A Linux server administration tutorial for beginners

Slide 1

Slide 1 text

A Linux 1-day workshop Presented by Peter Dalmaris Sunday, 17 June 12

Slide 2

Slide 2 text

About this workshop • No prior knowledge of Linux necessary • Lots of Linux ﬂavours, we concentrate on Ubuntu • Server, not desktop edition • 9am to 5pm with a couple of breaks Sunday, 17 June 12

Slide 3

Slide 3 text

About this workshop Sunday, 17 June 12

Slide 4

Slide 4 text

Slide 5

Slide 5 text

About this workshop ๏ Start with some history and architecture ๏ Virtual Machines, installation ๏ Remote access ๏ User management ๏ File system ๏ Networking (including Samba) ๏ Backing up ๏ Server software ๏Software management: installing, removing, updating ๏Scheduling jobs through cron ๏Vim ๏Webmin ๏Rsync ๏...and anything else we can ﬁt in Sunday, 17 June 12

Slide 6

Slide 6 text

About me • Working with Linux for over 10 years • Administrator for two public web applications running on Ubuntu Linux 8.10 and 9.04 (www.trackscentral.com, www.gitcentral.com) • Delivering IT services through my company, Futureshock Research. • Teaching at CSU since 2002. • Undergraduate degree in Electrical and Computer Engineering, Masters in Information Systems, Masters in Knowlegde Management, PhD in Business Process Management and Knowledge Management. • Contact me at [email protected] Sunday, 17 June 12

Slide 7

Slide 7 text

History - UNIX and GNU • UNIX dominated the OS space since 1960. It was efﬁcient, effective, but expensive. • An effort to produce an open-source UNIX-like OS begun by Richard Stallman in 1994, this was the GNU project beginnings. • A lot of software was written as part of the GNU project by the Free Software Foundation: compilers, text editors, a shell... Sunday, 17 June 12

Slide 8

Slide 8 text

History - GNU is not an OS • ...but there were no complete kernel, device drivers, daemons etc. • Without these subsystems, GNU could not be completed as intended. Sunday, 17 June 12

Slide 9

Slide 9 text

History - Linux ﬁlls the gap • In 1991 Linus Trovalds developed a replacement of MINIX teaching OS developed by Andrew S. Tanenbaum and released by Prentice-Hall. • This replacement became the Linux kernel. Version 0.12 of Linux was released in 1992. • At ﬁrst, it operated in the Minix user space. • Linux kernel became the missing GNU kernel. Sunday, 17 June 12

Slide 10

Slide 10 text

Sunday, 17 June 12

Slide 11

Slide 11 text

Sunday, 17 June 12

Slide 12

Slide 12 text

The cost of developing Linux Fedora 9 Sunday, 17 June 12

Slide 13

Slide 13 text

The cost of developing Linux Fedora 9 Linux kernel Sunday, 17 June 12

Slide 14

Slide 14 text

NCAR's newest supercomputer: On 12 July 2004, SCD took delivery of lightning, a new Linux cluster manufactured by IBM. The 1.1- teraflop system is now installed in the NCAR Computer Room Motorola RAZR², an advanced embedded system using embedded Linux The Nokia N810 features the Maemo Linux distribution,[2] based on Maemo 4.0, which features MicroB (a Mozilla-based mobile browser), a GPS navigation application, new media player, and a refreshed interface. The WRT54G is notable for being the first consumer- level network device that had its firmware source code released to satisfy the obligations of the GNU GPL. Ubuntu Linux on Macbook Pro Sunday, 17 June 12

Slide 15

Slide 15 text

Ubuntu Linux • A good choice for both server and desktop distribution. • Free and well updated - new release every six months. • Security updates for 18 months - after that just upgrade to the latest version. • There are LTS versions with extended length support. Sunday, 17 June 12

Slide 16

Slide 16 text

Ubuntu Linux server • Build on Debian, with reputation for robust server implementations. • Latest version is 9.04, based on kernel 2.6.28-11.37. • Out of the box support for cloud computing (Eucalyptus). • Mail server stack: SMTP, POP3, IMAP with TLS and SASL. Sunday, 17 June 12

Slide 17

Slide 17 text

Ubuntu Linux server • Kernel-based virtual machine (KVM). • Microsoft Exchange support. • Simpliﬁed ﬁrewall. • etc. etc. Sunday, 17 June 12

Slide 18

Slide 18 text

Desktop vs server Sunday, 17 June 12

Slide 19

Slide 19 text

Getting started: installation • It makes sense to install servers on virtual machines: • Better use of existing hardware • Ease of maintenance and disaster recovery You can assign a Linux virtual machine to a single service, like a web server, email server etc. Keep things simple. Maintain a single Linux host and multiple guests. Sunday, 17 June 12

Slide 20

Slide 20 text

Virtualisation Sunday, 17 June 12

Slide 21

Slide 21 text

Option 1: Ubuntu server on VMware on any host • Download the server image from http:// www.ubuntu.com/getubuntu/download- server • Start Vmware • Create a new virtual machine using the image you just downloaded Sunday, 17 June 12

