deb http://us.archive.ubuntu.com/ubuntu/ oneiric-updates universe
deb-src http://us.archive.ubuntu.com/ubuntu/ oneiric-updates universe

deb http://us.archive.ubuntu.com/ubuntu/ oneiric multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ oneiric multiverse
deb http://us.archive.ubuntu.com/ubuntu/ oneiric-updates multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ oneiric-updates multiverse

deb http://security.ubuntu.com/ubuntu oneiric-security universe
deb-src http://security.ubuntu.com/ubuntu oneiric-security universe
deb http://security.ubuntu.com/ubuntu oneiric-security multiverse
deb-src http://security.ubuntu.com/ubuntu oneiric-security multiverse

I commented all of the above out.

Networking

lshw -class network
*-network
description: Ethernet interface
product: 82566DM-2 Gigabit Network Connection
vendor: Intel Corporation
physical id: 19
bus info: pci@0000:00:19.0
logical name: eth0
version: 02
serial: 00:1a:a0:e8:f6:40
size: 1Gbit/s
capacity: 1Gbit/s
width: 32 bits
clock: 33MHz
capabilities: pm msi bus_master cap_list ethernet physical tp 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation
configuration: autonegotiation=on broadcast=yes driver=e1000e driverversion=1.3.10-k2 duplex=full firmware=1.1-1 ip=192.168.1.151 latency=0 link=yes multicast=yes port=twisted pair speed=1Gbit/s
resources: irq:42 memory:fe9e0000-fe9fffff memory:fe9db000-fe9dbfff ioport:ecc0(size=32)

sudo apt-get install ethtool

sudo ethtool eth0

Settings for eth0:
        Supported ports: [ TP ]

        Supported link modes:

10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Half 1000baseT/Full

        Supports auto-negotiation: Yes
        Advertised link modes:  10baseT/Half 10baseT/Full

                                100baseT/Half 100baseT/Full

                                1000baseT/Half 1000baseT/Full
        Advertised auto-negotiation: Yes

        Speed: 1000Mb/s
        Duplex: Full
        Port: Twisted Pair
        PHYAD: 1
        Transceiver: internal
        Auto-negotiation: on
        Supports Wake-on: g
        Wake-on: d

        Current message level: 0x000000ff (255)
        Link detected: yes

auto eth0
iface eth0 inet static
pre-up /sbin/ethtool -s eth0 speed 1000 duplex full

Want to set up a static interface so in /etc/network/interfaces:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
#iface eth0 inet dhcp
iface eth0 inet static
address 192.168.1.4
netmask 255.255.255.0
network 192.168.1.1
broadcast 192.168.1.255
gateway 192.168.1.1

Airvideo Server

Let’s do something fun…   set up airvideo-server:

before we get started there are a few other packages to get:

apt-get install apt-get install python-software-properties

Update 2011/12/05 Oneiric packages now available

1. Open a Terminal
2. Add the AirVideo PPA repositorysudo add-apt-repository ppa:rubiojr/airvideo
3. Update package indexsudo apt-get update
4. Install AirVideo Serversudo apt-get install airvideo-server
5. Tweak the ‘folders’ property editing /opt/airvideo-server/AirVideoServerLinux.properties
6. Open the Air Video server application or type ‘airvideo-server’ in a terminal
7. Enjoy

References:

http://inmethod.com/air-video/index.html

http://wiki.birth-online.de/know-how/hardware/apple-iphone/airvideo-server-linux

http://www.inmethod.com/forum/posts/list/1856.page

https://launchpad.net/~rubiojr/+archive/airvideo

Auto starting Air Video on Startup

Create /etc/init/airvideo.conf:

start on runlevel [2345]
stop on shutdown
respawn

exec sudo -H -n -u root /usr/bin/java -jar /opt/airvideo-server/AirVideoServerLinux.jar /opt/airvideo-server/AirVideoServerLinux.properties

This will tell UpStart to run the server process as user mbirth upon reaching one of the runlevels 2-5 and stop the server when the system shuts down. respawn tells it to restart the server if it crashed.

You can also control it manually by doing

sudo start airvideo

or

sudo stop airvideo

Avahi Configuration for AirVideo

To get airvideo over Bonjour for iPads, Macs, iTunes, etc. need to configure avahi-daemon for airvideo

In /etc/avahi/services, add to/create multi.service:

<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">%h</name>
<service>
<type>_smb._tcp</type>
<port>139</port>
</service>
<service>
<type>_rfb._tcp</type>
<port>5901</port>
</service>
<service>
<type>_device-info._tcp</type>
<port>0</port>
<txt-record>model=RackMac</txt-record>
</service>
<service>
<type>_http._tcp</type>
<port>80</port>
</service>
<service>
<type>_ssh._tcp</type>
<port>22</port>
</service>
<service>
<type>_sftp-ssh._tcp</type>
<port>22</port>
</service>
</service-group>

<service-group>
<name replace-wildcards="yes">AirVideoServer on %h</name>
<service>
<type>_airvideoserver._tcp</type>
<port>45631</port>
</service>
</service-group>

XFS

Adding support for XFS is another installation:

apt-get install xfsprogs

then the xfs mount points can be added to /etc/fstab

Mail

apt-get install bsd-mailx

so we can email from the command line!

NTP

ntpdate -s ntp.ubuntu.com

sudo apt-get install ntp

# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
# more information.
server 0.ubuntu.pool.ntp.org

server 1.ubuntu.pool.ntp.org
server 2.ubuntu.pool.ntp.org
server 3.ubuntu.pool.ntp.org

sudo /etc/init.d/ntp reload

View status

Use ntpq to see to see more info:

# sudo ntpq -p

     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
+stratum2-2.NTP. 129.70.130.70    2 u    5   64  377   68.461  -44.274 110.334
+ntp2.m-online.n 212.18.1.106     2 u    5   64  377   54.629  -27.318  78.882
*145.253.66.170  .DCFa.           1 u   10   64  377   83.607  -30.159  68.343
+stratum2-3.NTP. 129.70.130.70    2 u    5   64  357   68.795  -68.168 104.612
+europium.canoni 193.79.237.14    2 u   63   64  337   81.534  -67.968  92.792

References

• See the Ubuntu Time15 wiki page for more information.
• ntp.org, home of the Network Time Protocol project16

127.0.0.1 localhost.localdomain localhost puppet
192.168.1.17 meercat02.example.com meercat02

192.168.1.16 meercat.example.com meercat puppet

 package {

    'apache2':

        ensure => installed

}

service {
    'apache2':

        ensure => true,
        enable => true,
        require => Package['apache2']

}
 Next, create a node file /etc/puppet/manifests/nodes.pp with:

node 'meercat02.example.com' {
   include apache2

sudo /etc/init.d/puppetmaster restart

sudo /etc/init.d/puppet start

sudo puppetca --sign meercat02.example.com

phpMyAdmin

phpMyAdmin is a LAMP application specifically written for administering MySQL servers. Written in PHP, and accessed through a web browser, phpMyAdmin provides a graphical interface for database administration tasks.

Installation

Before installing phpMyAdmin you will need access to a MySQL database either on the same host as that phpMyAdmin is installed on, or on a host accessible over the network. For more information see Section 1, “MySQL” [p. 162]. From a terminal prompt enter:

sudo apt-get install phpmyadmin

At the prompt choose which web server to be configured for phpMyAdmin. The rest of this section will use Apache2 for the web server.

In a browser go to http://servername/phpmyadmin, replacing serveranme with the server’s actual hostname. At the login, page enter root for the username, or another MySQL user if you any setup, and enter the MySQL user’s password.

Once logged in you can reset the root password if needed, create users, create/destroy databases and tables, etc.

Configuration

The configuration files for phpMyAdmin are located in /etc/phpmyadmin. The main configuration file is /etc/phpmyadmin/config.inc.php. This file contains configuration options that apply globally to phpMyAdmin.

To use phpMyAdmin to administer a MySQL database hosted on another server, adjust the following in /etc/phpmyadmin/config.inc.php:

$cfg['Servers'][$i]['host'] = 'db_server';

Replace db_server with the actual remote database server name or IP address. Also, be sure that the phpMyAdmin host has permissions to access the remote database.

Once configured, log out of phpMyAdmin and back in, and you should be accessing the new server.

