richter

I got my first laptop, a Dell Inspiron B130 for $200 about a year ago. I immediately formatted it, installed Ubuntu, and have never looked back. My experience has been so positive that I am basically in love with Ubuntu (and laptops) at this point.

So recently I acquired a dedicated server. Most services that I’ve seen will mostly certainly offer Linux, but usually not in distros that I’ve been crazy about: I hate RedHat, CentOS is a little odd, Gentoo is pretty good, and I don’t mind Debian. But Ubuntu (probably partially because of its rabid fanbase) has always made the most sense to me, and seems to have the most helpful users/admins and therefore documentation. It’s so easy to troubleshoot — all of your problems are just a web search away.

To my surprise and delight, the best value on a dedicated box also had the option of Ubuntu! After a single evening, I’ve got my webserver up and running everything I’ll be needing, plus some security checks for good measure. The following is a list of some of the issues that I ran into and how I solved them:

• Remove the CD Check

  This made me feel like I was back in 1998, having trouble with a Windows 98 install. I could use apt to search for packages, but when I tried to install, I was (obnoxiously) prompted for the Ubuntu CD. Kinda hard to put a CD in my server when it’s in Florida and I’m in California…

  To fix this, remove the cdrom option from the source list:

  
# Remove the ridiculous cd-rom check in apt-get (it's usually near the top)
sudo vim /etc/apt/sources.list


• Security: Prevent Root SSH

  Here’s a great security tip: do not allow root to login remotely. This might sound crazy to some people, but think about it from a security perspective. If somebody thinks they might know or be able to find out your password, that person will know to try it as the root user. Not only does the attacker already know the username to use, but if somebody gets in with root, you’re really up shit creek. So you want to remove the ability to remotely login as root:

  
# First: make sure the user account you use is in the sudoers file (very important so you don't lock yourself out of your own box)
export EDITOR=vim && visudo


# Add this line (at the bottom is fine)
yourusername ALL=(ALL) ALL


# Prevent root ssh
sudo vim /etc/ssh/sshd_config


# Find this line with "yes" and change it to:
PermitRootLogin no


# Restart your ssh daemon to see the changes.
sudo /etc/init.d/ssh restart


  If you try to login as root after this, you’ll get prompted for your password. It’ll always just look like you’ve got the wrong password — this is great because it doesn’t externally show what you’ve done — somebody could try to guess your root password all day and never be able to get in.

• Make Ubuntu a Webserver!

  I’d guess that most people running a Linux server just want a LAMP installation. In Ubuntu, setting one up is as easy as:

  
# Create a webserver!
sudo apt-get install apache2 php5 mysql-client-5.0 mysql-server-5.0 libapache2-mod-php5 php5-mysql


• PHP Command-Line Interface

  This probably shouldn’t be installed unless you really know what you’re doing. I run a lot of scripts to handle repetitive tasks for me, and since I’m not a fancy-pants Python user, I use PHP for the grunt work. Here’s how you setup PHP CLI:

  
# PHP CLI
sudo apt-get install php5-cli


• MySQL Login Problems?

  After the automatic installation of MySQL, I couldn’t help but notice that I wasn’t prompted for a root MySQL password. Shit! Sure enough, I was locked out. After a few searches, I came across the excellent MySQL documentation which helped out a lot. Here’s how I solved the issue on my server, though YMMV so try the link if this doesn’t work for you:

  
# Create a temporary SQL file to dump into MySQL
vim init.sql


# Paste this into the file:
SET PASSWORD FOR 'root'@'localhost' = PASSWORD('MyNewPassword');


# Stop MySQL
sudo /etc/init.d/mysql stop
sudo /etc/init.d/mysql start --init-file=init.sql


That’s all I’ve got — these took me quite a while to dig up so I thought I’d consolidate some of them here. I also made a ton of Apache changes and tried to make the server even more secure, but it’s so specific to my instance that it probably wouldn’t interest anyone.

This entry was posted on Sunday, January 13th, 2008 at 12:11 pm and is filed under Technology. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.