Wednesday, December 31, 2008

Securing System with DenyHost package

Denyhost is a package which is exellent for blocking brute forc ssh attacks.
It is also easy to install and manage.

Installation


apt-get install denyhosts


Configuration:

Default configuration are pretty good but you can tune the basic.

/etc/denyhosts.conf

It reads the logs and add those IPs which try to break in /etc/hosts.deny

You can add your IP/valid IP or with your domain.
/etc/hosts.allow

sshd: yourdomain.com 192.168.0.1

Start/stop service


/etc/init.d/denyhosts stop

/etc/init.d/denyhosts start

Purging denyhost


denyhosts --purge

The /etc/rc3.d contains the denyhost which start on run time.

Wednesday, November 5, 2008

LDAP server on Debian ETCH




INSTALLATION
apt-get install slapd ldap-utils libldap-2.4-2 libdb4.6

During installion it will ask you questions like passwd or domain name (it did not ask my installation)
Administrator password: password
Confirm password: password

CONFIGURATION

Client side : (Remember same system is serving as client and server.)
Edit /et/ldap/ldap.conf

BASE dc=fizaan, dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
URI ldap://10.0.2.15

#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never


Server Configuration

These Schemas by default are included, if not make sure they are included.
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema


Change the log level from 0 to 256

loglevel 256

Data base, you can change if you want different. I m using default.

database bdb

Your domain name, be default
# The base of your directory in database #1
suffix "dc=fizaan,dc=com"

rootdn you will use to access the ldap server, the passwd I changed using slappasswd
# rootdn directive for specifying a superuser on the database. This is needed
# for syncrepl.
rootdn "cn=admin,dc=fizaan,dc=com"
rootpw {MD5}gdyb21LQTcIANtvYMT7QVQ==


Index options, I added index uid eq, you can add more e.g index gid eq
index objectClass eq
index uid eq


CHANGING OWNERSHIP AND RESTART OF SERVER.

sudo invoke-rc.d slapd stop
sudo slapindex
sudo chown openldap:openldap /var/lib/ldap/*
sudo invoke-rc.d slapd start


TESTING LDAP SERVER
type ldapsearch -x, it will show you all ldap entries.

ldap:/home/imran# ldapsearch -x
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# fizaan.com
dn: dc=fizaan,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: fizaan.com
dc: fizaan
.
.


CREATING BASIC DIRECTORY STRUCTURE

Create a file /var/tmp/ou.ldif with these, it will add two organizational unit under you top level domain, add by following command.

ldap:/home/imran# slapadd -c -v -l /var/tmp/ou.ldif

dn: ou=People,dc=fizaan,dc=com
ou: People
objectClass: organizationalUnit

dn: ou=Group,dc=fizaan,dc=com
ou: Group
objectClass: organizationalUnit



CREATION OF USERS/POPULATING DIRECTORY

Create a file with following information, of users and add it with this command
ldap:/home/imran# ldapadd -c -x -D cn=admin,dc=fizaan,dc=com -W -f /var/tmp/user1.ldi


dn: cn=aanish,ou=group,dc=fizaan,dc=com
cn: aanish
gidNumber: 20002
objectClass: top
objectClass: posixGroup

dn: uid=aanish,ou=people,dc=fizaan,dc=com
uid:aanish
uidNumber: 20002
gidNumber: 20002
cn:Aanish
sn:Imran
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
loginShell: /bin/bash
homeDirectory: /home/aanish


TESTING OF ADDED USERS
ldap:/home/imran# ldapsearch -x uid=aanish
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: uid=aanish
# requesting: ALL
#

# aanish, people, fizaan.com
dn: uid=aanish,ou=people,dc=fizaan,dc=com
uid: aanish
uidNumber: 20002
gidNumber: 20002
cn: Aanish
sn: Imran
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
loginShell: /bin/bash
homeDirectory: /home/aanish

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
ldap:/home/imran#


CLIENT TOOL
1) luma
apt-get install luma
after installation, on command prompt type luma, it will be started.
First add you ldap server by clicking Setting, Edit serve list and ADD, give IP address of your server. After adding the server give the authentication credentials.
(see above Fig1)

2) phpldapadmin is a web based Graphical tool, you can install very easily
apt-get install phpldapadmin

In browser write address of server and login with credential
User :cn=admin,dc=fizaan,dc=com
Passwd:1234
(see above Fig2)

Reference
Ldap Install
Debian ldap

Sunday, October 12, 2008

Window 2003 Termianl Server Installation, Configuration and Maintenance

Server End:
Installation
During Installain of Windows 2003 Server, Terminal srver installs by default, no need to install again.

