The Perfect Setup - SUSE 9.3 - Page 6

Proftpd

I want to use Proftpd instead of vsftpd which is SUSE's default FTP server because the control panel software I am going to install on this server (ISPConfig) requires Proftpd on SUSE 9.3 (on other distributions this is different). Since there are no SUSE packages for Proftpd I have to compile it manually:

cd /tmp/
wget --passive-ftp ftp://ftp.proftpd.org/distrib/source/proftpd-1.2.10.tar.gz

tar xvfz proftpd-1.2.10.tar.gz
cd proftpd-1.2.10/
./configure --sysconfdir=/etc
make
make install

cd ../
rm -fr proftpd-1.2.10*

Now create the file /etc/init.d/proftpd:

#! /bin/sh
# Copyright (c) 2000-2001 SuSE GmbH Nuernberg, Germany.
# All rights reserved.
#
# Original author: Marius Tomaschewski <mt@suse.de>
#
# Slightly modified in 2003 for use with SuSE Linux 8.1,
# by http://www.learnlinux.co.uk/
#
# Slightly modified in 2005 for use with SuSE Linux 9.2,
# by Falko Timme
#
# /etc/init.d/proftpd
#
### BEGIN INIT INFO
# Provides: proftpd
# Required-Start: $network $remote_fs $syslog $named
# Required-Stop:
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Description: Starts ProFTPD server
### END INIT INFO

# Determine the base and follow a runlevel link name.
base=${0##*/}
link=${base#*[SK][0-9][0-9]}

# Force execution if not called by a runlevel directory.
test $link = $base && START_PROFTPD=yes # Modified by learnlinux.co.uk
test "$START_PROFTPD" = yes || exit 0 # Modified by learnlinux.co.uk

# Return values acc. to LSB for all commands but
# status (see below):
#
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - insufficient privilege
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running

proftpd_cfg="/etc/proftpd.conf"
proftpd_bin="/usr/local/sbin/proftpd"
proftpd_pid="/usr/local/var/proftpd.pid"

[ -r $proftpd_cfg ] || exit 6
[ -x $proftpd_bin ] || exit 5

# Source status functions
. /etc/rc.status

# First reset status of this service
rc_reset

case "$1" in
start)
echo -n "Starting ProFTPD Server: "
test -f /etc/shutmsg && rm -f /etc/shutmsg
/sbin/startproc $proftpd_bin
rc_status -v
;;

stop)
echo -n "Shutting down ProFTPD Server: "
test -x /usr/local/sbin/ftpshut && /usr/local/sbin/ftpshut now && sleep 1
/sbin/killproc -TERM $proftpd_bin
test -f /etc/shutmsg && rm -f /etc/shutmsg
rc_status -v
;;

restart)
## If first returns OK call the second, if first or
## second command fails, set echo return value.
$0 stop
$0 start
rc_status
;;

try-restart)
## Stop the service and if this succeeds (i.e. the
## service was running before), start it again.
## Note: not (yet) part of LSB (as of 0.7.5)
$0 status >/dev/null && $0 restart
rc_status
;;

reload|force-reload)
## Exclusive possibility: Some services must be stopped
## and started to force a new load of the configuration.
echo -n "Reload ProFTPD Server: "
/sbin/killproc -HUP $proftpd_bin
rc_status -v
;;

status)
# Status has a slightly different for the status command:
# 0 - service running
# 1 - service dead, but /var/run/ pid file exists
# 2 - service dead, but /var/lock/ lock file exists
# 3 - service not running
echo -n "Checking for ProFTPD Server: "
checkproc $proftpd_bin
rc_status -v
;;

probe)
## Optional: Probe for the necessity of a reload,
## give out the argument which is required for a reload.
[ $proftpd_cfg -nt $proftpd_pid ] && echo reload
;;

*)
echo "Usage: $0 {start|stop|status|restart|reload|try-restart|probe}"
exit 1
;;
esac

# Set an exit status.
rc_exit

chmod 755 /etc/init.d/proftpd
chkconfig --add proftpd

/etc/init.d/proftpd start

For security reasons you can add the following lines to /etc/proftpd.conf:

DefaultRoot ~
IdentLookups off
ServerIdent on "FTP Server ready."

