Sunday, April 26, 2020

Install Apache On Ubuntu Linux

Install the Apache web server on Ubuntu Linux. You will need to be able to install software and start services, so this example uses a Linux account with full sudo. In this example the Linux user name is "testuser".

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 18.04.4 LTS
Release:        18.04
Codename:       bionic


$ hostname -I
192.168.0.9


$ sudo ufw status
Status: inactive


# Update package list and install Apache.

$ sudo apt update
...
Fetched 2,854 kB in 2s (1,395 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.

$ sudo apt install apache2
...
Created symlink /etc/systemd/system/multi-user.target.wants/apache2.service → /lib/systemd/system/apache2.service.
Created symlink /etc/systemd/system/multi-user.target.wants/apache-htcacheclean.service → /lib/systemd/system/apache-htcacheclean.service.
...

# Note the screen output shows symlinks in the configuration directories for the system services.
 

# Let's see what was is running.
$ systemctl status apache2.service
● apache2.service - The Apache HTTP Server
   Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
  Drop-In: /lib/systemd/system/apache2.service.d
           └─apache2-systemd.conf
   Active: active (running) since Sun 2020-04-26 12:08:28 MDT; 2min 6s ago
 Main PID: 29916 (apache2)
    Tasks: 55 (limit: 4915)
   CGroup: /system.slice/apache2.service
           ├─29916 /usr/sbin/apache2 -k start
           ├─29918 /usr/sbin/apache2 -k start
           └─29919 /usr/sbin/apache2 -k start



# Use a web browser to go to the machine name or IP address.
# Earlier you found the IP address by typing "hostname -I".



# It is kind of the developers and package maintainers to put instructions on the home page! 

# Let's look at the index.html file.
$ cd /var/www/html
$ ls -l
total 12
-rw-r--r-- 1 root root 10918 Apr 26 12:08 index.html

# Being owned by root, we can guess an "apache" unix logon was not created.
$ grep apa /etc/passwd
# Nothing found. Also look at last line of /etc/passwd for a new entry.
$ tail -1 /etc/passwd

# Since software often has errors, bugs, and security holes, an attacker may exploit those
# holes and possibly gain access as the user which is running the software.
# The apache software is being run as root. It had better be perfect software!
# Let's look further.

$ ps -ef | grep apache
root     29916     1  0 12:08 ?        00:00:00 /usr/sbin/apache2 -k start
www-data 29918 29916  0 12:08 ?        00:00:00 /usr/sbin/apache2 -k start
www-data 29919 29916  0 12:08 ?        00:00:00 /usr/sbin/apache2


# Processes are running both as root and as the pre-existing unix logon www-data.

# Let's see if www-data is a less-privileged account than root
$ groups www-data
www-data : www-data
$ sudo grep www /etc/sudoers

# No output from grep, so it looks like www-data doesn't have sudo. This is good.
# To open a listening connection on a "low numbered port", you typically need to be root.
# Maybe that is why part of the web server is started as root. This is something to further explore.

# For now, let's change the static web page served from the file index.html.
$ cd /var/www/html
$ ls -l
total 12
-rw-r--r-- 1 root root 10918 Apr 26 12:08 index.html
$ sudo cp index.html index.html.orig
$ ls -l
total 24
-rw-r--r-- 1 root root 10918 Apr 26 12:08 index.html
-rw-r--r-- 1 root root 10918 Apr 26 12:29 index.html.orig


# Edit the file and add some text.  When editing the file, search for "welcome" and change the text.
$ sudo vi index.html
# In the "content_section_text", you may want to add a new paragraph tags and a couple lines such as:
<p>
“I'm a great believer in luck, and I find the harder I work the more I have of it.”
<a href="https://plato.stanford.edu/entries/jefferson">Thomas Jefferson</a>
</p>

# Reload your web browser to see your changes.



# Verify that systemctl is set up properly to start and stop the web server.
$ sudo systemctl stop apache2.service
$ ps -ef|grep apac
testuser       32236 28823  0 14:58 pts/0    00:00:00 grep apac


$ sudo systemctl start apache2.service
$ ps -ef | grep apac
root     32262     1  0 14:58 ?        00:00:00 /usr/sbin/apache2 -k start
www-data 32264 32262  0 14:58 ?        00:00:00 /usr/sbin/apache2 -k start
www-data 32265 32262  0 14:58 ?        00:00:00 /usr/sbin/apache2 -k start
testuser       32327 28823  0 14:58 pts/0    00:00:00 grep apac

