LedHed's Wiki - User contributions [en]

ADCS HTTP CDP

2025-09-25T04:00:25Z

Ledhed:

== Overview ==
CRL Distribution Point (CDP) must be published in a certificate to that the client can verify whether a certificate has been revoked. By default Active Directory Certificate Services (ADCS) publishes these in LDAP and adds them to the CDP/AIA settings of the certificate template. This is less than ideal because not all devices on the network have access to query LDAP (at least they shouldn't if you have your LDAP to require authentication). The solution to this is to publish CDP/AIA information on a web/http server that all devices on the network can access.

== Quick -n- Dirty ==
* Create DNS entries (pki.yourdomain.tld or crl.yourdomain.tld, etc...)
* Install IIS (not on the server hosting ADCS)
* Create a directory named (CRL, CDP, PKI, etc...)
* Share that directory (hide it with a trailing $, PKI$), granting the 'CertPublishers' AD group read/write access (this should grant the ADCS Root CA access to publish the CRL file)
* Create virtual directory pointing to the directory you just created (PKI)
* Add the following entries to the Certificate Template's CDP settings under the Extensions tab
<pre>
file:\\pki.yourdomain.tld\CDP$\<CaName><CRLNameSuffix>.crl
http://pki.yourdomain.tld/<CaName><CRLNameSuffix>.crl
</pre>
* The file:// entry will cause the CA to publish the CRL to this path any time a new CRL is generated
* The http:// entry will tell the client where to find the CRL via the http protocol
* Add the following entry to the Certificate Template's AIA settings under the Extensions tab
<pre>
http://pki.yourdomain.tld/<CaName><CRLNameSuffix>.crl
</pre>

== Reference ==
https://security.stackexchange.com/questions/206243/how-to-automate-publication-of-crl-and-crt-files-to-cdp-and-aia-location 
https://www.youtube.com/watch?v=U9gDL4GsJxs

[[Category:Windows]]
[[Category:Active Directory]]
[[Category:PKI]]

ADCS HTTP CDP

2025-09-25T03:57:42Z

Ledhed:

== Overview ==
CRL Distribution Point (CDP) must be published in a certificate to that the client can verify whether a certificate has been revoked. By default Active Directory Certificate Services (ADCS) publishes these in LDAP and adds them to the CDP/AIA settings of the certificate template. This is less than ideal because not all devices on the network have access to query LDAP (at least they shouldn't if you have your LDAP to require authentication). The solution to this is to publish CDP/AIA information on a web/http server that all devices on the network can access.

== Quick -n- Dirty ==
* Create DNS entries (pki.yourdomain.tld or crl.yourdomain.tld, etc...)
* Install IIS (not on the server hosting ADCS)
* Create a directory named (CRL, CDP, PKI, etc...)
* Share that directory (hide it with a trailing $, PKI$), granting the 'CertPublishers' AD group read/write access (this should grant the ADCS Root CA access to publish the CRL file)
* Create virtual directory pointing to the directory you just created (PKI)
* Add the following entries to the Certificate Template's CDP settings under the Extensions tab
file:\\pki.yourdomain.tld\CDP$\<CaName><CRLNameSuffix>.crl
http://pki.yourdomain.tld/<CaName><CRLNameSuffix>.crl
* The file:// entry will cause the CA to publish the CRL to this path any time a new CRL is generated
* The http:// entry will tell the client where to find the CRL via the http protocol
* Add the following entry to the Certificate Template's AIA settings under the Extensions tab
http://pki.yourdomain.tld/<CaName><CRLNameSuffix>.crl

== Reference ==
https://security.stackexchange.com/questions/206243/how-to-automate-publication-of-crl-and-crt-files-to-cdp-and-aia-location 
https://www.youtube.com/watch?v=U9gDL4GsJxs

[[Category:Windows]]
[[Category:Active Directory]]
[[Category:PKI]]

ADCS HTTP CDP

2025-09-25T03:57:17Z

Ledhed: Created page with "== Overview == CRL Distribution Point (CDP) must be published in a certificate to that the client can verify whether a certificate has been revoked. By default Active Director..."

== Overview ==
CRL Distribution Point (CDP) must be published in a certificate to that the client can verify whether a certificate has been revoked. By default Active Directory Certificate Services (ADCS) publishes these in LDAP and adds them to the CDP/AIA settings of the certificate template. This is less than ideal because not all devices on the network have access to query LDAP (at least they shouldn't if you have your LDAP to require authentication). The solution to this is to publish CDP/AIA information on a web/http server that all devices on the network can access.

== Quick -n- Dirty ==
* Create DNS entries (pki.yourdomain.tld or crl.yourdomain.tld, etc...)
* Install IIS (not on the server hosting ADCS)
* Create a directory named (CRL, CDP, PKI, etc...)
* Share that directory (hide it with a trailing $, PKI$), granting the 'CertPublishers' AD group read/write access (this should grant the ADCS Root CA access to publish the CRL file)
* Create virtual directory pointing to the directory you just created (PKI)
* Add the following entries to the Certificate Template's CDP settings under the Extensions tab
file:\\pki.yourdomain.tld\CDP$\<CaName><CRLNameSuffix>.crl
http://pki.yourdomain.tld/<CaName><CRLNameSuffix>.crl
* The file:// entry will cause the CA to publish the CRL to this path any time a new CRL is generated
* The http:// entry will tell the client where to find the CRL via the http protocol
* Add the following entry to the Certificate Template's AIA settings under the Extensions tab
http://pki.yourdomain.tld/<CaName><CRLNameSuffix>.crl

== Reference ==
https://security.stackexchange.com/questions/206243/how-to-automate-publication-of-crl-and-crt-files-to-cdp-and-aia-location
https://www.youtube.com/watch?v=U9gDL4GsJxs

[[Category:Windows]]
[[Category:Active Directory]]
[[Category:PKI]]

Category:PKI

2025-09-25T03:39:50Z

Ledhed: Created page with " Category:Tech_Notes "

[[ Category:Tech_Notes ]]

Linux Commands

2025-01-07T11:26:17Z

Ledhed:

Linux Commands that I rarely use and often forget.
 
 

== Print Working Directory (pwd) ==

pwd = (Print Working Directory) Displays the current directory you're in. 

== Network Map (nmap) ==

nmap = (Network Map) Utility that displays open network ports. 
''Basic usage: nmap 192.168.0.1 ''
 

== String Filter (grep) ==

grep = Hard to explain, Filtering utility. 
''Basic usage: grep 'FilterString' filename 
''Usefull grep options:''
-i 'FilterString' = case insensitive
-b # = Display # number of lines BEFORE a match
-a # = Display # number of lines AFTER a match
-v = Invert Match or Exclusion
'FilterString1\|FilterString2\|FilterString3' = Multiple Filters
 
'''Remove Comments from files'''
grep -v '#' FileName1 > FileName2
 
'''Remove Whitespace from files'''
grep -v "^$" FileName1 > FileName2
 
'''Remove Comments and Whitespace'''
grep -v '#\|^$' FileName > FileName2

== List File/Directory Size ==
du = List the size of a file or Directory 
''Basic usage: du -hs <file or dir>'' 
''Usefull du options:''
-h = human readable
-s = summarize (Display only total for each arguement)

== File Comptession (tar) ==

''Basic usage''

''to create a tar archive:''
tar -pcvzf filename.tgz directory1/ directory2/

''to extract an archive''
tar -xvzf filename.tgz -C destination_directory/

''Usefull tar options:''
-x = extract
-c = create
-v = verbose (displays whats being archived or extracted on screen)
-j = use BZip format (.tar.bz2)
-z = use GZip format (.tar.gz or .tgz)
-p = Preserve file permissions
-f = File
-M = Multi-Volume
-L = Tape Length (or --tape-length=) accepts values in Kb. Size = value x 1024

'''Span Multiple Files Example'''
This will create multiple files 100MB in size (100 x 1024 = 102400)
tar -c -M -L=102400 --file=filename.part1.tar largefile.to.split.iso
 
When the first part is complete you will be presented a prompt like this:
Prepare Volume #2 for 'filename.part1.tar' and hit return:
 
To tell Tar that we want to continue with a new file we enter this:
n filename.part2.tar
 
Now you will be presented this prompt:
Prepare Volume #2 for 'filename.part2.tar' and hit return:
Notice the filename was accepted ''filename.part2.tar'. Now just press ''return''
 
 
To Extract spanned tar files do this:
tar -x -M --file=filename.part1.tar largefile.that.was.split.iso
 
You will be prompted with this:
Prepare volume #2 for filename.part1.tar and hit return: n filename.part2.tar
Prepare volume #2 for filename.part2.tar and hit return:
Now Press Retuen.
Thats it.

== Symbolic Links (symlinks) ==
ln -s path/to/target linkname
or if the linkname is going to be the same as the source filename then
ln -s path/to/target
This would create a symlink named target that would point to path/to/target ( target -> path/to/target ) 
Note: This also works for directories.

== Find ==
Find all conf files on your system
find / -iname "*.conf"

Find files who haven't been modified in 1 year
find / -type f -mtime +356 -print0

-mtime = modified time
-print0 = needed to display files containing white space
-type f = files (not directories)

Find old files who haven't been modified in the past 2 years and display their total disk usage
find / -type f -mtime 730 -print0 | du --files0-from=- -hc | tail -n1

== Turn off Linux Case Sensitivity ==
shopt -u nocasematch

shopt -s nocasematch

== List Files/Directories by access time (atime) ==
ls -l --time=atime

== Create Disk Image ==
Create an image from a USB drive (at /dev/sdb)
dd if=/dev/sdb of=~/disk.img bs=512

Create a compressed image from a USB drive (truncating unused space on the USB)
dd if=/dev/sdb | gzip > ~/disk.img.gz

More to come...

[[Category:Linux]]

MacOS Create Bootable USB

2025-01-07T09:06:16Z

Ledhed: Created page with "== Overview == This article will provide steps on how to create a bootable USB stick for bare metal installations of MacOS. == Download OS == === Browser/App Store === From..."

== Overview ==
This article will provide steps on how to create a bootable USB stick for bare metal installations of MacOS.

== Download OS ==
=== Browser/App Store ===
From a Mac, open Safari and browse to
https://support.apple.com/en-us/102662#appstore
Click the link for the OS version supported by your hardware.
This will likely open the App Store, click [Get] and you'll be presented with an option to download (or possibly upgrade).

=== Terminal ===
Open a terminal and navigate to your Downloads folder.
Show available installers for your hardware:
softwareupdate --list-full-installer
You'll see a list of installers, make note of the version number you'd like to download.
Finding available software
Software Update found the following full installers:
* Title: macOS Monterey, Version: 12.7.4, Size: 12117810KiB, Build: 21H1123
* Title: macOS Big Sur, Version: 11.7.10, Size: 12125478KiB, Build: 20G1427
* Title: macOS Catalina, Version: 10.15.7, Size: 8055650KiB, Build: 19H15

Grab the version number and run this command:
softwareupdate --fetch-full-installer --full-installer-version 12.7.4

== Create Media ==

== Command Line Tools ==
softwareupdate --list-full-installer

softwareupdate --fetch-full-installer

== Reference ==
https://geekschalk.com/how-to-download-macos-installers-for-new-old-versions/

https://support.apple.com/en-us/102662

https://support.apple.com/en-us/101578

[[Category:MacOS]]

Category:MacOS

2025-01-07T08:20:17Z

Ledhed:

https://apple.com

[[Category:Apple]]

Windows Service Permissions

2024-04-04T07:13:41Z

Ledhed:

== Overview ==
Sometimes you need to grant a non-administrative user or group access to manage the state of a Windows service.

== DISCLAIMER ==

This article uses some advanced administration steps. Any mistakes could put your service or system in an inoperable state. 
Sanity check the steps below, I tend to paraphrase so use your best judgment. If you're unsure of what this article is doing, DON'T DO IT! 
'' '''I AM NOT RESPONSIBLE FOR ANY DAMAGE YOU MAY CAUSE BY FOLLOWING THIS ARTICLE!''' ''


== Security Templates Snap-In ==
* Open MMC.exe as administrator
* Add Snap-In 'Security Templates'
* Right click -> 'New Template'
* Expand the tree and click 'System Services'

Find the service(s) you want to modify permissions on edit. Check [X] Define this policy in the template. Then click the 'Edit Security' button. Add permissions to your liking, click ok when finished.
Right click the Template and click 'Save'

'''''CAUTION: Make sure your permissions at minimum have one account that has 'Full Control', otherwise you'll make it difficult to regain access to the service.'''''

