Suse

Chrooting Apache2 With mod_chroot On OpenSUSE 11.2

how to set up mod_chroot with Apache2 on an OpenSUSE 11.2 system. With mod_chroot, you can run Apache2 in a secure chroot environment and make your server less vulnerable to break-in attempts that try to exploit vulnerabilities in Apache2 or your installed web applications.

1 Preliminary Note

I’m assuming that you have a running OpenSUSE 11.2 system with a working Apache2, e.g. as shown in this tutorial: The Perfect Server – OpenSUSE 11.2 x86_64 [ISPConfig 2]. In addition to that I assume that you have one or more web sites set up within the /srv/www directory (e.g. if you use ISPConfig).

2 Installing mod_chroot

mod_chroot package for OpenSUSE 11.2, therefore we must build it ourselves. First we install the prerequisites

yast2 -i libgcc glibc-devel gcc flex lynx compat-readline4 db-devel wget gcc-c++ make vim

yast2 -i apache2-devel

build mod_chroot

cd /tmp
wget http://core.segfault.pl/~hobbit/mod_chroot/dist/mod_chroot-0.5.tar.gz
tar xvfz mod_chroot-0.5.tar.gz
cd mod_chroot-0.5
apxs2 -cia mod_chroot.c

restart Apache

/etc/init.d/apache2 restart

Continue reading “Chrooting Apache2 With mod_chroot On OpenSUSE 11.2” »

Be the first to comment - What do you think?  Posted by Aniruddh - December 17, 2011 at 2:52 pm

Categories: Apache, OpenSUSE   Tags:

Script For Automatically Setting Up A Perfect Server On OpenSUSE 11.3 And Installing ISPConfig 3

a little script that automates the task of setting up a Perfect Server – OpenSUSE 11.3 x86_64 [ISPConfig 3], and in the end it also installs ISPConfig 3.

Please note: do not execute this script on an already working server, because this script may overwrite configuration files and break the running system. It is only meant to be used on a fresh installation of OpenSUSE 11.3.

If you are installing on OpenSUSE 11.2, please be sure to use another version of this script (also available on www.howtoforge.com).

There are few things missing from the tutorial, as I have found it. I have made a script, based on the tutorial, that prepares a system, and which contains several steps that, if not done, leave the system unfinished in some way.

Notable additions:

fail2ban configuration
SuSEfirewall2 enabled
Pure-ftpd configuration change (allow renames, change passive ports and permissions)
Postfix certificate generation
Apache SSL certificate generation, and switching ISPConfig to HTTPS
Fix of NameVirtualHost apache config with OpenSUSE (important for Apache to recognize multiple domains from ISPConfig)
Setup of rdiff-backup with cron
Fixed dovecot configuration to enable SSL and support courier-compatibility
Fixed pam_mysql to work on 64-bit systems
Fixed amavis to find clamd socket
Installed eAccelerator
Fixed apache custom errors path
Install and configure awstats
Configure apache and awstats to use mod_logio for correct bandwidth measurement

The script is imperfect in the fact that requires manual entry twice – when mysql_secure_install is run, and when ispconfig_update_svn is run. (I use svn, because ISPConfig latest SVN looks much nicer, but one can type stable as well – on production systems, you should use stable!)

Do

Continue reading “Script For Automatically Setting Up A Perfect Server On OpenSUSE 11.3 And Installing ISPConfig 3” »

Be the first to comment - What do you think?  Posted by Aniruddh - December 15, 2011 at 11:28 am

Categories: OpenSUSE   Tags:

Integrating eAccelerator Into PHP5 And Lighttpd (OpenSUSE 11.2) v

This guide explains how to integrate eAccelerator into PHP5 and lighttpd on an OpenSUSE 11.2 system. From the eAccelerator project page: “eAccelerator is a free open-source PHP accelerator, optimizer, and dynamic content cache. It increases the performance of PHP scripts by caching them in their compiled state, so that the overhead of compiling is almost completely eliminated. It also optimizes scripts to speed up their execution. eAccelerator typically reduces server load and increases the speed of your PHP code by 1-10 times.”

1 Preliminary Note

I have tested this on an OpenSUSE 11.2 server with the IP address 192.168.0.100 where lighttpd and PHP5 are already installed and working (e.g. as shown in this tutorial: Installing Lighttpd With PHP5 And MySQL Support On OpenSUSE 11.2). I’ll use lighttpd’s default document root /srv/www/htdocs in this tutorial for demonstration purposes. Of course, you can use any other vhost as well, but you might have to adjust the path to the info.php

2 Checking PHP5′s Current State

we install eAccelerator, let’s find out about our PHP5 installation. To do this, we create the file info.php in our document root /srv/www/htdocs

vi /srv/www/htdocs/info.php

we call that file in a browser: http://192.168.0.100/info.php

3 Installing eAccelerator

there’s no eAccelerator package for OpenSUSE 11.2 in the official repositories, therefore we must compile and install it from the sources. Before we can do this, we need to install some prerequisites

yast2 -i gcc flex wget gcc-c++ make php5-devel

cd /tmp
wget http://bart.eaccelerator.net/source/0.9.6.1/eaccelerator-0.9.6.1.tar.bz2
tar xvfj eaccelerator-0.9.6.1.tar.bz2
cd eaccelerator-0.9.6.1
phpize
./configure
make
make install

Continue reading “Integrating eAccelerator Into PHP5 And Lighttpd (OpenSUSE 11.2) v” »

Be the first to comment - What do you think?  Posted by Aniruddh - at 11:28 am

Categories: OpenSUSE, PHP   Tags:

Integrating XCache Into PHP5 And Lighttpd (OpenSUSE 11.2)

how to integrate XCache into PHP5 and lighttpd on an OpenSUSE 11.2 system. From the XCache project page: “XCache is a fast, stable PHP opcode cacher that has been tested and is now running on production servers under high load.” It’s similar to other PHP opcode cachers, such as eAccelerator and APC.

1 Preliminary Note

I have tested this on an OpenSUSE 11.2 server with the IP address 192.168.0.100 where lighttpd and PHP5 are already installed and working (e.g. as shown in this tutorial: Installing Lighttpd With PHP5 And MySQL Support On OpenSUSE 11.2). I’ll use lighttpd’s default document root /srv/www/htdocs in this tutorial for demonstration purposes. Of course, you can use any other vhost as well, but you might have to adjust the path to the info.php file that I’m using in this tutorial.

2 Checking PHP5′s Current State

First, before we install XCache, let’s find out about our PHP5 installation. To do this, we create the file info.php in our document root /srv/www/htdocs:

vi /srv/www/htdocs/info.php

3 Installing XCache

XCache isn’t available as an rpm package for OpenSUSE 11.2, therefore we have to build it from the sources. First we install all packages that we need to build XCache

yast2 -i gcc flex wget gcc-c++ make php5-devel

download and uncompress the latest XCache version

cd /tmp
wget http://xcache.lighttpd.net/pub/Releases/1.3.0/xcache-1.3.0.tar.gz
tar xvfz xcache-1.3.0.tar.gz

go to the new XCache source directory.

cd xcache-1.3.0

build XCache

phpize
./configure --enable-xcache
make
make install

copy xcache.ini to the /etc/php5/conf.d directory

cp xcache.ini /etc/php5/conf.d

configure XCache. The configuration options are explained here: http://xcache.lighttpd.net/wiki/XcacheIni. The least you should do is enable extension = xcache.so and disable all zend_extension lines; furthermore, set xcache.size to a size (in MB) > 0 to enable XCache:

Continue reading “Integrating XCache Into PHP5 And Lighttpd (OpenSUSE 11.2)” »

Be the first to comment - What do you think?  Posted by Aniruddh - December 14, 2011 at 7:26 am

Categories: OpenSUSE, PHP   Tags:

How To Upgrade OpenSUSE 11.2 To 11.3 (Desktop & Server)

how you can upgrade your OpenSUSE 11.2 desktop and server installations to OpenSUSE 11.3.

This document comes without warranty of any kind! I do not issue any guarantee that this will work for you!

1 Preliminary Note

The upgrade can be done on the command line or via the YaST module Wagon (if you are on an OpenSUSE desktop). Since the Wagon method is less tested than the command line update, we will use the command line method here for both servers and desktops.

