Simple .htaccess under Debian/Ubuntu

I'm no web pro and the Apache2 documentation, although very thourough, was way too heavy for what I was trying to figure out. About 90 minutes into epic failure with various how-to and guide sites I was able to mangle my own configuration. Again -- I'm no apache master and I'm not really interested in learning everything to know about Apache right now. There are security concerns to be considered, but I am looking for something simple to protect an internal website. Your results may vary, but my case is that I have an internal webserver that I want to use to host a couple of departmental documents and files - nothing serious or top-secret here. If you are working with a public or internet server this may not be for you but might get you started in the right direction.

Under Debian/Ubuntu there are sites-available and sites-enabled for your virtual hosts. The configuration files for each of the sites are stored under /etc/apache2/sites-available, generally a single text file with the name of the site. In my case, I want to modify the default site as it is the main document root of this particular server.

# pico /etc/apache2/sites-available/default

Look for the directive that has your path you want to protect. Again, I want the document root of this server so I will be editing the seciton with . Change the line (under your directive only) AllowOverrides None to AllowOverrides All

Save the file with CTRL-X and reload the Apache configuration with the following command

# /etc/init.d/apache2 reload

Now that the configuration has been modified you can create the password file and the access file for the directory to be secured. It is a rule of thumb to not keep the password file in the document root so keep that in mind and place it somewhere that the webserver can read but users can not.

# htpasswd -c /path/to/password/.htpasswd username

Once the password file has been created (I called mine .htpasswd) you can add a user later with this command

# htpasswd /path/to/password/.htpasswd username

And to delete a user from this list, use this command (there are no confirmation prompts to delete)

# htpasswd -D /path/to/password/.htpasswd username

With the configuration changed and the password file created (.htpasswd in my case), we can now create the directory access change file called .htaccess. You need to place this file in the same directory that you changed the AllowOverride directive in your site configuration above AND reloaded apache2 or it will not work.

# pico /path/to/directory/needing/password/.htaccess

AuthName "Foo"

AuthType Basic

AuthFile /path/to/password/file/.htpasswd

Require valid-user

The AuthName directive can be anything you want to be displayed in the popup for the username/password box just be sure to encapsulate it between quotation marks or you will get a 500 Internal Server error when you go to test it.

Debian: TaskFreak Installation

TaskFreak! is an open source project and task management tool. Tool is an understatement, this thing is handy! Installing this is listed as easy and JustWorks(tm) but the documentation on it I feel is lacking. I've compiled a list detailed instructions below to get started with a Debian Lenny system and all of the pre-installation requirements.

Pre-Installation packages required:

# apt-get install apache2 mysql-server mysql-client php5 php5-mysql

# wget http://www.taskfreak.com/files/stable/taskfreak-multi-mysql-0.6.1.tgz

# tar -zxvf taskfreak-multi-mysql-0.6.1.tgz

# mv taskfreak/* /var/www/
Note: Be sure that all of the hidden . files get moved as well!

# pico /var/www/include/config.php
Note: Change the three lines listed with //edit me (DB_USER, DB_PASS & DB_BASE). These three variables are how you will be connecting to the MySQL database that we create a few lines down. Do _NOT_ use the root account for this as it will not work (and you shouldn't even if it does)


# mysql -u root -p
Note: You should have been given the opportunity to set a root password for your mysql installation. You will only need this initially to create the database and new user for TaskFreak.

-> create database [DB_BASE];

-> create user '[DB_USER]'@'localhost' identified by '[DB_PASS]';

-> grant all privileges on '[DB_BASE].* to '[DB_USER]'@'localhost' with grant option;

-> exit
Note: Be cautious of the punctuation. Remember that words between [ ] come from your install/config.php file and you do not enter the [ ] symbols, just the words. The ' and ; punctuation marks are specificly spaced and required. There should be a ; after every mysql command or when you press enter you will get a blank -> prompt. If that happens, just type a ; and press enter and it should continue.

Once the above has been completed, open your browser to point to your installation http://server.ip.address/install/index.php. Click the link at the top-left "Check Install" -- there will be errors about missing tables. To correct this, scroll down to the bottom and click the "YES create missing tables for me" button. The tables get created and the database returns a green OK for each element.

Logon to your new TaskFreak! server with the following url : http://server.ip.address/index.html

Debian: Finding fastest apt mirror

For Debian systems already configured and installed, there is a nifty tool that you can install that will check all of the Debian mirrors to see which is the fastest available. This doesn't always mean the the closest will be chosen and your firewall/router must allow traceroute through it.