Configuration
Step 1:Share Remoter Desktop Connection by sharing this folser: C:\Windows\system32\clients\tsclient\win32 to access folser and copy in their system.
Step 2: Give permission to user e.g imran by Right click on win32 folder, click propterties, select Security tab and click add, enter user name: imran (this user should already be created in server machine) under enter Object name
Step 3: Allow remote users to access remotely by Enabling Remote access.
Step 4: Right click on My computer, Click Properties, select Enable Remoter Desktop in this computer.

client Side:

Step 1: If your client is Windows XP: Click start, All programmes, Accesseries and then Open Remote Desktop Connection
Step 2: Write IP of terminal server e.g 192.168.1.102
Step 3: Give user name and password, this usre name and passward should be permit
Step 4: This will open the Terminal to you

Note: Default mode (Administrative) only allow 2 users to access.

Changing Remote Administrative to Applicatoin user
Server Side
Step 1: Open Add/remove programs from Control panel
Step 2: Open Add/remove Windows components, check the terminal serve after opening the window
Step 3: Click next, this will start installain, privide Windows 2003 serve CD.
Step 4: Finish and restart the machine.

Managing the Terminal Server by opeing the Terminal service Manager
and
To manage Terminal Services Protoclo Configuratoin RDP, open Terminal Service Configuration from Administrative tools

Window 2003 DFS Server Installation, Configuration and Maintenance

Server Side:
Installation:

In windows 2003 Installatin, DFS is installed by default, no need to install again.

Configuration:
Client Side:
Step 1: Make a filder e.g c:\DFS-client1
Step 2: Share the folder and set the permissin.

Server Side:
Step 1: Make a folder and share it, e.g C:\root
Step 2: Open Distributed File System from Administrative Tools
Step 3: Right click on Distributed file systme, Click New Root, a wizard will start, click Next.
Step 4: If you have Domain, select Domain root, if WORKGROUP then Stand-alone root , I am using stand-alone root, click Next.
Step 5: Write Server name or IP e.g 192.168.1.102, click Next
Step 6: Now give the root name, shared folder made in first step on srver e.g root and Finish the wizard.
Step 7: After finish right click on \\TEST03-SERVER\root and click New Link
Step 8: Name of Link for client1 e.g 192.168.1.104, select the path to shared folder by click on Browse, Entire Network, Microsoft Windows Network, Workgroup, 2003-client select DFS-client1, press ok, Finsih
Step 9: Repeat the same steps for other clients.

Saturday, October 11, 2008

Window 2003 FTP Server Installation, Configuration and Maintenance

Server Side

You server must have IIS and static IP
InstallationStep 1:
Step 1: Open add/remove programs from Control panel
Step 2: Click add/remove windows components,
Step 3: Select Application Server, select Internet Information Server (IIS), click details, check FTP along with default checks.
Step 4: This will start installation wizard, provide 2003 cd, during install.

Configuration
Step 1: Open IIS from Administrative Tools
Step 2: Right click on FTP Sites, click New FTP Site..
Step 3: Wizard will start, Next, wirte Description e.g ftp server, Next
Step 4: Select IP e.g 192.168.1.102, port 21 (default), Next
Step 5: FTP user usolation, check Isolate users, Next
Step 6: FTP sites home Directory, browse, select drive e.g C, click Make New Folder, cheate folder e.g FTP, ok
Step 7: Allow file permission Read, Write (if you want to give write rights), finish
Client Side
Step 1: Open browser and write serve IP ftp://192.168.1.102
Step 2: Provide credentials if required
Step 3: Browse and use

Thursday, October 9, 2008

Window 2003 Web Server (IIS) Installation, Configuration and Maintenance

Server End
Pre-request
DNS in your networkd.
Domain in your network.
Static IP configured in server where you are going to install IIS.
Make a folder e.g C:/web in you server and store page inded.html

Installation
Step 1: Open control add/remove programs, click add/remove Windows components
Step 2: Select Application services, click details
Step 3: Check Internet Information Services
Step 4: Click ok then Next

Configuratoin

Step 1: Open IIS from administrative tools
Step 2: Right click on Web sites, click New site...
Step 3: Wizard will start, next, description e.g my web site, next
4tep 4: Give IP: 192.168.1.102, prot 80 default, header www.fizaan.com
Step 6: Browser the path to we directory e.g web
Step 7: Set the web site permission, next and finish.
Step 8: Expand the web sites folder left side and right click on websites click propterties
Step 9: Click the Documents tab, move up default page index.html to top
Step 10: Ok

Client Side
Step 1: Set the DNS to Your DNS server 192.168.1.102
Step 2: Open the browser and write www.yhaoo.com
Step 3: This will open the page
Step 10:

Window 2003 DHCP Server Installation, Configuration and Maintenance

Installation
You server should have static IP on it.

