|
|
Line 1: |
Line 1: |
− | This page chronicles the administrative changes to [[Hope|hope.progclub.net]]. If you make an administrative change you should document the change here. Changes are logged he in reverse chronological order with a time-stamp in the form YYYY-MM-DD hh:mm. You can use the time from whatever timezone you are in, or UTC if you're cool, but use 24 hour time. Don't worry if the changes you make have a time-stamp that is less than a time-stamp later in the page, put the latest changes at the top. Put a link to your wiki user account before the time-stamp so we know who's doing what. See the [[Administrative reference]] for other information.
| + | may la thang khon nan cho ghe Tri |
− | | + | http://labotim.inf.ufes.br/index.php/JacobsSpates722 |
− | = [[User:John|John]] 2012-02-28 13:44 =
| |
− | | |
− | == Configuring etckeeper email commit notifications ==
| |
− | | |
− | jj5@hope:~$ echo $SESSION_PATH
| |
− | /home/jj5/.session/2012/02/28/2012-02-28-134017
| |
− | jj5@hope:~$ note Configuring etckeeper email commit notifications
| |
− | Note: Configuring etckeeper email commit notifications
| |
− | | |
− | jj5@hope:~$ cd /srv
| |
− | jj5@hope:/srv$ sudo -s
| |
− | root@hope:/srv# mkdir bzr
| |
− | root@hope:/srv# cd bzr
| |
− | root@hope:/srv/bzr# bzr branch lp:bzr-hookless-email
| |
− | You have not informed bzr of your Launchpad ID, and you must do this to
| |
− | write to Launchpad or access private data. See "bzr help launchpad-login".
| |
− | Branched 30 revision(s).
| |
− | | |
− | root@hope:/srv/bzr# ls
| |
− | bzr-hookless-email
| |
− | | |
− | root@hope:/srv/bzr# cd bzr-hookless-email/
| |
− | root@hope:/srv/bzr/bzr-hookless-email# bzr pull
| |
− | Using saved parent location: http://bazaar.launchpad.net/~bzr/bzr-hookless-email/trunk-2a/
| |
− | No revisions to pull.
| |
− | | |
− | root@hope:/srv/bzr/bzr-hookless-email# cd /etc/cron.d
| |
− | | |
− | root@hope:/etc/cron.d# vim bzr-hookless-mail
| |
− | root@hope:/etc/cron.d# cat bzr-hookless-mail
| |
− | */5 * * * * root /srv/bzr/bzr-hookless-mail/bzr_hookless_email.py -e log@progclub.org -r /etc
| |
− | | |
− | root@hope:/etc/cron.d# ll
| |
− | total 24K
| |
− | drwxr-xr-x 2 root root 4.0K 2012-02-28 13:43 ./
| |
− | drwxr-xr-x 85 root root 4.0K 2012-02-28 12:52 ../
| |
− | -rw-r--r-- 1 root root 94 2012-02-28 13:43 bzr-hookless-mail
| |
− | -rw-r--r-- 1 root root 347 2012-02-28 12:52 logcheck
| |
− | -rw-r--r-- 1 root root 506 2012-02-09 17:43 php5
| |
− | -rw-r--r-- 1 root root 102 2010-04-15 16:51 .placeholder
| |
− | | |
− | = [[User:John|John]] 2012-02-28 12:54 =
| |
− | | |
− | == Installing and configuring logcheck ==
| |
− | | |
− | jj5@hope:~$ echo $SESSION_PATH
| |
− | /home/jj5/.session/2012/02/28/2012-02-28-125130
| |
− | jj5@hope:~$ note Installing and configuring logcheck.
| |
− | Note: Installing and configuring logcheck.
| |
− | | |
− | jj5@hope:~$ sudo -s
| |
− | root@hope:~# apt-get install logcheck syslog-summary
| |
− | Reading package lists... Done
| |
− | Building dependency tree
| |
− | Reading state information... Done
| |
− | The following extra packages will be installed:
| |
− | libipc-signal-perl libmime-types-perl libproc-waitstat-perl
| |
− | logcheck-database logtail mime-construct python-magic
| |
− | Suggested packages:
| |
− | python-magic-dbg
| |
− | The following NEW packages will be installed:
| |
− | libipc-signal-perl libmime-types-perl libproc-waitstat-perl logcheck
| |
− | logcheck-database logtail mime-construct python-magic syslog-summary
| |
− | 0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded.
| |
− | Need to get 361kB of archives.
| |
− | After this operation, 1,982kB of additional disk space will be used.
| |
− | Do you want to continue [Y/n]?
| |
− | Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libipc-signal-perl 1.00-6 [7,016B]
| |
− | Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main libmime-types-perl 1.28-1 [31.5kB]
| |
− | Get:3 http://archive.ubuntu.com/ubuntu/ lucid/main libproc-waitstat-perl 1.00-4 [7,806B]
| |
− | Get:4 http://archive.ubuntu.com/ubuntu/ lucid/main mime-construct 1.10 [19.4kB]
| |
− | Get:5 http://archive.ubuntu.com/ubuntu/ lucid-updates/main logtail 1.3.7ubuntu2 [57.8kB]
| |
− | Get:6 http://archive.ubuntu.com/ubuntu/ lucid-updates/main logcheck 1.3.7ubuntu2 [75.7kB]
| |
− | Get:7 http://archive.ubuntu.com/ubuntu/ lucid-updates/main logcheck-database 1.3.7ubuntu2 [115kB]
| |
− | Get:8 http://archive.ubuntu.com/ubuntu/ lucid/universe syslog-summary 1.14-1 [10.2kB]
| |
− | Get:9 http://archive.ubuntu.com/ubuntu/ lucid/main python-magic 5.03-5ubuntu1 [35.7kB]
| |
− | Fetched 361kB in 1s (323kB/s)
| |
− | Committing to: /etc/
| |
− | modified apt/apt.conf.d/50unattended-upgrades
| |
− | modified fail2ban/jail.local
| |
− | modified logwatch/conf/logwatch.conf
| |
− | Committed revision 75.
| |
− | Selecting previously deselected package libipc-signal-perl.
| |
− | (Reading database ... 28861 files and directories currently installed.)
| |
− | Unpacking libipc-signal-perl (from .../libipc-signal-perl_1.00-6_all.deb) ...
| |
− | Selecting previously deselected package libmime-types-perl.
| |
− | Unpacking libmime-types-perl (from .../libmime-types-perl_1.28-1_all.deb) ...
| |
− | Selecting previously deselected package libproc-waitstat-perl.
| |
− | Unpacking libproc-waitstat-perl (from .../libproc-waitstat-perl_1.00-4_all.deb) ...
| |
− | Selecting previously deselected package mime-construct.
| |
− | Unpacking mime-construct (from .../mime-construct_1.10_all.deb) ...
| |
− | Selecting previously deselected package logtail.
| |
− | Unpacking logtail (from .../logtail_1.3.7ubuntu2_all.deb) ...
| |
− | Selecting previously deselected package logcheck.
| |
− | Unpacking logcheck (from .../logcheck_1.3.7ubuntu2_all.deb) ...
| |
− | Selecting previously deselected package logcheck-database.
| |
− | Unpacking logcheck-database (from .../logcheck-database_1.3.7ubuntu2_all.deb) ...
| |
− | Selecting previously deselected package syslog-summary.
| |
− | Unpacking syslog-summary (from .../syslog-summary_1.14-1_all.deb) ...
| |
− | Selecting previously deselected package python-magic.
| |
− | Unpacking python-magic (from .../python-magic_5.03-5ubuntu1_amd64.deb) ...
| |
− | Processing triggers for man-db ...
| |
− | Setting up libipc-signal-perl (1.00-6) ...
| |
− | Setting up libmime-types-perl (1.28-1) ...
| |
− | Setting up libproc-waitstat-perl (1.00-4) ...
| |
− | Setting up mime-construct (1.10) ...
| |
− | Setting up logtail (1.3.7ubuntu2) ...
| |
− | Setting up logcheck (1.3.7ubuntu2) ...
| |
− | Adding user logcheck to group adm
| |
− |
| |
− | Setting up logcheck-database (1.3.7ubuntu2) ...
| |
− |
| |
− | Setting up syslog-summary (1.14-1) ...
| |
− | Setting up python-magic (5.03-5ubuntu1) ...
| |
− | Committing to: /etc/
| |
− | modified .etckeeper
| |
− | modified aliases
| |
− | modified aliases.db
| |
− | modified group
| |
− | modified group-
| |
− | modified gshadow
| |
− | modified gshadow-
| |
− | modified passwd
| |
− | modified passwd-
| |
− | modified shadow
| |
− | modified shadow-
| |
− | added syslog-summary
| |
− | added cron.d/logcheck
| |
− | added logcheck/cracking.d
| |
− | added logcheck/cracking.ignore.d
| |
− | added logcheck/header.txt
| |
− | added logcheck/logcheck.conf
| |
− | added logcheck/logcheck.logfiles
| |
− | added logcheck/violations.d
| |
− | added logcheck/violations.ignore.d
| |
− | added logcheck/cracking.d/kernel
| |
− | added logcheck/cracking.d/rlogind
| |
− | added logcheck/cracking.d/rsh
| |
− | added logcheck/cracking.d/smartd
| |
− | added logcheck/cracking.d/tftpd
| |
− | added logcheck/cracking.d/uucico
| |
− | added logcheck/ignore.d.paranoid/bind
| |
− | added logcheck/ignore.d.paranoid/cron
| |
− | added logcheck/ignore.d.paranoid/incron
| |
− | added logcheck/ignore.d.paranoid/logcheck
| |
− | added logcheck/ignore.d.paranoid/postfix
| |
− | added logcheck/ignore.d.paranoid/ppp
| |
− | added logcheck/ignore.d.paranoid/pureftp
| |
− | added logcheck/ignore.d.paranoid/qpopper
| |
− | added logcheck/ignore.d.paranoid/squid
| |
− | added logcheck/ignore.d.paranoid/ssh
| |
− | added logcheck/ignore.d.paranoid/stunnel
| |
− | added logcheck/ignore.d.paranoid/sysklogd
| |
− | added logcheck/ignore.d.paranoid/telnetd
| |
− | added logcheck/ignore.d.paranoid/tripwire
| |
− | added logcheck/ignore.d.paranoid/usb
| |
− | added logcheck/ignore.d.server/acpid
| |
− | added logcheck/ignore.d.server/amandad
| |
− | added logcheck/ignore.d.server/anacron
| |
− | added logcheck/ignore.d.server/anon-proxy
| |
− | added logcheck/ignore.d.server/apache
| |
− | added logcheck/ignore.d.server/apcupsd
| |
− | added logcheck/ignore.d.server/arpwatch
| |
− | added logcheck/ignore.d.server/automount
| |
− | added logcheck/ignore.d.server/bind
| |
− | added logcheck/ignore.d.server/bluez-utils
| |
− | added logcheck/ignore.d.server/courier
| |
− | added logcheck/ignore.d.server/cpqarrayd
| |
− | added logcheck/ignore.d.server/cpufreqd
| |
− | added logcheck/ignore.d.server/cracklib
| |
− | added logcheck/ignore.d.server/cron
| |
− | added logcheck/ignore.d.server/cron-apt
| |
− | added logcheck/ignore.d.server/cups-lpd
| |
− | added logcheck/ignore.d.server/cvs-pserver
| |
− | added logcheck/ignore.d.server/cvsd
| |
− | added logcheck/ignore.d.server/cyrus
| |
− | added logcheck/ignore.d.server/dcc
| |
− | added logcheck/ignore.d.server/ddclient
| |
− | added logcheck/ignore.d.server/dhclient
| |
− | added logcheck/ignore.d.server/dhcp
| |
− | added logcheck/ignore.d.server/dictd
| |
− | added logcheck/ignore.d.server/dkfilter
| |
− | added logcheck/ignore.d.server/dkim-filter
| |
− | added logcheck/ignore.d.server/dnsmasq
| |
− | added logcheck/ignore.d.server/dovecot
| |
− | added logcheck/ignore.d.server/dspam
| |
− | added logcheck/ignore.d.server/epmd
| |
− | added logcheck/ignore.d.server/exim4
| |
− | added logcheck/ignore.d.server/fcron
| |
− | added logcheck/ignore.d.server/ftpd
| |
− | added logcheck/ignore.d.server/gnu-imap4d
| |
− | added logcheck/ignore.d.server/gps
| |
− | added logcheck/ignore.d.server/grinch
| |
− | added logcheck/ignore.d.server/horde3
| |
− | added logcheck/ignore.d.server/hplip
| |
− | added logcheck/ignore.d.server/hylafax
| |
− | added logcheck/ignore.d.server/ikiwiki
| |
− | added logcheck/ignore.d.server/imap
| |
− | added logcheck/ignore.d.server/imapproxy
| |
− | added logcheck/ignore.d.server/imp
| |
− | added logcheck/ignore.d.server/imp4
| |
− | added logcheck/ignore.d.server/innd
| |
− | added logcheck/ignore.d.server/ipppd
| |
− | added logcheck/ignore.d.server/isdnlog
| |
− | added logcheck/ignore.d.server/isdnutils
| |
− | added logcheck/ignore.d.server/jabberd
| |
− | added logcheck/ignore.d.server/kernel
| |
− | added logcheck/ignore.d.server/klogind
| |
− | added logcheck/ignore.d.server/krb5-kdc
| |
− | added logcheck/ignore.d.server/libpam-mount
| |
− | added logcheck/ignore.d.server/logcheck
| |
− | added logcheck/ignore.d.server/login
| |
− | added logcheck/ignore.d.server/maradns
| |
− | added logcheck/ignore.d.server/mldonkey-server
| |
− | added logcheck/ignore.d.server/mon
| |
− | added logcheck/ignore.d.server/mountd
| |
− | added logcheck/ignore.d.server/nagios
| |
− | added logcheck/ignore.d.server/netconsole
| |
− | added logcheck/ignore.d.server/nfs
| |
− | added logcheck/ignore.d.server/nntpcache
| |
− | added logcheck/ignore.d.server/nscd
| |
− | added logcheck/ignore.d.server/nslcd
| |
− | added logcheck/ignore.d.server/openvpn
| |
− | added logcheck/ignore.d.server/otrs
| |
− | added logcheck/ignore.d.server/passwd
| |
− | added logcheck/ignore.d.server/pdns
| |
− | added logcheck/ignore.d.server/perdition
| |
− | added logcheck/ignore.d.server/policyd
| |
− | added logcheck/ignore.d.server/popa3d
| |
− | added logcheck/ignore.d.server/postfix
| |
− | added logcheck/ignore.d.server/postfix-policyd
| |
− | added logcheck/ignore.d.server/ppp
| |
− | added logcheck/ignore.d.server/pptpd
| |
− | added logcheck/ignore.d.server/procmail
| |
− | added logcheck/ignore.d.server/proftpd
| |
− | added logcheck/ignore.d.server/puppetd
| |
− | added logcheck/ignore.d.server/pure-ftpd
| |
− | added logcheck/ignore.d.server/pureftp
| |
− | added logcheck/ignore.d.server/qpopper
| |
− | added logcheck/ignore.d.server/rbldnsd
| |
− | added logcheck/ignore.d.server/rpc_statd
| |
− | added logcheck/ignore.d.server/rsnapshot
| |
− | added logcheck/ignore.d.server/rsync
| |
− | added logcheck/ignore.d.server/sa-exim
| |
− | added logcheck/ignore.d.server/samba
| |
− | added logcheck/ignore.d.server/saned
| |
− | added logcheck/ignore.d.server/sasl2-bin
| |
− | added logcheck/ignore.d.server/saslauthd
| |
− | added logcheck/ignore.d.server/schroot
| |
− | added logcheck/ignore.d.server/scponly
| |
− | added logcheck/ignore.d.server/slapd
| |
− | added logcheck/ignore.d.server/smartd
| |
− | added logcheck/ignore.d.server/smbd_audit
| |
− | added logcheck/ignore.d.server/smokeping
| |
− | added logcheck/ignore.d.server/snmpd
| |
− | added logcheck/ignore.d.server/snort
| |
− | added logcheck/ignore.d.server/spamc
| |
− | added logcheck/ignore.d.server/spamd
| |
− | added logcheck/ignore.d.server/squid
| |
− | added logcheck/ignore.d.server/ssh
| |
− | added logcheck/ignore.d.server/stunnel
| |
− | added logcheck/ignore.d.server/su
| |
− | added logcheck/ignore.d.server/sudo
| |
− | added logcheck/ignore.d.server/sympa
| |
− | added logcheck/ignore.d.server/syslogd
| |
− | added logcheck/ignore.d.server/teapop
| |
− | added logcheck/ignore.d.server/telnetd
| |
− | added logcheck/ignore.d.server/tftpd
| |
− | added logcheck/ignore.d.server/thy
| |
− | added logcheck/ignore.d.server/ucd-snmp
| |
− | added logcheck/ignore.d.server/upsd
| |
− | added logcheck/ignore.d.server/uptimed
| |
− | added logcheck/ignore.d.server/userv
| |
− | added logcheck/ignore.d.server/vsftpd
| |
− | added logcheck/ignore.d.server/watchdog
| |
− | added logcheck/ignore.d.server/webmin
| |
− | added logcheck/ignore.d.server/wu-ftpd
| |
− | added logcheck/ignore.d.server/xinetd
| |
− | added logcheck/ignore.d.workstation/automount
| |
− | added logcheck/ignore.d.workstation/bind
| |
− | added logcheck/ignore.d.workstation/bluetooth-alsa
| |
− | added logcheck/ignore.d.workstation/bluez-utils
| |
− | added logcheck/ignore.d.workstation/bonobo
| |
− | added logcheck/ignore.d.workstation/dhcpcd
| |
− | added logcheck/ignore.d.workstation/francine
| |
− | added logcheck/ignore.d.workstation/gconf
| |
− | added logcheck/ignore.d.workstation/gdm
| |
− | added logcheck/ignore.d.workstation/hald
| |
− | added logcheck/ignore.d.workstation/hcid
| |
− | added logcheck/ignore.d.workstation/ifplugd
| |
− | added logcheck/ignore.d.workstation/ippl
| |
− | added logcheck/ignore.d.workstation/kdm
| |
− | added logcheck/ignore.d.workstation/kernel
| |
− | added logcheck/ignore.d.workstation/libpam-gnome-keyring
| |
− | added logcheck/ignore.d.workstation/logcheck
| |
− | added logcheck/ignore.d.workstation/login
| |
− | added logcheck/ignore.d.workstation/net-acct
| |
− | added logcheck/ignore.d.workstation/nntpcache
| |
− | added logcheck/ignore.d.workstation/polypaudio
| |
− | added logcheck/ignore.d.workstation/postfix
| |
− | added logcheck/ignore.d.workstation/ppp
| |
− | added logcheck/ignore.d.workstation/proftpd
| |
− | added logcheck/ignore.d.workstation/pump
| |
− | added logcheck/ignore.d.workstation/sendfile
| |
− | added logcheck/ignore.d.workstation/squid
| |
− | added logcheck/ignore.d.workstation/udev
| |
− | added logcheck/ignore.d.workstation/wdm
| |
− | added logcheck/ignore.d.workstation/winbind
| |
− | added logcheck/ignore.d.workstation/wpasupplicant
| |
− | added logcheck/ignore.d.workstation/xdm
| |
− | added logcheck/ignore.d.workstation/xlockmore
| |
− | added logcheck/ignore.d.workstation/xscreensaver
| |
− | added logcheck/violations.d/kernel
| |
− | added logcheck/violations.d/logcheck
| |
− | added logcheck/violations.d/smartd
| |
− | added logcheck/violations.d/su
| |
− | added logcheck/violations.d/sudo
| |
− | added logcheck/violations.ignore.d/logcheck-su
| |
− | added logcheck/violations.ignore.d/logcheck-sudo
| |
− | added syslog-summary/ignore.rules
| |
− | Committed revision 76.
