From the category archives:

How to

How to Keep Alive SSH Sessions

February 7, 2010

Many NAT firewalls time out idle sessions after a certain period of time to keep their trunks clean. Sometimes the interval between session drops is 24 hours, but on many commodity firewalls, connections are killed after as little as 300 seconds. To avoid having your SSH sessions become unresponsive after e.g. 5 minutes, do the following:

On Windows (PuTTY)

In your session properties, go to Connection and under Sending of null packets to keep session active, set Seconds between keepalives (0 to turn off) to e.g. 300 (5 minutes).

On Linux (ssh)

To enable the keep alive system-wide (root access required), edit /etc/ssh/ssh_config; to set the settings for just your user, edit ~/.ssh/config (create the file if it doesn’t exist). Insert the following:

Host *
    ServerAliveInterval 300
    ServerAliveCountMax 2

You can also make your OpenSSH server keep alive all connections with clients by adding the following to /etc/ssh/sshd_config:

ServerAliveInterval 300
ServerAliveCountMax 2

These settings will make the SSH client or server send a null packet to the other side every 300 seconds (5 minutes), and give up if it doesn’t receive any response after 2 tries, at which point the connection is likely to have been discarded anyway.

From the ssh_config man page:

ServerAliveCountMax
Sets the number of server alive messages (see below) which may be sent without ssh(1) receiving any messages back from the server. If this threshold is reached while server alive messages are being sent, ssh will disconnect from the server, terminating the session. It is important to note that the use of server alive messages is very different from TCPKeepAlive (below). The server alive messages are sent through the encrypted channel and therefore will not be spoofable. The TCP keepalive option enabled by TCPKeepAlive is spoofable. The server alive mechanism is valuable when the client or server depend on knowing when a connection has become inactive.

The default value is 3. If, for example, ServerAliveInterval (see below) is set to 15 and ServerAliveCountMax is left at the default, if the server becomes unresponsive, ssh will disconnect after approximately 45 seconds. This option applies to protocol version 2 only; in protocol version 1 there is no mechanism to request a response from the server to the server alive messages, so disconnection is the responsibility of the TCP stack.

ServerAliveInterval
Sets a timeout interval in seconds after which if no data has been received from the server, ssh(1) will send a message through the encrypted channel to request a response from the server. The default is 0, indicating that these messages will not be sent to the server, or 300 if the BatchMode option is set. This option applies to protocol version 2 only. ProtocolKeepAlives and SetupTimeOut are Debian-specific compatibility aliases for this option.

Lowering Gaming Mouse Sensitivity in Ubuntu 9.10

February 4, 2010

in Gadgets, How to, Linux

I have a Razer Deathadder. It’s a nice mouse. In Ubuntu, though, its polling rates are through the roof and the mouse is pretty much unusable, even with GNOME’s mouse sensitivity and acceleration settings at their lowest. Previously, this could be fixed by tweaking the mouse section of your X.Org configuration file, /etc/X11/xorg.conf, but in recent versions, a different measure is needed, as most devices are managed via HAL. Here’s how I regained my sanity and mouse slowness. The fix should work for any high-end mouse.

Open a terminal
Run the command: hal-device

In the output, locate the mouse’s hex format vendor and product ID’s as highlighted below:

82: udi = '/org/freedesktop/Hal/devices/usb_device_1532_7_noserial_if0'
  linux.hotplug_type = 2  (0x2)  (int)
  linux.subsystem = 'usb'  (string)
  info.linux.driver = 'usbhid'  (string)
  info.subsystem = 'usb'  (string)
  info.product = 'USB HID Interface'  (string)
  info.udi = '/org/freedesktop/Hal/devices/usb_device_1532_7_noserial_if0'  (string)
  usb.linux.sysfs_path = '/sys/devices/pci0000:00/0000:00:1d.2/usb8/8-2/8-2:1.0'  (string)
  usb.configuration_value = 1  (0x1)  (int)
  usb.num_configurations = 1  (0x1)  (int)
  usb.num_interfaces = 1  (0x1)  (int)
  usb.device_class = 0  (0x0)  (int)
  usb.device_subclass = 0  (0x0)  (int)
  usb.device_protocol = 0  (0x0)  (int)
  usb.product_id = 7  (0x7)  (int)
  usb.vendor_id = 5426  (0x1532)  (int)
  usb.product = 'USB HID Interface'  (string)
  usb.vendor = 'Razer USA, Ltd'  (string)
  usb.num_ports = 0  (0x0)  (int)
  usb.max_power = 100  (0x64)  (int)
  usb.device_revision_bcd = 256  (0x100)  (int)
  usb.is_self_powered = false  (bool)
  usb.can_wake_up = true  (bool)
  usb.bus_number = 8  (0x8)  (int)
  usb.speed = 12  (double)
  usb.version = 2  (double)
  linux.sysfs_path = '/sys/devices/pci0000:00/0000:00:1d.2/usb8/8-2/8-2:1.0'  (string)
  info.parent = '/org/freedesktop/Hal/devices/usb_device_1532_7_noserial'  (string)
  usb.interface.number = 0  (0x0)  (int)
  usb.linux.device_number = 3  (0x3)  (int)
  usb.interface.subclass = 1  (0x1)  (int)
  usb.interface.class = 3  (0x3)  (int)
  usb.interface.protocol = 2  (0x2)  (int)

