Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 26th June 2009, 11:08
Master One Master One is offline
Junior Member
 
Join Date: Mar 2008
Posts: 23
Thanks: 1
Thanked 0 Times in 0 Posts
Question ISPConfig 3: Monitor Module & Logfiles - All setup correctly?

A fresh installation of ISPConfig 3.0.1.3 on Ubuntu Server 9.04 Minimal (as offered as install-image by Hetzner) with all necessary steps according to The Perfect Server - Ubuntu 9.04 [ISPConfig 3] executed.

When I enter the Monitor module "System State (All Servers) >> Show Overview" everything looks OK, except the warning of "Your Virus-protection is OUTDATED!" due to the latest upgrade of ClamAV not being in the Ubuntu repos (so nothing to worry about).

When I enter "System State (All Servers) >> Show System-Log", the log (ISPConfig Protokoll) seems to be empty. Is this normal?

Then the logfiles:

Show Mail-Log
Code:
Jun 26 08:46:58 <HOSTNAME> amavis[2750]: Found decoder for .zoo at /usr/bin/zoo
Jun 26 08:46:58 <HOSTNAME> amavis[2750]: No decoder for .lha
Jun 26 08:46:58 <HOSTNAME> amavis[2750]: No decoder for .doc tried: ripole
Jun 26 08:46:58 <HOSTNAME> amavis[2750]: Found decoder for .cab at /usr/bin/cabextract
Jun 26 08:46:58 <HOSTNAME> amavis[2750]: No decoder for .tnef
Jun 26 08:46:58 <HOSTNAME> amavis[2750]: Internal decoder for .tnef
Jun 26 08:46:58 <HOSTNAME> amavis[2750]: Found decoder for .exe at /usr/bin/arj
Jun 26 08:46:58 <HOSTNAME> amavis[2750]: Using primary internal av scanner code for ClamAV-clamd
Jun 26 08:46:58 <HOSTNAME> amavis[2750]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
Jun 26 08:46:58 <HOSTNAME> amavis[2750]: Creating db in /var/lib/amavis/db/; BerkeleyDB 0.34, libdb 4.6
Jun 26 08:47:00 <HOSTNAME> spamd[2907]: logger: removing stderr method
Jun 26 08:47:02 <HOSTNAME> spamd[2956]: spamd: server started on port 783/tcp (running version 3.2.5)
Jun 26 08:47:02 <HOSTNAME> spamd[2956]: spamd: server pid: 2956
Jun 26 08:47:02 <HOSTNAME> spamd[2956]: spamd: server successfully spawned child process, pid 3222
Jun 26 08:47:02 <HOSTNAME> spamd[2956]: spamd: server successfully spawned child process, pid 3223
Jun 26 08:47:02 <HOSTNAME> spamd[2956]: prefork: child states: II
Jun 26 08:47:04 <HOSTNAME> authdaemond: modules="authmysql", daemons=5
Jun 26 08:47:04 <HOSTNAME> authdaemond: Installing libauthmysql
Jun 26 08:47:04 <HOSTNAME> authdaemond: Installation complete: authmysql
Jun 26 08:47:05 <HOSTNAME> postfix/master[3510]: daemon started -- version 2.5.5, configuration /etc/postfix
Jun 26 08:50:01 <HOSTNAME> pop3d: Connection, ip=[::ffff:127.0.0.1]
Jun 26 08:50:01 <HOSTNAME> pop3d: Disconnected, ip=[::ffff:127.0.0.1]
Jun 26 08:50:01 <HOSTNAME> imapd: Connection, ip=[::ffff:127.0.0.1]
Jun 26 08:50:01 <HOSTNAME> imapd: Disconnected, ip=[::ffff:127.0.0.1], time=0
Jun 26 08:50:02 <HOSTNAME> postfix/smtpd[3786]: connect from localhost[127.0.0.1]
Jun 26 08:50:02 <HOSTNAME> postfix/smtpd[3786]: lost connection after CONNECT from localhost[127.0.0.1]
Jun 26 08:50:02 <HOSTNAME> postfix/smtpd[3786]: disconnect from localhost[127.0.0.1]
Jun 26 08:55:01 <HOSTNAME> pop3d: Connection, ip=[::ffff:127.0.0.1]
Jun 26 08:55:01 <HOSTNAME> pop3d: Disconnected, ip=[::ffff:127.0.0.1]
Jun 26 08:55:01 <HOSTNAME> imapd: Connection, ip=[::ffff:127.0.0.1]
Jun 26 08:55:01 <HOSTNAME> imapd: Disconnected, ip=[::ffff:127.0.0.1], time=0
Jun 26 08:55:01 <HOSTNAME> postfix/smtpd[3893]: connect from localhost[127.0.0.1]
Jun 26 08:55:01 <HOSTNAME> postfix/smtpd[3893]: lost connection after CONNECT from localhost[127.0.0.1]
Jun 26 08:55:01 <HOSTNAME> postfix/smtpd[3893]: disconnect from localhost[127.0.0.1]
Jun 26 09:00:01 <HOSTNAME> imapd: Connection, ip=[::ffff:127.0.0.1]
Jun 26 09:00:01 <HOSTNAME> imapd: Disconnected, ip=[::ffff:127.0.0.1], time=0
Jun 26 09:00:01 <HOSTNAME> pop3d: Connection, ip=[::ffff:127.0.0.1]
Jun 26 09:00:01 <HOSTNAME> pop3d: Disconnected, ip=[::ffff:127.0.0.1]
Jun 26 09:00:01 <HOSTNAME> postfix/smtpd[3986]: connect from localhost[127.0.0.1]
Jun 26 09:00:01 <HOSTNAME> postfix/smtpd[3986]: lost connection after CONNECT from localhost[127.0.0.1]
Jun 26 09:00:01 <HOSTNAME> postfix/smtpd[3986]: disconnect from localhost[127.0.0.1]
Since amavis was missing some decoders, I just installed lha, ripole, tnef and ytnef, just to be sure. But what about these "Connection", "Disconnected" and "lost connection after CONNECT" messages every 5 minutes? Is this the normal behavior when idle?

