Archive

Posts Tagged ‘Ubuntu Training’

Ubuntu ShipIt Program Thinking Smarter

October 21, 2009 2 comments

The Ubuntu ShipIt Program. If you’re not familiar with it, you’ve probably never typed in “free Ubuntu CD” on Google or any other search engine. ShipIt is the Ubuntu service that gives away free Ubuntu installation CDs in an effort to make sure people have few restrictions obtaining Ubuntu. ShipIt has been a huge success shipping millions of free Ubuntu CDs over the past few years. The CDs are not free for Canonical, the company backing Ubuntu and the ShipIt program. This has caused Ubuntu to deploy some interesting techniques designed to cut the cost or need or the Free Ubuntu installation CDs.

Limiting Free Ubuntu CDs for people who:
-Can upgrade to the new release without a CD
-Can download their own CD for free

Ubuntu users can also:

-Download the CD wallet artwork
-Become an Ubuntu member by contributing to Ubuntu, making them eligible for more CDs
-Purchase CDs

More on this at Jono Bacon’s blog

Requesting a free CD from the Ubuntu ShipIt program will take at least 4-6 weeks. For a more dependable solution order Ubuntu on CD or USB US Priority Mail now. Ubuntu training is available in video and course form.

Buy Ubuntu Training

April 24, 2009 Leave a comment

Why buy Ubuntu training? Because you might spend all afternoon trying to fix your wireless, or an entire morning fiddling with the Ubuntu terminal. As a beginner these setbacks can be extremely frustrating and obviously time consuming. This is the main reason we created a collection of Ubuntu training videos. We wanted to provide a solution that would be quick to deploy and easy for Ubuntu beginners to understand. Now you can forget spending hours waiting for responses in the forum that can be complicated to understand, just pop in the instructional Ubuntu training CD and enjoy to-the-point video clips with voice narration that walk you through common Ubuntu practices. Our Ubuntu training CD now includes over 150 training videos and has been updated for the Ubuntu 9.04 release on April 23rd, 2009. Buy It For $19.95

We’ve also added the Ubuntu Pack and Ubuntu Superpack which combine our most popular Ubuntu training videos with Ubuntu manuals and PDFs for added support.

RAID, LVM and ACLs on Ubuntu 8.04

May 30, 2008 6 comments

Ubuntu is trying to break into the server market.  Indeed as I talk with companies moving to Linux on a weekly basis over 50% of them want to move to Ubuntu as the server of choice.  If Ubuntu 8.04 is the server of choice of so many and if Ubuntu wants so desperately to move into the server market then you would expect Ubuntu to have server quality options easily available on the Ubuntu install. What I cannot understand then is why RAID tools are not available, why Logical Volume Management version 2 is not installed and why Access Control Lists for the file system are also not installed on the server.  All of these can easily be installed and upgraded but my question is …why not default?

Note: With 8.04.1 some of these issues like LVM2 have been updated, the original install DID NOT have LVM2.

RAID
If you want to create RAID on Ubuntu you will need to install RAID tools before you can do so.  Now I am talking about software RAID.  You do have access to tools to install RAID during installation but the mdadm program is not installed by default.  So if you want to install RAID after the installation you need to add it so you have the tools.

sudo apt-get install mdadm

If you would like to see a tutorial on installing RAID on Ubuntu CLICK HERE.

Install LVM2 on Ubuntu

Ubuntu does not have LVM2 installed by default…why?  If Ubuntu wants to move to the server market why not have lvm2 intalled by default like RHEL 5 or CentOS 5? Now it can easily be upgraded with this command:

sudo apt-get install lvm2

If you want to see a tutorial on how to install and configure LVM2 on Ubuntu 8.04 CLICK HERE.

Access Control Lists
Access Control Lists (ACLs) allow you to provide different levels of access to files and folders for different users. The Red Hat Enterprise 5 / CentOS 5 have implemented ACLs in the file system by default. This new feature will allow you to set a file where one user can read, other users cannot read and yet other users are able to read and write to the same file. This was not possible previously.

sudo apt-get install acl
If you would like to see a tutorial on installing and configuring acls CLICK HERE.

Summary:
If Ubuntu really wants to break into the server market, they will need to install by default features that the server market really wants to use, specifically RAID tools, LVM2 and acls.  Until they make this transition many will not take them seriously in the server arena.

Apache in Ubuntu 8.04

May 13, 2008 2 comments

Apache 2.28 is the current version that ships with Ubuntu 8.04.  There are several meaningful changes.  One of those changes is a much smaller apache2.conf configuration file.  When you look at the apache2.conf you will see one of those changes is that this file now contains only the Global Configuration options.  The config file is only 298 lines as you can see in the example.

291 # Include of directories ignores editors’ and dpkg’s backup files,
292 # see README.Debian for details.
293
294 # Include generic snippets of statements
295 Include /etc/apache2/conf.d/
296
297 # Include the virtual host configurations:
298 Include /etc/apache2/sites-enabled/

Ubuntu 8.04 Training CLICK HERE

Note the modular support, which was available in the past as well, but now is more important to understand.  The include statements will help fill out the configuration file with the options in /etc/apache2/conf.d/  provided so applications can add features to apache without directly modifying the file.  Also note that the configuration for virtual servers is found in /etc/apache2/sites-enabled.  These actually have symbolic links to files that you modify in sites-available.

For a tutorial on how to configure Virtual Hosting on Ubuntu 8.04 CLICK HERE.

The apache2.conf file also contains include statements that impact the ports that can be used by the web server and modules which can be used.  The mods-enabled directory contains those modules that have been made available for the web server.  The httpd.conf file is for compatibility with configurations that you may have had with Red Hat or CentOS based distros.

For a tutorial on CentOS Virtual Hosting CLICK HERE.  This will give you a good comparision of the different ways to set up apache.

184 # Include module configuration:
185 Include /etc/apache2/mods-enabled/*.load
186 Include /etc/apache2/mods-enabled/*.conf
187
188 # Include all the user configurations:
189 Include /etc/apache2/httpd.conf
190
191 # Include ports listing
192 Include /etc/apache2/ports.conf

The other include line you see is to set the ports that are available to the Web Server.  Looking at the file you can see the default is port 80 and the other SSL option is 443.

Listen 80

<IfModule mod_ssl.c>
Listen 443
</IfModule>

Multi-Processing Modules
The MPM (multi-processing modules) are an additional feature for the modular design of apache to make it more flexible for various operating systems and for scalability for servers.  The prefork MPM is the default for Ubuntu 8.04 and provides basic settings that can be modified to help your server scale to whatever load you will need to work with.   Your apache web server will start with 5 web servers running by default.  Each user that comes to your server will need an instance of apache to be able to view your site.  That is why 5 are started immediately so that when users come there are severs already in memory to speed up the process for people to see your site.  If 10 people came at the same time, five new servers would have to be started which will take time, and be noticeable by those trying to view your site.  This is part of the scalability issues is that you need to decide how many people will be on your site at one time.  Just remember that each instance of apache takes resources from your hardware especially in the area of RAM so have sufficient RAM for the machine.  If you site in not very busy you could reduce the “StartServers” number to 3 and save on resources. If it was very busy you may need to increase to 20, etc.  You will need to modify the Minimum and Maximum numbers as well for you server.  The whole idea is to provide excellent scalability for your particular needs.

# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_prefork_module>
StartServers          5
MinSpareServers       5
MaxSpareServers      10
MaxClients          150
MaxRequestsPerChild   0
</IfModule>

Securing FTP

File Transfer Protocol, FTP has been around a long time. It has been around so long as it is easy to use and is a valuable asset when you need to transfer files, even large files. Any of these applications that were around when the Internet was more of a trusted entity have suffered huge security issues. DNS, Web, Sendmail and FTP were all servers that were around when the Internet was not so hostile and so each application, server daemon, has gone through a time when they were vulnerable to attack. So this is true with FTP. Many of the FTP server daemons that were available originally have now fallen from use as they were insecure.

One of the FTP daemons that has risen out of this growth is VSFTPD, Very Secure FTP Daemon. This daemon was built for scalability, reliability and security. Over time it has proven itself to be a good choice. Not that it has been perfect, but much more secure than most.

Ubuntu Server and Desktop Training

It is now time for administrators to not only use a secure FTP daemon but to also consider using SSL/TLS to encrypt communication for those FTP servers as that is still an issue. All FTP servers transfer user names, passwords and data in plain text that could easily be captured on the network. For the sake of users and the movement toward more secure networks encypted communication for FTP must be a standard that is adopted for FTP. Here is a link to an article that shows you how to set up VSFTPD with SSL.

Click Here

My Mom Learns the “Uncomplicated Firewall” on Ubuntu 8.04

April 23, 2008 10 comments

I was recently excited to see that Ubuntu has included an “Uncomplicated Firewall” in the Hardy Heron release. This was perfect since my mom has just had Ubuntu 8.04 placed on her laptop and I was concerned that she have a firewall to protect her laptop. She has struggled with Linux and making the transition from Win…whatever so I have been searching for simple solutions. Ubuntu known for their simple solutions, has saved the day again by simplifying security for users. Here is the simple process and a record of how quickly my mom picks this simple stuff up. Click Here for the BeginLinux.com ufw Tutorial.

