/apt.conf.d/20auto-upgrades

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";

You can test running:

# unattended-upgrades –dry-run –debug

This is in /etc/apache2/sites-enabled/000-default.conf

Require all granted
ProxyPass /sonarr http://localhost:8989/sonarr
ProxyPassReverse /sonarr http://localhost:8989/sonarr
ProxyPass /radarr http://localhost:7878/radarr
ProxyPassReverse /radarr http://localhost:7878/radarr
ProxyPass /lidarr http://localhost:8686/lidarr
ProxyPassReverse /lidarr http://localhost:8686/lidarr
ProxyPass /jackett http://localhost:9117/jackett
ProxyPassReverse /jackett http://localhost:9117/jackett
ProxyPass /bazarr http://localhost:6767/bazarr
ProxyPassReverse /bazarr http://localhost:6767/bazarr
ProxyPass /headphones http://localhost:8181/headphones
ProxyPassReverse /headphones http://localhost:8181/headphones
RewriteRule ^/webmin$ /webmin/ [R]
ProxyPass /webmin http://localhost:10000/
ProxyPassReverse /webmin http://localhost:10000/

ProxyPass /cgi-bin/luci http://192.168.5.1/cgi-bin/luci
ProxyPassReverse /cgi-bin/luci http://192.168.5.1/cgi-bin/luci
ProxyPass /luci-static/ http://192.168.5.1/luci-static/
ProxyPassReverse /luci-static/ http://192.168.5.1/luci-static/

ProxyPass /deluge http://localhost:8112/
ProxyPassReverse / ProxyPassReverseCookiePath / /deluge RequestHeader set X-Deluge-Base “/deluge/” Order allow,deny Allow from all

1. Make sure mod_proxy is installed on your Apache webserver.
2. Add the following directives to the Apache configuration file:
   ProxyPass /webmin/ http://localhost:10000/
   ProxyPassReverse /webmin/ http://localhost:10000/
   SSLProxyEngine on
   <Proxy *>
   allow from all
   </Proxy>
3. Add the lines webprefix=/webmin and webprefixnoredir=1 to /etc/webmin/config.
4. Add the line cookiepath=/webmin to /etc/webmin/miniserv.conf.
5. In /etc/webmin/config, add the line referer=apachehost, where apachehost is the hostname from the URL used to access Webmin via Apache. If the referer line already has some hosts listed, add apachehost to it.
6. Re-start Webmin by running /etc/webmin/restart
7. Re-start Apache to apply the configuration

on server a:

sudo apt-get install apt-clone
apt-clone clone foo

copy foo.tar.gz to server b

on server b:

sudo apt-get install apt-clone
sudo apt-clone restore foo.apt-clone.tar.gz

change /usr/share/plymouth/themes/elementary/logo.png and logo_blurred.png

a proper size is like this:

root@Vaio-VGN-UX490N:/usr/share/plymouth/themes/elementary# identify logo.png.orig
logo.png.orig PNG 536×536 536×536+0+0 8-bit sRGB 47.4KB 0.000u 0:00.000

then run: update-initramfs -u

du -sk .[^.]* | sort -n

# vi /etc/default/grub

Then add the kernel boot parameter: video=SVIDEO-1:d, so it will look like this: GRUB_CMDLINE_LINUX_DEFAULT="quiet splash video=SVIDEO-1:d"

• update-grub
• reboot

Also, to get rid of

Failed to Set MokListRT: Invalid Parameter

sudo su -
cd /boot/efi/EFI/ubuntu
cp grubx64.efi shimx64.efi
reboot

To install wifi drivers simply

sudo ubuntu-drivers autoinstall

To silence the fan

 apt-get install macfanctld

edit /etc/macfanctl.conf

and make sure that you replace these lines:

temp_avg_floor: 55 #45
temp_avg_ceiling: 65 #55

temp_TC0P_floor: 55 #50
temp_TC0P_ceiling: 65 #58

temp_TG0P_floor: 55 #50
temp_TG0P_ceiling: 65 #58

Once you have edited you only have to restart macfanctl daemon just like:

service macfanctld restart

First, refresh all security info

subscription-manager refresh
yum clean all
yum repolist
yum updateinfo summary
yum updateinfo list security
yum updateinfo list available
yum updateinfo list bugzillas
yum updateinfo list security all
yum updateinfo list sec


Then you can apply only security updates

yum --security update

If you have the CVEs in a file

yum -y update `cat cves |while read c;do echo " --cve $c ";done|xargs`

reference: https://access.redhat.com/solutions/10021