Show System-Log
Code:
Jun 26 08:47:05 <HOSTNAME> kernel: [ 79.412564] warning: `pure-ftpd-mysql' uses 32-bit capabilities (legacy support in use)
Jun 26 08:50:01 <HOSTNAME> pure-ftpd: (?@localhost) [INFO] New connection from localhost
Jun 26 08:50:01 <HOSTNAME> pure-ftpd: (?@localhost) [INFO] Logout.
Jun 26 08:55:01 <HOSTNAME> pure-ftpd: (?@localhost) [INFO] New connection from localhost
Jun 26 08:55:01 <HOSTNAME> pure-ftpd: (?@localhost) [INFO] Logout.
Jun 26 09:00:01 <HOSTNAME> pure-ftpd: (?@localhost) [INFO] New connection from localhost
Jun 26 09:00:01 <HOSTNAME> pure-ftpd: (?@localhost) [INFO] Logout.
Do these messages from pure-ftpd all 5 minutes show normal behavior?

Show ISPC Cron-Log
Code:
Error: configuration file /etc/getmail/*.conf does not exist
/usr/share/getmail4/getmailcore/baseclasses.py:26: DeprecationWarning: the sets module is deprecated
import sets
Error: configuration file /etc/getmail/*.conf does not exist
/usr/share/getmail4/getmailcore/baseclasses.py:26: DeprecationWarning: the sets module is deprecated
import sets
Error: configuration file /etc/getmail/*.conf does not exist
/usr/share/getmail4/getmailcore/baseclasses.py:26: DeprecationWarning: the sets module is deprecated
import sets
What about these getmail messages, which repeat themselves all over?

Show Clamav-Log: All looking good, except "Not loading PUA signatures.", whatever that means. Does anybody know?

