Networking and System Administration

Denyhost is a package which is exellent for blocking brute forc ssh attacks. It is also easy to install and manage. Installation apt-get install denyhosts Configuration: Default configuration are pretty good but you can tune the basic. /etc/denyhosts.conf It reads the logs and add those IPs which try to break in /etc/hosts.deny You can add your IP/valid IP or with your domain. /etc/hosts.allow sshd: yourdomain.com 192.168.0.1 Start/stop service /etc/init.d/denyhosts stop /etc/init.d/denyhosts start Purging denyhost denyhosts --purge The /etc/rc3.d contains the denyhost which start on run time.

INSTALLATION apt-get install slapd ldap-utils libldap-2.4-2 libdb4.6 During installion it will ask you questions like passwd or domain name (it did not ask my installation) Administrator password: password Confirm password: password CONFIGURATION Client side : (Remember same system is serving as client and server.) Edit /et/ldap/ldap.conf BASE dc=fizaan, dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 URI ldap://10.0.2.15 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never Server Configuration These Schemas by default are included, if not make sure they are included. # Schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema Change the log level from 0 to 256 loglevel 256 Data base, you can change if you want different. I m using default. database bdb Your domain name...

Server End : Installation During Installain of Windows 2003 Server, Terminal srver installs by default, no need to install again. Configuration Step 1:Share Remoter Desktop Connection by sharing this folser: C:\Windows\system32\clients\tsclient\win32 to access folser and copy in their system. Step 2: Give permission to user e.g imran by Right click on win32 folder, click propterties, select Security tab and click add, enter user name: imran (this user should already be created in server machine) under enter Object name Step 3: Allow remote users to access remotely by Enabling Remote access. Step 4: Right click on My computer, Click Properties, select Enable Remoter Desktop in this computer. client Side: Step 1: If your client is Windows XP: Click start, All programmes, Accesseries and then Open Remote Desktop Connection Step 2: Write IP of terminal server e.g 192.168.1.102 Step 3: Give user name and password, this usre name and passward should be permit Step 4: This will open the Ter...

Server Side: Installation: In windows 2003 Installatin, DFS is installed by default, no need to install again. Configuration: Client Side: Step 1: Make a filder e.g c:\DFS-client1 Step 2: Share the folder and set the permissin. Server Side: Step 1: Make a folder and share it, e.g C:\root Step 2: Open Distributed File System from Administrative Tools Step 3: Right click on Distributed file systme, Click New Root, a wizard will start, click Next. Step 4: If you have Domain, select Domain root, if WORKGROUP then Stand-alone root , I am using stand-alone root, click Next. Step 5: Write Server name or IP e.g 192.168.1.102, click Next Step 6: Now give the root name, shared folder made in first step on srver e.g root and Finish the wizard. Step 7: After finish right click on \\TEST03-SERVER\root and click New Link Step 8: Name of Link for client1 e.g 192.168.1.104, select the path to shared folder by click on Browse, Entire Network, Microsoft Windows Network, Workgroup, 2003-client select DF...

Server Side You server must have IIS and static IP Installation Step 1: Step 1: Open add/remove programs from Control panel Step 2: Click add/remove windows components, Step 3: Select Application Server, select Internet Information Server (IIS), click details, check FTP along with default checks. Step 4: This will start installation wizard, provide 2003 cd, during install. Configuration Step 1: Open IIS from Administrative Tools Step 2: Right click on FTP Sites, click New FTP Site.. Step 3: Wizard will start, Next, wirte Description e.g ftp server, Next Step 4: Select IP e.g 192.168.1.102, port 21 (default), Next Step 5: FTP user usolation, check Isolate users, Next Step 6: FTP sites home Directory, browse, select drive e.g C, click Make New Folder, cheate folder e.g FTP, ok Step 7: Allow file permission Read, Write (if you want to give write rights), finish Client Side Step 1: Open browser and write serve IP ftp://192.168.1.102 Step 2: Provide credentials if required Step 3: Browse an...

Server End Pre-request DNS in your networkd. Domain in your network. Static IP configured in server where you are going to install IIS. Make a folder e.g C:/web in you server and store page inded.html Installation Step 1: Open control add/remove programs, click add/remove Windows components Step 2: Select Application services, click details Step 3: Check Internet Information Services Step 4: Click ok then Next Configuratoin Step 1: Open IIS from administrative tools Step 2: Right click on Web sites, click New site... Step 3: Wizard will start, next, description e.g my web site, next 4tep 4: Give IP: 192.168.1.102, prot 80 default, header www.fizaan.com Step 6: Browser the path to we directory e.g web Step 7: Set the web site permission, next and finish. Step 8: Expand the web sites folder left side and right click on websites click propterties Step 9: Click the Documents tab, move up default page index.html to top Step 10: Ok Client Side Step 1: Set the DNS to Your DNS server 192.168.1...

