Linux beginner's Workshop

  • 17,304 views
Uploaded on

This is a slideshow used in an introductory Linux workshop. The workshop typically goes for one day, depending how many exercises we run in the lab.

This is a slideshow used in an introductory Linux workshop. The workshop typically goes for one day, depending how many exercises we run in the lab.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • how can download it..
    pls send it to shree0linux@gmail.com. i need to improve my knowledge. Please help me on this this is awesome presentation.
    Are you sure you want to
    Your message goes here
  • how can download it.......
    pls send it to k23raj@gmail.com
    Are you sure you want to
    Your message goes here
  • @ futureshocked: can you please share your slide and send to boluele@gmail.com.

    Thanks,
    Fernando
    Are you sure you want to
    Your message goes here
  • Please let me know if the download will be made available soon
    Are you sure you want to
    Your message goes here
  • Since last 3 years author is saying final version of will be produce. But still it is not available for download this is useless till it is not downloadable, because it is not possible to read and follow it online as it is 168 slides.
    Are you sure you want to
    Your message goes here
No Downloads

Views

Total Views
17,304
On Slideshare
0
From Embeds
0
Number of Embeds
9

Actions

Shares
Downloads
0
Comments
14
Likes
94

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. A Linux 1-day workshop Presented by Peter Dalmaris
  • 2. About this workshop • No prior knowledge of Linux necessary • Lots of Linux flavours, we concentrate on Ubuntu • Server, not desktop edition • 9am to 5pm with a couple of breaks
  • 3. About this workshop
  • 4. About this workshop ๏ Start with some history and architecture ๏ Virtual Machines, installation ๏ Remote access ๏ User management ๏ File system ๏ Networking (including Samba) ๏ Backing up ๏ Server software
  • 5. About this workshop ๏ Start with some history and architecture ๏ Software management: installing, removing, updating ๏ Virtual Machines, installation ๏ Scheduling jobs through cron ๏ Remote access ๏ Vim ๏ User management ๏ Webmin ๏ File system ๏ Rsync ๏ Networking (including Samba) ๏ Backing up ๏ ...and anything else we can fit in ๏ Server software
  • 6. About me • Working with Linux for over 10 years • Administrator for two public web applications running on Ubuntu Linux 8.10 and 9.04 (www.trackscentral.com, www.gitcentral.com) • Delivering IT services through my company, Futureshock Research (BPM, Ruby on Rails, .NET, Linux,VoiP etc.) • Teaching at CSU since 2002. • Undergraduate degree in Electrical and Computer Engineering, Masters in Information Systems, Masters in Knowlegde Management, PhD in Business Process Management and Knowledge Management. • Contact me at peter.dalmaris@gmail.com
  • 7. History - UNIX and GNU • UNIX dominated the OS space since 1960. It was efficient, effective, but expensive. • An effort to produce an open-source UNIX-like OS begun by Richard Stallman in 1994, this was the GNU project beginnings. • A lot of software was written as part of the GNU project by the Free Software Foundation: compilers, text editors, a shell...
  • 8. History - GNU is not an OS • ...but there were no complete kernel, device drivers, daemons etc. • Without these subsystems, GNU could not be completed as intended.
  • 9. History - Linux fills the gap • In 1991 Linus Trovalds developed a replacement of MINIX teaching OS developed by Andrew S. Tanenbaum and released by Prentice-Hall. • This replacement became the Linux kernel.Version 0.12 of Linux was release in 1992. • At first, it operated in the Minix user space. • Linux kernel became the missing GNU kernel.
  • 10. The cost of developing Linux Fedora 9
  • 11. The cost of developing Linux Fedora 9 Linux kernel
  • 12. NCAR's newest supercomputer: On 12 July 2004, SCD took delivery of lightning, a new Linux cluster manufactured by IBM. The 1.1- teraflop system is now installed in the NCAR Computer Room Motorola RAZR², an advanced embedded system using embedded Linux The Nokia N810 features the Maemo Linux distribution,[2] based on Maemo 4.0, which features MicroB (a Mozilla-based mobile browser), a GPS navigation application, new media player, and a refreshed interface. The WRT54G is notable for Ubuntu Linux on being the first consumer- Macbook Pro level network device that had its firmware source code released to satisfy the obligations of the GNU GPL.
  • 13. Ubuntu Linux • A good choice for both server and desktop distribution. • Free and well updated - new release every six months. • Security updates for 18 months - after that just upgrade to the latest version. • There are LTS versions with extended
  • 14. Ubuntu Linux server • Build on Debian, with reputation for robust server implementations. • Latest version is 9.04, based on kernel 2.6.28-11.37. • Out of the box support for cloud computing (Eucalyptus). • Mail server stack: SMTP, POP3, IMAP with
  • 15. Ubuntu Linux server • Kernel-based virtual machine (KVM). • Microsoft Exchange support. • Simplified firewall. • etc. etc.
  • 16. Desktop vs server
  • 17. Getting started: installation on virtual • It makes sense to install servers machines: • Better use of existing hardware • Ease of maintenance and disaster You can assign a Linux virtual machine to a single service, like a web server, email server etc. Keep things simple. Maintain a single Linux host and multiple guests.
  • 18. Virtualisation
  • 19. Option 1: Ubuntu server on VMware on any host • Download the server image from http:// www.ubuntu.com/getubuntu/download- server • Start Vmware • Create a new virtual machine using the image you just downloaded • (Link to video tute, or show in lab)
  • 20. Vodcast: Installing Ubuntu 9.04 on VMWare Fusion http://blog.futureshock-ed.com/2009/08/installing- ubuntu-904-on-vmware-fusion.html
  • 21. Option 2: Linux guests to an Ubuntu host running KVM • KVM is the default virtualisation technology that ships with current versions of Ubuntu • Requires hardware with virtualisation extensions
  • 22. One host, many guests Ubuntu guest Windows guest Ubuntu host
  • 23. Install a guest #1 Can your hardware support KVM? Inspect the cpuinfo virtual file: No output means no KVM support. Try checking virtualization settings in the BIOS. If there is support, install the required packages: Use the apt-get package manager: • libvirt-bin provides libvirtd which you need to administer qemu and kvm instances using libvirt • kvm is the backend • ubuntu-vm-builder powerful command line tool for building virtual machines • bridge-utils provides a bridge from your network to the virtual machines
  • 24. Install guest #2 Add your user name to the libvirtd group More about user management later. This will give you access to the system-wide libvirtd instance. Log out and in to make this effective. Test the installation is valid: virsh is the main interface for managing guest domains
  • 25. Install KVM #3 Run the KVM command as root to reveal problems, such as lack of hardware kvm command can be used to start guest machines directly.
  • 26. Setup the virtual network #1 To enable network services to the VM and VM access to the outside world, we must configure bridge networking; The VM will access the network through the host’s 1. Install the bridge utility 2. Stop networking services
  • 27. Setup the virtual network #2 3. Edit /etc/network/ interfaces and add the br0 section: Content of /etc/ network/ You may use DHCP instead of fixed values.
  • 28. Setup the virtual network #3 4. Restart networking services:
  • 29. Remote administration
  • 30. Remote administration with SSH #1 • Ubuntu comes with an open source implementation of the SSH standard, called OpenSSH. • OpenSSH makes it possible to securely control a remote computer, and to transfer files. • To make this possible, we must install the sshd component on the server.
  • 31. Remote administration with SSH #2 Install the sshd component: Install the client component: Some OS’s, like Mac OS X, come with an SSH client build-in. In Windows, use Putty.
  • 32. Remote administration with SSH #3 Connect: Local machine Remote machine
  • 33. Remote administration with SSH #4 You can authenticate the client using its public key; then, you will not need to provide a password every Create the client’s public key if one doesn’t exist already: ssh-keygen is a key pair generator This creates your key pair and stores it in ~/.ssh/.
  • 34. Remote administration with SSH #5 Take the contents of the file in ~/.ssh/id_dsa.pub on the client, and paste it in the file ~/.ssh/ authorized_keys on the server. If the target file does
  • 35. Remote administration with SSH #6 Connect just like before, there should be no request for your password: Local machine Remote machine
  • 36. Upgrading
  • 37. Upgrading To upgrade to the latest version of Ubuntu server, use the so-release-upgrade utility. First, update apt-get to acquire the latest package information: Then, install the upgrade utility: Finally, do the upgrade:
  • 38. Updating installed packaged Use the apt-get tool: To automate package updates, use unattended- upgrades: Install the package: ... and configure it:
  • 39. User management
  • 40. User management ๏ A critical aspect of server management. ๏In Ubuntu, the root user is disabled for safety. ๏Management tasks requiring root access can be completed by using the sudo command by a user who is in the “admin” group. ๏The user created during the installation process is added automatically to the admin group.
  • 41. Adding and deleting users To add a user: To delete a user (will retain the home directory): To disable a user: To enable a user:
  • 42. Creating and deleting groups To create a group: To delete a group: To add a user to a group:
  • 43. User profiles By default, all new home directories are accessible by everyone.You can enforce non-default access rights to new home directories by editing /etc/ adduser.conf: The contents of this directory are modeled after the contents of /etc/skel.
  • 44. Password policy You can enforce strong user passwords by editing the password policy file /etc/pam.d/common-password. For example, to enforce a password with minimum 6 characters, edit the password line to look like this:
  • 45. Password expiration To see the password expiry value for a user, use the “chage” command: The chage tool is for changing password expiration date. To make changes:
  • 46. File system
  • 47. File system A filesystem is responsible for managing data stored on a non-volatile storage device like hard disks, USB drives, DVDs etc. Most linux distros, including Ubuntu, use ext3 (“third extended filesystem”). Ubuntu 9.04 introduces experimental support for ext4.
  • 48. Ext3 A journaling filesystem: logs changes in a journal to increase reliability in case of power failure or system crash.
  • 49. Ext3 Not as fast as others, like JFS, ReiserFS and XFS, but wins in CPU utilization, reliability, and testing base.
  • 50. Ext3 file limits ^ 8 KiB block size is only available on architectures which allow 8 KiB pages, such as Alpha.
  • 51. Ext3 levels of journaling ❖Journal ❖Lowest risk, slowest ❖Metadata and files are written to the journal before being committed. ❖Ordered (default) ❖Medium risk, medium speed ❖Metadata are written to the journal only - ext3 guarantees file contents are written to disk before marked as committed in the journal. Beware of “intermediate state” problem! ❖Writeback ❖Highest risk, fastest ❖Metadata written in journal, no guarantee for file contents.
  • 52. Ext4 ❖Adds 64-bit storage limits. ❖Volumes up to 1 exabyte. Files up to 16 terabytes. ❖Improved large file performence and reduced fragmentation. ❖Backwards compatible with ext2 and 3. ❖Journal cheksumming (not present in ext3). ❖Online defragmentation. ❖Timestamps in nanoseconds.
  • 53. Files and directories Filesystems store data in files and directories. Filesystems are stored in disk partitions. You can configure partitions any way you like, but something like this is advisable:
  • 54. fstab: static fs info fstab is a text file that contains filesystem information
  • 55. df: Partition utilization df stands for “disk free”
  • 56. Mount points The mount command attaches a filesystem to a mount point Remount /usr in read only: Mount all fs in /etc/fstab:
  • 57. File & directory commands Command Description ls Lists the contents of a directory cd Change directory mkdir Create directory rmdir Remove directory cp Copy file mv Move file rm Remove file pwd Print the present working directory file Print the presumed type of a file chmod Change the permission attributes of a file
  • 58. Repartitioning a live system Vodcast: Repartitioning a live system http://blog.futureshock-ed.com/2009/06/ repartitioning-live-ubuntu-linux-hard.html
  • 59. Networking
  • 60. Networking Most networking is configured by editing two files: ❖/etc/network/interfaces ❖Ethernet, TCP/IP, bridging ❖/etc/resolv.conf ❖DNS Other networking files: ❖/etc/hosts ❖/etc/dhcp3/dhcpd.conf
  • 61. /etc/network/interfaces Typical default contents: Directive Description Indicates the device should be setup at boot auto time. lo Loopback interface. iface “Interface”. Ethernet device 0, typically the primary eth0 network adaptor. Indicates network adaptor has an IPv4 inet address space. Network adaptor gets its configuration from dhcp a DHCP server.
  • 62. /etc/network/interfaces Good practice: fix your server’s IP address. Directive Description Indicates the adaptor uses fixed IP static configuration. address The IP address of the host. netmask Network subnet mask. gateway Gateway address. network The network portion of the IP address. nameserver The IP of a DNS. For static interfaces, you may also need to edit /etc/resolv.conf to specify DNS servers.
