COIT20266 Week 1 Systems Security Administration
Base Server Installation [1]
COIT20266 – Systems Security Administration
Base Server Installation
This guide steps us through the download and installation processes for VirtualBox and a minimal
virtual base Ubuntu Server. The guide is based on the Windows operating system as most
students use Windows. However a growing number are using one of the MacOS’s. We should be
able to use any operating system supported by VirtualBox.
Assumptions
The installation process requires a PC connected to a small private network that provides access to
the Internet. The network should provide automatic IP address configuration via DHCP or similar.
There is a prerequisite in place for this course which requires us to have a good understanding of
Networks and network addressing. Any issues relating to these requirements should be raised on
the course forum.
Virtual Box
* VirtualBox (www.virtualbox.org) – virtualisation software which allows us to install and run
operating systems on top of other operating systems.
Downloading
Download the binary install file that matches our host Computer from the main VirtualBox
website:
www.virtualbox.org
Select the download link on the main page and then the binary download link.
Editor: The versions listed here may be out of date. In general you should download the latest
version of binaries.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [2]
The Windows VirtualBox-4.2.6-82870-Win.exe file was 95 MB. Latest versions may be bigger.
Installing
Run the downloaded installation file accepting all the default settings.
This is a very simple install process for Windows. We may be asked to install device software as
part of the installation; we can safely trust “Oracle Corporation” and must install these. The
device software allows VirtualBox to access the host hardware (network cards, usb ports etc).
If any problems are encountered during the install, please provide a detailed description of the
problem on the course forum.
We should see the above when we run VirtualBox after a successful install.
Before creating a new virtual machine we first need to download the Ubuntu Server image.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [3]
Ubuntu Server
* Ubuntu Server (www.ubuntu.com/business/server/overview,
help.ubuntu.com/12.04/index.html) – a Linux based operating system.
Downloading
The Ubuntu Server image is 645 MB in size. It is worthwhile to check if our
Internet Service Provider offers a free mirror service for Linux images and updates. All service
providers are different, so we will have to check this for ourselves. Internode, iiNet, Westnet and
Bigpond all appear to offer free download mirrors – check the details of these as they are subject
to conditions and changes.
A list of Official Mirrors for Ubuntu can be found at the following link:
launchpad.net/ubuntu/+cdmirrors
If we want to download when on campus, it is best to use AARNet, which provides the major
network link between Universities in Australia. AARnet will be used in the examples in this
document.
The AARNet Mirror can be found at the following link:
mirror.aarnet.edu.au/pub/ubuntu/releases
We should see a directory listing similar to the one shown on the next page:
COIT20266 Week 1 Systems Security Administration
Base Server Installation [4]
We want to download the Ubuntu 12.04 Server image so select the 12.04 link:
mirror.aarnet.edu.au/pub/ubuntu/releases/12.04/
Scroll down until we see the ubuntu-12.04.1-server-i386.iso link and select it. Note that the .1
may change to a larger number – this is what is called a point release and is the 12.04 server with
additional updates applied. Make sure the server version is selected for download.
The download should start – remember it is around 645 MB so will take a while.
There is a torrent link available if that is preferred. However, it is usually easier to download the
iso file directly.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [5]
Installing
To install the Ubuntu Server ‘inside’ VirtualBox we need to first create a new virtual machine. So
start up VirtualBox and select the ‘new’ button.
This will start the New Virtual Machine Wizard. Follow along with the screen dumps below,
reading any comments below them, selecting [Next] after changing any required settings.
Use the same name etc. as provided in the screen dumps. This will help if there are any problems
later on in the install process.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [6]
We don’t need a huge amount of memory for our server. Suggested size: 512 MB. This reduces
the requirements of the host computer as well.
We need to configure our Virtual Hard Disk differently from the default settings provided by the
Wizard, so check the ‘Do not add a virtual hard drive’ Hard drive option. We will create our own
shortly.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [7]
We will create our own shortly so select [Continue].
Our ’empty’ virtual base server.
Now we will go through all of the settings for our Base Server and make any changes needed. So
select the [Settings] button.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [8]
Comments will be added below if any changes are required from the defaults. Check that all our
settings match those shown in the screen dumps below.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [9]
Note that the “Snapshot Folder” shown in the above [Advanced] section is different from the
default – please leave them as the default which will be in our User directory. Nothing needs to be
changed here.
