« back to all changes in this revision
Viewing changes to serverguide/C/remote-administration.xml
- browse files at revision 267
- compare with another revision
- download diff
- download tarball
- view history from revision 267
- Committer: Ted Cox
- Date: 2016-03-18 04:34:44 UTC
- Revision ID: ted.m.cox@gmail.com-20160318043444-4suhfprh40fr6hfr
Reviewed Zentyal section of remote-administration.xml
- files modified:
- serverguide/C/remote-administration.xml
added
removed
serverguide/C/remote-administration.xml
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
2
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
3
3
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
4
4
<!ENTITY % globalent SYSTEM "../../libs/global.ent">
5
5
%globalent;
10
10
<chapter id="remote-administration" status="review">
11
11
<title>Remote Administration</title>
12
12
<para>
13
There are many ways to remotely administer a Linux server. This chapter will cover three of the most popular applications <application>OpenSSH</application>, <application>Puppet</application>, and <application>Zentyal</application>.
13
There are many ways to remotely administer a Linux server. This chapter will
14
cover three of the most popular applications <application>OpenSSH</application>,
15
<application>Puppet</application>, and <application>Zentyal</application>.
14
16
</para>
15
17
<sect1 id="openssh-server" status="review">
16
18
<title>OpenSSH Server</title>
17
19
<sect2 id="openssh-introduction">
18
<title>Introduction</title>
20
<title>Introduction</title>
19
21
<para>
20
This section of the Ubuntu &sg-title; introduces a powerful collection of tools
21
for the remote control of, and transfer of data between, networked computers called <emphasis>OpenSSH</emphasis>. You will also learn
22
about some of the configuration settings possible with the OpenSSH server application and how to change them on your Ubuntu system.
23
</para>
24
<para>
25
OpenSSH is a freely available version of the Secure Shell (SSH) protocol family of
26
tools for remotely controlling, or transferring files between, computers.
27
Traditional tools used to accomplish these functions, such as
28
<application>telnet</application> or <application>rcp</application>, are insecure
29
and transmit the user's password in cleartext when used. OpenSSH provides a server
30
daemon and client tools to facilitate secure, encrypted remote control and file
31
transfer operations, effectively replacing the legacy tools.
32
</para>
33
<para>
34
The OpenSSH server component, <application>sshd</application>, listens
35
continuously for client connections from any of the client tools. When a connection
36
request occurs, <application>sshd</application> sets up the correct connection
37
depending on the type of client tool connecting. For example, if the remote
38
computer is connecting with the <application>ssh</application> client application,
39
the OpenSSH server sets up a remote control session after authentication. If a
40
remote user connects to an OpenSSH server with <application>scp</application>, the
41
OpenSSH server daemon initiates a secure copy of files between the server and
42
client after authentication. OpenSSH can use many authentication methods, including plain password, public key, and <application>Kerberos</application> tickets.
22
This section of the Ubuntu &sg-title; introduces a powerful collection
23
of tools for the remote control and transfer of data between
24
networked computers called <emphasis>OpenSSH</emphasis>. You will also learn
25
about some of the configuration settings possible with the OpenSSH
26
server application and how to change them on your Ubuntu system.
27
</para>
28
<para>
29
OpenSSH is a freely available version of the Secure Shell (SSH) protocol family of
30
tools for remotely controlling or transferring files between computers.
31
Traditional tools used to accomplish these functions, such as
32
<application>telnet</application> or <application>rcp</application>,
33
are insecure and transmit the user's password in cleartext when used.
34
OpenSSH provides a server daemon and client tools to facilitate secure,
35
encrypted remote control and file transfer operations, effectively
36
replacing the legacy tools.
37
</para>
38
<para>
39
The OpenSSH server component, <application>sshd</application>, listens
40
continuously for client connections from any of the client tools. When a connection
41
request occurs, <application>sshd</application> sets up the correct connection
42
depending on the type of client tool connecting. For example, if the remote
43
computer is connecting with the <application>ssh</application> client application,
44
the OpenSSH server sets up a remote control session after authentication. If a
45
remote user connects to an OpenSSH server with <application>scp</application>, the
46
OpenSSH server daemon initiates a secure copy of files between the server and
47
client after authentication. OpenSSH can use many authentication methods, including
48
plain password, public key, and <application>Kerberos</application> tickets.
43
49
</para>
44
50
</sect2>
45
51
<sect2 id="openssh-installation">
46
52
<title>Installation</title>
47
53
<para>
48
Installation of the OpenSSH client and server applications is simple. To install the
49
OpenSSH client applications on your Ubuntu system, use this command at a terminal
54
Installation of the OpenSSH client and server applications is simple. To install the
55
OpenSSH client applications on your Ubuntu system, use this command at a terminal
50
56
prompt:
51
57
</para>
52
58
<screen>
53
59
<command>sudo apt-get install openssh-client</command>
54
60
</screen>
55
61
<para>
56
To install the OpenSSH server application, and related support files, use this command
62
To install the OpenSSH server application, and related support files, use this command
57
63
at a terminal prompt:
58
64
</para>
59
65
<screen>
60
66
<command>sudo apt-get install openssh-server</command>
61
67
</screen>
62
68
<para>
63
The <application>openssh-server</application> package can also be selected to
69
The <application>openssh-server</application> package can also be selected to
64
70
install during the Server Edition installation process.
65
71
</para>
66
72
</sect2>
67
73
<sect2 id="openssh-configuration">
68
74
<title>Configuration</title>
69
75
<para>
70
You may configure the default behavior of the OpenSSH server application,
71
<application>sshd</application>, by editing the file
72
<filename>/etc/ssh/sshd_config</filename>. For information about the configuration
73
directives used in this file, you may view the appropriate manual page with the
76
You may configure the default behavior of the OpenSSH server application,
77
<application>sshd</application>, by editing the file
78
<filename>/etc/ssh/sshd_config</filename>. For information about the configuration
79
directives used in this file, you may view the appropriate manual page with the
74
80
following command, issued at a terminal prompt:
75
81
</para>
76
82
<screen>
77
83
<command>man sshd_config</command>
78
84
</screen>
79
85
<para>
80
There are many directives in the <application>sshd</application> configuration
81
file controlling such things as communication settings, and authentication modes.
82
The following are examples of configuration directives that can be changed by
86
There are many directives in the <application>sshd</application> configuration
87
file controlling such things as communication settings, and authentication modes.
88
The following are examples of configuration directives that can be changed by
83
89
editing the <filename>/etc/ssh/sshd_config</filename> file.
84
90
</para>
85
91
<tip>
86
<para>Prior to editing the configuration file, you should make a copy of the
87
original file and protect it from writing so you will have the original
92
<para>Prior to editing the configuration file, you should make a copy of the
93
original file and protect it from writing so you will have the original
88
94
settings as a reference and to reuse as necessary.
89
95
</para>
90
<para>Copy the <filename>/etc/ssh/sshd_config</filename> file and protect it
96
<para>Copy the <filename>/etc/ssh/sshd_config</filename> file and protect it
91
97
from writing with the following commands, issued at a terminal prompt:
92
98
</para>
93
99
102
108
<itemizedlist>
103
109
<listitem>
104
110
<para>
105
To set your OpenSSH to listen on TCP port 2222 instead of the default TCP port
111
To set your OpenSSH to listen on TCP port 2222 instead of the default TCP port
106
112
22, change the Port directive as such:
107
113
</para>
108
114
<para>
111
117
</listitem>
112
118
<listitem>
113
119
<para>
114
To have <application>sshd</application> allow public key-based login credentials,
120
To have <application>sshd</application> allow public key-based login credentials,
115
121
simply add or modify the line:
116
122
</para>
117
123
<para>
123
129
</listitem>
124
130
<listitem>
125
131
<para>
126
To make your OpenSSH server display the contents of the
132
To make your OpenSSH server display the contents of the
127
133
<filename>/etc/issue.net</filename> file as a pre-login
128
134
banner, simply add or modify the line:
129
135
</para>
136
142
</listitem>
137
143
</itemizedlist>
138
144
<para>
139
After making changes to the <filename>/etc/ssh/sshd_config</filename> file, save
140
the file, and restart the <application>sshd</application> server application to
145
After making changes to the <filename>/etc/ssh/sshd_config</filename> file, save
146
the file, and restart the <application>sshd</application> server application to
141
147
effect the changes using the following command at a terminal prompt:
142
148
</para>
143
149
<screen>
145
151
</screen>
146
152
<warning>
147
153
<para>
148
Many other configuration directives for <application>sshd</application> are
149
available to change the server application's behavior to fit your needs.
150
Be advised, however, if your only method of access to a server is
151
<application>ssh</application>, and you make a mistake in configuring
152
<application>sshd</application> via the
154
Many other configuration directives for <application>sshd</application> are
155
available to change the server application's behavior to fit your needs.
156
Be advised, however, if your only method of access to a server is
157
<application>ssh</application>, and you make a mistake in configuring
158
<application>sshd</application> via the
153
159
<filename>/etc/ssh/sshd_config</filename> file, you may find you
154
are locked out of the server upon restarting it. Additionally, if an incorrect configuration directive is supplied,
155
the <application>sshd</application> server may refuse to start, so be extra careful when editing this file on a
160
are locked out of the server upon restarting it. Additionally, if an incorrect configuration directive is supplied,
161
the <application>sshd</application> server may refuse to start, so be extra careful when editing this file on a
156
162
remote server.
