Ubuntu:Edgy/Servers

From

Jump to: navigation, search

Contents

Servers

Ubuntu Edgy LAMP Server

AntiVirus Server

sudo apt-get install clamav

(Providing that your /etc/apt/sources.list file is up to date, you will get a good recent version of Clam antivirus installed on your machine.)

Run Clam AV from a terminal window

To update your virus definitions: freshclam

To check files in your home directory: clamscan

To check files in the entire home directory: clamscan -r /home

To check files on the entire drive (displaying everything): clamscan -r /

To check version: /etc/clamav/clamscan -V

For learning about more flags for clamscan, try man clamscan or info clamscan


Credit to crazybill at Ubuntu Forums (http://ubuntuforums.org/archive/index.php/t-30060.html)

How to automatically scan files/folders for viruses

e.g. Automatically scan files/folders for viruses at midnight everyday
* * * * * means minute hour date month year
 export EDITOR=gedit &&  sudo crontab -e
*Append the following line at the end of file
00 00 * * *  sudo clamscan -r /location_of_files_or_folders
  • Save the edited file

Monitoring Server

If you want to monitor your Ubuntu servers and clients like memory usage,CPU usage,Load average,Disk usage,Mysql monitoring, Network Monitoring,Processes Monitoring this is for you

Monitor your Ubuntu Servers and Clients using Munin

Print Server (cupsd)

How to install cupsd

Cupsd should be automatically installed during standard instaltion. Checkout if there is a file "/etc/init.d/cupsys". If you want to manually install it, do
 sudo apt-get install cupsys*

How to add a printer

  • Go to System -> Administration -> Printing.
  • Choose "Add printer".
  • "Add printer wizard" should start and tell you what to do.

How to print on remote Ubuntu machine from another Ubuntu machine

  • Make sure your local printer is well configured.
  • Enable local printer sharing - System -> Administration -> Printing -> Global Settings menu -> Share printers
  • Server ip address: 192.168.0.1
  • Client ip address: 192.168.0.23
    • Server configuration
 sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.backup
 gksudo gedit /etc/cups/cupsd.conf
find the block
<Location />
  ...
  Allow localhost
  ...
</Location>
and add the following line into it.
 Allow 192.168.0.23
Restart cups.
 sudo /etc/init.d/cupsys restart
    • Client configuration
 sudo cp /etc/cups/client.conf /etc/cups/client.conf.backup
 gksudo gedit /etc/cups/client.conf
And add the following line into it.
 ServerName 192.168.0.1
Restart cups.
 sudo /etc/init.d/cupsys restart
Now try "lpq" and you should see something like
 vitek@lightfox:~$ lpq
 HPLJ6P is ready
 no entries

How to print on remote Ubuntu machine from a Windows machine


1.19.4.5

How to set up 4 port printer server

Setting up COMPUSA print server on Ubuntu

(1) go to System, Administration, Printing.

(2) Then Add a printer

(3) Network Printer and choose HP JetDirect

(4) Where it says Host you put in the IP Address of the Print server. You can find it with Smb4k

(5) Where it says Port you put 9100 for USB port 1. 9101 for USB port 2. 9102 for USB port 3. and 9103 for USB port 4.

(6) Then click on forward and install your printer

NFS Server

Installing NFS Server

sudo apt-get install nfs-kernel-server nfs-common portmap

Reconfigure Portmap to not bind to loopback interface:

sudo dpkg-reconfigure portmap 
sudo /etc/init.d/portmap restart

Define which folders to share (export):

sudo vi /etc/exports


An entry in /etc/exports will typically look like this (Reference: http://nfs.sourceforge.net/nfs-howto):

directory machine1(option11,option12)
machine2(option21,option22)

where

  • directory: the directory that you want to share. It may be an entire volume though it need not be. If you share a directory, then all directories under it within the same file system will be shared as well.
  • machine1 and machine2: client machines that will have access to the directory. The machines may be listed by their DNS address or their IP address (e.g., machine.company.com or 192.168.0.8 ). Using IP addresses is more reliable and more secure.


Add share (export) definitions:

This will export path to all IP addresses between 192.168.1.1 and 192.168.1.255 with Read/Write access:

/path/to/shared/files 192.168.1.1/24(rw,no_root_squash,async)

This will export path to all IP addresses between 192.168.1.1 and 192.168.1.255 with Read Only access:

/path/to/shared/files 192.168.1.1/24(ro,async)

When finished, save changes and restart the NFS Server:

sudo /etc/init.d/nfs-kernel-server restart

Export your new configuration:

sudo exportfs -a

Installing NFS Client

sudo apt-get install portmap nfs-common
Mounting Manually
cd ~
mkdir temp
sudo mount 192.168.1.1:/path/to/shared/files temp

You may need to restart NFS services:

sudo /etc/init.d/portmap restart
sudo /etc/init.d/nfs-common restart
Mounting Automatically

Create mountpoint:

sudo mkdir /mnt/files

Edit configuration:

sudo vi /etc/fstab

Add something similar to below:

192.168.1.1:/path/to/shared/files /mnt/files nfs rsize=8192,wsize=8192,timeo=14,intr

Test new configuration:

sudo mount /mnt/files

Reboot to test automatic mounting.

Samba Server

How to install Samba Server for files/folders sharing service

sudo apt-get install samba smbfs

How to add/edit/delete network users

sudo smbpasswd -a system_username
gksudo gedit /etc/samba/smbusers
    • Insert the following line into the new file
system_username = "network username"
    • Save the edited file
  • To edit network user
sudo smbpasswd -a system_username
  • To delete network user
sudo smbpasswd -x system_username

How to share home folders with read only or read/write permission (Authentication=Yes)

sudo cp /etc/samba/smb.conf /etc/samba/smb.conf_backup
gksudo gedit /etc/samba/smb.conf
  • Find this line
...
;  security = user
...
  • Replace with the following lines
  security = user
  username map = /etc/samba/smbusers
  • Remove the ; in front of the following lines (there will text in between explaining what they do):
;[homes]
;comment = Home Directories
;browseable = no
;valid users = %S
;writable = yes
    • If you want other network users to be able to edit to the folder then change
 # By default, the home directories are exported read-only. Change next
 # parameter to 'yes' if you want to be able to write to them.
 ;   writable = no
    • Replace with the following lines
  writable = yes
sudo testparm
sudo /etc/init.d/samba restart

How to share group folders with read only permission (Authentication=Yes)

sudo mkdir /home/group
sudo chmod 777 /home/group/
sudo cp /etc/samba/smb.conf /etc/samba/smb.conf_backup
gksudo gedit /etc/samba/smb.conf
  • Find this line
...
;  security = user
...
  • Replace with the following lines
 security = user
 username map = /etc/samba/smbusers
  • Append the following lines at the end of file
[Group]
  comment = Group Folder
  path = /home/group
  public = yes
  writable = no
  valid users = system_username1 system_username2
  create mask = 0700
  directory mask = 0700
  force user = nobody
  force group = nogroup
  • Or if you want other network users to be able to edit to the folder change
  writable = yes
sudo testparm
sudo /etc/init.d/samba restart

How to share public folders with read only or read/write permissions (Authentication=Yes)

sudo mkdir /home/public
sudo chmod 777 /home/public/
sudo cp /etc/samba/smb.conf /etc/samba/smb.conf_backup
gksudo gedit /etc/samba/smb.conf
  • Find this line
...
;  security = user
...
  • Replace with the following lines
  security = user
  username map = /etc/samba/smbusers

Then follow either 1. or 2.

  • 1. Save the edited file.
sudo testparm
sudo /etc/init.d/samba restart
  • 1. Right click the folder and select 'Share folder'. Then change 'Do not share' to share with the network you would like.
  • 1. In Share Properties note the read box. If you want other network users to be able to edit to the folder un-tick this.

OR

  • 2. Append the following lines at the end of file
[public]
  comment = Public Folder
  path = /home/public
  public = yes
  writable = yes
  create mask = 0777
  directory mask = 0777
  force user = nobody 
  force group = nogroup
  • 2. Or if you want other network users to be able to edit to the folder
  writable = yes
sudo testparm
sudo /etc/init.d/samba restart


How to share public folders with read only or read/write permissions (Authentication=No)

sudo mkdir /home/public
sudo chmod 777 /home/public/
sudo cp /etc/samba/smb.conf /etc/samba/smb.conf_backup
gksudo gedit /etc/samba/smb.conf
  • Find this line
...
;  security = user
...
  • Replace with the following line
  security = share

Then follow either 1. or 2.

  • 1. Save the edited file.
sudo testparm
sudo /etc/init.d/samba restart
  • 1. Right click the folder and select 'Share folder'. Then change 'Do not share' to share with the network you would like.
  • 1. In Share Properties note the read box. If you want other network users to be able to edit to the folder un-tick this.

OR

  • 2. Append the following lines at the end of /etc/samba/smb.conf (for a read-only folder)
[public]
  comment = Public Folder
  path = /home/public
  public = yes
  writable = no
  create mask = 0777
  directory mask = 0777
  force user = nobody
  force group = nogroup
  • 2. Or if you want other network users to be able to edit to the folder
  writable = yes


  • 2. Save the edited file
sudo testparm
sudo /etc/init.d/samba restart

How to print on remote Ubuntu machine via samba

 sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.backup
 gedit /etc/samba/smb.conf
Find the following lines
 ...
 # printing = cups
 # printcap name = cups
 ...
and uncomment them.
 printing = cups
 printcap name = cups
Restart cups server
 sudo /etc/init.d/cupsys restart
Now printers working on your Ubuntu machine should be acessible via samba.

Samba Web Administration Tool (SWAT)

How to install INETD Superserver

 sudo apt-get install netkit-inetd

How to install SWAT for Samba daemon

 sudo apt-get install swat
  • Open inetd daemon configuration
 sudo gksu gedit /etc/inetd.conf
  • If string is:
 <#off#> swat            stream  tcp     nowait.400      root    /usr/sbin/tcpd  /usr/sbin/swat
  • Change to:
 swat            stream  tcp     nowait.400      root    /usr/sbin/tcpd  /usr/sbin/swat
  • Restart daemon
 sudo /etc/init.d/inetd restart

SSH Server

How to install SSH Server for remote administration service

sudo apt-get install ssh

How to SSH into remote Ubuntu machine

e.g. Assumed that remote Ubuntu machine have installed SSH Server service
Read #How to install SSH Server for remote administration service
Remote Ubuntu machine: 192.168.0.1
ssh username@192.168.0.1

How to copy files/folders from remote Ubuntu machine into local machine (scp)

e.g. Assumed that remote Ubuntu machine have installed SSH Server service
Read #How to install SSH Server for remote administration service
Remote Ubuntu machine: 192.168.0.1
Remote files/folders location: /home/username/remotefile.txt
Local machine save location: . (current directory)
scp -r username@192.168.0.1:/home/username/remotefile.txt .

How to copy files/folders from local machine into remote Ubuntu machine (scp)

e.g. Assumed that remote Ubuntu machine have installed SSH Server service
Read #How to install SSH Server for remote administration service
Local files/folders location: localfile.txt
Remote Ubuntu machine: 192.168.0.1
Remote Ubuntu machine save location: /home/username/
scp -r localfile.txt username@192.168.0.1:/home/username/

How to copy files/folders from remote Ubuntu machine into local machine (rsync)

e.g. Assumed that remote Ubuntu machine have installed SSH Server service
Read #How to install SSH Server for remote administration service
Remote Ubuntu machine: 192.168.0.1
Remote files/folders location: /home/username/remotefile.txt
Local machine save location: . (current directory)
rsync -v -u -a --delete --rsh=ssh --stats username@192.168.0.1:/home/username/remotefile.txt .

How to copy files/folders from local machine into remote Ubuntu machine (rsync)

e.g. Assumed that remote Ubuntu machine have installed SSH Server service
Read #How to install SSH Server for remote administration service
Local files/folders location: localfile.txt
Remote Ubuntu machine: 192.168.0.1
Remote Ubuntu machine save location: /home/username/
rsync -v -u -a --delete --rsh=ssh --stats localfile.txt username@192.168.0.1:/home/username/

How to mount remote folders into local Ubuntu machine (sshfs)

e.g. Assumed that remote machine has installed SSH Server service
Read #How to install SSH Server for remote administration service
Remote machine: 192.168.0.1
Remote machine folder location: /media/music
  • Install sshfs
sudo apt-get install sshfs
  • Load kernel driver for sshfs
sudo modprobe fuse
  • Join the 'fuse' user group
sudo adduser your_user_name fuse
  • Logout and login for this to take effect.
  • fix group on /dev/fuse
 sudo chgrp fuse /dev/fuse
  • Create local mountpoint in your home directory
mkdir ~/remote_music
  • Mount the remote folder into ~/remote_music
sshfs 192.168.0.1:/media/music ~/remote_music

How to SSH into remote Ubuntu machine via Windows machine

e.g. Assumed that remote Ubuntu machine have installed SSH Server service
Read #How to install SSH Server for remote administration service
  • Download PuTTY: Here


How to copy files/folders from/into remote Ubuntu machine via Windows machine

e.g. Assumed that remote Ubuntu machine have installed SSH Server service
Read #How to install SSH Server for remote administration service
  • Download FileZilla: Here

How to limit the user accounts that can connect through ssh remotely

e.g. If you enable the SSH server, then any user with a valid account can connect remotely
This can lead to security risks, as there exist remote password cracking tools that
try common username/password pairs.
  • Keep a backup of the ssh server configuration file with

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.ORIGINAL

  • Edit the configuration file

gksudo gedit /etc/ssh/sshd_config

  • Change the parameter PermitRootLogin from yes to no. The superuser must not be able to connect directly from remote.
  • Add the parameter AllowUsers and specify the usernames (space separated) that can connect remotely.

NOTE: This will allow ONLY the users specified to connect. You may use wildcards here (example: j* will allow jsmith to connect but not fsmith)

  • You can also use DenyUsers for fine-grained selection of users.
  • If you enable the openssh server and you have no intention for now to enable remote connections, you may add AllowUsers nosuchuserhere to disable anyone connecting.

Using SSH to Port Forward

e.g. Assumed that remote machine has installed SSH Server service
Read #How to install SSH Server for remote administration service

If is possible to create secure SSH tunnels between multiple sites. Imagine two sites (home and office). If you have an SSH server available in the office available via the Internet, you can tunnel across to this server and communicate with any local PC in the office from home.

  • Example: Make Port 80 (Web Server) on 10.0.2.10 in the office available locally on Port 81

From home:

ssh -L 81:10.0.2.10:80 user@office.net

Once logged in, you can now browse to http://localhost:81 which is really a secure tunnel to the web server in your office. You can setup multiple port forwardings.

ssh -L 81:10.0.2.10:80 -L 82:10.0.2.20:80 -L 83:10.0.2.30:80 user@office.net

Now, port 81 locally forwards to port 80 on 10.0.2.10, port 82 forwards to port 80 on 10.0.2.20 and port 83 forwards to port 80 on 10.0.2.30

For example, http://localhost:81 connects you to port 80 on 10.0.2.10 (computer at remote location)

Specify port with -p?? if SSH Server on office.net does not run on default port 22.

Explanation:

ssh -L <local port>:<remote computer>:<remote port> <user>@<remote ip>

Protecting SSH from brute force atack

It is possible to easily protect SSH from a password brute force attack with a pam_abl module. You can install it by the two ways:

To install from a repository:

And execute the following commands:

sudo aptitude update
sudo aptitude upgrade
sudo aptitude install libpam-abl
sudo /etc/init.d/ssh restart

First command is to fetch the repository listing. Second is to upgrade the openssh-server package to patched version (openssh-client will be also updated). Third is to set up a protection plugin. And the fourth is to restart a server with a new security plugin.

DHCP Server

How to install DHCP Server for automatic IP addresses assignment

e.g. Assumed that "eth0" is the interface for network card
IP Address Range: 192.168.0.100 to 192.168.0.200
Subnet Mask: 255.255.255.0
DNS Servers: 202.188.0.133, 202.188.1.5
Domains: tm.net.my
Gateway Address: 192.168.0.1
sudo apt-get install dhcp3-server
sudo cp /etc/default/dhcp3-server /etc/default/dhcp3-server_backup
gksudo gedit /etc/default/dhcp3-server
  • Find this line
...
INTERFACES=""
  • Replace with the following line
INTERFACES="eth0"
  • Save the edited file
sudo cp /etc/dhcp3/dhcpd.conf /etc/dhcp3/dhcpd.conf_backup
gksudo gedit /etc/dhcp3/dhcpd.conf
  • Find this section
...
# option definitions common to all supported networks...
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;
default-lease-time 600;
max-lease-time 7200;
...
  • Replace with the following lines
# option definitions common to all supported networks...
#option domain-name "example.org";
#option domain-name-servers ns1.example.org, ns2.example.org;
#default-lease-time 600;
#max-lease-time 7200;
  • Find this section
...
# A slightly different configuration for an internal subnet.
#subnet 10.5.5.0 netmask 255.255.255.224 {
# range 10.5.5.26 10.5.5.30;
# option domain-name-servers ns1.internal.example.org;
# option domain-name "internal.example.org";
# option routers 10.5.5.1;
# option broadcast-address 10.5.5.31;
# default-lease-time 600;
# max-lease-time 7200;
#}
...
  • Replace with the following lines
# A slightly different configuration for an internal subnet.
subnet 192.168.0.0 netmask 255.255.255.0 {
 range 192.168.0.100 192.168.0.200;
 option domain-name-servers 202.188.0.133, 202.188.1.5;
 option domain-name "tm.net.my";
 option routers 192.168.0.1;
 option broadcast-address 192.168.0.255;
 default-lease-time 600;
 max-lease-time 7200;
}
  • Save the edited file
sudo /etc/init.d/dhcp3-server restart

Database Server

How to install MYSQL Database Server

sudo apt-get install mysql-server
  • MySQL initially only allows connections from the localhost (127.0.0.1). We'll need to remove that restriction if you wish to make it accessible to everyone on the internet. Open the file /etc/mysql/my.cnf
gksudo gedit /etc/mysql/my.cnf
  • Find the line bind-address = 127.0.0.1 and comment it out
...
#bind-address           = 127.0.0.1
...
  • MySQL comes with no root password as default. This is a huge security risk. You'll need to set one. So that the local computer gets root access as well, you'll need to set a password for that too. The local-machine-name is the name of the computer you're working on. For more information see here
mysqladmin -u root password your-new-password
mysqladmin -h root@local-machine-name -u root -p password your-new-password
sudo /etc/init.d/mysql restart

MySQL Database backup using AutoMySQLBackup

  • AutoMySQLBackup is a script to take daily, weekly and monthly backups of your MySQL databases using mysqldump.
  • AutoMySQLBackup Script Features
    • Backup mutiple MySQL databases with one script. (Now able to backup ALL databases on a server easily. no longer need to specify each database seperately)
    • Backup all databases to a single backup file or to a seperate directory and file for each database.
    • Automatically compress the backup files to save disk space using either gzip or bzip2 compression.
    • Can backup remote MySQL servers to a central server.
    • Runs automatically using cron or can be run manually.
    • Can e-mail the backup log to any specified e-mail address instead of “root”. (Great for hosted websites and databases).
    • Can email the compressed database backup files to the specified email address.
    • Can specify maximun size backup to email.
    • Can be set to run PRE and POST backup commands.
    • Choose which day of the week to run weekly backups.
  • AutoMySQLBackup Requirements

The AutoMySQLBackup script only requires mysqldump (A standard utility provided with the mysql client) and gzip or bzip2 for compression of the backup files. If you would like to have the log emailed to you then you will need to have permission to execute the “mail” program. If you want the compressed backup files mailed to you then Mutt must be available on the server. Finally you will need a bash shell and the standard system tools and utilities (all these requirements should be the default on most linux system.)

  • What AutoMySQLBackup does

Every day AutoMySQLBackup will run (if setup in /etc/cron.daily) and using mysqldump and gzip will dump your specified databases to the /backups/daily directory, it will rotate daily backups weekly so you should never have more than 7 backups in there..

Every Saturday AutoMySQLBackup will again backup the databases you have chosen but they will be placed into /backups/weekly, these will be rotated every 5 weeks so there should never be more than 5 backups in there..

Every 1st of the month AutoMySQLBackup will create a backup of all databases and place them into /backups/monthly. These will never be rotated so it will be up to you to do your own house keeping. I would suggest taking a copy of this offline every month or two so that if you have a hard drive failure you will be able to restore your database

  • AutoMySQLBackup Installation

The install is as simple as editing a few variables in the AutoMySQLBackup file. The full setup is documented in the AutoMySQLBackup script file below the variables section.

