AWS Raw WebDNA LAMP-Plus WebServer

Amazon Web Services (AWS) README for Machine Image ID

About this Document:
Amazon Web Services (AWS) README for Machine Image ID (AMI ID): ami-9504b4fc
Created by Donovan Brooke - Sept. 2012


DESCRIPTION:---------------------------------------------------------------------------
AMI ID: ami-9504b4fc
AMI Name: WebDNA_Server-LAMP_Plus
AMI Description: Ubuntu_Server-12.04-LTS-x86_64-WebDNA_6.2.1-Apache2-MySQL_Serv-PHP5-ProFTPD-Webalizer
Base AMI ID: ami-a29943cb
WebDNA 6x Developers Lic. Installed: WDEV-5aMT-bla0-eiCL-lLIC

Installed Applications (The exact 'history' of the installs is appended to this document):
- WebDNA (6.2.1)
- Apache2 (2.2.22)
- MySQL-Server (no password)
- PHP5 (5.3.10-1ubuntu3.4)
Other:
- Bind9
- Webalizer
- phpmyadmin (not configured, see 'man phpmyadmin')
- ProFTPD (not configured, see 'man proftpd')
end description-------------------------------------------------------------------------


** Initial Notes ** ================================================================
- Access your AMI instance using SSH with the default username 'ubuntu' (instead of root).

** You can get your access info in the AWS Console by right clicking on your instance
and selecting 'connect'. This will bring up a connection box. Click on the Arrow next
to 'connect with a standalone SSH client'. Copy and paste the connection info into
your local terminal to connect (changing 'root' to 'ubuntu' first).

- After starting the instance, you can test that your webserver is working by
extracting the I.P. address out of the 'connect' information and plugging that into a
browser. For example, if your connect info is:
'ssh -i dbkey.pem root@ec2-184-73-125-65.compute-1.amazonaws.com'
Then your IP would be: '184.73.125.65' and you can test your instance by plugging
'http://184.73.125.65' into your browser.

- ** in going "live production" with your server, see the 'OVERVIEW' section below. **
====================================================================================



SECURITY (3 Important Steps):---------------------------------------------------------

Upon your instance being started, you will want to secure certain aspects
of your server. These are:

1.) Create a new administrive username. (This is optional, but it is our recommendation
to change the default user to a custom administrative user.

To add a new administrative user, type:
'sudo adduser --ingroup admin [username]'
'[password]'

Then create your SSH Public/Private Key Pairs in order to give access to your new user.

(Key Pairs are considered more secure than a potentially crackable username and password,
but don't lose your local key!)

To create and configure your key pairs, reference:
https://help.ubuntu.com/community/SSH/OpenSSH/Keys
(If the link goes away, just google 'Generating RSA Keys ubuntu')

Once done, log out of the ubuntu user account and test your login with the new admin user.

Try to morph to superuser with your new user as well ('sudo su')

Once you have successfully tested the new administrative user, you can delete your
original 'ubuntu' user.

As 'sudo su', type:

'deluser --remove-home ubuntu'

You now are left with your one custom administrative user. Note, you will now log
into your instance without the .pem file via ssh. (ssh [yournewuser]@[thedomain_or_IP])


2.) Set your MySQL root password (via terminal).
type:
'mysql -u root -p'
[just hit return without a password]

You should now have a prompt like 'mysql>'

Set your password so you can't do what you just did (replace '[YOURNEWPASSWORD]' below):

First, select your database:
mysql> 'use mysql;'
mysql> 'UPDATE user SET Password=PASSWORD('[YOURNEWPASSWORD]') WHERE User='root';'
mysql> 'flush privileges;'
mysql> 'quit;'

You can test that you successfully secured mysql by typing: 'mysql -u root -p' again
and trying to log in without a password. Try it again to make sure you *can* log in
with the new password.

Thats it! Optionally, you can setup a non-root user if you wish, as well as review
the users that are currently registered to make sure it is secure. Google 'securing MySQL'
for more info.