== Security Configuration and Analysis Snap-In ==
While in the elevated MMC.
* Add Snap-In 'Security Configuration and Analysis'
* Right click -> 'Open Database'
* In the file dialog, navigate to the path you'd like to save your new security database, enter a name in the 'File name:' field and click 'Open'
* You should be prompted to select a Security Template to associate to the new DB, select the .inf file from the previous step.
* Right click -> 'Analyze Computer Now...'
* Expand the tree and click 'System Services', you should see a list of services with a red circle in the icon, this indicates deviations form the security template.
* Right click -> 'Configure Computer Now...'
At this point your service permissions should be set. Have the non-admin user test out their new access. If there are any errors, check the Security Configuration logs (probably saved in a log folder in the parent folder of where you saved the Template)

'''''NOTE: When I checked the 'System Services' I got an error saying something to the effect that it couldn't read the template. Fortunately, I did this on a test server so I ignored the error and the service permissions applied just fine. It also pays to have a current backup/snapshot.'''''

== Suggestions ==
* I highly advise using a group for permissions, especially in this scenario. It may be that you only need to grant one user access to restart a service, but if you have to add another (say because the previous user got hit by a bus), you just need to add the new user to the group rather than jump through all the MMC/Security Template nonsense all over again. Spend the extra 30 seconds and do your future self a huge favor.
* Managing permissions on Windows Services are a major pain. I don't know why MS didn't add a security tab to the Services MMC. That said, you should absolutely take a backup/snapshot of the system before making changes to services. If you lock yourself out of a service, reverting a snapshot is way faster than trying to figure out how to re-apply default permissions to a service.

== Reference ==
https://www.scriptinghouse.com/2017/04/set-windows-service-permission-to-non-administrator-accounts.html

[[category:Windows]]

Windows Service Permissions

2024-04-04T07:06:31Z

Ledhed: Created page with "== Overview == Sometimes you need to grant a non-administrative user or group access to manage the state of a Windows service. == Disclaimer == The following article are my..."

== Overview ==
Sometimes you need to grant a non-administrative user or group access to manage the state of a Windows service.

== Disclaimer ==
The following article are my personal notes, if you choose to follow this article you do so at your own risk. I take no responsibility for the outcomes from following these steps!

== Security Templates Snap-In ==
* Open MMC.exe as administrator
* Add Snap-In 'Security Templates'
* Right click -> 'New Template'
* Expand the tree and click 'System Services'

Find the service(s) you want to modify permissions on edit. Check [X] Define this policy in the template. Then click the 'Edit Security' button. Add permissions to your liking, click ok when finished.
Right click the Template and click 'Save'

'''''CAUTION: Make sure your permissions at minimum have one account that has 'Full Control', otherwise you'll make it difficult to regain access to the service.'''''

== Security Configuration and Analysis Snap-In ==
While in the elevated MMC.
* Add Snap-In 'Security Configuration and Analysis'
* Right click -> 'Open Database'
* In the file dialog, navigate to the path you'd like to save your new security database, enter a name in the 'File name:' field and click 'Open'
* You should be prompted to select a Security Template to associate to the new DB, select the .inf file from the previous step.
* Right click -> 'Analyze Computer Now...'
* Expand the tree and click 'System Services', you should see a list of services with a red circle in the icon, this indicates deviations form the security template.
* Right click -> 'Configure Computer Now...'
At this point your service permissions should be set. Have the non-admin user test out their new access. If there are any errors, check the Security Configuration logs (probably saved in a log folder in the parent folder of where you saved the Template)

'''''NOTE: When I checked the 'System Services' I got an error saying something to the effect that it couldn't read the template. Fortunately, I did this on a test server so I ignored the error and the service permissions applied just fine. It also pays to have a current backup/snapshot.'''''

== Suggestions ==
* I highly advise using a group for permissions, especially in this scenario. It may be that you only need to grant one user access to restart a service, but if you have to add another (say because the previous user got hit by a bus), you just need to add the new user to the group rather than jump through all the MMC/Security Template nonsense all over again. Spend the extra 30 seconds and do your future self a huge favor.
* Managing permissions on Windows Services are a major pain. I don't know why MS didn't add a security tab to the Services MMC. That said, you should absolutely take a backup/snapshot of the system before making changes to services. If you lock yourself out of a service, reverting a snapshot is way faster than trying to figure out how to re-apply default permissions to a service.

== Reference ==
https://www.scriptinghouse.com/2017/04/set-windows-service-permission-to-non-administrator-accounts.html

[[category:Windows]]

Timedatectl

2023-12-14T07:52:35Z

Ledhed:

== Overview ==
I always forget how to check NTP sync status on systems that use systemd.

== timedatectl ==
=== Status ===
timedatectl

=== Show last synced server ===
timedatectl timesync-status

== Reference ==
https://man7.org/linux/man-pages/man1/timedatectl.1.html
https://www.server-world.info/en/note?os=Ubuntu_22.04&p=ntp&f=3

[[Category:Linux]]

Raspberry Pi NUT Server

2023-10-19T10:50:11Z

Ledhed: /* Example upsd.users */

== Overview ==
NUT is an OpenSource tool that can monitor an extensive list of UPS devices. Often times UPS manufactures charge an extremely high cost for their network monitoring / SNMP cards. NUT running on a Raspberry Pi or other inexpensive SBC can be a cost effective way to monitor an UPS and performed network wide graceful shutdown in the event of a power failure.

== Prerequisites ==
* Raspberry Pi or other SBC running a Debian based distro
* NUT Compatible UPS (see: [https://networkupstools.org/stable-hcl.html NUT-HCL])
* USB (or Serial to USB) connection to the Raspberry Pi
* Network Connectivity (Wired or Wireless depending on RPi Model).

== Installation ==
=== Update the software package list ===
sudo apt update
sudo apt upgrade

=== Install NUT ===
sudo apt install nut

== Server Configuration ==
=== Configuration Files ===
NUT is broken into two services: nut-server and nut-monitor. The configuration files for these services are located here:
/etc/nut/

=== ups.conf ===
This is the configuration file for the UPS hardware. Here is where you specify the Driver, Make, and Model of the UPS.

==== Obtaining the VendorID and ProductID ====
You will need this information before editing ups.conf.
lsusb

Bus 001 Device 004: ID 0764:0601 Cyber Power System, Inc. PR1500LCDRT2U UPS
In this case the '''ID''' field is '''0764:0601''' and this translates to '''<VendorID>:<ProductID>'''.

==== Example ups.conf ====
[ups1]
driver = usbhid-ups
port = auto
vendor = "CyberPowerPC PR1500LCDRT2U"
vendorid = 0764
productid = 0601
pollinterval = 1
bus = "001"

=== upsd.conf ===
This file tells the UPS service what IP & Port to listen on.
==== Example upsd.conf ====
LISTEN 127.0.0.1 3493 # Listen on localhost
LISTEN 192.168.69.69 3493 # Listen on the LAN

=== upsd.users ===
This file contains the list of users that can access NUT services.

==== Security ====
Its important to note that this file contains '''clear text passwords!''' So you should take steps to restrict read access to this file. For example, set it to only be readable by the root user.
chown root.root /etc/nut/upsd.users
chmod 600 /etc/nut/upsd.users

==== Example upsd.users ====
[upsmon_master]
password = <MASTER_PASSWORD_HERE>
actions = SET
instcmds = ALL
upsmon master
[upsmon_remote]
password = <SLAVE_PASSWORD_HERE>
upsmon slave

=== upsmon.conf ===
This file tells the nut-monitor which users can access the monitoring service. It essentially maps the user you created in the previous step to an Access Control List which tells the monitoring service which users can connect from which hosts on your network.

==== Security ====
Its important to note that this file contains '''clear text passwords!''' So you should take steps to restrict read access to this file. For example, set it to only be readable by the root user.
chown root.root /etc/nut/upsmon.conf
chmod 600 /etc/nut/upsmon.conf

==== Example upsmon.conf ====
MONITOR ups1@localhost 1 upsmon_master <MASTER_PASSWORD_HERE> master
'''Note: You'll likely have more than one line if you have remote clients connecting to this NUT server (which is really the whole point).'''

=== nut.conf ===
This file defines the type of role this installation of NUT will be performing.
==== Example nut.conf ====
MODE=netserver

== Client Configuration ==

== Other ==
[NUT Client for ESXi]

== References ==
https://www.networkshinobi.com/raspberry-pi-as-ups-server-via-the-nut/

https://haefelfinger.org/posts/2019/2019-11-20-using-network-ups-tools-and-mosquitto-part1/

[[Category:NUT]]

Raspberry Pi NUT Server

2023-10-19T10:49:53Z

Ledhed: /* Example ups.conf */

Kerberos and CNAMEs

2023-06-30T04:59:46Z

Ledhed:

== Overview ==
By default Kerberos authentication will fail when accessing a server using a DNS Alias / CNAME.

== Solution ==
Create an alias for the host in Active Directory using the 'netdom' command:
netdom computername <FQDN> /Add:<ALIAS>

Example: 
Server's FQDN = FileServer-01.domain.tld 
CNAME/Alias = FS1.domain.tld 
netdom computername FileServer-01.domain.tld /Add:FS1.domain.tld

The netdom command registers a SPN for the server using the provided alias.

== References ==
https://serverfault.com/questions/481289/will-kerberos-work-with-cnames-if-i-have-the-spn-created-for-the-a-record-as-wel

[[Category:Active Directory]]

Kerberos and CNAMEs

2023-06-30T04:57:58Z

Ledhed: Created page with "== Overview == By default Kerberos authentication will fail when accessing a server using a DNS Alias / CNAME. == Solution == Create an alias for the host in Active Director..."

== Overview ==
By default Kerberos authentication will fail when accessing a server using a DNS Alias / CNAME.

== Solution ==
Create an alias for the host in Active Directory using the 'netdom' command:
netdom computername <FQDN> /Add:<ALIAS>

Example: 
Server's FQDN = FileServer-01.domain.tld 
CNAME/Alias = FS1.domain.tld 
netdom computername FileServer-01.domain.tld /Add:FS1.domain.tld

== References ==
https://serverfault.com/questions/481289/will-kerberos-work-with-cnames-if-i-have-the-spn-created-for-the-a-record-as-wel

[[Category:Active Directory]]

Ecowitt GW1000

2023-04-10T08:57:25Z

Ledhed:

== Overview ==
The Ecowitt GW1000 is a weather gateway capable of receiving data from weather instruments via Radio Frequency and then rebroadcasts that data via IP.

== WSView App ==
In order to configure the GW1000 you need to install the WSView app on a mobile device. Then put your mobile device on the same WiFi network as the GW1000.

=== Ecowitt Protocol ===
In the WSView app click 'More' in the upper right and click 'Weather Services' then next your way to 'Customized'. Enable the custom weather service, set the protocol to 'Ecowitt' and enter your server's IP & Port information. Save.