Installation You server should have static IP on it. Step 1: Click add/remove windows components in add/remove progmrams in Control panel Step 2: Select Networking Services, dlick details, Step 3: check only Dynamic Host configuration Prptocol (DHCP), OK, Next, This will start installation Step 4: Finsih Configuration Step 1: Open DHCP from Administrative Tools Step 2: Right Expand Computer name e.g Test03-server, click New Scope Step 3: Write name of scope e.g fizaan-dhcp and Descrition Step 4: Enter Start IP: e.g 192.168.1.150 and End IP: e.g 192.168.1.250, Subnet mask Length: 24 and mask: 255.255.255.0, Next Step 5: Skip Add Exclusions, Next, Lease Duration change default 8 days to 1, press Next Step 6: Configure options now, press Next, Give Router IP of your Network: 192.168.1.1 Step 7: Give Domain Name: fizaan.com, DNS server IP:192.168.1.102, WINS server IP: 192.168.1.104 Step 8: Activate scope, select Yes I wan to activate this scope now, Press Next Your DHCP server is ready n...

Installation Step 1: Open add/remove Windows by selecting add/remove programes in Control Panel Step 2: Select Networking Service, click details Step 3: Check Windows Internet Name Server Step 4: Click Ok, Next Configuration Step 1: Open WINS from Administrative tools and expand Computer Name e.g TEST03-SERVER (192.168.1.102) Step 2: Right Click on Active Registration then select Display Step 3: From new window, Click Record Types (3rd Tab), Click Clear All Step 4: Select only those tecord which you want to display, Click Find now Back up WINS Database Step 1: In WINS, right Click on computer name and select properties Step 2: In General tab, click browse, select driver, make new folder e.g WINS backup, press OK. Step 3: Right click again on computer name and click backu, it will take the backup Restore WINS backup Step 1: Stop WINS service by right click on Computer name in WINS, all taks then Stop, this will put red cross on WINS (cannot find WINS server) Step 2: After stop, right cl...

Primary DNS We have already installed Primary DNS on 192.168.1.102, see Windows 2003 DNS Installation and Configuratoin tutorial. Secondary DNS/ Backup DNS Installation and Configuration on Secondary DNS Step 1: Set the static IP e.g 192.168.1.104, insert Windows 2003 CD into CD rom Step 2: Open Windows components from Add Remove Programe in Controll Pannel Step 3: Select Networking Services, click Details, check only on Domain Name Systme DNS, Click Next, This will Install DNS. Step 4: After install open DNS, expand computer Name, right click on Forward Lookup Zone, right click, Click New Zone Step 5: Wizard will start, Next, Select Secondary Zone type, Next Step 6: Enter zone name, fizaan.com, Next Step 7: Write Master DNS IP here it is 192.168.1.102, add, Next, Finish Further Steps on Primary/Master DNS Step 8: Open DNS and expand Forward Lookup Zones Step 9: Select Zone name e.g fizaan.com, right click select properties Step 10:Select Zone Transfer, check Only to the following serv...

Server Side Step 1: Click Start,Run, write dcpromo Step 2: A wizard will start, click Next Step 3: Check This server is the last domain controoler in the domain on Removel Active Directory page, click Next Step 4: click yes on do you want to coninue Step 5: On Application Directory Partitons page, click Next to remove all partitions Step 6: Check Delete all application directory partitions on this domain controller, Next Step 7: Give root passwd and click Next, It will start to remove, If you face any error re-do the all above steps Step 8: click Finish and Restart the computer Step 9: Remove suffix domain name e.g fizaan and restart again Disjoin the Domain on client Step 1: Right click on My Computer, click properties Step 2: Click Computer Name, then change button and Select Workgroup and write WORKGROUP Step 3: Restart the computer

Installation: Server Side Step 1: Insert Windows 2003 CD into cd rom Step 2: Open control pannel: first open my computer then click control panel Step 3: Open add/remove program then open add/remove windows compnent Step 4: Select Networking services, click detain button, check Domain Name System DNS Step 5: Press OK, this will install the DNS, press Finish Configuration Server Side Creation of Forward Lookup zone Step 1: Open DNS from Administrative Tools Step 2: Click-right on Forward Lookup Zones, then New Zone Step 3: Wizard will start, click Next, Select Primary Zone, Next Step 4: Write Zone name e.g fizaan.com Step 5: Zone File name, no need to change fizaan.com.dns, click Next Step 6: Select Allow Dynamic updates both secure and non secure, Next, finish the Wizard Step 7: click fizaan.com folder in right side window, Step 8: Double Click on Namer Server Type Step 9: Click on add button, write FQDN e.g fizaan.com and IP of a DNS Server, it same machine 192.168.1.102 Step 10: App...

