In squeeze, the Apache LDAP module is already installed with the Apache common package. You just need to enable the module and configure.

1. Enable the LDAP module

a2enmod authnz_ldap


2. Add Auth config variables to the site or directory that should be password protected (ex. pico /etc/apache2/sites-enabled/000-default). In this example, the "/protected" relative location will be password protected. You can protect any Location or Directory using the same method.

<Location /protected>
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthName "Password protected. Enter your AD username and password."
AuthLDAPURL "ldap://{host_or_ip}/CN=Users,DC=example,DC=org?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "{username}@example.org"
AuthLDAPBindPassword {password}
Require valid-user
</Location>


Replace {host_or_ip} with the AD/LDAP server hostname or IP address. Change example.org to your domain. Enter username and password for a user that has access to the domain.

The last line, "Require valid-user" will allow any user in the directory to login. To allow only certain users, change that line to:

Require ldap-user user1 user2


To allow only users from a specific group, change "Require valid-user" to:

Require ldap-group CN={group},CN=Users,dc=example,dc=org


Replace {group} to the name of a group and type correct domain name instead of example.org.

3. Restart Apache

/etc/init.d/apache2 restart


This tutorial has been tested on Debian squeeze running on VMware ESXi 4.x but should work on all latest VMware hosts.

1. Install kernel headers and tools required to compile and install VMware tools:

apt-get install binutils cpp gcc make psmisc linux-headers-$(uname -r)


2. Mount the cdrom drive inside the guest server. Make sure you have mounted the VMware tools virtual cd from the host before moving on.

mount /dev/cdrom /mnt/


3. Extract VMware tools to the tmp directory:

tar -C /tmp -zxvf /mnt/VMwareTools-x.x.x-x.tar.gz


The filename depends on the host version.

4. We have already extracted the files to a temporary locations and the virtual disk isn't needed anymore. Unmount the virtual cd:

umount /mnt


5. Start the installation:

/tmp/vmware-tools-distrib/vmware-install.pl


Accept the defaults for every question. Make sure you're located inside the vmware-tools-distrib folder when executing the vmware-install.pl script or the installation may fail.

VMware tools is now installed and configured. If you're using X you may need to restart the machine or the X session to get all features working.

This tutorial has been tested and is working on Debian etch and lenny

1. Install the PowerDNS server and MySql backend using apt

apt-get install pdns-server pdns-backend-mysql


2. Create a new database (or use existing) and execute the following SQL queries to create the PowerDNS table structure:

create table domains (
id INT auto_increment,
name VARCHAR(255) NOT NULL,
master VARCHAR(128) DEFAULT NULL,
last_check INT DEFAULT NULL,
type VARCHAR(6) NOT NULL,
notified_serial INT DEFAULT NULL,
account VARCHAR(40) DEFAULT NULL,
primary key (id)
)type=InnoDB;
 
CREATE UNIQUE INDEX name_index ON domains(name);
 
CREATE TABLE records (
id INT auto_increment,
domain_id INT DEFAULT NULL,
name VARCHAR(255) DEFAULT NULL,
type VARCHAR(6) DEFAULT NULL,
content VARCHAR(255) DEFAULT NULL,
ttl INT DEFAULT NULL,
prio INT DEFAULT NULL,
change_date INT DEFAULT NULL,
primary key(id)
)type=InnoDB;
 
CREATE INDEX rec_name_index ON records(name);
CREATE INDEX nametype_index ON records(name,type);
CREATE INDEX domain_id ON records(domain_id);
 
create table supermasters (
ip VARCHAR(25) NOT NULL,
nameserver VARCHAR(255) NOT NULL,
account VARCHAR(40) DEFAULT NULL
);


3. Configure PowerDNS to use the MySql backend by adding this line into the configuration file (pico /etc/powerdns/pdns.conf)

launch=gmysql


4. Configure MySql login information for the PowerDNS server that can read from the tables you created earlier by adding lines similar to these (pico /etc/powerdns/pdns.d/pdns.local)

gmysql-host=127.0.0.1
gmysql-user=pdns
gmysql-password=password
gmysql-dbname=pdns


Replace the username, password and dbname with a valid login information and database name.