In this case, my Product ID is 0×7 and my Vendor ID is 0×1532. Note that there can be more than one section containing the name of your mouse or its manufacturer — if you can’t find the product and vendor ID, look further down.

Edit the HAL policy file for input devices: sudo nano -w /etc/hal/fdi/policy/10-x11-input.fdi
Insert the following text:

<?xml version="1.0" encoding="UTF-8"?>
<deviceinfo version="0.2">
  <device>
    <match key="@input.originating_device:usb.vendor_id" int="0x1532">
      <match key="@input.originating_device:usb.product_id" int="0x7">
        <merge key="input.x11_options.ConstantDeceleration" type="string">5</merge>
      </match>
    </match>
  </device>
</deviceinfo>

Adjust your vendor_id and product_id to match what you noted down before. If the file is empty or doesn’t exist, don’t worry. If it already exists, omit the first line about xml.

Hit Ctrl + X, then Y to save the file and exit nano
Restart hald: sudo service hald restart
Restart X.Org (log out or reboot your computer)

That’s it! The “ConstantDeceleration” setting in /etc/hal/fdi/policy/10-x11-input.fdi is what does the trick. When set to a value of 5, the sensitivity will essentially be divided by 5. Oh, sweet sanity.

How To Set Up Simple SSH Tunneling

January 25, 2010

in How to, Linux, Security, Windows

By far the easiest way to set up a simple connection proxy is to use the SSH tunneling feature of either PuTTY on Windows or SSH on Linux. This lets you establish connections to servers and ports that you might not be able to access (e.g. from work), as long as you can connect to your server’s SSH service (e.g. myserver.com port 22). This might be for privacy reasons, to connect to MSN from work, to browse a blocked website, et cetera.

On Windows Machines

Download and open PuTTY
In the fields ‘Address’ and ‘Port’, enter the address and port for your SSH server
Go to ‘Connection’ -> ‘SSH’ -> ‘Tunnels’ on the left-hand side
In ‘Source port’, enter 31337, then click the button ‘Dynamic’ and then ‘Add’
Go back to the main ‘Session’ screen
In the ‘Saved Sessions’ text box, enter e.g. “My Shell” and click ‘Save’
Double-click “My Shell” to establish a connection, then log in to your shell
In any application that supports connecting through a proxy, set the following settings:
- Proxy Type: SOCKS 5
- Proxy Server: 127.0.0.1
- Proxy Port: 31337

You can also set these as your global proxy settings in Windows (via ‘Control Panel’ -> ‘Internet Properties’ -> ‘Connections’ -> ‘LAN settings’ -> “Use a proxy server for your LAN” -> ‘Advanced’ -> ‘Socks’: 127.0.0.1:31337. This will cause most applications to connect through the SSH tunnel to your server.

In the future, just open PuTTY and double-click “My Shell” to open your shell and activate the SSH tunneling.

On Linux Machines

Open a terminal
Enter e.g.: ssh -D31337 myuser@myserver.com -N
Log in to your shell
In any application that supports connecting through a proxy, set the following settings:
- Proxy Type: SOCKS 5
- Proxy Server: 127.0.0.1
- Proxy Port: 31337

Alternatively, enter e.g.: ssh -L 31337:patrickmylund.com:80 myuser@myserver.com -N. Here, you specify the target host and port before-hand; the result is that all connections to 127.0.0.1 port 31337 will be tunneled through your server, myserver.com, using your username, myuser, to the target machine, patrickmylund.com, port 80.

The SSH tunnel will stay active until you close the terminal window or hit CTRL+C (Linux), or close PuTTY (Windows).

Quick Start Guide to Infrastructure Monitoring with Nagios

August 9, 2009

in How to, Linux, Tools

Staying ahead of IT service issues can be frustrating when you manage several servers, or even a single server with many services. Enterprise IT Infrastructure Monitoring Solutions (a fancy term for something that is really pretty simple) attempt to remedy the problem by repeatedly checking the status of machines and services on the network and alerting the responsible administrators as soon as something goes wrong, or even before there’s a problem.

