The Perfect Server - CentOS 6.4 x86_64 (Apache2, Dovecot, ISPConfi !

"
Version 1.0 Author: Falko Timme <ft [at] falkotimme [dot] com> Follow me on Twitter Last edited 0 !1"!#01 This tutorial shows how to $re$are a %ent&' (." )*(+(" ser,er for the installation of -'.%onfi/ 0 and how to install -'.%onfi/ . -'.%onfi/ is a we1hostin/ control $anel that allows 2ou to confi/ure the followin/ ser,ices throu/h a we1 1rowser: A$ache we1 ser,er0 .ostfi) mail ser,er0 32'4L0 5-67 nameser,er0 .ureFT.d0 '$amAssassin0 %lamAV0 3ailman0 and man2 more. 'ince ,ersion .0."0 -'.%onfi/ comes with full su$$ort for the n/in) we1 ser,er in addition to A$ache8 this tutorial co,ers the setu$ of a ser,er that uses A$ache0 not n/in). .lease note that this setu$ does not work for -'.%onfi/ 29 -t is ,alid for -'.%onfi/ - do not issue an2 /uarantee that this will work for 2ou9 ISPConfi ! #an$a% -n order to learn how to use -'.%onfi/ 0 - stron/l2 recommend to download the -'.%onfi/ 3anual. onl29

&n more than 00 $a/es0 it co,ers the conce$t 1ehind -'.%onfi/ :admin0 resellers0 clients;0 e)$lains how to install and u$date -'.%onfi/ 0 includes a reference for all forms and form fields in -'.%onfi/ to/ether with e)am$les of ,alid in$uts0 and $ro,ides tutorials for the most common tasks in -'.%onfi/ . -t also lines out how to make 2our ser,er more secure and comes with a trou1leshootin/ section at the end.

ISPConfi #onitor App &or An'roi' <ith the -'.%onfi/ 3onitor A$$0 2ou can check 2our ser,er status and find out if all ser,ices are runnin/ as e)$ected. =ou can check T%. and >7. $orts and $in/ 2our ser,ers. -n addition to that 2ou can use this a$$ to re?uest details from ser,ers that ha,e -'.%onfi/ installed :p%ea(e note that the )ini)$) in(ta%%e' ISPConfi ! ver(ion *ith ($pport for the ISPConfi #onitor App i( !.+.!.!,;8 these details include e,er2thin/ 2ou know from the 3onitor module in the -'.%onfi/ %ontrol .anel :e./. ser,ices0 mail and s2stem lo/s0 mail ?ueue0 %.> and memor2 info0 disk usa/e0 ?uota0 &' details0 @ABunter lo/0 etc.;0 and of course0 as -'.%onfi/ is multiser,erCca$a1le0 2ou can check all ser,ers that are controlled from 2our -'.%onfi/ master ser,er. For download and usa/e instructions0 $lease ,isit htt$:!!www.is$confi/.or/!is$confi/C !is$confi/CmonitorC a$$CforCandroid!.

- .e/$ire)ent(
To install such a s2stem 2ou will need the followin/:

7ownload the two %ent&' (." 7V7s from a mirror ne)t to 2ou :the list of mirrors can 1e found here: htt$:!!isoredirect.centos.or/!centos!(!isos!)*(+("!;. a fast -nternet connection.

2 Pre%i)inar0 1ote
-n this tutorial - use the hostname ser,er1.e)am$le.com with the -. address 1D#.1(*.0.100 and the /atewa2 1D#.1(*.0.1. These settin/s mi/ht differ for 2ou0 so 2ou ha,e to re$lace them where a$$ro$riate.

! In(ta%% The 2a(e S0(te)

5oot from 2our first %ent&' (." 7V7 :7V7 1;. 'elect -nstall or u$/rade an e)istin/ s2stem:

-t can take a lon/ time to test the installation media so we ski$ this test here:

The welcome screen of the %ent&' installer a$$ears. %lick on 6e)t:

%hoose 2our lan/ua/e ne)t:

'elect 2our ke21oard la2out:

- assume that 2ou use a locall2 attached hard dri,e0 so 2ou should select 5asic 'tora/e 7e,ices here:

=ou mi/ht see the followin/ warnin/ C Error $rocessin/ dri,e. -f 2ou see this click on the @eCinitialiFe all 1utton to $roceed:

Fill in the hostname of the ser,er :e./. ser,er1.e)am$le.com;0 then click on the %onfi/ure 6etwork 1utton:

Go to the <ired ta10 select the network interface :$ro1a1l2 eth0; and click on Edit...:

3ark the %onnect automaticall2 check1o) and /o to the -.," 'ettin/s ta1 and select 3anual in the 3ethod dro$Cdown menu. Fill in one0 two0 or three nameser,ers :se$arated 12 comma; in the 76' ser,ers field :e./. *.*.*.*0*.*.".";0 then click on the Add 1utton ne)t to the Addresses area:

6ow /i,e 2our network card a static -. address and netmask :in this tutorial -Hm usin/ the -. address 1D#.1(*.0.100 and netmask #II.#II.#II.0 for demonstration $ur$oses8 if 2ou are not sure a1out the ri/ht ,alues0 htt$:!!www.su1netmask.info mi/ht hel$ 2ou;. Also fill in 2our /atewa2 :e./. 1D#.1(*.0.1; and click on the A$$l2... 1utton:

The network confi/uration is now finished. %lick on the 6e)t 1utton:

%hoose 2our time Fone:

Gi,e root a $assword:

6e)t we do the $artitionin/. 'elect @e$lace E)istin/ Linu) '2stem:s;. This will /i,e 2ou a small !1oot $artition and a lar/e ! $artition which is fine for our $ur$oses:

'elect <rite chan/es to disk:

The hard dri,e is 1ein/ formatted:

6ow we select the software we want to install. 'elect 5asic 'er,er0 then check %ent&' in the additional re$ositories field0 choose %ustomiFe later and click on 6e)t:

The installation 1e/ins. This will take a few minutes:

Finall20 the installation is com$lete0 and 2ou can remo,e 2our 7V7 from the com$uter and re1oot it:

After the re1oot0 lo/ in as root. - want to install -'.%onfi/ at the end of this tutorial which comes with its own firewall. ThatHs wh2 - disa1le the default %ent&' firewall now. &f course0 2ou are free to lea,e it on and confi/ure it to 2our needs :1ut then 2ou shouldnHt use an2 other firewall later on as it will most $ro1a1l2 interfere with the %ent&' firewall;. @un... s2stemCconfi/CfirewallCtui ... and disa1le the firewall. Bit &A afterwards:

%onfirm 2our choice 12 selectin/ =es:

-f 2ou did not confi/ure 2our network card durin/ the installation0 2ou can do that now. @un... s2stemCconfi/Cnetwork ... and /o to 7e,ice confi/uration:

'elect 2our network interface:

Then fill in 2our network details C disa1le 7B%. and fill in a static -. address0 a netmask0 2our /atewa20 and one or two nameser,ers0 then hit &k:

6e)t select 'a,e:

=ou can also s$ecif2 additional nameser,ers. 'elect 76' confi/uration:

6ow 2ou can fill in additional nameser,ers and hit &k:

Bit 'a,eJ4uit afterwards:

=ou should run ifconfi/ now to check if the installer /ot 2our -. address ri/ht: [rootKser,er1 L]M ifconfi/ eth0 Link enca$:Ethernet B<addr 00:0%:#D:00:*I:A% inet addr:1D#.1(*.0.100 5cast:1D#.1(*.0.#II 3ask:#II.#II.#II.0 inet( addr: fe*0::#0c:#Dff:fe00:*Iac!(" 'co$e:Link >. 5@&A7%A'T @>66-6G 3>LT-%A'T 3T>:1I00 3etric:1 @N $ackets:#O* errors:0 dro$$ed:0 o,erruns:0 frame:0 TN $ackets:*( errors:0 dro$$ed:0 o,erruns:0 carrier:0 collisions:0 t)?ueuelen:1000 @N 12tes:#*I0 :#O.* Ai5; TN 12tes:1( (0 :1I.D Ai5;

lo

Link enca$:Local Loo$1ack inet addr:1#O.0.0.1 3ask:#II.0.0.0 inet( addr: ::1!1#* 'co$e:Bost >. L&&.5A%A @>66-6G 3T>:1(" ( 3etric:1 @N $ackets:0 errors:0 dro$$ed:0 o,erruns:0 frame:0 TN $ackets:0 errors:0 dro$$ed:0 o,erruns:0 carrier:0 collisions:0 t)?ueuelen:0 @N 12tes:0 :0.0 1; TN 12tes:0 :0.0 1;

[rootKser,er1 L]M %heck 2our !etc!resol,.conf if it lists all nameser,ers that 2ouH,e $re,iousl2 confi/ured: cat !etc!resol,.conf -f nameser,ers are missin/0 run s2stemCconfi/Cnetwork and add the missin/ nameser,ers a/ain. 6ow0 on to the confi/uration...

