https://www.progclub.org/wiki/mediawiki/api.php?action=feedcontributions&user=60.240.67.126&feedformat=atomProgClub - User contributions [en]2024-03-28T17:16:09ZUser contributionsMediaWiki 1.35.2https://www.progclub.org/wiki/mediawiki/index.php?title=Pcphpjs&diff=2386Pcphpjs2011-12-30T07:47:34Z<p>60.240.67.126: /* Project status */</p>
<hr />
<div>Pcphpjs is the ProgClub content management system for the [[Jsphp]] project. That's the software that allows you to manage and develop JavaScript functions that emulate PHP functions. It's a new version of [http://phpjs.org/ phpjs] with some planned bug fixes and improvements. For other projects see [[Projects]].<br />
<br />
== Project status ==<br />
<br />
[http://jsphp.co/ Released], but there's stuff [[Pcphpjs#TODO|TODO]].<br />
<br />
== Contributors ==<br />
<br />
Members who have contributed to this project. Newest on top.<br />
<br />
* [[User:John|John]]<br />
<br />
All contributors have agreed to the terms of the [[ProgClub:Copyrights#ProgClub_projects|Contributor License Agreement]]. This excludes any upstream contributors who tend to have different administrative frameworks.<br />
<br />
Upstream contributors:<br />
<br />
* Doctrine contributors<br />
* CodeIgniter contributors<br />
<br />
== Copyright ==<br />
<br />
Copyright 2011, [[Pcphpjs#Contributors|Contributors]]. The pcphpjs software is licensed under the [[New BSD license]].<br />
<br />
The pcphpjs project is the software than manages the jsphp.co web site. It's an open-source content management system for a JavaScript library. The JavaScript library itself is licensed separately under the MIT and GPL licenses. These are the same terms as used by the upstream developers as explained on their [http://phpjs.org/pages/license license] page. For more information about the JavaScript library check out the [[Jsphp]] project.<br />
<br />
Pcphpjs uses the Doctrine ORM toolkit which is licensed under the [http://www.progclub.org/pcrepo/pcphpjs/trunk/src/app/doctrine-orm/LICENSE?view=markup LGPL].<br />
<br />
Pcphpjs uses the CodeIgniter web-framework which is licensed under the [http://www.progclub.org/pcrepo/pcphpjs/trunk/src/lib/code_igniter/license.txt?view=markup CodeIgniter license].<br />
<br />
== Source code ==<br />
<br />
The repository can be browsed online:<br />
<br />
http://www.progclub.org/pcrepo/pcphpjs/<br />
<br />
The code for pcphpjs is publicly available from svn:<br />
<br />
http://www.progclub.org/svnro/pcrepo/pcphpjs/tags/latest/<br />
<br />
Or privately available for read-write access:<br />
<br />
https://www.progclub.org/svn/pcrepo/pcphpjs/trunk<br />
<br />
== Links ==<br />
<br />
=== Development links ===<br />
<br />
* [https://www.progclub.net/pcma/ MemberNet database admin]<br />
* [http://jsphp.co/jsphp-dev/ Development release]<br />
* [http://jsphp.co/ Production release]<br />
<br />
=== phpjs related information ===<br />
<br />
* [http://phpjs.org/pages/home phpjs.org]<br />
<br />
=== Doctrine related information ===<br />
<br />
* [http://www.doctrine-project.org/ Doctrine]<br />
* [http://www.doctrine-project.org/docs/orm/2.1/en/tutorials/getting-started-xml-edition.html Getting started with Doctrine]<br />
* [http://www.doctrine-project.org/docs/orm/2.1/en/index.html Doctrine 2 ORM v2.1 documentation]<br />
* [http://en.wikipedia.org/wiki/Doctrine_%28PHP%29 Doctrine on Wikipedia]<br />
* [http://www.doctrine-project.org/docs/orm/2.1/en/reference/annotations-reference.html Annotations Reference]<br />
<br />
=== CodeIgniter related information ===<br />
<br />
* [http://codeigniter.com/ CodeIgniter]<br />
* [http://codeigniter.com/user_guide/toc.html CodeIgniter User Guide]<br />
* [http://jrtashjian.com/2009/02/simple-login-form-with-codeigniter/ Simple Login Form With CodeIgniter]<br />
<br />
=== Doctrine with CodeIgniter information ===<br />
<br />
* [http://www.phpandstuff.com/articles/codeigniter-doctrine-from-scratch-day-1-install-and-setup CodeIgniter and Doctrine from scratch]<br />
* [http://wildlyinaccurate.com/integrating-doctrine-2-with-codeigniter-2/ Integrating Doctrine 2 with CodeIgniter 2]<br />
<br />
=== JavaScript testing frameworks ===<br />
<br />
* [http://code.google.com/p/js-test-driver/wiki/GettingStarted js-test-driver]<br />
* [http://blogs.lessthandot.com/index.php/WebDev/UIDevelopment/Javascript/getting-started-with-javascript-unit Getting Started with JavaScript Unit Testing]<br />
<br />
== Release notes ==<br />
<br />
Hey everyone. You haven't heard from me for a while, because I've been very busy implementing a web-site in PHP and MySQL. This is the most substantial PHP/MySQL (AKA: LAMP) project that I've ever done, and I did it to research the technology and hone my skills, as this is the technology the Blackbrick will use.<br />
<br />
You can see the newly released web-site here:<br />
<br />
http://jsphp.co/<br />
<br />
Basically the site is a Content Management System (CMS) for a JavaScript library that provides the PHP API. This means code written for PHP can be more easily migrated to JavaScript, something I did when I created a JavaScript and PHP implementation of the Blowfish encryption cypher, pccipher:<br />
<br />
https://www.progclub.org/wiki/Pccipher<br />
<br />
The jsphp.co web-site has a number of features where I got to try out different technology. I used a number of open-source frameworks and toolkits, being:<br />
<br />
* CodeIgniter - a PHP web framework<br />
* Doctrine - an ORM and DB management tool<br />
* YUI - a JavaScript library including a rich text HTML editor<br />
* jQuery - a JavaScript helper library<br />
* QUnit - a JavaScript testing framework<br />
* HTMLPurifier - a HTML parser and filter<br />
* WikiDiff3 - a diff tool from MediaWiki<br />
* Slib - Blackbrick's PHP web toolkit<br />
<br />
We're using the following technologies:<br />
<br />
* HTML5 - document format<br />
* CSS - document layout language<br />
* JavaScript - client side programming language<br />
* Graphics (mostly PNG) - as multimedia as we get<br />
* PHP - server side programming language<br />
* MySQL - database server<br />
* Apache - web server<br />
* Linux - operating system<br />
* Subversion - version control system<br />
<br />
The jsphp.co web-site has implemented the following features:<br />
<br />
* Pages - there is a CMS in place for managing the content of pages, such as the contacts or downloads page<br />
* HTML comments - a rich commenting system that allows for threaded conversations, replies, edits, rich text HTML editing with WYSIWIG support, and the ability to comment on functions, versions, tests or pages in the site. Also, there is a facility for user comments (must be logged in) and anonymous comments (no need to login).<br />
* Session management - users can login to the system to enable advanced features<br />
* Categories - functions are categorised<br />
* Functions - functions are the core of the library<br />
* Menus - there are drop down menus available<br />
* Editing - functions and other code and data can be edited via the UI<br />
* Benchmarks - functions can be benchmarked to compare the performance of different versions<br />
* Revisions - there is a complete version control system with annotations for functions and tests<br />
* Diffs - the differences between function and tests implementations can be easily shown with a graphical diff tool<br />
* Developer attribution - we record and report who has contributed to the various functions, including upstream developers and local developers<br />
* Dependency management - the dependencies for functions can be modelled and supported for automatic loading and inclusion in downloads<br />
* Downloads - there is a tool for packaging the library as a download<br />
* Links - our database records useful links to integrate with the upstream project and PHP documentation<br />
* System administration - a facility for creating, updating and deleting of categories, functions, users and developers<br />
* Error logging and reporting - a system that records any errors encountered during processing so they can be reviewed<br />
* Data import - there are facilities in place to import function code and contributor information from the upstream developers<br />
<br />
So I've learned how to do all that in PHP, and I'm pretty pleased with my effort. Of course the actual JavaScript library the system has been instituted to manage is itself useful too, and hopefully this tool will end up being the platform for an open-source community.<br />
<br />
All told the web-site took me about two weeks to create, from nothing at all to version one.<br />
<br />
== TODO ==<br />
<br />
Things to do, in rough order of priority:<br />
<br />
* Pagination with Doctrine<br />
* Implement scriptify and deploy<br />
* Refactor view links on models that aren't Jsfunction, Fnversion and Testversion.<br />
* Allow user to subscribe to comments, threads and functions to get email notifications if things change.<br />
* Model get by one-to-one relationship functions<br />
* Set access key on all form buttons<br />
* Create a 'phpjs' user with disabled password and attribute function imports to their account<br />
* Create test html pages to submit malformed requests and see they get handled properly<br />
** Check missing fields<br />
** Check invalid fields (e.g. string instead of integer)<br />
** Check script tags/HTML injection<br />
* Create RSS feeds for:<br />
** Comments<br />
** Threads<br />
** Functions<br />
* Create an activity log<br />
* Improve/complete comment creation and editing<br />
* Support pagination for various content (e.g. error lists, comments?)<br />
* Use UTC dates in database<br />
* Improve account management: i.e. forgot password, change details, email alerts, timezone, etc.<br />
* Add support for user/session timezone<br />
* Create subversion repository with development and production branches<br />
<br />
[[Category:TODO]]<br />
<br />
== Done ==<br />
<br />
Stuff that's done. Latest stuff on top.<br />
<br />
* [[User:John|JE]] 2011-12-24: Function status management; create, update, etc.<br />
* [[User:John|JE]] 2011-12-24: Copy in pccipher/simpletest and test scriptify<br />
* [[User:John|JE]] 2011-12-24: Factor slug into slib get_slug<br />
* [[User:John|JE]] 2011-12-24: Code review entire codebase with a view to:<br />
** Removing XSS vulnerabilities<br />
** Removing HTML injection vulnerabilities<br />
** Having consistent controller/action/view naming and implementation<br />
** Fixing input validation<br />
** Fixing error logging<br />
** Fixing redirection (start using 'goto' where possible)<br />
* [[User:John|JE]] 2011-12-24: Add 'comment' links to various pages<br />
* [[User:John|JE]] 2011-12-24: Finish upstream contributor management<br />
* [[User:John|JE]] 2011-12-19: Design and implement database (has been continuous)<br />
* [[User:John|JE]] 2011-12-19: Create database creation/upgrade scripts (sort of mostly done, using Doctrine)<br />
* [[User:John|JE]] 2011-12-19: Create a 'wiki' like front-end for users to submit and test patches<br />
* [[User:John|JE]] 2011-12-19: Create unit testing facilities<br />
* [[User:John|JE]] 2011-12-19: Create benchmark facilities to compare versions, mostly to compare performance<br />
* [[User:John|JE]] 2011-12-11: improved basic user, category and function management functionality<br />
* [[User:John|JE]] 2011-12-11: created database management scripts<br />
* [[User:John|JE]] 2011-09-22: released basic account, category and function management functionality<br />
* [[User:John|JE]] 2011-09-22: found [http://www.progclub.org/blog/2011/09/22/integrating-doctrine-2-with-codeigniter-2/ Integrating Doctrine 2 with CodeIgniter 2]<br />
* [[User:John|JE]] 2011-09-20: imported CodeIgniter 2.0.3<br />
* [[User:John|JE]] 2011-09-19: imported Doctrine ORM 2.1.1 and worked through [http://www.doctrine-project.org/docs/orm/2.1/en/tutorials/getting-started-xml-edition.html Getting Started]<br />
* [[User:John|JE]] 2011-09-07: created project page<br />
* [[User:John|JE]] 2011-09-07: created project in svn<br />
<br />
== Notes for implementers ==<br />
<br />
If you are interested in incorporating the ProgClub pcphpjs into your project, here's what you need to know:<br />
<br />
Well, this project has only just begun, so you can't really integrate with it at the moment. I'll update these notes when the time is right.</div>60.240.67.126https://www.progclub.org/wiki/mediawiki/index.php?title=JsPHP&diff=2385JsPHP2011-12-30T07:46:05Z<p>60.240.67.126: /* Notes for implementers */</p>
<hr />
<div>Jsphp is the ProgClub project to implement PHP functions in JavaScript. It's a fork of [http://phpjs.org/ phpjs] with some planned bug fixes and improvements. The content management system used by Jsphp is provided by the [[Pcphpjs]] project and available in production at [http://jsphp.co/ jsphp.co]. For other projects see [[Projects]].<br />
<br />
== Project status ==<br />
<br />
Released.<br />
<br />
== Contributors ==<br />
<br />
Members who have contributed to this project. Newest on top.<br />
<br />
* [[User:John|John]]<br />
<br />
All contributors have agreed to the terms of the [[ProgClub:Copyrights#ProgClub_projects|Contributor License Agreement]]. This excludes any upstream contributors who tend to have different administrative frameworks.<br />
<br />
Upstream contributors:<br />
<br />
* [http://phpjs.org/authors/index phpjs contributors]<br />
<br />
== Copyright ==<br />
<br />
Copyright 2011, [[Jsphp#Contributors|Contributors]]. Dual licensed under the [[MIT license|MIT]] or [[GPL]] licenses.<br />
<br />
== Source code ==<br />
<br />
The source code is available for editing and management via [http://jsphp.co jsphp.co].<br />
<br />
== Links ==<br />
<br />
* [http://jsphp.co jsphp.co]<br />
* [http://jsphp.co/jsphp-dev jsphp.co development snapshot]<br />
<br />
== TODO ==<br />
<br />
Things to do, in rough order of priority:<br />
<br />
* Write unit tests and benchmarks for all functions.<br />
<br />
[[Category:TODO]]<br />
<br />
== Done ==<br />
<br />
Stuff that's done. Latest stuff on top.<br />
<br />
* [[User:John|JE]] 2011-12-30: Functions imported, upstream developers imported, and dependencies imported.<br />
* [[User:John|JE]] 2011-12-30: Put in unit tests for array class<br />
* [[User:John|JE]] 2011-12-30: Try changing array class to get versions to benchmark<br />
* [[User:John|JE]] 2011-12-30: Develop the content management system [[Pcphpjs]]<br />
* [[User:John|JE]] 2011-12-30: Import functions from phpjs.org<br />
* [[User:John|JE]] 2011-09-21: created project page<br />
<br />
== Notes for implementers ==<br />
<br />
If you are interested in incorporating the ProgClub Jsphp into your project, here's what you need to know:<br />
<br />
Go to [http://jsphp.co/ jsphp.co] and click on the [http://jsphp.co/jsphp/fn/list Functions] tab. Select the functions you want to have access to from JavaScript, and then choose a download type. Download types are either Production or Development. Choose Production if you want the latest production verified code, or Development if you want the absolute latest version, and then click Download. You will then have a php.js file with your functions in it that you can include from your own project. If you need the php.js file packaged in a different format then get in contact with [[User:John|John]] and let him know and he can look at fixing up the packaging system for you.</div>60.240.67.126https://www.progclub.org/wiki/mediawiki/index.php?title=JsPHP&diff=2384JsPHP2011-12-30T07:43:14Z<p>60.240.67.126: </p>
<hr />
<div>Jsphp is the ProgClub project to implement PHP functions in JavaScript. It's a fork of [http://phpjs.org/ phpjs] with some planned bug fixes and improvements. The content management system used by Jsphp is provided by the [[Pcphpjs]] project and available in production at [http://jsphp.co/ jsphp.co]. For other projects see [[Projects]].<br />
<br />
== Project status ==<br />
<br />
Released.<br />
<br />
== Contributors ==<br />
<br />
Members who have contributed to this project. Newest on top.<br />
<br />
* [[User:John|John]]<br />
<br />
All contributors have agreed to the terms of the [[ProgClub:Copyrights#ProgClub_projects|Contributor License Agreement]]. This excludes any upstream contributors who tend to have different administrative frameworks.<br />
<br />
Upstream contributors:<br />
<br />
* [http://phpjs.org/authors/index phpjs contributors]<br />
<br />
== Copyright ==<br />
<br />
Copyright 2011, [[Jsphp#Contributors|Contributors]]. Dual licensed under the [[MIT license|MIT]] or [[GPL]] licenses.<br />
<br />
== Source code ==<br />
<br />
The source code is available for editing and management via [http://jsphp.co jsphp.co].<br />
<br />
== Links ==<br />
<br />
* [http://jsphp.co jsphp.co]<br />
* [http://jsphp.co/jsphp-dev jsphp.co development snapshot]<br />
<br />
== TODO ==<br />
<br />
Things to do, in rough order of priority:<br />
<br />
* Write unit tests and benchmarks for all functions.<br />
<br />
[[Category:TODO]]<br />
<br />
== Done ==<br />
<br />
Stuff that's done. Latest stuff on top.<br />
<br />
* [[User:John|JE]] 2011-12-30: Functions imported, upstream developers imported, and dependencies imported.<br />
* [[User:John|JE]] 2011-12-30: Put in unit tests for array class<br />
* [[User:John|JE]] 2011-12-30: Try changing array class to get versions to benchmark<br />
* [[User:John|JE]] 2011-12-30: Develop the content management system [[Pcphpjs]]<br />
* [[User:John|JE]] 2011-12-30: Import functions from phpjs.org<br />
* [[User:John|JE]] 2011-09-21: created project page<br />
<br />
== Notes for implementers ==<br />
<br />
If you are interested in incorporating the ProgClub Jsphp into your project, here's what you need to know:<br />
<br />
Well this is all still under development, but when it's ready you will be able to request a download of the javascript file containing your functions from jsphp.co.</div>60.240.67.126https://www.progclub.org/wiki/mediawiki/index.php?title=JsPHP&diff=2383JsPHP2011-12-30T07:41:15Z<p>60.240.67.126: /* Project status */</p>
<hr />
<div>Jsphp is the ProgClub project to implement PHP functions in JavaScript. It's a fork of [http://phpjs.org/ phpjs] with some planned bug fixes and improvements. The content management system used by Jsphp is provided by the [[Pcphpjs]] project and available in production at [http://jsphp.co/ jsphp.co]. For other projects see [[Projects]].<br />
<br />
== Project status ==<br />
<br />
Released.<br />
<br />
== Contributors ==<br />
<br />
Members who have contributed to this project. Newest on top.<br />
<br />
* [[User:John|John]]<br />
<br />
All contributors have agreed to the terms of the [[ProgClub:Copyrights#ProgClub_projects|Contributor License Agreement]]. This excludes any upstream contributors who tend to have different administrative frameworks.<br />
<br />
Upstream contributors:<br />
<br />
* [http://phpjs.org/authors/index phpjs contributors]<br />
<br />
== Copyright ==<br />
<br />
Copyright 2011, [[Jsphp#Contributors|Contributors]]. Dual licensed under the [[MIT license|MIT]] or [[GPL]] licenses.<br />
<br />
== Source code ==<br />
<br />
The source code is available for editing and management via [http://jsphp.co jsphp.co].<br />
<br />
== Links ==<br />
<br />
* [http://jsphp.co jsphp.co]<br />
* [http://jsphp.co/jsphp-dev jsphp.co development snapshot]<br />
<br />
== TODO ==<br />
<br />
Things to do, in rough order of priority:<br />
<br />
* Put in unit tests for array class<br />
* Try changing array class to get versions to benchmark<br />
* Develop the content management system [[Pcphpjs]]<br />
* Port functions from phpjs.org<br />
<br />
[[Category:TODO]]<br />
<br />
== Done ==<br />
<br />
Stuff that's done. Latest stuff on top.<br />
<br />
* [[User:John|JE]] 2011-09-21: created project page<br />
<br />
== Notes for implementers ==<br />
<br />
If you are interested in incorporating the ProgClub Jsphp into your project, here's what you need to know:<br />
<br />
Well this is all still under development, but when it's ready you will be able to request a download of the javascript file containing your functions from jsphp.co.</div>60.240.67.126https://www.progclub.org/wiki/mediawiki/index.php?title=JsPHP&diff=2382JsPHP2011-12-30T07:40:57Z<p>60.240.67.126: </p>
<hr />
<div>Jsphp is the ProgClub project to implement PHP functions in JavaScript. It's a fork of [http://phpjs.org/ phpjs] with some planned bug fixes and improvements. The content management system used by Jsphp is provided by the [[Pcphpjs]] project and available in production at [http://jsphp.co/ jsphp.co]. For other projects see [[Projects]].<br />
<br />
== Project status ==<br />
<br />
Under way. Not released yet, there's stuff [[Jsphp#TODO|TODO]].<br />
<br />
== Contributors ==<br />
<br />
Members who have contributed to this project. Newest on top.<br />
<br />
* [[User:John|John]]<br />
<br />
All contributors have agreed to the terms of the [[ProgClub:Copyrights#ProgClub_projects|Contributor License Agreement]]. This excludes any upstream contributors who tend to have different administrative frameworks.<br />
<br />
Upstream contributors:<br />
<br />
* [http://phpjs.org/authors/index phpjs contributors]<br />
<br />
== Copyright ==<br />
<br />
Copyright 2011, [[Jsphp#Contributors|Contributors]]. Dual licensed under the [[MIT license|MIT]] or [[GPL]] licenses.<br />
<br />
== Source code ==<br />
<br />
The source code is available for editing and management via [http://jsphp.co jsphp.co].<br />
<br />
== Links ==<br />
<br />
* [http://jsphp.co jsphp.co]<br />
* [http://jsphp.co/jsphp-dev jsphp.co development snapshot]<br />
<br />
== TODO ==<br />
<br />
Things to do, in rough order of priority:<br />
<br />
* Put in unit tests for array class<br />
* Try changing array class to get versions to benchmark<br />
* Develop the content management system [[Pcphpjs]]<br />
* Port functions from phpjs.org<br />
<br />
[[Category:TODO]]<br />
<br />
== Done ==<br />
<br />
Stuff that's done. Latest stuff on top.<br />
<br />
* [[User:John|JE]] 2011-09-21: created project page<br />
<br />
== Notes for implementers ==<br />
<br />
If you are interested in incorporating the ProgClub Jsphp into your project, here's what you need to know:<br />
<br />
Well this is all still under development, but when it's ready you will be able to request a download of the javascript file containing your functions from jsphp.co.</div>60.240.67.126https://www.progclub.org/wiki/mediawiki/index.php?title=2011_news&diff=22142011 news2011-11-30T05:02:44Z<p>60.240.67.126: </p>
<hr />
<div>This is the ProgClub [[news]] for the year 2011. Latest news goes on top.<br />
<br />
= 2011-11-30 =<br />
<br />
== Network improvements ==<br />
<br />
Over the past week there have been a few improvements to the ProgClub network. Particularly we've [[Charity_admin#John_2011-11-27_13:37|fixed an issue we were having with our NFS server]] and [[Charity_admin#John_2011-11-30_06:57|fixed an annoying character encoding issue in svn commit reports to the vcs list]]. Go school!<br />
<br />
== ProgClub goes secure! ==<br />
<br />
John decided that from now on we're going to run all HTTP activity back through HTTPS. The SSL facilities are in place, so why not use them? From now on all HTTP requests to the ProgClub web-site, Member Net or Mobile Net will get redirected to the HTTPS equivalent. Also, all such HTTP requests will be redirected to the appropriate canonical domain name. You can read about the config changes necessary to support this new configuration for [[Charity_admin#John_2011-11-30_15:51|charity]], [[Hope_admin#John_2011-11-30_15:54|hope]] and [[Honesty_admin#John_2011-11-30_15:54|honesty]].<br />
<br />
= 2011-11-24 =<br />
<br />
== Policy updates ==<br />
<br />
The club's [[constitution]] has been revised so as to have the Benevolent Dictator nominate a successor rather than the Blackbrick Directors or shareholders. ProgClub has an agreement with Blackbrick that if Blackbrick no longer sponsors ProgClub that ProgClub can find another sponsor and continue to exist independently of Blackbrick.<br />
<br />
= 2011-11-22 =<br />
<br />
== New member ==<br />
<br />
ProgClub welcomes [[User:004|004]]!<br />
<br />
= 2011-11-18 =<br />
<br />
== New member ==<br />
<br />
ProgClub welcomes [[User:Aleksei|Aleksei]]!<br />
<br />
= 2011-11-17 =<br />
<br />
== Lock down ==<br />
<br />
Since the ProgClub wiki has been available there have been spammers vandalising the site pretty much every day. For the last few months John has been studiously going over the site trying to find and remove such content, but this is becoming quite tedious. So, what we're doing now is marking pages that get vandalised as protected. Protected pages can't be changed by new or unregistered users. As spammers find new parts of the site to vandalise those parts get locked down. Maybe this will mean that eventually the whole site is locked down bit by bit. That's a shame, but this is probably the best course of action to help keep the administrative effort reasonable, given that hardly anyone changes much on the wiki these days, even John has found that he's not updating the wiki very much any more. It's all sort of complete. Although:<br />
<br />
== ProgSoc catching up ==<br />
<br />
Someone from ProgSoc (almost certainly Tom Bozic -- yes :) - TB.) has been keeping the [[Why ProgClub is cooler than ProgSoc]] page up-to-date with ProgSoc's latest developments. Recently [[Why_ProgClub_is_cooler_than_ProgSoc#ProgClub_has_an_up-to-date_Member_Net|another item]] was moved to the [[Why_ProgClub_is_cooler_than_ProgSoc#Redundant_reasons|redundant list]] as ProgSoc revised and improved their facilities. Go ProgSoc! ;)<br />
<br />
= 2011-11-13 =<br />
<br />
== New Member ==<br />
<br />
Welcome to ProgClub [[User:G742|G]]!<br />
<br />
= 2011-10-31 =<br />
<br />
Happy Halloween! :)<br />
<br />
== Pccipher patched ==<br />
<br />
An Italian university student using the [[Pccipher]] library found a pretty serious bug in the advertised API, which has been fixed, and a new version of pccipher is now available.<br />
<br />
= 2011-10-18 =<br />
<br />
== New project jj5-test ==<br />
<br />
There is a new project at ProgClub: [[JJ5-test|jj5-test]]. This project is an experimental area for [[User:John|John]]. At the moment John is using it to work on a checkers simulation, but in the future it can be used for other experimental projects. Others are welcome to contribute code to this project too.<br />
<br />
= 2011-10-17 =<br />
<br />
== ProgClub SEO ==<br />
<br />
According to google as seen by me ProgClub is now ranked first for a search for [http://www.google.com/search?q=programmers+club programmers club]. Go team! :)<br />
<br />
== ProgClub emails number 200 ==<br />
<br />
Today the 200th email arrived on the ProgClub mailing list. The mailing list has been and will remain the central focus of the club. It's great that people have been so involved!<br />
<br />
= 2011-10-05 =<br />
<br />
== ML class started ==<br />
<br />
John is going to be a little less focused on current ProgClub projects over the next few months as he focuses on the [http://ml-class.org/ ML] and [http://ai-class.org/ AI] classes from Stanford. Notes for the ML class are available on the [http://www.jj5.net/sixsigma/ML_class sixsigma wiki]. The AI class notes should be available too, but that class hasn't started yet. Wish me luck!<br />
<br />
= 2011-09-22 =<br />
<br />
== Jsphp under way ==<br />
<br />
A domain has been registered for the [[Jsphp]] project: http://jsphp.co/ -- this is hosted on Member Net. The [[Jsphp]] project is a fork of [http://phpjs.org/ phpjs] with a view to providing a better implementation. The [[Jsphp]] project is managed by the [[Pcphpjs]] content management system. You can track the development of [[Pcphpjs]] at [http://jsphp.co/jsphp-dev http://jsphp.co/jsphp-dev].<br />
<br />
= 2011-09-17 =<br />
<br />
== Pccipher on schneier.com ==<br />
<br />
ProgClub's [[Pccipher]] has been listed in the [http://www.schneier.com/blowfish-products.html Encryption Libraries and Toolkits] on [http://www.schneier.com/ schneier.com]! Go school! :)<br />
<br />
= 2011-09-09 =<br />
<br />
== ProgClub domain name HTTP redirection ==<br />
<br />
We've had something a little odd happen. Someone from Malta setup an internet domain recently and configured its IP address as the IP address of Member Net. This had the effect that when you went to [http://www.mediaproofer.com/ www.mediaproofer.com] that you saw ProgClub's Member Net there. I tried to get in contact with the webmaster of mediaproofer to see if this was a mistake or done for some reason, but I didn't get a reply. After a few days of waiting -- and after finding our content in google for that domain name -- I decided that I didn't want that. So, I've reconfigured our services in such a way that if you navigate to mediaproofer you get redirected to www.progclub.net. While I was at it I setup our web system so that if you navigate to one of our non-canonical domains you get redirected the canonical address. For example if you try any of [[2011_news#Web_server_reconfiguration|these domains]] you should get redirected to the canonical URL. So people who come to ProgClub by typing http://progclub.com/ into their browser will get redirected to http://www.progclub.org/ which is probably best. There is limited redirection support for HTTPS too.<br />
<br />
== New ProgClub projects ==<br />
<br />
Two new projects are under way at ProgClub: the [[Pcphpjs]] project, and the [[Pcad]] project. [[Pcphpjs]] is going to be a fork of [http://phpjs.org/ phpjs], and [[Pcad]] is ProgClub's administration daemon.<br />
<br />
[[Pcphpjs]] will be implemented primarily in PHP with MySQL and will provide a web-site for users to collaborate on the development of JavaScript functions that mimic PHP functions. The hope is that ProgClub will come up with a good system that people will be interested in using. The fork was triggered because I couldn't get my mods to phpjs into their HEAD revision and my changes were an important bug fix.<br />
<br />
[[Pcad]] will be implemented in C and Bash. It will listen on port 1337 and accept commands issued to it via TCP/IP. The only planned feature at the moment is to have the admin daemon destroy and recreate the pcphpjs-dev database, which is the development database for our [[Pcphpjs]] project. Down the track I think the pcad daemon will be allocated more tasks, such as creating new member accounts.<br />
<br />
= 2011-09-06 =<br />
<br />
== SquirrelMail available ==<br />
<br />
In addition to the full-featured Web 2.0 AJAX Roundcube email client, we have a simple HTML based email client called SquirrelMail in the [http://www.progclub.org/webmail webmail] system. There is now also a nice entry page that allows you to select between email clients.<br />
<br />
= 2011-09-05 =<br />
<br />
== Integrating with the web ==<br />
<br />
ProgClub has modified the default settings for Mailman and MediaWiki so that the 'nofollow' attribute typically applied to posts in the archives and external links on the wiki are *disabled*. This means that when you post a link to any of the mailing lists or link to an external site from the wiki that search engines will count that link and follow it for indexing. This will help us become more tightly integrated with the World Wide Web, that venerable institution. We will have to keep on the lookout for spam and remove it as quickly as possible to avoid having it drag our site into disrepute.<br />
<br />
= 2011-09-04 =<br />
<br />
== ProgClub SEO ==<br />
<br />
Our first attempts at SEO are starting to pay dividends! We're now ranked on page 3 at google for the search phrase "programmers' club". You can read more about our SEO process on [http://www.progclub.org/blog/2011/09/04/programmers-club/ the blog].<br />
<br />
Update: 2011-09-11: ProgClub is now listed on the first page for "programmers' club". Go team! :)<br />
<br />
= 2011-09-03 =<br />
<br />
== Policy updates ==<br />
<br />
There have been a few relatively minor updates to the ProgClub policies. I will mention them here on the news page, but won't broadcast an announcement for these as they are not particularly noteworthy. Firstly, there were some additional clauses added to the [[ProgClub:General_disclaimer|general disclaimer]] to help make things a little clearer; and secondly, the Administrators' [[Administrative_reference#Code_of_conduct|code of conduct]] was referenced from the [[ProgClub:Privacy_policy|privacy policy]].<br />
<br />
Update: I will notify the announcement list of these changes, because that's what I'm supposed to do, according to the policy. *Sigh*. One day our policies will be stable.<br />
<br />
= 2011-09-02 =<br />
<br />
== ProgClub webmail ==<br />
<br />
ProgClub's webmail project [[Pcwebmail]] has been started, and the [http://roundcube.net Roundcube] webmail client is now available. To access webmail head to https://www.progclub.org/webmail and choose your favourite mail client (at the moment only Roundcube is supported, but there are plans to add support for other mail clients).<br />
<br />
== The Investigators ==<br />
<br />
It's official, ProgClub is now hosting our first paid member domain on Member Net:<br />
<br />
* http://www.theinvestigators.com.au/<br />
* http://theinvestigators.com.au/<br />
* http://www.theinvestigators.co/<br />
* http://theinvestigators.co/<br />
<br />
We're receiving $75 per year for web, email, DNS and MySQL hosting. Thanks [[User:Teejay|Teejay]]!<br />
<br />
= 2011-09-01 =<br />
<br />
== ProgClub values ==<br />
<br />
There have been some updates to our [[Values]] statement. This documentation was added a little late in the game, and it needed some tidying up and fleshing out. I'm pretty happy with our values statement now. Comments are [mailto:list@progclub.org?subject=ProgClub%20values more than welcome].<br />
<br />
= 2011-08-30 =<br />
<br />
== ProgClub list activity ==<br />
<br />
The list is starting to get a little bit of traction. We now have about 12 people subscribed to the list, and we've had 6 people [http://www.progclub.org/pipermail/list/2011-August/date.html talking]. Which is really great. No-one has used the programming specific list yet, and I have to say I'm pretty happy about that. Personally, I want a list like the ProgClub list where you can talk about anything without fear of persecution, but I thought when I was setting up the lists that there would be a class of people who only wanted to hang out on a programming specific list. The good news is that the opposite has happened, and more people have subscribed to the general list than the programming list. This makes the programming list pretty much redundant, at least until ProgClub is much much bigger. I have to say, I'm really enjoying our new little community on the ProgClub list, and I've already learned a few things from the list that have made me a more knowledgeable programmer.<br />
<br />
== ProgClub news ==<br />
<br />
I'm expecting the rate of news to start slowing down a bit now. Over the past month we've had news every one or two days, but I think we're now at the stage that news will come week by week, and soon after than probably month by month. The thing is, we're pretty much feature complete now. There are still a few little things to do, but nothing that's a huge priority. Our infrastructure is largely in place, so now we just have to wait for people to find the time to begin using it.<br />
<br />
= 2011-08-27 =<br />
<br />
== Member Net updated ==<br />
<br />
This news is a little late in coming, but I figure I should mention that [[User:Key|Key]] has been the coolest ProgClubber to date with her very slick [http://www.progclub.net/~key720/ Member Net web-page]. That's her second cut, and it looks even better than her first version. It's very cool to see members participating in Member Net, thanks Key! Also, [[User:Tasaio|Tasaio]] was the first to experiment with [http://www.progclub.net/ Member Net], and he's got a test page up there at the moment -- looking forward to seeing that develop as he finds some time. Thanks to you two guys for leading the way at ProgClub!<br />
<br />
= 2011-08-26 =<br />
<br />
== New members ==<br />
<br />
ProgClub welcomes Teejay, Asher and Con. More information on the [[Members]] page.<br />
<br />
== Happy birthday! ==<br />
<br />
Yesterday, ProgClub turned one month old. And what a month it's been! We've seen the club grow from 1 member to 15, and from a simple wiki to a full featured club with SSH logins, email and lots of web facilities. Happy birthday ProgClub!<br />
<br />
= 2011-08-22 =<br />
<br />
== New members ==<br />
<br />
ProgClub welcomes Dalafyn1960 and Kevlin. More information on the [[Members]] page.<br />
<br />
== New projects ==<br />
<br />
Two new projects have been documented: [[Pcmnet]] and [[Pcweb]]. These contain the files for ProgClub's web-sites: Member Net, Mobile Net and the administration web-site. These projects had previously been released, but their project pages exist now.<br />
<br />
== Policy updates ==<br />
<br />
The policies have been updated. Again! This time I've added a section for the club's [[Values]], and updated [[What we do]] and the [[Constitution]] to account for these. I've also modified the [[ProgClub:Copyrights|Copyright policy]] to include an updated [[ProgClub:Copyrights#ProgClub_projects|Contributor License Agreement]] wherein contributors authorise the ProgClub executive to modify the licensing terms for any of ProgClub's projects in the spirit of the club. The [[ProgClub:Copyrights#ProgClub_projects|Contributor License Agreement]] will be linked from all ProgClub project pages from the Contributors section. The [[ProgClub:Policy|terms and conditions]] were updated with a new notice of changes policy whereby the process now includes an announcement on the ProgClub [https://www.progclub.org/cgi-bin/mailman/listinfo/announcement announcement] list. There were some other minor updates to the wording of the [[ProgClub:Copyrights|Copyright policy]].<br />
<br />
= 2011-08-21 =<br />
<br />
== Spam filtering enabled ==<br />
<br />
I've installed spamassassin (man, wasn't that a chore!), and it should all be working properly now. Of course, it's not really tested very well, because we're not getting much spam at the moment. [mailto:admin@progclub.com admin@progclub.com] was a publicly advertised email address of the previous domain owner, so there is a little bit of spam coming through on that, but there hasn't been any in the last few hours. I guess it's just wait and see if the spam filtering is effective or not.<br />
<br />
== HTTPS *broken* ==<br />
<br />
I was playing tricks with my Subject Alternative Names for my certificate from godaddy.com. I only had 5 SANs, and I needed about 20, so what I did was reissue the certificate with different SANs and created a set of certificates. But... they revoked the old certificates! So, at the moment, the club doesn't have a valid SSL cert. The good news is that I've parted with $700 and got a new certificate on order, but for some reason they are being very slow in delivering it. Anyway, HTTPS will be operational again soon.<br />
<br />
Update: it's fixed now.<br />
<br />
== Mail filters help ==<br />
<br />
I've started some documentation to help users of the [[mailing lists]] with [[mail filters]]. If you've got a spare minute and are using a mail client other than Thunderbird, it'd be cool if you explained how to create the mail filters on your client software. Note: I updated [[mailing lists]] with a pointer to the [[mail filters]] doco.<br />
<br />
== Web server reconfiguration ==<br />
<br />
I've updated the DNS records for ProgClub so that the correct servers are used for the correct services. The following services are being provided by the following hosts:<br />
<br />
* Administration web-site: charity.progclub.org<br />
** http://charity.progclub.org/<br />
** http://www.progclub.org/<br />
** http://progclub.org/<br />
** http://www.progclub.com/<br />
** http://progclub.com/<br />
** http://www.progclub.info/<br />
** http://progclub.info/<br />
** https://charity.progclub.org/<br />
** https://www.progclub.org/<br />
** https://progclub.org/<br />
** https://www.progclub.com/<br />
** https://progclub.com/<br />
** https://www.progclub.info/<br />
** https://progclub.info/<br />
* Member Net: honesty.progclub.net<br />
** http://honesty.progclub.net/<br />
** http://www.progclub.net/<br />
** http://progclub.net/<br />
** http://www.progclub.co/<br />
** http://progclub.co/<br />
** https://honesty.progclub.net/<br />
** https://www.progclub.net/<br />
** https://progclub.net/<br />
** https://www.progclub.co/<br />
** https://progclub.co/<br />
* Mobile Net: hope.progclub.net<br />
** http://hope.progclub.net/<br />
** http://www.progclub.mobi/<br />
** http://progclub.mobi/<br />
** https://hope.progclub.net/<br />
** https://www.progclub.mobi/<br />
** https://progclub.mobi/<br />
<br />
= 2011-08-20 =<br />
<br />
== Mailing lists operational ==<br />
<br />
The ProgClub [[Mailing lists]] are now operational. I've changed the details of the mailing list policy to take account of the new lists and the fact that the lists are now functional. Anyone can join any of the lists, except for the admin list which is only for ProgClub administrators. Anyone can post to any of the lists, except for the ProgClub announcement list which requires approval by an administrator. All of the lists except for the admin list have public archives. Information about the lists is best seen on the [[Mailing lists]] page. How about you head over there and subscribe? I will subscribe all members to the announcement list, the other lists are at your option.<br />
<br />
p.s. [http://www.progclub.org/pipermail/announcement/2011/000000.html First post]!<br />
<br />
= 2011-08-19 =<br />
<br />
== Email is working! ==<br />
<br />
Email is now functional at ProgClub. I still need to go though and create everyone's accounts, but the servers have been setup. We have secure IMAP, POP3 and SMTP services for members, along with email forwarding and the potential to host other domains. Our email services are all secured with a proper signed certificate!<br />
<br />
== Announcing Mobile Net ==<br />
<br />
ProgClub has launched ProgClub [http://www.progclub.mobi/ Mobile Net]! Mobile Net is available from http://progclub.mobi/ ([https://progclub.mobi/ HTTPS] is supported too), and it's an area for sharing web apps optimised for mobile devices. So, to use Mobile Net: put a 'public_mobile' directory containing your mobile friendly web content in your home directory, and Mobile Net will do the rest! Browse to http://progclub.mobi/ from your mobile phone to check it out!<br />
<br />
= 2011-08-18 =<br />
<br />
== Web statistics available ==<br />
<br />
A web site statistics package, awstats, has been configured on [[charity]]. Now you can view ProgClub's [http://www.progclub.org/cgi-bin/awstats.pl web-site usage statistics].<br />
<br />
= 2011-08-17 =<br />
<br />
== Pccipher released ==<br />
<br />
A new project has been released at ProgClub: [[Pccipher]]. [[Pccipher]] is a Javascript and PHP encryption library, currently implementing the Blowfish encryption algorithm.<br />
<br />
= 2011-08-15 =<br />
<br />
== Policy updates ==<br />
<br />
The [[ProgClub:Policy|terms and conditions]] have been updated with a statement that usage of ProgClub facilities indicates acceptance of the terms and conditions. The [[Mailing_lists|mailing list policy]] was updated with some additional [[Mailing_lists#list.40progclub.org|commentary]]. The [[ProgClub:Copyrights|copyright policy]] was updated with a link to the new [http://www.progclub.org/pcrepo/ pcrepo] browser.<br />
<br />
== jj5-bin released ==<br />
<br />
A new project, [[JJ5-bin|jj5-bin]], has been instituted for managing and sharing [[User:John|John]]'s administration and utility scripts.<br />
<br />
= 2011-08-14 =<br />
<br />
== New logo <nowiki>==</nowiki> hacker emblem ==<br />
<br />
ProgClub has a new logo! It's the [http://en.wikipedia.org/wiki/Hacker_Emblem hacker emblem], which is a sign of solidarity with the following [http://en.wikipedia.org/wiki/Hacker_%28programmer_subculture%29#History values]:<br />
<br />
* Creating software and sharing it with each other<br />
* Placing a high value on freedom of inquiry; hostility to secrecy<br />
* Information-sharing as both an ideal and a practical strategy<br />
* Upholding the right to fork<br />
* Emphasis on rationality<br />
* Distaste for authority<br />
* Playful cleverness, taking the serious humorously and humour seriously<br />
<br />
You can read more about the history of the club's logo on the [[ProgClub logo]] page.<br />
<br />
== User logins now working on user machines ==<br />
<br />
[[Hope]] and [[Honesty]] have been configured with Kerberos/LDAP/PAM/NFS clients as needed to facilitate [[Single sign-on]]. So the [[Single sign-on]] project is pretty much finished! There's a [[Administrative_reference#Adding_a_new_user|process]] for adding new users. It'll take me a little while to go through and add all our current members, and I haven't done that yet. First I thought I'd post about the success of the [[Single sign-on]] project! That's ''six'' completed projects now!<br />
<br />
== Member web-pages operational ==<br />
<br />
Now members can create a public_html directory in their home directory, and it will be served from the [[Domains#User_domains|user domains]]. So that's http://www.progclub.net/ -- now operational! It's working for HTTPS too https://www.progclub.net/<br />
<br />
Still need to theme it and flesh out the content a little, but that's basically the idea. At last [[Webpage creation]] has useful content.<br />
<br />
= 2011-08-13 =<br />
<br />
== Pcview released ==<br />
<br />
A new project was started and released: [[Pcview]]. This means that [http://www.progclub.org/pcrepo/ pcrepo] can now be browsed on the web.<br />
<br />
= 2011-08-12 =<br />
<br />
== progclub.com live ==<br />
<br />
It's official, ProgClub has [http://progclub.com/ progclub.com]! It's now a functional [[Domains#Administrative_domains|administrative domain]] of the club's. We've registered and re-delegated the domain, and it's ours for at least the next 5 years. There might be a slight delay in DNS record propagation, but disregarding that everything else is configured and ready to roll. Thanks very much [[ProgRock|ProgClub]]!<br />
<br />
== Subversion releases ==<br />
<br />
There are now instructions for [[Projects#Releasing_ProgClub_projects|releasing ProgClub projects]], which refer to our [[Subversion]] process. There's an article on the blog about our [http://www.progclub.org/blog/2011/08/12/subversion-release-script/ Subversion release script].<br />
<br />
= 2011-08-11 =<br />
<br />
== Administration pages protected ==<br />
<br />
The various ProgClub administration pages, such as the [[Executive]], [[Constitution]], and [[ProgClub:Policy|Terms and conditions]], etc., have been flagged as "protected" in the wiki. Only ProgClub wiki administrators (i.e. [[User:John|John]]) are allowed to change these documents. So, we won't have any silly business with our constitution or policies being re-written by spammers or trolls.<br />
<br />
== Copyrights, licenses, etc. ==<br />
<br />
Each [[Projects|ProgClub project]] now has Contributors and Copyright sections that detail the copyright holders and licensing terms for the project. It all seems [[Projects|very professional]]! So far we're using the [[New BSD]] and [[GPL]] (v2) licenses, and I think that's pretty much all we're ever gonna need. Maybe one day we'll see the LGPL or MIT licenses too. The [[ProgClub:Copyrights|Copyright policy]] covers contributions to ProgClub [[forums]] and [[projects]].<br />
<br />
== Policy updates ==<br />
<br />
[[Mailing lists]] have been incorporated as a policy in the [[ProgClub:Policy|terms and conditions]]. The [[ProgClub:Copyrights#ProgClub_projects|CLA]] in the [[ProgClub:Copyrights|Copyright policy]] was updated to cover use of ProgClub [[forums]]. The [[ProgClub:Copyrights#ProgClub_forums|ProgClub forums copyright policy]] was updated to allow for copying from public domain or similar free sources. Looking forward to the day that our policies are stable!<br />
<br />
== Project template ==<br />
<br />
There's a [[Project template]] that can be used for kick-starting a project along with some [[Projects#Contributing_to_ProgClub_projects|instructions]] on the [[Projects]] page. Now what we need are lots of started and never to be finished projects! (Hey, ProgClub has finished ''four'' projects, cancelled only one, have three under active development, and two on the back-burner. Not bad at all! Here at ProgClub we ''get things done''!)<br />
<br />
= 2011-08-10 =<br />
<br />
== Pcwiki release ==<br />
<br />
I updated the [[Pcwiki]] page with a [[Pcwiki#Notes_for_implementers|Notes for implementers]] section, and [http://lists.wikimedia.org/pipermail/wikitech-l/2011-August/054561.html posted] to the [http://lists.wikimedia.org/pipermail/wikitech-l/ wikitech-l] list about my mods to MediaWiki. It'd be pretty exciting if they're interested in them!<br />
<br />
Update: no-one is particularly interested in my contributions. :(<br />
<br />
= 2011-08-09 =<br />
<br />
== System upgrades ==<br />
<br />
[[Charity]] has been upgraded from 256 MB of RAM to 512 MB of RAM, and system backups have been enabled. This has had a noticeable effect on performance of the web-site. It will be upgraded further if swap usage gets out of hand again. The other machines will be upgraded too if need be. At the moment provisioning of ProgClub machines is costing Blackbrick $996 per year.<br />
<br />
== IPSec troubleshooting ==<br />
<br />
I've been talking to Slicehost support about the [[IPSec]] issues we've been having. They've been great -- very helpful. They're looking into trying to reproduce the error in another environment for further diagnosis. Will keep you posted if there's any resolution.<br />
<br />
Update: Slicehost was able to reproduce the error, but they don't know how to fix it. We're giving up. We'll pursue other methods of encryption, i.e., SSHFS rather than NFS+IPSec.<br />
<br />
== Policy updates ==<br />
<br />
Still trying to get our policies right. I imagine this will all settle down a little once we're established and I won't need to post a notice of policy updates every day. There is now a general [[ProgClub:Policy|terms and conditions]] page which introduces all ProgClub terms and conditions, and there was a minor update to the CLA in the [[ProgClub:Copyrights|copyright policy]]. All policies had some minor modifications to fix up the formatting.<br />
<br />
== Pcwiki upgrade ==<br />
<br />
[[Pcwiki]] has been upgraded to support a section link on each section. These appear between the 'edit' and 'top' links. Section links will link you to a particular section on the canonical URL.<br />
<br />
== Pcldap released ==<br />
<br />
A new project [[Pcldap]] has been released. It's to provide the [https://www.progclub.org/pcldap LDAP administration] facility.<br />
<br />
= 2011-08-08 =<br />
<br />
== Cweb planning ==<br />
<br />
A new project, to develop a distributed search engine, has entered its planning phase on the ProgClub wiki. See [[Cweb]].<br />
<br />
== Policy updates ==<br />
<br />
All ProgClub [[ProgClub:Policy|policies]] have been updated.<br />
<br />
= 2011-08-07 =<br />
<br />
== LDAP progress ==<br />
<br />
Progress has been made on the LDAP configuration of [[Charity]]. OpenLDAP is now installed and mostly configured. Thanks Friggles!<br />
<br />
== Policy updates ==<br />
<br />
A [[ProgClub:Copyrights|copyright policy]] and a [[ProgClub:General_disclaimer|general disclaimer]] have been added to ProgClub's [[ProgClub:Policy|policies]].<br />
<br />
= 2011-08-06 =<br />
<br />
== Software released ==<br />
<br />
The [[Pcma]] and [[Pcblog]] projects have been released, and moved to the [[Projects#Completed_projects|completed projects]] list. Which means...<br />
<br />
== We have a blog! ==<br />
<br />
A [http://www.progclub.org/blog/ blog] is now available for ProgClub members. If a blog post falls in the woods, and there's no-one there to read it, does it make a sound?<br />
<br />
== ProgSoc fixed HTTPS ==<br />
<br />
HTTPS to [https://www.progsoc.org ProgSoc] now works for its .org domain, so I've moved [[Why_ProgClub_is_cooler_than_ProgSoc#ProgClub_has_a_secure_web-site|secure web-site]] to the redundant points of difference. Well done ProgSoc.<br />
<br />
== ProgClub logo ==<br />
<br />
Our graphic artist is hard at work coming up with our real logo. Here's his first sketch.<br />
<br />
[[File:Logo sketch.jpg]]<br />
<br />
= 2011-08-05 =<br />
<br />
== IPSec abandoned ==<br />
<br />
[[IPSec]] is too hard. It was getting in the way of [[Kerberos]] connectivity, and I've disabled it.<br />
<br />
== Kerberos configured ==<br />
<br />
The [[Kerberos]] project has been a success. [[Charity]] is now configured as the Kerberos Key Distribution Centre (KDC). We're now pending Kerberos SSH integration, and a few other things for [[Single sign-on]].<br />
<br />
== ProgRock ==<br />
<br />
We're still waiting for our new progclub.com domain -- it's expected to be about a week off completing transfer -- but we've already mirrored the [http://www.progclub.org/progrock/ progclub.com] web-site, and put up a [[ProgRock]] page for antiquity.<br />
<br />
== New members ==<br />
<br />
ProgClub welcomes Sclaughl and Jedd. More information available on the [[Members]] page.<br />
<br />
= 2011-08-03 =<br />
<br />
== progclub.com ==<br />
<br />
Blackbrick has shelled out $500 for the [http://www.progclub.com/ progclub.com] domain. Soon it will be an [[Domains#Administrative_domains|administrative domain]] of the club's! Thank you [[ProgRock|ProgClub]]!<br />
<br />
== Email underway ==<br />
<br />
We're starting up our [[Email]] project. Soon our email facilities will be functional.<br />
<br />
== Hack-fest this weekend! ==<br />
<br />
[[User:Friggles|Friggles]] will be heading to [[User:John|John]]'s house in the Blue Mountains this weekend to work on ProgClub [[Network administration]]. Join us if you'd like!<br />
<br />
= 2011-08-01 =<br />
<br />
== ProgClub policies ==<br />
<br />
ProgClub has updated [[ProgClub:Privacy_policy|Privacy]], [[Account locking policy|Account locking]], [[Acceptable use policy|Acceptable use]] and [[Firewall policy|Firewall]] policies.<br />
<br />
== Domains are now configured ==<br />
<br />
Information about the configuration of ProgClub domains is now available on the [[Domains]] page.<br />
<br />
In brief, user domains are progclub.net and progclub.co, while administrative domains are progclub.org and progclub.info. The canonical user domain is progclub.net, and the canonical administrative domain is progclub.org. You should generally use the canonical name when writing documentation or publishing links.<br />
<br />
== IPSec is configured ==<br />
<br />
The [[IPSec]] project is essentially complete. Hosts on the ProgClub network now communicate over encrypted connections.<br />
<br />
== Single sign-on is underway ==<br />
<br />
The [[Single sign-on]] project has been commenced. Soon users will be able to login to the user machines.<br />
<br />
== Pcwiki released ==<br />
<br />
The [[Pcwiki]] project has undergone several releases. That's the software that's driving the ProgClub wiki. With the latest version of [[Pcwiki]] comes valid HTML5 along with the validation icon that you can see on the bottom of every page, the cool green/orange/black fixed-width font skin that you see (called OldSkool), and some other [[Pcwiki#Done|minor polish]]. If you don't like the OldSkool skin you can [[Skins|turn it off]].<br />
<br />
== New members ==<br />
<br />
ProgClub has had its founding members sign up. ProgClub welcomes Tasaio, SanguineV, Key, Friggles, Jav, Andymcm and Kulov. More information is available on the [[Members]] page.</div>60.240.67.126https://www.progclub.org/wiki/mediawiki/index.php?title=Honesty_admin&diff=2213Honesty admin2011-11-30T04:58:31Z<p>60.240.67.126: </p>
<hr />
<div>This page chronicles the administrative changes to [[Honesty|honesty.progclub.net]]. If you make an administrative change you should document the change here. Changes are logged he in reverse chronological order with a time-stamp in the form YYYY-MM-DD hh:mm. You can use the time from whatever timezone you are in, or UTC if you're cool, but use 24 hour time. Don't worry if the changes you make have a time-stamp that is less than a time-stamp later in the page, put the latest changes at the top. Put a link to your wiki user account before the time-stamp so we know who's doing what. See the [[Administrative reference]] for other information.<br />
<br />
= [[User:John|John]] 2011-11-30 15:54 =<br />
<br />
== Web-site goes HTTPS ==<br />
<br />
Found [http://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html this article] which suggested the following in /etc/apache2/sites-enabled/www.progclub.net<br />
<br />
RewriteEngine On<br />
RewriteCond %{HTTPS} off<br />
RewriteRule (.*) https://www.progclub.net%{REQUEST_URI}<br />
<br />
This has two benefits. One is that all web requests will be redirected to the secure site, and the second is that all HTTP requests will be redirected to the canonical domain.<br />
<br />
Also had to run:<br />
<br />
# a2enmod rewrite<br />
<br />
= [[User:John|John]] 2011-11-27 13:43 =<br />
<br />
== Fixing NFSv4 (nfs4) IDMAP issue ==<br />
<br />
See [[Charity_admin#John_2011-11-27_13:37|charity admin]].<br />
<br />
= [[User:John|John]] 2011-09-08 22:21 =<br />
<br />
== Enabling PHP in UserDir ==<br />
<br />
Found [http://devplant.net/2010/05/04/linux-php-not-working-in-userdir-public_html/ this article] which explained how to enable PHP in user directories. Basically edit /etc/apache2/mods-enabled/php5.conf and remove these lines:<br />
<br />
<IfModule mod_userdir.c><br />
<Directory /home/*/public_html><br />
php_admin_value engine Off<br />
</Directory><br />
</IfModule><br />
<br />
= [[User:John|John]] 2011-09-08 22:21 =<br />
<br />
== Installing lsof ==<br />
<br />
jj5@honesty:~/pcad/example/linuxhowtos$ sudo apt-get install lsof<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following NEW packages will be installed:<br />
lsof<br />
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 284kB of archives.<br />
After this operation, 463kB of additional disk space will be used.<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main lsof 4.81.dfsg.1-1build1 [284kB]<br />
Fetched 284kB in 0s (286kB/s)<br />
Selecting previously deselected package lsof.<br />
(Reading database ... 20366 files and directories currently installed.)<br />
Unpacking lsof (from .../lsof_4.81.dfsg.1-1build1_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Setting up lsof (4.81.dfsg.1-1build1) ...<br />
<br />
= [[User:John|John]] 2011-09-08 22:07 =<br />
<br />
== Installing telnet ==<br />
<br />
jj5@honesty:~/pcad/example/linuxhowtos$ sudo apt-get install telnet<br />
[sudo] password for jj5:<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following NEW packages will be installed:<br />
telnet<br />
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 72.2kB of archives.<br />
After this operation, 209kB of additional disk space will be used.<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main telnet 0.17-36build1 [72.2kB]<br />
Fetched 72.2kB in 0s (119kB/s)<br />
Selecting previously deselected package telnet.<br />
(Reading database ... 20355 files and directories currently installed.)<br />
Unpacking telnet (from .../telnet_0.17-36build1_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Setting up telnet (0.17-36build1) ...<br />
update-alternatives: using /usr/bin/telnet.netkit to provide /usr/bin/telnet (telnet) in auto mode.<br />
<br />
Committing to: /etc/<br />
added alternatives/telnet<br />
added alternatives/telnet.1.gz<br />
Committed revision 27.<br />
<br />
<br />
= [[User:John|John]] 2011-09-08 21:44 =<br />
<br />
== Installing gcc ==<br />
<br />
root@honesty:~/pcad# apt-get install gcc<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
binutils gcc-4.4 libc-dev-bin libc6-dev libgomp1 linux-libc-dev manpages-dev<br />
Suggested packages:<br />
binutils-doc gcc-multilib autoconf automake1.9 libtool flex bison gdb<br />
gcc-doc gcc-4.4-multilib libmudflap0-4.4-dev gcc-4.4-doc gcc-4.4-locales<br />
libgcc1-dbg libgomp1-dbg libmudflap0-dbg libcloog-ppl0 libppl-c2 libppl7<br />
glibc-doc<br />
The following NEW packages will be installed:<br />
binutils gcc gcc-4.4 libc-dev-bin libc6-dev libgomp1 linux-libc-dev<br />
manpages-dev<br />
0 upgraded, 8 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 9883kB of archives.<br />
After this operation, 35.3MB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid-updates/main binutils 2.20.1-3ubuntu7.1 [1658kB]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main libgomp1 4.4.3-4ubuntu5 [25.5kB]<br />
Get:3 http://archive.ubuntu.com/ubuntu/ lucid/main gcc-4.4 4.4.3-4ubuntu5 [2877kB]<br />
Get:4 http://archive.ubuntu.com/ubuntu/ lucid/main gcc 4:4.4.3-1ubuntu1 [5064B]<br />
Get:5 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libc-dev-bin 2.11.1-0ubuntu7.8 [224kB]<br />
Get:6 http://archive.ubuntu.com/ubuntu/ lucid-updates/main linux-libc-dev 2.6.32-33.72 [841kB]<br />
Get:7 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libc6-dev 2.11.1-0ubuntu7.8 [2706kB]<br />
Get:8 http://archive.ubuntu.com/ubuntu/ lucid/main manpages-dev 3.23-1 [1547kB]<br />
Fetched 9883kB in 5s (1875kB/s)<br />
Selecting previously deselected package binutils.<br />
(Reading database ... 17233 files and directories currently installed.)<br />
Unpacking binutils (from .../binutils_2.20.1-3ubuntu7.1_amd64.deb) ...<br />
Selecting previously deselected package libgomp1.<br />
Unpacking libgomp1 (from .../libgomp1_4.4.3-4ubuntu5_amd64.deb) ...<br />
Selecting previously deselected package gcc-4.4.<br />
Unpacking gcc-4.4 (from .../gcc-4.4_4.4.3-4ubuntu5_amd64.deb) ...<br />
Selecting previously deselected package gcc.<br />
Unpacking gcc (from .../gcc_4%3a4.4.3-1ubuntu1_amd64.deb) ...<br />
Selecting previously deselected package libc-dev-bin.<br />
Unpacking libc-dev-bin (from .../libc-dev-bin_2.11.1-0ubuntu7.8_amd64.deb) ...<br />
Selecting previously deselected package linux-libc-dev.<br />
Unpacking linux-libc-dev (from .../linux-libc-dev_2.6.32-33.72_amd64.deb) ...<br />
Selecting previously deselected package libc6-dev.<br />
Unpacking libc6-dev (from .../libc6-dev_2.11.1-0ubuntu7.8_amd64.deb) ...<br />
Selecting previously deselected package manpages-dev.<br />
Unpacking manpages-dev (from .../manpages-dev_3.23-1_all.deb) ...<br />
Processing triggers for man-db ...<br />
Setting up binutils (2.20.1-3ubuntu7.1) ... <br />
<br />
Setting up libgomp1 (4.4.3-4ubuntu5) ...<br />
<br />
Setting up gcc-4.4 (4.4.3-4ubuntu5) ...<br />
Setting up gcc (4:4.4.3-1ubuntu1) ...<br />
<br />
Setting up libc-dev-bin (2.11.1-0ubuntu7.8) ...<br />
Setting up linux-libc-dev (2.6.32-33.72) ...<br />
Setting up libc6-dev (2.11.1-0ubuntu7.8) ...<br />
Setting up manpages-dev (3.23-1) ...<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
Committing to: /etc/<br />
added alternatives/c89<br />
added alternatives/c89.1.gz<br />
added alternatives/c99<br />
added alternatives/c99.1.gz<br />
added alternatives/cc<br />
added alternatives/cc.1.gz<br />
Committed revision 26.<br />
<br />
= [[User:John|John]] 2011-09-03 00:24 =<br />
<br />
== Kerberizing Apache ==<br />
<br />
root@honesty:/home/apache/www/www.progclub.net/pcma# kadmin -p jj5<br />
Authenticating as principal jj5 with password.<br />
Password for jj5@PROGCLUB.ORG:<br />
kadmin: addprinc -randkey HTTP/honesty.progclub.org<br />
WARNING: no policy specified for HTTP/honesty.progclub.org@PROGCLUB.ORG; defaulting to no policy<br />
Principal "HTTP/honesty.progclub.org@PROGCLUB.ORG" created.<br />
kadmin: delprinc HTTP/honesty.progclub.org<br />
Are you sure you want to delete the principal "HTTP/honesty.progclub.org@PROGCLUB.ORG"? (yes/no): yes<br />
Principal "HTTP/honesty.progclub.org@PROGCLUB.ORG" deleted.<br />
Make sure that you have removed this principal from all ACLs before reusing.<br />
kadmin: addprinc -randkey HTTP/honesty.progclub.net<br />
WARNING: no policy specified for HTTP/honesty.progclub.net@PROGCLUB.ORG; defaulting to no policy<br />
Principal "HTTP/honesty.progclub.net@PROGCLUB.ORG" created.<br />
kadmin: ktadd -k /etc/apache2/apache2.keytab HTTP/honesty.progclub.net<br />
Entry for principal HTTP/honesty.progclub.net with kvno 2, encryption type AES-256 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/etc/apache2/apache2.keytab.<br />
Entry for principal HTTP/honesty.progclub.net with kvno 2, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/apache2/apache2.keytab.<br />
Entry for principal HTTP/honesty.progclub.net with kvno 2, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/apache2/apache2.keytab.<br />
Entry for principal HTTP/honesty.progclub.net with kvno 2, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/etc/apache2/apache2.keytab.<br />
kadmin: quit<br />
<br />
root@honesty:/home/apache/www/www.progclub.net/pcma# chown www-data:www-data /etc/apache/apache2.keytab<br />
root@honesty:/home/apache/www/www.progclub.net/pcma# chmod 400 /etc/apache2/apache2.keytab<br />
root@honesty:/home/apache/www/www.progclub.net/pcma# apt-get install libapache2-mod-auth-kerb<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following NEW packages will be installed:<br />
libapache2-mod-auth-kerb<br />
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 20.3kB of archives.<br />
After this operation, 119kB of additional disk space will be used.<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libapache2-mod-auth-kerb 5.3-5build2 [20.3kB]<br />
Fetched 20.3kB in 0s (32.7kB/s)<br />
Committing to: /etc/<br />
modified .etckeeper<br />
added apache2/apache2.keytab<br />
Committed revision 23.<br />
Selecting previously deselected package libapache2-mod-auth-kerb.<br />
(Reading database ... 17197 files and directories currently installed.)<br />
Unpacking libapache2-mod-auth-kerb (from .../libapache2-mod-auth-kerb_5.3-5build2_amd64.deb) ...<br />
Setting up libapache2-mod-auth-kerb (5.3-5build2) ...<br />
Enabling module auth_kerb.<br />
Run '/etc/init.d/apache2 restart' to activate new configuration!<br />
<br />
Committing to: /etc/<br />
added apache2/mods-available/auth_kerb.load<br />
added apache2/mods-enabled/auth_kerb.load<br />
Committed revision 24.<br />
root@honesty:/home/apache/www/www.progclub.net/pcma#<br />
<br />
= [[User:John|John]] 2011-08-19 14:43 =<br />
<br />
== Installing fail2ban ==<br />
<br />
jj5@honesty:~$ sudo -s<br />
[sudo] password for jj5:<br />
root@honesty:~# apt-get install fail2ban<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
whois<br />
Suggested packages:<br />
python-gamin mailx<br />
The following NEW packages will be installed:<br />
fail2ban whois<br />
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 129kB of archives.<br />
After this operation, 1032kB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/universe fail2ban 0.8.4-1ubuntu1 [96.0kB]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main whois 5.0.0ubuntu3 [32.6kB]<br />
Fetched 129kB in 1s (128kB/s)<br />
Selecting previously deselected package fail2ban.<br />
(Reading database ... 16972 files and directories currently installed.)<br />
Unpacking fail2ban (from .../fail2ban_0.8.4-1ubuntu1_all.deb) ...<br />
Selecting previously deselected package whois.<br />
Unpacking whois (from .../whois_5.0.0ubuntu3_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Processing triggers for ureadahead ...<br />
Setting up fail2ban (0.8.4-1ubuntu1) ...<br />
<br />
Setting up whois (5.0.0ubuntu3) ...<br />
Processing triggers for python-central ...<br />
Committing to: /etc/<br />
added fail2ban<br />
added default/fail2ban<br />
added fail2ban/action.d<br />
added fail2ban/fail2ban.conf<br />
added fail2ban/filter.d<br />
added fail2ban/jail.conf<br />
added fail2ban/action.d/complain.conf<br />
added fail2ban/action.d/dshield.conf<br />
added fail2ban/action.d/hostsdeny.conf<br />
added fail2ban/action.d/ipfilter.conf<br />
added fail2ban/action.d/ipfw.conf<br />
added fail2ban/action.d/iptables-allports.conf<br />
added fail2ban/action.d/iptables-multiport-log.conf<br />
added fail2ban/action.d/iptables-multiport.conf<br />
added fail2ban/action.d/iptables-new.conf<br />
added fail2ban/action.d/iptables.conf<br />
added fail2ban/action.d/mail-buffered.conf<br />
added fail2ban/action.d/mail-whois-lines.conf<br />
added fail2ban/action.d/mail-whois.conf<br />
added fail2ban/action.d/mail.conf<br />
added fail2ban/action.d/mynetwatchman.conf<br />
added fail2ban/action.d/sendmail-buffered.conf<br />
added fail2ban/action.d/sendmail-whois-lines.conf<br />
added fail2ban/action.d/sendmail-whois.conf<br />
added fail2ban/action.d/sendmail.conf<br />
added fail2ban/action.d/shorewall.conf<br />
added fail2ban/filter.d/apache-auth.conf<br />
added fail2ban/filter.d/apache-badbots.conf<br />
added fail2ban/filter.d/apache-nohome.conf<br />
added fail2ban/filter.d/apache-noscript.conf<br />
added fail2ban/filter.d/apache-overflows.conf<br />
added fail2ban/filter.d/common.conf<br />
added fail2ban/filter.d/courierlogin.conf<br />
added fail2ban/filter.d/couriersmtp.conf<br />
added fail2ban/filter.d/cyrus-imap.conf<br />
added fail2ban/filter.d/exim.conf<br />
added fail2ban/filter.d/gssftpd.conf<br />
added fail2ban/filter.d/lighttpd-fastcgi.conf<br />
added fail2ban/filter.d/named-refused.conf<br />
added fail2ban/filter.d/pam-generic.conf<br />
added fail2ban/filter.d/php-url-fopen.conf<br />
added fail2ban/filter.d/postfix.conf<br />
added fail2ban/filter.d/proftpd.conf<br />
added fail2ban/filter.d/pure-ftpd.conf<br />
added fail2ban/filter.d/qmail.conf<br />
added fail2ban/filter.d/sasl.conf<br />
added fail2ban/filter.d/sieve.conf<br />
added fail2ban/filter.d/sshd-ddos.conf<br />
added fail2ban/filter.d/sshd.conf<br />
added fail2ban/filter.d/vsftpd.conf<br />
added fail2ban/filter.d/webmin-auth.conf<br />
added fail2ban/filter.d/wuftpd.conf<br />
added fail2ban/filter.d/xinetd-fail.conf<br />
added init.d/fail2ban<br />
added logrotate.d/fail2ban<br />
added rc0.d/K99fail2ban<br />
added rc1.d/K99fail2ban<br />
added rc2.d/S99fail2ban<br />
added rc3.d/S99fail2ban<br />
added rc4.d/S99fail2ban<br />
added rc5.d/S99fail2ban<br />
added rc6.d/K99fail2ban<br />
Committed revision 16.<br />
<br />
<br />
= [[User:John|John]] 2011-08-15 05:08 =<br />
<br />
== Installing Apache, MySQL and PHP ==<br />
<br />
root@honesty:~# apt-get install apache2 mysql-server php5<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common<br />
libapache2-mod-php5 libapr1 libaprutil1 libaprutil1-dbd-sqlite3<br />
libaprutil1-ldap libdbd-mysql-perl libdbi-perl libexpat1<br />
libhtml-template-perl libmysqlclient16 libnet-daemon-perl libplrpc-perl<br />
mysql-client-5.1 mysql-client-core-5.1 mysql-common mysql-server-5.1<br />
mysql-server-core-5.1 php5-common psmisc ssl-cert<br />
Suggested packages:<br />
www-browser apache2-doc apache2-suexec apache2-suexec-custom ufw php-pear<br />
dbishell libipc-sharedcache-perl tinyca mailx php5-suhosin<br />
The following NEW packages will be installed:<br />
apache2 apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common<br />
libapache2-mod-php5 libapr1 libaprutil1 libaprutil1-dbd-sqlite3<br />
libaprutil1-ldap libdbd-mysql-perl libdbi-perl libexpat1<br />
libhtml-template-perl libmysqlclient16 libnet-daemon-perl libplrpc-perl<br />
mysql-client-5.1 mysql-client-core-5.1 mysql-common mysql-server<br />
mysql-server-5.1 mysql-server-core-5.1 php5 php5-common psmisc ssl-cert<br />
0 upgraded, 27 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 31.5MB of archives.<br />
After this operation, 82.8MB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
<br />
<br />
= [[User:John|John]] 2011-08-15 04:06 =<br />
<br />
== Configuring NFS client ==<br />
<br />
root@honesty:/etc# apt-get install nfs-common<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
libevent-1.4-2 libgssglue1 libnfsidmap2 librpcsecgss3 portmap<br />
The following NEW packages will be installed:<br />
libevent-1.4-2 libgssglue1 libnfsidmap2 librpcsecgss3 nfs-common portmap<br />
0 upgraded, 6 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 421kB of archives.<br />
After this operation, 1364kB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libevent-1.4-2 1.4.13-stable-1 [61.4kB]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main libgssglue1 0.1-4 [24.4kB]<br />
Get:3 http://archive.ubuntu.com/ubuntu/ lucid/main libnfsidmap2 0.23-2 [32.1kB]<br />
Get:4 http://archive.ubuntu.com/ubuntu/ lucid/main librpcsecgss3 0.19-2 [36.3kB]<br />
Get:5 http://archive.ubuntu.com/ubuntu/ lucid/main portmap 6.0.0-1ubuntu2 [38.2kB]<br />
Get:6 http://archive.ubuntu.com/ubuntu/ lucid/main nfs-common 1:1.2.0-4ubuntu4 [228kB]<br />
Fetched 421kB in 1s (359kB/s)<br />
Preconfiguring packages ...<br />
Selecting previously deselected package libevent-1.4-2.<br />
(Reading database ... 15759 files and directories currently installed.)<br />
Unpacking libevent-1.4-2 (from .../libevent-1.4-2_1.4.13-stable-1_amd64.deb) ...<br />
Selecting previously deselected package libgssglue1.<br />
Unpacking libgssglue1 (from .../libgssglue1_0.1-4_amd64.deb) ...<br />
Selecting previously deselected package libnfsidmap2.<br />
Unpacking libnfsidmap2 (from .../libnfsidmap2_0.23-2_amd64.deb) ...<br />
Selecting previously deselected package librpcsecgss3.<br />
Unpacking librpcsecgss3 (from .../librpcsecgss3_0.19-2_amd64.deb) ...<br />
Selecting previously deselected package portmap.<br />
Unpacking portmap (from .../portmap_6.0.0-1ubuntu2_amd64.deb) ...<br />
Selecting previously deselected package nfs-common.<br />
Unpacking nfs-common (from .../nfs-common_1%3a1.2.0-4ubuntu4_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Processing triggers for ureadahead ...<br />
Setting up libevent-1.4-2 (1.4.13-stable-1) ...<br />
<br />
Setting up libgssglue1 (0.1-4) ...<br />
<br />
Setting up libnfsidmap2 (0.23-2) ...<br />
<br />
Setting up librpcsecgss3 (0.19-2) ...<br />
<br />
Setting up portmap (6.0.0-1ubuntu2) ...<br />
portmap start/running, process 7410<br />
<br />
Setting up nfs-common (1:1.2.0-4ubuntu4) ...<br />
<br />
Creating config file /etc/idmapd.conf with new version<br />
<br />
Creating config file /etc/default/nfs-common with new version<br />
Adding system user `statd' (UID 104) ...<br />
Adding new user `statd' (UID 104) with group `nogroup' ...<br />
Not creating home directory `/var/lib/nfs'.<br />
statd start/running, process 7626<br />
gssd stop/pre-start, process 7651<br />
idmapd stop/pre-start, process 7679<br />
<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
Committing to: /etc/<br />
added gssapi_mech.conf<br />
added idmapd.conf<br />
modified passwd<br />
modified passwd-<br />
modified shadow<br />
modified shadow-<br />
added default/nfs-common<br />
added default/portmap<br />
added init/gssd.conf<br />
added init/idmapd.conf<br />
added init/portmap.conf<br />
added init/rpc_pipefs.conf<br />
added init/statd.conf<br />
added init.d/gssd<br />
added init.d/idmapd<br />
added init.d/portmap<br />
added init.d/rpc_pipefs<br />
added init.d/statd<br />
Committed revision 12.<br />
<br />
root@honesty:/etc# vim /etc/fstab<br />
root@honesty:/etc# cat /etc/fstab<br />
proc /proc proc defaults 0 0<br />
/dev/sda1 / ext3 defaults,errors=remount-ro,noatime 0 1<br />
/dev/sda2 none swap sw 0 0<br />
172.19.1.45:/home /home nfs4 rw,_netdev,auto 0 0<br />
<br />
root@honesty:/etc# vim /etc/modules<br />
root@honesty:/etc# cat /etc/modules<br />
# /etc/modules: kernel modules to load at boot time.<br />
#<br />
# This file contains the names of kernel modules that should be loaded<br />
# at boot time, one per line. Lines beginning with "#" are ignored.<br />
nfs<br />
<br />
<br />
<br />
= [[User:John|John]] 2011-08-15 03:45 =<br />
<br />
== Configuring Kerberos client ==<br />
<br />
jj5@honesty:~$ sudo -s<br />
[sudo] password for jj5:<br />
root@honesty:~# apt-get install krb5-user krb5-config libpam-krb5<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
bind9-host geoip-database libbind9-60 libdns64 libgeoip1 libgssrpc4 libisc60<br />
libisccc60 libisccfg60 libkadm5clnt-mit7 liblwres60<br />
Suggested packages:<br />
geoip-bin krb5-doc<br />
The following NEW packages will be installed:<br />
bind9-host geoip-database krb5-config krb5-user libbind9-60 libdns64<br />
libgeoip1 libgssrpc4 libisc60 libisccc60 libisccfg60 libkadm5clnt-mit7<br />
liblwres60 libpam-krb5<br />
0 upgraded, 14 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 2235kB of archives.<br />
After this operation, 5517kB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
<br />
Package configuration<br />
<br />
<br />
<br />
┌──────────────────┤ Configuring Kerberos Authentication ├──────────────────┐<br />
│ When users attempt to use Kerberos and specify a principal or user name │<br />
│ without specifying what administrative Kerberos realm that principal │<br />
│ belongs to, the system appends the default realm. The default realm may │<br />
│ also be used as the realm of a Kerberos service running on the local │<br />
│ machine. Often, the default realm is the uppercase version of the local │<br />
│ DNS domain. │<br />
│ │<br />
│ Default Kerberos version 5 realm: │<br />
│ │<br />
│ PROGCLUB.ORG_____________________________________________________________ │<br />
│ │<br />
│ <Ok> │<br />
│ │<br />
└───────────────────────────────────────────────────────────────────────────┘<br />
<br />
Package configuration<br />
<br />
<br />
<br />
<br />
<br />
┌────────────────┤ Configuring Kerberos Authentication ├─────────────────┐<br />
│ Enter the hostnames of Kerberos servers in the PROGCLUB.ORG Kerberos │<br />
│ realm separated by spaces. │<br />
│ │<br />
│ Kerberos servers for your realm: │<br />
│ │<br />
│ kerberos.progclub.org_________________________________________________ │<br />
│ │<br />
│ <Ok> │<br />
│ │<br />
└────────────────────────────────────────────────────────────────────────┘<br />
<br />
Package configuration<br />
<br />
<br />
<br />
<br />
<br />
┌──────────────────┤ Configuring Kerberos Authentication ├──────────────────┐<br />
│ Enter the hostname of the administrative (password changing) server for │<br />
│ the PROGCLUB.ORG Kerberos realm. │<br />
│ │<br />
│ Administrative server for your Kerberos realm: │<br />
│ │<br />
│ kerberos.progclub.org____________________________________________________ │<br />
│ │<br />
│ <Ok> │<br />
│ │<br />
└───────────────────────────────────────────────────────────────────────────┘<br />
<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libgeoip1 1.4.6.dfsg-17 [109kB]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main libisc60 1:9.7.0.dfsg.P1-1 [169kB]<br />
Get:3 http://archive.ubuntu.com/ubuntu/ lucid/main libdns64 1:9.7.0.dfsg.P1-1 [690kB]<br />
Get:4 http://archive.ubuntu.com/ubuntu/ lucid/main libisccc60 1:9.7.0.dfsg.P1-1 [29.4kB]<br />
Get:5 http://archive.ubuntu.com/ubuntu/ lucid/main libisccfg60 1:9.7.0.dfsg.P1-1 [52.6kB]<br />
Get:6 http://archive.ubuntu.com/ubuntu/ lucid/main libbind9-60 1:9.7.0.dfsg.P1-1 [34.1kB]<br />
Get:7 http://archive.ubuntu.com/ubuntu/ lucid/main liblwres60 1:9.7.0.dfsg.P1-1 [47.9kB]<br />
Get:8 http://archive.ubuntu.com/ubuntu/ lucid/main bind9-host 1:9.7.0.dfsg.P1-1 [68.2kB]<br />
Get:9 http://archive.ubuntu.com/ubuntu/ lucid/main geoip-database 1.4.6.dfsg-17 [658kB]<br />
Get:10 http://archive.ubuntu.com/ubuntu/ lucid/main krb5-config 2.2 [23.0kB]<br />
Get:11 http://archive.ubuntu.com/ubuntu/ lucid/main libgssrpc4 1.8.1+dfsg-2 [81.4kB]<br />
Get:12 http://archive.ubuntu.com/ubuntu/ lucid/main libkadm5clnt-mit7 1.8.1+dfsg-2 [62.0kB]<br />
Get:13 http://archive.ubuntu.com/ubuntu/ lucid/main krb5-user 1.8.1+dfsg-2 [137kB]<br />
Get:14 http://archive.ubuntu.com/ubuntu/ lucid/main libpam-krb5 4.2-1 [73.8kB]<br />
Fetched 2235kB in 1s (1280kB/s)<br />
Preconfiguring packages ...<br />
Selecting previously deselected package libgeoip1.<br />
(Reading database ... 15582 files and directories currently installed.)<br />
Unpacking libgeoip1 (from .../libgeoip1_1.4.6.dfsg-17_amd64.deb) ...<br />
Selecting previously deselected package libisc60.<br />
Unpacking libisc60 (from .../libisc60_1%3a9.7.0.dfsg.P1-1_amd64.deb) ...<br />
Selecting previously deselected package libdns64.<br />
Unpacking libdns64 (from .../libdns64_1%3a9.7.0.dfsg.P1-1_amd64.deb) ...<br />
Selecting previously deselected package libisccc60.<br />
Unpacking libisccc60 (from .../libisccc60_1%3a9.7.0.dfsg.P1-1_amd64.deb) ...<br />
Selecting previously deselected package libisccfg60.<br />
Unpacking libisccfg60 (from .../libisccfg60_1%3a9.7.0.dfsg.P1-1_amd64.deb) ...<br />
Selecting previously deselected package libbind9-60.<br />
Unpacking libbind9-60 (from .../libbind9-60_1%3a9.7.0.dfsg.P1-1_amd64.deb) ...<br />
Selecting previously deselected package liblwres60.<br />
Unpacking liblwres60 (from .../liblwres60_1%3a9.7.0.dfsg.P1-1_amd64.deb) ...<br />
Selecting previously deselected package bind9-host.<br />
Unpacking bind9-host (from .../bind9-host_1%3a9.7.0.dfsg.P1-1_amd64.deb) ...<br />
Selecting previously deselected package geoip-database.<br />
Unpacking geoip-database (from .../geoip-database_1.4.6.dfsg-17_all.deb) ...<br />
Selecting previously deselected package krb5-config.<br />
Unpacking krb5-config (from .../krb5-config_2.2_all.deb) ...<br />
Selecting previously deselected package libgssrpc4.<br />
Unpacking libgssrpc4 (from .../libgssrpc4_1.8.1+dfsg-2_amd64.deb) ...<br />
Selecting previously deselected package libkadm5clnt-mit7.<br />
Unpacking libkadm5clnt-mit7 (from .../libkadm5clnt-mit7_1.8.1+dfsg-2_amd64.deb) ...<br />
Selecting previously deselected package krb5-user.<br />
Unpacking krb5-user (from .../krb5-user_1.8.1+dfsg-2_amd64.deb) ...<br />
Selecting previously deselected package libpam-krb5.<br />
Unpacking libpam-krb5 (from .../libpam-krb5_4.2-1_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Setting up libgeoip1 (1.4.6.dfsg-17) ...<br />
<br />
Setting up libisc60 (1:9.7.0.dfsg.P1-1) ...<br />
<br />
Setting up libdns64 (1:9.7.0.dfsg.P1-1) ...<br />
<br />
Setting up libisccc60 (1:9.7.0.dfsg.P1-1) ...<br />
<br />
Setting up libisccfg60 (1:9.7.0.dfsg.P1-1) ...<br />
<br />
Setting up libbind9-60 (1:9.7.0.dfsg.P1-1) ... <br />
<br />
Setting up liblwres60 (1:9.7.0.dfsg.P1-1) ...<br />
<br />
Setting up bind9-host (1:9.7.0.dfsg.P1-1) ...<br />
Setting up geoip-database (1.4.6.dfsg-17) ...<br />
Setting up krb5-config (2.2) ...<br />
<br />
Setting up libgssrpc4 (1.8.1+dfsg-2) ...<br />
<br />
Setting up libkadm5clnt-mit7 (1.8.1+dfsg-2) ...<br />
<br />
Setting up krb5-user (1.8.1+dfsg-2) ...<br />
Setting up libpam-krb5 (4.2-1) ...<br />
<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
Committing to: /etc/<br />
added krb5.conf<br />
modified pam.d/common-account<br />
modified pam.d/common-auth<br />
modified pam.d/common-password<br />
modified pam.d/common-session<br />
modified pam.d/common-session-noninteractive<br />
Committed revision 8.<br />
<br />
root@honesty:~# hostname -f<br />
honesty<br />
root@honesty:~# vim /etc/hosts<br />
root@honesty:~# cat /etc/hosts<br />
127.0.0.1 localhost localhost.localdomain<br />
67.207.129.103 honesty.progclub.net honesty<br />
root@honesty:~# hostname -f<br />
honesty.progclub.net<br />
<br />
root@honesty:~# kadmin -p jj5<br />
Authenticating as principal jj5 with password.<br />
Password for jj5@PROGCLUB.ORG:<br />
kadmin: addprinc -randkey host/honesty.progclub.net@PROGCLUB.ORG<br />
WARNING: no policy specified for host/honesty.progclub.net@PROGCLUB.ORG; defaulting to no policy<br />
Principal "host/honesty.progclub.net@PROGCLUB.ORG" created.<br />
kadmin: ktadd host/honesty.progclub.net@PROGCLUB.ORG<br />
Entry for principal host/honesty.progclub.net@PROGCLUB.ORG with kvno 2, encryption type AES-256 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/etc/krb5.keytab.<br />
Entry for principal host/honesty.progclub.net@PROGCLUB.ORG with kvno 2, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/krb5.keytab.<br />
Entry for principal host/honesty.progclub.net@PROGCLUB.ORG with kvno 2, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.<br />
Entry for principal host/honesty.progclub.net@PROGCLUB.ORG with kvno 2, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/etc/krb5.keytab.<br />
kadmin: quit<br />
<br />
root@honesty:~# cd /etc<br />
root@honesty:/etc# ll kr*<br />
-rw-r--r-- 1 root root 3504 Aug 14 17:49 krb5.conf<br />
-rw------- 1 root root 326 Aug 14 17:53 krb5.keytab<br />
<br />
root@honesty:/etc# apt-get install libnss-ldapd libsasl2-modules-gssapi-mit kstart<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
libpam-ldapd nscd nslcd<br />
The following NEW packages will be installed:<br />
kstart libnss-ldapd libpam-ldapd libsasl2-modules-gssapi-mit nscd nslcd<br />
0 upgraded, 6 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 531kB of archives.<br />
After this operation, 1311kB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
<br />
Package configuration<br />
<br />
<br />
┌─────────────────────────┤ Configuring NSLCD ├──────────────────────────┐<br />
│ Please enter the Uniform Resource Identifier of the LDAP server. The │<br />
│ format is 'ldap://<hostname_or_IP_address>:<port>/'. Alternatively, │<br />
│ 'ldaps://' or 'ldapi://' can be used. The port number is optional. │<br />
│ │<br />
│ When using an ldap or ldaps scheme it is recommended to use an IP │<br />
│ address to avoid failures when domain name services are unavailable. │<br />
│ │<br />
│ Multiple URIs can be be specified by separating them with spaces. │<br />
│ │<br />
│ LDAP server URI: │<br />
│ │<br />
│ ldaps://charity.progclub.org/_________________________________________ │<br />
│ │<br />
│ <Ok> <Cancel> │<br />
│ │<br />
└────────────────────────────────────────────────────────────────────────┘<br />
<br />
Package configuration<br />
<br />
<br />
<br />
<br />
┌───────────────────────────┤ Configuring NSLCD ├───────────────────────────┐<br />
│ Please enter the distinguished name of the LDAP search base. Many sites │<br />
│ use the components of their domain names for this purpose. For example, │<br />
│ the domain "example.net" would use "dc=example,dc=net" as the │<br />
│ distinguished name of the search base. │<br />
│ │<br />
│ LDAP server search base: │<br />
│ │<br />
│ dc=progclub,dc=org_______________________________________________________ │<br />
│ │<br />
│ <Ok> <Cancel> │<br />
│ │<br />
└───────────────────────────────────────────────────────────────────────────┘<br />
<br />
Package configuration<br />
<br />
<br />
┌───────────────────────────┤ Configuring NSLCD ├───────────────────────────┐<br />
│ │<br />
│ When an encrypted connection is used, a server certificate can be │<br />
│ requested and checked. Please choose whether lookups should be │<br />
│ configured to require a certificate, and whether certificates should be │<br />
│ checked for validity: │<br />
│ * never: no certificate will be requested or checked; │<br />
│ * allow: a certificate will be requested, but it is not │<br />
│ required or checked; │<br />
│ * try: a certificate will be requested and checked, but if no │<br />
│ certificate is provided it is ignored; │<br />
│ * demand: a certificate will be requested, required, and checked. │<br />
│ If certificate checking is enabled, at least one of the tls_cacertdir or │<br />
│ tls_cacertfile options must be put in /etc/nslcd.conf. │<br />
│ │<br />
│ <Ok> │<br />
│ │<br />
└───────────────────────────────────────────────────────────────────────────┘<br />
<br />
Package configuration<br />
<br />
<br />
<br />
<br />
<br />
┌──────┤ Configuring NSLCD ├───────┐<br />
│ Check server's SSL certificate: │<br />
│ │<br />
│ never │<br />
│ * allow │<br />
│ try │<br />
│ demand │<br />
│ │<br />
│ │<br />
│ <Ok> <Cancel> │<br />
│ │<br />
└──────────────────────────────────┘<br />
<br />
Package configuration<br />
<br />
┌───────────────────────┤ Configuring libnss-ldapd ├────────────────────────┐<br />
│ For this package to work, you need to modify your /etc/nsswitch.conf to │<br />
│ use the ldap datasource. │<br />
│ │<br />
│ You can select the services that should have LDAP lookups enabled. The │<br />
│ new LDAP lookups will be added as the last datasource. Be sure to review │<br />
│ these changes. │<br />
│ │<br />
│ Name services to configure: │<br />
│ │<br />
│ [*] aliases │<br />
│ [*] ethers │<br />
│ [*] group │<br />
│ [*] hosts │<br />
│ [*] netgroup │<br />
│ [*] networks │<br />
│ [*] passwd │<br />
│ [*] protocols │<br />
│ [*] rpc │<br />
│ [*] services │<br />
│ [*] shadow │<br />
│ │<br />
│ │<br />
│ <Ok> │<br />
│ │<br />
└───────────────────────────────────────────────────────────────────────────┘<br />
<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/universe kstart 3.16-3 [58.3kB]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/universe libsasl2-modules-gssapi-mit 2.1.23.dfsg1-5ubuntu1 [73.1kB]<br />
Get:3 http://archive.ubuntu.com/ubuntu/ lucid/universe nscd 2.11.1-0ubuntu7 [211kB]<br />
Get:4 http://archive.ubuntu.com/ubuntu/ lucid/universe nslcd 0.7.2 [120kB]<br />
Get:5 http://archive.ubuntu.com/ubuntu/ lucid/universe libnss-ldapd 0.7.2 [41.8kB]<br />
Get:6 http://archive.ubuntu.com/ubuntu/ lucid/universe libpam-ldapd 0.7.2 [27.6kB]<br />
Fetched 531kB in 1s (441kB/s)<br />
Committing to: /etc/<br />
modified .etckeeper<br />
modified hosts<br />
added krb5.keytab<br />
Committed revision 9.<br />
Preconfiguring packages ...<br />
Selecting previously deselected package kstart.<br />
(Reading database ... 15699 files and directories currently installed.)<br />
Unpacking kstart (from .../kstart_3.16-3_amd64.deb) ...<br />
Selecting previously deselected package libsasl2-modules-gssapi-mit.<br />
Unpacking libsasl2-modules-gssapi-mit (from .../libsasl2-modules-gssapi-mit_2.1.23.dfsg1-5ubuntu1_amd64.deb) ...<br />
Selecting previously deselected package nscd.<br />
Unpacking nscd (from .../nscd_2.11.1-0ubuntu7_amd64.deb) ...<br />
Selecting previously deselected package nslcd.<br />
Unpacking nslcd (from .../archives/nslcd_0.7.2_amd64.deb) ...<br />
Selecting previously deselected package libnss-ldapd.<br />
Unpacking libnss-ldapd (from .../libnss-ldapd_0.7.2_amd64.deb) ...<br />
Selecting previously deselected package libpam-ldapd.<br />
Unpacking libpam-ldapd (from .../libpam-ldapd_0.7.2_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Processing triggers for ureadahead ...<br />
Setting up kstart (3.16-3) ...<br />
Setting up libsasl2-modules-gssapi-mit (2.1.23.dfsg1-5ubuntu1) ...<br />
Setting up nscd (2.11.1-0ubuntu7) ...<br />
* Starting Name Service Cache Daemon nscd [ OK ]<br />
<br />
Setting up nslcd (0.7.2) ...<br />
Warning: The home dir /var/run/nslcd/ you specified can't be accessed: No such file or directory<br />
Adding system user `nslcd' (UID 103) ...<br />
Adding new group `nslcd' (GID 105) ...<br />
Adding new user `nslcd' (UID 103) with group `nslcd' ...<br />
Not creating home directory `/var/run/nslcd/'.<br />
* Starting LDAP connection daemon nslcd [ OK ]<br />
<br />
Setting up libnss-ldapd (0.7.2) ...<br />
/etc/nsswitch.conf: enable LDAP lookups for aliases<br />
/etc/nsswitch.conf: enable LDAP lookups for ethers<br />
/etc/nsswitch.conf: enable LDAP lookups for group<br />
/etc/nsswitch.conf: enable LDAP lookups for hosts<br />
/etc/nsswitch.conf: enable LDAP lookups for netgroup<br />
/etc/nsswitch.conf: enable LDAP lookups for networks<br />
/etc/nsswitch.conf: enable LDAP lookups for passwd<br />
/etc/nsswitch.conf: enable LDAP lookups for protocols<br />
/etc/nsswitch.conf: enable LDAP lookups for rpc<br />
/etc/nsswitch.conf: enable LDAP lookups for services<br />
/etc/nsswitch.conf: enable LDAP lookups for shadow<br />
* Restarting Name Service Cache Daemon nscd [ OK ]<br />
<br />
Setting up libpam-ldapd (0.7.2) ...<br />
<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
Committing to: /etc/<br />
modified .etckeeper<br />
modified group<br />
modified group-<br />
modified gshadow<br />
modified gshadow-<br />
added nscd.conf<br />
added nslcd.conf<br />
modified nsswitch.conf<br />
modified passwd<br />
modified passwd-<br />
modified shadow<br />
modified shadow-<br />
added init.d/nscd<br />
added init.d/nslcd<br />
modified pam.d/common-account<br />
modified pam.d/common-auth<br />
modified pam.d/common-password<br />
modified pam.d/common-session<br />
modified pam.d/common-session-noninteractive<br />
added rc0.d/K20nscd<br />
added rc0.d/K20nslcd<br />
added rc1.d/K20nscd<br />
added rc1.d/K20nslcd<br />
added rc2.d/S20nscd<br />
added rc2.d/S20nslcd<br />
added rc3.d/S20nscd<br />
added rc3.d/S20nslcd<br />
added rc4.d/S20nscd<br />
added rc4.d/S20nslcd<br />
added rc5.d/S20nscd<br />
added rc5.d/S20nslcd<br />
added rc6.d/K20nscd<br />
added rc6.d/K20nslcd<br />
Committed revision 10.<br />
<br />
root@honesty:/etc# cat /etc/nsswitch.conf<br />
# /etc/nsswitch.conf<br />
#<br />
# Example configuration of GNU Name Service Switch functionality.<br />
# If you have the `glibc-doc-reference' and `info' packages installed, try:<br />
# `info libc "Name Service Switch"' for information about this file.<br />
<br />
passwd: compat ldap<br />
group: compat ldap<br />
shadow: compat ldap<br />
<br />
hosts: files dns ldap<br />
networks: files ldap<br />
<br />
protocols: db files ldap<br />
services: db files ldap<br />
ethers: db files ldap<br />
rpc: db files ldap<br />
<br />
netgroup: nis ldap<br />
aliases: ldap<br />
<br />
root@honesty:/etc# cat /etc/nslcd.conf<br />
# /etc/nslcd.conf<br />
# nslcd configuration file. See nslcd.conf(5)<br />
# for details.<br />
<br />
# The user and group nslcd should run as.<br />
uid nslcd<br />
gid nslcd<br />
<br />
# The location at which the LDAP server(s) should be reachable.<br />
uri ldaps://charity.progclub.org/<br />
<br />
# The search base that will be used for all queries.<br />
base dc=progclub,dc=org<br />
<br />
# The LDAP protocol version to use.<br />
#ldap_version 3<br />
<br />
# The DN to bind with for normal lookups.<br />
#binddn cn=annonymous,dc=example,dc=net<br />
#bindpw secret<br />
<br />
# SSL options<br />
#ssl off<br />
tls_reqcert allow<br />
<br />
# The search scope.<br />
#scope sub<br />
<br />
root@honesty:/etc# vim /etc/nslcd.conf<br />
<br />
# JE: 2011-08-15: added sasl_mech<br />
sasl_mech GSSAPI<br />
<br />
root@honesty:/etc# pam-auth-update<br />
<br />
Package configuration<br />
<br />
┌───────────────────────────────────┤ ├────────────────────────────────────┐<br />
│ Pluggable Authentication Modules (PAM) determine how authentication, │<br />
│ authorization, and password changing are handled on the system, as well │<br />
│ as allowing configuration of additional actions to take when starting │<br />
│ user sessions. │<br />
│ │<br />
│ Some PAM module packages provide profiles that can be used to │<br />
│ automatically adjust the behavior of all PAM-using applications on the │<br />
│ system. Please indicate which of these behaviors you wish to enable. │<br />
│ │<br />
│ PAM profiles to enable: │<br />
│ │<br />
│ [*] Kerberos authentication │<br />
│ [*] Unix authentication │<br />
│ [ ] LDAP Authentication │<br />
│ │<br />
│ │<br />
│ <Ok> <Cancel> │<br />
│ │<br />
└───────────────────────────────────────────────────────────────────────────┘<br />
<br />
root@honesty:/etc# vim /etc/pam.d/common-password<br />
root@honesty:/etc# cat /etc/pam.d/common-password<br />
#<br />
# /etc/pam.d/common-password - password-related modules common to all services<br />
#<br />
# This file is included from other service-specific PAM config files,<br />
# and should contain a list of modules that define the services to be<br />
# used to change user passwords. The default is pam_unix.<br />
<br />
# Explanation of pam_unix options:<br />
#<br />
# The "sha512" option enables salted SHA512 passwords. Without this option,<br />
# the default is Unix crypt. Prior releases used the option "md5".<br />
#<br />
# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in<br />
# login.defs.<br />
#<br />
# See the pam_unix manpage for other options.<br />
<br />
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.<br />
# To take advantage of this, it is recommended that you configure any<br />
# local modules either before or after the default block, and use<br />
# pam-auth-update to manage selection of other modules. See<br />
# pam-auth-update(8) for details.<br />
<br />
# here are the per-package modules (the "Primary" block)<br />
#password requisite pam_krb5.so minimum_uid=1000<br />
#password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512<br />
# here's the fallback if no module succeeds<br />
#password requisite pam_deny.so<br />
# prime the stack with a positive return value if there isn't one already;<br />
# this avoids us returning an error just because nothing sets a success code<br />
# since the modules above will each just jump around<br />
#password required pam_permit.so<br />
# and here are more per-package modules (the "Additional" block)<br />
# end of pam-auth-update config<br />
<br />
password sufficient pam_krb5.so minimum_uid=1000<br />
password required pam_unix.so obscure try_first_pass sha512<br />
<br />
root@honesty:/etc# service nslcd restart<br />
* Restarting LDAP connection daemon nslcd<br />
nslcd: /etc/nslcd.conf:30: option sasl_mech is currently not fully supported (please report any successes)<br />
[ OK ]<br />
<br />
root@honesty:/etc# etckeeper commit "Configured Kerberos client"<br />
Committing to: /etc/<br />
modified nslcd.conf<br />
modified pam.d/common-account<br />
modified pam.d/common-auth<br />
modified pam.d/common-password<br />
modified pam.d/common-session<br />
modified pam.d/common-session-noninteractive<br />
Committed revision 11.<br />
<br />
= [[User:John|John]] 2011-08-05 16:59 =<br />
<br />
== Disabling IPSec ==<br />
<br />
Can't get [[IPSec]] to work. Commented out /etc/network/if-up.d/ip and removed the policies from /etc/ipsec-tools.conf.<br />
<br />
= [[User:John|John]] 2011-07-30 19:30 =<br />
<br />
== Configuring IPSec ==<br />
<br />
jj5@honesty:~$ sudo -s<br />
[sudo] password for jj5:<br />
root@honesty:~# cd /etc/network/if-pre-up.d/<br />
root@honesty:/etc/network/if-pre-up.d# ll<br />
total 12<br />
drwxr-xr-x 2 root root 4096 Apr 22 2010 ./<br />
drwxr-xr-x 6 root root 4096 Apr 22 2010 ../<br />
-rwxr-xr-x 1 root root 348 Dec 21 2009 ethtool*<br />
root@honesty:/etc/network/if-pre-up.d# vim iptables<br />
<br />
#!/bin/sh<br />
/sbin/iptables-restore < /etc/iptables.up.rules<br />
<br />
root@honesty:/etc/network/if-pre-up.d# chmod +x iptables<br />
root@honesty:/etc/network/if-pre-up.d# cd ../if-up.d/<br />
root@honesty:/etc/network/if-up.d# vim ip<br />
<br />
#!/bin/sh<br />
# Charity<br />
ip route add 67.207.128.184 dev eth0 advmss 200<br />
# Hope<br />
ip route add 67.207.130.204 dev eth0 advmss 200<br />
<br />
root@honesty:/etc/network/if-up.d# chmod +x ip<br />
root@honesty:/etc/network/if-up.d# cd /etc/<br />
root@honesty:/etc# vim iptables.up.rules<br />
<br />
*filter<br />
# Allow all loopback (lo0) traffic<br />
-A INPUT -i lo -j ACCEPT<br />
# Drop all traffic to 127/8 that does use lo0<br />
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT<br />
# Accept all established inbound connections<br />
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT<br />
# Allow all outbound traffic<br />
-A OUTPUT -j ACCEPT<br />
# Allow HTTP and HTTPS connections from anywhere<br />
-A INPUT -p tcp --dport 80 -j ACCEPT<br />
-A INPUT -p tcp --dport 443 -j ACCEPT<br />
# Allow SSH connections<br />
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT<br />
# Accept anything from charity<br />
-A INPUT -s 67.207.128.184 -j ACCEPT<br />
# Accept anything from hope<br />
-A INPUT -s 67.207.130.204 -j ACCEPT<br />
# Allow MySQL connections from John's house<br />
-A INPUT -s 60.240.67.126/32 -p tcp -m tcp --dport 3306 -j ACCEPT<br />
# Allow MySQL connections from localhost<br />
-A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 3306 -j ACCEPT<br />
# Allow ping<br />
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT<br />
# log iptables denied calls<br />
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7<br />
#-A INPUT -j LOG --log-prefix "iptables debug: " --log-level 7<br />
# Reject all other inbound - default deny unless explicitly allowed policy<br />
-A INPUT -j REJECT<br />
-A FORWARD -j REJECT<br />
COMMIT<br />
<br />
root@honesty:/etc# vim ipsec-tools.conf<br />
<br />
#!/usr/sbin/setkey -f<br />
## Flush the SAD and SPD<br />
flush;<br />
spdflush;<br />
# Charity/Honesty configuration<br />
# ESP SAs using 192 bit long keys (168 + 24 parity)<br />
add 67.207.128.184 67.207.129.103 esp 5 -E aes-cbc<br />
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef;<br />
add 67.207.129.103 67.207.128.184 esp 6 -E aes-cbc<br />
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef;<br />
# AH SAs using 160 bit long keys<br />
add 67.207.128.184 67.207.129.103 ah 7 -A hmac-sha1<br />
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef;<br />
add 67.207.129.103 67.207.128.184 ah 8 -A hmac-sha1<br />
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef;<br />
# Security policies<br />
spdadd 67.207.129.103 67.207.128.184 any -P out ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
spdadd 67.207.128.184 67.207.129.103 any -P in ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
# Hope/Honesty configuration<br />
# ESP SAs using 192 bit long keys (168 + 24 parity)<br />
add 67.207.130.204 67.207.129.103 esp 9 -E aes-cbc<br />
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef;<br />
add 67.207.129.103 67.207.130.204 esp 10 -E aes-cbc<br />
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef;<br />
# AH SAs using 160 bit long keys<br />
add 67.207.130.204 67.207.129.103 ah 11 -A hmac-sha1<br />
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef;<br />
add 67.207.129.103 67.207.130.204 ah 12 -A hmac-sha1<br />
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef;<br />
# Security policies<br />
spdadd 67.207.129.103 67.207.130.204 any -P out ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
spdadd 67.207.130.204 67.207.129.103 any -P in ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
<br />
root@honesty:/etc# ll ipsec-tools.conf<br />
-rwxr-xr-x 1 root root 1661 Jul 30 09:46 ipsec-tools.conf*<br />
root@honesty:/etc# chmod 700 ipsec-tools.conf<br />
root@honesty:/etc# ll ipsec-tools.conf<br />
-rwx------ 1 root root 1661 Jul 30 09:46 ipsec-tools.conf*<br />
root@honesty:~# etckeeper commit "Configured IPSec"<br />
Committing to: /etc/<br />
modified .etckeeper<br />
modified ipsec-tools.conf<br />
added iptables.up.rules<br />
added network/if-pre-up.d/iptables<br />
added network/if-up.d/ip<br />
Committed revision 5.<br />
root@honesty:/etc# reboot<br />
<br />
Phew, that ought to do it.<br />
<br />
The other end of the connections have been configured on [[Charity_admin#John_2011-07-30_17:15|charity]] and [[Hope_admin#John_2011-07-30_18:05|hope]].<br />
<br />
= [[User:John|John]] 2011-07-30 13:57 =<br />
<br />
== Adding user jj5 ==<br />
<br />
Didn't want to have to do this, but need to ssh in a fair bit.<br />
<br />
root@honesty:~# adduser jj5<br />
Adding user `jj5' ...<br />
Adding new group `jj5' (1000) ...<br />
Adding new user `jj5' (1000) with group `jj5' ...<br />
Creating home directory `/home/jj5' ...<br />
Copying files from `/etc/skel' ...<br />
Enter new UNIX password:<br />
Retype new UNIX password:<br />
passwd: password updated successfully<br />
Changing the user information for jj5<br />
Enter the new value, or press ENTER for the default<br />
Full Name []: John Elliot<br />
Room Number []:<br />
Work Phone []:<br />
Home Phone []:<br />
Other []:<br />
Is the information correct? [Y/n]<br />
root@honesty:~# gpasswd -a jj5 sudo<br />
Adding user jj5 to group sudo<br />
<br />
<br />
= [[User:John|John]] 2011-07-29 02:54 =<br />
<br />
== Installing Etckeeper ==<br />
<br />
# apt-get install etckeeper<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
bzr bzrtools patch python-configobj python-crypto python-paramiko<br />
python-support rsync<br />
Suggested packages:<br />
bzr-gtk bzr-svn python-pycurl xdg-utils python-kerberos bzr-doc librsvg2-bin<br />
graphviz ed diffutils-doc python-crypto-dbg<br />
The following NEW packages will be installed:<br />
bzr bzrtools etckeeper patch python-configobj python-crypto python-paramiko<br />
python-support rsync<br />
0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 4787kB of archives.<br />
After this operation, 27.8MB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
<br />
Just like that.<br />
<br />
== Installing IPSec ==<br />
<br />
# apt-get install ipsec-tools<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following NEW packages will be installed:<br />
ipsec-tools<br />
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 111kB of archives.<br />
After this operation, 274kB of additional disk space will be used.<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main ipsec-tools 1:0.7.1-1.6ubuntu1 [111kB]<br />
Fetched 111kB in 0s (153kB/s)<br />
Selecting previously deselected package ipsec-tools.<br />
(Reading database ... 15571 files and directories currently installed.)<br />
Unpacking ipsec-tools (from .../ipsec-tools_1%3a0.7.1-1.6ubuntu1_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Processing triggers for ureadahead ...<br />
Setting up ipsec-tools (1:0.7.1-1.6ubuntu1) ...<br />
<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
Committing to: /etc/<br />
modified .etckeeper<br />
added ipsec-tools.conf<br />
added default/setkey<br />
added init.d/setkey<br />
added rcS.d/S37setkey<br />
Committed revision 2.<br />
<br />
= [[User:John|John]] 2011-07-28 21:15 =<br />
<br />
The honesty.progclub.org slice has has been created, and the host added to to the DNS zones, but apart from that it's not configured presently.</div>60.240.67.126https://www.progclub.org/wiki/mediawiki/index.php?title=Hope_admin&diff=2212Hope admin2011-11-30T04:55:59Z<p>60.240.67.126: </p>
<hr />
<div>This page chronicles the administrative changes to [[Hope|hope.progclub.net]]. If you make an administrative change you should document the change here. Changes are logged he in reverse chronological order with a time-stamp in the form YYYY-MM-DD hh:mm. You can use the time from whatever timezone you are in, or UTC if you're cool, but use 24 hour time. Don't worry if the changes you make have a time-stamp that is less than a time-stamp later in the page, put the latest changes at the top. Put a link to your wiki user account before the time-stamp so we know who's doing what. See the [[Administrative reference]] for other information.<br />
<br />
= [[User:John|John]] 2011-11-30 15:54 =<br />
<br />
== Web-site goes HTTPS ==<br />
<br />
Found [http://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html this article] which suggested the following in /etc/apache2/sites-enabled/progclub.mobi<br />
<br />
RewriteEngine On<br />
RewriteCond %{HTTPS} off<br />
RewriteRule (.*) https://progclub.mobi%{REQUEST_URI}<br />
<br />
This has two benefits. One is that all web requests will be redirected to the secure site, and the second is that all HTTP requests will be redirected to the canonical domain.<br />
<br />
Also had to run:<br />
<br />
# a2enmod rewrite<br />
<br />
= [[User:John|John]] 2011-11-27 13:42 =<br />
<br />
== Fixing NFSv4 (nfs4) IDMAP issue ==<br />
<br />
See [[Charity_admin#John_2011-11-27_13:37|charity admin]].<br />
<br />
= [[User:John|John]] 2011-09-08 22:19 =<br />
<br />
== Installing lsof ==<br />
<br />
root@hope:~/pcad/example/linuxhowtos# apt-cache search lsof<br />
lsof - List open files<br />
alsoft-conf - OpenAL-Soft configuration utility<br />
icecast-server - MPEG Layer III Streaming Server<br />
libapache2-modxslt - XSLT processing module for Apache 2.x based on libxml2<br />
libgnutella-gift - giFT plugin for the Gnutella network<br />
libxslt-ruby - Ruby interface to libxslt<br />
libxslt-ruby1.8 - Ruby interface to libxslt (for Ruby 1.8)<br />
nsis - Nullsoft Scriptable Install System (modified for Debian)<br />
liblsofui4 - Library for ksysguard based priority scheduling<br />
<br />
root@hope:~/pcad/example/linuxhowtos# apt-get install lsof<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following NEW packages will be installed:<br />
lsof<br />
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 284kB of archives.<br />
After this operation, 463kB of additional disk space will be used.<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main lsof 4.81.dfsg.1-1build1 [284kB]<br />
Fetched 284kB in 0s (299kB/s)<br />
Selecting previously deselected package lsof.<br />
(Reading database ... 20342 files and directories currently installed.)<br />
Unpacking lsof (from .../lsof_4.81.dfsg.1-1build1_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Setting up lsof (4.81.dfsg.1-1build1) ...<br />
<br />
= [[User:John|John]] 2011-09-08 22:08 =<br />
<br />
== Installing telnet ==<br />
<br />
jj5@hope:~/pcad/example/linuxhowtos$ sudo apt-get install telnet<br />
[sudo] password for jj5:<br />
Sorry, try again.<br />
[sudo] password for jj5:<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following NEW packages will be installed:<br />
telnet<br />
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 72.2kB of archives.<br />
After this operation, 209kB of additional disk space will be used.<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main telnet 0.17-36build1 [72.2kB]<br />
Fetched 72.2kB in 0s (121kB/s)<br />
Selecting previously deselected package telnet.<br />
(Reading database ... 20331 files and directories currently installed.)<br />
Unpacking telnet (from .../telnet_0.17-36build1_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Setting up telnet (0.17-36build1) ...<br />
update-alternatives: using /usr/bin/telnet.netkit to provide /usr/bin/telnet (telnet) in auto mode.<br />
<br />
Committing to: /etc/<br />
added alternatives/telnet<br />
added alternatives/telnet.1.gz<br />
Committed revision 36.<br />
<br />
<br />
= [[User:John|John]] 2011-09-08 21:47 =<br />
<br />
== Installing gcc ==<br />
<br />
root@hope:~# apt-get install gcc<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
binutils gcc-4.4 libc-dev-bin libc6-dev libgomp1 linux-libc-dev manpages-dev<br />
Suggested packages:<br />
binutils-doc gcc-multilib autoconf automake1.9 libtool flex bison gdb<br />
gcc-doc gcc-4.4-multilib libmudflap0-4.4-dev gcc-4.4-doc gcc-4.4-locales<br />
libgcc1-dbg libgomp1-dbg libmudflap0-dbg libcloog-ppl0 libppl-c2 libppl7<br />
glibc-doc<br />
The following NEW packages will be installed:<br />
binutils gcc gcc-4.4 libc-dev-bin libc6-dev libgomp1 linux-libc-dev<br />
manpages-dev<br />
0 upgraded, 8 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 9883kB of archives.<br />
After this operation, 35.3MB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid-updates/main binutils 2.20.1-3ubuntu7.1 [1658kB]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main libgomp1 4.4.3-4ubuntu5 [25.5kB]<br />
Get:3 http://archive.ubuntu.com/ubuntu/ lucid/main gcc-4.4 4.4.3-4ubuntu5 [2877kB]<br />
Get:4 http://archive.ubuntu.com/ubuntu/ lucid/main gcc 4:4.4.3-1ubuntu1 [5064B]<br />
Get:5 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libc-dev-bin 2.11.1-0ubuntu7.8 [224kB]<br />
Get:6 http://archive.ubuntu.com/ubuntu/ lucid-updates/main linux-libc-dev 2.6.32-33.72 [841kB]<br />
Get:7 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libc6-dev 2.11.1-0ubuntu7.8 [2706kB]<br />
Get:8 http://archive.ubuntu.com/ubuntu/ lucid/main manpages-dev 3.23-1 [1547kB]<br />
Fetched 9883kB in 49s (202kB/s)<br />
Selecting previously deselected package binutils.<br />
(Reading database ... 17209 files and directories currently installed.)<br />
Unpacking binutils (from .../binutils_2.20.1-3ubuntu7.1_amd64.deb) ...<br />
Selecting previously deselected package libgomp1.<br />
Unpacking libgomp1 (from .../libgomp1_4.4.3-4ubuntu5_amd64.deb) ...<br />
Selecting previously deselected package gcc-4.4.<br />
Unpacking gcc-4.4 (from .../gcc-4.4_4.4.3-4ubuntu5_amd64.deb) ...<br />
Selecting previously deselected package gcc.<br />
Unpacking gcc (from .../gcc_4%3a4.4.3-1ubuntu1_amd64.deb) ...<br />
Selecting previously deselected package libc-dev-bin.<br />
Unpacking libc-dev-bin (from .../libc-dev-bin_2.11.1-0ubuntu7.8_amd64.deb) ...<br />
Selecting previously deselected package linux-libc-dev.<br />
Unpacking linux-libc-dev (from .../linux-libc-dev_2.6.32-33.72_amd64.deb) ...<br />
Selecting previously deselected package libc6-dev.<br />
Unpacking libc6-dev (from .../libc6-dev_2.11.1-0ubuntu7.8_amd64.deb) ...<br />
Selecting previously deselected package manpages-dev.<br />
Unpacking manpages-dev (from .../manpages-dev_3.23-1_all.deb) ...<br />
Processing triggers for man-db ...<br />
Setting up binutils (2.20.1-3ubuntu7.1) ...<br />
<br />
Setting up libgomp1 (4.4.3-4ubuntu5) ...<br />
<br />
Setting up gcc-4.4 (4.4.3-4ubuntu5) ...<br />
Setting up gcc (4:4.4.3-1ubuntu1) ...<br />
<br />
Setting up libc-dev-bin (2.11.1-0ubuntu7.8) ...<br />
Setting up linux-libc-dev (2.6.32-33.72) ...<br />
Setting up libc6-dev (2.11.1-0ubuntu7.8) ...<br />
Setting up manpages-dev (3.23-1) ...<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
Committing to: /etc/<br />
added alternatives/c89<br />
added alternatives/c89.1.gz<br />
added alternatives/c99<br />
added alternatives/c99.1.gz<br />
added alternatives/cc<br />
added alternatives/cc.1.gz<br />
Committed revision 35.<br />
<br />
<br />
<br />
= [[User:John|John]] 2011-09-02 00:00 =<br />
<br />
== Installing pcma ==<br />
<br />
jj5@hope:~# mysql -u root -p<br />
Enter password:<br />
Welcome to the MySQL monitor. Commands end with ; or \g.<br />
Your MySQL connection id is 17222<br />
Server version: 5.1.41-3ubuntu12.10 (Ubuntu) <br />
<br />
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.<br />
<br />
mysql> create database pcmadb /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;<br />
Query OK, 1 row affected (0.00 sec)<br />
<br />
mysql> grant all privileges on pcmadb.* to pcma@'%' identified by 'secret';<br />
Query OK, 0 rows affected (0.16 sec)<br />
<br />
mysql> quit<br />
Bye<br />
<br />
= [[User:John|John]] 2011-08-19 14:41 =<br />
<br />
== Installing fail2ban ==<br />
<br />
jj5@hope:~$ sudo -s<br />
[sudo] password for jj5:<br />
root@hope:~# apt-get install fail2ban<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
whois<br />
Suggested packages:<br />
python-gamin mailx<br />
The following NEW packages will be installed:<br />
fail2ban whois<br />
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 129kB of archives.<br />
After this operation, 1032kB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/universe fail2ban 0.8.4-1ubuntu1 [96.0kB]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main whois 5.0.0ubuntu3 [32.6kB]<br />
Fetched 129kB in 0s (182kB/s)<br />
Selecting previously deselected package fail2ban.<br />
(Reading database ... 17042 files and directories currently installed.)<br />
Unpacking fail2ban (from .../fail2ban_0.8.4-1ubuntu1_all.deb) ...<br />
Selecting previously deselected package whois.<br />
Unpacking whois (from .../whois_5.0.0ubuntu3_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Processing triggers for ureadahead ...<br />
Setting up fail2ban (0.8.4-1ubuntu1) ... <br />
<br />
Setting up whois (5.0.0ubuntu3) ...<br />
Processing triggers for python-central ...<br />
Committing to: /etc/<br />
added fail2ban<br />
added default/fail2ban<br />
added fail2ban/action.d<br />
added fail2ban/fail2ban.conf<br />
added fail2ban/filter.d<br />
added fail2ban/jail.conf<br />
added fail2ban/action.d/complain.conf<br />
added fail2ban/action.d/dshield.conf<br />
added fail2ban/action.d/hostsdeny.conf<br />
added fail2ban/action.d/ipfilter.conf<br />
added fail2ban/action.d/ipfw.conf<br />
added fail2ban/action.d/iptables-allports.conf<br />
added fail2ban/action.d/iptables-multiport-log.conf<br />
added fail2ban/action.d/iptables-multiport.conf<br />
added fail2ban/action.d/iptables-new.conf<br />
added fail2ban/action.d/iptables.conf<br />
added fail2ban/action.d/mail-buffered.conf<br />
added fail2ban/action.d/mail-whois-lines.conf<br />
added fail2ban/action.d/mail-whois.conf<br />
added fail2ban/action.d/mail.conf<br />
added fail2ban/action.d/mynetwatchman.conf<br />
added fail2ban/action.d/sendmail-buffered.conf<br />
added fail2ban/action.d/sendmail-whois-lines.conf<br />
added fail2ban/action.d/sendmail-whois.conf<br />
added fail2ban/action.d/sendmail.conf<br />
added fail2ban/action.d/shorewall.conf<br />
added fail2ban/filter.d/apache-auth.conf<br />
added fail2ban/filter.d/apache-badbots.conf<br />
added fail2ban/filter.d/apache-nohome.conf<br />
added fail2ban/filter.d/apache-noscript.conf<br />
added fail2ban/filter.d/apache-overflows.conf<br />
added fail2ban/filter.d/common.conf<br />
added fail2ban/filter.d/courierlogin.conf<br />
added fail2ban/filter.d/couriersmtp.conf<br />
added fail2ban/filter.d/cyrus-imap.conf<br />
added fail2ban/filter.d/exim.conf<br />
added fail2ban/filter.d/gssftpd.conf<br />
added fail2ban/filter.d/lighttpd-fastcgi.conf<br />
added fail2ban/filter.d/named-refused.conf<br />
added fail2ban/filter.d/pam-generic.conf<br />
added fail2ban/filter.d/php-url-fopen.conf<br />
added fail2ban/filter.d/postfix.conf<br />
added fail2ban/filter.d/proftpd.conf<br />
added fail2ban/filter.d/pure-ftpd.conf<br />
added fail2ban/filter.d/qmail.conf<br />
added fail2ban/filter.d/sasl.conf<br />
added fail2ban/filter.d/sieve.conf<br />
added fail2ban/filter.d/sshd-ddos.conf<br />
added fail2ban/filter.d/sshd.conf<br />
added fail2ban/filter.d/vsftpd.conf<br />
added fail2ban/filter.d/webmin-auth.conf<br />
added fail2ban/filter.d/wuftpd.conf<br />
added fail2ban/filter.d/xinetd-fail.conf<br />
added init.d/fail2ban<br />
added logrotate.d/fail2ban<br />
added rc0.d/K99fail2ban<br />
added rc1.d/K99fail2ban<br />
added rc2.d/S99fail2ban<br />
added rc3.d/S99fail2ban<br />
added rc4.d/S99fail2ban<br />
added rc5.d/S99fail2ban<br />
added rc6.d/K99fail2ban<br />
Committed revision 28.<br />
<br />
<br />
= [[User:John|John]] 2011-08-15 04:56 =<br />
<br />
== Configuring Apache ==<br />
<br />
Configured to serve content from /home/apache, and members public_html directories.<br />
<br />
= [[User:John|John]] 2011-08-15 04:47 =<br />
<br />
== Installing Apache, MySQL and PHP ==<br />
<br />
jj5@hope:~$ sudo -s<br />
[sudo] password for jj5:<br />
root@hope:~# apt-get install apache2 mysql-server<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
apache2-mpm-worker apache2-utils apache2.2-bin apache2.2-common libapr1<br />
libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libdbd-mysql-perl<br />
libdbi-perl libexpat1 libhtml-template-perl libmysqlclient16<br />
libnet-daemon-perl libplrpc-perl mysql-client-5.1 mysql-client-core-5.1<br />
mysql-common mysql-server-5.1 mysql-server-core-5.1 psmisc ssl-cert<br />
Suggested packages:<br />
www-browser apache2-doc apache2-suexec apache2-suexec-custom ufw dbishell<br />
libipc-sharedcache-perl tinyca mailx<br />
The following NEW packages will be installed:<br />
apache2 apache2-mpm-worker apache2-utils apache2.2-bin apache2.2-common<br />
libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap<br />
libdbd-mysql-perl libdbi-perl libexpat1 libhtml-template-perl<br />
libmysqlclient16 libnet-daemon-perl libplrpc-perl mysql-client-5.1<br />
mysql-client-core-5.1 mysql-common mysql-server mysql-server-5.1<br />
mysql-server-core-5.1 psmisc ssl-cert<br />
0 upgraded, 24 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 28.0MB of archives.<br />
After this operation, 73.2MB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
<br />
...<br />
<br />
Setting up libdbd-mysql-perl (4.012-1ubuntu1) ...<br />
Setting up mysql-client-core-5.1 (5.1.41-3ubuntu12) ...<br />
Setting up mysql-client-5.1 (5.1.41-3ubuntu12) ...<br />
Setting up psmisc (22.10-1) ... <br />
<br />
Setting up mysql-server-core-5.1 (5.1.41-3ubuntu12) ...<br />
Setting up mysql-server-5.1 (5.1.41-3ubuntu12) ...<br />
mysql start/running, process 3901<br />
<br />
Setting up libexpat1 (2.0.1-7ubuntu1) ...<br />
<br />
Setting up libapr1 (1.3.8-1build1) ... <br />
<br />
Setting up libaprutil1 (1.3.9+dfsg-3build1) ... <br />
<br />
Setting up libaprutil1-dbd-sqlite3 (1.3.9+dfsg-3build1) ...<br />
Setting up libaprutil1-ldap (1.3.9+dfsg-3build1) ...<br />
Setting up apache2.2-bin (2.2.14-5ubuntu8) ...<br />
Setting up apache2-utils (2.2.14-5ubuntu8) ...<br />
Setting up apache2.2-common (2.2.14-5ubuntu8) ...<br />
Enabling site default.<br />
Enabling module alias.<br />
Enabling module autoindex.<br />
Enabling module dir.<br />
Enabling module env.<br />
Enabling module mime.<br />
Enabling module negotiation.<br />
Enabling module setenvif.<br />
Enabling module status.<br />
Enabling module auth_basic.<br />
Enabling module deflate.<br />
Enabling module authz_default.<br />
Enabling module authz_user.<br />
Enabling module authz_groupfile.<br />
Enabling module authn_file.<br />
Enabling module authz_host.<br />
Enabling module reqtimeout.<br />
<br />
Setting up apache2-mpm-worker (2.2.14-5ubuntu8) ...<br />
* Starting web server apache2 [ OK ]<br />
<br />
Setting up apache2 (2.2.14-5ubuntu8) ...<br />
<br />
Setting up libhtml-template-perl (2.9-1) ...<br />
Setting up mysql-server (5.1.41-3ubuntu12) ...<br />
Setting up ssl-cert (1.0.23ubuntu2) ...<br />
<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
Committing to: /etc/<br />
modified .etckeeper<br />
added apache2<br />
modified group<br />
modified group-<br />
modified gshadow<br />
modified gshadow-<br />
added mysql<br />
modified passwd<br />
modified passwd-<br />
modified shadow<br />
modified shadow-<br />
added apache2/apache2.conf<br />
added apache2/conf.d<br />
added apache2/envvars<br />
added apache2/httpd.conf<br />
added apache2/magic<br />
added apache2/mods-available<br />
added apache2/mods-enabled<br />
added apache2/ports.conf<br />
added apache2/sites-available<br />
added apache2/sites-enabled<br />
added apache2/conf.d/charset<br />
added apache2/conf.d/localized-error-pages<br />
added apache2/conf.d/security<br />
added apache2/mods-available/actions.conf<br />
added apache2/mods-available/actions.load<br />
added apache2/mods-available/alias.conf<br />
added apache2/mods-available/alias.load<br />
added apache2/mods-available/asis.load<br />
added apache2/mods-available/auth_basic.load<br />
added apache2/mods-available/auth_digest.load<br />
added apache2/mods-available/authn_alias.load<br />
added apache2/mods-available/authn_anon.load<br />
added apache2/mods-available/authn_dbd.load<br />
added apache2/mods-available/authn_dbm.load<br />
added apache2/mods-available/authn_default.load<br />
added apache2/mods-available/authn_file.load<br />
added apache2/mods-available/authnz_ldap.load<br />
added apache2/mods-available/authz_dbm.load<br />
added apache2/mods-available/authz_default.load<br />
added apache2/mods-available/authz_groupfile.load<br />
added apache2/mods-available/authz_host.load<br />
added apache2/mods-available/authz_owner.load<br />
added apache2/mods-available/authz_user.load<br />
added apache2/mods-available/autoindex.conf<br />
added apache2/mods-available/autoindex.load<br />
added apache2/mods-available/cache.load<br />
added apache2/mods-available/cern_meta.load<br />
added apache2/mods-available/cgi.load<br />
added apache2/mods-available/cgid.conf<br />
added apache2/mods-available/cgid.load<br />
added apache2/mods-available/charset_lite.load<br />
added apache2/mods-available/dav.load<br />
added apache2/mods-available/dav_fs.conf<br />
added apache2/mods-available/dav_fs.load<br />
added apache2/mods-available/dav_lock.load<br />
added apache2/mods-available/dbd.load<br />
added apache2/mods-available/deflate.conf<br />
added apache2/mods-available/deflate.load<br />
added apache2/mods-available/dir.conf<br />
added apache2/mods-available/dir.load<br />
added apache2/mods-available/disk_cache.conf<br />
added apache2/mods-available/disk_cache.load<br />
added apache2/mods-available/dump_io.load<br />
added apache2/mods-available/env.load<br />
added apache2/mods-available/expires.load<br />
added apache2/mods-available/ext_filter.load<br />
added apache2/mods-available/file_cache.load<br />
added apache2/mods-available/filter.load<br />
added apache2/mods-available/headers.load<br />
added apache2/mods-available/ident.load<br />
added apache2/mods-available/imagemap.load<br />
added apache2/mods-available/include.load<br />
added apache2/mods-available/info.conf<br />
added apache2/mods-available/info.load<br />
added apache2/mods-available/ldap.load<br />
added apache2/mods-available/log_forensic.load<br />
added apache2/mods-available/mem_cache.conf<br />
added apache2/mods-available/mem_cache.load<br />
added apache2/mods-available/mime.conf<br />
added apache2/mods-available/mime.load<br />
added apache2/mods-available/mime_magic.conf<br />
added apache2/mods-available/mime_magic.load<br />
added apache2/mods-available/negotiation.conf<br />
added apache2/mods-available/negotiation.load<br />
added apache2/mods-available/proxy.conf<br />
added apache2/mods-available/proxy.load<br />
added apache2/mods-available/proxy_ajp.load<br />
added apache2/mods-available/proxy_balancer.load<br />
added apache2/mods-available/proxy_connect.load<br />
added apache2/mods-available/proxy_ftp.load<br />
added apache2/mods-available/proxy_http.load<br />
added apache2/mods-available/proxy_scgi.load<br />
added apache2/mods-available/reqtimeout.conf<br />
added apache2/mods-available/reqtimeout.load<br />
added apache2/mods-available/rewrite.load<br />
added apache2/mods-available/setenvif.conf<br />
added apache2/mods-available/setenvif.load<br />
added apache2/mods-available/speling.load<br />
added apache2/mods-available/ssl.conf<br />
added apache2/mods-available/ssl.load<br />
added apache2/mods-available/status.conf<br />
added apache2/mods-available/status.load<br />
added apache2/mods-available/substitute.load<br />
added apache2/mods-available/suexec.load<br />
added apache2/mods-available/unique_id.load<br />
added apache2/mods-available/userdir.conf<br />
added apache2/mods-available/userdir.load<br />
added apache2/mods-available/usertrack.load<br />
added apache2/mods-available/version.load<br />
added apache2/mods-available/vhost_alias.load<br />
added apache2/mods-enabled/alias.conf<br />
added apache2/mods-enabled/alias.load<br />
added apache2/mods-enabled/auth_basic.load<br />
added apache2/mods-enabled/authn_file.load<br />
added apache2/mods-enabled/authz_default.load<br />
added apache2/mods-enabled/authz_groupfile.load<br />
added apache2/mods-enabled/authz_host.load<br />
added apache2/mods-enabled/authz_user.load<br />
added apache2/mods-enabled/autoindex.conf<br />
added apache2/mods-enabled/autoindex.load<br />
added apache2/mods-enabled/cgid.conf<br />
added apache2/mods-enabled/cgid.load<br />
added apache2/mods-enabled/deflate.conf<br />
added apache2/mods-enabled/deflate.load<br />
added apache2/mods-enabled/dir.conf<br />
added apache2/mods-enabled/dir.load<br />
added apache2/mods-enabled/env.load<br />
added apache2/mods-enabled/mime.conf<br />
added apache2/mods-enabled/mime.load<br />
added apache2/mods-enabled/negotiation.conf<br />
added apache2/mods-enabled/negotiation.load<br />
added apache2/mods-enabled/reqtimeout.conf<br />
added apache2/mods-enabled/reqtimeout.load<br />
added apache2/mods-enabled/setenvif.conf<br />
added apache2/mods-enabled/setenvif.load<br />
added apache2/mods-enabled/status.conf<br />
added apache2/mods-enabled/status.load<br />
added apache2/sites-available/default<br />
added apache2/sites-available/default-ssl<br />
added apache2/sites-enabled/000-default<br />
added apparmor.d/usr.sbin.mysqld<br />
added bash_completion.d/apache2.2-common<br />
added cron.daily/apache2<br />
added default/apache2<br />
added init/mysql.conf<br />
added init.d/apache2<br />
added init.d/mysql<br />
added logcheck/ignore.d.paranoid<br />
added logcheck/ignore.d.workstation<br />
added logcheck/ignore.d.paranoid/mysql-server-5_1<br />
added logcheck/ignore.d.server/mysql-server-5_1<br />
added logcheck/ignore.d.workstation/mysql-server-5_1<br />
added logrotate.d/apache2<br />
added logrotate.d/mysql-server<br />
added mysql/conf.d<br />
added mysql/debian-start<br />
added mysql/debian.cnf<br />
added mysql/my.cnf<br />
added mysql/conf.d/mysqld_safe_syslog.cnf<br />
added rc0.d/K09apache2<br />
added rc1.d/K09apache2<br />
added rc2.d/S91apache2<br />
added rc3.d/S91apache2<br />
added rc4.d/S91apache2<br />
added rc5.d/S91apache2<br />
added rc6.d/K09apache2<br />
added ssl/certs/a186bf0f<br />
added ssl/certs/ssl-cert-snakeoil.pem<br />
added ssl/private/ssl-cert-snakeoil.key<br />
added ufw/applications.d/apache2.2-common<br />
Committed revision 25.<br />
<br />
root@hope:~# apt-get install php5<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
apache2-mpm-prefork libapache2-mod-php5 php5-common<br />
Suggested packages:<br />
php-pear php5-suhosin<br />
The following packages will be REMOVED:<br />
apache2-mpm-worker<br />
The following NEW packages will be installed:<br />
apache2-mpm-prefork libapache2-mod-php5 php5 php5-common<br />
0 upgraded, 4 newly installed, 1 to remove and 0 not upgraded.<br />
Need to get 3535kB of archives.<br />
After this operation, 9544kB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main apache2-mpm-prefork 2.2.14-5ubuntu8 [2418B]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main php5-common 5.3.2-1ubuntu4 [546kB]<br />
Get:3 http://archive.ubuntu.com/ubuntu/ lucid/main libapache2-mod-php5 5.3.2-1ubuntu4 [2985kB]<br />
Get:4 http://archive.ubuntu.com/ubuntu/ lucid/main php5 5.3.2-1ubuntu4 [1110B]<br />
Fetched 3535kB in 2s (1763kB/s)<br />
dpkg: apache2-mpm-worker: dependency problems, but removing anyway as you requested:<br />
apache2 depends on apache2-mpm-worker (= 2.2.14-5ubuntu8) | apache2-mpm-prefork (= 2.2.14-5ubuntu8) | apache2- mpm-event (= 2.2.14-5ubuntu8) | apache2-mpm-itk (= 2.2.14-5ubuntu8); however:<br />
Package apache2-mpm-worker is to be removed.<br />
Package apache2-mpm-prefork is not installed.<br />
Package apache2-mpm-event is not installed.<br />
Package apache2-mpm-itk is not installed.<br />
(Reading database ... 16997 files and directories currently installed.)<br />
Removing apache2-mpm-worker ...<br />
* Stopping web server apache2<br />
... waiting . [ OK ]<br />
Selecting previously deselected package apache2-mpm-prefork.<br />
(Reading database ... 16989 files and directories currently installed.)<br />
Unpacking apache2-mpm-prefork (from .../apache2-mpm-prefork_2.2.14-5ubuntu8_amd64.deb) ...<br />
Selecting previously deselected package php5-common.<br />
Unpacking php5-common (from .../php5-common_5.3.2-1ubuntu4_amd64.deb) ...<br />
Selecting previously deselected package libapache2-mod-php5.<br />
Unpacking libapache2-mod-php5 (from .../libapache2-mod-php5_5.3.2-1ubuntu4_amd64.deb) ...<br />
Selecting previously deselected package php5.<br />
Unpacking php5 (from .../php5_5.3.2-1ubuntu4_all.deb) ...<br />
Setting up apache2-mpm-prefork (2.2.14-5ubuntu8) ...<br />
* Starting web server apache2 [ OK ] <br />
<br />
Setting up php5-common (5.3.2-1ubuntu4) ...<br />
Setting up libapache2-mod-php5 (5.3.2-1ubuntu4) ...<br />
<br />
Creating config file /etc/php5/apache2/php.ini with new version<br />
* Reloading web server config apache2 [ OK ] <br />
<br />
Setting up php5 (5.3.2-1ubuntu4) ...<br />
Committing to: /etc/<br />
added php5<br />
added apache2/mods-available/php5.conf<br />
added apache2/mods-available/php5.load<br />
added apache2/mods-enabled/cgi.load<br />
missing apache2/mods-enabled/cgid.conf<br />
modified apache2/mods-enabled/cgid.conf<br />
missing apache2/mods-enabled/cgid.load<br />
modified apache2/mods-enabled/cgid.load<br />
added apache2/mods-enabled/php5.conf<br />
added apache2/mods-enabled/php5.load<br />
added cron.d/php5<br />
added php5/apache2<br />
added php5/conf.d<br />
added php5/apache2/conf.d<br />
added php5/apache2/php.ini<br />
added php5/conf.d/pdo.ini<br />
Committed revision 26.<br />
<br />
= [[User:John|John]] 2011-08-15 01:32 =<br />
<br />
== Configuring NFS client ==<br />
<br />
Per [https://help.ubuntu.com/community/NFSv4Howto these instructions].<br />
<br />
root@hope:/# apt-get install nfs-common<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
libevent-1.4-2 libgssglue1 libnfsidmap2 librpcsecgss3 portmap<br />
The following NEW packages will be installed:<br />
libevent-1.4-2 libgssglue1 libnfsidmap2 librpcsecgss3 nfs-common portmap<br />
0 upgraded, 6 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 421kB of archives.<br />
After this operation, 1364kB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libevent-1.4-2 1.4.13-stable-1 [61.4kB]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main libgssglue1 0.1-4 [24.4kB]<br />
Get:3 http://archive.ubuntu.com/ubuntu/ lucid/main libnfsidmap2 0.23-2 [32.1kB]<br />
Get:4 http://archive.ubuntu.com/ubuntu/ lucid/main librpcsecgss3 0.19-2 [36.3kB]<br />
Get:5 http://archive.ubuntu.com/ubuntu/ lucid/main portmap 6.0.0-1ubuntu2 [38.2kB]<br />
Get:6 http://archive.ubuntu.com/ubuntu/ lucid/main nfs-common 1:1.2.0-4ubuntu4 [228kB]<br />
Fetched 421kB in 1s (386kB/s)<br />
Preconfiguring packages ...<br />
Selecting previously deselected package libevent-1.4-2.<br />
(Reading database ... 15829 files and directories currently installed.)<br />
Unpacking libevent-1.4-2 (from .../libevent-1.4-2_1.4.13-stable-1_amd64.deb) ...<br />
Selecting previously deselected package libgssglue1.<br />
Unpacking libgssglue1 (from .../libgssglue1_0.1-4_amd64.deb) ...<br />
Selecting previously deselected package libnfsidmap2.<br />
Unpacking libnfsidmap2 (from .../libnfsidmap2_0.23-2_amd64.deb) ...<br />
Selecting previously deselected package librpcsecgss3.<br />
Unpacking librpcsecgss3 (from .../librpcsecgss3_0.19-2_amd64.deb) ...<br />
Selecting previously deselected package portmap.<br />
Unpacking portmap (from .../portmap_6.0.0-1ubuntu2_amd64.deb) ...<br />
Selecting previously deselected package nfs-common.<br />
Unpacking nfs-common (from .../nfs-common_1%3a1.2.0-4ubuntu4_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Processing triggers for ureadahead ...<br />
Setting up libevent-1.4-2 (1.4.13-stable-1) ...<br />
<br />
Setting up libgssglue1 (0.1-4) ...<br />
<br />
Setting up libnfsidmap2 (0.23-2) ...<br />
<br />
Setting up librpcsecgss3 (0.19-2) ...<br />
<br />
Setting up portmap (6.0.0-1ubuntu2) ...<br />
portmap start/running, process 2830<br />
<br />
Setting up nfs-common (1:1.2.0-4ubuntu4) ... <br />
<br />
Creating config file /etc/idmapd.conf with new version <br />
<br />
Creating config file /etc/default/nfs-common with new version<br />
Adding system user `statd' (UID 104) ...<br />
Adding new user `statd' (UID 104) with group `nogroup' ...<br />
Not creating home directory `/var/lib/nfs'.<br />
statd start/running, process 3046<br />
gssd stop/pre-start, process 3071<br />
idmapd stop/pre-start, process 3099<br />
<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
Committing to: /etc/<br />
added gssapi_mech.conf<br />
added idmapd.conf<br />
modified passwd<br />
modified passwd-<br />
modified shadow<br />
modified shadow-<br />
added default/nfs-common<br />
added default/portmap<br />
added init/gssd.conf<br />
added init/idmapd.conf<br />
added init/portmap.conf<br />
added init/rpc_pipefs.conf<br />
added init/statd.conf<br />
added init.d/gssd<br />
added init.d/idmapd<br />
added init.d/portmap<br />
added init.d/rpc_pipefs<br />
added init.d/statd<br />
Committed revision 23.<br />
<br />
jj5@hope:/home$ cat /etc/fstab<br />
proc /proc proc defaults 0 0<br />
/dev/sda1 / ext3 defaults,errors=remount-ro,noatime 0 1<br />
/dev/sda2 none swap sw 0 0<br />
172.19.1.45:/home /home nfs4 rw,_netdev,auto 0 0<br />
<br />
root@hope:~# cat /etc/modules<br />
# /etc/modules: kernel modules to load at boot time.<br />
#<br />
# This file contains the names of kernel modules that should be loaded<br />
# at boot time, one per line. Lines beginning with "#" are ignored.<br />
nfs<br />
<br />
jj5@hope:/home$ cat /etc/rc.local<br />
#!/bin/sh -e<br />
#<br />
# rc.local<br />
#<br />
# This script is executed at the end of each multiuser runlevel.<br />
# Make sure that the script will "exit 0" on success or any other<br />
# value on error.<br />
#<br />
# In order to enable or disable this script just change the execution<br />
# bits.<br />
#<br />
# By default this script does nothing.<br />
<br />
#sleep 5<br />
#modprobe nfs<br />
#mount /home <br />
<br />
exit 0<br />
<br />
root@hope:~# vim /etc/default/nfs-common<br />
root@hope:~# cat /etc/default/nfs-common<br />
# If you do not set values for the NEED_ options, they will be attempted<br />
# autodetected; this should be sufficient for most people. Valid alternatives<br />
# for the NEED_ options are "yes" and "no".<br />
<br />
# Do you want to start the statd daemon? It is not needed for NFSv4.<br />
NEED_STATD=<br />
<br />
# Options for rpc.statd.<br />
# Should rpc.statd listen on a specific port? This is especially useful<br />
# when you have a port-based firewall. To use a fixed port, set this<br />
# this variable to a statd argument like: "--port 4000 --outgoing-port 4001".<br />
# For more information, see rpc.statd(8) or http://wiki.debian.org/?SecuringNFS<br />
STATDOPTS=<br />
<br />
# Do you want to start the idmapd daemon? It is only needed for NFSv4.<br />
NEED_IDMAPD=yes<br />
<br />
# Do you want to start the gssd daemon? It is required for Kerberos mounts.<br />
NEED_GSSD=<br />
<br />
= [[User:John|John]] 2011-08-15 01:07 =<br />
<br />
== Installing sshfs ==<br />
<br />
Per [http://www.saltycrane.com/blog/2010/04/notes-sshfs-ubuntu/ these notes].<br />
<br />
jj5@hope:~$ sudo -s<br />
[sudo] password for jj5:<br />
root@hope:~# apt-get install sshfs<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
fuse-utils libfuse2<br />
The following NEW packages will be installed:<br />
fuse-utils libfuse2 sshfs<br />
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 214kB of archives.<br />
After this operation, 725kB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libfuse2 2.8.1-1.1ubuntu2 [146kB]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main fuse-utils 2.8.1-1.1ubuntu2 [23.7kB]<br />
Get:3 http://archive.ubuntu.com/ubuntu/ lucid/main sshfs 2.2-1build1 [43.7kB]<br />
Fetched 214kB in 0s (260kB/s)<br />
Committing to: /etc/<br />
modified pam.d/common-password<br />
Committed revision 21.<br />
Selecting previously deselected package libfuse2.<br />
(Reading database ... 15788 files and directories currently installed.)<br />
Unpacking libfuse2 (from .../libfuse2_2.8.1-1.1ubuntu2_amd64.deb) ...<br />
Selecting previously deselected package fuse-utils.<br />
Unpacking fuse-utils (from .../fuse-utils_2.8.1-1.1ubuntu2_amd64.deb) ...<br />
Selecting previously deselected package sshfs.<br />
Unpacking sshfs (from .../sshfs_2.2-1build1_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Setting up libfuse2 (2.8.1-1.1ubuntu2) ...<br />
<br />
Setting up fuse-utils (2.8.1-1.1ubuntu2) ...<br />
creating fuse group...<br />
Adding group `fuse' (GID 106) ...<br />
Done.<br />
udev active, skipping device node creation.<br />
update-initramfs: deferring update (trigger activated)<br />
<br />
Setting up sshfs (2.2-1build1) ...<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
Processing triggers for initramfs-tools ...<br />
Committing to: /etc/<br />
modified .etckeeper<br />
added fuse.conf<br />
modified group<br />
modified group-<br />
modified gshadow<br />
modified gshadow-<br />
Committed revision 22.<br />
<br />
= [[User:John|John]] 2011-08-14 22:42 =<br />
<br />
== Fixing passwd update problem ==<br />
<br />
Was receiving the following error when running passwd:<br />
<br />
Current Kerberos password:<br />
passwd: Authentication token manipulation error<br />
passwd: password unchanged<br />
<br />
The same problem as [https://lists.ubuntu.com/archives/universe-bugs/2009-February/055905.html reported here]. To fix I changed /etc/pam.d/common-password from from:<br />
<br />
password requisite pam_krb5.so minimum_uid=1000<br />
password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512<br />
password requisite pam_deny.so<br />
password required pam_permit.so<br />
<br />
to:<br />
<br />
password sufficient pam_krb5.so minimum_uid=1000<br />
password required pam_unix.so obscure try_first_pass sha512<br />
<br />
= [[User:John|John]] 2011-08-14 17:23 =<br />
<br />
== Configuring Kerberos client ==<br />
<br />
Per [https://help.ubuntu.com/community/SingleSignOn#Client%20Configuration these instructions].<br />
<br />
jj5@hope:~$ sudo -s<br />
[sudo] password for jj5:<br />
root@hope:~# apt-get install krb5-user krb5-config libpam-krb5<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
krb5-user is already the newest version.<br />
krb5-config is already the newest version.<br />
krb5-config set to manually installed.<br />
The following NEW packages will be installed:<br />
libpam-krb5<br />
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 73.8kB of archives.<br />
After this operation, 193kB of additional disk space will be used.<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libpam-krb5 4.2-1 [73.8kB]<br />
Fetched 73.8kB in 0s (107kB/s)<br />
Selecting previously deselected package libpam-krb5.<br />
(Reading database ... 15717 files and directories currently installed.)<br />
Unpacking libpam-krb5 (from .../libpam-krb5_4.2-1_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Setting up libpam-krb5 (4.2-1) ...<br />
<br />
Committing to: /etc/<br />
modified pam.d/common-account<br />
modified pam.d/common-auth<br />
modified pam.d/common-password<br />
modified pam.d/common-session<br />
modified pam.d/common-session-noninteractive<br />
Committed revision 16.<br />
<br />
root@hope:~# hostname -f<br />
hope<br />
root@hope:~# vim /etc/hosts<br />
root@hope:~# cat /etc/hosts<br />
127.0.0.1 localhost localhost.localdomain<br />
67.207.130.204 hope.progclub.net hope<br />
root@hope:~# hostname -f<br />
hope.progclub.net<br />
<br />
root@hope:~# kadmin<br />
Authenticating as principal root/admin@PROGCLUB.ORG with password.<br />
kadmin: Client not found in Kerberos database while initializing kadmin interface<br />
root@hope:~# kadmin -u jj5/admin<br />
kadmin: invalid option -- 'u'<br />
Usage: kadmin [-r realm] [-p principal] [-q query] [clnt|local args]<br />
clnt args: [-s admin_server[:port]] [[-c ccache]|[-k [-t keytab]]]|[-n]<br />
local args: [-x db_args]* [-d dbname] [-e "enc:salt ..."] [-m]<br />
where,<br />
[-x db_args]* - any number of database specific arguments.<br />
Look at each database documentation for supported arguments<br />
root@hope:~# kadmin -p jj5/admin<br />
Authenticating as principal jj5/admin with password.<br />
Password for jj5/admin@PROGCLUB.ORG:<br />
kadmin: addprinc -randkey host/hope.progclub.net@PROGCLUB.ORG<br />
WARNING: no policy specified for host/hope.progclub.net@PROGCLUB.ORG; defaulting to no policy<br />
add_principal: Principal or policy already exists while creating "host/hope.progclub.net@PROGCLUB.ORG".<br />
kadmin: ktadd -k ~/hope.keytab host/hope.progclub.net@PROGCLUB.ORG<br />
kadmin: No such file or directory while adding key to keytab<br />
kadmin: quit<br />
root@hope:~# ls<br />
ipsec-tools.conf<br />
<br />
root@hope:~# kadmin -p jj5/admin<br />
kadmin: ktadd ~/hope.keytab host/hope.progclub.net@PROGCLUB.ORG<br />
kadmin: Principal ~/hope.keytab does not exist.<br />
Entry for principal host/hope.progclub.net@PROGCLUB.ORG with kvno 4, encryption type AES-256 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/etc/krb5.keytab.<br />
Entry for principal host/hope.progclub.net@PROGCLUB.ORG with kvno 4, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/krb5.keytab.<br />
Entry for principal host/hope.progclub.net@PROGCLUB.ORG with kvno 4, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.<br />
Entry for principal host/hope.progclub.net@PROGCLUB.ORG with kvno 4, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/etc/krb5.keytab.<br />
kadmin: quit<br />
<br />
root@hope:~# cd /etc<br />
root@hope:/etc# ll kr*<br />
-rw-r--r-- 1 root root 3504 Aug 4 13:43 krb5.conf<br />
-rw------- 1 root root 314 Aug 14 07:32 krb5.keytab<br />
<br />
root@hope:/etc# apt-get install libnss-ldapd libsasl2-modules-gssapi-mit kstart<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
libpam-ldapd nscd nslcd<br />
The following NEW packages will be installed:<br />
kstart libnss-ldapd libpam-ldapd libsasl2-modules-gssapi-mit nscd nslcd<br />
0 upgraded, 6 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 531kB of archives.<br />
After this operation, 1311kB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
<br />
<br />
Package configuration<br />
<br />
<br />
┌─────────────────────────┤ Configuring NSLCD ├──────────────────────────┐<br />
│ Please enter the Uniform Resource Identifier of the LDAP server. The │<br />
│ format is 'ldap://<hostname_or_IP_address>:<port>/'. Alternatively, │<br />
│ 'ldaps://' or 'ldapi://' can be used. The port number is optional. │<br />
│ │<br />
│ When using an ldap or ldaps scheme it is recommended to use an IP │<br />
│ address to avoid failures when domain name services are unavailable. │<br />
│ │<br />
│ Multiple URIs can be be specified by separating them with spaces. │<br />
│ │<br />
│ LDAP server URI: │<br />
│ │<br />
│ ldaps://charity.progclub.org/_________________________________________ │<br />
│ │<br />
│ <Ok> <Cancel> │<br />
│ │<br />
└────────────────────────────────────────────────────────────────────────┘<br />
<br />
Package configuration<br />
<br />
<br />
<br />
<br />
┌───────────────────────────┤ Configuring NSLCD ├───────────────────────────┐<br />
│ Please enter the distinguished name of the LDAP search base. Many sites │<br />
│ use the components of their domain names for this purpose. For example, │<br />
│ the domain "example.net" would use "dc=example,dc=net" as the │<br />
│ distinguished name of the search base. │<br />
│ │<br />
│ LDAP server search base: │<br />
│ │<br />
│ dc=progclub,dc=org_______________________________________________________ │<br />
│ │<br />
│ <Ok> <Cancel> │<br />
│ │<br />
└───────────────────────────────────────────────────────────────────────────┘<br />
<br />
Package configuration<br />
<br />
<br />
┌───────────────────────────┤ Configuring NSLCD ├───────────────────────────┐<br />
│ │<br />
│ When an encrypted connection is used, a server certificate can be │<br />
│ requested and checked. Please choose whether lookups should be │<br />
│ configured to require a certificate, and whether certificates should be │<br />
│ checked for validity: │<br />
│ * never: no certificate will be requested or checked; │<br />
│ * allow: a certificate will be requested, but it is not │<br />
│ required or checked; │<br />
│ * try: a certificate will be requested and checked, but if no │<br />
│ certificate is provided it is ignored; │<br />
│ * demand: a certificate will be requested, required, and checked. │<br />
│ If certificate checking is enabled, at least one of the tls_cacertdir or │<br />
│ tls_cacertfile options must be put in /etc/nslcd.conf. │<br />
│ │<br />
│ <Ok> │<br />
│ │<br />
└───────────────────────────────────────────────────────────────────────────┘<br />
<br />
Package configuration<br />
<br />
<br />
<br />
<br />
<br />
┌──────┤ Configuring NSLCD ├───────┐<br />
│ Check server's SSL certificate: │<br />
│ │<br />
│ never │<br />
│ * allow │<br />
│ try │<br />
│ demand │<br />
│ │<br />
│ │<br />
│ <Ok> <Cancel> │<br />
│ │<br />
└──────────────────────────────────┘<br />
<br />
Package configuration<br />
<br />
┌───────────────────────┤ Configuring libnss-ldapd ├────────────────────────┐<br />
│ For this package to work, you need to modify your /etc/nsswitch.conf to │<br />
│ use the ldap datasource. │<br />
│ │<br />
│ You can select the services that should have LDAP lookups enabled. The │<br />
│ new LDAP lookups will be added as the last datasource. Be sure to review │<br />
│ these changes. │<br />
│ │<br />
│ Name services to configure: │<br />
│ │<br />
│ [*] aliases │<br />
│ [*] ethers │<br />
│ [*] group │<br />
│ [*] hosts │<br />
│ [*] netgroup │<br />
│ [*] networks │<br />
│ [*] passwd │<br />
│ [*] protocols │<br />
│ [*] rpc │<br />
│ [*] services │<br />
│ [*] shadow │<br />
│ │<br />
│ <Ok> │<br />
│ │<br />
└───────────────────────────────────────────────────────────────────────────┘<br />
<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/universe kstart 3.16-3 [58.3kB]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/universe libsasl2-modules-gssapi-mit 2.1.23.dfsg1-5ubuntu1 [73.1kB]<br />
Get:3 http://archive.ubuntu.com/ubuntu/ lucid/universe nscd 2.11.1-0ubuntu7 [211kB]<br />
Get:4 http://archive.ubuntu.com/ubuntu/ lucid/universe nslcd 0.7.2 [120kB]<br />
Get:5 http://archive.ubuntu.com/ubuntu/ lucid/universe libnss-ldapd 0.7.2 [41.8kB]<br />
Get:6 http://archive.ubuntu.com/ubuntu/ lucid/universe libpam-ldapd 0.7.2 [27.6kB]<br />
Fetched 531kB in 1s (494kB/s)<br />
Committing to: /etc/<br />
modified .etckeeper<br />
modified hosts<br />
added krb5.keytab<br />
Committed revision 17.<br />
Preconfiguring packages ...<br />
Selecting previously deselected package kstart.<br />
(Reading database ... 15728 files and directories currently installed.)<br />
Unpacking kstart (from .../kstart_3.16-3_amd64.deb) ...<br />
Selecting previously deselected package libsasl2-modules-gssapi-mit.<br />
Unpacking libsasl2-modules-gssapi-mit (from .../libsasl2-modules-gssapi-mit_2.1.23.dfsg1-5ubuntu1_amd64.deb) ...<br />
Selecting previously deselected package nscd.<br />
Unpacking nscd (from .../nscd_2.11.1-0ubuntu7_amd64.deb) ...<br />
Selecting previously deselected package nslcd.<br />
Unpacking nslcd (from .../archives/nslcd_0.7.2_amd64.deb) ...<br />
Selecting previously deselected package libnss-ldapd.<br />
Unpacking libnss-ldapd (from .../libnss-ldapd_0.7.2_amd64.deb) ...<br />
Selecting previously deselected package libpam-ldapd.<br />
Unpacking libpam-ldapd (from .../libpam-ldapd_0.7.2_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Processing triggers for ureadahead ...<br />
Setting up kstart (3.16-3) ...<br />
Setting up libsasl2-modules-gssapi-mit (2.1.23.dfsg1-5ubuntu1) ...<br />
Setting up nscd (2.11.1-0ubuntu7) ...<br />
* Starting Name Service Cache Daemon nscd [ OK ] <br />
<br />
Setting up nslcd (0.7.2) ...<br />
Warning: The home dir /var/run/nslcd/ you specified can't be accessed: No such file or directory<br />
Adding system user `nslcd' (UID 103) ...<br />
Adding new group `nslcd' (GID 105) ...<br />
Adding new user `nslcd' (UID 103) with group `nslcd' ...<br />
Not creating home directory `/var/run/nslcd/'.<br />
* Starting LDAP connection daemon nslcd [ OK ]<br />
<br />
Setting up libnss-ldapd (0.7.2) ...<br />
/etc/nsswitch.conf: enable LDAP lookups for aliases<br />
/etc/nsswitch.conf: enable LDAP lookups for ethers<br />
/etc/nsswitch.conf: enable LDAP lookups for group<br />
/etc/nsswitch.conf: enable LDAP lookups for hosts<br />
/etc/nsswitch.conf: enable LDAP lookups for netgroup<br />
/etc/nsswitch.conf: enable LDAP lookups for networks<br />
/etc/nsswitch.conf: enable LDAP lookups for passwd<br />
/etc/nsswitch.conf: enable LDAP lookups for protocols<br />
/etc/nsswitch.conf: enable LDAP lookups for rpc<br />
/etc/nsswitch.conf: enable LDAP lookups for services<br />
/etc/nsswitch.conf: enable LDAP lookups for shadow<br />
* Restarting Name Service Cache Daemon nscd [ OK ]<br />
<br />
Setting up libpam-ldapd (0.7.2) ... <br />
<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
Committing to: /etc/<br />
modified .etckeeper<br />
modified group<br />
modified group-<br />
modified gshadow<br />
modified gshadow-<br />
added nscd.conf<br />
added nslcd.conf<br />
modified nsswitch.conf<br />
modified passwd<br />
modified passwd-<br />
modified shadow<br />
modified shadow-<br />
added init.d/nscd<br />
added init.d/nslcd<br />
modified pam.d/common-account<br />
modified pam.d/common-auth<br />
modified pam.d/common-password<br />
modified pam.d/common-session<br />
modified pam.d/common-session-noninteractive<br />
added rc0.d/K20nscd<br />
added rc0.d/K20nslcd<br />
added rc1.d/K20nscd<br />
added rc1.d/K20nslcd<br />
added rc2.d/S20nscd<br />
added rc2.d/S20nslcd<br />
added rc3.d/S20nscd<br />
added rc3.d/S20nslcd<br />
added rc4.d/S20nscd<br />
added rc4.d/S20nslcd<br />
added rc5.d/S20nscd<br />
added rc5.d/S20nslcd<br />
added rc6.d/K20nscd<br />
added rc6.d/K20nslcd<br />
Committed revision 18.<br />
<br />
root@hope:/etc# cat /etc/nsswitch.conf<br />
# /etc/nsswitch.conf<br />
#<br />
# Example configuration of GNU Name Service Switch functionality.<br />
# If you have the `glibc-doc-reference' and `info' packages installed, try:<br />
# `info libc "Name Service Switch"' for information about this file.<br />
<br />
passwd: compat ldap<br />
group: compat ldap<br />
shadow: compat ldap<br />
<br />
hosts: files dns ldap<br />
networks: files ldap<br />
<br />
protocols: db files ldap<br />
services: db files ldap<br />
ethers: db files ldap<br />
rpc: db files ldap<br />
<br />
netgroup: nis ldap<br />
aliases: ldap<br />
<br />
root@hope:/etc# cat /etc/nslcd.conf<br />
# /etc/nslcd.conf<br />
# nslcd configuration file. See nslcd.conf(5)<br />
# for details.<br />
<br />
# The user and group nslcd should run as.<br />
uid nslcd<br />
gid nslcd<br />
<br />
# The location at which the LDAP server(s) should be reachable.<br />
uri ldaps://charity.progclub.org/<br />
<br />
# The search base that will be used for all queries.<br />
base dc=progclub,dc=org<br />
<br />
# The LDAP protocol version to use.<br />
#ldap_version 3<br />
<br />
# The DN to bind with for normal lookups.<br />
#binddn cn=annonymous,dc=example,dc=net<br />
#bindpw secret<br />
<br />
# SSL options<br />
#ssl off<br />
tls_reqcert allow<br />
<br />
# The search scope.<br />
#scope sub<br />
<br />
root@hope:/etc# vim /etc/nslcd.conf<br />
<br />
# JE: 2011-08-14: https://help.ubuntu.com/community/SingleSignOn#Client%20Configuration<br />
sasl_mech GSSAPI<br />
# JE: 2011-08-14: the documentation said to add the following line, but it causes errors<br />
# so I removed it. I'm not sure what it's for. Seems to work ok without it.<br />
#krb5_ccname FILE:/tmp/host.tkt<br />
<br />
root@hope:/etc# pam-auth-update<br />
<br />
Package configuration<br />
<br />
┌───────────────────────────────────┤ ├────────────────────────────────────┐<br />
│ Pluggable Authentication Modules (PAM) determine how authentication, │<br />
│ authorization, and password changing are handled on the system, as well │<br />
│ as allowing configuration of additional actions to take when starting │<br />
│ user sessions. │<br />
│ │<br />
│ Some PAM module packages provide profiles that can be used to │<br />
│ automatically adjust the behavior of all PAM-using applications on the │<br />
│ system. Please indicate which of these behaviors you wish to enable. │<br />
│ │<br />
│ PAM profiles to enable: │<br />
│ │<br />
│ [*] Kerberos authentication │<br />
│ [*] Unix authentication │<br />
│ [ ] LDAP Authentication │<br />
│ │<br />
│ │<br />
│ <Ok> <Cancel> │<br />
│ │<br />
└───────────────────────────────────────────────────────────────────────────┘<br />
<br />
root@hope:/etc# service nslcd restart<br />
* Restarting LDAP connection daemon nslcd<br />
nslcd: /etc/nslcd.conf:30: option sasl_mech is currently not fully supported (please report any successes)<br />
nslcd: /etc/nslcd.conf:31: error accessing /tmp/host.tkt: No such file or directory<br />
[fail]<br />
root@hope:/etc# touch /tmp/host.tkt<br />
root@hope:/etc# service nslcd restart<br />
* Restarting LDAP connection daemon nslcd<br />
nslcd: /etc/nslcd.conf:30: option sasl_mech is currently not fully supported (please report any successes)<br />
[ OK ]<br />
root@hope:~# vim /etc/passwd<br />
root@hope:~# etckeeper commit "Removed jj5 from /etc/passwd"<br />
Committing to: /etc/<br />
modified nslcd.conf<br />
modified passwd<br />
modified pam.d/common-account<br />
modified pam.d/common-auth<br />
modified pam.d/common-password<br />
modified pam.d/common-session<br />
modified pam.d/common-session-noninteractive<br />
Committed revision 19.<br />
<br />
= [[User:John|John]] 2011-08-05 16:59 =<br />
<br />
== Disabling IPSec ==<br />
<br />
Can't get [[IPSec]] to work. Commented out /etc/network/if-up.d/ip and removed the policies from /etc/ipsec-tools.conf.<br />
<br />
= [[User:John|John]] 2011-08-04 23:38 =<br />
<br />
== Installing Kerberos client ==<br />
<br />
jj5@hope:~$ sudo -s<br />
[sudo] password for jj5:<br />
root@hope:~# apt-get install krb5-user krb5-config<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
bind9-host geoip-database libbind9-60 libdns64 libgeoip1 libgssrpc4 libisc60<br />
libisccc60 libisccfg60 libkadm5clnt-mit7 liblwres60<br />
Suggested packages:<br />
geoip-bin krb5-doc<br />
The following NEW packages will be installed:<br />
bind9-host geoip-database krb5-config krb5-user libbind9-60 libdns64<br />
libgeoip1 libgssrpc4 libisc60 libisccc60 libisccfg60 libkadm5clnt-mit7<br />
liblwres60<br />
0 upgraded, 13 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 2161kB of archives.<br />
After this operation, 5325kB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libgeoip1 1.4.6.dfsg-17 [109kB]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main libisc60 1:9.7.0.dfsg.P1-1 [169kB]<br />
Get:3 http://archive.ubuntu.com/ubuntu/ lucid/main libdns64 1:9.7.0.dfsg.P1-1 [690kB]<br />
Get:4 http://archive.ubuntu.com/ubuntu/ lucid/main libisccc60 1:9.7.0.dfsg.P1-1 [29.4kB]<br />
Get:5 http://archive.ubuntu.com/ubuntu/ lucid/main libisccfg60 1:9.7.0.dfsg.P1-1 [52.6kB]<br />
Get:6 http://archive.ubuntu.com/ubuntu/ lucid/main libbind9-60 1:9.7.0.dfsg.P1-1 [34.1kB]<br />
Get:7 http://archive.ubuntu.com/ubuntu/ lucid/main liblwres60 1:9.7.0.dfsg.P1-1 [47.9kB]<br />
Get:8 http://archive.ubuntu.com/ubuntu/ lucid/main bind9-host 1:9.7.0.dfsg.P1-1 [68.2kB]<br />
Get:9 http://archive.ubuntu.com/ubuntu/ lucid/main geoip-database 1.4.6.dfsg-17 [658kB]<br />
Get:10 http://archive.ubuntu.com/ubuntu/ lucid/main krb5-config 2.2 [23.0kB]<br />
Get:11 http://archive.ubuntu.com/ubuntu/ lucid/main libgssrpc4 1.8.1+dfsg-2 [81.4kB]<br />
Get:12 http://archive.ubuntu.com/ubuntu/ lucid/main libkadm5clnt-mit7 1.8.1+dfsg-2 [62.0kB]<br />
Get:13 http://archive.ubuntu.com/ubuntu/ lucid/main krb5-user 1.8.1+dfsg-2 [137kB]<br />
Fetched 2161kB in 2s (891kB/s)<br />
Preconfiguring packages ...<br />
Selecting previously deselected package libgeoip1.<br />
(Reading database ... 15611 files and directories currently installed.)<br />
Unpacking libgeoip1 (from .../libgeoip1_1.4.6.dfsg-17_amd64.deb) ...<br />
Selecting previously deselected package libisc60.<br />
Unpacking libisc60 (from .../libisc60_1%3a9.7.0.dfsg.P1-1_amd64.deb) ...<br />
Selecting previously deselected package libdns64.<br />
Unpacking libdns64 (from .../libdns64_1%3a9.7.0.dfsg.P1-1_amd64.deb) ...<br />
Selecting previously deselected package libisccc60.<br />
Unpacking libisccc60 (from .../libisccc60_1%3a9.7.0.dfsg.P1-1_amd64.deb) ...<br />
Selecting previously deselected package libisccfg60.<br />
Unpacking libisccfg60 (from .../libisccfg60_1%3a9.7.0.dfsg.P1-1_amd64.deb) ...<br />
Selecting previously deselected package libbind9-60.<br />
Unpacking libbind9-60 (from .../libbind9-60_1%3a9.7.0.dfsg.P1-1_amd64.deb) ...<br />
Selecting previously deselected package liblwres60.<br />
Unpacking liblwres60 (from .../liblwres60_1%3a9.7.0.dfsg.P1-1_amd64.deb) ...<br />
Selecting previously deselected package bind9-host.<br />
Unpacking bind9-host (from .../bind9-host_1%3a9.7.0.dfsg.P1-1_amd64.deb) ...<br />
Selecting previously deselected package geoip-database.<br />
Unpacking geoip-database (from .../geoip-database_1.4.6.dfsg-17_all.deb) ...<br />
Selecting previously deselected package krb5-config.<br />
Unpacking krb5-config (from .../krb5-config_2.2_all.deb) ...<br />
Selecting previously deselected package libgssrpc4.<br />
Unpacking libgssrpc4 (from .../libgssrpc4_1.8.1+dfsg-2_amd64.deb) ...<br />
Selecting previously deselected package libkadm5clnt-mit7.<br />
Unpacking libkadm5clnt-mit7 (from .../libkadm5clnt-mit7_1.8.1+dfsg-2_amd64.deb) ...<br />
Selecting previously deselected package krb5-user.<br />
Unpacking krb5-user (from .../krb5-user_1.8.1+dfsg-2_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Setting up libgeoip1 (1.4.6.dfsg-17) ...<br />
<br />
Setting up libisc60 (1:9.7.0.dfsg.P1-1) ...<br />
<br />
Setting up libdns64 (1:9.7.0.dfsg.P1-1) ...<br />
<br />
Setting up libisccc60 (1:9.7.0.dfsg.P1-1) ...<br />
<br />
Setting up libisccfg60 (1:9.7.0.dfsg.P1-1) ...<br />
<br />
Setting up libbind9-60 (1:9.7.0.dfsg.P1-1) ...<br />
<br />
Setting up liblwres60 (1:9.7.0.dfsg.P1-1) ...<br />
<br />
Setting up bind9-host (1:9.7.0.dfsg.P1-1) ...<br />
Setting up geoip-database (1.4.6.dfsg-17) ...<br />
Setting up krb5-config (2.2) ...<br />
<br />
Setting up libgssrpc4 (1.8.1+dfsg-2) ...<br />
<br />
Setting up libkadm5clnt-mit7 (1.8.1+dfsg-2) ...<br />
<br />
Setting up krb5-user (1.8.1+dfsg-2) ...<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
Committing to: /etc/<br />
added krb5.conf<br />
Committed revision 13.<br />
<br />
Package configuration<br />
<br />
<br />
<br />
┌──────────────────┤ Configuring Kerberos Authentication ├──────────────────┐<br />
│ When users attempt to use Kerberos and specify a principal or user name │<br />
│ without specifying what administrative Kerberos realm that principal │<br />
│ belongs to, the system appends the default realm. The default realm may │<br />
│ also be used as the realm of a Kerberos service running on the local │<br />
│ machine. Often, the default realm is the uppercase version of the local │<br />
│ DNS domain. │<br />
│ │<br />
│ Default Kerberos version 5 realm: │<br />
│ │<br />
│ PROGCLUB.ORG_____________________________________________________________ │<br />
│ │<br />
│ <Ok> │<br />
│ │<br />
└───────────────────────────────────────────────────────────────────────────┘<br />
<br />
Package configuration<br />
<br />
<br />
<br />
<br />
<br />
┌────────────────┤ Configuring Kerberos Authentication ├─────────────────┐<br />
│ Enter the hostnames of Kerberos servers in the PROGCLUB.ORG Kerberos │<br />
│ realm separated by spaces. │<br />
│ │<br />
│ Kerberos servers for your realm: │<br />
│ │<br />
│ kerberos.progclub.org_________________________________________________ │<br />
│ │<br />
│ <Ok> │<br />
│ │<br />
└────────────────────────────────────────────────────────────────────────┘<br />
<br />
Package configuration<br />
<br />
<br />
<br />
<br />
<br />
┌──────────────────┤ Configuring Kerberos Authentication ├──────────────────┐<br />
│ Enter the hostname of the administrative (password changing) server for │<br />
│ the PROGCLUB.ORG Kerberos realm. │<br />
│ │<br />
│ Administrative server for your Kerberos realm: │<br />
│ │<br />
│ kerberos.progclub.org____________________________________________________ │<br />
│ │<br />
│ <Ok> │<br />
│ │<br />
└───────────────────────────────────────────────────────────────────────────┘<br />
<br />
= [[User:John|John]] 2011-07-30 18:05 =<br />
<br />
== Configuring IPSec ==<br />
<br />
jj5@hope:~$ sudo -s<br />
[sudo] password for jj5:<br />
root@hope:~# apt-get install racoon<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following NEW packages will be installed:<br />
racoon<br />
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 0B/433kB of archives.<br />
After this operation, 1217kB of additional disk space will be used.<br />
Committing to: /etc/<br />
modified ipsec-tools.conf<br />
modified ipsec-tools.conf.bak<br />
added iptables.up.rules<br />
Committed revision 10.<br />
Preconfiguring packages ...<br />
Selecting previously deselected package racoon.<br />
(Reading database ... 15611 files and directories currently installed.)<br />
Unpacking racoon (from .../racoon_1%3a0.7.1-1.6ubuntu1_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Processing triggers for ureadahead ...<br />
Setting up racoon (1:0.7.1-1.6ubuntu1) ...<br />
Starting IKE (ISAKMP/Oakley) server: racoon.<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
<br />
root@hope:~# cd /etc/network/if-pre-up.d/<br />
root@hope:/etc/network/if-pre-up.d# ll<br />
total 12<br />
drwxr-xr-x 2 root root 4096 Apr 22 2010 ./<br />
drwxr-xr-x 6 root root 4096 Apr 22 2010 ../<br />
-rwxr-xr-x 1 root root 348 Dec 21 2009 ethtool*<br />
root@hope:/etc/network/if-pre-up.d# vim iptables<br />
<br />
#!/bin/sh<br />
/sbin/iptables-restore < /etc/iptables.up.rules<br />
<br />
root@hope:/etc/network/if-pre-up.d# vim ip<br />
<br />
#!/bin/sh<br />
# Charity<br />
ip route add 67.207.128.184 dev eth0 advmss 200<br />
# Honesty<br />
ip route add 67.207.129.103 dev eth0 advmss 200<br />
