Skip to content

open

How to install ownCloud on Ubuntu 14.04 LTS – Your own Open Source Dropbox

Dropbox is great.  But, you are putting your private, personal data in a corporations hands.  That is a bit scary if you stop and think about it.  The good news is that you can run your own Dropbox, using an Open Source software package called ownCloud.  It’s amazing and works very well.  In this guide, we’ll be installing ownCloud on Ubuntu 14.04 LTS.  It’s not very hard, and when it’s all said and done you have your own personal cloud storage platform that you control.  You can even enable server-side encryption so that if you server is compromised, your data is still safe.  Lets get started.

 

How to install ownCloud on Ubuntu 14.04 LTS

 

This tutorial assumes you have installed Ubuntu 14.04 and have updated it to the latest and greatest using the commands below.  Just FYI, I’m installing it on a virtual machine on ESXi 5.5.  So, make sure everything is updated using these two commands.

 


#  sudo apt-get update

#  sudo apt-get upgrade

 

Next, we need to install a webserver (Apache), a database server (mysql) and PHP.  This is commonly called the LAMP stack.  Fortunately, this only requires two simple commands now, thanks to taskel.

 


#  sudo apt-get install taskel

#  sudo taskel install lamp-server

 

During installation, you will be prompted to set a root password for mysql.  Make sure to set this as a secure password, and do not forget it!

 

2016-03-03 15_36_10-mike@stash_ ~

 

Click Here To Continue Reading!!

How to open up all ports on VMware ESXi 5, 5.1 & 5.5 to specific IP addresses or subnet

It a lab environment, and very limited production scenarios, it’s often very useful to open all ports, TCP and UDP, but only to certain IP addresses, subnets, or IP address ranges. I have found very little info on this specifically, so I thought I would whip up this guide so you know an easy way to open up all ports for specific addresses. This will work on VMware ESXi 5, 5.1 and 5.5 for sure, but it will most likely work for most versions of ESXi, although I have not tested it. Please let me know if the comments if you have luck on non 5.x versions, specifically 4.x and 6.x.

Basically, we are going to create 4 firewall rules, each does the following:

  • Open all UDP ports inbound (ports 1-60,000).
  • Open all UDP ports outbound (ports 1-60,000).
  • Open all TCP ports inbound (ports 1-60,000).
  • Open all TCP ports outbound (ports 1-60,000).

Once that’s done we’ll lock access down to a specific address(s) via the vSphere Client. First, go ahead and SSH into your ESXi host. Once you are at a command prompt you will need to edit /etc/vmware/firewall/service.xml. I prefer nano, but that’s not available on ESXi, so we have to use VI. First, lets make a backup of the file and change permissions so we can edit the file.

# cp /etc/vmware/firewall/service.xml /etc/vmware/firewall/service.xml.bak
# chmod 644 /etc/vmware/firewall/service.xml
# chmod +t /etc/vmware/firewall/service.xml

Now we have a backup of the service.xml file, called service.xml.bak. We have also allowed writes to service.xml and toggled the sticky bit. Lets go ahead and open service.xml with vi.

# vi /etc/vmware/firewall/service.xml

The service.xml file is the main template for firewall rules, specifically pertaining to ports. It is what populates all of the available information on the Security Profile > Firewall tab in the vSphere Client. It is here we are going to add our four rules. If you are unfamiliar with vi, it can be a big confusing. Here are some pointers for you:

  • When you first enter vi, you cannot manipulate any text. to do so, hit the “i” key. This puts you in “insert” mode.
  • Once selecting “i” you can move about freely and add/edit at will.
  • After making all needed changes, press the “ESC” key, the “:” – This puts you in vi command mode.
  • At the “:” prompt, enter “w” (for write) and q (for quit) and then press enter. So it should look like this :wq
  • You have just saved and exited. That’s it. So, lets continue.

Click here to continue reading this tutorial

MailCleaner Spam Filter – How To Open a Port & Add IPTables Firewall Rules

MailCleaner is a nice Open Source Linux distribution that creates a spam filter appliance. It is designed to sit in between an email server and the internet and filter spam out of email using advanced rules, DNS RBL (realtime black list), and many other techniques. It also scans email for viruses. Although I no longer use MailCleaner (I have replaced it with ScrollOut F1), I remember coming across a big issue in the past that took me some time to figure out, so I thought I would share it.

Because MailCleaner is more or less an appliance, most aspects of the operating system are controlled by MailCleaner. A majority of the settings you need to change are easily available on the web interface, however firewall rules are not. MailCleaner is designed so that it manages all IPTables rules. If you manually add an IPTables rule from the command line, once it’s reloaded or the system is reboot, the rule is gone. That is because MailCleaner wipes out and reloads IPTables rules from data stored in its MySQL database. So, in order to open any additional ports, you must modify the database. I encountered this dilemma when I installed a remote monitoring client (the Nagios based Check_MK to be exact), and needed to open a port to allow the monitoring server to connect.

Lets assume I need to open up SSH (port 22) and RSYNC (port 873) and I only want my mail server’s IP, 1.2.3.4, to connect. Normally we would enter the following iptables commands:

sudo iptables -A INPUT -s 1.2.3.4/32 -p tcp -m tcp --dport 873 -j ACCEPT
sudo iptables -A INPUT -s 1.2.3.4/32 -p tcp -m tcp --dport 22 -j ACCEPT

But in this case, we cannot. The good news is the MailCleaner will do it for you if you add the correct info into the MySQL database. Here’s how you do that (from a command prompt on the MailCleaner server):

Click Here To Read The Entire Tutorial!