Automatic IP Configuration with DHCP Server on Ubuntu

ເດືອນກໍລະກົດ 22, 2008

This article is a work in progress.

$ sudo apt-get install dhcp3-server
  # /etc/default/dhcp3-server
  INTERFACES="eth0"
$ sudo nano -w /etc/dhcp*/dhcpd.conf
# dhcpd.conf for Helia labs
# Copyright 2006 Tero Karvinen http://www.iki.fi/karvinen/ubuntu_dhcp.html
# License: GNU General Public License, version 2 or later
# ChangeLog:
# 2006-03-27	Initial version, testing in Helia labs

# Don't set "authoritative" until everything else is correct in dhcpd.conf
authoritative;	# Warning: this overrides other DHCP servers
# Default options in Ubuntu:
ddns-update-style none;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
# Subnet row defines server's network card. Also set in "/etc/default/dhcp3-server"
# 'ifconfig' shows subnet (ipaddress, zeroes as in mask) and netmask
subnet 172.28.0.0 netmask 255.255.0.0 {
	host terotestaa {
		# 'ping target_host', 'arp' shows MAC address
		# only give DHCP information to this computer:
		hardware ethernet 00:0D:56:73:F0:0D;
		# Basic DHCP info (see 'ifconfig', 'route', 'cat /etc/resolv.conf')
		fixed-address 172.28.1.7;
		option subnet-mask 255.255.0.0;
		option routers 172.28.1.254;
		option domain-name-servers 172.28.1.67, 172.28.1.69;
		# Non-essential DHCP options
		option domain-name "tielab.helia.fi";
	}
}
# 'sudo /etc/init.d/dhcp3-server force-reload'
# http://www.iki.fi/karvinen/ubuntu_dhcp.html
 $ sudo /etc/init.d/dhcp3-server stop

Now that you have DHCP working, you could try Ubuntu PXE.


How to Setup Transparent Squid Proxy Server in Ubuntu

ເດືອນກໍລະກົດ 22, 2008

Squid is a fully-featured HTTP/1.0 proxy which is almost (but not quite – we’re getting there!) HTTP/1.1 compliant. Squid offers a rich access control, authorization and logging environment to develop web proxy and content serving applications.

This is a short guide on how to set up a transparent squid proxy server. Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator.

Install Squid

Install squid and squid-common

sudo aptitude install squid squid-common

Edit the squid config file.

sudo vi /etc/squid/squid.conf

Set the allowed hosts.

acl internal_network src 192.168.1.0/24 (
Where 192.168.1.0/24 is your IP range.)
http_access allow internal_network

Set the correct permissions.

sudo chown -R proxy:proxy /var/log/squid/
sudo chown proxy:proxy /etc/squid/squid.conf

You will need to restart squid for the changes to take affect.

sudo /etc/init.d/squid restart

Now open up your browser and set your proxy to point to your new squid server on port 3128

Authentication

If you wish to use authentication with your proxy you will need to install apache2 utilities

sudo aptitude install squid squid-common apache2-utils

To add your first user you will need to specify -c

sudo htpasswd -c /etc/squid.passwd first_user

Thereafter you add new users with

sudo htpasswd /etc/squid.passwd another_user

Edit the squid config file

sudo vi /etc/squid/squid.conf

Set the the authentication parameters and the acl

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid.passwd
auth_param basic children 5
auth_param basic realm NFYE Squid proxy-caching web server
auth_param basic credentialsttl 3 hours
auth_param basic casesensitive off

acl users proxy_auth REQUIRED

acl sectionx proxy_auth REQUIRED

http_access allow users

So this is what your squid.conf should look like.

acl all src 0.0.0.0/0.0.0.0
acl
internal_network src 192.168.1.0/24
acl users proxy_auth REQUIRED
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl sectionx proxy_auth REQUIRED
acl purge method PURGE
acl CONNECT method CONNECT

http_access allow manager localhost
http_access allow users
http_access allow internal_network
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all

Redirect the all HTTP traffic.

If you would like to redirect the all HTTP traffic through the proxy without needing to set up a proxy manually in all your applications you will need to add some rules

iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.1:3128
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp –dport 80 -j REDIRECT --to-ports 3128

Where eth1,eth0 are the LAN, WAN devices and 192.168.0.1 is the IP address of your LAN device.