Show RKHunter-Log: All looking good, except 4 warnings
Code:
/usr/bin/awk                                      [ Warning ]
Warning: The file properties have changed:
         File: /usr/bin/awk
         Current hash: 22d642d0b17926f529007e87ceb285526d49e40a
         Stored hash : 98a26834b3be4feb92d1db861490800742805128
/usr/bin/gawk                                     [ Warning ]
Warning: The file '/usr/bin/gawk' exists on the system, but it is not present in the rkhunter.dat file.
/usr/sbin/unhide                                  [ Warning ]
Warning: The file '/usr/sbin/unhide' exists on the system, but it is not present in the rkhunter.dat file.
/usr/sbin/unhide-linux26                          [ Warning ]
Warning: The file '/usr/sbin/unhide-linux26' exists on the system, but it is not present in the rkhunter.dat file.

System checks summary
=====================

File properties checks...
Files checked: 125
Suspect files: 4

Rootkit checks...
Rootkits checked : 110
Possible rootkits: 0

Applications checks...
Applications checked: 4
Suspect applications: 0
I guess, that's nothing to worry about, nevertheless it would be nice, if this could be fixed, because if you configure an email address in /etc/rkhunter.conf, it will inform you about these warnings every time the system is checked. Any idea?

Show fail2ban-Log
Code:
fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.3
fail2ban.server : ERROR Unexpected communication error
fail2ban.jail : INFO Creating new jail 'ssh'
fail2ban.jail : INFO Jail 'ssh' uses poller
fail2ban.server : ERROR Unexpected communication error
fail2ban.filter : INFO Added logfile = /var/log/auth.log
fail2ban.server : ERROR Unexpected communication error
fail2ban.filter : INFO Set maxRetry = 6
fail2ban.server : ERROR Unexpected communication error
fail2ban.server : ERROR Unexpected communication error
fail2ban.filter : INFO Set findtime = 600
fail2ban.server : ERROR Unexpected communication error
fail2ban.actions: INFO Set banTime = 600
fail2ban.server : ERROR Unexpected communication error
fail2ban.server : ERROR Unexpected communication error
fail2ban.server : ERROR Unexpected communication error
fail2ban.server : ERROR Unexpected communication error
fail2ban.server : ERROR Unexpected communication error
fail2ban.server : ERROR Unexpected communication error
fail2ban.server : ERROR Unexpected communication error
fail2ban.server : ERROR Unexpected communication error
fail2ban.server : ERROR Unexpected communication error
fail2ban.server : ERROR Unexpected communication error
fail2ban.server : ERROR Unexpected communication error
fail2ban.server : ERROR Unexpected communication error
fail2ban.server : ERROR Unexpected communication error
fail2ban.server : ERROR Unexpected communication error
fail2ban.server : ERROR Unexpected communication error
fail2ban.server : ERROR Unexpected communication error
fail2ban.server : ERROR Unexpected communication error
fail2ban.server : ERROR Unexpected communication error
fail2ban.server : ERROR Unexpected communication error
fail2ban.server : ERROR Unexpected communication error
fail2ban.jail : INFO Jail 'ssh' started
fail2ban.server : ERROR Unexpected communication error
That's the snippet since the latest restart, which I did just now. Does fail2ban need to be configured, or is it supposed to work right out of the box? Is there any more info, what to do, to get it working on an installation with a typical ISPConfig 3 setup?

I know, that kind of stuff is not really ISPConfig related, since ISPConfig only shows the logs, but nevertheless it would be nice to get some recommendations. This is my first real-life experience with ISPConfig 3, and I just want to be sure, that everything is setup correctly, before I start using it.
Reply With Quote
Sponsored Links
 

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Loads of mysql connections to dbispconfig StrikerNL General 2 5th March 2009 14:31
suse 10.2 perfect setup without ISPCONFIG hjlopes Installation/Configuration 1 21st August 2008 20:21
ISPConfig Logfiles (2147483647 bytes) ISPConfigFan General 7 29th April 2008 22:37
ISPConfig 2.3.2-dev released till General 9 4th June 2007 10:46
Which IP's to use for ISPConfig setup skeeta Installation/Configuration 3 4th September 2005 08:30


All times are GMT +2. The time now is 08:02.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.