Difference between revisions of "Ubuntu Server Setup"

From rbachwiki
Jump to navigation Jump to search
Line 839: Line 839:


</pre>
</pre>
=== vsftpd - FTP Server Installation ===
sudo apt-get install vsftpd
To configure vsftpd to authenticate
system users and allow them to upload files edit /etc/vsftpd.conf:
sudo /etc/init.d/vsftpd restart

Revision as of 14:47, 17 August 2016

Upgrading Ubuntu Server to a new release

  • Install update-manager-core if it is not already installed:
  • sudo apt-get install update-manager-core
  • Launch the upgrade tool:
  • sudo do-release-upgrade

Turn on Mod Rewrite

1. a2enmod rewrite 
2. restart apache server 
3. edit vhost file AllowOverride all


Apache Commands

  • List apache packages and versions
    • dpkg -l | grep apache
  • shows version of ubnuntu
    • cat /etc/issue
  • shows version of ubuntu
    • cat /etc/*-release
  • give detail status of the service
    • apachectl status
  • Gives info on where config file is located
    • apachectl -V
  • Search the entire server for the file
    • find / | grep "apache2\.conf"
  • Info for each line in the .conf File
  • Displays Config Info about all Virtual Hosts
    • apachectl -t -D DUMP_VHOSTS
  • Display All Modules form Apache
    • apachectl -t -D DUMP_MODULES
  • Enable and Disable Modules
  • Directory for Modules
    • /etc/apache2/modes-available and /etc/apache2/mods-enabled
    • a2enmod and a2dismod will enable of disable modules
  • Find where the apache error log is located
    • grep -Ri ErrorLog /etc/apache2
  • Watch Error log in realtime
    • tail -f error.log
  • Tools to Analize log files
    • AWStats - awstats.sourceforge.net
  • GoAccess - Terminal app
    • goaccess.prosoftcorp.com


Using SMTP to send email

apt-get install php-pear

pear install Mail

pear install Net_SMTP

restart apache

## you have to include this in your code.

require_once 'Mail.php';

## there is a lot more info you have to provide. do a search or pear mail

Setting up Postfix to send mail

sudo apt-get install postfix

Options

Satellite
domain.com
smtp server=  ip address or smtp.domain.com
service restart postfix

 Postfix config file
 /etc/postfix/main.cf

Giving Root Privileges to another Account

edit  /etc/sudoers.tmp

#User previlege specification

root  ALL=(ALL:ALL)ALL

#  copy the settings of the root and adapt it to your username

alex ALL=(ALL:ALL)ALL


Installing Node.js

sudo apt-get install python-software-properties

add-apt-repository ppa:chris-lea/node.js

 

apt-get update
apt-get install nodejs npm


Search Repositories

sudo apt-cache search python

will search the cached repo of all python

Changing Mac Address Linux

ifconfig wlan0 down

ifconfig wlan0 hw ether de:ad:be:ef:co:fe

ifconfig wlan0 up

ifconfig wlan0 | grep HWaddr

Repair Perl Locale Errors on Ubuntu

sudo apt-get install language-pack-en-base
sudo dpkg-reconfigure locales
if that dosent work then try this
export LANGUAGE=en_US.UTF-8
export LANG=en_US.UTF-8
export LC_ALL=en_US.UTF-8
locale-gen en_US.UTF-8
apt-get install locales
dpkg-reconfigure locales

Remove Old host keys from Known_hosts

 ssh-keygen -f "/root/.ssh/known_hosts" -R 192.168.20.133

 

Sync Time with ntp server

 Using the command line, you can use dpkg-reconfigure tzdata.

dpkg-reconfigure tzdata
 
Follow instructions
 
install ntp
 
sudo apt-get install ntp

Setting up a Cron Job

Using cron

 Use the personal crontab to setup your jobs

type

crontab -e  ** use the -e switch, do not edit the file directly 

Everthing is the same as below except the 6th space in the personal crontab is the field to execute as oposed to the user to run the job

example

* * * * * /backup/script.sh

as opposed to

* * * * * root /backup/script.sh

 

crontab -l - shows scheduled jobs

crontab -r  remove the current crontab file

 

In the /etc directory you will probably find some sub directories called 

'cron.hourly', 'cron.daily', 'cron.weekly' and 'cron.monthly'. If you place 

a script into one of those directories it will be run either hourly, daily, 

weekly or monthly, depending on the name of the directory. 


