The Perfect Server - CentOS 6.2 x86_64 With Apache2 [ISPConfig 3] - Page 5

14 Install Amavisd-new, SpamAssassin And ClamAV

To install amavisd-new, spamassassin and clamav, run the following command:

yum install amavisd-new spamassassin clamav clamd unzip bzip2 unrar perl-DBD-mysql

Then we start freshclam, amavisd, and clamd.amavisd:

chkconfig --levels 235 amavisd on
chkconfig --del clamd
chkconfig --levels 235 clamd.amavisd on
/etc/init.d/amavisd start
/etc/init.d/clamd.amavisd start


15 Installing Apache2 With mod_php, mod_fcgi/PHP5, And suPHP

ISPConfig 3 allows you to use mod_php, mod_fcgi/PHP5, cgi/PHP5, and suPHP on a per website basis.

We can install Apache2with mod_php5, mod_fcgid, and PHP5 as follows:

yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-xcache php-mbstring php-mcrypt php-mssql php-snmp php-soap php-tidy curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel mod_fcgid php-cli httpd-devel

Next we open /etc/php.ini...

vi /etc/php.ini

... and change the error reporting (so that notices aren't shown any longer) and uncomment cgi.fix_pathinfo=1:

;error_reporting = E_ALL & ~E_DEPRECATED
error_reporting = E_ALL & ~E_NOTICE
; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI.  PHP's
; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
; what PATH_INFO is.  For more information on PATH_INFO, see the cgi specs.  Setting
; this to 1 will cause PHP CGI to fix its paths to conform to the spec.  A setting
; of zero causes PHP to behave as before.  Default is 1.  You should fix your scripts

Next we install suPHP (there is a mod_suphp package available in the repositories, but unfortunately it isn't compatible with ISPConfig, therefore we have to build suPHP ourselves):

cd /tmp
tar xvfz suphp-0.7.1.tar.gz
cd suphp-0.7.1/
./configure --prefix=/usr --sysconfdir=/etc --with-apr=/usr/bin/apr-1-config --with-apxs=/usr/sbin/apxs --with-apache-user=apache --with-setid-mode=owner --with-php=/usr/bin/php-cgi --with-logfile=/var/log/httpd/suphp_log --enable-SUPHP_USE_USERGROUP=yes
make install

Then we add the suPHP module to our Apache configuration...

vi /etc/httpd/conf.d/suphp.conf

LoadModule suphp_module modules/

... and create the file /etc/suphp.conf as follows:

vi /etc/suphp.conf

;Path to logfile
;User Apache is running as
;Path all scripts have to be in
;Path to chroot() to before executing script
; Security options
;Check wheter script is within DOCUMENT_ROOT
;Send minor error messages to browser
;PATH environment variable
;Umask to set, specify in octal notation
; Minimum UID
; Minimum GID
;Handler for php-scripts
;Handler for CGI-scripts

Finally we restart Apache:

/etc/init.d/httpd restart


15.1 Ruby

Starting with version 3.0.3, ISPConfig 3 has built-in support for Ruby. Instead of using CGI/FastCGI, ISPConfig depends on mod_ruby being available in the server's Apache.

For CentOS 6.2, there's no mod_ruby package available, so we must compile it ourselves. First we install some prerequisites:

yum install httpd-devel ruby ruby-devel

Next we download and install mod_ruby as follows:

cd /tmp
tar zxvf mod_ruby-1.3.0.tar.gz
cd mod_ruby-1.3.0/
./configure.rb --with-apr-includes=/usr/include/apr-1
make install

Finally we must add the mod_ruby module to the Apache configuration, so we create the file /etc/httpd/conf.d/ruby.conf...

vi /etc/httpd/conf.d/ruby.conf

LoadModule ruby_module modules/
RubyAddPath /1.8

... and restart Apache:

/etc/init.d/httpd restart

(If you leave out the RubyAddPath /1.8 directive, you will see errors like the following ones in Apache's error log when you call Ruby files:

[Thu May 26 02:05:05 2011] [error] mod_ruby: ruby:0:in `require': no such file to load -- apache/ruby-run (LoadError)
[Thu May 26 02:05:05 2011] [error] mod_ruby: failed to require apache/ruby-run
[Thu May 26 02:05:05 2011] [error] mod_ruby: error in ruby



15.2 Python

To install mod_python, we simply run...

yum install mod_python

... and restart Apache afterwards:

/etc/init.d/httpd restart


15.3 WebDAV

WebDAV should already be enabled, but to check this, open /etc/httpd/conf/httpd.conf and make sure that the following three modules are active:

vi /etc/httpd/conf/httpd.conf

LoadModule auth_digest_module modules/
LoadModule dav_module modules/
LoadModule dav_fs_module modules/

If you have to modify /etc/httpd/conf/httpd.conf, don't forget to restart Apache afterwards:

/etc/init.d/httpd restart


16 Install PureFTPd

PureFTPd can be installed with the following command:

yum install pure-ftpd

Then create the system startup links and start PureFTPd:

chkconfig --levels 235 pure-ftpd on
/etc/init.d/pure-ftpd start

Now we configure PureFTPd to allow FTP and TLS sessions. FTP is a very insecure protocol because all passwords and all data are transferred in clear text. By using TLS, the whole communication can be encrypted, thus making FTP much more secure.

OpenSSL is needed by TLS; to install OpenSSL, we simply run:

yum install openssl

Open /etc/pure-ftpd/pure-ftpd.conf...

vi /etc/pure-ftpd/pure-ftpd.conf

If you want to allow FTP and TLS sessions, set TLS to 1:

# This option can accept three values :
# 0 : disable SSL/TLS encryption layer (default).
# 1 : accept both traditional and encrypted sessions.
# 2 : refuse connections that don't use SSL/TLS security mechanisms,
#     including anonymous sessions.
# Do _not_ uncomment this blindly. Be sure that :
# 1) Your server has been compiled with SSL/TLS support (--with-tls),
# 2) A valid certificate is in place,
# 3) Only compatible clients will log in.
TLS                      1

In order to use TLS, we must create an SSL certificate. I create it in /etc/ssl/private/, therefore I create that directory first:

mkdir -p /etc/ssl/private/

Afterwards, we can generate the SSL certificate as follows:

openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem

Country Name (2 letter code) [XX]: <-- Enter your Country Name (e.g., "DE").
State or Province Name (full name) []:
<-- Enter your State or Province Name.
Locality Name (eg, city) [Default City]:
<-- Enter your City.
Organization Name (eg, company) [Default Company Ltd]:
<-- Enter your Organization Name (e.g., the name of your company).
Organizational Unit Name (eg, section) []:
<-- Enter your Organizational Unit Name (e.g. "IT Department").
Common Name (eg, your name or your server's hostname) []:
<-- Enter the Fully Qualified Domain Name of the system (e.g. "").
Email Address []:
<-- Enter your Email Address.

Change the permissions of the SSL certificate:

chmod 600 /etc/ssl/private/pure-ftpd.pem

Finally restart PureFTPd:

/etc/init.d/pure-ftpd restart

That's it. You can now try to connect using your FTP client; however, you should configure your FTP client to use TLS.


17 Install BIND

We can install BIND as follows:

yum install bind bind-utils

Next open /etc/sysconfig/named...

vi /etc/sysconfig/named

... and make sure that the ROOTDIR=/var/named/chroot line is comment out:

# BIND named process options
# ~~~~~~~~~~~~~~~~~~~~~~~~~~
# Currently, you can use the following options:
# ROOTDIR="/var/named/chroot"  --  will run named in a chroot environment.
#                            you must set up the chroot environment
#                            (install the bind-chroot package) before
#                            doing this.
#       NOTE:
#         Those directories are automatically mounted to chroot if they are
#         empty in the ROOTDIR directory. It will simplify maintenance of your
#         chroot environment.
#          - /var/named
#          - /etc/pki/dnssec-keys
#          - /etc/named
#          - /usr/lib64/bind or /usr/lib/bind (architecture dependent)
#         Those files are mounted as well if target file doesn't exist in
#         chroot.
#          - /etc/named.conf
#          - /etc/rndc.conf
#          - /etc/rndc.key
#          - /etc/named.rfc1912.zones
#          - /etc/named.dnssec.keys
#          - /etc/named.iscdlv.key
#       Don't forget to add "$AddUnixListenSocket /var/named/chroot/dev/log"
#       line to your /etc/rsyslog.conf file. Otherwise your logging becomes
#       broken when rsyslogd daemon is restarted (due update, for example).
# OPTIONS="whatever"     --  These additional options will be passed to named
#                            at startup. Don't add -t here, use ROOTDIR instead.
# KEYTAB_FILE="/dir/file"    --  Specify named service keytab file (for GSS-TSIG)
# DISABLE_ZONE_CHECKING  -- By default, initscript calls named-checkzone
#                           utility for every zone to ensure all zones are
#                           valid before named starts. If you set this option
#                           to 'yes' then initscript doesn't perform those
#                           checks.

