Differences between revisions 49 and 50
Revision 49 as of 2007-07-26 13:59:23
Size: 21724
Editor: GeoffSimmons
Comment: Minor spelling corrections.
Revision 50 as of 2007-07-26 18:05:54
Size: 21722
Comment:
Deletions are marked like this. Additions are marked like this.
Line 657: Line 657:
=== Disable ssh root access === == Disable ssh root access ==

Visit http://www.lucasmanual.com/mywiki/ for up to date manual

How to install and configure various software on Debian. Step by step.

?TableOfContents(2) Keywords: Debian GNU Linux, Manual, How To, How-To, Installation, Configuration, Easy, From Windows XP to Debian, Wireless WPA2, anti-spam, fax, Documentation, MoinMoin Wiki, Linux, servers, Windows, Windows NT, Documentation

Debian Services

Installing and Configuring Postfix on Debian

  • Install postfix (this will remove exim since there can't be two mail systems)(If you have a website, choose internet site if configurations will ask):

apt-get install postfix
  • Check the log mail.log, mail.err, mail.info, mail.warn to see if postfix runs.

cat /var/log/mail.log
  • Configure: Now add your domain to config files, so others can't abuse your mailsystem. We do it with postconf

postconf -e "myorgin = example.com"
  • Now add your hostname (computer name). Use command "hostname" if not sure. It will show your hostname.

postconf -e "myhostname=server1.example.com"
  • Now add domain name that your system will handle.

postconf -e "relay_domains = example.com, example2.com, example3.com"
  • Reload Postfix Server:

postfix reload
  • Let's test our mailserver. Type

telnet localhost 25
  • You should see:

Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 server1.example.com ESMTP Postfix (Debian/GNU)
  • Now sent an email to yourself:

mail from:<you@youremail.com>
rcpt to:<user@example.com>
data
To: user@example.com
From: you@youremail.com
Subject: Hey my first email
This is my first email on debian postfix after installing configuring it.
It was easy. See you
  • Now to end data hit enter, type in a dot, and hit enter again:

.
  • Then

quit
  • Your are done. you can type "mail" and see if you have some.
    • Now let's get to next step:
    • If you have a router with firewall you will need to enable port 25 and forward that port to your computer.
    • You will need to enter your MX records in your domain provider. (ex. godaddy.com, or dnspark.com)
    • Check your mx records: go to http://www.iptools.com/ locate "DNS lookup". From pulldown menu select "MX". Type in your domain name (ex. example.com). You should see some records there. If you don't see any MX records go back to previus step. You have to have MX record otherwise other computers won't be able to see you when sending emails.

    • Usefull commands:

qshape
mailq
qshape deferred
postsuper
postsuper -r ALL   (requeue all emails)
  • You should be set. If your isp is blocking the traffic then you might need to do the following:

Debian Postfix and smtp.sbcglobal.yahoo.com

  • SBC global block port 25 on its DSL users:client tools on your box. Now you can checkout the repository:

    http://help.sbcglobal.net/article.php?item=4640

  • We will use sbc smtp server via authentication to sent emails. Do this:
  • Install these two modules (They tell postfix how to authenticate):

apt-get postfix-tls libsasl2-modules
  • ADD to main.cf by using postconf. Just type:

postconf -e "relayhost = [smtp.sbcglobal.yahoo.com]"
postconf -e "smtp_sasl_auth_enable = yes"
postconf -e "smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd"
postconf -e "smtp_sasl_security_options = noanonymous"
  • Create a file called sasl_passwd in /etc/postfix/sasl_passwd. Inside type in

[smtp.sbcglobal.yahoo.com] username@sbcglobal.net:mypassword
  • Now change permisions so others can't read it:

chmod 600 /etc/postfix/sasl_passwd
  • Now postmap it. (creates database-like file so postfix can read it)

postmap /etc/postfix/sasl_passwd
  • Restart postfix

postfix reload
  • Done. You can use "mutt" to sent emails outside. Check /var/log/mail.log to see if everything is working.

