Track 2 PacNOG 7 June 29, 2010 Initial Ubuntu System Administration ------------------------------------ 1. Find out what's installed ------------------------- Open a terminal window. You can do this exercise as the regular pacing user or as root. Once the terminal window is open take a look at all the packages installed on your system: $ dpkg --get-selections All installed packages fly by on the screen. Let's slow that down: $ dpkg --get-selections | less The "less" command lets you quickly search text. Is the "apache" web server installed on your machines? Type "/apache" and press You should see something like: apache2 install apache2-mpm-worker install apache2-utils install apache2.2-bin install apache2.2-common install app-install-data install apparmor install apparmor-utils install apport install with the "apache" text highlighted. Press "q" to exit the less screen. OK, what version of "apache2" is installed? $ apt-cache policy apache2 2. Find out if a package is available to be installed -------------------------------------------------- You have a local cache of all packages available to be installed from the Ubuntu package repositories. You can search this cache using the "apt-cache" command. Before you can use apt-cache the first time you need to update your local cache. Let's do this now (we did this for you when setting up your machine): $ sudo apt-get update Once this completes we can search for available packages. Let's see if the "ipcalc" package is available in our Ubuntu repositories: $ apt-cache search ipcalc It looks like there are two possibilities. Try typing: $ ipcalc Ubuntu gives you a good idea about what you might do to get this package. Follow the suggested instructions on the screen to install the ipcalc package. Once ipcalc is installed let's use it to see what the various parameters are for our classroom network: $ ipcalc 67.218.55.0/26 This is very useful! We'll talk more about what all this means later today. 3. Stopping and starting services ------------------------------ The scripts to run services on your machine are located in /etc/init.d/. By default, when Ubuntu installs a package the startup scripts for the package are run and the package is configured to automatically run at system startup. Try viewing the status of the ssh server, stopping and starting the server and reloading the server's configuration file (/etc/ssh/sshd_config): $ sudo /etc/init.d/ssh Based on the feedback from running the ssh startup script with no options we can probably guess that to view the status of the ssh server we would do: $ sudo /etc/init.d/ssh status Now, stop, start, restart the server and reload it's configuration file. 4. Turning a service off --------------------- If, for some reason, you decide that a currently running service should be turned off permanently, but that the software should not be removed, then you need to use the update-rc.d utility. To stop ssh permanently you would do: $ sudo update-rc.d ssh remove Oops! But, we need ssh. Let's re-enable the server: $ sudo update-rc.d enable Type man update-rc.d for more details on how this works. Be sure you re-enable ssh! 5. Automatically updating your software ------------------------------------ If you want Ubuntu to automatically update software on your machine as soon as new versions are available you can do the following: $ sudo apt-get install unattended-upgrades You can configure this facility in numerous ways by editing the file: /etc/apt/apt.conf.d/50unattended-upgrades You can install this package if you wish at this time. There are both pluses and minuses to automatically upgrading a server. Alternatively you can do: $ sudo apt-get install apticron to install a package that will email an administrator information about any packages on the system that need updated as well as a summary of changes in each package. Once the package is installed you edit: /etc/apticron/apticron.conf and set the EMAIL variable to the address of the person who should receive this information. Very often this is the root user. EMAIL="root@localhost" "root@localhost" often points to another user, and this user account may point to whoever is currently doing system administration on your machine. Go ahead and install apticron and update the apticron.conf file to point EMAIL to root@localhost. NOTE! This package installs the Postfix MTA. This is fine in this case, but could be an issue if you had a different MTA installed and configured on your system. During installation you will be asked "What type of site" to configure for Postfix. Choose the default highlighted option of "internet site" - In addition your machines FQDN (Fully Qualified Domain Name) will be requested. What is shown should be correct, so just choose OK to continue when prompted.