Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 7th April 2012, 03:59
Davide Davide is offline
Senior Member
 
Join Date: Jul 2006
Posts: 123
Thanks: 16
Thanked 7 Times in 6 Posts
Default Bastille on Debian squeeze

Hi, list

There is not bastille package in debian stable (squeeze). My installation is an update from lenny to squeeze, so I've only realised when I had to deinstall it trying to make bastille start with system

I have installed bastille from lenny, and it seems to work OK now, but I don't like the idea of having lenny packages in squeeze

Is there any other recommended way to install bastille in squeeze?
Why is bastille not mentioned in anyone of all Perfect setup for debian squeeze?

Thank you
Reply With Quote
Sponsored Links
  #2  
Old 7th April 2012, 10:47
falko falko is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,900
Thanked 2,702 Times in 2,545 Posts
Default

Bastille comes with ISPConfig, so you don't need to install it.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 8th April 2012, 00:14
Davide Davide is offline
Senior Member
 
Join Date: Jul 2006
Posts: 123
Thanks: 16
Thanked 7 Times in 6 Posts
Default

I've tried to update ispconfig3 after deinstalling bastille with no sucess. Bastille was not mentioned at all.

With lenny package, ispconfig 3 is updating /etc/Bastille/bastille-firewall.cfg.

How could I reactivate ISPConfig3 included bastille?
Reply With Quote
  #4  
Old 10th April 2012, 00:53
Davide Davide is offline
Senior Member
 
Join Date: Jul 2006
Posts: 123
Thanks: 16
Thanked 7 Times in 6 Posts
Default

Anyone?

I think I have found the origin of my mistake. My initial installation was following this perfect setup.
I suppose I've trusted this comment so I installed Lenny's bastille.

Is reinstalling ispconfig the only solution for bringing back bastille after deinstalling debian package?
Reply With Quote
  #5  
Old 10th April 2012, 21:02
falko falko is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,900
Thanked 2,702 Times in 2,545 Posts
Default

I'm not sure what is wrong with your system right now, but you can simply try an ISPConfig upgrade. Download the latest version, go to the install dir and run
Code:
php update.php
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #6  
Old 11th April 2012, 00:40
Davide Davide is offline
Senior Member
 
Join Date: Jul 2006
Posts: 123
Thanks: 16
Thanked 7 Times in 6 Posts
Default

I'll try to explain:

This was my actual situation (lenny's bastille installed):

Code:
# apt-cache policy bastille
bastille:
  Instalados: 1:2.1.1-13
  Candidato:  1:2.1.1-13
  Tabla de versión:
 *** 1:2.1.1-13 0
        100 /var/lib/dpkg/status
# /etc/init.d/bastille-firewall restart                                                                                                                                
Setting up IP spoofing protection... done.                                                                                                                                    
Allowing traffic from trusted interfaces... done.                                                                                                                             
Setting up chains for public/internal interface traffic... done.                                                                                                              
Setting up general rules... done.                                                                                                                                             
Setting up outbound rules... done.
# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination         
DROP       tcp  --  anywhere             loopback/8          
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     all  --  anywhere             anywhere            
DROP       all  --  base-address.mcast.net/4  anywhere            
PUB_IN     all  --  anywhere             anywhere            
PUB_IN     all  --  anywhere             anywhere            
PUB_IN     all  --  anywhere             anywhere            
PUB_IN     all  --  anywhere             anywhere            
PUB_IN     all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            

Chain FORWARD (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
DROP       all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
PUB_OUT    all  --  anywhere             anywhere            
PUB_OUT    all  --  anywhere             anywhere            
PUB_OUT    all  --  anywhere             anywhere            
PUB_OUT    all  --  anywhere             anywhere            
PUB_OUT    all  --  anywhere             anywhere            

Chain INT_IN (0 references)
target     prot opt source               destination         
ACCEPT     icmp --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            

Chain INT_OUT (0 references)
target     prot opt source               destination         
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain PAROLE (14 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            

Chain PUB_IN (5 references)
target     prot opt source               destination         
ACCEPT     icmp --  anywhere             anywhere            icmp destination-unreachable 
ACCEPT     icmp --  anywhere             anywhere            icmp echo-reply 
ACCEPT     icmp --  anywhere             anywhere            icmp time-exceeded 
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ftp-data 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ftp 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ssh 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:smtp 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:domain 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:www 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:pop3 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:imap2 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:https 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:submission 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:imaps 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:pop3s 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:mysql 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:webmin 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:mysql 
DROP       icmp --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            

