A Linux server administration tutorial for beginners

A Linux server administration tutorial for beginners

Linux 1-day workshop contents
=============================
This workshop covers the basic technologies and practices necessary for administering a Linux server. No prior knowledge of Linux is assumed.

Through guided hands-on exercises, by the end of the workshop, the participant is expected to have an understanding and practical knowledge of the following:

* A short history of Linux
* Architecture
* Virtualisation and hosting of Linux servers as virtual machines.
* Secure remote access for remote management
* Upgrading
* User management
* File system
* Networking, including Samba (for Windows networking)
* Backup tools and practices
* Server software (web, database, LAMP, FTP, NFS, email)
* Firewall
* Software management
* Job scheduling with cron
* Vim the Unix universal text editor
* Webmin for web-based administration
* Rsync for file syncrhonisation

7edaedf6cb8541c9940587f62406456d?s=128

Peter Dalmaris

June 17, 2012
Tweet

Transcript

  1. A Linux 1-day workshop Presented by Peter Dalmaris Sunday, 17

    June 12
  2. About this workshop • No prior knowledge of Linux necessary

    • Lots of Linux flavours, we concentrate on Ubuntu • Server, not desktop edition • 9am to 5pm with a couple of breaks Sunday, 17 June 12
  3. About this workshop Sunday, 17 June 12

  4. About this workshop ๏ Start with some history and architecture

    ๏ Virtual Machines, installation ๏ Remote access ๏ User management ๏ File system ๏ Networking (including Samba) ๏ Backing up ๏ Server software Sunday, 17 June 12
  5. About this workshop ๏ Start with some history and architecture

    ๏ Virtual Machines, installation ๏ Remote access ๏ User management ๏ File system ๏ Networking (including Samba) ๏ Backing up ๏ Server software ๏Software management: installing, removing, updating ๏Scheduling jobs through cron ๏Vim ๏Webmin ๏Rsync ๏...and anything else we can fit in Sunday, 17 June 12
  6. About me • Working with Linux for over 10 years

    • Administrator for two public web applications running on Ubuntu Linux 8.10 and 9.04 (www.trackscentral.com, www.gitcentral.com) • Delivering IT services through my company, Futureshock Research. • Teaching at CSU since 2002. • Undergraduate degree in Electrical and Computer Engineering, Masters in Information Systems, Masters in Knowlegde Management, PhD in Business Process Management and Knowledge Management. • Contact me at peter.dalmaris@gmail.com Sunday, 17 June 12
  7. History - UNIX and GNU • UNIX dominated the OS

    space since 1960. It was efficient, effective, but expensive. • An effort to produce an open-source UNIX-like OS begun by Richard Stallman in 1994, this was the GNU project beginnings. • A lot of software was written as part of the GNU project by the Free Software Foundation: compilers, text editors, a shell... Sunday, 17 June 12
  8. History - GNU is not an OS • ...but there

    were no complete kernel, device drivers, daemons etc. • Without these subsystems, GNU could not be completed as intended. Sunday, 17 June 12
  9. History - Linux fills the gap • In 1991 Linus

    Trovalds developed a replacement of MINIX teaching OS developed by Andrew S. Tanenbaum and released by Prentice-Hall. • This replacement became the Linux kernel. Version 0.12 of Linux was released in 1992. • At first, it operated in the Minix user space. • Linux kernel became the missing GNU kernel. Sunday, 17 June 12
  10. Sunday, 17 June 12

  11. Sunday, 17 June 12

  12. The cost of developing Linux Fedora 9 Sunday, 17 June

    12
  13. The cost of developing Linux Fedora 9 Linux kernel Sunday,

    17 June 12
  14. NCAR's newest supercomputer: On 12 July 2004, SCD took delivery

    of lightning, a new Linux cluster manufactured by IBM. The 1.1- teraflop system is now installed in the NCAR Computer Room Motorola RAZR², an advanced embedded system using embedded Linux The Nokia N810 features the Maemo Linux distribution,[2] based on Maemo 4.0, which features MicroB (a Mozilla-based mobile browser), a GPS navigation application, new media player, and a refreshed interface. The WRT54G is notable for being the first consumer- level network device that had its firmware source code released to satisfy the obligations of the GNU GPL. Ubuntu Linux on Macbook Pro Sunday, 17 June 12
  15. Ubuntu Linux • A good choice for both server and

    desktop distribution. • Free and well updated - new release every six months. • Security updates for 18 months - after that just upgrade to the latest version. • There are LTS versions with extended length support. Sunday, 17 June 12
  16. Ubuntu Linux server • Build on Debian, with reputation for

    robust server implementations. • Latest version is 9.04, based on kernel 2.6.28-11.37. • Out of the box support for cloud computing (Eucalyptus). • Mail server stack: SMTP, POP3, IMAP with TLS and SASL. Sunday, 17 June 12
  17. Ubuntu Linux server • Kernel-based virtual machine (KVM). • Microsoft

    Exchange support. • Simplified firewall. • etc. etc. Sunday, 17 June 12
  18. Desktop vs server Sunday, 17 June 12

  19. Getting started: installation • It makes sense to install servers

    on virtual machines: • Better use of existing hardware • Ease of maintenance and disaster recovery You can assign a Linux virtual machine to a single service, like a web server, email server etc. Keep things simple. Maintain a single Linux host and multiple guests. Sunday, 17 June 12
  20. Virtualisation Sunday, 17 June 12

  21. Option 1: Ubuntu server on VMware on any host •

    Download the server image from http:// www.ubuntu.com/getubuntu/download- server • Start Vmware • Create a new virtual machine using the image you just downloaded Sunday, 17 June 12
  22. Hands-on: Installation Directory Type FS Size Typical Size LAB /boot

    Primary Ext2 100MB 200MB /var LVM XFS 4GB 700MB /home LVM XFS 200GB 3GB / LVM Ext3 50GB 2GB swap LVM Swap 1GB 200MB Sample partitioning that separates critical portions of the hard drive. Sunday, 17 June 12
  23. Hands-on: Installation Directory Type FS Size Typical Size LAB /boot

    Primary Ext2 100MB 200MB /var LVM XFS 4GB 700MB /home LVM XFS 200GB 3GB / LVM Ext3 50GB 2GB swap LVM Swap 1GB 200MB Sample partitioning that separates critical portions of the hard drive. Sunday, 17 June 12
  24. Hands-on: Installation Directory Type FS Size Typical Size LAB /boot

    Primary Ext2 100MB 200MB /var LVM XFS 4GB 700MB /home LVM XFS 200GB 3GB / LVM Ext3 50GB 2GB swap LVM Swap 1GB 200MB Sample partitioning that separates critical portions of the hard drive. Sunday, 17 June 12
  25. Hands-on: Installation Directory Type FS Size Typical Size LAB /boot

    Primary Ext2 100MB 200MB /var LVM XFS 4GB 700MB /home LVM XFS 200GB 3GB / LVM Ext3 50GB 2GB swap LVM Swap 1GB 200MB Sample partitioning that separates critical portions of the hard drive. Sunday, 17 June 12
  26. Hands-on: Installation Directory Type FS Size Typical Size LAB /boot

    Primary Ext2 100MB 200MB /var LVM XFS 4GB 700MB /home LVM XFS 200GB 3GB / LVM Ext3 50GB 2GB swap LVM Swap 1GB 200MB Sample partitioning that separates critical portions of the hard drive. Sunday, 17 June 12
  27. Option 2: Linux guests to an Ubuntu host running KVM

    • KVM is the default virtualisation technology that ships with current versions of Ubuntu • Requires hardware with virtualisation extensions Sunday, 17 June 12
  28. One host, many guests Ubuntu host Ubuntu guest Windows guest

    Sunday, 17 June 12
  29. Install a guest #1 Can your hardware support KVM? egrep

    '(vmx|svm)' --color=always /proc/cpuinfo No output means no KVM support. Try checking virtualization settings in the BIOS. If there is support, install the required packages: $ sudo apt-get install kvm libvirt-bin ubuntu-vm- builder qemu bridge-utils virt-viewer • libvirt-bin provides libvirtd which you need to administer qemu and kvm instances using libvirt • kvm is the backend • ubuntu-vm-builder powerful command line tool for building virtual machines • bridge-utils provides a bridge from your network to the virtual machines Inspect the cpuinfo virtual file: Use the apt-get package manager: Sunday, 17 June 12
  30. Install guest #2 Add your user name to the libvirtd

    group $ sudo usermod -aG libvirtd `id -un` This will give you access to the system-wide libvirtd instance. Log out and in to make this effective. Test the installation is valid: $ virsh -c qemu:///system list Id Name State ---------------------------------- $ More about user management later. virsh is the main interface for managing guest domains Sunday, 17 June 12
  31. Install KVM #3 Run the KVM command as root to

    reveal problems, such as lack of hardware $ sudo kvm QEMU PC emulator version 0.9.1 (kvm-62), Copyright (c) 2003-2008 Fabrice Bellard usage: qemu [options] [disk_image] ... $ kvm command can be used to start guest machines directly. Sunday, 17 June 12
  32. Setup the virtual network #1 To enable network services to

    the VM and VM access to the outside world, we must configure bridge networking; The VM will access the network through the host’s physical network interface. 1. Install the bridge utility sudo apt-get install bridge-utils 2. Stop networking services sudo invoke-rc.d networking stop Sunday, 17 June 12
  33. Setup the virtual network #2 3. Edit /etc/network/ interfaces and

    add the br0 section: auto lo iface lo inet loopback auto eth0 iface eth0 inet manual auto br0 iface br0 inet static address 192.168.0.10 network 192.168.0.0 netmask 255.255.255.0 broadcast 192.168.0.255 gateway 192.168.0.1 bridge_ports eth0 bridge_stp off bridge_fd 0 bridge_maxwait 0 You may use DHCP instead of fixed values. Content of /etc/ network/ Sunday, 17 June 12
  34. Setup the virtual network #3 4. Restart networking services: sudo

