Simple .htaccess under Debian/Ubuntu

I'm no web pro and the Apache2 documentation, although very thourough, was way too heavy for what I was trying to figure out. About 90 minutes into epic failure with various how-to and guide sites I was able to mangle my own configuration. Again -- I'm no apache master and I'm not really interested in learning everything to know about Apache right now. There are security concerns to be considered, but I am looking for something simple to protect an internal website. Your results may vary, but my case is that I have an internal webserver that I want to use to host a couple of departmental documents and files - nothing serious or top-secret here. If you are working with a public or internet server this may not be for you but might get you started in the right direction.

Under Debian/Ubuntu there are sites-available and sites-enabled for your virtual hosts. The configuration files for each of the sites are stored under /etc/apache2/sites-available, generally a single text file with the name of the site. In my case, I want to modify the default site as it is the main document root of this particular server.

# pico /etc/apache2/sites-available/default

Look for the directive that has your path you want to protect. Again, I want the document root of this server so I will be editing the seciton with . Change the line (under your directive only) AllowOverrides None to AllowOverrides All

Save the file with CTRL-X and reload the Apache configuration with the following command

# /etc/init.d/apache2 reload

Now that the configuration has been modified you can create the password file and the access file for the directory to be secured. It is a rule of thumb to not keep the password file in the document root so keep that in mind and place it somewhere that the webserver can read but users can not.

# htpasswd -c /path/to/password/.htpasswd username

Once the password file has been created (I called mine .htpasswd) you can add a user later with this command

# htpasswd /path/to/password/.htpasswd username

And to delete a user from this list, use this command (there are no confirmation prompts to delete)

# htpasswd -D /path/to/password/.htpasswd username

With the configuration changed and the password file created (.htpasswd in my case), we can now create the directory access change file called .htaccess. You need to place this file in the same directory that you changed the AllowOverride directive in your site configuration above AND reloaded apache2 or it will not work.

# pico /path/to/directory/needing/password/.htaccess

AuthName "Foo"

AuthType Basic

AuthFile /path/to/password/file/.htpasswd

Require valid-user

The AuthName directive can be anything you want to be displayed in the popup for the username/password box just be sure to encapsulate it between quotation marks or you will get a 500 Internal Server error when you go to test it.

Debian: TaskFreak Installation

TaskFreak! is an open source project and task management tool. Tool is an understatement, this thing is handy! Installing this is listed as easy and JustWorks(tm) but the documentation on it I feel is lacking. I've compiled a list detailed instructions below to get started with a Debian Lenny system and all of the pre-installation requirements.

Pre-Installation packages required:

# apt-get install apache2 mysql-server mysql-client php5 php5-mysql

# wget http://www.taskfreak.com/files/stable/taskfreak-multi-mysql-0.6.1.tgz

# tar -zxvf taskfreak-multi-mysql-0.6.1.tgz

# mv taskfreak/* /var/www/
Note: Be sure that all of the hidden . files get moved as well!

# pico /var/www/include/config.php
Note: Change the three lines listed with //edit me (DB_USER, DB_PASS & DB_BASE). These three variables are how you will be connecting to the MySQL database that we create a few lines down. Do _NOT_ use the root account for this as it will not work (and you shouldn't even if it does)


# mysql -u root -p
Note: You should have been given the opportunity to set a root password for your mysql installation. You will only need this initially to create the database and new user for TaskFreak.

-> create database [DB_BASE];

-> create user '[DB_USER]'@'localhost' identified by '[DB_PASS]';

-> grant all privileges on '[DB_BASE].* to '[DB_USER]'@'localhost' with grant option;

-> exit
Note: Be cautious of the punctuation. Remember that words between [ ] come from your install/config.php file and you do not enter the [ ] symbols, just the words. The ' and ; punctuation marks are specificly spaced and required. There should be a ; after every mysql command or when you press enter you will get a blank -> prompt. If that happens, just type a ; and press enter and it should continue.

Once the above has been completed, open your browser to point to your installation http://server.ip.address/install/index.php. Click the link at the top-left "Check Install" -- there will be errors about missing tables. To correct this, scroll down to the bottom and click the "YES create missing tables for me" button. The tables get created and the database returns a green OK for each element.

Logon to your new TaskFreak! server with the following url : http://server.ip.address/index.html

Debian: Finding fastest apt mirror

For Debian systems already configured and installed, there is a nifty tool that you can install that will check all of the Debian mirrors to see which is the fastest available. This doesn't always mean the the closest will be chosen and your firewall/router must allow traceroute through it.

# apt-get install netselect-apt# netselect-apt lenny

As simple as that! Thanks to mypapit's blog post.

Playing with MS Forefront

Yes I know I'm a linux guy but I support more Windows machines than I do linux. I've been waiting for Microsoft to release a competing Antivirus/Antimalware product for some time. With several years of bad experiences with CA and Symantec products, I'm happy to say that my initial deployment of Microsoft's Forefront Client Security has been successful. Setup is a bit tricky, though, as it depends on WSUS for deployment to the clients and although there is a manual process, it's a bit tedious to get these manual installations to report to the management server at first. I have to admit that once you get comfortable with WSUS, things are a lot easier to deal with. Firstly, the Forefront enterprise product has some very robust reporting and management features. Will be back with an edit and more info in a couple days/weeks as I get free time to blog, which isn't often.

Syndicate of 7

I've been running the 64bit edition of Windows 7 Ultimate for about 2 months now and so far very pleased with it. I've switched to 7 full-time so I can get a better feel of the OS as I did not embrace Vista. Taking quite a bit of getting used to but at least things are much easier to find and the new taskbar features are a great improvement. Another nice default feature is including a lot of codecs within Media Player. I was impressed that when I attached my USB drive all of my music file formats (ogg, aac & mp3) were capable of being played without looking for and subsequently installing add-ons and such. My only complaint thusfar is how poorly VMware Workstation 6 performs with more than 1 guest running. Luckily I still have my Debian drive handy for when I need to do intensive testing. I'll be back again soon with updates on my pilot of 7.

UPDATE 12/10/2009:

It's been a few more weeks and I'm still running Windows 7 full-time. We have a couple others in the company that are running 7 now (32 & 64 bit editions). I've also upgraded my Vmware Workstation to v7 and noticed that cleared up a ton of issues as far as compatability and such. I do miss my Debian install but for right now everything with 7 has been incredibly stable and now all the tools are at my fingertips for domain management and such. I've been tinkering with Media Center - not entirely on the bandwagon for that. It's a clunky interface to manage all of your media and what-not but to be honest, I prefer doing all of that myself without all of the layers, bells and whistles.

Script for deleting files older than X days

A much covered web topic for linux admin scripts is finding and deleting files that are older than X days. Google-foo returns about 5 million hits on the topic so I thought I'd join the Army of the Redundant and post my own. There are several different methods and discussions upon each method, pros and cons, etc. My purpose for this is to cover deleting old files that I am keeping in a mini-disaster recovery scenario where two Debian rsync boxes are each connected to a respective EMC AX150i SAN. The source SAN gets SQL dumps sent to it daily and these are replicated to the DR site. After a couple of weeks this will amount to nearly a terabyte of data that is really not neccesary and I would like to auto-prune these files to keep only 10 days available. Here is what I've done:

find /path/to/prune/directory -type f -mtime +10 -exec rm {} \;

Lightweight SMTP Relay for Debian

I was looking for an easy to use SMTP relay for internal machines that did not require a full postfix deployment. Basically, I wanted something to run ad-hoc that didn't run full-time, to forward my crontab results to another SMTP server. Googl-Fu came up with about a dozen results and of those, I tested and stuck with esmtp-run. The ease of installation and configuration was handy -- I had it running with about 4 lines of typing.

# apt-get install esmtp-run

Modify the host you want to relay to (don't forget to securely configure your relay to allow the connection) by changing the hostname value in the esmtprc configuration file.

# pico /etc/esmtprc
hostname=mail_relay_ip_or_fqdn:25

If you want to change the behavior of the messages that get sent out to force an alternate "reply-to", append this line to the end

force reverse_path=user@example.com

Now whenever cron jobs complete, the mail will get relayed and show a specific reply-to address that I use for administrative functions. The man pages for esmtprc are pretty concise and include several other options you may or may not need. There is support for various connection methods to get authenticated to your SMTP server so make sure you check out the man page for the configuration file.

# man esmtprc