Chain PUB_OUT (5 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            

Chain fail2ban-courierimap (0 references)
target     prot opt source               destination         

Chain fail2ban-courierpop3 (0 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain fail2ban-courierpop3s (0 references)
target     prot opt source               destination         

Chain fail2ban-pureftpd (0 references)
target     prot opt source               destination         

Chain fail2ban-sasl (0 references)
target     prot opt source               destination         

Chain fail2ban-ssh (0 references)
target     prot opt source               destination
As you can see, Bastille is working.

So, I'm going to deinstall lenny's bastille:
Code:
apt-get remove --purge bastille
Leyendo lista de paquetes... Hecho
Creando árbol de dependencias       
Leyendo la información de estado... Hecho
El paquete indicado a continuación se instaló de forma automática y ya no es necesarios.
  libcurses-perl
Utilice «apt-get autoremove» para eliminarlos.
Los siguientes paquetes se ELIMINARÁN:
  bastille*
0 actualizados, 0 se instalarán, 1 para eliminar y 0 no actualizados.
Se liberarán 1544 kB después de esta operación.
żDesea continuar [S/n]? 
(Leyendo la base de datos ... 56812 ficheros o directorios instalados actualmente.)
Desinstalando bastille ...
Stopping Bastille firewall..
WARNING: reverting to default settings (dropping firewall)
disabling IP forwarding... done.
unloading masquerading modules... done.
resetting default input rules to accept... done.
resetting default output rule to accept... done.
resetting default forward rule to accept... done.
flushing INPUT rules... done.
flushing OUTPUT rules... done.
flushing FORWARD rules... done.
removing user-defined chains... done.
done.
Purgando ficheros de configuración de bastille ...
insserv: warning: script 'K01jailkit' missing LSB tags and overrides
insserv: warning: script 'jailkit' missing LSB tags and overrides
Procesando disparadores para man-db ...
so I have not firewall now:
Code:
# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain fail2ban-courierimap (0 references)
target     prot opt source               destination         

Chain fail2ban-courierimaps (0 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain fail2ban-courierpop3 (0 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain fail2ban-courierpop3s (0 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain fail2ban-pureftpd (0 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain fail2ban-ssh (0 references)
target     prot opt source               destination
So I'm going to update ispconfig. I'm going to do a REAL update from 3.0.4.3 to 3.0.4.4:
Code:
# ispconfig_update.sh 


--------------------------------------------------------------------------------
 _____ ___________   _____              __ _       
|_   _/  ___| ___ \ /  __ \            / _(_)      
  | | \ `--.| |_/ / | /  \/ ___  _ __ | |_ _  __ _ 
  | |  `--. \  __/  | |    / _ \| '_ \|  _| |/ _` |
 _| |_/\__/ / |     | \__/\ (_) | | | | | | | (_| |
 \___/\____/\_|      \____/\___/|_| |_|_| |_|\__, |
                                              __/ |
                                             |___/ 
--------------------------------------------------------------------------------


>> Update  

Please choose the update method. For production systems select 'stable'. 
The update from svn is only for development systems and may break your current setup.
Note: Update all slave server, before you update master server.

Select update method (stable,svn) [stable]: 

--2012-04-10 22:29:49--  http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
Resolviendo www.ispconfig.org... 78.46.59.59
Connecting to www.ispconfig.org|78.46.59.59|:80... conectado.
Petición HTTP enviada, esperando respuesta... 200 OK
Longitud: 2697357 (2,6M) [application/x-gzip]
Saving to: `ISPConfig-3-stable.tar.gz'

100%[====================================================================================================================================>] 2.697.357   5,49M/s   in 0,5s    

2012-04-10 22:29:49 (5,49 MB/s) - `ISPConfig-3-stable.tar.gz' saved [2697357/2697357]

ispconfig3_install/
ispconfig3_install/server/
ispconfig3_install/server/server.php
[..]
ispconfig3_install/helper_scripts/setup_in_openvz/recreate_ssh_and_hostname.sh
ispconfig3_install/helper_scripts/setup_in_openvz/diff_openssl.cnf


