AWS Raw WebDNA LAMP-Plus WebServer
Amazon Web Services (AWS) README for Machine Image ID
numero = 1006
interpreted = N
texte = About this Document:Amazon Web Services (AWS) README for Machine Image ID (AMI ID): ami-9504b4fcCreated by Donovan Brooke - Sept. 2012DESCRIPTION:---------------------------------------------------------------------------AMI ID: ami-9504b4fcAMI Name: WebDNA_Server-LAMP_PlusAMI Description: Ubuntu_Server-12.04-LTS-x86_64-WebDNA_6.2.1-Apache2-MySQL_Serv-PHP5-ProFTPD-WebalizerBase AMI ID: ami-a29943cbWebDNA 6x Developers Lic. Installed: WDEV-5aMT-bla0-eiCL-lLICInstalled Applications (The exact 'history' of the installs is appended to this document):- WebDNA (6.2.1)- Apache2 (2.2.22)- MySQL-Server (no password)- PHP5 (5.3.10-1ubuntu3.4) Other: - Bind9 - Webalizer - phpmyadmin (not configured, see 'man phpmyadmin') - ProFTPD (not configured, see 'man proftpd')end description-------------------------------------------------------------------------** Initial Notes ** ================================================================- Access your AMI instance using SSH with the default username 'ubuntu' (instead of root). ** You can get your access info in the AWS Console by right clicking on your instance and selecting 'connect'. This will bring up a connection box. Click on the Arrow next to 'connect with a standalone SSH client'. Copy and paste the connection info into your local terminal to connect (changing 'root' to 'ubuntu' first).- After starting the instance, you can test that your webserver is working by extracting the I.P. address out of the 'connect' information and plugging that into a browser. For example, if your connect info is: 'ssh -i dbkey.pem root@ec2-184-73-125-65.compute-1.amazonaws.com' Then your IP would be: '184.73.125.65' and you can test your instance by plugging 'http://184.73.125.65' into your browser. - ** in going "live production" with your server, see the 'OVERVIEW' section below. **====================================================================================SECURITY (3 Important Steps):--------------------------------------------------------- Upon your instance being started, you will want to secure certain aspects of your server. These are:1.) Create a new administrive username. (This is optional, but it is our recommendation to change the default user to a custom administrative user. To add a new administrative user, type: 'sudo adduser --ingroup admin [username]' '[password]' Then create your SSH Public/Private Key Pairs in order to give access to your new user. (Key Pairs are considered more secure than a potentially crackable username and password, but don't lose your local key!) To create and configure your key pairs, reference: https://help.ubuntu.com/community/SSH/OpenSSH/Keys (If the link goes away, just google 'Generating RSA Keys ubuntu') Once done, log out of the ubuntu user account and test your login with the new admin user. Try to morph to superuser with your new user as well ('sudo su') Once you have successfully tested the new administrative user, you can delete your original 'ubuntu' user. As 'sudo su', type:'deluser --remove-home ubuntu'You now are left with your one custom administrative user. Note, you will now loginto your instance without the .pem file via ssh. (ssh [yournewuser]@[thedomain_or_IP]) 2.) Set your MySQL root password (via terminal).type: 'mysql -u root -p'[just hit return without a password]You should now have a prompt like 'mysql>'Set your password so you can't do what you just did (replace '[YOURNEWPASSWORD]' below):First, select your database:mysql> 'use mysql;'mysql> 'UPDATE user SET Password=PASSWORD('[YOURNEWPASSWORD]') WHERE User='root';'mysql> 'flush privileges;'mysql> 'quit;'You can test that you successfully secured mysql by typing: 'mysql -u root -p' againand trying to log in without a password. Try it again to make sure you *can* log inwith the new password.Thats it! Optionally, you can setup a non-root user if you wish, as well as reviewthe users that are currently registered to make sure it is secure. Google 'securing MySQL'for more info.3.) Secure WebDNA: - go to: http://[your_domain_or_IP]/WebCatalog/ in your browser. (https if you install a secure certificate first) - click on 'security' and at the prompt enter user 'admin' and password 'admin'. - click on 'display all users' and then click on 'Set Password' on the admin line. - You may also want to change the default password for price changes, though it can be later when you actually use it. Click on 'preferences', then scroll down to 'price change password' to change that. 4.) Your server is now secure. From here, you may want to configure the rest of your applications that are installed by default. type 'man [the_application]' to start.end security------------------------------------------------------------------------------ OVERVIEW:--------------------------------------------------------------------------------- This is a raw LAMP plus WebDNA Server that includes website extras. It is based off of AMI ID: a29943cb which is a Ubuntu 12.04 (LTS) x86_64 bit OS. It has been updated and safe-upgraded to Sept 17 2012. " Just fire it up, perform a couple