The CitizenWeb Guides

8/14/2019 The CitizenWeb Guides

1/140

The CitizenWeb Guides

- Getting Started with Linux

- Setting Up Your Personal Server

and more

Version 1.0

January 201


2/140

The CitizenWeb Guides

Table of Contents

1.1. What is Free Software, and Why Do I Give A Damn? The Case for a!in" The Swit#h..............$1.%. What&s Wron" With Goo"'e? Se#(rity, Safety and )i"hts on the Internet......................................*

1.$. A anifesto for a De#entra'i+ed We...............................................................................................1-%.1. Choosin" a Distri(tion....................................................................................................................1$%.%. Insta''in" (nt(...............................................................................................................................%%%.$. Gettin" sed to (nt(....................................................................................................................$1%./. Se#(rin" We, 0mai' and Chat A'i#ations..................................................................................../1%.2. A3304DI56 3o('ar A'i#ations...................................................................................................2*$.1. Why a 3ersona' Server?....................................................................................................................7/$.%. 8efore 9o( 8e"in6 :tions, Confi"(ration and ;ardware...............................................................7hange will not o%%ur unless it is demanded and "ought "or()reedoms %annot &e won without a path to &e "orged(

!nd we -3CT...

the 'rowin' ne(essity to re)y on un(ontro))ab)e, una((ountab)e andunse(urab)e *)atfor" seri(es.!here must always &e an #o""# swit%h( !here mustalways &e an #opt out(# !here must always &e an option to se%ure your data "romanyone( !his %an only &e granted via a&solute en%ryption or the de%entrali7ation o"these plat"orm servi%es(

the defau)t (u)ture of (o"*)ete and un(ontro))ed e2*osure that e2ists on theInternet.*hether en"or%ed &y government will or %orporate greed$ the notion o"having to #opt in# to priva%y must &e vigorously opposed( 4n order to "ightgovernment monitoring and %apitalist pro"iteering on our sensitive data$ the 4nternetmust &e more de%entrali7ed and the monopoly o" data %ontrol must &e &ro'en(

'oern"enta) and (or*orate (ontro) oer (o""uni(ation.s stated &e"ore$governments and %orporations %annot &e trusted to a%t as humanity/s intermediaries(ny method &y whi%h a government %an extra6udi%ially monitor %ommuni%ationsmust &e resisted( ny method &y whi%h a %orporation %an ena%t a #paywall# to'nowledge and exploit %lass divisions in so%iety must &e resisted(

(entra)ized (o""uni(ation *)atfor"s of (ontro) and oersi'ht.ny plat"orm thatallows our %ommuni%ations to &e easily inter%epted is$ at the end o" the day$ anenemy to truly "ree expression(

software and too)s that are 4()osed sour(e,4 not ha(&ab)e or not o*en for *ub)i(ins*e(tion.*hether its intended to aid %apitalist %ompetition or to serve as aweapon against others$ %losed sour%e so"tware is not a%%epta&le on an open 4nternet(

the ta&in' adanta'e of a users te(hni(a) i'noran(e for *ersona) 'ain. !he la%'o" edu%ation regarding se%ure %ommuni%ations and en%ryption "or the %ommon usermust &e re%ti"ied i" we are to see any su&stantial %hange( Proli"eration o" easy tools to

ensure se%ureEprivate %ommuni%ation must &e given the highest priority(

11


12/140

1.+. A #anifesto for a De&entra)ized Web

Therefore, we -S5V...

to for(e 'oern"ents and (or*orations around the wor)d to hear our oi(e.*ere"use to play &y your rules( *e re"use to live in your walled gardens( *e re"use togive our personal lives over to you "or your pro"it( *e will %reate the 4nternet that wewant$ and will %ommuni%ate how we li'e(

to wor& with one another to bui)d the ne2t 'eneration of the Internet.!hete%hni%al o&sta%les to de%entrali7ation remain high( !hrough the development$edu%ation and testing o" new so"tware and te%hnologies$ we %an &ring ourselves overthis road&lo%' and help %reate a &etter world(

to resist, in whateer "anner we are (a*ab)e, the (entra)ization of theInternet, and the bu)&, indis(ri"inate "onitorin' it is a((o"*anied by.*hetherthis &e through the general en%ryption o" our data whenever possi&le$ the "or%ed

removal o" our a%%ounts "rom the large plat"orm servi%es$ or a mixture o" the two$ wewill do our &est to stand in the way(

1%


13/140

1.+. A #anifesto for a De&entra)ized Web

The CitizenWeb Guides 6 Gettin' Started with 1inu2

+.1. Choosin' a Distribution

2.1.1 - What do I need?

>hoosing a Linux distri&ution may seem li'e a daunting tas'( 4n "a%t$ there are hundreds o"distri&utions out thereK do7ens o" them worthy %ontenders "or most %omputers( :oweverthe a&ility to %hoose &etween them has improved remar'a&ly in re%ent years(

s' any Linux user #*hat distro should 4 use@# and the answer will most li'ely &e #go withwhat you need(#


14/140

'.1. Choosin% a Distribution

2.1.2 - The Distros

!his is &y no means an exhaustive list o" Linux distrosK only a list highlighting the

most popular %hoi%es( )or a more detailed list and %omparison$ visit istrowat%h(

!he distros here are listed &y their general ease-o"-use and ease o" installK U&untu &eing theeasiest and r%h the most di""i%ult( !he inverse is true "or the amount o" say you have inpa%'ages installed &y de"ault3 r%h is most %ustomi7a&le in this regard$ while U&untu is themost restri%ted(

Ubuntu

1/
http://distrowatch.com/http://distrowatch.com/


15/140


Website3 http3EEu&untu(org

8a(&a'e "ana'e"ent syste"3 aptitude Aapt-getB

D Versions3 G+


16/140


Linux Mint

Website3 http3EElinuxmint(%om

8a(&a'e "ana'e"ent syste"3 aptitude Aapt-getB

D Versions3 >innamon Ade"aultB$ !


17/140


Ades'topB environment( +ther than that$ &oth U&untu and int are &ased o"" o" e&ian$ma'ing them %losely related systems in terms o" maintenan%e and pre"erred so"twaresuites( int also in%ludes its own suites o" so"tware to manage spe%i"i% "un%tions$ whi%hadds to this distri&ution/s ease-o"-use(

Fedora

Website3 http3EE"edorapro6e%t(org 8a(&a'e "ana'e"ent syste"3 yum

D Versions3 G+< Ade"aultB$ s "eaturing many popular des'top environments

1*


18/140


Cons :fro" Distrowat(h;3 )edora/s priorities tend to lean towards enterprise"eatures$ rather than des'top usa&ilityK some &leeding edge "eatures$ su%h as earlyswit%h to < and G+< $ o%%asionally alienate some des'top users

)edora is the %ommunity-run step%hild o" one o" the oldest and most well-'nown Linuxdistri&utions$ 9ed :at Linux( ow that 9ed :at is only availa&le "or enterprise appli%ations$)edora is the distri&ution that is &eing o""ered to general end users( )edora is di""erent "rom&oth U&untu and Linux int in that it is not &ased o"" o" e&ianK there"ore it uses a di""erentpa%'age management system as well as its own suite o" appli%ations and servi%es( )edora is%onsidered to &e a sta&le and mature distri&ution$ perhaps not with the same ease-o"-usethat U&untu provides$ &ut is not "ar &ehind( 4t is a de%ent %hoi%e "or intermediate %omputerusers$ as well as &eginners to Linux loo'ing "or more o" a %hallenge(

Arch Linux

1


19/140


Website3 http3EEar%hlinux(org

8a(&a'e "ana'e"ent syste"3 pa%man

D Versions3 ny Ainstalled %ustomB

8ros :fro" Distrowat(h;3
http://archlinux.org/http://archlinux.org/


20/140

'.'. Insta))in% buntu

+.+. Insta))in' hoose the #)or the latest "eatures# option$ then pi%' the %orre%t

ar%hite%ture in the #>hoose your "lavour# &ox( !hen %li%' the Get &utton( You may &epresented with a s%reen to soli%it donations3 ma'e one i" you/d li'e$ +9 s%roll to the &ottomand %hoose #o than's(# !he "ile will download automati%ally(

+n%e the download is %omplete$ you/ll need to load a &lan' dis% into your %omputer( !henext steps depend on the operating system you are using(

Windows =3

ou&le-%li%' the 4S+ "ile you downloaded to open the #*indows is% 4mage

5urner(#

>li%' #5urn(#

Windows >8 :or o)der;3

ownload img5urn "rom http3EEwww(img&urn(%omE(

+pen img5urn and %hoose #*rite image "ile to dis%#

Sele%t the 4S+ you downloaded and %li%' #5urn(#

%a( 5S >3

+pen the #is% Utility# appli%ation in ppli%ations D Utilities(

rag the 4S+ "ile you downloaded to the le"t-hand side&ar( Sele%t this "ile and %li%'#5urn(#

%-
http://ubuntu.com/http://www.imgburn.com/http://ubuntu.com/http://www.imgburn.com/


21/140


2.2.2 - re!are "our Co#!uter and $iles

+n%e you/ve &urned U&untu to dis%$ you will need to prepare your %omputer "or yourU&untu install( !his will depend on your desired setup3

ost users will want to +LY use U&untu as their sole operating system( )or this$ noextra prep is re.uired(

)or those who wish to Aor need toB use *indows as well$ have a %omputer newenough$ they %an opt "or a "ull install o" U&untu and then to use a =irtual a%hine torun the programs they need "or *indows( o extra prep is re.uired "or this stepeither( AGeep in mind that you must have a valid *indows install dis% to %hoose thisoption(B

)or those who wish to Aor need toB use *indows as well$ &ut don/t have a "airly-new%omputer with a multi-%ore pro%essor$ they %an opt "or a multi-partition setup( !his%onsists o" a sole %omputer with two operating systems installed on it$ and the +S touse %an &e %hosen at &oot( So i" you have &oth U&untu and *indows installed$ andyou want to swit%h to the other operating system "or awhile$ you %an simply re&ootyour %omputer and swit%h at the &oots%reen( 4" you wish to use this option$ 'eep aneye out "or the #dual-&oot setup# option in the 4nstallation se%tion( AGeep in mind that

you must have a valid *indows install dis% to %hoose this option(B

o matter what you have %hosen a&ove$ you will need to erase your entire hard driveAunless your hard drive presently has enough unpartitioned "ree spa%e on it$ whi%h isdou&t"ulB( 5e"ore you do this$ ma'e sure to &a%' up all o" your "iles to external US5 drives ordis's( eep them sa"e until you %an o""load your data onto your %omputer again(

