The Perfect Setup - SuSE 10.1 (32-bit) - Page 7

11 Webalizer

To install webalizer, just run

yast2 -i webalizer


12 Synchronize the System Clock

If you want to have the system clock synchronized with an NTP server do the following:

yast2 -i xntp

Add an NTP server with YaST:

yast2

Select Network Services -> NTP Client:

Then select Automatically Start NTP Daemon During Boot. Under NTP Server Configuration enable Use Random Servers from pool.ntp.org. Then select Finish, Quit.


13 Install some Perl Modules needed by SpamAssassin (comes with ISPConfig)

Run

yast2 -i perl-HTML-Parser perl-Net-DNS perl-Digest-SHA1


14 Disable AppArmor

AppArmor is a security extension of SuSE (similar to Fedora's SELinux) that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only AppArmor was causing the problem). Therefore I disable it (this is a must if you want to install ISPConfig later on).

We can disable it like this:

/etc/init.d/boot.apparmor stop
chkconfig -d boot.apparmor


15 ISPConfig

The configuration of the server is now finished, and if you wish you can now install ISPConfig on it. Please check out the ISPConfig installation: http://www.ispconfig.org/manual_installation.htm


15.1 A Note On SuExec

If you want to run CGI scripts under suExec, you should specify /srv/www as the home directory for websites created by ISPConfig as SUSE 10.1's suExec is compiled with /srv/www as Doc_Root. Run /usr/sbin/suexec2 -V, and the output should look like this:

/usr/sbin/suexec2 -V

To select /srv/www as the home directory for websites during the installation of ISPConfig do the following: When you are asked for the installation mode, select the expert mode.

Later during the installation you are asked if the default directory /home/www should be the directory where ISPConfig will create websites in. Answer n and enter /srv/www as the home directory for websites.


16 Links

Share this page:

12 Comment(s)

Add comment

Comments

From: Anonymous at: 2006-05-24 17:53:41

is the same installation for the version ppc??

From: grommley at: 2006-10-18 23:58:34

This step by step instruction is so easy that even I could make it work.  I have tried other how-tos in the past relating to Linux and have found that many of them assume that I know what I am doing at a command line interface.  While I have a lot of computer background, all of my experience is with Microsoft software.  This How-to is very well written, and I was able to set up and even use my server with no problems at all.  This is the first time I have ever had that happen in Linux. Once again, thank you for these well written instructions.

From: powderskier at: 2006-10-20 02:33:51

Hi Falko,

 First off, you done an awesome job on the tutorial. You should really consider doing this professionally for Novell/Red Hat since their documentation is fairly atrocious when it comes to missing steps.

 
I want to ask how secure this setup is? Are people using this exact setup for production web servers? Is this meant only for testing environments? Could this be used for a company as an internal corporate web/intranet server provided its secure?

 
What else would you consider to be necessary for this server?

Thanks for your time in helping others,

powderskier
     

From: at: 2007-02-07 01:37:54

A tip: the compile of the embedded PHP fails because it doesn't find the openssl libraries. In Opensuse x86_64, they reside in /usr/lib64, so the easy way to solve the problem is to create symlinks for the openssl libraries in /usr/lib. For example: ln -s /usr/lib64/libssl.so /usr/lib ln -s /usr/lib64/libssl.a /usr/lib ln -s /usr/lib64/libcrypto.so /usr/lib

From: Anonymous at: 2006-06-28 16:16:37

SuSE has provided a update to solve all the problems with the slow and buggy updater. When you go updating, update ONLY the libzypp package FIRST. After that you can do a regular update without problems.

From: Anonymous at: 2006-06-13 21:30:50

Hi Falko,

Great howto once again.

But it seems that Yast on SuSE 10.1 version does indeed check every package before installation and therefore it takes longer (MD5 SUMS and all).

It is something good for Yast installations. (I have seen this in the opensuse pages ... somewhere ... )

About the partition, why don't you propose some other type of partition of the disk. Like a separate /var (for database and the like.)

Regards,

Pedro

From: Anonymous at: 2006-07-03 14:31:12

Hi...im a slack user...and a slack fan...i've been testinga a few distributions...and i did not like anyone...except Suse...and i think that u made a really great job here!!!! I'll try today!

Congratulations!!!! 

From: Anonymous at: 2006-06-25 23:56:57

I was very excited to try out Suse.  The live CD I played around with detected more hardware and was a joy to work with.  I've tried installing suse twice now, once by just installing everything and once with this howto.  Both times Yast died when trying to add mirrors.  The first time I just thought yast was locking up.  On top of that, adding a mirror is unintuitive to someone who isn't familiar with the system.  This time, I read the author's comments on the 10 minute wait.  Okay, I said, I'll wait this time.  I waited for 8 hours.  I left the setup running in the morning and when I came home from work it was still at the same screen.  So that's it, no three strikes and you are out.  I'm done after two attempts.  I'm going back to Redhat and yum.  Thanks to the author for this howto.

From: Anonymous at: 2006-05-31 13:36:16

proftpd_cfg="/usr/local/etc/proftpd.conf"

not like this:

proftpd_cfg="/etc/proftpd.conf"

Thanks

From: Anonymous at: 2006-06-15 16:38:07

On the 64-Bit System, the wrong version of the glibc-devel is installed. (i686 instead of x86_64)

Correct this in yast2 and it will work.

From: Anonymous at: 2006-06-11 20:03:18

BTW: you don't need to run `yast2 -i xntp` because yast2-ntp-client always checks whether the needed package xntp is installed and offers to install it when it is not.

You can also run the YaST ntp-client directly by entering `yast2 ntp-client` command.

From: Anonymous at: 2006-06-09 18:44:54

In your howto, you recommend to disable AppArmor because it has caused more harm than good to you. I can't agree with that - AppArmor is the main reason why I consider SUSE 10.1 the best Linux for servers!

Maybe you should simply read the AppArmor manual (comes as PDF, about 100 pages) and update the profiles as needed. You can also do this using YaST.

Checking /var/log/audit/audit.log is also a good idea if something failes with "permission denied" ;-)

Yes, AppArmor configuration can cause some work - as always: security has its price!