0 Bewertungen0% fanden dieses Dokument nützlich (0 Abstimmungen)
79 Ansichten140 Seiten
“What is Free Software, and Why Do I Give A Damn?” The Case for Making The Switch
The CitizenWeb Guides
- Getting Started with Linux
- Setting Up Your Personal Server
and more
Version 1.0
January 2013
“What is Free Software, and Why Do I Give A Damn?” The Case for Making The Switch
The CitizenWeb Guides
- Getting Started with Linux
- Setting Up Your Personal Server
and more
Version 1.0
January 2013
Copyright:
Attribution Non-Commercial (BY-NC)
Verfügbare Formate
Als PDF, TXT herunterladen oder online auf Scribd lesen
“What is Free Software, and Why Do I Give A Damn?” The Case for Making The Switch
The CitizenWeb Guides
- Getting Started with Linux
- Setting Up Your Personal Server
and more
Version 1.0
January 2013
Copyright:
Attribution Non-Commercial (BY-NC)
Verfügbare Formate
Als PDF, TXT herunterladen oder online auf Scribd lesen
- Setting Up Your Personal Server and more Version 1.0 January 201 The CitizenWeb Guides Table of Contents 1.1. What is Free Software, and Why Do I Give A Damn? The Case for a!in" The Swit#h..............$ 1.%. What&s Wron" With Goo"'e? Se#(rity, Safety and )i"hts on the Internet......................................* 1.$. A anifesto for a De#entra'i+ed We,...............................................................................................1- %.1. Choosin" a Distri,(tion....................................................................................................................1$ %.%. Insta''in" .,(nt(...............................................................................................................................%% %.$. Gettin" .sed to .,(nt(....................................................................................................................$1 %./. Se#(rin" We,, 0mai' and Chat A11'i#ations..................................................................................../1 %.2. A3304DI56 3o1('ar A11'i#ations...................................................................................................2* $.1. Why a 3ersona' Server?....................................................................................................................7/ $.%. 8efore 9o( 8e"in6 :1tions, Confi"(ration and ;ardware...............................................................7< $.$. Assem,'e 9o(r 3C.............................................................................................................................*/ $./. Insta''in" .,(nt( Server...................................................................................................................*2 $.2. Gettin" In6 .sin" SS; and =4C......................................................................................................</ $.7. ;ome 4etwor!in"6 D;C3, D4S and 4AT.......................................................................................<> $.*. ;ost 9o(r 0mai'6 Settin" .1 3ostfi? and Dove#ot...........................................................................>> $.<. ;ost a We,site with A1a#he and 3;3............................................................................................1-7 $.>. 9o(r :wn C'o(d6 Fi'es, Ca'endar and Conta#ts..........................................................................112 $.1-. Se#(rity6 Firewa''in" and Threat Dete#tion..................................................................................1%$ $.11. ana"in" and Streamin" 9o(r edia...........................................................................................1%< $.1%. A3304DI56 G(ide to =irt(a' a#hines.......................................................................................1$$ $.1$. A3304DI56 G(ide to Free4AS...................................................................................................12- /.1 8a#!(1 and 0n#ry1t 9o(r Data........................................................................................................12> % The CitizenWeb Guides The CitizenWeb Guides - Introduction 1.1. What is Free Software, and Why Do I Gie ! Da"n#$ The Case for %a&in' The Swit(h !he traditional de"inition o" #"ree so"tware# has varied slightly over the years$ and has multiple meanings depending on whi%h mem&er o" the %ommunity one is tal'ing to( Yes$ o"tentimes "ree so"tware %an mean so"tware that is #"ree as in &eer$# i(e( re%eiving a produ%t "or "ree and not needing to pay in order to use it( !his is de"initely a good aspe%t to most "ree so"tware$ however the more important de"inition is the one that is more widely intended when one spea's o" #"ree so"tware(# )ree as in #li&re$# that is$ so"tware that opens its sour%e %ode to pu&li% viewing and adaptation( !his is %ontrary to %losed-sour%e so"tware li'e the *indows or +S , operating systems$ whi%h do not release their sour%e %ode and there"ore %annot &e modi"ied or independently veri"ied &y mem&ers o" the general pu&li%( -ow$ most partisans o" "ree so"tware advo%ate "or its use &ased on a .uasi-moral or altruisti% argument( )ree so"tware should &e used &e%ause it puts users in %ontrol o" their own %omputers$ &e%ause it doesn/t lo%' users into so-%alled #walled gardens# that "or%e them to %hoose %ertain options$ et %etera( -ever &e"ore have we &een %on"ronted with su%h a narrowing te%hnologi%al environment -- 0pple wants to lo%' its users into using i1evi%es$ only getting so"tware "rom its %losely-wat%hed 0pp Stores$ and lo%'ed out o" any sort o" meaning"ul %on"iguration o" their own %omputers( 2i%roso"t and Google are not too "ar &ehind 0pple/s lead in this regard( !here"ore "ree so"tware represents a %lear alternative to these #un-"ree# systems o" %ontrol( !his approa%h to arguing "or "ree so"tware is all well and good$ &ut it doesn/t atta%' at the %entral pro&lem with "ree so"tware3 its per%eption as a ho&&yist operating system$ unrelia&le and only "or advan%ed use( You %an give all the moral arguments in the world$ &ut as we have seen throughout history$ these rarely ma'e deep imprints in human &ehaviour( )or the un%onvin%ed$ here is the primary reason why you should ma'e the swit%h to Linux and "ree so"tware3 be(ause in near)y eery (ase, it *roides you with the best (o"*utin' eniron"ent aai)ab)e, with the "ost features and "ost (usto"izab)e and dyna"i( interfa(e on the "ar&et today. !o all the 2a% "an&oys out there$ 4/m sorry "or ma'ing you spit out your tea and %rumpets( 5ut it/s true$ and 4/ll explain why( $ 1.1. What is Free Software, and Why Do I Give A Dan!" The Case for #a$in% The Swit&h 0s re"eren%ed earlier$ "ree so"tware opens its sour%e %ode to the general pu&li% so that anyone %an veri"y it or modi"y the program to their li'ing( 4t should &e noted that a signi"i%ant proportion o" general users would never "eel the need to do something li'e this( Just the same as how people wouldn/t want to use Linux &ased on a %on%eption o" it as a ho&&yists/ operating system( !he &ene"its are not 6ust isolated to the end user$ though3 when using "ree so"tware$ you get the assuran%e that the so"tware has most li'ely &een vetted &y prior users and developers$ to grant it greater %redi&ility( )ree so"tware that has &een downloaded dire%t "rom the developer or a se%ure repository is mu%h less li'ely to %ontain &a%' doors$ mali%ious %ode$ spyware or other nasties prevalent in proprietary so"tware( 4n addition to this$ open so"tware has a mu%h higher degree o" usa&ility &e%ause o" its openness( Say there is a "un%tionality in a pie%e o" so"tware that 6ust doesn/t ma'e sense to you$ and you wish you %ould either turn it o"" or use another program that wor's in a di""erent way( 4n *indows$ you are mu%h more li'ely to &e stu%' with 2i%roso"t/s whims$ lo%'ing you into a parti%ular so"tware suite or way o" doing things( 4" not$ then you may have to pay in order to get "ull a%%ess rights to a new appli%ation( *ith "ree so"tware$ we don/t have to worry a&out any o" that( 4" you have some programming s'ill$ you %an easily po'e around the sour%e %ode and ad6ust the "un%tionality o" your "avourite programs$ and you are "ully within your right to do so( +r$ &etter yet$ you are "ree to sur" through the repositories or online data&ases li'e Githu& in order to "ind a suita&le alternative( !his more demo%rati7ed so"tware development pro%ess &reathes healthy %ompetition into the so"tware mar'et$ whi%h %an only &ene"it the end user( -ow you may say #Linux might &e great$ &ut it simply isn/t an operating system "or daily use8# !o whi%h 4 would respond3 today/s Linux has advan%ed dramati%ally "rom what it was "i"teen$ ten$ even "ive years ago( 4t isn/t li'e that old 9ed:at &ox you played around with &a%' in the mid-;0s( 4nter"a%es "or most ma6or distri&utions li'e U&untu and Linux 2int have &een polished %onsidera&ly well( <a%h ma6or distri&ution has its pre"erred display environment$ and ea%h one loo's and per"orms 6ust as well as their proprietary %ompetitors( / 1.1. What is Free Software, and Why Do I Give A Dan!" The Case for #a$in% The Swit&h !a'e a loo' at elementary+S$ "or example$ whi%h tries to emulate 2a% +S ,/s signature visual style3 =ersus 2a% +S ,3 2 1.1. What is Free Software, and Why Do I Give A Dan!" The Case for #a$in% The Swit&h 2odern Linux distri&utions li'e elementary+S put a high priority on slee' and "un%tional user inter"a%es( )edora Linux %omes with G-+2<( Linux 2int has >innamon( U&untu has Unity whi%h$ while it is o"ten maligned &y many in the "ree so"tware %ommunity$ has &een ma'ing serious improvements in re%ent years( 0nd there are many other options to %hoose "rom$ all o" whi%h give you easy and intuitive inter"a%es without the need to muddle through the !erminal or o&s%ure %ommand swit%hes( !a'e your pi%' -- you don/t have to settle "or the godaw"ul mess that is *indows ?$ or the su""o%ating money sin' that is 2a% +S ,( )ree so"tware isn/t 6ust limited to operating systems$ either( Got a &one to pi%' with 2i%roso"t +""i%e@ !ry Li&re+""i%e( 1on/t want to give Google 0nalyti%s all o" your site visitors/ data@ >he%' out Piwi'( 0ddi%ted to iPhoto &ut don/t want to pay a 'ing/s ransom "or a new 2a%5oo'@ !a'e a loo' at Shotwell( *hy would you pay 0pple hundreds o" dollars to use !ime 2a%hine$ i!unes$ or i>loud when all o" these systems are "reely availa&le on Linux$ and are &y most a%%ounts even &etter@ *hy would you pay 2i%roso"t to lo%' you into their ridi%ulous *indows ? 2etro inter"a%e$ when you %an have a %omputer that wor's exa%tly how you want it$ with &etter per"orman%e and AusuallyB &etter sta&ility@ <ven i" there is a program that only %omes on *indows that you a&solutely CemDmustCEemD have$ these %an &e run via virtual ma%hine systems li'e =irtual5ox$ ma'ing it easier than ever to have the &est o" &oth worlds( )or nearly every proprietary so"tware plat"orm in use these days$ there is a tried and true open sour%e alternative( Some o" them are more advan%ed than others$ &ut "or general- purpose daily %omputing$ Linux and "ree so"tware provide the most advan%ed and %ustomi7a&le user experien%e availa&le -- one that is also in%reasingly sta&le and hardware- "riendly( 7 1.'. What(s Wron% With Goo%)e!" Se&urity, Safety and *i%hts on the Internet 1.+. What,s Wron' With Goo')e#$ Se(urity, Safety and -i'hts on the Internet 4 should &egin this se%tion with saying that there is nothing FinherentlyF wrong with using and improving your li"e with an internet servi%es plat"orm li'e Google( -or is there anything inherently wrong with using a *indows operating system( +r 0pple produ%ts$ "or that matter( 5illions o" people around the world use these systems everyday without negative %onse.uen%e( !heir advan%ement has provided untold a&ility to learn and improve li"e "or nearly everyone on the planet$ that mu%h is %ertain( !he pro&lem with servi%es li'e Google lie in their new"ound u&i.uity$ as well as their a&ility to store vast amounts o" data on us - in%luding details as personal as our Fphysi%al lo%ationF - with little to no external oversight( 0nd our %ontinued use o" these servi%es ena&le and a""irm su%h moves$ providing these servi%es with the 6usti"i%ation they need to %ontinue on their priva%y onslaught( Google/s su%%ess in propagating itsel" to every %orner o" our lives - with our "ull a%.uies%en%e - is the reason we should &e so determined to resist it( !he .uestions here are simple3 *hat "undamental responsi&ility do we have to our own in"ormation@ *hat are our personal details$ our meetings and writing$ our entire lives that are now ex%eedingly &eing stored and lived on the internet$ really worth to us@ *hat rights do we really have when we use pu&li%ly-availa&le servi%es with priva%y poli%ies that are do7ens o" pages long@ !his is something that only ea%h individual %an de%ide "or themselves( 5ut these .uestions are only &e%oming more pertinent( 0s an in%redi&le amount o" our lives these days is lived on the 4nternet$ it merits a very serious and so&er loo' at 6ust what we own and who we give it to "or #sa"e'eeping(# *hen there is no external oversight over an organi7ation that sa"eguards our data$ you must trust that organi7ation to always a%t in your &est interests( +n%e upon a time$ Google/s slogan was #do no evil(# !hose days are$ o" %ourse$ now long gone( Google/s .uest "or power and %onsolidation o" the internet servi%es mar'et has rea%hed a "ever pit%h( !his %losing o" the online e%osystem has given it Aand$ &y extension$ its advertisersB unpre%edented and %entrali7ed a%%ess to our personal data( !he %entrali7ation o" data on large plat"orms su%h as Google provides new and su&stantial improvements to the ease-o"-use and the ease-o"-a%%ess we experien%e in using our data( Un"ortunately there is a %orresponding improvement in %orporate and governmental a%%ess * 1.'. What(s Wron% With Goo%)e!" Se&urity, Safety and *i%hts on the Internet to the same data( -ot only do these entities have to %ut a %onsidera&le amount o" time and red-tape out o" their in"ormation gathering operations &y only having to deal with one plat"orm$ they also win &y &eing a&le to standardi7e their approa%hes against one uni"orm set o" rules and poli%ies "or this plat"orm( *hile Google has done a nota&le 6o& in providing transparen%y when it %omes to #o""i%ial# government ta'edown re.uests on its various servi%es$ one %an see that the amount o" them are growing ea%h and every year( -ot all o" them are granted Athan'"ullyB &ut this is only due to Google/s insisten%e( *hen the "inan%ial in%entive to resist no longer swings their way$ however$ one will "ind that even the most well-intentioned %ompany will %hange their tune remar'a&ly .ui%'( *hen your last line o" de"en%e "or your data is trusting in a %orporation$ whi%h has its own prerogatives and in%entives$ this de"en%e is a wea' one indeed( 2ost &elieve that i" they do not &rea' the law online$ they will not &e targeted &y governments( !he age-old slogan #4" you/ve done nothing wrong$ you have nothing to hide$# has lost any merit it may have ever had( 4n these days o" wireless surveillan%e$ we 'now that any individual %an &e %aught up in the "ray( )rom the US and UG/s monitoring o" +%%upy a%tivists to the +&ama administration/s &reathless expansion o" state surveillan%e powers$ governments around the world have ra%ed to prove that$ even i" you stand up "or a %ause you &elieve in$ pea%e"ully and well within your #rights$# you FwillF &e targeted( <ven i" you are a simple &ystander$ your personal data %an &e ri"led through with impunity( Personal in"ormation o" inno%ent people is %onstantly &eing va%uumed up and si"ted through &y the national se%urity esta&lishment( Huite simply$ #rights# on the 4nternet/s pu&li% servi%es do not exist( <ven i" you/ve #done nothing wrong$# 0-1 you don/t %are a&out government spoo's loo'ing through your daily %alendar$ it/s even more a&surd that %ompanies li'e )a%e&oo' and Google are gathering huge volumes o" advertising data on us without most people 'nowing( !his data %an &e used to %reate intri%ate pro"iles o" our daily lives$ giving %ompanies mu%h more in"ormation than we may even 'now a&out our own selves( 0n 0ustrian law student %urrently pursuing )a%e&oo' in %ourt "ound that the %ompany had more than 1$000 pages o" data on him( !his would not only in%lude his "avourite movies and drun' sel"-portraits3 intimate details o" his &rowsing history Aon )a%e&oo' or elsewhereB$ and advertising pro"iles %reated &ased on the things he/s viewed$ li'ed and su&s%ri&ed to( )a%e&oo' %reated his very own %onsumer image$ and this data gets sold to advertising groups around the world( Una%%ounta&le %orporations %an then trade in your personal data "or them to enri%h themselves at your expense( !his &rings up an even more %on"ounding "undamental .uestion3 why do we let %ompanies li'e )a%e&oo' moneti7e our universe li'e this with impunity@ 4s it right that %ompanies get to sell our intimate details without our 'nowledge "or their astronomi%al pro"it@ < 1.'. What(s Wron% With Goo%)e!" Se&urity, Safety and *i%hts on the Internet *hen it %omes to se%urity and data rights online$ things are only moving in one dire%tion( 0nd that is towards more %ontrol "or large %orporations and governments$ and less %ontrol "or individual users( 4n the &est o" %ases$ this means our private and intimate data &eing used to enri%h morally uns%rupulous %orporations( 4n the worst$ it means surveillan%e$ monitoring and snooping "or those who express an opinion the government might not endorse( !hese serious %on%erns "or sa"ety and priva%y %an only &e %ountered with a %ohesive strategy "or personal data li&eration and independen%e( !his guide aims to provide detailed instru%tions "or the %ommon user to ena%t 6ust su%h a strategy "or themselves$ while 'eeping every &it o" the %om"ort and ease-o"-use that large internet servi%es li'e Google %an provide(
I=alue your "reedom or you will lose it$ tea%hes history( /1on/t &other us with politi%s/$ respond those who don/t want to learn(J - -i(hard %. Sta))"an Further Reading #Google !ransparen%y 9eport Shows 9ising !rend o" Government Surveillan%e# - <le%troni% )reedom )oundation A<))B #*hen *ill our <mail 5etray Us@ 0n <mail Priva%y Primer in Light o" the Petraeus Saga# - <le%troni% )reedom )oundation A<))B #0%tivist 9e.uests :er )54 )ile$ Learns *hat >olor :at She *as *earing *hen She *ent to See /Lord o" the 9ings/# - !he Stranger > 1.+. A #anifesto for a De&entra)ized Web 1... ! %anifesto for a De(entra)ized Web We /01I0V0... that an indiidua),s (ontro) of their own se)es is *ara"ount. 0s our so%iety advan%es$ and as the slow merger o" te%hnology with our natural thoughts and a%tions progresses$ the individual must &e given the means assert %ontrol over their own virtual selves( that the best for" of assuran(e is *ersona) (ontro). !he &est way to 'eep the se%urity o" one/s data is to 'eep it within one/s own rea%h( that the fair ri'ht to free and o*en (o""uni(ation (annot be abrid'ed. -ever &e"ore have we lived in an era where governments and %orporations position themselves as su%h titani% gate'eepers o" %ommuni%ation( !hese gate'eepers %annot &e humanity/s intermediaries( that the se)f "ust be stren'thened so that so(iety "i'ht f)ourish. *e do not spea' o" resistan%e to %ontrol as vulgar individualists( >ohesion in so%iety and &ene"it to all$ regardless o" ra%e$ %reed$ %lass or other hierar%hy$ %annot &e attained without "ree and unthrottled %ommuni%ation( that the a"ount of data 'athered in one s*a(e is dire(t)y *ro*ortiona) to the a"ount of interest 'oern"ents and (or*orations ta&e to (ontro))in' it. 4n"ormation is the new gold$ whether it is sensitive personal data or mina&le mar'eting statisti%s( 0nywhere it is amassed$ there will &e "or%es attempting to %ontrol it( that the a"ount of data 'athered in one s*a(e is dire(t)y *ro*ortiona) to the 0!S0 with whi(h 'oern"ents and (or*orations (an (ontro) it. +ne warrant is easier to get than one hundred$ and one "inan%ially-interested %ompany is easier to intimidate than one hundred individual users( )urthermore$ the ease with whi%h governments %an dire%tly inter%ept %ommuni%ations grows when they %an %onne%t themselves dire%tly to these plat"orms( that o*en dee)o*"ent is the "ost re)iab)e way to assure so"ethin',s wor&in' order. 0s we &e%ome more and more dependent on te%hnology$ it &e%omes easier to ignore its inner wor'ings( +nly te%hnology developed a%%ording to #open sour%e# prin%iples %an &e veri"ied to "un%tion in a sa"e and se%ure manner( that the abi)ity to &ee* (o""uni(ation or data *riate fro" others is a ri'ht. *hether its &y an assured method li'e en%ryption$ or simply &y only pu&lishing in a sele%tive way$ users who have not in"ringed on the rights o" another should expe%t a 1- 1.+. A #anifesto for a De&entra)ized Web de"ault state o" priva%y( that freedo" of e2*ression (o"es fro" the assertion of natura) ri'ht, and is not 'ien free)y. >hange will not o%%ur unless it is demanded and "ought "or( )reedoms %annot &e won without a path to &e "orged( !nd we -030CT... the 'rowin' ne(essity to re)y on un(ontro))ab)e, una((ountab)e and unse(urab)e *)atfor" seri(es. !here must always &e an #o""# swit%h( !here must always &e an #opt out(# !here must always &e an option to se%ure your data "rom anyone( !his %an only &e granted via a&solute en%ryption or the de%entrali7ation o" these plat"orm servi%es( the defau)t (u)ture of (o"*)ete and un(ontro))ed e2*osure that e2ists on the Internet. *hether en"or%ed &y government will or %orporate greed$ the notion o" having to #opt in# to priva%y must &e vigorously opposed( 4n order to "ight government monitoring and %apitalist pro"iteering on our sensitive data$ the 4nternet must &e more de%entrali7ed and the monopoly o" data %ontrol must &e &ro'en( 'oern"enta) and (or*orate (ontro) oer (o""uni(ation. 0s stated &e"ore$ governments and %orporations %annot &e trusted to a%t as humanity/s intermediaries( 0ny method &y whi%h a government %an extra6udi%ially monitor %ommuni%ations must &e resisted( 0ny method &y whi%h a %orporation %an ena%t a #paywall# to 'nowledge and exploit %lass divisions in so%iety must &e resisted( (entra)ized (o""uni(ation *)atfor"s of (ontro) and oersi'ht. 0ny plat"orm that allows our %ommuni%ations to &e easily inter%epted is$ at the end o" the day$ an enemy to truly "ree expression( software and too)s that are 4()osed sour(e,4 not ha(&ab)e or not o*en for *ub)i( ins*e(tion. *hether its intended to aid %apitalist %ompetition or to serve as a weapon against others$ %losed sour%e so"tware is not a%%epta&le on an open 4nternet( the ta&in' adanta'e of a user,s te(hni(a) i'noran(e for *ersona) 'ain. !he la%' o" edu%ation regarding se%ure %ommuni%ations and en%ryption "or the %ommon user must &e re%ti"ied i" we are to see any su&stantial %hange( Proli"eration o" easy tools to ensure se%ureEprivate %ommuni%ation must &e given the highest priority( 11 1.+. A #anifesto for a De&entra)ized Web Therefore, we -0S51V0... to for(e 'oern"ents and (or*orations around the wor)d to hear our oi(e. *e re"use to play &y your rules( *e re"use to live in your walled gardens( *e re"use to give our personal lives over to you "or your pro"it( *e will %reate the 4nternet that we want$ and will %ommuni%ate how we li'e( to wor& with one another to bui)d the ne2t 'eneration of the Internet. !he te%hni%al o&sta%les to de%entrali7ation remain high( !hrough the development$ edu%ation and testing o" new so"tware and te%hnologies$ we %an &ring ourselves over this road&lo%' and help %reate a &etter world( to resist, in whateer "anner we are (a*ab)e, the (entra)ization of the Internet, and the bu)&, indis(ri"inate "onitorin' it is a((o"*anied by. *hether this &e through the general en%ryption o" our data whenever possi&le$ the "or%ed removal o" our a%%ounts "rom the large plat"orm servi%es$ or a mixture o" the two$ we will do our &est to stand in the way( 1% 1.+. A #anifesto for a De&entra)ized Web The CitizenWeb Guides 6 Gettin' Started with 1inu2 +.1. Choosin' a Distribution 2.1.1 - What do I need? >hoosing a Linux distri&ution may seem li'e a daunting tas'( 4n "a%t$ there are hundreds o" distri&utions out thereK do7ens o" them worthy %ontenders "or most %omputers( :owever the a&ility to %hoose &etween them has improved remar'a&ly in re%ent years( 0s' any Linux user #*hat distro should 4 use@# and the answer will most li'ely &e #go with what you need(# <very distri&ution has their strong points and their wea' points( !o &egin$ ma'e a list Amental or otherwiseB o" what you see' to a%%omplish with your %omptuer3 What wi)) I wor& on with this (o"*uter# 4" this is primarily to &e an internet and o""i%e wor' ma%hine$ most any distri&ution %an do that with relatively little %on"iguration( :owever more advan%ed programs will re.uire distri&utions with &etter %ode&ases and well-maintained repositories( What is "y s&i)) )ee)# !hose who are 6ust starting Linux "or the "irst time will most li'ely want to %hoose a more #simple# distri&ution( 0nd there are plenty o" them3 &uilt "or ease o" use$ %ompati&ility and %lean user environments right o"" the &at( )or those who are loo'ing "or a %hallenge$ and would li'e to %ustomi7e their system "or power and speed$ an #advan%ed# distro might &e more to their li'ing( 7ow "u(h do I want to (onfi'ure "y isua) interfa(e# Linux has no shortage o" de%ent graphi%al environments$ 'nown as #1es'top <nvironments# and #*indow 2anagers(# !he distri&ution you %hoose will largely depend on whi%h graphi%al environment suits you( 2any o" the newer$ more simple distri&utions li'e U&untu and Linux 2int$ have spe%i"i% editions depending on the environment you want to use( 4n any Linux distri&ution there is the "reedom to set your own 1<E*2K however i" one pre"ers ,)>< "or example$ they are &etter o"" downloading ,u&untu over the standard U&untu distri&ution(