$ systemctl status apache2.service
● apache2.service - The Apache HTTP Server
   Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
  Drop-In: /lib/systemd/system/apache2.service.d
           └─apache2-systemd.conf
   Active: active (running) since Sun 2020-04-26 14:58:53 MDT; 17s ago
  Process: 32214 ExecStop=/usr/sbin/apachectl stop (code=exited, status=0/SUCCESS)
  Process: 32242 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
 Main PID: 32262 (apache2)
    Tasks: 55 (limit: 4915)
   CGroup: /system.slice/apache2.service
           ├─32262 /usr/sbin/apache2 -k start
           ├─32264 /usr/sbin/apache2 -k start
           └─32265 /usr/sbin/apache2 -k start

If you run the firewall, remember to allow incoming pages to apache webserver.
$ sudo ufw enable
$ sudo ufw allow www

Saturday, April 18, 2020

Install Raspbian on Raspberry Pi B+

This will guide you through installation and configuration of a Raspberry Pi B+ with the Raspbian operating system so the device will be accessible on your network. Readily available for around $35, the Raspberry Pi ecosystem is fast-becoming a hobbyist workhorse.


Download Raspbian zip file from www.raspberrypi.org/downloads/raspbian. This example uses "Raspbian Buster with desktop" of February 2020.

Download the Etcher program from www.balena.io/etcher.  Etcher will write the OS zip file image to the SD card.

Insert an 8 GB (or more) microSD card in to the card reader on your Windows PC. This example uses a 32 GB card. In Windows Explorer you should see the SD card.
















Use the Etcher program to write the zip file OS image to the SD card.
 






























After writing the image, the SD card will be unmounted. Physically eject the card from your PC, then reinsert it. Determine the drive letter by looking in File Explorer.
















Let's tell the OS image to allow ssh login. Press the Windows Start button, type
cmd
and start the Command Prompt application.
In the command prompt, go to the drive letter of the SD card. In this example, type
F:

























Create a zero length file named ssh. In the command prompt, type
type nul > ssh



























If you will use a hard-wired ethernet connection from the device to your router, you will not need to configure wifi. To configure wifi, create a file named "wpa_supplicant.conf" with your wifi connection information. The file should only have the suffix ".conf" and the contents should not have Windows-like newline characters. It is important that newline characters are not added to this file. It should be a plain text file. Add the following to the wpa_supplicant.conf file.
country=US
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1

network={
scan_ssid=1
ssid="yourWifiSsid"
psk="yourWifiPassword"
}


Type exit to leave the command prompt.

In Windows File Explorer, right-click on the drive and choose EJECT. Physically eject the SD card from the PC.

Plug in the microSD card to the device, and insert the power connector cord in to the device. Don't yet plug it in to power.

Open your router configuration page, and look for the area which shows the current connections. You will looking for either a new DHCP client or a new MAC address. Now that you have opened your router configuration to the appropriate page, plug in the wall power for the device and turn on the power  switch.
Watch the router page for a new connection. If using wifi and it doesn't connect to the router, use the ethernet cable method. Note the IP address.


















Press the Windows Start button and open a command prompt. In the Windows command prompt, connect to the device using the IP address as seen in your router.
ssh pi@192.168.1.101
Accept the key fingerprint warning by typing yes.
The password is
raspberry

You should be logged in. Change the password.
$ passwd

















Modify settings such as locale language, host name, and maybe enable VNC. Start the handy configuration tool. I changed the locale and the host name.
$ sudo raspi-config

If wifi didn't work or you want to enable it, become root and edit the file.
$ sudo su
$ sudo vi /etc/wpa_supplicant/wpa_supplicant.conf


Reboot the device.
$ sudo reboot

The router page will show the new host name.

















For installation of an operating system on bare hardware, this was a smooth and pleasant experience. The teams who put together the custom OS and configuration tools have done superb!

Another good guide for how to install Raspbian OS is at Tom's Hardware.

Friday, April 17, 2020

Install PostgreSQL on Ubuntu Linux

# The documentation website of PostgreSQL is www.postgresql.org/docs.

$ sudo addgroup sql
[sudo] password for testuser:
Adding group `sql' (GID 1005) ...
Done.

$ sudo adduser pgsqlown --ingroup sql

$ sudo apt-get update
$ sudo apt-get upgrade


# For the software download, you may choose a more recent version of the database with the following section of this write-up, or skip ahead.
# If you want to install a more recent version:
$ sudo apt-get install curl ca-certificates gnupg
$ curl https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  4812  100  4812    0     0   4105      0  0:00:01  0:00:01 --:--:--  4105
OK


# Create /etc/apt/sources.list.d/pgdg.list with a line for the repository version for your Linux version.
$ lsb_release -c
Codename:       bionic
$ cat /etc/apt/sources.list.d/pgdg.list
deb http://apt.postgresql.org/pub/repos/apt/ bionic-pgdg main
$ sudo apt-get update
$ sudo apt-get install postgresql-11


