Category Archives: Ubuntu

More Ubuntu 16.04 network security with tcpwrappers, sysctl and nmap

tcpwrappers

It may be old school, tcpwrappers is deprecated in many OS. It’s easier than a firewall to make fast or temporary changes and most importantly provides redundancy. With tcpwrappers and a firewall, there is no single point of failure.

# vi /etc/hosts.allow

To prevent logs from growing out of control, configure logrotate.

# vi /etc/logrotate.d/tcpwrappers

sysctl

To help harden your network from various attacks, add the following to the end of sysctl.conf, and be sure they are not uncommented elsewhere.

# vi /etc/sysctl.conf

Reload sysctl

# sysctl -p

nmap

To be able to scan your systems for vulnerabilities install nmap.

# apt -y install nmap

For documentation, refer to https://nmap.org

In summary, there are many things you can do to add security to your Ubuntu Linux system, what we have covered so far in this series, are essentials. Be sure to see the other posts.

http://openuptown.net/category/ubuntu

Thanks!
-Yehuda

Installing ubuntu-restricted-extras

The Ubuntu Gnome-Software Center does not show all available software such as technical packages

Kernels, console apps, etc. will not show up.

This may be a feature, but some consider it a bug. I consider it yet another good reason to use the command line which is better.

You can see by the description above ubuntu-restricted-extras is very useful to the desktop experience.

To install from the command line:

# apt -y install ubuntu-restricted-extras

You may run into a hitch when the Microsoft EULA comes up. Use tab to move forward, shift-tab to move in reverse. Use space to select/click the OK button.

If you somehow miss the EULA and need to be prompted again:

# apt –purge –reinstall install ttf-mscorefonts-installer

If you need to remove ubuntu-restricted-extras:

# apt show ubuntu-restricted-extras
# apt show ubuntu-restricted-addons

Important: Take note of all the ‘Recommends:’ packages

# apt remove ubuntu-restricted-extras ubuntu-restricted-addons
# apt remove [all the recommended packages]

To get rid of the installed dependencies for the recommended packages:

# apt autoremove [all the recommended packages]

To reinstall:

# apt -y install ubuntu-restricted-extras

Thanks!
-Yehuda

Adding PHP to Ubuntu 16.04.02

Adding PHP and extensions for WordPress and Magento

This will install PHP and add the extensions needed for WordPress

# apt -y install php libapache2-mod-php php-mcrypt php-mysql php-mbstring

# vi /var/www/html/info.php

Browsing to your server hostname or IP address with /info.php at the end will show your PHP configuration

This script will show PHP extension status, and in particular extensions needed for Magento

# vi /var/www/html/extensions.php

Browsing to your server hostname or IP address with /extensions.php at the end will show your PHP configuration

This will install and activate the extensions needed for Magento

# apt -y install php-bcmath php-curl php-gd php-intl php-soap php-xml php-zip
# systemctl restart apache2

Note: php-xml includes xml, simplexml & xsl

Browsing to your server hostname or IP address with /extensions.php at the end will show your PHP configuration

# vi /etc/php/7.0/apache2/php.ini ## uncomment/change the following lines

# systemctl restart apache2

Thanks!
-Yehuda

Adding MySQL to Ubuntu 16.04.02

Installation of MySQL to a DigitalOcean Ubuntu 16.04.02 Server

# apt install -y mysql-server mysql-client
# mysql_secure_installation

Test root login and MySQL
# mysql -uroot -proot_password

 

WordPress MySQL Configuration

# mysql -uroot -proot_password

Test wordpress login and MySQL
# mysql -uwordpress -pw_password

 

Magento MySQL Configuration

# mysql -uroot -proot_password

Test magento login and MySQL
# mysql -umagento -pm_password

This may need to be set higher than 16MB for larger product numbers

 

Configuring for MySQL WorkBench remote access

# vi /etc/mysql/mysql.conf.d/mysqld.cnf

 

Remote access from any host

Open firewall to any host
# ufw allow proto tcp from any to any port 3306

Remote access from specific host

Open firewall to specific host
# ufw allow proto tcp from 192.168.1.50 to any port 3306

Thanks!
-Yehuda