Linux beginner's Workshop

A Linux 1-day
workshop
Presented by Peter Dalmaris

About this workshop

• No prior knowledge of Linux necessary
• Lots of Linux ﬂavours, we concentrate on
Ubuntu
• Server, not desktop edition
• 9am to 5pm with a couple of breaks

About this workshop
๏ Start with some history and
architecture

๏ Virtual Machines, installation

๏ Remote access

๏ User management

๏ File system

๏ Networking (including Samba)

๏ Backing up

๏ Server software

About this workshop
๏ Start with some history and
architecture
๏ Software management: installing,
removing, updating

๏ Virtual Machines, installation
๏ Scheduling jobs through cron
๏ Remote access
๏ Vim
๏ User management
๏ Webmin
๏ File system
๏ Rsync
๏ Networking (including Samba)

๏ Backing up ๏ ...and anything else we can ﬁt in
๏ Server software

About me
• Working with Linux for over 10 years
• Administrator for two public web applications
running on Ubuntu Linux 8.10 and 9.04
(www.trackscentral.com, www.gitcentral.com)
• Delivering IT services through my company,
Futureshock Research.
• Teaching at CSU since 2002.
• Undergraduate degree in Electrical and Computer
Engineering, Masters in Information Systems, Masters
in Knowlegde Management, PhD in Business Process
Management and Knowledge Management.
• Contact me at peter.dalmaris@gmail.com

History - UNIX and
GNU
• UNIX dominated the OS space since 1960.
It was efﬁcient, effective, but expensive.
• An effort to produce an open-source
UNIX-like OS begun by Richard Stallman in
1994, this was the GNU project beginnings.
• A lot of software was written as part of the
GNU project by the Free Software
Foundation: compilers, text editors, a shell...

History - GNU is not
an OS

• ...but there were no complete kernel,
device drivers, daemons etc.
• Without these subsystems, GNU could not
be completed as intended.

History - Linux ﬁlls the
gap
• In 1991 Linus Trovalds developed a replacement of
MINIX teaching OS developed by Andrew S.
Tanenbaum and released by Prentice-Hall.
• This replacement became the Linux kernel.Version
0.12 of Linux was released in 1992.
• At ﬁrst, it operated in the Minix user space.
• Linux kernel became the missing GNU kernel.

The cost of developing
Linux Fedora 9

The cost of developing
Linux Fedora 9

Linux kernel

NCAR's newest supercomputer: On 12 July
2004, SCD took delivery of lightning, a new
Linux cluster manufactured by IBM. The 1.1-
teraflop system is now installed in the NCAR
Computer Room

Motorola RAZR², an advanced
embedded system using embedded
Linux

The Nokia N810 features the Maemo
Linux distribution,[2] based on
Maemo 4.0, which features MicroB
(a Mozilla-based mobile browser), a
GPS navigation application, new
media player, and a refreshed
interface.

The WRT54G is notable for Ubuntu Linux on
being the first consumer- Macbook Pro
level network device that
had its firmware source code
released to satisfy the
obligations of the GNU
GPL.

Ubuntu Linux
• A good choice for both server and desktop
distribution.
• Free and well updated - new release every
six months.
• Security updates for 18 months - after that
just upgrade to the latest version.
• There are LTS versions with extended
length support.

Ubuntu Linux server
• Build on Debian, with reputation for robust
server implementations.
• Latest version is 9.04, based on kernel
2.6.28-11.37.
• Out of the box support for cloud
computing (Eucalyptus).
• Mail server stack: SMTP, POP3, IMAP with
TLS and SASL.

Ubuntu Linux server

• Kernel-based virtual machine (KVM).
• Microsoft Exchange support.
• Simpliﬁed ﬁrewall.
• etc. etc.

Getting started:
installation
• It makes sense to install servers on virtual
machines:
• Better use of existing hardware
• Ease of maintenance and disaster recovery
You can assign a Linux virtual machine to a single
service, like a web server, email server etc. Keep
things simple.
Maintain a single Linux host and multiple guests.

Option 1: Ubuntu server
on VMware on any host
• Download the server image from http://
www.ubuntu.com/getubuntu/download-
server
• Start Vmware
• Create a new virtual machine using the
image you just downloaded

Video available at http://
blog.futureshock-ed.com/...

