Monthly Archives: October 2014

UNIX and DOS endlines

I had a moment where I forgot about the entire UNIX and DOS endline incompatibility issue. So when I grabbed the autosuspend script with copy and paste and I brought it into eMacs in Windows, saved it to my /files/public folder on the server and tried to execute it. Lots of “$’\r’: command not found” errors.

The solution is to use dos2unix to convert the endlines, if you don’t have it just…

sudo apt-get install dos2unix

Then do dos2unix filename and it will modify it in place. Which is good but beware of this default behavior. It does have other options, which can be explored using dos2unix –help.

Dos2unix has one and only job, to remove CR-LF (Carriage Return-Line Feed )and just leaving LF ( Line Feed ) as UNIX/Linux wants it to be. If a file acts screwy when brought in from Windows it is most likely this issue. I even had to do it on the autosuspend.conf file!

You can always check a file with the command

cat -e filename

BAD, Windows/DOS example…

#!/bin/bash^M$
^M$
# Source the configuration file^M$
. /etc/autosuspend.conf^M$
^M$

GOOD , UNIX/Linux example….

#!/bin/bash$
# Source the configuration file$
. /etc/autosuspend.conf$
$

The caret M$ is DOS, $ is UNIX.

The Linux File System In General

A website that  has a overview of the Linux file system can be found at…

http://www.tldp.org/LDP/intro-linux/html/chap_03.html

 

Auto-shutdown and Auto-suspending a Linux Server

The article below talks about auto-suspending…

http://rolandtapken.de/blog/2013-07/suspend-nas-when-idle

A Simpler Idea

I found another article on auto-suspending that requires only a simple bash script that I have placed in /etc/cron.hourly.

WordPress did not like me uploading autosuspend.sh, for security reasons, it will give an error, so I have the script autosuspend.sh , named autosuspend.sh.txt  here->  autosuspend.sh . The file goes in /etc/cron.hourly naming it just autosuspend, cron won’t run if the filename has an extension.

The file must be owned by root and executable. So you have to use the following commands before running it.

sudo chown root:root autosuspend.sh
sudo chmod u+x autosuspend.sh

I used it as autosuspend.sh and ran it a few times manually running sudo autosuspend.sh, just to see it run properly before sticking the file renamed as autosuspend and placed it into /etc/cron.hourly.

And the autosuspend.conf  named as autosuspend.conf.txt here-> autosuspend.conf  goes in the /etc/ directory.

Both are UNIX formatted files, modify them accordingly for your use.

syslog

CRON logs things when it runs autosuspend into /var/log/syslog, so you can execute…

tail /var/log/syslog

…to see if everything is OK by seeing the traces, the autosuspend script  gives good useful error messages. It also will send an email on the server to root@yourservername, every time it runs. You can use mailx from the CLI ( or some other program ) to read the local email. Mailx is very simple and good enough to quickly page through CRON emails, using return to move down through the unread ones.

Resources

The article I got the script from is…

https://bbs.archlinux.org/viewtopic.php?id=157268

…it does not give you the autosuspend.conf file, but it references another article in German…

http://wiki.ubuntuusers.de/Skripte/AutoSuspend

…that does have the autosuspend.conf file and it seems to work, at least it runs fine so far with some mods.

Files

Once again below are the script and conf file from those sites, labeled with a txt extension. I put them here in case those sites disappear for some reason. This is good knowledge and it works so well, I’d hate to see it get lost.

The script taken from the Archlinux page, requires systemd and uses systemctl suspend to suspend the machine, named autosuspend.sh.txt. Formatted for UNIX/Linux.

autosuspend.sh

Original autosuspend.sh that uses pm-utils from the German ubuntuusers.de site, named as pm-utils_autosuspend.sh.txt and the autosuspend.conf named as autosuspend.conf.txt. Formatted for UNIX/Linux

pm-utils_autosuspend.sh
autosuspend.conf

Auto Shutdown – Mods

I decided to modify the autosuspend.sh file rather than loading the package that it needed (systemd) to execute systemctl suspend, which is what the script file from the first article uses. The other option would be to use pm-utils as the second German article has the original autosuspend.sh formatted to use. For more info on pm-utils see https://wiki.archlinux.org/index.php/pm-utils

Instead of auto suspending, I decided that since the server starts fast enough from a cold boot (17 secs. to usable), why not just replace the…

systemctl suspend

…line with…

shutdown -P +5

This will shut the server down, with a 5 minute warning and guard band. I say guard band, because it can guard against a potential loop. If I play with the script more and make a mistake, I do not want to wind up with a server that starts, jumps to the script and starts shutting down immediately. I know I put the file in /etc/cron.hourly, so it will kick off every hour, but I am just guarding against unforeseen things to be safe and it’s only 5 minutes of delay. If it goes to shut down while testing at some point, I have 5 minutes to execute a shutdown -c to cancel.

