Monday, August 30, 2010

How To Set Up MySQL Database Replication With SSL Encryption On Debian Lenny

Follow me on Twitter
Last edited 08/18/2010

This tutorial describes how to set up database replication in MySQL using an SSL connection for encryption (to make it impossible for hackers to sniff out passwords and data transferred between the master and slave). MySQL replication allows you to have an exact copy of a database from a master server on another server (slave), and all updates to the database on the master server are immediately replicated to the database on the slave server so that both databases are in sync. This is not a backup policy because an accidentally issued DELETE command will also be carried out on the slave; but replication can help protect against hardware failures though.

I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

In this tutorial I will show how to replicate the database exampledb from the server server1.example.com (master) with the IP address 192.168.0.100 to the server server2.example.com (slave) with the IP address 192.168.0.101. Both systems are running Debian Lenny; however, the configuration should apply to almost all distributions with little or no modifications. The database exampledb with tables and data is already existing on the master, but not on the slave.

I'm running all the steps in this tutorial with root privileges, so make sure you're logged in as root.

 

2 Installing MySQL 5 And Enabling SSL Support

If MySQL 5 isn't already installed on server1 and server2, install it now:

server1/server2:

aptitude install mysql-server mysql-client

You will be asked to provide a password for the MySQL root user - this password is valid for the user root

Snom releases the 821 IP Phone that supports gigabit ethernet.

Snom technology AG, a leading developer and manufacturer of advanced voice over IP phones for enterprise and residential markets, announced today the launch of the snom 821, a new desktop Internet protocol (IP) phone with all the advanced functionality and interoperability of other snom 8xx series phones, as well as a new integrated gigabit switch.  In addition to the technological advancements to the phone, the snom 821 also comes in both light and dark colors, just like its big brother the snom 870. The snom 821 is expected to be fully available in the U.S. by the end of the second quarter.
"As desktop phones continue to migrate from being voice-centric devices to acting as complete dashboards for unified communications, the speed of application execution is becoming more and more critical," said Dr. Michael Knieling, Executive Vice President of Marketing and Sales for snom technology AG. "The addition of a gigabit switch came from customer requests, and we are very pleased that we were able to add innovation while keeping the same price point."

The snom 821 offers a large high-resolution TFT color display for brilliant depiction of call lists, phone directories, and caller information via the integrated XML browser. In addition, the phone's wideband technology captures more than double the frequency spectrum that a standard handset does, providing crystal clear sound quality.

As a business communications endpoint, the snom 821 features snom's industry-renowned firmware, allowing for robust security supported through secure integrated open VPN, TLS and SRTP, and high sound quality using the handset or the speaker function. The snom 821 also supports all of the leading SIP-based IP PBX and unified communications environments, including Microsoft Office Communications Server 2007 R2.

As with all of snom's desktop phones, the snom 821 also offers the necessary functionality for any business user, including features such as 5-way conferencing, multiple ringtones, and up to twelve different SIP identities.

The snom 821 and 870, as well as associated accessories such as the PA1 public address system, the MeetingPoint conference module, and the snom Vision sidecar, are designed to take the desktop business phone beyond its traditional position as a person-to-person voice communications device and make it a truly interactive and intelligent business communication device. Armed with full-color and touchscreen interfaces, web programmable ports, and a wide array of interoperable unified communications elements, the entire suite of next generation snom devices represents the future of desktop interaction.

 Source:  Snom Technologies AG

Sunday, August 29, 2010

Asterisk PBX 1.6.2.8 Now Available

The Asterisk Development Team has announced the release of Asterisk PBX 1.6.2.8.  This release is available for immediate download at:

http://downloads.asterisk.org/pub/telephony/asterisk/

The release of Asterisk 1.6.2.8 resolves several issues reported by the community, and would have not been possible without your participation.

The following are a few of the issues resolved by community developers:

 

Elektrobit Delivers Its Hardened VoIP Solution to Finnish Army

  Elektrobit has announced that its EB Tough VoIP system has been delivered to the Finnish Army, who will commence a series of field trials on the system during 2010 to evaluate its performance in varying military scenarios.

EB Tough VoIP will operate under demanding environmental conditions for the Army branch of the Finnish Defence Forces. It will work with the Finnish Army on various testing phases throughout this year “in order to ensure proper usage and meet system requirements.”

“With new components such as broadband data communications, enhanced voice over IP services, and advanced functions designed specifically for ground forces, the system provides significant levels of increased performance and operational capabilities,” as the company claims.

EB Tough VoIP can be used as a stand-alone system or the solution units EB Tough VoIP Terminal and the EB Tough VoIP Network Extender can be integrated to a customers' existing communications infrastructure. According to the company, the products can be leveraged in many ways, including:

Asterisk PBX 1.4.33.1 Released

The Asterisk Development Team has announced the release of Asterisk 1.4.33.1.  This release is available for immediate download at:

http://downloads.asterisk.org/pub/telephony/asterisk/

The release of Asterisk 1.4.33.1 resolves a regression involving the use of FXO signaling in chan_dahdi where a channel could continue ringing after it has been answered.

For a full list of changes in the current release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.4.33.1

Thank you for your continued support of Asterisk!

Asterisk libpri 1.4.11.3 Now Available

The Asterisk Development Team has announced the release of version 1.4.11.3 of libpri. This release is available for immediate download at:
http://downloads.asterisk.org/pub/telephony/libpri/

This release fixes a regression in the calling number assignment logic:

 

U.S. has 21 million VoIP subscribers according to FCC report

The U.S. Federal Communications Commission reports that there are 21 million VoIP subscriptions stateside, and that the vast majority of them are residential customers. But it didn't count Skype subscribers.

These figures were announced by the FCC to accompany the release of its highly detailed 31-page report, "Local Telephone Competition". The report, however, isn't exactly what you might call "fresh" — although it was released just last Friday, its data set ends on December 31, 2008.

Don't expect 2010 numbers to be higher than end-of-2008 numbers, however. In a report published earlier this year, analysts at the Dell'Oro group said the the VoIP market had suffered greatly in recent years due to the market meltdown, and was only beginning to recover — or even stabilize — in 2010.

The FCC's report come with one enormous caveat that it buries in a footnote: the stats don't include Skype subscribers, but only phone-to-phone communications that enable customers "to receive calls that originate on the public switched telephone network and to terminate calls to the public switched telephone network." This omission doesn't render the numbers meaningless — it just means that there's a lot more VoIPing going on than the FCC reports.

Click Here for Full Article

Cisco releases new tablet called Cisco Home Energy Controller for smart home market

 

Tablets or just gadgets in the broad sense that do our work is finally coming close to being a reality especially with the Cisco tablet that has been released recently. Seated at just one single area of the house, the tablet provides the user with complete control of all the other utility items in the house.

Named the Cisco Home Energy Controller, the tablet is an even more specialized product from Cisco that comes hot on the heels of the other tablet offering from the same company in the form of the Cius that has been built purely with a business scenario in mind.

This one is more focused towards monitoring the electricity usage of all the gadgets in the home from a single location while also suggesting means that will lead to optimum usage of electricity.The launch of the tablet can be seen as an extension of Cisco’s Home Energy Management Solution Suite which is a part of its Connected Grid portfolio of smart grid products as well as technologies that it had recently unveiled.

A 7 inch screen with a resolution of 800 x 480 forms the main display area of the tablet. The screen is capacitive and incorporates touch screen features. An Intel Atom processor with a clock speed of 1.1GHz provides the Home Energy Controller tablet with its computing power and runs the open source Linux operating system.

The way the tablet works is this: the tablet connects to smart thermostats and appliances via 802.11n WiFi or gigabit Ethernet connection so as to form a successful interconnected web. It then allows the user to view on its screen which device is consuming how much of power. Based on this, the tablet in turn will allow the user to decide which of the gadgets needed to be turned off or slowed down in order to save power. The device itself can suggest methods for optimum usage of power.

For instance, with the air conditioning on during summer, the lights can be dimmed a bit to conserve electricity and hence, save money. The appliances that need to be monitored also have to be compatible to this device. In any case, the Home Energy Controller is a far cry and a lot more sci-fi in comparison to the current practice of monitoring electricity usage by sensing the rotation of a thin disc inside a meter placed on the exterior of the house and rotates as per the power consumption that is taking place in the house.