<br />
root@hope:/etc/network/if-pre-up.d# chmod +x iptables ip<br />
root@hope:/etc/network/if-pre-up.d# ll<br />
total 20<br />
drwxr-xr-x 2 root root 4096 Jul 30 08:11 ./<br />
drwxr-xr-x 6 root root 4096 Apr 22 2010 ../<br />
-rwxr-xr-x 1 root root 348 Dec 21 2009 ethtool*<br />
-rwxr-xr-x 1 root root 126 Jul 30 08:11 ip*<br />
-rwxr-xr-x 1 root root 58 Jul 30 08:09 iptables*<br />
root@hope:/etc/network/if-pre-up.d# cd /etc<br />
root@hope:/etc# vim iptables.up.rules<br />
<br />
*filter<br />
# Allow all loopback (lo0) traffic<br />
-A INPUT -i lo -j ACCEPT<br />
# Drop all traffic to 127/8 that does use lo0<br />
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT<br />
# Accept all established inbound connections<br />
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT<br />
# Allow all outbound traffic<br />
-A OUTPUT -j ACCEPT<br />
# Allow HTTP and HTTPS connections from anywhere<br />
-A INPUT -p tcp --dport 80 -j ACCEPT<br />
-A INPUT -p tcp --dport 443 -j ACCEPT<br />
# Allow SSH connections<br />
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT<br />
# Accept anything from charity<br />
-A INPUT -s 67.207.128.184 -j ACCEPT<br />
# Accept anything from honesty<br />
-A INPUT -s 67.207.129.103 -j ACCEPT<br />
# Allow MySQL connections from John's house<br />
-A INPUT -s 60.240.67.126/32 -p tcp -m tcp --dport 3306 -j ACCEPT<br />
# Allow MySQL connections from localhost<br />
-A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 3306 -j ACCEPT<br />
# Allow ping<br />
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT<br />
# log iptables denied calls<br />
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7<br />
#-A INPUT -j LOG --log-prefix "iptables debug: " --log-level 7<br />
# Reject all other inbound - default deny unless explicitly allowed policy<br />
-A INPUT -j REJECT<br />
-A FORWARD -j REJECT<br />
COMMIT<br />
<br />
root@hope:/etc# vim ipsec-tools.conf<br />
<br />
# Hope/Charity security policy<br />
spdadd 67.207.130.204 67.207.128.184 any -P out ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
spdadd 67.207.128.184 67.207.130.204 any -P in ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
# Hope/Honesty security policy<br />
spdadd 67.207.130.204 67.207.129.103 any -P out ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
spdadd 67.207.129.103 67.207.130.204 any -P in ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
<br />
root@hope:/etc# vim racoon/psk.txt<br />
<br />
# Charity<br />
67.207.128.184 <secret><br />
# Honesty<br />
67.207.129.103 <secret><br />
<br />
root@hope:/etc# ll racoon/psk.txt<br />
-rw------- 1 root root 95 Jul 30 08:21 racoon/psk.txt<br />
<br />
root@hope:/etc# vim racoon/racoon.conf<br />
<br />
path pre_shared_key "/etc/racoon/psk.txt";<br />
path certificate "/etc/racoon/certs";<br />
remote anonymous {<br />
exchange_mode main,aggressive;<br />
proposal {<br />
encryption_algorithm aes;<br />
hash_algorithm sha1;<br />
authentication_method pre_shared_key;<br />
dh_group modp1024;<br />
}<br />
generate_policy off;<br />
}<br />
sainfo anonymous {<br />
pfs_group modp768;<br />
encryption_algorithm aes;<br />
authentication_algorithm hmac_sha1;<br />
compression_algorithm deflate;<br />
}<br />
#log debug2;<br />
<br />
root@hope:/etc# vim racoon/racoon.conf<br />
root@hope:/etc# /etc/init.d/racoon stop<br />
Stopping IKE (ISAKMP/Oakley) server: racoon.<br />
root@hope:/etc# /etc/init.d/setkey restart<br />
Reloading IPsec SA/SP database: done.<br />
root@hope:/etc# /etc/init.d/racoon start<br />
Starting IKE (ISAKMP/Oakley) server: racoon.<br />
root@hope:/etc# etckeeper commit "Configured IPSec"<br />
Committing to: /etc/<br />
modified ipsec-tools.conf<br />
modified iptables.up.rules<br />
added network/if-pre-up.d/ip<br />
added network/if-pre-up.d/iptables<br />
modified racoon/psk.txt<br />
modified racoon/racoon.conf<br />
Committed revision 11.<br />
root@hope:/etc# /etc/network/if-pre-up.d/ip<br />
RTNETLINK answers: File exists<br />
<br />
That ought to do it!<br />
<br />
...it didn't do it.<br />
<br />
root@hope:~# apt-get remove racoon<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following packages will be REMOVED:<br />
racoon<br />
0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.<br />
After this operation, 1217kB disk space will be freed.<br />
Do you want to continue [Y/n]?<br />
(Reading database ... 15675 files and directories currently installed.)<br />
Removing racoon ...<br />
Stopping IKE (ISAKMP/Oakley) server: racoon.<br />
Processing triggers for ureadahead ...<br />
Processing triggers for man-db ...<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
<br />
root@hope:~# dd if=/dev/random count=24 bs=1| xxd -ps<br />
root@hope:~# dd if=/dev/random count=24 bs=1| xxd -ps<br />
root@hope:~# dd if=/dev/random count=20 bs=1| xxd -ps<br />
root@hope:~# dd if=/dev/random count=20 bs=1| xxd -ps<br />
root@hope:~# vim /etc/ipsec-tools.conf<br />
<br />
#!/usr/sbin/setkey -f<br />
# Flush the SAD and SPD<br />
flush;<br />
spdflush;<br />
# Charity/Hope configuration<br />
# ESP SAs using 192 bit long keys (168 + 24 parity)<br />
add 67.207.128.184 67.207.130.204 esp 1 -E aes-cbc<br />
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef;<br />
add 67.207.130.204 67.207.128.184 esp 2 -E aes-cbc<br />
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef;<br />
# AH SAs using 160 bit long keys<br />
add 67.207.128.184 67.207.130.204 ah 3 -A hmac-sha1<br />
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef;<br />
add 67.207.130.204 67.207.128.184 ah 4 -A hmac-sha1<br />
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef;<br />
# Security policies<br />
spdadd 67.207.130.204 67.207.128.184 any -P out ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
spdadd 67.207.128.184 67.207.130.204 any -P in ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
# Hope/Honesty configuration<br />
# ESP SAs using 192 bit long keys (168 + 24 parity)<br />
add 67.207.130.204 67.207.129.103 esp 9 -E aes-cbc<br />
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef;<br />
add 67.207.129.103 67.207.130.204 esp 10 -E aes-cbc<br />
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef;<br />
# AH SAs using 160 bit long keys<br />
add 67.207.130.204 67.207.129.103 ah 11 -A hmac-sha1<br />
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef;<br />
add 67.207.129.103 67.207.130.204 ah 12 -A hmac-sha1<br />
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef;<br />
# Security policies<br />
spdadd 67.207.130.204 67.207.129.103 any -P out ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
spdadd 67.207.129.103 67.207.130.204 any -P in ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
<br />
root@hope:~# /etc/init.d/setkey restart<br />
Reloading IPsec SA/SP database: done.<br />
root@hope:~# cd /etc/network<br />
root@hope:/etc/network# ls<br />
if-down.d if-post-down.d if-pre-up.d if-up.d interfaces<br />
root@hope:/etc/network# mv if-pre-up.d/ip if-up.d/<br />
root@hope:/etc/network# if-up.d/ip<br />
root@hope:/etc# etckeeper commit "Configured IPSec"<br />
Committing to: /etc/<br />
modified ipsec-tools.conf<br />
missing network/if-pre-up.d/ip<br />
modified network/if-pre-up.d/ip<br />
added network/if-up.d/ip<br />
Committed revision 12.<br />
<br />
The other end of the connections have been configured on [[Charity_admin#John_2011-07-30_17:15|charity]] and [[Honesty_admin#John_2011-07-30_19:30|honesty]].<br />
<br />
Works!<br />
<br />
= [[User:John|John]] 2011-07-30 09:45 =<br />
<br />
== Configuring racoon ==<br />
<br />
See [[Charity_Admin#John_2011-07-30_09:38|the Charity Admin section]] for the other half of the configuration.<br />
<br />
# vim /etc/racoon/psk.txt<br />
<br />
# Charity<br />
67.207.128.184 <secret><br />
<br />
# vim /etc/racoon/racoon.conf<br />
<br />
remote 67.207.128.184 {<br />
exchange_mode main,aggressive;<br />
proposal {<br />
encryption_algorithm 3des;<br />
hash_algorithm sha1;<br />
authentication_method pre_shared_key;<br />
dh_group modp1024;<br />
}<br />
generate_policy off;<br />
}<br />
<br />
sainfo address 67.207.128.184[any] any address 67.207.128.184/32[any] any {<br />
pfs_group modp768;<br />
encryption_algorithm 3des;<br />
authentication_algorithm hmac_md5;<br />
compression_algorithm deflate;<br />
}<br />
<br />
# vim /etc/ipsec-tools.conf<br />
<br />
# Security policies<br />
spdadd 67.207.128.184 67.207.130.204 any -P in ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
spdadd 67.207.130.204 67.207.128.184 any -P out ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
<br />
root@hope:/etc/racoon# /etc/init.d/racoon stop<br />
Stopping IKE (ISAKMP/Oakley) server: racoon.<br />
root@hope:/etc/racoon# /etc/init.d/setkey restart<br />
Reloading IPsec SA/SP database: done.<br />
root@hope:/etc/racoon# /etc/init.d/racoon start<br />
Starting IKE (ISAKMP/Oakley) server: racoon.<br />
<br />
= [[User:John|John]] 2011-07-30 01:49 =<br />
<br />
== Adding user jj5 ==<br />
<br />
I had hoped to have LDAP and SSO operational before adding users to the any user machines, but it looks like there's nothing for it. Debuggin IPSec is a pain, and I need to login to hope all the time, and I'm sick of typing in the long random root password.<br />
<br />
root@hope:~# adduser jj5<br />
Adding user `jj5' ...<br />
Adding new group `jj5' (1000) ...<br />
Adding new user `jj5' (1000) with group `jj5' ...<br />
Creating home directory `/home/jj5' ...<br />
Copying files from `/etc/skel' ...<br />
Enter new UNIX password:<br />
Retype new UNIX password:<br />
passwd: password updated successfully<br />
Changing the user information for jj5<br />
Enter the new value, or press ENTER for the default<br />
Full Name []: John Elliot<br />
Room Number []:<br />
Work Phone []:<br />
Home Phone []:<br />
Other []:<br />
Is the information correct? [Y/n]<br />
root@hope:~# gpasswd -a jj5 sudo<br />
Adding user jj5 to group sudo<br />
<br />
= [[User:John|John]] 2011-07-30 00:04 =<br />
<br />
== Installing racoon ==<br />
<br />
Having some trouble with IPSec, going to try using racoon.<br />
<br />
root@hope:/etc# apt-get install racoon<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following NEW packages will be installed:<br />
racoon<br />
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 433kB of archives.<br />
After this operation, 1217kB of additional disk space will be used.<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main racoon 1:0.7.1-1.6ubuntu1 [433kB]<br />
Fetched 433kB in 1s (377kB/s)<br />
Committing to: /etc/<br />
modified .etckeeper<br />
modified ipsec-tools.conf<br />
added ipsec-tools.conf.bak<br />
Committed revision 7.<br />
Preconfiguring packages ...<br />
Selecting previously deselected package racoon.<br />
(Reading database ... 15606 files and directories currently installed.)<br />
Unpacking racoon (from .../racoon_1%3a0.7.1-1.6ubuntu1_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Processing triggers for ureadahead ...<br />
Setting up racoon (1:0.7.1-1.6ubuntu1) ...<br />
Generating /etc/default/racoon...<br />
Starting IKE (ISAKMP/Oakley) server: racoon.<br />
<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
Committing to: /etc/<br />
modified .etckeeper<br />
added racoon<br />
added default/racoon<br />
added init.d/racoon<br />
added racoon/psk.txt<br />
added racoon/racoon-tool.conf<br />
added racoon/racoon.conf<br />
added rc1.d/K89racoon<br />
added rcS.d/S40racoon<br />
Committed revision 8.<br />
<br />
The install prompted for Package configuration information, and I choose the 'direct' configuration method (the default) over 'racoon-tool', the other option.<br />
<br />
┌──────────────────────────┤ Configuring racoon ├──────────────────────────┐<br />
│ Racoon can be configured two ways, either by directly editing │<br />
│ /etc/racoon/racoon.conf or using the racoon-tool administrative front │<br />
│ end. racoon-tool is now deprecated and is only available for backward │<br />
│ compatibility. New installations should always use the "direct" method. │<br />
│ │<br />
│ Configuration mode for racoon IKE daemon. │<br />
│ │<br />
│ direct │<br />
│ racoon-tool │<br />
│ │<br />
│ │<br />
│ <Ok> │<br />
│ │<br />
└──────────────────────────────────────────────────────────────────────────┘<br />
<br />
= [[User:John|John]] 2011-07-29 00:13 =<br />
<br />
== Installing IPSec ==<br />
<br />
# apt-get install ipsec-tools<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following NEW packages will be installed:<br />
ipsec-tools<br />
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 111kB of archives.<br />
After this operation, 274kB of additional disk space will be used.<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main ipsec-tools 1:0.7.1-1.6ubuntu1 [111kB]<br />
Fetched 111kB in 0s (157kB/s)<br />
Selecting previously deselected package ipsec-tools.<br />
(Reading database ... 15571 files and directories currently installed.)<br />
Unpacking ipsec-tools (from .../ipsec-tools_1%3a0.7.1-1.6ubuntu1_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Processing triggers for ureadahead ...<br />
Setting up ipsec-tools (1:0.7.1-1.6ubuntu1) ...<br />
<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
Committing to: /etc/<br />
modified .etckeeper<br />
added ipsec-tools.conf<br />
added default/setkey<br />
added init.d/setkey<br />
added rcS.d/S37setkey<br />
Committed revision 2.<br />
<br />
# vim /etc/ipsec-tools.conf<br />
<br />
#!/usr/sbin/setkey -f<br />
<br />
# NOTE: Do not use this file if you use racoon with racoon-tool<br />
# utility. racoon-tool will setup SAs and SPDs automatically using<br />
# /etc/racoon/racoon-tool.conf configuration.<br />
#<br />
<br />
# Flush the SAD and SPD<br />
flush;<br />
spdflush;<br />
<br />
# AH SAs using 128 bit long keys<br />
add 67.207.128.184 67.207.130.204 ah 0x200 -A hmac-md5<br />
0x<ah_1>;<br />
add 67.207.130.204 67.207.128.184 ah 0x300 -A hmac-md5<br />
0x<ah_2>;<br />
<br />
# ESP SAs using 192 bit long keys (168 + 24 parity)<br />
add 67.207.128.184 67.207.130.204 esp 0x201 -E 3des-cbc<br />
0x<esp_1>;<br />
add 67.207.130.204 67.207.128.184 esp 0x301 -E 3des-cbc<br />
0x<esp_2>;<br />
<br />
# Security policies<br />
spdadd 67.207.128.184 67.207.130.204 any -P in ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
<br />
spdadd 67.207.130.204 67.207.128.184 any -P out ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
<br />
# sudo chmod 750 /etc/ipsec-tools.conf<br />
# sudo /etc/init.d/setkey start<br />
* Loading IPsec SA/SP database from /etc/ipsec-tools.conf: [ OK ]<br />
$ sudo etckeeper commit "Configured IPSec between charity and hope"<br />
Committing to: /etc/<br />
modified .etckeeper<br />
modified ipsec-tools.conf<br />
Committed revision 3.<br />
<br />
Done!<br />
<br />
= [[User:John|John]] 2011-07-29 00:12 =<br />
<br />
== Installing Etckeeper ==<br />
<br />
Per [[Charity_Admin#Setting_up_Etckeeper|the instructions]],<br />
<br />
# apt-get install etckeeper<br />
<br />
That was it. The output was too extensive to report here.<br />
<br />
= [[User:John|John]] 2011-07-25 19:41 =<br />
<br />
The hope.progclub.org slice has has been created, and the host added to to the DNS zones, but apart from that it's not configured presently.</div>60.240.67.126https://www.progclub.org/wiki/mediawiki/index.php?title=Charity_admin&diff=2211Charity admin2011-11-30T04:53:23Z<p>60.240.67.126: </p>
<hr />
<div>This page chronicles the administrative changes to [[Charity|charity.progclub.org]]. If you make an administrative change you should document the change here. Changes are logged here in reverse chronological order with a time-stamp in the form YYYY-MM-DD hh:mm. You can use the time from whatever timezone you are in, or UTC if you're cool, but use 24 hour time. Don't worry if the changes you make have a time-stamp that is less than a time-stamp later in the page, put the latest changes at the top. Put a link to your wiki user account before the time-stamp so we know who's doing what. See the [[Administrative reference]] for other information.<br />
<br />
= [[User:John|John]] 2011-11-30 15:51 =<br />
<br />
== Web-site goes HTTPS ==<br />
<br />
Found [http://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html this article] which suggested the following in /etc/apache2/sites-enabled/default<br />
<br />
RewriteEngine On<br />
RewriteCond %{HTTPS} off<br />
RewriteRule (.*) https://www.progclub.org%{REQUEST_URI}<br />
<br />
This has two benefits. One is that all web requests will be redirected to the secure site, and the second is that all HTTP requests will be redirected to the canonical domain.<br />
<br />
= [[User:John|John]] 2011-11-30 06:57 =<br />
<br />
== Getting rid of =3D in svn-mailer commit hook ==<br />
<br />
Found [http://dag.wieers.com/blog/getting-rid-of-3d-in-svnmailer this article] which suggested editing svn-mailer config file /etc/pcrepo-mailer.conf and adding:<br />
<br />
[defaults]<br />
mail_transfer_encoding = 8bit<br />
<br />
= [[User:John|John]] 2011-11-27 13:37 =<br />
<br />
== Fixing NFSv4 (nfs4) IDMAP problem ==<br />
<br />
There was a problem with the idmap service whereby NFS clients where reporting user and group of nobody and nogroup. The problem was with the idmap configuration. I found [http://www.novell.com/support/dynamickc.do?cmd=show&forward=nonthreadedKC&docType=kc&externalId=7005060&sliceId=1 this article] which suggested adding the Method=nsswitch setting in the <nowiki>[Transalation]</nowiki> section, so I edited the /etc/idmapd.conf file on all the servers to be the following:<br />
<br />
[General]<br />
Verbosity = 0<br />
Pipefs-Directory = /var/lib/nfs/rpc_pipefs<br />
Domain = progclub.org<br />
<br />
[Mapping]<br />
Nobody-User = nobody<br />
Nobody-Group = nogroup<br />
<br />
[Translation]<br />
Method=nsswitch<br />
<br />
Note that I specified the domain progclub.org too, rather than localdomain. I don't think that was necessary, I think the important bit was Method=nsswitch. It's all working properly now and ls -al reports correct user and group.<br />
<br />
= [[User:John|John]] 2011-09-19 23:39 =<br />
<br />
== Installing PHP SQLite ==<br />
<br />
root@charity:~# apt-get install php5-sqlite<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following NEW packages will be installed:<br />
php5-sqlite<br />
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 55.3kB of archives.<br />
After this operation, 225kB of additional disk space will be used.<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid-updates/main php5-sqlite 5.3.2-1ubuntu4.9 [55.3kB]<br />
Fetched 55.3kB in 0s (108kB/s)<br />
Committing to: /etc/<br />
modified php5/conf.d/imap.ini<br />
modified php5/conf.d/mcrypt.ini<br />
Committed revision 91.<br />
Selecting previously deselected package php5-sqlite.<br />
(Reading database ... 29504 files and directories currently installed.)<br />
Unpacking php5-sqlite (from .../php5-sqlite_5.3.2-1ubuntu4.9_amd64.deb) ...<br />
Processing triggers for libapache2-mod-php5 ...<br />
* Reloading web server config apache2 [ OK ]<br />
Setting up php5-sqlite (5.3.2-1ubuntu4.9) ...<br />
Committing to: /etc/<br />
added php5/conf.d/pdo_sqlite.ini<br />
added php5/conf.d/sqlite.ini<br />
added php5/conf.d/sqlite3.ini<br />
Committed revision 92.<br />
<br />
root@charity:~# apache2ctl graceful<br />
<br />
<br />
= [[User:John|John]] 2011-09-05 01:48 =<br />
<br />
== Removing 'nofollow' from list archvies ==<br />
<br />
root@charity:/var/lib/mailman/templates/en# vim article.html<br />
<br />
Changed:<br />
<br />
<META NAME="robots" CONTENT="index,nofollow"><br />
<br />
To:<br />
<br />
<META NAME="robots" CONTENT="index,follow"><br />
<br />
= [[User:John|John]] 2011-09-02 17:10 =<br />
<br />
== Installing roundcube ==<br />
<br />
root@charity:~/bin# mysql -p<br />
Enter password:<br />
Welcome to the MySQL monitor. Commands end with ; or \g.<br />
Your MySQL connection id is 17222<br />
Server version: 5.1.41-3ubuntu12.10 (Ubuntu) <br />
<br />
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.<br />
<br />
mysql> create database roundcubedb /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;<br />
Query OK, 1 row affected (0.00 sec)<br />
<br />
mysql> grant all privileges on roundcubedb.* to roundcube@localhost identified by 'secret';<br />
Query OK, 0 rows affected (0.16 sec)<br />
<br />
mysql> quit<br />
Bye<br />
<br />
root@charity:~/bin# mysql -p roundcubedb < /var/www/www.progclub.org/pcwebmail/roundcube/SQL/mysql.initial.sql<br />
Enter password:<br />
<br />
<br />
<br />
= [[User:John|John]] 2011-08-27 16:37 =<br />
<br />
== Updating fail2ban jail.conf ==<br />
<br />
/etc/fail2ban/jail.conf was updated to enable fail2ban filtering on most services, and to send abuse reports to admin@progclub.org.<br />
<br />
= [[User:John|John]] 2011-08-27 09:07 =<br />
<br />
== Fixing missing /etc/postfix/spamalias.db error ==<br />
<br />
I was seeing entries like this in /var/log/mail.log:<br />
<br />
Aug 21 09:36:53 charity postfix/local[5094]: fatal: open database /etc/postfix/spamalias.db: No such file or directory<br />
Aug 21 09:36:54 charity postfix/master[3001]: warning: process /usr/lib/postfix/local pid 5094 exit status 1<br />
Aug 21 09:36:54 charity postfix/master[3001]: warning: /usr/lib/postfix/local: bad command startup -- throttling<br />
<br />
I took a wild guess and ran:<br />
<br />
root@charity:/etc/postfix# postalias spamalias<br />
<br />
That created a spamalias.db file. Hopefully that fixes the problem.<br />
<br />
= [[User:John|John]] 2011-08-21 02:13 =<br />
<br />
== Installing spamassassin ==<br />
<br />
Following [http://townx.org/blog/elliot/simple_spamassassin_setup_with_postfix_and_dovecot_on_ubuntu_breezy these instructions].<br />
<br />
root@charity:~# apt-get install spamassassin spamc<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
binutils gcc gcc-4.4 libc-dev-bin libc6-dev libdigest-hmac-perl<br />
libdigest-sha1-perl liberror-perl libfont-afm-perl libgomp1<br />
libhtml-format-perl libhtml-parser-perl libhtml-tagset-perl<br />
libhtml-tree-perl libio-socket-inet6-perl libmail-spf-perl libmailtools-perl<br />
libnet-dns-perl libnet-ip-perl libnetaddr-ip-perl libsocket6-perl<br />
libsys-hostname-long-perl liburi-perl libwww-perl linux-libc-dev<br />
manpages-dev re2c<br />
Suggested packages:<br />
binutils-doc gcc-multilib autoconf automake1.9 libtool flex bison gdb<br />
gcc-doc gcc-4.4-multilib libmudflap0-4.4-dev gcc-4.4-doc gcc-4.4-locales<br />
libgcc1-dbg libgomp1-dbg libmudflap0-dbg libcloog-ppl0 libppl-c2 libppl7<br />
glibc-doc libdata-dump-perl libcrypt-ssleay-perl libio-socket-ssl-perl razor<br />
libnet-ident-perl pyzor libmail-dkim-perl<br />
The following NEW packages will be installed:<br />
binutils gcc gcc-4.4 libc-dev-bin libc6-dev libdigest-hmac-perl<br />
libdigest-sha1-perl liberror-perl libfont-afm-perl libgomp1<br />
libhtml-format-perl libhtml-parser-perl libhtml-tagset-perl<br />
libhtml-tree-perl libio-socket-inet6-perl libmail-spf-perl libmailtools-perl<br />
libnet-dns-perl libnet-ip-perl libnetaddr-ip-perl libsocket6-perl<br />
libsys-hostname-long-perl liburi-perl libwww-perl linux-libc-dev<br />
manpages-dev re2c spamassassin spamc<br />
0 upgraded, 29 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 13.0MB of archives.<br />
After this operation, 45.6MB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libfont-afm-perl 1.20-1 [14.3kB]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main liburi-perl 1.52-1 [96.8kB]<br />
Get:3 http://archive.ubuntu.com/ubuntu/ lucid/main libhtml-tagset-perl 3.20-2 [13.5kB]<br />
Get:4 http://archive.ubuntu.com/ubuntu/ lucid/main libhtml-parser-perl 3.64-1 [114kB]<br />
Get:5 http://archive.ubuntu.com/ubuntu/ lucid/main libhtml-tree-perl 3.23-1 [209kB]<br />
Get:6 http://archive.ubuntu.com/ubuntu/ lucid/main libhtml-format-perl 2.04-2 [39.6kB]<br />
Get:7 http://archive.ubuntu.com/ubuntu/ lucid/main libmailtools-perl 2.05-1 [98.0kB]<br />
Get:8 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libwww-perl 5.834-1ubuntu0.1 [401kB]<br />
Get:9 http://archive.ubuntu.com/ubuntu/ lucid-updates/main binutils 2.20.1-3ubuntu7.1 [1,658kB]<br />
Get:10 http://archive.ubuntu.com/ubuntu/ lucid/main libgomp1 4.4.3-4ubuntu5 [25.5kB]<br />
Get:11 http://archive.ubuntu.com/ubuntu/ lucid/main gcc-4.4 4.4.3-4ubuntu5 [2,877kB]<br />
Get:12 http://archive.ubuntu.com/ubuntu/ lucid/main gcc 4:4.4.3-1ubuntu1 [5,064B]<br />
Get:13 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libc-dev-bin 2.11.1-0ubuntu7.8 [224kB]<br />
Get:14 http://archive.ubuntu.com/ubuntu/ lucid-updates/main linux-libc-dev 2.6.32-33.72 [841kB]<br />
Get:15 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libc6-dev 2.11.1-0ubuntu7.8 [2,706kB]<br />
Get:16 http://archive.ubuntu.com/ubuntu/ lucid/main libdigest-sha1-perl 2.12-1build1 [26.7kB]<br />
Get:17 http://archive.ubuntu.com/ubuntu/ lucid/main libdigest-hmac-perl 1.01-7 [10.6kB]<br />
Get:18 http://archive.ubuntu.com/ubuntu/ lucid/main liberror-perl 0.17-1 [23.8kB]<br />
Get:19 http://archive.ubuntu.com/ubuntu/ lucid/main libsocket6-perl 0.23-1 [28.4kB]<br />
Get:20 http://archive.ubuntu.com/ubuntu/ lucid/main libio-socket-inet6-perl 2.54-1.1 [15.1kB]<br />
Get:21 http://archive.ubuntu.com/ubuntu/ lucid/main libnetaddr-ip-perl 4.024+dfsg-1build1 [98.0kB]<br />
Get:22 http://archive.ubuntu.com/ubuntu/ lucid/main libnet-ip-perl 1.25-2 [30.3kB]<br />
Get:23 http://archive.ubuntu.com/ubuntu/ lucid/main libnet-dns-perl 0.65-1build1 [278kB]<br />
Get:24 http://archive.ubuntu.com/ubuntu/ lucid/main libmail-spf-perl 2.007-1 [125kB]<br />
Get:25 http://archive.ubuntu.com/ubuntu/ lucid/main libsys-hostname-long-perl 1.4-2 [11.4kB]<br />
Get:26 http://archive.ubuntu.com/ubuntu/ lucid/main manpages-dev 3.23-1 [1,547kB]<br />
Get:27 http://archive.ubuntu.com/ubuntu/ lucid/main re2c 0.13.5-1build1 [221kB]<br />
Get:28 http://archive.ubuntu.com/ubuntu/ lucid/main spamassassin 3.3.1-1 [1,232kB]<br />
Get:29 http://archive.ubuntu.com/ubuntu/ lucid/main spamc 3.3.1-1 [70.6kB]<br />
Fetched 13.0MB in 7s (1,831kB/s)<br />
Committing to: /etc/<br />
modified pcrepo-mailer.conf<br />
Committed revision 72.<br />
Selecting previously deselected package libfont-afm-perl.<br />
(Reading database ... 25257 files and directories currently installed.)<br />
Unpacking libfont-afm-perl (from .../libfont-afm-perl_1.20-1_all.deb) ...<br />
Selecting previously deselected package liburi-perl.<br />
Unpacking liburi-perl (from .../liburi-perl_1.52-1_all.deb) ...<br />
Selecting previously deselected package libhtml-tagset-perl.<br />
Unpacking libhtml-tagset-perl (from .../libhtml-tagset-perl_3.20-2_all.deb) ...<br />
Selecting previously deselected package libhtml-parser-perl.<br />
Unpacking libhtml-parser-perl (from .../libhtml-parser-perl_3.64-1_amd64.deb) ...<br />
Selecting previously deselected package libhtml-tree-perl.<br />
Unpacking libhtml-tree-perl (from .../libhtml-tree-perl_3.23-1_all.deb) ...<br />
Selecting previously deselected package libhtml-format-perl.<br />
Unpacking libhtml-format-perl (from .../libhtml-format-perl_2.04-2_all.deb) ...<br />
Selecting previously deselected package libmailtools-perl.<br />
Unpacking libmailtools-perl (from .../libmailtools-perl_2.05-1_all.deb) ...<br />
Selecting previously deselected package libwww-perl.<br />
Unpacking libwww-perl (from .../libwww-perl_5.834-1ubuntu0.1_all.deb) ...<br />
Selecting previously deselected package binutils.<br />
Unpacking binutils (from .../binutils_2.20.1-3ubuntu7.1_amd64.deb) ...<br />
Selecting previously deselected package libgomp1.<br />
Unpacking libgomp1 (from .../libgomp1_4.4.3-4ubuntu5_amd64.deb) ...<br />
Selecting previously deselected package gcc-4.4.<br />
Unpacking gcc-4.4 (from .../gcc-4.4_4.4.3-4ubuntu5_amd64.deb) ...<br />
Selecting previously deselected package gcc.<br />
Unpacking gcc (from .../gcc_4%3a4.4.3-1ubuntu1_amd64.deb) ...<br />
Selecting previously deselected package libc-dev-bin.<br />
Unpacking libc-dev-bin (from .../libc-dev-bin_2.11.1-0ubuntu7.8_amd64.deb) ...<br />
Selecting previously deselected package linux-libc-dev.<br />
Unpacking linux-libc-dev (from .../linux-libc-dev_2.6.32-33.72_amd64.deb) ...<br />
Selecting previously deselected package libc6-dev.<br />
Unpacking libc6-dev (from .../libc6-dev_2.11.1-0ubuntu7.8_amd64.deb) ...<br />
Selecting previously deselected package libdigest-sha1-perl.<br />
Unpacking libdigest-sha1-perl (from .../libdigest-sha1-perl_2.12-1build1_amd64.deb) ...<br />
Selecting previously deselected package libdigest-hmac-perl.<br />
Unpacking libdigest-hmac-perl (from .../libdigest-hmac-perl_1.01-7_all.deb) ...<br />
Selecting previously deselected package liberror-perl.<br />
Unpacking liberror-perl (from .../liberror-perl_0.17-1_all.deb) ...<br />
Selecting previously deselected package libsocket6-perl.<br />
Unpacking libsocket6-perl (from .../libsocket6-perl_0.23-1_amd64.deb) ...<br />
Selecting previously deselected package libio-socket-inet6-perl.<br />
Unpacking libio-socket-inet6-perl (from .../libio-socket-inet6-perl_2.54-1.1_all.deb) ...<br />
Selecting previously deselected package libnetaddr-ip-perl.<br />
Unpacking libnetaddr-ip-perl (from .../libnetaddr-ip-perl_4.024+dfsg-1build1_amd64.deb) ...<br />
Selecting previously deselected package libnet-ip-perl.<br />
Unpacking libnet-ip-perl (from .../libnet-ip-perl_1.25-2_all.deb) ...<br />
Selecting previously deselected package libnet-dns-perl.<br />
Unpacking libnet-dns-perl (from .../libnet-dns-perl_0.65-1build1_amd64.deb) ...<br />
Selecting previously deselected package libmail-spf-perl.<br />
Unpacking libmail-spf-perl (from .../libmail-spf-perl_2.007-1_all.deb) ...<br />
Selecting previously deselected package libsys-hostname-long-perl.<br />
Unpacking libsys-hostname-long-perl (from .../libsys-hostname-long-perl_1.4-2_all.deb) ...<br />
Selecting previously deselected package manpages-dev.<br />
Unpacking manpages-dev (from .../manpages-dev_3.23-1_all.deb) ...<br />
Selecting previously deselected package re2c.<br />
Unpacking re2c (from .../re2c_0.13.5-1build1_amd64.deb) ...<br />
Selecting previously deselected package spamassassin.<br />
Unpacking spamassassin (from .../spamassassin_3.3.1-1_all.deb) ...<br />
Selecting previously deselected package spamc.<br />
Unpacking spamc (from .../spamc_3.3.1-1_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Processing triggers for ureadahead ...<br />
Setting up libfont-afm-perl (1.20-1) ...<br />
Setting up liburi-perl (1.52-1) ...<br />
Setting up libhtml-tagset-perl (3.20-2) ...<br />
Setting up libhtml-parser-perl (3.64-1) ...<br />
Setting up libhtml-tree-perl (3.23-1) ...<br />
Setting up libhtml-format-perl (2.04-2) ...<br />
Setting up libmailtools-perl (2.05-1) ...<br />
Setting up libwww-perl (5.834-1ubuntu0.1) ...<br />
Setting up binutils (2.20.1-3ubuntu7.1) ...<br />
<br />
Setting up libgomp1 (4.4.3-4ubuntu5) ... <br />
<br />
Setting up gcc-4.4 (4.4.3-4ubuntu5) ...<br />
Setting up gcc (4:4.4.3-1ubuntu1) ... <br />
<br />
Setting up libc-dev-bin (2.11.1-0ubuntu7.8) ...<br />
Setting up linux-libc-dev (2.6.32-33.72) ...<br />
Setting up libc6-dev (2.11.1-0ubuntu7.8) ...<br />
Setting up libdigest-sha1-perl (2.12-1build1) ...<br />
Setting up libdigest-hmac-perl (1.01-7) ...<br />
Setting up liberror-perl (0.17-1) ...<br />
Setting up libsocket6-perl (0.23-1) ... <br />
<br />
Setting up libio-socket-inet6-perl (2.54-1.1) ...<br />
Setting up libnetaddr-ip-perl (4.024+dfsg-1build1) ...<br />
Setting up libnet-ip-perl (1.25-2) ...<br />
Setting up libnet-dns-perl (0.65-1build1) ...<br />
Setting up libmail-spf-perl (2.007-1) ...<br />
Setting up libsys-hostname-long-perl (1.4-2) ...<br />
Setting up manpages-dev (3.23-1) ...<br />
Setting up re2c (0.13.5-1build1) ...<br />
Setting up spamassassin (3.3.1-1) ...<br />
SpamAssassin Mail Filter Daemon: disabled, see /etc/default/spamassassin <br />
<br />
Setting up spamc (3.3.1-1) ...<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
Committing to: /etc/<br />
added mail<br />
added spamassassin<br />
added alternatives/c89<br />
added alternatives/c89.1.gz<br />
added alternatives/c99<br />
added alternatives/c99.1.gz<br />
added alternatives/cc<br />
added alternatives/cc.1.gz<br />
added cron.daily/spamassassin<br />
added default/spamassassin<br />
added init.d/spamassassin<br />
added mail/spamassassin<br />
added rc0.d/K21spamassassin<br />
added rc1.d/K21spamassassin<br />
added rc2.d/S19spamassassin<br />
added rc3.d/S19spamassassin<br />
added rc4.d/S19spamassassin<br />
added rc5.d/S19spamassassin<br />
added rc6.d/K21spamassassin<br />
added spamassassin/65_debian.cf<br />
added spamassassin/init.pre<br />
added spamassassin/local.cf<br />
added spamassassin/sa-update-hooks.d<br />
added spamassassin/v310.pre<br />
added spamassassin/v312.pre<br />
added spamassassin/v320.pre<br />
added spamassassin/v330.pre<br />
Committed revision 73.<br />
<br />
root@charity:~# groupadd spamd<br />
root@charity:~# useradd -g spamd -s /bin/false -d /var/log/spamassassin spamd<br />
root@charity:~# mkdir /var/log/spamassassin<br />
root@charity:~# chown spamd:spamd /var/log/spamassassin<br />
<br />
root@charity:~# vim /etc/default/spamassassin<br />
root@charity:~# cat /etc/default/spamassassin<br />
# /etc/default/spamassassin<br />
# Duncan Findlay<br />
<br />
# WARNING: please read README.spamd before using.<br />
# There may be security risks.<br />
<br />
# Change to one to enable spamd<br />
ENABLED=1<br />
<br />
<br />
# JE: 2011-08-21: http://townx.org/blog/elliot/simple_spamassassin_setup_with_postfix_and_dovecot_on_ubuntu_breezy<br />
<br />
SAHOME="/var/log/spamassassin/"<br />
<br />
<br />
<br />
# Options<br />
# See man spamd for possible options. The -d option is automatically added. <br />
<br />
# SpamAssassin uses a preforking model, so be careful! You need to<br />
# make sure --max-children is not set to anything higher than 5,<br />
# unless you know what you're doing.<br />
<br />
#OPTIONS="--create-prefs --max-children 5 --helper-home-dir"<br />
<br />
OPTIONS="--create-prefs --max-children 2 --username spamd -H ${SAHOME} -s ${SAHOME}spamd.log"<br />
<br />
<br />
# Pid file<br />
# Where should spamd write its PID to file? If you use the -u or<br />
# --username option above, this needs to be writable by that user.<br />
# Otherwise, the init script will not be able to shut spamd down.<br />
PIDFILE="/var/run/spamd.pid"<br />
<br />
# Set nice level of spamd<br />
#NICE="--nicelevel 15"<br />
<br />
# Cronjob<br />
# Set to anything but 0 to enable the cron job to automatically update<br />
# spamassassin's rules on a nightly basis<br />
CRON=0<br />
<br />
root@charity:~# /etc/init.d/spamassassin start<br />
Starting SpamAssassin Mail Filter Daemon: spamd.<br />
<br />
root@charity:~# vim /etc/postfix/master.cf<br />
root@charity:~# cat /etc/postfix/master.cf<br />
#<br />
# Postfix master process configuration file. For details on the format<br />
# of the file, see the master(5) manual page (command: "man 5 master").<br />
#<br />
# Do not forget to execute "postfix reload" after editing this file.<br />
#<br />
# ==========================================================================<br />
# service type private unpriv chroot wakeup maxproc command + args<br />
# (yes) (yes) (yes) (never) (100)<br />
# ==========================================================================<br />
smtp inet n - - - - smtpd<br />
-o content_filter=spamassassin<br />
#submission inet n - - - - smtpd<br />
# -o smtpd_tls_security_level=encrypt<br />
# -o smtpd_sasl_auth_enable=yes<br />
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject<br />
# -o milter_macro_daemon_name=ORIGINATING<br />
#smtps inet n - - - - smtpd<br />
# -o smtpd_tls_wrappermode=yes<br />
# -o smtpd_sasl_auth_enable=yes<br />
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject<br />
# -o milter_macro_daemon_name=ORIGINATING<br />
#628 inet n - - - - qmqpd<br />
pickup fifo n - - 60 1 pickup<br />
cleanup unix n - - - 0 cleanup<br />
qmgr fifo n - n 300 1 qmgr<br />
#qmgr fifo n - - 300 1 oqmgr<br />
tlsmgr unix - - - 1000? 1 tlsmgr<br />
rewrite unix - - - - - trivial-rewrite<br />
bounce unix - - - - 0 bounce<br />
defer unix - - - - 0 bounce<br />
trace unix - - - - 0 bounce<br />
verify unix - - - - 1 verify<br />
flush unix n - - 1000? 0 flush<br />
proxymap unix - - n - - proxymap<br />
proxywrite unix - - n - 1 proxymap<br />
smtp unix - - - - - smtp<br />
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops<br />
relay unix - - - - - smtp<br />
-o smtp_fallback_relay=<br />
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5<br />
showq unix n - - - - showq<br />
error unix - - - - - error<br />
retry unix - - - - - error<br />
discard unix - - - - - discard<br />
local unix - n n - - local<br />
virtual unix - n n - - virtual<br />
lmtp unix - - - - - lmtp<br />
anvil unix - - - - 1 anvil<br />
scache unix - - - - 1 scache<br />
#<br />
# ====================================================================<br />
# Interfaces to non-Postfix software. Be sure to examine the manual<br />
# pages of the non-Postfix software to find out what options it wants.<br />
#<br />
# Many of the following services use the Postfix pipe(8) delivery<br />
# agent. See the pipe(8) man page for information about ${recipient}<br />
# and other message envelope options.<br />
# ====================================================================<br />
#<br />
# maildrop. See the Postfix MAILDROP_README file for details.<br />
# Also specify in main.cf: maildrop_destination_recipient_limit=1<br />
#<br />
maildrop unix - n n - - pipe<br />
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}<br />
#<br />
# ====================================================================<br />
#<br />
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.<br />
#<br />
# Specify in cyrus.conf:<br />
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4<br />
# <br />
# Specify in main.cf one or more of the following:<br />
# mailbox_transport = lmtp:inet:localhost<br />
# virtual_transport = lmtp:inet:localhost<br />
#<br />
# ====================================================================<br />
#<br />
# Cyrus 2.1.5 (Amos Gouaux)<br />
# Also specify in main.cf: cyrus_destination_recipient_limit=1<br />
#<br />
#cyrus unix - n n - - pipe<br />
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}<br />
#<br />
# ====================================================================<br />
# Old example of delivery via Cyrus.<br />
#<br />
#old-cyrus unix - n n - - pipe<br />
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}<br />
#<br />
# ====================================================================<br />
#<br />
# See the Postfix UUCP_README file for configuration details.<br />
#<br />
uucp unix - n n - - pipe<br />
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)<br />
#<br />
# Other external delivery methods.<br />
#<br />
ifmail unix - n n - - pipe<br />
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)<br />
bsmtp unix - n n - - pipe<br />
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient<br />
scalemail-backend unix - n n - 2 pipe<br />
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}<br />
mailman unix - n n - - pipe<br />
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py<br />
${nexthop} ${user}<br />
<br />
# JE: 2011-08-21: http://townx.org/blog/elliot/simple_spamassassin_setup_with_postfix_and_dovecot_on_ubuntu_breezy <br />
<br />
spamassassin unix - n n - - pipe<br />
user=spamd argv=/usr/bin/spamc -e<br />
/usr/sbin/sendmail -oi -f $(sender) $(recipient)<br />
<br />
root@charity:~# /etc/init.d/postfix reload<br />
* Reloading Postfix configuration... [ OK ]<br />
<br />
Following [http://www.jamesh.id.au/articles/mailman-spamassassin/ these instructions] I edited /etc/mailman/mm_cfg.py to uncomment the following line:<br />
<br />
GLOBAL_PIPELINE.insert(1, 'SpamAssassin')<br />
<br />
root@charity:~# userdel spamd<br />
root@charity:~# groupdel spamd<br />
groupdel: group 'spamd' does not exist<br />
root@charity:~# groupadd -g 50001 spamd<br />
root@charity:~# useradd -u 50001 -g spamd -s /sbin/nologin -d /var/lib/spamassassin spamd<br />
root@charity:~# mkdir /var/lib/spamassassin<br />
root@charity:~# chown spamd:spamd /var/lib/spamassassin<br />
<br />
Having trouble... trying [http://wiki.apache.org/spamassassin/IntegratePostfixViaSpampd these instructions] to use spampd.<br />
<br />
jj5@charity:~$ sudo -s<br />
[sudo] password for jj5:<br />
root@charity:~# vim /etc/aliases<br />
<br />
root@charity:~# newaliases<br />
root@charity:~# vim /etc/postfix/master.cf<br />
root@charity:~# vim /etc/postfix/main.cf<br />
root@charity:~# apt-get install spampd<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
libio-multiplex-perl libnet-cidr-perl libnet-server-perl<br />
Suggested packages:<br />
libio-socket-ssl-perl<br />
The following NEW packages will be installed:<br />
libio-multiplex-perl libnet-cidr-perl libnet-server-perl spampd<br />
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 234kB of archives.<br />
After this operation, 860kB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libio-multiplex-perl 1.10-1 [22.9kB]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main libnet-cidr-perl 0.13-1 [14.6kB]<br />
Get:3 http://archive.ubuntu.com/ubuntu/ lucid/main libnet-server-perl 0.97-1ubuntu1 [141kB]<br />
Get:4 http://archive.ubuntu.com/ubuntu/ lucid/universe spampd 2.30-22 [55.6kB]<br />
Fetched 234kB in 0s (237kB/s)<br />
Committing to: /etc/<br />
modified .etckeeper<br />
modified aliases<br />
modified aliases.db<br />
modified group<br />
modified group-<br />
modified gshadow<br />
modified gshadow-<br />
modified passwd<br />
modified passwd-<br />
modified shadow<br />
modified shadow-<br />
modified default/spamassassin<br />
modified mailman/mm_cfg.py<br />
modified postfix/main.cf<br />
modified postfix/master.cf<br />
missing postfix/mysql-domains.cf<br />
modified postfix/mysql-domains.cf<br />
missing postfix/mysql-email.cf<br />
modified postfix/mysql-email.cf<br />
missing postfix/mysql-forwards.cf<br />
modified postfix/mysql-forwards.cf<br />
missing postfix/mysql-mailboxes.cf<br />
modified postfix/mysql-mailboxes.cf<br />
added postfix/old<br />
added postfix/old/mysql-domains.cf<br />
added postfix/old/mysql-email.cf<br />
added postfix/old/mysql-forwards.cf<br />
added postfix/old/mysql-mailboxes.cf<br />
modified spamassassin/local.cf<br />
Committed revision 74.<br />
Selecting previously deselected package libio-multiplex-perl.<br />
(Reading database ... 29433 files and directories currently installed.)<br />
Unpacking libio-multiplex-perl (from .../libio-multiplex-perl_1.10-1_all.deb) ...<br />
Selecting previously deselected package libnet-cidr-perl.<br />
Unpacking libnet-cidr-perl (from .../libnet-cidr-perl_0.13-1_all.deb) ...<br />
Selecting previously deselected package libnet-server-perl.<br />
Unpacking libnet-server-perl (from .../libnet-server-perl_0.97-1ubuntu1_all.deb) ...<br />
Selecting previously deselected package spampd.<br />
Unpacking spampd (from .../spampd_2.30-22_all.deb) ...<br />
Processing triggers for man-db ...<br />
Processing triggers for ureadahead ...<br />
Setting up libio-multiplex-perl (1.10-1) ...<br />
Setting up libnet-cidr-perl (0.13-1) ...<br />
Setting up libnet-server-perl (0.97-1ubuntu1) ...<br />
Setting up spampd (2.30-22) ...<br />
* Starting spam checking proxy daemon spampd [ OK ]<br />
<br />
Committing to: /etc/<br />
modified .etckeeper<br />
modified group<br />
modified group-<br />
modified gshadow<br />
modified gshadow-<br />
modified passwd<br />
modified passwd-<br />
modified shadow<br />
modified shadow-<br />
added spampd.conf<br />
added default/spampd<br />
added init.d/spampd<br />
added rc0.d/K20spampd<br />
added rc1.d/K20spampd<br />
added rc2.d/S20spampd<br />
added rc3.d/S20spampd<br />
added rc4.d/S20spampd<br />
added rc5.d/S20spampd<br />
added rc6.d/K20spampd<br />
Committed revision 75.<br />
<br />
root@charity:~# vim /etc/postfix/spamheadercheck<br />
root@charity:~# cat /etc/postfix/spamheadercheck<br />
/^X-Spam-Status: Yes/ FILTER spamtnsp:local<br />
<br />
root@charity:~# vim /etc/postfix/spamalias<br />
root@charity:~# cat /etc/postfix/spamalias<br />
jj5: spamd<br />
<br />
= [[User:John|John]] 2011-08-19 21:41 =<br />
<br />
== Installing Mailman ==<br />
<br />
Following [https://help.ubuntu.com/community/Mailman these instructions].<br />
<br />
jj5@charity:~/bin/pcrepo/hooks$ sudo -s<br />
[sudo] password for jj5:<br />
root@charity:~/bin/pcrepo/hooks# apt-get install mailman<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
pwgen<br />
Suggested packages:<br />
spamassassin lynx listadmin<br />
The following NEW packages will be installed:<br />
mailman pwgen<br />
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 9,699kB of archives.<br />
After this operation, 45.0MB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
<br />
Package configuration<br />
<br />
<br />
âââââââââââââââââââââââââââ⤠Configuring mailman âââââââââââââââââââââââââââ<br />
â â<br />
â For each supported language, Mailman stores default language specific â<br />
â texts in /etc/mailman/LANG/ giving them conffile like treatment with the â<br />
â help of ucf. This means approximately 150kB for each supported language â<br />
â on the root file system. â<br />
â â<br />
â If you need a different set of languages at a later time, just run â<br />
â dpkg-reconfigure mailman. â<br />
â â<br />
â NOTE: Languages enabled on existing mailing lists are forcibly â<br />
â re-enabled when deselected and mailman needs at least one language for â<br />
â displaying its messages. â<br />
â â<br />
â <Ok> â<br />
â â<br />
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ<br />
<br />
Package configuration<br />
<br />
âââââââââ⤠Configuring mailman ââââââââââ<br />
â Languages to support: â<br />
â â<br />
â [ ] ar (Arabic) â<br />
â [ ] ca (Catalan) â<br />
â [ ] cs (Czech) â<br />
â [ ] da (Danish) â<br />
â [ ] de (German) â<br />
â [*] en (English) â<br />
â [ ] es (Spanish) â<br />
â [ ] et (Estonian) â<br />
â [ ] eu (Basque) â<br />
â [ ] fi (Finnish) â<br />
â [ ] fr (French) â<br />
â [ ] hr (Croatian) â<br />
â â<br />
â â<br />
â <Ok> â<br />
â â<br />
âââââââââââââââââââââââââââââââââââââââââ<br />
<br />
Package configuration<br />
<br />
<br />
<br />
ââââââââââââââââââââââââââ⤠Configuring mailman ââââââââââââââââââââââââââââ<br />
â â<br />
â Missing site list â<br />
â â<br />
â Mailman needs a so-called "site list", which is the list from which â<br />
â password reminders and such are sent out from. This list needs to be â<br />
â created before mailman will start. â<br />
â â<br />
â To create the list, run "newlist mailman" and follow the instructions â<br />
â on-screen. Note that you also need to start mailman after that, using â<br />
â /etc/init.d/mailman start. â<br />
â â<br />
â <Ok> â<br />
â â<br />
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ<br />
<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main pwgen 2.06-1ubuntu2 [21.7kB]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid-updates/main mailman 1:2.1.13-1ubuntu0.2 [9,677kB]<br />
Fetched 9,699kB in 3s (2,449kB/s)<br />
Committing to: /etc/<br />
modified .etckeeper<br />
modified apache2/sites-available/default-ssl<br />
modified courier/imapd-ssl<br />
modified courier/pop3d-ssl<br />
modified postfix/main.cf<br />
Committed revision 69.<br />
Preconfiguring packages ...<br />
Selecting previously deselected package pwgen.<br />
(Reading database ... 21355 files and directories currently installed.)<br />
Unpacking pwgen (from .../pwgen_2.06-1ubuntu2_amd64.deb) ...<br />
Selecting previously deselected package mailman.<br />
Unpacking mailman (from .../mailman_1%3a2.1.13-1ubuntu0.2_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Processing triggers for ureadahead ...<br />
Setting up pwgen (2.06-1ubuntu2) ...<br />
Setting up mailman (1:2.1.13-1ubuntu0.2) ...<br />
Looking for enabled languages (this may take some time) ... done.<br />
Installing site language en ............................................ done.<br />
Configuring mailman for domain progclub.org ...<br />
Upgrading from version 0x0 to 0x2010df0<br />
getting rid of old source files<br />
* Site list for mailman missing (looking for list named 'mailman').<br />
* Please create it; until then, mailman will refuse to start.<br />
<br />
Committing to: /etc/<br />
modified .etckeeper<br />
added mailman<br />
added cron.d/mailman<br />
added init.d/mailman<br />
added logrotate.d/mailman<br />
added mailman/apache.conf<br />
added mailman/en<br />
added mailman/leftover<br />
added mailman/mm_cfg.py<br />
added mailman/postfix-to-mailman.py<br />
added mailman/qmail-to-mailman.py<br />
added mailman/en/admindbdetails.html<br />
added mailman/en/admindbpreamble.html<br />
added mailman/en/admindbsummary.html<br />
added mailman/en/adminsubscribeack.txt<br />
added mailman/en/adminunsubscribeack.txt<br />
added mailman/en/admlogin.html<br />
added mailman/en/approve.txt<br />
added mailman/en/archidxentry.html<br />
added mailman/en/archidxfoot.html<br />
added mailman/en/archidxhead.html<br />
added mailman/en/archlistend.html<br />
added mailman/en/archliststart.html<br />
added mailman/en/archtoc.html<br />
added mailman/en/archtocentry.html<br />
added mailman/en/archtocnombox.html<br />
added mailman/en/article.html<br />
added mailman/en/bounce.txt<br />
added mailman/en/checkdbs.txt<br />
added mailman/en/convert.txt<br />
added mailman/en/cronpass.txt<br />
added mailman/en/disabled.txt<br />
added mailman/en/emptyarchive.html<br />
added mailman/en/headfoot.html<br />
added mailman/en/help.txt<br />
added mailman/en/invite.txt<br />
added mailman/en/listinfo.html<br />
added mailman/en/masthead.txt<br />
added mailman/en/newlist.txt<br />
added mailman/en/nomoretoday.txt<br />
added mailman/en/options.html<br />
added mailman/en/postack.txt<br />
added mailman/en/postauth.txt<br />
added mailman/en/postheld.txt<br />
added mailman/en/private.html<br />
added mailman/en/probe.txt<br />
added mailman/en/refuse.txt<br />
added mailman/en/roster.html<br />
added mailman/en/subauth.txt<br />
added mailman/en/subscribe.html<br />
added mailman/en/subscribeack.txt<br />
added mailman/en/unsub.txt<br />
added mailman/en/unsubauth.txt<br />
added mailman/en/userpass.txt<br />
added mailman/en/verify.txt<br />
added rc1.d/K20mailman<br />
added rc2.d/S20mailman<br />
added rc3.d/S20mailman<br />
added rc4.d/S20mailman<br />
added rc5.d/S20mailman<br />
Committed revision 70.<br />
<br />
root@charity:~/bin/pcrepo/hooks# newlist mailman<br />
Enter the email of the person running the list: jj5@progclub.org<br />
Initial mailman password:<br />
To finish creating your mailing list, you must edit your /etc/aliases (or<br />
equivalent) file by adding the following lines, and possibly running the<br />
`newaliases' program:<br />
<br />
## mailman mailing list<br />
mailman: "|/var/lib/mailman/mail/mailman post mailman"<br />
mailman-admin: "|/var/lib/mailman/mail/mailman admin mailman"<br />
mailman-bounces: "|/var/lib/mailman/mail/mailman bounces mailman"<br />
mailman-confirm: "|/var/lib/mailman/mail/mailman confirm mailman"<br />
mailman-join: "|/var/lib/mailman/mail/mailman join mailman"<br />
mailman-leave: "|/var/lib/mailman/mail/mailman leave mailman"<br />
mailman-owner: "|/var/lib/mailman/mail/mailman owner mailman"<br />
mailman-request: "|/var/lib/mailman/mail/mailman request mailman"<br />
mailman-subscribe: "|/var/lib/mailman/mail/mailman subscribe mailman"<br />
mailman-unsubscribe: "|/var/lib/mailman/mail/mailman unsubscribe mailman"<br />
<br />
Hit enter to notify mailman owner...<br />
<br />
= [[User:John|John]] 2011-08-19 18:34 =<br />
<br />
== Configuring SSL certificate ==<br />
<br />
In /etc/postfix/main.cf:<br />
<br />
smtpd_tls_cert_file = /home/apache/certs/progclub.org.crt<br />
smtpd_tls_key_file = /home/apache/certs/progclub.key<br />
<br />
Had to create .pem file with:<br />
<br />
# cd /home/apache/certs<br />
# cat progclub.org.crt progclub.key > progclub.org.pem<br />
# chmod o= progclub.org.pem<br />
<br />
In /etc/courier/imapd-ssl:<br />
<br />
TLS_CERTFILE=/home/apache/certs/progclub.org.pem<br />
TLS_TRUSTCERTS=/home/apache/certs/gd_bundle.crt<br />
<br />
In /etc/courier/pop3d-ssl:<br />
<br />
TLS_CERTFILE=/home/apache/certs/progclub.org.pem<br />
TLS_TRUSTCERTS=/home/apache/certs/gd_bundle.crt<br />
<br />
Had to restart postfix with:<br />
<br />
# postfix reload<br />
<br />
And restart courier with jj5-bin [http://www.progclub.org/pcrepo/jj5-bin/trunk/restart-courier?view=markup restart-courier] script:<br />
<br />
$ restart-courier<br />
<br />
= [[User:John|John]] 2011-08-19 01:48 =<br />
<br />
== Installing PHP mail ==<br />
<br />
root@charity:~# apt-cache search php mail | less<br />
root@charity:~# apt-get install php-mail<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
php-net-smtp php-net-socket php-pear php5-cli<br />
Suggested packages:<br />
php5-dev<br />
The following NEW packages will be installed:<br />
php-mail php-net-smtp php-net-socket php-pear php5-cli<br />
0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 3,310kB of archives.<br />
After this operation, 11.0MB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid-updates/main php5-cli 5.3.2-1ubuntu4.9 [2,907kB]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid-updates/main php-pear 5.3.2-1ubuntu4.9 [355kB]<br />
Get:3 http://archive.ubuntu.com/ubuntu/ lucid/universe php-mail 1.1.14-2 [23.2kB]<br />
Get:4 http://archive.ubuntu.com/ubuntu/ lucid/universe php-net-socket 1.0.9-2 [9,098B]<br />
Get:5 http://archive.ubuntu.com/ubuntu/ lucid/universe php-net-smtp 1.3.1-1 [16.0kB]<br />
Fetched 3,310kB in 1s (1,853kB/s)<br />
Committing to: /etc/<br />
modified .etckeeper<br />
added pcrepo-mailer.conf<br />
modified courier/authmysqlrc<br />
modified pam.d/smtp<br />
modified postfix/main.cf<br />
added postfix/sql<br />
modified postfix/sasl/smtpd.conf<br />
added postfix/sasl/smtpd.conf.bak-2011-08-19-0104<br />
added postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf<br />
added postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf<br />
added postfix/sql/mysql_virtual_alias_domain_maps.cf<br />
added postfix/sql/mysql_virtual_alias_maps.cf<br />
added postfix/sql/mysql_virtual_domains_maps.cf<br />
added postfix/sql/mysql_virtual_mailbox_limit_maps.cf<br />
added postfix/sql/mysql_virtual_mailbox_maps.cf<br />
Committed revision 67.<br />
Selecting previously deselected package php5-cli.<br />
(Reading database ... 21114 files and directories currently installed.)<br />
Unpacking php5-cli (from .../php5-cli_5.3.2-1ubuntu4.9_amd64.deb) ...<br />
Selecting previously deselected package php-pear.<br />
Unpacking php-pear (from .../php-pear_5.3.2-1ubuntu4.9_all.deb) ...<br />
Selecting previously deselected package php-mail.<br />
Unpacking php-mail (from .../php-mail_1.1.14-2_all.deb) ...<br />
Selecting previously deselected package php-net-socket.<br />
Unpacking php-net-socket (from .../php-net-socket_1.0.9-2_all.deb) ...<br />
Selecting previously deselected package php-net-smtp.<br />
Unpacking php-net-smtp (from .../php-net-smtp_1.3.1-1_all.deb) ...<br />
Processing triggers for man-db ...<br />
Setting up php5-cli (5.3.2-1ubuntu4.9) ...<br />
<br />
Creating config file /etc/php5/cli/php.ini with new version<br />
update-alternatives: using /usr/bin/php5 to provide /usr/bin/php (php) in auto mode.<br />
<br />
Setting up php-pear (5.3.2-1ubuntu4.9) ...<br />
Setting up php-mail (1.1.14-2) ...<br />
Setting up php-net-socket (1.0.9-2) ...<br />
Setting up php-net-smtp (1.3.1-1) ...<br />
Committing to: /etc/<br />
added pear<br />
added alternatives/php<br />
added alternatives/php.1.gz<br />
added pear/pear.conf<br />
added php5/cli<br />
added php5/cli/conf.d<br />
added php5/cli/php.ini<br />
Committed revision 68.<br />
<br />
= [[User:John|John]] 2011-08-18 19:05 =<br />
<br />
== Installing postfixadmin ==<br />
<br />
root@charity:/var/log# apt-get install php5-imap<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
libc-client2007e mlock<br />
Suggested packages:<br />
uw-mailutils<br />
The following NEW packages will be installed:<br />
libc-client2007e mlock php5-imap<br />
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 810kB of archives.<br />
After this operation, 1,810kB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/universe mlock 8:2007e~dfsg-3.1 [34.6kB]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/universe libc-client2007e 8:2007e~dfsg-3.1 [734kB]<br />
Get:3 http://archive.ubuntu.com/ubuntu/ lucid/universe php5-imap 5.3.2-0ubuntu2 [41.2kB]<br />
Fetched 810kB in 1s (624kB/s)<br />
Committing to: /etc/<br />
modified iptables.up.rules<br />
modified courier/authdaemonrc<br />
modified courier/authmysqlrc<br />
modified mysql/my.cnf<br />
Committed revision 65.<br />
Selecting previously deselected package mlock.<br />
(Reading database ... 20755 files and directories currently installed.)<br />
Unpacking mlock (from .../mlock_8%3a2007e~dfsg-3.1_amd64.deb) ...<br />
Selecting previously deselected package libc-client2007e.<br />
Unpacking libc-client2007e (from .../libc-client2007e_8%3a2007e~dfsg-3.1_amd64.deb) ...<br />
Selecting previously deselected package php5-imap.<br />
Unpacking php5-imap (from .../php5-imap_5.3.2-0ubuntu2_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Processing triggers for libapache2-mod-php5 ...<br />
* Reloading web server config apache2 [ OK ]<br />
Setting up mlock (8:2007e~dfsg-3.1) ...<br />
Setting up libc-client2007e (8:2007e~dfsg-3.1) ...<br />
<br />
Setting up php5-imap (5.3.2-0ubuntu2) ...<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
Committing to: /etc/<br />
added php5/conf.d/imap.ini<br />
Committed revision 66.<br />
root@charity:/var/log#<br />
<br />
jj5@charity:~$ mysql -u root -p<br />
Enter password:<br />
Welcome to the MySQL monitor. Commands end with ; or \g.<br />
Your MySQL connection id is 152<br />
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)<br />
<br />
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.<br />
<br />
mysql> grant all on pcmaildb.* to pcmail@localhost;<br />
Query OK, 0 rows affected (0.00 sec)<br />
<br />
mysql> flush priviliges;<br />
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'priviliges' at line 1<br />
mysql> flush privileges;<br />
Query OK, 0 rows affected (0.00 sec)<br />
<br />
jj5@charity:~$ release pcmail "Releasing stock Postfix Admin 2.3.3"<br />
Releasing pcmail<br />
Checking availability of release: https://www.progclub.org/svn/pcrepo/pcmail/tags/release/2011/08/18/01<br />
<br />
Committed revision 326.<br />
svn: URL 'latest' does not exist<br />
<br />
Committed revision 327.<br />
<br />
= [[User:John|John]] 2011-08-18 16:24 =<br />
<br />
== Configuring email ==<br />
<br />
Following [http://articles.slicehost.com/email these instructions].<br />
<br />
root@charity:~/bin# hostname -f<br />
charity.progclub.org<br />
<br />
root@charity:~/bin# ifconfig<br />
eth0 Link encap:Ethernet HWaddr 40:40:b3:fc:05:28<br />
inet addr:67.207.128.184 Bcast:67.207.128.255 Mask:255.255.255.0<br />
inet6 addr: fe80::4240:b3ff:fefc:528/64 Scope:Link<br />
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br />
RX packets:71245 errors:0 dropped:0 overruns:0 frame:0<br />
TX packets:54383 errors:0 dropped:0 overruns:0 carrier:0<br />
collisions:0 txqueuelen:1000<br />
RX bytes:10572039 (10.5 MB) TX bytes:49196127 (49.1 MB)<br />
Interrupt:24<br />
<br />
eth1 Link encap:Ethernet HWaddr 40:40:8d:45:53:e9<br />
inet addr:172.19.1.45 Bcast:172.19.255.255 Mask:255.255.0.0<br />
inet6 addr: fe80::4240:8dff:fe45:53e9/64 Scope:Link<br />
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br />
RX packets:1038 errors:0 dropped:0 overruns:0 frame:0<br />
TX packets:897 errors:0 dropped:0 overruns:0 carrier:0<br />
collisions:0 txqueuelen:1000<br />
RX bytes:153708 (153.7 KB) TX bytes:194246 (194.2 KB)<br />
Interrupt:25<br />
<br />
lo Link encap:Local Loopback<br />
inet addr:127.0.0.1 Mask:255.0.0.0<br />
inet6 addr: ::1/128 Scope:Host<br />
UP LOOPBACK RUNNING MTU:16436 Metric:1<br />
RX packets:3307 errors:0 dropped:0 overruns:0 frame:0<br />
TX packets:3307 errors:0 dropped:0 overruns:0 carrier:0<br />
collisions:0 txqueuelen:0<br />
RX bytes:479108 (479.1 KB) TX bytes:479108 (479.1 KB)<br />
<br />
root@charity:~/bin# dig -x 67.207.128.184<br />
<br />
; <<>> DiG 9.7.0-P1 <<>> -x 67.207.128.184<br />
;; global options: +cmd<br />
;; Got answer:<br />
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31526<br />
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2<br />
<br />
;; QUESTION SECTION:<br />
;184.128.207.67.in-addr.arpa. IN PTR<br />
<br />
;; ANSWER SECTION:<br />
184.128.207.67.in-addr.arpa. 86400 IN PTR charity.progclub.org.<br />
<br />
;; AUTHORITY SECTION:<br />
128.207.67.in-addr.arpa. 25951 IN NS NS2.SLICEHOST.NET.<br />
128.207.67.in-addr.arpa. 25951 IN NS NS1.SLICEHOST.NET.<br />
<br />
;; ADDITIONAL SECTION:<br />
NS1.SLICEHOST.NET. 1811 IN A 67.23.4.57<br />
NS2.SLICEHOST.NET. 2443 IN A 173.45.224.132<br />
<br />
;; Query time: 11 msec<br />
;; SERVER: 67.207.128.4#53(67.207.128.4)<br />
;; WHEN: Thu Aug 18 06:39:10 2011<br />
;; MSG SIZE rcvd: 160<br />
<br />
root@charity:~/bin# groupadd -g 50000 vmail<br />
<br />
root@charity:~/bin# useradd -s /usr/sbin/nologin -g vmail -u 50000 vmail -d /home/vmail -m<br />
<br />
root@charity:~/bin# aptitude install postfix postfix-mysql mysql-server postfix-tls libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl telnet mailx<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
Initializing package states... Done<br />
Writing extended state information... Done<br />
"mailx" is a virtual package provided by:<br />
mailutils heirloom-mailx bsd-mailx<br />
You must choose one to install.<br />
The following NEW packages will be installed:<br />
db4.8-util{a} libpam-mysql libpq5{a} libsasl2-modules-sql libsqlite0{a}<br />
postfix postfix-mysql sasl2-bin telnet<br />
0 packages upgraded, 9 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 2,213kB of archives. After unpacking 6,250kB will be used.<br />
Do you want to continue? [Y/n/?]<br />
<br />
Package configuration<br />
<br />
âââââââââââââââââââââââââ⤠Postfix Configuration âââââââââââââââââââââââââ<br />
â â<br />
â Please select the mail server configuration type that best meets your â<br />
â needs. â<br />
â â<br />
â No configuration: â<br />
â Should be chosen to leave the current configuration unchanged. â<br />
â Internet site: â<br />
â Mail is sent and received directly using SMTP. â<br />
â Internet with smarthost: â<br />
â Mail is received directly using SMTP or by running a utility such â<br />
â as fetchmail. Outgoing mail is sent using a smarthost. â<br />
â Satellite system: â<br />
â All mail is sent to another machine, called a 'smarthost', for â<br />
â delivery. â<br />
â Local only: â<br />
â The only delivered mail is the mail for local users. There is no â<br />
â network. â<br />
â â<br />
â <Ok> â<br />
â â<br />
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ<br />
<br />
Package configuration<br />
<br />
<br />
<br />
<br />
âââââââ⤠Postfix Configuration ââââââââ<br />
â General type of mail configuration: â<br />
â â<br />
â No configuration â<br />
â * Internet Site â<br />
â Internet with smarthost â<br />
â Satellite system â<br />
â Local only â<br />
â â<br />
â â<br />
â <Ok> <Cancel> â<br />
â â<br />
ââââââââââââââââââââââââââââââââââââââââ<br />
<br />
Package configuration<br />
<br />
ââââââââââââââââââââââââââ⤠Postfix Configuration âââââââââââââââââââââââââââ<br />
â The "mail name" is the domain name used to "qualify" _ALL_ mail â<br />
â addresses without a domain name. This includes mail to and from <root>: â<br />
â please do not make your machine send out mail from root@example.org â<br />
â unless root@example.org has told you to. â<br />
â â<br />
â This name will also be used by other programs. It should be the single, â<br />
â fully qualified domain name (FQDN). â<br />
â â<br />
â Thus, if a mail address on the local host is foo@example.org, the â<br />
â correct value for this option would be example.org. â<br />
â â<br />
â System mail name: â<br />
â â<br />
â progclub.org_____________________________________________________________ â<br />
â â<br />
â <Ok> <Cancel> â<br />
â â<br />
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ<br />
<br />
Writing extended state information... Done<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main telnet 0.17-36build1 [72.2kB]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main db4.8-util 4.8.24-1ubuntu1 [136kB]<br />
Get:3 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libpq5 8.4.8-0ubuntu0.10.04 [92.0kB]<br />
Get:4 http://archive.ubuntu.com/ubuntu/ lucid/main libsqlite0 2.8.17-6build2 [193kB]<br />
Get:5 http://archive.ubuntu.com/ubuntu/ lucid/main libsasl2-modules-sql 2.1.23.dfsg1-5ubuntu1 [71.5kB]<br />
Get:6 http://archive.ubuntu.com/ubuntu/ lucid/main sasl2-bin 2.1.23.dfsg1-5ubuntu1 [166kB]<br />
Get:7 http://archive.ubuntu.com/ubuntu/ lucid/universe libpam-mysql 0.7~RC1-4build1 [34.6kB]<br />
Get:8 http://archive.ubuntu.com/ubuntu/ lucid-updates/main postfix 2.7.0-1ubuntu0.2 [1,404kB]<br />
Get:9 http://archive.ubuntu.com/ubuntu/ lucid-updates/main postfix-mysql 2.7.0-1ubuntu0.2 [44.5kB]<br />
Fetched 2,213kB in 1s (1,297kB/s)<br />
Committing to: /etc/<br />
modified group<br />
modified group-<br />
modified gshadow<br />
modified gshadow-<br />
modified passwd<br />
modified passwd-<br />
modified shadow<br />
modified shadow-<br />
Committed revision 60.<br />
Preconfiguring packages ...<br />
Selecting previously deselected package telnet.<br />
(Reading database ... 19681 files and directories currently installed.)<br />
Unpacking telnet (from .../telnet_0.17-36build1_amd64.deb) ...<br />
Selecting previously deselected package db4.8-util.<br />
Unpacking db4.8-util (from .../db4.8-util_4.8.24-1ubuntu1_amd64.deb) ...<br />
Selecting previously deselected package libpq5.<br />
Unpacking libpq5 (from .../libpq5_8.4.8-0ubuntu0.10.04_amd64.deb) ...<br />
Selecting previously deselected package libsqlite0.<br />
Unpacking libsqlite0 (from .../libsqlite0_2.8.17-6build2_amd64.deb) ...<br />
Selecting previously deselected package libsasl2-modules-sql.<br />
Unpacking libsasl2-modules-sql (from .../libsasl2-modules-sql_2.1.23.dfsg1-5ubuntu1_amd64.deb) ...<br />
Selecting previously deselected package sasl2-bin.<br />
Unpacking sasl2-bin (from .../sasl2-bin_2.1.23.dfsg1-5ubuntu1_amd64.deb) ...<br />
Selecting previously deselected package libpam-mysql.<br />
Unpacking libpam-mysql (from .../libpam-mysql_0.7~RC1-4build1_amd64.deb) ...<br />
Selecting previously deselected package postfix.<br />
Unpacking postfix (from .../postfix_2.7.0-1ubuntu0.2_amd64.deb) ...<br />
Selecting previously deselected package postfix-mysql.<br />
Unpacking postfix-mysql (from .../postfix-mysql_2.7.0-1ubuntu0.2_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Processing triggers for ureadahead ...<br />
Setting up telnet (0.17-36build1) ...<br />
update-alternatives: using /usr/bin/telnet.netkit to provide /usr/bin/telnet (telnet) in auto mode.<br />
<br />
Setting up db4.8-util (4.8.24-1ubuntu1) ...<br />
Setting up libpq5 (8.4.8-0ubuntu0.10.04) ...<br />
<br />
Setting up libsqlite0 (2.8.17-6build2) ...<br />
<br />
Setting up libsasl2-modules-sql (2.1.23.dfsg1-5ubuntu1) ...<br />
Setting up sasl2-bin (2.1.23.dfsg1-5ubuntu1) ...<br />
update-rc.d: warning: saslauthd stop runlevel arguments (0 1 6) do not match LSB Default-Stop values (1)<br />
* To enable saslauthd, edit /etc/default/saslauthd and set START=yes<br />
<br />
Setting up libpam-mysql (0.7~RC1-4build1) ...<br />
<br />
Setting up postfix (2.7.0-1ubuntu0.2) ...<br />
Adding group `postfix' (GID 109) ...<br />
Done.<br />
Adding system user `postfix' (UID 107) ...<br />
Adding new user `postfix' (UID 107) with group `postfix' ...<br />
Not creating home directory `/var/spool/postfix'.<br />
Creating /etc/postfix/dynamicmaps.cf<br />
Adding tcp map entry to /etc/postfix/dynamicmaps.cf<br />
Adding group `postdrop' (GID 110) ...<br />
Done.<br />
setting myhostname: charity.progclub.org<br />
setting alias maps<br />
setting alias database<br />
changing /etc/mailname to progclub.org<br />
setting myorigin<br />
setting destinations: progclub.org, charity.progclub.org, localhost.progclub.org, localhost<br />
setting relayhost:<br />
setting mynetworks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128<br />
setting mailbox_size_limit: 0<br />
setting recipient_delimiter: +<br />
setting inet_interfaces: all<br />
/etc/aliases does not exist, creating it.<br />
WARNING: /etc/aliases exists, but does not have a root alias.<br />
<br />
Postfix is now set up with a default configuration. If you need to make<br />
changes, edit<br />
/etc/postfix/main.cf (and others) as needed. To view Postfix configuration<br />
values, see postconf(1).<br />
<br />
After modifying main.cf, be sure to run '/etc/init.d/postfix reload'.<br />
<br />
Running newaliases<br />
* Stopping Postfix Mail Transport Agent postfix [ OK ]<br />
* Starting Postfix Mail Transport Agent postfix [ OK ]<br />
<br />
Setting up postfix-mysql (2.7.0-1ubuntu0.2) ...<br />
Adding mysql map entry to /etc/postfix/dynamicmaps.cf <br />
<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
Committing to: /etc/<br />
modified .etckeeper<br />
added aliases<br />
added aliases.db<br />
modified group<br />
modified group-<br />
modified gshadow<br />
modified gshadow-<br />
added mailname<br />
added pam-mysql.conf<br />
modified passwd<br />
modified passwd-<br />
added postfix<br />
added ppp<br />
added resolvconf<br />
added sasldb2<br />
modified shadow<br />
modified shadow-<br />
added alternatives/telnet<br />
added alternatives/telnet.1.gz<br />
added default/saslauthd<br />
added init.d/postfix<br />
added init.d/saslauthd<br />
added network/if-down.d/postfix<br />
added network/if-up.d/postfix<br />
added postfix/dynamicmaps.cf<br />
added postfix/main.cf<br />
added postfix/master.cf<br />
added postfix/post-install<br />
added postfix/postfix-files<br />
added postfix/postfix-script<br />
added postfix/sasl<br />
added ppp/ip-down.d<br />
added ppp/ip-up.d<br />
added ppp/ip-down.d/postfix<br />
added ppp/ip-up.d/postfix<br />
added rc0.d/K20postfix<br />
added rc0.d/K20saslauthd<br />
added rc1.d/K20postfix<br />
added rc1.d/K20saslauthd<br />
added rc2.d/S20postfix<br />
added rc2.d/S20saslauthd<br />
added rc3.d/S20postfix<br />
added rc3.d/S20saslauthd<br />
added rc4.d/S20postfix<br />
added rc4.d/S20saslauthd<br />
added rc5.d/S20postfix<br />
added rc5.d/S20saslauthd<br />
added rc6.d/K20postfix<br />
added rc6.d/K20saslauthd<br />
added resolvconf/update-libc.d<br />
added resolvconf/update-libc.d/postfix<br />
added rsyslog.d/postfix.conf<br />
added ufw/applications.d/postfix<br />
Committed revision 61.<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
Reading extended state information<br />
Initializing package states... Done<br />
Writing extended state information... Done<br />
<br />
root@charity:~/bin# mail jj5@jj5.net<br />
bash: mail: command not found<br />
<br />
root@charity:~/bin# apt-get install mail<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
E: Couldn't find package mail<br />
<br />
root@charity:~/bin# apt-get install mailutils<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
guile-1.8-libs libgsasl7 libmailutils2 libntlm0<br />
Suggested packages:<br />
mailutils-mh<br />
The following NEW packages will be installed:<br />
guile-1.8-libs libgsasl7 libmailutils2 libntlm0 mailutils<br />
0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 2,480kB of archives.<br />
After this operation, 7,983kB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main guile-1.8-libs 1.8.7+1-3ubuntu1 [752kB]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/universe libntlm0 1.1-1 [19.6kB]<br />
Get:3 http://archive.ubuntu.com/ubuntu/ lucid/universe libgsasl7 1.4.4-1ubuntu1 [191kB]<br />
Get:4 http://archive.ubuntu.com/ubuntu/ lucid/universe libmailutils2 1:2.1+dfsg1-4ubuntu1 [1,089kB]<br />
Get:5 http://archive.ubuntu.com/ubuntu/ lucid/universe mailutils 1:2.1+dfsg1-4ubuntu1 [427kB]<br />
Fetched 2,480kB in 1s (1,621kB/s)<br />
Selecting previously deselected package guile-1.8-libs.<br />
(Reading database ... 19967 files and directories currently installed.)<br />
Unpacking guile-1.8-libs (from .../guile-1.8-libs_1.8.7+1-3ubuntu1_amd64.deb) ...<br />
Selecting previously deselected package libntlm0.<br />
Unpacking libntlm0 (from .../libntlm0_1.1-1_amd64.deb) ...<br />
Selecting previously deselected package libgsasl7.<br />
Unpacking libgsasl7 (from .../libgsasl7_1.4.4-1ubuntu1_amd64.deb) ...<br />
Selecting previously deselected package libmailutils2.<br />
Unpacking libmailutils2 (from .../libmailutils2_1%3a2.1+dfsg1-4ubuntu1_amd64.deb) ...<br />
Selecting previously deselected package mailutils.<br />
Unpacking mailutils (from .../mailutils_1%3a2.1+dfsg1-4ubuntu1_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Setting up guile-1.8-libs (1.8.7+1-3ubuntu1) ...<br />
<br />
Setting up libntlm0 (1.1-1) ...<br />
<br />
Setting up libgsasl7 (1.4.4-1ubuntu1) ...<br />
<br />
Setting up libmailutils2 (1:2.1+dfsg1-4ubuntu1) ...<br />
<br />
Setting up mailutils (1:2.1+dfsg1-4ubuntu1) ...<br />
update-alternatives: using /usr/bin/frm.mailutils to provide /usr/bin/frm (frm) in auto mode.<br />
update-alternatives: using /usr/bin/from.mailutils to provide /usr/bin/from (from) in auto mode.<br />
update-alternatives: warning: not replacing /usr/bin/from with a link.<br />
update-alternatives: warning: not replacing /usr/share/man/man1/from.1.gz with a link.<br />
update-alternatives: using /usr/bin/messages.mailutils to provide /usr/bin/messages (messages) in auto mode.<br />
update-alternatives: using /usr/bin/movemail.mailutils to provide /usr/bin/movemail (movemail) in auto mode.<br />
update-alternatives: using /usr/bin/readmsg.mailutils to provide /usr/bin/readmsg (readmsg) in auto mode.<br />
update-alternatives: using /usr/bin/dotlock.mailutils to provide /usr/bin/dotlock (dotlock) in auto mode.<br />
update-alternatives: using /usr/bin/mail to provide /usr/bin/mailx (mailx) in auto mode.<br />
<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
Committing to: /etc/<br />
added alternatives/dotlock<br />
added alternatives/dotlock.1.gz<br />
added alternatives/frm<br />
added alternatives/frm.1.gz<br />
added alternatives/from<br />
added alternatives/from.1.gz<br />
added alternatives/mailx<br />
added alternatives/mailx.1.gz<br />
added alternatives/messages<br />
added alternatives/messages.1.gz<br />
added alternatives/movemail<br />
added alternatives/movemail.1.gz<br />
added alternatives/readmsg<br />
added alternatives/readmsg.1.gz<br />
Committed revision 62.<br />
<br />
root@charity:~/bin# mail jj5@jj5.net<br />
Cc:<br />
Subject: test<br />
just testing<br />
<br />
<br />
.<br />
.<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
.<br />
<br />
<br />
<br />
<br />
Note: needed to press Ctrl+D to finish the email and send.<br />
<br />
root@charity:~/bin# mysqladmin -u root -p create pcmaildb<br />
Enter password:<br />
<br />
Decided to call the mail user pcmail.<br />
<br />
root@charity:~/bin# deluser vmail<br />
Removing user `vmail' ...<br />
Warning: group `vmail' has no more members.<br />
Done.<br />
<br />
root@charity:~/bin# delgroup vmail<br />
The group `vmail' does not exist.<br />
<br />
root@charity:~/bin# rm -rf /home/vmail<br />
<br />
root@charity:~/bin# groupadd -g 50000 pcmail<br />
<br />
root@charity:~/bin# useradd -s /usr/sbin/nologin -g pcmail -u 50000 pcmail -d /home/pcmail -m<br />
<br />
root@charity:~/bin# mysql -u root -p<br />
Enter password:<br />
Welcome to the MySQL monitor. Commands end with ; or \g.<br />
Your MySQL connection id is 3492<br />
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)<br />
<br />
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.<br />
<br />
mysql> create user 'pcmail'@'localhost' identified by 'secret';<br />
Query OK, 0 rows affected (0.15 sec)<br />
<br />
mysql> FLUSH PRIVILEGES;<br />
Query OK, 0 rows affected (0.11 sec)<br />
<br />
mysql> grant select, insert, update, delete on `pcmaildb`.* to 'pcmail'@'localhost';<br />
Query OK, 0 rows affected (0.00 sec)<br />
<br />
mysql> FLUSH PRIVILEGES;<br />
Query OK, 0 rows affected (0.00 sec)<br />
<br />
mysql> use pcmaildb<br />
Database changed<br />
mysql> CREATE TABLE domains (<br />
-> domain varchar(50) NOT NULL,<br />
-> PRIMARY KEY (domain)<br />
-> )<br />
-> TYPE=MyISAM;<br />
Query OK, 0 rows affected, 1 warning (0.06 sec)<br />
<br />
mysql> CREATE TABLE users (<br />
-> email varchar(80) NOT NULL,<br />
-> password varchar(20) NOT NULL,<br />
-> PRIMARY KEY (email)<br />
-> )<br />
-> TYPE=MyISAM;<br />
Query OK, 0 rows affected, 1 warning (0.01 sec)<br />
<br />
mysql> CREATE TABLE forwards (<br />
-> source varchar(80) NOT NULL,<br />
-> destination TEXT NOT NULL,<br />
-> PRIMARY KEY (source)<br />
-> )<br />
-> TYPE=MyISAM;<br />
Query OK, 0 rows affected, 1 warning (0.01 sec)<br />
<br />
mysql> quit;<br />
Bye<br />
<br />
root@charity:~/bin# vim /etc/postfix/mysql-domains.cf<br />
root@charity:~/bin# cat /etc/postfix/mysql-domains.cf<br />
user = pcmail<br />
password = secret<br />
dbname = pcmaildb<br />
query = SELECT domain AS virtual FROM domains WHERE domain='%s'<br />
hosts = 127.0.0.1<br />
<br />
root@charity:~/bin# vim /etc/postfix/mysql-forwards.cf<br />
root@charity:~/bin# cat /etc/postfix/mysql-forwards.cf<br />
user = pcmail<br />
password = secret<br />
dbname = pcmaildb<br />
query = SELECT destination FROM forwards WHERE source='%s'<br />
hosts = 127.0.0.1<br />
<br />
root@charity:~/bin# vim /etc/postfix/mysql-mailboxes.cf<br />
root@charity:~/bin# cat /etc/postfix/mysql-mailboxes.cf<br />
user = pcmail<br />
password = secret<br />
dbname = pcmaildb<br />
query = SELECT CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') FROM users WHERE email='%s'<br />
hosts = 127.0.0.1<br />
<br />
root@charity:~/bin# vim /etc/postfix/mysql-email.cf<br />
root@charity:~/bin# cat /etc/postfix/mysql-email.cf<br />
user = pcmail<br />
password = secret<br />
dbname = pcmaildb<br />
query = SELECT email FROM users WHERE email='%s'<br />
hosts = 127.0.0.1<br />
<br />
root@charity:~/bin# chmod o= /etc/postfix/mysql-*<br />
<br />
root@charity:~/bin# chgrp postfix /etc/postfix/mysql-*<br />
<br />
root@charity:~/bin# vim /etc/postfix/main.cf<br />
root@charity:~/bin# cat /etc/postfix/main.cf<br />
# See /usr/share/postfix/main.cf.dist for a commented, more complete version<br />
<br />
<br />
# Debian specific: Specifying a file name will cause the first<br />
# line of that file to be used as the name. The Debian default<br />
# is /etc/mailname.<br />
#myorigin = /etc/mailname<br />
<br />
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)<br />
biff = no<br />
<br />
# appending .domain is the MUA's job.<br />
append_dot_mydomain = no<br />
<br />
# Uncomment the next line to generate "delayed mail" warnings<br />
#delay_warning_time = 4h<br />
<br />
readme_directory = no<br />
<br />
# TLS parameters<br />
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem<br />
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key<br />
smtpd_use_tls=yes<br />
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache<br />
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache<br />
<br />
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for<br />
# information on enabling SSL in the smtp client.<br />
<br />
myhostname = charity.progclub.org<br />
alias_maps = hash:/etc/aliases<br />
alias_database = hash:/etc/aliases<br />
myorigin = /etc/mailname<br />
#mydestination = progclub.org, charity.progclub.org, localhost.progclub.org, localhost<br />
mydestination =<br />
relayhost =<br />
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128<br />
mailbox_size_limit = 0<br />
recipient_delimiter = +<br />
inet_interfaces = all<br />
<br />
virtual_alias_domains =<br />
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-forwards.cf, mysql:/etc/postfix/mysql-email.cf<br />
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-domains.cf<br />
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-mailboxes.cf<br />
virtual_mailbox_base = /home/pcmail<br />
virtual_uid_maps = static:50000<br />
virtual_gid_maps = static:50000<br />
<br />
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps<br />
<br />
root@charity:~/bin# vim /etc/default/saslauthd<br />
root@charity:~/bin# cat /etc/default/saslauthd<br />
#<br />
# Settings for saslauthd daemon<br />
# Please read /usr/share/doc/sasl2-bin/README.Debian for details.<br />
#<br />
<br />
# Should saslauthd run automatically on startup? (default: no)<br />
START=yes<br />
<br />
# Description of this saslauthd instance. Recommended.<br />
# (suggestion: SASL Authentication Daemon)<br />
DESC="SASL Authentication Daemon"<br />
<br />
# Short name of this saslauthd instance. Strongly recommended.<br />
# (suggestion: saslauthd)<br />
NAME="saslauthd"<br />
<br />
# Which authentication mechanisms should saslauthd use? (default: pam)<br />
#<br />
# Available options in this Debian package:<br />
# getpwent -- use the getpwent() library function<br />
# kerberos5 -- use Kerberos 5<br />
# pam -- use PAM<br />
# rimap -- use a remote IMAP server<br />
# shadow -- use the local shadow password file<br />
# sasldb -- use the local sasldb database file<br />
# ldap -- use LDAP (configuration is in /etc/saslauthd.conf)<br />
#<br />
# Only one option may be used at a time. See the saslauthd man page<br />
# for more information.<br />
#<br />
# Example: MECHANISMS="pam"<br />
MECHANISMS="pam"<br />
<br />
# Additional options for this mechanism. (default: none)<br />
# See the saslauthd man page for information about mech-specific options.<br />
MECH_OPTIONS=""<br />
<br />
# How many saslauthd processes should we run? (default: 5)<br />
# A value of 0 will fork a new process for each connection.<br />
THREADS=5<br />
<br />
# Other options (default: -c -m /var/run/saslauthd)<br />
# Note: You MUST specify the -m option or saslauthd won't run!<br />
#<br />
# WARNING: DO NOT SPECIFY THE -d OPTION.<br />
# The -d option will cause saslauthd to run in the foreground instead of as<br />
# a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish<br />
# to run saslauthd in debug mode, please run it by hand to be safe.<br />
#<br />
# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.<br />
# See the saslauthd man page and the output of 'saslauthd -h' for general<br />
# information about these options.<br />
#<br />
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"<br />
#OPTIONS="-c -m /var/run/saslauthd"<br />
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"<br />
<br />
root@charity:~/bin# mkdir -p /var/spool/postfix/var/run/saslauthd<br />
<br />
root@charity:~/bin# vim /etc/pam.d/smtp<br />
root@charity:~/bin# cat /etc/pam.d/smtp<br />
auth required pam_mysql.so user=pcmail passwd=secret host=127.0.0.1 db=pcmaildb table=users usercolumn=email passwdcolumn=password crypt=1<br />
account sufficient pam_mysql.so user=pcmail passwd=secret host=127.0.0.1 db=pcmaildb table=users usercolumn=email passwdcolumn=password crypt=1<br />
<br />
root@charity:~/bin# vim /etc/postfix/sasl/smtpd.conf<br />
root@charity:~/bin# cat /etc/postfix/sasl/smtpd.conf<br />
pwcheck_method: saslauthd<br />
mech_list: plain login<br />
allow_plaintext: true<br />
auxprop_plugin: mysql<br />
sql_hostnames: 127.0.0.1<br />
sql_user: pcmail<br />
sql_passwd: secret<br />
sql_database: pcmaildb<br />
sql_select: select password from users where email = '%u'<br />
<br />
root@charity:~/bin# adduser postfix sasl<br />
Adding user `postfix' to group `sasl' ...<br />
Adding user postfix to group sasl<br />
Done.<br />
<br />
root@charity:~/bin# /etc/init.d/postfix restart<br />
* Stopping Postfix Mail Transport Agent postfix [ OK ]<br />
* Starting Postfix Mail Transport Agent postfix [ OK ]<br />
<br />
root@charity:~/bin# /etc/init.d/saslauthd restart<br />
* Stopping SASL Authentication Daemon saslauthd [ OK ]<br />
* Starting SASL Authentication Daemon saslauthd [ OK ]<br />
<br />
root@charity:~/bin# make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/ssl/certs/mailcert.pem<br />
<br />
Package configuration<br />
<br />
<br />
<br />
<br />
<br />
âââââââââââââââââââââ⤠Configure an SSL Certificate. ââââââââââââââââââââââ<br />
â Please enter the host name to use in the SSL certificate. â<br />
â â<br />
â It will become the 'commonName' field of the generated SSL certificate. â<br />
â â<br />
â Host name: â<br />
â â<br />
â charity.progclub.org____________________________________________________ â<br />
â â<br />
â <Ok> <Cancel> â<br />
â â<br />
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ<br />
<br />
root@charity:~/bin# vim /etc/postfix/main.cf<br />
root@charity:~/bin# cat /etc/postfix/main.cf<br />
# See /usr/share/postfix/main.cf.dist for a commented, more complete version<br />
<br />
<br />
# Debian specific: Specifying a file name will cause the first<br />
# line of that file to be used as the name. The Debian default<br />
# is /etc/mailname.<br />
#myorigin = /etc/mailname<br />
<br />
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)<br />
biff = no<br />
<br />
# appending .domain is the MUA's job.<br />
append_dot_mydomain = no<br />
<br />
# Uncomment the next line to generate "delayed mail" warnings<br />
#delay_warning_time = 4h<br />
<br />
readme_directory = no<br />
<br />
# TLS parameters<br />
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem<br />
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key<br />
#smtpd_use_tls=yes<br />
#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache<br />
#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache<br />
smtpd_sasl_auth_enable = yes<br />
broken_sasl_auth_clients = yes<br />
smtpd_sasl_authenticated_header = yes<br />
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination<br />
smtpd_use_tls = yes<br />
smtpd_tls_cert_file = /etc/ssl/certs/mailcert.pem<br />
smtpd_tls_key_file = $smtpd_tls_cert_file<br />
<br />
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for<br />
# information on enabling SSL in the smtp client.<br />
<br />
myhostname = charity.progclub.org<br />
alias_maps = hash:/etc/aliases<br />
alias_database = hash:/etc/aliases<br />
myorigin = /etc/mailname<br />
#mydestination = progclub.org, charity.progclub.org, localhost.progclub.org, localhost<br />
mydestination =<br />
relayhost =<br />
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128<br />
mailbox_size_limit = 0<br />
recipient_delimiter = +<br />
inet_interfaces = all<br />
<br />
virtual_alias_domains =<br />
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-forwards.cf, mysql:/etc/postfix/mysql-email.cf<br />
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-domains.cf<br />
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-mailboxes.cf<br />
virtual_mailbox_base = /home/pcmail<br />
virtual_uid_maps = static:50000<br />
virtual_gid_maps = static:50000<br />
<br />
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps<br />
<br />
root@charity:~/bin# aptitude install courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
Reading extended state information<br />
Initializing package states... Done<br />
Writing extended state information... Done<br />
The following NEW packages will be installed:<br />
courier-authdaemon courier-authlib{a} courier-authlib-mysql<br />
courier-authlib-userdb{a} courier-base{a} courier-imap courier-imap-ssl<br />
courier-pop courier-pop-ssl courier-ssl{a} expect{a} gamin{a}<br />
libgamin0{a} tcl8.5{a}<br />
0 packages upgraded, 14 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 3,150kB of archives. After unpacking 9,093kB will be used.<br />
Do you want to continue? [Y/n/?]<br />
<br />
Package configuration<br />
<br />
<br />
<br />
ââââââââââââââââââââââââ⤠Configuring courier-base âââââââââââââââââââââââââ<br />
â â<br />
â Courier uses several configuration files in /etc/courier. Some of these â<br />
â files can be replaced by a subdirectory whose contents are concatenated â<br />
â and treated as a single, consolidated, configuration file. â<br />
â â<br />
â The web-based administration provided by the courier-webadmin package â<br />
â relies on configuration directories instead of configuration files. If â<br />
â you agree, any directories needed for the web-based administration tool â<br />
â will be created unless there is already a plain file in place. â<br />
â â<br />
â Create directories for web-based administration? â<br />
â â<br />
â <Yes> * <No> â<br />
â â<br />
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ<br />
<br />
Package configuration<br />
<br />
<br />
<br />
âââââââââââââââââââââââââ⤠Configuring courier-ssl ââââââââââââââââââââââââââ<br />
â â<br />
â SSL certificate required â<br />
â â<br />
â POP and IMAP over SSL requires a valid, signed, X.509 certificate. â<br />
â During the installation of courier-pop-ssl or courier-imap-ssl, a â<br />
â self-signed X.509 certificate will be generated if necessary. â<br />
â â<br />
â For production use, the X.509 certificate must be signed by a recognized â<br />
â certificate authority, in order for mail clients to accept the â<br />
â certificate. The default location for this certificate is â<br />
â /etc/courier/pop3d.pem or /etc/courier/imapd.pem. â<br />
â â<br />
â <Ok> â<br />
â â<br />
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ<br />
<br />
...<br />
<br />
modified passwd-<br />
modified shadow<br />
modified shadow-<br />
modified default/saslauthd<br />
added pam.d/smtp<br />
modified postfix/main.cf<br />
added postfix/mysql-domains.cf<br />
added postfix/mysql-email.cf<br />
added postfix/mysql-forwards.cf<br />
added postfix/mysql-mailboxes.cf<br />
added postfix/sasl/smtpd.conf<br />
added ssl/certs/ef2ba030<br />
added ssl/certs/f1b0694b<br />
added ssl/certs/mailcert.pem<br />
Committed revision 63.<br />
Preconfiguring packages ...<br />
Selecting previously deselected package tcl8.5.<br />
(Reading database ... 20285 files and directories currently installed.)<br />
Unpacking tcl8.5 (from .../tcl8.5_8.5.8-2_amd64.deb) ...<br />
Selecting previously deselected package expect.<br />
Unpacking expect (from .../expect_5.44.1.14-5_amd64.deb) ...<br />
Selecting previously deselected package courier-authlib.<br />
Unpacking courier-authlib (from .../courier-authlib_0.62.4-1_amd64.deb) ...<br />
Selecting previously deselected package courier-authdaemon.<br />
Unpacking courier-authdaemon (from .../courier-authdaemon_0.62.4-1_amd64.deb) ...<br />
Selecting previously deselected package courier-authlib-mysql.<br />
Unpacking courier-authlib-mysql (from .../courier-authlib-mysql_0.62.4-1_amd64.deb) ...<br />
Selecting previously deselected package courier-authlib-userdb.<br />
Unpacking courier-authlib-userdb (from .../courier-authlib-userdb_0.62.4-1_amd64.deb) ...<br />
Selecting previously deselected package gamin.<br />
Unpacking gamin (from .../gamin_0.1.10-1ubuntu3_amd64.deb) ...<br />
Selecting previously deselected package libgamin0.<br />
Unpacking libgamin0 (from .../libgamin0_0.1.10-1ubuntu3_amd64.deb) ...<br />
Selecting previously deselected package courier-base.<br />
Unpacking courier-base (from .../courier-base_0.63.0-2.1ubuntu1_amd64.deb) ...<br />
Selecting previously deselected package courier-pop.<br />
Unpacking courier-pop (from .../courier-pop_0.63.0-2.1ubuntu1_amd64.deb) ...<br />
Selecting previously deselected package courier-ssl.<br />
Unpacking courier-ssl (from .../courier-ssl_0.63.0-2.1ubuntu1_amd64.deb) ...<br />
Selecting previously deselected package courier-pop-ssl.<br />
Unpacking courier-pop-ssl (from .../courier-pop-ssl_0.63.0-2.1ubuntu1_amd64.deb) ...<br />
Selecting previously deselected package courier-imap.<br />
Unpacking courier-imap (from .../courier-imap_4.6.0-2.1ubuntu1_amd64.deb) ...<br />
Selecting previously deselected package courier-imap-ssl.<br />
Unpacking courier-imap-ssl (from .../courier-imap-ssl_4.6.0-2.1ubuntu1_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Processing triggers for ureadahead ...<br />
Setting up tcl8.5 (8.5.8-2) ...<br />
update-alternatives: using /usr/bin/tclsh8.5 to provide /usr/bin/tclsh (tclsh) in auto mode.<br />
<br />
Setting up expect (5.44.1.14-5) ...<br />
<br />
Setting up courier-authlib (0.62.4-1) ...<br />
Setting up courier-authdaemon (0.62.4-1) ...<br />
* Starting Courier authentication services authdaemond [ OK ] <br />
<br />
Setting up courier-authlib-mysql (0.62.4-1) ...<br />
<br />
Setting up courier-authlib-userdb (0.62.4-1) ...<br />
Setting up gamin (0.1.10-1ubuntu3) ...<br />
Setting up libgamin0 (0.1.10-1ubuntu3) ...<br />
<br />
Setting up courier-base (0.63.0-2.1ubuntu1) ...<br />
update-alternatives: using /usr/bin/deliverquota.courier to provide /usr/bin/deliverquota (deliverquota) in auto mode.<br />
update-alternatives: using /usr/share/man/man5/maildir.courier.5.gz to provide /usr/share/man/man5/maildir.5.gz (maildir.5.gz) in auto mode.<br />
update-alternatives: using /usr/bin/maildirmake.courier to provide /usr/bin/maildirmake (maildirmake) in auto mode.<br />
update-alternatives: using /usr/share/man/man7/maildirquota.courier.7.gz to provide /usr/share/man/man7/maildirquota.7.gz (maildirquota.7.gz) in auto mode.<br />
update-alternatives: using /usr/bin/makedat.courier to provide /usr/bin/makedat (makedat) in auto mode. <br />
<br />
Setting up courier-pop (0.63.0-2.1ubuntu1) ...<br />
* Starting Courier POP3 server... [ OK ]<br />
<br />
Setting up courier-ssl (0.63.0-2.1ubuntu1) ...<br />
<br />
Setting up courier-pop-ssl (0.63.0-2.1ubuntu1) ...<br />
cp: not writing through dangling symlink `/usr/lib/courier/pop3d.pem'<br />
chmod: cannot operate on dangling symlink `/usr/lib/courier/pop3d.pem'<br />
chown: cannot dereference `/usr/lib/courier/pop3d.pem': No such file or directory<br />
Generating a 1024 bit RSA private key<br />
..................++++++<br />
..++++++<br />
writing new private key to '/usr/lib/courier/pop3d.pem'<br />
-----<br />
1024 semi-random bytes loaded<br />
Generating DH parameters, 512 bit long safe prime, generator 2<br />
This is going to take a long time<br />
...<br />
subject= /C=US/ST=NY/L=New York/O=Courier Mail Server/OU=Automatically-generated POP3 SSL key/CN=localhost/emailAddress=postmaster@example.com<br />
notBefore=Aug 18 07:52:20 2011 GMT<br />
notAfter=Aug 17 07:52:20 2012 GMT<br />
SHA1 Fingerprint=58:34:37:7E:FA:90:CF:48:17:38:4F:58:B5:CA:18:68:1C:77:78:A3<br />
* Starting Courier POP3-SSL server... [ OK ]<br />
<br />
Setting up courier-imap (4.6.0-2.1ubuntu1) ...<br />
* Starting Courier IMAP server... [ OK ]<br />
<br />
Setting up courier-imap-ssl (4.6.0-2.1ubuntu1) ...<br />
cp: not writing through dangling symlink `/usr/lib/courier/imapd.pem'<br />
chmod: cannot operate on dangling symlink `/usr/lib/courier/imapd.pem'<br />
chown: cannot dereference `/usr/lib/courier/imapd.pem': No such file or directory<br />
Generating a 1024 bit RSA private key<br />
...<br />
writing new private key to '/usr/lib/courier/imapd.pem'<br />
-----<br />
1024 semi-random bytes loaded<br />
Generating DH parameters, 512 bit long safe prime, generator 2<br />
This is going to take a long time<br />
...<br />
subject= /C=US/ST=NY/L=New York/O=Courier Mail Server/OU=Automatically-generated IMAP SSL key/CN=localhost/emailAddress=postmaster@example.com<br />
notBefore=Aug 18 07:52:22 2011 GMT<br />
notAfter=Aug 17 07:52:22 2012 GMT<br />
SHA1 Fingerprint=B6:BE:6F:60:FE:40:EC:88:7A:C8:6E:92:F9:EE:E8:5C:42:72:CA:03<br />
* Starting Courier IMAP-SSL server... [ OK ] <br />
<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
Committing to: /etc/<br />
modified .etckeeper<br />
added courier<br />
added gamin<br />
added alternatives/deliverquota<br />
added alternatives/deliverquota.8.gz<br />
added alternatives/maildir.5.gz<br />
added alternatives/maildirmake<br />
added alternatives/maildirmake.1.gz<br />
added alternatives/maildirquota.7.gz<br />
added alternatives/makedat<br />
added alternatives/makedat.1.gz<br />
added alternatives/tclsh<br />
added alternatives/tclsh.1<br />
added courier/authdaemonrc<br />
added courier/authmysqlrc<br />
added courier/imapd<br />
added courier/imapd-ssl<br />
added courier/imapd.cnf<br />
added courier/imapd.pem<br />
added courier/pop3d<br />
added courier/pop3d-ssl<br />
added courier/pop3d.cnf<br />
added courier/pop3d.pem<br />
added courier/shared<br />
added courier/shared/index<br />
added gamin/gaminrc<br />
added init.d/courier-authdaemon<br />
added init.d/courier-imap<br />
added init.d/courier-imap-ssl<br />
added init.d/courier-pop<br />
added init.d/courier-pop-ssl<br />
added logcheck/violations.ignore.d<br />
added logcheck/ignore.d.server/courier-imap<br />
added logcheck/ignore.d.server/courier-imap-ssl<br />
added logcheck/ignore.d.server/courier-pop<br />
added logcheck/ignore.d.server/courier-pop-ssl<br />
added logcheck/violations.ignore.d/courier-imap<br />
added logcheck/violations.ignore.d/courier-imap-ssl<br />
added logcheck/violations.ignore.d/courier-pop<br />
added logcheck/violations.ignore.d/courier-pop-ssl<br />
added pam.d/imap<br />
added pam.d/pop3<br />
added rc0.d/K20courier-authdaemon<br />
added rc0.d/K20courier-imap<br />
added rc0.d/K20courier-imap-ssl<br />
added rc0.d/K20courier-pop<br />
added rc0.d/K20courier-pop-ssl<br />
added rc1.d/K20courier-authdaemon<br />
added rc1.d/K20courier-imap<br />
added rc1.d/K20courier-imap-ssl<br />
added rc1.d/K20courier-pop<br />
added rc1.d/K20courier-pop-ssl<br />
added rc2.d/S20courier-authdaemon<br />
added rc2.d/S20courier-imap<br />
added rc2.d/S20courier-imap-ssl<br />
added rc2.d/S20courier-pop<br />
added rc2.d/S20courier-pop-ssl<br />
added rc3.d/S20courier-authdaemon<br />
added rc3.d/S20courier-imap<br />
added rc3.d/S20courier-imap-ssl<br />
added rc3.d/S20courier-pop<br />
added rc3.d/S20courier-pop-ssl<br />
added rc4.d/S20courier-authdaemon<br />
added rc4.d/S20courier-imap<br />
added rc4.d/S20courier-imap-ssl<br />
added rc4.d/S20courier-pop<br />
added rc4.d/S20courier-pop-ssl<br />
added rc5.d/S20courier-authdaemon<br />
added rc5.d/S20courier-imap<br />
added rc5.d/S20courier-imap-ssl<br />
added rc5.d/S20courier-pop<br />
added rc5.d/S20courier-pop-ssl<br />
added rc6.d/K20courier-authdaemon<br />
added rc6.d/K20courier-imap<br />
added rc6.d/K20courier-imap-ssl<br />
added rc6.d/K20courier-pop<br />
added rc6.d/K20courier-pop-ssl<br />
Committed revision 64.<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
Reading extended state information<br />
Initializing package states... Done<br />
Writing extended state information... Done<br />
<br />
root@charity:~/bin# vim /etc/courier/authdaemonrc<br />
root@charity:~/bin# cat /etc/courier/authdaemonrc<br />
##VERSION: $Id: authdaemonrc.in,v 1.13 2005/10/05 00:07:32 mrsam Exp $<br />
#<br />
# Copyright 2000-2005 Double Precision, Inc. See COPYING for<br />
# distribution information.<br />
#<br />
# authdaemonrc created from authdaemonrc.dist by sysconftool<br />
#<br />
# Do not alter lines that begin with ##, they are used when upgrading<br />
# this configuration.<br />
#<br />
# This file configures authdaemond, the resident authentication daemon.<br />
#<br />
# Comments in this file are ignored. Although this file is intended to<br />
# be sourced as a shell script, authdaemond parses it manually, so<br />
# the acceptable syntax is a bit limited. Multiline variable contents,<br />
# with the \ continuation character, are not allowed. Everything must<br />
# fit on one line. Do not use any additional whitespace for indentation,<br />
# or anything else.<br />
<br />
##NAME: authmodulelist:2<br />
#<br />
# The authentication modules that are linked into authdaemond. The<br />
# default list is installed. You may selectively disable modules simply<br />
# by removing them from the following list. The available modules you<br />
# can use are: authuserdb authpam authpgsql authldap authmysql authcustom authpipe<br />
<br />
#authmodulelist="authpam"<br />
authmodulelist="authmysql"<br />
<br />
##NAME: authmodulelistorig:3<br />
#<br />
# This setting is used by Courier's webadmin module, and should be left<br />
# alone<br />
<br />
authmodulelistorig="authuserdb authpam authpgsql authldap authmysql authcustom authpipe"<br />
<br />
##NAME: daemons:0<br />
#<br />
# The number of daemon processes that are started. authdaemon is typically<br />
# installed where authentication modules are relatively expensive: such<br />
# as authldap, or authmysql, so it's better to have a number of them running.<br />
# PLEASE NOTE: Some platforms may experience a problem if there's more than<br />
# one daemon. Specifically, SystemV derived platforms that use TLI with<br />
# socket emulation. I'm suspicious of TLI's ability to handle multiple<br />
# processes accepting connections on the same filesystem domain socket.<br />
#<br />
# You may need to increase daemons if as your system load increases. Symptoms<br />
# include sporadic authentication failures. If you start getting<br />
# authentication failures, increase daemons. However, the default of 5<br />
# SHOULD be sufficient. Bumping up daemon count is only a short-term<br />
# solution. The permanent solution is to add more resources: RAM, faster<br />
# disks, faster CPUs...<br />
<br />
daemons=5<br />
<br />
##NAME: authdaemonvar:2<br />
#<br />
# authdaemonvar is here, but is not used directly by authdaemond. It's<br />
# used by various configuration and build scripts, so don't touch it!<br />
<br />
authdaemonvar=/var/run/courier/authdaemon<br />
<br />
##NAME: DEBUG_LOGIN:0<br />
#<br />
# Dump additional diagnostics to syslog<br />
#<br />
# DEBUG_LOGIN=0 - turn off debugging<br />
# DEBUG_LOGIN=1 - turn on debugging<br />
# DEBUG_LOGIN=2 - turn on debugging + log passwords too<br />
#<br />
# ** YES ** - DEBUG_LOGIN=2 places passwords into syslog.<br />
#<br />
# Note that most information is sent to syslog at level 'debug', so<br />
# you may need to modify your /etc/syslog.conf to be able to see it. <br />
<br />
DEBUG_LOGIN=0<br />
<br />
##NAME: DEFAULTOPTIONS:0<br />
#<br />
# A comma-separated list of option=value pairs. Each option is applied<br />
# to an account if the account does not have its own specific value for<br />
# that option. So for example, you can set<br />
# DEFAULTOPTIONS="disablewebmail=1,disableimap=1"<br />
# and then enable webmail and/or imap on individual accounts by setting<br />
# disablewebmail=0 and/or disableimap=0 on the account. <br />
<br />
DEFAULTOPTIONS=""<br />
<br />
##NAME: LOGGEROPTS:0<br />
#<br />
# courierlogger(1) options, e.g. to set syslog facility<br />
#<br />
<br />
LOGGEROPTS=""<br />
<br />
##NAME: LDAP_TLS_OPTIONS:0<br />
#<br />
# Options documented in ldap.conf(5) can be set here, prefixed with 'LDAP'.<br />
# Examples:<br />
#<br />
#LDAPTLS_CACERT=/path/to/cacert.pem<br />
#LDAPTLS_REQCERT=demand<br />
#LDAPTLS_CERT=/path/to/clientcert.pem<br />
#LDAPTLS_KEY=/path/to/clientkey.pem<br />
<br />
<br />
root@charity:~/bin# vim /etc/courier/authmysqlrc<br />
root@charity:~/bin# cat /etc/courier/authmysqlrc<br />
MYSQL_SERVER 127.0.0.1<br />
MYSQL_USERNAME pcmail<br />
MYSQL_PASSWORD secret<br />
MYSQL_PORT 0<br />
MYSQL_DATABASE pcmaildb<br />
MYSQL_USER_TABLE users<br />
MYSQL_CRYPT_PWFIELD password<br />
MYSQL_UID_FIELD 50000<br />
MYSQL_GID_FIELD 50000<br />
MYSQL_LOGIN_FIELD email<br />
MYSQL_HOME_FIELD "/home/pcmail"<br />
MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')<br />
<br />
root@charity:~/bin# sudo /etc/init.d/courier-authdaemon restart<br />
* Stopping Courier authentication services authdaemond [ OK ]<br />
* Starting Courier authentication services authdaemond [ OK ]<br />
<br />
root@charity:~/bin# sudo /etc/init.d/courier-imap restart<br />
* Stopping Courier IMAP server... [ OK ]<br />
* Starting Courier IMAP server... [ OK ]<br />
<br />
root@charity:~/bin# sudo /etc/init.d/courier-imap-ssl restart<br />
* Stopping Courier IMAP-SSL server... [ OK ]<br />
* Starting Courier IMAP-SSL server... [ OK ]<br />
<br />
root@charity:~/bin# sudo /etc/init.d/courier-pop restart<br />
* Stopping Courier POP3 server... [ OK ]<br />
* Starting Courier POP3 server... [ OK ]<br />
<br />
root@charity:~/bin# sudo /etc/init.d/courier-pop-ssl restart<br />
* Stopping Courier POP3-SSL server... [ OK ]<br />
* Starting Courier POP3-SSL server... [ OK ]<br />
<br />
root@charity:~/bin# vim /etc/iptables.up.rules<br />
<br />
# Allows SMTP access<br />
-A INPUT -p tcp --dport 25 -j ACCEPT<br />
# Allows pop and pops connections<br />
-A INPUT -p tcp --dport 110 -j ACCEPT<br />
-A INPUT -p tcp --dport 995 -j ACCEPT<br />
# Allows imap and imaps connections<br />
-A INPUT -p tcp --dport 143 -j ACCEPT<br />
-A INPUT -p tcp --dport 993 -j ACCEPT<br />
<br />
root@charity:~/bin# iptables-restore < /etc/iptables.up.rules<br />
<br />
root@charity:~/bin# mysql -u root -p<br />
Enter password:<br />
Welcome to the MySQL monitor. Commands end with ; or \g.<br />
Your MySQL connection id is 3590<br />
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)<br />
<br />
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.<br />
<br />
mysql> use pcmaildb;<br />
Reading table information for completion of table and column names<br />
You can turn off this feature to get a quicker startup with -A<br />
<br />
Database changed<br />
mysql> insert into domains (domain) values ( 'progclub.org' );<br />
Query OK, 1 row affected (0.01 sec)<br />
<br />
mysql> insert into domains (domain) values ( 'progclub.net' );<br />
Query OK, 1 row affected (0.00 sec)<br />
<br />
mysql> insert into domains (domain) values ( 'progclub.com' );<br />
Query OK, 1 row affected (0.00 sec)<br />
<br />
mysql> insert into users ( email, password ) values ( 'jj5@progclub.org', encrypt( 'secret' ) );<br />
Query OK, 1 row affected (0.11 sec)<br />
<br />
mysql> quit;<br />
Bye<br />
<br />
root@charity:~/bin# postfix reload<br />
postfix/postfix-script: refreshing the Postfix mail system<br />
<br />
root@charity:~/bin# ll /home/pcmail<br />
total 20<br />
drwxr-xr-x 2 pcmail pcmail 4096 2011-08-18 07:10 ./<br />
drwxr-xr-x 11 root root 4096 2011-08-18 07:10 ../<br />
-rw-r--r-- 1 pcmail pcmail 220 2010-04-19 02:15 .bash_logout<br />
-rw-r--r-- 1 pcmail pcmail 3103 2010-04-19 02:15 .bashrc<br />
-rw-r--r-- 1 pcmail pcmail 675 2010-04-19 02:15 .profile<br />
<br />
root@charity:~/bin# mail jj5@progclub.org<br />
Cc:<br />
Subject: test<br />
testing<br />
<br />
Note: Ctrl+D to end and send.<br />
<br />
Works!<br />
<br />
Bah! The instructions I followed were shit. Had to completely reconfigure to integrate with Postfix Admin. Followed [http://www.progclub.org/pcrepo/pcmail/trunk/DOCUMENTS/POSTFIX_CONF.txt?revision=325&view=markup these instructions].<br />
<br />
= [[User:John|John]] 2011-08-18 06:11 =<br />
<br />
== Installing awstats ==<br />
<br />
jj5@charity:~$ apt-cache search awstats<br />
awstats - powerful and featureful web server log analyzer<br />
jj5@charity:~$ sudo -s<br />
[sudo] password for jj5:<br />
Sorry, try again.<br />
[sudo] password for jj5:<br />
root@charity:~# apt-get install awstats<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
libnet-xwhois-perl<br />
Suggested packages:<br />
libnet-dns-perl libnet-ip-perl libgeo-ipfree-perl<br />
The following NEW packages will be installed:<br />
awstats libnet-xwhois-perl<br />
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 974kB of archives.<br />
After this operation, 5,341kB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid-updates/main awstats 6.9~dfsg-1ubuntu3.10.04.1 [951kB]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main libnet-xwhois-perl 0.90-3 [23.0kB]<br />
Fetched 974kB in 1s (714kB/s)<br />
Bad group for maybe chgrp UNKNOWN './ldap/friggles.ldif'<br />
Committing to: /etc/<br />
modified passwd<br />
modified passwd-<br />
modified shadow<br />
modified shadow-<br />
Committed revision 55.<br />
Selecting previously deselected package awstats.<br />
(Reading database ... 18938 files and directories currently installed.)<br />
Unpacking awstats (from .../awstats_6.9~dfsg-1ubuntu3.10.04.1_all.deb) ...<br />
Selecting previously deselected package libnet-xwhois-perl.<br />
Unpacking libnet-xwhois-perl (from .../libnet-xwhois-perl_0.90-3_all.deb) ...<br />
Processing triggers for man-db ...<br />
Setting up awstats (6.9~dfsg-1ubuntu3.10.04.1) ...<br />
<br />
Setting up libnet-xwhois-perl (0.90-3) ...<br />
Bad group for maybe chgrp UNKNOWN './ldap/friggles.ldif'<br />
Committing to: /etc/<br />
added awstats<br />
added awstats/awstats.conf<br />
added awstats/awstats.conf.local<br />
added cron.d/awstats<br />
Committed revision 56.<br />
<br />
= [[User:John|John]] 2011-08-15 00:30 =<br />
<br />
== Configuring NFS share /home ==<br />
<br />
Following [https://help.ubuntu.com/community/NFSv4Howto these instructions].<br />
<br />
root@charity:~# apt-get install nfs-kernel-server<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
libevent-1.4-2 libgssglue1 libnfsidmap2 librpcsecgss3 nfs-common portmap<br />
The following NEW packages will be installed:<br />
libevent-1.4-2 libgssglue1 libnfsidmap2 librpcsecgss3 nfs-common<br />
nfs-kernel-server portmap<br />
0 upgraded, 7 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 592kB of archives.<br />
After this operation, 1,802kB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libevent-1.4-2 1.4.13-stable-1 [61.4kB]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main libgssglue1 0.1-4 [24.4kB]<br />
Get:3 http://archive.ubuntu.com/ubuntu/ lucid/main libnfsidmap2 0.23-2 [32.1kB]<br />
Get:4 http://archive.ubuntu.com/ubuntu/ lucid/main librpcsecgss3 0.19-2 [36.3kB]<br />
Get:5 http://archive.ubuntu.com/ubuntu/ lucid-updates/main portmap 6.0.0-1ubuntu2.1 [39.0kB]<br />
Get:6 http://archive.ubuntu.com/ubuntu/ lucid-updates/main nfs-common 1:1.2.0-4ubuntu4.1 [229kB]<br />
Get:7 http://archive.ubuntu.com/ubuntu/ lucid-updates/main nfs-kernel-server 1:1.2.0-4ubuntu4.1 [170kB]<br />
Fetched 592kB in 1s (502kB/s)<br />
Committing to: /etc/<br />
modified group<br />
modified group-<br />
modified gshadow<br />
modified gshadow-<br />
modified passwd-<br />
modified shadow-<br />
Committed revision 50.<br />
Preconfiguring packages ...<br />
Selecting previously deselected package libevent-1.4-2.<br />
(Reading database ... 18813 files and directories currently installed.)<br />
Unpacking libevent-1.4-2 (from .../libevent-1.4-2_1.4.13-stable-1_amd64.deb) ...<br />
Selecting previously deselected package libgssglue1.<br />
Unpacking libgssglue1 (from .../libgssglue1_0.1-4_amd64.deb) ...<br />
Selecting previously deselected package libnfsidmap2.<br />
Unpacking libnfsidmap2 (from .../libnfsidmap2_0.23-2_amd64.deb) ...<br />
Selecting previously deselected package librpcsecgss3.<br />
Unpacking librpcsecgss3 (from .../librpcsecgss3_0.19-2_amd64.deb) ...<br />
Selecting previously deselected package portmap.<br />
Unpacking portmap (from .../portmap_6.0.0-1ubuntu2.1_amd64.deb) ...<br />
Selecting previously deselected package nfs-common.<br />
Unpacking nfs-common (from .../nfs-common_1%3a1.2.0-4ubuntu4.1_amd64.deb) ...<br />
Selecting previously deselected package nfs-kernel-server.<br />
Unpacking nfs-kernel-server (from .../nfs-kernel-server_1%3a1.2.0-4ubuntu4.1_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Processing triggers for ureadahead ...<br />
Setting up libevent-1.4-2 (1.4.13-stable-1) ...<br />
<br />
Setting up libgssglue1 (0.1-4) ...<br />
<br />
Setting up libnfsidmap2 (0.23-2) ...<br />
<br />
Setting up librpcsecgss3 (0.19-2) ... <br />
<br />
Setting up portmap (6.0.0-1ubuntu2.1) ...<br />
portmap start/running, process 3401<br />
<br />
Setting up nfs-common (1:1.2.0-4ubuntu4.1) ...<br />
<br />
Creating config file /etc/idmapd.conf with new version<br />
<br />
Creating config file /etc/default/nfs-common with new version<br />
Adding system user `statd' (UID 106) ...<br />
Adding new user `statd' (UID 106) with group `nogroup' ...<br />
Not creating home directory `/var/lib/nfs'.<br />
statd start/running, process 3618<br />
gssd stop/pre-start, process 3648<br />
idmapd stop/pre-start, process 3681<br />
<br />
Setting up nfs-kernel-server (1:1.2.0-4ubuntu4.1) ...<br />
<br />
Creating config file /etc/exports with new version<br />
<br />
Creating config file /etc/default/nfs-kernel-server with new version<br />
* Not starting NFS kernel daemon: no support in current kernel. <br />
<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
Committing to: /etc/<br />
added exports<br />
added gssapi_mech.conf<br />
added idmapd.conf<br />
modified passwd<br />
modified passwd-<br />
modified shadow<br />
modified shadow-<br />
added default/nfs-common<br />
added default/nfs-kernel-server<br />
added default/portmap<br />
added init/gssd.conf<br />
added init/idmapd.conf<br />
added init/portmap-boot.conf<br />
added init/portmap-wait.conf<br />
added init/portmap.conf<br />
added init/rpc_pipefs.conf<br />
added init/statd-mounting.conf<br />
added init/statd.conf<br />
added init.d/gssd<br />
added init.d/idmapd<br />
added init.d/nfs-kernel-server<br />
added init.d/portmap<br />
added init.d/portmap-boot<br />
added init.d/portmap-wait<br />
added init.d/rpc_pipefs<br />
added init.d/statd<br />
added init.d/statd-mounting<br />
added rc0.d/K80nfs-kernel-server<br />
added rc1.d/K80nfs-kernel-server<br />
added rc2.d/S20nfs-kernel-server<br />
added rc3.d/S20nfs-kernel-server<br />
added rc4.d/S20nfs-kernel-server<br />
added rc5.d/S20nfs-kernel-server<br />
added rc6.d/K80nfs-kernel-server<br />
Committed revision 51.<br />
<br />
root@charity:~# reboot<br />
<br />
jj5@charity:~$ sudo -s<br />
[sudo] password for jj5:<br />
root@charity:~# ls<br />
bin pcrepo try viewvc-1.0.12.tar.gz<br />
ipsec-tools.conf progrock viewvc-1.0.12<br />
root@charity:~# cd /<br />
root@charity:/# ls<br />
bin dev home lib64 mnt proc sbin srv tmp var<br />
boot etc lib media opt root selinux sys usr<br />
root@charity:/# mkdir /export<br />
root@charity:/# mkdir /export/home<br />
root@charity:/# mount --bind /home /export/home<br />
root@charity:/# vim /etc/fstab<br />
root@charity:/# cat /etc/fstab<br />
proc /proc proc defaults 0 0<br />
/dev/sda1 / ext3 defaults,errors=remount-ro,noatime 0 1<br />
/dev/sda2 none swap sw 0 0<br />
/home /export/home none bind 0 0<br />
<br />
root@charity:/# vim /etc/default/nfs-common<br />
root@charity:/# cat /etc/default/nfs-common<br />
# If you do not set values for the NEED_ options, they will be attempted<br />
# autodetected; this should be sufficient for most people. Valid alternatives<br />
# for the NEED_ options are "yes" and "no".<br />
<br />
# Do you want to start the statd daemon? It is not needed for NFSv4.<br />
NEED_STATD=<br />
<br />
# Options for rpc.statd.<br />
# Should rpc.statd listen on a specific port? This is especially useful<br />
# when you have a port-based firewall. To use a fixed port, set this<br />
# this variable to a statd argument like: "--port 4000 --outgoing-port 4001".<br />
# For more information, see rpc.statd(8) or http://wiki.debian.org/?SecuringNFS<br />
STATDOPTS=<br />
<br />
# Do you want to start the idmapd daemon? It is only needed for NFSv4.<br />
NEED_IDMAPD=yes<br />
<br />
# Do you want to start the gssd daemon? It is required for Kerberos mounts.<br />
NEED_GSSD=<br />
<br />
root@charity:/# vim /etc/exports<br />
root@charity:/# cat /etc/exports<br />
# /etc/exports: the access control list for filesystems which may be exported<br />
# to NFS clients. See exports(5).<br />
#<br />
# Example for NFSv2 and NFSv3:<br />
# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)<br />
#<br />
# Example for NFSv4:<br />
# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)<br />
# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check)<br />
#<br />
/export 172.19.0.0/16(rw,fsid=0,insecure,no_subtree_check,async)<br />
/export/home 172.19.0.0/16(rw,nohide,insecure,no_subtree_check,async)<br />
<br />
root@charity:/# /etc/init.d/nfs-kernel-server restart<br />
* Stopping NFS kernel daemon [ OK ]<br />
* Unexporting directories for NFS kernel daemon... [ OK ]<br />
* Not starting NFS kernel daemon: no support in current kernel.<br />
<br />
Following [http://forum.linode.com/viewtopic.php?t=5549 these suggestions]:<br />
<br />
root@charity:/etc# vim /etc/init.d/nfs-kernel-server<br />
<br />
#if [ -f /proc/kallsyms ] && ! grep -qE ' nfsd_serv ' /proc/kallsyms; then<br />
if [ -f /proc/kallsyms ] && ! grep -qE 'init_nf(sd| )' /proc/kallsyms; then<br />
<br />
Nah, screw that. How about this!?:<br />
<br />
#if [ -f /proc/kallsyms ] && ! grep -qE ' nfsd_serv ' /proc/kallsyms; then<br />
#log_warning_msg "Not starting $DESC: no support in current kernel."<br />
#exit 0<br />
#fi<br />
<br />
root@charity:/etc# /etc/init.d/nfs-kernel-server restart<br />
* Stopping NFS kernel daemon [ OK ]<br />
* Unexporting directories for NFS kernel daemon... [ OK ]<br />
* Exporting directories for NFS kernel daemon... [ OK ]<br />
* Starting NFS kernel daemon [ OK ]<br />
<br />
jj5@charity:/export/home$ vim /etc/iptables.up.rules<br />
<br />
# Accept anything from hope<br />
-A INPUT -s 67.207.130.204 -j ACCEPT<br />
-A INPUT -s 172.19.1.28 -j ACCEPT<br />
# Accept anything from honesty<br />
-A INPUT -s 67.207.129.103 -j ACCEPT<br />
-A INPUT -s 172.19.1.46 -j ACCEPT<br />
<br />
root@charity:/export/home# cat /etc/hosts.allow<br />
# /etc/hosts.allow: list of hosts that are allowed to access the system.<br />
# See the manual pages hosts_access(5) and hosts_options(5).<br />
#<br />
# Example: ALL: LOCAL @some_netgroup<br />
# ALL: .foobar.edu EXCEPT terminalserver.foobar.edu<br />
#<br />
# If you're going to protect the portmapper use the name "portmap" for the<br />
# daemon name. Remember that you can only use the keyword "ALL" and IP<br />
# addresses (NOT host or domain names) for the portmapper, as well as for<br />
# rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8)<br />
# for further information.<br />
#<br />
<br />
ALL: 172.19.1.28<br />
ALL: 172.19.1.46<br />
<br />
root@charity:/export/home# cat /etc/fstab<br />
proc /proc proc defaults 0 0<br />
/dev/sda1 / ext3 defaults,errors=remount-ro,noatime 0 1<br />
/dev/sda2 none swap sw 0 0<br />
/home /export/home none bind 0 0<br />
<br />
root@charity:/export/home# cat /etc/exports<br />
# /etc/exports: the access control list for filesystems which may be exported<br />
# to NFS clients. See exports(5).<br />
#<br />
# Example for NFSv2 and NFSv3:<br />
# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)<br />
#<br />
# Example for NFSv4:<br />
# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)<br />
# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check)<br />
#<br />
<br />
/export 172.19.0.0/16(rw,fsid=0,insecure,no_subtree_check,async)<br />
/export/home 172.19.0.0/16(rw,nohide,insecure,no_subtree_check,async)<br />
<br />
= [[User:John|John]] 2011-08-14 23:04 =<br />
<br />
== Kerberos client configuration ==<br />
<br />
Basically the same as on [[Hope_admin#John_2011-08-14_17:23|hope]].<br />
<br />
jj5@charity:~$ sudo -s<br />
[sudo] password for jj5:<br />
root@charity:~# apt-get install krb5-user krb5-config libpam-krb5<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
krb5-user is already the newest version.<br />
krb5-user set to manually installed.<br />
krb5-config is already the newest version.<br />
krb5-config set to manually installed.<br />
The following NEW packages will be installed:<br />
libpam-krb5<br />
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 73.8kB of archives.<br />
After this operation, 193kB of additional disk space will be used.<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libpam-krb5 4.2-1 [73.8kB]<br />
Fetched 73.8kB in 0s (120kB/s)<br />
Committing to: /etc/<br />
modified krb5kdc/kadm5.acl<br />
modified ldap/ldap.conf<br />
modified ldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif<br />
Committed revision 45.<br />
Selecting previously deselected package libpam-krb5.<br />
(Reading database ... 18809 files and directories currently installed.)<br />
Unpacking libpam-krb5 (from .../libpam-krb5_4.2-1_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Setting up libpam-krb5 (4.2-1) ...<br />
<br />
Committing to: /etc/<br />
modified pam.d/common-account<br />
modified pam.d/common-auth<br />
modified pam.d/common-password<br />
modified pam.d/common-session<br />
modified pam.d/common-session-noninteractive<br />
Committed revision 46.<br />
<br />
root@charity:~# hostname -f<br />
charity.progclub.org<br />
<br />
root@charity:~# apt-get install libnss-ldapd libsasl2-modules-gssapi-mit kstart<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
libpam-ldapd nscd nslcd<br />
The following NEW packages will be installed:<br />
kstart libnss-ldapd libpam-ldapd libsasl2-modules-gssapi-mit nscd nslcd<br />
0 upgraded, 6 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 532kB of archives.<br />
After this operation, 1,311kB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
<br />
Package configuration<br />
<br />
<br />
ââââââââââââââââââââââââââ⤠Configuring NSLCD ââââââââââââââââââââââââââââ<br />
â Please enter the Uniform Resource Identifier of the LDAP server. The â<br />
â format is 'ldap://<hostname_or_IP_address>:<port>/'. Alternatively, â<br />
â 'ldaps://' or 'ldapi://' can be used. The port number is optional. â<br />
â â<br />
â When using an ldap or ldaps scheme it is recommended to use an IP â<br />
â address to avoid failures when domain name services are unavailable. â<br />
â â<br />
â Multiple URIs can be be specified by separating them with spaces. â<br />
â â<br />
â LDAP server URI: â<br />
â â<br />
â ldaps://charity.progclub.org/_________________________________________ â<br />
â â<br />
â <Ok> <Cancel> â<br />
â â<br />
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ<br />
<br />
Package configuration<br />
<br />
<br />
<br />
<br />
ââââââââââââââââââââââââââââ⤠Configuring NSLCD âââââââââââââââââââââââââââââ<br />
â Please enter the distinguished name of the LDAP search base. Many sites â<br />
â use the components of their domain names for this purpose. For example, â<br />
â the domain "example.net" would use "dc=example,dc=net" as the â<br />
â distinguished name of the search base. â<br />
â â<br />
â LDAP server search base: â<br />
â â<br />
â dc=progclub,dc=org_______________________________________________________ â<br />
â â<br />
â <Ok> <Cancel> â<br />
â â<br />
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ<br />
<br />
Package configuration<br />
<br />
<br />
ââââââââââââââââââââââââââââ⤠Configuring NSLCD âââââââââââââââââââââââââââââ<br />
â â<br />
â When an encrypted connection is used, a server certificate can be â<br />
â requested and checked. Please choose whether lookups should be â<br />
â configured to require a certificate, and whether certificates should be â<br />
â checked for validity: â<br />
â * never: no certificate will be requested or checked; â<br />
â * allow: a certificate will be requested, but it is not â<br />
â required or checked; â<br />
â * try: a certificate will be requested and checked, but if no â<br />
â certificate is provided it is ignored; â<br />
â * demand: a certificate will be requested, required, and checked. â<br />
â If certificate checking is enabled, at least one of the tls_cacertdir or â<br />
â tls_cacertfile options must be put in /etc/nslcd.conf. â<br />
â â<br />
â <Ok> â<br />
â â<br />
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ<br />
<br />
Package configuration<br />
<br />
<br />
<br />
<br />
<br />
âââââââ⤠Configuring NSLCD âââââââââ<br />
â Check server's SSL certificate: â<br />
â â<br />
â never â<br />
â * allow â<br />
â try â<br />
â demand â<br />
â â<br />
â â<br />
â <Ok> <Cancel> â<br />
â â<br />
ââââââââââââââââââââââââââââââââââââ<br />
<br />
Package configuration<br />
<br />
ââââââââââââââââââââââââ⤠Configuring libnss-ldapd ââââââââââââââââââââââââââ<br />
â For this package to work, you need to modify your /etc/nsswitch.conf to â<br />
â use the ldap datasource. â<br />
â â<br />
â You can select the services that should have LDAP lookups enabled. The â<br />
â new LDAP lookups will be added as the last datasource. Be sure to review â<br />
â these changes. â<br />
â â<br />
â Name services to configure: â<br />
â â<br />
â â<br />
â [*] aliases â<br />
â [*] ethers â<br />
â [*] group â<br />
â [*] hosts â<br />
â [*] netgroup â<br />
â [*] networks â<br />
â [*] passwd â<br />
â [*] protocols â<br />
â [*] rpc â<br />
â [*] services â<br />
â [*] shadow â<br />
â â<br />
â â<br />
â <Ok> â<br />
â â<br />
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ<br />
<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/universe kstart 3.16-3 [58.3kB]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/universe libsasl2-modules-gssapi-mit 2.1.23.dfsg1-5ubuntu1 [73.1kB]<br />
Get:3 http://archive.ubuntu.com/ubuntu/ lucid-updates/universe nscd 2.11.1-0ubuntu7.8 [212kB]<br />
Get:4 http://archive.ubuntu.com/ubuntu/ lucid/universe nslcd 0.7.2 [120kB]<br />
Get:5 http://archive.ubuntu.com/ubuntu/ lucid/universe libnss-ldapd 0.7.2 [41.8kB]<br />
Get:6 http://archive.ubuntu.com/ubuntu/ lucid/universe libpam-ldapd 0.7.2 [27.6kB]<br />
Fetched 532kB in 1s (431kB/s)<br />
Preconfiguring packages ...<br />
Selecting previously deselected package kstart.<br />
(Reading database ... 18820 files and directories currently installed.)<br />
Unpacking kstart (from .../kstart_3.16-3_amd64.deb) ...<br />
Selecting previously deselected package libsasl2-modules-gssapi-mit.<br />
Unpacking libsasl2-modules-gssapi-mit (from .../libsasl2-modules-gssapi-mit_2.1.23.dfsg1-5ubuntu1_amd64.deb) ...<br />
Selecting previously deselected package nscd.<br />
Unpacking nscd (from .../nscd_2.11.1-0ubuntu7.8_amd64.deb) ...<br />
Selecting previously deselected package nslcd.<br />
Unpacking nslcd (from .../archives/nslcd_0.7.2_amd64.deb) ...<br />
Selecting previously deselected package libnss-ldapd.<br />
Unpacking libnss-ldapd (from .../libnss-ldapd_0.7.2_amd64.deb) ...<br />
Selecting previously deselected package libpam-ldapd.<br />
Unpacking libpam-ldapd (from .../libpam-ldapd_0.7.2_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Processing triggers for ureadahead ...<br />
Setting up kstart (3.16-3) ...<br />
Setting up libsasl2-modules-gssapi-mit (2.1.23.dfsg1-5ubuntu1) ...<br />
Setting up nscd (2.11.1-0ubuntu7.8) ...<br />
* Starting Name Service Cache Daemon nscd [ OK ] <br />
<br />
Setting up nslcd (0.7.2) ...<br />
Warning: The home dir /var/run/nslcd/ you specified can't be accessed: No such file or directory<br />
Adding system user `nslcd' (UID 105) ...<br />
Adding new group `nslcd' (GID 108) ...<br />
Adding new user `nslcd' (UID 105) with group `nslcd' ...<br />
Not creating home directory `/var/run/nslcd/'.<br />
* Starting LDAP connection daemon nslcd [ OK ] <br />
<br />
Setting up libnss-ldapd (0.7.2) ...<br />
/etc/nsswitch.conf: enable LDAP lookups for aliases<br />
/etc/nsswitch.conf: enable LDAP lookups for ethers<br />
/etc/nsswitch.conf: enable LDAP lookups for group<br />
/etc/nsswitch.conf: enable LDAP lookups for hosts<br />
/etc/nsswitch.conf: enable LDAP lookups for netgroup<br />
/etc/nsswitch.conf: enable LDAP lookups for networks<br />
/etc/nsswitch.conf: enable LDAP lookups for passwd<br />
/etc/nsswitch.conf: enable LDAP lookups for protocols<br />
/etc/nsswitch.conf: enable LDAP lookups for rpc<br />
/etc/nsswitch.conf: enable LDAP lookups for services<br />
/etc/nsswitch.conf: enable LDAP lookups for shadow<br />
* Restarting Name Service Cache Daemon nscd [ OK ]<br />
<br />
Setting up libpam-ldapd (0.7.2) ...<br />
<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
Committing to: /etc/<br />
modified .etckeeper<br />
modified group<br />
modified group-<br />
modified gshadow<br />
modified gshadow-<br />
added nscd.conf<br />
added nslcd.conf<br />
modified nsswitch.conf<br />
modified passwd<br />
modified passwd-<br />
modified shadow<br />
modified shadow-<br />
added init.d/nscd<br />
added init.d/nslcd<br />
modified pam.d/common-account<br />
modified pam.d/common-auth<br />
modified pam.d/common-password<br />
modified pam.d/common-session<br />
modified pam.d/common-session-noninteractive<br />
added rc0.d/K20nscd<br />
added rc0.d/K20nslcd<br />
added rc1.d/K20nscd<br />
added rc1.d/K20nslcd<br />
added rc2.d/S20nscd<br />
added rc2.d/S20nslcd<br />
added rc3.d/S20nscd<br />
added rc3.d/S20nslcd<br />
added rc4.d/S20nscd<br />
added rc4.d/S20nslcd<br />
added rc5.d/S20nscd<br />
added rc5.d/S20nslcd<br />
added rc6.d/K20nscd<br />
added rc6.d/K20nslcd<br />
Committed revision 47.<br />
<br />
root@charity:~# cat /etc/nsswitch.conf<br />
# /etc/nsswitch.conf<br />
#<br />
# Example configuration of GNU Name Service Switch functionality.<br />
# If you have the `glibc-doc-reference' and `info' packages installed, try:<br />
# `info libc "Name Service Switch"' for information about this file.<br />
<br />
passwd: compat ldap<br />
group: compat ldap<br />
shadow: compat ldap<br />
<br />
hosts: files dns ldap<br />
networks: files ldap<br />
<br />
protocols: db files ldap<br />
services: db files ldap<br />
ethers: db files ldap<br />
rpc: db files ldap<br />
<br />
netgroup: nis ldap<br />
aliases: ldap<br />
<br />
root@charity:~# vim /etc/nslcd.conf<br />
root@charity:~# cat /etc/nslcd.conf<br />
# /etc/nslcd.conf<br />
# nslcd configuration file. See nslcd.conf(5)<br />
# for details.<br />
<br />
# The user and group nslcd should run as.<br />
uid nslcd<br />
gid nslcd<br />
<br />
# The location at which the LDAP server(s) should be reachable.<br />
uri ldaps://charity.progclub.org/<br />
<br />
# The search base that will be used for all queries.<br />
base dc=progclub,dc=org<br />
<br />
# The LDAP protocol version to use.<br />
#ldap_version 3<br />
<br />
# The DN to bind with for normal lookups.<br />
#binddn cn=annonymous,dc=example,dc=net<br />
#bindpw secret<br />
<br />
# SSL options<br />
#ssl off<br />
tls_reqcert allow<br />
<br />
# The search scope.<br />
#scope sub<br />
<br />
# JE: 2011-08-14: added sasl_mech<br />
sasl_mech GSSAPI<br />
<br />
root@charity:~# pam-auth-update<br />
<br />
Package configuration<br />
<br />
ââââââââââââââââââââââââââââââââââââ⤠ââââââââââââââââââââââââââââââââââââââ<br />
â Pluggable Authentication Modules (PAM) determine how authentication, â<br />
â authorization, and password changing are handled on the system, as well â<br />
â as allowing configuration of additional actions to take when starting â<br />
â user sessions. â<br />
â â<br />
â Some PAM module packages provide profiles that can be used to â<br />
â automatically adjust the behavior of all PAM-using applications on the â<br />
â system. Please indicate which of these behaviors you wish to enable. â<br />
â â<br />
â PAM profiles to enable: â<br />
â â<br />
â [*] Kerberos authentication â<br />
â [*] Unix authentication â<br />
â [ ] LDAP Authentication â<br />
â â<br />
â â<br />
â <Ok> <Cancel> â<br />
â â<br />
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ<br />
<br />
root@charity:~# service nslcd restart<br />
* Restarting LDAP connection daemon nslcd<br />
nslcd: /etc/nslcd.conf:30: option sasl_mech is currently not fully supported (please report any successes)<br />
[ OK ]<br />
<br />
root@charity:~# vim /etc/pam.d/common-password<br />
root@charity:~# cat /etc/pam.d/common-password<br />
#<br />
# /etc/pam.d/common-password - password-related modules common to all services<br />
#<br />
# This file is included from other service-specific PAM config files,<br />
# and should contain a list of modules that define the services to be<br />
# used to change user passwords. The default is pam_unix. <br />
<br />
# Explanation of pam_unix options:<br />
#<br />
# The "sha512" option enables salted SHA512 passwords. Without this option,<br />
# the default is Unix crypt. Prior releases used the option "md5".<br />
#<br />
# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in<br />
# login.defs.<br />
#<br />
# See the pam_unix manpage for other options.<br />
<br />
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.<br />
# To take advantage of this, it is recommended that you configure any<br />
# local modules either before or after the default block, and use<br />
# pam-auth-update to manage selection of other modules. See<br />
# pam-auth-update(8) for details.<br />
<br />
# here are the per-package modules (the "Primary" block)<br />
#password requisite pam_krb5.so minimum_uid=1000<br />
#password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512<br />
# here's the fallback if no module succeeds<br />
#password requisite pam_deny.so<br />
# prime the stack with a positive return value if there isn't one already;<br />
# this avoids us returning an error just because nothing sets a success code<br />
# since the modules above will each just jump around<br />
#password required pam_permit.so<br />
# and here are more per-package modules (the "Additional" block)<br />
# end of pam-auth-update config<br />
<br />
password sufficient pam_krb5.so minimum_uid=1000<br />
password required pam_unix.so obscure try_first_pass sha512<br />
<br />
Actually... wait. What am I doing? I think we'll keep admin logins separate, and use LDAP for user machines only.<br />
<br />
jj5@charity:~$ sudo pam-auth-update<br />
[sudo] password for jj5:<br />
<br />
Package configuration<br />
<br />
<br />
<br />
<br />
ââââââââââââââââââââââââââââââââââââ⤠ââââââââââââââââââââââââââââââââââââââ<br />
â â<br />
â One or more of the files â<br />
â /etc/pam.d/common-{auth,account,password,session} have been locally â<br />
â modified. Please indicate whether these local changes should be â<br />
â overridden using the system-provided configuration. If you decline this â<br />
â option, you will need to manage your system's authentication â<br />
â configuration by hand. â<br />
â â<br />
â Override local changes to /etc/pam.d/common-*? â<br />
â â<br />
â * <Yes> <No> â<br />
â â<br />
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ<br />
<br />
Package configuration<br />
<br />
ââââââââââââââââââââââââââââââââââââ⤠ââââââââââââââââââââââââââââââââââââââ<br />
â Pluggable Authentication Modules (PAM) determine how authentication, â<br />
â authorization, and password changing are handled on the system, as well â<br />
â as allowing configuration of additional actions to take when starting â<br />
â user sessions. â<br />
â â<br />
â Some PAM module packages provide profiles that can be used to â<br />
â automatically adjust the behavior of all PAM-using applications on the â<br />
â system. Please indicate which of these behaviors you wish to enable. â<br />
â â<br />
â PAM profiles to enable: â<br />
â â<br />
â [ ] Kerberos authentication â<br />
â [*] Unix authentication â<br />
â [ ] LDAP Authentication â<br />
â â<br />
â â<br />
â <Ok> <Cancel> â<br />
â â<br />
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ<br />
<br />
<br />
root@charity:/etc/skel# apt-get remove libpam-krb5 libnss-ldapd libsasl2-modules-gssapi-mit kstart nscd nslcd<br />
<br />
Package configuration<br />
<br />
ââââââââââââââââââââââââââ⤠Removing libnss-ldapd âââââââââââââââââââââââââââ<br />
â â<br />
â The following services are still configured to use LDAP for lookups: â<br />
â passwd, group, shadow, hosts, networks, protocols, services, ethers, â<br />
â rpc, netgroup, aliases â<br />
â but the libnss-ldapd package is about to be removed. â<br />
â â<br />
â You are advised to remove the entries if you don't plan on using LDAP â<br />
â for name resolution any more. Not removing ldap from nsswitch.conf â<br />
â should, for most services, not cause problems, but host name resolution â<br />
â could be affected in subtle ways. â<br />
â â<br />
â You can edit /etc/nsswitch.conf by hand or choose to remove the entries â<br />
â automatically now. Be sure to review the changes to /etc/nsswitch.conf â<br />
â if you choose to remove the entries now. â<br />
â â<br />
â <Ok> â<br />
â â<br />
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ<br />
<br />
Package configuration<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
âââââââ⤠Removing libnss-ldapd âââââââââ<br />
â â<br />
â Remove LDAP from nsswitch.conf now? â<br />
â â<br />
â * <Yes> <No> â<br />
â â<br />
ââââââââââââââââââââââââââââââââââââââââ<br />
<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following packages will be REMOVED:<br />
kstart libnss-ldapd libpam-krb5 libpam-ldapd libsasl2-modules-gssapi-mit<br />
nscd nslcd<br />
0 upgraded, 0 newly installed, 7 to remove and 0 not upgraded.<br />
After this operation, 1,503kB disk space will be freed.<br />
Do you want to continue [Y/n]?<br />
Committing to: /etc/<br />
modified group<br />
modified group-<br />
modified gshadow<br />
modified gshadow-<br />
modified nslcd.conf<br />
modified passwd<br />
modified passwd-<br />
modified shadow<br />
modified shadow-<br />
modified pam.d/common-account<br />
added pam.d/common-account.pam-old<br />
modified pam.d/common-auth<br />
added pam.d/common-auth.pam-old<br />
modified pam.d/common-password<br />
added pam.d/common-password.pam-old<br />
modified pam.d/common-session<br />
modified pam.d/common-session-noninteractive<br />
added pam.d/common-session-noninteractive.pam-old<br />
added pam.d/common-session.pam-old<br />
Committed revision 48.<br />
(Reading database ... 18880 files and directories currently installed.)<br />
Removing kstart ...<br />
Removing libnss-ldapd ...<br />
/etc/nsswitch.conf: disable LDAP lookups for passwd<br />
/etc/nsswitch.conf: disable LDAP lookups for group<br />
/etc/nsswitch.conf: disable LDAP lookups for shadow<br />
/etc/nsswitch.conf: disable LDAP lookups for hosts<br />
/etc/nsswitch.conf: disable LDAP lookups for networks<br />
/etc/nsswitch.conf: disable LDAP lookups for protocols<br />
/etc/nsswitch.conf: disable LDAP lookups for services<br />
/etc/nsswitch.conf: disable LDAP lookups for ethers<br />
/etc/nsswitch.conf: disable LDAP lookups for rpc<br />
/etc/nsswitch.conf: disable LDAP lookups for netgroup<br />
/etc/nsswitch.conf: disable LDAP lookups for aliases<br />
Removing libpam-krb5 ...<br />
Removing libpam-ldapd ...<br />
Removing libsasl2-modules-gssapi-mit ...<br />
Removing nscd ...<br />
* Stopping Name Service Cache Daemon nscd [ OK ]<br />
Removing nslcd ...<br />
* Stopping LDAP connection daemon nslcd [ OK ]<br />
Processing triggers for man-db ...<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
Processing triggers for ureadahead ...<br />
Committing to: /etc/<br />
modified nsswitch.conf<br />
Committed revision 49.<br />
<br />
= [[User:John|John]] 2011-08-14 21:39 =<br />
<br />
== Configuring slapd indexes ==<br />
<br />
Per [http://forum.zentyal.org/index.php?topic=664.0 these instructions]:<br />
<br />
root@charity:/etc/ldap# vim slapd.d/cn\=config/olcDatabase\=\{1\}hdb.ldif<br />
<br />
olcDbIndex: gidNumber eq<br />
<br />
root@charity:/etc/ldap# /etc/init.d/slapd restart<br />
Stopping OpenLDAP: slapd.<br />
Starting OpenLDAP: slapd.<br />
<br />
= [[User:John|John]] 2011-08-14 19:00 =<br />
<br />
== Configuring KDC ACLs ==<br />
<br />
root@charity:/etc/krb5kdc# vim kadm5.acl<br />
<br />
*/admin@PROGCLUB.ORG *<br />
jj5@PROGCLUB.ORG *<br />
tasaio@PROGCLUB.ORG *<br />
sanguinev@PROGCLUB.ORG *<br />
friggles@PROGCLUB.ORG *<br />
jedd@PROGCLUB.ORG *<br />
<br />
root@charity:~# /etc/init.d/krb5-admin-server restart<br />
* Restarting Kerberos administrative servers kadmind<br />
<br />
= [[User:John|John]] 2011-08-13 15:09 =<br />
<br />
== Installing ViewVC ==<br />
<br />
jj5@charity:~$ release pcview "First release. Just a copy of ViewVC 1.0.12."<br />
Releasing pcview<br />
Checking availability of release: https://www.progclub.org/svn/pcrepo/pcview/tags/release/2011/08/13/01<br />
<br />
Committed revision 184.<br />
<br />
Committed revision 185.<br />
<br />
Committed revision 186.<br />
<br />
jj5@charity:~$ sudo -s<br />
root@charity:~# cd /var/www<br />
root@charity:/var/www# svn co https://www.progclub.org/svn/pcrepo/pcview/tags/latest www.progclub.org-pcview<br />
<br />
root@charity:/var/www# vim /etc/iptables.up.rules<br />
<br />
# Hell, allow anything from John's house<br />
-A INPUT -s 60.240.67.126/32 -j ACCEPT<br />
<br />
root@charity:/var/www# iptables -F<br />
root@charity:/var/www# iptables-restore < /etc/iptables.up.rules<br />
root@charity:/var/www# cd www.progclub.org-pcview/<br />
root@charity:/var/www/www.progclub.org-pcview# bin/standalone.py -r /var/svn/pcrepo<br />
bash: bin/standalone.py: Permission denied<br />
root@charity:/var/www/www.progclub.org-pcview# cd bin<br />
root@charity:/var/www/www.progclub.org-pcview/bin# ls<br />
asp cvsdbadmin make-database standalone.py<br />
cgi loginfo-handler mod_python svndbadmin<br />
root@charity:/var/www/www.progclub.org-pcview/bin# ll<br />
total 92<br />
drwxr-xr-x 6 root root 4096 2011-08-13 05:11 ./<br />
drwxr-xr-x 9 root root 4096 2011-08-13 05:11 ../<br />
drwxr-xr-x 3 root root 4096 2011-08-13 05:11 asp/<br />
drwxr-xr-x 3 root root 4096 2011-08-13 05:11 cgi/<br />
-rw-r--r-- 1 root root 4476 2011-08-13 05:11 cvsdbadmin<br />
-rw-r--r-- 1 root root 10476 2011-08-13 05:11 loginfo-handler<br />
-rw-r--r-- 1 root root 4726 2011-08-13 05:11 make-database<br />
drwxr-xr-x 3 root root 4096 2011-08-13 05:11 mod_python/<br />
-rw-r--r-- 1 root root 26993 2011-08-13 05:11 standalone.py<br />
drwxr-xr-x 6 root root 4096 2011-08-13 05:11 .svn/<br />
-rw-r--r-- 1 root root 10749 2011-08-13 05:11 svndbadmin<br />
root@charity:/var/www/www.progclub.org-pcview/bin# chmod -R a+x *<br />
root@charity:/var/www/www.progclub.org-pcview# bin/standalone.py -r /var/svn/pcrepo<br />
: No such file or directory<br />
<br />
No fun!<br />
<br />
root@charity:/var/www/www.progclub.org-pcview# chmod a+x viewvc-install<br />
root@charity:/var/www/www.progclub.org-pcview# ./viewvc-install<br />
: No such file or directory<br />
<br />
Argh!<br />
<br />
Time to ask for help.<br />
<br />
Wait... [http://osdir.com/ml/version-control.viewvc.issues/2008-05/msg00029.html this explains it], WinZip fucked my line endings!<br />
<br />
jj5@charity:~$ sudo -s<br />
[sudo] password for jj5:<br />
root@charity:~# wget http://viewvc.tigris.org/files/documents/3330/47621/viewvc-1.0.12.tar.gz<br />
--2011-08-13 05:53:37-- http://viewvc.tigris.org/files/documents/3330/47621/viewvc-1.0.12.tar.gz<br />
Resolving viewvc.tigris.org... 204.16.104.146<br />
Connecting to viewvc.tigris.org|204.16.104.146|:80... connected.<br />
HTTP request sent, awaiting response... 200 OK<br />
Length: 523289 (511K) [application/x-gzip]<br />
Saving to: `viewvc-1.0.12.tar.gz'<br />
<br />
100%[======================================>] 523,289 528K/s in 1.0s<br />
<br />
2011-08-13 05:53:38 (528 KB/s) - `viewvc-1.0.12.tar.gz' saved [523289/523289]<br />
<br />
root@charity:~# tar xvf viewvc-1.0.12.tar.gz<br />
root@charity:~# cd /var/www<br />
root@charity:/var/www# svn co https://www.progclub.org/svn/pcrepo/pcview/trunk www.progclub.org-pcview-dev<br />
root@charity:/var/www# cd www.progclub.org-pcview-dev/<br />
root@charity:/var/www/www.progclub.org-pcview-dev# ls<br />
bin docs README viewvc.conf.dist<br />
CHANGES INSTALL templates viewvc-install<br />
COMMITTERS lib templates-contrib windows<br />
cvsgraph.conf.dist LICENSE.html TODO<br />
root@charity:/var/www/www.progclub.org-pcview-dev# cp -R ~/viewvc-1.0.12/* .<br />
root@charity:/var/www/www.progclub.org-pcview-dev# svn ci -m "Fixed line endings for ViewVC"<br />
root@charity:/var/www/www.progclub.org-pcview-dev# exit<br />
exit<br />
jj5@charity:~$ release pcview "Fixed line endings."<br />
Releasing pcview<br />
Checking availability of release: https://www.progclub.org/svn/pcrepo/pcview/tags/release/2011/08/13/01<br />
Checking availability of release: https://www.progclub.org/svn/pcrepo/pcview/tags/release/2011/08/13/02<br />
<br />
Committed revision 188.<br />
<br />
Committed revision 189.<br />
<br />
Committed revision 190.<br />
jj5@charity:~$ sudo -s<br />
root@charity:~# cd /var/www/www.progclub.org-pcview<br />
root@charity:/var/www/www.progclub.org-pcview# update<br />
bash: update: command not found<br />
root@charity:/var/www/www.progclub.org-pcview# svn update<br />
root@charity:/var/www/www.progclub.org-pcview# cd bin<br />
root@charity:/var/www/www.progclub.org-pcview/bin# ll<br />
total 92<br />
drwxr-xr-x 6 root root 4096 2011-08-13 05:59 ./<br />
drwxr-xr-x 9 root root 4096 2011-08-13 05:59 ../<br />
drwxr-xr-x 3 root root 4096 2011-08-13 05:59 asp/<br />
drwxr-xr-x 3 root root 4096 2011-08-13 05:59 cgi/<br />
-rw-r--r-- 1 root root 4319 2011-08-13 05:59 cvsdbadmin<br />
-rw-r--r-- 1 root root 10159 2011-08-13 05:59 loginfo-handler<br />
-rw-r--r-- 1 root root 4572 2011-08-13 05:59 make-database<br />
drwxr-xr-x 3 root root 4096 2011-08-13 05:59 mod_python/<br />
-rw-r--r-- 1 root root 26350 2011-08-13 05:59 standalone.py<br />
drwxr-xr-x 6 root root 4096 2011-08-13 05:59 .svn/<br />
-rw-r--r-- 1 root root 10437 2011-08-13 05:59 svndbadmin<br />
root@charity:/var/www/www.progclub.org-pcview/bin# chmod -R a+x *<br />
root@charity:/var/www/www.progclub.org-pcview/bin# cd ..<br />
root@charity:/var/www/www.progclub.org-pcview# bin/standalone.py -r /var/svn/pcrepo<br />
server ready at http://localhost:7467/viewvc<br />
<br />
root@charity:/var/www/www.progclub.org-pcview# chmod a+x viewvc-install<br />
root@charity:/var/www/www.progclub.org-pcview# ./viewvc-install<br />
This is the ViewVC 1.0.12 installer.<br />
<br />
It will allow you to choose the install path for ViewVC. You will now<br />
be asked some installation questions. Defaults are given in square brackets.<br />
Just hit [Enter] if a default is okay.<br />
<br />
Installation path [/usr/local/viewvc-1.0.12]:<br />
<br />
DESTDIR path (generally only used by package maintainers) []:<br />
<br />
...<br />
<br />
ViewVC file installation complete.<br />
<br />
Consult the INSTALL document for detailed information on completing the<br />
installation and configuration of ViewVC on your system. Here's a brief<br />
overview of the remaining steps:<br />
<br />
1) Edit the /usr/local/viewvc-1.0.12/viewvc.conf file.<br />
<br />
2) Either configure an existing web server to run<br />
/usr/local/viewvc-1.0.12/bin/cgi/viewvc.cgi.<br />
<br />
Or, copy /usr/local/viewvc-1.0.12/bin/cgi/viewvc.cgi to an<br />
already-configured cgi-bin directory.<br />
<br />
Or, use the standalone server provided by this distribution at<br />
/usr/local/viewvc-1.0.12/bin/standalone.py.<br />
<br />
root@charity:/var/www/www.progclub.org-pcview# cd /usr/local/viewvc-1.0.12/<br />
root@charity:/usr/local/viewvc-1.0.12# ls<br />
bin cvsgraph.conf.dist templates viewvc.conf<br />
cvsgraph.conf lib templates-contrib viewvc.conf.dist<br />
root@charity:/usr/local/viewvc-1.0.12# vim viewvc.conf<br />
<br />
root@charity:/usr/local/viewvc-1.0.12# cd /etc/apache2/sites-available/<br />
root@charity:/etc/apache2/sites-available# vim default<br />
<br />
ScriptAlias /pcview-view /usr/local/viewvc-1.0.12/bin/cgi/viewvc.cgi<br />
ScriptAlias /pcview-query /usr/local/viewvc-1.0.12/bin/cgi/viewvc.cgi<br />
<br />
root@charity:/etc/apache2/sites-available# apache2ctl graceful<br />
<br />
GET: http://www.progclub.org/pcview-view<br />
<br />
An Exception Has Occurred<br />
Python Traceback<br />
<br />
Traceback (most recent call last):<br />
File "/usr/local/viewvc-1.0.12/lib/viewvc.py", line 3761, in main<br />
request.run_viewvc()<br />
File "/usr/local/viewvc-1.0.12/lib/viewvc.py", line 258, in run_viewvc<br />
import vclib.svn<br />
File "/usr/local/viewvc-1.0.12/lib/vclib/svn/__init__.py", line 27, in <module><br />
from svn import fs, repos, core, delta<br />
ImportError: No module named svn<br />
<br />
Google [http://www.google.com.au/search?q=viewvc%20No%20module%20named%20svn&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&source=hp&channel=np that].<br />
<br />
[http://www.viewvc.org/faq.html#no-module-named-svn What causes "Error: ImportError: No module named svn"?]<br />
<br />
ViewVC uses Subversion's Python bindings to interact with and pull information<br />
out of your Subversion repositories. These bindings are not, however, generally<br />
provided as part of the ViewVC distribution — you have to install them yourself<br />
some other way. (For more information, contact the Subversion community.) The<br />
error you see is Python being asked to import the Subversion Python bindings and<br />
being unable to do so, typically because the bindings modules aren't found in<br />
the Python library search path.<br />
<br />
Not very helpful dear.<br />
<br />
root@charity:/usr/local/viewvc-1.0.12# apt-cache search python svn<br />
python-svn - A(nother) Python interface to Subversion<br />
python-svn-dbg - A(nother) Python interface to Subversion (debug extension)<br />
python-rope - Python refactoring library<br />
svn-workbench - A Workbench for Subversion<br />
bzr - easy to use distributed version control system<br />
bzr-doc - easy to use distributed version control system (documentation)<br />
python-subversion - Python bindings for Subversion<br />
python-subversion-dbg - Python bindings for Subversion (debug extension)<br />
root@charity:/usr/local/viewvc-1.0.12# apt-get install python-subversion<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
Suggested packages:<br />
python-subversion-dbg<br />
The following NEW packages will be installed:<br />
python-subversion<br />
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 755kB of archives.<br />
After this operation, 3,449kB of additional disk space will be used.<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid-updates/main python-subversion 1.6.6dfsg-2ubuntu1.3 [755kB]<br />
Fetched 755kB in 1s (525kB/s)<br />
Committing to: /etc/<br />
modified iptables.up.rules<br />
modified apache2/sites-available/default<br />
Committed revision 41.<br />
Selecting previously deselected package python-subversion.<br />
(Reading database ... 18330 files and directories currently installed.)<br />
Unpacking python-subversion (from .../python-subversion_1.6.6dfsg-2ubuntu1.3_amd64.deb) ...<br />
Setting up python-subversion (1.6.6dfsg-2ubuntu1.3) ...<br />
<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
Processing triggers for python-support ...<br />
root@charity:/usr/local/viewvc-1.0.12#<br />
<br />
GET: http://www.progclub.org/pcview-view<br />
<br />
Works!<br />
<br />
Just tidy that up a bit:<br />
<br />
root@charity:/usr/local/viewvc-1.0.12# vim /etc/apache2/sites-available/default<br />
<br />
ScriptAlias /pcview /usr/local/viewvc-1.0.12/bin/cgi/viewvc.cgi<br />
ScriptAlias /pcview-query /usr/local/viewvc-1.0.12/bin/cgi/query.cgi<br />
<br />
root@charity:/usr/local/viewvc-1.0.12# apache2ctl graceful<br />
<br />
Actually,<br />
<br />
ScriptAlias /pcrepo /usr/local/viewvc-1.0.12/bin/cgi/viewvc.cgi<br />
#ScriptAlias /pcview-query /usr/local/viewvc-1.0.12/bin/cgi/query.cgi<br />
<br />
So that's: http://www.progclub.org/pcrepo<br />
<br />
jj5@charity:~$ sudo -s<br />
root@charity:~# cd /var/www/www.progclub.org<br />
root@charity:/var/www/www.progclub.org# vim robots.txt<br />
<br />
Disallow: /pcrepo/<br />
<br />
That ought to do it. Wait...<br />
<br />
root@charity:~# apt-cache search enscript<br />
enscript - converts text to Postscript, HTML or RTF with syntax highlighting<br />
root@charity:~# apt-get install enscript<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed: <br />
libpaper-utils libpaper1<br />
Suggested packages:<br />
gv postscript-viewer lpr<br />
The following NEW packages will be installed:<br />
enscript libpaper-utils libpaper1<br />
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 482kB of archives.<br />
After this operation, 2,707kB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libpaper1 1.1.23+nmu1build1 [21.2kB]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main enscript 1.6.5-1 [442kB]<br />
Get:3 http://archive.ubuntu.com/ubuntu/ lucid/main libpaper-utils 1.1.23+nmu1build1 [18.3kB]<br />
Fetched 482kB in 1s (372kB/s)<br />
Committing to: /etc/<br />
modified apache2/sites-available/default<br />
Committed revision 42.<br />
Preconfiguring packages ...<br />
Selecting previously deselected package libpaper1.<br />
(Reading database ... 18382 files and directories currently installed.)<br />
Unpacking libpaper1 (from .../libpaper1_1.1.23+nmu1build1_amd64.deb) ...<br />
Selecting previously deselected package enscript.<br />
Unpacking enscript (from .../enscript_1.6.5-1_amd64.deb) ...<br />
Selecting previously deselected package libpaper-utils.<br />
Unpacking libpaper-utils (from .../libpaper-utils_1.1.23+nmu1build1_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Setting up libpaper1 (1.1.23+nmu1build1) ...<br />
<br />
Creating config file /etc/papersize with new version<br />
<br />
Setting up enscript (1.6.5-1) ...<br />
Setting up libpaper-utils (1.1.23+nmu1build1) ...<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
Committing to: /etc/<br />
added enscript.cfg<br />
added libpaper.d<br />
added papersize<br />
Committed revision 43.<br />
<br />
root@charity:~# cd /usr/local/viewvc-1.0.12/<br />
root@charity:/usr/local/viewvc-1.0.12# vim viewvc.conf<br />
<br />
# should we use 'enscript' for syntax coloring?<br />
use_enscript = 1<br />
<br />
root@charity:/usr/local/viewvc-1.0.12# locate enscript<br />
bash: locate: command not found<br />
root@charity:/usr/local/viewvc-1.0.12# whereis enscript<br />
enscript: /usr/bin/enscript /etc/enscript.cfg /usr/share/enscript /usr/share/man/man1/enscript.1.gz<br />
root@charity:/usr/local/viewvc-1.0.12# vim viewvc.conf<br />
<br />
#<br />
# if the enscript program is not on the path, set this value<br />
#<br />
#enscript_path = <br />
enscript_path = /usr/bin/<br />
<br />
root@charity:/usr/local/viewvc-1.0.12# apt-cache search syntax highlight | grep highlight<br />
<br />
root@charity:/usr/local/viewvc-1.0.12# apt-get install highlight<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
highlight-common<br />
The following NEW packages will be installed:<br />
highlight highlight-common<br />
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 490kB of archives.<br />
After this operation, 1,864kB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/universe highlight-common 2.12-1 [196kB]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/universe highlight 2.12-1 [294kB]<br />
Fetched 490kB in 1s (394kB/s)<br />
Selecting previously deselected package highlight-common.<br />
(Reading database ... 18593 files and directories currently installed.)<br />
Unpacking highlight-common (from .../highlight-common_2.12-1_all.deb) ...<br />
Selecting previously deselected package highlight.<br />
Unpacking highlight (from .../highlight_2.12-1_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Setting up highlight-common (2.12-1) ...<br />
Setting up highlight (2.12-1) ...<br />
Committing to: /etc/<br />
added highlight<br />
added highlight/filetypes.conf<br />
Committed revision 44.<br />
<br />
root@charity:/usr/local/viewvc-1.0.12# vim viewvc.conf<br />
<br />
# should we use 'enscript' for syntax coloring?<br />
use_enscript = 0<br />
<br />
...<br />
<br />
# should we use 'highlight' for syntax coloring?<br />
# NOTE: use_enscript has to be 0 or enscript will be used instead<br />
use_highlight = 1<br />
<br />
[http://www.progclub.org/pcrepo/pcwiki/trunk/index.php?revision=3&view=markup Works!]<br />
<br />
= [[User:John|John]] 2011-08-12 15:53 =<br />
<br />
== Installing bc ==<br />
<br />
jj5@charity:~/bin$ sudo apt-get install bc<br />
[sudo] password for jj5:<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following NEW packages will be installed:<br />
bc<br />
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 112kB of archives.<br />
After this operation, 328kB of additional disk space will be used.<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main bc 1.06.95-2 [112kB]<br />
Fetched 112kB in 0s (115kB/s)<br />
Selecting previously deselected package bc.<br />
(Reading database ... 18313 files and directories currently installed.)<br />
Unpacking bc (from .../bc_1.06.95-2_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Setting up bc (1.06.95-2) ...<br />
<br />
= [[User:John|John]] 2011-08-09 20:05 =<br />
<br />
== Configuring [[Pcldap]] project ==<br />
<br />
root@charity:/var/www/www.progclub.org/# svn co https://www.progclub.org/svn/pcrepo/pcldap/trunk pcldap<br />
root@charity:/var/www/www.progclub.org/# svn co https://www.progclub.org/svn/pcrepo/pcldap/trunk pcldap-dev<br />
root@charity:/var/www/www.progclub.org# cd pcldap<br />
root@charity:/var/www/www.progclub.org/pcldap# ls<br />
config hooks index.php lib locale templates VERSION<br />
doc htdocs INSTALL LICENSE queries tools<br />
root@charity:/var/www/www.progclub.org/pcldap# cd config/<br />
root@charity:/var/www/www.progclub.org/pcldap/config# ls<br />
config.php.example<br />
root@charity:/var/www/www.progclub.org/pcldap/config# cp config.php.example config.php<br />
root@charity:/var/www/www.progclub.org/pcldap/config# apt-get install php5-ldap<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following NEW packages will be installed:<br />
php5-ldap<br />
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 19.9kB of archives.<br />
After this operation, 115kB of additional disk space will be used.<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid-updates/main php5-ldap 5.3.2-1ubuntu4.9 [19.9kB]<br />
Fetched 19.9kB in 0s (37.0kB/s)<br />
Committing to: /etc/<br />
modified network/interfaces<br />
added network/interfaces2011-08-09_01:48<br />
Committed revision 39.<br />
Selecting previously deselected package php5-ldap.<br />
(Reading database ... 18310 files and directories currently installed.)<br />
Unpacking php5-ldap (from .../php5-ldap_5.3.2-1ubuntu4.9_amd64.deb) ...<br />
Processing triggers for libapache2-mod-php5 ...<br />
* Reloading web server config apache2 [ OK ]<br />
Setting up php5-ldap (5.3.2-1ubuntu4.9) ...<br />
Committing to: /etc/<br />
added php5/conf.d/ldap.ini<br />
Committed revision 40.<br />
root@charity:/var/www/www.progclub.org/pcldap/config# apache2ctl graceful<br />
<br />
= [[User:John|John]] 2011-08-08 16:43 =<br />
<br />
== Updating robots.txt file for pcwiki ==<br />
<br />
Added the following to /var/www/www.progclub.org/robots.txt<br />
<br />
Disallow: /pcwiki/<br />
<br />
= [[User:John|John]] 2011-08-06 15:30 =<br />
<br />
== Installing OpenLDAP ==<br />
<br />
Following [https://help.ubuntu.com/community/OpenLDAPServer these instructions]. Oh, no, wait. [http://doc.ubuntu.com/ubuntu/serverguide/C/openldap-server.html These instructions].<br />
<br />
jj5@charity:~$ sudo apt-get install slapd ldap-utils<br />
[sudo] password for jj5:<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
libdb4.7 libltdl7 libperl5.10 libslp1 odbcinst odbcinst1debian1 unixodbc<br />
Suggested packages:<br />
slpd openslp-doc libmyodbc odbc-postgresql tdsodbc unixodbc-bin<br />
The following NEW packages will be installed:<br />
ldap-utils libdb4.7 libltdl7 libperl5.10 libslp1 odbcinst odbcinst1debian1<br />
slapd unixodbc<br />
0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 3,302kB of archives.<br />
After this operation, 8,253kB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libdb4.7 4.7.25-9 [653kB]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main libltdl7 2.2.6b-2ubuntu1 [296kB]<br />
Get:3 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libperl5.10 5.10.1-8ubuntu2.1 [1,202B]<br />
Get:4 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libslp1 1.2.1-7.6ubuntu0.1 [54.5kB]<br />
Get:5 http://archive.ubuntu.com/ubuntu/ lucid/main odbcinst 2.2.11-21 [35.5kB]<br />
Get:6 http://archive.ubuntu.com/ubuntu/ lucid/main odbcinst1debian1 2.2.11-21 [66.6kB]<br />
Get:7 http://archive.ubuntu.com/ubuntu/ lucid/main unixodbc 2.2.11-21 [209kB]<br />
Get:8 http://archive.ubuntu.com/ubuntu/ lucid-updates/main slapd 2.4.21-0ubuntu5.5 [1,637kB]<br />
Get:9 http://archive.ubuntu.com/ubuntu/ lucid-updates/main ldap-utils 2.4.21-0ubuntu5.5 [348kB]<br />
Fetched 3,302kB in 2s (1,595kB/s)<br />
Committing to: /etc/<br />
modified shadow<br />
Committed revision 35.<br />
Preconfiguring packages ...<br />
Selecting previously deselected package libdb4.7.<br />
(Reading database ... 17937 files and directories currently installed.)<br />
Unpacking libdb4.7 (from .../libdb4.7_4.7.25-9_amd64.deb) ...<br />
Selecting previously deselected package libltdl7.<br />
Unpacking libltdl7 (from .../libltdl7_2.2.6b-2ubuntu1_amd64.deb) ...<br />
Selecting previously deselected package libperl5.10.<br />
Unpacking libperl5.10 (from .../libperl5.10_5.10.1-8ubuntu2.1_amd64.deb) ...<br />
Selecting previously deselected package libslp1.<br />
Unpacking libslp1 (from .../libslp1_1.2.1-7.6ubuntu0.1_amd64.deb) ...<br />
Selecting previously deselected package odbcinst.<br />
Unpacking odbcinst (from .../odbcinst_2.2.11-21_amd64.deb) ...<br />
Selecting previously deselected package odbcinst1debian1.<br />
Unpacking odbcinst1debian1 (from .../odbcinst1debian1_2.2.11-21_amd64.deb) ...<br />
Selecting previously deselected package unixodbc.<br />
Unpacking unixodbc (from .../unixodbc_2.2.11-21_amd64.deb) ...<br />
Selecting previously deselected package slapd.<br />
Unpacking slapd (from .../slapd_2.4.21-0ubuntu5.5_amd64.deb) ...<br />
Selecting previously deselected package ldap-utils.<br />
Unpacking ldap-utils (from .../ldap-utils_2.4.21-0ubuntu5.5_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Processing triggers for ureadahead ...<br />
Setting up libdb4.7 (4.7.25-9) ...<br />
<br />
Setting up libltdl7 (2.2.6b-2ubuntu1) ...<br />
<br />
Setting up libperl5.10 (5.10.1-8ubuntu2.1) ...<br />
<br />
Setting up libslp1 (1.2.1-7.6ubuntu0.1) ...<br />
<br />
Setting up ldap-utils (2.4.21-0ubuntu5.5) ...<br />
Setting up odbcinst (2.2.11-21) ...<br />
Setting up odbcinst1debian1 (2.2.11-21) ...<br />
<br />
Setting up unixodbc (2.2.11-21) ... <br />
<br />
Setting up slapd (2.4.21-0ubuntu5.5) ...<br />
Creating new user openldap... done.<br />
Creating initial slapd configuration... done.<br />
Starting OpenLDAP: slapd.<br />
<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
Committing to: /etc/<br />
modified .etckeeper<br />
added ODBCDataSources<br />
modified group<br />
modified group-<br />
modified gshadow<br />
modified gshadow-<br />
added odbc.ini<br />
modified passwd<br />
modified passwd-<br />
modified shadow<br />
modified shadow-<br />
added apparmor.d/usr.sbin.slapd<br />
added default/slapd<br />
added init.d/slapd<br />
added ldap/sasl2<br />
added ldap/schema<br />
added ldap/slapd.d<br />
added ldap/schema/README<br />
added ldap/schema/collective.schema<br />
added ldap/schema/corba.schema<br />
added ldap/schema/core.ldif<br />
added ldap/schema/core.schema<br />
added ldap/schema/cosine.ldif<br />
added ldap/schema/cosine.schema<br />
added ldap/schema/duaconf.schema<br />
added ldap/schema/dyngroup.schema<br />
added ldap/schema/inetorgperson.ldif<br />
added ldap/schema/inetorgperson.schema<br />
added ldap/schema/java.schema<br />
added ldap/schema/ldapns.schema<br />
added ldap/schema/misc.ldif<br />
added ldap/schema/misc.schema<br />
added ldap/schema/nis.ldif<br />
added ldap/schema/nis.schema<br />
added ldap/schema/openldap.ldif<br />
added ldap/schema/openldap.schema<br />
added ldap/schema/pmi.schema<br />
added ldap/schema/ppolicy.schema<br />
added ldap/slapd.d/cn=config<br />
added ldap/slapd.d/cn=config.ldif<br />
added ldap/slapd.d/cn=config/cn=schema<br />
added ldap/slapd.d/cn=config/cn=schema.ldif<br />
added ldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif<br />
added ldap/slapd.d/cn=config/olcDatabase={0}config.ldif<br />
added ldap/slapd.d/cn=config/cn=schema/cn={0}core.ldif<br />
added rc0.d/K80slapd<br />
added rc1.d/K80slapd<br />
added rc2.d/S19slapd<br />
added rc3.d/S19slapd<br />
added rc4.d/S19slapd<br />
added rc5.d/S19slapd<br />
added rc6.d/K80slapd<br />
Committed revision 36.<br />
<br />
jj5@charity:~$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif<br />
SASL/EXTERNAL authentication started<br />
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth<br />
SASL SSF: 0<br />
adding new entry "cn=cosine,cn=schema,cn=config"<br />
<br />
jj5@charity:~$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif<br />
SASL/EXTERNAL authentication started<br />
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth<br />
SASL SSF: 0<br />
adding new entry "cn=nis,cn=schema,cn=config"<br />
<br />
jj5@charity:~$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif<br />
SASL/EXTERNAL authentication started<br />
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth<br />
SASL SSF: 0<br />
adding new entry "cn=inetorgperson,cn=schema,cn=config"<br />
<br />
root@charity:~# cd /etc/ldap<br />
root@charity:/etc/ldap# ls<br />
ldap.conf sasl2 schema slapd.d<br />
root@charity:/etc/ldap# vim backend.progclub.org.ldif<br />
<br />
# Load dynamic backend modules<br />
dn: cn=module,cn=config<br />
objectClass: olcModuleList<br />
cn: module<br />