Hands-on: Installation
Sample partitioning that separates critical portions of
the hard drive.
Directory Type FS Size Typical Size LAB
/boot Primary Ext2 100MB 200MB
/var LVM XFS 4GB 700MB
/home LVM XFS 200GB 3GB
/ LVM Ext3 50GB 2GB
swap LVM Swap 1GB 200MB

Option 2: Linux guests to an
Ubuntu host running KVM

• KVM is the default virtualisation technology
that ships with current versions of Ubuntu
• Requires hardware with virtualisation
extensions

One host, many guests

Ubuntu guest

Windows guest

Ubuntu host

Install a guest #1
Can your hardware support KVM?
Inspect the cpuinfo
virtual ﬁle:

No output means no KVM support. Try checking
virtualization settings in the BIOS.

If there is support, install the required packages:

Use the apt-get
package manager:

• libvirt-bin provides libvirtd which you need to administer qemu and kvm instances
using libvirt
• kvm is the backend
• ubuntu-vm-builder powerful command line tool for building virtual machines
• bridge-utils provides a bridge from your network to the virtual machines

Install guest #2
Add your user name to the libvirtd group
More about user
management later.
This will give you access to the system-wide libvirtd
instance. Log out and in to make this effective.

Test the installation is valid:

virsh is the main
interface for
managing guest
domains

Install KVM #3
Run the KVM command as root to reveal
problems, such as lack of hardware

kvm command can be
used to start guest
machines directly.

Setup the virtual
network #1
To enable network services to the VM and
VM access to the outside world, we must
conﬁgure bridge networking; The VM will
access the network through the host’s
physical network interface.
1. Install the bridge utility

2. Stop networking services

Setup the virtual
network #2
3. Edit /etc/network/
interfaces and add
the br0 section:

Content of /etc/
network/

You may use DHCP
instead of ﬁxed values.

Setup the virtual
network #3
4. Restart networking services:

Remote administration
with SSH #1
• Ubuntu comes with an open source
implementation of the SSH standard, called
OpenSSH.
• OpenSSH makes it possible to securely
control a remote computer, and to transfer
ﬁles.
• To make this possible, we must install the
sshd component on the server if not
already installed.

with SSH #2
Install the sshd component:

Install the client component:
Some OS’s, like Mac OS X, come with an SSH client build-in. In
Windows, use Putty.

with SSH #3
Connect:

Local machine

Remote machine

with SSH #4
You can authenticate the client using its public key;
then, you will not need to provide a password every
time you want to connect.

Create the client’s public key if one doesn’t exist
already:
ssh-keygen is a key
pair generator

This creates your key pair and stores it in ~/.ssh/.

with SSH #5
Take the contents of the file in ~/.ssh/id_dsa.pub on
the client, and paste it in the file ~/.ssh/
authorized_keys on the server. If the target file does
not exist, create it. This is how authorized_keys may
look like:

with SSH #6
Connect just like before, there
should be no request for your
password:

Local machine

Remote machine

Upgrading
To upgrade to the latest version of Ubuntu
server, use the so-release-upgrade utility.
First, update apt-get to acquire the latest package
information:

Then, install the upgrade utility:

Finally, do the upgrade:

Updating installed
packages
Use the apt-get tool:

To automate package updates, use unattended-
upgrades:
Install the package:

... and conﬁgure it:

Unattended upgrade actions are logged in /var/log/unattended-upgrades. Add a Cron job to
run /usr/bin/unattended-upgrade periodically.

User management
๏ A critical aspect of server management.
๏In Ubuntu, the root user is disabled for safety.
๏Management tasks requiring root access can be
completed by using the sudo command by a user who
is in the “admin” group.
๏The user created during the installation process is
added automatically to the admin group.

Adding and deleting
users
To add a user:

To delete a user (will retain the home directory):

To disable a user:

To enable a user:

Creating and deleting
groups
To create a group:

To delete a group:

To add a user to a group:

User proﬁles
By default, all new home directories are accessible
by everyone.You can enforce non-default access
rights to new home directories by editing /etc/
adduser.conf:

The contents of this directory are modelled after the
contents of /etc/skel.

Password policy
You can enforce strong user passwords by editing the
password policy ﬁle /etc/pam.d/common-password.