    /etc/init.d/networking restart Sunday, 17 June 12
  35. Remote administration Sunday, 17 June 12

  36. Remote administration with SSH #1 • Ubuntu comes with an

    open source implementation of the SSH standard, called OpenSSH. • OpenSSH makes it possible to securely control a remote computer, and to transfer files. • To make this possible, we must install the sshd component on the server if not already installed. Sunday, 17 June 12
  37. Remote administration with SSH #2 Install the sshd component: sudo

    apt-get install openssh-server Install the client component: sudo apt-get install openssh-client Some OS’s, like Mac OS X, come with an SSH client build-in. In Windows, use Putty. Sunday, 17 June 12
  38. Remote administration with SSH #3 Connect: europa:~ peter$ ssh peter@192.168.178.126

    Local machine Remote machine Sunday, 17 June 12
  39. Remote administration with SSH #4 You can authenticate the client

    using its public key; then, you will not need to provide a password every time you want to connect. Create the client’s public key if one doesn’t exist already: ssh-keygen -t dsa This creates your key pair and stores it in ~/.ssh/. ssh-keygen is a key pair generator Sunday, 17 June 12
  40. Remote administration with SSH #5 Take the contents of the

    file in ~/.ssh/id_dsa.pub on the client, and paste it in the file ~/.ssh/ authorized_keys on the server. If the target file does not exist, create it. This is how authorized_keys may look like: $ cat authorized_keys ssh-dss AAAAB3NzaC1kc3MAAACBAPKXVOfOAXtN8USLGYWJ7eSvvmPOawSXq35v1xHlTYPBeYbcLD17saIL8Mv7qgb9YDlU 7qPSQgSlOupzWnS7NyXxY5o/G0Z55R7ELQe/MlsRllfdEgLJn/ o1ww97POqcwDNxtRH48Or2chS2nyJlRIrq4c4pIW71HX+TobuMiHk5AAAAFQD7OZHCLizY/ WaTML9pNm103Dv6ZQAAAIEArli/RfNDvFPMuusrzlSOWK8ZK++Vp0xfBRCx0eeT/HkijXNwBlMvmuOBn/ 1dKulHXaZhOCQ1657nF/6LvQF3QpJ7y6I3Ste5+d+YJIVlxXPPmawnkD0sAj2ExgchnsKL/VoL/ 2wvT9qSyaAvue9OAtY2jEN8V78RMR3Ftytg1SsAAACBAJlOJYWOXmKJzfple5dKq6NKJQzNcLgGKvvwZKwC2fe9gL6y GY +PoH6henBAApKWqUxtaTamZAjhmowZ2Mv0ST13jvaX9i8K0hjxfHP3l03OvCFcSLWxj3NeMnas7HSEgvRRwrohm51V HEHlu+U8GWd36E6AjjUzlcfreym5IRDv user1@user1-macbook-pro.local Sunday, 17 June 12
  41. Remote administration with SSH #6 europa:~ peter$ ssh peter@192.168.178.126 Connect

    just like before, there should be no request for your password: Local machine Remote machine Sunday, 17 June 12
  42. Upgrading Sunday, 17 June 12

  43. Upgrading To upgrade to the latest version of Ubuntu server,

    use the so-release-upgrade utility. First, update apt-get to acquire the latest package information: sudo apt-get update Then, install the upgrade utility: sudo apt-get install update-manager-core Finally, do the upgrade: do-release-upgrade Sunday, 17 June 12
  44. Updating installed packages Use the apt-get tool: sudo apt-get upgrade

    To automate package updates, use unattended- upgrades: sudo apt-get install unattended-upgrades Install the package: sudo vi /etc/apt/apt.conf.d/50unattended-upgrades ... and configure it: Unattended upgrade actions are logged in /var/log/unattended-upgrades. Add a Cron job to run /usr/bin/unattended-upgrade periodically. Sunday, 17 June 12
  45. User management Sunday, 17 June 12

  46. User management ๏ A critical aspect of server management. ๏In

    Ubuntu, the root user is disabled for safety. ๏Management tasks requiring root access can be completed by using the sudo command by a user who is in the “admin” group. ๏The user created during the installation process is added automatically to the admin group. Sunday, 17 June 12
  47. Adding and deleting users To add a user: sudo adduser

    username To delete a user (will retain the home directory): sudo deluser username To disable a user: sudo passwd -l username To enable a user: sudo passwd -u username Sunday, 17 June 12
  48. Creating and deleting groups To create a group: sudo addgroup

    groupname To delete a group: sudo delgroup groupname To add a user to a group: sudo adduser username groupname Sunday, 17 June 12
  49. User profiles By default, all new home directories are accessible

    by everyone. You can enforce non-default access rights to new home directories by editing /etc/ adduser.conf: The contents of this directory are modelled after the contents of /etc/skel. Change “DIRMODE=0755”to “DIRMODE=0750” Sunday, 17 June 12
  50. Password policy You can enforce strong user passwords by editing

    the password policy file /etc/pam.d/common-password. For example, to enforce a password with minimum 6 characters, edit the password line to look like this: password required pam_unix.so nullok obscure min=6 max=8 md5 Sunday, 17 June 12
  51. Password expiration To see the password expiry value for a

    user, use the “chage” command: sudo chage -l username To make changes: sudo chage username The chage tool is for changing password expiration date. Sunday, 17 June 12
  52. File system Sunday, 17 June 12

