Difference between revisions of "Ubuntu"

Jump to navigation Jump to search

Ubuntu (view source)

Revision as of 15:21, 23 August 2016

8,067 bytes added ,  15:21, 23 August 2016
Undo revision 2603 by Sstrutt (talk) Rollback
(→‎Ubuntu 10.04.1 LTS: Corrected error in proc)
(Undo revision 2603 by Sstrutt (talk) Rollback)
 
(22 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{Depreciated|category=Ubuntu}}
== Initial Setup ==
== Initial Setup ==
Much of this section is ''borrowed'' from http://www.howtoforge.com/perfect-server-ubuntu8.04-lts and http://www.howtoforge.com/how-to-install-ubuntu8.04-with-software-raid1, they are well worth a read!
Much of this section is ''borrowed'' from http://www.howtoforge.com/perfect-server-ubuntu8.04-lts and http://www.howtoforge.com/how-to-install-ubuntu8.04-with-software-raid1, they are well worth a read!
Line 69: Line 71:
         address 192.168.1.150
         address 192.168.1.150
         netmask 255.255.255.0
         netmask 255.255.255.0
         network 192.168.1.1
         network 192.168.1.0
         broadcast 192.168.1.255
         broadcast 192.168.1.255
         gateway 192.168.1.1
         gateway 192.168.1.1
Line 146: Line 148:
# Install VM Tools
# Install VM Tools
#* <code> apt-get install vmware-tools </code>
#* <code> apt-get install vmware-tools </code>
=== NTP ===
''Not required if your server doesn't really need bang on accurate time''
Out of the box your server will sync every time its restarted and drift a bit in-between.  There is an additional resource demand in running the NTP daemon so unless you need to, there's no need to install the full blown NTP daemon.
I tend to have one or two servers updating from remote (public) servers, and then all others updating from those.
# Install the service
#* <code> apt-get install ntp </code>
# Update the NTP config file, <code> /etc/ntp.conf </code> (Example below is for a server updating from public European servers - see http://www.pool.ntp.org/)
#* <code> server 0.europe.pool.ntp.org </code>
#* <code> server 1.europe.pool.ntp.org </code>
#* <code> server 2.europe.pool.ntp.org </code>
#* <code> server 3.europe.pool.ntp.org </code>
# Restart the NTP service
#* <code> service ntp restart </code>
# Verify using the following commands
#* <code> ntpq -np </code>
#* <code> date </code>


=== Update the OS ===  
=== Update the OS ===  
Line 181: Line 203:


Note that some applications will ignore the environment variables, and will need to be set specifically for those apps.
Note that some applications will ignore the environment variables, and will need to be set specifically for those apps.
=== Hostname Change ===
Procedure below guides you through the files etc that need updating in order to change a machine's hostname.  Note that if you get probs SSH'ing to the server afterwards see [[#Server_Hostname_Change|Server Hostname Change]]
# Update the following files
#* <code> /etc/hosts </code>
#* <code> /etc/hostname  </code>
# Set the hostname (not FQDN)
#* <code> hostname <servername> </code>
# Reboot
=== Allow Remote SSH Login Without Password Prompt ===
In order to be able to access a remote server via an SSH session without needing to suppy a password, the remote server needs to trust the user on the local server.  In order to do this, the public key for the user needs to be imported to the remote server.  This is particularly useful when trying to script using ssh, scp, rsync, etc where you need to interract with a remote server.
You need to be clear on which user will access the remote the server, if your script is run as root, then its the root user that needs to have its public key exported.
Similarly, on the remote server you need to ensure that that the user that has the public key key imported into, has the rights to perform whatever it is that you want to achieve.  This ''shouldn't'' be the root user (to do so you'd need to allow <code>PermitRootLogin </code> in the remote server's SSH config, which is a security no-no).
# On the local server, create a public/private rsa key pair while logged in as the user that will access the remote server
#* <code> ssh-keygen -t rsa </code> (leave passphrase blank)
#** This creates a public key in <code> ~/.ssh/id_rsa.pub </code>
# Copy the public key to the user on the remote server
#* <code> ssh-copy-id -i user@remote-svr </code>
#** The <code> user </code> is the user account on the remote server that the local server will be trusted by and run as.
# Test the login as suggested by <code> ssh-copy-id </code>
#* <code> ssh user@remote-svr </code>


== Packages ==
== Packages ==
=== Commands ===
=== Commands ===
{|cellpadding="4" cellspacing="0" border="1"
{|class="vwikitable"
|- style="background-color:#bbddff;"
|-  
! Command                              !! Purpose
! Command                              !! Purpose
|-
|-
Line 206: Line 254:
* '''Error 400 Bad Request'''
* '''Error 400 Bad Request'''
** Somewhat misleadingly, the problem is normal caused by being unable to contact the update server.  Consider adding proxy server config to your machine
** Somewhat misleadingly, the problem is normal caused by being unable to contact the update server.  Consider adding proxy server config to your machine
* '''The following packages have been kept back'''
** Package manager can hold back updates because they will cause conflicts, or sometimes because they're major kernel updates.  Running <code>aptitude upgrade</code> normally seems to force kernel updates through.


== Firewall ==
== Firewall ==
Line 212: Line 262:
Changes are applied immediately. Once you've added your first rule there's an implied deny all.
Changes are applied immediately. Once you've added your first rule there's an implied deny all.


{|cellpadding="4" cellspacing="0" border="1"
{|class="vwikitable"
|- style="background-color:#bbddff;"
|-  
! Command                              !! Purpose
! Command                              !! Purpose
|-
|-
Line 219: Line 269:
|-
|-
| <code> ufw status </code>            || Shows the firewall status and existing filters
| <code> ufw status </code>            || Shows the firewall status and existing filters
|-
| <code> ufw status numbered </code>    || Shows the firewall status and numbered existing filters (easier to delete)
|-
|-
| <code> ufw allow from 192.168.1.10 </code> || Allow all traffic from 192.168.1.10
| <code> ufw allow from 192.168.1.10 </code> || Allow all traffic from 192.168.1.10
Line 225: Line 277:
|-
|-
| <code> ufw allow proto tcp from 192.168.1.10 to any port 22 </code> || Allow TCP 22 (SSH) from 192.168.1.10
| <code> ufw allow proto tcp from 192.168.1.10 to any port 22 </code> || Allow TCP 22 (SSH) from 192.168.1.10
|-
| <code> ufw delete 2 </code>          || Delete rule 2
|}
|}
     
 
So, for example, to create a couple of rules and enable...
ufw allow proto tcp from 192.168.10.0/24 to any port 22
ufw allow proto tcp to any port 443
ufw enable
 
== SNMP ==
== SNMP ==
=== Setup (Pre v10) ===
=== Setup (Pre v10) ===
Line 381: Line 440:
</source>
</source>
Note that you won't backup the <code> information_schema </code> table if you need to implement this workaround
Note that you won't backup the <code> information_schema </code> table if you need to implement this workaround
[[Category:MySQL]]
== Perl ==
=== Install Module ===
Installing a perl module isn't tricky, but there is a certain nack to it, see below...
# Get the module's package name (eg for Net::XWhois)
#* <code> sudo apt-cache search perl net::xwhois </code>
# Then install the package
#* <code> sudo apt-get install libnet-xwhois-perl </code>
=== Check Module(s) Installed ===
To check for a specific module use (checking for <code>Net::XWhois</code>)
perl -MNet::XWhois -e "print \"Module installed.\\n\";"
To list all installed modules
perl -MFile::Find=find -MFile::Spec::Functions -Tlwe \
'find { wanted => sub { print canonpath $_ if /\.pm\z/ }, no_chdir => 1 }, @INC'
Source: http://www.linuxquestions.org/questions/linux-general-1/how-to-list-all-installed-perl-modules-216603/
== Python ==
Python v2 comes pre-installed, however if you want to run newer Python 3 scripts, this will need to be installed alongside.
# Install the package
#* <code> apt-get install python3 </code>
#** Note that more than one version of Python 3 may be available, cancel the install are retry with specific version if required, eg <code> apt-get install python3.1 </code>
To enter the Python 3 interpreter, run <code> phython3 </code>, to make sure you get the right environment for a script use the following shebang
<source lang="python">
#! /usr/bin/env python3
</source>
See [[:Category:Python|Python]] for further info
[[Category:Python]]


== AWStats ==
== AWStats ==
Line 416: Line 512:
# Create a specific config file for the site to monitor
# Create a specific config file for the site to monitor
#* <code> cp /etc/awstats/awstats.conf /etc/awstats/awstats.mysite.com.conf </code>
#* <code> cp /etc/awstats/awstats.conf /etc/awstats/awstats.mysite.com.conf </code>
# Edit the config file for the site, specifically
# Edit the config file for the site, specifically (see below for further options)
#* <code> LogFile=”/path/to/your/domain/access.log” </code>
#* <code> LogFile=”/path/to/your/domain/access.log” </code>
#* <code> LogFormat=1  </code>(this will give you more detailed stats)
#* <code> LogFormat=1  </code>(this will give you more detailed stats)
Line 428: Line 524:
#* <code> crontab -e </code>
#* <code> crontab -e </code>
#* EG every 30 mins <code> */30 * * * *    /bin/perl      /usr/lib/cgi-bin/awstats.pl -config=mysite.com -update >/dev/null </code>
#* EG every 30 mins <code> */30 * * * *    /bin/perl      /usr/lib/cgi-bin/awstats.pl -config=mysite.com -update >/dev/null </code>
Further options
* Wiki sites (and other sites where an URL parameter can specify a specific page
** <code> URLWithQuery=1 </code> - useful for Wiki's etc where query param indicates a different page
** <code> URLWithQueryWithOnlyFollowingParameters="title" </code> - only treats variances in param title as distinct pages
** <code> URLReferrerWithQuery=1 </code> follows on from two above


=== Other ===
=== Other ===
To perform a one-off update from a specific log file...
To perform a one-off update from a specific log file...
* <code> /usr/lib/cgi-bin/awstats.pl -config=vi-db -LogFile=access.log </code>
* <code> /usr/lib/cgi-bin/awstats.pl -config=server -LogFile=access.log </code>
** Updates can only be added in chronological order, therefore you may need to delete the data file for a particular month, and rebuild it entirely.
** Updates can only be added in chronological order, therefore you may need to delete the data file for a particular month, and rebuild it entirely.
Scheduled updates are configured in <code> /etc/cron.d/awstats </code>
== Syslog to MySQL Database ==
This procedure achieves three things...
# Allows remote hosts to use the local server as a syslog destination
# Directs syslogs to MySQL database on the server
# Allows viewing of syslogged events through [http://loganalyzer.adiscon.com/ LogAnalyser] web front end
...it is assumed that you already have a local MySQL and Apache server running!
# '''Set-up your server to send syslog messages to a MySQL database'''
#* <code> apt-get install rsyslog-mysql </code>
#* Enter the root password to your MySQL instance when prompted
# '''Update the <code> rsyslog </code> config (<code>/etc/rsyslog.conf</code>) to receive syslog data, and to route messages through a queue'''
## Uncoment the following..
##* <code>$ModLoad ommysql  # load the output driver (use ompgsql for PostgreSQL)</code>
##* <code>$ModLoad imudp    # network reception</code>
##* <code>$UDPServerRun 514 # start a udp server at port 514</code>
## Add the following...
##* <code>$WorkDirectory /rsyslog/work # default location for work (spool) files</code>
##* <code>$ActionQueueType LinkedList # use asynchronous processing</code>
##* <code>$ActionQueueFileName dbq    # set file name, also enables disk mode</code>
##* <code>$ActionResumeRetryCount -1  # infinite retries on insert failure</code>
## Restart the service
##* <code> service rsyslog restart </code>
# '''Install LogAnalyser'''
## Download latest build from http://loganalyzer.adiscon.com/downloads
##* EG <code>wget http://download.adiscon.com/loganalyzer/loganalyzer-3.5.0.tar.gz</code>
## Uncompress
##* EG <code>tar xf loganalyzer-3.5.0.tar.gz</code>
## Move the contents or <code>/src</code> to webserver
##* EG <code> mkdir /var/www/syslog </code>
##* EG <code> mv /src/* /var/www/syslog/ </code>
## Move utility scripts to same folder
##* EG <code> mv /contrib/* /var/www/syslog/ </code>
## Make them both executable,
##* EG <code> chmod +x /var/www/syslog/*.sh </code>
## Run the config script in the directory
##* EG <code> /var/www/syslog# ./configure.sh </code>
## Browse to webpage
##* EG http://your-www-svr/syslog/index.php
## Ignore the error, and follow the link to install (configure)
## Accept defaults until step 7, where you change the following
##* Name of the Source - ''your name for the local syslog db''
##* Source Type - MySQL Native
##* Database Name - Syslog
##* Database Tablename - SystemEvents
##* Database User - rsyslog
##* Database Password - rsyslog
## Config completed!


== Troubleshooting ==
== Troubleshooting ==
Line 467: Line 618:
* <code> ssh-keygen -R <name or IP> </code>
* <code> ssh-keygen -R <name or IP> </code>


=== Reboot Required? ===
If a package update/installation requires a reboot to complete the following file will exist...
/var/run/reboot-required


[[Category:VMware]]
To see which packages caused this to be set, inspect the contents of...
[[Category:Zimbra]]
/var/run/reboot-required.pkgs
[[Category:MySQL]]
Retrieved from ‘https://vwiki.co.uk/index.php?title=Special:MobileDiff/1214...2604

Navigation menu