Ubuntu Tutorials

Install mod_spamhaus Apache module to fight comment spam

aip — Tue, 01 Jun 2010 20:58:02 +0000

mod_spamhaus is an Apache module for DNS Block Listing that protects web services by denying access to particular IP addresses. It can stop spam relaying via web form URL injection, and block HTTP DDoS attacks from bot-nets.

It queries sbl-xbl.spamhaus.org, taking advantage of the Spamhaus Block List (SBL) and the Exploits Block List (XBL).

1. Install the package

apt-get install libapache2-mod-spamhaus

Apache is automatically restarted and the module is enabled. If you would like to test the module you can add a line to your hosts file to make it think that your IP address is blocked (pico /etc/hosts)

127.0.0.4 1.0.168.192.sbl-xbl.spamhaus.org

Replace 1.0.168.192 with your IP address and reverse it. The IP address 192.168.0.1 should read 1.0.168.192.

By default, only POST, PUT, OPTIONS, CONNECT methods are blocked. You can add GET to the list of methods blocked in /etc/apache2/mods-enabled/mod-spamhaus.conf to block the spammers from seeing your website.

Installing ionCube

aip — Sun, 27 Dec 2009 21:07:58 +0000

ionCube protects software written using the PHP programming language from being viewed, changed, and run on unlicensed computers.

1. Download ionCube loaders

sudo wget http://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86.tar.gz

2. Extract

sudo tar zxvf ioncube_loaders_lin_x86.tar.gz

3. Move to a permanent location

sudo mv ioncube /usr/local/

4. Add reference to your php.ini file (sudo pico /etc/php5/apache2/php.ini)

zend_extension = /usr/local/ioncube/ioncube_loader_lin_5.2.so

There are a few versions of the loader in the tar archive. Use the one that matches your PHP version.

5. Restart apache

sudo /etc/init.d/apache2 restart

Installing Zend Optimizer

aip — Sat, 26 Dec 2009 10:14:52 +0000

The Zend Optimizer enables you to run Zend Guard encoded files.

1. Download a copy of Zend Optimizer / Guard from the location below and put it into /tmp

http://www.zend.com/en/products/guard/downloads

2. Extract

cd /tmp sudo tar zxvf ZendOptimizer-3.3.9-linux-glibc23-i386.tar.gz

Replace with your actual filename

3. Create a directory to contain Zend optimizer

sudo mkdir /usr/local/lib/Zend

3. Move the Zend optimizer lib to a permanent location

sudo mv ZendOptimizer-3.3.9-linux-glibc23-i386/data/5_2_x_comp/ZendOptimizer.so /usr/local/lib/Zend/

Your ZendOptimizer directory name may be different since it includes version numbers and platform. I'm using the 5_2_x_comp directory because I have PHP 5.2 installed.

4. Add reference to your php.ini file (sudo pico /etc/php5/apache2/php.ini)

zend_extension = /usr/local/lib/Zend/ZendOptimizer.so zend_optimizer.optimization_level = 15

5. Restart apache

sudo /etc/init.d/apache2 restart

Disable root login to SSH

aip — Mon, 09 Nov 2009 20:16:46 +0000

Allowing root logins to your SSH damon is a big security threat. If the SSH port is open, hackers will probably at some time attempt to brute force your root password. It's a good idea to disable root logins to SSH and instead use a normal user to login and use sudo to perform tasks that require root privileges.

1. Open the SSH daemon config file and change this line: (sudo pico /etc/ssh/sshd_config)

PermitRootLogin no

2. Restart the SSH daemon

sudo /etc/init.d/ssh restart

Installing PowerDNS on Karmic Koala

aip — Sat, 07 Nov 2009 09:38:31 +0000

The PowerDNS Nameserver is a modern, advanced and high performance authoritative-only nameserver. It is written from scratch and conforms to all relevant DNS standards documents. Furthermore, PowerDNS interfaces with almost any database.

1. Install the PowerDNS server and MySql backend using apt

sudo apt-get install pdns-server pdns-backend-mysql

2. Create a new database (or use existing) and execute the following SQL queries to create the PowerDNS table structure:

create table domains ( id INT auto_increment, name VARCHAR(255) NOT NULL, master VARCHAR(128) DEFAULT NULL, last_check INT DEFAULT NULL, type VARCHAR(6) NOT NULL, notified_serial INT DEFAULT NULL, account VARCHAR(40) DEFAULT NULL, primary key (id) )type=InnoDB; CREATE UNIQUE INDEX name_index ON domains(name); CREATE TABLE records ( id INT auto_increment, domain_id INT DEFAULT NULL, name VARCHAR(255) DEFAULT NULL, type VARCHAR(6) DEFAULT NULL, content VARCHAR(255) DEFAULT NULL, ttl INT DEFAULT NULL, prio INT DEFAULT NULL, change_date INT DEFAULT NULL, primary key(id) )type=InnoDB; CREATE INDEX rec_name_index ON records(name); CREATE INDEX nametype_index ON records(name,type); CREATE INDEX domain_id ON records(domain_id); create table supermasters ( ip VARCHAR(25) NOT NULL, nameserver VARCHAR(255) NOT NULL, account VARCHAR(40) DEFAULT NULL );

3. Configure PowerDNS to use the MySql backend by adding this line into the configuration file (sudo pico /etc/powerdns/pdns.conf)

launch=gmysql

4. Configure MySql login information for the PowerDNS server that can read from the tables you created earlier by adding lines similar to these (sudo pico /etc/powerdns/pdns.d/pdns.local)

gmysql-host=127.0.0.1 gmysql-user=pdns gmysql-password=password gmysql-dbname=pdns

Replace the username, password and dbname with a valid login information and database name.

