How to List all packages available to install from Ubuntu Repository // Crucial Paradigm

Sometimes Linux does not properly create the default gateway, so you may need to add it manually. You can add a default gateway using the route command:

View Routing Table:

route -n

Add default route:

route add default gw 192.168.0.1 eth0

Tags: linux, networking, server-administration

No Comments

Filed under: Uncategorized by — aaron @ 5:54 pm

September 11, 2008

How to install Webmin on CentOS 4/5 the easy way

Webmin is a free control panel which allows you to easily manage your server through a web interface. This is great to VPS accounts, or dedicated servers.

Instructions:

yum -y install perl-Net-SSLeay

wget http://downloads.sourceforge.net/project/webadmin/webmin/1.510/webmin-1.510-1.noarch.rpm?use_mirror=internode

rpm -i webmin-1.510-1.noarch.rpm

Then you can access via your IP address using:

https://(your.ip):10000/

Tags: centos, control panels, server-administration

(4) Comments

Filed under: Uncategorized by — aaron @ 11:01 pm

September 2, 2008

Using Subversion/SVN on cPanel Servers

Subversion is a free/open-source version control system. This article will explain you about how to use subversion in linux servers mainly cpanel servers. Subversion uses copy-modify-merge model for its working.

Access Methods :

Subversion repositories can be accessed using different methods.

Syntax             Access Method
————————————
1. file:///    direct repository access (on local machine)
2. http://            access via WebDAV protocol to Subversion-aware Apache server
3. https://    same as http://, but with SSL encryption.
4. svn://            access via custom protocol to an svnserve server
5. svn+ssh://    same as svn://, but through an SSH tunnel.
————————————

1. If you are accesssing the subversion repository from the local machine, use the following syntax to access the file.

$ svn list file:///path/to/repos.

For eg: If you have ssh access to the server, login to the shell and repository contents can be listed as,

$svn list file:///home/testuser/testrepo

The command ‘list’ will display the repository contents.

2. We can use http URLs to access svn repository.

$svn list http://domainname/path/to/repository

If you have any space in the URLs used, give the URLs in quotes,

$svn list “http://domainname/path with space /to/repository”

This will take the URL as a single argument to svn program.

Note : As we are not using a Subversion-aware Apache server, it is not possible to access repository from our server directly using http(or https).

3. You can access the svn repository from our server using svn+ssh method, like

$svn list svn+ssh://username@domainname/home/username/public_html/testrepo/

Creating a new subverion repository in your home directory on our server:

$svnadmin create /path/to/repository

You can have your own working copy of a project. Your working copy is your own private work area. Subversion will never add other people’s changes, nor make your own changes available to others, until you explicitly do so. After making changes to the working copy, you can publish the changes to the repository. You can also merge the changes made by other people to your working directory.

You can create a private copy of an existing project using ‘checkout’ command.

$svn checkout /path/to/project

Usually we start working on a project by using a working copy.

To publish changes, use the ‘commit’ command.

$svn commit <modified file name> -m “changes made in file”

After -m, we are mentioning a note of the changes made to the file.

If you want to update others changes to your working copy, use the ‘update’ command.

$svn update

You can add new files to the subversion repository using the import command.

$svn import <file/directory> file:///path/to/repos -m “Initial import”

For eg, to import files in your local machine to a repository created by you on our server,

$svn import -m ‘Initial Import’ <path to file/directory to be copied from local machine> svn+ssh://username@domainname/home/username/testrepo

You will get error “svn: ‘.’ is not a working copy” if the path mentioned for the repository is not correct.

Recommended repository layout :

Subversion’s flexibility allows you to create your repository in any way, but the recommended way is to create a trunk directory to hold the “main line” of development, a branches directory to contain branch copies, and a tags directory to contain tag copies, like

$svn list file:///path/to/repos
/trunk
/branches
/tags

A small description of svn commands :

* Update your working copy
$svn update

* Make changes
$svn add <filename>

Add file, directory, or symbolic link to the existing repository.

$svn delete <filename>

Delete file, directory, or symbolic link from the repository.
$svn copy <file1> <file2>

Create a new file file2 as a duplicate of file1 and automatically schedule file2 for addition.

$svn move

This command is exactly the same as running svn copy file1 file2; svn delete file1.

* Examine your changes
$svn status
$svn diff

* Possibly undo some changes
$svn revert

* Resolve Conflicts (Merge Others’ Changes)
$svn update
$svn resolved

* Commit your changes
$svn commit

Creating users to access the subversion repository using authentication(Using Access Method 4):
————————————————————————-

We can give access to some authenticated users to the repository using the
svnserve daemon. Suppose that you have created a test repository /home/username/testrepo.
Add the following lines in /home/username/testrepo/conf/svnserve.conf.

======================
[general]
anon-access = read
auth-access = write
realm = Test Repository
password-db = passwd
======================

By this anonymous users will have read access and only authenticated users will have write access to the repository. The realm is a name that you define. The authenticated user’s details are mentioned in the file ‘passwd’ in the same directory as that of the configuration file(/home/username/testrepo/conf/passwd).

passwd file :
======================
Username = testpass
======================

Now users can use these login details to write to the repository from shell. For this, svnserve daemon should be running on the server. If it is not running serverwide, you can start svnserve daemon as follows.

#svnserve -d -r /home/username/testrepo/

Using the -r option effectively modifies the location that the program treats as the root of the file system space it can access.

Now you can access the repository as follows.
==================================
# svn import -m ‘Initial Import’ test svn://domainname/testrepo/
Authentication realm: <svn://domainname:3690> Test Repository
Password for ‘root’:
Authentication realm: <svn://domainname:3690> Test Repository
Username: Username
Password for ‘Username’:
Adding test/test.html

Committed revision 1.
==================================

At first when it prompt for root password, just enter without giving anything. Then you can give username and password. Svn will cache the login from a particular IP and will not prompt for password every time that user access the repository. The passwords are cached in the directory /home/username/.subversion/auth. It is not insecure as the ‘auth/’ caching area is permission-protected so that only the user(owner) can read data from it, not the world at large. If that’s still not safe for you, you can disable credential caching by uncommenting the line ‘store-auth-creds = no’ in the file /home/username/.subversion/config.

Note :
Currently we are not running svnserve daemon all the time on the server. If we are permitting users to run the svnserve daemon to a particular repository, it will make a conflict if another user try to run this daemon under their repository.

To ensure that the svnserve gets started whenever the server is booted, we must add a @reboot line to the root crontab as follows.

———————————
@reboot svnserve -d -r /home/
———————————

Now any user’s repository under /home can be accessed using svnserve daemon by authentication.

Reference :

http://svnbook.red-bean.com/en/1.4/svn.intro.whatis.html

Tags: linux, server-administration, subversion

No Comments

Filed under: Uncategorized by — aaron @ 5:26 pm

September 1, 2008

Installing and Configuring OpenVPN on a Xen VPS or Dedicated Server

This document describes how to set up OpenVPN between a host computer running Xen Linux or a dedicated server running Linux and remote Windows clients.

What is a VPN?

VPN stands for virtual private network. It allows you to connect securely to a private network via internet and work as if you were a part of that network. It is based on the client/server architecture and it works on almost all platforms including FreeBSD, Linux, Windows and MAC OS X. It allows you to work from home as if you were in the office. Virtual private networks help distant colleagues work together, much like desktop sharing.

Installing Open VPN on the Xen VPS/Server

Open VPN requires lzo real time compression library and hence install it first if it is not already present.

There are three ways to install Open VPN

a) Using YUM

yum install openvpn -y

b) Installation via rpm

First download and install lzo.

wget ftp://ftp.pbone.net/mirror/centos.karan.org/el5/extras/testing/SRPMS/02-3.el5.kb.src.rpm

rpm -ivh lzo-2.02-3.el5.kb.src.rpm

Then download and install open vpn

wget ftp://ftp.pbone.net/mirror/centos.karan.org/el5/extras/testing/SRPMS/n-2.1-0.20.rc4.el5.kb.src.rpm

rpm -ivh openvpn-2.1-0.20.rc4.el5.kb.src.rpm

c)Installation via source

Installing lzo

cd /usr/local/
wget http://www.oberhumer.com/opensource/lzo/download/LZO-v1/lzo-1.08.tar.gz
tar -xzvf lzo-1.08.tar.gz
cd lzo-1.08
./configure –prefix=/usr
make -j4
make install

Now install Open VPN

cd /usr/local/
wget http://openvpn.net/release/openvpn-2.1_rc7.tar.gz
cd openvpn-2.1_rc7
./configure –prefix=/usr
make -j4
make install

We can choose any of the installation methods specified above. Yum installation is easiest of them while source installation will provide you more control on the installation. Once the installation(using Yum or RPM) is over you can see the configuration and binaries at the path /usr/share/doc/openvpn-2.1/easy-rsa.

Copy this folder to the /etc directory.

mkdir /etc/openvpn
cp -R /usr/share/doc/openvpn-2.1/easy-rsa /etc/openvpn

We need to give full permission to all the scripts in this folder.

cd /etc/openvpn/easy-rsa/2.0
chmod 777 *

Create Keys on Xen VPS/Server

There are two ways by which you can make sure of the authentication against the server and clients. First is by generating a a key file and distributing it to the server and clients. While this is easy, it is a potential risk and we wont be dealing with it here.

Another method is by using the public key infrastructure (PKI). In this method, there will be three certificates.

1) Master certficate & key which is placed in vpn server
2) Server certificate & key which is placed in vpn server
3) Client certificate & key which is placed in vpn client

We will generate the master certificate below. The server will only accept the certificates from those clients which are signed by the master certificate authority. The server and client certs are intended for providing a secure communication channel.

Generate the master Certificate Authority (CA) certificate & key

The scripts in the easy-rsa folder are used for generating keys. The keys will be placed in /etc/openvpn/keys. This folder wil not be present by default, hence we first need to manually create the folder.

mkdir /etc/openvpn/keys

In order to generate the master certificate, we first need to edit the vars configurations file.

cd /etc/openvpn/easy-rsa/2.0
vi vars

Edit the following values to suit your requirements. I am giving test details here. Do not leave any of those fields, blank as the cert will be generated based on these values. Once modified, save and quit the file.

export KEY_DIR=”/etc/openvpn/keys”
export KEY_COUNTRY=”US”
export KEY_PROVINCE=”CA”
export KEY_CITY=”SanFrancisco”
export KEY_ORG=”Fort-Funston”
export KEY_EMAIL=”test@test.com”

Now, we will start creating the cert and key.

. ./vars
./clean-all # This will delete all the existing files in the key folder

./build-ca # We are going to build the CA. You can just continue by hitting Enter until you reach the field for common name. All other fields will be populated by default from the entries you gave in the vars file.

-bash-3.1# ./build-ca
Generating a 1024 bit RSA private key
………………………++++++
………..++++++
writing new private key to ‘ca.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [SanFrancisco]:
Organization Name (eg, company) [Fort-Funston]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) [Fort-Funston CA]: server.ca
Email Address [test@test.com]:

It is important that you give a unique common name for this paramaeter. Here I have given the name as server.ca. It is better to follow the format hostname.ca. Now that the master certificate has been generated we shall proceed to generate the server certificate.

Generate certificate & key for server

./build-key-server server

As in the master certificate almost all paramaters are taken by default from the vars file. The only details that you need to provide is again the common name. Here I have given it as server. You can then continue hitting enter, until you reach ‘ Sign the certificate? ‘ field. Type ‘y’ and hit enter. Next it will ask ’1 out of 1 certificate requests certified, commit?’. Again type ‘y’ and hit enter. A sample server certificate generation is shown below.

=========================================
-bash-3.1# ./build-key-server server
Generating a 1024 bit RSA private key
……++++++
………………………++++++
writing new private key to ‘server.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [SanFrancisco]:
Organization Name (eg, company) [Fort-Funston]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) [server]:server
Email Address [test@test.com]:

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/2.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName           RINTABLE:’US’
stateOrProvinceName   RINTABLE:’CA’
localityName          RINTABLE:’SanFrancisco’
organizationName      RINTABLE:’Fort-Funston’
commonName            RINTABLE:’serve.key’
emailAddress          :IA5STRING:’test@test.com’
Certificate is to be certified until Jul 1 04:00:18 2018 GMT (3650 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

====================================

Generate certificate & key for client

Now we proceed to create the certificate and key for client. It is exactly the same process as above and make sure that there also you give a unique common name. You can create as many keys as there are clients for the server.

./build-key client1

Here I am generating the certificate for the client named client1.Give the common name and proceed as you did in server certificate. A sample certificate generation is pasted below.

=============================

-bash-3.1# ./build-key client1
Generating a 1024 bit RSA private key
…………..++++++
………………………………………………..++++++
writing new private key to ‘client1.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [SanFrancisco]:
Organization Name (eg, company) [Fort-Funston]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) [client1]:client1
Email Address [test@test.com]:

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/2.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName           RINTABLE:’US’
stateOrProvinceName   RINTABLE:’CA’
localityName          RINTABLE:’SanFrancisco’
organizationName      RINTABLE:’Fort-Funston’
commonName            RINTABLE:’dkp1′
emailAddress          :IA5STRING:’test@test.com’
Certificate is to be certified until Jul 1 04:02:10 2018 GMT (3650 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Database Updated

==========================

Generate Diffie Hellman parameters

Next we proceed to generate the Diffie Hellman parameters. Diffie-Hellman (D-H) is a public key algorithm used for producing a shared secret key.

The script for genreating D-H parameters is ./build-dh

========================

-bash-3.1# ./build-dh
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
…………………………….+……….++*++*++*

=========================

Configuring the Open VPN client
——————————–
Upload the ca.crt, client1.crt and client1.key to the client machine.

Now that the client and server side configurations are over, we shall proceed with editing the configration files, which is the most important part.

Creating configuration files for server and clients
—————————————————-
Server configuration file
————————–
Sample configuration files will be available at /usr/share/doc/openvpn-2.1/sample-config-files. The server.conf is the server configuration file and you can copy it to /etc/openvpn and modify as needed.

cp /usr/share/doc/openvpn-2.1/sample-config-files/server.conf /etc/openvpn

A sample configuration file is given below. The fields which you need to edit are the ones which have been explained with a # mark to the right.

=========================

port 1194
proto tcp
dev tun
ca keys/ca.crt             # path to the CA.crt file
cert keys/server.crt           # path to the server certificate
key keys/server.key        # path to the server key file
dh keys/dh1024.pem        # path to the generated D-H parameters
mode server            # implements multi-client server capability
tls-server
tls-cipher DHE-RSA-AES256-SHA
server 192.168.1.0 255.255.255.0 # here give the private network address in the server and its mask.
client-config-dir ccd
#########
######### Put your Public DNS Servers here
#########
#push “dhcp-option DNS 210.80.150.4″
#push “dhcp-option DNS 202.155.174.4″
push “route 192.168.1.0 255.255.255.0″   # The OpenVPN server can push routes, DNS server IP addresses and other configuration details to the clients.

ifconfig-pool-persist ipp.txt
push “redirect-gateway”
keepalive 10 120
comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 3

========================

Once the configuration is over, create the file ipp.txt which contains the client IP addresses list.

cd /etc/openvpn
touch ipp.txt

A sample ipp.txt file is as follows.

-bash-3.1# cat ipp.txt
test1.com.client,192.168.1.4

Next, touch a file for the logs.

touch server-tcp.log

Client configuration file

Once the server and client side configurations are over, we can start the open vpn server.

/etc/rc.d/init.d/openvpn start

Configuration at Client Side
—————————-
For client side configuration if you are using a windows machine, you first need to download the openvpn client from http://openvpn.se/download.html. Once the VPN client is installed, you need to copy a few files from the server to your client machine, here is the list, located in /etc/openvpn/keys/

The list of files that are to be copied to the client machine is given below.

ca.crt
client1.csr
client1.key
client1.crt

Put these files in the folder C:\Program Files\OpenVPN\config.

Now you need to edit the client config file (client.ovpn) . A sample configuration file will look like the following.
===================================================================
client

dev tap080
proto tcp

#Change my.publicdomain.com to your public domain or IP address
remote 122.252.12.43 1194
resolv-retry infinite
nobind
persist-key
persist-tun
#tls-client
#tls-cipher DHE-RSA-AES256-SHA
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
push “redirect-gateway”
comp-lzo
verb 3
===================================================================

Add the IP address of the server to your configuration file. (remote 122.252.12.43 1194) where 1194 is the port for openvpn.

Then click on Open VPN GUI from the start button. This will open an Open VPN session in the task bar from where you can right click and select the connect button to connect to the server using OpenVPN.

Thanks Sanil for this very detailed tutorial!

Tags: linux, security, server-administration, vpn, vps, xen

No Comments

Filed under: Uncategorized by — aaron @ 1:19 am

August 28, 2008

Reset lxadmin password

To reset the LXADMIN password, do the following steps:

1. First you want to restart lxadmin service from the back end.

/etc/init.d/lxadmin restart

2. Now go to the password reset page, and give the new password. Click update all.

If LXADMIN is not restarted before changing the password, it won’t get reset.

Tags: hypervm, linux, lxadmin, server-administration

No Comments

Filed under: Uncategorized by — aaron @ 8:59 pm

August 28, 2008

Swap memory not coming on in Xen VPS

Sometimes swap memory is not detected when a Xen VPS starts, and can be fixed by doing the following.

After logging into the VDS, check the entries in /etc/fstab/. If swap entry is there, then use the command “swapon -a” and then use the “mount -a” command.

If swap entry is not present in /etc/fstab, add that first.
==================
/dev/sda2 swap swap defaults 0 0
==================

After that, apply the above commands.

Tags: linux, server-administration, vps, xen

No Comments

Filed under: Uncategorized by — aaron @ 8:54 pm

Tag Cloud