5. Restart PowerDNS

/etc/init.d/pdns restart


Now you should have a fully functional PowerDNS server installed. To manage the database (adding zones and records), consider using the Poweradmin web-based administration tool.

1. Add non-free archive to apt sources (pico /etc/apt/sources.list)

deb http://ftp.uk.debian.org/debian/ squeeze main non-free
deb-src http://ftp.uk.debian.org/debian/ squeeze main non-free


Add non-free behind main in both lines

2. Update the package list

apt-get update


3. Install Nikto

apt-get install nikto

4. Test the local web server

nikto -h localhost

Nikto also supports testing on different ports. Click here for Nikto usage information.

This tutorial has been tested to be working on Debian squeeze. It's assumed that you are installing one supermaster and one or more slaves that will sync with the master automatically.

On all servers

1. Install the PowerDNS server and MySql backend using apt

apt-get install pdns-server pdns-backend-mysql


2. Create a new database (or use existing) and execute the following SQL queries to create the PowerDNS table structure:

create table domains (
id INT auto_increment,
name VARCHAR(255) NOT NULL,
master VARCHAR(128) DEFAULT NULL,
last_check INT DEFAULT NULL,
type VARCHAR(6) NOT NULL,
notified_serial INT DEFAULT NULL,
account VARCHAR(40) DEFAULT NULL,
primary key (id)
)type=InnoDB;
 
CREATE UNIQUE INDEX name_index ON domains(name);
 
CREATE TABLE records (
id INT auto_increment,
domain_id INT DEFAULT NULL,
name VARCHAR(255) DEFAULT NULL,
type VARCHAR(6) DEFAULT NULL,
content VARCHAR(255) DEFAULT NULL,
ttl INT DEFAULT NULL,
prio INT DEFAULT NULL,
change_date INT DEFAULT NULL,
primary key(id)
)type=InnoDB;
 
CREATE INDEX rec_name_index ON records(name);
CREATE INDEX nametype_index ON records(name,type);
CREATE INDEX domain_id ON records(domain_id);
 
create table supermasters (
ip VARCHAR(25) NOT NULL,
nameserver VARCHAR(255) NOT NULL,
account VARCHAR(40) DEFAULT NULL
);


3. Configure PowerDNS to use the MySql backend by adding this line into the configuration file (pico /etc/powerdns/pdns.conf)

launch=gmysql


4. Configure MySql login information for the PowerDNS by adding lines similar to these (pico /etc/powerdns/pdns.d/pdns.local).

gmysql-host=127.0.0.1
gmysql-user=pdns
gmysql-password=password
gmysql-dbname=pdns


Replace the username, password and dbname with a valid login information and database name. Each DNS server in the cluster needs to have a dedicated local database.

On the master server

5. Allow zone transferes and enable master operation. (pico /etc/powerdns/pdns.conf)

allow-axfr-ips=10.0.0.2
disable-axfr=no
master=yes


6. Add a new zone

INSERT INTO domains (name, type) VALUES ('example.org', 'MASTER');
INSERT INTO records (domain_id, name, content, type, ttl, prio) VALUES (1, 'example.org', 'ns1.example.org hostmaster.example.org 1', 'SOA', 86400, NULL);
INSERT INTO records (domain_id, name, content, type, ttl, prio) VALUES (1, 'example.org', 'ns1.example.org', 'NS', 86400, NULL);
INSERT INTO records (domain_id, name, content, type, ttl, prio) VALUES (1, 'example.org', 'ns2.example.org', 'NS', 86400, NULL);
INSERT INTO records (domain_id, name, content, type, ttl, prio) VALUES (1, 'ns1.example.org', '10.0.0.1', 'A', 86400, NULL);
INSERT INTO records (domain_id, name, content, type, ttl, prio) VALUES (1, 'ns2.example.org', '10.0.0.2', 'A', 86400, NULL);


On the slaves

7. Enable slave operation (pico /etc/powerdns/pdns.conf)

slave=yes


8. Make the master server a supermaster for the slave. If supermaster is specified, all new zones will be added automatically to the slave when notified by the master.

INSERT INTO supermasters (ip, nameserver, account) VALUES ('10.0.0.1', 'ns2.example.org', '');


Assuming the master IP address is 10.0.0.1

On master and slaves

9. Restart PowerDNS

/etc/init.d/pdns restart


On the master

10. Trigger a notify

UPDATE records SET content = 'ns1.example.org hostmaster.example.org 2' WHERE type = 'SOA' AND name = 'example.org';


Increasing the serial will sync data from the master to the slave

Munin is a network/system monitoring application that presents output in graphs through a web interface. If you haven't installed it already, use this tutorial: Monitoring multiple servers with Munin.

Assuming you have both varnish and munin installed, here's a tutorial on installing a plugin for munin to monitor Varnish.

1. Install git-core to receive the plugin from github

apt-get install git-core


2. cd into the munin plugins directory

/usr/share/munin/plugins


3. Download the munin-varnish plugin

git clone git://github.com/basiszwo/munin-varnish.git


4. Set correct permissions

chmod a+x /usr/share/munin/plugins/munin-varnish/varnish_*


5. Link the plugin sections to the munin config

ln -s /usr/share/munin/plugins/munin-varnish/varnish_* /etc/munin/plugins/


6. Add these lines to the bottom of the munin-node config (pico /etc/munin/plugin-conf.d/munin-node)

[varnish*]
user root


7. Restart munin-node

/etc/init.d/munin-node restart


1. Install rkhunter

apt-get install rkhunter


2. Run rkhunter to check your server

rkhunter --check


The development of this interface specification was led by Intel Corporation and is supported by more than two hundred computer systems vendors including Dell, Hewlett-Packard, Intel, and NEC Corporation.

1. Install the ipmitool which is used to send commands and receive information from the management interface.

apt-get install ipmitool


2. Use this command to send and receive information to a remote server

ipmitool -H {ip_address} -U {username} -a {ipmi_command}


You can also skip the "-a" parameter (which makes ipmitool prompt for a password everytime) and add "-P {password}" to avoid the password prompt.

Here are some examples of useful commands

Get hardware status (including hardware failures and power status)

ipmitool -H {ip_address} -U {username} -a chassis status


List all sensor values (including temperature, fan speed, voltage and more)

ipmitool -H {ip_address} -U {username} -a sensor list


Print system event log

ipmitool -H {ip_address} -U {username} -a sel list


Check if your server is on or off

ipmitool -H {ip_address} -U {username} -a chassis power status


Power off the server (soft shutdown via ACPI)

ipmitool -H {ip_address} -U {username} -a chassis power soft


Power off the server (hard)

ipmitool -H {ip_address} -U {username} -a chassis power off


Start the server

ipmitool -H {ip_address} -U {username} -a chassis power on


Restart server (hard)

ipmitool -H {ip_address} -U {username} -a chassis power reset


1. Install vsftpd

apt-get install vsftpd


2. Configure (pico /etc/vsftpd.conf)

By default, vsftpd only allows anonymous connections. Change the following config variables to enable local users to connect, allow writing and chroot users to home directories.

anonymous_enable=NO
local_enable=YES
write_enable=YES
chroot_local_user=YES


3. Restart vsftpd

/etc/init.d/vsftpd restart


It's assumed that you have already installed and configured Postfix according to this tutorial:
Installing Postfix with MySql backend and SASL for SMTP authentication

1. Install required packages

apt-get install dovecot-imapd dovecot-pop3d


2. Configure Dovecot (pico /etc/dovecot/dovecot.conf)

mail_location = maildir:/home/vmail/%d/%n
auth default {
passdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
userdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
}
disable_plaintext_auth = no
user = vmail


Add or edit the above properties and leave everything else with the default value or configure according to your needs

3. Configure the MySql connector (pico /etc/dovecot/dovecot-sql.conf)

driver = mysql
connect = host=127.0.0.1 dbname={database} user={username} password={password}
default_pass_scheme = CRYPT
password_query = SELECT email as user, password FROM users WHERE email = '%u'
user_query = SELECT CONCAT('/home/vmail/',SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') as home, '5000' as uid, '5000' as gid FROM users WHERE email = '%u'


{database} = MySql database name
{username} = MySql username
{password} = MySql password

4. Restart Dovecot daemon

/etc/init.d/dovecot restart