Install WEB server (LAMP) on Ubuntu with Firewall, Phpmyadmin and Firewall

Install WEB server (LAMP) on Ubuntu with Firewall, Phpmyadmin and Firewall



Installing LAMP server

  1. Update source
    apt-get update
  2. Install Vim
    apt-get install vim
  3. Install tasksel
    apt-get install tasksel
  4. Install LAMP (with tasksel)
    • type
      tasksel
    • select LAMP and install
  5. Install phpmyadmin
    apt-get install phpmyadmin
  6. Install vsftpd
    apt-get install vsftpd

    Type

    vim /etc/vsftpd.conf

    Write into file

    chroot_local_user=YES
    	service vsftpd restart

Setting up firewall with iptables

————————————-

  1. Create firewall file
    vim /etc/firewall.sh

    Write firewall rules inside file

    #!/bin/sh
    
    IPT="/sbin/iptables"
    
    # Allow outgoing traffic and disallow any passthroughs
    $IPT -P INPUT DROP
    $IPT -P OUTPUT ACCEPT
    $IPT -P FORWARD DROP
    
    $IPT -A OUTPUT -j LOG
    $IPT -A INPUT -j LOG
    $IPT -A FORWARD -j LOG
    
    $IPT -F
    $IPT -X
    $IPT -t nat -F
    $IPT -t nat -X
    $IPT -t mangle -F
    $IPT -t mangle -X
    
    # Allow traffic already established to continue
    $IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    
    # Allow ssh, dns, ldap, ftp and web services
    #$IPT -A INPUT -p tcp --dport ssh -i eth0 -j ACCEPT
    #$IPT -A INPUT -p tcp --dport domain -i eth0 -j ACCEPT
    #$IPT -A INPUT -p tcp --dport ldap -i eth0 -j ACCEPT
    #$IPT -A INPUT -p udp --dport ldap -i eth0 -j ACCEPT
    #$IPT -A INPUT -p tcp --dport ftp -i eth0 -j ACCEPT
    #$IPT -A INPUT -p udp --dport ftp -i eth0 -j ACCEPT
    #$IPT -A INPUT -p tcp --dport ftp-data -i eth0 -j ACCEPT
    #$IPT -A INPUT -p udp --dport ftp-data -i eth0 -j ACCEPT
    $IPT -A INPUT -p tcp --dport 80 -i eth0 -j ACCEPT
    $IPT -A INPUT -p tcp --dport 443 -i eth0 -j ACCEPT
    #$IPT -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
    
    # Allow local loopback services
    $IPT -A INPUT -i lo -j ACCEPT
    
    # Allow all from and to Boomerang
    #WEB
    $IPT -A INPUT   -j ACCEPT -p all -s 217.113.4.192/28
    $IPT -A INPUT   -j ACCEPT -p all -s 217.113.16.64/28
    #Bionet
    $IPT -A INPUT   -j ACCEPT -p all -s 91.196.38.240/28
    #local Networks
    $IPT -A INPUT   -j ACCEPT -p all -s 10.1.0.0/23
    $IPT -A INPUT   -j ACCEPT -p all -s 192.168.0.0/24
    
    # allow certain inbound ICMP types (ping, traceroute..)
    $IPT -A INPUT -i eth0 -p icmp --icmp-type destination-unreachable -j ACCEPT
    $IPT -A INPUT -i eth0 -p icmp --icmp-type time-exceeded -j ACCEPT
    $IPT -A INPUT -i eth0 -p icmp --icmp-type echo-reply -j ACCEPT
    $IPT -A INPUT -i eth0 -p icmp --icmp-type echo-request -j ACCEPT
  2. Make file executable
    sudo chmod +x /etc/firewall.sh
  3. Enable IPTables to load on system boot
    echo "pre-up /etc/firewall.sh" >> /etc/network/interfaces
  4. Make Firewall flush Script
    vim /etc/firewall_flush.sh

    Write firewall rules inside file

    #!/bin/sh
    echo "Flushing iptables rules..."
    sleep 1
    iptables -F
    iptables -X
    iptables -t nat -F
    iptables -t nat -X
    iptables -t mangle -F
    iptables -t mangle -X
    iptables -P INPUT ACCEPT
    iptables -P FORWARD ACCEPT
    iptables -P OUTPUT ACCEPT

Backup Management

  1. Create user
    adduser baskupuser
  2. create backup.sh Script
    vim /home/baskupuser/Backups/Scripts/backup.sh
  3. Write into file
    #!/bin/sh
    #########################
    # Backup Hosting Server.#
    #########################
    
    # What to backup. 
    backup_files="/home"
    
    # Where to backup to.
    dest="/home/baskupuser/Backups"
    
    # Create archive filename.
    day=$(date +%A)
    hostname=$(hostname -s)
    archive_file="$hostname-$day.tgz"
    
    # Print start status message.
    echo "Backing up all MySQL Databases to /home/MySQL_Backups/MySQL-data-$day.sql.gz"
    date
    echo
    
    # Backup all MySQL databases
    mysqldump -u root -pSQLPASSWORD --all-databases | gzip > /home/MySQL_Backups/MySQL-data-$day.sql.gz
    
    # Print start status message.
    echo "Backing up $backup_files to $dest/$archive_file"
    date
    echo
    
    # Backup the files using tar.
    tar czf $dest/$archive_file  --exclude baskupuser $backup_files
    
    # Print end status message.
    echo "----------------"
    echo "Backup finished"
    date
    
    # Long listing of files in $dest to check file sizes.
    ls -lh $dest
    
    echo
    echo "=============================================================================="
    echo
    
  4. Makeing file executible
    sudo chmod +x /home/baskupuser/Backups/Scripts/backup.sh
  5. Create /home/MySQL_Backups folder
    mkdir /home/MySQL_Backups
  6. Adding cron job
    crontab -e

    Write into file

    # Daily run backup script.
    	0 0 * * * sh /home/baskupuser/Backups/Scripts/backup.sh >> /home/baskupuser/Backups/Scripts/backup.log
    

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>