Wednesday, December 30, 2009

Install apache2, java5, Tomcat1.5 on debian

This is the step by step execution on how to get apache2 working with tomcat5 on debian. apache will be connecting via mod_jk to tomcat which are both running on sun's java 1.5.
it's how to install in the debian way after your done reading other peoples tutorials. it converse how apt-get should be configured and which packages need to be updated/installed.

Sun Java 1.5 install
1.check configuration of /etc/apt/sources.list for java-package

deb ftp://ftp.us.debian.org/debian/ unstable main contrib non-free
deb ftp://ftp.us.debian.org/debian/ testing main contrib

2.finally install sun's java
apt-get install sun-java5-jdk sun-java5-jre sun-java5-bin

3.i added JAVA_HOME to the default profile
vim /etc/profile
export JAVA_HOME="/usr/lib/jvm/java-1.5.0-sun"

4.java 1.5 is now installed and configured in "the debian way".
source /etc/profile

5.java -version

Apache2 install
1.everything should install this easy, but we want Java 1.5 and TomCat5 so it's hardish.
apt-get install apache2

TomCat5 install
1.install TomCat5
apt-get install tomcat5 tomcat5-webapps tomcat5-admin
you can check the install on port 8180 (not 8080) on browser as http://localhost:8180/

Monday, December 28, 2009

Configuration of NAT with iptables in debian


1.We have to create two network one for public ip eth0-192.168.1.xx/255.255.2550 and other eth1-192.1.68.2.1/255.255.0.0
2.ifup -a for link up state for woth the cards as ifup eth0, ifup eth1 and #/etc/init.d/networking restart
3.#ifconfig -a, or #ifconfig etho or #ifconfig eth1 or #ifconfig and #vim /etc/network/interfaces to show Ips configure or not
    4.check the output #route -n // it shows default gateway of eth0 and eht1 without more information


  1. Delete and flush. Default table is "filter". Others like "nat" must be explicitly stated.
    #iptables –flush
    #iptables --table nat –flush
    #iptables –delete-chain




  2. Delete all chains that are not in default filter and nat table
    #iptables --table nat –delete-chain


  3. Set up IP FORWARDing and Masquerading
    #iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
    #iptables --append FORWARD --in-interface eth1 -j ACCEPT
  4. Enables packet forwarding by kernel
    #echo 1 > /proc/sys/net/ipv4/ip_forward
  5. Ping the Gateway of the network from client system
    #ping 192.168.2.1
  6. Try it on your client systems
    #ping google.com
  7. check iptables by #iptables -L
  8. #iptables -t nat -L
  9. now configure client system-
     "Gateway": Use the internal network IP address of the Linux box. (192.168.2.1)
    "DNS Configuration": Use the IP addresses of the ISP Domain Name Servers. (Actual internet IP address)
    "IP Address": The IP address (192.168.XXX.XXX - static) and netmask (typically 255.255.0.0 for a small local office network) of the PC can also be set here.
  10. Restart the client system and get experiences
  11. But if you want to restart iptables satting when system bootin time you have to save script file in /etc/init.d/filename.Otherwise will have to configure again and again.
  12. Now intsall firestarter package for (Firewall GUI)
    #apt-get install firestarter
    It shows policies/rule for easy implimentation.

Now block a website through iptables NAT configuration

#iptables -I FORWARD -d (domain.name.com) -j DROP
#iptables -I INPUT -s 192.168.2.1(gateway local) or 192.168.2.x(ip local) or both -j DROP
#echo 1 > /proc/sys/net/ipv4/ip-forward


On the other hand allow the access-- Inplace of DROP you write the ACCEPT .

Sunday, December 27, 2009

how to install lamp on debian/ubuntu

1. Installing Apache +php

#apt-get install apache2 php5 libapache2-mod-php5

To check whether php is installed and running properly, just create a test.php in your /var/www folder with phpinfo() function exactly as shown below.

vim /var/ww/test.php

copy the folllowing lines in that file

# test.php 
Point your browser to http://ip.address/test.php or http://domain/test.php and this should show all your php configuration and default settings.
 

