Tiamat

From Gruff Goat Wiki

Main web server.

Contents 1 Operating System 2 Networking 3 Base System Install 3.1 Aptitude 3.2 Packages I Use 3.3 FTP server 3.4 Secure Communications 3.5 Firewall 3.5.1 Initial Settings 3.5.2 Denyhosts 4 Monitoring 5 Backup and Restore 6 Specialized Applications 6.1 Apache2 on Ubuntu 6.2 PHP5 on Ubuntu

Operating System

The OS initially installed is Ubuntu Server Linux 10.04 LTS. Installed by DataRealm.

Networking

By default, the server gets its network settings from DHCP. I wish to change my server to a static IP. I'll use the default editor vi in the demonstrated commands but you may use the editor of your choice.

vi /etc/network/interfaces

In the editor set your primary interface similarly. Of course, use your own valid IP addresses.

# The primary network interface
auto eth0
iface eth0 inet static
address 65.23.156.168
netmask 255.255.255.0
gateway 65.23.156.1

auto eth0:0
iface eth0:0 inet static
address 65.23.156.178
netmask 255.255.255.0

auto eth0:1
iface eth0:1 inet static
address 65.23.156.179
netmask 255.255.255.0

auto eth0:2
iface eth0:2 inet static
address 65.23.156.180
netmask 255.255.255.0

Restart your network

/etc/init.d/networking restart

Set you hostname

vi /etc/hosts          # and
vi /etc/hostname
/etc/init.d/hostname restart

Base System Install

• OpenSSH server

Aptitude

I use aptitude to manage the packages installed on the system and for upgrading.

aptitude update        # Update the package list

Packages I Use

All are installed using the command:

aptitude install packagename

• man mc
• man screen
• man ntp
• man htop
• man sysv-rc-conf
• man mutt
• man hwinfo

aptitude install unzip

FTP server

I use Pure-FTPd. This has a rather unusual configuration on Ubuntu. Each option is a separate file in the /etc/pure-ftp/conf directory. I got some hints from Ubuntu HowTo and which settings to use from my FreeBSD Pure-ftpd.conf.

Please see Pure-FTPd on Ubuntu

Secure Communications

Secure methods are used to connect to this server and from this server to other servers. This is generally done using OpenSSH.

See Public Key Cryptology

Firewall

Using the very simple to administer UFW (uncomplicated firewall). The initial rules are shown below. These will need to be adjusted as new services are added.

Initial Settings

ufw default deny          # Default rule
ufw allow ssh             # Allow all ssh traffic on port 22
ufw allow ftp             # Allow all ssh traffic on port 21
ufw allow www             # Allow all ssh traffic on port 80
ufw logging on
ufw enable                # Turn the firewall on

Denyhosts

aptitude install denyhosts
/etc/init.d/denyhosts restart

Monitoring

Once you have a secure and communicative installation, it is time to put some monitoring into place. Monitoring includes logfile scans, user audits, disk audits, rootkit audits, and service availability scans.

Please see Ubuntu Monitoring

Backup and Restore

When something goes wrong (it will), have a current working backup of your data is essential. So it is critical to have an incremental backup plan that includes tested restore operations.

Please see Ubuntu Backup and Restore

Specialized Applications

Apache2 on Ubuntu

PHP5 on Ubuntu