“Mom…I have a simple solution for the security on your computer!”

“Oh great I know you have told me that Linux is soooo simple, I need an easy uncomplicated way to make sure I don’t get hacked. What do I need to do?”

Linux Training Options: Desktop and Server

“Ok mom, sit down, fire up that puppy and let’s get to work.”

“I am so pleased you are going to help me, that stupid firewall you showed me before was just too difficult for me. I remember I had to:

sudo apt-get install lokkit

That command was tough alone but then picking the ports that I should have open after the install was confusing since I had to know that remote support from you was coming in on port 22. And I had to click OK…

Red Hat Firewall

Besides that worthless firewall said “Red Hat” on it and I certainly do not need that on my Ubuntu machine!”

“Yea mom, I know the Lokkit firewall was complicated, two steps is just too much to ask….we will be working with the ‘Uncomplicated Firewall’ so you can just take it easy…. Here we go now open up a terminal.”

“Terminal who?”

“Mom, this is really simple, just open up the command line terminal, Applications/Accessories/Terminal…yea now you got it…good we are almost there. Now just check the commands that you can run by typing ufw”

Usage: ufw COMMAND

Commands:
enable Enables the firewall
disable Disables the firewall
default ARG set default policy to ALLOW or DENY
logging ARG set logging to ON or OFF
allow|deny RULE allow or deny RULE
delete allow|deny RULE delete the allow/deny RULE
status show firewall status
version display version information

“What is all this stuff? And what do I need this for…am I done?”

“Well no mom, this is information about how to set up rules.”

“Huh…”

“Rules mom….simple uncomplicated rules for how it will interface with iptables on the INPUT, OUTPUT and FORWARD chains…it’s easy.”

“I don’t want no rules…I don’t want to learn no rules and I DON’T WANT TO HEAR ABOUT EASY RULES!!!!”

“Mom….look just turn it on.”

“My computer is on…look at the screen why do you think I am typing….see.”

“No mom I mean turn on the uncomplicated firewall.”

“You mean I have to turn it on…why do I have to turn it on, where is the button?”

“Sorry, the developers thought you might have another firewall running and this might interfere with the
rules that you had written so it is off when you first start Ubuntu 8.04. All you have to do is this command to start it:”

ufw enable

“OK now it is on…”

“Are we done NOW?”

“No mom you need to set a default deny policy for your chains. See just do this:”

ufw default deny

Default policy changed to ‘deny’ (be sure to update your rules accordingly)

“Deny…deny what and who….I just want a simple uncomplicated firewall thingy”

“OK mom almost done. Now you need to type this command so you can see your rules. See your Chain INPUT rule is DROP by default and your FORWARD chain is DROP by default.

# iptables -L -n

Chain INPUT (policy DROP)

target prot opt source destination
ufw-before-input all — 0.0.0.0/0 0.0.0.0/0 ufw-after-input all — 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP)
target prot opt source destination
ufw-before-forward all — 0.0.0.0/0 0.0.0.0/0
ufw-after-forward all — 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ufw-before-output all — 0.0.0.0/0 0.0.0.0/0
ufw-after-output all — 0.0.0.0/0 0.0.0.0/0 Chain
ufw-after-forward (1 references) target prot opt source destination
LOG all — 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix `[UFW BLOCK FORWARD]: ‘ RETURN all — 0.0.0.0/0 0.0.0.0/0
Chain ufw-after-input (1 references) target prot opt source destination
RETURN udp — 0.0.0.0/0 0.0.0.0/0 udp dpt:137
RETURN udp — 0.0.0.0/0 0.0.0.0/0 udp dpt:138
RETURN tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:139
RETURN tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
RETURN udp — 0.0.0.0/0 0.0.0.0/0 udp dpt:67
RETURN udp — 0.0.0.0/0 0.0.0.0/0 udp dpt:68
LOG all — 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10
LOG flags 0 level 4 prefix `[UFW BLOCK INPUT]: ‘
RETURN all — 0.0.0.0/0 0.0.0.0/0
Chain ufw-after-output (1 references) target prot opt source destination
RETURN all — 0.0.0.0/0 0.0.0.0/0 Chain
ufw-before-forward (1 references) target prot opt source destination
ufw-user-forward all — 0.0.0.0/0 0.0.0.0/0
RETURN all — 0.0.0.0/0 0.0.0.0/0
Chain ufw-before-input (1 references) target prot opt source destination
ACCEPT all — 0.0.0.0/0 0.0.0.0/0 ACCEPT all — 0.0.0.0/0 0.0.0.0/0 ctstate
RELATED,ESTABLISHED DROP all — 0.0.0.0/0 0.0.0.0/0 ctstate
INVALID ACCEPT icmp — 0.0.0.0/0 0.0.0.0/0 icmp type 3
ACCEPT icmp — 0.0.0.0/0 0.0.0.0/0 icmp type 4
ACCEPT icmp — 0.0.0.0/0 0.0.0.0/0 icmp type 11
ACCEPT icmp — 0.0.0.0/0 0.0.0.0/0 icmp type 12
ACCEPT icmp — 0.0.0.0/0 0.0.0.0/0 icmp type 8
ACCEPT udp — 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
ufw-not-local all — 0.0.0.0/0 0.0.0.0/0 ACCEPT all — 224.0.0.0/4 0.0.0.0/0
ACCEPT all — 0.0.0.0/0 224.0.0.0/4 ufw-user-input all — 0.0.0.0/0 0.0.0.0/0
RETURN all — 0.0.0.0/0 0.0.0.0/0 Chain
ufw-before-output (1 references) target prot opt source destination
ACCEPT all — 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED ACCEPT
udp — 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
ufw-user-output all — 0.0.0.0/0 0.0.0.0/0 RETURN all — 0.0.0.0/0 0.0.0.0/0

