My Ubuntu Server Project Report Stephen Potter ITS3 Introduction for My Project I Decided to Make a Secure Ubuntu Sever to Host

My Ubuntu Server Project Report

Stephen Potter ITS3

Introduction

For my project i decided to make a secure ubuntu sever to host joomla.I did this by installing a fresh ubuntu server through vmware. The project goal for me was to install joomla on my server so that i could access it from a client computer on my network i also wanted to add other services to the server such as openssh and ispconfig to help make the server more secure.

For those of you that dont know Joomla is a very popular cms (content management system) for publishing content on the internet.It is an open source platform which means it is available to everyone.Joomlas main function is to keep track of every piece of content on your Web site. The Content can be text, photos, music, video, documents, or anything else you wish. A major advantage of using a CMS is that it requires almost no technical skill or knowledge to manage,this is because the CMS manages all your content so you don’t have to. Joomla can be used to build some of the following :

Corporate Web sites or portals

Corporate intranets and extranets

Online magazines, newspapers, and publications

E-commerce and online reservations

Government applications

Small business Web sites

Non-profit and organizational Web sites

Community-based portals

School and church Web sites

Personal or family homepages

The reason joomla is so popular is because Joomla is designed to be easy to install and set up even if you’re not an advanced user. Many Web hosting services offer a single-click install, getting your new site up and running in just a few minutes. Since Joomla is so easy to use, as a Web designer or developer, you can quickly build sites for your clients. Then, with a small degree of instruction, you can teach your clients to easily manage their own sites themselves. In this report i will be going through in detail how i set up my ubuntu server to host joomla and make it as secure as possible. The Pre Joomla Install

Joomla has a few things that need to be done before you can install it on the ubuntu server, the main prerequisites for this are installing LAMP on the server, LAMP is essentially, Linux, Apache2,Mysql and PHP. I also installed ISP3config and openssh onto the server aswell to allow connections from my ubuntu desktop that i will be using to connect to the server, both are running through vmware. Initially i had no problems with the LAMP installation, it was fairly straightforward. What i did was installed putty on my desktop and used this to connect to my ubuntu server using its ip address of 192.168.1.180.

Once i was connected i was free to install the Lamp server using the aptitude install command for the LAMP server.During this installation i had to set up a root password for mysql, this is needed later on in the joomla installation when i need to create a database to hold the joomla data.After setting the pasword and granting permissions for me as a user in mysql i then had to edit the mysql configuration file and change the bind address from localhost to my own server IP address of 192.168.1.180, i did this by typing vi /etc/mysql/my.conf and editing and saving the file.

Once i had the LAMP installed i proceeded to check if the services were running, i ran into a problem here though,when i tried to look at myphpadmin in my browser i kept getting a page cannot be found error,with a little research i found the answer,what had happened is that the myphpadmin file had no been loaded into the apache file, i fixed it with this command: sudo ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf.d/phpmyadmin.conf sudo /etc/init.d/apache2 reload

The Joomla Install

Once all this was up and running the next phase of the project was ready to begin, which was the joomla install. This part of the project seemed to be really complicated at first from what i was reading on the web but in actually fact it turned out to be quite straight forward all i needed to achieve it was filezilla, putty and a download of a linux edition of joomla. So the first thing i did was download a version of joomla to my ubuntu desktop.

The next phase was to open up filezilla and connect it to my server, then using ftp I transferred the joomla file over to the server where it was stored in my home file for extraction later.Then I once again used putty to connect to my server, next I had to create a new database in mysql as joomla requires one to store its data in, I did this using the command: mysql -u root -p(mypassword) CREATE joomla. This created a new empty database for my joomla files to be inputed into.Next i needed to create a folder named joomla in the apache directory, which is located at /var/www. Once in here i used the command mkdir joomla, this is the directory i will be using to extract the joomla file i recently transfered across using filezilla.

Then using the command: cd joomla to go into this directory i then started the extraction process using the command: tar -zxvf (path of joomla file) this then extracted the joomla file into the joomla directory.Once the files are finished extracting I needed to use 2 more commands which were: touch configuration.php and chmod 666 configuration .php, those command allows everyone read and write access to the file. Once these steps were done i minimised putty and went back to my ubuntu desktop so that i could login to joomla on my server through the web browser and continue with the installation process.This was fairly straight forward as it was a GUI interface i basically just had to click next a couple of times until joomla was configured, then i set up a username and password so i could log in,it was pretty straight forward.After that i had to consider the security aspect of how to protect my server,I found out through research a couple of ideas.

Securing the server

As a system administrator, one the chief tasks is dealing with and maintaining server security. If the server is connected to the Internet, for security purposes, it’s in a dangerous place. If it’s only an internal server, you still need be prepared for (accidental) malicious users or disgruntled employees.

In general, Ubuntu Servers are very secure platforms. The Ubuntu Security Team, the team that produces all official security updates, has one of the best turnaround times in the computer industry. Ubuntu ships with a no open ports policy, meaning that after you install the machine, be it an Ubuntu desktop or a server, no applications will be accepting connections from the Internet by default.

When initially installing ubuntu ,the user that you add during installation by default is placed into the admin group and may use the sudo command to perform system administration tasks. After adding new users to the system, you may add them to the admin group like this:

$ sudo adduser username admin

One thing to note however is that the sudo command isn’t just a solution for giving user’s root access. It can also handle fine permissions, such as allowing a user to execute only certain commands with superuser privileges.

System Resource Limits

Another good way of securing the server would be to set up system resource limits, this is because by default, Linux will not put any resource limits on user processes. This means any user is free to fill up all of the working memory on the machine, or create processes in an endless loop, making the system unusable and unresponsive in seconds. The answer to this is to set up some of your own resource limits by editing the /etc/security/limits.conf file: $ sudoedit /etc/security/limits.conf

All of the possible settings are all explained well in the commented out sections within the file.

System Log Files

As a system administrator, the system log files are a very valuable asset to have. If you watch them carefully you can often tell in advance when something is wrong with the system if you know what to look for and you’ll be able to fix most problems before they escalate to much.

Logs usually are stored in /var/log, and after your server runs for a while, you’ll notice there are a lot of increasingly older versions of the log files in that directory, many of them compressed with gzip which end withh the .gz file extension.

Here are some log files that are common in linux:

• /var/log/syslog – general system log

• /var/log/auth.log – system authentication logs

• /var/log/mail.log – system mail logs

• /var/log/messages – general log messages

• /var/log/dmesg – kernel ring buffer messages, usually since system bootup

When it comes to reviewing logs, there are a few tools of choice that everyone should know and become familiar with for example, the tail utility prints the last ten lines of a file, which makes it a good tool to get an idea of what was going on last in a given log file:

$ tail /var/log/syslog With the -f parameter, tail goes into follow mode, which means it willl open the file and keep showing you changes on the screen as they’re happening. Also invaluable are zgrep, zcat and zless, for instance, to get a list of lines in all your compressed logs that contain the word “warthog” regardless of case you would issue the following command:

$ zgrep -i warthog /var/log/*.gz

I am not yet overly familiar with all these commands but with practice my ability for dealing with logs will grow with experience.

Customisation on Server

I didnt really add much else to my server apart from LAMP and joomla but the other services i did add are the following. Installing ISPConfig was pretty straight forward and didnt cause me any trouble at all.

ISPConfig 3

So what is ISPConfig? it is an open source hosting control panel for Linux. ISPConfig is licensed under BSD license. ISPConfig simplifies the complicated details of setting up DNS, multiple unique domain name websites on one physical server box, and e-mail accounts for multiple users on those websites.ISPConfig speeds up and simplifies common server administration and operation tasks, such as creating lots of new user e-mail accounts or quickly setting up lots of roots (starting folders) for new websites. Coding these changes by hand from a command prompt would take more time and effort. It would be repetitive (boring), and prone to errors.

I think this is an incredibly useful tool to have installed on my server as it allows me to monitor everything on my server, such as error messages, alerts, system logs, server load, disk usage memory usage and many other details. It is a good security tool aswell as it allows you to open and shut ports through its firewall.Scan mail for viruses and spam as well as ssl certificate management.

Open SSH

Openssh is a very useful service to have running on your server because it provides safe secure encrypted communication between a server and its clients, OpenSSH is a free version of the SSH connectivity tools that technical users of the Internet rely on. Many users of telnet, rlogin, and ftp may not realize that their passwords are being transmitted across the Internet unencrypted, but they are. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions.

The OpenSSH suite replaces rlogin and telnet with the ssh program, rcp with scp, and ftp with sftp. Also included is sshd (the server side of the package), and the other utilities like ssh-add, ssh-agent,ssh-keysign, ssh- keyscan, ssh-keygen and sftp-server.

That was really all i put on the server as i didnt think it needed anything else really, those services allow good communication and monitoring between server and client in my opinion.

All in all im happy how it turned out Im not sure there is alot i would have done differently, i think the apps i installed work well with my server, ispconfig is very good for monitoring the server and its services.There are a couple of things though i could have done differntly.

1. I could have installed an application called Samba, this program allows you to access shares on your Ubuntu server similarly to remote Windows shares from whatI gather,this allows you to easily upload files onto our Ubuntu server.

2.The second thing i could have done is to make use of PHPMYADMIN, this application allows users who don’t like managing MySQL databases in a terminal very much to manage MySQL by means of a webbrowser. so instead of having to create the database for joomla on the command line i could have done it using the webbrowser and PHPMYADMIN.

Other than those two things i dont think i would have set up my server any differently,overall im happy that i got everything working the way its supposed to.

Conclusion

All in all i found this a very interesting project, i enjoyed setting up the server and getting it fully functional and being able to access it from another computer. I learned a good deal about ubuntu desktop and server sytems and how to install software on them. They are seem to be pretty straightforward when you know what you are doing, i found the many tutorials i have referenced very helpful and inciteful. I learned several useful things in regards linux and ubuntu during this project, such as how to install and update applications, transfer files from my desktop to my server using filezilla, connecting securely to my server using putty.Aswell as how to navigate around the joomla and ispconfig interfaces. All in all i learned a lot of useful information that may help me in my future career from this project.