During the course, we will create a number of virtual machines – we can add a description here if it
helps us keep track of our different virtual machines.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [10]
Note that the ‘Floppy’ has been deselected and moved down below the Hard Disk – make the
same changes. On more recent versions of VB the CD/DVD-ROM drive may be called “Optical
drive” – it’s the same thing.
The default options should be the same as shown above.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [11]
We won’t be installing a graphics environment on our server so we don’t need any video
acceleration, but bumping the Video Memory from 12 to 16 MB doesn’t hurt, or accept the
default if it’s over 16MB.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [12]
We are not using a graphics environment so we won’t have a Desktop to remote into.
We need to make a number of changes to the Storage for our server so the above is just showing
the defaults – we need to change these as outlined below.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [13]
Select the IDE Controller – this is just like the real thing, in this case it has a CD drive attached. No
change required.
Now select the SATA Controller – again this is just like the real thing but we don’t want it. So with
the SATA Controller selected click the small icon below it that has the red minus sign on it.
Remove Controller (Del)
COIT20266 Week 1 Systems Security Administration
Base Server Installation [14]
This deletes the SATA Controller.
Now we want to ‘insert’ the Ubuntu Server image (iso), that we previously downloaded, into our
CD so we can install from it. So select the Empty CD icon in the Storage Tree and then select the
small CD image in the Attributes area (it’s to the right of the CD/DVD Driver drop down list. Select
the ‘Choose a virtual CD/DVD disk image…’ option and browse to and select the ubuntu-12.04-
server-i386.iso image that we downloaded earlier. [Review the screen dumps below first, if that is
a little confusing.]
We should end up with something like the above.
We now have the install CD in our virtual CD drive ready to do the install. However we still don’t
have a hard drive to install the Ubuntu Server onto, so we need to add one.
To add a hard drive, select the small icon that has the green plus sign on it.
Add Controller (Ins)
COIT20266 Week 1 Systems Security Administration
Base Server Installation [15]
Select the ‘Add SCSI Controller’ option.
We should now have the above storage configuration – check the ‘Use host I/O cache’ option to
improve our virtual SCSI Controller performance.
We still don’t have a virtual disk drive so let’s add one.
With the SCSI Controller selected, select the ‘Add Hard Drive’ button:
Add Hard Disk
Select [Create new disk] when prompted.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [16]
We want to create a new VDI (virtual disk image).
COIT20266 Week 1 Systems Security Administration
Base Server Installation [17]
We will use Dynamic allocated storage so our virtual disk only takes up as much physical disk
space as required.
Use the name as shown – BUS_DISK_1 (Base Ubuntu Server Disk 1) which will help later when
additional disks are created and if discussing a problem it will be easier to understand the
configuration. Ensure the disk size is set to 2.00 GB – this is important for later.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [18]
Create the new virtual disk.
Check that we have similar settings to the above. Note that the Location should be different as it
should default to our User path.
Finally we have a virtual disk drive to install our Ubuntu server onto.
Before we start the install we need to finalise the rest of our settings.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [19]
Audio defaults are okay.
The default NAT style network adapter is not what we want for this course. Select the dropdown
list and choose ‘Bridged Adapter’.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [20]
The Name field will likely be different on each of our computers. Make sure it is the name of the
main network card that is connected to the Internet (this may be a wireless card). Nothing else
needs to be changed here for now. We will be adding additional adapters later, but for now we
need to leave this as shown.
We are not interested in Serial Ports so leave as default.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [21]
We are not interested in USB Devices, so leave as default.
We will not use VirtualBox Shared Folders as we will be implementing file sharing on our server –
leave as default.
Finally – we’ve reviewed all the settings. Select [OK] to save all our changes and get back to the
main VirtualBox window.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [22]
Now we can finally install Ubuntu.
We will be installing our Ubuntu Server in expert mode, which means we need to go through all of
the configuration options. This takes a considerable amount of time. So before starting the
following install process we need to have an hour or two spare. The installation process cannot be
paused halfway through.
It is an easy step-by-step process with all configuration options provided. Our server needs to be
configured exactly as shown.
