Virtual Hosting Howto With Virtualmin On CentOS 5.1 - Page 2
Services To Disable
To enhance security and free system resources on the system we need to disable any services that are not required. You can run this script to do this for you.
- acpid
- anacron
- apmd
- autofs
- bluetooth
- cups
- firstboot
- gpm
- haldaemon
- messagebus
- mdmonitor
- hidd
- ip6tables
- kudzu
- lvm2-monitor
- netfs
- nfslock
- pcscd
- portmap
- rpcgssd
- rpcidmapd
- sendmail
- smartd
- yum-updatesd
Basics
We need to fix a few issues to prepare the system for configuration.
- Install updates
yum upgrade
- Switch the mta to postfix
alternatives --config mta
There are 2 programs which provide 'mta'.
Selection Command
-----------------------------------------------
1 /usr/sbin/sendmail.postfix
*+ 2 /usr/sbin/sendmail.sendmail
Enter to keep the current selection[+], or type selection number: 1
- Install caching-nameserver config:
yum install caching-nameserver
- Install Build tools:
yum install gcc cpp gcc-c++ automake automake14 automake15 automake16 automake17 openssl-devel subversion ncurses-devel -y
Configure Network Alias
cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0:1
Modify the file /etc/sysconfig/network-scripts/ifcfg-eth0:1 to look like this:
DEVICE=eth0:1 BOOTPROTO=static BROADCAST=192.168.1.255 IPADDR=192.168.1.6 NETMASK=255.255.255.0 NETWORK=192.168.1.0 ONBOOT=yes
Install Webmin / Virtualmin
- Import webmin pgp key:
wget http://www.webmin.com/jcameron-key.asc
rpm --import jcameron-key.asc
- Download the rpm:
wget http://prdownloads.sourceforge.net/webadmin/webmin-1.390-1.noarch.rpm
- Verify the rpm (should say OK or else download again):
rpm --checksig webmin-1.390-1.noarch.rpm
- Install the rpm:
rpm -Uvh webmin-1.390-1.noarch.rpm
Initial Webmin Config
We need to secure webmin by editing /etc/webmin/miniserv.conf and make the following changes:
- Using SSL only:
ssl=1
- Change the port to 443 and bind to the second nic only:
port=443 bind=192.168.1.6
- Disable UDP broadcasts:
#listen=10000
- Change host lockout on login failures to 3 :
blockhost_failures=3
- Increase host lockout timeout to 120:
blockhost_time=120
- Change user lockout on login failures to 3:
blockuser_failures=3
- Change user lockout timeout to 120:
blockuser_time=120
- Change the realm to something else:
realm=cpanel
- Log logins to utmp:
utmp=1
Install the webmin Tiger theme:
- Login to webmin via https://192.168.1.5:10000 using root and your password.
- Go to webmin ? Configuration ? webmin themes.
- Select From ftp or http URL and enter http://www.stress-free.co.nz/files/theme-stressfree.tar.gz
- Click install theme.
- Click "return to list themes".
- Select StressFree as the Current theme then click change.
Install php-pear module:
- Go to webmin ? webmin configuration ? webmin modules.
- Select Third party module from and enter http://www.webmin.com/download/modules/php-pear.wbm.gz.
- Click install module.
Install virtualmin:
- Go to webmin ? webmin configuration ? webmin modules.
- Select install from ftp or http URL and enter http://download.webmin.com/download/virtualmin/virtual-server-3.51.gpl.wbm.gz
- Click install module.
Remove unwanted modules Go to webmin ? webmin configuration ? delete and select the following:
- ADSL client
- Bacula backup system
- CD Burner
- CVS Server
- Cluster change passwords
- Cluster copy files
- Cluster cron jobs
- Cluster shell commands
- Cluster software packages
- Cluster usermin servers
- Cluster users and groups
- Cluster webmin servers
- Command shell
- Configuration engine
- Custom commands
- DHCP server
- Fetchmail mail retrieval
- File manager
- Frox ftp proxy
- HTTP Tunnel
- Heartbeat monitor
- IPsec VPN
- Jabber IM server
- LDAP server
- Logical volume management
- Majordomo list manager
- NFS exports
- NIS client and server
- OpenSLP server
- PPP dialin server
- PPP dialup client
- PPTP vpn server
- PPTP vpn client
- Postgresql database server
- Printer admin
- ProFTPD server
- QMAIL mail server
- SMART drive status
- SSH / Telnet login
- SSL tunnels
- SAMBA windows file sharing
- Scheduled commands
- Sendmail mail server
- Shoreline firewall
- Squid analysis report generator
- Squid proxy server
- Voicemail server
- WU-FTP server
- Idmapd server
Restart webmin:
service webmin restart
Configure Rpmforge Repo
rpm -Uhv http://packages.sw.be/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
NOTE: If you are using a different architecture check on https://rpmrepo.org/RPMforge/Using for the correct rpm
- Disable the repo (such that base packages not overwritten) edit /etc/yum.d/rpmforge.repo and set the following option:
enabled = 0
Install Extra Required Packages
- Install clamav:
yum --enablerepo=rpmforge install clamav clamav-db clamav-milter clamd -y
wget http://www.topdog-software.com/files/clamav-milter.patch
patch /etc/init.d/clamav-milter < clamav-milter.patch
chkconfig --del clamd
freshclam
- Install sanesecurity signatures:
wget http://www.sanesecurity.co.uk/clamav/update_sanesecurity.txt -O /usr/local/bin/update_sanesecurity.sh
chmod +x /usr/local/bin/update_sanesecurity.sh
ln -s /usr/local/bin/update_sanesecurity.sh /etc/cron.hourly/
/usr/local/bin/update_sanesecurity.sh
- Install PHP eaccelerator:
yum --enablerepo=rpmforge install php-eaccelerator
- Install newer spamassassin package from rpmforge:
yum --enablerepo=rpmforge upgrade spamassassin
- Install spamass-milter:
yum --enablerepo=rpmforge install spamass-milter
- Install perl modules required by spamassassin:
perl -MCPAN -e 'install Mail::SPF'
perl -MCPAN -e 'install Mail::SPF::Query'
perl -MCPAN -e 'install Net::Ident'
perl -MCPAN -e 'install IP::Country::Fast'
perl -MCPAN -e 'install Mail::DomainKeys'
perl -MCPAN -e 'install Mail::DKIM'
- Install fuzzyOCR:
yum --enablerepo=rpmforge install netpbm-progs ocrad gocr gifsicle giflib-utils giflib -y
svn co https://svn.own-hero.net/fuzzyocr/trunk/devel/
cd devel/
perl -MCPAN -e 'install String::Approx'
perl -MCPAN -e 'install Time::HiRes'
perl -MCPAN -e 'install Log::Agent'
cp -rv {FuzzyOcr.cf,FuzzyOcr.scansets,FuzzyOcr.preps,FuzzyOcr.pm,FuzzyOcr.words,FuzzyOcr/} /etc/mail/spamassassin
chcon -R system_u:object_r:etc_mail_t /etc/mail/spamassassin/{FuzzyOcr.cf,FuzzyOcr.scansets,FuzzyOcr.preps,FuzzyOcr.pm,FuzzyOcr.words,FuzzyOcr/}
wget http://www.gbnetwork.co.uk/mailscanner/FuzzyOcr.words -O /etc/mail/spamassassin/FuzzyOcr.words
- Install Razor:
yum --enablerepo=rpmforge install razor-agents -y
- Install roundcube:
yum install php-imap
rpm -Uvh http://www.topdog-software.com/oss/roundcube/roundcube-0.1-rc2.noarch.rpm
- Install imapproxy:
wget http://imapproxy.org/downloads/up-imapproxy-1.2.6.tar.gz
rpmbuild -tb up-imapproxy-1.2.6.tar.gz
rpm -Uvh /usr/src/redhat/RPMS/i386/up-imapproxy-1.2.6-1.i386.rpm
- Activate services:
chkconfig --level 345 httpd on
chkconfig --level 345 postfix on
chkconfig --level 345 spamassassin on
chkconfig --level 345 spamass-milter on
chkconfig --level 345 clamav-milter on
chkconfig --level 345 mysqld on
chkconfig --level 345 named on
chkconfig --level 345 vsftpd on
chkconfig --level 345 dovecot on
chkconfig --level 345 imapproxy on