  53. File system A filesystem is responsible for managing data stored

    on a non-volatile storage device like hard disks, USB drives, DVDs etc. Most linux distros, including Ubuntu, use ext3 (“third extended filesystem”). Ubuntu 9.04 introduces experimental support for ext4. Sunday, 17 June 12
  54. Ext3 A journaling filesystem: logs changes in a journal to

    increase reliability in case of power failure or system crash. Sunday, 17 June 12
  55. Ext3 Not as fast as others, like JFS, ReiserFS and

    XFS, but wins in CPU utilization, reliability, and testing base. Sunday, 17 June 12
  56. Ext3 file limits ^ 8 KiB block size is only

    available on architectures which allow 8 KiB pages, such as Alpha. Sunday, 17 June 12
  57. Ext3 levels of journaling ❖Journal ❖Lowest risk, slowest ❖Metadata and

    files are written to the journal before being committed. ❖Ordered (default) ❖Medium risk, medium speed ❖Metadata are written to the journal only - ext3 guarantees file contents are written to disk before marked as committed in the journal. Beware of “intermediate state” problem! ❖Writeback ❖Highest risk, fastest ❖Metadata written in journal, no guarantee for file contents. Sunday, 17 June 12
  58. Ext4 ❖Adds 64-bit storage limits. ❖Volumes up to 1 exabyte.

    Files up to 16 terabytes. ❖Improved large file performance and reduced fragmentation. ❖Backwards compatible with ext2 and 3. ❖Journal cheksumming (not present in ext3). ❖Online defragmentation. ❖Timestamps in nanoseconds. Sunday, 17 June 12
  59. Files and directories Filesystems store data in files and directories.

    Filesystems are stored in disk partitions. You can configure partitions any way you like, but something like this is advisable: Sunday, 17 June 12
  60. fstab: static fs info cat /etc/fstab fstab is a text

    file that contains filesystem information Sunday, 17 June 12
  61. df: Partition utilization df -h df stands for “disk free”

    Sunday, 17 June 12
  62. Mount points mount mount -o remount, ro /usr mount -a

    Remount /usr in read only: Mount all fs in /etc/fstab: The mount command attaches a filesystem to a mount point Sunday, 17 June 12
  63. File & directory commands Command Description ls Lists the contents

    of a directory cd Change directory mkdir Create directory rmdir Remove directory cp Copy file mv Move file rm Remove file pwd Print the present working directory file Print the presumed type of a file chmod Change the permission attributes of a file Sunday, 17 June 12
  64. Networking Sunday, 17 June 12

  65. Networking Most networking is configured by editing two files: ❖/etc/network/interfaces

    ❖Ethernet, TCP/IP, bridging ❖/etc/resolv.conf ❖DNS Other networking files: ❖/etc/hosts ❖/etc/dhcp3/dhcpd.conf Sunday, 17 June 12
  66. /etc/network/interfaces Typical default contents: Directive Description auto Indicates the device

    should be setup at boot time. lo Loopback interface. iface “Interface”. eth0 Ethernet device 0, typically the primary network adaptor. inet Indicates network adaptor has an IPv4 address space. dhcp Network adaptor gets its configuration from a DHCP server. Sunday, 17 June 12
  67. /etc/network/interfaces Good practice: fix your server’s IP address. Directive Description

    static Indicates the adaptor uses fixed IP configuration. address The IP address of the host. netmask Network subnet mask. gateway Gateway address. network The network portion of the IP address. nameserver The IP of a DNS. For static interfaces, you may also need to edit /etc/resolv.conf to specify DNS servers. Sunday, 17 June 12
  68. /etc/hosts Ubuntu refers to this file to resolve host names

    before contacting a DNS. Good for frequently used hostnames, or internal network hosts. Sunday, 17 June 12
  69. Network useful commands Command Description ping Test that an internet

    host is reachable. ifconfig Administer a TCP/IP network interface. sudo /etc/init.d/ networking stop, start, restart as arguments; controls network status. route Examine and configure the host’s routing table. Sunday, 17 June 12
  70. Backup Sunday, 17 June 12

  71. Backup “Failing to plan is planning to fail” It is

    a matter of time before you experience system failure on your server. When that happens, it is nice to have a backup. Sunday, 17 June 12
  72. What is a backup? ... to keep multiple historical versions

    of your data going back far enough in time to enable recovery from a small or big disaster. Sunday, 17 June 12
  73. Types of backup ❖Full - Backup the complete data set

