The Perfect Setup - Ubuntu 6.10 Server (Edgy Eft) - Page 4
On this page
8 Install Some Software
Now we install a few packages that are needed later on. Run
apt-get install binutils cpp cpp-4.0 fetchmail flex gcc gcc-4.0 libarchive-zip-perl libc6-dev libcompress-zlib-perl libdb4.3-dev libpcre3 libpopt-dev linux-kernel-headers lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev g++
(This command should go into one line!)
9 Quota
To install quota, run
apt-get install quota
Edit /etc/fstab. Mine looks like this (I added ,usrquota,grpquota to partition /dev/sda1 (mount point /; your device name might be /dev/hda1 or similar)):
vi /etc/fstab
# /etc/fstab: static file system information. # # <file system> <mount point> <type> <options> <dump> <pass> proc /proc proc defaults 0 0 # /dev/sda1 UUID=02cc04f2-98cb-41db-8eb3-94de5f19b22b / ext3 defaults,errors=remount-ro,usrquota,grpquota 0 1 # /dev/sda5 UUID=6b011d54-fb37-469d-9fa8-179b185343c1 none swap sw 0 0 /dev/hdc /media/cdrom0 udf,iso9660 user,noauto 0 0 /dev/ /media/floppy0 auto rw,user,noauto 0 0 |
To enable quota, run these commands:
touch /quota.user /quota.group
chmod 600 /quota.*
mount -o remount /
quotacheck -avugm
quotaon -avug
10 DNS Server
Run
apt-get install bind9
For security reasons we want to run BIND chrooted so we have to do the following steps:
/etc/init.d/bind9 stop
Edit the file /etc/default/bind9 so that the daemon will run as the unprivileged user bind, chrooted to /var/lib/named. Modify the line: OPTIONS=" -u bind" so that it reads OPTIONS="-u bind -t /var/lib/named":
vi /etc/default/bind9
OPTIONS="-u bind -t /var/lib/named" # Set RESOLVCONF=no to not run resolvconf RESOLVCONF=yes |
Create the necessary directories under /var/lib:
mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run
Then move the config directory from /etc to /var/lib/named/etc:
mv /etc/bind /var/lib/named/etc
Create a symlink to the new config directory from the old location (to avoid problems when bind is upgraded in the future):
ln -s /var/lib/named/etc/bind /etc/bind
Make null and random devices, and fix permissions of the directories:
mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind
We need to modify the startup script /etc/init.d/sysklogd of sysklogd so that we can still get important messages logged to the system logs. Modify the line: SYSLOGD="-u syslog" so that it reads: SYSLOGD="-u syslog -a /var/lib/named/dev/log":
vi /etc/init.d/sysklogd
[...] SYSLOGD="-u syslog -a /var/lib/named/dev/log" [...] |
Restart the logging daemon:
/etc/init.d/sysklogd restart
Start up BIND, and check /var/log/syslog for errors:
/etc/init.d/bind9 start
11 MySQL
In order to install MySQL, we run
apt-get install mysql-server mysql-client libmysqlclient15-dev
We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address = 127.0.0.1:
vi /etc/mysql/my.cnf
[...] #bind-address = 127.0.0.1 [...] |
Then we restart MySQL:
/etc/init.d/mysql restart
Now check that networking is enabled. Run
netstat -tap
In the output you should see a line like this one:
tcp 0 0 *:mysql *:* LISTEN 4997/mysqld |
Run
mysqladmin -u root password yourrootsqlpassword
mysqladmin -h server1.example.com -u root password yourrootsqlpassword
to set a password for the user root (otherwise anybody can access your MySQL database!).