2.2.% - Installing Ubuntu

Load your U&untu install dis% into your %omputer and re&oot( !he %omputer should &oot"rom dis% automati%ally( 4" it doesn/t$ visit your %omputer manu"a%turer/s we&site and loo'through the support se%tion "or how to &oot "rom dis%(

%1


22/140


+n &oot$ U&untu will load an inter"a%e "rom >$ then present you with this lovely s%reen3

4" you/d li'e to try the inter"a%e out a &it &e"ore you &egin$ "eel "ree to %li%' #!ry U&untu(#You will &e a&le to go to the installer via a lin' on the des'top( *hen you are ready to install$%li%' #4nstall U&untu(#

on/t &e a"raid i" U&untu seems really sluggish here &e"ore you install it - a"ter all$ it/s

running "rom your > drive whi%h is many times slower than your a%tual hard drivewill run8

>he%' #ownload updates while installing# then %li%' >ontinue(

%%


23/140


4" you wish to use U&untu as your sole operating system$ %hoose #ontinue( !he next window will provide you with anopportunity to %hoose your se%urity 'ey( 4t/s re%ommended that you %hoose to #overwriteempty dis' spa%e$# espe%ially i" this is not a new %omputer(

*hile U&untu installs$ the next s%reens will give you the option to %hoose a variety o"options$ in%luding your time7one$ pre"erred 'ey&oard layout$ and %redentials( +n%e that/sdone$ sit &a%' and en6oy the wait(

%$


24/140


+n%e U&untu re&oots itsel"$ you will &e put at your login prompt$ then the des'top( Youmade it8

2.2.& - Getting Used to Ubuntu

U&untu is one o" the easiest Linux distri&utions to use( 4t/s per"e%t "or users loo'ing to set uptheir %omputer with minimal twea'ing and %on"iguration(

U&untu/s primary inter"a%e is %alled #Unity(# You/ll see that the des'top has a &ar on theupper edge o" the s%reen$ whi%h is where your noti"i%ations and your menu &ar "orappli%ations will pop up Aa% +S ,-styleB( long the le"t-hand side o" your s%reen you will seethe o%'( !his has i%ons o" "re.uently used appli%ations that %an easily &e laun%hed "rom

%/


25/140


here Aagain$ li'e a% +S ,/s o%'B( You %an add or remove programs to the do%' &y simply%li%'ing and dragging them to or "rom the do%'(

Unity/s Aargua&lyB &est "eature is the Sear%h pane Asimilar to a% +S ,/s /Spotlight/ - do yousee a pattern here@ 3B B( !his is the top magni"ying glass-shaped i%on on the do%'( >li%' hereand you %an &rowse your appli%ations and your "iles depending on their type( 4t/s "airlyintuitive and shouldn/t ta'e too long to "igure out( !here is also a sear%h &ox at the topwhere you %an enter part o" a "ilename or appli%ation name$ and it will &ring that o&6e%t up"or you to load(

4n the Sear%h &ox$ type #term# and %li%' the !erminal i%on that %omes up( !his is yourstandard Linux %ommand line terminal( *e will &e using this o"ten "or %on"iguring the %lientand setting up so"tware( !he good thing a&out U&untu is that there are graphi%alalternatives "or esta&lishing almost any setting - however it/s &etter to wor' "rom the

%ommand line when one is learning$ to &etter gain a grasp o" what exa%tly is going on&eneath the appli%ations you are %on"iguring( 4n this guide$ graphi%al alternatives will &ementioned when they are availa&le$ &ut we will always &e wor'ing "rom this terminal(

+n the do%'$ you will noti%e a pi%ture o" a gear and wren%h( !his i%on opens the SystemPre"eren%es s%reen$ whi%h will allow you to %ustomi7e your system to your heart/s %ontent(4"$ "or example$ your mouse seems a &it "aster here than it did in *indows@ Go to the ousese%tion and you will &e a&le to ad6ust it to meet your needs( )eel "ree to play around withthis &e"ore we get into the nitty gritty o" setting up your system(

2.2.' - Dual Boot artitioning ()!tional*

4" you need to 'eep a *indows installation on your hard dis' Aand are una&le to use a=irtual a%hineB$ you %an %hoose to set up a %ustom partition ta&le during the U&untuinstaller(

ote that you %annot use a %ustom partition ta&le use "ull-dis' en%ryption in the

U&untu installer at present(

)irst$ delete all existing partitions Aanything with a num&er a"ter the #EdevEsd@# &itB &ysele%ting them and %li%'ing the #-# &utton( !hen$ to %reate a new partition$ %li%' the #N#&utton( You will &e a&le to de"ine the partition/s si7e in mega&ytes A1$02 5 O 1 G5B$ as well

%2


26/140


as sele%t its "ilesystem type and mount point( )or the main partition$ set it to the si7e youwish and set the mount point at #E#( Linux partitions should &e set to use the ext "ilesystem(

)or the *indows partition$ 6ust leave some #"ree spa%e# that mat%hes the si7e o" the*indows partition you wish to ma'e( *hen you load your *indows dis% installer$ you will%reate a partition in this "ree spa%e and %hoose to install *indows here(

eep in mind that *indows re.uires a lot more spa%e to operate than Linux does()or *indows you should loo' to set aside Aat a &are minimumB 0G5 o" spa%e "or theoperating system and some appli%ation suites(

%7


27/140


28/140

'.+. Gettin% sed to buntu

long the le"t side o" the s%reen$ you see U&untu/s version o" the *indows Start &ar or thea% +S , o%'( !his do%' shows you your "re.uently used appli%ations( You %an pullappli%ations to this o%' "or .ui%' re"eren%e$ or remove them simply &y pulling them o"" theo%'(

!he "irst &utton on the o%' Awith the U&untu logoB &rings up the Sear%h pane( !his is these%ond most %onvenient way to laun%h appli%ations in U&untu( !he Sear%h pane is your%enter "or "inding programs and "iles on your hard drive( You %an type the "irst "ew letters o"the appli%ation you are loo'ing "or$ and it will %ome up at the top o" your sear%h( You %analso type the name or other details a&out a do%umentE"ile you are loo'ing "or on your harddrive$ and the Sear%h pane will loo' "or it "or you( t the &ottom o" the pane$ you %an seesome &uttons to "ilter your sear%hes( You %an %hoose to sear%h only "or appli%ations$do%uments$ musi%$ photos$ or video( !he Sear%h pane also allows you to sear%h "or produ%ts"or sale on ma7on(%om Athough this %an &e turned o"" in System Pre"eren%es D Priva%yB(

!he se%ond &utton in "orm o" a "ile "older is your )ile entre is identi"ied &y the pi%ture o" the shopping

&ag in the o%'( :ere you %an "ind apps in a wide variety o" %ategories$ "ree or paid( ost o"them are a%tually "ree( You %an manage so"tware you/ve installed$ uninstall old pa%'ages$ ormanage system updates "rom the So"tware >entre(

%


29/140


ext is the U&untu +ne logo( U&untu +ne is a %loud solution provided &y >anoni%alAU&untu/s parent %ompanyB( 4t is similar to Google rive( You %an sign up "or a "ree a%%ountto store your musi%$ photos and do%uments online$ then a%%ess them "rom anywhere in theworld on a variety o" di""erent plat"orms( !here are also paid options that unlo%' someadditional "un%tionality(

Last on the o%' list "or now is the System Pre"eren%es pane( !his is indi%ated &y the pi%ture

o" the gear-and-wren%h in the o%'( :ere you %an %ustomi7e some o" your system/s mostimportant "eatures$ li'e language$ dateEtime$ priva%y settings$ networ' pre"eren%es$ andmore(

%>


30/140


+ther appli%ations you will "ind o" interest$ &ut that may not &e in the do%'3

-hyth"bo2- !his is U&untu/s de"ault musi% player( Similar to i!unes$ it plays yourmusi% and manages your li&rary with a %lean and intuitive inter"a%e(

Thunderbird- !his is o7illa/s mail %lient$ mu%h li'e a% +S , ail$ or i%roso"t+utloo'(

Te2t ditor- )an%y a .ui%' note@ Use this appli%ation$ analogous to otepad on*indows or !extentre$ and see what neat appli%ationsyou %an "ind8 +r go to %hapter 2( in the Guide to get a list o" more appli%ations that may &ehelp"ul(

2.%.& + Brie/ Introduction to the Ter#inal

!he &ane o" every new Linux user is the !erminal( :owever it is mostly mu%h ado a&outnothing( *ith U&untu$ you %an use Linux on a day-to-day &asis without even needing totou%h the terminal( nd its "un%tion is surprisingly simple when it %omes down to

a%%omplishing &asi% tas's(

$-


31/140


*hen you laun%h the !erminal$ you &egin in your :ome dire%tory( You %an tell this &y thetilde ARB in the %ommand prompt( Your lo%ation in the hard drive will always &e given in thisspa%e(

!o list the %ontents o" the dire%tory you are %urrently in$ type MlsM and press


32/140


33/140


!o explain this$ let/s ta'e a loo' at a &asi% %ommand %alled tar( !9 is used to %reatear%hives o" "iles or "olders$ mu%h li'e the T4P "ile "ormat on *indows( !o %reate a standard7ipped-up !9 ar%hive o" a "ile$ we run the "ollowing %ommand3

tar -cvzf archivename.tar.gz filename.ext

!his %reates an ar%hive named #ar%hivename(tar(g7# that %ontains the "ile #"ilename(ext#( 5utwhat a&out those letters "ollowing the MtarM %ommand@ !hose are the "lags( 4n Linux$ "lagsare denoted with the #-# that %omes &e"ore them$ and usually %ome right a"ter the initial%ommand in the string( 4" you want to use more than one "lag$ you %an sta%' them$ li'e 4 dida&ove$ with 6ust one #-#(