    ❖Incremental - Backup only changes since last backup Periodic backup ❖Daily - Hold for the short term ❖Weekly - Hold for the medium term ❖Monthly - Hold for the long term Sunday, 17 June 12
  74. Backup using a shell script #!/bin/sh #################################### # # Backup

    to NFS mount script. # #################################### # What to backup. backup_files="/home /var/spool/mail /etc /root /boot /opt" # Where to backup to. dest="/mnt/backup" # Create archive filename. day=$(date +%A) hostname=$(hostname -s) archive_file="$hostname-$day.tgz" # Print start status message. echo "Backing up $backup_files to $dest/$archive_file" date echo # Backup the files using tar. tar czf $dest/$archive_file $backup_files # Print end status message. echo echo "Backup finished" date # Long listing of files in $dest to check file sizes. ls -lh $dest This script rotates through 7 backups - one for each day. A modification can allow for rotation of daily, weekly, and monthly backups. Sunday, 17 June 12
  75. Automating with cron Cron is used to schedule the execution

    of scripts. We will look at it in more detail later. # m h dom mon dow command 0 0 * * * bash /usr/local/bin/backup.sh crontab -e To enter the cron job editor To run the backup script every day of every month of every year, at midnight Sunday, 17 June 12
  76. Restoring Use tar to test the integrity of an archive,

    or to extract its contents. tar -tzvf /mnt/backup/host-Monday.tgz To list the contents of the archive tar -xzvf /mnt/backup/host-Monday.tgz - C /tmp etc/hosts To extract a file from the archive tar -xzvf /mnt/backup/host-Monday.tgz To extract the full contents of the archive Sunday, 17 June 12
  77. ...or, specialised backup utilities Such as Bacula, still open-source. Sunday,

    17 June 12
  78. Server software Sunday, 17 June 12

  79. Servers, servers, servers Most useful work on a server is

    done by some kind of server software: ❖Web (i.e. Apache) ❖Database (MySQL) ❖Application (LAMP - i.e Moin Moin) ❖FTP (i.e. vsftpd) ❖Network File System ❖Email (i.e. Postfix) ❖Etc. Sunday, 17 June 12
  80. Web servers Sunday, 17 June 12

  81. Web server Lot’s of choices for open source web servers.

    ❖Apache ❖LightTPD (YouTube, Meebo, Wikipedia) ❖Nginx ❖Roxen Sunday, 17 June 12
  82. Apache: history and Apache has been around for ever (at

    least since the begining of the known time, when the web was invented): ❖powers 100 million websites (early 2009), over 46% of total ❖Most popular web server since 1996 ❖Lineage going back to NCSA HTTPd ❖Comprehensive set of features - you want it, it has it. Sunday, 17 June 12
  83. Installing Apache sudo apt-get install apache2 Apache is installed in

    /etc/apache2. Sunday, 17 June 12
  84. Installing Apache sudo apt-get install apache2 Apache is installed in

    /etc/apache2. File/Directory Description apache2.conf The main Apache2 configuration file. Contains settings that are global to Apache2. conf.d Contains configuration files which apply globally to Apache. Other packages that use Apache2 to serve content may add files, or symlinks, to this directory. envars File where Apache2 environment variables are set. httpd.conf Historically the main Apache2 configuration file, named after the httpd daemon.The file can be used for user specific configuration options that globally effect Apache2. mods-available This directory contains configuration files to both load modules and configure them. mods-enabled Holds symlinks to the files in /etc/apache2/mods-available. ports.conf Houses the directives that determine which TCP ports Apache2 is listening on. sites-available This directory has configuration files for Apache Virtual Hosts.Virtual Hosts allow Apache2 to be configured for multiple sites that have separate configurations. sites-enabled Like mods-enabled, sites-enabled contains symlinks to the /etc/apache2/sites-available directory. Similarly when a configuration file in sites-available is symlinked it will beactive once Apache is restarted. Sunday, 17 June 12
  85. Works immediately Sunday, 17 June 12

  86. /etc/apache2/sites- available/site_name Sunday, 17 June 12

  87. /etc/apache2/sites- available/site_name <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www <Directory />

    Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined </VirtualHost> Sunday, 17 June 12
  88. /etc/apache2/sites- available/site_name <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www <Directory />

    Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined </VirtualHost> Port number of site Sunday, 17 June 12
  89. /etc/apache2/sites- available/site_name <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www <Directory />

    Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined </VirtualHost> Port number of site Email of webmaster Sunday, 17 June 12
  90. /etc/apache2/sites- available/site_name <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www <Directory />

    Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined </VirtualHost> Port number of site Email of webmaster Root directory of site files Sunday, 17 June 12
  91. /etc/apache2/sites- available/site_name <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www <Directory />

    Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined </VirtualHost> Port number of site Email of webmaster Root directory of site files Static files block Sunday, 17 June 12
  92. /etc/apache2/sites- available/site_name <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www <Directory />

    Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined </VirtualHost> Port number of site Email of webmaster Root directory of site files Static files block Static files block Sunday, 17 June 12
  93. /etc/apache2/sites- available/site_name <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www <Directory />

    Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined </VirtualHost> Port number of site Email of webmaster Root directory of site files Static files block Static files block Error log file Sunday, 17 June 12
  94. /etc/apache2/sites- available/site_name <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www <Directory />

    Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined </VirtualHost> Port number of site Email of webmaster Root directory of site files Static files block Static files block Error log file Access log file Sunday, 17 June 12
  95. Multiple sites Apache supports multiple sites on the same machine.

