Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Wednesday, November 21, 2012

Mageia 2.0 LAMP

http://chrisjpowell.com/os-sunday-when-a-fork-is-more-than-just-a-fork-mageia-2-0/
If the world of Ubuntu had never come along and wooed me away from the stability and feature set of Mandriva Linux (well at the time it was Mandrake Linux) but the Distro has always had some underlying drama associated with it (most recently there has been the long standing demise of the distro) so along with that came a call for the Mandriva Linux  Community to take up the charge and build a newer, faster, stronger version of the venerable RPM based Distro.  And along comes Mageia.  I can honestly say I missed the news of version 1.0 coming out but from tracking back some reviews…I am glad that I waited for version 2.0!
Mageia 2
For those who know me, I am a Debian/Ubuntu kind of guy so taking a step back and giving an RPM based distro a whirl is a big step for me.  I grabbed the 3.4GB 64Bit DVD image from the Mageia Site and set up my standard VM in Oracle VirtualBox (4 GB of RAM and 20 GB of disk space).  The Download was surprisingly fast and installation was a breeze, a far cry from my last Mandriva Install!  The Installation asks if you would like KDE or Gnome…I chose Gnome (my preferred desktop environment).
Included with the Distro is a wide array of selections for software:
  • Firefox, Opera or Chromium Browser
  • The Gimp, Blender and a host of Image Software
  • LibreOffice and Calligra are included for Productivity
  • Media options include VLC, RhythmBox and even XBMC for those who want a full featured experience
  • Wine and VirtualBox also come preinstalled
Because of the multitude of options that come with a DVD install, the installation took a little longer than I have seen in my previous demo OS reviews but considering that they were all CD or small DVD ISO’s I will forgive the team at Mageia for this one.
A solid start to a morning as the initial boot took less than 60 seconds to get to a working desktop (and that included 2 fat fingered attempts at my newly minted password).  Looking through the installed Applications, I was impressed by both the variety and choices made but when I went to try to add a new piece of software it kept asking for the Mageia DVD.  I poked around the system looking for the options to setup the sources for updates and unfortunately, it is vastly different then Ubuntu and many of the other setups I have tested recently but I did locate the Mageia Control Center which gives the user all the access needed to configure and build out a custom Desktop.
The big question is whether or not I could get past my love affair with Debian Based Files and make even a temporary switch over to the darkside of another package manager format?  Well I can say if all of the RPM based distros have gotten as easy to use as Mageia…that is a real possibility.
All said and done though…from the time that I configured the VM to initially boot Mageia to a working desktop it was 20 minutes all said and done.  Pretty respectible.  In poking around under the hood though there are some things that concern me:
  • The Interface looks dated…it is a throw back to a simpler time but looks very much so like a Distro that rolled off the line in 2005 not 2012!
  • Version of Firefox installed is 10.0.4 which dates back to April 2012…ok that is getting nit picky
  • It did not locate my Home Network to be able to connect and pull down my media…this would be a huge turn off for a novice user trying out the distro and would cause undo frustration…simple Samba setup should be included
  • Because of the Network Issue, I could not configure my 3 Printers…that is a problem
Overall, I think that Mageia 2.0 is a step in the right direction, there are still some things that need to be built out but if the future of the Mandriva family is to continue beyond the death of the company that supports it…well it is going to need a strong Community Based Distro like Mageia.
1 Initial launch of Mageia
http://www.mageia.org/en/downloads/get/?q=Mageia-2-dual-CD.iso
=================================
http://agentoss.wordpress.com/2012/08/11/mageia-2-lamp-server/

Mageia can also be used to setup fast, clean and easy to use server systems.

Installation from the Wired Network-based install CD

Minimal installation

Boot from the iso.
Just follow the installation procedure :
Installation method : FTP or HTTP server
Medium : Mageia 2
Select your preferred mirror carefully.

Partitioning

Since this is a web server, I personally like to create a separate /var partition.

Select packages

We are doing a minimal install, so deselect everything!
(we could directly choose web/ftp/database/etc servers but I like to do it by hand)
When everything is deselected, a following screen will offer you some more choices. Just accept the defaults.

Users

Set a root password, and create a regular user.
Installation terminated, reboot.

Configuration

Login as root
# df -h
Shows that a minimal install takes less than 600M of disk space, that’s nice!
Update packages database
# urpmi.update -a
Install server-flavored kernel and some useful programs while we are at it
# urpmi kernel-server-latest nano mlocate htop
Set the hostname
# echo >/etc/hostname mageiabox.example.com
# nano /etc/hosts
(edit accordingly)
Then reboot!

IMPORTANT!

By default, the firewall (shorewall) is enabled (unless you disabled it at installation time), and does not allow incoming connections.
Install some useful servers : ntpd, sshd
# urpmi ntpd sshd
Note : by default, ssh root login is not permitted.
Install and configure Postfix mail server (here just to be able to send mails
# urpmi postfix nail
(the nail package contains the regular mail/mailx command line program)
Edit postfix’s main configuration
# nano /etc/postfix/main.cf
(I personally add my ISP’s relayhost)
relayhost = smtp.myisp.com
Edit aliases if needed
# nano /etc/postfix/aliases
I personally set a root: alias with another email address.
root: me@myaddress.com
Don’t forget
# newaliases
Then start postfix
# service postfix start
Send a test mail
# echo “From my Mageia server!” | mail -s “Hello” me@myaddress.com
In case of problems, check the logs
# tail /var/log/mail/info.log
Now install the LAMP (Apache-Mysql-Php) stack
There are several variants, check with
# urpmq -S -a lamp
And install
# urpmi task-lamp
Note: this task will also install proftpd FTP server.
To disable proftpd :
# chkconfig proftpd off && service proftpd stop
Next, we must start and set a root password to MariaDB (mysql drop-in replacement in Mageia)
# service mysqld start
# mysqladmin password
(set new root password)
If you need to review the specific instructions for this MariaDB package
# more /usr/share/doc/mariadb/README.urpmi
Note : this LAMP stack also comes with phpmyadmin and php-eaccelerator.

