HowTo: Setup an, FTP, MySQL, HTTP Home Server – FC4

[d3xt3r]

Very nicely done.
A few minor hiccups to overcome and it was smooth sailing.

Thanks for taking the time to set this out in a linear fashion. Your time spent most definately saved me alot of time.

Cheers to ya.

[dbo]

Really well done Tutorial. Thanks alot for taking the time to help out us guys who are new to FC.

Cheers!

[SharedMedia]

Your Welcome!

[SharedMedia]

Quote:

Originally Posted by blueflowers

This only works at home? I need this to work on the web, could someone point me to a tutorial that works for the web asa well?

LOL, you can use this snippet to setup a home server OR a valid web server for hosting. Just ensure that if you are placing your Linux box behind a firewall, to configure your NIC to use your gateway.

[SharedMedia]

It's True... at time of writing this tutorial, the links to grab some of the rpms may now be outdated, however I am working on my own server to give all Fedora Nuts a place to grab all my server files, including making an installer (like SME, Mitel) so all you have to do is answer config questions and your server is all done ..

I have been away on course and appreciate the feedback, I will have an UPDATED howto with a PDF attachment for this server setup and more...

[SharedMedia]

Quote:

Originally Posted by python2k5

When issuing the 'yum remove cups*'

It wanted to remove about 59 Dependencies.... Why is that?

Unsure why you are receiving that, upon numerous setups I have done, the only thing that happens when issuing that command will..
1) update your yum respositories (becuase you are running the YUM command for the first time)
2) update the dep's for YUM
3) remove CUPS (printing in linux, and if installed.. installed by default even on a MINIMUM Install)

Here is what Yum should look like when its ready to remove CUPS..

Last login: Tue Oct 18 17:08:49 2005
[root@LinuxTICKET ~]# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*
[root@LinuxTICKET ~]# yum remove cups*
Setting up Remove Process
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Package cups.i386 1:1.1.23-15 set to be erased
---> Package cups-libs.i386 1:1.1.23-15 set to be erased
--> Running transaction check
Setting up repositories
updates-released 100% |=========================| 951 B 00:00
extras 100% |=========================| 1.1 kB 00:00
base 100% |=========================| 1.1 kB 00:00
Reading repository metadata in from local files
primary.xml.gz 100% |=========================| 343 kB 00:01
updates-re: ################################################## 967/967
Added 967 new packages, deleted 0 old in 31.12 seconds
primary.xml.gz 100% |=========================| 912 kB 00:02
extras : ################################################## 2530/2530
Added 2530 new packages, deleted 0 old in 60.46 seconds
primary.xml.gz 100% |=========================| 824 kB 00:02
base : ################################################## 2772/2772
Added 2772 new packages, deleted 0 old in 52.33 seconds
--> Processing Dependency: /usr/bin/lpr for package: redhat-lsb
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Package redhat-lsb.i386 0:1.3-10 set to be erased
--> Running transaction check

Dependencies Resolved

================================================== ===========================
Package Arch Version Repository Size
================================================== ===========================
Removing:
cups i386 1:1.1.23-15 installed 3.9 M
cups-libs i386 1:1.1.23-15 installed 196 k
Removing for dependencies:
redhat-lsb i386 1.3-10 installed 17 k

Transaction Summary
================================================== ===========================
Install 0 Package(s)
Update 0 Package(s)
Remove 3 Package(s)
Total download size: 0
Is this ok [y/N]: y
Downloading Packages:
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Removing : redhat-lsb ######################### [1/3]
Removing : cups ######################### [2/3]
Removing : cups-libs ######################### [3/3]

Removed: cups.i386 1:1.1.23-15 cups-libs.i386 1:1.1.23-15
Dependency Removed: redhat-lsb.i386 0:1.3-10
Complete!
[root@LinuxTICKET ~]#

[SharedMedia]

Hi, This is for the DDCLIENT, google for "DDclient for fc4 rpm", Links may have now been removed,. When I update my Howto clean it up and provide a PDF, I will only include the rpm names, and host the files on my server..

[SharedMedia]

Quote:

Originally Posted by Tezyn54

in step 2 where it says to issue>wget http://apt.sw.be/dries/packages/ddc...4.rf.noarch.rpm I don't get a responce, and I assume that it is because that url has been abreviated. Is there an updated url?

To answer my own question, if you mouse over the URL it will show the full url on the status bar.

Hi, Like the above... the URL is probably dead, I will update the howto and clean up any broken links... Thanks!!