“With its simple and elegant user interface, the Cisco Home Energy Controller is like a virtual energy assistant for consumers, giving them valuable information about, and more discretion over, their energy use,” says the general manager of Cisco Smart Grid, Paul Fulton.

But then, the Cisco Home Energy Controller is not only about saving electricity, for the tablet can also playback videos via Mediafly. Then there’s also a dedicated application store to pick up applications from while it is also rumored the tablet can be used for VoIP processes as well.

Price for installation is likely to be around $900 per installation at home though there are expectations the cost will drop down further with subsidies from power companies. And if there are federal tax credits, things can be even more juicy. But in any case, the cost should be offset by the reduction in power bill. So there are savings to be made whichever way you look at it.

Source

 

Saturday, August 28, 2010

Asterisk PBX 1.4.34 Now Available

The Asterisk Development Team has announced the release of Asterisk 1.4.34. This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/

The release of Asterisk 1.4.34 resolves several issues reported by the community and would have not been possible without your participation.  Thank you!

The following are a few of the issues resolved by community developers:

 

Asterisk PBX 1.6.2.10 Now Available

he Asterisk Development Team has announced the release of Asterisk PBX 1.6.2.10.  This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/

The release of Asterisk 1.6.2.10 resolves several issues reported by the community and would have not been possible without your participation.

The following are a few of the issues resolved by community developers:

 

Meet The 2600hz Project, The New Sound of Open Source Telephony

I really miss my Bluebox and the days then that would work.  Gotta love the $5 rRdbox from hallmark or the infamous Blotto Box that was no joke at all.  We salute you Captain Crunch!
 
Gigaom - Some of the core developers behind FreePBX — a well-known, open-source phone system — have teamed up and started The 2600hz Project, a commercial entity promoting a collection of open-source telephony applications and libraries. Today, they are releasing blue.box, a reworked version of open source FreePBX. The new venture is co-founded by Darren Schreiber and is also a subsidiary of newly formed VoIP Inc. The 2600hz Project received $250,000 in funding from an unnamed investor.

2600 Hz is the frequency that the phone companies used back in the day and was hacked by those seeking to make free long distance phone calls. In order to do so, one needed a device that generated the 2600 Hz tone, called the blue box. The new venture is an homage to that heritage.

From what I understand, the new company was formed after some disagreements between the FreePBX developers and the original backers of the project. FreePBX is a graphical user interface that sits on top of open-source telephony software such as Asterisk. FreePBX was promoted by Bandwidth.com.

Click Here to Continue Reading

Taiwan government authorities astounded at Intel WiMAX move

Intel’s announcement regarding its support on the WiMAX technology became very popular as the company’s decision affected the concerns of many people. According to the Taipei Times (one of the leading newspapers in Taiwan), a government official said that the authorities are trying to look at the possible consequences that the Intel move will have on both local WiMAX equipment producers and on its own scheme on LTE, which were already quite obvious.
Intel’s determination to regroup its attempts on WiMAX has forced the Taiwanese authorities to reconsider their stance on LTE, a long-running development, as the next 4G standard.

Over the past years, Taiwan has proved to be one of the strongest supporters of the WiMAX engineering science versus its major 4G rival, the LTE technology that is a long-running development. At present, Taiwanese firms are in full gear to distribute telecommunication equipment and electronics that back up WiMAX technology.

Government authorities are ordered to re-examine the state of the fourth-generation wireless (4G) policy through the end of this calendar month following Intel Corporation’s sudden move to break up the task force on WiMAX, an official said yesterday.

Click Here to Continue Reading

Wednesday, August 25, 2010

Using ATA Over Ethernet (AoE) On Ubuntu 10.04 (Initiator And Target)

Follow me on Twitter
Last edited 08/13/2010

This guide explains how you can set up an AoE target and an AoE initiator (client), both running Ubuntu 10.04. AoE stands for "ATA over Ethernet" and is a storage area network (SAN) protocol which allows AoE initiators to use storage devices on the (remote) AoE target using normal ethernet cabling. "Remote" in this case means "inside the same LAN" because AoE is not routable outside a LAN (this is a major difference compared to iSCSI). To the AoE initiator, the remote storage looks like a normal, locally-attached hard drive.

