A Linux server administration tutorial for beginners

Transcript

1. A Linux 1-day workshop Presented by Peter Dalmaris Sunday, 17

   June 12

2. About this workshop • No prior knowledge of Linux necessary

   • Lots of Linux flavours, we concentrate on Ubuntu • Server, not desktop edition • 9am to 5pm with a couple of breaks Sunday, 17 June 12

3. About this workshop Sunday, 17 June 12

4. About this workshop ๏ Start with some history and architecture

   ๏ Virtual Machines, installation ๏ Remote access ๏ User management ๏ File system ๏ Networking (including Samba) ๏ Backing up ๏ Server software Sunday, 17 June 12

5. About this workshop ๏ Start with some history and architecture

   ๏ Virtual Machines, installation ๏ Remote access ๏ User management ๏ File system ๏ Networking (including Samba) ๏ Backing up ๏ Server software ๏Software management: installing, removing, updating ๏Scheduling jobs through cron ๏Vim ๏Webmin ๏Rsync ๏...and anything else we can fit in Sunday, 17 June 12

6. About me • Working with Linux for over 10 years

   • Administrator for two public web applications running on Ubuntu Linux 8.10 and 9.04 (www.trackscentral.com, www.gitcentral.com) • Delivering IT services through my company, Futureshock Research. • Teaching at CSU since 2002. • Undergraduate degree in Electrical and Computer Engineering, Masters in Information Systems, Masters in Knowlegde Management, PhD in Business Process Management and Knowledge Management. • Contact me at [email protected] Sunday, 17 June 12

7. History - UNIX and GNU • UNIX dominated the OS

   space since 1960. It was efficient, effective, but expensive. • An effort to produce an open-source UNIX-like OS begun by Richard Stallman in 1994, this was the GNU project beginnings. • A lot of software was written as part of the GNU project by the Free Software Foundation: compilers, text editors, a shell... Sunday, 17 June 12

8. History - GNU is not an OS • ...but there

   were no complete kernel, device drivers, daemons etc. • Without these subsystems, GNU could not be completed as intended. Sunday, 17 June 12

9. History - Linux fills the gap • In 1991 Linus

   Trovalds developed a replacement of MINIX teaching OS developed by Andrew S. Tanenbaum and released by Prentice-Hall. • This replacement became the Linux kernel. Version 0.12 of Linux was released in 1992. • At first, it operated in the Minix user space. • Linux kernel became the missing GNU kernel. Sunday, 17 June 12

10. Sunday, 17 June 12

11. Sunday, 17 June 12

12. The cost of developing Linux Fedora 9 Sunday, 17 June

    12

13. The cost of developing Linux Fedora 9 Linux kernel Sunday,

    17 June 12

14. NCAR's newest supercomputer: On 12 July 2004, SCD took delivery

    of lightning, a new Linux cluster manufactured by IBM. The 1.1- teraflop system is now installed in the NCAR Computer Room Motorola RAZR², an advanced embedded system using embedded Linux The Nokia N810 features the Maemo Linux distribution,[2] based on Maemo 4.0, which features MicroB (a Mozilla-based mobile browser), a GPS navigation application, new media player, and a refreshed interface. The WRT54G is notable for being the first consumer- level network device that had its firmware source code released to satisfy the obligations of the GNU GPL. Ubuntu Linux on Macbook Pro Sunday, 17 June 12

15. Ubuntu Linux • A good choice for both server and

    desktop distribution. • Free and well updated - new release every six months. • Security updates for 18 months - after that just upgrade to the latest version. • There are LTS versions with extended length support. Sunday, 17 June 12

16. Ubuntu Linux server • Build on Debian, with reputation for

    robust server implementations. • Latest version is 9.04, based on kernel 2.6.28-11.37. • Out of the box support for cloud computing (Eucalyptus). • Mail server stack: SMTP, POP3, IMAP with TLS and SASL. Sunday, 17 June 12

17. Ubuntu Linux server • Kernel-based virtual machine (KVM). • Microsoft

    Exchange support. • Simplified firewall. • etc. etc. Sunday, 17 June 12

18. Desktop vs server Sunday, 17 June 12

19. Getting started: installation • It makes sense to install servers

    on virtual machines: • Better use of existing hardware • Ease of maintenance and disaster recovery You can assign a Linux virtual machine to a single service, like a web server, email server etc. Keep things simple. Maintain a single Linux host and multiple guests. Sunday, 17 June 12

20. Virtualisation Sunday, 17 June 12

21. Option 1: Ubuntu server on VMware on any host •

    Download the server image from http:// www.ubuntu.com/getubuntu/download- server • Start Vmware • Create a new virtual machine using the image you just downloaded Sunday, 17 June 12

22. Hands-on: Installation Directory Type FS Size Typical Size LAB /boot

    Primary Ext2 100MB 200MB /var LVM XFS 4GB 700MB /home LVM XFS 200GB 3GB / LVM Ext3 50GB 2GB swap LVM Swap 1GB 200MB Sample partitioning that separates critical portions of the hard drive. Sunday, 17 June 12

23. Hands-on: Installation Directory Type FS Size Typical Size LAB /boot

    Primary Ext2 100MB 200MB /var LVM XFS 4GB 700MB /home LVM XFS 200GB 3GB / LVM Ext3 50GB 2GB swap LVM Swap 1GB 200MB Sample partitioning that separates critical portions of the hard drive. Sunday, 17 June 12

24. Hands-on: Installation Directory Type FS Size Typical Size LAB /boot

    Primary Ext2 100MB 200MB /var LVM XFS 4GB 700MB /home LVM XFS 200GB 3GB / LVM Ext3 50GB 2GB swap LVM Swap 1GB 200MB Sample partitioning that separates critical portions of the hard drive. Sunday, 17 June 12

25. Hands-on: Installation Directory Type FS Size Typical Size LAB /boot

    Primary Ext2 100MB 200MB /var LVM XFS 4GB 700MB /home LVM XFS 200GB 3GB / LVM Ext3 50GB 2GB swap LVM Swap 1GB 200MB Sample partitioning that separates critical portions of the hard drive. Sunday, 17 June 12

26. Hands-on: Installation Directory Type FS Size Typical Size LAB /boot

    Primary Ext2 100MB 200MB /var LVM XFS 4GB 700MB /home LVM XFS 200GB 3GB / LVM Ext3 50GB 2GB swap LVM Swap 1GB 200MB Sample partitioning that separates critical portions of the hard drive. Sunday, 17 June 12

27. Option 2: Linux guests to an Ubuntu host running KVM

    • KVM is the default virtualisation technology that ships with current versions of Ubuntu • Requires hardware with virtualisation extensions Sunday, 17 June 12

28. One host, many guests Ubuntu host Ubuntu guest Windows guest

    Sunday, 17 June 12

29. Install a guest #1 Can your hardware support KVM? egrep

    '(vmx|svm)' --color=always /proc/cpuinfo No output means no KVM support. Try checking virtualization settings in the BIOS. If there is support, install the required packages: $ sudo apt-get install kvm libvirt-bin ubuntu-vm- builder qemu bridge-utils virt-viewer • libvirt-bin provides libvirtd which you need to administer qemu and kvm instances using libvirt • kvm is the backend • ubuntu-vm-builder powerful command line tool for building virtual machines • bridge-utils provides a bridge from your network to the virtual machines Inspect the cpuinfo virtual file: Use the apt-get package manager: Sunday, 17 June 12

30. Install guest #2 Add your user name to the libvirtd

    group $ sudo usermod -aG libvirtd `id -un` This will give you access to the system-wide libvirtd instance. Log out and in to make this effective. Test the installation is valid: $ virsh -c qemu:///system list Id Name State ---------------------------------- $ More about user management later. virsh is the main interface for managing guest domains Sunday, 17 June 12

31. Install KVM #3 Run the KVM command as root to

    reveal problems, such as lack of hardware $ sudo kvm QEMU PC emulator version 0.9.1 (kvm-62), Copyright (c) 2003-2008 Fabrice Bellard usage: qemu [options] [disk_image] ... $ kvm command can be used to start guest machines directly. Sunday, 17 June 12

32. Setup the virtual network #1 To enable network services to

    the VM and VM access to the outside world, we must configure bridge networking; The VM will access the network through the host’s physical network interface. 1. Install the bridge utility sudo apt-get install bridge-utils 2. Stop networking services sudo invoke-rc.d networking stop Sunday, 17 June 12

33. Setup the virtual network #2 3. Edit /etc/network/ interfaces and

    add the br0 section: auto lo iface lo inet loopback auto eth0 iface eth0 inet manual auto br0 iface br0 inet static address 192.168.0.10 network 192.168.0.0 netmask 255.255.255.0 broadcast 192.168.0.255 gateway 192.168.0.1 bridge_ports eth0 bridge_stp off bridge_fd 0 bridge_maxwait 0 You may use DHCP instead of fixed values. Content of /etc/ network/ Sunday, 17 June 12

34. Setup the virtual network #3 4. Restart networking services: sudo

    /etc/init.d/networking restart Sunday, 17 June 12

35. Remote administration Sunday, 17 June 12

36. Remote administration with SSH #1 • Ubuntu comes with an

    open source implementation of the SSH standard, called OpenSSH. • OpenSSH makes it possible to securely control a remote computer, and to transfer files. • To make this possible, we must install the sshd component on the server if not already installed. Sunday, 17 June 12

37. Remote administration with SSH #2 Install the sshd component: sudo

    apt-get install openssh-server Install the client component: sudo apt-get install openssh-client Some OS’s, like Mac OS X, come with an SSH client build-in. In Windows, use Putty. Sunday, 17 June 12