4 A'3$(t 4etc4ho(t(

6e)t we edit !etc!hosts. 3ake it look like this: ,i !etc!hosts

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 192.168.0.100 server1.example.com server1 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

5 Confi $re The &ire*a%%

:=ou can ski$ this cha$ter if 2ou ha,e alread2 disa1led the firewall at the end of the 1asic s2stem installation.; - want to install -'.%onfi/ at the end of this tutorial which comes with its own firewall. ThatHs wh2 - disa1le the default %ent&' firewall now. &f course0 2ou are free to lea,e it on and confi/ure it to 2our needs :1ut then 2ou shouldnHt use an2 other firewall later on as it will most $ro1a1l2 interfere with the %ent&' firewall;. @un s2stemCconfi/Cfirewall and disa1le the firewall. To check that the firewall has reall2 1een disa1led0 2ou can run

i$ta1les CL afterwards. The out$ut should look like this: [rootKser,er1 L]M i$ta1les CL %hain -6.>T :$olic2 A%%E.T; tar/et $rot o$t source destination %hain F&@<A@7 :$olic2 A%%E.T; tar/et $rot o$t source destination %hain &>T.>T :$olic2 A%%E.T; tar/et $rot o$t source destination [rootKser,er1 L]M

6 Di(a6%e S78in$x
'ELinu) is a securit2 e)tension of %ent&' that should $ro,ide e)tended securit2. -n m2 o$inion 2ou donHt need it to confi/ure a secure s2stem0 and it usuall2 causes more $ro1lems than ad,anta/es :think of it after 2ou ha,e done a week of trou1leCshootin/ 1ecause some ser,ice wasnHt workin/ as e)$ected0 and then 2ou find out that e,er2thin/ was ok0 onl2 'ELinu) was causin/ the $ro1lem;. Therefore - disa1le it :this is a must if 2ou want to install -'.%onfi/ later on;. Edit !etc!selinu)!confi/ and set 'EL-6>NPdisa1led: ,i !etc!selinu)!confi/
# # # # # S # # # S This file controls the state of S !in"x on the s#stem. S !$%&'( can ta)e one of these three val"es: enforcin* + S !in"x sec"rit# polic# is enforced. permissive + S !in"x prints ,arnin*s instead of enforcin*. disa-led + %o S !in"x polic# is loaded. !$%&'(disa-led S !$%&'T./ ( can ta)e one of these t,o val"es: tar*eted + Tar*eted processes are protected0 mls + 1"lti !evel Sec"rit# protection. !$%&'T./ (tar*eted

Afterwards we must re1oot the s2stem: re1oot

9 7na6%e A''itiona% .epo(itorie( An' In(ta%% So)e Soft*are

First we im$ort the G.G ke2s for software $acka/es: r$m CCim$ort !etc!$ki!r$mC/$/!@.3CG.GCAE=Q Then we ena1le the @.3for/e and E.EL re$ositories on our %ent&' s2stem as lots of the $acka/es that we are /oin/ to install in the course of this tutorial are not a,aila1le in the official %ent&' (." re$ositories: r$m CCim$ort htt$:!!da/.wieers.com!r$m!$acka/es!@.3CG.GCAE=.da/.t)t

cd !tm$ w/et htt$:!!$k/s.re$ofor/e.or/!r$mfor/eCrelease!r$mfor/eCreleaseC0.I.#C#.el(.rf.)*(+(".r$m r$m Ci,h r$mfor/eCreleaseC0.I.#C#.el(.rf.)*(+(".r$m :-f the a1o,e link doesnHt work an2more0 2ou can find the current ,ersion of r$mfor/eCrelease here: htt$:!!$acka/es.sw.1e!r$mfor/eCrelease!; r$m CCim$ort htt$s:!!fedora$roRect.or/!static!0(0*5*DI.t)t w/et htt$:!!dl.fedora$roRect.or/!$u1!e$el!(!)*(+("!e$elCreleaseC(C*.noarch.r$m r$m Ci,h e$elCreleaseC(C*.noarch.r$m 2um install 2umC$riorities Edit !etc!2um.re$os.d!e$el.re$o... ,i !etc!2um.re$os.d!e$el.re$o ... and add the line $riorit2P10 to the [e$el] section:
2epel3 name( xtra /ac)a*es for nterprise !in"x 6 + 4-asearch #-ase"rl(http:55do,nload.fedorapro6ect.or*5p"-5epel5654-asearch mirrorlist(https:55mirrors.fedorapro6ect.or*5metalin)7repo(epel+ 68arch(4-asearch failovermethod(priorit# ena-led(1 priorit#(10 *p*chec)(1 *p*)e#(file:555etc5p)i5rpm+*p*59/1+:/:+; .+ / !+6 2...3

Then we u$date our e)istin/ $acka/es on the s2stem: 2um u$date 6ow we install some software $acka/es that are needed later on: 2um /rou$install H7e,elo$ment ToolsH

8 :$ota
:-f 2ou ha,e chosen a different $artitionin/ scheme than - did0 2ou must adRust this cha$ter so that ?uota a$$lies to the $artitions where 2ou need it.; To install ?uota0 we run this command: 2um install ?uota Edit !etc!fsta1 and add 0usrR?uotaPa?uota.user0/r$R?uotaPa?uota./rou$0R?fmtP,fs,0 to the ! $artition :!de,!ma$$er!,/+ser,er1Cl,+root;: ,i !etc!fsta1
# # 5etc5fsta-

# <reated -# anaconda on =ed >"l 11 17:?2:?7 2012 # # @ccessi-le files#stems0 -# reference0 are maintained "nder A5dev5dis)A # See man pa*es fsta-B?C0 findfsB8C0 mo"ntB8C and5or -l)idB8C for more info # 5dev5mapper5v*Dserver1+lvDroot 5 ext4 defa"lts0"sr6E"ota(aE"ota."ser0*rp6E"ota(aE"ota.*ro"p06Efmt(vfsv0 1 1 &&$F(806910a1+d-df+4746+-d94+c-e7Gce8149G 5-oot ext4 defa"lts 1 2 5dev5mapper5v*Dserver1+lvDs,ap s,ap s,ap defa"lts 0 0 tmpfs 5dev5shm tmpfs defa"lts 0 0 devpts 5dev5pts devpts *id(?0mode(620 0 0 s#sfs 5s#s s#sfs defa"lts 0 0 proc 5proc proc defa"lts 0 0

Then run mount Co remount ! ?uotacheck Ca,u/m ?uotaon Ca,u/ to ena1le ?uota.

; In(ta%% Apache, #0S:8, php#0A')in

<e can install the needed $acka/es with one sin/le command: 2um install nt$ htt$d mod+ssl m2s?lCser,er $h$ $h$Cm2s?l $h$Cm1strin/ $h$m2admin

-+ In(ta%% Dovecot
7o,ecot can 1e installed as follows: 2um install do,ecot do,ecotCm2s?l 6ow create the s2stem startu$ links and start 7o,ecot: chkconfi/ CCle,els # I do,ecot on !etc!init.d!do,ecot start

-- In(ta%% Po(tfix
.ostfi) can 1e installed as follows: 2um install $ostfi) Then turn off 'endmail and start .ostfi) and 32'4L: chkconfi/ CCle,els # I m2s?ld on !etc!init.d!m2s?ld start

chkconfi/ CCle,els # I sendmail off chkconfi/ CCle,els # I $ostfi) on !etc!init.d!sendmail sto$ !etc!init.d!$ostfi) restart

-2 In(ta%% <et)ai%
Getmail can 1e installed as follows: 2um install /etmail

-! Set #0S:8 Pa((*or'( An' Confi $re php#0A')in

'et $asswords for the 32'4L root account: m2s?l+secure+installation [rootKser,er1 tm$]M m2s?l+secure+installation

6&TE: @>66-6G ALL .A@T' &F TB-' '%@-.T -' @E%&33E67E7 F&@ ALL 32'4L 'E@VE@' -6 .@&7>%T-&6 >'E9 .LEA'E @EA7 EA%B 'TE. %A@EF>LL=9 -n order to lo/ into 32'4L to secure it0 weHll need the current $assword for the root user. -f 2ouH,e Rust installed 32'4L0 and 2ou ha,enHt set the root $assword 2et0 the $assword will 1e 1lank0 so 2ou should Rust $ress enter here. Enter current $assword for root :enter for none;: &A0 successfull2 used $assword0 mo,in/ on... 'ettin/ the root $assword ensures that no1od2 can lo/ into the 32'4L root user without the $ro$er authorisation. 'et root $asswordS [=!n] <CC E6TE@ 6ew $assword: <CC 2ourroots?l$assword @eCenter new $assword: <CC 2ourroots?l$assword .assword u$dated successfull29 @eloadin/ $ri,ile/e ta1les.. ... 'uccess9 52 default0 a 32'4L installation has an anon2mous user0 allowin/ an2one to lo/ into 32'4L without ha,in/ to ha,e a user account created for them. This is intended onl2 for testin/0 and to make the installation /o a 1it smoother. =ou should remo,e them 1efore mo,in/ into a $roduction en,ironment. @emo,e anon2mous usersS [=!n] <CC E6TE@