I also put the line…

ethtool eth0 -s wol g

…before the shut down line, because that same piece of code, which I tried put into rules.d. But it was not setting the wake on to g, When I ran ethtool, it was staying at d. Not sure why, but since I will be allowing this server to shutdown by itself 90%+ of the time, I opted to put it right in the shutdown script. After a second thought, I also put that line into the /etc/rc.local ( which runs at start up ) as well so it is armed even if I shutdown manually! See the post of Wake On Lan via Ubuntu Linux for more info on Wake on LAN.

Here is the modded autosuspend called autoshutdown.txt. Remove the txt extension and place into the /etc/cron.hourly folder, it is formatted for UNIX.

I forgot about the UNIX and DOS endlines being different while I was working on this. See my post on UNIX vs DOS file endlines, as I had a bit of brain fog and struggled a bit with this while working on the autoshutdown script.

Winbind

Once I got the autoshutdown running. I realized that the Linux machine was not able to resolve the names the Windows machines on the network. The server could only ping the Windows machines by IP address and not their names! I saw this when I was logged out of the server and logged in a while later and the shutdown script had recorded failed pings into syslog, when checking to see if the server was idle. The script correctly saw that no one is logged it by executing, who | wc -l yielding a zero and next it was testing for attached clients ( the Windows machines named in the autosuspend.conf file) using ping $i -c1. And ping was failing as the names were unreachable.

  • arp -a could see all the machines by IP address from both Linux and Windows.
  • net view on the Windows machine could see all the machines by name.
  • smbstatus can see every computer by name fine from my Linux server machine. Particularly since I had installed Samba, the servers name is visible from Windows PC’s due to Samba.
    Samba must send out net-bios information about itself, I see in the config file for Samba where it can act as a wins server as well.

In order for the autosuspend/shutdown script to work pinging by name is a must. To fix, install winbind and configure /etc/nsswitch.conf.

sudo apt-get install winbind

In /etc/nsswitch.conf add wins to the end of the line that starts with
hosts: Mine now reads…

hosts: files dns wins

I got the info from…
http://www.serenux.com/2009/09/howto-configure-ubuntu-to-be-able-to-use-and-respond-to-netbios-hostname-queries-like-windows-does/

Samba Connected test in shutdown script

The autosuspend script does a test to see if anyone is accessing files using Samba via smbstatus. Smbstatus is great to see what is going on, it is good to troubleshoot Samba when you can make connections. It is interesting once you play with it when various computers are accessing the server to understand what it is telling you.
But the script is just looking to see if computers are accessing Samba
shares. The autosuspend.conf shows an IP address for the test using
$SAMBANETWORK as that value and grepping on it. I am not sure how this works as I don’t see any IP numbers when I run smbstatus. So for now I decided that I will use the word Public in the autosuspend.conf instead of 192.168.1. Most likely if a computer is accessing Samba shares on my network and the computers name is not one of the “clients” ( my own machines at home, that have listed names) it is going to be only accessing the Public Samba share. For now this seems to work!

Test used in autosuspend script to look for machines accessing Samba…

/usr/bin/smbstatus | grep $SAMBANETWORK | wc -l
Other conditions for shutdown

The other two tests that autosuspend does (IsRunning() and
IsDaemonActive() ), I have not validated them.

That is a TBD. So far, so good, the server has not shutdown unexpectedly and I have not seen it held up by IsRunning() yet, based on it’s tests. If something is running and a shutdown occurs, a sigterm is generated as the system is going down, so anything in process should terminate cleanly in theory. I’d like to test for OwnCloud activity at some point, I have shut the machine down and restarted a few minutes later on purpose with an OwnCloud file transfer in progress and it picks back up. I have to figure out a test for this, TBD.

IsRunning() tests for the following applications…

 APPLICATIONS='"^nxagent$" "^rsnapshot$" "^wsus$" "^wget$" "^screen$" "^mlnetp$" "^apt-get$" "^aptitude$" "^dpkg$" "^cp$"'

The following features were not copied from the autosuspend.sh on the German site to the one on https://bbs.archlinux.org/viewtopic.php?id=157268 that I used…

# Turning suspend by day (8 a.m. to 3 a.m.) off
 DONT_SUSPEND_BY_DAY='no'
# Automatically reboot once a week when the system isn't in use
 REBOOT_ONCE_PER_WEEK='yes'
  • DONT_SUSPEND_BY_DAY seems to control suspending by blocking it out during the day between 8AM and 3PM, it uses /sys/class/rtc/rtc0/wakealarm. I wasn’t interested in this so I was fine with it being carved out.
  • REBOOT_ONCE_PER_WEEK uses cat /proc/uptime | cut -d’ ‘ -f1-1\` / 3600 / 24 )>= 7\ as a test to see if the machine has been running for more that one week and then it reboots the next time it is idle. This is not of interest to me as my machine will shutdown rather than suspend, so this is not needed either.

Interestingly, I do see a test to see if power management is supported in the original autosuspend.sh that relies on pm-utils. This does not exist in the modified script that uses systemctl, perhaps it is not neccessary as calling systemctl is fine without or it was omitted, because such a test does not exist when using systemctl.

  /usr/bin/pm-is-supported

Basically I am fine with the simpler script, if I need to add features back in, so be it!

