2. About this workshop
• No prior knowledge of Linux necessary
• Lots of Linux flavours, we concentrate on
Ubuntu
• Server, not desktop edition
• 9am to 5pm with a couple of breaks
4. About this workshop
๏ Start with some history and
architecture
๏ Virtual Machines, installation
๏ Remote access
๏ User management
๏ File system
๏ Networking (including Samba)
๏ Backing up
๏ Server software
5. About this workshop
๏ Start with some history and
architecture
๏ Software management: installing,
removing, updating
๏ Virtual Machines, installation
๏ Scheduling jobs through cron
๏ Remote access
๏ Vim
๏ User management
๏ Webmin
๏ File system
๏ Rsync
๏ Networking (including Samba)
๏ Backing up ๏ ...and anything else we can fit in
๏ Server software
6. About me
• Working with Linux for over 10 years
• Administrator for two public web applications
running on Ubuntu Linux 8.10 and 9.04
(www.trackscentral.com, www.gitcentral.com)
• Delivering IT services through my company,
Futureshock Research.
• Teaching at CSU since 2002.
• Undergraduate degree in Electrical and Computer
Engineering, Masters in Information Systems, Masters
in Knowlegde Management, PhD in Business Process
Management and Knowledge Management.
• Contact me at peter.dalmaris@gmail.com
7. History - UNIX and
GNU
• UNIX dominated the OS space since 1960.
It was efficient, effective, but expensive.
• An effort to produce an open-source
UNIX-like OS begun by Richard Stallman in
1994, this was the GNU project beginnings.
• A lot of software was written as part of the
GNU project by the Free Software
Foundation: compilers, text editors, a shell...
8. History - GNU is not
an OS
• ...but there were no complete kernel,
device drivers, daemons etc.
• Without these subsystems, GNU could not
be completed as intended.
9. History - Linux fills the
gap
• In 1991 Linus Trovalds developed a replacement of
MINIX teaching OS developed by Andrew S.
Tanenbaum and released by Prentice-Hall.
• This replacement became the Linux kernel.Version
0.12 of Linux was released in 1992.
• At first, it operated in the Minix user space.
• Linux kernel became the missing GNU kernel.
13. The cost of developing
Linux Fedora 9
Linux kernel
14. NCAR's newest supercomputer: On 12 July
2004, SCD took delivery of lightning, a new
Linux cluster manufactured by IBM. The 1.1-
teraflop system is now installed in the NCAR
Computer Room
Motorola RAZR², an advanced
embedded system using embedded
Linux
The Nokia N810 features the Maemo
Linux distribution,[2] based on
Maemo 4.0, which features MicroB
(a Mozilla-based mobile browser), a
GPS navigation application, new
media player, and a refreshed
interface.
The WRT54G is notable for Ubuntu Linux on
being the first consumer- Macbook Pro
level network device that
had its firmware source code
released to satisfy the
obligations of the GNU
GPL.
15. Ubuntu Linux
• A good choice for both server and desktop
distribution.
• Free and well updated - new release every
six months.
• Security updates for 18 months - after that
just upgrade to the latest version.
• There are LTS versions with extended
length support.
16. Ubuntu Linux server
• Build on Debian, with reputation for robust
server implementations.
• Latest version is 9.04, based on kernel
2.6.28-11.37.
• Out of the box support for cloud
computing (Eucalyptus).
• Mail server stack: SMTP, POP3, IMAP with
TLS and SASL.
17. Ubuntu Linux server
• Kernel-based virtual machine (KVM).
• Microsoft Exchange support.
• Simplified firewall.
• etc. etc.
19. Getting started:
installation
• It makes sense to install servers on virtual
machines:
• Better use of existing hardware
• Ease of maintenance and disaster recovery
You can assign a Linux virtual machine to a single
service, like a web server, email server etc. Keep
things simple.
Maintain a single Linux host and multiple guests.
21. Option 1: Ubuntu server
on VMware on any host
• Download the server image from http://
www.ubuntu.com/getubuntu/download-
server
• Start Vmware
• Create a new virtual machine using the
image you just downloaded
23. Hands-on: Installation
Sample partitioning that separates critical portions of
the hard drive.