[wast8]

this has been the most helpful post so far. Well done.

however, I'm facing problems trying to remote access to mysql based on this guide.

I have commented out skip-networking.
I have granted the user@ip-address all privileges.
I am able to connect via localhost as my phpmyadmin works wonders.

done almost everything but still cannot connect via odbc on port 3306 from a client. please help.

Thanks in advance.

[matthinckley]

I can't figure out how to get FTP access to the /var/www/html directory.. I would really like to be able to get into that folder via FTP

Thanks

[larka06]

Download the DDCLIENT for FC4 (our DynDNS Updater Daemon) with wget.
DDclient is a small but full featured client requiring only Perl and no additional modules. It runs under most UNIX OSes and has been tested under GNU/Linux and FreeBSD. Supported features include: operating as a daemon, manual and automatic updates, static and dynamic updates, optimized updates for multiple addresses, MX, wildcards, abuse avoidance, retrying failed updates, and sending update status to syslog and through e-mail.

Website: http://ddclient.sourceforge.net/
License: GPL

- Issue the following command: > rpm –Uvh ddclient-3.x.x-x.x.fc4.fr.noarch.rpm
- Issue the following command: > reboot -n (To ensure all new/updated packages will be used).


I am unable to use this section of your howto. I see below that I am not the only one so, I hope I am not troubling you with redundent data.
I too am a newbie, self taught, and still learning. Thank you for your work and effort
larka06

[matthinckley]

I used yum ddclient

worked fine for me

[matthinckley]

is there a way to get ftp access to the /var/www/html directory?

also, is it a problem with my server that the trailing / is always required?

like to get to phpMyAdmin i cant type in http://web.site.name/phpMyAdmin

it gives me a page cannot be displayed error, although it does ask me for my username and password.

but if i type in http://web.site.name/phpMyAdmin/

it works fine

thanks for the great tutorial by the way. very, very useful

[larka06]

Thank you for all our help. It is appreciated. I have hugged my pinquin today. chuckle

[larka06]

Quote:

Originally Posted by SharedMedia

.
Current Revision Date: Wednesday, November 03, 2005

------------=========== STEP 3 - Configuring MySQL ==========---------------

Now that we have all the needed packages, let’s customize our server! We must copy the default configuration files for safe keeping. Keep in mind, if you have configured Up2date (if you use) or Yum to overwrite any rpms with custom configurations files.. Back them up before updating or all is lost!!

Using Putty, login to your Linux Server with Root.

WARNING! Backup current MySQL Database Directory and MySQL User Information..
This thread is supplied as a Security How-To and to be conducted by experienced users.

The Intro..
MySQL is one of the most popular databases on the Internet and it is often used in conjunction with PHP. Besides its undoubted advantages such as easy of use and relatively high performance, MySQL offers simple but very effective security mechanisms. Unfortunately, the default installation of MySQL, and in particular the empty root password and the potential vulnerability to buffer overflow attacks, makes the database an easy target for attacks.

This article describes the basic steps which should be performed in order to secure a MySQL database against both local and remote attacks.

Copy and edit a new configuration file
We must copy the default configuration file for safe keeping.
- Issue the following command: > cp -rf /etc/my.cnf /etc/my.cnf.original
- Issue the following command: > vi /etc/my.cnf

Disable remote access
The first change applies to the 3306/tcp port, on which MySQL listens by default. Because, according to the initial assumptions, the database will be used only by locally installed PHP applications, we can freely disable listening on that port. This will limit possibilities of attacking the MySQL database by direct TCP/IP connections from other hosts. Local communication will be still possible throw the mysql.sock socket. In order to disable listening on the mentioned port, the following parameter (skip-networking) should be added to the [mysqld] section of /mysql/etc/my.cnf:

[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Default to using old password format for compatibility with mysql 3.x
# clients (those using the mysqlclient10 compatibility package).
old_passwords=1
skip-locking
skip-networking

Improve local security
The next change is to disable the use of LOAD DATA LOCAL INFILE command, which will help to prevent against unauthorized reading from local files. This matters especially when new SQL Injection vulnerabilities in PHP applications are found. For that purpose, the following parameter (set-variable=local-infile=0) should be added in the [mysqld] section in /mysql/etc/my.cnf:

[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Default to using old password format for compatibility with mysql 3.x
# clients (those using the mysqlclient10 compatibility package).
old_passwords=1
skip-locking
skip-networking
set-variable=local-infile=0

[esc]: wq to save your new configuration “my.cnf” file

MySQL Database Security & Administration
One of the most important steps in securing MySQL is changing the database administrator's password, which is empty by default. In order to perform that, we should run MySQL (if it is not already running): and change the administrator's password as follows:

- Issue the following command: > service mysqld start (to start the daemon and be prompted with “mysql>” command client).

