Differences

This shows you the differences between two versions of the page.

--- secure_ubuntu_system:add_software [2016/07/14 00:44] – created peter
+++ secure_ubuntu_system:add_software [2020/07/15 09:30] (current) – external edit 127.0.0.1
@@ Line 17: / Line 17: @@
 ...and entering the Administrator's password, <color red>adminpass</color>.
-**IMPORTANT**:  If this is done, then remember to remove the sudo command from the front of any future issued command.
+<WRAP notice>
+**IMPORTANT**:  If this is done, then remember to remove the **sudo** command from the front of any future issued command.
+</WRAP>
-IMPORTANT:  Do __NOT__ use the following command:
+<WRAP alert>
+**DANGER**:  Do **__NOT__** use the following command:
 <code bash>
@@ Line 25: / Line 28: @@
 </code>
-and do __NOT__ enable the root login by running:
+and do **__NOT__** enable the root login by running:
 <code bash>
@@ Line 40: / Line 43: @@
 sudo passwd -dl root
 </code>
+</WRAP>
+----
 ===== Install binutils (highly recommended) =====
-The programs in this package are used to assemble, link and manipulate binary and object files.  They may be used in conjunction with a compiler and various libraries to build programs.
+The programs in this package are used to assemble, link and manipulate binary and object files.
+They may be used in conjunction with a compiler and various libraries to build programs.
 Issue the following command to install it:
@@ Line 54: / Line 61: @@
+----
 ===== Install most (highly recommended) =====
@@ Line 69: / Line 76: @@
+----
@@ Line 80: / Line 87: @@
 </code>
-**sysv-rc-conf** provides a terminal GUI for managing /etc/rc{runlevel}.d/ symlinks.
+<WRAP info>
+**NOTE:**  **sysv-rc-conf** provides a terminal GUI for managing /etc/rc{runlevel}.d/ symlinks.
 The interface comes in two different flavours, one that simply allows turning services on or off and another that allows for more fine tuned management of symlinks.
@@ Line 86: / Line 94: @@
 Unlike most runlevel-config programs, you can edit startup scripts for any runlevel, not just your current one.
+</WRAP>
+----
@@ Line 97: / Line 107: @@
 </code>
-**htop** is an interactive process viewer, which allows killing and renicing of processes without entering their PIDs.
+<WRAP info>
+**NOTE:**  **htop** is an interactive process viewer, which allows killing and renicing of processes without entering their PIDs.
+</WRAP>
+----
 ===== Install facter  (highly recommended) =====
@@ Line 109: / Line 123: @@
 </code>
-**facter** is a system information utility that makes it easy to determine information about the system hardware.
+<WRAP info>
+**NOTE:**  **facter** is a system information utility that makes it easy to determine information about the system hardware.
 It is an alternative to the **lshw** command.
+</WRAP>
+----
 ===== Install nmap  (highly recommended) =====
@@ Line 124: / Line 141: @@
 </code>
-**nmap** is a network security monitor.
+<WRAP info>
+**NOTE:**  **nmap** is a network security monitor.
 It is used to check the security of the system.
 It can also be used to check for networking problems.
+</WRAP>
+----
@@ Line 141: / Line 161: @@
 </code>
-**hping3** is a network tool able to send customized packets.
+<WRAP info>
+**NOTE:**  **hping3** is a network tool able to send customized packets.
 Using hping3 allows the following to be tested:
@@ Line 153: / Line 174: @@
   * A lot more
+</WRAP>
+----
 ===== Install 7-zip  (highly recommended) =====
@@ Line 164: / Line 187: @@
 </code>
-The **7z** (7-Zip) archive format offers good compression ratios and is an open source format.
+<WRAP info>
+**NOTE:**  The **7z** (7-Zip) archive format offers good compression ratios and is an open source format.
 p7zip is easy to use on the command line.
@@ Line 181: / Line 205: @@
-==== References ====
+**References:**
   * http://www.7-zip.org/
+</WRAP>
+----
 ===== Install logrotate  (highly recommended) =====
@@ Line 200: / Line 226: @@
+----
 ===== Install PHP  (highly recommended) =====
@@ Line 211: / Line 237: @@
 sudo aptitude install php5 php5-cli php5-cgi php5-common php5-curl php5-dbg php5-dev php5-fpm php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-mhash php5-ming php5-mysql php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xcache  php5-xmlrpc  php5-xsl
 </code>
-==== Package Information ====
-^Package^Description^
-|php5|This package is a meta-package that, when installed, guarantees that you have at least one of the four server-side versions of the PHP5 interpreter installed.  Removing this package won't remove PHP5 from your system, however it may remove other packages that depend on this one.|
-|php5-adobe|Extension optimizing the ADOdb database abstraction library.|
-|php5-auth-pam|A PHP5 extension for PAM authentication.|
-|php5-cli|Command-line interpreter for the php5 scripting language.  This package provides the /usr/bin/php5 command interpreter, useful for testing PHP scripts from a shell, or perhaps even performing general shell scripting tasks, if you're frightened of perl and python.|
-|php5-cgi|Server-side, HTML-embedded scripting language (CGI binary).
