Mageia 2.0 LAMP

http://chrisjpowell.com/os-sunday-when-a-fork-is-more-than-just-a-fork-mageia-2-0/
If the world of Ubuntu had never come along and wooed me away from the stability and feature set of Mandriva Linux (well at the time it was Mandrake Linux) but the Distro has always had some underlying drama associated with it (most recently there has been the long standing demise of the distro) so along with that came a call for the Mandriva Linux  Community to take up the charge and build a newer, faster, stronger version of the venerable RPM based Distro.  And along comes Mageia.  I can honestly say I missed the news of version 1.0 coming out but from tracking back some reviews…I am glad that I waited for version 2.0!

For those who know me, I am a Debian/Ubuntu kind of guy so taking a step back and giving an RPM based distro a whirl is a big step for me.  I grabbed the 3.4GB 64Bit DVD image from the Mageia Site and set up my standard VM in Oracle VirtualBox (4 GB of RAM and 20 GB of disk space).  The Download was surprisingly fast and installation was a breeze, a far cry from my last Mandriva Install!  The Installation asks if you would like KDE or Gnome…I chose Gnome (my preferred desktop environment).
Included with the Distro is a wide array of selections for software:

• Firefox, Opera or Chromium Browser
• The Gimp, Blender and a host of Image Software
• LibreOffice and Calligra are included for Productivity
• Media options include VLC, RhythmBox and even XBMC for those who want a full featured experience
• Wine and VirtualBox also come preinstalled

Because of the multitude of options that come with a DVD install, the installation took a little longer than I have seen in my previous demo OS reviews but considering that they were all CD or small DVD ISO’s I will forgive the team at Mageia for this one.
A solid start to a morning as the initial boot took less than 60 seconds to get to a working desktop (and that included 2 fat fingered attempts at my newly minted password).  Looking through the installed Applications, I was impressed by both the variety and choices made but when I went to try to add a new piece of software it kept asking for the Mageia DVD.  I poked around the system looking for the options to setup the sources for updates and unfortunately, it is vastly different then Ubuntu and many of the other setups I have tested recently but I did locate the Mageia Control Center which gives the user all the access needed to configure and build out a custom Desktop.
The big question is whether or not I could get past my love affair with Debian Based Files and make even a temporary switch over to the darkside of another package manager format?  Well I can say if all of the RPM based distros have gotten as easy to use as Mageia…that is a real possibility.
All said and done though…from the time that I configured the VM to initially boot Mageia to a working desktop it was 20 minutes all said and done.  Pretty respectible.  In poking around under the hood though there are some things that concern me:

• The Interface looks dated…it is a throw back to a simpler time but looks very much so like a Distro that rolled off the line in 2005 not 2012!
• Version of Firefox installed is 10.0.4 which dates back to April 2012…ok that is getting nit picky
• It did not locate my Home Network to be able to connect and pull down my media…this would be a huge turn off for a novice user trying out the distro and would cause undo frustration…simple Samba setup should be included
• Because of the Network Issue, I could not configure my 3 Printers…that is a problem

Overall, I think that Mageia 2.0 is a step in the right direction, there are still some things that need to be built out but if the future of the Mandriva family is to continue beyond the death of the company that supports it…well it is going to need a strong Community Based Distro like Mageia.
1 Initial launch of Mageia

• 1.1 Blog Mageia en
• 1.2 English

http://www.mageia.org/en/downloads/get/?q=Mageia-2-dual-CD.iso
=================================
http://agentoss.wordpress.com/2012/08/11/mageia-2-lamp-server/

Mageia can also be used to setup fast, clean and easy to use server systems.

Installation from the Wired Network-based install CD

http://www.mageia.org/en/downloads/

Minimal installation

Boot from the iso.

Just follow the installation procedure :

Installation method : FTP or HTTP server

Medium : Mageia 2

Select your preferred mirror carefully.

Partitioning

Since this is a web server, I personally like to create a separate /var partition.

Select packages

We are doing a minimal install, so deselect everything!

(we could directly choose web/ftp/database/etc servers but I like to do it by hand)

When everything is deselected, a following screen will offer you some more choices. Just accept the defaults.

Users

Set a root password, and create a regular user.

Installation terminated, reboot.

Configuration

Login as root

# df -h

Shows that a minimal install takes less than 600M of disk space, that’s nice!

Update packages database

# urpmi.update -a

Install server-flavored kernel and some useful programs while we are at it

# urpmi kernel-server-latest nano mlocate htop

Set the hostname

# echo >/etc/hostname mageiabox.example.com

# nano /etc/hosts

(edit accordingly)

Then reboot!

IMPORTANT!

By default, the firewall (shorewall) is enabled (unless you disabled it at installation time), and does not allow incoming connections.

Install some useful servers : ntpd, sshd

# urpmi ntpd sshd

Note : by default, ssh root login is not permitted.

Install and configure Postfix mail server (here just to be able to send mails

see  http://www.postfix.org/STANDARD_CONFIGURATION_README.html#stand_alone

# urpmi postfix nail

(the nail package contains the regular mail/mailx command line program)

Edit postfix’s main configuration

# nano /etc/postfix/main.cf

(I personally add my ISP’s relayhost)

relayhost = smtp.myisp.com

Edit aliases if needed

# nano /etc/postfix/aliases

I personally set a root: alias with another email address.

root: me@myaddress.com

Don’t forget

# newaliases

Then start postfix

# service postfix start

Send a test mail

# echo “From my Mageia server!” | mail -s “Hello” me@myaddress.com

In case of problems, check the logs

# tail /var/log/mail/info.log

Now install the LAMP (Apache-Mysql-Php) stack

There are several variants, check with

# urpmq -S -a lamp

And install

# urpmi task-lamp

Note: this task will also install proftpd FTP server.

