Changes between Version 1 and Version 2 of configure_new_server
- Timestamp:
- Aug 23, 2007, 1:30:19 AM (17 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
configure_new_server
v1 v2 1 = Purchase an ssl certificate=1 = Purchase an ssl certificate = 2 2 3 3 Generate a private key and certificate signing request. … … 40 40 These will be used by apache 41 41 42 = Use volatile for SA and clamav=42 = Use volatile for SA and clamav = 43 43 44 44 … … 52 52 {{{ 53 53 Package: spamassassin 54 Pin: release a =etch-sloppy54 Pin: release a = etch-sloppy 55 55 Pin-Priority: 991 56 56 57 57 Package: spamc 58 Pin: release a =etch-sloppy58 Pin: release a = etch-sloppy 59 59 Pin-Priority: 991 60 60 }}} 61 61 62 62 63 = Install debian packages=63 = Install debian packages = 64 64 65 65 {{{ … … 91 91 }}} 92 92 93 = Configure HE routes=93 = Configure HE routes = 94 94 95 95 In order to route traffic directly from computer to computer (across different subnetworks) we need to add the different routes … … 126 126 chmod it to 755 127 127 128 = Configure suPHP=128 = Configure suPHP = 129 129 130 130 … … 142 142 fi 143 143 #userdel phpmyadmin 144 phpmyadmin_files =`dpkg -L phpmyadmin | grep '\.php'`144 phpmyadmin_files =`dpkg -L phpmyadmin | grep '\.php'` 145 145 146 146 for file in $phpmyadmin_files; do … … 171 171 perl -pi -e 's/www-data www-data/horde nogroup/g' /etc/logrotate.d/horde3 172 172 173 horde_files =`dpkg -L horde3 | grep '\.php'`174 imp_files =`dpkg -L imp4 | grep '\.php'`175 turba_files =`dpkg -L turba2 | grep '\.php'`176 ingo_files =`dpkg -L ingo1 | grep '\.php'`177 all_horde_files ="$horde_files $imp_files $turba_files $ingo_files"173 horde_files =`dpkg -L horde3 | grep '\.php'` 174 imp_files =`dpkg -L imp4 | grep '\.php'` 175 turba_files =`dpkg -L turba2 | grep '\.php'` 176 ingo_files =`dpkg -L ingo1 | grep '\.php'` 177 all_horde_files ="$horde_files $imp_files $turba_files $ingo_files" 178 178 179 179 for file in $all_horde_files; do … … 186 186 fi 187 187 #userdel squirrelmail 188 sm_files =`dpkg -L squirrelmail | grep '\.php'`188 sm_files =`dpkg -L squirrelmail | grep '\.php'` 189 189 190 190 chown -R squirrelmail:nogroup /var/lib/squirrelmail/data … … 202 202 [global] 203 203 ;Path to logfile 204 logfile =/var/log/suphp/suphp.log204 logfile =/var/log/suphp/suphp.log 205 205 206 206 ;Loglevel 207 loglevel =info207 loglevel = info 208 208 209 209 ;User Apache is running as 210 webserver_user =www-data210 webserver_user = www-data 211 211 212 212 ;Path all scripts have to be in 213 docroot =/213 docroot =/ 214 214 215 215 ;Path to chroot() to before executing script 216 ;chroot =/mychroot216 ;chroot =/mychroot 217 217 218 218 ; Security options 219 ;allow_file_group_writeable =false220 allow_file_group_writeable =true221 ;allow_file_others_writeable =false222 allow_file_others_writeable =true223 ;allow_directory_group_writeable =false224 allow_directory_group_writeable =true225 ;allow_directory_others_writeable =false226 allow_directory_others_writeable =true219 ;allow_file_group_writeable = false 220 allow_file_group_writeable = true 221 ;allow_file_others_writeable = false 222 allow_file_others_writeable = true 223 ;allow_directory_group_writeable = false 224 allow_directory_group_writeable = true 225 ;allow_directory_others_writeable = false 226 allow_directory_others_writeable = true 227 227 228 228 ;Check wheter script is within DOCUMENT_ROOT 229 ;check_vhost_docroot =true230 check_vhost_docroot =false229 ;check_vhost_docroot = true 230 check_vhost_docroot = false 231 231 232 232 ;Send minor error messages to browser 233 errors_to_browser =false233 errors_to_browser = false 234 234 235 235 ;PATH environment variable 236 env_path =/bin:/usr/bin236 env_path =/bin:/usr/bin 237 237 238 238 ;Umask to set, specify in octal notation 239 ;umask =0077240 umask =0022239 ;umask =0077 240 umask =0022 241 241 242 242 ; Minimum UID 243 min_uid =100243 min_uid =100 244 244 245 245 ; Minimum GID 246 min_gid =100246 min_gid =100 247 247 248 248 249 249 [handlers] 250 250 ;Handler for php-scripts 251 x-httpd-php =php:/usr/bin/php-cgi251 x-httpd-php = php:/usr/bin/php-cgi 252 252 253 253 ;Handler for CGI-scripts 254 x-suphp-cgi =execute:!self255 }}} 256 257 258 = Configure fail2ban=254 x-suphp-cgi = execute:!self 255 }}} 256 257 258 = Configure fail2ban = 259 259 260 260 Create /etc/fail2ban/jail.local. Modify the following lines, by adding them to the jail.local file that you just created: … … 263 263 bantime = 200 264 264 265 action = iptables[name =%(__name__)s, port=%(port)s]266 mail-whois[name =%(__name__)s, dest=%(destemail)s]267 268 }}} 269 270 = Install Red=265 action = iptables[name =%(__name__)s, port =%(port)s] 266 mail-whois[name =%(__name__)s, dest =%(destemail)s] 267 268 }}} 269 270 = Install Red = 271 271 272 272 … … 314 314 315 315 316 = Postfix setup=316 = Postfix setup = 317 317 318 318 … … 368 368 369 369 # Added for amavisd-new 370 content_filter =smtp-amavis:[127.0.0.1]:10024370 content_filter = smtp-amavis:[127.0.0.1]:10024 371 371 }}} 372 372 … … 386 386 }}} 387 387 388 Uncomment START =yes388 Uncomment START = yes 389 389 Change MECHANISMS to read: 390 MECHANISMS ="shadow"390 MECHANISMS ="shadow" 391 391 392 392 * Add postfix to the sasl group … … 435 435 436 436 437 = Setup Postgrey=437 = Setup Postgrey = 438 438 439 439 Postgrey defers all mail for 5 minutes the first time it receives a message with a never before seen sender and recipient. This results in a lot of spam not being delivered. … … 445 445 * Edit /etc/default/postgrey adding the following line: 446 446 {{{ 447 POSTGREY_TEXT ="Greylisted, see http://mayfirst.org/greylist"447 POSTGREY_TEXT ="Greylisted, see http://mayfirst.org/greylist" 448 448 }}} 449 449 * Restart postgrey … … 459 459 check_policy_service inet:127.0.0.1:60000 460 460 461 = Setup Courier=461 = Setup Courier = 462 462 463 463 … … 473 473 }}} 474 474 475 = Setup amavis=475 = Setup amavis = 476 476 477 477 … … 498 498 499 499 500 = Configure Spamassassin=500 = Configure Spamassassin = 501 501 502 502 … … 558 558 559 559 560 = Maildrop=560 = Maildrop = 561 561 562 562 Edit /etc/maildroprc and add the following lines: 563 563 564 564 {{{ 565 DEFAULT ="$HOME/Maildir"565 DEFAULT ="$HOME/Maildir" 566 566 # spamassassin 567 567 xfilter "/usr/bin/spamc -u $LOGNAME" 568 568 }}} 569 569 570 = Webmail setup=570 = Webmail setup = 571 571 572 572 … … 602 602 603 603 604 = Install Drupal=604 = Install Drupal = 605 605 606 606 … … 616 616 617 617 618 = Configure Apache=618 = Configure Apache = 619 619 620 620 … … 628 628 629 629 630 = Configure logrotate=630 = Configure logrotate = 631 631 632 632 Create a file called apache2-red in the /etc/logrotate.d directory with: … … 650 650 }}} 651 651 652 = Configure logcheck=652 = Configure logcheck = 653 653 654 654 Copy from Wiwa to the server: … … 656 656 /etc/logcheck/ignore.d.server/local-* 657 657 658 = Configure cron-apt=658 = Configure cron-apt = 659 659 660 660 Edit /etc/cron-apt 661 Change line MAILON to MAILON ="upgrade"662 663 = Configure Awstats=661 Change line MAILON to MAILON ="upgrade" 662 663 = Configure Awstats = 664 664 665 665 … … 671 671 672 672 673 = Configure Mutt=673 = Configure Mutt = 674 674 675 675 Create /etc/Muttrc.d and put a file named maildir.rc with 676 676 677 677 {{{ 678 set mbox_type =Maildir679 set mbox =~/Maildir680 set spoolfile =~/Maildir681 set folder =~/Maildir682 }}} 683 684 = Change ssh=678 set mbox_type = Maildir 679 set mbox =~/Maildir 680 set spoolfile =~/Maildir 681 set folder =~/Maildir 682 }}} 683 684 = Change ssh = 685 685 686 686 Make sure the following settings are set: … … 692 692 }}} 693 693 694 = Congifure phpmyadmin=694 = Congifure phpmyadmin = 695 695 696 696 Copy the apache conf file from /etc/phpmyadmin to /etc/apach2/conf.d … … 706 706 }}} 707 707 708 = Setup Backup=708 = Setup Backup = 709 709 710 710 * Copy the /usr/local/sbin/mf-backup and /etc/mf-backup.xml files from another server