olcModulepath: /usr/lib/ldap<br />
olcModuleload: back_hdb<br />
<br />
# Database settings<br />
dn: olcDatabase=hdb,cn=config<br />
objectClass: olcDatabaseConfig<br />
objectClass: olcHdbConfig<br />
olcDatabase: {1}hdb<br />
olcSuffix: dc=progclub,dc=org<br />
olcDbDirectory: /var/lib/ldap<br />
olcRootDN: cn=admin,dc=progclub,dc=org<br />
olcRootPW: <secret><br />
olcDbConfig: set_cachesize 0 2097152 0<br />
olcDbConfig: set_lk_max_objects 1500<br />
olcDbConfig: set_lk_max_locks 1500<br />
olcDbConfig: set_lk_max_lockers 1500<br />
olcDbIndex: objectClass eq<br />
olcLastMod: TRUE<br />
olcDbCheckpoint: 512 30<br />
olcAccess: to attrs=userPassword by dn="cn=admin,dc=progclub,dc=org" write by anonymous auth by self write by * none<br />
olcAccess: to attrs=shadowLastChange by self write by * read<br />
olcAccess: to dn.base="" by * read<br />
olcAccess: to * by dn="cn=admin,dc=progclub,dc=org" write by * read<br />
<br />
root@charity:/etc/ldap# sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.progclub.org.ldif<br />
SASL/EXTERNAL authentication started<br />
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth<br />
SASL SSF: 0<br />
adding new entry "cn=module,cn=config"<br />
<br />
adding new entry "olcDatabase=hdb,cn=config"<br />
<br />
root@charity:/etc/ldap# vim frontend.progclub.org.ldif<br />
<br />
# Create top-level object in domain<br />
dn: dc=progclub,dc=org<br />
objectClass: top<br />
objectClass: dcObject<br />
objectclass: organization<br />
o: ProgClub<br />
dc: ProgClub<br />
description: ProgClub<br />
<br />
# Admin user.<br />
dn: cn=admin,dc=progclub,dc=org<br />
objectClass: simpleSecurityObject<br />
objectClass: organizationalRole<br />
cn: admin<br />
description: LDAP administrator<br />
userPassword: <secret><br />
<br />
dn: ou=people,dc=progclub,dc=org<br />
objectClass: organizationalUnit<br />
ou: people<br />
<br />
dn: ou=groups,dc=progclub,dc=org<br />
objectClass: organizationalUnit<br />
ou: groups<br />
<br />
dn: uid=jj5,ou=people,dc=progclub,dc=org<br />
objectClass: inetOrgPerson<br />
objectClass: posixAccount<br />
objectClass: shadowAccount<br />
uid: jj5<br />
sn: Elliot<br />
givenName: John<br />
cn: John Elliot<br />
displayName: John Elliot<br />
uidNumber: 1000<br />
gidNumber: 10000<br />
userPassword: <secret><br />
gecos: John Elliot<br />
loginShell: /bin/bash<br />
homeDirectory: /home/jj5<br />
shadowExpire: -1<br />
shadowFlag: 0<br />
shadowWarning: 7<br />
shadowMin: 8<br />
shadowMax: 999999<br />
shadowLastChange: 10877<br />
mail: jj5@jj5.net<br />
postalCode: 2774<br />
#l: <br />
#o: <br />
mobile: +61 4 3505 7839<br />
homePhone: +61 4 4739 2150<br />
title: ProgClub Founder<br />
postalAddress: <br />
initials: JE<br />
<br />
dn: cn=administrators,ou=groups,dc=progclub,dc=org<br />
objectClass: posixGroup<br />
cn: administrators<br />
gidNumber: 10000<br />
<br />
<br />
root@charity:/etc/ldap# sudo ldapadd -x -D cn=admin,dc=progclub,dc=org -W -f frontend.progclub.org.ldif<br />
Enter LDAP Password:<br />
adding new entry "dc=progclub,dc=org"<br />
<br />
adding new entry "cn=admin,dc=progclub,dc=org"<br />
<br />
adding new entry "ou=people,dc=progclub,dc=org"<br />
<br />
adding new entry "ou=groups,dc=progclub,dc=org"<br />
<br />
adding new entry "uid=jj5,ou=people,dc=progclub,dc=org"<br />
ldap_add: Invalid syntax (21)<br />
additional info: l: value #0 invalid per syntax<br />
<br />
root@charity:/etc/ldap# vim frontend.progclub.org.ldif<br />
root@charity:/etc/ldap# sudo ldapadd -x -D cn=admin,dc=progclub,dc=org -W -f frontend.progclub.org.ldif<br />
Enter LDAP Password:<br />
ldap_bind: Server is unwilling to perform (53)<br />
additional info: unauthenticated bind (DN with no password) disallowed<br />
root@charity:/etc/ldap# sudo ldapadd -x -D cn=admin,dc=progclub,dc=org -W -f frontend.progclub.org.ldif<br />
Enter LDAP Password:<br />
adding new entry "dc=progclub,dc=org"<br />
ldap_add: Already exists (68)<br />
<br />
Had to fixup a mistake, created frontend.progclub.org.ldif.end with the data that hadn't made it into LDAP.<br />
<br />
root@charity:/etc/ldap# sudo ldapadd -x -D cn=admin,dc=progclub,dc=org -W -f frontend.progclub.org.ldif.end<br />
Enter LDAP Password:<br />
adding new entry "uid=jj5,ou=people,dc=progclub,dc=org"<br />
<br />
adding new entry "cn=administrators,ou=groups,dc=progclub,dc=org"<br />
<br />
root@charity:/etc/ldap# ldapsearch -xLLL -b "dc=progclub,dc=org" uid=jj5 sn givenName cn<br />
dn: uid=jj5,ou=people,dc=progclub,dc=org<br />
sn: Elliot<br />
givenName: John<br />
cn: John Elliot<br />
<br />
Works!<br />
<br />
friggles@charity:/etc/ldap$ sudo ldapadd -x -D cn=admin,dc=progclub,dc=org -W -f friggles.ldif <br />
Enter LDAP Password: <br />
adding new entry "uid=friggles,ou=people,dc=progclub,dc=org"<br />
<br />
jj5@charity:~$ sudo ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn<br />
[sudo] password for jj5:<br />
SASL/EXTERNAL authentication started<br />
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth<br />
SASL SSF: 0<br />
dn: cn=config<br />
<br />
dn: cn=module{0},cn=config<br />
<br />
dn: cn=schema,cn=config<br />
<br />
dn: cn={0}core,cn=schema,cn=config<br />
<br />
dn: cn={1}cosine,cn=schema,cn=config <br />
<br />
dn: cn={2}nis,cn=schema,cn=config<br />
<br />
dn: cn={3}inetorgperson,cn=schema,cn=config<br />
<br />
dn: olcDatabase={-1}frontend,cn=config<br />
<br />
dn: olcDatabase={0}config,cn=config <br />
<br />
dn: olcDatabase={1}hdb,cn=config<br />
<br />
jj5@charity:~$ sudo ldapmodify -Y EXTERNAL -H ldapi:///<br />
SASL/EXTERNAL authentication started<br />
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth<br />
SASL SSF: 0<br />
dn: olcDatabase={1}hdb,cn=config<br />
add: olcDbIndex<br />
olcDbIndex: uidNumber eq<br />
<br />
modifying entry "olcDatabase={1}hdb,cn=config"<br />
^+D<br />
<br />
root@charity:/etc/ldap# vim uid_index.ldif<br />
root@charity:/etc/ldap# cat uid_index.ldif<br />
dn: olcDatabase={1}hdb,cn=config<br />
add: olcDbIndex<br />
olcDbIndex: uid eq,pres,sub<br />
<br />
root@charity:/etc/ldap# ldapmodify -Y EXTERNAL -H ldapi:/// -f uid_index.ldif<br />
SASL/EXTERNAL authentication started<br />
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth<br />
SASL SSF: 0<br />
modifying entry "olcDatabase={1}hdb,cn=config"<br />
<br />
root@charity:/etc/ldap# vim schema_convert.conf<br />
root@charity:/etc/ldap# cat schema_convert.conf<br />
include /etc/ldap/schema/core.schema<br />
include /etc/ldap/schema/collective.schema<br />
include /etc/ldap/schema/corba.schema<br />
include /etc/ldap/schema/cosine.schema<br />
include /etc/ldap/schema/duaconf.schema<br />
include /etc/ldap/schema/dyngroup.schema<br />
include /etc/ldap/schema/inetorgperson.schema<br />
include /etc/ldap/schema/java.schema<br />
include /etc/ldap/schema/misc.schema<br />
include /etc/ldap/schema/nis.schema<br />
include /etc/ldap/schema/openldap.schema<br />
include /etc/ldap/schema/ppolicy.schema<br />
<br />
root@charity:/etc/ldap# mkdir /tmp/ldif_output<br />
root@charity:/etc/ldap# slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "cn={5}dyngroup,cn=schema,cn=config" > /tmp/cn=dyngroup.ldif<br />
root@charity:/etc/ldap# slapcat -f schema_convert.conf -F /tmp/ldif_output -n 0 | grep dyngroup<br />
dn: cn={5}dyngroup,cn=schema,cn=config<br />
cn: {5}dyngroup<br />
root@charity:/etc/ldap# vim /tmp/cn\=dyngroup.ldif<br />
<br />
dn: cn=dyngroup,cn=schema,cn=config<br />
...<br />
cn: dyngroup<br />
<br />
root@charity:/etc/ldap# ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/cn\=dyngroup.ldif<br />
SASL/EXTERNAL authentication started<br />
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth<br />
SASL SSF: 0<br />
adding new entry "cn=dyngroup,cn=schema,cn=config"<br />
<br />
root@charity:/etc/ldap# ldapsearch -c -Y EXTERNAL -H ldapi:/// -LLL -b cn=config olcDatabase=config olcAccess<br />
SASL/EXTERNAL authentication started<br />
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth<br />
SASL SSF: 0<br />
dn: olcDatabase={0}config,cn=config<br />
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external<br />
,cn=auth manage by * break<br />
<br />
root@charity:/etc/ldap# ldapsearch -c -Y EXTERNAL -H ldapi:/// -LLL -b cn=config olcDatabase={1}hdb olcAccess<br />
SASL/EXTERNAL authentication started<br />
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth<br />
SASL SSF: 0<br />
dn: olcDatabase={1}hdb,cn=config<br />
olcAccess: {0}to attrs=userPassword by dn="cn=admin,dc=progclub,dc=org" write<br />
by anonymous auth by self write by * none<br />
olcAccess: {1}to attrs=shadowLastChange by self write by * read<br />
olcAccess: {2}to dn.base="" by * read<br />
olcAccess: {3}to * by dn="cn=admin,dc=progclub,dc=org" write by * read<br />
<br />
root@charity:/etc/ldap# apt-get install gnutls-bin<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following NEW packages will be installed:<br />
gnutls-bin<br />
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 144kB of archives.<br />
After this operation, 549kB of additional disk space will be used.<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/universe gnutls-bin 2.8.5-2 [144kB]<br />
Fetched 144kB in 1s (142kB/s)<br />
Committing to: /etc/<br />
modified .etckeeper<br />
added ldap/backend.progclub.org.ldif<br />
added ldap/friggles.ldif<br />
added ldap/frontend.progclub.org.ldif<br />
added ldap/frontend.progclub.org.ldif.end<br />
added ldap/schema_convert.conf<br />
added ldap/uid_index.ldif<br />
added ldap/slapd.d/cn=config/cn=module{0}.ldif<br />
added ldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif<br />
added ldap/slapd.d/cn=config/cn=schema/cn={1}cosine.ldif<br />
added ldap/slapd.d/cn=config/cn=schema/cn={2}nis.ldif<br />
added ldap/slapd.d/cn=config/cn=schema/cn={3}inetorgperson.ldif<br />
added ldap/slapd.d/cn=config/cn=schema/cn={4}dyngroup.ldif<br />
Committed revision 37.<br />
Selecting previously deselected package gnutls-bin.<br />
(Reading database ... 18289 files and directories currently installed.)<br />
Unpacking gnutls-bin (from .../gnutls-bin_2.8.5-2_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Setting up gnutls-bin (2.8.5-2) ...<br />
<br />
root@charity:/etc/ldap# sh -c "certtool --generate-privkey > /etc/ssl/private/cakey.pem"<br />
Generating a 2048 bit RSA private key...<br />
<br />
root@charity:/etc/ldap# vim /etc/ssl/ca.info<br />
root@charity:/etc/ldap# cat /etc/ssl/ca.info<br />
cn = ProgClub<br />
ca<br />
cert_signing_key<br />
<br />
root@charity:/etc/ldap# certtool --generate-self-signed --load-privkey /etc/ssl/private/cakey.pem --template /etc/ssl/ca.info --outfile /etc/ssl/certs/cacert.pem<br />
Generating a self signed certificate...<br />
X.509 Certificate Information:<br />
Version: 3<br />
Serial Number (hex): 4e3ce51d<br />
Validity:<br />
Not Before: Sat Aug 06 06:54:21 UTC 2011<br />
Not After: Sun Aug 05 06:54:21 UTC 2012<br />
Subject: CN=ProgClub<br />
Subject Public Key Algorithm: RSA<br />
Modulus (bits 2048):<br />
b6:b1:59:be:2c:5c:3b:81:6c:6e:d1:e6:0e:98:92:20<br />
cd:b5:a4:4d:f9:9c:b5:7d:ee:54:85:f1:fd:76:09:c2<br />
06:5d:55:98:13:a2:d3:19:c2:d1:a2:84:d0:8a:93:9c<br />
77:50:3b:52:89:c4:8c:97:65:d9:3e:67:44:b1:8a:d7<br />
75:2c:5b:0c:92:50:9b:4d:2e:08:08:4e:8a:39:1f:c7<br />
ce:d5:30:6e:c1:ff:51:80:f0:00:ee:f2:e6:9d:3f:f4<br />
88:41:f9:54:f1:6d:4c:9e:3f:a2:24:9e:73:5f:bf:63<br />
50:37:0b:df:17:b1:a3:1a:27:07:4e:5e:df:5a:d7:96<br />
62:7c:68:c4:21:ab:f2:2c:f5:af:27:f8:ba:bd:6a:5f<br />
07:a3:14:b2:99:97:cb:75:fa:f5:e5:da:de:37:61:bd<br />
2a:fb:a9:10:4a:a9:1a:d8:b3:8d:d8:a6:d3:90:6d:c0<br />
35:5a:6e:d7:01:5c:73:d3:b7:6e:3c:e0:21:d9:58:55<br />
05:e5:d1:3b:4c:43:96:52:d0:80:a5:55:36:82:3f:d5<br />
11:10:71:66:4d:75:32:56:dc:f3:d0:05:b9:de:f3:bf<br />
29:52:30:a1:87:66:e2:6a:56:24:61:5c:48:6c:43:10<br />
cc:80:e2:5a:45:56:c0:ac:a0:a6:0c:9b:d1:84:a9:a9<br />
Exponent (bits 24):<br />
01:00:01<br />
Extensions:<br />
Basic Constraints (critical):<br />
Certificate Authority (CA): TRUE<br />
Key Usage (critical):<br />
Certificate signing.<br />
Subject Key Identifier (not critical):<br />
d433db6e317b06dcd2eba88b7954afcaef1d2e18<br />
Other Information:<br />
Public Key Id:<br />
d433db6e317b06dcd2eba88b7954afcaef1d2e18<br />
<br />
<br />
<br />
Signing certificate...<br />
<br />
root@charity:/etc/ldap# sh -c "certtool --generate-privkey > /etc/ssl/private/charity_slapd_key.pem"<br />
Generating a 2048 bit RSA private key...<br />
<br />
root@charity:/etc/ldap# vim /etc/ssl/charity.info<br />
root@charity:/etc/ldap# cat /etc/ssl/charity.info<br />
organization = ProgClub<br />
cn = charity.progclub.org<br />
tls_www_server<br />
encryption_key<br />
signing_key<br />
<br />
root@charity:/etc/ldap# certtool --generate-certificate --load-privkey /etc/ssl/private/charity_slapd_key.pem --load-ca-certificate /etc/ssl/certs/cacert.pem --load-ca-privkey /etc/ssl/private/cakey.pem --template /etc/ssl/charity.info --outfile /etc/ssl/certs/charity_slapd_cert.pem<br />
Generating a signed certificate...<br />
X.509 Certificate Information:<br />
Version: 3<br />
Serial Number (hex): 4e3ce62a<br />
Validity:<br />
Not Before: Sat Aug 06 06:58:50 UTC 2011<br />
Not After: Sun Aug 05 06:58:50 UTC 2012<br />
Subject: O=ProgClub,CN=charity.progclub.org<br />
Subject Public Key Algorithm: RSA<br />
Modulus (bits 2048):<br />
cd:05:34:13:ac:58:0b:f7:bf:08:df:30:48:66:38:9c<br />
93:a0:d9:92:ca:67:db:a9:5b:fb:57:02:b1:f9:fa:b8<br />
74:5f:b0:37:f8:3b:c2:6d:17:39:1f:53:cc:cd:35:e0<br />
64:11:e3:05:6c:17:5e:a4:bb:11:ae:75:bf:e9:f5:39<br />
0d:be:92:98:fc:15:88:15:ff:62:db:74:49:bc:6f:7b<br />
b4:07:59:44:ef:4d:7c:30:b8:68:46:75:7d:20:a6:70<br />
3e:0f:ca:c6:2e:77:e0:a9:08:2d:25:64:69:9a:42:ef<br />
92:7e:86:88:20:fa:4e:38:58:43:59:1d:54:80:15:e9<br />
d1:00:ff:21:63:2c:10:a8:86:27:04:84:f6:5f:f2:7b<br />
9e:df:9b:47:27:af:3d:2f:22:b2:79:f3:c5:89:61:38<br />
38:26:19:40:2e:fe:cc:da:b8:78:82:4e:4e:fe:ac:ee<br />
b4:c5:8b:72:14:92:96:0f:95:33:b3:8c:5f:84:ec:49<br />
84:9a:ff:24:ff:7b:62:ab:91:e2:df:76:f7:0b:33:4a<br />
69:6c:e7:f4:65:4a:da:2e:04:e0:b2:ce:4d:a9:48:59<br />
38:28:08:e1:23:41:05:25:c6:71:76:5e:91:d7:c9:fd<br />
53:4d:54:36:56:73:d8:1b:a1:90:12:43:90:3b:41:5f<br />
Exponent (bits 24):<br />
01:00:01<br />
Extensions:<br />
Basic Constraints (critical):<br />
Certificate Authority (CA): FALSE<br />
Key Purpose (not critical):<br />
TLS WWW Server.<br />
Key Usage (critical):<br />
Digital signature.<br />
Key encipherment.<br />
Subject Key Identifier (not critical):<br />
92543d9cae79eaeb4d0e1f0484a24527ec6d8bd4<br />
Authority Key Identifier (not critical):<br />
d433db6e317b06dcd2eba88b7954afcaef1d2e18<br />
Other Information:<br />
Public Key Id:<br />
92543d9cae79eaeb4d0e1f0484a24527ec6d8bd4<br />
<br />
<br />
<br />
Signing certificate...<br />
<br />
root@charity:/etc/ldap# ldapmodify -Y EXTERNAL -H ldapi:///<br />
SASL/EXTERNAL authentication started<br />
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth<br />
SASL SSF: 0<br />
dn: cn=config<br />
add: olcTLSCACertificateFile<br />
olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem<br />
-<br />
add: olcTLSCertificateFile<br />
olcTLSCertificateFile: /etc/ssl/certs/charity_slapd_cert.pem<br />
-<br />
add: olcTLSCertificateKeyFile<br />
olcTLSCertificateKeyFile: /etc/ssl/private/charity_slapd_key.pem<br />
<br />
modifying entry "cn=config"<br />
^+D<br />
<br />
root@charity:/etc/ldap# vim /etc/default/slapd<br />
<br />
#SLAPD_SERVICES="ldap:/// ldapi:///"<br />
SLAPD_SERVICES="ldap:/// ldapi:/// ldaps:///"<br />
<br />
root@charity:/etc/ldap# adduser openldap ssl-cert<br />
Adding user `openldap' to group `ssl-cert' ...<br />
Adding user openldap to group ssl-cert<br />
Done.<br />
root@charity:/etc/ldap# chgrp ssl-cert /etc/ssl/private/charity_slapd_key.pem<br />
root@charity:/etc/ldap# chmod g+r /etc/ssl/private/charity_slapd_key.pem<br />
<br />
root@charity:/etc/ldap# /etc/init.d/slapd restart<br />
Stopping OpenLDAP: slapd.<br />
Starting OpenLDAP: slapd.<br />
<br />
= [[User:John|John]] 2011-08-06 05:35 =<br />
<br />
== Enabling mod_rewrite in Apache ==<br />
<br />
root@charity:/var/www/www.progclub.org/pcblog# a2enmod rewrite<br />
Enabling module rewrite.<br />
Run '/etc/init.d/apache2 restart' to activate new configuration!<br />
root@charity:/var/www/www.progclub.org/pcblog# apache2ctl graceful<br />
<br />
That was after configuring a .htaccess file for pcblog:<br />
<br />
jj5@charity:~$ cat /var/www/www.progclub.org/pcblog/.htaccess<br />
<IfModule mod_rewrite.c><br />
RewriteEngine On<br />
RewriteBase /blog/<br />
RewriteRule ^index\.php$ - [L]<br />
RewriteCond %{REQUEST_FILENAME} !-f<br />
RewriteCond %{REQUEST_FILENAME} !-d<br />
RewriteRule . /blog/index.php [L]<br />
</IfModule><br />
<br />
<br />
= [[User:John|John]] 2011-08-05 23:15 =<br />
<br />
== Installing php5-mcrypt ==<br />
<br />
root@charity:/var/www/www.progclub.org# apt-get install php5-mcrypt<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
libmcrypt4<br />
Suggested packages:<br />
libmcrypt-dev mcrypt<br />
The following NEW packages will be installed:<br />
libmcrypt4 php5-mcrypt<br />
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 104kB of archives.<br />
After this operation, 365kB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/universe libmcrypt4 2.5.8-3.1 [87.6kB]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/universe php5-mcrypt 5.3.2-0ubuntu1 [16.7kB]<br />
Fetched 104kB in 0s (110kB/s)<br />
Committing to: /etc/<br />
modified group<br />
modified group-<br />
modified gshadow<br />
modified gshadow-<br />
modified passwd<br />
modified passwd-<br />
modified shadow<br />
modified shadow-<br />
Committed revision 32.<br />
Selecting previously deselected package libmcrypt4.<br />
(Reading database ... 17926 files and directories currently installed.)<br />
Unpacking libmcrypt4 (from .../libmcrypt4_2.5.8-3.1_amd64.deb) ...<br />
Selecting previously deselected package php5-mcrypt.<br />
Unpacking php5-mcrypt (from .../php5-mcrypt_5.3.2-0ubuntu1_amd64.deb) ...<br />
Processing triggers for libapache2-mod-php5 ...<br />
* Reloading web server config apache2 [ OK ]<br />
Setting up libmcrypt4 (2.5.8-3.1) ...<br />
<br />
Setting up php5-mcrypt (5.3.2-0ubuntu1) ...<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
Committing to: /etc/<br />
added php5/conf.d/mcrypt.ini<br />
Committed revision 33.<br />
<br />
= [[User:John|John]] 2011-08-05 22:24 =<br />
<br />
== Creating pcblog database and user ==<br />
<br />
root@charity:/var/www/www.progclub.org# mysql -uroot -p<br />
Enter password:<br />
Welcome to the MySQL monitor. Commands end with ; or \g.<br />
Your MySQL connection id is 1030<br />
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)<br />
<br />
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.<br />
<br />
mysql> use mysql;<br />
Reading table information for completion of table and column names<br />
You can turn off this feature to get a quicker startup with -A<br />
<br />
Database changed<br />
mysql> create user 'pcblog'@'%' identified by 'uiq82r3wy';<br />
Query OK, 0 rows affected (0.09 sec)<br />
<br />
mysql> create database pcblog;<br />
Query OK, 1 row affected (0.09 sec)<br />
<br />
mysql> select host, user from user;<br />
+---------------------------+------------------+<br />
| host | user |<br />
+---------------------------+------------------+<br />
| % | pcblog |<br />
| 127.0.0.1 | root |<br />
| 60-240-67-126.tpgi.com.au | pcwiki |<br />
| charity | root |<br />
| localhost | debian-sys-maint |<br />
| localhost | pcwiki |<br />
| localhost | root |<br />
+---------------------------+------------------+<br />
7 rows in set (0.01 sec)<br />
<br />
mysql> grant all privileges on pcblog.* to 'pcblog'@'%' with grant option;<br />
Query OK, 0 rows affected (0.14 sec)<br />
<br />
mysql> flush privileges;<br />
Query OK, 0 rows affected (0.02 sec)<br />
<br />
mysql> quit<br />
Bye<br />
<br />
= [[User:John|John]] 2011-08-05 17:32 =<br />
<br />
== Adding user jedd ==<br />
<br />
jj5@charity:~$ sudo adduser jedd<br />
[sudo] password for jj5:<br />
Adding user `jedd' ...<br />
Adding new group `jedd' (1006) ...<br />
Adding new user `jedd' (1006) with group `jedd' ...<br />
Creating home directory `/home/jedd' ...<br />
Copying files from `/etc/skel' ...<br />
Enter new UNIX password:<br />
Retype new UNIX password:<br />
passwd: password updated successfully<br />
Changing the user information for jedd<br />
Enter the new value, or press ENTER for the default<br />
Full Name []: Jedd Rashbrooke<br />
Room Number []:<br />
Work Phone []:<br />
Home Phone []:<br />
Other []:<br />
Is the information correct? [Y/n]<br />
jj5@charity:~$ sudo adduser jedd sudo<br />
Adding user `jedd' to group `sudo' ...<br />
Adding user jedd to group sudo<br />
Done.<br />
<br />
= [[User:John|John]] 2011-08-05 16:59 =<br />
<br />
== Disabling IPSec ==<br />
<br />
Can't get [[IPSec]] to work. Commented out /etc/network/if-up.d/ip and removed the policies from /etc/ipsec-tools.conf.<br />
<br />
= [[User:John|John]] 2011-08-05 16:10 =<br />
<br />
== Trying to get kadmin to work from [[Hope]] ==<br />
<br />
Found [http://fixunix.com/kerberos/364739-centos-attempting-set-up-kerberos-5-tickets-created-destroyedsuccessfully-now-issue.html this].<br />
<br />
root@charity:~# kadmin.local -p jj5/admin -q "addprinc -randkey host/hope.progclub.net"<br />
Authenticating as principal jj5/admin with password.<br />
WARNING: no policy specified for host/hope.progclub.net@PROGCLUB.ORG; defaulting to no policy<br />
Principal "host/hope.progclub.net@PROGCLUB.ORG" created.<br />
<br />
root@charity:~# kadmin.local -p jj5/admin -q "ktadd -k /etc/krb5.keytab host/hope.progclub.net"<br />
Authenticating as principal jj5/admin with password.<br />
Entry for principal host/hope.progclub.net with kvno 2, encryption type AES-256 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/etc/krb5.keytab.<br />
Entry for principal host/hope.progclub.net with kvno 2, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/krb5.keytab.<br />
Entry for principal host/hope.progclub.net with kvno 2, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.<br />
Entry for principal host/hope.progclub.net with kvno 2, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/etc/krb5.keytab.<br />
<br />
Ah, I was confused.<br />
<br />
root@charity:/etc# rm krb5.keytab<br />
<br />
= [[User:John|John]] 2011-08-05 14:57 =<br />
<br />
== Changing jj5/admin password in Kerberos ==<br />
<br />
This is so my password will be different from the Linux system password, so I can tell if the system is logging me in with my Kerberos credentials (when I configure SSH to use Kerberos, for example).<br />
<br />
jj5@charity:~$ kadmin -p jj5/admin<br />
Couldn't open log file /var/log/krb5.log: Permission denied<br />
Authenticating as principal jj5/admin with password.<br />
Password for jj5/admin@PROGCLUB.ORG:<br />
kadmin: cpw jj5/admin<br />
Enter password for principal "jj5/admin@PROGCLUB.ORG":<br />
Re-enter password for principal "jj5/admin@PROGCLUB.ORG":<br />
Password for "jj5/admin@PROGCLUB.ORG" changed.<br />
kadmin: quit<br />
<br />
== Adding user jj5 ==<br />
<br />
jj5@charity:~$ kadmin -p jj5/admin<br />
Couldn't open log file /var/log/krb5.log: Permission denied<br />
Authenticating as principal jj5/admin with password.<br />
Password for jj5/admin@PROGCLUB.ORG:<br />
kadmin: addprinc jj5<br />
WARNING: no policy specified for jj5@PROGCLUB.ORG; defaulting to no policy<br />
Enter password for principal "jj5@PROGCLUB.ORG":<br />
Re-enter password for principal "jj5@PROGCLUB.ORG":<br />
Principal "jj5@PROGCLUB.ORG" created.<br />
kadmin: quit<br />
<br />
= [[User:John|John]] 2011-08-05 00:26 =<br />
<br />
== Kerberizing Apache ==<br />
<br />
Following [https://help.ubuntu.com/community/Kerberos#Apache these instructions].<br />
<br />
jj5@charity:~$ sudo -s<br />
[sudo] password for jj5:<br />
root@charity:~# kadmin.local<br />
Authenticating as principal root/admin@PROGCLUB.ORG with password.<br />
kadmin.local: addprinc -randkey HTTP/charity.progclub.org<br />
WARNING: no policy specified for HTTP/charity.progclub.org@PROGCLUB.ORG; defaulting to no policy<br />
Principal "HTTP/charity.progclub.org@PROGCLUB.ORG" created.<br />
kadmin.local: ktadd -k /etc/apache2/apache2.keytab HTTP/charity.progclub.org<br />
Entry for principal HTTP/charity.progclub.org with kvno 2, encryption type AES-256 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/etc/apache2/apache2.keytab.<br />
Entry for principal HTTP/charity.progclub.org with kvno 2, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/apache2/apache2.keytab.<br />
Entry for principal HTTP/charity.progclub.org with kvno 2, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/apache2/apache2.keytab.<br />
Entry for principal HTTP/charity.progclub.org with kvno 2, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/etc/apache2/apache2.keytab.<br />
kadmin.local: quit<br />
root@charity:~# chown www-data:www-data /etc/apache2/apache2.keytab<br />
root@charity:~# chmod 400 /etc/apache2/apache2.keytab<br />
root@charity:~# apt-get install libapache2-mod-auth-kerb<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following NEW packages will be installed:<br />
libapache2-mod-auth-kerb<br />
0 upgraded, 1 newly installed, 0 to remove and 2 not upgraded.<br />
Need to get 20.3kB of archives.<br />
After this operation, 119kB of additional disk space will be used.<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libapache2-mod-auth-kerb 5.3-5build2 [20.3kB]<br />
Fetched 20.3kB in 0s (36.1kB/s)<br />
Committing to: /etc/<br />
modified .etckeeper<br />
modified krb5.conf<br />
added apache2/apache2.keytab<br />
added krb5kdc/kadm5.acl<br />
modified krb5kdc/kdc.conf<br />
added krb5kdc/stash<br />
Committed revision 28.<br />
Selecting previously deselected package libapache2-mod-auth-kerb.<br />
(Reading database ... 17919 files and directories currently installed.)<br />
Unpacking libapache2-mod-auth-kerb (from .../libapache2-mod-auth-kerb_5.3-5build2_amd64.deb) ...<br />
Setting up libapache2-mod-auth-kerb (5.3-5build2) ...<br />
Enabling module auth_kerb.<br />
Run '/etc/init.d/apache2 restart' to activate new configuration!<br />
<br />
Committing to: /etc/<br />
added apache2/mods-available/auth_kerb.load<br />
added apache2/mods-enabled/auth_kerb.load<br />
Committed revision 29.<br />
root@charity:~# cd /etc/apache2/sites-available/<br />
root@charity:/etc/apache2/sites-available# vim default-ssl<br />
<br />
<Directory /var/www/www.progclub.org/test><br />
Options Indexes FollowSymLinks MultiViews<br />
AllowOverride None<br />
Order allow,deny<br />
allow from all<br />
<br />
AuthType Kerberos<br />
AuthName "Kerberos Login"<br />
KrbAuthRealm PROGCLUB.ORG<br />
Krb5Keytab /etc/apache2/apache2.keytab<br />
#KrbMethodK5Passwd off #optional--makes GSSAPI SPNEGO a requirement<br />
Require valid-user<br />
</Directory><br />
<br />
root@charity:/etc/apache2/sites-available# cd /var/www/www.progclub.org/<br />
root@charity:/var/www/www.progclub.org# mkdir test<br />
root@charity:/var/www/www.progclub.org# cd test<br />
root@charity:/var/www/www.progclub.org/test# vim index.php<br />
<br />
<?php phpinfo(); ?><br />
<br />
root@charity:/var/www/www.progclub.org/test# apache2ctl graceful<br />
<br />
[https://www.progclub.org/test/ Works]!<br />
<br />
= [[User:John|John]] 2011-08-04 21:21 =<br />
<br />
== Installing Kerberos ==<br />
<br />
Following [https://help.ubuntu.com/community/Kerberos these instructions].<br />
<br />
jj5@charity:~$ sudo -s<br />
[sudo] password for jj5:<br />
root@charity:~# nslookup charity.progclub.org<br />
bash: nslookup: command not found<br />
root@charity:~# apt-get install nslookup<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
E: Couldn't find package nslookup<br />
root@charity:~# apt-cache search nslookup<br />
dnsutils - Clients provided with BIND<br />
root@charity:~# apt-get install dnsutils<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
bind9-host geoip-database libbind9-60 libdns64 libgeoip1 libisc60 libisccc60<br />
libisccfg60 liblwres60<br />
Suggested packages:<br />
rblcheck geoip-bin<br />
The following NEW packages will be installed:<br />
bind9-host dnsutils geoip-database libbind9-60 libdns64 libgeoip1 libisc60<br />
libisccc60 libisccfg60 liblwres60<br />
0 upgraded, 10 newly installed, 0 to remove and 2 not upgraded.<br />
Need to get 2,024kB of archives.<br />
After this operation, 4,866kB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libgeoip1 1.4.6.dfsg-17 [109kB]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libisc60 1:9.7.0.dfsg.P1-1ubuntu0.3 [170kB]<br />
Get:3 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libdns64 1:9.7.0.dfsg.P1-1ubuntu0.3 [692kB]<br />
Get:4 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libisccc60 1:9.7.0.dfsg.P1-1ubuntu0.3 [29.9kB]<br />
Get:5 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libisccfg60 1:9.7.0.dfsg.P1-1ubuntu0.3 [53.1kB]<br />
Get:6 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libbind9-60 1:9.7.0.dfsg.P1-1ubuntu0.3 [34.7kB]<br />
Get:7 http://archive.ubuntu.com/ubuntu/ lucid-updates/main liblwres60 1:9.7.0.dfsg.P1-1ubuntu0.3 [48.5kB]<br />
Get:8 http://archive.ubuntu.com/ubuntu/ lucid-updates/main bind9-host 1:9.7.0.dfsg.P1-1ubuntu0.3 [68.6kB]<br />
Get:9 http://archive.ubuntu.com/ubuntu/ lucid-updates/main dnsutils 1:9.7.0.dfsg.P1-1ubuntu0.3 [162kB]<br />
Get:10 http://archive.ubuntu.com/ubuntu/ lucid/main geoip-database 1.4.6.dfsg-17 [658kB]<br />
Fetched 2,024kB in 8s (227kB/s)<br />
Selecting previously deselected package libgeoip1.<br />
(Reading database ... 17754 files and directories currently installed.)<br />
Unpacking libgeoip1 (from .../libgeoip1_1.4.6.dfsg-17_amd64.deb) ...<br />
Selecting previously deselected package libisc60.<br />
Unpacking libisc60 (from .../libisc60_1%3a9.7.0.dfsg.P1-1ubuntu0.3_amd64.deb) ...<br />
Selecting previously deselected package libdns64.<br />
Unpacking libdns64 (from .../libdns64_1%3a9.7.0.dfsg.P1-1ubuntu0.3_amd64.deb) ...<br />
Selecting previously deselected package libisccc60.<br />
Unpacking libisccc60 (from .../libisccc60_1%3a9.7.0.dfsg.P1-1ubuntu0.3_amd64.deb) ...<br />
Selecting previously deselected package libisccfg60.<br />
Unpacking libisccfg60 (from .../libisccfg60_1%3a9.7.0.dfsg.P1-1ubuntu0.3_amd64.deb) ...<br />
Selecting previously deselected package libbind9-60.<br />
Unpacking libbind9-60 (from .../libbind9-60_1%3a9.7.0.dfsg.P1-1ubuntu0.3_amd64.deb) ...<br />
Selecting previously deselected package liblwres60.<br />
Unpacking liblwres60 (from .../liblwres60_1%3a9.7.0.dfsg.P1-1ubuntu0.3_amd64.deb) ...<br />
Selecting previously deselected package bind9-host.<br />
Unpacking bind9-host (from .../bind9-host_1%3a9.7.0.dfsg.P1-1ubuntu0.3_amd64.deb) ...<br />
Selecting previously deselected package dnsutils.<br />
Unpacking dnsutils (from .../dnsutils_1%3a9.7.0.dfsg.P1-1ubuntu0.3_amd64.deb) ...<br />
Selecting previously deselected package geoip-database.<br />
Unpacking geoip-database (from .../geoip-database_1.4.6.dfsg-17_all.deb) ...<br />
Processing triggers for man-db ...<br />
Setting up libgeoip1 (1.4.6.dfsg-17) ...<br />
<br />
Setting up libisc60 (1:9.7.0.dfsg.P1-1ubuntu0.3) ...<br />
<br />
Setting up libdns64 (1:9.7.0.dfsg.P1-1ubuntu0.3) ...<br />
<br />
Setting up libisccc60 (1:9.7.0.dfsg.P1-1ubuntu0.3) ...<br />
<br />
Setting up libisccfg60 (1:9.7.0.dfsg.P1-1ubuntu0.3) ...<br />
<br />
Setting up libbind9-60 (1:9.7.0.dfsg.P1-1ubuntu0.3) ...<br />
<br />
Setting up liblwres60 (1:9.7.0.dfsg.P1-1ubuntu0.3) ...<br />
<br />
Setting up bind9-host (1:9.7.0.dfsg.P1-1ubuntu0.3) ...<br />
Setting up dnsutils (1:9.7.0.dfsg.P1-1ubuntu0.3) ...<br />
<br />
Setting up geoip-database (1.4.6.dfsg-17) ...<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
root@charity:~# nslookup charity.progclub.org<br />
Server: 67.207.128.4<br />
Address: 67.207.128.4#53<br />
<br />
Non-authoritative answer:<br />
Name: charity.progclub.org<br />
Address: 67.207.128.184<br />
<br />
root@charity:~# nslookup 67.207.128.184<br />
Server: 67.207.128.4<br />
Address: 67.207.128.4#53<br />
<br />
Non-authoritative answer:<br />
184.128.207.67.in-addr.arpa name = charity.progclub.org.<br />
<br />
Authoritative answers can be found from:<br />
128.207.67.in-addr.arpa nameserver = NS2.SLICEHOST.NET.<br />
128.207.67.in-addr.arpa nameserver = NS1.SLICEHOST.NET.<br />
NS1.SLICEHOST.NET internet address = 67.23.4.57<br />
NS2.SLICEHOST.NET internet address = 173.45.224.132<br />
<br />
root@charity:~# apt-get install krb5-kdc krb5-admin-server<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
krb5-config krb5-user libgssrpc4 libkadm5clnt-mit7 libkadm5srv-mit7<br />
libkdb5-4<br />
Suggested packages:<br />
openbsd-inetd inet-superserver krb5-kdc-ldap krb5-doc<br />
The following NEW packages will be installed:<br />
krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4<br />
libkadm5clnt-mit7 libkadm5srv-mit7 libkdb5-4<br />
0 upgraded, 8 newly installed, 0 to remove and 2 not upgraded.<br />
Need to get 777kB of archives.<br />
After this operation, 2,187kB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libgssrpc4 1.8.1+dfsg-2ubuntu0.9 [82.2kB]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libkadm5clnt-mit7 1.8.1+dfsg-2ubuntu0.9 [62.8kB]<br />
Get:3 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libkdb5-4 1.8.1+dfsg-2ubuntu0.9 [62.3kB]<br />
Get:4 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libkadm5srv-mit7 1.8.1+dfsg-2ubuntu0.9 [76.8kB]<br />
Get:5 http://archive.ubuntu.com/ubuntu/ lucid/main krb5-config 2.2 [23.0kB]<br />
Get:6 http://archive.ubuntu.com/ubuntu/ lucid-updates/main krb5-user 1.8.1+dfsg-2ubuntu0.9 [137kB]<br />
Get:7 http://archive.ubuntu.com/ubuntu/ lucid-updates/universe krb5-kdc 1.8.1+dfsg-2ubuntu0.9 [219kB]<br />
Get:8 http://archive.ubuntu.com/ubuntu/ lucid-updates/universe krb5-admin-server 1.8.1+dfsg-2ubuntu0.9 [113kB]<br />
Fetched 777kB in 1s (560kB/s)<br />
Preconfiguring packages ...<br />
Selecting previously deselected package libgssrpc4.<br />
(Reading database ... 17824 files and directories currently installed.)<br />
Unpacking libgssrpc4 (from .../libgssrpc4_1.8.1+dfsg-2ubuntu0.9_amd64.deb) ...<br />
Selecting previously deselected package libkadm5clnt-mit7.<br />
Unpacking libkadm5clnt-mit7 (from .../libkadm5clnt-mit7_1.8.1+dfsg-2ubuntu0.9_amd64.deb) ...<br />
Selecting previously deselected package libkdb5-4.<br />
Unpacking libkdb5-4 (from .../libkdb5-4_1.8.1+dfsg-2ubuntu0.9_amd64.deb) ...<br />
Selecting previously deselected package libkadm5srv-mit7.<br />
Unpacking libkadm5srv-mit7 (from .../libkadm5srv-mit7_1.8.1+dfsg-2ubuntu0.9_amd64.deb) ...<br />
Selecting previously deselected package krb5-config.<br />
Unpacking krb5-config (from .../krb5-config_2.2_all.deb) ...<br />
Selecting previously deselected package krb5-user.<br />
Unpacking krb5-user (from .../krb5-user_1.8.1+dfsg-2ubuntu0.9_amd64.deb) ...<br />
Selecting previously deselected package krb5-kdc.<br />
Unpacking krb5-kdc (from .../krb5-kdc_1.8.1+dfsg-2ubuntu0.9_amd64.deb) ...<br />
Selecting previously deselected package krb5-admin-server.<br />
Unpacking krb5-admin-server (from .../krb5-admin-server_1.8.1+dfsg-2ubuntu0.9_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Processing triggers for ureadahead ...<br />
Setting up libgssrpc4 (1.8.1+dfsg-2ubuntu0.9) ...<br />
<br />
Setting up libkadm5clnt-mit7 (1.8.1+dfsg-2ubuntu0.9) ...<br />
<br />
Setting up libkdb5-4 (1.8.1+dfsg-2ubuntu0.9) ...<br />
<br />
Setting up libkadm5srv-mit7 (1.8.1+dfsg-2ubuntu0.9) ...<br />
<br />
Setting up krb5-config (2.2) ...<br />
<br />
Setting up krb5-user (1.8.1+dfsg-2ubuntu0.9) ...<br />
Setting up krb5-kdc (1.8.1+dfsg-2ubuntu0.9) ...<br />
krb5kdc: cannot initialize realm PROGCLUB.ORG - see log file for details<br />
<br />
Setting up krb5-admin-server (1.8.1+dfsg-2ubuntu0.9) ...<br />
kadmind: No such file or directory while initializing, aborting <br />
<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
Committing to: /etc/<br />
modified .etckeeper<br />
added krb5.conf<br />
added krb5kdc<br />
added default/krb5-admin-server<br />
added default/krb5-kdc<br />
added init.d/krb5-admin-server<br />
added init.d/krb5-kdc<br />
added krb5kdc/kdc.conf<br />
added rc0.d/K18krb5-admin-server<br />
added rc0.d/K18krb5-kdc<br />
added rc1.d/K18krb5-admin-server<br />
added rc1.d/K18krb5-kdc<br />
added rc2.d/S18krb5-admin-server<br />
added rc2.d/S18krb5-kdc<br />
added rc3.d/S18krb5-admin-server<br />
added rc3.d/S18krb5-kdc<br />
added rc4.d/S18krb5-admin-server<br />
added rc4.d/S18krb5-kdc<br />
added rc5.d/S18krb5-admin-server<br />
added rc5.d/S18krb5-kdc<br />
added rc6.d/K18krb5-admin-server<br />
added rc6.d/K18krb5-kdc<br />
Committed revision 27.<br />
<br />
Package configuration<br />
<br />
<br />
âââââââââââââââââââââ⤠Configuring krb5-admin-server âââââââââââââââââââââââ<br />
â â<br />
â Setting up a Kerberos Realm â<br />
â â<br />
â This package contains the administrative tools required to run the â<br />
â Kerberos master server. â<br />
â â<br />
â However, installing this package does not automatically set up a â<br />
â Kerberos realm. This can be done later by running the "krb5_newrealm" â<br />
â command. â<br />
â â<br />
â Please also read the /usr/share/doc/krb5-kdc/README.KDC file and the â<br />
â administration guide found in the krb5-doc package. â<br />
â â<br />
â <Ok> â<br />
â â<br />
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ<br />
<br />
root@charity:~# dpkg-reconfigure krb5-kdc<br />
<br />
Package configuration<br />
<br />
<br />
<br />
ââââââââââââââââââââââââââ⤠Configuring krb5-kdc ââââââââââââââââââââââââââââ<br />
â â<br />
â The Kerberos Key Distribution Center (KDC) configuration files, in â<br />
â /etc/krb5kdc, may be created automatically. â<br />
â â<br />
â By default, an example template will be copied into this directory with â<br />
â local parameters filled in. â<br />
â â<br />
â Administrators who already have infrastructure to manage their Kerberos â<br />
â configuration may wish to disable these automatic configuration changes. â<br />
â â<br />
â Create the Kerberos KDC configuration automatically? â<br />
â â<br />
â <Yes> <No> â<br />
â â<br />
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ<br />
<br />
<Yes><br />
<br />
krb5kdc: cannot initialize realm PROGCLUB.ORG - see log file for details<br />
<br />
root@charity:~# cd /var/log<br />
root@charity:/var/log# ls<br />
apache2 dmesg kern.log mysql.log syslog.2.gz<br />
apt dmesg.0 kern.log.1 mysql.log.1.gz syslog.3.gz<br />
auth.log dmesg.1.gz lastlog mysql.log.2.gz syslog.4.gz<br />
auth.log.1 dmesg.2.gz lpr.log mysql.log.3.gz syslog.5.gz<br />
boot dmesg.3.gz mail.err mysql.log.4.gz syslog.6.gz<br />
bootstrap.log dmesg.4.gz mail.info mysql.log.5.gz syslog.7.gz<br />
btmp dpkg.log mail.log mysql.log.6.gz udev<br />
btmp.1 dpkg.log.1 mail.warn mysql.log.7.gz user.log<br />
daemon.log fail2ban.log messages news wtmp<br />
daemon.log.1 fail2ban.log.1 messages.1 pycentral.log wtmp.1<br />
debug faillog mysql syslog<br />
debug.1 fsck mysql.err syslog.1<br />
<br />
Where is the KBR log!?<br />
<br />
root@charity:/etc# cat krb5kdc/kdc.conf<br />
[kdcdefaults]<br />
kdc_ports = 750,88<br />
default_realm = PROGCLUB.ORG<br />
<br />
[realms]<br />
PROGCLUB.ORG = {<br />
database_name = /var/lib/krb5kdc/principal<br />
admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab<br />
acl_file = /etc/krb5kdc/kadm5.acl<br />
key_stash_file = /etc/krb5kdc/stash<br />
kdc_ports = 750,88<br />
max_life = 10h 0m 0s<br />
max_renewable_life = 7d 0h 0m 0s<br />
master_key_type = des3-hmac-sha1<br />
supported_enctypes = aes256-cts:normal arcfour-hmac:normal des3-hmac-sha1:normal des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3<br />
default_principal_flags = +preauth<br />
}<br />
<br />
root@charity:/etc# reboot<br />
<br />
Broadcast message from jj5@charity<br />
(/dev/pts/0) at 11:49 ...<br />
<br />
The system is going down for reboot NOW!<br />
<br />
root@charity:/etc/krb5kdc# vim kadm5.acl<br />
<br />
# This file is the access control list for krb5 administration.<br />
# When this file is edited run /etc/init.d/krb5-admin-server restart to activate<br />
# One common way to set up Kerberos administration is to allow any principal<br />
# ending in /admin is given full administrative rights.<br />
# To enable this, uncomment the following line:<br />
*/admin@PROGCLUB.ORG *<br />
<br />
root@charity:/etc/krb5kdc# krb5_newrealm<br />
This script should be run on the master KDC/admin server to initialize<br />
a Kerberos realm. It will ask you to type in a master key password.<br />
This password will be used to generate a key that is stored in<br />
/etc/krb5kdc/stash. You should try to remember this password, but it<br />
is much more important that it be a strong password than that it be<br />
remembered. However, if you lose the password and /etc/krb5kdc/stash,<br />
you cannot decrypt your Kerberos database.<br />
Loading random data<br />
Initializing database '/var/lib/krb5kdc/principal' for realm 'PROGCLUB.ORG',<br />
master key name 'K/M@PROGCLUB.ORG'<br />
You will be prompted for the database Master Password.<br />
It is important that you NOT FORGET this password.<br />
Enter KDC database master key:<br />
Re-enter KDC database master key to verify: <br />
<br />
<br />
Now that your realm is set up you may wish to create an administrative<br />
principal using the addprinc subcommand of the kadmin.local program.<br />
Then, this principal can be added to /etc/krb5kdc/kadm5.acl so that<br />
you can use the kadmin program on other computers. Kerberos admin<br />
principals usually belong to a single user and end in /admin. For<br />
example, if jruser is a Kerberos administrator, then in addition to<br />
the normal jruser principal, a jruser/admin principal should be<br />
created.<br />
<br />
Don't forget to set up DNS information so your clients can find your<br />
KDC and admin servers. Doing so is documented in the administration<br />
guide.<br />
<br />
root@charity:/etc/krb5kdc# kadmin -p admin/admin<br />
Authenticating as principal admin/admin with password.<br />
kadmin: Missing parameters in krb5.conf required for kadmin client while initializing kadmin interface<br />
<br />
root@charity:/etc# /etc/init.d/k<br />
killprocs krb5-admin-server krb5-kdc<br />
root@charity:/etc# /etc/init.d/krb5-kdc restart<br />
* Restarting Kerberos KDC krb5kdc<br />
...done.<br />
root@charity:/etc# /etc/init.d/krb5-admin-server restart<br />
* Restarting Kerberos administrative servers kadmind<br />
root@charity:/etc#<br />
<br />
root@charity:/var/lib/krb5kdc# kadmin -p admin/admin<br />
Authenticating as principal admin/admin with password.<br />
kadmin: Client not found in Kerberos database while initializing kadmin interface<br />
<br />
[http://www.google.com.au/search?q=kadmin%3A%20Client%20not%20found%20in%20Kerberos%20database%20while%20initializing%20kadmin%20interface&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&source=hp&channel=np Google that].<br />
<br />
root@charity:/var/lib/krb5kdc# kadmin.local<br />
Authenticating as principal root/admin@PROGCLUB.ORG with password.<br />
kadmin.local: addprinc jj5/admin@PROGCLUB.ORG<br />
WARNING: no policy specified for jj5/admin@PROGCLUB.ORG; defaulting to no policy<br />
Enter password for principal "jj5/admin@PROGCLUB.ORG":<br />
Re-enter password for principal "jj5/admin@PROGCLUB.ORG":<br />
Principal "jj5/admin@PROGCLUB.ORG" created.<br />
kadmin.local: quit<br />
root@charity:/var/lib/krb5kdc# kadmin -p jj5/admin<br />
Authenticating as principal jj5/admin with password.<br />
Password for jj5/admin@PROGCLUB.ORG:<br />
kadmin: ?<br />
Available kadmin requests:<br />
<br />
add_principal, addprinc, ank<br />
Add principal<br />
delete_principal, delprinc<br />
Delete principal<br />
modify_principal, modprinc<br />
Modify principal<br />
change_password, cpw Change password<br />
get_principal, getprinc Get principal<br />
list_principals, listprincs, get_principals, getprincs<br />
List principals<br />
add_policy, addpol Add policy<br />
modify_policy, modpol Modify policy<br />
delete_policy, delpol Delete policy<br />
get_policy, getpol Get policy<br />
list_policies, listpols, get_policies, getpols<br />
List policies<br />
get_privs, getprivs Get privileges<br />
ktadd, xst Add entry(s) to a keytab<br />
ktremove, ktrem Remove entry(s) from a keytab<br />
lock Lock database exclusively (use with extreme caution!)<br />
unlock Release exclusive database lock<br />
list_requests, lr, ? List available requests.<br />
quit, exit, q Exit program. <br />
kadmin: listprincs<br />
K/M@PROGCLUB.ORG<br />
jj5/admin@PROGCLUB.ORG<br />
kadmin/admin@PROGCLUB.ORG<br />
kadmin/changepw@PROGCLUB.ORG<br />
kadmin/charity.progclub.org@PROGCLUB.ORG<br />
kadmin/history@PROGCLUB.ORG<br />
krbtgt/PROGCLUB.ORG@PROGCLUB.ORG<br />
kadmin: quit<br />
<br />
root@charity:/etc# cat krb5.conf<br />
[logging]<br />
default = FILE:/var/log/krb5.log<br />
<br />
[libdefaults]<br />
default_realm = PROGCLUB.ORG<br />
<br />
# The following krb5.conf variables are only for MIT Kerberos.<br />
krb4_config = /etc/krb.conf<br />
krb4_realms = /etc/krb.realms<br />
kdc_timesync = 1<br />
ccache_type = 4<br />
forwardable = true<br />
proxiable = true<br />
<br />
# The following encryption type specification will be used by MIT Kerberos<br />
# if uncommented. In general, the defaults in the MIT Kerberos code are<br />
# correct and overriding these specifications only serves to disable new<br />
# encryption types as they are added, creating interoperability problems.<br />
#<br />
# Thie only time when you might need to uncomment these lines and change<br />
# the enctypes is if you have local software that will break on ticket<br />
# caches containing ticket encryption types it doesn't know about (such as<br />
# old versions of Sun Java).<br />
<br />
# default_tgs_enctypes = des3-hmac-sha1<br />
# default_tkt_enctypes = des3-hmac-sha1<br />
# permitted_enctypes = des3-hmac-sha1<br />
<br />
# The following libdefaults parameters are only for Heimdal Kerberos.<br />
v4_instance_resolve = false<br />
v4_name_convert = {<br />
host = {<br />
rcmd = host<br />
ftp = ftp<br />
}<br />
plain = {<br />
something = something-else<br />
}<br />
}<br />
fcc-mit-ticketflags = true<br />
<br />
[realms]<br />
PROGCLUB.ORG = {<br />
kdc = kerberos.progclub.org:88<br />
admin_server = kerberos.progclub.org<br />
default_domain = progclub.org<br />
}<br />
<br />
[domain_realm]<br />
.progclub.org = PROGCLUB.ORG<br />
progclub.org = PROGCLUB.ORG<br />
.progclub.com = PROGCLUB.ORG<br />
progclub.com = PROGCLUB.ORG<br />
.progclub.info = PROGCLUB.ORG<br />
progclub.info = PROGCLUB.ORG<br />
.progclub.net = PROGCLUB.ORG<br />
progclub.net = PROGCLUB.ORG<br />
.progclub.co = PROGCLUB.ORG<br />
progclub.co = PROGCLUB.ORG<br />
.progclub.mobi = PROGCLUB.ORG<br />
progclub.mobi = PROGCLUB.ORG<br />
<br />
[login]<br />
krb4_convert = true<br />
krb4_get_tickets = false<br />
<br />
root@charity:/etc# kadmin -p jj5/admin<br />
kadmin: cpw jj5/admin<br />
Enter password for principal "jj5/admin@PROGCLUB.ORG":<br />
Re-enter password for principal "jj5/admin@PROGCLUB.ORG":<br />
Password for "jj5/admin@PROGCLUB.ORG" changed.<br />
kadmin: quit<br />
<br />
= [[User:John|John]] 2011-08-03 07:42 =<br />
<br />
== Adding user friggles ==<br />
<br />
jj5@charity:~$ sudo adduser friggles<br />
[sudo] password for jj5:<br />
Adding user `friggles' ...<br />
Adding new group `friggles' (1005) ...<br />
Adding new user `friggles' (1005) with group `friggles' ...<br />
Creating home directory `/home/friggles' ...<br />
Copying files from `/etc/skel' ...<br />
Enter new UNIX password:<br />
Retype new UNIX password:<br />
passwd: password updated successfully<br />
Changing the user information for friggles<br />
Enter the new value, or press ENTER for the default<br />
Full Name []: <full name><br />
Room Number []:<br />
Work Phone []:<br />
Home Phone []:<br />
Other []:<br />
Is the information correct? [Y/n]<br />
<br />
jj5@charity:~$ sudo gpasswd -a friggles sudo<br />
Adding user friggles to group sudo<br />
<br />
= [[User:John|John]] 2011-08-01 00:12 =<br />
<br />
== Configured /wiki URLs ==<br />
<br />
Decided that 'wiki' rather than 'pc' is more appropriate in the URLs for ProgClub. Updated the Apache web-site configuration files, patched LocalSettings.php in the pcwiki directory, and updated the root redirection script. The old 'pc' links will remain functional.<br />
<br />
= [[User:John|John]] 2011-07-31 19:47 =<br />
<br />
== Adding user jav ==<br />
<br />
jj5@charity:~$ sudo adduser jav<br />
[sudo] password for jj5:<br />
Adding user `jav' ...<br />
Adding new group `jav' (1004) ...<br />
Adding new user `jav' (1004) with group `jav' ...<br />
Creating home directory `/home/jav' ...<br />
Copying files from `/etc/skel' ...<br />
Enter new UNIX password:<br />
Retype new UNIX password:<br />
passwd: password updated successfully<br />
Changing the user information for jav<br />
Enter the new value, or press ENTER for the default<br />
Full Name []: <full name><br />
Room Number []:<br />
Work Phone []:<br />
Home Phone []:<br />
Other []:<br />
Is the information correct? [Y/n]<br />
<br />
= [[User:John|John]] 2011-07-30 17:15 =<br />
<br />
== Configuring IPSec ==<br />
<br />
jj5@charity:~$ sudo -s<br />
[sudo] password for jj5:<br />
root@charity:~# apt-get install racoon<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following NEW packages will be installed:<br />
racoon<br />
0 upgraded, 1 newly installed, 0 to remove and 2 not upgraded.<br />
Need to get 0B/433kB of archives.<br />
After this operation, 1,217kB of additional disk space will be used.<br />
Committing to: /etc/<br />
modified ipsec-tools.conf<br />
modified iptables.up.rules<br />
Committed revision 22.<br />
Preconfiguring packages ...<br />
Selecting previously deselected package racoon.<br />
(Reading database ... 17754 files and directories currently installed.)<br />
Unpacking racoon (from .../racoon_1%3a0.7.1-1.6ubuntu1_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Processing triggers for ureadahead ...<br />
Setting up racoon (1:0.7.1-1.6ubuntu1) ...<br />
Starting IKE (ISAKMP/Oakley) server: racoon.<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
<br />
root@charity:~# cd /etc/network/if-pre-up.d/<br />
root@charity:/etc/network/if-pre-up.d# ll<br />
total 16<br />
drwxr-xr-x 2 root root 4096 2011-07-26 17:49 ./<br />
drwxr-xr-x 6 root root 4096 2010-04-22 19:09 ../<br />
-rwxr-xr-x 1 root root 344 2011-05-17 07:41 ethtool*<br />
-rwxr-xr-x 1 root root 58 2011-07-26 17:49 iptables*<br />
root@charity:/etc/network/if-pre-up.d# cat iptables<br />
#!/bin/sh<br />
/sbin/iptables-restore < /etc/iptables.up.rules<br />
root@charity:/etc/network/if-pre-up.d# vim ip<br />
<br />
#!/bin/sh<br />
# Hope<br />
ip route add 67.207.130.204 dev eth0 advmss 200<br />
# Honesty<br />
ip route add 67.207.129.103 dev eth0 advmss 200<br />
<br />
root@charity:/etc/network/if-pre-up.d# chmod +x ip<br />
root@charity:/etc/network/if-pre-up.d# cd /etc/<br />
root@charity:/etc# vim iptables.up.rules<br />
<br />
*filter<br />
# Allow all loopback (lo0) traffic<br />
-A INPUT -i lo -j ACCEPT<br />
# Drop all traffic to 127/8 that does use lo0<br />
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT<br />
# Accept all established inbound connections<br />
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT<br />
# Allow all outbound traffic<br />
-A OUTPUT -j ACCEPT<br />
# Allow HTTP and HTTPS connections from anywhere<br />
-A INPUT -p tcp --dport 80 -j ACCEPT<br />
-A INPUT -p tcp --dport 443 -j ACCEPT<br />
# Allow SSH connections<br />
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT<br />
# Accept anything from hope<br />
-A INPUT -s 67.207.130.204 -j ACCEPT<br />
# Accept anything from honesty<br />
-A INPUT -s 67.207.129.103 -j ACCEPT<br />
# Allow MySQL connections from John's house<br />
-A INPUT -s 60.240.67.126/32 -p tcp -m tcp --dport 3306 -j ACCEPT<br />
# Allow MySQL connections from localhost<br />
-A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 3306 -j ACCEPT<br />
# Allow IPSec traffic<br />
#-A INPUT -p 50 -j ACCEPT<br />
#-A INPUT -p 51 -j ACCEPT<br />
# Allow ping<br />
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT<br />
# log iptables denied calls<br />
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7<br />
#-A INPUT -j LOG --log-prefix "iptables debug: " --log-level 7<br />
# Reject all other inbound - default deny unless explicitly allowed policy<br />
-A INPUT -j REJECT<br />
-A FORWARD -j REJECT<br />
COMMIT<br />
<br />
root@charity:/etc# vim ipsec-tools.conf<br />
<br />
#!/usr/sbin/setkey -f<br />
# Charity/Hope security policy<br />
spdadd 67.207.128.184 67.207.130.204 any -P out ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
spdadd 67.207.130.204 67.207.128.184 any -P in ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
# Charity/Honesty security policy<br />
spdadd 67.207.128.184 67.207.129.103 any -P out ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
spdadd 67.207.129.103 67.207.128.184 any -P in ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
<br />
root@charity:/etc# vim racoon/psk.txt<br />
<br />
# Hope<br />
67.207.130.204 <secret><br />
# Honesty<br />
67.207.129.103 <secret><br />
<br />
root@charity:/etc# vim racoon/racoon.conf<br />
<br />
path pre_shared_key "/etc/racoon/psk.txt";<br />
path certificate "/etc/racoon/certs";<br />
remote anonymous {<br />
exchange_mode main,aggressive;<br />
proposal {<br />
encryption_algorithm aes;<br />
hash_algorithm sha1;<br />
authentication_method pre_shared_key;<br />
dh_group modp1024;<br />
}<br />
generate_policy off;<br />
}<br />
sainfo anonymous {<br />
pfs_group modp768;<br />
encryption_algorithm aes;<br />
authentication_algorithm hmac_sha1;<br />
compression_algorithm deflate;<br />
}<br />
#log debug2;<br />
<br />
root@charity:/etc# /etc/init.d/racoon stop<br />
Stopping IKE (ISAKMP/Oakley) server: racoon.<br />
root@charity:/etc# /etc/init.d/setkey restart<br />
Reloading IPsec SA/SP database: done.<br />
root@charity:/etc# /etc/init.d/racoon start<br />
Starting IKE (ISAKMP/Oakley) server: racoon.<br />
root@charity:/etc# ll racoon/psk.txt<br />
-rw------- 1 root root 92 2011-07-30 07:37 racoon/psk.txt<br />
root@charity:/etc# etckeeper commit "Configured IPSec"<br />
Committing to: /etc/<br />
modified ipsec-tools.conf<br />
modified ipsec-tools.conf.bak<br />
modified iptables.up.rules<br />
added network/if-pre-up.d/ip<br />
modified racoon/psk.txt<br />
modified racoon/racoon.conf<br />
Committed revision 23.<br />
root@charity:/etc/racoon# /etc/network/if-pre-up.d/ip<br />
RTNETLINK answers: File exists<br />
<br />
Now off to [[Hope_admin#John_2011-07-30_18:05|configure hope]] and...<br />
<br />
...damn, it didn't work. Oh well, no racoon for you!<br />
<br />
root@charity:~# apt-get remove racoon<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following packages will be REMOVED:<br />
racoon<br />
0 upgraded, 0 newly installed, 1 to remove and 2 not upgraded.<br />
After this operation, 1,217kB disk space will be freed.<br />
Do you want to continue [Y/n]?<br />
(Reading database ... 17818 files and directories currently installed.)<br />
Removing racoon ...<br />
Stopping IKE (ISAKMP/Oakley) server: racoon.<br />
Processing triggers for ureadahead ...<br />
Processing triggers for man-db ...<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
<br />
root@charity:~# cp /etc/ipsec-tools.conf.bak /etc/ipsec-tools.conf<br />
root@charity:~# dd if=/dev/random count=24 bs=1 | xxd -ps<br />
root@charity:~# dd if=/dev/random count=24 bs=1 | xxd -ps<br />
root@charity:~# dd if=/dev/random count=24 bs=1 | xxd -ps<br />
root@charity:~# dd if=/dev/random count=24 bs=1 | xxd -ps<br />
root@charity:~# dd if=/dev/random count=20 bs=1 | xxd -ps<br />
root@charity:~# dd if=/dev/random count=20 bs=1 | xxd -ps<br />
root@charity:~# dd if=/dev/random count=20 bs=1 | xxd -ps<br />
root@charity:~# dd if=/dev/random count=20 bs=1 | xxd -ps<br />
root@charity:~# vim /etc/ipsec-tools.conf<br />
<br />
#!/usr/sbin/setkey -f<br />
# Flush the SAD and SPD<br />
flush;<br />
spdflush;<br />
# Charity/Hope configuration<br />
# ESP SAs using 192 bit long keys (168 + 24 parity)<br />
add 67.207.128.184 67.207.130.204 esp 1 -E aes-cbc<br />
0xdeadb33fdeadb33fdeadb33fdeadb33fdeadb33fdeadb33f;<br />
add 67.207.130.204 67.207.128.184 esp 2 -E aes-cbc<br />
0xdeadb33fdeadb33fdeadb33fdeadb33fdeadb33fdeadb33f;<br />
# AH SAs using 160 bit long keys<br />
add 67.207.128.184 67.207.130.204 ah 3 -A hmac-sha1<br />
0xdeadb33fdeadb33fdeadb33fdeadb33fdeadb33f;<br />
add 67.207.130.204 67.207.128.184 ah 4 -A hmac-sha1<br />
0xdeadb33fdeadb33fdeadb33fdeadb33fdeadb33f;<br />
# Security policies<br />
spdadd 67.207.128.184 67.207.130.204 any -P out ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
spdadd 67.207.130.204 67.207.128.184 any -P in ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
# Charity/Honesty configuration<br />
# ESP SAs using 192 bit long keys (168 + 24 parity)<br />
add 67.207.128.184 67.207.129.103 esp 5 -E aes-cbc<br />
0xdeadb33fdeadb33fdeadb33fdeadb33fdeadb33fdeadb33f;<br />
add 67.207.129.103 67.207.128.184 esp 6 -E aes-cbc<br />
0xdeadb33fdeadb33fdeadb33fdeadb33fdeadb33fdeadb33f;<br />
# AH SAs using 160 bit long keys<br />
add 67.207.128.184 67.207.129.103 ah 7 -A hmac-sha1<br />
0xdeadb33fdeadb33fdeadb33fdeadb33fdeadb33f;<br />
add 67.207.129.103 67.207.128.184 ah 8 -A hmac-sha1<br />
0xdeadb33fdeadb33fdeadb33fdeadb33fdeadb33f;<br />
# Security policies<br />
spdadd 67.207.128.184 67.207.129.103 any -P out ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
spdadd 67.207.129.103 67.207.128.184 any -P in ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
<br />
root@charity:~# /etc/init.d/setkey restart<br />
Reloading IPsec SA/SP database: done.<br />
root@charity:~# cd /etc/network<br />
root@charity:/etc/network# mv if-pre-up.d/ip if-up.d/<br />
root@charity:/etc/network# if-up.d/ip<br />
root@charity:/etc# etckeeper commit "Configured IPSec"<br />
Committing to: /etc/<br />
modified ipsec-tools.conf<br />
missing network/if-pre-up.d/ip<br />
modified network/if-pre-up.d/ip<br />
added network/if-up.d/ip<br />
Committed revision 24.<br />
<br />
That should do it. Off to configure the other end... on [[Hope_admin#John_2011-07-30_18:05|hope]] and [[Honesty_admin#John_2011-07-30_19:30|honesty]]...<br />
<br />
...works!<br />
<br />
= [[User:John|John]] 2011-07-30 09:38 =<br />
<br />
== Configuring racoon ==<br />
<br />
See [http://blog.moopsfc.com/37/2006/08/23/how-to-add-an-ipsec-connection-on-ubuntu-dapper/ this article] for a run-down.<br />
<br />
# vim /etc/racoon/psk.txt<br />
<br />
# Hope<br />
67.207.130.204 <secret><br />
<br />
# vim /etc/racoon/racoon.conf<br />
<br />
remote 67.207.130.204 {<br />
exchange_mode main,aggressive;<br />
proposal {<br />
encryption_algorithm 3des;<br />
hash_algorithm sha1;<br />
authentication_method pre_shared_key;<br />
dh_group modp1024;<br />
}<br />
generate_policy off;<br />
}<br />
<br />
sainfo address 67.207.130.204[any] any address 67.207.130.204/32[any] any {<br />
pfs_group modp768;<br />
encryption_algorithm 3des;<br />
authentication_algorithm hmac_md5;<br />
compression_algorithm deflate;<br />
}<br />
<br />
# vim /etc/ipsec-tools.conf<br />
<br />
# Security policies<br />
spdadd 67.207.128.184 67.207.130.204 any -P out ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
spdadd 67.207.130.204 67.207.128.184 any -P in ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
<br />
root@charity:/etc/racoon# /etc/init.d/racoon stop<br />
Stopping IKE (ISAKMP/Oakley) server: racoon.<br />
root@charity:/etc/racoon# /etc/init.d/setkey restart<br />
Reloading IPsec SA/SP database: done.<br />
root@charity:/etc/racoon# /etc/init.d/racoon start<br />
Starting IKE (ISAKMP/Oakley) server: racoon.<br />
<br />
Still no dice... :(<br />
<br />
= [[User:John|John]] 2011-07-29 23:59 =<br />
<br />
== Installing racoon ==<br />
<br />
Having trouble getting IPSec to work, gonna try installing racoon and giving that a go.<br />
<br />
root@charity:/etc# apt-get install racoon<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following NEW packages will be installed:<br />
racoon<br />
0 upgraded, 1 newly installed, 0 to remove and 2 not upgraded.<br />
Need to get 433kB of archives.<br />
After this operation, 1,217kB of additional disk space will be used.<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main racoon 1:0.7.1-1.6ubuntu1 [433kB]<br />
Fetched 433kB in 1s (329kB/s)<br />
Committing to: /etc/<br />
modified .etckeeper<br />
modified ipsec-tools.conf<br />
added ipsec-tools.conf.bak<br />
Committed revision 19.<br />
Preconfiguring packages ...<br />
Selecting previously deselected package racoon.<br />
(Reading database ... 17749 files and directories currently installed.)<br />
Unpacking racoon (from .../racoon_1%3a0.7.1-1.6ubuntu1_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Processing triggers for ureadahead ...<br />
Setting up racoon (1:0.7.1-1.6ubuntu1) ...<br />
Generating /etc/default/racoon...<br />
Starting IKE (ISAKMP/Oakley) server: racoon.<br />
<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
Committing to: /etc/<br />
modified .etckeeper<br />
added racoon<br />
added default/racoon<br />
added init.d/racoon<br />
added racoon/psk.txt<br />
added racoon/racoon-tool.conf<br />
added racoon/racoon.conf<br />
added rc1.d/K89racoon<br />
added rcS.d/S40racoon<br />
Committed revision 20.<br />
<br />
The install promped for Package configuration information, and I choose the 'direct' configuration method (the default) over 'racoon-tool', the other option.<br />
<br />
┌──────────────────────────┤ Configuring racoon ├──────────────────────────┐<br />
│ Racoon can be configured two ways, either by directly editing │<br />
│ /etc/racoon/racoon.conf or using the racoon-tool administrative front │<br />
│ end. racoon-tool is now deprecated and is only available for backward │<br />
│ compatibility. New installations should always use the "direct" method. │<br />
│ │<br />
│ Configuration mode for racoon IKE daemon. │<br />
│ │<br />
│ direct │<br />
│ racoon-tool │<br />
│ │<br />
│ │<br />
│ <Ok> │<br />
│ │<br />
└──────────────────────────────────────────────────────────────────────────┘<br />
<br />
<br />
= [[User:John|John]] 2011-07-28 11:32 =<br />
<br />
== Firstly some house-keeping ==<br />
<br />
$ cd /etc<br />
$ sudo bzr status<br />
[sudo] password for jj5:<br />
modified:<br />
shadow<br />
$ sudo etckeeper commit "Changed password for jj5"<br />
Committing to: /etc/<br />
modified shadow<br />
Committed revision 13.<br />
<br />
== Installing IPSec ==<br />
<br />
See [https://help.ubuntu.com/community/IPSecHowTo this article] for instructions.<br />
<br />
$ sudo apt-get install ipsec-tools<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following NEW packages will be installed:<br />
ipsec-tools<br />
0 upgraded, 1 newly installed, 0 to remove and 2 not upgraded.<br />
Need to get 111kB of archives.<br />
After this operation, 274kB of additional disk space will be used.<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main ipsec-tools 1:0.7.1-1.6ubuntu1 [111kB]<br />
Fetched 111kB in 0s (116kB/s)<br />
Selecting previously deselected package ipsec-tools.<br />
(Reading database ... 17714 files and directories currently installed.)<br />
Unpacking ipsec-tools (from .../ipsec-tools_1%3a0.7.1-1.6ubuntu1_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Processing triggers for ureadahead ...<br />
Setting up ipsec-tools (1:0.7.1-1.6ubuntu1) ...<br />
<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
Committing to: /etc/<br />
added ipsec-tools.conf<br />
added default/setkey<br />
added init.d/setkey<br />
added rcS.d/S37setkey<br />
Committed revision 14.<br />
<br />
To generate two 128-bit 'ah' keys:<br />
<br />
$ dd if=/dev/random count=16 bs=1| xxd -ps<br />
$ dd if=/dev/random count=16 bs=1| xxd -ps<br />
<br />
To generate two 192-bit 'esp' keys:<br />
<br />
$ dd if=/dev/random count=24 bs=1| xxd -ps<br />
$ dd if=/dev/random count=24 bs=1| xxd -ps<br />
<br />
Then edit the ipsec-tools.conf file,<br />
<br />
$ sudo vim /etc/ipsec-tools.conf<br />
<br />
#!/usr/sbin/setkey -f<br />
<br />
# NOTE: Do not use this file if you use racoon with racoon-tool<br />
# utility. racoon-tool will setup SAs and SPDs automatically using<br />
# /etc/racoon/racoon-tool.conf configuration.<br />
#<br />
<br />
# Flush the SAD and SPD<br />
flush;<br />
spdflush;<br />
<br />
# AH SAs using 128 bit long keys<br />
add 67.207.128.184 67.207.130.204 ah 0x200 -A hmac-md5<br />
0x<ah_1>;<br />
add 67.207.130.204 67.207.128.184 ah 0x300 -A hmac-md5<br />
0x<ah_2>;<br />
<br />
# ESP SAs using 192 bit long keys (168 + 24 parity)<br />
add 67.207.128.184 67.207.130.204 esp 0x201 -E 3des-cbc<br />
0x<esp_1>;<br />
add 67.207.130.204 67.207.128.184 esp 0x301 -E 3des-cbc<br />
0x<esp_2>;<br />
<br />
# Security policies<br />
spdadd 67.207.128.184 67.207.130.204 any -P out ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
<br />
spdadd 67.207.130.204 67.207.128.184 any -P in ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
<br />
Make sure the ipsec-tools.conf file is not world-readable:<br />
<br />
$ sudo chmod 750 ipsec-tools.conf<br />
<br />
Now I'll go and [[Hope_Admin#John_2011-07-29_00:13|setup the other side of the connection]]...<br />
<br />
Then,<br />
<br />
$ sudo /etc/init.d/setkey start<br />
* Loading IPsec SA/SP database from /etc/ipsec-tools.conf: [ OK ]<br />
$ sudo etckeeper commit "Configured IPSec between charity and hope"<br />
Committing to: /etc/<br />
modified .etckeeper<br />
modified ipsec-tools.conf<br />
Committed revision 15.<br />
<br />
Done!<br />
<br />
...or, not-so-done. After testing discovered that IPTables was getting in the way of IPSec traffic.<br />
<br />
= [[User:John|John]] 2011-07-27 12:01 =<br />
<br />
== Public read-only svn access via HTTPS and HTTP ==<br />
<br />
See [http://www.barneyb.com/barneyblog/2008/02/28/read-only-and-read-write-svn-repositories/ this article] for the general idea.<br />
<br />
# cd /etc/apache2/<br />
# vim dav_svn.ro.authz<br />
<br />
[/]<br />
* = r<br />
<br />
# vim dav_svn.rw.authz<br />
<br />
[/]<br />
jj5 = rw<br />
<br />
# vim sites-available/default-ssl<br />
<br />
<Location /svn><br />
DAV svn<br />
SVNParentPath /var/svn<br />
AuthType Basic<br />
AuthName "Subversion Repository"<br />
AuthUserFile /etc/apache2/dav_svn.passwd<br />
AuthzSVNAccessFile /etc/apache2/dav_svn.rw.authz<br />
Require valid-user<br />
</Location><br />
<br />
<Location /svnro><br />
DAV svn<br />
SVNParentPath /var/svn<br />
AuthzSVNAccessFile /etc/apache2/dav_svn.ro.authz<br />
</Location><br />
<br />
# vim sites-available/default<br />
<br />
<Location /svnro><br />
DAV svn<br />
SVNParentPath /var/svn<br />
AuthzSVNAccessFile /etc/apache2/dav_svn.ro.authz<br />
</Location><br />
<br />
# apache2ctl graceful<br />
# etckeeper commit "Public read-only svn access"<br />
Committing to: /etc/<br />
added apache2/dav_svn.ro.authz<br />
added apache2/dav_svn.rw.authz<br />
modified apache2/sites-available/default<br />
modified apache2/sites-available/default-ssl<br />
Committed revision 12.<br />
<br />
= [[User:John|John]] 2011-07-27 06:12 =<br />
<br />
== Installing Subversion with HTTPS support ==<br />
<br />
See [http://ubuntuforums.org/showthread.php?t=51753 this article] for a primer.<br />
<br />
# apt-get install subversion libapache2-svn<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
libneon27-gnutls libsvn1<br />
Suggested packages:<br />
db4.8-util subversion-tools<br />
The following NEW packages will be installed:<br />
libapache2-svn libneon27-gnutls libsvn1 subversion<br />
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 1,595kB of archives.<br />
After this operation, 7,250kB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libneon27-gnutls 0.29.0-1 [136kB]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libsvn1 1.6.6dfsg-2ubuntu1.3 [906kB]<br />
Get:3 http://archive.ubuntu.com/ubuntu/ lucid-updates/universe libapache2-svn 1.6.6dfsg-2ubuntu1.3 [168kB]<br />
Get:4 http://archive.ubuntu.com/ubuntu/ lucid-updates/main subversion 1.6.6dfsg-2ubuntu1.3 [385kB]<br />
Fetched 1,595kB in 1s (866kB/s)<br />
Selecting previously deselected package libneon27-gnutls.<br />
(Reading database ... 17613 files and directories currently installed.)<br />
Unpacking libneon27-gnutls (from .../libneon27-gnutls_0.29.0-1_amd64.deb) ...<br />
Selecting previously deselected package libsvn1.<br />
Unpacking libsvn1 (from .../libsvn1_1.6.6dfsg-2ubuntu1.3_amd64.deb) ...<br />
Selecting previously deselected package libapache2-svn.<br />
Unpacking libapache2-svn (from .../libapache2-svn_1.6.6dfsg-2ubuntu1.3_amd64.deb) ...<br />
Selecting previously deselected package subversion.<br />
Unpacking subversion (from .../subversion_1.6.6dfsg-2ubuntu1.3_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Setting up libneon27-gnutls (0.29.0-1) ...<br />
<br />
Setting up libsvn1 (1.6.6dfsg-2ubuntu1.3) ...<br />
<br />
Setting up libapache2-svn (1.6.6dfsg-2ubuntu1.3) ...<br />
Considering dependency dav for dav_svn:<br />
Enabling module dav.<br />
Enabling module dav_svn.<br />
Run '/etc/init.d/apache2 restart' to activate new configuration!<br />
<br />
Setting up subversion (1.6.6dfsg-2ubuntu1.3) ...<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
Committing to: /etc/<br />
added emacs<br />
added subversion<br />
added apache2/mods-available/dav_svn.conf<br />
added apache2/mods-available/dav_svn.load<br />
added apache2/mods-enabled/dav.load<br />
added apache2/mods-enabled/dav_svn.conf<br />
added apache2/mods-enabled/dav_svn.load<br />
added bash_completion.d/subversion<br />
added emacs/site-start.d<br />
added emacs/site-start.d/50psvn.el<br />
added subversion/config<br />
added subversion/servers<br />
Committed revision 9.<br />
<br />
# apache2ctl graceful<br />
# cd /var<br />
# ls<br />
backups cache crash lib local lock log mail opt run spool tmp www<br />
# mkdir svn<br />
# cd svn<br />
# svnadmin create pcrepo<br />
# ls<br />
pcrepo<br />
# chown -R www-data:www-data pcrepo/<br />
# chmod -R g+ws pcrepo/<br />
# htpasswd -c /etc/apache2/dav_svn.passwd jj5<br />
New password:<br />
Re-type new password:<br />
Adding password for user jj5<br />
# vim /etc/apache2/sites-enabled/000-default-ssl<br />
<br />
Add the following,<br />
<br />
<Location /svn><br />
DAV svn<br />
SVNParentPath /var/svn<br />
AuthType Basic<br />
AuthName "Subversion Repository"<br />
AuthUserFile /etc/apache2/dav_svn.passwd<br />
Require valid-user<br />
</Location><br />
<br />
# apache2ctl graceful<br />
<br />
$ pwd<br />
/home/jj5<br />
$ mkdir test<br />
$ cd test<br />
$ svn co https://www.progclub.org/svn/pcrepo .<br />
Authentication realm: <https://www.progclub.org> Subversion Repository<br />
Password for 'jj5':<br />
Checked out revision 0.<br />
<br />
Works!<br />
<br />
== Migrating mediawiki-1.17.0 to pcwiki, and checking into svn ==<br />
<br />
$ cd ..<br />
$ mv test pcrepo<br />
$ ls<br />
bin pcrepo<br />
$ cd pcrepo/<br />
$ mkdir pcwiki<br />
$ cd pcwiki/<br />
$ mkdir trunk<br />
$ mkdir branches<br />
$ mkdir tags<br />
$ cp -R /var/www/www.progclub.org/mediawiki-1.17.0/* trunk/<br />
$ ls<br />
branches tags trunk<br />
$ cd trunk/<br />
$ ls<br />
api.php images maintenance RELEASE-NOTES<br />
api.php5 img_auth.php math resources<br />
bin img_auth.php5 mw-config serialized<br />
cache includes opensearch_desc.php skins<br />
config index.php opensearch_desc.php5 StartProfiler.sample<br />
COPYING index.php5 php5.php5 thumb.php<br />
CREDITS INSTALL profileinfo.php thumb.php5<br />
docs languages README trackback.php<br />
extensions load.php redirect.php trackback.php5<br />
FAQ load.php5 redirect.php5 UPGRADE<br />
HISTORY LocalSettings.php redirect.phtml wiki.phtml<br />
$ rm LocalSettings.php<br />
$ cd ../..<br />
$ svn add pcwiki/<br />
$ svn ci -m "Checking in original mediawiki files"<br />
$ sudo etckeeper commit "Subversion HTTPS"<br />
[sudo] password for jj5:<br />
Committing to: /etc/<br />
added apache2/dav_svn.passwd<br />
modified apache2/sites-available/default-ssl<br />
Committed revision 10.<br />
<br />
Then using TortoiseSVN on my workstation I checked out,<br />
<br />
https://www.progclub.org/svn/pcrepo/pcwiki/trunk<br />
<br />
into<br />
<br />
C:\Inetpub\wwwroot\pcwiki<br />
<br />
Copied in LocalSettings.php, added it to the ignore list, and checked in.<br />
<br />
# cd /var/www/www.progclub.org/<br />
# svn co https://www.progclub.org/svn/pcrepo/pcwiki/trunk pcwiki<br />
# cp mediawiki-1.17.0/LocalSettings.php pcwiki/<br />
# cd /etc/apache2/sites-enabled/<br />
# vim 000-default<br />
<br />
Changed alias on line 17,<br />
<br />
Alias /pc /var/www/www.progclub.org/pcwiki/index.php<br />
<br />
# vim 000-default-ssl<br />
<br />
Changed alias on line 17,<br />
<br />
Alias /pc /var/www/www.progclub.org/pcwiki/index.php<br />
<br />
# apache2ctl graceful<br />
# etckeeper commit "pcwiki web"<br />
Committing to: /etc/<br />
modified apache2/sites-available/default<br />
modified apache2/sites-available/default-ssl<br />
Committed revision 11.<br />
<br />
Reloaded a page from the web-site, and everything seems to be working well.<br />
<br />
Copied in changes for mediawiki skin oldskool on my workstation and checked in to svn. There seems to be a new-line thing going on whereby every file got updated with different line-feed sequence (I'm guessing \r\n rather than just \n) -- it changed nearly every file, but I just checked it in anyway.<br />
<br />
# cd /var/www/www.progclub.org/pcwiki<br />
# svn update<br />
<br />
Reloaded a page from the web-site, and everything seems to be in order.<br />
<br />
# cd /var/www/www.progclub.org/<br />
# svn co https://www.progclub.org/svn/pcrepo/pcwiki/trunk pcwiki-dev<br />
# cp pcwiki/LocalSettings.php pcwiki-dev/<br />
# cd pcwiki-dev/<br />
# vim LocalSettings.php<br />
(reconfigured style and script path)<br />
# svn update<br />
<br />
= [[User:John|John]] 2011-07-27 04:44 =<br />
<br />
== Configuring MySQL for (not too) public access ==<br />
<br />
# cd /etc/mysql<br />
# vim my.cnf<br />
<br />
Changed from line 52,<br />
<br />
#bind-address = 127.0.0.1<br />
bind-address = 67.207.128.184<br />
<br />
# service mysql restart<br />
mysql start/running, process 2598<br />
<br />
# etckeeper commit "Bound MySQL to public IP address"<br />
Committing to: /etc/<br />
modified mysql/my.cnf<br />
Committed revision 7.<br />
<br />
# vim /etc/iptables.up.rules<br />
<br />
# Allows MySQL connections from John's house<br />
-A INPUT -s <John's IP>/32 -p tcp -m tcp --dport 3306 -j ACCEPT<br />
# Allows MySQL connections from localhost<br />
-A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 3306 -j ACCEPT<br />
<br />
# iptables -F<br />
# iptables-restore < /etc/iptables.up.rules<br />
# etckeeper commit "Updated firewall rules -- MySQL from John's house"<br />
Committing to: /etc/<br />
modified iptables.up.rules<br />
Committed revision 8.<br />
<br />
# mysql -uroot -p<br />
mysql> use mysql;<br />
mysql> select host, user from user<br />
mysql> create user 'pcwiki'@'<John's house>' identified by '<password>';<br />
mysql> grant all privileges on pcwiki.* to 'pcwiki'@'<John's house>' with grant option;<br />
mysql> flush privileges;<br />
<br />
My development version of MediaWiki can now connect to the production database!<br />
<br />
= [[User:John|John]] 2011-07-27 04:09 =<br />
<br />
== Installing fail2ban ==<br />
<br />
See [https://help.ubuntu.com/community/Fail2ban Fail2ban] for information about installing and configuring the program.<br />
<br />
# apt-get install fail2ban<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
whois<br />
Suggested packages:<br />
python-gamin mailx<br />
The following NEW packages will be installed:<br />
fail2ban whois<br />
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 129kB of archives.<br />
After this operation, 1032kB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/universe fail2ban 0.8.4-1ubuntu1 [96.0kB]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main whois 5.0.0ubuntu3 [32.6kB]<br />
Fetched 129kB in 1s (123kB/s)<br />
Selecting previously deselected package fail2ban.<br />
(Reading database ... 17493 files and directories currently installed.)<br />
Unpacking fail2ban (from .../fail2ban_0.8.4-1ubuntu1_all.deb) ...<br />
Selecting previously deselected package whois.<br />
Unpacking whois (from .../whois_5.0.0ubuntu3_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Processing triggers for ureadahead ...<br />
Setting up fail2ban (0.8.4-1ubuntu1) ... <br />
<br />
Setting up whois (5.0.0ubuntu3) ...<br />
Processing triggers for python-central ...<br />
Committing to: /etc/<br />
added fail2ban<br />
added default/fail2ban<br />
added fail2ban/action.d<br />
added fail2ban/fail2ban.conf<br />
added fail2ban/filter.d<br />
added fail2ban/jail.conf<br />
added fail2ban/action.d/complain.conf<br />
added fail2ban/action.d/dshield.conf<br />
added fail2ban/action.d/hostsdeny.conf<br />
added fail2ban/action.d/ipfilter.conf<br />
added fail2ban/action.d/ipfw.conf<br />
added fail2ban/action.d/iptables-allports.conf<br />
added fail2ban/action.d/iptables-multiport-log.conf<br />
added fail2ban/action.d/iptables-multiport.conf<br />
added fail2ban/action.d/iptables-new.conf<br />
added fail2ban/action.d/iptables.conf<br />
added fail2ban/action.d/mail-buffered.conf<br />
added fail2ban/action.d/mail-whois-lines.conf<br />
added fail2ban/action.d/mail-whois.conf<br />
added fail2ban/action.d/mail.conf<br />
added fail2ban/action.d/mynetwatchman.conf<br />
added fail2ban/action.d/sendmail-buffered.conf<br />
added fail2ban/action.d/sendmail-whois-lines.conf<br />
added fail2ban/action.d/sendmail-whois.conf<br />
added fail2ban/action.d/sendmail.conf<br />
added fail2ban/action.d/shorewall.conf<br />
added fail2ban/filter.d/apache-auth.conf<br />
added fail2ban/filter.d/apache-badbots.conf<br />
added fail2ban/filter.d/apache-nohome.conf<br />
added fail2ban/filter.d/apache-noscript.conf<br />
added fail2ban/filter.d/apache-overflows.conf<br />
added fail2ban/filter.d/common.conf<br />
added fail2ban/filter.d/courierlogin.conf<br />
added fail2ban/filter.d/couriersmtp.conf<br />
added fail2ban/filter.d/cyrus-imap.conf<br />
added fail2ban/filter.d/exim.conf<br />
added fail2ban/filter.d/gssftpd.conf<br />
added fail2ban/filter.d/lighttpd-fastcgi.conf<br />
added fail2ban/filter.d/named-refused.conf<br />
added fail2ban/filter.d/pam-generic.conf<br />
added fail2ban/filter.d/php-url-fopen.conf<br />
added fail2ban/filter.d/postfix.conf<br />
added fail2ban/filter.d/proftpd.conf<br />
added fail2ban/filter.d/pure-ftpd.conf<br />
added fail2ban/filter.d/qmail.conf<br />
added fail2ban/filter.d/sasl.conf<br />
added fail2ban/filter.d/sieve.conf<br />
added fail2ban/filter.d/sshd-ddos.conf<br />
added fail2ban/filter.d/sshd.conf<br />
added fail2ban/filter.d/vsftpd.conf<br />
added fail2ban/filter.d/webmin-auth.conf<br />
added fail2ban/filter.d/wuftpd.conf<br />
added fail2ban/filter.d/xinetd-fail.conf<br />
added init.d/fail2ban<br />
added logrotate.d/fail2ban<br />
added rc0.d/K99fail2ban<br />
added rc1.d/K99fail2ban<br />
added rc2.d/S99fail2ban<br />
added rc3.d/S99fail2ban<br />
added rc4.d/S99fail2ban<br />
added rc5.d/S99fail2ban<br />
added rc6.d/K99fail2ban<br />
Committed revision 6.<br />
<br />
# iptables -L<br />
...<br />
Chain fail2ban-ssh (1 references)<br />
target prot opt source destination<br />
RETURN all -- anywhere anywhere<br />
<br />
Then I tried dud logins from loki.progsoc.uts.edu.au, and <br />
<br />
# iptables -L<br />
...<br />
Chain fail2ban-ssh (1 references)<br />
target prot opt source destination<br />
DROP all -- loki.progsoc.uts.edu.au anywhere<br />
RETURN all -- anywhere anywhere<br />
<br />
Which is what we wanted to see.<br />
<br />
= [[User:John|John]] 2011-07-27 03:41 =<br />
<br />
== Configuring IPTables ==<br />
<br />
See [http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-1 this article] for information on configuring IPTables.<br />
<br />
# vim /etc/iptables.up.rules<br />
<br />
*filter<br />
# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0<br />
-A INPUT -i lo -j ACCEPT<br />
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT<br />
# Accepts all established inbound connections<br />
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT<br />
# Allows all outbound traffic<br />
# You can modify this to only allow certain traffic<br />
-A OUTPUT -j ACCEPT<br />
# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)<br />
-A INPUT -p tcp --dport 80 -j ACCEPT<br />
-A INPUT -p tcp --dport 443 -j ACCEPT<br />
# Allows SSH connections<br />
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT<br />
# Allow ping<br />
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT<br />
# log iptables denied calls<br />
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7<br />
# Reject all other inbound - default deny unless explicitly allowed policy<br />
-A INPUT -j REJECT<br />
-A FORWARD -j REJECT<br />
COMMIT<br />
<br />
# iptables-restore < /etc/iptables.up.rules<br />
# iptables -L<br />
Chain INPUT (policy ACCEPT)<br />
target prot opt source destination<br />
ACCEPT all -- anywhere anywhere<br />
REJECT all -- anywhere 127.0.0.0/8 reject-with icmp-port-unreachable<br />
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED<br />
ACCEPT tcp -- anywhere anywhere tcp dpt:www<br />
ACCEPT tcp -- anywhere anywhere tcp dpt:https<br />
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:30000<br />
ACCEPT icmp -- anywhere anywhere icmp echo-request<br />
LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix `iptables denied: '<br />
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable<br />
<br />
Chain FORWARD (policy ACCEPT)<br />
target prot opt source destination<br />
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable<br />
<br />
Chain OUTPUT (policy ACCEPT)<br />
target prot opt source destination<br />
ACCEPT all -- anywhere anywhere<br />
<br />
# vim /etc/network/if-pre-up.d/iptables<br />
<br />
#!/bin/sh<br />
/sbin/iptables-restore < /etc/iptables.up.rules<br />
<br />
# chmod +x /etc/network/if-pre-up.d/iptables<br />
# etckeeper commit "Configured IPTables"<br />
Committing to: /etc/<br />
added iptables.up.rules<br />
added network/if-pre-up.d/iptables<br />
Committed revision 4.<br />
<br />
The commands for modifying IPTables firewall rules are now:<br />
<br />
# vim /etc/iptables.up.rules<br />
# /sbin/iptables -F<br />
# /sbin/iptables-restore < /etc/iptables.up.rules<br />
# etckeeper commit "Updated firewall rules"<br />
<br />
= [[User:John|John]] 2011-07-27 03:33 =<br />
<br />
== Disabling root SSH login ==<br />
<br />
Per the instructions [http://www.dedicated-resources.com/guide/31/Disabling-Direct-Root-Login-%28SSH%29.html Disabling Direct Root Login (SSH)],<br />
<br />
$ sudo -s<br />
# cd /etc/ssh<br />
# vim sshd_config<br />
<br />
Changed line 26 to,<br />
<br />
PermitRootLogin no<br />
<br />
Then,<br />
<br />
$ sudo service ssh restart<br />
$ sudo etckeeper commit "Disabled root logins"<br />
<br />
= [[User:John|John]] 2011-07-27 03:27 =<br />
<br />
== Configuring the system locale ==<br />
<br />
Per the [[John's_Linux_Page#Configuring_your_locale|instructions]],<br />
<br />
$ sudo /usr/sbin/locale-gen en_AU.UTF-8<br />
Generating locales...<br />
en_AU.UTF-8... done<br />
Generation complete.<br />
$ sudo /usr/sbin/update-locale LANG=en_AU.UTF-8<br />
$ sudo etckeeper commit "Set system locale"<br />
<br />
= [[User:John|John]] 2011-07-27 03:20 =<br />
<br />
== Configuring jj5's environment ==<br />
<br />
Per the instructions about configuring the [[John's_Linux_Page#Environment|Environment]], I added,<br />
<br />
# JE 2011-07-27 03:16<br />
export EDITOR=/usr/bin/vim<br />
<br />
to end of /home/jj5/.profile<br />
<br />
and ran,<br />
<br />
$ sudo update-alternatives --config editor<br />
There are 3 choices for the alternative editor (providing /usr/bin/editor).<br />
<br />
Selection Path Priority Status<br />
------------------------------------------------------------<br />
* 0 /bin/nano 40 auto mode<br />
1 /bin/nano 40 manual mode<br />
2 /usr/bin/vim.basic 30 manual mode<br />
3 /usr/bin/vim.tiny 10 manual mode<br />
<br />
Press enter to keep the current choice[*], or type selection number: 2<br />
update-alternatives: using /usr/bin/vim.basic to provide /usr/bin/editor (editor) in manual mode.<br />
<br />
to configure the visudo editor. (Forgot to commit with etckeeper!)<br />
<br />
= [[User:John|John]] 2011-07-27 01:20 =<br />
<br />
== Creating a favicon.ico ==<br />
<br />
MediaWiki is configured to use one, and web-browsers are requesting it, and it's 404ing, so best if I put a file there. Used [http://www.iconj.com/ iconj] to generate a favicon.ico file, and used WinSCP to copy it to /var/www/www.progclub.org/favicon.ico on [[Charity]].<br />
<br />
Was having a problem with the favicon.ico loading in firefox, so I generated a new one with [http://www.favicon.cc/ favicon.cc]. I don't actually think the favicon.ico file was the problem though. But the change has been made now, and there's no point reverting it, because it's all working.<br />
<br />
= [[User:John|John]] 2011-07-27 01:01 =<br />
<br />
== Configuring robots.txt ==<br />
<br />
Having some trouble with search engine looking for URLs from the previous domain owners. Going to setup a robots.txt file to try and fix up what I can there. Found [http://antezeta.com/news/avoid-search-engine-indexing 6 methods to control what and how your content appears in search engines] to help guide me.<br />
<br />
# cd /var/www/www.progclub.org/<br />
# vim robots.txt<br />
<br />
User-agent: *<br />
Disallow: /stories/<br />
Disallow: /story/<br />
Disallow: /members/<br />
Disallow: /vehicles/<br />
<br />
Will expand on this as other URLs that need addressing become apparent in the logs.<br />
<br />
== Watching the Apache web-logs ==<br />
<br />
Created /home/jj5/bin/spy to setup a window to watch the web-logs.<br />
<br />
#!/bin/bash<br />
sudo tail -f /var/log/apache2/access.log /var/log/apache2/ssl_access.log<br />
<br />
= [[User:John|John]] 2011-07-26 22:25 =<br />
<br />
== Adding user key720 ==<br />
<br />
# adduser key720<br />
Adding user `key720' ...<br />
Adding new group `key720' (1003) ...<br />
Adding new user `key720' (1003) with group `key720' ...<br />
Creating home directory `/home/key720' ...<br />
Copying files from `/etc/skel' ...<br />
Enter new UNIX password:<br />
Retype new UNIX password:<br />
passwd: password updated successfully<br />
Changing the user information for key720<br />
Enter the new value, or press ENTER for the default<br />
Full Name []: <name><br />
Room Number []:<br />
Work Phone []:<br />
Home Phone []:<br />
Other []:<br />
Is the information correct? [Y/n]<br />
<br />
Also added [[User:Key|Key]] to the wiki.<br />
<br />
= [[User:Tasaio|Tasaio]] 2011-07-26 21:39 =<br />
<br />
== Setting up Etckeeper==<br />
<br />
$ sudo apt-get install etckeeper<br />
<br />
That's really all there is to it. There's an auto commit every day, an autocommit whenever you apt-get install something and you can manually commit your changes using:<br />
$ sudo etckeeper commit "Changed foo to achieve bar"<br />
<br />
See the commit log for a file with:<br />
$ sudo bzr log /etc/passwd<br />
<br />
This means we should be able to see with reasonable accuracy what changed when, and as long as people commit their changes (and use sudo rather than abusing sudo su or the like), we'll even know who did it. Useful for quickly rolling back silly changes and catching those changes people forget to log on the wiki.<br />
<br />
= [[User:John|John]] 2011-07-26 09:55 =<br />
<br />
== Adding user sanguinev ==<br />
<br />
# adduser sanguinev<br />
Adding user `sanguinev' ...<br />
Adding new group `sanguinev' (1002) ...<br />
Adding new user `sanguinev' (1002) with group `sanguinev' ...<br />
Creating home directory `/home/sanguinev' ...<br />
Copying files from `/etc/skel' ...<br />
Enter new UNIX password:<br />
Retype new UNIX password:<br />
passwd: password updated successfully<br />
Changing the user information for sanguinev<br />
Enter the new value, or press ENTER for the default<br />
Full Name []: Thomas<br />
Room Number []:<br />
Work Phone []:<br />
Home Phone []:<br />
Other []:<br />
Is the information correct? [Y/n]<br />
<br />
# gpasswd -a sanguinev sudo<br />
Adding user sanguinev to group sudo<br />
<br />
Added a wiki user too.<br />
<br />
= [[User:John|John]] 2011-07-26 09:13 =<br />
<br />
== Adding user jj5 ==<br />
<br />
root@charity:~# adduser jj5<br />
Adding user `jj5' ...<br />
Adding new group `jj5' (1000) ...<br />
Adding new user `jj5' (1000) with group `jj5' ...<br />
Creating home directory `/home/jj5' ...<br />
Copying files from `/etc/skel' ...<br />
Enter new UNIX password:<br />
Retype new UNIX password:<br />
passwd: password updated successfully<br />
Changing the user information for jj5<br />
Enter the new value, or press ENTER for the default<br />
Full Name []: John Elliot<br />
Room Number []:<br />
Work Phone []:<br />
Home Phone []:<br />
Other []:<br />
Is the information correct? [Y/n]<br />
<br />
root@charity:~# gpasswd -a jj5 sudo<br />
Adding user jj5 to group sudo<br />
<br />
That was easy. PuTTY says it works!<br />
<br />
== Adding user tasaio ==<br />
<br />
root@charity:~# adduser tasaio<br />
Adding user `tasaio' ...<br />
Adding new group `tasaio' (1001) ...<br />
Adding new user `tasaio' (1001) with group `tasaio' ...<br />
Creating home directory `/home/tasaio' ...<br />
Copying files from `/etc/skel' ...<br />
Enter new UNIX password:<br />
Retype new UNIX password:<br />
passwd: password updated successfully<br />
Changing the user information for tasaio<br />
Enter the new value, or press ENTER for the default<br />
Full Name []: Justin<br />
Room Number []:<br />
Work Phone []:<br />
Home Phone []:<br />
Other []:<br />
Is the information correct? [Y/n]<br />
root@charity:~# gpasswd -a tasaio sudo<br />
Adding user tasaio to group sudo<br />
<br />
That was easy too! Will create a wiki user for him too.<br />
<br />
= [[User:John|John]] 2011-07-26 08:47 =<br />
<br />
I could be accused of ignorance. When I created my key file for the CSR request I nominated a pass-phrase. This phrase is required to be entered every time you restart Apache. Gah! Until I can figure out a way to fix it I've created a script in /sbin called restart-apache which enters the key's pass-phrase automatically.<br />
<br />
# cd /sbin<br />
# vim restart-apache<br />
<br />
#!/bin/bash<br />
echo <the pass phrase> | apache2ctl graceful<br />
<br />
# chmod u+x restart-apache<br />
# restart-apache<br />
<br />
Works swimmingly. Will reboot to see what happens when apache tries to load from a boot.<br />
<br />
Apache chokes on boot. Found [http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html this article], which suggests,<br />
<br />
# cd ~<br />
# cp progclub.key progclub.key.pass-phrase<br />
# openssl rsa -in progclub.key.pass-phrase -out progclub.key<br />
# chmod 400 progclub.*<br />
# reboot<br />
<br />
Hopefully Apache comes back up this time... yep!<br />
<br />
Will keep the restart-apache script in sbin, but will remove the part that specified the key pass-phrase.<br />
<br />
= [[User:John|John]] 2011-07-26 06:20 =<br />
<br />
== Getting an HTTPS certificate ==<br />
<br />
Searched for [http://www.google.com.au/search?q=certificate%20sni%20cheap&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&source=hp&channel=np certificate sni cheap], found [http://www.godaddy.com/ssl/ssl-certificates.aspx?isc=sslqgau03&ci=9039 Go Daddy SSL Certificate]. Decided on the Multiple Domains UCC - A$82.93/yr setup, which looks like it will suit us. Picked up to 5 domains for 3 years. It offered me free .mobi registration, so I added progclub.mobi. I then also added progclub.biz and progclub.co, I'm a sucker. Registration information recorded in [https://www.blackbrick.com/web/service/view/id/3240 Blackbrick Account Manager]. Setup the nameservers for the new domains to point to ns*.slicehost.net via [https://mya.godaddy.com/default.aspx?isc=sslqgau03&ci=21822&isc=sslqgau03 My Account].<br />
<br />
Had to generate a Certificate Signing Request (CSR) per [http://community.godaddy.com/help/article/5343 these instructions] (for [http://community.godaddy.com/help/5269 Apache 2.x]).<br />
<br />
# cd ~<br />
# openssl genrsa -des3 -out progclub.key 2048<br />
# openssl req -new -key progclub.key -out progclub.csr<br />
<br />
See [https://www.blackbrick.com/web/attachment/view/id/3331 Blackbrick Account Manager] for full details.<br />
<br />
=== Certificate Type ===<br />
* Hosting: Third Party Hosting <br />
* Domain Name: www.progclub.org <br />
* Certificate Issuing Organization: Go Daddy <br />
* Subject Alt Names: www.progclub.net www.progclub.mobi www.progclub.info www.progclub.co <br />
<br />
You're through!<br />
<br />
Your certificate will be issued shortly.<br />
<br />
You can monitor the progress of your certificate application by going to the<br />
Pending Requests folder and clicking your Common Name. When we are through<br />
verifying your application, you will receive an email with further instructions.<br />
<br />
Downloaded the progclub.org.zip that was eventually generated, and used WinSCP to copy it to root's home directory on charity. Found info about [http://community.godaddy.com/help/article/5238 Installing an SSL Certificate in Apache].<br />
<br />
# cd /etc/apache2/sites-available/<br />
# vim default-ssl<br />
<br />
Set,<br />
<br />
ServerAdmin jj5@jj5.net<br />
DocumentRoot /var/www/www.progclub.org<br />
<br />
# cd ~<br />
# ls<br />
progclub.csr progclub.key progclub.org.zip<br />
# unzip progclub.org.zip<br />
-bash: unzip: command not found<br />
# apt-get install unzip<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
Suggested packages:<br />
zip<br />
The following NEW packages will be installed:<br />
unzip<br />
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 189kB of archives.<br />
After this operation, 406kB of additional disk space will be used.<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main unzip 6.0-1build1 [189kB]<br />
Fetched 189kB in 0s (195kB/s)<br />
Selecting previously deselected package unzip.<br />
(Reading database ... 15343 files and directories currently installed.)<br />
Unpacking unzip (from .../unzip_6.0-1build1_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Setting up unzip (6.0-1build1) ...<br />
# unzip progclub.org.zip<br />
Archive: progclub.org.zip<br />
inflating: gd_bundle.crt<br />
inflating: progclub.org.crt<br />
# ls<br />
gd_bundle.crt progclub.csr progclub.key progclub.org.crt progclub.org.zip<br />
# cd /etc/apache2/sites-available/<br />
# vim default-ssl<br />
<br />
#SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem<br />
SSLCertificateFile /root/progclub.org.crt<br />
#SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key<br />
SSLCertificateKeyFile /root/progclub.key<br />
<br />
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt<br />
SSLCertificateChainFile /root/gd_bundle.crt<br />
<br />
Saved changes.<br />
<br />
# a2ensite default-ssl<br />
# /etc/init.d/apache2 reload<br />
* Reloading web server config apache2 [ OK ]<br />
# a2enmod ssl<br />
Enabling module ssl.<br />
See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.<br />
Run '/etc/init.d/apache2 restart' to activate new configuration!<br />
# /etc/init.d/apache2 restart<br />
<br />
Navigated to [https://www.progclub.org/ https://www.progclub.org/], and it worked!<br />
<br />
# cd /etc/apache2/sites-enabled/<br />
# vim 000-default-ssl<br />
<br />
Alias /pc /var/www/www.progclub.org/mediawiki-1.17.0/index.php<br />
<br />
The [https://www.progclub.org/pc/Main_Page secure wiki] is now working!<br />
<br />
= [[User:John|John]] 2011-07-25 17:53 =<br />
<br />
== Installing MediaWiki ==<br />
<br />
Found the [http://www.mediawiki.org/wiki/Download MediaWiki download page], which references [http://download.wikimedia.org/mediawiki/1.17/mediawiki-1.17.0.tar.gz mediawiki-1.17.0.tar.gz].<br />
<br />
# cd /var/www/www.progclub.org/<br />
# wget http://download.wikimedia.org/mediawiki/1.17/mediawiki-1.17.0.tar.gz<br />
# ls<br />
index.html mediawiki-1.17.0.tar.gz test.php<br />
# tar xzf mediawiki-1.17.0.tar.gz<br />
# ls<br />
index.html mediawiki-1.17.0 mediawiki-1.17.0.tar.gz test.php<br />
# rm mediawiki-1.17.0.tar.gz<br />
# cd mediawiki-1.17.0/<br />
# ls<br />
COPYING bin languages redirect.php5<br />
CREDITS cache load.php redirect.phtml<br />
FAQ config load.php5 resources<br />
HISTORY docs maintenance serialized<br />
INSTALL extensions math skins<br />
README images mw-config thumb.php<br />
RELEASE-NOTES img_auth.php opensearch_desc.php thumb.php5<br />
StartProfiler.sample img_auth.php5 opensearch_desc.php5 trackback.php<br />
UPGRADE includes php5.php5 trackback.php5<br />
api.php index.php profileinfo.php wiki.phtml<br />
api.php5 index.php5 redirect.php<br />
<br />
Didn't find a LocalSettings.php, which is what I was expecting, so reading INSTALL.<br />
<br />
# less INSTALL<br />
<br />
It told me to navigate to the [http://www.progclub.org/mediawiki-1.17.0/ setup page]. The setup page complained about a missing LocalSettings.php, so they haven't changed that after all. Clicked on [http://www.progclub.org/mediawiki-1.17.0/mw-config/index.php setup the wiki].<br />
<br />
Specified,<br />
<br />
* Your language: en - English<br />
* Wiki language: en - English<br />
<br />
Clicked continue, and amoung it's checks was a complaint:<br />
<br />
Could not find a suitable database driver! You need to install a database driver for PHP. The following<br />
database types are supported: MySQL, PostgreSQL, Oracle, SQLite.<br />
<br />
If you are on shared hosting, ask your hosting provider to install a suitable database driver. If you compiled<br />
PHP yourself, reconfigure it with a database client enabled, for example using ./configure --with-mysql. <br />
If you installed PHP from a Debian or Ubuntu package, then you also need install the php5-mysql module.<br />
<br />
So,<br />
<br />
# apt-get install php5-mysql<br />
# apache2ctl graceful<br />
<br />
Then reloaded the [http://www.progclub.org/mediawiki-1.17.0/mw-config/index.php?page=Welcome config page],<br />
<br />
The environment has been checked. You can install MediaWiki.<br />
<br />
Clicked continue, and got the Connect to database page. Looks like I'm going to need a database user for the wiki, so<br />
<br />
# mysql -h localhost -u root --password=<password><br />
Welcome to the MySQL monitor. Commands end with ; or \g.<br />
Your MySQL connection id is 36<br />
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)<br />
<br />
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.<br />
<br />
mysql> create user 'pcwiki'@'localhost' identified by '<password>';<br />
Query OK, 0 rows affected (0.00 sec)<br />
<br />
mysql> exit<br />
Bye<br />
<br />
Back on the config page:<br />
<br />
* Database type: MySQL<br />
* Database host: localhost<br />
* Database name: pcwiki<br />
* Database table prefix: pcwiki__<br />
* Database username: pcwiki<br />
* Database password: <password><br />
<br />
Clicked continue, and got the Database settings page. Specified,<br />
<br />
* Database account for web access: Use the same account as for installation<br />
* Storage engine: InnoDB (the default, other choice was MyISAM)<br />
* Database character set: UTF-8 (not the default, the default choice was Binary)<br />
<br />
Clicked continue, and got the Name page. Specified,<br />
<br />
* Name of wiki: ProgClub<br />
* Project namespace: Same as the wiki name: ProgClub<br />
<br />
Configuration for the Administrator account,<br />
<br />
* Your name: John<br />
* Password: <password><br />
* Password again: <password><br />
* E-mail address: jj5@jj5.net<br />
<br />
You are almost done! You can now skip the remaining configuration and install the wiki right now.<br />
<br />
Chose Ask me more questions, and got the Options page. Specified,<br />
<br />
* User rights profile: Traditional wiki<br />
* Copyright and license: No license footer<br />
<br />
* Enable outbound e-mail: true<br />
* Return e-mail address: wiki@progclub.org<br />
* Enable user-to-user e-mail: true<br />
* Enable user talk page notification: true<br />
* Enable watchlist notification: true<br />
* Enable e-mail authentication: true<br />
<br />
* Enable file uploads: true<br />
* Directory for deleted files: /var/www/www.progclub.org/mediawiki-1.17.0/images/deleted<br />
* Logo URL: /res/img/logo.png<br />
<br />
* Settings for object caching: No caching<br />
<br />
Clicked Continue, and got the confirmation page. Clicked Continue again. Got an error because the database user couldn't create the database. Created the database manually,<br />
<br />
# mysql -h localhost -u root --password=<password><br />
Welcome to the MySQL monitor. Commands end with ; or \g.<br />
Your MySQL connection id is 43<br />
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)<br />
<br />
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.<br />
<br />
mysql> create database `pcwiki`;<br />
Query OK, 1 row affected (0.00 sec)<br />
<br />
mysql> exit<br />
Bye<br />
<br />
Decided it would be easier to let MediaWiki create the database, so went back and specified the database config details to use the root user. I will change this to be the pcwiki user manually after the database has been created.<br />
<br />
Setting up database... done<br />
Creating tables... done<br />
Creating database user... done<br />
Populating default interwiki table... done<br />
Initializing statistics... done<br />
Generating secret keys... done<br />
Creating administrator user account... done<br />
Creating main page with default content... done<br />
<br />
Clicked continue,<br />
<br />
Congratulations! You have successfully installed MediaWiki.<br />
<br />
The installer has generated a LocalSettings.php file. It contains all your configuration.<br />
<br />
You will need to download it and put it in the base of your wiki installation (the same<br />
directory as index.php). The download should have started automatically.<br />
<br />
If the download was not offered, or if you cancelled it, you can restart the download by<br />
clicking the link below: Download LocalSettings.php<br />
<br />
Note: If you do not do this now, this generated configuration file will not be available<br />
to you later if you exit the installation without downloading it.<br />
<br />
When that has been done, you can enter your wiki.<br />
<br />
Downloaded the LocalSettings.php file and copied it to /var/www/www.progclub.org/mediawiki.1.17.0<br />
<br />
Edited LocalSettings.php and changed the database user:<br />
<br />
$wgDBuser = "pcwiki";<br />
$wgDBpassword = "<password>";<br />
<br />
Also added an article path:<br />
<br />
$wgArticlePath = "/pc/$1";<br />
<br />
Also need to grant access for pcwiki user:<br />
<br />
# mysql -h localhost -u root --password=<password><br />
Welcome to the MySQL monitor. Commands end with ; or \g.<br />
Your MySQL connection id is 54<br />
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)<br />
<br />
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.<br />
<br />
mysql> grant all privileges on pcwiki.* to pcwiki@localhost;<br />
Query OK, 0 rows affected (0.11 sec)<br />
<br />
mysql> exit<br />
Bye<br />
<br />
Then need to edit apache conf file to include the pc alias:<br />
<br />
# cd /etc/apache2/sites-enabled/<br />
# vim 000-default<br />
<br />
added,<br />
<br />
Alias /pc /var/www/www.progclub.org/mediawiki-1.17.0/index.php<br />
<br />
then,<br />
<br />
# apache2ctl graceful<br />
<br />
Also,<br />
<br />
# cd /var/www/www.progclub.org/<br />
# mkdir res<br />
# mkdir res/img<br />
<br />
Then uploaded a logo.png to there with WinSCP. The logo settings hadn't been properly specified in the generated LocalSettings.php file, so,<br />
<br />
# cd /var/www/www.progclub.org/mediawiki-1.17.0/<br />
# vim LocalSettings.php<br />
<br />
and changed the logo setting,<br />
<br />
$wgLogo = "/res/img/logo.png";<br />
<br />
Checked [http://www.progclub.org/pc/Main_Page the wiki], and it's all working nicely.<br />
<br />
= [[User:John|John]] 2011-07-25 17:12 =<br />
<br />
== Preparing WWW hosting ==<br />
<br />
# cd /var/www<br />
# mkdir www.progclub.org<br />
# mv index.html test.php www.progclub.org/<br />
# ls<br />
# cd www.progclub.org/<br />
# ls<br />
index.html test.php<br />
<br />
Everything is in order.<br />
<br />
# cd /etc/apache2/sites-enabled/<br />
# ls<br />
000-default<br />
# vim 000-default<br />
<br />
Specified ServerAdmin,<br />
<br />
ServerAdmin jj5@progclub.org<br />
<br />
Changed document root,<br />
<br />
DocumentRoot /var/www/www.progclub.org/<br />
<br />
Changed the <Directory /var/www/> section to,<br />
<br />
<Directory /var/www/www.progclub.org/><br />
<br />
Saved changes and quit vim. Restarted apache,<br />
<br />
# apache2ctl graceful<br />
<br />
Apache complained,<br />
<br />
apache2: Could not reliably determine the server's fully qualified domain name, using charity.progclub.org for ServerName<br />
<br />
Searched for "apache2: Could not reliably determine the server's fully qualified domain name, using " and found an [http://www.linuxquestions.org/questions/linux-server-73/apache-giving-the-error-could-not-determine-the-servers-fully-qualified-domain-name-280677/ answer].<br />
<br />
Ran,<br />
<br />
# hostname charity.progclub.org<br />
<br />
which I guess is a better way to set the hostname than editing /etc/hostname like I did. :P<br />
<br />
Ran,<br />
<br />
# apache2ctl graceful<br />
<br />
again, and got the same error,<br />
<br />
apache2: Could not reliably determine the server's fully qualified domain name, using charity.progclub.org for ServerName<br />
<br />
Tried a reboot to see if the hostname is updated after that,<br />
<br />
# reboot<br />
<br />
Still having problems with,<br />
<br />
# apache2ctl graceful<br />
<br />
So read more of the [http://www.linuxquestions.org/questions/linux-server-73/apache-giving-the-error-could-not-determine-the-servers-fully-qualified-domain-name-280677/ answer], and then,<br />
<br />
# hostname charity<br />
# vim /etc/hosts<br />
<br />
Specified the file contents as<br />
<br />
127.0.0.1 localhost localhost.localdomain<br />
67.207.128.184 charity charity.progclub.org<br />
<br />
Then rebooted,<br />
<br />
# reboot<br />
<br />
Ran hostname and got,<br />
<br />
# hostname<br />
charity.progclub.org<br />
<br />
So edited /etc/hostname and specified<br />
<br />
charity<br />
<br />
Rebooted,<br />
<br />
# reboot<br />
<br />
Searched for "/etc/hostname", and found [http://lists.debian.org/debian-devel/2003/05/msg02064.html an answer]. Short name goes in /etc/hostname, so we should be configured correctly now. Apache is still complaining though,<br />
<br />
# apache2ctl graceful<br />
apache2: Could not reliably determine the server's fully qualified domain name, using 67.207.128.184 for ServerName<br />
<br />
and it's using the IP address rather than charity.progclub.org now. Will manually specify ServerName in /etc/apache2/sites-enabled/000-default<br />
<br />
# cd /etc/apache2/sites-enabled/<br />
# vim 000-default<br />
<br />
Added,<br />
<br />
ServerName charity.progclub.org<br />
<br />
Ran,<br />
<br />
# apache2ctl graceful<br />
<br />
again, and got the same friggin' error! More web-searching... found a [http://www.wallpaperama.com/forums/how-to-fix-could-not-determine-the-servers-fully-qualified-domain-name-t23.html different answer], tried editing /etc/hosts to put the names the other way around,<br />
<br />
# vim /etc/hosts<br />
<br />
127.0.0.1 localhost.localdomain localhost<br />
67.207.128.184 charity.progclub.org charity<br />
<br />
Rebooted,<br />
<br />
# reboot<br />
<br />
Tried apache2ctl again,<br />
<br />
# apache2ctl graceful<br />
<br />
And got no error! Yay!<br />
<br />
Checked<br />
<br />
* [http://www.progclub.org/ www.progclub.org]<br />
<br />
and found everything to be working. Web hosting is now configured.<br />
<br />
= [[User:John|John]] 2011-07-25 17:11 =<br />
<br />
== PHP software installation ==<br />
<br />
I created a test.php file at /var/www/test.php to see if PHP was working out-of-the-box. I navigated to [http://www.progclub.org/test.php test.php] to check, and it tried to download the PHP file, so I guess PHP isn't installed.<br />
<br />
The test.php file I used was,<br />
<br />
<? phpinfo(); ?><br />
<br />
Searched for PHP installation candidate,<br />
<br />
# apt-cache search php5 | less<br />
<br />
Found php5, which looks promising.<br />
<br />
# apt-get install php5<br />
<br />
The following extra packages will be installed:<br />
apache2-mpm-prefork libapache2-mod-php5 php5-common<br />
Suggested packages:<br />
php-pear php5-suhosin<br />
The following packages will be REMOVED:<br />
apache2-mpm-worker<br />
The following NEW packages will be installed:<br />
apache2-mpm-prefork libapache2-mod-php5 php5 php5-common<br />
0 upgraded, 4 newly installed, 1 to remove and 0 not upgraded.<br />
Need to get 3544kB of archives.<br />
After this operation, 9568kB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid-updates/main apache2-mpm-prefork 2.2.14-5ubuntu8.4 [2420B]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid-updates/main php5-common 5.3.2-1ubuntu4.9 [551kB]<br />
Get:3 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libapache2-mod-php5 5.3.2-1ubuntu4.9 [2990kB]<br />
Get:4 http://archive.ubuntu.com/ubuntu/ lucid-updates/main php5 5.3.2-1ubuntu4.9 [1112B]<br />
Fetched 3544kB in 1s (1913kB/s)<br />
dpkg: apache2-mpm-worker: dependency problems, but removing anyway as you requested:<br />
apache2 depends on apache2-mpm-worker (= 2.2.14-5ubuntu8.4) | apache2-mpm-prefork (= 2.2.14-5ubuntu8.4) | apache2-mpm-event (= 2.2.14-5ubuntu8.4) | apache2-mpm-itk (= 2.2.14-5ubuntu8.4); however:<br />
Package apache2-mpm-worker is to be removed.<br />
Package apache2-mpm-prefork is not installed.<br />
Package apache2-mpm-event is not installed.<br />
Package apache2-mpm-itk is not installed.<br />
(Reading database ... 15291 files and directories currently installed.)<br />
Removing apache2-mpm-worker ...<br />
* Stopping web server apache2 apache2: Could not reliably determine the server's fully qualified domain name, using 67.207.128.184 for ServerName<br />
... waiting . [ OK ]<br />
Selecting previously deselected package apache2-mpm-prefork.<br />
(Reading database ... 15283 files and directories currently installed.)<br />
Unpacking apache2-mpm-prefork (from .../apache2-mpm-prefork_2.2.14-5ubuntu8.4_amd64.deb) ...<br />
Selecting previously deselected package php5-common.<br />
Unpacking php5-common (from .../php5-common_5.3.2-1ubuntu4.9_amd64.deb) ...<br />
Selecting previously deselected package libapache2-mod-php5.<br />
Unpacking libapache2-mod-php5 (from .../libapache2-mod-php5_5.3.2-1ubuntu4.9_amd64.deb) ...<br />
Selecting previously deselected package php5.<br />
Unpacking php5 (from .../php5_5.3.2-1ubuntu4.9_all.deb) ...<br />
Setting up apache2-mpm-prefork (2.2.14-5ubuntu8.4) ...<br />
* Starting web server apache2 apache2: Could not reliably determine the server's fully qualified domain name, using 67.207.128.184 for ServerName<br />
[ OK ]<br />
Setting up php5-common (5.3.2-1ubuntu4.9) ...<br />
Setting up libapache2-mod-php5 (5.3.2-1ubuntu4.9) ...<br />
Creating config file /etc/php5/apache2/php.ini with new version<br />
* Reloading web server config apache2 apache2: Could not reliably determine the server's fully qualified domain name, using 67.207.128.184 for ServerName<br />
[ OK ]<br />
Setting up php5 (5.3.2-1ubuntu4.9) ...<br />
<br />
Noticed the complaining about the server's fully qualified domain name, so<br />
<br />
# vim /etc/hostname<br />
<br />
and changed from<br />
<br />
charity<br />
<br />
to<br />
<br />
charity.progclub.org<br />
<br />
Then I rebooted,<br />
<br />
# reboot<br />
<br />
Logged in again and checked the hostname,<br />
<br />
# hostname<br />
<br />
which was correctly reported as,<br />
<br />
charity.progclub.org<br />
<br />
Then I navigated to the [http://www.progclub.org/test.php test.php] page, and got back the phpinfo().<br />
<br />
= [[User:John|John]] 2011-07-25 16:40 =<br />
<br />
== Apache and MySQL software installation ==<br />
<br />
Searched for MySQL software,<br />
<br />
# apt-cache search mysql | less<br />
<br />
Found mysql-server, which looks like a good candidate.<br />
<br />
Searched for Apache software,<br />
<br />
# apt-cache search apache2 | less<br />
<br />
Found apache2, which looks like a good candidate.<br />
<br />
# apt-get install apache2 mysql-server<br />
<br />
The following extra packages will be installed:<br />
apache2-mpm-worker apache2-utils apache2.2-bin apache2.2-common libapr1<br />
libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libdbd-mysql-perl<br />
libdbi-perl libexpat1 libhtml-template-perl libmysqlclient16<br />
libnet-daemon-perl libplrpc-perl mysql-client-5.1 mysql-client-core-5.1<br />
mysql-common mysql-server-5.1 mysql-server-core-5.1 psmisc ssl-cert<br />
Suggested packages:<br />
www-browser apache2-doc apache2-suexec apache2-suexec-custom ufw dbishell<br />
libipc-sharedcache-perl tinyca mailx<br />
The following NEW packages will be installed:<br />
apache2 apache2-mpm-worker apache2-utils apache2.2-bin apache2.2-common<br />
libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap<br />
libdbd-mysql-perl libdbi-perl libexpat1 libhtml-template-perl<br />
libmysqlclient16 libnet-daemon-perl libplrpc-perl mysql-client-5.1<br />
mysql-client-core-5.1 mysql-common mysql-server mysql-server-5.1<br />
mysql-server-core-5.1 psmisc ssl-cert<br />
<br />
== Configuring mysql-server-5.1 ==<br />
<br />
Dpkg showed a configuration screen for configuring the root password. I set one.<br />
<br />
== Apache and MySQL software installation, continued ==<br />
<br />
I rebooted after installing the above software,<br />
<br />
# reboot<br />
<br />
I checked the Apache installation by navigating to [http://www.progclub.org/ www.progclub.org] and It Works!<br />
<br />
= [[User:John|John]] 2011-07-25 16:34 =<br />
<br />
SSH'ed in as root and ran:<br />
<br />
# apt-get update<br />
# apt-get dist-upgrade<br />
# reboot<br />
<br />
= [[User:John|John]] 2011-07-25 16:00 =<br />
<br />
Had to stuff around with resetting the root password on charity, but remote logins via SSH are working now for root.<br />
<br />
= [[User:John|John]] 2011-07-25 15:52 =<br />
<br />
Configured the name server with progclub.org, progclub.net and progclub.info DNS zones on slicehost. The [https://manage.slicehost.com/ SliceManager] should be used to maintain the DNS records for progclub.</div>60.240.67.126https://www.progclub.org/wiki/mediawiki/index.php?title=Future_machine_names&diff=2189Future machine names2011-11-22T21:35:17Z<p>60.240.67.126: </p>
<hr />
<div>= Future names =<br />
<br />
* Love<br />
* Trust<br />
* Humility<br />
* Empathy<br />
* Compassion<br />
* Courage<br />
* Loyalty<br />
* Devotion<br />
* Wisdom<br />
* Grace<br />
* Integrity<br />
* Justice<br />
* Mercy<br />
* Peace<br />
* Respect<br />
* Bravery<br />
* Generosity<br />
* Strength<br />
* Tolerance<br />
* Diligence<br />
* Cooperation<br />
* Excellence<br />
* Forbearance<br />
* Patience<br />
* Fortitude<br />
* Prudence<br />
* Idealism<br />
* Determination<br />
* Unity<br />
* Benevolence<br />
* Simplicity<br />
* Creativity<br />
* Defiance<br />
* Sincerity<br />
* Beauty<br />
* Tact<br />
* Intemperance<br />
<br />
= Deployed names =<br />
<br />
* Hope<br />
* Honesty<br />
* Charity<br />
* Courtesy<br />
* Modesty</div>60.240.67.126https://www.progclub.org/wiki/mediawiki/index.php?title=Future_machine_names&diff=2188Future machine names2011-11-22T21:32:12Z<p>60.240.67.126: </p>
<hr />
<div>= Future names =<br />
<br />
* Love<br />
* Trust<br />
* Humility<br />
* Empathy<br />
* Compassion<br />
* Courage<br />
* Loyalty<br />
* Devotion<br />
* Wisdom<br />
* Grace<br />
* Integrity<br />
* Justice<br />
* Mercy<br />
* Peace<br />
* Respect<br />
* Bravery<br />
* Generosity<br />
* Strength<br />
* Tolerance<br />
* Diligence<br />
* Cooperation<br />
* Excellence<br />
* Forbearance<br />
* Patience<br />
* Fortitude<br />
* Prudence<br />
* Idealism<br />
* Determination<br />
* Unity<br />
* Benevolence<br />
* Simplicity<br />
* Creativity<br />
* Defiance<br />
* Sincerity<br />
* Beauty<br />
* Courtesy<br />
* Modesty<br />
* Tact<br />
* Intemperance<br />
<br />
= Deployed names =<br />
<br />
* Hope<br />
* Honesty<br />
* Charity</div>60.240.67.126https://www.progclub.org/wiki/mediawiki/index.php?title=Forums&diff=2087Forums2011-10-22T13:29:52Z<p>60.240.67.126: Undo revision 2086 by 91.224.247.11 (talk)</p>
<hr />
<div>__NOTITLE__<br />
This page is about ProgClub forums. For information about ProgClub domains, see [[Domains]]. For information about ProgClub member services, see [[Services]]. For information about hosts on the ProgClub network, see [[Machines]]. Check out our [[Projects]] to see what we're working on.<br />
<br />
= Forums =<br />
<br />
ProgClub runs several forums for members and the general public. They are:<br />
<br />
* the ProgClub [[Main Page|wiki]]<br />
* the ProgClub [http://www.progclub.org/blog/ blog]<br />
* the ProgClub [[mailing lists]]<br />
<br />
The [[ProgClub:Copyrights#ProgClub_forums|Copyright policy]] applies to content on all ProgClub forums and there are [[Mailing lists|rules]] for posting to the mailing lists. You might also be interested in our [[projects]].<br />
<br />
If none of that works for you, there are other ways to [[Contacts|get in contact]].<br />
<br />
== ProgClub wiki ==<br />
<br />
You can contribute anonymously to the wiki. Just find a page (that isn't protected -- ProgClub policy pages are protected) and click the Edit link and you can update the page. This will record your IP address. If you're more serious about contributing to the wiki then you're best off creating an account. You can do this by clicking on the [[Special:UserLogin|Log in / create account]] link in the top right hand corner. Once you've created an account you can update your preferences and optionally specify a new [[Skins|skin]].<br />
<br />
== ProgClub blog ==<br />
<br />
You can post comments to any blog post without needing an account. If you'd like to post articles on the blog you will need an account. Anyone can have an account on the blog, you don't actually need to be a ProgClub member for that. If you already have a blog account you can [https://www.progclub.org/blog/wp-login.php?redirect_to=https%3A%2F%2Fwww.progclub.org%2Fblog%2Fwp-admin%2F&reauth=1 login], and if you don't you can [https://www.progclub.org/blog/wp-login.php?action=register register] for an account.<br />
<br />
You might be interested in particular authors on the blog:<br />
<br />
{|class="wikitable sortable"<br />
! Author<br />
! Feed<br />
|-<br />
| [http://www.progclub.org/blog/ everyone]<br />
| [http://www.progclub.org/blog/feed/ feed]<br />
|-<br />
| [http://www.progclub.org/blog/author/teejay/ teejay]<br />
| [http://www.progclub.org/blog/author/teejay/feed/ teejay feed]<br />
|-<br />
| [http://www.progclub.org/blog/author/jj5/ jj5]<br />
| [http://www.progclub.org/blog/author/jj5/feed/ jj5 feed]<br />
|}<br />
<br />
Or you might be interested in particular categories:<br />
<br />
{|class="wikitable sortable"<br />
! Category<br />
! Feed<br />
|-<br />
| [http://www.progclub.org/blog/category/programming/ Programming]<br />
| [http://www.progclub.org/blog/category/programming/feed/ Programming feed]<br />
|-<br />
| [http://www.progclub.org/blog/category/sysadmin/ SysAdmin]<br />
| [http://www.progclub.org/blog/category/sysadmin/feed/ SysAdmin feed]<br />
|-<br />
| [http://www.progclub.org/blog/category/chatter/ Chatter]<br />
| [http://www.progclub.org/blog/category/chatter/feed/ Chatter feed]<br />
|}<br />
<br />
== ProgClub mailing lists ==<br />
<br />
Details about the mailing lists are best seen on the [[Mailing lists]] page. In short, ProgClub operates the following mailing lists:<br />
<br />
{|class="wikitable sortable"<br />
! List<br />
! Subscription<br />
|title="Administration facilities are only available to ProgClub administrators"| Administration<br />
! Public?<br />
! Moderated?<br />
! Post<br />
|-<br />
| [[Mailing_lists#ProgClub_announcement|announcement]]<br />
| [https://www.progclub.org/cgi-bin/mailman/listinfo/announcement subscribe]<br />
| [https://www.progclub.org/cgi-bin/mailman/admin/announcement administer]<br />
| Yes<br />
| Yes<br />
| [mailto:announcement@progclub.org post]<br />
|-<br />
| [[Mailing_lists#ProgClub_list|list]]<br />
| [https://www.progclub.org/cgi-bin/mailman/listinfo/list subscribe]<br />
| [https://www.progclub.org/cgi-bin/mailman/admin/list administer]<br />
| Yes<br />
| No<br />
| [mailto:list@progclub.org post]<br />
|-<br />
| [[Mailing_lists#ProgClub_programming|programming]]<br />
| [https://www.progclub.org/cgi-bin/mailman/listinfo/programming subscribe]<br />
| [https://www.progclub.org/cgi-bin/mailman/admin/programming administer]<br />
| Yes<br />
| No<br />
| [mailto:programming@progclub.org post]<br />
|-<br />
| [[Mailing_lists#ProgClub_vcs|vcs]]<br />
| [https://www.progclub.org/cgi-bin/mailman/listinfo/vcs subscribe]<br />
| [https://www.progclub.org/cgi-bin/mailman/admin/vcs administer]<br />
| Yes<br />
| No<br />
| [mailto:vcs@progclub.org post]<br />
|-<br />
| [[Mailing_lists#ProgClub_admin|admin]]<br />
| private<br />
| [https://www.progclub.org/cgi-bin/mailman/admin/admin administer]<br />
| No<br />
| No<br />
| [mailto:admin@progclub.org post]<br />
|}</div>60.240.67.126https://www.progclub.org/wiki/mediawiki/index.php?title=Domains&diff=1442Domains2011-08-19T09:37:42Z<p>60.240.67.126: </p>
<hr />
<div>__NOTITLE__<br />
This page provides information about ProgClub domains. For information about ProgClub member services, see [[Services]]. For information about hosts on the ProgClub network, see [[Machines]]. Check out our [[Projects]] to see what we're working on or our [[Forums]] to get in touch.<br />
<br />
= Domains =<br />
<br />
ProgClub has a few domain names:<br />
<br />
* progclub.org<br />
* progclub.com<br />
* progclub.info<br />
* progclub.net<br />
* progclub.co<br />
* progclub.mobi<br />
* progclub.biz<br />
<br />
The canonical user domain is progclub.net, and the canonical administrative domain is progclub.org. The canonical name for the members' web-site is [http://www.progclub.net/ www.progclub.net] and the canonical name for the ProgClub administrative web-site is [http://www.progclub.org/ www.progclub.org]. You should generally use the appropriate canonical domain name when writing documentation or publishing links.<br />
<br />
== User domains ==<br />
<br />
The following domains are used for member services:<br />
<br />
* progclub.net<br />
* progclub.co<br />
* progclub.mobi<br />
<br />
This means that to SSH to a user machine you use any of:<br />
<br />
* ssh username@progclub.net, or,<br />
* ssh username@progclub.co, or,<br />
* ssh username@progclub.mobi<br />
<br />
You will get connected to one of the user machines at random. User machines are [[Hope|hope.progclub.net]] and [[Honesty|honesty.progclub.net]]. Of course, in practice, you'll probably just use the canonical user domain, which is progclub.net.<br />
<br />
Web services for member pages will be available via the user domains. That will be any of:<br />
<br />
* http://www.progclub.net/<br />
* http://progclub.net/<br />
* http://www.progclub.co/<br />
* http://progclub.co/<br />
* http://www.progclub.mobi/<br />
* http://progclub.mobi/<br />
<br />
The plan is that the .mobi domain will provide a 'mobile' friendly version of the web-pages, but that's not functional yet.<br />
<br />
HTTPS for user domains is available from:<br />
<br />
* https://www.progclub.net/<br />
* https://progclub.net/<br />
* https://www.progclub.mobi/<br />
* https://progclub.mobi/<br />
<br />
== Administrative domains ==<br />
<br />
The following domains are used for administrative purposes:<br />
<br />
* progclub.org<br />
* progclub.com<br />
* progclub.info<br />
<br />
The [http://www.progclub.org/wiki/ wiki], [http://www.progclub.org/blog/ blog] and the [http://www.progclub.org/pcrepo/ pcrepo] svn repository are available via these domains.<br />
<br />
To access web-services on the administrative domains, use any of the following:<br />
<br />
* http://www.progclub.org/<br />
* http://progclub.org/<br />
* http://www.progclub.com/<br />
* http://progclub.com/<br />
* http://www.progclub.info/<br />
* http://progclub.info/<br />
<br />
The following are available for HTTPS:<br />
<br />
* https://www.progclub.org/<br />
* https://progclub.org/<br />
* https://www.progclub.com/<br />
* https://progclub.com/<br />
* https://www.progclub.info/<br />
* https://progclub.info/<br />
<br />
== Unused domains ==<br />
<br />
The following domain has been registered, but there are no plans to use it:<br />
<br />
* progclub.biz<br />
<br />
We might set this up to be used for testing purposes, but really there are no plans for that.<br />
<br />
[[Category:Help]]</div>60.240.67.126https://www.progclub.org/wiki/mediawiki/index.php?title=ProgRock&diff=1039ProgRock2011-08-12T04:20:09Z<p>60.240.67.126: </p>
<hr />
<div>Before there was [[Main Page|ProgClub]] there was [http://progclub.com/progrock/ ProgClub]. The Melbourne-based ProgClub is a club for Progressive Rock enthusiasts, and they used to have the [http://progclub.com/ progclub.com] domain. But, they sold us their domain! Thanks very much, ProgClub. In your honour, and for the historians, we've mirrored your old web-site; and we will keep it available at progclub.com at [http://progclub.com/progrock/ http://progclub.com/progrock/].</div>60.240.67.126https://www.progclub.org/wiki/mediawiki/index.php?title=News&diff=1038News2011-08-12T04:19:18Z<p>60.240.67.126: </p>
<hr />
<div>We have a news page because the [[Forums|other forums]] can tend to be a little chatty and irrelevant -- ''as they should be''. Latest news goes on top.<br />
<br />
= 2011-08-12 =<br />
<br />
== progclub.com live ==<br />
<br />
It's official, ProgClub has [http://progclub.com/ progclub.com]! It's now a functional administrative domain of the club's. We've registered and re-delegated the domain, and it's ours for at least the next 5 years. There might be a slight delay in DNS record propagation, but disregarding that everything else is configured and ready to roll. Thanks very much [[ProgRock|ProgClub]]!<br />
<br />
= 2011-08-11 =<br />
<br />
== Administration pages protected ==<br />
<br />
The various ProgClub administration pages, such as the [[Executive]], [[Constitution]], and [[ProgClub:Policy|Terms and conditions]], etc., have been flagged as "protected" in the wiki. Only ProgClub wiki administrators (i.e. [[User:John|John]]) are allowed to change these documents. So, we won't have any silly business with our constitution or policies being re-written by spammers or trolls.<br />
<br />
== Copyrights, licenses, etc. ==<br />
<br />
Each [[Projects|ProgClub project]] now has Contributors and Copyright sections that detail the copyright holders and licensing terms for the project. It all seems [[Projects|very professional]]! So far we're using the [[New BSD]] and [[GPL]] (v2) licenses, and I think that's pretty much all we're ever gonna need. Maybe one day we'll see the LGPL or MIT licenses too. The [[ProgClub:Copyrights|Copyright policy]] covers contributions to ProgClub [[forums]] and [[projects]].<br />
<br />
== Policy updates ==<br />
<br />
[[Mailing lists]] have been incorporated as a policy in the [[ProgClub:Policy|terms and conditions]]. The [[ProgClub:Copyrights#ProgClub_projects|CLA]] in the [[ProgClub:Copyrights|Copyright policy]] was updated to cover use of ProgClub [[forums]]. The [[ProgClub:Copyrights#ProgClub_forums|ProgClub forums copyright policy]] was updated to allow for copying from public domain or similar free sources. Looking forward to the day that our policies are stable!<br />
<br />
== Project template ==<br />
<br />
There's a [[Project template]] that can be used for kick-starting a project along with some [[Projects#Contributing_to_ProgClub_projects|instructions]] on the [[Projects]] page. Now what we need are lots of started and never to be finished projects! (Hey, ProgClub has finished ''four'' projects, cancelled only one, have three under active development, and two on the back-burner. Not bad at all! Here at ProgClub we ''get things done''!)<br />
<br />
= 2011-08-10 =<br />
<br />
== Pcwiki release ==<br />
<br />
I updated the [[Pcwiki]] page with a [[Pcwiki#Notes_for_implementers|Notes for implementers]] section, and [http://lists.wikimedia.org/pipermail/wikitech-l/2011-August/054561.html posted] to the [http://lists.wikimedia.org/pipermail/wikitech-l/ wikitech-l] list about my mods to MediaWiki. It'd be pretty exciting if they're interested in them!<br />
<br />
Update: no-one is particularly interested in my contributions. :(<br />
<br />
= 2011-08-09 =<br />
<br />
== System upgrades ==<br />
<br />
[[Charity]] has been upgraded from 256 MB of RAM to 512 MB of RAM, and system backups have been enabled. This has had a noticeable effect on performance of the web-site. It will be upgraded further if swap usage gets out of hand again. The other machines will be upgraded too if need be. At the moment provisioning of ProgClub machines is costing Blackbrick $996 per year.<br />
<br />
== IPSec troubleshooting ==<br />
<br />
I've been talking to Slicehost support about the [[IPSec]] issues we've been having. They've been great -- very helpful. They're looking into trying to reproduce the error in another environment for further diagnosis. Will keep you posted if there's any resolution.<br />
<br />
Update: Slicehost was able to reproduce the error, but they don't know how to fix it. We're giving up. We'll pursue other methods of encryption, i.e., SSHFS rather than NFS+IPSec.<br />
<br />
== Policy updates ==<br />
<br />
Still trying to get our policies right. I imagine this will all settle down a little once we're established and I won't need to post a notice of policy updates every day. There is now a general [[ProgClub:Policy|terms and conditions]] page which introduces all ProgClub terms and conditions, and there was a minor update to the CLA in the [[ProgClub:Copyrights|copyright policy]]. All policies had some minor modifications to fix up the formatting.<br />
<br />
== Pcwiki upgrade ==<br />
<br />
[[Pcwiki]] has been upgraded to support a section link on each section. These appear between the 'edit' and 'top' links. Section links will link you to a particular section on the canonical URL.<br />
<br />
== Pcldap released ==<br />
<br />
A new project [[Pcldap]] has been released. It's to provide the [https://www.progclub.org/pcldap LDAP administration] facility.<br />
<br />
= 2011-08-08 =<br />
<br />
== Cweb planning ==<br />
<br />
A new project, to develop a distributed search engine, has entered its planning phase on the ProgClub wiki. See [[Cweb]].<br />
<br />
== Policy updates ==<br />
<br />
All ProgClub [[ProgClub:Policy|policies]] have been updated.<br />
<br />
= 2011-08-07 =<br />
<br />
== LDAP progress ==<br />
<br />
Progress has been made on the LDAP configuration of [[Charity]]. OpenLDAP is now installed and mostly configured. Thanks Friggles!<br />
<br />
== Policy updates ==<br />
<br />
A [[ProgClub:Copyrights|copyright policy]] and a [[ProgClub:General_disclaimer|general disclaimer]] have been added to ProgClub's [[ProgClub:Policy|policies]].<br />
<br />
= 2011-08-06 =<br />
<br />
== Software released ==<br />
<br />
The [[Pcma]] and [[Pcblog]] projects have been released, and moved to the [[Projects#Completed_projects|completed projects]] list. Which means...<br />
<br />
== We have a blog! ==<br />
<br />
A [http://www.progclub.org/blog/ blog] is now available for ProgClub members. If a blog post falls in the woods, and there's no-one there to read it, does it make a sound?<br />
<br />
== ProgSoc fixed HTTPS ==<br />
<br />
HTTPS to [https://www.progsoc.org ProgSoc] now works for its .org domain, so I've moved [[Why_ProgClub_is_cooler_than_ProgSoc#ProgClub_has_a_secure_web-site|secure web-site]] to the redundant points of difference. Well done ProgSoc.<br />
<br />
== ProgClub logo ==<br />
<br />
Our graphic artist is hard at work coming up with our real logo. Here's his first sketch.<br />
<br />
[[File:Logo sketch.jpg]]<br />
<br />
= 2011-08-05 =<br />
<br />
== IPSec abandoned ==<br />
<br />
[[IPSec]] is too hard. It was getting in the way of [[Kerberos]] connectivity, and I've disabled it.<br />
<br />
== Kerberos configured ==<br />
<br />
The [[Kerberos]] project has been a success. [[Charity]] is now configured as the Kerberos Key Distribution Centre (KDC). We're now pending Kerberos SSH integration, and a few other things for [[Single sign-on]].<br />
<br />
== ProgRock ==<br />
<br />
We're still waiting for our new progclub.com domain -- it's expected to be about a week off completing transfer -- but we've already mirrored the [http://www.progclub.org/progrock/ progclub.com] web-site, and put up a [[ProgRock]] page for antiquity.<br />
<br />
== New members ==<br />
<br />
ProgClub welcomes Sclaughl and Jedd. More information available on the [[Members]] page.<br />
<br />
= 2011-08-03 =<br />
<br />
== progclub.com ==<br />
<br />
Blackbrick has shelled out $500 for the [http://www.progclub.com/ progclub.com] domain. Soon it will be an [[Domains#Administrative_domains|administrative domain]] of the club's! Thank you [[ProgRock|ProgClub]]!<br />
<br />
== Email underway ==<br />
<br />
We're starting up our [[Email]] project. Soon our email facilities will be functional.<br />
<br />
== Hack-fest this weekend! ==<br />
<br />
[[User:Friggles|Friggles]] will be heading to [[User:John|John]]'s house in the Blue Mountains this weekend to work on ProgClub [[Network administration]]. Join us if you'd like!<br />
<br />
= 2011-08-01 =<br />
<br />
== ProgClub policies ==<br />
<br />
ProgClub has updated [[ProgClub:Privacy_policy|Privacy]], [[Account locking policy|Account locking]], [[Acceptable use policy|Acceptable use]] and [[Firewall policy|Firewall]] policies.<br />
<br />
== Domains are now configured ==<br />
<br />
Information about the configuration of ProgClub domains is now available on the [[Domains]] page.<br />
<br />
In brief, user domains are progclub.net and progclub.co, while administrative domains are progclub.org and progclub.info. The canonical user domain is progclub.net, and the canonical administrative domain is progclub.org. You should generally use the canonical name when writing documentation or publishing links.<br />
<br />
== IPSec is configured ==<br />
<br />
The [[IPSec]] project is essentially complete. Hosts on the ProgClub network now communicate over encrypted connections.<br />
<br />
== Single sign-on is underway ==<br />
<br />
The [[Single sign-on]] project has been commenced. Soon users will be able to login to the user machines.<br />
<br />
== Pcwiki released ==<br />
<br />
The [[Pcwiki]] project has undergone several releases. That's the software that's driving the ProgClub wiki. With the latest version of [[Pcwiki]] comes valid HTML5 along with the validation icon that you can see on the bottom of every page, the cool green/orange/black fixed-width font skin that you see (called OldSkool), and some other [[Pcwiki#Done|minor polish]]. If you don't like the OldSkool skin you can [[Skins|turn it off]].<br />
<br />
== New members ==<br />
<br />
ProgClub has had its founding members sign up. ProgClub welcomes Tasaio, SanguineV, Key, Friggles, Jav, Andymcm and Kulov. More information is available on the [[Members]] page.</div>60.240.67.126https://www.progclub.org/wiki/mediawiki/index.php?title=ProgRock&diff=1037ProgRock2011-08-12T04:15:07Z<p>60.240.67.126: </p>
<hr />
<div>Before there was [[Main Page|ProgClub]] there was [http://www.progclub.com/progrock/ ProgClub]. The Melbourne-based ProgClub is a club for Progressive Rock enthusiasts, and they used to have the [http://www.progclub.com/ www.progclub.com] domain. But, they sold us their domain! Thanks very much, ProgClub. In your honour, and for the historians, we've mirrored your old web-site; and we will keep it available at progclub.com at [http://www.progclub.com/progrock/ http://www.progclub.com/progrock/].</div>60.240.67.126https://www.progclub.org/wiki/mediawiki/index.php?title=Charity_admin&diff=689Charity admin2011-08-06T06:32:07Z<p>60.240.67.126: /* Installing OpenLDAP */</p>
<hr />
<div>This page chronicles the administrative changes to [[Charity|charity.progclub.org]]. If you make an administrative change you should document the change here. Changes are logged he in reverse chronological order with a time-stamp in the form YYYY-MM-DD hh:mm. You can use the time from whatever timezone you are in, or UTC if you're cool, but use 24 hour time. Don't worry if the changes you make have a time-stamp that is less than a time-stamp later in the page, put the latest changes at the top. Put a link to your wiki user account before the time-stamp so we know who's doing what. See the [[Administrative reference]] for other information.<br />
<br />
= [[User:John|John]] 2011-08-06 15:30 =<br />
<br />
== Installing OpenLDAP ==<br />
<br />
Following [https://help.ubuntu.com/community/OpenLDAPServer these instructions]. Oh, no, wait. [http://doc.ubuntu.com/ubuntu/serverguide/C/openldap-server.html These instructions].<br />
<br />
jj5@charity:~$ sudo apt-get install slapd ldap-utils<br />
[sudo] password for jj5:<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
libdb4.7 libltdl7 libperl5.10 libslp1 odbcinst odbcinst1debian1 unixodbc<br />
Suggested packages:<br />
slpd openslp-doc libmyodbc odbc-postgresql tdsodbc unixodbc-bin<br />
The following NEW packages will be installed:<br />
ldap-utils libdb4.7 libltdl7 libperl5.10 libslp1 odbcinst odbcinst1debian1<br />
slapd unixodbc<br />
0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 3,302kB of archives.<br />
After this operation, 8,253kB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libdb4.7 4.7.25-9 [653kB]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main libltdl7 2.2.6b-2ubuntu1 [296kB]<br />
Get:3 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libperl5.10 5.10.1-8ubuntu2.1 [1,202B]<br />
Get:4 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libslp1 1.2.1-7.6ubuntu0.1 [54.5kB]<br />
Get:5 http://archive.ubuntu.com/ubuntu/ lucid/main odbcinst 2.2.11-21 [35.5kB]<br />
Get:6 http://archive.ubuntu.com/ubuntu/ lucid/main odbcinst1debian1 2.2.11-21 [66.6kB]<br />
Get:7 http://archive.ubuntu.com/ubuntu/ lucid/main unixodbc 2.2.11-21 [209kB]<br />
Get:8 http://archive.ubuntu.com/ubuntu/ lucid-updates/main slapd 2.4.21-0ubuntu5.5 [1,637kB]<br />
Get:9 http://archive.ubuntu.com/ubuntu/ lucid-updates/main ldap-utils 2.4.21-0ubuntu5.5 [348kB]<br />
Fetched 3,302kB in 2s (1,595kB/s)<br />
Committing to: /etc/<br />
modified shadow<br />
Committed revision 35.<br />
Preconfiguring packages ...<br />
Selecting previously deselected package libdb4.7.<br />
(Reading database ... 17937 files and directories currently installed.)<br />
Unpacking libdb4.7 (from .../libdb4.7_4.7.25-9_amd64.deb) ...<br />
Selecting previously deselected package libltdl7.<br />
Unpacking libltdl7 (from .../libltdl7_2.2.6b-2ubuntu1_amd64.deb) ...<br />
Selecting previously deselected package libperl5.10.<br />
Unpacking libperl5.10 (from .../libperl5.10_5.10.1-8ubuntu2.1_amd64.deb) ...<br />
Selecting previously deselected package libslp1.<br />
Unpacking libslp1 (from .../libslp1_1.2.1-7.6ubuntu0.1_amd64.deb) ...<br />
Selecting previously deselected package odbcinst.<br />
Unpacking odbcinst (from .../odbcinst_2.2.11-21_amd64.deb) ...<br />
Selecting previously deselected package odbcinst1debian1.<br />
Unpacking odbcinst1debian1 (from .../odbcinst1debian1_2.2.11-21_amd64.deb) ...<br />
Selecting previously deselected package unixodbc.<br />
Unpacking unixodbc (from .../unixodbc_2.2.11-21_amd64.deb) ...<br />
Selecting previously deselected package slapd.<br />
Unpacking slapd (from .../slapd_2.4.21-0ubuntu5.5_amd64.deb) ...<br />
Selecting previously deselected package ldap-utils.<br />
Unpacking ldap-utils (from .../ldap-utils_2.4.21-0ubuntu5.5_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Processing triggers for ureadahead ...<br />
Setting up libdb4.7 (4.7.25-9) ...<br />
<br />
Setting up libltdl7 (2.2.6b-2ubuntu1) ...<br />
<br />
Setting up libperl5.10 (5.10.1-8ubuntu2.1) ...<br />
<br />
Setting up libslp1 (1.2.1-7.6ubuntu0.1) ...<br />
<br />
Setting up ldap-utils (2.4.21-0ubuntu5.5) ...<br />
Setting up odbcinst (2.2.11-21) ...<br />
Setting up odbcinst1debian1 (2.2.11-21) ...<br />
<br />
Setting up unixodbc (2.2.11-21) ... <br />
<br />
Setting up slapd (2.4.21-0ubuntu5.5) ...<br />
Creating new user openldap... done.<br />
Creating initial slapd configuration... done.<br />
Starting OpenLDAP: slapd.<br />
<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
Committing to: /etc/<br />
modified .etckeeper<br />
added ODBCDataSources<br />
modified group<br />
modified group-<br />
modified gshadow<br />
modified gshadow-<br />
added odbc.ini<br />
modified passwd<br />
modified passwd-<br />
modified shadow<br />
modified shadow-<br />
added apparmor.d/usr.sbin.slapd<br />
added default/slapd<br />
added init.d/slapd<br />
added ldap/sasl2<br />
added ldap/schema<br />
added ldap/slapd.d<br />
added ldap/schema/README<br />
added ldap/schema/collective.schema<br />
added ldap/schema/corba.schema<br />
added ldap/schema/core.ldif<br />
added ldap/schema/core.schema<br />
added ldap/schema/cosine.ldif<br />
added ldap/schema/cosine.schema<br />
added ldap/schema/duaconf.schema<br />
added ldap/schema/dyngroup.schema<br />
added ldap/schema/inetorgperson.ldif<br />
added ldap/schema/inetorgperson.schema<br />
added ldap/schema/java.schema<br />
added ldap/schema/ldapns.schema<br />
added ldap/schema/misc.ldif<br />
added ldap/schema/misc.schema<br />
added ldap/schema/nis.ldif<br />
added ldap/schema/nis.schema<br />
added ldap/schema/openldap.ldif<br />
added ldap/schema/openldap.schema<br />
added ldap/schema/pmi.schema<br />
added ldap/schema/ppolicy.schema<br />
added ldap/slapd.d/cn=config<br />
added ldap/slapd.d/cn=config.ldif<br />
added ldap/slapd.d/cn=config/cn=schema<br />
added ldap/slapd.d/cn=config/cn=schema.ldif<br />
added ldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif<br />
added ldap/slapd.d/cn=config/olcDatabase={0}config.ldif<br />
added ldap/slapd.d/cn=config/cn=schema/cn={0}core.ldif<br />
added rc0.d/K80slapd<br />
added rc1.d/K80slapd<br />
added rc2.d/S19slapd<br />
added rc3.d/S19slapd<br />
added rc4.d/S19slapd<br />
added rc5.d/S19slapd<br />
added rc6.d/K80slapd<br />
Committed revision 36.<br />
<br />
jj5@charity:~$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif<br />
SASL/EXTERNAL authentication started<br />
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth<br />
SASL SSF: 0<br />
adding new entry "cn=cosine,cn=schema,cn=config"<br />
<br />
jj5@charity:~$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif<br />
SASL/EXTERNAL authentication started<br />
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth<br />
SASL SSF: 0<br />
adding new entry "cn=nis,cn=schema,cn=config"<br />
<br />
jj5@charity:~$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif<br />
SASL/EXTERNAL authentication started<br />
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth<br />
SASL SSF: 0<br />
adding new entry "cn=inetorgperson,cn=schema,cn=config"<br />
<br />
root@charity:~# cd /etc/ldap<br />
root@charity:/etc/ldap# ls<br />
ldap.conf sasl2 schema slapd.d<br />
root@charity:/etc/ldap# vim backend.progclub.org.ldif<br />
<br />
# Load dynamic backend modules<br />
dn: cn=module,cn=config<br />
objectClass: olcModuleList<br />
cn: module<br />
olcModulepath: /usr/lib/ldap<br />
olcModuleload: back_hdb<br />
<br />
# Database settings<br />
dn: olcDatabase=hdb,cn=config<br />
objectClass: olcDatabaseConfig<br />
objectClass: olcHdbConfig<br />
olcDatabase: {1}hdb<br />
olcSuffix: dc=progclub,dc=org<br />
olcDbDirectory: /var/lib/ldap<br />
olcRootDN: cn=admin,dc=progclub,dc=org<br />
olcRootPW: <secret><br />
olcDbConfig: set_cachesize 0 2097152 0<br />
olcDbConfig: set_lk_max_objects 1500<br />
olcDbConfig: set_lk_max_locks 1500<br />
olcDbConfig: set_lk_max_lockers 1500<br />
olcDbIndex: objectClass eq<br />
olcLastMod: TRUE<br />
olcDbCheckpoint: 512 30<br />
olcAccess: to attrs=userPassword by dn="cn=admin,dc=progclub,dc=org" write by anonymous auth by self write by * none<br />
olcAccess: to attrs=shadowLastChange by self write by * read<br />
olcAccess: to dn.base="" by * read<br />
olcAccess: to * by dn="cn=admin,dc=progclub,dc=org" write by * read<br />
<br />
root@charity:/etc/ldap# sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.progclub.org.ldif<br />
SASL/EXTERNAL authentication started<br />
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth<br />
SASL SSF: 0<br />
adding new entry "cn=module,cn=config"<br />
<br />
adding new entry "olcDatabase=hdb,cn=config"<br />
<br />
root@charity:/etc/ldap# vim frontend.progclub.org.ldif<br />
<br />
# Create top-level object in domain<br />
dn: dc=progclub,dc=org<br />
objectClass: top<br />
objectClass: dcObject<br />
objectclass: organization<br />
o: ProgClub<br />
dc: ProgClub<br />
description: ProgClub<br />
<br />
# Admin user.<br />
dn: cn=admin,dc=progclub,dc=org<br />
objectClass: simpleSecurityObject<br />
objectClass: organizationalRole<br />
cn: admin<br />
description: LDAP administrator<br />
userPassword: <secret><br />
<br />
dn: ou=people,dc=progclub,dc=org<br />
objectClass: organizationalUnit<br />
ou: people<br />
<br />
dn: ou=groups,dc=progclub,dc=org<br />
objectClass: organizationalUnit<br />
ou: groups<br />
<br />
dn: uid=jj5,ou=people,dc=progclub,dc=org<br />
objectClass: inetOrgPerson<br />
objectClass: posixAccount<br />
objectClass: shadowAccount<br />
uid: jj5<br />
sn: Elliot<br />
givenName: John<br />
cn: John Elliot<br />
displayName: John Elliot<br />
uidNumber: 1000<br />
gidNumber: 10000<br />
userPassword: <secret><br />
gecos: John Elliot<br />
loginShell: /bin/bash<br />
homeDirectory: /home/jj5<br />
shadowExpire: -1<br />
shadowFlag: 0<br />
shadowWarning: 7<br />
shadowMin: 8<br />
shadowMax: 999999<br />
shadowLastChange: 10877<br />
mail: jj5@jj5.net<br />
postalCode: 2774<br />
#l: <br />
#o: <br />
mobile: +61 4 3505 7839<br />
homePhone: +61 4 4739 2150<br />
title: ProgClub Founder<br />
postalAddress: <br />
initials: JE<br />
<br />
dn: cn=administrators,ou=groups,dc=progclub,dc=org<br />
objectClass: posixGroup<br />
cn: administrators<br />
gidNumber: 10000<br />
<br />
<br />
root@charity:/etc/ldap# sudo ldapadd -x -D cn=admin,dc=progclub,dc=org -W -f frontend.progclub.org.ldif<br />
Enter LDAP Password:<br />
adding new entry "dc=progclub,dc=org"<br />
<br />
adding new entry "cn=admin,dc=progclub,dc=org"<br />
<br />
adding new entry "ou=people,dc=progclub,dc=org"<br />
<br />
adding new entry "ou=groups,dc=progclub,dc=org"<br />
<br />
adding new entry "uid=jj5,ou=people,dc=progclub,dc=org"<br />
ldap_add: Invalid syntax (21)<br />
additional info: l: value #0 invalid per syntax<br />
<br />
root@charity:/etc/ldap# vim frontend.progclub.org.ldif<br />
root@charity:/etc/ldap# sudo ldapadd -x -D cn=admin,dc=progclub,dc=org -W -f frontend.progclub.org.ldif<br />
Enter LDAP Password:<br />
ldap_bind: Server is unwilling to perform (53)<br />
additional info: unauthenticated bind (DN with no password) disallowed<br />
root@charity:/etc/ldap# sudo ldapadd -x -D cn=admin,dc=progclub,dc=org -W -f frontend.progclub.org.ldif<br />
Enter LDAP Password:<br />
adding new entry "dc=progclub,dc=org"<br />
ldap_add: Already exists (68)<br />
<br />
Had to fixup a mistake, created frontend.progclub.org.ldif.end with the data that hadn't made it into LDAP.<br />
<br />
root@charity:/etc/ldap# sudo ldapadd -x -D cn=admin,dc=progclub,dc=org -W -f frontend.progclub.org.ldif.end<br />
Enter LDAP Password:<br />
adding new entry "uid=jj5,ou=people,dc=progclub,dc=org"<br />
<br />
adding new entry "cn=administrators,ou=groups,dc=progclub,dc=org"<br />
<br />
root@charity:/etc/ldap# ldapsearch -xLLL -b "dc=progclub,dc=org" uid=jj5 sn givenName cn<br />
dn: uid=jj5,ou=people,dc=progclub,dc=org<br />
sn: Elliot<br />
givenName: John<br />
cn: John Elliot<br />
<br />
Works!<br />
<br />
friggles@charity:/etc/ldap$ sudo ldapadd -x -D cn=admin,dc=progclub,dc=org -W -f friggles.ldif <br />
Enter LDAP Password: <br />
adding new entry "uid=friggles,ou=people,dc=progclub,dc=org"<br />
<br />
= [[User:John|John]] 2011-08-06 05:35 =<br />
<br />
== Enabling mod_rewrite in Apache ==<br />
<br />
root@charity:/var/www/www.progclub.org/pcblog# a2enmod rewrite<br />
Enabling module rewrite.<br />
Run '/etc/init.d/apache2 restart' to activate new configuration!<br />
root@charity:/var/www/www.progclub.org/pcblog# apache2ctl graceful<br />
<br />
That was after configuring a .htaccess file for pcblog:<br />
<br />
jj5@charity:~$ cat /var/www/www.progclub.org/pcblog/.htaccess<br />
<IfModule mod_rewrite.c><br />
RewriteEngine On<br />
RewriteBase /blog/<br />
RewriteRule ^index\.php$ - [L]<br />
RewriteCond %{REQUEST_FILENAME} !-f<br />
RewriteCond %{REQUEST_FILENAME} !-d<br />
RewriteRule . /blog/index.php [L]<br />
</IfModule><br />
<br />
<br />
= [[User:John|John]] 2011-08-05 23:15 =<br />
<br />
== Installing php5-mcrypt ==<br />
<br />
root@charity:/var/www/www.progclub.org# apt-get install php5-mcrypt<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
libmcrypt4<br />
Suggested packages:<br />
libmcrypt-dev mcrypt<br />
The following NEW packages will be installed:<br />
libmcrypt4 php5-mcrypt<br />
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 104kB of archives.<br />
After this operation, 365kB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/universe libmcrypt4 2.5.8-3.1 [87.6kB]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/universe php5-mcrypt 5.3.2-0ubuntu1 [16.7kB]<br />
Fetched 104kB in 0s (110kB/s)<br />
Committing to: /etc/<br />
modified group<br />
modified group-<br />
modified gshadow<br />
modified gshadow-<br />
modified passwd<br />
modified passwd-<br />
modified shadow<br />
modified shadow-<br />
Committed revision 32.<br />
Selecting previously deselected package libmcrypt4.<br />
(Reading database ... 17926 files and directories currently installed.)<br />
Unpacking libmcrypt4 (from .../libmcrypt4_2.5.8-3.1_amd64.deb) ...<br />
Selecting previously deselected package php5-mcrypt.<br />
Unpacking php5-mcrypt (from .../php5-mcrypt_5.3.2-0ubuntu1_amd64.deb) ...<br />
Processing triggers for libapache2-mod-php5 ...<br />
* Reloading web server config apache2 [ OK ]<br />
Setting up libmcrypt4 (2.5.8-3.1) ...<br />
<br />
Setting up php5-mcrypt (5.3.2-0ubuntu1) ...<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
Committing to: /etc/<br />
added php5/conf.d/mcrypt.ini<br />
Committed revision 33.<br />
<br />
= [[User:John|John]] 2011-08-05 22:24 =<br />
<br />
== Creating pcblog database and user ==<br />
<br />
root@charity:/var/www/www.progclub.org# mysql -uroot -p<br />
Enter password:<br />
Welcome to the MySQL monitor. Commands end with ; or \g.<br />
Your MySQL connection id is 1030<br />
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)<br />
<br />
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.<br />
<br />
mysql> use mysql;<br />
Reading table information for completion of table and column names<br />
You can turn off this feature to get a quicker startup with -A<br />
<br />
Database changed<br />
mysql> create user 'pcblog'@'%' identified by 'uiq82r3wy';<br />
Query OK, 0 rows affected (0.09 sec)<br />
<br />
mysql> create database pcblog;<br />
Query OK, 1 row affected (0.09 sec)<br />
<br />
mysql> select host, user from user;<br />
+---------------------------+------------------+<br />
| host | user |<br />
+---------------------------+------------------+<br />
| % | pcblog |<br />
| 127.0.0.1 | root |<br />
| 60-240-67-126.tpgi.com.au | pcwiki |<br />
| charity | root |<br />
| localhost | debian-sys-maint |<br />
| localhost | pcwiki |<br />
| localhost | root |<br />
+---------------------------+------------------+<br />
7 rows in set (0.01 sec)<br />
<br />
mysql> grant all privileges on pcblog.* to 'pcblog'@'%' with grant option;<br />
Query OK, 0 rows affected (0.14 sec)<br />
<br />
mysql> flush privileges;<br />
Query OK, 0 rows affected (0.02 sec)<br />
<br />
mysql> quit<br />
Bye<br />
<br />
= [[User:John|John]] 2011-08-05 17:32 =<br />
<br />
== Adding user jedd ==<br />
<br />
jj5@charity:~$ sudo adduser jedd<br />
[sudo] password for jj5:<br />
Adding user `jedd' ...<br />
Adding new group `jedd' (1006) ...<br />
Adding new user `jedd' (1006) with group `jedd' ...<br />
Creating home directory `/home/jedd' ...<br />
Copying files from `/etc/skel' ...<br />
Enter new UNIX password:<br />
Retype new UNIX password:<br />
passwd: password updated successfully<br />
Changing the user information for jedd<br />
Enter the new value, or press ENTER for the default<br />
Full Name []: Jedd Rashbrooke<br />
Room Number []:<br />
Work Phone []:<br />
Home Phone []:<br />
Other []:<br />
Is the information correct? [Y/n]<br />
jj5@charity:~$ sudo adduser jedd sudo<br />
Adding user `jedd' to group `sudo' ...<br />
Adding user jedd to group sudo<br />
Done.<br />
<br />
= [[User:John|John]] 2011-08-05 16:59 =<br />
<br />
== Disabling IPSec ==<br />
<br />
Can't get [[IPSec]] to work. Commented out /etc/network/if-up.d/ip and removed the policies from /etc/ipsec-tools.conf.<br />
<br />
= [[User:John|John]] 2011-08-05 16:10 =<br />
<br />
== Trying to get kadmin to work from [[Hope]] ==<br />
<br />
Found [http://fixunix.com/kerberos/364739-centos-attempting-set-up-kerberos-5-tickets-created-destroyedsuccessfully-now-issue.html this].<br />
<br />
root@charity:~# kadmin.local -p jj5/admin -q "addprinc -randkey host/hope.progclub.net"<br />
Authenticating as principal jj5/admin with password.<br />
WARNING: no policy specified for host/hope.progclub.net@PROGCLUB.ORG; defaulting to no policy<br />
Principal "host/hope.progclub.net@PROGCLUB.ORG" created.<br />
<br />
root@charity:~# kadmin.local -p jj5/admin -q "ktadd -k /etc/krb5.keytab host/hope.progclub.net"<br />
Authenticating as principal jj5/admin with password.<br />
Entry for principal host/hope.progclub.net with kvno 2, encryption type AES-256 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/etc/krb5.keytab.<br />
Entry for principal host/hope.progclub.net with kvno 2, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/krb5.keytab.<br />
Entry for principal host/hope.progclub.net with kvno 2, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.<br />
Entry for principal host/hope.progclub.net with kvno 2, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/etc/krb5.keytab.<br />
<br />
Ah, I was confused.<br />
<br />
root@charity:/etc# rm krb5.keytab<br />
<br />
= [[User:John|John]] 2011-08-05 14:57 =<br />
<br />
== Changing jj5/admin password in Kerberos ==<br />
<br />
This is so my password will be different from the Linux system password, so I can tell if the system is logging me in with my Kerberos credentials (when I configure SSH to use Kerberos, for example).<br />
<br />
jj5@charity:~$ kadmin -p jj5/admin<br />
Couldn't open log file /var/log/krb5.log: Permission denied<br />
Authenticating as principal jj5/admin with password.<br />
Password for jj5/admin@PROGCLUB.ORG:<br />
kadmin: cpw jj5/admin<br />
Enter password for principal "jj5/admin@PROGCLUB.ORG":<br />
Re-enter password for principal "jj5/admin@PROGCLUB.ORG":<br />
Password for "jj5/admin@PROGCLUB.ORG" changed.<br />
kadmin: quit<br />
<br />
== Adding user jj5 ==<br />
<br />
jj5@charity:~$ kadmin -p jj5/admin<br />
Couldn't open log file /var/log/krb5.log: Permission denied<br />
Authenticating as principal jj5/admin with password.<br />
Password for jj5/admin@PROGCLUB.ORG:<br />
kadmin: addprinc jj5<br />
WARNING: no policy specified for jj5@PROGCLUB.ORG; defaulting to no policy<br />
Enter password for principal "jj5@PROGCLUB.ORG":<br />
Re-enter password for principal "jj5@PROGCLUB.ORG":<br />
Principal "jj5@PROGCLUB.ORG" created.<br />
kadmin: quit<br />
<br />
= [[User:John|John]] 2011-08-05 00:26 =<br />
<br />
== Kerberizing Apache ==<br />
<br />
Following [https://help.ubuntu.com/community/Kerberos#Apache these instructions].<br />
<br />
jj5@charity:~$ sudo -s<br />
[sudo] password for jj5:<br />
root@charity:~# kadmin.local<br />
Authenticating as principal root/admin@PROGCLUB.ORG with password.<br />
kadmin.local: addprinc -randkey HTTP/charity.progclub.org<br />
WARNING: no policy specified for HTTP/charity.progclub.org@PROGCLUB.ORG; defaulting to no policy<br />
Principal "HTTP/charity.progclub.org@PROGCLUB.ORG" created.<br />
kadmin.local: ktadd -k /etc/apache2/apache2.keytab HTTP/charity.progclub.org<br />
Entry for principal HTTP/charity.progclub.org with kvno 2, encryption type AES-256 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/etc/apache2/apache2.keytab.<br />
Entry for principal HTTP/charity.progclub.org with kvno 2, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/apache2/apache2.keytab.<br />
Entry for principal HTTP/charity.progclub.org with kvno 2, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/apache2/apache2.keytab.<br />
Entry for principal HTTP/charity.progclub.org with kvno 2, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/etc/apache2/apache2.keytab.<br />
kadmin.local: quit<br />
root@charity:~# chown www-data:www-data /etc/apache2/apache2.keytab<br />
root@charity:~# chmod 400 /etc/apache2/apache2.keytab<br />
root@charity:~# apt-get install libapache2-mod-auth-kerb<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following NEW packages will be installed:<br />
libapache2-mod-auth-kerb<br />
0 upgraded, 1 newly installed, 0 to remove and 2 not upgraded.<br />
Need to get 20.3kB of archives.<br />
After this operation, 119kB of additional disk space will be used.<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libapache2-mod-auth-kerb 5.3-5build2 [20.3kB]<br />
Fetched 20.3kB in 0s (36.1kB/s)<br />
Committing to: /etc/<br />
modified .etckeeper<br />
modified krb5.conf<br />
added apache2/apache2.keytab<br />
added krb5kdc/kadm5.acl<br />
modified krb5kdc/kdc.conf<br />
added krb5kdc/stash<br />
Committed revision 28.<br />
Selecting previously deselected package libapache2-mod-auth-kerb.<br />
(Reading database ... 17919 files and directories currently installed.)<br />
Unpacking libapache2-mod-auth-kerb (from .../libapache2-mod-auth-kerb_5.3-5build2_amd64.deb) ...<br />
Setting up libapache2-mod-auth-kerb (5.3-5build2) ...<br />
Enabling module auth_kerb.<br />
Run '/etc/init.d/apache2 restart' to activate new configuration!<br />
<br />
Committing to: /etc/<br />
added apache2/mods-available/auth_kerb.load<br />
added apache2/mods-enabled/auth_kerb.load<br />
Committed revision 29.<br />
root@charity:~# cd /etc/apache2/sites-available/<br />
root@charity:/etc/apache2/sites-available# vim default-ssl<br />
<br />
<Directory /var/www/www.progclub.org/test><br />
Options Indexes FollowSymLinks MultiViews<br />
AllowOverride None<br />
Order allow,deny<br />
allow from all<br />
<br />
AuthType Kerberos<br />
AuthName "Kerberos Login"<br />
KrbAuthRealm PROGCLUB.ORG<br />
Krb5Keytab /etc/apache2/apache2.keytab<br />
#KrbMethodK5Passwd off #optional--makes GSSAPI SPNEGO a requirement<br />
Require valid-user<br />
</Directory><br />
<br />
root@charity:/etc/apache2/sites-available# cd /var/www/www.progclub.org/<br />
root@charity:/var/www/www.progclub.org# mkdir test<br />
root@charity:/var/www/www.progclub.org# cd test<br />
root@charity:/var/www/www.progclub.org/test# vim index.php<br />
<br />
<?php phpinfo(); ?><br />
<br />
root@charity:/var/www/www.progclub.org/test# apache2ctl graceful<br />
<br />
[https://www.progclub.org/test/ Works]!<br />
<br />
= [[User:John|John]] 2011-08-04 21:21 =<br />
<br />
== Installing Kerberos ==<br />
<br />
Following [https://help.ubuntu.com/community/Kerberos these instructions].<br />
<br />
jj5@charity:~$ sudo -s<br />
[sudo] password for jj5:<br />
root@charity:~# nslookup charity.progclub.org<br />
bash: nslookup: command not found<br />
root@charity:~# apt-get install nslookup<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
E: Couldn't find package nslookup<br />
root@charity:~# apt-cache search nslookup<br />
dnsutils - Clients provided with BIND<br />
root@charity:~# apt-get install dnsutils<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
bind9-host geoip-database libbind9-60 libdns64 libgeoip1 libisc60 libisccc60<br />
libisccfg60 liblwres60<br />
Suggested packages:<br />
rblcheck geoip-bin<br />
The following NEW packages will be installed:<br />
bind9-host dnsutils geoip-database libbind9-60 libdns64 libgeoip1 libisc60<br />
libisccc60 libisccfg60 liblwres60<br />
0 upgraded, 10 newly installed, 0 to remove and 2 not upgraded.<br />
Need to get 2,024kB of archives.<br />
After this operation, 4,866kB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libgeoip1 1.4.6.dfsg-17 [109kB]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libisc60 1:9.7.0.dfsg.P1-1ubuntu0.3 [170kB]<br />
Get:3 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libdns64 1:9.7.0.dfsg.P1-1ubuntu0.3 [692kB]<br />
Get:4 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libisccc60 1:9.7.0.dfsg.P1-1ubuntu0.3 [29.9kB]<br />
Get:5 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libisccfg60 1:9.7.0.dfsg.P1-1ubuntu0.3 [53.1kB]<br />
Get:6 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libbind9-60 1:9.7.0.dfsg.P1-1ubuntu0.3 [34.7kB]<br />
Get:7 http://archive.ubuntu.com/ubuntu/ lucid-updates/main liblwres60 1:9.7.0.dfsg.P1-1ubuntu0.3 [48.5kB]<br />
Get:8 http://archive.ubuntu.com/ubuntu/ lucid-updates/main bind9-host 1:9.7.0.dfsg.P1-1ubuntu0.3 [68.6kB]<br />
Get:9 http://archive.ubuntu.com/ubuntu/ lucid-updates/main dnsutils 1:9.7.0.dfsg.P1-1ubuntu0.3 [162kB]<br />
Get:10 http://archive.ubuntu.com/ubuntu/ lucid/main geoip-database 1.4.6.dfsg-17 [658kB]<br />
Fetched 2,024kB in 8s (227kB/s)<br />
Selecting previously deselected package libgeoip1.<br />
(Reading database ... 17754 files and directories currently installed.)<br />
Unpacking libgeoip1 (from .../libgeoip1_1.4.6.dfsg-17_amd64.deb) ...<br />
Selecting previously deselected package libisc60.<br />
Unpacking libisc60 (from .../libisc60_1%3a9.7.0.dfsg.P1-1ubuntu0.3_amd64.deb) ...<br />
Selecting previously deselected package libdns64.<br />
Unpacking libdns64 (from .../libdns64_1%3a9.7.0.dfsg.P1-1ubuntu0.3_amd64.deb) ...<br />
Selecting previously deselected package libisccc60.<br />
Unpacking libisccc60 (from .../libisccc60_1%3a9.7.0.dfsg.P1-1ubuntu0.3_amd64.deb) ...<br />
Selecting previously deselected package libisccfg60.<br />
Unpacking libisccfg60 (from .../libisccfg60_1%3a9.7.0.dfsg.P1-1ubuntu0.3_amd64.deb) ...<br />
Selecting previously deselected package libbind9-60.<br />
Unpacking libbind9-60 (from .../libbind9-60_1%3a9.7.0.dfsg.P1-1ubuntu0.3_amd64.deb) ...<br />
Selecting previously deselected package liblwres60.<br />
Unpacking liblwres60 (from .../liblwres60_1%3a9.7.0.dfsg.P1-1ubuntu0.3_amd64.deb) ...<br />
Selecting previously deselected package bind9-host.<br />
Unpacking bind9-host (from .../bind9-host_1%3a9.7.0.dfsg.P1-1ubuntu0.3_amd64.deb) ...<br />
Selecting previously deselected package dnsutils.<br />
Unpacking dnsutils (from .../dnsutils_1%3a9.7.0.dfsg.P1-1ubuntu0.3_amd64.deb) ...<br />
Selecting previously deselected package geoip-database.<br />
Unpacking geoip-database (from .../geoip-database_1.4.6.dfsg-17_all.deb) ...<br />
Processing triggers for man-db ...<br />
Setting up libgeoip1 (1.4.6.dfsg-17) ...<br />
<br />
Setting up libisc60 (1:9.7.0.dfsg.P1-1ubuntu0.3) ...<br />
<br />
Setting up libdns64 (1:9.7.0.dfsg.P1-1ubuntu0.3) ...<br />
<br />
Setting up libisccc60 (1:9.7.0.dfsg.P1-1ubuntu0.3) ...<br />
<br />
Setting up libisccfg60 (1:9.7.0.dfsg.P1-1ubuntu0.3) ...<br />
<br />
Setting up libbind9-60 (1:9.7.0.dfsg.P1-1ubuntu0.3) ...<br />
<br />
Setting up liblwres60 (1:9.7.0.dfsg.P1-1ubuntu0.3) ...<br />
<br />
Setting up bind9-host (1:9.7.0.dfsg.P1-1ubuntu0.3) ...<br />
Setting up dnsutils (1:9.7.0.dfsg.P1-1ubuntu0.3) ...<br />
<br />
Setting up geoip-database (1.4.6.dfsg-17) ...<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
root@charity:~# nslookup charity.progclub.org<br />
Server: 67.207.128.4<br />
Address: 67.207.128.4#53<br />
<br />
Non-authoritative answer:<br />
Name: charity.progclub.org<br />
Address: 67.207.128.184<br />
<br />
root@charity:~# nslookup 67.207.128.184<br />
Server: 67.207.128.4<br />
Address: 67.207.128.4#53<br />
<br />
Non-authoritative answer:<br />
184.128.207.67.in-addr.arpa name = charity.progclub.org.<br />
<br />
Authoritative answers can be found from:<br />