157
163
</para>
158
164
</warning>
160
166
<sect2 id="openssh-keys" status="review">
161
167
<title>SSH Keys</title>
162
168
<para>
163
SSH <emphasis>keys</emphasis> allow authentication between two hosts without the need of a password. SSH key authentication
169
SSH <emphasis>keys</emphasis> allow authentication between two hosts without the need of a password. SSH key authentication
164
170
uses two keys, a <emphasis>private</emphasis> key and a <emphasis>public</emphasis> key.
165
171
</para>
166
172
<para>
171
177
</screen>
172
178
<para>
173
179
This will generate the keys using the <emphasis>RSA Algorithm</emphasis>. During the process you
174
will be prompted for a password. Simply hit <emphasis>Enter</emphasis> when prompted to create the key.
180
will be prompted for a password. Simply hit <emphasis>Enter</emphasis> when prompted to create the key.
175
181
</para>
176
182
<para>
177
By default the <emphasis>public</emphasis> key is saved in the file <filename>~/.ssh/id_rsa.pub</filename>, while
183
By default the <emphasis>public</emphasis> key is saved in the file <filename>~/.ssh/id_rsa.pub</filename>, while
178
184
<filename>~/.ssh/id_rsa</filename> is the <emphasis>private</emphasis> key. Now copy the <filename>id_rsa.pub</filename> file
179
185
to the remote host and append it to <filename>~/.ssh/authorized_keys</filename> by entering:
180
186
</para>
219
225
<title>Puppet</title>
220
226
221
227
<para>
222
<application>Puppet</application> is a cross platform framework enabling system administrators to perform common tasks using code.
223
The code can do a variety of tasks from installing new software, to checking file permissions, or updating user accounts. <application>Puppet</application> is
228
<application>Puppet</application> is a cross platform framework enabling system administrators to perform common tasks using code.
229
The code can do a variety of tasks from installing new software, to checking file permissions, or updating user accounts. <application>Puppet</application> is
224
230
great not only during the initial installation of a system, but also throughout the system's entire life cycle. In most circumstances
225
<application>puppet</application> will be used in a client/server configuration.
231
<application>puppet</application> will be used in a client/server configuration.
226
232
</para>
227
233
228
234
<para>
234
240
<title>Preconfiguration</title>
235
241
236
242
<para>
237
Prior to configuring <application>puppet</application> you may want to add a DNS <emphasis>CNAME</emphasis> record for
238
<emphasis>puppet.example.com</emphasis>, where <emphasis>example.com</emphasis> is your domain. By default
239
<application>Puppet</application> clients check DNS for puppet.example.com as the puppet server name, or
243
Prior to configuring <application>puppet</application> you may want to add a DNS <emphasis>CNAME</emphasis> record for
244
<emphasis>puppet.example.com</emphasis>, where <emphasis>example.com</emphasis> is your domain. By default
245
<application>Puppet</application> clients check DNS for puppet.example.com as the puppet server name, or
240
246
<emphasis>Puppet Master</emphasis>. See <xref linkend="dns"/> for more DNS details.
241
247
</para>
242
248
243
249
<para>
244
If you do not wish to use DNS, you can add entries to the server and client <filename>/etc/hosts</filename> file. For example, in the
250
If you do not wish to use DNS, you can add entries to the server and client <filename>/etc/hosts</filename> file. For example, in the
245
251
<application>Puppet</application> server's <filename>/etc/hosts</filename> file add:
246
252
</para>
247
253
347
353
</para>
348
354
349
355
<para>
350
First, configure the <application>Puppet</application> agent daemon to start. Edit <filename>/etc/default/puppet</filename>, changing
356
First, configure the <application>Puppet</application> agent daemon to start. Edit <filename>/etc/default/puppet</filename>, changing
351
357
<emphasis>START</emphasis> to yes:
352
358
</para>
353
359
404
410
405
411
<note>
406
412
<para>
407
This example is <emphasis>very</emphasis> simple, and does not highlight many of <application>Puppet</application>'s features and
413
This example is <emphasis>very</emphasis> simple, and does not highlight many of <application>Puppet</application>'s features and
408
414
benefits. For more information see <xref linkend="puppet-resources"/>.
409
415
</para>
410
416
</note>
437
443
<title>Zentyal</title>
438
444
439
445
<para>
440
<application>Zentyal</application> is a Linux small business server, that
441
can be configured as a Gateway, Infrastructure Manager, Unified Threat Manager,
442
Office Server, Unified Communication Server or a combination of them.
443
All network services managed by Zentyal are tightly integrated,
444
automating most tasks. This helps to avoid errors in the network
445
configuration and administration and allows to save time.
446
<application>Zentyal</application> is a Linux small business server that
447
can be configured as a gateway, infrastructure manager, unified threat manager,
448
office server, unified communication server or a combination of them.