2 Installing the Latest Updates

before we do the distribution upgrade, we install the latest updates for OpenSUSE 11.2. Open a terminal/command line window and run

zypper repos --uri

to check what repositories are used and enabled on the system. Make sure that the line that contains http://download.opensuse.org/update/11.2/ in the URI column reads Yes in the Enabled column (in this example the Alias is repo-update and the Name is openSUSE-11.2-Update, but these values can differ; the important column is the URI column):

linux-0hgc:~ # zypper repos –uri
# | Alias | Name | Enabled | Refresh | URI
–+————–+———————–+———+———+—————————————————————-
1 | repo-debug | openSUSE-11.2-Debug | No | Yes | http://download.opensuse.org/debug/distribution/11.2/repo/oss/
2 | repo-non-oss | openSUSE-11.2-Non-Oss | Yes | Yes | http://download.opensuse.org/distribution/11.2/repo/non-oss/
3 | repo-oss | openSUSE-11.2-Oss | Yes | Yes | http://download.opensuse.org/distribution/11.2/repo/oss/
4 | repo-source | openSUSE-11.2-Source | No | Yes | http://download.opensuse.org/source/distribution/11.2/repo/oss/
5 | repo-update | openSUSE-11.2-Update | Yes | Yes | http://download.opensuse.org/update/11.2/
linux-0hgc:~ #

(If the line reads No in the Enabled column, enable the repository

Continue reading “How To Upgrade OpenSUSE 11.2 To 11.3 (Desktop & Server)” »

Be the first to comment - What do you think?  Posted by Aniruddh - December 13, 2011 at 7:13 am

Categories: OpenSUSE   Tags:

How To Set Up WebDAV With Apache2 On OpenSUSE 11.3

how to set up WebDAV with Apache2 on an OpenSUSE 11.3 server. WebDAV stands for Web-based Distributed Authoring and Versioning and is a set of extensions to the HTTP protocol that allow users to directly edit files on the Apache server so that they do not need to be downloaded/uploaded via FTP. Of course, WebDAV can also be used to upload and download files.
1 Preliminary Note
I’m using an OpenSUSE 11.3 server with the IP address 192.168.0.100 here

2 Installing WebDAV

If Apache is not already installed, install

yast2 -i apache2

enable the WebDAV modules

a2enmod dav
a2enmod dav_fs
a2enmod dav_lock

create the system startup links for Apache and start it

chkconfig --add apache2
/etc/init.d/apache2 start

3 Creating A Virtual Host

create an Apache vhost www.example1.com in the directory /srv/www/web1/web. If you already have a vhost for which you’d like to enable WebDAV, you must adjust this tutorial to your situation.

First, we create the directory /srv/www/web1/web and make the Apache user (wwwrun) and group (www) the owner of that directory

mkdir -p /srv/www/web1/web
chown wwwrun:www /srv/www/web1/web
vi /etc/apache2/vhosts.d/www.example1.com.conf

Open /etc/apache2/httpd.conf and add the line NameVirtualHost * before the Include /etc/apache2/vhosts.d/*.conf line

vi /etc/apache2/httpd.conf

restart Apache

/etc/init.d/apache2 restart

Continue reading “How To Set Up WebDAV With Apache2 On OpenSUSE 11.3” »

Be the first to comment - What do you think?  Posted by Aniruddh - December 8, 2011 at 6:20 pm

Categories: Apache, OpenSUSE   Tags:

Installing PHP5 Debugger On OpenSUSE 11.3

you have installed Apache2 and PHP5 packages through zypper or yast. If not, please run

zypper install php5 apache2 apache2-mod_php5

The reason I use xdebug is, as far as I know now, xdebug supports php 5.3 or above.

I have the following installation environment:

OS: OpenSUSE 11.3 32 bit

Webserver: Apache 2.2.15 linux/suse

PHP: 5.3.2, with xdebug 2.1.0

Now let’s begin (I run the following step as root, although you may not need it for some steps).

Step 1. Download xdebug 2.1.0 from http://www.xdebug.org/files/xdebug-2.1.0.tgz into /tmp directory, run tar command to unzip it, and cd into the xdebug2.1.0 directory

cd /tmp

tar zxvf xdebug-2.1.0.tgz && cd xdebug-2.1.0

Step 2. Install additional packages before compiling xdebug, for my system, I need gcc, make, and php5-devel

zypper install gcc make php5-devel

Step 3. Make sure /usr/bin/phpize and /usr/bin/php-config exist (soft links to /etc/alternative/)

ls -l /usr/bin/php*

Step 4. Please read the README file, installation procedure is clearly explained.

