Chapter 1: Is an overview of the Linux.
Be sure to pay special attention to the keywords at the end of each chapter and the review questions.
Chapter 2: Covers the hardware required to support Linux.
Chapter 3: This reviews the install of Linux.
The instructor, during the start of the course, will provide server information.
For this course, we have already installed Linux on the server, but this is an important part of Linux.
The install covered in the 2nd edition of this book is valid for Fedora before 10.
We are using Fedora 14 and the install process has changed a lot, but the basic process is very similar.
The additional course web links above have links to a number of good sites that review the install process.
We did a number of steps during the install to get the system to the stage where you can login.
Chapter 4: Exploring the Linux File System
We want to complete the following things:
Using PuttySSH to login into your server. | ![]() |
Using vi and nano | ![]() |
Basic WinSCP. | ![]() |
What is sudoers?
Switch to the root user:
$ suChange the permissions on /etc/sudoers so it can be modified:
# chmod o+w /etc/sudoersEdit the /etc/sudoers file with either 'vi' or 'nano':
# nano /etc/sudoersEnter the following at the end of the file (where 'ACCOUNT_NAME' is the name of the user account you want to be able to use the 'sudo' command):
ACCOUNT_NAME ALL=(ALL) ALLSave and exit
Change the permissions on /etc/sudoers back its original settings (otherwise the 'sudo' command won't work):
# chmod o-w /etc/sudoersTest the 'sudo' command by exiting the root account and reading the last 30 lines of one of the system logs:
# exitCreate the following file, you can use 'vi' or 'nano':
$ sudo nano /etc/ssh/ssh_allowed_usersThe contents of this file should be the names of user accounts, each on its own line.
Edit the PAM (Pluggable Authentication Module) file for the SSH daemon to use our list of allowed accounts:
$ sudo nano /etc/pam.d/sshdAdd the following to the top of the file (should be the first line after "#%PAM-1.0"):
auth required pam_listfile.so sense=allow item=user file=/etc/ssh/ssh_allowed_users onerr=failSave and exit
Restart the SSH daemon:
$ sudo service sshd restartTo update your system via the command line:
$ sudo yum updateTo update your system via YUMEX (graphical interface):
$ sudo yum install yumexYum Update | ![]() |
If you do this correctly, you will get a long list of things to update and download. Eventually it will ask you to confirm that you want to proceed. Just follow the directions.
First you have to in stall the Sendmail Configuration File package via 'yum':
$ sudo yum install sendmail-cfNext, we edit the configuration file for sendmail using either 'vi' or 'nano':
$ sudo nano /etc/mail/sendmail.mcChange the following line:
dnl define(`SMART_HOST',`smtp.your.provider')dnlTo this:
define(`SMART_HOST',`mailhost.unt.edu')dnlAnd change this line:
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnlTo this:
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnlSave and exit
Next we have to 'make' the changes:
$ sudo make -C /etc/mailRestart the sendmail daemon:
$ service sendmail restartEdit the /etc/aliases file to setup email forwarding:
$ sudo nano /etc/aliasesAdd the aliases to the end of the file in the following format. Please note that while 'USER_ACCOUNT' is the actual name of the user account, 'GROUP_ALIAS' does not have to correspond to a system group, just a group of email aliases (Note that for group aliases, multiple account aliases must be separated by a comma with NO SPACES in between):
# Local AliasesThe entry for the root user account is commented out:
# Person who should get root's mailUncomment the line (remove the #) and replace 'marc' with either an account alias, a list of account aliases, or a group aliases:
root: GROUP_ALIAS1Save and exit
Commit the changes to the /etc/aliases file:
$ sudo newaliasesSend an email to the root account from the command line (to end the message, put a sole period on a line and hit Enter):
mail rootInstalling Sendmail | ![]() |
Install the Logwatch package via 'yum':
$ sudo yum install logwatchYou will now get all system e-mails including the nightly logs. It is your responsibility to read these daily messages and monitor activity on your system.
Note: If your server requires a password to authenticate against a network mailserver the following web site gives some examples of how to setup your system for use on the Verizon network.
Chapter 5: Filesystem Management
Be sure to pay special attention the file permission system and how you use the chmod command.
Chapter 6: Filesystem Admin
If you plan on taking the cert, be sure to read this chapter.
Chapter 7: Adv Installation
If you plan on taking the cert, be sure to read this chapter.
Chapter 8: More Bash Shell
This chapter goes beyond the basics we did earlier in the semester. The ability to pipe and redirect is essential in using the command line.
Chapter 9: System Ini and X Windows
If you plan on taking the cert, be sure to read this first half of the chapter. Be sure to review the X windows system section. We will be using the GNOME desktop.
Chapter 10: Managing Linux Processes
UNIX is a multi processing system, which allows it to run more than one process at a time. This chapter discusses how to manage and control processes. Be sure to review run levels and managing processes.
Assignment 2 focuses on the following issues. Be sure to examine these issues in the book and online in order to fully understand the concepts and terms:
Fedora uses what is called IPTABLES to control the firewall on your server. IPTABLES is a rules file that tells the OS which ports should be open and how and who should have access to them. We will be doing the basic setup for Assignment 2. IPTABLES provides a many ways to configure your server to provide protection from outside attacks. One of the best ways to protect your server is to only open ports that you are using and to control access as required. This is in addition to only running software that accesses these ports as required.
Since, we have not enabled remote desktop access yet (assignment 3), we will edit the iptables file by hand using vi or another command line editor. IPTABLES is already installed on your server as the basic install package. You will need to open up ports 80 (http) and 443 (https) to allow the apache server, that we have not started yet, to talk to the outside world via these ports. As discussed in the defition above, a port can be thought of as a conduit between the outside network and software running on your server. While port 80 is the default for web services (and 443 the default for encrypted web services), you can run a web server on any port you want to define depending on conditions you find your server operating in.
Edit /etc/sysconfig/iptables:
$ sudo nano /etc/sysconfig/iptablesEnter the folling rules before the last three lines:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPTYou can add other rules for other services later if needed. If you would like to see a list of standard ports, you can 'cat /etc/services' to view them.
Save and exit
Restart the iptables service, so that it reads in the new settings you have created.
$ sudo service iptables restartIf this work correctly, you will get the following OKs back. If you get an error message, then go back and look at the file to see if you made a mistake in the edit
iptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ]
You have now opened up ports 80 and 443. There is way using the GUI to control these ports, but learning to work on the file directly allows you to use SSH to open a session to your server from just about anywhere (like from my iphone now) to be able to control access.
Configuring IPTABLES | ![]() |
First, lets check to make sure that httpd is installed:
$ rpm -qa httpdIf nothing outputs from this command, the package is not installed, otherwise it will display the complete name (including version information) of the installed package. If the package needs to be installed, simply run:
$ sudo yum install httpdCheck the status of the Apache daemon at boot:
$ chkconfig --list | grep httpdYou should see the following:
httpd 0:off 1:off 2:off 3:off 4:off 5:off 6:offThese are the various runlevels and the status of the daemon when the computer is booted into these runlevels: runlevel 1 is single-user mode (usually a recovery mode), runlevel 3 is a text-only mode (what a lot of servers run in), and runlevel 5 is a graphical mode (what a desktop computer would normally run).
To make the Apache daemon start at boot, run:
$ sudo chkconfig httpd onYou can verify the status change with:
$ chkconfig --list | grep httpdYou should now see the updated run states:
httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:offStart the Apache daemon:
$sudo service httpd startThe command should have output:
Starting httpd: [ OK ]
As a further check, lets look at the process table and see if the Apache daemon is running:
$ ps aux | grep httpdYou should see something similar to the following:
root 17960 1 0 15:14 ? 00:00:00 /usr/sbin/httpd apache 17962 17960 0 15:14 ? 00:00:00 /usr/sbin/httpd apache 17963 17960 0 15:14 ? 00:00:00 /usr/sbin/httpd apache 17964 17960 0 15:14 ? 00:00:00 /usr/sbin/httpd apache 17965 17960 0 15:14 ? 00:00:00 /usr/sbin/httpd apache 17966 17960 0 15:14 ? 00:00:00 /usr/sbin/httpd apache 17967 17960 0 15:14 ? 00:00:00 /usr/sbin/httpd apache 17968 17960 0 15:14 ? 00:00:00 /usr/sbin/httpd apache 17969 17960 0 15:14 ? 00:00:00 /usr/sbin/httpd
You have now set httpd to autostart on server reset and have started the web server. It should display the default web page if you go to your server.