If you want more flexibility than this, you can edit a crontab (the name 

for cron's config files). The main config file is normally /etc/crontab.

On a default RedHat install, the crontab will look something like this:

 
root@pingu # cat /etc/crontab

SHELL=/bin/bash

PATH=/sbin:/bin:/usr/sbin:/usr/bin

MAILTO=root

HOME=/


# run-parts

01 * * * * root run-parts /etc/cron.hourly

02 4 * * * root run-parts /etc/cron.daily

22 4 * * 0 root run-parts /etc/cron.weekly

42 4 1 * * root run-parts /etc/cron.monthly

 
The first part is almost self explanatory; it sets the variables for cron.

SHELL is the 'shell' cron runs under. If unspecified, it will default to 

the entry in the /etc/passwd file.


PATH contains the directories which will be in the search path for cron 

e.g if you've got a program 'foo' in the directory /usr/cog/bin, it might 

be worth adding /usr/cog/bin to the path, as it will stop you having to use

the full path to 'foo' every time you want to call it.

 
MAILTO is who gets mailed the output of each command. If a command cron is 

running has output (e.g. status reports, or errors), cron will email the output 

to whoever is specified in this variable. If no one if specified, then the 

output will be mailed to the owner of the process that produced the output.


HOME is the home directory that is used for cron. If unspecified, it will 

default to the entry in the /etc/passwd file.

 

Now for the more complicated second part of a crontab file.

An entry in cron is made up of a series of fields, much like the /etc/passwd

file is, but in the crontab they are separated by a space. There are normally

seven fields in one entry. The fields are:

 
minute hour dom month dow user cmd

 
minuteThis controls what minute of the hour the command will run on,

and is between '0' and '59'

hourThis controls what hour the command will run on, and is specified in

         the 24 hour clock, values must be between 0 and 23 (0 is midnight)

domThis is the Day of Month, that you want the command run on, e.g. to

run a command on the 19th of each month, the dom would be 19.

monthThis is the month a specified command will run on, it may be specified

numerically (0-12), or as the name of the month (e.g. May)

dowThis is the Day of Week that you want a command to be run on, it can

also be numeric (0-7) or as the name of the day (e.g. sun).

userThis is the user who runs the command.

cmdThis is the command that you want run. This field may contain 

multiple words or spaces.

 

Fields

 .---------------- minute (0 - 59) 

 |  .------------- hour (0 - 23)

 |  |  .---------- day of month (1 - 31)

 |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ... 

 |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7)  OR sun,mon,tue,wed,thu,fri,sat 

 |  |  |  |  |

 *  *  *  *  *  

 

If you don't wish to specify a value for a field, just place a * in the 

field.

 

e.g.

01 * * * * root echo "This command is run at one min past every hour"

17 8 * * * root echo "This command is run daily at 8:17 am"

17 20 * * * root echo "This command is run daily at 8:17 pm"

00 4 * * 0 root echo "This command is run at 4 am every Sunday"

* 4 * * Sun root echo "So is this"

42 4 1 * * root echo "This command is run 4:42 am every 1st of the month"

01 * 19 07 * root echo "This command is run hourly on the 19th of July"

Notes:

Under dow 0 and 7 are both Sunday.

If both the dom and dow are specified, the command will be executed when

either of the events happen. 

e.g.

* 12 16 * Mon root cmd

Will run cmd at midday every Monday and every 16th, and will produce the 

same result as both of these entries put together would:

* 12 16 * * root cmd

* 12 * * Mon root cmd

Vixie Cron also accepts lists in the fields. Lists can be in the form, 1,2,3 

(meaning 1 and 2 and 3) or 1-3 (also meaning 1 and 2 and 3).

e.g.

59 11 * * 1,2,3,4,5 root backup.sh

Will run backup.sh at 11:59 Monday, Tuesday, Wednesday, Thursday and Friday,

as will:

59 11 * * 1-5 root backup.sh 

Cron also supports 'step' values.

A value of */2 in the dom field would mean the command runs every two days

and likewise, */5 in the hours field would mean the command runs every 

5 hours.

e.g. 

* 12 10-16/2 * * root backup.sh

is the same as:

* 12 10,12,14,16 * * root backup.sh

*/15 9-17 * * * root connection.test

Will run connection.test every 15 mins between the hours or 9am and 5pm

Lists can also be combined with each other, or with steps:

* 12 1-15,17,20-25 * * root cmd

Will run cmd every midday between the 1st and the 15th as well as the 20th 

and 25th (inclusive) and also on the 17th of every month.

* 12 10-16/2 * * root backup.sh

is the same as:

* 12 10,12,14,16 * * root backup.sh

When using the names of weekdays or months, it isn't case sensitive, but only

the first three letters should be used, e.g. Mon, sun or Mar, jul.

Comments are allowed in crontabs, but they must be preceded with a '#', and

must be on a line by them self. 

scp without password - keygen

Generate a public/private key pair on the local machine.

    ssh-keygen -t rsa
 
In response, you should see:
 
Generating public/private rsa key pair
Enter file in which to save the key ... 
 
Press Enter to accept this.
 
In response, you should see:
 
 
Enter passphrase (empty for no passphrase):
 
You don't need a passphrase, so press Enter twice.
 
In response, you should see:
 
Your identification has been saved in ... 
Your public key has been saved in ... 
 
Note the name and location of the public key just generated. It always ends in .pub.
 
Copy the public key id_rsa.pub just generated to all of your remote Linux boxes. You can use scp or FTP or whatever to make the copy. Assuming you're using root--again, see my warning in step 1--the key must be contained in the file /root/.ssh/authorized_keys. Or, if you are logging in as a user, for example, clyde, it would be in /home/clyde/authorized_keys. Notice that the authorized_keys file can contain keys from other PCs. So, if the file already exists and contains text, you need to append the contents of your public key file to what already is there
 
cat id_rsa.pub >> authorized_keys
 
The files are stored in root/.ssh
if the authorized_keys file does not exist create it and copy the id_rsa.pub from the other machine and paste in the authorized_keys file
do it for each machine so each machine has the other .pub info inthe authorized_key file
if the file already exist, just edit it and paste the other machine's .pub info.

Virtual Host Setup to display domain without the www

 Setup Virtual host so www.domain.com works and domain.com works.

ServerName www.domain.com

ServerAlias domain.com

This will allow the domain to come up with the www

Finding out Package Dependencies with apt-redepends

1 Installing apt-rdepends

apt-rdepends can be installed as follows:
 
apt-get install apt-rdepends
 
If you are on Ubuntu and are not logged in as root, use
 
sudo apt-get install apt-rdepends
 
apt-rdepends can be used as follows:
 
apt-rdepends <packagename>
 
For example, to find out all dependencies of the package wget, run:
 
apt-rdepends wget
 
For most packages, the output is even longer and might not fit on your screen. In these cases you can pipe the output into more (or less), e.g. as follows:
 
apt-rdepends apache2 | more
 
apt-rdepends apache2 | less

Set Time zone in Ubuntu Server

dpkg-reconfigure tzdata

Installing Java in Ubuntu

sudo add-apt-repository ppa:sun-java-community-team/sun-java6

sudo apt-get update
 
sudo apt-get install sun-java6-bin sun-java6-plugin
 

Install Lamp with 1 command

Open terminal and Type the command :install it   first  with

 
sudo apt-get install tasksel
Now to install LAMP, type "tasksel" in terminal :
 
And select LAMP Server:
 
During the installation  you  will be  asked  to insert the  mysql root  password
 
Now check if php is working :
 
$sudo   vi  /var/www/info.php
and add
 
1.
2.
phpinfo();
3.
?>
 
save and exit
 
restart apache2 ,
 
#sudo /etc/init.d/apache2  restart
Now open browser and type :
 
http://ip/info.php or http://localhost/info.php 
 
Php is installed.
 