2. Installing MySQL Database Server

#apt-get install mysql-server mysql-client php5-mysql

The configuration file of mysql is located at: /etc/mysql/my.cnf

Creating users to use MySQL and Changing Root Password

By default mysql creates user as root and runs with no password. You might need to change the root password.
To change Root Password

#mysql -u root -p
mysql> USE mysql;
mysql> UPDATE user SET Password=PASSWORD('new-password') WHERE user='root';
mysql> FLUSH PRIVILEGES;

3. PhpMyAdmin Installation

PhpMyAdmin is a nice web based database management and administration software and easy to install and configure under apache. Managing databases with tables couldnt be much simpler by using phpmyadmin.
All you need to do is:
#apt-get install phpmyadmin

The phpmyadmin configuration file is located at: /etc/phpmyadmin folder.
To set up under Apache all you need to do is include the following line in /etc/apache2/apache2.conf:
Include /etc/phpmyadmin/apache.conf 
 
Now restart Apache:
#/etc/init.d/apache2 restart

Point your browser to: http://domain/phpmyadmin
That's it! MySQL and phpMyAdmin are ready. Log in with your mysql root password and create users to connect to database from your php script.


 

Wednesday, December 23, 2009

How to install mod-security in debian etch

ModSecurity is an Apache web server module that provides a web application firewall engine. The ModSecurity Rules Language engine is extrememly flexible and robust and has been referred to as the "Swiss Army Knife of web application firewalls.

How to install latest mod-security on debian etch, there are .debs available now install it manually.

In my opinion no apache server should be without mod-security, it helps filter out a lot of potential security holes in software to help protect your webserver.
More info on modsecurity here: http://www.modsecurity.org/

Install required packages:
# apt-get install libxml2-dev liblua5.1-0 lua5.1 apache2-threaded-dev
Fetch the latest mod-security (2.5.1 at time of writing)
#wgethttp://www.modsecurity.org/download/modsecurity-apache_2.5.1.tar.gz
Extract mod-security
#tar -xvf modsecurity-apache_2.5.1.tar.gz
Enter mod-security directory
#cd modsecurity-apache_2.5.1/apache2/
Build mod-security
#./configure
#make
#make install

If all is well mod-security should now be in /usr/lib/apache2/modules/ and called mod_security2.so

Create the mod-security load file for apache to load it
#vi /etc/apache2/mods-available/mod-security2.load
and add the following lines:

LoadFile /usr/lib/libxml2.so
LoadFile /usr/lib/liblua5.1.so.0
LoadModule security2_module /usr/lib/apache2/modules/mod_security2.so

 Restart the apache server
#/etc/init.d/apache2 force-reload
#/etc/init.d/apache2 restart

Tell apache where to load the mod-security config
#vi /etc/apache2/conf.d/mod-security2.conf
and add the following line:

 Include /etc/modsecurity2/*.conf

Create the mod-security directories and logs
#mkdir /etc/modsecurity2
# mkdir /etc/modsecurity2/logs
# touch /etc/modsecurity2/logs/modsec_audit.log
 # touch /etc/modsecurity2/logs/modsec_debug.log

Copy the core rules into the mod-security dirs (more info on the core rules can be found on http://www.modsecurity.org/projects/rules/index.html)

#cp /tmp/modsecurity-apache_2.5.1/rules/*.conf   /etc/modsecurity2

Update the rules so the log locations are correct
#vi /etc/modsecurity2/modsecurity_crs_10_config.conf
Find  SecDebugLog  logs/modsec_debug.log
  Replace with SecDebugLog /etc/modsecurity2/logs/modsec_debug.log
Find  SecAuditLog   logs/modsec_audit.log
  Replace with SecAuditLog /etc/modsecurity2/logs/modsec_audit.log

 Check apache config is ok
#apache2ctl configtest
Restart apache
#/etc/init.d/apache2 restart 
Check mod-security2 is running
#cat /var/log/apache2/error.log | grep ModSecurity 


[Thu Mar 27 14:56:58 2008] [notice] ModSecurity for Apache/2.5.1 (http://www.modsecurity.org/) configured.
Done!