Directory Type FS Size Typical Size LAB
/boot Primary Ext2 100MB 200MB
/var LVM XFS 4GB 700MB
/home LVM XFS 200GB 3GB
/ LVM Ext3 50GB 2GB
swap LVM Swap 1GB 200MB
24. Hands-on: Installation
Sample partitioning that separates critical portions of
the hard drive.
Directory Type FS Size Typical Size LAB
/boot Primary Ext2 100MB 200MB
/var LVM XFS 4GB 700MB
/home LVM XFS 200GB 3GB
/ LVM Ext3 50GB 2GB
swap LVM Swap 1GB 200MB
25. Hands-on: Installation
Sample partitioning that separates critical portions of
the hard drive.
Directory Type FS Size Typical Size LAB
/boot Primary Ext2 100MB 200MB
/var LVM XFS 4GB 700MB
/home LVM XFS 200GB 3GB
/ LVM Ext3 50GB 2GB
swap LVM Swap 1GB 200MB
26. Hands-on: Installation
Sample partitioning that separates critical portions of
the hard drive.
Directory Type FS Size Typical Size LAB
/boot Primary Ext2 100MB 200MB
/var LVM XFS 4GB 700MB
/home LVM XFS 200GB 3GB
/ LVM Ext3 50GB 2GB
swap LVM Swap 1GB 200MB
27. Hands-on: Installation
Sample partitioning that separates critical portions of
the hard drive.
Directory Type FS Size Typical Size LAB
/boot Primary Ext2 100MB 200MB
/var LVM XFS 4GB 700MB
/home LVM XFS 200GB 3GB
/ LVM Ext3 50GB 2GB
swap LVM Swap 1GB 200MB
28. Option 2: Linux guests to an
Ubuntu host running KVM
• KVM is the default virtualisation technology
that ships with current versions of Ubuntu
• Requires hardware with virtualisation
extensions
29. One host, many guests
Ubuntu guest
Windows guest
Ubuntu host
30. Install a guest #1
Can your hardware support KVM?
Inspect the cpuinfo
virtual file:
No output means no KVM support. Try checking
virtualization settings in the BIOS.
If there is support, install the required packages:
Use the apt-get
package manager:
• libvirt-bin provides libvirtd which you need to administer qemu and kvm instances
using libvirt
• kvm is the backend
• ubuntu-vm-builder powerful command line tool for building virtual machines
• bridge-utils provides a bridge from your network to the virtual machines
31. Install guest #2
Add your user name to the libvirtd group
More about user
management later.
This will give you access to the system-wide libvirtd
instance. Log out and in to make this effective.
Test the installation is valid:
virsh is the main
interface for
managing guest
domains
32. Install KVM #3
Run the KVM command as root to reveal
problems, such as lack of hardware
kvm command can be
used to start guest
machines directly.
33. Setup the virtual
network #1
To enable network services to the VM and
VM access to the outside world, we must
configure bridge networking; The VM will
access the network through the host’s
physical network interface.
1. Install the bridge utility
2. Stop networking services
34. Setup the virtual
network #2
3. Edit /etc/network/
interfaces and add
the br0 section:
Content of /etc/
network/
You may use DHCP
instead of fixed values.
37. Remote administration
with SSH #1
• Ubuntu comes with an open source
implementation of the SSH standard, called
OpenSSH.
• OpenSSH makes it possible to securely
control a remote computer, and to transfer
files.
• To make this possible, we must install the
sshd component on the server if not
already installed.
38. Remote administration
with SSH #2
Install the sshd component:
Install the client component:
Some OS’s, like Mac OS X, come with an SSH client build-in. In
Windows, use Putty.
40. Remote administration
with SSH #4
You can authenticate the client using its public key;
then, you will not need to provide a password every
time you want to connect.
Create the client’s public key if one doesn’t exist
already:
ssh-keygen is a key
pair generator
This creates your key pair and stores it in ~/.ssh/.
41. Remote administration
with SSH #5
Take the contents of the file in ~/.ssh/id_dsa.pub on
the client, and paste it in the file ~/.ssh/
authorized_keys on the server. If the target file does
not exist, create it. This is how authorized_keys may
look like:
42. Remote administration
with SSH #6
Connect just like before, there
should be no request for your
password:
Local machine
Remote machine
44. Upgrading
To upgrade to the latest version of Ubuntu
server, use the so-release-upgrade utility.
First, update apt-get to acquire the latest package
information:
Then, install the upgrade utility:
Finally, do the upgrade:
45. Updating installed
packages
Use the apt-get tool:
To automate package updates, use unattended-
upgrades:
Install the package:
... and configure it:
Unattended upgrade actions are logged in /var/log/unattended-upgrades. Add a Cron job to
run /usr/bin/unattended-upgrade periodically.
47. User management
๏ A critical aspect of server management.
๏In Ubuntu, the root user is disabled for safety.
๏Management tasks requiring root access can be
completed by using the sudo command by a user who
is in the “admin” group.
๏The user created during the installation process is
added automatically to the admin group.
48. Adding and deleting
users
To add a user:
To delete a user (will retain the home directory):
To disable a user:
To enable a user:
49. Creating and deleting
groups
To create a group:
To delete a group:
To add a user to a group:
50. User profiles
By default, all new home directories are accessible
by everyone.You can enforce non-default access
rights to new home directories by editing /etc/
adduser.conf:
The contents of this directory are modelled after the
contents of /etc/skel.
51. Password policy
You can enforce strong user passwords by editing the
password policy file /etc/pam.d/common-password.
For example, to enforce a password with minimum 6
characters, edit the password line to look like this:
52. Password expiration
To see the password expiry value for a user, use the
“chage” command:
The chage tool is for
changing password
expiration date.
To make changes:
54. File system
A filesystem is responsible for managing data stored
on a non-volatile storage device like hard disks, USB
drives, DVDs etc.
Most linux distros, including Ubuntu, use ext3 (“third
extended filesystem”).
Ubuntu 9.04 introduces experimental support for
ext4.
55. Ext3
A journaling filesystem: logs changes in a journal to
increase reliability in case of power failure or system
crash.
56. Ext3
Not as fast as others, like JFS, ReiserFS and XFS,
but wins in CPU utilization, reliability, and testing
base.
57. Ext3 file limits
^ 8 KiB block size is only available on architectures which allow 8 KiB pages, such as Alpha.
58. Ext3 levels of journaling
❖Journal
❖Lowest risk, slowest
❖Metadata and files are written to the journal before being
committed.
❖Ordered (default)
❖Medium risk, medium speed
❖Metadata are written to the journal only - ext3 guarantees file
contents are written to disk before marked as committed in
the journal. Beware of “intermediate state” problem!
❖Writeback
❖Highest risk, fastest
❖Metadata written in journal, no guarantee for file contents.
59. Ext4
❖Adds 64-bit storage limits.
❖Volumes up to 1 exabyte. Files up to 16 terabytes.
❖Improved large file performance and reduced
fragmentation.
❖Backwards compatible with ext2 and 3.
❖Journal cheksumming (not present in ext3).
❖Online defragmentation.
❖Timestamps in nanoseconds.
60. Files and directories
Filesystems store data in files and directories.
Filesystems are stored in disk partitions.
You can configure partitions any way you like, but
something like this is advisable:
61. fstab: static fs info
fstab is a text file that
contains filesystem
information
63. Mount points
The mount command attaches a
filesystem to a mount point
Remount /usr in read only:
Mount all fs in /etc/fstab:
64. File & directory
commands
Command Description
ls Lists the contents of a directory
cd Change directory
mkdir Create directory
rmdir Remove directory
cp Copy file
mv Move file
rm Remove file
pwd Print the present working directory
file Print the presumed type of a file
chmod Change the permission attributes of a file
67. Networking
Most networking is configured by editing two files:
❖/etc/network/interfaces
❖Ethernet, TCP/IP, bridging
❖/etc/resolv.conf
❖DNS
Other networking files:
❖/etc/hosts
❖/etc/dhcp3/dhcpd.conf
68. /etc/network/interfaces
Typical default contents:
Directive Description
Indicates the device should be setup at boot
auto
time.
lo Loopback interface.
iface “Interface”.