128.207.67.in-addr.arpa nameserver = NS2.SLICEHOST.NET.<br />
128.207.67.in-addr.arpa nameserver = NS1.SLICEHOST.NET.<br />
NS1.SLICEHOST.NET internet address = 67.23.4.57<br />
NS2.SLICEHOST.NET internet address = 173.45.224.132<br />
<br />
root@charity:~# apt-get install krb5-kdc krb5-admin-server<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
krb5-config krb5-user libgssrpc4 libkadm5clnt-mit7 libkadm5srv-mit7<br />
libkdb5-4<br />
Suggested packages:<br />
openbsd-inetd inet-superserver krb5-kdc-ldap krb5-doc<br />
The following NEW packages will be installed:<br />
krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4<br />
libkadm5clnt-mit7 libkadm5srv-mit7 libkdb5-4<br />
0 upgraded, 8 newly installed, 0 to remove and 2 not upgraded.<br />
Need to get 777kB of archives.<br />
After this operation, 2,187kB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libgssrpc4 1.8.1+dfsg-2ubuntu0.9 [82.2kB]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libkadm5clnt-mit7 1.8.1+dfsg-2ubuntu0.9 [62.8kB]<br />
Get:3 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libkdb5-4 1.8.1+dfsg-2ubuntu0.9 [62.3kB]<br />
Get:4 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libkadm5srv-mit7 1.8.1+dfsg-2ubuntu0.9 [76.8kB]<br />
Get:5 http://archive.ubuntu.com/ubuntu/ lucid/main krb5-config 2.2 [23.0kB]<br />
Get:6 http://archive.ubuntu.com/ubuntu/ lucid-updates/main krb5-user 1.8.1+dfsg-2ubuntu0.9 [137kB]<br />
Get:7 http://archive.ubuntu.com/ubuntu/ lucid-updates/universe krb5-kdc 1.8.1+dfsg-2ubuntu0.9 [219kB]<br />
Get:8 http://archive.ubuntu.com/ubuntu/ lucid-updates/universe krb5-admin-server 1.8.1+dfsg-2ubuntu0.9 [113kB]<br />
Fetched 777kB in 1s (560kB/s)<br />
Preconfiguring packages ...<br />
Selecting previously deselected package libgssrpc4.<br />
(Reading database ... 17824 files and directories currently installed.)<br />
Unpacking libgssrpc4 (from .../libgssrpc4_1.8.1+dfsg-2ubuntu0.9_amd64.deb) ...<br />
Selecting previously deselected package libkadm5clnt-mit7.<br />
Unpacking libkadm5clnt-mit7 (from .../libkadm5clnt-mit7_1.8.1+dfsg-2ubuntu0.9_amd64.deb) ...<br />
Selecting previously deselected package libkdb5-4.<br />
Unpacking libkdb5-4 (from .../libkdb5-4_1.8.1+dfsg-2ubuntu0.9_amd64.deb) ...<br />
Selecting previously deselected package libkadm5srv-mit7.<br />
Unpacking libkadm5srv-mit7 (from .../libkadm5srv-mit7_1.8.1+dfsg-2ubuntu0.9_amd64.deb) ...<br />
Selecting previously deselected package krb5-config.<br />
Unpacking krb5-config (from .../krb5-config_2.2_all.deb) ...<br />
Selecting previously deselected package krb5-user.<br />
Unpacking krb5-user (from .../krb5-user_1.8.1+dfsg-2ubuntu0.9_amd64.deb) ...<br />
Selecting previously deselected package krb5-kdc.<br />
Unpacking krb5-kdc (from .../krb5-kdc_1.8.1+dfsg-2ubuntu0.9_amd64.deb) ...<br />
Selecting previously deselected package krb5-admin-server.<br />
Unpacking krb5-admin-server (from .../krb5-admin-server_1.8.1+dfsg-2ubuntu0.9_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Processing triggers for ureadahead ...<br />
Setting up libgssrpc4 (1.8.1+dfsg-2ubuntu0.9) ...<br />
<br />
Setting up libkadm5clnt-mit7 (1.8.1+dfsg-2ubuntu0.9) ...<br />
<br />
Setting up libkdb5-4 (1.8.1+dfsg-2ubuntu0.9) ...<br />
<br />
Setting up libkadm5srv-mit7 (1.8.1+dfsg-2ubuntu0.9) ...<br />
<br />
Setting up krb5-config (2.2) ...<br />
<br />
Setting up krb5-user (1.8.1+dfsg-2ubuntu0.9) ...<br />
Setting up krb5-kdc (1.8.1+dfsg-2ubuntu0.9) ...<br />
krb5kdc: cannot initialize realm PROGCLUB.ORG - see log file for details<br />
<br />
Setting up krb5-admin-server (1.8.1+dfsg-2ubuntu0.9) ...<br />
kadmind: No such file or directory while initializing, aborting <br />
<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
Committing to: /etc/<br />
modified .etckeeper<br />
added krb5.conf<br />
added krb5kdc<br />
added default/krb5-admin-server<br />
added default/krb5-kdc<br />
added init.d/krb5-admin-server<br />
added init.d/krb5-kdc<br />
added krb5kdc/kdc.conf<br />
added rc0.d/K18krb5-admin-server<br />
added rc0.d/K18krb5-kdc<br />
added rc1.d/K18krb5-admin-server<br />
added rc1.d/K18krb5-kdc<br />
added rc2.d/S18krb5-admin-server<br />
added rc2.d/S18krb5-kdc<br />
added rc3.d/S18krb5-admin-server<br />
added rc3.d/S18krb5-kdc<br />
added rc4.d/S18krb5-admin-server<br />
added rc4.d/S18krb5-kdc<br />
added rc5.d/S18krb5-admin-server<br />
added rc5.d/S18krb5-kdc<br />
added rc6.d/K18krb5-admin-server<br />
added rc6.d/K18krb5-kdc<br />
Committed revision 27.<br />
<br />
Package configuration<br />
<br />
<br />
âââââââââââââââââââââ⤠Configuring krb5-admin-server âââââââââââââââââââââââ<br />
â â<br />
â Setting up a Kerberos Realm â<br />
â â<br />
â This package contains the administrative tools required to run the â<br />
â Kerberos master server. â<br />
â â<br />
â However, installing this package does not automatically set up a â<br />
â Kerberos realm. This can be done later by running the "krb5_newrealm" â<br />
â command. â<br />
â â<br />
â Please also read the /usr/share/doc/krb5-kdc/README.KDC file and the â<br />
â administration guide found in the krb5-doc package. â<br />
â â<br />
â <Ok> â<br />
â â<br />
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ<br />
<br />
root@charity:~# dpkg-reconfigure krb5-kdc<br />
<br />
Package configuration<br />
<br />
<br />
<br />
ââââââââââââââââââââââââââ⤠Configuring krb5-kdc ââââââââââââââââââââââââââââ<br />
â â<br />
â The Kerberos Key Distribution Center (KDC) configuration files, in â<br />
â /etc/krb5kdc, may be created automatically. â<br />
â â<br />
â By default, an example template will be copied into this directory with â<br />
â local parameters filled in. â<br />
â â<br />
â Administrators who already have infrastructure to manage their Kerberos â<br />
â configuration may wish to disable these automatic configuration changes. â<br />
â â<br />
â Create the Kerberos KDC configuration automatically? â<br />
â â<br />
â <Yes> <No> â<br />
â â<br />
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ<br />
<br />
<Yes><br />
<br />
krb5kdc: cannot initialize realm PROGCLUB.ORG - see log file for details<br />
<br />
root@charity:~# cd /var/log<br />
root@charity:/var/log# ls<br />
apache2 dmesg kern.log mysql.log syslog.2.gz<br />
apt dmesg.0 kern.log.1 mysql.log.1.gz syslog.3.gz<br />
auth.log dmesg.1.gz lastlog mysql.log.2.gz syslog.4.gz<br />
auth.log.1 dmesg.2.gz lpr.log mysql.log.3.gz syslog.5.gz<br />
boot dmesg.3.gz mail.err mysql.log.4.gz syslog.6.gz<br />
bootstrap.log dmesg.4.gz mail.info mysql.log.5.gz syslog.7.gz<br />
btmp dpkg.log mail.log mysql.log.6.gz udev<br />
btmp.1 dpkg.log.1 mail.warn mysql.log.7.gz user.log<br />
daemon.log fail2ban.log messages news wtmp<br />
daemon.log.1 fail2ban.log.1 messages.1 pycentral.log wtmp.1<br />
debug faillog mysql syslog<br />
debug.1 fsck mysql.err syslog.1<br />
<br />
Where is the KBR log!?<br />
<br />
root@charity:/etc# cat krb5kdc/kdc.conf<br />
[kdcdefaults]<br />
kdc_ports = 750,88<br />
default_realm = PROGCLUB.ORG<br />
<br />
[realms]<br />
PROGCLUB.ORG = {<br />
database_name = /var/lib/krb5kdc/principal<br />
admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab<br />
acl_file = /etc/krb5kdc/kadm5.acl<br />
key_stash_file = /etc/krb5kdc/stash<br />
kdc_ports = 750,88<br />
max_life = 10h 0m 0s<br />
max_renewable_life = 7d 0h 0m 0s<br />
master_key_type = des3-hmac-sha1<br />
supported_enctypes = aes256-cts:normal arcfour-hmac:normal des3-hmac-sha1:normal des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3<br />
default_principal_flags = +preauth<br />
}<br />
<br />
root@charity:/etc# reboot<br />
<br />
Broadcast message from jj5@charity<br />
(/dev/pts/0) at 11:49 ...<br />
<br />
The system is going down for reboot NOW!<br />
<br />
root@charity:/etc/krb5kdc# vim kadm5.acl<br />
<br />
# This file is the access control list for krb5 administration.<br />
# When this file is edited run /etc/init.d/krb5-admin-server restart to activate<br />
# One common way to set up Kerberos administration is to allow any principal<br />
# ending in /admin is given full administrative rights.<br />
# To enable this, uncomment the following line:<br />
*/admin@PROGCLUB.ORG *<br />
<br />
root@charity:/etc/krb5kdc# krb5_newrealm<br />
This script should be run on the master KDC/admin server to initialize<br />
a Kerberos realm. It will ask you to type in a master key password.<br />
This password will be used to generate a key that is stored in<br />
/etc/krb5kdc/stash. You should try to remember this password, but it<br />
is much more important that it be a strong password than that it be<br />
remembered. However, if you lose the password and /etc/krb5kdc/stash,<br />
you cannot decrypt your Kerberos database.<br />
Loading random data<br />
Initializing database '/var/lib/krb5kdc/principal' for realm 'PROGCLUB.ORG',<br />
master key name 'K/M@PROGCLUB.ORG'<br />
You will be prompted for the database Master Password.<br />
It is important that you NOT FORGET this password.<br />
Enter KDC database master key:<br />
Re-enter KDC database master key to verify: <br />
<br />
<br />
Now that your realm is set up you may wish to create an administrative<br />
principal using the addprinc subcommand of the kadmin.local program.<br />
Then, this principal can be added to /etc/krb5kdc/kadm5.acl so that<br />
you can use the kadmin program on other computers. Kerberos admin<br />
principals usually belong to a single user and end in /admin. For<br />
example, if jruser is a Kerberos administrator, then in addition to<br />
the normal jruser principal, a jruser/admin principal should be<br />
created.<br />
<br />
Don't forget to set up DNS information so your clients can find your<br />
KDC and admin servers. Doing so is documented in the administration<br />
guide.<br />
<br />
root@charity:/etc/krb5kdc# kadmin -p admin/admin<br />
Authenticating as principal admin/admin with password.<br />
kadmin: Missing parameters in krb5.conf required for kadmin client while initializing kadmin interface<br />
<br />
root@charity:/etc# /etc/init.d/k<br />
killprocs krb5-admin-server krb5-kdc<br />
root@charity:/etc# /etc/init.d/krb5-kdc restart<br />
* Restarting Kerberos KDC krb5kdc<br />
...done.<br />
root@charity:/etc# /etc/init.d/krb5-admin-server restart<br />
* Restarting Kerberos administrative servers kadmind<br />
root@charity:/etc#<br />
<br />
root@charity:/var/lib/krb5kdc# kadmin -p admin/admin<br />
Authenticating as principal admin/admin with password.<br />
kadmin: Client not found in Kerberos database while initializing kadmin interface<br />
<br />
[http://www.google.com.au/search?q=kadmin%3A%20Client%20not%20found%20in%20Kerberos%20database%20while%20initializing%20kadmin%20interface&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&source=hp&channel=np Google that].<br />
<br />
root@charity:/var/lib/krb5kdc# kadmin.local<br />
Authenticating as principal root/admin@PROGCLUB.ORG with password.<br />
kadmin.local: addprinc jj5/admin@PROGCLUB.ORG<br />
WARNING: no policy specified for jj5/admin@PROGCLUB.ORG; defaulting to no policy<br />
Enter password for principal "jj5/admin@PROGCLUB.ORG":<br />
Re-enter password for principal "jj5/admin@PROGCLUB.ORG":<br />
Principal "jj5/admin@PROGCLUB.ORG" created.<br />
kadmin.local: quit<br />
root@charity:/var/lib/krb5kdc# kadmin -p jj5/admin<br />
Authenticating as principal jj5/admin with password.<br />
Password for jj5/admin@PROGCLUB.ORG:<br />
kadmin: ?<br />
Available kadmin requests:<br />
<br />
add_principal, addprinc, ank<br />
Add principal<br />
delete_principal, delprinc<br />
Delete principal<br />
modify_principal, modprinc<br />
Modify principal<br />
change_password, cpw Change password<br />
get_principal, getprinc Get principal<br />
list_principals, listprincs, get_principals, getprincs<br />
List principals<br />
add_policy, addpol Add policy<br />
modify_policy, modpol Modify policy<br />
delete_policy, delpol Delete policy<br />
get_policy, getpol Get policy<br />
list_policies, listpols, get_policies, getpols<br />
List policies<br />
get_privs, getprivs Get privileges<br />
ktadd, xst Add entry(s) to a keytab<br />
ktremove, ktrem Remove entry(s) from a keytab<br />
lock Lock database exclusively (use with extreme caution!)<br />
unlock Release exclusive database lock<br />
list_requests, lr, ? List available requests.<br />
quit, exit, q Exit program. <br />
kadmin: listprincs<br />
K/M@PROGCLUB.ORG<br />
jj5/admin@PROGCLUB.ORG<br />
kadmin/admin@PROGCLUB.ORG<br />
kadmin/changepw@PROGCLUB.ORG<br />
kadmin/charity.progclub.org@PROGCLUB.ORG<br />
kadmin/history@PROGCLUB.ORG<br />
krbtgt/PROGCLUB.ORG@PROGCLUB.ORG<br />
kadmin: quit<br />
<br />
root@charity:/etc# cat krb5.conf<br />
[logging]<br />
default = FILE:/var/log/krb5.log<br />
<br />
[libdefaults]<br />
default_realm = PROGCLUB.ORG<br />
<br />
# The following krb5.conf variables are only for MIT Kerberos.<br />
krb4_config = /etc/krb.conf<br />
krb4_realms = /etc/krb.realms<br />
kdc_timesync = 1<br />
ccache_type = 4<br />
forwardable = true<br />
proxiable = true<br />
<br />
# The following encryption type specification will be used by MIT Kerberos<br />
# if uncommented. In general, the defaults in the MIT Kerberos code are<br />
# correct and overriding these specifications only serves to disable new<br />
# encryption types as they are added, creating interoperability problems.<br />
#<br />
# Thie only time when you might need to uncomment these lines and change<br />
# the enctypes is if you have local software that will break on ticket<br />
# caches containing ticket encryption types it doesn't know about (such as<br />
# old versions of Sun Java).<br />
<br />
# default_tgs_enctypes = des3-hmac-sha1<br />
# default_tkt_enctypes = des3-hmac-sha1<br />
# permitted_enctypes = des3-hmac-sha1<br />
<br />
# The following libdefaults parameters are only for Heimdal Kerberos.<br />
v4_instance_resolve = false<br />
v4_name_convert = {<br />
host = {<br />
rcmd = host<br />
ftp = ftp<br />
}<br />
plain = {<br />
something = something-else<br />
}<br />
}<br />
fcc-mit-ticketflags = true<br />
<br />
[realms]<br />
PROGCLUB.ORG = {<br />
kdc = kerberos.progclub.org:88<br />
admin_server = kerberos.progclub.org<br />
default_domain = progclub.org<br />
}<br />
<br />
[domain_realm]<br />
.progclub.org = PROGCLUB.ORG<br />
progclub.org = PROGCLUB.ORG<br />
.progclub.com = PROGCLUB.ORG<br />
progclub.com = PROGCLUB.ORG<br />
.progclub.info = PROGCLUB.ORG<br />
progclub.info = PROGCLUB.ORG<br />
.progclub.net = PROGCLUB.ORG<br />
progclub.net = PROGCLUB.ORG<br />
.progclub.co = PROGCLUB.ORG<br />
progclub.co = PROGCLUB.ORG<br />
.progclub.mobi = PROGCLUB.ORG<br />
progclub.mobi = PROGCLUB.ORG<br />
<br />
[login]<br />
krb4_convert = true<br />
krb4_get_tickets = false<br />
<br />
root@charity:/etc# kadmin -p jj5/admin<br />
kadmin: cpw jj5/admin<br />
Enter password for principal "jj5/admin@PROGCLUB.ORG":<br />
Re-enter password for principal "jj5/admin@PROGCLUB.ORG":<br />
Password for "jj5/admin@PROGCLUB.ORG" changed.<br />
kadmin: quit<br />
<br />
= [[User:John|John]] 2011-08-03 07:42 =<br />
<br />
== Adding user friggles ==<br />
<br />
jj5@charity:~$ sudo adduser friggles<br />
[sudo] password for jj5:<br />
Adding user `friggles' ...<br />
Adding new group `friggles' (1005) ...<br />
Adding new user `friggles' (1005) with group `friggles' ...<br />
Creating home directory `/home/friggles' ...<br />
Copying files from `/etc/skel' ...<br />
Enter new UNIX password:<br />
Retype new UNIX password:<br />
passwd: password updated successfully<br />
Changing the user information for friggles<br />
Enter the new value, or press ENTER for the default<br />
Full Name []: <full name><br />
Room Number []:<br />
Work Phone []:<br />
Home Phone []:<br />
Other []:<br />
Is the information correct? [Y/n]<br />
<br />
jj5@charity:~$ sudo gpasswd -a friggles sudo<br />
Adding user friggles to group sudo<br />
<br />
= [[User:John|John]] 2011-08-01 00:12 =<br />
<br />
== Configured /wiki URLs ==<br />
<br />
Decided that 'wiki' rather than 'pc' is more appropriate in the URLs for ProgClub. Updated the Apache web-site configuration files, patched LocalSettings.php in the pcwiki directory, and updated the root redirection script. The old 'pc' links will remain functional.<br />
<br />
= [[User:John|John]] 2011-07-31 19:47 =<br />
<br />
== Adding user jav ==<br />
<br />
jj5@charity:~$ sudo adduser jav<br />
[sudo] password for jj5:<br />
Adding user `jav' ...<br />
Adding new group `jav' (1004) ...<br />
Adding new user `jav' (1004) with group `jav' ...<br />
Creating home directory `/home/jav' ...<br />
Copying files from `/etc/skel' ...<br />
Enter new UNIX password:<br />
Retype new UNIX password:<br />
passwd: password updated successfully<br />
Changing the user information for jav<br />
Enter the new value, or press ENTER for the default<br />
Full Name []: <full name><br />
Room Number []:<br />
Work Phone []:<br />
Home Phone []:<br />
Other []:<br />
Is the information correct? [Y/n]<br />
<br />
= [[User:John|John]] 2011-07-30 17:15 =<br />
<br />
== Configuring IPSec ==<br />
<br />
jj5@charity:~$ sudo -s<br />
[sudo] password for jj5:<br />
root@charity:~# apt-get install racoon<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following NEW packages will be installed:<br />
racoon<br />
0 upgraded, 1 newly installed, 0 to remove and 2 not upgraded.<br />
Need to get 0B/433kB of archives.<br />
After this operation, 1,217kB of additional disk space will be used.<br />
Committing to: /etc/<br />
modified ipsec-tools.conf<br />
modified iptables.up.rules<br />
Committed revision 22.<br />
Preconfiguring packages ...<br />
Selecting previously deselected package racoon.<br />
(Reading database ... 17754 files and directories currently installed.)<br />
Unpacking racoon (from .../racoon_1%3a0.7.1-1.6ubuntu1_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Processing triggers for ureadahead ...<br />
Setting up racoon (1:0.7.1-1.6ubuntu1) ...<br />
Starting IKE (ISAKMP/Oakley) server: racoon.<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
<br />
root@charity:~# cd /etc/network/if-pre-up.d/<br />
root@charity:/etc/network/if-pre-up.d# ll<br />
total 16<br />
drwxr-xr-x 2 root root 4096 2011-07-26 17:49 ./<br />
drwxr-xr-x 6 root root 4096 2010-04-22 19:09 ../<br />
-rwxr-xr-x 1 root root 344 2011-05-17 07:41 ethtool*<br />
-rwxr-xr-x 1 root root 58 2011-07-26 17:49 iptables*<br />
root@charity:/etc/network/if-pre-up.d# cat iptables<br />
#!/bin/sh<br />
/sbin/iptables-restore < /etc/iptables.up.rules<br />
root@charity:/etc/network/if-pre-up.d# vim ip<br />
<br />
#!/bin/sh<br />
# Hope<br />
ip route add 67.207.130.204 dev eth0 advmss 200<br />
# Honesty<br />
ip route add 67.207.129.103 dev eth0 advmss 200<br />
<br />
root@charity:/etc/network/if-pre-up.d# chmod +x ip<br />
root@charity:/etc/network/if-pre-up.d# cd /etc/<br />
root@charity:/etc# vim iptables.up.rules<br />
<br />
*filter<br />
# Allow all loopback (lo0) traffic<br />
-A INPUT -i lo -j ACCEPT<br />
# Drop all traffic to 127/8 that does use lo0<br />
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT<br />
# Accept all established inbound connections<br />
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT<br />
# Allow all outbound traffic<br />
-A OUTPUT -j ACCEPT<br />
# Allow HTTP and HTTPS connections from anywhere<br />
-A INPUT -p tcp --dport 80 -j ACCEPT<br />
-A INPUT -p tcp --dport 443 -j ACCEPT<br />
# Allow SSH connections<br />
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT<br />
# Accept anything from hope<br />
-A INPUT -s 67.207.130.204 -j ACCEPT<br />
# Accept anything from honesty<br />
-A INPUT -s 67.207.129.103 -j ACCEPT<br />
# Allow MySQL connections from John's house<br />
-A INPUT -s 60.240.67.126/32 -p tcp -m tcp --dport 3306 -j ACCEPT<br />
# Allow MySQL connections from localhost<br />
-A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 3306 -j ACCEPT<br />
# Allow IPSec traffic<br />
#-A INPUT -p 50 -j ACCEPT<br />
#-A INPUT -p 51 -j ACCEPT<br />
# Allow ping<br />
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT<br />
# log iptables denied calls<br />
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7<br />
#-A INPUT -j LOG --log-prefix "iptables debug: " --log-level 7<br />
# Reject all other inbound - default deny unless explicitly allowed policy<br />
-A INPUT -j REJECT<br />
-A FORWARD -j REJECT<br />
COMMIT<br />
<br />
root@charity:/etc# vim ipsec-tools.conf<br />
<br />
#!/usr/sbin/setkey -f<br />
# Charity/Hope security policy<br />
spdadd 67.207.128.184 67.207.130.204 any -P out ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
spdadd 67.207.130.204 67.207.128.184 any -P in ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
# Charity/Honesty security policy<br />
spdadd 67.207.128.184 67.207.129.103 any -P out ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
spdadd 67.207.129.103 67.207.128.184 any -P in ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
<br />
root@charity:/etc# vim racoon/psk.txt<br />
<br />
# Hope<br />
67.207.130.204 <secret><br />
# Honesty<br />
67.207.129.103 <secret><br />
<br />
root@charity:/etc# vim racoon/racoon.conf<br />
<br />
path pre_shared_key "/etc/racoon/psk.txt";<br />
path certificate "/etc/racoon/certs";<br />
remote anonymous {<br />
exchange_mode main,aggressive;<br />
proposal {<br />
encryption_algorithm aes;<br />
hash_algorithm sha1;<br />
authentication_method pre_shared_key;<br />
dh_group modp1024;<br />
}<br />
generate_policy off;<br />
}<br />
sainfo anonymous {<br />
pfs_group modp768;<br />
encryption_algorithm aes;<br />
authentication_algorithm hmac_sha1;<br />
compression_algorithm deflate;<br />
}<br />
#log debug2;<br />
<br />
root@charity:/etc# /etc/init.d/racoon stop<br />
Stopping IKE (ISAKMP/Oakley) server: racoon.<br />
root@charity:/etc# /etc/init.d/setkey restart<br />
Reloading IPsec SA/SP database: done.<br />
root@charity:/etc# /etc/init.d/racoon start<br />
Starting IKE (ISAKMP/Oakley) server: racoon.<br />
root@charity:/etc# ll racoon/psk.txt<br />
-rw------- 1 root root 92 2011-07-30 07:37 racoon/psk.txt<br />
root@charity:/etc# etckeeper commit "Configured IPSec"<br />
Committing to: /etc/<br />
modified ipsec-tools.conf<br />
modified ipsec-tools.conf.bak<br />
modified iptables.up.rules<br />
added network/if-pre-up.d/ip<br />
modified racoon/psk.txt<br />
modified racoon/racoon.conf<br />
Committed revision 23.<br />
root@charity:/etc/racoon# /etc/network/if-pre-up.d/ip<br />
RTNETLINK answers: File exists<br />
<br />
Now off to [[Hope_admin#John_2011-07-30_18:05|configure hope]] and...<br />
<br />
...damn, it didn't work. Oh well, no racoon for you!<br />
<br />
root@charity:~# apt-get remove racoon<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following packages will be REMOVED:<br />
racoon<br />
0 upgraded, 0 newly installed, 1 to remove and 2 not upgraded.<br />
After this operation, 1,217kB disk space will be freed.<br />
Do you want to continue [Y/n]?<br />
(Reading database ... 17818 files and directories currently installed.)<br />
Removing racoon ...<br />
Stopping IKE (ISAKMP/Oakley) server: racoon.<br />
Processing triggers for ureadahead ...<br />
Processing triggers for man-db ...<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
<br />
root@charity:~# cp /etc/ipsec-tools.conf.bak /etc/ipsec-tools.conf<br />
root@charity:~# dd if=/dev/random count=24 bs=1 | xxd -ps<br />
root@charity:~# dd if=/dev/random count=24 bs=1 | xxd -ps<br />
root@charity:~# dd if=/dev/random count=24 bs=1 | xxd -ps<br />
root@charity:~# dd if=/dev/random count=24 bs=1 | xxd -ps<br />
root@charity:~# dd if=/dev/random count=20 bs=1 | xxd -ps<br />
root@charity:~# dd if=/dev/random count=20 bs=1 | xxd -ps<br />
root@charity:~# dd if=/dev/random count=20 bs=1 | xxd -ps<br />
root@charity:~# dd if=/dev/random count=20 bs=1 | xxd -ps<br />
root@charity:~# vim /etc/ipsec-tools.conf<br />
<br />
#!/usr/sbin/setkey -f<br />
# Flush the SAD and SPD<br />
flush;<br />
spdflush;<br />
# Charity/Hope configuration<br />
# ESP SAs using 192 bit long keys (168 + 24 parity)<br />
add 67.207.128.184 67.207.130.204 esp 1 -E aes-cbc<br />
0xdeadb33fdeadb33fdeadb33fdeadb33fdeadb33fdeadb33f;<br />
add 67.207.130.204 67.207.128.184 esp 2 -E aes-cbc<br />
0xdeadb33fdeadb33fdeadb33fdeadb33fdeadb33fdeadb33f;<br />
# AH SAs using 160 bit long keys<br />
add 67.207.128.184 67.207.130.204 ah 3 -A hmac-sha1<br />
0xdeadb33fdeadb33fdeadb33fdeadb33fdeadb33f;<br />
add 67.207.130.204 67.207.128.184 ah 4 -A hmac-sha1<br />
0xdeadb33fdeadb33fdeadb33fdeadb33fdeadb33f;<br />
# Security policies<br />
spdadd 67.207.128.184 67.207.130.204 any -P out ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
spdadd 67.207.130.204 67.207.128.184 any -P in ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
# Charity/Honesty configuration<br />
# ESP SAs using 192 bit long keys (168 + 24 parity)<br />
add 67.207.128.184 67.207.129.103 esp 5 -E aes-cbc<br />
0xdeadb33fdeadb33fdeadb33fdeadb33fdeadb33fdeadb33f;<br />
add 67.207.129.103 67.207.128.184 esp 6 -E aes-cbc<br />
0xdeadb33fdeadb33fdeadb33fdeadb33fdeadb33fdeadb33f;<br />
# AH SAs using 160 bit long keys<br />
add 67.207.128.184 67.207.129.103 ah 7 -A hmac-sha1<br />
0xdeadb33fdeadb33fdeadb33fdeadb33fdeadb33f;<br />
add 67.207.129.103 67.207.128.184 ah 8 -A hmac-sha1<br />
0xdeadb33fdeadb33fdeadb33fdeadb33fdeadb33f;<br />
# Security policies<br />
spdadd 67.207.128.184 67.207.129.103 any -P out ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
spdadd 67.207.129.103 67.207.128.184 any -P in ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
<br />
root@charity:~# /etc/init.d/setkey restart<br />
Reloading IPsec SA/SP database: done.<br />
root@charity:~# cd /etc/network<br />
root@charity:/etc/network# mv if-pre-up.d/ip if-up.d/<br />
root@charity:/etc/network# if-up.d/ip<br />
root@charity:/etc# etckeeper commit "Configured IPSec"<br />
Committing to: /etc/<br />
modified ipsec-tools.conf<br />
missing network/if-pre-up.d/ip<br />
modified network/if-pre-up.d/ip<br />
added network/if-up.d/ip<br />
Committed revision 24.<br />
<br />
That should do it. Off to configure the other end... on [[Hope_admin#John_2011-07-30_18:05|hope]] and [[Honesty_admin#John_2011-07-30_19:30|honesty]]...<br />
<br />
...works!<br />
<br />
= [[User:John|John]] 2011-07-30 09:38 =<br />
<br />
== Configuring racoon ==<br />
<br />
See [http://blog.moopsfc.com/37/2006/08/23/how-to-add-an-ipsec-connection-on-ubuntu-dapper/ this article] for a run-down.<br />
<br />
# vim /etc/racoon/psk.txt<br />
<br />
# Hope<br />
67.207.130.204 <secret><br />
<br />
# vim /etc/racoon/racoon.conf<br />
<br />
remote 67.207.130.204 {<br />
exchange_mode main,aggressive;<br />
proposal {<br />
encryption_algorithm 3des;<br />
hash_algorithm sha1;<br />
authentication_method pre_shared_key;<br />
dh_group modp1024;<br />
}<br />
generate_policy off;<br />
}<br />
<br />
sainfo address 67.207.130.204[any] any address 67.207.130.204/32[any] any {<br />
pfs_group modp768;<br />
encryption_algorithm 3des;<br />
authentication_algorithm hmac_md5;<br />
compression_algorithm deflate;<br />
}<br />
<br />
# vim /etc/ipsec-tools.conf<br />
<br />
# Security policies<br />
spdadd 67.207.128.184 67.207.130.204 any -P out ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
spdadd 67.207.130.204 67.207.128.184 any -P in ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
<br />
root@charity:/etc/racoon# /etc/init.d/racoon stop<br />
Stopping IKE (ISAKMP/Oakley) server: racoon.<br />
root@charity:/etc/racoon# /etc/init.d/setkey restart<br />
Reloading IPsec SA/SP database: done.<br />
root@charity:/etc/racoon# /etc/init.d/racoon start<br />
Starting IKE (ISAKMP/Oakley) server: racoon.<br />
<br />
Still no dice... :(<br />
<br />
= [[User:John|John]] 2011-07-29 23:59 =<br />
<br />
== Installing racoon ==<br />
<br />
Having trouble getting IPSec to work, gonna try installing racoon and giving that a go.<br />
<br />
root@charity:/etc# apt-get install racoon<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following NEW packages will be installed:<br />
racoon<br />
0 upgraded, 1 newly installed, 0 to remove and 2 not upgraded.<br />
Need to get 433kB of archives.<br />
After this operation, 1,217kB of additional disk space will be used.<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main racoon 1:0.7.1-1.6ubuntu1 [433kB]<br />
Fetched 433kB in 1s (329kB/s)<br />
Committing to: /etc/<br />
modified .etckeeper<br />
modified ipsec-tools.conf<br />
added ipsec-tools.conf.bak<br />
Committed revision 19.<br />
Preconfiguring packages ...<br />
Selecting previously deselected package racoon.<br />
(Reading database ... 17749 files and directories currently installed.)<br />
Unpacking racoon (from .../racoon_1%3a0.7.1-1.6ubuntu1_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Processing triggers for ureadahead ...<br />
Setting up racoon (1:0.7.1-1.6ubuntu1) ...<br />
Generating /etc/default/racoon...<br />
Starting IKE (ISAKMP/Oakley) server: racoon.<br />
<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
Committing to: /etc/<br />
modified .etckeeper<br />
added racoon<br />
added default/racoon<br />
added init.d/racoon<br />
added racoon/psk.txt<br />
added racoon/racoon-tool.conf<br />
added racoon/racoon.conf<br />
added rc1.d/K89racoon<br />
added rcS.d/S40racoon<br />
Committed revision 20.<br />
<br />
The install promped for Package configuration information, and I choose the 'direct' configuration method (the default) over 'racoon-tool', the other option.<br />
<br />
┌──────────────────────────┤ Configuring racoon ├──────────────────────────┐<br />
│ Racoon can be configured two ways, either by directly editing │<br />
│ /etc/racoon/racoon.conf or using the racoon-tool administrative front │<br />
│ end. racoon-tool is now deprecated and is only available for backward │<br />
│ compatibility. New installations should always use the "direct" method. │<br />
│ │<br />
│ Configuration mode for racoon IKE daemon. │<br />
│ │<br />
│ direct │<br />
│ racoon-tool │<br />
│ │<br />
│ │<br />
│ <Ok> │<br />
│ │<br />
└──────────────────────────────────────────────────────────────────────────┘<br />
<br />
<br />
= [[User:John|John]] 2011-07-28 11:32 =<br />
<br />
== Firstly some house-keeping ==<br />
<br />
$ cd /etc<br />
$ sudo bzr status<br />
[sudo] password for jj5:<br />
modified:<br />
shadow<br />
$ sudo etckeeper commit "Changed password for jj5"<br />
Committing to: /etc/<br />
modified shadow<br />
Committed revision 13.<br />
<br />
== Installing IPSec ==<br />
<br />
See [https://help.ubuntu.com/community/IPSecHowTo this article] for instructions.<br />
<br />
$ sudo apt-get install ipsec-tools<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following NEW packages will be installed:<br />
ipsec-tools<br />
0 upgraded, 1 newly installed, 0 to remove and 2 not upgraded.<br />
Need to get 111kB of archives.<br />
After this operation, 274kB of additional disk space will be used.<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main ipsec-tools 1:0.7.1-1.6ubuntu1 [111kB]<br />
Fetched 111kB in 0s (116kB/s)<br />
Selecting previously deselected package ipsec-tools.<br />
(Reading database ... 17714 files and directories currently installed.)<br />
Unpacking ipsec-tools (from .../ipsec-tools_1%3a0.7.1-1.6ubuntu1_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Processing triggers for ureadahead ...<br />
Setting up ipsec-tools (1:0.7.1-1.6ubuntu1) ...<br />
<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
Committing to: /etc/<br />
added ipsec-tools.conf<br />
added default/setkey<br />
added init.d/setkey<br />
added rcS.d/S37setkey<br />
Committed revision 14.<br />
<br />
To generate two 128-bit 'ah' keys:<br />
<br />
$ dd if=/dev/random count=16 bs=1| xxd -ps<br />
$ dd if=/dev/random count=16 bs=1| xxd -ps<br />
<br />
To generate two 192-bit 'esp' keys:<br />
<br />
$ dd if=/dev/random count=24 bs=1| xxd -ps<br />
$ dd if=/dev/random count=24 bs=1| xxd -ps<br />
<br />
Then edit the ipsec-tools.conf file,<br />
<br />
$ sudo vim /etc/ipsec-tools.conf<br />
<br />
#!/usr/sbin/setkey -f<br />
<br />
# NOTE: Do not use this file if you use racoon with racoon-tool<br />
# utility. racoon-tool will setup SAs and SPDs automatically using<br />
# /etc/racoon/racoon-tool.conf configuration.<br />
#<br />
<br />
# Flush the SAD and SPD<br />
flush;<br />
spdflush;<br />
<br />
# AH SAs using 128 bit long keys<br />
add 67.207.128.184 67.207.130.204 ah 0x200 -A hmac-md5<br />
0x<ah_1>;<br />
add 67.207.130.204 67.207.128.184 ah 0x300 -A hmac-md5<br />
0x<ah_2>;<br />
<br />
# ESP SAs using 192 bit long keys (168 + 24 parity)<br />
add 67.207.128.184 67.207.130.204 esp 0x201 -E 3des-cbc<br />
0x<esp_1>;<br />
add 67.207.130.204 67.207.128.184 esp 0x301 -E 3des-cbc<br />
0x<esp_2>;<br />
<br />
# Security policies<br />
spdadd 67.207.128.184 67.207.130.204 any -P out ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
<br />
spdadd 67.207.130.204 67.207.128.184 any -P in ipsec<br />
esp/transport//require<br />
ah/transport//require;<br />
<br />
Make sure the ipsec-tools.conf file is not world-readable:<br />
<br />
$ sudo chmod 750 ipsec-tools.conf<br />
<br />
Now I'll go and [[Hope_Admin#John_2011-07-29_00:13|setup the other side of the connection]]...<br />
<br />
Then,<br />
<br />
$ sudo /etc/init.d/setkey start<br />
* Loading IPsec SA/SP database from /etc/ipsec-tools.conf: [ OK ]<br />
$ sudo etckeeper commit "Configured IPSec between charity and hope"<br />
Committing to: /etc/<br />
modified .etckeeper<br />
modified ipsec-tools.conf<br />
Committed revision 15.<br />
<br />
Done!<br />
<br />
...or, not-so-done. After testing discovered that IPTables was getting in the way of IPSec traffic.<br />
<br />
= [[User:John|John]] 2011-07-27 12:01 =<br />
<br />
== Public read-only svn access via HTTPS and HTTP ==<br />
<br />
See [http://www.barneyb.com/barneyblog/2008/02/28/read-only-and-read-write-svn-repositories/ this article] for the general idea.<br />
<br />
# cd /etc/apache2/<br />
# vim dav_svn.ro.authz<br />
<br />
[/]<br />
* = r<br />
<br />
# vim dav_svn.rw.authz<br />
<br />
[/]<br />
jj5 = rw<br />
<br />
# vim sites-available/default-ssl<br />
<br />
<Location /svn><br />
DAV svn<br />
SVNParentPath /var/svn<br />
AuthType Basic<br />
AuthName "Subversion Repository"<br />
AuthUserFile /etc/apache2/dav_svn.passwd<br />
AuthzSVNAccessFile /etc/apache2/dav_svn.rw.authz<br />
Require valid-user<br />
</Location><br />
<br />
<Location /svnro><br />
DAV svn<br />
SVNParentPath /var/svn<br />
AuthzSVNAccessFile /etc/apache2/dav_svn.ro.authz<br />
</Location><br />
<br />
# vim sites-available/default<br />
<br />
<Location /svnro><br />
DAV svn<br />
SVNParentPath /var/svn<br />
AuthzSVNAccessFile /etc/apache2/dav_svn.ro.authz<br />
</Location><br />
<br />
# apache2ctl graceful<br />
# etckeeper commit "Public read-only svn access"<br />
Committing to: /etc/<br />
added apache2/dav_svn.ro.authz<br />
added apache2/dav_svn.rw.authz<br />
modified apache2/sites-available/default<br />
modified apache2/sites-available/default-ssl<br />
Committed revision 12.<br />
<br />
= [[User:John|John]] 2011-07-27 06:12 =<br />
<br />
== Installing Subversion with HTTPS support ==<br />
<br />
See [http://ubuntuforums.org/showthread.php?t=51753 this article] for a primer.<br />
<br />
# apt-get install subversion libapache2-svn<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
libneon27-gnutls libsvn1<br />
Suggested packages:<br />
db4.8-util subversion-tools<br />
The following NEW packages will be installed:<br />
libapache2-svn libneon27-gnutls libsvn1 subversion<br />
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 1,595kB of archives.<br />
After this operation, 7,250kB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libneon27-gnutls 0.29.0-1 [136kB]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libsvn1 1.6.6dfsg-2ubuntu1.3 [906kB]<br />
Get:3 http://archive.ubuntu.com/ubuntu/ lucid-updates/universe libapache2-svn 1.6.6dfsg-2ubuntu1.3 [168kB]<br />
Get:4 http://archive.ubuntu.com/ubuntu/ lucid-updates/main subversion 1.6.6dfsg-2ubuntu1.3 [385kB]<br />
Fetched 1,595kB in 1s (866kB/s)<br />
Selecting previously deselected package libneon27-gnutls.<br />
(Reading database ... 17613 files and directories currently installed.)<br />
Unpacking libneon27-gnutls (from .../libneon27-gnutls_0.29.0-1_amd64.deb) ...<br />
Selecting previously deselected package libsvn1.<br />
Unpacking libsvn1 (from .../libsvn1_1.6.6dfsg-2ubuntu1.3_amd64.deb) ...<br />
Selecting previously deselected package libapache2-svn.<br />
Unpacking libapache2-svn (from .../libapache2-svn_1.6.6dfsg-2ubuntu1.3_amd64.deb) ...<br />
Selecting previously deselected package subversion.<br />
Unpacking subversion (from .../subversion_1.6.6dfsg-2ubuntu1.3_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Setting up libneon27-gnutls (0.29.0-1) ...<br />
<br />
Setting up libsvn1 (1.6.6dfsg-2ubuntu1.3) ...<br />
<br />
Setting up libapache2-svn (1.6.6dfsg-2ubuntu1.3) ...<br />
Considering dependency dav for dav_svn:<br />
Enabling module dav.<br />
Enabling module dav_svn.<br />
Run '/etc/init.d/apache2 restart' to activate new configuration!<br />
<br />
Setting up subversion (1.6.6dfsg-2ubuntu1.3) ...<br />
Processing triggers for libc-bin ...<br />
ldconfig deferred processing now taking place<br />
Committing to: /etc/<br />
added emacs<br />
added subversion<br />
added apache2/mods-available/dav_svn.conf<br />
added apache2/mods-available/dav_svn.load<br />
added apache2/mods-enabled/dav.load<br />
added apache2/mods-enabled/dav_svn.conf<br />
added apache2/mods-enabled/dav_svn.load<br />
added bash_completion.d/subversion<br />
added emacs/site-start.d<br />
added emacs/site-start.d/50psvn.el<br />
added subversion/config<br />
added subversion/servers<br />
Committed revision 9.<br />
<br />
# apache2ctl graceful<br />
# cd /var<br />
# ls<br />
backups cache crash lib local lock log mail opt run spool tmp www<br />
# mkdir svn<br />
# cd svn<br />
# svnadmin create pcrepo<br />
# ls<br />
pcrepo<br />
# chown -R www-data:www-data pcrepo/<br />
# chmod -R g+ws pcrepo/<br />
# htpasswd -c /etc/apache2/dav_svn.passwd jj5<br />
New password:<br />
Re-type new password:<br />
Adding password for user jj5<br />
# vim /etc/apache2/sites-enabled/000-default-ssl<br />
<br />
Add the following,<br />
<br />
<Location /svn><br />
DAV svn<br />
SVNParentPath /var/svn<br />
AuthType Basic<br />
AuthName "Subversion Repository"<br />
AuthUserFile /etc/apache2/dav_svn.passwd<br />
Require valid-user<br />
</Location><br />
<br />
# apache2ctl graceful<br />
<br />
$ pwd<br />
/home/jj5<br />
$ mkdir test<br />
$ cd test<br />
$ svn co https://www.progclub.org/svn/pcrepo .<br />
Authentication realm: <https://www.progclub.org> Subversion Repository<br />
Password for 'jj5':<br />
Checked out revision 0.<br />
<br />
Works!<br />
<br />
== Migrating mediawiki-1.17.0 to pcwiki, and checking into svn ==<br />
<br />
$ cd ..<br />
$ mv test pcrepo<br />
$ ls<br />
bin pcrepo<br />
$ cd pcrepo/<br />
$ mkdir pcwiki<br />
$ cd pcwiki/<br />
$ mkdir trunk<br />
$ mkdir branches<br />
$ mkdir tags<br />
$ cp -R /var/www/www.progclub.org/mediawiki-1.17.0/* trunk/<br />
$ ls<br />
branches tags trunk<br />
$ cd trunk/<br />
$ ls<br />
api.php images maintenance RELEASE-NOTES<br />
api.php5 img_auth.php math resources<br />
bin img_auth.php5 mw-config serialized<br />
cache includes opensearch_desc.php skins<br />
config index.php opensearch_desc.php5 StartProfiler.sample<br />
COPYING index.php5 php5.php5 thumb.php<br />
CREDITS INSTALL profileinfo.php thumb.php5<br />
docs languages README trackback.php<br />
extensions load.php redirect.php trackback.php5<br />
FAQ load.php5 redirect.php5 UPGRADE<br />
HISTORY LocalSettings.php redirect.phtml wiki.phtml<br />
$ rm LocalSettings.php<br />
$ cd ../..<br />
$ svn add pcwiki/<br />
$ svn ci -m "Checking in original mediawiki files"<br />
$ sudo etckeeper commit "Subversion HTTPS"<br />
[sudo] password for jj5:<br />
Committing to: /etc/<br />
added apache2/dav_svn.passwd<br />
modified apache2/sites-available/default-ssl<br />
Committed revision 10.<br />
<br />
Then using TortoiseSVN on my workstation I checked out,<br />
<br />
https://www.progclub.org/svn/pcrepo/pcwiki/trunk<br />
<br />
into<br />
<br />
C:\Inetpub\wwwroot\pcwiki<br />
<br />
Copied in LocalSettings.php, added it to the ignore list, and checked in.<br />
<br />
# cd /var/www/www.progclub.org/<br />
# svn co https://www.progclub.org/svn/pcrepo/pcwiki/trunk pcwiki<br />
# cp mediawiki-1.17.0/LocalSettings.php pcwiki/<br />
# cd /etc/apache2/sites-enabled/<br />
# vim 000-default<br />
<br />
Changed alias on line 17,<br />
<br />
Alias /pc /var/www/www.progclub.org/pcwiki/index.php<br />
<br />
# vim 000-default-ssl<br />
<br />
Changed alias on line 17,<br />
<br />
Alias /pc /var/www/www.progclub.org/pcwiki/index.php<br />
<br />
# apache2ctl graceful<br />
# etckeeper commit "pcwiki web"<br />
Committing to: /etc/<br />
modified apache2/sites-available/default<br />
modified apache2/sites-available/default-ssl<br />
Committed revision 11.<br />
<br />
Reloaded a page from the web-site, and everything seems to be working well.<br />
<br />
Copied in changes for mediawiki skin oldskool on my workstation and checked in to svn. There seems to be a new-line thing going on whereby every file got updated with different line-feed sequence (I'm guessing \r\n rather than just \n) -- it changed nearly every file, but I just checked it in anyway.<br />
<br />
# cd /var/www/www.progclub.org/pcwiki<br />
# svn update<br />
<br />
Reloaded a page from the web-site, and everything seems to be in order.<br />
<br />
# cd /var/www/www.progclub.org/<br />
# svn co https://www.progclub.org/svn/pcrepo/pcwiki/trunk pcwiki-dev<br />
# cp pcwiki/LocalSettings.php pcwiki-dev/<br />
# cd pcwiki-dev/<br />
# vim LocalSettings.php<br />
(reconfigured style and script path)<br />
# svn update<br />
<br />
= [[User:John|John]] 2011-07-27 04:44 =<br />
<br />
== Configuring MySQL for (not too) public access ==<br />
<br />
# cd /etc/mysql<br />
# vim my.cnf<br />
<br />
Changed from line 52,<br />
<br />
#bind-address = 127.0.0.1<br />
bind-address = 67.207.128.184<br />
<br />
# service mysql restart<br />
mysql start/running, process 2598<br />
<br />
# etckeeper commit "Bound MySQL to public IP address"<br />
Committing to: /etc/<br />
modified mysql/my.cnf<br />
Committed revision 7.<br />
<br />
# vim /etc/iptables.up.rules<br />
<br />
# Allows MySQL connections from John's house<br />
-A INPUT -s <John's IP>/32 -p tcp -m tcp --dport 3306 -j ACCEPT<br />
# Allows MySQL connections from localhost<br />
-A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 3306 -j ACCEPT<br />
<br />
# iptables -F<br />
# iptables-restore < /etc/iptables.up.rules<br />
# etckeeper commit "Updated firewall rules -- MySQL from John's house"<br />
Committing to: /etc/<br />
modified iptables.up.rules<br />
Committed revision 8.<br />
<br />
# mysql -uroot -p<br />
mysql> use mysql;<br />
mysql> select host, user from user<br />
mysql> create user 'pcwiki'@'<John's house>' identified by '<password>';<br />
mysql> grant all privileges on pcwiki.* to 'pcwiki'@'<John's house>' with grant option;<br />
mysql> flush privileges;<br />
<br />
My development version of MediaWiki can now connect to the production database!<br />
<br />
= [[User:John|John]] 2011-07-27 04:09 =<br />
<br />
== Installing fail2ban ==<br />
<br />
See [https://help.ubuntu.com/community/Fail2ban Fail2ban] for information about installing and configuring the program.<br />
<br />
# apt-get install fail2ban<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
The following extra packages will be installed:<br />
whois<br />
Suggested packages:<br />
python-gamin mailx<br />
The following NEW packages will be installed:<br />
fail2ban whois<br />
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 129kB of archives.<br />
After this operation, 1032kB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/universe fail2ban 0.8.4-1ubuntu1 [96.0kB]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main whois 5.0.0ubuntu3 [32.6kB]<br />
Fetched 129kB in 1s (123kB/s)<br />
Selecting previously deselected package fail2ban.<br />
(Reading database ... 17493 files and directories currently installed.)<br />
Unpacking fail2ban (from .../fail2ban_0.8.4-1ubuntu1_all.deb) ...<br />
Selecting previously deselected package whois.<br />
Unpacking whois (from .../whois_5.0.0ubuntu3_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Processing triggers for ureadahead ...<br />
Setting up fail2ban (0.8.4-1ubuntu1) ... <br />
<br />
Setting up whois (5.0.0ubuntu3) ...<br />
Processing triggers for python-central ...<br />
Committing to: /etc/<br />
added fail2ban<br />
added default/fail2ban<br />
added fail2ban/action.d<br />
added fail2ban/fail2ban.conf<br />
added fail2ban/filter.d<br />
added fail2ban/jail.conf<br />
added fail2ban/action.d/complain.conf<br />
added fail2ban/action.d/dshield.conf<br />
added fail2ban/action.d/hostsdeny.conf<br />
added fail2ban/action.d/ipfilter.conf<br />
added fail2ban/action.d/ipfw.conf<br />
added fail2ban/action.d/iptables-allports.conf<br />
added fail2ban/action.d/iptables-multiport-log.conf<br />
added fail2ban/action.d/iptables-multiport.conf<br />
added fail2ban/action.d/iptables-new.conf<br />
added fail2ban/action.d/iptables.conf<br />
added fail2ban/action.d/mail-buffered.conf<br />
added fail2ban/action.d/mail-whois-lines.conf<br />
added fail2ban/action.d/mail-whois.conf<br />
added fail2ban/action.d/mail.conf<br />
added fail2ban/action.d/mynetwatchman.conf<br />
added fail2ban/action.d/sendmail-buffered.conf<br />
added fail2ban/action.d/sendmail-whois-lines.conf<br />
added fail2ban/action.d/sendmail-whois.conf<br />
added fail2ban/action.d/sendmail.conf<br />
added fail2ban/action.d/shorewall.conf<br />
added fail2ban/filter.d/apache-auth.conf<br />
added fail2ban/filter.d/apache-badbots.conf<br />
added fail2ban/filter.d/apache-nohome.conf<br />
added fail2ban/filter.d/apache-noscript.conf<br />
added fail2ban/filter.d/apache-overflows.conf<br />
added fail2ban/filter.d/common.conf<br />
added fail2ban/filter.d/courierlogin.conf<br />
added fail2ban/filter.d/couriersmtp.conf<br />
added fail2ban/filter.d/cyrus-imap.conf<br />
added fail2ban/filter.d/exim.conf<br />
added fail2ban/filter.d/gssftpd.conf<br />
added fail2ban/filter.d/lighttpd-fastcgi.conf<br />
added fail2ban/filter.d/named-refused.conf<br />
added fail2ban/filter.d/pam-generic.conf<br />
added fail2ban/filter.d/php-url-fopen.conf<br />
added fail2ban/filter.d/postfix.conf<br />
added fail2ban/filter.d/proftpd.conf<br />
added fail2ban/filter.d/pure-ftpd.conf<br />
added fail2ban/filter.d/qmail.conf<br />
added fail2ban/filter.d/sasl.conf<br />
added fail2ban/filter.d/sieve.conf<br />
added fail2ban/filter.d/sshd-ddos.conf<br />
added fail2ban/filter.d/sshd.conf<br />
added fail2ban/filter.d/vsftpd.conf<br />
added fail2ban/filter.d/webmin-auth.conf<br />
added fail2ban/filter.d/wuftpd.conf<br />
added fail2ban/filter.d/xinetd-fail.conf<br />
added init.d/fail2ban<br />
added logrotate.d/fail2ban<br />
added rc0.d/K99fail2ban<br />
added rc1.d/K99fail2ban<br />
added rc2.d/S99fail2ban<br />
added rc3.d/S99fail2ban<br />
added rc4.d/S99fail2ban<br />
added rc5.d/S99fail2ban<br />
added rc6.d/K99fail2ban<br />
Committed revision 6.<br />
<br />
# iptables -L<br />
...<br />
Chain fail2ban-ssh (1 references)<br />
target prot opt source destination<br />
RETURN all -- anywhere anywhere<br />
<br />
Then I tried dud logins from loki.progsoc.uts.edu.au, and <br />
<br />
# iptables -L<br />
...<br />
Chain fail2ban-ssh (1 references)<br />
target prot opt source destination<br />
DROP all -- loki.progsoc.uts.edu.au anywhere<br />
RETURN all -- anywhere anywhere<br />
<br />
Which is what we wanted to see.<br />
<br />
= [[User:John|John]] 2011-07-27 03:41 =<br />
<br />
== Configuring IPTables ==<br />
<br />
See [http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-1 this article] for information on configuring IPTables.<br />
<br />
# vim /etc/iptables.up.rules<br />
<br />
*filter<br />
# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0<br />
-A INPUT -i lo -j ACCEPT<br />
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT<br />
# Accepts all established inbound connections<br />
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT<br />
# Allows all outbound traffic<br />
# You can modify this to only allow certain traffic<br />
-A OUTPUT -j ACCEPT<br />
# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)<br />
-A INPUT -p tcp --dport 80 -j ACCEPT<br />
-A INPUT -p tcp --dport 443 -j ACCEPT<br />
# Allows SSH connections<br />
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT<br />
# Allow ping<br />
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT<br />
# log iptables denied calls<br />
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7<br />
# Reject all other inbound - default deny unless explicitly allowed policy<br />
-A INPUT -j REJECT<br />
-A FORWARD -j REJECT<br />
COMMIT<br />
<br />
# iptables-restore < /etc/iptables.up.rules<br />
# iptables -L<br />
Chain INPUT (policy ACCEPT)<br />
target prot opt source destination<br />
ACCEPT all -- anywhere anywhere<br />
REJECT all -- anywhere 127.0.0.0/8 reject-with icmp-port-unreachable<br />
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED<br />
ACCEPT tcp -- anywhere anywhere tcp dpt:www<br />
ACCEPT tcp -- anywhere anywhere tcp dpt:https<br />
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:30000<br />
ACCEPT icmp -- anywhere anywhere icmp echo-request<br />
LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix `iptables denied: '<br />
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable<br />
<br />
Chain FORWARD (policy ACCEPT)<br />
target prot opt source destination<br />
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable<br />
<br />
Chain OUTPUT (policy ACCEPT)<br />
target prot opt source destination<br />
ACCEPT all -- anywhere anywhere<br />
<br />
# vim /etc/network/if-pre-up.d/iptables<br />
<br />
#!/bin/sh<br />
/sbin/iptables-restore < /etc/iptables.up.rules<br />
<br />
# chmod +x /etc/network/if-pre-up.d/iptables<br />
# etckeeper commit "Configured IPTables"<br />
Committing to: /etc/<br />
added iptables.up.rules<br />
added network/if-pre-up.d/iptables<br />
Committed revision 4.<br />
<br />
The commands for modifying IPTables firewall rules are now:<br />
<br />
# vim /etc/iptables.up.rules<br />
# /sbin/iptables -F<br />
# /sbin/iptables-restore < /etc/iptables.up.rules<br />
# etckeeper commit "Updated firewall rules"<br />
<br />
= [[User:John|John]] 2011-07-27 03:33 =<br />
<br />
== Disabling root SSH login ==<br />
<br />
Per the instructions [http://www.dedicated-resources.com/guide/31/Disabling-Direct-Root-Login-%28SSH%29.html Disabling Direct Root Login (SSH)],<br />
<br />
$ sudo -s<br />
# cd /etc/ssh<br />
# vim sshd_config<br />
<br />
Changed line 26 to,<br />
<br />
PermitRootLogin no<br />
<br />
Then,<br />
<br />
$ sudo service ssh restart<br />
$ sudo etckeeper commit "Disabled root logins"<br />
<br />
= [[User:John|John]] 2011-07-27 03:27 =<br />
<br />
== Configuring the system locale ==<br />
<br />
Per the [[John's_Linux_Page#Configuring_your_locale|instructions]],<br />
<br />
$ sudo /usr/sbin/locale-gen en_AU.UTF-8<br />
Generating locales...<br />
en_AU.UTF-8... done<br />
Generation complete.<br />
$ sudo /usr/sbin/update-locale LANG=en_AU.UTF-8<br />
$ sudo etckeeper commit "Set system locale"<br />
<br />
= [[User:John|John]] 2011-07-27 03:20 =<br />
<br />
== Configuring jj5's environment ==<br />
<br />
Per the instructions about configuring the [[John's_Linux_Page#Environment|Environment]], I added,<br />
<br />
# JE 2011-07-27 03:16<br />
export EDITOR=/usr/bin/vim<br />
<br />
to end of /home/jj5/.profile<br />
<br />
and ran,<br />
<br />
$ sudo update-alternatives --config editor<br />
There are 3 choices for the alternative editor (providing /usr/bin/editor).<br />
<br />
Selection Path Priority Status<br />
------------------------------------------------------------<br />
* 0 /bin/nano 40 auto mode<br />
1 /bin/nano 40 manual mode<br />
2 /usr/bin/vim.basic 30 manual mode<br />
3 /usr/bin/vim.tiny 10 manual mode<br />
<br />
Press enter to keep the current choice[*], or type selection number: 2<br />
update-alternatives: using /usr/bin/vim.basic to provide /usr/bin/editor (editor) in manual mode.<br />
<br />
to configure the visudo editor. (Forgot to commit with etckeeper!)<br />
<br />
= [[User:John|John]] 2011-07-27 01:20 =<br />
<br />
== Creating a favicon.ico ==<br />
<br />
MediaWiki is configured to use one, and web-browsers are requesting it, and it's 404ing, so best if I put a file there. Used [http://www.iconj.com/ iconj] to generate a favicon.ico file, and used WinSCP to copy it to /var/www/www.progclub.org/favicon.ico on [[Charity]].<br />
<br />
Was having a problem with the favicon.ico loading in firefox, so I generated a new one with [http://www.favicon.cc/ favicon.cc]. I don't actually think the favicon.ico file was the problem though. But the change has been made now, and there's no point reverting it, because it's all working.<br />
<br />
= [[User:John|John]] 2011-07-27 01:01 =<br />
<br />
== Configuring robots.txt ==<br />
<br />
Having some trouble with search engine looking for URLs from the previous domain owners. Going to setup a robots.txt file to try and fix up what I can there. Found [http://antezeta.com/news/avoid-search-engine-indexing 6 methods to control what and how your content appears in search engines] to help guide me.<br />
<br />
# cd /var/www/www.progclub.org/<br />
# vim robots.txt<br />
<br />
User-agent: *<br />
Disallow: /stories/<br />
Disallow: /story/<br />
Disallow: /members/<br />
Disallow: /vehicles/<br />
<br />
Will expand on this as other URLs that need addressing become apparent in the logs.<br />
<br />
== Watching the Apache web-logs ==<br />
<br />
Created /home/jj5/bin/spy to setup a window to watch the web-logs.<br />
<br />
#!/bin/bash<br />
sudo tail -f /var/log/apache2/access.log /var/log/apache2/ssl_access.log<br />
<br />
= [[User:John|John]] 2011-07-26 22:25 =<br />
<br />
== Adding user key720 ==<br />
<br />
# adduser key720<br />
Adding user `key720' ...<br />
Adding new group `key720' (1003) ...<br />
Adding new user `key720' (1003) with group `key720' ...<br />
Creating home directory `/home/key720' ...<br />
Copying files from `/etc/skel' ...<br />
Enter new UNIX password:<br />
Retype new UNIX password:<br />
passwd: password updated successfully<br />
Changing the user information for key720<br />
Enter the new value, or press ENTER for the default<br />
Full Name []: <name><br />
Room Number []:<br />
Work Phone []:<br />
Home Phone []:<br />
Other []:<br />
Is the information correct? [Y/n]<br />
<br />
Also added [[User:Key|Key]] to the wiki.<br />
<br />
= [[User:Tasaio|Tasaio]] 2011-07-26 21:39 =<br />
<br />
== Setting up Etckeeper==<br />
<br />
$ sudo apt-get install etckeeper<br />
<br />
That's really all there is to it. There's an auto commit every day, an autocommit whenever you apt-get install something and you can manually commit your changes using:<br />
$ sudo etckeeper commit "Changed foo to achieve bar"<br />
<br />
See the commit log for a file with:<br />
$ sudo bzr log /etc/passwd<br />
<br />
This means we should be able to see with reasonable accuracy what changed when, and as long as people commit their changes (and use sudo rather than abusing sudo su or the like), we'll even know who did it. Useful for quickly rolling back silly changes and catching those changes people forget to log on the wiki.<br />
<br />
= [[User:John|John]] 2011-07-26 09:55 =<br />
<br />
== Adding user sanguinev ==<br />
<br />
# adduser sanguinev<br />
Adding user `sanguinev' ...<br />
Adding new group `sanguinev' (1002) ...<br />
Adding new user `sanguinev' (1002) with group `sanguinev' ...<br />
Creating home directory `/home/sanguinev' ...<br />
Copying files from `/etc/skel' ...<br />
Enter new UNIX password:<br />
Retype new UNIX password:<br />
passwd: password updated successfully<br />
Changing the user information for sanguinev<br />
Enter the new value, or press ENTER for the default<br />
Full Name []: Thomas<br />
Room Number []:<br />
Work Phone []:<br />
Home Phone []:<br />
Other []:<br />
Is the information correct? [Y/n]<br />
<br />
# gpasswd -a sanguinev sudo<br />
Adding user sanguinev to group sudo<br />
<br />
Added a wiki user too.<br />
<br />
= [[User:John|John]] 2011-07-26 09:13 =<br />
<br />
== Adding user jj5 ==<br />
<br />
root@charity:~# adduser jj5<br />
Adding user `jj5' ...<br />
Adding new group `jj5' (1000) ...<br />
Adding new user `jj5' (1000) with group `jj5' ...<br />
Creating home directory `/home/jj5' ...<br />
Copying files from `/etc/skel' ...<br />
Enter new UNIX password:<br />
Retype new UNIX password:<br />
passwd: password updated successfully<br />
Changing the user information for jj5<br />
Enter the new value, or press ENTER for the default<br />
Full Name []: John Elliot<br />
Room Number []:<br />
Work Phone []:<br />
Home Phone []:<br />
Other []:<br />
Is the information correct? [Y/n]<br />
<br />
root@charity:~# gpasswd -a jj5 sudo<br />
Adding user jj5 to group sudo<br />
<br />
That was easy. PuTTY says it works!<br />
<br />
== Adding user tasaio ==<br />
<br />
root@charity:~# adduser tasaio<br />
Adding user `tasaio' ...<br />
Adding new group `tasaio' (1001) ...<br />
Adding new user `tasaio' (1001) with group `tasaio' ...<br />
Creating home directory `/home/tasaio' ...<br />
Copying files from `/etc/skel' ...<br />
Enter new UNIX password:<br />
Retype new UNIX password:<br />
passwd: password updated successfully<br />
Changing the user information for tasaio<br />
Enter the new value, or press ENTER for the default<br />
Full Name []: Justin<br />
Room Number []:<br />
Work Phone []:<br />
Home Phone []:<br />
Other []:<br />
Is the information correct? [Y/n]<br />
root@charity:~# gpasswd -a tasaio sudo<br />
Adding user tasaio to group sudo<br />
<br />
That was easy too! Will create a wiki user for him too.<br />
<br />
= [[User:John|John]] 2011-07-26 08:47 =<br />
<br />
I could be accused of ignorance. When I created my key file for the CSR request I nominated a pass-phrase. This phrase is required to be entered every time you restart Apache. Gah! Until I can figure out a way to fix it I've created a script in /sbin called restart-apache which enters the key's pass-phrase automatically.<br />
<br />
# cd /sbin<br />
# vim restart-apache<br />
<br />
#!/bin/bash<br />
echo <the pass phrase> | apache2ctl graceful<br />
<br />
# chmod u+x restart-apache<br />
# restart-apache<br />
<br />
Works swimmingly. Will reboot to see what happens when apache tries to load from a boot.<br />
<br />
Apache chokes on boot. Found [http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html this article], which suggests,<br />
<br />
# cd ~<br />
# cp progclub.key progclub.key.pass-phrase<br />
# openssl rsa -in progclub.key.pass-phrase -out progclub.key<br />
# chmod 400 progclub.*<br />
# reboot<br />
<br />
Hopefully Apache comes back up this time... yep!<br />
<br />
Will keep the restart-apache script in sbin, but will remove the part that specified the key pass-phrase.<br />
<br />
= [[User:John|John]] 2011-07-26 06:20 =<br />
<br />
== Getting an HTTPS certificate ==<br />
<br />
Searched for [http://www.google.com.au/search?q=certificate%20sni%20cheap&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&source=hp&channel=np certificate sni cheap], found [http://www.godaddy.com/ssl/ssl-certificates.aspx?isc=sslqgau03&ci=9039 Go Daddy SSL Certificate]. Decided on the Multiple Domains UCC - A$82.93/yr setup, which looks like it will suit us. Picked up to 5 domains for 3 years. It offered me free .mobi registration, so I added progclub.mobi. I then also added progclub.biz and progclub.co, I'm a sucker. Registration information recorded in [https://www.blackbrick.com/web/service/view/id/3240 Blackbrick Account Manager]. Setup the nameservers for the new domains to point to ns*.slicehost.net via [https://mya.godaddy.com/default.aspx?isc=sslqgau03&ci=21822&isc=sslqgau03 My Account].<br />
<br />
Had to generate a Certificate Signing Request (CSR) per [http://community.godaddy.com/help/article/5343 these instructions] (for [http://community.godaddy.com/help/5269 Apache 2.x]).<br />
<br />
# cd ~<br />
# openssl genrsa -des3 -out progclub.key 2048<br />
# openssl req -new -key progclub.key -out progclub.csr<br />
<br />
See [https://www.blackbrick.com/web/attachment/view/id/3331 Blackbrick Account Manager] for full details.<br />
<br />
=== Certificate Type ===<br />
* Hosting: Third Party Hosting <br />
* Domain Name: www.progclub.org <br />
* Certificate Issuing Organization: Go Daddy <br />
* Subject Alt Names: www.progclub.net www.progclub.mobi www.progclub.info www.progclub.co <br />
<br />
You're through!<br />
<br />
Your certificate will be issued shortly.<br />
<br />
You can monitor the progress of your certificate application by going to the<br />
Pending Requests folder and clicking your Common Name. When we are through<br />
verifying your application, you will receive an email with further instructions.<br />
<br />
Downloaded the progclub.org.zip that was eventually generated, and used WinSCP to copy it to root's home directory on charity. Found info about [http://community.godaddy.com/help/article/5238 Installing an SSL Certificate in Apache].<br />
<br />
# cd /etc/apache2/sites-available/<br />
# vim default-ssl<br />
<br />
Set,<br />
<br />
ServerAdmin jj5@jj5.net<br />
DocumentRoot /var/www/www.progclub.org<br />
<br />
# cd ~<br />
# ls<br />
progclub.csr progclub.key progclub.org.zip<br />
# unzip progclub.org.zip<br />
-bash: unzip: command not found<br />
# apt-get install unzip<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
Suggested packages:<br />
zip<br />
The following NEW packages will be installed:<br />
unzip<br />
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 189kB of archives.<br />
After this operation, 406kB of additional disk space will be used.<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main unzip 6.0-1build1 [189kB]<br />
Fetched 189kB in 0s (195kB/s)<br />
Selecting previously deselected package unzip.<br />
(Reading database ... 15343 files and directories currently installed.)<br />
Unpacking unzip (from .../unzip_6.0-1build1_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Setting up unzip (6.0-1build1) ...<br />
# unzip progclub.org.zip<br />
Archive: progclub.org.zip<br />
inflating: gd_bundle.crt<br />
inflating: progclub.org.crt<br />
# ls<br />
gd_bundle.crt progclub.csr progclub.key progclub.org.crt progclub.org.zip<br />
# cd /etc/apache2/sites-available/<br />
# vim default-ssl<br />
<br />
#SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem<br />
SSLCertificateFile /root/progclub.org.crt<br />
#SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key<br />
SSLCertificateKeyFile /root/progclub.key<br />
<br />
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt<br />
SSLCertificateChainFile /root/gd_bundle.crt<br />
<br />
Saved changes.<br />
<br />
# a2ensite default-ssl<br />
# /etc/init.d/apache2 reload<br />
* Reloading web server config apache2 [ OK ]<br />
# a2enmod ssl<br />
Enabling module ssl.<br />
See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.<br />
Run '/etc/init.d/apache2 restart' to activate new configuration!<br />
# /etc/init.d/apache2 restart<br />
<br />
Navigated to [https://www.progclub.org/ https://www.progclub.org/], and it worked!<br />
<br />
# cd /etc/apache2/sites-enabled/<br />
# vim 000-default-ssl<br />
<br />
Alias /pc /var/www/www.progclub.org/mediawiki-1.17.0/index.php<br />
<br />
The [https://www.progclub.org/pc/Main_Page secure wiki] is now working!<br />
<br />
= [[User:John|John]] 2011-07-25 17:53 =<br />
<br />
== Installing MediaWiki ==<br />
<br />
Found the [http://www.mediawiki.org/wiki/Download MediaWiki download page], which references [http://download.wikimedia.org/mediawiki/1.17/mediawiki-1.17.0.tar.gz mediawiki-1.17.0.tar.gz].<br />
<br />
# cd /var/www/www.progclub.org/<br />
# wget http://download.wikimedia.org/mediawiki/1.17/mediawiki-1.17.0.tar.gz<br />
# ls<br />
index.html mediawiki-1.17.0.tar.gz test.php<br />
# tar xzf mediawiki-1.17.0.tar.gz<br />
# ls<br />
index.html mediawiki-1.17.0 mediawiki-1.17.0.tar.gz test.php<br />
# rm mediawiki-1.17.0.tar.gz<br />
# cd mediawiki-1.17.0/<br />
# ls<br />
COPYING bin languages redirect.php5<br />
CREDITS cache load.php redirect.phtml<br />
FAQ config load.php5 resources<br />
HISTORY docs maintenance serialized<br />
INSTALL extensions math skins<br />
README images mw-config thumb.php<br />
RELEASE-NOTES img_auth.php opensearch_desc.php thumb.php5<br />
StartProfiler.sample img_auth.php5 opensearch_desc.php5 trackback.php<br />
UPGRADE includes php5.php5 trackback.php5<br />
api.php index.php profileinfo.php wiki.phtml<br />
api.php5 index.php5 redirect.php<br />
<br />
Didn't find a LocalSettings.php, which is what I was expecting, so reading INSTALL.<br />
<br />
# less INSTALL<br />
<br />
It told me to navigate to the [http://www.progclub.org/mediawiki-1.17.0/ setup page]. The setup page complained about a missing LocalSettings.php, so they haven't changed that after all. Clicked on [http://www.progclub.org/mediawiki-1.17.0/mw-config/index.php setup the wiki].<br />
<br />
Specified,<br />
<br />
* Your language: en - English<br />
* Wiki language: en - English<br />
<br />
Clicked continue, and amoung it's checks was a complaint:<br />
<br />
Could not find a suitable database driver! You need to install a database driver for PHP. The following<br />
database types are supported: MySQL, PostgreSQL, Oracle, SQLite.<br />
<br />
If you are on shared hosting, ask your hosting provider to install a suitable database driver. If you compiled<br />
PHP yourself, reconfigure it with a database client enabled, for example using ./configure --with-mysql. <br />
If you installed PHP from a Debian or Ubuntu package, then you also need install the php5-mysql module.<br />
<br />
So,<br />
<br />
# apt-get install php5-mysql<br />
# apache2ctl graceful<br />
<br />
Then reloaded the [http://www.progclub.org/mediawiki-1.17.0/mw-config/index.php?page=Welcome config page],<br />
<br />
The environment has been checked. You can install MediaWiki.<br />
<br />
Clicked continue, and got the Connect to database page. Looks like I'm going to need a database user for the wiki, so<br />
<br />
# mysql -h localhost -u root --password=<password><br />
Welcome to the MySQL monitor. Commands end with ; or \g.<br />
Your MySQL connection id is 36<br />
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)<br />
<br />
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.<br />
<br />
mysql> create user 'pcwiki'@'localhost' identified by '<password>';<br />
Query OK, 0 rows affected (0.00 sec)<br />
<br />
mysql> exit<br />
Bye<br />
<br />
Back on the config page:<br />
<br />
* Database type: MySQL<br />
* Database host: localhost<br />
* Database name: pcwiki<br />
* Database table prefix: pcwiki__<br />
* Database username: pcwiki<br />
* Database password: <password><br />
<br />
Clicked continue, and got the Database settings page. Specified,<br />
<br />
* Database account for web access: Use the same account as for installation<br />
* Storage engine: InnoDB (the default, other choice was MyISAM)<br />
* Database character set: UTF-8 (not the default, the default choice was Binary)<br />
<br />
Clicked continue, and got the Name page. Specified,<br />
<br />
* Name of wiki: ProgClub<br />
* Project namespace: Same as the wiki name: ProgClub<br />
<br />
Configuration for the Administrator account,<br />
<br />
* Your name: John<br />
* Password: <password><br />
* Password again: <password><br />
* E-mail address: jj5@jj5.net<br />
<br />
You are almost done! You can now skip the remaining configuration and install the wiki right now.<br />
<br />
Chose Ask me more questions, and got the Options page. Specified,<br />
<br />
* User rights profile: Traditional wiki<br />
* Copyright and license: No license footer<br />
<br />
* Enable outbound e-mail: true<br />
* Return e-mail address: wiki@progclub.org<br />
* Enable user-to-user e-mail: true<br />
* Enable user talk page notification: true<br />
* Enable watchlist notification: true<br />
* Enable e-mail authentication: true<br />
<br />
* Enable file uploads: true<br />
* Directory for deleted files: /var/www/www.progclub.org/mediawiki-1.17.0/images/deleted<br />
* Logo URL: /res/img/logo.png<br />
<br />
* Settings for object caching: No caching<br />
<br />
Clicked Continue, and got the confirmation page. Clicked Continue again. Got an error because the database user couldn't create the database. Created the database manually,<br />
<br />
# mysql -h localhost -u root --password=<password><br />
Welcome to the MySQL monitor. Commands end with ; or \g.<br />
Your MySQL connection id is 43<br />
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)<br />
<br />
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.<br />
<br />
mysql> create database `pcwiki`;<br />
Query OK, 1 row affected (0.00 sec)<br />
<br />
mysql> exit<br />
Bye<br />
<br />
Decided it would be easier to let MediaWiki create the database, so went back and specified the database config details to use the root user. I will change this to be the pcwiki user manually after the database has been created.<br />
<br />
Setting up database... done<br />
Creating tables... done<br />
Creating database user... done<br />
Populating default interwiki table... done<br />
Initializing statistics... done<br />
Generating secret keys... done<br />
Creating administrator user account... done<br />
Creating main page with default content... done<br />
<br />
Clicked continue,<br />
<br />
Congratulations! You have successfully installed MediaWiki.<br />
<br />
The installer has generated a LocalSettings.php file. It contains all your configuration.<br />
<br />
You will need to download it and put it in the base of your wiki installation (the same<br />
directory as index.php). The download should have started automatically.<br />
<br />
If the download was not offered, or if you cancelled it, you can restart the download by<br />
clicking the link below: Download LocalSettings.php<br />
<br />
Note: If you do not do this now, this generated configuration file will not be available<br />
to you later if you exit the installation without downloading it.<br />
<br />
When that has been done, you can enter your wiki.<br />
<br />
Downloaded the LocalSettings.php file and copied it to /var/www/www.progclub.org/mediawiki.1.17.0<br />
<br />
Edited LocalSettings.php and changed the database user:<br />
<br />
$wgDBuser = "pcwiki";<br />
$wgDBpassword = "<password>";<br />
<br />
Also added an article path:<br />
<br />
$wgArticlePath = "/pc/$1";<br />
<br />
Also need to grant access for pcwiki user:<br />
<br />
# mysql -h localhost -u root --password=<password><br />
Welcome to the MySQL monitor. Commands end with ; or \g.<br />
Your MySQL connection id is 54<br />
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)<br />
<br />
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.<br />
<br />
mysql> grant all privileges on pcwiki.* to pcwiki@localhost;<br />
Query OK, 0 rows affected (0.11 sec)<br />
<br />
mysql> exit<br />
Bye<br />
<br />
Then need to edit apache conf file to include the pc alias:<br />
<br />
# cd /etc/apache2/sites-enabled/<br />
# vim 000-default<br />
<br />
added,<br />
<br />
Alias /pc /var/www/www.progclub.org/mediawiki-1.17.0/index.php<br />
<br />
then,<br />
<br />
# apache2ctl graceful<br />
<br />
Also,<br />
<br />
# cd /var/www/www.progclub.org/<br />
# mkdir res<br />
# mkdir res/img<br />
<br />
Then uploaded a logo.png to there with WinSCP. The logo settings hadn't been properly specified in the generated LocalSettings.php file, so,<br />
<br />
# cd /var/www/www.progclub.org/mediawiki-1.17.0/<br />
# vim LocalSettings.php<br />
<br />
and changed the logo setting,<br />
<br />
$wgLogo = "/res/img/logo.png";<br />
<br />
Checked [http://www.progclub.org/pc/Main_Page the wiki], and it's all working nicely.<br />
<br />
= [[User:John|John]] 2011-07-25 17:12 =<br />
<br />
== Preparing WWW hosting ==<br />
<br />
# cd /var/www<br />
# mkdir www.progclub.org<br />
# mv index.html test.php www.progclub.org/<br />
# ls<br />
# cd www.progclub.org/<br />
# ls<br />
index.html test.php<br />
<br />
Everything is in order.<br />
<br />
# cd /etc/apache2/sites-enabled/<br />
# ls<br />
000-default<br />
# vim 000-default<br />
<br />
Specified ServerAdmin,<br />
<br />
ServerAdmin jj5@progclub.org<br />
<br />
Changed document root,<br />
<br />
DocumentRoot /var/www/www.progclub.org/<br />
<br />
Changed the <Directory /var/www/> section to,<br />
<br />
<Directory /var/www/www.progclub.org/><br />
<br />
Saved changes and quit vim. Restarted apache,<br />
<br />
# apache2ctl graceful<br />
<br />
Apache complained,<br />
<br />
apache2: Could not reliably determine the server's fully qualified domain name, using charity.progclub.org for ServerName<br />
<br />
Searched for "apache2: Could not reliably determine the server's fully qualified domain name, using " and found an [http://www.linuxquestions.org/questions/linux-server-73/apache-giving-the-error-could-not-determine-the-servers-fully-qualified-domain-name-280677/ answer].<br />
<br />
Ran,<br />
<br />
# hostname charity.progclub.org<br />
<br />
which I guess is a better way to set the hostname than editing /etc/hostname like I did. :P<br />
<br />
Ran,<br />
<br />
# apache2ctl graceful<br />
<br />
again, and got the same error,<br />
<br />
apache2: Could not reliably determine the server's fully qualified domain name, using charity.progclub.org for ServerName<br />
<br />
Tried a reboot to see if the hostname is updated after that,<br />
<br />
# reboot<br />
<br />
Still having problems with,<br />
<br />
# apache2ctl graceful<br />
<br />
So read more of the [http://www.linuxquestions.org/questions/linux-server-73/apache-giving-the-error-could-not-determine-the-servers-fully-qualified-domain-name-280677/ answer], and then,<br />
<br />
# hostname charity<br />
# vim /etc/hosts<br />
<br />
Specified the file contents as<br />
<br />
127.0.0.1 localhost localhost.localdomain<br />
67.207.128.184 charity charity.progclub.org<br />
<br />
Then rebooted,<br />
<br />
# reboot<br />
<br />
Ran hostname and got,<br />
<br />
# hostname<br />
charity.progclub.org<br />
<br />
So edited /etc/hostname and specified<br />
<br />
charity<br />
<br />
Rebooted,<br />
<br />
# reboot<br />
<br />
Searched for "/etc/hostname", and found [http://lists.debian.org/debian-devel/2003/05/msg02064.html an answer]. Short name goes in /etc/hostname, so we should be configured correctly now. Apache is still complaining though,<br />
<br />
# apache2ctl graceful<br />
apache2: Could not reliably determine the server's fully qualified domain name, using 67.207.128.184 for ServerName<br />
<br />
and it's using the IP address rather than charity.progclub.org now. Will manually specify ServerName in /etc/apache2/sites-enabled/000-default<br />
<br />
# cd /etc/apache2/sites-enabled/<br />
# vim 000-default<br />
<br />
Added,<br />
<br />
ServerName charity.progclub.org<br />
<br />
Ran,<br />
<br />
# apache2ctl graceful<br />
<br />
again, and got the same friggin' error! More web-searching... found a [http://www.wallpaperama.com/forums/how-to-fix-could-not-determine-the-servers-fully-qualified-domain-name-t23.html different answer], tried editing /etc/hosts to put the names the other way around,<br />
<br />
# vim /etc/hosts<br />
<br />
127.0.0.1 localhost.localdomain localhost<br />
67.207.128.184 charity.progclub.org charity<br />
<br />
Rebooted,<br />
<br />
# reboot<br />
<br />
Tried apache2ctl again,<br />
<br />
# apache2ctl graceful<br />
<br />
And got no error! Yay!<br />
<br />
Checked<br />
<br />
* [http://www.progclub.org/ www.progclub.org]<br />
<br />
and found everything to be working. Web hosting is now configured.<br />
<br />
= [[User:John|John]] 2011-07-25 17:11 =<br />
<br />
== PHP software installation ==<br />
<br />
I created a test.php file at /var/www/test.php to see if PHP was working out-of-the-box. I navigated to [http://www.progclub.org/test.php test.php] to check, and it tried to download the PHP file, so I guess PHP isn't installed.<br />
<br />
The test.php file I used was,<br />
<br />
<? phpinfo(); ?><br />
<br />
Searched for PHP installation candidate,<br />
<br />
# apt-cache search php5 | less<br />
<br />
Found php5, which looks promising.<br />
<br />
# apt-get install php5<br />
<br />
The following extra packages will be installed:<br />
apache2-mpm-prefork libapache2-mod-php5 php5-common<br />
Suggested packages:<br />
php-pear php5-suhosin<br />
The following packages will be REMOVED:<br />
apache2-mpm-worker<br />
The following NEW packages will be installed:<br />
apache2-mpm-prefork libapache2-mod-php5 php5 php5-common<br />
0 upgraded, 4 newly installed, 1 to remove and 0 not upgraded.<br />
Need to get 3544kB of archives.<br />
After this operation, 9568kB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid-updates/main apache2-mpm-prefork 2.2.14-5ubuntu8.4 [2420B]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid-updates/main php5-common 5.3.2-1ubuntu4.9 [551kB]<br />
Get:3 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libapache2-mod-php5 5.3.2-1ubuntu4.9 [2990kB]<br />
Get:4 http://archive.ubuntu.com/ubuntu/ lucid-updates/main php5 5.3.2-1ubuntu4.9 [1112B]<br />
Fetched 3544kB in 1s (1913kB/s)<br />
dpkg: apache2-mpm-worker: dependency problems, but removing anyway as you requested:<br />
apache2 depends on apache2-mpm-worker (= 2.2.14-5ubuntu8.4) | apache2-mpm-prefork (= 2.2.14-5ubuntu8.4) | apache2-mpm-event (= 2.2.14-5ubuntu8.4) | apache2-mpm-itk (= 2.2.14-5ubuntu8.4); however:<br />
Package apache2-mpm-worker is to be removed.<br />
Package apache2-mpm-prefork is not installed.<br />
Package apache2-mpm-event is not installed.<br />
Package apache2-mpm-itk is not installed.<br />
(Reading database ... 15291 files and directories currently installed.)<br />
Removing apache2-mpm-worker ...<br />
* Stopping web server apache2 apache2: Could not reliably determine the server's fully qualified domain name, using 67.207.128.184 for ServerName<br />
... waiting . [ OK ]<br />
Selecting previously deselected package apache2-mpm-prefork.<br />
(Reading database ... 15283 files and directories currently installed.)<br />
Unpacking apache2-mpm-prefork (from .../apache2-mpm-prefork_2.2.14-5ubuntu8.4_amd64.deb) ...<br />
Selecting previously deselected package php5-common.<br />
Unpacking php5-common (from .../php5-common_5.3.2-1ubuntu4.9_amd64.deb) ...<br />
Selecting previously deselected package libapache2-mod-php5.<br />
Unpacking libapache2-mod-php5 (from .../libapache2-mod-php5_5.3.2-1ubuntu4.9_amd64.deb) ...<br />
Selecting previously deselected package php5.<br />
Unpacking php5 (from .../php5_5.3.2-1ubuntu4.9_all.deb) ...<br />
Setting up apache2-mpm-prefork (2.2.14-5ubuntu8.4) ...<br />
* Starting web server apache2 apache2: Could not reliably determine the server's fully qualified domain name, using 67.207.128.184 for ServerName<br />
[ OK ]<br />
Setting up php5-common (5.3.2-1ubuntu4.9) ...<br />
Setting up libapache2-mod-php5 (5.3.2-1ubuntu4.9) ...<br />
Creating config file /etc/php5/apache2/php.ini with new version<br />
* Reloading web server config apache2 apache2: Could not reliably determine the server's fully qualified domain name, using 67.207.128.184 for ServerName<br />
[ OK ]<br />
Setting up php5 (5.3.2-1ubuntu4.9) ...<br />
<br />
Noticed the complaining about the server's fully qualified domain name, so<br />
<br />
# vim /etc/hostname<br />
<br />
and changed from<br />
<br />
charity<br />
<br />
to<br />
<br />
charity.progclub.org<br />
<br />
Then I rebooted,<br />
<br />
# reboot<br />
<br />
Logged in again and checked the hostname,<br />
<br />
# hostname<br />
<br />
which was correctly reported as,<br />
<br />
charity.progclub.org<br />
<br />
Then I navigated to the [http://www.progclub.org/test.php test.php] page, and got back the phpinfo().<br />
<br />
= [[User:John|John]] 2011-07-25 16:40 =<br />
<br />
== Apache and MySQL software installation ==<br />
<br />
Searched for MySQL software,<br />
<br />
# apt-cache search mysql | less<br />
<br />
Found mysql-server, which looks like a good candidate.<br />
<br />
Searched for Apache software,<br />
<br />
# apt-cache search apache2 | less<br />
<br />
Found apache2, which looks like a good candidate.<br />
<br />
# apt-get install apache2 mysql-server<br />
<br />
The following extra packages will be installed:<br />
apache2-mpm-worker apache2-utils apache2.2-bin apache2.2-common libapr1<br />
libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libdbd-mysql-perl<br />
libdbi-perl libexpat1 libhtml-template-perl libmysqlclient16<br />
libnet-daemon-perl libplrpc-perl mysql-client-5.1 mysql-client-core-5.1<br />
mysql-common mysql-server-5.1 mysql-server-core-5.1 psmisc ssl-cert<br />
Suggested packages:<br />
www-browser apache2-doc apache2-suexec apache2-suexec-custom ufw dbishell<br />
libipc-sharedcache-perl tinyca mailx<br />
The following NEW packages will be installed:<br />
apache2 apache2-mpm-worker apache2-utils apache2.2-bin apache2.2-common<br />
libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap<br />
libdbd-mysql-perl libdbi-perl libexpat1 libhtml-template-perl<br />
libmysqlclient16 libnet-daemon-perl libplrpc-perl mysql-client-5.1<br />
mysql-client-core-5.1 mysql-common mysql-server mysql-server-5.1<br />
mysql-server-core-5.1 psmisc ssl-cert<br />
<br />
== Configuring mysql-server-5.1 ==<br />
<br />
Dpkg showed a configuration screen for configuring the root password. I set one.<br />
<br />
== Apache and MySQL software installation, continued ==<br />
<br />
I rebooted after installing the above software,<br />
<br />
# reboot<br />
<br />
I checked the Apache installation by navigating to [http://www.progclub.org/ www.progclub.org] and It Works!<br />
<br />
= [[User:John|John]] 2011-07-25 16:34 =<br />
<br />
SSH'ed in as root and ran:<br />
<br />
# apt-get update<br />
# apt-get dist-upgrade<br />
# reboot<br />
<br />
= [[User:John|John]] 2011-07-25 16:00 =<br />
<br />
Had to stuff around with resetting the root password on charity, but remote logins via SSH are working now for root.<br />
<br />
= [[User:John|John]] 2011-07-25 15:52 =<br />
<br />
Configured the name server with progclub.org, progclub.net and progclub.info DNS zones on slicehost. The [https://manage.slicehost.com/ SliceManager] should be used to maintain the DNS records for progclub.</div>60.240.67.126https://www.progclub.org/wiki/mediawiki/index.php?title=Main_Page&diff=148Main Page2011-07-27T01:06:18Z<p>60.240.67.126: </p>
<hr />
<div>{|class="pcwiki-main-1"<br />
|class="pcwiki-main-2"|<br />
{|class="pcwiki-main-3"<br />
|-<br />
|class="pcwiki-main-4" |<br />
<h1 class="pcwiki-main-h1">Welcome to ProgClub</h1><br />
<div style="top:+0.2em;font-size:138%">The Programmers' Club</div><br />
<div style="text-align:center;font-size:90%;">Sponsored by [http://www.blackbrick.com/ Blackbrick]</div><br />
<div style="text-align:center;font-size:70%;">...because every programmer needs a good club! We have only just begun...</div><br />
|-<br />
|}<br />
|class="pcwiki-main-5"|<br />
[[Register]] -- it's free!<br />
|}<br />
<br />
{|style="border-spacing:8px;width:100%;"<br />
|class="pcwiki-main-6"|<br />
{| width="100%" cellpadding="2" cellspacing="5" class="pcwiki-main-7"<br />
! <h2 class="pcwiki-main-h2">About</h2><br />
|-<br />
|class="pcwiki-main-8"|<br />
[[What We Do]]<br /><br />
[[Contacts]]<br /><br />
[[Members]]<br /><br />
[[Register]] -- it's free!<br /><br />
|-<br />
! <h2 class="pcwiki-main-h2">Administration</h2><br />
|-<br />
|class="pcwiki-main-8"|<br />
[[Executive]]<br /><br />
[[Constitution]]<br /><br />
[[Account Locking Policy]]<br /><br />
[[Acceptable Use Policy]]<br /><br />
|-<br />
|}<br />
|class="pcwiki-main-9"|<br />
{| width="100%" cellpadding="2" cellspacing="5" class="pcwiki-main-10"<br />
! <h2 class="pcwiki-main-h2">Systems</h2><br />
|-<br />
|class="pcwiki-main-8"|<br />
[[Projects]]<br /><br />
[[Fleet of Machines]]<br /><br />
[[Administrative Reference]]<br /><br />
|-<br />
! <h2 class="pcwiki-main-h2">Help</h2><br />
|- <br />
|class="pcwiki-main-8"|<br />
[[Help:Contents|Help Contents]]<br /><br />
[[Services]]<br /><br />
[[Webpage Creation]]<br /><br />
[[John's Linux Page]]<br /><br />
|-<br />
|}<br />
|class="pcwiki-main-6"|<br />
{| width="100%" cellpadding="2" cellspacing="5" class="pcwiki-main-7"<br />
! <h2 class="pcwiki-main-h2">Images</h2><br />
|-<br />
|class="pcwiki-main-8"|<br />
[[ProgClub Logo]]<br /><br />
|-<br />
! <h2 class="pcwiki-main-h2">Reference</h2><br />
|- <br />
|class="pcwiki-main-8"|<br />
[[Minutes of Meetings]]<br /><br />
[[Mailing Lists]]<br /><br />
[[:Category:Help|Help Category]]<br /><br />
[[:Category:TODO|TODO Category]]<br /><br />
|-<br />
__NOTOC__<br />
__NOEDITSECTION__<br />
__NOTITLE__</div>60.240.67.126https://www.progclub.org/wiki/mediawiki/index.php?title=Network_admin&diff=130Network admin2011-07-26T18:26:15Z<p>60.240.67.126: </p>
<hr />
<div>This is an ongoing project to provide members with network services. See the [[Administrative Reference]] for information about administering the network.<br />
<br />
= TODO =<br />
<br />
Things to do at the moment, in rough order of priority, are:<br />
<br />
* Get email to progclub.* working<br />
* Get an LDAP server set up and have [[Hope|hope]] auth against [[Charity|charity]]<br />
* Get list@progclub and admin@progclub lists working<br />
* Get NFS for users' home directories working<br />
* Get user directories public_html working<br />
* Get automatic user registrations working<br />
** Create user in LDAP<br />
** Create home directory<br />
** Create MySQL database<br />
** Create wiki user<br />
<br />
[[Category:TODO]]<br />
<br />
= Done =<br />
<br />
Things that have been done. Put latest stuff on the top of the list.<br />
<br />
* Installed Fail2ban on [[Charity]]. [[Charity_Admin#John_2011-07-27_04:09]]<br />
* Configured IPTables on [[Charity]]. [[Charity_Admin#John_2011-07-27_03:41]]<br />
* Configured [http://www.google.com/search?q=favicon.ico favicon.ico] file on [[Charity]]. [[Charity_Admin#John_2011-07-27_01:20]]<br />
* Configured [http://www.google.com/search?q=robots.txt robots.txt] file on [[Charity]]. [[Charity_Admin#John_2011-07-27_01:01]]<br />
* Installed [http://kitenet.net/~joey/code/etckeeper/ etckeeper] on [[Charity]]. [[Charity_Admin#Tasaio_2011-07-26_21:39]]<br />
* Configured HTTPS on [[Charity]]. [[Charity_Admin#John_2011-07-26_06:20]]<br />
* Installed MediaWiki on [[Charity]]. [[Charity_Admin#John_2011-07-25_17:53]]<br />
* Configured web-hosting for [http://www.progclub.org/ www.progclub.org] on [[Charity]]. [[Charity_Admin#John_2011-07-25_17:12]]<br />
* Installed PHP on [[Charity]]. [[Charity_Admin#John_2011-07-25_17:11]]<br />
* Installed MySQL and Apache on [[Charity]]. [[Charity_Admin#John_2011-07-25_16:40]]</div>60.240.67.126https://www.progclub.org/wiki/mediawiki/index.php?title=Admin_reference&diff=84Admin reference2011-07-25T23:29:28Z<p>60.240.67.126: </p>
<hr />
<div>See the [[Fleet of Machines]] for information about hosts on the ProgClub network.<br />
<br />
If you're administering ProgClub assets, please document your actions on the wiki. See the relevant pages:<br />
<br />
* [[Charity Admin]]<br />
* [[Hope Admin]]<br />
<br />
See [[Future Machine Names]] for the kind of stuff we're on about.<br />
<br />
See, or update, [[Network Administration]] for work that needs to be done.</div>60.240.67.126https://www.progclub.org/wiki/mediawiki/index.php?title=Charity_admin&diff=83Charity admin2011-07-25T23:20:14Z<p>60.240.67.126: </p>
<hr />
<div>This page chronicles the administrative changes to [[Charity|charity.progclub.org]]. If you make an administrative change you should document the change here. Changes are logged he in reverse chronological order with a time-stamp in the form YYYY-MM-DD hh:mm. You can use the time from whatever timezone you are in, or UTC if you're cool, but use 24 hour time. Don't worry if the changes you make have a time-stamp that is less than a time-stamp later in the page, put the latest changes at the top.<br />
<br />
= 2011-07-26 09:13 =<br />
<br />
== Adding user jj5 ==<br />
<br />
root@charity:~# adduser jj5<br />
Adding user `jj5' ...<br />
Adding new group `jj5' (1000) ...<br />
Adding new user `jj5' (1000) with group `jj5' ...<br />
Creating home directory `/home/jj5' ...<br />
Copying files from `/etc/skel' ...<br />
Enter new UNIX password:<br />
Retype new UNIX password:<br />
passwd: password updated successfully<br />
Changing the user information for jj5<br />
Enter the new value, or press ENTER for the default<br />
Full Name []: John Elliot<br />
Room Number []:<br />
Work Phone []:<br />
Home Phone []:<br />
Other []:<br />
Is the information correct? [Y/n]<br />
<br />
root@charity:~# gpasswd -a jj5 sudo<br />
Adding user jj5 to group sudo<br />
<br />
That was easy. PuTTY says it works!<br />
<br />
== Adding user tasaio ==<br />
<br />
root@charity:~# adduser tasaio<br />
Adding user `tasaio' ...<br />
Adding new group `tasaio' (1001) ...<br />
Adding new user `tasaio' (1001) with group `tasaio' ...<br />
Creating home directory `/home/tasaio' ...<br />
Copying files from `/etc/skel' ...<br />
Enter new UNIX password:<br />
Retype new UNIX password:<br />
passwd: password updated successfully<br />
Changing the user information for tasaio<br />
Enter the new value, or press ENTER for the default<br />
Full Name []: Justin Steward<br />
Room Number []:<br />
Work Phone []:<br />
Home Phone []:<br />
Other []:<br />
Is the information correct? [Y/n]<br />
root@charity:~# gpasswd -a tasaio sudo<br />
Adding user tasaio to group sudo<br />
<br />
That was easy too! Will create a wiki user for him too.<br />
<br />
= 2011-07-26 08:47 =<br />
<br />
I could be accused of ignorance. When I created my key file for the CSR request I nominated a pass-phrase. This phrase is required to be entered every time you restart Apache. Gah! Until I can figure out a way to fix it I've created a script in /sbin called restart-apache which enters the key's pass-phrase automatically.<br />
<br />
# cd /sbin<br />
# vim restart-apache<br />
<br />
#!/bin/bash<br />
echo <the pass phrase> | apache2ctl graceful<br />
<br />
# chmod u+x restart-apache<br />
# restart-apache<br />
<br />
Works swimmingly. Will reboot to see what happens when apache tries to load from a boot.<br />
<br />
Apache chokes on boot. Found [http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html this article], which suggests,<br />
<br />
# cd ~<br />
# cp progclub.key progclub.key.pass-phrase<br />
# openssl rsa -in progclub.key.pass-phrase -out progclub.key<br />
# chmod 400 progclub.*<br />
# reboot<br />
<br />
Hopefully Apache comes back up this time... yep!<br />
<br />
Will keep the restart-apache script in sbin, but will remove the part that specified the key pass-phrase.<br />
<br />
= 2011-07-26 06:20 =<br />
<br />
== Getting an HTTPS certificate ==<br />
<br />
Searched for [http://www.google.com.au/search?q=certificate%20sni%20cheap&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&source=hp&channel=np certificate sni cheap], found [http://www.godaddy.com/ssl/ssl-certificates.aspx?isc=sslqgau03&ci=9039 Go Daddy SSL Certificate]. Decided on the Multiple Domains UCC - A$82.93/yr setup, which looks like it will suit us. Picked up to 5 domains for 3 years. It offered me free .mobi registration, so I added progclub.mobi. I then also added progclub.biz and progclub.co, I'm a sucker. Registration information recorded in [https://www.blackbrick.com/web/service/view/id/3240 Blackbrick Account Manager]. Setup the nameservers for the new domains to point to ns*.slicehost.net via [https://mya.godaddy.com/default.aspx?isc=sslqgau03&ci=21822&isc=sslqgau03 My Account].<br />
<br />
Had to generated a Certificate Signing Request (CSR) per [http://community.godaddy.com/help/article/5343 these instructions] (for [http://community.godaddy.com/help/5269 Apache 2.x]).<br />
<br />
# cd ~<br />
# openssl genrsa -des3 -out progclub.key 2048<br />
# openssl req -new -key progclub.key -out progclub.csr<br />
<br />
See [https://www.blackbrick.com/web/attachment/view/id/3331 Blackbrick Account Manager] for full details.<br />
<br />
=== Certificate Type ===<br />
* Hosting: Third Party Hosting <br />
* Domain Name: www.progclub.org <br />
* Certificate Issuing Organization: Go Daddy <br />
* Subject Alt Names: www.progclub.net www.progclub.mobi www.progclub.info www.progclub.co <br />
<br />
You're through!<br />
<br />
Your certificate will be issued shortly.<br />
<br />
You can monitor the progress of your certificate application by going to the<br />
Pending Requests folder and clicking your Common Name. When we are through<br />
verifying your application, you will receive an email with further instructions.<br />
<br />
Downloaded the progclub.org.zip that was eventually generated, and used WinSCP to copy it to root's home directory on charity. Found info about [http://community.godaddy.com/help/article/5238 Installing an SSL Certificate in Apache].<br />
<br />
# cd /etc/apache2/sites-available/<br />
# vim default-ssl<br />
<br />
Set,<br />
<br />
ServerAdmin jj5@jj5.net<br />
DocumentRoot /var/www/www.progclub.org<br />
<br />
# cd ~<br />
# ls<br />
progclub.csr progclub.key progclub.org.zip<br />
# unzip progclub.org.zip<br />
-bash: unzip: command not found<br />
# apt-get install unzip<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
Suggested packages:<br />
zip<br />
The following NEW packages will be installed:<br />
unzip<br />
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 189kB of archives.<br />
After this operation, 406kB of additional disk space will be used.<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main unzip 6.0-1build1 [189kB]<br />
Fetched 189kB in 0s (195kB/s)<br />
Selecting previously deselected package unzip.<br />
(Reading database ... 15343 files and directories currently installed.)<br />
Unpacking unzip (from .../unzip_6.0-1build1_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Setting up unzip (6.0-1build1) ...<br />
# unzip progclub.org.zip<br />
Archive: progclub.org.zip<br />
inflating: gd_bundle.crt<br />
inflating: progclub.org.crt<br />
# ls<br />
gd_bundle.crt progclub.csr progclub.key progclub.org.crt progclub.org.zip<br />
# cd /etc/apache2/sites-available/<br />
# vim default-ssl<br />
<br />
#SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem<br />
SSLCertificateFile /root/progclub.org.crt<br />
#SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key<br />
SSLCertificateKeyFile /root/progclub.key<br />
<br />
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt<br />
SSLCertificateChainFile /root/gd_bundle.crt<br />
<br />
Saved changes.<br />
<br />
# a2ensite default-ssl<br />
# /etc/init.d/apache2 reload<br />
* Reloading web server config apache2 [ OK ]<br />
# a2enmod ssl<br />
Enabling module ssl.<br />
See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.<br />
Run '/etc/init.d/apache2 restart' to activate new configuration!<br />
# /etc/init.d/apache2 restart<br />
<br />
Navigated to [https://www.progclub.org/ https://www.progclub.org/], and it worked!<br />
<br />
# cd /etc/apache2/sites-enabled/<br />
# vim 000-default-ssl<br />
<br />
Alias /pc /var/www/www.progclub.org/mediawiki-1.17.0/index.php<br />
<br />
The [https://www.progclub.org/pc/Main_Page secure wiki] is now working!<br />
<br />
= 2011-07-25 17:53 =<br />
<br />
== Installing MediaWiki ==<br />
<br />
Found the [http://www.mediawiki.org/wiki/Download MediaWiki download page], which references [http://download.wikimedia.org/mediawiki/1.17/mediawiki-1.17.0.tar.gz mediawiki-1.17.0.tar.gz].<br />
<br />
# cd /var/www/www.progclub.org/<br />
# wget http://download.wikimedia.org/mediawiki/1.17/mediawiki-1.17.0.tar.gz<br />
# ls<br />
index.html mediawiki-1.17.0.tar.gz test.php<br />
# tar xzf mediawiki-1.17.0.tar.gz<br />
# ls<br />
index.html mediawiki-1.17.0 mediawiki-1.17.0.tar.gz test.php<br />
# rm mediawiki-1.17.0.tar.gz<br />
# cd mediawiki-1.17.0/<br />
# ls<br />
COPYING bin languages redirect.php5<br />
CREDITS cache load.php redirect.phtml<br />
FAQ config load.php5 resources<br />
HISTORY docs maintenance serialized<br />
INSTALL extensions math skins<br />
README images mw-config thumb.php<br />
RELEASE-NOTES img_auth.php opensearch_desc.php thumb.php5<br />
StartProfiler.sample img_auth.php5 opensearch_desc.php5 trackback.php<br />
UPGRADE includes php5.php5 trackback.php5<br />
api.php index.php profileinfo.php wiki.phtml<br />
api.php5 index.php5 redirect.php<br />
<br />
Didn't find a LocalSettings.php, which is what I was expecting, so reading INSTALL.<br />
<br />
# less INSTALL<br />
<br />
It told me to navigate to the [http://www.progclub.org/mediawiki-1.17.0/ setup page]. The setup page complained about a missing LocalSettings.php, so they haven't changed that after all. Clicked on [http://www.progclub.org/mediawiki-1.17.0/mw-config/index.php setup the wiki].<br />
<br />
Specified,<br />
<br />
* Your language: en - English<br />
* Wiki language: en - English<br />
<br />
Clicked continue, and amoung it's checks was a complaint:<br />
<br />
Could not find a suitable database driver! You need to install a database driver for PHP. The following<br />
database types are supported: MySQL, PostgreSQL, Oracle, SQLite.<br />
<br />
If you are on shared hosting, ask your hosting provider to install a suitable database driver. If you compiled<br />
PHP yourself, reconfigure it with a database client enabled, for example using ./configure --with-mysql. <br />
If you installed PHP from a Debian or Ubuntu package, then you also need install the php5-mysql module.<br />
<br />
So,<br />
<br />
# apt-get install php5-mysql<br />
# apache2ctl graceful<br />
<br />
Then reloaded the [http://www.progclub.org/mediawiki-1.17.0/mw-config/index.php?page=Welcome config page],<br />
<br />
The environment has been checked. You can install MediaWiki.<br />
<br />
Clicked continue, and got the Connect to database page. Looks like I'm going to need a database user for the wiki, so<br />
<br />
# mysql -h localhost -u root --password=<password><br />
Welcome to the MySQL monitor. Commands end with ; or \g.<br />
Your MySQL connection id is 36<br />
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)<br />
<br />
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.<br />
<br />
mysql> create user 'pcwiki'@'localhost' identified by '<password>';<br />
Query OK, 0 rows affected (0.00 sec)<br />
<br />
mysql> exit<br />
Bye<br />
<br />
Back on the config page:<br />
<br />
* Database type: MySQL<br />
* Database host: localhost<br />
* Database name: pcwiki<br />
* Database table prefix: pcwiki__<br />
* Database username: pcwiki<br />
* Database password: <password><br />
<br />
Clicked continue, and got the Database settings page. Specified,<br />
<br />
* Database account for web access: Use the same account as for installation<br />
* Storage engine: InnoDB (the default, other choice was MyISAM)<br />
* Database character set: UTF-8 (not the default, the default choice was Binary)<br />
<br />
Clicked continue, and got the Name page. Specified,<br />
<br />
* Name of wiki: ProgClub<br />
* Project namespace: Same as the wiki name: ProgClub<br />
<br />
Configuration for the Administrator account,<br />
<br />
* Your name: John<br />
* Password: <password><br />
* Password again: <password><br />
* E-mail address: jj5@jj5.net<br />
<br />
You are almost done! You can now skip the remaining configuration and install the wiki right now.<br />
<br />
Chose Ask me more questions, and got the Options page. Specified,<br />
<br />
* User rights profile: Traditional wiki<br />
* Copyright and license: No license footer<br />
<br />
* Enable outbound e-mail: true<br />
* Return e-mail address: wiki@progclub.org<br />
* Enable user-to-user e-mail: true<br />
* Enable user talk page notification: true<br />
* Enable watchlist notification: true<br />
* Enable e-mail authentication: true<br />
<br />
* Enable file uploads: true<br />
* Directory for deleted files: /var/www/www.progclub.org/mediawiki-1.17.0/images/deleted<br />
* Logo URL: /res/img/logo.png<br />
<br />
* Settings for object caching: No caching<br />
<br />
Clicked Continue, and got the confirmation page. Clicked Continue again. Got an error because the database user couldn't create the database. Created the database manually,<br />
<br />
# mysql -h localhost -u root --password=<password><br />
Welcome to the MySQL monitor. Commands end with ; or \g.<br />
Your MySQL connection id is 43<br />
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)<br />
<br />
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.<br />
<br />
mysql> create database `pcwiki`;<br />
Query OK, 1 row affected (0.00 sec)<br />
<br />
mysql> exit<br />
Bye<br />
<br />
Decided it would be easier to let MediaWiki create the database, so went back and specified the database config details to use the root user. I will change this to be the pcwiki user manually after the database has been created.<br />
<br />
Setting up database... done<br />
Creating tables... done<br />
Creating database user... done<br />
Populating default interwiki table... done<br />
Initializing statistics... done<br />
Generating secret keys... done<br />
Creating administrator user account... done<br />
Creating main page with default content... done<br />
<br />
Clicked continue,<br />
<br />
Congratulations! You have successfully installed MediaWiki.<br />
<br />
The installer has generated a LocalSettings.php file. It contains all your configuration.<br />
<br />
You will need to download it and put it in the base of your wiki installation (the same<br />
directory as index.php). The download should have started automatically.<br />
<br />
If the download was not offered, or if you cancelled it, you can restart the download by<br />
clicking the link below: Download LocalSettings.php<br />
<br />
Note: If you do not do this now, this generated configuration file will not be available<br />
to you later if you exit the installation without downloading it.<br />
<br />
When that has been done, you can enter your wiki.<br />
<br />
Downloaded the LocalSettings.php file and copied it to /var/www/www.blackbrick.com/mediawiki.1.17.0<br />
<br />
Edited LocalSettings.php and changed the database user:<br />
<br />
$wgDBuser = "pcwiki";<br />
$wgDBpassword = "<password>";<br />
<br />
Also added an article path:<br />
<br />
$wgArticlePath = "/pc/$1";<br />
<br />
Also need to grant access for pcwiki user:<br />
<br />
# mysql -h localhost -u root --password=<password><br />
Welcome to the MySQL monitor. Commands end with ; or \g.<br />
Your MySQL connection id is 54<br />
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)<br />
<br />
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.<br />
<br />
mysql> grant all privileges on pcwiki.* to pcwiki@localhost;<br />
Query OK, 0 rows affected (0.11 sec)<br />
<br />
mysql> exit<br />
Bye<br />
<br />
Then need to edit apache conf file to include the pc alias:<br />
<br />
# cd /etc/apache2/sites-enabled/<br />
# vim 000-default<br />
<br />
added,<br />
<br />
Alias /pc /var/www/www.progclub.org/mediawiki-1.17.0/index.php<br />
<br />
then,<br />
<br />
# apache2ctl graceful<br />
<br />
Also,<br />
<br />
# cd /var/www/www.progclub.org/<br />
# mkdir res<br />
# mkdir res/img<br />
<br />
Then uploaded a logo.png to there with WinSCP. The logo settings hadn't been properly specified in the generated LocalSettings.php file, so,<br />
<br />
# cd /var/www/www.progclub.org/mediawiki-1.17.0/<br />
# vim LocalSettings.php<br />
<br />
and changed the logo setting,<br />
<br />
$wgLogo = "/res/img/logo.png";<br />
<br />
Checked [http://www.progclub.org/pc/Main_Page the wiki], and it's all working nicely.<br />
<br />
= 2011-07-25 17:12 =<br />
<br />
== Preparing WWW hosting ==<br />
<br />
# cd /var/www<br />
# mkdir www.progclub.org<br />
# mv index.html test.php www.progclub.org/<br />
# ls<br />
# cd www.progclub.org/<br />
# ls<br />
index.html test.php<br />
<br />
Everything is in order.<br />
<br />
# cd /etc/apache2/sites-enabled/<br />
# ls<br />
000-default<br />
# vim 000-default<br />
<br />
Specified ServerAdmin,<br />
<br />
ServerAdmin jj5@progclub.org<br />
<br />
Changed document root,<br />
<br />
DocumentRoot /var/www/www.progclub.org/<br />
<br />
Changed the <Directory /var/www/> section to,<br />
<br />
<Directory /var/www/www.progclub.org/><br />
<br />
Saved changes and quit vim. Restarted apache,<br />
<br />
# apache2ctl graceful<br />
<br />
Apache complained,<br />
<br />
apache2: Could not reliably determine the server's fully qualified domain name, using charity.progclub.org for ServerName<br />
<br />
Searched for "apache2: Could not reliably determine the server's fully qualified domain name, using " and found an [http://www.linuxquestions.org/questions/linux-server-73/apache-giving-the-error-could-not-determine-the-servers-fully-qualified-domain-name-280677/ answer].<br />
<br />
Ran,<br />
<br />
# hostname charity.progclub.org<br />
<br />
which I guess is a better way to set the hostname than editing /etc/hostname like I did. :P<br />
<br />
Ran,<br />
<br />
# apache2ctl graceful<br />
<br />
again, and got the same error,<br />
<br />
apache2: Could not reliably determine the server's fully qualified domain name, using charity.progclub.org for ServerName<br />
<br />
Tried a reboot to see if the hostname is updated after that,<br />
<br />
# reboot<br />
<br />
Still having problems with,<br />
<br />
# apache2ctl graceful<br />
<br />
So read more of the [http://www.linuxquestions.org/questions/linux-server-73/apache-giving-the-error-could-not-determine-the-servers-fully-qualified-domain-name-280677/ answer], and then,<br />
<br />
# hostname charity<br />
# vim /etc/hosts<br />
<br />
Specified the file contents as<br />
<br />
127.0.0.1 localhost localhost.localdomain<br />
67.207.128.184 charity charity.progclub.org<br />
<br />
Then rebooted,<br />
<br />
# reboot<br />
<br />
Ran hostname and got,<br />
<br />
# hostname<br />
charity.progclub.org<br />
<br />
So edited /etc/hostname and specified<br />
<br />
charity<br />
<br />
Rebooted,<br />
<br />
# reboot<br />
<br />
Searched for "/etc/hostname", and found [http://lists.debian.org/debian-devel/2003/05/msg02064.html an answer]. Short name goes in /etc/hostname, so we should be configured correctly now. Apache is still complaining though,<br />
<br />
# apache2ctl graceful<br />
apache2: Could not reliably determine the server's fully qualified domain name, using 67.207.128.184 for ServerName<br />
<br />
and it's using the IP address rather than charity.progclub.org now. Will manually specify ServerName in /etc/apache2/sites-enabled/000-default<br />
<br />
# cd /etc/apache2/sites-enabled/<br />
# vim 000-default<br />
<br />
Added,<br />
<br />
ServerName charity.progclub.org<br />
<br />
Ran,<br />
<br />
# apache2ctl graceful<br />
<br />
again, and got the same friggin' error! More web-searching... found a [http://www.wallpaperama.com/forums/how-to-fix-could-not-determine-the-servers-fully-qualified-domain-name-t23.html different answer], tried editing /etc/hosts to put the names the other way around,<br />
<br />
# vim /etc/hosts<br />
<br />
127.0.0.1 localhost.localdomain localhost<br />
67.207.128.184 charity.progclub.org charity<br />
<br />
Rebooted,<br />
<br />
# reboot<br />
<br />
Tried apache2ctl again,<br />
<br />
# apache2ctl graceful<br />
<br />
And got no error! Yay!<br />
<br />
Checked<br />
<br />
* [http://www.progclub.org/ www.progclub.org]<br />
<br />
and found everything to be working. Web hosting is now configured.<br />
<br />
= 2011-07-25 17:11 =<br />
<br />
== PHP software installation ==<br />
<br />
I created a test.php file at /var/www/test.php to see if PHP was working out-of-the-box. I navigated to [http://www.progclub.org/test.php test.php] to check, and it tried to download the PHP file, so I guess PHP isn't installed.<br />
<br />
The test.php file I used was,<br />
<br />
<? phpinfo(); ?><br />
<br />
Searched for PHP installation candidate,<br />
<br />
# apt-cache search php5 | less<br />
<br />
Found php5, which looks promising.<br />
<br />
# apt-get install php5<br />
<br />
The following extra packages will be installed:<br />
apache2-mpm-prefork libapache2-mod-php5 php5-common<br />
Suggested packages:<br />
php-pear php5-suhosin<br />
The following packages will be REMOVED:<br />
apache2-mpm-worker<br />
The following NEW packages will be installed:<br />
apache2-mpm-prefork libapache2-mod-php5 php5 php5-common<br />
0 upgraded, 4 newly installed, 1 to remove and 0 not upgraded.<br />
Need to get 3544kB of archives.<br />
After this operation, 9568kB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid-updates/main apache2-mpm-prefork 2.2.14-5ubuntu8.4 [2420B]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid-updates/main php5-common 5.3.2-1ubuntu4.9 [551kB]<br />
Get:3 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libapache2-mod-php5 5.3.2-1ubuntu4.9 [2990kB]<br />
Get:4 http://archive.ubuntu.com/ubuntu/ lucid-updates/main php5 5.3.2-1ubuntu4.9 [1112B]<br />
Fetched 3544kB in 1s (1913kB/s)<br />
dpkg: apache2-mpm-worker: dependency problems, but removing anyway as you requested:<br />
apache2 depends on apache2-mpm-worker (= 2.2.14-5ubuntu8.4) | apache2-mpm-prefork (= 2.2.14-5ubuntu8.4) | apache2-mpm-event (= 2.2.14-5ubuntu8.4) | apache2-mpm-itk (= 2.2.14-5ubuntu8.4); however:<br />
Package apache2-mpm-worker is to be removed.<br />
Package apache2-mpm-prefork is not installed.<br />
Package apache2-mpm-event is not installed.<br />
Package apache2-mpm-itk is not installed.<br />
(Reading database ... 15291 files and directories currently installed.)<br />
Removing apache2-mpm-worker ...<br />
* Stopping web server apache2 apache2: Could not reliably determine the server's fully qualified domain name, using 67.207.128.184 for ServerName<br />
... waiting . [ OK ]<br />
Selecting previously deselected package apache2-mpm-prefork.<br />
(Reading database ... 15283 files and directories currently installed.)<br />
Unpacking apache2-mpm-prefork (from .../apache2-mpm-prefork_2.2.14-5ubuntu8.4_amd64.deb) ...<br />
Selecting previously deselected package php5-common.<br />
Unpacking php5-common (from .../php5-common_5.3.2-1ubuntu4.9_amd64.deb) ...<br />
Selecting previously deselected package libapache2-mod-php5.<br />
Unpacking libapache2-mod-php5 (from .../libapache2-mod-php5_5.3.2-1ubuntu4.9_amd64.deb) ...<br />
Selecting previously deselected package php5.<br />
Unpacking php5 (from .../php5_5.3.2-1ubuntu4.9_all.deb) ...<br />
Setting up apache2-mpm-prefork (2.2.14-5ubuntu8.4) ...<br />
* Starting web server apache2 apache2: Could not reliably determine the server's fully qualified domain name, using 67.207.128.184 for ServerName<br />
[ OK ]<br />
Setting up php5-common (5.3.2-1ubuntu4.9) ...<br />
Setting up libapache2-mod-php5 (5.3.2-1ubuntu4.9) ...<br />
Creating config file /etc/php5/apache2/php.ini with new version<br />
* Reloading web server config apache2 apache2: Could not reliably determine the server's fully qualified domain name, using 67.207.128.184 for ServerName<br />
[ OK ]<br />
Setting up php5 (5.3.2-1ubuntu4.9) ...<br />
<br />
Noticed the complaining about the server's fully qualified domain name, so<br />
<br />
# vim /etc/hostname<br />
<br />
and changed from<br />
<br />
charity<br />
<br />
to<br />
<br />
charity.progclub.org<br />
<br />
Then I rebooted,<br />
<br />
# reboot<br />
<br />
Logged in again and checked the hostname,<br />
<br />
# hostname<br />
<br />
which was correctly reported as,<br />
<br />
charity.progclub.org<br />
<br />
Then I navigated to the [http://www.progclub.org/test.php test.php] page, and got back the phpinfo().<br />
<br />
= 2011-07-25 16:40 =<br />
<br />
== Apache and MySQL software installation ==<br />
<br />
Searched for MySQL software,<br />
<br />
# apt-cache search mysql | less<br />
<br />
Found mysql-server, which looks like a good candidate.<br />
<br />
Searched for Apache software,<br />
<br />
# apt-cache search apache2 | less<br />
<br />
Found apache2, which looks like a good candidate.<br />
<br />
# apt-get install apache2 mysql-server<br />
<br />
The following extra packages will be installed:<br />
apache2-mpm-worker apache2-utils apache2.2-bin apache2.2-common libapr1<br />
libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libdbd-mysql-perl<br />
libdbi-perl libexpat1 libhtml-template-perl libmysqlclient16<br />
libnet-daemon-perl libplrpc-perl mysql-client-5.1 mysql-client-core-5.1<br />
mysql-common mysql-server-5.1 mysql-server-core-5.1 psmisc ssl-cert<br />
Suggested packages:<br />
www-browser apache2-doc apache2-suexec apache2-suexec-custom ufw dbishell<br />
libipc-sharedcache-perl tinyca mailx<br />
The following NEW packages will be installed:<br />
apache2 apache2-mpm-worker apache2-utils apache2.2-bin apache2.2-common<br />
libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap<br />
libdbd-mysql-perl libdbi-perl libexpat1 libhtml-template-perl<br />
libmysqlclient16 libnet-daemon-perl libplrpc-perl mysql-client-5.1<br />
mysql-client-core-5.1 mysql-common mysql-server mysql-server-5.1<br />
mysql-server-core-5.1 psmisc ssl-cert<br />
<br />
== Configuring mysql-server-5.1 ==<br />
<br />
Dpkg showed a configuration screen for configuring the root password. I set one.<br />
<br />
== Apache and MySQL software installation, continued ==<br />
<br />
I rebooted after installing the above software,<br />
<br />
# reboot<br />
<br />
I checked the Apache installation by navigating to [http://www.progclub.org/ www.progclub.org] and It Works!<br />
<br />
= 2011-07-25 16:34 =<br />
<br />
SSH'ed in as root and ran:<br />
<br />
# apt-get update<br />
# apt-get dist-upgrade<br />
# reboot<br />
<br />
= 2011-07-25 16:00 =<br />
<br />
Had to stuff around with resetting the root password on charity, but remote logins via SSH are working now for root.<br />
<br />
= 2011-07-25 15:52 =<br />
<br />
Configured the name server with progclub.org, progclub.net and progclub.info DNS zones on slicehost. The [https://manage.slicehost.com/ SliceManager] should be used to maintain the DNS records for progclub.</div>60.240.67.126https://www.progclub.org/wiki/mediawiki/index.php?title=Charity_admin&diff=82Charity admin2011-07-25T23:02:46Z<p>60.240.67.126: </p>
<hr />
<div>This page chronicles the administrative changes to [[Charity|charity.progclub.org]]. If you make an administrative change you should document the change here. Changes are logged he in reverse chronological order with a time-stamp in the form YYYY-MM-DD hh:mm. You can use the time from whatever timezone you are in, or UTC if you're cool, but use 24 hour time. Don't worry if the changes you make have a time-stamp that is less than a time-stamp later in the page, put the latest changes at the top.<br />
<br />
= 2011-07-26 08:47 =<br />
<br />
I could be accused of ignorance. When I created my key file for the CSR request I nominated a pass-phrase. This phrase is required to be entered every time you restart Apache. Gah! Until I can figure out a way to fix it I've created a script in /sbin called restart-apache which enters the key's pass-phrase automatically.<br />
<br />
# cd /sbin<br />
# vim restart-apache<br />
<br />
#!/bin/bash<br />
echo <the pass phrase> | apache2ctl graceful<br />
<br />
# chmod u+x restart-apache<br />
# restart-apache<br />
<br />
Works swimmingly. Will reboot to see what happens when apache tries to load from a boot.<br />
<br />
Apache chokes on boot. Found [http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html this article], which suggests,<br />
<br />
# cd ~<br />
# cp progclub.key progclub.key.pass-phrase<br />
# openssl rsa -in progclub.key.pass-phrase -out progclub.key<br />
# chmod 400 progclub.*<br />
# reboot<br />
<br />
Hopefully Apache comes back up this time... yep!<br />
<br />
Will keep the restart-apache script in sbin, but will remove the part that specified the key pass-phrase.<br />
<br />
= 2011-07-26 06:20 =<br />
<br />
== Getting an HTTPS certificate ==<br />
<br />
Searched for [http://www.google.com.au/search?q=certificate%20sni%20cheap&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&source=hp&channel=np certificate sni cheap], found [http://www.godaddy.com/ssl/ssl-certificates.aspx?isc=sslqgau03&ci=9039 Go Daddy SSL Certificate]. Decided on the Multiple Domains UCC - A$82.93/yr setup, which looks like it will suit us. Picked up to 5 domains for 3 years. It offered me free .mobi registration, so I added progclub.mobi. I then also added progclub.biz and progclub.co, I'm a sucker. Registration information recorded in [https://www.blackbrick.com/web/service/view/id/3240 Blackbrick Account Manager]. Setup the nameservers for the new domains to point to ns*.slicehost.net via [https://mya.godaddy.com/default.aspx?isc=sslqgau03&ci=21822&isc=sslqgau03 My Account].<br />
<br />
Had to generated a Certificate Signing Request (CSR) per [http://community.godaddy.com/help/article/5343 these instructions] (for [http://community.godaddy.com/help/5269 Apache 2.x]).<br />
<br />
# cd ~<br />
# openssl genrsa -des3 -out progclub.key 2048<br />
# openssl req -new -key progclub.key -out progclub.csr<br />
<br />
See [https://www.blackbrick.com/web/attachment/view/id/3331 Blackbrick Account Manager] for full details.<br />
<br />
=== Certificate Type ===<br />
* Hosting: Third Party Hosting <br />
* Domain Name: www.progclub.org <br />
* Certificate Issuing Organization: Go Daddy <br />
* Subject Alt Names: www.progclub.net www.progclub.mobi www.progclub.info www.progclub.co <br />
<br />
You're through!<br />
<br />
Your certificate will be issued shortly.<br />
<br />
You can monitor the progress of your certificate application by going to the<br />
Pending Requests folder and clicking your Common Name. When we are through<br />
verifying your application, you will receive an email with further instructions.<br />
<br />
Downloaded the progclub.org.zip that was eventually generated, and used WinSCP to copy it to root's home directory on charity. Found info about [http://community.godaddy.com/help/article/5238 Installing an SSL Certificate in Apache].<br />
<br />
# cd /etc/apache2/sites-available/<br />
# vim default-ssl<br />
<br />
Set,<br />
<br />
ServerAdmin jj5@jj5.net<br />
DocumentRoot /var/www/www.progclub.org<br />
<br />
# cd ~<br />
# ls<br />
progclub.csr progclub.key progclub.org.zip<br />
# unzip progclub.org.zip<br />
-bash: unzip: command not found<br />
# apt-get install unzip<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
Suggested packages:<br />
zip<br />
The following NEW packages will be installed:<br />
unzip<br />
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 189kB of archives.<br />
After this operation, 406kB of additional disk space will be used.<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main unzip 6.0-1build1 [189kB]<br />
Fetched 189kB in 0s (195kB/s)<br />
Selecting previously deselected package unzip.<br />
(Reading database ... 15343 files and directories currently installed.)<br />
Unpacking unzip (from .../unzip_6.0-1build1_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Setting up unzip (6.0-1build1) ...<br />
# unzip progclub.org.zip<br />
Archive: progclub.org.zip<br />
inflating: gd_bundle.crt<br />
inflating: progclub.org.crt<br />
# ls<br />
gd_bundle.crt progclub.csr progclub.key progclub.org.crt progclub.org.zip<br />
# cd /etc/apache2/sites-available/<br />
# vim default-ssl<br />
<br />
#SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem<br />
SSLCertificateFile /root/progclub.org.crt<br />
#SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key<br />
SSLCertificateKeyFile /root/progclub.key<br />
<br />
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt<br />
SSLCertificateChainFile /root/gd_bundle.crt<br />
<br />
Saved changes.<br />
<br />
# a2ensite default-ssl<br />
# /etc/init.d/apache2 reload<br />
* Reloading web server config apache2 [ OK ]<br />
# a2enmod ssl<br />
Enabling module ssl.<br />
See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.<br />
Run '/etc/init.d/apache2 restart' to activate new configuration!<br />
# /etc/init.d/apache2 restart<br />
<br />
Navigated to [https://www.progclub.org/ https://www.progclub.org/], and it worked!<br />
<br />
# cd /etc/apache2/sites-enabled/<br />
# vim 000-default-ssl<br />
<br />
Alias /pc /var/www/www.progclub.org/mediawiki-1.17.0/index.php<br />
<br />
The [https://www.progclub.org/pc/Main_Page secure wiki] is now working!<br />
<br />
= 2011-07-25 17:53 =<br />
<br />
== Installing MediaWiki ==<br />
<br />
Found the [http://www.mediawiki.org/wiki/Download MediaWiki download page], which references [http://download.wikimedia.org/mediawiki/1.17/mediawiki-1.17.0.tar.gz mediawiki-1.17.0.tar.gz].<br />
<br />
# cd /var/www/www.progclub.org/<br />
# wget http://download.wikimedia.org/mediawiki/1.17/mediawiki-1.17.0.tar.gz<br />
# ls<br />
index.html mediawiki-1.17.0.tar.gz test.php<br />
# tar xzf mediawiki-1.17.0.tar.gz<br />
# ls<br />
index.html mediawiki-1.17.0 mediawiki-1.17.0.tar.gz test.php<br />
# rm mediawiki-1.17.0.tar.gz<br />
# cd mediawiki-1.17.0/<br />
# ls<br />
COPYING bin languages redirect.php5<br />
CREDITS cache load.php redirect.phtml<br />
FAQ config load.php5 resources<br />
HISTORY docs maintenance serialized<br />
INSTALL extensions math skins<br />
README images mw-config thumb.php<br />
RELEASE-NOTES img_auth.php opensearch_desc.php thumb.php5<br />
StartProfiler.sample img_auth.php5 opensearch_desc.php5 trackback.php<br />
UPGRADE includes php5.php5 trackback.php5<br />
api.php index.php profileinfo.php wiki.phtml<br />
api.php5 index.php5 redirect.php<br />
<br />
Didn't find a LocalSettings.php, which is what I was expecting, so reading INSTALL.<br />
<br />
# less INSTALL<br />
<br />
It told me to navigate to the [http://www.progclub.org/mediawiki-1.17.0/ setup page]. The setup page complained about a missing LocalSettings.php, so they haven't changed that after all. Clicked on [http://www.progclub.org/mediawiki-1.17.0/mw-config/index.php setup the wiki].<br />
<br />
Specified,<br />
<br />
* Your language: en - English<br />
* Wiki language: en - English<br />
<br />
Clicked continue, and amoung it's checks was a complaint:<br />
<br />
Could not find a suitable database driver! You need to install a database driver for PHP. The following<br />
database types are supported: MySQL, PostgreSQL, Oracle, SQLite.<br />
<br />
If you are on shared hosting, ask your hosting provider to install a suitable database driver. If you compiled<br />
PHP yourself, reconfigure it with a database client enabled, for example using ./configure --with-mysql. <br />
If you installed PHP from a Debian or Ubuntu package, then you also need install the php5-mysql module.<br />
<br />
So,<br />
<br />
# apt-get install php5-mysql<br />
# apache2ctl graceful<br />
<br />
Then reloaded the [http://www.progclub.org/mediawiki-1.17.0/mw-config/index.php?page=Welcome config page],<br />
<br />
The environment has been checked. You can install MediaWiki.<br />
<br />
Clicked continue, and got the Connect to database page. Looks like I'm going to need a database user for the wiki, so<br />
<br />
# mysql -h localhost -u root --password=<password><br />
Welcome to the MySQL monitor. Commands end with ; or \g.<br />
Your MySQL connection id is 36<br />
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)<br />
<br />
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.<br />
<br />
mysql> create user 'pcwiki'@'localhost' identified by '<password>';<br />
Query OK, 0 rows affected (0.00 sec)<br />
<br />
mysql> exit<br />
Bye<br />
<br />
Back on the config page:<br />
<br />
* Database type: MySQL<br />
* Database host: localhost<br />
* Database name: pcwiki<br />
* Database table prefix: pcwiki__<br />
* Database username: pcwiki<br />
* Database password: <password><br />
<br />
Clicked continue, and got the Database settings page. Specified,<br />
<br />
* Database account for web access: Use the same account as for installation<br />
* Storage engine: InnoDB (the default, other choice was MyISAM)<br />
* Database character set: UTF-8 (not the default, the default choice was Binary)<br />
<br />
Clicked continue, and got the Name page. Specified,<br />
<br />
* Name of wiki: ProgClub<br />
* Project namespace: Same as the wiki name: ProgClub<br />
<br />
Configuration for the Administrator account,<br />
<br />
* Your name: John<br />
* Password: <password><br />
* Password again: <password><br />
* E-mail address: jj5@jj5.net<br />
<br />
You are almost done! You can now skip the remaining configuration and install the wiki right now.<br />
<br />
Chose Ask me more questions, and got the Options page. Specified,<br />
<br />
* User rights profile: Traditional wiki<br />
* Copyright and license: No license footer<br />
<br />
* Enable outbound e-mail: true<br />
* Return e-mail address: wiki@progclub.org<br />
* Enable user-to-user e-mail: true<br />
* Enable user talk page notification: true<br />
* Enable watchlist notification: true<br />
* Enable e-mail authentication: true<br />
<br />
* Enable file uploads: true<br />
* Directory for deleted files: /var/www/www.progclub.org/mediawiki-1.17.0/images/deleted<br />
* Logo URL: /res/img/logo.png<br />
<br />
* Settings for object caching: No caching<br />
<br />
Clicked Continue, and got the confirmation page. Clicked Continue again. Got an error because the database user couldn't create the database. Created the database manually,<br />
<br />
# mysql -h localhost -u root --password=<password><br />
Welcome to the MySQL monitor. Commands end with ; or \g.<br />
Your MySQL connection id is 43<br />
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)<br />
<br />
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.<br />
<br />
mysql> create database `pcwiki`;<br />
Query OK, 1 row affected (0.00 sec)<br />
<br />
mysql> exit<br />
Bye<br />
<br />
Decided it would be easier to let MediaWiki create the database, so went back and specified the database config details to use the root user. I will change this to be the pcwiki user manually after the database has been created.<br />
<br />
Setting up database... done<br />
Creating tables... done<br />
Creating database user... done<br />
Populating default interwiki table... done<br />
Initializing statistics... done<br />
Generating secret keys... done<br />
Creating administrator user account... done<br />
Creating main page with default content... done<br />
<br />
Clicked continue,<br />
<br />
Congratulations! You have successfully installed MediaWiki.<br />
<br />
The installer has generated a LocalSettings.php file. It contains all your configuration.<br />
<br />
You will need to download it and put it in the base of your wiki installation (the same<br />
directory as index.php). The download should have started automatically.<br />
<br />
If the download was not offered, or if you cancelled it, you can restart the download by<br />
clicking the link below: Download LocalSettings.php<br />
<br />
Note: If you do not do this now, this generated configuration file will not be available<br />
to you later if you exit the installation without downloading it.<br />
<br />
When that has been done, you can enter your wiki.<br />
<br />
Downloaded the LocalSettings.php file and copied it to /var/www/www.blackbrick.com/mediawiki.1.17.0<br />
<br />
Edited LocalSettings.php and changed the database user:<br />
<br />
$wgDBuser = "pcwiki";<br />
$wgDBpassword = "<password>";<br />
<br />
Also added an article path:<br />
<br />
$wgArticlePath = "/pc/$1";<br />
<br />
Also need to grant access for pcwiki user:<br />
<br />
# mysql -h localhost -u root --password=<password><br />
Welcome to the MySQL monitor. Commands end with ; or \g.<br />
Your MySQL connection id is 54<br />
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)<br />
<br />
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.<br />
<br />
mysql> grant all privileges on pcwiki.* to pcwiki@localhost;<br />
Query OK, 0 rows affected (0.11 sec)<br />
<br />
mysql> exit<br />
Bye<br />
<br />
Then need to edit apache conf file to include the pc alias:<br />
<br />
# cd /etc/apache2/sites-enabled/<br />
# vim 000-default<br />
<br />
added,<br />
<br />
Alias /pc /var/www/www.progclub.org/mediawiki-1.17.0/index.php<br />
<br />
then,<br />
<br />
# apache2ctl graceful<br />
<br />
Also,<br />
<br />
# cd /var/www/www.progclub.org/<br />
# mkdir res<br />
# mkdir res/img<br />
<br />
Then uploaded a logo.png to there with WinSCP. The logo settings hadn't been properly specified in the generated LocalSettings.php file, so,<br />
<br />
# cd /var/www/www.progclub.org/mediawiki-1.17.0/<br />
# vim LocalSettings.php<br />
<br />
and changed the logo setting,<br />
<br />
$wgLogo = "/res/img/logo.png";<br />
<br />
Checked [http://www.progclub.org/pc/Main_Page the wiki], and it's all working nicely.<br />
<br />
= 2011-07-25 17:12 =<br />
<br />
== Preparing WWW hosting ==<br />
<br />
# cd /var/www<br />
# mkdir www.progclub.org<br />
# mv index.html test.php www.progclub.org/<br />
# ls<br />
# cd www.progclub.org/<br />
# ls<br />
index.html test.php<br />
<br />
Everything is in order.<br />
<br />
# cd /etc/apache2/sites-enabled/<br />
# ls<br />
000-default<br />
# vim 000-default<br />
<br />
Specified ServerAdmin,<br />
<br />
ServerAdmin jj5@progclub.org<br />
<br />
Changed document root,<br />
<br />
DocumentRoot /var/www/www.progclub.org/<br />
<br />
Changed the <Directory /var/www/> section to,<br />
<br />
<Directory /var/www/www.progclub.org/><br />
<br />
Saved changes and quit vim. Restarted apache,<br />
<br />
# apache2ctl graceful<br />
<br />
Apache complained,<br />
<br />
apache2: Could not reliably determine the server's fully qualified domain name, using charity.progclub.org for ServerName<br />
<br />
Searched for "apache2: Could not reliably determine the server's fully qualified domain name, using " and found an [http://www.linuxquestions.org/questions/linux-server-73/apache-giving-the-error-could-not-determine-the-servers-fully-qualified-domain-name-280677/ answer].<br />
<br />
Ran,<br />
<br />
# hostname charity.progclub.org<br />
<br />
which I guess is a better way to set the hostname than editing /etc/hostname like I did. :P<br />
<br />
Ran,<br />
<br />
# apache2ctl graceful<br />
<br />
again, and got the same error,<br />
<br />
apache2: Could not reliably determine the server's fully qualified domain name, using charity.progclub.org for ServerName<br />
<br />
Tried a reboot to see if the hostname is updated after that,<br />
<br />
# reboot<br />
<br />
Still having problems with,<br />
<br />
# apache2ctl graceful<br />
<br />
So read more of the [http://www.linuxquestions.org/questions/linux-server-73/apache-giving-the-error-could-not-determine-the-servers-fully-qualified-domain-name-280677/ answer], and then,<br />
<br />
# hostname charity<br />
# vim /etc/hosts<br />
<br />
Specified the file contents as<br />
<br />
127.0.0.1 localhost localhost.localdomain<br />
67.207.128.184 charity charity.progclub.org<br />
<br />
Then rebooted,<br />
<br />
# reboot<br />
<br />
Ran hostname and got,<br />
<br />
# hostname<br />
charity.progclub.org<br />
<br />
So edited /etc/hostname and specified<br />
<br />
charity<br />
<br />
Rebooted,<br />
<br />
# reboot<br />
<br />
Searched for "/etc/hostname", and found [http://lists.debian.org/debian-devel/2003/05/msg02064.html an answer]. Short name goes in /etc/hostname, so we should be configured correctly now. Apache is still complaining though,<br />
<br />
# apache2ctl graceful<br />
apache2: Could not reliably determine the server's fully qualified domain name, using 67.207.128.184 for ServerName<br />
<br />
and it's using the IP address rather than charity.progclub.org now. Will manually specify ServerName in /etc/apache2/sites-enabled/000-default<br />
<br />
# cd /etc/apache2/sites-enabled/<br />
# vim 000-default<br />
<br />
Added,<br />
<br />
ServerName charity.progclub.org<br />
<br />
Ran,<br />
<br />
# apache2ctl graceful<br />
<br />
again, and got the same friggin' error! More web-searching... found a [http://www.wallpaperama.com/forums/how-to-fix-could-not-determine-the-servers-fully-qualified-domain-name-t23.html different answer], tried editing /etc/hosts to put the names the other way around,<br />
<br />
# vim /etc/hosts<br />
<br />
127.0.0.1 localhost.localdomain localhost<br />
67.207.128.184 charity.progclub.org charity<br />
<br />
Rebooted,<br />
<br />
# reboot<br />
<br />
Tried apache2ctl again,<br />
<br />
# apache2ctl graceful<br />
<br />
And got no error! Yay!<br />
<br />
Checked<br />
<br />
* [http://www.progclub.org/ www.progclub.org]<br />
<br />
and found everything to be working. Web hosting is now configured.<br />
<br />
= 2011-07-25 17:11 =<br />
<br />
== PHP software installation ==<br />
<br />
I created a test.php file at /var/www/test.php to see if PHP was working out-of-the-box. I navigated to [http://www.progclub.org/test.php test.php] to check, and it tried to download the PHP file, so I guess PHP isn't installed.<br />
<br />
The test.php file I used was,<br />
<br />
<? phpinfo(); ?><br />
<br />
Searched for PHP installation candidate,<br />
<br />
# apt-cache search php5 | less<br />
<br />
Found php5, which looks promising.<br />
<br />
# apt-get install php5<br />
<br />
The following extra packages will be installed:<br />
apache2-mpm-prefork libapache2-mod-php5 php5-common<br />
Suggested packages:<br />
php-pear php5-suhosin<br />
The following packages will be REMOVED:<br />
apache2-mpm-worker<br />
The following NEW packages will be installed:<br />
apache2-mpm-prefork libapache2-mod-php5 php5 php5-common<br />
0 upgraded, 4 newly installed, 1 to remove and 0 not upgraded.<br />
Need to get 3544kB of archives.<br />
After this operation, 9568kB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid-updates/main apache2-mpm-prefork 2.2.14-5ubuntu8.4 [2420B]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid-updates/main php5-common 5.3.2-1ubuntu4.9 [551kB]<br />
Get:3 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libapache2-mod-php5 5.3.2-1ubuntu4.9 [2990kB]<br />
Get:4 http://archive.ubuntu.com/ubuntu/ lucid-updates/main php5 5.3.2-1ubuntu4.9 [1112B]<br />
Fetched 3544kB in 1s (1913kB/s)<br />
dpkg: apache2-mpm-worker: dependency problems, but removing anyway as you requested:<br />
apache2 depends on apache2-mpm-worker (= 2.2.14-5ubuntu8.4) | apache2-mpm-prefork (= 2.2.14-5ubuntu8.4) | apache2-mpm-event (= 2.2.14-5ubuntu8.4) | apache2-mpm-itk (= 2.2.14-5ubuntu8.4); however:<br />
Package apache2-mpm-worker is to be removed.<br />
Package apache2-mpm-prefork is not installed.<br />
Package apache2-mpm-event is not installed.<br />
Package apache2-mpm-itk is not installed.<br />
(Reading database ... 15291 files and directories currently installed.)<br />
Removing apache2-mpm-worker ...<br />
* Stopping web server apache2 apache2: Could not reliably determine the server's fully qualified domain name, using 67.207.128.184 for ServerName<br />
... waiting . [ OK ]<br />
Selecting previously deselected package apache2-mpm-prefork.<br />
(Reading database ... 15283 files and directories currently installed.)<br />
Unpacking apache2-mpm-prefork (from .../apache2-mpm-prefork_2.2.14-5ubuntu8.4_amd64.deb) ...<br />
Selecting previously deselected package php5-common.<br />
Unpacking php5-common (from .../php5-common_5.3.2-1ubuntu4.9_amd64.deb) ...<br />
Selecting previously deselected package libapache2-mod-php5.<br />
Unpacking libapache2-mod-php5 (from .../libapache2-mod-php5_5.3.2-1ubuntu4.9_amd64.deb) ...<br />
Selecting previously deselected package php5.<br />
Unpacking php5 (from .../php5_5.3.2-1ubuntu4.9_all.deb) ...<br />
Setting up apache2-mpm-prefork (2.2.14-5ubuntu8.4) ...<br />
* Starting web server apache2 apache2: Could not reliably determine the server's fully qualified domain name, using 67.207.128.184 for ServerName<br />
[ OK ]<br />
Setting up php5-common (5.3.2-1ubuntu4.9) ...<br />
Setting up libapache2-mod-php5 (5.3.2-1ubuntu4.9) ...<br />
Creating config file /etc/php5/apache2/php.ini with new version<br />
* Reloading web server config apache2 apache2: Could not reliably determine the server's fully qualified domain name, using 67.207.128.184 for ServerName<br />
[ OK ]<br />
Setting up php5 (5.3.2-1ubuntu4.9) ...<br />
<br />
Noticed the complaining about the server's fully qualified domain name, so<br />
<br />
# vim /etc/hostname<br />
<br />
and changed from<br />
<br />
charity<br />
<br />
to<br />
<br />
charity.progclub.org<br />
<br />
Then I rebooted,<br />
<br />
# reboot<br />
<br />
Logged in again and checked the hostname,<br />
<br />
# hostname<br />
<br />
which was correctly reported as,<br />
<br />
charity.progclub.org<br />
<br />
Then I navigated to the [http://www.progclub.org/test.php test.php] page, and got back the phpinfo().<br />
<br />
= 2011-07-25 16:40 =<br />
<br />
== Apache and MySQL software installation ==<br />
<br />
Searched for MySQL software,<br />
<br />
# apt-cache search mysql | less<br />
<br />
Found mysql-server, which looks like a good candidate.<br />
<br />
Searched for Apache software,<br />
<br />
# apt-cache search apache2 | less<br />
<br />
Found apache2, which looks like a good candidate.<br />
<br />
# apt-get install apache2 mysql-server<br />
<br />
The following extra packages will be installed:<br />
apache2-mpm-worker apache2-utils apache2.2-bin apache2.2-common libapr1<br />
libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libdbd-mysql-perl<br />
libdbi-perl libexpat1 libhtml-template-perl libmysqlclient16<br />
libnet-daemon-perl libplrpc-perl mysql-client-5.1 mysql-client-core-5.1<br />
mysql-common mysql-server-5.1 mysql-server-core-5.1 psmisc ssl-cert<br />
Suggested packages:<br />
www-browser apache2-doc apache2-suexec apache2-suexec-custom ufw dbishell<br />
libipc-sharedcache-perl tinyca mailx<br />
The following NEW packages will be installed:<br />
apache2 apache2-mpm-worker apache2-utils apache2.2-bin apache2.2-common<br />
libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap<br />
libdbd-mysql-perl libdbi-perl libexpat1 libhtml-template-perl<br />
libmysqlclient16 libnet-daemon-perl libplrpc-perl mysql-client-5.1<br />
mysql-client-core-5.1 mysql-common mysql-server mysql-server-5.1<br />
mysql-server-core-5.1 psmisc ssl-cert<br />
<br />
== Configuring mysql-server-5.1 ==<br />
<br />
Dpkg showed a configuration screen for configuring the root password. I set one.<br />
<br />
== Apache and MySQL software installation, continued ==<br />
<br />
I rebooted after installing the above software,<br />
<br />
# reboot<br />
<br />
I checked the Apache installation by navigating to [http://www.progclub.org/ www.progclub.org] and It Works!<br />
<br />
= 2011-07-25 16:34 =<br />
<br />
SSH'ed in as root and ran:<br />
<br />
# apt-get update<br />
# apt-get dist-upgrade<br />
# reboot<br />
<br />
= 2011-07-25 16:00 =<br />
<br />
Had to stuff around with resetting the root password on charity, but remote logins via SSH are working now for root.<br />
<br />
= 2011-07-25 15:52 =<br />
<br />
Configured the name server with progclub.org, progclub.net and progclub.info DNS zones on slicehost. The [https://manage.slicehost.com/ SliceManager] should be used to maintain the DNS records for progclub.</div>60.240.67.126https://www.progclub.org/wiki/mediawiki/index.php?title=Charity_admin&diff=81Charity admin2011-07-25T23:01:59Z<p>60.240.67.126: </p>
<hr />
<div>This page chronicles the administrative changes to [[Charity|charity.progclub.org]]. If you make an administrative change you should document the change here. Changes are logged he in reverse chronological order with a time-stamp in the form YYYY-MM-DD hh:mm. You can use the time from whatever timezone you are in, or UTC if you're cool, but use 24 hour time. Don't worry if the changes you make have a time-stamp that is less than a time-stamp later in the page, put the latest changes at the top.<br />
<br />
= 2011-07-26 08:47 =<br />
<br />
I could be accused of ignorance. When I created my key file for the CSR request I nominated a pass-phrase. This phrase is required to be entered every time you restart Apache. Gah! Until I can figure out a way to fix it I've created a script in /sbin called restart-apache which enters the key's pass-phrase automatically.<br />
<br />
# cd /sbin<br />
# vim restart-apache<br />
<br />
#!/bin/bash<br />
echo <the pass phrase> | apache2ctl graceful<br />
<br />
# chmod u+x restart-apache<br />
# restart-apache<br />
<br />
Works swimmingly. Will reboot to see what happens when apache tries to load from a boot.<br />
<br />
Apache chokes on boot. Found [http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html this article], which suggests,<br />
<br />
# cd ~<br />
# cp progclub.key progclub.key.pass-phrase<br />
# openssl rsa -in progclub.key.pass-phrase -out progclub.key<br />
# chmod 400 progclub.*<br />
# reboot<br />
<br />
Hopefully Apache comes back up this time... yep!<br />
<br />
= 2011-07-26 06:20 =<br />
<br />
== Getting an HTTPS certificate ==<br />
<br />
Searched for [http://www.google.com.au/search?q=certificate%20sni%20cheap&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&source=hp&channel=np certificate sni cheap], found [http://www.godaddy.com/ssl/ssl-certificates.aspx?isc=sslqgau03&ci=9039 Go Daddy SSL Certificate]. Decided on the Multiple Domains UCC - A$82.93/yr setup, which looks like it will suit us. Picked up to 5 domains for 3 years. It offered me free .mobi registration, so I added progclub.mobi. I then also added progclub.biz and progclub.co, I'm a sucker. Registration information recorded in [https://www.blackbrick.com/web/service/view/id/3240 Blackbrick Account Manager]. Setup the nameservers for the new domains to point to ns*.slicehost.net via [https://mya.godaddy.com/default.aspx?isc=sslqgau03&ci=21822&isc=sslqgau03 My Account].<br />
<br />
Had to generated a Certificate Signing Request (CSR) per [http://community.godaddy.com/help/article/5343 these instructions] (for [http://community.godaddy.com/help/5269 Apache 2.x]).<br />
<br />
# cd ~<br />
# openssl genrsa -des3 -out progclub.key 2048<br />
# openssl req -new -key progclub.key -out progclub.csr<br />
<br />
See [https://www.blackbrick.com/web/attachment/view/id/3331 Blackbrick Account Manager] for full details.<br />
<br />
=== Certificate Type ===<br />
* Hosting: Third Party Hosting <br />
* Domain Name: www.progclub.org <br />
* Certificate Issuing Organization: Go Daddy <br />
* Subject Alt Names: www.progclub.net www.progclub.mobi www.progclub.info www.progclub.co <br />
<br />
You're through!<br />
<br />
Your certificate will be issued shortly.<br />
<br />
You can monitor the progress of your certificate application by going to the<br />
Pending Requests folder and clicking your Common Name. When we are through<br />
verifying your application, you will receive an email with further instructions.<br />
<br />
Downloaded the progclub.org.zip that was eventually generated, and used WinSCP to copy it to root's home directory on charity. Found info about [http://community.godaddy.com/help/article/5238 Installing an SSL Certificate in Apache].<br />
<br />
# cd /etc/apache2/sites-available/<br />
# vim default-ssl<br />
<br />
Set,<br />
<br />
ServerAdmin jj5@jj5.net<br />
DocumentRoot /var/www/www.progclub.org<br />
<br />
# cd ~<br />
# ls<br />
progclub.csr progclub.key progclub.org.zip<br />
# unzip progclub.org.zip<br />
-bash: unzip: command not found<br />
# apt-get install unzip<br />
Reading package lists... Done<br />
Building dependency tree<br />
Reading state information... Done<br />
Suggested packages:<br />
zip<br />
The following NEW packages will be installed:<br />
unzip<br />
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.<br />
Need to get 189kB of archives.<br />
After this operation, 406kB of additional disk space will be used.<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main unzip 6.0-1build1 [189kB]<br />
Fetched 189kB in 0s (195kB/s)<br />
Selecting previously deselected package unzip.<br />
(Reading database ... 15343 files and directories currently installed.)<br />
Unpacking unzip (from .../unzip_6.0-1build1_amd64.deb) ...<br />
Processing triggers for man-db ...<br />
Setting up unzip (6.0-1build1) ...<br />
# unzip progclub.org.zip<br />
Archive: progclub.org.zip<br />
inflating: gd_bundle.crt<br />
inflating: progclub.org.crt<br />
# ls<br />
gd_bundle.crt progclub.csr progclub.key progclub.org.crt progclub.org.zip<br />
# cd /etc/apache2/sites-available/<br />
# vim default-ssl<br />
<br />
#SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem<br />
SSLCertificateFile /root/progclub.org.crt<br />
#SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key<br />
SSLCertificateKeyFile /root/progclub.key<br />
<br />
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt<br />
SSLCertificateChainFile /root/gd_bundle.crt<br />
<br />
Saved changes.<br />
<br />
# a2ensite default-ssl<br />
# /etc/init.d/apache2 reload<br />
* Reloading web server config apache2 [ OK ]<br />
# a2enmod ssl<br />
Enabling module ssl.<br />
See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.<br />
Run '/etc/init.d/apache2 restart' to activate new configuration!<br />
# /etc/init.d/apache2 restart<br />
<br />
Navigated to [https://www.progclub.org/ https://www.progclub.org/], and it worked!<br />
<br />
# cd /etc/apache2/sites-enabled/<br />
# vim 000-default-ssl<br />
<br />
Alias /pc /var/www/www.progclub.org/mediawiki-1.17.0/index.php<br />
<br />
The [https://www.progclub.org/pc/Main_Page secure wiki] is now working!<br />
<br />
= 2011-07-25 17:53 =<br />
<br />
== Installing MediaWiki ==<br />
<br />
Found the [http://www.mediawiki.org/wiki/Download MediaWiki download page], which references [http://download.wikimedia.org/mediawiki/1.17/mediawiki-1.17.0.tar.gz mediawiki-1.17.0.tar.gz].<br />
<br />
# cd /var/www/www.progclub.org/<br />
# wget http://download.wikimedia.org/mediawiki/1.17/mediawiki-1.17.0.tar.gz<br />
# ls<br />
index.html mediawiki-1.17.0.tar.gz test.php<br />
# tar xzf mediawiki-1.17.0.tar.gz<br />
# ls<br />
index.html mediawiki-1.17.0 mediawiki-1.17.0.tar.gz test.php<br />
# rm mediawiki-1.17.0.tar.gz<br />
# cd mediawiki-1.17.0/<br />
# ls<br />
COPYING bin languages redirect.php5<br />
CREDITS cache load.php redirect.phtml<br />
FAQ config load.php5 resources<br />
HISTORY docs maintenance serialized<br />
INSTALL extensions math skins<br />
README images mw-config thumb.php<br />
RELEASE-NOTES img_auth.php opensearch_desc.php thumb.php5<br />
StartProfiler.sample img_auth.php5 opensearch_desc.php5 trackback.php<br />
UPGRADE includes php5.php5 trackback.php5<br />
api.php index.php profileinfo.php wiki.phtml<br />
api.php5 index.php5 redirect.php<br />
<br />
Didn't find a LocalSettings.php, which is what I was expecting, so reading INSTALL.<br />
<br />
# less INSTALL<br />
<br />
It told me to navigate to the [http://www.progclub.org/mediawiki-1.17.0/ setup page]. The setup page complained about a missing LocalSettings.php, so they haven't changed that after all. Clicked on [http://www.progclub.org/mediawiki-1.17.0/mw-config/index.php setup the wiki].<br />
<br />
Specified,<br />
<br />
* Your language: en - English<br />
* Wiki language: en - English<br />
<br />
Clicked continue, and amoung it's checks was a complaint:<br />
<br />
Could not find a suitable database driver! You need to install a database driver for PHP. The following<br />
database types are supported: MySQL, PostgreSQL, Oracle, SQLite.<br />
<br />
If you are on shared hosting, ask your hosting provider to install a suitable database driver. If you compiled<br />
PHP yourself, reconfigure it with a database client enabled, for example using ./configure --with-mysql. <br />
If you installed PHP from a Debian or Ubuntu package, then you also need install the php5-mysql module.<br />
<br />
So,<br />
<br />
# apt-get install php5-mysql<br />
# apache2ctl graceful<br />
<br />
Then reloaded the [http://www.progclub.org/mediawiki-1.17.0/mw-config/index.php?page=Welcome config page],<br />
<br />
The environment has been checked. You can install MediaWiki.<br />
<br />
Clicked continue, and got the Connect to database page. Looks like I'm going to need a database user for the wiki, so<br />
<br />
# mysql -h localhost -u root --password=<password><br />
Welcome to the MySQL monitor. Commands end with ; or \g.<br />
Your MySQL connection id is 36<br />
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)<br />
<br />
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.<br />
<br />
mysql> create user 'pcwiki'@'localhost' identified by '<password>';<br />
Query OK, 0 rows affected (0.00 sec)<br />
<br />
mysql> exit<br />
Bye<br />
<br />
Back on the config page:<br />
<br />
* Database type: MySQL<br />
* Database host: localhost<br />
* Database name: pcwiki<br />
* Database table prefix: pcwiki__<br />
* Database username: pcwiki<br />
* Database password: <password><br />
<br />
Clicked continue, and got the Database settings page. Specified,<br />
<br />
* Database account for web access: Use the same account as for installation<br />
* Storage engine: InnoDB (the default, other choice was MyISAM)<br />
* Database character set: UTF-8 (not the default, the default choice was Binary)<br />
<br />
Clicked continue, and got the Name page. Specified,<br />
<br />
* Name of wiki: ProgClub<br />
* Project namespace: Same as the wiki name: ProgClub<br />
<br />
Configuration for the Administrator account,<br />
<br />
* Your name: John<br />
* Password: <password><br />
* Password again: <password><br />
* E-mail address: jj5@jj5.net<br />
<br />
You are almost done! You can now skip the remaining configuration and install the wiki right now.<br />
<br />
Chose Ask me more questions, and got the Options page. Specified,<br />
<br />
* User rights profile: Traditional wiki<br />
* Copyright and license: No license footer<br />
<br />
* Enable outbound e-mail: true<br />
* Return e-mail address: wiki@progclub.org<br />
* Enable user-to-user e-mail: true<br />
* Enable user talk page notification: true<br />
* Enable watchlist notification: true<br />
* Enable e-mail authentication: true<br />
<br />
* Enable file uploads: true<br />
* Directory for deleted files: /var/www/www.progclub.org/mediawiki-1.17.0/images/deleted<br />
* Logo URL: /res/img/logo.png<br />
<br />
* Settings for object caching: No caching<br />
<br />
Clicked Continue, and got the confirmation page. Clicked Continue again. Got an error because the database user couldn't create the database. Created the database manually,<br />
<br />
# mysql -h localhost -u root --password=<password><br />
Welcome to the MySQL monitor. Commands end with ; or \g.<br />
Your MySQL connection id is 43<br />
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)<br />
<br />
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.<br />
<br />
mysql> create database `pcwiki`;<br />
Query OK, 1 row affected (0.00 sec)<br />
<br />
mysql> exit<br />
Bye<br />
<br />
Decided it would be easier to let MediaWiki create the database, so went back and specified the database config details to use the root user. I will change this to be the pcwiki user manually after the database has been created.<br />
<br />
Setting up database... done<br />
Creating tables... done<br />
Creating database user... done<br />
Populating default interwiki table... done<br />
Initializing statistics... done<br />
Generating secret keys... done<br />
Creating administrator user account... done<br />
Creating main page with default content... done<br />
<br />
Clicked continue,<br />
<br />
Congratulations! You have successfully installed MediaWiki.<br />
<br />
The installer has generated a LocalSettings.php file. It contains all your configuration.<br />
<br />
You will need to download it and put it in the base of your wiki installation (the same<br />
directory as index.php). The download should have started automatically.<br />
<br />
If the download was not offered, or if you cancelled it, you can restart the download by<br />
clicking the link below: Download LocalSettings.php<br />
<br />
Note: If you do not do this now, this generated configuration file will not be available<br />
to you later if you exit the installation without downloading it.<br />
<br />
When that has been done, you can enter your wiki.<br />
<br />
Downloaded the LocalSettings.php file and copied it to /var/www/www.blackbrick.com/mediawiki.1.17.0<br />
<br />
Edited LocalSettings.php and changed the database user:<br />
<br />
$wgDBuser = "pcwiki";<br />
$wgDBpassword = "<password>";<br />
<br />
Also added an article path:<br />
<br />
$wgArticlePath = "/pc/$1";<br />
<br />
Also need to grant access for pcwiki user:<br />
<br />
# mysql -h localhost -u root --password=<password><br />
Welcome to the MySQL monitor. Commands end with ; or \g.<br />
Your MySQL connection id is 54<br />
Server version: 5.1.41-3ubuntu12.10 (Ubuntu)<br />
<br />
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.<br />
<br />
mysql> grant all privileges on pcwiki.* to pcwiki@localhost;<br />
Query OK, 0 rows affected (0.11 sec)<br />
<br />
mysql> exit<br />
Bye<br />
<br />
Then need to edit apache conf file to include the pc alias:<br />
<br />
# cd /etc/apache2/sites-enabled/<br />
# vim 000-default<br />
<br />
added,<br />
<br />
Alias /pc /var/www/www.progclub.org/mediawiki-1.17.0/index.php<br />
<br />
then,<br />
<br />
# apache2ctl graceful<br />
<br />
Also,<br />
<br />
# cd /var/www/www.progclub.org/<br />
# mkdir res<br />
# mkdir res/img<br />
<br />
Then uploaded a logo.png to there with WinSCP. The logo settings hadn't been properly specified in the generated LocalSettings.php file, so,<br />
<br />
# cd /var/www/www.progclub.org/mediawiki-1.17.0/<br />
# vim LocalSettings.php<br />
<br />
and changed the logo setting,<br />
<br />
$wgLogo = "/res/img/logo.png";<br />
<br />
Checked [http://www.progclub.org/pc/Main_Page the wiki], and it's all working nicely.<br />
<br />
= 2011-07-25 17:12 =<br />
<br />
== Preparing WWW hosting ==<br />
<br />
# cd /var/www<br />
# mkdir www.progclub.org<br />
# mv index.html test.php www.progclub.org/<br />
# ls<br />
# cd www.progclub.org/<br />
# ls<br />
index.html test.php<br />
<br />
Everything is in order.<br />
<br />
# cd /etc/apache2/sites-enabled/<br />
# ls<br />
000-default<br />
# vim 000-default<br />
<br />
Specified ServerAdmin,<br />
<br />
ServerAdmin jj5@progclub.org<br />
<br />
Changed document root,<br />
<br />
DocumentRoot /var/www/www.progclub.org/<br />
<br />
Changed the <Directory /var/www/> section to,<br />
<br />
<Directory /var/www/www.progclub.org/><br />
<br />
Saved changes and quit vim. Restarted apache,<br />
<br />
# apache2ctl graceful<br />
<br />
Apache complained,<br />
<br />
apache2: Could not reliably determine the server's fully qualified domain name, using charity.progclub.org for ServerName<br />
<br />
Searched for "apache2: Could not reliably determine the server's fully qualified domain name, using " and found an [http://www.linuxquestions.org/questions/linux-server-73/apache-giving-the-error-could-not-determine-the-servers-fully-qualified-domain-name-280677/ answer].<br />
<br />
Ran,<br />
<br />
# hostname charity.progclub.org<br />
<br />
which I guess is a better way to set the hostname than editing /etc/hostname like I did. :P<br />
<br />
Ran,<br />
<br />
# apache2ctl graceful<br />
<br />
again, and got the same error,<br />
<br />
apache2: Could not reliably determine the server's fully qualified domain name, using charity.progclub.org for ServerName<br />
<br />
Tried a reboot to see if the hostname is updated after that,<br />
<br />
# reboot<br />
<br />
Still having problems with,<br />
<br />
# apache2ctl graceful<br />
<br />
So read more of the [http://www.linuxquestions.org/questions/linux-server-73/apache-giving-the-error-could-not-determine-the-servers-fully-qualified-domain-name-280677/ answer], and then,<br />
<br />
# hostname charity<br />
# vim /etc/hosts<br />
<br />
Specified the file contents as<br />
<br />
127.0.0.1 localhost localhost.localdomain<br />
67.207.128.184 charity charity.progclub.org<br />
<br />
Then rebooted,<br />
<br />
# reboot<br />
<br />
Ran hostname and got,<br />
<br />
# hostname<br />
charity.progclub.org<br />
<br />
So edited /etc/hostname and specified<br />
<br />
charity<br />
<br />
Rebooted,<br />
<br />
# reboot<br />
<br />
Searched for "/etc/hostname", and found [http://lists.debian.org/debian-devel/2003/05/msg02064.html an answer]. Short name goes in /etc/hostname, so we should be configured correctly now. Apache is still complaining though,<br />
<br />
# apache2ctl graceful<br />
apache2: Could not reliably determine the server's fully qualified domain name, using 67.207.128.184 for ServerName<br />
<br />
and it's using the IP address rather than charity.progclub.org now. Will manually specify ServerName in /etc/apache2/sites-enabled/000-default<br />
<br />
# cd /etc/apache2/sites-enabled/<br />
# vim 000-default<br />
<br />
Added,<br />
<br />
ServerName charity.progclub.org<br />
<br />
Ran,<br />
<br />
# apache2ctl graceful<br />
<br />
again, and got the same friggin' error! More web-searching... found a [http://www.wallpaperama.com/forums/how-to-fix-could-not-determine-the-servers-fully-qualified-domain-name-t23.html different answer], tried editing /etc/hosts to put the names the other way around,<br />
<br />
# vim /etc/hosts<br />
<br />
127.0.0.1 localhost.localdomain localhost<br />
67.207.128.184 charity.progclub.org charity<br />
<br />
Rebooted,<br />
<br />
# reboot<br />
<br />
Tried apache2ctl again,<br />
<br />
# apache2ctl graceful<br />
<br />
And got no error! Yay!<br />
<br />
Checked<br />
<br />
* [http://www.progclub.org/ www.progclub.org]<br />
<br />
and found everything to be working. Web hosting is now configured.<br />
<br />
= 2011-07-25 17:11 =<br />
<br />
== PHP software installation ==<br />
<br />
I created a test.php file at /var/www/test.php to see if PHP was working out-of-the-box. I navigated to [http://www.progclub.org/test.php test.php] to check, and it tried to download the PHP file, so I guess PHP isn't installed.<br />
<br />
The test.php file I used was,<br />
<br />
<? phpinfo(); ?><br />
<br />
Searched for PHP installation candidate,<br />
<br />
# apt-cache search php5 | less<br />
<br />
Found php5, which looks promising.<br />
<br />
# apt-get install php5<br />
<br />
The following extra packages will be installed:<br />
apache2-mpm-prefork libapache2-mod-php5 php5-common<br />
Suggested packages:<br />
php-pear php5-suhosin<br />
The following packages will be REMOVED:<br />
apache2-mpm-worker<br />
The following NEW packages will be installed:<br />
apache2-mpm-prefork libapache2-mod-php5 php5 php5-common<br />
0 upgraded, 4 newly installed, 1 to remove and 0 not upgraded.<br />
Need to get 3544kB of archives.<br />
After this operation, 9568kB of additional disk space will be used.<br />
Do you want to continue [Y/n]?<br />
<br />
Get:1 http://archive.ubuntu.com/ubuntu/ lucid-updates/main apache2-mpm-prefork 2.2.14-5ubuntu8.4 [2420B]<br />
Get:2 http://archive.ubuntu.com/ubuntu/ lucid-updates/main php5-common 5.3.2-1ubuntu4.9 [551kB]<br />
Get:3 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libapache2-mod-php5 5.3.2-1ubuntu4.9 [2990kB]<br />
Get:4 http://archive.ubuntu.com/ubuntu/ lucid-updates/main php5 5.3.2-1ubuntu4.9 [1112B]<br />
Fetched 3544kB in 1s (1913kB/s)<br />
dpkg: apache2-mpm-worker: dependency problems, but removing anyway as you requested:<br />
apache2 depends on apache2-mpm-worker (= 2.2.14-5ubuntu8.4) | apache2-mpm-prefork (= 2.2.14-5ubuntu8.4) | apache2-mpm-event (= 2.2.14-5ubuntu8.4) | apache2-mpm-itk (= 2.2.14-5ubuntu8.4); however:<br />
Package apache2-mpm-worker is to be removed.<br />
Package apache2-mpm-prefork is not installed.<br />
Package apache2-mpm-event is not installed.<br />
Package apache2-mpm-itk is not installed.<br />
(Reading database ... 15291 files and directories currently installed.)<br />
Removing apache2-mpm-worker ...<br />
* Stopping web server apache2 apache2: Could not reliably determine the server's fully qualified domain name, using 67.207.128.184 for ServerName<br />
... waiting . [ OK ]<br />
Selecting previously deselected package apache2-mpm-prefork.<br />
(Reading database ... 15283 files and directories currently installed.)<br />
Unpacking apache2-mpm-prefork (from .../apache2-mpm-prefork_2.2.14-5ubuntu8.4_amd64.deb) ...<br />
Selecting previously deselected package php5-common.<br />
Unpacking php5-common (from .../php5-common_5.3.2-1ubuntu4.9_amd64.deb) ...<br />
Selecting previously deselected package libapache2-mod-php5.<br />
Unpacking libapache2-mod-php5 (from .../libapache2-mod-php5_5.3.2-1ubuntu4.9_amd64.deb) ...<br />
Selecting previously deselected package php5.<br />
Unpacking php5 (from .../php5_5.3.2-1ubuntu4.9_all.deb) ...<br />
Setting up apache2-mpm-prefork (2.2.14-5ubuntu8.4) ...<br />
* Starting web server apache2 apache2: Could not reliably determine the server's fully qualified domain name, using 67.207.128.184 for ServerName<br />
[ OK ]<br />
Setting up php5-common (5.3.2-1ubuntu4.9) ...<br />
Setting up libapache2-mod-php5 (5.3.2-1ubuntu4.9) ...<br />
Creating config file /etc/php5/apache2/php.ini with new version<br />
* Reloading web server config apache2 apache2: Could not reliably determine the server's fully qualified domain name, using 67.207.128.184 for ServerName<br />
[ OK ]<br />
Setting up php5 (5.3.2-1ubuntu4.9) ...<br />
<br />
Noticed the complaining about the server's fully qualified domain name, so<br />
<br />
# vim /etc/hostname<br />
<br />
and changed from<br />
<br />
charity<br />
<br />
to<br />
<br />
charity.progclub.org<br />
<br />
Then I rebooted,<br />
<br />
# reboot<br />
<br />
Logged in again and checked the hostname,<br />
<br />
# hostname<br />
<br />
which was correctly reported as,<br />
<br />
charity.progclub.org<br />
<br />
Then I navigated to the [http://www.progclub.org/test.php test.php] page, and got back the phpinfo().<br />
<br />
= 2011-07-25 16:40 =<br />
<br />
== Apache and MySQL software installation ==<br />
<br />
Searched for MySQL software,<br />
<br />
# apt-cache search mysql | less<br />
<br />
Found mysql-server, which looks like a good candidate.<br />
<br />
Searched for Apache software,<br />
<br />
# apt-cache search apache2 | less<br />
<br />
Found apache2, which looks like a good candidate.<br />
<br />
# apt-get install apache2 mysql-server<br />
<br />
The following extra packages will be installed:<br />
apache2-mpm-worker apache2-utils apache2.2-bin apache2.2-common libapr1<br />
libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libdbd-mysql-perl<br />
libdbi-perl libexpat1 libhtml-template-perl libmysqlclient16<br />
libnet-daemon-perl libplrpc-perl mysql-client-5.1 mysql-client-core-5.1<br />
mysql-common mysql-server-5.1 mysql-server-core-5.1 psmisc ssl-cert<br />
Suggested packages:<br />
www-browser apache2-doc apache2-suexec apache2-suexec-custom ufw dbishell<br />
libipc-sharedcache-perl tinyca mailx<br />
The following NEW packages will be installed:<br />
apache2 apache2-mpm-worker apache2-utils apache2.2-bin apache2.2-common<br />
libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap<br />
libdbd-mysql-perl libdbi-perl libexpat1 libhtml-template-perl<br />
libmysqlclient16 libnet-daemon-perl libplrpc-perl mysql-client-5.1<br />
mysql-client-core-5.1 mysql-common mysql-server mysql-server-5.1<br />
mysql-server-core-5.1 psmisc ssl-cert<br />
<br />
== Configuring mysql-server-5.1 ==<br />
<br />
Dpkg showed a configuration screen for configuring the root password. I set one.<br />
<br />
== Apache and MySQL software installation, continued ==<br />
<br />
I rebooted after installing the above software,<br />
<br />
# reboot<br />
<br />
I checked the Apache installation by navigating to [http://www.progclub.org/ www.progclub.org] and It Works!<br />
<br />
= 2011-07-25 16:34 =<br />
<br />
SSH'ed in as root and ran:<br />
<br />
# apt-get update<br />
# apt-get dist-upgrade<br />
# reboot<br />
<br />
= 2011-07-25 16:00 =<br />
<br />
Had to stuff around with resetting the root password on charity, but remote logins via SSH are working now for root.<br />
<br />
= 2011-07-25 15:52 =<br />
<br />
Configured the name server with progclub.org, progclub.net and progclub.info DNS zones on slicehost. The [https://manage.slicehost.com/ SliceManager] should be used to maintain the DNS records for progclub.</div>60.240.67.126