=========================
== Eduardo Robles Site ==
=========================
Hola Mundo 🌮

Pages

About

Hi 👋 I'm Eduardo Robles

Linux nerd interested in Information Security, Cyber Security, Open Source, tacos, and coffee. I’ve been using Linux for 12+ yrs, still haven’t figured out how to exit Vim.

Founder of the South Texas Linux Users Group.

Resume

    Currently reading...
  • Dune Messiah by Frank Hebert
  • Lives of the Stoics by Ryan Holiday

I can be found at...

🐦 twitter – https://twitter.com/tacosandlinux

🤝 linkedin – https://www.linkedin.com/in/hello-im-eduardo/

📖 gitlab - https://gitlab.com/tacosandlinux

Contribute

Thanks

I enjoy sharing my knowledge with the public for free, and I hope you can see my enthusiasm as I bring to light my content.

If you enjoyed or found any of the content on my site helpful, you can buy me a cup of coffee so I can continue to bring you amazing content for free!

Buy Me a Coffee

Resume

RESUME

Posts

Accessing my homelab with Cloudflare

Cloudflare Access for my Homelab

I decided to use Cloudflare to setup a Secure Web Gateway and establish some Zero Trust access for my homelab services. Cloudflare offers a great service called “Cloudflare Access”. Basically it leverages Cloudflare’s edge network to create secure web routing. Setting up this service is just a matter of running a simple daemon. Once configured you setup Cloudflare DNS to route traffic. Let’s discuss how I setup Cloudflare Access. Create an SSH Bastion with Cloudflared Setup a Raspberry Pi with Raspberry Pi OS or Ubuntu

Install Cloudflared Ubuntu/Debian install

    wget -q https://bin.equinox.io/c/VdrWdbjqyF/cloudflared-stable-linux-amd64.deb
    dpkg -i cloudflared-stable-linux-amd64.deb

Raspberry Pi

    wget -q https://bin.equinox.io/c/VdrWdbjqyF/cloudflared-stable-linux-arm.tgz
    tar -xyzf cloudflared-stable-linux-arm.tgz
    sudo cp ./cloudflared /usr/local/bin
    sudo chmod +x /usr/local/bin/cloudflared
    cloudflared -v

Create a tunnel with Cloudflared

cloudflared tunnel login A browser window will open asking for authentication from Cloudflare. Setup a “Self-hosted App” on Cloudflare Teams.

See this https://developers.cloudflare.com/cloudflare-one/applications/configure-apps/self-hosted-apps Configure tunnel on Raspberry Pi (or jump host) Find tunnel Id

        cloudflared tunnel list

Create/Edit Cloudflared Configurations location: /home/pi/.cloudflared/config.yml= tunnel: TUNNEL_ID_GOES_HERE credentials-file: =/home/pi/.cloudflared/TUNNEL_ID.json

        ingress:
          - hostname: rterm.eduardorobles.com
            service: ssh://localhost:22
          - service: http_status:404

Execute the tunnel

        cloudflared tunnel run TUNNEL_NAME

Route DNS for tunnel

cloudflared tunnel route dns TUNNEL_ID rterm.eduardorobles.com Access Raspberry Pi (or jump host) In browser go to https://rterm.eduardorobles.com Go through the login steps and you should be able to login to your jump host Connect from a client machine Install Cloudflared Configure SSH Config

    Host rterm.eduardorobles.com
      ProxyCommand /usr/local/bin/cloudflared access ssh --hostname %h

Adding another service Add settings to config.yml file Delete old config file /etc/cloudflared/config.yml Install service again

Accessing All of my Services

If you followed along you can see that in the last step we can add multiple ingress rules. For each service you want to router traffic to simply add it your configurations. In the example above I setup SSH access to my Raspberry Pi. Cloudflare can even render the SSH session in the browser for you.

rendering an SSH session in the browser

You can setup another machine with SSH to proxy your connection. But adding multiple ingress points allows you to access any and all of your services. Since you are using a Secure Web Gateway, your services are not automatically open on the internet.

Starting a Homelab with Proxmox

I also a Zero Trust Policy was setup which allows for very locked down sites. I setup 2 Factor Authentication for my Web Gateway. In the end I feel happy with the results and recommend anyone try Cloudflare Access. The Beginning

So if you hadn’t heard of the idea of a “homelab”, let me give you the quick run down of what is a “homelab”. Basically, a homelab is a collection of technologies (hardware and software) that you install, maintain, and configure in your home. Imagine a datacenter in your home or an electronics lab can also be a homelab. At the heart of the homelab movement is the idea of tinkering and learning.

Inspired by the idea of tinkering and learning I went down the path of building my own homelab. Luckily you don’t need a lot to started, older hardware can be a great start for beginners. That’s were my trusty old Dell Xeon workstation comes in. I was gifted this Dell Xeon workstation from a former client and I used it as a Ubuntu workstation for many years. It is a great machine and despite its age work like a champ. Unfortunately, it’s loud and does not meet the “Wife Approval Factor”. To keep my wife and to start a new journey for this Dell, I decided to turn into my Proxmox machine! The Homelab

Now what is Proxmox?

Proxmox is Type 1 Hypervisor that you can install on your own hardware. It allows you to run multiple Virtual Machines and Linux Containers (LXC). This is how I’m going be able to run various technologies in my home. Proxmox is a great hypervisor, it’s user friendly and built on a stable Debian base. I’m quite comfortable on Debian based distros, so going with Proxmox was a no-brainer. The Services

In order to stay a bit organized I made a list of services/technologies I wanted to run on my homelab. Below are the services I currently have installed.

File server

Plex server

Syncthing

Git server

Home Assistant

GNS3 VM

Installation of Fog Project 1.5.8

Hi there!

Follow along with me in this video as I install Fog Server. To learn more about Fog Project check out there website https://fogproject.org/. The installation is done with a simple script that you download from the project website.

For this example I used Cent OS which you can get at the website here https://centos.org. You can use a Debian based OS as well but I chose Cent OS.

Somethings to keep in mind:

  1. Never run as root. Create a user and elevate privileges.
  2. Be sure to have a password ready, during the installation you will be prompted to create a MySQL account for the database.
  3. The Fog Project login page is located at http://localhost.lan/fog/management
  4. The installation can take a while so be patient.

SSH Port Forward a VNC Connection

Recently I wanted to access a Virtual Machine I had created on my desktop from my laptop. I had access to the desktop via SSH but I wanted access to the virtual machine. To make things more interesting I wanted to access the VM(virtual machine) via a graphical interface.

So I figured out that I could use SSH to “port forward” the VNC connection from the desktop to my laptop. It’s actually very easy and only requires a few basic SSH commands. All you have to know before hand is the IP addresses and ports of the application and what port you want to connect to locally.

Definitions:

pc-1: Is the computer you are connecting from, in this case the laptop.

pc-2: Is the computer you are connecting to, in this case the desktop with the VM.

So I use KVM to run the VM, so to get the VNC port from the running VM do the following.

sudo virsh dumpxml NameOfVM | grep vnc

You should see an output like this one.

This tells you that KVM is running vnc on port 5901 on address 127.0.0.1 (localhost) for this virtual machine. Now it’s time to connect to the virtual machine from pc-1.

In pc-1 run the following command to create an SSH tunnel that port forward the VNC connection.

ssh [email protected] -L 5901:127.0.0.1:5901

What is is command doing?

ssh [email protected] is establishing the SSH connection to pc-2 with the user “user”. In your case, the user and IP address might be different e.g [email protected]

-L 5901:127.0.0.1:5901 is telling SSH agent to create a tunnel using local port 5901 and bind it to the remote machine address 127.0.0.1 on port 5901. The address on the remote machine might be different so that’s why we ran the virsh command to find it.

Now that the SSH tunnel is established connect to the VM via VNC. You can use any remote viewer software like Remmina, TightVNC, or even Remote Viewer (part of Virtual Machine Viewer). Simply connect with the following parameters.

vnc://localhost:5901

And the VNC connection should open up and start working. You can do everything you could locally via a remote VNC connection. Once you are done simply close the VNC connection and exit the SSH session.

In this tutorial I showed how to this in KVM but VirtualBox and VMware have their own methods of doing this. Simply search for “headless” virtual machine for each to find out how to accomplish the same procedure.

Congrats, you are now running a headless VM with a secure connection. SSH is cool tool that can do alot and if you combine it with other tools you can accomplish even more.