== WeeWX Integration ==
# Install WeeWX
# Install the [https://github.com/matthewwall/weewx-interceptor weewx-interceptor driver]
# Configure WeeWX to use the 'Interceptor Driver'
# Edit '''/etc/weewx/weewx.conf''' and add the following:
[Interceptor]
driver = user.interceptor
device_type = ecowitt-client
address = 10.11.12.13
port = 8080
''Note: Enter your own IP and Port''

== Local API ==
You can grab live weather data in JSON format directly from the GW1000 through this URL: 
<nowiki>http://<GW1000-IP-ADDRESS>/get_livedata_info</nowiki>

Here is a table to translate the byte balues to sensor type
# command_byte : (type, device, data_length)
0x01: ('temperature', 'indoor', 2)
0x02: ('temperature', 'outdoor', 2)
0x03: ('ignore', 'dewpoint', 2)
0x04: ('ignore', 'windchill', 2)
0x05: ('ignore', 'heatindex', 2)
0x06: ('humidity', 'indoor', 1)
0x07: ('humidity', 'outdoor', 1)
0x08: ('pressure_absolute', 'indoor', 2)
0x09: ('pressure_relative', 'indoor', 2)
0x0a: ('ignore', 'winddir', 2)
0x0b: ('ignore', 'windspeed', 2)
0x0c: ('ignore', 'gustspeed', 2)
0x0d: ('ignore', 't_rainevent', 2)
0x0e: ('ignore', 't_rainrate', 2)
0x0f: ('ignore', 't_raingain', 2)
0x10: ('ignore', 't_rainday', 2)
0x11: ('ignore', 't_rainweek', 2)
0x12: ('ignore', 't_rainmonth', 4)
0x13: ('ignore', 't_rainyear', 4)
0x14: ('ignore', 't_raintotals', 4)
0x15: ('ignore', 'light', 4)
0x16: ('ignore', 'uv', 2)
0x17: ('ignore', 'uvi', 1)
0x18: ('ignore', 'datetime', 6)
0x19: ('ignore', 'daymaxwind', 2)
0x1a: ('temperature', 'channel_1', 2)
0x1b: ('temperature', 'channel_2', 2)
0x1c: ('temperature', 'channel_3', 2)
0x1d: ('temperature', 'channel_4', 2)
0x1e: ('temperature', 'channel_5', 2)
0x1f: ('temperature', 'channel_6', 2)
0x20: ('temperature', 'channel_7', 2)
0x21: ('temperature', 'channel_8', 2)
0x22: ('humidity', 'channel_1', 1)
0x23: ('humidity', 'channel_2', 1)
0x24: ('humidity', 'channel_3', 1)
0x25: ('humidity', 'channel_4', 1)
0x26: ('humidity', 'channel_5', 1)
0x27: ('humidity', 'channel_6', 1)
0x28: ('humidity', 'channel_7', 1)
0x29: ('humidity', 'channel_8', 1)
0x2a: ('ignore', 'pm251', 2)
0x2b: ('ignore', 'soiltemp1', 2)
0x2c: ('moisture', 'soil_1', 1)
0x2d: ('ignore', 'soiltemp2', 2)
0x2e: ('moisture', 'soil_2', 1)
0x2f: ('ignore', 'soiltemp3', 2)
0x30: ('moisture', 'soil_3', 1)
0x31: ('ignore', 'soiltemp4', 2)
0x32: ('moisture', 'soil_4', 1)
0x33: ('ignore', 'soiltemp5', 2)
0x34: ('moisture', 'soil_5', 1)
0x35: ('ignore', 'soiltemp6', 2)
0x36: ('moisture', 'soil_6', 1)
0x37: ('ignore', 'soiltemp7', 2)
0x38: ('moisture', 'soil_7', 1)
0x39: ('ignore', 'soiltemp8', 2)
0x3a: ('moisture', 'soil_8', 1)
0x3b: ('ignore', 'soiltemp9', 2)
0x3c: ('moisture', 'soil_9', 1)
0x3d: ('ignore', 'soiltemp10', 2)
0x3e: ('moisture', 'soil_10', 1)
0x3f: ('ignore', 'soiltemp11', 2)
0x40: ('moisture', 'soil_11', 1)
0x41: ('ignore', 'soiltemp12', 2)
0x42: ('moisture', 'soil_12', 1)
0x43: ('ignore', 'soiltemp13', 2)
0x44: ('moisture', 'soil_13', 1)
0x45: ('ignore', 'soiltemp14', 2)
0x46: ('moisture', 'soil_14', 1)
0x47: ('ignore', 'soiltemp15', 2)
0x48: ('moisture', 'soil_15', 1)
0x49: ('ignore', 'soiltemp16', 2)
0x4a: ('moisture', 'soil_16', 1)
0x4c: ('ignore', 'lowbatt', 16)
0x4d: ('ignore', 'pm251_24h_avg', 2)
0x4e: ('ignore', 'pm252_24h_avg', 2)
0x4f: ('ignore', 'pm253_24h_avg', 2)
0x50: ('ignore', 'pm254_24h_avg', 2)
0x51: ('ignore', 'pm252', 2)
0x52: ('ignore', 'pm253', 2)
0x53: ('ignore', 'pm254', 2)
0x58: ('ignore', 'leak1', 1)
0x59: ('ignore', 'leak2', 1)
0x5a: ('ignore', 'leak3', 1)
0x5b: ('ignore', 'leak4', 1)
0x60: ('ignore', 'lightningdist', 1)
0x61: ('ignore', 'lightningdettime', 4)
0x62: ('ignore', 'lightningcount', 4)
0x63: ('ignore', 'temp9', 3)
0x64: ('ignore', 'temp10', 3)
0x65: ('ignore', 'temp11', 3)
0x66: ('ignore', 'temp12', 3)
0x67: ('ignore', 'temp13', 3)
0x68: ('ignore', 'temp14', 3)
0x69: ('ignore', 'temp15', 3)
0x6a: ('ignore', 'temp16', 3)
0x70: ('ignore', 'wh45_data', 16)
0x72: ('ignore', 'leafwet1', 1)
0x73: ('ignore', 'leafwet2', 1)
0x74: ('ignore', 'leafwet3', 1)
0x75: ('ignore', 'leafwet4', 1)
0x76: ('ignore', 'leafwet5', 1)
0x77: ('ignore', 'leafwet6', 1)
0x78: ('ignore', 'leafwet7', 1)
0x79: ('ignore', 'leafwet8', 1)

''Note: you might need a firmware update for this URL to become available.''

== Ecowitt Relay ==
In the off chance that you want to relay the Ecowitt data to multiple endpoints check out the FOSHKplugin
https://loxwiki.atlassian.net/wiki/spaces/LOXBERRY/pages/1252524456/FOSHKplugin+-+generic+version#Installation
It claims to be able to rebroadcast the Ecowitt data to multiple endpoints, meaning you could have it relay the data to WeeWx, Home Assistant, and maybe a smart sprinkler.

== Reference ==
https://github.com/matthewwall/weewx-interceptor

http://www.ecowitt.com/wifi_weather/80.html

http://weewx.com

https://blog.meteodrenthe.nl/2023/02/03/how-to-use-the-ecowitt-gateway-gw1000-gw1100-local-api/

https://github.com/bmrzycki/gw1000-http/blob/main/gw1000-http

[[Category:WeeWX]]

Ecowitt GW1000

2023-04-06T08:29:26Z

Ledhed:

== Overview ==
The Ecowitt GW1000 is a weather gateway capable of receiving data from weather instruments via Radio Frequency and then rebroadcasts that data via IP.

== WSView App ==
In order to configure the GW1000 you need to install the WSView app on a mobile device. Then put your mobile device on the same WiFi network as the GW1000.

=== Ecowitt Protocol ===
In the WSView app click 'More' in the upper right and click 'Weather Services' then next your way to 'Customized'. Enable the custom weather service, set the protocol to 'Ecowitt' and enter your server's IP & Port information. Save.

== WeeWX Integration ==
# Install WeeWX
# Install the [https://github.com/matthewwall/weewx-interceptor weewx-interceptor driver]
# Configure WeeWX to use the 'Interceptor Driver'
# Edit '''/etc/weewx/weewx.conf''' and add the following:
[Interceptor]
driver = user.interceptor
device_type = ecowitt-client
address = 10.11.12.13
port = 8080
''Note: Enter your own IP and Port''

== Local API ==
You can grab live weather data in JSON format directly from the GW1000 through this URL: 
<nowiki>http://<GW1000-IP-ADDRESS>/get_livedata_info</nowiki>

Here is a table to translate the byte balues to sensor type
# command_byte : (type, device, data_length)
0x01: ('temperature', 'indoor', 2)
0x02: ('temperature', 'outdoor', 2)
0x03: ('ignore', 'dewpoint', 2)
0x04: ('ignore', 'windchill', 2)
0x05: ('ignore', 'heatindex', 2)
0x06: ('humidity', 'indoor', 1)
0x07: ('humidity', 'outdoor', 1)
0x08: ('pressure_absolute', 'indoor', 2)
0x09: ('pressure_relative', 'indoor', 2)
0x0a: ('ignore', 'winddir', 2)
0x0b: ('ignore', 'windspeed', 2)
0x0c: ('ignore', 'gustspeed', 2)
0x0d: ('ignore', 't_rainevent', 2)
0x0e: ('ignore', 't_rainrate', 2)
0x0f: ('ignore', 't_raingain', 2)
0x10: ('ignore', 't_rainday', 2)
0x11: ('ignore', 't_rainweek', 2)
0x12: ('ignore', 't_rainmonth', 4)
0x13: ('ignore', 't_rainyear', 4)
0x14: ('ignore', 't_raintotals', 4)
0x15: ('ignore', 'light', 4)
0x16: ('ignore', 'uv', 2)
0x17: ('ignore', 'uvi', 1)
0x18: ('ignore', 'datetime', 6)
0x19: ('ignore', 'daymaxwind', 2)
0x1a: ('temperature', 'channel_1', 2)
0x1b: ('temperature', 'channel_2', 2)
0x1c: ('temperature', 'channel_3', 2)
0x1d: ('temperature', 'channel_4', 2)
0x1e: ('temperature', 'channel_5', 2)
0x1f: ('temperature', 'channel_6', 2)
0x20: ('temperature', 'channel_7', 2)
0x21: ('temperature', 'channel_8', 2)
0x22: ('humidity', 'channel_1', 1)
0x23: ('humidity', 'channel_2', 1)
0x24: ('humidity', 'channel_3', 1)
0x25: ('humidity', 'channel_4', 1)
0x26: ('humidity', 'channel_5', 1)
0x27: ('humidity', 'channel_6', 1)
0x28: ('humidity', 'channel_7', 1)
0x29: ('humidity', 'channel_8', 1)
0x2a: ('ignore', 'pm251', 2)
0x2b: ('ignore', 'soiltemp1', 2)
0x2c: ('moisture', 'soil_1', 1)
0x2d: ('ignore', 'soiltemp2', 2)
0x2e: ('moisture', 'soil_2', 1)
0x2f: ('ignore', 'soiltemp3', 2)
0x30: ('moisture', 'soil_3', 1)
0x31: ('ignore', 'soiltemp4', 2)
0x32: ('moisture', 'soil_4', 1)
0x33: ('ignore', 'soiltemp5', 2)
0x34: ('moisture', 'soil_5', 1)
0x35: ('ignore', 'soiltemp6', 2)
0x36: ('moisture', 'soil_6', 1)
0x37: ('ignore', 'soiltemp7', 2)
0x38: ('moisture', 'soil_7', 1)
0x39: ('ignore', 'soiltemp8', 2)
0x3a: ('moisture', 'soil_8', 1)
0x3b: ('ignore', 'soiltemp9', 2)
0x3c: ('moisture', 'soil_9', 1)
0x3d: ('ignore', 'soiltemp10', 2)
0x3e: ('moisture', 'soil_10', 1)
0x3f: ('ignore', 'soiltemp11', 2)
0x40: ('moisture', 'soil_11', 1)
0x41: ('ignore', 'soiltemp12', 2)
0x42: ('moisture', 'soil_12', 1)
0x43: ('ignore', 'soiltemp13', 2)
0x44: ('moisture', 'soil_13', 1)
0x45: ('ignore', 'soiltemp14', 2)
0x46: ('moisture', 'soil_14', 1)
0x47: ('ignore', 'soiltemp15', 2)
0x48: ('moisture', 'soil_15', 1)
0x49: ('ignore', 'soiltemp16', 2)
0x4a: ('moisture', 'soil_16', 1)
0x4c: ('ignore', 'lowbatt', 16)
0x4d: ('ignore', 'pm251_24h_avg', 2)
0x4e: ('ignore', 'pm252_24h_avg', 2)
0x4f: ('ignore', 'pm253_24h_avg', 2)
0x50: ('ignore', 'pm254_24h_avg', 2)
0x51: ('ignore', 'pm252', 2)
0x52: ('ignore', 'pm253', 2)
0x53: ('ignore', 'pm254', 2)
0x58: ('ignore', 'leak1', 1)
0x59: ('ignore', 'leak2', 1)
0x5a: ('ignore', 'leak3', 1)
0x5b: ('ignore', 'leak4', 1)
0x60: ('ignore', 'lightningdist', 1)
0x61: ('ignore', 'lightningdettime', 4)
0x62: ('ignore', 'lightningcount', 4)
0x63: ('ignore', 'temp9', 3)
0x64: ('ignore', 'temp10', 3)
0x65: ('ignore', 'temp11', 3)
0x66: ('ignore', 'temp12', 3)
0x67: ('ignore', 'temp13', 3)
0x68: ('ignore', 'temp14', 3)
0x69: ('ignore', 'temp15', 3)
0x6a: ('ignore', 'temp16', 3)
0x70: ('ignore', 'wh45_data', 16)
0x72: ('ignore', 'leafwet1', 1)
0x73: ('ignore', 'leafwet2', 1)
0x74: ('ignore', 'leafwet3', 1)
0x75: ('ignore', 'leafwet4', 1)
0x76: ('ignore', 'leafwet5', 1)
0x77: ('ignore', 'leafwet6', 1)
0x78: ('ignore', 'leafwet7', 1)
0x79: ('ignore', 'leafwet8', 1)

''Note: you might need a firmware update for this URL to become available.''

== Reference ==
https://github.com/matthewwall/weewx-interceptor

http://www.ecowitt.com/wifi_weather/80.html

http://weewx.com

https://blog.meteodrenthe.nl/2023/02/03/how-to-use-the-ecowitt-gateway-gw1000-gw1100-local-api/

https://github.com/bmrzycki/gw1000-http/blob/main/gw1000-http

[[Category:WeeWX]]

Ecowitt GW1000

2023-04-06T08:27:21Z

Ledhed:

== Overview ==
The Ecowitt GW1000 is a weather gateway capable of receiving data from weather instruments via Radio Frequency and then rebroadcasts that data via IP.

== WSView App ==
In order to configure the GW1000 you need to install the WSView app on a mobile device. Then put your mobile device on the same WiFi network as the GW1000.

=== Ecowitt Protocol ===
In the WSView app click 'More' in the upper right and click 'Weather Services' then next your way to 'Customized'. Enable the custom weather service, set the protocol to 'Ecowitt' and enter your server's IP & Port information. Save.

== WeeWX Integration ==
# Install WeeWX
# Install the [https://github.com/matthewwall/weewx-interceptor weewx-interceptor driver]
# Configure WeeWX to use the 'Interceptor Driver'
# Edit '''/etc/weewx/weewx.conf''' and add the following:
[Interceptor]
driver = user.interceptor
device_type = ecowitt-client
address = 10.11.12.13
port = 8080
''Note: Enter your own IP and Port''

== Local API ==
You can grab live weather data in JSON format directly from the GW1000 through this URL: 
http://<GW1000-IP-ADDRESS>/get_livedata_info

Here is a table to translate the byte balues to sensor type
# command_byte : (type, device, data_length)
0x01: ('temperature', 'indoor', 2)
0x02: ('temperature', 'outdoor', 2)
0x03: ('ignore', 'dewpoint', 2)
0x04: ('ignore', 'windchill', 2)
0x05: ('ignore', 'heatindex', 2)
0x06: ('humidity', 'indoor', 1)
0x07: ('humidity', 'outdoor', 1)
0x08: ('pressure_absolute', 'indoor', 2)
0x09: ('pressure_relative', 'indoor', 2)
0x0a: ('ignore', 'winddir', 2)
0x0b: ('ignore', 'windspeed', 2)
0x0c: ('ignore', 'gustspeed', 2)
0x0d: ('ignore', 't_rainevent', 2)
0x0e: ('ignore', 't_rainrate', 2)
0x0f: ('ignore', 't_raingain', 2)
0x10: ('ignore', 't_rainday', 2)
0x11: ('ignore', 't_rainweek', 2)
0x12: ('ignore', 't_rainmonth', 4)
0x13: ('ignore', 't_rainyear', 4)
0x14: ('ignore', 't_raintotals', 4)
0x15: ('ignore', 'light', 4)
0x16: ('ignore', 'uv', 2)
0x17: ('ignore', 'uvi', 1)
0x18: ('ignore', 'datetime', 6)
0x19: ('ignore', 'daymaxwind', 2)
0x1a: ('temperature', 'channel_1', 2)
0x1b: ('temperature', 'channel_2', 2)
0x1c: ('temperature', 'channel_3', 2)
0x1d: ('temperature', 'channel_4', 2)
0x1e: ('temperature', 'channel_5', 2)
0x1f: ('temperature', 'channel_6', 2)
0x20: ('temperature', 'channel_7', 2)
0x21: ('temperature', 'channel_8', 2)
0x22: ('humidity', 'channel_1', 1)
0x23: ('humidity', 'channel_2', 1)
0x24: ('humidity', 'channel_3', 1)
0x25: ('humidity', 'channel_4', 1)
0x26: ('humidity', 'channel_5', 1)
0x27: ('humidity', 'channel_6', 1)
0x28: ('humidity', 'channel_7', 1)
0x29: ('humidity', 'channel_8', 1)
0x2a: ('ignore', 'pm251', 2)
0x2b: ('ignore', 'soiltemp1', 2)
0x2c: ('moisture', 'soil_1', 1)
0x2d: ('ignore', 'soiltemp2', 2)
0x2e: ('moisture', 'soil_2', 1)
0x2f: ('ignore', 'soiltemp3', 2)
0x30: ('moisture', 'soil_3', 1)
0x31: ('ignore', 'soiltemp4', 2)
0x32: ('moisture', 'soil_4', 1)
0x33: ('ignore', 'soiltemp5', 2)
0x34: ('moisture', 'soil_5', 1)
0x35: ('ignore', 'soiltemp6', 2)
0x36: ('moisture', 'soil_6', 1)
0x37: ('ignore', 'soiltemp7', 2)
0x38: ('moisture', 'soil_7', 1)
0x39: ('ignore', 'soiltemp8', 2)
0x3a: ('moisture', 'soil_8', 1)
0x3b: ('ignore', 'soiltemp9', 2)
0x3c: ('moisture', 'soil_9', 1)
0x3d: ('ignore', 'soiltemp10', 2)
0x3e: ('moisture', 'soil_10', 1)
0x3f: ('ignore', 'soiltemp11', 2)
0x40: ('moisture', 'soil_11', 1)
0x41: ('ignore', 'soiltemp12', 2)
0x42: ('moisture', 'soil_12', 1)
0x43: ('ignore', 'soiltemp13', 2)
0x44: ('moisture', 'soil_13', 1)
0x45: ('ignore', 'soiltemp14', 2)
0x46: ('moisture', 'soil_14', 1)
0x47: ('ignore', 'soiltemp15', 2)
0x48: ('moisture', 'soil_15', 1)
0x49: ('ignore', 'soiltemp16', 2)
0x4a: ('moisture', 'soil_16', 1)
0x4c: ('ignore', 'lowbatt', 16)
0x4d: ('ignore', 'pm251_24h_avg', 2)
0x4e: ('ignore', 'pm252_24h_avg', 2)
0x4f: ('ignore', 'pm253_24h_avg', 2)
0x50: ('ignore', 'pm254_24h_avg', 2)
0x51: ('ignore', 'pm252', 2)
0x52: ('ignore', 'pm253', 2)
0x53: ('ignore', 'pm254', 2)
0x58: ('ignore', 'leak1', 1)
0x59: ('ignore', 'leak2', 1)
0x5a: ('ignore', 'leak3', 1)
0x5b: ('ignore', 'leak4', 1)
0x60: ('ignore', 'lightningdist', 1)
0x61: ('ignore', 'lightningdettime', 4)
0x62: ('ignore', 'lightningcount', 4)
0x63: ('ignore', 'temp9', 3)
0x64: ('ignore', 'temp10', 3)
0x65: ('ignore', 'temp11', 3)
0x66: ('ignore', 'temp12', 3)
0x67: ('ignore', 'temp13', 3)
0x68: ('ignore', 'temp14', 3)
0x69: ('ignore', 'temp15', 3)
0x6a: ('ignore', 'temp16', 3)
0x70: ('ignore', 'wh45_data', 16)
0x72: ('ignore', 'leafwet1', 1)
0x73: ('ignore', 'leafwet2', 1)
0x74: ('ignore', 'leafwet3', 1)
0x75: ('ignore', 'leafwet4', 1)
0x76: ('ignore', 'leafwet5', 1)
0x77: ('ignore', 'leafwet6', 1)
0x78: ('ignore', 'leafwet7', 1)
0x79: ('ignore', 'leafwet8', 1)

''Note: you might need a firmware update for this URL to become available.''

== Reference ==
https://github.com/matthewwall/weewx-interceptor

http://www.ecowitt.com/wifi_weather/80.html

http://weewx.com

https://blog.meteodrenthe.nl/2023/02/03/how-to-use-the-ecowitt-gateway-gw1000-gw1100-local-api/

https://github.com/bmrzycki/gw1000-http/blob/main/gw1000-http

[[Category:WeeWX]]

Ecowitt GW1000

2023-04-06T08:27:00Z

Ledhed:

== Overview ==
The Ecowitt GW1000 is a weather gateway capable of receiving data from weather instruments via Radio Frequency and then rebroadcasts that data via IP.

== WSView App ==
In order to configure the GW1000 you need to install the WSView app on a mobile device. Then put your mobile device on the same WiFi network as the GW1000.

=== Ecowitt Protocol ===
In the WSView app click 'More' in the upper right and click 'Weather Services' then next your way to 'Customized'. Enable the custom weather service, set the protocol to 'Ecowitt' and enter your server's IP & Port information. Save.

== WeeWX Integration ==
# Install WeeWX
# Install the [https://github.com/matthewwall/weewx-interceptor weewx-interceptor driver]
# Configure WeeWX to use the 'Interceptor Driver'
# Edit '''/etc/weewx/weewx.conf''' and add the following:
[Interceptor]
driver = user.interceptor
device_type = ecowitt-client
address = 10.11.12.13
port = 8080
''Note: Enter your own IP and Port''

== Local API ==
You can grab live weather data in JSON format directly from the GW1000 through this URL:
http://<GW1000-IP-ADDRESS>/get_livedata_info

Here is a table to translate the byte balues to sensor type
# command_byte : (type, device, data_length)
0x01: ('temperature', 'indoor', 2)
0x02: ('temperature', 'outdoor', 2)
0x03: ('ignore', 'dewpoint', 2)
0x04: ('ignore', 'windchill', 2)
0x05: ('ignore', 'heatindex', 2)
0x06: ('humidity', 'indoor', 1)
0x07: ('humidity', 'outdoor', 1)
0x08: ('pressure_absolute', 'indoor', 2)
0x09: ('pressure_relative', 'indoor', 2)
0x0a: ('ignore', 'winddir', 2)
0x0b: ('ignore', 'windspeed', 2)
0x0c: ('ignore', 'gustspeed', 2)
0x0d: ('ignore', 't_rainevent', 2)
0x0e: ('ignore', 't_rainrate', 2)
0x0f: ('ignore', 't_raingain', 2)
0x10: ('ignore', 't_rainday', 2)
0x11: ('ignore', 't_rainweek', 2)
0x12: ('ignore', 't_rainmonth', 4)
0x13: ('ignore', 't_rainyear', 4)
0x14: ('ignore', 't_raintotals', 4)
0x15: ('ignore', 'light', 4)
0x16: ('ignore', 'uv', 2)
0x17: ('ignore', 'uvi', 1)
0x18: ('ignore', 'datetime', 6)
0x19: ('ignore', 'daymaxwind', 2)
0x1a: ('temperature', 'channel_1', 2)
0x1b: ('temperature', 'channel_2', 2)
0x1c: ('temperature', 'channel_3', 2)
0x1d: ('temperature', 'channel_4', 2)
0x1e: ('temperature', 'channel_5', 2)
0x1f: ('temperature', 'channel_6', 2)
0x20: ('temperature', 'channel_7', 2)
0x21: ('temperature', 'channel_8', 2)
0x22: ('humidity', 'channel_1', 1)
0x23: ('humidity', 'channel_2', 1)
0x24: ('humidity', 'channel_3', 1)
0x25: ('humidity', 'channel_4', 1)
0x26: ('humidity', 'channel_5', 1)
0x27: ('humidity', 'channel_6', 1)
0x28: ('humidity', 'channel_7', 1)
0x29: ('humidity', 'channel_8', 1)
0x2a: ('ignore', 'pm251', 2)
0x2b: ('ignore', 'soiltemp1', 2)
0x2c: ('moisture', 'soil_1', 1)
0x2d: ('ignore', 'soiltemp2', 2)
0x2e: ('moisture', 'soil_2', 1)
0x2f: ('ignore', 'soiltemp3', 2)
0x30: ('moisture', 'soil_3', 1)
0x31: ('ignore', 'soiltemp4', 2)
0x32: ('moisture', 'soil_4', 1)
0x33: ('ignore', 'soiltemp5', 2)
0x34: ('moisture', 'soil_5', 1)
0x35: ('ignore', 'soiltemp6', 2)
0x36: ('moisture', 'soil_6', 1)
0x37: ('ignore', 'soiltemp7', 2)
0x38: ('moisture', 'soil_7', 1)
0x39: ('ignore', 'soiltemp8', 2)
0x3a: ('moisture', 'soil_8', 1)
0x3b: ('ignore', 'soiltemp9', 2)
0x3c: ('moisture', 'soil_9', 1)
0x3d: ('ignore', 'soiltemp10', 2)
0x3e: ('moisture', 'soil_10', 1)
0x3f: ('ignore', 'soiltemp11', 2)
0x40: ('moisture', 'soil_11', 1)
0x41: ('ignore', 'soiltemp12', 2)
0x42: ('moisture', 'soil_12', 1)
0x43: ('ignore', 'soiltemp13', 2)
0x44: ('moisture', 'soil_13', 1)
0x45: ('ignore', 'soiltemp14', 2)
0x46: ('moisture', 'soil_14', 1)
0x47: ('ignore', 'soiltemp15', 2)
0x48: ('moisture', 'soil_15', 1)
0x49: ('ignore', 'soiltemp16', 2)
0x4a: ('moisture', 'soil_16', 1)
0x4c: ('ignore', 'lowbatt', 16)
0x4d: ('ignore', 'pm251_24h_avg', 2)
0x4e: ('ignore', 'pm252_24h_avg', 2)
0x4f: ('ignore', 'pm253_24h_avg', 2)
0x50: ('ignore', 'pm254_24h_avg', 2)
0x51: ('ignore', 'pm252', 2)
0x52: ('ignore', 'pm253', 2)
0x53: ('ignore', 'pm254', 2)
0x58: ('ignore', 'leak1', 1)
0x59: ('ignore', 'leak2', 1)
0x5a: ('ignore', 'leak3', 1)
0x5b: ('ignore', 'leak4', 1)
0x60: ('ignore', 'lightningdist', 1)
0x61: ('ignore', 'lightningdettime', 4)
0x62: ('ignore', 'lightningcount', 4)
0x63: ('ignore', 'temp9', 3)
0x64: ('ignore', 'temp10', 3)
0x65: ('ignore', 'temp11', 3)
0x66: ('ignore', 'temp12', 3)
0x67: ('ignore', 'temp13', 3)
0x68: ('ignore', 'temp14', 3)
0x69: ('ignore', 'temp15', 3)
0x6a: ('ignore', 'temp16', 3)
0x70: ('ignore', 'wh45_data', 16)
0x72: ('ignore', 'leafwet1', 1)
0x73: ('ignore', 'leafwet2', 1)
0x74: ('ignore', 'leafwet3', 1)
0x75: ('ignore', 'leafwet4', 1)
0x76: ('ignore', 'leafwet5', 1)
0x77: ('ignore', 'leafwet6', 1)
0x78: ('ignore', 'leafwet7', 1)
0x79: ('ignore', 'leafwet8', 1)

''Note: you might need a firmware update for this URL to become available.''

== Reference ==
https://github.com/matthewwall/weewx-interceptor

http://www.ecowitt.com/wifi_weather/80.html

http://weewx.com

https://blog.meteodrenthe.nl/2023/02/03/how-to-use-the-ecowitt-gateway-gw1000-gw1100-local-api/

https://github.com/bmrzycki/gw1000-http/blob/main/gw1000-http

[[Category:WeeWX]]

Ubuntu Resize Disk

2023-02-14T09:11:11Z

Ledhed: Created page with "== Overview == Sometimes you have to resize a VMs disk. This is a fairly trivial process, open the VMs settings, increase the disks size. Go to guest and resize the partition..."

== Overview ==
Sometimes you have to resize a VMs disk. This is a fairly trivial process, open the VMs settings, increase the disks size. Go to guest and resize the partition and filesystem, done! 
What happens if your VM doesn't see the increase in disk size?

== Ubuntu (and probably other flavors of Linux) ==
As root run the following command to initiate a rescan of the disk.
echo 1 >/sys/class/block/sdb/device/rescan

You can verify the size changes by running:
fdisk -l /dev/sdb

You can also grow the partition by running:
growpart /dev/sdb 1
This will grow the first partition to fill the disk

You can also resize the filesystem by running:
resize2fs /dev/sdb1

== Reference ==
https://kerneltalks.com/disk-management/how-to-rescan-disk-in-linux-after-extending-vmware-disk/

[[category:Ubuntu]][[category:Linux]][[category:ESXi]]

MySQL Command Reference

2023-02-07T03:21:12Z

Ledhed:

== Combine 2 fields into one result ==

SELECT CONCAT(fieldname1, fieldname2) FROM table
Example:
SELECT CONCAT(u.first, ' ', u.last) AS name FROM usr_table u

ID | first | last |
-----------------------------
1 | Led | Hed |
2 | Jimmy | Page |

Results:
Name
-----------
Led Hed
Jimmy Page

== Add fixed String to a field ==

SELECT CONCAT(fieldname1, 'fixed string') FROM table
 

== Do not return Duplicates ==

SELECT DISTINCT fieldname FROM table
 

== Return the 'Sum' of all fields selected ==

SELECT SUM(fieldname) FROM table
 

== Round to 2 decimal places ==

SELECT ROUND(fieldname, 2) FROM table
 

== Selects only the field with the highest numerical value ==

SELECT MAX(fieldname) FROM table
 

== Selects the leftmost 4 characters in a field ==

SELECT LEFT(fieldname, 4) FROM table
 

== Select date and format result in MM/DD/YYYY ==

SELECT DATE_FORMAT(fieldname, '%c/%d/%Y') from table

%a Abbreviated weekday name (Sun..Sat)
%b Abbreviated month name (Jan..Dec)
%c Month, numeric (0..12)
%D Day of the month with English suffix (0th, 1st, 2nd, 3rd, â¦)
%d Day of the month, numeric (00..31)
%e Day of the month, numeric (0..31)
%f Microseconds (000000..999999)
%H Hour (00..23)
%h Hour (01..12)
%I Hour (01..12)
%i Minutes, numeric (00..59)
%j Day of year (001..366)
%k Hour (0..23)
%l Hour (1..12)
%M Month name (January..December)
%m Month, numeric (00..12)
%p AM or PM
%r Time, 12-hour (hh:mm:ss followed by AM or PM)
%S Seconds (00..59)
%s Seconds (00..59)
%T Time, 24-hour (hh:mm:ss)
%U Week (00..53), where Sunday is the first day of the week
%u Week (00..53), where Monday is the first day of the week
%V Week (01..53), where Sunday is the first day of the week; used with %X
%v Week (01..53), where Monday is the first day of the week; used with %x
%W Weekday name (Sunday..Saturday)
%w Day of the week (0=Sunday..6=Saturday)
%X Year for the week where Sunday is the first day of the week, numeric, four digits; used with %V
%x Year for the week, where Monday is the first day of the week, numeric, four digits; used with %v
%Y Year, numeric, four digits
%y Year, numeric (two digits)
%% A literal â%â character
%x x, for any âxâ not listed above

== Join fields from different tables ==

SELECT a.fieldname1 b.fieldname2 FROM tableA a LEFT JOIN tableB b ON a.fieldname1 = b.fieldname1
''To join these fields the values of a.fieldname1 and b.fieldname1 must be equal'' 
''Example: SELECT j.JobName b.Amount FROM job j JOIN invoice i ON j.JobID = i.JobID WHERE j.JobID = '00123''' 
''The '''job''' table and '''invoice''' table were joined by the value of their '''JobID''' fields'' 
'''''b.Amount''' was Selected from the invoice table where invoice.JobID = '00123' and '''j.JobName''' was Selected from the job table where job.JobID = '00123' '' 
 
 

== Change Column order within a table ==

Reference: http://dev.mysql.com/doc/refman/5.0/en/change-column-order.html
ALTER TABLE TableName MODIFY COLUMN ColumnNameToMove longtext AFTER ColumnNameToPutAfter
ALTER TABLE TableName MODIFY COLUMN ColumnNameToMove longtext BEFORE ColumnNameToPutBefore
ALTER TABLE TableName MODIFY COLUMN ColumnNameToMove longtext FIRST
 
 

== Allow access from remote host ==

GRANT ALL ON <DatabaseName>.* TO <User>@"<IP Address or Hostname>" IDENTIFIED BY "<Password>";
FLUSH PRIVILEGES;
Example:
GRANT ALL ON *.* TO root@"10.0.0.25" IDENTIFIED BY "SomePassword";
FLUSH PRIVILEGES;
''This grants 'ALL' privileges for every database (*.*) to the user 'root' when connecting from IP Address 10.0.0.25 and the password given is 'SomePassword' '' 
''NOTE: Granting 'ALL' privileges to all (*.*) databases can be a security risk. In real world scenarios, only grant the privileges that are necessary and only to the user/hosts that need them.''
 
 

== Show a Triggers ==
SHOW TRIGGERS;
 
 

== Delete a Trigger ==
DROP TRIGGER <Trigger_Name>;
 
 

== Show Database Size ==
SELECT table_schema AS "Database",
ROUND(SUM(data_length + index_length) / 1024 / 1024, 2) AS "Size (MB)"
FROM information_schema.TABLES
GROUP BY table_schema;
 

== Show Table Size ==
SELECT table_schema as "Database", table_name AS "Table",
ROUND(((data_length + index_length) / 1024 / 1024), 2) "Size in MB"
FROM information_schema.TABLES
ORDER BY (data_length + index_length) DESC;
 

[[Category:MySQL]]

MySQL Command Reference

2023-02-07T03:20:48Z

Ledhed: /* Show Table Size */

MySQL Command Reference

2023-02-07T03:20:24Z

Ledhed:

== Combine 2 fields into one result ==

SELECT CONCAT(fieldname1, fieldname2) FROM table
Example:
SELECT CONCAT(u.first, ' ', u.last) AS name FROM usr_table u

ID | first | last |
-----------------------------
1 | Led | Hed |
2 | Jimmy | Page |

Results:
Name
-----------
Led Hed
Jimmy Page

== Add fixed String to a field ==

SELECT CONCAT(fieldname1, 'fixed string') FROM table
 

== Do not return Duplicates ==

SELECT DISTINCT fieldname FROM table
 

== Return the 'Sum' of all fields selected ==

SELECT SUM(fieldname) FROM table
 

== Round to 2 decimal places ==

SELECT ROUND(fieldname, 2) FROM table
 

== Selects only the field with the highest numerical value ==

SELECT MAX(fieldname) FROM table
 

== Selects the leftmost 4 characters in a field ==

SELECT LEFT(fieldname, 4) FROM table
 

== Select date and format result in MM/DD/YYYY ==

SELECT DATE_FORMAT(fieldname, '%c/%d/%Y') from table

%a Abbreviated weekday name (Sun..Sat)
%b Abbreviated month name (Jan..Dec)
%c Month, numeric (0..12)
%D Day of the month with English suffix (0th, 1st, 2nd, 3rd, â¦)
%d Day of the month, numeric (00..31)
%e Day of the month, numeric (0..31)
%f Microseconds (000000..999999)
%H Hour (00..23)
%h Hour (01..12)
%I Hour (01..12)
%i Minutes, numeric (00..59)
%j Day of year (001..366)
%k Hour (0..23)
%l Hour (1..12)
%M Month name (January..December)
%m Month, numeric (00..12)
%p AM or PM
%r Time, 12-hour (hh:mm:ss followed by AM or PM)
%S Seconds (00..59)
%s Seconds (00..59)
%T Time, 24-hour (hh:mm:ss)
%U Week (00..53), where Sunday is the first day of the week
%u Week (00..53), where Monday is the first day of the week
%V Week (01..53), where Sunday is the first day of the week; used with %X
%v Week (01..53), where Monday is the first day of the week; used with %x
%W Weekday name (Sunday..Saturday)
%w Day of the week (0=Sunday..6=Saturday)
%X Year for the week where Sunday is the first day of the week, numeric, four digits; used with %V
%x Year for the week, where Monday is the first day of the week, numeric, four digits; used with %v
%Y Year, numeric, four digits
%y Year, numeric (two digits)
%% A literal â%â character
%x x, for any âxâ not listed above

== Join fields from different tables ==

SELECT a.fieldname1 b.fieldname2 FROM tableA a LEFT JOIN tableB b ON a.fieldname1 = b.fieldname1
''To join these fields the values of a.fieldname1 and b.fieldname1 must be equal'' 
''Example: SELECT j.JobName b.Amount FROM job j JOIN invoice i ON j.JobID = i.JobID WHERE j.JobID = '00123''' 
''The '''job''' table and '''invoice''' table were joined by the value of their '''JobID''' fields'' 
'''''b.Amount''' was Selected from the invoice table where invoice.JobID = '00123' and '''j.JobName''' was Selected from the job table where job.JobID = '00123' '' 
 
 

== Change Column order within a table ==

Reference: http://dev.mysql.com/doc/refman/5.0/en/change-column-order.html
ALTER TABLE TableName MODIFY COLUMN ColumnNameToMove longtext AFTER ColumnNameToPutAfter
ALTER TABLE TableName MODIFY COLUMN ColumnNameToMove longtext BEFORE ColumnNameToPutBefore
ALTER TABLE TableName MODIFY COLUMN ColumnNameToMove longtext FIRST
 
 

== Allow access from remote host ==

GRANT ALL ON <DatabaseName>.* TO <User>@"<IP Address or Hostname>" IDENTIFIED BY "<Password>";
FLUSH PRIVILEGES;
Example:
GRANT ALL ON *.* TO root@"10.0.0.25" IDENTIFIED BY "SomePassword";
FLUSH PRIVILEGES;
''This grants 'ALL' privileges for every database (*.*) to the user 'root' when connecting from IP Address 10.0.0.25 and the password given is 'SomePassword' '' 
''NOTE: Granting 'ALL' privileges to all (*.*) databases can be a security risk. In real world scenarios, only grant the privileges that are necessary and only to the user/hosts that need them.''
 
 

== Show a Triggers ==
SHOW TRIGGERS;
 
 

== Delete a Trigger ==
DROP TRIGGER <Trigger_Name>;
 
 

== Show Database Size ==
SELECT table_schema AS "Database",
ROUND(SUM(data_length + index_length) / 1024 / 1024, 2) AS "Size (MB)"
FROM information_schema.TABLES
GROUP BY table_schema;
 

== Show Table Size ==
SELECT
table_schema as "Database",
table_name AS "Table",
ROUND(((data_length + index_length) / 1024 / 1024), 2) "Size in MB"
FROM information_schema.TABLES
ORDER BY (data_length + index_length) DESC;

[[Category:MySQL]]

MySQL Command Reference

2023-02-07T03:13:28Z

Ledhed:

Ubuntu 22.04 Autoinstall

2022-08-24T15:01:53Z

Ledhed: Created page with "== Overview == This article will explain how to create a custom USB Boot disk for automatic installation of Ubuntu 22.04 including an answer file. == Quick-n-Dirty == === In..."

== Overview ==
This article will explain how to create a custom USB Boot disk for automatic installation of Ubuntu 22.04 including an answer file.

== Quick-n-Dirty ==
=== Installation Media ===
Partition USB stick into 2 pieces 
Partition 1 = 16M, EFI, Format FAT32 
Partition 2 = 4G, MS Dos, Format FAT32 

'''Mount Partition 2''' (make sure to use the right device, you can check with lsblk)
mount /dev/sdb2 /mnt

'''Extract ISO to Partition 2'''
7z -y x ubuntu-22.04.1-live-server-amd64.iso -o/mnt

'''Edit /mnt/boot/grub/grub.cfg'''
Add these lines after the end of the first 'menuentry'
menuentry "Auto Install Ubuntu Server" {
set gfxpayload=keep
linux /casper/vmlinuz autoinstall quiet ---
initrd /casper/initrd
}

'''Update /mnt/md5sum.txt'''
cd /mnt
md5sum ./boot/grub/grub.cfg >> /mnt/md5sum.txt
Remember to delete the old grub.cfg line.

'''Create an efi directory under /mnt/boot/''':
mkdir /mnt/boot/efi

'''Mount Partition 1'''
mount /dev/sdb1 /mnt/boot/efi

'''Install grub on Partition 2''' (this assumes the system is x64 UEFI):
grub-install --boot-directory=/mnt/boot /dev/sdb2

'''Unmount Partition 1, then Partition 2'''
umount /mnt/boot/efi
umount /mnt

=== Answer File Media ===
'''Generate a user-data file''', this is most easily done by copying one from a manual installation. This file can be found at:
/var/log/install/autoinstall-user-data

'''Generate a meta-data file''', this file is typically empty.
touch meta-data

'''Create the answer-file.iso'''
cloud-localds ./answer_file.iso user-data meta-data

'''Burn answer-file.iso to a USB stick.'''

''' Unmount the Answer File USB stick'''

=== Boot it! ===
Insert the newly created Installation USB stick and invoke your system's boot menu (F11 perhaps).
* Highlight Partition 2
* Insert the Answer File Media
* Press [Enter]
The system should install unattended including the network settings, user credentials, and packages you selected when generating the user-data file on the manual installation.

== Reference ==
https://ubuntu.com/server/docs/install/autoinstall
 
https://cloudinit.readthedocs.io/en/latest/topics/datasources/nocloud.html
 
https://github.com/covertsh/ubuntu-autoinstall-generator/blob/main/ubuntu-autoinstall-generator.sh#L249
 
https://linuxconfig.org/ubuntu-autoinstall-example
 
https://gist.github.com/jamiekurtz/26c46b3e594f8cdd453a

[[Category:Ubuntu]]

Regex Examples

2022-07-14T11:21:30Z

Ledhed: Created page with "== Overview == Here are some common examples of Regex used for form validation. == Phone Numbers == == Email Addresses == == IP Address Validation == === IPv4 Address ===..."

== Overview ==
Here are some common examples of Regex used for form validation.

== Phone Numbers ==

== Email Addresses ==

== IP Address Validation ==
=== IPv4 Address ===
^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$

=== IPv4 Subnet in CIDR Notation ===
^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)($|/([0-9]|[12][0-9]|3[0-2]))$

== References ==
https://www.regextester.com/

https://www.regextutorial.org/regex-for-ip-address-match.php

https://stackoverflow.com/questions/12141206/ipaddress-or-cidr-block-matching-regex

[[Category:Regular_Expression]]

Category:Regular Expression

2022-07-14T11:20:52Z

Ledhed: Created page with "== Regular Expression == Category:Tech_Notes"

== Regular Expression ==

[[Category:Tech_Notes]]

Serial Console

2022-06-08T15:01:49Z

Ledhed:

Serial Console HowTo

== Overview ==
Sometimes it is handy to be able to redirect a TTY Console to a serial port.
One such example might be that your server is headless (No VGA, Keyboard, or Monitor)
The info on this page will help you enable console access via a serial port.

== Instructions ==

To redirect a Linux Console to a serial port edit /etc/inittab and add this line at the end of the '# Run gettys in standard runlevels' section.

S0:2345:respawn /usr/sbin/agetty -h ttyS0 38400 vt100

When done issue this command to make the changes take effect:

init q

== Explanation ==
TTY-ID:RUN-LEVELS:respawn COMMAND -SWITCHES PORT TERMINAL-EMULATION
(For greater detail on inittab or agetty see the [[Serial_Console#References|References Section]] below)

== General Notes ==
1) In this HowTo I used 'agetty' but there are other getty packages such as 'getty', 'mgetty', and 'mingetty' use whichever is the default on your distribution. If you use one of the other getty packages keep in mind that the syntax will most likely be different. 
2) ttyS0 = COM1, ttyS1 = COM2 etc...

==Modern Distros using Systemd==
If you're on a distro that uses systemd, here is another method (in this case Ubuntu 22.04):

cat <<EOF > /lib/systemd/system/ttyS0.service
[Unit]
Description=Serial Console Service

[Service]
ExecStart=/sbin/getty -L 115200 ttyS0 vt102
Restart=always

[Install]
WantedBy=multi-user.target
EOF

Then reload, enable, and start the service
systemctl daemon-reload
systemctl enable ttyS0
systemctl start ttyS0

== References ==
[http://www.vanemery.com/Linux/Serial/serial-console.html Linux Serial Console HowTo] 
[http://www.linuxjournal.com/article/2040 Linux Journal - Serial as a Console] 
[http://www.netadmintools.com/html/5inittab.man.html inittab Man Pages] 
[http://www.netadmintools.com/html/8agetty.man.html agetty Man Pages]
 
[https://ubuntuforums.org/showthread.php?t=2343595 Serial Console connection on Ubuntu 16.04 or higher]

[[Category:Linux]]

Serial Console

2022-06-08T15:01:25Z

Ledhed:

Serial Console HowTo

== Overview ==
Sometimes it is handy to be able to redirect a TTY Console to a serial port.
One such example might be that your server is headless (No VGA, Keyboard, or Monitor)
The info on this page will help you enable console access via a serial port.

== Instructions ==

To redirect a Linux Console to a serial port edit /etc/inittab and add this line at the end of the '# Run gettys in standard runlevels' section.

S0:2345:respawn /usr/sbin/agetty -h ttyS0 38400 vt100

When done issue this command to make the changes take effect:

init q

== Explanation ==
TTY-ID:RUN-LEVELS:respawn COMMAND -SWITCHES PORT TERMINAL-EMULATION
(For greater detail on inittab or agetty see the [[Serial_Console#References|References Section]] below)

== General Notes ==
1) In this HowTo I used 'agetty' but there are other getty packages such as 'getty', 'mgetty', and 'mingetty' use whichever is the default on your distribution. If you use one of the other getty packages keep in mind that the syntax will most likely be different. 
2) ttyS0 = COM1, ttyS1 = COM2 etc...

==Modern Distros using Systemd==
If you're on an distro that uses systemd, here is another method (in this case Ubuntu 22.04):

cat <<EOF > /lib/systemd/system/ttyS0.service
[Unit]
Description=Serial Console Service

[Service]
ExecStart=/sbin/getty -L 115200 ttyS0 vt102
Restart=always

[Install]
WantedBy=multi-user.target
EOF

Then reload, enable, and start the service
systemctl daemon-reload
systemctl enable ttyS0
systemctl start ttyS0

== References ==
[http://www.vanemery.com/Linux/Serial/serial-console.html Linux Serial Console HowTo] 
[http://www.linuxjournal.com/article/2040 Linux Journal - Serial as a Console] 
[http://www.netadmintools.com/html/5inittab.man.html inittab Man Pages] 
[http://www.netadmintools.com/html/8agetty.man.html agetty Man Pages]
 
[https://ubuntuforums.org/showthread.php?t=2343595 Serial Console connection on Ubuntu 16.04 or higher]

[[Category:Linux]]

Serial Console

2022-06-08T15:01:06Z

Ledhed:

Serial Console HowTo

== Overview ==
Sometimes it is handy to be able to redirect a TTY Console to a serial port.
One such example might be that your server is headless (No VGA, Keyboard, or Monitor)
The info on this page will help you enable console access via a serial port.

== Instructions ==

To redirect a Linux Console to a serial port edit /etc/inittab and add this line at the end of the '# Run gettys in standard runlevels' section.

S0:2345:respawn /usr/sbin/agetty -h ttyS0 38400 vt100

When done issue this command to make the changes take effect:

init q

== Explanation ==
TTY-ID:RUN-LEVELS:respawn COMMAND -SWITCHES PORT TERMINAL-EMULATION
(For greater detail on inittab or agetty see the [[Serial_Console#References|References Section]] below)

== General Notes ==
1) In this HowTo I used 'agetty' but there are other getty packages such as 'getty', 'mgetty', and 'mingetty' use whichever is the default on your distribution. If you use one of the other getty packages keep in mind that the syntax will most likely be different. 
2) ttyS0 = COM1, ttyS1 = COM2 etc...

==Modern Distros using Systemd==
If you're on an distro that uses systemd, here is another method (in this case Ubuntu 22.04):

cat <<EOF > /lib/systemd/system/ttyS0.service
[Unit]
Description=Serial Console Service

[Service]
ExecStart=/sbin/getty -L 115200 ttyS0 vt102
Restart=always

[Install]
WantedBy=multi-user.target
EOF

Then reload, enable, and start the service
systemctl daemon-reload
systemctl enable ttyS0
systemctl start ttyS0

== References ==
[http://www.vanemery.com/Linux/Serial/serial-console.html Linux Serial Console HowTo] 
[http://www.linuxjournal.com/article/2040 Linux Journal - Serial as a Console] 
[http://www.netadmintools.com/html/5inittab.man.html inittab Man Pages] 
[http://www.netadmintools.com/html/8agetty.man.html agetty Man Pages] 
 
[https://ubuntuforums.org/showthread.php?t=2343595 Serial Console connection on Ubuntu 16.04 or higher]

[[Category:Linux]]

Serial Console

2022-06-08T15:00:17Z

Ledhed:

Serial Console HowTo

== Overview ==
Sometimes it is handy to be able to redirect a TTY Console to a serial port.
One such example might be that your server is headless (No VGA, Keyboard, or Monitor)
The info on this page will help you enable console access via a serial port.

== Instructions ==

To redirect a Linux Console to a serial port edit /etc/inittab and add this line at the end of the '# Run gettys in standard runlevels' section.

S0:2345:respawn /usr/sbin/agetty -h ttyS0 38400 vt100

When done issue this command to make the changes take effect:

init q

== Explanation ==
TTY-ID:RUN-LEVELS:respawn COMMAND -SWITCHES PORT TERMINAL-EMULATION
(For greater detail on inittab or agetty see the [[Serial_Console#References|References Section]] below)

== General Notes ==
1) In this HowTo I used 'agetty' but there are other getty packages such as 'getty', 'mgetty', and 'mingetty' use whichever is the default on your distribution. If you use one of the other getty packages keep in mind that the syntax will most likely be different. 
2) ttyS0 = COM1, ttyS1 = COM2 etc...

==Modern Distros using Systemd==
If you're on an distro that uses systemd, here is another method (in this case Ubuntu 22.04):

cat <<EOF > /lib/systemd/system/ttyS0.service
[Unit]
Description=Serial Console Service

[Service]
ExecStart=/sbin/getty -L 115200 ttyS0 vt102
Restart=always

[Install]
WantedBy=multi-user.target
EOF

Then reload, enable, and start the service
systemctl daemon-reload
systemctl enable ttyS0
systemctl start ttyS0

== References ==
[http://www.vanemery.com/Linux/Serial/serial-console.html Linux Serial Console HowTo] 
[http://www.linuxjournal.com/article/2040 Linux Journal - Serial as a Console] 
[http://www.netadmintools.com/html/5inittab.man.html inittab Man Pages] 
[http://www.netadmintools.com/html/8agetty.man.html agetty Man Pages] 
 
[https://ubuntuforums.org/showthread.php?t=2343595]

[[Category:Linux]]

Linux Random MAC

2022-06-01T10:47:29Z

Ledhed:

== Overview ==
Current versions of Linux distros are obtaining DHCP leases with Randomized MAC addresses which I find aggravating when trying to track down a host by MAC. It also blows up a DHCP reservation if you re-install an OS on the same Hardware/VM.

== Solution 1 ==
echo " dhcp-identifier: mac" >>/etc/netplan/xxx.yaml
netplan apply

== Solution 2 (old) ==
echo "send dhcp-client-identifier = hardware;" >>/etc/dhcp/dhclient.conf
rm /var/lib/dhcp/*
systemctl restart networking

== References ==
https://superuser.com/questions/1338510/wrong-ip-address-from-dhcp-client-on-ubuntu-18-04

https://superuser.com/questions/1553094/force-to-use-mac-address-as-dhcp-client-id-on-debian-buster

[[Category:Linux]][[Category:Ubuntu]]

OpenBSD Shell Tweaks

2022-01-24T11:01:24Z

Ledhed: Created page with "'''INCOMPLETE''' == Overview == A buddy of mine who is a FreeBSD fanatic got me using it and I fell in love with it's command line, specifically the command history complet..."

'''INCOMPLETE'''

== Overview ==
A buddy of mine who is a FreeBSD fanatic got me using it and I fell in love with it's command line, specifically the command history completion. OpenBSD's default root shell is ksh and while it does tab completion and command history, it doesn't do command history completion. I also really like a colored command line interface for quickly identifying folders, links, and executables (ya this is a Linux carryover). This article will show how to add color and add command history completion to the Korn shell.

== Prompt ==
Add this to your .profile file:
PS1='$USER:$PWD# '
export PS1

== COLORLS ==
pkg_add -r colorls
Add this to your .profile file:
LSCOLORS=gxfxhxhxcxhxhxBxBxhxhx
export LSCOLORS
alias ls='colorls -G'

== Reference ==
https://geoff.greer.fm/lscolors/

[[Category:OpenBSD]]

OpenBSD Aliases

2022-01-23T12:42:51Z

Ledhed:

== Overview ==
I started using OpenBSD and found that some of the command aliases I'm used to using in other distributions weren't there. Naturally I went looking for ~/.kshrc but was surprised to find it wasn't there. There was .cshrc but edits to that file weren't working (probably because the default shell in OpenBSD is ksh).

== How to add Aliases ==
Edit ~/.profile and add:
export ENV=$HOME/.kshrc

Now create ~/.kshrc
alias ll="ls -lsah"
alias service=rcctl

== References ==
https://unix.stackexchange.com/questions/476065/openbsd-how-does-one-set-an-alias

[[Category:OpenBSD]]

OpenBSD Disk Setup

2022-01-23T12:40:47Z

Ledhed: Created page with "== Overview == How to customize the partition sized during OpenBSD installation to give /var more space. == Edit Auto Configured Disk Layout == At install time you can choos..."

== Overview ==
How to customize the partition sized during OpenBSD installation to give /var more space.

== Edit Auto Configured Disk Layout ==
At install time you can choose (A) for auto-layout. This creates a lot more partitions than other distributions. Often times it gives more space to /home than I'd like especially if the installation is going to be a server. 
Fortunately you can (E) edit the auto-layout. When you press (E) you get dropped to a fdisk like command prompt. 
Here are some helpful commands"
? Help
a Add partition
d Delete partition
p Print partition table
z Delete all partitions

The default partition layout looks like this:
a: /
b: swap
c: reserved/unused
d: /tmp
e: /var
f: /usr
g: /usr/X11R6
h: /usr/local
i: /usr/src
j: /usr/obj
k: /home

On servers that won't host many users I prefer to make /var the last partition so I can have it use 100% of the remaining space. You can do this by specifying '''100&''' for the partition size.

== Reference ==
https://dev.to/nabbisen/openbsd-manual-partitioning-at-installation-4cif

[[Category:OpenBSD]]

OpenBSD Aliases

2022-01-23T11:56:26Z

Ledhed: Created page with "== Overview == I started using OpenBSD and found that some of the command aliases I'm used to using in other distributions weren't there. Naturally I went looking for ~/.kshrc..."

Category:OpenBSD

2022-01-23T11:50:14Z

Ledhed: Created page with "https://www.openbsd.org/ Category:Tech_Notes"

https://www.openbsd.org/

[[Category:Tech_Notes]]

Linux Random MAC

2021-12-06T11:00:27Z

Ledhed: Created page with "== Overview == Current versions of Linux distros are obtaining DHCP leases with Randomized MAC addresses which I find aggravating when trying to track down a host by MAC. It a..."

== Overview ==
Current versions of Linux distros are obtaining DHCP leases with Randomized MAC addresses which I find aggravating when trying to track down a host by MAC. It also blows up a DHCP reservation if you re-install an OS on the same Hardware/VM.

== Solution ==
echo "send dhcp-client-identifier = hardware;" >>/etc/dhcp/dhclient.conf
rm /var/lib/dhcp/*
systemctl restart networking

== References ==
https://superuser.com/questions/1553094/force-to-use-mac-address-as-dhcp-client-id-on-debian-buster

[[Category:Linux]][[Category:Ubuntu]]

Timedatectl

2021-11-09T05:06:49Z

Ledhed: Created page with "== Overview == I always forget how to check NTP sync status on systems that use systemd. == timedatectl == === Status === timedatectl === Show last synced server === time..."

Home Assistant Updates

2021-11-04T03:37:59Z

Ledhed: Created page with "== Overview == Home Assistant updates are released on the first Wednesday of every month. You can update form the WebUI or from the CLI. == WebUI == There is an 'Updater' e..."

== Overview ==
Home Assistant updates are released on the first Wednesday of every month. You can update form the WebUI or from the CLI.

== WebUI ==
There is an 'Updater' entity that will let you know if an update is available.
Go to the Supervisor and there should be a card indicating the current version, and the latest version.
Click 'Upgrade', Ideally create a backup/snapshot and download it to a safe place prior to performing the upgrade.
You can download from the WebUI, or by accessing the 'backup/' directory (if you have SAMBA setup).

== CLI ==
Updating to a specific version
ha core update --version 2021.10.7

== References ==
https://community.home-assistant.io/t/2021-11-icon-picker-device-links-and-entity-categories/352836/51

Latest Release Notes
https://www.home-assistant.io/latest-release-notes/

[[Category:Home Assistant]]

Tasmota Command Line Options

2021-09-15T05:09:00Z

Ledhed:

== Overview ==
Some useful command line options for devices running Tasmota firmware

== Console ==
Open the device's webpage, and click the 'Console' button. At the console enter your commands. Commands are automatically saved and should survive a reboot.

== MQTT ==
https://github.com/arendst/Tasmota/wiki/Commands#mqtt

=== Update Interval ===
To set the update interval / frequency at which the devices sends MQTT messages:
TelePeriod 30
''0 = disable telemetry messages'' 
''1 = reset telemetry period to firmware default (TELE_PERIOD)'' 
''10..3600 = set telemetry period in seconds (default = 300)'' 

== Temperature Calibration ==
TempOffset 1.3
[https://tasmota.github.io/docs/Commands/#tempoffset TempOffset]

== Humidity Calibration ==
HumOffset 1.7
[https://tasmota.github.io/docs/Commands/#humidoffset HumOffset]

=== Status ===
status 8
This is a handy way to debug an unknown device. Set as many GPIO pins to SwitchX and then run this command, then press+hold a button on the device and run status 8 again to see which one changed.

== NTP / Time Server ==
NtpServer1 <IP_Address>
NtpServer2 <IP_Address>

=== List existing NTP settings ===
NtpServer <ENTER>

== SetOptions ==
https://github.com/arendst/Tasmota/wiki/commands#setoption-overview

=== Temperature Units ===
To set temperature units to Fahrenheit:
SetOption8 1

=== Color Values ===
To set color units to R,G,B,W (0-255):
SetOption17 1
Enables color status in decimals

To set color red:
color 255,0,0,0
To set color green:
color 0,255,0,0
To set color blue:
color 0,0,255,0
To set color white:
color 0,0,0,255

=== AutoDiscovery ===
SetOption19 enables/disables MQTT Auto-Discovery
SetOption19 0
This disables MQTT auto-discovery, but also enables auto-discovery in Home Assistant when using the Tasmota Integration.

== WiFi Manager ==
If you have a device that is physically difficult to get to, or difficult to flash (bulbs), you may want to enable the WiFi Manager. This will cause the device to switch to AP mode when it can't find a wireless network to connect to. When in AP mode, you can connect to it from another wireless device like a laptop or smart phone and change the network config.
WifiConfig 2

== I2C Scan ==
This command causes Tasmota to scan the I2C bus and display found device ID's.
i2cscan

== Reference ==
https://github.com/arendst/Tasmota/wiki/commands

[[Category:Tasmota]]

Bitwarden

2021-06-16T11:06:00Z

Ledhed:

== Overview ==
How to install Bitwarden

=== Install ===

As Root:
Install Prerequisites
apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
apt update
apt install docker-ce docker-ce-cli containerd.io docker-compose

Create the Bitwarden Service Account
useradd -s /bin/bash -m -d /home/bitwarden bitwarden
usermod -aG docker bitwarden
passwd bitwarden (USE A REALLY LONG COMPLEX PASSWORD AND FORGET IT!) You'll never actually login as this user, instead login as a user with root privileges and: su bitwarden
mkdir /opt/bitwarden
chmod 700 /opt/bitwarden
chown bitwarden.bitwarden /opt/bitwarden

Bitwarden User:
cd /opt/bitwarden
wget -O bitwarden.sh https://go.btwrdn.co/bw-sh
chmod +x bitwarden.sh
./bitwarden.sh install

Copy ca.crt, certificate.crt, and private.key to:
/home/bitwarden/bwdata/ssl/<FQDN>/

Start Bitwarden
~/bitwarden.sh start

=== Automatic Startup ===
Create /lib/systemd/system/bitwarden.service
[Unit]
Description=Bitwarden
Requires=docker.service
After=docker.service

[Service]
Type=oneshot
User=bitwarden
Group=bitwarden
ExecStart=/opt/bitwarden/bitwarden.sh start
ExecStop=/opt/bitwarden/bitwarden.sh stop
RemainAfterExit=true

[Install]
WantedBy=multi-user.target

Enable the Bitwarden service
systemctl enable bitwarden

Start the service
systemctl start bitwarden

== Reference ==
https://bitwarden.com/help/article/install-on-premise/#install-docker-and-docker-compose

https://bitwarden.com/help/article/hosting-faqs/#q-how-do-i-add-bitwarden-to-system-boot

[[Category:Linux]]

Bitwarden

2021-06-16T11:05:08Z

Ledhed: Created page with "== Overview == How to install Bitwarden === Install === As Root: Install Prerequisites apt-get install apt-transport-https ca-certificates curl gnupg-agent software-proper..."

== Overview ==
How to install Bitwarden

=== Install ===

As Root:
Install Prerequisites
apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
apt update
apt install docker-ce docker-ce-cli containerd.io docker-compose

Create the Bitwarden Service Account
useradd -s /bin/bash -m -d /home/bitwarden bitwarden
usermod -aG docker bitwarden
passwd bitwarden (USE A REALLY LONG COMPLEX PASSWORD AND FORGET IT!) You'll never actually login as this user, instead login as a user with root privileges and: su bitwarden
mkdir /opt/bitwarden
chmod 700 /opt/bitwarden
chown bitwarden.bitwarden /opt/bitwarden

Bitwarden User:
cd /opt/bitwarden
wget -O bitwarden.sh https://go.btwrdn.co/bw-sh
chmod +x bitwarden.sh
./bitwarden.sh install

Copy ca.crt, certificate.crt, and private.key to:
/home/bitwarden/bwdata/ssl/<FQDN>/

Start Bitwarden
~/bitwarden.sh start

=== Automatic Startup ===
Create /lib/systemd/system/bitwarden.service
[Unit]
Description=Bitwarden
Requires=docker.service
After=docker.service

[Service]
Type=oneshot
User=bitwarden
Group=bitwarden
ExecStart=/opt/bitwarden/bitwarden.sh start
ExecStop=/opt/bitwarden/bitwarden.sh stop
RemainAfterExit=true

[Install]
WantedBy=multi-user.target

Enable the Bitwarden service
systemctl enable bitwarden

Start the service
systemctl start bitwarden

== Reference ==
https://bitwarden.com/help/article/hosting-faqs/#q-how-do-i-add-bitwarden-to-system-boot

[[Category:Linux]]

Ubuntu fd0 error

2021-06-16T04:56:26Z

Ledhed: Created page with "== Overview == If you install Ubuntu as an ESXi VM and remove the Floppy virtual hardware Ubuntu will boot slower and throw this error: blk_update_request: I/O error, dev fd0..."

== Overview ==
If you install Ubuntu as an ESXi VM and remove the Floppy virtual hardware Ubuntu will boot slower and throw this error:
blk_update_request: I/O error, dev fd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0

== How to Fix ==
Login to your Ubuntu VM and run the following:
sudo rmmod floppy
echo "blacklist floppy" | sudo tee /etc/modprobe.d/blacklist-floppy.conf
sudo dpkg-reconfigure initramfs-tools
Reboot.

== Reference ==
https://askubuntu.com/questions/719058/blk-update-request-i-o-error-dev-fd0-sector-0

[[Category:Ubuntu]][[Category:ESXi]]

Raspberry Pi Change IP without Reboot

2021-06-15T08:45:12Z

Ledhed:

== Overview ==
Sometimes you want to change your Raspberry Pi's IP without having to reboot, here's how!

== IP ADDR ==
So in newer versions of Raspbian and RaspberryPi OS (Jessie and above) when you make changes to:
/etc/dhcpcd.conf
The changes don't take effect upon service restart.
sudo service dhcpcd restart

Here's what you need to do: 
Edit:
/etc/dhcpcd.conf
Run:
sudo service dhcpcd stop
sudo ip addr flush dev eth0
sudo service dhcpcd start

DONE!!!

== Reference ==
https://raspberrypi.stackexchange.com/questions/76655/change-static-ip-without-rebooting

[[Category:Raspberry_Pi]]

Raspberry Pi Change IP without Reboot

2021-06-15T08:42:12Z

Ledhed:

== Overview ==
Sometimes you want to change your Raspberry Pi's IP without having to reboot, here's how!

== IP ADDR ==
So in newer versions of Raspbian and RaspberryPi OS (Jessie and above) when you make changes to:
/etc/dhcpcd.conf
The changes don't take effect upon service restart.
sudo service dhcpcd restart

Here's what you need to do: 
Edit:
/etc/dhcpcd.conf
Run:
sudo ip addr flush dev eth0
sudo service dhcpcd restart

DONE!!!

== Reference ==
https://raspberrypi.stackexchange.com/questions/76655/change-static-ip-without-rebooting

[[Category:Raspberry_Pi]]

Raspberry Pi Change IP without Reboot

2021-06-15T08:41:58Z

Ledhed:

== Overview ==
Sometimes you want to change your Raspberry Pi's IP without having to reboot, here's how!

== IP ADDR ==
So in newer versions of Raspbian and RaspberryPi OS (Jessie and above) when you make changes to:
/etc/dhcpcd.conf
The changes don't take effect upon service restart.
sudo service dhcpcd restart

Here's what you need to do:
Edit:
/etc/dhcpcd.conf
Run:
sudo ip addr flush dev eth0
sudo service dhcpcd restart

DONE!!!

== Reference ==
https://raspberrypi.stackexchange.com/questions/76655/change-static-ip-without-rebooting

[[Category:Raspberry_Pi]]

Raspberry Pi Change IP without Reboot

2021-06-15T08:41:33Z

Ledhed: Created page with "== Overview == Sometimes you want to change your Raspberry Pi's IP without having to reboot, here's how! == IP ADDR == So in newer versions of Raspbian and RaspberryPi OS (J..."

== Overview ==
Sometimes you want to change your Raspberry Pi's IP without having to reboot, here's how!

== IP ADDR ==
So in newer versions of Raspbian and RaspberryPi OS (Jessie and above) when you make changes to:
/etc/dhcpcd.conf
The changes don't take effect upon service restart.
sudo service dhcpcd restart

Here's what you need to do:
Edit:
/etc/dhcpcd.conf
Run:
sudo ip addr flush dev eth0
Then:
sudo service dhcpcd restart

DONE!!!

== Reference ==
https://raspberrypi.stackexchange.com/questions/76655/change-static-ip-without-rebooting

[[Category:Raspberry_Pi]]

Changing the NTP Server in HassOS

2021-06-01T07:30:38Z

Ledhed: /* Background Info */

== Overview ==
Its common practice to create an Isolated VLAN for Home Automation gear and IoT devices. Doing so will make your environment inherently more secure, but it also presents challenges. In my case my Home Assistant server wasn't keeping accurate time. This article will briefly demonstrate how to change the NTP server Home Assistant connects to for time syncronizations.

== Background Info ==
HassOS runs on an Overlay File System, which means that edits to files from the command line won't survive a reboot (assuming you can even make changes, often times you'll get an error stating that its a Read-Only File System). So how do you make changes? 
First: Read [https://github.com/home-assistant/operating-system/blob/dev/Documentation/configuration.md]
I had done this, but had challenges getting the USB stick to passthrough to my HassOS VM on Boot. So I went the alternative route by creating a '''CONFIG''' folder in the boot partition, BUT WHERE IS THE BOOT PARTITION!!!
Open the console of your HassOS and login as ''root''. Then at the command line type: ''logon''
ha > login
# mkdir -p /mnt/boot/CONFIG
# echo -e "[Time]\nNTP=10.20.30.40\nFallbackNTP=10.20.30.41" > /mnt/boot/CONFIG/timesyncd.conf
''Replace '''10.20.30.40''' and '''10.20.30.41''' with your desired NTP servers.'' 
Alternatively you can:
# vi /mnt/boot/CONFIG/timesyncd.conf

[Time]
NTP=10.20.30.40
FallbackNTP=10.20.30.41

Once /mnt/boot/CONFIG/timesyncd.conf has been created you can reboot the Host
# reboot

== Notes ==
You can confirm the changes by logging in again and running:
# cat /etc/systemd/timesyncd.conf
It should reflect the changes you made above. 
I also noticed that the /mnt/boot/CONFIG folder is removed after reboot. This is normal, and your changes should persist future reboots.

== Reference ==
https://github.com/home-assistant/operating-system/blob/dev/Documentation/configuration.md

https://github.com/home-assistant/supervisor/issues/957#issuecomment-528948200

[[Category:Home Assistant]]

Dynamic Firewall Aliases in OPNSense

2021-05-29T08:39:34Z

Ledhed:

== Overview ==
In an ideal world you would create firewall rules that target specific source IP addresses. Unfortunately many cloud services utilize multiple large ranges of IPs that change. Which make Static Aliases a pain to manage. This article will show you how to create Dynamic IP Aliases in OPNSense.

== Aliases ==
Aliases are very power. In addition to being able to assign friendly names to IPs, Networks, MAC Address, URLs, Domains, etc. You can also nest Aliases, and then reference the alias in your Firewall Rules. Here we will focus on 'URL Tables' which allow you to create an Alias of IPs and/or networks from a URL at a given interval. Making the Alias dynamic, and resilient to changes.

=== URL Tables ===
Firewall -> Aliases 
Create (+ Icon) 
{| class="wikitable"
|-
| Enabled || [X]
|-
| Name || CloudFlare_IPv4
|-
| Type || Host(s)
|-
| Content || https://www.cloudflare.com/ips-v4
|-
| Statistics || [ ]
|-
| Description || CloudFlare IPv4 Address List
|-
|}

{| class="wikitable"
|-
| Enabled || [X]
|-
| Name || CloudFlare_IPv6
|-
| Type || Host(s)
|-
| Content || https://www.cloudflare.com/ips-v6
|-
| Statistics || [ ]
|-
| Description || CloudFlare IPv6 Address List
|-
|}

{| class="wikitable"
|-
| Enabled || [X]
|-
| Name || CloudFlare_IPs
|-
| Type || Network(s)
|-
| Content || CloudFlare_IPv4 CloudFlare_IPv6
|-
| Statistics || [ ]
|-
| Description || CloudFlare IP Ranges
|-
|}

The last Alias is a nested Network Alias that uses both URL Tables. Now you can reference 'CloudFlare_IPs' in your source or destination rules.

== Security ==
Make sure the URL Table you reference is from a source you trust. If the URL is DNS hijacked or content modified by the attacker, they could substitute their own IP address into your firewall rules. Its highly advised to use a URL that uses HTTPS so you can verify the identity of the server and make Man-in-the-Middle attacks more difficult.

== Reference ==
https://docs.opnsense.org/manual/how-tos/edrop.html

https://www.cloudflare.com/ips/

[[Category:OPNSense]]

Dynamic Firewall Aliases in OPNSense

2021-05-29T08:30:25Z

Ledhed:

== Overview ==
In an ideal world you would create firewall rules that target specific source IP addresses. Unfortunately many cloud services utilize multiple large ranges of IPs that change. Which make Static Aliases a pain to manage. This article will show you how to create Dynamic IP Aliases in OPNSense.

== Aliases ==
Aliases are very power. In addition to being able to assign friendly names to IPs, Networks, MAC Address, URLs, Domains, etc. You can also nest Aliases, and then reference the alias in your Firewall Rules. Here we will focus on 'URL Tables' which allow you to create an Alias of IPs and/or networks from a URL at a given interval. Making the Alias dynamic, and resilient to changes.

=== URL Tables ===
Firewall -> Aliases
Create (+ Icon)
{| class="wikitable"
|-
| Enabled || [X]
|-
| Name || CloudFlare_IPv4
|-
| Type || Host(s)
|-
| Content || https://www.cloudflare.com/ips-v4
|-
| Statistics || [ ]
|-
| Description || CloudFlare IPv4 Address List
|-
|}

{| class="wikitable"
|-
| Enabled || [X]
|-
| Name || CloudFlare_IPv6
|-
| Type || Host(s)
|-
| Content || https://www.cloudflare.com/ips-v6
|-
| Statistics || [ ]
|-
| Description || CloudFlare IPv6 Address List
|-
|}

{| class="wikitable"
|-
| Enabled || [X]
|-
| Name || CloudFlare_IPs
|-
| Type || Network(s)
|-
| Content || CloudFlare_IPv4 CloudFlare_IPv6
|-
| Statistics || [ ]
|-
| Description || CloudFlare IP Ranges
|-
|}

The last Alias is a nested Network Alias that uses both URL Tables. Now you can reference 'CloudFlare_IPs' in your source or destination rules.

== Security ==
Make sure the URL Table you reference is from a source you trust. If the URL is DNS hijacked or content modified by the attacker, they could substitute their own IP address into your firewall rules. Its highly advised to use a URL that uses HTTPS so you can verify the identity of the server and make Man-in-the-Middle attacks more difficult.

== Reference ==
https://docs.opnsense.org/manual/how-tos/edrop.html

https://www.cloudflare.com/ips/

[[Category:OPNSense]]