From the VirtualBox Manager screen select the ‘Base Ubuntu Server’ virtual machine and then
click the Start button. This will start our virtual machine and boot up using the first boot device
we configured earlier which was the CD/DVD-ROM.
You may receive the following or similar Information prompts. Ensure you read through them
before continuing.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [23]
We have now booted from the Ubuntu Server Installation CD which initiates the Ubuntu Server
installation.
Select English as the default language.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [24]
We need to change a few options before starting the install.
First we need to select the installation Mode so press [F4] and select [Install a minimal virtual
machine] and press [Enter].
COIT20266 Week 1 Systems Security Administration
Base Server Installation [25]
We also want to install using expert mode – are we experts yet? So press [F6] to get into the
[Other Options] and check the Export Mode option by pressing the spacebar when it is
highlighted.
Make sure there is an [x] beside the [Expert mode] option. Press [Esc] to get back to the main
Installation window.
Now we are ready to step through the install. Make sure the [Install Ubuntu Server] menu option
is selected and press [Enter].
COIT20266 Week 1 Systems Security Administration
Base Server Installation [26]
Remember to read through any information boxes that appear.
We need to step through all of the choices. The first is to choose the Language for our server.
Press [Enter].
The default language is English, which is what we want, so press [Enter].
COIT20266 Week 1 Systems Security Administration
Base Server Installation [27]
Set our location to Australia.
The default locale is correct so press [Enter] to continue. We need to be reading all of the details
on each of the installation screens. This will help us understand the choices we make and links
back to much of the material covered in the course.
Use the TAB key to highlight the <Continue> option and press [Enter].
COIT20266 Week 1 Systems Security Administration
Base Server Installation [28]
Our System locale should be Australia so en_AU.UTF-8 is correct – press [Enter].
We have configured the language settings. Now we move on to configure the keyboard. Press
[Enter].
Select <No> and press [Enter].
English (US) keyboard is the default found in Australia, so ensure it is selected and press [Enter].
COIT20266 Week 1 Systems Security Administration
Base Server Installation [29]
English (US) keyboard layout is correct – press [Enter].
Detect and mount the CD-ROM – press [Enter].
We will not be using usb-storage so unselect the option using the [Spacebar]. [Tab] to <Continue>
and press [Enter].
There may be a short delay as the CD is detected – don’t panic – just be patient.
We can safely leave this blank – highlight <Continue> and press [Enter].
COIT20266 Week 1 Systems Security Administration
Base Server Installation [30]
Finally our CD has been detected – press [Enter].
As part of the install the Debian package configuration file needs to be loaded so press [Enter].
We can load the various components from the installation CD – press [Enter]. However we want
our server to be the very minimum at this stage, so we will only choose which mirror to install
from.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [31]
Select just the option to choose a mirror to install from – [Spacebar] toggles the choice. [Tab] to
<Continue> and press [Enter].
Finally we see some action.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [32]
Press [Enter] to detect the network hardware.
As before, we won’t have any USB devices on our virtual server so unselect and <Continue>.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [33]
Press [Enter] to configure the network.
We can let the network be auto configured – make sure the network is connected to the host
computer and is working first – press [Enter].
Change the hostname to our student number and <Continue>.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [34]
If we were configuring a server in the real world, we would have a domain name. For what we will
do in this course we can leave it blank.
Most of the screens are self explanatory so just follow the screen dumps below for each step and
read any specific points.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [35]
It is unlikely that a proxy is used, so leave it blank unless we know we use one.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [36]
We will cover shadow passwords in the course for now accept the default <Yes> option.
We will cover why it is a bad idea to allow root logins later – select the <No> option.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [37]
We will all initially use the same default name “ubuntu” to keep things simple.
Account has the same name.
And so we don’t forget, set the password to “ubuntu” as well.
Re-enter the password.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [38]
An appropriate warning that we will disregard for simplicity and convenience – we would not do
this in real life.
We will cover the pros and cons of using encrypted directories – for now we do not want
encryption enabled.
Retrieve time from an NTP server – <Yes>. Having the correct time on a server is very important.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [39]
The default Ubuntu NTP server will be fine.
The default should be correct based on our ISPs location. If it’s not we can adjust it by selecting
no. We assume it is correct and select <Yes>.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [40]
Our server will not have usb-storage so uncheck and continue.