Let me explain what ea%h o" those "lags does "or this spe%i"i% tar%ommand3

(means to A%Breate the ar%hive( You %an also use !9 to extra%t "rom existingar%hives$ so that is why you must spe%i"y that you wish to A%Breate one(

means to output AvBer&osely( 4n plain


34/140


#ew r%hive$# %li%' it$ type in a name$ type in a pla%e "or the ar%hive to &e$ mouse over the%he%'&oxes "or options$ %li%' and drag your "olders$ et% et% et%( 5ut with the !erminal$ a"terlearning how the %ommand wor's the "irst time$ you %an simply run a .ui%' %ommand "rommemory to do exa%tly what you want( You %an even %reate s%ripts A%alled #&ash s%ripts#B toautomate tas's using the !erminal/s language( *e will %over this in a "uture guide( 5ut "ornow$ pat yoursel" on the &a%'$ &e%ause you/ve %on.uered your "ear o" the !erminal8

$/


35/140

'.-. Se&urin% Web, ai) and Chat A//)i&ations

+.?. Se(urin' Web, "ai) and Chat !**)i(ations

2.&.1 - 0ecure "our Web Browsing

Encrypt Your Connections with L!TL

!he "irst step to ta'e in assuring your we& &rowser/s se%urity is to ma'e sure every%onne%tion possi&le is made over SSL( SSL should &e "amiliar to you &y now -- every timeyou log into your &an' a%%ount$ "or example$ you should see a little #https# in your address&ar with a little green %he%'-mar' or a lo%' sym&ol( !his means that your personal%onne%tion data is &eing en%rypted &etween you and the server you are %ommuni%atingwith( Your username$ your password and other "orm data on the &an'/s we&site %annot &e#snooped# on &y anyone else on your networ'(

ost sites that re.uire logons will have SSL %apa&ility( !he pro&lem is that SSL is o"ten note.uipped &y de"ault on sites that don/t handle "inan%ial in"ormation( !his means that sitesli'e )a%e&oo' might still &e handling your %onne%tions over regular unen%rypted :!!P &yde"ault(

!o %hange that$ there are &rowser plugins that you %an use to en"or%e SSL &y de"ault "or anysite that has it ena&led( !he


36/140


!o install 5 SSL


37/140


!o install Ghostery in )ire"ox or >hrome$ go to the &rowser/s dd-ons se%tion and sear%h "orGhostery( +n%e it is installed$ it will as' you what sites to &lo%'( y advi%e is to %hoose#Sele%t ll# to &lo%' tra%'ers &y de"ault( !hen$ later on$ i" you "ind one you need to use$ you

%an go &a%' into your dd-on settings and un%he%' the &ox next to that tra%'er/s name(

*ith Ghostery you %an also pause all tra%'ing easily( 4" you "ind a we&site doesn/t .uite wor'properly without its tra%'ers$ %li%' the Ghostery &utton in your &rowser window$ than %li%'the #Pause# &utton( !hen re"resh the page and try the "un%tionality again( Just don/t "orget topress #play# again when you are done8

$*


38/140


Encrypt Your "rowsing with Tor

!here is another option$ perhaps the most advan%ed one yet when it %omes to %ompletelyanonymous 4nternet sur"ing( !hat option is !or( +riginally developed &y the US Government$!or is a type o" #onion router# that routes your internet tra""i% through a %ompli%atedlayered system( !here is mu%h to say a&out !or and a lot o" explaining &ehind how it wor's(4" you are interested in it$ you %an visit the !or Pro6e%t on its we&site(

4" you would li'e to use !or "or anonymous &rowsing$ it/s easy to do so( :owever we will not&e installing !or using the U&untu pa%'age repository$ li'e has &een done in the past( Sin%e!or updates are %onsidered very important "or sta&ility and se%urity reasons$ we want toma'e sure that we are getting them on time( )or this$ we will pat%h !or/s %ustom updateserver into our U&untu installation( !hat way$ whenever we run sudo apt-get updateand sudo apt-get upgrade$ !or will update itsel" whenever a new version is availa&le(

)irst$ run cat /etc/debian_versionto %he%' your U&untu/s version %odename( 4" youare using 12(0$ the %odename is #pre%ise(# ext$ open up /etc/apt/sources.listandadd the "ollowing line$ with your version %odename in the appropriate pla%e3

deb http://deb.torproject.org/torproject.org $codename main

ext$ add the !or pro6e%t/s GPG 'ey$ used to sign its pa%'ages and veri"y their authenti%ity3

gpg --keyserver keys.gnupg.net --recv !"""#

gpg --export %&'()(#*#&++&",(+&,!"""# 0 sudoapt-key add -

!hen the "inal "ew %ommands3

sudo apt-get update

sudo apt-get install deb.torproject.org-keyring

sudo apt-get install tor

)rom this point on$ !or is installed and running on your system( 5ut &e"ore you %an use it$you must %on"igure your &rowser to use it( You %an do this manually o" %ourse$ &ut we willuse the most %onvenient and automati% method -- via a &rowser plugin( ownload the !or5rowser 5undle "ound here( a'e sure you download the Linux version$ and the

$


39/140


ar%hite%ture that %orresponds to your %omputer( 4" you don/t 'now your ar%hite%ture$ rununame -m( 4" you get #x?Q?# as a response$ you have a -&it systemK i" you get #i?# or#i?# as a response$ you are using a 2-&it system(

"ter downloading the pa%'age$ run the "ollowing to extra%t it and install3

tar -xvzf tor-bro1ser-gnu-linux-2.tar.gz

cd tor-bro1ser_2

./start-tor-bro1ser

!his will start a spe%ially-pat%hed version o" )ire"ox that has !or ena&led( You %an %reate ashort%ut to the start-tor-bro1sers%ript on your des'top or in the side&ar$ and you will&e a&le to laun%h your !or &rowser whenever you want( You will need to reinstall your dd-ons in this !or &rowser$ and you will not &e a&le to use your old &rowser A>hrome or

)ire"oxB i" you want to have the prote%tion o" !or( :owever the !or &rowser is &ased on)ire"ox$ so any plugins that wor' "or )ire"ox should also wor' "or the !or &rowser(

5e"ore you start using !or$ there are some things you should &e aware o" &e"ore you startsur"ing8 a'e sure you %he%' out the listand are aware o" what they might mean "or you(

2.&.2 - 0ecure "our ,#ail

Encrypt Your Connections $ith L!TL

Just as it is important to use we&sites that ena&le SSL$ you will want to do the same withyour email %onne%tion( 4" you always use your email in a &rowser$ li'e Yahoo ail or Gmail$you don/t need to worry a&out this( 5ut i" you use a third-party %lient li'e !hunder&ird$ thereare settings you should ma'e sure are set(

4n !hunder&ird$ %li%'


40/140


Encrypt Your Messages with %&%

PGP is the standard "or email en%ryption nowadays( 4t allows you to seamlessly en%rypt mailmessages to people and have them 6ust as easily de%rypt them upon re%eipt( You might senda "ull message to someone$ and i" anyone that might %ome a%ross your message happens toopen it without your 'ey$ this is all they will see3

-----,345 636 7883-----

&harset: 489-#-

ersion: 3nu63 v+.).# ;35

h?7y=sa=y)u?f#3+ng@ijfAm7y4n5!iauBa6!4C4rz9tCA@DiE"coeAD1h'zgt9!ll


41/140


>li%' ext$ then %hoose the email a%%ounts you want to use en%ryption with( A9emem&erthat you will have the %hoi%e whether or not to en%rypt ea%h message$ so you don/t have toworry a&out ma'ing everyone you 'now get PGP 'eys i" you don/t want to en%rypt youremails to them8B

>li%' ext again$ and "ollow the rest o" the wi7ard( 4t explains well the steps and options youneed to %hoose$ and it also helps you automati%ally generate a PGP 'ey(

/1


42/140


ow$ on%e this is %omplete$ you have the option o" su&mitting your pu&li% 'ey to a'eyserver( 'eyserver is li'e a sear%h engine "or people/s pu&li% 'eys -- i" you have someoneyou wish to %ommuni%ate with$ you %an import their 'ey "rom a pu&li% 'eyserver withoutthem needing to give you their 'ey dire%tly( !his does not redu%e the se%urity o" your 'eys$as the message %an only &e de%rypted &y the spe%i"i% re%ipient anyway( You are not re.uiredto upload your pu&li% 'ey to a 'eyserverK i" you %hoose not to$ you will need to 'eep yourmessages signed with your PGP signature Awhi%h


43/140


2.&.% - 0ecure "our Chat !!lications

Encrypt %idgin Chats with 'TR

4" mail is a &it too slow "or your taste and you pre"er 4nstant essaging A4B$ there is asolution "or you( !he %hat appli%ation Pidgin$ a mainstay o" Linux %ommuni%ation suites$ hasa plugin named #+!9# A+"" !he 9e%ordB that %an &e used to en%rypt your %hat %onversations(4t operates in a similar way to PGP$ in that you must "irst ex%hange pu&li% 'eys with your%onversation partner( 4" you don/t already use Pidgin$ it is availa&le "or install in the U&unturepositories(

!o install the +!9 plugin$ head to the >ypherpun's siteand download the tar&all "or the+!9 Li&rary and !ool'it$ as well as the one "or #+!9 Plugin "or Pidgin(# !hen run the

"ollowing3tar xzf libotr-2.tar.gz

cd libotr-2

./configure --prefixK/usr

make

sudo make install

tar xzf pidgin-otr-2.tar.gz

cd pidgin-otr-2

./configure --prefixK/usr

make

sudo make install

!his will install &oth the re.uired li&raries "or +!9 as well as the plugin spe%i"i% to Pidgin(

!o %on"igure the plugin$ open Pidgin and %li%' !ools D Plugins( >he%' the &ox next to #+""!he 9e%ord essaging(# !hen$ %li%' the entry "or #+"" !he 9e%ord essaging# and %hoose>on"igure Plugin(

/$
http://www.cypherpunks.ca/otr/index.php#downloadshttp://www.cypherpunks.ca/otr/index.php#downloads


44/140


:ere you %an %hoose a set o" options &ased on how you want the plugin to &ehave( lso$ you%an %hoose to generate a 'ey "or a spe%i"i% a%%ount( +n%e you &egin a %onversation with a"riend who also has +!9 ena&led$ you will see a noti"i%ation display that you %an &egin a%onversation with that person( >li%' #ot Private# and %hoose #Start Private >onversation# toena&le en%ryption with the a%tive %onversation partner( nd you/re o""8 +!9 is notoriouslyeasy to set up and use(