Step 5. Run the phpize command

phpize

Configuring for:

PHP Api Version: 20090626

Zend Module Api No: 20090626

Zend Extension Api No: 220090626

Step 6. Now compile xdebug:

./configure --enable-xdebug && make

If everything is ok, you should see that output on the screen, like:

libraries have been installed in: /tmp/xdebug-2.1.0/modules

build complete

Step 7. Find where the php5 modules are, and copy the xdebug.somodule to that directory. Since I installed php5, apache2 through zypper, the php5 module directory is under /usr/lib/php5/extensions/

cp modules/xdebug.so /usr/lib/php5/extensions/

Step 8. Find where the php.ini configuration file is. Again if you install php5 and apache2 through yast or zypper, it is under the /etc/php5/apache2/ directory

vi /etc/php5/apache2/php.ini

Step 9. Restart apache server, if there are no error messages, everything should work now

/etc/init.d/apache2 restart

Step 10. Write a php page with a single line phpinfo();, load it in a browser, and you should see the following message:

This program make use of the zend scripting language engine:
Zend engine v2.3.0 copyright (c) 1998-2010 zend technologies
with Xdebug v2.1.0. Copyright(c) 2002-2010, by Derick Rethans

You should also find an xdebug section near the end of this page. Bingo

Be the first to comment - What do you think?  Posted by Aniruddh - December 7, 2011 at 6:10 pm

Categories: OpenSUSE, PHP   Tags:

Setting Up An NFS Server And Client On OpenSUSE 11.3

How to set up an NFS server and an NFS client on OpenSUSE 11.3. NFS stands for Network File System; through NFS, a client can access (read, write) a remote share on an NFS server as if it was on the local hard disk.

1 Preliminary Note

I’m using two OpenSUSE systems here:

NFS Server: server.example.com, IP address: 192.168.0.100
NFS Client: client.example.com, IP address: 192.168.0.101

2 Installing NFS

server:

NFS server we run

yast2 -i nfs-kernel-server

create the system startup links for the NFS server and start it

chkconfig --add nfsserver
/etc/init.d/nfsserver start

client:

On the client we can install NFS as follows

yast2 -i nfs-client

3 Exporting Directories On The Server

make the directories /home and /var/nfs accessible to the client; therefore we must “export” them on the server.

When a client accesses an NFS share, this normally happens as the user nobody. Usually the /home directory isn’t owned by nobody (and I don’t recommend to change its ownership to nobody!), and because we want to read and write on /home, we tell NFS that accesses should be made as root (if our /home share was read-only, this wouldn’t be necessary). The /var/nfs directory doesn’t exist, so we can create it and change its ownership to nobody and nogroup

mkdir /var/nfs
chown nobody:nogroup /var/nfs

Continue reading “Setting Up An NFS Server And Client On OpenSUSE 11.3” »

Be the first to comment - What do you think?  Posted by Aniruddh - at 5:59 pm

Categories: Suse   Tags:

OpenSUSE 11.3 Samba Standalone Server With tdbsam Backend

This explains the installation of a Samba fileserver on OpenSUSE 11.3 and how to configure it to share files over the SMB protocol as well as how to add users. Samba is configured as a standalone server, not as a domain controller. In the resulting setup, every user has his own home directory accessible via the SMB protocol and all users have a shared directory with read-/write access.

1 Preliminary Note

OpenSUSE 11.3 system here with the hostname server1.example.com and the IP address 192.168.0.100

2 Installing Samba

Connect to your server on the shell and install the Samba packages

yast -i cups-libs samba

Edit the smb.conf file

vi /etc/samba/smb.conf

Continue reading “OpenSUSE 11.3 Samba Standalone Server With tdbsam Backend” »

Be the first to comment - What do you think?  Posted by Aniruddh - December 5, 2011 at 7:48 pm

Categories: Suse   Tags:

How To Configure PureFTPd To Accept TLS Sessions On OpenSUSE 11.3

FTP is a very insecure protocol because all passwords and all data are transferred in clear text. By using TLS, the whole communication can be encrypted, thus making FTP much more secure. This article explains how to configure PureFTPd to accept TLS sessions on an OpenSUSE 11.3 server.

1 Preliminary Note
working PureFTPd setup on your OpenSUSE 11.3 server

2 Installing OpenSSL

OpenSSL is needed by TLS install OpenSSL

yast2 -i openssl

3 Configuring PureFTPd

Open /etc/pure-ftpd/pure-ftpd.conf

vi /etc/pure-ftpd/pure-ftpd.conf

4 Creating The SSL Certificate For TLS

Continue reading “How To Configure PureFTPd To Accept TLS Sessions On OpenSUSE 11.3” »

Be the first to comment - What do you think?  Posted by Aniruddh - November 26, 2011 at 7:06 pm

Categories: Suse   Tags: