The CitizenWeb Guides

The CitizenWeb Guides
- Getting Started with Linux

- Setting Up Your Personal Server
and more
Version 1.0
January 201
Table of Contents
1.1. What is Free Software, and Why Do I Give A Damn? The Case for a!in" The Swit#h..............$
1.%. What&s Wron" With Goo"'e? Se#(rity, Safety and )i"hts on the Internet......................................*
1.$. A anifesto for a De#entra'i+ed We,...............................................................................................1-
%.1. Choosin" a Distri,(tion....................................................................................................................1$
%.%. Insta''in" .,(nt(...............................................................................................................................%%
%.$. Gettin" .sed to .,(nt(....................................................................................................................$1
%./. Se#(rin" We,, 0mai' and Chat A11'i#ations..................................................................................../1
%.2. A3304DI56 3o1('ar A11'i#ations...................................................................................................2*
$.1. Why a 3ersona' Server?....................................................................................................................7/
$.%. 8efore 9o( 8e"in6 :1tions, Confi"(ration and ;ardware...............................................................7<
$.$. Assem,'e 9o(r 3C.............................................................................................................................*/
$./. Insta''in" .,(nt( Server...................................................................................................................*2
$.2. Gettin" In6 .sin" SS; and =4C......................................................................................................</
$.7. ;ome 4etwor!in"6 D;C3, D4S and 4AT.......................................................................................<>
$.*. ;ost 9o(r 0mai'6 Settin" .1 3ostfi? and Dove#ot...........................................................................>>
$.<. ;ost a We,site with A1a#he and 3;3............................................................................................1-7
$.>. 9o(r :wn C'o(d6 Fi'es, Ca'endar and Conta#ts..........................................................................112
$.1-. Se#(rity6 Firewa''in" and Threat Dete#tion..................................................................................1%$
$.11. ana"in" and Streamin" 9o(r edia...........................................................................................1%<
$.1%. A3304DI56 G(ide to =irt(a' a#hines.......................................................................................1$$
$.1$. A3304DI56 G(ide to Free4AS...................................................................................................12-
/.1 8a#!(1 and 0n#ry1t 9o(r Data........................................................................................................12>
%
The CitizenWeb Guides - Introduction
1.1. What is Free Software, and Why Do I Gie ! Da"n#$ The
Case for %a&in' The Swit(h
!he traditional de"inition o" #"ree so"tware# has varied slightly over the years$ and has
multiple meanings depending on whi%h mem&er o" the %ommunity one is tal'ing to( Yes$
o"tentimes "ree so"tware %an mean so"tware that is #"ree as in &eer$# i(e( re%eiving a produ%t
"or "ree and not needing to pay in order to use it( !his is de"initely a good aspe%t to most
"ree so"tware$ however the more important de"inition is the one that is more widely
intended when one spea's o" #"ree so"tware(# )ree as in #li&re$# that is$ so"tware that opens
its sour%e %ode to pu&li% viewing and adaptation( !his is %ontrary to %losed-sour%e so"tware
li'e the *indows or +S , operating systems$ whi%h do not release their sour%e %ode and
there"ore %annot &e modi"ied or independently veri"ied &y mem&ers o" the general pu&li%(
-ow$ most partisans o" "ree so"tware advo%ate "or its use &ased on a .uasi-moral or
altruisti% argument( )ree so"tware should &e used &e%ause it puts users in %ontrol o" their
own %omputers$ &e%ause it doesn/t lo%' users into so-%alled #walled gardens# that "or%e
them to %hoose %ertain options$ et %etera( -ever &e"ore have we &een %on"ronted with su%h
a narrowing te%hnologi%al environment -- 0pple wants to lo%' its users into using i1evi%es$
only getting so"tware "rom its %losely-wat%hed 0pp Stores$ and lo%'ed out o" any sort o"
meaning"ul %on"iguration o" their own %omputers( 2i%roso"t and Google are not too "ar
&ehind 0pple/s lead in this regard( !here"ore "ree so"tware represents a %lear alternative to
these #un-"ree# systems o" %ontrol( !his approa%h to arguing "or "ree so"tware is all well and
good$ &ut it doesn/t atta%' at the %entral pro&lem with "ree so"tware3 its per%eption as a
ho&&yist operating system$ unrelia&le and only "or advan%ed use( You %an give all the moral
arguments in the world$ &ut as we have seen throughout history$ these rarely ma'e deep
imprints in human &ehaviour(
)or the un%onvin%ed$ here is the primary reason why you should ma'e the swit%h to Linux
and "ree so"tware3 be(ause in near)y eery (ase, it *roides you with the best
(o"*utin' eniron"ent aai)ab)e, with the "ost features and "ost (usto"izab)e and
dyna"i( interfa(e on the "ar&et today.
!o all the 2a% "an&oys out there$ 4/m sorry "or ma'ing you spit out your tea and %rumpets(
5ut it/s true$ and 4/ll explain why(
$
1.1. What is Free Software, and Why Do I Give A Dan!" The Case for #a$in% The Swit&h
0s re"eren%ed earlier$ "ree so"tware opens its sour%e %ode to the general pu&li% so that
anyone %an veri"y it or modi"y the program to their li'ing( 4t should &e noted that a
signi"i%ant proportion o" general users would never "eel the need to do something li'e this(
Just the same as how people wouldn/t want to use Linux &ased on a %on%eption o" it as a
ho&&yists/ operating system( !he &ene"its are not 6ust isolated to the end user$ though3
when using "ree so"tware$ you get the assuran%e that the so"tware has most li'ely &een
vetted &y prior users and developers$ to grant it greater %redi&ility( )ree so"tware that has
&een downloaded dire%t "rom the developer or a se%ure repository is mu%h less li'ely to
%ontain &a%' doors$ mali%ious %ode$ spyware or other nasties prevalent in proprietary
so"tware(
4n addition to this$ open so"tware has a mu%h higher degree o" usa&ility &e%ause o" its
openness( Say there is a "un%tionality in a pie%e o" so"tware that 6ust doesn/t ma'e sense to
you$ and you wish you %ould either turn it o"" or use another program that wor's in a
di""erent way( 4n *indows$ you are mu%h more li'ely to &e stu%' with 2i%roso"t/s whims$
lo%'ing you into a parti%ular so"tware suite or way o" doing things( 4" not$ then you may have
to pay in order to get "ull a%%ess rights to a new appli%ation( *ith "ree so"tware$ we don/t
have to worry a&out any o" that( 4" you have some programming s'ill$ you %an easily po'e
around the sour%e %ode and ad6ust the "un%tionality o" your "avourite programs$ and you are
"ully within your right to do so( +r$ &etter yet$ you are "ree to sur" through the repositories
or online data&ases li'e Githu& in order to "ind a suita&le alternative( !his more
demo%rati7ed so"tware development pro%ess &reathes healthy %ompetition into the
so"tware mar'et$ whi%h %an only &ene"it the end user(
-ow you may say #Linux might &e great$ &ut it simply isn/t an operating system "or daily
use8# !o whi%h 4 would respond3 today/s Linux has advan%ed dramati%ally "rom what it was
"i"teen$ ten$ even "ive years ago( 4t isn/t li'e that old 9ed:at &ox you played around with &a%'
in the mid-;0s( 4nter"a%es "or most ma6or distri&utions li'e U&untu and Linux 2int have
&een polished %onsidera&ly well( <a%h ma6or distri&ution has its pre"erred display
environment$ and ea%h one loo's and per"orms 6ust as well as their proprietary %ompetitors(
/
!a'e a loo' at elementary+S$ "or example$ whi%h tries to emulate 2a% +S ,/s signature
visual style3
=ersus 2a% +S ,3
2
2odern Linux distri&utions li'e elementary+S put a high priority on slee' and "un%tional
user inter"a%es( )edora Linux %omes with G-+2<( Linux 2int has >innamon( U&untu has
Unity whi%h$ while it is o"ten maligned &y many in the "ree so"tware %ommunity$ has &een
ma'ing serious improvements in re%ent years( 0nd there are many other options to %hoose
"rom$ all o" whi%h give you easy and intuitive inter"a%es without the need to muddle through
the !erminal or o&s%ure %ommand swit%hes( !a'e your pi%' -- you don/t have to settle "or
the godaw"ul mess that is *indows ?$ or the su""o%ating money sin' that is 2a% +S ,(
)ree so"tware isn/t 6ust limited to operating systems$ either( Got a &one to pi%' with
2i%roso"t +""i%e@ !ry Li&re+""i%e( 1on/t want to give Google 0nalyti%s all o" your site visitors/
data@ >he%' out Piwi'( 0ddi%ted to iPhoto &ut don/t want to pay a 'ing/s ransom "or a new
2a%5oo'@ !a'e a loo' at Shotwell( *hy would you pay 0pple hundreds o" dollars to use
!ime 2a%hine$ i!unes$ or i>loud when all o" these systems are "reely availa&le on Linux$ and
are &y most a%%ounts even &etter@ *hy would you pay 2i%roso"t to lo%' you into their
ridi%ulous *indows ? 2etro inter"a%e$ when you %an have a %omputer that wor's exa%tly
how you want it$ with &etter per"orman%e and AusuallyB &etter sta&ility@ <ven i" there is a
program that only %omes on *indows that you a&solutely CemDmustCEemD have$ these %an
&e run via virtual ma%hine systems li'e =irtual5ox$ ma'ing it easier than ever to have the
&est o" &oth worlds(
)or nearly every proprietary so"tware plat"orm in use these days$ there is a tried and true
open sour%e alternative( Some o" them are more advan%ed than others$ &ut "or general-
purpose daily %omputing$ Linux and "ree so"tware provide the most advan%ed and
%ustomi7a&le user experien%e availa&le -- one that is also in%reasingly sta&le and hardware-
"riendly(
7
1.'. What(s Wron% With Goo%)e!" Se&urity, Safety and *i%hts on the Internet
1.+. What,s Wron' With Goo')e#$ Se(urity, Safety and -i'hts on
the Internet
4 should &egin this se%tion with saying that there is nothing FinherentlyF wrong with using
and improving your li"e with an internet servi%es plat"orm li'e Google( -or is there anything
inherently wrong with using a *indows operating system( +r 0pple produ%ts$ "or that
matter( 5illions o" people around the world use these systems everyday without negative
%onse.uen%e( !heir advan%ement has provided untold a&ility to learn and improve li"e "or
nearly everyone on the planet$ that mu%h is %ertain( !he pro&lem with servi%es li'e Google
lie in their new"ound u&i.uity$ as well as their a&ility to store vast amounts o" data on us -
in%luding details as personal as our Fphysi%al lo%ationF - with little to no external oversight(
0nd our %ontinued use o" these servi%es ena&le and a""irm su%h moves$ providing these
servi%es with the 6usti"i%ation they need to %ontinue on their priva%y onslaught( Google/s
su%%ess in propagating itsel" to every %orner o" our lives - with our "ull a%.uies%en%e - is the
reason we should &e so determined to resist it(
!he .uestions here are simple3 *hat "undamental responsi&ility do we have to our own
in"ormation@ *hat are our personal details$ our meetings and writing$ our entire lives that
are now ex%eedingly &eing stored and lived on the internet$ really worth to us@ *hat rights
do we really have when we use pu&li%ly-availa&le servi%es with priva%y poli%ies that are
do7ens o" pages long@ !his is something that only ea%h individual %an de%ide "or themselves(
5ut these .uestions are only &e%oming more pertinent( 0s an in%redi&le amount o" our lives
these days is lived on the 4nternet$ it merits a very serious and so&er loo' at 6ust what we
own and who we give it to "or #sa"e'eeping(#
*hen there is no external oversight over an organi7ation that sa"eguards our data$ you must
trust that organi7ation to always a%t in your &est interests( +n%e upon a time$ Google/s
slogan was #do no evil(# !hose days are$ o" %ourse$ now long gone( Google/s .uest "or power
and %onsolidation o" the internet servi%es mar'et has rea%hed a "ever pit%h( !his %losing o"
the online e%osystem has given it Aand$ &y extension$ its advertisersB unpre%edented and
%entrali7ed a%%ess to our personal data(
!he %entrali7ation o" data on large plat"orms su%h as Google provides new and su&stantial
improvements to the ease-o"-use and the ease-o"-a%%ess we experien%e in using our data(
Un"ortunately there is a %orresponding improvement in %orporate and governmental a%%ess
*
to the same data( -ot only do these entities have to %ut a %onsidera&le amount o" time and
red-tape out o" their in"ormation gathering operations &y only having to deal with one
plat"orm$ they also win &y &eing a&le to standardi7e their approa%hes against one uni"orm
set o" rules and poli%ies "or this plat"orm(
*hile Google has done a nota&le 6o& in providing transparen%y when it %omes to #o""i%ial#
government ta'edown re.uests on its various servi%es$ one %an see that the amount o"
them are growing ea%h and every year( -ot all o" them are granted Athan'"ullyB &ut this is
only due to Google/s insisten%e( *hen the "inan%ial in%entive to resist no longer swings their
way$ however$ one will "ind that even the most well-intentioned %ompany will %hange their
tune remar'a&ly .ui%'( *hen your last line o" de"en%e "or your data is trusting in a
%orporation$ whi%h has its own prerogatives and in%entives$ this de"en%e is a wea' one
indeed(
2ost &elieve that i" they do not &rea' the law online$ they will not &e targeted &y
governments( !he age-old slogan #4" you/ve done nothing wrong$ you have nothing to hide$#
has lost any merit it may have ever had( 4n these days o" wireless surveillan%e$ we 'now that
any individual %an &e %aught up in the "ray( )rom the US and UG/s monitoring o" +%%upy
a%tivists to the +&ama administration/s &reathless expansion o" state surveillan%e powers$
governments around the world have ra%ed to prove that$ even i" you stand up "or a %ause
you &elieve in$ pea%e"ully and well within your #rights$# you FwillF &e targeted( <ven i" you
are a simple &ystander$ your personal data %an &e ri"led through with impunity( Personal
in"ormation o" inno%ent people is %onstantly &eing va%uumed up and si"ted through &y the
national se%urity esta&lishment( Huite simply$ #rights# on the 4nternet/s pu&li% servi%es do
not exist(
<ven i" you/ve #done nothing wrong$# 0-1 you don/t %are a&out government spoo's loo'ing
through your daily %alendar$ it/s even more a&surd that %ompanies li'e )a%e&oo' and
Google are gathering huge volumes o" advertising data on us without most people 'nowing(
!his data %an &e used to %reate intri%ate pro"iles o" our daily lives$ giving %ompanies mu%h
more in"ormation than we may even 'now a&out our own selves( 0n 0ustrian law student
%urrently pursuing )a%e&oo' in %ourt "ound that the %ompany had more than 1$000 pages o"
data on him( !his would not only in%lude his "avourite movies and drun' sel"-portraits3
intimate details o" his &rowsing history Aon )a%e&oo' or elsewhereB$ and advertising pro"iles
%reated &ased on the things he/s viewed$ li'ed and su&s%ri&ed to( )a%e&oo' %reated his very
own %onsumer image$ and this data gets sold to advertising groups around the world(
Una%%ounta&le %orporations %an then trade in your personal data "or them to enri%h
themselves at your expense( !his &rings up an even more %on"ounding "undamental
.uestion3 why do we let %ompanies li'e )a%e&oo' moneti7e our universe li'e this with
impunity@ 4s it right that %ompanies get to sell our intimate details without our 'nowledge
"or their astronomi%al pro"it@
<
*hen it %omes to se%urity and data rights online$ things are only moving in one dire%tion(
0nd that is towards more %ontrol "or large %orporations and governments$ and less %ontrol
"or individual users( 4n the &est o" %ases$ this means our private and intimate data &eing
used to enri%h morally uns%rupulous %orporations( 4n the worst$ it means surveillan%e$
monitoring and snooping "or those who express an opinion the government might not
endorse(
!hese serious %on%erns "or sa"ety and priva%y %an only &e %ountered with a %ohesive
strategy "or personal data li&eration and independen%e( !his guide aims to provide detailed
instru%tions "or the %ommon user to ena%t 6ust su%h a strategy "or themselves$ while 'eeping
every &it o" the %om"ort and ease-o"-use that large internet servi%es li'e Google %an provide(

I=alue your "reedom or you will lose it$ tea%hes history( /1on/t &other us with politi%s/$
respond those who don/t want to learn(J - -i(hard %. Sta))"an
Further Reading
#Google !ransparen%y 9eport Shows 9ising !rend o" Government Surveillan%e# -
<le%troni% )reedom )oundation A<))B
#*hen *ill our <mail 5etray Us@ 0n <mail Priva%y Primer in Light o" the Petraeus
Saga# - <le%troni% )reedom )oundation A<))B
#0%tivist 9e.uests :er )54 )ile$ Learns *hat >olor :at She *as *earing *hen She
*ent to See /Lord o" the 9ings/# - !he Stranger
>
1.+. A #anifesto for a De&entra)ized Web
1... ! %anifesto for a De(entra)ized Web
We /01I0V0...
that an indiidua),s (ontro) of their own se)es is *ara"ount. 0s our so%iety
advan%es$ and as the slow merger o" te%hnology with our natural thoughts and
a%tions progresses$ the individual must &e given the means assert %ontrol over their
own virtual selves(
that the best for" of assuran(e is *ersona) (ontro). !he &est way to 'eep the
se%urity o" one/s data is to 'eep it within one/s own rea%h(
that the fair ri'ht to free and o*en (o""uni(ation (annot be abrid'ed. -ever
&e"ore have we lived in an era where governments and %orporations position
themselves as su%h titani% gate'eepers o" %ommuni%ation( !hese gate'eepers %annot
&e humanity/s intermediaries(
that the se)f "ust be stren'thened so that so(iety "i'ht f)ourish. *e do not
spea' o" resistan%e to %ontrol as vulgar individualists( >ohesion in so%iety and &ene"it
to all$ regardless o" ra%e$ %reed$ %lass or other hierar%hy$ %annot &e attained without
"ree and unthrottled %ommuni%ation(
that the a"ount of data 'athered in one s*a(e is dire(t)y *ro*ortiona) to the
a"ount of interest 'oern"ents and (or*orations ta&e to (ontro))in' it.
4n"ormation is the new gold$ whether it is sensitive personal data or mina&le
mar'eting statisti%s( 0nywhere it is amassed$ there will &e "or%es attempting to
%ontrol it(
that the a"ount of data 'athered in one s*a(e is dire(t)y *ro*ortiona) to the
0!S0 with whi(h 'oern"ents and (or*orations (an (ontro) it. +ne warrant is
easier to get than one hundred$ and one "inan%ially-interested %ompany is easier to
intimidate than one hundred individual users( )urthermore$ the ease with whi%h
governments %an dire%tly inter%ept %ommuni%ations grows when they %an %onne%t
themselves dire%tly to these plat"orms(
that o*en dee)o*"ent is the "ost re)iab)e way to assure so"ethin',s wor&in'
order. 0s we &e%ome more and more dependent on te%hnology$ it &e%omes easier to
ignore its inner wor'ings( +nly te%hnology developed a%%ording to #open sour%e#
prin%iples %an &e veri"ied to "un%tion in a sa"e and se%ure manner(
that the abi)ity to &ee* (o""uni(ation or data *riate fro" others is a ri'ht.
*hether its &y an assured method li'e en%ryption$ or simply &y only pu&lishing in a
sele%tive way$ users who have not in"ringed on the rights o" another should expe%t a
1-
de"ault state o" priva%y(
that freedo" of e2*ression (o"es fro" the assertion of natura) ri'ht, and is
not 'ien free)y. >hange will not o%%ur unless it is demanded and "ought "or(
)reedoms %annot &e won without a path to &e "orged(
!nd we -030CT...
the 'rowin' ne(essity to re)y on un(ontro))ab)e, una((ountab)e and
unse(urab)e *)atfor" seri(es. !here must always &e an #o""# swit%h( !here must
always &e an #opt out(# !here must always &e an option to se%ure your data "rom
anyone( !his %an only &e granted via a&solute en%ryption or the de%entrali7ation o"
these plat"orm servi%es(
the defau)t (u)ture of (o"*)ete and un(ontro))ed e2*osure that e2ists on the
Internet. *hether en"or%ed &y government will or %orporate greed$ the notion o"
having to #opt in# to priva%y must &e vigorously opposed( 4n order to "ight
government monitoring and %apitalist pro"iteering on our sensitive data$ the 4nternet
must &e more de%entrali7ed and the monopoly o" data %ontrol must &e &ro'en(
'oern"enta) and (or*orate (ontro) oer (o""uni(ation. 0s stated &e"ore$
governments and %orporations %annot &e trusted to a%t as humanity/s intermediaries(
0ny method &y whi%h a government %an extra6udi%ially monitor %ommuni%ations
must &e resisted( 0ny method &y whi%h a %orporation %an ena%t a #paywall# to
'nowledge and exploit %lass divisions in so%iety must &e resisted(
(entra)ized (o""uni(ation *)atfor"s of (ontro) and oersi'ht. 0ny plat"orm that
allows our %ommuni%ations to &e easily inter%epted is$ at the end o" the day$ an
enemy to truly "ree expression(
software and too)s that are 4()osed sour(e,4 not ha(&ab)e or not o*en for *ub)i(
ins*e(tion. *hether its intended to aid %apitalist %ompetition or to serve as a
weapon against others$ %losed sour%e so"tware is not a%%epta&le on an open 4nternet(
the ta&in' adanta'e of a user,s te(hni(a) i'noran(e for *ersona) 'ain. !he la%'
o" edu%ation regarding se%ure %ommuni%ations and en%ryption "or the %ommon user
must &e re%ti"ied i" we are to see any su&stantial %hange( Proli"eration o" easy tools to
ensure se%ureEprivate %ommuni%ation must &e given the highest priority(
11
Therefore, we -0S51V0...
to for(e 'oern"ents and (or*orations around the wor)d to hear our oi(e. *e
re"use to play &y your rules( *e re"use to live in your walled gardens( *e re"use to
give our personal lives over to you "or your pro"it( *e will %reate the 4nternet that we
want$ and will %ommuni%ate how we li'e(
to wor& with one another to bui)d the ne2t 'eneration of the Internet. !he
te%hni%al o&sta%les to de%entrali7ation remain high( !hrough the development$
edu%ation and testing o" new so"tware and te%hnologies$ we %an &ring ourselves over
this road&lo%' and help %reate a &etter world(
to resist, in whateer "anner we are (a*ab)e, the (entra)ization of the
Internet, and the bu)&, indis(ri"inate "onitorin' it is a((o"*anied by. *hether
this &e through the general en%ryption o" our data whenever possi&le$ the "or%ed
removal o" our a%%ounts "rom the large plat"orm servi%es$ or a mixture o" the two$ we
will do our &est to stand in the way(
1%
The CitizenWeb Guides 6 Gettin' Started with 1inu2
+.1. Choosin' a Distribution
2.1.1 - What do I need?
>hoosing a Linux distri&ution may seem li'e a daunting tas'( 4n "a%t$ there are hundreds o"
distri&utions out thereK do7ens o" them worthy %ontenders "or most %omputers( :owever
the a&ility to %hoose &etween them has improved remar'a&ly in re%ent years(
0s' any Linux user #*hat distro should 4 use@# and the answer will most li'ely &e #go with
what you need(# <very distri&ution has their strong points and their wea' points( !o &egin$
ma'e a list Amental or otherwiseB o" what you see' to a%%omplish with your %omptuer3
What wi)) I wor& on with this (o"*uter# 4" this is primarily to &e an internet and
o""i%e wor' ma%hine$ most any distri&ution %an do that with relatively little
%on"iguration( :owever more advan%ed programs will re.uire distri&utions with
&etter %ode&ases and well-maintained repositories(
What is "y s&i)) )ee)# !hose who are 6ust starting Linux "or the "irst time will most
li'ely want to %hoose a more #simple# distri&ution( 0nd there are plenty o" them3 &uilt
"or ease o" use$ %ompati&ility and %lean user environments right o"" the &at( )or those
who are loo'ing "or a %hallenge$ and would li'e to %ustomi7e their system "or power
and speed$ an #advan%ed# distro might &e more to their li'ing(
7ow "u(h do I want to (onfi'ure "y isua) interfa(e# Linux has no shortage o"
de%ent graphi%al environments$ 'nown as #1es'top <nvironments# and #*indow
2anagers(# !he distri&ution you %hoose will largely depend on whi%h graphi%al
environment suits you( 2any o" the newer$ more simple distri&utions li'e U&untu and
Linux 2int$ have spe%i"i% editions depending on the environment you want to use( 4n
any Linux distri&ution there is the "reedom to set your own 1<E*2K however i" one
pre"ers ,)>< "or example$ they are &etter o"" downloading ,u&untu over the standard
U&untu distri&ution(

1$
'.1. Choosin% a Distribution
2.1.2 - The Distros
!his is &y no means an exhaustive list o" Linux distrosK only a list highlighting the
most popular %hoi%es( )or a more detailed list and %omparison$ visit 1istrowat%h(
!he distros here are listed &y their general ease-o"-use and ease o" installK U&untu &eing the
easiest and 0r%h the most di""i%ult( !he inverse is true "or the amount o" say you have in
pa%'ages installed &y de"ault3 0r%h is most %ustomi7a&le in this regard$ while U&untu is the
most restri%ted(
Ubuntu
1/
Website3 http3EEu&untu(org
8a(&a'e "ana'e"ent syste"3 aptitude Aapt-getB
D0 Versions3 G-+2<EUnity Ade"aultBK other versions %ome via o""shoots
Deriaties90ditions3 ,u&untu A,)><B$ Gu&untu AG1<B$ Lu&untu AL,1<B$ >run%h&ang
A+pen&oxB
8ros :fro" Distrowat(h;3 )ixed release %y%le and support periodK novi%e-"riendlyK
wealth o" do%umentation$ &oth o""i%ial and user-%ontri&uted
Cons :fro" Distrowat(h;3 La%'s %ompati&ility with 1e&ianK "re.uent ma6or %hanges
tend to drive some users away
U&untu Aand its derivativesB is the most popular %hoi%e o" distri&ution "or Linux users( 4t is
very easy to use$ giving users the option o" using the system without meddling with the
%ommand line at any point( !his grants the user with an experien%e similar to *indows and
2a% +S ,( 4n these respe%ts$ U&untu is the #easiest# distri&ution to get into and to learn$ and
is a great %hoi%e "or &eginners( *ith an emerging hold in the &usiness and server mar'et$
U&untu is seen as &eing a sta&le and %onsistent option as "ar as distri&utions are %on%erned$
with a %ompany A>anoni%al LtdB in %harge o" its development and maintenan%e( *hile re%ent
releases have not .uite lived up to its own high standards it has a%hieved in the past$
U&untu remains a solid %hoi%e and a logi%al %on%lusion "or Linux &eginners(
12
Linux Mint
Website3 http3EElinuxmint(%om
8a(&a'e "ana'e"ent syste"3 aptitude Aapt-getB
D0 Versions3 >innamon Ade"aultB$ 20!<$ G1<$ ,)><
8ros :fro" Distrowat(h;3 Super& %olle%tion o" #minty# tools developed in-house$
hundreds o" user-"riendly enhan%ements$ in%lusion o" multimedia %ode%s$ open to
users/ suggestions
Cons :fro" Distrowat(h;3 !he alternative #%ommunity# editions don/t always in%lude
the latest "eatures$ the pro6e%t does not issue se%urity advisories
Linux 2int originally &egan as a derivative o" U&untu( 4t is maintained &y a %ommunity that
wanted to ta'e some "eatures o" U&untu in new dire%tions( !he most nota&le di""eren%e
&etween 2int and U&untu is its readily-ena&led "reedom to %hoose one/s own graphi%al
17
Ades'topB environment( +ther than that$ &oth U&untu and 2int are &ased o"" o" 1e&ian$
ma'ing them %losely related systems in terms o" maintenan%e and pre"erred so"tware
suites( 2int also in%ludes its own suites o" so"tware to manage spe%i"i% "un%tions$ whi%h
adds to this distri&ution/s ease-o"-use(
Fedora
Website3 http3EE"edorapro6e%t(org
8a(&a'e "ana'e"ent syste"3 yum
D0 Versions3 G-+2< Ade"aultB$ G1<$ L,1<$ ,)><
8ros :fro" Distrowat(h;3 :ighly innovativeK outstanding se%urity "eaturesK large
num&er o" supported pa%'agesK stri%t adheren%e to the "ree so"tware philosophyK
availa&ility o" live >1s "eaturing many popular des'top environments
1*
Cons :fro" Distrowat(h;3 )edora/s priorities tend to lean towards enterprise
"eatures$ rather than des'top usa&ilityK some &leeding edge "eatures$ su%h as early
swit%h to G1< L and G-+2< $ o%%asionally alienate some des'top users
)edora is the %ommunity-run step%hild o" one o" the oldest and most well-'nown Linux
distri&utions$ 9ed :at Linux( -ow that 9ed :at is only availa&le "or enterprise appli%ations$
)edora is the distri&ution that is &eing o""ered to general end users( )edora is di""erent "rom
&oth U&untu and Linux 2int in that it is not &ased o"" o" 1e&ianK there"ore it uses a di""erent
pa%'age management system as well as its own suite o" appli%ations and servi%es( )edora is
%onsidered to &e a sta&le and mature distri&ution$ perhaps not with the same ease-o"-use
that U&untu provides$ &ut is not "ar &ehind( 4t is a de%ent %hoi%e "or intermediate %omputer
users$ as well as &eginners to Linux loo'ing "or more o" a %hallenge(
Arch Linux
1<
Website3 http3EEar%hlinux(org
8a(&a'e "ana'e"ent syste"3 pa%man
D0 Versions3 0ny Ainstalled %ustomB
8ros :fro" Distrowat(h;3 <x%ellent so"tware management in"rastru%tureK
unparalleled %ustomisation and twea'ing optionsK super& online do%umentation
Cons :fro" Distrowat(h;3 +%%asional insta&ility and ris' o" &rea'down$ in"re.uent
install media releases
0r%h Linux prides itsel" on its %ore philosophy3 #Geep 4t Simple$ Stupid8# 4n line with this idea$
0r%h tries to 'eep its distri&ution as %lean and "ree o" unne%%essary %lutter as possi&le( *hile
systems li'e U&untu in%lude resour%e-heavy "ront-ends li'e the Unity window manager and
many appli%ation suites installed &y de"ault$ 0r%h pre"ers to let the user %hoose what they
want their system to &e &y de"ault( !his way allows "or maximum %ustomi7ation and
minimum time lost wor'ing with %on"li%ting or unused and &loated so"tware tools( 0r%h also
di""ers "rom most other distri&utions in that it pre"ers a rolling-release styleK where other
distri&utions ea%h have versions and releases o" their so"tware$ 0r%h stays on the %utting
edge &y providing all updates through Mpa%manM on%e they are availa&le(
!hese %hara%teristi%s admittedly ma'es 0r%h one o" the hardest Linux distri&utions to install
and maintain$ as everything must &e sele%ted &y the user$ installed and maintained without
the 'inds o" &lueprints that other distri&utions might o""er( :owever the 0r%h %ommunity is
very "riendly$ %lose-'nit and "eatures an ama7ing *i'i "ull o" do%umentation( 0r%h is a great
%hoi%e "or power-users or those loo'ing "or a serious %hallenge with maximum reward and
%ustomi7ation opportunity(
1>
'.'. Insta))in% ,buntu
+.+. Insta))in' <buntu
2.2.1 - Downloading and Burning Ubuntu
4nstalling U&untu is a &ree7e$ made easy &y its %onvenient graphi%al installer that rivals the
ease-o"-use o" either 2i%roso"t or 0pple/s operating systems(
)irst$ you/ll need to download and &urn the 4S+ "ile( Go to u&untu(%om and %li%' 1ownload(
>hoose #U&untu 1es'top(# >hoose the #)or the latest "eatures# option$ then pi%' the %orre%t
ar%hite%ture in the #>hoose your "lavour# &ox( !hen %li%' the Get &utton( You may &e
presented with a s%reen to soli%it donations3 ma'e one i" you/d li'e$ +9 s%roll to the &ottom
and %hoose #-o than's(# !he "ile will download automati%ally(
+n%e the download is %omplete$ you/ll need to load a &lan' dis% into your %omputer( !he
next steps depend on the operating system you are using(
Windows =3
1ou&le-%li%' the 4S+ "ile you downloaded to open the #*indows 1is% 4mage
5urner(#
>li%' #5urn(#
Windows >8 :or o)der;3
1ownload img5urn "rom http3EEwww(img&urn(%omE(
+pen img5urn and %hoose #*rite image "ile to dis%#
Sele%t the 4S+ you downloaded and %li%' #5urn(#
%a( 5S >3
+pen the #1is% Utility# appli%ation in 0ppli%ations D Utilities(
1rag the 4S+ "ile you downloaded to the le"t-hand side&ar( Sele%t this "ile and %li%'
#5urn(#

%-
2.2.2 - re!are "our Co#!uter and $iles
+n%e you/ve &urned U&untu to dis%$ you will need to prepare your %omputer "or your
U&untu install( !his will depend on your desired setup3
2ost users will want to +-LY use U&untu as their sole operating system( )or this$ no
extra prep is re.uired(
)or those who wish to Aor need toB use *indows as well$ 0-1 have a %omputer new
enough$ they %an opt "or a "ull install o" U&untu and then to use a =irtual 2a%hine to
run the programs they need "or *indows( -o extra prep is re.uired "or this step
either( AGeep in mind that you must have a valid *indows install dis% to %hoose this
option(B
)or those who wish to Aor need toB use *indows as well$ &ut don/t have a "airly-new
%omputer with a multi-%ore pro%essor$ they %an opt "or a multi-partition setup( !his
%onsists o" a sole %omputer with two operating systems installed on it$ and the +S to
use %an &e %hosen at &oot( So i" you have &oth U&untu and *indows installed$ and
you want to swit%h to the other operating system "or awhile$ you %an simply re&oot
your %omputer and swit%h at the &oots%reen( 4" you wish to use this option$ 'eep an
eye out "or the #dual-&oot setup# option in the 4nstallation se%tion( AGeep in mind that
you must have a valid *indows install dis% to %hoose this option(B
-o matter what you have %hosen a&ove$ you will need to erase your entire hard drive
Aunless your hard drive presently has enough unpartitioned "ree spa%e on it$ whi%h is
dou&t"ulB( 5e"ore you do this$ ma'e sure to &a%' up all o" your "iles to external US5 drives or
dis's( Geep them sa"e until you %an o""load your data onto your %omputer again(

2.2.% - Installing Ubuntu

Load your U&untu install dis% into your %omputer and re&oot( !he %omputer should &oot
"rom dis% automati%ally( 4" it doesn/t$ visit your %omputer manu"a%turer/s we&site and loo'
through the support se%tion "or how to &oot "rom dis%(
%1
+n &oot$ U&untu will load an inter"a%e "rom >1$ then present you with this lovely s%reen3

4" you/d li'e to try the inter"a%e out a &it &e"ore you &egin$ "eel "ree to %li%' #!ry U&untu(#
You will &e a&le to go to the installer via a lin' on the des'top( *hen you are ready to install$
%li%' #4nstall U&untu(#
1on/t &e a"raid i" U&untu seems really sluggish here &e"ore you install it - a"ter all$ it/s
running "rom your >1 drive whi%h is many times slower than your a%tual hard drive
will run8

>he%' #1ownload updates while installing# then %li%' >ontinue(
%%
4" you wish to use U&untu as your sole operating system$ %hoose #<rase dis' and install
U&untu(# 4" you wish to use a dual-&oot setup as explained a&ove$ %li%' #Something <lse$#
whi%h will ta'e you to a partition management s%reen( A0t this point you should see the
Partitioning se%tion &elowB(

4" you de%ided to install U&untu with "ull-dis' en%ryption$ %he%' #<n%rypt the new U&untu
installation "or se%urity# and %li%' >ontinue( !he next window will provide you with an
opportunity to %hoose your se%urity 'ey( 4t/s re%ommended that you %hoose to #overwrite
empty dis' spa%e$# espe%ially i" this is not a new %omputer(

*hile U&untu installs$ the next s%reens will give you the option to %hoose a variety o"
options$ in%luding your time7one$ pre"erred 'ey&oard layout$ and %redentials( +n%e that/s
done$ sit &a%' and en6oy the wait(

%$
+n%e U&untu re&oots itsel"$ you will &e put at your login prompt$ then the des'top( You
made it8

2.2.& - Getting Used to Ubuntu

U&untu is one o" the easiest Linux distri&utions to use( 4t/s per"e%t "or users loo'ing to set up
their %omputer with minimal twea'ing and %on"iguration(

U&untu/s primary inter"a%e is %alled #Unity(# You/ll see that the des'top has a &ar on the
upper edge o" the s%reen$ whi%h is where your noti"i%ations and your menu &ar "or
appli%ations will pop up A2a% +S ,-styleB( 0long the le"t-hand side o" your s%reen you will see
the 1o%'( !his has i%ons o" "re.uently used appli%ations that %an easily &e laun%hed "rom
%/
here Aagain$ li'e 2a% +S ,/s 1o%'B( You %an add or remove programs to the do%' &y simply
%li%'ing and dragging them to or "rom the do%'(

Unity/s Aargua&lyB &est "eature is the Sear%h pane Asimilar to 2a% +S ,/s /Spotlight/ - do you
see a pattern here@ 3B B( !his is the top magni"ying glass-shaped i%on on the do%'( >li%' here
and you %an &rowse your appli%ations and your "iles depending on their type( 4t/s "airly
intuitive and shouldn/t ta'e too long to "igure out( !here is also a sear%h &ox at the top
where you %an enter part o" a "ilename or appli%ation name$ and it will &ring that o&6e%t up
"or you to load(

4n the Sear%h &ox$ type #term# and %li%' the !erminal i%on that %omes up( !his is your
standard Linux %ommand line terminal( *e will &e using this o"ten "or %on"iguring the %lient
and setting up so"tware( !he good thing a&out U&untu is that there are graphi%al
alternatives "or esta&lishing almost any setting - however it/s &etter to wor' "rom the
%ommand line when one is learning$ to &etter gain a grasp o" what exa%tly is going on
&eneath the appli%ations you are %on"iguring( 4n this guide$ graphi%al alternatives will &e
mentioned when they are availa&le$ &ut we will always &e wor'ing "rom this terminal(

+n the do%'$ you will noti%e a pi%ture o" a gear and wren%h( !his i%on opens the System
Pre"eren%es s%reen$ whi%h will allow you to %ustomi7e your system to your heart/s %ontent(
4"$ "or example$ your mouse seems a &it "aster here than it did in *indows@ Go to the 2ouse
se%tion and you will &e a&le to ad6ust it to meet your needs( )eel "ree to play around with
this &e"ore we get into the nitty gritty o" setting up your system(

2.2.' - Dual Boot artitioning ()!tional*

4" you need to 'eep a *indows installation on your hard dis' Aand are una&le to use a
=irtual 2a%hineB$ you %an %hoose to set up a %ustom partition ta&le during the U&untu
installer(
-ote that you %annot use a %ustom partition ta&le 0-1 use "ull-dis' en%ryption in the
U&untu installer at present(

)irst$ delete all existing partitions Aanything with a num&er a"ter the #EdevEsd@# &itB &y
sele%ting them and %li%'ing the #-# &utton( !hen$ to %reate a new partition$ %li%' the #N#
&utton( You will &e a&le to de"ine the partition/s si7e in mega&ytes A1$02L 25 O 1 G5B$ as well
%2
as sele%t its "ilesystem type and mount point( )or the main partition$ set it to the si7e you
wish and set the mount point at #E#( Linux partitions should &e set to use the extL "ile
system(
)or the *indows partition$ 6ust leave some #"ree spa%e# that mat%hes the si7e o" the
*indows partition you wish to ma'e( *hen you load your *indows dis% installer$ you will
%reate a partition in this "ree spa%e and %hoose to install *indows here(
Geep in mind that *indows re.uires a lot more spa%e to operate than Linux does(
)or *indows you should loo' to set aside Aat a &are minimumB P0G5 o" spa%e "or the
operating system and some appli%ation suites(
%7
'.+. Gettin% ,sed to ,buntu
+... Gettin' <sed to <buntu
2.%.1 + The Ubuntu ,-!erience
0s explained &e"ore$ U&untu/s main inter"a%e is %alled QUnityQ( !he menu &ar is along the
top o" the s%reen$ where you will &e a&le to see the standard )ile$ <dit$ *indow$ and other
menu &uttons( !his is mu%h li'e the "un%tionality o" 2a% +S ,( !owards the right side o" the
menu &ar$ you "ind options &ased on the appli%ations you are running$ as well as the
standard tray i%ons A-etwor'$ =olume$ SettingsB and the system time(
%*
0long the le"t side o" the s%reen$ you see U&untu/s version o" the *indows Start &ar or the
2a% +S , 1o%'( !his do%' shows you your "re.uently used appli%ations( You %an pull
appli%ations to this 1o%' "or .ui%' re"eren%e$ or remove them simply &y pulling them o"" the
1o%'(
!he "irst &utton on the 1o%' Awith the U&untu logoB &rings up the Sear%h pane( !his is the
se%ond most %onvenient way to laun%h appli%ations in U&untu( !he Sear%h pane is your
%enter "or "inding programs and "iles on your hard drive( You %an type the "irst "ew letters o"
the appli%ation you are loo'ing "or$ and it will %ome up at the top o" your sear%h( You %an
also type the name or other details a&out a do%umentE"ile you are loo'ing "or on your hard
drive$ and the Sear%h pane will loo' "or it "or you( 0t the &ottom o" the pane$ you %an see
some &uttons to "ilter your sear%hes( You %an %hoose to sear%h only "or appli%ations$
do%uments$ musi%$ photos$ or video( !he Sear%h pane also allows you to sear%h "or produ%ts
"or sale on 0ma7on(%om Athough this %an &e turned o"" in System Pre"eren%es D Priva%yB(
!he se%ond &utton in "orm o" a "ile "older is your )ile <xplorer( !his is analogous to the
*indows <xplorer Aor %li%'ing #2y 1o%uments#B in *indows$ or the )inder in 2a% +S ,( 0s
you %an see &y the photo a&ove$ the inter"a%e is very similar to &oth o" these other des'top
environments(
2.%.2 + .!!lications and $eatures
!he next app in the list &y de"ault is )ire"ox( !his runs the popular 4nternet &rowser(
-ext$ we see three do%ument i%ons( !hese run Li&re+""i%e$ an o""i%e suite similar to
2i%roso"t +""i%e$ &ut open sour%e and %entered around open-sour%e "ile "ormats( Li&re+""i%e
is very intuitive and easy to use( !he i%ons represent *riter "or word pro%essing$ >al% "or
spreadsheets$ and 4mpress "or %reating presentations(
U&untu has a %enter "or "inding new programs and utilities you might "ind use"ul$ %alled the
U&untu So"tware >entre( !he So"tware >entre is identi"ied &y the pi%ture o" the shopping
&ag in the 1o%'( :ere you %an "ind apps in a wide variety o" %ategories$ "ree or paid( 2ost o"
them are a%tually "ree( You %an manage so"tware you/ve installed$ uninstall old pa%'ages$ or
manage system updates "rom the So"tware >entre(
%<
-ext is the U&untu +ne logo( U&untu +ne is a %loud solution provided &y >anoni%al
AU&untu/s parent %ompanyB( 4t is similar to Google 1rive( You %an sign up "or a "ree a%%ount
to store your musi%$ photos and do%uments online$ then a%%ess them "rom anywhere in the
world on a variety o" di""erent plat"orms( !here are also paid options that unlo%' some
additional "un%tionality(
Last on the 1o%' list "or now is the System Pre"eren%es pane( !his is indi%ated &y the pi%ture
o" the gear-and-wren%h in the 1o%'( :ere you %an %ustomi7e some o" your system/s most
important "eatures$ li'e language$ dateEtime$ priva%y settings$ networ' pre"eren%es$ and
more(
%>
+ther appli%ations you will "ind o" interest$ &ut that may not &e in the do%'3
-hyth"bo2 - !his is U&untu/s de"ault musi% player( Similar to i!unes$ it plays your
musi% and manages your li&rary with a %lean and intuitive inter"a%e(
Thunderbird - !his is 2o7illa/s mail %lient$ mu%h li'e 2a% +S , 2ail$ or 2i%roso"t
+utloo'(
Te2t 0ditor - )an%y a .ui%' note@ Use this appli%ation$ analogous to -otepad on
*indows or !ext<dit on 2a% +S ,(
Ca)(u)ator - Sel"-explanatory8
Shotwe)) 8hoto %ana'er - 0 "ree photo li&rary manager$ very similar to 2a% +S ,/s
iPhoto(
:ead "urther into the 1o%' and the U&untu So"tware >entre$ and see what neat appli%ations
you %an "ind8 +r go to %hapter 2(P in the Guide to get a list o" more appli%ations that may &e
help"ul(
2.%.& + . Brie/ Introduction to the Ter#inal
!he &ane o" every new Linux user is the !erminal( :owever it is mostly mu%h ado a&out
nothing( *ith U&untu$ you %an use Linux on a day-to-day &asis without even needing to
tou%h the terminal( 0nd its "un%tion is surprisingly simple when it %omes down to
a%%omplishing &asi% tas's(
$-
*hen you laun%h the !erminal$ you &egin in your :ome dire%tory( You %an tell this &y the
tilde ARB in the %ommand prompt( Your lo%ation in the hard drive will always &e given in this
spa%e(
!o list the %ontents o" the dire%tory you are %urrently in$ type MlsM and press <nter AS1B( You
6ust ran your "irst %ommand via the !erminal8
!o navigate to a di""erent "older$ run M%dM and "ollow that with the "older name( 0s you %an
see &elow$ 4 ran M%d 1o%umentsM$ and it put me in my 1o%uments "older AS2B( Simple
enough( *hen you want to go &a%' to the "older Ali'e the #Up# &utton in *indows <xplorerB$
run M%d ((M and you will &e ta'en &a%' ASB( You %an run these %ommands via a&solute paths$
i(e( "olders that are not in the "older you are %urrently in ASL$ SPB(
$1
!his is the &asi%s "or navigating through "olders in the !erminal( )or "ile manipulation$ you
%an "ollow the same pro%ess "or putting %ommand N "ile lo%ation together( >opying "iles is
a%hieved with M%pM$ "ollowed &y the "ile you want to %opy$ then its lo%ation( So3 M%p
sour%e"ile(txt EhomeEuserE1o%umentsEM will %opy the #sour%e"ile(txt# in the %urrent "older to
your 1o%uments "older( 4n the same way$ you %an use #mv# to move$ or #rm# to remove "iles(
You %an also use #m'dir# to ma'e new "olders(
5eyond simple "ile management$ using the !erminal %an &e &oiled down to one simple "a%t3
ter"ina) (o""ands are a**)i(ations *)us o*tions( <very appli%ation that you run on
Linux has a %orresponding !erminal %ommand that %an &e used to run it( )urthermore$
these %ommands %an use option #"lags# to ad6ust its manner o" operation(
$%
!o explain this$ let/s ta'e a loo' at a &asi% %ommand %alled ar( !09 is used to %reate
ar%hives o" "iles or "olders$ mu%h li'e the T4P "ile "ormat on *indows( !o %reate a standard
7ipped-up !09 ar%hive o" a "ile$ we run the "ollowing %ommand3
ar -cvzf archivename.ar.gz fi1ename.ex
!his %reates an ar%hive named #ar%hivename(tar(g7# that %ontains the "ile #"ilename(ext#( 5ut
what a&out those letters "ollowing the MtarM %ommand@ !hose are the "lags( 4n Linux$ "lags
are denoted with the #-# that %omes &e"ore them$ and usually %ome right a"ter the initial
%ommand in the string( 4" you want to use more than one "lag$ you %an sta%' them$ li'e 4 did
a&ove$ with 6ust one #-#(
Let me explain what ea%h o" those "lags does "or this spe%i"i% ar %ommand3
( means to A%Breate the ar%hive( You %an also use !09 to extra%t "rom existing
ar%hives$ so that is why you must spe%i"y that you wish to A%Breate one(
means to output AvBer&osely( 4n plain <nglish$ this tells !09 that we want to see
everything it is doing$ as it does it( So it will then print out a list o" ea%h "ile it is
%ompressing as it does so( +r$ i" it gets an error$ it will give us a "ull readout o" where
the error o%%urred(
z means to gA7Bip the !09 ar%hive( !his adds a level o" %ompression to our ar%hive$ so
their %ontents will &e smaller than they would &e outside o" the ar%hive( Just li'e a T4P
"ile on *indows(
f means that we will spe%i"y the A"Bilename o" the ar%hive we will ma'e( +therwise$
!09 will automati%ally generate a name "or our ar%hive(
<a%h %ommand you will want to use on the %ommand line has a %orresponding #manpage(#
A4t might sound li'e a sexist name$ &ut it 6ust means #manual#8B :ere you %an get detailed
in"ormation on how to use the %ommand$ as well as a list o" "lags and %ommonly-used
options "or it( Simply run MmanM plus the %ommand you want to learn a&out( Mman tarM$ "or
example$ will show you the manual and "lags list "or the MtarM %ommand(
!here$ the !erminal is easy$ 6ust li'e 4 told you8 4t might not seem very %onvenient at "irst$
&ut the more you get to use it$ the .ui%'er "re.uent tas's %an pass &y$ leading to great
in%reases in your produ%tivity( )or example$ to %reate a !09 ar%hive o" a "ile Aor "olderB$ &y
the standard way you would need to laun%h the 0r%hive 2anager appli%ation$ mouse over to
$$
#-ew 0r%hive$# %li%' it$ type in a name$ type in a pla%e "or the ar%hive to &e$ mouse over the
%he%'&oxes "or options$ %li%' and drag your "olders$ et% et% et%( 5ut with the !erminal$ a"ter
learning how the %ommand wor's the "irst time$ you %an simply run a .ui%' %ommand "rom
memory to do exa%tly what you want( You %an even %reate s%ripts A%alled #&ash s%ripts#B to
automate tas's using the !erminal/s language( *e will %over this in a "uture guide( 5ut "or
now$ pat yoursel" on the &a%'$ &e%ause you/ve %on.uered your "ear o" the !erminal8
$/
'.-. Se&urin% Web, .ai) and Chat A//)i&ations
+.?. Se(urin' Web, 0"ai) and Chat !**)i(ations
2.&.1 - 0ecure "our Web Browsing
Encrypt Your Connections with L!TL
!he "irst step to ta'e in assuring your we& &rowser/s se%urity is to ma'e sure every
%onne%tion possi&le is made over SSL( SSL should &e "amiliar to you &y now -- every time
you log into your &an' a%%ount$ "or example$ you should see a little #https# in your address
&ar with a little green %he%'-mar' or a lo%' sym&ol( !his means that your personal
%onne%tion data is &eing en%rypted &etween you and the server you are %ommuni%ating
with( Your username$ your password and other "orm data on the &an'/s we&site %annot &e
#snooped# on &y anyone else on your networ'(
2ost sites that re.uire logons will have SSL %apa&ility( !he pro&lem is that SSL is o"ten not
e.uipped &y de"ault on sites that don/t handle "inan%ial in"ormation( !his means that sites
li'e )a%e&oo' might still &e handling your %onne%tions over regular unen%rypted :!!P &y
de"ault(
!o %hange that$ there are &rowser plugins that you %an use to en"or%e SSL &y de"ault "or any
site that has it ena&led( !he <le%troni% )rontier )oundation has developed a tool named
#:!!PS <verywhere# whi%h ena&les :!!PS &y de"ault on many popular sites and servi%es
that have :!!PS availa&le( 4t %an &e paired with another plugin %alled :!!PS )inder or G5
SSL <n"or%er$ whi%h sear%hes other sites that appear to have :!!PS installed$ and passes
them to :!!PS <verywhere(
:!!PS <verywhere %an &e downloaded "or )ire"ox and >hrome A>hromiumB &y visiting the
we&site( 4n )ire"ox$ %li%' the 4nstall lin'$ then %li%' 0llow$ then %li%' 4nstall -ow( You will need
to restart )ire"ox &e"ore the plugin will &e ena&led( )or >hrome$ %li%' the 4nstall lin'$ %li%'
#0dd to >hrome$# then %li%' #0dd(#
!o install :!!PS )inder in )ire"ox$ open your &rowser than %li%' !ools D 0dd-ons( >li%' #Get
0dd-ons$# and sear%h "or :!!PS )inder(
$2
!o install G5 SSL <n"or%er in >hromium3 go to the >hrome *e& Store and sear%h "or #G5 SSL
<n"or%er# under #<xtensions(#
0nd in the "uture - "or <=<9Y site that re.uires a login$ ma'e sure that the address shows as
:!!PS on the login page8 4" not$ go into your settings and there will o"ten &e an option to use
:!!PS &y de"ault tu%'ed away somewhere(
"loc# Monitoring cripts
+n%e your %onne%tion data is se%ured$ there is now the matter o" tra%'ing s%ripts(
<verywhere on the we&$ on nearly every %ommonly-used we&site nowadays$ there are
#tra%'ers(# !ra%'ers %ome in many "orms &ut the most "re.uent way is via tra%'ing %oo'ies
that are transparently downloaded to your %omputer$ or a%tive s%ripts that run on pages
that report home with spe%i"i% data( !he idea o" we& tra%'ing is a very &road %on%ept &ut 4
will give two o" the most %ommon examples &elow(
1( Google 0nalyti%s -- !his is a pie%e o" so"tware run &y Google that gives we&masters a
huge amount o" data on ea%h visitor( 4t %an pinpoint everything "rom their
approximate geographi% lo%ation$ to details a&out their %omputer and its operating
environment$ to how long they spent on the site$ what pages they loo'ed at$ and
other details( 4t %an even tell what site you %ame "rom to get to a %ertain lo%ation$ and
what site you visit when you leave( Some o" this in"ormation %an &e dis%erned simply
&y loo'ing at one/s server logs$ &ut 0nalyti%s renders this mu%h easier( -ot everyone
has a pro&lem with this data &eing in the hands o" we&masters$ &ut the "a%t that it is
also 'ept &y Google %an &e more than worrying(
2( )a%e&oo' -- )a%e&oo'/s #5ea%on# s%ripts are everywhere on the we&( 0nywhere you
see a dynami%ally-loaded #Li'e# &utton$ on a &log arti%le or on a %ompany/s we&site$
this in"ormation is sent to )a%e&oo'( *hat/s worse is that i" you are logged into
)a%e&oo' Awhi%h most people are$ even i" it is not a%tively open in their &rowserB$
)a%e&oo' will &e a&le to mat%h your pro"ile with your *e& &rowsing ha&its(
4" you/d rather not sur" the we& with strange %orporations wat%hing your every move$ you
%ertainly aren/t alone( !han'"ully there are &rowser plugins that %an help8 !here is one in
parti%ular %alled Ghostery that is very e""e%tive at &lo%'ing tra%'ers you don/t want to see$
while still giving you the power to ena&le the ones you may "ind use"ul "rom time to time( 4"
you li'e the a&ility to %li%' the #li'e# &utton "rom time to time$ "or example$ &ut don/t want
Google 0nalyti%s to tra%' you$ you %an manually allow the )a%e&oo' tra%'er in Ghostery/s
easy-to-sear%h data&ase(
$7
!o install Ghostery in )ire"ox or >hrome$ go to the &rowser/s 0dd-ons se%tion and sear%h "or
Ghostery( +n%e it is installed$ it will as' you what sites to &lo%'( 2y advi%e is to %hoose
#Sele%t 0ll# to &lo%' tra%'ers &y de"ault( !hen$ later on$ i" you "ind one you need to use$ you
%an go &a%' into your 0dd-on settings and un%he%' the &ox next to that tra%'er/s name(
*ith Ghostery you %an also pause all tra%'ing easily( 4" you "ind a we&site doesn/t .uite wor'
properly without its tra%'ers$ %li%' the Ghostery &utton in your &rowser window$ than %li%'
the #Pause# &utton( !hen re"resh the page and try the "un%tionality again( Just don/t "orget to
press #play# again when you are done8
$*
Encrypt Your "rowsing with Tor
!here is another option$ perhaps the most advan%ed one yet when it %omes to %ompletely
anonymous 4nternet sur"ing( !hat option is !or( +riginally developed &y the US Government$
!or is a type o" #onion router# that routes your internet tra""i% through a %ompli%ated
layered system( !here is mu%h to say a&out !or and a lot o" explaining &ehind how it wor's(
4" you are interested in it$ you %an visit the !or Pro6e%t on its we&site(
4" you would li'e to use !or "or anonymous &rowsing$ it/s easy to do so( :owever we will not
&e installing !or using the U&untu pa%'age repository$ li'e has &een done in the past( Sin%e
!or updates are %onsidered very important "or sta&ility and se%urity reasons$ we want to
ma'e sure that we are getting them on time( )or this$ we will pat%h !or/s %ustom update
server into our U&untu installation( !hat way$ whenever we run sudo ap-ge updae
and sudo ap-ge upgrade$ !or will update itsel" whenever a new version is availa&le(
)irst$ run ca /ec/debian_version to %he%' your U&untu/s version %odename( 4" you
are using 12(0L$ the %odename is #pre%ise(# -ext$ open up /ec/ap/sources.1is and
add the "ollowing line$ with your version %odename in the appropriate pla%e3
deb hp://deb.orprojec.org/orprojec.org $codename main
-ext$ add the !or pro6e%t/s GPG 'ey$ used to sign its pa%'ages and veri"y their authenti%ity3
gpg --'eyserver 'eys.gnupg.ne --recv 88689
gpg --expor A3C4E0E979CAA22CBA8E512EE8CBC9E88689 | sudo
ap-'ey add -
!hen the "inal "ew %ommands3
sudo ap-ge updae
sudo ap-ge insa11 deb.orprojec.org-'eyring
sudo ap-ge insa11 or
)rom this point on$ !or is installed and running on your system( 5ut &e"ore you %an use it$
you must %on"igure your &rowser to use it( You %an do this manually o" %ourse$ &ut we will
use the most %onvenient and automati% method -- via a &rowser plugin( 1ownload the !or
5rowser 5undle "ound here( 2a'e sure you download the Linux version$ and the
$<
ar%hite%ture that %orresponds to your %omputer( 4" you don/t 'now your ar%hite%ture$ run
uname -m( 4" you get #x?UQ?L# as a response$ you have a UL-&it systemK i" you get #i?U# or
#iU?U# as a response$ you are using a 2-&it system(
0"ter downloading the pa%'age$ run the "ollowing to extra%t it and install3
ar -xvzf or-browser-gnu-1inux-*.ar.gz
cd or-browser_*
./sar-or-browser
!his will start a spe%ially-pat%hed version o" )ire"ox that has !or ena&led( You %an %reate a
short%ut to the sar-or-browser s%ript on your des'top or in the side&ar$ and you will
&e a&le to laun%h your !or &rowser whenever you want( You will need to reinstall your 0dd-
ons in this !or &rowser$ and you will not &e a&le to use your old &rowser A>hrome or
)ire"oxB i" you want to have the prote%tion o" !or( :owever the !or &rowser is &ased on
)ire"ox$ so any plugins that wor' "or )ire"ox should also wor' "or the !or &rowser(
5e"ore you start using !or$ there are some things you should &e aware o" &e"ore you start
sur"ing8 2a'e sure you %he%' out the list and are aware o" what they might mean "or you(
2.&.2 - 0ecure "our ,#ail
Encrypt Your Connections $ith L!TL
Just as it is important to use we&sites that ena&le SSL$ you will want to do the same with
your email %onne%tion( 4" you always use your email in a &rowser$ li'e Yahoo 2ail or Gmail$
you don/t need to worry a&out this( 5ut i" you use a third-party %lient li'e !hunder&ird$ there
are settings you should ma'e sure are set(
4n !hunder&ird$ %li%' <dit D 0%%ount Settings( +n the le"t side o" the window$ you will see an
expanded list o" email a%%ounts( >hoose the one you want to set "or SSL and %li%' #Server
Settings(# >onne%tion Se%urity should &e set to S!09!!LS( !hen %li%' #+G(# 4" you %hoose this
and your email does not send or re%eive$ sele%t SSLE!LS in this "ield instead and try again
4" you experien%e %ompli%ations ena&ling SSL in your email %lient$ your email provider will
give you instru%tions on how to do so in its :elp se%tion( 4t may have a di""erent server
name or port %on"iguration "or you to enter here(
$>
Encrypt Your Messages with %&%
PGP is the standard "or email en%ryption nowadays( 4t allows you to seamlessly en%rypt mail
messages to people and have them 6ust as easily de%rypt them upon re%eipt( You might send
a "ull message to someone$ and i" anyone that might %ome a%ross your message happens to
open it without your 'ey$ this is all they will see3
-----BEGIN RGR MESSAGE-----
Charse: ISO-8859-1
Version: GnuRG v2.0.19 (GNU/Linux)
hQEMAyL1sE8aLy0uAQf9G12ng+ijfKmMEyInN6iauYaR6ITIrzOTK+ZiEHc1oAeKZwh
4zg1O6111AUU+nYC1WCTMKR1cIU0yOqp1INE19ZNn7qNneUcmYmfyaBATpz15qXiM5
mVMCrK82e1XGLRK'o76In4oh8WEVxISZhw4AT+Vx0jXqQR6HU'eK1sr4a+OTjSZ1T+i
TYy0Q2RQjSLMp5xKyjoY9ArxOQBbznwRcwfRIMzUnCf2Q87uayssbp5HmnpZj8Izgm7
/Eehr'Qfn'1hAvgGRrN'/d8o+RK24h3p1AqpSres6O7'6OAehppAJ/TKUYoNZeM6qC
eBOrRQohuSmGg3'NNLpAUJOONXIYEavuc2Iyb+phyBRSxrcZJ/e2RN/Xx7i6Ki/R3347f
oZ0/GaVpUrwR9MQJLjawR/cVEEBY21ar4...
0n inde%iphera&le mess is all that awaits them(
)or PGP to "un%tion properly$ you must generate a #'eypair# "or yoursel"$ and you must have
the pu&li% 'ey "or your %hosen re%ipient( Let/s go through the steps(
*e will use !hunder&ird and it/s <nigmail plugin to handle our email en%ryption and
de%ryption( 4n !hunder&ird$ %li%' !ools D 0dd-ons$ %li%' Get 0dd-ons$ then sear%h "or and
install <nigmail( +n%e the plugin is installed and !hunder&ird has restarted$ %li%' the
+penPGP menu$ then %hoose the Setup *i7ard(
/-
>li%' -ext$ then %hoose the email a%%ounts you want to use en%ryption with( A9emem&er
that you will have the %hoi%e whether or not to en%rypt ea%h message$ so you don/t have to
worry a&out ma'ing everyone you 'now get PGP 'eys i" you don/t want to en%rypt your
emails to them8B
>li%' -ext again$ and "ollow the rest o" the wi7ard( 4t explains well the steps and options you
need to %hoose$ and it also helps you automati%ally generate a PGP 'ey(
/1
-ow$ on%e this is %omplete$ you have the option o" su&mitting your pu&li% 'ey to a
'eyserver( 0 'eyserver is li'e a sear%h engine "or people/s pu&li% 'eys -- i" you have someone
you wish to %ommuni%ate with$ you %an import their 'ey "rom a pu&li% 'eyserver without
them needing to give you their 'ey dire%tly( !his does not redu%e the se%urity o" your 'eys$
as the message %an only &e de%rypted &y the spe%i"i% re%ipient anyway( You are not re.uired
to upload your pu&li% 'ey to a 'eyserverK i" you %hoose not to$ you will need to 'eep your
messages signed with your PGP signature Awhi%h <nigmail usually ena&les &y de"aultB$ or
you will need to export a %opy o" your pu&li% 'ey to an (as% "ile and give that to your
%onversation partner(
!o upload your 'ey to a pu&li% 'eyserver with !hunder&ird$ %li%' +penPGP D Gey
2anagement$ then right-%li%' your 'ey and %hoose Upload Pu&li% Geys to Geyserver( 4t
doesn/t matter whi%h server you %hoose at this stage$ as they all will share their data with
ea%h other(
!o "ind someone else/s pu&li% 'ey on a 'eyserver$ open up Gey 2anagement then %li%'
Geyserver D Sear%h "or Geys( !ype in the email address o" the person you want to email$
then %he%' the &ox next to their name( 4" their name doesn/t %ome up in the list$ you %an
import a pu&li% 'ey that they give you in (as% "ormat &y %hoosing )ile D 4mport Geys )rom
)ile( 4t is usually a &est pra%ti%e to use a 'ey that is given to you "rom someone rather than
using a pu&li% 'eyserver$ i" you trust them(
9emem&er that i" you have uploaded your pu&li% 'ey to a 'eyserver$ you are pretty mu%h
lo%'ed into using that 'ey( 4" you ever lose your 'ey"iles or want to %hange 'eys "or some
reason$ you will need to generate and upload a revo%ation %erti"i%ate( !his is done to ensure
trust$ and the 'nowledge that the 'eyholder really is who he purports to &e via their name
and email address(
0"ter this$ you %an write en%rypted emails to whoever you want$ provided you have
imported their pu&li% 'ey8 4" you %hose to automati%ally en%rypt your messages in the Setup
*i7ard$ you don/t have to set anythingK i" not$ you %an %li%' +penPGP D <n%rypt 2essage in
the -ew 2essage window to write an en%rypted message( +n%e you %li%' #send# and enter
your password$ the message will automati%ally &e en%rypted( *hen you re%eive an
en%rypted message "rom a %onversation partner$ !hunder&ird will automati%ally as' you "or
your password$ and will de%rypt the message "or your viewing( !he message will remain
en%rypted so you will need to enter your password ea%h time you wish to read it(
/%
2.&.% - 0ecure "our Chat .!!lications
Encrypt %idgin Chats with 'TR
4" mail is a &it too slow "or your taste and you pre"er 4nstant 2essaging A42B$ there is a
solution "or you( !he %hat appli%ation Pidgin$ a mainstay o" Linux %ommuni%ation suites$ has
a plugin named #+!9# A+"" !he 9e%ordB that %an &e used to en%rypt your %hat %onversations(
4t operates in a similar way to PGP$ in that you must "irst ex%hange pu&li% 'eys with your
%onversation partner( 4" you don/t already use Pidgin$ it is availa&le "or install in the U&untu
repositories(
!o install the +!9 plugin$ head to the >ypherpun's site and download the tar&all "or the
+!9 Li&rary and !ool'it$ as well as the one "or #+!9 Plugin "or Pidgin(# !hen run the
"ollowing3
ar xzf 1ibor-*.ar.gz
cd 1ibor-*
./configure --prefix=/usr
ma'e
sudo ma'e insa11
ar xzf pidgin-or-*.ar.gz
cd pidgin-or-*
./configure --prefix=/usr
ma'e
sudo ma'e insa11
!his will install &oth the re.uired li&raries "or +!9 as well as the plugin spe%i"i% to Pidgin(
!o %on"igure the plugin$ open Pidgin and %li%' !ools D Plugins( >he%' the &ox next to #+""
!he 9e%ord 2essaging(# !hen$ %li%' the entry "or #+"" !he 9e%ord 2essaging# and %hoose
>on"igure Plugin(
/$
:ere you %an %hoose a set o" options &ased on how you want the plugin to &ehave( 0lso$ you
%an %hoose to generate a 'ey "or a spe%i"i% a%%ount( +n%e you &egin a %onversation with a
"riend who also has +!9 ena&led$ you will see a noti"i%ation display that you %an &egin a
%onversation with that person( >li%' #-ot Private# and %hoose #Start Private >onversation# to
ena&le en%ryption with the a%tive %onversation partner( 0nd you/re o""8 +!9 is notoriously
easy to set up and use(
//
2.&.& - $urther 1eading
:ow !o3 Prote%t Your Priva%y with Ghostery - >hip(eu
!or do%umentation "or Linux
<nigmail PGP Hui%' Start Guide
:ow to Use +!9 to 4nitiate a Se%ure 2essaging Session in Pidgin - !a%ti%al !e%hnology
>olle%tive
/2
'.0. A11.2DI34 1o/u)ar A//)i&ations
+.@. !880ADI>B 8o*u)ar !**)i(ations
!he "ollowing is a non-exhaustive list o" "re.uently used appli%ations and "ile "ormats that may ma'e
your swit%h to Linux easier( !here will &e multiple %hoi%es "or some types o" appli%ations( +n
U&untu$ most o" these appli%ations %an &e "ound in the U&untu So"tware >entre$ or &y running sudo
ap-ge insa11 $appname in the !erminal(
2.'.1 + .!!lications2 3edia
!he de"ault musi% player that %omes with U&untu is -hyth"bo2( 9hythm&ox is a de%ent
musi% player with many "eatures similar to i!unes( 4t has an easy-to-use li&rary view$ with
integrated pod%ast$ Last("m and musi% store integration( 4t also "eatures a plugins system
that %an extend its use &eyond simple musi% play&a%'(
/7
/anshee is also a good option$ and it is even QmoreQ li'e i!unes "or those who are used to
its inter"a%e( )or those who use G1<$ you %an %he%' out !"aro& or C)e"entine(
0nother option "or more advan%ed users is "*d( 2pd is te%hni%ally an audio server that
streams to lo%al %lients( *hen you use mpd$ you will there"ore set up the audio server
Awhi%h is always runningB as well as a %lient to inter"a%e with it( 0 "avourite mpd %lient is
n("*(**( 4t has a strange a%ronym o" a name$ &ut it is very "ast and has a "ully "un%tional
graphi%E%ommand-line inter"a%e( )or those who li'e to %ustomi7e their des'top
environments$ n%mp%pp is a hit$ as it is as %ustomi7a&le as any other !erminal window(
/*
!he old stand&y "or playing video on Linux is V1C$ mu%h li'e it is on other plat"orms( 4t %an
play a very wide variety o" di""erent video "ormats$ supports su&titles and multiple audio
tra%'s$ and is also extensi&le &y plugin( 4t/s also very "ast8
U&untu %omes with a standard image viewer %alled I"a'e Viewer( !his is analogous to
*indows/ 4mage Preview$ &ringing de%ent .uality image viewing to the G-+2< des'top( )or
other des'top environments or distri&utions$ Viewnior is a very "ast and lightweight
repla%ement "or 4mage =iewer and is highly re%ommended(
Geeping photo li&raries on Linux is easy with Shotwe))( Shotwell is essentially a Linux %lone
o" the popular iPhoto "or 2a% +S ,( You %an import images "rom your hard drive or dire%tly
"rom your digital %amera( 0r%hive your photos &y date$ &y event or &y tag(
)or editing graphi%s$ the most %ommon open sour%e solution is !he GI%8( *hile not .uite
as "ast or as usa&le as Photoshop$ !he G42P is still very power"ul and a%tively developed$
&ringing intensive image manipulation %apa&ility to Linux(
/<
4" you wor' with ve%tor images or graphi% design on a regular &asis$ %he%' outIn&s(a*e$
whi%h has many o" the same "eatures as 0do&e/s 4llustrator(
!he most-used option "or audio editing on Linux is !uda(ious( 0uda%ious is also widely
used on other plat"orms li'e *indows( 4t is easy enough to use "or &eginners to audio
editing or pod%asting$ &ut "lexi&le enough "or experien%ed pro"essionals(
)or we&%ams$ Cheese is a good option "or G-+2<-&ased des'tops( )ans o" e&oo's and
'eeping digital li&raries %an %he%' out (a)ibre$ whi%h is a very power"ul and "eature-ri%h
e&oo' li&rary( /rasero %omes de"ault with U&untu$ and is used "or >1E1=1 &urning(
/>
2.'.2 + .!!lications2 Utilities
U&untu/s de"ault text editor is 'edit( Gedit is a "ine standalone text editor "or in"re.uent
use( 0nother very "ast and lightweight option is )eaf*ad( )or more text editors that might &e
o" &etter use while programming$ %he%' out the Produ%tivity se%tion(
U&untu %omes with a standard ar%hive manager %alled Await "or itB !r(hie %ana'er( )rom
here$ you %an easily %reate or modi"y your ar%hives o" many di""erent types(
TrueCry*t is very o"ten used &y those who wor' with sensitive "iles$ or simply wish to
en%ryptEpassword-prote%t some "olders on their system(
+ther utilities o" use in%lude the Ter"ina) "or running %ommands$ or ina're "or =->
%onne%tions to other %omputers(
2.'.% + .!!lications2 4etwor5ing
U&untu %omes installed &y de"ault with Firefo2$ the %ommon %ross-plat"orm &rowser that
AnearlyB everyone loves( 4" you don/t love )ire"ox$ you %an install Chro"iu"$ whi%h is the
Linux version o" Google >hrome( !here is also 5*era or other &rowsers availa&le "or Linux(
)or email$ the main %hoi%e is Thunderbird$ whi%h is also installed &y de"ault in U&untu( 4t is
analogous to 2ail in 2a% +S ,$ or to 2i%roso"t +utloo' "or *indows( 0o)ution is the
runner-up in the 2ail %ategory$ whi%h is in%luded &y de"ault in the G-+2< des'top( C%ai) is
a de%ent option "or G1< users(
2-
)or instant messaging$ 8id'in is %ommonly used( You %an use Pidgin with 042$ 4>H$
2S-ES'ype$ Google !al'$ ,2PP$ )a%e&oo'$ 49> and many many other proto%ols( 4t is easy to
use$ and supports a wide variety o" plugins to extend and personali7e its use( 0"*athy is
the %lient that %omes &uilt-in with U&untu$ and it supports a great deal o" proto%ols as well(
+ther %hoi%es in%lude irssi "or a %ommand-line 49> %lient$ or Duasse) "or a "ull-"eatured
deluxe GU4 49> %lient(
4" you are a "re.uent mi%ro&logger "rom your des'top$ Dwibber %omes &uilt in with U&untu$
and supports posting to !witter and 4denti%a( +ther than that$ 8o))y is a "antasti% standalone
!witter %lient "or the G-+2<EUnity des'top( !hose who read 9SS "eeds "rom des'top
appli%ations %an %he%' out Li"erea$ 9SS+wl$ or 0'regator AG1<B( )inally$ Trans"ission is
"re.uently used "or torrent downloads and management(
21
2.'.& + .!!lications2 roducti6it7
!he 'ing o" open sour%e produ%tivity so"tware on Linux is presently the 1ibre5ffi(e suite(
Li&re+""i%e in%ludes a word pro%essor$ spreadsheet editor$ presentation %reator$ math
"ormula %reator$ and simple graphi% design program( 0n alternative to Li&re+""i%e is the
5*en5ffi(e suite$ the an%estor pro6e%t to Li&re+""i%e(
U&untu %omes with a &uilt-in P1) reader %alled Do(u"ent Viewer( 4t %an view and edit
P1)s as well as other do%ument "ormats li'e PostS%ript( Lighter options "or P1) readers
in%lude Eathura or %u8DF(
)or programming text editors$ Geany is a good option( +ther options in%lude S(iT0$
/)uefish or S(ribes( 4" you are loo'ing "or a more "ull-"eatured 41<$ you %an try 0()i*se or
!*tana(
2%
The CitizenWeb Guides 6 Four 8ersona) Serer
..1. Why a 8ersona) Serer#
!he short answer is3 /e(ause you don,t hae to sa(rifi(e features, fun(tiona)ity or
(o"fort Gust be(ause you are (on(erned with se(urity and *ria(y.
%.1.1 - The ros
2any people loo' to Google$ )a%e&oo' and other large plat"orm servi%es "or the ex%eptional
%onvenien%e they o""er( *ith all o" the servi%es availa&le to us online these days$ it/s easy to
see how they %an improve our lives and ma'e us live or wor' &etter( :owever there are
signi"i%ant ris's to using these servi%esK ris's that are only deepening and &e%oming more
serious with time( *hat most people do not reali7e is that$ on%e the initial investment o"
&uying or hosting your personal server is passed$ sel"-hosting data is very easy and re.uires
little to no sa%ri"i%e o" "un%tionality(
0re you addi%ted to Google >alendar and %an/t live without it syn%ing a%ross your %omputers
and devi%es@ >he%' out own>loud$ whi%h lets you do the exa%t same things$ &ut gives you
the %ontrol over your data that Google %an no longer provide you with( 0re you lost without
your Gmail a%%ount@ You %an host your own email and have all o" Gmail/s "eatures in the
%lient o" your %hoi%e( Plus$ you %an still syn% your mail and %onta%ts e""ortlessly a%ross your
devi%es(
You %an have your own #personal %loud$# a %ustomi7a&le plat"orm servi%e that meets your
needs$ without selling your personal in"ormation to mar'eting agen%ies or over7ealous
governments( You %an do it &y hosting your very own 4nternet-%onne%ted server(
!he most su&stantial #pro# to hosting your own data with a personal server is the priva%y
"a%tor( 0s mentioned repeatedly in this guide$ data given to plat"orm servi%es li'e Google or
)a%e&oo' ris's &eing handed to mar'eting agen%ies or governments without your %onsent$
and in some %ases without you even 'nowing( *hen your data is sel"-hosted and properly
se%ured$ you %an &e sure that your in"ormation will not "all into the hands o" mar'eters(
)urthermore$ governments will &e re.uired to physi%ally intervene with warrants or other
methods i" they suspe%t you o" something$ whi%h is mu%h less %ommon and %ostly than the
&ul' inter%eption they pra%ti%e today(
2$
+.1. Why a 1ersona) Server!
)or these reasons$ sel"-hosting your own server is a huge plus "or a%tivists$ whistle&lowers or
6ournalists( 5ut it is also very important "or %ommon$ everyday 4nternet users li'e you and
me( !he more data we share a&out ourselves online$ the larger that Google and )a%e&oo'
get$ the more irresista&le targets they will ma'e "or mar'eters and governments( *e are
already seeing today how simply standing up "or what is right in so%iety %an get you &ullied$
threatened$ a&used$ extradited and worse( 4" you are sure that nothing you do right now %an
get you into trou&le$ %an you &e sure that in ten years "rom now$ the positions you ta'e or
the data you own FFnowFF won/t &e used to get you into trou&le@ !he 4nternet is a time
ma%hine -- any %omment you ma'e on a plat"orm servi%e %an &e indexed and potentially
used against you( !his is why a de"ault state o" priva%y must &e en"or%ed on the we& -- and i"
servi%es li'e Google or )a%e&oo' won/t do it "or us$ then we must &e prepared to ta'e
matters into our own hands$ &y sel"-hosting our data and re"using to parti%ipate in their
systems(
%.1.2 - The Cons
1e%entrali7ing the 4nternet isn/t always a "ield o" "lowers -- sometimes it %an &e a downright
annoying experien%e( !here are a "ew di""erent pit"alls that one must &e aware o" &e"ore
they ta'e the plunge and host their own server(
Perhaps the most signi"i%ant draw&a%' is in downtime( Google/s servi%es$ while they have
&een su&6e%t to very pu&li% and unexpe%ted downtimes in the past$ are overall very sta&le
and well-managed( !his %annot possi&ly &e mat%hed in a home server environment$ when
data is isolated to only one node( 4" you host your server at home$ this server will &e su&6e%t
to any power outages$ 4nternet servi%e interruptions$ or a%%idental unplugs when your %at
tries to ma'e a home &ehind your %omputer( +n%e a downtime o%%urs$ you will not &e a&le
to intera%t with usersK i(e( people will not &e a&le to see your we& server$ send you emails$ or
do mu%h o" anything else(
-ext %omes the se%urity aspe%t( <very server on the 4nternet represents a target "or ha%'ers
and s%ript 'iddies( +n%e they %an get a%%ess to a vulnera&le ma%hine$ they %an try to troll
through it "or your personal in"o$ or 6ust use it as a host "or spam mail or monitoring your
4nternet use( You will not have the se%urity experts at Google ma'ing sure that your servi%es
are under lo%' and 'ey -- FFyouFF will &e your own se%urity expert( Lu%'ily this is not very
di""i%ult$ as the tips outlined in this guide should di""use a de%ent ma6ority o" %ommon atta%'
ve%tors( :owever nothing is 100V se%ure$ and a sel"-hoster must remain vigilant that their
%on"iguration is "re.uently updated and not %ompromised(
2/
5e%ause o" these downsides$ %ontingen%y plans should &e made o"ten( 4" you have the
resour%es$ rent a =PS that you %an swit%h to i" your main server goes down( Pra%ti%e
"re.uent en%rypted &a%'ups to external media or o""site lo%ations( 2a'e sure to redu%e your
ris' o" #going down# as mu%h as possi&le i" you are going to &e hosting %riti%al %ontent(
%.1.% - T7!es o/ 0er6ers
4" you don/t have the spa%e to set up a traditional dedi%ated server in your own home$ or are
una&le to do so "or other reasons$ don/t worry -- there are a "ew di""erent ways to sel"-host
your data$ and we will loo' at ea%h o" them here(
(edicated er)er
!his option %onsists o" having a standard %omputer in your home that is %onne%ted to the
4nternet andEor a home networ'( !his server %an &e any used des'top %omputer that you
have lying around$ or a %ustom-&uilt one "rom ordered parts( +n%e the %omputer is ready$ it
%an &e stored in a %loset or a tu%'ed-away %orner o" your home( 4t does not re.uire a
%onstant monitor or 'ey&oardEmouse %onne%tion to &e "un%tionalK you %an %ommuni%ate
with it via SS: Aexplained in this guideB to %on"igure or maintain your running servi%es(
!his option is the &est "or running a large amount o" online servi%es at on%e( 0s it has more
pro%essing power than em&edded miniservers$ it %an handle more servi%es and more
visitors than a 9asp&erry Pi might &e a&le to( 0lso$ while it is more expensive "rom the start
Areasona&le %ost estimates "or a &rand-new dedi%ated server run &etween WP00 and W;00 US
dollarsB$ a dedi%ated server %an &e more %ost-e""e%tive in the long run when %ompared to
the monthly %ost o" a virtual private server A=PSB(
:owever$ as suggested a&ove$ dedi%ated servers do ta'e up mu%h more spa%e than
em&edded miniservers or Ao&viouslyB =PSes( !hey re.uire a larger initial investment$ and
will generally re.uire spe%ial servi%es "rom your 4nternet Servi%e Provider A4SPB in order to
ma'e them "ully "un%tional( 0lso$ in %ase o" a move$ power outage or other un"oreseen
servi%e interruption at your home$ you will &e without a way to host your %ontent until the
interruption passes(
22
E*bedded Miniser)er +Raspberry %i,
!his is a relatively new option when it %omes to sel"-hosted servers$ &ut it is one that is
rapidly gaining popularity( 9asp&erry Pi mini%omputers %an &e pur%hased "or only W2PUS1(
*ith an exterior %ase and a dedi%ated networ' %onne%tion$ they %an o""er a host o" simple
server appli%ations$ su%h as we& servers$ email servers and data&ases( !hese miniservers
%annot &e &eat when it %omes to the initial investment %ost$ providing a huge advantage to
those who do not have hundreds o" dollars lying around( !hey also still provide the se%urity
o" physi%al ownership and %onstant a%%ess that a =PS %annot o""er(
<m&edded miniservers are$ however$ de%idedly slower and not a&le to handle nearly as
mu%h load as a dedi%ated server &ox( !heir use should &e restri%ted to o""ering simple we&
servi%es only$ and not heavy media-intensive server apps( 0nd as mentioned a&ove$ these
servers are still hosted at your home$ so they will still &e su&6e%t to o%%asional power
outages or other interruptions as they a""e%t you(
-irtual %ri)ate er)er +-%,
0 virtual private server A=PSB is a virtual ma%hine that is hosted elsewhere( !his is done
typi%ally &y a hosting %ompany( !he di""eren%e &etween =PS hosting and traditional we&
hosting is that you %an run anything on a =PS 6ust as i" you were using your own physi%al
%omputer( You %an a%%ess your virtual server via SS: or =L> "rom wherever it is in the world(
=PSes have many &ene"its over other server types( )irst$ they do not re.uire a massive initial
investment$ li'e a traditional server might( !hey are usually o""ered "or monthly or yearly
"ees paid to the hosting %ompany( 0s the server is virtual and hosted elsewhere$ you do not
need to worry a&out storing it in your home$ nor do you need to %hange your a%%ount with
your 4SP( )urthermore$ i" you are a whistle&lower or a%tivist and live in a %ountry with
parti%ularly egregious monitoring or sei7ure laws$ you %an order a =PS in a %ountry that does
not have su%h stringent rules( )or example$ there are =PS %ompanies in 4%eland$ a %ountry
'nown "or its "reedom o" spee%h and prote%tions "or 6ournalisti% pu&li%ation(
!hese virtual servers do have their downsides( )irst$ they are generally not .uite as %apa&le
as dedi%ated home servers$ &ut are still &etter than em&edded miniservers li'e the
9asp&erry Pi( You %an pur%hase a very power"ul =PS$ &ut this will li'ely %ost you a signi"i%ant
monthly "ee over the standard pa%'age %osts( !his leads to the se%ond point3 the aggregated
%ost that you pay "or a =PS over many months will undou&tedly &e more than what you pay
"or 6ust &uying a dedi%ated server( 0nd "inally$ there is always the issue o" personal
assuran%e3 you %annot physi%ally assure the se%urity o" data on your =PS( !he =PS may also
&e su&6e%t to the snooping or sei7ure laws o" the %ountry it is &ased in$ regardless o" your
own nationality( 4t is o"ten a good idea to en%rypt any personal data stored on a =PS
&e%ause o" this(
27
+.'. 5efore 6ou 5e%in4 7/tions, Confi%uration and 8ardware
..+. /efore Fou /e'inB 5*tions, Confi'uration and 7ardware
A-ote that =irtual Private Server A=PSB users %an s'ip this arti%le entirely( <m&edded
miniserver users li'e those with the 9asp&erry Pi %an s'ip down to se%tion (2((B
%.2.1 - 8ist "our )!tions
*hat do you want your server to do@ *hat will it &e handling "or you on a daily &asis@ !hese
are important .uestions to answer &e"ore shopping "or your server hardware(
Wi)) you be runnin' hardwareHintensie seri(es# Servers that run virtual
ma%hines or media servers traditionally have mu%h higher hardware re.uirements
than simple emailEwe& servers( !he more =2s you want to run$ the &etter >PU you
will needK similarly$ the more media servi%es you wish to host$ the more memory you
will need( )or any server that is to run a media servi%e$ it is re%ommended to have at
least ?G5 o" memory(
Wi)) this be a 4head)ess4 serer# *ill this %omputer need to &e used dire%tly$ or %an
you simply put it in a %orner and manage it "rom your laptop via an SS: %onne%tion@
4" you need to a%%ess it more than on%e$ it would &e a good idea to &uy a monitor as
well( Geep in mind that you will need to use a monitor during the server setup$ &ut i"
you have another des'top$ you %an &orrow that monitor 6ust "or the installation(
Wi)) this be a firewa)) or networ& (ontro))er# 1o you plan on using this %omputer
to serve as a "irewall instead o" using your existing router %on"iguration@ *ill this
%omputer &e serving 1:>P %lients$ or will you leave that to another router %onne%ted
to the networ'@ 4" you/ve answered yes to any o" those .uestions$ it would &e a good
idea to get a server mother&oard e.uipped with two ethernet ports A-4>sB( +ne will
&e #"ront-"a%ing$# that is$ %onne%ted to your %a&leE1SL modemK the other will %onne%t
to a hu& or wireless a%%ess point "or your internal networ'(
2*
Aetwor&Hatta(hed on)y :no firewa)); Aetwor&Hrouted and firewa))ed

