Enabling bootlogd on Debian Linux servers

Question: I am concerned about some services loaded during my Linux server’s boot up, but it does not seem to keep any log of it. How do I fix this?

Answer: If you are running a Debian-based server, boot-logging is disabled by default. The only way to find out what is happening during a boot, other than being at the console and watching it happen, is to enable bootlogd.

Using a text editor (such as vi or nano), edit the file /etc/default/bootlogd as root.

Find the line that has “BOOTLOGD_ENABLE” and change “no” to “yes”.

BOOTLOGD_ENABLE=yes

Once you have rebooted, you should now have information in /var/log/boot about your system’s booting process.

How to restart Apache in Mac OS X Server

Question: How do I restart Apache HTTP Server on a Mac OS X server?

Answer: Linux other Unix-based servers, you can start and stop Apache from the command line. If you are familiar with Redhat-based systems, then you are used to logging in and then using “su” to become Root. Mac OS Xrelies on “sudo” like many Debian-based systems (such as Ubuntu).

The command for Apache in Mac OS X is “apachectl” (Apache control). To restart Apache, type the following:

$ sudo apachectl restart

To stop Apache, enter:

$ sudo apachectl -k stop

And to start Apache again, type:

$ sudo apachectl -k start

After entering a command with “sudo” you will be prompted for your password. Enter it and continue. You will still need to use “sudo” for each command run as Root, but it will not ask you for the password again until you have stopped using it for a period of time in that session.

Source: nixCraft

How to setup an SSL Dovecot mail server

Question: How do I setup Dovecot to use IMAPS and POP3S with Postfix certificates?

Answer: Dovecot is a free and open source IMAP and POP3 mail server. It is used for receiving incoming mail and works in conjunction with Postfix, which handles sending and delivery. Dovecot runs on all Linux and Unix-like operating systems and is available in most distribution repositories. Some may even have it installed by default. Follow these simple steps to setup SSL:

Enable POP3S and IMAPS by editing the configuration file /etc/dovecot.conf. If they are enabled, the protocols setting will look like this:

protocols = imaps pop3s

Next you must set PEM encoded X.509 SSL/TLS certificate and private key. They’re opened before dropping root privileges, so keep the key file unreadable by anyone but root (see how create certificate CSR and configure certificates for Postfix):

ssl_cert_file = /etc/postfix/ssl/smtp.theos.in.crt
ssl_key_file = /etc/postfix/ssl/smtp.theos.in.key

If key file is password protected, give the password using ssl_key_password directive:
ssl_key_password = myPassword

Save and close the file. Restart Dovecot server:
# /etc/init.d/dovecot restart

Source: nixCraft

Linux file and directory structure

An important part of knowing your Linux server is knowing where directories and files are. Most Linux distributions organize files in a similar manner, following specific standards. It is very different from the Windows file and directory structure, but once you know one Linux setup, you will pretty much know the basic layout of every Linux distribution.

/ The root directory, under which all other directories reside.

/boot Here Linux stores information about booting, including the kernel itself and the bootloader.

/etc Most system-wide configuration files are kept in this directory, particularly those you use for your web server.

/bin, /usr/bin, /sbin All of these are where Linux stores executable files. This is one area where it differs depending on the software and distribution.
Read More >>

SSH security tips part 3: Root logins and empty passwords

Only one user should have the root password to a server, but since virtual private servers (VPS) can exist within a server, those users also have root passwords. Generally speaking, it is a bad practice to login to the server directly as root (administrator). Although SSH connections are encrypted, it is still a dangerous practice from a security perspective. Even administrative users should have lesser accounts that do not have superuser permissions.

To disable root login, edit your sshd_config file and add the following line (if it is not already present):

PermitRootLogin no

If you or another user with root access needs to become root, they can rely on “su” or “sudo” once they have logged in as a regular user with basic permissions.

The next important thing to secure is passwords, and a big no-no is using an empty password. In some circumstances, you cannot control what passwords (or lack thereof) other users choose, but with SSH, you can prevent users from choosing blank passwords. Enter the following line in sshd_config:

PermitEmptyPasswords no

Photo: Flickr

Changing a User's Group in Linux

Question: How do I add a user to a group in Linux?

Answer: Now that you have created a new user, you may need to add the user to a special group. To accomplish that, follow these easy steps.

1. Login to your server via SSH.
2. Become root:
su

Let’s assume the username is “mrtest” and you want to add it to the “audio” group.

3. From the root command prompt, enter:

useradd -G audio mrtest

If the group does not already exist, you need to create it first with groupadd:

groupadd audio

Once a group is created, you can add as many users to it as you need.

Changing the MySQL root password

Question: How do I change my MySQL root password on my dedicated server?

Answer: If you have never set the password for MySQL, the server will allow you to connect as root without any password at all. This is obviously not secure and needs to be fixed. Consider it an important step in configuring your server for the first time.

To setup the password for the first time, type this from the command line:

mysqladmin -u root password 54321

Replace “54321″ with your desired password.

To change the password after it has already been set, enter the following:

mysqladmin -u root -p 'oldpassword' password 54321

Replace ‘oldpassword’ with your actual password and 54321 with the new one.

Photo Source: Flickr

Managing passwords in Linux with the "passwd" command

When managing a dedicated server, it is very important to keep a secure password and to change it periodically. In an SSH session, the best way to accomplish this is to use the “passwd” command. A normal user can change his/her own account, while a system administrator (root) can change any account’s password on the system.

In Linux, there are certain requirements for passwords. The “passwd” command is configured to reject passwords that appear to be too easy to guess, particularly those that match common usage words. To change the password of the current user, just type passwd with nothing following it. To change the password of any other user, log in as root and then enter:

passwd username

It will ask you for a new password and then ask you to type the password again to confirm it. A good password will be 6 to 8 character and contain both lowercase letters and numbers. Another trick you can use to make sure a user changes his or her password is to use the “-e” flag. Enter:

passwd -e username

This will cause the user’s password to expire and force the person to change the password at his/her next login.

Photo Source: Flickr

Changing file ownership in Linux

There are many situations when you may need to change the ownership of files, especially if you are operating a virtual private server or dedicated server. For example, you may install something for a website as root but then need to set ownership of the file to the local user. Linux has a convenient command called “chown” that does exactly that. The word “chown” is short for “change the owner”.

Let’s suppose that you have a file called “testfile” owned by root. You want to change ownership to user1. Simply enter this command:

chown user1:users testfile

In this case, “user1″ is the user’s name and “users” is its user group.

If you want to change the ownership of all the files in a directory, you would add the “-R” tag to make the operation recursive.

chown -R user1:users test-directory

For more information about chown, enter this command: man chown.

Photo Source: SXC

What is root and su?

Question: What is root and su?

Answer: On Linux and other Unix-like systems, root is the default username of the system administrator or super user (su). Typically, the root user is the only one that has complete read and write access on every file located on a server. Shared hosting accounts never allow root access, but if you are using a self-managed dedicated hosting service, you will probably need root access.

It is very unwise to login to your server directly as root. The more secure method is to login as a regular user with default permissions and then gain root access through the user. On Linux systems, you typically gain root access by typing “su” and then entering the password when prompted; however, some servers use sudo.

With sudo, you do not login directly as root. Instead, anytime you need to execute a root command, you put “sudo” in front of it. So, to remove a file, you would type “sudo rm filename”. It would then prompt you for the password. There has always been an ongoing to debate about which is more secure. With either method you need to be careful. Root has full access to your server. Use it wisely.