I have been using the shutdown script for over a month with no issues so far.

 

Additional utilities for a Linux Server

vsftp

Sometimes it is nice to have an ftp server, you might have Samba and ownCloud, but sometimes you really need ftp to do something. It is the right tool at the right time and I can’t imagine running a server without FTP installed.

sudo apt-get install vsftpd
Edit the configuration file

Back it up first then do an edit

sudo cp /etc/vsftpd.conf /etc/vsftpd.orig
sudo nano /etc/vsftpd.conf

uncomment local_enable = YES

uncomment write_enable = YES

In this manner you will be able to read and write to your home directory. With SSH and FTP you can do just about anything remotely to your server. You can ( put ) FTP a file up to your home and move it anywhere and in the opposite direction also ( get ).

For example I downloaded the zip file for the OwnCloud Music App on a Windows computer, then FTP’d it the Linux server into my home directory and moved and unzipped it in the proper directory using SSH. Zip/unzip is not loaded by default with the Ubuntu Server disc, to get it see below.

This is powerful and with that power comes danger. You don’t want anyone to be able to SSH and FTP in, so be careful when opening these ports. I get “hits” on port 22 for SSH a lot, I don’t even open port 21 for FTP outside of my LAN. When I mean hits, I mean I can see IP addresses come in on my routers log that are from outside the US, by looking them up, or browsing to them. Sometimes using a ping command to the IP a return will come from another IP. These cyber-criminals try to get in on open ports.

vsftp website…

https://security.appspot.com/vsftpd.html

Zip/unzip is not loaded by default with the Ubuntu Server disc

Zipping and unzipping files from the CLI is an important thing to be able to do.To get it…

sudo apt-get install zip unzip

More info on how to use it….

http://askubuntu.com/questions/86849/how-to-unzip-a-zip-file-from-the-terminal

 

dos2unix

Editing shell or config files on a Windows machine, presents you with the CR-LF and LF issue, for Win and UNIX respectively. Scripts won’t run, problems happen with config files when they are not in the right format. Frequently I encounter this when I coy and paste some code from the Web into eMacs or Notepad, then save it on the Linux server. Then I need to execute dos2unix on it to make it run right.

UNIX and DOS endlines

I had a brain dead moment where I forgot about the entire UNIX and DOS endline thing when I was working on getting the server to auto shutdown.
So when I grabbed the autosuspend script with copy and paste and I brought it into eMacs in Windows, saved it to my /files/public folder on the server and tried to execute it. Lots of $’\r’: command not found.

The solution is to use dos2unix to convert the endlines, if you don’t have it, just do…

sudo apt-get install dos2unix

Then do dos2unix filename and it will modify it in place. Which is good but beware of this default behavior. It does have other options, which can be explored using dos2unix –help.

It’s one and only job is to remove CR-LF (Carriage Return-Line Feed )and just leaving LF ( Line Feed ) as UNIX/Linux wants it to be. If a file acts screwy when brought in from Windows it is most likely this issue. I even had to do it on the autosuspend.conf file!

You can always check a file with the command

cat -e filename

BAD example…

#!/bin/bash^M$
 ^M$
 # Source the configuration file^M$
 . /etc/autosuspend.conf^M$
 ^M$

GOOD example….

#!/bin/bash$
 # Source the configuration file$
 . /etc/autosuspend.conf$
 $

The caret M$ is DOS, $ is UNIX.

Emails using ssmtp

It is great that CRON and other applications send an email to the root on a Linux server, which can be read simply by using mailx from the CLI. But, what if you are not logging into the machine very often at all. Using ssmtp might work well for those situations. Even my Netgear N150 router has something similar as far as sending email. On the router, you input email account settings on it and will email you the log file and other information you would like at regular intervals. Ssmtp may be of interest to me with regards to the server at some point and I have noted it for reference.

It would be interesting and a great idea to have the server be able to send emails of certain things, issues it may be encountering.

This looks interesting, I might do this at some point….

How to send email alerts from Ubuntu Server using ssmtp

Installing OwnCloud rounds out the server

Read about OwnCloud which is like it name says a cloud of your own on your own server…

https://owncloud.org/

You will be hosting the install on your own server, so go here and pick the correct flavor of Linux, a prerequisite is the LAMP stack..

http://software.opensuse.org/download/package?project=isv:ownCloud:community&package=owncloud

For my install (Ubuntu 12.04) I ran…

sudo sh -c "echo 'deb http://download.opensuse.org/repositories/isv:/ownCloud:/community/xUbuntu_12.04/ /' >> /etc/apt/sources.list.d/owncloud.list"
sudo apt-get update
sudo apt-get install owncloud

The first line adds to the sources list for apt and will affect the operation of the apt-get update command, more stuff related to OwnCloud gets applied. When I first did this I accidentally hit the up arrow and return and pasted it in twice. The update command complained about this as a warning, the fix is to remove the extra copy from the bottom of the /etc/apt/sources.list.d

Although the OwnCloud install pages shows this second in line. I think I had to do it first, before the above command or errors will happen regarding a missing key.

wget http://download.opensuse.org/repositories/isv:ownCloud:community/xUbuntu_12.04/Release.key
sudo apt-key add - < Release.key

In any case, for Ubuntu the install stuff is here

When loading the OwnCloud repository, it failed on the first try. I forget the error, but update was failing. Something was off base with my Ubuntu install, I could not update & upgrade correctly. I had to search the Internet for a fix. Which involved running

sudo rm -FR /var/lib/apt/lists/*

which cleared out the lists that apt was running on then…

sudo apt-get update

…worked fine!

