The Perfect Setup - CentOS 4.4 (32-bit) - Page 6

12 ProFTPd

ISPConfig has better support for proftpd than vsftpd, so let's remove vsftpd:

yum remove vsftpd

Because CentOS has no proftpd package, we must use a third-party yum repository to install it:

cd /etc/yum.repos.d/
rpm --import

Now we can install proftpd:

yum install proftpd

Let's create proftpd's system startup links and start it:

chkconfig --levels 235 proftpd on
/etc/init.d/proftpd start

Then create the file /etc/pam.d/ftp with the following content (otherwise you will not be able to log in with system users using FTP):

vi /etc/pam.d/ftp

auth    required     nullok
account required
session required

and restart proftpd:

/etc/init.d/proftpd restart


13 Webalizer

To install webalizer, just run

yum install webalizer


14 Synchronize The System Clock

If you want to have the system clock synchronized with an NTP server do the following:

yum install ntp
chkconfig --levels 235 ntpd on
/etc/init.d/ntpd start


15 Install Some Perl Modules

ISPConfig comes with SpamAssassin which needs a few Perl modules to work. We install the required Perl modules with a single command:

yum install perl-DBI perl-Net-DNS perl-Digest-SHA1

We also need the module HTML::Parser. We could install the CentOS package perl-HTML-Parser, but this version is too old for the SpamAssassin version that comes with ISPConfig. It would result in the following error message during ISPConfig installation:

REQUIRED module out of date: HTML::Parser

Therefore we must install the latest HTML::Parser using the Perl shell.

Run the following command to start the Perl shell:

perl -MCPAN -e shell

If you run the Perl shell for the first time you will be asked some questions. In most cases the default answers are ok. Because there's no ncftp package for CentOS, the Perl shell cannot find the programs ncftpget and ncftp, and you'll see something like this:

Warning: ncftpget not found in PATH
Where is your ncftpget program? []
Warning: ncftp not found in PATH
Where is your ncftp program? []

It's ok to hit ENTER in both cases.

Please note: If you run a firewall on your system you might have to turn it off while working on the Perl shell in order for the Perl shell to be able to fetch the needed modules without a big delay. You can switch it on afterwards.

Now type in the following command to install the Perl module HTML::Parser:

install HTML::Parser

If the installation is successful, you'll see a line like this at the end:

/usr/bin/make install -- OK



afterwards to leave the Perl shell.


16 Update zlib

CentOS comes with an outdated version of zlib (1.2.1) which has a security hole. Therefore we compile and install the newest zlib (1.2.3) from the sources:

cd /tmp
tar xvfz zlib-1.2.3.tar.gz
cd zlib-1.2.3
./configure --shared
make install


17 The End

The configuration of the server is now finished, and if you wish you can now install ISPConfig on it.


17.1 A Note On SuExec

If you want to run CGI scripts under suExec, you should specify /var/www as the home directory for websites created by ISPConfig as CentOS' suExec is compiled with /var/www as Doc_Root. Run

/usr/sbin/suexec -V

and the output should look like this:

Unless you install ISPConfig in expert mode and change the default web root (which is /var/www), you will be able to run CGI scripts under suExec with ISPConfig.


18 Links

Share this page:

13 Comment(s)

Add comment


From: hoihtah at: 2006-10-11 23:53:44

Thank you guys for putting up this well written guide.

 Just one question,  how do I do this setup with mysql version 5 instead of 4?

From: orentocy at: 2006-10-12 16:09:59

Enable CentOS plus yum repository in your /etc/yum.repos.d/CentOS-Base.repo, then you will be able to upgrade both your mysql and php to version 5.

From: at: 2006-11-04 07:57:58

Hi, I enabled cetosplus section using enabled=1,  No my system is updated with php 5 and mysql 5 with the command

yum update -y 

Enabling the centosplus section: 

vi /etc/yum.repos.d/CentOS-Base.repo

From: at: 2006-11-07 20:14:43

there is one more thing you need to do.  update php.conf file

 cp /etc/httpd/conf.d/php.conf.rpmnew /etc/httpd/conf.d/php.conf

Otherwise, httpd will error out when trying to start.  Or at least it does on mine.  :) 

From: at: 2007-02-13 23:14:51

Hi all,

I found some bugs if the yum CentOS Plus is enabled before starting the ISPconfig  OS  preparation.

If it happens to you, go back to mysql4 and php4, make your ISPconfig prep THEN enable the CentOS plus repo to install Mysql5 and php5.

Now you are ready for ISPconfig install.

Thanks for this perfect howto. Saves a lot of hours. 

From: jperrin at: 2006-10-13 00:28:30

Very good tutorial, and very detailed, however one part concerns me. Your rebuild of zlib at the end does not address removing the currently installed zlib, or address the problem of future rpms which may rely on zlib failing because of the one built from source (rpms are rather ignorant about source built software). I would also posit that you cannot rely on the version of zlib to identify that it's vulnerable. Security fixes are backported in centos (and it's parent distro, RHEL), so version numbers may be inaccurate. The changelog for the zlib rpm lists several CAN- advisory fixes, so I wonder if the bug you claim is one of these. If it is not, has this been reported to the centos folks, or to the upstream RedHat bugzilla?

 If this bug is not fixed in the RPM as one of the listed CAN changes in the changelog and the rpm does indeed contain vulnerable code, I'd like to see it fixed in the distro, rather than being bolted onto a(n excellent) tutorial.

From: till at: 2006-10-13 14:29:25

I dont think that theare is really a bug in the zlib that ships with CentOS, the problem is that the version number dont get updated when the fixes where applied.

For example if you want o compile ClamAV which is nescessary for ISPConfig, Clamav complains about a bug in zlib and stops compiling. So either the ClamAV team has to add a better zlib detection routine or the CentOS team has to set a higher version number in the zlib library when they apply fixes.

From: jperrin at: 2006-10-13 15:02:42

This is addressed a bit more thoroughly in the post by Johnny Hughes, who is one of the CentOS Project leads, What it comes down to is an upstream versioning decision by redhat, which centos inherits as a clone/rebuild product. I would consider this to be a flaw in ClamAV/ISPConfig packaging, and that it should not be advertised as a CentOS vulnerability unless such a problem actually exists.

From: at: 2007-04-18 02:25:10

First, thanks for an excellent tutorial!

I had serious problems with ntp running the Perfect setup on a Windows host using VMWare GSX server. My clock was constantly running behind and I would use rdate to set the clock but very soon the clock was running behind again.

Googling I found a workaround that worked out well (if running SMP on single core processor):

1. Edit /etc/grub.conf
Add 'noapic nosmp nolapic clock=pit acpi=no' so your grub.conf looks like this:

title CentOS (2.6.9-42.0.10.ELsmp)
        root (hd0,0)
        kernel /vmlinuz-2.6.9-42.0.10.ELsmp ro root=/dev/VolGroup00/LogVol00 noapic nosmp nolapic clock=pit acpi=no
        initrd /initrd-2.6.9-42.0.10.ELsmp.img

2. Edit /etc/ntp.conf
Add 'burst iburst' after your server:

server burst iburst
server burst iburst
server burst iburst

This solved all my problems with a slow clock and my time is now on the spot 24/7.

My Windows system:
P4 3 GHz
3.5 GB RAM
VMWare GSX server

From: hughesjr at: 2006-10-13 12:16:39

This is an excellent article ... the only thing I am not sure about is the zlib comment.

The upstream provider uses a process called Backporting

Backporting takes security issues and rolls them into older packages to prevent breaking abi's that people have based custom programing on.

I have looked at the zlib that you mention at the end of the article and it fixes these security issues:



(see the zib website for more details) 

Both of these security issues are fixed in the zlib that is included in CentOS via backporting and I do not recommend that people compile their own zlib unless someone can point out a different issue that is fixed in zlib-1.2.3.

I would even say that installing your own zlib is BAD, as it will put different libraries than the ones used to build the other CentOS executables ... which can cause issues with how these applications function.  We are talking about very system critical applications like openssh, openssl, etc.


Johnny Hughes, CentOS-4 Lead Developer. 

From: at: 2006-11-02 11:07:15

The ISPConfig setup routine includes compiling ClamAV which is the culprit. It checks for a specific zlib version. This check can be skipped by modifying


and adding


to the ClamAV configure script. 

From: Anonymous at: 2009-02-16 07:44:14

yum -y remove ftp vsftpd webmin usermin xinetd php* httpd* proftpd mysql* bind* post*;yum update -y;cd /etc/yum.repos.d/;wget;rpm --import;yum -y install proftpd;chkconfig --levels 235 proftpd on;/etc/init.d/proftpd start;wget;wget;wget;wget;wget;rpm -Uvh *.rpm;rm -r -f *.rpm;wget;rpm -ivh udev*rpm --justdb;yum -y install up2date nano;wget;yum update -y;nano /etc/pam.d/ftp;

From: Matthew at: 2011-09-25 16:22:06

yum install webalizer

 once you run that... then what? how do you configure it?