Sunday, December 6, 2009

how to install cvs on debian

Install the cvs follow these steps:
1.install cvs and cvsd

#apt-get install cvs cvsd

When configuring cvsd I was asked which repositories to serve. I typed ‘/cvs’.
This means my repository will be available at cvs.myserver.com/cvs






2. initialize the repository

#cvs -d /var/lib/cvsd/cvs init

3. allow write access to repository

#chown cvsd:cvsd /var/lib/cvsd/cvs

4. allow history file to be written

#chown cvsd:cvsd /var/lib/cvsd/cvs/CVSROOT/history

5. add developer use account

#cvsd-passwd /var/lib/cvsd/cvs  kk

6.allow developer to write to repository

#echo "kk" /var/lib/cvsd/cvs/writers

After you've done that, your CVS pserver is ready to go. Now, from a remote system (in our case it is running Debian), you can access the repository.


#export CVSROOT=:pserver:username@servername:/cvs
#cvs login





From this point on you can use the remote CVS repository just like a local repository. You just have to try and remember to logout when you are done working with CVS.
#cvs logout
Assuming that you have a project held in a directory on the local machine which you wish to import simply run:
#cd ~/project
#cvs -d :pserver:username@servername:/cvs import -m "first import" project username release

Once this is done you can move to a different directory and try to check it out:
#cvs -d /home/cvs/ checkout project

If that works then you are done.

Saturday, December 5, 2009

how to install xen on debian

I deployed my first server based on debian etch and xen worked out of the box.
Follow these steps to install xen on debian etch:

#apt-get install xen-linux-system-2.6.18-4-xen-686 libc6-xen bridge-utils

Boot into the install xen enabled linux kernel

#reboot

Then adjust the network setting in /etc/xen/xend-config.sxp. Enabling the network bridge by removing the comment:

(network-script network-bridge)

Now install xen tools

#apt-get install xen-tools

Adjust the kernel initrd parameters in /etc/xen-tools/xen-tools.conf to match the once on your system:

#ls /boot/vmlinus*
/b0ot/vmlinus-2.6.18-4-686 /boot/vmlinus-2.6.18-4-xen-686
and
#ls /boot/initrd*
/boot/initrd.image-2.6.18-4-686 /boot/initrd.image-2.6.18-4-686.bak
/boot/initrd.image-2.6.18-4-xen-686

adjust the line

#
# Default kernel and ramdisk to use for the virtual servers
#
kernel = /boot/vmlinuz-2.6.18-4-xen-686
initrd = /boot/initrd.img-2.6.18-4-xen-686



adjust the xen-tools.conf to this settings:

dir = /home/xen
debootstrap = 1
size = 4Gb # Disk image size.
memory = 128Mb # Memory size
swap = 128Mb # Swap size
fs = ext3 # use the EXT3 filesystem for the disk image.
dist = etch # Default distribution to install.
image = sparse # Specify sparse vs. full disk images.



Create a home for all the coming virtual xen guests:

#mkdir /home/xen
#mkdir /home/xen/domains

And now ready to create a virtual machine-guest through this command:

#xen-create-image -hostname=xen.server.com -ip=192.168.1.X -netmask=255.255.255.0 -gatway=192.168.1.1 -passwd

After it i was able to fire up newly created virtual machine with:

#cd /etc/xen/
#/etc/init.d/xend restart
#xm create xen.server.com.cfg -c

Now check when up and running "xm list" or "xentop" can be used to get an overview of what instance are currently running

#xm list

Name                                      ID Mem(MiB) VCPUs State   Time(s)
Domain-0                                   0      874     1 r-----    657.9
xen.server.com                                3      128     1 -b----      8.0

For shutdown the guest run the folloing command
#xm shutdown xen.server.com

About Linux

Linux is a free Unix-type operating system originally created by Linus Torvalds.
Developed under the GNU General Public License, the source code for Linux is freely available to everyone.