1$ '.1. Choosin% a Distribution 2.1.2 - The Distros !his is &y no means an exhaustive list o" Linux distrosK only a list highlighting the most popular %hoi%es( )or a more detailed list and %omparison$ visit 1istrowat%h( !he distros here are listed &y their general ease-o"-use and ease o" installK U&untu &eing the easiest and 0r%h the most di""i%ult( !he inverse is true "or the amount o" say you have in pa%'ages installed &y de"ault3 0r%h is most %ustomi7a&le in this regard$ while U&untu is the most restri%ted( Ubuntu 1/ '.1. Choosin% a Distribution Website3 http3EEu&untu(org 8a(&a'e "ana'e"ent syste"3 aptitude Aapt-getB D0 Versions3 G-+2<EUnity Ade"aultBK other versions %ome via o""shoots Deriaties90ditions3 ,u&untu A,)><B$ Gu&untu AG1<B$ Lu&untu AL,1<B$ >run%h&ang A+pen&oxB 8ros :fro" Distrowat(h;3 )ixed release %y%le and support periodK novi%e-"riendlyK wealth o" do%umentation$ &oth o""i%ial and user-%ontri&uted Cons :fro" Distrowat(h;3 La%'s %ompati&ility with 1e&ianK "re.uent ma6or %hanges tend to drive some users away U&untu Aand its derivativesB is the most popular %hoi%e o" distri&ution "or Linux users( 4t is very easy to use$ giving users the option o" using the system without meddling with the %ommand line at any point( !his grants the user with an experien%e similar to *indows and 2a% +S ,( 4n these respe%ts$ U&untu is the #easiest# distri&ution to get into and to learn$ and is a great %hoi%e "or &eginners( *ith an emerging hold in the &usiness and server mar'et$ U&untu is seen as &eing a sta&le and %onsistent option as "ar as distri&utions are %on%erned$ with a %ompany A>anoni%al LtdB in %harge o" its development and maintenan%e( *hile re%ent releases have not .uite lived up to its own high standards it has a%hieved in the past$ U&untu remains a solid %hoi%e and a logi%al %on%lusion "or Linux &eginners( 12 '.1. Choosin% a Distribution Linux Mint Website3 http3EElinuxmint(%om 8a(&a'e "ana'e"ent syste"3 aptitude Aapt-getB D0 Versions3 >innamon Ade"aultB$ 20!<$ G1<$ ,)>< 8ros :fro" Distrowat(h;3 Super& %olle%tion o" #minty# tools developed in-house$ hundreds o" user-"riendly enhan%ements$ in%lusion o" multimedia %ode%s$ open to users/ suggestions Cons :fro" Distrowat(h;3 !he alternative #%ommunity# editions don/t always in%lude the latest "eatures$ the pro6e%t does not issue se%urity advisories Linux 2int originally &egan as a derivative o" U&untu( 4t is maintained &y a %ommunity that wanted to ta'e some "eatures o" U&untu in new dire%tions( !he most nota&le di""eren%e &etween 2int and U&untu is its readily-ena&led "reedom to %hoose one/s own graphi%al 17 '.1. Choosin% a Distribution Ades'topB environment( +ther than that$ &oth U&untu and 2int are &ased o"" o" 1e&ian$ ma'ing them %losely related systems in terms o" maintenan%e and pre"erred so"tware suites( 2int also in%ludes its own suites o" so"tware to manage spe%i"i% "un%tions$ whi%h adds to this distri&ution/s ease-o"-use( Fedora Website3 http3EE"edorapro6e%t(org 8a(&a'e "ana'e"ent syste"3 yum D0 Versions3 G-+2< Ade"aultB$ G1<$ L,1<$ ,)>< 8ros :fro" Distrowat(h;3 :ighly innovativeK outstanding se%urity "eaturesK large num&er o" supported pa%'agesK stri%t adheren%e to the "ree so"tware philosophyK availa&ility o" live >1s "eaturing many popular des'top environments 1* '.1. Choosin% a Distribution Cons :fro" Distrowat(h;3 )edora/s priorities tend to lean towards enterprise "eatures$ rather than des'top usa&ilityK some &leeding edge "eatures$ su%h as early swit%h to G1< L and G-+2< $ o%%asionally alienate some des'top users )edora is the %ommunity-run step%hild o" one o" the oldest and most well-'nown Linux distri&utions$ 9ed :at Linux( -ow that 9ed :at is only availa&le "or enterprise appli%ations$ )edora is the distri&ution that is &eing o""ered to general end users( )edora is di""erent "rom &oth U&untu and Linux 2int in that it is not &ased o"" o" 1e&ianK there"ore it uses a di""erent pa%'age management system as well as its own suite o" appli%ations and servi%es( )edora is %onsidered to &e a sta&le and mature distri&ution$ perhaps not with the same ease-o"-use that U&untu provides$ &ut is not "ar &ehind( 4t is a de%ent %hoi%e "or intermediate %omputer users$ as well as &eginners to Linux loo'ing "or more o" a %hallenge( Arch Linux 1< '.1. Choosin% a Distribution Website3 http3EEar%hlinux(org 8a(&a'e "ana'e"ent syste"3 pa%man D0 Versions3 0ny Ainstalled %ustomB 8ros :fro" Distrowat(h;3 <x%ellent so"tware management in"rastru%tureK unparalleled %ustomisation and twea'ing optionsK super& online do%umentation Cons :fro" Distrowat(h;3 +%%asional insta&ility and ris' o" &rea'down$ in"re.uent install media releases 0r%h Linux prides itsel" on its %ore philosophy3 #Geep 4t Simple$ Stupid8# 4n line with this idea$ 0r%h tries to 'eep its distri&ution as %lean and "ree o" unne%%essary %lutter as possi&le( *hile systems li'e U&untu in%lude resour%e-heavy "ront-ends li'e the Unity window manager and many appli%ation suites installed &y de"ault$ 0r%h pre"ers to let the user %hoose what they want their system to &e &y de"ault( !his way allows "or maximum %ustomi7ation and minimum time lost wor'ing with %on"li%ting or unused and &loated so"tware tools( 0r%h also di""ers "rom most other distri&utions in that it pre"ers a rolling-release styleK where other distri&utions ea%h have versions and releases o" their so"tware$ 0r%h stays on the %utting edge &y providing all updates through Mpa%manM on%e they are availa&le( !hese %hara%teristi%s admittedly ma'es 0r%h one o" the hardest Linux distri&utions to install and maintain$ as everything must &e sele%ted &y the user$ installed and maintained without the 'inds o" &lueprints that other distri&utions might o""er( :owever the 0r%h %ommunity is very "riendly$ %lose-'nit and "eatures an ama7ing *i'i "ull o" do%umentation( 0r%h is a great %hoi%e "or power-users or those loo'ing "or a serious %hallenge with maximum reward and %ustomi7ation opportunity( 1> '.'. Insta))in% ,buntu +.+. Insta))in' <buntu 2.2.1 - Downloading and Burning Ubuntu 4nstalling U&untu is a &ree7e$ made easy &y its %onvenient graphi%al installer that rivals the ease-o"-use o" either 2i%roso"t or 0pple/s operating systems( )irst$ you/ll need to download and &urn the 4S+ "ile( Go to u&untu(%om and %li%' 1ownload( >hoose #U&untu 1es'top(# >hoose the #)or the latest "eatures# option$ then pi%' the %orre%t ar%hite%ture in the #>hoose your "lavour# &ox( !hen %li%' the Get &utton( You may &e presented with a s%reen to soli%it donations3 ma'e one i" you/d li'e$ +9 s%roll to the &ottom and %hoose #-o than's(# !he "ile will download automati%ally( +n%e the download is %omplete$ you/ll need to load a &lan' dis% into your %omputer( !he next steps depend on the operating system you are using( Windows =3 1ou&le-%li%' the 4S+ "ile you downloaded to open the #*indows 1is% 4mage 5urner(# >li%' #5urn(# Windows >8 :or o)der;3 1ownload img5urn "rom http3EEwww(img&urn(%omE( +pen img5urn and %hoose #*rite image "ile to dis%# Sele%t the 4S+ you downloaded and %li%' #5urn(# %a( 5S >3 +pen the #1is% Utility# appli%ation in 0ppli%ations D Utilities( 1rag the 4S+ "ile you downloaded to the le"t-hand side&ar( Sele%t this "ile and %li%' #5urn(#
%- '.'. Insta))in% ,buntu 2.2.2 - re!are "our Co#!uter and $iles +n%e you/ve &urned U&untu to dis%$ you will need to prepare your %omputer "or your U&untu install( !his will depend on your desired setup3 2ost users will want to +-LY use U&untu as their sole operating system( )or this$ no extra prep is re.uired( )or those who wish to Aor need toB use *indows as well$ 0-1 have a %omputer new enough$ they %an opt "or a "ull install o" U&untu and then to use a =irtual 2a%hine to run the programs they need "or *indows( -o extra prep is re.uired "or this step either( AGeep in mind that you must have a valid *indows install dis% to %hoose this option(B )or those who wish to Aor need toB use *indows as well$ &ut don/t have a "airly-new %omputer with a multi-%ore pro%essor$ they %an opt "or a multi-partition setup( !his %onsists o" a sole %omputer with two operating systems installed on it$ and the +S to use %an &e %hosen at &oot( So i" you have &oth U&untu and *indows installed$ and you want to swit%h to the other operating system "or awhile$ you %an simply re&oot your %omputer and swit%h at the &oots%reen( 4" you wish to use this option$ 'eep an eye out "or the #dual-&oot setup# option in the 4nstallation se%tion( AGeep in mind that you must have a valid *indows install dis% to %hoose this option(B -o matter what you have %hosen a&ove$ you will need to erase your entire hard drive Aunless your hard drive presently has enough unpartitioned "ree spa%e on it$ whi%h is dou&t"ulB( 5e"ore you do this$ ma'e sure to &a%' up all o" your "iles to external US5 drives or dis's( Geep them sa"e until you %an o""load your data onto your %omputer again(
2.2.% - Installing Ubuntu
Load your U&untu install dis% into your %omputer and re&oot( !he %omputer should &oot "rom dis% automati%ally( 4" it doesn/t$ visit your %omputer manu"a%turer/s we&site and loo' through the support se%tion "or how to &oot "rom dis%( %1 '.'. Insta))in% ,buntu +n &oot$ U&untu will load an inter"a%e "rom >1$ then present you with this lovely s%reen3
4" you/d li'e to try the inter"a%e out a &it &e"ore you &egin$ "eel "ree to %li%' #!ry U&untu(# You will &e a&le to go to the installer via a lin' on the des'top( *hen you are ready to install$ %li%' #4nstall U&untu(# 1on/t &e a"raid i" U&untu seems really sluggish here &e"ore you install it - a"ter all$ it/s running "rom your >1 drive whi%h is many times slower than your a%tual hard drive will run8
>he%' #1ownload updates while installing# then %li%' >ontinue( %% '.'. Insta))in% ,buntu 4" you wish to use U&untu as your sole operating system$ %hoose #<rase dis' and install U&untu(# 4" you wish to use a dual-&oot setup as explained a&ove$ %li%' #Something <lse$# whi%h will ta'e you to a partition management s%reen( A0t this point you should see the Partitioning se%tion &elowB(
4" you de%ided to install U&untu with "ull-dis' en%ryption$ %he%' #<n%rypt the new U&untu installation "or se%urity# and %li%' >ontinue( !he next window will provide you with an opportunity to %hoose your se%urity 'ey( 4t/s re%ommended that you %hoose to #overwrite empty dis' spa%e$# espe%ially i" this is not a new %omputer(
*hile U&untu installs$ the next s%reens will give you the option to %hoose a variety o" options$ in%luding your time7one$ pre"erred 'ey&oard layout$ and %redentials( +n%e that/s done$ sit &a%' and en6oy the wait(
%$ '.'. Insta))in% ,buntu +n%e U&untu re&oots itsel"$ you will &e put at your login prompt$ then the des'top( You made it8
2.2.& - Getting Used to Ubuntu
U&untu is one o" the easiest Linux distri&utions to use( 4t/s per"e%t "or users loo'ing to set up their %omputer with minimal twea'ing and %on"iguration(
U&untu/s primary inter"a%e is %alled #Unity(# You/ll see that the des'top has a &ar on the upper edge o" the s%reen$ whi%h is where your noti"i%ations and your menu &ar "or appli%ations will pop up A2a% +S ,-styleB( 0long the le"t-hand side o" your s%reen you will see the 1o%'( !his has i%ons o" "re.uently used appli%ations that %an easily &e laun%hed "rom %/ '.'. Insta))in% ,buntu here Aagain$ li'e 2a% +S ,/s 1o%'B( You %an add or remove programs to the do%' &y simply %li%'ing and dragging them to or "rom the do%'(
Unity/s Aargua&lyB &est "eature is the Sear%h pane Asimilar to 2a% +S ,/s /Spotlight/ - do you see a pattern here@ 3B B( !his is the top magni"ying glass-shaped i%on on the do%'( >li%' here and you %an &rowse your appli%ations and your "iles depending on their type( 4t/s "airly intuitive and shouldn/t ta'e too long to "igure out( !here is also a sear%h &ox at the top where you %an enter part o" a "ilename or appli%ation name$ and it will &ring that o&6e%t up "or you to load(
4n the Sear%h &ox$ type #term# and %li%' the !erminal i%on that %omes up( !his is your standard Linux %ommand line terminal( *e will &e using this o"ten "or %on"iguring the %lient and setting up so"tware( !he good thing a&out U&untu is that there are graphi%al alternatives "or esta&lishing almost any setting - however it/s &etter to wor' "rom the %ommand line when one is learning$ to &etter gain a grasp o" what exa%tly is going on &eneath the appli%ations you are %on"iguring( 4n this guide$ graphi%al alternatives will &e mentioned when they are availa&le$ &ut we will always &e wor'ing "rom this terminal(
+n the do%'$ you will noti%e a pi%ture o" a gear and wren%h( !his i%on opens the System Pre"eren%es s%reen$ whi%h will allow you to %ustomi7e your system to your heart/s %ontent( 4"$ "or example$ your mouse seems a &it "aster here than it did in *indows@ Go to the 2ouse se%tion and you will &e a&le to ad6ust it to meet your needs( )eel "ree to play around with this &e"ore we get into the nitty gritty o" setting up your system(
2.2.' - Dual Boot artitioning ()!tional*
4" you need to 'eep a *indows installation on your hard dis' Aand are una&le to use a =irtual 2a%hineB$ you %an %hoose to set up a %ustom partition ta&le during the U&untu installer( -ote that you %annot use a %ustom partition ta&le 0-1 use "ull-dis' en%ryption in the U&untu installer at present(
)irst$ delete all existing partitions Aanything with a num&er a"ter the #EdevEsd@# &itB &y sele%ting them and %li%'ing the #-# &utton( !hen$ to %reate a new partition$ %li%' the #N# &utton( You will &e a&le to de"ine the partition/s si7e in mega&ytes A1$02L 25 O 1 G5B$ as well %2 '.'. Insta))in% ,buntu as sele%t its "ilesystem type and mount point( )or the main partition$ set it to the si7e you wish and set the mount point at #E#( Linux partitions should &e set to use the extL "ile system( )or the *indows partition$ 6ust leave some #"ree spa%e# that mat%hes the si7e o" the *indows partition you wish to ma'e( *hen you load your *indows dis% installer$ you will %reate a partition in this "ree spa%e and %hoose to install *indows here( Geep in mind that *indows re.uires a lot more spa%e to operate than Linux does( )or *indows you should loo' to set aside Aat a &are minimumB P0G5 o" spa%e "or the operating system and some appli%ation suites( %7 '.+. Gettin% ,sed to ,buntu +... Gettin' <sed to <buntu 2.%.1 + The Ubuntu ,-!erience 0s explained &e"ore$ U&untu/s main inter"a%e is %alled QUnityQ( !he menu &ar is along the top o" the s%reen$ where you will &e a&le to see the standard )ile$ <dit$ *indow$ and other menu &uttons( !his is mu%h li'e the "un%tionality o" 2a% +S ,( !owards the right side o" the menu &ar$ you "ind options &ased on the appli%ations you are running$ as well as the standard tray i%ons A-etwor'$ =olume$ SettingsB and the system time( %* '.+. Gettin% ,sed to ,buntu 0long the le"t side o" the s%reen$ you see U&untu/s version o" the *indows Start &ar or the 2a% +S , 1o%'( !his do%' shows you your "re.uently used appli%ations( You %an pull appli%ations to this 1o%' "or .ui%' re"eren%e$ or remove them simply &y pulling them o"" the 1o%'( !he "irst &utton on the 1o%' Awith the U&untu logoB &rings up the Sear%h pane( !his is the se%ond most %onvenient way to laun%h appli%ations in U&untu( !he Sear%h pane is your %enter "or "inding programs and "iles on your hard drive( You %an type the "irst "ew letters o" the appli%ation you are loo'ing "or$ and it will %ome up at the top o" your sear%h( You %an also type the name or other details a&out a do%umentE"ile you are loo'ing "or on your hard drive$ and the Sear%h pane will loo' "or it "or you( 0t the &ottom o" the pane$ you %an see some &uttons to "ilter your sear%hes( You %an %hoose to sear%h only "or appli%ations$ do%uments$ musi%$ photos$ or video( !he Sear%h pane also allows you to sear%h "or produ%ts "or sale on 0ma7on(%om Athough this %an &e turned o"" in System Pre"eren%es D Priva%yB( !he se%ond &utton in "orm o" a "ile "older is your )ile <xplorer( !his is analogous to the *indows <xplorer Aor %li%'ing #2y 1o%uments#B in *indows$ or the )inder in 2a% +S ,( 0s you %an see &y the photo a&ove$ the inter"a%e is very similar to &oth o" these other des'top environments( 2.%.2 + .!!lications and $eatures !he next app in the list &y de"ault is )ire"ox( !his runs the popular 4nternet &rowser( -ext$ we see three do%ument i%ons( !hese run Li&re+""i%e$ an o""i%e suite similar to 2i%roso"t +""i%e$ &ut open sour%e and %entered around open-sour%e "ile "ormats( Li&re+""i%e is very intuitive and easy to use( !he i%ons represent *riter "or word pro%essing$ >al% "or spreadsheets$ and 4mpress "or %reating presentations( U&untu has a %enter "or "inding new programs and utilities you might "ind use"ul$ %alled the U&untu So"tware >entre( !he So"tware >entre is identi"ied &y the pi%ture o" the shopping &ag in the 1o%'( :ere you %an "ind apps in a wide variety o" %ategories$ "ree or paid( 2ost o" them are a%tually "ree( You %an manage so"tware you/ve installed$ uninstall old pa%'ages$ or manage system updates "rom the So"tware >entre( %< '.+. Gettin% ,sed to ,buntu -ext is the U&untu +ne logo( U&untu +ne is a %loud solution provided &y >anoni%al AU&untu/s parent %ompanyB( 4t is similar to Google 1rive( You %an sign up "or a "ree a%%ount to store your musi%$ photos and do%uments online$ then a%%ess them "rom anywhere in the world on a variety o" di""erent plat"orms( !here are also paid options that unlo%' some additional "un%tionality( Last on the 1o%' list "or now is the System Pre"eren%es pane( !his is indi%ated &y the pi%ture o" the gear-and-wren%h in the 1o%'( :ere you %an %ustomi7e some o" your system/s most important "eatures$ li'e language$ dateEtime$ priva%y settings$ networ' pre"eren%es$ and more( %> '.+. Gettin% ,sed to ,buntu +ther appli%ations you will "ind o" interest$ &ut that may not &e in the do%'3 -hyth"bo2 - !his is U&untu/s de"ault musi% player( Similar to i!unes$ it plays your musi% and manages your li&rary with a %lean and intuitive inter"a%e( Thunderbird - !his is 2o7illa/s mail %lient$ mu%h li'e 2a% +S , 2ail$ or 2i%roso"t +utloo'( Te2t 0ditor - )an%y a .ui%' note@ Use this appli%ation$ analogous to -otepad on *indows or !ext<dit on 2a% +S ,( Ca)(u)ator - Sel"-explanatory8 Shotwe)) 8hoto %ana'er - 0 "ree photo li&rary manager$ very similar to 2a% +S ,/s iPhoto( :ead "urther into the 1o%' and the U&untu So"tware >entre$ and see what neat appli%ations you %an "ind8 +r go to %hapter 2(P in the Guide to get a list o" more appli%ations that may &e help"ul( 2.%.& + . Brie/ Introduction to the Ter#inal !he &ane o" every new Linux user is the !erminal( :owever it is mostly mu%h ado a&out nothing( *ith U&untu$ you %an use Linux on a day-to-day &asis without even needing to tou%h the terminal( 0nd its "un%tion is surprisingly simple when it %omes down to a%%omplishing &asi% tas's( $- '.+. Gettin% ,sed to ,buntu *hen you laun%h the !erminal$ you &egin in your :ome dire%tory( You %an tell this &y the tilde ARB in the %ommand prompt( Your lo%ation in the hard drive will always &e given in this spa%e( !o list the %ontents o" the dire%tory you are %urrently in$ type MlsM and press <nter AS1B( You 6ust ran your "irst %ommand via the !erminal8 !o navigate to a di""erent "older$ run M%dM and "ollow that with the "older name( 0s you %an see &elow$ 4 ran M%d 1o%umentsM$ and it put me in my 1o%uments "older AS2B( Simple enough( *hen you want to go &a%' to the "older Ali'e the #Up# &utton in *indows <xplorerB$ run M%d ((M and you will &e ta'en &a%' ASB( You %an run these %ommands via a&solute paths$ i(e( "olders that are not in the "older you are %urrently in ASL$ SPB( $1 '.+. Gettin% ,sed to ,buntu !his is the &asi%s "or navigating through "olders in the !erminal( )or "ile manipulation$ you %an "ollow the same pro%ess "or putting %ommand N "ile lo%ation together( >opying "iles is a%hieved with M%pM$ "ollowed &y the "ile you want to %opy$ then its lo%ation( So3 M%p sour%e"ile(txt EhomeEuserE1o%umentsEM will %opy the #sour%e"ile(txt# in the %urrent "older to your 1o%uments "older( 4n the same way$ you %an use #mv# to move$ or #rm# to remove "iles( You %an also use #m'dir# to ma'e new "olders( 5eyond simple "ile management$ using the !erminal %an &e &oiled down to one simple "a%t3 ter"ina) (o""ands are a**)i(ations *)us o*tions( <very appli%ation that you run on Linux has a %orresponding !erminal %ommand that %an &e used to run it( )urthermore$ these %ommands %an use option #"lags# to ad6ust its manner o" operation( $% '.+. Gettin% ,sed to ,buntu !o explain this$ let/s ta'e a loo' at a &asi% %ommand %alled ar( !09 is used to %reate ar%hives o" "iles or "olders$ mu%h li'e the T4P "ile "ormat on *indows( !o %reate a standard 7ipped-up !09 ar%hive o" a "ile$ we run the "ollowing %ommand3 ar -cvzf archivename.ar.gz fi1ename.ex !his %reates an ar%hive named #ar%hivename(tar(g7# that %ontains the "ile #"ilename(ext#( 5ut what a&out those letters "ollowing the MtarM %ommand@ !hose are the "lags( 4n Linux$ "lags are denoted with the #-# that %omes &e"ore them$ and usually %ome right a"ter the initial %ommand in the string( 4" you want to use more than one "lag$ you %an sta%' them$ li'e 4 did a&ove$ with 6ust one #-#( Let me explain what ea%h o" those "lags does "or this spe%i"i% ar %ommand3 ( means to A%Breate the ar%hive( You %an also use !09 to extra%t "rom existing ar%hives$ so that is why you must spe%i"y that you wish to A%Breate one( means to output AvBer&osely( 4n plain <nglish$ this tells !09 that we want to see everything it is doing$ as it does it( So it will then print out a list o" ea%h "ile it is %ompressing as it does so( +r$ i" it gets an error$ it will give us a "ull readout o" where the error o%%urred( z means to gA7Bip the !09 ar%hive( !his adds a level o" %ompression to our ar%hive$ so their %ontents will &e smaller than they would &e outside o" the ar%hive( Just li'e a T4P "ile on *indows( f means that we will spe%i"y the A"Bilename o" the ar%hive we will ma'e( +therwise$ !09 will automati%ally generate a name "or our ar%hive( <a%h %ommand you will want to use on the %ommand line has a %orresponding #manpage(# A4t might sound li'e a sexist name$ &ut it 6ust means #manual#8B :ere you %an get detailed in"ormation on how to use the %ommand$ as well as a list o" "lags and %ommonly-used options "or it( Simply run MmanM plus the %ommand you want to learn a&out( Mman tarM$ "or example$ will show you the manual and "lags list "or the MtarM %ommand( !here$ the !erminal is easy$ 6ust li'e 4 told you8 4t might not seem very %onvenient at "irst$ &ut the more you get to use it$ the .ui%'er "re.uent tas's %an pass &y$ leading to great in%reases in your produ%tivity( )or example$ to %reate a !09 ar%hive o" a "ile Aor "olderB$ &y the standard way you would need to laun%h the 0r%hive 2anager appli%ation$ mouse over to $$ '.+. Gettin% ,sed to ,buntu #-ew 0r%hive$# %li%' it$ type in a name$ type in a pla%e "or the ar%hive to &e$ mouse over the %he%'&oxes "or options$ %li%' and drag your "olders$ et% et% et%( 5ut with the !erminal$ a"ter learning how the %ommand wor's the "irst time$ you %an simply run a .ui%' %ommand "rom memory to do exa%tly what you want( You %an even %reate s%ripts A%alled #&ash s%ripts#B to automate tas's using the !erminal/s language( *e will %over this in a "uture guide( 5ut "or now$ pat yoursel" on the &a%'$ &e%ause you/ve %on.uered your "ear o" the !erminal8 $/ '.-. Se&urin% Web, .ai) and Chat A//)i&ations +.?. Se(urin' Web, 0"ai) and Chat !**)i(ations 2.