  • Download automysqlbackup.sh and place it into your /etc/cron.daily directory or your home directory.
  • Edit (at least) the following lines :
...
USERNAME=dbuser 
PASSWORD=password DBNAMES=”DB1 DB2 DB3″
...
  • Note:The user must have at least select privileges to the databases and make sure to keep the quotes ” ” otherwise it won’t work
  • Make the file executable :
sudo chmod u+rwx
  • Create the following directory
./backups
  • That’s it...Now you can run it using the command line “./automysqlbackup.sh” or if it is in /etc/cron.daily it will run each day when cron

How to install MYSQL Administrator

sudo apt-get install mysql-admin

How to install MySQL Query Browser (SQL Client)

sudo apt-get install mysql-query-browser

How to install Oracle Database XE

  • Add the following repository to your /etc/apt/sources.list:
deb http://oss.oracle.com/debian unstable main non-free
  • Install the software using apt-get
sudo apt-get update
sudo apt-get install oracle-xe
  • Add your login to the 'dba' group (where your login name is username)
sudo usermod -G dba -a username
  • Run the initial configuration
sudo /etc/init.d/oracle-xe configure

You can configure any ports you want as long as they don't interfere with any other services listening on ports. You can choose the defaults by pressing enter instead of entering something in.

Apache HTTP Server

How to install Apache HTTP Server for HTTP (Web) Server service

sudo apt-get install apache2

How to install PHP for Apache HTTP Server

How to install PHP4
sudo apt-get install php4
sudo apt-get install libapache2-mod-php4
sudo /etc/init.d/apache2 restart
  • To test if php4 installed correctly
gksudo gedit /var/www/testphp.php
  • Insert the following line into the new file
<?php phpinfo(); ?>
How to install PHP5
sudo apt-get install php5
sudo apt-get install libapache2-mod-php5
sudo /etc/init.d/apache2 restart
  • To test if php5 installed correctly
gksudo gedit /var/www/testphp.php
  • (Optional) Insert the following line into the new file
<?php phpinfo(); ?>

If that didn't work (for example, if your browser prompted you to save the testphp.php page), try these commands:

sudo a2enmod php5
sudo /etc/init.d/apache2 force-reload

Then try opening http://localhost/testphp.php again

  • (Optional) Install recommended PHP5 modules
sudo apt-get install php5-xsl
sudo apt-get install php5-gd
sudo apt-get install php-pear
  • Restart Apache
sudo /etc/init.d/apache2 restart

Many PHP applications use XSLT technology as well as server-side graphic manipulation (via GD). Also, PEAR provides access to PHP's module repository.

pear help

How to install MYSQL for Apache HTTP Server

sudo apt-get install libapache2-mod-auth-mysql
  • Select either php4-mysql or php5-mysql depending on which version of PHP you installed
sudo apt-get install php<version-number>-mysql
sudo apt-get install phpmyadmin
  • To get PHP to work with MySQL, open the file (where <version> is either 4 or 5 depending on which PHP you installed)
gksudo gedit /etc/php<version>/apache2/php.ini
  • You'll need to uncomment the ";extension=mysql.so" line so that it looks like this
...
extension=mysql.so
...
  • Save the file then exit
sudo /etc/init.d/apache2 restart

Alternative if the above doesn't work (which it probably won't and this probably will):

 sudo apt-get install mysql-server

How to install Python for Apache 2

sudo aptitude install python
sudo aptitude install libapache2-mod-python
sudo gedit /etc/apache2/mods-available/mod_python.conf

add the following lines

AddType application/x-httpd-python .py
AddHandler mod_python .py
PythonHandler mod_python.publisher
PythonDebug On

save

cd /etc/apache2/mods-enabled
sudo ln -s ../mods-available/mod_python.conf mod_python.conf
sudo /etc/init.d/apache2 restart

How to map URLs to folders outside /var/www/

gksudo gedit /etc/apache2/conf.d/alias
  • Insert the following lines into the new file
Alias /URL-path /location_of_folder/
<Directory /location_of_folder/>
  Options Indexes FollowSymLinks
  AllowOverride All
  Order allow,deny
  Allow from all
</Directory>
  • Save the edited file
sudo /etc/init.d/apache2 restart
  • When you get "403 - Permission denied", you might try:
chmod o+x /location_of_folder/
  • If that doens't work, the following might help:
chmod o+r,o+x /location_of_folder/

How to change the default port number for Apache HTTP Server

e.g. Assumed that new port number is 78
sudo cp /etc/apache2/ports.conf /etc/apache2/ports.conf_backup
gksudo gedit /etc/apache2/ports.conf
  • Find this line
Listen 80
  • Replace with the following line
Listen 78
  • Save the edited file
sudo /etc/init.d/apache2 restart

How to parse RSS into PHP for Apache HTTP Server

e.g. Assumed that RSS is DistroWatch.com - News
wget -c http://easylinux.info/uploads/magpierss-0.71.1.tar.gz
sudo mkdir /var/www/feeds
sudo tar zxvf magpierss-0.71.1.tar.gz -C /var/www/feeds/
sudo mv /var/www/feeds/magpierss-0.71.1/* /var/www/feeds/
sudo rm -fr /var/www/feeds/magpierss-0.71.1/
sudo chown -R www-data:root /var/www/feeds/
gksudo gedit /var/www/feeds/index.php
  • Insert the following lines into the new file
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 
 <head>
 
 <title>DistroWatch.com - News</title>
 
 <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
 
 <style type="text/css">
 /*<![CDATA[*/
 /* 
 DEFAULT TAG STYLES
 */
 
 body {
  background: #ffffff;
  margin-left: 20px;
  font-family: bitstream vera sans,sans-serif;
  font-size: 9pt;
 }
 
 h1 {
  font-family: luxi sans,sans-serif;
  font-size: 15pt;
 }
 
 /*]]>*/
 </style>
 
 </head>
  
 <body>
 
 <?php

 require_once 'rss_fetch.inc';
 error_reporting(E_ERROR);
 