| |
− | | |
− | root@hope:~# cd /etc/logcheck/
| |
− | root@hope:/etc/logcheck# vim logcheck.conf
| |
− | root@hope:/etc/logcheck# cat logcheck.conf
| |
− | # The following variable settings are the initial default values,
| |
− | # which can be uncommented and modified to alter logcheck's behaviour
| |
− |
| |
− | # Controls the format of date-/time-stamps in subject lines:
| |
− | # Alternatively, set the format to suit your locale
| |
− |
| |
− | #DATE="$(date +'%Y-%m-%d %H:%M')"
| |
− |
| |
− | # Controls the presence of boilerplate at the top of each message:
| |
− | # Alternatively, set to "0" to disable the introduction.
| |
− | #
| |
− | # If the files /etc/logcheck/header.txt and /etc/logcheck/footer.txt
| |
− | # are present their contents will be read and used as the header and
| |
− | # footer of any generated mails.
| |
− |
| |
− | #INTRO=1
| |
− |
| |
− | # Controls the level of filtering:
| |
− | # Can be Set to "workstation", "server" or "paranoid" for different
| |
− | # levels of filtering. Defaults to server if not set.
| |
− |
| |
− | REPORTLEVEL="server"
| |
− |
| |
− | # Controls the address mail goes to:
| |
− | # *NOTE* the script does not set a default value for this variable!
| |
− | # Should be set to an offsite "emailaddress@some.domain.tld"
| |
− |
| |
− | SENDMAILTO="log@progclub.org"
| |
− |
| |
− | # Send the results as attachment or not.
| |
− | # 0=not as attachment; 1=as attachment
| |
− | # Default is 0
| |
− |
| |
− | MAILASATTACH=0
| |
− |
| |
− | # Should the hostname in the subject of generated mails be fully qualified?
| |
− |
| |
− | FQDN=1
| |
− |
| |
− | # Controls whether "sort -u" is used on log entries (which will
| |
− | # eliminate duplicates but destroy the original ordering); the
| |
− | # default is to use "sort -k 1,3 -s":
| |
− | # Alternatively, set to "1" to enable unique sorting
| |
− |
| |
− | #SORTUNIQ=0
| |
− |
| |
− | # Controls whether /etc/logcheck/cracking.ignore.d is scanned for
| |
− | # exceptions to the rules in /etc/logcheck/cracking.d:
| |
− | # Alternatively, set to "1" to enable cracking.ignore support
| |
− |
| |
− | #SUPPORT_CRACKING_IGNORE=0
| |
− |
| |
− | # Controls the base directory for rules file location
| |
− | # This must be an absolute path
| |
− |
| |
− | #RULEDIR="/etc/logcheck"
| |
− |
| |
− | # Controls if syslog-summary is run over each section.
| |
− | # Alternatively, set to "1" to enable extra summary.
| |
− | # HINT: syslog-summary needs to be installed.
| |
− |
| |
− | SYSLOGSUMMARY=1
| |
− |
| |
− | # Controls Subject: lines on logcheck reports:
| |
− |
| |
− | #ATTACKSUBJECT="Security Alerts"
| |
− | #SECURITYSUBJECT="Security Events"
| |
− | #EVENTSSUBJECT="System Events"
| |
− |
| |
− | # Controls [logcheck] prefix on Subject: lines
| |
− |
| |
− | #ADDTAG="no"
| |
− |
| |
− | # Set a different location for temporary files than /tmp
| |
− | # this is useful if your /tmp is small and you are getting
| |
− | # errors such as:
| |
− | # cp: writing `/tmp/logcheck.y12449/checked': No space left on device
| |
− | # /usr/sbin/logcheck: line 161: cannot create temp file for here document: No space left on device
| |
− | # mail: /tmp/mail.RsXXXXpc2eAx: No space left on device
| |
− | # Null message body; hope that's ok
| |
− | #
| |
− | # If this is happening, likely you will want to change the following to be some other
| |
− | # location, such as /var/tmp
| |
− |
| |
− | TMP="/tmp"
| |
− | | |
− | Then you need to patch syslog-summary to change the python2.5 env to python2:
| |
− | | |
− | root@charity:/# vim /usr/bin/syslog-summary
| |
− | root@charity:/# head /usr/bin/syslog-summary
| |
− | #!/usr/bin/env python2
| |
− | | |
− | = [[User:John|John]] 2012-02-28 12:00 =
| |
− | | |
− | == Configuring new log@progclub mailing list ==
| |
− | | |
− | There's a new emailing list log@progclub where system logs will be delivered (to keep the noise off the admin list). To configure that on hope:
| |
− | | |
− | jj5@hope:~$ sudo -s
| |
− | root@hope:~# cd /etc/fail2ban/
| |
− | root@hope:/etc/fail2ban# vim jail.local
| |
− | root@hope:/etc/fail2ban# grep log@ jail.local
| |
− | destemail = log@progclub.org
| |
− | root@hope:/etc/fail2ban# cd /etc/logwatch/conf/
| |
− | root@hope:/etc/logwatch/conf# vim logwatch.conf
| |
− | root@hope:/etc/logwatch/conf# grep log@ logwatch.conf
| |
− | MailTo = log@progclub.org
| |
− | root@hope:/etc/logwatch/conf# cd /etc/apt/apt.conf.d/
| |
− | root@hope:/etc/apt/apt.conf.d# vim 50unattended-upgrades
| |
− | root@hope:/etc/apt/apt.conf.d# grep log@ 50unattended-upgrades
| |
− | Unattended-Upgrade::Mail "log@progclub.org";
| |
− | root@hope:/etc/apt/apt.conf.d# reboot
| |
− | | |
− | = [[User:John|John]] 2012-02-08 15:34 =
| |
− | | |
− | == Fixing permissions on NFS dns_resolve directory ==
| |
− | | |
− | jj5@hope:~$ sudo -s
| |
− | root@hope:~# cd /var/lib/nfs/rpc_pipefs/cache/
| |
− | root@hope:/var/lib/nfs/rpc_pipefs/cache# ll -d dns_resolve/
| |
− | drw------- 2 root root 0 Feb 7 01:29 dns_resolve//
| |
− | root@hope:/var/lib/nfs/rpc_pipefs/cache# cd ~
| |
− | root@hope:~# vim /etc/rc.local
| |
− | root@hope:~# cat /etc/rc.local
| |
− | #!/bin/sh -e
| |
− | #
| |
− | # rc.local
| |
− | #
| |
− | # This script is executed at the end of each multiuser runlevel.
| |
− | # Make sure that the script will "exit 0" on success or any other
| |
− | # value on error.
| |
− | #
| |
− | # In order to enable or disable this script just change the execution
| |
− | # bits.
| |
− | #
| |
− | # By default this script does nothing.
| |
− |
| |
− | #sleep 5
| |
− | #modprobe nfs
| |
− | #mount /home
| |
− |
| |
− | chmod u+x /var/lib/nfs/rpc_pipefs/cache/dns_resolve
| |
− |
| |
− | exit 0
| |
− | | |
− | The above didn't fix all the issues, retrying like this:
| |
− | | |
− | jj5@hope:~$ sudo vim /etc/rc.local
| |
− | jj5@hope:~$ sudo /etc/rc.local
| |
− | jj5@hope:~$ cat /etc/rc.local
| |
− | #!/bin/sh -e
| |
− | #
| |
− | # rc.local
| |
− | #
| |
− | # This script is executed at the end of each multiuser runlevel.
| |
− | # Make sure that the script will "exit 0" on success or any other
| |
− | # value on error.
| |
− | #
| |
− | # In order to enable or disable this script just change the execution
| |
− | # bits.
| |
− | #
| |
− | # By default this script does nothing.
| |
− |
| |
− | #sleep 5
| |
− | #modprobe nfs
| |
− | #mount /home
| |
− |
| |
− | #chmod u+x /var/lib/nfs/rpc_pipefs/cache/dns_resolve
| |
− | cd /var/lib/nfs/rpc_pipefs
| |
− | if [ "$?" = "0" ]; then
| |
− | find . -type d -exec chmod u+x {} \;
| |
− | fi
| |
− |
| |
− | exit 0
| |
− | | |
− | = [[User:John|John]] 2012-01-31 18:40 =
| |
− | | |
− | == Preparing for Slicehost DataCenter migration ==
| |
− | | |
− | jj5@hope:~$ sudo -s
| |
− | root@hope:~# cd /etc
| |
− | root@hope:/etc# grep -R 172.19 *
| |
− | bind/named.conf.local: masters { 172.19.1.46; };
| |
− | grep: blkid.tab: No such file or directory
| |
− | grep: fonts/conf.d/30-defoma.conf: No such file or directory
| |
− | fstab:172.19.1.45:/home /home nfs4 rw,_netdev,auto 0 0
| |
− | mtab:172.19.1.45:/home /home nfs4 rw,clientaddr=172.19.1.28,addr=172.19.1.45 0 0
| |
− | network/interfaces: address 172.19.1.28
| |
− | grep: nologin: No such file or directory
| |
− | | |
− | root@hope:/etc# vim /etc/bind/named.conf.local
| |
− | root@hope:/etc# cat /etc/bind/named.conf.local
| |
− | //
| |
− | // Do any local configuration here
| |
− | //
| |
− |
| |
− | // Consider adding the 1918 zones here, if they are not used in your
| |
− | // organization
| |
− | //include "/etc/bind/zones.rfc1918";
| |
− |
| |
− | zone "progclub.biz" in {
| |
− | type slave;
| |
− | file "progclub.biz.dns";
| |
− | //masters { 172.19.1.46; };
| |
− | masters { 67.207.129.103; };
| |
− | };
| |
− | | |
− | root@hope:/etc# vim /etc/fstab
| |
− | root@hope:/etc# cat /etc/fstab
| |
− | proc /proc proc defaults 0 0
| |
− | /dev/sda1 / ext3 defaults,errors=remount-ro,noatime 0 1
| |
− | /dev/sda2 none swap sw 0 0
| |
− | 67.207.128.184:/home /home nfs4 rw,_netdev,auto 0 0
| |
− | | |
− | root@hope:/etc# vim /etc/mtab
| |
− | root@hope:/etc# cat /etc/mtab
| |
− | /dev/sda1 / ext3 rw,noatime,errors=remount-ro 0 0
| |
− | proc /proc proc rw 0 0
| |
− | none /proc/sys/fs/binfmt_misc binfmt_misc rw,noexec,nosuid,nodev 0 0
| |
− | none /sys sysfs rw,noexec,nosuid,nodev 0 0
| |
− | udev /dev tmpfs rw,mode=0755 0 0
| |
− | none /dev/pts devpts rw,noexec,nosuid,gid=5,mode=0620 0 0
| |
− | none /dev/shm tmpfs rw,nosuid,nodev 0 0
| |
− | none /var/run tmpfs rw,nosuid,mode=0755 0 0
| |
− | none /var/lock tmpfs rw,noexec,nosuid,nodev 0 0
| |
− | none /lib/init/rw tmpfs rw,nosuid,mode=0755 0 0
| |
− | rpc_pipefs /var/lib/nfs/rpc_pipefs rpc_pipefs rw 0 0
| |
− | 67.207.128.184:/home /home nfs4 rw,clientaddr=67.207.130.204,addr=67.207.128.184 0 0
| |
− | | |
− | = [[User:John|John]] 2012-01-15 03:18 =
| |
− | | |
− | == Allowing DNS traffic through firewall ==
| |
− | | |
− | root@hope:~# vim /etc/iptables.up.rules
| |
− | | |
− | Added:
| |
− | | |
− | # allow DNS traffic
| |
− | -A INPUT -p udp -m udp --dport 53 -j ACCEPT
| |
− | -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
| |
− | | |
− | = [[User:John|John]] 2011-12-10 12:35 =
| |
− | | |
− | == Configuring MySQL server default character set and collation ==
| |
− | | |
− | Per [http://dev.mysql.com/doc/refman/5.0/en/charset-syntax.html these instructions].
| |
− | | |
− | # vim /etc/mysql/my.cnf
| |
− | | |
− | In the [mysqld] section:
| |
− | | |
− | collation_server=utf8_unicode_ci
| |
− | character_set_server=utf8
| |
− | | |
− | = [[User:John|John]] 2011-12-08 14:26 =
| |
− | | |
− | == Installing unattended upgrades ==
| |
− | | |
− | jj5@hope:~$ sudo apt-get install unattended-upgrades bsd-mailx
| |
− | [sudo] password for jj5:
| |
− | Reading package lists... Done
| |
− | Building dependency tree
| |
− | Reading state information... Done
| |
− | The following extra packages will be installed:
| |
− | iso-codes postfix python-apt
| |
− | Suggested packages:
| |
− | isoquery procmail postfix-mysql postfix-pgsql postfix-ldap postfix-pcre
| |
− | sasl2-bin resolvconf postfix-cdb mail-reader ufw python-apt-dbg python-gtk2
| |
− | python-vte python-apt-doc
| |
− | The following NEW packages will be installed:
| |
− | bsd-mailx iso-codes postfix python-apt unattended-upgrades
| |
− | 0 upgraded, 5 newly installed, 0 to remove and 32 not upgraded.
| |
− | Need to get 4416kB of archives.
| |
− | After this operation, 17.3MB of additional disk space will be used.
| |
− | Do you want to continue [Y/n]?
| |
− | Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main iso-codes 3.12.1-1 [2642kB]
| |
− | Get:2 http://archive.ubuntu.com/ubuntu/ lucid-updates/main python-apt 0.7.94.2ubuntu6.4 [187kB]
| |
− | Get:3 http://archive.ubuntu.com/ubuntu/ lucid-updates/main postfix 2.7.0-1ubuntu0.2 [1404kB]
| |
− | Get:4 http://archive.ubuntu.com/ubuntu/ lucid/main bsd-mailx 8.1.2-0.20090911cvs-2ubuntu1 [162kB]
| |
− | Get:5 http://archive.ubuntu.com/ubuntu/ lucid-updates/main unattended-upgrades 0.55ubuntu6 [20.8kB]
| |
− | Fetched 4416kB in 2s (1477kB/s)
| |
− | Committing to: /etc/
| |
− | modified php5/conf.d/mcrypt.ini
| |
− | Committed revision 46.
| |
− | Preconfiguring packages ...
| |
− | Selecting previously deselected package iso-codes.
| |
− | (Reading database ... 25768 files and directories currently installed.)
| |
− | Unpacking iso-codes (from .../iso-codes_3.12.1-1_all.deb) ...
| |
− | Selecting previously deselected package python-apt.
| |
− | Unpacking python-apt (from .../python-apt_0.7.94.2ubuntu6.4_amd64.deb) ...
| |
− | Selecting previously deselected package postfix.
| |
− | Unpacking postfix (from .../postfix_2.7.0-1ubuntu0.2_amd64.deb) ...
| |
− | Selecting previously deselected package bsd-mailx.
| |
− | Unpacking bsd-mailx (from .../bsd-mailx_8.1.2-0.20090911cvs-2ubuntu1_amd64.deb) ...
| |
− | Selecting previously deselected package unattended-upgrades.
| |
− | Unpacking unattended-upgrades (from .../unattended-upgrades_0.55ubuntu6_all.deb) ...
| |
− | Processing triggers for ureadahead ...
| |
− | Processing triggers for man-db ...
| |
− | Setting up iso-codes (3.12.1-1) ...
| |
− | Setting up python-apt (0.7.94.2ubuntu6.4) ...
| |
− |
| |
− | Setting up postfix (2.7.0-1ubuntu0.2) ...
| |
− | Adding group `postfix' (GID 109) ...
| |
− | Done.
| |
− | Adding system user `postfix' (UID 106) ...
| |
− | Adding new user `postfix' (UID 106) with group `postfix' ...
| |
− | Not creating home directory `/var/spool/postfix'.
| |
− | Creating /etc/postfix/dynamicmaps.cf
| |
− | Adding tcp map entry to /etc/postfix/dynamicmaps.cf
| |
− | Adding group `postdrop' (GID 110) ...
| |
− | Done.
| |
− | setting myhostname: hope.progclub.net
| |
− | setting alias maps
| |
− | setting alias database
| |
− | changing /etc/mailname to hope.progclub.net
| |
− | setting myorigin
| |
− | setting destinations: hope.progclub.net, localhost.progclub.net, localhost
| |
− | setting relayhost: mail.progclub.org
| |
− | setting mynetworks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
| |
− | setting mailbox_size_limit: 0
| |
− | setting recipient_delimiter: +
| |
− | setting inet_interfaces: loopback-only
| |
− | /etc/aliases does not exist, creating it.
| |
− | WARNING: /etc/aliases exists, but does not have a root alias.
| |
− |
| |
− | Postfix is now set up with a default configuration. If you need to make
| |
− | changes, edit
| |
− | /etc/postfix/main.cf (and others) as needed. To view Postfix configuration
| |
− | values, see postconf(1).
| |
− |
| |
− | After modifying main.cf, be sure to run '/etc/init.d/postfix reload'.
| |
− |
| |
− | Running newaliases
| |
− | * Stopping Postfix Mail Transport Agent postfix [ OK ]
| |
− | * Starting Postfix Mail Transport Agent postfix [ OK ]
| |
− |
| |
− | Setting up bsd-mailx (8.1.2-0.20090911cvs-2ubuntu1) ...
| |
− | update-alternatives: using /usr/bin/bsd-mailx to provide /usr/bin/mailx (mailx) in auto mode.
| |
− |
| |
− | Processing triggers for python-central ...
| |
− | Setting up unattended-upgrades (0.55ubuntu6) ...
| |
− | update-rc.d: warning: unattended-upgrades start runlevel arguments (none) do not match LSB Default-Start values (0 6)
| |
− | update-rc.d: warning: unattended-upgrades stop runlevel arguments (0 6) do not match LSB Default-Stop values (none)
| |
− |
| |
− | Processing triggers for libc-bin ...
