$1*/ mo hosting! Get going with GoDaddy!

How To Install Aide Intrusion Detection System on Ubuntu

Aide stands for Advanced Intrusion Detection Environment which is one of the most popular tools for monitoring changes to a Unix or Linux system. Here i will list out how i am going to set this baby up on some of my server to secure on system.

Updating and Installing Aide

sudo apt-get update -y

Once you have update your repo, simply install Aide using the following command

sudo apt-get install aide

And aide is installed in your machine!

Configuring and Test out Aide

Next we are going to configure this baby. Initial the database with the command below,

sudo aideinit

It will take a while and once you have initial the database, Verify that the new aide database has been created

cd /var/lib/aide
ls -lt

And you should see something like this

AIDE 0.16a2-19-g16ed855 initialized AIDE database at /var/lib/aide/aide.db.new
Start timestamp: 2016-05-12 10:17:20 -0400
Verbose level: 6

Number of entries:	66800

---------------------------------------------------
The attributes of the (uncompressed) database(s):
---------------------------------------------------

/var/lib/aide/aide.db.new
  RMD160   : BOdplDoXDH0ws73WkoYe11+WIhM=
  TIGER    : tJ8xmXCDo9N9e8cJZBuqQSW/yl/ArSnJ
  SHA256   : E+Pc3ae0PDDxfRV9PcZZ8Fq+NsJZBLbo
             SQQ+i6xQ2I0=
  SHA512   : WHHce2bdDPzP1NgMSr9afReWcIvGbW+p
             D09ShUO3kT6EJpFWhqTR0RI60LmYW/sR
             76QTqqOOnIK+Cknc8mKXRA==
  CRC32    : OqKLPA==
  HAVAL    : zT+SY0Ee5SuFaXb7Kjo3gU7NpnH+QIyA
             buxyjH8AedM=
  GOST     : 4cW9q/3KpRawsNsRc2HtdjGgF70fsaI5
             8eRaLnsDlmo=


End timestamp: 2016-05-12 10:24:58 -0400 (run time: 7m 38s)

Move the new file to the new database using the following command,

mv /var/lib/aide/aide.db.new /var/lib/aide/aide.db

Now, let's test this baby out with the following command,

aide.wrapper --check

and you will get something like this

[email protected]:~# aide.wrapper --check
AIDE 0.16a2-19-g16ed855 found differences between database and filesystem!!
Start timestamp: 2016-05-12 10:29:51 -0400
Verbose level: 6

Summary:
  Total number of entries:	66801
  Added entries:		1
  Removed entries:		1
  Changed entries:		3

---------------------------------------------------
Added entries:
---------------------------------------------------

f++++++++++++++++: /var/lib/aide/aide.db

---------------------------------------------------
Removed entries:
---------------------------------------------------

f----------------: /var/lib/aide/aide.db.new

---------------------------------------------------
Changed entries:
---------------------------------------------------

d =.... mc.. .. .: /var/lib/mongodb/diagnostic.data
f >b... mc..C.. .: /var/lib/mongodb/diagnostic.data/metrics.2016-05-12T08-52-09Z-00000
f >.... mci.C.. .: /var/lib/mongodb/diagnostic.data/metrics.interim

---------------------------------------------------
Detailed information about changes:
---------------------------------------------------

Directory: /var/lib/mongodb/diagnostic.data
  Mtime    : 2016-05-12 10:24:39 -0400        | 2016-05-12 10:36:39 -0400
  Ctime    : 2016-05-12 10:24:39 -0400        | 2016-05-12 10:36:39 -0400