Creation of Users and Groups Step 1: Open Active Directory users and Computer, for that click start, Administrative Tools Step 2: Expand domain name, fizaan, right click on user, click new user Step 3: Fill credentials of user in open windows Step 4: Provide good password, 2003 has some policy of choosing password Step 5: Click finish Step 6: Login from client using this user/pasword, remember choose the domain FIZAAN, in login window Creation of Group Step 1: Open Active Directory users and Computer, for that click start, Administrative Tools Step 2: Expand domain name, fizaan, right click on user, click new group Step 3: Provide the group name, scope and Type. press OK Adding members in Group Step 1: Right click on group name and properties Step 2: Click member tab, add button, write user name aanish, you can fine users by clicking Advance Step 3: Click Ok Setting user login time and selected Computer Step 1: Right click on user name then click properties Step 1: Clic...

Windows 2003 Server: Installation You computer is connected to switch and get ip from DHCP server or static Step 1: Click start,Run,enter dcpromo Step 2: Click next and next again Step 3: Select the Domain controller for your domain, click next Step 4: Select Domain in New forest and Next Step 5: Write FQDN e.g fizaan.com, click Next Step 6: Netbion name FIZAN, click next Step 7: Click next on Database and log folder, leave the default Step 8: Shared system Volume Folder, leave it default and click Next Step 9: Select Install and configure the DNS on the computer and cleck Next Step 10:Permission Compatible with Pre Windows.... and click Next Step 11:Restore mode Password, leave it blank click Next Step 12:Summary page, view and click Next Step 13:It will ask the Windows 2003 Server CD Step 14:End of Active Directory Installation wizard, press Finish Step 15:Restart the computer Windows 2003 client: Configuration This computer is in same network in server and have IP. Step 1: Right cl...

Step 1: Installation of tftpd package (server) and client aptitude install tftpd aptitude install tftp Step 2: Creating Directory and setting permission mkdir /tftpboot chmod 777 /tftpboot chown imran.imran /tftpboot Step 3: Checking and editing(if required) the /etc/inetd.conf Correct the location of director from /srv/tftp to /tftpboot tftp dgram udp wait nobody /usr/sbin/tcpd /usr/sbin/in.tftpd /tftpboot Don't forget to restart. It is is tricky to restart the tftpd, you have to restart inetd, but in Debian it is openbsd-inetd cd /etc/init.d ./openbsd-inetd restart Step 4: Testing Type following tftp 127.0.0.1 tftp> Step 5: Security you can edit /etc/hosts.allow and /etc/hosts.deny for restriction. That's it. Further doc http://www.debianhelp.co.uk/tftp.htm http://www.onlamp.com/pub/a/bsd/2003/06/05/FreeBSD_Basics.html

As it is installed in debian in OS installation. Step 1: Stop Sysllog server. /etc/init.d/sysklogd stop Step 2: Start remote acception edit /etc/default/syslogd change SYSLOGD="" to "-r" Step 3: Create a file to log remote log messages (optional) edit /etc/sylogd.conf *.*;auth,authpriv.none to *.*;auth,authpriv,local0.none append at the end the path to file local0.* -/var/log/sxlog Step 4: Restart the syslog server /etc/init.d/sysklogd start a meesage with "remote reception" by doing tail -f /var/log/messages confirms. Setp 5: Test by viewing the file cat /var/log/sxlog Further info http://news.softpedia.com/news/Setting-Up-a-Central-Syslog-Server-44063.shtml

Step 1: Install the LAMP server and also phpmyadmin See my blogpost "Installation of LAMP on Debian" #aptitude install phpmyadmin Step 2: Download Lattest version of Joomla e.g dwonload from following location http://linux.softpedia.com/progDownload/Joomla-Download-5739.html Step 3: make directory under /var/www/joomla and decompress joomla mkdir /var/www/joomla cd /var/www/joomla tar -xvf var/www/Joomla_1.5.6-Stable-Full_Package.tar.gz Step 4: Create Database in MySQL #mysqladmin -u root -p create Joomla mysql -u root -p mysql>GRANT ALL PRIVILEGES ON Joomla.* TO Joomla@localhost IDENTIFIED BY 'Joomla'; mysql>flush privileges; mysql>quit Step 5: Change ownership and priviliges of /var/www/joomla chown www-data.www-data /var/www/joomla chmod 777 /var/www/joomla Notw: Rechange this mode to normal after installation. Step 6: Begin installattion http://192.168.100.10/joomla This will start the wizard, answer the questions, in check list try to eliminate missing c...

