SRC: from hampacket2 Setting up a Raspberry Pi2 with Raspian based on Jessie dranch@trinnet.net 05/22/15.0 Index: ------ - Image and Install the MicroSD card - Cable up and power up your Rpi2 - Boot up the new image and do initial security on it - Create a new user and disable the Pi user - Install and configure a simple Iptables firewall - Rpi initial setup, and applying Rapian patches - Fixing some current Raspian issues (Gotchas) - Configure temporary file systems to minimize writes - Noatime File system optimization - Enable/Disable IPv6 upon booting - TBD: Add ulog to remove iptable lines from /var/log/messages - Enable power management for attached USB HDs - Check and disabled unneeded services (the SystemD way) - Specific Syslog Fixes - Install email server and logrotate log notification tools - Install important sysadmin and monitoring tools - Create remote NFS mounts for compile scratch space (save the SD card) - Install the required tool-chains to start building packages - Build VE7FET AX.25 sources from git - Identify and test the soundcard - Setting up the Sound Card levels for 1200BAUD AFSK Packet Radio - Soundcard microphone bias voltage and choosing GPIO pins Radio PTT line - Compile, Configure, and Test Direwolf - Configure the AX.25 system - Bring up the AX.25 system - Enable log rotation for packet logs - Install Linpac for Connected and UnConnected packet QSOs and PBBS - Auto start the packet system and advanced services - Todo - Errata -------------------------------- Image and install the micro SD card This document assumes you will install and use the official Raspian image for your Raspberry Pi. There are some other alternative pre-configured images that you might consider as well: - Bernard F6BVP's new Jessie based image for TNC-Pi http://f6bvp.org/AX25_BBS_Node_RaspBerry_Pi_install.html - Mitch AB6MW's Wheezy based image with setup GUI which supports TNC-X and Direwolf https://sourceforge.net/projects/haldigital/ - Brett's TNC-Pi centric image https://sites.google.com/a/thinkonit.com/ax25-fpac/ - Pidora/JNOS package with an embedded JNOS configuration manager is included http://ares-mi.org/downloads/Packet/Configure_Personal_JNOS/Configure_Personal_JNOS--Raspberry_Pi-JNOS-en- US.pdf 1. Put a recommended quality blank microSD card to existing working linux machine's card reader 2. run dmesg to confirm SD card device is present - for me, it's /dev/mmcblk0 3. Get the newest Raspian / Jessie 4. Uncompress the image and then use: dd if= of=/dev/mmcblk0 bs=2M 5. Remove the microSD card and install it into your Rpi2 -------------------------------- Cable up and power up your Rpi2 a. Connect your monitor via the HDMI port b. Connect up your Ethernet cable if you have an Rpi2 mode B c. Connect up your powered USB hub to the Raspberry Pi 1. Connect your USB keyboard and mouse to the hub d. Connect your USB sound card directly to the RPI's USB ports (more on this later) e. Plug in the microUSB cable power cable to power on your Rpi2 -------------------------------- Boot up the new image and do initial security on it !!!MANDATORY!! -------------- 1. Create a new user and disable the Pi user Many Rpis connected to the Internet are getting compromised as people are't changing the default username and password CRITICAL NOTE: It should be noted that though I could ssh into my Rpi2 as a newly created user like "dranch", I could *NOT* log in to the directly connected HDMI/keyboard console! In troubleshooting this, if I tried to type in my password in the username prompt, the wrong letters were popping up! To fix this, see below to set the right keyboard via "raspi-config" a. Login to your new Rpi image as user "pi" and create a new user. For example, to create the user "dranch" and add this account to the "dialout" and "sudo" group for serial port and sudo permissions: adduser dranch usermode -G dialout,sudo dranch b. If logged in from the Xwindows or VTY console, log out and log back in as the newly created user account and make sure you can both login and also run sudo commands c. Later, we will disable the "pi" account but we won't do it just yet 2. Install and configure a simple Iptables firewall sudo apt-get update sudo apt-get install iptables-persistent 3. Create an initial security based upon the rules from https://wiki.debian.org/iptables # # Please note that the above URL file points to the WRONG files installed by # iptables-persistent # (modified to allow SSH, not allow http and https) a. cd /etc/iptables if this directory doesn't exist, create it with: sudo mkdir /etc/iptables b. cp rules.v4 rules.v4.orig c. Change the default policies by running: vi rules.v4 and change the INPUT and FORWARD lines from "ACCEPT" to "DROP" d. vi rules.v4-test and paste in: -- *filter # Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0 -A INPUT -i lo -j ACCEPT -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT # Accepts all established inbound connections -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allows all outbound traffic # You could modify this to only allow certain traffic -A OUTPUT -j ACCEPT # Allows SSH connections # The --dport number is the same as in /etc/ssh/sshd_config -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT # Now you should read up on iptables rules and consider whether ssh access # for everyone is really desired. Most likely you will only allow access from # certain IPs. # Allow ping # note that blocking other types of icmp packets is considered a bad idea by # some remove -m icmp --icmp-type 8 from this line to allow all kinds of icmp: # https://security.stackexchange.com/questions/22711 -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT #Allow DHCP incoming addresses -A INPUT -p udp --sport 67 --dport 68 -j ACCEPT # Block but don't log local samba traffic - expand to whatever you need -A INPUT -p udp --sport 138 --dport 138 -j DROP # log iptables denied calls (access via 'dmesg' command) -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 # Reject all other inbound - default deny unless explicitly allowed policy: -A INPUT -j REJECT -A FORWARD -j REJECT COMMIT -- d. Activate the new ruless with the following command: # NOTE: If you made any mistakes in the file, once you activate the # firewall you run the risk of loosing your network connection. # If this happens, you'll need to re-connect to the Rpi via the # local keyboard and monitor and you can restore access with: # # iptables-restore < /etc/iptables/rules.v4.orig # RECOMMENDED: # Alternatively, I encourage you to use the /usr/local/sbin/firewall-confirm.sh # script that will rollback to the previous firewall if don't confirm # things are OK in 30 seconds #Load and merge the new settings iptables-restore < rules.v4; iptables-restore < /etc/iptables/rules.v4-test e. Hopefully you didn't loose your network connection to your Rpi (you wouldn't if you use the firewall-confirm.sh script). Confirm you still are getting the required network access. Also look at the output of "iptables -L" to confirm things look ok. f. If things look good, let's save the settings: iptables-save > /etc/iptables/rules.v4 g. If you're using the firewall-confirm.sh script and since you have a new firewall that seems to work, save that as your NEW fallback firewall ruleset: cp /etc/iptables/rules.v4 /etc/iptables/iptables-checked h. Now enable the firewall to start up upon boot vi /etc/network/if-pre-up.d/iptables -- #!