Server:housekeeping:admin
From Linux How-To Repository
Contents |
Webmin
Installing Webmin
Webmin can be downloaded from [here]. With Ubuntu, you can install it from the .deb package.
It's all straight forward; however, I struck some issues after installing the Ubuntu 64bit Feisty desktop edition. It installed as "generic" linux, as opposed to something more definite, and that meant that some settings in Webmin didn't work for me.
I discovered this when trying to change the Webmin Configuration to get it to start at boot time because it wasn't doing it by default. It gave me back an error that suggested part of the disk was damaged. I tracked the problem down to "Module Config" in the "Bootup and Shutdown" module. It needed the correct directory of /etc/init.d for the master init scripts.
Apache Setup Check
The "generic" install also meant that the settings for Apache were all wrong in Webmin.
Click on the Servers option --> the Apache Server option --> Module Config.
"File or directory to add virtual servers to" should be "/etc/apache2/sites-available/default".
(This will change to the correct directory if you want to host multiple sites.)
"Directory to create links in for new virtual servers" should be "/etc/apache2/sites-enabled/000-default".
(This will enable the chosen virtual sites.)
"Apache root server directory" should be "/etc/apache2".
"Path to httpd executable" should be "/usr/sbin/apache2ctl".
"Path to apache2" should be "/usr/sbin/apache2".
"Command to start apache" should be "/etc/init.d/apache2 start"
"Command to stop apache" should be "/etc/init.d/apache2 stop"
Check any other pathings that look suspect in the "Path to..." fields.
PhpMyAdmin
What a brilliant program! It's been indispensable to me. This can be installed with apt-get or downloaded from [here]. It can be installed via a browser script.
Roundcube
Installing RoundCube Webmail
RoundCube can be installed by downloading from [here] or using
apt-get install roundcube-webmail
If you download it, you could install it in your web directory structure. With apt-get it is installed in /usr/share, which is perhaps best.
Note that if you install via apt-get, some of the config below may not be needed, or else could be done to files in /etc/roundcube
Config Files Setup
Once installed, open up the roundcube-webmail folder and then the config folder.
Rename the two files, db.inc.php.dist and main.inc.php.dist to db.inc.php and main.inc.php.
Edit the configuration files.
gedit db.inc.php
Find the line that says
$rcmail_config[’db_dsnw’]=’mysql:// roundcube:pass@localhost/roundcubemail’;
Either keep the details or replace them with your own. In this sequence, "roundcube" is the login or user name; "pass" is the password and "roundcubemail" is the name of the SQL database you will create. Whatever you choose is what you use when you set up your SQL database.
Open main.inc.php
gedit main.inc.php
Add a value to default_host so that you don’t have to type it into RoundCube everytime we want to access email. It will just use localhost as the default. The session time is 10 minutes by default; perhaps change it to 30 minutes. You probably have to find out what your timezone number is.
/ the mail host chosen to perform the log-in // leave blank to show a textbox at login, give a list of hosts // to display a pulldown menu or set one host as string. // To use SSL connection, enter ssl://hostname:993 $rcmail_config[’default_host’] = ‘localhost’; // session lifetime in minutes $rcmail_config[’session_lifetime’] = 30; // use this format for short date display $rcmail_config[’date_short’] = ‘l g:i A’; // use this format for detailed date/time formatting $rcmail_config[’date_long’] = ‘m/d/Y g:i A’; // add this user-agent to message headers when sending $rcmail_config[’useragent’] = ‘RoundCube Webmail’; // use this timezone to display date/time $rcmail_config[’timezone’] = -5;
Next set the permissions
chmod -R 777 temp chmod -R 777 logs
Database Setup
Create the RoundCube database by accessing phpMyAdmin.
In the "Create new database" option on the frontpage enter your database name and create it.
Choose "Privileges" and then "Add a new user" and fill out all of the details as you require.
Next, create the tables:
Click on "Import." Use browse to find mysql.initial.sql file located in the RoundCube folder and within its SQL folder. Click "Go" to import the file's details.
If you installed RoundCube in your web directory, point your browser to that folder and you should be greeted with the RoundCube login screen. If RoundCube is installed elsewhere, do the next step.
Apache Alias Setup
If you installed this with apt-get it is configured automatically, I think.