Step 1: Install phpmyadmin aptitude install phpmyadmin Step 2: Login to phpmyadmin https://192.168.100.1/phpmyadmin/ Default user: root Enter root password. Step 3: Export Database After log in, click Export In EXPORT menue select your database e.g joomla Select format under Select All/Unselect All e.g SQL (by default) Click Save as file e.g jooml Press Go (botton right) Save it to your local hard disk Step 4: Import Database Press Import after log in to phpmyadmin in other machine. select the file under Location of the text file, Leave every thing by default and Press Go This will import the mysql database.

Step # 1 : Stop mysql service # /etc/init.d/mysql stop Step # 2: Start to MySQL server without password # mysqld_safe --skip-grant-tables & Step # 3: Connect to mysql server using mysql client: # mysql -u root mysql> Step # 4: Setup new MySQL root user password mysql> use mysql; mysql> update user set password=PASSWORD("imran") where User='root'; mysql> flush privileges; mysql> quit Step # 5: Stop MySQL Server: # /etc/init.d/mysql stop Step # 6: Start MySQL server # /etc/init.d/mysql start Step # 7: Test it # mysql -u root -p

Step 1) Installation of Apache and PHP4 aptitude install apache2 php4 libapache2-mod-php4 Step 2) Installation of MySQL Server aptitude install mysql-server mysql-client php4-mysql change of MYSQL root Pasword mysql -u root mysql> USE mysql; mysql> UPDATE user SET Password=PASSWORD('new-password') WHERE user='root'; mysql> FLUSH PRIVILEGES; step 3) Installation of PhpMyAdmin aptitude install phpmyadmin Edit /etc/apache2/apach2.conf: append at the end Include /etc/phpmyadmin/apache.conf Testing http://domainname.com/phpmyadmin/ Login using mysql root and create users. Further docs http://www.howtoforge.com/ubuntu_debian_lamp_server

Step 1: Install DHCP package aptitude install dhcp3-server Step 2: Configure DHCP package option domain-name "domain.com"; option domain-name-servers 10.0.0.2, 193.10.10.10; option routers 10.0.0.1; default-lease-time 3600; subnet 10.0.0.0 netmask 255.0.0.0 { arrange 10.0.0.100 10.0.0.254; #OPTIONS #if you want to assign IP based on MAC address host imran { hardware ethernet 00:50:BA:82:DE:63; fixed-address 10.10.10.10; } } Step 3: Restart /etc/init.d/dhcp3-server restart Further Docs http://www.debianhelp.co.uk/dhcp.htm

Adding user name and password in authentication file in Apache2 root@jupiter:/etc/apache2# htpasswd /etc/apache2/intranet.passwd halvard This will append the MD5 password with user in file. Installation of Java on Ubuntu root@imran-desktop:~# sudo apt-get install sun-java6-jre sun-java6-plugin sun-java6-fonts root@imran-desktop:~# java -version java version "1.6.0_16" Java(TM) SE Runtime Environment (build 1.6.0_16-b01) Java HotSpot(TM) Client VM (build 14.2-b01, mixed mode, sharing) Check directory size du -hs /home/imran/ How to check all installed packaged and version of a specific installed packag e dpkg -s apache2 dpkg --list |more How to Zip and unzipp #aptitude install zip unzip zip imran.zip file1 file2 file3 Then you can extract the original files like this: unzip imran.zip

1) Network copying using rsync Step 1: Install rsync on both machines aptitude install rsync Step 2: Edit of /etc/default/rsync on both machines RSYNC_ENABLE=false to RSYNC_ENABLE=true Step 3: Restart rsync on both machines /etc/init.d/rsync restart Step 4: Start copy from machine1 to machine2 rsync -e ssh -avz /home/imran 192.168.100.10:/media/usbdisk/imran options a: archive mode perserver file permission v: verbose z: compress (this will reduce time) This will prompt for password, enter password, you will see building file list.. Backup using Rsync Make script and place it under /etc/cron.daily. Generate and copy the key ssh-keygen -t dsa, and press Enter when prompted for a passphrase. After the key is created, use ssh-copy-id -i .ssh/id_dsa.pub root@remote.host.com to copy the public key to the remote host. (Note: this presume that SSH is installed with key transfer) 2) Network copying using scp scp -Cr /home/imran 192.168.100.10:/media/usbdisk r:recursvly copying C:...