If you wish to monitor the performance of your proxy you can look as some log parser’s (sarg, calamaris, ect.)

<!–
google_ad_client = “pub-3561711309083119”;
/* New Ubuntu Bottom */
google_ad_slot = “5550623370”;
google_ad_width = 336;
google_ad_height = 280;
//–>


UFW (Uncomplicated firewall) For Ubuntu Hardy

ເດືອນກໍລະກົດ 22, 2008

Create a tool for host-based iptables firewall configuration. This tool should provide an easy to use interface to the user, as well as support package integration and dynamic-detection of open ports.

Install UFW in Ubuntu

Currently this firewall package is available in Ubuntu 8.04

sudo apt-get install ufw

This will complete the installation

Turn firewall on and off (’disable’ is default ACCEPT)

# ufw enable|disable

Toggle logging

# ufw logging on|off

Set the default policy (ie “mostly open” vs “mostly closed”)

# ufw default allow|deny

Accept or drop incoming packets to (can see what services are available with ’status’ (see below)). can be specified via service name in /etc/services, ‘protocol:port’, or via package meta-data. ‘allow’ adds service entry to /etc/ufw/maps and ‘deny’ removes service entry from /etc/ufw/maps. Basic syntax:

# ufw allow|deny [service]

Display status of firewall and ports in the listening state, referencing /var/lib/ufw/maps. Numbers in parenthesis are not displayed to user

# ufw status

UFW Examples

Allow port 53

$ sudo ufw allow 53

Delete Allow port 53

$ sudo ufw delete allow 53

Allow port 80

$ sudo ufw allow 80/tcp

Delete Allow port 80

$ sudo ufw delete allow 80/tcp

Allow port smtp

$ sudo ufw allow smtp

Delete Allow port smtp

$ sudo ufw delete allow smtp

Allow fro Particular IP

$ sudo ufw allow from 192.168.254.254

Delete the above rule

$ sudo ufw delete allow from 192.168.254.254


Nagios Network Monitoring System Setup in Ubuntu

ເດືອນກໍລະກົດ 22, 2008

Nagios is a host and service monitor designed to inform you of network problems before your clients, end-users or managers do. It has been designed to run under the Linux operating system, but works fine under most *NIX variants as well. The monitoring daemon runs intermittent checks on hosts and services you specify using external “plugins” which return status information to Nagios. When problems are encountered, the daemon can send notifications out to administrative contacts in a variety of different ways (email, instant message, SMS, etc.). Current status information, historical logs, and reports can all be accessed via a web browser.

WARNING: “this tutorial is meant for users that have a good knowledge of development tools and manual installation process and will be hardly supported by the Ubuntu community. Standard supported procedure are to install packages from the official repositories, not to compile them by hand”.

Install Nagios in Ubuntu

This Tutorial is intended to provide you with simple instructions on how to install Nagios from source (code) on Ubuntu and have it monitoring your local machine inside of 20 minutes.

If you follow these instructions, here’s what you’ll end up with:

Nagios and the plugins will be installed underneath /usr/local/nagios

Nagios will be configured to monitor a few aspects of your local system (CPU load, disk usage, etc.)

The Nagios web interface will be accessible at http://localhost/nagios/

Required Packages

Make sure you’ve installed the following packages on your Ubuntu installation before continuing.

Apache 2
GCC compiler and development libraries
GD development libraries

Preparing Your System

First you need to install the following packages

sudo apt-get install apache2

sudo apt-get install build-essential

sudo apt-get install libgd2-xpm-dev

1) Create Account Information

Become the root user.

sudo -s

Create a new nagios user account and give it a password.

#/usr/sbin/useradd nagios

#passwd nagios

On Ubuntu server edition , you will need to also add a nagios group (it’s not created by default). You should be able to skip this step on desktop editions of Ubuntu.

#/usr/sbin/groupadd nagios

#/usr/sbin/usermod -G nagios nagios

Create a new nagcmd group for allowing external commands to be submitted through the web interface. Add both the nagios user and the apache user to the group.

#/usr/sbin/groupadd nagcmd

#/usr/sbin/usermod -G nagcmd nagios

#/usr/sbin/usermod -G nagcmd www-data

2) Download Nagios and the Plugins

Create a directory for storing the downloads.