I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

I'm using two Ubuntu 10.04 servers here:

server1.example.com (Initiator): IP address 192.168.0.100 server2.example.com (Target): IP address 192.168.0.101

 

2 Loading The aoe Kernel Module On Both Systems server1/server2:

Before we start, we must make sure that the the kernel supports AoE:

grep ATA_OVER /boot/config-

Installing Nginx With PHP5 And MySQL Support On OpenSUSE 11.3

Follow me on Twitter
Last edited 08/05/2010

Nginx (pronounced "engine x") is a free, open-source, high-performance HTTP server. Nginx is known for its stability, rich feature set, simple configuration, and low resource consumption. This tutorial shows how you can install Nginx on an OpenSUSE 11.3 server with PHP5 support (through FastCGI) and MySQL support.

I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100. These settings might differ for you, so you have to replace them where appropriate.

 

2 Installing MySQL 5

First we install MySQL 5 like this:

yast2 -i mysql mysql-client mysql-community-server

Then we create the system startup links for MySQL (so that MySQL starts automatically whenever the system boots) and start the MySQL server:

chkconfig --add mysql
/etc/init.d/mysql start

Now check that networking is enabled. Run

netstat -tap

Integrating XCache Into PHP5 And Lighttpd (OpenSUSE 11.2)

Follow me on Twitter
Last edited 06/29/2010

This guide explains how to integrate XCache into PHP5 and lighttpd on an OpenSUSE 11.2 system. From the XCache project page: "XCache is a fast, stable PHP opcode cacher that has been tested and is now running on production servers under high load." It's similar to other PHP opcode cachers, such as eAccelerator and APC.

I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

I have tested this on an OpenSUSE 11.2 server with the IP address 192.168.0.100 where lighttpd and PHP5 are already installed and working (e.g. as shown in this tutorial: Installing Lighttpd With PHP5 And MySQL Support On OpenSUSE 11.2). I'll use lighttpd's default document root /srv/www/htdocs in this tutorial for demonstration purposes. Of course, you can use any other vhost as well, but you might have to adjust the path to the info.php file that I'm using in this tutorial.

 

2 Checking PHP5's Current State

First, before we install XCache, let's find out about our PHP5 installation. To do this, we create the file info.php in our document root /srv/www/htdocs:

vi /srv/www/htdocs/info.php

Afterwards, we call that file in a browser: http://192.168.0.100/info.php

As you see, we have PHP 5.3.2 installed...

Installing A Web, Email And MySQL Database Cluster (Mirror) On Debian 5.0 With ISPConfig 3

com>
Last edited 08/04/2010

This tutorial describes the installation of a clustered Web, Email, Database and DNS server to be used for redundancy, high availability and load balancing on Debian 5 with the ISPConfig 3 control panel. GlusterFS will be used to mirror the data between the servers and ISPConfig for mirroring the configuration files. I will use a setup of two servers here for demonstration purposes but the setup can scale to a higher number of servers with only minor modifications in the GlusterFS configuration files.

There is currently one limitation in the MySQL cluster setup. The MySQL daemon has locking problems during the initial innodb check when the second server gets started. The current workaround that I use here is to start MySQL with myisam only. I've found several reports of successfully running MySQL servers with innodb on GlusterFS, so it must be possible with some finetuning of the GlusterFS and / or MySQL configuration file to use innodb as well. I will try to find a solution for the locking issues and update this tutorial. If someone knows a solution for innodb on GlusterFS, please contact me. If you want to use the second server only as hot standby system, then you should be able to use innodb as long as you start MySQL on the second server only when the first server is disconnected.

This is currently a proof of concept setup, so there is no experience how this setup scales in production systems yet. The only part that might cause problems is the shared MySQL data directory. Another solution for accessing MySQL databases from several servers simultaneously is to use a MySQL-cluster setup (http://www.mysql.com/products/database/cluster/) or MySQL master / master replication (http://www.howtoforge.com/mysql_master_master_replication).

 

1 Setting Up The Two Base Systems

In this setup there will be one master server (which runs the ISPConfig control panel interface) and one slave server which mirrors the web (apache), email (postfix and dovecot) and database (MySQL) services of the master server.