&.1 - 0ecure "our Web Browsing Encrypt Your Connections with L!TL !he "irst step to ta'e in assuring your we& &rowser/s se%urity is to ma'e sure every %onne%tion possi&le is made over SSL( SSL should &e "amiliar to you &y now -- every time you log into your &an' a%%ount$ "or example$ you should see a little #https# in your address &ar with a little green %he%'-mar' or a lo%' sym&ol( !his means that your personal %onne%tion data is &eing en%rypted &etween you and the server you are %ommuni%ating with( Your username$ your password and other "orm data on the &an'/s we&site %annot &e #snooped# on &y anyone else on your networ'( 2ost sites that re.uire logons will have SSL %apa&ility( !he pro&lem is that SSL is o"ten not e.uipped &y de"ault on sites that don/t handle "inan%ial in"ormation( !his means that sites li'e )a%e&oo' might still &e handling your %onne%tions over regular unen%rypted :!!P &y de"ault( !o %hange that$ there are &rowser plugins that you %an use to en"or%e SSL &y de"ault "or any site that has it ena&led( !he <le%troni% )rontier )oundation has developed a tool named #:!!PS <verywhere# whi%h ena&les :!!PS &y de"ault on many popular sites and servi%es that have :!!PS availa&le( 4t %an &e paired with another plugin %alled :!!PS )inder or G5 SSL <n"or%er$ whi%h sear%hes other sites that appear to have :!!PS installed$ and passes them to :!!PS <verywhere( :!!PS <verywhere %an &e downloaded "or )ire"ox and >hrome A>hromiumB &y visiting the we&site( 4n )ire"ox$ %li%' the 4nstall lin'$ then %li%' 0llow$ then %li%' 4nstall -ow( You will need to restart )ire"ox &e"ore the plugin will &e ena&led( )or >hrome$ %li%' the 4nstall lin'$ %li%' #0dd to >hrome$# then %li%' #0dd(# !o install :!!PS )inder in )ire"ox$ open your &rowser than %li%' !ools D 0dd-ons( >li%' #Get 0dd-ons$# and sear%h "or :!!PS )inder( $2 '.-. Se&urin% Web, .ai) and Chat A//)i&ations !o install G5 SSL <n"or%er in >hromium3 go to the >hrome *e& Store and sear%h "or #G5 SSL <n"or%er# under #<xtensions(# 0nd in the "uture - "or <=<9Y site that re.uires a login$ ma'e sure that the address shows as :!!PS on the login page8 4" not$ go into your settings and there will o"ten &e an option to use :!!PS &y de"ault tu%'ed away somewhere( "loc# Monitoring cripts +n%e your %onne%tion data is se%ured$ there is now the matter o" tra%'ing s%ripts( <verywhere on the we&$ on nearly every %ommonly-used we&site nowadays$ there are #tra%'ers(# !ra%'ers %ome in many "orms &ut the most "re.uent way is via tra%'ing %oo'ies that are transparently downloaded to your %omputer$ or a%tive s%ripts that run on pages that report home with spe%i"i% data( !he idea o" we& tra%'ing is a very &road %on%ept &ut 4 will give two o" the most %ommon examples &elow( 1( Google 0nalyti%s -- !his is a pie%e o" so"tware run &y Google that gives we&masters a huge amount o" data on ea%h visitor( 4t %an pinpoint everything "rom their approximate geographi% lo%ation$ to details a&out their %omputer and its operating environment$ to how long they spent on the site$ what pages they loo'ed at$ and other details( 4t %an even tell what site you %ame "rom to get to a %ertain lo%ation$ and what site you visit when you leave( Some o" this in"ormation %an &e dis%erned simply &y loo'ing at one/s server logs$ &ut 0nalyti%s renders this mu%h easier( -ot everyone has a pro&lem with this data &eing in the hands o" we&masters$ &ut the "a%t that it is also 'ept &y Google %an &e more than worrying( 2( )a%e&oo' -- )a%e&oo'/s #5ea%on# s%ripts are everywhere on the we&( 0nywhere you see a dynami%ally-loaded #Li'e# &utton$ on a &log arti%le or on a %ompany/s we&site$ this in"ormation is sent to )a%e&oo'( *hat/s worse is that i" you are logged into )a%e&oo' Awhi%h most people are$ even i" it is not a%tively open in their &rowserB$ )a%e&oo' will &e a&le to mat%h your pro"ile with your *e& &rowsing ha&its( 4" you/d rather not sur" the we& with strange %orporations wat%hing your every move$ you %ertainly aren/t alone( !han'"ully there are &rowser plugins that %an help8 !here is one in parti%ular %alled Ghostery that is very e""e%tive at &lo%'ing tra%'ers you don/t want to see$ while still giving you the power to ena&le the ones you may "ind use"ul "rom time to time( 4" you li'e the a&ility to %li%' the #li'e# &utton "rom time to time$ "or example$ &ut don/t want Google 0nalyti%s to tra%' you$ you %an manually allow the )a%e&oo' tra%'er in Ghostery/s easy-to-sear%h data&ase( $7 '.-. Se&urin% Web, .ai) and Chat A//)i&ations !o install Ghostery in )ire"ox or >hrome$ go to the &rowser/s 0dd-ons se%tion and sear%h "or Ghostery( +n%e it is installed$ it will as' you what sites to &lo%'( 2y advi%e is to %hoose #Sele%t 0ll# to &lo%' tra%'ers &y de"ault( !hen$ later on$ i" you "ind one you need to use$ you %an go &a%' into your 0dd-on settings and un%he%' the &ox next to that tra%'er/s name( *ith Ghostery you %an also pause all tra%'ing easily( 4" you "ind a we&site doesn/t .uite wor' properly without its tra%'ers$ %li%' the Ghostery &utton in your &rowser window$ than %li%' the #Pause# &utton( !hen re"resh the page and try the "un%tionality again( Just don/t "orget to press #play# again when you are done8 $* '.-. Se&urin% Web, .ai) and Chat A//)i&ations Encrypt Your "rowsing with Tor !here is another option$ perhaps the most advan%ed one yet when it %omes to %ompletely anonymous 4nternet sur"ing( !hat option is !or( +riginally developed &y the US Government$ !or is a type o" #onion router# that routes your internet tra""i% through a %ompli%ated layered system( !here is mu%h to say a&out !or and a lot o" explaining &ehind how it wor's( 4" you are interested in it$ you %an visit the !or Pro6e%t on its we&site( 4" you would li'e to use !or "or anonymous &rowsing$ it/s easy to do so( :owever we will not &e installing !or using the U&untu pa%'age repository$ li'e has &een done in the past( Sin%e !or updates are %onsidered very important "or sta&ility and se%urity reasons$ we want to ma'e sure that we are getting them on time( )or this$ we will pat%h !or/s %ustom update server into our U&untu installation( !hat way$ whenever we run sudo ap-ge updae and sudo ap-ge upgrade$ !or will update itsel" whenever a new version is availa&le( )irst$ run ca /ec/debian_version to %he%' your U&untu/s version %odename( 4" you are using 12(0L$ the %odename is #pre%ise(# -ext$ open up /ec/ap/sources.1is and add the "ollowing line$ with your version %odename in the appropriate pla%e3 deb hp://deb.orprojec.org/orprojec.org $codename main -ext$ add the !or pro6e%t/s GPG 'ey$ used to sign its pa%'ages and veri"y their authenti%ity3 gpg --'eyserver 'eys.gnupg.ne --recv 88689 gpg --expor A3C4E0E979CAA22CBA8E512EE8CBC9E88689 | sudo ap-'ey add - !hen the "inal "ew %ommands3 sudo ap-ge updae sudo ap-ge insa11 deb.orprojec.org-'eyring sudo ap-ge insa11 or )rom this point on$ !or is installed and running on your system( 5ut &e"ore you %an use it$ you must %on"igure your &rowser to use it( You %an do this manually o" %ourse$ &ut we will use the most %onvenient and automati% method -- via a &rowser plugin( 1ownload the !or 5rowser 5undle "ound here( 2a'e sure you download the Linux version$ and the $< '.-. Se&urin% Web, .ai) and Chat A//)i&ations ar%hite%ture that %orresponds to your %omputer( 4" you don/t 'now your ar%hite%ture$ run uname -m( 4" you get #x?UQ?L# as a response$ you have a UL-&it systemK i" you get #i?U# or #iU?U# as a response$ you are using a 2-&it system( 0"ter downloading the pa%'age$ run the "ollowing to extra%t it and install3 ar -xvzf or-browser-gnu-1inux-*.ar.gz cd or-browser_* ./sar-or-browser !his will start a spe%ially-pat%hed version o" )ire"ox that has !or ena&led( You %an %reate a short%ut to the sar-or-browser s%ript on your des'top or in the side&ar$ and you will &e a&le to laun%h your !or &rowser whenever you want( You will need to reinstall your 0dd- ons in this !or &rowser$ and you will not &e a&le to use your old &rowser A>hrome or )ire"oxB i" you want to have the prote%tion o" !or( :owever the !or &rowser is &ased on )ire"ox$ so any plugins that wor' "or )ire"ox should also wor' "or the !or &rowser( 5e"ore you start using !or$ there are some things you should &e aware o" &e"ore you start sur"ing8 2a'e sure you %he%' out the list and are aware o" what they might mean "or you( 2.&.2 - 0ecure "our ,#ail Encrypt Your Connections $ith L!TL Just as it is important to use we&sites that ena&le SSL$ you will want to do the same with your email %onne%tion( 4" you always use your email in a &rowser$ li'e Yahoo 2ail or Gmail$ you don/t need to worry a&out this( 5ut i" you use a third-party %lient li'e !hunder&ird$ there are settings you should ma'e sure are set( 4n !hunder&ird$ %li%' <dit D 0%%ount Settings( +n the le"t side o" the window$ you will see an expanded list o" email a%%ounts( >hoose the one you want to set "or SSL and %li%' #Server Settings(# >onne%tion Se%urity should &e set to S!09!!LS( !hen %li%' #+G(# 4" you %hoose this and your email does not send or re%eive$ sele%t SSLE!LS in this "ield instead and try again 4" you experien%e %ompli%ations ena&ling SSL in your email %lient$ your email provider will give you instru%tions on how to do so in its :elp se%tion( 4t may have a di""erent server name or port %on"iguration "or you to enter here( $> '.-. Se&urin% Web, .ai) and Chat A//)i&ations Encrypt Your Messages with %&% PGP is the standard "or email en%ryption nowadays( 4t allows you to seamlessly en%rypt mail messages to people and have them 6ust as easily de%rypt them upon re%eipt( You might send a "ull message to someone$ and i" anyone that might %ome a%ross your message happens to open it without your 'ey$ this is all they will see3 -----BEGIN RGR MESSAGE----- Charse: ISO-8859-1 Version: GnuRG v2.0.19 (GNU/Linux) hQEMAyL1sE8aLy0uAQf9G12ng+ijfKmMEyInN6iauYaR6ITIrzOTK+ZiEHc1oAeKZwh 4zg1O6111AUU+nYC1WCTMKR1cIU0yOqp1INE19ZNn7qNneUcmYmfyaBATpz15qXiM5 mVMCrK82e1XGLRK'o76In4oh8WEVxISZhw4AT+Vx0jXqQR6HU'eK1sr4a+OTjSZ1T+i TYy0Q2RQjSLMp5xKyjoY9ArxOQBbznwRcwfRIMzUnCf2Q87uayssbp5HmnpZj8Izgm7 /Eehr'Qfn'1hAvgGRrN'/d8o+RK24h3p1AqpSres6O7'6OAehppAJ/TKUYoNZeM6qC eBOrRQohuSmGg3'NNLpAUJOONXIYEavuc2Iyb+phyBRSxrcZJ/e2RN/Xx7i6Ki/R3347f oZ0/GaVpUrwR9MQJLjawR/cVEEBY21ar4... 0n inde%iphera&le mess is all that awaits them( )or PGP to "un%tion properly$ you must generate a #'eypair# "or yoursel"$ and you must have the pu&li% 'ey "or your %hosen re%ipient( Let/s go through the steps( *e will use !hunder&ird and it/s <nigmail plugin to handle our email en%ryption and de%ryption( 4n !hunder&ird$ %li%' !ools D 0dd-ons$ %li%' Get 0dd-ons$ then sear%h "or and install <nigmail( +n%e the plugin is installed and !hunder&ird has restarted$ %li%' the +penPGP menu$ then %hoose the Setup *i7ard( /- '.-. Se&urin% Web, .ai) and Chat A//)i&ations >li%' -ext$ then %hoose the email a%%ounts you want to use en%ryption with( A9emem&er that you will have the %hoi%e whether or not to en%rypt ea%h message$ so you don/t have to worry a&out ma'ing everyone you 'now get PGP 'eys i" you don/t want to en%rypt your emails to them8B >li%' -ext again$ and "ollow the rest o" the wi7ard( 4t explains well the steps and options you need to %hoose$ and it also helps you automati%ally generate a PGP 'ey( /1 '.-. Se&urin% Web, .ai) and Chat A//)i&ations -ow$ on%e this is %omplete$ you have the option o" su&mitting your pu&li% 'ey to a 'eyserver( 0 'eyserver is li'e a sear%h engine "or people/s pu&li% 'eys -- i" you have someone you wish to %ommuni%ate with$ you %an import their 'ey "rom a pu&li% 'eyserver without them needing to give you their 'ey dire%tly( !his does not redu%e the se%urity o" your 'eys$ as the message %an only &e de%rypted &y the spe%i"i% re%ipient anyway( You are not re.uired to upload your pu&li% 'ey to a 'eyserverK i" you %hoose not to$ you will need to 'eep your messages signed with your PGP signature Awhi%h <nigmail usually ena&les &y de"aultB$ or you will need to export a %opy o" your pu&li% 'ey to an (as% "ile and give that to your %onversation partner( !o upload your 'ey to a pu&li% 'eyserver with !hunder&ird$ %li%' +penPGP D Gey 2anagement$ then right-%li%' your 'ey and %hoose Upload Pu&li% Geys to Geyserver( 4t doesn/t matter whi%h server you %hoose at this stage$ as they all will share their data with ea%h other( !o "ind someone else/s pu&li% 'ey on a 'eyserver$ open up Gey 2anagement then %li%' Geyserver D Sear%h "or Geys( !ype in the email address o" the person you want to email$ then %he%' the &ox next to their name( 4" their name doesn/t %ome up in the list$ you %an import a pu&li% 'ey that they give you in (as% "ormat &y %hoosing )ile D 4mport Geys )rom )ile( 4t is usually a &est pra%ti%e to use a 'ey that is given to you "rom someone rather than using a pu&li% 'eyserver$ i" you trust them( 9emem&er that i" you have uploaded your pu&li% 'ey to a 'eyserver$ you are pretty mu%h lo%'ed into using that 'ey( 4" you ever lose your 'ey"iles or want to %hange 'eys "or some reason$ you will need to generate and upload a revo%ation %erti"i%ate( !his is done to ensure trust$ and the 'nowledge that the 'eyholder really is who he purports to &e via their name and email address( 0"ter this$ you %an write en%rypted emails to whoever you want$ provided you have imported their pu&li% 'ey8 4" you %hose to automati%ally en%rypt your messages in the Setup *i7ard$ you don/t have to set anythingK i" not$ you %an %li%' +penPGP D <n%rypt 2essage in the -ew 2essage window to write an en%rypted message( +n%e you %li%' #send# and enter your password$ the message will automati%ally &e en%rypted( *hen you re%eive an en%rypted message "rom a %onversation partner$ !hunder&ird will automati%ally as' you "or your password$ and will de%rypt the message "or your viewing( !he message will remain en%rypted so you will need to enter your password ea%h time you wish to read it( /% '.-. Se&urin% Web, .ai) and Chat A//)i&ations 2.&.% - 0ecure "our Chat .!!lications Encrypt %idgin Chats with 'TR 4" mail is a &it too slow "or your taste and you pre"er 4nstant 2essaging A42B$ there is a solution "or you( !he %hat appli%ation Pidgin$ a mainstay o" Linux %ommuni%ation suites$ has a plugin named #+!9# A+"" !he 9e%ordB that %an &e used to en%rypt your %hat %onversations( 4t operates in a similar way to PGP$ in that you must "irst ex%hange pu&li% 'eys with your %onversation partner( 4" you don/t already use Pidgin$ it is availa&le "or install in the U&untu repositories( !o install the +!9 plugin$ head to the >ypherpun's site and download the tar&all "or the +!9 Li&rary and !ool'it$ as well as the one "or #+!9 Plugin "or Pidgin(# !hen run the "ollowing3 ar xzf 1ibor-*.ar.gz cd 1ibor-* ./configure --prefix=/usr ma'e sudo ma'e insa11 ar xzf pidgin-or-*.ar.gz cd pidgin-or-* ./configure --prefix=/usr ma'e sudo ma'e insa11 !his will install &oth the re.uired li&raries "or +!9 as well as the plugin spe%i"i% to Pidgin( !o %on"igure the plugin$ open Pidgin and %li%' !ools D Plugins( >he%' the &ox next to #+"" !he 9e%ord 2essaging(# !hen$ %li%' the entry "or #+"" !he 9e%ord 2essaging# and %hoose >on"igure Plugin( /$ '.-. Se&urin% Web, .ai) and Chat A//)i&ations :ere you %an %hoose a set o" options &ased on how you want the plugin to &ehave( 0lso$ you %an %hoose to generate a 'ey "or a spe%i"i% a%%ount( +n%e you &egin a %onversation with a "riend who also has +!9 ena&led$ you will see a noti"i%ation display that you %an &egin a %onversation with that person( >li%' #-ot Private# and %hoose #Start Private >onversation# to ena&le en%ryption with the a%tive %onversation partner( 0nd you/re o""8 +!9 is notoriously easy to set up and use( // '.-. Se&urin% Web, .ai) and Chat A//)i&ations 2.&.& - $urther 1eading :ow !o3 Prote%t Your Priva%y with Ghostery - >hip(eu !or do%umentation "or Linux <nigmail PGP Hui%' Start Guide :ow to Use +!9 to 4nitiate a Se%ure 2essaging Session in Pidgin - !a%ti%al !e%hnology >olle%tive /2 '.0. A11.2DI34 1o/u)ar A//)i&ations +.@. !880ADI>B 8o*u)ar !**)i(ations !he "ollowing is a non-exhaustive list o" "re.uently used appli%ations and "ile "ormats that may ma'e your swit%h to Linux easier( !here will &e multiple %hoi%es "or some types o" appli%ations( +n U&untu$ most o" these appli%ations %an &e "ound in the U&untu So"tware >entre$ or &y running sudo ap-ge insa11 $appname in the !erminal( 2.'.1 + .!!lications2 3edia !he de"ault musi% player that %omes with U&untu is -hyth"bo2( 9hythm&ox is a de%ent musi% player with many "eatures similar to i!unes( 4t has an easy-to-use li&rary view$ with integrated pod%ast$ Last("m and musi% store integration( 4t also "eatures a plugins system that %an extend its use &eyond simple musi% play&a%'( /7 '.0. A11.2DI34 1o/u)ar A//)i&ations /anshee is also a good option$ and it is even QmoreQ li'e i!unes "or those who are used to its inter"a%e( )or those who use G1<$ you %an %he%' out !"aro& or C)e"entine( 0nother option "or more advan%ed users is "*d( 2pd is te%hni%ally an audio server that streams to lo%al %lients( *hen you use mpd$ you will there"ore set up the audio server Awhi%h is always runningB as well as a %lient to inter"a%e with it( 0 "avourite mpd %lient is n("*(**( 4t has a strange a%ronym o" a name$ &ut it is very "ast and has a "ully "un%tional graphi%E%ommand-line inter"a%e( )or those who li'e to %ustomi7e their des'top environments$ n%mp%pp is a hit$ as it is as %ustomi7a&le as any other !erminal window( /* '.0. A11.2DI34 1o/u)ar A//)i&ations !he old stand&y "or playing video on Linux is V1C$ mu%h li'e it is on other plat"orms( 4t %an play a very wide variety o" di""erent video "ormats$ supports su&titles and multiple audio tra%'s$ and is also extensi&le &y plugin( 4t/s also very "ast8 U&untu %omes with a standard image viewer %alled I"a'e Viewer( !his is analogous to *indows/ 4mage Preview$ &ringing de%ent .uality image viewing to the G-+2< des'top( )or other des'top environments or distri&utions$ Viewnior is a very "ast and lightweight repla%ement "or 4mage =iewer and is highly re%ommended( Geeping photo li&raries on Linux is easy with Shotwe))( Shotwell is essentially a Linux %lone o" the popular iPhoto "or 2a% +S ,( You %an import images "rom your hard drive or dire%tly "rom your digital %amera( 0r%hive your photos &y date$ &y event or &y tag( )or editing graphi%s$ the most %ommon open sour%e solution is !he GI%8( *hile not .uite as "ast or as usa&le as Photoshop$ !he G42P is still very power"ul and a%tively developed$ &ringing intensive image manipulation %apa&ility to Linux( /< '.0. A11.2DI34 1o/u)ar A//)i&ations 4" you wor' with ve%tor images or graphi% design on a regular &asis$ %he%' outIn&s(a*e$ whi%h has many o" the same "eatures as 0do&e/s 4llustrator( !he most-used option "or audio editing on Linux is !uda(ious( 0uda%ious is also widely used on other plat"orms li'e *indows( 4t is easy enough to use "or &eginners to audio editing or pod%asting$ &ut "lexi&le enough "or experien%ed pro"essionals( )or we&%ams$ Cheese is a good option "or G-+2<-&ased des'tops( )ans o" e&oo's and 'eeping digital li&raries %an %he%' out (a)ibre$ whi%h is a very power"ul and "eature-ri%h e&oo' li&rary( /rasero %omes de"ault with U&untu$ and is used "or >1E1=1 &urning( /> '.0. A11.2DI34 1o/u)ar A//)i&ations 2.'.2 + .!!lications2 Utilities U&untu/s de"ault text editor is 'edit( Gedit is a "ine standalone text editor "or in"re.uent use( 0nother very "ast and lightweight option is )eaf*ad( )or more text editors that might &e o" &etter use while programming$ %he%' out the Produ%tivity se%tion( U&untu %omes with a standard ar%hive manager %alled Await "or itB !r(hie %ana'er( )rom here$ you %an easily %reate or modi"y your ar%hives o" many di""erent types( TrueCry*t is very o"ten used &y those who wor' with sensitive "iles$ or simply wish to en%ryptEpassword-prote%t some "olders on their system( +ther utilities o" use in%lude the Ter"ina) "or running %ommands$ or ina're "or =-> %onne%tions to other %omputers( 2.'.% + .!!lications2 4etwor5ing U&untu %omes installed &y de"ault with Firefo2$ the %ommon %ross-plat"orm &rowser that AnearlyB everyone loves( 4" you don/t love )ire"ox$ you %an install Chro"iu"$ whi%h is the Linux version o" Google >hrome( !here is also 5*era or other &rowsers availa&le "or Linux( )or email$ the main %hoi%e is Thunderbird$ whi%h is also installed &y de"ault in U&untu( 4t is analogous to 2ail in 2a% +S ,$ or to 2i%roso"t +utloo' "or *indows( 0o)ution is the runner-up in the 2ail %ategory$ whi%h is in%luded &y de"ault in the G-+2< des'top( C%ai) is a de%ent option "or G1< users( 2- '.0. A11.2DI34 1o/u)ar A//)i&ations )or instant messaging$ 8id'in is %ommonly used( You %an use Pidgin with 042$ 4>H$ 2S-ES'ype$ Google !al'$ ,2PP$ )a%e&oo'$ 49> and many many other proto%ols( 4t is easy to use$ and supports a wide variety o" plugins to extend and personali7e its use( 0"*athy is the %lient that %omes &uilt-in with U&untu$ and it supports a great deal o" proto%ols as well( +ther %hoi%es in%lude irssi "or a %ommand-line 49> %lient$ or Duasse) "or a "ull-"eatured deluxe GU4 49> %lient( 4" you are a "re.uent mi%ro&logger "rom your des'top$ Dwibber %omes &uilt in with U&untu$ and supports posting to !witter and 4denti%a( +ther than that$ 8o))y is a "antasti% standalone !witter %lient "or the G-+2<EUnity des'top( !hose who read 9SS "eeds "rom des'top appli%ations %an %he%' out Li"erea$ 9SS+wl$ or 0'regator AG1<B( )inally$ Trans"ission is "re.uently used "or torrent downloads and management( 21 '.0. A11.2DI34 1o/u)ar A//)i&ations 2.'.& + .!!lications2 roducti6it7 !he 'ing o" open sour%e produ%tivity so"tware on Linux is presently the 1ibre5ffi(e suite( Li&re+""i%e in%ludes a word pro%essor$ spreadsheet editor$ presentation %reator$ math "ormula %reator$ and simple graphi% design program( 0n alternative to Li&re+""i%e is the 5*en5ffi(e suite$ the an%estor pro6e%t to Li&re+""i%e( U&untu %omes with a &uilt-in P1) reader %alled Do(u"ent Viewer( 4t %an view and edit P1)s as well as other do%ument "ormats li'e PostS%ript( Lighter options "or P1) readers in%lude Eathura or %u8DF( )or programming text editors$ Geany is a good option( +ther options in%lude S(iT0$ /)uefish or S(ribes( 4" you are loo'ing "or a more "ull-"eatured 41<$ you %an try 0()i*se or !*tana( 2% '.0. A11.2DI34 1o/u)ar A//)i&ations The CitizenWeb Guides 6 Four 8ersona) Serer ..1. Why a 8ersona) Serer# !he short answer is3 /e(ause you don,t hae to sa(rifi(e features, fun(tiona)ity or (o"fort Gust be(ause you are (on(erned with se(urity and *ria(y. %.1.1 - The ros 2any people loo' to Google$ )a%e&oo' and other large plat"orm servi%es "or the ex%eptional %onvenien%e they o""er( *ith all o" the servi%es availa&le to us online these days$ it/s easy to see how they %an improve our lives and ma'e us live or wor' &etter( :owever there are signi"i%ant ris's to using these servi%esK ris's that are only deepening and &e%oming more serious with time( *hat most people do not reali7e is that$ on%e the initial investment o" &uying or hosting your personal server is passed$ sel"-hosting data is very easy and re.uires little to no sa%ri"i%e o" "un%tionality( 0re you addi%ted to Google >alendar and %an/t live without it syn%ing a%ross your %omputers and devi%es@ >he%' out own>loud$ whi%h lets you do the exa%t same things$ &ut gives you the %ontrol over your data that Google %an no longer provide you with( 0re you lost without your Gmail a%%ount@ You %an host your own email and have all o" Gmail/s "eatures in the %lient o" your %hoi%e( Plus$ you %an still syn% your mail and %onta%ts e""ortlessly a%ross your devi%es( You %an have your own #personal %loud$# a %ustomi7a&le plat"orm servi%e that meets your needs$ without selling your personal in"ormation to mar'eting agen%ies or over7ealous governments( You %an do it &y hosting your very own 4nternet-%onne%ted server( !he most su&stantial #pro# to hosting your own data with a personal server is the priva%y "a%tor( 0s mentioned repeatedly in this guide$ data given to plat"orm servi%es li'e Google or )a%e&oo' ris's &eing handed to mar'eting agen%ies or governments without your %onsent$ and in some %ases without you even 'nowing( *hen your data is sel"-hosted and properly se%ured$ you %an &e sure that your in"ormation will not "all into the hands o" mar'eters( )urthermore$ governments will &e re.uired to physi%ally intervene with warrants or other methods i" they suspe%t you o" something$ whi%h is mu%h less %ommon and %ostly than the &ul' inter%eption they pra%ti%e today( 2$ +.1. Why a 1ersona) Server! )or these reasons$ sel"-hosting your own server is a huge plus "or a%tivists$ whistle&lowers or 6ournalists( 5ut it is also very important "or %ommon$ everyday 4nternet users li'e you and me( !he more data we share a&out ourselves online$ the larger that Google and )a%e&oo' get$ the more irresista&le targets they will ma'e "or mar'eters and governments( *e are already seeing today how simply standing up "or what is right in so%iety %an get you &ullied$ threatened$ a&used$ extradited and worse( 4" you are sure that nothing you do right now %an get you into trou&le$ %an you &e sure that in ten years "rom now$ the positions you ta'e or the data you own FFnowFF won/t &e used to get you into trou&le@ !he 4nternet is a time ma%hine -- any %omment you ma'e on a plat"orm servi%e %an &e indexed and potentially used against you( !his is why a de"ault state o" priva%y must &e en"or%ed on the we& -- and i" servi%es li'e Google or )a%e&oo' won/t do it "or us$ then we must &e prepared to ta'e matters into our own hands$ &y sel"-hosting our data and re"using to parti%ipate in their systems( %.1.2 - The Cons 1e%entrali7ing the 4nternet isn/t always a "ield o" "lowers -- sometimes it %an &e a downright annoying experien%e( !here are a "ew di""erent pit"alls that one must &e aware o" &e"ore they ta'e the plunge and host their own server( Perhaps the most signi"i%ant draw&a%' is in downtime( Google/s servi%es$ while they have &een su&6e%t to very pu&li% and unexpe%ted downtimes in the past$ are overall very sta&le and well-managed( !his %annot possi&ly &e mat%hed in a home server environment$ when data is isolated to only one node( 4" you host your server at home$ this server will &e su&6e%t to any power outages$ 4nternet servi%e interruptions$ or a%%idental unplugs when your %at tries to ma'e a home &ehind your %omputer( +n%e a downtime o%%urs$ you will not &e a&le to intera%t with usersK i(e( people will not &e a&le to see your we& server$ send you emails$ or do mu%h o" anything else( -ext %omes the se%urity aspe%t( <very server on the 4nternet represents a target "or ha%'ers and s%ript 'iddies( +n%e they %an get a%%ess to a vulnera&le ma%hine$ they %an try to troll through it "or your personal in"o$ or 6ust use it as a host "or spam mail or monitoring your 4nternet use( You will not have the se%urity experts at Google ma'ing sure that your servi%es are under lo%' and 'ey -- FFyouFF will &e your own se%urity expert( Lu%'ily this is not very di""i%ult$ as the tips outlined in this guide should di""use a de%ent ma6ority o" %ommon atta%' ve%tors( :owever nothing is 100V se%ure$ and a sel"-hoster must remain vigilant that their %on"iguration is "re.uently updated and not %ompromised( 2/ +.1. Why a 1ersona) Server! 