The Perfect Setup - CentOS 4.4 (32-bit) - Page 6

12 ProFTPd

ISPConfig has better support for proftpd than vsftpd, so let's remove vsftpd:

yum remove vsftpd

Because CentOS has no proftpd package, we must use a third-party yum repository to install it:

cd /etc/yum.repos.d/
rpm --import

Now we can install proftpd:

yum install proftpd

Let's create proftpd's system startup links and start it:

chkconfig --levels 235 proftpd on
/etc/init.d/proftpd start

Then create the file /etc/pam.d/ftp with the following content (otherwise you will not be able to log in with system users using FTP):

vi /etc/pam.d/ftp

auth    required     nullok
account required
session required

and restart proftpd:

/etc/init.d/proftpd restart


13 Webalizer

To install webalizer, just run

yum install webalizer


14 Synchronize The System Clock

If you want to have the system clock synchronized with an NTP server do the following:

yum install ntp
chkconfig --levels 235 ntpd on
/etc/init.d/ntpd start


15 Install Some Perl Modules

ISPConfig comes with SpamAssassin which needs a few Perl modules to work. We install the required Perl modules with a single command:

yum install perl-DBI perl-Net-DNS perl-Digest-SHA1

We also need the module HTML::Parser. We could install the CentOS package perl-HTML-Parser, but this version is too old for the SpamAssassin version that comes with ISPConfig. It would result in the following error message during ISPConfig installation:

REQUIRED module out of date: HTML::Parser

Therefore we must install the latest HTML::Parser using the Perl shell.

Run the following command to start the Perl shell:

perl -MCPAN -e shell

If you run the Perl shell for the first time you will be asked some questions. In most cases the default answers are ok. Because there's no ncftp package for CentOS, the Perl shell cannot find the programs ncftpget and ncftp, and you'll see something like this:

Warning: ncftpget not found in PATH
Where is your ncftpget program? []
Warning: ncftp not found in PATH
Where is your ncftp program? []

It's ok to hit ENTER in both cases.

Please note: If you run a firewall on your system you might have to turn it off while working on the Perl shell in order for the Perl shell to be able to fetch the needed modules without a big delay. You can switch it on afterwards.

Now type in the following command to install the Perl module HTML::Parser:

install HTML::Parser

If the installation is successful, you'll see a line like this at the end:

/usr/bin/make install -- OK



afterwards to leave the Perl shell.


16 Update zlib

CentOS comes with an outdated version of zlib (1.2.1) which has a security hole. Therefore we compile and install the newest zlib (1.2.3) from the sources:

cd /tmp
tar xvfz zlib-1.2.3.tar.gz
cd zlib-1.2.3
./configure --shared
make install


17 The End

The configuration of the server is now finished, and if you wish you can now install ISPConfig on it.


17.1 A Note On SuExec

If you want to run CGI scripts under suExec, you should specify /var/www as the home directory for websites created by ISPConfig as CentOS' suExec is compiled with /var/www as Doc_Root. Run

/usr/sbin/suexec -V

and the output should look like this:

Unless you install ISPConfig in expert mode and change the default web root (which is /var/www), you will be able to run CGI scripts under suExec with ISPConfig.


Share this page:

4 Comment(s)

Add comment


From: hughesjr

This is an excellent article ... the only thing I am not sure about is the zlib comment.

The upstream provider uses a process called Backporting

Backporting takes security issues and rolls them into older packages to prevent breaking abi's that people have based custom programing on.

I have looked at the zlib that you mention at the end of the article and it fixes these security issues:



(see the zib website for more details) 

Both of these security issues are fixed in the zlib that is included in CentOS via backporting and I do not recommend that people compile their own zlib unless someone can point out a different issue that is fixed in zlib-1.2.3.

I would even say that installing your own zlib is BAD, as it will put different libraries than the ones used to build the other CentOS executables ... which can cause issues with how these applications function.  We are talking about very system critical applications like openssh, openssl, etc.


Johnny Hughes, CentOS-4 Lead Developer. 


The ISPConfig setup routine includes compiling ClamAV which is the culprit. It checks for a specific zlib version. This check can be skipped by modifying


and adding


to the ClamAV configure script. 

From: Anonymous

yum -y remove ftp vsftpd webmin usermin xinetd php* httpd* proftpd mysql* bind* post*;yum update -y;cd /etc/yum.repos.d/;wget;rpm --import;yum -y install proftpd;chkconfig --levels 235 proftpd on;/etc/init.d/proftpd start;wget;wget;wget;wget;wget;rpm -Uvh *.rpm;rm -r -f *.rpm;wget;rpm -ivh udev*rpm --justdb;yum -y install up2date nano;wget;yum update -y;nano /etc/pam.d/ftp;

From: Matthew

yum install webalizer

 once you run that... then what? how do you configure it?