/bin/sh /sbin/iptables-restore < /etc/iptables/rules.v4 -- i. Make the script executable with: chmod +x /etc/network/if-pre-up.d/iptables j. Reboot, log back in, and ensure that the output of "iptables -L" contains the two key lines as well as any other specific rules you expect to be there: Chain INPUT (policy DROP) and Chain FORWARD (policy DROP) -------------------------------- - Rpi initial setup, and applying Rapian patches 1. Run sudo raspi-config 2. Expand the file system and then reboot 3. Change: - Boot options - Select "Console" to avoid loading Xwindows and consuming all that RAM - International options - Locale - Timezone - Keyboard layout (on the console) IMPORTANT: If in the US and you're only presented with "English (UK)", select OTHER, then select "English (US)" - - Advanced options - hostname - SSH (enable this) - I2C (if you're going to use a TNC-Pi in I2C mode) - Serial (if your going to use TNC-Pi in serial mode, turn this OFF) 4. Disable the "pi" user or change the password Now that you created a new login and logged in as this new username. Again try using "sudo su" to ensure things work. If that works, now lockout the "pi" account: passwd pi -l NOTE: As mentioned above, I saw an issue here where I couldn't SSH in with that password that was set on the Rpi console. This turned out to be an issue with the wrong keyboard layout (default is UK and not US) set in the OS. Once I changed the mapping to US, I had to change the password again) 5. Remove any unneeded applications Depending on the Linux distro you installed on your Rpi, you probably brought in a bunch of stuff you won't need. I recommend you uninstall what you don't need. For example: #Wolfram GUI scientific package #triggerhappy - hotkey tool used for IR remote controls, etc # sudo apt-get remove --purge wolfram-engine libreoffice* nuscratch 6. Run: sudo apt-get clean sudo apt-get autoremove sudo apt-get update sudo apt-get upgrade sudo apt-get dist-upgrade 7. Prepare a new script to occasionaly purge old kernels vim /usr/local/sbin/remove-old-kernels.sh -- dpkg -l 'linux-*' | sed '/^ii/!d;/'"$(uname -r | sed "s/$.*$-$[^0-9]\+$/\1/")"'/d;s/^[^ ]* [^ ]* $[^ ]*$.*/\1/;/[0-9]/!d' # | xargs sudo apt-get -y purge echo -e "\n"You can edit this scipt to add the following line to the above line to auto-purge these packages" -- chmod 700 /usr/local/sbin/remove-old-kernels.sh sudo /usr/local/sbin/remove-old-kernels.sh 8. Update the RPI's firmware and possibly move to a better, bleeding edge kernel, etc - https://github.com/Hexxeh/rpi-update sudo rpi-update If the above program is not installed, do the following and then try again: sudo apt-get install rpi-update 9. Reboot to make all updates active sudo /sbin/shutdown -r now -------------------------------- Fixing some current Raspian issues (Gotchas) 1. My Rpi v2 running Jessie as of 3/5/16 won't reboot if you use the /sbin/shutdown or reboot or even "systemctl reboot" command. Evidently this is a known issue and is mentioned here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763315 To work around this, edit the /etc/init.d/rpcbind and /etc/init.d/nfs-common file and change their start up/down priorities from: # Default-Start: S # Default-Stop: 0 1 6 to: # Default-Start: 1 2 3 4 5 # Default-Stop: 0 6 Once that's in place, you need to reboot but maybe you can't. As such, I recommend you do the following: a. run this little script as root (sudo su) while [ true ]; do sync; sleep 1 done b. While that script is running, pull the power on the Rpi, wait 5 seconds and replace the power -------------------------------- Configure temporary file systems to minimize writes Run the "df" command and make sure key directories like: /run /run/lock /tmp /var/log/ use the "tmpfs" file system which is a ramdrive. It should look like: tmpfs 441580 6012 435568 2% /run tmpfs 5120 4 5116 1% /run/lock tmpfs 441580 0 441580 0% /sys/fs/cgroup tmpfs 20480 128 20352 1% /var/log tmpfs 1024 0 1024 0% /tmp This is the normal setup on new Jessie based Raspian but if you're using a different distro, it's important to check and fix if required. The new way to configure the use of RAM drives (but is unclear how any changes here will be retained when/if that script is updated): #NOTE: In Rasbian Jessie, it seems this is broken and they have moved back # to the fstab approach - https://github.com/debian-pi/raspbian-ua-netinst/issues/210 # # vi /etc/default/tmpfs # more specifics of operation can be found in "man tmpfs" the old way and evidently, new way: (pretty strait forward): #Only use tmpfs when required /etc/fstab -- tmpfs /tmp tmpfs defaults,noatime,mode=1777,size=1m 0 0 tmpfs /var/log tmpfs defaults,noatime,mode=0755,size=20m 0 0 # #/var/lock is still handled via the tmpfs system to /run and /var/lock is a symlink to /run/lock #tmpfs /var/lock tmpfs defaults,noatime,mode=0755,size=1m 0 0 -- Next, Noatime File system optimization Enable the noatime option to minimize file system writes on your root file system. For example on my Rpi2: vi /etc/fstab -- /dev/mmcblk0p2 / ext4 defaults,noatime 0 1 -- Go ahead and reboot the PI and make sure the various RAM drive mounts now are mounted to tmpfs -------------------------------------- Enable/Disable IPv6 upon booting If you want to disable IPv6, edit the /etc/sysctl.conf file and change the following lines to a "1" net.ipv6.conf.all.disable_ipv6 = 0 net.ipv6.conf.default.disable_ipv6 = 0 net.ipv6.conf.eth0.disable_ipv6 = 0 net.ipv6.conf.lo.disable_ipv6 = 0 -------------------------------------- TBD: Add ulog to remove iptable lines from /var/log/messages -------------------------------------- Enable power management for attached USB HDs #For some program compiling, doing it via NFS doesn't work (autoconf fails) and # as such, you need to compile things locally. If you use an external USB HD, # make sure it's auto-spin down feature is enabled #confirm that your HD APM level is set to 127 (not 128 or higher : default is 254) # values of 127 or lower allow the HD to power down # sudo /sbin/hdparm -B /dev/sda -- /dev/sda: APM_level = 254 -- #see if the HD is spinning now: /sbin/hdparm -C /dev/sda -- /dev/sda: drive state is: active/idle -- #For a temporary test, run the command: sudo /sbin/hdparm -B 128 /dev/sda To permanently support this, edit /etc/hdparm.conf and change: #apm = 255 to apm = 127 You can force the HD to spin down ASAP: sudo /sbin/hdparm -y /dev/sda -- /dev/sda: issuing standby command -- You can also force another timer in /etc/hdparm.conf to shutdown in say 10 minutes -- spindown_time = 120 -- -------------------------------------- Check and disabled unneeded services (the SystemD way) SystemD cheatsheet: http://www.dynacont.net/documentation/linux/Useful_SystemD_commands/ #show running daemons systemctl | grep running #I recommend to disable Avahi for it's network spamming systemctl disable avahi-daemon.service #See what else might be running ls /etc/rc3.d/ #(OPTIONAL Ideas): # # Disable Bluetooth on the Rpi update-rc.d -f bluetooth remove # # Disable the special key keyboard mapping tool update-rc.d -f triggerhappy remove #Disable the Rsync daemon update-rc.d -f rsync disable -------------------------------- Specific Syslog Fixes 1. As of 12/11/15, Rapian/Jessie has a syslog configuration error that throws errors like: rsyslogd-2007: action 'action 17' suspended, next retry is Fri Dec 11 15:18:31 2015 [try http://www.rsyslog.com/e/2007 to fix this, edit the /etc/rsyslog.conf file, find and delete the following stanza: -- daemon.*;mail.*;\ news.err;\ *.=debug;*.=info;\ *.=notice;*.=warn |/dev/xconsole -- 2. I would also recommend to delete the following stanza as it's redundant, and only consumes additional log space: -- *.=debug;\ auth,authpriv.none;\ news.none;mail.none -/var/log/debug -- 3. Once Iptables is enabled, it logs stuff to too many places. I recommend you follow this URL http://www.the-art-of-web.com/system/rsyslog-config/ but it's a little terse on what really needs to be done: a. Find the line: *.*;auth,authpriv.none -/var/log/syslog and change it to the following (adds the ",mail") *.