#mkdir ~/downloads

#cd ~/downloads

Download the source code tarballs of both Nagios and the Nagios plugins (visit http://www.nagios.org/download/ for links to the latest versions). At the time of writing, the latest versions of Nagios and the Nagios plugins were 2.10 and 1.4.10, respectively.

#wget http://switch.dl.sourceforge.net/sourceforge/nagios/nagios-2.10.tar.gz

#wget http://kent.dl.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.10.tar.gz

3) Compile and Install Nagios

Extract the Nagios source code tarball.

#cd ~/downloads

#tar xzf nagios-2.10.tar.gz

#cd nagios-2.10

Run the Nagios configure script, passing the name of the group you created earlier like so:

#./configure --with-command-group=nagcmd

Compile the Nagios source code.

#make all

Install binaries, init script, sample config files and set permissions on the external command directory.

#make install

#make install-init

#make install-config

#make install-commandmode

Don’t start Nagios yet – there’s still more that needs to be done…

4) Customize Configuration

Sample configuration files have now been installed in the /usr/local/nagios/etc directory. These sample files should work fine for getting started with Nagios. You’ll need to make just one change before you proceed…

Edit the /usr/local/nagios/etc/objects/contacts.cfg config file with your favorite editor and change the email address associated with the nagiosadmin contact definition to the address you’d like to use for receiving alerts.

#vi /usr/local/nagios/etc/objects/contacts.cfg

5) Configure the Web Interface

Install the Nagios web config file in the Apache conf.d directory.

#make install-webconf

Create a nagiosadmin account for logging into the Nagios web interface. Remember the password you assign to this account – you’ll need it later.

#htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

Restart Apache to make the new settings take effect.

#/etc/init.d/apache2 reload

6) Compile and Install the Nagios Plugins

Extract the Nagios plugins source code tarball.

#cd ~/downloads

#tar xzf nagios-plugins-1.4.10.tar.gz

#cd nagios-plugins-1.4.10

Compile and install the plugins.

#./configure --with-nagios-user=nagios --with-nagios-group=nagios

#make

#make install

7) Start Nagios

Configure Nagios to automatically start when the system boots.

#ln -s /etc/init.d/nagios /etc/rcS.d/S99nagios

Verify the sample Nagios configuration files.

#/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

If there are no errors, start Nagios.

#/etc/init.d/nagios start

8) Login to the Web Interface

You should now be able to access the Nagios web interface at the URL below. You’ll be prompted for the username (nagiosadmin) and password you specified earlier.

http://localhost/nagios/

Click on the “Service Detail” navbar link to see details of what’s being monitored on your local machine. It will take a few minutes for Nagios to check all the services associated with your machine, as the checks are spread out over time.

9) Other Modifications

If you want to receive email notifications for Nagios alerts, you need to install the mailx (Postfix) package.

#apt-get install mailx

You’ll have to edit the Nagios email notification commands found in /usr/local/nagios/etc/commands.cfg and change any ‘/bin/mail’ references to ‘/usr/bin/mail’. Once you do that you’ll need to restart Nagios to make the configuration changes live.

#/etc/init.d/nagios restart


Ubuntu Linux + Apache2 + Virtual Hosts + Syslog Server

ເດືອນກໍລະກົດ 22, 2008

This tutorial will explain How to install syslog server in ubuntu using apache. Steps Involved in this tutorial
1) Install Apache2 and change the ports
2) Virtual Hosts: an example
3) Syslog Server with php and Virtual Hosts
4) Only me wants to see the log files (by using a .htacces file)

Local static ip address

Imagine yourself that eth0 is your internet interface and you want 192.168.0.102 as your local ip address. Change the /etc/network/interface file and save it. This is an excellent example then:

auto eth0
iface eth0 inet static
address 192.168.0.102
netmask 255.255.255.0
gateway 192.168.0.1
broadcast 192.168.0.255

Ofcourse you’ll have to modify it for your own needs, the above file is just an example file ofcourse.

Preparing syslog

mkdir /logs (let’s make a directory for our logs) Modify /etc/syslog.conf and add the next rule if you really would like to log everything: (don’t forget to save it) *.* /logs/logger.log

It’s possible you’re only interessed in a few things, here is the list:

auth – authentication (login) messages
cron – messages from the memory-resident scheduler
daemon – messages from resident daemons
kern – kernel messages
lpr – printer messages (used by JetDirect cards)
mail – messages from Sendmail
user – messages from user-initiated processes/apps
local0-local7 – user-defined (see below)
syslog – messages from the syslog process itself

0 – Emergency (emerg)
1 – Alerts (alert)
2 – Critical (crit)
3 – Errors (err)
4 – Warnings (warn)
5 – Notification (notice)
6 – Information (info)
7 – Debug (debug)

Would you like to log everything from auth, cron, lpr error and only syslogs warnings then you have to add next lines to /etc/syslog.conf

auth.* /logs/logger.log
cron.* /logs/logger.log
kern.* /logs/logger.log
lpr.3 /logs/logger.log
syslog.4 /logs/logger.log

Now modify /etc/init.d/ksyslogd with your favourite editor and do the next:

SYSLOGD=”” Change this line by the next line and save:
SYSLOGD=”-r -m0”

restart networking again: /etc/init.d/networking restart

Install Apache2 and stuff:

apt-get install apache2 php5 libapache2-mod-php5 mysql-server mysql-client

php5-mysql

Check cat /etc/hostname, and the hostname that you are seeing here you have to

place in your /etc/hosts file, together with your local static ip address. /etc/hosts:
192.168.0.102 myhostname Don’t forget to change the above to your own needs! I decided to host on Port 8070, my ISP (Telenet Belgium) has blocked all ports under 1024. Modify /etc/apache2/ports.conf: (Listen 80 must be replaced by Listen 8070)
Listen 8070

If you are behind a NAT, don’t forget to open this port on your router.

Now we’re going to install our virtual hosts. cd /etc/apache2/sites-available
touch myname.homelinux.com (we create our name)
Now edit your myname.homelinux.com file with your favorite editor and make sure it looks like this:

ServerAdmin you@mail.com
ServerName myname.homelinux.com
ServerAlias myname.homelinux.com
DirectoryIndex index.php
DocumentRoot /logs

Ok, now we’re going to etc/apache2/sites-enabled

cd /etc/apache2/sites-enabled
ln -s /etc/apache2/sites-available/myname.homelinux.com myname.homelinux.com This symbolic link (ln -s) is absolutely necessary. Ok, now we’re going to our logs directory and we place there an index.php file cd /logs
touch index.php
Modify index.php now with your favorite editor. This is how it should look like:

Restart apache: /etc/init.d/apache2 force-reload

Ok, go to http://www.dyndns.com and http://www.whatsmyip.org (memorize your ip)
And on dyndns you registrate yourself, you log in, then click DNS services ->

dynamic DNS -> Add Host -> and you registrate myname.homelinux.com.

Mention your remote IP (what you saw at whatsmyip.org at the ip line)

If you visit now your myname.homelinux.com/:8070 webpage you will be able to see your syslogs!

4) Only me wants to see the log files (by using a .htacces file)

Now we take measures: Only you will have the possibility to see your syslogs.

cd /logs (Yes we go again to the /logs directory)
touch .htaccess (We’ll make an .htaccess file)
Modify .htaccess with your favorite editor. This is how your .htaccess file should look like:

AuthUserFile /root/.htpasswd
AuthName ‘Access is limited here’
AuthType basic
require valid-user

cd /root (go to the /root directory)
htpasswd -c .htpasswd webmaster (let’s make a valid account)

Now modify the /etc/apache2/sites-available/default file with your favorite editor:

DocumentRoot /var/www

Options FollowSymLinks
AllowOverride None

Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
# Uncomment this directive is you want to see apache2’s
# default start page (in /apache2-default) when you go to /
#RedirectMatch ^/$ /apache2-default/

This AllowOverride all tells apache2 it has to deal with a .htaccess file.
Restart apache2 again: /etc/init.d/apache2 force-reload

Go to your site now, you’ll have to give a password that you’ve specified.

Conclusion

Now you have a syslog server that’s using the virtual host technique on apache2. And only you is able to read the information, caused by the .htaccess file.


Update IP addresses at dynamic DNS services Using ddclient

ເດືອນກໍລະກົດ 22, 2008

If you are using zoneedit.com or dyndns.org for your DNS service so that you can access your server using a URL, then you might have to update your DNS record at the service periodically whenever the IP address of your computer changes.Now here is simple solution for this ddclient.

Update IP addresses at dynamic DNS services.A perl based client to update your dynamic IP address at DynDNS.com (or other dynamic DNS services such as Hammernode, Zoneedit or EasyDNS), thus allowing you and others to use a fixed hostname (myhost.dyndns.org) to access your machine. This client supports both the dynamic and (near) static services, MX setting, and alternative host. It caches the address, and only attempts the update if the address actually changes.

Install ddclient in ubuntu

sudo aptitude install ddclient

This will complete the installation

Configuring ddclient

If you want to reconfigure you seetings use the following command

dpkg-reconfigure ddclient

You want to make sure it runs as a service and monitors changes in ppp–something that the install wizard doesn’t cover.

Edit the configuration file /etc/ddclient.conf

sudo gedit /etc/ddclient.conf

# Configuration file for ddclient generated by debconf
#
# /etc/ddclient.conf
pid=/var/run/ddclient.pid
protocol=easydns
use=web
server=members.easydns.com
login=yournamehere
password=’password’
*.your.domain

If you can’t find the public IP address, then you can have ddclient check your public IP address from the web by editing /etc/ddclient.conf and making it use the web by saying

use=web

or

use=web, web=checkip.dyndns.org/, web-skip=’IP Address’

Save and exit the file

Restart ddclient service using the following command

sudo /etc/init.d/ddclient restart


Ubuntu Networking Configuration Using Command Line

ເດືອນກໍລະກົດ 22, 2008

The basics for any network based on *nix hosts is the Transport Control Protocol/ Internet Protocol (TCP/IP) combination of three protocols. This combination consists of the Internet Protocol (IP),Transport Control Protocol (TCP), and Universal Datagram Protocol (UDP).

By Default most of the users configure their network card during the installation of Ubuntu. You can however, use the ifconfig command at the shell prompt or Ubuntu’s graphical network configuration tools, such as network-admin, to edit your system’s network device information or to add or remove network devices on your system

Configure Network Interface Using Command-Line

You can configure a network interface from the command line using the networking utilities. You configure your network client hosts with the command line by using commands to change your current settings or by editing a number of system files.

Configuring DHCP address for your network card

If you want to configure DHCP address you need to edit the /etc/network/interfaces and you need to enter the following lines replace eth0 with your network interface card

sudo vi /etc/network/interfaces

# The primary network interface – use DHCP to find our address
auto eth0
iface eth0 inet dhcp

Configuring Static IP address for your network card

If you want to configure Static IP address you need to edit the /etc/network/interfaces and you need to enter the following lines replace eth0 with your network interface card

sudo vi /etc/network/interfaces

# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.3.90
gateway 192.168.3.1
netmask 255.255.255.0
network 192.168.3.0
broadcast 192.168.3.255

After entering all the details you need to restart networking services using the following command

sudo /etc/init.d/networking restart

Setting up Second IP address or Virtual IP address in Ubuntu

If you are a server system administrator or normal user some time you need to assign a second ipaddress to your Ubuntu machine.For this you need to edit the /etc/network/interfaces file and you need to add the following syntax.Below one is the only example you need to chnage according to your ip address settings

sudo vi /etc/network/interfaces

auto eth0:1
iface eth0:1 inet static
address 192.168.1.60
netmask 255.255.255.0
network x.x.x.x
broadcast x.x.x.x
gateway x.x.x.x

You need to enter all the details like address,netmask,network,broadcast and gateways values after entering all the values save this file and you need to restart networking services in debian using the following command to take effect of our new ipaddress.

After entering all the details you need to restart networking services using the following command

sudo /etc/init.d/networking restart

Setting your ubuntu stytem hostname

Setting up your hostname upon a ubuntu installation is very straightforward. You can directly query, or set, the hostname with the hostname command.

As an user you can see your current hostname with

sudo /bin/hostname

Example

To set the hostname directly you can become root and run

sudo /bin/hostname newname

When your system boots it will automatically read the hostname from the file /etc/hostname

If you want to know more about how to setup host name check here

Setting up DNS

When it comes to DNS setup Ubuntu doesn’t differ from other distributions. You can add hostname and IP addresses to the file /etc/hosts for static lookups.

To cause your machine to consult with a particular server for name lookups you simply add their addresses to /etc/resolv.conf.

For example a machine which should perform lookups from the DNS server at IP address 192.168.3.2 would have a resolv.conf file looking like this

sudo vi /etc/resolv.conf

enter the following details

search test.com
nameserver 192.168.3.2