To full manage  your  lamp Server database, install  phpmyadmin
 
sudo  apt-get  install  phpmyadmin
To login  to phpmyadmin, open browser and type :
 
http://ip/phpmyadmin   or http://localhost/phpmyadmin

Remove mysql

dpkg -l | grep mysql

sudo dpkg -P –force-all <package name>


Manually install apache2, php5 mysql

sudo apt-get install apache2

sudo apt-get install php5 libapache2-mod-php5

sudo apt-get install mysql-server

 
6 Getting MySQL Support In PHP5

To get MySQL support in PHP, we can install the php5-mysql package. It's a good idea to install some other PHP5 modules as well as you might need them for your applications. You can search for available PHP5 modules like this:

 
aptitude search php5

 
Pick the ones you need and install them like this:

 
aptitude install php5-mysql php5-curl php5-gd php5-idn php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-mhash php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl php5-json


Now restart Apache2:

How to check Ubuntu's version

cat /etc/issue

uname -a : print all information

uname -r : print the kernel release

uname -v : print the kernel version

uname -o : print the operating system

How do I find out what version of Linux distribution I'm using

cat /etc/*-release


Installing Curl in ubuntu

sudo apt-get install  php5-curl

Now you have PHP cURL installed, the next thing you need to do is to restart apache2, run the following command in your terminal:

sudo /etc/init.d/apache2 restart

Chmod Octal Codes

Permissions may be granted using human readable assignments "rwx" or octal codes.

  Owner/Group/Other 


DescriptionAbreviationOctal code
Read access r 4
Write (change) permission w 2
Execute script of binary executable x 1
Read and Execute rx 5
Read and Write rw 6
Read, Write and Execute rwx 7

Use of octal assignment does not add or remove permission, but assigns the permission explicitly.  Examples:

  • Assign yourself full access to read and modify the file, allow members of the group to read it and do not allow any others access: *
chmod 640 filename
  • Assign execute status to a script with the same access as the previous example. (Without it, a script is like any other text file)*
chmod 740 filename

Modifying Ip Address in Ubuntu Terminal

sudo nano /etc/network/interfaces

Once your prefered editor opens the file you want to enter the following information (changing your addresses where necessary):

auto lo eth0
iface lo inet loopback
iface eth0 inet static
address xxx.xxx.xxx.xxx(enter your ip here)
netmask xxx.xxx.xxx.xxx
gateway xxx.xxx.xxx.xxx(enter gateway ip here)

Be sure to save your changes.

Step 2.2 – Manually configure your dns configuration file: You can edit the appropriate file by entering the following command into the terminal:

sudo nano /etc/resolv.conf

Once your preferred editor opens the file you want to enter the following information (changing your addresses where necessary):

# Generated by NetworkManager
nameserver xxx.xxx.xxx.xxx(enter your dns server ip)
nameserver xxx.xxx.xxx.xxx(enter your alt dns server ip)

Be sure to save your changes.

Step 2.3 – Manually restart your network interface with the new settings: Enter the following command in the terminal:

sudo /etc/init.d/networking restart

This should return a result that looks like the following:

*Reconfiguring network interfaces… [OK]

At this point in your terminal you should be able to run the ifconfig command and the results should reflect your new settings. If the addressing is correct you should have full network access, even after a system restart.

Uninstalling an app in shell

sudo apt-get autoremove "appname"

then remove any directories that are left over

Ubuntu Php.ini Settings

These are lines i modify in the php.ini file to get joomla working

/etc/php5/apache2/php.ini

; Maximum size of POST data that PHP will accept.
post_max_size = 100M

; Maximum allowed size for uploaded files.
upload_max_filesize = 200M

memory_limit = 32M      ; Maximum amount of memory a script may consume (16MB)

Setting up a network from the command Line

Network Configuration

Ubuntu ships with a number of graphical utilities to configure your network devices. This document is geared toward server administrators and will focus on managing your network on the command line.

Ethernet

Most Ethernet configuration is centralized in a single file, /etc/network/interfaces. If you have no Ethernet devices, only the loopback interface will appear in this file, and it will look something like this:

  1. This file describes the network interfaces available on your system
  2. and how to activate them. For more information, see interfaces(5).
  1. The loopback network interface

auto lo iface lo inet loopback address 127.0.0.1 netmask 255.0.0.0 If you have only one Ethernet device, eth0, and it gets its configuration from a DHCP server, and it should come up automatically at boot, only two additional lines are required:

auto eth0 iface eth0 inet dhcp The first line specifies that the eth0 device should come up automatically when you boot. The second line means that interface (“iface”) eth0 should have an IPv4 address space (replace “inet” with “inet6” for an IPv6 device) and that it should get its configuration automatically from DHCP. Assuming your network and DHCP server are properly configured, this machine's network should need no further configuration to operate properly. The DHCP server will provide the default gateway (implemented via the route command), the device's IP address (implemented via the ifconfig command), and DNS servers used on the network (implemented in the /etc/resolv.conf file.)