My 2020 Ubuntu Laptop Setup

New Year, New Setup

Ubuntu 19.10 Desktop

I began the new year by buying a new 500GB SSD. My laptop had 2 drives: a 32GB SSD was my /root drive and a 120GB SSD was /home partition. This served me just well but obviously I would run out of space quickly if I was working with virtual machines. With a new drive I had to make the decision to start from scratch or use backups. I decided to start from scratch mainly because I wanted a clean and fast experience. Operating System

Though I have used Pop!OS in the past this time around I decided to install Ubuntu 19.10. I have Ubuntu 19.10 installed on my desktop and I really enjoyed it’s speed and perfomance. Plus it helps to know that both my laptop and desktop are running the same OS and version. Other distro’s I considered were: Fedora, and Manjaro. Theme

I recently came acros the Dracula theme for Emacs and I decided I needed this theme everywhere. Luckily you can go to https://draculatheme.com/ and see all the theme options for a lot of apps. Apps

This is a list of my go to apps.

Emacs

Spotify

Evolution (Email client)

Audacity

Tizonia (Spotify terminal client)

VLC

Keybase

Other apps I install depending on the use case:

VPN

Audacity

Open Broadcaster

GNOME Tweaks

Syncthing

Chromium

Configurations

Ok, so let’s talk how I setup my laptop the quickest way possible. Sign into my Google account in GNOME online accounts.

This is to have Evolution setup as soon as it’s installed and launched. Run my setup scripts

I came across this great post by software dev Victoria Drake. She wrote a great bash script that she uses to setup her Ubuntu laptop (or even a VM). So I cloned it and modified it for my use. Here are some key take aways.

# Snap packages

sudo snap install spotify

sudo snap install chromium

sudo snap install tizonia

# GNOME
install gnome-tweaks

# File Backup
install deja-dup
install git
install curl

# add more apps as needed

This is the script that is called to install my apps. This is only an example, in the real world I edited the script to add or remove apps that I wanted installed or removed. Another part of my setup scripts is the desktop.sh script.

# Set GNOME Settings
gsettings set org.gnome.desktop.wm.preferences titlebar-font 'IBM Plex Sans Bold 11'
gsettings set org.gnome.desktop.interface monospace-font-name 'IBM Plex Mono 13'
gsettings set org.gnome.desktop.interface document-font-name 'IBM Plex Sans Medium 11'
gsettings set org.gnome.desktop.interface font-name 'IBM Plex Sans 11'

Ubuntu 19.10 Terminal Dracula Theme

I use this script to setup my fonts. It downloads IBM Plex font and installs it on my system. I love this font and thus I use it everywhere. My setup scripts do other things depending on what I want to do, like setup some PPA’s or change other GNOME settings.

One thing that I found after I setup my laptop was this great script to change the terminal theme. It’s called Gogh and you can find it here https://github.com/Mayccoll/Gogh. GPG, Git, and Emacs setup

I do the basic GPG configurations, like download my GPG keys and setup my SSH keys. I also setup Git by adding SSH login, user name and email. Then I setup Emacs by downloading my configuration from my private repo. I set Emacs to run in daemon mode cause it’s faster than lighting this way :smile:. To run Emacs in daemon mode I simply run systemctl --user enable emacs.service and systemctl start emacs.service.

Emacs 26.3 And that’s it

Fixing Grub on a Dual Boot

The setup scripts do most of the grunt work. So I simply run them and a few minutes later all my apps and laptop is setup. After I do some post installation tweaks I’m ready to get to work in about 15 minutes. So I hope you all found this post insightful and useful. Some things that I didn’t discuss here but I did do were: I encrypted my drive on initial installation and I downloaded updates while I installed Ubuntu. I recently decided to move my Ubuntu installation from my laptop to my desktop without having to reinstall. So basically all I wanted to do is move the SSD (which had Ubuntu 19.10 installed) in my laptop to my desktop. This process is not hard at all but in my case it was a little more complicated. I wanted to do a dual boot on my desktop computer with 2 different hard drives. One spinning disk hard drive will have a Windows 10 installation while the SSD from my laptop will have Ubuntu 19.10. Again I did not want to do any reinstall of Windows 10 or Ubuntu. So how can you accomplish this? Simple with the command update-grub.