For example, to enforce a password with minimum 6
characters, edit the password line to look like this:

Password expiration
To see the password expiry value for a user, use the
“chage” command:
The chage tool is for
changing password
expiration date.

To make changes:

File system
A ﬁlesystem is responsible for managing data stored
on a non-volatile storage device like hard disks, USB
drives, DVDs etc.

Most linux distros, including Ubuntu, use ext3 (“third
extended ﬁlesystem”).

Ubuntu 9.04 introduces experimental support for
ext4.

Ext3
A journaling ﬁlesystem: logs changes in a journal to
increase reliability in case of power failure or system
crash.

Ext3

Not as fast as others, like JFS, ReiserFS and XFS,
but wins in CPU utilization, reliability, and testing
base.

Ext3 ﬁle limits

^ 8 KiB block size is only available on architectures which allow 8 KiB pages, such as Alpha.

Ext3 levels of journaling
❖Journal
❖Lowest risk, slowest
❖Metadata and files are written to the journal before being
committed.
❖Ordered (default)
❖Medium risk, medium speed
❖Metadata are written to the journal only - ext3 guarantees file
contents are written to disk before marked as committed in
the journal. Beware of “intermediate state” problem!
❖Writeback
❖Highest risk, fastest
❖Metadata written in journal, no guarantee for file contents.

Ext4
❖Adds 64-bit storage limits.
❖Volumes up to 1 exabyte. Files up to 16 terabytes.
❖Improved large ﬁle performance and reduced
fragmentation.
❖Backwards compatible with ext2 and 3.
❖Journal cheksumming (not present in ext3).
❖Online defragmentation.
❖Timestamps in nanoseconds.

Files and directories
Filesystems store data in ﬁles and directories.
Filesystems are stored in disk partitions.
You can conﬁgure partitions any way you like, but
something like this is advisable:

fstab: static fs info
fstab is a text ﬁle that
contains ﬁlesystem
information

df: Partition utilization
df stands for “disk
free”

Mount points
The mount command attaches a
ﬁlesystem to a mount point

Remount /usr in read only:

Mount all fs in /etc/fstab:

File & directory
commands
Command Description
ls Lists the contents of a directory
cd Change directory
mkdir Create directory
rmdir Remove directory
cp Copy file
mv Move file
rm Remove file
pwd Print the present working directory
file Print the presumed type of a file
chmod Change the permission attributes of a file

Repartitioning a live
system

Video available at http://
blog.futureshock-ed.com/...

Networking
Most networking is configured by editing two files:
❖/etc/network/interfaces
❖Ethernet, TCP/IP, bridging
❖/etc/resolv.conf
❖DNS
Other networking files:
❖/etc/hosts
❖/etc/dhcp3/dhcpd.conf

/etc/network/interfaces
Typical default contents:
Directive Description

Indicates the device should be setup at boot
auto
time.

lo Loopback interface.

iface “Interface”.

Ethernet device 0, typically the primary
eth0
network adaptor.

Indicates network adaptor has an IPv4
inet
address space.

Network adaptor gets its conﬁguration from
dhcp
a DHCP server.

/etc/network/interfaces
Good practice: fix your server’s IP address.
Directive Description

Indicates the adaptor uses fixed IP
static
configuration.

address The IP address of the host.

netmask Network subnet mask.

gateway Gateway address.

network The network portion of the IP address.

nameserver The IP of a DNS.

For static interfaces, you may also need to edit /etc/resolv.conf to specify DNS servers.

/etc/hosts
Ubuntu refers to this ﬁle to resolve host names
before contacting a DNS. Good for frequently used
hostnames, or internal network hosts.

Network useful
commands
Command Description

ping Test that an internet host is reachable.

ifconﬁg Administer a TCP/IP network interface.

sudo /etc/init.d/ stop, start, restart as arguments; controls
networking network status.

Examine and conﬁgure the host’s routing
route
table.

Backup
“Failing to plan is planning to fail”
It is a matter of time before you experience system
failure on your server. When that happens, it is
nice to have a backup.

What is a backup?

... to keep multiple historical versions of your data
going back far enough in time to enable recovery
from a small or big disaster.