Using a browser, enter http://yourserverdomainname
If it does not, then you need to check iptables again (did you enter the right enter and did you restart it) and check httpd (did you start it).
It is now time to upload a web site (or pages) to replace the default page just seen
Using whatever web authoring package you like, create a home page for your site. Please create a motif/layout that goes with the name of your system. NOTE: Apache uses index.html as the default startup web page, so make sure your first page in any new web directory is called index.html. We will talk more about how to configure httpd.conf in a bit, when we setup user web areas.
You will need to make sure you have the proper permissions to load files into this directory, since the default owner and group is 'root'. You should change the group of the web directory to 'apache', add the appropriate user accounts to the 'apache' group (where USER_ACCOUNT is the actual user account), and give the group the appropriate permissions and restart the webserver:
$ sudo chgrp -R apache /var/www/htmlUising WINSCP upload the new web content to the default web area of /var/www/html.
Using your browser check your new home page. Congrats! You now have a working web server.
You now have a server web area. Apache supports the ability to setup user web areas that reside under the user's account. This is handy in several cases. One of the main reasons is that users are then responsble for their own content and you do not have to allow user access to your web directory (/var/www/html) for security issues. Keep in mind, there are some downsides, so the choice of enabling this or not depends on your server needs. We will enable it on your server as a further use of Apache.
The first is to edit the httpd configuration file: /etc/httpd/conf/httpd.conf is a very complex settings file. It controls everything to do with the Apache daemon. It would be well advised to make a copy of this file as a backup before you start editing.
Edit the httpd.conf file:
$ sudo nano /etc/httpd/conf/httpd.confLook for the setting for serving user directories (will be around line 360). You want to change:
UserDir disableTo this:
#UserDir disableAnd right below it is this:
#UserDir public_htmlShould be changed to this:
UserDir public_htmlSave and exit.
Restart Apache:
$ sudo service httpd restartYou should receive the following output. If you get a status of 'FAILED' on restarting the daemon, then you have an error in your httpd.conf file. Either try to find it or copy back the backup and start the edit again. Mistakes in editing httpd.conf are very unforgiving.
Stopping httpd: [ OK ] Starting httpd: [ OK ]
We have a number of steps now to create a user's public_html area and the open it for outside viewing. This is the more complex part of the process and any problem in this chain can cause a failure notice when you try to access the user web area.
Configuring Public_Html. A run through of the steps that are discussed next. | ![]() |
Each student will have to perform the following from their home directory (/home/USER_ACCONT):
$ mkdir public_htmlThe last two commands will allow Apache to view the contents of the users' public_html directory with SELinux enabled.
Upload or create (via 'vi' or 'nano') a test file into the public_html directory to test the following steps:
$ nano public_html/index.htmlThe file should contain the following:
<html>Save and exit.
View your HTML file by opening a web browser and going to:
http://SERVER_NAME.lt.unt.edu/~USER_ACCOUNTIf you don't get the test page, then you missed or made a mistake in one of the above steps. Go back and review.
It is now time to upload a web site (or pages) for the empty user home page
Using whatever web authoring package you like, create a home page for your user site. Be sure to put your name, photo, and a bio about yourself on the personal page. Also, be sure to provide a link on your system home page to your personal web site. NOTE: Apache uses index.html as the default startup web page, so make sure your first page in any new web directory is called index.html.
Uising WINSCP, each student should upload the new web content to their public_html directory.
Using your browser check your new home page:
http://SERVER_NAME.lt.unt.edu/~USER_ACCOUNTMany webservers serve more than one domain per each installation. The way they are able to do this is by configuring Apache to serve Virtual Hosts, one Virtual Host per domain.
We'll first need to define our Virtual Hosts. This can be done in the main Apache configuration file (/etc/httpd/conf/httpd.conf), though in my experience it's easier to have a separate file for this. We first create the file:
$ sudo nano /etc/httpd/conf.d/vhosts.confThe first line in the file needs to enable Name-based Virtual Hosting:
NameVirtualHost *:80The '*:80' tells Apache that it will serve Name-based Virtual Hosting on all IPs on the server on port 80.
