Ultimate Server Jaunty Customization

From

Revision as of 01:24, 28 September 2010 by Perspectoff (Talk | contribs)
(diff) ← Older revision | Current revision (diff) | Newer revision → (diff)
Jump to: navigation, search

These instructions ought to be followed for every installation method of the Ultimate Server Jaunty, except when installing using the step-by-step walkthrough. When completed, a reasonably secure installation will have been achieved. The steps are meant to be done in order, because some later steps are dependent on earlier steps. These steps should take about 30 minutes to perform.

Contents

Enable BIOS power-up

  • Change the computer's BIOS settings so that after a power failure the computer will automatically powerup and restart to the default OS. (This is important for servers.) At bootup, enter the BIOS menu using whichevever key is appropriate for your computer's BIOS:
[F2], [F1], [F10], or [DEL] -> Power Management Setup -> PowerOn After Pwr-Fail: On -> Save -> Reboot

Set networking parameters

  • Set the static IP address for your server. If your computer already has a static LAN IP address assigned on your network, use it. Otherwise choose a static LAN IP address that (preferably) is not part of the DHCP address range used by your router (or DHCP server).
sudo gedit /etc/network/interfaces
and edit the lines to resemble:
# iface eth0 inet dhcp
#
iface eth0 inet static
address 192.168.0.99
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
and restart networking:
sudo /etc/init.d/networking restart

Obtain an Internet URL

  • Email:
Email address: myjaunty.userid00@mail.com Password: myjauntyword000 DOB: 1/1/01 Favorite question: securityquestionanswer
How to change:
Mail.com -> Sign in (email address/password) -> Settings -> Accounts -> Change your Mail.com password -> Password: click here to change password
Note: These are examples only. You must obtain your own account and password to use with the system. You can use a pre-established email account or create a new one at Mail.com, Gmail, or Yahoo Mail.
  • Dynamic DNS:
ID: myjauntydnsid Password: myjauntydnsword Email: myjaunty.userid00@mail.com
How to change:
DynDNS.com -> Log in (Username/Password) -> Account Settings: Change Password
Note: These are examples only. You must obtain your own account and password to use with the system. While Dynamic DNS services are available and can be used, the walkthrough instructions refer to DynDNS.com. Decide on a naming scheme for your servers. The installation walkthrough uses myjaunty00.dyndns.org, myjauntybbb00.dyndns.org, myjauntymoodle00.dyndns.org, myjauntywiki00.dyndns.org, myjauntycalendar00.dyndns.org, and myjauntyweb00.dyndns.org, but (obviously) these cannot be used for your system.
DynDNS.com allows the creation five free domain name URLs, so choose your naming scheme carefully and then create/activate the 5 URLs for your system at DynDNS.com. For example:
clarkkent.dyndns.org, clarkkentbbb.dyndns.org, clarkkentmoodle.dyndns.org, clarkkentwiki.dyndns.org, clarkkentcalendar.dyndns.org, and clarkkentweb.dyndns.org.

Configure ddclient

  • Edit the ddclient configuration file (mandatory):
sudo gedit /etc/ddclient.conf
so that it resembles:
# Configuration file for ddclient generated by debconf
#
# /etc/ddclient.conf
#
daemon=3600
ssl=yes
use=web, web=checkip.dyndns.com/, web-skip='IP Address'
pid=/var/run/ddclient.pid
protocol=dyndns2
#use=if, if=eth0
server=members.dyndns.org
login=clarkkent
password=' kryptonite '
# clarkkent.dyndns.org,clarkkentbbb.dyndns.org,clarkkentmoodle.dyndns.org,clarkkentwiki.dyndns.org,clarkkentweb.dyndns.org
clarkkent.dyndns.org,clarkkentbbb.dyndns.org,clarkkentmoodle.dyndns.org,clarkkentwiki.dyndns.org,clarkkentcalendar.dyndns.org
Clearly you must use your own login ID and password (created during signup at DynDNS.com), and replace the server URL names with the ones that match your naming scheme (and which you activated at DynDNS.com).