    Assign sites by port number, sub-domain, directory name, or any combination of the above. sudo /etc/init.d/apache2 restart After any configuration changes, restart Apache Sunday, 17 June 12
  96. Modules There are many modules that provide additional functionality. These

    modules can be installed and loaded dynamically. sudo apt-get install libapache2-mod-auth- mysql Installs the MySQL authentication module sudo a2enmode auth_mysql sudo /etc/init.d/apache2 restart Enables the new module and restarts apache Sunday, 17 June 12
  97. Apache: depth and breadth Sunday, 17 June 12

  98. Databases Sunday, 17 June 12

  99. Database server: mySQL “The world’s most popular open-source database”* *http://www.mysql.com/

    Yahoo, Google, Alcatel, Nokia, Youtube 25% market share (EDC research) Sunday, 17 June 12
  100. MySQL features ❖Cross-platform compatible ❖Libraries for all major programming languages

    ❖Many administration choices, command line, web- based, GUIs ❖Stored procedures ❖Triggers ❖Cursors ❖Selection of storage engines (innoDB, Berkeley, etc.) ❖Replication ❖ACID compliance with innoDB, DBD, Cluster engines. ❖Full-text indexing ❖Open-source! Sunday, 17 June 12
  101. Mysql installation sudo apt-get install mysql-server Installs the MySQL authentication

    module sudo netstat -tap | grep mysql After installation, check mysql deamon is running sudo /etc/init.d/mysql restart To restart: sudo vi /etc/mysql/my.cnf To configure: Sunday, 17 June 12
  102. Create a new database and user mysql -u root -p

    Log on as root (asks for password): create database myDB; Create a new database: grant all privileges on myDB.* to ‘newuser’@‘localhost’identified by ‘newpassword’with grant option; Create a new user for the new database: exit; mysql -u newuser -p #asks for password use myDB; To verify this worked, exit and logon as the new user (no error messages mean all good): Sunday, 17 June 12
  103. LAMP Sunday, 17 June 12

  104. LAMP Linux Apache MySQL Php A popular configuration for Linux

    servers. LAMP applications are packaged in a way that makes it easy to install and manage. Sunday, 17 June 12
  105. LAMP example: Moin Moin Moin Moin is a Python-based wiki

    engine. sudo apt-get install python-moinmoin Install Moin Moin (expects Apache 2 already installed): cd /usr/share/moin sudo mkdir mywiki sudo cp -R data mywiki sudo cp -R underlay mywiki sudo cp server/moin.cgi mywiki sudo chown -R www-data.www-data mywiki sudo chmod -R ug+rwX mywiki sudo chmod -R o-rwx mywiki Prepare the Moin Moin directory: Sunday, 17 June 12
  106. Configure Moin Moin data_dir = '/usr/share/moin/mywiki/data' Edit /etc/moin/mywiki.py data_underlay_dir='/usr/share/moin/mywiki/ underlay'

    In the next line, insert: ### moin ScriptAlias /mywiki "/usr/share/moin/mywiki/moin.cgi" alias /moin_static181 "/usr/share/moin/htdocs" <Directory /usr/share/moin/htdocs> Order allow,deny allow from all </Directory> ### end moin Configure Apache; add the following lines in /etc/apache2/ sites-available/default file inside the “<VirtualHost *>” tag: sudo /etc/init.d/mysql restart Restart: Sunday, 17 June 12
  107. Test it... Browse to http://localhost/mywiki Sunday, 17 June 12

  108. FTP Sunday, 17 June 12

  109. FTP A simple way to transfer files between computers. Many

    open source FTP servers available on Linux: ❖ vsftp ❖ Filezilla ❖ Pure-ftpd ❖ NASLite ❖ wu-ftpd ❖ etc. Sunday, 17 June 12
  110. Install vsftp “Probably the most secure and fastest FTP server

    for UNIX-like systems.” http://vsftpd.beasts.org/ sudo apt-get install vsftpd Install it: Sunday, 17 June 12
  111. Install vsftp “Probably the most secure and fastest FTP server

    for UNIX-like systems.” http://vsftpd.beasts.org/ sudo apt-get install vsftpd Install it: Put your files here to make them available to FTP clients Sunday, 17 June 12
  112. Connect to the FTP server Sunday, 17 June 12

  113. Connect to the FTP server Anonymous connection Sunday, 17 June

    12
  114. Connect to the FTP server Anonymous connection Download to local

    machine Sunday, 17 June 12
  115. Connect to the FTP server Anonymous connection Download to local

    machine Download completed Sunday, 17 June 12
  116. Secure FTP ... local_enable=YES write_enable=YES ... Edit /etc/vsftpd.conf: Now vsftpd

    will ask for the user’s password and will start at their home directories. Sunday, 17 June 12
  117. NFS Allows for server files and directories to be available

    to remote clients as if they were local. sudo apt-get install nfs-kernel-server Install it: Sunday, 17 June 12
  118. NFS Allows for server files and directories to be available

    to remote clients as if they were local. sudo apt-get install nfs-kernel-server Install it: Set directories to be exported here: Sunday, 17 June 12
  119. Export a directory Sunday, 17 June 12

