Tomas Quintero

My fresh install of WSUS 3.0 SP1 was downloading at pathetic speeds. I’d let it run all day and pulled down only 700MB (of 13,465.69MB).

Googling this problem came up with few results, most of which talked about WsusDebugTool.exe, which unfortunately does not work with WSUS 3.0.

The solution: http://support.microsoft.com/kb/922330. I found it on a random forum, the kb article title is awful, but the insides work.

From the article:

If you are using WSUS 3.0 with a Windows Internal Database that was created by a default WSUS installation, type the following command (all one line):

%programfiles%\Update
Services\Setup\ExecuteSQL.exe -S %Computername%\MICROSOFT##SSEE -d
"SUSDB" -Q "update tbConfigurationC set
BitsDownloadPriorityForeground=1"

Restart the Update Services service. To do this, follow these steps:

1. Click Start, click Run, type services.msc, and then click OK.
2. In the Services dialog box, right-click Update Services, and then click Restart.

This is my simple guide for installing a LAMP stack on Ubuntu JeOS. In this I use Lighttpd instead of Apache, maybe we should call this version LLMP.

First, I like to begin with setting a password on root. This is a faux pas in the Ubuntu world, but I consider it critical. If you find yourself unable to sudo, because your sudoers file has run into issues, su will save you a headache.

sudo passwd root

Next, update your system.

sudo apt-get update && sudo apt-get upgrade

Personally, I don’t rock the vim. Let’s get nano

sudo apt-get install nano

I also don’t rock the console for very long, let’s get SSH installed and configured

sudo apt-get install openssh-server

Because we have set a root password, we need to restrict remote root login.

sudo nano /etc/ssh/sshd_config

Change PermitRootLogin yes to no, then restart SSHd

sudo /etc/init.d/ssh restart

At this point, I like to install iptables and create a policy.

sudo nano /etc/iptables_rules

and inside of /etc/iptables_rules:

#!/bin/sh

# Flushing all rules
iptables -F
iptables -X

# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT

# Allow localhost traffic
iptables -A INPUT -i lo -j ACCEPT

# Allow established sessions
iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

# Allow SSH in and out
iptables -A INPUT -p tcp –dport 22 -j ACCEPT

# Allow HTTP traffic
iptables -A INPUT -p tcp –dport 80 -j ACCEPT

# Allow FTP traffic
iptables -A INPUT -p tcp –dport 21 -j ACCEPT
modprobe ip_conntrack_ftp

# Block SSH brute force attempts
iptables -A INPUT -p tcp –dport 22 -m state –state NEW -m recent –set –name SSH
iptables -A INPUT -p tcp –dport 22 -m state –state NEW -m recent –update –seconds 60 –hitcount 8 –rttl –name SSH -j DROP

Next, I don’t allow local users to see the rules

sudo chmod 770 /etc/iptables_rules

We want our rules to apply at each boot, so I symbolic link them into the network startup dir

sudo ln -s /etc/iptables_rules /etc/network/if-up.d/iptables_rules

Then we run the rules script for the first time

sudo /etc/iptables_rules

Next, I create a firewall rule stop script, incase it needs to be easily/quickly executed from console

sudo nano /root/fw.stop

and into fw.stop goes

#!/bin/sh
echo "Stopping firewall and allowing all connections..."
iptables -F
iptables -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

Then I chmod it as well

chmod 770 /root/fw.stop

This is JeOS, you may want crontab, manpages, locate and wget, right? Let’s grab them all, I consider them essential.

sudo apt-get install cron manpages man-db locate wget

I also like an up-to-date locate. Locate updates daily, but if you wanted to use it right away it would report that the db was not built. Let’s run it.

sudo /etc/cron.daily/locate

Time to install our LAMP stack. I use Lighttpd, so that’s what will be installed and configured per this guide.

sudo install mysql-server mysql-client lighttpd php5-cgi php5-gd imagemagick postfix php-mail phpmyadmin

The above command gives us lots of things including MySQL, Lighttpd, PHP5, Postfix, PhpMyAdmin, and a few apps such as imagemagick which are used by popular software sets such as phpBB.

Next, we need to enable a few lighty configs

sudo cp /etc/lighttpd/conf-available/10-cgi.conf /etc/lighttpd/conf-enabled/10-cgi.conf
sudo cp /etc/lighttpd/conf-available/10-fastcgi.conf /etc/lighttpd/conf-enabled/10-fastcgi.conf
sudo cp /etc/lighttpd/conf-available/10-ssi.conf /etc/lighttpd/conf-enabled/10-ssi.conf
sudo cp /etc/lighttpd/conf-available/10-userdir.conf /etc/lighttpd/conf-enabled/10-userdir.conf

I also make a few modifications in lighty’s config file

sudo nano /etc/lighttpd/lighttpd.conf

"mod_compress", => # "mod_compress", ## disable mod_compress, causes issues in some environments
---
index-file.names => ADD index.shtml into the list ## enables index.shtml for SSI indices
---
server.dir-listing = "enable" => server.dir-listing = "disable" ## disable dir listings
---
compress.cache-dir => #compress.cache-dir ## disables this line item, since the module is disabled
compress.filetype => #compress.filetype ## disables this line item, since the module is disabled

Lastly, restart Lighttpd and we’re good to go

sudo /etc/init.d/lighttpd restart