It’s hard to argue against implementing a monitoring solution within the network, as it is much a setup-and-forget matter that adds negligible load. The monitoring solution itself is — or at least, should be — very low maintenance, yet provides very valuable insight into the health of the network.

Introducing Nagios

Nagios is an infrastructure monitoring solution that is both popular and open source. Apart from its obvious monitoring capabilities, it includes the ability to associate an event handler to an event, allowing you to fix a problem automatically. If — for example — one of your Python applications crashes, you can have Nagios do python /opt/myapp/myapp.py automatically, before any human administrators have the time to do so. Other features include the ability to create many kinds of reports, and to send notifications and alerts via email and SMS.

Nagios' web interface

Nagios is based primarily on C and shell scripts, which makes it light on performance but adds a slightly ‘hackish’ feel. It comes with a CGI-based web interface (which we’ll spice up a bit) that lets you view and manage Nagios, through what are known as External Commands.

I’d like to demonstrate how to set up rudimentary Nagios monitoring on a small farm of Linux servers, with an Ubuntu/Debian server running the primary Nagios process. In the end, we’ll be monitoring the states of various services on the servers, including the ones seen in the screenshot above (Apache processes, APT, Current Load, Current Users, Disk Space, Dovecot, FTP, HTTP, MySQL, SMTP, SSH, Swap, Total Processes, and Zombie Processes). We will also receive notifications by email whenever something goes wrong:

Nagios Email Notification

Please note that this guide is meant to get you up and running quickly, and that it’s not a substitute for the official Nagios documentation. If you want to know what all of the different configuration options do (or can do), please consult the (excellent) documentation.

Setting Up The Nagios Server

The steps in this section should just be done on the main Nagios server, not the clients it will be monitoring. We’ll get to those later!

This procedure should be quite similar on other distributions if you use their package managers (yum, yast, urpmi, etc.) or install Nagios from source, but no guarantees.

Let’s become root so we don’t have to prepend sudo to everything:
```
sudo -s
```
If you want to make use of Nagios’ web interface and Apache isn’t already installed:
```
aptitude install apache2
```
It’s entirely possible to use something like nginx or lighttpd to serve the interface, but that is not covered in this guide.

Install Nagios from the package repositories:

aptitude install nagios3 nagios-nrpe-plugin

Nagios should be accessible at http://nameofnagiosserver/nagios3 already! We still have some configuration to do, though.

Stop Nagios:
```
/etc/init.d/nagios3 stop
```
Add a new user for the web interface, e.g. patrick. The default configuration grants all security permissions to the user nagiosadmin, but we’ll change that to the name of the new user, too:
```
htpasswd -c /etc/nagios3/htpasswd.users patrick
perl -p -i -e "s/nagiosadmin/patrick/g" /etc/nagios3/cgi.cfg
```

The perl command above replaces all occurrences of nagiosadmin with patrick in the file /etc/nagios3/cgi.cfg.

The users listed in /etc/nagios3/cgi.cfg are effectively global administrators. For regular users, you can still add them as users with htpasswd, but assign privileges by making them Contacts for certain hosts or hostgroups, instead. We’ll get to this later!

If you want to add more user accounts for the web interface:
```
htpasswd /etc/nagios3/htpasswd.users john
```
And if you want to give them superuser privileges:
```
perl -p -i -e "s/patrick/patrick, john/g" /etc/nagios3/cgi.cfg
```
Go through /etc/nagios3/cgi.cfg manually to see what the different security options do, and to grant more fine-grained privileges to other administrators.
Edit /etc/nagios3/nagios.cfg and change check_external_commands=0 to 1 to allow monitoring commands to be issued through the web interface

On Debian/Ubuntu, run the following commands after setting check_external_commands=1:

dpkg-statoverride --update --add nagios www-data 2710 /var/lib/nagios3/rw
dpkg-statoverride --update --add nagios nagios 751 /var/lib/nagios3

Edit /etc/nagios3/conf.d/contacts_nagios2.cfg to match your preferences. Example:

define contact{
        contact_name                    patrick
        alias                           Patrick Mylund
        service_notification_period     24x7
        host_notification_period        24x7
        service_notification_options    w,u,c,r
        host_notification_options       d,r
        service_notification_commands   notify-service-by-email
        host_notification_commands      notify-host-by-email
        email                           my@emailaddress.com
        }

And further down:

define contactgroup{
        contactgroup_name       admins
        alias                   Nagios Administrators
        members                 patrick
        }

Make a host definition for a server you want to monitor by creating a matching config file, e.g for the server ‘tranquillity’, nano -w /etc/nagios3/conf.d/tranquillity_nagios2.cfg, then insert a declaration. Example:
```
define host{
        use                     generic-host            ; Name of host template to use
        host_name               tranquillity
        alias                   PatrickMylund.com Web Server
        address                 209.20.82.6
        }
```
You can put all of your host definitions in one file if you want, e.g. datacenter1_nagios2.cfg — just remember the _nagios2.cfg at the end of the file name, which is what tells Nagios to load that file (and in the proper format).
Repeat the step above to add a host definition for each server you want to monitor

Move some standard configs to make room for our configured ones:

mv /etc/nagios3/conf.d/localhost_nagios2.cfg /etc/nagios3/conf.d/localhost_nagios2.cfg.old
mv /etc/nagios3/conf.d/services_nagios2.cfg /etc/nagios3/conf.d/services_nagios2.cfg.old
wget http://patrickmylund.com/files/misc/1202-nagios_quickstart/services_nagios2.cfg -O /etc/nagios3/conf.d/services_nagios2.cfg

Edit /etc/nagios3/conf.d/hostgroups_nagios2.cfg. List which hosts (comma-separated) should belong to which groups (debian-servers, http-servers, ssh-servers, and ping-servers), and add some extra hostgroups: db-server, ftp-servers, and mail-servers:

define hostgroup {
        hostgroup_name  db-servers
                alias           Database servers
                members         tranquillity, singularity
        }
 
define hostgroup {
        hostgroup_name  ftp-servers
                alias           FTP servers
                members         tranquillity, singularity
        }
 
define hostgroup {
        hostgroup_name  mail-servers
                alias           IMAPS/SMTP servers
                members         tranquillity
        }

You can see which services are associated with which hostgroups by looking in /etc/nagios3/conf.d/services_nagios2.cfg.

We’re done with the Nagios server for now. Let’s look at the settings for the Linux servers we want to monitor.

Configuring Monitored Clients

The steps in this section should be done on each Linux host that you want to monitor.

Again, let’s become root:
```
sudo -s
```
Install Nagios’ NRPE module:
```
aptitude install nagios-nrpe-server
```
Installing the NRPE module is optional, but you won’t be able to run any of Nagios’ scripts directly on the target client if you do not. This is necessary for monitoring system stats, and generally anything that cannot be probed from the outside over the network (by the main Nagios server).

See the NRPE documentation (PDF) for manual installation instructions, as well as how to get information via SSH (get_by_ssh) instead of NRPE.
Stop NRPE:
```
/etc/init.d/nagios-nrpe-server stop
```
Install a custom nrpe_local.cfg (this will save us some time later):
```
mv /etc/nagios/nrpe_local.cfg /etc/nagios/nrpe_local.cfg.old
wget http://patrickmylund.com/files/misc/1202-nagios_quickstart/nrpe_local.cfg -O /etc/nagios/nrpe_local.cfg
```
Go through /etc/nagios/nrpe_local.cfg to see the list of commands that Nagios will be able to execute on hosts running NRPE. By default, NRPE will only run the commands defined in this configuration file, and without any arbitrary arguments. I strongly recommend you stick to this for security purposes.

On the main Nagios server, all service commands prefixed with check_nrpe_1arg in /etc/nagios3/services_nagios2.cfg are commands defined in /etc/nagios/nrpe_local.cfg on the monitored clients.
Define what hosts are going to be allowed to probe the NRPE module for information (comma-separated). For instance, if the main Nagios server has IP 192.168.1.105:
```
perl -p -i -e "s/127.0.0.1/192.168.1.105/g" /etc/nagios/nrpe_local.cfg
```
If you have a firewall (iptables, ufw, etc.), you need to open for connections on port 5666 on the clients (for NRPE). If the main Nagios server has IP 192.168.1.105, you could do ufw allow proto tcp from 192.168.1.105 to any port 5666, or ufw allow 5666/tcp with Ubuntu’s Uncomplicated Firewall.
Start the NRPE module:
```
/etc/init.d/nagios-nrpe-server start
```

We just about have a basic Nagios setup now!

Testing Nagios

Let’s see if what we’ve set up is working. On the main Nagios server, start the Nagios service:

/etc/init.d/nagios3 start

If all goes well, navigate to e.g. http://192.168.1.105, login with the user credentials you set up earlier, then click on Service Detail in the menu on the left. All of our services will be PENDING, meaning they’ll be checked shortly. You can speed this up by clicking on a service and clicking Re-schedule the next check of this service (this is what is called an External Command).

If any of the service states turn out to be CRITICAL or UNKNOWN, don’t panic — take a look at the different configuration files in /etc/nagios3/conf.d. The settings and commands are pretty straight-forward.

You can find examples of the resulting configuration files in nagios-conf-example.tar.gz. The configs are for a single server (singularity) with the IP address 192.168.2.3.

An Extra Touch

Nagios’ web interface doesn’t look very pretty. We can spice it up a little by changing the CSS. I’ve prepared a modified status.css for your convenience:

mv /etc/nagios3/stylesheets/status.css /etc/nagios3/stylesheets/status.css.old
wget http://patrickmylund.com/files/misc/1202-nagios_quickstart/status.css -O /etc/nagios3/stylesheets/status.css

Now hit F5 in the web interface!

Bear In Mind

The easiest way to monitor the Nagios server itself is to pretend it’s yet another server. Install NRPE, set the connection settings, and add it in the host declarations with the other servers.
The exclamation mark (!) is meant to separate command arguments in Nagios configuration files. For instance, check_nrpe_1arg!check_swap would mean you’re running check_nrpe_1arg with the argument check_swap.
All of the scripts and commands you can issue through Nagios are stand-alone scripts. When configuring Nagios, you can run each command, for instance check_smtp, manually instead of doing tons of trial-and-error with the configuration files:
```
/usr/lib/nagios/plugins/check_smtp -H 192.168.1.105
/usr/lib/nagios/plugins/check_smtp -h
```
All lists in Nagios configuration files are comma-separated.
You can set the contact_groups value on any service, host, or hostgroup declaration. Contact groups are defined in /etc/nagios3/conf.d/contacts_nagios2.cfg. Any person in a contact group that has a user account for the web interface (htpasswd.users) can automatically view any hosts and services associated with it.
Example:
```
define hostgroup {
        hostgroup_name  mail-servers
                alias           IMAPS/SMTP servers
                members         singularity
                contact_groups  mailadmins
        }
```

Again, the best part about what we’ve set up now is that you can go right ahead and forget about it. You’ll receive an e-mail at the contact address specified whenever something is amiss, as well as when it gets better. If I’m right, though, you’ll want to tune your configuration a lot further. We’ve barely touched the surface; Nagios can do much more, and everything is thoroughly documented in the official documentation.

How to Install VMware Tools on Ubuntu Server 8.10

March 26, 2009

in How to, Linux

While installing VMware Tools (3.5.0-123630) on an ESX virtual machine running Ubuntu Server 8.10 (kernel 2.6.27 x64), I ran into a wall trying to compile the vmmemctl and vmhgfs kernel modules. The vmware-config-tools.pl script would throw errors at me when running make:

CC [M] /tmp/vmware-config0/vmmemctl-only/os.o
/tmp/vmware-config0/vmmemctl-only/os.c: In function ‘os_init’:
/tmp/vmware-config0/vmmemctl-only/os.c:590: error: ’struct proc_dir_entry’ has no member named ‘get_info’
make[1]: *** [_module_/tmp/vmware-config0/vmmemctl-only] Error 2
Unable to build the vmmemctl module.

I finally got it working using alternative module sources. Here’s how:

Getting it working

In e.g. VMware Infrastructure Client, right-click the virtual machine and select “Install VMware Tools”, then extract the VMware tools installation package inside the VM:
```
mkdir ~/vmtools
cd ~/vmtools
sudo mount /media/cdrom
tar xfz /media/cdrom/VMwareTools-*.tar.gz
```

Now, grab the latest version of Open Virtual Machine Tools, extract it, and copy over its working kernel module sources. Note that the wget command below may not point to the latest version.

wget http://dfn.dl.sourceforge.net/sourceforge/open-vm-tools/open-vm-tools-2009.03.18-154848.tar.gz
tar xfz open-vm-tools-*.tar.gz
cd open-vm-tools-*/modules/linux
for i in *; do mv ${i} ${i}-only; tar -cf ${i}.tar ${i}-only; done
mv -f *.tar ~/vmtools/vmware-tools-distrib/lib/modules/source/

Finally, grab some dependencies needed for the compilation, and then run the VMware tools installer as you normally would:

sudo aptitude install build-essential linux-headers-`uname -r`
cd ~/vmtools/vmware-tools-distrib
sudo ./vmware-install.pl

The installation should now finish without any problems! When you’re done, you can go ahead and do rm -rf ~/vmtools, or keep the files for deployment on other machines.

How to Use Minilyzer to Find Out Why Windows Crashed

January 24, 2009

in How to, Tools, Windows

You are sitting at your PC, relaxed and minding your own business. Happy. Suddenly and without warning, Windows decides to throw a fit and bombards you with the infamous Blue Screen of Death! You get angry — furious, in fact — and perhaps a little scared. You never got a chance to see what happened at the dreadful moment.

With Minilyzer and Microsoft’s Debugging Tools for Windows, you can easily and quickly figure out what caused a blue screen (or a seemingly spontaneous reboot), by analyzing what is called a Minidump, a file that is created by Windows whenever there is a STOP error (blue screen).