To install the clustered setup, we need two servers with a Debian 5.0 minimal install. The base setup is described in the following tutorial in the steps 1 - 6:

http://www.howtoforge.com/perfect-server-debian-lenny-ispconfig3

Install only steps 1 - 6 of the perfect server tutorial and not the other steps as they differ for a clustered setup!

In my example I use the following hostnames and IP addresses for the two servers:

Master Server

Hostname: server1.example.tld
IP address: 192.168.0.105

Slave server

Hostname: server2.example.tld
IP address: 192.168.0.106

Whereever these hostnames or IP addresses occur in the next installation steps you will have to change them to match the IPs and hostnames of your servers.

 

2 Installing The Two Servers

The following steps have to be executed on the master and on the slave server. If a specific step is only for the master or slave, then I've added a note in the description in red.

vi /etc/hosts

127.0.0.1 localhost192.168.0.105 server1.example.tld192.168.0.106 server2.example.tld# The following lines are desirable for IPv6 capable hosts::1 localhost ip6-localhost ip6-loopbackfe00::0 ip6-localnetff00::0 ip6-mcastprefixff02::1 ip6-allnodesff02::2 ip6-allroutersff02::3 ip6-allhosts

Set the hostname of the server:

echo server1.example.tld > /etc/hostname
/etc/init.d/hostname.sh start

User server1.example.tld on the first server and server2.example.tld on the second server.

Edit the sources.list file...

vi /etc/apt/sources.list

... and ensure that it contains the following two lines. The first one is for the debian volatile repository to get updated pacakges for the ClamAV antivirus software and SpamAssassin and the second one is for the backports repository which contains current GlusterFS packages.

deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-freedeb http://www.backports.org/debian/ lenny-backports main contrib non-free

Run...

apt-get install debian-backports-keyring
apt-get update

... to install the backports repository key and update the apt package database; then run ...

apt-get upgrade

... to install the latest updates (if there are any).

It is a good idea to synchronize the system clock with an NTP (network time protocol) server over the Internet. Simply run...

apt-get -y install ntp ntpdate

... and your system time will always be in sync.

Install postfix, dovecot and mysql with one single command:

apt-get -y install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d sudo

Enter the new password for mysql when requested by the installer and answer the next questions as decsribed below:

Create directories for web-based administration ? <-- No
General type of configuration? <-- Internet site
Mail name? <-- server1.mydomain.tld
SSL certificate required <-- Ok

We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address

Installing Linux Integration Services v2.1 Hyper-V R2 On CentOS 5

Virtualization Introduction

When installed on a virtual machine that is running a supported Linux operating system, Linux Integration Services for Hyper-V provides the following functionality:

Driver support for synthetic devices: Linux Integration Services supports the synthetic network controller and the synthetic storage controller that were developed specifically for Hyper-V. Fastpath Boot Support for Hyper-V: Boot devices now take advantage of the block Virtualization Service Client (VSC) to provide enhanced performance. Timesync: The clock inside the virtual machine will remain synchronized with the clock on the host. Integrated Shutdown: Virtual machines running Linux can be shut down from either Hyper-V Manager or System Center Virtual Machine Manager, using the "Shut Down" command.
Symmetric Multi-Processing (SMP) Support: Supported Linux distributions can use up to 4 virtual processors (VP) per virtual machine.
1. Download Linux Integration Components v2.1

a. Download Linux Integration Components v2.1 from Microsoft Download site.

b. Extract the .exe file into a temp folder. You will need only LinuxIC v21.iso file.

c. Place the LinuxIC v21.iso file into your VM host server where you can mount the ISO as a CDROM for your Centon Virtual Machine.

 

2. Installation

You will need Development Tools installed to be able to compile the Integration Components. You could do that by running yum:

yum groupinstall "Development Tools"

NOTE: This command will try to use your network connection to download and if you used Synthetic Network Adapter for your Hyper-V machine you will not have internet connection. So make sure to install Development Tools during your Centos initial installation.

Now make sure you added LinuxIC v21.iso file to your Hyper-V CDROM as Image.

As the root user, mount the CD in the virtual machine by issuing the following commands at a shell prompt:

mkdir /mnt/cdrom
mount /dev/cdrom /mnt/cdrom

Copy Linux Integration Services to the virtual machine and unmount CDROM that no longer needed:

mkdir /opt/linux_ic_v21_rtm
cp

The Perfect Server - OpenSUSE 11.3 x86_64 [ISPConfig 2]

PHPSambaSecurityAnti-Spam/VirusStorageVirtualizationKVMOpenVZVMwareVirtualBoxXenOtherFreeBSDCommercialMini-HowtosForumsContributeSubscriptionLoginSite Map/RSS FeedsUser login Username:
Password:
Remember Me? Create a new account
Request new passwordWho's onlineThere are currently 7 users and 2302 guests online.HowtoForge Forumspure-ftpdSell all cc contry
, dob , fullz ,
BOA, track ...Sell all cc contry
, dob , fullz ,
BOA, track ...Where is
phpmyadminpre install
question RE:
interface IP
setup...transfering
nameservers: how
long does it take?Please
help>
Unknown setting:
mechanisms ...Configure php with
Zlib in Debian
Lenny 5.0How to disable
Email
functionalityPlease remove ZEN!NewsProof SCO Knew IBM Was Involved in Linux From 1998 OnwardSome lessons from Bruce SteinbergNo Steam For LinuxGoogle Chrome OS tablet in repeat rumorfestBordeaux 2.0.8 for FreeBSD and PC-BSD ReleasedMotorola Milestone XT720 reviewTaking a Long Look at Salix OS 13.1.1 (DistroWatch Weekly #368)Matterhorn: Open source lecture recording toolHP confirms WebOS tablet for 2011Why this Linux Fan roots for MeeGo - not AndroidmoreRecent commentsHi, great tutorial. But i
1 day 13 hours agozlib change version
1 day 17 hours agoRe: Thx for this tutorial, good
2 days 3 hours agoThank you very very very
2 days 4 hours agoClamd cpu 100%
2 days 8 hours agoThanks!
2 days 10 hours agoGreat, thanks
2 days 11 hours agoRe: SQL Sever part
2 days 14 hours agoLDAP
2 days 14 hours agoI am using on my site
2 days 20 hours agoNewsletterSubscribe to HowtoForge Newsletter
and stay informed about our latest HOWTOs and projects.(To unsubscribe from our newsletter, visit this link.)Syndicate

Tuesday, August 24, 2010

Chrooting Apache2 With mod_chroot On Ubuntu 10.04

Follow me on Twitter
Last edited 06/15/2010

This guide explains how to set up mod_chroot with Apache2 on an Ubuntu 10.04 system. With mod_chroot, you can run Apache2 in a secure chroot environment and make your server less vulnerable to break-in attempts that try to exploit vulnerabilities in Apache2 or your installed web applications.

I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

I'm assuming that you have a running Ubuntu 10.04 system with a working Apache2, e.g. as shown in this tutorial: The Perfect Server - Ubuntu Lucid Lynx (Ubuntu 10.04)

Using iSCSI On Ubuntu 10.04 (Initiator And Target)

Follow me on Twitter
Last edited 05/11/2009

This guide explains how you can set up an iSCSI target and an iSCSI initiator (client), both running Ubuntu 10.04. The iSCSI protocol is a storage area network (SAN) protocol which allows iSCSI initiators to use storage devices on the (remote) iSCSI target using normal ethernet cabling. To the iSCSI initiator, the remote storage looks like a normal, locally-attached hard drive.

I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

I'm using two Ubuntu 10.04 servers here:

server1.example.com (Initiator): IP address 192.168.0.100 server2.example.com (Target): IP address 192.168.0.101

Because we will run all the steps from this tutorial with root privileges, we can either prepend all commands in this tutorial with the string sudo, or we become root right now by typing

sudo su

 

2 Setting Up The Target (server2)server2:

First we set up the target (server2):

aptitude install iscsitarget

Open /etc/default/iscsitarget...

vi /etc/default/iscsitarget

... and set ISCSITARGET_ENABLE to true:

ISCSITARGET_ENABLE

How To Configure The AIDE (Advanced Intrusion Detection Environment) File Integrity Scanner For Your Website

Security

A file integrity scanner is something you need to have.  Imagine a hacker placing a backdoor on your web site, or changing your order form to email him a copy of everyone's credit card while leaving it appear to be functionally normally.

