ISP-Server Setup - Ubuntu 5.10 "Breezy Badger" - Page 3

Want to support HowtoForge? Become a subscriber!
 
Submitted by till (Contact Author) (Forums) on Tue, 2005-10-18 11:47. ::

2 Installing And Configuring The Rest Of The System

Enable root user

Now I can login with the username and password i entered above. First I enable the root user for ease of installation. You can disable it later if you want.

sudo passwd root
su

Now we are logged in as root user.

Configure The Network

Because the Ubuntu installer has configured our system to get its network settings via DHCP, we have to change that now because a server should have a static IP address. Edit /etc/network/interfaces and adjust it to your needs (in this example setup I will use the IP address 192.168.0.100):

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# This is a list of hotpluggable network interfaces.
# They will be activated automatically by the hotplug subsystem.
mapping hotplug
script grep
map eth0

# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.0.100
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1

If you want to add the IP address 192.168.0.101 to the interface eth0 you should change the file to look like this:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# This is a list of hotpluggable network interfaces.
# They will be activated automatically by the hotplug subsystem.
mapping hotplug
script grep
map eth0

# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.0.100
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1

auto eth0:0
iface eth0:0 inet static
address 192.168.0.101
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1

Then restart your network:

/etc/init.d/networking restart

Edit /etc/hosts and add your new IP addresses:

127.0.0.1       localhost.localdomain   localhost       server1
192.168.0.100 server1.example.com server1
192.168.0.101 virtual-ip1.example.com virtual-ip1


# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts


Setting The Hostname

echo server1.example.com > /etc/hostname
/bin/hostname -F /etc/hostname


Edit /etc/apt/sources.list And Update Your Linux Installation

Edit /etc/apt/sources.list. It should look like this:

# deb cdrom:[Ubuntu 5.10 _Breezy Badger_ - Release i386 (20051012)]/ breezy main restricted


deb http://de.archive.ubuntu.com/ubuntu breezy main restricted
deb-src http://de.archive.ubuntu.com/ubuntu breezy main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb http://de.archive.ubuntu.com/ubuntu breezy-updates main restricted
deb-src http://de.archive.ubuntu.com/ubuntu breezy-updates main restricted

## Uncomment the following two lines to add software from the 'universe'
## repository.
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## universe WILL NOT receive any review or updates from the Ubuntu security
## team.
deb http://de.archive.ubuntu.com/ubuntu breezy universe
deb-src http://de.archive.ubuntu.com/ubuntu breezy universe

## Uncomment the following two lines to add software from the 'backports'
## repository.
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
# deb http://de.archive.ubuntu.com/ubuntu breezy-backports main restricted universe multiverse
# deb-src http://de.archive.ubuntu.com/ubuntu breezy-backports main restricted universe multiverse

deb http://security.ubuntu.com/ubuntu breezy-security main restricted
deb-src http://security.ubuntu.com/ubuntu breezy-security main restricted

deb http://security.ubuntu.com/ubuntu breezy-security universe
deb-src http://security.ubuntu.com/ubuntu breezy-security universe

apt-get update
apt-get upgrade


Install SSH Daemon

apt-get install ssh openssh-server


Install/Remove Some Software

Now let's install some software we need later on and remove some packages that we do not need:

apt-get install binutils cpp cpp-4.0 fetchmail flex gcc gcc-4.0 libarchive-zip-perl libc6-dev libcompress-zlib-perl libdb4.3-dev libpcre3 libpopt-dev linux-kernel-headers lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev cpp g++ (in 1 Line!!)


Quota

apt-get install quota

Edit /etc/fstab to look like this (I added ,usrquota,grpquota to the partitions with the mount point / and /var):

# /etc/fstab: static file system information.
#
# proc /proc proc defaults 0 0 /dev/sda3 / ext3 defaults,errors=remount-ro,usrquota,grpquota 0 1 /dev/sda1 /boot ext3 defaults 0 2 /dev/sda4 /var ext3 defaults,usrquota,grpquota 0 2 /dev/sda2 none swap sw 0 0 /dev/hdc /media/cdrom0 udf,iso9660 ro,user,noauto 0 0 /dev/fd0 /media/floppy0 auto rw,user,noauto 0 0

Then run:

touch /quota.user /quota.group
chmod 600 /quota.*
mount -o remount /
touch /var/quota.user /var/quota.group
chmod 600 /var/quota.*
mount -o remount /var
quotacheck -avugm
quotaon -avug


DNS-Server

apt-get install bind9

For security reasons we want to run BIND chrooted so we have to do the following steps:

/etc/init.d/bind9 stop

Edit the file /etc/default/bind9 so that the daemon will run as the unprivileged user 'bind', chrooted to /var/lib/named. Modify the line: OPTS="-u bind" so that it reads OPTIONS="-u bind -t /var/lib/named":

