bsodmike's photostream @ www.flickr.com
            

Archive of articles classified as' "Linux and Mac"

Back home

Secure MySQL Installation in Ubuntu 10.04 LTS

28/07/2010

This step is quite easy to overlook,

After installing MySQL, it’s recommended that you run mysql_secure_installation, a program that helps secure MySQL. While running mysql_secure_installation, you will be presented with the opportunity to change the MySQL root password, remove anonymous user accounts, disable root logins outside of localhost, and remove test databases. It is recommended that you answer yes to these options. If you are prompted to reload the privilege tables, select yes.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

You already have a root password set, so you can safely answer 'n'.

Change the root password? [Y/n] n
 ... skipping.

By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
ERROR 1008 (HY000) at line 1: Can't drop database 'test'; database doesn't exist
 ... Failed!  Not critical, keep moving...
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...



All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!

Reference: Linode.

No Comments

HOWTO: Ruby on Rails with Apache + Passenger (Mod_Rails) ~ Ubuntu Lucid Lynx 10.04

5/06/2010

To get up and running I followed (1) and had a basic RoR setup with Mongrel, but I really wanted to get Passenger setup as well. This was of course a much more involved process.

I started off by following the very basic install guide on the dedicated page for Passenger. However, Mozketo (2) indicated that I needed to get a few more libs first.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
@ubuntuServer:~/Desktop/RoR/myapp/app/views/users$ sudo apt-get install apache2-prefork-dev libapr1-dev libaprutil1-dev
[sudo] password for administrator:
Reading package lists... Done
Building dependency tree      
Reading state information... Done
The following packages were automatically installed and are no longer required:
  linux-headers-2.6.32-21 linux-headers-2.6.32-21-generic-pae
Use 'apt-get autoremove' to remove them.
The following extra packages will be installed:
  comerr-dev krb5-multidev libdb4.8-dev libexpat1-dev libgssrpc4
  libkadm5clnt-mit7 libkadm5srv-mit7 libkdb5-4 libkrb5-dev libldap2-dev
  libmysqlclient-dev libpcre3-dev libpcrecpp0 libpq-dev libpq5 libssl-dev
  uuid-dev zlib1g-dev
Suggested packages:
  krb5-doc db4.8-doc krb5-user postgresql-doc-8.4
The following NEW packages will be installed:
  apache2-prefork-dev comerr-dev krb5-multidev libapr1-dev libaprutil1-dev
  libdb4.8-dev libexpat1-dev libgssrpc4 libkadm5clnt-mit7 libkadm5srv-mit7
  libkdb5-4 libkrb5-dev libldap2-dev libmysqlclient-dev libpcre3-dev
  libpcrecpp0 libpq-dev libpq5 libssl-dev uuid-dev zlib1g-dev
0 upgraded, 21 newly installed, 0 to remove and 22 not upgraded.
Need to get 9,968kB of archives.
After this operation, 36.9MB of additional disk space will be used.
Do you want to continue [Y/n]? Y

finally,

1
@ubuntuServer:~/Desktop/RoR/myapp/app/views/users$ sudo gems install passenger

The passenger installer was quite interactive,

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
@ubuntuServer:~/Desktop/RoR/myapp$ sudo passenger-install-apache2-module
Welcome to the Phusion Passenger Apache 2 module installer, v2.2.13.

This installer will guide you through the entire installation process. It
shouldn't take more than 3 minutes in total.

Here'
s what you can expect from the installation process:

 1. The Apache 2 module will be installed for you.
 2. You'll learn how to configure Apache.
 3. You'
ll learn how to deploy a Ruby on Rails application.

Don't worry if anything goes wrong. This installer will advise you on how to
solve any problems.

Press Enter to continue, or Ctrl-C to abort.

--------------------------------------------

Checking for required software...

 * GNU C++ compiler... found at /usr/bin/g++
 * Ruby development headers... found
 * OpenSSL support for Ruby... found
 * RubyGems... found
 * Rake... found at /usr/bin/rake
 * rack... found
 * Apache 2... found at /usr/sbin/apache2
 * Apache 2 development headers... found at /usr/bin/apxs2
 * Apache Portable Runtime (APR) development headers... found at /usr/bin/apr-1-config
 * Apache Portable Runtime Utility (APU) development headers... found at /usr/bin/apu-1-config

--------------------------------------------
Compiling and installing Apache 2 module...
cd /usr/lib/ruby/gems/1.8/gems/passenger-2.2.13
.
.
.
--------------------------------------------
The Apache 2 module was successfully installed.