Chain ufw-not-local (1 references) target prot opt source destination

RETURN all — 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type

LOCAL RETURN all — 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type
MULTICAST RETURN all — 0.0.0.0/0 0.0.0.0/0

ADDRTYPE match dst-type

BROADCAST LOG all — 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix `[UFW BLOCK NOT-TO-ME]: ‘ DROP all — 0.0.0.0/0 0.0.0.0/0

Chain ufw-user-forward (1 references) target prot opt source destination

RETURN all — 0.0.0.0/0 0.0.0.0/0

Chain ufw-user-input (1 references) target prot opt source destination
ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
RETURN all — 0.0.0.0/0 0.0.0.0/0
Chain ufw-user-output (1 references) target prot opt source destination RETURN all — 0.0.0.0/0 0.0.0.0/0

WHAT????????…..Is this Chineeese…what kind of joke is this…I am too old to learn a new language and
what is the OUTPUT…it is not DROP it is ALLOW, what is the Default DROP anyway? And why am I allowing
people to get into my computer…is this really safe?”

“Easy Mom, it is really easy. OK, so the default DROP is really not a default DROP for all the chains
just the INPUT and FORWARD chain.”

“Who am I FORWARDing stuff to, does that go to you?”

“Well no Mom…this is really if you have two network cards and one was eth0 and the second was eth1
and you were FORWARDing traffic to an internal network, maybe using NAT and having a firewall on the outside
and you need to make sure that your /proc/sys/net/ipv4/ip_forward is 1 so that you can transfer traffic…..”

“Oh stop that mumble jumble garbage…this is supposed be easy..am I done?”

“Well no, just a few more steps, you need to write a rule that allows me to connect to your laptop for
support when you need it. Just use the ufw command to allow a connection from my computer at 192.168.5.100 like this:

# ufw allow from 192.168.5.100 port 22

“Now mom you can view your changes with the command:

# ufw status
Chain ufw-user-input (1 references) target prot opt source destination
ACCEPT tcp — 192.168.5.100 0.0.0.0/0 tcp spt:22
ACCEPT udp — 192.168.5.100 0.0.0.0/0 udp spt:22

“And now look it is simple to add VNC support as well.”

# ufw allow from 192.168.5.100 port 5900
Rule added

“You’re kidding me right…what is this Halloween trick and treat? What is the gibberish…why don’t I just write 123456789….port what is this a fishing adventure? I told you I was sick and tired of your IT Techie baloney … I HAVE NO IDEA WHAT YOU ARE TALKING ABOUT YOU MORON!!!!!!

“Mom, please don’t start that again this really is not complicated, just type what I wrote on the notepad,
OK I will leave as soon as we are done. This really is simple…”

“Idiot, there now I typed your stupid RULE for your shipping ports.”

“Great Mom now check your status with this command:
ufw status

# ufw status
Firewall loaded

To                         Action  From
--                         ------  ----
Anywhere                   ALLOW   192.168.5.100 22:tcp
Anywhere                   ALLOW   192.168.5.100 22:udp
Anywhere                   ALLOW   192.168.5.100 5900:tcp
Anywhere                   ALLOW   192.168.5.100 5900:udp

"What ...status, I thought the default was DENY and why is there an Anywhere, does that mean that
anyone can get into my computer and who are tcp and udp ...are these your friends?"

"Come now mom, this is not complicated just stick with me, tcp and udo are protocols, they are just ways
to communicate and they connect on ports, it is really simple stuff.  No don't say anything just relax."

"Are we done?"

"No not yet, let's just go over how you can check your logs for intrusion attempts and failed
port connections in case you need to edit your RULES...OK?"  Just use this command to see the
end of the log:

 tail /var/log/messages
Apr 22 14:36:18 ub3 kernel: [28092.908356] [UFW BLOCK INPUT]: IN=eth0 OUT= MAC=00:03:0d:11:f6:a9:00:14:bf:7f:59:b0:08:00 SRC=64.233.183.17 DST=192.168.5.12 LEN=80 TOS=0x00 PREC=0x00 TTL=44 ID=38470 PROTO=TCP SPT=80 DPT=38292 WINDOW=129 RES=0x00 ACK PSH URGP=0
Apr 22 14:36:20 ub3 kernel: [28094.761693] [UFW BLOCK INPUT]: IN=eth0 OUT= MAC=00:03:0d:11:f6:a9:00:14:bf:7f:59:b0:08:00 SRC=64.233.183.17 DST=192.168.5.12 LEN=80 TOS=0x00 PREC=0x00 TTL=44 ID=38471 PROTO=TCP SPT=80 DPT=38292 WINDOW=129 RES=0x00 ACK PSH URGP=0
Apr 22 14:36:22 ub3 kernel: [28097.108344] [UFW BLOCK INPUT]: IN=eth0 OUT= MAC=00:03:0d:11:f6:a9:00:14:bf:7f:59:b0:08:00 SRC=64.233.183.17 DST=192.168.5.12 LEN=80 TOS=0x00 PREC=0x00 TTL=44 ID=38472 PROTO=TCP SPT=80 DPT=38292 WINDOW=129 RES=0x00 ACK PSH URGP=0
Apr 22 14:36:27 ub3 kernel: [28101.809296] [UFW BLOCK INPUT]: IN=eth0 OUT= MAC=00:03:0d:11:f6:a9:00:14:bf:7f:59:b0:08:00 SRC=64.233.183.17 DST=192.168.5.12 LEN=80 TOS=0x00 PREC=0x00 TTL=44 ID=38473 PROTO=TCP SPT=80 DPT=38292 WINDOW=129 RES=0x00 ACK PSH URGP=0

"See there you can see your UFW is working as it has already blocked input ...see you are safe."

"Safe from who? Whose stupid idea is this anyway?  Simple ...uncomplicated firewall...who are you kidding!
I sick and tired of your Techno Blah Simple Uncomplicated Stupidity!!!!!!!!!!

WHERE IS MY WINDOWS VISTA DISK!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Ubuntu 8.04 Hardy Heron Gnome 2.22

April 22, 2008 Leave a comment

Ubuntu 8.04 Hardy Heron uses the latest version of Gnome, Gnome 2.22 which is full of enhancements. Also this release includes hundreds of bug fixes and user-requested improvements. Gnome 2.22 is a popular, multi-platform desktop environment with ease of use and stability high on the priority list. One addition I noticed while using Gnome 2.22 on my Ubuntu 8.04 Hardy Heron desktop was the new Nautilus that uses GVFS as its backend. GVFS allows you to fix Nautilus problems like restoring files from trash, pause and undo file operations, and it works with Policy Kit to escalate user privileges. In addition to all of this it also brings an always welcome performance boost to many applications.

The world clock applet was also a nice feature to the Ubuntu 8.04 Hardy Heron Gnome 2.22 desktop. The time and weather can be displayed in multiple locations and are easily configured in detail. You may even create multiple profiles for different locations. Other features I’ve found useful are the Evolution Email is now the Evolution Mail and Calendar in the Gnome 2.22 menu. Evolution has been improved with Google calendars and custom message labels and now you can even add your Evolution contacts to the Deskbar in Gnome 2.22.

A release every six months makes watching Gnome develop is very exciting. The next release Gnome 2.24, is already in process and will hopefully offer many more improvements including a new version of the Ekiga VoIP client, Empathy instant messaging, column and list views in file manager, and so much more. To view the Gnome roadmap click here

Click Here for more Ubuntu 8.04 Linux desktop and server articles.

Follow

Get every new post delivered to your Inbox.

Join 58 other followers