Types of backup
❖Full - Backup the complete data set
❖Incremental - Backup only changes since last
backup

Periodic backup
❖Daily - Hold for the short term
❖Weekly - Hold for the medium term
❖Monthly - Hold for the long term

Backup using a shell script
#!/bin/sh
####################################
#
# Backup to NFS mount script.
This script rotates
#
#################################### through 7 backups
# What to backup.
backup_files="/home /var/spool/mail /etc /root /boot /opt"
# Where to backup to.
- one for each day.
dest="/mnt/backup"
# Create archive filename.
day=$(date +%A)
hostname=$(hostname -s)
archive_file="$hostname-$day.tgz"
# Print start status message.
echo "Backing up $backup_files to $dest/$archive_file"
date
echo A modification can
# Backup the files using tar.
tar czf $dest/$archive_file $backup_files allow for rotation
# Print end status message.
echo
echo "Backup finished"
of daily, weekly, and
date
# Long listing of files in $dest to check file sizes.
monthly backups.
ls -lh $dest

Automating with cron
Cron is used to schedule the execution of scripts. We
will look at it in more detail later.

To enter the cron job editor

To run the backup script every # m h dom mon dow command
day of every month of every 0 0 * * * bash /usr/local/bin/backup.sh
year, at midnight

Restoring
Use tar to test the integrity of an archive, or to
extract its contents.

To list the contents of the
archive

To extract a ﬁle from the archive

To extract the full contents of
the archive

...or, specialised backup
utilities
Such as Bacula,
still open-source.

Servers, servers,
servers
Most useful work on a server is done by some
kind of server software:

❖Web (i.e. Apache)
❖Database (MySQL)
❖Application (LAMP - i.e Moin Moin)
❖FTP (i.e. vsftpd)
❖Network File System
❖Email (i.e. Postﬁx)
❖Etc.

Web server
Lot’s of choices for open source web servers.
❖Apache
❖LightTPD (YouTube,
Meebo, Wikipedia)
❖Nginx
❖Roxen

Apache:
history and
Apache has been around for ever (at least since the
begining of the known time, when the web was
invented):

❖powers 100 million websites (early 2009), over
46% of total
❖Most popular web server since 1996
❖Lineage going back to NCSA HTTPd
❖Comprehensive set of features - you want it, it
has it.

Installing Apache
Apache is installed in /etc/apache2.

Installing Apache
Apache is installed in /etc/apache2.
File/Directory Description
apache2.conf The main Apache2 configuration file. Contains settings that are global to Apache2.
Contains configuration files which apply globally to Apache. Other packages that use Apache2 to serve content
conf.d may add files, or symlinks, to this directory.

envars File where Apache2 environment variables are set.
Historically the main Apache2 configuration file, named after the httpd daemon.The file
httpd.conf can be used for user specific configuration options that globally effect Apache2.

mods-available This directory contains configuration files to both load modules and configure them.

mods-enabled Holds symlinks to the files in /etc/apache2/mods-available.

ports.conf Houses the directives that determine which TCP ports Apache2 is listening on.

This directory has configuration files for Apache Virtual Hosts.Virtual Hosts allow
sites-available Apache2 to be configured for multiple sites that have separate configurations.

Like mods-enabled, sites-enabled contains symlinks to the /etc/apache2/sites-available directory. Similarly when a
sites-enabled configuration file in sites-available is symlinked it will beactive once Apache is restarted.