Change important passwords

  • System:
ID: jauntyadmin00 Password: jauntyword00
How to change (mandatory):
sudo passwd jauntyadmin00
  • System guest:
ID: myjaunty00guest Password: myjauntyguestpassword
How to change (mandatory):
sudo passwd myjaunty00guest
  • MySQL
ID: root Password: jauntysql00
How to change (recommended):
mysqladmin -u root --password=jauntysql00 password newrootsqlpw
If you have lost the MySQL root user password entirely, then see this solution.

Customize BigBlueButton

  • Customize BigBlueButton:

If your chosen URL for the BigBlueButton is clarkkentbbb.dyndns.org, for example, then

sudo bbb-conf --setip clarkkentbbb.dyndns.org:81
sudo bbb-conf --clean
  • Although optional, I highly recommend creating a new security salt (UUID) for BigBlueButton. See these instructions.
  • Edit the menu item/shortcut to the BBB server:
Clark Kent's BigBlueButton (Teleconferencing) -- firefox http://clarkkentbbb.dyndns.org:81
  • Make sure your router forwards ports 81, 9123, and 1935 to your server's LAN IP address.

Customize Moodle

  • Customize Moodle:
  • Edit the Apache2 virtual host configuration file for the Moodle Server:
sudo gedit /etc/apache2/sites-available/moodlevirtualhost
so that the contents resemble:
<VirtualHost *:80>
ServerAdmin clarkkent@mail.com
#
DocumentRoot /usr/share/moodle/
ServerName clarkkentmoodle.dyndns.org
ServerAlias www.clarkkentmoodle.dyndns.org clarkkentmoodle.dyndns.org
#RewriteEngine On
#RewriteOptions inherit
</VirtualHost>
Activate the new virtual host configuration:
sudo /etc/init.d/apache2 restart
  • Edit the Moodle configuration file:
sudo gedit /etc/moodle/config.php
so that the FQDN (in this case the URL) is correctly noted:
$CFG->wwwroot = 'http://clarkkentmoodle.dyndns.org/moodle';
  • Login to the server (http://clarkkentmoodle.dyndns.org) and change the primary admin password (and create a new user/password if desired):
ID: myjaunty00admin Password: myjaunty00word
How to change (mandatory):
Moodle -> Login (using ID/Password) -> Site Administration: Accounts: Browse List of Users
-> MyJaunty Admin -> Change password
  • Edit the menu item/shortcut to the Moodle server:
Clark Kent's Moodle (Online Teaching) -- firefox http://clarkkentmoodle.dyndns.org

Customize MediaWiki

  • Customize MediaWiki:
  • Edit the Apache2 configuration file (e.g. /etc/apache2/sites-available/wikivirtualhost):
sudo gedit /etc/apache2/sites-available/wikivirtualhost
so that the lines are similar to:
<VirtualHost *:80>
UseCanonicalName off
#
DocumentRoot /var/www/Wikis
DirectoryIndex index.php index.html
#
ServerName clarkkentwiki.dyndns.org
ServerAlias *.clarkkentwiki.dyndns.org
# 
RewriteEngine On
RewriteCond %{REQUEST_URI}  !^private*
RewriteCond %{REQUEST_URI}  !^public*
RewriteRule   ^/(/.*|)$  /public/$1  [R]
#
<Directory /var/www/Wikis>
Options Indexes FollowSymLinks MultiViews
Options FollowSymLinks MultiViews
#AllowOverride None
Order allow,deny
allow from all
</Directory>
# 
</VirtualHost>
Activate the new virtual host configuration:
sudo /etc/init.d/apache2 restart
Change the password for each wiki individually by logging in separately (http://clarkkent.dyndns.org/public and http://clarkkent.dyndns.org/private). The ID and password are initially the same for both wikis (but this obviously can be changed).
ID: myjaunty00admin Password: myjaunty00word
How to change (mandatory for each wiki):
MediaWiki -> Login (using ID/Password) -> my preferences -> Change password
  • Edit the menu items / shortcuts to the Wiki(s):
  • Clark Kent's Wiki (Public) (MediaWiki) -- firefox http://clarkkentwiki.dyndns.org
and
  • Clark Kent's Wiki (Private) (MediaWiki) -- firefox http://clarkkentwiki.dyndns.org/private

