Apple OSX admin tips, running webmin, usermin and openSSL

Posted on April 27th, 2009

These are some notes I took whilst enabling remote https:// administration of my Mac running OSX. Webmin provides a nice web gui for administration of your server, but you would probably want to restrict access to localhost, a few known and trusted hosts, or IPs on the local lan subnet for security. In addition, using OpenSSL makes this a better solution, if you prefer a gui console or do not have access to ssh / command line. Newer versions will always come out, please check – and note that this information can only serve as a ‘rough guide’.

Some things you might find useful before we begin:
—-
Use NetInfo manager, authenticate and enable root user
http://forums.ionmac.com/lofiversion/index.php/t309.html

use
$ defaults write com.apple.finder ShowAllFiles -boolean YES
(instead of $ defaults write com.apple.finder ShowAllFiles True )

this is also cool
$ defaults write “Apple Global Domain” AppleScrollBarVariant DoubleBoth

—-
installing perl / Net_SSLeay for SSL access is easy – just visit http://www.webmin.com/osx.html and follow directions

These instructions, contributed by Kevin Capwell, will allow you to install webmin on any Apple Macintosh OS X server. The version that I was using is as follows:
Server: 10.3
Perl: 5.8.1-RC3 to see version open terminal,
$ cd /usr/bin, then type
$ perl –version
OpenSSL: 0.9.7b to see version open terminal,
$ cd /usr/bin, then type
$OpenSSL version

INSTALL DEVELOPER TOOLS (i.e. use OS X 10.3 XCode CD and update!)
1. Go to https://connect.apple.com/ and become a member of ADC – it’s free!
2. Click on ‘Download Software’.
3. Click on ‘Developer Tools’.
4. Download the Xcode Tools v1.0 and 1.0.1 update. As
of this writing download the Xcode CD is in 20 parts,
however, Xcode should come with your box copy of 10.3.
5. Click twice on the Xcode.dmg icon.
6. Click twice on the ‘Developer’ package.
7. Enter your administrator password when you are
prompted.
8. After selecting the drive to install the developer
tools, then click the ‘Customize’ button. Make sure
the check the BSD SDK option.
9. Perform the install.

INSTALL THE NET_SSLEAY.PM
1. Download and install the Perl Mod “Net::SSLeay”
2. Go to the web page
http://www.cpan.org/modules/by-module/Net/
3. Download the ‘Net_SSLeay.pm-1.25.tar.gz’. This version was tested with the perl and openssh that are installed with 10.3. In my case this is Perl 5.8.1 and
OpenSSL 0.9.7b (to see your versions look at the commands above)
4. I copied the Net_SSLeay.pm-1.25.tar.gz to /usr/local
5. tar -zxvf Net_ssleay.pm-1.25.tar.gz
6. cd Net_ssleay.pm-1.25
7. type ‘perl Makefile.PL -t’ (without the quotes builds and tests) You should see a successful install message
8. Issue the ‘sudo -s’ command (without the quotes) – enter your admin password. You should now see a root# prompt at the beginning of each line you type.
9. Type ‘make install’ (without the quotes).
10. If the command “perl -e ‘use Net::ssleay'” (without the “” quotes) doesn’t output any error message, then the ssl support that webmin needs is
properly installed.

INSTALL THE AUTHEN_PAM.PM
1. Download and install the Perl Mod “Authen::PAM”
2. Go to the web page
http://www.cpan.org/modules/by-module/Authen/
3. Download the ‘Authen-PAM-0.15.tar.gz’ file
4. I copied the Authen-PAM-0.15.tar.gz to /usr/local
5. tar -zxvf Authen-PAM-0.15.tar.gz
6. cd Authen-PAM-0.15
7. type ‘perl Makefile.PL -t’ (without the quotes builds and tests) You should see a successful install message
8. Issue the ‘sudo -s’ command (without the quotes) – enter your admin password. You should now see a root# prompt at the beginning of each line you type.
9. Type ‘make install’ (without the quotes).

INSTALL WEBMIN
1. Go to http://www.webmin.com/download.html
download the current Unix tar/gzip version.
2. I copied the webmin-1.340.tar.gz to /usr/local
3. tar -zxvf webmin-1.340.tar.gz
4. cd webmin-1.340
5. type ‘./setup.sh’ (without the quotes).
6. Accept defaults for config and log file directory (one return for each will do)..
7. Accept the default path to perl (it should test ok).
8. Accept the default port for webmin (port 10000).
9. Login name can be anything you want (the default is admin).
10. Login password can be anything you want. Then you will be asked to verify the password.
11. If you followed the instructions above correctly you will be prompted with ‘Use SSL (y/n):’ you can now answer Y. This will encrypt your connections with the Xserve.
12. Answer Y to Start Webmin at boot time.
13. After the install is complete, copy the file
pam-webmin to /etc/pam.d/webmin and re-start Webmin with /etc/webmin/stop ; /etc/webmin/start. This will enable PAM authentication, if you need it.
If everything installs correctly you will see ‘Webmin has been installed and started successfully. Use your web browser to go to:
https://:10000
and login with the name and password that you entered
previously.

INSTALL USERMIN
1. Go to http://www.webmin.com/udownload.html
download
the current Unix tar/gzip version.
2. I copied the usermin-1.270.tar.gz to /usr/local
3. tar -zxvf usermin-1.270.tar.gz
4. cd usermin-1.270
5. type ‘./setup.sh’ (without the quotes).
6. Accept defaults for config and log file directory (one return for each will do).
7. Accept the default path to perl (it should test ok).
8. Accept the default port for webmin (port 20000).
9. If you followed the instructions above correctly you will be prompted with ‘Use SSL (y/n):’ you can now answer Y. This will encrypt your connections with the Xserve.
10. After the install is complete, copy the file pam-usermin to /etc/pam.d/usermin and re-start Usermin with /etc/webmin/stop ; /etc/webmin/start. This will enable PAM authentication for all users who login.
Usermin is useful for changing passwords and (optionally) reading mail. It is a terrific user tool with security built in. I highly recommend that you
experiment with it for ease of use with your users.

How to install a Linux virus – 7 steps

Posted on April 27th, 2009

Basic Installation
==================

Before attempting to compile this virus make sure you have the correct version of glibc installed, and that your firewall rules are set to `allow everything’..

1. Put the attachment into the appropriate directory eg. /usr/src
2. Type `tar xvzf evilmalware.tar.gz’ to extract the source files for this virus.
3. `cd’ to the directory containing the virus’s source code and type`./configure’ to configure the virus for your system.If you’re using `csh’ on an old version of System V, you might need to type `sh ./configure’ instead to prevent `csh’ from trying to execute `configure’ itself.
4. Type `make’ to compile the package. You may need to be logged in as root to do this.
5. Optionally, type `make check_payable’ to run any self-tests that come with the virus, and send a large donation to an unnumbered Swiss bank account.
6. Type `make install’ to install the virus and any spyware, trojans pornography, penis enlargement adverts and DDoS attacks that come with it.
7. You may now configure your preferred malware behaviour in /etc/evilmalware.conf .

(Cheers to Mike Walker for sending me this humorous article!)

UNIX command line tips (intermediate)

Posted on April 19th, 2009

It is often seen that when one is using a system he/she tends to fall into set usage patterns. This leads to development of habit of doing things in improper way. In order to overcome these problems the best way is to carefully pick up good habits that offset them.

The following are the 10 UNIX command-line habits worth picking up — good habits that helps one break many common usage foibles and makes one more productive at the command line in the process:

One must try to inculcate these 10 good habits.

1. One should make directory trees in a simple filch: It is really quite simple and faster to use the -p option to mkdir and to make all parent directories along with their children in a single command. However the administrators often ignore this option that are even familiar with this. Thus one should keep this point in mind.
2. One should change the path but not the archive: One can use this option in order to make entire complex directory trees, which are great to use inside scripts; not just simple hierarchies.
3. One should combine his/her commands with control operators: One should define complex directory trees with single command only.
4. One should use escape sequences in order to manage inputs, which are long enough.
5. One should group his/her commands together in a list.
6. One should use xargs outside of find.
7. One should quote variables with great caution.
8. One should use backslash for long input.
9. One should match certain fields in output and not just lines.
10. One should know when grep should do the counting and when it should come aside.

Article source

Ubuntu raid – postinstallation

Posted on January 10th, 2009

https://wiki.ubuntu.com/Raid has a simple script for creating a RAID array which you can adapt to your specific requirements – In my case I used it to add 2 shiny new 640GB drives to my Ubuntu machine after installing a copy of Ubuntu Desktop (I didnt bother reinstall the OS, I just added it as a data store. If my OS ever self-destructs, I can just boot off my USB drive and recover my data from there – although you may need to “sudo apt-get install mdadm”.

Howto make your server highly available

Posted on January 5th, 2009

Setting up a highly available NFS server (5 pages)
http://www.howtoforge.com/high_availability_nfs_drbd_heartbeat

Mirror Your Web Site With rsync (2 pages)
http://www.howtoforge.com/mirroring_with_rsync

How To Set Up A Loadbalanced High-Availability Apache Cluster (4 pages)
http://www.howtoforge.com/high_availability_loadbalanced_apache_cluster

How To Set Up A Load-Balanced MySQL Cluster (8 pages)
http://www.howtoforge.com/loadbalanced_mysql_cluster_debian

How To Set Up Database Replication In MySQL (2 pages)
http://www.howtoforge.com/mysql_database_replication

Samba howto – connecting from linux

Posted on August 3rd, 2008

Credits once again go to www.raqpak.com (site offline) for this. Its targeted towards Cobalt users, but it could be applicable to anyone on a linux machine trying to access a windows resource. I included it mainly for my own reference here, although I suppose I could compliment it with the counterpart – how to setup a Samba share on Cobalt / BlueQuartz / Linux for windows users to access

Mount a windows NT/2000/98 path

If you want to mount a windows filesystem onto your Qube3 use the following command:

mount -t smbfs -o username=theuser,password=thepass //servername/sharename /home/groups/home/network

Change username/password as required (If you dont need to authenticate, remove the entry and the -o option parameter completely)
Create the directory you want to mount the drive to, so in the above example create /home/groups/home/network first then do the mount statement.

If possible, before a reboot or shutdown, do a:
umount /home/groups/home/network
otherwise the reboot will take longer as it unmounts the system itself.

(For this to work i’m assuming you’ve configured your network file sharing/workgroup stuff correctly as its all related)

Just a quickie

Posted on July 29th, 2008

Hi folks, wanted to post a follow-up to my introduction to LAMP servers, in case you found it a little too vague and lacking in detail. (Which was intentional, since I was pitching it towards newbies).

Without advocating any particular distribution / server, be advised that most of the examples I will give here will be based on a debian/UBUNTU system, due to current popularity. You can download and install Ubuntu for yourself, if you have a spare machine, or if not, look out for the ~69MB Ubuntu Server available as a VMware VA (virtual appliance) format.

I also tend to work with RHEL based CentOS distros, from time to time, and of course, the variety of other UNIXes from the collective boxen in the hive. However, they are beyond the scope of this discussion, so assume unless otherwise stated that my examples are running on an Ubuntu server.

Here’s a place to get a useful step-by-step guide on howto get your Ubuntu LAMP server up and running, although it looks as though they’ve been extending it and improving since I last took a copy: http://mysql-apache-php.com/