HOWTO : NTop on Ubuntu 9.04 Server

Install NTop to monitor all the traffic of your machines in your network.

Step 1 :

sudo apt-get install ntop rrdtool

Step 2 :

Set the admin password.

sudo ntop -A

Step 3 :

sudo ntop -d -L

You can add to the /etc/rc.local to make it execute when boot up automatically.

Step 4 :

Access ntop at http://ip_address_ntop:3000


HOWTO : WebDAV on Ubuntu 9.04 Server

WebDAV is a file manager that running on web server. You can access it like on your desktop. Easy and enjoyable.

Install Ubuntu 9.04 server as usual and select LAMP and OpenSSH when asked for choice. You can also install vsFTPd if you want to but it is optional.

Step 1 :

sudo a2enmod dav_fs
sudo a2enmod dav
sudo a2enmod dav_lock

sudo /etc/init.d/apache2 restart

Step 2 :

To create a virtual host for the WebDAV.

sudo mkdir -p /var/www/webdav
chown www-data /var/www/webdav

sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/webdav

sudo nano /etc/apache2/sites-available/webdav

Make the a portion of the file as the following :

DocumentRoot /var/www/webdav
<Directory /var/www/webdav/>
   Options Indexes FollowSymLinks MultiViews
   AllowOverride None
   Order allow,deny
   allow from all
<Location />
   DAV On
   AuthType Basic
   AuthName "webdav"
   AuthUserFile /var/www/.passwd.dav
   Require valid-user
   DavMinTimeout 600
      Require valid-user

Step 3 :

sudo htpasswd -c /var/www/.passwd.dav samiux

chown root:www-data /var/www/.passwd.dav
chmod 640 /var/www/.passwd.dav

suod chmod -R 0777 /var/www/webdav
sudo chown www-data:www-data /var/www/webdav

sudo /etc/init.d/apache2 restart

Step 4 :

To test if WebDAV owrks or not.

sudo apt-get install cadaver

sudo cadaver http://localhost/

If you got “dav:/” prompt, enter “quit” to quit. Otherwises, fix the problem.

Step 5 (Windows only) :

Download NetDrive at and set it accordingly. The port should be 80.

Now you can access your WebDAV server from Windows.

Step 6 (Ubuntu only) :

Go to “Place” > “Connect to Server“. Select “WebDAV (HTTP)“. Enter the IP of your WebDAV server and then press “Connect“. Submit the username and password. An icon will be displayed on your desktop. Double click it and go.

Now you can access your WebDAV server from Ubuntu.

That’s all!

If you open the OpenOffice files on the WebDAV by clicking, you can only open it in read only mode. However, there is method to overcome this problem. You open OpenOffice Write (for example), click the “Open file” and at the “Name of file” enter the following :

Now you can edit and save it on WebDAV.


For better performance (such as the speed that pasting files on the WebDAV), please fine tune your server as the following :

Performance tuning


Make sure you have disabled the default site at Apache.

sudo a2dissite default

When you upload files by FTP, make sure you change the ownership of the files.

sudo chown -R www-data:www-data /var/www/webdav

HOWTO : Cacti on Ubuntu 9.04 server


Cacti is a graphical network traffic analysis system based on Apache, PHP, MySQL, SNMP and RRDTool. It can monitor the machines in your network.

To install Cacti on Ubuntu 9.04 is very easy and straight forward.

Step 1 :

Install Ubuntu 9.04 server as Cacti server. Select LAMP and OpenSSH during the installation. For example, the IP of the Cacti server is

Step 2 :

sudo apt-get install cacti

Step 3 :

At the client side (any machine or server in your network that to be monitored), it should be Ubuntu server or debian server. For other distributions, please use the related command to install snmpd accordingly.

sudo apt-get install snmpd

Step 4 :

sudo nano /etc/snmp/snmpd.conf

Add the following lines to the related sections :

com2sec notConfigUser public
access notConfigGroup "" any noauth exact all none none

Save it and exit. Then restart the snmpd.

sudo /etc/init.d/snmpd restart

Step 5 :

At the browser, enter the address as the following :

User name and password are “admin“.

Accept the default settings.

Add the machine(s) that you want to monitor on the screen.

Step 6 :

Wait for the graphical charts to generate.


HOWTO : Install Proxmox VE 1.3 on debian 5.01 (Lenny) AMD64

Since disk image of Proxmox VE 1.3 cannot install to my RAID 5EE or 6 hard drive space that larger than 2TB. I have a 3.6TB RAID 5EE hard storage. Therefore, I install it by packages on debian Lenny AMD64.

Installation of debian

Download the netinstall disk image of debian 5.01 (Lenny) AMD64 (should be AMD64, others are not suitable) and install to the server as is. Make sure you choose the entire disk with LVM. At the end of installation, you will be asked to select which services or servers to be installed. You just select "Base Standard" only.

Installation of Proxmox VE

Step 1 :

Log in the debian server as root and edit the following file.

nano /etc/apt/sources.list

Add the following line at the end of the file.

deb lenny pve

Get and install the repository key.

wget -O- "" | apt-key add -

Update the repository and system.

apt-get update
apt-get upgrade

Step 2 :

Install Proxmox VE kernel.

apt-get install pve-kernel

Then, edit the following file when need.

nano /boot/grub/grub.cfg


Delete the debian official kernel and image. Then issue the following command.


Reboot debian server and make sure you select the PVE kernel when boot at the Grub Menu.

Step 3 :

Log in debian server as root and issue the following commands.

apt-get install proxmox-ve ntp postfix pve-manager

Connect to Proxmox VE web interface.



Step 4 :

Configure the vmbr0 interface at "System", "Network".

Configure bridge vmbr0

IP Address : # your debian server's IP
Subnet Mask :
Gateway : # your router or gateway's IP

Reboot your debian server.


HOWTO : IPython for Python programming on Ubuntu

The current IPython is for Python 2.5 at this writing.

Install IPython as your Python programming environment.

sudo apt-get update
sudo apt-get install python-setuptools

sudo easy_install IPython

Once IPython is installed, you can run it as the following :


Type quit() to quit.

HOWTO : Security enhanced your Ubuntu 9.04 LAMP server with AppArmor

Step 1 :

Check if AppArmor is enabled or not. And make sure MySQL profile is enabled too.

sudo apparmor_status

Step 2 :

Create a profile of Apache2.

sudo aa-genprof apache2

sudo nano /etc/apparmor.d/usr.sbin.apache2

Add the following lines within ^DEFAULT_URI bracket.

/usr/sbin/suexec2 rix,
/usr/share/apache2/** r,
/var/log/apache2/** rwl,
/var/xoops/** r,
/var/www/xoops/** r,

Step 3 :

Put the profile in complain mode.

sudo aa-complain /etc/apparmor.d/usr.sbin.apache2
sudo /etc/init.d/apache2 restart

Step 4 :

After running the XOOPS for a while, we can update the profiles.

sudo aa-logprof

When the prompt ask for your selection, choose “A (Add)” to add a rule to the profiles. Save the file at the end of the process.

You can repeat this step when necessary.

Step 5 :

After running the XOOPS for a longer time and found no error, you can make the profile in enforce mode. Before doing so, make sure you have conducted the Step 4 once more.

sudo aa-enforce /etc/apparmor.d/usr.sbin.apache2
sudo /etc/init.d/apache2 restart

Step 6 (Optional) :

If you encounter any error, you can disable the profile.

sudo ln -s /etc/apparmor.d/usr.sbin.apache2 /etc/apparmor.d/disable/
sudo apparmor_parser -R < /etc/apparmor.d/usr.sbin.apache2
sudo rm /etc/aparmor.d/disable/usr.sbin.apache2

Reference :
(1) Ubuntu Documentation (AppArmor)
(2) Introduction to AppArmor
(3) Share your profiles
(4) AppArmor support threads

HOWTO : Make your Apache to use SSL

Step 1 :

sudo a2enmod ssl

Copy the default-ssl to the name as your current XOOPS domain, e.g.

sudo cp /etc/apache2/sites-available/default-ssl /etc/apache2/sites-available/

sudo nano /etc/apache2/sites-available/

Do not change anything inside but except the following :

DocumentRoot /var/www/xoops
ServerName # add this line under DocumentRoot
<Directory /var/www/xoops>

Step 2 :

sudo nano /etc/apache2/sites-available/

Make sure you enabled rewrite module as at previous HOWTO. Add the following inside the mod_rewrite.c bracket.

RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R]

Step 3 :

Open your browser and go to your site and login as admin. Enable SSL and add the SSL URL as at the Preferance.

sudo nano /var/www/xoops/mainfile.php

Change your domain name and path as

Step 4 :

sudo a2ensite

sudo /etc/init.d/apache2 restart

HOWTO : SSH to use RSA key for login

ssh-keygen -t rsa -b 2048


ssh-keygen -t rsa -b 4096

“Enter file in which to save the key (/home/samiux/.ssh/id_rsa): (Hit Enter)”

Press “Enter”

“Enter passphrase (empty for no passphrase):”

Enter your password twice.

nano /home/samiux/.ssh/

Copy the content.

SSH to your server. At the username directory.

sudo mkdir .ssh

sudo nano /home/username/.ssh/authorized_keys

Then pasted the previous copied key onto the authorized_keys file. Save it.

Still at the server.

sudo nano /etc/ssh/sshd_config

Change the following settings as is.

AuthorizedKeysFile %h/.ssh/authorized_keys
IgnoreUserKnownHosts yes
PasswordAuthentication no
#UseLogin no
UsePAM no

sudo /etc/init.d/ssh restart

When you login to the server again, you will ask for your RSA key passphrase once. Later, you will not be asked for any passphrase or password.

HOWTO : Almost a perfect and secure Ubuntu 9.04 LAMP server

If you want to build a production LAMP server with Ubuntu 9.04 and hosting a Content Management System (CMS) such as XOOPS, you can follow the following steps to make your server almost perfect and secure. You are recommended to install a commercial or DIY Unified Threat Management System (UTM) for your network or server. If not, at least enable firewall and open necessary ports only as well as block any unwanted traffic.

However, we cannot proof that you are away from any attacks even you hardening your server with the following procedure and equipped with UTM. Be alert!

LAMP and XOOPS (the CMS)
Install XOOPS on Ubuntu 9.04 Server with security modules

Make your Apache to use SSL

Hardening your server in active and passive ways

Security enhanced Ubuntu 9.04 LAMP server with AppArmor

Secure your Ubuntu 9.04 server in a passive way

Make sure no rookit on your Ubuntu 9.04 server

Fail2ban on Ubuntu 9.04 server

SSH to use RSA key for login

Logwatch on Ubuntu 9.04 Server

vsFTP install on Ubuntu 8.04.1 server (but it is same as on Ubuntu 9.04)

System and PHP tuning
PHP and Apache tuning on Ubuntu 8.04.1 server (but it is same as on Ubuntu 9.04)

Ubuntu system performance tuning

Rebootless on Ubuntu 9.04
Rebootless on Ubuntu 9.04

Making a secure Ubuntu 9.04 server is very easy and almost without a cent.

Give no chance to intruders!!

HOWTO : secure your Ubuntu 9.04 server in a passive way

Root account access warning

Add the following to the top of the file /root/.bashrc and you will be informed by email when the root account is being accessed.

echo -e "Root Shell Access on `tty` \n `w`" | \ mail -s "Alert: Root Access"

Hardening SSH

The official port of SSH is 22. You can change it to any port that between 1024 and 65535. You can do it at the router or firewall and you can do it at the configure file of SSH at /etc/ssh/sshd_config. You are recommended to disable the root account login via SSH even you are using Ubuntu.

Port 65535
PermitRootLogin no

sudo /etc/init.d/sshd restart

Finally, enable firewall and only allow necessary ports to be access.