Customize Drupal

  • Customize the Drupal6 website(s):
  • Rename the website folders to correspond to your chosen URL naming scheme. For example:
sudo mv /etc/drupal/6/sites/myjaunty00.dyndns.org /etc/drupal/6/sites/clarkkent.dyndns.org
sudo mv /etc/drupal/6/sites/myjauntyweb00.dyndns.org /etc/drupal/6/sites/clarkkentweb.dyndns.org
  • Edit the virtual host file for the new sites:
sudo gedit /etc/apache2/sites-available/drupal6virtualhost
so that it resembles:
#
# Virtual hosting configuration for Drupal6
#
#
<VirtualHost *:80>
ServerAdmin clarkkent@mail.com
#
DocumentRoot /usr/share/drupal6/
ServerName clarkkent.dyndns.org
ServerAlias *.clarkkent.dyndns.org clarkkent.dyndns.org
RewriteEngine On
RewriteOptions inherit
</VirtualHost>
#
<VirtualHost *:80>
ServerAdmin clarkkent@mail.com
#
DocumentRoot /usr/share/drupal6/
ServerName clarkkentweb.dyndns.org
ServerAlias *.clarkkentweb.dyndns.org clarkkentweb.dyndns.org
RewriteEngine On
RewriteOptions inherit
</VirtualHost>
Activate the new virtual host configuration:
sudo /etc/init.d/apache2 restart
  • Edit the cron task so that it reflects the new URLs correctly:
sudo crontab -e

And edit the lines (with the nano editor, or the one you prefer) so that they resemble:

45 * 18 * * /usr/bin/wget -O - -q -t 1 http://clarkkent.dyndns.org/cron.php
45 * 19 * * /usr/bin/wget -O - -q -t 1 http://clarkkentweb.dyndns.org/cron.php
  • Login to each website individually (http://clarkkent.dyndns.org and http://clarkkentweb.dyndns.org) and adjust the admin user password and the Theme settings. (Until you adjust the Theme settings, the graphics will not display properly).
ID: myjaunty00admin Password: myjaunty00word
How to change (mandatory):
Drupal6 -> Login (using ID/Password) -> My account -> Edit -> Password
change the Theme settings:
Drupal6 -> Administer -> Site building -> Themes -> Garland: configure -> Path to custom logo: sites/clarkkent.dyndns.org/WebLogo.png
(Use clarkkentweb.dyndns.org when customizing the other website, obviously.)
update the websites:
http://clarkkent.dyndns.org/update.php
http://clarkkentweb.dyndns.org/update.php

Note: DynDNS only allows 5 free URLs. If you have activated clarkkentcalendar.dyndns.org as the 5th URL, you will not be able to connect through the web to clarkkentweb.dyndns.org. However, it is possible to deactivate a URL on DynDNS, create/activate a new URL, go through the customization steps using the activated URL, then deactivate that URL (if is no longer desired) and reactivate the (previously deactivated) desired one(s).

  • Edit the menu items / shortcuts to the Drupal Website(s):
  • Clark Kent's Website (Public) (Drupal) -- firefox http://clarkkent.dyndns.org
and
  • Clark Kent's Website (Private) (Drupal) -- firefox http://clarkkentweb.dyndns.org