If you have LAMP installed (which you should), configure OwnCloud to use mySQL when the question comes up when you login for the first time at http://youraddr/owncloud.

Leave database as owncloud and localhost.

OwnCloud Apps

Some apps can be downloaded via the normal click and download/install as an administrator. But some are not available like that. For example Music.

Installing OwnCloud apps by downloading zips.

I went to install Music, which would not install via the web interface.

I had to download the zip file and put it in the folder by ftping to the server. It is worth having vsFTP installed on the server, or at least on your machine that you are accessing the server through. With SSH and vsFTP it is easy to get a lot of work done.

Put the zip file at…

/var/www/ownloud/apps

zip/unzip do not come with Ubuntu server by default, use

sudo apt-get install zip

to get it. Then simply unzip the zip file in the apps folder, it will make it’s own folder. Then the app is installed and will appear in the menu.

Next Additional Utilities for the Server

Additional Utilities for a Linux Server

Samba on a Linux Server

Samba

Backup /etc/samba/smb.conf  before toying with it! Copy it somethings like /etc/samba/smb.bak or /etc/samba/smb.orig for the original and bak for files that you are modding along the way to getting this working. I admit Samba was a bit of a pain to get working, I fussed around a bit on the server and the Windows machines until success occurred.

One mistake I made was to name the folders by the paths as they appear on the server. Bad idea, Microsoft Windows did not like forward slashes and denied access to the folders. Using slashes and perhaps other non-alphanumeric characters are a no-no in the server folder names.

Make Folders on the Server

I created folders named /files/public and /files/erick on the server. More can be added for additional users. What I am doing with the folders is backing up user profiles from Windows machines in the /files/user folders. The public folder is going to hold things like install files for the Windows machines, anti-malware & etc tools, C compiler and DOS DOS-UNIX equivalent tools and so on.

I executed the following commands on the server…

sudo mkdir /files
cd /files
sudo mkdir public
sudo chmod 777 public
mkdir erick

I believe I did a chmod to 777 on files as well. I made the erick directory with my own credentials, I am owner. Directory is created as a 775 by default…

rwxrwxr-x 2 erick erick 4096 Dec 10 21:12 erick

Later on I created a renee folder. Same drill, I did an su and logged in as the user renee after I created the account and ran a mkdir renee under files.

You need to create a Samba password for yourself and any users. Make it the same as the password that you log into the Win machines, especially important if you want to access home folders.

The command for adding a Samba user and password is…

smbpasswd -a user
Linux Users

While on the users topic adding a Linux user with a home directory is accomplished with the following command…

sudo useradd -d /home/username -m username

Adding the password, don’t skip this, if you forget to do this it will cause problems down the road and it might take a while to figure the problems out.

sudo passwd username

There is a command that can take the contents of the skel directory /etc/skel,  into a users home directory. This sets up the files and folders. Normally this will happen when you use the -d /home/username option on useradd. But if you create a user without a home directory and add one later the following command may be helpful…

mkhomedir_helper username

I followed the method above to add a user renee and then created a /files/renee directory on the server.

Editing the smb.conf file

For the following, I opened my /etc/samba/smb.orig and etc/samba/smb.conf files in the eMacs editor and differenced them. The gray lines and sections show the changes, I have highlighted them with red rounded rectangles for clarity. The biggest change is at the bottom of the file where I added code to allow access to the /files/public, /files/erick and /files/renee directories.

Global Settings Changes in smb.conf
Changes under Global Settings in smb.conf
Changes under Global Settings in smb.conf
Authentication Section changes in smb.conf
Changes under Authentication in smb.conf
Changes under Authentication in smb.conf
Share Definitions sections changes in smb.conf.

This is optional and will allow the home directories of the users to be made accessible with read/write access on the network. In this section the changes are post the most part the uncommenting of the grayed out lines that you see below. I think the only change beyond that was setting read only = no.

Share Definitions sections changes in smb.conf
Share Definitions sections changes in smb.conf
Section added to tail of smb.conf for user defined directories

Follow this example to add your own directories to be accessible from the Windows network.

Don’t use any slashes in the names in the [brackets]. I imagine a lot of non-alphanumeric characters will make this fail. Slashes were my problem. I was trying to be clever and using things like [/files/erick]. Also I went to using an underscore instead of a space in the names. This makes it work better from the Windows CLI and scripts, space does not always translate well. I have had issues with scripts where it takes the first part of the folder name and thinks the 2nd part is a switch to the command or something, resulting in failure. Basically the DOS like Windows CLI (Command Line Interface) environment does not like spaces!