  • 63. /etc/hosts Ubuntu refers to this file to resolve host names before contacting a DNS. Good for frequently used hostnames, or internal network hosts.
  • 64. Network useful commands Command Description ping Test that an internet host is reachable. ifconfig Administer a TCP/IP network interface. sudo /etc/init.d/ stop, start, restart as arguments; controls networking network status. Examine and configure the host’s routing route table.
  • 65. Backup
  • 66. Backup “Failing to plan is planning to fail” It is a matter of time before you experience system failure on your server. When that happens, it is nice to have a backup.
  • 67. What is a backup? ... to keep multiple historical versions of your data going back far enough in time to enable recovery from a small or big disaster.
  • 68. Types of backup ❖Full - Backup the complete data set ❖Incremental - Backup only changes since last backup Periodic backup ❖Daily - Hold for the short term ❖Weekly - Hold for the medium term ❖Monthly - Hold for the long term
  • 69. Backup using a shell script #!/bin/sh #################################### # # Backup to NFS mount script. This script rotates # #################################### through 7 backups # What to backup. backup_files="/home /var/spool/mail /etc /root /boot /opt" # Where to backup to. - one for each day. dest="/mnt/backup" # Create archive filename. day=$(date +%A) hostname=$(hostname -s) archive_file="$hostname-$day.tgz" # Print start status message. echo "Backing up $backup_files to $dest/$archive_file" date echo A modification can # Backup the files using tar. tar czf $dest/$archive_file $backup_files allow for rotation # Print end status message. echo echo "Backup finished" of daily, weekly, and date # Long listing of files in $dest to check file sizes. monthly backups. ls -lh $dest
  • 70. Automating with cron Cron is used to schedule the execution of scripts. We will look at it in more detail later. To enter the cron job editor To run the backup script every # m h dom mon dow command day of every month of every 0 0 * * * bash /usr/local/bin/backup.sh year, at midnight
  • 71. Restoring Use tar to test the integrity of an archive, or to extract its contents. To list the contents of the archive To extract a file from the archive To extract the full contents of the archive
  • 72. ...or, specialised backup utilities Such as Bacula, still open-source.
  • 73. Server software
  • 74. Servers, servers, servers Most useful work on a server is done by some kind of server software: ❖Web (i.e. Apache) ❖Database (MySQL) ❖Application (LAMP - i.e Moin Moin) ❖FTP (i.e. vsftpd) ❖Network File System ❖Email (i.e. Postfix) ❖Etc.
  • 75. Web servers
  • 76. Web server Lot’s of choices for open source web servers. ❖Apache ❖LightTPD (YouTube, Meebo, Wikipedia) ❖Nginx ❖Roxen
  • 77. Apache: history and Apache has been around for ever (at least since the begining of the known time, when the web was invented): ❖powers 100 million websites (early 2009), over 46% of total ❖Most popular web server since 1996 ❖Lineage going back to NCSA HTTPd ❖Comprehensive set of features - you want it, it has it.
  • 78. Installing Apache Apache is installed in /etc/apache2.
  • 79. Installing Apache Apache is installed in /etc/apache2. File/Directory Description apache2.conf The main Apache2 configuration file. Contains settings that are global to Apache2. Contains configuration files which apply globally to Apache. Other packages that use Apache2 to serve content conf.d may add files, or symlinks, to this directory. envars File where Apache2 environment variables are set. Historically the main Apache2 configuration file, named after the httpd daemon.The file httpd.conf can be used for user specific configuration options that globally effect Apache2. mods-available This directory contains configuration files to both load modules and configure them. mods-enabled Holds symlinks to the files in /etc/apache2/mods-available. ports.conf Houses the directives that determine which TCP ports Apache2 is listening on. This directory has configuration files for Apache Virtual Hosts.Virtual Hosts allow sites-available Apache2 to be configured for multiple sites that have separate configurations. Like mods-enabled, sites-enabled contains symlinks to the /etc/apache2/sites-available directory. Similarly when a sites-enabled configuration file in sites-available is symlinked it will beactive once Apache is restarted.
  • 80. Works immediately
  • 81. /etc/apache2/sites- available/site_name
  • 82. /etc/apache2/sites- available/site_name <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined </VirtualHost>
  • 83. /etc/apache2/sites- available/site_name <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www Port number of site <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined </VirtualHost>
  • 84. /etc/apache2/sites- available/site_name <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www Port number of site <Directory /> Options FollowSymLinks AllowOverride None </Directory> Email of webmaster <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined </VirtualHost>
  • 85. /etc/apache2/sites- available/site_name <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www Port number of site <Directory /> Options FollowSymLinks AllowOverride None </Directory> Email of webmaster <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Root directory of site files Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined </VirtualHost>
  • 86. /etc/apache2/sites- available/site_name <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www Port number of site <Directory /> Options FollowSymLinks AllowOverride None </Directory> Email of webmaster <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Root directory of site files Order allow,deny allow from all </Directory> Static files block ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined </VirtualHost>
  • 87. /etc/apache2/sites- available/site_name <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www Port number of site <Directory /> Options FollowSymLinks AllowOverride None </Directory> Email of webmaster <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Root directory of site files Order allow,deny allow from all </Directory> Static files block ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Static files block Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined </VirtualHost>
  • 88. /etc/apache2/sites- available/site_name <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www Port number of site <Directory /> Options FollowSymLinks AllowOverride None </Directory> Email of webmaster <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Root directory of site files Order allow,deny allow from all </Directory> Static files block ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Static files block Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log Error log file # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined </VirtualHost>
  • 89. /etc/apache2/sites- available/site_name <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www Port number of site <Directory /> Options FollowSymLinks AllowOverride None </Directory> Email of webmaster <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Root directory of site files Order allow,deny allow from all </Directory> Static files block ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Static files block Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log Error log file # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn Access log file CustomLog /var/log/apache2/access.log combined </VirtualHost>
  • 90. Multiple sites Apache supports multiple sites on the same machine. Assign sites by port number, sub-domain, directory name, or any combination of the above. After any configuration changes, restart Apache
  • 91. Modules There are many modules that provide additional functionality. These modules can be installed and loaded dynamically. Installs the MySQL authentication module Enables the new module and restarts apache
  • 92. Apache: depth and breadth
  • 93. Databases
  • 94. Database server: mySQL “The world’s most popular open-source database”* *http://www.mysql.com/ Yahoo, Google, Alcatel, Nokia, Youtube 25% market share (EDC research)
  • 95. MySQL features ❖Cross-platform compatible ❖Libraries for all major ❖Selection of storage engines programming languages (innoDB, Berkeley, etc.) ❖Many administration ❖Replication choices, command line, web- ❖ACID compliance with based, GUIs innoDB, DBD, Cluster engines. ❖Stored procedures ❖Full-text indexing ❖Triggers ❖Open-source! ❖Cursors
  • 96. Mysql installation Installs the MySQL authentication module After installation, check mysql deamon is running To restart: To configure:
  • 97. Create a new database and user Log on as root (asks for mysql -u root -p password): Create a new database: create database myDB; grant all privileges on myDB.* to Create a new user for the new ‘newuser’@‘localhost’identified by database: ‘newpassword’with grant option; To verify this worked, exit and exit; logon as the new user (no error mysql -u newuser -p #asks for password messages mean all good): use myDB;
  • 98. LAMP
  • 99. LAMP Linux A popular configuration for Apache Linux servers. MySQL Php LAMP applications are packaged in a way that makes it easy to install and manage.
  • 100. LAMP example: Moin Moin Moin Moin is a Python-based wiki engine. Install Moin Moin (expects Apache 2 already installed): cd /usr/share/moin Prepare the Moin Moin sudo mkdir mywiki directory: sudo cp -R data mywiki sudo cp -R underlay mywiki sudo cp server/moin.cgi mywiki sudo chown -R www-data.www-data mywiki sudo chmod -R ug+rwX mywiki sudo chmod -R o-rwx mywiki
  • 101. Configure Moin Moin Edit /etc/moin/mywiki.py data_dir = '/usr/share/moin/mywiki/data' data_underlay_dir='/usr/share/moin/mywiki/ In the next line, insert: underlay' ### moin ScriptAlias /mywiki "/usr/share/moin/mywiki/moin.cgi" Configure Apache; add the alias /moin_static181 "/usr/share/moin/htdocs" following lines in /etc/apache2/ <Directory /usr/share/moin/htdocs> sites-available/default file inside the Order allow,deny allow from all “<VirtualHost *>” tag: </Directory> ### end moin Restart: sudo /etc/init.d/mysql restart
  • 102. Test it... Browse to http://localhost/mywiki
  • 103. FTP
  • 104. FTP A simple way to transfer files between computers. Many open source FTP servers available on Linux: ❖ vsftp ❖ Filezilla ❖ Pure-ftpd ❖ NASLite ❖ wu-ftpd ❖ etc.
