The Perfect Server - Fedora 10 [ISPConfig 3] - Page 5

14 Set MySQL Passwords And Configure phpMyAdmin

Start MySQL:

chkconfig --levels 235 mysqld on
/etc/init.d/mysqld start

Then set passwords for the MySQL root account:

mysqladmin -u root password yourrootsqlpassword
mysqladmin -h server1.example.com -u root password yourrootsqlpassword

If the last command throws an error at you...

[root@server1 i386]# mysqladmin -h server1.example.com -u root password howtoforge
mysqladmin: connect to server at 'server1.example.com' failed
error: 'Access denied for user 'root'@'localhost' (using password: NO)'
[root@server1 i386]#

... we can set the password as follows: connect to MySQL:

mysql -u root -p

Type in the password for the MySQL root user. Then, on the MySQL shell, do this:

mysql> USE mysql;

mysql> UPDATE user SET Password = password('yourrootsqlpassword') WHERE Host = 'server1.example.com' AND User = 'root';

mysql> UPDATE user SET Password = password('yourrootsqlpassword') WHERE Host = '127.0.0.1' AND User = 'root';

Run

mysql> SELECT * FROM user;

to make sure that all rows where the user is root have a password.

If everything is looking ok, run

mysql> FLUSH PRIVILEGES;

... and leave the MySQL shell:

mysql> quit;

Now we configure phpMyAdmin. We change the Apache configuration so that phpMyAdmin allows connections not just from localhost (by commenting out the <Directory /usr/share/phpmyadmin> stanza):

vi /etc/httpd/conf.d/phpMyAdmin.conf

# phpMyAdmin - Web based MySQL browser written in php
#
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL

Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin
#<Directory /usr/share/phpMyAdmin/>
#   order deny,allow
#   deny from all
#   allow from 127.0.0.1
#</Directory>

# This directory does not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#
<Directory /usr/share/phpMyAdmin/libraries>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

# This configuration prevents mod_security at phpMyAdmin directories from
# filtering SQL etc.  This may break your mod_security implementation.
#
#<IfModule mod_security.c>
#    <Directory /usr/share/phpMyAdmin>
#        SecRuleInheritance Off
#    </Directory>
#</IfModule>

Then we create the system startup links for Apache and start it:

chkconfig --levels 235 httpd on
/etc/init.d/httpd start

Now you can direct your browser to http://server1.example.com/phpmyadmin/ or http://192.168.0.100/phpmyadmin/ and log in with the user name root and your new root MySQL password.

15 Install Amavisd-new, SpamAssassin And ClamAV

To install amavisd-new, spamassassin and clamav, run the following command:

yum install amavisd-new spamassassin clamav clamav-data clamav-server clamav-update unzip bzip2 perl-DBD-mysql

When we installed ClamAV, a cron job got installed that tries to update the ClamAV virus database every three hours. But this works only if we enable it in /etc/sysconfig/freshclam and /etc/freshclam.conf:

vi /etc/sysconfig/freshclam

Comment out the FRESHCLAM_DELAY line at the end:

## When changing the periodicity of freshclam runs in the crontab,
## this value must be adjusted also. Its value is the timespan between
## two subsequent freshclam runs in minutes. E.g. for the default
##
## | 0 */3 * * *  ...
##
## crontab line, the value is 180 (minutes).
# FRESHCLAM_MOD=

## A predefined value for the delay in seconds. By default, the value is
## calculated by the 'hostid' program. This predefined value guarantees
## constant timespans of 3 hours between two subsequent freshclam runs.
##
## This option accepts two special values:
## 'disabled-warn'  ...  disables the automatic freshclam update and
##                         gives out a warning
## 'disabled'       ...  disables the automatic freshclam silently
# FRESHCLAM_DELAY=


### !!!!! REMOVE ME !!!!!!
### REMOVE ME: By default, the freshclam update is disabled to avoid
### REMOVE ME: network access without prior activation
#FRESHCLAM_DELAY=disabled-warn  # REMOVE ME

vi /etc/freshclam.conf

Comment out the Example line:

[...]
# Comment or remove the line below.
#Example
[...]