--------------------------------------------------------------------------------
 _____ ___________   _____              __ _         ____
|_   _/  ___| ___ \ /  __ \            / _(_)       /__  \
  | | \ `--.| |_/ / | /  \/ ___  _ __ | |_ _  __ _    _/ /
  | |  `--. \  __/  | |    / _ \| '_ \|  _| |/ _` |  |_ |
 _| |_/\__/ / |     | \__/\ (_) | | | | | | | (_| | ___\ \
 \___/\____/\_|      \____/\___/|_| |_|_| |_|\__, | \____/
                                              __/ |
                                             |___/ 
--------------------------------------------------------------------------------


>> Update  

Operating System: Debian 6.0 (Squeeze/Sid) or compatible

This application will update ISPConfig 3 on your server.

Shall the script create a ISPConfig backup in /var/backup/ now? (yes,no) [yes]: 

Creating backup of "/usr/local/ispconfig" directory...
Creating backup of "/etc" directory...
Checking ISPConfig database .. OK
Starting incremental database update.
Reconfigure Permissions in master database? (yes,no) [no]: 

Reconfigure Services? (yes,no) [yes]: 

Configuring Postfix
Configuring Mailman
Configuring Jailkit
Configuring SASL
Configuring PAM
Configuring Courier
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Configuring Pureftpd
Configuring BIND
Configuring Apache
Configuring vlogger
Configuring Apps vhost
Configuring Database
Updating ISPConfig
ISPConfig Port [443]: 

Create new ISPConfig SSL certificate (yes,no) [no]: 

Reconfigure Crontab? (yes,no) [yes]: 

Updating Crontab
Restarting services ...
Stopping MySQL database server: mysqld.
Starting MySQL database server: mysqld.
Checking for corrupt, not cleanly closed and upgrade needing tables..
Stopping Postfix Mail Transport Agent: postfix.
Starting Postfix Mail Transport Agent: postfix.
Stopping SASL Authentication Daemon: saslauthd.
Starting SASL Authentication Daemon: saslauthd.
Stopping amavisd: amavisd-new.
Starting amavisd: amavisd-new.
Stopping ClamAV daemon: clamd.
Starting ClamAV daemon: clamd .
Stopping Courier authentication services: authdaemond.
Starting Courier authentication services: authdaemond.
Stopping Courier IMAP server: imapd.
Starting Courier IMAP server: imapd.
Stopping Courier IMAP-SSL server: imapd-ssl.
Starting Courier IMAP-SSL server: imapd-ssl.
Stopping Courier POP3 server: pop3d.
Starting Courier POP3 server: pop3d.
Stopping Courier POP3-SSL server: pop3d-ssl.
Starting Courier POP3-SSL server: pop3d-ssl.
[Tue Apr 10 22:31:01 2012] [warn] NameVirtualHost 82.98.148.78:443 has no VirtualHosts
[Tue Apr 10 22:31:01 2012] [warn] NameVirtualHost *:80 has no VirtualHosts
[Tue Apr 10 22:31:04 2012] [warn] NameVirtualHost 82.98.148.78:443 has no VirtualHosts
[Tue Apr 10 22:31:04 2012] [warn] NameVirtualHost *:80 has no VirtualHosts
Restarting web server: apache2 ... waiting ..
Restarting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -Y 1 -O clf:/var/log/pure-ftpd/transfer.log -u 1000 -H -A -b -E -8 UTF-8 -D -B
Update finished.
As you can see, there is not Bastille mention at all.

There is not bastille start script also:
Code:
# ls -la /etc/init.d/bast*
ls: cannot access /etc/init.d/bast*: No such file or directory
I'm still without firewall:
Code:
#  iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain fail2ban-courierimap (0 references)
target     prot opt source               destination         

Chain fail2ban-courierimaps (0 references)
target     prot opt source               destination         

Chain fail2ban-courierpop3 (0 references)
target     prot opt source               destination         

Chain fail2ban-courierpop3s (0 references)
target     prot opt source               destination         

Chain fail2ban-pureftpd (0 references)
target     prot opt source               destination         

Chain fail2ban-sasl (0 references)
target     prot opt source               destination         

Chain fail2ban-ssh (0 references)
target     prot opt source               destination
I've tried to reboot server, with no sucess, still no firewall.