| |
− | ldconfig deferred processing now taking place
| |
− | Committing to: /etc/
| |
− | added aliases
| |
− | added aliases.db
| |
− | modified group
| |
− | modified group-
| |
− | modified gshadow
| |
− | modified gshadow-
| |
− | added mail.rc
| |
− | added mailname
| |
− | modified passwd
| |
− | modified passwd-
| |
− | added pm
| |
− | added postfix
| |
− | added ppp
| |
− | added resolvconf
| |
− | modified shadow
| |
− | modified shadow-
| |
− | added alternatives/Mail
| |
− | added alternatives/Mail.1.gz
| |
− | added alternatives/mail
| |
− | added alternatives/mail.1.gz
| |
− | added alternatives/mailx
| |
− | added alternatives/mailx.1.gz
| |
− | added apt/apt.conf.d/50unattended-upgrades
| |
− | added init.d/postfix
| |
− | added init.d/unattended-upgrades
| |
− | added logrotate.d/unattended-upgrades
| |
− | added network/if-down.d/postfix
| |
− | added network/if-up.d/postfix
| |
− | added pm/sleep.d
| |
− | added pm/sleep.d/10_unattended-upgrades-hibernate
| |
− | added postfix/dynamicmaps.cf
| |
− | added postfix/main.cf
| |
− | added postfix/master.cf
| |
− | added postfix/post-install
| |
− | added postfix/postfix-files
| |
− | added postfix/postfix-script
| |
− | added postfix/sasl
| |
− | added ppp/ip-down.d
| |
− | added ppp/ip-up.d
| |
− | added ppp/ip-down.d/postfix
| |
− | added ppp/ip-up.d/postfix
| |
− | added rc0.d/K20postfix
| |
− | added rc0.d/S10unattended-upgrades
| |
− | added rc1.d/K20postfix
| |
− | added rc2.d/S20postfix
| |
− | added rc3.d/S20postfix
| |
− | added rc4.d/S20postfix
| |
− | added rc5.d/S20postfix
| |
− | added rc6.d/K20postfix
| |
− | added rc6.d/S10unattended-upgrades
| |
− | added resolvconf/update-libc.d
| |
− | added resolvconf/update-libc.d/postfix
| |
− | added rsyslog.d/postfix.conf
| |
− | added ufw/applications.d/postfix
| |
− | Committed revision 47.
| |
− | | |
− | Package configuration
| |
− |
| |
− | ┌────────────────────────┤ Postfix Configuration ├────────────────────────┐
| |
− | │ │
| |
− | │ Please select the mail server configuration type that best meets your
| |
− | │ needs.
| |
− | │ ▒
| |
− | │ No configuration: ▒
| |
− | │ Should be chosen to leave the current configuration unchanged. ▒
| |
− | │ Internet site: ▒
| |
− | │ Mail is sent and received directly using SMTP. ▒
| |
− | │ Internet with smarthost: ▒
| |
− | │ Mail is received directly using SMTP or by running a utility such ▒
| |
− | │ as fetchmail. Outgoing mail is sent using a smarthost. ▒
| |
− | │ Satellite system: ▒
| |
− | │ All mail is sent to another machine, called a 'smarthost', for ▒
| |
− | │ delivery. ▒
| |
− | │ Local only:
| |
− | │ The only delivered mail is the mail for local users. There is no
| |
− | │ network.
| |
− | │
| |
− | │
| |
− | │ <Ok>
| |
− | │ │
| |
− | └─────────────────────────────────────────────────────────────────────────┘
| |
− | | |
− | Package configuration
| |
− |
| |
− |
| |
− |
| |
− |
| |
− | ┌──────┤ Postfix Configuration ├───────┐
| |
− | │ General type of mail configuration: │
| |
− | │ │
| |
− | │ No configuration │
| |
− | │ Internet Site │
| |
− | │ Internet with smarthost │
| |
− | │ * Satellite system │
| |
− | │ Local only │
| |
− | │ │
| |
− | │ │
| |
− | │ <Ok> <Cancel> │
| |
− | │ │
| |
− | └──────────────────────────────────────┘
| |
− | | |
− | Package configuration
| |
− |
| |
− | ┌─────────────────────────┤ Postfix Configuration ├─────────────────────────┐
| |
− | │ The "mail name" is the domain name used to "qualify" _ALL_ mail │
| |
− | │ addresses without a domain name. This includes mail to and from <root>: │
| |
− | │ please do not make your machine send out mail from root@example.org │
| |
− | │ unless root@example.org has told you to. │
| |
− | │ │
| |
− | │ This name will also be used by other programs. It should be the single, │
| |
− | │ fully qualified domain name (FQDN). │
| |
− | │ │
| |
− | │ Thus, if a mail address on the local host is foo@example.org, the │
| |
− | │ correct value for this option would be example.org. │
| |
− | │ │
| |
− | │ System mail name: │
| |
− | │ │
| |
− | │ hope.progclub.net________________________________________________________ │
| |
− | │ │
| |
− | │ <Ok> <Cancel> │
| |
− | │ │
| |
− | └───────────────────────────────────────────────────────────────────────────┘
| |
− | | |
− | Package configuration
| |
− |
| |
− |
| |
− | ┌─────────────────────────┤ Postfix Configuration ├─────────────────────────┐
| |
− | │ Please specify a domain, host, host:port, [address] or [address]:port. │
| |
− | │ Use the form [destination] to turn off MX lookups. Leave this blank for │
| |
− | │ no relay host. │
| |
− | │ │
| |
− | │ Do not specify more than one host. │
| |
− | │ │
| |
− | │ The relayhost parameter specifies the default host to send mail to when │
| |
− | │ no entry is matched in the optional transport(5) table. When no relay │
| |
− | │ host is given, mail is routed directly to the destination. │
| |
− | │ │
| |
− | │ SMTP relay host (blank for none): │
| |
− | │ │
| |
− | │ mail.progclub.org________________________________________________________ │
| |
− | │ │
| |
− | │ <Ok> <Cancel> │
| |
− | │ │
| |
− | └───────────────────────────────────────────────────────────────────────────┘
| |
− | | |
− | jj5@hope:~$ sudo vim /etc/aliases
| |
− | jj5@hope:~$ newaliases
| |
− | postalias: fatal: open /etc/aliases.db: Permission denied
| |
− | jj5@hope:~$ sudo newaliases
| |
− | jj5@hope:~$ cat /etc/aliases
| |
− | # See man 5 aliases for format
| |
− | postmaster: root
| |
− | root: admin
| |
− | | |
− | = [[User:John|John]] 2011-11-30 16:41 =
| |
− | | |
− | == Software installation for Tasaio ==
| |
− | | |
− | # version control software - needed for a lot of bitbucket projects
| |
− | sudo apt-get install mercurial
| |
− | | |
− | # version control
| |
− | # software - my personal choice and needed for anything on github (and
| |
− | # needed for a project I'd like to build for my space in the membernet)
| |
− | sudo apt-get install git-core
| |
− | | |
− | # standard python PIL library
| |
− | # - Ubuntu should just include this by default already.
| |
− | sudo apt-get install python-imaging
| |
− | | |
− | # tools to build python
| |
− | # packages and install things from pypi
| |
− | sudo apt-get install python-setuptools
| |
− | | |
− | # pip is a better version
| |
− | # of easy_install, virtualenv allows for painless isolated python
| |
− | # installations
| |
− | sudo easy_install pip virtualenv
| |
− | | |
− | jj5@hope:~$ install-for-justin
| |
− | [sudo] password for jj5:
| |
− | Reading package lists... Done
| |
− | Building dependency tree
| |
− | Reading state information... Done
| |
− | The following extra packages will be installed:
| |
− | mercurial-common
| |
− | Suggested packages:
| |
− | qct wish kdiff3 tkdiff meld xxdiff python-mysqldb python-pygments
| |
− | python-openssl
| |
− | The following NEW packages will be installed:
| |
− | mercurial mercurial-common
| |
− | 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
| |
− | Need to get 1185kB of archives.
| |
− | After this operation, 4973kB of additional disk space will be used.
| |
− | Do you want to continue [Y/n]?
| |
− | Get:1 http://archive.ubuntu.com/ubuntu/ lucid/universe mercurial-common 1.4.3-1 [1131kB]
| |
− | Get:2 http://archive.ubuntu.com/ubuntu/ lucid/universe mercurial 1.4.3-1 [53.5kB]
| |
− | Fetched 1185kB in 1s (838kB/s)
| |
− | Committing to: /etc/
| |
− | added apache2/mods-enabled/rewrite.load
| |
− | Committed revision 35.
| |
− | Selecting previously deselected package mercurial-common.
| |
− | (Reading database ... 20444 files and directories currently installed.)
| |
− | Unpacking mercurial-common (from .../mercurial-common_1.4.3-1_all.deb) ...
| |
− | Selecting previously deselected package mercurial.
| |
− | Unpacking mercurial (from .../mercurial_1.4.3-1_amd64.deb) ...
| |
− | Processing triggers for man-db ...
| |
− | Setting up mercurial-common (1.4.3-1) ...
| |
− |
| |
− | Setting up mercurial (1.4.3-1) ...
| |
− |
| |
− | Creating config file /etc/mercurial/hgrc.d/hgext.rc with new version
| |
− |
| |
− | Processing triggers for python-support ...
| |
− | Committing to: /etc/
| |
− | added mercurial
| |
− | added bash_completion.d/mercurial
| |
− | added mercurial/hgrc
| |
− | added mercurial/hgrc.d
| |
− | added mercurial/hgrc.d/hgext.rc
| |
− | added mercurial/hgrc.d/mergetools.rc
| |
− | Committed revision 36.
| |
− | Reading package lists... Done
| |
− | Building dependency tree
| |
− | Reading state information... Done
| |
− | The following extra packages will be installed:
| |
− | libdigest-sha1-perl liberror-perl
| |
− | Suggested packages:
| |
− | git-doc git-arch git-cvs git-svn git-email git-daemon-run git-gui gitk
| |
− | gitweb
| |
− | The following NEW packages will be installed:
| |
− | git-core libdigest-sha1-perl liberror-perl
| |
− | 0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
| |
− | Need to get 6193kB of archives.
| |
− | After this operation, 12.9MB of additional disk space will be used.
| |
− | Do you want to continue [Y/n]?
| |
− | Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main liberror-perl 0.17-1 [23.8kB]
| |
− | Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main libdigest-sha1-perl 2.12-1build1 [26.7kB]
| |
− | Get:3 http://archive.ubuntu.com/ubuntu/ lucid-updates/main git-core 1:1.7.0.4-1ubuntu0.2 [6143kB]
| |
− | Fetched 6193kB in 4s (1251kB/s)
| |
− | Selecting previously deselected package liberror-perl.
| |
− | (Reading database ... 20834 files and directories currently installed.)
| |
− | Unpacking liberror-perl (from .../liberror-perl_0.17-1_all.deb) ...
| |
− | Selecting previously deselected package libdigest-sha1-perl.
| |
− | Unpacking libdigest-sha1-perl (from .../libdigest-sha1-perl_2.12-1build1_amd64.deb) ...
| |
− | Selecting previously deselected package git-core.
| |
− | Unpacking git-core (from .../git-core_1%3a1.7.0.4-1ubuntu0.2_amd64.deb) ...
| |
− | Processing triggers for man-db ...
| |
− | Setting up liberror-perl (0.17-1) ...
| |
− | Setting up libdigest-sha1-perl (2.12-1build1) ...
| |
− | Setting up git-core (1:1.7.0.4-1ubuntu0.2) ...
| |
− | Committing to: /etc/
| |
− | added bash_completion.d/git
| |
− | added emacs/site-start.d/50git-core.el
| |
− | Committed revision 37.
| |
− | Reading package lists... Done
| |
− | Building dependency tree
| |
− | Reading state information... Done
| |
− | The following extra packages will be installed:
| |
− | libfreetype6 libjpeg62 liblcms1
| |
− | Suggested packages:
| |
− | liblcms-utils python-imaging-doc python-imaging-dbg
| |
− | The following NEW packages will be installed:
| |
− | libfreetype6 libjpeg62 liblcms1 python-imaging
| |
− | 0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
| |
− | Need to get 963kB of archives.
| |
− | After this operation, 2544kB of additional disk space will be used.
| |
− | Do you want to continue [Y/n]?
| |
− | Err http://archive.ubuntu.com/ubuntu/ lucid-updates/main libfreetype6 2.3.11-1ubuntu2.4
| |
− | 404 Not Found [IP: 91.189.88.45 80]
| |
− | Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libjpeg62 6b-15ubuntu1 [94.5kB]
| |
− | Err http://security.ubuntu.com/ubuntu/ lucid-security/main libfreetype6 2.3.11-1ubuntu2.4
| |
− | 404 Not Found [IP: 91.189.92.166 80]
| |
− | Get:2 http://archive.ubuntu.com/ubuntu/ lucid-updates/main liblcms1 1.18.dfsg-1ubuntu2.10.04.1 [111kB]
| |
− | Get:3 http://archive.ubuntu.com/ubuntu/ lucid-updates/main python-imaging 1.1.7-1ubuntu0.1 [323kB]
| |
− | Fetched 528kB in 1s (471kB/s)
| |
− | Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.4_amd64.deb 404 Not Found [IP: 91.189.92.166 80]
| |
− | E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
| |
− | Reading package lists... Done
| |
− | Building dependency tree
| |
− | Reading state information... Done
| |
− | The following extra packages will be installed:
| |
− | python-pkg-resources
| |
− | Suggested packages:
| |
− | python-distribute python-distribute-doc
| |
− | The following NEW packages will be installed:
| |
− | python-pkg-resources python-setuptools
| |
− | 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
| |
− | Need to get 278kB of archives.
| |
− | After this operation, 1135kB of additional disk space will be used.
| |
− | Do you want to continue [Y/n]?
| |
− | Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main python-pkg-resources 0.6.10-4ubuntu1 [65.0kB]
| |
− | Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main python-setuptools 0.6.10-4ubuntu1 [213kB]
| |
− | Fetched 278kB in 0s (308kB/s)
| |
− | Selecting previously deselected package python-pkg-resources.
| |
− | (Reading database ... 21358 files and directories currently installed.)
| |
− | Unpacking python-pkg-resources (from .../python-pkg-resources_0.6.10-4ubuntu1_all.deb) ...
| |
− | Selecting previously deselected package python-setuptools.
| |
− | Unpacking python-setuptools (from .../python-setuptools_0.6.10-4ubuntu1_all.deb) ...
| |
− | Setting up python-pkg-resources (0.6.10-4ubuntu1) ...
| |
− |
| |
− | Processing triggers for python-central ...
| |
− | Setting up python-setuptools (0.6.10-4ubuntu1) ...
| |
− |
| |
− | Processing triggers for python-central ...
| |
− | Searching for pip
| |
− | Reading http://pypi.python.org/simple/pip/
| |
− | Reading http://pip.openplans.org
| |
− | Reading http://www.pip-installer.org
| |
− | Best match: pip 1.0.2
| |
− | Downloading http://pypi.python.org/packages/source/p/pip/pip-1.0.2.tar.gz#md5=47ec6ff3f6d962696fe08d4c8264ad49
| |
− | Processing pip-1.0.2.tar.gz
| |
− | Running pip-1.0.2/setup.py -q bdist_egg --dist-dir /tmp/easy_install-45O4m6/pip-1.0.2/egg-dist-tmp-5MDsF_
| |
− | warning: no files found matching '*.html' under directory 'docs'
| |
− | warning: no previously-included files matching '*.txt' found under directory 'docs/_build'
| |
− | no previously-included directories found matching 'docs/_build/_sources'
| |
− | Adding pip 1.0.2 to easy-install.pth file
| |
− | Installing pip script to /usr/local/bin
| |
− | Installing pip-2.6 script to /usr/local/bin
| |
− |
| |
− | Installed /usr/local/lib/python2.6/dist-packages/pip-1.0.2-py2.6.egg
| |
− | Processing dependencies for pip
| |
− | Finished processing dependencies for pip
| |
− | Searching for virtualenv
| |
− | Reading http://pypi.python.org/simple/virtualenv/
| |
− | Reading http://virtualenv.openplans.org
| |
− | Reading http://www.virtualenv.org
| |
− | Best match: virtualenv 1.6.4
| |
− | Downloading http://pypi.python.org/packages/source/v/virtualenv/virtualenv-1.6.4.tar.gz#md5=1072b66d53c24e019a8f1304ac9d9fc5
| |
− | Processing virtualenv-1.6.4.tar.gz
| |
− | Running virtualenv-1.6.4/setup.py -q bdist_egg --dist-dir /tmp/easy_install-X543tR/virtualenv-1.6.4/egg-dist-tmp-Ohjo5k
| |
− | warning: no previously-included files matching '*.*' found under directory 'docs/_templates'
| |
− | Adding virtualenv 1.6.4 to easy-install.pth file
| |
− | Installing virtualenv script to /usr/local/bin
| |
− |
| |
− | Installed /usr/local/lib/python2.6/dist-packages/virtualenv-1.6.4-py2.6.egg
| |
− | Processing dependencies for virtualenv
| |
− | Finished processing dependencies for virtualenv
| |
− | | |
− | = [[User:John|John]] 2011-11-30 15:54 =
| |
− | | |
− | == Web-site goes HTTPS ==
| |
− | | |
− | Found [http://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html this article] which suggested the following in /etc/apache2/sites-enabled/progclub.mobi
| |
− | | |
− | RewriteEngine On
| |
− | RewriteCond %{HTTPS} off
| |
− | RewriteRule (.*) https://progclub.mobi%{REQUEST_URI}
| |
− | | |
− | This has two benefits. One is that all web requests will be redirected to the secure site, and the second is that all HTTP requests will be redirected to the canonical domain.
| |
− | | |
− | Also had to run:
| |
− | | |
− | # a2enmod rewrite
| |
− | | |
− | = [[User:John|John]] 2011-11-27 13:42 =
| |
− | | |
− | == Fixing NFSv4 (nfs4) IDMAP issue ==
| |
− | | |
− | See [[Charity_admin#John_2011-11-27_13:37|charity admin]].
| |
− | | |
− | = [[User:John|John]] 2011-09-08 22:19 =
| |
− | | |
− | == Installing lsof ==
| |
− | | |
− | root@hope:~/pcad/example/linuxhowtos# apt-cache search lsof
| |
− | lsof - List open files
| |
− | alsoft-conf - OpenAL-Soft configuration utility
| |
− | icecast-server - MPEG Layer III Streaming Server
| |
− | libapache2-modxslt - XSLT processing module for Apache 2.x based on libxml2
| |
− | libgnutella-gift - giFT plugin for the Gnutella network
| |
− | libxslt-ruby - Ruby interface to libxslt
| |
− | libxslt-ruby1.8 - Ruby interface to libxslt (for Ruby 1.8)
| |
− | nsis - Nullsoft Scriptable Install System (modified for Debian)
| |
− | liblsofui4 - Library for ksysguard based priority scheduling
| |
− | | |
− | root@hope:~/pcad/example/linuxhowtos# apt-get install lsof
| |
− | Reading package lists... Done
| |
− | Building dependency tree
| |
− | Reading state information... Done
| |
− | The following NEW packages will be installed:
| |
− | lsof
| |
− | 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
| |
− | Need to get 284kB of archives.
| |
− | After this operation, 463kB of additional disk space will be used.
| |
− | Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main lsof 4.81.dfsg.1-1build1 [284kB]
| |
− | Fetched 284kB in 0s (299kB/s)
| |
− | Selecting previously deselected package lsof.
| |
− | (Reading database ... 20342 files and directories currently installed.)
| |
− | Unpacking lsof (from .../lsof_4.81.dfsg.1-1build1_amd64.deb) ...
| |
− | Processing triggers for man-db ...
| |
− | Setting up lsof (4.81.dfsg.1-1build1) ...
| |
− | | |
− | = [[User:John|John]] 2011-09-08 22:08 =
| |
− | | |
− | == Installing telnet ==
| |
− | | |
− | jj5@hope:~/pcad/example/linuxhowtos$ sudo apt-get install telnet
| |
− | [sudo] password for jj5:
| |
− | Sorry, try again.
| |
− | [sudo] password for jj5:
| |
− | Reading package lists... Done
| |
− | Building dependency tree
| |
− | Reading state information... Done
| |
− | The following NEW packages will be installed:
| |
− | telnet
| |
− | 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
| |
− | Need to get 72.2kB of archives.
| |
− | After this operation, 209kB of additional disk space will be used.
| |
− | Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main telnet 0.17-36build1 [72.2kB]
| |
− | Fetched 72.2kB in 0s (121kB/s)
| |
− | Selecting previously deselected package telnet.
| |
− | (Reading database ... 20331 files and directories currently installed.)
| |
− | Unpacking telnet (from .../telnet_0.17-36build1_amd64.deb) ...
| |
− | Processing triggers for man-db ...
| |
− | Setting up telnet (0.17-36build1) ...
| |
− | update-alternatives: using /usr/bin/telnet.netkit to provide /usr/bin/telnet (telnet) in auto mode.
| |
− |
| |
− | Committing to: /etc/
| |
− | added alternatives/telnet
| |
− | added alternatives/telnet.1.gz
| |
− | Committed revision 36.
| |
− | | |
− | | |
− | = [[User:John|John]] 2011-09-08 21:47 =
| |
− | | |
− | == Installing gcc ==
| |
− | | |
− | root@hope:~# apt-get install gcc
| |
− | Reading package lists... Done
| |
− | Building dependency tree
| |
− | Reading state information... Done
| |
− | The following extra packages will be installed:
| |
− | binutils gcc-4.4 libc-dev-bin libc6-dev libgomp1 linux-libc-dev manpages-dev
| |
− | Suggested packages:
| |
− | binutils-doc gcc-multilib autoconf automake1.9 libtool flex bison gdb
| |
− | gcc-doc gcc-4.4-multilib libmudflap0-4.4-dev gcc-4.4-doc gcc-4.4-locales
| |
− | libgcc1-dbg libgomp1-dbg libmudflap0-dbg libcloog-ppl0 libppl-c2 libppl7
| |
− | glibc-doc
| |
− | The following NEW packages will be installed:
| |
− | binutils gcc gcc-4.4 libc-dev-bin libc6-dev libgomp1 linux-libc-dev
| |
− | manpages-dev
| |
− | 0 upgraded, 8 newly installed, 0 to remove and 0 not upgraded.
| |
− | Need to get 9883kB of archives.
| |
− | After this operation, 35.3MB of additional disk space will be used.
| |
− | Do you want to continue [Y/n]?
| |
− | Get:1 http://archive.ubuntu.com/ubuntu/ lucid-updates/main binutils 2.20.1-3ubuntu7.1 [1658kB]
| |
− | Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main libgomp1 4.4.3-4ubuntu5 [25.5kB]
| |
− | Get:3 http://archive.ubuntu.com/ubuntu/ lucid/main gcc-4.4 4.4.3-4ubuntu5 [2877kB]
| |
− | Get:4 http://archive.ubuntu.com/ubuntu/ lucid/main gcc 4:4.4.3-1ubuntu1 [5064B]
| |
− | Get:5 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libc-dev-bin 2.11.1-0ubuntu7.8 [224kB]
| |
− | Get:6 http://archive.ubuntu.com/ubuntu/ lucid-updates/main linux-libc-dev 2.6.32-33.72 [841kB]
| |
− | Get:7 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libc6-dev 2.11.1-0ubuntu7.8 [2706kB]
| |
− | Get:8 http://archive.ubuntu.com/ubuntu/ lucid/main manpages-dev 3.23-1 [1547kB]
| |
− | Fetched 9883kB in 49s (202kB/s)
| |
− | Selecting previously deselected package binutils.
| |
− | (Reading database ... 17209 files and directories currently installed.)
| |
− | Unpacking binutils (from .../binutils_2.20.1-3ubuntu7.1_amd64.deb) ...
| |
− | Selecting previously deselected package libgomp1.
| |
− | Unpacking libgomp1 (from .../libgomp1_4.4.3-4ubuntu5_amd64.deb) ...
| |
− | Selecting previously deselected package gcc-4.4.
| |
− | Unpacking gcc-4.4 (from .../gcc-4.4_4.4.3-4ubuntu5_amd64.deb) ...
| |
− | Selecting previously deselected package gcc.
| |
− | Unpacking gcc (from .../gcc_4%3a4.4.3-1ubuntu1_amd64.deb) ...
| |
− | Selecting previously deselected package libc-dev-bin.
| |
− | Unpacking libc-dev-bin (from .../libc-dev-bin_2.11.1-0ubuntu7.8_amd64.deb) ...
| |
− | Selecting previously deselected package linux-libc-dev.
| |
− | Unpacking linux-libc-dev (from .../linux-libc-dev_2.6.32-33.72_amd64.deb) ...
| |
− | Selecting previously deselected package libc6-dev.
| |
− | Unpacking libc6-dev (from .../libc6-dev_2.11.1-0ubuntu7.8_amd64.deb) ...
| |
− | Selecting previously deselected package manpages-dev.
| |
− | Unpacking manpages-dev (from .../manpages-dev_3.23-1_all.deb) ...
| |
− | Processing triggers for man-db ...
| |
− | Setting up binutils (2.20.1-3ubuntu7.1) ...
| |
− |
| |
− | Setting up libgomp1 (4.4.3-4ubuntu5) ...
| |
− |
| |
− | Setting up gcc-4.4 (4.4.3-4ubuntu5) ...
| |
− | Setting up gcc (4:4.4.3-1ubuntu1) ...
| |
− |
| |
− | Setting up libc-dev-bin (2.11.1-0ubuntu7.8) ...
| |
− | Setting up linux-libc-dev (2.6.32-33.72) ...
| |
− | Setting up libc6-dev (2.11.1-0ubuntu7.8) ...
| |
− | Setting up manpages-dev (3.23-1) ...
| |
− | Processing triggers for libc-bin ...
| |
− | ldconfig deferred processing now taking place
| |
− | Committing to: /etc/
| |
− | added alternatives/c89
| |
− | added alternatives/c89.1.gz
| |
− | added alternatives/c99
| |
− | added alternatives/c99.1.gz
| |
− | added alternatives/cc
| |
− | added alternatives/cc.1.gz
| |
− | Committed revision 35.
| |
− | | |
− | | |
− | | |
− | = [[User:John|John]] 2011-09-02 00:00 =
| |
− | | |
− | == Installing pcma ==
| |
− | | |
− | jj5@hope:~# mysql -u root -p
| |
− | Enter password:
| |
− | Welcome to the MySQL monitor. Commands end with ; or \g.
| |
− | Your MySQL connection id is 17222
| |
− | Server version: 5.1.41-3ubuntu12.10 (Ubuntu)
| |
− |
| |
− | Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
| |
− |
| |
− | mysql> create database pcmadb /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;
| |
− | Query OK, 1 row affected (0.00 sec)
| |
− |
| |
− | mysql> grant all privileges on pcmadb.* to pcma@'%' identified by 'secret';
| |
− | Query OK, 0 rows affected (0.16 sec)
| |
− |
| |
− | mysql> quit
| |
− | Bye
| |
− | | |
− | = [[User:John|John]] 2011-08-19 14:41 =
| |
− | | |
− | == Installing fail2ban ==
| |
− | | |
− | jj5@hope:~$ sudo -s
| |
− | [sudo] password for jj5:
| |
− | root@hope:~# apt-get install fail2ban
| |
− | Reading package lists... Done
| |
− | Building dependency tree
| |
− | Reading state information... Done
| |
− | The following extra packages will be installed:
| |
− | whois
| |
− | Suggested packages:
| |
− | python-gamin mailx
| |
− | The following NEW packages will be installed:
| |
− | fail2ban whois
| |
− | 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
| |
− | Need to get 129kB of archives.
| |
− | After this operation, 1032kB of additional disk space will be used.
| |
− | Do you want to continue [Y/n]?
| |
− | Get:1 http://archive.ubuntu.com/ubuntu/ lucid/universe fail2ban 0.8.4-1ubuntu1 [96.0kB]
| |
− | Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main whois 5.0.0ubuntu3 [32.6kB]
| |
− | Fetched 129kB in 0s (182kB/s)
| |
− | Selecting previously deselected package fail2ban.
| |
− | (Reading database ... 17042 files and directories currently installed.)
| |
− | Unpacking fail2ban (from .../fail2ban_0.8.4-1ubuntu1_all.deb) ...
| |
− | Selecting previously deselected package whois.
| |
− | Unpacking whois (from .../whois_5.0.0ubuntu3_amd64.deb) ...
| |
− | Processing triggers for man-db ...
| |
− | Processing triggers for ureadahead ...
| |
− | Setting up fail2ban (0.8.4-1ubuntu1) ...
| |
− |
| |
− | Setting up whois (5.0.0ubuntu3) ...
| |
− | Processing triggers for python-central ...
| |
− | Committing to: /etc/
| |
− | added fail2ban
| |
− | added default/fail2ban
| |
− | added fail2ban/action.d
| |
− | added fail2ban/fail2ban.conf
| |
− | added fail2ban/filter.d
| |
− | added fail2ban/jail.conf
| |
− | added fail2ban/action.d/complain.conf
| |
− | added fail2ban/action.d/dshield.conf
| |
− | added fail2ban/action.d/hostsdeny.conf
| |
− | added fail2ban/action.d/ipfilter.conf
| |
− | added fail2ban/action.d/ipfw.conf
| |
− | added fail2ban/action.d/iptables-allports.conf
| |
− | added fail2ban/action.d/iptables-multiport-log.conf
| |
− | added fail2ban/action.d/iptables-multiport.conf
| |
− | added fail2ban/action.d/iptables-new.conf
| |
− | added fail2ban/action.d/iptables.conf
| |
− | added fail2ban/action.d/mail-buffered.conf
| |
− | added fail2ban/action.d/mail-whois-lines.conf
| |
− | added fail2ban/action.d/mail-whois.conf
| |
− | added fail2ban/action.d/mail.conf
| |
− | added fail2ban/action.d/mynetwatchman.conf
| |
− | added fail2ban/action.d/sendmail-buffered.conf
| |
− | added fail2ban/action.d/sendmail-whois-lines.conf
| |
− | added fail2ban/action.d/sendmail-whois.conf
| |
− | added fail2ban/action.d/sendmail.conf
| |
− | added fail2ban/action.d/shorewall.conf
| |
− | added fail2ban/filter.d/apache-auth.conf
| |
− | added fail2ban/filter.d/apache-badbots.conf
| |
− | added fail2ban/filter.d/apache-nohome.conf
| |
− | added fail2ban/filter.d/apache-noscript.conf
| |
− | added fail2ban/filter.d/apache-overflows.conf
| |
− | added fail2ban/filter.d/common.conf
| |
− | added fail2ban/filter.d/courierlogin.conf
| |
− | added fail2ban/filter.d/couriersmtp.conf
| |
− | added fail2ban/filter.d/cyrus-imap.conf
| |
− | added fail2ban/filter.d/exim.conf
| |
− | added fail2ban/filter.d/gssftpd.conf
| |
− | added fail2ban/filter.d/lighttpd-fastcgi.conf
| |
− | added fail2ban/filter.d/named-refused.conf
| |
− | added fail2ban/filter.d/pam-generic.conf
| |
− | added fail2ban/filter.d/php-url-fopen.conf
| |
− | added fail2ban/filter.d/postfix.conf
| |
− | added fail2ban/filter.d/proftpd.conf
| |
− | added fail2ban/filter.d/pure-ftpd.conf
| |
− | added fail2ban/filter.d/qmail.conf
| |
− | added fail2ban/filter.d/sasl.conf
| |
− | added fail2ban/filter.d/sieve.conf
| |
− | added fail2ban/filter.d/sshd-ddos.conf
| |
− | added fail2ban/filter.d/sshd.conf
| |
− | added fail2ban/filter.d/vsftpd.conf
| |
− | added fail2ban/filter.d/webmin-auth.conf
| |
− | added fail2ban/filter.d/wuftpd.conf
| |
− | added fail2ban/filter.d/xinetd-fail.conf
| |
− | added init.d/fail2ban
| |
− | added logrotate.d/fail2ban
| |
− | added rc0.d/K99fail2ban
| |
− | added rc1.d/K99fail2ban
| |
− | added rc2.d/S99fail2ban
| |
− | added rc3.d/S99fail2ban
| |
− | added rc4.d/S99fail2ban
| |
− | added rc5.d/S99fail2ban
| |
− | added rc6.d/K99fail2ban
| |
− | Committed revision 28.
| |
− | | |
− | | |
− | = [[User:John|John]] 2011-08-15 04:56 =
| |
− | | |
− | == Configuring Apache ==
| |
− | | |
− | Configured to serve content from /home/apache, and members public_html directories.
| |
− | | |
− | = [[User:John|John]] 2011-08-15 04:47 =
| |
− | | |
− | == Installing Apache, MySQL and PHP ==
| |
− | | |
− | jj5@hope:~$ sudo -s
| |
− | [sudo] password for jj5:
| |
− | root@hope:~# apt-get install apache2 mysql-server
| |
− | Reading package lists... Done
| |
− | Building dependency tree
| |
− | Reading state information... Done
| |
− | The following extra packages will be installed:
| |
− | apache2-mpm-worker apache2-utils apache2.2-bin apache2.2-common libapr1
| |
− | libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libdbd-mysql-perl
| |
− | libdbi-perl libexpat1 libhtml-template-perl libmysqlclient16
| |
− | libnet-daemon-perl libplrpc-perl mysql-client-5.1 mysql-client-core-5.1
| |
− | mysql-common mysql-server-5.1 mysql-server-core-5.1 psmisc ssl-cert
| |
− | Suggested packages:
| |
− | www-browser apache2-doc apache2-suexec apache2-suexec-custom ufw dbishell
| |
− | libipc-sharedcache-perl tinyca mailx
| |
− | The following NEW packages will be installed:
| |
− | apache2 apache2-mpm-worker apache2-utils apache2.2-bin apache2.2-common
| |
− | libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap
| |
− | libdbd-mysql-perl libdbi-perl libexpat1 libhtml-template-perl
| |
− | libmysqlclient16 libnet-daemon-perl libplrpc-perl mysql-client-5.1
| |
− | mysql-client-core-5.1 mysql-common mysql-server mysql-server-5.1
| |
− | mysql-server-core-5.1 psmisc ssl-cert
| |
− | 0 upgraded, 24 newly installed, 0 to remove and 0 not upgraded.
| |
− | Need to get 28.0MB of archives.
| |
− | After this operation, 73.2MB of additional disk space will be used.
| |
− | Do you want to continue [Y/n]?
| |
− | | |
− | ...
| |
− | | |
− | Setting up libdbd-mysql-perl (4.012-1ubuntu1) ...
| |
− | Setting up mysql-client-core-5.1 (5.1.41-3ubuntu12) ...
| |
− | Setting up mysql-client-5.1 (5.1.41-3ubuntu12) ...
| |
− | Setting up psmisc (22.10-1) ...
| |
− |
| |
− | Setting up mysql-server-core-5.1 (5.1.41-3ubuntu12) ...
| |
− | Setting up mysql-server-5.1 (5.1.41-3ubuntu12) ...
| |
− | mysql start/running, process 3901
| |
− |
| |
− | Setting up libexpat1 (2.0.1-7ubuntu1) ...
| |
− |
| |
− | Setting up libapr1 (1.3.8-1build1) ...
| |
− |
| |
− | Setting up libaprutil1 (1.3.9+dfsg-3build1) ...
| |
− |
| |
− | Setting up libaprutil1-dbd-sqlite3 (1.3.9+dfsg-3build1) ...
| |
− | Setting up libaprutil1-ldap (1.3.9+dfsg-3build1) ...
| |
− | Setting up apache2.2-bin (2.2.14-5ubuntu8) ...
| |
− | Setting up apache2-utils (2.2.14-5ubuntu8) ...
| |
− | Setting up apache2.2-common (2.2.14-5ubuntu8) ...
| |
− | Enabling site default.
| |
− | Enabling module alias.
| |
− | Enabling module autoindex.
| |
− | Enabling module dir.
| |
− | Enabling module env.
| |
− | Enabling module mime.
| |
− | Enabling module negotiation.
| |
− | Enabling module setenvif.
| |
− | Enabling module status.
| |
− | Enabling module auth_basic.
| |
− | Enabling module deflate.
| |
− | Enabling module authz_default.
| |
− | Enabling module authz_user.
| |
− | Enabling module authz_groupfile.
| |
− | Enabling module authn_file.
| |
− | Enabling module authz_host.
| |
− | Enabling module reqtimeout.
| |
− |
| |
− | Setting up apache2-mpm-worker (2.2.14-5ubuntu8) ...
| |
− | * Starting web server apache2 [ OK ]
| |
− |
| |
− | Setting up apache2 (2.2.14-5ubuntu8) ...
| |
− |
| |
− | Setting up libhtml-template-perl (2.9-1) ...
| |
− | Setting up mysql-server (5.1.41-3ubuntu12) ...
| |
− | Setting up ssl-cert (1.0.23ubuntu2) ...
| |
− |
| |
− | Processing triggers for libc-bin ...