Then we start freshclam, amavisd, and clamd...

chkconfig --levels 235 amavisd on
chkconfig --levels 235 clamd.amavisd on
/usr/bin/freshclam
/etc/init.d/amavisd start
/etc/init.d/clamd.amavisd start

... and change the ownership of some directories:

chown amavis /var/run/amavisd /var/spool/amavisd /var/spool/amavisd/tmp /var/spool/amavisd/db

16 Installing Apache2 With mod_php, mod_fcgi/PHP5, And suPHP

ISPConfig 3 allows you to use mod_php, mod_fcgi/PHP5, cgi/PHP5, and suPHP on a per website basis.

We can install Apache2with mod_php5, mod_fcgid, and PHP5 as follows:

yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-eaccelerator php-mbstring php-mcrypt php-mhash php-mssql php-snmp php-soap php-tidy curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel mod_fcgid php-cli httpd-devel 

Next we open /etc/php.ini...

vi /etc/php.ini

... and change the error reporting (so that notices aren't shown any longer) and add cgi.fix_pathinfo = 1 at the end of the file:

[...]
;error_reporting  =  E_ALL
error_reporting = E_ALL & ~E_NOTICE
[...]
cgi.fix_pathinfo = 1

Next we install suPHP:

cd /tmp
wget http://www.suphp.org/download/suphp-0.7.0.tar.gz
tar xvfz suphp-0.7.0.tar.gz
cd suphp-0.7.0/
./configure --prefix=/usr --sysconfdir=/etc --with-apr=/usr/bin/apr-1-config --with-apxs=/usr/sbin/apxs --with-apache-user=apache --with-setid-mode=owner --with-php=/usr/bin/php-cgi --with-logfile=/var/log/httpd/suphp_log --enable-SUPHP_USE_USERGROUP=yes
make
make install

Then we add the suPHP module to our Apache configuration...

vi /etc/httpd/conf.d/suphp.conf

LoadModule suphp_module modules/mod_suphp.so

... and create the file /etc/suphp.conf as follows:

vi /etc/suphp.conf

[global]
;Path to logfile
logfile=/var/log/httpd/suphp.log

;Loglevel
loglevel=info

;User Apache is running as
webserver_user=apache

;Path all scripts have to be in
docroot=/

;Path to chroot() to before executing script
;chroot=/mychroot

; Security options
allow_file_group_writeable=true
allow_file_others_writeable=false
allow_directory_group_writeable=true
allow_directory_others_writeable=false

;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true

;Send minor error messages to browser
errors_to_browser=false

;PATH environment variable
env_path=/bin:/usr/bin

;Umask to set, specify in octal notation
umask=0077

; Minimum UID
min_uid=100

; Minimum GID
min_gid=100

[handlers]
;Handler for php-scripts
x-httpd-suphp="php:/usr/bin/php-cgi"

;Handler for CGI-scripts
x-suphp-cgi="execute:!self"

Finally we restart Apache:

/etc/init.d/httpd restart

17 Install PureFTPd

PureFTPd can be installed with the following command:

yum install pure-ftpd

Then create the system startup links and start PureFTPd:

chkconfig --levels 235 pure-ftpd on
/etc/init.d/pure-ftpd start

18 Install MyDNS

We can install MyDNS as follows:

wget http://mydns.bboy.net/download/mydns-mysql-1.1.0-1.i386.rpm
rpm -ivh mydns-mysql-1.1.0-1.i386.rpm

When the system boots, MyDNS must be started after MySQL. The MySQL startup link has the priority 64 on Fedora 10, so the MyDNS startup link must have a priority between 65 and 99. Therefore we open the MyDNS init script...

vi /etc/init.d/mydns

... and change

[...]
# chkconfig: 345 52 50
[...]

to

[...]
# chkconfig: 345 65 50
[...]

Then we create the startup links:

chkconfig --levels 235 mydns on

We don't start MyDNS now because it must be configured first - this will be done automatically by the ISPConfig 3 installer later on.

19 Install Vlogger And Webalizer

Vlogger and webalizer can be installed as follows:

yum install webalizer perl-DateTime-Format-HTTP perl-DateTime-Format-Builder

cd /tmp
wget http://n0rp.chemlab.org/vlogger/vlogger-1.3.tar.gz
tar xvfz vlogger-1.3.tar.gz
mv vlogger-1.3/vlogger /usr/sbin/
rm -rf vlogger*