By setting up daily reporting, this notifies you within, at most, 24 hours of when any file was changed, added, or removed.  It also helps establish an audit trail in the event your site is compromised.

These instructions are designed for an end user, where you don't need to have root access, to implement and assumes your server has the aide binary installed.  Most hosts will have this installed already, or will install it for you upon request.

 

Step 1: Download A Sample AIDE config file

We will start with a simple one, this will scan your web root directory for md5 hash changes.

To download the file, SSH into your account and run:

$ wget securehostingdirectory.com/aide.conf

What you will want to change in this file, is replace "username" on the first line, and confirm that is the path to your root directory.

Then on the last line, confirm that public_html is your web root directory.  If your host uses the cPanel control panel, then public_html is your web root.

 

Step 2: Initialize the AIDE database

The command to initialize the AIDE database is:

$ nice -19 aide --init --config

Installing A Multiserver Setup With Dedicated Web, Email, DNS And MySQL Database Servers On Debian 5.0 With ISPConfig 3

com>
Last edited 08/10/2010

This tutorial describes the installation of an ISPConfig 3 multiserver setup with dedicated web, email, database and two DNS servers all managed trough a single ISPConfig 3 control panel. The setup described below uses five servers and can be extended easily to to a higher number of servers by just adding more servers. E.g. if you want to have two mailservers, do the setup steps from chapter 2 on both of these servers. If you want to set up more web servers, then install ISPConfig on all other web servers in expert mode except of the first one.

 

1 Installing The Five Debian Base Systems

In this setup there will be one master server (which runs the web server and ISPConfig control panel interface) and four slave servers for database, email and DNS.

To install the clustered setup, we need five servers (or virtual servers) with a Debian 5.0 minimal install. The base setup is described in the following tutorial in the steps 1 - 6:

http://www.howtoforge.com/perfect-server-debian-lenny-ispconfig3

Install only steps 1 - 6 of the perfect server tutorial and not the other steps as they differ for a clustered setup!

In my example I use the following hostnames and IP addresses for the five servers:

Web Server

Hostname: web.example.tld
IP address: 192.168.0.105

Mail Server

Hostname: mail.example.tld
IP address: 192.168.0.106

DB Server

Hostname: db.example.tld
IP address: 192.168.0.107

DNS Server (primary)

Hostname: ns1.example.tld
IP address: 192.168.0.108

DNS Server (secondary)

Hostname: ns2.example.tld
IP address: 192.168.0.109

Whereever these hostnames or IP addresses occur in the next installation steps you will have to change them to match the IP's and hostnames of your servers.

 

2 Installing The Web Server

Edit the hosts file and add the IP addresses and hostnames for all servers. The hostnames and IP addresses have to be adjusted to match your setup.

vi /etc/hosts

127.0.0.1 localhost192.168.0.105 web.example.tld192.168.0.106 mail.example.tld192.168.0.107 db.example.tld192.168.0.108 ns1.example.tld192.168.0.109 ns2.example.tld # The following lines are desirable for IPv6 capable hosts::1 localhost ip6-localhost ip6-loopbackfe00::0 ip6-localnetff00::0 ip6-mcastprefixff02::1 ip6-allnodesff02::2 ip6-allroutersff02::3 ip6-allhosts

Set the hostname of the server:

echo web.example.tld > /etc/hostname
/etc/init.d/hostname.sh start

Edit the sources.list file...

vi /etc/apt/sources.list

... and ensure that it contains the following line to enable the volatile repository.

deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free

Run...

apt-get update

... to update the apt package database; then run...

apt-get upgrade

... to install the latest updates (if there are any).

It is a good idea to synchronize the system clock with an NTP (network time protocol) server over the Internet. Simply run...

apt-get -y install ntp ntpdate

... and your system time will always be in sync.

Install the MySQL server. A MySQL server instance is necessary on every server as ISPConfig uses it to sync the configuration between the servers.

apt-get -y install mysql-client mysql-server

Enter the new password for MySQL when requested by the installer.

We want MySQL to listen on all interfaces on the master server, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address

How To Set Up A Webgui Based Print Server On Ubuntu Server Using SWAT, CUPS, And SAMBA

Samba

This how-to describes the process of setting up an intranet based print server using Ubuntu server. By using CUPS SAMBA and SWAT the final product is a webgui based solution to a headless print server.

This How-to has been cobbled together from assorted other how-tos and forums by me after recording as best I could the method I used after googling the various problems I had along the way. It is primarily based on

http://ubuntuforums.org/showthread.php?t

Installing And Using OpenVZ On Ubuntu 10.04

Follow me on Twitter
Last edited 08/18/2010

In this HowTo I will describe how to prepare an Ubuntu 10.04 server for OpenVZ. With OpenVZ you can create multiple Virtual Private Servers (VPS) on the same hardware, similar to Xen and the Linux Vserver project. OpenVZ is the open-source branch of Virtuozzo, a commercial virtualization solution used by many providers that offer virtual servers. The OpenVZ kernel patch is licensed under the GPL license, and the user-level tools are under the QPL license.

This howto is meant as a practical guide; it does not cover the theoretical backgrounds. They are treated in a lot of other documents in the web.

This document comes without warranty of any kind! I want to say that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

I'm using an x86_64 (amd64) system here. If you are on an i386 system, a few commands will be slightly different - I have added annotations to that parts.

 

2 Become root

Type

sudo su

to become root (or prepend all commands in this tutorial with the string sudo).

 

3 Change The Default Shell

/bin/sh is a symlink to /bin/dash, however we need /bin/bash, not /bin/dash. Therefore we do this:

dpkg-reconfigure dash

Install dash as /bin/sh? <-- No

 

 

4 Disable AppArmor

AppArmor is a security extension (similar to SELinux) that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only AppArmor was causing the problem). Therefore I disable it.

We can disable it like this:

/etc/init.d/apparmor stop
update-rc.d -f apparmor remove
apt-get remove apparmor apparmor-utils

 

5 Installing OpenVZ

Unfortunately there are no OpenVZ packages in the official Ubuntu 10.04 repositories, therefore we have to build the OpenVZ kernel and the OpenVZ tools (vzctl, vzquota, vzpkg) ourselves.

First, run

uname -r

to find out your currently installed kernel version:

root

Monday, August 23, 2010

VMware Server 2.0.2-x On Ubuntu Server 10.04 With VMware Remote Console Plug-in

Virtualization

Today I will tell you how to set up a new Ubuntu 10.04 server which runs VMware server 2.0.2-x and the VMware Remote Console Plug-in.

My box:

CPU: Intel(R) Celeron(R) D CPU 3.06GHz, 1 core
Memory: 2GB
CD-ROM

Firefox 3.6 can not run the VMware Remote Console. On the client, I use Chrome to build virtual machines, then I use the VMware Remote Console Plug-in to run them.

We have four steps:

Step one: Set up a new box running Ubuntu server.
Step two: Register, download, patch, and install VMware.
Step three: Create virtual machines.
Step four: Control remote virtual machines with the VMware Remote Console Plug-in from a client.

 

Step one: Set up a new box running Ubuntu server

Very easy. If you don't know, look at: http://www.howtoforge.com/perfect-server-ubuntu-10.04-lucid-lynx-ispconfig-3.

After the setup, reboot the box.

Log in and activate the root account:

sudo passwd root

Type in the password for root, I choose: 111111

Log out then log in as root and later we do everything as root, too.

Upgrade the box:

apt-get update
apt-get upgrade -y

Install gcc:

apt-get install -y gcc

Configure a static IP address (I use 192.168.1.75 here):

nano /etc/network/interfaces

Delete everything and replace with:

# This file describes the network interfaces available on your system# and how to activate them. For more information, see interfaces(5).# The loopback network interfaceauto loiface lo inet loopback # The primary network interfaceauto eth0iface eth0 inet static address 192.168.1.75 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.1

Edit /etc/resolv.conf:

nano /etc/resolv.conf

Delete everything and replace with (make sure you use a valid nameserver; in this example I use 192.168.1.1, my router, which runs a nameserver as well):

nameserver 192.168.1.1

Reboot the box:

reboot

 

Step two: Register, download, patch, install VMware

Log on as root and create /root/vm:

mkdir /root/vm
cd /root/vm

To download VMware, you have to register at: https://www.vmware.com/tryvmware/?p