# apt-get install netselect-apt# netselect-apt lenny

As simple as that! Thanks to mypapit's blog post.

Playing with MS Forefront

Yes I know I'm a linux guy but I support more Windows machines than I do linux. I've been waiting for Microsoft to release a competing Antivirus/Antimalware product for some time. With several years of bad experiences with CA and Symantec products, I'm happy to say that my initial deployment of Microsoft's Forefront Client Security has been successful. Setup is a bit tricky, though, as it depends on WSUS for deployment to the clients and although there is a manual process, it's a bit tedious to get these manual installations to report to the management server at first. I have to admit that once you get comfortable with WSUS, things are a lot easier to deal with. Firstly, the Forefront enterprise product has some very robust reporting and management features. Will be back with an edit and more info in a couple days/weeks as I get free time to blog, which isn't often.

Syndicate of 7

I've been running the 64bit edition of Windows 7 Ultimate for about 2 months now and so far very pleased with it. I've switched to 7 full-time so I can get a better feel of the OS as I did not embrace Vista. Taking quite a bit of getting used to but at least things are much easier to find and the new taskbar features are a great improvement. Another nice default feature is including a lot of codecs within Media Player. I was impressed that when I attached my USB drive all of my music file formats (ogg, aac & mp3) were capable of being played without looking for and subsequently installing add-ons and such. My only complaint thusfar is how poorly VMware Workstation 6 performs with more than 1 guest running. Luckily I still have my Debian drive handy for when I need to do intensive testing. I'll be back again soon with updates on my pilot of 7.

UPDATE 12/10/2009:

It's been a few more weeks and I'm still running Windows 7 full-time. We have a couple others in the company that are running 7 now (32 & 64 bit editions). I've also upgraded my Vmware Workstation to v7 and noticed that cleared up a ton of issues as far as compatability and such. I do miss my Debian install but for right now everything with 7 has been incredibly stable and now all the tools are at my fingertips for domain management and such. I've been tinkering with Media Center - not entirely on the bandwagon for that. It's a clunky interface to manage all of your media and what-not but to be honest, I prefer doing all of that myself without all of the layers, bells and whistles.

Script for deleting files older than X days

A much covered web topic for linux admin scripts is finding and deleting files that are older than X days. Google-foo returns about 5 million hits on the topic so I thought I'd join the Army of the Redundant and post my own. There are several different methods and discussions upon each method, pros and cons, etc. My purpose for this is to cover deleting old files that I am keeping in a mini-disaster recovery scenario where two Debian rsync boxes are each connected to a respective EMC AX150i SAN. The source SAN gets SQL dumps sent to it daily and these are replicated to the DR site. After a couple of weeks this will amount to nearly a terabyte of data that is really not neccesary and I would like to auto-prune these files to keep only 10 days available. Here is what I've done:

find /path/to/prune/directory -type f -mtime +10 -exec rm {} \;

Lightweight SMTP Relay for Debian

I was looking for an easy to use SMTP relay for internal machines that did not require a full postfix deployment. Basically, I wanted something to run ad-hoc that didn't run full-time, to forward my crontab results to another SMTP server. Googl-Fu came up with about a dozen results and of those, I tested and stuck with esmtp-run. The ease of installation and configuration was handy -- I had it running with about 4 lines of typing.

# apt-get install esmtp-run

Modify the host you want to relay to (don't forget to securely configure your relay to allow the connection) by changing the hostname value in the esmtprc configuration file.

# pico /etc/esmtprc
hostname=mail_relay_ip_or_fqdn:25

If you want to change the behavior of the messages that get sent out to force an alternate "reply-to", append this line to the end

force reverse_path=user@example.com

Now whenever cron jobs complete, the mail will get relayed and show a specific reply-to address that I use for administrative functions. The man pages for esmtprc are pretty concise and include several other options you may or may not need. There is support for various connection methods to get authenticated to your SMTP server so make sure you check out the man page for the configuration file.

# man esmtprc

Part 4: Debian Lenny 64bit on a Dell Precision M4300 - Sound from VMware Workstation 6.5.x Guests

No show-stopping issues with VMWare Workstation 6.5 under 64bit Debian Lenny, just no sound from guests. This is because of a VMware problem in that it relies on OSS driver support and /dev/dsp. There are tons and tons of posts all over Google asking about how to fix it but no real answers. Luckily, I stumbled on one pretty low on the search results that did the magic trick. 3 modprobes later and viola, sound in guests! Mucho credit to Crumja's blog over at Wordpress for his discovery of another post on the Debian forums from HokieTux. At the time of this writing, the Debian forums are down due to an admin account getting hacked but should be up again shortly. I'm blogging from my Vista drive today so when I switch back to the Lenny drive or the Debian forums come back, I'll post the 3 modprobes and how to automate them loading at bootup. Until then, use the links above (last paragraph on Crumja's blog describes the problem and there he links to the Debian forum post from HokieTux).

Part 3: Debian Lenny 64bit on a Dell Precision M4300 - Intel Wireless (wifi driver and management)

Ok things got a little interesting in my initial installation of Lenny on my Dell Precision M4300. The Ubuntu experience was pretty straight forward as they included the proprietary driver whereas Debian does not. It wasn't a tragedy, thankfully. One other major difference I've found with the Ubuntu driver was the wireless LED refused to light up when toggled on. It's glowing brightly and blinking with activity under Lenny and something as aesthetic as that actually made me smile.

Earlier, during the initial Lenny installation, I saw the warning that there was a non-included firmware required to use the Intel wifi adapter but was able to skip and install it later. A simple apt-get and the firmware (driver) can be loaded. You may need to add non-free to your /etc/apt/sources.list if you haven't already. Also, I found a nice network manager over the one included with Gnome, WICD. I will walk through the process of installing the firmware and the WICD network manager below.

Open a terminal and become root

# apt-get install firmware-iwlwifi

# modprobe iwl4965

Edit /etc/apt/sources.list and append as a single line at the end:

deb http://apt.wicd.net/ debian
extras

# apt-get update

Note the NO_PUBKEY # - we need it for the next step as [NO_PUBKEY#]

# gpg --keyserver subkeys.pgp.net --recv [NO_PUBKEY#]

# gpg --export --armor [NO_PUBKEY#] apt-key add -

You may get a warning about unsafe ownership this should be ok

# apt-get update

# apt-get install wicd

Toggle your wifi switch so that it is enabled

Start WICD Network Manager from the Applications / Internet drop-down


Within a few seconds of starting WICD you should see wifi connections that are within range although you may have to twiddle through the listings. If you don't see any in range you can always click the Refresh button manually to update the list. If you select a protected wifi connection use the Advanced Settings button to enter required details for WEP/WPA/etc for each network.

Have I mentioned that I love the return of the WiFi LED on my laptop? :)

Part 2: Debian Lenny 64bit on a Dell Precision M4300 - Audio / Video Codecs

Coming from the Ubuntu world I missed out on the fine pleasures of manually obtaining and installing codecs for audio and video playback. It was pretty simple in Ubuntu where you just double-clicked the source file and automagicaly Synaptic would open and confirm the packages to add and then everything was all happy. In Debian it's not automatically as simple but it can be. I'm a creature of habit and although there may be alternate methods for this, I prefer to have things like this installed on the fly. I followed a couple of steps to enable this feature and now back in musical bliss!

Open a terminal and become root

# apt-get install gnome-app-install

Open Synaptic Package Manager through the System / Administration / Synaptic Package Manager drop down

Close Synaptic (we just want to initialize it with the new add-on)

Navigate to your media file (an mp3, avi, wmv, aac, etc.) and double-click on it

When prompted to search for the appropriate codec, click on search, then update, then checkmark the appropriate packages

Repeat from navigating and double-clicking for any other codecs

Part 1: Debian Lenny 64bit on a Dell Precision M4300 - Nvidia Quadro FX 360M

I had to apply several tweeks to get Debian Lenny installed with the proprietary Nvidia driver (for 3D support and an easy method to get dual screens working with minimal hair pulling) on my Precision M4300 laptop from Dell. Also, I had a few issues with the integrated Intel wireless and the audio package. It took me a couple hours of Google-Fu but I think I've come up with a complete list of steps that I'll split up into 3 parts. I only downloaded and burned disk1 from the Debian torrent link for AMD64. I have a pretty fast connection here at the office so I didn't bother with the DVD or subsequent disks (there are like 28+ CD images) and I plan to use apt for just about everything else once the base install is complete.

The following assumes that you already have a DHCP server and a NAT'd connection to the internet. If you are connecting directly to the internet through your cable/dsl provider, your results may vary.