Apache

Under Mageia, Apache’s process is httpd, process user and group are both “apache”. Configuration files are located in /etc/httpd/
Start Apache
# service httpd start
We need to configure the firewall to allow access to our web server from the outside.
Very simple with
# drakfirewall
(we could also edit manually the /etc/shorewall/rules file, and restart shorewall)
Your web server is now accessible from the other hosts.
Web statistics with Awstats
# urpmi awstats
There is a daily cron job, but it is possible to generate stats asap
# /usr/share/awstats/www/awstats.pl -config=awstats.conf -update
Can be consulted at http:///awstats

Need a blog? Easy installation of WordPress

# urpmi wordpress
Create a database
# mysql -uroot -p <

Point your browser to http:/wordpress to finish installation.

Need a CMS?

Drupal is available in the repository.
# urpmi drupal

Need a wiki?

# urpmq -a -S wiki
There’s Dokuwiki (lightweight), Mediawiki (heavyweight).
Example for Mediawiki, without suggested packages
# urpmi –no-suggests mediawiki
or the much lighter version
# urpmi –no-suggests mediawiki-minimal
Now initialize your new wiki “mywiki”
# mediawiki-create /var/www/mediawiki/mywiki
And enable it within Apache
# nano /etc/httpd/conf/webapps.d/mediawiki.conf
Alias /skins /usr/share/mediawiki/skins
Alias /wiki /var/www/mediawiki/mywiki

   Order allow,deny
   Allow from All
   Options +FollowSymLinks
# apachectl restart
Create missing “skins” symlink
# ln -s /usr/share/mediawiki/skins /var/www/mediawiki/mywiki/skins
Point your browser to http:///wiki and follow the install process.
Need OwnCloud?
# urpmi owncloud
Then point your browser to http:///owncloud/
Note : this may not be the latest version.

Need a web-based project management system?

Chiliproject, Redmine are packaged.

Need a bug-tracking web-based system?

Bugzilla is in the repository.
# urpmi –no-suggests bugzilla

Need a Pastebin?

Stikked is here.
# urpmi stikked
Read the install docs
# more /usr/share/stikked/INSTALL
At the time of writing this, there are only few webapps in the repositories (and versions maybe slightly lagging behind). But nothing prevents you from installing your favorite webapp from the project’ source.

Basic server supervision

smartmontools and hddtemp for hard disk health monitoring

# urpmi smartmontools hddtemp
eventually review smartd daemon configuration
# nano /etc/smartd.conf
start daemon
# chkconfig smartd on; service smartd start
Display status for /dev/sda
# smartctl -H /dev/sda

Sensors (can be used with Munin for monitoring temperatures, fan speeds, etc)

# urpmi lm_sensors
Then run
# sensors-detect

Logwatch (daily cron job)

# urpmi logwatch
Review config file
# nano /etc/log.d/logwatch.conf

Graphical supervision with munin 2.0

# urpmi munin-master munin-node
You may receive email warnings about missing munin-conf.d directory, so we create it:
# mkdir -p /etc/munin/munin-conf.d
Add some more plugins (sensors…)
# ln -s /usr/share/munin/plugins/sensors_ /etc/munin/plugins/
Don’t forget to restart node
# service munin-node restart
Please allow several minutes for Munin to generate his first html data (in case you’re encountering an “access denied” error when accessing the URL), then access your Munin dashboard by pointing your browser to http:///munin

Basic server security

(Please note, web server hardening is not the goal of this howto!)

Install Mageia-specific security tools, such as msec

# urpmi –no-suggests msec
Show current msec policy
# msec
Your system will be checked periodically via cron jobs (in /etc/cron.*/msec)
Check the logs
# less /var/log/msec.log

rkhunter (rootkit detection)

# urpmi rkhunter
# rkhunter –propupd
# rkhunter –check
(you may encounter some false positives)
A daily cron job is created.

Fail2ban (anti brute-force)

# urpmi fail2ban
Edit configuration (you should enable at least the ssh-iptables jail, and correct the email addresses in sendmail-whois)
# nano /etc/fail2ban/jail.conf
And start daemon
# service fail2ban start
Test brute force ssh with this command from another machine :
$ ssh invaliduser@
(try any password many times)
Now you can see the result on the server with the command
# fail2ban-client status ssh-iptables
And you’ll see the banned IP from the “attacking” machine :)

TIPS

Always read the man pages and the docs!
# ls -al /usr/share/doc/
Show all available packages
# urpmq –list -f |less
(or better, use the AppDb website, link below)
Show info for a package
# urpmq -Si
Update system
# urpmi –auto-update
Show currently active repositories
# urpmq –list-media active

Useful links

Official documentation
Mageia AppDb

No comments: