Mageia can also be used to setup fast, clean and easy to use server systems.
Installation from the Wired Network-based install CD
Boot from the iso.
Just follow the installation procedure :
Installation method : FTP or HTTP server
Medium : Mageia 2
Select your preferred mirror carefully.
Since this is a web server, I personally like to create a separate /var partition.
We are doing a minimal install, so deselect everything!
(we could directly choose web/ftp/database/etc servers but I like to do it by hand)
When everything is deselected, a following screen will offer you some more choices. Just accept the defaults.
Set a root password, and create a regular user.
Installation terminated, reboot.
Login as root
# df -h
Shows that a minimal install takes less than 600M of disk space, that’s nice!
Update packages database
# urpmi.update -a
Install server-flavored kernel and some useful programs while we are at it
# urpmi kernel-server-latest nano mlocate htop
Set the hostname
# echo >/etc/hostname mageiabox.example.com
# nano /etc/hosts
By default, the firewall (shorewall) is enabled (unless you disabled it at installation time), and does not allow incoming connections.
Install some useful servers : ntpd, sshd
# urpmi ntpd sshd
Note : by default, ssh root login is not permitted.
Install and configure Postfix mail server (here just to be able to send mails
# urpmi postfix nail
(the nail package contains the regular mail/mailx command line program)
Edit postfix’s main configuration
# nano /etc/postfix/main.cf
(I personally add my ISP’s relayhost)
relayhost = smtp.myisp.com
Edit aliases if needed
# nano /etc/postfix/aliases
I personally set a root: alias with another email address.
Then start postfix
# service postfix start
Send a test mail
# echo “From my Mageia server!” | mail -s “Hello” email@example.com
In case of problems, check the logs
# tail /var/log/mail/info.log
Now install the LAMP (Apache-Mysql-Php) stack
There are several variants, check with
# urpmq -S -a lamp
# urpmi task-lamp
Note: this task will also install proftpd FTP server.
To disable proftpd :
# chkconfig proftpd off && service proftpd stop
Next, we must start and set a root password to MariaDB (mysql drop-in replacement in Mageia)
# service mysqld start
# mysqladmin password
(set new root password)
If you need to review the specific instructions for this MariaDB package
# more /usr/share/doc/mariadb/README.urpmi
Note : this LAMP stack also comes with phpmyadmin and php-eaccelerator.
Under Mageia, Apache’s process is httpd, process user and group are both “apache”. Configuration files are located in /etc/httpd/
# service httpd start
We need to configure the firewall to allow access to our web server from the outside.
Very simple with
(we could also edit manually the /etc/shorewall/rules file, and restart shorewall)
Your web server is now accessible from the other hosts.
Web statistics with Awstats
# urpmi awstats
There is a daily cron job, but it is possible to generate stats asap
# /usr/share/awstats/www/awstats.pl -config=awstats.conf -update
Can be consulted at http://<yourserver>/awstats
Need a blog? Easy installation of WordPress
# urpmi wordpress
Create a database
# mysql -uroot -p <<EOF CREATE DATABASE mywpdatabase; GRANT ALL PRIVILEGES ON mywpdatabase.* TO "mywpuser"@"localhost" IDENTIFIED BY "mywppassword"; FLUSH PRIVILEGES; EXIT EOF
Point your browser to http:<yourserver>/wordpress to finish installation.
Need a CMS?
Drupal is available in the repository.
# urpmi drupal
Need a wiki?
# urpmq -a -S wiki
There’s Dokuwiki (lightweight), Mediawiki (heavyweight).
Example for Mediawiki, without suggested packages
# urpmi –no-suggests mediawiki
or the much lighter version
# urpmi –no-suggests mediawiki-minimal
Now initialize your new wiki “mywiki”
# mediawiki-create /var/www/mediawiki/mywiki
And enable it within Apache
# nano /etc/httpd/conf/webapps.d/mediawiki.conf
Alias /skins /usr/share/mediawiki/skins Alias /wiki /var/www/mediawiki/mywiki <Directory "/var/www/mediawiki/mywiki"> Order allow,deny Allow from All Options +FollowSymLinks </Directory>
# apachectl restart
Create missing “skins” symlink
# ln -s /usr/share/mediawiki/skins /var/www/mediawiki/mywiki/skins
Point your browser to http://<yourserver>/wiki and follow the install process.
# urpmi owncloud
Then point your browser to http://<yourserver>/owncloud/
Note : this may not be the latest version.
Need a web-based project management system?
Chiliproject, Redmine are packaged.
Need a bug-tracking web-based system?
Bugzilla is in the repository.
# urpmi –no-suggests bugzilla
Need a Pastebin?
Stikked is here.
# urpmi stikked
Read the install docs
# more /usr/share/stikked/INSTALL
At the time of writing this, there are only few webapps in the repositories (and versions maybe slightly lagging behind). But nothing prevents you from installing your favorite webapp from the project’ source.
Basic server supervision
smartmontools and hddtemp for hard disk health monitoring
# urpmi smartmontools hddtemp
eventually review smartd daemon configuration
# nano /etc/smartd.conf
# chkconfig smartd on; service smartd start
Display status for /dev/sda
# smartctl -H /dev/sda
Sensors (can be used with Munin for monitoring temperatures, fan speeds, etc)
# urpmi lm_sensors
Logwatch (daily cron job)
# urpmi logwatch
Review config file
# nano /etc/log.d/logwatch.conf
Graphical supervision with munin 2.0
# urpmi munin-master munin-node
You may receive email warnings about missing munin-conf.d directory, so we create it:
# mkdir -p /etc/munin/munin-conf.d
Add some more plugins (sensors…)
# ln -s /usr/share/munin/plugins/sensors_ /etc/munin/plugins/
Don’t forget to restart node
# service munin-node restart
Please allow several minutes for Munin to generate his first html data (in case you’re encountering an “access denied” error when accessing the URL), then access your Munin dashboard by pointing your browser to http://<yourserver>/munin
Basic server security
(Please note, web server hardening is not the goal of this howto!)
Install Mageia-specific security tools, such as msec
# urpmi –no-suggests msec
Show current msec policy
Your system will be checked periodically via cron jobs (in /etc/cron.*/msec)
Check the logs
# less /var/log/msec.log
rkhunter (rootkit detection)
# urpmi rkhunter
# rkhunter –propupd
# rkhunter –check
(you may encounter some false positives)
A daily cron job is created.
Fail2ban (anti brute-force)
# urpmi fail2ban
Edit configuration (you should enable at least the ssh-iptables jail, and correct the email addresses in sendmail-whois)
# nano /etc/fail2ban/jail.conf
And start daemon
# service fail2ban start
Test brute force ssh with this command from another machine :
$ ssh invaliduser@<yourserver>
(try any password many times)
Now you can see the result on the server with the command
# fail2ban-client status ssh-iptables
And you’ll see the banned IP from the “attacking” machine 🙂
Always read the man pages and the docs!
# ls -al /usr/share/doc/
Show all available packages
# urpmq –list -f |less
(or better, use the AppDb website, link below)
Show info for a package
# urpmq -Si <package>
# urpmi –auto-update
Show currently active repositories
# urpmq –list-media active