38. Remote administration with SSH #3 Connect: europa:~ peter$ ssh [email protected]

    Local machine Remote machine Sunday, 17 June 12

39. Remote administration with SSH #4 You can authenticate the client

    using its public key; then, you will not need to provide a password every time you want to connect. Create the client’s public key if one doesn’t exist already: ssh-keygen -t dsa This creates your key pair and stores it in ~/.ssh/. ssh-keygen is a key pair generator Sunday, 17 June 12

40. Remote administration with SSH #5 Take the contents of the

    file in ~/.ssh/id_dsa.pub on the client, and paste it in the file ~/.ssh/ authorized_keys on the server. If the target file does not exist, create it. This is how authorized_keys may look like: $ cat authorized_keys ssh-dss AAAAB3NzaC1kc3MAAACBAPKXVOfOAXtN8USLGYWJ7eSvvmPOawSXq35v1xHlTYPBeYbcLD17saIL8Mv7qgb9YDlU 7qPSQgSlOupzWnS7NyXxY5o/G0Z55R7ELQe/MlsRllfdEgLJn/ o1ww97POqcwDNxtRH48Or2chS2nyJlRIrq4c4pIW71HX+TobuMiHk5AAAAFQD7OZHCLizY/ WaTML9pNm103Dv6ZQAAAIEArli/RfNDvFPMuusrzlSOWK8ZK++Vp0xfBRCx0eeT/HkijXNwBlMvmuOBn/ 1dKulHXaZhOCQ1657nF/6LvQF3QpJ7y6I3Ste5+d+YJIVlxXPPmawnkD0sAj2ExgchnsKL/VoL/ 2wvT9qSyaAvue9OAtY2jEN8V78RMR3Ftytg1SsAAACBAJlOJYWOXmKJzfple5dKq6NKJQzNcLgGKvvwZKwC2fe9gL6y GY +PoH6henBAApKWqUxtaTamZAjhmowZ2Mv0ST13jvaX9i8K0hjxfHP3l03OvCFcSLWxj3NeMnas7HSEgvRRwrohm51V HEHlu+U8GWd36E6AjjUzlcfreym5IRDv [email protected] Sunday, 17 June 12

41. Remote administration with SSH #6 europa:~ peter$ ssh [email protected] Connect

    just like before, there should be no request for your password: Local machine Remote machine Sunday, 17 June 12

42. Upgrading Sunday, 17 June 12

43. Upgrading To upgrade to the latest version of Ubuntu server,

    use the so-release-upgrade utility. First, update apt-get to acquire the latest package information: sudo apt-get update Then, install the upgrade utility: sudo apt-get install update-manager-core Finally, do the upgrade: do-release-upgrade Sunday, 17 June 12

44. Updating installed packages Use the apt-get tool: sudo apt-get upgrade

    To automate package updates, use unattended- upgrades: sudo apt-get install unattended-upgrades Install the package: sudo vi /etc/apt/apt.conf.d/50unattended-upgrades ... and configure it: Unattended upgrade actions are logged in /var/log/unattended-upgrades. Add a Cron job to run /usr/bin/unattended-upgrade periodically. Sunday, 17 June 12

45. User management Sunday, 17 June 12

46. User management ๏ A critical aspect of server management. ๏In

    Ubuntu, the root user is disabled for safety. ๏Management tasks requiring root access can be completed by using the sudo command by a user who is in the “admin” group. ๏The user created during the installation process is added automatically to the admin group. Sunday, 17 June 12

47. Adding and deleting users To add a user: sudo adduser

    username To delete a user (will retain the home directory): sudo deluser username To disable a user: sudo passwd -l username To enable a user: sudo passwd -u username Sunday, 17 June 12

48. Creating and deleting groups To create a group: sudo addgroup

    groupname To delete a group: sudo delgroup groupname To add a user to a group: sudo adduser username groupname Sunday, 17 June 12

49. User profiles By default, all new home directories are accessible

    by everyone. You can enforce non-default access rights to new home directories by editing /etc/ adduser.conf: The contents of this directory are modelled after the contents of /etc/skel. Change “DIRMODE=0755”to “DIRMODE=0750” Sunday, 17 June 12

50. Password policy You can enforce strong user passwords by editing

    the password policy file /etc/pam.d/common-password. For example, to enforce a password with minimum 6 characters, edit the password line to look like this: password required pam_unix.so nullok obscure min=6 max=8 md5 Sunday, 17 June 12

51. Password expiration To see the password expiry value for a

    user, use the “chage” command: sudo chage -l username To make changes: sudo chage username The chage tool is for changing password expiration date. Sunday, 17 June 12

52. File system Sunday, 17 June 12

53. File system A filesystem is responsible for managing data stored

    on a non-volatile storage device like hard disks, USB drives, DVDs etc. Most linux distros, including Ubuntu, use ext3 (“third extended filesystem”). Ubuntu 9.04 introduces experimental support for ext4. Sunday, 17 June 12

