LinuxWebLog.com

These are notes, I had taken down while setting up ISPConfig Hosting Control Panel on LayeredTechs Grid. Most of the steps were referenced via howtoforge and ispconfig installation notes. There were some gotchas to look out for and has bee noted below:

1. update all packages:
   
   # yum update
   
   
2. Install screen if not already installed.
   
   # yum install screen
   
   
3. Secure and lock down SSH.
   • Change ssh default port.
     
   • Only allow ssh protocol 2.
     
   • Disable direct root login.
     
   • Limit ssh access to certain users only.
     
   • Limit su access to certain users only.

   Install and Setup ISPconfig required packages:

4. Setup quotas.
   
   # yum install quota
   
   then in /etc/fstab:
   
   /dev/hda1 / ext3 defaults,usrquota,grpquota 0 0
   
   Enable quota:
   
   # touch /aquota.user /aquota.group
# chmod 600 /aquota.*
# mount -o remount /
# quotacheck -avugm
# quotaon -avug
   
   
5. Install chroot DNS server.
   
   # yum install bind-chroot
# chmod 755 /var/named/
# chmod 775 /var/named/chroot/
# chmod 775 /var/named/chroot/var/
# chmod 775 /var/named/chroot/var/named/r /># chmod 775 /var/named/chroot/var/run/
# chmod 777 /var/named/chroot/var/run/named/
# cd /var/named/chroot/var/named/r /># ln -s ../../ chroot
# chkconfig --levels 235 named on
# /etc/init.d/named start
   
   
6. Install mysql:
   I had some issues trying to start mysql and noticed that the /tmp directory permissions settings was not correct, which was set to 755.
   
   # chmod 1777 /tmp
# yum install mysql mysql-devel mysql-server
   
   Add some delay in restart, as sometime it tries to start MySQL before the old MySQL process has stopped which leads to a failure.
   
   restart(){
  stop
    sleep 3
  start
}
   
   I've also had to disable bdb in my.cnf as there seems to be a problem with the xen environment.
   Add the below two lines in /etc/my.cnf to skip bdb and indb.
   
   skip-bdb 
skip-innodb
   
   Reset the root password.
   
   # mysqladmin -u root password <new_password>
   
   
7. Install php and apache:
   
   # yum install php php-devel php-gd php-mysql php-pear
# yum install mod_ssl
   
   Update the DirectoryIndex directive with:
   
   DirectoryIndex index.html index.htm index.shtml index.php index.cgi index.pl
   
   Configure to start and boot and start the httpd service:
   
   # chkconfig --levels 235 httpd on
# serivce httpd start
   
   
8. Install and start proftpd:
   
   # cd /etc/yum.repos.d/
# wget http://centos.karan.org/kbsingh-CentOS-Extras.repo
# rpm --import http://centos.karan.org/RPM-GPG-KEY-karan.org.txt
# yum install proftpd
# chkcofig --levels 235 proftpd on
# service proftpd start
   
   Create the /etc/pam.d/ftp file with the below content to enable system users for ftp access.
   
   #%PAM-1.0
auth    required        pam_unix.so     nullok
account required        pam_unix.so
session required        pam_unix.so
   
   
9. Install webalizer:
   
   # yum -y install webalizer
   
   
10. Install squirrelmail for webmail access:
    
    # yum -y install squirrelmail
    
    
11. Install dovecot to handle pop and imap access.
    
    # yum -y install dovecot
# chkconfig --levels 235 dovecot on
# serivce dovecot start
    
    By default dovecot only listens to imap and imaps, so add the pop3 and pop3s protocols to listen to. Restart dovecot to load the configuration changes:
    
    protocols = imap imaps pop3 pop3s
    
    
12. Sendmail should already come installed, but is setup by default to only listen to the loopback address 127.0.0.1 and not on any other network devices. Remove the loopback address restriction to accept email from the internet.
    
    DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
    
    
13. Install perl modules required by SpamAssassin:
    
    # yum install perl-HTML-Parser perl-DBI perl-Net-DNS perl-Digest-SHA1
    
    
14. CentOS comes with zlib-1.2.1, which is old and has security hole. Install the latest zlib else the installation of ISPConfig fails if the newer version is not found:
    
    # wget http://www.zlib.net/zlib-1.2.3.tar.gz
# tar xvfz zlib-1.2.3.tar.gz
# cd zlib-1.2.3
# ./configure --shared
# make
# make install
    
    
15. Install ISPconfig:
    
    # wget http://easynews.dl.sourceforge.net/sourceforge/ispconfig/ISPConfig-2.2.9.tar.gz
# tar -xvzf ISPConfig-2.2.9.tar.gz
# cd install_ispconfig/
    
    Install any requirements for compiling such as gcc, make, flex etc..., I had to install flex and gcc-c++ as it was missing:
    Check the dist.txt and see if the values given there suit the distribution before running `setup.sh`.
    
    # yum install flex gcc-c++
./setup.sh
    
    In step 7 and 8 when it confirms to protect the certificates with a pass phrase, choose "n" there because otherwise you will always be asked for a password whenever you want to restart the ISPConfig system which means it cannot be restarted without human interaction!

References:

• HowToForge.com
  
• ISPCofig.org