Analyzing the Minidump

Follow the steps below to generate a report containing the details of the blue screen.

Download and install the 32-bit or 64-bit version of Microsoft’s Debugging Tools for Windows. If you are not sure what version to get, get the 32-bit version.
Download the minilyzer.cmd script to somewhere convenient (like the desktop).
If you want to analyze the latest blue screen and are running Windows XP (or Vista/Windows 7 with UAC disabled), run minilyzer.cmd and skip to step 6.
Navigate to the C:\Windows\Minidump folder and find the latest Minidump file, e.g. Mini012309-01.dmp.
Copy the Minidump file to your desktop, then click and drag it onto the minilyzer.cmd script that you downloaded.
Don’t be frightened by all of the information displayed in the window that pops up. If it’s the first time you are using Minilyzer, this will take a while. Relax, grab a drink and a powerbar, and wait until the Minilyzer report is opened.

Finding the Cause

When the report is opened, scroll to the very bottom and look at the last three lines: DEFAULT_BUCKET_ID, MODULE_NAME and IMAGE_NAME. These are what will usually tell you what has happened.

Here’s what they might look like:

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
MODULE_NAME: L1E60X64
IMAGE_NAME: L1E60X64.sys

Okay, so there’s something wrong with one of our drivers, but what is L1E60X64? A quick search on Google will show that it is the 64-bit version of the Atheros AR8121/AR8113/AR8114 ethernet driver. We have our culprit!

Fixing the Problem

In most cases, a simple driver update will fix problems like these. You can usually find drivers on your PC manufacturer’s website, the manufacturer of your motherboard, or directly from the manufacturer of the device itself. In the case above, installing the Atheros AR81Family 1.0.0.40 driver from Atheros’ drivers page solved the problem.

Of course, not every blue screen happens because of a driver issue. If you are not able to find out what caused a crash, the reports generated by Minilyzer are detailed enough to send to a geeky friend and/or a technical support service. You can find the reports in the folder where you saved minilyzer.cmd.

Cleaning Up

When you are done using Minilyzer, you can safely delete minilyzer.cmd and the Debugging Symbols folder that was created. If you think you might need to analyze more Minidumps in the future, you can keep minilyzer.cmd and the Debugging Symbols folder in the same folder to speed up any future analyses.

To find out more about Minilyzer, have a look at the Minilyzer project page.

How to Set Up Ubuntu Linux 6.06 LTS LAMP Server

January 29, 2007

in How to, Linux

Many crinche at the thought setting up their own webserver. They think it’s terribly hard — and they’re right, to a certain extent. Until now, setting up a full-fletched LAMP server that actually works has been a task exclusively for the gifted. Well, no more. Regardless of your skill level, I will guide you through the entire installation process of Ubuntu 6.06 LTS Server, my favorite server distribution to date. It’s easy to use, it’s powerful, it’s secure, and it’s painless to configure.

The Ubuntu Server has no open ports after the installation and contains only the essential software needed to build a secure server.

Well, let’s begin!

Notice: The screenshots below may be obsolete, as the Ubuntu website has been redesigned. The other parts of this guide remain current (well, as current as Ubuntu 6.06).

Part 1: Preparing For Installation

Starting with the basics, we’ll find and download the appropriate ISO image for our system architecture. Then we’ll burn it and commence the installation process. If you’ve already downloaded and burnt the right ISO image, feel free to skip to Part 2: Boot-Up and Configuration. Be aware that “Ubuntu 6.06 LTS” is not the same as “Ubuntu 6.06 LTS Server”. They are two seperate images.

Getting the ISO Image

- First off, we’ll head over to Ubuntu.com and click the Server Download link.

- On the Download page, select Ubuntu 6.06 LTS, Ubuntu with long-term support.

- Now select the region closest to you. Which you choose is irrelevant (they’re mirrors, thus no difference in content). I’ll select United States.

- Click on the respective download link for your system architecture. If you’re not sure what to get, chances are PC (x86) is the right one. If you’re running a Mac (NOT the ones with an Intel chipset), get the Mac (PPC) image. If 64-bit, get the 64-bit one, and so on. Please verify that you’re downloading your image in the Server section, not the Desktop, before continuing.

Now grab a cup of coffee or a coke while you wait. You must.

Burning the ISO Image

Now that we’re done downloading the ISO image, we’ll use our favorite burning application to write the ISO to a CD-ROM. It is of utmost importance that you do not just copy the ISO file to a CD, but that you actually burn the image. Most writing applications have a feature called “Write Image”, “Write ISO to Disc”, “Burn ISO”, or similar. In Linux, the ‘k3b’ application (Nero equivalent) can do this with ease, so can Nautilus’ built-in CD writer (right-click the ISO in Gnome). Please see “How to Write ISO Files to CD in Windows” for Windows instructions, and “How do I burn an ISO image to CD in OS X? for Mac OS X instructions.

