Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Ubuntu Server Configuration

    Hochgeladen von

    Rakesh K. Das
    22 Ansichten8 Seiten
    Uploaded from Google Docs

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Verfügbare Formate

    DOC, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    Uploaded from Google Docs

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als DOC, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    22 Ansichten8 Seiten

    Ubuntu Server Configuration

    Hochgeladen von

    Rakesh K. Das
    Uploaded from Google Docs

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als DOC, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 8

    Ubuntu Server useful configurations

    Networking
    Ethernet:
    Configuration file : /etc/network/interfaces no Ethernet devices : auto lo iface lo inet loopback address 127.0.0.1 netmask 255.0.0.0 one Ethernet device, eth0, connected with a DHCP server auto eth0 iface eth0 inet dhcp Ethernet device eth0 with a static IP address iface eth1 inet static address 192.168.0.2 netmask 255.255.255.0 gateway 192.168.0.1 DNS configuration in /etc/resolv.conf search example.com nameserver 192.168.0.1 nameserver 4.2.2.2

    DHCP Server:
    Installation : sudo apt-get install dhcp3-server daemeon:dhcpd configuration file : /etc/dhcp3/dhcpd.conf default-lease-time 600; max-lease-time 7200; option subnet-mask 255.255.255.0; option broadcast-address 192.168.1.255; option routers 192.168.1.254; option domain-name-servers 192.168.1.1, 192.168.1.2; option domain-name "mydomain.example"; subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.10 192.168.1.100; range 192.168.1.150 192.168.1.200; }

    DNS
    Installation:

    sudo apt-get install bind9 sudo apt-get install dnsutils configuration file : /etc/bind/named.conf /etc/bind/named.conf.options /etc/bind/named.conf.local database files : /etc/bind/ root dns conf file : /etc/bind/db.root

    Caching nameserver :
    Edit /etc/bind/named.conf.options forwarders { 1.2.3.4; 5.6.7.8; };

    Primary DNS :
    Edit /etc/bind/named.conf.local zone "example.com" { type master; file "/etc/bind/db.example.com"; }; zone "1.168.192.in-addr.arpa" { type master; notify no; file "/etc/bind/db.192"; }; Create the db file from the default file for forward lookup zone: sudo cp /etc/bind/db.local /etc/bind/db.example.com $TTL 604800 @ IN SOA ns.example.com. root.example.com. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS ns.example.com. @ IN A 192.168.1.10 ns IN A 192.168.1.10 Create the db file from the default file for reverse lookup zone: sudo cp /etc/bind/db.127 /etc/bind/db.192 $TTL 604800 @ IN SOA ns.example.com. root.example.com. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire

    ; @ 10

    604800 ) IN IN NS PTR ns. ns.example.com.

    ; Negative Cache TTL

    Secondary DNS
    Edit /etc/bind/named.conf.local zone "example.com" { type slave; file "db.example.com"; masters { 192.168.1.10; }; }; zone "1.168.192.in-addr.arpa" { type slave; file "db.192"; masters { 192.168.1.10; }; }; Restarting the server sudo /etc/init.d/bind9 restart

    Apache
    Installation sudo apt-get install apache2 default Configuration File : /etc/apache2/apache2.conf config files for default virtualhosts : /etc/apache2/sites-available/default sudo /etc/init.d/apache2 restart apache modules : install mysql module sudo apt-get install libapache2-mod-auth-mysql see in /etc/apache2/mods-available/ enabling /disabling modules a2enmod ssl a2dismod sll see in /etc/apache2/mods-enabled/

    working with php install php module sudo apt-get install php5 libapache2-mod-php5 install php5-mysql module sudo apt-get install php5-mysql

    Squid
    Installation : sudo apt-get install squid configuration file : /etc/squid/squid.conf http_port 8888 visible_hostname weezie acl biz_network src 10.1.42.0/24 acl biz_hours time M T W T F 9:00-17:00 http_access allow biz_network biz_hours

    FTP
    Installation: sudo apt-get install vsftpd configuration file : /etc/vsftpd.conf useful settings : anonymous_enable=NO local_enable=YES write_enable=YES anon_upload_enable=YES restarting server sudo /etc/init.d/vsftpd start

    NFS
    Installation sudo apt-get install nfs-kernel-server configuration file : /etc/exports /share *(ro,sync,no_root_squash) /home 192.168.1.0/24(rw,sync,no_root_squash) Restarting server sudo /etc/init.d/nfs-kernel-server start