%.2.2 - Bu7 9ardware
-ow we get to the "un part - doing some shopping8 Load up your "avourite %omputer parts
vendor and let/s get started(
Popular parts vendors in the US and >anada are -ewegg and !iger1ire%t( -ewegg
usually has the &etter pri%es and availa&ility$ &ut whi%hever one you pi%' is up to you(
4t/s usually &est to ma'e lists on a "ew di""erent sites to see whi%h one a%tually has
the %heapest pri%e "or that spe%i"i% appli%ation( 4n the UGE<urope$ %he%' out 2is%o(
C%U
!he most popular server >PUs these days are 4ntel$ hands down( !he Sandy 5ridge and 4vy
5ridge-%lass pro%essors are really without %omparison when it %omes to per"orman%e and
dependa&ility( You %an "ind de%ent ones "or &etween W2P0 and WP0 that will provide more
than enough power "or what we are loo'ing to a%%omplish with our server(
4t is also important to remem&er your >PU/s %ooling re.uirements( 2ost new 4ntel >PUs
%ome with %heap &ut de%ent %ooling "ansK though i" you are loo'ing to improve your server/s
noise produ%tion$ it may &e a good idea to &uy a ni%er "an as well( Just ma'e sure the "an is
%ompati&le with your %hosen >PU/s so%'et type(
2<
Me*ory
Some individuals and %ompanies may %onsider this heresy$ &ut you really don/t need to &uy
the most expensive 902 out there in order to have a dependa&le and .ui%' system( 4" you
are spending more than W1P0 on 902$ you are very li'ely spending too mu%h( 1e%ent server
memory is not too mu%h more than normal memory(
Motherboard
!he mother&oard is where the entire system %omes together( >hoosing one depends on the
servi%es you wish to o""er with this server(
;;V o" the time$ you will want to %hoose a server mother&oard( !hese &oards support
server-%lass >PUs li'e the 4ntel ,eon series( )urthermore$ most o" them %ome with two
<thernet ports A-4>sB( !his is indispensa&le "or servers that a%t as routers "or internal
networ's$ or servers that will host emailEwe& servi%es( 0 %ommon setup is to plug the
%a&leE1SL modem into the "irst -4> as a #"ront-"a%ing# inter"a%e$ then to route the internet
%onne%tion through to the se%ond -4>$ whi%h is %onne%ted dire%tly to your networ' hu& or
wireless a%%ess point(
4t is possi&le to get &y with a standard mother&oard and >PU i" you only want to do media
sharing on your internal networ'$ &ut i" you are even F%onsideringF doing more than that$
it/s &est to go "or the server mother&oard and >PU(
9egardless o" the %lass o" mother&oard you go with$ the most important mat%h you will
ma'e is &etween mother&oard and >PU( You 2US! remem&er to pair them &y their so%'et
type( )or example$ so%'et LG011PP >PUs might not "it every so%'et LG01UU or LG02011
mother&oard$ et%(
0lso 'eep 902 AmemoryB in mind( 2other&oards have di""erent types$ so%'ets and speeds
"or 902$ as well as limits to how mu%h memory they %an handle$ so ma'e sure you %an "ind
one that wor's with your memory re.uirements( Your mother&oard/s manual$ usually
availa&le in P1) "rom the manu"a%turer/s we&site$ will have all o" this in"ormation(
2>
Case
>ases might not seem li'e an important %onsideration$ &ut there are two %riti%al elements to
&e aware o" when %hoosing one to meet your needs(
Size3 !here are many si7e designations "or mother&oards3 0!,$ 2ini 0!,$ 2i%ro 0!,$
et% et%( 2a'e sure the %ase is the %orre%t si7e "or the mother&oard you are loo'ing to
pur%hase(
8ower Su**)y3 2ost %ases these days %ome with their own power supplies$ &ut they
are not all %reated e.ual( 4" you are planning on pur%hasing a %omputer with an 4ntel
server >PU$ you will de"initely need a power supply with 2L-pins Aor #20NL#B( !he extra
L pins are re.uired to meet the mother&oard and >PUs extra re.uirements( Geep in
mind that$ i" you have your heart set on a parti%ular %ase that %omes with an
in%ompati&le power supply$ you %an always remove the old one and install one
separately pur%hased(
.ard (ri)e+s,
0gain$ the type o" hard drives you will need will vary depending on what you want to
a%%omplish with them( )or simple we&Eemail servers$ you will not need mu%h spa%e at all(
)or those loo'ing to do any sort o" "ile hosting$ spa%e will li'ely &e very important( You %an
pi%' a %ertain num&er o" drives that %an &e mat%hed via a 9041 array$ whi%h %an either3
(((stripe them together Ai(e( e""e%tively ma'ing Lx 2!5 drives into one giant ?!5 driveBK
((( +9 mirror them$ "or an instant &a%'up in %ase one drive in the "ormation "ails(
A2a'ing Lx 2!5 drives into two sets o" L!5 drives$ with one a%ting as a live &a%'up in
%ase the other set goes downB(
1rives should also &e pur%hased a%%ording to their type and the %ompati&ility with the
mother&oard( -early every mother&oard these days supports S0!0$ the new standard "or
drive %onne%tivityK however there are multiple types o" S0!03 1(PG5Es$ (0G5Es and the
newer U(0G5Es( 4" your mother&oard supports U(0G5Es$ and you plan on hostingEmoving
very large "iles with your server$ it would &e worth it to %onsider U(0G5Es S0!0 driveAsB(
)inally$ &rand name and warranty does still mean something$ espe%ially sin%e hard drives
are su%h important %omponents in your server( 0"ter all$ all your personal data rests on
themK repla%ing the drive is mu%h easier than repla%ing the data( Go with a &rand that is
'nown to &e good( *estern 1igital 5la%' series drives have a good re%ord o" dependa&ilityK
many o" them also %ome with re%ord P-year warranties$ ma'ing them an ex%ellent option(
7-
'ther tuff
+ther things you will need to %onsider3
Gey&oardE2ouse
>1E1=1 drive
Power strips and plugs
2onitor3 9emem&er that this is optional i" you are going to run a headless server$ &ut
you will at least need a%%ess to one temporarily when you install your distri&ution(
%.2.% - I0 and Do#ain 4a#e )!tions
4" you are not planning to use your server to host any external A4nternetB servi%e$ +9
you have opted to use a =irtual Private Server A=PSB$ you %an s'ip this se%tion(
1ealing with your internet servi%e provider$ no matter how mu%h you might dread it$ will &e
a ne%essary %omponent o" this setup i" you plan on hosting a we&site or your email on this
server( Your server needs the a&ility to &e lin'ed to a domain name$ whi%h means it also
needs a stati% 4P( !his is something your internet servi%e provider %an give you( 4" you want
to host multiple servers and servi%es on =2s Asay a "ileserver =2 and an emailEwe& host =2B
it would &e a good idea to also get a stati% su&net(
Usually when you %onne%t to the 4nternet$ your servi%e provider gives you a dynami%ally-set
4P address to use( :owever when your we&Eemail servi%es go live$ the 4nternet will need a
steady and stati% address with whi%h to loo' you up( !his is why at least one stati% 4P
address is re.uired( 0 stati% su&net is an extension o" the a&ove idea$ &ut it o&tains multiple
stati% 4P addresses that &elong to a spe%i"i% #su&net$# or a su&set o" 4P num&ers( )or
example$ i" you were to o&tain what is %alled a #E2; su&net$# that gives you six stati% 4P
addresses to use(
Some residential internet providers no longer allow %lients to re.uest stati% 4P addresses or
su&netsK i" this is the %ase$ you may need to %onsider springing "or a 5usiness %lass plan$ as
these always have the a&ility to o&tain stati% 4P addresses( 4n many %ases they are not more
than W10 or W1P more than your original residential plan would &e(
+n%e you/ve dealt with your 4SP$ you must pur%hase a domain name( !his will li'ely &e mu%h
easier Aand pro&a&ly %heaperB than the prior step( !here are many de%ent domain name
71
registrars out there$ &ut 4 have to re%ommend -ame>heap(%om( 0s "ar as pri%e$ ease-o"-use
and %ustomer servi%e are %on%erned$ they are %onsistently %ited as one o" the very &est( )or
a domain$ you %an %hoose anything with any endingK though something simple is advisa&le i"
you are to &e using an email address as well( -othing li'e typing a 1P-%hara%ter domain
when you want to send someone an email(
*hen &uying a domain name$ 'eep in mind that the domain you pur%hase will &e su&6e%t to
the laws and regulations o" the %ountry that you register it in( *i'ipedia ran into trou&le in
the United States when its #(org# address was res%inded &y US authorities &e%ause it
pu&lished material that the government wasn/t too happy to see( !he %ommon #(%om$#
#(net# and #(org# are overseen &y the US Government( +ther %ountries$ su%h as 4%eland$ have
a more "avoura&le poli%y towards the pu&lishing o" %ontroversial or lea'ed in"ormation that
would &e in the pu&li% interest( 4t/s advisa&le "or those who loo' to post potentially sensitive
in"ormation to %onsider an 4%elandi% domain( )or more in"ormation regarding 4%eland/s
national "reedom o" expression poli%y 'nown as the #4%elandi% 2odern 2edia 4nitiative$#
visit its we&site(
*ith the stati% 4P in hand and the domain name registered$ it/s time to get them lin'ed
together( +n your domain registrar/s a%%ount page$ there will &e a pla%e mar'ed something
li'e #:ost 9e%ords# or #1omain Settings(# A+n -ame>heap it is "ound at 2y 0%%ount D
2anage 1omains D %li%' the domain name D 0ll :ost 9e%ords(B You will &e presented with a
list o" "ields$ usually arranged into at least "our %olumns3 :ost -ame$ 4P 0ddress$ 9e%ord
!ype$ and !!L(
4n the :ost -ame "ield #X#$ put your stati% 4P address in the %orre%t "ield$ and set the
re%ord type as #0#( !his will allow people to rea%h your we&site &y visiting
http3EEmydomain(%om(
4" there is a "ield "or #www# hostname$ or i" you %an %reate one yoursel"$ do the same
"or an 0 re%ord with your same 4P address( !his will allow people to rea%h the same
site when going to http3EEFwwwF(mydomain(%om as well(
)inally$ we will set our domain up "or mail( !here should &e a se%tion "or #2,
9e%ords# or #2ail Settings(# !he hostname should &e #mail#$ the 4P address mat%hing
your stati% 4P$ and the #2, Pre"# should &e #10#( *hen an email server wants to
"orward you an email$ they will %he%' this re%ord and see your 4P$ allowing them to
a%tually ma'e the %onne%tion &etween servers and deliver the message(
*ith the %orre%t settings ena&led$ and the 4nternet ready to wel%ome our server$ you are
ready to start assem&ling the server itsel"(
7%
+.+. Asseb)e 6our 1C
.... !sse"b)e Four 8C
!his se%tion will &e in%luded in guide version 1(P$ due out in 2ay 201(
7$
+.-. Insta))in% ,buntu Server
..?. Insta))in' <buntu Serer
%.&.1 - Download Ubuntu 0er6er
1ownloading U&untu Server is a snap3 you merely have to %hoose the version that is right
"or you( !here are usually two di""erent versions availa&le at any given moment3 the most
up-to-date version A%urrently 12(10B or the %urrent Long-!erm Support AL!SB version$ whi%h is
presently 12(0L(1( 4t is usually a good idea to sti%' with the L!S version$ as long as it is
re%ent( !his guarantees that you will &e a&le to get support through >anoni%al AU&untuB "or
the "orseea&le "uture$ should you have a pro&lem with the spe%i"i% version you are using(
!hough this means you will not get the latest and greatest updates "rom U&untu$ on server
distri&utions this is usually not a pro&lem(
:ead to U&untu Server/s download page and sele%t the version that wor's &est "or you(
2a'e sure to %hoose the %orre%t ar%hite%ture A2-&it or UL-&itB &ased on your server( +n%e
you have the iso in-hand$ &urn it to dis' with your pre"erred >1 &urning appli%ation(
4t is also possi&le to install U&untu via US5 drive(
%.&.2 - Installing Ubuntu 0er6er
4nstalling U&untu Server is 6ust as easy as installing U&untu/s des'top version$ &ut there are
Ao" %ourseB di""erent options you will need to %on"igure( 0lso$ the installer is only availa&le in
a text-&ased menu "ormat( You will &e a&le to use the SP0>< 'ey to mar' sele%ted option
&uttons or %he%'&oxes$ and !05 to move &etween "ields$ 6ust li'e in any other graphi%al
appli%ation(
Load your install >1 into your server$ and &oot it up$ a"ter having made sure that your
>1E1=1 drive is higher in the &oot order list( >hoose your language and the o&vious options
"rom the s%reen that %omes up( 4t will as' you more .uestions &ased on your language$
lo%ale and other pre"eren%es(
7/
0"ter this it will attempt to dete%t your hardware settings and will as' you i" you wish to use
1:>P( 4" your server is %onne%ted to a networ' that has a router$ %hoose to use 1:>P "or
now( 4" not$ %hoose #>on"igure the networ' manually# and you will have the option to set
your desired stati% 4P$ su&net and gateway settings( 0"ter the install$ we will wal' through
spe%i"i% networ' settings to ena&le &ased on your %on"iguration(
Set the hostname and time7one in"ormation as per your pre"eren%es(
72
-ext the installer will ta'e you to the dis' %on"iguration menu(
You will most li'ely want to %hoose #Guided - use entire dis'#( 4" this system will &e running
virtual ma%hines or will share dis' spa%e with other operating systems$ %hoose #2anual# and
%reate a partition "or #E# that re"le%ts the si7e you want your server storage to have(
77
0"ter this$ your &ase system will &e installed3
-ext$ you will set up a &ase user and %hoose its password$ as well as setting the
administrative password "or the root userK then you will &e as'ed i" you want to en%rypt the
:ome dire%tory on the server( Unless you have extremely sensitive se%urity %on%erns$ 4
would not &other with en%rypting the home dire%tory on a server( *e will &e en%rypting our
&a%'ed-up data &e"ore we pla%e it on the server anyway( !hen you will &e as'ed to %hoose
how you want to re%eive your updates3 either manually or automati%ally( >hoose &ased on
your pre"eren%e( 4t is o"ten %onvenient to have your server automati%ally re%eive se%urity
updates$ so you don/t need to worry a&out it(
7*
)inally$ you will &e as'ed whi%h so"tware pa%'ages should &e installed &y de"ault3
1( 5*enSS7 Serer3 4t is highly re%ommended that you %hoose this( !his will allow you
to remotely a%%ess your %omputer "rom other ma%hines$ either on the lo%al networ'
or on the 4nternet( *e will explain this in the next %hapter$ (P(
2( DAS Serer3 !his is only ne%essary i" you are going to use your server as a networ'
%ontroller and router( *e go over this in %hapter (U(
( 1!%8 Serer3 !his will install 0pa%he Awe& serverB$ 2ySHL A%ontent pu&lishing
plat"orms li'e *ordpress or 1rupalB$ and P:P Ane%essary "or almost any we&site
appli%ationB( *e will review these in %hapter (;(
L( %ai) Serer3 4nstalls Post"ix and 1ove%ot "or mail storage and transmission( *e go
over these in %hapter (Y(
7<
P( 8ost'reSD1 Database3 !his is another type o" SHL server( You should only %hoose to
install it i" the program you want to run expli%itly re.uires it(
U( 8rint Serer3 Use this i" you will &e %onne%ting a printer to this %omputer and would
li'e to share it on your networ' "or other devi%es to use(
Y( Sa"ba Fi)e Serer3 Use this i" you have *indowsE0pple devi%es on your networ' that
you will want to share "iles or media with( *e will go over this in %hapter (11(
?( To"(at 3aa Serer3 !his is "or Java so"tware hosting and development$ you will not
need it unless you are a Java developer(
;( Virtua) %a(hine 7ost3 Use this i" you will &e running virtual ma%hines A=2sB with this
server "or various reasons( =2s will &e explained in the appendix %hapter (12(
0nd with that$ your %omputer will re&oot$ and you will &e prevented with your shiny-new
login prompt3
7>
!his &ase system wor's a%%ording to the Linux %ommand-line rules that were explained in
se%tion 2( 4t has no graphi%al user inter"a%e( !he goal o" this guide is to get you up-to-speed
and %om"orta&le with editing the "eatures o" your system without needing to rely on
graphi%al inter"a%es(
%.&.% - Basic 4etwor5 0etu!
0t this point we will set up our server so that it has &asi% %onne%tivity to the 4nternet( )rom
there$ we will &e a&le to set up appli%ations &ased on our individual pre"eren%es in the
"ollowing %hapters( 5elow we will explain how to set up your server to %ommuni%ate with
the 4nternet on one port$ and with an internal networ' on the other( *e will assume that
#eth0# %orresponds to the port %onne%ted to our internal networ' hu& or a%%ess point$ and
#eth1# %orresponds to the port dire%tly %onne%ted to our 1SLEsatelliteE%a&le modem(
4" you have your server &ehind a router or other "irewall whi%h is handling your
%onne%tion Aand you will not &e using the server itsel" as a router or "irewallB$ you will
need to assign the server a Stati% 4P address on your router( !his is ne%essary "or
various reasons( You will need to "orward ports to your server "or every servi%e you
will want to run "rom it$ i" you want to &e a&le to rea%h them "rom the outside(
5e%ause o" this$ you will need to have the server on an internal stati% 4P address that
does not move$ lest your running servi%es &e interrupted( 4n the steps &elow$ you will
also want to s'ip any settings "or #eth1# as they do not apply(
)irst$ you need to "igure out the names o" your networ' inter"a%es( 2ost o" the time this will
&e #eth0# andEor #eth1$# &ut to &e sure$ run ip addr( 4t will list the di""erent inter"a%es you
have( 4" you have two networ' inter"a%es$ ma'e sure you 'now whi%h port %orresponds to
whi%h &y %onne%ting them to di""erent devi%es and monitoring how the ip addr entries
%hange(
4t is strongly re%ommended that you avoid running a server on a wireless inter"a%e
Awlan0B( )or per"orman%e$ sta&ility and %ompati&ility reasons$ this is simply 6ust a &ad
idea( !his guide will not provide in"ormation on %on"iguring servers %onne%ted
wirelessly(
*-
!o set your server with a stati% 4P address$ open the "ile /ec/newor'/inerfaces and
addE%hange the "ollowing lines3
auo eh0
iface eh0 ine saic
address 10.0.0.5
nemas' 255.255.255.0
gaeway 10.0.0.1
!he #Gateway# should mat%h the internal 4P address o" your internet-"a%ing devi%e Ain most
%ases$ your routerB( 4" this server is a%ting as a routerE"irewall and is dire%tly %onne%ted to
the internet with another ethernet port$ set the gateway to &e the same as the #address(#
!he netmas' will li'ely &e #2PP(2PP(2PP(0#$ or a E2L su&net( 2a'e sure the 4P address you
%hoose is on the same su&net as your existing networ'( !hat is$ i" your other devi%es all
operate with 4P addresses li'e 1;2(1U?(0(x$ your server will need to &e a stati% address in
this range$ :+*<=<9 it must &e esta&lished outside o" your router/s 1:>P address pool(
Use your router/s manual or online support to determine how to reserve a stati% 4P address
"or a devi%e(
-ow we will add a se%tion to the same "ile "or our other ethernet inter"a%e$ eth1( !his port
will &e dire%tly %onne%ted to our 1SLE%a&le modem and will handle all internalEexternal
re.uests "or the 4nternet3
auo eh1
iface eh1 ine saic
address 10.0.1.1
nemas' 255.255.255.248
!he #address# "ield will mat%h the external stati% 4P address provided &y your internet
servi%e provider( !he #netmas'# must re"le%t the netmas' o" the stati% 4P range you were
given( 4" this is 6ust one 4P address$ the netmas' will &e 2PP(2PP(2PP(2P2K i" you re%eived a
Su&net "rom your 4SP Ali'e E2LB$ you %an %onvert that num&er to a netmas' with this
%al%ulator(
0"ter setting these items$ you will need to toggle the inter"a%e &e"ore the new settings ta'e
e""e%t( 9un sudo ifdown eh0 then sudo ifup eh0 to %y%le the %hanges(
*1
4" your internet-"a%ing ethernet port is %onne%ting to a 1SL modem$ %he%' to see i"
you %onne%t to your 1SL server via PPPo<( 4" this is the %ase$ you will need to set up
this ethernet port to %onne%t to your modem via PPPo<( )ollow the modem/s manual
or online support page to set it in #&ridge# mode$ then "ollow the U&untu PPPo<
guide to set up the %onne%tion on your internet-"a%ing ethernet port(