5e%ause o" these downsides$ %ontingen%y plans should &e made o"ten( 4" you have the resour%es$ rent a =PS that you %an swit%h to i" your main server goes down( Pra%ti%e "re.uent en%rypted &a%'ups to external media or o""site lo%ations( 2a'e sure to redu%e your ris' o" #going down# as mu%h as possi&le i" you are going to &e hosting %riti%al %ontent( %.1.% - T7!es o/ 0er6ers 4" you don/t have the spa%e to set up a traditional dedi%ated server in your own home$ or are una&le to do so "or other reasons$ don/t worry -- there are a "ew di""erent ways to sel"-host your data$ and we will loo' at ea%h o" them here( (edicated er)er !his option %onsists o" having a standard %omputer in your home that is %onne%ted to the 4nternet andEor a home networ'( !his server %an &e any used des'top %omputer that you have lying around$ or a %ustom-&uilt one "rom ordered parts( +n%e the %omputer is ready$ it %an &e stored in a %loset or a tu%'ed-away %orner o" your home( 4t does not re.uire a %onstant monitor or 'ey&oardEmouse %onne%tion to &e "un%tionalK you %an %ommuni%ate with it via SS: Aexplained in this guideB to %on"igure or maintain your running servi%es( !his option is the &est "or running a large amount o" online servi%es at on%e( 0s it has more pro%essing power than em&edded miniservers$ it %an handle more servi%es and more visitors than a 9asp&erry Pi might &e a&le to( 0lso$ while it is more expensive "rom the start Areasona&le %ost estimates "or a &rand-new dedi%ated server run &etween WP00 and W;00 US dollarsB$ a dedi%ated server %an &e more %ost-e""e%tive in the long run when %ompared to the monthly %ost o" a virtual private server A=PSB( :owever$ as suggested a&ove$ dedi%ated servers do ta'e up mu%h more spa%e than em&edded miniservers or Ao&viouslyB =PSes( !hey re.uire a larger initial investment$ and will generally re.uire spe%ial servi%es "rom your 4nternet Servi%e Provider A4SPB in order to ma'e them "ully "un%tional( 0lso$ in %ase o" a move$ power outage or other un"oreseen servi%e interruption at your home$ you will &e without a way to host your %ontent until the interruption passes( 22 +.1. Why a 1ersona) Server! E*bedded Miniser)er +Raspberry %i, !his is a relatively new option when it %omes to sel"-hosted servers$ &ut it is one that is rapidly gaining popularity( 9asp&erry Pi mini%omputers %an &e pur%hased "or only W2PUS1( *ith an exterior %ase and a dedi%ated networ' %onne%tion$ they %an o""er a host o" simple server appli%ations$ su%h as we& servers$ email servers and data&ases( !hese miniservers %annot &e &eat when it %omes to the initial investment %ost$ providing a huge advantage to those who do not have hundreds o" dollars lying around( !hey also still provide the se%urity o" physi%al ownership and %onstant a%%ess that a =PS %annot o""er( <m&edded miniservers are$ however$ de%idedly slower and not a&le to handle nearly as mu%h load as a dedi%ated server &ox( !heir use should &e restri%ted to o""ering simple we& servi%es only$ and not heavy media-intensive server apps( 0nd as mentioned a&ove$ these servers are still hosted at your home$ so they will still &e su&6e%t to o%%asional power outages or other interruptions as they a""e%t you( -irtual %ri)ate er)er +-%, 0 virtual private server A=PSB is a virtual ma%hine that is hosted elsewhere( !his is done typi%ally &y a hosting %ompany( !he di""eren%e &etween =PS hosting and traditional we& hosting is that you %an run anything on a =PS 6ust as i" you were using your own physi%al %omputer( You %an a%%ess your virtual server via SS: or =L> "rom wherever it is in the world( =PSes have many &ene"its over other server types( )irst$ they do not re.uire a massive initial investment$ li'e a traditional server might( !hey are usually o""ered "or monthly or yearly "ees paid to the hosting %ompany( 0s the server is virtual and hosted elsewhere$ you do not need to worry a&out storing it in your home$ nor do you need to %hange your a%%ount with your 4SP( )urthermore$ i" you are a whistle&lower or a%tivist and live in a %ountry with parti%ularly egregious monitoring or sei7ure laws$ you %an order a =PS in a %ountry that does not have su%h stringent rules( )or example$ there are =PS %ompanies in 4%eland$ a %ountry 'nown "or its "reedom o" spee%h and prote%tions "or 6ournalisti% pu&li%ation( !hese virtual servers do have their downsides( )irst$ they are generally not .uite as %apa&le as dedi%ated home servers$ &ut are still &etter than em&edded miniservers li'e the 9asp&erry Pi( You %an pur%hase a very power"ul =PS$ &ut this will li'ely %ost you a signi"i%ant monthly "ee over the standard pa%'age %osts( !his leads to the se%ond point3 the aggregated %ost that you pay "or a =PS over many months will undou&tedly &e more than what you pay "or 6ust &uying a dedi%ated server( 0nd "inally$ there is always the issue o" personal assuran%e3 you %annot physi%ally assure the se%urity o" data on your =PS( !he =PS may also &e su&6e%t to the snooping or sei7ure laws o" the %ountry it is &ased in$ regardless o" your own nationality( 4t is o"ten a good idea to en%rypt any personal data stored on a =PS &e%ause o" this( 27 +.'. 5efore 6ou 5e%in4 7/tions, Confi%uration and 8ardware ..+. /efore Fou /e'inB 5*tions, Confi'uration and 7ardware A-ote that =irtual Private Server A=PSB users %an s'ip this arti%le entirely( <m&edded miniserver users li'e those with the 9asp&erry Pi %an s'ip down to se%tion (2((B %.2.1 - 8ist "our )!tions *hat do you want your server to do@ *hat will it &e handling "or you on a daily &asis@ !hese are important .uestions to answer &e"ore shopping "or your server hardware( Wi)) you be runnin' hardwareHintensie seri(es# Servers that run virtual ma%hines or media servers traditionally have mu%h higher hardware re.uirements than simple emailEwe& servers( !he more =2s you want to run$ the &etter >PU you will needK similarly$ the more media servi%es you wish to host$ the more memory you will need( )or any server that is to run a media servi%e$ it is re%ommended to have at least ?G5 o" memory( Wi)) this be a 4head)ess4 serer# *ill this %omputer need to &e used dire%tly$ or %an you simply put it in a %orner and manage it "rom your laptop via an SS: %onne%tion@ 4" you need to a%%ess it more than on%e$ it would &e a good idea to &uy a monitor as well( Geep in mind that you will need to use a monitor during the server setup$ &ut i" you have another des'top$ you %an &orrow that monitor 6ust "or the installation( Wi)) this be a firewa)) or networ& (ontro))er# 1o you plan on using this %omputer to serve as a "irewall instead o" using your existing router %on"iguration@ *ill this %omputer &e serving 1:>P %lients$ or will you leave that to another router %onne%ted to the networ'@ 4" you/ve answered yes to any o" those .uestions$ it would &e a good idea to get a server mother&oard e.uipped with two ethernet ports A-4>sB( +ne will &e #"ront-"a%ing$# that is$ %onne%ted to your %a&leE1SL modemK the other will %onne%t to a hu& or wireless a%%ess point "or your internal networ'( 2* +.'. 5efore 6ou 5e%in4 7/tions, Confi%uration and 8ardware Aetwor&Hatta(hed on)y :no firewa)); Aetwor&Hrouted and firewa))ed
%.2.2 - Bu7 9ardware -ow we get to the "un part - doing some shopping8 Load up your "avourite %omputer parts vendor and let/s get started( Popular parts vendors in the US and >anada are -ewegg and !iger1ire%t( -ewegg usually has the &etter pri%es and availa&ility$ &ut whi%hever one you pi%' is up to you( 4t/s usually &est to ma'e lists on a "ew di""erent sites to see whi%h one a%tually has the %heapest pri%e "or that spe%i"i% appli%ation( 4n the UGE<urope$ %he%' out 2is%o( C%U !he most popular server >PUs these days are 4ntel$ hands down( !he Sandy 5ridge and 4vy 5ridge-%lass pro%essors are really without %omparison when it %omes to per"orman%e and dependa&ility( You %an "ind de%ent ones "or &etween W2P0 and WP0 that will provide more than enough power "or what we are loo'ing to a%%omplish with our server( 4t is also important to remem&er your >PU/s %ooling re.uirements( 2ost new 4ntel >PUs %ome with %heap &ut de%ent %ooling "ansK though i" you are loo'ing to improve your server/s noise produ%tion$ it may &e a good idea to &uy a ni%er "an as well( Just ma'e sure the "an is %ompati&le with your %hosen >PU/s so%'et type( 2< +.'. 5efore 6ou 5e%in4 7/tions, Confi%uration and 8ardware Me*ory Some individuals and %ompanies may %onsider this heresy$ &ut you really don/t need to &uy the most expensive 902 out there in order to have a dependa&le and .ui%' system( 4" you are spending more than W1P0 on 902$ you are very li'ely spending too mu%h( 1e%ent server memory is not too mu%h more than normal memory( Motherboard !he mother&oard is where the entire system %omes together( >hoosing one depends on the servi%es you wish to o""er with this server( ;;V o" the time$ you will want to %hoose a server mother&oard( !hese &oards support server-%lass >PUs li'e the 4ntel ,eon series( )urthermore$ most o" them %ome with two <thernet ports A-4>sB( !his is indispensa&le "or servers that a%t as routers "or internal networ's$ or servers that will host emailEwe& servi%es( 0 %ommon setup is to plug the %a&leE1SL modem into the "irst -4> as a #"ront-"a%ing# inter"a%e$ then to route the internet %onne%tion through to the se%ond -4>$ whi%h is %onne%ted dire%tly to your networ' hu& or wireless a%%ess point( 4t is possi&le to get &y with a standard mother&oard and >PU i" you only want to do media sharing on your internal networ'$ &ut i" you are even F%onsideringF doing more than that$ it/s &est to go "or the server mother&oard and >PU( 9egardless o" the %lass o" mother&oard you go with$ the most important mat%h you will ma'e is &etween mother&oard and >PU( You 2US! remem&er to pair them &y their so%'et type( )or example$ so%'et LG011PP >PUs might not "it every so%'et LG01UU or LG02011 mother&oard$ et%( 0lso 'eep 902 AmemoryB in mind( 2other&oards have di""erent types$ so%'ets and speeds "or 902$ as well as limits to how mu%h memory they %an handle$ so ma'e sure you %an "ind one that wor's with your memory re.uirements( Your mother&oard/s manual$ usually availa&le in P1) "rom the manu"a%turer/s we&site$ will have all o" this in"ormation( 2> +.'. 5efore 6ou 5e%in4 7/tions, Confi%uration and 8ardware Case >ases might not seem li'e an important %onsideration$ &ut there are two %riti%al elements to &e aware o" when %hoosing one to meet your needs( Size3 !here are many si7e designations "or mother&oards3 0!,$ 2ini 0!,$ 2i%ro 0!,$ et% et%( 2a'e sure the %ase is the %orre%t si7e "or the mother&oard you are loo'ing to pur%hase( 8ower Su**)y3 2ost %ases these days %ome with their own power supplies$ &ut they are not all %reated e.ual( 4" you are planning on pur%hasing a %omputer with an 4ntel server >PU$ you will de"initely need a power supply with 2L-pins Aor #20NL#B( !he extra L pins are re.uired to meet the mother&oard and >PUs extra re.uirements( Geep in mind that$ i" you have your heart set on a parti%ular %ase that %omes with an in%ompati&le power supply$ you %an always remove the old one and install one separately pur%hased( .ard (ri)e+s, 0gain$ the type o" hard drives you will need will vary depending on what you want to a%%omplish with them( )or simple we&Eemail servers$ you will not need mu%h spa%e at all( )or those loo'ing to do any sort o" "ile hosting$ spa%e will li'ely &e very important( You %an pi%' a %ertain num&er o" drives that %an &e mat%hed via a 9041 array$ whi%h %an either3 (((stripe them together Ai(e( e""e%tively ma'ing Lx 2!5 drives into one giant ?!5 driveBK ((( +9 mirror them$ "or an instant &a%'up in %ase one drive in the "ormation "ails( A2a'ing Lx 2!5 drives into two sets o" L!5 drives$ with one a%ting as a live &a%'up in %ase the other set goes downB( 1rives should also &e pur%hased a%%ording to their type and the %ompati&ility with the mother&oard( -early every mother&oard these days supports S0!0$ the new standard "or drive %onne%tivityK however there are multiple types o" S0!03 1(PG5Es$ (0G5Es and the newer U(0G5Es( 4" your mother&oard supports U(0G5Es$ and you plan on hostingEmoving very large "iles with your server$ it would &e worth it to %onsider U(0G5Es S0!0 driveAsB( )inally$ &rand name and warranty does still mean something$ espe%ially sin%e hard drives are su%h important %omponents in your server( 0"ter all$ all your personal data rests on themK repla%ing the drive is mu%h easier than repla%ing the data( Go with a &rand that is 'nown to &e good( *estern 1igital 5la%' series drives have a good re%ord o" dependa&ilityK many o" them also %ome with re%ord P-year warranties$ ma'ing them an ex%ellent option( 7- +.'. 5efore 6ou 5e%in4 7/tions, Confi%uration and 8ardware 'ther tuff +ther things you will need to %onsider3 Gey&oardE2ouse >1E1=1 drive Power strips and plugs 2onitor3 9emem&er that this is optional i" you are going to run a headless server$ &ut you will at least need a%%ess to one temporarily when you install your distri&ution( %.2.% - I0 and Do#ain 4a#e )!tions 4" you are not planning to use your server to host any external A4nternetB servi%e$ +9 you have opted to use a =irtual Private Server A=PSB$ you %an s'ip this se%tion( 1ealing with your internet servi%e provider$ no matter how mu%h you might dread it$ will &e a ne%essary %omponent o" this setup i" you plan on hosting a we&site or your email on this server( Your server needs the a&ility to &e lin'ed to a domain name$ whi%h means it also needs a stati% 4P( !his is something your internet servi%e provider %an give you( 4" you want to host multiple servers and servi%es on =2s Asay a "ileserver =2 and an emailEwe& host =2B it would &e a good idea to also get a stati% su&net( Usually when you %onne%t to the 4nternet$ your servi%e provider gives you a dynami%ally-set 4P address to use( :owever when your we&Eemail servi%es go live$ the 4nternet will need a steady and stati% address with whi%h to loo' you up( !his is why at least one stati% 4P address is re.uired( 0 stati% su&net is an extension o" the a&ove idea$ &ut it o&tains multiple stati% 4P addresses that &elong to a spe%i"i% #su&net$# or a su&set o" 4P num&ers( )or example$ i" you were to o&tain what is %alled a #E2; su&net$# that gives you six stati% 4P addresses to use( Some residential internet providers no longer allow %lients to re.uest stati% 4P addresses or su&netsK i" this is the %ase$ you may need to %onsider springing "or a 5usiness %lass plan$ as these always have the a&ility to o&tain stati% 4P addresses( 4n many %ases they are not more than W10 or W1P more than your original residential plan would &e( +n%e you/ve dealt with your 4SP$ you must pur%hase a domain name( !his will li'ely &e mu%h easier Aand pro&a&ly %heaperB than the prior step( !here are many de%ent domain name 71 +.'. 5efore 6ou 5e%in4 7/tions, Confi%uration and 8ardware registrars out there$ &ut 4 have to re%ommend -ame>heap(%om( 0s "ar as pri%e$ ease-o"-use and %ustomer servi%e are %on%erned$ they are %onsistently %ited as one o" the very &est( )or a domain$ you %an %hoose anything with any endingK though something simple is advisa&le i" you are to &e using an email address as well( -othing li'e typing a 1P-%hara%ter domain when you want to send someone an email( *hen &uying a domain name$ 'eep in mind that the domain you pur%hase will &e su&6e%t to the laws and regulations o" the %ountry that you register it in( *i'ipedia ran into trou&le in the United States when its #(org# address was res%inded &y US authorities &e%ause it pu&lished material that the government wasn/t too happy to see( !he %ommon #(%om$# #(net# and #(org# are overseen &y the US Government( +ther %ountries$ su%h as 4%eland$ have a more "avoura&le poli%y towards the pu&lishing o" %ontroversial or lea'ed in"ormation that would &e in the pu&li% interest( 4t/s advisa&le "or those who loo' to post potentially sensitive in"ormation to %onsider an 4%elandi% domain( )or more in"ormation regarding 4%eland/s national "reedom o" expression poli%y 'nown as the #4%elandi% 2odern 2edia 4nitiative$# visit its we&site( *ith the stati% 4P in hand and the domain name registered$ it/s time to get them lin'ed together( +n your domain registrar/s a%%ount page$ there will &e a pla%e mar'ed something li'e #:ost 9e%ords# or #1omain Settings(# A+n -ame>heap it is "ound at 2y 0%%ount D 2anage 1omains D %li%' the domain name D 0ll :ost 9e%ords(B You will &e presented with a list o" "ields$ usually arranged into at least "our %olumns3 :ost -ame$ 4P 0ddress$ 9e%ord !ype$ and !!L( 4n the :ost -ame "ield #X#$ put your stati% 4P address in the %orre%t "ield$ and set the re%ord type as #0#( !his will allow people to rea%h your we&site &y visiting http3EEmydomain(%om( 4" there is a "ield "or #www# hostname$ or i" you %an %reate one yoursel"$ do the same "or an 0 re%ord with your same 4P address( !his will allow people to rea%h the same site when going to http3EEFwwwF(mydomain(%om as well( )inally$ we will set our domain up "or mail( !here should &e a se%tion "or #2, 9e%ords# or #2ail Settings(# !he hostname should &e #mail#$ the 4P address mat%hing your stati% 4P$ and the #2, Pre"# should &e #10#( *hen an email server wants to "orward you an email$ they will %he%' this re%ord and see your 4P$ allowing them to a%tually ma'e the %onne%tion &etween servers and deliver the message( *ith the %orre%t settings ena&led$ and the 4nternet ready to wel%ome our server$ you are ready to start assem&ling the server itsel"( 7% +.+. Asseb)e 6our 1C .... !sse"b)e Four 8C !his se%tion will &e in%luded in guide version 1(P$ due out in 2ay 201( 7$ +.-. Insta))in% ,buntu Server ..?. Insta))in' <buntu Serer %.&.1 - Download Ubuntu 0er6er 1ownloading U&untu Server is a snap3 you merely have to %hoose the version that is right "or you( !here are usually two di""erent versions availa&le at any given moment3 the most up-to-date version A%urrently 12(10B or the %urrent Long-!erm Support AL!SB version$ whi%h is presently 12(0L(1( 4t is usually a good idea to sti%' with the L!S version$ as long as it is re%ent( !his guarantees that you will &e a&le to get support through >anoni%al AU&untuB "or the "orseea&le "uture$ should you have a pro&lem with the spe%i"i% version you are using( !hough this means you will not get the latest and greatest updates "rom U&untu$ on server distri&utions this is usually not a pro&lem( :ead to U&untu Server/s download page and sele%t the version that wor's &est "or you( 2a'e sure to %hoose the %orre%t ar%hite%ture A2-&it or UL-&itB &ased on your server( +n%e you have the iso in-hand$ &urn it to dis' with your pre"erred >1 &urning appli%ation( 4t is also possi&le to install U&untu via US5 drive( %.&.2 - Installing Ubuntu 0er6er 4nstalling U&untu Server is 6ust as easy as installing U&untu/s des'top version$ &ut there are Ao" %ourseB di""erent options you will need to %on"igure( 0lso$ the installer is only availa&le in a text-&ased menu "ormat( You will &e a&le to use the SP0>< 'ey to mar' sele%ted option &uttons or %he%'&oxes$ and !05 to move &etween "ields$ 6ust li'e in any other graphi%al appli%ation( Load your install >1 into your server$ and &oot it up$ a"ter having made sure that your >1E1=1 drive is higher in the &oot order list( >hoose your language and the o&vious options "rom the s%reen that %omes up( 4t will as' you more .uestions &ased on your language$ lo%ale and other pre"eren%es( 7/ +.-. Insta))in% ,buntu Server 0"ter this it will attempt to dete%t your hardware settings and will as' you i" you wish to use 1:>P( 4" your server is %onne%ted to a networ' that has a router$ %hoose to use 1:>P "or now( 4" not$ %hoose #>on"igure the networ' manually# and you will have the option to set your desired stati% 4P$ su&net and gateway settings( 0"ter the install$ we will wal' through spe%i"i% networ' settings to ena&le &ased on your %on"iguration( Set the hostname and time7one in"ormation as per your pre"eren%es( 72 +.-. Insta))in% ,buntu Server -ext the installer will ta'e you to the dis' %on"iguration menu( You will most li'ely want to %hoose #Guided - use entire dis'#( 4" this system will &e running virtual ma%hines or will share dis' spa%e with other operating systems$ %hoose #2anual# and %reate a partition "or #E# that re"le%ts the si7e you want your server storage to have( 77 +.-. Insta))in% ,buntu Server 0"ter this$ your &ase system will &e installed3 -ext$ you will set up a &ase user and %hoose its password$ as well as setting the administrative password "or the root userK then you will &e as'ed i" you want to en%rypt the :ome dire%tory on the server( Unless you have extremely sensitive se%urity %on%erns$ 4 would not &other with en%rypting the home dire%tory on a server( *e will &e en%rypting our &a%'ed-up data &e"ore we pla%e it on the server anyway( !hen you will &e as'ed to %hoose how you want to re%eive your updates3 either manually or automati%ally( >hoose &ased on your pre"eren%e( 4t is o"ten %onvenient to have your server automati%ally re%eive se%urity updates$ so you don/t need to worry a&out it( 7* +.-. Insta))in% ,buntu Server )inally$ you will &e as'ed whi%h so"tware pa%'ages should &e installed &y de"ault3 1( 5*enSS7 Serer3 4t is highly re%ommended that you %hoose this( !his will allow you to remotely a%%ess your %omputer "rom other ma%hines$ either on the lo%al networ' or on the 4nternet( *e will explain this in the next %hapter$ (P( 2( DAS Serer3 !his is only ne%essary i" you are going to use your server as a networ' %ontroller and router( *e go over this in %hapter (U( ( 1!%8 Serer3 !his will install 0pa%he Awe& serverB$ 2ySHL A%ontent pu&lishing plat"orms li'e *ordpress or 1rupalB$ and P:P Ane%essary "or almost any we&site appli%ationB( *e will review these in %hapter (;( L( %ai) Serer3 4nstalls Post"ix and 1ove%ot "or mail storage and transmission( *e go over these in %hapter (Y( 7< +.-. Insta))in% ,buntu Server P( 8ost'reSD1 Database3 !his is another type o" SHL server( You should only %hoose to install it i" the program you want to run expli%itly re.uires it( U( 8rint Serer3 Use this i" you will &e %onne%ting a printer to this %omputer and would li'e to share it on your networ' "or other devi%es to use( Y( Sa"ba Fi)e Serer3 Use this i" you have *indowsE0pple devi%es on your networ' that you will want to share "iles or media with( *e will go over this in %hapter (11( ?( To"(at 3aa Serer3 !his is "or Java so"tware hosting and development$ you will not need it unless you are a Java developer( ;( Virtua) %a(hine 7ost3 Use this i" you will &e running virtual ma%hines A=2sB with this server "or various reasons( =2s will &e explained in the appendix %hapter (12( 0nd with that$ your %omputer will re&oot$ and you will &e prevented with your shiny-new login prompt3 7> +.