The Perfect Setup - Debian Etch (Debian 4.0) - Page 4

Submitted by falko (Contact Author) (Forums) on Mon, 2007-04-09 16:41. ::

9 DNS Server

Run

apt-get install bind9

For security reasons we want to run BIND chrooted so we have to do the following steps:

/etc/init.d/bind9 stop

Edit the file /etc/default/bind9 so that the daemon will run as the unprivileged user bind, chrooted to /var/lib/named. Modify the line: OPTIONS="-u bind" so that it reads OPTIONS="-u bind -t /var/lib/named":

vi /etc/default/bind9

OPTIONS="-u bind -t /var/lib/named"
# Set RESOLVCONF=no to not run resolvconf
RESOLVCONF=yes

Create the necessary directories under /var/lib:

mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run

Then move the config directory from /etc to /var/lib/named/etc:

mv /etc/bind /var/lib/named/etc

Create a symlink to the new config directory from the old location (to avoid problems when bind gets updated in the future):

ln -s /var/lib/named/etc/bind /etc/bind

Make null and random devices, and fix permissions of the directories:

mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind

We need to modify /etc/default/syslogd so that we can still get important messages logged to the system logs. Modify the line: SYSLOGD="" so that it reads: SYSLOGD="-a /var/lib/named/dev/log":

vi /etc/default/syslogd

#
# Top configuration file for syslogd
#

#
# Full documentation of possible arguments are found in the manpage
# syslogd(8).
#

#
# For remote UDP logging use SYSLOGD="-r"
#
SYSLOGD="-a /var/lib/named/dev/log"

Restart the logging daemon:

/etc/init.d/sysklogd restart

Start up BIND, and check /var/log/syslog for errors:

/etc/init.d/bind9 start

 

10 MySQL

In order to install MySQL, we run

apt-get install mysql-server mysql-client libmysqlclient15-dev

We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address = 127.0.0.1:

vi /etc/mysql/my.cnf

[...]
#bind-address           = 127.0.0.1
[...]

Then we restart MySQL:

/etc/init.d/mysql restart

Now check that networking is enabled. Run

netstat -tap

In the output you should see a line like this one:

tcp        0      0 *:mysql                 *:*                     LISTEN     3281/mysqld

Run

mysqladmin -u root password yourrootsqlpassword
mysqladmin -h server1.example.com -u root password yourrootsqlpassword

to set a password for the user root (otherwise anybody can access your MySQL database!).

up

Copyright © 2007 Falko Timme
All Rights Reserved.
add comment | view as pdf view as pdf | print: this | all page(s) |
Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
password for mysql
Submitted by Agostino (not registered) on Thu, 2008-10-09 14:01.

After you have changed the password with the command

 mysqladmin -u root password yourrootsqlpassword

you cannot set

mysqladmin -h server1.example.com -u root password yourrootsqlpassword

beaucose the password was changed and you have this

error: 'Host 'server1.example.com' is not allowed to connect to this mysql server'

now you have to supply the password set before, please correct the command in

mysqladmin -h server1.example.com -u root -p yourrootsqlpassword password yourrootsqlpassword

thank you.

reply | view as pdf view as pdf
Re: password for mysql
Submitted by admin (registered user) on Thu, 2008-10-09 17:57.
You are wrong. There are two root logins, one for localhost and one for server1.example.com, therefore the first password doesn't affect the second login.
reply | view as pdf view as pdf
Re: Re: password for mysql
Submitted by Anonymous (not registered) on Fri, 2008-10-31 09:19.
However the second command doesn't work. So who's right?
reply | view as pdf view as pdf
Clean up netstat output for newbies?
Submitted by IntnsRed (registered user) on Tue, 2008-07-15 22:04.
Since the netstat command will output many lines, how about cleaning this up for newbies by having folks run "netstat -tap | grep mysql" instead of just the "netstat -tap"?
reply | view as pdf view as pdf