My Ubuntu Server Project Report Stephen Potter ITS3 Introduction For my project i decided to make a secure ubuntu sever to host joomla.I did this by installing a fresh ubuntu server through vmware. The project goal for me was to install joomla on my server so that i could access it from a client computer on my network i also wanted to add other services to the server such as openssh and ispconfig to help make the server more secure. For those of you that dont know Joomla is a very popular cms (content management system) for publishing content on the internet.It is an open source platform which means it is available to everyone.Joomlas main function is to keep track of every piece of content on your Web site. The Content can be text, photos, music, video, documents, or anything else you wish. A major advantage of using a CMS is that it requires almost no technical skill or knowledge to manage,this is because the CMS manages all your content so you don’t have to. Joomla can be used to build some of the following : Corporate Web sites or portals Corporate intranets and extranets Online magazines, newspapers, and publications E-commerce and online reservations Government applications Small business Web sites Non-profit and organizational Web sites Community-based portals School and church Web sites Personal or family homepages The reason joomla is so popular is because Joomla is designed to be easy to install and set up even if you’re not an advanced user. Many Web hosting services offer a single-click install, getting your new site up and running in just a few minutes. Since Joomla is so easy to use, as a Web designer or developer, you can quickly build sites for your clients. Then, with a small degree of instruction, you can teach your clients to easily manage their own sites themselves. In this report i will be going through in detail how i set up my ubuntu server to host joomla and make it as secure as possible. The Pre Joomla Install Joomla has a few things that need to be done before you can install it on the ubuntu server, the main prerequisites for this are installing LAMP on the server, LAMP is essentially, Linux, Apache2,Mysql and PHP. I also installed ISP3config and openssh onto the server aswell to allow connections from my ubuntu desktop that i will be using to connect to the server, both are running through vmware. Initially i had no problems with the LAMP installation, it was fairly straightforward. What i did was installed putty on my desktop and used this to connect to my ubuntu server using its ip address of 192.168.1.180. Once i was connected i was free to install the Lamp server using the aptitude install command for the LAMP server.During this installation i had to set up a root password for mysql, this is needed later on in the joomla installation when i need to create a database to hold the joomla data.After setting the pasword and granting permissions for me as a user in mysql i then had to edit the mysql configuration file and change the bind address from localhost to my own server IP address of 192.168.1.180, i did this by typing vi /etc/mysql/my.conf and editing and saving the file. Once i had the LAMP installed i proceeded to check if the services were running, i ran into a problem here though,when i tried to look at myphpadmin in my browser i kept getting a page cannot be found error,with a little research i found the answer,what had happened is that the myphpadmin file had no been loaded into the apache file, i fixed it with this command: sudo ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf.d/phpmyadmin.conf sudo /etc/init.d/apache2 reload The Joomla Install Once all this was up and running the next phase of the project was ready to begin, which was the joomla install. This part of the project seemed to be really complicated at first from what i was reading on the web but in actually fact it turned out to be quite straight forward all i needed to achieve it was filezilla, putty and a download of a linux edition of joomla. So the first thing i did was download a version of joomla to my ubuntu desktop. The next phase was to open up filezilla and connect it to my server, then using ftp I transferred the joomla file over to the server where it was stored in my home file for extraction later.Then I once again used putty to connect to my server, next I had to create a new database in mysql as joomla requires one to store its data in, I did this using the command: mysql -u root -p(mypassword) CREATE joomla. This created a new empty database for my joomla files to be inputed into.Next i needed to create a folder named joomla in the apache directory, which is located at /var/www. Once in here i used the command mkdir joomla, this is the directory i will be using to extract the joomla file i recently transfered across using filezilla. Then using the command: cd joomla to go into this directory i then started the extraction process using the command: tar -zxvf (path of joomla file) this then extracted the joomla file into the joomla directory.Once the files are finished extracting I needed to use 2 more commands which were: touch configuration.php and chmod 666 configuration .php, those command allows everyone read and write access to the file. Once these steps were done i minimised putty and went back to my ubuntu desktop so that i could login to joomla on my server through the web browser and continue with the installation process.This was fairly straight forward as it was a GUI interface i basically just had to click next a couple of times until joomla was configured, then i set up a username and password so i could log in,it was pretty straight forward.After that i had to consider the security aspect of how to protect my server,I found out through research a couple of ideas. Securing the server As a system administrator, one the chief tasks is dealing with and maintaining server security. If the server is connected to the Internet, for security purposes, it’s in a dangerous place. If it’s only an internal server, you still need be prepared for (accidental) malicious users or disgruntled employees. In general, Ubuntu Servers are very secure platforms. The Ubuntu Security Team, the team that produces all official security updates, has one of the best turnaround times in the computer industry. Ubuntu ships with a no open ports policy, meaning that after you install the machine, be it an Ubuntu desktop or a server, no applications will be accepting connections from the Internet by default. When initially installing ubuntu ,the user that you add during installation by default is placed into the admin group and may use the sudo command to perform system administration tasks. After adding new users to the system, you may add them to the admin group like this: $ sudo adduser username admin One thing to note however is that the sudo command isn’t just a solution for giving user’s root access. It can also handle fine permissions, such as allowing a user to execute only certain commands with superuser privileges. System Resource Limits Another good way of securing the server would be to set up system resource limits, this is because by default, Linux will not put any resource limits on user processes. This means any user is free to fill up all of the working memory on the machine, or create processes in an endless loop, making the system unusable and unresponsive in seconds. The answer to this is to set up some of your own resource limits by editing the /etc/security/limits.conf file: $ sudoedit /etc/security/limits.conf All of the possible settings are all explained well in the commented out sections within the file. System Log Files As a system administrator, the system log files are a very valuable asset to have. If you watch them carefully you can often tell in advance when something is wrong with the system if you know what to look for and you’ll be able to fix most problems before they escalate to much. Logs usually are stored in /var/log, and after your server runs for a while, you’ll notice there are a lot of increasingly older versions of the log files in that directory, many of them compressed with gzip which end withh the .gz file extension. Here are some log files that are common in linux: • /var/log/syslog – general system log • /var/log/auth.log – system authentication logs • /var/log/mail.log – system mail logs • /var/log/messages – general log messages • /var/log/dmesg – kernel ring buffer messages, usually since system bootup When it comes to reviewing logs, there are a few tools of choice that everyone should know and become familiar with for example, the tail utility prints the last ten lines of a file, which makes it a good tool to get an idea of what was going on last in a given log file: $ tail /var/log/syslog With the -f parameter, tail goes into follow mode, which means it willl open the file and keep showing you changes on the screen as they’re happening.