5. Restart PowerDNS

sudo /etc/init.d/pdns restart

Now you should have a fully functional PowerDNS server installed. To manage the database (adding zones and records), consider using the Poweradmin web-based administration tool.

Add a sudoer (user allowed to use sudo)

aip — Thu, 05 Nov 2009 17:32:41 +0000

Sudo allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments.

1. Create a new user (optional)

adduser user1

2. As root, run this command:

visudo

3. Add this line into the file:

user1 ALL=(ALL) ALL

This will allow user1 to run all commands as root. You can also limit the access, Click here to view the syntax

4. Save the file by pressing Ctrl-X if you are using Nano or :w if using vi

Upgrade Ubuntu 9.04 to 9.10 (Jaunty to Karmic)

aip — Sat, 31 Oct 2009 22:46:47 +0000

Ubuntu has just released the final version of Ubuntu 9.10 (Karmic Koala). If you're running the previous version Ubuntu 9.04 (Jaunty Jackalope), you can easily upgrade using the terminal.

If you have a desktop environment installed you can just click the upgrade button in the Update Manager accessible from System -> Administration -> Update Manager but on server systems without desktop environment you may need to upgrade using the terminal.

1. Install the update manager

sudo apt-get install update-manager-core

2. Launch the update and follow on-screen instructions

sudo do-release-upgrade

Increasing screen resolution in VNC on X

aip — Sat, 31 Oct 2009 22:25:20 +0000

When connecting to a server without a monitor by VNC, X won't allow you to select screen resolution higher than 640x480 on next restart. This can be easily fixed:

Open /etx/X11/xorg.conf using a text editor (pico /etx/X11/xorg.conf) and add these two lines in the Monitor section of the config file:

HorizSync 31-95 VertRefresh 50-60

Now reboot X or your server and next time you connect using VNC you'll be able to select up to 1024x768.

The Monitor Section will look something like this when you have added the two lines:

Section "Monitor" Identifier "Configured Monitor" HorizSync 31-95 VertRefresh 50-60 EndSection

Installing Tomcat 6 on Jaunty

aip — Thu, 22 Oct 2009 22:20:06 +0000

Apache Tomcat is a servlet container developed by the Apache Software Foundation (ASF). Tomcat implements the Java Servlet and the JavaServer Pages (JSP) specifications from Sun Microsystems, and provides a "pure Java" HTTP web server environment for Java code to run.

1. Install all required packages

sudo apt-get install tomcat6 tomcat6-admin tomcat6-examples

Tomcat depends on a lot of other packages and the package manager will take care of that

2. Make sure the service is responding by entering url similar to this one in a browser:

http://{ipaddress}:8080/

Replace {ipaddress} with the ip address of your server

3. Create user and roles for the manager app. Replace the contents of your current file with something like this: (sudo pico /etc/tomcat6/tomcat-users.xml)

Replace {username} and {password} with credentials of your choice.

4. Restart Tomcat

sudo /etc/init.d/tomcat6 restart

5. Enter the manager app with a browser

http://{ipaddress}:8080/manager/html

You can browse the examples using this location: http://{ipaddress}:8080/examples

Installing vsftpd using text file for virtual users

admin — Sat, 12 Sep 2009 17:56:13 +0000

vsftpd is a secure, fast and stable FTP server. In this tutorial we'll install the server and make it check in a flat text file for virtual users allowed to login.

1. Install required packages

sudo apt-get install vsftpd libpam-pwdfile

2. Configure vsftpd (sudo pico /etc/vsftpd.conf)

Edit these variables in the config file and leave everything else with the default value.

anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 chroot_local_user=YES virtual_use_local_privs=YES guest_enable=YES user_sub_token=$USER local_root=/var/www/$USER hide_ids=YES

Set the local_root to the parent directory where the user's home directories are located

3. Configure PAM to check the passwd file for users (sudo pico /etc/pam.d/vsftpd)

auth required pam_pwdfile.so pwdfile /etc/ftpd.passwd account required pam_permit.so

Make sure you remove everything else from the file

4. Create the passwd file containing the users

sudo htpasswd -c /etc/ftpd.passwd user1

You can later add additional users to the file like this:

sudo htpasswd /etc/ftpd.passwd user2

5. Restart vsftpd

sudo /etc/init.d/vsftpd restart

6. Create user's home directory since vsftpd doesn't do it automatically

sudo mkdir /var/www/user1