Ethernet device 0, typically the primary
eth0
network adaptor.
Indicates network adaptor has an IPv4
inet
address space.
Network adaptor gets its configuration from
dhcp
a DHCP server.
69. /etc/network/interfaces
Good practice: fix your server’s IP address.
Directive Description
Indicates the adaptor uses fixed IP
static
configuration.
address The IP address of the host.
netmask Network subnet mask.
gateway Gateway address.
network The network portion of the IP address.
nameserver The IP of a DNS.
For static interfaces, you may also need to edit /etc/resolv.conf to specify DNS servers.
70. /etc/hosts
Ubuntu refers to this file to resolve host names
before contacting a DNS. Good for frequently used
hostnames, or internal network hosts.
71. Network useful
commands
Command Description
ping Test that an internet host is reachable.
ifconfig Administer a TCP/IP network interface.
sudo /etc/init.d/ stop, start, restart as arguments; controls
networking network status.
Examine and configure the host’s routing
route
table.
73. Backup
“Failing to plan is planning to fail”
It is a matter of time before you experience system
failure on your server. When that happens, it is
nice to have a backup.
74. What is a backup?
... to keep multiple historical versions of your data
going back far enough in time to enable recovery
from a small or big disaster.
75. Types of backup
❖Full - Backup the complete data set
❖Incremental - Backup only changes since last
backup
Periodic backup
❖Daily - Hold for the short term
❖Weekly - Hold for the medium term
❖Monthly - Hold for the long term
76. Backup using a shell script
#!/bin/sh
####################################
#
# Backup to NFS mount script.
This script rotates
#
#################################### through 7 backups
# What to backup.
backup_files="/home /var/spool/mail /etc /root /boot /opt"
# Where to backup to.
- one for each day.
dest="/mnt/backup"
# Create archive filename.
day=$(date +%A)
hostname=$(hostname -s)
archive_file="$hostname-$day.tgz"
# Print start status message.
echo "Backing up $backup_files to $dest/$archive_file"
date
echo A modification can
# Backup the files using tar.
tar czf $dest/$archive_file $backup_files allow for rotation
# Print end status message.
echo
echo "Backup finished"
of daily, weekly, and
date
# Long listing of files in $dest to check file sizes.
monthly backups.
ls -lh $dest
77. Automating with cron
Cron is used to schedule the execution of scripts. We
will look at it in more detail later.
To enter the cron job editor
To run the backup script every # m h dom mon dow command
day of every month of every 0 0 * * * bash /usr/local/bin/backup.sh
year, at midnight
78. Restoring
Use tar to test the integrity of an archive, or to
extract its contents.
To list the contents of the
archive
To extract a file from the archive
To extract the full contents of
the archive
81. Servers, servers,
servers
Most useful work on a server is done by some
kind of server software:
❖Web (i.e. Apache)
❖Database (MySQL)
❖Application (LAMP - i.e Moin Moin)
❖FTP (i.e. vsftpd)
❖Network File System
❖Email (i.e. Postfix)
❖Etc.
83. Web server
Lot’s of choices for open source web servers.
❖Apache
❖LightTPD (YouTube,
Meebo, Wikipedia)
❖Nginx
❖Roxen
84. Apache:
history and
Apache has been around for ever (at least since the
begining of the known time, when the web was
invented):
❖powers 100 million websites (early 2009), over
46% of total
❖Most popular web server since 1996
❖Lineage going back to NCSA HTTPd
❖Comprehensive set of features - you want it, it
has it.
86. Installing Apache
Apache is installed in /etc/apache2.
File/Directory Description
apache2.conf The main Apache2 configuration file. Contains settings that are global to Apache2.
Contains configuration files which apply globally to Apache. Other packages that use Apache2 to serve content
conf.d may add files, or symlinks, to this directory.
envars File where Apache2 environment variables are set.
