BigV

BigV

Following on from Part 1, we now have three of the Norse Goddesses up and running (If you hadn’t guessed what my naming convention is by now…)

The site we are going to use for this bit of the up and running is a small site that has a fair amount of traffic and history, we are going to try and get //skippy.org.uk carried across without breaking too much (or hopefully anything…)

So without further ado:

Setting up the basics

  1. Connect to the server, now assuming you followed me here from part 1, you will want to type the host name in a terminal (in my case irpa)
  2. We need to make the folder to tell the system that it to host the website, which will be ~//skippy.org.uk/public/htdocs/
    mkdir -p //skippy.org.uk/public/htdocs
    cd //skippy.org.uk/public/htdocs
    touch index.html
  3. now because we touched (created) index.html we have something there we can test to see if everything is working without having to set up DNS (yes we will get to that) by visiting //skippy.org.uk.testing.irpa.default.skippyuk.uk0.bigv.io/ (we can test every set up site the same way).
  4. We will want some email at some point, so lets do that next, first work out what addresses we want,
    • postmaster@ because RCF1123, states “A host that supports a receiver-SMTP MUST support the reserved mailbox “Postmaster”.
    • mail@ This was an old email address.
    • site@ This was an old email address.
    • webmaster@ for historical reasons (I have no idea why I used this, but apparently its currently set up).

    At this point we have our list of addresses, and because its got some that I have no interest in as real email addresses we will set these up in two ways.

    1. Lets set up site@//skippy.org.uk as a real email mailbox.
      cd //skippy.org.uk
      mkdir mailboxes
      mkdir mailboxes/site
      echo {newpassword} >> mailboxes/site/password
    2. Because I really do not want either spam or viruses, lets turn on those two parts of Symbiosis email checking.
      touch config/antivirus
      touch config/antispam
      mkdir config/blacklists
      touch config/blacklists/zen.spamhaus.org
    3. For the other email addresses, Because I have a list of them, and they all want to empty into the same inbox, rather than using forwards, I am going to use aliases. using the “config/aliases” file, I write the following to it:
      postmaster      site@//skippy.org.uk
      mail            site@//skippy.org.uk
      webmaster       site@//skippy.org.uk

Setting up WordPress

  1. Change to the folder that contains the webroot, (~//skippy.org.uk/public/htdocs/)
  2. Download wordpress and move it to the correct location
    wget //wordpress.org/latest.zip
    unzip latest.zip
    cd wordpress
    mv * ../
    cd ..
    rm index.html
  3. change the ownership of htdocs so it can be write to by apache
    cd ..
    sudo chown www-data htdocs -R
  4. You will now need to create a Database and user for wordpress:
    1. Create a new username and database
      MYSQL_HISTFILE=/dev/null mysql -u root -p
      CREATE DATABASE database;
      show databases;
      create user username;
      grant all on database.* to 'username'@'localhost' identified by 'newpass';
      quit;
    2. Set up your new install of WordPress by visiting the site and following the WordPress famous two minute install
    3. Login to your new install, you will note that WordPress News returns “RSS Error: WP HTTP Error: couldn’t connect to host” this is caused by the firewall, Symbiosis is set up like this for security, and rather good reasons. it stops people finding vulnerabilities in web applications (like WordPress)
      1. Hacker uses google to find hosts running an application with a known security flaw
      2. Hacker uses a crafted url to download his software of choice on to the machine
      3. Hacker uses his newly downloaded software to launch attacks on other hosts, or to gain root access via another privilege-escalation exploit.

      The firewall rule prevents the second step by not allowing the web server to download the malicious software.

      To allow WordPress to access the internet you will need to delete “/etc/symbiosis/firewall/outgoing.d/50-reject-www-data” (will take about an hour to show up).

We now have one website mostly working 😀