//


45/140


2.&.& - $urther eading

:ow !o3 Prote%t Your Priva%y with Ghostery - >hip(eu

!or do%umentation "or Linux


46/140

'.0. A2DI34 o/u)ar A//)i&ations

+.@. !88ADI>B 8o*u)ar !**)i(ations

!he "ollowing is a non-exhaustive list o" "re.uently used appli%ations and "ile "ormats that may ma'eyour swit%h to Linux easier( !here will &e multiple %hoi%es "or some types o" appli%ations( +nU&untu$ most o" these appli%ations %an &e "ound in the U&untu So"tware >entre$ or &y running sudoapt-get install $appnamein the !erminal(

2.'.1 + !!lications 3edia

!he de"ault musi% player that %omes with U&untu is -hyth"bo2( 9hythm&ox is a de%entmusi% player with many "eatures similar to i!unes( 4t has an easy-to-use li&rary view$ withintegrated pod%ast$ Last("m and musi% store integration( 4t also "eatures a plugins systemthat %an extend its use &eyond simple musi% play&a%'(

/7


47/140


/ansheeis also a good option$ and it is even QmoreQ li'e i!unes "or those who are used toits inter"a%e( )or those who use


48/140


!he old stand&y "or playing video on Linux is VC$ mu%h li'e it is on other plat"orms( 4t %anplay a very wide variety o" di""erent video "ormats$ supports su&titles and multiple audiotra%'s$ and is also extensi&le &y plugin( 4t/s also very "ast8

U&untu %omes with a standard image viewer %alled I"a'e Viewer( !his is analogous to*indows/ 4mage Preview$ &ringing de%ent .uality image viewing to the G+< des'top( )orother des'top environments or distri&utions$ Viewnioris a very "ast and lightweightrepla%ement "or 4mage =iewer and is highly re%ommended(

eeping photo li&raries on Linux is easy with Shotwe))( Shotwell is essentially a Linux %loneo" the popular iPhoto "or a% +S ,( You %an import images "rom your hard drive or dire%tly"rom your digital %amera( r%hive your photos &y date$ &y event or &y tag(

)or editing graphi%s$ the most %ommon open sour%e solution is !he GI%8( *hile not .uiteas "ast or as usa&le as Photoshop$ !he G4P is still very power"ul and a%tively developed$&ringing intensive image manipulation %apa&ility to Linux(

/


49/140


4" you wor' with ve%tor images or graphi% design on a regular &asis$ %he%' outIn&s(a*e$whi%h has many o" the same "eatures as do&e/s 4llustrator(

!he most-used option "or audio editing on Linux is !uda(ious( uda%ious is also widelyused on other plat"orms li'e *indows( 4t is easy enough to use "or &eginners to audioediting or pod%asting$ &ut "lexi&le enough "or experien%ed pro"essionals(

)or we&%ams$ Cheeseis a good option "or G+


50/140


2.'.2 + !!lications Utilities

U&untu/s de"ault text editor is 'edit( Gedit is a "ine standalone text editor "or in"re.uentuse( nother very "ast and lightweight option is )eaf*ad( )or more text editors that might &eo" &etter use while programming$ %he%' out the Produ%tivity se%tion(

U&untu %omes with a standard ar%hive manager %alled Await "or itB !r(hie %ana'er( )romhere$ you %an easily %reate or modi"y your ar%hives o" many di""erent types(

TrueCry*tis very o"ten used &y those who wor' with sensitive "iles$ or simply wish toen%ryptEpassword-prote%t some "olders on their system(

+ther utilities o" use in%lude the Ter"ina)"or running %ommands$ or ina're"or =>%onne%tions to other %omputers(

2.'.% + !!lications 4etwor5ing

U&untu %omes installed &y de"ault with Firefo2$ the %ommon %ross-plat"orm &rowser thatAnearlyB everyone loves( 4" you don/t love )ire"ox$ you %an install Chro"iu"$ whi%h is theLinux version o" Google >hrome( !here is also 5*eraor other &rowsers availa&le "or Linux(

)or email$ the main %hoi%e is Thunderbird$ whi%h is also installed &y de"ault in U&untu( 4t isanalogous to ail in a% +S ,$ or to i%roso"t +utloo' "or *indows( o)utionis therunner-up in the ail %ategory$ whi%h is in%luded &y de"ault in the G+< des'top( %ai)isa de%ent option "or < users(

2-


51/140


)or instant messaging$ 8id'inis %ommonly used( You %an use Pidgin with 4$ 4>H$SES'ype$ Google !al'$ ,PP$ )a%e&oo'$ 49> and many many other proto%ols( 4t is easy touse$ and supports a wide variety o" plugins to extend and personali7e its use( "*athyisthe %lient that %omes &uilt-in with U&untu$ and it supports a great deal o" proto%ols as well(+ther %hoi%es in%lude irssi"or a %ommand-line 49> %lient$ or uasse)"or a "ull-"eatureddeluxe GU4 49> %lient(

4" you are a "re.uent mi%ro&logger "rom your des'top$ wibber%omes &uilt in with U&untu$and supports posting to !witter and 4denti%a( +ther than that$ 8o))yis a "antasti% standalone!witter %lient "or the G+


52/140


2.'.& + !!lications roducti6it7

!he 'ing o" open sour%e produ%tivity so"tware on Linux is presently the ibre5ffi(esuite(Li&re+""i%e in%ludes a word pro%essor$ spreadsheet editor$ presentation %reator$ math"ormula %reator$ and simple graphi% design program( n alternative to Li&re+""i%e is the5*en5ffi(esuite$ the an%estor pro6e%t to Li&re+""i%e(

U&untu %omes with a &uilt-in P) reader %alled Do(u"ent Viewer( 4t %an view and editP)s as well as other do%ument "ormats li'e PostS%ript( Lighter options "or P) readersin%lude Eathuraor %u8DF(

)or programming text editors$ Geanyis a good option( +ther options in%lude S(iT$/)uefishor S(ribes( 4" you are loo'ing "or a more "ull-"eatured 4


53/140


The CitizenWeb Guides 6 Four 8ersona) Serer

.1. Why a 8ersona) Serer#

!he short answer is3 /e(ause you dont hae to sa(rifi(e features, fun(tiona)ity or(o"fort ust be(ause you are (on(erned with se(urity and *ria(y.

%.1.1 - The ros

any people loo' to Google$ )a%e&oo' and other large plat"orm servi%es "or the ex%eptional

%onvenien%e they o""er( *ith all o" the servi%es availa&le to us online these days$ it/s easy tosee how they %an improve our lives and ma'e us live or wor' &etter( :owever there aresigni"i%ant ris's to using these servi%esK ris's that are only deepening and &e%oming moreserious with time( *hat most people do not reali7e is that$ on%e the initial investment o"&uying or hosting your personal server is passed$ sel"-hosting data is very easy and re.uireslittle to no sa%ri"i%e o" "un%tionality(

re you addi%ted to Google >alendar and %an/t live without it syn%ing a%ross your %omputersand devi%es@ >he%' out own>loud$ whi%h lets you do the exa%t same things$ &ut gives youthe %ontrol over your data that Google %an no longer provide you with( re you lost without

your Gmail a%%ount@ You %an host your own email and have all o" Gmail/s "eatures in the%lient o" your %hoi%e( Plus$ you %an still syn% your mail and %onta%ts e""ortlessly a%ross yourdevi%es(

You %an have your own #personal %loud$# a %ustomi7a&le plat"orm servi%e that meets yourneeds$ without selling your personal in"ormation to mar'eting agen%ies or over7ealousgovernments( You %an do it &y hosting your very own 4nternet-%onne%ted server(

!he most su&stantial #pro# to hosting your own data with a personal server is the priva%y

"a%tor( s mentioned repeatedly in this guide$ data given to plat"orm servi%es li'e Google or)a%e&oo' ris's &eing handed to mar'eting agen%ies or governments without your %onsent$and in some %ases without you even 'nowing( *hen your data is sel"-hosted and properlyse%ured$ you %an &e sure that your in"ormation will not "all into the hands o" mar'eters()urthermore$ governments will &e re.uired to physi%ally intervene with warrants or othermethods i" they suspe%t you o" something$ whi%h is mu%h less %ommon and %ostly than the&ul' inter%eption they pra%ti%e today(

2$


54/140

+.1. Why a ersona) Server!

)or these reasons$ sel"-hosting your own server is a huge plus "or a%tivists$ whistle&lowers or6ournalists( 5ut it is also very important "or %ommon$ everyday 4nternet users li'e you andme( !he more data we share a&out ourselves online$ the larger that Google and )a%e&oo'get$ the more irresista&le targets they will ma'e "or mar'eters and governments( *e arealready seeing today how simply standing up "or what is right in so%iety %an get you &ullied$threatened$ a&used$ extradited and worse( 4" you are sure that nothing you do right now %anget you into trou&le$ %an you &e sure that in ten years "rom now$ the positions you ta'e orthe data you own FFnowFF won/t &e used to get you into trou&le@ !he 4nternet is a timema%hine -- any %omment you ma'e on a plat"orm servi%e %an &e indexed and potentiallyused against you( !his is why a de"ault state o" priva%y must &e en"or%ed on the we& -- and i"servi%es li'e Google or )a%e&oo' won/t do it "or us$ then we must &e prepared to ta'ematters into our own hands$ &y sel"-hosting our data and re"using to parti%ipate in theirsystems(

%.1.2 - The Cons

e%entrali7ing the 4nternet isn/t always a "ield o" "lowers -- sometimes it %an &e a downrightannoying experien%e( !here are a "ew di""erent pit"alls that one must &e aware o" &e"orethey ta'e the plunge and host their own server(

Perhaps the most signi"i%ant draw&a%' is in downtime( Google/s servi%es$ while they have&een su&6e%t to very pu&li% and unexpe%ted downtimes in the past$ are overall very sta&leand well-managed( !his %annot possi&ly &e mat%hed in a home server environment$ when

data is isolated to only one node( 4" you host your server at home$ this server will &e su&6e%tto any power outages$ 4nternet servi%e interruptions$ or a%%idental unplugs when your %attries to ma'e a home &ehind your %omputer( +n%e a downtime o%%urs$ you will not &e a&leto intera%t with usersK i(e( people will not &e a&le to see your we& server$ send you emails$ ordo mu%h o" anything else(

ext %omes the se%urity aspe%t(


55/140


5e%ause o" these downsides$ %ontingen%y plans should &e made o"ten( 4" you have theresour%es$ rent a =PS that you %an swit%h to i" your main server goes down( Pra%ti%e"re.uent en%rypted &a%'ups to external media or o""site lo%ations( a'e sure to redu%e yourris' o" #going down# as mu%h as possi&le i" you are going to &e hosting %riti%al %ontent(

%.1.% - T7!es o/ 0er6ers

4" you don/t have the spa%e to set up a traditional dedi%ated server in your own home$ or areuna&le to do so "or other reasons$ don/t worry -- there are a "ew di""erent ways to sel"-hostyour data$ and we will loo' at ea%h o" them here(

(edicated er)er

!his option %onsists o" having a standard %omputer in your home that is %onne%ted to the4nternet andEor a home networ'( !his server %an &e any used des'top %omputer that youhave lying around$ or a %ustom-&uilt one "rom ordered parts( +n%e the %omputer is ready$ it%an &e stored in a %loset or a tu%'ed-away %orner o" your home( 4t does not re.uire a%onstant monitor or 'ey&oardEmouse %onne%tion to &e "un%tionalK you %an %ommuni%atewith it via SS: Aexplained in this guideB to %on"igure or maintain your running servi%es(

!his option is the &est "or running a large amount o" online servi%es at on%e( s it has morepro%essing power than em&edded miniservers$ it %an handle more servi%es and morevisitors than a 9asp&erry Pi might &e a&le to( lso$ while it is more expensive "rom the start

Areasona&le %ost estimates "or a &rand-new dedi%ated server run &etween W00 and W;00 USdollarsB$ a dedi%ated server %an &e more %ost-e""e%tive in the long run when %ompared tothe monthly %ost o" a virtual private server A=PSB(

:owever$ as suggested a&ove$ dedi%ated servers do ta'e up mu%h more spa%e thanem&edded miniservers or Ao&viouslyB =PSes( !hey re.uire a larger initial investment$ andwill generally re.uire spe%ial servi%es "rom your 4nternet Servi%e Provider A4SPB in order toma'e them "ully "un%tional( lso$ in %ase o" a move$ power outage or other un"oreseenservi%e interruption at your home$ you will &e without a way to host your %ontent until theinterruption passes(

22


56/140


E*bedded Miniser)er +Raspberry %i,

!his is a relatively new option when it %omes to sel"-hosted servers$ &ut it is one that israpidly gaining popularity( 9asp&erry Pi mini%omputers %an &e pur%hased "or only W2US(*ith an exterior %ase and a dedi%ated networ' %onne%tion$ they %an o""er a host o" simple

server appli%ations$ su%h as we& servers$ email servers and data&ases( !hese miniservers%annot &e &eat when it %omes to the initial investment %ost$ providing a huge advantage tothose who do not have hundreds o" dollars lying around( !hey also still provide the se%urityo" physi%al ownership and %onstant a%%ess that a =PS %annot o""er(


57/140

+.'. 5efore 6ou 5e%in4 7/tions, Confi%uration and 8ardware

.+. /efore ou /e'inB 5*tions, Confi'uration and 7ardware

Aote that =irtual Private Server A=PSB users %an s'ip this arti%le entirely( P %lients$ or will you leave that to another router %onne%tedto the networ'@ 4" you/ve answered yes to any o" those .uestions$ it would &e a goodidea to get a server mother&oard e.uipped with two ethernet ports A4>sB( +ne will&e #"ront-"a%ing$# that is$ %onne%ted to your %a&leESL modemK the other will %onne%tto a hu& or wireless a%%ess point "or your internal networ'(

2*


58/140


Aetwor&Hatta(hed on)y :no firewa)); Aetwor&Hrouted and firewa))ed

%.2.2 - Bu7 9ardware

ow we get to the "un part - doing some shopping8 Load up your "avourite %omputer partsvendor and let/s get started(

Popular parts vendors in the US and >anada are eweggand !igerire%t(ewegg

usually has the &etter pri%es and availa&ility$ &ut whi%hever one you pi%' is up to you(4t/s usually &est to ma'e lists on a "ew di""erent sites to see whi%h one a%tually hasthe %heapest pri%e "or that spe%i"i% appli%ation( 4n the UEPU/s %ooling re.uirements( ost new 4ntel >PUs%ome with %heap &ut de%ent %ooling "ansK though i" you are loo'ing to improve your server/snoise produ%tion$ it may &e a good idea to &uy a ni%er "an as well( Just ma'e sure the "an is%ompati&le with your %hosen >PU/s so%'et type(

2


59/140


Me*ory

Some individuals and %ompanies may %onsider this heresy$ &ut you really don/t need to &uythe most expensive 9 out there in order to have a dependa&le and .ui%' system( 4" youare spending more than W10 on 9$ you are very li'ely spending too mu%h( e%ent server

memory is not too mu%h more than normal memory(

Motherboard

!he mother&oard is where the entire system %omes together( >hoosing one depends on theservi%es you wish to o""er with this server(

;;V o" the time$ you will want to %hoose a server mother&oard( !hese &oards supportserver-%lass >PUs li'e the 4ntel ,eon series( )urthermore$ most o" them %ome with twosB( !his is indispensa&le "or servers that a%t as routers "or internalnetwor's$ or servers that will host emailEwe& servi%es( %ommon setup is to plug the%a&leESL modem into the "irst 4> as a #"ront-"a%ing# inter"a%e$ then to route the internet%onne%tion through to the se%ond 4>$ whi%h is %onne%ted dire%tly to your networ' hu& orwireless a%%ess point(

4t is possi&le to get &y with a standard mother&oard and >PU i" you only want to do mediasharing on your internal networ'$ &ut i" you are even F%onsideringF doing more than that$it/s &est to go "or the server mother&oard and >PU(

9egardless o" the %lass o" mother&oard you go with$ the most important mat%h you willma'e is &etween mother&oard and >PU( You US! remem&er to pair them &y their so%'ettype( )or example$ so%'et LG11 >PUs might not "it every so%'et LG1 or LG2011mother&oard$ et%(

lso 'eep 9 AmemoryB in mind( other&oards have di""erent types$ so%'ets and speeds"or 9$ as well as limits to how mu%h memory they %an handle$ so ma'e sure you %an "indone that wor's with your memory re.uirements( Your mother&oard/s manual$ usuallyavaila&le in P) "rom the manu"a%turer/s we&site$ will have all o" this in"ormation(

2>


60/140


Case

>ases might not seem li'e an important %onsideration$ &ut there are two %riti%al elements to&e aware o" when %hoosing one to meet your needs(

Size3 !here are many si7e designations "or mother&oards3 !,$ ini !,$ i%ro !,$et% et%( a'e sure the %ase is the %orre%t si7e "or the mother&oard you are loo'ing topur%hase(

8ower Su**)y3 ost %ases these days %ome with their own power supplies$ &ut theyare not all %reated e.ual( 4" you are planning on pur%hasing a %omputer with an 4ntelserver >PU$ you will de"initely need a power supply with 2-pins Aor #20N#B( !he extra pins are re.uired to meet the mother&oard and >PUs extra re.uirements( eep inmind that$ i" you have your heart set on a parti%ular %ase that %omes with anin%ompati&le power supply$ you %an always remove the old one and install one

separately pur%hased(

.ard (ri)e+s,

gain$ the type o" hard drives you will need will vary depending on what you want toa%%omplish with them( )or simple we&Eemail servers$ you will not need mu%h spa%e at all()or those loo'ing to do any sort o" "ile hosting$ spa%e will li'ely &e very important( You %anpi%' a %ertain num&er o" drives that %an &e mat%hed via a 94 array$ whi%h %an either3

(((stripe them together Ai(e( e""e%tively ma'ing x 2!5 drives into one giant ?!5 driveBK ((( +9 mirror them$ "or an instant &a%'up in %ase one drive in the "ormation "ails(

Aa'ing x 2!5 drives into two sets o" !5 drives$ with one a%ting as a live &a%'up in%ase the other set goes downB(

rives should also &e pur%hased a%%ording to their type and the %ompati&ility with themother&oard( early every mother&oard these days supports S!$ the new standard "ordrive %onne%tivityK however there are multiple types o" S!3 1(G5Es$ (0G5Es and thenewer (0G5Es( 4" your mother&oard supports (0G5Es$ and you plan on hostingEmovingvery large "iles with your server$ it would &e worth it to %onsider (0G5Es S! driveAsB(

)inally$ &rand name and warranty does still mean something$ espe%ially sin%e hard drivesare su%h important %omponents in your server( "ter all$ all your personal data rests onthemK repla%ing the drive is mu%h easier than repla%ing the data( Go with a &rand that is'nown to &e good( *estern igital 5la%' series drives have a good re%ord o" dependa&ilityKmany o" them also %ome with re%ord -year warranties$ ma'ing them an ex%ellent option(

7-


61/140


'ther tuff

+ther things you will need to %onsider3

ey&oardEouse

>E= drive

Power strips and plugs

onitor3 9emem&er that this is optional i" you are going to run a headless server$ &utyou will at least need a%%ess to one temporarily when you install your distri&ution(

%.2.% - I0 and Do#ain 4a#e )!tions

4" you are not planning to use your server to host any external A4nternetB servi%e$ +9you have opted to use a =irtual Private Server A=PSB$ you %an s'ip this se%tion(

ealing with your internet servi%e provider$ no matter how mu%h you might dread it$ will &ea ne%essary %omponent o" this setup i" you plan on hosting a we&site or your email on thisserver( Your server needs the a&ility to &e lin'ed to a domain name$ whi%h means it alsoneeds a stati% 4P( !his is something your internet servi%e provider %an give you( 4" you wantto host multiple servers and servi%es on =s Asay a "ileserver = and an emailEwe& host =Bit would &e a good idea to also get a stati% su&net(

Usually when you %onne%t to the 4nternet$ your servi%e provider gives you a dynami%ally-set4P address to use( :owever when your we&Eemail servi%es go live$ the 4nternet will need asteady and stati% address with whi%h to loo' you up( !his is why at least one stati% 4Paddress is re.uired( stati% su&net is an extension o" the a&ove idea$ &ut it o&tains multiplestati% 4P addresses that &elong to a spe%i"i% #su&net$# or a su&set o" 4P num&ers( )orexample$ i" you were to o&tain what is %alled a #E2; su&net$# that gives you six stati% 4Paddresses to use(

Some residential internet providers no longer allow %lients to re.uest stati% 4P addresses orsu&netsK i" this is the %ase$ you may need to %onsider springing "or a 5usiness %lass plan$ asthese always have the a&ility to o&tain stati% 4P addresses( 4n many %ases they are not morethan W10 or W1 more than your original residential plan would &e(

+n%e you/ve dealt with your 4SP$ you must pur%hase a domain name( !his will li'ely &e mu%heasier Aand pro&a&ly %heaperB than the prior step( !here are many de%ent domain name

71


62/140


registrars out there$ &ut 4 have to re%ommend ame>heap(%om( s "ar as pri%e$ ease-o"-useand %ustomer servi%e are %on%erned$ they are %onsistently %ited as one o" the very &est( )ora domain$ you %an %hoose anything with any endingK though something simple is advisa&le i"you are to &e using an email address as well( othing li'e typing a 1-%hara%ter domainwhen you want to send someone an email(

*hen &uying a domain name$ 'eep in mind that the domain you pur%hase will &e su&6e%t tothe laws and regulations o" the %ountry that you register it in( *i'ipedia ran into trou&le inthe United States when its #(org# address was res%inded &y US authorities &e%ause itpu&lished material that the government wasn/t too happy to see( !he %ommon #(%om$##(net# and #(org# are overseen &y the US Government( +ther %ountries$ su%h as 4%eland$ havea more "avoura&le poli%y towards the pu&lishing o" %ontroversial or lea'ed in"ormation thatwould &e in the pu&li% interest( 4t/s advisa&le "or those who loo' to post potentially sensitivein"ormation to %onsider an 4%elandi% domain( )or more in"ormation regarding 4%eland/snational "reedom o" expression poli%y 'nown as the #4%elandi% odern edia 4nitiative$#visit its we&site(

*ith the stati% 4P in hand and the domain name registered$ it/s time to get them lin'edtogether( +n your domain registrar/s a%%ount page$ there will &e a pla%e mar'ed somethingli'e #:ost 9e%ords# or #omain Settings(# A+n ame>heap it is "ound at y %%ount Danage omains D %li%' the domain name D ll :ost 9e%ords(B You will &e presented with alist o" "ields$ usually arranged into at least "our %olumns3 :ost ame$ 4P ddress$ 9e%ord!ype$ and !!L(

4n the :ost ame "ield #X#$ put your stati% 4P address in the %orre%t "ield$ and set the

re%ord type as ##( !his will allow people to rea%h your we&site &y visitinghttp3EEmydomain(%om(

4" there is a "ield "or #www# hostname$ or i" you %an %reate one yoursel"$ do the same"or an re%ord with your same 4P address( !his will allow people to rea%h the samesite when going to http3EEFwwwF(mydomain(%om as well(

)inally$ we will set our domain up "or mail( !here should &e a se%tion "or #,9e%ords# or #ail Settings(# !he hostname should &e #mail#$ the 4P address mat%hingyour stati% 4P$ and the #, Pre"# should &e #10#( *hen an email server wants to"orward you an email$ they will %he%' this re%ord and see your 4P$ allowing them toa%tually ma'e the %onne%tion &etween servers and deliver the message(

*ith the %orre%t settings ena&led$ and the 4nternet ready to wel%ome our server$ you areready to start assem&ling the server itsel"(

7%
https://immi.is/Icelandic_Modern_Media_Initiativehttps://immi.is/Icelandic_Modern_Media_Initiative


63/140

+.+. Asseb)e 6our C

.. !sse"b)e our 8C

!his se%tion will &e in%luded in guide version 1($ due out in ay 201(

7$


64/140

+.-. Insta))in% buntu Server

.?. Insta))in'


65/140


"ter this it will attempt to dete%t your hardware settings and will as' you i" you wish to use:>P( 4" your server is %onne%ted to a networ' that has a router$ %hoose to use :>P "ornow( 4" not$ %hoose #>on"igure the networ' manually# and you will have the option to setyour desired stati% 4P$ su&net and gateway settings( "ter the install$ we will wal' throughspe%i"i% networ' settings to ena&le &ased on your %on"iguration(

Set the hostname and time7one in"ormation as per your pre"eren%es(

72


66/140


ext the installer will ta'e you to the dis' %on"iguration menu(

You will most li'ely want to %hoose #Guided - use entire dis'#( 4" this system will &e runningvirtual ma%hines or will share dis' spa%e with other operating systems$ %hoose #anual# and%reate a partition "or #E# that re"le%ts the si7e you want your server storage to have(

77


67/140


"ter this$ your &ase system will &e installed3

ext$ you will set up a &ase user and %hoose its password$ as well as setting theadministrative password "or the root userK then you will &e as'ed i" you want to en%rypt the:ome dire%tory on the server( Unless you have extremely sensitive se%urity %on%erns$ 4would not &other with en%rypting the home dire%tory on a server( *e will &e en%rypting our&a%'ed-up data &e"ore we pla%e it on the server anyway( !hen you will &e as'ed to %hoosehow you want to re%eive your updates3 either manually or automati%ally( >hoose &ased on

your pre"eren%e( 4t is o"ten %onvenient to have your server automati%ally re%eive se%urityupdates$ so you don/t need to worry a&out it(

7*


68/140


)inally$ you will &e as'ed whi%h so"tware pa%'ages should &e installed &y de"ault3

1( 5*enSS7 Serer3 4t is highly re%ommended that you %hoose this( !his will allow youto remotely a%%ess your %omputer "rom other ma%hines$ either on the lo%al networ'or on the 4nternet( *e will explain this in the next %hapter$ ((

2( DAS Serer3 !his is only ne%essary i" you are going to use your server as a networ'

%ontroller and router( *e go over this in %hapter ((( !%8 Serer3 !his will install pa%he Awe& serverB$ ySHL A%ontent pu&lishing

plat"orms li'e *ordpress or rupalB$ and P:P Ane%essary "or almost any we&siteappli%ationB( *e will review these in %hapter (;(

( %ai) Serer3 4nstalls Post"ix and ove%ot "or mail storage and transmission( *e goover these in %hapter ((

7


69/140


( 8ost'reS Database3 !his is another type o" SHL server( You should only %hoose toinstall it i" the program you want to run expli%itly re.uires it(

( 8rint Serer3 Use this i" you will &e %onne%ting a printer to this %omputer and wouldli'e to share it on your networ' "or other devi%es to use(

( Sa"ba Fi)e Serer3 Use this i" you have *indowsEpple devi%es on your networ' thatyou will want to share "iles or media with( *e will go over this in %hapter (11(

?( To"(at 3aa Serer3 !his is "or Java so"tware hosting and development$ you will notneed it unless you are a Java developer(

;( Virtua) %a(hine 7ost3 Use this i" you will &e running virtual ma%hines A=sB with thisserver "or various reasons( =s will &e explained in the appendix %hapter (12(

nd with that$ your %omputer will re&oot$ and you will &e prevented with your shiny-newlogin prompt3

7>


70/140


!his &ase system wor's a%%ording to the Linux %ommand-line rules that were explained inse%tion 2( 4t has no graphi%al user inter"a%e( !he goal o" this guide is to get you up-to-speedand %om"orta&le with editing the "eatures o" your system without needing to rely ongraphi%al inter"a%es(

%.&.% - Basic 4etwor5 0etu!

t this point we will set up our server so that it has &asi% %onne%tivity to the 4nternet( )romthere$ we will &e a&le to set up appli%ations &ased on our individual pre"eren%es in the"ollowing %hapters( 5elow we will explain how to set up your server to %ommuni%ate withthe 4nternet on one port$ and with an internal networ' on the other( *e will assume that#eth0# %orresponds to the port %onne%ted to our internal networ' hu& or a%%ess point$ and#eth1# %orresponds to the port dire%tly %onne%ted to our SLEsatelliteE%a&le modem(

4" you have your server &ehind a router or other "irewall whi%h is handling your%onne%tion Aand you will not &e using the server itsel" as a router or "irewallB$ you willneed to assign the server a Stati% 4P address on your router( !his is ne%essary "orvarious reasons( You will need to "orward ports to your server "or every servi%e youwill want to run "rom it$ i" you want to &e a&le to rea%h them "rom the outside(5e%ause o" this$ you will need to have the server on an internal stati% 4P address thatdoes not move$ lest your running servi%es &e interrupted( 4n the steps &elow$ you willalso want to s'ip any settings "or #eth1# as they do not apply(

)irst$ you need to "igure out the names o" your networ' inter"a%es( ost o" the time this will&e #eth0# andEor #eth1$# &ut to &e sure$ run ip addr( 4t will list the di""erent inter"a%es youhave( 4" you have two networ' inter"a%es$ ma'e sure you 'now whi%h port %orresponds towhi%h &y %onne%ting them to di""erent devi%es and monitoring how the ip addrentries%hange(

4t is strongly re%ommended that you avoid running a server on a wireless inter"a%eAwlan0B( )or per"orman%e$ sta&ility and %ompati&ility reasons$ this is simply 6ust a &ad

idea( !his guide will not provide in"ormation on %on"iguring servers %onne%tedwirelessly(

*-


71/140


!o set your server with a stati% 4P address$ open the "ile /etc/net1ork/interfacesandaddE%hange the "ollowing lines3

auto eth)

iface eth) inet static

address ).).).

netmask +.+.+.)

gate1ay ).).).