    CUPS
    Installation: sudo apt-get install cupsys configuration file: /etc/cups/cupsd.conf restarting Service: sudo /etc/init.d/cupsys restart

    Samba
    Installation sudo apt-get install samba configuration file: /etc/samba/smb.conf workgroup = EXAMPLE security = user [share] comment = Ubuntu File Server Share path = /srv/samba/share browsable = yes guest ok = yes read only = no create mask = 0755 restarting service sudo /etc/init.d/samba restart to sync system users with samba users, install libpam-smbpass and allow only users : sudo apt-get install libpam-smbpass in /etc/samba/smb.conf under [share] entry guest ok = no

    Postfix
    Installation sudo apt-get install postfix to configure from a interface sudo dpkg-reconfigure postfix [use these value : Internet Site mail.example.com steve mail.example.com, localhost.localdomain, localhost No 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0/24 0 +

    all ] Make maildir type mail directory chaning default mbox format: sudo postconf -e 'home_mailbox = Maildir/' Configure Postfix for SMTP-AUTH using SASL (Dovecot SASL): sudo postconf -e 'smtpd_sasl_type = dovecot' sudo postconf -e 'smtpd_sasl_path = private/auth-client' sudo postconf -e 'smtpd_sasl_local_domain =' sudo postconf -e 'smtpd_sasl_security_options = noanonymous' sudo postconf -e 'broken_sasl_auth_clients = yes' sudo postconf -e 'smtpd_sasl_auth_enable = yes' sudo postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination' sudo postconf -e 'inet_interfaces = all' configure the digital certificate for TLS: openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024 chmod 600 smtpd.key openssl req -new -key smtpd.key -out smtpd.csr sudo openssl x509 -req -days 365 -in smtpd.csr -signkey smtpd.key -out smtpd.crt openssl rsa -in smtpd.key -out smtpd.key.unencrypted mv -f smtpd.key.unencrypted smtpd.key openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650 sudo mv smtpd.key /etc/ssl/private/ sudo mv smtpd.crt /etc/ssl/certs/ sudo mv cakey.pem /etc/ssl/private/ sudo mv cacert.pem /etc/ssl/certs/ Configure Postfix to provide TLS encryption for both incoming and outgoing mail: sudo postconf -e 'smtpd_tls_auth_only = no' sudo postconf -e 'smtp_use_tls = yes' sudo postconf -e 'smtpd_use_tls = yes' sudo postconf -e 'smtp_tls_note_starttls_offer = yes' sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/smtpd.key' sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt' sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem' sudo postconf -e 'smtpd_tls_loglevel = 1' sudo postconf -e 'smtpd_tls_received_header = yes' sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s' sudo postconf -e 'tls_random_source = dev:/dev/urandom' sudo postconf -e 'myhostname = mail.example.com' restart the service sudo /etc/init.d/postfix restart

    Configuring SASL
    sudo apt-get install dovecot-common

    configuration file : /etc/dovecot/dovecot.conf socket listen { #master { # Master socket provides access to userdb information. It's typically # used to give Dovecot's local delivery agent access to userdb so it # can find mailbox locations. #path = /var/run/dovecot/auth-master #mode = 0600 # Default user/group is the one who started dovecot-auth (root) #user = #group = #} client { # The client socket is generally safe to export to everyone. Typical use # is to export it to your SMTP server so it can do SMTP AUTH lookups # using it. path = /var/spool/postfix/private/auth-client mode = 0660 user = postfix group = postfix } } Restarting the server : sudo /etc/init.d/dovecot restart

    Dovecot
    Installation: sudo apt-get install dovecot-imapd dovecot-pop3d configuration file : /etc/dovecot/dovecot.conf protocols = pop3 pop3s imap imaps mail_location = maildir:~/Maildir # (for maildir) or mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox) restart the service sudo /etc/init.d/dovecot restart

    SSL Configuration
    ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key ssl_disable = no disable_plaintext_auth = no

    SSH
    Installation sudo apt-get install openssh-client

    sudo apt-get install openssh-server Configuration file: /etc/ssh/sshd_config Useful settings: Port 2222 PubkeyAuthentication yes Banner /etc/issue.net Restarting the services sudo /etc/init.d/ssh restart without password login using key files: ssh-keygen -t dsa the public key is saved in the file ~/.ssh/id_dsa.pub, while ~/.ssh/id_dsa is the private key. copy the id_dsa.pub file to the remote host and appended it to ~/.ssh/authorized_keys2 cat id_dsa.pub >> .ssh/authorized_keys2

    Das könnte Ihnen auch gefallen