... 'uccess9 6ormall20 root should onl2 1e allowed to connect from HlocalhostH. This ensures that someone cannot /uess at the root $assword from the network. 7isallow root lo/in remotel2S [=!n] <CC E6TE@ ... 'uccess9 52 default0 32'4L comes with a data1ase named HtestH that an2one can access. This is also intended onl2 for testin/0 and should 1e remo,ed 1efore mo,in/ into a $roduction en,ironment. @emo,e test data1ase and access to itS [=!n] <CC E6TE@ C 7ro$$in/ test data1ase... ... 'uccess9 C @emo,in/ $ri,ile/es on test data1ase... ... 'uccess9 @eloadin/ the $ri,ile/e ta1les will ensure that all chan/es made so far will take effect immediatel2. @eload $ri,ile/e ta1les nowS [=!n] <CC E6TE@ ... 'uccess9 %leanin/ u$...

All done9 -f 2ouH,e com$leted all of the a1o,e ste$s0 2our 32'4L installation should now 1e secure. Thanks for usin/ 32'4L9 [rootKser,er1 tm$]M 6ow we confi/ure $h$32Admin. <e chan/e the A$ache confi/uration so that $h$32Admin allows connections not Rust from localhost :12 commentin/ out the <7irector2 T!usr!share!$h$m2adminT> stanFa;: ,i !etc!htt$d!conf.d!$h$m2admin.conf
# # #

=e- application to mana*e 1#SH!

#IFirector# J5"sr5share5phpm#adminJK # Lrder Fen#0@llo, # Fen# from all # @llo, from 127.0.0.1 #I5Firector#K @lias 5phpm#admin 5"sr5share5phpm#admin @lias 5php1#@dmin 5"sr5share5phpm#admin @lias 5m#sEladmin 5"sr5share5phpm#admin

6e)t we chan/e the authentication in $h$32Admin from cookie to htt$: ,i !usr!share!$h$m2admin!confi/.inc.$h$

2...3 5M @"thentication t#pe M5 4cf*2AServersA324i32Aa"thDt#peA3 ( AhttpAN 2...3

Then we create the s2stem startu$ links for A$ache and start it: chkconfi/ CCle,els # I htt$d on !etc!init.d!htt$d start 6ow 2ou can direct 2our 1rowser to htt$:!!ser,er1.e)am$le.com!$h$m2admin! or htt$:!!1D#.1(*.0.100!$h$m2admin! and lo/ in with the user name root and 2our new root 32'4L $assword.

-4 In(ta%% A)avi('-ne*, Spa)A((a((in An' C%a)A=

To install ama,isdCnew0 s$amassassin and clama,0 run the followin/ command: 2um install ama,isdCnew s$amassassin clama, clamd unFi$ 1Fi$# unrar $erlC757Cm2s?l Then we start freshclam0 ama,isd0 and clamd.ama,isd: saCu$date chkconfi/ CCle,els # I ama,isd on chkconfi/ CCdel clamd chkconfi/ CCle,els # I clamd.ama,isd on !usr!1in!freshclam !etc!init.d!ama,isd start !etc!init.d!clamd.ama,isd start

-5 In(ta%%in Apache2 >ith )o'_php, )o'_fc i4P?P5, An' ($P?P

-'.%onfi/ allows 2ou to use mod+$h$0 mod+fc/i!.B.I0 c/i!.B.I0 and su.B. on a $er we1site 1asis.

<e can install A$ache#with mod+$h$I0 mod+fc/id0 and .B.I as follows: 2um install $h$ $h$Cde,el $h$C/d $h$Cima$ $h$Clda$ $h$Cm2s?l $h$Cod1c $h$C$ear $h$C)ml $h$C)mlr$c $h$C$eclCa$c $h$Cm1strin/ $h$Cmcr2$t $h$Cmss?l $h$Csnm$ $h$Csoa$ $h$Ctid2 curl curlCde,el $erlC li1wwwC$erl -ma/e3a/ick li1)ml# li1)ml#Cde,el mod+fc/id $h$Ccli htt$dCde,el 6e)t we o$en !etc!$h$.ini... ,i !etc!$h$.ini ... and chan/e the error re$ortin/ :so that notices arenHt shown an2 lon/er; and uncomment c/i.fi)+$athinfoP1:
2...3 NerrorDreportin* ( D@!! 8 O DF /9 <@T F errorDreportin* ( D@!! 8 O D%LT$< 2...3 N c*i.fixDpathinfo provides MrealM /@TPD$%QL5/@TPDT9@%S!@T F s"pport for <:$. /P/As

