in hosts definisco il mio alias 
vi /etc/hosts

in etho inserisco il mio ip
vi /etc/sysconfig/network-scripts/ifcfg-eth0

vi /etc/sysconfig/network-scripts/ifcfg-eth0:0

restart della scheda di rete
/etc/init.d/network restart

6 Setting The Hostname

(This step is also optional.)

This is not necessary if you have set the correct hostname during the installation. You can check the current hostname with the commands

hostname
hostname -f

If the output shows a wrong hostname, you can set the correct one like this:

echo server1.example.com > /etc/hostname
/bin/hostname -F /etc/hostname 


7 Configure urpmi

You can use the wizard on http://easyurpmi.zarb.org/ to find out how to configure urpmi so that urpmi uses online package repositories. For me the wizard gave back these commands that I run on the command line:

urpmi.addmedia main ftp://ftp.proxad.net/pub/Distributions_Linux/MandrivaLinux/devel/2007.0/i586/media/main/release with media_info/hdlist.cz
urpmi.addmedia contrib ftp://ftp.proxad.net/pub/Distributions_Linux/MandrivaLinux/devel/2007.0/i586/media/contrib/release with media_info/hdlist.cz

Now we create a script /etc/cron.daily/software_update that will autmatically be run by cron daily and looks for and installs the latest software updates on your Mandriva 2007 system. The script looks like this:

vi /etc/cron.daily/software_update

#!/bin/bash
urpmi.update updates
urpmi --auto --update --auto-select

Make the script executable:

chmod 755 /etc/cron.daily/software_update

9 Quota

To install the quota package, run

urpmi quota

Edit /etc/fstab to look like this (I added ,usrquota,grpquota to the partition with the mount point /):

vi /etc/fstab

/dev/sda6 / ext3 defaults,usrquota,grpquota 1 1
/dev/sda1 /boot ext3 defaults 1 2
/dev/hdc /mnt/cdrom auto umask=0,users,iocharset=utf8,noauto,ro,exec 0 0
none /mnt/floppy supermount dev=/dev/fd0,fs=ext2:vfat,--,umask=0,iocharset=utf8,sync 0 0
none /proc proc defaults 0 0
/dev/sda5 swap swap defaults 0 0

Then run:

touch /aquota.user /aquota.group
chmod 600 /aquota.*
mount -o remount /
quotacheck -avugm
quotaon -avug

 
10 DNS Server

To install The BIND DNS server, run:

urpmi bind

Mandriva 2007's BIND is running chrooted by default, therefore we need to create a few symlinks so that ISPConfig (if you want to install it) can deal with it:

cd /var/lib/named/var
mkdir -p lib/named/var
cd lib/named/var
ln -s ../../../named/ named
ln -s ../../../run/ run

Then start BIND:

/etc/init.d/named start


11 MySQL (5.0)

To install MySQL 5.0, we simply run:

urpmi MySQL MySQL-client libmysql15-devel

By default, networking is not enabled in Mandriva 2007's MySQL package, but networking is required by ISPConfig. We can change this by commenting out the line skip-networking in /etc/my.cnf:

vi /etc/my.cnf

[...]
# Don't listen on a TCP/IP port at all. This can be a security enhancement,
# if all processes that need to connect to mysqld run on the same host.
# All interaction with mysqld must be made via Unix sockets or named pipes.
# Note that using this option without enabling named pipes on Windows
# (via the "enable-named-pipe" option) will render mysqld useless!
#
#skip-networking

Afterwards, we start MySQL:
/etc/init.d/mysqld start

Now check that networking is enabled. Run

netstat -tap

It should show a line like this:

[...]
tcp        0      0 *:mysql                     *:*                         LISTEN      4609/mysqld
[...]

Next, run

mysqladmin -u root password yourrootsqlpassword
mysqladmin -h server1.example.com -u root password yourrootsqlpassword

to set a password for the user root (otherwise anybody can access your MySQL database!).

 
12 Postfix With SMTP-AUTH And TLS

Install the required packages (Postfix, cyrus-sasl, imap, etc.) like this:

urpmi cyrus-sasl libsasl2 libsasl2-devel libsasl2-plug-plain libsasl2-plug-anonymous libsasl2-plug-crammd5 libsasl2-plug-digestmd5 libsasl2-plug-gssapi libsasl2-plug-login postfix imap

Then run

postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'
postconf -e 'mydomain = example.com'
postconf -e 'myhostname = server1.$mydomain'
postconf -e 'mydestination = /etc/postfix/local-host-names, localhost.example.com'
touch /etc/postfix/local-host-names

Edit /etc/sasl2/smtpd.conf. It should look like this:

vi /etc/sasl2/smtpd.conf

# SASL library configuration file for postfix
# all parameters are documented into:
# /usr/share/doc/cyrus-sasl-2.*/options.html

# The mech_list parameters list the sasl mechanisms to use,
# default being all mechs found.
mech_list:         plain login

# To authenticate using the separate saslauthd daemon, (e.g. for
# system or ldap users). Also see /etc/sysconfig/saslauthd.
pwcheck_method:    saslauthd
saslauthd_path:    /var/lib/sasl2/mux

# To authenticate against users stored in sasldb.
#pwcheck_method:    auxprop
#auxprop_plugin:    sasldb
#sasldb_path:       /var/lib/sasl2/sasl.db

Create the SSL certificate needed for TLS:

mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

and configure Postfix for TLS:

postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'

Now start Postfix, saslauthd, imap and pop3:

chkconfig imap on
chkconfig imaps on
chkconfig ipop3 on
chkconfig pop3s on
/etc/init.d/postfix restart
/etc/init.d/saslauthd restart
/etc/init.d/xinetd restart

To see if SMTP-AUTH and TLS work properly now run the following command:

telnet localhost 25

After you have established the connection to your Postfix mail server type

ehlo localhost

If you see the lines

250-STARTTLS

and

250-AUTH

everything is fine.

Type

quit

to return to the system's shell.

 
13 Apache2 With PHP5

To install Apache2 and PHP5, run the following command (in one line):

urpmi apache2-mod_php libphp5_common5 php-bz2 php-calendar php-ctype php-curl php-devel php-dio php-dom php-eaccelerator php-enchant php-esmtp php-event php-exif php-fam php-ffmpeg php-fileinfo php-filepro php-ftp php-gd php-gettext php-gmp php-iconv php-id3 php-idn php-imap php-imlib2 php-mailparse php-mbstring php-mcache php-mcrypt php-mhash php-ming php-mysql php-mysqli php-ncurses php-newt php-odbc php-oggvorbis php-pam_auth php-pcntl php-pcre php-pear-Net_IDNA php-posix php-pspell php-readline php-recode php-session php-shmop php-simplexml php-snmp php-soap php-sockets php-sqlite php-ssh2 php-sysvmsg php-sysvsem php-sysvshm php-tclink php-tcpwrap php-tidy php-xml php-xmlrpc php-zip php5-ini curl libcurl3-devel perl-libwww-perl ImageMagick

Start Apache:

/etc/init.d/httpd restart

 
13.1 Disable PHP Globally

(If you do not plan to install ISPConfig on this server, please skip this section!)

In ISPConfig you will configure PHP on a per-website basis, i.e. you can specify which website can run PHP scripts and which one cannot. This can only work if PHP is disabled globally because otherwise all websites would be able to run PHP scripts, no matter what you specify in ISPConfig.

Edit /etc/httpd/modules.d/70_mod_php.conf and comment out the AddType lines:

vi /etc/httpd/modules.d/70_mod_php.conf

<IfDefine HAVE_PHP5>
    <IfModule !mod_php5.c>
        LoadModule php5_module    extramodules/mod_php5.so
    </IfModule>
</IfDefine>

<IfModule mod_mime.c>
#    AddType application/x-httpd-php .php
#    AddType application/x-httpd-php .phtml
#    AddType application/x-httpd-php-source .phps
</IfModule>

<IfModule mod_php5.c>
    <IfModule mod_dir.c>
        DirectoryIndex index.php index.phtml
    </IfModule>
</IfModule>

Edit /etc/httpd/conf/mime.types and comment out the following lines:

vi /etc/httpd/conf/mime.types

[...]
#application/x-perl             perl pl
#application/x-php              php php3 php4
[...]

Edit /etc/httpd/conf/httpd.conf and add the following line to the LoadModule section:

vi /etc/httpd/conf/httpd.conf

[...]
LoadModule php5_module    extramodules/mod_php5.so
[...]

(Although this line is already in /etc/httpd/modules.d/70_mod_php.conf this is very important because otherwise the command

httpd -t

will report errors instead of Syntax OK when the virtual hosts created by ISPConfig contain lines like php_admin_flag safe_mode On or the like!)

Restart Apache:

/etc/init.d/httpd restart

14 Proftpd

Install Proftpd like this:

urpmi proftpd

When you see the following:

One of the following packages is needed:
1- proftpd-mod_wrap_file-1.3.0-4mdv2007.0.i586 : A file-specific driver for the mod_wrap module for ProFTPD (to install)
2- proftpd-mod_wrap_sql-1.3.0-4mdv2007.0.i586 : A SQL database driver for the mod_wrap module for ProFTPD (to install)

type in 1.

For security reasons you can add the following lines to /etc/proftpd.conf (thanks to Reinaldo Carvalho; more information can be found here: http://www.proftpd.org/localsite/Userguide/linked/userguide.html):

vi /etc/proftpd.conf

[...]
DefaultRoot ~
IdentLookups off
ServerIdent on "FTP Server ready."
[...]

Be sure to comment out the following lines in /etc/proftpd.conf in order to allow ftp users to CHMOD:

[...]
## Bar use of SITE CHMOD by default
#<Limit SITE_CHMOD>
#    DenyAll
#</Limit>

Then restart Proftpd:

/etc/init.d/proftpd restart

 
15 Webalizer

Mandriva 2007 doesn't come with a Webalizer package anymore, therefore we install the static Webalizer binary from the Webalizer web site like this:

cd /tmp
wget ftp://ftp.mrunix.net/pub/webalizer/webalizer-2.01-10-static.gz
gunzip webalizer-2.01-10-static.gz
mv webalizer-2.01-10-static /usr/bin/webalizer
chmod 755 /usr/bin/webalizer

 
16 Install Some Perl Modules Needed By SpamAssassin (Comes With ISPConfig)

To install all needed Perl Modules, we can use the appropriate Mandriva packages and install them using urpmi:

urpmi perl-HTML-Parser perl-Digest-SHA1 perl-DB_File perl-Net-DNS

 
17 The End

The configuration of the server is now finished, and if you wish you can now install ISPConfig on it.

 
18 A Note On SuExec

If you want to run CGI scripts under suExec, you should specify /var/www as the web root for websites created by ISPConfig as Mandriva's suExec is compiled with /var/www as Doc_Root. Run

/usr/sbin/suexec -V

and the output should look like this:

Unless you install ISPConfig in expert mode and change the default web root (which is /var/www), you will be able to run CGI scripts under suExec with ISPConfig.

 
19 Links

    * Mandriva: http://www.mandrivalinux.com
    * Easyurpmi: http://easyurpmi.zarb.org
    * ISPConfig: http://www.ispconfig.org