The Perfect Server - Fedora 9 - Page 6

15 ProFTPd (Part 1)

ISPConfig has better support for proftpd than vsftpd, so let's remove vsftpd and install proftpd:

yum remove vsftpd

yum install proftpd

Now we can create the system startup links for Proftpd and start it:

chkconfig --levels 235 proftpd on
/etc/init.d/proftpd start

 

16 Webalizer

To install webalizer, just run

yum install webalizer

 

17 Synchronize The System Clock

If you want to have the system clock synchronized with an NTP server do the following:

yum install ntp

chkconfig --levels 235 ntpd on
ntpdate 0.pool.ntp.org
/etc/init.d/ntpd start

 

18 Install Some Perl Modules

ISPConfig comes with SpamAssassin which needs a few Perl modules to work. We install the required Perl modules with a single command:

yum install perl-HTML-Parser perl-DBI perl-Net-DNS perl-Digest-SHA1

 

19 ISPConfig

The configuration of the server is now finished.

If you want to install ISPConfig, there's one more thing you need to do. Fedora 9 comes with the gcc version 4.3, but the ISPConfig installation (the OpenSSL part, to be specific) fails with this gcc version. Therefore we install gcc 3.4...

yum install compat-gcc-34

... and create a symlink from /usr/bin/gcc to /usr/bin/gcc34:

cd /usr/bin
mv gcc gcc43
ln -s gcc34 gcc

You can now install ISPConfig on it, following these instructions: http://www.ispconfig.org/manual_installation.htm

 

19.1 A Note On SuExec

If you want to run CGI scripts under suExec, you should specify /var/www as the web root for websites created by ISPConfig as Fedora's suExec is compiled with /var/www as Doc_Root. Run

/usr/sbin/suexec -V

and the output should look like this:

[root@server1 ~]# /usr/sbin/suexec -V
 -D AP_DOC_ROOT="/var/www"
 -D AP_GID_MIN=100
 -D AP_HTTPD_USER="apache"
 -D AP_LOG_EXEC="/var/log/httpd/suexec.log"
 -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
 -D AP_UID_MIN=500
 -D AP_USERDIR_SUFFIX="public_html"
[root@server1 ~]#

So if you want to use suExec with ISPconfig, don't change the default web root (which is /var/www) if you use expert mode during the ISPConfig installation (in standard mode you can't change the web root anyway so you'll be able to use suExec in any case).

 

19.2 ProFTPd (Part 2)

(This chapter applies only if you have installed ISPConfig!)

After you have installed ISPConfig, you must modify the template file for /etc/proftpd_ispconfig.conf which is called /root/ispconfig/isp/conf/proftpd_ispconfig.conf.master, because otherwise the users that you create with ISPConfig won't be able to log in using FTP. Instead of modifying /root/ispconfig/isp/conf/proftpd_ispconfig.conf.master (which gets overwritten each time you update ISPConfig) we copy /root/ispconfig/isp/conf/proftpd_ispconfig.conf.master to /root/ispconfig/isp/conf/customized_templates/ and modify that one. If ISPConfig finds a template in /root/ispconfig/isp/conf/customized_templates/, it will use that one instead of the default template in /root/ispconfig/isp/conf/. Templates in /root/ispconfig/isp/conf/customized_templates/ don't get overwritten when you update ISPConfig.

cp /root/ispconfig/isp/conf/proftpd_ispconfig.conf.master /root/ispconfig/isp/conf/customized_templates/

Now open /root/ispconfig/isp/conf/customized_templates/proftpd_ispconfig.conf.master and comment out the DefaultAddress 127.0.0.1 line:

vi /root/ispconfig/isp/conf/customized_templates/proftpd_ispconfig.conf.master

###################################
#
# ISPConfig proftpd Configuration File
#         Version 1.0
#
###################################

#DefaultAddress 127.0.0.1

<!-- BEGIN DYNAMIC BLOCK: vhost -->
<VirtualHost {IP}>
        DefaultRoot             ~
        AllowOverwrite          on
        Umask                   002
        {ANON_FTP}
</VirtualHost>
<!-- END DYNAMIC BLOCK: vhost -->

 

20 Links

Share this page:

6 Comment(s)

Add comment

Comments

From: Anonymous at: 2009-01-05 14:30:25

Don't use the media test - it has bug in it and will drive you crazy reporting media errors when there are none. This type of problem gives Fedora a bad name. It's ridiculous. Other instructions tell you to be sure and use the media test, not to skip it. That goes to show you they don't know.

From: at: 2008-07-18 08:49:54

I would strongly recommened enabling SELinux.  SELinux is there for your protetion and comes highly recommneded by the Redhat Security team.  Mark Cox: team lead for the Red Hat Security Response explains why SELinux is beneficial here.

From: at: 2008-08-09 06:01:53

Just wanted to tell everyone as a novice Linux user the guide was very helpful. I installed Fedora 9 on an older system but it was a clean install. I would like to say that during the 'yum update' process depending upon a users setup the 'transaction test' can take a long time and not show any progress, so if you are a new Fedora/Linux user and are using this guide, when coming to this step please wait patiently because of my 451 updates, obviously there is a lot of data there to test, with no progress shown until the test is complete.

 -Thanks Again for the HOW-TO!

Loob

Fedora 9 installed on-

P4 2.2ghz 1 gig PC-3200 DDR

From: NetWebLogic at: 2008-10-02 14:41:45

If you run into the following error with  system-config-firewall.py

File "/usr/share/system-config-firewall/system-config-firewall.py", line 29, in <module>
os.execv(argv[0], argv)
OSError: [Errno 2] No such file or directory

You can solve this by opening  /usr/share/system-config-firewall/system-config-firewall.py

 and editing the following:

argv = [ "/usr/sbin/system-config-firewall-tui" ]
to
argv = [ "/usr/bin/system-config-firewall-tui" ]

And try again. That should work...

 Great Job on this article. Top Notch!

From: Plume at: 2009-03-15 05:53:16

Thanks you for all of your HowTo's, it's very helpfull to me to openup Linux.

I try to connect to my Fedora 9 server by SSH and met some difficulties

to config it. Could you include SSH to this tutorial?

From: Jason Roysdon at: 2008-11-16 04:48:42

I highly suggest adding to this guide rkhunter. It is a "root kit" hunter and is an absolute must for anyone connecting a server that the internet at large can access services on. Even with yum keeping things up to date, there are still vulnerabilities that come up that you might not get a patch for in time. You must have something like rkhunter to constantly check your system for root kits and to check the md5 signatures on key files.