I have not tried setting browsable to no. I imagine it can be only access by knowing the names of the files and probably by navigating using the CLI from Windows. This would be acceptable for the two named directories as they are only backup directories and I don’t imagine I would have to browse to the often.

 

Section added to tail of smb.conf for user defined directories
Section added to tail of smb.conf for user defined directories
Restart

Samba needs to be restarted any time you change the smb.conf file. Use the command….

sudo service smbd restart

…to restart.

Windows Machine

The Windows machine needs to be set to the same workgroup. It is best to have the same user names and passwords to both the Win users and the Samba users, in this manner all will work including home file sharing. When you make changes, sometimes you have to log out and in to the Windows user for them to take effect or else you get errors like the folder is not accessible, and other like it about permissions. Windows will prompt for a username and password to access folders as well, especially if the users and passwords do not match between Windows and the Samba server.

smbclient command

Running smbclient -L servername from the server is a good sanity check that the shares are showing up and that the server actually sees the Windows network. If this looks good generally you are in business with Samba at least from the server side.

erick@ubuntuserver:/etc/samba$ smbclient -L ubuntuserver
Enter erick's password:
Domain=[MSHOME] OS=[Unix] Server=[Samba 3.6.3]

        Sharename       Type      Comment
        ---------       ----      -------
        homes           Disk      Home Directories
        print$          Disk      Printer Drivers
        Erick_Backup    Disk      Erick's Files at /files/erick
        Renee_Backup    Disk      Renee's Files at /files/renee
        Public          Disk      Public Files at /files/public
        IPC$            IPC       IPC Service (ubuntuserver server (Samba, Ubuntu))
        erick           Disk      Home Directories
Domain=[MSHOME] OS=[Unix] Server=[Samba 3.6.3]

        Server               Comment
        ---------            -------
        RENEECOMPUTER        Renee's Computer
        UBUNTUSERVER         ubuntuserver server (Samba, Ubuntu)

        Workgroup            Master
        ---------            -------
        MSHOME               RENEECOMPUTER



smbstatus command

Executing smbstatus from the server command line can tell you what computers are connected and if any files are locked. Try executing it while file operations are in progress to see how it behaves. After seeing it in operation, what is going on becomes obvious for the most part. Without any computers connected to Samba folders, nothing interesting is reported. This means that this tool be helpful troubleshooting Samba if you can’t even connect to the folders. But may be of use to troubleshoot issues when all is working OK and then an issue arises. I also have a script that runs and allows the server to shut down when idle, it executes smbstatus as a test to see if any computers are using Samba so the server won’t shutdown while Samba is in use.

It has command line options which I haven’t explored much myself yet.

For the man page on smbstatus

https://www.samba.org/samba/docs/man/manpages/smbstatus.1.html

 

The next topic in this series is…
Installing OwnCloud rounds out the server
Additional

 

There is a good YouTube tutorial online that runs through the basics of setting Samba up on Ubuntu Server 12.04. It worked for me.

Configuring Posting via email for WordPress

I am testing out the ability to post via a secret email, this is how I created this post, then edited some more in WP.

I fussed with it for a bit, sending emails and expecting results. I didn’t realize that the email reading for WP has to be stroked. So I put together a cron job to stroke the reading of email periodically (daily for the moment, which seems reasonable) via php
using…

php -q /home/yourcpanelusername/path-to-folder/wp-mail.php

Which didn’t work, initially. I kept getting email via cron which has XML in the body, it is an error with a line at the bottom…

<p>Slow down cowboy, no need to check for new mails so often!</p>

Then I tried this

But manually stroking the email by going to the URL where wp-mail.php lives does kick the email to a post as lists it as pending. This in my mind is not terribly useful. I would prefer to send an email and have not be a pending post as I would like to post from email without needing to login to WP, in other words just post it already.

Mysteriously after experimenting with sending a few posts by email, it started to work. I sm not sure why, but checking the mail daily at 1AM, it either gets the messages, creates a pending post and deletes the copies on the mail server as it should and reports this in a CRON email. Or there are no emails for it and it reports that correctly. After an initial weirdness it has been working fine and as expected for several weeks.

Remote Operation of Server

At this point, I get off of the server, I mean disconnect the monitor and keyboard. But first remember to configure the BIOS to ignore keyboard errors, important for unattended operation! I wait until at least the updates are done and I have tested out the static IP to “unhook”. If you are setting up firewalls it is best to do it sitting at the machine as well. Because a mistake setting up the firewall can lock you out of connecting with SSH remotely! The firewall, set via the iptables, can block or allow access to incoming or outgoing ports, by passing or dropping packets. The firewall can be configured via tools such as ufw (uncomplicated firewall) to allow certain services to go through. IP addresses and ranges can be blocked or allowed as well. This can get complicated in a hurry. More on this later.

If you are accessing the machine remotely using Windows, you will need Putty. Check out this guide http://www.havetheknowhow.com/Configure-the-server/Install-Putty.html

Logging onto the machine remotely from Linux, is done at the command prompt using either of these…

ssh machines-name
ssh machines-ip-address

From Windows, fire up Putty and put in the machines-name or machines-ip-address in the appropriate spot. You will be presented with a CLI ( Command Line Interface ) prompting for password on connection.