First I removed the SSD in the laptop and installed it in my desktop. I ensured that it was on the first SATA port so it can be the first hard drive the system recognizes. Once installed I booted up the computer and Ubuntu booted up correctly. Ok, so now I knew Ubuntu worked fine on the desktop.

Next, I had to update grub inside of Ubuntu in order to add the Windows 10 disk to my boot order. Grub is actually pretty good at adding additional operating systems to the boot order. So turned off the computer ensured that my drives were in the correct SATA ports. After this step I ran into a small problem, Grub was not updating inside my Ubuntu installation. So I decided to boot into a Linux LiveUSB to help troubleshoot the errors.

Inside the LiveUSB Linux environment I used a chroot environment to reach my Ubuntu 19.10 installation. To do so simply follow these steps.

sudo mount /dev/sdaX /mnt

for i in /dev/ /dev/pts /proc /sys /run; do sudo mount -B $i /mnt$i; done

sudo chroot /mnt

Once in the chroot environment I ran update-grub and I still got an error. So I decided it would be best to simply reinstall grub. To do so simply run reinstall grub-pc (if you’re on a efi system please use grub-efi-amd64). This command worked and prompted me to chose where I wanted to install grub. I chose on the main disk since this is where I wanted to have grub installed. Once that process was done, I rebooted the system and was prompted with a working grub boot screen with both operating systems showing up correctly.

Tip: If you want to customize your Grub boot screen you can do with the app Grub Customizer. Simply install it with sudo apt install grub-customizer. This allows you to add a background to Grub bootscreen, change the boot order, and much more.

DuckDuckGo Mobile Browser

I blogged before about switching from Firefox Focus to DuckDuckGo mobile. Now it’s been 3 weeks since I made the switch and I wanted to do a quick post about my experience.

First, it’s going great. I really like the fact that a search widget is included. I replaced the Google search with DuckDuckGo and I find myself using it a lot more. Which is great because I really like using DuckDuckGo as my default search engine.

Another great feature is the snappy-ness of the browser. DuckDuckGo mobile “feels” faster that Firefox Focus. I don’t know if that’s because it was built with Chromium but it just feels faster. I was never really bothered by FF’s slowness but pages to render faster in DuckDuckGo.

Also it’s been nice to have the option to have multiple tabs open. This was possible in FF but it was not as intuitive as it is DuckDuckGo. Though the ability to delete all tabs with one click is rock solid on both browsers.

The one down side that I really experienced was the fact that not all apps were able to send URL links to DuckDuckGo mobile. For example, when I click on a link in a Youtube video description I do not get the option to open it in DuckDuckGo. I only get regular Firefox or Chrome. When I had Firefox Focus installed I could open that same link easily.

Overall I am really happy with DuckDuckGo mobile and I would recommend it for anyone wanting a “privacy” browser. I still using Firefox Focus and may download it again in the future. But for now I’m sticking with DuckDuckGo mobile.

Region One Cybersecurity Summit 2019

Region One hosted a Cybersecurity Summit for 2019 in Edinburg, TX. The event was free and I signed up to attend. It was a great event that had many great presenters. The theme of the summit was Cybersecurity on a regional level. Here are some of the talks I attended and the takeaways I got from them.

Reduce Your Cybersecurity Risk and Get Complaint with SB 820

– Develop Policy: use already established policies as blueprints – Items to invest in: Malware protection/Endpoint protection, Firewalls, IDS/IPS, Spam Filtering, Log Monitoring

Sharpen your Cybersecurity Skills in 1 Hour

– Leverage free courses

– Practice as much as possible (1 hour a day)

– Find and compete in Cybersecurity competitions

Ransomware: How to Detect, Prevent, and Respond

– “Not a matter of If but When”

– Leverage immutable storage

– Develop strategies and policies.

Escape Rooms Challenge at STC

To help celebrate National CyberSecurity Awareness month the Information Security office at South Texas College created an “Escape Room” challenge. I got to participate in this years festivities. I like the challenge of doing escape rooms so one that had a cybersecurity theme seemed even more fun. The activity was quite fun despite not being able to “escape” in time.

The challenge consisted of finding the decryption key to decrypt a computer that was attacked with Ransomware. The whole exercise was intended to show the damaging effects ransomware can have on a business or institution. After the challenge the moderators gave a brief talk on tips and tricks to securing your online identities and business.

Firefox Focus

I have been using Firefox Focus for about half a year now. I came to use because I was using Chrome and simply got paranoid of what stuff Google was collecting via Chrome. So I made the switch to Firefox on my PC and started using Firefox for Android. Now before I started using Firefox Focus I was using Brave Browser for Android.

Brave Browser is a Chromium based browser that tauts privacy for the end user. Since I became paranoid of Google I naturally was paranoid of Google based technologies. Chromium though open source is a Google project. It’s development is steered by Google. So Google has a vested interest in Chromium. While making the switch to Firefox I came to learn about Firefox Focus via a Mozilla Newsletter. So I downloaded it and gave it a try.

It was a bit weird getting used to it but after a while it was my default mobile browser. What made it great was the fact that my history was deleted after each use. I never had to worry about cookies or deleting search history. It kept my browsing experience as pure and fast as possible.

This is why I was a bit disappointed at the latest update. The app started to have memory leak issues. Causing some battery drain on my phone. The issue wasn’t all that bad but it was annoying enough that I just unistalled the app.

But I loved having a mobile browser that deleted search and use history after each use. When I looked in the Google Play store for other mobile browsers, DuckDuckGo, was recommnended. DuckDuckGo is my favorite search engine, so I was excited to see they offered a mobile browser. And it was highly rated (4.7 out 5) with a lot of positive reviews. I decided to give it a try.

On first impressions I really like it and it feels faster than Firefox Focus. Plus if I want I can get DuckDuckGo browser via F-Droid store too. It’s only been a few days since I downloaded it but so far I’m really impressed with it. I’ll continue to test it out and see if I stick to it or go back to Firefox Focus.

My thoughts on “The Alchemist” by Paulo Coelho

The Alchemist by Paulo Coelho

Since I have been reading “self-help” books my wife suggested I check out The Alchemist. Luckily she owned a copy, so I grabbed it from our bookshelf and stuffed it in my backpack. I gotta say that I really enjoyed this book. I can now see why so many people consider it a “self-help”, book. Here are a two of my favorite passages:

My heart is afraid that it will have to suffer”, the boy told the alchemist one night as they looked up at the moonless sky.

“Tell your heart that the fear of suffering is worse that the suffering itself. And that no heart has ever suffered when it goes in search of its dreams, because every second of the search is a second’s encounter with God and with eternity”.

I loved this part because it closely aligns with my own personal beliefs on suffering. You cannot hope to succeed without a bit of hard work.

“Every second of the search is an encounter with God”, the boy told his heart. “When I have been truly searching for my treasure, every day has been luminous, because I’ve know that every hour was a part of the dream that I find it. When I have been truly searching for my treasure, I’ve discovered things along the way that I never would have seen had I not had the courage to try things that seemed impossible for a shepherd to achieve”.

I got teary eyed when reading this part. It’s funny how sometimes you read something and it spurs such a deep emotion. That’s how I felt reading this part in the book. I’ve always characterized myself as an optimist and I believe that it takes a bit of courage to remain an optimist in this day and age.

My thoughts on “Smarter Faster Better: The Transformative Power of Real Productivity” by Charles Duhigg

Smarter Faster Better: The Transformative Power of Real Productivity by Charles Duhigg

I had heard so much of Charles Duhigg from many “entrepreneurial youtubers”, so naturally I became curious of his work. Most people recommend his book The Power of Habit, I even remember a colleague reading it. But I didn’t find a copy of it at my local library but I did find a copy of Smarter Faster Better instead. Oh boy was I happy with this book. I highly recommend this book for anyone, especially if you are looking for ways to be more “productive”. The book is full of stories of how people, organizations, or businesses overcame serious obstacles to come out on top. Here’s my favorite part from the book.

This, ultimately, is one of the most important lessons of places such as NUMMI and the lean and agile philosophies: Employees work smarter and better when they believed they have more decision-making authority and when they believe their colleagues are committed to their success. A sense of control can fuel motivations, people need to know their suggestions won’t be ignored, that their mistakes won’t be held against them. And they need to know that everyone else has their back.

