Comments on The Perfect Setup - SUSE 9.3

unactive the firewall in any case is good idea is really really bad idea, must config the service and last configure the firewall for accept connection only port services 25 smtp, 110 pop3.

install the XWindow in production service is more problems for security audit in the file system, more o lot files must used by xwindows and desktop software such kde o gnome, in addition the open ports for xwindows in the system is threat for the general security of system.

i recommned *not* install the Xwindow and any graphics tools or desktops eviroments in the server production and never never never unactive the firewall totally, the installation must very small the minimal necesary to run the so, and later add the software need to distinct services no more no less.

As far as i know ISPConfig has its own firewall, so you
have to uninstall the SuSe Firewall to use the ISPConfig firewall.

I agree that installing the Xwindow system is not a good idea
for servers.

Problem is YaST doesn't give you many choices about what to install. I think that's why KDE gets installed. Maybe otherwise the howto would have become too complicated for newbies. Anyway, I'd recommend Debian for a server.

You can get YAST to install whatever you like. It's just that the absolute default does include a graphical environment and applications. 9.3 is a desktop distro first, not a server distro, so it makes sense for the default to include these things. You can alter them and turn them off by just clicking the Software Packages section in the install summary and then clicking the button to customise the install. It's not tricky in any way...

KDE is installed by default because a DE was needed, and people like to use it.

Althogh,

If you try to install something with dependancies YAST will just yell at you. APT has enough sense to take care of dependancies and update them if you like.

Alric

Apache/PHP5 2nd line:

apt-get install php5-bcmath php5-bz2 php5-calendar php5-ctype php5-curl php5-dba php5-dbase php5-dbx php5-debuginfo <<<< no such thing as php5_debuginfo ???

below that:

SuSEconfigI get :

*** WARNING ***
Found /etc/postfix/main.cf.SuSEconfig, exiting...
*** WARNING ***

• Problem wenn running apache:

/etc/init.d/apache2 start

or:

/usr/sbin/rcapache2 restart

linux-7hrh:/etc # /usr/sbin/rcapache2 restart

Module "include" is not installed, ignoring.

Check the APACHE_MODULES setting in /etc/sysconfig/apache2.

Module "mod_log_config" is not installed, ignoring.

Check the APACHE_MODULES setting in /etc/sysconfig/apache2.

Syntax error on line 11 of /etc/apache2/mod_log_config.conf:

ok, you have a problem loading include and mod_log_config modules. If you take a look at: /etc/apache2/httpd.conf you'll find where the modules are loaded:

(..)
# generated from APACHE_MODULES in /etc/sysconfig/apache2

Include /etc/apache2/sysconfig.d/loadmodule.conf

(..)

The file /etc/apache2/sysconfig.d/loadmodule.conf has:

(...)

#

# Files in this directory are created at apache start time by /usr/sbin/rcapache2

# Do not edit them!

#

# as listed in APACHE_MODULES (/etc/sysconfig/apache2)

LoadModule actions_module /usr/lib/apache2-worker/mod_actions.so

LoadModule alias_module /usr/lib/apache2-worker/mod_alias.soLoadModule actions_module /usr/lib/apache2-worker/mod_actions.so

LoadModule alias_module /usr/lib/apache2-worker/mod_alias.so

LoadModule auth_basic_module /usr/lib/apache2-worker/mod_auth_basic.so

(...)

Did you read the comments? , than go to: /etc/sysconfig/apache2:

(...)

# your settings

APACHE_MODULES="actions alias auth_... include mod_log_config"

(...)

Now you have a trace of all files and can find out whats wrong.

In my case the lines:

LoadModule include_module /usr/lib/apache2-worker/mod_include.so

LoadModule log_config_module /usr/lib/apache2-worker/mod_log_config.so

were missed. Of course, for this reason I received the original error message.

The problem must to be with the file:

/usr/lib/apache2-worker/mod_include.so

I deleted it and reinstall apache and everything works again!!!!

Good Lock for you to!

This is not true since YaST would only inform you that some additional (needed ones) packages would be installed. At this point you can decide to proceed or maybe selectively cancel the installation of package(s) that caused some dependencies to be suggested for installation. It is not yelling and it is in fact very comfortable.

