The Perfect Server - Debian Squeeze (Debian 6.0) [ISPConfig 2] - Page 3
4 Install The SSH Server
If you didn't install an SSH server during the basic system installation, you can do it now:
apt-get install ssh openssh-server
From now on you can use an SSH client such as PuTTY and connect from your workstation to your Debian Squeeze server and follow the remaining steps from this tutorial.
5 Install vim-nox (Optional)
I'll use vi as my text editor in this tutorial. The default vi program has some strange behaviour on Debian and Ubuntu; to fix this, we install vim-nox:
apt-get install vim-nox
(You don't have to do this if you use a different text editor such as joe or nano.)
6 Configure The Network
Because the Debian Squeeze installer has configured our system to get its network settings via DHCP, we have to change that now because a server should have a static IP address. Edit /etc/network/interfaces and adjust it to your needs (in this example setup I will use the IP address 192.168.0.100) (please note that I replace allow-hotplug eth0 with auto eth0; otherwise restarting the network doesn't work, and we'd have to reboot the whole system):
Then restart your network:
Then edit /etc/hosts. Make it look like this:
echo server1.example.com > /etc/hostname
It is important that both show server1.example.com now!
7 Update Your Debian Installation
First make sure that your /etc/apt/sources.list contains the squeeze-updates repository (this makes sure you always get the newest updates for the ClamAV virus scanner - this project publishes releases very often, and sometimes old versions stop working).
to update the apt package database and
to install the latest updates (if there are any).
8 Change The Default Shell
/bin/sh is a symlink to /bin/dash, however we need /bin/bash, not /bin/dash. Therefore we do this:
Use dash as the default system shell (/bin/sh)? <-- No
If you don't do this, the ISPConfig installation will fail.
9 Install Some Software
Now we install a few packages that are needed later on. Run
apt-get install binutils cpp fetchmail flex gcc libarchive-zip-perl libc6-dev libcompress-zlib-perl libdb-dev libpcre3 libpopt-dev lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev g++ build-essential
(This command must go into one line!)
(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota applies to the partitions where you need it.)
To install quota, run
apt-get install quota
Edit /etc/fstab. Mine looks like this (I added ,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 to the partition with the mount point /):
To enable quota, run these commands:
mount -o remount /
11 BIND9 DNS Server
apt-get install bind9
to install BIND9.
For security reasons we want to run BIND chrooted so we have to do the following steps:
Edit the file /etc/default/bind9 so that the daemon will run as the unprivileged user bind, chrooted to /var/lib/named. Modify the line: OPTIONS="-u bind" so that it reads OPTIONS="-u bind -t /var/lib/named":
Create the necessary directories under /var/lib:
mkdir -p /var/lib/named/etc
Then move the config directory from /etc to /var/lib/named/etc:
mv /etc/bind /var/lib/named/etc
Create a symlink to the new config directory from the old location (to avoid problems when BIND gets updated in the future):
ln -s /var/lib/named/etc/bind /etc/bind
Make null and random devices, and fix permissions of the directories:
mknod /var/lib/named/dev/null c 1 3
We need to create the file /etc/rsyslog.d/bind-chroot.conf...
... with the following line so that we can still get important messages logged to the system logs:
Restart the logging daemon:
Start up BIND, and check /var/log/syslog for errors: