Troubleshooting

This Section of the document will describe how to use and troubleshoot several utility applications that are available on Arch Linux.

Cron Tab

The Cron tab can be used to schedule actions on your computer. More information can be found on the cron tab from the Arch Linux Cron Wiki. First we need to see if Cron is installed with the following command.

which cron

If the above command does not return anything, then we need to install cron with the following command.

sudo pacman -S cronie

The cron tab has the folllowing format.

# Crontab file for jonwebb
# https://www.youtube.com/watch?v=IPLFpqPAn5A for examples
# https://www.youtube.com/watch?v=QZJ1drMQz1A for more examples
# |-------------- minute (0 -59)
# | |---------------- hour (0 -23)
# | | |------------------ day of month (1 - 31)
# | | | |-------------------- month (1 -12)
# | | | | |---------------------- day of week (0 - 6) (Sunday to Saturday)
# | | | | |                                           7 is also Sunday on some systems
# | | | | |
# | | | | |
# * * * * *

The cron files are stored in /var/spool/username. The root cron files are stored in /etc/cron.d.

Fail2Ban Configuration

Fail2ban is a utility that helps manage the security of our system. More information on Fail2ban can be found at the Arch Linux Fail2Ban Wiki #. First check to see if fail2ban is already installed

which fail2ban

If the response to the above command returns nothing, then fail2ban is not installed. The command to install fail2ban is shown below;

sudo pacman -S fail2ban

  1. Transition to root user

    su

    Enter your root password when prompted.

  2. Edit the fail2ban file

    cd /etc
nvim fail2ban/fail2ban.conf

  3. Set dpurge to 7d, which will purge the banned list once every 7 days.

  4. Close and save the fail2ban.conf file.

  5. Copy the fail2ban.conf file to fail2ban.local

    cp fail2ban/fail2ban.conf fail2ban/fail2ban.local

  6. Configure jail.conf

    nvim /fail2ban/jail

    Find # ignoreip and uncomment it. Write the ip address of any addresses that you do not want banned for incorrectly logging in.

    Set findtime to 7m Set maxretry to 3 Set bantime to 1h Set send and recieve e-mails to your preferred e-mail address for notifications Enable all relevant attack vectors

  7. Close the jail.conf file.

  8. Copy jail.conf to jail.local

    cp fail2ban/jail.conf fail2ban/jail.local

rsync

Rsync is a utility that allows a user to transfer information from one hard drive to another. This is useful for conducting backups and for transmitting information over an ssh socket. More information on the rsync utility can be found at the Arch Linux rsync Wiki

  1. If rsync is not installed, install it with the following command.

    sudo pacman -S rsync

  2. The rest of this section will be predicated on the process of backing up the home directory to a thumb drive. For the sake of this section assume the backup drive is located at /run/media/username/drive_1.

  3. The first time backing up the home directory, use the following command.

    rsync -arvn --dry-run home/ /run/media/username/drive_1

    The above command will only test to ensure that you are backing up the right information, but will not back it up.

  4. Assuming the above command was successful then proceed with the following command

    rsync -arv /home/username /run/media/username/drive_1

    Every time after this, run

    rsync -arv --delete /home/username/ /run/media/username/drive_1

    The above command will delete files on the tumb drive, which were in a previous backup, but deleted from the primary server since the last backup.

SSH Configuration

SSH is a utility that allows us to log into one computer or server from another computer or server. This section will walk a reader through the process of configuring ssh on the client and server side. More information can be found on the Arch Linux ssh Wiki

Client Side

  1. Verify that openssh is installed

    which ssh

    if the above command returns nothing, then openssh is not installed and needs to be installed

    sudo pacman -S openssh

  2. Verify that you can ssh into the server of interest, then exit the server. This assumes that the reader knows the ip and port number of the server they are logging into. In addition, the user can ommit the < and > symbols when they enter the appropriate information. If you are trying to set up the ability to ssh into a fresh install, the port number is likely 22. This command should prompt the user for a password given to them by the server administratory.

    ssh -p <portnumber> <username>@<ipaddress>

    Assuming the reader was succesful in ssh’ing into the server, then exit the server by simultaneously pressing the Control and d keys.

  3. Generate public/private key set if the server allows you to create one on your computer and send it to the server.

    1. If a .ssh directory does not exist in your home directory, then create;

      mkdir ~/.ssh

    2. Change to the .ssh directory.

      cd ~/.ssh

    3. Generate the ssh key with the following command. They keytape can be rsa, dsa, ecdsa, or ed25519. The defauly keytype is rsa but I prefer to use ed25519. The description should be one word.

      ssh-keygen -t <keytype> -C <brief_description>

    4. Rename the key to something descriptive of its use. Renaming should include the path length when prompted.

    5. Give the key a passphrase, preferable different than the password used in step 2.

    6. The completion of the above commands should generate a public .pub password file and a private password file. Never expose the private key.

  4. Send the publick key to the server

    1. Send the key to the server

      ssh-copy-id -i ~/.ssh/<key_name.pub> <username>@<ipaddress>

    2. Enter the password

    3. Verify the key works

      ssh -p <portnumber> <username>@<ipaddress>

      In the server, ensure that you are in the .ssh directory and verify that the authorized key file contains your password.

    4. Exit by depressing Control-d

  5. Associate the key on your computer with the server

    1. Associate key

      ssh -i ~/.ssh/<private_key> <username>@<ipaddress>

      This should require the passphrase to be entered, not the password

    2. Connect

      ssh -p <portnumber> <username>@<ipaddress>

      Type the passphrase, not the password

  6. Configure the computer to remember the passphrase

    1. Determine if the ssh-agent is turned on

      ps aux | grep ssh-agent

      If the output has th eword grep in it, it is not active.

    2. Enable ssh-agent if it is not running.

      eval "$(ssh-agent)"

      Repeat step the previous to ensure ssh-agent is running.

    3. Add key to ssh-agent

      ssh-add ~/.ssh/<private_key_name>

      Enter the passphrase. ssh into the client to see if it requests they passphrase. If it asks for the passphrase then the reader made a mistake and should repreat the previous step. Control-d to leave the server

  7. Set up the config file

    1. cd into the .ssh directory

      cd ~/.ssh

    2. Create a file titled config

      nvim config

      Add the following information to the config file

      Host <user_defined_short_name>
Hostname <ip_address>
Port <portnumber>
User <username>
IdentityFile ~/.ssh/<private_key_name>

  8. From now on you can log onto the server by typing

    ssh <user_defined_short_name>

Server Side

  1. Verify that the server ssh client exists.

    which sshd

    If the server side client does not exist, then install it.

    sudo pacman -S ssh-server

  2. Check the status of sshd

    systemctl status sshd

  3. If necessary we can restart, stop, or enable sshd

    systemctl restart sshd
systemctl stop sshd
systemctl start sshd
systemctl enable sshd

  4. Modify the ssh_config file.

    1. cd to the appropriate directory

    cd /etc/ssh

**WARNING** Do not delete any files in this directory

    1. Open the config file

    sudo nvim sshd_config

    1. If Port is set to 22, set it to any other larger number. You will need to ensure this is reflected on the client side config file.

    2. Add specific users after the Allowusers keyword

    3. Reset PermitRootLogin from prohibit-password to no.

      NOTE: Ensure there is a sshkey relationship between all clients before doing this.

    4. Restart and re-enable the ssh server using the previous commands.

  5. Lock down the server side files.

    1. Lock down the authorized_keys file.

    chmod 400 ~/.ssh/authorized_keys

    1. Set an immutable bit on the authorized_keys file. This may require super user privileges

    2. chattr +i ~/.ssh/authorized_keys

    3. Repeat the previous step on the .ssh directory

    chattr +i ~/.ssh

    1. Immutable bits can be un-set with the following commands

    chatter -i ~/.ssh/authorized_keys
chattr -i ~/.ssh

  6. Login attempts can be viewed with the journalctl command.

    journalctl --since "5 min ago"

USB

This section will describe how to locate and modify a drive connected via a USB port.

Determine Mount Location

To determine where a drive is located, type the following command

df -l

For this example lets assume the drive is located at /dev/sda1. In order to unmount the drive type

sudo umount /dev/sda1

Also to format the drive to a Linux format if necessary type the following;

sudo mkfs.ext4 /dev/sda1

Rename the Drive

In order to rename a drive we need to ensure that e2label is installed.

which e2label

If it is not installed, then install e2label

sudo pacman -S e2label

Finally we can re-label the drive with the following command

sudo e2label /dev/sda1 user_defined_drive_name

Update Arch

Arch Linux is a rolling distribution and should be updated once every one to three days. The following are the steps that are necessary to update your distribution. NOTE: More information on the update process can be found at the Arch Linux Update Wilki page.

  1. Prior to an update, make sure you have backed up the hard drive.

  2. Check to see if any systemd services have failed.

    systemctl --failed

  3. Look for any errors in the log files located in /var/log.

    journtalctl -b

  4. Update Arch Linux packages.

    sudo pacman -Syu

  5. Update AUR packages.

    yay -Syu

  6. Clean up residual Arch packages.

    sudo pacman -Sc

  7. Clean up residual AUR packages.

    yay -Sc

  8. Remove any unused Arch packages

    sudo pacman -Qtdq

  9. Remove any unused AUR packages

    yay -Yc

  10. Check the size of the cache

    du -sh ~/.cache/

  11. Delete any cached documents if necessary

    rm -rf ~/.cache/*

  12. Delete journal files older than 2 days old

    journalctl --vacume-time=2d

  13. Reboot the computer

    reboot