Converting JailTime.org templates for HyperVM
Well, after finally figuring out how to do this myself, I felt necessary that I shared this with others, so that people can easily do this on their own without having to feel their way through doing this on their own.
Note: Root access is required. This MUST be done on a server or VPS that allows mounting using the loop device, as this is needed for some of the steps.
For our example, we are going to demonstrate how to convert the debian image into a HyperVM-ready image. This can also be done on any other template provided by JailTime.org.
Firstly, we must download the image onto the machine we’re going to be doing the conversion on.
wget “http://jailtime.org/lib/exe/fetch.php?cache=cache&media=download%3Adebian64%3Adebian.4-0.64.20080709.img.tar.bz2″
After downloading the file, we are going to extract out the image. There will be a xen configuration file in the archive as well, but this can be ignored as HyperVM generates its own xen configuration file.
tar jxf debian.4-0.64.20080709.img.tar.bz2
Next, we will prepare a directory to mount the image file to, and mount it using the loop device.
mkdir /mnt/foo
mount -o loop /root/debian.4-0.64.img /mnt/foo
Now, to get to the very simple part. All we need to do now is tarball the image so that HyperVM can read it appropriately.
cd /mnt/foo
tar -czf /home/hypervm/xen/template/debian-4.0-x86_64-jailtime.tar.gz
Please note, when naming the templates, you MUST name the template in the following schema:
distro-version-arch-custom.tar.gz
This instructs HyperVM which configuration variables it must pass to xen, and which configuration HyperVM must choose to ensure that the VPS will boot successfully.
After that step, your template is ready for use.
Note: I have noticed that some of the jailtime.org templates lack running GeTTY on xvc0, which may prove to be a hassle for some users, especially if they make use of the HyperVM console login. If you want to enable this, add the following line into your /etc/inittab
1:2345:respawn:/sbin/getty -L xvc0 9600 vt100
Also ensure that the line containing tty1 is commented out, as this may cause conflicts.
Happy templating!
Install Xen on Debian From Source
Let me guess, you’ve always wanted Xen on your server but could never figure out how? This tutorial will cover how to compile Xen and install Xen from its source on a Debian-based distribution.
Warning: you must have root access in order to do this.
Let’s install some prerequisites on your system to get your server ready.
apt-get install iproute bridge-utils python-twisted libc6-xen gcc binutils make zlib1g-dev python-dev transfig bzip2 screen ssh debootstrap libcurl3-dev libncurses5-dev x-dev libsdl1.2-dev bin86 bcc python-pam patch latex-make qemu qemu-launcher qemuctl graphviz graphviz-dev libvncserver-dev libjpeg62-dev libjpeg62 gettext python-xml gawk tetex-extra tetex-base openssl libssl-dev mercurial
Once this completes, it’s time to get Xen downloaded. In order to install it, run the following:
cd /usr/src
hg clone http://xenbits.xensource.com/linux-2.6.18-xen.hg
wget http://bits.xensource.com/oss-xen/release/3.2.1/xen-3.2.1.tar.gz
When these commands complete, you have successfully downloaded everything you need to install Xen. Let’s begin installing Xen. The next block of commands will completely install Xen.
tar -xf xen-3.2.1.tar.gz
cd xen-3.2.1
make prep-kernels
make dist
make install
depmod 2.6.18.8-xen
mkinitramfs -o /boot/initrd.img-2.6.18.8-xen 2.6.18.8-xen
Once these commands have been run, Xen is installed and ready to go. There’s three commands left to run to finalize your install.
Run these:
update-grub
update-rc.d xend defaults 20 21
update-rc.d xendomains defaults 21 20
Once these commands complete, reboot and you should now have a working Xen install.
Install yum on CentOS
So, you got your new VPS with CentOS, but it doesn’t have yum!