-. Insta))in% ,buntu Server !his &ase system wor's a%%ording to the Linux %ommand-line rules that were explained in se%tion 2( 4t has no graphi%al user inter"a%e( !he goal o" this guide is to get you up-to-speed and %om"orta&le with editing the "eatures o" your system without needing to rely on graphi%al inter"a%es( %.&.% - Basic 4etwor5 0etu! 0t this point we will set up our server so that it has &asi% %onne%tivity to the 4nternet( )rom there$ we will &e a&le to set up appli%ations &ased on our individual pre"eren%es in the "ollowing %hapters( 5elow we will explain how to set up your server to %ommuni%ate with the 4nternet on one port$ and with an internal networ' on the other( *e will assume that #eth0# %orresponds to the port %onne%ted to our internal networ' hu& or a%%ess point$ and #eth1# %orresponds to the port dire%tly %onne%ted to our 1SLEsatelliteE%a&le modem( 4" you have your server &ehind a router or other "irewall whi%h is handling your %onne%tion Aand you will not &e using the server itsel" as a router or "irewallB$ you will need to assign the server a Stati% 4P address on your router( !his is ne%essary "or various reasons( You will need to "orward ports to your server "or every servi%e you will want to run "rom it$ i" you want to &e a&le to rea%h them "rom the outside( 5e%ause o" this$ you will need to have the server on an internal stati% 4P address that does not move$ lest your running servi%es &e interrupted( 4n the steps &elow$ you will also want to s'ip any settings "or #eth1# as they do not apply( )irst$ you need to "igure out the names o" your networ' inter"a%es( 2ost o" the time this will &e #eth0# andEor #eth1$# &ut to &e sure$ run ip addr( 4t will list the di""erent inter"a%es you have( 4" you have two networ' inter"a%es$ ma'e sure you 'now whi%h port %orresponds to whi%h &y %onne%ting them to di""erent devi%es and monitoring how the ip addr entries %hange( 4t is strongly re%ommended that you avoid running a server on a wireless inter"a%e Awlan0B( )or per"orman%e$ sta&ility and %ompati&ility reasons$ this is simply 6ust a &ad idea( !his guide will not provide in"ormation on %on"iguring servers %onne%ted wirelessly( *- +.-. Insta))in% ,buntu Server !o set your server with a stati% 4P address$ open the "ile /ec/newor'/inerfaces and addE%hange the "ollowing lines3 auo eh0 iface eh0 ine saic address 10.0.0.5 nemas' 255.255.255.0 gaeway 10.0.0.1 !he #Gateway# should mat%h the internal 4P address o" your internet-"a%ing devi%e Ain most %ases$ your routerB( 4" this server is a%ting as a routerE"irewall and is dire%tly %onne%ted to the internet with another ethernet port$ set the gateway to &e the same as the #address(# !he netmas' will li'ely &e #2PP(2PP(2PP(0#$ or a E2L su&net( 2a'e sure the 4P address you %hoose is on the same su&net as your existing networ'( !hat is$ i" your other devi%es all operate with 4P addresses li'e 1;2(1U?(0(x$ your server will need to &e a stati% address in this range$ :+*<=<9 it must &e esta&lished outside o" your router/s 1:>P address pool( Use your router/s manual or online support to determine how to reserve a stati% 4P address "or a devi%e( -ow we will add a se%tion to the same "ile "or our other ethernet inter"a%e$ eth1( !his port will &e dire%tly %onne%ted to our 1SLE%a&le modem and will handle all internalEexternal re.uests "or the 4nternet3 auo eh1 iface eh1 ine saic address 10.0.1.1 nemas' 255.255.255.248 !he #address# "ield will mat%h the external stati% 4P address provided &y your internet servi%e provider( !he #netmas'# must re"le%t the netmas' o" the stati% 4P range you were given( 4" this is 6ust one 4P address$ the netmas' will &e 2PP(2PP(2PP(2P2K i" you re%eived a Su&net "rom your 4SP Ali'e E2LB$ you %an %onvert that num&er to a netmas' with this %al%ulator( 0"ter setting these items$ you will need to toggle the inter"a%e &e"ore the new settings ta'e e""e%t( 9un sudo ifdown eh0 then sudo ifup eh0 to %y%le the %hanges( *1 +.-. Insta))in% ,buntu Server 4" your internet-"a%ing ethernet port is %onne%ting to a 1SL modem$ %he%' to see i" you %onne%t to your 1SL server via PPPo<( 4" this is the %ase$ you will need to set up this ethernet port to %onne%t to your modem via PPPo<( )ollow the modem/s manual or online support page to set it in #&ridge# mode$ then "ollow the U&untu PPPo< guide to set up the %onne%tion on your internet-"a%ing ethernet port(
%.&.& - $urther 1eading U&untu 4nstallation Guide U&untu Server Guide - -etwor' >on"iguration *% +.0. Gettin% In4 ,sin% SS8 and 92C ..@. Gettin' InB <sin' SS7 and VAC -ow that we have our server assem&led and our +S installed$ we must ma'e sure we %an get inside8 SS: is a proto%ol "or se%ure %ommuni%ation &etween systems( 4t %an &e used "or a wide variety o" things$ "rom exe%uting %ommands on remote systems$ to getting a remote terminal prompt on your lo%al %omputer$ to even running visual programs on a remote %omputer$ &ut redire%ting them to show up on your lo%al %omputer/s s%reen A, "orwardingB( )or the purposes o" this guide$ we will want to set up SS: and get %om"orta&le with using the terminal remotely( 4" you are running a headless server$ this is going to &e your &est "riend( %.'.1 - Install )!en009 >han%es are that our U&untu Server %ame with +penSS: already installed Athat/s how important it is8B$ &ut in the o""-%han%e it hasn/t$ "ire up your trusty-dusty pa%'age manager and install it3 sudo ap-ge insa11 openssh-server 2ost o" the %on"iguration "or +penSS: is stored in /ec/ssh/sshd_config( !his is your "irst stop "or any additional %on"iguration options$ su%h as denying root login or allowing pu&li%-'ey authenti%ation( !he great thing a&out SS: is that Ain most %asesB it wor's right out o" the &ox( )irst$ ma'e sure the server is running3 sudo service ssh resar -ext$ on your lo%al %omputer$ ma'e sure you have a valid SS: %lient( A!his is the pa%'age openssh-c1ien on U&untu(B !o test your setup$ use the "ollowing %ommand with the %orre%t in"ormation3 ssh $username@$ip-address *$ +.0. Gettin% In4 ,sin% SS8 and 92C 0"ter this you will get a prompt as'ing "or your password( +n%e you enter it$ you should get a %ommand prompt as i" you were using the terminal on your server lo%ally( =oila8 !ype #exit# when you want to get &a%' to your lo%al %omputer/s %ommand prompt( %.'.2 + 0ecuring 009 /o Root Logins0 4n its %urrent state$ your SS: is a%tually .uite ris'y( Unless you laugh in the "a%e o" danger$ you will want to ta'e some steps to se%ure it( )irst$ we will prevent root SS: logins to our server( !his is a popular line o" atta%' Z people As%riptsB hoping to "ind 6ust that one server that got lax and la7y with its %on"iguration( *e won/t "all "or that$ o&viously( <dit your /ec/ssh/sshd_config "ile and %hange the "ollowing line3 RermiRooLogin No ((( then restart your SS: server( 4" you need to SS: into your server and %hange "ilesE%on"igurations that re.uire root a%%ess$ then you %an SS: in as your normal user and use suEsudo$ 6ust li'e you would i" you were wor'ing dire%tly( . 1ey etup *hat "ollows is %ompletely optional &ut highly re%ommended( !here is a way to set up a %ryptographi% 'ey %alled an ISS: 'eyJ that will allow our %omputer to handle SS: %onne%tions without needing you to enter your password( !here are two main reasons why people opt to use SS: 'eys3 1( Se(urity - <ven i" you have what you might %onsider to &e a IgoodJ password$ i" somehow that password is guessed or %ompromised than there is a lot o" potential ris'( *ith an SS: 'ey$ you %an a%tually turn o"" password logins$ meaning that people */ +.0. Gettin% In4 ,sin% SS8 and 92C remotely won/t even get a %han%e to try to %ra%' your password( 4" they don/t have your SS: 'ey$ then they/re out in the %old( 2( 1aziness Z Li'e 4 said$ SS: 'eys allow you to SS: to your remote ma%hine without having to use your password( So i" you are someone who needs to SS: to your server "re.uently$ it %an &e a pain having to enter your password every so o"ten( 2u%h easier to let your SS: 'ey do the tal'ing "or you Z i" your %omputer %an produ%e the right 'ey$ the server will never as' you "or a login password( *hen you %reate an SS: 'ey$ you are %reating two "iles3 a *riate 'ey and a *ub)i( 'ey( !he private 'ey is the a%tual "ile that is used to authenti%ate you( !he pu&li% 'ey %ontains a string that the server %an use to %ompare with the private 'ey and veri"y i" it/s really you trying to login( !he private 'ey is the one you do not want to lose( !o %reate an SS: 'ey$ run the "ollowing %ommand on your ()ient ma%hine3 ssh-'eygen - rsa !his will as' you a "ew .uestions( )irst$ go ahead and save it in the de"ault lo%ation( Se%ond$ it/s a good idea to enter a passphrase with whi%h to unlo%' your SS: 'ey( !his is intended to provide a good last line o" de"en%e3 should your SS: 'ey somehow to "all into the wrong hands$ they still won/t &e a&le to get into your server( A1on/t worry$ i" you set a passphrase here$ you %an still set it to automati%ally unlo%' itsel" on your own %omputer via ssh- agen(B 0"ter you/ve %reated your 'ey and given it a passphrase$ run the "ollowing %ommand with the %orre%t in"ormation in pla%e to upload it to your server3 ssh-copy-id $username@$servername !his %opies your pu&li% 'ey to an Iauthori7ed 'eysJ list$ telling your server that whi%hever %omputer SS:es in with your private 'ey in hand %an &e trusted( !he neat thing a&out this is that you %an put your SS: private 'ey on any %omputer you own Aeven your 0ndroid smartphoneB and &e a&le to gain password-less a%%ess to your server( *hen you test your SS: %onne%tion$ your %lient will automati%ally use your SS: 'ey( 4t should only as' you "or your passphrase the "irst timeK i" not$ run the %ommand Mssh-addM and it should &e permanently added to your Mssh-agentM( *2 +.0. Gettin% In4 ,sin% SS8 and 92C 4t should go without saying that it/s very important this 'ey &e 'ept se%ure( 4 would re%ommend storing a &a%'up on a US5 'ey that you %an hide somewhere in your home with your personal "iles( 0nd i" you store it anywhere else on your %omputerEserver$ li'e in a &a%'ups "older$ ma'e sure you store it in an en%rypted ar%hive Asee the %hapter on 5a%'ups "or how to do thatB( Use Your . 1ey 'n 'ther (e)ices 4" you wish to use your SS: 'ey on((( (((+ther Linux ma%hines 5- 2a% +S ,3 >opy RE(sshEid[Qrsa and RE(sshEid[Qrsa(pu& to the same "older on your other Linux %omputer( 9un Mssh-add$M then voila( (((0 *indows %omputer AhisssssssB3 1ownload Pu!!Y( <nter your hostnameE4P in the "irst se%tion$ then %hoose ISS:(J 4n the menu on the le"t$ %hoose SS: D 0uth( 5rowse to the lo%ation o" your private 'ey$ %li%' +G and start the session( (((an 0ndroid phone3 >opy your idQrsa "ile to your phone Ain a pre"era&ly se%ure lo%ationB via your "ile trans"er method o" %hoi%e( 1ownload >onne%t5ot "rom the Play Store and install it( +pen the app$ press 2enu and %hoose I2anage Pu&li% Geys(J Press 2enu and %hoose I4mport$J then &rowse to the lo%ation o" the "ile and %hoose it( -ote that when you %reate a new %onne%tion$ you %an hold down the line in the list and %hoose <dit Server$ then expli%itly set that you wish to use the 'ey "or that %onne%tion( !his provides the &est results(
%.'.% - Install :4C =-> is another way to remotely gain a%%ess to your %omputer( *here SS: gets you into the terminal$ =-> is a more dire%t approa%h( 4t resem&les the #9emote 1es'top# appli%ation on *indows systems( !his proto%ol is only worthwhile "or servers with graphi%al inter"a%es$ li'e the "ull version o" U&untu( 4" you are using the U&untu Server we have &een tal'ing a&out$ you will &e &etter o"" sti%'ing to SS:( U&untu %omes with a &uilt-in =-> server %alled vino( 4t is ena&led &y de"ault( *7 +.0. Gettin% In4 ,sin% SS8 and 92C +n your lo%al ma%hine you will need a =-> viewer( U&untu has one &uilt-in named vinagre that will wor' ni%ely "or our purposes( )rom the %ommand line$ enter the "ollowing with your server/s 4P address3 vinagre 192.168.0.1 *hen it %omes to se%uring your =-> %onne%tion$ the &est way to do that is to run =-> over an SS: tunnel and &lo%' the =-> port AP;00B on your "irewall( *e will dis%uss port &lo%'ing and SS: tunnelling in %hapter (10( %.'.& - $urther 1eading +penSS: Server - U&untu Server A12(10B +""i%ial 1o%umentation sshQ%on"ig man page =-> - >ommunity U&untu 1o%umentation ** +.:. 8oe 2etwor$in%4 D8C1, D2S and 2AT ..I. 7o"e Aetwor&in'B D7C8, DAS and A!T )or those who will &e using their servers to manage their networ' Ain%luding as a "irewallB$ we will now &e setting up various servi%es allowing our internal networ' to use the 4nternet and various other servi%es hosted &y our server( %.;.1 - 0er6e 4etwor5 Clients 6ia D9C )irst$ install the 1:>P server "rom the U&untu pa%'age repositories( sudo ap-ge insa11 isc-dhcp-server -ow$ to %on"igure it$ we will %reate several %ustomi7ed entries in /ec/dhcp/dhcpd.conf to handle our setup( defau1-1ease-ime 432000, max-1ease-ime 604800, opion rouers 192.168.0.1, opion domain-name-servers 192.168.0.1, opion broadcas-address 192.168.0.255, opion subne-mas' 255.255.255.0, opion domain-name "$home.1oca1", subne 192.168.0.0 nemas' 255.255.255.0 { range 192.168.0.10 192.168.0.50, hos $myhos { hardware eherne xx:xx:xx:xx:xx:xx, fixed-address 192.168.0.x, opion hos-name "$Myhos", } } *< +.:. 8oe 2etwor$in%4 D8C1, D2S and 2AT -ow let/s wal' through these lines and "igure out what ea%h o" them does( defau)tH)easeHti"e and "a2H)easeHti"e govern how o"ten your %omputers will %he%' &a%' with the server to have their 4P address assignment renewed( !he "igure is in se%onds( 4n the ma6ority o" %ases$ you %an set this to &e a somewhat long time and there will &e no issues( 4" you set the leases to &e too short$ it may impa%t your networ' per"orman%e( L2$000 se%onds e.uals P days( o*tion routers and o*tionHdo"ainHna"eHserers needs to point to your server/s stati% 4P address$ that you gave it in the Server 4nstallation %hapter( o*tion broad(astHaddress is "or the internal networ' &road%ast address( !he last o%tet Aset o" num&ersB should always &e 2PP( 4" your networ' is in the 1;2(1U?(1(x range$ then %hange the 1( +therwise it should &e le"t alone( o*tion subnetH"as& should &e le"t at its de"ault$ 2PP(2PP(2PP(0( 4" you need a di""erent one$ it/s li'ely &e%ause you have a huge networ' with hundreds o" %omputersK i" that/s the %ase$ then you shouldn/t &e "ollowing this guide anyway 3B o*tion do"ainHna"e should mat%h what you %hose as your internal domain name( 4n most %ases$ #home(lo%al# will su""i%e( subnet 1J+.1IK.0.0 net"as& +@@.+@@.+@@.0 L &egins the se%tion that outlines the internal networ' we are now setting up( !he "irst 4P address A1;2(1U?(0(0B %om&ined with the se%ond num&er A2PP(2PP(2PP(0B means that all o" our %lients will have 4P addresses that &egin with 1;2(1U?(0$ 0-1 that we %an add any num&er at the end o" that "rom 0-2PL "or networ' %lients( ran'e 1J+.1IK.0.10 1J+.1IK.0.@0 is important$ &e%ause it tells the 1:>P %lient how many addresses in the 1;2(1U?(0(0 &lo%' it %an %laim as its own and assign to %lients( 4ts usually a good idea to have a &it more than you need hereK as you are not li'ely to have over 200 ma%hines on this networ'$ than you won/t &e needing to worry a&out spa%e( !he next nested se%tion Ahost M"yhostB is optional( 4" you want one o" your %omputers to always re%eive the same 4P address via 1:>P$ whi%h is %onvenient "or diagnosti% purposes and is re%ommended "or any other servers running on your networ'( 9epla%e the hostnames listed here with what they should &e "or that %omputer( Set the 20> address to the networ' adapter that the %omputer will %onne%t "rom( A+n Linux-&ased systems you %an usually "ind the 20> address &y running ip addr(B 0nd "inally$ don/t "orget to %lose out all the open se%tions you opened with #\# with a %orresponding #]#8 *> +.:. 8oe 2etwor$in%4 D8C1, D2S and 2AT +n%e your %on"iguration is in order$ start the server with sudo service isc-dhcp- server resar( Your devi%es will now &e a&le to %ommuni%ate with ea%h other on your networ'( 5ut don/t get too ex%ited yet8 !hey still won/t &e a&le to get internet a%%ess( )or this$ we will need to set up a gateway and -0! "orwarding with ipta&les$ then we will set our server to handle 1-S re.uests( %.;.2 - Gi6e Clients Internet .ccess with i!tables !he next step is to ena&le your server as an 4nternet gateway$ so that it will share its %onne%tion to devi%es %onne%ted to the internal networ'( !o do this$ we will &e using the ipta&les "irewall system( sudo ipab1es -A EORWAR -o eh0 -i eh1 -s 192.168.0.0/24 -m connrac' --csae NEW -j ACCERT sudo ipab1es -A EORWAR -m connrac' --csae ESTABLISHE,RELATE -j ACCERT sudo ipab1es - na -E ROSTROUTING sudo ipab1es - na -A ROSTROUTING -o eh0 -j MASQUERAE sudo ipab1es-save | sudo ee /ec/ipab1es.sav sudo sh -c "echo 1 > /proc/sys/ne/ipv4/ip_forward" #-o eth0# should mat%h your outside inter"a%e A%onne%ted to your modemB$ and #-i eth1# should mat%h your inside inter"a%e$ %onne%ted to your hu& or a%%ess point( Set your ipta&les %on"iguration to load at &oot &y editing /ec/rc.1oca1 and adding the "ollowing line3 ipab1es-resore < /ec/ipab1es.sav )inally$ edit /ec/sysc1.conf and un%omment the line that reads ne.ipv4.ip_forward=1( 0nd with that$ our ipta&les %on"iguration should &e wor'ing( *e will wor' more with ipta&les in the %hapter on "irewalling and se%urity$ (10( 0t this point your devi%es should now &e a&le to ping 4P addresses that are on the internet$ and view internet sites via 4P addresses( 5ut the "inal pie%e o" the pu77le %omes in handling 1-S re.uests( <- +.:. 8oe 2etwor$in%4 D8C1, D2S and 2AT %.;.% - 0et U! a 8ocal D40 0er6er 4n &rie"$ 1-S is the method that the 4nternet uses to translate 4P addresses to the domain names we are all used to typing in our &rowsers( *e 'now that every internet server has at least one 4P address$ and this is how it %an &e #"ound# online( 0nd 1-S is what is used to give these addresses a human-reada&le name( +ur server will &e set up "or 1-S "or two purposes3 Ca(hin'3 )or every page re.uest made to the 4nternet "rom one o" your %omputers$ the server will 'eep a %a%he o" its lo%ation data( You may noti%e that the "irst time you view a site$ it is o"ten slower to load than the su&se.uent times you visit it( !his is su&se.uently due to your %omputer #see'ing# the address o" the server the "irst timeK every time a"ter that$ it will remem&er where it went &e"ore( Setting your server to a%t as a 1-S %a%he lo%ally should improve internal networ' per"orman%e overall( Interna) !uthority3 !his 1-S server will 'eep tra%' o" the devi%e names on our networ'$ and allow other devi%es to &e a&le to "ind them &y those names( So i" you want to SS: to your %omputer in the other room$ you %an do so &y running ssh CompuerName instead o" having to 'eep tra%' o" its 4P address at any given time and running ssh 192.168.0.?( !he 1-S server we will use is %alled 54-1( 4nstall it &y running sudo ap-ge insa11 bind9( !o %on"igure 54-1 as a %a%hing nameserver$ edit /var/1ib/bind/named.conf.opions and %hange the "ollowing lines3 forwarders { x.x.x.x, x.x.x.x, }, !he x(x(x(x lines should mat%h the Primary and Se%ondary 1-S addresses given to you "rom your 4nternet Servi%e Provider( 4" you do not have any or do not 'now what they are$ you %an use ?(?(?(?$ whi%h "orwards to Google/s pu&li% 1-S servers(
-ow we will set up our 1-S server to a%t as our internal networ'/s authority( !his %omes via setting up two 7one"iles( >reate a "ile named /var/1ib/bind/db.home.1oca1( A>hange the trailing #home(lo%al# to whatever you de%ided your internal domain would &e earlier(B <1 +.:. 8oe 2etwor$in%4 D8C1, D2S and 2AT <nter the "ollowing in this "ile$ repla%ing the W values where appropriate <,><P! leave the W!!L and W+94G4- as they are3 $ORIGIN . $TTL 86400 $home.1oca1 IN SOA $myserver.home.1oca1. $username.home.1oca1. ( 2012112301 , seria1 28800 , refresh (8 hours) 14400 , rery (4 hours) 2419200 , expire (4 wee's) 86400 , minimum (1 day) ) NS $myserver.home.1oca1. MX 10 $myserver.home.1oca1. $ORIGIN home.1oca1. myserver A 192.168.0.1 1apop A 192.168.0.2 wor'saion A 192.168.0.3 phone A 192.168.0.4 xbox A 192.168.0.5 !he third line Astarting with #home(lo%al#B should "eature your internal domain( !he next &it Amyserver(home(lo%al(B should re"le%t your server/s hostname with the internal domain and a #(# appended to the end( !he last &it on this line Ausername(home(lo%al(B is a%tually an administrative email address - %hange this to mat%h the email you want to use "or this "ield$ ma'ing sure there is a #(# in the pla%e o" the #X#$ and a #(# at the end o" it all( !he -S and 2, lines should point to your server/s hostname and internal domain( !his is used to designate the server as the internal domain/s nameserver and main mail server( !he repeated entries &elow the se%ond W+94G4- tag are individual re%ords "or devi%es on the networ'( !hese are %alled #host entries(# 9emem&er when$ in our 1:>P %on"iguration$ we had the opportunity to reserve spe%i"i% addresses &ased on the 20> addresses o" our devi%es@ !hese same entries should &e repeated here$ with the a%%ompanying #0# tag in the middle( -ow we don/t need to add entries "or every possi&le devi%e we will have on our <% +.:. 8oe 2etwor$in%4 D8C1, D2S and 2AT networ' here3 in the next se%tion we will have 1:>P do this "or us( 5ut it is a good idea to in%lude your server in this list$ as well as anything you/ve given stati% or reserved 4P addresses( *henever you %hange a 7one"ile$ you "ust in%rease its serial num&er( 2any people use the date in YYYY2211 "ormat$ then a %ouple digits mar'ing the num&er o" the %hange you/ve made( !here are many other 'inds o" host entries you %an ma'e hereK "or in"ormation on them see the 54-1 lin's in the )urther 9eading se%tion(
-ow "or every 1-S 7one"ile we esta&lish$ we must have a %orresponding #reverse 1-S 7one"ile(# !his is "airly simple to doK %reate a "ile %alled /var/1ib/bind/db.192 and insert the "ollowing$ repla%ing the W values where appropriate <,><P! leave the W!!L and W+94G4- as they are3 $ORIGIN . $TTL 86400 0.168.192.in-addr.arpa IN SOA $myserver.home.1oca1. $username.home.1oca1. ( 2012112301 , seria1 28800 , refresh (8 hours) 14400 , rery (4 hours) 2419200 , expire (4 wee's) 86400 , minimum (1 day) ) NS $myserver.home.1oca1. $ORIGIN 0.168.192.in-addr.arpa. 1 RTR myserver.home.1oca1. 2 RTR 1apop.home.1oca1. 3 RTR wor'saion.home.1oca1. 4 RTR phone.home.1oca1. 5 RTR xbox.home.1oca1. <$ +.:. 8oe 2etwor$in%4 D8C1, D2S and 2AT !he #0# in #0(1U?(1;2(in-addr(arpa# re"ers to the third o%tet in your networ'/s 4P su&net( 4t assumes your networ' operates on the 1;2(1U?(0(0 range( 4" it is otherwise$ update this num&er a%%ordingly( -ow a lot o" these options are %ustomi7ed in the same way they are in the "irst 7one"ile we made$ &ut we %an see a pretty important di""eren%e when we get down to the host re%ords( !hey are in reverse order( !he last o%tet o" the 4P address "or ea%h devi%e Ae(g( the #1# in #1;2(1U?(0(1#B is pla%ed "irst$ "ollowed &y the #P!9# ApointerB "lag$ then the "ully-.uali"ied hostname with internal domain appended at the end( 9emem&er that you only need to %reate re%ords here i" you %reated them in your "irst 7one"ile$ and you don/t need to %reate re%ords "or every devi%e on your networ'( !o a%tivate these 7one"iles "or use in 54-1$ edit /ec/bind/named.conf.1oca1 and add the "ollowing lines3 zone "home.1oca1" IN { ype maser, fi1e "/var/1ib/bind/db.home.1oca1", }, zone "0.168.192.in-addr.arpa" { ype maser, fi1e "/var/1ib/bind/db.192", }, *hew$ are you still with me@ 1-S setups %an &e a real heada%he$ &ut i" you/ve made it this "ar with your sanity inta%t$ then you are almost ready to reap the rewards8 Start up &ind with sudo service bind9 resar( 0t this point$ your %lients should &e a&le to %onne%t to the 4nternet using regular ol/ domain names li'e usual( :ooray8 </ +.:. 8oe 2etwor$in%4 D8C1, D2S and 2AT %.;.& - .llow D9C to U!date D40 ,ntries -ow we %an not only use the 4nternet on our internal networ'$ we %an also %ommuni%ate with our stati% serversEhosts using their proper names( 5ut what i" you want to rea%h other devi%es &y their hostnames@ Say you have a "riend %ome over that/s &ringing his laptop$ and you want to set up a "ileshare on it and to rea%h that share via his laptop/s hostname( )or that$ we %an allow our 1:>P server to "et%h these names and update our networ'/s 1-S re%ords a%%ordingly( !his is done &y providing a se%ure so%'et "or the 1-S and 1:>P servers to %ommuni%ate on( )irst$ %hange the owner o" your 7one"iles to let 54-1 &e a&le to edit them at will3 sudo chown bind:bind /var/1ib/bind/* -ow we will generate a 'ey that will allow the two programs to %ommuni%ate se%urely &etween ea%h other( sudo ca Kdhcp_updaer.*.privae | grep Key >opy the output or write it downK we will need it soon( +pen up /ec/bind/named.conf.1oca1 again and add the "ollowing lines3 'ey HCR_URATER { a1gorihm HMAC-M5.SIG-ALG.REG.INT, Imporan: Rep1ace his 'ey wih your generaed 'ey. A1so noe ha he 'ey shou1d be surrounded by quoes. secre "asdasddsaasd/dsa==", }, *hile in named.conf.1oca1$ add the "ollowing line inside the &ra%'ets "or ea%h 7one you have de%lared there3 a11ow-updae { 'ey HCR_URATER, }, <2 +.:. 8oe 2etwor$in%4 D8C1, D2S and 2AT So we are set up on the 1-S end$ now let/s give 1:>P the other end( <dit /ec/dhcp/dhcpd.conf and add the "ollowing to the very top o" the "ile3 ddns-domainname "$home.1oca1.", ddns-rev-domainname "in-addr.arpa.", ddns-updae-sy1e inerim, ignore c1ien-updaes,
-ext$ add the "ollowing &e"ore the #su&net# se%tion3 'ey HCR_URATER { a1gorihm HMAC-M5.SIG-ALG.REG.INT, Imporan: Rep1ace his 'ey wih your generaed 'ey. A1so noe ha he 'ey shou1d be surrounded by quoes. secre "asdasddsaasd/dsa==", }, zone home.1oca1. { primary 127.0.0.1, 'ey HCR_URATER, } zone 0.168.192.in-addr.arpa. { primary 127.0.0.1, 'ey HCR_URATER, } 0%%ordingly$ we will allow the 1:>P server to write to its "iles3 sudo chown dhcpd:dhcpd /ec/dhcp/dhcpd.conf
9estart the servers with sudo service bind9 resar and sudo service isc- dhcp-server resar$ and it/s done8 <7 +.:. 8oe 2etwor$in%4 D8C1, D2S and 2AT 1on/t "orget to remove the 'ey "ile that we %reated$ Kdhcp_updaer.*( )rom now on$ i" you want to ma'e manual %hanges to your 54-1 1-S 7one"iles$ you will need to #"ree7e# them "irst( )ree7e it with sudo rndc freeze home.1oca1. and then you are "ree to ma'e your edits( +n%e %ompleted$ #thaw# the 7one"ile again &y running sudo rndc unfreeze home.1oca1. 0nd o" %ourse$ don/t "orget the #(# at the end8
%.;.' - $urther 1eading 1:>P AU&untu 1o%umentationB 54-1 >on"iguration AU&untu 1o%umentationB 4nternet >onne%tion Sharing AU&untu 1o%umentationB 1-S 9e%ord Updates via 1:>P - Lani/s *e&log <* +.;. 8ost 6our .ai)4 Settin% ,/ 1ostfi< and Dove&ot ..=. 7ost Four 0"ai)B Settin' <* 8ostfi2 and Doe(ot !here are two %omponents to the mail system we are going to &uild( !he "irst %omponent is *ostfi2( Post"ix is what we %all a #2ail !rans"er 0gent# A2!0B( 0n 2!0 is responsi&le "or transporting email &etween di""erent destinations( *hen you open your email appli%ation and send an email$ that do%ument gets trans"erred "irst to your email provider/s 2!0( !he 2!0 then parses the message "or a destination address$ loo's up its server/s lo%ation on the 4nternet$ then "a%ilitates the trans"er o" the message to that server( 0n 2!0 also handles in%oming email in the same way3 your 2!0 gets %onta%ted with a message "rom some&ody else$ then your 2!0 delivers the message to the 2ail 1elivery 0gent( !he 2ail 1elivery 0gent A210B is the se%ond part o" the mail system( +ur 210 is %alled doe(ot( !he 210 handles the storage and organi7ation o" your mail on%e it is re%eived( 4t may help to thin' o" it as su%h3 your 2!0 is your postman$ going "rom house to house and delivering the mailK the 210 is your mail&ox itsel"( %.<.1 - $irst 0te!s2 Install ost/i- *e will &egin with installing our 2!0$ Post"ix( sudo ap-ge insa11 posfix Post"ix %omes with a handy semi-graphi%al %on"iguration tool$ whi%h we will use to start( 9un the "ollowing3 sudo dp'g-reconfigure posfix )ill in the "ollowing details$ whi%h will mat%h our %on"iguration( 1( %ai) serer (onfi'uration ty*eB #4nternet Site#( 2( Syste" "ai) na"eB mydomain(%om ( -oot and *ost"aster "ai) re(i*ientB leave &lan' L( 5ther destinations to a((e*t "ai) forB 0dd mydomain(%om to the &eginning o" this %omma-separated list( P( For(e syn(hronous u*dates#B -o << +.;. 8ost 6our .ai)4 Settin% ,/ 1ostfi< and Dove&ot U( 1o(a) networ&sB <nter your 4P su&net that we pi%'ed in the -etwor'ing se%tion( Y( <se *ro("ai)#3 -o ?( %ai)bo2 size )i"itB #0# ;( 1o(a) address e2tension (hara(terB Leave as de"ault( 10( Internet *roto(o)s to useB all -ow we need a pla%e to put all that mail that/s sure to arrive( 4n this example we will use the 2aildir "ormat$ so run the "ollowing with your username in the pla%e o" Wusername3 sudo posconf -e 'home_mai1box = Mai1dir/' expor MAIL=/home/$username/Mai1dir sudo posfix resar 0nd with that$ we have a simple mail transport system running8 !a'e a moment to pat yoursel" on the &a%'( -ow we will test what we have 6ust set up( <nsure that post"ix is running with sudo posfix saus( 4" it/s not$ run sudo posfix sar. !hen open up e1ne and open a session to your lo%al S2!P port3 e1ne 1oca1hos 25 You/ll re%eive the "ollowing output and a prompt i" you have su%%ess"ully %onne%ted3 Trying 127.0.0.1... Conneced o mai1.mydomain.com. Escape characer is '^|'. 220 1oca1hos.1oca1domain ESMTR Rosfix (Ubunu) <> +.;. 8ost 6our .ai)4 Settin% ,/ 1ostfi< and Dove&ot !his prompt is a little di""erent "rom the standard %ommand$ as it only understands S2!P %ommands( 5ut not to worry - enter the "ollowing %ommands line-&y-line to send yoursel" a test message3 eh1o 1oca1hos mai1 from: roo@1oca1hos rcp o: $username@1oca1hos daa Subjec: My Rosfix Tes Tes Message 123 This is he body Goodbye . qui 2a'e sure to put your username in the right spot( 0lso$ that line right a&ove #.uit# is indeed 6ust a period( !hat tells post"ix that our test message is %omplete and ready to &e sent( -ow let/s see i" it wor'ed( 9un the mai1 %ommand and you should see the su&6e%t line o" your message( Press 1 and <nter to read it( Post"ix is aliiiiiiiiiiiiiive8 4n most %ases$ mail %lients will send their outgoing mail on port 2P( !his is the port that mail servers %ommuni%ate &etween ea%h other with to trans"er mail( :owever$ many mail %lients are set up &y de"ault to use port P?Y to send mail over Se%ure A!LSB S2!P( 4" you/d li'e$ you %an also ena&le this port in 1ove%ot &y editing /ec/posfix/maser.cf and un%ommenting the line that starts with #submission(# !o re.uire logins over !LS "or this port$ un%omment the #-o smpd_recipien_resricions# se%tion underneath #su&mission# and add rejec_sender_1ogin_mismach to the list(
>- +.;. 8ost 6our .ai)4 Settin% ,/ 1ostfi< and Dove&ot %.<.2 - 0etting U! 3ail 0torage with Do6ecot !his guide assumes that you want to run a mailserver "or personal use only( 4t will there"ore &ase your mail a%%ount o"" o" your login a%%ount( 4" you are planning on running a server "or others as well$ it would &e a good idea to set up virtual users$ instead o" setting up multiple users on your %omputer itsel" and potentially %ompromising it( !o ena&le virtual users$ "ollow the steps outlined in this guide$ then add the steps "ound here( +n U&untu Server$ there are two "lavours o" dove%ot3 doveco-imapd and doveco- pop3d. You %an install either or &oth i" you/d li'e( !hough the one you %hoose will depend on whi%h email proto%ol you would li'e to use "or remote %onne%tions( P+P is the older proto%ol$ whi%h operates &y downloading all email on a remote server to lo%al "olders and organi7ing them &y their type( P+P then deletes the original messages "rom your server$ leaving you with the %opies and "older organi7ation on your lo%al %omputer only( 420P$ on the other hand$ is a more ro&ust system and is re%ommended "or those who pre"er to have their mail syn%ed to multiple lo%ations A"or example$ on your laptop and on your mo&ile phoneB( 420P syn%s your mail&ox/s "olders &etween the %lient and the server( *henever you move an email &etween &oxes$ "or example$ 420P will syn% those %hanges to your email server in real time( You should &e a&le to see how this is &ene"i%ial to people who use their email on multiple devi%es3 no matter what you read or where you read it$ the email/s status and lo%ation %an &e syn%ed a%ross all o" your devi%es( So %hoose the versionAsB o" dove%ot you would li'e to install3 sudo ap-ge insa11 doveco-imapd Your main dove%ot %on"iguration "ile is stored at /ec/doveco/doveco.conf( 4n some versions o" the so"tware$ in%luding newer U&untu versions$ this "ile #in%ludes# other %on"iguration "iles stored elsewhere$ whi%h %an &e "ound in /ec/doveco/conf.d( *e will &e editing a variety o" "iles to get our mail storage system set up( Let/s start with setting up our 2aildir( !his is the spot where mail is temporarily stored as dove%ot routes it to its proper destination( >hange the mai1_direcory line in /ec/doveco/conf.d/10-mai1.conf Aor /ec/doveco/doveco.conf to mat%h3 mai1_1ocaion = mai1dir:/home/%u/Mai1dir >1 +.;. 8ost 6our .ai)4 Settin% ,/ 1ostfi< and Dove&ot -ow we will set up the mail storage hierar%hy and ena&le it "or use with the "ollowing %ommands$ again %hanging Wusername "or the appropriate value3 sudo mai1dirma'e.doveco /ec/s'e1/Mai1dir sudo mai1dirma'e.doveco /ec/s'e1/Mai1dir/.rafs sudo mai1dirma'e.doveco /ec/s'e1/Mai1dir/.Sen sudo mai1dirma'e.doveco /ec/s'e1/Mai1dir/.Trash sudo mai1dirma'e.doveco /ec/s'e1/Mai1dir/.Temp1aes sudo cp -r /ec/s'e1/Mai1dir /home/$username sudo chown -R $username /home/$username/Mai1dir sudo chmod -R 700 /home/$username/Mai1dir +n%e this is %omplete$ we are ready to start and test 1ove%ot( Start it with sudo service doveco sar( !hen open up a telnet with e1ne 1oca1hos imap( 4" you see something li'e this3 Trying 1oca1hos... Conneced o 1oca1hos. Escape characer is '^|'. +OK doveco ready. ((( then we are ready to go to the next step8 %.<.% - 0ecuring "our 3ail 07ste# !he importan%e o" running a sa"e and se%ure mail system %annot &e overstated( )or one$ you %ertainly don/t want your system to &e used to "orward spam o"" a%ross the internet( 4" your system allows spam to &e relayed then it %an even "ind its way onto a &la%'list$ meaning some providers %an re"use mail "rom your email a%%ounts8 0nd we %ertainly don/t want that( So it is very important that we se%ure our mail system( !o do this$ we will ena%t the "ollowing poli%ies3 >% +.;. 8ost 6our .ai)4 Settin% ,/ 1ostfi< and Dove&ot )irst %omes our Post"ix S0SL %on"iguration( !his is the me%hanism that Post"ix uses to se%urely authenti%ate users and servers( You will need to install the 1ibsas12-2, sas12- bin and 1ibsas12-modu1es pa%'ages( -ow$ open up /ec/defau1/sas1auhd and %hange the "ollowing lines3 START=yes should &e un%ommented 0dd or %hange the "ollowing lines3 RWIR="/var/spoo1/posfix/var/run/sas1auhd" RARAMS="-m ${RWIR}" RIEILE="${RWIR}/sas1auhd.pid" ORTIONS="-c -m /var/spoo1/posfix/var/run/sas1auhd" 9un the "ollowing %ommands to ena&le S0SL in your post"ix %on"iguration3 sudo posconf -e 'smpd_sas1_1oca1_domain =' sudo posconf -e 'smpd_sas1_auh_enab1e = yes' sudo posconf -e 'smpd_sas1_securiy_opions = noanonymous' sudo posconf -e 'bro'en_sas1_auh_c1iens = yes' -ext$ we will set the a%%ess restri%tions "or sending mail on our server3 sudo posconf -e 'smpd_recipien_resricions = permi_sas1_auhenicaed,permi_mynewor's,rejec_unauh_desinaion ' sudo posconf -e 'ine_inerfaces = a11' !his line tells Post"ix that our server will automati%ally a%%ept mail "rom authenti%ated users Ali'e your mail %lientB$ +9 on any devi%e %onne%ted to our own networ'$ &e%ause we 'now they %an &e trusted( )urthermore$ our server will outright re6e%t any mail sent to it that is not addressed to our domain +9 that is sent "rom our domain( )inally$ we will start up our S0SL authenti%ator &y running3 dp'g-saoverride --force --updae --add roo sas1 755 /var/spoo1/posfix/var/run/sas1auhd sudo service sas1auhd sar 0t this point$ were you to run e1ne 1oca1hos 25 and pass eh1o 1oca1hos$ you should re%eive 250-STARTTLS as one o" the responses( !hat means se%ure logins are now availa&le "or our outgoing mail server( >$ +.;. 8ost 6our .ai)4 Settin% ,/ 1ostfi< and Dove&ot -ext we will set up our mail storage system A1ove%otB to allow %lients to %onne%t to it in a se%ure way( !his will ena&le us to use en%rypted %onne%tions when we are away "rom home$ so no snoops will &e a&le to pi%' out our passwords when we %he%' our mail( <dit the /ec/doveco/conf.d/10-ss1.conf "ile$ and %hange the "ollowing lines3 ss1 = required ss1_cer_fi1e = /ec/ss1/cers/ss1-cer-sna'eoi1.pem ss1_'ey_fi1e = /ec/ss1/privae/ss1-cer-sna'eoi1.'ey 4" you are planning on running an email system "or multiple people$ it may &e a good idea to use a pur%hased SSL %erti"i%ate instead o" a sel"-signed %erti"i%ate( 4" not$ all o" your %lients will get #Untrusted# messages &e"ore using their email$ whi%h may &e unsettling( 4" you pur%hase these %erti"i%ates$ %hange the a&ove pointers to mat%h the lo%ation o" the appropriate %eri"i%ate and 'ey"ile on your system( )or more in"ormation on SSL %erti"i%ates$ %he%' out the L1P page on the su&6e%t$ or see %hapter (? to hear them explained in the %ontext o" we& servers( *ith this$ 1ove%ot will re.uire its %lients to authenti%ate themselves se%urely( You %an now test your system &y opening up your mail %lient o" %hoi%e and adding your mail a%%ount( <nter the username and password o" your user a%%ount on the server that you want to use( Set mail(mydomain(%om as &oth your in%oming A420PB and outgoing AS2!PB mail server( 2a'e sure 420P is using port 1L$ and S2!P is using port 2P or P?Y$ whi%hever you %hose in the Post"ix %on"iguration(
%.<.& - $urther 1eading Post"ix 1o%umentation 1ove%ot *i'i >/ +.=. 8ost a Website with A/a&he and 181 ..K. 7ost a Website with !*a(he and 878 !*a(he is a "ree we& server daemon that will ena&le you to host a wide array o" we&sites$ "rom simple landing pages "or your %onta%t in"ormation and resum^$ to large e-%ommer%e sites or %ontent plat"orms( !ogether with %ySD1 data&ase management$ 878 s%ripting$ and - o" %ourse - 1inu2$ the #1!%8# sta%' is a popular starting &ase "or running a wide variety o" we& appli%ations and plat"orms( *e will start our we& hosts/ %on"iguration with 0pa%he( 0pa%he/s versatility is one o" its &est assets( 4t supports a range o" modules that %an &e added on to expand its usa&ility "or di""erent servi%es or appli%ations( -ew sites %an &e set up very easily$ with the .ui%' %reation o" =irtual:ost "ile you %an &e up and running in se%onds( 0s a result this may &e one o" the shortest guides on the site8 %.=.1 - Installing a!ache2 +n our U&untu server$ 0pa%he was most li'ely installed &y de"ault when we %hose to install our L02P server( 4" "or some reason you have no "iles under MEet%Eapa%he2M$ you %an install 0pa%he &y running3 sudo ap-ge insa11 apache2 +n%e 0pa%he is installed$ ma'e sure it is running with sudo service apache2 resar( You will &e greeted with a lovely message li'e I4t wor's8J i" you navigate your we& &rowser to the 4P address o" your server( 0t this point you have a very &asi% we& server( 4" you 'now :!2L$ you %an %reate pages and pla%e them in your de"ault we& dire%tory$ /var/www$ and they will show up when you navigate to your domain name or 4P address( !o %reate separate sites on di""erent su&domains or "or di""erent servi%es$ you %an %reate =irtual:ost "iles to manage them( 4t will also allow you to a%tivate or dea%tivate these sites in a modular way i" you need to do some de&ugging( =irtual:ost "iles are stored in /ec/apache2/sies-avai1ab1e( !hey %an &e ena&led with sudo a2ensie $siename and disa&led with sudo a2dissie $siename( >2 +.=. 8ost a Website with A/a&he and 181 !his is a sample "ormat "or a =irtual:ost "ile3 <Virua1Hos *:80> ocumenRoo /www/examp1e1 ServerName examp1e.com ServerA1ias www.examp1e.com # Oher direcives here </Virua1Hos> Do(u"ent-oot is the physi%al lo%ation on your server that has the :!2LEP:PEwhatever "iles to &e served( SererAa"e is one o" your domains$ &ut it %an also have a su&domain atta%hed( )or example$ i" you wanted to host a site only to &e seen at http3EEse%retsite(mydomain(%om$ you %ould put #se%retsite(mydomain(%om# as your Server-ame( Serer!)ias ma'es a site availa&le on more than one domain or su&domain( !here are plenty o" other parameters "or =irtual:ost "iles that you %an use( See an intro to some o" them at 0pa%he/s do%umentation site( *hile we %an now set up we&sites via 0pa%he with no pro&lem$ it/s most li'ely that you will want to use another plat"orm to manage your %ontent$ su%h as *ordpress or 1rupal( !hese will allow you to automati%ally add &logs$ photo galleries and other %ontent to your site via a %lean inter"a%e and no %oding re.uired( )or those$ we will need to assem&le the next %omponents o" our L02P sta%'( >7 +.=. 8ost a Website with A/a&he and 181 %.=.2 - .dding Databases and 9 %.% P:P is easy to install in 0pa%he( !o do so$ run3 sudo a2enmod php then restart 0pa%he3 sudo service apache2 resar *ith that$ your 0pa%he server will &e a&le to parse and serve P:P "iles as normal( My2L -ext$ we %an get to setting up our data&ases( !here are many di""erent data&ase systems out there$ this guide %an/t possi&ly %over them all( :owever$ 2ySHL is the data&ase system that is most "re.uently used "or popular we& appli%ations and plat"orms( 5oth *ordpress and 1rupal use 2ySHL( 2ySHL should have &een installed with our U&untu Server$ &ut i" not you %an install it with3 sudo ap-ge insa11 mysq1-server 1uring the installation$ you will &e given the opportunity to set a root password "or the 2ySHL user( Set this to something se%ure &ut a%%essi&le$ as we will need it later to %on"igure our data&ase( phpMyAd*in *e will now install php2y0dmin$ whi%h is a visual "ront-end to 2ySHL and will allow us to easily set up data&ases "or our we& apps( 9un the "ollowing3 sudo ap-ge insa11 phpmyadmin >* +.=. 8ost a Website with A/a&he and 181 4t will as' you what server to use( >hoose 0pa%he$ as that is what we are using as a we& server( -ext$ head to http3EEWyour-ip-addressEphpmyadmin and we will %ontinue our %on"iguration "rom there( Log in using #root# as the username$ and the root password we %hose earlier( You will &e greeted with a similar landing page3 )rom here you will &e a&le to add new data&ases and users as ne%essary( 4n &rie"3 !o add a new data&ase$ %li%' #1ata&ases#$ and near the top o" the s%reen you will see a "ield to enter a name and a >reate &utton "or your new data&ase( !o add a new user$ whi%h is re%ommended "or most apps instead o" giving them root data&ase a%%ess$ %li%' #Privileges$# then #0dd a new User(# You will &e a&le to assign this user a spe%i"i% data&ase( !hen you %an use this user/s name and password when your appli%ation needs data&ase a%%ess( >< +.=. 8ost a Website with A/a&he and 181 -ow that we 'now the &asi% ins and outs o" our 2ySHL setup$ we are ready to install a we& appli%ation "or our new server( You %an %hoose any plat"orm you li'e &ased on your needs and what you a%tually want to do with your server( 0s an example %ase$ we will go through the installation o" *ordPress$ a simple and easy-to-use &logging plat"orm( %.=.% - ()!tional* Install and 1un Wordress *ordPress$ the wildly popular and e""ortless &logging plat"orm$ is availa&le "or installation in the U&untu repositories( :owever$ the versions that are usually %arried in distri&ution repositories are o"ten out-o"-date &y at least a "ew versions( 4n order to have the most se%ure and %utting-edge experien%e$ we will download the sour%e "rom *ordPress dire%tly$ then install it to our we&server( Un7ip the install pa%'age to a "older o" your %hoosing under /var/www( 4" you want the &log to &e at the &ase o" your we&server$ su%h as http3EEmydomain(%om with no su&domains or su&"olders re.uired$ it is +G to un7ip the pa%'age to the &ase /var/www dire%tory( 0"ter un7ipping$ you will need to set up a 2ySHL data&ase and user that your *ordPress installation %an use( Go to http3EEmydomain(%omEphpmyadmin$ login with your root %redentials$ and set up a data&ase using the instru%tions "ound in (?(2( !he data&ase %an &e named anything &ut usually 6ust #wordpress# su""i%es( 0"ter that$ set up a user Anamed anything$ &ut #wp# seems to &e a de"aultB( !he user should have a%%ess to the new #wordpress# data&ase( -ow we are ready "or *ordPress/ #)amous )ive-2inute 4nstall(# 4t might even ta'e less time than that8 +pen up your we& &rowser and go to http3EEmydomain(%omEwp-adminEinstall(php and "ollow the on-s%reen instru%tions( 4" you installed your *ordPress "iles to a di""erent lo%ation$ head there$ &ut ma'e sure you append /wp-admin/insa11.php to the end( 4t %ouldn/t &e more simple to get up and running( )rom there$ you %an %ustomi7e the themes and modules o" your *ordPress install to your hearts/ %ontent( 4" you/d li'e more in"ormation on what you %an do with *ordPress$ head to its we&site( >> +.=. 8ost a Website with A/a&he and 181 %.=.& - Using 008 /or Trusted Connections About L Certificates !his step is also optional &ut it is highly re%ommended$ espe%ially "or any sites that will re.uire logins or a%%ess to potentially sensitive in"ormation( SSL is a method "or we& &rowsers to en%rypt %onne%tion data &etween the %lient Ayour %omputerB and the sour%e Athe server you/re trying to a%%essB( SSL %an &e "ound in use all over the we&$ nearly anywhere you need to login with something( 0ny address rea%ha&le or shown as #:!!PS# indi%ates a site that is %ompati&le with SSL( )rom a priva%y and se%urity standpoint$ it is a &est pra%ti%e to use SSL wherever possi&le( Perhaps the most su&stantial &arrier to the adoption o" SSL se%urity to we&sites is the trust relationship it re.uires o" your site( >urrently$ one %an reap the se%ure &ene"its o" SSL &y using de"ault #SSL %erti"i%ates# that one %an generate themselves on their server( :owever$ in order to have an SSL %erti"i%ate that provides trust -- trust that your we& server is who it says it is -- an SSL %erti"i%ate must %ome "rom an external sour%e %alled a >erti"i%ate 0uthority( ;;V o" the time$ these %erti"i%ate authorities %harge "or SSL %erti"i%ates$ o"ten an arm and a leg( 4" you end up using a sel"-generated %erti"i%ate instead$ &rowsers will pop up with messages li'e #Untrusted SSL >erti"i%ate# and advise that you not pro%eed( !his is o&viously not an ideal system &ut it is the one we are stu%' with at the moment( !he summary o" this story is that SSL is very important i" you are going to &e doing any logging-in or ex%hanges o" sensitive in"ormation via your we& server( Sel"-generated SSL %erti"i%ates are 6ust "ine "or personal use$ as you %an easily &ypass the Untrusted SSL >erti"i%ate messages yoursel" and still &e a&le to use the en%ryption "eatures it provides( :owever$ i" you plan on o""ering any servi%es whatsoever to other people$ su%h as shared email hosting "or your organi7ation or a %loud plat"orm "or your "amily$ it is advised that you pur%hase an SSL %erti"i%ate "or use in your we&site( 1-- +.=. 8ost a Website with A/a&he and 181 %roducing a Certificate igning Re3uest *hether you are loo'ing "or a sel"-signed %erti"iate +9 loo'ing to pur%hase one "or general servi%e$ you will need to generate a >erti"i%ate Signing 9e.uest A>S9B( !his is a "ile that will %ontain all the data a >erti"i%ate 0uthority needs to %reate our personali7ed %erti"i%ate( )irst$ we have to %reate a private 'ey "or our server to generate these re.uests with( -ote that i" you already have a private 'ey on your server "or %erti"i%ate re.uests or generation Agenerated "or Post"ix$ "or exampleB then you do not need to %reate another( openss1 genrsa -des3 -ou server.'ey 1024 2a'e sure you save this "ile in a very sa"e lo%ation$ as you should 'eep it "or "uture %erti"i%ate re.uests( -ow %omes the time "or our >erti"i%ate Signing 9e.uest3 openss1 req -new -'ey server.'ey -ou server.csr +penSSL will as' you several .uestions at this point$ whi%h should &e tailored to your situation( !hese .uestions will in%lude3 Counry Name (2 1eer code) [GB|: Sae or Rrovince Name (fu11 name) [Ber'shire|: Loca1iy Name (eg, ciy) [Newbury|: Organizaion Name (eg, company) [My Company Ld|: Organizaiona1 Uni Name (eg, secion) [|: Common Name (eg, your name or your server's hosname) [|: Emai1 Address [|: R1ease ener he fo11owing 'exra' aribues o be sen wih your cerificae reques A cha11enge password [|: An opiona1 company name [|: You will need to set the #>ommon -ame# as the "ully-.uali"ied name o" the domain you wish to se%ure( 4" you wish to se%ure the &ase o" your we&site lo%ated at http3EEmydomain(%om$ you %an simply enter #mydomain(%om(# :owever i" you want to 1-1 +.=. 8ost a Website with A/a&he and 181 se%ure a su&domain li'e my&log(mydomain(%om$ you would need to enter #my&log(mydomain(%om# here( You will need di""erent %erti"i%ates "or di""erent su&domains in the ma6ority o" %ases( 4" you are o&taining a wild%ard %erti"i%ate Aand you 'now what that isB$ you %an enter #F(mydomain(%om# here( +n%e you/ve answered the a&ove .uestions$ your >S9 will &e generated( 0t this point$ you %an either sel"-sign it "or your own use$ or you %an send it to a >erti"i%ate 0uthority to pur%hase a %erti"i%ate( 'ption 4 5 Creating a elf5igned Certificate *ith your server 'ey and >S9 in hand$ run the "ollowing to generate a %erti"i%ate( 4t/s generally a good idea to set a time limit on them and renew them a"ter a %ertain period( !his %ommand will set it to expire a"ter one year( openss1 x509 -req -days 365 -in server.csr -sign'ey server.'ey -ou server.cr 0nd that/s it8 You %an now dispose o" the >S9 "ile$ &ut 'eep the >9! and the G<Y in very sa"e pla%es( *e will use these two "iles in our 0pa%he installation( 'ption 6 5 'btaining a Certificate fro* a Certificate Authority !o pur%hase a valid SSL %erti"i%ate that is signed &y a >erti"i%ate 0uthority li'e !hawte$ =erisign or >omodo$ you %an go online and provide them with your generated >S9( 0 good pla%e to do this is on -ame>heap( >hoose the SSL %erti"i%ate that meets your needs$ then pur%hase it( You will &e "orwarded to a page where you %an upload your >S9 "ile and input some in"ormation( 0"ter a time$ you will re%eive instru%tions on how to re%eive your %erti"i%ate$ &ased on the type o" %erti"i%ate you ordered and the %ompany that is providing it( 1-% +.=. 8ost a Website with A/a&he and 181 7nstalling Your Certificate in Apache +n%e you have your 'ey and >9! "iles in hand$ you are ready to install them in 0pa%he( !his must &e done in a spe%ial =irtual:ost "ile "or your SSL-ena&led host( >opy your de"ault host "ile in /ec/apache2/sies-avai1ab1e$ and name it something li'e $name-ss1( See the example &elow "or the re.uired lines3 <Virua1Hos *:443> ocumenRoo /www/examp1e1 ServerName examp1e.com ServerA1ias www.examp1e.com SSLEngine On SSLCerificaeEi1e /pah/o/cerificae/fi1e.cr SSLCerificaeKeyEi1e /pah/o/cerificae/'eyfi1e.'ey SSLCerificaeChainEi1e /pah/o/cerificae/chainfi1e </Virua1Hos> 1( -ote that the port num&er is LL$ instead o" ?0 here( !his tells 0pa%he that this site will &e provided on port LL$ the standard "or :!!PS %onne%tions( 2( SSLEngine must &e set +- in order "or 0pa%he to serve the site via :!!PS( ( SSLCerificaeEi1e and SSLCerificaeKeyEi1e are mandatory( Put the lo%ation o" your >9! and G<Y "iles here( L( SSLCerificaeChainEi1e is +-LY re.uired i" you were spe%i"i%ally given a %hain"ile "rom your >erti"i%ate 0uthority( 4" you were not given one$ or you are using a sel"-signed %erti"i%ate$ do not in%lude this line( 0lso$ don/t "orget to ena&le the 0pa%he ssl module &y running3 sudo a2enmod ss1 +n%e this is done$ ena&le any new =irtual:ost "iles you %reated via sudo a2ensie $name-ss1 and reload your %on"iguration with sudo service apache2 re1oad( )ire up your &rowser o" %hoi%e and head to https3EEmydomain(%om and en6oy your en%rypted %onne%tion8 1-$ +.>. 6our 7wn C)oud"4 Fi)es, Ca)endar and Conta&ts ..J. Four 5wn C)oud$B Fi)es, Ca)endar and Conta(ts %.>.1 - What is ownCloud? own>loud is a "ramewor' "or personal %loud servi%es that you %an run on any server$ "or wor' or personal use( 4n plain <nglish$ it gives you many o" the same servi%es that plat"orms li'e Google %an provide "or you on a daily &asis( 5ut$ as with everything else in this guide$ you get the &ene"it o" assuring your own data and "ull ownership as well( own>loud has many "eatures$ as well as a plugin system that allows even more to &e added externally( :ere is a &rie" summary o" its %ore "un%tionality3 Fi)es H own>loud %an host your "iles "or you$ mu%h in the same way you would do with your Google 1rives or Google 1o%s( You %an then a%%ess them on any we&- ena&led devi%e$ anywhere around the world$ 6ust li'e your Google 1rive( !he only di""eren%e is that you %annot -yet- edit ri%h text do%uments or spreadsheets li'e you %an with Google 1rive( !hat &eing said$ it has &uilt-in do%ument readers Ain%luding "or P1)B whi%h ma'es it a de%ent everyday alternative to the "ile storage "eatures o" Google 1rive( %usi( - You %an also host your musi% li&rary with own>loud and &e a&le to play it "rom anywhere in the world( !his is a ma6or plus i" you have a phone or musi% devi%e with limited storage spa%e$ and you %annot put everything you want on the devi%e at on%e( +r$ i" you are at a "riend/s home and you want to show him some o" your new tra%'s( own>loud/s &uilt in musi% player is "ast and easy to use( 8hotos - Just li'e you %an host your musi% and "iles$ you %an also store your photos$ eliminating the need "or external servi%es li'e )li%'r or Pi%asa( Set up galleries and share them with others via the &uilt-in inter"a%e( Conta(ts - +ne o" my personal "avourite "eatures o" own>loud is its %onta%t storage system( )irst$ you %an set up and a%%ess your emailEphone %onta%ts easily "rom the we& inter"a%e( 5ut where it really shines is its >ard10= syn%ing system( You %an set it up to syn% with your other %omputers and devi%es whenever a %onta%t is added on any o" them$ easily repla%ing the %onta%t syn% "eatures o" Gmail or 0pple/s i>loud( Ca)endar - *ith the &uilt-in %alendar system you %an view your s%hedule lo%ally or remotely( 5ut where it gets really use"ul - li'e with >onta%ts - is the syn% %apa&ility( You %an syn% your devi%es/ %alendars with your own>loud %alendar via >al10=$ and 1-/ +.>. 6our 7wn C)oud"4 Fi)es, Ca)endar and Conta&ts whenever you add or modi"y an event "rom one o" these devi%es$ all the others will update seamlessly( !his repla%es Google >alendar or 0pple/s i>loud( Tas&s - !his "eature isn/t as %leanly implemented as it should &e AyetB$ &ut you %an easily 'eep tra%' o" your tas's via the own>loud/s easy-to-use we& inter"a%e( %.>.2 - Installing ownCloud 1ownload the latest own>loud sour%e "rom its we&site here( 2a'e sure you %hoose the most re%ent &ran%h o" %ode availa&le - at the time o" writing that is L(P( -ote that you will need to have 0pa%he installed and %on"igured properly to use own>loud( 1on/t s'ip that guide8 *e %over 0pa%he installation in guide (?( 1-2 +.>. 6our 7wn C)oud"4 Fi)es, Ca)endar and Conta&ts <xtra%t the pa%'age to the path o" your %hoi%e( 4" this is the only we& servi%e you will use on your server$ that path would &e /var/www/K otherwise$ you should extra%t it to /usr/share/( ar -xvjf ownc1oud-*.ar.bz2 cp -r ownc1oud /pah/of/your/choice -ext$ go into that dire%tory and ma'e sure that %ertain %riti%al "iles have the %orre%t permissions( >hange the owner o" #apps# #%on"ig# and #data# "olders$ and all o" their %ontents$ to that o" the we&server appli%ation( !his guide will assume that you are running 0pa%he as your we&server$ li'e we esta&lished earlier in the guide$ so that user is named www-daa( cd /usr/share/ownc1oid m'dir daa chown -R www-daa:www-daa /usr/share/ownc1oud/insa11/apps chown -R www-daa:www-daa /usr/share/ownc1oud/insa11/config chown -R www-daa:www-daa /usr/share/ownc1oud/daa -ext we will set up our 0pa%he =irtual:ost "ile "or this servi%e( !his guide will show how to ma'e a %on"iguration that wor's over :!!PS$ and automati%ally redire%ts any :!!P %onne%tions to :!!PS( >reate a new "ile in /ec/apache2/sies-avai1ab1e named ownc1oud that resem&les something li'e this3 <Virua1Hos *:80> ServerName subdomain.mydomain.com ocumenRoo /usr/share/ownc1oud RewrieEngine On RewrieCond %{SERVER_RORT} !^443$ RewrieRu1e ^.*$ hps://%{SERVER_NAME}%{REQUEST_URI} [L,R| </Virua1Hos> 1-7 +.>. 6our 7wn C)oud"4 Fi)es, Ca)endar and Conta&ts -ow$ %reate one named ownc1oud-ss1 in the same "older$ repla%ing the SSL %erti"i%ate lo%ation and in"ormation where ne%essary( <Virua1Hos *:443> ServerName remoe.jcoo'.cc ocumenRoo /usr/share/ownc1oud <irecory /usr/share/ownc1oud> A11owOverride A11 </irecory> SSLEngine On SSLCerificaeEi1e /ec/ss1/cers/mycerificae.cr SSLCerificaeKeyEi1e /ec/ss1/privae/myprivae'ey.'ey </Virua1Hos> 2a'e sure you in%lude the A11owOverride A11 in thereK that will allow own>loud to set its own %ustom parameters "or se%urity purposes( Save these and a%tivate them in 0pa%he$ then we are ready to go8 sudo a2ensie {ownc1oud,ownc1oud-ss1} sudo service apache2 re1oad 1-* +.>. 6our 7wn C)oud"4 Fi)es, Ca)endar and Conta&ts +pen up your &rowser and navigate to the server name that you set up earlier( You will &e guided through an installation wi7ard that will set up a data&ase and administrative user( )or more in"ormation a&out this$ re"er to guide %hapter (?( 1-< +.>. 6our 7wn C)oud"4 Fi)es, Ca)endar and Conta&ts +n%e own>loud is properly set up$ you will see its main s%reen whi%h is easily identi"ia&le( >li%' the gear i%on and you will eventually "ind the 0dmin s%reen$ where you %an personali7e more a&out your own>loud implementation( 0nd that/s it8 You %an use its intuitive inter"a%e to store and share your "iles$ set up %alendar appointments$ and organi7e the media( :ave "un with your own personal %loud8 1-> +.>. 6our 7wn C)oud"4 Fi)es, Ca)endar and Conta&ts %.>.% - 0etting u! Contacts? Calendar and $ile 07nc 0s the %onta%ts and %alendar "eatures o" own>loud are so help"ul$ this guide will also explain how to syn%hroni7e them with your personal devi%es( Thunderbird8 Contact and Calendar ync !o syn%hroni7e your %onta%ts with !hunder&ird3 1( Go to your own>loud we& inter"a%e and %li%' >onta%ts( )rom there$ %li%' the small gear logo underneath the %onta%t list( 2( >li%' #2ore(((# and sele%t #Show >ard10= Lin'# next to the address &oo' you want to syn%( >opy the address that %omes up( ( 1ownload and install the SoG+ >onne%tor !hunder&ird Plugin in !hunder&ird( L( +pen up !hunder&ird and %li%' #0ddress 5oo'(# P( 4n the 0ddress 5oo'$ %li%' )ile D -ew D 9emote 0ddress 5oo'( Set the U9L as the one that you %opied "rom own>loud( Give it a name as well( 4" you do not want %hanges made in !hunder&ird to &e syn%ed &a%' to your own>loud server$ then %hoose #9ead +nly(# U( >li%' +G$ then right-%li%' the address &oo' and %hoose Syn%hroni7e( AYou may need to %lose and re-open the address &oo' &e"ore this will wor'(B !o syn%hroni7e your %alendar with !hunder&ird3 1( Go to your own>loud we& inter"a%e and %li%' >alendar( )rom there$ %li%' the %alendar logo in the upper right( 2( >hoose the %alendar you want to syn%$ then %li%' #>al10= Lin'# and %opy the lin'( ( 4n !hunder&ird$ install the Lightning %alendar addon &y going to !ools D 0ddons then sear%hing "or Lightning and installing it( L( 9estart !hunder&ird and %li%' the >alendar i%on that appears in the upper right( P( 9ight-%li%' in the >alendar "ield and %hoose #-ew >alendar(((# U( 4n the window that pops up$ %hoose #+n the -etwor'# and %li%' -ext( >hoose >al10= and pla%e the %alendar U9L you %opied "rom own>loud in the spa%e provided( >li%' -ext( 11- +.>. 6our 7wn C)oud"4 Fi)es, Ca)endar and Conta&ts Y( >hoose a name and %olour "or your %alendar$ then %li%' -ext( Your %alendar will automati%ally &e syn%hroni7ed( ownCloud Client8 File ync for (es#tops !o 'eep your own>loud "older syn%hroni7ed with a "older on your %omputer$ the easiest way is to install the %ustom own>loud %lient "or des'top( !here are versions "or *indows$ 2a% +S , and Linux( Go to the syn% %lients page$ download the installation pa%'age$ and "ollow the easy-to-use wi7ard to get it set up( Android8 Contact9 Calendar and File ync +n 0ndroid$ you must downloadEpur%hase a %ouple o" appli%ations in order to syn% your %onta%ts and %alendars( )or %onta%t syn%$ download >ard10= Syn% "rom the Play Store( )rom here$ you %an add a Syn% a%%ount "rom your Pre"eren%es appli%ation$ 6ust li'e i" you were to add a Google a%%ount to your phone( )or %alendar syn%$ download >al10= Syn% whi%h is made &y the same developer and %an &e %on"igured similarly( )or "ile syn%hroni7ation$ there is the own>loud app that will ena&le %loud syn% &etween your phone and your own>loud server( +r$ you %an use any #%loud syn%# app on the 0ndroid that supports the *e&10= "ormat( Just go into own>loud$ %li%' Settings D Personal$ then %opy the *e&10= lin' into the appli%ation( %.>.& - $urther 1eading own>loud 1o%umentation >entre 111 +.1?. Se&urity4 Firewa))in% and Threat Dete&tion ..10. Se(urityB Firewa))in' and Threat Dete(tion %.1@.1 - u/w? the Unco#!licated $irewall +ne o" Linux/s most %ommonly used "irewall systems is ipab1es( 4pta&les is an extremely %ustomi7a&le and extensi&le "irewalling solution$ however it is very %ompli%ated to set up and maintain on its own( Lu%'ily we have ufw( u"w operates &y esta&lishing %ertain rules in its own "ront end$ then translating those rules into the many lines that ipta&les %an understand and exe%ute( 4nstall ufw3 sudo ap-ge insa11 ufw *e will set our "irewall to deny %onne%tions that we have not expli%itly granted &y de"ault( !o do this$ run3 sudo ufw defau1 deny
0t this point$ we %an ena&le our "irewall with3 sudo ufw enab1e -ow it will &e up to us to set spe%i"i% rules Aand open portsB &ased on the appsEservers we are running( !his goes "or anything operating o"" o" this server or any other %lient on the internal networ' that re.uires open ports( %.1@.2 - 0etting u/w 1ules !o allow tra""i% through our "irewall$ we will need to allow ports through it( *e %an do that with3 sudo ufw a11ow $xxxx !his will allow any system externally to use port #xxxx# on your server( !his may &e a good 11% +.1?. Se&urity4 Firewa))in% and Threat Dete&tion option "or setting up indis%riminate servers li'e "or email or we& hosting$ &ut what i" you want to only o""er servi%es to your internal networ'@ )or example$ you might host a Sam&a server to share and edit "iles on the networ'$ &ut you might not ne%essarily want this open to the internet$ even i" it is password-prote%ted( !hen the "ollowing rule is "or you3 sudo ufw a11ow from 192.168.0.0/24 o any por $xxxx !his allows any system on your networ' Athat has an address in the range o" 1;2(1U?(0(0B to a%%ess port #xxxx# on your server( -oti%e that U)* %an also re%ogni7e a %ertain num&er o" appli%ations and server names instead o" 6ust the port num&er( You %ould run3 sudo ufw a11ow Apache ((( and U)* would open port ?0 on your server to the 4nternet( Port ?0 is the we& port that 0pa%he a%%epts %onne%tions on( !o list your rules$ run sudo ufw saus numbered and you will get a num&ered list o" rules that are %urrently a%tive( !o delete a rule you/ve already set up$ gra& its num&er "rom that list and run sudo ufw de1ee $xx(
!his guide explains how to set up several di""erent servi%es that$ depending on your usage$ you may want to open up to your internal networ' or the internet( 9emem&er that the ports have to &e open &e"ore you will &e a&le to use them8 :ere is a list o" the %ommon appli%ations and ports you might want to allow through( -e"ote Conne(t3 port 22 "or SS:$ port P;00 "or =-> %ai)3 port 1L "or 420P$ port 110 "or P+PK port 2P "or S2!P$ port P?Y "or S2!P su&mission AoptionalB Web3 port ?0 "or standard :!!P$ port LL "or SSL :!!PS$ port 0U "or 2ySHL Aetwor& Contro))er3 ports P and ;P "or 1-S$ ports UY _ U? "or 1:>P$ port PP1 "or -0! Fi)e Sharin'3 port 21 "or )!P$ ports 1Y-1; and LLP "or Sam&a$ port U; "or !)!P$ port 1;2 "or 0)P A0pple )ilesharing Proto%olB$ port 20L; "or -)S ALinux )ilesharingB Windows Seri(es3 port 1; "or -et54+S$ port 1U1 "or S-2P %edia Strea"in'3 port U?; "or 100P A0ppleEi!unesB$ ports 1;00 and P000 "or uPnP 11$ +.1?. Se&urity4 Firewa))in% and Threat Dete&tion %.1@.% - 009 Tunnelling2 3aintain 0ecure .ccess through a Closed $irewall )or appli%ations you don/t want to allow through to the 4nternet Ai" you thin' you are going to rarely use them away "rom home$ or i" you have signi"i%ant se%urity %on%ernsB$ &ut you still might want to use them someday$ it/s good pra%ti%e to use them over an SS: tunnel( You %an %reate SS: tunnels with the "ollowing "ormat$ repla%ing the values where ne%essary3 ssh -f -L $1oca1por:1oca1hos:$remoepor $remoehos -N !he lo%al port should &e a port that is not already in use on your %lient %omputer( 1oca1hos %an &e le"t aloneK this %reates the tunnel to your %lient %omputer( remoepor re"ers to the port "or whatever servi%e you want to tunnel through( 0nd o" %ourse remoehos is the address o" your server on the 4nternet( So$ "or example$ i" you set up the "ollowing((( ssh -f -L 9876:1oca1hos:5900 server.mydomain.com -N
((( this will %reate an SS: tunnel "or 2ine%ra"t on my %omputer( Simply %onne%t 2ine%ra"t to a server lo%ated at lo%alhost3;?YU and you %an use it via a remote %onne%tion$ as i" you were 6ust %onne%ted to the lo%al networ'( %.1@.& - 0etting u! /ail2ban +ur "irewall is in pla%e$ whi%h will go a long way to helping se%ure our system "rom most atta%' attempts( :owever we will go a step "urther &y using fai12ban( )ail2&an monitors the logs o" networ'-%apa&le appli%ations "or entry attempts and repeated "ailures$ and promptly &ans the asso%iated 4P addresses "or a determined amount o" time( !his %an help dissuade and eliminate the threat posed &y %ertain &ots that li'e to roam the internet$ testing many di""erent atta%' strategies at on%e to try and "ind one that sti%'s( 4t also helps stop some 11oS attempts$ whi%h are %ommonly used to &ring down we&sites and other servi%es( 4nstall "ail2&an with3 sudo ap-ge insa11 fai12ban 11/ +.1?. Se&urity4 Firewa))in% and Threat Dete&tion 2a'e a %opy o" the %on"iguration template to the one we will a%tually &e wor'ing "rom3 sudo cp /ec/fai12ban/jai1.conf /ec/fai12ban/jai1.1oca1
+pen up /ec/fai12ban/jai1.1oca1 in your text editor and modi"y the "ollowing "ields3 i'norei*3 set this to your internal networ'/s su&net Ali'e 1;2(1U?(0(0E2LB( !his will 'eep "ail2&an "rom &lo%'ing you i" you trip its %onditions while testing your servi%es( banti"e3 Li'e it says on the tin$ this is the amount o" time the o""ending 4Ps are &anned "or Ain se%ondsB( "a2retry3 5y de"ault$ the amount o" "ailed attempts that should &e allowed &e"ore an 4P is &anned( )urther down in the "ile$ you will "ind a se%tion "or #0%tion Short%uts(# !he line "or de"ault a%tion &egins with #a%tion$# and %an &e set here( !here are three options when triggered$ explained a&ove3 &an only$ &an and send an email with the 4P in"ormation$ or &an and send an email with 4P 0-1 relevant log in"ormation( !he next se%tion$ #Jails$# deals with the servi%es we want to monitor( !he entries you ma'e in this se%tion will depend on what servi%es you have ena&led( !here are se%tions installed &y de"ault "or ssh$ 0pa%he$ "tp$ post"ix$ et%( )or some servi%es$ there are multiple 6ails$ ea%h that monitor "or di""erent %ir%umstan%es( )or example$ #apa%he# monitors authori7ation attempts to your we&site$ while #apa%he-php# monitors repeated "ailures in a%%ess to P:P "iles$ whi%h %an o"ten signi"y someone "ishing "or a way into your site/s %on"iguration( 2a'e sure you sele%t any 6ail that you "eel you will need &ased on your setup( !o ena&le a 6ail$ un%omment every line within it a"ter the #`xxxxa# se%tion$ then set ena&led to e.ual #true#( +n%e you have %ompleted the %on"iguration$ you %an start "ail2&an with sudo service fai12ban sar( 4t will immediately &egin monitoring the sele%ted servi%es and &anning repeat o""enders a%%ordingly( *ith some servi%es$ errors %an %ome up inno%ently yet "re.uently( 4" you %reate a &ro'en lin' to a P:P page on your we&site$ "or example$ and you have the apa%he- php 6ail ena&led$ you might &e sending people to an error s%reen that %an &an them i" they try to re"resh it too mu%h( Geep this in mind when ena&ling 6ails 0-1 when %hoosing a &an time( 112 +.1?. Se&urity4 Firewa))in% and Threat Dete&tion %.1@.' - 3ore 0ecurit7 Ti!s SS73 2a'e sure you/ve disa&led root logins as well as password logins "or SS:$ and are only using 'ey-&ased logins i" at all possi&le( 9emem&er to 'eep your 'eys sa"e on your devi%es8 %ai)3 9emem&er to set your smpd_recipien_resricions in Post"ix$ and to ma'e ss1 = required in 1ove%ot( !*a(he9ownC)oud3 0ny we&sites set up that handle password authenti%ation or the transmission o" even remotely-sensitive data should have :!!PS en"or%ed in the settings( Fi)e Sharin' and %edia Strea"in'3 Set permissions where possi&le so that only your authori7ed networ' users have readEwrite privileges( 5lo%' servi%es li'e Sam&a$ uPnP and 0)P "rom &eing used outside your networ' &y &lo%'ing their ports at the "irewall( /a(&u*s3 <n%rypt any &a%'ups that are stored on your server "or an extra level o" prote%tion( In Genera)3 4t/s &etter to use SS: tunnels "or appli%ations you only use remotely on an in"re.uent &asis than to leave them open and "orget a&out them8 4nstru%tions "or how to ena&le these tips %an &e "ound in their respe%tive se%tions o" this guide( %.1@.; - $urther 1eading U)* Huestions and 0nswers - U&untu )orums )ail2&an *i'i 117 +.11. #ana%in% and Streain% 6our #edia ..11. %ana'in' and Strea"in' Four %edia %.11.1 - 0etu! $ile 0hares 6ia 0a#ba and 4$0 !he "irst step to setting up a "ile server$ whether its "or your lo%al networ' or "or remote a%%ess$ is to de%ide upon a method "or sharing that wor's with your desired %on"iguration( !his guide will explain three di""erent systems$ ea%h easy to set up &ut used "or di""erent purposes( You %an set up all three$ or any %om&ination thereo"( a*ba Sam&a is a "ile sharing server that allows your Linux server to intera%t with *indows %lients on your networ'( 4t also easily wor's with 2a% +S , %lients( 4" your home networ' in%ludes any devi%es that do not run Linux$ and you want those devi%es to &e a&le to intera%t with your "iles stored on the server$ it is usually a good idea to set up Sam&a( 0ll you need to set up Sam&a is sudo ap-ge insa11 samba( 0"ter this$ you will &e ready to add a new share( +pen up /ec/samba/smb.conf in your text editor and s%roll to the &ottom o" the "ile( You will want to add a se%tion that loo's li'e this$ %hanging the "ields where appropriate3 [share| commen = My Ei1e Server Ti1e pah = /pah/o/my/shared/fo1der browsab1e = yes gues o' = yes read on1y = no creae mas' = 0755 11* +.11. #ana%in% and Streain% 6our #edia !he gues o' "ield a&ove will %hange i" people %an use your "ile server without logging in with a password( !he read on1y "ield will %hange i" someone logged in to your server is a&le to %hange the "iles at all$ or 6ust to read "rom them( +n%e this is %omplete$ you merely need to restart your Sam&a server3 sudo service smbd resar -ow$ to %onne%t$ open up your "ile &rowser on a %omputer %onne%ted to your networ'( *indows3 4n the 0ddress 5ar o" your "ile &rowser$ enter \\$servername\share( 4" you want to mount this share permanently li'e a hard drive$ right-%li%' >omputer and %hoose #2ap -etwor' 1rive(# Put the a&ove address in as the "older$ and %hoose a drive letter( 2a% +S ,3 4n )inder$ %li%' Go D >onne%t !o Server( 4nsert the address #sm&3EE WservernameEshare#( 4t is not a good idea to open your Sam&a server to the world( )or sharing with others$ use )!P or a separately-installed servi%e li'e own>loud( Use a "irewall li'e u"w to &lo%' Sam&a/s ports externally$ or to only allow it on your lo%al networ'( !he ports used "or Sam&a are 1; and LLP( !he easiest way to improve the se%urity o" this setup is to re.uire users to log into your server via user a%%ounts( You %an easily do this via P02$ whi%h is the so"tware that runs your Linux server/s user a%%ounts and logins( !o do this$ run sudo ap-ge insa11 1ibpam-smbpass( !hen go &a%' into your Sam&a %on"iguration "ile and set gues o' to e.ual #no#( 9estart your Sam&a server with sudo service smbd resar( *ith this$ you %an restri%t your "ile a%%ess to only users that have a%%ounts on your server( 11< +.11. #ana%in% and Streain% 6our #edia /F -)S is a networ' "ilesharing system designed "or Linux systems( 4t is a "aster and easier option than Sam&a i" you are only planning to use your "ileserver with Linux-&ased %omputers( !o install -)S$ run sudo ap-ge insa11 nfs-'erne1-server( !hen$ to add a new share$ edit the /ec/expors "ile$ and add lines &ased on the "ollowing %on"iguration( /pah/o/shared/fo1der *(ro,sync,no_roo_squash) !he "irst /ro/ indi%ates i" this share should &e read-only or writa&le to %lients that %onne%t to it( !o ma'e it writa&le$ repla%e /ro/ with /rw/( 4" you want to restri%t this share to &e availa&le only to spe%i"i% %omputers on your networ'$ repla%e the /F/ with those %omputer hostnames$ 4P addresses or 4P rangeEsu&net( 0"ter adding your shares$ start your server with sudo service nfs-'erne1-server resar( !o %onne%t to these systems "rom your Linux %omputer$ go to the !erminal and run sudo moun $servername:/pah/o/shared/fo1der /pah/o/1oca1/moun( You will need to set up a "older on the %omputer to a%t as the lo%al mount point( 0"ter this$ you %an go to that "older path and use it$ 6ust as i" it was a lo%al "older( 2u%h li'e Sam&a$ you shouldn/t open your -)S server to the world( )or sharing with others$ use )!P or a separately-installed servi%e li'e own>loud( Use a "irewall li'e u"w to &lo%' the -)S ports externally$ or to only allow it on your lo%al networ'( -)S uses port 20L; "or its %onne%tions( %.11.2 - 0trea# 3usicAhotosA:ideo 6ia un +n%e we have our "ile servers set up$ that/s all well and good$ &ut it does not let us seamlessly stream our %ontent( !hat is one o" the great &ene"its o" having a server a%t as a -0S Anetwor' atta%hed storageB devi%e3 &eing a&le to stream your media "rom various devi%es around your home( uPnP is one o" the me%hanisms that %an &e used to a%hieve this( 11> +.11. #ana%in% and Streain% 6our #edia *ith it$ you %an seamlessly stream your musi%$ photos or video with di""erent plat"orms( !his guide will use a simple uPnP server %alled minidlna( 4t %an stream to uPnP or 1L-0 %ompati&le %lients( 4nstall minidlna with sudo ap-ge insa11 minid1na( >on"iguration %an &e ad6usted &y editing the "ile /ec/minid1na.conf( !he important lines to %hange &ased on your %on"iguration are as "ollows3 1( networ&Ninterfa(e - 4" you have multiple networ' inter"a%es on your devi%e$ ma'e sure they are listed here( +r$ only list the networ' inter"a%es you want to serve( 4" you have one dedi%ated to the internal networ' and one "a%ing your modem$ you %an easily prevent external a%%ess this way( 2( "ediaNdir - !his will point your minidlna server to the "olders %ontaining the media you want to serve( 0n example3 MmediaQdirO0$EhomeEuserEmusi%M will set minidlna to share the /a/udio listed in these "olders( = is used "or video and P is used "or photos( You %an simply put MmediaQdirOEhomeEuserE"olderM i" you have one "older with multiple types o" media to stream( ( friend)yNna"e - !he name o" your server that will &e &road%ast to %lients( L( a)bu"NartNna"es - 4" you have a spe%i"i% naming %onvention "or the al&um art in your musi% li&rary$ li'e #>over(6pg#$ put it here( minidlna will set these "iles apart and use them "or al&um %overs in the li&rary view( *ith this$ start your minidlna instan%e with3 sudo service minid1na resar ((( then %onne%t with your %lient o" %hoi%e$ and en6oy the streaming experien%e8 9emem&er to &lo%' the uPnP port to the outside world via your "irewall i" you don/t want anyone and everyone to have a%%ess to your media %olle%tion8 uPnP uses ports 1;00 and 2?U;( 1%- +.11. #ana%in% and Streain% 6our #edia %.11.% - 0trea# to 7our .!!le De6ices with D.. 4" you have an a&undan%e o" 0pple devi%es in your home$ or are 6ust atta%hed to your i!unes li&rary more than anything else$ you %an use 100P streaming instead o" Aor in addition toB uPnP( !he 100P setup is very similar to that o" uPnP$ &ut it will instead allow you to stream dire%tly to i!unes using its #:ome Sharing# "un%tionality( !here are also 100P %lients "or *indows$ Linux and 0ndroid( *e will install a 100P server %alled "or'ed-daapd( 9un sudo ap-ge insa11 for'ed- daapd( !o %on"igure$ we will edit the "ile /ec/for'ed-daapd.conf( You will need to set the /dire%tories/ line to mat%h the path to your musi% "older( You also may want to %hange the /name/ line to mat%h what you want to show to your %lients( 0"ter this$ restart the server &y running sudo service for'ed-daapd resar( !hen "ire up i!unes$ ena&le :ome Sharing$ and your server will show up in the side&ar8 9emem&er to &lo%' the 100P port to the outside world via your "irewall i" you don/t want anyone and everyone to have a%%ess to your media %olle%tion8 100P uses port U?; "or its %onne%tions( %.11.& - $urther 1eading Se%uring a Sam&a Print and )ile Server - U&untu 1o%umentation -)S :+*!+ - U&untu >ommunity 1o%umentation minidlna - U&untu >ommunity 1o%umentation :ow to set up "or'ed-daapd - U&untu )orums 1%1 +.1'. A11.2DI34 Guide to 9irtua) #a&hines ..1+. !880ADI>B Guide to Virtua) %a(hines %.12.1 + What are :irtual 3achines? 0 virtual ma%hine is a simulation o" an operating system that %an run within a di""erent operating environment( 9ather than only &ooting an operating system natively$ li'e we do every time we start up our %omputers$ virtual ma%hines ma'e it possi&le to run di""erent operating systems and supported appli%ations natively "rom your %omputer( :ere are a "ew use %ases "or using a =irtual 2a%hine3 Fou wor& freOuent)y on a**)i(ations that reOuire Windows. !here are many spe%ial or proprietary apps that are only availa&le on *indows "or spe%i"i% lines o" wor'( You %an install Linux as the prin%ipal operating system and run *indows via a virtual ma%hine whenever you need to a%%ess this spe%i"i% program( Fou hae a serer, and you want to run "u)ti*)e ty*es of serer ar(hite(tures on the sa"e "a(hine si"u)taneous)y. )or example$ you want to operate an instan%e o" U&untu Server to provide your email and we& hosting$ &ut you want to use )ree-0S to provide your media hosting and "ilesharing servi%es( You %an do this very sa"ely on one %omputer 6ust &y using virtual ma%hines( Fou want to *ra(ti(e wor&in' in a s*e(ifi( o*eratin' syste" or 1inu2 distribution before swit(hin' oer to it entire)y. Linux distro live >1s %an &e slow$ and not ne%essarily indi%ative o" the real user experien%e( !rying out an +S or distro in a virtual ma%hine &e"ore you swit%h your whole %omputer is a great way to see what you might &e getting yoursel" into( Fou are a software dee)o*er, and you need to test your *ro'ra" on a different o*eratin' syste", or under different (onfi'urations. !here is o&viously no need to &uy multiple %omputers to a%hieve this$ when you %an simply install the +S via a virtual ma%hine( You %an also use spe%i"i%ally old operating system images to test how your so"tware rea%ts to these environments( 4n order to use a virtual ma%hine$ your %omputer or server must have ade.uate pro%essing power( 4t is advised that your %omputer have a UL-&it pro%essor$ with at least two %ores( 4ntel pro%essors %an "eature =!-x te%hnology$ whi%h is highly re%ommended "or running virtual ma%hines( 1%% +.1'. A11.2DI34 Guide to 9irtua) #a&hines %.12.2 + Install :irtualBo- and 0et U! a :3 !hese instru%tions are "or +ra%le =irtual5ox$ an appli%ation that manages and runs virtual ma%hines( 4t will show how to run =irtual5ox via %ommand-line A"or U&untu ServerB and graphi%al inter"a%e( 4" your pro%essor has spe%ial virtuali7ation %apa&ility Are.uired "or UL-&it =2sB$ li'e 4ntel =!- x$ you will need to ena&le this in your 54+SEU<)4 %on"iguration "irst( Loo' through your mother&oard/s manual "or instru%tions on how to do this( !o install =irtual5ox$ run sudo ap-ge insa11 d'ms virua1box( !his will install =irtual5ox and the system to 'eep its re.uired 'ernel modules up to date( -ia Ubuntu (es#top Go to the side&ar and laun%h =irtual5ox "rom the Sear%h menu( You are presented with the main s%reen( 1%$ +.1'. A11.2DI34 Guide to 9irtua) #a&hines )rom here$ you %an see a list o" your virtual ma%hines in the le"t-hand side &ar$ as well as the %ontrols "or your =2s right a&ove that( !o %reate a new virtual ma%hine$ %li%' -ew$ whi%h will &ring up the wi7ard( 4t will as' you to give a name to your virtual ma%hine$ to %hoose the operating system type and the version o" your operating system( 2a'e sure that$ i" you wish to run a UL-&it operating system$ you %hoose the UL-&it version o" your +S displayed here( !he next s%reen will allow you to %hoose the memory si7e o" your virtual ma%hine( )or most Linux-&ased =2s$ P1225 will su""i%e( )or *indows-&ased =2s it may &e a good idea to use 102L25( !his will o" %ourse depend on how mu%h 902 your system has to &egin with( 1%/ +.1'. A11.2DI34 Guide to 9irtua) #a&hines -ow you %an set the virtual hard drive spa%e that your virtual ma%hine will run "rom( !his will %reate a "ile that a%ts as a %ontainer "or everything held in your virtual ma%hine( >li%' #>reate# and %hoose #=14 A=irtual5ox 1is' 4mageB(# !he next s%reen will allow you to %hoose a dynami%ally-allo%ated image or a "ixed-si7e image( 1ynami%ally-allo%ated images are a good option$ &e%ause you %an set a maximum theoreti%al si7e "or the image without a%tually ta'ing up all o" that dis' spa%e until your =2 a%tually does so( 4" you %hoose "ixed-si7e$ a P0G5 dis' image A"or exampleB would instantly ta'e up P0G5 o" spa%e on your dis'$ regardless i" the =2 is a%tually using that mu%h spa%e or not( !he next s%reen will allow you to set the si7e o" your virtual dis'( You o&viously must set a si7e that will "it on your physi%al hard drive( Linux distri&utions Aespe%ially ones that do not host media "ilesB do not re.uire mu%h spa%e to operateK they will do "ine with a range o" 10 to 20G5( Larger operating systems li'e *indows will re.uire a minimum o" at least 2P to P0G5 to operate( +n%e you %li%' #>reate$# your new =2 will show up in the list( *hen you are ready$ %li%' #Start# a&ove the list to &egin the pro%ess o" installing your operating system( 0 s%reen will %ome up that will allow you to %hoose an installation sour%e( 1%2 +.1'. A11.2DI34 Guide to 9irtua) #a&hines )rom here$ you %an %hoose either your >1 drive Ai" you have your +S/ installation dis% loadedB$ or an 4S+ "ile to install "rom a downloaded install image( !hen you %an "ollow the normal installation pro%ess "or your %hosen operating system( 1%7 +.1'. A11.2DI34 Guide to 9irtua) #a&hines -ia Ubuntu er)er +Ad)anced, You %an set up a new virtual ma%hine in =irtual5ox using the %ommand line( :ere is an example %ommand and its important "eatures3 VBoxManage creaevm --name "Ubunu 11.04 Server" --regiser !his %reates our virtual ma%hine$ named #U&untu 11(0L Server$# and registers it with =irtual5ox( VBoxManage modifyvm "Ubunu 11.04 Server" --memory 512 --acpi on --boo1 dvd --nic1 bridged --bridgeadaper1 eh0 !his sets our =2 up with P1225 o" 902 spa%e$ ena&les 0>P4 support$ sets the ma%hine to loo' "or a 1=1 to &oot "rom "irst &e"ore anything else$ and sets up a networ' inter"a%e that &ridges to our own$ so that we %an use the 4nternet "rom our virtual ma%hine( 4" you are using a wireless networ' %ard instead o" an ethernet %ard$ ma'e sure you %hange Meth0M to Mwlan0M( VBoxManage creaehd --fi1ename Ubunu_11_04_Server.vdi --size 10000 !his %reates a virtual hard drive "ile named #U&untuQ11Q0LQServer(vdi#$ with a si7e o" 10$000 25 Aor ;(YYG5B( VBoxManage soragec1 "Ubunu 11.04 Server" --name "SATA Conro11er" --add saa !his sets up a virtual S0!0 %ontroller to %onne%t our virtual hard drive( VBoxManage sorageaach "Ubunu 11.04 Server" --soragec1 "SATA Conro11er" --por 0 --device 0 --ype hdd --medium Ubunu_11_04_Server.vdi !his a%tually %onne%ts our virtual hard drive to our new virtual ma%hine( VBoxManage sorageaach "Ubunu 11.04 Server" --soragec1 "SATA Conro11er" --por 1 --device 0 --ype dvddrive --medium /home/ubunu-11.04-server-amd64.iso 0nd "inally$ this %onne%ts a downloaded 4S+ install image on our hard drive$ lo%ated at MEhomeEu&untu-11(0L-server-amdUL(isoM$ to our virtual ma%hine$ so that it will &oot "rom it and install the operating system( 1%* +.1'. A11.2DI34 Guide to 9irtua) #a&hines 4n order to run virtual ma%hines #headlessly# - that is$ without a dire%t monitor %onne%tion or a window environment so we %an a%tually see it$ we must ena&le a "ew extra "eatures in =irtual5ox( )irst$ download the =irtual5ox extension pa%' that %orresponds to the version o" =irtual5ox that you are running( -ext$ install it in =irtual5ox &y running sudo VBoxManage expac' insa11 Orac1e_VM_Virua1Box_Exension_Rac'-*.vbox-expac' "rom the "older you downloaded it to( )inally$ run sudo adduser $username vboxusers with the appropriate username to give our user the a&ility to run the =2 with these new "eatures( !o a%tually run our virtual ma%hine and &egin the installation pro%ess$ run VBoxHead1ess --sarvm "Ubunu 11.04 Server"( !hen$ on a remote ma%hine$ %onne%t to your server via 91P( You should &e a&le to view the live %ontents o" your virtual ma%hine as it is running( *hen you are done using your virtual ma%hine$ you should shut down the operating system it is running$ 6ust li'e you would a normal %omputer( 4" you need to 'ill it without a normal shutdown$ run VBoxManage conro1vm "Ubunu 11.04 Server" poweroff( %.12.% - $urther 1eading =irtual5ox - 9emote =irtual 2a%hines 1%< +.1+. A11.2DI34 Guide to Free2AS ..1.. !880ADI>B Guide to FreeA!S %.1%.1 + What is $ree4.0? )ree-0S is a version o" the 5S1 operating system that in%ludes &uilt-in and dedi%ated tools "or operating "ile storage and media servi%es( 4t is an ex%ellent %hoi%e "or those who wish to maximi7e their a&ility to oversee and %ontrol their media server$ and retain a very easy-to- use and easy-to-setup inter"a%e( )ree-0S is not 6ust server so"tware$ li'e most other tools explained in this guide( 4t is a separate operating system( 0s su%h$ it is designed to run on a dedi%ated -0S Anetwor'- atta%hed storageB system or virtual ma%hine( 0 -0S is used primarily to store a large amount o" "iles or media at on%e$ and to host high-%apa%ity hard drives "or this( +"tentimes it is &etter to run your server under )ree-0S Aor run a virtual ma%hine with itB i" you are planning on providing a de%ent amount o" "ilesharing or media streaming servi%es( 4t is also a good option i" you will &e using one server$ &ut want to in%lude su""i%ient %ontrols over your media servi%es and only will &e running them on an internal networ'( 5y running )ree-0S on a virtual ma%hine separate "rom your other we& server so"tware$ you %an ensure that external sour%es will not have the same a%%ess to this ma%hine as your we& server( %.1%.2 + Installing $ree4.0 )ree-0S is installed mu%h li'e any other Linux-li'e operating system( 1ownload the "ull version 4S+ image "rom the "ront page o" the )ree-0S we&site$ depending on your ar%hite%ture( 0"ter it is downloaded$ you %an then &urn it to a dis% and &oot your server "rom it to &egin the installation pro%ess( 4" you want to run )ree-0S in a virtual ma%hine$ you %an start your 4S+ with =irtual5ox dire%tly to install A%he%' out %hapter (12 "or more in"ormation on virtual ma%hinesB( 1%> +.1+. A11.2DI34 Guide to Free2AS +n%e you &oot "rom the >1Eimage$ you are greeted with the lovely text-&ased installer( !he instru%tions here will wal' you through %hoosing the right dis' partition( 4nstalling )ree-0S is super easy$ it/s nearly a one-%li%' installation( +n%e it is "ully installed$ it will let you 'now that it %an re&oot( 1$- +.1+. A11.2DI34 Guide to Free2AS 0"ter the re&oot$ you are sent to its main menu( >hoose menu option 1 to give )ree-0S a %ustom 4P address$ or %hange the networ' inter"a%e it uses &y de"ault( )ree-0S will automati%ally try to autodete%t your networ' settings and to re%eive an 4P address via 1:>P i" you do not give it %ustom settings( 2enu options 2-U are used "or those who have advan%ed networ' %on"igurations and that need to supply lin'$ routing or 1-S in"ormation manually( 2enu option Y is used to reset the username or password used to log into the *e&GU4( !he *e&GU4 is the main way to addEremove shares and %hange settings "or )ree-0S( 2enu option ? is used to reset your )ree-0S setup to its "a%tory de"aultsK that is$ to remove all o" your %ustom %on"iguration( 2enu option ; will &ring you to a 5S1 %ommand prompt$ "or advan%ed users only( 0nd "inally$ options 10 and 11 will re&oot or shutdown your )ree-0S system( 1$1 +.1+. A11.2DI34 Guide to Free2AS -ote that i" your networ' assigns 4P addresses via 1:>P$ you will need to designate a stati% 4P address "or your )ree-0S implementation( You %an read more a&out how to do this in %hapter (U( +therwise$ your )ree-0S distri&ution is running as long as it is at this s%reen( !o &egin setting up your "ileshares and %ontinue the %on"iguration$ "ire up your we& &rowser o" %hoi%e and navigate to the U9L that was listed on the s%reen( !his will ta'e you to the )ree-0S *e&GU4( 0"ter you log in$ this is the "irst s%reen you are greeted with$ showing your &asi% system in"ormation( 2enu options are listed along the le"t side and on the upper menu &ar( You %an %ustomi7e various details a&out your admin a%%ount and set up users to %onne%t to your -0S under the #0%%ount# su&menu( Under #System# you %an %on"igure your )ree-0S/ details li'e time 7one$ email used "or noti"i%ations$ and other things( !he #-etwor'# su&menu will 1$% +.1+. A11.2DI34 Guide to Free2AS allow you to ma'e any %hanges to your networ' %onne%tion and inter"a%es that you didn/t ma'e in the text-&ased menu earlier( !he next option$ #Storage$# will allow you to set up hard drive spa%e to store the "iles and media that you want to serve with )ree-0S( !o &egin$ %li%' Storage D =olumes( 4" you want to use an existing partition on your hard drive$ %li%' #4mport =olume(# Set the name o" the volume$ then %hoose the dis'Epartition you want to use( !hen sele%t its "ilesystem type( -ote that )ree-0S only supports "ilesystems o" the U)S$ -!)S A*indowsB$ 2S1+S)S Aold *indowsB or ext2"s Aolder LinuxB types( 4" you want to %reate a new virtual hard drive to &e stored on the dis'$ %li%' =olume 2anager( >hoose a name "or your new volumeK it doesn/t have to &e very des%riptive( #-0S# wor's 6ust "ine( !hen %hoose #T)S#( >hoose whether or not you wish to use "ull- dis' en%ryption$ though this is not re%ommended "or large "ile or media servers( 4" you have more than one dis' sele%ted$ you %an set )ree-0S to mirror or stripe them using 9041 Ai" you are not sure what 9041 is$ then %li%' hereB( +n%e your volume is set up$ you are "ree to set up the sharing servi%es you want to run on your )ree-0S server( %.1%.% + Using $ree4.0 0er6ices )ree-0S supports a wide range o" servi%es to extend your server/s use( *e will &egin with setting up two &asi% servi%es3 -)S "ile shares "or Linux-&ased %omputers$ and >4)SESam&a "ile shares "or *indows-&ased %omputers( -ote that you %an also use Sam&a "ile sharing on 0pple-&ased hardware$ and it is mu%h &etter than 0pple/s proprietary 0)P servi%e( 1$$ +.1+. A11.2DI34 Guide to Free2AS /F !o set up -)S "ile shares on your )ree-0S &ox$ %li%' Sharing D Unix A-)SB Shares$ then %li%' 0dd Unix A-)SB Share( 1( 0dd a #%omment# that %an identi"y your share on some systems( 2( >hoose the path "or your share on the lo%al drive( !his should mat%h the mount point path that you %reated during the Storage step a&ove( ( 4" you want to limit the share to only &e a%%essi&le to a %ertain 4P address or range$ enter it here( L( 4" you want to ma'e your share read-only to all users$ %he%' the #9ead +nly# &ox( 1$/ +.1+. A11.2DI34 Guide to Free2AS +therwise$ permissions will de"ault to the Unix "ile permissions that your "iles have on the server( P( Set any o" the other advan%ed permissions i" need &e$ then %li%' #+G# when done to %reate your new share( !o a%tivate your newly-%reated share$ %li%' Servi%es D >ontrol Servi%es$ then toggle the +n swit%h next to -)S( !o %onne%t to your -)S share on a Linux-&ased %omputer$ run the "ollowing %ommand with the appropriate values( 9emem&er that you must set up a lo%al "older to a%t as the pla%eholder when it is mounted( sudo moun $ip-address:/pah/o/moun /pah/o/1oca1/fo1der C7F!a*ba !o set up >4)S "ile shares on your )ree-0S &ox$ %li%' Sharing D *indows A>4)SB Shares$ then %li%' 0dd *indows A>4)SB Share( 1( 0dd a name andEor a #%omment# that %an identi"y your share on some systems( 2( >hoose the path "or your share on the lo%al drive( !his should mat%h the mount point path that you %reated during the Storage step a&ove( ( 4" you want your share to &e &rowsa&le &y %lients in *indows <xplorer Awhi%h you pro&a&ly doB$ %he%' the #5rowsa&le to -etwor' >lients# &ox( L( 4" you want to ma'e your share availa&le to guest users$ i(e( users that do not need to log into your server with a usernameEpassword$ %he%' #0llow Guest 0%%ess(# You %an also %he%' #+nly 0llow Guest 0%%ess# i" you do not want people to &e a&le to log in via a user a%%ount( P( Set any o" the other advan%ed permissions i" need &e$ then %li%' #+G# when done to %reate your new share( !o a%tivate your newly-%reated share$ %li%' Servi%es D >ontrol Servi%es$ then toggle the +n swit%h next to >4)S( !o view the share on your *indows %omputer$ go to 2y >omputer$ then type your %omputer/s address li'e so3 \\$ip-address/$moun-name( +r$ you %an mount the share li'e a drive &y right-%li%'ing #2y >omputer# and %hoosing #2ap -etwor' 1rive(# !o view the share on your 2a% %omputer$ open )inder( You should see the share show up in 1$2 +.1+. A11.2DI34 Guide to Free2AS the le"t-hand side o" your "inder( 4" not$ go to the menu and %li%' Go D >onne%t to Server( !ype smb://$ip-address/$moun-name then %li%' +G( 'ther er)ices :ere is a .ui%' rundown o" other servi%es you might "ind use"ul on your )ree-0S implementation( !F83 !he proprietary system used to share "iles to 2a% and i+S systems( !(tie Dire(tory3 0llows you to use your )ree-0S server as an 01 server "or %onne%ted *indows ma%hines( Dyna"i( DAS3 Use this to %onne%t your )ree-0S server to a 1ynami% 1-S servi%e$ whi%h will allow an 4nternet-%onne%ted server without a stati% 4P address to always use the same domain name( FT83 Use your )ree-0S server as an )!P server "or the "iles it hosts( iSCSI3 >onne%t your )ree-0S server to an iS>S4 storage host( 1D!83 >onne%t your )ree-0S server as an L10P host$ and allow it to manage your share/s authenti%ation( 8)u'ins3 !his is an advan%ed "eature that %an allow you to use spe%ial plugins "or other servi%es li'e uPnP$ 100P$ torrents$ et%( !he "eature is still in &eta( -syn(3 Set up a )ree-0S share as a dedi%ated rsyn% "older "or automating "ile syn%hroni7ation &etween Linux %lients( SA%83 Use your )ree-0S server as an S-2P share$ "or monitoring the status o" other networ' devi%es( S.%.!.-.T.3 Use the S209! dis' reporting servi%e on your )ree-0S volumes to email you when your dis's are unhealthy or need to &e %he%'ed( SS73 0llow logins to your )ree-0S server via SS:( TFT83 <sta&lish a !)!P share with on your )ree-0S server( !)!P is a lightweight version o" )!P used "or minimal tas's li'e P,< networ' &oots( <8S3 >on"igure )ree-0S to wor' with a %onne%ted UPS power supply( %.1%.& + $urther 1eading )ree-0S 1o%umentation 1$7 +.1+. A11.2DI34 Guide to Free2AS
1$* +.1+. A11.2DI34 Guide to Free2AS The CitizenWeb Guides + Crash Courses ?.1 /a(&u* and 0n(ry*t Four Data &.1.1 + Bac5u! 5a%'ing up with Linux is easy( !he .ui%'est and simplest way to do it is to simply move your data into a !09 ar%hive( !his %an &e a%%omplished with the "ollowing %ommand3 ar cvzf archivename.ar.gz EILES !he #%v7"# is a%tually a list o" options$ whi%h means3 A%Breate an ar%hive$ print out the list o" "iles we want to %ompress AvBer&osely$ A7Bip up the ar%hive with g7ip$ and spe%i"y our own A"Bilename( 4" we want to &a%' up a dire%tory o" "iles$ we %an easily do that with3 ar cvzf archivename.ar.gz --direcory=/pah/o/fo1der/ . !his will %opy the %hosen "older/s %ontents to a new ar%hive in the %urrent "older( You %an easily use this to &a%'up individual "olders into ar%hives$ then move them to a di""erent drive or an o""site lo%ation( )or paranoid %ases$ you %an %hoose to &a%'up your entire system with3 ar cvzf ba'-sysem.ar.gz --direcory=/ . 9estoring "rom a &a%'up is simple3 ar xvzf archivename.ar.gz -C /pah/o/exrac/dir 2a'e sure that you set the proper lo%ation "or whatever data you want to restore( 1$< -.1 5a&$u/ and .n&ry/t 6our Data &.1.2 + ,ncr7!t "our Bac5u!s 4t is advisa&le that you en%rypt your &a%'ups &e"ore they leave your %omputer( !his is espe%ially true i" you wish to use a pu&li% &a%'up storage servi%e li'e tar&a%'up( You will need to de%ide upon a method "or en%ryption( You %an opt to enter a password ea%h time you wish to &a%'up or restore an ar%hive$ or you %an %hoose to 'eep a password stored in a "ile on your harddrive( !his isn/t the advisa&le option$ as it is less se%ure3 anyone who %an get their hands on your %omputer %an potentially "ind and de%rypt your &a%'ups i" they are stored elsewhere( :owever$ it %an &e help"ul "or automating your &a%'ups via a &ash s%ript Amore on that in a "uture guideB( !o en%rypt a &a%'up$ "irst %reate the !09 ar%hive as des%ri&ed a&ove( !hen use openssl to %reate your &a%'up( 4" you are using a password3 openss1 enc -aes-256-cbc -sa1 -in archivename.ar.gz -ou archivename.ar.gz.enc -pass pass:RASSWOR 4" you are using a password stored in a 'ey"ile3 echo RASSWOR > enc.'ey openss1 enc -aes-256-cbc -sa1 -in archivename.ar.gz -ou archivename.ar.gz.enc -pass fi1e:enc.'ey 0gain$ i" you are to 'eep this "ile around$ ta'e pre%autions to se%ure it8 0"ter the %ommand %ompletes$ your ar%hive "ile will &e en%rypted( 9emove the (tar(g7 "ile and store the (tar(g7(en% "ile as you need to( !o de%rypt the ar%hive$ run3 openss1 enc -d -aes-256-cbc -in archivename.ar.gz.enc -ou archivename.ar.gz -pass pass:RASSWOR 4" you are de%rypting with a "ile rather than with an entered password$ su&stitute #"ile3)4L<-02<# "or #pass3P0SS*+91#( 1$> -.1 5a&$u/ and .n&ry/t 6our Data &.1.% + )!tions /or 0toring Bac5u!s 5a%'ing up to !09 "iles is %onvenient &e%ause you have many di""erent storage options( 0"ter the !09 ar%hive is %reated andEor en%rypted$ you %an simply move it to whatever storage media you want( !his %an &e an external hard drive$ a 1=1$ another server or -0S drive$ et%( !here are also a "ew di""erent options "or storing tar-&ased &a%'ups online these days( !ar&a%'up(%om and !arsnap(%om are two su%h servi%es( You %an pay a low "ee to store your en%rypted &a%'ups on their high-%apa%ity servers$ ready "or download at a moment/s noti%e( 1/-