# Use this for the quick install of whatever version is provided at the time of the Ubuntu release. Do one or the other of the prior install or the following install.
$ sudo apt install postgresql postgresql-contrib

# If you are watching /var/log/syslog during the install, you will see entries like:
Apr 16 22:19:16 dell990 systemd[1]: Starting PostgreSQL RDBMS...
Apr 16 22:19:16 dell990 systemd[1]: Started PostgreSQL RDBMS.
Apr 16 22:19:19 dell990 systemd[1]: Reloading.
Apr 16 22:19:19 dell990 systemd[1]: message repeated 2 times: [ Reloading.]
Apr 16 22:19:20 dell990 systemd[1]: Created slice system-postgresql.slice.
Apr 16 22:19:20 dell990 systemd[1]: Starting PostgreSQL Cluster 10-main...
Apr 16 22:19:22 dell990 systemd[1]: Started PostgreSQL Cluster 10-main.


$ ps -ef | grep sql
postgres  6118     1  0 22:19 ?        00:00:00 /usr/lib/postgresql/10/bin/postgres -D /var/lib/postgresql/10/main -c config_file=/etc/postgresql/10/main/postgresql.conf


# You should take a moment to review the config file.
$ more /etc/postgresql/10/main/postgresql.conf
$ grep -v ^\# /etc/postgresql/10/main/postgresql.conf | grep -v ^$ | grep -v $'\t'

# Note the install made the postgres user, with a home directory in /var/lib.
$ tail -1 /etc/passwd
postgres:x:122:123:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash


# As configured, the postgres unix account does not allow a direct login, nor "su", because of the "*" (asterisk/star) in the second field of the actual password file.
$ sudo tail -1 /etc/shadow
postgres:*:18369:0:99999:7:::


# The software install made a unix group for the postgres user.
$ tail -1 /etc/group
postgres:x:123:


# All of the running processes for the database owner.
$ ps -fu postgres
UID        PID  PPID  C STIME TTY          TIME CMD
postgres  6118     1  0 22:19 ?        00:00:00 /usr/lib/postgresql/10/bin/postgres -D /var/lib/postgresql/10/main -c config_file=/etc/postgresql/10/main/postgresql.conf
postgres  6128  6118  0 22:19 ?        00:00:00 postgres: 10/main: checkpointer process
postgres  6129  6118  0 22:19 ?        00:00:00 postgres: 10/main: writer process
postgres  6130  6118  0 22:19 ?        00:00:00 postgres: 10/main: wal writer process
postgres  6131  6118  0 22:19 ?        00:00:00 postgres: 10/main: autovacuum launcher process
postgres  6133  6118  0 22:19 ?        00:00:00 postgres: 10/main: stats collector process
postgres  6135  6118  0 22:19 ?        00:00:00 postgres: 10/main: bgworker: logical replication launcher

# Note the line with PID 6118. That started the database server and shows the configuration file.

# The software install may have been placed in /usr/share.
$ ls -ld /usr/share post*
drwxr-xr-x   3 root root  4096 Apr 16 22:19 postgresql
drwxr-xr-x   5 root root  4096 Apr 16 22:19 postgresql-common
drwxr-xr-x 253 root root 12288 Apr 16 22:19 /usr/share


# Check if automatic database startup was configured with systemctl. Looks like it was not configured, as there are no new files in /etc/systemd/system.
$ ls -ltr /etc/systemd/system

# Yet there is a systemctl entry.
$ systemctl status postgresql
● postgresql.service - PostgreSQL RDBMS
   Loaded: loaded (/lib/systemd/system/postgresql.service; enabled; vendor preset: enabled)
   Active: active (exited) since Thu 2020-04-16 22:19:16 MDT; 1 day 1h ago
 Main PID: 5093 (code=exited, status=0/SUCCESS)
    Tasks: 0 (limit: 4915)
   CGroup: /system.slice/postgresql.service
 

# It is running from systemctl, so look further for systemctl files.
$ sudo grep -i post /etc/systemd/system/*/* 2>/dev/null
/etc/systemd/system/multi-user.target.wants/postgresql.service:# systemd service for managing all PostgreSQL clusters on the system. This
/etc/systemd/system/multi-user.target.wants/postgresql.service:Description=PostgreSQL RDBMS


# Check if jobs were added in cron. Can we "su" to login to the new account... Is there a password for the user?
$ sudo grep postgres /etc/shadow
postgres:*:18369:0:99999:7:::

# The second field has an asterisk (*), so it is not possible to "su" and enter a password.

# Let's use sudo to become the user and look for a crontab entry.
$ sudo su - postgres
postgres@dell990:~$ id
uid=122(postgres) gid=123(postgres) groups=123(postgres),112(ssl-cert)
postgres@dell990:~$ crontab -l
no crontab for postgres

# We have determined nothing is configured cron, and the database start and stop is configured in systemctl.

# Let's try to log in with the sql interpreter, and then log out.
$ psql
psql (10.12 (Ubuntu 10.12-0ubuntu0.18.04.1))
Type "help" for help.
postgres=# \q

# Exit the sql interpreter with "\q" and press ENTER.

# Confirm which version of the database we are connecting to. Press "q" when you have finished reading the output from the SELECT command.
$ psql
psql (10.12 (Ubuntu 10.12-0ubuntu0.18.04.1))
Type "help" for help.
postgres=# select version();
                                                                version                                                
----------------------------------------------------------------------------------------------------------------------------------------
 PostgreSQL 10.12 (Ubuntu 10.12-0ubuntu0.18.04.1) on x86_64-pc-linux-gnu, compiled by gcc (Ubuntu 7.4.0-1ubuntu1~18.04.1) 7.4.0, 64-bit
(1 row)

(END)                                                                version                                           
----------------------------------------------------------------------------------------------------------------------------------------
 PostgreSQL 10.12 (Ubuntu 10.12-0ubuntu0.18.04.1) on x86_64-pc-linux-gnu, compiled by gcc (Ubuntu 7.4.0-1ubuntu1~18.04.1) 7.4.0, 64-bit
(1 row)

(END)           


# Another way to show the database software version while in the sql interpreter.
postgres=# show server_version;
            server_version
---------------------------------------
 10.12 (Ubuntu 10.12-0ubuntu0.18.04.1)
(1 row)


# We can also ask the postgres executable which version it is.
$ postgres -V
Command 'postgres' not found, did you mean:
  command 'postgrey' from deb postgrey
Try: apt install <deb name>


# Confirm we are using the unix login of the software owner, and look at the PATH environment variable.
$ whoami
postgres
$ echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin


# Find where "postgres" was installed in the filesystem.
$ sudo find / -name postgres -print 2>/dev/null
/run/sudo/ts/postgres
/usr/lib/postgresql/10/bin/postgres


# The directory in that second line of output should be added to our PATH shell environment variable. Add just the directory path, not the actual "postgres" command.
$ echo 'export PATH=$PATH:/usr/lib/postgresql/10/bin' >> /var/lib/postgresql/.bashrc

# Login again, or "source" the login file. Type this in the "home" directory.
$ . ./.bashrc

# Check the new setting of PATH shell environment variable.
$ echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/usr/lib/postgresql/10/bin/postgres:/usr/lib/postgresql/10/bin


# Try the version command again.
$ postgres -V
postgres (PostgreSQL) 10.12 (Ubuntu 10.12-0ubuntu0.18.04.1)


# Log in and find out which role is in use. In this case, it is the same as the unix login.
$ psql
psql (10.12 (Ubuntu 10.12-0ubuntu0.18.04.1))
Type "help" for help.

postgres=# \conninfo
You are connected to database "postgres" as user "postgres" via socket in "/var/run/postgresql" at port "5432".


# List table names in this database. In this case, there are none.
postgres=# \d
Did not find any relations.



### Use PostgreSQL perl wrapper to determine what is running. Similar, though different than the earlier "ps" command.
$ pg_lsclusters
Ver Cluster Port Status Owner    Data directory              Log file
10  main    5432 online postgres /var/lib/postgresql/10/main /var/log/postgresql/postgresql-10-main.log
 

$ pg_ctlcluster 10 main status
pg_ctl: server is running (PID: 6118)
/usr/lib/postgresql/10/bin/postgres "-D" "/var/lib/postgresql/10/main" "-c" "config_file=/etc/postgresql/10/main/postgresql.conf"

# Stop the server. You may want to simultaneously run unix "top" in another window to watch the process.
# While you can use pg_ctlcluster with "stop", you should use the already-configured systemctl.


### Set up a backup. This is a client program which may be run from a different machine.
$ which pg_dumpall
/usr/bin/pg_dumpall


# The command to backup all databases should run quickly because nothing has been added yet.
$ pg_dumpall > /tmp/postgres.backup

# The curious may want to look at the backup file.
$ file /tmp/postgres.backup
/tmp/postgres.backup: ASCII text
$ more /tmp/postgres.backup

--
-- PostgreSQL database cluster dump
--

... and the backup file continues and ends with ...
--
-- PostgreSQL database cluster dump complete
--


# Add the following line in unix user postgres crontab.
$ crontab -l
* 1 * * * /usr/lib/postgresql/10/bin/pg_dumpall > /tmp/postgres.backup.$(/bin/date +%Y%m%d.%H%M%S) 1>>/tmp/postgres.cron 2>>&1