54. Ext3 A journaling filesystem: logs changes in a journal to

    increase reliability in case of power failure or system crash. Sunday, 17 June 12

55. Ext3 Not as fast as others, like JFS, ReiserFS and

    XFS, but wins in CPU utilization, reliability, and testing base. Sunday, 17 June 12

56. Ext3 file limits ^ 8 KiB block size is only

    available on architectures which allow 8 KiB pages, such as Alpha. Sunday, 17 June 12

57. Ext3 levels of journaling ❖Journal ❖Lowest risk, slowest ❖Metadata and

    files are written to the journal before being committed. ❖Ordered (default) ❖Medium risk, medium speed ❖Metadata are written to the journal only - ext3 guarantees file contents are written to disk before marked as committed in the journal. Beware of “intermediate state” problem! ❖Writeback ❖Highest risk, fastest ❖Metadata written in journal, no guarantee for file contents. Sunday, 17 June 12

58. Ext4 ❖Adds 64-bit storage limits. ❖Volumes up to 1 exabyte.

    Files up to 16 terabytes. ❖Improved large file performance and reduced fragmentation. ❖Backwards compatible with ext2 and 3. ❖Journal cheksumming (not present in ext3). ❖Online defragmentation. ❖Timestamps in nanoseconds. Sunday, 17 June 12

59. Files and directories Filesystems store data in files and directories.

    Filesystems are stored in disk partitions. You can configure partitions any way you like, but something like this is advisable: Sunday, 17 June 12

60. fstab: static fs info cat /etc/fstab fstab is a text

    file that contains filesystem information Sunday, 17 June 12

61. df: Partition utilization df -h df stands for “disk free”

    Sunday, 17 June 12

62. Mount points mount mount -o remount, ro /usr mount -a

    Remount /usr in read only: Mount all fs in /etc/fstab: The mount command attaches a filesystem to a mount point Sunday, 17 June 12

63. File & directory commands Command Description ls Lists the contents

    of a directory cd Change directory mkdir Create directory rmdir Remove directory cp Copy file mv Move file rm Remove file pwd Print the present working directory file Print the presumed type of a file chmod Change the permission attributes of a file Sunday, 17 June 12

64. Networking Sunday, 17 June 12

65. Networking Most networking is configured by editing two files: ❖/etc/network/interfaces

    ❖Ethernet, TCP/IP, bridging ❖/etc/resolv.conf ❖DNS Other networking files: ❖/etc/hosts ❖/etc/dhcp3/dhcpd.conf Sunday, 17 June 12

66. /etc/network/interfaces Typical default contents: Directive Description auto Indicates the device

    should be setup at boot time. lo Loopback interface. iface “Interface”. eth0 Ethernet device 0, typically the primary network adaptor. inet Indicates network adaptor has an IPv4 address space. dhcp Network adaptor gets its configuration from a DHCP server. Sunday, 17 June 12

67. /etc/network/interfaces Good practice: fix your server’s IP address. Directive Description

    static Indicates the adaptor uses fixed IP configuration. address The IP address of the host. netmask Network subnet mask. gateway Gateway address. network The network portion of the IP address. nameserver The IP of a DNS. For static interfaces, you may also need to edit /etc/resolv.conf to specify DNS servers. Sunday, 17 June 12

68. /etc/hosts Ubuntu refers to this file to resolve host names

    before contacting a DNS. Good for frequently used hostnames, or internal network hosts. Sunday, 17 June 12

69. Network useful commands Command Description ping Test that an internet

    host is reachable. ifconfig Administer a TCP/IP network interface. sudo /etc/init.d/ networking stop, start, restart as arguments; controls network status. route Examine and configure the host’s routing table. Sunday, 17 June 12

70. Backup Sunday, 17 June 12

71. Backup “Failing to plan is planning to fail” It is

    a matter of time before you experience system failure on your server. When that happens, it is nice to have a backup. Sunday, 17 June 12

72. What is a backup? ... to keep multiple historical versions

    of your data going back far enough in time to enable recovery from a small or big disaster. Sunday, 17 June 12

73. Types of backup ❖Full - Backup the complete data set

    ❖Incremental - Backup only changes since last backup Periodic backup ❖Daily - Hold for the short term ❖Weekly - Hold for the medium term ❖Monthly - Hold for the long term Sunday, 17 June 12

74. Backup using a shell script #!/bin/sh #################################### # # Backup

    to NFS mount script. # #################################### # What to backup. backup_files="/home /var/spool/mail /etc /root /boot /opt" # Where to backup to. dest="/mnt/backup" # Create archive filename. day=$(date +%A) hostname=$(hostname -s) archive_file="$hostname-$day.tgz" # Print start status message. echo "Backing up $backup_files to $dest/$archive_file" date echo # Backup the files using tar. tar czf $dest/$archive_file $backup_files # Print end status message. echo echo "Backup finished" date # Long listing of files in $dest to check file sizes. ls -lh $dest This script rotates through 7 backups - one for each day. A modification can allow for rotation of daily, weekly, and monthly backups. Sunday, 17 June 12