N previo"s -ehavio"r ,as to set /@TPDT9@%S!@T F to S<9$/TDQ$! %@1 0 and to not *ro) N ,hat /@TPD$%QL is. Qor more information on /@TPD$%QL0 see the c*i specs. Settin* N this to 1 ,ill ca"se /P/ <:$ to fix its paths to conform to the spec. @ settin* N of Rero ca"ses /P/ to -ehave as -efore. Fefa"lt is 1. .o" sho"ld fix #o"r scripts N to "se S<9$/TDQ$! %@1 rather than /@TPDT9@%S!@T F. N http:55,,,.php.net5man"al5en5ini.core.php#ini.c*i.fix+pathinfo c*i.fixDpathinfo(1 2...3

6e)t we install su.B. :there is a mod+su$h$ $acka/e a,aila1le in the re$ositories0 1ut unfortunatel2 it isnHt com$ati1le with -'.%onfi/0 therefore we ha,e to 1uild su.B. oursel,es;: cd !tm$ w/et htt$:!!su$h$.or/!download!su$h$C0.O.1.tar./F tar ),fF su$h$C0.O.1.tar./F cd su$h$C0.O.1! .!confi/ure CC$refi)P!usr CCs2sconfdirP!etc CCwithCa$rP!usr!1in!a$rC1Cconfi/ CCwithCa$)sP!usr!s1in!a$)s CCwithCa$acheCuserPa$ache CCwithCsetidCmodePowner CCwithC$h$P!usr!1in!$h$Cc/i CCwithC lo/fileP!,ar!lo/!htt$d!su$h$+lo/ CCena1leC'>.B.+>'E+>'E@G@&>.P2es make make install Then we add the su.B. module to our A$ache confi/uration... ,i !etc!htt$d!conf.d!su$h$.conf
!oad1od"le s"phpDmod"le mod"les5modDs"php.so

... and create the file !etc!su$h$.conf as follows: ,i !etc!su$h$.conf

2*lo-al3 N/ath to lo*file lo*file(5var5lo*5httpd5s"php.lo* N!o*level lo*level(info N&ser @pache is r"nnin* as ,e-serverD"ser(apache N/ath all scripts have to -e in docroot(5 N/ath to chrootBC to -efore exec"tin* script Nchroot(5m#chroot N Sec"rit# options allo,DfileD*ro"pD,ritea-le(tr"e allo,DfileDothersD,ritea-le(false allo,Ddirector#D*ro"pD,ritea-le(tr"e allo,Ddirector#DothersD,ritea-le(false N<hec) ,heter script is ,ithin FL<&1 %TD9LLT chec)DvhostDdocroot(tr"e NSend minor error messa*es to -ro,ser errorsDtoD-ro,ser(false N/@TP environment varia-le envDpath(5-in:5"sr5-in N&mas) to set0 specif# in octal notation "mas)(0077 N 1inim"m &$F

minD"id(100 N 1inim"m :$F minD*id(100 2handlers3 NPandler for php+scripts x+httpd+s"php(Jphp:5"sr5-in5php+c*iJ NPandler for <:$+scripts x+s"php+c*i(Jexec"te:SselfJ

Finall2 we restart A$ache: !etc!init.d!htt$d restart

-5.- .$60 'tartin/ with ,ersion .0. 0 -'.%onfi/ has 1uiltCin su$$ort for @u12. -nstead of usin/ %G-!Fast%G-0 -'.%onfi/ de$ends on mod+ru12 1ein/ a,aila1le in the ser,erHs A$ache. For %ent&' (."0 thereHs no mod+ru12 $acka/e a,aila1le0 so we must com$ile it oursel,es. First we install some $rere?uisites: 2um install htt$dCde,el ru12 ru12Cde,el 6e)t we download and install mod+ru12 as follows: cd !tm$ w/et htt$:!!fossies.or/!uni)!www!a$ache+htt$d+modules!mod+ru12C1. .0.tar./F tar F),f mod+ru12C1. .0.tar./F cd mod+ru12C1. .0! .!confi/ure.r1 CCwithCa$rCincludesP!usr!include!a$rC1 make make install Finall2 we must add the mod+ru12 module to the A$ache confi/uration0 so we create the file !etc!htt$d!conf.d!ru12.conf... ,i !etc!htt$d!conf.d!ru12.conf
!oad1od"le r"-#Dmod"le mod"les5modDr"-#.so 9"-#@dd/ath 51.8