 $url = 'http://distrowatch.com/news/dw.xml';
 $rss = fetch_rss($url);
 
 if ($rss) {
 
  echo "<h1>";
  echo "<a href=$url>", $rss->channel[title], "</a><br/>";
  echo "</h1>";
 
  foreach ($rss->items as $item ) {
   $url = $item[link];
   $title = $item[title];
   $description = $item[description];
   echo "<li>";
   echo "<b>Topic:</b> <a href=$url><b><u>$title</u></b></a><br/><br/>";
   echo "$description<br/><br/>";
   echo "</li>";
  }
 
 }
 else {
  echo "<a href=$url>", $url, "</a> - Server Down!<br/>";
 }
 
 ?>
 
 </body>
 
 </html>
 

FTP Server

How to install FTP Server for File Transfer service

sudo apt-get install proftpd

How to configure FTP user to be "jailed" (chrooted) into their home directory

sudo cp /etc/proftpd/proftpd.conf /etc/proftpd/proftpd.conf_backup
gksudo gedit /etc/proftpd/proftpd.conf
  • Find this section
...
DenyFilter           \*.*/
...
  • Add the following line below it
DefaultRoot           ~

  • Save the edited file
sudo /etc/init.d/proftpd restart

How to configure FTP Server to allow anonymous FTP user to read only

sudo cp /etc/proftpd/proftpd.conf /etc/proftpd/proftpd.conf_backup
gksudo gedit /etc/proftpd/proftpd.conf
  • Append the following lines at the end of file
<Anonymous ~ftp>
 User            ftp
 Group            nogroup
 UserAlias          anonymous ftp
 DirFakeUser on ftp
 DirFakeGroup on ftp
 RequireValidShell      off
 MaxClients         10
 DisplayLogin        welcome.msg
 DisplayFirstChdir      .message
 <Directory *>
  <Limit WRITE>
   DenyAll
  </Limit>
 </Directory>
</Anonymous>
  • Save the edited file
sudo /etc/init.d/proftpd restart

How to configure FTP Server to allow anonymous FTP user to read/write

sudo cp /etc/proftpd/proftpd.conf /etc/proftpd/proftpd.conf_backup
gksudo gedit /etc/proftpd/proftpd.conf
  • Append the following lines at the end of file
<Anonymous ~ftp>
 User            ftp
 Group            nogroup
 UserAlias          anonymous ftp
 DirFakeUser on ftp
 DirFakeGroup on ftp
 RequireValidShell      off
 MaxClients         10
 DisplayLogin        welcome.msg
 DisplayFirstChdir      .message
</Anonymous>
  • Save the edited file
sudo /etc/init.d/proftpd restart

How to map anonymous FTP user to folders outside /home/ftp/

sudo cp /etc/proftpd/proftpd.conf /etc/proftpd/proftpd.conf_backup
gksudo gedit /etc/proftpd/proftpd.conf
  • Append the following lines at the end of file
<Anonymous /location_of_folder/>
 User            ftp
 Group            nogroup
 UserAlias          anonymous ftp
 DirFakeUser on ftp
 DirFakeGroup on ftp
 RequireValidShell      off
 MaxClients         10
 DisplayLogin        welcome.msg
 DisplayFirstChdir      .message
 <Directory *>
  <Limit WRITE>
   DenyAll
  </Limit>
 </Directory>
</Anonymous>
  • Save the edited file
sudo /etc/init.d/proftpd restart

How to change the default port number for FTP Server

e.g. Assumed that new port number is 77
sudo cp /etc/proftpd/proftpd.conf /etc/proftpd/proftpd.conf_backup
gksudo gedit /etc/proftpd/proftpd.conf
  • Find this line
Port              21
  • Replace with the following line
Port              77
  • Save the edited file
sudo /etc/init.d/proftpd restart

How to ftp into remote Ubuntu machine via Windows machine

e.g. Assumed that remote Ubuntu machine have installed FTP Server service
Read #How to install FTP Server for File Transfer service
  • Download FileZilla: Here

How to Setup BIND DNS Server

Reference: copied from http://ubuntuforums.org/showthread.php?t=236093

  • Install bind 9:
sudo apt-get install bind9
  • Configure the main Bind files. Usually, if you install Bind from the source code, you will have to edit the file named.conf. However, Ubuntu provides you with a pre-configured Bind, so we will edit another file:
sudo vi /etc/bind/named.conf.local

This is where we will insert our zones. By the way, a zone is a domain name that is referenced in the DNS server Insert this in the named.conf.local file:

# This is the zone definition. replace example.com with your domain name
zone "example.com" {
       type master;
       file "/etc/bind/zones/example.com.db";
};

# This is the zone definition for reverse DNS. replace 0.168.192 with your 
# network  address in reverse notation - e.g my network address is 192.168.0
zone "0.168.192.in-addr.arpa" {
    type master;
    file "/etc/bind/zones/rev.0.168.192.in-addr.arpa";
};
  • Ok, now, let's edit the options file:
sudo vi /etc/bind/named.conf.options
  • We need to modify the forwarder. This is the DNS server to which your own DNS will forward the requests he cannot process.
forwarders {
      # Replace the address below with the address of your provider's DNS server
      123.123.123.123;
};
  • Now, let's add the zone definition files (replace example.com with your domain name:
sudo mkdir /etc/bind/zones
sudo vi /etc/bind/zones/example.com.db
  • The zone definition file is where we will put all the addresses / machine names that our DNS server will know. You can take the following example:
// replace example.com with your domain name. do not forget the . after the domain name!
// Also, replace ns1 with the name of your DNS server
example.com.      IN      SOA     ns1.example.com. admin.example.com. (
// Do not modify the following lines!
                                                        2006081401
                                                        28800
                                                        3600
                                                        604800
                                                        38400
 )

// Replace the following line as necessary:
// ns1 = DNS Server name
// mta = mail server name
// example.com = domain name
example.com.      IN      NS              ns1.example.com.
example.com.      IN      MX     10       mta.example.com.