Make a backup of the existing /etc/named.conf file and create a new one as follows:

cp /etc/named.conf /etc/named.conf_bak
cat /dev/null > /etc/named.conf
vi /etc/named.conf

// named.conf
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
// See /usr/share/doc/bind*/sample/ for example named configuration files.
options {
        listen-on port 53 { any; };
        listen-on-v6 port 53 { any; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };
        recursion no;
        allow-recursion { none; };
logging {
        channel default_debug {
                file "data/";
                severity dynamic;
zone "." IN {
        type hint;
        file "";
include "/etc/named.conf.local";

Create the file /etc/named.conf.local that is included at the end of /etc/named.conf (/etc/named.conf.local will later on get populated by ISPConfig if you create DNS zones in ISPConfig):

touch /etc/named.conf.local

Then we create the startup links and start BIND:

chkconfig --levels 235 named on
/etc/init.d/named start


18 Install Vlogger, Webalizer, And AWStats

Vlogger, webalizer, and AWStats can be installed as follows:

yum install webalizer awstats perl-DateTime-Format-HTTP perl-DateTime-Format-Builder

cd /tmp
tar xvfz vlogger-1.3.tar.gz
mv vlogger-1.3/vlogger /usr/sbin/
rm -rf vlogger*


19 Install Jailkit

Jailkit is needed only if you want to chroot SSH users. It can be installed as follows (important: Jailkit must be installed before ISPConfig - it cannot be installed afterwards!):

cd /tmp
tar xvfz jailkit-2.14.tar.gz
cd jailkit-2.14
make install
cd ..
rm -rf jailkit-2.14*


20 Install fail2ban

This is optional but recommended, because the ISPConfig monitor tries to show the log:

yum install fail2ban

We must configure fail2ban to log to the log file /var/log/fail2ban.log because this is the log file that is monitored by the ISPConfig Monitor module. Open /etc/fail2ban/fail2ban.conf...

vi /etc/fail2ban/fail2ban.conf

... and comment out the logtarget = SYSLOG line and add logtarget = /var/log/fail2ban.log:

# Option:  logtarget
# Notes.:  Set the log target. This could be a file, SYSLOG, STDERR or STDOUT.
#          Only one log target can be specified.
# Values:  STDOUT STDERR SYSLOG file  Default:  /var/log/fail2ban.log
#logtarget = SYSLOG
logtarget = /var/log/fail2ban.log

Then create the system startup links for fail2ban and start it:

chkconfig --levels 235 fail2ban on
/etc/init.d/fail2ban start


21 Install rkhunter

rkhunter can be installed as follows:

yum install rkhunter

Share this page:

31 Comment(s)

Add comment


From: Elton at: 2012-01-25 15:21:47

I'm trying to use your tutorial, but there are a lot of diferences between what I read here and what I found into CentOS 6.2

 For example, I don't have anymore system-config-* command files :(

From: Deunan Knute at: 2012-02-01 04:49:14

You may need to separately install them, if you chose Minimal Install

Try this -

yum install system-config-network-tui system-config-firewall-tui

From: damaster at: 2014-05-15 12:51:15

YES..... Very important step..... thanks for this tip :)

From: PlanetMaster at: 2012-02-01 23:46:00

Great tutorial, just migrated from cPanel and Apache and I am very happy with the performance and financial savings. I had the issue with courier-imap install but building from source fixed that.


From: Nubbyless at: 2012-02-14 00:17:39

Would be great to have this as a script with minimal user input but i dont have the knowledge to do it

From: D-Spayre at: 2012-03-18 02:24:23


I did a fresh install and when trying to access ISPconfig I'm just getting a White Screen.

Would that have to do with PHP 5.3.3?


From: at: 2013-01-16 20:16:03

I am installing a fresh CentOS 6.3 instead of 6.2 following this guide.   The order of installation windows is a bit different for a 6.3 install than 6.2 but most of the information in the steps still apply.  Here is one big difference which gave me tons of frustration on my previous 6.3 install following this guide that I have discovered an easy solution during installation for:

Where the guide says:

"Next we do the partitioning. Select Replace Existing Linux System(s). This will give you a small /boot partition and a large / partition which is fine for our purposes:"

Problem: This isn't true in 6.3, instead, this will give you a large /home partition and a small / partition and a very small /boot partition.  The problem is that for a server we want a large / partition (technically a large /var partition but I just like to make the whole / partition large because its quick & easy)

Solution: Make sure you check the box on the bottom: "Review and modify partitioning layout" before clicking next.  On the next screen, simply swap the size on the / and the /home partitions and you're all set. Make sure to set the /home partition to the / partition size first to free up the resources.

Important: If you don't do this now then you will need to boot from the OS disk later in order to modify the / partition, so best to do it now and save yourself the hassle of running out of room in your /var/www folder later.

From: at: 2013-01-16 21:51:37

If you're like me and completely missed the button to setup your network when setting your server host name during installation, then there are some additional steps to take that may save you some time that I learned the hard way.  I'm installing CentOS 6.3 by the way:

Problem: Even after using system-config-network, the eth0 card won't automatically connect nor will it be set to automatically connect on boot unless you've set these options during install.

Solution:  First use system-config-network as described in the guide to set both the Device Configuration and the DNS Configuration.  After that use the command:

vi /etc/sysconfig/network-scripts/ifcfg-eth0

and update the following settings:


Then do a:


Then run a:


and all should be well to continue with the guide!   Cheers to us button skippers!


From: Anonymous at: 2012-02-21 01:05:48

wget is now at  wget


From: nikitux at: 2012-02-01 19:20:30

A little Trick for add line priority=10 with sed (only  on enabled repository)

 sed -i -e '/enabled=1/a priority=10'  /etc/yum.repos.d/epel.repo




From: DPO at: 2012-05-11 15:07:17

as reported here:

6.5 link is obsolete

You can use the new version 6.6

hope this can help D.

From: at: 2012-05-20 00:33:04

the wget command in step seven that references needs to be changed to

From: Patricio at: 2012-05-29 09:51:56

Step 7 (fail wget epel-relase-6-5)


rpm -Uvh epel-release-6-7.noarch.rpm

From: at: 2012-06-09 20:39:22

cd /tmp
rpm -ivh epel-release-6-7.noarch.rpm

 Worked for me on CentOS 6.2 i386 flavor.

From: Donald at: 2013-01-17 02:10:33

Another release:


Is the new hotness.

From: Ramin at: 2012-02-18 10:02:05

In my case the didn't work. removing "s" from the https worked fine.

From: polcrito at: 2012-07-12 23:18:42

Follow the entire manual and I have almost everything working, just something I fail, teams can only send emails blackberry can not receive them, add the blackberry to my_networks networks in / etc / postfix / ..... any of you have any idea of my fault .. if we use mail clients pc or iphone everything envua and receive, only blackberry that gives me this fault ..,. appreciate your comments .... att ... native pol

From: Chris at: 2012-03-03 23:17:20

This installs the 2.11 version of phpMyAdmin. 'yum install phpMyAdmin' will grab one from the 3.4 branch, but it's still outdated a bit. I'd recommend getting the latest 3.4 version from and install from source.

From: Anonymous at: 2012-03-27 00:32:27

Looks like it grabs 3.4.9-1 now, however in the step

vi /etc/httpd/conf.d/phpmyadmin.conf 

You now have to put in vi /etc/httpd/conf.d/phpMyAdmin.conf and the next step it changed to vi /usr/share/phpMyAdmin/ 

From: Gabrym at: 2012-04-30 21:35:38

smtp not work properly

I mast install cyrus-sasl-plain:

yum install cyrus-sasl-plain
service saslauthd stop
service postfix stop
service saslauthd start
service postfix start
chkconfig --levels 235 saslauthd on

From: Jay at: 2012-06-20 15:15:07

Step 10 start courier-imap on my CentOS 32bit failed.

I needed to use as root:

/usr/lib/courier-imap/libexec/imapd.rc start



was not found

From: at: 2012-06-10 00:01:23

Step 15 php-xcache doesn't install.

 Had to follow instructions here to install and configure it.


From: Chris at: 2012-06-30 21:45:41

STEP 14:

 [root@s2 ~]# chkconfig --levels 235 clamd.amavisd on
error reading information on service clamd.amavisd: No such file or directory

 [root@s2 ~]# /etc/init.d/clamd.amavisd start
-bash: /etc/init.d/clamd.amavisd: No such file or directory

??? Anybody has idea???

From: ali firdaus at: 2012-07-05 10:12:05

Make sure install EPEL Packet.  Install the EPEL package using the command below.

rpm -Uvh

It's work for me.