Slide 22

Slide 22 text

Hands-on: Installation Directory Type FS Size Typical Size LAB /boot Primary Ext2 100MB 200MB /var LVM XFS 4GB 700MB /home LVM XFS 200GB 3GB / LVM Ext3 50GB 2GB swap LVM Swap 1GB 200MB Sample partitioning that separates critical portions of the hard drive. Sunday, 17 June 12

Slide 23

Slide 23 text

Slide 24

Slide 24 text

Slide 25

Slide 25 text

Slide 26

Slide 26 text

Slide 27

Slide 27 text

Option 2: Linux guests to an Ubuntu host running KVM • KVM is the default virtualisation technology that ships with current versions of Ubuntu • Requires hardware with virtualisation extensions Sunday, 17 June 12

Slide 28

Slide 28 text

One host, many guests Ubuntu host Ubuntu guest Windows guest Sunday, 17 June 12

Slide 29

Slide 29 text

Install a guest #1 Can your hardware support KVM? egrep '(vmx|svm)' --color=always /proc/cpuinfo No output means no KVM support. Try checking virtualization settings in the BIOS. If there is support, install the required packages: $ sudo apt-get install kvm libvirt-bin ubuntu-vm- builder qemu bridge-utils virt-viewer • libvirt-bin provides libvirtd which you need to administer qemu and kvm instances using libvirt • kvm is the backend • ubuntu-vm-builder powerful command line tool for building virtual machines • bridge-utils provides a bridge from your network to the virtual machines Inspect the cpuinfo virtual ﬁle: Use the apt-get package manager: Sunday, 17 June 12

Slide 30

Slide 30 text

Install guest #2 Add your user name to the libvirtd group $ sudo usermod -aG libvirtd `id -un` This will give you access to the system-wide libvirtd instance. Log out and in to make this effective. Test the installation is valid: $ virsh -c qemu:///system list Id Name State ---------------------------------- $ More about user management later. virsh is the main interface for managing guest domains Sunday, 17 June 12

Slide 31

Slide 31 text

Install KVM #3 Run the KVM command as root to reveal problems, such as lack of hardware $ sudo kvm QEMU PC emulator version 0.9.1 (kvm-62), Copyright (c) 2003-2008 Fabrice Bellard usage: qemu [options] [disk_image] ... $ kvm command can be used to start guest machines directly. Sunday, 17 June 12

Slide 32

Slide 32 text

Setup the virtual network #1 To enable network services to the VM and VM access to the outside world, we must conﬁgure bridge networking; The VM will access the network through the host’s physical network interface. 1. Install the bridge utility sudo apt-get install bridge-utils 2. Stop networking services sudo invoke-rc.d networking stop Sunday, 17 June 12

Slide 33

Slide 33 text

Setup the virtual network #2 3. Edit /etc/network/ interfaces and add the br0 section: auto lo iface lo inet loopback auto eth0 iface eth0 inet manual auto br0 iface br0 inet static address 192.168.0.10 network 192.168.0.0 netmask 255.255.255.0 broadcast 192.168.0.255 gateway 192.168.0.1 bridge_ports eth0 bridge_stp off bridge_fd 0 bridge_maxwait 0 You may use DHCP instead of ﬁxed values. Content of /etc/ network/ Sunday, 17 June 12

Slide 34

Slide 34 text

Setup the virtual network #3 4. Restart networking services: sudo /etc/init.d/networking restart Sunday, 17 June 12

Slide 35

Slide 35 text

Remote administration Sunday, 17 June 12

Slide 36

Slide 36 text

Remote administration with SSH #1 • Ubuntu comes with an open source implementation of the SSH standard, called OpenSSH. • OpenSSH makes it possible to securely control a remote computer, and to transfer ﬁles. • To make this possible, we must install the sshd component on the server if not already installed. Sunday, 17 June 12

Slide 37

Slide 37 text

Remote administration with SSH #2 Install the sshd component: sudo apt-get install openssh-server Install the client component: sudo apt-get install openssh-client Some OS’s, like Mac OS X, come with an SSH client build-in. In Windows, use Putty. Sunday, 17 June 12

Slide 38

Slide 38 text

Remote administration with SSH #3 Connect: europa:~ peter$ ssh [email protected] Local machine Remote machine Sunday, 17 June 12

Slide 39

Slide 39 text

Remote administration with SSH #4 You can authenticate the client using its public key; then, you will not need to provide a password every time you want to connect. Create the client’s public key if one doesn’t exist already: ssh-keygen -t dsa This creates your key pair and stores it in ~/.ssh/. ssh-keygen is a key pair generator Sunday, 17 June 12