%.&.& - $urther 1eading
U&untu 4nstallation Guide
U&untu Server Guide - -etwor' >on"iguration
*%
+.0. Gettin% In4 ,sin% SS8 and 92C
..@. Gettin' InB <sin' SS7 and VAC
-ow that we have our server assem&led and our +S installed$ we must ma'e sure we %an
get inside8
SS: is a proto%ol "or se%ure %ommuni%ation &etween systems( 4t %an &e used "or a wide
variety o" things$ "rom exe%uting %ommands on remote systems$ to getting a remote
terminal prompt on your lo%al %omputer$ to even running visual programs on a remote
%omputer$ &ut redire%ting them to show up on your lo%al %omputer/s s%reen A, "orwardingB(
)or the purposes o" this guide$ we will want to set up SS: and get %om"orta&le with using
the terminal remotely( 4" you are running a headless server$ this is going to &e your &est
"riend(
%.'.1 - Install )!en009
>han%es are that our U&untu Server %ame with +penSS: already installed Athat/s how
important it is8B$ &ut in the o""-%han%e it hasn/t$ "ire up your trusty-dusty pa%'age manager
and install it3
sudo ap-ge insa11 openssh-server
2ost o" the %on"iguration "or +penSS: is stored in /ec/ssh/sshd_config( !his is your
"irst stop "or any additional %on"iguration options$ su%h as denying root login or allowing
pu&li%-'ey authenti%ation(
!he great thing a&out SS: is that Ain most %asesB it wor's right out o" the &ox( )irst$ ma'e
sure the server is running3
sudo service ssh resar
-ext$ on your lo%al %omputer$ ma'e sure you have a valid SS: %lient( A!his is the pa%'age
openssh-c1ien on U&untu(B !o test your setup$ use the "ollowing %ommand with the
%orre%t in"ormation3
ssh $username@$ip-address
*$
0"ter this you will get a prompt as'ing "or your password( +n%e you enter it$ you should get
a %ommand prompt as i" you were using the terminal on your server lo%ally( =oila8 !ype
#exit# when you want to get &a%' to your lo%al %omputer/s %ommand prompt(
%.'.2 + 0ecuring 009
/o Root Logins0
4n its %urrent state$ your SS: is a%tually .uite ris'y( Unless you laugh in the "a%e o" danger$
you will want to ta'e some steps to se%ure it(
)irst$ we will prevent root SS: logins to our server( !his is a popular line o" atta%' Z people
As%riptsB hoping to "ind 6ust that one server that got lax and la7y with its %on"iguration( *e
won/t "all "or that$ o&viously(
<dit your /ec/ssh/sshd_config "ile and %hange the "ollowing line3
RermiRooLogin No
((( then restart your SS: server( 4" you need to SS: into your server and %hange
"ilesE%on"igurations that re.uire root a%%ess$ then you %an SS: in as your normal user and
use suEsudo$ 6ust li'e you would i" you were wor'ing dire%tly(
. 1ey etup
*hat "ollows is %ompletely optional &ut highly re%ommended( !here is a way to set up a
%ryptographi% 'ey %alled an ISS: 'eyJ that will allow our %omputer to handle SS:
%onne%tions without needing you to enter your password( !here are two main reasons why
people opt to use SS: 'eys3
1( Se(urity - <ven i" you have what you might %onsider to &e a IgoodJ password$ i"
somehow that password is guessed or %ompromised than there is a lot o" potential
ris'( *ith an SS: 'ey$ you %an a%tually turn o"" password logins$ meaning that people
*/
remotely won/t even get a %han%e to try to %ra%' your password( 4" they don/t have
your SS: 'ey$ then they/re out in the %old(
2( 1aziness Z Li'e 4 said$ SS: 'eys allow you to SS: to your remote ma%hine without
having to use your password( So i" you are someone who needs to SS: to your server
"re.uently$ it %an &e a pain having to enter your password every so o"ten( 2u%h
easier to let your SS: 'ey do the tal'ing "or you Z i" your %omputer %an produ%e the
right 'ey$ the server will never as' you "or a login password(
*hen you %reate an SS: 'ey$ you are %reating two "iles3 a *riate 'ey and a *ub)i( 'ey( !he
private 'ey is the a%tual "ile that is used to authenti%ate you( !he pu&li% 'ey %ontains a string
that the server %an use to %ompare with the private 'ey and veri"y i" it/s really you trying to
login( !he private 'ey is the one you do not want to lose(
!o %reate an SS: 'ey$ run the "ollowing %ommand on your ()ient ma%hine3
ssh-'eygen - rsa
!his will as' you a "ew .uestions( )irst$ go ahead and save it in the de"ault lo%ation( Se%ond$
it/s a good idea to enter a passphrase with whi%h to unlo%' your SS: 'ey( !his is intended to
provide a good last line o" de"en%e3 should your SS: 'ey somehow to "all into the wrong
hands$ they still won/t &e a&le to get into your server( A1on/t worry$ i" you set a passphrase
here$ you %an still set it to automati%ally unlo%' itsel" on your own %omputer via ssh-
agen(B
0"ter you/ve %reated your 'ey and given it a passphrase$ run the "ollowing %ommand with
the %orre%t in"ormation in pla%e to upload it to your server3
ssh-copy-id $username@$servername
!his %opies your pu&li% 'ey to an Iauthori7ed 'eysJ list$ telling your server that whi%hever
%omputer SS:es in with your private 'ey in hand %an &e trusted( !he neat thing a&out this is
that you %an put your SS: private 'ey on any %omputer you own Aeven your 0ndroid
smartphoneB and &e a&le to gain password-less a%%ess to your server(
*hen you test your SS: %onne%tion$ your %lient will automati%ally use your SS: 'ey( 4t
should only as' you "or your passphrase the "irst timeK i" not$ run the %ommand Mssh-addM
and it should &e permanently added to your Mssh-agentM(
*2
4t should go without saying that it/s very important this 'ey &e 'ept se%ure( 4 would
re%ommend storing a &a%'up on a US5 'ey that you %an hide somewhere in your home with
your personal "iles( 0nd i" you store it anywhere else on your %omputerEserver$ li'e in a
&a%'ups "older$ ma'e sure you store it in an en%rypted ar%hive Asee the %hapter on 5a%'ups
"or how to do thatB(
Use Your . 1ey 'n 'ther (e)ices
4" you wish to use your SS: 'ey on(((
(((+ther Linux ma%hines 5- 2a% +S ,3 >opy RE(sshEid[Qrsa and RE(sshEid[Qrsa(pu& to
the same "older on your other Linux %omputer( 9un Mssh-add$M then voila(
(((0 *indows %omputer AhisssssssB3 1ownload Pu!!Y( <nter your hostnameE4P in the
"irst se%tion$ then %hoose ISS:(J 4n the menu on the le"t$ %hoose SS: D 0uth( 5rowse
to the lo%ation o" your private 'ey$ %li%' +G and start the session(
(((an 0ndroid phone3 >opy your idQrsa "ile to your phone Ain a pre"era&ly se%ure
lo%ationB via your "ile trans"er method o" %hoi%e( 1ownload >onne%t5ot "rom the Play
Store and install it( +pen the app$ press 2enu and %hoose I2anage Pu&li% Geys(J
Press 2enu and %hoose I4mport$J then &rowse to the lo%ation o" the "ile and %hoose
it( -ote that when you %reate a new %onne%tion$ you %an hold down the line in the list
and %hoose <dit Server$ then expli%itly set that you wish to use the 'ey "or that
%onne%tion( !his provides the &est results(

%.'.% - Install :4C
=-> is another way to remotely gain a%%ess to your %omputer( *here SS: gets you into the
terminal$ =-> is a more dire%t approa%h( 4t resem&les the #9emote 1es'top# appli%ation on
*indows systems(
!his proto%ol is only worthwhile "or servers with graphi%al inter"a%es$ li'e the "ull version o"
U&untu( 4" you are using the U&untu Server we have &een tal'ing a&out$ you will &e &etter
o"" sti%'ing to SS:(
U&untu %omes with a &uilt-in =-> server %alled vino( 4t is ena&led &y de"ault(
*7
+n your lo%al ma%hine you will need a =-> viewer( U&untu has one &uilt-in named vinagre
that will wor' ni%ely "or our purposes( )rom the %ommand line$ enter the "ollowing with
your server/s 4P address3
vinagre 192.168.0.1
*hen it %omes to se%uring your =-> %onne%tion$ the &est way to do that is to run =-> over
an SS: tunnel and &lo%' the =-> port AP;00B on your "irewall( *e will dis%uss port &lo%'ing
and SS: tunnelling in %hapter (10(
%.'.& - $urther 1eading
+penSS: Server - U&untu Server A12(10B +""i%ial 1o%umentation
sshQ%on"ig man page
=-> - >ommunity U&untu 1o%umentation
**
+.:. 8oe 2etwor$in%4 D8C1, D2S and 2AT
..I. 7o"e Aetwor&in'B D7C8, DAS and A!T
)or those who will &e using their servers to manage their networ' Ain%luding as a "irewallB$
we will now &e setting up various servi%es allowing our internal networ' to use the 4nternet
and various other servi%es hosted &y our server(
%.;.1 - 0er6e 4etwor5 Clients 6ia D9C
)irst$ install the 1:>P server "rom the U&untu pa%'age repositories(
sudo ap-ge insa11 isc-dhcp-server
-ow$ to %on"igure it$ we will %reate several %ustomi7ed entries in /ec/dhcp/dhcpd.conf
to handle our setup(
defau1-1ease-ime 432000,
max-1ease-ime 604800,
opion rouers 192.168.0.1,
opion domain-name-servers 192.168.0.1,
opion broadcas-address 192.168.0.255,
opion subne-mas' 255.255.255.0,
opion domain-name "$home.1oca1",
subne 192.168.0.0 nemas' 255.255.255.0 {
range 192.168.0.10 192.168.0.50,
hos $myhos {
hardware eherne xx:xx:xx:xx:xx:xx,
fixed-address 192.168.0.x,
opion hos-name "$Myhos",
}
}
*<
-ow let/s wal' through these lines and "igure out what ea%h o" them does(
defau)tH)easeHti"e and "a2H)easeHti"e govern how o"ten your %omputers will
%he%' &a%' with the server to have their 4P address assignment renewed( !he "igure is
in se%onds( 4n the ma6ority o" %ases$ you %an set this to &e a somewhat long time and
there will &e no issues( 4" you set the leases to &e too short$ it may impa%t your
networ' per"orman%e( L2$000 se%onds e.uals P days(
o*tion routers and o*tionHdo"ainHna"eHserers needs to point to your server/s
stati% 4P address$ that you gave it in the Server 4nstallation %hapter(
o*tion broad(astHaddress is "or the internal networ' &road%ast address( !he last
o%tet Aset o" num&ersB should always &e 2PP( 4" your networ' is in the 1;2(1U?(1(x
range$ then %hange the 1( +therwise it should &e le"t alone(
o*tion subnetH"as& should &e le"t at its de"ault$ 2PP(2PP(2PP(0( 4" you need a
di""erent one$ it/s li'ely &e%ause you have a huge networ' with hundreds o"
%omputersK i" that/s the %ase$ then you shouldn/t &e "ollowing this guide anyway 3B
o*tion do"ainHna"e should mat%h what you %hose as your internal domain name(
4n most %ases$ #home(lo%al# will su""i%e(
subnet 1J+.1IK.0.0 net"as& +@@.+@@.+@@.0 L &egins the se%tion that outlines the
internal networ' we are now setting up( !he "irst 4P address A1;2(1U?(0(0B %om&ined
with the se%ond num&er A2PP(2PP(2PP(0B means that all o" our %lients will have 4P
addresses that &egin with 1;2(1U?(0$ 0-1 that we %an add any num&er at the end o"
that "rom 0-2PL "or networ' %lients(
ran'e 1J+.1IK.0.10 1J+.1IK.0.@0 is important$ &e%ause it tells the 1:>P %lient how
many addresses in the 1;2(1U?(0(0 &lo%' it %an %laim as its own and assign to %lients(
4ts usually a good idea to have a &it more than you need hereK as you are not li'ely to
have over 200 ma%hines on this networ'$ than you won/t &e needing to worry a&out
spa%e(
!he next nested se%tion Ahost M"yhostB is optional( 4" you want one o" your
%omputers to always re%eive the same 4P address via 1:>P$ whi%h is %onvenient "or
diagnosti% purposes and is re%ommended "or any other servers running on your
networ'( 9epla%e the hostnames listed here with what they should &e "or that
%omputer( Set the 20> address to the networ' adapter that the %omputer will
%onne%t "rom( A+n Linux-&ased systems you %an usually "ind the 20> address &y
running ip addr(B
0nd "inally$ don/t "orget to %lose out all the open se%tions you opened with #\# with a
%orresponding #]#8
*>
+n%e your %on"iguration is in order$ start the server with sudo service isc-dhcp-
server resar( Your devi%es will now &e a&le to %ommuni%ate with ea%h other on your
networ'( 5ut don/t get too ex%ited yet8 !hey still won/t &e a&le to get internet a%%ess( )or
this$ we will need to set up a gateway and -0! "orwarding with ipta&les$ then we will set our
server to handle 1-S re.uests(
%.;.2 - Gi6e Clients Internet .ccess with i!tables
!he next step is to ena&le your server as an 4nternet gateway$ so that it will share its
%onne%tion to devi%es %onne%ted to the internal networ'( !o do this$ we will &e using the
ipta&les "irewall system(
sudo ipab1es -A EORWAR -o eh0 -i eh1 -s 192.168.0.0/24 -m
connrac' --csae NEW -j ACCERT
sudo ipab1es -A EORWAR -m connrac' --csae
ESTABLISHE,RELATE -j ACCERT
sudo ipab1es - na -E ROSTROUTING
sudo ipab1es - na -A ROSTROUTING -o eh0 -j MASQUERAE
sudo ipab1es-save | sudo ee /ec/ipab1es.sav
sudo sh -c "echo 1 > /proc/sys/ne/ipv4/ip_forward"
#-o eth0# should mat%h your outside inter"a%e A%onne%ted to your modemB$ and #-i
eth1# should mat%h your inside inter"a%e$ %onne%ted to your hu& or a%%ess point(
Set your ipta&les %on"iguration to load at &oot &y editing /ec/rc.1oca1 and adding the
"ollowing line3
ipab1es-resore < /ec/ipab1es.sav
)inally$ edit /ec/sysc1.conf and un%omment the line that reads
ne.ipv4.ip_forward=1(
0nd with that$ our ipta&les %on"iguration should &e wor'ing( *e will wor' more with
ipta&les in the %hapter on "irewalling and se%urity$ (10( 0t this point your devi%es should
now &e a&le to ping 4P addresses that are on the internet$ and view internet sites via 4P
addresses( 5ut the "inal pie%e o" the pu77le %omes in handling 1-S re.uests(
<-
%.;.% - 0et U! a 8ocal D40 0er6er
4n &rie"$ 1-S is the method that the 4nternet uses to translate 4P addresses to the domain
names we are all used to typing in our &rowsers( *e 'now that every internet server has at
least one 4P address$ and this is how it %an &e #"ound# online( 0nd 1-S is what is used to
give these addresses a human-reada&le name(
+ur server will &e set up "or 1-S "or two purposes3
Ca(hin'3 )or every page re.uest made to the 4nternet "rom one o" your %omputers$
the server will 'eep a %a%he o" its lo%ation data( You may noti%e that the "irst time you
view a site$ it is o"ten slower to load than the su&se.uent times you visit it( !his is
su&se.uently due to your %omputer #see'ing# the address o" the server the "irst timeK
every time a"ter that$ it will remem&er where it went &e"ore( Setting your server to a%t
as a 1-S %a%he lo%ally should improve internal networ' per"orman%e overall(
Interna) !uthority3 !his 1-S server will 'eep tra%' o" the devi%e names on our
networ'$ and allow other devi%es to &e a&le to "ind them &y those names( So i" you
want to SS: to your %omputer in the other room$ you %an do so &y running ssh
CompuerName instead o" having to 'eep tra%' o" its 4P address at any given time
and running ssh 192.168.0.?(
!he 1-S server we will use is %alled 54-1( 4nstall it &y running sudo ap-ge insa11
bind9(
!o %on"igure 54-1 as a %a%hing nameserver$ edit /var/1ib/bind/named.conf.opions
and %hange the "ollowing lines3
forwarders {
x.x.x.x,
x.x.x.x,
},
!he x(x(x(x lines should mat%h the Primary and Se%ondary 1-S addresses given to you "rom
your 4nternet Servi%e Provider( 4" you do not have any or do not 'now what they are$ you
%an use ?(?(?(?$ whi%h "orwards to Google/s pu&li% 1-S servers(

-ow we will set up our 1-S server to a%t as our internal networ'/s authority( !his %omes via
setting up two 7one"iles( >reate a "ile named /var/1ib/bind/db.home.1oca1( A>hange
the trailing #home(lo%al# to whatever you de%ided your internal domain would &e earlier(B
<1
<nter the "ollowing in this "ile$ repla%ing the W values where appropriate <,><P! leave the
W!!L and W+94G4- as they are3
$ORIGIN .
$TTL 86400
$home.1oca1 IN SOA $myserver.home.1oca1.
$username.home.1oca1. (
2012112301 , seria1
28800 , refresh (8 hours)
14400 , rery (4 hours)
2419200 , expire (4 wee's)
86400 , minimum (1 day)
)
NS $myserver.home.1oca1.
MX 10 $myserver.home.1oca1.
$ORIGIN home.1oca1.
myserver A 192.168.0.1
1apop A 192.168.0.2
wor'saion A 192.168.0.3
phone A 192.168.0.4
xbox A 192.168.0.5
!he third line Astarting with #home(lo%al#B should "eature your internal domain( !he next &it
Amyserver(home(lo%al(B should re"le%t your server/s hostname with the internal domain and
a #(# appended to the end( !he last &it on this line Ausername(home(lo%al(B is a%tually an
administrative email address - %hange this to mat%h the email you want to use "or this "ield$
ma'ing sure there is a #(# in the pla%e o" the #X#$ and a #(# at the end o" it all(
!he -S and 2, lines should point to your server/s hostname and internal domain( !his is
used to designate the server as the internal domain/s nameserver and main mail server(
!he repeated entries &elow the se%ond W+94G4- tag are individual re%ords "or devi%es on
the networ'( !hese are %alled #host entries(# 9emem&er when$ in our 1:>P %on"iguration$
we had the opportunity to reserve spe%i"i% addresses &ased on the 20> addresses o" our
devi%es@ !hese same entries should &e repeated here$ with the a%%ompanying #0# tag in the
middle( -ow we don/t need to add entries "or every possi&le devi%e we will have on our
<%
networ' here3 in the next se%tion we will have 1:>P do this "or us( 5ut it is a good idea to
in%lude your server in this list$ as well as anything you/ve given stati% or reserved 4P
addresses(
*henever you %hange a 7one"ile$ you "ust in%rease its serial num&er( 2any people
use the date in YYYY2211 "ormat$ then a %ouple digits mar'ing the num&er o" the
%hange you/ve made(
!here are many other 'inds o" host entries you %an ma'e hereK "or in"ormation on
them see the 54-1 lin's in the )urther 9eading se%tion(

-ow "or every 1-S 7one"ile we esta&lish$ we must have a %orresponding #reverse 1-S
7one"ile(# !his is "airly simple to doK %reate a "ile %alled /var/1ib/bind/db.192 and insert
the "ollowing$ repla%ing the W values where appropriate <,><P! leave the W!!L and W+94G4-
as they are3
$ORIGIN .
$TTL 86400
0.168.192.in-addr.arpa IN SOA $myserver.home.1oca1.
$username.home.1oca1. (
2012112301 , seria1
28800 , refresh (8 hours)
14400 , rery (4 hours)
2419200 , expire (4 wee's)
86400 , minimum (1 day)
)
NS $myserver.home.1oca1.
$ORIGIN 0.168.192.in-addr.arpa.
1 RTR myserver.home.1oca1.
2 RTR 1apop.home.1oca1.
3 RTR wor'saion.home.1oca1.
4 RTR phone.home.1oca1.
5 RTR xbox.home.1oca1.
<$
!he #0# in #0(1U?(1;2(in-addr(arpa# re"ers to the third o%tet in your networ'/s 4P
su&net( 4t assumes your networ' operates on the 1;2(1U?(0(0 range( 4" it is otherwise$
update this num&er a%%ordingly(
-ow a lot o" these options are %ustomi7ed in the same way they are in the "irst 7one"ile we
made$ &ut we %an see a pretty important di""eren%e when we get down to the host re%ords(
!hey are in reverse order( !he last o%tet o" the 4P address "or ea%h devi%e Ae(g( the #1# in
#1;2(1U?(0(1#B is pla%ed "irst$ "ollowed &y the #P!9# ApointerB "lag$ then the "ully-.uali"ied
hostname with internal domain appended at the end( 9emem&er that you only need to
%reate re%ords here i" you %reated them in your "irst 7one"ile$ and you don/t need to %reate
re%ords "or every devi%e on your networ'(
!o a%tivate these 7one"iles "or use in 54-1$ edit /ec/bind/named.conf.1oca1 and add
the "ollowing lines3
zone "home.1oca1" IN {
ype maser,
fi1e "/var/1ib/bind/db.home.1oca1",
},
zone "0.168.192.in-addr.arpa" {
ype maser,
fi1e "/var/1ib/bind/db.192",
},
*hew$ are you still with me@ 1-S setups %an &e a real heada%he$ &ut i" you/ve made it this
"ar with your sanity inta%t$ then you are almost ready to reap the rewards8
Start up &ind with sudo service bind9 resar( 0t this point$ your %lients should &e
a&le to %onne%t to the 4nternet using regular ol/ domain names li'e usual( :ooray8
</
%.;.& - .llow D9C to U!date D40 ,ntries
-ow we %an not only use the 4nternet on our internal networ'$ we %an also %ommuni%ate
with our stati% serversEhosts using their proper names( 5ut what i" you want to rea%h other
devi%es &y their hostnames@ Say you have a "riend %ome over that/s &ringing his laptop$ and
you want to set up a "ileshare on it and to rea%h that share via his laptop/s hostname( )or
that$ we %an allow our 1:>P server to "et%h these names and update our networ'/s 1-S
re%ords a%%ordingly( !his is done &y providing a se%ure so%'et "or the 1-S and 1:>P servers
to %ommuni%ate on(
)irst$ %hange the owner o" your 7one"iles to let 54-1 &e a&le to edit them at will3
sudo chown bind:bind /var/1ib/bind/*
-ow we will generate a 'ey that will allow the two programs to %ommuni%ate se%urely
&etween ea%h other(
sudo ca Kdhcp_updaer.*.privae | grep Key
>opy the output or write it downK we will need it soon( +pen up
/ec/bind/named.conf.1oca1 again and add the "ollowing lines3
'ey HCR_URATER {
a1gorihm HMAC-M5.SIG-ALG.REG.INT,
Imporan: Rep1ace his 'ey wih your generaed 'ey.
A1so noe ha he 'ey shou1d be surrounded by quoes.
secre "asdasddsaasd/dsa==",
},
*hile in named.conf.1oca1$ add the "ollowing line inside the &ra%'ets "or ea%h 7one you
have de%lared there3
a11ow-updae { 'ey HCR_URATER, },
<2
So we are set up on the 1-S end$ now let/s give 1:>P the other end( <dit
/ec/dhcp/dhcpd.conf and add the "ollowing to the very top o" the "ile3
ddns-domainname "$home.1oca1.",
ddns-rev-domainname "in-addr.arpa.",
ddns-updae-sy1e inerim,
ignore c1ien-updaes,

-ext$ add the "ollowing &e"ore the #su&net# se%tion3
'ey HCR_URATER {
a1gorihm HMAC-M5.SIG-ALG.REG.INT,
Imporan: Rep1ace his 'ey wih your generaed 'ey.
A1so noe ha he 'ey shou1d be surrounded by quoes.
secre "asdasddsaasd/dsa==",
},
zone home.1oca1. {
primary 127.0.0.1,
'ey HCR_URATER,
}
zone 0.168.192.in-addr.arpa. {
primary 127.0.0.1,
'ey HCR_URATER,
}
0%%ordingly$ we will allow the 1:>P server to write to its "iles3
sudo chown dhcpd:dhcpd /ec/dhcp/dhcpd.conf

9estart the servers with sudo service bind9 resar and sudo service isc-
dhcp-server resar$ and it/s done8
<7
1on/t "orget to remove the 'ey "ile that we %reated$ Kdhcp_updaer.*(
)rom now on$ i" you want to ma'e manual %hanges to your 54-1 1-S 7one"iles$ you
will need to #"ree7e# them "irst( )ree7e it with sudo rndc freeze home.1oca1.
and then you are "ree to ma'e your edits( +n%e %ompleted$ #thaw# the 7one"ile again
&y running sudo rndc unfreeze home.1oca1. 0nd o" %ourse$ don/t "orget the
#(# at the end8

%.;.' - $urther 1eading
1:>P AU&untu 1o%umentationB
54-1 >on"iguration AU&untu 1o%umentationB
4nternet >onne%tion Sharing AU&untu 1o%umentationB
1-S 9e%ord Updates via 1:>P - Lani/s *e&log
<*
+.;. 8ost 6our .ai)4 Settin% ,/ 1ostfi< and Dove&ot
..=. 7ost Four 0"ai)B Settin' <* 8ostfi2 and Doe(ot
!here are two %omponents to the mail system we are going to &uild( !he "irst %omponent is
*ostfi2( Post"ix is what we %all a #2ail !rans"er 0gent# A2!0B( 0n 2!0 is responsi&le "or
transporting email &etween di""erent destinations( *hen you open your email appli%ation
and send an email$ that do%ument gets trans"erred "irst to your email provider/s 2!0( !he
2!0 then parses the message "or a destination address$ loo's up its server/s lo%ation on the
4nternet$ then "a%ilitates the trans"er o" the message to that server( 0n 2!0 also handles
in%oming email in the same way3 your 2!0 gets %onta%ted with a message "rom some&ody
else$ then your 2!0 delivers the message to the 2ail 1elivery 0gent(
!he 2ail 1elivery 0gent A210B is the se%ond part o" the mail system( +ur 210 is %alled
doe(ot( !he 210 handles the storage and organi7ation o" your mail on%e it is re%eived( 4t
may help to thin' o" it as su%h3 your 2!0 is your postman$ going "rom house to house and
delivering the mailK the 210 is your mail&ox itsel"(
%.<.1 - $irst 0te!s2 Install ost/i-
*e will &egin with installing our 2!0$ Post"ix(
sudo ap-ge insa11 posfix
Post"ix %omes with a handy semi-graphi%al %on"iguration tool$ whi%h we will use to start( 9un
the "ollowing3
sudo dp'g-reconfigure posfix
)ill in the "ollowing details$ whi%h will mat%h our %on"iguration(
1( %ai) serer (onfi'uration ty*eB #4nternet Site#(
2( Syste" "ai) na"eB mydomain(%om
( -oot and *ost"aster "ai) re(i*ientB leave &lan'
L( 5ther destinations to a((e*t "ai) forB 0dd mydomain(%om to the &eginning o" this
%omma-separated list(
P( For(e syn(hronous u*dates#B -o
<<
U( 1o(a) networ&sB <nter your 4P su&net that we pi%'ed in the -etwor'ing se%tion(
Y( <se *ro("ai)#3 -o
?( %ai)bo2 size )i"itB #0#
;( 1o(a) address e2tension (hara(terB Leave as de"ault(
10( Internet *roto(o)s to useB all
-ow we need a pla%e to put all that mail that/s sure to arrive( 4n this example we will use the
2aildir "ormat$ so run the "ollowing with your username in the pla%e o" Wusername3
sudo posconf -e 'home_mai1box = Mai1dir/'
expor MAIL=/home/$username/Mai1dir
sudo posfix resar
0nd with that$ we have a simple mail transport system running8 !a'e a moment to pat
yoursel" on the &a%'(
-ow we will test what we have 6ust set up( <nsure that post"ix is running with sudo
posfix saus( 4" it/s not$ run sudo posfix sar. !hen open up e1ne and open
a session to your lo%al S2!P port3
e1ne 1oca1hos 25
You/ll re%eive the "ollowing output and a prompt i" you have su%%ess"ully %onne%ted3
Trying 127.0.0.1...
Conneced o mai1.mydomain.com.
Escape characer is '^|'.
220 1oca1hos.1oca1domain ESMTR Rosfix (Ubunu)
<>
!his prompt is a little di""erent "rom the standard %ommand$ as it only understands S2!P
%ommands( 5ut not to worry - enter the "ollowing %ommands line-&y-line to send yoursel" a
test message3
eh1o 1oca1hos
mai1 from: roo@1oca1hos
rcp o: $username@1oca1hos
daa
Subjec: My Rosfix Tes
Tes Message 123
This is he body
Goodbye
.
qui
2a'e sure to put your username in the right spot( 0lso$ that line right a&ove #.uit# is indeed
6ust a period( !hat tells post"ix that our test message is %omplete and ready to &e sent(
-ow let/s see i" it wor'ed( 9un the mai1 %ommand and you should see the su&6e%t line o"
your message( Press 1 and <nter to read it( Post"ix is aliiiiiiiiiiiiiive8
4n most %ases$ mail %lients will send their outgoing mail on port 2P( !his is the port
that mail servers %ommuni%ate &etween ea%h other with to trans"er mail( :owever$
many mail %lients are set up &y de"ault to use port P?Y to send mail over Se%ure A!LSB
S2!P( 4" you/d li'e$ you %an also ena&le this port in 1ove%ot &y editing
/ec/posfix/maser.cf and un%ommenting the line that starts with
#submission(# !o re.uire logins over !LS "or this port$ un%omment the #-o
smpd_recipien_resricions# se%tion underneath #su&mission# and add
rejec_sender_1ogin_mismach to the list(

>-
%.<.2 - 0etting U! 3ail 0torage with Do6ecot
!his guide assumes that you want to run a mailserver "or personal use only( 4t will
there"ore &ase your mail a%%ount o"" o" your login a%%ount( 4" you are planning on
running a server "or others as well$ it would &e a good idea to set up virtual users$
instead o" setting up multiple users on your %omputer itsel" and potentially
%ompromising it( !o ena&le virtual users$ "ollow the steps outlined in this guide$ then
add the steps "ound here(
+n U&untu Server$ there are two "lavours o" dove%ot3 doveco-imapd and doveco-
pop3d. You %an install either or &oth i" you/d li'e( !hough the one you %hoose will depend
on whi%h email proto%ol you would li'e to use "or remote %onne%tions( P+P is the older
proto%ol$ whi%h operates &y downloading all email on a remote server to lo%al "olders and
organi7ing them &y their type( P+P then deletes the original messages "rom your server$
leaving you with the %opies and "older organi7ation on your lo%al %omputer only(
420P$ on the other hand$ is a more ro&ust system and is re%ommended "or those who
pre"er to have their mail syn%ed to multiple lo%ations A"or example$ on your laptop and on
your mo&ile phoneB( 420P syn%s your mail&ox/s "olders &etween the %lient and the server(
*henever you move an email &etween &oxes$ "or example$ 420P will syn% those %hanges to
your email server in real time( You should &e a&le to see how this is &ene"i%ial to people
who use their email on multiple devi%es3 no matter what you read or where you read it$ the
email/s status and lo%ation %an &e syn%ed a%ross all o" your devi%es(
So %hoose the versionAsB o" dove%ot you would li'e to install3
sudo ap-ge insa11 doveco-imapd
Your main dove%ot %on"iguration "ile is stored at /ec/doveco/doveco.conf( 4n some
versions o" the so"tware$ in%luding newer U&untu versions$ this "ile #in%ludes# other
%on"iguration "iles stored elsewhere$ whi%h %an &e "ound in /ec/doveco/conf.d( *e
will &e editing a variety o" "iles to get our mail storage system set up(
Let/s start with setting up our 2aildir( !his is the spot where mail is temporarily stored as
dove%ot routes it to its proper destination( >hange the mai1_direcory line in
/ec/doveco/conf.d/10-mai1.conf Aor /ec/doveco/doveco.conf to mat%h3
mai1_1ocaion = mai1dir:/home/%u/Mai1dir
>1
-ow we will set up the mail storage hierar%hy and ena&le it "or use with the "ollowing
%ommands$ again %hanging Wusername "or the appropriate value3
sudo mai1dirma'e.doveco /ec/s'e1/Mai1dir
sudo mai1dirma'e.doveco /ec/s'e1/Mai1dir/.rafs
sudo mai1dirma'e.doveco /ec/s'e1/Mai1dir/.Sen
sudo mai1dirma'e.doveco /ec/s'e1/Mai1dir/.Trash
sudo mai1dirma'e.doveco /ec/s'e1/Mai1dir/.Temp1aes
sudo cp -r /ec/s'e1/Mai1dir /home/$username
sudo chown -R $username /home/$username/Mai1dir
sudo chmod -R 700 /home/$username/Mai1dir
+n%e this is %omplete$ we are ready to start and test 1ove%ot( Start it with sudo service
doveco sar( !hen open up a telnet with e1ne 1oca1hos imap( 4" you see
something li'e this3
Trying 1oca1hos...
Conneced o 1oca1hos.
Escape characer is '^|'.
+OK doveco ready.
((( then we are ready to go to the next step8
%.<.% - 0ecuring "our 3ail 07ste#
!he importan%e o" running a sa"e and se%ure mail system %annot &e overstated( )or one$
you %ertainly don/t want your system to &e used to "orward spam o"" a%ross the internet( 4"
your system allows spam to &e relayed then it %an even "ind its way onto a &la%'list$
meaning some providers %an re"use mail "rom your email a%%ounts8 0nd we %ertainly don/t
want that( So it is very important that we se%ure our mail system( !o do this$ we will ena%t
the "ollowing poli%ies3
>%
)irst %omes our Post"ix S0SL %on"iguration( !his is the me%hanism that Post"ix uses to
se%urely authenti%ate users and servers( You will need to install the 1ibsas12-2, sas12-
bin and 1ibsas12-modu1es pa%'ages( -ow$ open up /ec/defau1/sas1auhd and
%hange the "ollowing lines3
START=yes should &e un%ommented
0dd or %hange the "ollowing lines3
RWIR="/var/spoo1/posfix/var/run/sas1auhd"
RARAMS="-m ${RWIR}"
RIEILE="${RWIR}/sas1auhd.pid"
ORTIONS="-c -m /var/spoo1/posfix/var/run/sas1auhd"
9un the "ollowing %ommands to ena&le S0SL in your post"ix %on"iguration3
sudo posconf -e 'smpd_sas1_1oca1_domain ='
sudo posconf -e 'smpd_sas1_auh_enab1e = yes'
sudo posconf -e 'smpd_sas1_securiy_opions = noanonymous'
sudo posconf -e 'bro'en_sas1_auh_c1iens = yes'
-ext$ we will set the a%%ess restri%tions "or sending mail on our server3
sudo posconf -e 'smpd_recipien_resricions =
permi_sas1_auhenicaed,permi_mynewor's,rejec_unauh_desinaion
'
sudo posconf -e 'ine_inerfaces = a11'
!his line tells Post"ix that our server will automati%ally a%%ept mail "rom authenti%ated users
Ali'e your mail %lientB$ +9 on any devi%e %onne%ted to our own networ'$ &e%ause we 'now
they %an &e trusted( )urthermore$ our server will outright re6e%t any mail sent to it that is
not addressed to our domain +9 that is sent "rom our domain(
)inally$ we will start up our S0SL authenti%ator &y running3
dp'g-saoverride --force --updae --add roo sas1 755
/var/spoo1/posfix/var/run/sas1auhd
sudo service sas1auhd sar
0t this point$ were you to run e1ne 1oca1hos 25 and pass eh1o 1oca1hos$ you
should re%eive 250-STARTTLS as one o" the responses( !hat means se%ure logins are now
availa&le "or our outgoing mail server(
>$
-ext we will set up our mail storage system A1ove%otB to allow %lients to %onne%t to it in a
se%ure way( !his will ena&le us to use en%rypted %onne%tions when we are away "rom home$
so no snoops will &e a&le to pi%' out our passwords when we %he%' our mail(
<dit the /ec/doveco/conf.d/10-ss1.conf "ile$ and %hange the "ollowing lines3
ss1 = required
ss1_cer_fi1e = /ec/ss1/cers/ss1-cer-sna'eoi1.pem
ss1_'ey_fi1e = /ec/ss1/privae/ss1-cer-sna'eoi1.'ey
4" you are planning on running an email system "or multiple people$ it may &e a good
idea to use a pur%hased SSL %erti"i%ate instead o" a sel"-signed %erti"i%ate( 4" not$ all o"
your %lients will get #Untrusted# messages &e"ore using their email$ whi%h may &e
unsettling( 4" you pur%hase these %erti"i%ates$ %hange the a&ove pointers to mat%h the
lo%ation o" the appropriate %eri"i%ate and 'ey"ile on your system( )or more
in"ormation on SSL %erti"i%ates$ %he%' out the L1P page on the su&6e%t$ or see %hapter
(? to hear them explained in the %ontext o" we& servers(
*ith this$ 1ove%ot will re.uire its %lients to authenti%ate themselves se%urely( You %an now
test your system &y opening up your mail %lient o" %hoi%e and adding your mail a%%ount(
<nter the username and password o" your user a%%ount on the server that you want to use(
Set mail(mydomain(%om as &oth your in%oming A420PB and outgoing AS2!PB mail server(
2a'e sure 420P is using port 1L$ and S2!P is using port 2P or P?Y$ whi%hever you %hose in
the Post"ix %on"iguration(

%.<.& - $urther 1eading
Post"ix 1o%umentation
1ove%ot *i'i
>/
+.=. 8ost a Website with A/a&he and 181
..K. 7ost a Website with !*a(he and 878
!*a(he is a "ree we& server daemon that will ena&le you to host a wide array o" we&sites$
"rom simple landing pages "or your %onta%t in"ormation and resum^$ to large e-%ommer%e
sites or %ontent plat"orms( !ogether with %ySD1 data&ase management$ 878 s%ripting$ and
- o" %ourse - 1inu2$ the #1!%8# sta%' is a popular starting &ase "or running a wide variety o"
we& appli%ations and plat"orms(
*e will start our we& hosts/ %on"iguration with 0pa%he( 0pa%he/s versatility is one o" its &est
assets( 4t supports a range o" modules that %an &e added on to expand its usa&ility "or
di""erent servi%es or appli%ations( -ew sites %an &e set up very easily$ with the .ui%' %reation
o" =irtual:ost "ile you %an &e up and running in se%onds( 0s a result this may &e one o" the
shortest guides on the site8
%.=.1 - Installing a!ache2
+n our U&untu server$ 0pa%he was most li'ely installed &y de"ault when we %hose to install
our L02P server( 4" "or some reason you have no "iles under MEet%Eapa%he2M$ you %an install
0pa%he &y running3
sudo ap-ge insa11 apache2
+n%e 0pa%he is installed$ ma'e sure it is running with sudo service apache2 resar(
You will &e greeted with a lovely message li'e I4t wor's8J i" you navigate your we& &rowser
to the 4P address o" your server(
0t this point you have a very &asi% we& server( 4" you 'now :!2L$ you %an %reate pages and
pla%e them in your de"ault we& dire%tory$ /var/www$ and they will show up when you
navigate to your domain name or 4P address(
!o %reate separate sites on di""erent su&domains or "or di""erent servi%es$ you %an %reate
=irtual:ost "iles to manage them( 4t will also allow you to a%tivate or dea%tivate these sites in
a modular way i" you need to do some de&ugging( =irtual:ost "iles are stored in
/ec/apache2/sies-avai1ab1e( !hey %an &e ena&led with sudo a2ensie
$siename and disa&led with sudo a2dissie $siename(
>2
!his is a sample "ormat "or a =irtual:ost "ile3
<Virua1Hos *:80>
ocumenRoo /www/examp1e1
ServerName examp1e.com
ServerA1ias www.examp1e.com
# Oher direcives here
</Virua1Hos>
Do(u"ent-oot is the physi%al lo%ation on your server that has the :!2LEP:PEwhatever
"iles to &e served( SererAa"e is one o" your domains$ &ut it %an also have a su&domain
atta%hed( )or example$ i" you wanted to host a site only to &e seen at
http3EEse%retsite(mydomain(%om$ you %ould put #se%retsite(mydomain(%om# as your
Server-ame( Serer!)ias ma'es a site availa&le on more than one domain or su&domain(
!here are plenty o" other parameters "or =irtual:ost "iles that you %an use( See an intro to
some o" them at 0pa%he/s do%umentation site(
*hile we %an now set up we&sites via 0pa%he with no pro&lem$ it/s most li'ely that you will
want to use another plat"orm to manage your %ontent$ su%h as *ordpress or 1rupal( !hese
will allow you to automati%ally add &logs$ photo galleries and other %ontent to your site via a
%lean inter"a%e and no %oding re.uired( )or those$ we will need to assem&le the next
%omponents o" our L02P sta%'(
>7
%.=.2 - .dding Databases and 9
%.%
P:P is easy to install in 0pa%he( !o do so$ run3
sudo a2enmod php
then restart 0pa%he3
sudo service apache2 resar
*ith that$ your 0pa%he server will &e a&le to parse and serve P:P "iles as normal(
My2L
-ext$ we %an get to setting up our data&ases( !here are many di""erent data&ase systems
out there$ this guide %an/t possi&ly %over them all( :owever$ 2ySHL is the data&ase system
that is most "re.uently used "or popular we& appli%ations and plat"orms( 5oth *ordpress
and 1rupal use 2ySHL( 2ySHL should have &een installed with our U&untu Server$ &ut i"
not you %an install it with3
sudo ap-ge insa11 mysq1-server
1uring the installation$ you will &e given the opportunity to set a root password "or the
2ySHL user( Set this to something se%ure &ut a%%essi&le$ as we will need it later to %on"igure
our data&ase(
phpMyAd*in
*e will now install php2y0dmin$ whi%h is a visual "ront-end to 2ySHL and will allow us to
easily set up data&ases "or our we& apps( 9un the "ollowing3
sudo ap-ge insa11 phpmyadmin
>*
4t will as' you what server to use( >hoose 0pa%he$ as that is what we are using as a we&
server(
-ext$ head to http3EEWyour-ip-addressEphpmyadmin and we will %ontinue our %on"iguration
"rom there( Log in using #root# as the username$ and the root password we %hose earlier(
You will &e greeted with a similar landing page3
)rom here you will &e a&le to add new data&ases and users as ne%essary( 4n &rie"3
!o add a new data&ase$ %li%' #1ata&ases#$ and near the top o" the s%reen you will see
a "ield to enter a name and a >reate &utton "or your new data&ase(
!o add a new user$ whi%h is re%ommended "or most apps instead o" giving them root
data&ase a%%ess$ %li%' #Privileges$# then #0dd a new User(# You will &e a&le to assign
this user a spe%i"i% data&ase( !hen you %an use this user/s name and password when
your appli%ation needs data&ase a%%ess(
><
-ow that we 'now the &asi% ins and outs o" our 2ySHL setup$ we are ready to install a we&
appli%ation "or our new server( You %an %hoose any plat"orm you li'e &ased on your needs
and what you a%tually want to do with your server( 0s an example %ase$ we will go through
the installation o" *ordPress$ a simple and easy-to-use &logging plat"orm(
%.=.% - ()!tional* Install and 1un Wordress
*ordPress$ the wildly popular and e""ortless &logging plat"orm$ is availa&le "or installation in
the U&untu repositories( :owever$ the versions that are usually %arried in distri&ution
repositories are o"ten out-o"-date &y at least a "ew versions( 4n order to have the most
se%ure and %utting-edge experien%e$ we will download the sour%e "rom *ordPress dire%tly$
then install it to our we&server(
Un7ip the install pa%'age to a "older o" your %hoosing under /var/www( 4" you want the &log
to &e at the &ase o" your we&server$ su%h as http3EEmydomain(%om with no su&domains or
su&"olders re.uired$ it is +G to un7ip the pa%'age to the &ase /var/www dire%tory(
0"ter un7ipping$ you will need to set up a 2ySHL data&ase and user that your *ordPress
installation %an use( Go to http3EEmydomain(%omEphpmyadmin$ login with your root
%redentials$ and set up a data&ase using the instru%tions "ound in (?(2( !he data&ase %an &e
named anything &ut usually 6ust #wordpress# su""i%es( 0"ter that$ set up a user Anamed
anything$ &ut #wp# seems to &e a de"aultB( !he user should have a%%ess to the new
#wordpress# data&ase(
-ow we are ready "or *ordPress/ #)amous )ive-2inute 4nstall(# 4t might even ta'e less time
than that8 +pen up your we& &rowser and go to http3EEmydomain(%omEwp-adminEinstall(php
and "ollow the on-s%reen instru%tions( 4" you installed your *ordPress "iles to a di""erent
lo%ation$ head there$ &ut ma'e sure you append /wp-admin/insa11.php to the end( 4t
%ouldn/t &e more simple to get up and running(
)rom there$ you %an %ustomi7e the themes and modules o" your *ordPress install to your
hearts/ %ontent( 4" you/d li'e more in"ormation on what you %an do with *ordPress$ head to
its we&site(
>>
%.=.& - Using 008 /or Trusted Connections
About L Certificates
!his step is also optional &ut it is highly re%ommended$ espe%ially "or any sites that will
re.uire logins or a%%ess to potentially sensitive in"ormation(
SSL is a method "or we& &rowsers to en%rypt %onne%tion data &etween the %lient Ayour
%omputerB and the sour%e Athe server you/re trying to a%%essB( SSL %an &e "ound in use all
over the we&$ nearly anywhere you need to login with something( 0ny address rea%ha&le or
shown as #:!!PS# indi%ates a site that is %ompati&le with SSL( )rom a priva%y and se%urity
standpoint$ it is a &est pra%ti%e to use SSL wherever possi&le(
Perhaps the most su&stantial &arrier to the adoption o" SSL se%urity to we&sites is the trust
relationship it re.uires o" your site( >urrently$ one %an reap the se%ure &ene"its o" SSL &y
using de"ault #SSL %erti"i%ates# that one %an generate themselves on their server( :owever$
in order to have an SSL %erti"i%ate that provides trust -- trust that your we& server is who it
says it is -- an SSL %erti"i%ate must %ome "rom an external sour%e %alled a >erti"i%ate
0uthority( ;;V o" the time$ these %erti"i%ate authorities %harge "or SSL %erti"i%ates$ o"ten an
arm and a leg( 4" you end up using a sel"-generated %erti"i%ate instead$ &rowsers will pop up
with messages li'e #Untrusted SSL >erti"i%ate# and advise that you not pro%eed( !his is
o&viously not an ideal system &ut it is the one we are stu%' with at the moment(
!he summary o" this story is that SSL is very important i" you are going to &e doing any
logging-in or ex%hanges o" sensitive in"ormation via your we& server( Sel"-generated SSL
%erti"i%ates are 6ust "ine "or personal use$ as you %an easily &ypass the Untrusted SSL
>erti"i%ate messages yoursel" and still &e a&le to use the en%ryption "eatures it provides(
:owever$ i" you plan on o""ering any servi%es whatsoever to other people$ su%h as shared
email hosting "or your organi7ation or a %loud plat"orm "or your "amily$ it is advised that you
pur%hase an SSL %erti"i%ate "or use in your we&site(
1--
%roducing a Certificate igning Re3uest
*hether you are loo'ing "or a sel"-signed %erti"iate +9 loo'ing to pur%hase one "or general
servi%e$ you will need to generate a >erti"i%ate Signing 9e.uest A>S9B( !his is a "ile that will
%ontain all the data a >erti"i%ate 0uthority needs to %reate our personali7ed %erti"i%ate( )irst$
we have to %reate a private 'ey "or our server to generate these re.uests with(
-ote that i" you already have a private 'ey on your server "or %erti"i%ate re.uests or
generation Agenerated "or Post"ix$ "or exampleB then you do not need to %reate another(
openss1 genrsa -des3 -ou server.'ey 1024
2a'e sure you save this "ile in a very sa"e lo%ation$ as you should 'eep it "or "uture
%erti"i%ate re.uests(
-ow %omes the time "or our >erti"i%ate Signing 9e.uest3
openss1 req -new -'ey server.'ey -ou server.csr
+penSSL will as' you several .uestions at this point$ whi%h should &e tailored to your
situation( !hese .uestions will in%lude3
Counry Name (2 1eer code) [GB|:
Sae or Rrovince Name (fu11 name) [Ber'shire|:
Loca1iy Name (eg, ciy) [Newbury|:
Organizaion Name (eg, company) [My Company Ld|:
Organizaiona1 Uni Name (eg, secion) [|:
Common Name (eg, your name or your server's hosname) [|:
Emai1 Address [|:
R1ease ener he fo11owing 'exra' aribues
o be sen wih your cerificae reques
A cha11enge password [|:
An opiona1 company name [|:
You will need to set the #>ommon -ame# as the "ully-.uali"ied name o" the domain you
wish to se%ure( 4" you wish to se%ure the &ase o" your we&site lo%ated at
http3EEmydomain(%om$ you %an simply enter #mydomain(%om(# :owever i" you want to
1-1
se%ure a su&domain li'e my&log(mydomain(%om$ you would need to enter
#my&log(mydomain(%om# here( You will need di""erent %erti"i%ates "or di""erent su&domains
in the ma6ority o" %ases( 4" you are o&taining a wild%ard %erti"i%ate Aand you 'now what that
isB$ you %an enter #F(mydomain(%om# here(
+n%e you/ve answered the a&ove .uestions$ your >S9 will &e generated( 0t this point$ you
%an either sel"-sign it "or your own use$ or you %an send it to a >erti"i%ate 0uthority to
pur%hase a %erti"i%ate(
'ption 4 5 Creating a elf5igned Certificate
*ith your server 'ey and >S9 in hand$ run the "ollowing to generate a %erti"i%ate( 4t/s
generally a good idea to set a time limit on them and renew them a"ter a %ertain period( !his
%ommand will set it to expire a"ter one year(
openss1 x509 -req -days 365 -in server.csr -sign'ey server.'ey
-ou server.cr
0nd that/s it8 You %an now dispose o" the >S9 "ile$ &ut 'eep the >9! and the G<Y in very sa"e
pla%es( *e will use these two "iles in our 0pa%he installation(
'ption 6 5 'btaining a Certificate fro* a Certificate Authority
!o pur%hase a valid SSL %erti"i%ate that is signed &y a >erti"i%ate 0uthority li'e !hawte$
=erisign or >omodo$ you %an go online and provide them with your generated >S9( 0 good
pla%e to do this is on -ame>heap(
>hoose the SSL %erti"i%ate that meets your needs$ then pur%hase it( You will &e "orwarded to
a page where you %an upload your >S9 "ile and input some in"ormation( 0"ter a time$ you
will re%eive instru%tions on how to re%eive your %erti"i%ate$ &ased on the type o" %erti"i%ate
you ordered and the %ompany that is providing it(
1-%
7nstalling Your Certificate in Apache
+n%e you have your 'ey and >9! "iles in hand$ you are ready to install them in 0pa%he( !his
must &e done in a spe%ial =irtual:ost "ile "or your SSL-ena&led host( >opy your de"ault host
"ile in /ec/apache2/sies-avai1ab1e$ and name it something li'e $name-ss1( See
the example &elow "or the re.uired lines3
<Virua1Hos *:443>
ocumenRoo /www/examp1e1
ServerName examp1e.com
ServerA1ias www.examp1e.com
SSLEngine On
SSLCerificaeEi1e /pah/o/cerificae/fi1e.cr
SSLCerificaeKeyEi1e /pah/o/cerificae/'eyfi1e.'ey
SSLCerificaeChainEi1e /pah/o/cerificae/chainfi1e
</Virua1Hos>
1( -ote that the port num&er is LL$ instead o" ?0 here( !his tells 0pa%he that this site
will &e provided on port LL$ the standard "or :!!PS %onne%tions(
2( SSLEngine must &e set +- in order "or 0pa%he to serve the site via :!!PS(
( SSLCerificaeEi1e and SSLCerificaeKeyEi1e are mandatory( Put the
lo%ation o" your >9! and G<Y "iles here(
L( SSLCerificaeChainEi1e is +-LY re.uired i" you were spe%i"i%ally given a
%hain"ile "rom your >erti"i%ate 0uthority( 4" you were not given one$ or you are using a
sel"-signed %erti"i%ate$ do not in%lude this line(
0lso$ don/t "orget to ena&le the 0pa%he ssl module &y running3
sudo a2enmod ss1
+n%e this is done$ ena&le any new =irtual:ost "iles you %reated via sudo a2ensie
$name-ss1 and reload your %on"iguration with sudo service apache2 re1oad( )ire up
your &rowser o" %hoi%e and head to https3EEmydomain(%om and en6oy your en%rypted
%onne%tion8
1-$
+.>. 6our 7wn C)oud"4 Fi)es, Ca)endar and Conta&ts
..J. Four 5wn C)oud$B Fi)es, Ca)endar and Conta(ts
%.>.1 - What is ownCloud?
own>loud is a "ramewor' "or personal %loud servi%es that you %an run on any server$ "or
wor' or personal use( 4n plain <nglish$ it gives you many o" the same servi%es that plat"orms
li'e Google %an provide "or you on a daily &asis( 5ut$ as with everything else in this guide$
you get the &ene"it o" assuring your own data and "ull ownership as well(
own>loud has many "eatures$ as well as a plugin system that allows even more to &e added
externally( :ere is a &rie" summary o" its %ore "un%tionality3
Fi)es H own>loud %an host your "iles "or you$ mu%h in the same way you would do
with your Google 1rives or Google 1o%s( You %an then a%%ess them on any we&-
ena&led devi%e$ anywhere around the world$ 6ust li'e your Google 1rive( !he only
di""eren%e is that you %annot -yet- edit ri%h text do%uments or spreadsheets li'e you
%an with Google 1rive( !hat &eing said$ it has &uilt-in do%ument readers Ain%luding "or
P1)B whi%h ma'es it a de%ent everyday alternative to the "ile storage "eatures o"
Google 1rive(
%usi( - You %an also host your musi% li&rary with own>loud and &e a&le to play it
"rom anywhere in the world( !his is a ma6or plus i" you have a phone or musi% devi%e
with limited storage spa%e$ and you %annot put everything you want on the devi%e at
on%e( +r$ i" you are at a "riend/s home and you want to show him some o" your new
tra%'s( own>loud/s &uilt in musi% player is "ast and easy to use(
8hotos - Just li'e you %an host your musi% and "iles$ you %an also store your photos$
eliminating the need "or external servi%es li'e )li%'r or Pi%asa( Set up galleries and
share them with others via the &uilt-in inter"a%e(
Conta(ts - +ne o" my personal "avourite "eatures o" own>loud is its %onta%t storage
system( )irst$ you %an set up and a%%ess your emailEphone %onta%ts easily "rom the
we& inter"a%e( 5ut where it really shines is its >ard10= syn%ing system( You %an set it
up to syn% with your other %omputers and devi%es whenever a %onta%t is added on
any o" them$ easily repla%ing the %onta%t syn% "eatures o" Gmail or 0pple/s i>loud(
Ca)endar - *ith the &uilt-in %alendar system you %an view your s%hedule lo%ally or
remotely( 5ut where it gets really use"ul - li'e with >onta%ts - is the syn% %apa&ility(
You %an syn% your devi%es/ %alendars with your own>loud %alendar via >al10=$ and
1-/
whenever you add or modi"y an event "rom one o" these devi%es$ all the others will
update seamlessly( !his repla%es Google >alendar or 0pple/s i>loud(
Tas&s - !his "eature isn/t as %leanly implemented as it should &e AyetB$ &ut you %an
easily 'eep tra%' o" your tas's via the own>loud/s easy-to-use we& inter"a%e(
%.>.2 - Installing ownCloud
1ownload the latest own>loud sour%e "rom its we&site here( 2a'e sure you %hoose the
most re%ent &ran%h o" %ode availa&le - at the time o" writing that is L(P(
-ote that you will need to have 0pa%he installed and %on"igured properly to use
own>loud( 1on/t s'ip that guide8 *e %over 0pa%he installation in guide (?(
1-2
<xtra%t the pa%'age to the path o" your %hoi%e( 4" this is the only we& servi%e you will use on
your server$ that path would &e /var/www/K otherwise$ you should extra%t it to
/usr/share/(
ar -xvjf ownc1oud-*.ar.bz2
cp -r ownc1oud /pah/of/your/choice
-ext$ go into that dire%tory and ma'e sure that %ertain %riti%al "iles have the %orre%t
permissions( >hange the owner o" #apps# #%on"ig# and #data# "olders$ and all o" their
%ontents$ to that o" the we&server appli%ation( !his guide will assume that you are running
0pa%he as your we&server$ li'e we esta&lished earlier in the guide$ so that user is named
www-daa(
cd /usr/share/ownc1oid
m'dir daa
chown -R www-daa:www-daa /usr/share/ownc1oud/insa11/apps
chown -R www-daa:www-daa /usr/share/ownc1oud/insa11/config
chown -R www-daa:www-daa /usr/share/ownc1oud/daa
-ext we will set up our 0pa%he =irtual:ost "ile "or this servi%e( !his guide will show how to
ma'e a %on"iguration that wor's over :!!PS$ and automati%ally redire%ts any :!!P
%onne%tions to :!!PS( >reate a new "ile in /ec/apache2/sies-avai1ab1e named
ownc1oud that resem&les something li'e this3
<Virua1Hos *:80>
ServerName subdomain.mydomain.com
ocumenRoo /usr/share/ownc1oud
RewrieEngine On
RewrieCond %{SERVER_RORT} !^443$
RewrieRu1e ^.*$ hps://%{SERVER_NAME}%{REQUEST_URI} [L,R|
</Virua1Hos>
1-7
-ow$ %reate one named ownc1oud-ss1 in the same "older$ repla%ing the SSL %erti"i%ate
lo%ation and in"ormation where ne%essary(
<Virua1Hos *:443>
ServerName remoe.jcoo'.cc
ocumenRoo /usr/share/ownc1oud
<irecory /usr/share/ownc1oud>
A11owOverride A11
</irecory>
SSLEngine On
SSLCerificaeEi1e /ec/ss1/cers/mycerificae.cr
SSLCerificaeKeyEi1e /ec/ss1/privae/myprivae'ey.'ey
</Virua1Hos>
2a'e sure you in%lude the A11owOverride A11 in thereK that will allow own>loud to set
its own %ustom parameters "or se%urity purposes(
Save these and a%tivate them in 0pa%he$ then we are ready to go8
sudo a2ensie {ownc1oud,ownc1oud-ss1}
sudo service apache2 re1oad
1-*
+pen up your &rowser and navigate to the server name that you set up earlier( You will &e
guided through an installation wi7ard that will set up a data&ase and administrative user(
)or more in"ormation a&out this$ re"er to guide %hapter (?(
1-<
+n%e own>loud is properly set up$ you will see its main s%reen whi%h is easily identi"ia&le(
>li%' the gear i%on and you will eventually "ind the 0dmin s%reen$ where you %an personali7e
more a&out your own>loud implementation(
0nd that/s it8 You %an use its intuitive inter"a%e to store and share your "iles$ set up %alendar
appointments$ and organi7e the media( :ave "un with your own personal %loud8
1->
%.>.% - 0etting u! Contacts? Calendar and $ile 07nc
0s the %onta%ts and %alendar "eatures o" own>loud are so help"ul$ this guide will also explain
how to syn%hroni7e them with your personal devi%es(
Thunderbird8 Contact and Calendar ync
!o syn%hroni7e your %onta%ts with !hunder&ird3
1( Go to your own>loud we& inter"a%e and %li%' >onta%ts( )rom there$ %li%' the small
gear logo underneath the %onta%t list(
2( >li%' #2ore(((# and sele%t #Show >ard10= Lin'# next to the address &oo' you want to
syn%( >opy the address that %omes up(
( 1ownload and install the SoG+ >onne%tor !hunder&ird Plugin in !hunder&ird(
L( +pen up !hunder&ird and %li%' #0ddress 5oo'(#
P( 4n the 0ddress 5oo'$ %li%' )ile D -ew D 9emote 0ddress 5oo'( Set the U9L as the one
that you %opied "rom own>loud( Give it a name as well( 4" you do not want %hanges
made in !hunder&ird to &e syn%ed &a%' to your own>loud server$ then %hoose #9ead
+nly(#
U( >li%' +G$ then right-%li%' the address &oo' and %hoose Syn%hroni7e( AYou may need to
%lose and re-open the address &oo' &e"ore this will wor'(B
!o syn%hroni7e your %alendar with !hunder&ird3
1( Go to your own>loud we& inter"a%e and %li%' >alendar( )rom there$ %li%' the %alendar
logo in the upper right(
2( >hoose the %alendar you want to syn%$ then %li%' #>al10= Lin'# and %opy the lin'(
( 4n !hunder&ird$ install the Lightning %alendar addon &y going to !ools D 0ddons then
sear%hing "or Lightning and installing it(
L( 9estart !hunder&ird and %li%' the >alendar i%on that appears in the upper right(
P( 9ight-%li%' in the >alendar "ield and %hoose #-ew >alendar(((#
U( 4n the window that pops up$ %hoose #+n the -etwor'# and %li%' -ext( >hoose >al10=
and pla%e the %alendar U9L you %opied "rom own>loud in the spa%e provided( >li%'
-ext(
11-
Y( >hoose a name and %olour "or your %alendar$ then %li%' -ext( Your %alendar will
automati%ally &e syn%hroni7ed(
ownCloud Client8 File ync for (es#tops
!o 'eep your own>loud "older syn%hroni7ed with a "older on your %omputer$ the easiest way
is to install the %ustom own>loud %lient "or des'top( !here are versions "or *indows$ 2a%
+S , and Linux( Go to the syn% %lients page$ download the installation pa%'age$ and "ollow
the easy-to-use wi7ard to get it set up(
Android8 Contact9 Calendar and File ync
+n 0ndroid$ you must downloadEpur%hase a %ouple o" appli%ations in order to syn% your
%onta%ts and %alendars(
)or %onta%t syn%$ download >ard10= Syn% "rom the Play Store( )rom here$ you %an add a
Syn% a%%ount "rom your Pre"eren%es appli%ation$ 6ust li'e i" you were to add a Google
a%%ount to your phone( )or %alendar syn%$ download >al10= Syn% whi%h is made &y the
same developer and %an &e %on"igured similarly(
)or "ile syn%hroni7ation$ there is the own>loud app that will ena&le %loud syn% &etween your
phone and your own>loud server( +r$ you %an use any #%loud syn%# app on the 0ndroid that
supports the *e&10= "ormat( Just go into own>loud$ %li%' Settings D Personal$ then %opy the
*e&10= lin' into the appli%ation(
%.>.& - $urther 1eading
own>loud 1o%umentation >entre
111
+.1?. Se&urity4 Firewa))in% and Threat Dete&tion
..10. Se(urityB Firewa))in' and Threat Dete(tion
%.1@.1 - u/w? the Unco#!licated $irewall
+ne o" Linux/s most %ommonly used "irewall systems is ipab1es( 4pta&les is an extremely
%ustomi7a&le and extensi&le "irewalling solution$ however it is very %ompli%ated to set up
and maintain on its own( Lu%'ily we have ufw( u"w operates &y esta&lishing %ertain rules in
its own "ront end$ then translating those rules into the many lines that ipta&les %an
understand and exe%ute(
4nstall ufw3
sudo ap-ge insa11 ufw
*e will set our "irewall to deny %onne%tions that we have not expli%itly granted &y de"ault(
!o do this$ run3
sudo ufw defau1 deny

