The Perfect Server - Ubuntu 12.04 LTS (Apache2, BIND, Dovecot, ISPConfig 3) - Page 5

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Sun, 2012-04-29 17:28. ::

16 Install PureFTPd And Quota

PureFTPd and quota can be installed with the following command:

apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool

Edit the file /etc/default/pure-ftpd-common...

vi /etc/default/pure-ftpd-common

... and make sure that the start mode is set to standalone and set VIRTUALCHROOT=true:

[...]
STANDALONE_OR_INETD=standalone
[...]
VIRTUALCHROOT=true
[...]

Now we configure PureFTPd to allow FTP and TLS sessions. FTP is a very insecure protocol because all passwords and all data are transferred in clear text. By using TLS, the whole communication can be encrypted, thus making FTP much more secure.

If you want to allow FTP and TLS sessions, run

echo 1 > /etc/pure-ftpd/conf/TLS

In order to use TLS, we must create an SSL certificate. I create it in /etc/ssl/private/, therefore I create that directory first:

mkdir -p /etc/ssl/private/

Afterwards, we can generate the SSL certificate as follows:

openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem

Country Name (2 letter code) [AU]: <-- Enter your Country Name (e.g., "DE").
State or Province Name (full name) [Some-State]:
<-- Enter your State or Province Name.
Locality Name (eg, city) []:
<-- Enter your City.
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
<-- Enter your Organization Name (e.g., the name of your company).
Organizational Unit Name (eg, section) []:
<-- Enter your Organizational Unit Name (e.g. "IT Department").
Common Name (eg, YOUR name) []:
<-- Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com").
Email Address []:
<-- Enter your Email Address.

Change the permissions of the SSL certificate:

chmod 600 /etc/ssl/private/pure-ftpd.pem

Then restart PureFTPd:

/etc/init.d/pure-ftpd-mysql restart

Edit /etc/fstab. Mine looks like this (I added ,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 to the partition with the mount point /):

vi /etc/fstab

# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    nodev,noexec,nosuid 0       0
/dev/mapper/server1-root /               ext4    errors=remount-ro,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 0       1
# /boot was on /dev/sda1 during installation
UUID=4b58d345-1c55-4ac5-940e-7245938656a6 /boot           ext2    defaults        0       2
/dev/mapper/server1-swap_1 none            swap    sw              0       0
/dev/fd0        /media/floppy0  auto    rw,user,noauto,exec,utf8 0       0

To enable quota, run these commands:

mount -o remount /

quotacheck -avugm
quotaon -avug

 

17 Install BIND DNS Server

BIND can be installed as follows:

apt-get install bind9 dnsutils

 

18 Install Vlogger, Webalizer, And AWstats

Vlogger, webalizer, and AWstats can be installed as follows:

apt-get install vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl

Open /etc/cron.d/awstats afterwards...

vi /etc/cron.d/awstats

... and comment out everything in that file:

#MAILTO=root
#*/10 * * * * www-data [ -x /usr/share/awstats/tools/update.sh ] && /usr/share/awstats/tools/update.sh
# Generate static reports:
#10 03 * * * www-data [ -x /usr/share/awstats/tools/buildstatic.sh ] && /usr/share/awstats/tools/buildstatic.sh

 

19 Install Jailkit

Jailkit is needed only if you want to chroot SSH users. It can be installed as follows (important: Jailkit must be installed before ISPConfig - it cannot be installed afterwards!):

apt-get install build-essential autoconf automake1.9 libtool flex bison debhelper binutils-gold

cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.14.tar.gz
tar xvfz jailkit-2.14.tar.gz
cd jailkit-2.14
./debian/rules binary

You can now install the Jailkit .deb package as follows:

cd ..
dpkg -i jailkit_2.14-1_*.deb
rm -rf jailkit-2.14*

 

20 Install fail2ban

This is optional but recommended, because the ISPConfig monitor tries to show the log:

apt-get install fail2ban

To make fail2ban monitor PureFTPd and Dovecot, create the file /etc/fail2ban/jail.local:

vi /etc/fail2ban/jail.local

[pureftpd]
enabled  = true
port     = ftp
filter   = pureftpd
logpath  = /var/log/syslog
maxretry = 3

[dovecot-pop3imap]
enabled = true
filter = dovecot-pop3imap
action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
logpath = /var/log/mail.log
maxretry = 5

Then create the following two filter files:

vi /etc/fail2ban/filter.d/pureftpd.conf

[Definition]
failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.*
ignoreregex =

vi /etc/fail2ban/filter.d/dovecot-pop3imap.conf

[Definition]
failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.*
ignoreregex =

Restart fail2ban afterwards:

/etc/init.d/fail2ban restart


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by PM (not registered) on Thu, 2014-02-20 12:39.

 If you want to force TLS for FTP (ftpes://)

echo 2 > /etc/pure-ftpd/conf/TLS
 

Submitted by Anonymous (not registered) on Sun, 2013-09-08 19:03.

hi

I tried and installed isp config I have two problems :

1-i have a problem with my dns I have configured the interfaces as you saied but when I enter the example.com it does not load it works only with ip address .I did some queries and I suppose the problem is with bind9 that you did not described how to configure the service

2- I have access to squirrel mail but I do not know the master user and password to enter where I have to edit or what is the user name and password?

I am in a middle of a class project and your help very much.

thanks 

Submitted by sheshes (not registered) on Fri, 2013-01-25 18:02.
Everytime I restarted my services I got 

 quotaonCannot find /aquota.group on /dev/mapper/server-root

 quotaonCannot find /aquota.user on /dev/mapper/server-root 

My solution was: 

 aptitude install linux-image-extra-virtual

 When asked to keep already installed version of config file press enter

 modprobe quota_v1

 modprobe quota_v2

 rm /quota.user && rm /quota.group

quotacheck -avugm

quotaon -avug 

 Problem solved!

Submitted by Ben (not registered) on Thu, 2012-09-13 16:21.

I had the following issue while following the steps to install quota:

# touch /aquota.user /aquota.group
# chmod 600 /aquota.*
# mount -o remount /
# quotacheck -avugm
quotacheck: WARNING -  Quotafile //aquota.user was probably truncated. Cannot save quota settings...
quotacheck: WARNING -  Quotafile //aquota.group was probably truncated. Cannot save quota settings...
# quotaon -avug
quotaon: Cannot find quota file on / [/dev/mapper/ubuntu12-root] to turn quotas on/off.
quotaon: Cannot find quota file on / [/dev/mapper/ubuntu12-root] to turn quotas on/off.

The  solution was as described at http://forums.debian.net/viewtopic.php?f=5&t=59985 :

# modprobe quota_v2
# echo 'quota_v2' >> /etc/modules
# rm /aquota.user /aquota.group
# quotacheck -avugm
# quotaon -avug

The quotacheck command creates the files /aquota.user and /aquota.group (with correct [0600] permissions and ownership [root:root]). The quotaon command turns-on quotas.

I tried rebooting the system and quotas are indeed enabled at boot-time (per the system output during boot). Further, executing "quotaon -avug" a second time yields the following, as expected:

quotaon: using //aquota.group on /dev/mapper/ubuntu12-root [/]: Device or resource busy
quotaon: using //aquota.user on /dev/mapper/ubuntu12-root [/]: Device or resource busy
Submitted by sysadm (registered user) on Tue, 2012-07-17 15:11.

In Ubuntu Precise 12.04, using filesystem ext4 you'll get this error message on  'quotaon -avug' command:

quotaon: using //quota.group on /dev/disk/by-label/cloudimg-rootfs [/]: No such process
quotaon: Quota format not supported in kernel.
quotaon: using //quota.user on /dev/disk/by-label/cloudimg-rootfs [/]: No such process
quotaon: Quota format not supported in kernel.

 

You need install extra package for virtual linux image kernel:

aptitude install linux-image-extra-virtual

 

Then, load kernel modules:

modprobe quota_v1

modprobe quota_v2

 

Now you can enable quota:

quotaon -avug

Submitted by DVSB (not registered) on Fri, 2012-06-29 14:42.

Für die die bei JiffyBox oder DF Hosten hier eine anleitung für Ubuntu 12.04 mit ISPConfig, ext4 und Quotas:

Nach den im Howto beschriebenen Änderungen an der /etc/fstab und dem anschließenden "mount -o remount /" sind die folgenden Befehle nötig:

Code:
ln /dev/xvda /dev/root
cd /
touch aquota.user aquota.group
chmod 600 aquota.user aquota.group

Nun kann wie im Howto beschrieben mit

Code:
quotacheck -avugm
quotaon -avug

weiter gemacht werden.

Da diese Konfiguration leider nicht reboot-fest ist müssen die Befehle bei jedem Neustart der JiffyBox ausgeführt werden. Hierzu ändert man idealerweise die /etc/rc.local und fügt vor dem "exit 0" folgende Zeilen ein:

Code:
ln /dev/xvda /dev/root
quotacheck -avugm
quotaon -avug
Submitted by Rescue9 (registered user) on Thu, 2012-05-03 15:58.

If quotacheck fails with the following error...

quotacheck: Cannot stat() mounted device /dev/root: No such file or directory
quotacheck: Cannot find filesystem to check or filesystem not mounted with quota option.

run the following command to link /dev/root to /dev/xvdX

ln -s /dev/xvda /dev/root