Slide 40

Slide 40 text

Remote administration with SSH #5 Take the contents of the file in ~/.ssh/id_dsa.pub on the client, and paste it in the file ~/.ssh/ authorized_keys on the server. If the target file does not exist, create it. This is how authorized_keys may look like: $ cat authorized_keys ssh-dss AAAAB3NzaC1kc3MAAACBAPKXVOfOAXtN8USLGYWJ7eSvvmPOawSXq35v1xHlTYPBeYbcLD17saIL8Mv7qgb9YDlU 7qPSQgSlOupzWnS7NyXxY5o/G0Z55R7ELQe/MlsRllfdEgLJn/ o1ww97POqcwDNxtRH48Or2chS2nyJlRIrq4c4pIW71HX+TobuMiHk5AAAAFQD7OZHCLizY/ WaTML9pNm103Dv6ZQAAAIEArli/RfNDvFPMuusrzlSOWK8ZK++Vp0xfBRCx0eeT/HkijXNwBlMvmuOBn/ 1dKulHXaZhOCQ1657nF/6LvQF3QpJ7y6I3Ste5+d+YJIVlxXPPmawnkD0sAj2ExgchnsKL/VoL/ 2wvT9qSyaAvue9OAtY2jEN8V78RMR3Ftytg1SsAAACBAJlOJYWOXmKJzfple5dKq6NKJQzNcLgGKvvwZKwC2fe9gL6y GY +PoH6henBAApKWqUxtaTamZAjhmowZ2Mv0ST13jvaX9i8K0hjxfHP3l03OvCFcSLWxj3NeMnas7HSEgvRRwrohm51V HEHlu+U8GWd36E6AjjUzlcfreym5IRDv [email protected] Sunday, 17 June 12

Slide 41

Slide 41 text

Remote administration with SSH #6 europa:~ peter$ ssh [email protected] Connect just like before, there should be no request for your password: Local machine Remote machine Sunday, 17 June 12

Slide 42

Slide 42 text

Upgrading Sunday, 17 June 12

Slide 43

Slide 43 text

Upgrading To upgrade to the latest version of Ubuntu server, use the so-release-upgrade utility. First, update apt-get to acquire the latest package information: sudo apt-get update Then, install the upgrade utility: sudo apt-get install update-manager-core Finally, do the upgrade: do-release-upgrade Sunday, 17 June 12

Slide 44

Slide 44 text

Updating installed packages Use the apt-get tool: sudo apt-get upgrade To automate package updates, use unattended- upgrades: sudo apt-get install unattended-upgrades Install the package: sudo vi /etc/apt/apt.conf.d/50unattended-upgrades ... and conﬁgure it: Unattended upgrade actions are logged in /var/log/unattended-upgrades. Add a Cron job to run /usr/bin/unattended-upgrade periodically. Sunday, 17 June 12

Slide 45

Slide 45 text

User management Sunday, 17 June 12

Slide 46

Slide 46 text

User management ๏ A critical aspect of server management. ๏In Ubuntu, the root user is disabled for safety. ๏Management tasks requiring root access can be completed by using the sudo command by a user who is in the “admin” group. ๏The user created during the installation process is added automatically to the admin group. Sunday, 17 June 12

Slide 47

Slide 47 text

Adding and deleting users To add a user: sudo adduser username To delete a user (will retain the home directory): sudo deluser username To disable a user: sudo passwd -l username To enable a user: sudo passwd -u username Sunday, 17 June 12

Slide 48

Slide 48 text

Creating and deleting groups To create a group: sudo addgroup groupname To delete a group: sudo delgroup groupname To add a user to a group: sudo adduser username groupname Sunday, 17 June 12

Slide 49

Slide 49 text

User proﬁles By default, all new home directories are accessible by everyone. You can enforce non-default access rights to new home directories by editing /etc/ adduser.conf: The contents of this directory are modelled after the contents of /etc/skel. Change “DIRMODE=0755”to “DIRMODE=0750” Sunday, 17 June 12

Slide 50

Slide 50 text

Password policy You can enforce strong user passwords by editing the password policy ﬁle /etc/pam.d/common-password. For example, to enforce a password with minimum 6 characters, edit the password line to look like this: password required pam_unix.so nullok obscure min=6 max=8 md5 Sunday, 17 June 12

Slide 51

Slide 51 text

Password expiration To see the password expiry value for a user, use the “chage” command: sudo chage -l username To make changes: sudo chage username The chage tool is for changing password expiration date. Sunday, 17 June 12

Slide 52

Slide 52 text

File system Sunday, 17 June 12

Slide 53

Slide 53 text

File system A ﬁlesystem is responsible for managing data stored on a non-volatile storage device like hard disks, USB drives, DVDs etc. Most linux distros, including Ubuntu, use ext3 (“third extended ﬁlesystem”). Ubuntu 9.04 introduces experimental support for ext4. Sunday, 17 June 12

Slide 54

Slide 54 text

Ext3 A journaling ﬁlesystem: logs changes in a journal to increase reliability in case of power failure or system crash. Sunday, 17 June 12

Slide 55

Slide 55 text

Ext3 Not as fast as others, like JFS, ReiserFS and XFS, but wins in CPU utilization, reliability, and testing base. Sunday, 17 June 12

Slide 56

Slide 56 text

Ext3 ﬁle limits ^ 8 KiB block size is only available on architectures which allow 8 KiB pages, such as Alpha. Sunday, 17 June 12

Slide 57

Slide 57 text

Ext3 levels of journaling ❖Journal ❖Lowest risk, slowest ❖Metadata and files are written to the journal before being committed. ❖Ordered (default) ❖Medium risk, medium speed ❖Metadata are written to the journal only - ext3 guarantees file contents are written to disk before marked as committed in the journal. Beware of “intermediate state” problem! ❖Writeback ❖Highest risk, fastest ❖Metadata written in journal, no guarantee for file contents. Sunday, 17 June 12