If the machines-name one doesn’t work, then the name is not mapping to the IP address locally, it is a DNS thing in this case. You can just go ahead and use the machines IP. Which you should have configured static previously.

With both Win and Linux you will get a warming the first time you SSH into the server. The warning has to do with not trusting the RSA key, which makes sense, giving that it is the first time the connection is being made. The machines don’t know each other, so just enter yes and they will be key-paired so that in the future you won’t be presented with this question.

With SSH you can continue with the configuration of the machine remotely. The next item on the list is Samba. If you are configuring remotely at a Windows machine it is easy to see if you are configuring Samba correctly. It can be tricky to get working. Searching on line, I found a lot of posts on folks struggling to get Samba to work.

Getting it to the outside world

So far all of this operation has occurred on the LAN. What if you want to make a website or any other port connected to the outside world.

For me, I went into my router via its web config page and opened up port 80 to the outside word, by forwarding the port,  connecting the forwarded port to the local IP address of the server. Along with the Port 22 for SSH as well. If you run Webmin you can forward port 10000 for Webmin. Now I could navigate to my external IP and see the web page of the web server from anywhere. Initially I made port 8080 available so that I could login to the router as well, but then I decided against it.  I figure why open more ports than you need. Keep it simple. How many times will I need to actually get to the router, it’s mostly set it and forget it. The inexpensive Netgear N150 router has worked reliably and has near perfect up-time so far.

Noip for a Static Address

Install noip2. Not sure, my notes aren’t clear but, I think I had to compile and install it after it didn’t work via sudo apt-get install noip2. This is dynamic DNS support support for the URL. The noip2 program runs at startup and periodically reports the IP address of my ISP to the noip headquarters, I suppose, so the URL I picked out goes to my server. Otherwise I would have to go to the actually IP address and then find out what it is when it changes. This seems like a pain if you have to do it remotely, even while experimenting initially. Luckily my ISP does not change my address very often so this step for me is optional. I did run noip with my last server. I may run it for this one at some point. But the IP address stays the same for months so it is not a pain, even if I wanted to point to it with a name. I could even so something clever like send myself an email when it changes.

Router support for noip or dyn-DNS

A new firmware upgrade for my router has added support for noip, so now it would be possible to do this from the router itself. I haven’t investigated yet, but check yours it may be possible to use noip or dyn-DNS right from the router end and not have to mess with the server at all.

 Beware of opening ports

Having things like SSH and FTP, ports 22 and 21 respectively open to the outside world can invite trouble. My router logs routinely show attempts to access the SSH port by various IP’s, if I leave them open, which trace to foreign countries, China mostly. I don’t leave FTP open at all and am keeping SSH off as well until I can firewall this server. For now accessing SSH and FTP from the LAN is good enough. Ideally I want to modify iptables to only allow trusted IP addresses into SSH, the rest, drop the packets as they arrive.

These attempts I see in the router log probably try to hit the username and password with a bunch of guesses or try to look for obvious ones. These cyber-criminals are trying to jack into your machine and do whatever damage they can to the web. So be cautious.

Next do some file sharing with Windows machines using Samba…

Samba on a Linux Server

 

Configure Static IP and installing NTP

One of the first steps when configuring a server post-install is to set up a static IP address. A resource that I followed to remember how to do it is this is The following instructions will vary widely based on your router, this is just a guideline.

How to Make an Ubuntu File Server With Samba

The following is the mods to the network config file using the nano editor, you can use pico or vi, or if you really want to you could move the file off the computer using ftp and put it back if you prefer. But I figure it is best to edit most things in place.

But make a backup first on a critical file like this one

sudo cp /etc/network/interfaces /etc/network/interfaces.bak

then edit the file…

sudo nano /etc/network/interfaces

 

I found the broadcast and netmask from using the ifconfig command. The router address (gateway), I knew from installing the router, look it up in your router admin page. The network is the same address as the gateway with the last digit set to zero, in my case at least. The address is what I want the static IP to be for this server, 10 works OK, 192.168.1.1 is the router add a zero and you’ve got the server.

ifconfig Output
ifconfig Output

For me I commented out the line for dhcp added the

iface eth0 inet static

…and added the right values for address ( my static IP), netmask, network, broadcast and gateway…

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
# iface eth0 inet dhcp
iface eth0 inet static
address 192.168.1.10
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
# nameservers
dns-nameservers 8.8.8.8 8.8.4.4
Set DNS

There is a little trick I found somewhere online for putting name servers right into the interfaces file. Use Google’s DNS 8.8.8.8, 8.8.4.4 or use the ones provided by your ISP. You can usually find your ISP’s name-servers by looking at your router settings.

dns-nameservers 8.8.8.8, 8.8.4.4

After the static IP is set restart the network…

sudo service networking restart

or if the machine is rebooted r the changes will take effect.