Historically the main Apache2 configuration file, named after the httpd daemon.The file
httpd.conf can be used for user specific configuration options that globally effect Apache2.
mods-available This directory contains configuration files to both load modules and configure them.
mods-enabled Holds symlinks to the files in /etc/apache2/mods-available.
ports.conf Houses the directives that determine which TCP ports Apache2 is listening on.
This directory has configuration files for Apache Virtual Hosts.Virtual Hosts allow
sites-available Apache2 to be configured for multiple sites that have separate configurations.
Like mods-enabled, sites-enabled contains symlinks to the /etc/apache2/sites-available directory. Similarly when a
sites-enabled configuration file in sites-available is symlinked it will beactive once Apache is restarted.
89. /etc/apache2/sites-
available/site_name
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
</VirtualHost>
90. /etc/apache2/sites-
available/site_name
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
Port number of site
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
</VirtualHost>
91. /etc/apache2/sites-
available/site_name
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
Port number of site
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
Email of webmaster
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
</VirtualHost>
92. /etc/apache2/sites-
available/site_name
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
Port number of site
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
Email of webmaster
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Root directory of site files
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
</VirtualHost>
93. /etc/apache2/sites-
available/site_name
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
Port number of site
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
Email of webmaster
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Root directory of site files
Order allow,deny
allow from all
</Directory>
Static files block
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
</VirtualHost>
94. /etc/apache2/sites-
available/site_name
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
Port number of site
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
Email of webmaster
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Root directory of site files
Order allow,deny
allow from all
</Directory>
Static files block
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Scripts block
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
</VirtualHost>
95. /etc/apache2/sites-
available/site_name
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
Port number of site
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
Email of webmaster
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Root directory of site files
Order allow,deny
allow from all
</Directory>
Static files block
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Scripts block
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
Error log file
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
</VirtualHost>
96. /etc/apache2/sites-
available/site_name
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
Port number of site
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
Email of webmaster
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Root directory of site files
Order allow,deny
allow from all
</Directory>
Static files block
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Scripts block
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
Error log file
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
Access log file
CustomLog /var/log/apache2/access.log combined
</VirtualHost>
97. Multiple sites
Apache supports multiple sites on the same machine.
Assign sites by port number, sub-domain, directory
name, or any combination of the above.
After any configuration changes,
restart Apache
98. Modules
There are many modules that provide additional
functionality.
These modules can be installed and loaded
dynamically.
Installs the MySQL
authentication module
Enables the new module and
restarts apache
101. Database server: mySQL
“The world’s most popular open-source database”*
*http://www.mysql.com/
Yahoo,
Google,
Alcatel,
Nokia,
Youtube
25% market
share (EDC
research)
102. MySQL features
❖Cross-platform compatible
❖Libraries for all major ❖Selection of storage engines
programming languages (innoDB, Berkeley, etc.)
❖Many administration ❖Replication
choices, command line, web- ❖ACID compliance with
based, GUIs innoDB, DBD, Cluster engines.
❖Stored procedures ❖Full-text indexing
❖Triggers ❖Open-source!
❖Cursors
103. Mysql installation
Installs the MySQL
authentication module
After installation, check mysql
deamon is running
To restart:
To configure:
104. Create a new database
and user
Log on as root (asks for
mysql -u root -p
password):
Create a new database: create database myDB;
grant all privileges on myDB.* to
Create a new user for the new ‘newuser’@‘localhost’identified by
database:
‘newpassword’with grant option;
To verify this worked, exit and exit;
logon as the new user (no error mysql -u newuser -p #asks for password
messages mean all good): use myDB;
106. LAMP
Linux A popular configuration for
Apache Linux servers.
MySQL
Php LAMP applications are packaged
in a way that makes it easy to
install and manage.
107. LAMP example: Moin Moin
Moin Moin is a Python-based wiki engine.
Install Moin Moin (expects
Apache 2 already installed):
cd /usr/share/moin
Prepare the Moin Moin
sudo mkdir mywiki
directory:
sudo cp -R data mywiki
sudo cp -R underlay mywiki
sudo cp server/moin.cgi mywiki
sudo chown -R www-data.www-data
mywiki
sudo chmod -R ug+rwX mywiki
sudo chmod -R o-rwx mywiki
108. Configure Moin Moin
Edit /etc/moin/mywiki.py data_dir = '/usr/share/moin/mywiki/data'
data_underlay_dir='/usr/share/moin/mywiki/
In the next line, insert:
underlay'
### moin
ScriptAlias /mywiki "/usr/share/moin/mywiki/moin.cgi"
Configure Apache; add the alias /moin_static181 "/usr/share/moin/htdocs"
following lines in /etc/apache2/ <Directory /usr/share/moin/htdocs>
sites-available/default file inside the Order allow,deny
allow from all
“<VirtualHost *>” tag:
</Directory>
### end moin
Restart: sudo /etc/init.d/apache2 restart
111. FTP
A simple way to transfer files between computers.
Many open source FTP servers available on Linux:
❖ vsftp
❖ Filezilla
❖ Pure-ftpd
❖ NASLite
❖ wu-ftpd
❖ etc.
112. Install vsftp
“Probably the most secure and fastest FTP server for UNIX-like systems.”
http://vsftpd.beasts.org/
Install it:
113. Install vsftp
“Probably the most secure and fastest FTP server for UNIX-like systems.”
http://vsftpd.beasts.org/
Install it:
Put your files here to
make them available
to FTP clients
116. Connect to the FTP
server
Anonymous
connection
Download
to local
machine
117. Connect to the FTP
server
Anonymous
connection
Download
to local
machine
Download
completed
118. Secure FTP
Edit /etc/vsftpd.conf:
Now vsftpd will ask for the user’s password
and will start at their home directories.
119. NFS
Allows for server files and directories to be
available to remote clients as if they were local.
Install it:
120. NFS
Allows for server files and directories to be
available to remote clients as if they were local.
Install it:
Set directories to be
exported here:
124. Email services: Postfix
The default Mail Transfer Agent (MTA) for Ubuntu
Rich set of features:
❖Protocols: ❖Address masquarading
❖SMTP ❖Junk mail control
❖Databases: ❖Selective address rewritting
❖DKIM ❖VERP envelope return
❖DSN status ❖Berkley
❖CDB address
❖ETRN
❖IPv6 ❖LDAP
❖SASL authentication ❖MySQL
❖TLS encryption/authoentication ❖PostgreSQL
❖QMQP ❖Mailbox and Maildir formats
❖Virtual domains
125. Postfix installation
Install it:
The configuration screens will come up as part of
the installation.
To reconfigure at a later time:
Or, you can edit the Postfix configuration file /etc/
postfix/main.cf. After editing, restart:
Install it:
126. Postfix configuration
Check sources such as
Sample values:
these for details on
❖Internet Site configuration:
❖mail.example.com ❖http://flurdy.com/docs/postfix/
❖peter ❖http://ubuntuforums.org/
showthread.php?t=780509
❖mail.example.com, ❖http://en.wikipedia.org/wiki/
localhost.localdomain, localhost Email#Workings
❖No
❖127.0.0.0/8 [::ffff:127.0.0.0]/104 [::
1]/128 192.168.0/24
❖0
❖+
❖all
127. SMTP authentication
Allows a client to identify itself. Once authenticated,
the SMTP server will allow the client to relay mail.
Configuration for SMTP-AUTH is done with the
Dovecot package:
Install it:
In production, you will need to configure the SSL
certificate and key to be used with authentication and
encryption.
128. Test by sending yourself
an email
Install nail, a
command line
emailer:
130. Firewall
The Linux kernel includes the Netfilter subsystem:
controls network traffic in/out.
Linux firewalls utilise Netfilter. The administrator
tells Netfilter how to treat data packets by
configuring rules in iptables, a configuration file.
In Ubuntu, we use ufw as a configuration tool for
iptables.
