Wednesday, June 15, 2011

HOW TO build your own file server with Xubuntu

  1. Assemble a basic computer from old parts, All you need is any old motherboard & Chip, then as much RAM and as big of a hard drive as you can scrap together.
  2. The recommended Operating system for this project is Xubuntu, but there is nothing stopping you from using another OS. You can download the ISO file here Here. Burn the ISO to a CD and boot from it. Then install it on your hard drive. Follow the instructions.  
  3. It's now time to strip it down and remove all un-necessary programs.

     Open Synaptic (Applications > System). Remove openoffice.org-common, abiword, gaim, gimp and thunderbird. Click Apply.

    Now search for updates (Which is always a good idea). Finally, disable the screen saver (Applications > Settings).
  4. Open Synaptic again (Applications > System).
    Search for Samba, and mark it for installation (you'll probably already have some of Samba installed with Xubuntu)
    Open Terminal (Applications > Accessories > Terminal)
    Become root (type: "sudo su" without qoutes, then enter your password if required).
    Change directory to /etc/samba (type "cd /etc/samba").
    Open smb.conf in nano (type "nano smb.conf").
    Replace the entire contents of smb.conf with the following (replace "Name" and "Server Name" with your info from your Xubuntu installation.
[global]
panic action = /usr/share/samba/panic-action %d
workgroup = "Name"
netbios name = "Server name"
invalid users = root
security = user
wins support = no
log file = /var/log/samba.log
log level = 3 
max log size = 1000
syslog = 1
encrypt passwords = true
passdb backend = smbpasswd
socket options = TCP_NODELAY
dns proxy = no
passwd program = /usr/bin/passwd %u
passwd chat =*Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
obey pam restrictions = yes
pam password change = no
null passwords = no

#Share Definitions

[homes]
        comment = Home Directories
        browseable = yes
        writable = yes
        security mask = 0700
        create mask = 0700

Save and exit (CTR+X, then Y, then Enter)
Restart Samba server (type "/etc/init.d/smaba restart")
Set a password (type "smbpsswd -a Username") then enter a password for that user.

         5.  Now it's time to Add FTP Capability. Open Terminal again (Applications > Accessories >      Terminal). 
Become root user (type "sudo su" and enter password).
Type "apt-get install proftpd".
When prompted, select Standalone server.
Configure the server (type "nano /etc/proftpd/proftpd.conf")
Replace the entire contents with the following:

#
# /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.

ServerName "FTP Server"
Serverident                     on "FTP"
ServerType standalone
DeferWelcome off
TimesGMT                        off


MultilineRFC2228 on
#DefaultServer on
ShowSymlinks on

TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin                    welcome.msg
DisplayFirstChdir               .message
ListOptions                 "-l"

DenyFilter \*.*/

AllowForeignAddress             on
AllowRetrieveRestart            on

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
#PersistentPasswd off

# Uncomment this if you would use TLS module:
#TLSEngine on

# Uncomment this if you would use quota module:
#Quotas on

# Uncomment this if you would use ratio module:
#Ratios on

# Port 21 is the standard FTP port.
Port 21
SocketBindTight                 on

PassivePorts                    11000 20000


# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022  022
# Normally, we want files to be overwriteable.
AllowOverwrite on

AllowForeignAddress             on
AllowRetrieveRestart            on
AllowStoreRestart on

# Speed up the server, no DNS lookups, just plain ip's. Turn off when being hax0r3d.
UseReverseDNS off
IdentLookups off

DefaultRoot                     ~
ExtendedLog                     /var/log/proftpd.all ALL


# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default. 
DelayEngine off

<Anonymous ~ftp>
  User                          ftp
  Group                         nogroup
  UserAlias                     anonymous ftp
  DirFakeUser                   on ftp
  DirFakeGroup                  on ftp
  RequireValidShell             off
  MaxClients                    10
  DisplayLogin                  welcome.msg
  DisplayFirstChdir             .message
  AccessGrantMsg                "Anonymous access granted for user %u connecting."

  MaxClientsPerHost             1

  <Directory>
    #DenyAll
    TransferRate        RETR 50
    <Limit WRITE>
      DenyAll
    </Limit>
  </Directory>

Restart the server (type "/etc/init.d/proftpd restart").

6. Now to set up Shell Access. Open Synaptic again.
    Install SSH Server "openssh-server"
    Install VNS Server: "X11vnc"
    Open Terminal and set the password: "vncpasswd~/.vnc/passwd".
    Enter the port on which the server will run: "echo 5900 > ~/.vnc/port".
    Create a custom login command:
             "sudo nano /usr/local/bin/sharex11vnc".

    Fix the user rights "sudo chmod 755 /usr/local/bin/sharex11vnc".
    Exit out of terminal and set the login script to autostart:
           (Applications > Settings > Autostarted Applications > Add - then type in "sharex11vnc" into the
     Fields name and command).
   
      Make your account autologin: Applications > Settings > Login Window > Enable Automatic Logon (then your user)


     You now have your own server!
          What now?
         
          Unplug the monitor, keyboard, CD drive, and mouse. Connect to your server via Putty or another similar program:

          Type in the IP address of your server
          (Remember to click "Connection > SSH > Tunnel".
          The source port is 5900, the destination is localhost:5900
          Now you can play around on your remote machine!

Recommended extra installs after setup: torrentflux, apache, mysql and php.