Step 1: Click add/remove windows components in add/remove progmrams in Control panel
Step 2: Select Networking Services, dlick details,
Step 3: check only Dynamic Host configuration Prptocol (DHCP), OK, Next, This will start installation
Step 4: Finsih


Configuration

Step 1: Open DHCP from Administrative Tools
Step 2: Right Expand Computer name e.g Test03-server, click New Scope
Step 3: Write name of scope e.g fizaan-dhcp and Descrition
Step 4: Enter Start IP: e.g 192.168.1.150 and End IP: e.g 192.168.1.250, Subnet mask Length: 24 and mask: 255.255.255.0, Next
Step 5: Skip Add Exclusions, Next, Lease Duration change default 8 days to 1, press Next
Step 6: Configure options now, press Next, Give Router IP of your Network: 192.168.1.1
Step 7: Give Domain Name: fizaan.com, DNS server IP:192.168.1.102, WINS server IP: 192.168.1.104
Step 8: Activate scope, select Yes I wan to activate this scope now, Press Next

Your DHCP server is ready now

Client side Steps
Open properties of client network card, put on get IP automatic and release old by writing ipconfig /rlease on dos prompt.

Changing/Writing later DNS,WINS and Router IP

Step 1: Open DHCP from Administrative Tools and expand the Scope tree folder
Step 2: Right click on Server options and Click Configure options (same can be done via scope options)
Step 3: From General tab select different options check Router IP, WINS, DNS and give respective IP
Step 4: Click apply and ok

Window 2003 WINS Server Installation, Configuration and Maintenance

Installation

Step 1: Open add/remove Windows by selecting add/remove programes in Control Panel
Step 2: Select Networking Service, click details
Step 3: Check Windows Internet Name Server
Step 4: Click Ok, Next

Configuration

Step 1: Open WINS from Administrative tools and expand Computer Name e.g TEST03-SERVER (192.168.1.102)
Step 2: Right Click on Active Registration then select Display
Step 3: From new window, Click Record Types (3rd Tab), Click Clear All
Step 4: Select only those tecord which you want to display, Click Find now

Back up WINS Database
Step 1: In WINS, right Click on computer name and select properties
Step 2: In General tab, click browse, select driver, make new folder e.g WINS backup, press OK.
Step 3: Right click again on computer name and click backu, it will take the backup

Restore WINS backup
Step 1: Stop WINS service by right click on Computer name in WINS, all taks then Stop, this will put red cross on WINS (cannot find WINS server)
Step 2: After stop, right click on computer name agian in WINS, click Restore Database
Step 3: Provide path and click ok


WINS Replication

Step 1: Install WINS on 2nd Computer in the same way did in frist.
Step 2: Open WINS from Administrative Tools, select computer name
Step 3: Right click on Replication Partner, select New Replication partner
Step 4: In pop-up windows give the IP or name of 2nd WINS e.g 192.168.1.104
Step 5: Select the Replication partner in right windows, right click on it
Step 6: Start push Replication, check Start for this partner only, press ok, ok
Step 7: Start pull Replication,
Step 8: FOLLOW SAME STEPS ON WINS SERVER 2 AT 192.168.1.104

Wednesday, October 8, 2008

Window 2003 Secondary DNS Server/Taking Backup of Primary to Secondary DNS

Primary DNSWe have already installed Primary DNS on 192.168.1.102, see Windows 2003 DNS Installation and Configuratoin tutorial.

Secondary DNS/ Backup DNS
Installation and Configuration on Secondary DNS

Step 1: Set the static IP e.g 192.168.1.104, insert Windows 2003 CD into CD rom
Step 2: Open Windows components from Add Remove Programe in Controll Pannel
Step 3: Select Networking Services, click Details, check only on Domain Name Systme DNS, Click Next, This will Install DNS.
Step 4: After install open DNS, expand computer Name, right click on Forward Lookup Zone, right click, Click New Zone
Step 5: Wizard will start, Next, Select Secondary Zone type, Next
Step 6: Enter zone name, fizaan.com, Next
Step 7: Write Master DNS IP here it is 192.168.1.102, add, Next, Finish
Further Steps on Primary/Master DNS
Step 8: Open DNS and expand Forward Lookup Zones
Step 9: Select Zone name e.g fizaan.com, right click select properties
Step 10:Select Zone Transfer, check Only to the following servers,
Step 11:write Secondary DNS/backup DNS IP e.g 192.168.1.104, press, Add, apply and Ok

Verification: on Secondary/Backup, open DNS, expand computer name right click on zone e.g fizaan.com, slect Transfer from Master, This will transfer the reconds.

Tuesday, October 7, 2008

Windows 2003 Active Directory Removel

Server Side

Step 1: Click Start,Run, write dcpromo
Step 2: A wizard will start, click Next
Step 3: Check This server is the last domain controoler in the domain on Removel Active Directory page, click Next
Step 4: click yes on do you want to coninue
Step 5: On Application Directory Partitons page, click Next to remove all partitions
Step 6: Check Delete all application directory partitions on this domain controller, Next
Step 7: Give root passwd and click Next, It will start to remove, If you face any error re-do the all above steps
Step 8: click Finish and Restart the computer
Step 9: Remove suffix domain name e.g fizaan and restart again

Disjoin the Domain on client

Step 1: Right click on My Computer, click properties
Step 2: Click Computer Name, then change button and Select Workgroup and write WORKGROUP
Step 3: Restart the computer

Windows 2003 DNS Installation, Configuration

Installation: Server Side

Step 1: Insert Windows 2003 CD into cd rom
Step 2: Open control pannel: first open my computer then click control panel
Step 3: Open add/remove program then open add/remove windows compnent
Step 4: Select Networking services, click detain button, check Domain Name System DNS
Step 5: Press OK, this will install the DNS, press Finish

Configuration Server Side
Creation of Forward Lookup zone
Step 1: Open DNS from Administrative Tools
Step 2: Click-right on Forward Lookup Zones, then New Zone
Step 3: Wizard will start, click Next, Select Primary Zone, Next
Step 4: Write Zone name e.g fizaan.com
Step 5: Zone File name, no need to change fizaan.com.dns, click Next
Step 6: Select Allow Dynamic updates both secure and non secure, Next, finish the Wizard
Step 7: click fizaan.com folder in right side window,
Step 8: Double Click on Namer Server Type
Step 9: Click on add button, write FQDN e.g fizaan.com and IP of a DNS Server, it same machine 192.168.1.102
Step 10: Apply and Ok

Creation of New host Record in zone
Step 1: Right click on Zone name e.g oslo.com, right click on right side windows
Step 2: Click New Host(A)
Step 3: Write Name e.g www, then IP address: 192.168.1.102 (same machine also have web server)
Step 4: Add host, host have been created successfuly, this installed the host record.

Making Reverse Look-up zone
Step 1: open DNS and expand, select Reverse Lookup zone, right click New Zone
Step 2: Wizard will start, select Primary zone, Next
Step 3: Enter Network ID: 192.168.1, Next
Step 4: Leave the Revere lookup zone name as it is,1.168.192.in-addr.arpa.dns, Next
Step 5: Select Allow both nonsecure and secure dynamic updates, Next, finish
After that Create the POINTER RECORD in it
Step 6: Expand Reverse lookup zones, click 192.168.1.x.Subnet
Step 7: Right click on right side window and select New Pointer(PTR)
Step 8: Enter Host IP e.g 102 and host name test03-server.fizaan.com in my case.
Step 9: Press Ok


Client Side


Check/change the DNS to newly installed DNS 192.168.1.102

Step 1: click start, run, write nslookup
Step 2: write the zone name e.g > oslo.com
Step 3: It will give the Name: oslo.com and Address: 192.168.1.102
Step 4: now write the name of Web server e.g > www.oslo.com
Step 5: It will/should give Name: www.oslo.com Address: 192.168.1.102

Saturday, October 4, 2008

Windows 2003 Users and Group Managment in Active Directory

Creation of Users and Groups

Step 1: Open Active Directory users and Computer, for that click start,
Administrative Tools
Step 2: Expand domain name, fizaan, right click on user, click new user
Step 3: Fill credentials of user in open windows
Step 4: Provide good password, 2003 has some policy of choosing password
Step 5: Click finish
Step 6: Login from client using this user/pasword, remember choose the domain FIZAAN, in login window

Creation of Group
Step 1: Open Active Directory users and Computer, for that click start,
Administrative Tools
Step 2: Expand domain name, fizaan, right click on user, click new group

Step 3: Provide the group name, scope and Type. press OK

Adding members in Group
Step 1: Right click on group name and properties
Step 2: Click member tab, add button, write user name aanish, you can fine users by clicking Advance
Step 3: Click Ok

Setting user login time and selected Computer
Step 1: Right click on user name then click properties
Step 1: Click Account tab, Logon hours, select the time
Step 1: for setting selected computer, on account tab, click Logon To and select the computer by writting it's name.

Friday, October 3, 2008

Windows 2003 Active Directory Installation and Configuration

Windows 2003 Server: Installation
You computer is connected to switch and get ip from DHCP server or static
Step 1: Click start,Run,enter dcpromo
Step 2: Click next and next again
Step 3: Select the Domain controller for your domain, click next
Step 4: Select Domain in New forest and Next
Step 5: Write FQDN e.g fizaan.com, click Next
Step 6: Netbion name FIZAN, click next
Step 7: Click next on Database and log folder, leave the default
Step 8: Shared system Volume Folder, leave it default and click Next
Step 9: Select Install and configure the DNS on the computer and cleck Next
Step 10:Permission Compatible with Pre Windows.... and click Next
Step 11:Restore mode Password, leave it blank click Next
Step 12:Summary page, view and click Next
Step 13:It will ask the Windows 2003 Server CD
Step 14:End of Active Directory Installation wizard, press Finish
Step 15:Restart the computer

Windows 2003 client: Configuration
This computer is in same network in server and have IP.
Step 1: Right click on My computer icon and click properties
Step 2: click Computer Name and change button
Step 3: Select the Domain, write fizaan, click OK
Step 4: Prompt for user name and password, provide(I did not mention in above server installation)
Step 5: There will be message prompt " Welcome to the Fizaan domain", press ok
Step 6: Restart the computer

Tuesday, September 16, 2008

How to setup TFTP server on Debian

Step 1: Installation of tftpd package (server) and client
aptitude install tftpd
aptitude install tftp

Step 2: Creating Directory and setting permission
mkdir /tftpboot
chmod 777 /tftpboot
chown imran.imran /tftpboot

Step 3: Checking and editing(if required) the /etc/inetd.conf
Correct the location of director from /srv/tftp to /tftpboot

tftp dgram udp wait nobody /usr/sbin/tcpd /usr/sbin/in.tftpd /tftpboot

Don't forget to restart.
It is is tricky to restart the tftpd, you have to restart inetd, but in Debian it is openbsd-inetd
cd /etc/init.d
./openbsd-inetd restart

Step 4: Testing
Type following
tftp 127.0.0.1
tftp>

Step 5: Security

you can edit /etc/hosts.allow and /etc/hosts.deny for restriction.

That's it.

Further doc

http://www.debianhelp.co.uk/tftp.htm
http://www.onlamp.com/pub/a/bsd/2003/06/05/FreeBSD_Basics.html

Monday, September 8, 2008

How to Setup Central Syslog server in Debian Etch

As it is installed in debian in OS installation.

Step 1: Stop Sysllog server.
/etc/init.d/sysklogd stop

Step 2: Start remote acception
edit /etc/default/syslogd

change SYSLOGD="" to "-r"

Step 3: Create a file to log remote log messages (optional)

edit /etc/sylogd.conf
*.*;auth,authpriv.none to
*.*;auth,authpriv,local0.none
append at the end the path to file
local0.* -/var/log/sxlog

Step 4: Restart the syslog server
/etc/init.d/sysklogd start

a meesage with "remote reception" by doing tail -f /var/log/messages confirms.

Setp 5: Test by viewing the file
cat /var/log/sxlog

Further info
http://news.softpedia.com/news/Setting-Up-a-Central-Syslog-Server-44063.shtml

Tuesday, August 26, 2008

Installation and Configuration of Joomla CMS! on Debian ETCH

Step 1: Install the LAMP server and also phpmyadmin
See my blogpost "Installation of LAMP on Debian"
#aptitude install phpmyadmin

Step 2: Download Lattest version of Joomla e.g
dwonload from following location
http://linux.softpedia.com/progDownload/Joomla-Download-5739.html

Step 3: make directory under /var/www/joomla and decompress joomla
mkdir /var/www/joomla
cd /var/www/joomla
tar -xvf var/www/Joomla_1.5.6-Stable-Full_Package.tar.gz


Step 4: Create Database in MySQL

#mysqladmin -u root -p create Joomla
mysql -u root -p
mysql>GRANT ALL PRIVILEGES ON Joomla.* TO Joomla@localhost IDENTIFIED BY 'Joomla';
mysql>flush privileges;
mysql>quit


Step 5: Change ownership and priviliges of /var/www/joomla
chown www-data.www-data /var/www/joomla
chmod 777 /var/www/joomla

Notw: Rechange this mode to normal after installation.

Step 6: Begin installattion
http://192.168.100.10/joomla
This will start the wizard, answer the questions, in check list try to eliminate missing components (in red color) and also remember following;
Database Name:Joomla
Database User:Joomla
Password:Joomla
Admin passowrd: you will enter at the end.

At the end this will ask to remove the installation directory.

Further information

http://www.craigschurr.com/index2.php?option=com_content&do_pdf=1&id=16
http://www.linux-vashi.blogspot.com/2008/02/how-to-install-joomla-on-debian-etch_12.html

Import and Export mysql database in Debian using phpmyadmin

Step 1: Install phpmyadmin

aptitude install phpmyadmin

Step 2: Login to phpmyadmin

https://192.168.100.1/phpmyadmin/
Default user: root
Enter root password.

Step 3: Export Database

After log in, click Export
In EXPORT menue select your database
e.g joomla
Select format under Select All/Unselect All
e.g SQL (by default)
Click Save as file e.g jooml
Press Go (botton right)
Save it to your local hard disk

Step 4: Import Database

Press Import after log in to phpmyadmin in other machine.
select the file under Location of the text file,
Leave every thing by default and
Press Go
This will import the mysql database.

Monday, August 25, 2008

Recover MYSQL root password in Debian

Step # 1 : Stop mysql service

# /etc/init.d/mysql stop

Step # 2: Start to MySQL server without password

# mysqld_safe --skip-grant-tables &

Step # 3: Connect to mysql server using mysql client:

# mysql -u root

mysql>
Step # 4: Setup new MySQL root user password

mysql> use mysql;
mysql> update user set password=PASSWORD("imran") where User='root';
mysql> flush privileges;
mysql> quit

Step # 5: Stop MySQL Server:

# /etc/init.d/mysql stop

Step # 6: Start MySQL server

# /etc/init.d/mysql start

Step # 7: Test it
# mysql -u root -p

Installation of LAMP on Debian

Step 1) Installation of Apache and PHP4

aptitude install apache2 php4 libapache2-mod-php4

Step 2) Installation of MySQL Server

aptitude install mysql-server mysql-client php4-mysql

change of MYSQL root Pasword
mysql -u root
mysql> USE mysql;
mysql> UPDATE user SET Password=PASSWORD('new-password') WHERE user='root';
mysql> FLUSH PRIVILEGES;

step 3) Installation of PhpMyAdmin

aptitude install phpmyadmin

Edit /etc/apache2/apach2.conf:
append at the end
Include /etc/phpmyadmin/apache.conf

Testing

http://domainname.com/phpmyadmin/

Login using mysql root and create users.

Further docs
http://www.howtoforge.com/ubuntu_debian_lamp_server

Installing and configuring DHCP on Debian

Step 1: Install DHCP package

aptitude install dhcp3-server

Step 2: Configure DHCP package

option domain-name "domain.com";
option domain-name-servers 10.0.0.2, 193.10.10.10;
option routers 10.0.0.1;
default-lease-time 3600;
subnet 10.0.0.0 netmask 255.0.0.0 {
arrange 10.0.0.100 10.0.0.254;

#OPTIONS
#if you want to assign IP based on MAC address
host imran {
hardware ethernet 00:50:BA:82:DE:63;
fixed-address 10.10.10.10;
}
}

Step 3: Restart

/etc/init.d/dhcp3-server restart

Further Docs

http://www.debianhelp.co.uk/dhcp.htm

Useful Linux commands

Adding user name and password in authentication file in Apache2

root@jupiter:/etc/apache2# htpasswd /etc/apache2/intranet.passwd halvard

This will append the MD5 password with user in file.

Installation of Java on Ubuntu

root@imran-desktop:~# sudo apt-get install sun-java6-jre sun-java6-plugin sun-java6-fonts
root@imran-desktop:~# java -version
java version "1.6.0_16"
Java(TM) SE Runtime Environment (build 1.6.0_16-b01)
Java HotSpot(TM) Client VM (build 14.2-b01, mixed mode, sharing)



Check directory size

du -hs /home/imran/

How to check all installed packaged and version of a specific installed package

dpkg -s apache2
dpkg --list |more

How to Zip and unzipp


#aptitude install zip unzip
zip imran.zip file1 file2 file3

Then you can extract the original files like this:
unzip imran.zip

Thursday, August 21, 2008

How to copy files/directory in Debian using rsync and scp over network

1) Network copying using rsync

Step 1: Install rsync on both machines
aptitude install rsync

Step 2: Edit of /etc/default/rsync on both machines
RSYNC_ENABLE=false
to
RSYNC_ENABLE=true

Step 3: Restart rsync on both machines
/etc/init.d/rsync restart

Step 4: Start copy from machine1 to machine2
rsync -e ssh -avz /home/imran 192.168.100.10:/media/usbdisk/imran
options
a: archive mode perserver file permission
v: verbose
z: compress (this will reduce time)
This will prompt for password, enter password, you will see
building file list..

Backup using Rsync
Make script and place it under /etc/cron.daily.
Generate and copy the key

ssh-keygen -t dsa,
and press Enter when prompted for a passphrase. After the key is created, use
ssh-copy-id -i .ssh/id_dsa.pub root@remote.host.com

to copy the public key to the remote host.

(Note: this presume that SSH is installed with key transfer)


2) Network copying using scp

scp -Cr /home/imran 192.168.100.10:/media/usbdisk

r:recursvly copying
C:exncrytpion 3DES default.
Don't use this method if directory contails too many files.

Further reading:
http://www.crucialp.com/resources/tutorials/server-administration/how-to-copy-files-across-a-network-internet-in-unix-linux-redhat-debian-freebsd-scp-tar-rsync-secure-network-copy.php

Saturday, August 16, 2008

ENABLE AUTHENTICATION ON DEBIAN APACHE WEB SERVER

Step by Step Guide;

Step 1 Enable Digest Authentication
This authentication does not supported by default
#a2enmod auth_digest

Step 2 Set up user/password/realm
htdigest -c /var/www/munin/.htpasswd munin username
munin is realm and username is username.
supply "username" user password,

Step 3 Making Authentication required
go back to /etc/apache2/sites-available/monitoring.

Options FollowSymLinks
AllowOverride None
#authentification
AuthType Digest
AuthName "munin"
AuthDigestFile /var/www/munin/.htpasswd
#people using apache 2.2 will use instead:
#AuthUserFile /var/www/munin/.htpasswd
require valid-user

Step 4 Reload apache configuration
#apache2ctl -t
Syntax OK
$/etc/init.d/apache2 force-reload

Step 5 Tesing and Running
Now, go to http://monitoring.example.com with your browser. A box should prompt you for a username and password. Supply the one you define above and you should be given access to munin statistics.

Monitoring Linux (Debain) Network With Munin

It requires following packages;

• Web Server e.g apache
• Munin Server
• Munin Clients
• Measuring temperature using smartmontools
• Munin Windows plugins
• Documentation and further Reading


WEB SERVER e.g APACHE

Linux Apach2 for debian
#apt-get install apache2-mpm-prefork
Run the script “apache2-ssl-certificate” i.e
# apache2-ssl-certificate

MUNIN ON SERVER

#apt-get install munin munin-node
Edit Configuration
/etc/munin/munin.conf

# a simple host tree
[localhost.localdomain]
address 127.0.0.1
use_node_name yes

[machine1.domain.com]
address xx.xxx.xxx.xx
use_node_name yes

[machine2.domain.com]
address xx.xxx.xxx.xx
use_node_name yes
##please write ip on xx

MUNIN ON CLIENTS
Instlal it in each client
#apt-get install munin-node

change configuration
/etc/munin/munin-node.conf

Edit Configuration on each Client Machine
Client 1 machine1.domain.com
#
# Example config-file for munin-node
#
log_level 4
log_file /var/log/munin/munin-node.log
port 4949
pid_file /var/run/munin/munin-node.pid
background 1
setseid 1
# Which port to bind to;
host *
host 127.0.0.1
host xx.xxx.xxx.xx
## xx server IP
user root
group root
setsid yes
allow ^127\.0\.0\.1$
allow ^xx\.xxx\.xxx\.xx$
Testing
browse under http://ipaddress/munin
Examples can be found here: http://www.linpro.no/projects/munin/example/
If you have any problems you need to check the log files of munin located at /var/
log/munin directory


MEASURING TEMPERATURE USING SMARTMONTOOLS


1.#apt-get install smartmontools
which is apparently needed by munin's hddtemp_smartctl plugin ;
2. and ln -s /usr/share/munin/plugins/hddtemp_smartctl /etc/munin/plugins/hddtemp_smartctl
.. which 'activates' the plugin ;
3. and /etc/init.d/munin-node restart to apply these changes.

WINDOWS PLUGIN
http://www.jory.info/#downloads_muninnode
http://munin.projects.linpro.no/wiki/HowToMonitorWindows
http://www.debuntu.org/book/export/html/134

DOCUMENTATION AND FURTHER READING
http://www.debianhelp.co.uk/munin.htm
http://www.debianhelp.co.uk/munin.htm

Thursday, August 14, 2008

Mounting External USB Disk on Debian

After plugin USB, see any activity
tail -f /var/log/syslog

if nothing about usb mass storage, check reasons. If "no loadable modules!", your old Kernel does not support USB, you might need to upgrade it (depending upon hardware of machine) in my case it was the Via CPU which is not a
full-blown 686.
Then install the new kernel
apt-get install linux-image-2.6.18-4-486

After that config the lilo or grub in our case it was lilo:
edit /etc/lilo.conf
default=2.6.18

Then restart the machine.