From: Anonymous at: 2012-07-03 19:20:15

Check repository settings. Make sure you install from below repositories:

Installed Packages
amavisd-new.noarch          2.6.4-2.el6           @epel
clamav.x86_64               0.97.3-3.el6          @epel
clamd.x86_64                0.97.3-3.el6          @epel
spamassassin.x86_64         3.3.1-2.el6           @base
Available Packages
clamav.i686                 0.97.3-3.el6          epel

From: ShadowMerlin at: 2013-06-21 20:28:05

mod_ruby is no longer at (unless it's now completely in Japanese).

Change that line to wget

From: Brian at: 2012-04-12 09:15:29

Great tutorial!
Even this linux nono did it with this great tutorial.


From: Anonymous at: 2012-07-07 09:29:37

I agree I have never used any form of linux before and was a great set of instructions!
very well put together tutorial.
also learned a lot during the install.

Would be great if anyone knows of a tutorial or guide to fully secure and lock down the server after the install, remove vunralbilities etc...

Great work

From: daro at: 2012-10-10 11:27:20

The best ever tutorial online. I start to prefer Linux Command Lines after this Great Tutorial; and I will never go to automatic applications such as Webmin and Virtualmin which produce lots of bugs causing me to be stuck with them for two weeks until I found this brilliant perfect VPS server. I am at the final stage of Squirrelmail configuration, and seems to be working fine at moment. Cheers

From: IPVS at: 2012-12-14 01:56:24

I'm baffled.. I spent 3 hours installing IPSConfig3.  It went perfect.    It then installed ISPConfig , noted Installation Completed.   And within 5 seconds, the system went dead.   I couldn't ping it... Nothing.   I powered the system off, then powered it back on maintaining a ping to it... As soon as it was ping-able, I ssh'ed into it... and it went completely dead again within 5 seconds... ????

See the ouptut for the last part of the install...  I'm completely baffled on where to go from here???






Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
writing RSA key
Configuring DBServer
Installing ISPConfig crontab
no crontab for root
no crontab for getmail
Restarting services ...
Stopping mysqld:                                           [  OK  ]
Starting mysqld:                                           [  OK  ]
Shutting down postfix:                                     [  OK  ]
Starting postfix:                                          [  OK  ]
Stopping saslauthd:                                        [FAILED]
Starting saslauthd:                                        [  OK  ]
Shutting down amavisd: Daemon [16405] terminated by SIGTERM
                                                           [  OK  ]
amavisd stopped
Starting amavisd:                                          [  OK  ]

Stopping clamd.amavisd:                                    [  OK  ]
Starting clamd.amavisd:                                    [  OK  ]
Stopping Courier authentication services: authdaemond
Starting Courier authentication services: authdaemond
Stopping Courier-IMAP server: imap imap-ssl pop3 pop3-ssl
Starting Courier-IMAP server: imap imap-ssl pop3 pop3-ssl
Stopping Courier-IMAP server: imap imap-ssl pop3 pop3-ssl
Starting Courier-IMAP server: imap imap-ssl pop3 pop3-ssl
Stopping Courier-IMAP server: imap imap-ssl pop3 pop3-ssl
Starting Courier-IMAP server: imap imap-ssl pop3 pop3-ssl
Stopping Courier-IMAP server: imap imap-ssl pop3 pop3-ssl
Starting Courier-IMAP server: imap imap-ssl pop3 pop3-ssl
Stopping httpd:                                            [  OK  ]
[Thu Dec 13 16:28:00 2012] [warn] NameVirtualHost *:80 has no VirtualHosts
Starting httpd:                                            [  OK  ]
Stopping pure-ftpd:                                        [  OK  ]
Starting pure-ftpd:                                        [  OK  ]
Installation completed.
16:28:03-root@Web1:/tmp/ispconfig3_install/install#Write failed: Broken pipe

From: Anonymous at: 2012-07-21 23:38:03

This is the best tutorial I've ever discovered! Thank you so much!    I had only 2 issues during the process:

 1.) service named start

This hung for several minutes so I spent about 2 hours trying to debug.  Bind requires using /dev/random to create a key the first time its run, which can take a very long time depending on your system.  Just let it run until its done, it will eventually finish.


2.) I installed mailman exactly as the tutorial says, and used wget to install ISPConfig 3, however, mailman wasn't detected during the install php script.   Not a big deal for me for now I guess, but I'm not sure what happened.