Pages

Showing posts with label Ubuntu Server. Show all posts
Showing posts with label Ubuntu Server. Show all posts

Monday, June 13, 2011

Maintenance Linux System




(www.ubuntu.com/usn)
ubuntu Security News

1. update & upgrade the System

  1. sudo apt-get update
  2. sudo apt-get dis-upgrade
When we run dist-upgrade have the Message
The following NEW packages will be automatically installed:
  linux-image-2.6.15-29-server
The following NEW packages will be installed:
  linux-image-2.6.15-29-server
The following packages will be upgraded:
  linux-image-server
1 packages upgraded, 1 newly installed, 0 to remove and 0 not upgraded.

We need Restart the Server when users finish work.
            3. sudo shutdown –r now

2. Check Disk Pace

            -Check disk on the Linux Computer [df –h]
            -Check disk every  week
            -Check for user use
            -sudo quotas /home

3. Check the Log File

            -cd /var/log ls
            -sudo less messages
            -When the message alert all the time this is the problem
            -sudo less syslog



Posted by at No comments:
Labels:

How to Install samba In Ubuntu Server


        1 sudo apt-get install samba

Change samba configuration file
/etc/samba$ sudo vim smb.conf
[global]
       ; use the name of your Samba server instead of [server name] (sv001)
       ; and your own workgroup instead of [Domain name] VTC
        netbios name = sv001
        workgroup = VTC
        encrypt passwords = yes
        server string =
       
       domain master = yes
        local master = yes
        preferred master = yes
        os level = 65

        security = user
        domain logons = yes

        ; logon path tells Samba where to put Windows NT/2000/XP roaming profiles
        logon path = \\%L\profiles\%u
        logon script = %g\logon.bat

        logon drive = H:
        ; logon home is used to specify home directory and
        ; Windows 95/98/Me roaming profiles location
        ; logon home = \\%L\%u\.win_profile\%m
       
        time server = yes

        ; the below works on Red Hat Linux – other OSs might need a different command
        add user script = /usr/sbin/useradd –d /dev/null –g users –s /bin/false –m %u
       
[netlogon]
        path = /usr/local/samba/lib/netlogon
        writable = no
        browsable = no
       
[profiles]
        ; you might wish to use a different directory for your
        ; Windows NT/2000/XP roaming profiles
        path = /home/samba-ntprof
        browsable = no
        writable = yes
        create mask = 0600
        directory mask = 0700

[homes]
        read only = no
        browsable = no
        guest ok = no
        map archive = yes
[transfer]
       path = /home/transfer
       browsable = yes
       guest ok = no
       writable = yes
       create mask = 0644
       directory mask = 0755
[office-docs]
      path = /home/office-docs
      browsable = yes
      guest ok = no
      writable = yes
      create mask = 0660
      directory mask = 0770
        force group = office
Command Checker Samba Configuration:  
testparm
Create 3 Groups (students, teachers, office)
        sudo groupadd students
        sudo groupadd teachers
        sudo groupadd office

Creating Directory on the Samba Server
The [netlogon] and [profiles] shares defined in our new smb.conf file reference directories on the Samba Server, and it is necessary to create those directories with the proper permissions:

        # mkdir – p /usr/local/samba/lib/netlogon (-p create sub folders Like mkdir /usr/local/treat/tyer/)
        # chmod 775 /usr/local/samba/lib/netlogon
        # mkdir /home/samba-ntprof
        # chmod 777 /home/samba-ntprof
        # mkdir /home/transfer
        # chmod 755 /home/transfer
        # mkdir /home/office-docs
Change the group owner (office-docs)

       # chgrp office /home/office-docs
       # chmod 770 /home/office-docs

Restart the Samba Daemon
        # /etc/init.d/samba restart

Create folders 3 in /usr/local/samba/lib/netlogon: (teachers, students, office)
Create logon file in the each folder above:

       # /usr/local/samba/lib/netlogon$ (teachers, students, office)
       sudo vim logon.bat

In folder teachers
        net time \\sv001 /set /yes
        net use /delete T:
        net use T: \\sv001\transfer
        net use /delete O:
        net use O: \\sv001\office-docs
Before Save or Close type command :se ff=dos
In folder office
        net time \\sv001 /set /yes
        net use /delete T:
        net use T: \\sv001\transfer
        net use /delete O:
        net use O: \\sv001\office-docs
Before Save or Close type command :se ff=dos

In folder students
        net time \\sv001 /set /yes
        net use /delete T:
        net use T: \\sv001\transfer
Before Save or Close type command :se ff=dos
Change Samba root password
        sudo smbpasswd -a root
Synchronize time
        sudo ntpdate swisstime.ethz.ch
Create script file backuppasswdfiles.sh (/home/vtc)
#!/bin/sh
rm –f passwd
cp /etc/passwd .
rm –f shadow
cp /etc/shadow .
rm –f group
cp /etc/group .
rm –f smbpasswd
cp /etc/samba/smbpasswd .

Create script file createsmbuser.sh in vtc user (/home/vtc)
#!/bin/sh
# (-s /bin/false we don't allow user to logon to server)
useradd –s /bin/false –g $2 –G $3 –m $1
# (R: recursive)
chmod -R 700 /home/$1
# (force: don't show warnings)
# (.??* we remove any file with 3 or more letters)
rm –Rf /home/$1/.??*
# (-a: add smbuser)
smbpasswd –a $1
# (-p: protoname or template)
edquota –p test.user $1
# backup password files automatically
./backuppasswdfiles.sh

Assign execution rights to script

        chmod 700 backuppasswdfiles.sh
   chmod 700 createsmbuser.sh

Copy Default User
        sudo cp –R Default\ User/ /usr/local/samba/lib/netlogon
Create the new users and then

        sudo ./createsmbuser.sh <username> <maingroup> <additional groups>
        eg. # sudo ./createsmbuser.sh test.user office users,internet

Samba Users
 Assign the Computer for Client to login to the Domain Server
        sudo useradd –s /bin/false –d /dev/null –g users [computer name$]

Install Quota
        use quota documentation (Install Quota Share Limit Space.doc)
Join Windows Computer to Domain
Create addgroup.sh and delgroup.sh script
1.    cd
2.    vim addgroup.sh
#!/bin/sh
groupnr=`awk -F: '{if ($1 == groupstr) print $3}' groupstr=$2 < /etc/group`
userlist=`awk -F: '{if ($4 == groupnr) print $1}' groupnr=$groupnr < /etc/passwd`
for user in $userlist
do
              adduser $user $1
done
./backuppasswdfiles.sh

3.    vim delgroup.sh
#!/bin/sh
groupnr=`awk -F: '{if ($1 == groupstr) print $3}' groupstr=$2 < /etc/group`
userlist=`awk -F: '{if ($4 == groupnr) print $1}' groupnr=$groupnr < /etc/passwd`
for user in $userlist
do
              deluser $user $1
done
./backuppasswdfiles.sh

4.    chmod +x addgroup.sh delgroup.sh
5.    sudo ./addgroup.sh <add this group> <to members in this maingroup>
sudo ./addgroup.sh internet teachers
6.    sudo ./delgroup.sh <remove this group> <from members in this maingroup>
sudo ./delgroup.sh internet teachers

NOTE:
        id <username> (Show group and membership)
        smbstatus (Samba Status)

Delete user and password
        sudo userdel –r <username>
        sudo vim /etc/samba/smbpasswd to delete user & password
        sudo rm –r /home/samba-ntprof/user profile
Install a printer share through logon.bat

RUNDLL32 PRINTUI.DLL,PrintUIEntry /in /q /n\\computername\printername

What to do after hard disk crash and reinstallation of Linux
sudo cp /mnt/backup/files/%date%/tree/vtc/group /etc/group
sudo cp /mnt/backup/files/%date%/tree/vtc/passwd /etc/passwd
sudo cp /mnt/backup/files/%date%/tree/vtc/shadow /etc/shadow
sudo cp /mnt/backup/files/%date%/tree/vtc/smbpasswd /etc/samba/smbpasswd
sudo shutdown –r now
sudo cp –R /mnt/backup/files/%date%/tree /home

Posted by at No comments:
Labels:

How to Install squid in Ubuntu Servier


            1 sudo apt-get install squid
Change configuration
            2 sudo vim /etc/squid/squid.conf
# Squid normally listens to port 3128 (assign IP address)
http_port 192.168.1.5:3128
#Default: (assign 20% from your RAM) (calculation: xRAM*20/100)
cache_mem 38 MB
#Default: (maximal download package size on your hard disk)
maximum_object_size 16384 KB
#Default: (maximal download package size on your RAM)
maximum_object_size_in_memory 32 KB
#Default: (get free hard disk space policy)
cache_replacement_policy heap LFUDA
#Default: (get free memory space policy)
memory_replacement_policy heap LFUDA
#Default: (assign 80% of your /var partition in MBs) (calculation: xGB*1024*80/100)
cache_dir ufs /var/spool/squid 6062 16 256
#Default: (hide internal IP address)
forwarded_for off
#Default: (turn off squid information in http packages)
via off
#Default:
# none: (use visible_hostname instead of none)
visible_hostname proxy
Restart Squid
            2 sudo /etc/init.d/squid restart
Change configuration
Allow IP address:
3 sudo vim /etc/squid/squid.conf
# Example rule allowing access from your local network.
acl office src 192.168.1.41-192.168.1.44
acl class src 192.168.1.11-192.168.1.31
acl laptop src 192.168.1.59
http_access allow laptop
http_access allow office
http_access allow class

Allow Samba users:
            3 sudo apt-get install smbclient
            4 sudo vim /etc/squid/squid.conf
find following lines and uncomment them:
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

Add following line and change DOMAINNAME to your domain:
auth_param basic program /usr/lib/squid/smb_auth -W DOMAINNAME

# Example rule allowing access from your local network.
acl domainusers proxy_auth REQUIRED
http_access allow localhost
http_access allow domainusers
            4 sudo /etc/init.d/squid restart

On samba server
            create a file /usr/local/samba/lib/netlogon/proxyauth and add following line to file
                        allow
            change proxyauth to group internet: sudo chgrp internet proxyauth
            change permission of proxyauth: sudo chmod 640 proxyauth
            If you want to allow all users to connect to internet you just write
                        chgrp users proxyauth
            If you only want to allow members of the group internet to connect to the Internet you just write
                        chgrp internet proxyauth

Test proxy
5 use Firefox on a other machine and try to connect to http://checker.samair.ru/
Install squidguard
6 sudo apt-get install squidguard apache2
Enable squidguard
7 sudo vim /etc/squid/squid.conf
jump to the end of the file and add following lines:
# Tag redirect program
redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf



SquidGuard configuration
8 sudo vim /etc/squid/squidGuard.conf
#
# CONFIG FILE FOR SQUIDGUARD
#

dbhome /var/lib/squidguard/db
logdir /var/log/squid

# DESTINATION CLASSES:
#

dest adv {
     domainlist adv/domains
     urllist adv/urls
}

dest aggressive {
     domainlist aggressive/domains
     urllist aggressive/urls
}

dest drugs {
     domainlist drugs/domains
     urllist drugs/urls
}

dest gamble {
     domainlist gamble/domains
     urllist gamble/urls
}

dest porn {
     domainlist porn/domains
     urllist porn/urls
}

dest spyware {
     domainlist spyware/domains
     urllist spyware/urls
}

dest violence {
     domainlist violence/domains
     urllist violence/urls
}

acl {
     default {
           pass !adv !aggressive !drugs !gamble !porn !spyware !violence
           redirect http://192.168.1.5/cgi-bin/squidGuard.cgi?clientaddr=%a&clientname=%n&clientident=%i&srcclass=%s&targetclass=%t&url=%u
     }
}

Setup blacklist script updater
9 wget -c http://squidguard.shalla.de/Downloads/shalla_update.sh
10 vim shalla_update.sh
squidGuardpath=”/usr/bin/squidGuard”
squidpath=”/usr/sbin/squid”
httpget=”/usr/bin/wget”
tarpath=”/bin/tar”
chownpath=”/bin/chown”

dbhome=”/var/lib/squidguard/db”
squidGuardowner=”proxy.proxy”

Instead of $squidpath –k reconfigure:
/etc/init.d/squid restart

11 chmod +x shalla_update.sh
12 sudo mv shalla_update.sh /etc/cron.weekly/
13 sudo /etc/cron.weekly/shalla_update.sh
Create Permission Denied Website
14 sudo mkdir /usr/lib/cgi-bin
15 sudo cp /usr/share/doc/squidguard/examples/squidGuard.cgi.gz /usr/lib/cgi-bin/
16 sudo gunzip /usr/lib/cgi-bin/squidGuard.cgi.gz
17 sudo chmod +x /usr/lib/cgi-bin/squidGuard.cgi
18 sudo mkdir /var/www/images

19 Create following pictures with Photo Shop
                        1 logo.jpg
                        2 white.jpg
sudo cp logo.jpg /var/www/images
sudo cp white.jpg /var/www/images
20 sudo vim /usr/lib/cgi-bin/squidGuard.cgi
            change: $image = "/images/blocked.gif";
            to: $image = "/images/white.jpg";

change: $redirect =”http://admin.your-domain/images/blocked.gif”;
to: $redirect =”http://192.168.1.5/images/white.jpg”;

            change: $proxymaster =”operator\@your-domain”;
            to: $proxymaster =”wec_vtc\@online.com.kh”;

            change: “http://info.your-domain/images/eto.small.gif”;
to: “http://192.168.1.5/images/logo.jpg”;
    
     change: “http://www.your-domain/”;
     to: “http://www.wec-ap.org/”;
Restart Squid
            21 sudo /etc/init.d/squid restart
Test proxy
22 use Firefox on a other machine and try to connect to http://www.drugs.com

Note:
 if you have problems with squidGuard: try to change permission from dbhome and start optimizing db again: (sudo –u proxy = run command with proxy rights)
            sudo chown proxy.proxy –R /var/lib/squidguard/db
            sudo –u proxy squidGuard –C all 
Posted by at No comments:
Labels:

Thursday, June 2, 2011

Change Ubuntu Server from DHCP to a Static IP Address


If the Ubuntu Server installer has set your server to use DHCP, you will want to change it to a static IP address so that people can actually use it.
Changing this setting without a GUI will require some text editing, but that’s classic linux, right?
Let’s open up the /etc/network/interfaces file. I’m going to use vi, but you can choose a different editor
sudo vi /etc/network/interfaces
For the primary interface, which is usually eth0, you will see these lines:
auto eth0

iface eth0 inet dhcp

As you can see, it’s using DHCP right now. We are going to change dhcp to static, and then there are a number of options that should be added below it. Obviously you’d customize this to your network.
auto eth0

iface eth0 inet static
        address 192.168.1.100
        netmask 255.255.255.0
        network 192.168.1.0
        broadcast 192.168.1.255
        gateway 192.168.1.1

Now we’ll need to add in the DNS settings by editing the resolv.conf file:
sudo vi /etc/resolv.conf
On the line ‘name server xxx.xxx.xxx.xxx’ replace the x with the IP of your name server. (You can do ifconfig /all to find out what they are)
You need to also remove the dhcp client for this to stick (thanks to Peter for noticing). You might need to remove dhcp-client3 instead.
sudo apt-get remove dhcp-client
Now we’ll just need to restart the networking components:
sudo /etc/init.d/networking restart

g-right� \ x X�J ��G ottom: 0px; padding-left: 0px; color: rgb(51, 51, 51); font-size: 14px; font-family: Verdana; line-height: 17px; ">

sudo apt-get remove dhcp-client
Now we’ll just need to restart the networking components:
sudo /etc/init.d/networking restart
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)