The config.header.inc.php and config.footer.inc.php files are used to add a HTML header and footer to phpMyAdmin.

Another important configuration file is /etc/phpmyadmin/apache.conf, this file is symlinked to / etc/apache2/conf.d/phpmyadmin.conf, and is used to configure Apache2 to serve the phpMyAdmin site. The file contains directives for loading PHP, directory permissions, etc. For more information on configuring Apache2 see Section 1, “HTTPD – Apache2 Web Server”.

FTP Server

File Transfer Protocol (FTP) is a TCP protocol for uploading and downloading files between computers. FTP works on a client/server model. The server component is called an FTP daemon. It continuously listens for FTP requests from remote clients. When a request is received, it manages the login and sets up the connection. For the duration of the session it executes any of commands sent by the FTP client.

Access to an FTP server can be managed in two ways:

• Anonymous
• Authenticated

In the Anonymous mode, remote clients can access the FTP server by using the default user account called “anonymous” or “ftp” and sending an email address as the password. In the Authenticated mode a user must have an account and a password. User access to the FTP server directories and files is dependent on the permissions defined for the account used at login. As a general rule, the FTP daemon will hide the root directory of the FTP server and change it to the FTP Home directory. This hides the rest of the file system from remote sessions.

vsftpd – FTP Server Installation

vsftpd is an FTP daemon available in Ubuntu. It is easy to install, set up, and maintain. To install vsftpd you can run the following command:

sudo apt-get install vsftpd

Anonymous FTP Configuration
By default vsftpd is not configured to allow anonymous download. If you wish to enable anonymous

download edit /etc/vsftpd.conf by changing: anonymous_enable=Yes

During installation a ftp user is created with a home directory of /srv/ftp. This is the default FTP directory.

If you wish to change this location, to /srv/files/ftp for example, simply create a directory in another location and change the ftp user’s home directory:

sudo mkdir /srv/files/ftp
sudo usermod -d /srv/files/ftp ftp

After making the change restart vsftpd:

Finally, copy any files and directories you would like to make available through anonymous FTP to / srv/files/ftp, or /srv/ftp if you wish to use the default.

User Authenticated FTP Configuration

By default vsftpd is configured to authenticate system users and allow them to download files. If you want users to be able to upload files, edit /etc/vsftpd.conf:

write_enable=YES

Now restart vsftpd:

sudo restart vsftpd

Now when system users login to FTP they will start in their home directories where they can download, upload, create directories, etc.

Similarly, by default, anonymous users are not allowed to upload files to FTP server. To change this setting, you should uncomment the following line, and restart vsftpd:

anon_upload_enable=YES

Enabling anonymous FTP upload can be an extreme security risk. It is best to not enable anonymous upload on servers accessed directly from the Internet.

The configuration file consists of many configuration parameters. The information about each parameter is available in the configuration file. Alternatively, you can refer to the man page, man 5 vsftpd.conf for details of each parameter.

Securing FTP

There are options in /etc/vsftpd.conf to help make vsftpd more secure. For example users can be limited to their home directories by uncommenting:

chroot_local_user=YES

You can also limit a specific list of users to just their home directories:

chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list

After uncommenting the above options, create a /etc/vsftpd.chroot_list containing a list of users one per line. Then restart vsftpd:

Also, the /etc/ftpusers file is a list of users that are disallowed FTP access. The default list includes root, daemon, nobody, etc. To disable FTP access for additional users simply add them to the list.

FTP can also be encrypted using FTPS. Different from SFTP, FTPS is FTP over Secure Socket Layer (SSL). SFTP is a FTP like session over an encrypted SSH connection. A major difference is that users of SFTP need to have a shell account on the system, instead of a nologin shell. Providing all users with a shell may not be ideal for some environments, such as a shared web host.

To configure FTPS, edit /etc/vsftpd.conf and at the bottom add: ssl_enable=Yes

Also, notice the certificate and key related options:

rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

By default these options are set the certificate and key provided by the ssl-cert package. In a production environment these should be replaced with a certificate and key generated for the specific host. For more information on certificates see Section 5, “Certificates” [p. 128].

Now restart vsftpd, and non-anonymous users will be forced to use FTPS: sudo restart vsftpd

To allow users with a shell of /usr/sbin/nologin access to FTP, but have no shell access, edit /etc/ shells adding the nologin shell:

# /etc/shells: valid login shells
/bin/csh
/bin/sh
/usr/bin/es

/usr/bin/ksh
/bin/ksh
/usr/bin/rc
/usr/bin/tcsh
/bin/tcsh
/usr/bin/esh
/bin/dash
/bin/bash
/bin/rbash
/usr/bin/screen
/usr/sbin/nologin

This is necessary because, by default vsftpd uses PAM for authentication, and the/etc/pam.d/ vsftpd configuration file contains:

auth required pam_shells.so TheshellsPAMmodulerestrictsaccesstoshellslistedinthe/etc/shellsfile.

CUPS – Print Server

The primary mechanism for Ubuntu printing and print services is the Common UNIX Printing System (CUPS). This printing system is a freely available, portable printing layer which has become the new standard for printing in most Linux distributions.

CUPS manages print jobs and queues and provides network printing using the standard Internet Printing Protocol (IPP), while offering support for a very large range of printers, from dot-matrix
to laser and many in between. CUPS also supports PostScript Printer Description (PPD) and auto- detection of network printers, and features a simple web-based configuration and administration tool.

Installation

To install CUPS on your Ubuntu computer, simply use sudo with the apt-get command and give the packages to install as the first parameter. A complete CUPS install has many package dependencies, but they may all be specified on the same command line. Enter the following at a terminal prompt to install CUPS:

sudo apt-get install cups

Upon authenticating with your user password, the packages should be downloaded and installed without error. Upon the conclusion of installation, the CUPS server will be started automatically.

For troubleshooting purposes, you can access CUPS server errors via the error log file at: /var/log/ cups/error_log. If the error log does not show enough information to troubleshoot any problems you encounter, the verbosity of the CUPS log can be increased by changing the LogLevel directive in the configuration file (discussed below) to “debug” or even “debug2”, which logs everything, from the default of “info”. If you make this change, remember to change it back once you’ve solved your problem, to prevent the log file from becoming overly large.

Configuration

The Common UNIX Printing System server’s behavior is configured through the directives contained in the file /etc/cups/cupsd.conf. The CUPS configuration file follows the same syntax as the primary configuration file for the Apache HTTP server, so users familiar with editing Apache’s configuration file should feel at ease when editing the CUPS configuration file. Some examples of settings you may wish to change initially will be presented here.

Prior to editing the configuration file, you should make a copy of the original file and protect it from writing, so you will have the original settings as a reference, and to reuse as necessary.

Copy the /etc/cups/cupsd.conf file and protect it from writing with the following commands, issued at a terminal prompt:

sudo chmod a-w /etc/cups/cupsd.conf.original

• ServerAdmin: To configure the email address of the designated administrator of the CUPS server, simply edit the /etc/cups/cupsd.conf configuration file with your preferred text editor, and
  add or modify the ServerAdmin line accordingly. For example, if you are the Administrator for
  the CUPS server, and your e-mail address is ‘bjoy@somebigco.com’, then you would modify the ServerAdmin line to appear as such:

    ServerAdmin bjoy@somebigco.com

• Listen: By default on Ubuntu, the CUPS server installation listens only on the loopback interface at IP address 127.0.0.1. In order to instruct the CUPS server to listen on an actual network adapter’s IP address, you must specify either a hostname, the IP address, or optionally, an IP address/port pairing via the addition of a Listen directive. For example, if your CUPS server resides on a local network at the IP address 192.168.10.250 and you’d like to make it accessible to the other systems on this subnetwork, you would edit the /etc/cups/cupsd.conf and add a Listen directive, as such:

    Listen 127.0.0.1:631           # existing loopback Listen
    Listen /var/run/cups/cups.sock # existing socket Listen
    Listen 192.168.10.250:631      # Listen on the LAN interface, Port 631 (IPP)

  In the example above, you may comment out or remove the reference to the Loopback address (127.0.0.1) if you do not wish cupsd to listen on that interface, but would rather have it only listen on the Ethernet interfaces of the Local Area Network (LAN). To enable listening for all network interfaces for which a certain hostname is bound, including the Loopback, you could create a Listen entry for the hostname socrates as such:

    Listen socrates:631  # Listen on all interfaces for the hostname 'socrates'

  or by omitting the Listen directive and using Port instead, as in: Port 631 # Listen on port 631 on all interfaces

  For more examples of configuration directives in the CUPS server configuration file, view the associated system manual page by entering the following command at a terminal prompt:

  man cupsd.conf

  Whenever you make changes to the /etc/cups/cupsd.conf configuration file, you’ll need to restart the CUPS server by typing the following command at a terminal prompt:

  sudo /etc/init.d/cups restart

Web Interface

CUPS can be configured and monitored using a web interface, which by default is available at http://localhost:631/admin. The web interface can be used to perform all printer management tasks.

In order to perform administrative tasks via the web interface, you must either have the root account enabled on your server, or authenticate as a user in the lpadmin group. For security reasons, CUPS won’t authenticate a user that doesn’t have a password.

To add a user to the lpadmin group, run at the terminal prompt: sudo usermod -aG lpadmin username

Further documentation is available in the Documentation/Help tab of the web interface.

References

CUPS Website
Debian Open-iSCSI page

#group = #}

    client {
      # The client socket is generally safe to export to everyone. Typical use
      # is to export it to your SMTP server so it can do SMTP AUTH lookups
      # using it.
      path = /var/spool/postfix/private/auth-client
      mode = 0660
      user = postfix
      group = postfix

} }

In order to let Outlook clients use SMTP-AUTH, in the auth default section of /etc/dovecot/ dovecot.conf add “login”:

  mechanisms = plain login

Once you have Dovecot configured restart it with:

sudo /etc/init.d/dovecot restart

Mail-Stack Delivery

Another option for configuring Postfix for SMTP-AUTH is using the mail-stack-delivery package (previously packaged as dovecot-postfix). This package will install Dovecot and configure Postfix to use it for both SASL authentication and as a Mail Delivery Agent (MDA). The package also configures Dovecot for IMAP, IMAPS, POP3, and POP3S.

You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail server. For example, if you are configuring your server to be a mail gateway, spam/virus filter, etc. If this is the case it may be easier to use the above commands to configure Postfix for SMTP- AUTH.

To install the package, from a terminal prompt enter:

sudo apt-get install mail-stack-delivery

You should now have a working mail server, but there are a few options that you may wish to further customize. For example, the package uses the certificate and key from the ssl-cert package, and in a production environment you should use a certificate and key generated for the host. See Section 5, “Certificates” [p. 128] for more details.

Once you have a customized certificate and key for the host, change the following options in /etc/ postfix/main.cf:

To see messages entered into the logs in real time you can use the tail -f command:

tail -f /var/log/mail.err

The amount of detail that is recorded in the logs can be increased. Below are some configuration options for increasing the log level for some of the areas covered above.

• To increase TLS activity logging set the smtpd_tls_loglevel option to a value from 1 to 4.

    sudo postconf -e 'smtpd_tls_loglevel = 4'

• If you are having trouble sending or receiving mail from a specific domain you can add the domain to the debug_peer_list parameter.

    sudo postconf -e 'debug_peer_list = problem.domain'

• You can increase the verbosity of any Postfix daemon process by editing the/etc/postfix/ master.cf and adding a -v after the entry. For example edit the smtp entry:

    smtp      unix  -       -       -       -       -       smtp -v

  It is important to note that after making one of the logging changes above the Postfix process will need to be reloaded in order to recognize the new configuration: sudo /etc/ init.d/postfix reload

• To increase the amount of information logged when troubleshooting SASL issues you can set the following options in /etc/dovecot/dovecot.conf

    auth_debug=yes
    auth_debug_passwords=yes

  Just like Postfix if you change a Dovecot configuration the process will need to be reloaded: sudo /etc/init.d/dovecot reload.

  Some of the options above can drastically increase the amount of information sent to the log files. Remember to return the log level back to normal after you have corrected the problem. Then reload the appropriate daemon for the new configuration to take affect.

  References

  Administering a Postfix server can be a very complicated task. At some point you may need to turn to the Ubuntu community for more experienced help.