131. ufw
“the friendly way to create a firewall”
ufw: Ucomplicated firewall
Install ufw:
Enable ufw and restart
the server to take effect:
You will not be able to
restore the SSH
connection until you or
configure ufw to allow
SSH traffic:
132. ufw, examples of rules
Delete a rule:
Allow access from a host to port
22 of any IP address on this host:
Allow all HTTP traffic:
Use --dry-run to show the rule
corresponding to a directive:
133. ufw, examples of rules
Disable the firewall:
See status:
See detailed status:
Application integration, predefined
rules. Apply like this “sudo ufw allow
Postfix” and “sudo ufw app info Postfix”
to view rule details:
135. Package management
Over 24,000 software packages for Ubuntu. It is a
good idea to use a package manager to maintain
those installed on your server.:
❖Install
❖Remove
❖Resolve dependencies
❖Compile
❖Upgrade
Ubuntu is supported by apt-get, aptitude.
Most packages are supported by both, so your
choice.
136. apt
A collection of tools, not a single tool.
apt-get is the most important tool. Used for
tasks like:
❖Update the index files from their source
❖Upgrade all installed packages
❖Install a package
❖Remove installed package
❖Source code fetching
❖Build dependencies
❖Checks for broken dependencies
❖Clean the local repository
❖Autoclean only files in the local repository that can no longer be downloaded
and are considered useless.
137. Using apt-get
Already installed, ready to use.
Install a package named “nmap”:
Remove a package named “nmap”:
Update the apt index (the
repositories are listed in /etc/apt/
sources.list):
Upgrade all packages installed:
All actions are recorded in /var/log/dpkg.log
138. Automatic updates
The “unattended-upgrades” package can
automatically install updated packages.
Install it:
Define the type of upgrades in /
etc/apt/apt.conf.d/50unattended-
upgrades
All actions are recorded in /var/log/unattended-
upgrades
140. Windows connectivity
Works as:
❖File server
❖Printer server (including PDF)
❖Domain controller in Windows networks
❖Authentication
... for Windows clients
142. Samba configuration
To define a share (in this example, the home
folders), edit the /etc/samba/smb.cnf file:
[homes]
Make home directories shared, comment = Home Directories
browseable = yes
browsable, read-write: read only =no
create mask = 0775
directory mask = 0775
valid users = %S
Define the password for a share
user:
Reload Samba configuration:
144. Other Samba
capabilities
We just saw the most basic capability of Samba.
Other things you can do:
❖Sharing CUPS printers
❖Various security issues
❖Active Directory integration, including Kerberos
authentication
❖Database integration for user information
❖LDAP integration
❖Domain controller or client
❖WINS
❖Remote and local management
146. Scheduling with cron
Cron is the standard job scheduler for Unix.
Cron stands for “cronograph”.
Every user can specify scripts or programs to
run at specific time intervals in a text file called
“crontab”.
147. Example crontab file
Access/edit crontab file:
Schedule Redirect output Script to run
148. Example crontab file
Access/edit crontab file:
Schedule Redirect output Script to run
149. Example crontab file
Access/edit crontab file:
Schedule Redirect output Script to run
158. Webmin: web
based server
Open source interface for system administration
based on modules:
❖User management
❖Apache
❖MySQL
❖OpenSSH
❖DNS
❖File sharing
❖etc.
159. Webmin installation
and configuration
sudo apt-get install perl5 libnet-ssleay-perl
sudo apt-get install wget
Get required libraries, webmin wget http://prdownloads.sourceforge.net/webadmin/
archive, and run the setup utility. webmin-1.480.tar.gz
You can safely accept all setup script
defaults. tar xzvf webmin-1.480.tar.gz
cd webmin-1.480
sudo ./setup.sh
166. Vim and vi
Vim is an improved version of vi, the stock-standard
text editor for Unix and Linux systems.
Install vim
start vim
Use commands expressed by keystrokes to control
vim (see cheat sheet in next slide).
168. Go on and build your server.
Notes and videos available at
http://blog.futureshock-ed.com.
A discussion group available at
http://groups.google.com/group/linux-alumni
Any feedback appreciated.
Have fun and stay in touch!