/etc/apache2/sites-
available/site_name

/etc/apache2/sites-
available/site_name
<VirtualHost *:80>

ServerAdmin webmaster@localhost

DocumentRoot /var/www

<Directory />

Options FollowSymLinks

AllowOverride None

</Directory>

<Directory /var/www/>

Options Indexes FollowSymLinks MultiViews

AllowOverride None

Order allow,deny

allow from all

</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

<Directory "/usr/lib/cgi-bin">

AllowOverride None

Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch

Order allow,deny

Allow from all

</Directory>

ErrorLog /var/log/apache2/error.log

# Possible values include: debug, info, notice, warn, error, crit,

# alert, emerg.

LogLevel warn

CustomLog /var/log/apache2/access.log combined

</VirtualHost>

/etc/apache2/sites-
available/site_name
<VirtualHost *:80>


Port number of site

<Directory />


AllowOverride None

</Directory>



AllowOverride None

Order allow,deny

allow from all

</Directory>



AllowOverride None


Order allow,deny

Allow from all

</Directory>



# alert, emerg.

LogLevel warn


</VirtualHost>

/etc/apache2/sites-
available/site_name
<VirtualHost *:80>


Port number of site

<Directory />


AllowOverride None

</Directory>
Email of webmaster


AllowOverride None

Order allow,deny

allow from all

</Directory>



AllowOverride None


Order allow,deny

Allow from all

</Directory>



# alert, emerg.

LogLevel warn


</VirtualHost>

/etc/apache2/sites-
available/site_name
<VirtualHost *:80>


Port number of site

<Directory />


AllowOverride None

</Directory>
Email of webmaster


AllowOverride None
Root directory of site ﬁles

Order allow,deny

allow from all

</Directory>



AllowOverride None


Order allow,deny

Allow from all

</Directory>



# alert, emerg.

LogLevel warn


</VirtualHost>

/etc/apache2/sites-
available/site_name
<VirtualHost *:80>


Port number of site

<Directory />


AllowOverride None

</Directory>
Email of webmaster


AllowOverride None

Order allow,deny

allow from all

</Directory>

Static ﬁles block


AllowOverride None


Order allow,deny

Allow from all

</Directory>



# alert, emerg.

LogLevel warn


</VirtualHost>

/etc/apache2/sites-
available/site_name
<VirtualHost *:80>


Port number of site

<Directory />


AllowOverride None

</Directory>
Email of webmaster


AllowOverride None

Order allow,deny

allow from all

</Directory>

Static ﬁles block


AllowOverride None

Scripts block

Order allow,deny
Allow from all

</Directory>



# alert, emerg.

LogLevel warn


</VirtualHost>

/etc/apache2/sites-
available/site_name
<VirtualHost *:80>


Port number of site

<Directory />


AllowOverride None

</Directory>
Email of webmaster


AllowOverride None

Order allow,deny

allow from all

</Directory>

Static ﬁles block


AllowOverride None

Scripts block

Order allow,deny
Allow from all

</Directory>

Error log ﬁle


# alert, emerg.

LogLevel warn


</VirtualHost>

/etc/apache2/sites-
available/site_name
<VirtualHost *:80>


Port number of site

<Directory />


AllowOverride None

</Directory>
Email of webmaster


AllowOverride None

Order allow,deny

allow from all

</Directory>

Static files block


AllowOverride None

Scripts block

Order allow,deny
Allow from all

</Directory>

Error log file


# alert, emerg.

LogLevel warn

Access log file

</VirtualHost>

Multiple sites
Apache supports multiple sites on the same machine.
Assign sites by port number, sub-domain, directory
name, or any combination of the above.

After any conﬁguration changes,
restart Apache

Modules
There are many modules that provide additional
functionality.

These modules can be installed and loaded
dynamically.
Installs the MySQL
authentication module

Enables the new module and
restarts apache

Database server: mySQL

“The world’s most popular open-source database”*
*http://www.mysql.com/
Yahoo,
Google,
Alcatel,
Nokia,
Youtube

25% market
share (EDC
research)

MySQL features
❖Cross-platform compatible
❖Libraries for all major ❖Selection of storage engines
programming languages (innoDB, Berkeley, etc.)
❖Many administration ❖Replication
choices, command line, web- ❖ACID compliance with
based, GUIs innoDB, DBD, Cluster engines.
❖Stored procedures ❖Full-text indexing
❖Triggers ❖Open-source!
❖Cursors

Mysql installation
Installs the MySQL
authentication module
After installation, check mysql
deamon is running

To restart:

To conﬁgure:

Create a new database
and user
Log on as root (asks for
mysql -u root -p
password):

Create a new database: create database myDB;

grant all privileges on myDB.* to
Create a new user for the new ‘newuser’@‘localhost’identiﬁed by
database:
‘newpassword’with grant option;

To verify this worked, exit and exit;
logon as the new user (no error mysql -u newuser -p #asks for password
messages mean all good): use myDB;

LAMP
Linux A popular conﬁguration for
Apache Linux servers.
MySQL
Php LAMP applications are packaged
in a way that makes it easy to
install and manage.

