The Perfect Setup - CentOS 4.4 (32-bit) - Page 6

Want to support HowtoForge? Become a subscriber!
 
Submitted by till (Contact Author) (Forums) on Wed, 2006-10-11 17:38. ::

12 ProFTPd

ISPConfig has better support for proftpd than vsftpd, so let's remove vsftpd:

yum remove vsftpd

Because CentOS has no proftpd package, we must use a third-party yum repository to install it:

cd /etc/yum.repos.d/
wget http://centos.karan.org/kbsingh-CentOS-Extras.repo
rpm --import http://centos.karan.org/RPM-GPG-KEY-karan.org.txt

Now we can install proftpd:

yum install proftpd

Let's create proftpd's system startup links and start it:

chkconfig --levels 235 proftpd on
/etc/init.d/proftpd start

Then create the file /etc/pam.d/ftp with the following content (otherwise you will not be able to log in with system users using FTP):

vi /etc/pam.d/ftp

#%PAM-1.0
auth    required        pam_unix.so     nullok
account required        pam_unix.so
session required        pam_unix.so

and restart proftpd:

/etc/init.d/proftpd restart

 

13 Webalizer

To install webalizer, just run

yum install webalizer

 

14 Synchronize The System Clock

If you want to have the system clock synchronized with an NTP server do the following:

yum install ntp
chkconfig --levels 235 ntpd on
ntpdate 0.pool.ntp.org
/etc/init.d/ntpd start

 

15 Install Some Perl Modules

ISPConfig comes with SpamAssassin which needs a few Perl modules to work. We install the required Perl modules with a single command:

yum install perl-DBI perl-Net-DNS perl-Digest-SHA1

We also need the module HTML::Parser. We could install the CentOS package perl-HTML-Parser, but this version is too old for the SpamAssassin version that comes with ISPConfig. It would result in the following error message during ISPConfig installation:

REQUIRED module out of date: HTML::Parser

Therefore we must install the latest HTML::Parser using the Perl shell.

Run the following command to start the Perl shell:

perl -MCPAN -e shell

If you run the Perl shell for the first time you will be asked some questions. In most cases the default answers are ok. Because there's no ncftp package for CentOS, the Perl shell cannot find the programs ncftpget and ncftp, and you'll see something like this:

Warning: ncftpget not found in PATH
Where is your ncftpget program? []
Warning: ncftp not found in PATH
Where is your ncftp program? []

It's ok to hit ENTER in both cases.

Please note: If you run a firewall on your system you might have to turn it off while working on the Perl shell in order for the Perl shell to be able to fetch the needed modules without a big delay. You can switch it on afterwards.

Now type in the following command to install the Perl module HTML::Parser:

install HTML::Parser

If the installation is successful, you'll see a line like this at the end:

/usr/bin/make install -- OK

Type

q

afterwards to leave the Perl shell.

 

16 Update zlib

CentOS comes with an outdated version of zlib (1.2.1) which has a security hole. Therefore we compile and install the newest zlib (1.2.3) from the sources:

cd /tmp
wget http://www.zlib.net/zlib-1.2.3.tar.gz
tar xvfz zlib-1.2.3.tar.gz
cd zlib-1.2.3
./configure --shared
make
make install

 

17 The End

The configuration of the server is now finished, and if you wish you can now install ISPConfig on it.

 

17.1 A Note On SuExec

If you want to run CGI scripts under suExec, you should specify /var/www as the home directory for websites created by ISPConfig as CentOS' suExec is compiled with /var/www as Doc_Root. Run

/usr/sbin/suexec -V

and the output should look like this:

Unless you install ISPConfig in expert mode and change the default web root (which is /var/www), you will be able to run CGI scripts under suExec with ISPConfig.

 

18 Links


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Matthew (not registered) on Sun, 2011-09-25 17:22.

yum install webalizer

 once you run that... then what? how do you configure it?

Submitted by Anonymous (not registered) on Mon, 2009-02-16 08:44.
yum -y remove ftp vsftpd webmin usermin xinetd php* httpd* proftpd mysql* bind* post*;yum update -y;cd /etc/yum.repos.d/;wget http://centos.karan.org/kbsingh-CentOS-Extras.repo;rpm --import http://centos.karan.org/RPM-GPG-KEY-karan.org.txt;yum -y install proftpd;chkconfig --levels 235 proftpd on;/etc/init.d/proftpd start;wget http://mirror.centos.org/centos/4.6/os/i386/CentOS/RPMS/device-mapper-1.02.21-1.el4.i386.rpm;wget http://mirror.centos.org/centos/4.6/os/i386/CentOS/RPMS/hotplug-2004_04_01-7.8.i386.rpm;wget http://mirror.centos.org/centos/4.6/os/i386/CentOS/RPMS/lvm2-2.02.27-2.el4.i386.rpm;wget http://mirror.centos.org/centos/4.6/os/i386/CentOS/RPMS/hwdata-0.146.33.EL-1.noarch.rpm;wget http://mirror.centos.org/centos/4.6/os/i386/CentOS/RPMS/usbutils-0.11-7.RHEL4.1.i386.rpm;rpm -Uvh *.rpm;rm -r -f *.rpm;wget http://mirror.centos.org/centos/4.6/os/i386/CentOS/RPMS/udev-039-10.19.el4.i386.rpm;rpm -ivh udev*rpm --justdb;yum -y install up2date nano;wget http://download.lxlabs.com/download/lxadmin/production/lxadmin-install-master.sh;yum update -y;nano /etc/pam.d/ftp;
Submitted by hughesjr (registered user) on Fri, 2006-10-13 13:16.

This is an excellent article ... the only thing I am not sure about is the zlib comment.

The upstream provider uses a process called Backporting

Backporting takes security issues and rolls them into older packages to prevent breaking abi's that people have based custom programing on.

I have looked at the zlib that you mention at the end of the article and it fixes these security issues:

CAN-2004-0797

CAN-2005-2096

(see the zib website for more details) 

Both of these security issues are fixed in the zlib that is included in CentOS via backporting and I do not recommend that people compile their own zlib unless someone can point out a different issue that is fixed in zlib-1.2.3.

I would even say that installing your own zlib is BAD, as it will put different libraries than the ones used to build the other CentOS executables ... which can cause issues with how these applications function.  We are talking about very system critical applications like openssh, openssl, etc.

Thanks,

Johnny Hughes, CentOS-4 Lead Developer. 

Submitted by karl (registered user) on Thu, 2006-11-02 12:07.

The ISPConfig setup routine includes compiling ClamAV which is the culprit. It checks for a specific zlib version. This check can be skipped by modifying

install_ispconfig/compile_aps/compile

and adding

--disable-zlib-vcheck

to the ClamAV configure script.