Get Ready to Install

When you’ve written the ISO image to a CD-ROM, please verify the contents of the disc. There should be several files and folders — if there’s only an .iso-file, you haven’t burnt the ISO. Please see the above instructions on how to burn it rather than copying.

If all looks fine, you’re done with Part 1! Let’s try it out in;

Part 2: Boot-Up and Configuration

Now that you’ve downloaded and burnt the Ubuntu Server ISO image, you’re ready to begin the installation. Go ahead and reboot your server with the CD in. If your system does not automatically boot from the CD-ROM, you’ll need to enable this in your server’s BIOS configuration. This option and the method to access it varies from BIOS to BIOS, but generally you’ll be able to enter the BIOS by pressing either F2 or DEL when your computer is starting up. When you’ve reached the BIOS configuration menu (usually blue), look for any option that states “Boot from CD-ROM” or an option that allows you to configure the priority of each drive. Some BIOSes are set to boot from the harddrive before booting from the CD-ROM. Change it so CD-ROM is the first thing your server tries, then save the settings and reboot.

The screenshot to the right shows how my PhoenixBIOS is configured. The CD-ROM Drive is moved to the top, followed by Hard Drive and other network/removable devices.

Booting Up

Your server’s BIOS should now be set up correctly and should be booting from the CD-ROM drive. Hopefully you’re now seeing what is depicted in the screenshot to the right. Great! Now select Install a LAMP server and hit enter. You have begun the installation process.

Configuring Regional Settings

You’re not very far from having a full-fletched server now. Hang on!

- Now we’ll select the language of our system. Be warned that this is not just for the installation, it is the language your system will use after installation, as well. This is, of course, changeable, but just go with the right language from the get-go. I’ll choose English (it’d suck for you if I chose my native tongue, Danish). Hit Enter.

- Now, similarly, choose your location. The options vary depending on what language you chose in the previous step, so don’t be worried if you don’t see your country listed in the screenshot. If you select ‘other’ you will get a complete listing of languages. I’ll choose United States.

- The installer now asks for your keyboard type. The option displayed should be the correct one, so just hit Enter if it is. If not, try typing something or going through the list of keymaps.

The installer will now configure devices, load additional components, as well as load network hardware. In this How To, I’ll assume that you’re using either ADSL or DSL that does not require authentication. If you’re not, the installation will prompt you to enter the required information.

Configuring Networking

- The installer will now ask you what you want to call your server. Call it anything you want, this can be changed later. I will call mine patricks-server. This is not your username, it’s the servers hostname. It’s what identifies the server on the network.

And the installer detects more hardware…

Congratulations, you’re done with Part 2. Get ready for the hardest part, partitioning. Don’t worry, I’ll take good care of you.

Part 3: Partitioning Your Drives

This is the single hardest part to guide anyone through, remotely. All system setups are different so it’s hard to tell you exactly how to set up your system. Whether or not you’re going to be using LVM, how many partitions to make, etc.

- The standard options are pretty straight-forward, and I recommend you choose one of them if this process scares the living hell out of you. If you do choose one of them, feel free to skip to Part 4: Completing the Installation.

For the rest of this section, I will show you how I set up my system by manual partitioning. Please take my setup loosely — if there’s something that doesn’t fit you or something you’d prefer, adjust accordingly!

Manual Partitioning

- This is the manual partitioning menu. The first two options (if they are shown) will allow you to set up a software RAID and Logical Volume Management. These, if you need them, will have to wait until we have configured our partitions. I will not be configuring either, as they are both unique to each configuration and pretty straight-forward to set up.

- I have one harddrive, SCSI1 (0,0,0), a 268.4GB drive. To partition this drive, I’ll highlight it and hit Enter. A dialog will appear, asking me if I would like to create a new partition table, that will delete anything currently on the drive. I’ll hit Yes.

- This is the menu after deleting all partitions on the drive. Now I’m ready to set up new partitions.

- Select the “FREE SPACE” entry below the drive and hit Enter. You can choose to let the installer set up partitions automatically, or you can make them yourself. I’ll select Create a new partition.

- Our first partition will be the root ( ‘/’ ) partition. This is where all our system files and applications are stored. If you want, you can allocate a percentage of the drive to root, and leave the rest for the ‘/home’ partition. I’d recommend something inside the 15-25GB range for a root you’re going to be using for a long time. Seperating your root and /home is useful if you need to re-install Linux. I’ll assign 20GB to root.