-Common Gateway Interface.  One drawback of cgi is that since no php process/interpreter is actually persistent, its not possible to use an opcode cache like APC. Also, Cgi creates a php process only upon request, and closes them after the request is process. So there is an overhead to start a new php process on every request. This is overcome in fastcgi, where the php process is kept persistent to be reused.
-And phpinfo() will report the Server API as CGI/FastCGI. This is because the php-cgi binary is being used to execute the php code.
-FastCGI is like cgi but can keep multiple processes alive and reuse them.  This is an enhancement to cgi.
-Since fastcgi keeps processes alive, it consumes more resources in idle state compared to cgi. However fastcgi reuses php processes so is more efficient that cgi when it comes to processing concurrent resources.
-It is well understood that when using php + fastcgi, fastcgi will create and manage multiple php processes and reuse them efficiently.  However there is a lesser understood fact that the php process created by fastcgi is itself capable of create further child php processes and managing them.
-So if fastcgi created 10 php processes, then each of these 10 processes can create 4 child php processes each, giving us a total of 10 + 10*4 = 50 processes.
-So process management can happen at 2 levels. 1st at fastcgi, 2nd inside php.|
-|php5-common|Common files for packages built from the PHP5 source.|
-|php5-curl|CURL module for PHP5.|
-|php5-dbg|Debug symbols for PHP5.|
-|php5-dev|Files for PHP5 module development.|
-|php5-fpm|Php-FPM is the new style of running php with fastcgi.  FPM stands of fastcgi process manager and it is a separate process manager for managing multiple php processes and reusing them.
-Php fpm is a process manager that is implemented inside php itself.
-Php-fpm supports running different vhosts with different uids.  But setting this up requires some configuration.
-Php-fpm manages a pool of php processes to serve requests.  Now, it can manage multiple separate pools each running with a different uid/gid. Multiple pools can be created by creating fpm configuration files.
-Each pool will have a separate socket (mapped to a unix file).
-Setting this up will require quite some effort when running multiple sites/vhosts on a server.
-Moreover having multiple pools of php processes will significantly increase the resource usage, especially RAM. If one pool has 5 process anytime, and each taking around 4M, the total is minimum 20MB in 1 pool.
-If there are 5 such pools it would require 100MB in its idle state and more when traffic rises on any single website. So consider this carefully when setting up multiple pools of fpm.|
-|php5-gd|GD module for PHP5.|
-|php5-gmp|GMP module for PHP5.|
-|php5-intl| |
-|php5-ldap|LDAP module for PHP5.|
-|php5-odbc|ODBC module for PHP5.|
-|php5-pear| |
-|php5-pgsql|PostgreSQL module for PHP5.|
-|php5-imagick| |
-|php5-imap| |
-|php5-mcrypt| |
-|php5-memcache| |
-|php5-mhash| |
-|php5-ming| |
-|php5-mysql|MySQL module for PHP5.|
-|php5-ps| |
-|php5-pspell|pspell module for PHP5.|
-|php5-recode|recode module for PHP5.|
-|php5-snmp|SNMP module for PHP5.|
-|php5-sqlite|SQLite module for PHP5.|
-|php5-tidy|tidy module for PHP5.|
-|php5-xcache| |
-|php5-xmlrpc|XML-RPC module for PHP5.|
-|php5-xsl|XSL module for PHP5.|
+----
 ===== Install MySQL  (highly recommended) =====
@@ Line 353: / Line 315: @@
+----
 ==== Verify that MySQL is running ====
@@ Line 370: / Line 332: @@
+<WRAP info>
+**NOTE:**  MOST Apache users probably want the **libapache2-mod-php5** package.
+The following extensions are built in:
-Note that MOST Apache users probably want the libapache2-mod-php5 package.
+  * bcmath
+  * bz2
-The following extensions are built in: bcmath bz2 calendar Core ctype date dba dom ereg exif fileinfo filter ftp gettext hash iconv libxml mbstring mhash openssl pcntl pcre Phar posix Reflection session shmop SimpleXML soap sockets SPL standard sysvmsg sysvsem sysvshm tokenizer wddx xml xmlreader xmlwriter zip zlib.
+  * calendar
+  * Core
+  * ctype
+  * date
+  * dba
+  * dom
+  * ereg
+  * exif
+  * fileinfo
+  * filter
+  * ftp
+  * gettext
+  * hash
+  * iconv
+  * libxml
+  * mbstring
+  * mhash
+  * openssl
+  * pcntl
+  * pcre
+  * Phar
+  * posix
+  * Reflection
+  * session
+  * shmop
+  * SimpleXML
+  * soap
+  * sockets
+  * SPL
+  * standard
+  * sysvmsg
+  * sysvsem
+  * sysvshm
+  * tokenizer
+  * wddx
+  * xml
+  * xmlreader
+  * xmlwriter
+  * zip
+  * zlib
 <code bash>
@@ Line 380: / Line 384: @@
 </code>
+</WRAP>
+----
 ===== Install traceroute  (recommended) =====
@@ Line 393: / Line 399: @@
 </code>
-Install **traceroute** if you need a tool for diagnosing network connectivity problems.
+<WRAP info>
+**NOTE:**  Install **traceroute** if you need a tool for diagnosing network connectivity problems.
-The traceroute utility displays the route used by IP packets on their way to a specified network (or Internet) host.  Traceroute displays the IP number and host name (if possible) of the machines along the route taken by the packets.  Traceroute is used as a network debugging tool.  If you're having network connectivity problems, traceroute will show you where the trouble is coming from along the route.
+The traceroute utility displays the route used by IP packets on their way to a specified network (or Internet) host.
+Traceroute displays the IP number and host name (if possible) of the machines along the route taken by the packets.
+Traceroute is used as a network debugging tool.
+If you're having network connectivity problems, traceroute will show you where the trouble is coming from along the route.
+</WRAP>
+----
@@ Line 409: / Line 424: @@
 </code>
-**lftp** is a file retrieving tool that supports FTP, HTTP, FISH, SFTP, HTTPS and FTPS protocols under both IPv4 and IPv6.  lftp has an amazing set of features, while preserving its interface as simple and easy as possible.
+<WRAP info>
+**NOTE:**  **lftp** is a file retrieving tool that supports FTP, HTTP, FISH, SFTP, HTTPS and FTPS protocols under both IPv4 and IPv6.
-The main two advantages over other ftp clients are reliability and ability to perform tasks in background.  It will reconnect and reget the file being transferred if the connection broke.  You can start a transfer in background and continue browsing on the ftp site.  It does this all in one process.
+lftp has an amazing set of features, while preserving its interface as simple and easy as possible.
-When you have started background jobs and feel you are done, you can just exit lftp and it automatically moves to nohup mode and completes the transfers.  It has also such nice features as reput and mirror.  It can also download a file as soon as possible by using several connections at the same time.
-lftp can also be scriptable, it can be used to mirror sites, it lets you copy files among remote servers (even between FTP and HTTP).  It has an extensive online help.  It supports bookmarks, and connecting to several ftp/http sites at the same time.
+  * The main two advantages over other ftp clients are reliability and ability to perform tasks in background.
+  * It will reconnect and reget the file being transferred if the connection broke.
+  * You can start a transfer in background and continue browsing on the ftp site.  It does this all in one process.
+  * When you have started background jobs and feel you are done, you can just exit lftp and it automatically moves to nohup mode and completes the transfers.
+  * It has also such nice features as reput and mirror.
+  * It can also download a file as soon as possible by using several connections at the same time.
+  * lftp can also be scriptable, it can be used to mirror sites, it lets you copy files among remote servers (even between FTP and HTTP).
+  * It has an extensive online help.
+  * It supports bookmarks, and connecting to several ftp/http sites at the same time.
+</WRAP>
+----
 ===== Install fsarchiver  (recommended) =====
@@ Line 428: / Line 451: @@
 </code>
-**fsarchiver** is a system tool that allows you to save the contents of a file-system to a compressed archive file.  The file-system can be restored on a partition which has a different size and it can be restored on a different file-system.  Unlike tar/dar, FSArchiver also creates the file-system when it extracts the data to partitions.  Everything is checksummed in the archive in order to protect the data.  If the archive is corrupt, you just loose the current file, not the whole archive.
+<WRAP info>
+**NOTE:**  **fsarchiver** is a system tool that allows you to save the contents of a file-system to a compressed archive file.
+The file-system can be restored on a partition which has a different size and it can be restored on a different file-system.
+Unlike tar/dar, FSArchiver also creates the file-system when it extracts the data to partitions.
+Everything is checksummed in the archive in order to protect the data.
+If the archive is corrupt, you just loose the current file, not the whole archive.
+</WRAP>
+----
 do a [Ctrl]+[Alt]+[F1] and log in to a TTY session.