We will be using logical volume manager for our storage needs, so select the second option here.
We will cover LVM in more detail in the course.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [41]
We only have the one hard disk that we setup earlier in VirtualBox, so select it.
It is a very good idea to separate our filesystem into partitions, so select the last option. We will
cover why this is a good idea in the course.
Review the partition details that will be written to disk and select <Yes> if correct.
A large server may have many disks and partitions so a logical naming convention must be used.
To keep things simple, name this first Volume Group “VG_01” – sometimes simple naming is the
best.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [42]
The default here is to use the entire disk – this is what we want to do. So leave the 1.9 GB default
and continue. We will cover modifications and additions to Volume Groups later in the course.
This is one of the reasons we are starting with such a small disk. It also highlights the minimal disk
requirements for a base server installation.
Review and select <Yes> – partitions are created and formatted for use.
Now it’s time to actually do the installation.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [43]
Sit back and have a break for a minute or 3.
This is new for the ubuntu-12.04.2-server-i386.iso.
Select the generic kernel.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [44]
At this stage we do not need generic drivers. Limiting what goes on the server is always a good
idea and it keeps our size down. Select the targeted option, press [Enter] and have another short
break.
The package manager for Ubuntu is apt, which makes installing additional software very easy.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [45]
The date of the original install image was 16-Oct-2012. Allowing access to a network mirror
during install ensures we are using all the most up-to-date software (including security patches).
COIT20266 Week 1 Systems Security Administration
Base Server Installation [46]
Yes there is a bit of deja vu here. No proxy should be required.
This configuration allows software to be installed that is not part of the main Ubuntu distribution.
We may need to install third party software so we include it <Yes>.
Some useful tools are available only through the “universe”.
Similarly with “multiverse”.
We may not need/use some of these distribution points, but it saves having to add them later.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [47]
Backported software can be useful in some situations when new vulnerabilities are found.
Time for a short break.
Limit our updates to security updates which we always need kept up-to-date. All other updates
should be tested and preformed manually so that they do not break our system before being
updated. Otherwise a simple update process could put our server out of action.
Another short break…
COIT20266 Week 1 Systems Security Administration
Base Server Installation [48]
Time for a bit longer break…
We want to pick the time when we do updates, not have them automatically installed at any time
– [No automatic updates].
COIT20266 Week 1 Systems Security Administration
Base Server Installation [49]
We could select a few items to install here, but we will opt to create the most minimal of servers
and manually install components as we need them. Ensure no software is selected.
Another short break…
We are getting to the end of the install now. We need to install a boot loader that will load
Ubuntu and start it running on our system.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [50]
<Yes> that’s where it needs to go.
Another short break…
Finally!
Well almost…
COIT20266 Week 1 Systems Security Administration
Base Server Installation [51]
We are finally done!
Our system should now reboot and present us with a login.
We can now login as the user ubuntu with password ubuntu.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [52]
At this point we want to shut down our server so we can take a backup.
To shut down the server type the following at the prompt and press [Enter]:
ubuntu@S12345678:~$ sudo shutdown -h now
“sudo” allows us to run the “shutdown” command as the root user. The “-h” flag is to halt the
system and “now” is so that it is done immediately.
You will see the system shutdown and the virtual machine close down.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [53]
Backing up the Base Server
We do not want to have to go through that process again so the first thing we want to do is take a
backup copy of the Base Server. The easiest way to do that is simply to zip up the directory that
the virtual machine and disk is stored in. To do that:
First, make sure the virtual machine is shut down and VirtualBox is not running.
Next, find the location of the “Base Ubuntu Server” virtual machine – this was listed in the early
parts of our install process. It will most likely be in the “VirtualBox VMs” directory in your user
directory (c:users<name>. Select the “Base Ubuntu Server” directory and zip the entire
directory up into a zip file. It will take a little while and the resulting zip file will typically be under
300 MB in size.
Don’t lose this file. If you need to recover back to the initial base install you can simply delete the
directory and unzip this file and you should be back to the base install.
You should backup your Base Server and other VM servers on a regular basis during the Term.
Updating the Base Server
Make sure a backup has been done on the base server before updating it – see above.
The first thing we need to do after a basic server install is to make sure that it is up-to-date with
the latest versions of software and security patches.