What complete rubbish. YAST has this cute little button at the bottom of the right hand portion of the window that is labelled Check Dependencies. There is also a checkbox labelled Autocheck. Learn to open your eyes properly next time.

Even though apt is a very good update manager, I really don't see why you should install it on Suse as Yast will do the same thing with a nice GUI if you like.

unactive the firewall in any case is good idea is really really bad idea, must config the service and last configure the firewall for accept connection only port services 25 smtp, 110 pop3.

install the XWindow in production service is more problems for security audit in the file system, more o lot files must used by xwindows and desktop software such kde o gnome, in addition the open ports for xwindows in the system is threat for the general security of system.

i recommned *not* install the Xwindow and any graphics tools or desktops eviroments in the server production and never never never unactive the firewall totally, the installation must very small the minimal necesary to run the so, and later add the software need to distinct services no more no less.

Typically a GUI is not installed on a server because it's resource intensive not because it's dangerous, at least with a properly considered firewall. SuSEfirewall blocks EVERY port not just ports up to 1024 like most firewalls. Running a GUI on SuSE is no more dangerous with the default SuSEFirewall config as anything else. There are always exceptions to every rule. Please be care about repeating the "generic, general accepted norm" if you don't know first hand its validity. Otherwise its FUD!

Hi! This seems a very good guide. But can anyone tell me if there is a similar guide for FreeBSD? im kinda new in freebsd but i want to setup something like the above project but using freebsd

proftpd is insecure, and ispconfig does indeed work with vsftpd, and it even supports more configuration modes with vsftpd. The author should check the ispconfig website. Otherwise a good article

As far as I can tell, the author is one of the main developers of ISPConfig. I think he knows very well what he's writing about... ;-)

Antivirus scanning setup would have been the final touch on this howto.

Antivirus scanning (ClamAV) comes with ISPConfig! :-)

I have problem on installing suse 9.3 on Fujitsu-Siemens Amilo D1485(laptop).When i want to install it he can not recognise what hard disk i have , so i can not install it.I don't now what to do.If you can help to fix the problem

Thank You?

Followed this to the T. Everything is fine up until apt-get update.

After that I get cannot locate package errors.

apt-get install findutils ncftp readline libgcc glibc-devel findutils-locate gcc flex lynx compat-readline4 db-devel

For example ends with ncftp cannot find package error.

As I move along I get more of the same with other packages.

Anyone know what changed? The apt-get update did a bunch of changes. Perhaps the packages can no longer be located?

Please advise.

edit /etc/apt/sources.list:

rpm ftp://ftp.gwdg.de/pub/linux/suse/apt/ SuSE/9.3-i386 base update security

uncomet the other source, this will fix

bolinux

I checked the /etc/apt/sources.list and it was a bit different than what you show here. I changed it to match your format and still nothing. You said uncomment the other source. Not sure if you mean the one that is just ahead of the rpm ftp://ftp.gwdg...... line. It starts with rpm ftp://mirrors.mathematik..... that is uncommented. There is then a bit further down a couple commented line starting with http://ftp.gwdg.de/pub/..... and http://linix01.gwdg.de... Which am I supposed to be uncommenting?

I get an error that is as follows: E: Couldn't find package ncftp

Figured it out. Install apt. Edit sources. Get update. Edit sources. Get update again. All works now.

ISPconfig install faild by missing zlib zlib-devel for clamav!

run:

apt-get install zlib zlib-devel

before start install ISPconfig!

bolinux

Does anyone have the current apt-get location?

rpm ftp://ftp.gwdg.de/pub/linux/suse/apt/ SuSE/9.3-i386 base update security

doesn't seem to work for me.

Maybe your firewall is blocking?

Hi,

I'm not sure yet how perfect this way of setting up SuSE is, but for ISPConfig there are some missing parts:

you need to:

apt-get install zlib zlib-devel clamav

then:

freschclam

/etc/init.d/clamd start

this was where I had to start over 3 times, until Ifigured it out.

This might help someone else.

Other than that, this setup seems to be great! I did this yesterday so I haven't had time to do some real testing.

Thankx!

Hyperclock

The author must be a debian fan, why else recommend apt-get --- the horror--- Mandrake urpmi does the same thing in about five lines of typing and server is ready to run with most systems activated with sane defaults. Then with webmin you can fine tune... no crazy typing (i mean come on....) with likely typos.

Geeze even yast is better than this

What a nightmare this set-up is.

I forgot to mention that using the default installation software choice results in a system of over 2 gig. Way to much garbage to exploit - Java and Flash on a server? If the os with servers installed and running (no data) is over 700meg, you have done something very wrong.

Yast on a remote server, i do not like it. apt-get like he show it here works just fine. Thanks bob

linux:/tmp # chkconfig --add proftpd
proftpd 0:off 1:off 2:off 3:on 4:off 5:on 6:off
linux:/tmp # /etc/init.d/proftpd restart
: bad interpreter: No such file or directory

Are you logged in as root user and is the script /etc/init.d/proftpd there?

Check that your script has? not CR LF as line separator (i.e. if you cut-and-paste from a web browser maybe it could be wrong..)

Just in case, use dos2unix for correcting the script.

Regards

Maybe you edit the file  with a Editor on a Microsoft PC, and than uploadet it with win scp?

 

Open the file in MC or VI and delete the returns. 

Can anyone advise what I need to do to add PEAR support to this?

How to add or create new postfix e-mail users? I? am not use ISPConfig.

=====================================================

configure: error: Try adding --with-zlib-dir=<DIR>. Please check config.log for more information.

ERROR: Could not configure PHP

=====================================================

Error message above, any assistance is appreciated. Btw, where does the config.log file reside?

jaf

[email protected]

I get this error:

Check the APACHE_MODULES setting in /etc/sysconfig/apache2.

Starting httpd2 (prefork) Creating new config (0x80eca50) for (null)
Syntax error on line 11 of /etc/apache2/mod_log_config.conf:
Invalid command 'LogFormat', perhaps mis-spelled or defined by a module not included in the server configuration

The command line was:
/usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL
failed

For some reason when I try to apt-get install gcc I get what I belive is a dependancy error:

The following packages have unmet dependencies:
gcc: Depends: cpp (= 3.3.5-5) but 3.3.5-5.1 is to be installed
E: Broken packages

I tried doing an apt-get install cpp also to update that (not sure what it is though) and it tells me cpp is the newest version.

What am I doing wrong?

Hi,

Don't know why it goes wrong. Just got an solution.

Install gcc via yast (yast2) en re run the apt-get install line. Then you wil see the error is gone,.

Greetings, Martijn Swanink

I've used this guide in various permutations to do server installs for both testing, production and hosting and it's a live saver.

Just one question: Does anybody have a link to a guide that will help in optimizing the server for high traffic web sites. I have one that servers just under .5 million pages per month and I find the server a tad sluggish. It's a p4 3Gh, 2GB memory Intel server.

I've googled and have not found anything that really helps with this.

Thanks

Brenton

Has anyone tried to use ispconfig and this guide on SLES 9.

The os installs libreadline 4 and apt wants lib readline 5 , and I am unable to get SLES to update to libreadline 5 and work , seems like the whole os wants to use libreadline 4.

Any advice ?

I found that this script does not work for SLES9. SLES9 has a differen dbrm and bash shell version which is not compatible with a few functions the apt and others are trying to do. Best stick to the Professional edition for these instructions!

Apt is a great tool, but on rpm based systems (apt4rpm) it's too slow, the fastest and most powerfull tool I've know for this systems is y2pmsh that may only be found on SuSE, besides, YaST installer is easier for newbies and is as powerfull as apt, unless it's slower. I personally prefer y2pmsh over apt cause of apt is too automatized for my likes, tgz too complicate, and haven't use emerge (for Gentoo) y2pmsh gives you more control even than apt on Debian.

Great tutorial. I had relaying problems One was the smtp users was not authorized to send mail relay The /etc/pam.d/smtp was missing copying the /etc/pam.d/pop3 and renaming it to smtp worked with the cp ./pop3 ./smtp command worked. The other problem was that user outside of local network could not send mail. The mail server is behind a CISCO PIX 515 firewall. Cisco by default, in its configuration, it has a fixup for the SMTP protocol on port 25. Disabling fixup on port 25 solved the problem.