Well, here’s how to fix it. This tutorial will download all the RPM’s and then install them for you. To install yum, run the following (just copy and paste it):
for file in \
gmp-4.1.4-10.el5.i386.rpm \
python-2.4.3-21.el5.i386.rpm \
libxml2-2.6.26-2.1.2.1.i386.rpm \
libxml2-python-2.6.26-2.1.2.1.i386.rpm \
python-sqlite-1.1.7-1.2.1.i386.rpm \
rpm-python-4.4.2-48.el5.i386.rpm \
m2crypto-0.16-6.el5.2.i386.rpm \
python-urlgrabber-3.1.0-2.noarch.rpm \
yum-metadata-parser-1.1.2-2.el5.i386.rpm \
python-iniparse-0.2.3-4.el5.noarch.rpm \
python-elementtree-1.2.6-5.i386.rpm \
rpm-libs-4.4.2-48.el5.i386.rpm \
rpm-4.4.2-48.el5.i386.rpm \
yum-3.2.8-9.el5.centos.1.noarch.rpm
do wget http://mirror.centos.org/centos-5/5/os/i386/CentOS/$file;
done
When this is done, run:
rpm -Uvh *.rpm
yum update -y
Yum will now be installed, and your system will be ready to go. You’re all set.
Securing your Linux Firewall
As with any server, you want it to be as secure as possible. Most people throw firewalls together to take care of this issue, as well as employing Intrusion Detection Systems to thwart an attacker’s wishes to gain access to your machine, or cause it to become unresponsive. Today I will be demonstrating some simple SysCtl variables that you can employ on your server, which will turn on some simple protections in your linux kernel, helping thwart some forms of malicious attacks your server may encounter.
First, you will need to open your sysctl.conf file, generally located in /etc/sysctl.conf
Next, you will add the following to the bottom of your sysctl.conf file, to enable the built-in protection that the linux kernel has to offer.
net/ipv4/conf/all/rp_filter = 1
net/ipv4/conf/all/log_martians = 1
net/ipv4/conf/all/send_redirects = 0
net/ipv4/conf/all/accept_source_route = 0
net/ipv4/conf/all/accept_redirects = 0
net/ipv4/tcp_syncookies = 1
net/ipv4/icmp_echo_ignore_broadcasts = 1
Now, if your linux server is protecting a NAT, you will need to also add the following line to the sysctl.conf, if not already present, to allow ip forwarding to occur.
net/ipv4/ip_forward = 1
Next, you will need to instruct sysctl to reload the sysctl.conf file, as to update the /proc variables, so you can avoid the need for a reboot.
sysctl -p /etc/sysctl.conf
And there you have it. The built in protection within your linux kernel is active. Remember though, this is only supplemental to using a firewall, and not a replacement. There is no replacement for a properly secured firewall.
LAMP Tutorial for Debian and Ubuntu
You’ve always wanted to set up LAMP on your Debian/Ubuntu server but never knew how, right? Well, now you can. We’ll walk you through setting up LAMP on your server step by step.
Let’s start off by installing Apache 2 and PHP 5.
On Debian:
apt-get install apache2 php5 libapache2-mod-php5
On Ubuntu:
sudo apt-get install apache2 php5 libapache2-mod-php5
Once this has run, you will now have accomplished the “LAP” part of “LAMP”. Apache and PHP are now installed, and since you’re on Debian/Ubuntu, Linux is done too.
Let’s test out your PHP set up and make sure it’s working.
Run:
cd /var/www
echo “<? phpinfo(); ?>” > index.php
That command will create index.php with inside of it.
Visit http://yourip/index.php, you should see a PHP info page. If so, you’re good to go.
Now, let’s install MySQL to finish this job up. The following will install MySQL 5 and the PHP module for it.
On Debian:
apt-get install mysql-server mysql-client php5-mysql
On Ubuntu:
sudo apt-get install mysql-server mysql-client php5-mysql
Once this is done, the actual LAMP setup is finished. Now it’s time for a few little tweaks. We strongly recommend setting a MySQL root password. To set a MySQL root password, there’s a simple command to run:
mysqladmin -u root password NEWPASSWORD
Once this is set, restart Apache and your setup is finished.
The command to restart Apache is:
/etc/init.d/apache2 restart
Your LAMP setup is ready to go! Good luck.
Sponsors