... and restart A$ache: !etc!init.d!htt$d restart :-f 2ou lea,e out the @u12Add.ath !1.* directi,e0 2ou will see errors like the followin/ ones in A$acheHs error lo/ when 2ou call @u12 files: [Thu 3a2 #( 0#:0I:0I #011] [error] mod+ru12: ru12:0:in Ure?uireH: no such file to load CC a$ache!ru12Crun :LoadError; [Thu 3a2 #( 0#:0I:0I #011] [error] mod+ru12: failed to re?uire a$ache!ru12Crun [Thu 3a2 #( 0#:0I:0I #011] [error] mod+ru12: error in ru12 ;

-5.2 P0thon To install mod+$2thon0 we sim$l2 run... 2um install mod+$2thon ... and restart A$ache afterwards: !etc!init.d!htt$d restart

-5.! >e6DA= <e17AV should alread2 1e ena1led0 1ut to check this0 o$en !etc!htt$d!conf!htt$d.conf and make sure that the followin/ three modules are acti,e: ,i !etc!htt$d!conf!htt$d.conf
2...3 !oad1od"le a"thDdi*estDmod"le mod"les5modDa"thDdi*est.so 2...3 !oad1od"le davDmod"le mod"les5modDdav.so 2...3 !oad1od"le davDfsDmod"le mod"les5modDdavDfs.so 2...3

-f 2ou ha,e to modif2 !etc!htt$d!conf!htt$d.conf0 donHt for/et to restart A$ache afterwards: !etc!init.d!htt$d restart

-5.4 A''itiona% P?P =er(ion( 'tartin/ with the -'.%onfi/ .0.I0 it is $ossi1le to ha,e multi$le .B. ,ersions on one ser,er :selecta1le throu/h -'.%onfi/; which can 1e run throu/h Fast%G- and .B.CF.3. The $rocedure of 1uildin/ additional .B. ,ersions on %ent&' is descri1ed in this tutorial: Bow To >se 3ulti$le .B. Versions :.B.CF.3 J Fast%G-; <ith -'.%onfi/ :%ent&' (. ;

-6 In(ta%% P$re&TP'
.ureFT.d can 1e installed with the followin/ command: 2um install $ureCft$d Then create the s2stem startu$ links and start .ureFT.d: chkconfi/ CCle,els # I $ureCft$d on !etc!init.d!$ureCft$d start

6ow we confi/ure .ureFT.d to allow FT. and TL' sessions. FT. is a ,er2 insecure $rotocol 1ecause all $asswords and all data are transferred in clear te)t. 52 usin/ TL'0 the whole communication can 1e encr2$ted0 thus makin/ FT. much more secure. &$en''L is needed 12 TL'8 to install &$en''L0 we sim$l2 run: 2um install o$enssl &$en !etc!$ureCft$d!$ureCft$d.conf... ,i !etc!$ureCft$d!$ureCft$d.conf -f 2ou want to allow FT. and TL' sessions0 set TL' to 1:
2...3 # This option can accept three val"es : # 0 : disa-le SS!5T!S encr#ption la#er Bdefa"ltC. # 1 : accept -oth traditional and encr#pted sessions. # 2 : ref"se connections that donAt "se SS!5T!S sec"rit# mechanisms0 # incl"din* anon#mo"s sessions. # Fo DnotD "ncomment this -lindl#. Te s"re that : # 1C .o"r server has -een compiled ,ith SS!5T!S s"pport B++,ith+tlsC0 # 2C @ valid certificate is in place0 # GC Lnl# compati-le clients ,ill lo* in. T!S 2...3 1

-n order to use TL'0 we must create an ''L certificate. - create it in !etc!ssl!$ri,ate!0 therefore - create that director2 first: mkdir C$ !etc!ssl!$ri,ate! Afterwards0 we can /enerate the ''L certificate as follows: o$enssl re? C)I0D Cnodes Cda2s O 00 Cnewke2 rsa:#0"* Cke2out !etc!ssl!$ri,ate!$ureCft$d.$em Cout !etc!ssl!$ri,ate!$ureCft$d.$em %ountr2 6ame :# letter code; [NN]: <CC Enter 2our %ountr2 6ame :e./.0 T7ET;. 'tate or .ro,ince 6ame :full name; []: <CC Enter 2our 'tate or .ro,ince 6ame. Localit2 6ame :e/0 cit2; [7efault %it2]: <CC Enter 2our %it2. &r/aniFation 6ame :e/0 com$an2; [7efault %om$an2 Ltd]: <CC Enter 2our &r/aniFation 6ame :e./.0 the name of 2our com$an2;. &r/aniFational >nit 6ame :e/0 section; []: <CC Enter 2our &r/aniFational >nit 6ame :e./. T-T 7e$artmentT;. %ommon 6ame :e/0 2our name or 2our ser,erHs hostname; []: <CC Enter the Full2 4ualified 7omain 6ame of the s2stem :e./. Tser,er1.e)am$le.comT;. Email Address []: <CC Enter 2our Email Address. %han/e the $ermissions of the ''L certificate: chmod (00 !etc!ssl!$ri,ate!$ureCft$d.$em Finall2 restart .ureFT.d: !etc!init.d!$ureCft$d restart ThatHs it. =ou can now tr2 to connect usin/ 2our FT. client8 howe,er0 2ou should confi/ure 2our FT. client to use TL'.

