European Cardshare Forum

Installation CCcam server on Ubuntu 6.06 server with firewall, automatic SofCam.Key, TPS.bin and DNS update, PHP webinfo and more


More information about Ubuntu can be found at www.ubuntuguide.org.

in this manual to make use of VIM as editor. This is the default editor in Ubuntu Server. For information on all the options and VIM type &undefined; vim - help &undefined; in the commandline. Of course you can use any editor that you want. Midnight commander (see paragraph 19) is ideal for anyone who VIM find difficult.

1. Install Ubuntu 6.06 LTS (Long Time Support) server.
Why 6.06 LTS and not 7.04? 6.06 LTS server edition has a kernel that is optimized for servers. Ubuntu desktop server is not (totally unnecessary for a cardserver my opinion) and has thereby installation of a barely 300 mb. In addition, this version 5 years maintained by Ubuntu. Will you 7.04 from next year no more updates for 6.06 LTS run this until 2011.

2. Install SSH:

Code:
# Sudo apt-get install openssh server

If you have done this, the server in principle in the gangkast, attic, barn or anywhere else. No monitor and keyboard longer necessary because anything is possible (using putty) external done. Of course, you can also go to the server itself.

3. Download putty and log into your server:
Http://the.earth.li/ ~ sgtatham/putty/latest/x86/putty.exe

4. Login as root:

Code:
# Sudo su -
Enter your password and you will see that you are now root.

5. Respotries additional incitement in Ubuntu:

Code:
# Vim / etc / apt / sources.list

Remove the pound signs for all road:

Code:
Deb # ......
Save this.

6. Update the sources.list:

Code:
# Apt-get update

7. Install an FTP server:

Code:
# Apt-get install proftpd
Important: Choose during installatievragen for &undefined; standalone &undefined; and not &undefined; initd &undefined;

8. Make folders for the various CCcam:

Code:
# Mkdir / var / keys
And
Code:
# Mkdir / var / etc

9. Change the following directories of ownership (from root to own username):

Code:
# Chown jouwusername / var / keys
# Chown jouwusername / var / etc
# Chown jouwusername / usr / local / bin

10. Sign with your FTP program into your server and upload files from CCcam the following:
CCcam.x86 to / usr / local / bin
CCcam.cfg, CCcam.channelinfo, CCcam.providers to / var / etc

11. Make CCcam.x86 opstartbaaar with chmod:

Code:
# Chmod 755 / usr/local/bin/CCcam.x86

Note: I always rename CCcam.x86 to cccam. Further in this guide is CCcam.x86 therefore cccam.

12. Make sure cccam automatically at startup (re) boot.

Code:
# Vim / etc / rc.local

Add the following:

Code:
/ Usr / local / bin / cccam

13. Because CCcam over time are going to use a lot of memory (and less stable) let me Cccam every night for 4 hours to restart.
Create a cron job:

Code:
# Sudo crontab-e

Add the following:

Code:
00 04 * * * killall cccam & & / usr / local / bin / cccam

Save with Ctrl X, yes, enter

14. Because I have no sense to ever own Softcam.Key and tps.bin update, I have this automated. Every night at 3:59 pm, the last Softcam downloaded.

14.1 Make a bash file:

Code:
# Vim / var / etc / keyupdater.sh

14.2 Add to the new file with the following lines toeen save the file:

Code:
#! / Bin / bash
#
Wget-qO / var / keys / SoftCam.Key http://www.l xs * * t.eu / hpengine / downl ad_files * / * S * y ftCam.K
Wget-qO / var / keys / tps.bin http://www.luxsat ************** wnload_files / tps.bin

Note: I can not drop full path here, most of you will still have enough to hint!

14.3 Make the newly created file bootable:

Code:
# Chmod 755 / var / etc / keyupdater.sh

14.4 Make sure the script eg every night at 4 am to be done:

Code:
# Crontab-e

Add the following line:
Code:
Code:
59 03 * * * / var / etc / keyupdater.sh

Save your &undefined; with Crtl X, yes, enter &undefined;

15. Firewall install:
For the configuration of the firewall, we will not use Netfilter / Iptables but Shorewall. In my opinion, Shorewall far the best solution for Linux firewall. With the help of a number of files Shorewall makes it possible for a relatively simple to very complex firewall. The configuration is obviously very dependent on how and what is on the server is running. I go out of the most common situation. Most people will have standalone server running and connected to a router. The server has a network connection (NIC).

15.1 Install the Firewall (Shorewall):

Code:
# Apt-get install shorewall

15.2 In order to boot the shorewall start:

Code:
# Vim / etc / default / shorewall

Replace:

Code:
Startup = 0

V

Code:
Startup = 1

Save it.

15.3 y the example configuratiefiles of shorewall to the correct directory:

Code:
# Cp / usr / share / doc / shorewall / default-config / * / etc / shorewall /


15.4 From this point it is best for all configuratiefies in / etc / shorewall / shorewall to take in order to get to know. This is a rather time consuming so I will just go through the main things.

15.5 Tell shorewall what netwerkzones you use. In our example with a NIC there are two areas which 1 firewall itself and the NIC.

Code:
# Vim / etc / shorewall / zones

Add the following:

Code:
# TYPE OF OPTIONS IN ZONE OUT
# OPTIONS OPTIONS
FW firewall
Just ipv4
# LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE

Save this.

15.6 Next, we configure the interface (NIC):

Code:
# Vim / etc / shorewall / interfaces

Add the following:

Code:
ZONE # INTERFACE BROADCAST OPTIONS
Just eth0
# LAST LINE-ADD YOUR ENTRIES BEFORE THIS ONE-DO NOT REMOVE

15.7 Now we go into the firewall is set:

Code:
# Vim / etc / shorewall / policy

Add the following:

Code:
# SOURCE DEST POLICY LOG LIMIT: BURST
# LEVEL
FW net ACCEPT
Net all DROP
All All REJECT
# LAST LINE-DO NOT REMOVE

Ie traffic comes from outside the firewall to pass
Everything from the Internet to the firewall block
All all rejection is standard and so you have to leave.

Save this.

15.8 If we go into the last firewall rules provide:
This example is applicable if you CCcam port 12000 used in the web interface 16001 and the Web interface only in a specific PC on the LAN with IP 192.168.1.10 available.

Code:
# Vim / etc / shorewall / rules

Add the following:

Code:
# ACTION SOURCE DEST PROTO DEST ORIGINAL SOURCE RATE USER /
# PORT PORT (S) DEST LIMIT GROUP
ACCEPT net: 192.168.1.10 fw tcp 16001
ACCEPT net FW TCP 12000
ACCEPT net fw tcp 22 (SSH)
ACCEPT net fw tcp 21 (FTP)

Block port # 12000 for a particular IP
DROP net: 220.153.535.2 fw tcp 12000

Block port # 12000 for multiple IPs
DROP net: 220.153.535.2, 233.233.111.33, 232.33.44.11 fw tcp 12000

# If you are like Spiderman Samba used to share files, these gates course OOk open but of course only on your internal network.
ACCEPT net: 192.168.1.10/20 fw tcp 137138139389445 --
ACCEPT net: 192.168.1.10/20 fw udp 137138139389445 --

Etc. Etc.

Save this.

16. Shorewall start:

Code:
# Shorewall start

If you have made a mistake somewhere you get to see in your output.

All other files in / etc / shorewall you do not have to change.

Handigheidjes:

17. Install htop services to be able to see your screens

Code:
# Apt-get install htop

Booting with:

Code:
# Htop

18. In order to be able to monitor network traffic to install nload:

Code:
# Apt-get install nload

Boot with:

Code:
# Nload

19. To meet the commandline easy to navigate through all the files and editing them install Midnight Commander:

Code:
# Apt-get install mc

Boot with:

Code:
# MC

20. Apache and PHP5 for PHP Webinfo Installation

20.1 Install Apache HTTP Server:

Code:
# Apt-get install apache2

20.2 Install PHP5:

Code:
# Apt-get install php5
Then
Code:
# / Restart etc/init.d/apache2

20.3 Open port 80 in the Firewall

Code:
# Vim / etc / shorewall / rules

Add the following: Code:
ACCEPT net: fw tcp 80

20.4 Restart Shorewall

Code:
# Shorewall restart

20.5 Test of Apache and PHP5 work:

Code:
# Vim / var / www / testphp.php

Add the following:

Code:
();>

20.6 In your browser you call the newly created php file with http://IP_van_server/testphp.php
If everything is goedgegaan you get a good overview of PHP.

21. Now we Webinfo PHP install.


21.1 Make yourself owner / var / www /

Code:
# Chown jouwusername / var / www /

21.2 Upload the PHP Webinfo files with FTP
Only index.php and the map data in / var / www /
Profiles.ini to / var / etc /

Note: Certainly NOT profiles.ini in your webroot (/ var / www /), as standard intended. The log of your server in plain text in that file and for anyone up for grabs!

21.3 Provide write to the directory data:

Code:
# Chmod 777 / var / www / data

21.4 Only profiles.ini in with the correct information:

Code:
Vim / var / etc / profiles.ini

Follow the instructions, the file looks like this
Code:
# Replace the following lines with your dns, ftp port, and pass user for the server cccam
127.0.0.1
21
Username
Password

21.5 Change initialprocess.php file:

Quote
# Vim / var / www / data / initialprocess.php

Search in Rule 62 to:
Code:
If (file_exists ("../ profiles.ini ")) ($ accessdata = file ("../ profiles.ini");

Do not forget this:
Code:
If (file_exists ( "/ var / etc / profiles.ini")) ($ accessdata = file ( "/ var / etc / profiles.ini");

Ready!

Navigate your browser to http://IP_van_server/ and you see extensive information on CCcam

22 NO IP Client for automatic DNS update:
Code:
Apt-get install no-ip

NO 22.1 IP Client configuration:
Code:
No-IP-C
Follow the steps and finished 5 configuration.
The updater is doing his work for the X minutes that you indicate in Step 5.
NO-IP start automatically reboot.

23 DynDNS Client for automatic DNS update:
Code:
Apt-get install ddclient

23.1 DynDNS Client configuration:
Code:
Vim / etc / ddclient.conf

Only this config file to your insight like this:
Code:
#
# / Etc / ddclient / ddclient.conf
#
Protocol = dyndns2
Use = web
Login = mylogin
Password = mypassword
Myhost.dyndns.org


Start DynDNS Client
Code:
/ Etc / init.d / ddclient start

DynDNS start automatically when a reboot.



Success!