The Perfect Server - Fedora 9 - Page 6

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Tue, 2008-05-13 16:48. ::

15 ProFTPd (Part 1)

ISPConfig has better support for proftpd than vsftpd, so let's remove vsftpd and install proftpd:

yum remove vsftpd

yum install proftpd

Now we can create the system startup links for Proftpd and start it:

chkconfig --levels 235 proftpd on
/etc/init.d/proftpd start

 

16 Webalizer

To install webalizer, just run

yum install webalizer

 

17 Synchronize The System Clock

If you want to have the system clock synchronized with an NTP server do the following:

yum install ntp

chkconfig --levels 235 ntpd on
ntpdate 0.pool.ntp.org
/etc/init.d/ntpd start

 

18 Install Some Perl Modules

ISPConfig comes with SpamAssassin which needs a few Perl modules to work. We install the required Perl modules with a single command:

yum install perl-HTML-Parser perl-DBI perl-Net-DNS perl-Digest-SHA1

 

19 ISPConfig

The configuration of the server is now finished.

If you want to install ISPConfig, there's one more thing you need to do. Fedora 9 comes with the gcc version 4.3, but the ISPConfig installation (the OpenSSL part, to be specific) fails with this gcc version. Therefore we install gcc 3.4...

yum install compat-gcc-34

... and create a symlink from /usr/bin/gcc to /usr/bin/gcc34:

cd /usr/bin
mv gcc gcc43
ln -s gcc34 gcc

You can now install ISPConfig on it, following these instructions: http://www.ispconfig.org/manual_installation.htm

 

19.1 A Note On SuExec

If you want to run CGI scripts under suExec, you should specify /var/www as the web root for websites created by ISPConfig as Fedora's suExec is compiled with /var/www as Doc_Root. Run

/usr/sbin/suexec -V

and the output should look like this:

[root@server1 ~]# /usr/sbin/suexec -V
 -D AP_DOC_ROOT="/var/www"
 -D AP_GID_MIN=100
 -D AP_HTTPD_USER="apache"
 -D AP_LOG_EXEC="/var/log/httpd/suexec.log"
 -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
 -D AP_UID_MIN=500
 -D AP_USERDIR_SUFFIX="public_html"
[root@server1 ~]#

So if you want to use suExec with ISPconfig, don't change the default web root (which is /var/www) if you use expert mode during the ISPConfig installation (in standard mode you can't change the web root anyway so you'll be able to use suExec in any case).

 

19.2 ProFTPd (Part 2)

(This chapter applies only if you have installed ISPConfig!)

After you have installed ISPConfig, you must modify the template file for /etc/proftpd_ispconfig.conf which is called /root/ispconfig/isp/conf/proftpd_ispconfig.conf.master, because otherwise the users that you create with ISPConfig won't be able to log in using FTP. Instead of modifying /root/ispconfig/isp/conf/proftpd_ispconfig.conf.master (which gets overwritten each time you update ISPConfig) we copy /root/ispconfig/isp/conf/proftpd_ispconfig.conf.master to /root/ispconfig/isp/conf/customized_templates/ and modify that one. If ISPConfig finds a template in /root/ispconfig/isp/conf/customized_templates/, it will use that one instead of the default template in /root/ispconfig/isp/conf/. Templates in /root/ispconfig/isp/conf/customized_templates/ don't get overwritten when you update ISPConfig.

cp /root/ispconfig/isp/conf/proftpd_ispconfig.conf.master /root/ispconfig/isp/conf/customized_templates/

Now open /root/ispconfig/isp/conf/customized_templates/proftpd_ispconfig.conf.master and comment out the DefaultAddress 127.0.0.1 line:

vi /root/ispconfig/isp/conf/customized_templates/proftpd_ispconfig.conf.master

###################################
#
# ISPConfig proftpd Configuration File
#         Version 1.0
#
###################################

#DefaultAddress 127.0.0.1

<!-- BEGIN DYNAMIC BLOCK: vhost -->
<VirtualHost {IP}>
        DefaultRoot             ~
        AllowOverwrite          on
        Umask                   002
        {ANON_FTP}
</VirtualHost>
<!-- END DYNAMIC BLOCK: vhost -->

 

20 Links


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Jason Roysdon (not registered) on Sun, 2008-11-16 05:48.
I highly suggest adding to this guide rkhunter. It is a "root kit" hunter and is an absolute must for anyone connecting a server that the internet at large can access services on. Even with yum keeping things up to date, there are still vulnerabilities that come up that you might not get a patch for in time. You must have something like rkhunter to constantly check your system for root kits and to check the md5 signatures on key files.