The Perfect Server - Debian Squeeze (Debian 6.0) With BIND, Dovecot & Nginx [ISPConfig 3] - Page 5
This tutorial exists for these OS versions
- Debian 10 (Buster)
- Debian 9 (Stretch)
- Debian 8 (Jessie)
- Debian 7 (Wheezy)
- Debian 6 (Squeeze)
On this page
15 Install PureFTPd And Quota
PureFTPd and quota can be installed with the following command:
apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool
Edit the file /etc/default/pure-ftpd-common:
vi /etc/default/pure-ftpd-common
Start mode is most likely already set to standalone and but make sure VIRTUALCHROOT=true is also defined like this:
[...] STANDALONE_OR_INETD=standalone [...] VIRTUALCHROOT=true [...] |
It is likely that all lines are commented out, but it is worth checking /etc/inetd.conf for a line beginning with ftp stream tcp and comment it out. If the file or line do not exist then there is no need to edit or create it. This prevents inetd from trying to start ftp:
vi /etc/inetd.conf
Comment it out like this:
[...] #:STANDARD: These are standard services. #ftp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/pure-ftpd-wrapper [...] |
If you had to modify /etc/inetd.conf, restart inetd now:
/etc/init.d/openbsd-inetd restart
Now you can configure PureFTPd to allow FTP and TLS sessions. FTP is a very insecure protocol because all passwords and data are transferred in clear text. By using TLS the data transfers can be encrypted thus making FTP much more secure.
If you would like to allow FTP and TLS sessions run:
echo 1 > /etc/pure-ftpd/conf/TLS
In order to use TLS you must create an SSL certificate. Create the directory and generate the SSL certificate in /etc/ssl/private/ using the following commands:
mkdir -p /etc/ssl/private/
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
Country Name (2 letter code) [AU]: <-- Enter your Country Name (e.g., "DE").
State or Province Name (full name) [Some-State]:<-- Enter your State or Province Name.
Locality Name (eg, city) []:<-- Enter your City.
Organization Name (eg, company) [Internet Widgits Pty Ltd]:<-- Enter your Organization Name (e.g., the name of your company).
Organizational Unit Name (eg, section) []:<-- Enter your Organizational Unit Name (e.g. "IT Department").
Common Name (eg, YOUR name) []:<-- Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com").
Email Address []:<-- Enter your Email Address.
Then change the permissions of the SSL certificate and restart PureFTPd:
chmod 600 /etc/ssl/private/pure-ftpd.pem
/etc/init.d/pure-ftpd-mysql restart
Edit /etc/fstab by adding ,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 to the partition with the mount point /, can also be done on /var if you have a separate /var partition:
vi /etc/fstab
# /etc/fstab: static file system information. # # Use 'blkid' to print the universally unique identifier for a # device; this may be used with UUID= as a more robust way to name devices # that works even if disks are added and removed. See fstab(5). # # <file system> <mount point> <type> <options> <dump> <pass> proc /proc proc defaults 0 0 # / was on /dev/sda1 during installation UUID=92bceda2-5ae4-4e3a-8748-b14da48fb297 / ext3 errors=remount-ro,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 0 1 # swap was on /dev/sda5 during installation UUID=e24b3e9e-095c-4b49-af27-6363a4b7d094 none swap sw 0 0 /dev/scd0 /media/cdrom0 udf,iso9660 user,noauto 0 0 /dev/fd0 /media/floppy0 auto rw,user,noauto 0 0 |
On a separate /var partition you can use usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 under options like this:
[...] # / was on /dev/sda1 during installation UUID=92bceda2-5ae4-4e3a-8748-b14da48fb297 / ext3 errors=remount-ro 0 1 [...] # /var was on /dev/sda3 during installation UUID=be189fc3-b1b0-4e41-822c-6f81aa504bc1 /var ext3 usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 0 2 [...] |
Please note that the UUIDs, paritions and file system types are likely differ on your system so do not change the to the ones in the example configuration.
To enable quota, run these commands:
mount -o remount /
quotacheck -avugm
quotaon -avug
If you enabled quota on /var then you might get a similar response on your terminal:
quotacheck: Scanning /dev/sda3 [/var] done
quotacheck: Cannot stat old user quota file: No such file or directory
quotacheck: Cannot stat old group quota file: No such file or directory
quotacheck: Cannot stat old user quota file: No such file or directory
quotacheck: Cannot stat old group quota file: No such file or directory
quotacheck: Checked 335 directories and 3233 files
quotacheck: Old file not found.
quotacheck: Old file not found.
root@server1:~# quotaon -avug
/dev/sda3 [/var]: group quotas turned on
/dev/sda3 [/var]: user quotas turned on
16 Install BIND DNS Server
BIND can be installed as follows:
apt-get install bind9 dnsutils
17 Install Vlogger, Webalizer, And AWstats
Vlogger, webalizer, and AWstats can be installed as follows:
apt-get install vlogger webalizer awstats geoip-database
Open /etc/cron.d/awstats to edit it...
vi /etc/cron.d/awstats
... and comment out both cron jobs in that file:
#*/10 * * * * www-data [ -x /usr/share/awstats/tools/update.sh ] && /usr/share/awstats/tools/update.sh # Generate static reports: #10 03 * * * www-data [ -x /usr/share/awstats/tools/buildstatic.sh ] && /usr/share/awstats/tools/buildstatic.sh |
18 Install Jailkit
Jailkit is needed only if you want to chroot SSH users. Jailkit must be installed before ISPConfig 3, it cannot be installed afterwards! It can be installed as follows:
apt-get install build-essential autoconf automake1.9 libtool flex bison debhelper
cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.14.tar.gz
tar xvfz jailkit-2.14.tar.gz
cd jailkit-2.14
./debian/rules binary
cd ..
dpkg -i jailkit_2.14-1_*.deb
rm -rf jailkit-2.14*