Computers

Environment and network

Overall configuration

My home network is combination of lan and wlan. In practice the servers are lan connected to wireless router and the clients are on wlan. Lan speed is the ordinary 100MBits. Total number of computers in the network is 6-8.

Security conciderations

Wlan is security enabled on both mac and IP level so this makes intrusion a bit more difficult. Wan connection is on ADSL where I have separate modem and router, both running NAT and firewall making intrusion on other but open ports pactically impossible. If you are interested of tips and hints pls contact me, however I do not intend to reveal the actual configuration I have used.

Hardware

Hardware is a collection of old junk based on Intel compatibles. I have two servers in the network that make data redundancy. Both servers have RAID 1 (mirroring) of 300GB disks. Server 1 has 512MB memory, Pentium III 500MHz processor and special IDE raid card. Server 2 has 1 GB memory, a 64bit Sempron 2800MHz processor and integrated nvidia controller that can run fakeraid.
Server 1

Component Description
Processor AMD 5200GHz/DualCore 64bit
Main board

Asus M2N, Sata, 1GB eth

Memory 2GB, (2+2GB swap)
Hard Disks  2 times 1TB

The Complete Ubuntu 12.04 Server for home or small office

Basics and assumptions

It is assumed that basic linux knowledge exists; reader is familiar with text editors like vi(m), nano, gedit.

The target of the installation is to provide complete functionality for small office, capacity considerations have second priority. The server needs to support both Windows and Unix domains and network file systems. Based on these the following sw will be configured:

  • ssh server (for text based access, mainly for maintenance operations)
  • x11vnc  (for GUI based access, mainly for maintenance operations)

Basic system setup 

  • Obtain Ubuntu 12.04 LTS Desktop, amd64bit, software package and
    install that into memory stick. There are many instructions in net, here
    is one: http://www.psychocats.net/ubuntu/usb
  • Connect the created USB stick and boot the system. Select your
    location and lanquage as requested. Select name for your server and
    manage connectivity to internet. In my configuration I have a
    firewall/router that does dhcp so IP address and basic nameserver comes
    automatically (for internet). We will install bind later for local net
    purposes
  • specific step : disk layout
    • I have two identical disks in purpose. There are 2 root partitions
      (of which one is active), 2 swap partitions (same priority for
      performance reasons), 2 software raid partitions, home and crucial data,
      the rest of the disks are normal data partitions.
    • 2 root partitions, assume /dev/sda1 and /dev/sdb1 : create them
      during install as ext4, 15GB, format and assign "/" to sda1. Do the same
      for sdb1 but leave that unused at this stage. Later, this partition
      will be used also for root system; whenever a good and working
      configuration is reached it will be backed up, copied to other partition
      and thereafer either sda1 or sdb1 will contain good working system, the
      other one can be worked towards next configuration level and in case of
      major problems it is easy to revert back to known state. I will come
      back to these later.
    • 2 swap partitions, assume /dev/sda2 and /dev/sdb2 : create them
      during install as "swap", 2GB or at least half of the intended ram size
    • 2 home partitions, assume /dev/sda3 and /dev/sdb3 : create them
      during install as ext4. Size depends on the amount of users, I have 10GB
      for each so 50GB in total, format and leave unassigned. These will be
      installed as raid 1 usign mdadm.
    • On both disks create extended partition for the rest, sda4 and sdb4
    • 2 critical data partitions, assume /dev/sda5 and /dev/sdb5 :
      create them during
      install as ext4. Size depends on the data amount, I have 150GB, format
      and leave unassigned. These will be installed as raid 1 usign mdadm.
    • On both disks create, create partitions for the rest, sda6 and sdb6
    • In summary: during installation the sw goes to sda1 and swap
      partitions become active - the rest are there for further configuration
      purposes. Let them be for time being
    • Boot the installed system and make it sure it works before continuing

SSH, x11vnc, mdadm, grub, synaptic

  • Open "Ubuntu Software Center" and install
    • ssh: basic text based terminal access for maintenance purposes. No additional configuration is needed, should work after installation
    • remote desktop: I'd prefer vnc type gui. In this specific case I want
      that when accessed from client the server responds with graphical login
      screen on which approriate user can be selected

      • xinetd : either using with software center (search xinetd) or
        with text terminal (issue command > sudo apt-get install xinetd)
      • x11vnc: same as above, replace xinetd with x11vnc. Further configuration steps:
        • create file ">sudo nano /etc/xinetd.d/x11vnc" and edit it with following content:
        • service x11vnc
          {
          type = UNLISTED
          disable = no
          socket_type = stream
          protocol = tcp
          wait = no
          user = root
          server = /usr/bin/x11vnc
          server_args = -inetd -o /var/log/x11vnc.log -display :0 -forever -bg
          -rfbauth /etc/vncpasswd -shared -enablehttpproxy -forever -nolookup
          -auth /var/run/lightdm/root/:0 
          port = 5900
          flags = IPv6
          }
        • restart xinetd : ">sudo service xinetd restart"
        • create password for general vnc connections: ">sudo x11vnc -storepasswd YourPassWD /etc/vncpasswd
        • test the connection with other computer / nettools&portscan
    • install mdadm : either via software center or ">sudo apt-get install mdadm"
      • create raid 1's : ">sudo mdadm --create /dev/md0 level=1 raid-devices=2 /devsda3 /dev/sdb3"(for /home - directories)
      • and  : ">sudo mdadm --create /dev/md1 level=1 raid-devices=2 /devsda5 /dev/sdb5" (for critical data)
      • mount them to see that they are working ok
        • ">sudo mount /dev/md0 /mnt"
        • should be ok and content empty
        • ">sudo umount /mnt"
        • and the same for md1
      • take them in use
        • create mount-point for md1 (data) e.g.
        • ">sudo mkdir /db/; sudo mkdir /db/data"
        • edit your /etc/fstabto contain entries for md0 and md1 e.g.
          • # /etc/fstab: static file system information.
            #
            # Use 'blkid' to print the universally unique identifier for a
            # device; this may be used with UUID= as a more robust way to name devices
            # that works even if disks are added and removed. See fstab(5).
            #
            # <file system>                                                                    <mount point>   <type>  <options>                          <dump>  <pass>
            proc                                                                                       /proc                    proc      nodev,noexec,nosuid      0               0
            # / was on /dev/sdb1 during installation
            UUID=f8d4b1d6-76c1-4211-8807-6fbb816d7464      /                            ext4      errors=remount-ro            0               1
            # swap was on /dev/sdb2 during installation
            UUID=ffc39d64-3b80-43f0-a701-8627274305bf       none                     swap    sw,pri=1                              0               0
            # swap was on /dev/sdc2 during installation
            UUID=e1a0c02d-b3ac-48ee-b81c-0c71d298f965    none                     swap    sw,pri=1                              0               0
            /dev/fd0                                                                                /media/floppy0   auto      rw,user,noauto,exec,utf8 0               0
            UUID=5dce29cb-9c9d-4686-93ac-3507ee666e96   /home                   ext4      relatime                              0               2
            UUID=dbcde421-bfe7-4bc4-9ccf-1d7936020410      /db/data               ext4      relatime                              0               2
          • the 2 last UUID entries are md0 and md1 respectively. One could use /dev/md0 and /dev/md1 instead but UUID notation is suggested. UUIDs can be found with ">ls -la /dev/disk/by-uuid/" and looking for correct entry
        • In your /home directory there is "administrator", take backup
        • ">sudo tar -cvzpf /home_adm.tar.bz2 /home/*"
        • take root mode ">sudo su"
        • clean home-dir before mount e.g. ">cd /home; rm -rf *"
        • mount raid disks in place e.g. ">mount -a"
        • look that they exists in listing ">df"
          • administrator@fs2:~$ df
            Filesystem     1K-blocks    Used Available Use% Mounted on
            /dev/sda1       14421344 3223668  10465116  24% /
            udev             1015956       4   1015952   1% /dev
            tmpfs             410192     868    409324   1% /run
            none                5120       0      5120   0% /run/lock
            none             1025480     152   1025328   1% /run/shm
            /dev/md0        46449868  244528  43845800   1% /home
            /dev/md1       139341536 4996072 127267232   4% /db/data
        • almost done, copy adminitrator back in place ">cd /; sudo tar -xpzvf /home_adm.tar.bz2 /home/"
        • look that admin directory appeared as it should ">ls -la /home"
        • done
    • install "synaptic" : either via software center or ">sudo apt-get install synaptic". Ok, there are several ways to deal the issue. As time goes you'll get several kernel updates which each take ~200MB. Synaptic is ok for doing that manually.
    • time for 1st backup. As you have /db/data mounted, create directory /db/data/backup and then issue command
      • ">cd /; sudo tar -cvjpf /db/data/backup/YourBackupDescriptiveName.tar.bz2 --exclude=/db --exclude=/home --exclude=/sys --exclude=/dev --exclude=/proc /*"
    • Then, time for 1st dumping of the backup (to the 2nd root disk)
      • create target directory where second root will be mapped e.g. ">sudo mkdir /target"
      • mount that ">sudo mount /dev/sdb1 /target"
      • and expand backup ">sudo tar -xvjpf /db/data/backup/YourBackupDescriptiveName.tar.bz2 /target"
      • Once ready create the missing directories ">sudo mkdir /target/dev;sudo mkdir /target/proc;sudo mkdir /target/sys;sudo mkdir /target/home;sudo mkdir /target/db;sudo mkdir /target/db/data;"
      • mount the directories : "sudo mount --bind /dev /tarrget/dev; sudo mount -t sysfs /sys /target/sys; sudo mount -t proc /proc /target/proc"
      • edit /target/etc/fstab so that entry to /dev/sda1 (or respective UUID) refers to sdb1
      • time to test the second system : ">sudo chroot/target"
      • after testing the second system exit that and update grub on active (main) system : ">sudo update-grub"; at this stage grub should automatically detect the second system which is there on second partition in case you mess up the primary one.
  • Now the basic system is ready for additional tuning steps. As stated if (when) your tuning goes wild it is relatively easy to get back on known state; just reboot and select the alternative system and repeat the steps above to get the system fixed. Once you get a new feature tuned into just create a new backup and update your backup system. Simple!

Basic system setup