*;auth,authpriv,mail.none -/var/log/syslog b. delete the lines: mail.info -/var/log/mail.info mail.warn -/var/log/mail.warn c. change the line mail.err /var/log/mail.err to mail.warn /var/log/mail.err d. Fine the line: kern.* -/var/log/kern.log and right after it, add: kern.debug stop Once edited, restart syslog with: service rsyslog restart And then delete the old logs: rm -f /var/log/debug* # --------------------------------------------------------------- Install email server and logrotate log notification tools #Install email server and log notification tools apt-get install postfix logwatch bsd-mailx # Postfix when prompted, configure postfix to be: "Internet with Smarthost" #In this example, I use: rpi2.trinnet.net #Smarthost / SMTP relay - In this example, I use mail.trinnet.net #edit the /etc/aliases file to point the "root" to a valid email address (off box) # - you need to change this to reflect your valid email address root: dranch@trinnet.net Run the command "newaliases" to activate the change Now test the system by running: echo "test1 " | mailx root Go see if the email was received on your chosen email address. If it wasn't you need to check the local and remote email logs. Do NOT proceed until this is resolved. #Install logrotate is installed - important to keep the RAM drive usage down apt-get install logrotate #edit the /etc/logrotate.conf file to enable bzip compression - Un # out the line "#compress" - Add the following just below the "compress" line -- # use bzip2 whith higher compression than gzip compresscmd /bin/bzip2 uncompresscmd /bin/bunzip2 compressoptions -9 compressext .bz2 -- - Edit the /etc/logrotate.d/rsyslog file to have the follow items at the TOP and delete any duplicate lines from any of the other stanzas in the file -- rotate 3 daily missingok notifempty delaycompress compress compresscmd /bin/bzip2 uncompresscmd /bin/bunzip2 compressoptions -9 compressext .bz2 -- # --------------------------------------------------------------- Install important sysadmin and monitoring tools #Install other useful programs # vim - better version of Vi # tcpdump - network monitor # lsof - tool to see what ports / files are open on the machine # gps - mouse program for cutting/pasting when in CLI mode # apt-get install vim tcpdump lsof gpm #only run GPM it when needed update-rc.d gpm remove # Serial terminal program apt-get install minicom #if /boot gets corrupt, you can fix it #Wheezy version of dosfstools is busted # http://www.raspberrypi.org/forums/viewtopic.php?p=495156 apt-get install dosfstools # Personal Preference: Enable Vim as system default text editor and not Nano # # http://raspberrypi.stackexchange.com/questions/5367/how-do-i-change-the-editor-used-by-visudo update-alternatives --set editor /usr/bin/vim.basic --------------------------------------------------------------- Create remote NFS mounts for compile scratch space (save the SD card) IMPORTANT NOTE: --------------- It seems that you CANNOT use autoconf (at least v2.69-8) over NFS Centos5 or Centos6: - https://bugzilla.redhat.com/show_bug.cgi?id=494042 http://gnu-autoconf.7623.n7.nabble.com/autoconf-hangs-due-to-autom4te-cache-and-NFS-problem-on-AIX-td10656.html Work around: You MUST build local to the SD card, or I would recommend to attach as USB HDD or SDD #Install NFS client programs sudo apt-get install nfs-common #This is required for mounting remote legacy NFS machines - the error seen is: # # mount.nfs: rpc.statd is not running but is required for remote locking. # update-rc.d -f rpcbind enable service rpcbind start #Update the remote NFS server's /etc/exports file and run "exportfs -avr" on it #On the local machine, edit the /etc/default/nfs-common file and change the line to: # Create the mounting script - change it to suit your environment # # NOTE: This script is specific to my environment -Please edit to suit your # environment # # /usr/local/sbin/mount-hampacket2-nfs.sh -- #!/bin/bash if [ ! -d /mnt/nfs ]; then mkdir /mnt/nfs fi #change the hampacket host to match your own internal NFS server mount -t nfs hampacket2:/usr/src/archive/RPi /mnt/nfs mount -t nfs hampacket2:/usr/src/archive/RPi/tmp /mnt/nfs -- chmod 700 /usr/local/sbin/mount-hampacket2-nfs.sh -------------------------------------------------------------- # Install the required tool-chains to start building packages and other mandatory # items apt-get update apt-get install build-essential apt-get install autoconf apt-get install libtool apt-get install checkinstall #Critical Note #------------- It's absolutely required that you have a local /tmp file system mounted on either a local USB HD or a remote NFS file system. Some programs like Direwolf, Node.js, etc. requires a lot more space than 512MB or 1GB of RAM to on a Rpi to compile things. As such, the system and will automatically overflow the build objects to the /tmp file system. If this happens without having a secondary mount, you will significantly reduce the life of your SD card due to many writes. I know because I killed one SD card this way! To support this, do something similar following temporary setting (required to be redone every reboot): umount /tmp mount /dev/mapper/vg_dranchlt3-lv_root /tmp rm /usr/src/archive ln -s /tmp/usr/src/archive/ /usr/src/archive --------------------------------------------------------------- #Dranch specific environment for compiling - edit to suit your needs 1. Attach USB HD 2. mkdir -p /mnt/lvm/root/home/ 3. mount /dev/mapper/vg_dranchlt3-lv_root /mnt/lvm/root 4. mount /dev/mapper/vg_dranchlt3-lv_home /mnt/lvm/root/home/ 5. ln -s /mnt/lvm/root/usr/src/archive/ /usr/src/archive --------------------------------------------------------------- Build VE7FET AX.25 packages from git mkdir -p /usr/src/archive/Rpi2-scratch/ git clone https://github.com/ve7fet/linuxax25.git cd linuxax25/libax25/ autoreconf --install ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var make -j8 #work around a checkinstall bug incorrectly reading RPM spec files mv libax25.spec libax25.spec.old #Temporarily work around a known glibc conflict mv /usr/include/netax25/ax25.h /usr/include/netax25/ax25.h.old sudo checkinstall --pkgname libax25 --pkgversion 1.0.5 --pkgrelease 1 --pkggroup \ hamradio --pkgsource https://github.com/ve7fet/linuxax25 --maintainer \ ve7fet@users.noreply.github.com --provides "ax25" description: This library is used for applications that use the ax25 protocol. Included are routines to do ax25 address parsing, common ax25 application config file parsing, etc. This development library package includes some man pages and include files for compiling applications which use libax25 #The above command will FAIL to install due to a conlfict. The recommendation # is to overwrite the file ANYWAY with the following command. Read more at: # https://github.com/ve7fet/linuxax25/issues/1 dpkg --force-overwrite --install libax25_1.0.5-1_armhf.deb # ------------------- # Next one: ax25-apps cd /usr/src/archive/Rpi2-scratch/linuxax25/ax25apps #Install Ncurses libraries as the call program requires it apt-get install libncurses5-dev autoreconf --install ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var make -j8 #work around a checkinstall bug incorrectly reading RPM spec files mv ax25apps.spec ax25apps.spec.old #work around a busted makefile /bin/mkdir -p /var/ax25/ax25rtd sudo checkinstall --pkgname ax25-apps --pkgversion 1.0.5 --pkgrelease 1 --pkggroup \ hamradio --pkgsource https://github.com/ve7fet/linuxax25 --maintainer \ ve7fet@users.noreply.github.com --provides ax25 --requires libax25 make install; make installconf description: This package provides specific user applications for hamradio that use AX.25 Net/ROM or ROSE network protocols #checkconfig will automatically install the package for you but if you manually # want to install it, use the following (configuration files aren't included in the checkinstall based deb) # dpkg --install ax25-apps_1.0.5-1_armhf.deb make installconf # ------------------- # Next one: ax25-tools cd /usr/src/archive/Rpi2-scratch/linuxax25/ax25tools autoreconf --install ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --datadir=/usr/share --datarootdir=/usr/share make -j8 #work around a checkinstall bug incorrectly reading RPM spec files mv ax25tools.spec ax25tools.spec.old sudo checkinstall --pkgname ax25-tools --pkgversion 1.0.3 --pkgrelease 1 --pkggroup \ hamradio --pkgsource https://github.com/ve7fet/linuxax25 --maintainer \ ve7fet@users.noreply.github.com --provides ax25 --requires libax25 make install; make \ installconf description: This package provides specific user applications for hamradio that use AX.25 Net/ROM or ROSE network protocols #checkconfig will automatically install the package for you but if you manually # want to install it, use the following (configuration files aren't included in the checkinstall based deb) # dpkg --install ax25-tools_1.0.3-1_armhf.deb make installconf --------------------------------------------------------------- Identify and test the soundcard #To view all output capable sound devices: aplay -L #My Syba USB sound device shows up as the following. It's important to use the # "plughw" unit and not others -- plughw:CARD=Device,DEV=0 C-Media USB Audio Device, USB Audio Hardware device with all software conversions -- # You can identify the soundcard's native sampling rates with this: sudo lsusb -vv | grep -e Audio -e tSamFreq | grep -v -e Descriptor -e bInterfaceClass #Alternatvely if you have a PCI-based card, use: sudo alsa-info --stdout | grep -A 12 -e "Codec:" -e "Audio Input" I see on my USB based Syba sound device the following sampling rates -- iProduct 1 C-Media USB Audio Device tSamFreq[ 0] 48000 tSamFreq[ 1] 44100 tSamFreq[ 0] 48000 tSamFreq[ 1] 44100 -- #To view all input capable sound devices: arecord -L #Record from the sound card for 10 seconds and puts a 960Kbyte file into the # RAM drive (/var/log) as configured above arecord -D plughw:CARD=Device,DEV=0 -t wav -f S16_LE -r 48000 -d 10 /var/log/test.wav #If you have speakers connected to the Rpi, you can listen to the recorded file via # the "Default" soundcard output (this will be the RPI's built-in soundcard. If # there aren't any speakers connected to the Rpi, you can use tools like scp to # send the file to another computer that DOES have speakers connected aplay /var/log/test.wav #If you don't hear anything, audio might be routed to the HDMI port, change it # to the analog jack amixer cset numid=3 1 #analog jack amixer cset numid=3 2 #HDMI jack #To play to the Syba sound card (assuming you temporily connected speakers to it: aplay -Dplughw:CARD=Device,DEV=0 /var/log/test.wav #If you select the wrong ALSA device, you might see the error: aplay: set_params:1239: Channels count non available # Even better... record and playback in real time to Rpi's headphone jack # # This method is VERY helpful for getting the initial audio levels # arecord -D plughw:CARD=Device,DEV=0 -t wav -f S16_LE -r 48000 -d 10 - | \ aplay -Dplughw:CARD=Device,DEV=0 - # Identify native sampling rates lsusb -vv | grep -e Audio -e tSamFreq | grep -v -e Descriptor -e bInterfaceClass --------------------------------------------------------------- Setting up the Sound Card levels for 1200BAUD AFSK Packet Radio - This example is using a Yaesu FT-415 HT with a simple PTT circuit connected to GPIO pin: SQL : 0 VOL : 2.9 out of Connect a knwon good USB sound device *directly* to the Rp2. The Direwolf User-Guide.pdf file highlights some known good devices and it's important that not all devices either work well with the Raspberry Pi though they may work ok on a X86 based machine! I'm personally using a Syba device that is reliable but also doesn't spew RF noise on 144.000Mhz! http://www.tigerdirect.com/applications/searchtools/item-details.asp?EdpNo=8396055&SRCCODE=WEBGOOPA&scid=scplp713054&gclid=CPuLrL2hoskCFYdBfgodFNEHuQ NOTE: There are known issues with Direwolf using sound devices connected behind a USB hub (powered or not). Therefore, connect the device DIRECTLY to one of the USB ports on the Rpi The following levels are the right levels for my specific setup. Please read the next section to better understand how to test your levels Run "alsamixer" - F6 to select right sound card - in my case: C-Media USB Audio Device - F3 playback Set the "speaker" level at 19:19 and is activated (that's shown as 00 in the bottom box of the vertical slider) Set the "Mic" (this is the monitor) to MUTED by hitting the M key (that's shown as MM in the bottom box of the vertical slider) Auto Gaim control - selected (that's 00) [need to understand if this should be on or off - use M to disable] - F4 Capture Set the "Capture" to 31 and "Capture" is abled by using the spacebar - F5 How All controls Some specific sound cards don't show their AGC controls in the "F3 - playback" window so it's best to double check here - Hit the Escape key to exit Save the new soundcard levels: alsactl store It's worth noting that if you aren't going to be using this document's startup scripts, be sure to use: alsactl restore in your scripts to reliably restore the soundcard levels --------------------------------------------------------------- Soundcard microphone bias voltage and choosing GPIO pins Radio PTT line IMPORTANT: Microphone Bias Voltage: ----------------------------------- Before you connect your radio to your soundcard, it's CRITICAL that you check to see if: 1) Your soundcard's microphone jack does or doesn't provides a "bias" voltage for condenser-type microphones. 2) Your radio's microphone jack does or doesn't provide a "bias" voltage for condenser-type microphones On my chosen Syba USB soundcard, it puts out +5.0v on the tip of the mono-style microphone jack! I've checked with the CM108 schematics and programming API and this voltage cannot be turned off. As such, it's CRITICAL that you insert a 10uF capacitor between the soundcard and your radio. Any ceramic or electrolytic capacitor will work fine to isolate this DC voltage offset do but if you use an electrolytic style cap, make sure the POSITIVE lead is connected to the sound-card side (the site that's providing the voltage). Once you've checked the soundcard side, check the radio side as well and if it also provides an bias voltage, it too will need a capacitor. GPIO pins for PTT ----------------- There are multiple ways to connect the RPi to your radio's PTT line depending on the radio, etc. For this example, I'm using this simple transistor circuit found here for my Kenwood TH-F6A HT:: http://www.dunmire.org/projects/DigitalCommCenter/soundmodem/mySoundCardInterface.png CRITICAL NOTE: -------------- Every radio is different and the above connections will need to be changed to conform to your specific radio. For example, I've used an Alinco DJ-580 and it's PTT connections are radically different. Unless you modify the connections to suit your radio, you run the very real risk of damaging your USB sound card and the radio itself! Alternatively, you can also build the PTT circuit that's found in the Direwolf Raspberry-Pi-APRS.pdf doc or a nice PCB version available for order here from James N7SET: https://github.com/jaymzx/RPi-WD-Packet-Interface Put that on say a proto HAT: https://www.adafruit.com/products/2310 and you have a very slick setup! Anywya, now you need to select which GPIO pin on the Rpi your going to use. It's important to note that some GPIO pins are pulled HIGH (+3.3v) by default: GPIO 2, GPIO 3, GPIO 4, GPIO 7, GPIO8 and possibly GPIO 14 too If you use one of these pins with the simple PTT circuit above, whenever your Rpi is rebooting or is powered yet off, it will leave your radio keyed up! That's BAD so DON'T use one of those above GPIO pins. Ok, so what pins to use? Well, the Rpi1 and Rpi2 can have it's various GPIO pins connected to several other internal functions depending on it's pin "mode". Unforunately, there are a *LOT* of incorrect data out on the Internet as many sites don't show the alternastive modes for each of the pins. Here is one of the better pin diagrams showing the different pins and their modes. Pay specific attention to the different *colors*: http://www.keytosmart.com/wp-content/uploads/2014/07/B_Diagram_large-212x300.png Here is a nice interactive tool for Rpi pinouts too with lots more detail http://pinout.xyz/ As such, I'm using the following GPIO connection for the PTT control that don't have any other alternative mode functionality: Rpi pin37(GPIO 26) to RS232 DB9-pin7(RTS) Rpi pin39(GND) to RS232 DB9-pin5(GND) Btw, there is an optional feature in Direwolf to set a GPIO pin when a valid HDLC signal (DCD) is present. Consider connecting up an LED and a 500ohm resistor to a GPIO pin to use it. Very helpful! --------------------------------------------------------------- Compile, Configure, and Test Direwolf 1. cd /usr/src/archive/Rpi2-scratch/ 2. Get a copy of Direwolf v1.3 (current as of 11/21/15) wget https://github.com/wb2osz/direwolf/archive/1.3-dev-F.zip 3. Uncompress it and go into the directory unzip 1.3-dev-F.zip cd direwolf-1.3-dev-F 4. Download and apply Makefile.linux patch which fixes several issues wget http://www.trinityos.com/HAM/CentosDigitalModes/usr/src/redhat/SOURCES/direwolf-1.3F-makefile.patch patch -p0 < direwolf-1.3F-makefile.patch 5. Install the required Dependencies sudo apt-get install libasound2-dev 6. Prep the sources and compile Direwolf make tocalls-symbols make -j8 7. Package and install Direwolf sudo checkinstall --pkgname direwolf --pkgversion 1.3.F --pkgrelease 1 --pkggroup \ hamradio --pkgsource https://github.com/wb2osz/direwolf --maintainer \ wb2osz@users.noreply.github.com --provides "tnc" make install; make install-conf description: Dire Wolf is an amateur radio soundcard TNC and APRS encoder/decoder to be used stand-alone to observe APRS, a digipeater, APRStt gateway, or IGate. It can also be used as a virtual KISS TNC for applications such as Xastir, Linux AX25, and many others NOTE: if you get a "disk full" error here, it's important that you follow the above temporary /tmp mount to a local USB HDD or NFS mount to. Alternatively, you can try increasing the tmpfs RAM drive size for /tmp but you only have 1GB of RAM available and I do NOT recommend to exceed 50% of that space. #checkconfig will automatically install the package for you but if you manually # want to install it, use the following (configuration files aren't included in the checkinstall based deb) # dpkg --install direwolf_1.3.F-1_armhf.deb make install-conf 8. To configure Direwolf, edit the /etc/ax25/direwolf.conf file and set the following parameters for your specific needs. For additional parameters, please read the Direwolf User-Guide.PDF for more details found in /usr/share/doc/direwolf/User-Guide.pdf change the line: # ADEVICE plughw:1,0 to ADEVICE plughw:1,0 -- change the line: MYCALL N0CALL to MYCALL -- change the line: MODEM 1200 to MODEM 1200 E+ /3 -- change the line (for my specifically chosen GPIO pin): #PTT GPIO 25 to PTT GPIO 26 -- optionally consider to enable a GPIO pin for the DCD signal #DCD GPIO 25 to DCD GPIO 13 -- Under the "PTT" or "DCD" GPIO line, add the following parameters. These settings depend on the key-up and key-down speed of your radio. A setting of 30 means 300ms which is pretty conservative. You ideally want these to be as fast as possible. NOTE: If the TXTAIL setting is too short, I've seen where an AX.25 connection cannot gracefully disconnect via issuing the "b" command. I had to change the TXTAIL variable from 10 to 50 to get things to work properly TXDELAY 30 TXTAIL 50 -- Unless you plan on using the TCP KISS (not the same as "serial KISS") feature or the AGW/PE API support (Direwolf does *not* support connected sessions for things like Outpost, etc), then plan on disabling both of these: change the line (for my specifically chosen GPIO pin): AGWPORT 8000 KISSPORT 8001 to AGWPORT 0 KISSPORT 0 -- Depending on your use of your packet station, you might want to tune the FIX_BITS section to be either APRS centric or standard packet centric. FIX_BITS 1 AX25 9. Test out Direwolf in it's stand alone more and enable all it's settings to better tune it's levels #Other options you might be interested in #-q d : supress APRS decodes #-q h : supress heard levels #-t 0 : disable colors #-d o : show output for asserting DCD and PTT lines #-a n : print out number of samples for N sections # direwolf -t 0 -d o -a 100 -c /etc/ax25/direwolf.conf HINT: If you started Direwolf with it's coloring enabled and now all your console text is blinking, you can use the command "tput reset" to clear things out. When Direwolf is running, there are two key things to monitor 1. The sampling rate matches the configured rate. If it deviates beyond the expected rate too much, things won't work at all. ADEVICE0: Sample rate approx. 44.1 k, 0 errors, receive audio level CH0 92 2. Direwolf reported audio levels is roughly around a level of 50 on average for various heard remote stations K6FB-1 audio level = 57(26/14) [NONE] ___|||||| --------------------------------------------------------------- Configure the AX.25 system 1. cd /etc/ax25 2. vi axports Comment out all the port definitions except "vhfport" Edit the vhfport to reflect your own settings: For me, I'm using "KI6ZHD-6" as I already have a packet station on KI6ZHD (aka KI6ZHD-0), KI6ZHD-1, KI6ZHD-2, etc Depending on the quality of your radio, antenna, nearby stations, etc. you can change the PACLEN to 255 and the WINDOW to 4 NOTE: If you plan on running Netrom, the max you should put here is 253 3. Download my two example AX.25 startup scripts wget http://www.trinityos.com/HAM/CentosDigitalModes/RPi/etc/ax25/ax25-up.new wget http://www.trinityos.com/HAM/CentosDigitalModes/RPi/etc/ax25/ax25-up.new2 wget http://www.trinityos.com/HAM/CentosDigitalModes/RPi/etc/ax25/ax25-down chmod 744 ax25-down chmod 744 ax25-up.new chmod 744 ax25-up.new2 4. You will need to do minor edits the ax25-up.new file to suit your needs but the key parameters to change are: TXDELAY=400 TXTAIL=50 5. Please note that the AX.25 parameters configured in the ax25-up.new script will OVERRIDE the paramters oroginally configured in /etc/ax25/direwolf.conf. It's recommended to have the TXDELAY and TXTAIL parameters in both files aligned --------------------------------------------------------------- Bring up the AX.25 system Assuming that everyting is configured from all the steps above, start up the Linux AX.25 stack: /etc/ax25/ax25-up.new It should look something like: # ./ax25-up.new ----------------------- ax25-up.new starting up Sat Nov 28 15:17:30 PST 2015 axudp port not enabled in /etc/ax25/axports.. skipping TNC Type: direwolf Restoring audio levels on soundcard Starting direwolf Installing one KISS connection on PTY port /tmp/kisstnc PTS0 device: /dev/pts/3 Setting kissparms (changes only shown in /var/log/packet.log) Displaying current system kissparms -- AX25 protocol mode (0=Norm* 1=Extd) : 0 AX25 backoff type (0=Linear 1=Expon*) : 1 AX25 connect mode (0=none 1=network 2=all*) : 2 AX25 Extd window size (num of unacked packets 32*) : 32 AX25 idle timeout (idle session timeout in M 20*) : 0 AX25 AXIP mode (0=Datagram* 1=VirtConnection) : 0 AX25 max packet size (256*) : 256 AX25 max packet retry count (10*) : 10 AX25 protcol version (DAMA Slave) : 0 AX25 STD window size (num of unacked packets 2* ) : 2 AX25 T1 timer (unacked packet retry 10000mS*) : 10000 AX25 T2 timer (wait for 2nd RX packet 3000mS*) : 3000 AX25 T3 timer (link still up check 300000mS*) : 300000 Port vhfdrop attached to ax0 Listen started and displaying on tty6 You can also see more details in /var/log/packet.log # ./ax25-down Ending listen - 16879 16878 Stopping Kissattach spattach: no process found Detach Ax/Nr/Sp Devices Stopping mkiss mkiss: no process found Stopping Direwolf Ax25 Stopped *** #--------------------------------------------------------------- Enable log rotation for packet logs # add log rotation for ax25-listen log /etc/logrotate.d/ax25-listen -- /var/log/ax25-listen.log { rotate 3 daily missingok notifempty copytruncate delaycompress compress compresscmd /bin/bzip2 uncompresscmd /bin/bunzip2 compressoptions -9 compressext .bz2 } -- # add log rotation for the packet.log that records the start/stop and direwolf /etc/logrotate.d/packet -- /var/log/packet.log { rotate 3 daily missingok notifempty copytruncate delaycompress compress compresscmd /bin/bzip2 uncompresscmd /bin/bunzip2 compressoptions -9 compressext .bz2 } -- NOTE: It's important to use the "copytruncate" command for some logs as these files are getting appended from various Unix redirects and NOT syslog. Since you cannot send say SIGUSR1 to re-evaluate their new file handle for the newly created file NOTE2: Once these files are present, the logrotate system will automatically start using them #--------------------------------------------------------------- Install Linpac for Connected and UnConnected packet QSOs and PBBS cd /usr/src/archive/Rpi2-scratch wget http://downloads.sourceforge.net/project/linpac/LinPac/0.24/linpac-0.24.tar.gz wget http://sourceforge.net/projects/ax25mail/files/ax25mail-utils/0.13/ax25mail-utils-0.13.tar.gz #First, let's install the ax25mail-utils tar xzvf ax25mail-utils-0.13.tar.gz cd ax25mail-utils-0.13 ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var make -j8 sudo checkinstall --pkgname ax25mail-utils --pkgversion 0.13 --pkgrelease 1 --pkggroup \ hamradio --pkgsource https://sourceforge.net/projects/ax25mail --maintainer \ ki6zhdattrinityos.com --provides ax25mail-utils --requires ax25-tools,perl \ make install description: A set of utilities for packet radio mail exchange with the BBS. For use with the Linpac terminal programs as well as others -- #Ok, now let's compile and install Linpac cd .. tar xzvf linpac-0.24.tar.gz cd linpac-0.24 ./configure --prefix=/usr make -j8 #Work around: There seems to be some strange bugs with Linpac's installer on # Debian Jessie but these commands will help work around the issue /bin/mkdir -p "/usr/share/linpac/contrib" /bin/mkdir -p "/usr/share/doc/linpac/czech" /bin/mkdir -p "/usr/share/linpac/macro/cz" /bin/mkdir -p "/usr/libexec/linpac" sudo checkinstall --pkgname linpac --pkgversion 0.24 --pkgrelease 1 --pkggroup \ hamradio --pkgsource https://sourceforge.net/projects/linpac/files/LinPac/ --maintainer \ ki6zhdattrinityos.com --provides linpac --requires libax25,ax25-apps,ax25-tools,libncurses5-dev make install description: Linpac is a modular console-oriented packet radio terminal for Linux with a built-in messaging client. Using Linux's native AX.25 network stack, it can support eight concurrent connected sessions (QSOs) as well as send UNPROTO packets (UI) to any preconfigured ax25 digi path. #Now lets configure Linpac # A few things you need to know first # 1. If you want the buil-in display of AX.25 traffic to display, you either # a. need to run Linpac as root (what we are showing in this doc) # b. make the listen program SUID root # c. setup and configure ax25spyd (not documented here) 1. Make sure your root 2. run the command "linpac" 3. When prompted for your callsign, enter in your callsign without and trailing SSID. For example, enter in "KI6ZHD" and not "KI6ZHD-6" 4. When prompted for your home BBS callsign, you can either enter in a valid BBS address or skip it. For this example, I'm using: N0ARY-1 5. When prompted for "name of port to connect", in this example, we are using "vhfdrop" 6. When prompted for "the digipeaters used to connect", just hit enter 7. When prompted for "Enter the full hierarchical address", put in the correct address. For my example, I'm using "ki6zhd@N0ARY.#NCA.CA.USA.NOAM" 8. At this point, a set of configurations will go into /root/LinPac/ and Linpac will automatically start. For now, exit Linpac using ":sys" 9. Edit /root/Linpac/macro/init.mac and find the lines that start with: mycall@1 KI6ZHD For this example, I want only KI6ZHD-6 to connect to the F1 keyboard key and only this SSID. As such, I'll edit this line to read: mycall@1 KI6ZHD-6 I then will insert ";;" in front of the other "mycall" lines If you plan on making any UNPROTO messages, consider editing the "undest" line. For my QTH, I have: unsrc "KI6ZHD-6" undest "David KLPRC3 KBERR KRDG KBERR KVOLC KBETH TAH0E" 10. Configuring other aspects of Linpac is beyond this document but you might consider: a. the display parameters in init.mac -- statline15 chnline 30 infoline 5 swapedit redraw -- b. configure starting Linpac via the included shell script found in /usr/share/linpac/contrib/start-linpac.sh . If you want to use this script, you'll also need to do two things: 1. install screen with: apt-get install screen 2. As the root used, edit the script /usr/share/linpac/contrib/start-linpac.sh and change the line that reads: screen -c $HOME/.screenrc-svxlink -S linpac sudo linpac to screen -S linpac sudo linpac #--------------------------------------------------------------- Make a backup of your microSD card 1. Shutdown the Rpi with: /sbin/shutdown -h now 2. Unplug the power cord from the Rpi 3. Eject the microSD card from the Rpi and install it into a different Linux machine's card reader 3. run dmesg to confirm SD card device is present - for me, it's /dev/mmcblk0 4. mount the Rpi image with: mkdir -p /mnt/tmp mount /dev/mmcblk0p2 /mnt/tmp 5. Clear out all unused space for max compression time dd if=/dev/zero of=/mnt/tmp/bigfile.dd bs=1m rm -f /mnt/tmp/bigfile.dd 6. Unmount the image umount /mnt/tmp 7. Install the xz compressor apt-get install xz 8. Take a dd image of the card: dd if=/dev/mmcblk0 bs=1M | xz -9 > ki6zhd-jessie-w-linpac.dd.gz A 16GB microSD card with 3.08GB used would dd to a file size of 15560867840 (15.56GB) but after xz compression, it was 1546935796 (1.54GB) 9. Remove the microSD card and put it back into your Rpi2 10. Power back up your Rpi2 #--------------------------------------------------------------- - Auto start the packet system and advanced services 1. Edit /etc/rc.local and at the end of the file, add the following lines: echo -e "\nStarting packet system" /etc/ax25/ax25-up.new 2. If you want to auto-start some of the other packet services, edit the /etc/ax25/ax25-up.new script and at the bottom, un-#ed out the line: /etc/ax25/ax25-up.new2 $TNCTYPE # -------------------------------------------------------------------- LEFT OFF HERE - below still needs to be updated from Wheezy to Jessie # -------------------------------------------------------------------- Get good NTP time if we have Internet access #install the ntpdate program #apt-get install ntpdate #Stop ntpd running for a moment systemctl stop ntp #Set the date / time assuming you have a working internet connection and a valid ntp.conf file ntpdate -b `grep ^server /etc/ntp.conf | head --lines=1 | awk '{print $2}'` #Stop ntpd running for a moment systemctl stop ntp Setting up the GPS Dantracker currently does NOT support gpsd and - only supports GPSes on /dev/ttyUSB* - only supports NEMA GPSes - does not initialize SiRF GPSes to send NEMA - does support for setting the time via GPS once a day concerns: - even if I disable dantracker GPS & gpsd and just run: cat /dev/ttyUSB0 > /dev/null the impact hits direwolf where it under-samples and then fails to do decodes: Past 100 seconds, 4275495 audio samples, 0 errors. see http://astrobeano.blogspot.com/2012/10/pharosmicrosoft-gps-360-on-raspberry-pi.html for details #Plugin in the USB based GPS and figure out what device it gets dmesg #now find it's serial device ls /dev/serial/by-id #For me, it's ls -la usb-Prolific_Technology_Inc._USB-Serial_Controller_D-if00-port0 #Install the required software apt-get install gpsd gpsd-clients #now configure gpsd to use - /dev/serial/by-id/usb-Prolific_Technology_Inc._USB-Serial_Controller_D-if00-port0 sudo dpkg-reconfigure gpsd # NOTE: you might need to specify "-n" as an optional parameter for your specific GPS #Test it for a single run - FOREGROUND killall gpsd sudo gpsd -N -D3 -n /dev/serial/by-id/usb-Prolific_Technology_Inc._USB-Serial_Controller_D-if00-port0 #Test #2 - set to NEMA mode and display the raw output gpsctl -f -n /dev/ttyUSB0 #If setting to NEMA mode fails, try: gpsmon -n /dev/ttyUSB0 #If that's working, now try this to see if it will work all the time sudo /etc/rc3.d/S04gpsd start #Now try out a gpsd client with either gpsmon or gpsmon -n or cgps # You also might like cgps # Until DanTracker supports gpsd, disable it from starting update-rc.d gpsd disable #disable gpsd from auto-starting when connected to the USB bus dpkg-reconfigure -plow gpsd ------------------------- Enable ntpd to get time from gpsd #Ok, get ntp to support it sudo cp /etc/ntp.conf /etc/Old/ntp.conf-092814 sudo vim /etc/ntp.conf -- server 127.127.28.0 minpoll 4 maxpoll 4 fudge 127.127.28.0 time1 0.000 refid SHM stratum 15 -- old try was -- server 127.127.28.0 fudge 127.127.28.0 time1 0.420 refid GPS server 127.127.28.1 prefer udge 127.127.28.1 refid GPS1 -- or -- -- #In troubleshooting, there might be an issue with the GPS being accessed by gpsd sudo usermod -aG dialout nobody #THere could be problems where it's not polling very often (notice the 71m delay) # Seems if another program is running like cgps, then ntpd works. Hmmm $ ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== +carbon.neersigh 200.98.196.212 2 u 172 256 373 85.801 0.216 22.702 +jarvis.arlen.io 164.244.221.197 2 u 46 256 377 48.269 1.420 21.650 -time01.muskegon 204.9.54.119 2 u 100 256 377 74.713 6.046 53.822 *time.tritn.com 66.220.9.122 2 u 182 256 377 20.031 -0.125 0.134 SHM(0) .GPS. 0 l 71m 64 0 0.000 399.598 0.000 SHM(1) .GPS1. 0 l - 64 0 0.000 0.000 0.000 ------ Dan tracker Need to integrate hampacket2:/usr/src/archive/RPi/n7nix-udrtracker-install.txt #Update the config - Dantracker currently ONLY supports devices like ttyUSB0 # (not /dev/serial/by-id/usb-Prolific_Technology_Inc._USB-Serial_Controller_D-if00-port0 ) vi /etc/tracker/aprs_tracker.ini -- port = /dev/ttyUSB0 -- #You have to get the GPS running in NEMA mode first sudo gpsd -N -D3 -n /dev/ttyUSB0 /etc/tracker/tracker-up To view the current system, use: http://192.168.0.10:8080/tracker.html or http://192.168.0.10:8081/spy.html # Is this needed for N7NIX DanTracker? /etc/init.d/prepare-dirs -- #!/bin/bash # ### BEGIN INIT INFO # Provides: prepare-dirs # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Required-Start: # Required-Stop: # Short-Description: Create /var/log/nginx directory on tmpfs at startup # Description: Create /var/log/nginx directory on tmpfs at startup ### END INIT INFO DIR=/var/log/lighttp # # main() # case "${1:-''}" in start) # create the /var/log/nginx needed by webserver if [ ! -d ${DIR} ]; then mkdir ${DIR} chmod 755 ${DIR} fi ;; stop) ;; restart) ;; reload|force-reload) ;; status) ;; *) echo "Usage: $SELF start" exit 1 ;; esac -- chmod 755 /etc/init.d/prepare-dirs update-rc.d prepare-dirs defaults 01 99 # --------------------------------------------------------------------------------- # Rpi-based Access Point (AP Infrastructure mode) Wireless Setup (INCOMPLETE: work in progress): # --------------------------------------------------------------------------------- Wifi details are a mix of: http://lcdev.dk/2012/11/18/raspberry-pi-tutorial-connect-to-wifi-or-create-an-encrypted-dhcp-enabled-ad-hoc-network-as-fallback/#comment-640 and http://xmail.selfip.org/wordpress/?p=1 and http://unix.stackexchange.com/questions/44851/setting-up-ad-hoc-in-debian-with-dhcp # Recommended: hostapd and dnsmasq # https://help.ubuntu.com/community/WifiDocs/WirelessAccessPoint # Using Hostapd and ISC dhcpd # https://learn.adafruit.com/downloads/pdf/setting-up-a-raspberry-pi-as-a-wifi-access-point.pdf # Confirm your Wifi USB device is seen: dmesg | less -- [667667.424884] usb 1-1.2.1: New USB device found, idVendor=7392, idProduct=7811 [667667.424928] usb 1-1.2.1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [667667.424949] usb 1-1.2.1: Product: 802.11n WLAN Adapter [667667.424968] usb 1-1.2.1: Manufacturer: Realtek [667667.424998] usb 1-1.2.1: SerialNumber: 00e04c000001 [667668.197127] usbcore: registered new interface driver rtl8192cu -- ifconfig wlan0 | less -- wlan0 Link encap:Ethernet HWaddr 80:1F:02:AA:29:CA UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) -- #If you use a Wifi USB dongle using the Realtek RTL8192cu (aka RTL8188CUS) chipset, # you need to read this (tiny Edimax EW-7811n, etc) # http://blog.sip2serve.com/post/38010690418/raspberry-pi-access-point-using-rtl8192cu # # this URL gives a more supportable approach: https://communities.intel.com/thread/60690 # # Specifically, as of 06/07/15, hostapd 1.0-3+deb7u2 is broken for the RTL8192 # chip so we need to update the binary #Install the required software apt-get update apt-get install hostapd #If using a realtek 8192 device, you need an alternative hostapd daemon: sudo mv /usr/sbin/hostapd /usr/sbin/hostapd.orig # this will NOT fit on the Rpi's RAM drive cd /var/tmp wget http://adafruit-download.s3.amazonaws.com/adafruit_hostapd_14128.zip #alternatives # wget http://www.daveconroy.com/wp3/wp-content/uploads/2013/07/hostapd.zip # http://willhaley.com/willhaley/blog/raspberry-pi-hotspot-ew7811un-rtl8188cus/ # --> errors with # rtl871x_set_hidden_ssid_ops # ioctl[RTL_IOCTL_HOSTAPD]: Invalid argument # wlan0: Setup of interface done. unzip adafruit_hostapd_14128.zip sudo mv hostapd /usr/sbin sudo chmod 755 /usr/sbin/hostapd rm adafruit_hostapd_14128.zip #Next, confirm it can be interrogated -- sudo iwconfig rose5 no wireless extensions. rose2 no wireless extensions. wlan0 unassociated Nickname:"" Mode:Managed Frequency=2.412 GHz Access Point: Not-Associated Sensitivity:0/0 Retry:off RTS thr:off Fragment thr:off Encryption key:off Power Management:off Link Quality:0 Signal level:0 Noise level:0 Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0 -- # Confirm that your Wifi device can act as an AP (not all can!). If this doesn't # report back with a "0", you need a different Wifi USB device # HW identification # https://help.ubuntu.com/community/WifiDocs/MasterMode -- rpi:/etc/ax25# sudo iwconfig wlan0 mode master rpi:/etc/ax25# echo $? 0 -- #Disable it from starting by default - we want to start this # from rc.local to support the DIP switch setting sudo update-rc.d hostapd disable #Update the SysV config startup script sudo vi /etc/default/hostapd -- DAEMON_CONF="/etc/hostapd/hostapd.conf" -- #Create and Edit the hostapd config zcat /usr/share/doc/hostapd/examples/hostapd.conf.gz > /etc/hostapd/hostapd.conf vim /etc/hostapd/hostapd.conf -- #Wireless device name interface=wlan0 #Wifi device driver depends on your USB device # I'm using the problem Edimax RTL8192 based device #driver=nl80211 driver=rtl871xdrv #SSID announcement for this device ssid=RPi #Specific country youre in country_code=US #limit frequencies to specified country ieee80211d=1 #allow 802.11b too hw_mode=g #select the least used channel channel=11 #How often to send SSID broadcasts beacon_int=100 #allow WPA/WPA2 only auth_algs=1 #If you want to hide your SSID broadcasts, set this to 1 ignore_broadcast_ssid=0 #enable multi-media prioroty wmm_enabled=1 #disassociate remote sessions that are taking on high errors # enable this for better battery life; disable this to keep the link up at all costs #disassoc_low_ack=1 #enable 802.11n ieee80211n=1 #enable WPA2 only wpa=2 #The WPA2 64 charcter HEX key or 8 to 63 character passphrase for your network #wpa_psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef wpa_passphrase=YOURPASSPHASE #Use PSK and not EAP wpa_key_mgmt=WPA-PSK #Use AES encryption rsn_pairwise=CCMP #Support high performance wifi ht_capab=[HT40+][HT40-][SHORT-GI-40][RX-STBC1] #Don't refuse association with remote client if they don't support HT Phy negotiation require_ht=0 -- #Note: This configuration does NOT support routing traffic from the Wifi network to a # wired network. It's easy to add but it doesn't do this today # Next, edit the /etc/network/interfaces file -- auto lo eth0 wlan0 iface wlan0 inet static address 10.10.10.1 netmask 255.255.255.0 #allow-hotplug wlan0 -- #Disable Network-Manager from trying to manage this device - change the MAC address # to match yours as found from above using the ifconfig command # vim /etc/NetworkManager/NetworkManager.conf -- [keyfile] unmanaged-devices=mac:80:1F:02:AA:29:CA -- #If things don't work right, try debugging with: service hostapd stop hostapd -dd /etc/hostapd/hostapd.conf #---------------------------------------------------------------- # Legacy Wifi Ad-Hoc approach (works with Motorola Droid2 running Android GingerBread # (does not work with LG G3 running Android Kitkat or Lolipop # # see /usr/local/sbin/start-wireless-adhoc.sh for all details #---------------------------------------------------------------- apt-get install dnsmasq dnsmasq-base dnsmasq-utils #We only want it to start manually update-rc.d dnsmasq remove vim /etc/dnsmasq.conf -- interface=wlan0 no-dhcp-interface=eth0 domain=rpi-trinnet.net dhcp-range=10.10.10.10,10.10.10.150,255.255.255.0,12h -- #Make the required dnsmask dir if it was removed mkdir /var/run/dnsmasq/ sudo nano /etc/network/interfaces -- #if there is any other line that has "auto lo" in it, REMOVE it auto lo eth0 wlan0 iface lo inet loopback iface eth0 inet dhcp #This is intentionally set to manual to support the selection of client or server AP mode iface wlan0 inet manual allow-hotplug wlan0 -- update /etc/hosts add rpi to reflect local wireless address Add addresses to reflect /etc/ax25/ax25ipd.conf 1.1.1.1 f3kt-0 f3kt.dyndns.org 88.149.155.158 iz3lsv-0 1.1.1.1 on4hu-0 on4hu.be 1.1.1.1 k4gbb-0 k4gbb.servftp.com #Update the fbb stuff update the details in /etc/ax25/fbb/beacon0.sys port.sys needs updating too --RESEARCH-- dir /etc/ax25/fbb needs sed search/replace for all CAPS F6BVP #Update the default editor update-alternatives --config editor # ---------------- #Now configure your primary Wifi interface ifconfig wlan0 down sudo wpa_cli # Note: if this program won't start, pull out the USB Wireless device and put it # back in again that should re-prod NetworkManager to get it running #Now, get the name of any pre-configured wireless devices and put them into the # start-adhoc script wpa_cli --> scan --> scan-results --> add_network --> set_network 0 ssid "enter-your-previously-shown-BSSID-here" --> set_network 0 psk "enter-your-wpa2-key-here" --> enable_network 0 --> save_config Get a copy of /usr/local/sbin/start-adhoc.sh chmod 700 /usr/local/sbin/start-adhoc.sh # ------------------------------------------------------------------------ If you're using an HT, make sure that you disable the RX power saver and the Automatic power off # ------------------------------------------------------------------------ Check out http://dantracker.tk/tracker.html for more RPi optimizations, etc # ------------------------------------------------------------------------ # This note is only relevant for F6BVP's based Rpi image (obsolete) You can update the various F6BVP code, AX25 stack, etc. from the included scripts: cd /usr/local/src/ Instax25.new updAX25 updfbb updfpac # --------------------------------------------------------------- # The Rpi's HW watchdog is disabled by default though the init script runs (stupid) If you want to use the watchdog to keep your system up though it might be constantly rebooting (and/or corrupting the SD card), edit the /etc/init.d/watchdog script Add watchdog https://hallard.me/raspberry-pi-read-only/ ------------------- # Building a shutdown button for an Rpi much like a PC's ATX power button: https://wiki.melbournemakerspace.org/projects/pishutdown # Maybe install Xastir - old though - currently at 2.0.4 apt-get install xastir # --------------------------------------------------------------- # Possibly Deprecated # --------------------------------------------------------------- # --------------------------------------------------------------- ?Still needed for Jessie? # /var/log items go into the tmpfs ram drive anyway Supress 1000s of cron lines like the following in /var/log/auth.log # # Jan 30 18:49:01 ota3 CRON[14054]: pam_unix(cron:session): session opened for user zzz by (uid=0) # Jan 30 18:49:03 ota3 CRON[13055]: pam_unix(cron:session): session closed for user root edit /etc/pam.d/common-session-noninteractive At the end of the file, find the line: session required pam_unix.so and now add the following line ABOVE it session [success=1 default=ignore] pam_succeed_if.so service in cron quiet use_uid # --------------------------------------------------------------- Todo 03/06/15 - Add NTP via GPS support - http://www.satsignal.eu/ntp/Raspberry-Pi-NTP.html 11/21/15 - ulog w/ firewall log rotate # --------------------------------------------------------------- Errata # 05/22/16 - reordered the initial security section # - implimented the firewall-confirm.sh script # - Changed the method to lock the pi account, groupadds, etc # 05/06/16 - Added a point to install rpi-update if it's not installed already # 04/30/16 - Added to the HDD powerdown section # 04/15/16 - Added an alternative way to find sound card input sampling rates # - Added rough notes to set NTP time ASAP # 03/16/16 - Added recommend to create a new sudo-enabled account and DISABLE # the pi account # 03/06/16 - Added an additional todo item # 03/05/16 - Added a gotcha section on how to fix an Rpi not being able to reboot # 03/04/16 - Added references to alternaive / pre-build Rpi images # 02/27/16 - Added a new interactve GPIO pinout website URL # 12/12/15 - Added DHCP client support to the firewall # 12/11/15 - Updated iptables example to drop but not log chatty network traffic # - Added changes to the /etc/rsyslog.conf file for a broken setting that # creates a huge amount of of logs as well as other overly chatty logs # and duplication # - Added a critical fix for proper keyboard mappings to log in via the # local HDMI console # 12/10/15 - Updated logrotate configs to be more aggressive # 12/06/15 - Added a note on the FIX_BITS option # 11/30/15 - Fixed raspi-config typo # 11/29/15 - Updated the Linpac section # - Updated the /etc/ax25/ax25-up.new2 script # 11/28/15 - More clear wording about needing to adapt the PTT circuit for peoples # specific radio # - Mentioned that the settings in /etc/ax25/ax25-up.new override settings # originally loaded in direwolf.conf # - Added Linpac # 11/26/15 - Recommend to create a new user account and DISABLE the default "pi" # account # - Formatting improvements # 11/24/15 - Added a critical point about microphone bias voltages from soundcards # and radios # 11/21/15 - Added an iptables section to secure the Rpi as soon as possible # - Dump more packages upon first install # 11/07/15 - Added index; revamping all sections sequentially # 10/21/15 - Added HD APM ; shutdown button # 10/14/15 - initial version (based on the old Wheezy doc)