Step by Step Guide; Step 1 Enable Digest Authentication This authentication does not supported by default #a2enmod auth_digest Step 2 Set up user/password/realm htdigest -c /var/www/munin/.htpasswd munin username munin is realm and username is username. supply "username" user password, Step 3 Making Authentication required go back to /etc/apache2/sites-available/monitoring. Options FollowSymLinks AllowOverride None #authentification AuthType Digest AuthName "munin" AuthDigestFile /var/www/munin/.htpasswd #people using apache 2.2 will use instead: #AuthUserFile /var/www/munin/.htpasswd require valid-user Step 4 Reload apache configuration #apache2ctl -t Syntax OK $/etc/init.d/apache2 force-reload Step 5 Tesing and Running Now, go to http://monitoring.example.com with your browser. A box should prompt you for a username and password. Supply the one you define above and you should be given access to munin statistics.

It requires following packages; • Web Server e.g apache • Munin Server • Munin Clients • Measuring temperature using smartmontools • Munin Windows plugins • Documentation and further Reading WEB SERVER e.g APACHE Linux Apach2 for debian #apt-get install apache2-mpm-prefork Run the script “apache2-ssl-certificate” i.e # apache2-ssl-certificate MUNIN ON SERVER #apt-get install munin munin-node Edit Configuration /etc/munin/munin.conf # a simple host tree [localhost.localdomain] address 127.0.0.1 use_node_name yes [machine1.domain.com] address xx.xxx.xxx.xx use_node_name yes [machine2.domain.com] address xx.xxx.xxx.xx use_node_name yes ##please write ip on xx MUNIN ON CLIENTS Instlal it in each client #apt-get install munin-node change configuration /etc/munin/munin-node.conf Edit Configuration on each Client Machine Client 1 machine1.domain.com # # Example config-file for munin-node # log_level 4 log_file /var/log/munin/munin-node.log port 4949 pid_file /var/...

After plugin USB, see any activity tail -f /var/log/syslog if nothing about usb mass storage, check reasons. If "no loadable modules!", your old Kernel does not support USB, you might need to upgrade it (depending upon hardware of machine) in my case it was the Via CPU which is not a full-blown 686. Then install the new kernel apt-get install linux-image-2.6.18-4-486 After that config the lilo or grub in our case it was lilo: edit /etc/lilo.conf default=2.6.18 Then restart the machine. check activity and see syslog (see up command) Kernal find the disk Aug 14 20:05:11 neptune kernel: usb-storage: device found at 3 Aug 14 20:05:11 neptune kernel: usb-storage: waiting for device to settle before scanning Aug 14 20:05:16 neptune kernel: Vendor: ATA Model: SAMSUNG HD321KJ Rev: CP10 Aug 14 20:05:16 neptune kernel: Type: Direct-Access ANSI SCSI revision: 05 Aug 14 20:05:16 neptune kernel: SCSI device sda: 625142448 512-byte hdwr sectors (320073 MB) Aug 14 20:05:1...

Following things are involved.  MAIL SERVER 'Exim4'  INSTALLATION OF PACKAGES  CONFIGURATION  FURTHER DOCUMENTATION MAIL SERVER: We are already running EXIM4, as our mail mail server on a different machine and network with folloing IMAP and SMTP Imap.domain.com Smtp.domain.com No need to install it from scracth. INSTALLATION OF PACKAGES: A) Web server Apache with ssl support Install apache2: apt-get install apach2 install ssl certificate: apt-get install ssl-cert generate certificate: openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/apache.pem -keyout /etc/apache2/apache.pem country name: NO state name: Oslo locality name: Oslo organizaion name: yourcompany organizatinal unit: IT common name: webmail email addres: youremail@yourdomain.com B) PHP4 (php5 has some problems) PHP4 Installation: apt-get install php4 C) UW IMAP Installation of uw-imapd: apt-get install uw-imapd D) Squirrelmail Squirrelmail Installation: apt-get install squirelmail you can also download f...