Mailman with Postfix

  • Install mailman:

apt-get install mailman
  • When done type:

newlist mailman
  • Start mailman

/etc/init.d/mailman start

relay_domains = example.com, lists.example.com
  • In same file add ,hash:/var/lib/mailman/data/aliases after alias_maps

alias_maps = hash:/etc/aliases,hash:/var/lib/mailman/data/aliases
  • Now type:

postconf -e "transport_maps = hash:/etc/postfix/transport"
postconf -e "mailman_destination_recipient_limit = 1"
  • In /etc/postfix/master.cf add:

mailman unix  -       n       n       -       -       pipe
   flags=FR user=list
   argv=/var/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
  • Edit or create /etc/postfix/transport. Add this line:

lists.example.com    mailman:
  • Then postmap it:

postmap /etc/postfix/transport
  • Now edit /etc/mailman/mm_cfg.py and add:

MTA = 'Postfix'
DEB_LISTMASTER = 'postmaster@example.com'
POSTFIX_STYLE_VIRTUAL_DOMAIN = ['lists.example.com']
  • Done. Now restart postfix, mailman

/etc/init.d/postfix reload
/etc/init.d/mailman restart
  • Create a mailing list:

newlist list_name
  • If you want archives add this to /etc/apache2/apache2.conf

Alias /pipermail/ /var/lib/mailman/archives/public/
Alias /images/mailman/ /usr/share/images/mailman/
  • Done. Go to

http://lists.yourwebsite.com/cgi-bin/mailman/listinfo/list_name/

Ampache (Music Server) on Debian

  • Ampache the music server.
  • We need apache and php. If this is not installed we need to install it. do "apt-cache policy apache2" to see if it is installed. (apache 1 will work too)

apt-get install apache2
apt-get install php5 php5-mysql php5-gd
  • Download ampache and extract it

wget http://www.ampache.org/downloads/current.tar.gz
tar -xzvf current.tar.gz
  • Move the extracted ampache folder to the correct folder (change the version number to match yours):

mv ampache-3.3-beta4 /usr/local/bin/ampache
cd /usr/local/bin/ampache
  • Change permissions so the apache server can read ampache files

chown -R www-data:www-data /usr/local/bin/ampache
  • Create and edit ampache file for apache(the webserver). This will tell apache2 about ampache: "/etc/apache2/conf.d/ampache":

Alias /ampache "/usr/local/bin/ampache/"
<directory />
       DirectoryIndex index.php index.html
       Options Indexes MultiViews
       AllowOverride None
       Order allow,deny
       Allow from all
</directory>

* Optional, you could change Alias from /ampache "/usr/local/bin/ampache/" to something like

Alias /musiclover "/usr/local/bin/ampache/"
  • Restart apache

/etc/init.d/apache2 restart
  • Now apache needs mysql. If you have one go to next step. Otherwise install it:

apt-get install mysql-server
  • Almost done. Now go to this link and follow directions.(enter your database password and press install.)

http://localhost/ampache/install.php
  • Done. Enjoy
  • When you add music. www-data needs to be able to read your music. So you need to add www-data to group permissions. This can be done by:

chgrp -R www-data /path/to/mymusic/*
  • or in my case i created group users

addgroup users
chgrp -R users path/to/mymusic/*
adduser www-data users
  • Done. Amapche uses around 20kb of bandwith per stream per user.

Mod Python and PSP

  • Installing python scripting pages with mod python on debian and apache2

apt-get update
apt-get install libapache2-mod-python
  • Module should be enabled, to check type:

a2enmod mod_python
  • Enable psp support by adding following in /etc/apache2/httpd.conf :

AddHandler mod_python .psp .psp_
PythonHandler mod_python.psp
  • Your final httpd.conf should look something like this:

<Directory "/var/www/pspwebsite/folder">
 AddHandler mod_python .psp .psp_
 PythonHandler mod_python.psp
 PythonDebug On
 Options Indexes MultiViews
 AllowOverride None
 Order allow,deny
 Allow from all
 DirectoryIndex index.psp
</Directory>
  • Save the file and reload apache:

/etc/init.d/apache2 reload
  • Done enjoy.

MoinMoin Wiki with Apache2 and Mod Python

  1. Apache2 and mod_python should be installed by now. If not do

apt-get update
apt-get install apache2
apt-get install libapache2-mod-python

Now Install moinmoin wiki.

apt-get install python-moinmoin
mkdir /var/www/mywiki
cp -r /usr/share/moin/data /usr/share/moin/underlay /usr/share/moin/server/moin.cgi /var/www/mywiki
chown -R www-data:www-data /var/www/mywiki
  1. Configure apache2
  2. Add the following lines to /etc/apache2/conf.d/wiki:

Alias /wiki/ "/usr/share/moin/htdocs/"

<Location /mywiki>
SetHandler python-program
PythonPath "['/var/www/mywiki','/etc/moin/']+sys.path"
PythonHandler MoinMoin.request::RequestModPy.run
PythonDebug On
</Location>
  1. Reload apache2

/etc/init.d/apache2 reload
  1. Configure Moinmoin
  2. Edit /etc/moin/farmconfig.py. You have 2 options.

wikis = [
          ("mywiki",    r"^yoursite.com/mywiki/.*$"),
        ]

or

wikis = [
    ("mywiki",  r".*"),   # this is ok for a single wiki
]
  1. Also, in /etc/moin/farmconfig.py comment out data_dir and data_underlay_dir (we need those defined separately for each wiki)
  2. Copy this file if it exists. Otherwise move on to editing mywiki.py

cp /etc/moin/moinmaster.py /etc/moin/mywiki.py
  1. Then edit /etc/moin/mywiki.py

sitename = u'MyWiki' # [Unicode]
data_dir = '/var/www/mywiki/data'
data_underlay_dir = '/var/www/mywiki/underlay'
  1. Comment out data_dir if it is somewhere else in a file
  2. Enjoy your new wiki at http://yoursite.com/mywiki/

  3. If you want your default website to go to mywiki, edit /etc/apache2/sites-available/default, and where you see ?RedirectMatch do"

#RedirectMatch ^/$ /apache2-default/
RedirectMatch ^/$ /mywiki/
  • Done.
  • [Optional]If you would like to enable file attachment add this to /etc/moin/mywiki.py, right below previus changes. Namely right under data_underlay

allowed_actions = ['AttachFile']

Debian Anti-Spam Anti-Virus Gateway Email Server

http://lucasmanual.com/mywiki/DebianAntiSpamGatewayEmailServer

Fax Server

http://lucasmanual.com/mywiki/FaxServer

Network Time Synchronization

  • NTP Date

Network Time Protocol

  • This will keep you system date with exact match to actual date.
  • Type date to see current date and time

date
  • Install NTP

apt-get install ntpdate
  • Done.
  • Type date again to see if the time changed.

  • [Optional]If you would like to add a server that is closer to you and you know its address. You could type:

/etc/init.d/ntp-server stop
ntpdate clock.fmt.he.net
ntpdate ntp1.tummy.com
/etc/init.d/ntp-server start

FTP Server

Install

  • Install Ftp Server ("Very secure ftp server")

apt-get update
apt-get install vsftpd
  • Ftp server has been installed

Configure

  • Now configure your server
  • Edit /etc/vsftpd.conf

vi /etc/vsftpd.conf
  • [Optional] Disable Anonymous account by finding the line that says anonymous_enable=YES and make it

anonymous_enable=NO
  • [Optional] Allow Write access (upload access). Find and uncomment the following line:

write_enable=YES
  • [Optional] Add you banner when people log in. Find and uncomment this #ftpd_banner=Welcome to blah FTP service. line and make it:

ftpd_banner=Welcome to example.com FTP service. Enjoy.
  • [Optional] Allow local users to log in. Uncomment the following line:

local_enable=YES

Photo Album Server

  • Photo album gallery2 server.

http://lucasmanual.com/mywiki/PhotoAlbumServer

Domain Controller, Samba

http://lucasmanual.com/mywiki/SambaDomainController

NFS Server

See the Debian Wiki page ["NFSServerSetup"].

Debian Printing

http://lucasmanual.com/mywiki/DebianPrinting

Debian Configuration

Change from dhcp to static ip

  • edit /etc/network/interfaces
  • comment iface eth0 inet dhcp and below type :

iface eth0 inet static
[tab]address 192.168.1.200
[tab]network 192.168.1.0
[tab]netmask 255.255.255.0
[tab]broadcast 192.168.1.255
[tab]gateway 192.168.1.1
  • Your file should look like:

#iface eth0 inet dhcp
iface eth0 inet static
    address 192.168.1.200
    network 192.168.1.0
    netmask 255.255.255.0
    broadcast 192.168.1.255
    gateway 192.168.1.1
  • or

iface eth0 inet static
    address 192.168.5.200
    network 192.168.5.0
    netmask 255.255.255.0
    broadcast 192.168.5.255
    gateway 192.168.5.254

Subversion

  • Svn is a software that manages any type of data. It monitors its changes, lets you update them, and if something went wrong you can go back to previous version with no problems.
  • Let's install it on Debian:

apt-cache search svn
apt-get install subversion
  • Subversion is installed
  • The story goes like this: I have a project I am working on. It is located at

/home/lucas/my_best_project
  • This folder includes

/home/lucas/my_best_project/trunk/install.c
/home/lucas/my_best_project/trunk/readme.txt
  • I keep my working files in trunk. I want it in subversion now!
  • We need to tell subversion where it can store its repositories:
  • It will be in

/usr/local/src/
  • Now create repository directory:

svnadmin create /usr/local/src/my_best_project
  • Now I am going to import my_best_project to svn

svn import /home/lucas/my_best_project file:///usr/local/src/my_best_project -m "initial import"
  • Folder /home/lucas/my_best_project is not important anymore. SVN is not concerned what you are going to do with it.

  • Now we need to start working with subversion and we do that by creating a folder where we can work on my best project with subversion. It will be in /home/lucas/new_folder/ We need to go to that folder. And from that folder we issue command:

svn checkout file:///usr/local/src/my_best_project
  • Now it created

/home/lucas/new_folder/my_best_project
  • This folder contains files I kept in a trunk. I can now work on it and let svn take care the version tracking.

* Optional, you could use subversion over ssh. You need to install subversion on your computer and then:

svn co svn+ssh://your.remote-server.com/usr/local/src/my_best_project

* Done. Now its time to make that tool great.

Multimedia player and codec on Debian

/etc/apt/source.list

deb http://mirrors.ecology.uni-kiel.de/debian/debian-multimedia testing main
  • Now install xine:

apt-get update
apt-get install xine-ui
  • Now install windows file format support:

apt-get install w32codecs
  • Done. You can remove the mirror we just entered from sourcelist if you wish to do so.

Ati binary driver

Steps borrowed from [http://michael.susens-schurter.com/blog/2006/11/20/installing-fglrx-ati-drivers-in-debian-etch/ Michael Schurter's blog]. Tips borrowed from [http://gentoo-wiki.com/HOWTO_ATI_Drivers Gentoo wiki].

  • Step 0: Install the required packages (you may need to add "non-free" to /etc/apt/sources.list)

apt-get update
apt-get install fglrx-control fglrx-driver fglrx-kernel-src module-assistant mesa-utils
  • Step 1: Change to kernel and kernel module source code directory.

cd /usr/src
  • Step 2: Prepare your system to build new kernel modules.

module-assistant prepare
  • Step 3: Build the fglrx kernel module.

module-assistant a-i fglrx
  • Step 4: Make a copy of your xorg.conf file:

cp /etc/X11/xorg.conf /etc/X11/xorg.conf.todaysdate
  • Step 5: Edit your /etc/X11/xorg.conf file, and set your display driver to fglrx
  • Locate the device section and add the corresponding lines Section "Device".

Section "Device"
   Driver "fglrx"
   Option "VideoOverlay" "on"
EndSection
  • Driver line is probably currently set to "radeon" or "ati". Remember which name you have because you will use it in step #7.
  • Also enable XVideo in Extentions

Section "Extensions"
   Option "XVideo" "Enable"
EndSection
  • Step 5: Exit Gnome (or KDE, just get out of X Windows), press ctrl-alt-F1 to get a console, login as root.
  • Step 6: Stop Gnome Display Manager:

/etc/init.d/gdm stop

Or KDE Display Manager

/etc/init.d/kdm stop

Or X Display Manager

/etc/init.d/xdm stop
  • Step 7: Remove the old kernel module

modprobe -r radeon
  • Step 8: Load the new kernel module

modprobe fglrx
  • Step 9: Start the Display manager (substitude gdm with kdm or xdm)

/etc/init.d/gdm start
  • Step 10: Test the 3d acceleration

glxinfo | grep direct
  • Step 11: Test the xvideo extension

xvinfo

Mount Windows Share

  • You need to have smbfs installed. If you don't do this:

apt-get update
apt-get install smbfs
  • To mount windows share drive you need to create a folder:

mkdir somefolder
  • As root or with root privilages (su root or sudo)

mount -t smbfs -o username=administrator,password=password
//windowsservername/folder /home/lucas/somefolder

If you don' want the password to show up you could do

mount -t smbfs -o username=administrator //windowsservername/folder /home/lucas/somefolder

[Optional] You can replace administrator with your username. You can also replace windowsservername with ip address //192.168.1.10/folder ....

Add a network card

  • See if your card is in a list.

lspci -v
  • Add a network card by a hardware number. Replace 00:00:..:00 with your harware number. It should be 16 characters.

ifconfig eth1 hw erher 00:00:..:00 uo

Debian Security

Power Users

Sudo

  • If sudo command is not installed, install it.

apt-get update
apt-get install sudo
  • Then run visudo

visudo
  • Copy root ALL=(ALL) ALL and paste it right below. Then change root to your user name on the pasted line.

yourusername    ALL=(ALL) ALL

Disable ssh root access

  • Edit file sshd_config file

vi /etc/ssh/sshd_config
  • On a line where you see Permit root login change it to no

PermitRootLogin no
  • Restart or reload ssh

/etc/init.d/ssh force-reload
  • This will prevent other users from trying to get guess your password. 100s of lines on your system that look:

Security Events
=-=-=-=-=-=-=-=
Feb  5 07:21:15 localhost sshd[8586]: Failed password for root from xx.xx.xx.xx port 60618 ssh2
Feb  5 07:21:15 localhost sshd[8588]: Failed password for root from xx.xx.xx.xx port 60637 ssh2

Laptop and Debian

Intel ipw2200 wireless card

  • I believe, due to FCC or other frequency levels restrictions; we need to download firmware from:

http://ipw2200.sourceforge.net/firmware.php?fid=7
  • Untar it

sudo tar xzvf ipw2200-fw-3.0.tgz -C /lib/firmware
  • Type:

sudo modprobe ipw2200
  • Then this will tell you a list of wireless devices:

iwconfig
  • Done. In my case wireless card was attached to eth2

Authenticate with wpa using PSK TKIP

* Install wpasupplicant

apt-get update
apt-get install wpasupplicant

* Open /etc/network/interfaces

vi /etc/network/interfaces

*If you see "iface eth2..." add the following lines, but change ssid and password:

iface eth2 inet dhcp
wpa-ssid thisismynetworkname
wpa-key_mgmt WPA-PSK
wpa-proto WPA
wpa-pairwise TKIP
wpa-group TKIP
wpa-psk thisismypassword
wpa-driver wext

*Exit, and now type:

ifup eth2

*Done. If you want you your wireless card to connect each time you boot your computer add this above "iface eth2.."

auto eth2

*Done. [Optional](see the [:WPA:WPA page] for status on wpa support in debian)

User Manuals

DVD9 to DVD5

http://lucasmanual.com/mywiki/DVD9toDVD5

DVD9 to AVI

http://lucasmanual.com/mywiki/DVD9toAVI

Troubleshooting

SSH terminal connection timeout

  • If you get an error:

Read from remote host example.com: Connection reset by peer
Connection to example.com closed
  • Edit /etc/ssh/sshd_config and add:

ClientAliveInterval 150

Useful Debian Programs

Photo and Image

* Digikam, for all your digital camera needs

apt-get update
apt-get install digikam

CD and DVD

* K3B, for burning cd/dvd.

apt-get update
apt-get install k3b

Players and Viewers

Flash

  • For Flash support you need to add contirib to your apt source list , then

apt-get update
apt-get install flashplugin-nonfree