// Replace the IP address with the right IP addresses.
www              IN      A       192.168.0.2
mta              IN      A       192.168.0.3
ns1              IN      A       192.168.0.1
  • Now, let's create the reverse DNS zone file:
sudo vi /etc/bind/zones/rev.0.168.192.in-addr.arpa
  • Copy and paste the following text, modify as needed:
//replace example.com with yoour domain name, ns1 with your DNS server name.
// The number before IN PTR example.com is the machine address of the DNS server. in my case, it's 1, as my IP address is 192.168.0.1.
@ IN SOA ns1.example.com. admin.example.com. (
                        2006081401;
                        28800; 
                        604800;
                        604800;
                        86400 
)

                     IN    NS     ns1.example.com.
1                    IN    PTR    example.com
  • Ok, now you just need to restart bind:
sudo /etc/init.d/bind9 restart
  • We can now test the new DNS server...
  • Modify the file resolv.conf with the following settings:
sudo vi /etc/resolv.conf
  • enter the following:
// replace example.com with your domain name, and 192.168.0.1 with the address of your new DNS server.
search example.com
nameserver 192.168.0.1
  • Now, test your DNS:
dig example.com


Personal Apt Repository

Setting Up Repository

Note: This type of repository is known as a Trivial Repository.

This type of repository does not fully comply with Debian standards, so should not be used commercially. However, it is ideal for home or personal use.

  • Install Package Tools
sudo apt-get install dpkg-dev
  • Create Repos on Filesystem
mkdir /somewhere/apt
mkdir /somewhere/apt/archives
mkdir /somewhere/apt/archives/binary
  • (Optional) Copy existing local APT cache to your Repos
cp -v /var/cache/apt/archives/*.deb /somewhere/apt/archives/binary/
  • Create Package Lists for Repos
cd /somewhere/apt/archives
dpkg-scanpackages binary /dev/null | gzip -9c > binary/Packages.gz
  • Publish Repos with Apache
cd /var/www
sudo ln -s /somewhere/apt/archives apt
  • Add Repos to Sources (on all PCs) to /etc/apt/sources.list

Open /etc/apt/sources.list

sudo gedit /etc/apt/sources.list

Add the following to the bottom of the file:

# My Repos
deb http://localhost/apt binary/
  • Update APT Database
sudo apt-get update

Updating Repository

Simply copy or download ".deb" files to /somewhere/apt/archives/binary/ and then update the Packages list:

cd /somewhere/apt/archives
dpkg-scanpackages binary /dev/null | gzip -9c > binary/Packages.gz

Streaming Media Server

How to install GNUMP3d for Streaming Media Server service

e.g. /var/music/ is the directory containing multimedia files
sudo apt-get install gnump3d

How to change the default directory containing multimedia files for GNUMP3d

e.g. Assumed that new directory containing multimedia files is /home/music/
sudo cp /etc/gnump3d/gnump3d.conf /etc/gnump3d/gnump3d.conf_backup
gksudo gedit /etc/gnump3d/gnump3d.conf
  • Find this line
root = /var/music
  • Replace with the following line
root = /home/music
  • Find this line
user = gnump3d
  • Replace with the following line
user = root
  • Save the edited file
sudo /etc/init.d/gnump3d restart

How to change the default port number for GNUMP3d

e.g. Assumed that new port number is 7878
sudo cp /etc/gnump3d/gnump3d.conf /etc/gnump3d/gnump3d.conf_backup
gksudo gedit /etc/gnump3d/gnump3d.conf
  • Find this line
port = 8888
  • Replace with the following line
port = 7878
  • Save the edited file
sudo /etc/init.d/gnump3d restart


Groupware (Email/Calendaring)

How to install Meldware Communication Suite

  • Read #General Notes
  • Read #How_to_install_Java_Development_Kit_.28JDK.29_v5.0
  • Meldware Communication Suite provides a multi-platform alternative to popular groupware like Exchange or Lotus Notes including Email(SMTP/POP/IMAP) and Calendaring(iCAL,WCAP). It depends on Java and, optionally, for the webmail/webcal client, Flash.
sudo aptitude install sun-java5-jdk
sudo update-java-alternatives -s java-1.5.0-sun
  • Download the jar file for a recent milestone or build here
  • Open a new terminal (capture java path updates)
  • change directory to your download directory
  • replace below filename with correct version based on your download
sudo java -jar buni-meldware-20070225.jar
  • A series of configuration questions are asked, for destination directory specify /opt/mcs
sudo cp /etc/init.d/skeleton /etc/init.d/meldware-cs
gksudo gedit /etc/init.d/meldware-cs
  • Replace the value in the line beginning with PATH with "/usr/sbin:/usr/bin:/sbin:/bin:/opt/mcs/bin" excluding quotes (assuming you specified /opt/mcs as the destination directory to the installer)
  • Replace the value in the line beginning with DESC with "Meldware Communication Suite" including quotes
  • Replace the value in the line beginning with NAME with "run.sh" excluding quotes
  • Replace the value in the line beginning with DAEMON with "/opt/mcs/bin/$NAME" excluding quotes
  • Replace the value in the line beginning with DAEMON_ARGS with "-c meldware" excluding quotes
  • Replace the value in the line beginning with SCRIPTNAME with "/etc/init.d/meldware-cs" excluding quotes
  • save (ESC):wq
sudo chmod 755 /etc/init.d/meldware-cs
sudo ln -s /etc/init.d/meldware-cs /etc/rc3.d/S21meldware-cs
sudo ln -s /etc/init.d/meldware-cs /etc/rc6.d/K21meldware-cs
sudo ln -s /etc/init.d/meldware-cs /etc/rc4.d/S21meldware-cs 
  • start MCS
sudo /etc/init.d/meldware-cs restart
  • Additional documentation is available here

Image Gallery Server

  • For a comparison between Gallery1 and Gallery2 see here

Gallery1

How to install Gallery1 for Image Gallery Server service
sudo apt-get install gallery (when prompted to restart Apache, choose No or Cancel)
sudo apt-get install imagemagick
sudo apt-get install jhead
sudo apt-get install libjpeg-progs
sudo /etc/init.d/apache2 restart
sudo sh /usr/share/gallery/configure.sh
Gallery Configuration Wizard: Step 1
Next Step ->
Gallery Configuration Wizard: Step 2
General settings Tab ->
Admin password: Specify the password

Locations and URLs Tab ->
Album directory: /var/www/albums/
Temporary directory: /tmp/
Gallery URL: http://localhost/gallery
Albums URL: http://localhost/albums
Next Step -->
Gallery Configuration Wizard: Step 3
Next Step -->
Gallery Configuration Wizard: Step 4
Save Config ->
How to configure Gallery1 to be accessible via Internet (Hostname or fix IP) or LAN (fix IP)
e.g. Assumed that network and internet connections have been configured properly
Internet (Hostname or fix IP) or LAN (fix IP): http://www.url.com
sudo cp /etc/gallery/config.php /etc/gallery/config.php_backup
gksudo gedit /etc/gallery/config.php
  • Find this section
...
$gallery->app->photoAlbumURL = "http://localhost/gallery";
$gallery->app->albumDirURL = "http://localhost/albums";
...
  • Replace with the following lines
$gallery->app->photoAlbumURL = "http://www.url.com/gallery";
$gallery->app->albumDirURL = "http://www.url.com/albums";
How to configure Gallery1 to be accessible via LAN (dynamic IP)
e.g. Assumed that network connections have been configured properly
LAN (dynamic IP): 192.168.0.1
sudo cp /etc/gallery/config.php /etc/gallery/config.php_backup
gksudo gedit /etc/gallery/config.php
  • Find this section
...
$gallery->app->photoAlbumURL = "http://localhost/gallery";
$gallery->app->albumDirURL = "http://localhost/albums";
...
  • Replace with the following lines
$gallery->app->photoAlbumURL = "/gallery";
$gallery->app->albumDirURL = "/albums";
How to backup/restore Gallery1 data
sudo tar zcvf gallery.tgz /var/www/albums/ /etc/gallery/
  • To restore Gallery data
sudo tar zxvf gallery.tgz -C /

Gallery2

How to install Gallery2
How to configure Gallery2

How to install Subversion version control server (with Apache support)

  • Install Subversion and Apache 2 Module
sudo aptitude install subversion libapache2-svn
  • Enable Subversion/DAV Apache 2 Module
sudo a2enmod dav_svn
  • Configure Apache 2
sudo nano /etc/apache2/mods-enabled/dav_svn.conf

Edit the file to look something like this:

<Location /svn>
  DAV svn
  SVNPath /home/svn

  AuthType Basic
  AuthName "Subversion Repository"
  AuthUserFile /etc/apache2/dav_svn.passwd
  Require valid-user
</Location>
  • Create Subversion Repository
sudo mkdir /home/svn
sudo svnadmin create /home/svn
  • Give Apache 2 Permissions to Repository
sudo chown -R www-data /home/svn
  • Create Repository User

Replace 'username' with your username

sudo htpasswd2 -cm /etc/apache2/dav_svn.passwd username

Enter password when prompted.

  • Restart Apache 2
sudo /etc/init.d/apache2 restart

How to install Subversion version control server (svnserve)

  • Install Subversion and Internet services daemon
sudo apt-get install subversion xinetd
  • Create user that will own the repositories
sudo adduser --system --no-create-home --home /var/svn --group --disabled-login svn
  • Create directory that will hold the repositories
sudo mkdir /var/svn
sudo chown svn:svn /var/svn
  • Create file /etc/xinetd.d/svnserve with the following content
service svn
{
       port = 3690
       socket_type = stream
       protocol = tcp
       wait = no
       user = svn
       server = /usr/bin/svnserve
       server_args = -i -r /var/svn
}
  • Restart xinetd
sudo /etc/init.d/xinetd restart
  • Create the first repository
sudo -u svn svnadmin create /var/svn/testrepo
  • It should be possible to check out the repository and work on it
svn co svn://localhost/testrepo
Personal tools
Sponsor
Going Tribal