Customize DAViCal

  • Customize the DAViCal Group Calendar:
  • Rename the configuration file to correspond to your chosen URL naming scheme. For example:
sudo mv /etc/davical/myjauntycalendar00.dyndns.org-conf.php /etc/davical/clarkkentcalendar.dyndns.org-conf.php
  • Edit the virtualhost config file:
sudo gedit /etc/apache2/sites-available/mydavicalsite
so that these lines resemble:
#
# Virtual Host def for Debian package DAViCal
<VirtualHost *:80>
 DocumentRoot /usr/share/davical/htdocs
 DirectoryIndex index.php index.html
 ServerName clarkkentcalendar.dyndns.org
 ServerAlias calendar.clarkkent.dyndns.org
 Alias /images/ /usr/share/davical/htdocs/images/
 <Directory /usr/share/davical/htdocs/>
     AllowOverride None
     Order allow,deny
     Allow from all
 </Directory>
 php_value include_path /usr/share/awl/inc
 php_value magic_quotes_gpc 0
 php_value register_globals 0
 php_value open_basedir 1
 php_value error_reporting "E_ALL & ~E_NOTICE"
 php_value default_charset "utf-8"
</VirtualHost>
Activate the new virtual host configuration:
sudo /etc/init.d/apache2 restart
  • Login to the calendar server (http://clarkkentcalendar.dyndns.org) and change the admin password.
ID: myjaunty00admin Password: myjaunty00word
How to change (mandatory):
DAViCal Admin webpage -> login (User Name/Password) -> User Functions: List Users
-> myjaunty00admin -> Confirm password: (enter new password) -> Apply changes

Adjust SSH for remote connections

  • Adjust SSH for remote connections
The usual default SSH port is 22, but in the Ultimate Server this has been changed to port 22199. You can change it again, if you choose. Make sure your router forwards traffic for the chosen port to your computer's LAN IP address (as set above).
sudo gedit /etc/ssh/sshd_config
change the listening port:
Port 22199
then restart the OpenSSH server:
sudo /etc/init.d/ssh restart
  • Make sure the router forwards the selected listening port (e.g. 22199) to the IP address (e.g. 192.168.0.99) of the server.
  • Remove the insecure SSH files distributed with the system and generate new ones:
sudo rm /home/jauntyadmin00/.ssh/*
ssh-keygen
Accept the default location for the key file ( /home/jauntyadmin00/.ssh/id_rsa ).
  • Leave the passphrase empty
cd ~/.ssh
touch authorized_keys
Concatenate the newly-generated id_rsa.pub key to the authorized_keys file:
cd ~/.ssh
cat authorized_keys id_rsa.pub >> authorized_keys

Adding new SSH users

  • Add a new user and change the password for that user (optional):
sudo useradd -m myownuserID
sudo passwd myownuserpw
Login using the new user ID to complete the installation.
  • Create an SSH keypair for automated login by the new user:
  • Generate a key pair (by default, a 2048-bit RSA key pair is created):
ssh-keygen
  • Accept the default location for the key file ( /home/myownuserID/.ssh/id_rsa ).
  • Leave the passphrase empty
Make sure that a file named authorized_keys (with write privileges) is in the /home/myownuserID/.ssh folder. If not, create such a file (using the "touch" command to create an empty file) after logging into the server as myownuserID:
cd ~/.ssh
touch authorized_keys
Alternatively, you can copy the original authorized_keys file from the /etc/jauntyadmin00/.ssh folder (as long as it has been revised and is not the original insecure authorized_keys file distributed with the system). This is useful if you wish to keep both the jauntyadmin00 and myownuserID users.
sudo cp /home/jauntyadmin00/.ssh/authorized_keys /home/myownuserID/.ssh/authorized_keys
sudo chown -R myownuserID /home/myownuserID
Concatenate the newly-generated id_rsa.pub key to the authorized_keys file:
cd ~/.ssh
cat authorized_keys id_rsa.pub >> authorized_keys

Inactivate old users

  • Inactivate old users (this is easiest from the GUI desktop once installation has been completed):
Menu -> System -> User Manager -> highlight userID -> Account disabled (ticked)
If you merely wish to exclude a user from appearing on the Login screen:
Menu -> System -> System Settings -> Advanced -> Login Manager -> Users -> tick the users to exclude from the Login screen

Change hostname (optional)

  • Hostname: Jaunty32Server00
  • Discover the current hostname and the Fully Qualified Domain Name:
hostname
hostname --fqdn
  • I don't recommend changing the hostname, but it can be changed by editing the /etc/hostname file and the /etc/hosts file
sudo gedit /etc/hostname
sudo gedit /etc/hosts

It is not necessary for security reasons to change your hostname, and it is not recommended especially if you have already been using the system for a while (as the hostname can be used in several configuration files other than the two noted).

Personal tools
Sponsor