Be sure to comment out the following lines in order to allow ftp users to CHMOD:

# Bar use of SITE CHMOD by default
# <Limit SITE_CHMOD>
# DenyAll
# </Limit>

and restart Proftpd:

/etc/init.d/proftpd restart

Webalizer

To install webalizer, just run

apt-get install webalizer

Synchronize the System Clock

If you want to have the system clock synchronized with an NTP server do the following:

apt-get install netdate

netdate tcp time.nist.gov

Create /var/spool/cron/tabs/root:

# update time with ntp server
0 3,9,15,21 * * * /usr/sbin/netdate time.nist.gov

Then run

chmod 600 /var/spool/cron/tabs/root
/etc/init.d/cron restart

Install some Perl Modules needed by SpamAssassin (comes with ISPConfig)

Installation using the Perl Shell

Login to your command line as root and run the following command to start the Perl shell:

perl -MCPAN -e shell

If you run the Perl shell for the first time you will be asked some questions. In most cases the default answers are ok.

Please note: If you run a firewall on your system you might have to turn it off while working on the Perl shell in order for the Perl shell to be able to fetch the needed modules without a big delay. You can switch it on afterwards.

The big advantage of the Perl shell compared to the two other methods described here is that it cares about dependencies when installing new modules. I.e., if it turns out that a prerequisite Perl module is missing when you install another module the Perl shell asks you if it should install the prerequisite module for you. You should answer that question with "Yes".

Run the following commands to install the modules needed by SpamAssassin:

install HTML::Parser
install Net::DNS
(when prompted to enable tests, choose no)
install Digest::SHA1
install DB_File
q
(to leave the Perl shell)

If a module is already installed on your system you will get a message similar to this one:

HTML::Parser is up to date.

Successful installation of a module looks like this:

/usr/bin/make install -- OK



The End

The configuration of the server is now finished, and if you wish you can now install ISPConfig on it.

A Note On SuExec

If you want to run CGI scripts under suExec, you should specify /srv/www as the home directory for websites created by ISPConfig as SUSE 9.3's suExec is compiled with /srv/www as Doc_Root. Run /usr/sbin/suexec2 -V, and the output should look like this:

To select /srv/www as the home directory for websites during the installation of ISPConfig do the following: When you are asked for the installation mode, select the expert mode.

Later during the installation you are asked if the default directory /home/www should be the directory where ISPConfig will create websites in. Answer n and enter /srv/www as the home directory for websites.

Links

Share this page:

45 Comment(s)

Add comment

Comments

From: at: 2005-07-31 21:40:50


unactive the firewall in any case is good idea is really really bad idea, must config the service and last configure the firewall for accept connection only port services 25 smtp, 110 pop3.

install the XWindow in production service is more problems for security audit in the file system, more o lot files must used by xwindows and desktop software such kde o gnome, in addition the open ports for xwindows in the system is threat for the general security of system.

i recommned *not* install the Xwindow and any graphics tools or desktops eviroments in the server production and never never never unactive the firewall totally, the installation must very small the minimal necesary to run the so, and later add the software need to distinct services no more no less.

From: at: 2005-07-31 21:52:47

As far as i know ISPConfig has its own firewall, so you
have to uninstall the SuSe Firewall to use the ISPConfig firewall.

I agree that installing the Xwindow system is not a good idea
for servers.

From: at: 2005-07-31 22:15:25

Problem is YaST doesn't give you many choices about what to install. I think that's why KDE gets installed. Maybe otherwise the howto would have become too complicated for newbies. Anyway, I'd recommend Debian for a server.

From: at: 2005-08-01 10:35:50

You can get YAST to install whatever you like. It's just that the absolute default does include a graphical environment and applications. 9.3 is a desktop distro first, not a server distro, so it makes sense for the default to include these things. You can alter them and turn them off by just clicking the Software Packages section in the install summary and then clicking the button to customise the install. It's not tricky in any way...

KDE is installed by default because a DE was needed, and people like to use it.

From: at: 2005-08-02 16:53:14

Althogh,

If you try to install something with dependancies YAST will just yell at you. APT has enough sense to take care of dependancies and update them if you like.

Alric

From: at: 2005-08-06 04:16:07

Apache/PHP5 2nd line:

apt-get install php5-bcmath php5-bz2 php5-calendar php5-ctype php5-curl php5-dba php5-dbase php5-dbx php5-debuginfo <<<< no such thing as php5_debuginfo ???

below that:

SuSEconfigI get :

*** WARNING ***
Found /etc/postfix/main.cf.SuSEconfig, exiting...
*** WARNING ***

From: Rodriog Ristow at: 2009-09-30 20:49:17

  • Problem wenn running apache:

/etc/init.d/apache2 start

or:

/usr/sbin/rcapache2 restart


linux-7hrh:/etc # /usr/sbin/rcapache2 restart

Module "include" is not installed, ignoring.

Check the APACHE_MODULES setting in /etc/sysconfig/apache2.

Module "mod_log_config" is not installed, ignoring.

Check the APACHE_MODULES setting in /etc/sysconfig/apache2.

Syntax error on line 11 of /etc/apache2/mod_log_config.conf:


ok, you have a problem loading include and mod_log_config modules. If you take a look at: /etc/apache2/httpd.conf you'll find where the modules are loaded:

(..)
# generated from APACHE_MODULES in /etc/sysconfig/apache2

Include /etc/apache2/sysconfig.d/loadmodule.conf

(..)

The file /etc/apache2/sysconfig.d/loadmodule.conf has:

(...)

#

# Files in this directory are created at apache start time by /usr/sbin/rcapache2

# Do not edit them!

#

# as listed in APACHE_MODULES (/etc/sysconfig/apache2)

LoadModule actions_module /usr/lib/apache2-worker/mod_actions.so

LoadModule alias_module /usr/lib/apache2-worker/mod_alias.soLoadModule actions_module /usr/lib/apache2-worker/mod_actions.so

LoadModule alias_module /usr/lib/apache2-worker/mod_alias.so

LoadModule auth_basic_module /usr/lib/apache2-worker/mod_auth_basic.so

(...)


Did you read the comments? , than go to: /etc/sysconfig/apache2:

(...)

# your settings

APACHE_MODULES="actions alias auth_... include mod_log_config"

(...)


Now you have a trace of all files and can find out whats wrong.

In my case the lines:

LoadModule include_module /usr/lib/apache2-worker/mod_include.so

LoadModule log_config_module /usr/lib/apache2-worker/mod_log_config.so

were missed. Of course, for this reason I received the original error message.

The problem must to be with the file:

/usr/lib/apache2-worker/mod_include.so

I deleted it and reinstall apache and everything works again!!!!

Good Lock for you to!


From: at: 2005-08-09 14:13:17

This is not true since YaST would only inform you that some additional (needed ones) packages would be installed. At this point you can decide to proceed or maybe selectively cancel the installation of package(s) that caused some dependencies to be suggested for installation. It is not yelling and it is in fact very comfortable.

From: at: 2005-09-25 13:43:29

What complete rubbish. YAST has this cute little button at the bottom of the right hand portion of the window that is labelled Check Dependencies. There is also a checkbox labelled Autocheck. Learn to open your eyes properly next time.

From: at: 2005-08-02 11:55:48

Even though apt is a very good update manager, I really don't see why you should install it on Suse as Yast will do the same thing with a nice GUI if you like.

From: at: 2005-07-31 21:45:01


unactive the firewall in any case is good idea is really really bad idea, must config the service and last configure the firewall for accept connection only port services 25 smtp, 110 pop3.

install the XWindow in production service is more problems for security audit in the file system, more o lot files must used by xwindows and desktop software such kde o gnome, in addition the open ports for xwindows in the system is threat for the general security of system.

i recommned *not* install the Xwindow and any graphics tools or desktops eviroments in the server production and never never never unactive the firewall totally, the installation must very small the minimal necesary to run the so, and later add the software need to distinct services no more no less.

From: at: 2005-08-01 17:48:50

Typically a GUI is not installed on a server because it's resource intensive not because it's dangerous, at least with a properly considered firewall. SuSEfirewall blocks EVERY port not just ports up to 1024 like most firewalls. Running a GUI on SuSE is no more dangerous with the default SuSEFirewall config as anything else. There are always exceptions to every rule. Please be care about repeating the "generic, general accepted norm" if you don't know first hand its validity. Otherwise its FUD!

From: at: 2005-08-02 00:34:48

Hi! This seems a very good guide. But can anyone tell me if there is a similar guide for FreeBSD? im kinda new in freebsd but i want to setup something like the above project but using freebsd

From: at: 2005-08-02 13:58:46

proftpd is insecure, and ispconfig does indeed work with vsftpd, and it even supports more configuration modes with vsftpd. The author should check the ispconfig website. Otherwise a good article

From: at: 2005-08-02 17:07:26

As far as I can tell, the author is one of the main developers of ISPConfig. I think he knows very well what he's writing about... ;-)

From: at: 2005-08-03 00:21:56

Antivirus scanning setup would have been the final touch on this howto.

From: falko at: 2005-08-03 09:04:36

Antivirus scanning (ClamAV) comes with ISPConfig! :-)

From: at: 2005-08-09 11:58:22

I have problem on installing suse 9.3 on Fujitsu-Siemens Amilo D1485(laptop).When i want to install it he can not recognise what hard disk i have , so i can not install it.I don't now what to do.If you can help to fix the problem

Thank You?

From: at: 2005-08-13 23:47:10

Followed this to the T. Everything is fine up until apt-get update.

After that I get cannot locate package errors.

apt-get install findutils ncftp readline libgcc glibc-devel findutils-locate gcc flex lynx compat-readline4 db-devel

For example ends with ncftp cannot find package error.

As I move along I get more of the same with other packages.

Anyone know what changed? The apt-get update did a bunch of changes. Perhaps the packages can no longer be located?

Please advise.

From: at: 2005-08-14 10:13:57

edit /etc/apt/sources.list:

rpm ftp://ftp.gwdg.de/pub/linux/suse/apt/ SuSE/9.3-i386 base update security

uncomet the other source, this will fix

bolinux

From: at: 2005-08-24 00:32:52

I checked the /etc/apt/sources.list and it was a bit different than what you show here. I changed it to match your format and still nothing. You said uncomment the other source. Not sure if you mean the one that is just ahead of the rpm ftp://ftp.gwdg...... line. It starts with rpm ftp://mirrors.mathematik..... that is uncommented. There is then a bit further down a couple commented line starting with http://ftp.gwdg.de/pub/..... and http://linix01.gwdg.de... Which am I supposed to be uncommenting?

I get an error that is as follows: E: Couldn't find package ncftp

From: at: 2005-08-25 02:06:14

Figured it out. Install apt. Edit sources. Get update. Edit sources. Get update again. All works now.

From: at: 2005-08-14 10:08:39

ISPconfig install faild by missing zlib zlib-devel for clamav!

run:

apt-get install zlib zlib-devel

before start install ISPconfig!

bolinux

From: at: 2005-08-15 03:21:54

Does anyone have the current apt-get location?

rpm ftp://ftp.gwdg.de/pub/linux/suse/apt/ SuSE/9.3-i386 base update security

doesn't seem to work for me.

From: at: 2005-08-15 10:02:47

Maybe your firewall is blocking?

From: at: 2005-08-21 16:53:48

Hi,

I'm not sure yet how perfect this way of setting up SuSE is, but for ISPConfig there are some missing parts:

you need to:

apt-get install zlib zlib-devel clamav

then:

freschclam

/etc/init.d/clamd start

this was where I had to start over 3 times, until Ifigured it out.

This might help someone else.

Other than that, this setup seems to be great! I did this yesterday so I haven't had time to do some real testing.

Thankx!

Hyperclock

From: at: 2005-08-26 23:08:04

The author must be a debian fan, why else recommend apt-get --- the horror--- Mandrake urpmi does the same thing in about five lines of typing and server is ready to run with most systems activated with sane defaults. Then with webmin you can fine tune... no crazy typing (i mean come on....) with likely typos.

Geeze even yast is better than this

What a nightmare this set-up is.

From: at: 2005-08-26 23:15:20

I forgot to mention that using the default installation software choice results in a system of over 2 gig. Way to much garbage to exploit - Java and Flash on a server? If the os with servers installed and running (no data) is over 700meg, you have done something very wrong.

From: at: 2005-08-28 14:15:31

Yast on a remote server, i do not like it. apt-get like he show it here works just fine. Thanks bob

From: at: 2005-08-29 23:15:40

linux:/tmp # chkconfig --add proftpd
proftpd 0:off 1:off 2:off 3:on 4:off 5:on 6:off
linux:/tmp # /etc/init.d/proftpd restart
: bad interpreter: No such file or directory

From: admin at: 2005-08-30 08:22:25

Are you logged in as root user and is the script /etc/init.d/proftpd there?

From: at: 2005-09-12 09:10:40

Check that your script has? not CR LF as line separator (i.e. if you cut-and-paste from a web browser maybe it could be wrong..)

Just in case, use dos2unix for correcting the script.

Regards

From: Anonymous at: 2006-08-10 02:47:30

Maybe you edit the file  with a Editor on a Microsoft PC, and than uploadet it with win scp?

 

Open the file in MC or VI and delete the returns. 

From: at: 2005-08-30 04:51:14

Can anyone advise what I need to do to add PEAR support to this?

From: at: 2005-09-21 13:40:16

How to add or create new postfix e-mail users? I? am not use ISPConfig.

From: at: 2005-09-24 05:13:45

=====================================================

configure: error: Try adding --with-zlib-dir=<DIR>. Please check config.log for more information.

ERROR: Could not configure PHP

=====================================================

Error message above, any assistance is appreciated. Btw, where does the config.log file reside?

jaf

jaf@mileswork.com

From: Anonymous at: 2005-10-25 10:49:22

I get this error:

Check the APACHE_MODULES setting in /etc/sysconfig/apache2.


Starting httpd2 (prefork) Creating new config (0x80eca50) for (null)
Syntax error on line 11 of /etc/apache2/mod_log_config.conf:
Invalid command 'LogFormat', perhaps mis-spelled or defined by a module not included in the server configuration

The command line was:
/usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL
failed

From: Anonymous at: 2005-11-11 18:28:13

For some reason when I try to apt-get install gcc I get what I belive is a dependancy error:

The following packages have unmet dependencies:
gcc: Depends: cpp (= 3.3.5-5) but 3.3.5-5.1 is to be installed
E: Broken packages

I tried doing an apt-get install cpp also to update that (not sure what it is though) and it tells me cpp is the newest version.

What am I doing wrong?

From: Anonymous at: 2005-12-29 15:58:09

Hi,

Don't know why it goes wrong. Just got an solution.

Install gcc via yast (yast2) en re run the apt-get install line. Then you wil see the error is gone,.


Greetings, Martijn Swanink

From: Anonymous at: 2005-11-12 18:50:35

I've used this guide in various permutations to do server installs for both testing, production and hosting and it's a live saver.

Just one question: Does anybody have a link to a guide that will help in optimizing the server for high traffic web sites. I have one that servers just under .5 million pages per month and I find the server a tad sluggish. It's a p4 3Gh, 2GB memory Intel server.

I've googled and have not found anything that really helps with this.

Thanks

Brenton

From: Anonymous at: 2005-12-05 08:29:52

Has anyone tried to use ispconfig and this guide on SLES 9.

The os installs libreadline 4 and apt wants lib readline 5 , and I am unable to get SLES to update to libreadline 5 and work , seems like the whole os wants to use libreadline 4.

Any advice ?

From: Anonymous at: 2006-02-22 18:27:17

I found that this script does not work for SLES9. SLES9 has a differen dbrm and bash shell version which is not compatible with a few functions the apt and others are trying to do. Best stick to the Professional edition for these instructions!

From: Anonymous at: 2006-02-01 08:41:25

Apt is a great tool, but on rpm based systems (apt4rpm) it's too slow, the fastest and most powerfull tool I've know for this systems is y2pmsh that may only be found on SuSE, besides, YaST installer is easier for newbies and is as powerfull as apt, unless it's slower. I personally prefer y2pmsh over apt cause of apt is too automatized for my likes, tgz too complicate, and haven't use emerge (for Gentoo) y2pmsh gives you more control even than apt on Debian.

From: Anonymous at: 2006-08-25 11:01:57

Great tutorial. I had relaying problems One was the smtp users was not authorized to send mail relay The /etc/pam.d/smtp was missing copying the /etc/pam.d/pop3 and renaming it to smtp worked with the cp ./pop3 ./smtp command worked. The other problem was that user outside of local network could not send mail. The mail server is behind a CISCO PIX 515 firewall. Cisco by default, in its configuration, it has a fixup for the SMTP protocol on port 25. Disabling fixup on port 25 solved the problem.

From: Anonymous at: 2006-04-20 23:27:10

If you are having problem sending emails via smtp and are getting pam auth errors make sure you have a /etc/pam.d/smtp file, if not (like i did, for some reason) you can just copy the imap file and rename it smtp.