check activity and see syslog (see up command)
Kernal find the disk
Aug 14 20:05:11 neptune kernel: usb-storage: device found at 3
Aug 14 20:05:11 neptune kernel: usb-storage: waiting for device to
settle before scanning
Aug 14 20:05:16 neptune kernel: Vendor: ATA Model: SAMSUNG
HD321KJ Rev: CP10
Aug 14 20:05:16 neptune kernel: Type: Direct-Access
ANSI SCSI revision: 05
Aug 14 20:05:16 neptune kernel: SCSI device sda: 625142448 512-byte hdwr
sectors (320073 MB)
Aug 14 20:05:16 neptune kernel: sda: Write Protect is off
Aug 14 20:05:16 neptune kernel: sda: Mode Sense: 00 00 00 00
Aug 14 20:05:16 neptune kernel: sda: assuming drive cache: write through
Aug 14 20:05:16 neptune kernel: SCSI device sda: 625142448 512-byte hdwr
sectors (320073 MB)
Aug 14 20:05:16 neptune kernel: sda: Write Protect is off
Aug 14 20:05:16 neptune kernel: sda: Mode Sense: 00 00 00 00
Aug 14 20:05:16 neptune kernel: sda: assuming drive cache: write through
Aug 14 20:05:16 neptune kernel: sda: sda1 sda2 sda3 sda4
Aug 14 20:05:16 neptune kernel: sd 1:0:0:0: Attached scsi disk sda
Aug 14 20:05:16 neptune kernel: usb-storage: device scan complete

This means that the device was inserted into the kernel as /dev/sda.

From the bottom of the log, you see that the device has four partitions.
(sda1, sda2, sda3, sda4) If you don't know what filesystems they
contain, you can make mount autodetect by:

mount /dev/sda2 /mnt/media

When you finish your work, unmount this can corrupt the file system.

umont /mnt/media


Thanks Fredrik Gratte, from Owera As

Tuesday, August 12, 2008

Squirrelmail Web Client Installatin and Configuration on Debian

Following things are involved.
  1.  MAIL SERVER 'Exim4'
  2.  INSTALLATION OF PACKAGES
  3.  CONFIGURATION
  4.  FURTHER DOCUMENTATION
MAIL SERVER:
We are already running EXIM4, as our mail mail server on a different machine and network with folloing IMAP and SMTP

Imap.domain.com
Smtp.domain.com

No need to install it from scracth.

INSTALLATION OF PACKAGES:
A) Web server Apache with ssl support
Install apache2: apt-get install apach2
install ssl certificate: apt-get install ssl-cert
generate certificate: openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/apache.pem -keyout /etc/apache2/apache.pem

country name: NO
state name: Oslo
locality name: Oslo
organizaion name: yourcompany
organizatinal unit: IT
common name: webmail
email addres: youremail@yourdomain.com

B) PHP4 (php5 has some problems)
PHP4 Installation: apt-get install php4

C) UW IMAP
Installation of uw-imapd: apt-get install uw-imapd

D) Squirrelmail
Squirrelmail Installation: apt-get install squirelmail
you can also download from this location and install,
http://www.squirrelmail.org/download.php

CONFIGURATION:

Apache WebServer

chmod 600 /etc/apache2/apache.pem
Enabling SSL Support
a2enmod ssl
Module ssl installed; run /etc/init.d/apache2 force-reload to enable.
Configuring SSL support
Edit /etc/apache2/ports.conf
Listen 443

Edit /etc/apache2/sites-available/default.conf
NameVirtualHost *:443
ServerAdmin webmaster@owera.com
ServerName webmail.owera.com
SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem
DocumentRoot /var/squirrelmail/www/

.
.
Restart apache2
/etc/init.d/apache2 restart

Squirrelmail configuration
After downloading, create directory and unpack
mkdir /var/squirrelmail
cd /var/squirrelmail
mkdir data attachment www
chown -R www-data.www-data /ver/squirrelmail/
chgrp www-data data attachment
chmod 0730 data attachment
tar --bzip2 -xvf /usr/local/src/downloads/squirrelmail-1.4.5.tar.bz2
mv squirrelmail-1.4.5 www
cd www/config
cp -p config_default.php config.php

Edit config.php
Change this to your organization's name.
$org_name = 'YOUR_ORGANIZATION';
Change this to the title you would like shown on the SquirrelMail web page.
$org_title = 'YOUR_TITLE $version';
Change this to the mail domain that is being served by SquirrelMail.
$domain = 'YOUR_MAIL_DOMAIN.com';
Define your SMTP server. This is the name of the server running the Postfix MTA for your mail domain. If Postfix is running on the same server as SquirrelMail then this would be 'localhost'. If it is another server then enter 'SERVERNAME.com'.
$smtpServerAddress = 'localhost';
Define your IMAP server. We always have SquirrelMail running on the same server as IMAP so this will always be 'localhost'.
$imapServerAddress = 'localhost';
Define the IMAP server type. The IMAP package in EnGarde Secure Community 3.0 is 'Washington University' so use 'wu' here.
$imap_server_type = 'wu';
.
.
DOCUMENTATION:

http://www.squirrelmail.org/docs/admin/admin-3.html#ss3.1
http://www.flatmtn.com/computer/Linux-Squirrelmail.html
http://www.engardelinux.org/doc/howtos/install-squirrelmail/install-squirrelmail/config-edit.shtml
http://www.flatmtn.com/computer/Linux-EmailServer.html