12 Proftpd
I want to use Proftpd instead of vsftpd which is SUSE's default FTP server because the control panel software I am going to install on this server (ISPConfig) requires Proftpd on OpenSUSE 10.3 (on other distributions this is different). Since there are no OpenSUSE packages for Proftpd I have to compile it manually:
cd /tmp/
wget --passive-ftp ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.1rc3.tar.gz
tar xvfz proftpd-1.3.1rc3.tar.gz
cd proftpd-1.3.1rc3/
./configure --sysconfdir=/etc
make
make install
cd ..
rm -fr proftpd-1.3.1rc3*
Now create the file /etc/init.d/proftpd:
vi /etc/init.d/proftpd
#! /bin/sh
# Copyright (c) 2000-2001 SuSE GmbH Nuernberg, Germany.
# All rights reserved.
#
# Original author: Marius Tomaschewski <mt@suse.de>
#
# Slightly modified in 2003 for use with SuSE Linux 8.1,
# by http://www.learnlinux.co.uk/
#
# Slightly modified in 2005 for use with SuSE Linux 9.2,
# by Falko Timme
#
# /etc/init.d/proftpd
#
### BEGIN INIT INFO
# Provides: proftpd
# Required-Start: $network $remote_fs $syslog $named
# Required-Stop:
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Description: Starts ProFTPD server
### END INIT INFO
# Determine the base and follow a runlevel link name.
base=${0##*/}
link=${base#*[SK][0-9][0-9]}
# Force execution if not called by a runlevel directory.
test $link = $base && START_PROFTPD=yes # Modified by learnlinux.co.uk
test "$START_PROFTPD" = yes || exit 0 # Modified by learnlinux.co.uk
# Return values acc. to LSB for all commands but
# status (see below):
#
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - insufficient privilege
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running
proftpd_cfg="/etc/proftpd.conf"
proftpd_bin="/usr/local/sbin/proftpd"
proftpd_pid="/usr/local/var/proftpd.pid"
[ -r $proftpd_cfg ] || exit 6
[ -x $proftpd_bin ] || exit 5
# Source status functions
. /etc/rc.status
# First reset status of this service
rc_reset
case "$1" in
start)
echo -n "Starting ProFTPD Server: "
test -f /etc/shutmsg && rm -f /etc/shutmsg
/sbin/startproc $proftpd_bin
rc_status -v
;;
stop)
echo -n "Shutting down ProFTPD Server: "
test -x /usr/local/sbin/ftpshut && /usr/local/sbin/ftpshut now && sleep 1
/sbin/killproc -TERM $proftpd_bin
test -f /etc/shutmsg && rm -f /etc/shutmsg
rc_status -v
;;
restart)
## If first returns OK call the second, if first or
## second command fails, set echo return value.
$0 stop
$0 start
rc_status
;;
try-restart)
## Stop the service and if this succeeds (i.e. the
## service was running before), start it again.
## Note: not (yet) part of LSB (as of 0.7.5)
$0 status >/dev/null && $0 restart
rc_status
;;
reload|force-reload)
## Exclusive possibility: Some services must be stopped
## and started to force a new load of the configuration.
echo -n "Reload ProFTPD Server: "
/sbin/killproc -HUP $proftpd_bin
rc_status -v
;;
status)
# Status has a slightly different for the status command:
# 0 - service running
# 1 - service dead, but /var/run/ pid file exists
# 2 - service dead, but /var/lock/ lock file exists
# 3 - service not running
echo -n "Checking for ProFTPD Server: "
checkproc $proftpd_bin
rc_status -v
;;
probe)
## Optional: Probe for the necessity of a reload,
## give out the argument which is required for a reload.
[ $proftpd_cfg -nt $proftpd_pid ] && echo reload
;;
*)
echo "Usage: $0 {start|stop|status|restart|reload|try-restart|probe}"
exit 1
;;
esac
# Set an exit status.
rc_exit
|
Then run
chmod 755 /etc/init.d/proftpd
chkconfig --add proftpd
Start Proftpd:
/etc/init.d/proftpd start
For security reasons you can add the following lines to /etc/proftpd.conf:
vi /etc/proftpd.conf
[...] DefaultRoot ~ IdentLookups off ServerIdent on "FTP Server ready." [...] |
Be sure to comment out the following lines in order to allow ftp users to CHMOD:
[...] # Bar use of SITE CHMOD by default #<Limit SITE_CHMOD> # DenyAll #</Limit> [...] |
and restart Proftpd:
/etc/init.d/proftpd restart
13 Webalizer
To install webalizer, just run
yast2 -i webalizer
14 Synchronize the System Clock
If you want to have the system clock synchronized with an NTP server do the following:
yast2 -i xntp
Then add system startup links for ntp and start ntp:
chkconfig --add ntp
/etc/init.d/ntp start
15 Install some Perl Modules needed by SpamAssassin (comes with ISPConfig)
Run
yast2 -i perl-HTML-Parser perl-Net-DNS perl-Digest-SHA1
16 Disable AppArmor
AppArmor is a security extension of SUSE (similar to Fedora's SELinux) that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only AppArmor was causing the problem). Therefore I disable it (this is a must if you want to install ISPConfig later on).
We can disable it like this:
/etc/init.d/boot.apparmor stop
chkconfig -d boot.apparmor
17 The End
The configuration of the server is now finished, and if you wish you can now install ISPConfig on it, following these instructions: http://www.ispconfig.org/manual_installation.htm
17.1 A Note On SuExec
If you want to run CGI scripts under suExec, you should specify /srv/www as the web root for websites created by ISPConfig as SUSE's suExec is compiled with /srv/www as Doc_Root. Run
/usr/sbin/suexec2 -V
and the output should look like this:
server1:~ # /usr/sbin/suexec2 -V
-D AP_DOC_ROOT="/srv/www"
-D AP_GID_MIN=96
-D AP_HTTPD_USER="wwwrun"
-D AP_LOG_EXEC="/var/log/apache2/suexec.log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_UID_MIN=96
-D AP_USERDIR_SUFFIX="public_html"
server1:~ #
So if you want to use suExec with ISPconfig, don't change the default web root (which is /srv/www) if you use expert mode during the ISPConfig installation (in standard mode you can't change the web root anyway so you'll be able to use suExec in any case).
18 Links
- OpenSUSE: http://www.opensuse.org
- ISPConfig: http://www.ispconfig.org