Ubuntu LAMP + Bind
- Update server
$ apt update $ apt upgrade
- Add new sudo user "sudouser"
$ adduser sudouser $ usermod -aG sudo sudouser # Login via SSH using the new user and test if sudo works
- Deny root login via ssh
$ vim /etc/ssh/sshd_config # Find line 'PermitRootLogin' and set it to 'no' PermitRootLogin no # Restart SSH server $ systemctl restart sshd
- Enable firewall
# List available applications $ ufw app list # Output Available applications: OpenSSH # Allow OpenSSH $ ufw allow OpenSSH # Enable UFW $ ufw enable # Type "y" and press ENTER to proceed. You can see that SSH connections are still allowed by typing: $ ufw status # Output Status: active To Action From -- ------ ---- OpenSSH ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6)
- Install apache and add it to firewall exceptions
$ sudo apt install apache2 $ sudo ufw app list # Output Available applications: Apache Apache Full Apache Secure OpenSSH $ sudo ufw app info "Apache Full" #Output Profile: Apache Full Title: Web Server (HTTP,HTTPS) Description: Apache v2 is the next generation of the omnipresent Apache web server. Ports: 80,443/tcp # Allow incoming HTTP and HTTPS traffic for this profile: $ sudo ufw allow in "Apache Full"
- Install MySql server
$ sudo apt install mysql-server # Secure the installation (Login doesn't work without this) $ sudo mysql_secure_installation # For temporary remote access, you can unbind MySql Server from 127.0.0.1 by editing the config file $ sudo vim /etc/mysql/mysql.conf.d/mysqld.cnf # Comment out the line bind-address = 127.0.0.1 # By adding # at the beginning $ sudo systemctl restart mysql # Add remote root user. Remove 'WITH mysql_native_password' to use new password encryption $ sudo mysql CREATE USER 'newuser'@'%' IDENTIFIED WITH mysql_native_password BY 'password'; GRANT ALL PRIVILEGES ON * . * TO 'newuser'@'%' WITH GRANT OPTION; FLUSH PRIVILEGES; quit; # Allow MySql through firewall sudo ufw allow from any to any port 3306 # This is dangerous, as you basicly gave a root user access from anywhere. Disable this after you finish, and bind the server to locahhost
- Install PHP
$ sudo apt install php libapache2-mod-php php-mysql php-cli # Move index.php to first place $ sudo vim /etc/apache2/mods-enabled/dir.conf <IfModule mod_dir.c> DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm </IfModule> # Restart apache $ sudo systemctl restart apache2 # You can also check on the status of the apache2 service using systemctl: $ sudo systemctl status apache2 # Sample Output ● apache2.service - LSB: Apache2 web server Loaded: loaded (/etc/init.d/apache2; bad; vendor preset: enabled) Drop-In: /lib/systemd/system/apache2.service.d └─apache2-systemd.conf Active: active (running) since Tue 2018-04-23 14:28:43 EDT; 45s ago Docs: man:systemd-sysv-generator(8) Process: 13581 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS) Process: 13605 ExecStart=/etc/init.d/apache2 start (code=exited, status=0/SUCCESS) Tasks: 6 (limit: 512) CGroup: /system.slice/apache2.service ├─13623 /usr/sbin/apache2 -k start ├─13626 /usr/sbin/apache2 -k start ├─13627 /usr/sbin/apache2 -k start ├─13628 /usr/sbin/apache2 -k start ├─13629 /usr/sbin/apache2 -k start └─13630 /usr/sbin/apache2 -k start
- Install bind
$ sudo apt install bind9 # Set listening IP $ sudo vim /etc/bind/named.conf.options listen-on { any; }; # Add zone $ sudo vim /etc/bind/named.conf.local zone "example.eu" IN { type master; // type 'slave' for secondary server file "/etc/bind/example.eu.zone"; allow-transfer { 10.0.0.2; }; // Enter you secondary server IP // masters { 10.0.0.1; }; // Use this line instead of 'allow-transfer' for secondary server, and replace the IP with your master server }; # Edit zone $ sudo vim /etc/bind/example.eu.zone $TTL 86400 @ IN SOA example.eu. example.example.eu. ( 2018082700 ; Serial 3600 ; Refresh 900 ; Retry 604800 ; Expire 86400 ; Negative TTL ) @ IN NS ns1 @ IN NS ns2 IN MX 1 mx IN A 10.0.0.2 ns1 IN A 10.0.0.2 ns2 IN A 10.0.0.3 mx IN A 10.0.0.2 # Check configuration and zone $ sudo named-checkconf $ sudo named-checkzone example.eu /etc/bind/example.eu.zone zone example.eu/IN: loaded serial 2018082700 OK # Add bind firewall exception $ ufw allow Bind9 # List loaded zones $ sudo rndc dumpdb -zones $ cat /var/cache/bind/named_dump.db
- Custom port for apache
#ufw sudo ufw allow from any to any port 88 #apache sudo vim /etc/apache2/ports.conf #add line Listen 88 #Change port on virtual host <VirtualHost *:88>