security fixes, and start using it for free (other than AWS infrastructure fees) to develop your websites and/or develop in WebDNA! With the free WebDNA Developers License already installed, you can build and test all your content without paying a dime to WSC. Once you want to go live, just visit store.webdna.us to purchase the *server* license that fits your needs the best. The production license takes away the 3-connection limit. After installing the items above, the server was hardened according to Amazons specifications by removing bash history, SSH Keys, etc. end overview------------------------------------------------------------------------------Bash History of Installation:------------------------------------------------------------- 1 aptitude update 2 aptitude safe-upgrade 3 aptitude install apache2 4 aptitude install mysql-server 5 aptitude install php5 6 aptitude install bind9 7 aptitude install proftpd 8 aptitude install phpmyadmin 9 aptitude install webalizer 10 man webalizer 11 getenforce 12 cd /tmp/ 13 ls -la 14 tar -xzf WebDNA-Linux-6.2.1.tar.gz 15 cd WebDNA-6.2.1/ 16 ls 17 ./install_WebDNA.sh 18 dpkg --get-selections |grep openssl 19 ln -s ../init.d/WebCatalogCtl /etc/rc2.d/K03WebCatalog 20 ln -s ../init.d/WebCatalogCtl /etc/rc3.d/K03WebCatalog 21 ln -s ../init.d/WebCatalogCtl /etc/rc5.d/K03WebCatalog 22 ln -s ../init.d/WebCatalogCtl /etc/rc2.d/S90WebCatalog 23 ln -s ../init.d/WebCatalogCtl /etc/rc3.d/S90WebCatalog 24 ln -s ../init.d/WebCatalogCtl /etc/rc5.d/S90WebCatalog end history------------------------------------------------------------------------------DISCLAIMER: This server AMI is offered to the public free of charge (other than AWS fees) and without warranty. Use atyour own risk. Though WebDNA Software Corporation provides instructions on basic security, itis ultimately up to the administrator to make sure the server is and remains secure. WebDNA SoftwareCorporation cannot be held liable for any damages done in using this virtual server. For additional help, WebDNA Software Corporation may be hired as a service. However, WebDNA SoftwareCorporation is not obligated to provide service for this virtual server. Contact: support@webdna.us
About this Document:
Amazon Web Services (AWS) README for Machine Image ID (AMI ID): ami-9504b4fc
Created by Donovan Brooke - Sept. 2012
DESCRIPTION:---------------------------------------------------------------------------
AMI ID: ami-9504b4fc
AMI Name: WebDNA_Server-LAMP_Plus
AMI Description: Ubuntu_Server-12.04-LTS-x86_64-WebDNA_6.2.1-Apache2-MySQL_Serv-PHP5-ProFTPD-Webalizer
Base AMI ID: ami-a29943cb
WebDNA 6x Developers Lic. Installed: WDEV-5aMT-bla0-eiCL-lLIC
Installed Applications (The exact 'history' of the installs is appended to this document):
- WebDNA (6.2.1)
- Apache2 (2.2.22)
- MySQL-Server (no password)
- PHP5 (5.3.10-1ubuntu3.4)
Other:
- Bind9
- Webalizer
- phpmyadmin (not configured, see 'man phpmyadmin')
- ProFTPD (not configured, see 'man proftpd')
end description-------------------------------------------------------------------------
** Initial Notes ** ================================================================
- Access your AMI instance using SSH with the default username 'ubuntu' (instead of root).
** You can get your access info in the AWS Console by right clicking on your instance
and selecting 'connect'. This will bring up a connection box. Click on the Arrow next
to 'connect with a standalone SSH client'. Copy and paste the connection info into
your local terminal to connect (changing 'root' to 'ubuntu' first).
- After starting the instance, you can test that your webserver is working by
extracting the I.P. address out of the 'connect' information and plugging that into a
browser. For example, if your connect info is:
'ssh -i dbkey.pem root@ec2-184-73-125-65.compute-1.amazonaws.com'
Then your IP would be: '184.73.125.65' and you can test your instance by plugging
'http://184.73.125.65' into your browser.
- ** in going "live production" with your server, see the 'OVERVIEW' section below. **
====================================================================================
SECURITY (3 Important Steps):---------------------------------------------------------
Upon your instance being started, you will want to secure certain aspects
of your server. These are:
1.) Create a new administrive username. (This is optional, but it is our recommendation
to change the default user to a custom administrative user.
To add a new administrative user, type:
'sudo adduser --ingroup admin
[username]'
'
[password]'
Then create your SSH Public/Private Key Pairs in order to give access to your new user.
(Key Pairs are considered more secure than a potentially crackable username and password,
but don't lose your local key!)
To create and configure your key pairs, reference:
https://help.ubuntu.com/community/SSH/OpenSSH/Keys
(If the link goes away, just google 'Generating RSA Keys ubuntu')
Once done, log out of the ubuntu user account and test your login with the new admin user.
Try to morph to superuser with your new user as well ('sudo su')
Once you have successfully tested the new administrative user, you can delete your
original 'ubuntu' user.