Remove all external hard drives

Boot with the CD (I chose not to use the gui installer)

Accept defaults - keyboard, region, timezone, etc

Skip the message about wifi firmware as we will install this later in Part 3

Partition as needed (I normally separate /home but chose not to for this exercise)

Enter a sensible root password, local username and local user password

Select "No" to scan another CD/DVD (unless you have the others handy)

Select "Yes" for a network mirror (I use ftp-mirror.internap.com they are fast!)

Enter your proxy if you have one

I chose to participate in the package survery - it's off by default

For software selection, I chose Desktop, Laptop and Standard

Complete installation took about 12 minutes to boot up again to the GDM login


!! If you have an external monitor attached you will notice it flickering badly. This will go away very shortly !!

Press CTRL-ALT-F1 to enter a console and logon as root

# /etc/init.d/gdm stop

Edit /etc/apt/sources.list with pico to include contrib and non-free for your sources, then save with CTRL-X

# apt-get update

# apt-get install module-assistant

# m-a prepare (accept with Y at two prompts to get dependancies)

# m-a update

# m-a a-i nvidia

# apt-get install nvidia-xconfig nvidia-settings

# nvidia-xconfig

!! You will get a VALIDATION error -- this is ok !!

# modprobe nvidia

# /etc/init.d/gdm start

!! Remember to go back to the console you left open with CTRL-ALT-F1 and exit, then CTRL-ALT-F7 to return to gui and login with your local account!!

Open a terminal from the Applications / Accessories drop down and run nvidia-settings

Click on the disabled external monitor, click Configure, select Seperate X Session, then save the config to your home directory.

!! I prefer Seperate X Sessions over twinview for several reasons. First is because I like having independant resolutions and dedicated work spaces, each with their own virtual desktops. Maximizing any window doesn't take up space on both monitors. Some argue it takes up too much RAM but hey, this puppy has 4G of RAM and I haven't felt any difference. Feel free to use twinview at your own discretion !!

Become root in your shell and backup your current xorg.conf file, then copy your saved to production

# cp /etc/X11/xorg.conf /etc/X11/xorg.conf.orig

# cp ~[your local username]/xorg.conf /etc/X11/xorg.conf

To activate the config press CTRL-ALT-BACKSPACE to restart the X servers


Enjoy your 3D support proprietary Nvidia driver.

UPDATE! If you upgrade the kernel and reboot, the X server will error out and drop you to a console. Perform the following commands:

# Login as root

# apt-get install linux-headers-$(uname -r)

# m-a prepare

# m-a update

# m-a a-i nvidia


You should not have to reconfigure X or nvidia-settings as these commands just compile the kernel modules for use with the nvidia driver.

First Post

Initial post for setup and familiarization with the Google blogsite. It's my intent to centralize and publicize a lot of my IT workings and findings with Linux (Debian and Ubuntu) and Windows. From installation guides or quirks I've found doing various projects involving either OS. I'm a linux enthusiast at heart but I have to work with and support more Windows devices. For the most part, I spend a lot of time performing Google-Fu for projects, bugs, installation practices and general work arounds. Although I may invest a decent amount of my time collecting resources from the hard work of others, I will be sure to give credit to where I find my sources and try to keep links current.

Here's my current work rig stats:

Dell Precision M4300
4G RAM
Two 200G SATA (AHCI mode) Hard drives
External Dell 21" Widescreen

I have to get a new digital camera so I'll get some pics of my current work area inserted here as soon as I can get a couple extra $$$. Been keeping an eye out on Woot! for an inexpensive one that's at least 3MP.

I regularly switch between 64bit Debian Lenny and 64bit Windows Vista Ultimate. My primary OS is Debian but rather than work with Vista in a VMware guest I sometimes slum it for a day or two of the week and swap hard drives to the Vista build. Prior to Debian, my primary OS was Ubuntu but I grew very tired of the unstable and very frequent updates.

Some background info ...

I'm almost 40 and have been in IT for nearly 20 years. Married for 13 years now with 5 kids. I like to consider myself a "Jack-Of-All-Trades" in my career and even after all of this time I still haven't dedicated myself to a niche in IT. I have really delved into virtualization with VMware the last couple of years on production and development environments. No formal training ... mostly trial and error and web research by trolling Experts-Exchange and the VMware communities. I'm also considering putting forth some effort into learning a lot more about SQL other than just basic administration.

I've rambled enough -- time to submit this carp... and here's a photo of my old rigs at my desk (A Dell Precision M70 laptop and Optiplex 380 desktop). Once I get that shiny new digital camera I'll get some updated photos.