File: /var/lib/mongodb/diagnostic.data/metrics.2016-05-12T08-52-09Z-00000
  Size     : 361980                           | 372957
  Bcount   : 720                              | 744
  Mtime    : 2016-05-12 10:22:08 -0400        | 2016-05-12 10:32:08 -0400
  Ctime    : 2016-05-12 10:22:08 -0400        | 2016-05-12 10:32:08 -0400
  RMD160   : czpo/fk+iRIEKUBjlc2+wELg/Wo=     | wEQV9cj/KyiGQmfGSLbzo9B44Gs=
  TIGER    : 2wLpFPWq3lxfxXyHpAMkVXUjDtZ08W8z | x8IbKbindr6NVwNbaUt0J5jWq9Y1cWmv
  SHA256   : lVRtuDTLDD7DYajbBEYoMSPpdrtxdJNA | 3J4B2ToLfGmBbHOQas/hKGj8HXe4zihW
             rxL5xH8A0kA=                     | 0OLKtXC4fqo=
  SHA512   : axlztAMc56xIGz7JnsOq8dAgZfCLmT83 | 49Fex6rPE24SnoOaLc+T/hIiTLEEyOmk
             gFZS6MB2zmT5aPxK4FmOSnEC9W5mtUNJ | YGeLF1W/fxZuRYk3FuwgpFlKA2qrmi2f
             AIaoa5bK736BAXwMcsA+NA==         | xNij3UG21mAiX+Tx2pRw+A==
  CRC32    : drkWXw==                         | rtCgKQ==
  HAVAL    : SR2yfai80zpN2Xw+8sUFSM/kTQBGAHsl | xIk6ByhAZN5C2eU2bTJzZ0oZcJeqsIiz
             71FSIVFT4qA=                     | AMbC0DPcNhg=
  GOST     : bE/NiblzIQRPzFx8jVymvvkEA+NO6on0 | txFhbK566EUxlQk6c36TfqgvYBttntcm
             k3XlP3vO2LA=                     | qyMIxjG3zK8=

File: /var/lib/mongodb/diagnostic.data/metrics.interim
  Size     : 5279                             | 5397
  Mtime    : 2016-05-12 10:24:39 -0400        | 2016-05-12 10:36:39 -0400
  Ctime    : 2016-05-12 10:24:39 -0400        | 2016-05-12 10:36:39 -0400
  Inode    : 1180042                          | 1179903
  RMD160   : Uch+G7OlOobiM/VjjdNHYSdCZUY=     | OnSReGX+lqQuCQURBBxkfHC9U5o=
  TIGER    : bB0QmZYYNl2SKSfz4MlNrpwYKwCS3Evf | ktNDR+97gTAK7catLGoOhEFJu6IfQZwi
  SHA256   : h0s1leYNb7/RxTi86z+nHhe7DChFJtSo | KIlG5ePVgwG/+DopSTPHo6VqnGzdnQMj
             TUZXyOwKKYw=                     | m97NR3Gifhk=
  SHA512   : 8PrN5C6RJgYHIuM7DjL3vjx9/5fRbnsr | QLXQngP8ouoc8bvs580De+Vh7bGR0Lq8
             MDpk+PcTAxLV3AUbkWP9Xq0hTzro7mlM | +2tXCfVed02e1DVRgxeG3LbKxqhofP76
             nT96+O95DnPZRmuD5OAPZA==         | 6Mz99D/w7u9eabdbsYmmOw==
  CRC32    : sTX43A==                         | Ta6Udw==
  HAVAL    : ZDpLBirCqbUqz/jym+FFjv2IvY9T4k+g | qTpVXVypYnzMGQZF4SMw7Wjg/jKkptpw
             hhcWR0kK/ZE=                     | PEqS+lI8g84=
  GOST     : 7yJZnGdeAM8slovcFTD0Ftcec5KT8weQ | gVW46Bk3upRekyxDI5sPP6N1xk7b6gX5
             yPYlQqSMkf4=                     | CJTybT2VVKQ=


---------------------------------------------------
The attributes of the (uncompressed) database(s):
---------------------------------------------------

/var/lib/aide/aide.db
  RMD160   : BOdplDoXDH0ws73WkoYe11+WIhM=
  TIGER    : tJ8xmXCDo9N9e8cJZBuqQSW/yl/ArSnJ
  SHA256   : E+Pc3ae0PDDxfRV9PcZZ8Fq+NsJZBLbo
             SQQ+i6xQ2I0=
  SHA512   : WHHce2bdDPzP1NgMSr9afReWcIvGbW+p
             D09ShUO3kT6EJpFWhqTR0RI60LmYW/sR
             76QTqqOOnIK+Cknc8mKXRA==
  CRC32    : OqKLPA==
  HAVAL    : zT+SY0Ee5SuFaXb7Kjo3gU7NpnH+QIyA
             buxyjH8AedM=
  GOST     : 4cW9q/3KpRawsNsRc2HtdjGgF70fsaI5
             8eRaLnsDlmo=


End timestamp: 2016-05-12 10:37:13 -0400 (run time: 7m 22s)

see the file that we just added and updated? Yeah, that's the one that its reporting.

Crontab Aide

Now we dont want to do this every single day manually, so let's setup a crontab.

vi aide.sh

with the following code

#! /bin/sh
MYDATE=`date +%Y-%m-%d`
MYFILENAME="Aide-"$MYDATE.txt
/bin/echo "Aide check !! `date`" > /tmp/$MYFILENAME
/usr/bin/aide.wrapper --check > /tmp/myAide.txt
/bin/cat /tmp/myAide.txt|/bin/grep -v failed >> /tmp/$MYFILENAME
/bin/echo "**************************************" >> /tmp/$MYFILENAME
/usr/bin/tail -20 /tmp/myAide.txt >> /tmp/$MYFILENAME
/bin/echo "****************DONE******************" >> /tmp/$MYFILENAME
/usr/bin/mail -s"$MYFILENAME `date`" [email protected] < /tmp/$MYFILENAME

now make it executable

chmod +x aide.sh

open up crontab

crontab -e

add the following crontab into it

06 01 * * 0-6 /root/aide.sh

And we are good to go! Simple as that!

Setup NFS Server on LXC in Proxmox

Quick tutorial on how i setup NFS server on Proxmox using LXC rather than the old OpenVZ. Before i began writing out my old tutorial on NFS, you can take a look at the instruction on OpenVZ NFS which is exactly the same. I will write out a quick one here.

NFS Server on LXC

Do the following instruction to install NFS server (i'm using Centos btw)

yum install nfs* -y
service rpcbind start
chkconfig rpcbind on
service nfs start
chkconfig nfs on
Starting NFS services:                                     [  OK  ]
Starting NFS quotas:                                       [  OK  ]
Starting NFS mountd:                                       [  OK  ]
Starting NFS daemon: rpc.nfsd: Unable to access /proc/fs/nfsd errno 2 (No such file or directory).
Please try, as root, 'mount -t nfsd nfsd /proc/fs/nfsd' and then restart rpc.nfsd to correct the problem
                                                           [FAILED]

Failure is part of the plan. Now, assuming your LXC is on 101, you will go to /etc/pve/lxc/101.conf and add the following line

arch: amd64
cpulimit: 4
cpuunits: 1024
hostname: nfs.localhost.com
memory: 4000
nameserver: 8.8.8.8 8.8.4.4
net0: bridge=vmbr2,gw=192.168.100.1,hwaddr=32:36:30:61:61:34,ip=192.168.100.3/24,name=eth0,type=veth
onboot: 1
ostype: centos
rootfs: local:101/vm-101-disk-1.raw,size=1000G
searchdomain: localhost
swap: 512
lxc.aa_profile: unconfined

I will show you what i added, which is

lxc.aa_profile: unconfined

and also remember to add the line to /var/lib/lxc/101/config

lxc.aa_profile=unconfined

remember to reboot your LXC or else it won't work.

Now, in your LXC, open the file /etc/exports

/mnt/nfs     *(rw,no_root_squash,no_subtree_check,fsid=0)

and add the above line. remember to create the folder /mnt/nfs

Enable Port on Firewall

Enable the following in iptables

-A PREROUTING -d 10.6.25.101/32 -i vmbr0 -p tcp -m tcp --dport 2925 -j DNAT --to-destination 192.168.0.111:22
-A PREROUTING -d 10.6.25.101/32 -i vmbr1 -p tcp -m tcp --dport 32803 -j DNAT --to-destination 192.168.0.111:32803
-A PREROUTING -d 10.6.25.101/32 -i vmbr1 -p tcp -m tcp --dport 892 -j DNAT --to-destination 192.168.0.111:892
-A PREROUTING -d 10.6.25.101/32 -i vmbr1 -p tcp -m tcp --dport 662 -j DNAT --to-destination 192.168.0.111:662
-A PREROUTING -d 10.6.25.101/32 -i vmbr1 -p tcp -m tcp --dport 2049 -j DNAT --to-destination 192.168.0.111:2049
-A PREROUTING -d 10.6.25.101/32 -i vmbr1 -p tcp -m tcp --dport 111 -j DNAT --to-destination 192.168.0.111:111
-A PREROUTING -d 10.6.25.101/32 -i vmbr1 -p udp -m udp --dport 892 -j DNAT --to-destination 192.168.0.111:892
-A PREROUTING -d 10.6.25.101/32 -i vmbr1 -p udp -m udp --dport 662 -j DNAT --to-destination 192.168.0.111:662
-A PREROUTING -d 10.6.25.101/32 -i vmbr1 -p udp -m udp --dport 111 -j DNAT --to-destination 192.168.0.111:111
-A PREROUTING -d 10.6.25.101/32 -i vmbr1 -p udp -m udp --dport 2049 -j DNAT --to-destination 192.168.0.111:2049
-A PREROUTING -d 10.6.25.101/32 -i vmbr1 -p udp -m udp --dport 32769 -j DNAT --to-destination 192.168.0.111:32769
-A PREROUTING -d 10.6.25.101/32 -i vmbr1 -p tcp -m tcp --dport 8000 -j DNAT --to-destination 192.168.0.111:8000

where 10.6.25.101 is public ip and 192.168.0.111 is lxc ip address.

Configure NFS

Head over to /etc/sysconfig/nfs and update the following

#
# Define which protocol versions mountd
# will advertise. The values are "no" or "yes"
# with yes being the default
#MOUNTD_NFS_V2="no"
MOUNTD_NFS_V3="yes"
#
#
# Path to remote quota server. See rquotad(8)
#RQUOTAD="/usr/sbin/rpc.rquotad"
# Port rquotad should listen on.
#RQUOTAD_PORT=875
# Optinal options passed to rquotad
#RPCRQUOTADOPTS=""
#
#
# Optional arguments passed to in-kernel lockd
#LOCKDARG=
# TCP port rpc.lockd should listen on.
LOCKD_TCPPORT=32803
# UDP port rpc.lockd should listen on.
LOCKD_UDPPORT=32769
#
#
# Optional arguments passed to rpc.nfsd. See rpc.nfsd(8)
# Turn off v2 and v3 protocol support
#RPCNFSDARGS="-N 2 -N 3"
# Turn off v4 protocol support
RPCNFSDARGS="-N 4"
# Number of nfs server processes to be started.
# The default is 8.
#RPCNFSDCOUNT=8
# Stop the nfsd module from being pre-loaded
NFSD_MODULE="noload"
# Set V4 and NLM grace periods in seconds
#
# Warning, NFSD_V4_GRACE should not be less than
# NFSD_V4_LEASE was on the previous boot.
#
# To make NFSD_V4_GRACE shorter, with active v4 clients,
# first make NFSD_V4_LEASE shorter, then restart server.
# This will make the clients aware of the new value.
# Then NFSD_V4_GRACE can be decreased with another restart.
#
# When there are no active clients, changing these values
# can be done in a single server restart.
#
#NFSD_V4_GRACE=90
#NFSD_V4_LEASE=90
#NLM_GRACE_PERIOD=90
#
#
#
# Optional arguments passed to rpc.mountd. See rpc.mountd(8)
#RPCMOUNTDOPTS=""
# Port rpc.mountd should listen on.
MOUNTD_PORT=892
#
#
# Optional arguments passed to rpc.statd. See rpc.statd(8)
#STATDARG=""
# Port rpc.statd should listen on.
STATD_PORT=662
# Outgoing port statd should used. The default is port
# is random
#STATD_OUTGOING_PORT=2020
# Specify callout program
#STATD_HA_CALLOUT="/usr/local/bin/foo"
#
#
# Optional arguments passed to rpc.idmapd. See rpc.idmapd(8)
#RPCIDMAPDARGS=""
#
# Set to turn on Secure NFS mounts.
#SECURE_NFS="yes"
# Optional arguments passed to rpc.gssd. See rpc.gssd(8)
#RPCGSSDARGS=""
# Optional arguments passed to rpc.svcgssd. See rpc.svcgssd(8)
#RPCSVCGSSDARGS=""
#
# To enable RDMA support on the server by setting this to
# the port the server should listen on
#RDMA_PORT=20049

once you have done all the above, restart your host machine so you are clean and good to go.

Converting Webm to MP4 using latest avconv or ffmpeg

Ok, there is no ffmpeg here since its so old and we have all been using the latest avconv. However, there are so many legacy documentation about ffmpeg conversion and webm that leaves me searching up and downs for a solutions for my problems. Although in the end, it wasn't my problem at all but i manage to resolve it somehow so writing it out might helps someone out there too.

Problems converting webm to mp4

if you are facing problems converting webm (whammy) from webrtc of Chrome using older version of ffmpeg or avconv. You are not alone. You may face the following problems

[matroska,webm @ 0x18399cb8] Unknown/unsupported CodecID V_VP9.
[matroska,webm @ 0x18399cb8] Unknown/unsupported CodecID A_OPUS.

which means your avconv doesn't really support the new A_OPUS or V_VP9. And when you try to convert your whammy webm to mp4, it will 99% throws you one of the following errors

Error while opening encoder for output stream #0:0 - maybe incorrect parameters such as bit_rate, rate, width or height

or

Decoder (codec id 0) not found for input stream #0:0

or

webm decoding for stream 0 failed

or

23_1460406164.wav: could not find codec parameters

and etc. but it will just get stucked at #0:0 and you will be staring at your screen for a couple of hours (if you are lucky) and wondering what the hell goes wrong when you did nothing to it.

Solution to convert webm to mp4

If you manage to debug your avconv conversion instruction, and saw the word Unknown/unsupported CodecID A_OPUS, you most probably fall into the category of having a older Ubuntu or avconv which is what happen to me. However, if you are using a older version of Ubuntu, you will need to get the latest version from Source, since installing from apt-get will only gives you what your Ubuntu version can support. Once installed has completed, you will get the latest version of avconv 11. And you will need to fire the following command

avconv -i 23_1460420555.webm -c:v libx264  -strict experimental out.mp4

and you will get the following results

[email protected]:# avconv -i 23_1460420555.webm -c:v libx264  -strict experimental out.mp4
avconv version 11.6, Copyright (c) 2000-2014 the Libav developers
  built on Apr 12 2016 01:42:20 with gcc 4.6 (Ubuntu/Linaro 4.6.3-1ubuntu5)
[matroska,webm @ 0x2082100] Estimating duration from bitrate, this may be inaccurate
Input #0, matroska,webm, from '23_1460420555.webm':
  Duration: N/A, start: 0.000000, bitrate: N/A
    Stream #0.0(eng): Video: vp8, yuv420p, 640x480, PAR 1:1 DAR 4:3, 29.97 fps, 1k tbn (default)
    Stream #0.1(eng): Audio: opus, 48000 Hz, mono, fltp (default)
File 'out.mp4' already exists. Overwrite ? [y/N] y
[libx264 @ 0x2097d80] using SAR=1/1
[libx264 @ 0x2097d80] using cpu capabilities: MMX2 SSE2Fast FastShuffle SSEMisalign LZCNT
[libx264 @ 0x2097d80] profile High, level 3.0
[libx264 @ 0x2097d80] 264 - core 120 r2151 a3f4407 - H.264/MPEG-4 AVC codec - Copyleft 2003-2011 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=6 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00
Output #0, mp4, to 'out.mp4':
  Metadata:
    encoder         : Lavf56.1.0
    Stream #0.0(eng): Video: libx264, yuv420p, 640x480 [PAR 1:1 DAR 4:3], q=-1--1, 29.97 fps, 2997 tbn, 29.97 tbc (default)
    Metadata:
      encoder         : Lavc56.1.0 libx264
    Stream #0.1(eng): Audio: libvo_aacenc, 48000 Hz, mono, s16, 200 kb/s (default)
    Metadata:
      encoder         : Lavc56.1.0 libvo_aacenc
Stream mapping:
  Stream #0:0 -> #0:0 (vp8 (native) -> h264 (libx264))
  Stream #0:1 -> #0:1 (opus (native) -> aac (libvo_aacenc))
Press ctrl-c to stop encoding
Non-monotonous DTS in output stream 0:1; previous: 10576, current: 8864; changing to 10577. This may result in incorrect timestamps in the output file.
Non-monotonous DTS in output stream 0:1; previous: 10577, current: 9888; changing to 10578. This may result in incorrect timestamps in the output file.
Non-monotonous DTS in output stream 0:1; previous: 38912, current: 37584; changing to 38913. This may result in incorrect timestamps in the output file.
Non-monotonous DTS in output stream 0:1; previous: 38913, current: 38608; changing to 38914. This may result in incorrect timestamps in the output file.
Non-monotonous DTS in output stream 0:1; previous: 74064, current: 72400; changing to 74065. This may result in incorrect timestamps in the output file.
Non-monotonous DTS in output stream 0:1; previous: 74065, current: 73424; changing to 74066. This may result in incorrect timestamps in the output file.
frame=   58 fps=  0 q=-1.0 Lsize=     133kB time=1.84 bitrate= 593.4kbits/s
video:115kB audio:15kB other streams:0kB global headers:0kB muxing overhead: 2.336649%
[libx264 @ 0x2097d80] frame I:1     Avg QP:20.91  size: 26829
[libx264 @ 0x2097d80] frame P:51    Avg QP:22.32  size:  1685
[libx264 @ 0x2097d80] frame B:6     Avg QP:25.44  size:   638
[libx264 @ 0x2097d80] consecutive B-frames: 86.2%  0.0%  0.0% 13.8%
[libx264 @ 0x2097d80] mb I  I16..4: 19.3% 67.0% 13.7%
[libx264 @ 0x2097d80] mb P  I16..4:  0.9%  1.0%  0.1%  P16..4: 22.0%  4.0%  3.6%  0.0%  0.0%    skip:68.5%
[libx264 @ 0x2097d80] mb B  I16..4:  0.1%  0.1%  0.0%  B16..8: 30.9%  0.3%  0.0%  direct: 0.2%  skip:68.4%  L0:42.6% L1:56.6% BI: 0.8%
[libx264 @ 0x2097d80] 8x8 transform intra:58.6% inter:73.5%
[libx264 @ 0x2097d80] coded y,uvDC,uvAC intra: 66.9% 77.4% 53.2% inter: 10.0% 11.2% 1.3%
[libx264 @ 0x2097d80] i16 v,h,dc,p: 21% 11% 44% 24%
[libx264 @ 0x2097d80] i8 v,h,dc,ddl,ddr,vr,hd,vl,hu: 17% 13% 34%  5%  5%  6%  7%  7%  6%
[libx264 @ 0x2097d80] i4 v,h,dc,ddl,ddr,vr,hd,vl,hu: 18% 21% 31%  5%  6%  5%  6%  5%  4%
[libx264 @ 0x2097d80] i8c dc,h,v,p: 64% 17% 16%  3%
[libx264 @ 0x2097d80] Weighted P-Frames: Y:0.0% UV:0.0%
[libx264 @ 0x2097d80] ref P L0: 70.3% 20.2%  4.6%  4.9%
[libx264 @ 0x2097d80] ref B L0: 96.0%  2.2%  1.8%
[libx264 @ 0x2097d80] ref B L1: 89.9% 10.1%
[libx264 @ 0x2097d80] kb/s:482.04

And you will get a nice video with good quality right to your face! But do take note that the "Non-monotonous DTS in output" warning. Although its a warning, if you have compile avconv wrongly, your version conversion will not work. And if you are using the wrong encoder, pretty much nothing works for you and that's how pussy avconv can be about its encoding and stuff.

Of course, there are a good links to avconv that you could read up! especially what each avconv parameter means!

Installing avconv from source in Ubuntu

This is pretty interesting as avconv is a pretty sensitive fellow. If you do this wrongly, your avconv is pretty much not workable no matter how you are going to spin this. Hence, i do myself a favour and write this up instead. Now, before i began, let me explain what version of Ubuntu i am using. I am on Ubuntu 12.04.5 LTS and if i do the following from repo

sudo apt-get install ffmpeg libav-tools

I will be getting myself avcon version 8.x.x since i am on a older version of Ubuntu. Hence, the installed of avcon from source.

Removing older avconv or ffmpeg

Before we do anything at all, we need to remove the older version of avcon.

apt-get remove --purge libav-tools

and this will remove the built in avconv that you might have installed

Installing prerequisite files

Now, fire the below command to install everything you may need for your avconv compilation

apt-get install build-essential
apt-get install yasm
apt-get install libfdk-aac-dev
apt-get install libx264-dev

Once you have done that, we are good to go!

Installing avconv from source

I am going to install avconv version 11 from libav.org.

wget https://libav.org/releases/libav-11.6.tar.gz  --no-check-certificate
tar zxvf libav-11.6.tar.gz
cd libav-11.6/
./configure --enable-libvo-aacenc --enable-gpl --enable-nonfree --enable-version3 --enable-libx264 --enable-static --disable-shared
make && make install

After you have finished compilation (which takes some time), you are pretty much installed with the newer version of avconv! Not that tough right?

Setup OpenVPN on Proxmox LXC

Following the previous tutorial of setting up LXC, now i would like to setup my OpenVPN into Proxmox LXC container!

Adding Dev/Tun into LXC

On the host machine, we need to enable Tun for OpenvVPN on our LXC machine, go to the path /var/lib/lxc/xxx/config or /etc/pve/lxc/xxx.conf and add the following to the last line,

lxc.cgroup.devices.allow = c 10:200 rwm
lxc.hook.autodev = sh -c "modprobe tun; cd ${LXC_ROOTFS_MOUNT}/dev; mkdir net; mknod net/tun c 10 200; chmod 0666 net/tun"

and that's all we need to do. restart the lxc container.

Adding tun file into LXC container

Now login to your LXC container and fire the following command,

cd /dev
mkdir net
mknod net/tun c 10 200
chmod 0666 net/tun

this will create the net/tun directory and file, restart the machine and we are good to go!

Install OpenVPN on Proxmox LXC

Installing OpenVPN can never be easier in just 5 minutes which i wrote previously. But i will just summarise here, all you need to do is to fire the following into your LXC using NoVNC or SSH,

wget git.io/vpn --no-check-certificate -O ~/openvpn-install.sh; bash openvpn-install.sh

Follow all the instruction and we are good to go! And remember to port forward port 1194 and 53!

-A PREROUTING -i vmbr1 -p tcp -m tcp --dport 53 -j DNAT --to-destination 192.168.100.2:53
-A PREROUTING -i vmbr1 -p udp -m udp --dport 1194 -j DNAT --to-destination 192.168.100.2:1194
-A PREROUTING -i vmbr1 -p tcp -m tcp --dport 1194 -j DNAT --to-destination 192.168.100.2:1194