449
All network services managed by <application>Zentyal</application> are tightly
450
integrated, automating most tasks. This saves time and helps to avoid errors
451
in network configuration and administration.
446
452
<application>Zentyal</application> is open source, released under the GNU
447
453
General Public License (GPL) and runs on top of Ubuntu GNU/Linux.
448
454
</para>
451
457
<application>Zentyal</application> consists of a series of packages
452
458
(usually one for each module) that provide a web interface to configure
453
459
the different servers or services. The configuration is stored on a
454
key-value <application>Redis</application> database but users, groups
455
and domains related configuration is on <application>OpenLDAP
460
key-value <application>Redis</application> database, but users, groups,
461
and domains-related configuration is on <application>OpenLDAP
456
462
</application>. When you configure any of the available parameters
457
463
through the web interface, final configuration files are overwritten
458
using the configuration templates provided by the modules.
459
The main advantages of using <application>Zentyal</application> are:
464
using the configuration templates provided by the modules.
465
The main advantage of using <application>Zentyal</application> is a
460
466
unified, graphical user interface to configure all network services and
461
467
high, out-of-the-box integration between them.
462
468
</para>
463
469
470
<para>
471
<application>Zentyal</application> publishes one major stable release
472
once a year based on the latest Ubuntu LTS release.
473
</para>
474
464
475
<sect2 id="zentyal-installation" status="review">
465
476
<title>Installation</title>
466
477
467
478
<para>
468
Zentyal 2.3 is available on Ubuntu 12.04 Universe repository. The modules
469
available are:
470
</para>
471
472
<itemizedlist>
473
<listitem>
474
<para>
475
zentyal-core & zentyal-common: the core of the
476
<application>Zentyal</application> interface and the common libraries
477
of the framework. Also include the logs and events modules that
478
give the administrator an interface to view the logs and generate
479
events from them.
480
</para>
481
</listitem>
482
<listitem>
483
<para>
484
zentyal-network: manages the configuration of the network. From the
485
interfaces (supporting static IP, DHCP, VLAN, bridges or PPPoE),
486
to multiple gateways when having more than one Internet connection,
487
load balancing and advanced routing, static routes or dynamic DNS.
488
</para>
489
</listitem>
490
<listitem>
491
<para>
492
zentyal-objects & zentyal-services: provide an abstraction level
493
for network addresses (e.g. LAN instead of 192.168.1.0/24) and ports
494
named as services (e.g. HTTP instead of 80/TCP).
495
</para>
496
</listitem>
497
<listitem>
498
<para>
499
zentyal-firewall: configures the <application>iptables</application>
500
rules to block forbiden connections, NAT and port redirections.
501
</para>
502
</listitem>
503
<listitem>
504
<para>
505
zentyal-ntp: installs the NTP daemon to keep server on time and allow
506
network clients to synchronize their clocks against the server.
507
</para>
508
</listitem>
509
<listitem>
510
<para>
511
zentyal-dhcp: configures <application>ISC DHCP</application> server
512
supporting network ranges, static leases and other advanced options
513
like NTP, WINS, dynamic DNS updates and network boot with PXE.
514
</para>
515
</listitem>
516
<listitem>
517
<para>
518
zentyal-dns: brings <application>ISC Bind9</application> DNS server
519
into your server for caching local queries as a forwarder or as an
520
authoritative server for the configured domains. Allows to configure
521
A, CNAME, MX, NS, TXT and SRV records.
522
</para>
523
</listitem>
524
<listitem>
525
<para>
526
zentyal-ca: integrates the management of a Certification Authority
527
within Zentyal so users can use certificates to authenticate against
528
the services, like with <application>OpenVPN</application>.
529
</para>
530
</listitem>
531
<listitem>
532
<para>
533
zentyal-openvpn: allows to configure multiple VPN servers and clients
534
using <application>OpenVPN</application> with dynamic routing
535
configuration using <application>Quagga</application>.
536
</para>
537
</listitem>
538
<listitem>
539
<para>
540
zentyal-users: provides an interface to configure and manage users
541
and groups on <application>OpenLDAP</application>. Other services
542
on Zentyal are authenticated against LDAP having a centralized
543
users and groups management. It is also possible to synchronize
544
users, passwords and groups from a <application>Microsoft Active
545
Directory</application> domain.
546
</para>
547
</listitem>
548
<listitem>
549
<para>
550
zentyal-squid: configures <application>Squid</application> and
551
<application>Dansguardian</application> for speeding up browsing
552
thanks to the caching capabilities and content filtering.
553
</para>
554
</listitem>
555
<listitem>
556
<para>
557
zentyal-samba: allows <application>Samba</application> configuration
558
and integration with existing LDAP. From the same interface you can
559
define password policies, create shared resources and assign
560
permissions.
