ISP-Server Setup - Ubuntu 5.0.4 "The Hoary Hedgehog" - Page 3

2 Installing And Configuring The Rest Of The System

Enable root user

Now I can login with the username and password I entered above. First I enable the root user for ease of installation. You can disable it later if you want.

sudo passwd root

Now we are logged in as root user.

Configure The Network

Because the Ubuntu installer has configured our system to get its network settings via DHCP, we have to change that now because a server should have a static IP address. Edit /etc/network/interfaces and adjust it to your needs (in this example setup I will use the IP address

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# This is a list of hotpluggable network interfaces.
# They will be activated automatically by the hotplug subsystem.
mapping hotplug
script grep
map eth0

# The primary network interface
auto eth0
iface eth0 inet static

If you want to add the IP address to the interface eth0 you should change the file to look like this:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# This is a list of hotpluggable network interfaces.
# They will be activated automatically by the hotplug subsystem.
mapping hotplug
script grep
map eth0

# The primary network interface
auto eth0
iface eth0 inet static

auto eth0:0
iface eth0:0 inet static

Then restart your network:

/etc/init.d/networking restart

Edit /etc/hosts and add your new IP addresses:       localhost.localdomain   localhost       server1 server1 virtual-ip1

# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

Setting The Hostname

echo > /etc/hostname
/bin/hostname -F /etc/hostname

Edit /etc/apt/sources.list And Update Your Linux Installation

Edit /etc/apt/sources.list. It should look like this:

#deb cdrom:[Ubuntu 5.04 _Hoary Hedgehog_ - Release i386 (20050407)]/ hoary main restricted

deb hoary main restricted
deb-src hoary main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb hoary-updates main restricted
deb-src hoary-updates main restricted

## Uncomment the following two lines to add software from the 'universe'
## repository.
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## universe WILL NOT receive any review or updates from the Ubuntu security
## team.
deb hoary universe
deb-src hoary universe

deb hoary-security main restricted
deb-src hoary-security main restricted

deb hoary-security universe
deb-src hoary-security universe

apt-get update
apt-get upgrade

Install SSH Daemon

apt-get install ssh

Install/Remove Some Software

Now let's install some software we need later on and remove some packages that we do not need:

apt-get install fetchmail unzip zip libarchive-zip-perl zlib1g-dev libpopt-dev nmap openssl lynx gcc flex make ncftp libdb4.3-dev

update-inetd --remove daytime
update-inetd --remove telnet
update-inetd --remove time
update-inetd --remove finger
update-inetd --remove talk
update-inetd --remove ntalk
update-inetd --remove ftp
update-inetd --remove discard

/etc/init.d/inetd reload


apt-get install quota

Edit /etc/fstab to look like this (I added ,usrquota,grpquota to the partitions with the mount point / and /var):

# /etc/fstab: static file system information.
# proc /proc proc defaults 0 0 /dev/sda3 / ext3 defaults,errors=remount-ro,usrquota,grpquota 0 1 /dev/sda1 /boot ext3 defaults 0 2 /dev/sda4 /var ext3 defaults,usrquota,grpquota 0 2 /dev/sda2 none swap sw 0 0 /dev/hdc /media/cdrom0 udf,iso9660 ro,user,noauto 0 0 /dev/fd0 /media/floppy0 auto rw,user,noauto 0 0

Then run:

touch /quota.user /
chmod 600 /quota.*
mount -o remount /
touch /var/quota.user /var/
chmod 600 /var/quota.*
mount -o remount /var
quotacheck -avugm
quotaon -avug


apt-get install bind9

For security reasons we want to run BIND chrooted so we have to do the following steps:

/etc/init.d/bind9 stop

Edit the file /etc/default/bind9 so that the daemon will run as the unprivileged user 'bind', chrooted to /var/lib/named. Modify the line: OPTS="-u bind" so that it reads OPTIONS="-u bind -t /var/lib/named":

OPTIONS="-u bind -t /var/lib/named"

Create the necessary directories under /var/lib:

mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run

Then move the config directory from /etc to /var/lib/named/etc:

mv /etc/bind /var/lib/named/etc

Create a symlink to the new config directory from the old location (to avoid problems when bind is upgraded in the future):

ln -s /var/lib/named/etc/bind /etc/bind

Make null and random devices, and fix permissions of the directories:

mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind

We need to modify the startup script /etc/init.d/sysklogd of sysklogd so that we can still get important messages logged to the system logs. Modify the line: SYSLOGD="-u syslog" so that it reads: SYSLOGD="-u syslog -a /var/lib/named/dev/log":

#! /bin/sh
# /etc/init.d/sysklogd: start the system log daemon.



test -x $binpath || exit 0
. /lib/lsb/init-functions

# Options for start/restart the daemons
# For remote UDP logging use SYSLOGD="-r"
SYSLOGD="-u syslog -a /var/lib/named/dev/log"

if [ ! -e /dev/xconsole ]; then
mknod -m 640 /dev/xconsole p
chmod 0640 /dev/xconsole
chown root:adm /dev/xconsole

# No pidfile, probably no daemon present
if [ ! -f $pidfile ]
return 1

pid=`cat $pidfile`

# No pid, probably no daemon present
if [ -z "$pid" ]
return 1

if [ ! -d /proc/$pid ]
return 1

cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1`

# No syslogd?
if [ "$cmd" != "$binpath" ]
return 1

return 0

case "$1" in
log_begin_msg "Starting system log daemon..."
start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD
log_end_msg $?
log_begin_msg "Stopping system log daemon..."
start-stop-daemon --stop --quiet --oknodo --exec $binpath --pidfile $pidfile
log_end_msg $?
log_begin_msg "Restarting system log daemon..."
start-stop-daemon --stop --quiet --exec $binpath --pidfile $pidfile
sleep 1
start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD
log_end_msg $?
log_success_msg "Usage: /etc/init.d/sysklogd {start|stop|reload|restart|force-reload|reload-or-restart}"
exit 1

exit 0

Restart the logging daemon:

/etc/init.d/sysklogd restart

Start up BIND, and check /var/log/syslog for any errors:

/etc/init.d/bind9 start

Share this page:

24 Comment(s)

Add comment


From: Anonymous at: 2005-10-10 02:01:05

You mention that Postfix has a shorter list of security vulnerabilities than Sendmail. In the recent times, Sendmail has performed very well. Also keep in mind that Sendmail is over 23 years old -- it's had a lot more time to be tested for these things. If you mentioned that Postfix scales better than Sendmail, I'd have marked that as credable; however, Sendmail's M4 configuration is so easy that even a monkey could do it.

As a software package, Sendmail works great. It is easy to configure. It has proven itself secure in the recent years. Don't knock it for the wrong things.

From: Anonymous at: 2005-11-16 22:54:12

May be you'd check more. Postfix is designed basically to be a secure alternative to Sendmail, check its site. And it does have a better record.

I'd say the worst thing about sendmail is the configuration, by the way. Probably you are a M4 veteran, so you don't know how complicated it is. Frankly, that was the reason I switched from sendmail to postfix, circa redhat 7.3, before it became their default. And I am not really a newbie..

From: Anonymous at: 2005-12-19 16:44:21

thanks for the walk through only had Ubuntu installed (or any type of Linux) for a couple of days and I'm already runing my own server...pure magic

From: Anonymous at: 2006-01-29 17:47:45

would this be a better starting point?

would it change everything in this howto?

From: admin at: 2006-01-29 18:26:22

The ubuntu server distribution did not exist at the time I've written this howto. I'am pretty sure that the howto will work fine with Ubuntu Server distribution too, but I've not tested it yet.


From: Anonymous at: 2005-10-28 09:58:33

Bad bad bad!:
0 */2 * * * /etc/init.d/ntpdate restart

Please use an ntp daemon.

From: Anonymous at: 2005-12-03 08:59:49

And if you are already on it use 'crontab -e' to modify cronjobs instead of digging through the file system. You get syntax highlighting and it checks and installs the new cronjob for you afterwards.

From: at: 2005-09-20 02:00:06

There is an error (minor) in the following paragraph on the last page. ...

After you have answered the questions ISPConfig should be duly installed. If you indicated www as host and as the domain during the installation, you will find the ISPConfig interface under or

The addresses should have .com instead of .de (or the how should be

thanks for the sweet article!

From: admin at: 2005-09-26 08:11:23

Thanks, I've corrected the error.

From: Anonymous at: 2005-10-09 06:05:23

Why cant a iso of this be available to download all ready to run?

flame away ;-)

From: at: 2005-09-25 21:45:42

Crossposted from OSNews:

This is the worst HOWTO I ever read. There is NO explanation what this setup will create NOR is it secure or suitable other than for kids to play on their homeboxen. Postfix has not disabled plaintext without ssl so every client pointing to server:25 and not issuing STARTTLS will get transmit passwords in cleartext. Did I hear ISP? Where is virtual domain support? Are you supposed to have all your mailaccounts in /etc/passwd. What is that Apache setup meant for? Disabling PHP and running php scripts as CGI with Suexec? Ever heard of suphp?

forget it

From: Anonymous at: 2005-09-26 08:19:04

It seems you have not read the howto at all. The howto prepares a server for the installation of the ispconfig controlpanel. If you do not disable PHP globally you can not manage it on a per vhost basis :-) When you have written your own server howto, you can post it here to show everyone what you think a server setup is. E.g. crossposting is :cool:

From: at: 2005-09-25 22:22:56

Hmm, the other guy needs a slap around the ears, not designed for kids at home, he assumes you have a basic idea if you are going to do it, there's also Articles about Virtual Domains on the site, take a chill pill and relax. Nice Article, you may also want to look into running VHCS as well from it's also a Free Opensource Hosting panel, I think it has more features too, plus it's a heck of a lot sexier.

From: Anonymous at: 2005-10-06 20:09:48

everyones a noob at some point

From: Anonymous at: 2005-09-27 02:30:55

Hello I am newbie. It's my first time to have handson on linux. Anyway i followed everything in this article except that when I installed ISPConfig, I got the following error:

Warning: main( failed to open stream: No such file or directory in /tmp/install_ispconfig/install.php on line 624

Warning: main(): Failed opening '' for inclusion (include_path='.:/root/ispconfig/php/lib/php') in /tmp/install_ispconfig/install.php on line 624

Warning: mysql_connect(): Access denied for user: 'root@localhost' (Using password: NO) in /tmp/install_ispconfig/install.php on line 634

Could not connect to db

Restarting some services...

./setup2: line 883: [:==: unary operator expected

./setup2: line 901: /etc/init.d/ispconfig_server: No such file or directory

If you have anyway of fixing this. I would be very grateful.


From: falko at: 2005-09-28 07:40:54
From: Anonymous at: 2005-10-07 16:22:42

my setup is ok now. can you tell me how to add amasvid-new and clam av to this setup?

From: admin at: 2005-10-07 17:16:33

If you use ISPConfig, mailfiltering with Spamassassin and ClamAV are installed and configured? by the ISPConfig installer.

From: Anonymous at: 2005-10-10 16:38:41

i cannot receive email but i can send using outlook client with smtp authentication. also i cannot login using

From: Anonymous at: 2005-09-28 01:55:51

I tried this but had a dickens of a time testing the email addresses. I put "nameserver" on the top of /etc/resolv.conf and to test the DNS, I'd run "host" to see if the virtual address showed up. It did, so I tried setting up email accounts( 2 ) and created the accounts in Thunderbird to send back and forth. They didn't work until I started sending to "". Creating a Co-Domain with the Hostname cleared worked. It also resulted in /etc/prostfix/local-host-names file showing the entry( along with the entry ).

Cool HowTo BTW. Now I have to go in and start learning what all is going on. ;-)

I'm thinking this might be nice for a couple of friends who have small biz and need to create temp accounts for customer comm and filesharing.

From: Anonymous at: 2005-09-28 13:37:50

Rather than creating the symlinks manually as you do for the Apache modules you can use the provided tools:

a2enmod include

a2enmod ssl


From: Anonymous at: 2005-10-06 14:16:36

Is it perfect? Probably not.

Handholding? Some, but you really need to bring your own critical thinking to the table if you're to tackle an unforseen glitch.

Thorough? Absolutely. While I (might) agree there's not a lot of detailed explanations to the tasks, it's all here. You couldn't ask for a better blueprint. You wanna know more about the underpinnings of each step? Start digging. At least you now know what questions to ask!

For all the indignant boo hooing, I would say anyone whining about this article has not had to fend for themselves much and is proably still living with their parents.

Thanks for helping this newbie get a better idea of how work is accomplished in Linux!

From: Anonymous at: 2005-10-09 17:00:47

I created some scripts that are a start to automating this process. You can find them here:

Keep in mind that these scripts are not the cure all it just helps automate a bit. Take a look at each one before you use it. I usually run wget and get them all into the /tmp dir and then call on them as needed.

Hope this helps.

From: SABADBOY at: 2008-11-30 08:41:44