Slide 58

Slide 58 text

Ext4 ❖Adds 64-bit storage limits. ❖Volumes up to 1 exabyte. Files up to 16 terabytes. ❖Improved large ﬁle performance and reduced fragmentation. ❖Backwards compatible with ext2 and 3. ❖Journal cheksumming (not present in ext3). ❖Online defragmentation. ❖Timestamps in nanoseconds. Sunday, 17 June 12

Slide 59

Slide 59 text

Files and directories Filesystems store data in ﬁles and directories. Filesystems are stored in disk partitions. You can conﬁgure partitions any way you like, but something like this is advisable: Sunday, 17 June 12

Slide 60

Slide 60 text

fstab: static fs info cat /etc/fstab fstab is a text ﬁle that contains ﬁlesystem information Sunday, 17 June 12

Slide 61

Slide 61 text

df: Partition utilization df -h df stands for “disk free” Sunday, 17 June 12

Slide 62

Slide 62 text

Mount points mount mount -o remount, ro /usr mount -a Remount /usr in read only: Mount all fs in /etc/fstab: The mount command attaches a ﬁlesystem to a mount point Sunday, 17 June 12

Slide 63

Slide 63 text

File & directory commands Command Description ls Lists the contents of a directory cd Change directory mkdir Create directory rmdir Remove directory cp Copy file mv Move file rm Remove file pwd Print the present working directory file Print the presumed type of a file chmod Change the permission attributes of a file Sunday, 17 June 12

Slide 64

Slide 64 text

Networking Sunday, 17 June 12

Slide 65

Slide 65 text

Networking Most networking is configured by editing two files: ❖/etc/network/interfaces ❖Ethernet, TCP/IP, bridging ❖/etc/resolv.conf ❖DNS Other networking files: ❖/etc/hosts ❖/etc/dhcp3/dhcpd.conf Sunday, 17 June 12

Slide 66

Slide 66 text

/etc/network/interfaces Typical default contents: Directive Description auto Indicates the device should be setup at boot time. lo Loopback interface. iface “Interface”. eth0 Ethernet device 0, typically the primary network adaptor. inet Indicates network adaptor has an IPv4 address space. dhcp Network adaptor gets its conﬁguration from a DHCP server. Sunday, 17 June 12

Slide 67

Slide 67 text

/etc/network/interfaces Good practice: fix your server’s IP address. Directive Description static Indicates the adaptor uses fixed IP configuration. address The IP address of the host. netmask Network subnet mask. gateway Gateway address. network The network portion of the IP address. nameserver The IP of a DNS. For static interfaces, you may also need to edit /etc/resolv.conf to specify DNS servers. Sunday, 17 June 12

Slide 68

Slide 68 text

/etc/hosts Ubuntu refers to this ﬁle to resolve host names before contacting a DNS. Good for frequently used hostnames, or internal network hosts. Sunday, 17 June 12

Slide 69

Slide 69 text

Network useful commands Command Description ping Test that an internet host is reachable. ifconﬁg Administer a TCP/IP network interface. sudo /etc/init.d/ networking stop, start, restart as arguments; controls network status. route Examine and conﬁgure the host’s routing table. Sunday, 17 June 12

Slide 70

Slide 70 text

Backup Sunday, 17 June 12

Slide 71

Slide 71 text

Backup “Failing to plan is planning to fail” It is a matter of time before you experience system failure on your server. When that happens, it is nice to have a backup. Sunday, 17 June 12

Slide 72

Slide 72 text

What is a backup? ... to keep multiple historical versions of your data going back far enough in time to enable recovery from a small or big disaster. Sunday, 17 June 12

Slide 73

Slide 73 text

Types of backup ❖Full - Backup the complete data set ❖Incremental - Backup only changes since last backup Periodic backup ❖Daily - Hold for the short term ❖Weekly - Hold for the medium term ❖Monthly - Hold for the long term Sunday, 17 June 12

Slide 74

Slide 74 text

Backup using a shell script #!/bin/sh #################################### # # Backup to NFS mount script. # #################################### # What to backup. backup_files="/home /var/spool/mail /etc /root /boot /opt" # Where to backup to. dest="/mnt/backup" # Create archive filename. day=$(date +%A) hostname=$(hostname -s) archive_file="$hostname-$day.tgz" # Print start status message. echo "Backing up $backup_files to $dest/$archive_file" date echo # Backup the files using tar. tar czf $dest/$archive_file $backup_files # Print end status message. echo echo "Backup finished" date # Long listing of files in $dest to check file sizes. ls -lh $dest This script rotates through 7 backups - one for each day. A modification can allow for rotation of daily, weekly, and monthly backups. Sunday, 17 June 12

Slide 75

Slide 75 text

Automating with cron Cron is used to schedule the execution of scripts. We will look at it in more detail later. # m h dom mon dow command 0 0 * * * bash /usr/local/bin/backup.sh crontab -e To enter the cron job editor To run the backup script every day of every month of every year, at midnight Sunday, 17 June 12

Slide 76

Slide 76 text

Restoring Use tar to test the integrity of an archive, or to extract its contents. tar -tzvf /mnt/backup/host-Monday.tgz To list the contents of the archive tar -xzvf /mnt/backup/host-Monday.tgz - C /tmp etc/hosts To extract a ﬁle from the archive tar -xzvf /mnt/backup/host-Monday.tgz To extract the full contents of the archive Sunday, 17 June 12

Slide 77

Slide 77 text

...or, specialised backup utilities Such as Bacula, still open-source. Sunday, 17 June 12

Slide 78

Slide 78 text

Server software Sunday, 17 June 12

Slide 79

Slide 79 text

Servers, servers, servers Most useful work on a server is done by some kind of server software: ❖Web (i.e. Apache) ❖Database (MySQL) ❖Application (LAMP - i.e Moin Moin) ❖FTP (i.e. vsftpd) ❖Network File System ❖Email (i.e. Postﬁx) ❖Etc. Sunday, 17 June 12

Slide 80

Slide 80 text

Web servers Sunday, 17 June 12

Slide 81

Slide 81 text

Web server Lot’s of choices for open source web servers. ❖Apache ❖LightTPD (YouTube, Meebo, Wikipedia) ❖Nginx ❖Roxen Sunday, 17 June 12

Slide 82

Slide 82 text

Apache: history and Apache has been around for ever (at least since the begining of the known time, when the web was invented): ❖powers 100 million websites (early 2009), over 46% of total ❖Most popular web server since 1996 ❖Lineage going back to NCSA HTTPd ❖Comprehensive set of features - you want it, it has it. Sunday, 17 June 12

Slide 83

Slide 83 text

Installing Apache sudo apt-get install apache2 Apache is installed in /etc/apache2. Sunday, 17 June 12

Slide 84

Slide 84 text

Installing Apache sudo apt-get install apache2 Apache is installed in /etc/apache2. File/Directory Description apache2.conf The main Apache2 configuration file. Contains settings that are global to Apache2. conf.d Contains configuration files which apply globally to Apache. Other packages that use Apache2 to serve content may add files, or symlinks, to this directory. envars File where Apache2 environment variables are set. httpd.conf Historically the main Apache2 configuration file, named after the httpd daemon.The file can be used for user specific configuration options that globally effect Apache2. mods-available This directory contains configuration files to both load modules and configure them. mods-enabled Holds symlinks to the files in /etc/apache2/mods-available. ports.conf Houses the directives that determine which TCP ports Apache2 is listening on. sites-available This directory has configuration files for Apache Virtual Hosts.Virtual Hosts allow Apache2 to be configured for multiple sites that have separate configurations. sites-enabled Like mods-enabled, sites-enabled contains symlinks to the /etc/apache2/sites-available directory. Similarly when a configuration file in sites-available is symlinked it will beactive once Apache is restarted. Sunday, 17 June 12

Slide 85

Slide 85 text

Works immediately Sunday, 17 June 12

Slide 86

Slide 86 text

/etc/apache2/sites- available/site_name Sunday, 17 June 12

Slide 87

Slide 87 text

/etc/apache2/sites- available/site_name ServerAdmin webmaster@localhost DocumentRoot /var/www Options FollowSymLinks AllowOverride None Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined Sunday, 17 June 12

Slide 88

Slide 88 text

Slide 89

Slide 89 text

Slide 90

Slide 90 text

Slide 91

Slide 91 text

Slide 92

Slide 92 text

Slide 93

Slide 93 text

Slide 94

Slide 94 text

Slide 95

Slide 95 text

Multiple sites Apache supports multiple sites on the same machine. Assign sites by port number, sub-domain, directory name, or any combination of the above. sudo /etc/init.d/apache2 restart After any conﬁguration changes, restart Apache Sunday, 17 June 12

Slide 96

Slide 96 text

Modules There are many modules that provide additional functionality. These modules can be installed and loaded dynamically. sudo apt-get install libapache2-mod-auth- mysql Installs the MySQL authentication module sudo a2enmode auth_mysql sudo /etc/init.d/apache2 restart Enables the new module and restarts apache Sunday, 17 June 12

Slide 97

Slide 97 text

Apache: depth and breadth Sunday, 17 June 12

Slide 98

Slide 98 text

Databases Sunday, 17 June 12

Slide 99

Slide 99 text

Database server: mySQL “The world’s most popular open-source database”* *http://www.mysql.com/ Yahoo, Google, Alcatel, Nokia, Youtube 25% market share (EDC research) Sunday, 17 June 12

Slide 100

Slide 100 text

MySQL features ❖Cross-platform compatible ❖Libraries for all major programming languages ❖Many administration choices, command line, web- based, GUIs ❖Stored procedures ❖Triggers ❖Cursors ❖Selection of storage engines (innoDB, Berkeley, etc.) ❖Replication ❖ACID compliance with innoDB, DBD, Cluster engines. ❖Full-text indexing ❖Open-source! Sunday, 17 June 12