Verify All is Well

Ping Google…

ping www.google.com

use ctrl-c to stop the pinging. It should give this kind of output if all is well…

erick@ubuntuserver:/etc/samba$ ping www.google.com
PING www.google.com (173.194.123.51) 56(84) bytes of data.
64 bytes from lga15s47-in-f19.1e100.net (173.194.123.51): icmp_req=1 ttl=53 time=37.9 ms
64 bytes from lga15s47-in-f19.1e100.net (173.194.123.51): icmp_req=2 ttl=53 time=37.6 ms
64 bytes from lga15s47-in-f19.1e100.net (173.194.123.51): icmp_req=3 ttl=53 time=34.6 ms
64 bytes from lga15s47-in-f19.1e100.net (173.194.123.51): icmp_req=4 ttl=53 time=37.9 ms
64 bytes from lga15s47-in-f19.1e100.net (173.194.123.51): icmp_req=5 ttl=53 time=37.5 ms
^C
--- www.google.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 34.649/37.151/37.961/1.272 ms

or run the update and upgrade commands used in the earlier installation post, again to see if all is well they should complete without error.

sudo apt-get update
sudo apt-get upgrade

Since you executed them earlier ( see previous post) not much will happen but it is a good validation that the static IP is working correctly.

Installing NTP

Install NTP, so that the computers time can be synced with the network

sudo apt-get install ntp

Read more on ntp

Next installing SSH and connecting beyond you LAN to the outside world…

Remote Operation of Server

Ubuntu Server Installation and Initial Config Guideline

This is meant to be an outline not a complete guideline. It is based off on notes I took and may be helpful to keep me or someone else straight on the process in the future. There are some sections that are a bit light, but there is more out there on the web and half the problem for me at least is remembering this kind of outline. If I have the outline, I can jump off and find more. This particular post on the install is rather long, but it didn’t seem like a good idea to break it up.

Install,  using Ubuntu Server 12.04

Boot via the DVD that was created by burning the downloaded ISO to it.

Ubuntu Server 12.04 Screen
Ubuntu Server 12.04 Screen

Select Install Ubuntu Server, unless of course you want to test out RAM, a good idea if it has been freshly installed. Which was true in my case. So I ran MEMTEST overnight via this menu first.

Next you will be presented with screens to select language, location and keyboard type.
Ubuntu Server Select Language Screen
Ubuntu Server Select Language Screen
Ubuntu Server Select Location Screen
Ubuntu Server Select Location Screen

If you know what kind of keyboard you have select no to the next screen. If not selecting yes will put the keyboard through a test, having you press various keys to identify it.

Ubuntu Server Detect Keyboard Screen
Ubuntu Server Detect Keyboard Screen

 

Ubuntu Server, Select The Keyboard Screen
Ubuntu Server, Select The Keyboard Screen
Ubuntu Server Select Keyboard Layout Screen
Ubuntu Server Select Keyboard Layout Screen
Next the Ubuntu Server install will start loading additional components, this can take a few minutes…
Ubuntu Server Install, Installing Additional Components
Ubuntu Server Install, Installing Additional Components
 Networking Setup

Ubuntu Server will automatically configure DHCP. Later on, after the install, this will be switched to a static IP address.

Ubuntu Server Auto configuring with DHCP
Ubuntu Server Auto configuring with DHCP

Create a hostname for the computer. Choose something that makes sense for you. A really long hostname ( I think > 14 chars) can present issues with Windows when using Samba. It will truncate the name, just something to be aware of.

Ubuntu Server, Configure the Network, Create a Hostname
Ubuntu Server, Configure the Network, Create a Hostname
User and Password

You can set up a user next by filling out a username and password. After the installation you can add more users if you need to.

The first screen will ask for your name, this could be your real name.

Ubuntu Server Setup Users and Passwords Screen
Ubuntu Server Setup Users and Passwords Screen

Next you will enter your username. Something simple like your first name in all caps is a good choice.

Ubuntu Server Enter a Username Screen
Ubuntu Server Enter a Username Screen

Choose a decent password. Something not listed in a dictionary is a good choice, with some numbers and a capitalized letter, punctuation as well. One approach taken is to take two unrelated words that are easy to remember and concatenating them. Whatever you do, don’t lose it, I am not sure you can recover it unless you can reset it as root, provided you have that password.  In Ubuntu, you have to log in as a user to even execute sudo. So if you have one user and lose the password, it’s probably game over.

Ubuntu Server Choosing a Password
Ubuntu Server Choosing a Password

To encrypt or not to encrypt your home directory on your Ubuntu Server install. I chose no, it’s a server, I am not going to do much with the home directory. Encryption is nice, but it comes with a small speed cost of decoding, this could be a burden on a slow processor.

Ubuntu Server Encrypt Home Directory Question
Ubuntu Server Encrypt Home Directory Question
Time Zone

Where are you in the world?  I think the install is taking an educated guess as to where you are, so what it chooses may be correct, just double check. If not, set up your time zone via this drop down menu. After the install it is possible to install ntp which can keep the server clock sync’ed up with an atomic clock time.

Ubuntu Server, Check The Time Zone
Ubuntu Server, Check The Time Zone
Partitioning

Whole disk, LVM. Lots of options. I choose to wipe the disk clean and use LVM. I will be adding disks to this machine and with LVM, they can appear as one big disk, not mounting required. LVM is a thin layer of software that manages the Logical Volumes. Therefor it does consume a small amount of resources and must lower disk transfers slightly. One thing that I did noticed once with an LVM disk, is that I could not read it using a IDE to USB adapter. It was invisible to it. I have to try plugging that disk into a Linux machine at some point to see if I can read it’s contents. So it seems that LVM could complicate a recovery of a disk. Supposedly an advantage of LVM is that you can mirror copy the volumes and expand them across disk. I need to research this some more as it is new to me.

Ubuntu Server Guided Partitioning Using Entire Disk and LVM
Ubuntu Server Guided Partitioning Using Entire Disk and LVM

If you have more than one disk, you have to choose which one the OS will install to.

Ubuntu Server, Choose a Disk to Partition
Ubuntu Server, Choose a Disk to Partition

At this point in the install, I ran into an issue with the fact that the disk I was trying to use was originally used in another Linux machine with 3 disks used in LVM. Nothing I did seemed to work as it gave me a warning about the disk being a part of a 3 disk LVM set. I stopped the install and used a CD that came with a drive I bought years ago and wiped out the drive. Then I did the reinstall and successfully made it to the following confirmation screen. If all looks well you can hit Yes, if not hitting No will allow you to work backwards. Hitting Yes is final as disk writes will occur.

Ubuntu Server, Partitioning Disks, Confirmation Screen
Ubuntu Server, Partitioning Disks, Confirmation Screen
System Install, Configuring Updates and Installing Software

Once the partition in complete the OS will install, which will take several minutes.

Ubuntu Server Installing Base System
Ubuntu Server Installing Base System

There is an option to have automatic updates, this is a good idea, especially for a headless server. So it can take care of itself with a minimum of fuss.

Ubuntu Server, Configure tasksel for Automatic Updates
Ubuntu Server, Configure tasksel for Automatic Updates

Choose software to install. Open SSH is a must if you are to remotely shell into the server. Because I will be running OwnCloud on this unit and it uses a web interface and a database and PHP, installing LAMP Server is a must. I will also make a few folders that can be reached directly from Windows computers on the network, mostly for direct backups, so Samba file server is a must.

Ubuntu Server Software Selection
Ubuntu Server Software Selection

 

Final Steps for Ubuntu Server 12.04 install

The Ubuntu server install will prompt for installation of software. Install the following when prompted by the screen.

  • Open SSH
  • LAMP
  • Samba Server
 MySql Password

Because the LAMP Server (Linux-Apache-MySql-PHP)  installs MySql a password is needed for the “root” user of the database. During the process of configuring LAMP, a prompt will appear for a MySQL root password, make it something memorable in case you ever have to manage or do work with the database manually, or if a program asks for it, such as when doing a WordPress install.

LAMP Install Choosing a MySql Password
LAMP Install Choosing a MySql Password
GRUB

As the description for GRUB states this is the only install going in, so it safe to hit Yes and go ahead. Results may vary for you specific case. If you have a multi boot machine, GRUB will setup Ubuntu Server to load first, if you are configuring a multi boot machine.

Ubuntu Server GRUB Install
Ubuntu Server GRUB Install

The done screen, pull out the disk hit continue and the PC now will reboot, I went into the BIOS and did a few more things to it.

Ubuntu Server Installation Finished
Ubuntu Server Installation Finished
Additional  Steps in the BIOS

All BIOS are a bit different. Yours may not look the same, but should have similar settings. This is a Dell Dimension 2400. Configure the BIOS to ignore keyboard errors “Do Not Report”, important for unattended operation with a keyboard and monitor!

Setting BIOS to Ignore Keyboard Errors
Setting BIOS to Ignore Keyboard Errors

I also set “Remote Wake Up” to On as I will use Wake On LAN to wake this machine up remotely. I cover it here … Wake On LAN via Ubuntu Linux

Remote Wake Up Help Screen Description
Remote Wake Up Help Screen Description

I will set Suspend Mode to S3. This has worked well for me with Dell machines in the past. I am considering writing a CRON script that will suspend to RAM when the server is idle for a period of time, so setting this to what I want it to be now is a good idea.

Setting Suspend Mode to S3
Setting Suspend Mode to S3

If the power goes out and comes back on I want the server to go back to what ever state it was in, if off stay off, if it was on, restart. I have used this in the past and it does work well.

Setting AC Power Recovery to Last
Setting AC Power Recovery to Last
Final Steps for Install when the machine reboots

When you exit the BIOS, you be prompted for your username and password.

For good measure run the update and upgrade commands, if all is well they should complete without error.

sudo apt-get update
sudo apt-get upgrade
One of the first steps when configuring a server post-install is to set up a static IP address.

This is explained in the next post…

Configure Static IP and installing NTP

More Resources…

How to Make an Ubuntu File Server With Samba

on Youtube.

Plus … Find a decent Guide to Install Ubuntu Server here