The Perfect Setup - CentOS 4.4 (32-bit)

Want to support HowtoForge? Become a subscriber!
 
Submitted by till (Contact Author) (Forums) on Wed, 2006-10-11 17:28. :: CentOS | ISPConfig

The Perfect Setup - CentOS 4.4 (32-bit)

Version 1.2
Author: Till Brehm <t [dot] brehm [at] projektfarm [dot] com, Falko Timme <ft [at] falkotimme [dot] com>
Last edited 05/20/2007

This is a detailed description about how to set up a CentOS 4.4 based server that offers all services needed by ISPs and hosters (web server (SSL-capable), mail server (with SMTP-AUTH and TLS!), DNS server, FTP server, MySQL server, POP3/IMAP, Quota, Firewall, etc.). This tutorial is written for the 32-bit version of CentOS 4.4, but should apply to the 64-bit version with very little modifications as well.

I will use the following software:

  • Web Server: Apache 2.0.x
  • Database Server: MySQL 4.1
  • Mail Server: Postfix (easier to configure than sendmail; has a shorter history of security holes than sendmail)
  • DNS Server: BIND9 (chrooted!)
  • FTP Server: proftpd
  • POP3/IMAP server: dovecot
  • Webalizer for web site statistics

In the end you should have a system that works reliably, and if you like you can install the free webhosting control panel ISPConfig (i.e., ISPConfig runs on it out of the box).

I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

 

Requirements

To install such a system you will need the following:

 

1 Install The Base System

Boot from your CentOS 4.4 CD (CD 1).

It can take a long time to test the installation media so we skip this test here:

The welcome screen of the CentOS installer appears. Click on Next:

Choose your language next:

Select your keyboard layout:

We want to install a server so we choose Server here:

Next we do the partitioning. Select Automatically partition. This will give you a smalll /boot partition and a large / partition which is fine for our purposes:

I'm installing CentOS 4.4 on a fresh system, so I answer Yes to the question Would you like to initialize this drive, erasing ALL DATA?

Select Remove all partitions on this system.

We want to remove all Linux partitions, so we answer Yes to the following question:

The installer presents you an overview of our new partitions. Click on Next:

Now the boot loader GRUB will be installed. You can leave the default settings unchanged and click on Next:


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by cavedive (registered user) on Wed, 2007-04-18 03:25.

First, thanks for an excellent tutorial!

I had serious problems with ntp running the Perfect setup on a Windows host using VMWare GSX server. My clock was constantly running behind and I would use rdate to set the clock but very soon the clock was running behind again.

Googling I found a workaround that worked out well (if running SMP on single core processor):

1. Edit /etc/grub.conf
Add 'noapic nosmp nolapic clock=pit acpi=no' so your grub.conf looks like this:

title CentOS (2.6.9-42.0.10.ELsmp)
        root (hd0,0)
        kernel /vmlinuz-2.6.9-42.0.10.ELsmp ro root=/dev/VolGroup00/LogVol00 noapic nosmp nolapic clock=pit acpi=no
        initrd /initrd-2.6.9-42.0.10.ELsmp.img


2. Edit /etc/ntp.conf
Add 'burst iburst' after your server:

# --- OUR TIMESERVERS -----
server 0.pool.ntp.org burst iburst
server 1.pool.ntp.org burst iburst
server 2.pool.ntp.org burst iburst

This solved all my problems with a slow clock and my time is now on the spot 24/7.

My Windows system:
P4 3 GHz
3.5 GB RAM
VMWare GSX server

Submitted by jperrin (registered user) on Fri, 2006-10-13 01:28.

Very good tutorial, and very detailed, however one part concerns me. Your rebuild of zlib at the end does not address removing the currently installed zlib, or address the problem of future rpms which may rely on zlib failing because of the one built from source (rpms are rather ignorant about source built software). I would also posit that you cannot rely on the version of zlib to identify that it's vulnerable. Security fixes are backported in centos (and it's parent distro, RHEL), so version numbers may be inaccurate. The changelog for the zlib rpm lists several CAN- advisory fixes, so I wonder if the bug you claim is one of these. If it is not, has this been reported to the centos folks, or to the upstream RedHat bugzilla?

 If this bug is not fixed in the RPM as one of the listed CAN changes in the changelog and the rpm does indeed contain vulnerable code, I'd like to see it fixed in the distro, rather than being bolted onto a(n excellent) tutorial.

Submitted by till (registered user) on Fri, 2006-10-13 15:29.

I dont think that theare is really a bug in the zlib that ships with CentOS, the problem is that the version number dont get updated when the fixes where applied.

For example if you want o compile ClamAV which is nescessary for ISPConfig, Clamav complains about a bug in zlib and stops compiling. So either the ClamAV team has to add a better zlib detection routine or the CentOS team has to set a higher version number in the zlib library when they apply fixes.

Submitted by jperrin (registered user) on Fri, 2006-10-13 16:02.
This is addressed a bit more thoroughly in the post by Johnny Hughes, who is one of the CentOS Project leads, http://www.howtoforge.com/perfect_setup_centos_4.4_p6#comment-3055 What it comes down to is an upstream versioning decision by redhat, which centos inherits as a clone/rebuild product. I would consider this to be a flaw in ClamAV/ISPConfig packaging, and that it should not be advertised as a CentOS vulnerability unless such a problem actually exists.
Submitted by hoihtah (registered user) on Thu, 2006-10-12 00:53.

Thank you guys for putting up this well written guide.

 Just one question,  how do I do this setup with mysql version 5 instead of 4?

Submitted by orentocy (registered user) on Thu, 2006-10-12 17:09.
Enable CentOS plus yum repository in your /etc/yum.repos.d/CentOS-Base.repo, then you will be able to upgrade both your mysql and php to version 5.
Submitted by ganesh35 (registered user) on Sat, 2006-11-04 08:57.

Hi, I enabled cetosplus section using enabled=1,  No my system is updated with php 5 and mysql 5 with the command

yum update -y 

Enabling the centosplus section: 

vi /etc/yum.repos.d/CentOS-Base.repo
[centosplus]
gpgcheck=1
enabled=1

Submitted by hoihtah (registered user) on Tue, 2006-11-07 21:14.

there is one more thing you need to do.  update php.conf file

 cp /etc/httpd/conf.d/php.conf.rpmnew /etc/httpd/conf.d/php.conf

Otherwise, httpd will error out when trying to start.  Or at least it does on mine.  :) 

Submitted by phpote (registered user) on Wed, 2007-02-14 00:14.

Hi all,

I found some bugs if the yum CentOS Plus is enabled before starting the ISPconfig  OS  preparation.

If it happens to you, go back to mysql4 and php4, make your ISPconfig prep THEN enable the CentOS plus repo to install Mysql5 and php5.

Now you are ready for ISPconfig install.

Thanks for this perfect howto. Saves a lot of hours.