561
</para>
562
</listitem>
563
<listitem>
564
<para>
565
zentyal-printers: integrates <application>CUPS</application> with
566
<application>Samba</application> and allows not only to configure
567
the printers but also give them permissions based on LDAP users
568
and groups.
569
</para>
570
</listitem>
571
</itemizedlist>
572
573
<para>
574
To install <application>Zentyal</application>, in a terminal on the
575
<emphasis>server</emphasis> enter (where <zentyal-module> is
576
any of the modules from the previous list):
577
</para>
578
579
<screen>
580
<command>sudo apt-get install <zentyal-module></command>
581
</screen>
582
583
<note>
584
<para>
585
<application>Zentyal</application> publishes one major stable release
586
once a year (in September) based on latest Ubuntu LTS release. Stable
587
releases always have even minor numbers (e.g. 2.2, 3.0) and beta
588
releases have odd minor numbers (e.g. 2.1, 2.3). Ubuntu 12.04 comes
589
with <application>Zentyal</application> 2.3 packages. If you want to
590
upgrade to a new stable release published after the release of Ubuntu
591
12.04 you can use <ulink url="https://launchpad.net/~zentyal/">Zentyal
592
Team PPA</ulink>. Upgrading to newer stable releases can provide you
593
minor bugfixes not backported to 2.3 in Precise and newer features.
594
</para>
595
</note>
596
597
<tip>
598
<para>
599
If you need more information on how to add packages from a PPA see
600
<ulink url="https://help.ubuntu.com/&distro-rev-short;/ubuntu-help/addremove-ppa.html">
601
Add a Personal Package Archive (PPA)</ulink>.
602
</para>
603
</tip>
604
605
<note>
606
<para>
607
Not present on Ubuntu Universe repositories, but on
608
<ulink url="https://launchpad.net/~zentyal/">Zentyal Team PPA</ulink>
609
you will find these other modules:
610
</para>
611
<itemizedlist>
612
<listitem>
613
<para>
614
zentyal-antivirus: integrates <application>ClamAV</application>
615
antivirus with other modules like the proxy, file sharing or
616
mailfilter.
617
</para>
618
</listitem>
619
<listitem>
620
<para>
621
zentyal-asterisk: configures <application>Asterisk</application>
622
to provide a simple PBX with LDAP based authentication.
623
</para>
624
</listitem>
625
<listitem>
626
<para>
627
zentyal-bwmonitor: allows to monitor bandwith usage of your LAN
628
clients.
629
</para>
630
</listitem>
631
<listitem>
632
<para>
633
zentyal-captiveportal: integrates a captive portal with the firewall
634
and LDAP users and groups.
635
</para>
636
</listitem>
637
<listitem>
638
<para>
639
zentyal-ebackup: allows to make scheduled backups of your server using
640
the popular <application>duplicity</application> backup tool.
641
</para>
642
</listitem>
643
<listitem>
644
<para>
645
zentyal-ftp: configures a FTP server with LDAP based authentication.
646
</para>
647
</listitem>
648
<listitem>
649
<para>
650
zentyal-ids: integrates a network intrusion detection system.
651
</para>
652
</listitem>
653
<listitem>
654
<para>
655
zentyal-ipsec: allows to configure IPsec tunnels using
656
<application>OpenSwan</application>.
657
</para>
658
</listitem>
659
<listitem>
660
<para>
661
zentyal-jabber: integrates <application>ejabberd</application>
662
XMPP server with LDAP users and groups.
663
</para>
664
</listitem>
665
<listitem>
666
<para>
667
zentyal-thinclients: a <application>LTSP</application> based
668
thin clients solution.
669
</para>
670
</listitem>
671
<listitem>
672
<para>
673
zentyal-mail: a full mail stack including <application>Postfix
674
</application> and <application>Dovecot</application> with LDAP
675
backend.
676
</para>
677
</listitem>
678
<listitem>
679
<para>
680
zentyal-mailfilter: configures <application>amavisd</application> with
681
mail stack to filter spam and attached virus.
682
</para>
683
</listitem>
684
<listitem>
685
<para>
686
zentyal-monitor: integrates <application>collectd</application>
687
to monitor server performance and running services.
688
</para>
689
</listitem>
690
<listitem>
691
<para>
692
zentyal-pptp: configures a <application>PPTP</application> VPN server.
693
</para>
694
</listitem>
695
<listitem>
696
<para>
697
zentyal-radius: integrates <application>FreeRADIUS</application> with
698
LDAP users and groups.
699
</para>
700
</listitem>
701
<listitem>
702
<para>
703
zentyal-software: simple interface to manage installed
704
<application>Zentyal</application> modules and system updates.
705
</para>
706
</listitem>
707
<listitem>
708
<para>
709
zentyal-trafficshaping: configures traffic limiting rules to do
710
bandwidth throttling and improve latency.