Please edit your Apache configuration file, and add these lines:

   LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-2.2.13/ext/apache2/mod_passenger.so
   PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-2.2.13
   PassengerRuby /usr/bin/ruby1.8

After you restart Apache, you are ready to deploy any number of Ruby on Rails
applications on Apache, without any further Ruby on Rails-specific
configuration!

Press ENTER to continue.


--------------------------------------------
Deploying a Ruby on Rails application: an example

Suppose you have a Rails application in /somewhere. Add a virtual host to your
Apache configuration file and set its DocumentRoot to /somewhere/public:

   <VirtualHost *:80>
      ServerName www.yourhost.com
      DocumentRoot /somewhere/public    # <-- be sure to point to '
public'!
      <Directory /somewhere/public>
         AllowOverride all              # <-- relax Apache security settings
         Options -MultiViews            # <-- MultiViews must be turned off
      </Directory>
   </VirtualHost>

And that'
s it! You may also want to check the Users Guide for security and
optimization tips, troubleshooting and other useful information:

  /usr/lib/ruby/gems/1.8/gems/passenger-2.2.13/doc/Users guide Apache.html

Enjoy Phusion Passenger, a product of Phusion (www.phusion.nl) :-)
http://www.modrails.com/

Phusion Passenger is a trademark of Hongli Lai & Ninh Bui.

At this stage I knew that these directives were rather dated as Apache2 handles things rather differently now, especially when it comes to virtual hosts and enabling mods. Mozketo (2) details how to create the following two files – you will notice how the strings are the updated versions compared to those given on Mozketo…

1
2
3
4
5
6
7
8
9
10
11
# /etc/apache2/mods-available/passenger.load
# http://mozketo.com/phusion-passenger-on-ubuntu-9-10/

LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-2.2.13/ext/apache2/mod_passenger.so

# /etc/apache2/mods-available/passenger.conf:

<IfModule passenger_module>
   PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-2.2.13
   PassengerRuby /usr/bin/ruby1.8
</IfModule>

I setup the virtual host as follows,

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# /etc/apache2/sites-available/webapps.local
<VirtualHost *:80>
     ServerName webapps.local
     ServerAlias *.webapps.local
     DocumentRoot "/home/mike/Desktop/webapps/"
     RailsEnv development
     RailsBaseURI /myapp
     <Directory "/home/mike/Desktop/webapps/">
        AllowOverride all
        Options -MultiViews
     </Directory>
</VirtualHost>

@ubuntuServer:/etc/apache2/$ sudo a2ensite webapps.local
@ubuntuServer:/etc/apache2/$ sudo a2enmod rewrite
@ubuntuServer:/etc/apache2/$ sudo a2enmod passenger
@ubuntuServer:/etc/apache2/$ sudo /etc/init.d/apache2 restart

To make development a bit easier I setup the following symlink,

1
2
# sym link
ln -s ~/Desktop/railapps/myapp/public ~/Desktop/webapps/myapp

The hosts file on the server needed a bit of changes as well

1
2
3
4
5
6
7
8
9
10
11
12
13
@ubuntuServer:/etc/apache2/$ cat /etc/hosts

# /etc/hosts
127.0.0.1   localhost
127.0.1.1   ubuntuServer
127.0.0.1   webapps.local

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

…and on my iMac as well,

1
2
3
4
5
6
7
8
9
10
11
12
13
@iMac27:~$ cat /etc/hosts
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##
127.0.0.1       localhost
10.0.0.20       webapps.local

255.255.255.255 broadcasthost
::1             localhost
fe80::1%lo0 localhost

Here’s a snippet of an active rails app,

1
2
3
4
5
6
7
8
@ubuntuServer:~/Desktop/railapps/myapp$ tail -f log/development.log
# ..
Processing UsersController#index (for 172.16.7.113 at 2010-06-03 11:32:37) [GET]
  User Load (1.1ms)   SELECT * FROM "users"
Rendering template within layouts/application
Rendering users/index
Completed in 29ms (View: 16, DB: 1) | 200 OK [http://webapps.local/myapp/users]
# ..

To restart an app, one only needs to ‘touch’ it…how cute!

1
@ubuntuServer:~/Desktop$ touch webapps/myapp/tmp/restart.txt

References

(1) [all variants] Install Ruby on Rails – Lucid Lynx
(2) Phusion Passenger on Ubuntu 9.10
(3) Installing Ruby on Rails on Debian/Ubuntu
(4) Replacing Mongrel with Passenger (mod_rails)
(5) Passenger

No Comments

Better VNC in Ubuntu 10.04 Lucid Lynx with x11vnc

1/06/2010

Been working with Ubuntu Lucid a bit over the past few days and am not a big fan of the Vino VNC “Remote Desktop”. The problem is that it doesn’t persist when logged out. To get around this I setup x11vnc as per the HOWTO referenced at the end of this post.

Running it is quite simple, first ssh as follow:

1
ssh -L 5900:localhost:5900 yourUserName@serverIP

To bring up the login window for your ‘user’ account, run the following as root:

1
root@ubuntuServer:~# x11vnc -auth /home/someuser/.Xauthority -rfbauth ~/.vnc/passwd -display :0

At this stage, simply connect with ChickenVNC. VNC login password has been setup as per the referred guide and stored in the above mentioned location. Remember, when running the above at root, you need to recreate the password in ‘/root/.vnc’ – the root users home directory.

VNC Tunneling via SSH

In the very first ssh command, by using the ‘-L’ flag we bind the a port on the server we SSH to with a port defined on our host – localhost. This port has, for this example at least, chosen as 5900. We also force X11 forwarding,

1
ssh -X -L 5900:localhost:5900 yourUserName@serverIP

Ensure your /etc/ssh/ssh_config file is edited properly as well (here) & (here).

Achieve SSH tunnelling by using the ‘-localhost’ flag as follows:

1
root@ubuntuServer:~# x11vnc -auth /home/someuser/.Xauthority -rfbauth ~/.vnc/passwd -localhost -display :0

Now just connect ChickenVNC, or your VNC viewer of choice, to localhost:0 (with the chosen password if needed) to connect with SSH tunnelling!

Reference:

(1) HOWTO: Share desktops with x11vnc instead of built-in Remote Desktop

No Comments

Installing NVIDIA driver in Ubuntu via SSH with X11 Forwarding

28/01/2010

Since my Ubuntu box has been running since 2006 (on the same install of 8.10!) as a headless terminal, I never bothered to install proper NVIDIA drivers…well, until today that is.

michaeldesilva@Ubuntu:~$ uname -ar
Linux Ubuntu 2.6.27-11-generic #1 SMP Thu Jan 29 19:28:32 UTC 2009 x86_64 GNU/Linux

I therefore downloaded NVIDIA-Linux-x86_64-190.53-pkg2.run, the 64-bit version of the driver and ‘chmod +x’ed it to make it an executable.

GDM needed to be stopped, and was easily taken care of with a ’sudo /etc/init.d/gdm stop’. This is where I ran into a problem. I am using an Apple keyboard, and could not perform a ‘ctrl-alt-F1′ to get to VT1 from VT7, since VT7 has no prompt.

This is where I had the idea of firing up terminal on my Mac Pro and SSHed in with X11 forwarding. I needed to access root quickly, so ’sudo bash’ came in rather handy. The rest was quite straightforward where I ran the executable and I was able to interact with the installer from my Mac.

Upon exiting from root, I simply restarted GDM and all was well.

No Comments

Mobile Colloquy: Best iPhone IRC Client

31/10/2009

By far, one of the best IRC clients I’ve used on the iPhone platform. It also just so happens that I switched from irssi over to Colloquy for IRC in OS X.

Today I stumbled upon a really awesome side product of running Colloquy on my Mac, especially since it is connected to the same network through which WiFi is supplied to the rest of the house.

*drum roll please…*…. inbuilt BNC, or what most people know as ‘IRC Proxies’. Simply connect to your Mac’s IP address (best to keep a static IP on your server anyway, and I’ve done this for my Mac Pro), enter the BNC username and password and you can instantly access all the networks and channels your Mac is connected to, seamlessly, in real time.

Responding via the iPhone gives you the same nick as that on your Mac, and as far are people in the channels are concerned – you are one and the same entity. That is essentially the purpose of BNC.

One could also setup a DynDNS (if you have a dynamic IP assigned by your ISP) to allow you to connect over 3G and still access your BNC when on the move. Right now, I’m going to use this to track IRC while I’m in different parts of the house.

No Comments

About

For the past couple years I lived in the UK, reading in BEng (Hons) Electronic and Computer Engineering at The University of Leeds and MSc (Dist) Mechatronics at King's College London.

My interests and hobbies include writing with Fountain Pens on various ink and paper, Swiss and German wristwatches, authoring articles in Mathematics, Physics, and Engineering, and Gundam modeling.

I have been following much Anime over the years as well as TV Shows with the likes of 24, Smallville, Dexter, and NCIS becoming favourites.