LAMP example: Moin Moin
Moin Moin is a Python-based wiki engine.
Install Moin Moin (expects
Apache 2 already installed):
cd /usr/share/moin
Prepare the Moin Moin
sudo mkdir mywiki
directory:
sudo cp -R data mywiki
sudo cp -R underlay mywiki
sudo cp server/moin.cgi mywiki
sudo chown -R www-data.www-data
mywiki
sudo chmod -R ug+rwX mywiki
sudo chmod -R o-rwx mywiki

Configure Moin Moin
Edit /etc/moin/mywiki.py data_dir = '/usr/share/moin/mywiki/data'

data_underlay_dir='/usr/share/moin/mywiki/
In the next line, insert:
underlay'

### moin
ScriptAlias /mywiki "/usr/share/moin/mywiki/moin.cgi"
Configure Apache; add the alias /moin_static181 "/usr/share/moin/htdocs"
following lines in /etc/apache2/ <Directory /usr/share/moin/htdocs>
sites-available/default file inside the Order allow,deny
allow from all
“<VirtualHost *>” tag:
</Directory>
### end moin

Restart: sudo /etc/init.d/apache2 restart

Test it... Browse to http://localhost/mywiki

FTP
A simple way to transfer ﬁles between computers.
Many open source FTP servers available on Linux:
❖ vsftp
❖ Filezilla
❖ Pure-ftpd
❖ NASLite
❖ wu-ftpd
❖ etc.

Install vsftp
“Probably the most secure and fastest FTP server for UNIX-like systems.”
http://vsftpd.beasts.org/

Install it:

Install vsftp
“Probably the most secure and fastest FTP server for UNIX-like systems.”
http://vsftpd.beasts.org/

Install it:

Put your ﬁles here to
make them available
to FTP clients

Connect to the FTP
server

Connect to the FTP
server
Anonymous
connection

Connect to the FTP
server
Anonymous
connection

Download
to local
machine

Connect to the FTP
server
Anonymous
connection

Download
to local
machine

Download
completed

Secure FTP
Edit /etc/vsftpd.conf:

Now vsftpd will ask for the user’s password
and will start at their home directories.

NFS
Allows for server ﬁles and directories to be
available to remote clients as if they were local.

Install it:

NFS
Allows for server ﬁles and directories to be
available to remote clients as if they were local.

Install it:

Set directories to be
exported here:

Export a directory
Export the /home directory to
client with IP 192.168.178.20:

Connect to the
NSF export:

Use as if it is
local

Email services: Postﬁx

The default Mail Transfer Agent (MTA) for Ubuntu
Rich set of features:
❖Protocols: ❖Address masquarading
❖SMTP ❖Junk mail control
❖Databases: ❖Selective address rewritting
❖DKIM ❖VERP envelope return
❖DSN status ❖Berkley
❖CDB address
❖ETRN
❖IPv6 ❖LDAP
❖SASL authentication ❖MySQL
❖TLS encryption/authoentication ❖PostgreSQL
❖QMQP ❖Mailbox and Maildir formats
❖Virtual domains

Postfix installation
Install it:

The configuration screens will come up as part of
the installation.
To reconfigure at a later time:

Or, you can edit the Postfix configuration file /etc/
postfix/main.cf. After editing, restart:
Install it:

Postfix configuration
Check sources such as
Sample values:
these for details on
❖Internet Site configuration:
❖mail.example.com ❖http://flurdy.com/docs/postfix/
❖peter ❖http://ubuntuforums.org/
showthread.php?t=780509
❖mail.example.com, ❖http://en.wikipedia.org/wiki/
localhost.localdomain, localhost Email#Workings
❖No
❖127.0.0.0/8 [::ffff:127.0.0.0]/104 [::
1]/128 192.168.0/24
❖0
❖+
❖all

SMTP authentication
Allows a client to identify itself. Once authenticated,
the SMTP server will allow the client to relay mail.

Configuration for SMTP-AUTH is done with the
Dovecot package:

Install it:

In production, you will need to configure the SSL
certificate and key to be used with authentication and
encryption.

Test by sending yourself
an email
Install nail, a
command line
emailer:

Firewall
The Linux kernel includes the Netfilter subsystem:
controls network traffic in/out.

Linux firewalls utilise Netfilter. The administrator
tells Netfilter how to treat data packets by
configuring rules in iptables, a configuration file.

In Ubuntu, we use ufw as a configuration tool for
iptables.

ufw
“the friendly way to create a firewall”
ufw: Ucomplicated firewall

Install ufw:

Enable ufw and restart
the server to take effect:

You will not be able to
restore the SSH
connection until you or
configure ufw to allow
SSH traffic:

ufw, examples of rules
Delete a rule:

Allow access from a host to port
22 of any IP address on this host:

Allow all HTTP trafﬁc:

Use --dry-run to show the rule
corresponding to a directive:

ufw, examples of rules
Disable the firewall:

See status:

See detailed status:

Application integration, predefined
rules. Apply like this “sudo ufw allow
Postfix” and “sudo ufw app info Postfix”
to view rule details:

Package management
Over 24,000 software packages for Ubuntu. It is a
good idea to use a package manager to maintain
those installed on your server.:
❖Install
❖Remove
❖Resolve dependencies
❖Compile
❖Upgrade

Ubuntu is supported by apt-get, aptitude.

Most packages are supported by both, so your
choice.

apt
A collection of tools, not a single tool.

apt-get is the most important tool. Used for
tasks like:
❖Update the index ﬁles from their source
❖Upgrade all installed packages
❖Install a package
❖Remove installed package
❖Source code fetching
❖Build dependencies
❖Checks for broken dependencies
❖Clean the local repository
❖Autoclean only ﬁles in the local repository that can no longer be downloaded
and are considered useless.

Using apt-get
Already installed, ready to use.

Install a package named “nmap”:

Remove a package named “nmap”:

Update the apt index (the
repositories are listed in /etc/apt/
sources.list):

Upgrade all packages installed:

All actions are recorded in /var/log/dpkg.log

Automatic updates
The “unattended-upgrades” package can
automatically install updated packages.
Install it:

Deﬁne the type of upgrades in /
etc/apt/apt.conf.d/50unattended-
upgrades

All actions are recorded in /var/log/unattended-
upgrades

Windows connectivity
Works as:
❖File server
❖Printer server (including PDF)
❖Domain controller in Windows networks
❖Authentication
... for Windows clients

Samba installation
For Windows XP and later clients, there is nothing
to install.
For the Linux server:

Install Samba:

Samba configuration
To define a share (in this example, the home
folders), edit the /etc/samba/smb.cnf file:
[homes]
Make home directories shared, comment = Home Directories
browseable = yes
browsable, read-write: read only =no
create mask = 0775
directory mask = 0775
valid users = %S

Define the password for a share
user:

Reload Samba configuration:

Other Samba
capabilities
We just saw the most basic capability of Samba.
Other things you can do:
❖Sharing CUPS printers
❖Various security issues
❖Active Directory integration, including Kerberos
authentication
❖Database integration for user information
❖LDAP integration
❖Domain controller or client
❖WINS
❖Remote and local management

Scheduling with cron
Cron is the standard job scheduler for Unix.
Cron stands for “cronograph”.

Every user can specify scripts or programs to
run at speciﬁc time intervals in a text ﬁle called
“crontab”.

Example crontab ﬁle
Access/edit crontab ﬁle:

Schedule Redirect output Script to run

cron job deﬁnition
* * * * * command to execute

cron shortcuts
Entry Description Equivalent

Webmin: web
based server
Open source interface for system administration
based on modules:
❖User management
❖Apache
❖MySQL
❖OpenSSH
❖DNS
❖File sharing
❖etc.

Webmin installation
and conﬁguration
sudo apt-get install perl5 libnet-ssleay-perl
sudo apt-get install wget
Get required libraries, webmin wget http://prdownloads.sourceforge.net/webadmin/
archive, and run the setup utility. webmin-1.480.tar.gz
You can safely accept all setup script
defaults. tar xzvf webmin-1.480.tar.gz
cd webmin-1.480
sudo ./setup.sh

Access Webmin
https://serverIP:10000
Webmin modules Statistics

Vim: universal Unix
editor

Vim and vi
Vim is an improved version of vi, the stock-standard
text editor for Unix and Linux systems.

Install vim

start vim

Use commands expressed by keystrokes to control
vim (see cheat sheet in next slide).

Go on and build your server.

Notes and videos available at
http://blog.futureshock-ed.com.
A discussion group available at
http://groups.google.com/group/linux-alumni
Any feedback appreciated.

Have fun and stay in touch!

Linux beginner's Workshop

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Destaque

Destaque (20)

Semelhante a Linux beginner's Workshop

Semelhante a Linux beginner's Workshop (20)

Último

Último (20)

Linux beginner's Workshop