!he #Gateway# should mat%h the internal 4P address o" your internet-"a%ing devi%e Ain most%ases$ your routerB( 4" this server is a%ting as a routerE"irewall and is dire%tly %onne%ted tothe internet with another ethernet port$ set the gateway to &e the same as the #address(#!he netmas' will li'ely &e #2(2(2(0#$ or a E2 su&net( a'e sure the 4P address you

%hoose is on the same su&net as your existing networ'( !hat is$ i" your other devi%es alloperate with 4P addresses li'e 1;2(1?(0(x$ your server will need to &e a stati% address inthis range$ :+*


72/140


4" your internet-"a%ing ethernet port is %onne%ting to a SL modem$ %he%' to see i"you %onne%t to your SL server via PPPo


73/140

+.0. Gettin% In4 sin% SS8 and 92C

.@. Gettin' InB


74/140


"ter this you will get a prompt as'ing "or your password( +n%e you enter it$ you should geta %ommand prompt as i" you were using the terminal on your server lo%ally( =oila8 !ype#exit# when you want to get &a%' to your lo%al %omputer/s %ommand prompt(

%.'.2 + 0ecuring 009

/o Root Logins0

4n its %urrent state$ your SS: is a%tually .uite ris'y( Unless you laugh in the "a%e o" danger$you will want to ta'e some steps to se%ure it(

)irst$ we will prevent root SS: logins to our server( !his is a popular line o" atta%' Z peopleAs%riptsB hoping to "ind 6ust that oneserver that got lax and la7y with its %on"iguration( *ewon/t "all "or that$ o&viously(


75/140


remotely won/t even get a %han%e to tryto %ra%' your password( 4" they don/t haveyour SS: 'ey$ then they/re out in the %old(

2( azinessZ Li'e 4 said$ SS: 'eys allow you to SS: to your remote ma%hine withouthaving to use your password( So i" you are someone who needs to SS: to your server

"re.uently$ it %an &e a pain having to enter your password every so o"ten( u%heasier to let your SS: 'ey do the tal'ing "or you Z i" your %omputer %an produ%e theright 'ey$ the server will never as' you "or a login password(

*hen you %reate an SS: 'ey$ you are %reating two "iles3 a *riate'ey and a *ub)i('ey( !heprivate 'ey is the a%tual "ile that is used to authenti%ate you( !he pu&li% 'ey %ontains a stringthat the server %an use to %ompare with the private 'ey and veri"y i" it/s really you trying tologin( !he private 'ey is the one you do not want to lose(

!o %reate an SS: 'ey$ run the "ollowing %ommand on your ()ientma%hine3ssh-keygen -t rsa

!his will as' you a "ew .uestions( )irst$ go ahead and save it in the de"ault lo%ation( Se%ond$it/s a good idea to enter a passphrase with whi%h to unlo%' your SS: 'ey( !his is intended toprovide a good last line o" de"en%e3 should your SS: 'ey somehow to "all into the wronghands$ they still won/t &e a&le to get into your server( Aon/t worry$ i" you set a passphrasehere$ you %an still set it to automati%ally unlo%' itsel" on your own %omputer via ssh-agent(B

"ter you/ve %reated your 'ey and given it a passphrase$ run the "ollowing %ommand withthe %orre%t in"ormation in pla%e to upload it to your server3

ssh-copy-id $usernameL$servername

!his %opies your pu&li% 'ey to an Iauthori7ed 'eys list$ telling your server that whi%hever%omputer SS:es in with your private 'ey in hand %an &e trusted( !he neat thing a&out this isthat you %an put your SS: private 'ey on any %omputer you own Aeven your ndroidsmartphoneB and &e a&le to gain password-less a%%ess to your server(

*hen you test your SS: %onne%tion$ your %lient will automati%ally use your SS: 'ey( 4tshould only as' you "or your passphrase the "irst timeK i" not$ run the %ommand Mssh-addMand it should &e permanently added to your Mssh-agentM(

*2


76/140


4t should go without saying that it/s very important this 'ey &e 'ept se%ure( 4 wouldre%ommend storing a &a%'up on a US5 'ey that you %an hide somewhere in your home withyour personal "iles( nd i" you store it anywhere else on your %omputerEserver$ li'e in a&a%'ups "older$ ma'e sure you store it in an en%rypted ar%hive Asee the %hapter on 5a%'ups"or how to do thatB(

Use Your . 1ey 'n 'ther (e)ices

4" you wish to use your SS: 'ey on(((

(((+ther Linux ma%hines 5-a% +S ,3 >opy RE(sshEid[Qrsa and RE(sshEid[Qrsa(pu& tothe same "older on your other Linux %omputer( 9un Mssh-add$M then voila(

((( *indows %omputer AhisssssssB3 ownload Pu!!Y( onne%t5ot"rom the PlayStore and install it( +pen the app$ press enu and %hoose Ianage Pu&li% eys(Press enu and %hoose I4mport$ then &rowse to the lo%ation o" the "ile and %hooseit( ote that when you %reate a new %onne%tion$ you %an hold down the line in the listand %hoose is another way to remotely gain a%%ess to your %omputer( *here SS: gets you into theterminal$ => is a more dire%t approa%h( 4t resem&les the #9emote es'top# appli%ation on*indows systems(

!his proto%ol is only worthwhile "or servers with graphi%al inter"a%es$ li'e the "ull version o"U&untu( 4" you are using the U&untu Server we have &een tal'ing a&out$ you will &e &ettero"" sti%'ing to SS:(

U&untu %omes with a &uilt-in => server %alled vino( 4t is ena&led &y de"ault(

*7
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.htmlhttps://play.google.com/store/apps/details?id=org.connectbot&hl=enhttps://play.google.com/store/apps/details?id=org.connectbot&hl=enhttps://play.google.com/store/apps/details?id=org.connectbot&hl=enhttp://www.chiark.greenend.org.uk/~sgtatham/putty/download.html


77/140


+n your lo%al ma%hine you will need a => viewer( U&untu has one &uilt-in named vinagrethat will wor' ni%ely "or our purposes( )rom the %ommand line$ enter the "ollowing withyour server/s 4P address3

vinagre #+.!.).

*hen it %omes to se%uring your => %onne%tion$ the &est way to do that is to run => overan SS: tunnel and &lo%' the => port A;00B on your "irewall( *e will dis%uss port &lo%'ingand SS: tunnelling in %hapter (10(

%.'.& - $urther eading

+penSS: Server - U&untu Server A12(10B +""i%ial o%umentation

sshQ%on"ig man page

=> - >ommunity U&untu o%umentation

**
https://help.ubuntu.com/12.10/serverguide/openssh-server.htmlhttp://linux.die.net/man/5/sshd_confighttps://help.ubuntu.com/community/VNChttps://help.ubuntu.com/community/VNChttp://linux.die.net/man/5/sshd_confighttps://help.ubuntu.com/12.10/serverguide/openssh-server.html


78/140

+.:. 8oe 2etwor$in%4 D8C, D2S and 2AT

.. 7o"e Aetwor&in'B D7C8, DAS and A!T

)or those who will &e using their servers to manage their networ' Ain%luding as a "irewallB$we will now &e setting up various servi%es allowing our internal networ' to use the 4nternetand various other servi%es hosted &y our server(

%.;.1 - 0er6e 4etwor5 Clients 6ia D9C

)irst$ install the :>P server "rom the U&untu pa%'age repositories(

sudo apt-get install isc-dhcp-server

ow$ to %on"igure it$ we will %reate several %ustomi7ed entries in /etc/dhcp/dhcpd.confto handle our setup(

default-lease-time '%+)))M

max-lease-time !)'))M

option routers #+.!.).M

option domain-name-servers #+.!.).M

option broadcast-address #+.!.).+M

option subnet-mask +.+.+.)M

option domain-name N$home.localNM

subnet #+.!.).) netmask +.+.+.) O

range #+.!.).) #+.!.).)M

host $myhost O

hard1are ethernet xx:xx:xx:xx:xx:xxM

fixed-address #+.!.).xM

option host-name N$7yhostNM

P

P

*


79/140


ow let/s wal' through these lines and "igure out what ea%h o" them does(

defau)tH)easeHti"eand "a2H)easeHti"egovern how o"ten your %omputers will%he%' &a%' with the server to have their 4P address assignment renewed( !he "igure isin se%onds( 4n the ma6ority o" %ases$ you %an set this to &e a somewhat long time andthere will &e no issues( 4" you set the leases to &e too short$ it may impa%t yournetwor' per"orman%e( 2$000 se%onds e.uals days(

o*tion routersand o*tionHdo"ainHna"eHserersneeds to point to your server/sstati% 4P address$ that you gave it in the Server 4nstallation %hapter(

o*tion broad(astHaddressis "or the internal networ' &road%ast address( !he lasto%tet Aset o" num&ersB should always &e 2( 4" your networ' is in the 1;2(1?(1(xrange$ then %hange the 1( +therwise it should &e le"t alone(

o*tion subnetH"as&should &e le"t at its de"ault$ 2(2(2(0( 4" you need a

di""erent one$ it/s li'ely &e%ause you have a huge networ' with hundreds o"%omputersK i" that/s the %ase$ then you shouldn/t &e "ollowing this guide anyway 3B

o*tion do"ainHna"eshould mat%h what you %hose as your internal domain name(4n most %ases$ #home(lo%al# will su""i%e(

subnet 1J+.1K.0.0 net"as& +@@.+@@.+@@.0 L&egins the se%tion that outlines theinternal networ' we are now setting up( !he "irst 4P address A1;2(1?(0(0B %om&inedwith the se%ond num&er A2(2(2(0B means that all o" our %lients will have 4Paddresses that &egin with 1;2(1?(0$ that we %an add any num&er at the end o"that "rom 0-2 "or networ' %lients(

ran'e 1J+.1K.0.10 1J+.1K.0.@0is important$ &e%ause it tells the :>P %lient howmany addresses in the 1;2(1?(0(0 &lo%' it %an %laim as its own and assign to %lients(4ts usually a good idea to have a &it more than you need hereK as you are not li'ely tohave over 200 ma%hines on this networ'$ than you won/t &e needing to worry a&outspa%e(

!he next nested se%tion Ahost M"yhostB is optional( 4" you want one o" your%omputers to always re%eive the same 4P address via :>P$ whi%h is %onvenient "ordiagnosti% purposes and is re%ommended "or any other servers running on yournetwor'( 9epla%e the hostnames listed here with what they should &e "or that%omputer( Set the > address to the networ' adapter that the %omputer will%onne%t "rom( A+n Linux-&ased systems you %an usually "ind the > address &y

running ip addr(B

nd "inally$ don/t "orget to %lose out all the open se%tions you opened with #\# with a%orresponding #]#8

*>


80/140


+n%e your %on"iguration is in order$ start the server with sudo service isc-dhcp-server restart( Your devi%es will now &e a&le to %ommuni%ate with ea%h other on yournetwor'( 5ut don/t get too ex%ited yet8 !hey still won/t &e a&le to get internet a%%ess( )orthis$ we will need to set up a gateway and ! "orwarding with ipta&les$ then we will set ourserver to handle S re.uests(

%.;.2 - Gi6e Clients Internet ccess with i!tables

!he next step is to ena&le your server as an 4nternet gateway$ so that it will share its%onne%tion to devi%es %onne%ted to the internal networ'( !o do this$ we will &e using theipta&les "irewall system(

sudo iptables - (9IFI" -o eth) -i eth -s #+.!.).)/+' -mconntrack --ctstate 5F -j &&6C

sudo iptables - (9IFI" -m conntrack --ctstate8C,=48E"QI=C" -j &&6C

sudo iptables -t nat -( 698CI9


81/140


%.;.% - 0et U! a 8ocal D40 0er6er

4n &rie"$ S is the method that the 4nternet uses to translate 4P addresses to the domainnames we are all used to typing in our &rowsers( *e 'now that every internet server has atleast one 4P address$ and this is how it %an &e #"ound# online( nd S is what is used togive these addresses a human-reada&le name(

+ur server will &e set up "or S "or two purposes3

Ca(hin'3 )or every page re.uest made to the 4nternet "rom one o" your %omputers$the server will 'eep a %a%he o" its lo%ation data( You may noti%e that the "irst time youview a site$ it is o"ten slower to load than the su&se.uent times you visit it( !his issu&se.uently due to your %omputer #see'ing# the address o" the server the "irst timeKevery time a"ter that$ it will remem&er where it went &e"ore( Setting your server to a%t

as a S %a%he lo%ally should improve internal networ' per"orman%e overall(

Interna) !uthority3 !his S server will 'eep tra%' o" the devi%e names on ournetwor'$ and allow other devi%es to &e a&le to "ind them &y those names( So i" youwant to SS: to your %omputer in the other room$ you %an do so &y running ssh&omputer5ameinstead o" having to 'eep tra%' o" its 4P address at any given timeand running ssh #+.!.).T(

!he S server we will use is %alled 54( 4nstall it &y running sudo apt-get installbind#(

!o %on"igure 54 as a %a%hing nameserver$ edit /var/lib/bind/named.conf.optionsand %hange the "ollowing lines3

for1arders O

x.x.x.xM

x.x.x.xM

PM

!he x(x(x(x lines should mat%h the Primary and Se%ondary S addresses given to you "romyour 4nternet Servi%e Provider( 4" you do not have any or do not 'now what they are$ you%an use ?(?(?(?$ whi%h "orwards to Google/s pu&li% S servers(

ow we will set up our S server to a%t as our internal networ'/s authority( !his %omes viasetting up two 7one"iles( >reate a "ile named /var/lib/bind/db.home.local( A>hangethe trailing #home(lo%al# to whatever you de%ided your internal domain would &e earlier(B


82/140


+'#+)) M expire ;' 1eeks>

!')) M minimum ; day>

>

58 $myserver.home.local.

7H ) $myserver.home.local.

$9I4345 home.local.

myserver #+.!.).

laptop #+.!.).+

1orkstation #+.!.).%

phone #+.!.).'

xbox #+.!.).

!he third line Astarting with #home(lo%al#B should "eature your internal domain( !he next &itAmyserver(home(lo%al(B should re"le%t your server/s hostname with the internal domain anda #(# appended to the end( !he last &it on this line Ausername(home(lo%al(B is a%tually anadministrative email address - %hange this to mat%h the email you want to use "or this "ield$ma'ing sure there is a #(# in the pla%e o" the #X#$ and a #(# at the end o" it all(

!he S and , lines should point to your server/s hostname and internal domain( !his isused to designate the server as the internal domain/s nameserver and main mail server(

!he repeated entries &elow the se%ond W+94G4 tag are individual re%ords "or devi%es onthe networ'( !hese are %alled #host entries(# 9emem&er when$ in our :>P %on"iguration$we had the opportunity to reserve spe%i"i% addresses &ased on the > addresses o" ourdevi%es@ !hese same entries should &e repeated here$ with the a%%ompanying ## tag in themiddle( ow we don/t need to add entries "or every possi&le devi%e we will have on our


83/140


networ' here3 in the next se%tion we will have :>P do this "or us( 5ut it is a good idea toin%lude your server in this list$ as well as anything you/ve given stati% or reserved 4Paddresses(

*henever you %hange a 7one"ile$ you "ust in%rease its serial num&er( any peopleuse the date in YYYY "ormat$ then a %ouple digits mar'ing the num&er o" the%hange you/ve made(

!here are many other 'inds o" host entries you %an ma'e hereK "or in"ormation onthem see the 54 lin's in the )urther 9eading se%tion(

ow "or every S 7one"ile we esta&lish$ we must have a %orresponding #reverse S7one"ile(# !his is "airly simple to doK %reate a "ile %alled /var/lib/bind/db.#+and insertthe "ollowing$ repla%ing the W values where appropriate

+'#+)) M expire ;' 1eeks>

!')) M minimum ; day>

>

58 $myserver.home.local.

$9I4345 ).!.#+.in-addr.arpa.

6CI myserver.home.local.

+ 6CI laptop.home.local.% 6CI 1orkstation.home.local.

' 6CI phone.home.local.

6CI xbox.home.local.


84/140


!he #0# in #0(1?(1;2(in-addr(arpa# re"ers to the third o%tet in your networ'/s 4Psu&net( 4t assumes your networ' operates on the 1;2(1?(0(0 range( 4" it is otherwise$update this num&er a%%ordingly(

ow a lot o" these options are %ustomi7ed in the same way they are in the "irst 7one"ile wemade$ &ut we %an see a pretty important di""eren%e when we get down to the host re%ords(!hey are in reverse order( !he last o%tet o" the 4P address "or ea%h devi%e Ae(g( the #1# in#1;2(1?(0(1#B is pla%ed "irst$ "ollowed &y the #P!9# ApointerB "lag$ then the "ully-.uali"iedhostname with internal domain appended at the end( 9emem&er that you only need to%reate re%ords here i" you %reated them in your "irst 7one"ile$ and you don/t need to %reatere%ords "or everydevi%e on your networ'(

!o a%tivate these 7one"iles "or use in 54$ edit /etc/bind/named.conf.localand addthe "ollowing lines3

zone Nhome.localN 45 O

type masterM

file N/var/lib/bind/db.home.localNM

PM

zone N).!.#+.in-addr.arpaN O

type masterM

file N/var/lib/bind/db.#+NM

PM

*hew$ are you still with me@ S setups %an &e a real heada%he$ &ut i" you/ve made it this"ar with your sanity inta%t$ then you are almost ready to reap the rewards8

Start up &ind with sudo service bind# restart( t this point$ your %lients should &ea&le to %onne%t to the 4nternet using regular ol/ domain names li'e usual( :ooray8


85/140


%.;.& - llow D9C to U!date D40 ,ntries

ow we %an not only use the 4nternet on our internal networ'$ we %an also %ommuni%atewith our stati% serversEhosts using their proper names( 5ut what i" you want to rea%h otherdevi%es &y their hostnames@ Say you have a "riend %ome over that/s &ringing his laptop$ andyou want to set up a "ileshare on it and to rea%h that share via his laptop/s hostname( )orthat$ we %an allow our :>P server to "et%h these names and update our networ'/s Sre%ords a%%ordingly( !his is done &y providing a se%ure so%'et "or the S and :>P serversto %ommuni%ate on(

)irst$ %hange the owner o" your 7one"iles to let 54 &e a&le to edit them at will3

sudo cho1n bind:bind /var/lib/bind/2

ow we will generate a 'ey that will allow the two programs to %ommuni%ate se%urely&etween ea%h other(

sudo cat Adhcp_updater.2.private 0 grep Aey

>opy the output or write it downK we will need it soon( +pen up/etc/bind/named.conf.localagain and add the "ollowing lines3

key "E&6_


86/140


So we are set up on the S end$ now let/s give :>P the other end( P server to write to its "iles3

sudo cho1n dhcpd:dhcpd /etc/dhcp/dhcpd.conf

9estart the servers with sudo service bind# restartand sudo service isc-dhcp-server restart$ and it/s done8


87/140


on/t "orget to remove the 'ey "ile that we %reated$ Adhcp_updater.2(

)rom now on$ i" you want to ma'e manual %hanges to your 54 S 7one"iles$ youwill need to #"ree7e# them "irst( )ree7e it with sudo rndc freeze home.local.and then you are "ree to ma'e your edits( +n%e %ompleted$ #thaw# the 7one"ile again&y running sudo rndc unfreeze home.local.nd o" %ourse$ don/t "orget the#(# at the end8

%.;.' - $urther eading

:>P AU&untu o%umentationB

54 >on"iguration AU&untu o%umentationB

4nternet >onne%tion Sharing AU&untu o%umentationB

S 9e%ord Updates via :>P - Lani/s *e&log


88/140

+.;. 8ost 6our ai)4 Settin% / ostfi< and Dove&ot

.=. 7ost our "ai)B Settin'


89/140


( o(a) networ&sB


90/140


!his prompt is a little di""erent "rom the standard %ommand$ as it only understands S!P%ommands( 5ut not to worry - enter the "ollowing %ommands line-&y-line to send yoursel" atest message3

ehlo localhost

mail from: rootLlocalhost

rcpt to: $usernameLlocalhost

data

8ubject: 7y 6ostfix Cest

Cest 7essage +%

Chis is the body

3oodbye.

Guit

a'e sure to put your username in the right spot( lso$ that line right a&ove #.uit# is indeed6ust a period( !hat tells post"ix that our test message is %omplete and ready to &e sent(

ow let/s see i" it wor'ed( 9un the mail%ommand and you should see the su&6e%t line o"your message( Press 1 and


91/140


%.


92/140


ow we will set up the mail storage hierar%hy and ena&le it "or use with the "ollowing%ommands$ again %hanging Wusername "or the appropriate value3

sudo maildirmake.dovecot /etc/skel/7aildir

sudo maildirmake.dovecot /etc/skel/7aildir/."rafts

sudo maildirmake.dovecot /etc/skel/7aildir/.8ent

sudo maildirmake.dovecot /etc/skel/7aildir/.Crash

sudo maildirmake.dovecot /etc/skel/7aildir/.Cemplates

sudo cp -r /etc/skel/7aildir /home/$username

sudo cho1n -I $username /home/$username/7aildir

sudo chmod -I *)) /home/$username/7aildir

+n%e this is %omplete$ we are ready to start and test ove%ot( Start it with sudo servicedovecot start( !hen open up a telnet with telnet localhost imap( 4" you seesomething li'e this3

Crying localhost...

&onnected to localhost.

scape character is UVWU.

@9A dovecot ready.

((( then we are ready to go to the next step8

%.


93/140


)irst %omes our Post"ix SSL %on"iguration( !his is the me%hanism that Post"ix uses tose%urely authenti%ate users and servers( You will need to install the libsasl+-+Q sasl+-binand libsasl+-modulespa%'ages(

The CitizenWeb Guides

Documents