ISP-Server Setup - Ubuntu 5.0.4 "The Hoary Hedgehog" - Page 3
2 Installing And Configuring The Rest Of The System
Enable root user
Now I can login with the username and password I entered above. First I enable the root user for ease of installation. You can disable it later if you want.
sudo passwd root
su
Now we are logged in as root user.
Configure The Network
Because the Ubuntu installer has configured our system to get its network settings via DHCP, we have to change that now because a server should have a static IP address. Edit /etc/network/interfaces and adjust it to your needs (in this example setup I will use the IP address 192.168.0.100):
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5).
# The loopback network interface auto lo iface lo inet loopback
# This is a list of hotpluggable network interfaces. # They will be activated automatically by the hotplug subsystem. mapping hotplug script grep map eth0
# The primary network interface auto eth0 iface eth0 inet static address 192.168.0.100 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1
|
If you want to add the IP address 192.168.0.101 to the interface eth0 you should change the file to look like this:
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5).
# The loopback network interface auto lo iface lo inet loopback
# This is a list of hotpluggable network interfaces. # They will be activated automatically by the hotplug subsystem. mapping hotplug script grep map eth0
# The primary network interface auto eth0 iface eth0 inet static address 192.168.0.100 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1
auto eth0:0 iface eth0:0 inet static address 192.168.0.101 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1
|
Then restart your network:
/etc/init.d/networking restart
Edit /etc/hosts and add your new IP addresses:
127.0.0.1 localhost.localdomain localhost server1 192.168.0.100 server1.example.com server1 192.168.0.101 virtual-ip1.example.com virtual-ip1
# The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts
|
Setting The Hostname
echo server1.example.com > /etc/hostname
/bin/hostname -F /etc/hostname
Edit /etc/apt/sources.list And Update Your Linux Installation
Edit /etc/apt/sources.list. It should look like this:
#deb cdrom:[Ubuntu 5.04 _Hoary Hedgehog_ - Release i386 (20050407)]/ hoary main restricted
deb http://de.archive.ubuntu.com/ubuntu hoary main restricted deb-src http://de.archive.ubuntu.com/ubuntu hoary main restricted
## Major bug fix updates produced after the final release of the ## distribution. deb http://de.archive.ubuntu.com/ubuntu hoary-updates main restricted deb-src http://de.archive.ubuntu.com/ubuntu hoary-updates main restricted
## Uncomment the following two lines to add software from the 'universe' ## repository. ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team, and may not be under a free licence. Please satisfy yourself as to ## your rights to use the software. Also, please note that software in ## universe WILL NOT receive any review or updates from the Ubuntu security ## team. deb http://de.archive.ubuntu.com/ubuntu hoary universe deb-src http://de.archive.ubuntu.com/ubuntu hoary universe
deb http://security.ubuntu.com/ubuntu hoary-security main restricted deb-src http://security.ubuntu.com/ubuntu hoary-security main restricted
deb http://security.ubuntu.com/ubuntu hoary-security universe deb-src http://security.ubuntu.com/ubuntu hoary-security universe
|
apt-get update
apt-get upgrade
Install SSH Daemon
apt-get install ssh
Install/Remove Some Software
Now let's install some software we need later on and remove some packages that we do not need:
apt-get install fetchmail unzip zip libarchive-zip-perl zlib1g-dev libpopt-dev nmap openssl lynx gcc flex make ncftp libdb4.3-dev
update-inetd --remove daytime
update-inetd --remove telnet
update-inetd --remove time
update-inetd --remove finger
update-inetd --remove talk
update-inetd --remove ntalk
update-inetd --remove ftp
update-inetd --remove discard
/etc/init.d/inetd reload
Quota
apt-get install quota
Edit /etc/fstab to look like this (I added ,usrquota,grpquota to the partitions with the mount point / and /var):
# /etc/fstab: static file system information. # #
proc /proc proc defaults 0 0
/dev/sda3 / ext3 defaults,errors=remount-ro,usrquota,grpquota 0 1
/dev/sda1 /boot ext3 defaults 0 2
/dev/sda4 /var ext3 defaults,usrquota,grpquota 0 2
/dev/sda2 none swap sw 0 0
/dev/hdc /media/cdrom0 udf,iso9660 ro,user,noauto 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto 0 0
|
Then run:
touch /quota.user /quota.group
chmod 600 /quota.*
mount -o remount /
touch /var/quota.user /var/quota.group
chmod 600 /var/quota.*
mount -o remount /var
quotacheck -avugm
quotaon -avug
DNS-Server
apt-get install bind9
For security reasons we want to run BIND chrooted so we have to do the following steps:
/etc/init.d/bind9 stop
Edit the file /etc/default/bind9 so that the daemon will run as the unprivileged user 'bind', chrooted to /var/lib/named. Modify the line: OPTS="-u bind" so that it reads OPTIONS="-u bind -t /var/lib/named":
OPTIONS="-u bind -t /var/lib/named"
|
Create the necessary directories under /var/lib:
mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run
Then move the config directory from /etc to /var/lib/named/etc:
mv /etc/bind /var/lib/named/etc
Create a symlink to the new config directory from the old location (to avoid problems when bind is upgraded in the future):
ln -s /var/lib/named/etc/bind /etc/bind
Make null and random devices, and fix permissions of the directories:
mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind
We need to modify the startup script /etc/init.d/sysklogd of sysklogd so that we can still get important messages logged to the system logs. Modify the line: SYSLOGD="-u syslog" so that it reads: SYSLOGD="-u syslog -a /var/lib/named/dev/log":
#! /bin/sh # /etc/init.d/sysklogd: start the system log daemon.
PATH=/bin:/usr/bin:/sbin:/usr/sbin
pidfile=/var/run/syslogd.pid binpath=/sbin/syslogd
test -x $binpath || exit 0 . /lib/lsb/init-functions
# Options for start/restart the daemons # For remote UDP logging use SYSLOGD="-r" # SYSLOGD="-u syslog -a /var/lib/named/dev/log"
create_xconsole() { if [ ! -e /dev/xconsole ]; then mknod -m 640 /dev/xconsole p else chmod 0640 /dev/xconsole fi chown root:adm /dev/xconsole }
running() { # No pidfile, probably no daemon present # if [ ! -f $pidfile ] then return 1 fi
pid=`cat $pidfile`
# No pid, probably no daemon present # if [ -z "$pid" ] then return 1 fi
if [ ! -d /proc/$pid ] then return 1 fi
cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1`
# No syslogd? # if [ "$cmd" != "$binpath" ] then return 1 fi
return 0 }
case "$1" in start) log_begin_msg "Starting system log daemon..." create_xconsole start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD log_end_msg $? ;; stop) log_begin_msg "Stopping system log daemon..." start-stop-daemon --stop --quiet --oknodo --exec $binpath --pidfile $pidfile log_end_msg $? ;; restart|force-reload|reload-or-restart|reload) log_begin_msg "Restarting system log daemon..." start-stop-daemon --stop --quiet --exec $binpath --pidfile $pidfile sleep 1 start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD log_end_msg $? ;; *) log_success_msg "Usage: /etc/init.d/sysklogd {start|stop|reload|restart|force-reload|reload-or-restart}" exit 1 esac
exit 0
|
Restart the logging daemon:
/etc/init.d/sysklogd restart
Start up BIND, and check /var/log/syslog for any errors:
/etc/init.d/bind9 start