To disable proftpd :

# chkconfig proftpd off && service proftpd stop

Next, we must start and set a root password to MariaDB (mysql drop-in replacement in Mageia)

# service mysqld start

# mysqladmin password

(set new root password)

If you need to review the specific instructions for this MariaDB package

# more /usr/share/doc/mariadb/README.urpmi

Note : this LAMP stack also comes with phpmyadmin and php-eaccelerator.

Apache

Under Mageia, Apache’s process is httpd, process user and group are both “apache”. Configuration files are located in /etc/httpd/

Start Apache

# service httpd start

We need to configure the firewall to allow access to our web server from the outside.

Very simple with

# drakfirewall

(we could also edit manually the /etc/shorewall/rules file, and restart shorewall)

Your web server is now accessible from the other hosts.

Web statistics with Awstats

# urpmi awstats

There is a daily cron job, but it is possible to generate stats asap

# /usr/share/awstats/www/awstats.pl -config=awstats.conf -update

Can be consulted at http:///awstats

Need a blog? Easy installation of WordPress

# urpmi wordpress

Create a database

# mysql -uroot -p <


Point your browser to http:/wordpress to finish installation.

Need a CMS?

Drupal is available in the repository.

# urpmi drupal

Need a wiki?

# urpmq -a -S wiki

There’s Dokuwiki (lightweight), Mediawiki (heavyweight).

Example for Mediawiki, without suggested packages

# urpmi –no-suggests mediawiki

or the much lighter version

# urpmi –no-suggests mediawiki-minimal

Now initialize your new wiki “mywiki”

# mediawiki-create /var/www/mediawiki/mywiki

And enable it within Apache

# nano /etc/httpd/conf/webapps.d/mediawiki.conf
Alias /skins /usr/share/mediawiki/skins
Alias /wiki /var/www/mediawiki/mywiki

   Order allow,deny
   Allow from All
   Options +FollowSymLinks


# apachectl restart

Create missing “skins” symlink

# ln -s /usr/share/mediawiki/skins /var/www/mediawiki/mywiki/skins

Point your browser to http:///wiki and follow the install process.



Need OwnCloud?

# urpmi owncloud

Then point your browser to http:///owncloud/

Note : this may not be the latest version.

Need a web-based project management system?

Chiliproject, Redmine are packaged.

Need a bug-tracking web-based system?

Bugzilla is in the repository.

# urpmi –no-suggests bugzilla

Need a Pastebin?

Stikked is here.

# urpmi stikked

Read the install docs

# more /usr/share/stikked/INSTALL

At the time of writing this, there are only few webapps in the 
repositories (and versions maybe slightly lagging behind). But nothing 
prevents you from installing your favorite webapp from the project’ 
source.

Basic server supervision

smartmontools and hddtemp for hard disk health monitoring

# urpmi smartmontools hddtemp

eventually review smartd daemon configuration

# nano /etc/smartd.conf

start daemon

# chkconfig smartd on; service smartd start

Display status for /dev/sda

# smartctl -H /dev/sda

Sensors (can be used with Munin for monitoring temperatures, fan speeds, etc)

# urpmi lm_sensors

Then run

# sensors-detect

Logwatch (daily cron job)

# urpmi logwatch

Review config file

# nano /etc/log.d/logwatch.conf

Graphical supervision with munin 2.0

# urpmi munin-master munin-node

You may receive email warnings about missing munin-conf.d directory, so we create it:

# mkdir -p /etc/munin/munin-conf.d

Add some more plugins (sensors…)

# ln -s /usr/share/munin/plugins/sensors_ /etc/munin/plugins/

Don’t forget to restart node

# service munin-node restart

Please allow several minutes for Munin to generate his first html 
data (in case you’re encountering an “access denied” error when 
accessing the URL), then access your Munin dashboard by pointing your 
browser to http:///munin

Basic server security

(Please note, web server hardening is not the goal of this howto!)

Install Mageia-specific security tools, such as msec

# urpmi –no-suggests msec

Show current msec policy

# msec

Your system will be checked periodically via cron jobs (in /etc/cron.*/msec)

Check the logs

# less /var/log/msec.log

rkhunter (rootkit detection)

# urpmi rkhunter

# rkhunter –propupd

# rkhunter –check

(you may encounter some false positives)

A daily cron job is created.

Fail2ban (anti brute-force)

# urpmi fail2ban

Edit configuration (you should enable at least the ssh-iptables jail, and correct the email addresses in sendmail-whois)

# nano /etc/fail2ban/jail.conf

And start daemon

# service fail2ban start

Test brute force ssh with this command from another machine :

$ ssh invaliduser@

(try any password many times)

Now you can see the result on the server with the command

# fail2ban-client status ssh-iptables

And you’ll see the banned IP from the “attacking” machine  

TIPS

Always read the man pages and the docs!

# ls -al /usr/share/doc/

Show all available packages

# urpmq –list -f |less

(or better, use the AppDb website, link below)

Show info for a package

# urpmq -Si 

Update system

# urpmi –auto-update

Show currently active repositories

# urpmq –list-media active

Useful links

Official documentation

https://doc.mageia.org/

https://wiki.mageia.org/en/URPMI

Mageia AppDb

http://mageia.madb.org/