| |
− | ldconfig deferred processing now taking place
| |
− | Committing to: /etc/
| |
− | modified .etckeeper
| |
− | added apache2
| |
− | modified group
| |
− | modified group-
| |
− | modified gshadow
| |
− | modified gshadow-
| |
− | added mysql
| |
− | modified passwd
| |
− | modified passwd-
| |
− | modified shadow
| |
− | modified shadow-
| |
− | added apache2/apache2.conf
| |
− | added apache2/conf.d
| |
− | added apache2/envvars
| |
− | added apache2/httpd.conf
| |
− | added apache2/magic
| |
− | added apache2/mods-available
| |
− | added apache2/mods-enabled
| |
− | added apache2/ports.conf
| |
− | added apache2/sites-available
| |
− | added apache2/sites-enabled
| |
− | added apache2/conf.d/charset
| |
− | added apache2/conf.d/localized-error-pages
| |
− | added apache2/conf.d/security
| |
− | added apache2/mods-available/actions.conf
| |
− | added apache2/mods-available/actions.load
| |
− | added apache2/mods-available/alias.conf
| |
− | added apache2/mods-available/alias.load
| |
− | added apache2/mods-available/asis.load
| |
− | added apache2/mods-available/auth_basic.load
| |
− | added apache2/mods-available/auth_digest.load
| |
− | added apache2/mods-available/authn_alias.load
| |
− | added apache2/mods-available/authn_anon.load
| |
− | added apache2/mods-available/authn_dbd.load
| |
− | added apache2/mods-available/authn_dbm.load
| |
− | added apache2/mods-available/authn_default.load
| |
− | added apache2/mods-available/authn_file.load
| |
− | added apache2/mods-available/authnz_ldap.load
| |
− | added apache2/mods-available/authz_dbm.load
| |
− | added apache2/mods-available/authz_default.load
| |
− | added apache2/mods-available/authz_groupfile.load
| |
− | added apache2/mods-available/authz_host.load
| |
− | added apache2/mods-available/authz_owner.load
| |
− | added apache2/mods-available/authz_user.load
| |
− | added apache2/mods-available/autoindex.conf
| |
− | added apache2/mods-available/autoindex.load
| |
− | added apache2/mods-available/cache.load
| |
− | added apache2/mods-available/cern_meta.load
| |
− | added apache2/mods-available/cgi.load
| |
− | added apache2/mods-available/cgid.conf
| |
− | added apache2/mods-available/cgid.load
| |
− | added apache2/mods-available/charset_lite.load
| |
− | added apache2/mods-available/dav.load
| |
− | added apache2/mods-available/dav_fs.conf
| |
− | added apache2/mods-available/dav_fs.load
| |
− | added apache2/mods-available/dav_lock.load
| |
− | added apache2/mods-available/dbd.load
| |
− | added apache2/mods-available/deflate.conf
| |
− | added apache2/mods-available/deflate.load
| |
− | added apache2/mods-available/dir.conf
| |
− | added apache2/mods-available/dir.load
| |
− | added apache2/mods-available/disk_cache.conf
| |
− | added apache2/mods-available/disk_cache.load
| |
− | added apache2/mods-available/dump_io.load
| |
− | added apache2/mods-available/env.load
| |
− | added apache2/mods-available/expires.load
| |
− | added apache2/mods-available/ext_filter.load
| |
− | added apache2/mods-available/file_cache.load
| |
− | added apache2/mods-available/filter.load
| |
− | added apache2/mods-available/headers.load
| |
− | added apache2/mods-available/ident.load
| |
− | added apache2/mods-available/imagemap.load
| |
− | added apache2/mods-available/include.load
| |
− | added apache2/mods-available/info.conf
| |
− | added apache2/mods-available/info.load
| |
− | added apache2/mods-available/ldap.load
| |
− | added apache2/mods-available/log_forensic.load
| |
− | added apache2/mods-available/mem_cache.conf
| |
− | added apache2/mods-available/mem_cache.load
| |
− | added apache2/mods-available/mime.conf
| |
− | added apache2/mods-available/mime.load
| |
− | added apache2/mods-available/mime_magic.conf
| |
− | added apache2/mods-available/mime_magic.load
| |
− | added apache2/mods-available/negotiation.conf
| |
− | added apache2/mods-available/negotiation.load
| |
− | added apache2/mods-available/proxy.conf
| |
− | added apache2/mods-available/proxy.load
| |
− | added apache2/mods-available/proxy_ajp.load
| |
− | added apache2/mods-available/proxy_balancer.load
| |
− | added apache2/mods-available/proxy_connect.load
| |
− | added apache2/mods-available/proxy_ftp.load
| |
− | added apache2/mods-available/proxy_http.load
| |
− | added apache2/mods-available/proxy_scgi.load
| |
− | added apache2/mods-available/reqtimeout.conf
| |
− | added apache2/mods-available/reqtimeout.load
| |
− | added apache2/mods-available/rewrite.load
| |
− | added apache2/mods-available/setenvif.conf
| |
− | added apache2/mods-available/setenvif.load
| |
− | added apache2/mods-available/speling.load
| |
− | added apache2/mods-available/ssl.conf
| |
− | added apache2/mods-available/ssl.load
| |
− | added apache2/mods-available/status.conf
| |
− | added apache2/mods-available/status.load
| |
− | added apache2/mods-available/substitute.load
| |
− | added apache2/mods-available/suexec.load
| |
− | added apache2/mods-available/unique_id.load
| |
− | added apache2/mods-available/userdir.conf
| |
− | added apache2/mods-available/userdir.load
| |
− | added apache2/mods-available/usertrack.load
| |
− | added apache2/mods-available/version.load
| |
− | added apache2/mods-available/vhost_alias.load
| |
− | added apache2/mods-enabled/alias.conf
| |
− | added apache2/mods-enabled/alias.load
| |
− | added apache2/mods-enabled/auth_basic.load
| |
− | added apache2/mods-enabled/authn_file.load
| |
− | added apache2/mods-enabled/authz_default.load
| |
− | added apache2/mods-enabled/authz_groupfile.load
| |
− | added apache2/mods-enabled/authz_host.load
| |
− | added apache2/mods-enabled/authz_user.load
| |
− | added apache2/mods-enabled/autoindex.conf
| |
− | added apache2/mods-enabled/autoindex.load
| |
− | added apache2/mods-enabled/cgid.conf
| |
− | added apache2/mods-enabled/cgid.load
| |
− | added apache2/mods-enabled/deflate.conf
| |
− | added apache2/mods-enabled/deflate.load
| |
− | added apache2/mods-enabled/dir.conf
| |
− | added apache2/mods-enabled/dir.load
| |
− | added apache2/mods-enabled/env.load
| |
− | added apache2/mods-enabled/mime.conf
| |
− | added apache2/mods-enabled/mime.load
| |
− | added apache2/mods-enabled/negotiation.conf
| |
− | added apache2/mods-enabled/negotiation.load
| |
− | added apache2/mods-enabled/reqtimeout.conf
| |
− | added apache2/mods-enabled/reqtimeout.load
| |
− | added apache2/mods-enabled/setenvif.conf
| |
− | added apache2/mods-enabled/setenvif.load
| |
− | added apache2/mods-enabled/status.conf
| |
− | added apache2/mods-enabled/status.load
| |
− | added apache2/sites-available/default
| |
− | added apache2/sites-available/default-ssl
| |
− | added apache2/sites-enabled/000-default
| |
− | added apparmor.d/usr.sbin.mysqld
| |
− | added bash_completion.d/apache2.2-common
| |
− | added cron.daily/apache2
| |
− | added default/apache2
| |
− | added init/mysql.conf
| |
− | added init.d/apache2
| |
− | added init.d/mysql
| |
− | added logcheck/ignore.d.paranoid
| |
− | added logcheck/ignore.d.workstation
| |
− | added logcheck/ignore.d.paranoid/mysql-server-5_1
| |
− | added logcheck/ignore.d.server/mysql-server-5_1
| |
− | added logcheck/ignore.d.workstation/mysql-server-5_1
| |
− | added logrotate.d/apache2
| |
− | added logrotate.d/mysql-server
| |
− | added mysql/conf.d
| |
− | added mysql/debian-start
| |
− | added mysql/debian.cnf
| |
− | added mysql/my.cnf
| |
− | added mysql/conf.d/mysqld_safe_syslog.cnf
| |
− | added rc0.d/K09apache2
| |
− | added rc1.d/K09apache2
| |
− | added rc2.d/S91apache2
| |
− | added rc3.d/S91apache2
| |
− | added rc4.d/S91apache2
| |
− | added rc5.d/S91apache2
| |
− | added rc6.d/K09apache2
| |
− | added ssl/certs/a186bf0f
| |
− | added ssl/certs/ssl-cert-snakeoil.pem
| |
− | added ssl/private/ssl-cert-snakeoil.key
| |
− | added ufw/applications.d/apache2.2-common
| |
− | Committed revision 25.
| |
− | | |
− | root@hope:~# apt-get install php5
| |
− | Reading package lists... Done
| |
− | Building dependency tree
| |
− | Reading state information... Done
| |
− | The following extra packages will be installed:
| |
− | apache2-mpm-prefork libapache2-mod-php5 php5-common
| |
− | Suggested packages:
| |
− | php-pear php5-suhosin
| |
− | The following packages will be REMOVED:
| |
− | apache2-mpm-worker
| |
− | The following NEW packages will be installed:
| |
− | apache2-mpm-prefork libapache2-mod-php5 php5 php5-common
| |
− | 0 upgraded, 4 newly installed, 1 to remove and 0 not upgraded.
| |
− | Need to get 3535kB of archives.
| |
− | After this operation, 9544kB of additional disk space will be used.
| |
− | Do you want to continue [Y/n]?
| |
− | Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main apache2-mpm-prefork 2.2.14-5ubuntu8 [2418B]
| |
− | Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main php5-common 5.3.2-1ubuntu4 [546kB]
| |
− | Get:3 http://archive.ubuntu.com/ubuntu/ lucid/main libapache2-mod-php5 5.3.2-1ubuntu4 [2985kB]
| |
− | Get:4 http://archive.ubuntu.com/ubuntu/ lucid/main php5 5.3.2-1ubuntu4 [1110B]
| |
− | Fetched 3535kB in 2s (1763kB/s)
| |
− | dpkg: apache2-mpm-worker: dependency problems, but removing anyway as you requested:
| |
− | apache2 depends on apache2-mpm-worker (= 2.2.14-5ubuntu8) | apache2-mpm-prefork (= 2.2.14-5ubuntu8) | apache2- mpm-event (= 2.2.14-5ubuntu8) | apache2-mpm-itk (= 2.2.14-5ubuntu8); however:
| |
− | Package apache2-mpm-worker is to be removed.
| |
− | Package apache2-mpm-prefork is not installed.
| |
− | Package apache2-mpm-event is not installed.
| |
− | Package apache2-mpm-itk is not installed.
| |
− | (Reading database ... 16997 files and directories currently installed.)
| |
− | Removing apache2-mpm-worker ...
| |
− | * Stopping web server apache2
| |
− | ... waiting . [ OK ]
| |
− | Selecting previously deselected package apache2-mpm-prefork.
| |
− | (Reading database ... 16989 files and directories currently installed.)
| |
− | Unpacking apache2-mpm-prefork (from .../apache2-mpm-prefork_2.2.14-5ubuntu8_amd64.deb) ...
| |
− | Selecting previously deselected package php5-common.
| |
− | Unpacking php5-common (from .../php5-common_5.3.2-1ubuntu4_amd64.deb) ...
| |
− | Selecting previously deselected package libapache2-mod-php5.
| |
− | Unpacking libapache2-mod-php5 (from .../libapache2-mod-php5_5.3.2-1ubuntu4_amd64.deb) ...
| |
− | Selecting previously deselected package php5.
| |
− | Unpacking php5 (from .../php5_5.3.2-1ubuntu4_all.deb) ...
| |
− | Setting up apache2-mpm-prefork (2.2.14-5ubuntu8) ...
| |
− | * Starting web server apache2 [ OK ]
| |
− |
| |
− | Setting up php5-common (5.3.2-1ubuntu4) ...
| |
− | Setting up libapache2-mod-php5 (5.3.2-1ubuntu4) ...
| |
− |
| |
− | Creating config file /etc/php5/apache2/php.ini with new version
| |
− | * Reloading web server config apache2 [ OK ]
| |
− |
| |
− | Setting up php5 (5.3.2-1ubuntu4) ...
| |
− | Committing to: /etc/
| |
− | added php5
| |
− | added apache2/mods-available/php5.conf
| |
− | added apache2/mods-available/php5.load
| |
− | added apache2/mods-enabled/cgi.load
| |
− | missing apache2/mods-enabled/cgid.conf
| |
− | modified apache2/mods-enabled/cgid.conf
| |
− | missing apache2/mods-enabled/cgid.load
| |
− | modified apache2/mods-enabled/cgid.load
| |
− | added apache2/mods-enabled/php5.conf
| |
− | added apache2/mods-enabled/php5.load
| |
− | added cron.d/php5
| |
− | added php5/apache2
| |
− | added php5/conf.d
| |
− | added php5/apache2/conf.d
| |
− | added php5/apache2/php.ini
| |
− | added php5/conf.d/pdo.ini
| |
− | Committed revision 26.
| |
− | | |
− | = [[User:John|John]] 2011-08-15 01:32 =
| |
− | | |
− | == Configuring NFS client ==
| |
− | | |
− | Per [https://help.ubuntu.com/community/NFSv4Howto these instructions].
| |
− | | |
− | root@hope:/# apt-get install nfs-common
| |
− | Reading package lists... Done
| |
− | Building dependency tree
| |
− | Reading state information... Done
| |
− | The following extra packages will be installed:
| |
− | libevent-1.4-2 libgssglue1 libnfsidmap2 librpcsecgss3 portmap
| |
− | The following NEW packages will be installed:
| |
− | libevent-1.4-2 libgssglue1 libnfsidmap2 librpcsecgss3 nfs-common portmap
| |
− | 0 upgraded, 6 newly installed, 0 to remove and 0 not upgraded.
| |
− | Need to get 421kB of archives.
| |
− | After this operation, 1364kB of additional disk space will be used.
| |
− | Do you want to continue [Y/n]?
| |
− | Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libevent-1.4-2 1.4.13-stable-1 [61.4kB]
| |
− | Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main libgssglue1 0.1-4 [24.4kB]
| |
− | Get:3 http://archive.ubuntu.com/ubuntu/ lucid/main libnfsidmap2 0.23-2 [32.1kB]
| |
− | Get:4 http://archive.ubuntu.com/ubuntu/ lucid/main librpcsecgss3 0.19-2 [36.3kB]
| |
− | Get:5 http://archive.ubuntu.com/ubuntu/ lucid/main portmap 6.0.0-1ubuntu2 [38.2kB]
| |
− | Get:6 http://archive.ubuntu.com/ubuntu/ lucid/main nfs-common 1:1.2.0-4ubuntu4 [228kB]
| |
− | Fetched 421kB in 1s (386kB/s)
| |
− | Preconfiguring packages ...
| |
− | Selecting previously deselected package libevent-1.4-2.
| |
− | (Reading database ... 15829 files and directories currently installed.)
| |
− | Unpacking libevent-1.4-2 (from .../libevent-1.4-2_1.4.13-stable-1_amd64.deb) ...
| |
− | Selecting previously deselected package libgssglue1.
| |
− | Unpacking libgssglue1 (from .../libgssglue1_0.1-4_amd64.deb) ...
| |
− | Selecting previously deselected package libnfsidmap2.
| |
− | Unpacking libnfsidmap2 (from .../libnfsidmap2_0.23-2_amd64.deb) ...
| |
− | Selecting previously deselected package librpcsecgss3.
| |
− | Unpacking librpcsecgss3 (from .../librpcsecgss3_0.19-2_amd64.deb) ...
| |
− | Selecting previously deselected package portmap.
| |
− | Unpacking portmap (from .../portmap_6.0.0-1ubuntu2_amd64.deb) ...
| |
− | Selecting previously deselected package nfs-common.
| |
− | Unpacking nfs-common (from .../nfs-common_1%3a1.2.0-4ubuntu4_amd64.deb) ...
| |
− | Processing triggers for man-db ...
| |
− | Processing triggers for ureadahead ...
| |
− | Setting up libevent-1.4-2 (1.4.13-stable-1) ...
| |
− |
| |
− | Setting up libgssglue1 (0.1-4) ...
| |
− |
| |
− | Setting up libnfsidmap2 (0.23-2) ...
| |
− |
| |
− | Setting up librpcsecgss3 (0.19-2) ...
| |
− |
| |
− | Setting up portmap (6.0.0-1ubuntu2) ...
| |
− | portmap start/running, process 2830
| |
− |
| |
− | Setting up nfs-common (1:1.2.0-4ubuntu4) ...
| |
− |
| |
− | Creating config file /etc/idmapd.conf with new version
| |
− |
| |
− | Creating config file /etc/default/nfs-common with new version
| |
− | Adding system user `statd' (UID 104) ...
| |
− | Adding new user `statd' (UID 104) with group `nogroup' ...
| |
− | Not creating home directory `/var/lib/nfs'.
| |
− | statd start/running, process 3046
| |
− | gssd stop/pre-start, process 3071
| |
− | idmapd stop/pre-start, process 3099
| |
− |
| |
− | Processing triggers for libc-bin ...
| |
− | ldconfig deferred processing now taking place
| |
− | Committing to: /etc/
| |
− | added gssapi_mech.conf
| |
− | added idmapd.conf
| |
− | modified passwd
| |
− | modified passwd-
| |
− | modified shadow
| |
− | modified shadow-
| |
− | added default/nfs-common
| |
− | added default/portmap
| |
− | added init/gssd.conf
| |
− | added init/idmapd.conf
| |
− | added init/portmap.conf
| |
− | added init/rpc_pipefs.conf
| |
− | added init/statd.conf
| |
− | added init.d/gssd
| |
− | added init.d/idmapd
| |
− | added init.d/portmap
| |
− | added init.d/rpc_pipefs
| |
− | added init.d/statd
| |
− | Committed revision 23.
| |
− | | |
− | jj5@hope:/home$ cat /etc/fstab
| |
− | proc /proc proc defaults 0 0
| |
− | /dev/sda1 / ext3 defaults,errors=remount-ro,noatime 0 1
| |
− | /dev/sda2 none swap sw 0 0
| |
− | 172.19.1.45:/home /home nfs4 rw,_netdev,auto 0 0
| |
− | | |
− | root@hope:~# cat /etc/modules
| |
− | # /etc/modules: kernel modules to load at boot time.
| |
− | #
| |
− | # This file contains the names of kernel modules that should be loaded
| |
− | # at boot time, one per line. Lines beginning with "#" are ignored.
| |
− | nfs
| |
− | | |
− | jj5@hope:/home$ cat /etc/rc.local
| |
− | #!/bin/sh -e
| |
− | #
| |
− | # rc.local
| |
− | #
| |
− | # This script is executed at the end of each multiuser runlevel.
| |
− | # Make sure that the script will "exit 0" on success or any other
| |
− | # value on error.
| |
− | #
| |
− | # In order to enable or disable this script just change the execution
| |
− | # bits.
| |
− | #
| |
− | # By default this script does nothing.
| |
− |
| |
− | #sleep 5
| |
− | #modprobe nfs
| |
− | #mount /home
| |
− |
| |
− | exit 0
| |
− | | |
− | root@hope:~# vim /etc/default/nfs-common
| |
− | root@hope:~# cat /etc/default/nfs-common
| |
− | # If you do not set values for the NEED_ options, they will be attempted
| |
− | # autodetected; this should be sufficient for most people. Valid alternatives
| |
− | # for the NEED_ options are "yes" and "no".
| |
− |
| |
− | # Do you want to start the statd daemon? It is not needed for NFSv4.
| |
− | NEED_STATD=
| |
− |
| |
− | # Options for rpc.statd.
| |
− | # Should rpc.statd listen on a specific port? This is especially useful
| |
− | # when you have a port-based firewall. To use a fixed port, set this
| |
− | # this variable to a statd argument like: "--port 4000 --outgoing-port 4001".
| |
− | # For more information, see rpc.statd(8) or http://wiki.debian.org/?SecuringNFS
| |
− | STATDOPTS=
| |
− |
| |
− | # Do you want to start the idmapd daemon? It is only needed for NFSv4.
| |
− | NEED_IDMAPD=yes
| |
− |
| |
− | # Do you want to start the gssd daemon? It is required for Kerberos mounts.
| |
− | NEED_GSSD=
| |
− | | |
− | = [[User:John|John]] 2011-08-15 01:07 =
| |
− | | |
− | == Installing sshfs ==
| |
− | | |
− | Per [http://www.saltycrane.com/blog/2010/04/notes-sshfs-ubuntu/ these notes].
| |
− | | |
− | jj5@hope:~$ sudo -s
| |
− | [sudo] password for jj5:
| |
− | root@hope:~# apt-get install sshfs
| |
− | Reading package lists... Done
| |
− | Building dependency tree
| |
− | Reading state information... Done
| |
− | The following extra packages will be installed:
| |
− | fuse-utils libfuse2
| |
− | The following NEW packages will be installed:
| |
− | fuse-utils libfuse2 sshfs
| |
− | 0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
| |
− | Need to get 214kB of archives.
| |
− | After this operation, 725kB of additional disk space will be used.
| |
− | Do you want to continue [Y/n]?
| |
− | Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libfuse2 2.8.1-1.1ubuntu2 [146kB]
| |
− | Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main fuse-utils 2.8.1-1.1ubuntu2 [23.7kB]
| |
− | Get:3 http://archive.ubuntu.com/ubuntu/ lucid/main sshfs 2.2-1build1 [43.7kB]
| |
− | Fetched 214kB in 0s (260kB/s)
| |
− | Committing to: /etc/
| |
− | modified pam.d/common-password
| |
− | Committed revision 21.
| |
− | Selecting previously deselected package libfuse2.
| |
− | (Reading database ... 15788 files and directories currently installed.)
| |
− | Unpacking libfuse2 (from .../libfuse2_2.8.1-1.1ubuntu2_amd64.deb) ...
| |
− | Selecting previously deselected package fuse-utils.
| |
− | Unpacking fuse-utils (from .../fuse-utils_2.8.1-1.1ubuntu2_amd64.deb) ...
| |
− | Selecting previously deselected package sshfs.
| |
− | Unpacking sshfs (from .../sshfs_2.2-1build1_amd64.deb) ...
| |
− | Processing triggers for man-db ...
| |
− | Setting up libfuse2 (2.8.1-1.1ubuntu2) ...
| |
− |
| |
− | Setting up fuse-utils (2.8.1-1.1ubuntu2) ...
| |
− | creating fuse group...
| |
− | Adding group `fuse' (GID 106) ...
| |
− | Done.
| |
− | udev active, skipping device node creation.
| |
− | update-initramfs: deferring update (trigger activated)
| |
− |
| |
− | Setting up sshfs (2.2-1build1) ...
| |
− | Processing triggers for libc-bin ...
| |
− | ldconfig deferred processing now taking place
| |
− | Processing triggers for initramfs-tools ...
| |
− | Committing to: /etc/
| |
− | modified .etckeeper
| |
− | added fuse.conf
| |
− | modified group
| |
− | modified group-
| |
− | modified gshadow
| |
− | modified gshadow-
| |
− | Committed revision 22.
| |
− | | |
− | = [[User:John|John]] 2011-08-14 22:42 =
| |
− | | |
− | == Fixing passwd update problem ==
| |
− | | |
− | Was receiving the following error when running passwd:
| |
− | | |
− | Current Kerberos password:
| |
− | passwd: Authentication token manipulation error
| |
− | passwd: password unchanged
| |
− | | |
− | The same problem as [https://lists.ubuntu.com/archives/universe-bugs/2009-February/055905.html reported here]. To fix I changed /etc/pam.d/common-password from from:
| |
− | | |
− | password requisite pam_krb5.so minimum_uid=1000
| |
− | password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512
| |
− | password requisite pam_deny.so
| |
− | password required pam_permit.so
| |
− | | |
− | to:
| |
− | | |
− | password sufficient pam_krb5.so minimum_uid=1000
| |
− | password required pam_unix.so obscure try_first_pass sha512
| |
− | | |
− | = [[User:John|John]] 2011-08-14 17:23 =
| |
− | | |
− | == Configuring Kerberos client ==
| |
− | | |
− | Per [https://help.ubuntu.com/community/SingleSignOn#Client%20Configuration these instructions].
| |
− | | |
− | jj5@hope:~$ sudo -s
| |
− | [sudo] password for jj5:
| |
− | root@hope:~# apt-get install krb5-user krb5-config libpam-krb5
| |
− | Reading package lists... Done
| |
− | Building dependency tree
| |
− | Reading state information... Done
| |
− | krb5-user is already the newest version.
| |
− | krb5-config is already the newest version.
| |
− | krb5-config set to manually installed.
| |
− | The following NEW packages will be installed:
| |
− | libpam-krb5
| |
− | 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
| |
− | Need to get 73.8kB of archives.
| |
− | After this operation, 193kB of additional disk space will be used.
| |
− | Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libpam-krb5 4.2-1 [73.8kB]
| |
− | Fetched 73.8kB in 0s (107kB/s)
| |
− | Selecting previously deselected package libpam-krb5.
| |
− | (Reading database ... 15717 files and directories currently installed.)
| |
− | Unpacking libpam-krb5 (from .../libpam-krb5_4.2-1_amd64.deb) ...
| |
− | Processing triggers for man-db ...
| |
− | Setting up libpam-krb5 (4.2-1) ...
| |
− |
| |
− | Committing to: /etc/
| |
− | modified pam.d/common-account
| |
− | modified pam.d/common-auth
| |
− | modified pam.d/common-password
| |
− | modified pam.d/common-session
| |
− | modified pam.d/common-session-noninteractive
| |
− | Committed revision 16.
| |
− | | |
− | root@hope:~# hostname -f
| |
− | hope
| |
− | root@hope:~# vim /etc/hosts
| |
− | root@hope:~# cat /etc/hosts
| |
− | 127.0.0.1 localhost localhost.localdomain
| |
− | 67.207.130.204 hope.progclub.net hope
| |
− | root@hope:~# hostname -f
| |
− | hope.progclub.net
| |
− | | |
− | root@hope:~# kadmin
| |
− | Authenticating as principal root/admin@PROGCLUB.ORG with password.
| |
− | kadmin: Client not found in Kerberos database while initializing kadmin interface
| |
− | root@hope:~# kadmin -u jj5/admin
| |
− | kadmin: invalid option -- 'u'
| |
− | Usage: kadmin [-r realm] [-p principal] [-q query] [clnt|local args]
| |
− | clnt args: [-s admin_server[:port]] [[-c ccache]|[-k [-t keytab]]]|[-n]
| |
− | local args: [-x db_args]* [-d dbname] [-e "enc:salt ..."] [-m]
| |
− | where,
| |
− | [-x db_args]* - any number of database specific arguments.
| |
− | Look at each database documentation for supported arguments
| |
− | root@hope:~# kadmin -p jj5/admin
| |
− | Authenticating as principal jj5/admin with password.
| |
− | Password for jj5/admin@PROGCLUB.ORG:
| |
− | kadmin: addprinc -randkey host/hope.progclub.net@PROGCLUB.ORG
| |
− | WARNING: no policy specified for host/hope.progclub.net@PROGCLUB.ORG; defaulting to no policy
| |
− | add_principal: Principal or policy already exists while creating "host/hope.progclub.net@PROGCLUB.ORG".
| |
− | kadmin: ktadd -k ~/hope.keytab host/hope.progclub.net@PROGCLUB.ORG
| |
− | kadmin: No such file or directory while adding key to keytab
| |
− | kadmin: quit
| |
− | root@hope:~# ls
| |
− | ipsec-tools.conf
| |
− | | |
− | root@hope:~# kadmin -p jj5/admin
| |
− | kadmin: ktadd ~/hope.keytab host/hope.progclub.net@PROGCLUB.ORG
| |
− | kadmin: Principal ~/hope.keytab does not exist.
| |
− | Entry for principal host/hope.progclub.net@PROGCLUB.ORG with kvno 4, encryption type AES-256 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/etc/krb5.keytab.
| |
− | Entry for principal host/hope.progclub.net@PROGCLUB.ORG with kvno 4, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/krb5.keytab.
| |
− | Entry for principal host/hope.progclub.net@PROGCLUB.ORG with kvno 4, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.
| |
− | Entry for principal host/hope.progclub.net@PROGCLUB.ORG with kvno 4, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/etc/krb5.keytab.
| |
− | kadmin: quit
| |
− | | |
− | root@hope:~# cd /etc
| |
− | root@hope:/etc# ll kr*
| |
− | -rw-r--r-- 1 root root 3504 Aug 4 13:43 krb5.conf
| |
− | -rw------- 1 root root 314 Aug 14 07:32 krb5.keytab
| |
− | | |
− | root@hope:/etc# apt-get install libnss-ldapd libsasl2-modules-gssapi-mit kstart
| |
− | Reading package lists... Done
| |
− | Building dependency tree
| |
− | Reading state information... Done
| |
− | The following extra packages will be installed:
| |
− | libpam-ldapd nscd nslcd
| |
− | The following NEW packages will be installed:
| |
− | kstart libnss-ldapd libpam-ldapd libsasl2-modules-gssapi-mit nscd nslcd
| |
− | 0 upgraded, 6 newly installed, 0 to remove and 0 not upgraded.
| |
− | Need to get 531kB of archives.
| |
− | After this operation, 1311kB of additional disk space will be used.
| |
− | Do you want to continue [Y/n]?
| |
− | | |
− | | |
− | Package configuration
| |
− |
| |
− |
| |
− | ┌─────────────────────────┤ Configuring NSLCD ├──────────────────────────┐
| |
− | │ Please enter the Uniform Resource Identifier of the LDAP server. The │
| |
− | │ format is 'ldap://<hostname_or_IP_address>:<port>/'. Alternatively, │
| |
− | │ 'ldaps://' or 'ldapi://' can be used. The port number is optional. │
| |
− | │ │
| |
− | │ When using an ldap or ldaps scheme it is recommended to use an IP │
| |
− | │ address to avoid failures when domain name services are unavailable. │
| |
− | │ │
| |
− | │ Multiple URIs can be be specified by separating them with spaces. │
| |
− | │ │
| |
− | │ LDAP server URI: │
| |
− | │ │
| |
− | │ ldaps://charity.progclub.org/_________________________________________ │
| |
− | │ │
| |
− | │ <Ok> <Cancel> │
| |
− | │ │
| |
− | └────────────────────────────────────────────────────────────────────────┘
| |
− | | |
− | Package configuration
| |
− |
| |
− |
| |
− |
| |
− |
| |
− | ┌───────────────────────────┤ Configuring NSLCD ├───────────────────────────┐
| |
− | │ Please enter the distinguished name of the LDAP search base. Many sites │
| |
− | │ use the components of their domain names for this purpose. For example, │
| |
− | │ the domain "example.net" would use "dc=example,dc=net" as the │
| |
− | │ distinguished name of the search base. │
| |
− | │ │
| |
− | │ LDAP server search base: │
| |
− | │ │
| |
− | │ dc=progclub,dc=org_______________________________________________________ │
| |
− | │ │
| |
− | │ <Ok> <Cancel> │
| |
− | │ │
| |
− | └───────────────────────────────────────────────────────────────────────────┘
| |
− | | |
− | Package configuration
| |
− |
| |
− |
| |
− | ┌───────────────────────────┤ Configuring NSLCD ├───────────────────────────┐
| |
− | │ │
| |
− | │ When an encrypted connection is used, a server certificate can be │
| |
− | │ requested and checked. Please choose whether lookups should be │
| |
− | │ configured to require a certificate, and whether certificates should be │
| |
− | │ checked for validity: │
| |
− | │ * never: no certificate will be requested or checked; │
| |
− | │ * allow: a certificate will be requested, but it is not │
| |
− | │ required or checked; │
| |
− | │ * try: a certificate will be requested and checked, but if no │
| |
− | │ certificate is provided it is ignored; │
| |
− | │ * demand: a certificate will be requested, required, and checked. │
| |
− | │ If certificate checking is enabled, at least one of the tls_cacertdir or │
| |
− | │ tls_cacertfile options must be put in /etc/nslcd.conf. │
| |
− | │ │
| |
− | │ <Ok> │
| |
− | │ │
| |
− | └───────────────────────────────────────────────────────────────────────────┘
| |
− | | |
− | Package configuration
| |
− |
| |
− |
| |
− |
| |
− |
| |
− |
| |
− | ┌──────┤ Configuring NSLCD ├───────┐
| |
− | │ Check server's SSL certificate: │
| |
− | │ │
| |
− | │ never │
| |
− | │ * allow │
| |
− | │ try │
| |
− | │ demand │
| |
− | │ │
| |
− | │ │
| |
− | │ <Ok> <Cancel> │
| |
− | │ │
| |
− | └──────────────────────────────────┘
| |
− | | |
− | Package configuration
| |
− |
| |
− | ┌───────────────────────┤ Configuring libnss-ldapd ├────────────────────────┐
| |
− | │ For this package to work, you need to modify your /etc/nsswitch.conf to │
| |
− | │ use the ldap datasource. │
| |
− | │ │
| |
− | │ You can select the services that should have LDAP lookups enabled. The │
| |
− | │ new LDAP lookups will be added as the last datasource. Be sure to review │
| |
− | │ these changes. │
| |
− | │ │
| |
− | │ Name services to configure: │
| |
− | │ │
| |
− | │ [*] aliases │
| |
− | │ [*] ethers │
| |
− | │ [*] group │
| |
− | │ [*] hosts │
| |
− | │ [*] netgroup │
| |
− | │ [*] networks │
| |
− | │ [*] passwd │
| |
− | │ [*] protocols │
| |
− | │ [*] rpc │
| |
− | │ [*] services │
| |
− | │ [*] shadow │
| |
− | │ │
| |
− | │ <Ok> │
| |
− | │ │
| |
− | └───────────────────────────────────────────────────────────────────────────┘
| |
− | | |
− | Get:1 http://archive.ubuntu.com/ubuntu/ lucid/universe kstart 3.16-3 [58.3kB]
| |
− | Get:2 http://archive.ubuntu.com/ubuntu/ lucid/universe libsasl2-modules-gssapi-mit 2.1.23.dfsg1-5ubuntu1 [73.1kB]
| |
− | Get:3 http://archive.ubuntu.com/ubuntu/ lucid/universe nscd 2.11.1-0ubuntu7 [211kB]
| |
− | Get:4 http://archive.ubuntu.com/ubuntu/ lucid/universe nslcd 0.7.2 [120kB]
| |
− | Get:5 http://archive.ubuntu.com/ubuntu/ lucid/universe libnss-ldapd 0.7.2 [41.8kB]
| |
− | Get:6 http://archive.ubuntu.com/ubuntu/ lucid/universe libpam-ldapd 0.7.2 [27.6kB]
| |
− | Fetched 531kB in 1s (494kB/s)
| |
− | Committing to: /etc/
| |
− | modified .etckeeper
| |
− | modified hosts
| |
− | added krb5.keytab
| |
− | Committed revision 17.
| |
− | Preconfiguring packages ...
| |
− | Selecting previously deselected package kstart.
| |
− | (Reading database ... 15728 files and directories currently installed.)
| |
− | Unpacking kstart (from .../kstart_3.16-3_amd64.deb) ...
| |
− | Selecting previously deselected package libsasl2-modules-gssapi-mit.
| |
− | Unpacking libsasl2-modules-gssapi-mit (from .../libsasl2-modules-gssapi-mit_2.1.23.dfsg1-5ubuntu1_amd64.deb) ...
| |
− | Selecting previously deselected package nscd.
| |
− | Unpacking nscd (from .../nscd_2.11.1-0ubuntu7_amd64.deb) ...
| |
− | Selecting previously deselected package nslcd.
| |
− | Unpacking nslcd (from .../archives/nslcd_0.7.2_amd64.deb) ...
| |
− | Selecting previously deselected package libnss-ldapd.
| |
− | Unpacking libnss-ldapd (from .../libnss-ldapd_0.7.2_amd64.deb) ...
| |
− | Selecting previously deselected package libpam-ldapd.
| |
− | Unpacking libpam-ldapd (from .../libpam-ldapd_0.7.2_amd64.deb) ...
| |
− | Processing triggers for man-db ...
| |
− | Processing triggers for ureadahead ...
| |
− | Setting up kstart (3.16-3) ...
| |
− | Setting up libsasl2-modules-gssapi-mit (2.1.23.dfsg1-5ubuntu1) ...
| |
− | Setting up nscd (2.11.1-0ubuntu7) ...
| |
− | * Starting Name Service Cache Daemon nscd [ OK ]
| |
− |
| |
− | Setting up nslcd (0.7.2) ...
| |
− | Warning: The home dir /var/run/nslcd/ you specified can't be accessed: No such file or directory
| |
− | Adding system user `nslcd' (UID 103) ...
| |
− | Adding new group `nslcd' (GID 105) ...
| |
− | Adding new user `nslcd' (UID 103) with group `nslcd' ...
| |
− | Not creating home directory `/var/run/nslcd/'.
| |
− | * Starting LDAP connection daemon nslcd [ OK ]
| |
− |
| |
− | Setting up libnss-ldapd (0.7.2) ...
| |
− | /etc/nsswitch.conf: enable LDAP lookups for aliases
| |
− | /etc/nsswitch.conf: enable LDAP lookups for ethers
| |
− | /etc/nsswitch.conf: enable LDAP lookups for group
| |
− | /etc/nsswitch.conf: enable LDAP lookups for hosts
| |
− | /etc/nsswitch.conf: enable LDAP lookups for netgroup
| |
− | /etc/nsswitch.conf: enable LDAP lookups for networks
| |
− | /etc/nsswitch.conf: enable LDAP lookups for passwd
| |
− | /etc/nsswitch.conf: enable LDAP lookups for protocols
| |
− | /etc/nsswitch.conf: enable LDAP lookups for rpc
| |
− | /etc/nsswitch.conf: enable LDAP lookups for services
| |
− | /etc/nsswitch.conf: enable LDAP lookups for shadow
| |
− | * Restarting Name Service Cache Daemon nscd [ OK ]
| |
− |
| |
− | Setting up libpam-ldapd (0.7.2) ...
| |
− |
| |
− | Processing triggers for libc-bin ...
| |
− | ldconfig deferred processing now taking place
| |
− | Committing to: /etc/
| |
− | modified .etckeeper
| |
− | modified group
| |
− | modified group-
| |
− | modified gshadow
| |
− | modified gshadow-
| |
− | added nscd.conf
| |
− | added nslcd.conf
| |
− | modified nsswitch.conf
| |
− | modified passwd
| |
− | modified passwd-
| |
− | modified shadow
| |
− | modified shadow-
| |
− | added init.d/nscd
| |
− | added init.d/nslcd
| |
− | modified pam.d/common-account
| |
− | modified pam.d/common-auth
| |
− | modified pam.d/common-password
| |
− | modified pam.d/common-session
| |
− | modified pam.d/common-session-noninteractive
| |
− | added rc0.d/K20nscd
| |
− | added rc0.d/K20nslcd
| |
− | added rc1.d/K20nscd
| |
− | added rc1.d/K20nslcd
| |
− | added rc2.d/S20nscd
| |
− | added rc2.d/S20nslcd
| |
− | added rc3.d/S20nscd
| |
− | added rc3.d/S20nslcd
| |
− | added rc4.d/S20nscd
| |
− | added rc4.d/S20nslcd
| |
− | added rc5.d/S20nscd
| |
− | added rc5.d/S20nslcd
| |
− | added rc6.d/K20nscd
| |
− | added rc6.d/K20nslcd
| |
− | Committed revision 18.
| |
− | | |
− | root@hope:/etc# cat /etc/nsswitch.conf
| |
− | # /etc/nsswitch.conf
| |
− | #
| |
− | # Example configuration of GNU Name Service Switch functionality.
| |
− | # If you have the `glibc-doc-reference' and `info' packages installed, try:
| |
− | # `info libc "Name Service Switch"' for information about this file.
| |
− |
| |
− | passwd: compat ldap
| |
− | group: compat ldap
| |
− | shadow: compat ldap
| |
− |
| |
− | hosts: files dns ldap
| |
− | networks: files ldap
| |
− |
| |
− | protocols: db files ldap
| |
− | services: db files ldap
| |
− | ethers: db files ldap
| |
− | rpc: db files ldap
| |
− |
| |
− | netgroup: nis ldap
| |
− | aliases: ldap
| |
− | | |
− | root@hope:/etc# cat /etc/nslcd.conf
| |
− | # /etc/nslcd.conf
| |
− | # nslcd configuration file. See nslcd.conf(5)
| |
− | # for details.
| |
− |
| |
− | # The user and group nslcd should run as.
| |
− | uid nslcd
| |
− | gid nslcd
| |
− |
| |
− | # The location at which the LDAP server(s) should be reachable.
| |
− | uri ldaps://charity.progclub.org/
| |
− |
| |
− | # The search base that will be used for all queries.
| |
− | base dc=progclub,dc=org
| |
− |
| |
− | # The LDAP protocol version to use.
| |
− | #ldap_version 3
| |
− |
| |
− | # The DN to bind with for normal lookups.
| |
− | #binddn cn=annonymous,dc=example,dc=net
| |
− | #bindpw secret
| |
− |
| |
− | # SSL options
| |
− | #ssl off
| |
− | tls_reqcert allow
| |
− |
| |
− | # The search scope.
| |
− | #scope sub
| |
− | | |
− | root@hope:/etc# vim /etc/nslcd.conf
| |
− | | |
− | # JE: 2011-08-14: https://help.ubuntu.com/community/SingleSignOn#Client%20Configuration
| |
− | sasl_mech GSSAPI
| |
− | # JE: 2011-08-14: the documentation said to add the following line, but it causes errors
| |
− | # so I removed it. I'm not sure what it's for. Seems to work ok without it.
| |
− | #krb5_ccname FILE:/tmp/host.tkt
| |
− | | |
− | root@hope:/etc# pam-auth-update
| |
− | | |
− | Package configuration
| |
− |
| |
− | ┌───────────────────────────────────┤ ├────────────────────────────────────┐
| |
− | │ Pluggable Authentication Modules (PAM) determine how authentication, │
| |
− | │ authorization, and password changing are handled on the system, as well │
| |
− | │ as allowing configuration of additional actions to take when starting │
| |
− | │ user sessions. │
| |
− | │ │
| |
− | │ Some PAM module packages provide profiles that can be used to │
| |
− | │ automatically adjust the behavior of all PAM-using applications on the │
| |
− | │ system. Please indicate which of these behaviors you wish to enable. │
| |
− | │ │
| |
− | │ PAM profiles to enable: │
| |
− | │ │
| |
− | │ [*] Kerberos authentication │
| |
− | │ [*] Unix authentication │
| |
− | │ [ ] LDAP Authentication │
| |
− | │ │
| |
− | │ │
| |
− | │ <Ok> <Cancel> │
| |
− | │ │
| |
− | └───────────────────────────────────────────────────────────────────────────┘
| |
− | | |
− | root@hope:/etc# service nslcd restart
| |
− | * Restarting LDAP connection daemon nslcd
| |
− | nslcd: /etc/nslcd.conf:30: option sasl_mech is currently not fully supported (please report any successes)
| |
− | nslcd: /etc/nslcd.conf:31: error accessing /tmp/host.tkt: No such file or directory
| |
− | [fail]
| |
− | root@hope:/etc# touch /tmp/host.tkt
| |
− | root@hope:/etc# service nslcd restart
| |
− | * Restarting LDAP connection daemon nslcd
| |
− | nslcd: /etc/nslcd.conf:30: option sasl_mech is currently not fully supported (please report any successes)
| |
− | [ OK ]
| |
− | root@hope:~# vim /etc/passwd
| |
− | root@hope:~# etckeeper commit "Removed jj5 from /etc/passwd"
| |
− | Committing to: /etc/
| |
− | modified nslcd.conf
| |
− | modified passwd
| |
− | modified pam.d/common-account
| |
− | modified pam.d/common-auth
| |
− | modified pam.d/common-password
| |
− | modified pam.d/common-session
| |
− | modified pam.d/common-session-noninteractive
| |
− | Committed revision 19.
| |
− | | |
− | = [[User:John|John]] 2011-08-05 16:59 =
| |
− | | |
− | == Disabling IPSec ==
| |
− | | |
− | Can't get [[IPSec]] to work. Commented out /etc/network/if-up.d/ip and removed the policies from /etc/ipsec-tools.conf.
| |
− | | |
− | = [[User:John|John]] 2011-08-04 23:38 =
| |
− | | |
− | == Installing Kerberos client ==
| |
− | | |
− | jj5@hope:~$ sudo -s
| |
− | [sudo] password for jj5:
| |
− | root@hope:~# apt-get install krb5-user krb5-config
| |
− | Reading package lists... Done
| |
− | Building dependency tree
| |
− | Reading state information... Done
| |
− | The following extra packages will be installed:
| |
− | bind9-host geoip-database libbind9-60 libdns64 libgeoip1 libgssrpc4 libisc60
| |
− | libisccc60 libisccfg60 libkadm5clnt-mit7 liblwres60
| |
− | Suggested packages:
| |
− | geoip-bin krb5-doc
| |
− | The following NEW packages will be installed:
| |
− | bind9-host geoip-database krb5-config krb5-user libbind9-60 libdns64
| |
− | libgeoip1 libgssrpc4 libisc60 libisccc60 libisccfg60 libkadm5clnt-mit7
| |
− | liblwres60
| |
− | 0 upgraded, 13 newly installed, 0 to remove and 0 not upgraded.
| |
− | Need to get 2161kB of archives.
| |
− | After this operation, 5325kB of additional disk space will be used.
| |
− | Do you want to continue [Y/n]?
| |
− | Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libgeoip1 1.4.6.dfsg-17 [109kB]
| |
− | Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main libisc60 1:9.7.0.dfsg.P1-1 [169kB]
| |
− | Get:3 http://archive.ubuntu.com/ubuntu/ lucid/main libdns64 1:9.7.0.dfsg.P1-1 [690kB]
| |
− | Get:4 http://archive.ubuntu.com/ubuntu/ lucid/main libisccc60 1:9.7.0.dfsg.P1-1 [29.4kB]
| |
− | Get:5 http://archive.ubuntu.com/ubuntu/ lucid/main libisccfg60 1:9.7.0.dfsg.P1-1 [52.6kB]
| |
− | Get:6 http://archive.ubuntu.com/ubuntu/ lucid/main libbind9-60 1:9.7.0.dfsg.P1-1 [34.1kB]
| |
− | Get:7 http://archive.ubuntu.com/ubuntu/ lucid/main liblwres60 1:9.7.0.dfsg.P1-1 [47.9kB]
| |
− | Get:8 http://archive.ubuntu.com/ubuntu/ lucid/main bind9-host 1:9.7.0.dfsg.P1-1 [68.2kB]
| |
− | Get:9 http://archive.ubuntu.com/ubuntu/ lucid/main geoip-database 1.4.6.dfsg-17 [658kB]
| |
− | Get:10 http://archive.ubuntu.com/ubuntu/ lucid/main krb5-config 2.2 [23.0kB]
| |
− | Get:11 http://archive.ubuntu.com/ubuntu/ lucid/main libgssrpc4 1.8.1+dfsg-2 [81.4kB]
| |
− | Get:12 http://archive.ubuntu.com/ubuntu/ lucid/main libkadm5clnt-mit7 1.8.1+dfsg-2 [62.0kB]
| |
− | Get:13 http://archive.ubuntu.com/ubuntu/ lucid/main krb5-user 1.8.1+dfsg-2 [137kB]
| |
− | Fetched 2161kB in 2s (891kB/s)
| |
− | Preconfiguring packages ...
| |
− | Selecting previously deselected package libgeoip1.
| |
− | (Reading database ... 15611 files and directories currently installed.)
| |
− | Unpacking libgeoip1 (from .../libgeoip1_1.4.6.dfsg-17_amd64.deb) ...
| |
− | Selecting previously deselected package libisc60.
| |
− | Unpacking libisc60 (from .../libisc60_1%3a9.7.0.dfsg.P1-1_amd64.deb) ...
| |
− | Selecting previously deselected package libdns64.
| |
− | Unpacking libdns64 (from .../libdns64_1%3a9.7.0.dfsg.P1-1_amd64.deb) ...
| |
− | Selecting previously deselected package libisccc60.
| |
− | Unpacking libisccc60 (from .../libisccc60_1%3a9.7.0.dfsg.P1-1_amd64.deb) ...
| |
− | Selecting previously deselected package libisccfg60.
| |
− | Unpacking libisccfg60 (from .../libisccfg60_1%3a9.7.0.dfsg.P1-1_amd64.deb) ...
| |
− | Selecting previously deselected package libbind9-60.
| |
− | Unpacking libbind9-60 (from .../libbind9-60_1%3a9.7.0.dfsg.P1-1_amd64.deb) ...
| |
− | Selecting previously deselected package liblwres60.
| |
− | Unpacking liblwres60 (from .../liblwres60_1%3a9.7.0.dfsg.P1-1_amd64.deb) ...
| |
− | Selecting previously deselected package bind9-host.
| |
− | Unpacking bind9-host (from .../bind9-host_1%3a9.7.0.dfsg.P1-1_amd64.deb) ...
| |
− | Selecting previously deselected package geoip-database.
| |
− | Unpacking geoip-database (from .../geoip-database_1.4.6.dfsg-17_all.deb) ...
| |
− | Selecting previously deselected package krb5-config.
| |
− | Unpacking krb5-config (from .../krb5-config_2.2_all.deb) ...
| |
− | Selecting previously deselected package libgssrpc4.
| |
− | Unpacking libgssrpc4 (from .../libgssrpc4_1.8.1+dfsg-2_amd64.deb) ...
| |
− | Selecting previously deselected package libkadm5clnt-mit7.
| |
− | Unpacking libkadm5clnt-mit7 (from .../libkadm5clnt-mit7_1.8.1+dfsg-2_amd64.deb) ...
| |
− | Selecting previously deselected package krb5-user.
| |
− | Unpacking krb5-user (from .../krb5-user_1.8.1+dfsg-2_amd64.deb) ...
| |
− | Processing triggers for man-db ...
| |
− | Setting up libgeoip1 (1.4.6.dfsg-17) ...
| |
− |
| |
− | Setting up libisc60 (1:9.7.0.dfsg.P1-1) ...
| |
− |
| |
− | Setting up libdns64 (1:9.7.0.dfsg.P1-1) ...
| |
− |
| |
− | Setting up libisccc60 (1:9.7.0.dfsg.P1-1) ...
| |
− |
| |
− | Setting up libisccfg60 (1:9.7.0.dfsg.P1-1) ...
| |
− |
| |
− | Setting up libbind9-60 (1:9.7.0.dfsg.P1-1) ...
| |
− |
| |
− | Setting up liblwres60 (1:9.7.0.dfsg.P1-1) ...
| |
− |
| |
− | Setting up bind9-host (1:9.7.0.dfsg.P1-1) ...
| |
− | Setting up geoip-database (1.4.6.dfsg-17) ...
| |
− | Setting up krb5-config (2.2) ...
| |
− |
| |
− | Setting up libgssrpc4 (1.8.1+dfsg-2) ...
| |
− |
| |
− | Setting up libkadm5clnt-mit7 (1.8.1+dfsg-2) ...
| |
− |
| |
− | Setting up krb5-user (1.8.1+dfsg-2) ...
| |
− | Processing triggers for libc-bin ...
| |
− | ldconfig deferred processing now taking place
| |
− | Committing to: /etc/
| |
− | added krb5.conf
| |
− | Committed revision 13.
| |
− | | |
− | Package configuration
| |
− |
| |
− |
| |
− |
| |
− | ┌──────────────────┤ Configuring Kerberos Authentication ├──────────────────┐
| |
− | │ When users attempt to use Kerberos and specify a principal or user name │
| |
− | │ without specifying what administrative Kerberos realm that principal │
| |
− | │ belongs to, the system appends the default realm. The default realm may │
| |
− | │ also be used as the realm of a Kerberos service running on the local │
| |
− | │ machine. Often, the default realm is the uppercase version of the local │
| |
− | │ DNS domain. │
| |
− | │ │
| |
− | │ Default Kerberos version 5 realm: │
| |
− | │ │
| |
− | │ PROGCLUB.ORG_____________________________________________________________ │
| |
− | │ │
| |
− | │ <Ok> │
| |
− | │ │
| |
− | └───────────────────────────────────────────────────────────────────────────┘
| |
− | | |
− | Package configuration
| |
− |
| |
− |
| |
− |
| |
− |
| |
− |
| |
− | ┌────────────────┤ Configuring Kerberos Authentication ├─────────────────┐
| |
− | │ Enter the hostnames of Kerberos servers in the PROGCLUB.ORG Kerberos │
| |
− | │ realm separated by spaces. │
| |
− | │ │
| |
− | │ Kerberos servers for your realm: │
| |
− | │ │
| |
− | │ kerberos.progclub.org_________________________________________________ │
| |
− | │ │
| |
− | │ <Ok> │
| |
− | │ │
| |
− | └────────────────────────────────────────────────────────────────────────┘
| |
− | | |
− | Package configuration
| |
− |
| |
− |
| |
− |
| |
− |
| |
− |
| |
− | ┌──────────────────┤ Configuring Kerberos Authentication ├──────────────────┐
| |
− | │ Enter the hostname of the administrative (password changing) server for │
| |
− | │ the PROGCLUB.ORG Kerberos realm. │
| |
− | │ │
| |
− | │ Administrative server for your Kerberos realm: │
| |
− | │ │
| |
− | │ kerberos.progclub.org____________________________________________________ │
| |
− | │ │
| |
− | │ <Ok> │
| |
− | │ │
| |
− | └───────────────────────────────────────────────────────────────────────────┘
| |
− | | |
− | = [[User:John|John]] 2011-07-30 18:05 =
| |
− | | |
− | == Configuring IPSec ==
| |
− | | |
− | jj5@hope:~$ sudo -s
| |
− | [sudo] password for jj5:
| |
− | root@hope:~# apt-get install racoon
| |
− | Reading package lists... Done
| |
− | Building dependency tree
| |
− | Reading state information... Done
| |
− | The following NEW packages will be installed:
| |
− | racoon
| |
− | 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
| |
− | Need to get 0B/433kB of archives.
| |
− | After this operation, 1217kB of additional disk space will be used.
| |
− | Committing to: /etc/
| |
− | modified ipsec-tools.conf
| |
− | modified ipsec-tools.conf.bak
| |
− | added iptables.up.rules
| |
− | Committed revision 10.
| |
− | Preconfiguring packages ...
| |
− | Selecting previously deselected package racoon.
| |
− | (Reading database ... 15611 files and directories currently installed.)
| |
− | Unpacking racoon (from .../racoon_1%3a0.7.1-1.6ubuntu1_amd64.deb) ...
| |
− | Processing triggers for man-db ...
| |
− | Processing triggers for ureadahead ...
| |
− | Setting up racoon (1:0.7.1-1.6ubuntu1) ...
| |
− | Starting IKE (ISAKMP/Oakley) server: racoon.
| |
− | Processing triggers for libc-bin ...
