Friday, June 29, 2007

vps: ftp server

second things that is checked by isponfig installation is ftp server. I will install proftpd:

debian:~# apt-get install proftpd ucf
[choose standalone when asked inetd / standalone]

debian:~# vim /etc/proftpd/proftpd.conf

in line 10: set

UseIPv6 off


add in line 12:
DefaultRoot ~
IdentLookups off
ServerIdent on "FTP Server ready."


create a link in /etc as ispconfig need it, then restart proftpd:

debian:~# ln -s /etc/proftpd/proftpd.conf /etc/proftpd.conf
debian:~# /etc/init.d/proftpd restart
Stopping ftp server: proftpd.
Starting ftp server: proftpd.
debian:~#

Now, finish with the proftpd installation.

vps: quota

Other requirements to install ispconfig is quota. To install quota, run:

debian:~# apt-get install quota


Edit /etc/fstab:

debian:~# vim /etc/fstab


Add usrquota,grpquota to partition with the mount point "/", in my case: /dev/sda1.

/dev/sda1 / ext3 defaults,usrquota,grpquota 1 1


Enable quota by:
debian:~# touch /aquota.user /aquota.group
debian:~# chmod 600 /aquota.*

[this is from my experience, somehow it is best to turn quota off before doing checking
and use aquota.user and aquota.group, if we use quota.user and quota.group, sometimes the kernel unsupported error message will be appeared]

debian:~# quotaoff -a
debian:~# quotacheck -avugm
quotacheck: Scanning /dev/sda1 [/] done
quotacheck: Checked 9318 directories and 80043 files
debian:~# quotaon -avug

Finish, with the quota problem.

vps: sendmail

In order to be able to install ispconfig, we need to have mail transfer agent (MTA). I choode to install sendmail for this case.

debian:~# apt-get install sendmail

that's all you need!

Thursday, June 28, 2007

vps: webmin and usermin

Most people think that a console is the sys admin only tools. I am disagree with that. GUI is not that bad. Especially, for occasional sys admin like me :)

Webmin and Usermin are one of many good tools to do that. To install it do:


1. Get the latest debian packages, by simply run:
debian:~# wget http://prdownloads.sourceforge.net/webadmin/webmin_1.350_all.deb
debian:~# wget http://prdownloads.sourceforge.net/webadmin/usermin_1.280_all.deb

2. Then install their dependent packages:
debian:~# apt-get install openssl libnet-ssleay-perl libauthen-pam-perl libio-pty-perl libmd5-perl

[openssl is required in my vps, while I don't find it in the instruction.]

3. Now, you can install webmin/usermin package without error message:
debian:~# dpkg -i webmin_1.350_all.deb usermin_1.280_all.deb

4. also update your rc*.d and so webmin/usermin will startup correctly, and able to manage by using rcconf:
debian:~# rm -rvf /etc/rc*d/S*webmin*
debian:~# rm -rvf /etc/rc*d/K*webmin*
debian:~# rm -rvf /etc/rc*d/S*usermin*
debian:~# rm -rvf /etc/rc*d/K*usermin*
debian:~# update-rc.d -f webmin defaults 99 01
debian:~# update-rc.d -f usermin defaults 99 01

5. you can now log into your webmin interface by
https://www.example.com:10000 for webmin, and
https://www.example.com:20000 for usermin


Enjoy the GUI Server Management!

sources: http://edin.no-ip.com/html/?q=webmin_usermin_debian_etch_mini_howto

friend, some of them are real, some of them are just enemies undercover

the title tell.....

it is hard to find a truly friends. most of the time we will meet people that keep telling us that he is our best friends but he always does bad thing to you, he just wanna take advantage of you.

the difficult thing is that you keep telling yourself that he is your friend!

Wednesday, June 27, 2007

vps: installing name server, bind9

Name server is needed to manage the hostname to ip address matching. Usually, we use BIND in linux. To install it in my vps, I follow the instructions in http://www.howtoforge.com/perfect_setup_debian_etch_p4 :

debian:~# apt-get install bind9

For security reasons, run BIND chrooted:

debian:~# /etc/init.d/bind9 stop
Stopping domain name service...: bind.
debian:~# vim /etc/default/bind9

edit line 1, so become:

OPTIONS="-u bind -t /var/lib/named"


Create some necessary directories under /var/lib:

debian:~# mkdir -p /var/lib/named/etc

debian:~# mkdir /var/lib/named/dev
debian:~# mkdir -p /var/lib/named/var/cache/bind
debian:~# mkdir -p /var/lib/named/var/run/bind/run

Then move the configuration directory from /etc to /var/lib/named/etc:
debian:~# mv /etc/bind /var/lib/named/etc


Create a symbolic link to the new configuration directory from the old location (to avoid problems when bind gets updated in the future):
debian:~# ln -s /var/lib/named/etc/bind /etc/bind


Make null and random devices, and fix permissions of the directories:
debian:~# mknod /var/lib/named/dev/null c 1 3
debian:~# mknod /var/lib/named/dev/random c 1 8
debian:~# chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
debian:~# chown -R bind:bind /var/lib/named/var/*
debian:~# chown -R bind:bind /var/lib/named/etc/bind


We need to modify /etc/default/syslogd so that we can still get important messages logged to the system logs.

debian:~# vim /etc/default/syslogd

edit line 13, so become:
SYSLOGD="-a /var/lib/named/dev/log"


Restart the logging daemon:

debian:~# /etc/init.d/sysklogd restart
Restarting system log daemon: syslogd.

Start up BIND, and check /var/log/syslog for errors:
debian:~# /etc/init.d/bind9 start

Starting domain name service...: bind.
debian:~#


sources: http://www.howtoforge.com/perfect_setup_debian_etch_p4

System Information using phpsysinfo

To monitor a server from anywhere using the Internet, you can use this php scripts: phpsysinfo. You only need to install it:

debian:~# apt-get install phpsysinfo

Then, open your browser, goto: www.yourdomain.com/phpsysinfo or your-ip-address/phpsysinfo.

There are several template and language supported. Even, Indonesian is there.

For security reason, rename the phpsysinfo to other unique name. This is not entirely secure but it is better than still using phpsysinfo name, for example: kuntul.

This is very useful scripts for a sys-admin.

Tuesday, June 26, 2007

securing vps[4]: turn off directory browsing

Directory browsing is good for intranet with low security, as you do not need separate html coding to produce indexes. But for a web server it is not a good practice. In order to turn it off, edit default file in /etc/apache2/sites-available:

debian:~# cd /etc/apache2/sites-available/
debian:/etc/apache2/sites-available# vim default


add "-" before Indexes in line 11,

Options -Indexes FollowSymLinks MultiViews


don't forget to restart the apache.,

debian:/etc/apache2/sites-available# /etc/init.d/apache2 restart
Forcing reload of web server (apache2)....
debian:/etc/apache2/sites-available#


Now, you will get 403 Forbidden instead of the indexes page.

Monday, June 25, 2007

president Bush daughter made an illegal copy of mix cd

A lawyer has just make a sensation. He told public that president Bush daughter made an illegal copy of mix cd for her father's present in Father's Day. See Lawyer to RIAA: Sue the First Twins for copyright violations!

Unfortunately, US regulation allows such activity, which I am quite surprised that the lawyer did not know before make the headlines.

I was thinking that in Australia, we do not allow to do that. Anyone remember?