I'm at my very end, why is not ispconfig installing bastille?
Reply With Quote
  #7  
Old 11th April 2012, 07:33
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,623
Thanks: 792
Thanked 4,992 Times in 3,909 Posts
Default

The Bastille firewall script is part of ispconfig and gets installed when you create the first firewall record for your server. Installaing a bastille package manually can corrupt the setup and cause that ispconfig i not able to manage a firewall on your server.

Login to ISPConfig, go to System > Firewall > basic, add a firewall record for the server and press save.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #8  
Old 11th April 2012, 16:02
Davide Davide is offline
Senior Member
 
Join Date: Jul 2006
Posts: 123
Thanks: 16
Thanked 7 Times in 6 Posts
Default

I've deleted existing firewall rule, and created a new one:
Code:
2012-04-11 13:30 	machine.domain.com 	Debug 	Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock 	
2012-04-11 13:30 	machine.domain.com 	Debug 	Processed datalog_id 11860 	
2012-04-11 13:30 	machine.domain.com 	Debug 	Restarting the firewall 	
2012-04-11 13:30 	machine.domain.com 	Debug 	Writing firewall configuration /etc/Bastille/bastille-firewall.cfg 	
2012-04-11 13:30 	machine.domain.com 	Debug 	Calling function 'insert' from plugin 'firewall_plugin' raised by event 'firewall_insert'. 	
2012-04-11 13:30 	machine.domain.com 	Debug 	Found 1 changes, starting update process. 	
2012-04-11 13:30 	machine.domain.com 	Debug 	Set Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
but still no firewall:
Code:
iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain fail2ban-courierimap (0 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain fail2ban-courierimaps (0 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain fail2ban-courierpop3 (0 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain fail2ban-courierpop3s (0 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain fail2ban-pureftpd (0 references)
target     prot opt source               destination         

Chain fail2ban-sasl (0 references)
target     prot opt source               destination         

Chain fail2ban-ssh (0 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere
and no /etc trace about bastille but conf file
Code:
# ls -la /etc/Bastille/bastille-firewall.cfg
-rw-r--r-- 1 root root 14373 Apr 11 15:43 /etc/Bastille/bastille-firewall.cfg
# find /etc -name "*astill*"
./Bastille
./Bastille/bastille-firewall.cfg
It seems /etc/init.d and rc.X entries are missing because the deinstalation of lenny's bastille.
Reply With Quote
  #9  
Old 11th April 2012, 16:09
Davide Davide is offline
Senior Member
 
Join Date: Jul 2006
Posts: 123
Thanks: 16
Thanked 7 Times in 6 Posts
Default

Please, tell me if this I've done is correct:

Code:
cp ispconfig3_install/install/apps/bastille-netfilter /sbin
cp ispconfig3_install/install/apps/bastille-ipchains /sbin
chmod 700 /sbin/bastille-*

cp ispconfig3_install/install/apps/bastille-firewall /etc/init.d
chmod 700 /etc/init.d/bastille-firewall
Now I can start and stop bastille with
Code:
/etc/init.d/bastille-firewall [stop|start]
I suppose I have to softlink /etc/init.d/bastille-firewall to /etc/rc2.d, because there is not ispconfig start script as used to be in ispconfig2

Am I right?
Reply With Quote
  #10  
Old 11th April 2012, 16:21
Davide Davide is offline
Senior Member
 
Join Date: Jul 2006
Posts: 123
Thanks: 16
Thanked 7 Times in 6 Posts
 
Default

Does ispconfig3 installation creates symlinks in /etc/rcX.d?
Is yes, which ones?

Thank you!
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Installation just stops, and dies. cosmicsafari Installation/Configuration 3 19th July 2011 10:24
[debian 5 + ispconfig 3] Unable to send mail tanakskool HOWTO-Related Questions 6 4th November 2009 18:20
Booting On PXE And On A Customized Debian System sebastienp HOWTO-Related Questions 7 30th July 2009 21:13
Bind Failed christoph2k HOWTO-Related Questions 4 28th April 2007 00:57
e-mail problem!!! Debian 3.1 maroonworks Installation/Configuration 18 6th December 2005 14:42


All times are GMT +2. The time now is 18:06.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.