__Method 1:__ create a file called webmail, or whatever you choose.
gedit webmail
Add the following line to the file and save it in /etc/apache2/sites-available
Alias /mymail /usr/share/roundcube-webmail
Now create a symlink to that file in /etc/apache2/sites-enabled.
ln -s /etc/apache2/sites-available/webmail /etc/apache2/sites-enabled/webmail
__Method 2:__ add the following to your /etc/apache2/httpd.conf file
Alias /mymail "/usr/share/roundcube-webmail/"
<Directory "/usr/share/roundcube-webmail">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
Point your browser to the mymail alias, i.e. example.com/mymail and you should be greeted with the RoundCube login screen.
User Setup
To set yourself up as a user, send an email to yourself, i.e. noob@example.com. Check in Webmin under the mail server option to see if it has arrived. Then login to RoundCube using your Linux username and password. Your mail should be waiting for you there.
Test RoundCube by sending emails to and fro with another email address.
Error Troubleshooting
I've had a couple of problems with Roundcube. I can't remember the exact errors. I think one was that things weren't showing up until after a refresh. The other error was this notorious bug:
PHP Warning: Cannot modify header information - headers already sent in Unknown on line 0
From memory, the fix may be one of these two:
Deleted TRUE from after commands in steps/mail/getunread.inc 31 //rcube_remote_response($commands, TRUE); 32 rcube_remote_response($commands);
Deleted flush() from line 1976 in lib/imap.inc
if (fputs($fp, $request)){
$line=iil_ReadLine($fp, 100);
$sent = fwrite($fp, $message."\r\n");
Delete this -> flush();
do{
$line=iil_ReadLine($fp, 1000);
}while($line[0]!="A");
Try either one or both. All I know is that I had to do these to fix bugs. I don't get the PHP error anymore and everything works.
Proftpd
Installing Proftpd
apt-get install proftpd proftpd-common ucf
You will be asked a question:
Run proftpd from inetd or standalone? <-- standalone
For security reasons you can add the following lines to /etc/proftpd/proftpd.conf but take them out if you have conflicts:
gedit /etc/proftpd/proftpd.conf
[...] DefaultRoot ~ IdentLookups off ServerIdent on "FTP Server ready." [...]
Restart Proftpd:
/etc/init.d/proftpd restart
If you see a message like this:
- IPv6 getaddrinfo 'server1.example.com' error: Name or service not known
you can ignore it as we don't need IPv6.
Setting up Proftpd
This will set up Proftpd so you can access your website and change things without permission problems.
Under System, select the Users and Groups program and create a user as your FTP user. Or, alternatively just use an existing user. Set the user's home directory to /var/www or wherever you have your website.
Next, configure Proftpd:
gedit /etc/proftpd.conf
Change User and Group to your selected web directory user. Change the port if you plan to use something different to the standard port 21. Remember to adjust the network router's port forwarding to reflect this change.
Now go to another computer and test the FTP connection with an FTP program.
More extensive info on Proftpd is here
Note
Some people say you should never use Proftpd for an ftp server. Vsftp is recommended instead because Proftpd is allegedly not secure. Vsftpd was designed to be secure. I still have to verify all of this.
apt-get install vsftpd
Change the following settings in /etc/vsftpd.conf so that you allow local users and allow write using ftp.
# Uncomment this to allow local users to log in. local_enable=YES # Uncomment this to enable any form of FTP write command. write_enable=YES
Before you connect using ftp client, you will need to create local users and group. Do not upload files using root.
CD to /home/<user> and create a symbolic link to /var/www as this is the public html folder.
ln -s /var/www www
change ownership /var/www to user
chown -R <user> /var/www
Change to 755 permissions
chmod -R 755 /var/www
Done.
Shorewall
Installing Shorewall
I've found this a bit tricky to get right in the past.
apt-get install shorewall
The setup docs advise to copy shorewall files from the install directory to the config directory of /etc/shorewall. THere are only a few that are needed. This is what I have:
interfaces macro.FTP Makefile policy rules shorewall.conf zones
Webmin is useful for validating the "rules" file, which is the one you have to worry about most. Here is a copy of a reasonable "rules" file example (from Falko's setup)
############################################################################################################# #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ # PORT PORT(S) DEST LIMIT GROUP # PORT PORT(S) DEST LIMIT GROUP # # Accept DNS connections from the firewall to the network # ACCEPT net $FW tcp 25 ACCEPT net $FW tcp 443 ACCEPT net $FW udp 6277 DNS/ACCEPT $FW net # # Accept SSH connections from the local network for administration # SSH/ACCEPT loc $FW # # Allow Ping from the local network # Ping/ACCEPT loc $FW # # Reject Ping from the "bad" net zone.. and prevent your log from being flooded.. # Ping/REJECT net $FW ACCEPT $FW loc icmp ACCEPT $FW net icmp # #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
Here is what you do with the macro. files, FTP specifically:
NOTE ------------------------------------------------ if passing parameters, it's done like this: Entry in RULES FILE is like this: # # Accept my FTP # # this also works -> ACCEPT net $FW tcp 999 # but paramaters for the following are in macro.FTP FTP net $FW Entry in MACRO FILE is like this: macro.FTP will then look like this ACCEPT - - tcp 999
Here's a modified version of what I use at the moment:
############################################################################################################# #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER # PORT PORT(S) DEST LIMIT #################################################################################################### # # Accept Pings out and from local network # ACCEPT $FW net icmp Ping/ACCEPT loc $FW # # Reject Ping from the "bad" net zone.. # Ping/REJECT net $FW # # Accept Internet and Mail # ACCEPT net $FW tcp ssh,www,https,smtp,pop3,pop3s,imap2,imaps ACCEPT net $FW udp https # my latest ACCEPT loc $FW tcp ssh,smtp,auth,9999 ACCEPT loc $FW tcp imap2,imap3,imaps ACCEPT fw net tcp 25 #unsecure SMTP # # Accept my FTP # # this also works -> ACCEPT net $FW tcp 2121 # but paramaters for the following are in macro.FTP FTP net $FW # # Accept DNS connections from the firewall to the network # DNS/ACCEPT $FW net # # Accept SSH connections from the local network for administration # SSH/ACCEPT loc $FW # ########################################################################################## ACCEPT net loc tcp 9999 ########################################################################################## # # # Accept Extras # ACCEPT $FW net tcp 443 # https ACCEPT $FW net udp 443 # https ACCEPT $FW net tcp 995 # Secure Pop3 ACCEPT $FW net tcp 873 # rsync ACCEPT $FW net tcp 465 # SMTP over SSL #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
I still have one outstanding issue; when I'm running shorewall, my icons in the local network browser disappear. I can still browse the local network by using the location window to type in the address of the computer I want to access. Once I do that all of that computer's folder icons appear. So, it's not critical; just annoying. I simply haven't come across a fix or anyone who has had a similar problem.
Links
http://www.shorewall.net/2.0/starting_and_stopping_shorewall.htm
Ipmitool
Install Ipmitool:
sudo apt-get install ipmitool
Load modules:
sudo /usr/share/ipmitool/ipmi.init.basic
The ipmi.init.basic file should look something like this:
#!/bin/sh
echo "Setting up OpenIPMI driver..."
# load the ipmi modules
modprobe ipmi_msghandler
modprobe ipmi_devintf
#if ! modprobe ipmi_kcs_drv ; then # this didn't work
modprobe ipmi_si # try new module name
#fi
maj=$(cat /proc/devices | awk '/ipmidev/{print $1}')
if [ "$maj" ]; then
test -e /dev/ipmi0 && rm -f /dev/ipmi0
/bin/mknod /dev/ipmi0 c $maj 0
fi
Test ipmitools:
sudo ipmitools -I open sensor list
Other detail is in the Sensor Data Repository (SDR). Here you will find thresholds and values for all the available sensors.
sudo ipmitool sdr elist
Or, on a LAN:
sudo ipmitool -I lanplus -H <IPADDR> -U root -P changeme sdr elist full
To get more detail on everything, do this:
sudo ipmitool -v sdr elist
To isolate a particular reading do this:
sudo ipmitool sensor reading "mb.t_amb" mb.t_amb | 34
To get more detail on that particular sensor item:
sudo ipmitool sensor get 'mb.t_amb' Locating sensor record...
To get temperature readings:
sudo ipmitool sdr type temperature
System Event Log (SEL) is accessed like this:
sudo ipmitool sel elist
Partition Software
apt-get install gparted psydm