Slide 101

Slide 101 text

Mysql installation sudo apt-get install mysql-server Installs the MySQL authentication module sudo netstat -tap | grep mysql After installation, check mysql deamon is running sudo /etc/init.d/mysql restart To restart: sudo vi /etc/mysql/my.cnf To conﬁgure: Sunday, 17 June 12

Slide 102

Slide 102 text

Create a new database and user mysql -u root -p Log on as root (asks for password): create database myDB; Create a new database: grant all privileges on myDB.* to ‘newuser’@‘localhost’identiﬁed by ‘newpassword’with grant option; Create a new user for the new database: exit; mysql -u newuser -p #asks for password use myDB; To verify this worked, exit and logon as the new user (no error messages mean all good): Sunday, 17 June 12

Slide 103

Slide 103 text

LAMP Sunday, 17 June 12

Slide 104

Slide 104 text

LAMP Linux Apache MySQL Php A popular conﬁguration for Linux servers. LAMP applications are packaged in a way that makes it easy to install and manage. Sunday, 17 June 12

Slide 105

Slide 105 text

LAMP example: Moin Moin Moin Moin is a Python-based wiki engine. sudo apt-get install python-moinmoin Install Moin Moin (expects Apache 2 already installed): cd /usr/share/moin sudo mkdir mywiki sudo cp -R data mywiki sudo cp -R underlay mywiki sudo cp server/moin.cgi mywiki sudo chown -R www-data.www-data mywiki sudo chmod -R ug+rwX mywiki sudo chmod -R o-rwx mywiki Prepare the Moin Moin directory: Sunday, 17 June 12

Slide 106

Slide 106 text

Configure Moin Moin data_dir = '/usr/share/moin/mywiki/data' Edit /etc/moin/mywiki.py data_underlay_dir='/usr/share/moin/mywiki/ underlay' In the next line, insert: ### moin ScriptAlias /mywiki "/usr/share/moin/mywiki/moin.cgi" alias /moin_static181 "/usr/share/moin/htdocs" Order allow,deny allow from all ### end moin Configure Apache; add the following lines in /etc/apache2/ sites-available/default file inside the “” tag: sudo /etc/init.d/mysql restart Restart: Sunday, 17 June 12

Slide 107

Slide 107 text

Test it... Browse to http://localhost/mywiki Sunday, 17 June 12

Slide 108

Slide 108 text

FTP Sunday, 17 June 12

Slide 109

Slide 109 text

FTP A simple way to transfer ﬁles between computers. Many open source FTP servers available on Linux: ❖ vsftp ❖ Filezilla ❖ Pure-ftpd ❖ NASLite ❖ wu-ftpd ❖ etc. Sunday, 17 June 12

Slide 110

Slide 110 text

Install vsftp “Probably the most secure and fastest FTP server for UNIX-like systems.” http://vsftpd.beasts.org/ sudo apt-get install vsftpd Install it: Sunday, 17 June 12

Slide 111

Slide 111 text

Install vsftp “Probably the most secure and fastest FTP server for UNIX-like systems.” http://vsftpd.beasts.org/ sudo apt-get install vsftpd Install it: Put your ﬁles here to make them available to FTP clients Sunday, 17 June 12

Slide 112

Slide 112 text

Connect to the FTP server Sunday, 17 June 12

Slide 113

Slide 113 text

Connect to the FTP server Anonymous connection Sunday, 17 June 12

Slide 114

Slide 114 text

Connect to the FTP server Anonymous connection Download to local machine Sunday, 17 June 12

Slide 115

Slide 115 text

Connect to the FTP server Anonymous connection Download to local machine Download completed Sunday, 17 June 12

Slide 116

Slide 116 text

Secure FTP ... local_enable=YES write_enable=YES ... Edit /etc/vsftpd.conf: Now vsftpd will ask for the user’s password and will start at their home directories. Sunday, 17 June 12

Slide 117

Slide 117 text

NFS Allows for server ﬁles and directories to be available to remote clients as if they were local. sudo apt-get install nfs-kernel-server Install it: Sunday, 17 June 12

Slide 118

Slide 118 text

NFS Allows for server ﬁles and directories to be available to remote clients as if they were local. sudo apt-get install nfs-kernel-server Install it: Set directories to be exported here: Sunday, 17 June 12

Slide 119

Slide 119 text

Export a directory Sunday, 17 June 12

Slide 120

Slide 120 text

Export a directory Export the /home directory to client with IP 192.168.178.20: Connect to the NSF export: Use as if it is local Sunday, 17 June 12

Slide 121

Slide 121 text

Email Sunday, 17 June 12

Slide 122

Slide 122 text

Email services: Postﬁx The default Mail Transfer Agent (MTA) for Ubuntu Rich set of features: ❖Protocols: ❖SMTP ❖DKIM ❖DSN status ❖ETRN ❖IPv6 ❖SASL authentication ❖TLS encryption/authoentication ❖QMQP ❖Junk mail control ❖Databases: ❖Berkley ❖CDB ❖LDAP ❖MySQL ❖PostgreSQL ❖Mailbox and Maildir formats ❖Virtual domains ❖Address masquarading ❖Selective address rewritting ❖VERP envelope return address Sunday, 17 June 12