Saturday, June 23, 2007

securing vps[3]: hide apache version

It's apache turn. The web server still showing its identity when we telnet it. Edit apache2.conf in /etc/apache2/apache2.conf

debian:~# cd /etc/apache2/
debian:/etc/apache2# ls
apache2.conf envvars mods-available ports.conf sites-enabled
conf.d httpd.conf mods-enabled sites-available
debian:/etc/apache2# vi apache2.conf

# only display 'apache'
ServerTokens ProductOnly

# do not display additional information
ServerSignature Off


Don't forget to restart the web service,
debian:/etc/apache2# /etc/init.d/apache2 restart
Forcing reload of web server (apache2)....
debian:/etc/apache2#

The output become:
daniel-adinugrohos-computer:~ adinugro$ telnet xxxx.vpsfarm.com 80
Trying 209.9.228.xxx...
Connected to xxxx.vpsfarm.com.
Escape character is '^]'.
HEAD / HTTP/1.1

HTTP/1.1 400 Bad Request
Date: Sat, 23 Jun 2007 14:05:04 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=iso-8859-1

Connection closed by foreign host.
daniel-adinugrohos-computer:~ adinugro$

See the differences!

securing vps[2]: secure php version information

Knowing the version of php is big advantage for a hacker. He or she can use the unpatched hole to attack the web server. Try this (see the bold words):

daniel-adinugrohos-computer:~ adinugro$ telnet xxxx.vpsfarm.com 80
Trying 209.9.228.xxx...
Connected to xxxx.vpsfarm.com.
Escape character is '^]'.
GET / HTTP/1.1 [type enter twice here]

[the output will be:]
HTTP/1.1 400 Bad Request
Date: Fri, 22 Jun 2007 23:05:06 GMT
Server: Apache/2.2.3 (Debian) PHP/5.2.0-8+etch4
Content-Length: 335
Connection: close
Content-Type: text/html; charset=iso-8859-1


In order to secure this, we must edit the php setting in php.ini. Do this:

debian:~# cd /etc/php5/apache2/
debian:/etc/php5/apache2# ls
conf.d php.ini
debian:/etc/php5/apache2# vi php.ini


# remove X-Powered-By
expose_php = Off [in line 260]

# also turn of the error information, it is the best practice for production server.
display_errors= Off [in line 323]

# don't forget to restart the web server:
debian:~# /etc/init.d/apache2 restart
Forcing reload of web server (apache2)....
debian:~#


Now, try again the testing:

daniel-adinugrohos-computer:~ adinugro$ telnet xxxx.vpsfarm.com 80
Trying 209.9.228.xxx...
Connected to xxxx.vpsfarm.com.
Escape character is '^]'.
GET / HTTP/1.1 [type enter twice here]

HTTP/1.1 400 Bad Request
Date: Fri, 22 Jun 2007 23:51:10 GMT
Server: Apache/2.2.3 (Debian)
Connection: close
Content-Type: text/html; charset=iso-8859-1

Connection closed by foreign host.
daniel-adinugrohos-computer:~ adinugro$


See the differences! It is not finish yet as the apache version is still shown. Next post will be how to turn off that!

Friday, June 22, 2007

vps: remove default apache redirection

Apache has default page to tell us that the installation was succesful. Once, we are satisfy with the result, remove the redirection by doing this:

debian:~# cd /etc/apache2/sites-available/
debian:/etc/apache2/sites-available# ls
default
debian:/etc/apache2/sites-available# vi default


find the RedirectMatch line, in my case it is in line 46. Comment it out by placing '#' in front of it:

#RedirectMatch ^/$ /apache2-default/


Finally, check whether the redirection is removed by creating a simple index.php, don't forget to restart the apache, then go to your web browser to check whether you are redirected or not.

debian:/etc/apache2/sites-available# /etc/init.d/apache2 restart
Forcing reload of web server (apache2)....


You can simply remove the apache-default directory as it is unused anymore.

debian:/var/www# rm -rf apache2-default/


Now, your web server ready to serve!

Thursday, June 21, 2007

securing vps[1]: change mysql password

Installing phpmyadmin will help us in managing our mysql database. In my opinion, it is not only for beginner, but for advanced user as well.

Our mysql server has no password for root. It is very dangerous! We can change the password via mysql client [why I chose to install mysql-client], but I like to use phpmyadmin.