711
</para>
712
</listitem>
713
<listitem>
714
<para>
715
zentyal-usercorner: allows users to edit their own LDAP attributes
716
using a web browser.
717
</para>
718
</listitem>
719
<listitem>
720
<para>
721
zentyal-virt: simple interface to create and manage virtual machines
722
based on <application>libvirt</application>.
723
</para>
724
</listitem>
725
<listitem>
726
<para>
727
zentyal-webmail: allows to access your mail using the popular
728
<application>Roundcube</application> webmail.
729
</para>
730
</listitem>
731
<listitem>
732
<para>
733
zentyal-webserver: configures <application>Apache</application>
734
webserver to host different sites on your machine.
735
</para>
736
</listitem>
737
<listitem>
738
<para>
739
zentyal-zarafa: integrates <application>Zarafa</application>
740
groupware suite with <application>Zentyal</application> mail stack
741
and LDAP.
742
</para>
743
</listitem>
744
</itemizedlist>
745
</note>
746
747
</sect2>
479
If you would like to create a new user to access the <application>Zentyal</application>
480
web interface, run:
481
<screen>
482
<command>sudo adduser username sudo</command>
483
</screen>
484
</para>
485
486
<para>
487
Add the <application>Zentyal</application> repository to your repository list:
488
<screen>
489
<command>sudo add-apt-repository "deb http://archive.zentyal.org/zentyal 3.5 main extra"</command>
490
</screen>
491
</para>
492
493
<para>
494
Import the public keys from <application>Zentyal</application>:
495
<screen>
496
<command>sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 10E239FF</command>
497
<command>wget -q http://keys.zentyal.org/zentyal-4.2-archive.asc -O- | sudo apt-key add -</command>
498
</screen>
499
</para>
500
501
<para>
502
Update your packages and install <application>Zentyal</application>:
503
<screen>
504
<command>sudo apt-get update</command>
505
<command>sudo apt-get install zentyal</command>
506
</screen>
507
During installation you will be asked to set a root MySQL password and
508
confirm port 443.
509
</para>
510
511
</sect2>
748
512
749
513
<sect2 id="zentyal-firststeps" status="review">
750
514
<title>First steps</title>
751
515
752
516
<para>
753
Any system account belonging to the sudo group is allowed to log into
754
<application>Zentyal</application> web interface. If you are using the
755
user created during the installation, this should be in the sudo group
756
by default.
757
</para>
758
759
<tip>
760
<para>
761
If you need to add another user to the sudo group, just
762
execute:
763
</para>
764
<screen>
765
<command>sudo adduser username sudo</command>
766
</screen>
767
</tip>
768
769
<para>
770
To access <application>Zentyal</application> web interface, browse into
771
https://localhost/ (or the IP of your remote server). As Zentyal creates
517
Any system account belonging to the sudo group is allowed to log into the
518
<application>Zentyal</application> web interface. The user created while
519
installing Ubuntu Server will belong to the sudo group by default.
520
</para>
521
522
<para>
523
To access the <application>Zentyal</application> web interface, point a browser
524
to https://localhost/ or to the IP address of your remote server. As
525
<application>Zentyal</application> creates
772
526
its own self-signed SSL certificate, you will have to accept a security
773
exception on your browser.
527
exception on your browser. Log in with the same username and password used
528
to log in to your server.
774
529
</para>
775
530
776
531
<para>
777
Once logged in you will see the dashboard with an overview of your
778
server. To configure any of the features of your installed modules, go
779
to the different sections on the left menu. When you make any changes,
780
on the upper right corner appears a red <emphasis>Save changes</emphasis>
781
button that you must click to save all configuration changes.
782
To apply these configuration changes in your server, the module
783
needs to be enabled first, you can do so from the <emphasis>Module Status
784
</emphasis> entry on the left menu. Every time you enable a module, a
785
pop-up will appear asking for a confirmation to perform the necessary
786
actions and changes on your server and configuration files.
787
</para>
788
789
<note>
532
Once logged in you will see an overview of your
533
server. Individual modules, such as Antivirus or Firewall, can be installed
534
by simply clicking them and then clicking Install.
535
Selecting server roles like Gateway or Infrastructure can be used to install
536
multiple modules at once.
537
</para>
538
539
<para>
540
Modules can also be installed via the command line:
541
<screen>
542
<command>sudo apt-get install <zentyal-module></command>
543
</screen>
544
See the list of available modules below.
545
</para>
546
547
<para>
548
To enable a module, go to the Dashboard, then click Module Status. Click
549
the check box for the module, then Save changes.
550
</para>
551
552
<para>
553
To configure any of the features of your installed modules, click the
554
different sections on the left menu. When you make any changes, a red "Save
555
changes" button appears in the upper right corner.
556
</para>
557
790
558
<para>
791
559
If you need to customize any configuration file or run certain actions
792
560
(scripts or commands) to configure features not available on
793
<application>Zentyal</application> place the custom configuration file
561
<application>Zentyal</application>, place the custom configuration file
794
562
templates on /etc/zentyal/stubs/<module>/ and the hooks on
795
/etc/zentyal/hooks/<module>.<action>.
796
</para>
797
</note>
563
/etc/zentyal/hooks/<module>.<action>. Read more about stubs and
564
hooks <ulink url="https://wiki.zentyal.org/wiki/En/4.0/Appendix_B:_Development_and_advanced_configuration#Advanced_Service_Customization">here</ulink>.
565
</para>
798
566
799
567
</sect2>
800
568
569
<sect2 id="zentyal-modules" status="review">
570
<title>Modules</title>
571
572
<para>
573
<application>Zentyal</application> 2.3 is available on Ubuntu 12.04 Universe
574
repository. The modules available are:
575
<itemizedlist>
576
<listitem>
577
<para>
578
zentyal-core & zentyal-common: the core of the
579
<application>Zentyal</application> interface and the common libraries
580
of the framework. Also includes the logs and events modules that
581
give the administrator an interface to view the logs and generate
582
events from them.
583
</para>
584
</listitem>
585
<listitem>
586
<para>
587
zentyal-network: manages the configuration of the network. From the
588
interfaces (supporting static IP, DHCP, VLAN, bridges or PPPoE),
589
to multiple gateways when having more than one Internet connection,
590
load balancing and advanced routing, static routes or dynamic DNS.
591
</para>
592
</listitem>
593
<listitem>
594
<para>
595
zentyal-objects & zentyal-services: provide an abstraction level
596
for network addresses (e.g. LAN instead of 192.168.1.0/24) and ports
597
named as services (e.g. HTTP instead of 80/TCP).
598
</para>
599
</listitem>
600
<listitem>
601
<para>
602
zentyal-firewall: configures the <application>iptables</application>
603
rules to block forbiden connections, NAT and port redirections.
604
</para>
605
</listitem>
606
<listitem>
607
<para>
608
zentyal-ntp: installs the NTP daemon to keep server on time and allow
609
network clients to synchronize their clocks against the server.
610
</para>
611
</listitem>
612
<listitem>
613
<para>
614
zentyal-dhcp: configures <application>ISC DHCP</application> server
615
supporting network ranges, static leases and other advanced options
616
like NTP, WINS, dynamic DNS updates and network boot with PXE.
617
</para>
618
</listitem>
619
<listitem>
620
<para>
621
zentyal-dns: brings <application>ISC Bind9</application> DNS server
622
into your server for caching local queries as a forwarder or as an
623
authoritative server for the configured domains. Allows to configure
624
A, CNAME, MX, NS, TXT and SRV records.
625
</para>
626
</listitem>
627
<listitem>
628
<para>
629
zentyal-ca: integrates the management of a Certification Authority
630
within Zentyal so users can use certificates to authenticate against
631
the services, like with <application>OpenVPN</application>.
632
</para>
633
</listitem>
634
<listitem>
635
<para>
636
zentyal-openvpn: allows to configure multiple VPN servers and clients
637
using <application>OpenVPN</application> with dynamic routing
638
configuration using <application>Quagga</application>.
639
</para>
640
</listitem>
641
<listitem>
642
<para>
643
zentyal-users: provides an interface to configure and manage users
644
and groups on <application>OpenLDAP</application>. Other services
645
on Zentyal are authenticated against LDAP having a centralized
646
users and groups management. It is also possible to synchronize
647
users, passwords and groups from a <application>Microsoft Active
648
Directory</application> domain.
649
</para>
650
</listitem>
651
<listitem>
652
<para>
653
zentyal-squid: configures <application>Squid</application> and
654
<application>Dansguardian</application> for speeding up browsing
655
thanks to the caching capabilities and content filtering.
656
</para>
657
</listitem>
658
<listitem>
659
<para>
660
zentyal-samba: allows <application>Samba</application> configuration
661
and integration with existing LDAP. From the same interface you can
662
define password policies, create shared resources and assign
663
permissions.
664
</para>
665
</listitem>
666
<listitem>
667
<para>
668
zentyal-printers: integrates <application>CUPS</application> with
669
<application>Samba</application> and allows not only to configure
670
the printers but also give them permissions based on LDAP users
671
and groups.
672
</para>
673
</listitem>
674
</itemizedlist>
675
676
</para>
677
678
<para>
679
Not present on Ubuntu Universe repositories, but on
680
<ulink url="https://launchpad.net/~zentyal/">Zentyal Team PPA</ulink>
681
you will find these other modules:
682
</para>
683
684
<para>
685
<itemizedlist>
686
<listitem>
687
<para>
688
zentyal-antivirus: integrates <application>ClamAV</application>
689
antivirus with other modules like the proxy, file sharing or
690
mailfilter.
