The Perfect Server - OpenSUSE 12.1 x86_64 With Apache2 [ISPConfig 3] - Page 5

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Sun, 2011-11-20 21:18. ::

11 Mailman

Since version 3.0.4, ISPConfig also allows you to manage (create/modify/delete) Mailman mailing lists. If you want to make use of this feature, install Mailman as follows:

yast2 -i mailman

Before we can start Mailman, a first mailing list called mailman must be created:

/usr/lib/mailman/bin/newlist mailman

server1:~ # /usr/lib/mailman/bin/newlist mailman
Enter the email of the person running the list:
<-- admin email address, e.g. info@example.com
Initial mailman password: <-- admin password for the mailman list
Hit enter to notify mailman owner... <-- ENTER

server1:~ #

Create the system startup links for Mailman...

systemctl enable mailman.service

... and start it:

systemctl start mailman.service

Next restart Postfix:

systemctl restart postfix.service

To enable the Mailman Apache configuration, run...

a2enflag MAILMAN

... and restart Apache:

systemctl restart apache2.service

After you have installed ISPConfig 3, you can access Mailman as follows:

You can use the alias /mailman for all Apache vhosts (please note that suExec must be disabled for all vhosts from which you want to access Mailman!), which means you can access the Mailman admin interface for a list at http://<vhost>/mailman/admin/<listname>, and the web page for users of a mailing list can be found at http://<vhost>/mailman/listinfo/<listname>.

Under http://<vhost>/pipermail/<listname> you can find the mailing list archives.

 

12 Install PureFTPd

Install the pure-ftpd FTP daemon. Run:

yast2 -i pure-ftpd

systemctl enable pure-ftpd.service
systemctl start pure-ftpd.service

Now we configure PureFTPd to allow FTP and TLS sessions. FTP is a very insecure protocol because all passwords and all data are transferred in clear text. By using TLS, the whole communication can be encrypted, thus making FTP much more secure.

OpenSSL is needed by TLS; to install OpenSSL, we simply run:

yast2 -i openssl

Open /etc/pure-ftpd/pure-ftpd.conf...

vi /etc/pure-ftpd/pure-ftpd.conf

If you want to allow FTP and TLS sessions, set TLS to 1:

[...]
# This option can accept three values :
# 0 : disable SSL/TLS encryption layer (default).
# 1 : accept both traditional and encrypted sessions.
# 2 : refuse connections that don't use SSL/TLS security mechanisms,
#     including anonymous sessions.
# Do _not_ uncomment this blindly. Be sure that :
# 1) Your server has been compiled with SSL/TLS support (--with-tls),
# 2) A valid certificate is in place,
# 3) Only compatible clients will log in.

TLS                      1
[...]

If you want to accept TLS sessions only (no FTP), set TLS to 2:

[...]
# This option can accept three values :
# 0 : disable SSL/TLS encryption layer (default).
# 1 : accept both traditional and encrypted sessions.
# 2 : refuse connections that don't use SSL/TLS security mechanisms,
#     including anonymous sessions.
# Do _not_ uncomment this blindly. Be sure that :
# 1) Your server has been compiled with SSL/TLS support (--with-tls),
# 2) A valid certificate is in place,
# 3) Only compatible clients will log in.

TLS                      2
[...]

To not allow TLS at all (only FTP), set TLS to 0:

[...]
# This option can accept three values :
# 0 : disable SSL/TLS encryption layer (default).
# 1 : accept both traditional and encrypted sessions.
# 2 : refuse connections that don't use SSL/TLS security mechanisms,
#     including anonymous sessions.
# Do _not_ uncomment this blindly. Be sure that :
# 1) Your server has been compiled with SSL/TLS support (--with-tls),
# 2) A valid certificate is in place,
# 3) Only compatible clients will log in.

TLS                      0
[...]

In order to use TLS, we must create an SSL certificate. I create it in /etc/ssl/private/, therefore I create that directory first:

mkdir -p /etc/ssl/private/

Afterwards, we can generate the SSL certificate as follows:

openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem

Country Name (2 letter code) [AU]: <-- Enter your Country Name (e.g., "DE").
State or Province Name (full name) [Some-State]:
<-- Enter your State or Province Name.
Locality Name (eg, city) []:
<-- Enter your City.
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
<-- Enter your Organization Name (e.g., the name of your company).
Organizational Unit Name (eg, section) []:
<-- Enter your Organizational Unit Name (e.g. "IT Department").
Common Name (eg, YOUR name) []:
<-- Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com").
Email Address []:
<-- Enter your Email Address.

Change the permissions of the SSL certificate:

chmod 600 /etc/ssl/private/pure-ftpd.pem

Finally restart PureFTPd:

systemctl restart pure-ftpd.service

That's it. You can now try to connect using your FTP client; however, you should configure your FTP client to use TLS - see the next chapter how to do this with FileZilla.

 

13 Install BIND

The BIND nameserver can be installed as follows:

yast2 -i bind

Create the BIND system startup links and start it:

systemctl enable named.service
systemctl start named.service

 

14 Install Webalizer And AWStats

Since ISPConfig 3 lets you choose if you want to use Webalizer or AWStats to create your web site statistics, we install both (at the time of this writing, there was no AWStats package for OpenSUSE 12.1, therefore I install the one for OpenSUSE 11.4):

yast2 -i webalizer perl-DateManip

zypper install http://download.opensuse.org/repositories/network:/utilities/openSUSE_11.4/noarch/awstats-7.0-14.1.noarch.rpm

 

15 Install fail2ban

fail2ban can be installed as follows:

yast2 -i fail2ban

 

16 Install Jailkit

Jailkit can be installed like this:

zypper install http://download.opensuse.org/repositories/security/openSUSE_12.1/x86_64/jailkit-2.13-1.1.x86_64.rpm

 

17 Synchronize The System Clock

If you want to have the system clock synchronized with an NTP server do the following:

yast2 -i xntp

Then add system startup links for ntp and start ntp:

systemctl enable ntp.service
systemctl start ntp.service

 

18 Install rkhunter

rkhunter can be installed as follows:

yast2 -i rkhunter


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by glOOmyART (not registered) on Sun, 2012-02-26 15:04.

The Jailkit url seems to have changed... i installed it this way:

  1. Add the openSUSE Security repository:
    # zypper addrepo http://download.opensuse.org/repositories/security/openSUSE_12.1/ opensuse-security-x86_64
  2. Install jailkit rpm package:
    # zypper install jailkit 

 taken from -> http://pkgs.org/opensuse-12.1/opensuse-security-x86_64/jailkit-2.13-1.2.x86_64.rpm.html

Submitted by bank (registered user) on Sat, 2012-02-25 15:58.

The p.15 should include this:

systemctl enable fail2ban.service
systemctl start fail2ban.service


Submitted by Anonymous (not registered) on Wed, 2012-03-07 02:21.

Olá

Usei o seguinte comando para instala o Jailkit:

zypper install  http://62.146.92.202/repositories/security/SLE_11/x86_64/jailkit

2.13-1.1.x86_64.rpm