Each site needs its own Virtual Host section. It's usually a good idea to have the first entry be the IP address of the server with its own directory. Each site should have its own directory under the web root (/var/www/html). In this example, the FQDNs for the sites hosted from this server are 'pegasus.lt.unt.edu', and 'pegasus-vh.lt.unt.edu':
NameVirtualHost *:80 <VirtualHost *:80> ServerName 129.120.117.59 DocumentRoot /var/www/html/default </VirtualHost> <VirtualHost *:80> ServerName pegasus.lt.unt.edu DocumentRoot /var/www/html/pegasus.lt.unt.edu ErrorLog logs/pegasus.lt.unt.edu_error-log CustomLog logs/pegasus.lt.unt.edu_access-log common </VirtualHost> <VirtualHost *:80> ServerName pegasus-vh.lt.unt.edu DocumentRoot /var/www/html/pegasus-vh.lt.unt.edu ErrorLog logs/pegasus-vh.lt.unt.edu_error-log CustomLog logs/pegasus-vh.lt.unt.edu_access-log common </VirtualHost>
Save and exit
If you had a site with multiple FQDNs associated with it, you could use the 'ServerAlias' directive to associate them with a host like so:
<VirtualHost *:80> ServerName pegasus.lt.unt.edu ServerAlias www.pegasus.lt.unt.edu pegasus.learningtechnologies.unt.edu DocumentRoot /var/www/html/pegasus.lt.unt.edu ErrorLog logs/pegasus.lt.unt.edu_error-log CustomLog logs/pegasus.lt.unt.edu_access-log common </VirtualHost>
Please note that the above is just an example, and for this course you will only be assigned two FQDNs for your server.
Create the directories for your Virtual Hosts that you defined in the /etc/httpd/conf.d/vhosts.conf file:
$ sudo mkdir /var/www/html/default/ /var/www/html/pegasus.lt.unt.edu/ /var/www/html/pegasus-vh.lt.unt.edu/Create a test HTML file forea each Virtual Host:
$ sudo nano /var/www/html/default/index.htmlRestart the Apache daemon:
$ sudo service httpd restartOpen your web browser and go to your server's IP and both FQDNs and make sure you see the correct corresponding test pages.
Encrypted web traffic is essential for passing sensitive information over the web. For part of this assignment you will be required to enable encryption via SSL with Apache. The method used in this class takes advantage of an extension to the SSL (Secure Socket Layer) and TLS (Transport Layer Security) protocols called SNI (Server Name Indication). Before this a server could only serve one certificate per IP & port combination, but now we can use TLS with virtual hosting. You can read more about this here.
You first need to install the SSL module that Apache will use to establish encrypted connections:
$sudo yum install mod_sslNext, you have to generate a Certificate Signing Request. This uses your server's public RSA key as well as some identifying information which will be sent to a Certificate Authority to create the certifcate. Make sure to replace 'pegasus_lt_unt_edu' with the name of your server.
$ sudo openssl req -new -newkey rsa:2048 -nodes -out pegasus_lt_unt_edu.csr -keyout pegasus_lt_unt_edu.key -subj "/C=US/ST=TEXAS/L=Denton/O=University of North Texas/OU=Learning Technologies/CN=*.lt.unt.edu"This will generate two files: the Certificate Signing Request and the private RSA key. You need to email the .csr file to your instructor so they can send it to a Certificate Authority. Afterwards you need to move the .key file to the default certificate directory and set the appropriate SELinux contexts to them:
$ sudo mv *.key /etc/pki/tls/private/Your instructor will email you two files: one will be the public certificate for your server, and the other will be the Certificate Authority's public certificate; put the files in the following directories:
$ sudo mv pegasus_lt_unt_edu.crt /etc/pki/tls/certs/The next step is to alter the SSL configuration file that Apache uses, /etc/httpd/conf.d/ssl.conf. First, find the line containing the following:
<VirtualHost _default_:443>Replace it with the following lines:
NameVirtualHost *:443Find the following lines:
#DocumentRoot "/var/www/html"And replace the values with those we used in the /etc/httpd/conf.d/vhosts.conf file for the Virtual Host section of the server's IP address:
DocumentRoot /var/www/html/defaultChange the 'SSLCertiicateFile' variable to:
SSLCertificateFile /etc/pki/tls/certs/pegasus_lt_unt_edu.crtChange the 'SSLCertiicateKeyFile' variable to:
SSLCertificateKeyFile /etc/pki/tls/private/pegasus_lt_unt_edu.keyChange the 'SSLCertiicateChainFile' variable to:
SSLCertificateChainFile /etc/pki/tls/certs/DigiCertCA.crtAdd Virtual Host sections for your virtual hosts at the end of the file. Make sure you have the correct paths for your SSL certificate and key directives:
<VirtualHost *:443> SSLEngine On SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/pki/tls/certs/pegasus_lt_unt_edu.crt SSLCertificateKeyFile /etc/pki/tls/private/pegasus_lt_unt_edu.key SSLCertificateChainFile /etc/pki/tls/certs/DigiCertCA.crt ServerName pegasus.lt.unt.edu DocumentRoot /var/www/html/pegasus.lt.unt.edu ErrorLog logs/pegasus.lt.unt.edu_error-log CustomLog logs/pegasus.lt.unt.edu_access-log common SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 </VirtualHost> <VirtualHost *:443> SSLEngine On SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/pki/tls/certs/pegasus_lt_unt_edu.crt SSLCertificateKeyFile /etc/pki/tls/private/pegasus_lt_unt_edu.key SSLCertificateChainFile /etc/pki/tls/certs/DigiCertCA.crt ServerName pegasus-vh.lt.unt.edu DocumentRoot /var/www/html/pegasus-vh.lt.unt.edu ErrorLog logs/pegasus-vh.lt.unt.edu_error-log CustomLog logs/pegasus-vh.lt.unt.edu_access-log common SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 </VirtualHost>
Save and exit
Restart the Apache daemon:
$ sudo service httpd restartOpen your web browser and go to your server's IP and both FQDNs, but make sure to change the protocol to https:// and make sure you see the correct corresponding test pages.
Assignment 3 focuses on the following issues. Be sure to examine these issues in the book and online in order to fully understand the concepts and terms:
Go here for the NoMachine Client, Node, and Server Installers for Linux.
Download the i386 RPMs.
Change your working directory to the location where you saved the package and install it by running from the console as root. We use yum with the options so that the system will install any dependencies it needs. Change the file name based on the download:
$ sudo yum -y --nogpgcheck localinstall nxclient-3.4.0-7.x86_64.rpmDownload the CLIENT software for your system and install.
See the directions on accessing a remote system.
An example of setup and use of NX Machine. | ![]() |
Assignment 4 focuses on the following issues. Be sure to examine these issues in the book and online in order to fully understand the concepts and terms:
The following steps will install PHP and MySQL:
$ sudo yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml-devel mysql mysql-server mysql-workbench phpMyAdminEdit your /etc/httpd/conf/httpd.conf file, change this:
DirectoryIndex index.html index.html.varTo this:
DirectoryIndex index.html index.htm index.phpThen insert an AddType declaration (after '#AddType application/x-tar .tgz'):
AddType application/x-httpd-php .php .htmlSave changes to the file.
Restart the Apache daemon:
$ sudo service httpd restartGo into your web root directory, create/edit a file (with a .html extension) with the following contents:
<html>Open a web browser and navigate to the page you just created. You should see a series of tables detailing information about your PHP installation and installed modules.
Start the MySQL daemon:
$ sudo service mysqld startBy default MySQL comes with one built-in user account: 'root'. This account initially has no password, so it is possible to log in without having to supply one. This is quite undesirable, so the first thing you need to do is create a password:
$ sudo mysqladmin -u root password "ACTUALPASSWORDHERE"The bad thing about this method is that while it is quick and doesn't require us to run any SQL commands, the command will be stored in our .bash_history file, so if our account is ever compromised, the attacker could conceivably have access to the MySQL root password. Therefore once we start using our MySQL graphical database management package of choice, one of our first priorities should be to change this initial password.
Log into the MySQL service. First, try it without providing a password:
$ mysql -u rootYou should be presented with a message similar to "ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)". Now, try it using the password switch:
$ mysql -u root -pYou will be prompted for your password. If your credentials are good, you will be presented with a MySQL prompt (mysql> ). Exit MySQL:
mysql> exitMake sure the MySQL daemon is set to run at boot:
$ sudo chkconfig mysqld onYou have two options for managing your database via a graphical interface, and both will require you to log into your server via the No Machine client. One is a stand-alone application called MySQL Workbench which is developed by MySQL. To access it, on your desktop go to Applications -> Programming -> MySQL Workbench. Tutorials can be found online on how to use it.
The second method is by using phpMyAdmin, which is a web-based application that uses PHP. Open a browser and go to http://localhost/phpmyadmin: you should be presented with a login prompt. Enter your MySQL root user's information. By default phpMyAdmin will only be accessible from the computer it is running on, but this can be changed in the /etc/httpd/conf.d/phpMyAdmin.conf file. It is recommended that you do not open this up to everyone, as phpMyAdmin is a popular MySQL management application and as such your server will be probed for this address by remote hosts with the intention of using brute force attacks to access your database.
For Assignment 5 we're going to move the database off our host servers and onto a dedicated machine of its own so that it can consolidate databases across multiple systems. We'll be creating an SSH tunnel from our host system to the database server, so that our data is encrypted as it passes between the two.
For this class I have already setup another system (poseidon.lt.unt.edu) running Fedora 14 with a MySQL database installed and running. All student user accounts have been created and should have access to the system via SSH. Some of the steps outlined below I have already done and will indicate that they do NOT need to be carried out in this class, but I have included them if you wish to duplicate this setup in another environment.
We'll start by configuring the system that is hosting our web-based services, which will eventually connect to the centralized database system.
The first thing you will want to do is backup your databases. You can do this by logging into phpMyAdmin, selecting your database and clicking the 'Export' tab. Make sure to check 'Save as file' to download your exported data.
Next, you'll want to shut down your MySQL daemon and stop it from starting at boot:
# service mysqld stopNext, in order for our SSH tunnel to be established without having to be created manually, we'll be using public key authentication, and in order to do so, we must create the keys for our root account:
# ssh-keygen -t rsaHit Enter to save to the default path (/root/.ssh), and hit Enter when it asks for a passphrase (no passphrase): DO NOT ENTER A PASSPHRASE!
Now we must transfer the public key for the root account to the database server. Since the server has been configured to not allow the root account to log in over SSH, you'll have to use your regular user account:
# scp /root/.ssh/id_rsa.pub USERACCOUNT@poseidon.lt.unt.edu:While we're still on the host system, we can go ahead and make some changes to phpMyAdmin's configuration file (/etc/phpMyAdmin/config.inc.php). Change this line:
$cfg['Servers'][$i]['host'] = 'localhost';To this:
$cfg['Servers'][$i]['host'] = '127.0.0.1';Also, while we're here, we need to change an SELinux boolean so that Apache can connect to the MySQL database over the network:
# setsebool -P httpd_can_network_connect_db 1We've done all we can do on our host machine, so we'll have to move on to the database server. For this course, I have already completed the first five steps, so do not do these now.
Install the MySQL server daemon:
$ sudo yum install mysql mysql-serverEdit the MySQL configuration file (/etc/my.cnf). Find this line:
socket=/var/lib/mysql/mysql.sockAnd comment it out:
#socket=/var/lib/mysql/mysql.sockAlso, add the following line right after it:
bind-address=127.0.0.1Save and exit
Start the MySQL daemon and set it to run at boot:
$ sudo service mysqld startSet password for the MySQL root account:
$ sudo mysqladmin -u root password "ACTUALPASSWORDHERE"Create a user account for the SSH tunnel creation (NOTE: you can name this account anything you want):
$ sudo useradd tunnelNow we'll have to copy the public key we copied earlier to the authorized_keys file for the SSH tunnel account:
$ sudo cat /home/USERACCOUNT/id_rsa.pub >> /home/tunnel/.ssh/authorized_keysWe'll have to set an SELinux boolean to allow SSH to forward ports through the tunnel:
$ sudo setsebool -P sshd_forward_ports 1Back on the web host, we'll first established the SSH tunnel:
# ssh -fNL 3306:127.0.0.1:3306 tunnel@poseidon.lt.unt.eduWhat this command does is binds our port (3306) to an IP address (127.0.0.1) and connects it to the remote port (3306) on the remote system (poseidon.lt.unt.edu) that we will connect to with public key authentication against the remote user account (tunnel).
To test the connection, run the following:
$ mysql -h 127.0.0.1 -u root -pIf after entering the password you're presented with a MySQL prompt (mysql> ), then everything is working.
Open a browser and go to your phpMyAdmin installation, using the password for the new database root account. If you're successful, create the database that you had on your local MySQL server and import the data that you exported earlier.
If everything is working, the last step is to add the following to the /etc/rc.local file, which is run at boot:
ssh -fNL 3306:127.0.0.1:3306 tunnel@poseidon.lt.unt.edu