Hacking for Knowledge
by Jerry
Installing a desktop version of Ubuntu requires little skill these days as the "Live" distribution is available everywhere and installs without much thought. This actually cheats you the user by not allowing you to understand the inner workings of the system.
This changes, however, if the job requires a server install.
Servers have a set of hardware/software requirements differing for the consumer grade desktop/laptop installations. The most common change will be two Network Interface Cards (NIC). Additionally, the BIOS may be compatible, but in some server hardware, the BIOS may not be compatible.
This brings us to RTFM (Read The Fin' Manual). Do your homework, verify the BIOS compatibility, video, audio, NIC, RAM, and hard drive.
The Phoenix Project II
In 32:1, "Hacking for Knowledge", I wrote of a SuperMicro rack server that arrived with a valid copy of Microsoft Server 2003, installed, complete with C.O.A. attached to the lid.
In its previous life, it served faithfully as a FTP server in an electronics lab, complete with in-house proxy server, virtual server instances, virtual NICs, and all of the installation software. Faithful readers will already have that issue on the shelf. $50 USD for the server: well spent.
Phoenix Project II is a complete Ubuntu server installation. Due diligence requires a boot into the BIOS, collecting information on BIOS version, CPU, chip set, video, and RAM. The good news: Intel supplies many server boards for industry, and the majority of drivers available work just fine.
Servers do not require high end video, so "Standard VGA" is the default. Servers do not require audio, so you only need a beep speaker, however the high-end video/audio drivers will load during the install if the hardware exists.
This SuperMicro rack has an Intel Celeron 2.4 GHz, (Single Core 32-bit) 2 GB DDR2 @ 533 MHz un-buffered RAM, two Broadcom NetXtreme gigabyte NICs, 80 GB SATA hard drive, pretty basic stuff.
This small rack mount server is perfect for testing the Ubuntu server software. More and more IT departments are leaving Micro$oft Server for Linux.
Most servers are sitting idle most of the work day, supplying requested data, providing data storage, logging on users, providing Internet access. These tasks are not difficult and many Small Medium Business (SMB) servers are specified with an entry level hardware set.
Two NICs allow the server to connect to the Internet on one and serve the local network on the other. This prevents users from connecting to the Internet without logging onto the server as a security measure. However, you may set the server up to simply store and retrieve data, if it's inside the domain. In this case, you can use the second NIC for a different department, preventing "browsing" by curious users. Try to use the KISS principle: Keep It Simple, Stupid.
With a minimum list of users, you may just assign passwords and allow access. However, the best practice is to create "groups" and then assign any new user to that group.
You set the group policy to allow read/write/copy permissions as mandated by management. Joining the group allows the user to have all of the rights of that group. The expression is "Manage groups, not users."
The reference is here: askubuntu.com/questions/66718/how-to-manage-users-and-groups
The server install CD/USB stick allows you to install Ubuntu permanently on a computer for use as a server.
There are two ISO images available, each for a different type of computer:
PC (Intel x86) Server Install CD - For almost all PCs. This includes most machines with Intel/AMD processors and almost all computers that run Microsoft Windows, as well as newer Apple Macintosh systems based on Intel processors. Choose this if you are at all unsure.
64-bit PC (AMD64) Server Install CD - Choose this to take full advantage of computers based on the AMD64 or EM64T architecture (e.g., Athlon64, Opteron, EM64T Xeon, Core 2). If you have a non-64-bit processor made by AMD, or if you need full support for 32-bit code, use the Intel x86 images instead.
The link is here: www.ubuntu.com/download/server and here: www.ubuntu.com/download/alternative-downloads.
A typical install is to replace an aging "small business server" that is no longer supported by Micro$oft. This will allow the small business to control Internet access, send and receive email, permit directory shares, and perform other needed services.
An SMB server inside the local domain may not need the same services as an "Internet server," such as the full LAMP stack (Linux, Apache, MySQL, PHP).
However, the link is here if needed: www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu and the Wiki link: wikipedia.org/wiki/LAMP_(software_bundle).
Having verified the version of server OS that will install, proceed with the first boot. The Ubuntu Server Guide is here: help.ubuntu.com/lts/serverguide.
Again, RTFM.
Here comes the "Copy Pasta."
List of Features
Ubuntu Business Box Server Features Software Server Operating System..........................Ubuntu 12.04 LTS Network Firewall.................................ufw* DNS Server.......................................dnsmasq DHCP Server......................................ISC DHCP Internet sharing with proxy and cache control ...Squid, Sarg including reporting and user access control Anti-Virus and Anti-Spam.........................ClamAV, AMaViS, SpamAssassin Groupware Email, Contacts, Calendar, Webmail,....SOGo* with native Microsoft Outlook compatibility and mobile device support Instant Messaging, VOIP and Video Chat Server....Openfire, Spark* Shared Printers and Files........................Samba Webserver........................................Apache* FTP Server.......................................ProFTP* Database Server..................................MySQL* VPN..............................................LogMeIn, Hamachi, Haguichi* Virtualization Support...........................Oracle VM VirtualBox* Network Backup...................................RAID1 NAS* Cloud Backup.....................................Ubuntu One* Remote Desktop Administration....................X11vnc* Remote Web Administration........................Webmin |
Install Operating System - Ubuntu 12.04 LTS
Download Ubuntu 12.04 LTS 32-bit or 64-bit, Server or Desktop edition. This guide is based on the desktop installation for users not comfortable with command line only.
Create a bootable USB stick or CD and boot your server computer with the installation as explained on the Ubuntu site.
Once you have booted your computer from the Ubuntu installation USB stick or CD, you should see the installation screens below.
Follow the instructions and adapt as required.
Encrypting the home folder step is optional but provides an added level of security.
Set Hostname (FQDN)
Select a Fully Qualified Domain Name (FQDN) for your server.
We will be using ubb01.mydomain.local as our FQDN example in the instructions.
Add the name and IP to your /etc/hosts file as shown below and save the file:
$ sudo gedit /etc/hosts |
Then change the hostname file by opening a terminal window and entering:
$ sudo su # echo "ubb01.mydomain.local" > /etc/hostname # service hostname restart # exit |
Configure Network Interfaces
Ubuntu has very good reasons why it prefers we do not do this - but this needs to be done at some point or someone else will. Open a terminal window and enter the following:
$ sudo gedit /etc/network/interfaces |
Replace the content of the file with the following and save:
# The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address 192.168.0.2 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1 dns-nameservers 192.168.0.1, 8.8.8.8 # iptable rules post-up iptables-restore < /etc/iptables.up.rules # The secondary network interface internal auto eth1 iface eth1 inet static address 192.168.1.2 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 |
Edit the DNS Configuration - dnsmasq
Install dnsmasq. Open a terminal and enter:
$ sudo apt-get install dnsmasq |
Edit the dnsmasq configuration file by opening a terminal window and entering:
$ sudo gedit /etc/dnsmasq.conf |
Replace the content of the file with the following and save:
# DNS Settings server=/localnet/192.168.0.2 server=/#/192.168.0.1 server=/#/8.8.8.8 server=/#/8.8.4.4 # Domain Name domain=mydomain.local # Server DNS settings... this is required as the server itself will # not be obtaining its IP address via DHCP and therefore would # not be automatically added to the DNS records for forward/reverse # DNS queries as required by Kerberos ptr-record=2.0.168.192.in-addr.arpa.,"ubb01.mydomain.local" address=/ubb01.mydomain.local/192.168.0.2 |
The setup requires that you have your Internet router with a fixed IP address of 192.168.0.1 connected to your LAN adapter #1 (eth0) port with a DNS name server running on the router providing Internet access.
Your outward facing connection is LAN adapter #1 (eth0) with IP: 192.168.0.2
Your inward facing connection is LAN adapter #2 (eth1) with IP: 192.168.1.2
Normally, management types are reluctant to allow full-range testing on new server installs due to artificial "budgets." This often is a mistake.
Sadly, the IT department will be blamed for any screw-ups regardless.
"Best practice," install the server and test as long as you can. Work the bugs out. Install as a VM, sharing hardware with another system if possible. Document any and all configuration parameters. Establish a local domain separate from your working system. Test it again.
The Phoenix Project III will cover groups and users, and establishing a "Private Cloud."
Stay tuned, don't touch that dial, same time same station.