admin adventure

the ongoing struggle: man vs machine

Tag Archives: debian

Update Alerts via Email in Debian Squeeze (apticron)

 

We all know life is busy for us system administrators. Keeping servers updated is generally a good security practice, but is often overlooked due to more pressing concerns. This can often be especially true for the trusty linux servers that sit in the corner and never cause a problem.

This short tutorial will guide you through setting up the apticron tool to alert you when updates are available for debian.

It relies on the server being able to send emails, so ensure that this is possible through exim, postfix or sendmail first.

 

1. Open terminal as root

image

image

2. run command apt-get install apticron

image

3. Edit the configuration file with nano.

nano /etc/apticron/apticron.conf

 

image

 

4. Change EMAIL=”root” to a valid email address. Note that quotes must remain around the email address.

image

image

5. Press CTRL-O to save, then CTRL-X to quit nano.

 

All done. You will now receive a daily email with the required updates.

Advertisements

Installing Subversion on Debian Squeeze for HTTP and HTTPS

This tutorial will lead you through installing the source control and versioning software, Subversion. It assumes that you already have a server running Debian squeeze with network access.

The Debian system I use in this tutorial is called bhap04 and has an ip address of 10.1.1.20.

Install Subversion

1. Log into Debian console as root.

2. Install Subversion using apt-get install subversion. Answer Y at the prompt.

image

3. Next, create a directory that will hold our repositories. mkdir –p /var/lib/svn

image

4. Now I will create a repository for my software development project called myproject inside /var/lib/svn. You can create other repositories now for other projects you have. The repository will be empty until you import a project into it.

svnadmin create /var/lib/svn/myproject

image

Subversion is now installed, but can only be used locally, which does not suit our purpose. We need to install apache and configure it to host Subversion.

Enabling HTTP

For HTTP:// we need to configure WebDAV on an Apache2 server. Thus we will install apache2 and apache2 SVN module now.

1. apt-get install apache2 libapache2-svn

image

2. Next, we configure apache2 SVN module by editing the file /etc/apache2/mods-available/dav_svn.conf

nano /etc/apache2/mods-available/dav_svn.conf

image

The text editor nano will launch and display the file as below.

image

3. There is a configuration already commented out. You can leave it commented out as a future guide, and add our configuration to the bottom of the file.

 <Location /svn>
  DAV svn
  SVNParentPath /var/lib/svn
  AuthType Basic
  AuthName "Subversion Repository"
  AuthUserFile /etc/apache2/dav_svn.passwd
  <LimitExcept GET PROPFIND OPTIONS REPORT>
    Require valid-user
  </LimitExcept>
 </Location>

Add the below lines to the file, then press ctrl-O to save, and ctrl-X to close.

4. Restart apache2 to enable the configuration.

/etc/init.d/apache2 restart

image

5. Because we will be reading and writing to our repository folders as the Apache user, which is www-data, we must change the owner and group of /var/lib/svn and its children.

chown –R www-data:www-data /var/lib/svn

image

6. Now we must create the passwords file that will contain all users that will have access to SVN. I ill make the user admin22

htpasswd –c /etc/apache2/dav_svn.passwd admin22

You will be prompted for a password for the new user.

image

7. You can continue to add additional users with the command htpasswd /etc/apache2/dav_svn.passwd username

Note the lack of the –c switch. This switch creates the password file. If you use it a second time, you will overwrite the existing password file with a new file, which is generally not desired.

You now have a working HTTP Subversion. We must now configure HTTPS. If you don’t desire this option, you may stop here.

HTTPS

1. Enable Apache SSL Module

a2enmod ssl

image

2. Restart apache2

/etc/init.d/apache2 restart

3. Copy the default-ssl sites file to a new file and name it with the name of the site.

cp /etc/apache2/sites-available/default-ssl /etc/apache2/sites-available/subversion.bhap04.conf

4. (Optional) If you are supplying your own certificate files from a trusted CA, copy them to /etc/ssl/private/. Then edit the site file with the below command, and make the following changes to the existing lines. Otherwise go to step 5.

nano /etc/apache2/sites-available/subversion.bhap04.conf

Edit the lines to point to your supplied certificate files.

SSLCertificateFile /etc/ssl/private/filename-cert.pem
SSLCertificateKeyFile /etc/ssl/private/filename-key.pem
SSLCertificateChainFile /etc/ssl/private/filename-cachain.pem

5. Run command a2ensite subversion.bhap04.conf to enable the new site file.

image

6. Restart Apache to enable the site.

image

7. Open a web browser on a separate PC, and go to http://subversion.bhap04/svn/myproject and https://subversion.bhap04/svn/myproject

You should see the project folder with Revision 0 as below.

image

You are now done.

Notes:

1. You can disallow HTTP and require SSL by adding the line SSLRequireSSL to the /etc/apache2/mods_available_dav_svn.conf file.

2. Subversion supports other protocols besides HTTP and HTTPS. Do not use any of these other protocols because the ownership of the files will not be www-data user through these other methods.