1. First thing first, go to the phpmyadmin on our server, login as root with blank password.
2. Choose mysql(17) database on the left menu.
3. Find user table, and click on it.
4. Click on Browse tab, to get the content of this table.
5. In order to change the password, click the pen picture on the row which has user = root and Host = localhost.
6. On the next window, type your password and don't forget to apply Password on the Function field. Click on Go button to save the changes.
7. Apply the same changes to the all root account. You can use the same password for all of the root password depend on your situation.
8. Now, I have changed the password. Choose the Home button on the left side menu. Then, Choose Reload Privileges to flush all the privileges, and click on Go button.
9. We will forward to the login page again. Try to login using root with blank password, your login will be failed.
10. Try with the new password and you can use phpmyadmin again.

Next, I am tending to change the name of phpmyadmin as well. This is just to hide my phpmyadmin from outsiders. By doing this, they have to guess where is the phpmyadmin and the password for root. If you still use phpmyamdmin directory, hackers only need to guess or crack the root password. The way to do it is just renaming the phpmyadmin directory with other name, for example: nasicampur, basisdata, etc.

debian:~# cd /var/www/
debian:/var/www# ls
apache2-default phpmyadmin test.php
debian:/var/www# mv phpmyadmin nasipadang
debian:/var/www# ls
apache2-default nasipadang test.php
debian:/var/www#

Test by go to the your server with nasipadang directory. You will get the phpmyadmin login page.

[Again, for security reason, I has changed again the directory's name.]

Wednesday, June 20, 2007

installing LAMP on vps

Nowadays, Linux is becoming easier to install. More supports and wider community means more people are willing to help you out there.

Me next task is setting up LAMP on my vps. Being a debian 4 server, I will use the magic of apt-get.

# just to update the package system
debian:~# apt-get update

# install mysql first, to be able to be picked up by Apache
# also install the client, for debugging purpose
# use meta package mysql-server and mysql-client to get the newest version
debian:~# apt-get install mysql-server mysql-client

# for basic apache+php5 install, do this!
# don't forget to install mpm-prefork to get better multi-threaded support
debian:~# apt-get install apache2 apache2-mpm-prefork php5

# don't forget to install phpmyadmin, to manage your mysql easily.
debian:~# apt-get install phpmyadmin


Testing my setup by open it in the web browser shows, the apache default message "It works!", Also, test the phpmyadmin by open it in the web browser. [At the moment, I don't publish the url as the server has not been secured yet.]

That's all for today. But my jobs has not finished yet. Next is how to secure the LAMP server.

Tuesday, June 19, 2007

vps, first thing to do!

More than a month, I have been toying around with the vps. Now, I just want to record my activities with it. I think it is very easy. I use vpsfarm @ www.vpsfarm.com. I think they don't have any machines left at the moment.

I choose debian as it is the root of ubuntu. Five minutes after installation, they send me the password via email.

First thing to do, change the password. it must be unique, between 8-12 characters, combination of upper case, lower case and numbers.

the command is:

debian:~# passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
debian:~#

You must enter the same password twice, to avoid mistyping the password as the character you typed is not shown in the screen.

It's all done! Next is how we install LAMP into it.

Monday, June 18, 2007

livecd ubuntu feisty fawn

I remember that last month, I had a trouble to run the new ubuntu livecd. Unfortunately, the livecd asked for username and password. What were they? I thought using livecd, we did not need to create account first.

Browsing the google, found the solution. Just reburn the cd, it may caused by bad burning process. But, I think it was caused by my cdrw. I used to save the iso in my hd, then burn it to cdrw when needed.

Now, I enjoy my experience with ubuntu....


Sunday, June 17, 2007

starting from the beginning again...

As usual, the easiest things to do is start from the beginning. Conquer is easy but defend it is very difficult. Create a new blog is very easy, but maintain it will be huge tasks.

Hopefully, this blog will be the main place for me to record my activities during my busy time to do my jobs.

Gone and borne, lost and having a new one is not the same. But, sadness must end. Otherwise, we will never enjoy our short life.

life must go on...