To configure your Ethernet device with a static IP address and custom configuration, some more information will be required. Suppose you want to assign the IP address 192.168.0.2 to the device eth1, with the typical netmask of 255.255.255.0. Your default gateway's IP address is 192.168.0.1. You would enter something like this into /etc/network/interfaces:

iface eth1 inet static address 192.168.0.2 netmask 255.255.255.0 gateway 192.168.0.1 In this case, you will need to specify your DNS servers manually in /etc/resolv.conf, which should look something like this:

search mydomain.example nameserver 192.168.0.1 nameserver 4.2.2.2 The search directive will append mydomain.example to hostname queries in an attempt to resolve names to your network. For example, if your network's domain is mydomain.example and you try to ping the host “mybox”, the DNS query will be modified to “mybox.mydomain.example” for resolution. The nameserver directives specify DNS servers to be used to resolve hostnames to IP addresses. If you use your own nameserver, enter it here. Otherwise, ask your Internet Service Provider for the primary and secondary DNS servers to use, and enter them into /etc/resolv.conf as shown above.

Many more configurations are possible, including dialup PPP interfaces, IPv6 networking, VPN devices, etc. Refer to man 5 interfaces for more information and supported options. Remember that /etc/network/interfaces is used by the ifup/ifdown scripts as a higher level configuration scheme than may be used in some other Linux distributions, and that the traditional, lower level utilities such as ifconfig, route, and dhclient are still available to you for ad hoc configurations.

Managing DNS Entries

This section explains how to configure which nameserver to use when resolving IP addresses to hostnames and vice versa. It does not explain how to configure the system as a name server.

To manage DNS entries, you can add, edit, or remove DNS names from the /etc/resolv.conf file. A sample file is given below:

search com nameserver 204.11.126.131 nameserver 64.125.134.133 nameserver 64.125.134.132 nameserver 208.185.179.218 The search key specifies the string which will be appended to an incomplete hostname. Here, we have configured it to com. So, when we run: ping ubuntu it would be interpreted as ping ubuntu.com.

The nameserver key specifies the nameserver IP address. It will be used to resolve a given IP address or hostname. This file can have multiple nameserver entries. The nameservers will be used by the network query in the same order.

[Warning] If the DNS server names are retrieved dynamically from DHCP or PPPoE (retrieved from your ISP), do not add nameserver entries in this file. It will be overwritten.

Managing Hosts

To manage hosts, you can add, edit, or remove hosts from /etc/hosts file. The file contains IP addresses and their corresponding hostnames. When your system tries to resolve a hostname to an IP address or determine the hostname for an IP address, it refers to the /etc/hosts file before using the name servers. If the IP address is listed in the /etc/hosts file, the name servers are not used. This behavior can be modified by editing /etc/nsswitch.conf at your peril.

If your network contains computers whose IP addresses are not listed in DNS, it is recommended that you add them to the /etc/hosts file.

Iptables open ftp port 21

Use iptables administration tool for IPv4 packet filtering and NAT under Linux to open tcp port 21 (FTP). Following rule-set assumes that your eth0 network interface directly connected to internet. It has public ip (202.54.1.20). FTP use both port 21 and 20 (port 21 for the command port and port 20 for the data). So following iptables rules take care of both ports (add rules to your iptables script):

Procedure

Add support for FTP connection tracking.

Task load required iptables modules

First login as the root user.

Next type the following command to load two iptables modules:
# modprobe ip_conntrack
 # modprobe ip_conntrack_ftp 

Now add following iptables rules for incoming request on port 21 (open port 21) to your script:

iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 202.54.1.20 --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
 iptables -A OUTPUT -p tcp -s 202.54.1.20 --sport 21 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
 

iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 202.54.1.20 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
 iptables -A OUTPUT -p tcp -s 202.54.1.20 --sport 1024:65535 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
 

iptables -A OUTPUT -p tcp -s 202.54.1.20 --sport 20 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
 iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 202.54.1.20 --dport 20 -m state --state ESTABLISHED -j ACCEPT