There has been very few work environments where I felt trust between myself and management. This always left me alienated and demotivated. But I’ve had other jobs where I truly felt like I was part of the team. Those were great jobs and enjoyed my time at them. Not just because it was a fun working environment but because at the end of the day I felt that my work meant something.

Why I got a Library Card in 2019

I was having a conversation with my wife and I said to her “You know, I feel like I’m getting dumber”. We both laughed out loud at my ridiculous statement, she then asked why I felt that. The reason I was l feeling like that was because I was simply spending too much time on other silly distractions. And no it wasn’t just “social media”, I tend to go down YouTube rabbit holes too. So I decided to try a small experiment. Reading.

In high school I read quite a bit, I was a lector at my church which required me to read the Bible. Though I never read the Bible for fun, just for my role as lector. Then in college my degree required a lot of reading. Every semester I must have read at least 10 books plus academic journal articles. So I did plenty of reading during that time in my life and I guess I got burned out on reading. I know this happens to many people but many get back to reading soon after. For me it was years since I had read a book from cover to cover.

So in the end I decided I wanted to read more. But starting something is always the hardest part of any project. I wanted to read more but I didn’t want to spend money on books that I wasn’t sure I’d like reading. My solution, the local library! I went down one Sunday afternoon and asked for a library card. I got a card in 15 minutes I got card and checked out my first book.

Lucky for me my local library has a great selection of books. Plus they are part of a regional system which allows me to find more book across libraries in the county. In the end I checked out a book title Why Buddhism is True by Robert Wright. I read it in the 2 weeks checkout period and I really enjoyed the book.

in the end I’ve been reading more and taking full advantage of free books at my local library. So if you want to get into reading go get a library card and checkout a few books.

Reset Windows Password with Linux

Ever needed to reset your Windows password but forgot to make a Windows Reset Password disk? If so, you can easily reset a Windows Users password with a Live Linux USB. Let’s see just how easy it is to so.

If you don’t a Live Linux USB go ahead an create one. This tutorial is Ubuntu based so any Ubuntu flavor will work. And you will need a working internet connection to download software. Start the computer and boot into the Live Linux environment. Once in the Live Linux environment make sure you connect to the internet and open a terminal. You will need to install tool called chntpw. So ahead and run the following command to install chntpw apt-get install chntpw Once installed you will have to mount the hard drive that has Windows installed. There are many ways of doing this but you can use the File Manager (Nautilus in Ubuntu) to make things easy. Once you have the Windows Harddrive mounted go to the following directory /windowsHarddrive/Windows/System32/config/ Now that you are at the correct directory, right click and chose Open With Terminal Here. In the terminal simply type the following command to interact with chntpwsudo chntpw SAM Now you are editing the Administrator user if you would like to edit another user use this command.sudo chntpw -u USERYOUWANTTOEDIT SAM After you’ve chosen your user it’s time to reset their password. Simply type 1 in ther User Edit Menu. And then chose y when prompted to Write hive files Then to quit type q and this will exit chntpw Close the terminal and restart your computer making sure to remove the Live Linux USB. You should boot into Windows desktop directly without any login. Be sure to add a new password!

Congratulations you have successfully reset your Windows with Linux! And that’s it!

Relaunching my personal website

Leaving social media

So this week I found myself falling down a crazy rabbit hole. It all happened when I watched this video on the indieweb concept. I was hooked on the idea and philosophy of the indeweb! Just recently I had been putting a lot of thought on leaving social media behind. But of course in this day and age doing that is much easier said than done. Still I had this gut feeling telling me that I just didn’t want to be on platforms like facebook any more. Indieweb FTW

One of the core concepts of the indieweb is to “own”, your content. This is the by far the thing that drew me into the movement. Over the past 2 month I had relaunched my business website and stepped up my video creation. I was happy that I was writing more original content and creating at my own pace. But after watching that video I knew I had to do more with ALL of my content. Oh boy we sometime forget just how much content we create on a daily basis. Indieweb movement tries to get you to understand your content and most importantly allows you to put out onto the world the way you want it. So here we are

This site was relaunched with wordpress and with indieweb principles in mind. I’m happy I took the plunge even though it drove me a bit crazy at times. I think I’ll do more of a deep dive on all the moving parts in a later post. But it feels good to be taking control of my content, soon I’ll be saying goodbye to social media!