- Unless you’re going to have more than 4 partitions per drive, select Primary here. Logical partitions are ‘fake’ partitions created to circumvent the normal limit of 4 partitions.

- Select Beginning. This tells the installer to position our root partition at the start of the available space.

- You can choose to leave everything as it is here. A little tweak: In Mount Options you can choose to turn ‘noatime’ on, which will give you a significant speed boost. It disables generating a new time stamp every time a file is accessed. When you’re happy, select Done setting up the partition and hit Enter.

Additional Partitions

Now that you know how to set up a new partition, do the following:

- Following the same instructions as before, create a partition in the free space with a size roughly equal to half of your RAM, e.g. 512mb if you have 1GB of RAM. Make it a Primary partition as before, in the Beginning of the free space as well. When you get to the confirmation dialog, highlight the file system type (Use as:) and hit Enter. Select swap area from the menu. Accept the changes. The swap area acts as a substitute if all available RAM is being used.

- Finally, create another partition, but /home rather than /. Ubuntu should automatically suggest this. Have this partition use the remaining space on your drive. Again, you can choose to enable ‘noatime’ to get a performance boost.

Verifying and Finalizing

Your partition table should now look like this (or be similar). If you’re missing the swap space or the /home partition, don’t worry. You can mess around as much as you want. If all goes wrong, delete the entire partition table by selecting the drive itself, and start over.

If you’re all done, hit Finish partitioning and write changes to disk. A confirmation dialog will appear, asking you if you’re sure you want to apply these changes. Double-check the settings and hit Yes if it looks right.

You’re all done with partitioning! Get ready for the fun stuff in

Part 4: Completing the Installation

Now that you’re done partitioning, it’s time to complete the installation!

Setting Up the Timezone

- The installer will ask you what timezone you’re in. Select the one that best fits you and continue. I’ll choose Eastern. If you are prompted to use UTC, hit Yes (unless you have a reason not to).

Users and Passwords

- The first dialog after having entered the timezone asks you for your real name, not the alias you want to log in with.

- Now I’m asked for my desired username. The username should start with a lower-case letter, which can be followed by any combination of numbers and letters. The installer suggests patrick. I’ll go with that.

- Enter the password you’d like to associate with your account. This password will also be the password you use to perform actions that require ‘root’ access. In the next window, confirm the password by typing it again.

Sit back and relax as the installer completes installing Ubuntu Server on your computer. Let the installation process finish, eject the CD, and reboot your system. Congratulations, installation is done!

Linux should now initialize and prompt you for your username and password. If your screen looks something like this, all went well. Feel free to log in.

Setting up LAMP

Wouldn’t it be great if our LAMP server just worked now, without us having to do anything? Well, it does! Try browsing to your servers IP in a browser, in my case http://192.168.0.6. Woot!

It’s time to do a few changes to our LAMP server. Normally, this would be a 3/4-hour process of manually editing config files and testing. Thanks to Ubuntu though, the installer does it all — better too. All we need to do is choose how we want our LAMP server to work.

By default, Apache2 uses /var/www/ as its document root. We’ll want to change this to our home folder in order to reap the space we’ve allocated.

- Log in, in case you haven’t. Type the exact command mkdir www – This will create the folder /home/patrick/www/ which we will be using as the document root of our server.

- Type the exact command: sudo nano -w /etc/apache2/sites-available/default and hit Enter. You will be prompted for your password. Enter it, and a text editor with our site’s config file will open (see screenshot to the right).

- Feel free to set the administrator e-mail to your own. Now, go through the document and replace all occurrences of /var/www/ to /home/patrick/www/, where ‘patrick’ is the username you chose during the installation. Navigate around with the arrow buttons. When done, hit CTRL+X then type Y and Enter to save the changes.

- Time to restart Apache to apply the changes. Type sudo /etc/init.d/apache2 restart

- Now, let’s see if this really works! Assuming you’re in your home folder (type cd to make sure), type cd www followed by ls. You should see.. nothing. Good.

- Type nano -w index.php
We’ll create a sample PHP script to test if the server and PHP is working. <?php echo "It's working!" ?> will suffice. Again, hit CTRL + X followed by Y and Enter to save the contents.

- Navigate to your server, e.g. http://192.168.0.5 — it works!

You’re done! Your server is working perfectly!

If you’re uncomfortable with the command-line interface, I recommend you look into guides for installing Webmin and phpMyAdmin for Ubuntu. Also, if you would like to administer your server from your own computer, you can install SSH with the command: sudo apt-get install ssh
You can access it with applications like PuTTY.

In order to install phpMyAdmin (and more) with sudo apt-get install, you will first need to enable the Universe repository. There’s a nice guide on how to do that from the CLI here.