To update our server, we first need to start it up and login as ubuntu.
Ubuntu has a very easy to use package manager “apt”. This is what we use to update our system.
From the command line, we first need to ensure that the list of packages available is updated to
the latest list. We “update” the list by using the apt-get command:
ubuntu@S12345678:~$ sudo apt-get update
We will be prompted for the user ubuntu’s password as we are using the “sudo” command to
assume root privileges to do the update. “sudo” prompts for the password to test that we are the
user logged in (in this case, Ubuntu).
Running the update will result in a list of URLs scrolling up the screen as the package list is
updated.
Now that we have an updated list of packages, we can upgrade the system. We again use the aptget command, but ask it to “upgrade” our system:
COIT20266 Week 1 Systems Security Administration
Base Server Installation [54]
ubuntu@S12345678:~$ sudo apt-get upgrade
If prompted to continue, type “Y” to continue. (The [Y/n]? prompt indicates that “Y” is the default
value as it is the capital letter, so just pressing [Enter] will accept “Y” as your response.) This will
download and install any upgrades required for our system.
At this point all our existing software is up-to-date. However, since the original Ubuntu server
installation CD was created, the Ubuntu kernel has had a number of updates. These are called
distribution updates. So to insure our server has the latest kernel (core operating system) we
should also upgrade the distribution. Using apt-get again we call it with “dist-upgrade”.
Since we have the latest ubuntu-12.04.2-server-i386.iso there will be no kernel upgrade required.
So the next 2 steps can be performed but no update/purge is required.
ubuntu@S12345678:~$ sudo apt-get dist-upgrade
We should be prompted to continue, but before continuing, read the details of the distribution.
At the time of writing the latest kernel was linux-image-3.2.0-35-virtual. We should document
these things so we know the state of our server at all times – this is a required part of our
assessment submissions.
Note that the size of the required download is listed.
Continue with the upgrade process by pressing [Enter].
COIT20266 Week 1 Systems Security Administration
Base Server Installation [55]
This will take a little while. Read the details as they are listed on the screen so you have a better
understanding of the process involved.
Because we have just done a distribution upgrade we need to reboot to have the changes occur.
To reboot the server from the command line we simply use the shutdown command with the “-r”
option:
ubuntu@S12345678:~$ sudo shutdown -r now
This shuts down the server and reboots it again.
As the system reboots you will see an extra option in the boot loader – it flashes very quickly but
we now have the option to boot into the old and new kernel – the default is the new kernel image.
The first reboot may take a little while as VirtualBox detects changes in the boot process.
We can see that the Linux kernel is now 3.2.0-35-virtual, where if we look back to our first login
image it was listed as 3.2.0-29-virtual.
If for some reason there is a problem with the new kernel, we can simply boot back into the old
one. However, we want to start with a nice ‘clean’ server so we will remove the old kernel
ubuntu@S12345678:~$ sudo apt-get purge linux-image-3.2.0-29
This removes the old kernel and recreates the Grub boot loader menu.
It is a good idea to reboot at this point to make sure everything is still working. We don’t want to
make other changes and find our system doesn’t boot and wonder what caused the problem.
ubuntu@S12345678:~$ sudo shutdown -r now
Installing Manual Pages
It is very useful to have easy access to manual pages of all the available commands.
Software we need to install
* man – (help.ubuntu.com/community/man) – “used for displaying Unix and Linux manual pages”.
COIT20266 Week 1 Systems Security Administration
Base Server Installation [56]
Install man
To install man pages we again use apt by typing in the following (login first if you haven’t already)
and press [Enter]:
ubuntu@S12345678:~$ sudo apt-get install man
Accept the <continue> prompt and wait while the install is completed.
How to use man
The link above gives us a rundown on how to use man, but a quick example here will help us get
start. Type the following to get the man page for apt-get:
ubuntu@S12345678:~$ man apt-get
Note that we do not need to use sudo, as normal users are allowed to run the man command.
Skim through the apt-get manual pages. Press <h> to get some basic help on using man, including
a list of the various navigation keys. Press <q> to quit out of man and get back to the command
line.
We should expect to use man a lot.
The End
That’s it for the Base Server Install. We can now shutdown and restart our server, upgrade and
update our server, install new software on our server and access manual pages. This is really just
the beginning J