The Perfect Server - Fedora 13 x86_64 [ISPConfig 3] - Page 5

15 Installing mod_php, mod_fcgi/PHP5, And suPHP

ISPConfig 3 allows you to use mod_php, mod_fcgi/PHP5, cgi/PHP5, and suPHP on a per website basis.

We can install Apache2 with mod_php5, mod_fcgid, and PHP5 as follows:

yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-mbstring php-mcrypt php-mhash php-mssql php-snmp php-soap php-tidy curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel mod_fcgid php-cli httpd-devel

Next we open /etc/php.ini...

vi /etc/php.ini

... and change the error reporting (so that notices aren't shown any longer) and add cgi.fix_pathinfo = 1 at the end of the file:

[...]
;error_reporting = E_ALL & ~E_DEPRECATED
error_reporting = E_ALL & ~E_NOTICE
[...]
cgi.fix_pathinfo = 1

Next we install suPHP:

cd /tmp
wget http://www.suphp.org/download/suphp-0.7.1.tar.gz
tar xvfz suphp-0.7.1.tar.gz
cd suphp-0.7.1/
./configure --prefix=/usr --sysconfdir=/etc --with-apr=/usr/bin/apr-1-config --with-apxs=/usr/sbin/apxs --with-apache-user=apache --with-setid-mode=owner --with-php=/usr/bin/php-cgi --with-logfile=/var/log/httpd/suphp_log --enable-SUPHP_USE_USERGROUP=yes
make
make install

Then we add the suPHP module to our Apache configuration...

vi /etc/httpd/conf.d/suphp.conf
LoadModule suphp_module modules/mod_suphp.so

... and create the file /etc/suphp.conf as follows:

vi /etc/suphp.conf
[global]
;Path to logfile
logfile=/var/log/httpd/suphp.log

;Loglevel
loglevel=info

;User Apache is running as
webserver_user=apache

;Path all scripts have to be in
docroot=/

;Path to chroot() to before executing script
;chroot=/mychroot

; Security options
allow_file_group_writeable=true
allow_file_others_writeable=false
allow_directory_group_writeable=true
allow_directory_others_writeable=false

;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true

;Send minor error messages to browser
errors_to_browser=false

;PATH environment variable
env_path=/bin:/usr/bin

;Umask to set, specify in octal notation
umask=0077

; Minimum UID
min_uid=100

; Minimum GID
min_gid=100

[handlers]
;Handler for php-scripts
x-httpd-suphp="php:/usr/bin/php-cgi"

;Handler for CGI-scripts
x-suphp-cgi="execute:!self"

Finally we restart Apache:

/etc/init.d/httpd restart

 

16 Install PureFTPd

PureFTPd can be installed with the following command:

yum install pure-ftpd

Then create the system startup links and start PureFTPd:

chkconfig --levels 235 pure-ftpd on
/etc/init.d/pure-ftpd start

 

17 Install BIND

We can install BIND as follows:

yum install bind bind-utils

Then we create the startup links:

chkconfig --levels 235 named on

We don't start BIND now because it must be configured first - this will be done automatically by the ISPConfig 3 installer later on.

 

18 Install Vlogger And Webalizer

Vlogger and webalizer can be installed as follows:

yum install webalizer perl-DateTime-Format-HTTP perl-DateTime-Format-Builder

cd /tmp
wget http://n0rp.chemlab.org/vlogger/vlogger-1.3.tar.gz
tar xvfz vlogger-1.3.tar.gz
mv vlogger-1.3/vlogger /usr/sbin/
rm -rf vlogger*

 

19 Install Jailkit

Jailkit is needed only if you want to chroot SSH users. It can be installed as follows (important: Jailkit must be installed before ISPConfig - it cannot be installed afterwards!):

cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.11.tar.gz
tar xvfz jailkit-2.11.tar.gz
cd jailkit-2.11
./configure
make
make install
cd ..
rm -rf jailkit-2.11*

 

20 Install fail2ban

This is optional but recommended, because the ISPConfig monitor tries to show the log:

yum install fail2ban

chkconfig --levels 235 fail2ban on
/etc/init.d/fail2ban start

 

21 Install rkhunter

rkhunter can be installed as follows:

yum install rkhunter
Share this page:

6 Comment(s)