OPTIONS="-u bind -t /var/lib/named"

Create the necessary directories under /var/lib:

mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run

Then move the config directory from /etc to /var/lib/named/etc:

mv /etc/bind /var/lib/named/etc

Create a symlink to the new config directory from the old location (to avoid problems when bind is upgraded in the future):

ln -s /var/lib/named/etc/bind /etc/bind

Make null and random devices, and fix permissions of the directories:

mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind

We need to modify the startup script /etc/init.d/sysklogd of sysklogd so that we can still get important messages logged to the system logs. Modify the line: SYSLOGD="-u syslog" so that it reads: SYSLOGD="-u syslog -a /var/lib/named/dev/log":

#! /bin/sh
# /etc/init.d/sysklogd: start the system log daemon.

PATH=/bin:/usr/bin:/sbin:/usr/sbin

pidfile=/var/run/syslogd.pid
binpath=/sbin/syslogd

test -x $binpath || exit 0
. /lib/lsb/init-functions

# Options for start/restart the daemons
# For remote UDP logging use SYSLOGD="-r"
#
SYSLOGD="-u syslog -a /var/lib/named/dev/log"

create_xconsole()
{
if [ ! -e /dev/xconsole ]; then
mknod -m 640 /dev/xconsole p
else
chmod 0640 /dev/xconsole
fi
chown root:adm /dev/xconsole
}

running()
{
# No pidfile, probably no daemon present
#
if [ ! -f $pidfile ]
then
return 1
fi

pid=`cat $pidfile`

# No pid, probably no daemon present
#
if [ -z "$pid" ]
then
return 1
fi

if [ ! -d /proc/$pid ]
then
return 1
fi

cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1`

# No syslogd?
#
if [ "$cmd" != "$binpath" ]
then
return 1
fi

return 0
}

case "$1" in
start)
log_begin_msg "Starting system log daemon..."
create_xconsole
start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD
log_end_msg $?
;;
stop)
log_begin_msg "Stopping system log daemon..."
start-stop-daemon --stop --quiet --oknodo --exec $binpath --pidfile $pidfile
log_end_msg $?
;;
restart|force-reload|reload-or-restart|reload)
log_begin_msg "Restarting system log daemon..."
start-stop-daemon --stop --quiet --exec $binpath --pidfile $pidfile
sleep 1
start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD
log_end_msg $?
;;
*)
log_success_msg "Usage: /etc/init.d/sysklogd {start|stop|reload|restart|force-reload|reload-or-restart}"
exit 1
esac

exit 0

Restart the logging daemon:

/etc/init.d/sysklogd restart

Start up BIND, and check /var/log/syslog for any errors:

/etc/init.d/bind9 start


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by CJC (not registered) on Wed, 2009-06-24 15:23.

christopher@ns5:~$ sudo aptitude install binutils cpp cpp-4.0 fetchmail flex gcc gcc-4.0 libarchive-zip-perl libc6-dev libcompress-zlib-perl libdb4.3-dev libpcre3 libpopt-dev linux-kernel-headers lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev cpp g++ Reading package lists... Done Building dependency tree Reading state information... Done Reading extended state information Initializing package states... Done Couldn't find any package whose name or description matched "cpp-4.0" Couldn't find any package whose name or description matched "gcc-4.0" Couldn't find any package whose name or description matched "cpp-4.0" Couldn't find any package whose name or description matched "gcc-4.0" The following NEW packages will be installed: autoconf automake1.9 autotools-dev bison fetchmail flex libarchive-zip-perl libdb4.3{a} libdb4.3-dev libltdl7-dev{a} libpopt-dev libtool lynx m4 unzip zlib1g-dev 0 packages upgraded, 16 newly installed, 0 to remove and 0 not upgraded. Need to get 5324kB of archives. After unpacking 19.1MB will be used. Do you want to continue? [Y/n/?] y

 

I am installing on the latest Ubuntu Server and it gives methis error:

 

Couldn't find any package whose name or description matched "cpp-4.0"
Couldn't find any package whose name or description matched "gcc-4.0"
Couldn't find any package whose name or description matched "cpp-4.0"
Couldn't find any package whose name or description matched "gcc-4.0"
 

Submitted by Anonymous (not registered) on Sun, 2006-04-23 06:30.

I had to add a dns server path to /etc/network/interfaces
in order for apt-get to work.

dns-nameservers 192.168.1.201 68.94.156.1

Other than that it all went real smooth.

Submitted by Anonymous (not registered) on Wed, 2006-07-05 23:57.

Another solution to this problem would be to re-enable DHCP.

Just remove all static-ip info and add:

iface eth0 inet dhcp

auto eth0

Submitted by Anonymous (not registered) on Sat, 2006-01-14 13:39.
Why do you install ssh *and* openssh? The openssh client is already included standard Ubuntu server installation so the that's missing is the server. AFAIK the ssh packet brings an additional server and client—both should be superfluous …!?
Submitted by Anonymous (not registered) on Thu, 2006-05-04 16:10.
The reason both get installed is that ssh is the client and Openssh is the server. The server is _not_ installed by default on Ubuntu.
Submitted by Anonymous (not registered) on Thu, 2005-12-29 22:25.
Instead of doing sudo password root and then su'ing, wouldn't it be better to do sudo -s to get a root shell?
Submitted by admin (registered user) on Sat, 2005-12-31 13:17.

If you dont set a password for the root user, you cant connect with e.g. SCP programs like winSCP with root permissions while you configure your server.


For a server its a better solution to enable the root user and then disallow root logins with SSH if you dont need direct access for scp.

Submitted by Anonymous (not registered) on Mon, 2006-03-27 06:40.
Setting a root password shouldn't be recommended! Most people tend to choose either insecure passwords, which could be gueesed or write their passwords down on a sticky note on their monitor or under the keyboard. It is better to tell people to create a passphrase protected .ssh DSA key using the command ``ssh-keygen -t dsa -b 2048'' and than ditribute this from their workstation to all root-Accounts of all servers they want to admin. The buzzword is "single-sign-on" ;-)
Submitted by Anonymous (not registered) on Fri, 2006-06-09 23:48.
Ok great idea but what's next? Being a newbie, how would they know what to do? Or how can we assume that they know how to distribute it around to all root-Accounts? Anymore details would be appreciated other than 4 lines which tell us how to create a SSH public/private key...
Submitted by Anonymous (not registered) on Tue, 2005-12-27 00:40.

Thanks a lot for a great howto

I'm experimenting with the setup, to get it down to a tee. Because of this I start clean everytime. Maybe you want to add a comment for people like me to the extend of:

If your network has a proxy you might consider adding the following file /etc/apt/apt.conf with a proxy setting in :

ACQUIRE {
http::proxy "http://172.16.1.71:8080/"
}

Submitted by Anonymous (not registered) on Fri, 2005-12-09 23:07.

when running quotacheck -avugm I have the following warnings

Quotafile //quota.user was probably truncated. Can't save quota settings...
Quotafile //quota.group was probably truncated. Can't save quota settings...

Have I anything to do or can I just disregard those warnings, pls?

James

Submitted by admin (registered user) on Sat, 2005-12-10 13:59.
Submitted by Anonymous (not registered) on Fri, 2006-03-24 23:36.
That link says don't worry, quotacheck always says that when it's first run. But worry if quotaon gives you errors :)
Submitted by Anonymous (not registered) on Thu, 2005-11-17 11:04.

When I run:

/etc/init.d/bind9 start

then I go check my log files i'm gettign this error message:

couldn't open pid file '/var/run/bind/run/named.pid': Permission denied

I did everything u did in this tut... any suggestions as to what i may do doing wrong?

BTW when i run : named -c /etc/bind/named.conf

I don't get any error message... It must be something small i'm missing

Submitted by Anonymous (not registered) on Thu, 2005-12-01 22:42.

the init script needs to be changed.

http://en.tldp.org/HOWTO/Chroot-BIND-HOWTO-4.html#ss4.2

Submitted by Anonymous (not registered) on Fri, 2005-12-02 18:40.

sry just making sure that /var/lib/named/var/run/bind/run exists and is own by bind solves the pb.

mkdir -p /var/lib/named/var/run/bind/run

chown -R bind.bind /var/lib/named/var/run/bind

Submitted by Anonymous (not registered) on Sat, 2005-11-05 01:44.

After this step

touch /quota.user /quota.group

in the (ISP-Server Setup - Ubunti 5.10) I get the following errors

touch: cannot touch '/quota.user': Permission denied

touch: cannot touch '/quota.group': Permission denied

Submitted by admin (registered user) on Sat, 2005-11-05 13:27.
You have to be logged in as root to run the command.
Submitted by Anonymous (not registered) on Mon, 2005-10-31 05:01.

When I run apt-get install quota the install goes fine.

I have a problem, the file /etc/fstab, does not exist in /etc/ after installing quota. Is there something else that has to be run that will create the file?

I searched the etc directory, but it is nowhere to be found.

Edit /etc/fstab to look like this (I added ,usrquota,grpquota to the partitions with the mount point / and /var):

Anyone else have this problem?

Submitted by admin (registered user) on Mon, 2005-10-31 08:43.
Which editor are you using in order to edit /etc/fstab? Try to use a command line editor like vi as root

instead of an editor from your Linux desktop.

If you have further problems, please post them in the forum.

Submitted by Anonymous (not registered) on Sat, 2009-02-14 02:53.

i have problem i have no premision denied

pls help thanks