| |
− | ldconfig deferred processing now taking place
| |
− | | |
− | root@hope:~# cd /etc/network/if-pre-up.d/
| |
− | root@hope:/etc/network/if-pre-up.d# ll
| |
− | total 12
| |
− | drwxr-xr-x 2 root root 4096 Apr 22 2010 ./
| |
− | drwxr-xr-x 6 root root 4096 Apr 22 2010 ../
| |
− | -rwxr-xr-x 1 root root 348 Dec 21 2009 ethtool*
| |
− | root@hope:/etc/network/if-pre-up.d# vim iptables
| |
− | | |
− | #!/bin/sh
| |
− | /sbin/iptables-restore < /etc/iptables.up.rules
| |
− | | |
− | root@hope:/etc/network/if-pre-up.d# vim ip
| |
− | | |
− | #!/bin/sh
| |
− | # Charity
| |
− | ip route add 67.207.128.184 dev eth0 advmss 200
| |
− | # Honesty
| |
− | ip route add 67.207.129.103 dev eth0 advmss 200
| |
− | | |
− | root@hope:/etc/network/if-pre-up.d# chmod +x iptables ip
| |
− | root@hope:/etc/network/if-pre-up.d# ll
| |
− | total 20
| |
− | drwxr-xr-x 2 root root 4096 Jul 30 08:11 ./
| |
− | drwxr-xr-x 6 root root 4096 Apr 22 2010 ../
| |
− | -rwxr-xr-x 1 root root 348 Dec 21 2009 ethtool*
| |
− | -rwxr-xr-x 1 root root 126 Jul 30 08:11 ip*
| |
− | -rwxr-xr-x 1 root root 58 Jul 30 08:09 iptables*
| |
− | root@hope:/etc/network/if-pre-up.d# cd /etc
| |
− | root@hope:/etc# vim iptables.up.rules
| |
− | | |
− | *filter
| |
− | # Allow all loopback (lo0) traffic
| |
− | -A INPUT -i lo -j ACCEPT
| |
− | # Drop all traffic to 127/8 that does use lo0
| |
− | -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
| |
− | # Accept all established inbound connections
| |
− | -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
| |
− | # Allow all outbound traffic
| |
− | -A OUTPUT -j ACCEPT
| |
− | # Allow HTTP and HTTPS connections from anywhere
| |
− | -A INPUT -p tcp --dport 80 -j ACCEPT
| |
− | -A INPUT -p tcp --dport 443 -j ACCEPT
| |
− | # Allow SSH connections
| |
− | -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
| |
− | # Accept anything from charity
| |
− | -A INPUT -s 67.207.128.184 -j ACCEPT
| |
− | # Accept anything from honesty
| |
− | -A INPUT -s 67.207.129.103 -j ACCEPT
| |
− | # Allow MySQL connections from John's house
| |
− | -A INPUT -s 60.240.67.126/32 -p tcp -m tcp --dport 3306 -j ACCEPT
| |
− | # Allow MySQL connections from localhost
| |
− | -A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 3306 -j ACCEPT
| |
− | # Allow ping
| |
− | -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
| |
− | # log iptables denied calls
| |
− | -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
| |
− | #-A INPUT -j LOG --log-prefix "iptables debug: " --log-level 7
| |
− | # Reject all other inbound - default deny unless explicitly allowed policy
| |
− | -A INPUT -j REJECT
| |
− | -A FORWARD -j REJECT
| |
− | COMMIT
| |
− | | |
− | root@hope:/etc# vim ipsec-tools.conf
| |
− | | |
− | # Hope/Charity security policy
| |
− | spdadd 67.207.130.204 67.207.128.184 any -P out ipsec
| |
− | esp/transport//require
| |
− | ah/transport//require;
| |
− | spdadd 67.207.128.184 67.207.130.204 any -P in ipsec
| |
− | esp/transport//require
| |
− | ah/transport//require;
| |
− | # Hope/Honesty security policy
| |
− | spdadd 67.207.130.204 67.207.129.103 any -P out ipsec
| |
− | esp/transport//require
| |
− | ah/transport//require;
| |
− | spdadd 67.207.129.103 67.207.130.204 any -P in ipsec
| |
− | esp/transport//require
| |
− | ah/transport//require;
| |
− | | |
− | root@hope:/etc# vim racoon/psk.txt
| |
− | | |
− | # Charity
| |
− | 67.207.128.184 <secret>
| |
− | # Honesty
| |
− | 67.207.129.103 <secret>
| |
− | | |
− | root@hope:/etc# ll racoon/psk.txt
| |
− | -rw------- 1 root root 95 Jul 30 08:21 racoon/psk.txt
| |
− | | |
− | root@hope:/etc# vim racoon/racoon.conf
| |
− | | |
− | path pre_shared_key "/etc/racoon/psk.txt";
| |
− | path certificate "/etc/racoon/certs";
| |
− | remote anonymous {
| |
− | exchange_mode main,aggressive;
| |
− | proposal {
| |
− | encryption_algorithm aes;
| |
− | hash_algorithm sha1;
| |
− | authentication_method pre_shared_key;
| |
− | dh_group modp1024;
| |
− | }
| |
− | generate_policy off;
| |
− | }
| |
− | sainfo anonymous {
| |
− | pfs_group modp768;
| |
− | encryption_algorithm aes;
| |
− | authentication_algorithm hmac_sha1;
| |
− | compression_algorithm deflate;
| |
− | }
| |
− | #log debug2;
| |
− | | |
− | root@hope:/etc# vim racoon/racoon.conf
| |
− | root@hope:/etc# /etc/init.d/racoon stop
| |
− | Stopping IKE (ISAKMP/Oakley) server: racoon.
| |
− | root@hope:/etc# /etc/init.d/setkey restart
| |
− | Reloading IPsec SA/SP database: done.
| |
− | root@hope:/etc# /etc/init.d/racoon start
| |
− | Starting IKE (ISAKMP/Oakley) server: racoon.
| |
− | root@hope:/etc# etckeeper commit "Configured IPSec"
| |
− | Committing to: /etc/
| |
− | modified ipsec-tools.conf
| |
− | modified iptables.up.rules
| |
− | added network/if-pre-up.d/ip
| |
− | added network/if-pre-up.d/iptables
| |
− | modified racoon/psk.txt
| |
− | modified racoon/racoon.conf
| |
− | Committed revision 11.
| |
− | root@hope:/etc# /etc/network/if-pre-up.d/ip
| |
− | RTNETLINK answers: File exists
| |
− | | |
− | That ought to do it!
| |
− | | |
− | ...it didn't do it.
| |
− | | |
− | root@hope:~# apt-get remove racoon
| |
− | Reading package lists... Done
| |
− | Building dependency tree
| |
− | Reading state information... Done
| |
− | The following packages will be REMOVED:
| |
− | racoon
| |
− | 0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
| |
− | After this operation, 1217kB disk space will be freed.
| |
− | Do you want to continue [Y/n]?
| |
− | (Reading database ... 15675 files and directories currently installed.)
| |
− | Removing racoon ...
| |
− | Stopping IKE (ISAKMP/Oakley) server: racoon.
| |
− | Processing triggers for ureadahead ...
| |
− | Processing triggers for man-db ...
| |
− | Processing triggers for libc-bin ...
| |
− | ldconfig deferred processing now taking place
| |
− | | |
− | root@hope:~# dd if=/dev/random count=24 bs=1| xxd -ps
| |
− | root@hope:~# dd if=/dev/random count=24 bs=1| xxd -ps
| |
− | root@hope:~# dd if=/dev/random count=20 bs=1| xxd -ps
| |
− | root@hope:~# dd if=/dev/random count=20 bs=1| xxd -ps
| |
− | root@hope:~# vim /etc/ipsec-tools.conf
| |
− | | |
− | #!/usr/sbin/setkey -f
| |
− | # Flush the SAD and SPD
| |
− | flush;
| |
− | spdflush;
| |
− | # Charity/Hope configuration
| |
− | # ESP SAs using 192 bit long keys (168 + 24 parity)
| |
− | add 67.207.128.184 67.207.130.204 esp 1 -E aes-cbc
| |
− | 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef;
| |
− | add 67.207.130.204 67.207.128.184 esp 2 -E aes-cbc
| |
− | 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef;
| |
− | # AH SAs using 160 bit long keys
| |
− | add 67.207.128.184 67.207.130.204 ah 3 -A hmac-sha1
| |
− | 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef;
| |
− | add 67.207.130.204 67.207.128.184 ah 4 -A hmac-sha1
| |
− | 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef;
| |
− | # Security policies
| |
− | spdadd 67.207.130.204 67.207.128.184 any -P out ipsec
| |
− | esp/transport//require
| |
− | ah/transport//require;
| |
− | spdadd 67.207.128.184 67.207.130.204 any -P in ipsec
| |
− | esp/transport//require
| |
− | ah/transport//require;
| |
− | # Hope/Honesty configuration
| |
− | # ESP SAs using 192 bit long keys (168 + 24 parity)
| |
− | add 67.207.130.204 67.207.129.103 esp 9 -E aes-cbc
| |
− | 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef;
| |
− | add 67.207.129.103 67.207.130.204 esp 10 -E aes-cbc
| |
− | 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef;
| |
− | # AH SAs using 160 bit long keys
| |
− | add 67.207.130.204 67.207.129.103 ah 11 -A hmac-sha1
| |
− | 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef;
| |
− | add 67.207.129.103 67.207.130.204 ah 12 -A hmac-sha1
| |
− | 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef;
| |
− | # Security policies
| |
− | spdadd 67.207.130.204 67.207.129.103 any -P out ipsec
| |
− | esp/transport//require
| |
− | ah/transport//require;
| |
− | spdadd 67.207.129.103 67.207.130.204 any -P in ipsec
| |
− | esp/transport//require
| |
− | ah/transport//require;
| |
− | | |
− | root@hope:~# /etc/init.d/setkey restart
| |
− | Reloading IPsec SA/SP database: done.
| |
− | root@hope:~# cd /etc/network
| |
− | root@hope:/etc/network# ls
| |
− | if-down.d if-post-down.d if-pre-up.d if-up.d interfaces
| |
− | root@hope:/etc/network# mv if-pre-up.d/ip if-up.d/
| |
− | root@hope:/etc/network# if-up.d/ip
| |
− | root@hope:/etc# etckeeper commit "Configured IPSec"
| |
− | Committing to: /etc/
| |
− | modified ipsec-tools.conf
| |
− | missing network/if-pre-up.d/ip
| |
− | modified network/if-pre-up.d/ip
| |
− | added network/if-up.d/ip
| |
− | Committed revision 12.
| |
− | | |
− | The other end of the connections have been configured on [[Charity_admin#John_2011-07-30_17:15|charity]] and [[Honesty_admin#John_2011-07-30_19:30|honesty]].
| |
− | | |
− | Works!
| |
− | | |
− | = [[User:John|John]] 2011-07-30 09:45 =
| |
− | | |
− | == Configuring racoon ==
| |
− | | |
− | See [[Charity_Admin#John_2011-07-30_09:38|the Charity Admin section]] for the other half of the configuration.
| |
− | | |
− | # vim /etc/racoon/psk.txt
| |
− | | |
− | # Charity
| |
− | 67.207.128.184 <secret>
| |
− | | |
− | # vim /etc/racoon/racoon.conf
| |
− | | |
− | remote 67.207.128.184 {
| |
− | exchange_mode main,aggressive;
| |
− | proposal {
| |
− | encryption_algorithm 3des;
| |
− | hash_algorithm sha1;
| |
− | authentication_method pre_shared_key;
| |
− | dh_group modp1024;
| |
− | }
| |
− | generate_policy off;
| |
− | }
| |
− | | |
− | sainfo address 67.207.128.184[any] any address 67.207.128.184/32[any] any {
| |
− | pfs_group modp768;
| |
− | encryption_algorithm 3des;
| |
− | authentication_algorithm hmac_md5;
| |
− | compression_algorithm deflate;
| |
− | }
| |
− | | |
− | # vim /etc/ipsec-tools.conf
| |
− | | |
− | # Security policies
| |
− | spdadd 67.207.128.184 67.207.130.204 any -P in ipsec
| |
− | esp/transport//require
| |
− | ah/transport//require;
| |
− | spdadd 67.207.130.204 67.207.128.184 any -P out ipsec
| |
− | esp/transport//require
| |
− | ah/transport//require;
| |
− | | |
− | root@hope:/etc/racoon# /etc/init.d/racoon stop
| |
− | Stopping IKE (ISAKMP/Oakley) server: racoon.
| |
− | root@hope:/etc/racoon# /etc/init.d/setkey restart
| |
− | Reloading IPsec SA/SP database: done.
| |
− | root@hope:/etc/racoon# /etc/init.d/racoon start
| |
− | Starting IKE (ISAKMP/Oakley) server: racoon.
| |
− | | |
− | = [[User:John|John]] 2011-07-30 01:49 =
| |
− | | |
− | == Adding user jj5 ==
| |
− | | |
− | I had hoped to have LDAP and SSO operational before adding users to the any user machines, but it looks like there's nothing for it. Debuggin IPSec is a pain, and I need to login to hope all the time, and I'm sick of typing in the long random root password.
| |
− | | |
− | root@hope:~# adduser jj5
| |
− | Adding user `jj5' ...
| |
− | Adding new group `jj5' (1000) ...
| |
− | Adding new user `jj5' (1000) with group `jj5' ...
| |
− | Creating home directory `/home/jj5' ...
| |
− | Copying files from `/etc/skel' ...
| |
− | Enter new UNIX password:
| |
− | Retype new UNIX password:
| |
− | passwd: password updated successfully
| |
− | Changing the user information for jj5
| |
− | Enter the new value, or press ENTER for the default
| |
− | Full Name []: John Elliot
| |
− | Room Number []:
| |
− | Work Phone []:
| |
− | Home Phone []:
| |
− | Other []:
| |
− | Is the information correct? [Y/n]
| |
− | root@hope:~# gpasswd -a jj5 sudo
| |
− | Adding user jj5 to group sudo
| |
− | | |
− | = [[User:John|John]] 2011-07-30 00:04 =
| |
− | | |
− | == Installing racoon ==
| |
− | | |
− | Having some trouble with IPSec, going to try using racoon.
| |
− | | |
− | root@hope:/etc# apt-get install racoon
| |
− | Reading package lists... Done
| |
− | Building dependency tree
| |
− | Reading state information... Done
| |
− | The following NEW packages will be installed:
| |
− | racoon
| |
− | 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
| |
− | Need to get 433kB of archives.
| |
− | After this operation, 1217kB of additional disk space will be used.
| |
− | Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main racoon 1:0.7.1-1.6ubuntu1 [433kB]
| |
− | Fetched 433kB in 1s (377kB/s)
| |
− | Committing to: /etc/
| |
− | modified .etckeeper
| |
− | modified ipsec-tools.conf
| |
− | added ipsec-tools.conf.bak
| |
− | Committed revision 7.
| |
− | Preconfiguring packages ...
| |
− | Selecting previously deselected package racoon.
| |
− | (Reading database ... 15606 files and directories currently installed.)
| |
− | Unpacking racoon (from .../racoon_1%3a0.7.1-1.6ubuntu1_amd64.deb) ...
| |
− | Processing triggers for man-db ...
| |
− | Processing triggers for ureadahead ...
| |
− | Setting up racoon (1:0.7.1-1.6ubuntu1) ...
| |
− | Generating /etc/default/racoon...
| |
− | Starting IKE (ISAKMP/Oakley) server: racoon.
| |
− | | |
− | Processing triggers for libc-bin ...
| |
− | ldconfig deferred processing now taking place
| |
− | Committing to: /etc/
| |
− | modified .etckeeper
| |
− | added racoon
| |
− | added default/racoon
| |
− | added init.d/racoon
| |
− | added racoon/psk.txt
| |
− | added racoon/racoon-tool.conf
| |
− | added racoon/racoon.conf
| |
− | added rc1.d/K89racoon
| |
− | added rcS.d/S40racoon
| |
− | Committed revision 8.
| |
− | | |
− | The install prompted for Package configuration information, and I choose the 'direct' configuration method (the default) over 'racoon-tool', the other option.
| |
− | | |
− | ┌──────────────────────────┤ Configuring racoon ├──────────────────────────┐
| |
− | │ Racoon can be configured two ways, either by directly editing │
| |
− | │ /etc/racoon/racoon.conf or using the racoon-tool administrative front │
| |
− | │ end. racoon-tool is now deprecated and is only available for backward │
| |
− | │ compatibility. New installations should always use the "direct" method. │
| |
− | │ │
| |
− | │ Configuration mode for racoon IKE daemon. │
| |
− | │ │
| |
− | │ direct │
| |
− | │ racoon-tool │
| |
− | │ │
| |
− | │ │
| |
− | │ <Ok> │
| |
− | │ │
| |
− | └──────────────────────────────────────────────────────────────────────────┘
| |
− | | |
− | = [[User:John|John]] 2011-07-29 00:13 =
| |
− | | |
− | == Installing IPSec ==
| |
− | | |
− | # apt-get install ipsec-tools
| |
− | Reading package lists... Done
| |
− | Building dependency tree
| |
− | Reading state information... Done
| |
− | The following NEW packages will be installed:
| |
− | ipsec-tools
| |
− | 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
| |
− | Need to get 111kB of archives.
| |
− | After this operation, 274kB of additional disk space will be used.
| |
− | Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main ipsec-tools 1:0.7.1-1.6ubuntu1 [111kB]
| |
− | Fetched 111kB in 0s (157kB/s)
| |
− | Selecting previously deselected package ipsec-tools.
| |
− | (Reading database ... 15571 files and directories currently installed.)
| |
− | Unpacking ipsec-tools (from .../ipsec-tools_1%3a0.7.1-1.6ubuntu1_amd64.deb) ...
| |
− | Processing triggers for man-db ...
| |
− | Processing triggers for ureadahead ...
| |
− | Setting up ipsec-tools (1:0.7.1-1.6ubuntu1) ...
| |
− | | |
− | Processing triggers for libc-bin ...
| |
− | ldconfig deferred processing now taking place
| |
− | Committing to: /etc/
| |
− | modified .etckeeper
| |
− | added ipsec-tools.conf
| |
− | added default/setkey
| |
− | added init.d/setkey
| |
− | added rcS.d/S37setkey
| |
− | Committed revision 2.
| |
− | | |
− | # vim /etc/ipsec-tools.conf
| |
− | | |
− | #!/usr/sbin/setkey -f
| |
− | | |
− | # NOTE: Do not use this file if you use racoon with racoon-tool
| |
− | # utility. racoon-tool will setup SAs and SPDs automatically using
| |
− | # /etc/racoon/racoon-tool.conf configuration.
| |
− | #
| |
− | | |
− | # Flush the SAD and SPD
| |
− | flush;
| |
− | spdflush;
| |
− | | |
− | # AH SAs using 128 bit long keys
| |
− | add 67.207.128.184 67.207.130.204 ah 0x200 -A hmac-md5
| |
− | 0x<ah_1>;
| |
− | add 67.207.130.204 67.207.128.184 ah 0x300 -A hmac-md5
| |
− | 0x<ah_2>;
| |
− | | |
− | # ESP SAs using 192 bit long keys (168 + 24 parity)
| |
− | add 67.207.128.184 67.207.130.204 esp 0x201 -E 3des-cbc
| |
− | 0x<esp_1>;
| |
− | add 67.207.130.204 67.207.128.184 esp 0x301 -E 3des-cbc
| |
− | 0x<esp_2>;
| |
− | | |
− | # Security policies
| |
− | spdadd 67.207.128.184 67.207.130.204 any -P in ipsec
| |
− | esp/transport//require
| |
− | ah/transport//require;
| |
− | | |
− | spdadd 67.207.130.204 67.207.128.184 any -P out ipsec
| |
− | esp/transport//require
| |
− | ah/transport//require;
| |
− | | |
− | # sudo chmod 750 /etc/ipsec-tools.conf
| |
− | # sudo /etc/init.d/setkey start
| |
− | * Loading IPsec SA/SP database from /etc/ipsec-tools.conf: [ OK ]
| |
− | $ sudo etckeeper commit "Configured IPSec between charity and hope"
| |
− | Committing to: /etc/
| |
− | modified .etckeeper
| |
− | modified ipsec-tools.conf
| |
− | Committed revision 3.
| |
− | | |
− | Done!
| |
− | | |
− | = [[User:John|John]] 2011-07-29 00:12 =
| |
− | | |
− | == Installing Etckeeper ==
| |
− | | |
− | Per [[Charity_Admin#Setting_up_Etckeeper|the instructions]],
| |
− | | |
− | # apt-get install etckeeper
| |
− | | |
− | That was it. The output was too extensive to report here.
| |
− | | |
− | = [[User:John|John]] 2011-07-25 19:41 =
| |
− | | |
− | The hope.progclub.org slice has has been created, and the host added to to the DNS zones, but apart from that it's not configured presently.
| |