Slide 123

Slide 123 text

Postfix installation sudo apt-get install postfix Install it: The configuration screens will come up as part of the installation. sudo dpkg-reconfigure postfix To reconfigure at a later time: sudo apt-get install postfix Install it: Or, you can edit the Postfix configuration file /etc/ postfix/main.cf. After editing, restart: Sunday, 17 June 12

Slide 124

Slide 124 text

Postfix configuration Sample values: ❖Internet Site ❖mail.example.com ❖peter ❖mail.example.com, localhost.localdomain, localhost ❖No ❖127.0.0.0/8 [::ffff:127.0.0.0]/104 [:: 1]/128 192.168.0/24 ❖0 ❖+ ❖all Check sources such as these for details on configuration: ❖http://flurdy.com/docs/postfix/ ❖http://ubuntuforums.org/ showthread.php?t=780509 ❖http://en.wikipedia.org/wiki/ Email#Workings Sunday, 17 June 12

Slide 125

Slide 125 text

SMTP authentication Allows a client to identify itself. Once authenticated, the SMTP server will allow the client to relay mail. Configuration for SMTP-AUTH is done with the Dovecot package: sudo apt-get install dovecot-postfix Install it: In production, you will need to configure the SSL certificate and key to be used with authentication and encryption. Sunday, 17 June 12

Slide 126

Slide 126 text

Test by sending yourself an email sudo apt-get install nail Install nail, a command line emailer: Sunday, 17 June 12

Slide 127

Slide 127 text

Firewall Sunday, 17 June 12

Slide 128

Slide 128 text

Firewall The Linux kernel includes the Netfilter subsystem: controls network traffic in/out. Linux firewalls utilise Netfilter. The administrator tells Netfilter how to treat data packets by configuring rules in iptables, a configuration file. In Ubuntu, we use ufw as a configuration tool for iptables. Sunday, 17 June 12

Slide 129

Slide 129 text

ufw “the friendly way to create a firewall” ufw: Ucomplicated firewall sudo apt-get install ufw Install ufw: Enable ufw and restart the server to take effect: You will not be able to restore the SSH connection until you configure ufw to allow SSH traffic: sudo ufw allow 22 sudo ufw deny 22 or Sunday, 17 June 12

Slide 130

Slide 130 text

ufw, examples of rules sudo ufw delete deny 22 Delete a rule: sudo ufw allow proto tcp from 192.168.0.2 to any port 22 Allow access from a host to port 22 of any IP address on this host: sudo ufw allow http Allow all HTTP trafﬁc: Use --dry-run to show the rule corresponding to a directive: Sunday, 17 June 12

Slide 131

Slide 131 text

ufw, examples of rules sudo ufw disable Disable the firewall: sudo ufw status See status: sudo ufw status verbose See detailed status: Application integration, predefined rules. Apply like this “sudo ufw allow Postfix” and “sudo ufw app info Postfix” to view rule details: Sunday, 17 June 12

Slide 132

Slide 132 text

Software management Sunday, 17 June 12

Slide 133

Slide 133 text

Package management Over 24,000 software packages for Ubuntu. It is a good idea to use a package manager to maintain those installed on your server.: ❖Install ❖Remove ❖Resolve dependencies ❖Compile ❖Upgrade Ubuntu is supported by apt-get, aptitude. Most packages are supported by both, so your choice. Sunday, 17 June 12

Slide 134

Slide 134 text

apt A collection of tools, not a single tool. apt-get is the most important tool. Used for tasks like: ❖Update the index ﬁles from their source ❖Upgrade all installed packages ❖Install a package ❖Remove installed package ❖Source code fetching ❖Build dependencies ❖Checks for broken dependencies ❖Clean the local repository ❖Autoclean only ﬁles in the local repository that can no longer be downloaded and are considered useless. Sunday, 17 June 12

Slide 135

Slide 135 text

Using apt-get sudo apt-get install nmap Install a package named “nmap”: Already installed, ready to use. sudo apt-get remove nmap Remove a package named “nmap”: sudo apt-get update Update the apt index (the repositories are listed in /etc/apt/ sources.list): sudo apt-get upgrade Upgrade all packages installed: All actions are recorded in /var/log/dpkg.log Sunday, 17 June 12

Slide 136

Slide 136 text

Automatic updates The “unattended-upgrades” package can automatically install updated packages. sudo apt-get install unattended-upgrades Install it: Deﬁne the type of upgrades in / etc/apt/apt.conf.d/50unattended- upgrades All actions are recorded in /var/log/unattended- upgrades Sunday, 17 June 12

Slide 137

Slide 137 text

Windows connectivity Sunday, 17 June 12

Slide 138

Slide 138 text

Windows connectivity Works as: ❖File server ❖Printer server (including PDF) ❖Domain controller in Windows networks ❖Authentication ... for Windows clients Sunday, 17 June 12

Slide 139

Slide 139 text

Samba installation For Windows XP and later clients, there is nothing to install. For the Linux server: sudo apt-get install samba Install Samba: Sunday, 17 June 12

Slide 140

Slide 140 text

Samba configuration To define a share (in this example, the home folders), edit the /etc/samba/smb.cnf file: [homes] comment = Home Directories browseable = yes read only =no create mask = 0775 directory mask = 0775 valid users = %S Make home directories shared, browsable, read-write: Define the password for a share user: sudo /etc/init.d/samba reload Reload Samba configuration: Sunday, 17 June 12

Slide 141

Slide 141 text

Access share from Windows Sunday, 17 June 12

Slide 142

Slide 142 text

Other Samba capabilities We just saw the most basic capability of Samba. Other things you can do: ❖Sharing CUPS printers ❖Various security issues ❖Active Directory integration, including Kerberos authentication ❖Database integration for user information ❖LDAP integration ❖Domain controller or client ❖WINS ❖Remote and local management Sunday, 17 June 12

Slide 143

Slide 143 text

Scheduling Sunday, 17 June 12

Slide 144

Slide 144 text

Scheduling with cron Cron is the standard job scheduler for Unix. Cron stands for “cronograph”. Every user can specify scripts or programs to run at speciﬁc time intervals in a text ﬁle called “crontab”. Sunday, 17 June 12

Slide 145

Slide 145 text

Example crontab ﬁle crontab -e Access/edit crontab ﬁle: Schedule Script to run Redirect output Sunday, 17 June 12

Slide 146

Slide 146 text

Example crontab ﬁle crontab -e Access/edit crontab ﬁle: Schedule Script to run Redirect output Sunday, 17 June 12

Slide 147

Slide 147 text

Example crontab ﬁle crontab -e Access/edit crontab ﬁle: Schedule Script to run Redirect output Sunday, 17 June 12

Slide 148

Slide 148 text

cron job deﬁnition * * * * * command to execute Sunday, 17 June 12

Slide 149

Slide 149 text

cron job deﬁnition * * * * * command to execute Day of week (0:Sunday to 7) Sunday, 17 June 12

Slide 150

Slide 150 text

cron job deﬁnition * * * * * command to execute Day of week (0:Sunday to 7) Month (1 - 12) Sunday, 17 June 12

Slide 151

Slide 151 text

cron job deﬁnition * * * * * command to execute Day of week (0:Sunday to 7) Month (1 - 12) Day of month (1 - 31) Sunday, 17 June 12

Slide 152

Slide 152 text

cron job deﬁnition * * * * * command to execute Day of week (0:Sunday to 7) Month (1 - 12) Day of month (1 - 31) Hour (0 - 23) Sunday, 17 June 12

Slide 153

Slide 153 text

cron job deﬁnition * * * * * command to execute Day of week (0:Sunday to 7) Month (1 - 12) Day of month (1 - 31) Hour (0 - 23) Minute (0 - 59) Sunday, 17 June 12

Slide 154

Slide 154 text

cron shortcuts Entry Description Equivalent @reboot Run once at starttup - @yearly Run once a year 0 0 1 1 * @annually Same as @yearly 0 0 1 1 * @monthly Run once a month 0 0 1 * * @weekly Run once a week 0 0 * * 0 @daily Run once a day 0 0 * * * @midnight Same as @daily 0 0 * * * @hourly Run once every hour 0 * * * * Sunday, 17 June 12

Slide 155

Slide 155 text

Web-based administration Sunday, 17 June 12

Slide 156

Slide 156 text

Webmin: web based server Open source interface for system administration based on modules: ❖User management ❖Apache ❖MySQL ❖OpenSSH ❖DNS ❖File sharing ❖etc. Sunday, 17 June 12

Slide 157

Slide 157 text

Webmin installation and conﬁguration wget http://prdownloads.sourceforge.net/webadmin/ webmin_1.500_all.deb dpkg --install webmin_1.500_all.deb Get required deb ﬁle and install it: Sunday, 17 June 12

Slide 158

Slide 158 text

Access Webmin https://serverIP:10000 Webmin modules Statistics Sunday, 17 June 12

Slide 159

Slide 159 text

Access Webmin https://serverIP:10000 Webmin modules Statistics Sunday, 17 June 12

Slide 160

Slide 160 text

Access Webmin https://serverIP:10000 Webmin modules Statistics Sunday, 17 June 12

Slide 161

Slide 161 text

Access Webmin https://serverIP:10000 Webmin modules Statistics Sunday, 17 June 12

Slide 162

Slide 162 text

Vim Sunday, 17 June 12

Slide 163

Slide 163 text

Vim: universal Unix editor Sunday, 17 June 12

Slide 164

Slide 164 text

Vim and vi Vim is an improved version of vi, the stock-standard text editor for Unix and Linux systems. sudo apt-get install vim Install vim vim filename start vim Use commands expressed by keystrokes to control vim (see cheat sheet in next slide). Sunday, 17 June 12

Slide 165

Slide 165 text

Vim cheat sheet Sunday, 17 June 12

Slide 166

Slide 166 text

Go on and build your server. Notes and videos available at http://blog.futureshock-ed.com. A discussion group available at http://groups.google.com/group/linux-alumni Any feedback appreciated. Have fun and stay in touch! Sunday, 17 June 12