  120. Export a directory Export the /home directory to client with

    IP 192.168.178.20: Connect to the NSF export: Use as if it is local Sunday, 17 June 12
  121. Email Sunday, 17 June 12

  122. Email services: Postfix The default Mail Transfer Agent (MTA) for

    Ubuntu Rich set of features: ❖Protocols: ❖SMTP ❖DKIM ❖DSN status ❖ETRN ❖IPv6 ❖SASL authentication ❖TLS encryption/authoentication ❖QMQP ❖Junk mail control ❖Databases: ❖Berkley ❖CDB ❖LDAP ❖MySQL ❖PostgreSQL ❖Mailbox and Maildir formats ❖Virtual domains ❖Address masquarading ❖Selective address rewritting ❖VERP envelope return address Sunday, 17 June 12
  123. Postfix installation sudo apt-get install postfix Install it: The configuration

    screens will come up as part of the installation. sudo dpkg-reconfigure postfix To reconfigure at a later time: sudo apt-get install postfix Install it: Or, you can edit the Postfix configuration file /etc/ postfix/main.cf. After editing, restart: Sunday, 17 June 12
  124. Postfix configuration Sample values: ❖Internet Site ❖mail.example.com ❖peter ❖mail.example.com, localhost.localdomain,

    localhost ❖No ❖127.0.0.0/8 [::ffff:127.0.0.0]/104 [:: 1]/128 192.168.0/24 ❖0 ❖+ ❖all Check sources such as these for details on configuration: ❖http://flurdy.com/docs/postfix/ ❖http://ubuntuforums.org/ showthread.php?t=780509 ❖http://en.wikipedia.org/wiki/ Email#Workings Sunday, 17 June 12
  125. SMTP authentication Allows a client to identify itself. Once authenticated,

    the SMTP server will allow the client to relay mail. Configuration for SMTP-AUTH is done with the Dovecot package: sudo apt-get install dovecot-postfix Install it: In production, you will need to configure the SSL certificate and key to be used with authentication and encryption. Sunday, 17 June 12
  126. Test by sending yourself an email sudo apt-get install nail

    Install nail, a command line emailer: Sunday, 17 June 12
  127. Firewall Sunday, 17 June 12

  128. Firewall The Linux kernel includes the Netfilter subsystem: controls network

    traffic in/out. Linux firewalls utilise Netfilter. The administrator tells Netfilter how to treat data packets by configuring rules in iptables, a configuration file. In Ubuntu, we use ufw as a configuration tool for iptables. Sunday, 17 June 12
  129. ufw “the friendly way to create a firewall” ufw: Ucomplicated

    firewall sudo apt-get install ufw Install ufw: Enable ufw and restart the server to take effect: You will not be able to restore the SSH connection until you configure ufw to allow SSH traffic: sudo ufw allow 22 sudo ufw deny 22 or Sunday, 17 June 12
  130. ufw, examples of rules sudo ufw delete deny 22 Delete

    a rule: sudo ufw allow proto tcp from 192.168.0.2 to any port 22 Allow access from a host to port 22 of any IP address on this host: sudo ufw allow http Allow all HTTP traffic: Use --dry-run to show the rule corresponding to a directive: Sunday, 17 June 12
  131. ufw, examples of rules sudo ufw disable Disable the firewall:

    sudo ufw status See status: sudo ufw status verbose See detailed status: Application integration, predefined rules. Apply like this “sudo ufw allow Postfix” and “sudo ufw app info Postfix” to view rule details: Sunday, 17 June 12
  132. Software management Sunday, 17 June 12

  133. Package management Over 24,000 software packages for Ubuntu. It is

    a good idea to use a package manager to maintain those installed on your server.: ❖Install ❖Remove ❖Resolve dependencies ❖Compile ❖Upgrade Ubuntu is supported by apt-get, aptitude. Most packages are supported by both, so your choice. Sunday, 17 June 12
  134. apt A collection of tools, not a single tool. apt-get

    is the most important tool. Used for tasks like: ❖Update the index files from their source ❖Upgrade all installed packages ❖Install a package ❖Remove installed package ❖Source code fetching ❖Build dependencies ❖Checks for broken dependencies ❖Clean the local repository ❖Autoclean only files in the local repository that can no longer be downloaded and are considered useless. Sunday, 17 June 12
  135. Using apt-get sudo apt-get install nmap Install a package named

    “nmap”: Already installed, ready to use. sudo apt-get remove nmap Remove a package named “nmap”: sudo apt-get update Update the apt index (the repositories are listed in /etc/apt/ sources.list): sudo apt-get upgrade Upgrade all packages installed: All actions are recorded in /var/log/dpkg.log Sunday, 17 June 12
  136. Automatic updates The “unattended-upgrades” package can automatically install updated packages.