Once MySQL has created its default tables and users, the following mysql commands will need to be issued to complete the securing of our daemon. At the “mysql>” command prompt, type the following for:

Change admin password
mysql> SET PASSWORD FOR root@localhost=PASSWORD('enter_new_password_here') ;

It is good practice not to change passwords from the command line, for example, by using the "mysqladmin password" command. This is especially important when other users work on the server. In that case the password could be easily revealed, e.g. by using the "ps aux" command or reviewing history files (~/.history, ~/.bash_history etc), when improper access rights are set to them.

Remove default users/db
Next, we must remove the sample database (test) and all test user accounts except the local mysql root account (not associated with the Fedora root user account):

mysql> drop database test;
mysql> use mysql;
mysql> delete from db;
mysql> delete from user where not (host="localhost" and user="root");
mysql> flush privileges;

This will prevent the database from establishing anonymous connections and -- irrespective of the skip-networking parameter in /mysql/etc/my.cnf -- remote connections as well.

Change the default “admin” name
It is also recommended to change the default name of administrator's account root (this is NOT associated with Fedora root user!), to a different, harder to guess one. Such a change will make it difficult to perform brute-force and dictionary attacks on the administrator's password. In this case the intruder will have to guess not only the password, but first and foremost, the name of the administrator's account.

mysql> update user set user="change_to_newname_here" where user="root";
mysql> flush privileges;

Once you're done you can end mysql client by typing quit or exit at the mysql> prompt.

mysql> quit

Remove history
Finally, we should also remove the content of the MySQL history file (~/.mysql_history), in which all executed SQL commands are being stored (especially passwords, which are stored as plain text): Issue this command from your Fedora root prompt.

- Issue the following command: > cat /dev/null > ~/.mysql_history

You now have a secured MySQL database..

FAQ's
Q) How do I start the local MySQL Client now?
A) Issue the following command: mysql -h localhost -u YOUR-MYSQLD-NEWUSER-NAME -p mysql.
(This will run the MySQL Client with the new username you provided and prompt you for the password).

Example:
>mysql -h localhost -u my.new.name.I.created -p
Enter password: xxxxxxxxxxxx
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4 to server version: 4.0.18-nt
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql>

My Sample MY.CNF File:
# Example mysql config file for small systems.
##################################################
# This is for a system with little memory (<= 64M) where MySQL is only used #
# from time to time and it's important that the mysqld deamon
# doesn't use much resources.
#
# You can copy this file to
# /etc/my.cnf to set global options,
# mysql-data-dir/my.cnf to set server-specific options (in this
# installation this directory is /usr/local/mysql/var) or
# ~/.my.cnf to set user-specific options.
#
# One can in this file use all long options that the program supports.
# If you want to know which options a program support, run the program
# with --help option. #
##################################################

# The following options will be passed to all MySQL clients

[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Default to using old password format for compatibility with mysql 3.x
# clients (those using the mysqlclient10 compatibility package).
old_passwords=1
skip-locking
skip-networking
set-variable=local-infile=0
set-variable = key_buffer=128K
set-variable = max_allowed_packet=1M
set-variable = thread_stack=64K
set-variable = table_cache=4
set-variable = sort_buffer=64K
set-variable = net_buffer_length=2K
server-id = 1
skip-bdb
skip-innodb

[mysql.server]
user=mysql
basedir=/var/lib

[mysqld_safe]
err-log=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

[isamchk]
set-variable = key_buffer=8M
set-variable = sort_buffer=8M

[myisamchk]
set-variable = key_buffer=8M
set-variable = sort_buffer=8M

[myisamchk]
set-variable = key_buffer=8M
set-variable = sort_buffer=8M

I am back. I am having problems changing the password as you said in you HOW TO. Here is what you say to do: mysql> SET PASSWORD FOR root@localhost=PASSWORD('enter_new_password_here') ; I have set each word as you have there with the exception ('enter_new_password_here'); , instead I have put my password there with 'my password'; I have also done it with no spaces, with spaces, with the quotes, without the quotes. I have even left of the last PASSWORD. I looked at the db version and I have 4.1. I am a newbie and learning from you and others I sure hope I am not a pain.
Thank you for your time and energy.
larka06