0t this point$ we %an ena&le our "irewall with3
sudo ufw enab1e
-ow it will &e up to us to set spe%i"i% rules Aand open portsB &ased on the appsEservers we
are running( !his goes "or anything operating o"" o" this server or any other %lient on the
internal networ' that re.uires open ports(
%.1@.2 - 0etting u/w 1ules
!o allow tra""i% through our "irewall$ we will need to allow ports through it( *e %an do that
with3
sudo ufw a11ow $xxxx
!his will allow any system externally to use port #xxxx# on your server( !his may &e a good
11%
option "or setting up indis%riminate servers li'e "or email or we& hosting$ &ut what i" you
want to only o""er servi%es to your internal networ'@ )or example$ you might host a Sam&a
server to share and edit "iles on the networ'$ &ut you might not ne%essarily want this open
to the internet$ even i" it is password-prote%ted( !hen the "ollowing rule is "or you3
sudo ufw a11ow from 192.168.0.0/24 o any por $xxxx
!his allows any system on your networ' Athat has an address in the range o" 1;2(1U?(0(0B to
a%%ess port #xxxx# on your server(
-oti%e that U)* %an also re%ogni7e a %ertain num&er o" appli%ations and server names
instead o" 6ust the port num&er( You %ould run3
sudo ufw a11ow Apache
((( and U)* would open port ?0 on your server to the 4nternet( Port ?0 is the we& port that
0pa%he a%%epts %onne%tions on(
!o list your rules$ run sudo ufw saus numbered and you will get a num&ered list o"
rules that are %urrently a%tive( !o delete a rule you/ve already set up$ gra& its num&er "rom
that list and run sudo ufw de1ee $xx(

!his guide explains how to set up several di""erent servi%es that$ depending on your usage$
you may want to open up to your internal networ' or the internet( 9emem&er that the ports
have to &e open &e"ore you will &e a&le to use them8 :ere is a list o" the %ommon
appli%ations and ports you might want to allow through(
-e"ote Conne(t3 port 22 "or SS:$ port P;00 "or =->
%ai)3 port 1L "or 420P$ port 110 "or P+PK port 2P "or S2!P$ port P?Y "or S2!P
su&mission AoptionalB
Web3 port ?0 "or standard :!!P$ port LL "or SSL :!!PS$ port 0U "or 2ySHL
Aetwor& Contro))er3 ports P and ;P "or 1-S$ ports UY _ U? "or 1:>P$ port PP1
"or -0!
Fi)e Sharin'3 port 21 "or )!P$ ports 1Y-1; and LLP "or Sam&a$ port U; "or !)!P$ port
1;2 "or 0)P A0pple )ilesharing Proto%olB$ port 20L; "or -)S ALinux )ilesharingB
Windows Seri(es3 port 1; "or -et54+S$ port 1U1 "or S-2P
%edia Strea"in'3 port U?; "or 100P A0ppleEi!unesB$ ports 1;00 and P000 "or uPnP
11$
%.1@.% - 009 Tunnelling2 3aintain 0ecure .ccess through a Closed
$irewall
)or appli%ations you don/t want to allow through to the 4nternet Ai" you thin' you are going
to rarely use them away "rom home$ or i" you have signi"i%ant se%urity %on%ernsB$ &ut you
still might want to use them someday$ it/s good pra%ti%e to use them over an SS: tunnel(
You %an %reate SS: tunnels with the "ollowing "ormat$ repla%ing the values where ne%essary3
ssh -f -L $1oca1por:1oca1hos:$remoepor $remoehos -N
!he lo%al port should &e a port that is not already in use on your %lient %omputer(
1oca1hos %an &e le"t aloneK this %reates the tunnel to your %lient %omputer( remoepor
re"ers to the port "or whatever servi%e you want to tunnel through( 0nd o" %ourse
remoehos is the address o" your server on the 4nternet( So$ "or example$ i" you set up the
"ollowing(((
ssh -f -L 9876:1oca1hos:5900 server.mydomain.com -N

((( this will %reate an SS: tunnel "or 2ine%ra"t on my %omputer( Simply %onne%t 2ine%ra"t to
a server lo%ated at lo%alhost3;?YU and you %an use it via a remote %onne%tion$ as i" you were
6ust %onne%ted to the lo%al networ'(
%.1@.& - 0etting u! /ail2ban
+ur "irewall is in pla%e$ whi%h will go a long way to helping se%ure our system "rom most
atta%' attempts( :owever we will go a step "urther &y using fai12ban( )ail2&an monitors
the logs o" networ'-%apa&le appli%ations "or entry attempts and repeated "ailures$ and
promptly &ans the asso%iated 4P addresses "or a determined amount o" time( !his %an help
dissuade and eliminate the threat posed &y %ertain &ots that li'e to roam the internet$
testing many di""erent atta%' strategies at on%e to try and "ind one that sti%'s( 4t also helps
stop some 11oS attempts$ whi%h are %ommonly used to &ring down we&sites and other
servi%es(
4nstall "ail2&an with3
sudo ap-ge insa11 fai12ban
11/
2a'e a %opy o" the %on"iguration template to the one we will a%tually &e wor'ing "rom3
sudo cp /ec/fai12ban/jai1.conf /ec/fai12ban/jai1.1oca1

+pen up /ec/fai12ban/jai1.1oca1 in your text editor and modi"y the "ollowing "ields3
i'norei*3 set this to your internal networ'/s su&net Ali'e 1;2(1U?(0(0E2LB( !his will
'eep "ail2&an "rom &lo%'ing you i" you trip its %onditions while testing your servi%es(
banti"e3 Li'e it says on the tin$ this is the amount o" time the o""ending 4Ps are
&anned "or Ain se%ondsB(
"a2retry3 5y de"ault$ the amount o" "ailed attempts that should &e allowed &e"ore
an 4P is &anned(
)urther down in the "ile$ you will "ind a se%tion "or #0%tion Short%uts(# !he line "or de"ault
a%tion &egins with #a%tion$# and %an &e set here( !here are three options when triggered$
explained a&ove3 &an only$ &an and send an email with the 4P in"ormation$ or &an and send
an email with 4P 0-1 relevant log in"ormation(
!he next se%tion$ #Jails$# deals with the servi%es we want to monitor( !he entries you ma'e in
this se%tion will depend on what servi%es you have ena&led( !here are se%tions installed &y
de"ault "or ssh$ 0pa%he$ "tp$ post"ix$ et%( )or some servi%es$ there are multiple 6ails$ ea%h that
monitor "or di""erent %ir%umstan%es( )or example$ #apa%he# monitors authori7ation
attempts to your we&site$ while #apa%he-php# monitors repeated "ailures in a%%ess to P:P
"iles$ whi%h %an o"ten signi"y someone "ishing "or a way into your site/s %on"iguration( 2a'e
sure you sele%t any 6ail that you "eel you will need &ased on your setup(
!o ena&le a 6ail$ un%omment every line within it a"ter the #`xxxxa# se%tion$ then set ena&led
to e.ual #true#(
+n%e you have %ompleted the %on"iguration$ you %an start "ail2&an with sudo service
fai12ban sar( 4t will immediately &egin monitoring the sele%ted servi%es and &anning
repeat o""enders a%%ordingly(
*ith some servi%es$ errors %an %ome up inno%ently yet "re.uently( 4" you %reate a
&ro'en lin' to a P:P page on your we&site$ "or example$ and you have the apa%he-
php 6ail ena&led$ you might &e sending people to an error s%reen that %an &an them
i" they try to re"resh it too mu%h( Geep this in mind when ena&ling 6ails 0-1 when
%hoosing a &an time(
112
%.1@.' - 3ore 0ecurit7 Ti!s
SS73 2a'e sure you/ve disa&led root logins as well as password logins "or SS:$ and
are only using 'ey-&ased logins i" at all possi&le( 9emem&er to 'eep your 'eys sa"e on
your devi%es8
%ai)3 9emem&er to set your smpd_recipien_resricions in Post"ix$ and to
ma'e ss1 = required in 1ove%ot(
!*a(he9ownC)oud3 0ny we&sites set up that handle password authenti%ation or the
transmission o" even remotely-sensitive data should have :!!PS en"or%ed in the
settings(
Fi)e Sharin' and %edia Strea"in'3 Set permissions where possi&le so that only
your authori7ed networ' users have readEwrite privileges( 5lo%' servi%es li'e Sam&a$
uPnP and 0)P "rom &eing used outside your networ' &y &lo%'ing their ports at the
"irewall(
/a(&u*s3 <n%rypt any &a%'ups that are stored on your server "or an extra level o"
prote%tion(
In Genera)3 4t/s &etter to use SS: tunnels "or appli%ations you only use remotely on
an in"re.uent &asis than to leave them open and "orget a&out them8
4nstru%tions "or how to ena&le these tips %an &e "ound in their respe%tive se%tions o" this
guide(
%.1@.; - $urther 1eading
U)* Huestions and 0nswers - U&untu )orums
)ail2&an *i'i
117
+.11. #ana%in% and Streain% 6our #edia
..11. %ana'in' and Strea"in' Four %edia
%.11.1 - 0etu! $ile 0hares 6ia 0a#ba and 4$0
!he "irst step to setting up a "ile server$ whether its "or your lo%al networ' or "or remote
a%%ess$ is to de%ide upon a method "or sharing that wor's with your desired %on"iguration(
!his guide will explain three di""erent systems$ ea%h easy to set up &ut used "or di""erent
purposes( You %an set up all three$ or any %om&ination thereo"(
a*ba
Sam&a is a "ile sharing server that allows your Linux server to intera%t with *indows %lients
on your networ'( 4t also easily wor's with 2a% +S , %lients( 4" your home networ' in%ludes
any devi%es that do not run Linux$ and you want those devi%es to &e a&le to intera%t with
your "iles stored on the server$ it is usually a good idea to set up Sam&a(
0ll you need to set up Sam&a is sudo ap-ge insa11 samba( 0"ter this$ you will &e
ready to add a new share(
+pen up /ec/samba/smb.conf in your text editor and s%roll to the &ottom o" the "ile(
You will want to add a se%tion that loo's li'e this$ %hanging the "ields where appropriate3
[share|
commen = My Ei1e Server Ti1e
pah = /pah/o/my/shared/fo1der
browsab1e = yes
gues o' = yes
read on1y = no
creae mas' = 0755
11*
!he gues o' "ield a&ove will %hange i" people %an use your "ile server without logging in
with a password( !he read on1y "ield will %hange i" someone logged in to your server is
a&le to %hange the "iles at all$ or 6ust to read "rom them(
+n%e this is %omplete$ you merely need to restart your Sam&a server3
sudo service smbd resar
-ow$ to %onne%t$ open up your "ile &rowser on a %omputer %onne%ted to your networ'(
*indows3 4n the 0ddress 5ar o" your "ile &rowser$ enter \\$servername\share( 4"
you want to mount this share permanently li'e a hard drive$ right-%li%' >omputer and
%hoose #2ap -etwor' 1rive(# Put the a&ove address in as the "older$ and %hoose a
drive letter(
2a% +S ,3 4n )inder$ %li%' Go D >onne%t !o Server( 4nsert the address #sm&3EE
WservernameEshare#(
4t is not a good idea to open your Sam&a server to the world( )or sharing with others$
use )!P or a separately-installed servi%e li'e own>loud( Use a "irewall li'e u"w to
&lo%' Sam&a/s ports externally$ or to only allow it on your lo%al networ'( !he ports
used "or Sam&a are 1; and LLP(
!he easiest way to improve the se%urity o" this setup is to re.uire users to log into your
server via user a%%ounts( You %an easily do this via P02$ whi%h is the so"tware that runs your
Linux server/s user a%%ounts and logins( !o do this$ run sudo ap-ge insa11
1ibpam-smbpass( !hen go &a%' into your Sam&a %on"iguration "ile and set gues o' to
e.ual #no#( 9estart your Sam&a server with sudo service smbd resar(
*ith this$ you %an restri%t your "ile a%%ess to only users that have a%%ounts on your server(
11<
/F
-)S is a networ' "ilesharing system designed "or Linux systems( 4t is a "aster and easier
option than Sam&a i" you are only planning to use your "ileserver with Linux-&ased
%omputers(
!o install -)S$ run sudo ap-ge insa11 nfs-'erne1-server( !hen$ to add a new
share$ edit the /ec/expors "ile$ and add lines &ased on the "ollowing %on"iguration(
/pah/o/shared/fo1der *(ro,sync,no_roo_squash)
!he "irst /ro/ indi%ates i" this share should &e read-only or writa&le to %lients that %onne%t to
it( !o ma'e it writa&le$ repla%e /ro/ with /rw/( 4" you want to restri%t this share to &e availa&le
only to spe%i"i% %omputers on your networ'$ repla%e the /F/ with those %omputer hostnames$
4P addresses or 4P rangeEsu&net(
0"ter adding your shares$ start your server with sudo service nfs-'erne1-server
resar(
!o %onne%t to these systems "rom your Linux %omputer$ go to the !erminal and run sudo
moun $servername:/pah/o/shared/fo1der /pah/o/1oca1/moun( You will
need to set up a "older on the %omputer to a%t as the lo%al mount point( 0"ter this$ you %an
go to that "older path and use it$ 6ust as i" it was a lo%al "older(
2u%h li'e Sam&a$ you shouldn/t open your -)S server to the world( )or sharing with
others$ use )!P or a separately-installed servi%e li'e own>loud( Use a "irewall li'e u"w
to &lo%' the -)S ports externally$ or to only allow it on your lo%al networ'( -)S uses
port 20L; "or its %onne%tions(
%.11.2 - 0trea# 3usicAhotosA:ideo 6ia un
+n%e we have our "ile servers set up$ that/s all well and good$ &ut it does not let us
seamlessly stream our %ontent( !hat is one o" the great &ene"its o" having a server a%t as a
-0S Anetwor' atta%hed storageB devi%e3 &eing a&le to stream your media "rom various
devi%es around your home( uPnP is one o" the me%hanisms that %an &e used to a%hieve this(
11>
*ith it$ you %an seamlessly stream your musi%$ photos or video with di""erent plat"orms(
!his guide will use a simple uPnP server %alled minidlna( 4t %an stream to uPnP or 1L-0
%ompati&le %lients(
4nstall minidlna with sudo ap-ge insa11 minid1na( >on"iguration %an &e ad6usted
&y editing the "ile /ec/minid1na.conf( !he important lines to %hange &ased on your
%on"iguration are as "ollows3
1( networ&Ninterfa(e - 4" you have multiple networ' inter"a%es on your devi%e$ ma'e
sure they are listed here( +r$ only list the networ' inter"a%es you want to serve( 4" you
have one dedi%ated to the internal networ' and one "a%ing your modem$ you %an
easily prevent external a%%ess this way(
2( "ediaNdir - !his will point your minidlna server to the "olders %ontaining the media
you want to serve( 0n example3 MmediaQdirO0$EhomeEuserEmusi%M will set minidlna to
share the /a/udio listed in these "olders( = is used "or video and P is used "or photos(
You %an simply put MmediaQdirOEhomeEuserE"olderM i" you have one "older with
multiple types o" media to stream(
( friend)yNna"e - !he name o" your server that will &e &road%ast to %lients(
L( a)bu"NartNna"es - 4" you have a spe%i"i% naming %onvention "or the al&um art in
your musi% li&rary$ li'e #>over(6pg#$ put it here( minidlna will set these "iles apart and
use them "or al&um %overs in the li&rary view(
*ith this$ start your minidlna instan%e with3
sudo service minid1na resar
((( then %onne%t with your %lient o" %hoi%e$ and en6oy the streaming experien%e8
9emem&er to &lo%' the uPnP port to the outside world via your "irewall i" you don/t
want anyone and everyone to have a%%ess to your media %olle%tion8 uPnP uses ports
1;00 and 2?U;(
1%-
%.11.% - 0trea# to 7our .!!le De6ices with D..
4" you have an a&undan%e o" 0pple devi%es in your home$ or are 6ust atta%hed to your i!unes
li&rary more than anything else$ you %an use 100P streaming instead o" Aor in addition toB
uPnP( !he 100P setup is very similar to that o" uPnP$ &ut it will instead allow you to stream
dire%tly to i!unes using its #:ome Sharing# "un%tionality( !here are also 100P %lients "or
*indows$ Linux and 0ndroid(
*e will install a 100P server %alled "or'ed-daapd( 9un sudo ap-ge insa11 for'ed-
daapd( !o %on"igure$ we will edit the "ile /ec/for'ed-daapd.conf( You will need to set
the /dire%tories/ line to mat%h the path to your musi% "older( You also may want to %hange
the /name/ line to mat%h what you want to show to your %lients(
0"ter this$ restart the server &y running sudo service for'ed-daapd resar( !hen
"ire up i!unes$ ena&le :ome Sharing$ and your server will show up in the side&ar8
9emem&er to &lo%' the 100P port to the outside world via your "irewall i" you don/t
want anyone and everyone to have a%%ess to your media %olle%tion8 100P uses port
U?; "or its %onne%tions(
%.11.& - $urther 1eading
Se%uring a Sam&a Print and )ile Server - U&untu 1o%umentation
-)S :+*!+ - U&untu >ommunity 1o%umentation
minidlna - U&untu >ommunity 1o%umentation
:ow to set up "or'ed-daapd - U&untu )orums
1%1
+.1'. A11.2DI34 Guide to 9irtua) #a&hines
..1+. !880ADI>B Guide to Virtua) %a(hines
%.12.1 + What are :irtual 3achines?
0 virtual ma%hine is a simulation o" an operating system that %an run within a di""erent
operating environment( 9ather than only &ooting an operating system natively$ li'e we do
every time we start up our %omputers$ virtual ma%hines ma'e it possi&le to run di""erent
operating systems and supported appli%ations natively "rom your %omputer(
:ere are a "ew use %ases "or using a =irtual 2a%hine3
Fou wor& freOuent)y on a**)i(ations that reOuire Windows. !here are many
spe%ial or proprietary apps that are only availa&le on *indows "or spe%i"i% lines o"
wor'( You %an install Linux as the prin%ipal operating system and run *indows via a
virtual ma%hine whenever you need to a%%ess this spe%i"i% program(
Fou hae a serer, and you want to run "u)ti*)e ty*es of serer ar(hite(tures
on the sa"e "a(hine si"u)taneous)y. )or example$ you want to operate an
instan%e o" U&untu Server to provide your email and we& hosting$ &ut you want to
use )ree-0S to provide your media hosting and "ilesharing servi%es( You %an do this
very sa"ely on one %omputer 6ust &y using virtual ma%hines(
Fou want to *ra(ti(e wor&in' in a s*e(ifi( o*eratin' syste" or 1inu2
distribution before swit(hin' oer to it entire)y. Linux distro live >1s %an &e slow$
and not ne%essarily indi%ative o" the real user experien%e( !rying out an +S or distro
in a virtual ma%hine &e"ore you swit%h your whole %omputer is a great way to see
what you might &e getting yoursel" into(
Fou are a software dee)o*er, and you need to test your *ro'ra" on a different
o*eratin' syste", or under different (onfi'urations. !here is o&viously no need
to &uy multiple %omputers to a%hieve this$ when you %an simply install the +S via a
virtual ma%hine( You %an also use spe%i"i%ally old operating system images to test how
your so"tware rea%ts to these environments(
4n order to use a virtual ma%hine$ your %omputer or server must have ade.uate pro%essing
power( 4t is advised that your %omputer have a UL-&it pro%essor$ with at least two %ores(
4ntel pro%essors %an "eature =!-x te%hnology$ whi%h is highly re%ommended "or running
virtual ma%hines(
1%%
%.12.2 + Install :irtualBo- and 0et U! a :3
!hese instru%tions are "or +ra%le =irtual5ox$ an appli%ation that manages and runs virtual
ma%hines( 4t will show how to run =irtual5ox via %ommand-line A"or U&untu ServerB and
graphi%al inter"a%e(
4" your pro%essor has spe%ial virtuali7ation %apa&ility Are.uired "or UL-&it =2sB$ li'e 4ntel =!-
x$ you will need to ena&le this in your 54+SEU<)4 %on"iguration "irst( Loo' through your
mother&oard/s manual "or instru%tions on how to do this(
!o install =irtual5ox$ run sudo ap-ge insa11 d'ms virua1box( !his will install
=irtual5ox and the system to 'eep its re.uired 'ernel modules up to date(
-ia Ubuntu (es#top
Go to the side&ar and laun%h =irtual5ox "rom the Sear%h menu( You are presented with the
main s%reen(
1%$
)rom here$ you %an see a list o" your virtual ma%hines in the le"t-hand side &ar$ as well as the
%ontrols "or your =2s right a&ove that(
!o %reate a new virtual ma%hine$ %li%' -ew$ whi%h will &ring up the wi7ard( 4t will as' you to
give a name to your virtual ma%hine$ to %hoose the operating system type and the version o"
your operating system(
2a'e sure that$ i" you wish to run a UL-&it operating system$ you %hoose the UL-&it version
o" your +S displayed here(
!he next s%reen will allow you to %hoose the memory si7e o" your virtual ma%hine( )or most
Linux-&ased =2s$ P1225 will su""i%e( )or *indows-&ased =2s it may &e a good idea to use
102L25( !his will o" %ourse depend on how mu%h 902 your system has to &egin with(
1%/
-ow you %an set the virtual hard drive spa%e that your virtual ma%hine will run "rom( !his
will %reate a "ile that a%ts as a %ontainer "or everything held in your virtual ma%hine( >li%'
#>reate# and %hoose #=14 A=irtual5ox 1is' 4mageB(# !he next s%reen will allow you to %hoose
a dynami%ally-allo%ated image or a "ixed-si7e image( 1ynami%ally-allo%ated images are a
good option$ &e%ause you %an set a maximum theoreti%al si7e "or the image without a%tually
ta'ing up all o" that dis' spa%e until your =2 a%tually does so( 4" you %hoose "ixed-si7e$ a
P0G5 dis' image A"or exampleB would instantly ta'e up P0G5 o" spa%e on your dis'$
regardless i" the =2 is a%tually using that mu%h spa%e or not(
!he next s%reen will allow you to set the si7e o" your virtual dis'( You o&viously must set a
si7e that will "it on your physi%al hard drive( Linux distri&utions Aespe%ially ones that do not
host media "ilesB do not re.uire mu%h spa%e to operateK they will do "ine with a range o" 10
to 20G5( Larger operating systems li'e *indows will re.uire a minimum o" at least 2P to
P0G5 to operate(
+n%e you %li%' #>reate$# your new =2 will show up in the list( *hen you are ready$ %li%'
#Start# a&ove the list to &egin the pro%ess o" installing your operating system( 0 s%reen will
%ome up that will allow you to %hoose an installation sour%e(
1%2
)rom here$ you %an %hoose either your >1 drive Ai" you have your +S/ installation dis%
loadedB$ or an 4S+ "ile to install "rom a downloaded install image( !hen you %an "ollow the
normal installation pro%ess "or your %hosen operating system(
1%7
-ia Ubuntu er)er +Ad)anced,
You %an set up a new virtual ma%hine in =irtual5ox using the %ommand line( :ere is an
example %ommand and its important "eatures3
VBoxManage creaevm --name "Ubunu 11.04 Server" --regiser
!his %reates our virtual ma%hine$ named #U&untu 11(0L Server$# and registers it with
=irtual5ox(
VBoxManage modifyvm "Ubunu 11.04 Server" --memory 512 --acpi on
--boo1 dvd --nic1 bridged --bridgeadaper1 eh0
!his sets our =2 up with P1225 o" 902 spa%e$ ena&les 0>P4 support$ sets the ma%hine to
loo' "or a 1=1 to &oot "rom "irst &e"ore anything else$ and sets up a networ' inter"a%e that
&ridges to our own$ so that we %an use the 4nternet "rom our virtual ma%hine( 4" you are
using a wireless networ' %ard instead o" an ethernet %ard$ ma'e sure you %hange Meth0M to
Mwlan0M(
VBoxManage creaehd --fi1ename Ubunu_11_04_Server.vdi --size 10000
!his %reates a virtual hard drive "ile named #U&untuQ11Q0LQServer(vdi#$ with a si7e o" 10$000
25 Aor ;(YYG5B(
VBoxManage soragec1 "Ubunu 11.04 Server" --name "SATA Conro11er"
--add saa
!his sets up a virtual S0!0 %ontroller to %onne%t our virtual hard drive(
VBoxManage sorageaach "Ubunu 11.04 Server" --soragec1 "SATA
Conro11er" --por 0 --device 0 --ype hdd --medium
Ubunu_11_04_Server.vdi
!his a%tually %onne%ts our virtual hard drive to our new virtual ma%hine(
VBoxManage sorageaach "Ubunu 11.04 Server" --soragec1 "SATA
Conro11er" --por 1 --device 0 --ype dvddrive --medium
/home/ubunu-11.04-server-amd64.iso
0nd "inally$ this %onne%ts a downloaded 4S+ install image on our hard drive$ lo%ated at
MEhomeEu&untu-11(0L-server-amdUL(isoM$ to our virtual ma%hine$ so that it will &oot "rom it
and install the operating system(
1%*
4n order to run virtual ma%hines #headlessly# - that is$ without a dire%t monitor %onne%tion
or a window environment so we %an a%tually see it$ we must ena&le a "ew extra "eatures in
=irtual5ox( )irst$ download the =irtual5ox extension pa%' that %orresponds to the version o"
=irtual5ox that you are running( -ext$ install it in =irtual5ox &y running sudo VBoxManage
expac' insa11 Orac1e_VM_Virua1Box_Exension_Rac'-*.vbox-expac'
"rom the "older you downloaded it to( )inally$ run sudo adduser $username
vboxusers with the appropriate username to give our user the a&ility to run the =2 with
these new "eatures(
!o a%tually run our virtual ma%hine and &egin the installation pro%ess$ run VBoxHead1ess
--sarvm "Ubunu 11.04 Server"( !hen$ on a remote ma%hine$ %onne%t to your
server via 91P( You should &e a&le to view the live %ontents o" your virtual ma%hine as it is
running(
*hen you are done using your virtual ma%hine$ you should shut down the operating system
it is running$ 6ust li'e you would a normal %omputer( 4" you need to 'ill it without a normal
shutdown$ run VBoxManage conro1vm "Ubunu 11.04 Server" poweroff(
%.12.% - $urther 1eading
=irtual5ox - 9emote =irtual 2a%hines
1%<
+.1+. A11.2DI34 Guide to Free2AS
..1.. !880ADI>B Guide to FreeA!S
%.1%.1 + What is $ree4.0?
)ree-0S is a version o" the 5S1 operating system that in%ludes &uilt-in and dedi%ated tools
"or operating "ile storage and media servi%es( 4t is an ex%ellent %hoi%e "or those who wish to
maximi7e their a&ility to oversee and %ontrol their media server$ and retain a very easy-to-
use and easy-to-setup inter"a%e(
)ree-0S is not 6ust server so"tware$ li'e most other tools explained in this guide( 4t is a
separate operating system( 0s su%h$ it is designed to run on a dedi%ated -0S Anetwor'-
atta%hed storageB system or virtual ma%hine( 0 -0S is used primarily to store a large amount
o" "iles or media at on%e$ and to host high-%apa%ity hard drives "or this(
+"tentimes it is &etter to run your server under )ree-0S Aor run a virtual ma%hine with itB i"
you are planning on providing a de%ent amount o" "ilesharing or media streaming servi%es(
4t is also a good option i" you will &e using one server$ &ut want to in%lude su""i%ient %ontrols
over your media servi%es and only will &e running them on an internal networ'( 5y running
)ree-0S on a virtual ma%hine separate "rom your other we& server so"tware$ you %an
ensure that external sour%es will not have the same a%%ess to this ma%hine as your we&
server(
%.1%.2 + Installing $ree4.0
)ree-0S is installed mu%h li'e any other Linux-li'e operating system( 1ownload the "ull
version 4S+ image "rom the "ront page o" the )ree-0S we&site$ depending on your
ar%hite%ture( 0"ter it is downloaded$ you %an then &urn it to a dis% and &oot your server
"rom it to &egin the installation pro%ess( 4" you want to run )ree-0S in a virtual ma%hine$
you %an start your 4S+ with =irtual5ox dire%tly to install A%he%' out %hapter (12 "or more
in"ormation on virtual ma%hinesB(
1%>
+n%e you &oot "rom the >1Eimage$ you are greeted with the lovely text-&ased installer( !he
instru%tions here will wal' you through %hoosing the right dis' partition( 4nstalling )ree-0S
is super easy$ it/s nearly a one-%li%' installation( +n%e it is "ully installed$ it will let you 'now
that it %an re&oot(
1$-
0"ter the re&oot$ you are sent to its main menu(
>hoose menu option 1 to give )ree-0S a %ustom 4P address$ or %hange the networ'
inter"a%e it uses &y de"ault( )ree-0S will automati%ally try to autodete%t your networ'
settings and to re%eive an 4P address via 1:>P i" you do not give it %ustom settings(
2enu options 2-U are used "or those who have advan%ed networ' %on"igurations and
that need to supply lin'$ routing or 1-S in"ormation manually(
2enu option Y is used to reset the username or password used to log into the
*e&GU4( !he *e&GU4 is the main way to addEremove shares and %hange settings "or
)ree-0S(
2enu option ? is used to reset your )ree-0S setup to its "a%tory de"aultsK that is$ to
remove all o" your %ustom %on"iguration(
2enu option ; will &ring you to a 5S1 %ommand prompt$ "or advan%ed users only(
0nd "inally$ options 10 and 11 will re&oot or shutdown your )ree-0S system(
1$1
-ote that i" your networ' assigns 4P addresses via 1:>P$ you will need to designate a
stati% 4P address "or your )ree-0S implementation( You %an read more a&out how to
do this in %hapter (U( +therwise$ your )ree-0S distri&ution is running as long as it is
at this s%reen(
!o &egin setting up your "ileshares and %ontinue the %on"iguration$ "ire up your we& &rowser
o" %hoi%e and navigate to the U9L that was listed on the s%reen( !his will ta'e you to the
)ree-0S *e&GU4(
0"ter you log in$ this is the "irst s%reen you are greeted with$ showing your &asi% system
in"ormation( 2enu options are listed along the le"t side and on the upper menu &ar( You
%an %ustomi7e various details a&out your admin a%%ount and set up users to %onne%t to your
-0S under the #0%%ount# su&menu( Under #System# you %an %on"igure your )ree-0S/ details
li'e time 7one$ email used "or noti"i%ations$ and other things( !he #-etwor'# su&menu will
1$%
allow you to ma'e any %hanges to your networ' %onne%tion and inter"a%es that you didn/t
ma'e in the text-&ased menu earlier(
!he next option$ #Storage$# will allow you to set up hard drive spa%e to store the "iles and
media that you want to serve with )ree-0S( !o &egin$ %li%' Storage D =olumes(
4" you want to use an existing partition on your hard drive$ %li%' #4mport =olume(# Set
the name o" the volume$ then %hoose the dis'Epartition you want to use( !hen sele%t
its "ilesystem type( -ote that )ree-0S only supports "ilesystems o" the U)S$ -!)S
A*indowsB$ 2S1+S)S Aold *indowsB or ext2"s Aolder LinuxB types(
4" you want to %reate a new virtual hard drive to &e stored on the dis'$ %li%' =olume
2anager( >hoose a name "or your new volumeK it doesn/t have to &e very des%riptive(
#-0S# wor's 6ust "ine( !hen %hoose #T)S#( >hoose whether or not you wish to use "ull-
dis' en%ryption$ though this is not re%ommended "or large "ile or media servers( 4"
you have more than one dis' sele%ted$ you %an set )ree-0S to mirror or stripe them
using 9041 Ai" you are not sure what 9041 is$ then %li%' hereB(
+n%e your volume is set up$ you are "ree to set up the sharing servi%es you want to run on
your )ree-0S server(
%.1%.% + Using $ree4.0 0er6ices
)ree-0S supports a wide range o" servi%es to extend your server/s use( *e will &egin with
setting up two &asi% servi%es3 -)S "ile shares "or Linux-&ased %omputers$ and >4)SESam&a
"ile shares "or *indows-&ased %omputers( -ote that you %an also use Sam&a "ile sharing on
0pple-&ased hardware$ and it is mu%h &etter than 0pple/s proprietary 0)P servi%e(
1$$
/F
!o set up -)S "ile shares on your )ree-0S &ox$ %li%' Sharing D Unix A-)SB Shares$ then %li%'
0dd Unix A-)SB Share(
1( 0dd a #%omment# that %an identi"y your share on some systems(
2( >hoose the path "or your share on the lo%al drive( !his should mat%h the mount
point path that you %reated during the Storage step a&ove(
( 4" you want to limit the share to only &e a%%essi&le to a %ertain 4P address or range$
enter it here(
L( 4" you want to ma'e your share read-only to all users$ %he%' the #9ead +nly# &ox(
1$/
+therwise$ permissions will de"ault to the Unix "ile permissions that your "iles have
on the server(
P( Set any o" the other advan%ed permissions i" need &e$ then %li%' #+G# when done to
%reate your new share(
!o a%tivate your newly-%reated share$ %li%' Servi%es D >ontrol Servi%es$ then toggle the +n
swit%h next to -)S( !o %onne%t to your -)S share on a Linux-&ased %omputer$ run the
"ollowing %ommand with the appropriate values( 9emem&er that you must set up a lo%al
"older to a%t as the pla%eholder when it is mounted(
sudo moun $ip-address:/pah/o/moun /pah/o/1oca1/fo1der
C7F!a*ba
!o set up >4)S "ile shares on your )ree-0S &ox$ %li%' Sharing D *indows A>4)SB Shares$ then
%li%' 0dd *indows A>4)SB Share(
1( 0dd a name andEor a #%omment# that %an identi"y your share on some systems(
2( >hoose the path "or your share on the lo%al drive( !his should mat%h the mount
point path that you %reated during the Storage step a&ove(
( 4" you want your share to &e &rowsa&le &y %lients in *indows <xplorer Awhi%h you
pro&a&ly doB$ %he%' the #5rowsa&le to -etwor' >lients# &ox(
L( 4" you want to ma'e your share availa&le to guest users$ i(e( users that do not need to
log into your server with a usernameEpassword$ %he%' #0llow Guest 0%%ess(# You %an
also %he%' #+nly 0llow Guest 0%%ess# i" you do not want people to &e a&le to log in
via a user a%%ount(
P( Set any o" the other advan%ed permissions i" need &e$ then %li%' #+G# when done to
%reate your new share(
!o a%tivate your newly-%reated share$ %li%' Servi%es D >ontrol Servi%es$ then toggle the +n
swit%h next to >4)S(
!o view the share on your *indows %omputer$ go to 2y >omputer$ then type your
%omputer/s address li'e so3 \\$ip-address/$moun-name( +r$ you %an mount the share
li'e a drive &y right-%li%'ing #2y >omputer# and %hoosing #2ap -etwor' 1rive(#
!o view the share on your 2a% %omputer$ open )inder( You should see the share show up in
1$2
the le"t-hand side o" your "inder( 4" not$ go to the menu and %li%' Go D >onne%t to Server(
!ype smb://$ip-address/$moun-name then %li%' +G(
'ther er)ices
:ere is a .ui%' rundown o" other servi%es you might "ind use"ul on your )ree-0S
implementation(
!F83 !he proprietary system used to share "iles to 2a% and i+S systems(
!(tie Dire(tory3 0llows you to use your )ree-0S server as an 01 server "or
%onne%ted *indows ma%hines(
Dyna"i( DAS3 Use this to %onne%t your )ree-0S server to a 1ynami% 1-S servi%e$
whi%h will allow an 4nternet-%onne%ted server without a stati% 4P address to always
use the same domain name(
FT83 Use your )ree-0S server as an )!P server "or the "iles it hosts(
iSCSI3 >onne%t your )ree-0S server to an iS>S4 storage host(
1D!83 >onne%t your )ree-0S server as an L10P host$ and allow it to manage your
share/s authenti%ation(
8)u'ins3 !his is an advan%ed "eature that %an allow you to use spe%ial plugins "or
other servi%es li'e uPnP$ 100P$ torrents$ et%( !he "eature is still in &eta(
-syn(3 Set up a )ree-0S share as a dedi%ated rsyn% "older "or automating "ile
syn%hroni7ation &etween Linux %lients(
SA%83 Use your )ree-0S server as an S-2P share$ "or monitoring the status o" other
networ' devi%es(
S.%.!.-.T.3 Use the S209! dis' reporting servi%e on your )ree-0S volumes to email
you when your dis's are unhealthy or need to &e %he%'ed(
SS73 0llow logins to your )ree-0S server via SS:(
TFT83 <sta&lish a !)!P share with on your )ree-0S server( !)!P is a lightweight
version o" )!P used "or minimal tas's li'e P,< networ' &oots(
<8S3 >on"igure )ree-0S to wor' with a %onne%ted UPS power supply(
%.1%.& + $urther 1eading
)ree-0S 1o%umentation
1$7

1$*
The CitizenWeb Guides + Crash Courses
?.1 /a(&u* and 0n(ry*t Four Data
&.1.1 + Bac5u!
5a%'ing up with Linux is easy( !he .ui%'est and simplest way to do it is to simply move your
data into a !09 ar%hive( !his %an &e a%%omplished with the "ollowing %ommand3
ar cvzf archivename.ar.gz EILES
!he #%v7"# is a%tually a list o" options$ whi%h means3 A%Breate an ar%hive$ print out the list o"
"iles we want to %ompress AvBer&osely$ A7Bip up the ar%hive with g7ip$ and spe%i"y our own
A"Bilename(
4" we want to &a%' up a dire%tory o" "iles$ we %an easily do that with3
ar cvzf archivename.ar.gz --direcory=/pah/o/fo1der/ .
!his will %opy the %hosen "older/s %ontents to a new ar%hive in the %urrent "older( You %an
easily use this to &a%'up individual "olders into ar%hives$ then move them to a di""erent
drive or an o""site lo%ation(
)or paranoid %ases$ you %an %hoose to &a%'up your entire system with3
ar cvzf ba'-sysem.ar.gz --direcory=/ .
9estoring "rom a &a%'up is simple3
ar xvzf archivename.ar.gz -C /pah/o/exrac/dir
2a'e sure that you set the proper lo%ation "or whatever data you want to restore(
1$<
-.1 5a&$u/ and .n&ry/t 6our Data
&.1.2 + ,ncr7!t "our Bac5u!s
4t is advisa&le that you en%rypt your &a%'ups &e"ore they leave your %omputer( !his is
espe%ially true i" you wish to use a pu&li% &a%'up storage servi%e li'e tar&a%'up(
You will need to de%ide upon a method "or en%ryption( You %an opt to enter a password
ea%h time you wish to &a%'up or restore an ar%hive$ or you %an %hoose to 'eep a password
stored in a "ile on your harddrive( !his isn/t the advisa&le option$ as it is less se%ure3 anyone
who %an get their hands on your %omputer %an potentially "ind and de%rypt your &a%'ups i"
they are stored elsewhere( :owever$ it %an &e help"ul "or automating your &a%'ups via a
&ash s%ript Amore on that in a "uture guideB(
!o en%rypt a &a%'up$ "irst %reate the !09 ar%hive as des%ri&ed a&ove( !hen use openssl to
%reate your &a%'up( 4" you are using a password3
openss1 enc -aes-256-cbc -sa1 -in archivename.ar.gz -ou
archivename.ar.gz.enc -pass pass:RASSWOR
4" you are using a password stored in a 'ey"ile3
echo RASSWOR > enc.'ey
openss1 enc -aes-256-cbc -sa1 -in archivename.ar.gz -ou
archivename.ar.gz.enc -pass fi1e:enc.'ey
0gain$ i" you are to 'eep this "ile around$ ta'e pre%autions to se%ure it8
0"ter the %ommand %ompletes$ your ar%hive "ile will &e en%rypted( 9emove the (tar(g7 "ile
and store the (tar(g7(en% "ile as you need to(
!o de%rypt the ar%hive$ run3
openss1 enc -d -aes-256-cbc -in archivename.ar.gz.enc -ou
archivename.ar.gz -pass pass:RASSWOR
4" you are de%rypting with a "ile rather than with an entered password$ su&stitute
#"ile3)4L<-02<# "or #pass3P0SS*+91#(
1$>
-.1 5a&$u/ and .n&ry/t 6our Data
&.1.% + )!tions /or 0toring Bac5u!s
5a%'ing up to !09 "iles is %onvenient &e%ause you have many di""erent storage options( 0"ter
the !09 ar%hive is %reated andEor en%rypted$ you %an simply move it to whatever storage
media you want( !his %an &e an external hard drive$ a 1=1$ another server or -0S drive$ et%(
!here are also a "ew di""erent options "or storing tar-&ased &a%'ups online these days(
!ar&a%'up(%om and !arsnap(%om are two su%h servi%es( You %an pay a low "ee to store your
en%rypted &a%'ups on their high-%apa%ity servers$ ready "or download at a moment/s noti%e(
1/-

The CitizenWeb Guides

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

The CitizenWeb Guides

Hochgeladen von

Copyright:

Verfügbare Formate

The CitizenWeb Guides

- Getting Started with Linux

Das könnte Ihnen auch gefallen