75. Automating with cron Cron is used to schedule the execution

    of scripts. We will look at it in more detail later. # m h dom mon dow command 0 0 * * * bash /usr/local/bin/backup.sh crontab -e To enter the cron job editor To run the backup script every day of every month of every year, at midnight Sunday, 17 June 12

76. Restoring Use tar to test the integrity of an archive,

    or to extract its contents. tar -tzvf /mnt/backup/host-Monday.tgz To list the contents of the archive tar -xzvf /mnt/backup/host-Monday.tgz - C /tmp etc/hosts To extract a file from the archive tar -xzvf /mnt/backup/host-Monday.tgz To extract the full contents of the archive Sunday, 17 June 12

77. ...or, specialised backup utilities Such as Bacula, still open-source. Sunday,

    17 June 12

78. Server software Sunday, 17 June 12

79. Servers, servers, servers Most useful work on a server is

    done by some kind of server software: ❖Web (i.e. Apache) ❖Database (MySQL) ❖Application (LAMP - i.e Moin Moin) ❖FTP (i.e. vsftpd) ❖Network File System ❖Email (i.e. Postfix) ❖Etc. Sunday, 17 June 12

80. Web servers Sunday, 17 June 12

81. Web server Lot’s of choices for open source web servers.

    ❖Apache ❖LightTPD (YouTube, Meebo, Wikipedia) ❖Nginx ❖Roxen Sunday, 17 June 12

82. Apache: history and Apache has been around for ever (at

    least since the begining of the known time, when the web was invented): ❖powers 100 million websites (early 2009), over 46% of total ❖Most popular web server since 1996 ❖Lineage going back to NCSA HTTPd ❖Comprehensive set of features - you want it, it has it. Sunday, 17 June 12

83. Installing Apache sudo apt-get install apache2 Apache is installed in

    /etc/apache2. Sunday, 17 June 12

84. Installing Apache sudo apt-get install apache2 Apache is installed in

    /etc/apache2. File/Directory Description apache2.conf The main Apache2 configuration file. Contains settings that are global to Apache2. conf.d Contains configuration files which apply globally to Apache. Other packages that use Apache2 to serve content may add files, or symlinks, to this directory. envars File where Apache2 environment variables are set. httpd.conf Historically the main Apache2 configuration file, named after the httpd daemon.The file can be used for user specific configuration options that globally effect Apache2. mods-available This directory contains configuration files to both load modules and configure them. mods-enabled Holds symlinks to the files in /etc/apache2/mods-available. ports.conf Houses the directives that determine which TCP ports Apache2 is listening on. sites-available This directory has configuration files for Apache Virtual Hosts.Virtual Hosts allow Apache2 to be configured for multiple sites that have separate configurations. sites-enabled Like mods-enabled, sites-enabled contains symlinks to the /etc/apache2/sites-available directory. Similarly when a configuration file in sites-available is symlinked it will beactive once Apache is restarted. Sunday, 17 June 12

85. Works immediately Sunday, 17 June 12

86. /etc/apache2/sites- available/site_name Sunday, 17 June 12

87. /etc/apache2/sites- available/site_name <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www <Directory />

    Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined </VirtualHost> Sunday, 17 June 12

88. /etc/apache2/sites- available/site_name <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www <Directory />

    Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined </VirtualHost> Port number of site Sunday, 17 June 12

89. /etc/apache2/sites- available/site_name <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www <Directory />

    Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined </VirtualHost> Port number of site Email of webmaster Sunday, 17 June 12

90. /etc/apache2/sites- available/site_name <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www <Directory />

    Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined </VirtualHost> Port number of site Email of webmaster Root directory of site files Sunday, 17 June 12

91. /etc/apache2/sites- available/site_name <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www <Directory />

    Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined </VirtualHost> Port number of site Email of webmaster Root directory of site files Static files block Sunday, 17 June 12

92. /etc/apache2/sites- available/site_name <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www <Directory />

    Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined </VirtualHost> Port number of site Email of webmaster Root directory of site files Static files block Static files block Sunday, 17 June 12

93. /etc/apache2/sites- available/site_name <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www <Directory />

    Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined </VirtualHost> Port number of site Email of webmaster Root directory of site files Static files block Static files block Error log file Sunday, 17 June 12

94. /etc/apache2/sites- available/site_name <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www <Directory />

    Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined </VirtualHost> Port number of site Email of webmaster Root directory of site files Static files block Static files block Error log file Access log file Sunday, 17 June 12

95. Multiple sites Apache supports multiple sites on the same machine.

    Assign sites by port number, sub-domain, directory name, or any combination of the above. sudo /etc/init.d/apache2 restart After any configuration changes, restart Apache Sunday, 17 June 12

96. Modules There are many modules that provide additional functionality. These

    modules can be installed and loaded dynamically. sudo apt-get install libapache2-mod-auth- mysql Installs the MySQL authentication module sudo a2enmode auth_mysql sudo /etc/init.d/apache2 restart Enables the new module and restarts apache Sunday, 17 June 12

97. Apache: depth and breadth Sunday, 17 June 12

98. Databases Sunday, 17 June 12

99. Database server: mySQL “The world’s most popular open-source database”* *http://www.mysql.com/

    Yahoo, Google, Alcatel, Nokia, Youtube 25% market share (EDC research) Sunday, 17 June 12

100. MySQL features ❖Cross-platform compatible ❖Libraries for all major programming languages

     ❖Many administration choices, command line, web- based, GUIs ❖Stored procedures ❖Triggers ❖Cursors ❖Selection of storage engines (innoDB, Berkeley, etc.) ❖Replication ❖ACID compliance with innoDB, DBD, Cluster engines. ❖Full-text indexing ❖Open-source! Sunday, 17 June 12

101. Mysql installation sudo apt-get install mysql-server Installs the MySQL authentication

     module sudo netstat -tap | grep mysql After installation, check mysql deamon is running sudo /etc/init.d/mysql restart To restart: sudo vi /etc/mysql/my.cnf To configure: Sunday, 17 June 12

102. Create a new database and user mysql -u root -p

     Log on as root (asks for password): create database myDB; Create a new database: grant all privileges on myDB.* to ‘newuser’@‘localhost’identified by ‘newpassword’with grant option; Create a new user for the new database: exit; mysql -u newuser -p #asks for password use myDB; To verify this worked, exit and logon as the new user (no error messages mean all good): Sunday, 17 June 12

103. LAMP Sunday, 17 June 12

104. LAMP Linux Apache MySQL Php A popular configuration for Linux

     servers. LAMP applications are packaged in a way that makes it easy to install and manage. Sunday, 17 June 12

105. LAMP example: Moin Moin Moin Moin is a Python-based wiki

     engine. sudo apt-get install python-moinmoin Install Moin Moin (expects Apache 2 already installed): cd /usr/share/moin sudo mkdir mywiki sudo cp -R data mywiki sudo cp -R underlay mywiki sudo cp server/moin.cgi mywiki sudo chown -R www-data.www-data mywiki sudo chmod -R ug+rwX mywiki sudo chmod -R o-rwx mywiki Prepare the Moin Moin directory: Sunday, 17 June 12

106. Configure Moin Moin data_dir = '/usr/share/moin/mywiki/data' Edit /etc/moin/mywiki.py data_underlay_dir='/usr/share/moin/mywiki/ underlay'

     In the next line, insert: ### moin ScriptAlias /mywiki "/usr/share/moin/mywiki/moin.cgi" alias /moin_static181 "/usr/share/moin/htdocs" <Directory /usr/share/moin/htdocs> Order allow,deny allow from all </Directory> ### end moin Configure Apache; add the following lines in /etc/apache2/ sites-available/default file inside the “<VirtualHost *>” tag: sudo /etc/init.d/mysql restart Restart: Sunday, 17 June 12

107. Test it... Browse to http://localhost/mywiki Sunday, 17 June 12

108. FTP Sunday, 17 June 12

109. FTP A simple way to transfer files between computers. Many

     open source FTP servers available on Linux: ❖ vsftp ❖ Filezilla ❖ Pure-ftpd ❖ NASLite ❖ wu-ftpd ❖ etc. Sunday, 17 June 12

110. Install vsftp “Probably the most secure and fastest FTP server

     for UNIX-like systems.” http://vsftpd.beasts.org/ sudo apt-get install vsftpd Install it: Sunday, 17 June 12

111. Install vsftp “Probably the most secure and fastest FTP server

     for UNIX-like systems.” http://vsftpd.beasts.org/ sudo apt-get install vsftpd Install it: Put your files here to make them available to FTP clients Sunday, 17 June 12

112. Connect to the FTP server Sunday, 17 June 12

113. Connect to the FTP server Anonymous connection Sunday, 17 June

     12

114. Connect to the FTP server Anonymous connection Download to local

     machine Sunday, 17 June 12

115. Connect to the FTP server Anonymous connection Download to local

     machine Download completed Sunday, 17 June 12

116. Secure FTP ... local_enable=YES write_enable=YES ... Edit /etc/vsftpd.conf: Now vsftpd

     will ask for the user’s password and will start at their home directories. Sunday, 17 June 12

117. NFS Allows for server files and directories to be available

     to remote clients as if they were local. sudo apt-get install nfs-kernel-server Install it: Sunday, 17 June 12

118. NFS Allows for server files and directories to be available

     to remote clients as if they were local. sudo apt-get install nfs-kernel-server Install it: Set directories to be exported here: Sunday, 17 June 12

119. Export a directory Sunday, 17 June 12

120. Export a directory Export the /home directory to client with

     IP 192.168.178.20: Connect to the NSF export: Use as if it is local Sunday, 17 June 12

121. Email Sunday, 17 June 12

122. Email services: Postfix The default Mail Transfer Agent (MTA) for

     Ubuntu Rich set of features: ❖Protocols: ❖SMTP ❖DKIM ❖DSN status ❖ETRN ❖IPv6 ❖SASL authentication ❖TLS encryption/authoentication ❖QMQP ❖Junk mail control ❖Databases: ❖Berkley ❖CDB ❖LDAP ❖MySQL ❖PostgreSQL ❖Mailbox and Maildir formats ❖Virtual domains ❖Address masquarading ❖Selective address rewritting ❖VERP envelope return address Sunday, 17 June 12

123. Postfix installation sudo apt-get install postfix Install it: The configuration

     screens will come up as part of the installation. sudo dpkg-reconfigure postfix To reconfigure at a later time: sudo apt-get install postfix Install it: Or, you can edit the Postfix configuration file /etc/ postfix/main.cf. After editing, restart: Sunday, 17 June 12

124. Postfix configuration Sample values: ❖Internet Site ❖mail.example.com ❖peter ❖mail.example.com, localhost.localdomain,

     localhost ❖No ❖127.0.0.0/8 [::ffff:127.0.0.0]/104 [:: 1]/128 192.168.0/24 ❖0 ❖+ ❖all Check sources such as these for details on configuration: ❖http://flurdy.com/docs/postfix/ ❖http://ubuntuforums.org/ showthread.php?t=780509 ❖http://en.wikipedia.org/wiki/ Email#Workings Sunday, 17 June 12

125. SMTP authentication Allows a client to identify itself. Once authenticated,

     the SMTP server will allow the client to relay mail. Configuration for SMTP-AUTH is done with the Dovecot package: sudo apt-get install dovecot-postfix Install it: In production, you will need to configure the SSL certificate and key to be used with authentication and encryption. Sunday, 17 June 12

126. Test by sending yourself an email sudo apt-get install nail

     Install nail, a command line emailer: Sunday, 17 June 12

127. Firewall Sunday, 17 June 12

128. Firewall The Linux kernel includes the Netfilter subsystem: controls network

     traffic in/out. Linux firewalls utilise Netfilter. The administrator tells Netfilter how to treat data packets by configuring rules in iptables, a configuration file. In Ubuntu, we use ufw as a configuration tool for iptables. Sunday, 17 June 12

129. ufw “the friendly way to create a firewall” ufw: Ucomplicated

     firewall sudo apt-get install ufw Install ufw: Enable ufw and restart the server to take effect: You will not be able to restore the SSH connection until you configure ufw to allow SSH traffic: sudo ufw allow 22 sudo ufw deny 22 or Sunday, 17 June 12

130. ufw, examples of rules sudo ufw delete deny 22 Delete

     a rule: sudo ufw allow proto tcp from 192.168.0.2 to any port 22 Allow access from a host to port 22 of any IP address on this host: sudo ufw allow http Allow all HTTP traffic: Use --dry-run to show the rule corresponding to a directive: Sunday, 17 June 12

131. ufw, examples of rules sudo ufw disable Disable the firewall:

     sudo ufw status See status: sudo ufw status verbose See detailed status: Application integration, predefined rules. Apply like this “sudo ufw allow Postfix” and “sudo ufw app info Postfix” to view rule details: Sunday, 17 June 12

132. Software management Sunday, 17 June 12

133. Package management Over 24,000 software packages for Ubuntu. It is

     a good idea to use a package manager to maintain those installed on your server.: ❖Install ❖Remove ❖Resolve dependencies ❖Compile ❖Upgrade Ubuntu is supported by apt-get, aptitude. Most packages are supported by both, so your choice. Sunday, 17 June 12

134. apt A collection of tools, not a single tool. apt-get

     is the most important tool. Used for tasks like: ❖Update the index files from their source ❖Upgrade all installed packages ❖Install a package ❖Remove installed package ❖Source code fetching ❖Build dependencies ❖Checks for broken dependencies ❖Clean the local repository ❖Autoclean only files in the local repository that can no longer be downloaded and are considered useless. Sunday, 17 June 12

135. Using apt-get sudo apt-get install nmap Install a package named

     “nmap”: Already installed, ready to use. sudo apt-get remove nmap Remove a package named “nmap”: sudo apt-get update Update the apt index (the repositories are listed in /etc/apt/ sources.list): sudo apt-get upgrade Upgrade all packages installed: All actions are recorded in /var/log/dpkg.log Sunday, 17 June 12

