Torqzone

Abstract

This article will explain how to install subversion server and client utilities, how to setup a repository on the server and how to use this repository on a client. It will not delve deep into the workings on subversion, rather it is an administration manual. The instructions mentioned here are performed on openSuse 10.3, however they should be similar for other platforms.

Install Subversion

Subversion comes with openSuse 10.3, to install it fire up yast (yast2) and search for subversion in the software management.

After the packages are installed we need to configure the svnserve daemon to run as we want it.

I like to keep my repositories on the /home partition, so we will need to remove the default path for repositories, which svnserve provides by default. The config file is located at /etc/sysconfig/svnserve and after the changes it should look like the screenshot below.

Note how there is no default directory in the configuration file. The reason for this is I personally do not like to keep repositories on /srv/ because usually this is the root of the system and we could later have storage problems.

Create the user and group

Now, we need to create the svn group and svn user. This is done through yast security and users section. You will need to assign the user svn a default group svn, so that normal users will not have access to the repository directly and you can set permissions with more flexibility later (if needed). In the end you should have a user svn and a group svn. Please allow user login for the time being (do not put /bin/false as the shell). For example sake we will su to the svn user in the next section.

Create a sample repository

Now we can su to the user svn and navigate to his home directory and create some directory for our new repository. I have chosen to create sample_repository directory.

Navigate inside and type

svnadmin create .

This will create the repository and all the files that are needed to support it. The most important ones are in the conf directory. Open svnserve.conf and check the options. They should be pretty self explanatory,the most important part is to remove all spaces from the left side of the file, else the repository will not work. Below is the proposed sample configuration

Next you need to configure access to the repository for specific users. This is done through the passwd file. The syntax is very basic. I have added a sample_user and my passwd file looks like this:

After this the repository should be accessible from the client machine.

Client Setup

For the client the only options, that need to be setup are the url and the user name and password. The url in my case would be:

svn://IP/home/svn/sample_repository

For more information on setting up the client see the attached video or read the manual for a particular svn client (there are too many to discribe here).

svnserve video appleTV, xbox360

Windows Media Video format

Source .mov file (requires apple animation codec to play) - highest quality

Abstract

DenyHosts is a small application, which blocks IP addresses, which abuse SSH. This helps alot of you are being brute forces on the SSH but some hijaked bot computer. I am sure everyone saw this in their log files. This article explains how to install DenyHosts and configure it.

Not supplied by default

Unfortunately openSuSE 10.3 does not come with DenyHosts be default, so a repository needs to be added in order to include it.  Navigate to http://packages.opensuse-community.org/ and choose 10.3 as your version, then enter denyhosts. The result should be the following:

There you see this one click install button, which is useful only if you are running openSuSE 10.3 on your desktop. I, for one, am running Vista, so I opened this file with a text editor and found the XML tag called <url>. This is the only data we will need from this file:

Once you found the url tag, log on to your linux box as root and start up YaST (yast2). Then go to  software repositories menu (in the Software section). From there select add and choose the HTTP type. After this a confusing window appears, which does not say anything about slashes and directories. You need to fill it up like so:

Now, just click finish and agree to any question YaST might have for you. Since this is one of the official repositories you are perfectly safe with trusting the key.

Installation

Now, you can navigate the the Software Management menu (in the Software section) and search for denyhosts. You should get one result, please install it. After that you should have (please check) the init script in /etc/init.d named denyhosts and the config file in /usr/share/denyhosts named denyhosts.cfg.

Configuration

Denyhosts comes preconfigured and the only thing that you probably want to change is the email address for report sending. The parameter name for this is ADMIN_EMAIL. Other parameters are very well commented.

After this, you can start up the daemon using /etc/init.d/denyhosts start. In a while you will get a report of the IPs, that were already banned (it parsed the existing log file). Additionally you will be receiving constant updates when some IP is banned.

Abstract

This article explains how to configure your name servers and assign domains names to your server using GoDaddy as your registrar and openSuSE operating system. The procedure is similar for other registrars and operating systems, so if you understand each step you will be able to perform this operating on a number of operating systems.

 

Step 1 – Reverse DNS (RDNS) Setup

 

Reverse DNS is configured by your hosting provider. Torqhost sets the RDNS for you upon request.

Before you request RDNS setup, you should have chosen a domain name which will be used in conjunction with the RDNS service. We will use torqhost.info for this purpose.

First we registered torqhost.info at GoDaddy, then we configured RDNS for 2 of our servers. It is a tradition and good habit to give those servers explanatory names, so we used ns1.torqhost.info and ns2.torqhost.info as respective names for the server machines.

 

Step 2 – Add Custom Name Servers to GoDaddy

 

This is an important step, as here you will need to register your name servers (ns1.torqhost.info and ns2.torqhost.info) at GoDaddy, so they know which IP translates to which host. For this you need to click on the domain and scroll a bit to the bottom of the page. You will see a screen like this:

 

You need to look at host summary. For our domain this info is filled, but you will need to click Add. And enter your dedicated name (for us it is ns1.torqhost.info) and an IP address (one is sufficient).

 

After the name servers are registered, you need to assign them to your domain. For this you click the name servers button in the menu and it takes you to a screen like this:

Click OK and it will save. Note, that it could take a couple of days until all this information is applied.

Step 3 – Configuring your domain name on the NS1 server.

You need to login into your Linux server and open up YAST utility (type yast2). And then go to Network Services section and search for DNS configuration. If you see a screen like the one below you do not have this module installed.

 

In this case go to Software -> Software Management, locate yast-dns-server package as shown below and install that. It will prompt you to install any dependencies (including the DNS server itself if it was not installed yet). The DNS server used in openSuSE is bind. This is a popular DNS server and is used on most of the Linux hosts on the internet.

After the installation restart yast and navigate to network services and we will continue with the configuration.

After the installation you should see DNS Server option in the Network Services section. Go There.

 

Network Services – DNS Server

In the first step – forwarders you do not need to enter anything. Simply click next. In the forwarders section you do not need to setup anything, please go to the next step right away.

 

Then click next and you will see a summary screen. Choose an option to start the DNS server at start-up for it to work automatically. If you click finish your domain will be configured and it will be ready for use. This might not be enough, however, as you would like to set additional sub domains like www.torqhost.info and probably a mail server record (MX record). To do this, go to the expert settings. Then go to DNS Zones and select the Zone, you just entered. For us it is torqhost.info and then select edit from the menu on the right.

You will see a screen letting you set additional options for your zone.

We will concentrate on 3 sections here: NS Records, MX Records and Records. NS Records are your name servers (ns1 and ns2), enter them into the window. Simply enter the names, not IP addresses. After you are done it should look similar to this:

 

Now move on to the MX section. These are the records for your mail servers. Mail administration is a complex topic and it will be discussed elsewhere, now, however enter the name (commonly used mx) and the respective IP address. Since we will be using the main server (ns1) for mail, the IP address we enter corresponds to the IP address of the ns1 server.

 

The next step is records. Here, you will define sub domains for your main domain. At first you need to define the ns1, ns2 and mx records. Please enter the addresses you entered a GoDaddy here.

Next, as a sample we will add the www sub domain and the main domain itself (torqhost.info).

In the end, the screen should look similar to this:

 

After this save everything and return to the command line. We shall use dig utility, that comes with the DNS server. To check for the www.torqhost.info we need to type

dig @localhost www.torqhost.info

The result should show all IP addresses, as well as name servers (ns1 and ns2) and their respective addresses.

 

What has been done so far – details.

 

So at this point, we have configured our name server number 1 (called master). We entered all IP addresses and configured sub domains, as well as an MX record.

YAST – What did it do? What if I have a different OS?

Behind the scenes YAST basically modified a couple of files for us. The first file is /etc/named.conf. This is a primary name server configuration file. If we open it and move down, we will see, that a new zone was added. It shows, that this server is master and allow transfer is set to all (meaning any server can act as a second, third and so on name server. You may want to change that later).

But where are all those sub domain records? They are stored in master/torqhost.info in our /var directory. This is a common approach to do it like this and you will find this layout in many Linux operating systems, not just SuSE. Open up /var/lib/named/master/torqhost.info file. Here you see all those records, that were entered in YAST management. Basically all values should be self explanatory if you have been following this article. The A tags mean, that this is an address. It is recommended to use A whenever possible, because it links directly to an IP address of the machine and no other name resolution is required.

 

Step 4 – Slave server

Ok, so for now we were working with the master server and now the secondary server needs to be configured. To do this, log onto the secondary name server (ns2). And open up YAST once more. Also, navigate to network services -> DNS server.

In the forwarders screen you do not need to enter anything, simply press next to proceed to the zone screen.

 

In the Zones section enter torqhost.info, similarly as in the master server, but in the type option select slave (previously you didn’t select anything as master was the default option). After that click add.

 

In the expect configuration navigate to DNS Zones and click edit on the zone you just entered. Now you will see a completely different screen. There are no additional configuration (such as mx, ns and sub domains). This is because slaves can get this info from the master server, so you do not need to enter it twice. Enter the correct IP of the master server.

After this click OK and save everything. You can also test the configuration using the dig utility.

If you take a look at the /etc/named.conf you will see a lightly different zone configuration here. Mainly because the type is slave and there is a master specified.

Also, the file location where all the sub domains and other records are stored is now /var/lib/named/slave/torqhost.info (if this file does not exist yet you can restart bind (/etc/init.d/named restart) or wait. It does not necessarily happen instantaneously). In the file you will see the same records as on the master server (with some modifications indicating this is not the master server).

After this you should be set. In a few hours (zone configuration needs to propagate and it could take up to 48 hours) you could setup a web server for the domain and using it.

Please refer to our other sections for more information on how to setup additional services.