    sudo apt-get install unattended-upgrades Install it: Define the type of upgrades in / etc/apt/apt.conf.d/50unattended- upgrades All actions are recorded in /var/log/unattended- upgrades Sunday, 17 June 12
  137. Windows connectivity Sunday, 17 June 12

  138. Windows connectivity Works as: ❖File server ❖Printer server (including PDF)

    ❖Domain controller in Windows networks ❖Authentication ... for Windows clients Sunday, 17 June 12
  139. Samba installation For Windows XP and later clients, there is

    nothing to install. For the Linux server: sudo apt-get install samba Install Samba: Sunday, 17 June 12
  140. Samba configuration To define a share (in this example, the

    home folders), edit the /etc/samba/smb.cnf file: [homes] comment = Home Directories browseable = yes read only =no create mask = 0775 directory mask = 0775 valid users = %S Make home directories shared, browsable, read-write: Define the password for a share user: sudo /etc/init.d/samba reload Reload Samba configuration: Sunday, 17 June 12
  141. Access share from Windows Sunday, 17 June 12

  142. Other Samba capabilities We just saw the most basic capability

    of Samba. Other things you can do: ❖Sharing CUPS printers ❖Various security issues ❖Active Directory integration, including Kerberos authentication ❖Database integration for user information ❖LDAP integration ❖Domain controller or client ❖WINS ❖Remote and local management Sunday, 17 June 12
  143. Scheduling Sunday, 17 June 12

  144. Scheduling with cron Cron is the standard job scheduler for

    Unix. Cron stands for “cronograph”. Every user can specify scripts or programs to run at specific time intervals in a text file called “crontab”. Sunday, 17 June 12
  145. Example crontab file crontab -e Access/edit crontab file: Schedule Script

    to run Redirect output Sunday, 17 June 12
  146. Example crontab file crontab -e Access/edit crontab file: Schedule Script

    to run Redirect output Sunday, 17 June 12
  147. Example crontab file crontab -e Access/edit crontab file: Schedule Script

    to run Redirect output Sunday, 17 June 12
  148. cron job definition * * * * * command to

    execute Sunday, 17 June 12
  149. cron job definition * * * * * command to

    execute Day of week (0:Sunday to 7) Sunday, 17 June 12
  150. cron job definition * * * * * command to

    execute Day of week (0:Sunday to 7) Month (1 - 12) Sunday, 17 June 12
  151. cron job definition * * * * * command to

    execute Day of week (0:Sunday to 7) Month (1 - 12) Day of month (1 - 31) Sunday, 17 June 12
  152. cron job definition * * * * * command to

    execute Day of week (0:Sunday to 7) Month (1 - 12) Day of month (1 - 31) Hour (0 - 23) Sunday, 17 June 12
  153. cron job definition * * * * * command to

    execute Day of week (0:Sunday to 7) Month (1 - 12) Day of month (1 - 31) Hour (0 - 23) Minute (0 - 59) Sunday, 17 June 12
  154. cron shortcuts Entry Description Equivalent @reboot Run once at starttup

    - @yearly Run once a year 0 0 1 1 * @annually Same as @yearly 0 0 1 1 * @monthly Run once a month 0 0 1 * * @weekly Run once a week 0 0 * * 0 @daily Run once a day 0 0 * * * @midnight Same as @daily 0 0 * * * @hourly Run once every hour 0 * * * * Sunday, 17 June 12
  155. Web-based administration Sunday, 17 June 12

  156. Webmin: web based server Open source interface for system administration

    based on modules: ❖User management ❖Apache ❖MySQL ❖OpenSSH ❖DNS ❖File sharing ❖etc. Sunday, 17 June 12
  157. Webmin installation and configuration wget http://prdownloads.sourceforge.net/webadmin/ webmin_1.500_all.deb dpkg --install webmin_1.500_all.deb

    Get required deb file and install it: Sunday, 17 June 12
  158. Access Webmin https://serverIP:10000 Webmin modules Statistics Sunday, 17 June 12

  159. Access Webmin https://serverIP:10000 Webmin modules Statistics Sunday, 17 June 12

  160. Access Webmin https://serverIP:10000 Webmin modules Statistics Sunday, 17 June 12

  161. Access Webmin https://serverIP:10000 Webmin modules Statistics Sunday, 17 June 12

  162. Vim Sunday, 17 June 12

  163. Vim: universal Unix editor Sunday, 17 June 12

  164. Vim and vi Vim is an improved version of vi,

    the stock-standard text editor for Unix and Linux systems. sudo apt-get install vim Install vim vim filename start vim Use commands expressed by keystrokes to control vim (see cheat sheet in next slide). Sunday, 17 June 12
  165. Vim cheat sheet Sunday, 17 June 12

  166. Go on and build your server. Notes and videos available

    at http://blog.futureshock-ed.com. A discussion group available at http://groups.google.com/group/linux-alumni Any feedback appreciated. Have fun and stay in touch! Sunday, 17 June 12