136. Automatic updates The “unattended-upgrades” package can automatically install updated packages.

     sudo apt-get install unattended-upgrades Install it: Define the type of upgrades in / etc/apt/apt.conf.d/50unattended- upgrades All actions are recorded in /var/log/unattended- upgrades Sunday, 17 June 12

137. Windows connectivity Sunday, 17 June 12

138. Windows connectivity Works as: ❖File server ❖Printer server (including PDF)

     ❖Domain controller in Windows networks ❖Authentication ... for Windows clients Sunday, 17 June 12

139. Samba installation For Windows XP and later clients, there is

     nothing to install. For the Linux server: sudo apt-get install samba Install Samba: Sunday, 17 June 12

140. Samba configuration To define a share (in this example, the

     home folders), edit the /etc/samba/smb.cnf file: [homes] comment = Home Directories browseable = yes read only =no create mask = 0775 directory mask = 0775 valid users = %S Make home directories shared, browsable, read-write: Define the password for a share user: sudo /etc/init.d/samba reload Reload Samba configuration: Sunday, 17 June 12

141. Access share from Windows Sunday, 17 June 12

142. Other Samba capabilities We just saw the most basic capability

     of Samba. Other things you can do: ❖Sharing CUPS printers ❖Various security issues ❖Active Directory integration, including Kerberos authentication ❖Database integration for user information ❖LDAP integration ❖Domain controller or client ❖WINS ❖Remote and local management Sunday, 17 June 12

143. Scheduling Sunday, 17 June 12

144. Scheduling with cron Cron is the standard job scheduler for

     Unix. Cron stands for “cronograph”. Every user can specify scripts or programs to run at specific time intervals in a text file called “crontab”. Sunday, 17 June 12

145. Example crontab file crontab -e Access/edit crontab file: Schedule Script

     to run Redirect output Sunday, 17 June 12

146. Example crontab file crontab -e Access/edit crontab file: Schedule Script

     to run Redirect output Sunday, 17 June 12

147. Example crontab file crontab -e Access/edit crontab file: Schedule Script

     to run Redirect output Sunday, 17 June 12

148. cron job definition * * * * * command to

     execute Sunday, 17 June 12

149. cron job definition * * * * * command to

     execute Day of week (0:Sunday to 7) Sunday, 17 June 12

150. cron job definition * * * * * command to

     execute Day of week (0:Sunday to 7) Month (1 - 12) Sunday, 17 June 12

151. cron job definition * * * * * command to

     execute Day of week (0:Sunday to 7) Month (1 - 12) Day of month (1 - 31) Sunday, 17 June 12

152. cron job definition * * * * * command to

     execute Day of week (0:Sunday to 7) Month (1 - 12) Day of month (1 - 31) Hour (0 - 23) Sunday, 17 June 12

153. cron job definition * * * * * command to

     execute Day of week (0:Sunday to 7) Month (1 - 12) Day of month (1 - 31) Hour (0 - 23) Minute (0 - 59) Sunday, 17 June 12

154. cron shortcuts Entry Description Equivalent @reboot Run once at starttup

     - @yearly Run once a year 0 0 1 1 * @annually Same as @yearly 0 0 1 1 * @monthly Run once a month 0 0 1 * * @weekly Run once a week 0 0 * * 0 @daily Run once a day 0 0 * * * @midnight Same as @daily 0 0 * * * @hourly Run once every hour 0 * * * * Sunday, 17 June 12

155. Web-based administration Sunday, 17 June 12

156. Webmin: web based server Open source interface for system administration

     based on modules: ❖User management ❖Apache ❖MySQL ❖OpenSSH ❖DNS ❖File sharing ❖etc. Sunday, 17 June 12

157. Webmin installation and configuration wget http://prdownloads.sourceforge.net/webadmin/ webmin_1.500_all.deb dpkg --install webmin_1.500_all.deb

     Get required deb file and install it: Sunday, 17 June 12

158. Access Webmin https://serverIP:10000 Webmin modules Statistics Sunday, 17 June 12

159. Access Webmin https://serverIP:10000 Webmin modules Statistics Sunday, 17 June 12

160. Access Webmin https://serverIP:10000 Webmin modules Statistics Sunday, 17 June 12

161. Access Webmin https://serverIP:10000 Webmin modules Statistics Sunday, 17 June 12

162. Vim Sunday, 17 June 12

163. Vim: universal Unix editor Sunday, 17 June 12

164. Vim and vi Vim is an improved version of vi,

     the stock-standard text editor for Unix and Linux systems. sudo apt-get install vim Install vim vim filename start vim Use commands expressed by keystrokes to control vim (see cheat sheet in next slide). Sunday, 17 June 12

165. Vim cheat sheet Sunday, 17 June 12

166. Go on and build your server. Notes and videos available

     at http://blog.futureshock-ed.com. A discussion group available at http://groups.google.com/group/linux-alumni Any feedback appreciated. Have fun and stay in touch! Sunday, 17 June 12