As 'sudo su', type:
'deluser --remove-home ubuntu'
You now are left with your one custom administrative user. Note, you will now log
into your instance without the .pem file via ssh. (ssh [yournewuser]@[thedomain_or_IP])
2.) Set your MySQL root password (via terminal).
type:
'mysql -u root -p'
[just hit return without a password]
You should now have a prompt like 'mysql>'
Set your password so you can't do what you just did (replace '[YOURNEWPASSWORD]' below):
First, select your database:
mysql> 'use mysql;'
mysql> 'UPDATE user SET Password=PASSWORD('[YOURNEWPASSWORD]') WHERE User='root';'
mysql> 'flush privileges;'
mysql> 'quit;'
You can test that you successfully secured mysql by typing: 'mysql -u root -p' again
and trying to log in without a password. Try it again to make sure you *can* log in
with the new password.
Thats it! Optionally, you can setup a non-root user if you wish, as well as review
the users that are currently registered to make sure it is secure. Google 'securing MySQL'
for more info.
3.) Secure WebDNA:
- go to: http://[your_domain_or_IP]/WebCatalog/ in your browser.
(https if you install a secure certificate first)
- click on 'security' and at the prompt enter user 'admin' and password 'admin'.
- click on 'display all users' and then click on 'Set Password' on the admin line.
- You may also want to change the default password for price changes, though it can
be later when you actually use it. Click on 'preferences', then scroll down to
'price change password' to change that.
4.) Your server is now secure. From here, you may want to configure the rest of your
applications that are installed by default. type 'man [the_application]' to start.
end security------------------------------------------------------------------------------
OVERVIEW:---------------------------------------------------------------------------------
This is a raw LAMP plus WebDNA Server that includes website extras. It is based off
of AMI ID: a29943cb which is a Ubuntu 12.04 (LTS) x86_64 bit OS. It has been updated
and safe-upgraded to Sept 17 2012.
" Just fire it up, perform a couple security fixes, and start using it for
free (other than AWS infrastructure fees) to develop your websites and/or
develop in WebDNA!
With the free WebDNA Developers License already installed, you can build and test all
your content without paying a dime to WSC. Once you want to go live, just visit
store.webdna.us to purchase the *server* license that fits your needs the
best. The production license takes away the 3-connection limit.
After installing the items above, the server was hardened according to
Amazons specifications by removing bash history, SSH Keys, etc.
end overview------------------------------------------------------------------------------
Bash History of Installation:-------------------------------------------------------------
1 aptitude update
2 aptitude safe-upgrade
3 aptitude install apache2
4 aptitude install mysql-server
5 aptitude install php5
6 aptitude install bind9
7 aptitude install proftpd
8 aptitude install phpmyadmin
9 aptitude install webalizer
10 man webalizer
11 getenforce
12 cd /tmp/
13 ls -la
14 tar -xzf WebDNA-Linux-6.2.1.tar.gz
15 cd WebDNA-6.2.1/
16 ls
17 ./install_WebDNA.sh
18 dpkg --get-selections |grep openssl
19 ln -s ../init.d/WebCatalogCtl /etc/rc2.d/K03WebCatalog
20 ln -s ../init.d/WebCatalogCtl /etc/rc3.d/K03WebCatalog
21 ln -s ../init.d/WebCatalogCtl /etc/rc5.d/K03WebCatalog
22 ln -s ../init.d/WebCatalogCtl /etc/rc2.d/S90WebCatalog
23 ln -s ../init.d/WebCatalogCtl /etc/rc3.d/S90WebCatalog
24 ln -s ../init.d/WebCatalogCtl /etc/rc5.d/S90WebCatalog
end history------------------------------------------------------------------------------
DISCLAIMER:
This server AMI is offered to the public free of charge (other than AWS fees) and without warranty. Use at
your own risk. Though WebDNA Software Corporation provides instructions on basic security, it
is ultimately up to the administrator to make sure the server is and remains secure. WebDNA Software
Corporation cannot be held liable for any damages done in using this virtual server.
For additional help, WebDNA Software Corporation may be hired as a service. However, WebDNA Software
Corporation is not obligated to provide service for this virtual server.
Contact: support@webdna.us
Donovan Brooke
DOWNLOAD WEBDNA NOW!
Top Articles:
WebDNA Modules
A list of the currently available modules...
Technical Change History
This Technical Change History provides a reverse chronological list of WebDNA changes...
[biotype]
BioType is a behavioral biometrics WebDNA function based on ADGS research and development (from version 8...
Tips and Tricks
A list of user-submitted tips ...
WebDNA Libraries
A list of available libraries for WebDNA...
F.A.Q
A compilation of some user's questions...
Related Readings:
Formatting a long list in a table
How to show the result of a search as a table...
Paypal IPN
...
random password-generator code
Generate a random alpha-numeric string...
Handling credit card numbers
Encrypting the credit card numbers does the job quite nicely...
Hideif on IP range
This will show or hide stuff according to the IP...
Annoying character on writefile
How do I get rid of or convert the line feed character during a writefile?...