New Server CentOS 4.4 at LT Grid with ISPConfig Installed

These are notes, I had taken down while setting up ISPConfig Hosting Control Panel on LayeredTechs Grid. Most of the steps were referenced via howtoforge and ispconfig installation notes. There were some gotchas to look out for and has bee noted below:

  1. update all packages:
    # yum update

  2. Install screen if not already installed.
    # yum install screen

  3. Secure and lock down SSH.
    • Change ssh default port.
    • Only allow ssh protocol 2.
    • Disable direct root login.
    • Limit ssh access to certain users only.
    • Limit su access to certain users only.

    Install and Setup ISPconfig required packages:

  4. Setup quotas.
    # yum install quota

    then in /etc/fstab:
    /dev/hda1 / ext3 defaults,usrquota,grpquota 0 0

    Enable quota:
    # touch /aquota.user /aquota.group
    # chmod 600 /aquota.*
    # mount -o remount /
    # quotacheck -avugm
    # quotaon -avug

  5. Install chroot DNS server.
    # yum install bind-chroot
    # chmod 755 /var/named/
    # chmod 775 /var/named/chroot/
    # chmod 775 /var/named/chroot/var/
    # chmod 775 /var/named/chroot/var/named/
    # chmod 775 /var/named/chroot/var/run/
    # chmod 777 /var/named/chroot/var/run/named/
    # cd /var/named/chroot/var/named/
    # ln -s ../../ chroot
    # chkconfig --levels 235 named on
    # /etc/init.d/named start

  6. Install mysql:
    I had some issues trying to start mysql and noticed that the /tmp directory permissions settings was not correct, which was set to 755.
    # chmod 1777 /tmp
    # yum install mysql mysql-devel mysql-server

    Add some delay in restart, as sometime it tries to start MySQL before the old MySQL process has stopped which leads to a failure.
    restart(){
      stop
        sleep 3
      start
    }

    I've also had to disable bdb in my.cnf as there seems to be a problem with the xen environment.
    Add the below two lines in /etc/my.cnf to skip bdb and indb.
    skip-bdb 
    skip-innodb

    Reset the root password.
    # mysqladmin -u root password <new_password>

  7. Install php and apache:
    # yum install php php-devel php-gd php-mysql php-pear
    # yum install mod_ssl

    Update the DirectoryIndex directive with:
    DirectoryIndex index.html index.htm index.shtml index.php index.cgi index.pl

    Configure to start and boot and start the httpd service:
    # chkconfig --levels 235 httpd on
    # serivce httpd start

  8. Install and start proftpd:
    # cd /etc/yum.repos.d/
    # wget http://centos.karan.org/kbsingh-CentOS-Extras.repo
    # rpm --import http://centos.karan.org/RPM-GPG-KEY-karan.org.txt
    # yum install proftpd
    # chkcofig --levels 235 proftpd on
    # service proftpd start

    Create the /etc/pam.d/ftp file with the below content to enable system users for ftp access.
    #%PAM-1.0
    auth    required        pam_unix.so     nullok
    account required        pam_unix.so
    session required        pam_unix.so

  9. Install webalizer:
    # yum -y install webalizer

  10. Install squirrelmail for webmail access:
    # yum -y install squirrelmail

  11. Install dovecot to handle pop and imap access.
    # yum -y install dovecot
    # chkconfig --levels 235 dovecot on
    # serivce dovecot start

    By default dovecot only listens to imap and imaps, so add the pop3 and pop3s protocols to listen to. Restart dovecot to load the configuration changes:
    protocols = imap imaps pop3 pop3s

  12. Sendmail should already come installed, but is setup by default to only listen to the loopback address 127.0.0.1 and not on any other network devices. Remove the loopback address restriction to accept email from the internet.
    DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl

  13. Install perl modules required by SpamAssassin:
    # yum install perl-HTML-Parser perl-DBI perl-Net-DNS perl-Digest-SHA1

  14. CentOS comes with zlib-1.2.1, which is old and has security hole. Install the latest zlib else the installation of ISPConfig fails if the newer version is not found:
    # wget http://www.zlib.net/zlib-1.2.3.tar.gz
    # tar xvfz zlib-1.2.3.tar.gz
    # cd zlib-1.2.3
    # ./configure --shared
    # make
    # make install

  15. Install ISPconfig:
    # wget http://easynews.dl.sourceforge.net/sourceforge/ispconfig/ISPConfig-2.2.9.tar.gz
    # tar -xvzf ISPConfig-2.2.9.tar.gz
    # cd install_ispconfig/

    Install any requirements for compiling such as gcc, make, flex etc..., I had to install flex and gcc-c++ as it was missing:
    Check the dist.txt and see if the values given there suit the distribution before running `setup.sh`.
    # yum install flex gcc-c++
    ./setup.sh

    In step 7 and 8 when it confirms to protect the certificates with a pass phrase, choose "n" there because otherwise you will always be asked for a password whenever you want to restart the ISPConfig system which means it cannot be restarted without human interaction!

References:

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

ISPConfig upgrades

From the Admin manual of ISPConfig:

You can update the ISPConfig system from one version to another if these versions belong to the same main version (e.g. 1.x; i.e., you can update from version 1.1.12 to version 1.2.0). Please download your wanted ISPConfig version to your server and proceed as if it was a new installation, not an update. The installation routine will notice that there is already a ISPConfig system on the server and will execute the necessary steps for the upgrade.

ispconfig-2.2.21 upgrade on centos-4.6

When upgrading to 2.2.21 the SpamAssassin compile barfed out and the upgrade failed. CentOS package perl-HTML-Parser was too old for the SpamAssassin version that comes with ISPConfig.

Luckily, I had backups of the database, /root/ispconfig and /home/admispconfig. Restored the folders and database, then re-ran the installer with the latest HTML::Parser.

# perl -MCPAN -e 'install HTML::PARSER'

Comment