691
</para>
692
</listitem>
693
<listitem>
694
<para>
695
zentyal-asterisk: configures <application>Asterisk</application>
696
to provide a simple PBX with LDAP based authentication.
697
</para>
698
</listitem>
699
<listitem>
700
<para>
701
zentyal-bwmonitor: allows to monitor bandwith usage of your LAN
702
clients.
703
</para>
704
</listitem>
705
<listitem>
706
<para>
707
zentyal-captiveportal: integrates a captive portal with the firewall
708
and LDAP users and groups.
709
</para>
710
</listitem>
711
<listitem>
712
<para>
713
zentyal-ebackup: allows to make scheduled backups of your server using
714
the popular <application>duplicity</application> backup tool.
715
</para>
716
</listitem>
717
<listitem>
718
<para>
719
zentyal-ftp: configures a FTP server with LDAP based authentication.
720
</para>
721
</listitem>
722
<listitem>
723
<para>
724
zentyal-ids: integrates a network intrusion detection system.
725
</para>
726
</listitem>
727
<listitem>
728
<para>
729
zentyal-ipsec: allows to configure IPsec tunnels using
730
<application>OpenSwan</application>.
731
</para>
732
</listitem>
733
<listitem>
734
<para>
735
zentyal-jabber: integrates <application>ejabberd</application>
736
XMPP server with LDAP users and groups.
737
</para>
738
</listitem>
739
<listitem>
740
<para>
741
zentyal-thinclients: a <application>LTSP</application> based
742
thin clients solution.
743
</para>
744
</listitem>
745
<listitem>
746
<para>
747
zentyal-mail: a full mail stack including <application>Postfix
748
</application> and <application>Dovecot</application> with LDAP
749
backend.
750
</para>
751
</listitem>
752
<listitem>
753
<para>
754
zentyal-mailfilter: configures <application>amavisd</application> with
755
mail stack to filter spam and attached virus.
756
</para>
757
</listitem>
758
<listitem>
759
<para>
760
zentyal-monitor: integrates <application>collectd</application>
761
to monitor server performance and running services.
762
</para>
763
</listitem>
764
<listitem>
765
<para>
766
zentyal-pptp: configures a <application>PPTP</application> VPN server.
767
</para>
768
</listitem>
769
<listitem>
770
<para>
771
zentyal-radius: integrates <application>FreeRADIUS</application> with
772
LDAP users and groups.
773
</para>
774
</listitem>
775
<listitem>
776
<para>
777
zentyal-software: simple interface to manage installed
778
<application>Zentyal</application> modules and system updates.
779
</para>
780
</listitem>
781
<listitem>
782
<para>
783
zentyal-trafficshaping: configures traffic limiting rules to do
784
bandwidth throttling and improve latency.
785
</para>
786
</listitem>
787
<listitem>
788
<para>
789
zentyal-usercorner: allows users to edit their own LDAP attributes
790
using a web browser.
791
</para>
792
</listitem>
793
<listitem>
794
<para>
795
zentyal-virt: simple interface to create and manage virtual machines
796
based on <application>libvirt</application>.
797
</para>
798
</listitem>
799
<listitem>
800
<para>
801
zentyal-webmail: allows to access your mail using the popular
802
<application>Roundcube</application> webmail.
803
</para>
804
</listitem>
805
<listitem>
806
<para>
807
zentyal-webserver: configures <application>Apache</application>
808
webserver to host different sites on your machine.
809
</para>
810
</listitem>
811
<listitem>
812
<para>
813
zentyal-zarafa: integrates <application>Zarafa</application>
814
groupware suite with <application>Zentyal</application> mail stack
815
and LDAP.
816
</para>
817
</listitem>
818
</itemizedlist>
819
820
</para>
821
822
</sect2>
823
801
824
<sect2 id="zentyal-references" status="review">
802
825
<title>References</title>
803
826
<para>
805
828
</ulink> page.
806
829
</para>
807
830
<para>
808
See also <ulink url="http://trac.zentyal.org/wiki/Documentation">Zentyal
809
Community Documentation</ulink> page.
831
<ulink url="http://trac.zentyal.org/wiki/Documentation">Zentyal
832
Community Wiki</ulink>.
810
833
</para>
811
834
<para>
812
And don't forget to visit the <ulink url="http://forum.zentyal.org/">forum
835
Visit the <ulink url="http://forum.zentyal.org/">Zentyal forum
813
836
</ulink> for community support, feedback, feature requests, etc.
814
837
</para>
815
838
</sect2>
Loggerhead is a web-based interface for Breezy
Version: 2.0.1