  • 105. Install vsftp “Probably the most secure and fastest FTP server for UNIX-like systems.” http://vsftpd.beasts.org/ Install it:
  • 106. Install vsftp “Probably the most secure and fastest FTP server for UNIX-like systems.” http://vsftpd.beasts.org/ Install it: Put your files here to make them available to FTP clients
  • 107. Connect to the FTP server
  • 108. Connect to the FTP server Anonymous connection
  • 109. Connect to the FTP server Anonymous connection Download to local machine
  • 110. Connect to the FTP server Anonymous connection Download to local machine Download completed
  • 111. Secure FTP Edit /etc/vsftpd.conf: Now vsftpd will ask for the user’s password and will start at their home directories.
  • 112. NFS Allows for server files and directories to be available to remote clients as if they were local. Install it:
  • 113. NFS Allows for server files and directories to be available to remote clients as if they were local. Install it: Set directories to be exported here:
  • 114. Export a directory
  • 115. Export a directory Export the /home directory to client with IP 192.168.178.20: Connect to the NSF export: Use as if it is local
  • 116. Email
  • 117. Email services: Postfix The default Mail Transfer Agent (MTA) for Ubuntu Rich set of features: ❖Protocols: ❖Address masquarading ❖SMTP ❖Junk mail control ❖Databases: ❖Selective address rewritting ❖DKIM ❖VERP envelope return ❖DSN status ❖Berkley ❖CDB address ❖ETRN ❖IPv6 ❖LDAP ❖SASL authentication ❖MySQL ❖TLS encryption/authoentication ❖PostgreSQL ❖QMQP ❖Mailbox and Maildir formats ❖Virtual domains
  • 118. Postfix installation Install it: The configuration screens will come up as part of the installation. To reconfigure at a later time: Or, you can edit the Postfix configuration file /etc/ postfix/main.cf. After editing, restart: Install it:
  • 119. Postfix configuration Check sources such as Sample values: these for details on ❖Internet Site configuration: ❖mail.example.com ❖http://flurdy.com/docs/postfix/ ❖peter ❖http://ubuntuforums.org/ showthread.php?t=780509 ❖mail.example.com, ❖http://en.wikipedia.org/wiki/ localhost.localdomain, localhost Email#Workings ❖No ❖127.0.0.0/8 [::ffff:127.0.0.0]/104 [:: 1]/128 192.168.0/24 ❖0 ❖+ ❖all
  • 120. SMTP authentication Allows a client to identify itself. Once authenticated, the SMTP server will allow the client to relay mail. Configuration for SMTP-AUTH is done with the Dovecot package: Install it: In production, you will need to configure the SSL certificate and key to be used with authentication and encryption.
  • 121. Test by sending yourself an email Install nail, a command line emailer:
  • 122. Firewall
  • 123. Firewall The Linux kernel includes the Netfilter subsystem: controls network traffic in/out your server. Linux firewalls utilise Netfilter. The administrator tells Netfilter how to treat data packets by configuring rules in iptables, a configuration file. In Ubuntu, we use ufw as a configuration tool for iptables.
  • 124. ufw “the friendly way to create a firewall” ufw: Ucomplicated firewall Install ufw: Enable ufw and restart the server to take effect: You will not be able to restore the SSH connection until you or configure ufw to allow SSH traffic:
  • 125. ufw, examples of rules Delete a rule: Allow access from a host to port 22 of any IP address on this host: Allow all HTTP traffic: Use --dry-run to show the rule corresponding to a directive:
  • 126. ufw, examples of rules Disable the firewall: See status: See detailed status: Application integration, predefined rules. Apply like this “sudo ufw allow Postfix” and “sudo ufw app info Postfix” to view rule details:
  • 127. Software management
  • 128. Package management Over 24,000 software packages for Ubuntu. It is a good idea to use a package manager to maintain those installed on your server.: ❖Install ❖Remove ❖Resolve dependencies ❖Compile ❖Upgrade Ubuntu is supported by apt-get, aptitude. Most packages are supported by both, so your choice.
  • 129. apt A collection of tools, not a single tool. apt-get is the most important tool. Used for tasks like: ❖Update the index files from their source ❖Upgrade all installed packages ❖Install a package ❖Remove installed package ❖Source code fetching ❖Build dependencies ❖Checks for broken dependencies ❖Clean the local repository ❖Autoclean only files in the local repository that can no longer be downloaded and are considered useless.
  • 130. Using apt-get Already installed, ready to use. Install a package named “nmap”: Remove a package named “nmap”: Update the apt index (the repositories are listed in /etc/apt/ sources.list): Upgrade all packages installed: All actions are recorded in /var/log/dpkg.log
  • 131. Automatic updates The “unattended-upgrades” package can automatically install updated packages. Install it: Define the type of upgrades in / etc/apt/apt.conf.d/50unattended- upgrades All actions are recorded in /var/log/unattended- upgrades
  • 132. Windows connectivity
  • 133. Windows connectivity Works as: ❖File server ❖Printer server (including PDF) ❖Domain controller in Windows networks ❖Authentication ... for Windows clients
  • 134. Samba installation For Windows XP and later clients, there is nothing to install. For the Linux server: Install Samba:
  • 135. Samba configuration To define a share (in this example, the home folders), edit the /etc/samba/smb.cnf file: [homes] Make home directories shared, comment = Home Directories browseable = yes browsable, read-write: read only =no create mask = 0775 directory mask = 0775 valid users = %S Define the password for a share user: Reload Samba configuration:
  • 136. Access share from Windows
  • 137. Other Samba capabilities We just saw the most basic capability of Samba. Other things you can do: ❖Sharing CUPS printers ❖Various security issues ❖Active Directory integration, including Kerberos authentication ❖Database integration for user information ❖LDAP integration ❖Domain controller or client ❖WINS ❖Remote and local management
  • 138. Scheduling
  • 139. Scheduling with cron Cron is the standard job scheduler for Unix. Cron stands for “cronograph”. Every user can specify scripts or programs to run at specific time intervals in a text file called “crontab”.
  • 140. Example crontab file Access/edit crontab file: Schedule Redirect output Script to run
  • 141. Example crontab file Access/edit crontab file: Schedule Redirect output Script to run
  • 142. Example crontab file Access/edit crontab file: Schedule Redirect output Script to run
  • 143. cron job definition * * * * * command to execute
  • 144. cron job definition * * * * * command to execute
  • 145. cron job definition * * * * * command to execute
  • 146. cron job definition * * * * * command to execute
  • 147. cron job definition * * * * * command to execute
  • 148. cron job definition * * * * * command to execute
  • 149. cron shortcuts Entry Description Equivalent
  • 150. Web-based administration
  • 151. Webmin: web based server Open source interface for system administration based on modules: ❖User management ❖Apache ❖MySQL ❖OpenSSH ❖DNS ❖File sharing ❖etc.
  • 152. Webmin installation and configuration sudo apt-get install perl5 libnet-ssleay-perl sudo apt-get install wget Get required libraries, webmin wget http://prdownloads.sourceforge.net/ archive, and run the setup utility. webadmin/webmin-1.480.tar.gz You can safely accept all setup script defaults. tar xzvf webmin-1.480.tar.gz cd webmin-1.480 sudo ./setup.sh
  • 153. Access Webmin https://serverIP:10000 Webmin modules Statistics
  • 154. Access Webmin https://serverIP:10000 Webmin modules Statistics
  • 155. Access Webmin https://serverIP:10000 Webmin modules Statistics
  • 156. Access Webmin https://serverIP:10000 Webmin modules Statistics
  • 157. Vim
  • 158. Vim: universal Unix editor
  • 159. Vim and vi Vim is an improved version of vi, the stock-standard text editor for Unix and Linux systems. Install vim start vim Use commands expressed by keystrokes to control vim (see cheat sheet in next slide).
  • 160. Vim cheat sheet
  • 161. Go on and build your server. Notes and videos available at http:// blog.futureshock-ed.com. A discussion group available at http:// groups.google.com/group/linux-alumni Have fun and stay in touch!