The Perfect Server - Ubuntu Hardy Heron (Ubuntu 8.04 LTS Server) - Page 4

11 Install Some Software

Now we install a few packages that are needed later on. Run

apt-get install binutils cpp fetchmail flex gcc libarchive-zip-perl libc6-dev libcompress-zlib-perl libdb4.3-dev libpcre3 libpopt-dev lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev g++ build-essential

(This command must go into one line!)

 

12 Quota

(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota applies to the partitions where you need it.)

To install quota, run

apt-get install quota

Edit /etc/fstab. Mine looks like this (I added ,usrquota,grpquota to the partition with the mount point /):

vi /etc/fstab

# /etc/fstab: static file system information.
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
# /dev/sda1
UUID=6af53069-0d51-49be-b275-aeaea8d780c5 /               ext3    relatime,errors=remount-ro,usrquota,grpquota 0       1
# /dev/sda5
UUID=d8e1f66c-1442-423e-b442-8ae66eded9d7 none            swap    sw              0       0
/dev/scd0       /media/cdrom0   udf,iso9660 user,noauto,exec,utf8 0       0
/dev/fd0        /media/floppy0  auto    rw,user,noauto,exec,utf8 0       0

To enable quota, run these commands:

touch /quota.user /quota.group
chmod 600 /quota.*
mount -o remount /

quotacheck -avugm
quotaon -avug

 

13 DNS Server

Run

apt-get install bind9

For security reasons we want to run BIND chrooted so we have to do the following steps:

/etc/init.d/bind9 stop

Edit the file /etc/default/bind9 so that the daemon will run as the unprivileged user bind, chrooted to /var/lib/named. Modify the line: OPTIONS="-u bind" so that it reads OPTIONS="-u bind -t /var/lib/named":

vi /etc/default/bind9

OPTIONS="-u bind -t /var/lib/named"
# Set RESOLVCONF=no to not run resolvconf
RESOLVCONF=yes

Create the necessary directories under /var/lib:

mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run

Then move the config directory from /etc to /var/lib/named/etc:

mv /etc/bind /var/lib/named/etc

Create a symlink to the new config directory from the old location (to avoid problems when bind gets updated in the future):

ln -s /var/lib/named/etc/bind /etc/bind

Make null and random devices, and fix permissions of the directories:

mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind

We need to modify /etc/default/syslogd so that we can still get important messages logged to the system logs. Modify the line: SYSLOGD="" so that it reads: SYSLOGD="-a /var/lib/named/dev/log":

vi /etc/default/syslogd

#
# Top configuration file for syslogd
#

#
# Full documentation of possible arguments are found in the manpage
# syslogd(8).
#

#
# For remote UDP logging use SYSLOGD="-r"
#
SYSLOGD="-a /var/lib/named/dev/log"

Restart the logging daemon:

/etc/init.d/sysklogd restart

Start up BIND, and check /var/log/syslog for errors:

/etc/init.d/bind9 start

 

14 MySQL

In order to install MySQL, we run

apt-get install mysql-server mysql-client libmysqlclient15-dev

You will be asked to provide a password for the MySQL root user - this password is valid for the user root@localhost as well as [email protected], so we don't have to specify a MySQL root password manually later on (as was the case with previous Ubuntu versions):

New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword

We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address = 127.0.0.1:

vi /etc/mysql/my.cnf

[...]
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address           = 127.0.0.1
[...]

Then we restart MySQL:

/etc/init.d/mysql restart

Now check that networking is enabled. Run

netstat -tap | grep mysql

The output should look like this:

root@server1:~# netstat -tap | grep mysql
tcp        0      0 *:mysql                 *:*                     LISTEN      5869/mysqld
root@server1:~#

Share this page:

10 Comment(s)

Add comment

Comments

From: Slavi

I have also added these lines to /etc/my.cnf
Don't add the .... ;)

[client]
....
default-character-set=utf8


[mysqld]
....
default-character-set=utf8
collation-server=utf8_general_ci
character-set-server=utf8

From:

In case anyone else has an issue starting bind9, I had to purge apparmor using the following command before it would start successfully.

apt-get purge apparmor

From:

Hello,

 First of all let me say thank you very much to the author of this and other pages related to installing Ubuntu. It is a great deal of service to people like myself who want to get to know linux and who are interested in learning how to manage a server.

 I do have one question, however, as I am stumped. I followed the instructions (verbatim, I strongly believe), and when I come to the step of starting bind, I get an error.  Well, it says "failed". Which specific log would I look into to find out why bind would not start? Sorry, I'm not very familiar with linux, but looking into learning it and using it instead of windows eventually.

 I tried the one poster's recommendation and did the apt-get purge apparmor, and that didn't do anything as far as bind goes - it still fails when I try to start it. I clicked on the other link recommended by another poster, but my file doesn't look anything like the file they recommend changing, and because of that, I do not want to stray too far away from this tutorial since I started out with this in the first place.

 

Any recommendations as to what I can check, or if anyone else ran into this and found a solution other than those posted here?  Thanks in advance,

yeltneb 

From: Anonymous

It has been long, your question..did you find a solution to this already?

 Did you follow step 10?

From: dakkon

I followed the instructions above but I was never prompted for passwords.  What do I need to do to set the passwords?  Did I miss something?

From: dell

Try to fully remove apparmor, its work for me..

# apt-get remove apparmor apparmor-utils

From:

This is complete steps to get chrooted Bind working.

http://ubuntuforums.org/showthread.php?p=4636681

From: admin

... or simply disable AppArmor, as shown in step 10 of my tutorial.

From:

Hi there,

when I run netstat -tap | grep mysql the listen part is 12013 instead of 5869. Does it really matter?

Thank again for valuable tutorial.

From:

Hi,

 Thanx for this great tutorial. I used it and it's work well. I had a problem installing the roundcube pkg. If you want to use the roundcube pkg you need to install this:

apt-get install  libxml2-dev.

If you don't install this, you wont be able to read your mail.

Dumarjo