3.) Secure WebDNA:
- go to: http://[your_domain_or_IP]/WebCatalog/ in your browser.
(https if you install a secure certificate first)
- click on 'security' and at the prompt enter user 'admin' and password 'admin'.
- click on 'display all users' and then click on 'Set Password' on the admin line.
- You may also want to change the default password for price changes, though it can
 be later when you actually use it. Click on 'preferences', then scroll down to
 'price change password' to change that.

4.) Your server is now secure. From here, you may want to configure the rest of your
applications that are installed by default. type 'man [the_application]' to start.

end security------------------------------------------------------------------------------



OVERVIEW:---------------------------------------------------------------------------------
This is a raw LAMP plus WebDNA Server that includes website extras. It is based off
of AMI ID: a29943cb which is a Ubuntu 12.04 (LTS) x86_64 bit OS. It has been updated
and safe-upgraded to Sept 17 2012.

 " Just fire it up, perform a couple security fixes, and start using it for
 free (other than AWS infrastructure fees) to develop your websites and/or
 develop in WebDNA!

With the free WebDNA Developers License already installed, you can build and test all
your content without paying a dime to WSC. Once you want to go live, just visit
store.webdna.us to purchase the *server* license that fits your needs the
best. The production license takes away the 3-connection limit.

After installing the items above, the server was hardened according to
Amazons specifications by removing bash history, SSH Keys, etc.
end overview------------------------------------------------------------------------------



Bash History of Installation:-------------------------------------------------------------
1 aptitude update
2 aptitude safe-upgrade
3 aptitude install apache2
4 aptitude install mysql-server
5 aptitude install php5
6 aptitude install bind9
7 aptitude install proftpd
8 aptitude install phpmyadmin
9 aptitude install webalizer
10 man webalizer
11 getenforce
12 cd /tmp/
13 ls -la
14 tar -xzf WebDNA-Linux-6.2.1.tar.gz
15 cd WebDNA-6.2.1/
16 ls
17 ./install_WebDNA.sh
18 dpkg --get-selections |grep openssl
19 ln -s ../init.d/WebCatalogCtl /etc/rc2.d/K03WebCatalog
20 ln -s ../init.d/WebCatalogCtl /etc/rc3.d/K03WebCatalog
21 ln -s ../init.d/WebCatalogCtl /etc/rc5.d/K03WebCatalog
22 ln -s ../init.d/WebCatalogCtl /etc/rc2.d/S90WebCatalog
23 ln -s ../init.d/WebCatalogCtl /etc/rc3.d/S90WebCatalog
24 ln -s ../init.d/WebCatalogCtl /etc/rc5.d/S90WebCatalog
end history------------------------------------------------------------------------------


DISCLAIMER:
This server AMI is offered to the public free of charge (other than AWS fees) and without warranty. Use at
your own risk. Though WebDNA Software Corporation provides instructions on basic security, it
is ultimately up to the administrator to make sure the server is and remains secure. WebDNA Software
Corporation cannot be held liable for any damages done in using this virtual server.

For additional help, WebDNA Software Corporation may be hired as a service. However, WebDNA Software
Corporation is not obligated to provide service for this virtual server.

Contact: support@webdna.us

Donovan Brooke

DOWNLOAD WEBDNA NOW!

Top Articles:

Tips and Tricks

A list of user-submitted tips ...

Download WebDNA Applications

WebDNA applications...

[biotype]

BioType is a behavioral biometrics WebDNA function based on ADGS research and development (from version 8...

WebDNA reference

A list of all WebDNA instructions...

WebDNA Libraries

A list of available libraries for WebDNA...

Technical Change History

This Technical Change History provides a reverse chronological list of WebDNA changes...

Related Readings:

Find duplicate records

Find duplicate records and do something with them...

How to setup CODA to work with WebDNA?

This page will show graphically how to setup CODA as a WebDNA partner :-)...

ImageMagick

Use ImageMagick to manipulate images when you upload them...

Export data to Excel

Here's a handy way to export your data to a text or Excel file...

Do you hate updating the copyright notice at the bottom of all your pages?

It's January 1st and you have to update the copyright notice at the bottom of all your websites...

Removing whitespace

How can I remove all whitespace entered by a user from an input box (ie card number)...