-9 In(ta%% 2I1D

<e can install 5-67 as follows: 2um install 1ind 1indCutils 6e)t o$en !etc!s2sconfi/!named... ,i !etc!s2sconfi/!named ... and make sure that the @&&T7-@P!,ar!named!chroot line is comment out:
# T$%F named process options # OOOOOOOOOOOOOOOOOOOOOOOOOO # <"rrentl#0 #o" can "se the follo,in* options: # # 9LLTF$9(J5var5named5chrootJ ++ ,ill r"n named in a chroot environment. # #o" m"st set "p the chroot environment # Binstall the -ind+chroot pac)a*eC -efore # doin* this. # %LT : # Those directories are a"tomaticall# mo"nted to chroot if the# are # empt# in the 9LLTF$9 director#. $t ,ill simplif# maintenance of #o"r # chroot environment. # + 5var5named # + 5etc5p)i5dnssec+)e#s # + 5etc5named # + 5"sr5li-645-ind or 5"sr5li-5-ind Barchitect"re dependentC # # Those files are mo"nted as ,ell if tar*et file doesnAt exist in # chroot. # + 5etc5named.conf # + 5etc5rndc.conf # + 5etc5rndc.)e# # + 5etc5named.rfc1912.Rones # + 5etc5named.dnssec.)e#s # + 5etc5named.iscdlv.)e# # # FonAt for*et to add J4@dd&nix!istenSoc)et 5var5named5chroot5dev5lo*J # line to #o"r 5etc5rs#slo*.conf file. Lther,ise #o"r lo**in* -ecomes # -ro)en ,hen rs#slo*d daemon is restarted Bd"e "pdate0 for exampleC. # # L/T$L%S(J,hateverJ ++ These additional options ,ill -e passed to named # at start"p. FonAt add +t here0 "se 9LLTF$9 instead. # # ; .T@TDQ$! (J5dir5fileJ ++ Specif# named service )e#ta- file Bfor :SS+ TS$:C # # F$S@T! DUL% D<P <;$%: ++ T# defa"lt0 initscript calls named+chec)Rone # "tilit# for ever# Rone to ens"re all Rones are # valid -efore named starts. $f #o" set this option # to A#esA then initscript doesnAt perform those # chec)s.

3ake a 1acku$ of the e)istin/ !etc!named.conf file and create a new one as follows: c$ !etc!named.conf !etc!named.conf+1ak cat !de,!null > !etc!named.conf ,i !etc!named.conf

55 55 named.conf 55 55 /rovided -# 9ed Pat -ind pac)a*e to confi*"re the $S< T$%F namedB8C F%S 55 server as a cachin* onl# nameserver Bas a localhost F%S resolver onl#C. 55 55 See 5"sr5share5doc5-indM5sample5 for example named confi*"ration files. 55 options V listen+on port ?G V an#N WN listen+on+v6 port ?G V an#N WN director# J5var5namedJN d"mp+file J5var5named5data5cacheDd"mp.d-JN statistics+file J5var5named5data5namedDstats.txtJN memstatistics+file J5var5named5data5namedDmemDstats.txtJN allo,+E"er# V an#N WN rec"rsion noN allo,+rec"rsion V noneN WN WN lo**in* V channel defa"ltDde-"* V file Jdata5named.r"nJN severit# d#namicN WN WN Rone J.J $% V t#pe hintN file Jnamed.caJN WN incl"de J5etc5named.conf.localJN

%reate the file !etc!named.conf.local that is included at the end of !etc!named.conf :!etc!named.conf.local will later on /et $o$ulated 12 -'.%onfi/ if 2ou create 76' Fones in -'.%onfi/;: touch !etc!named.conf.local Then we create the startu$ links and start 5-67: chkconfi/ CCle,els # I named on !etc!init.d!named start

-8 In(ta%% >e6a%i@er, An' A>Stat(

<e1aliFer and A<'tats can 1e installed as follows: 2um install we1aliFer awstats $erlC7ateTimeCFormatCBTT. $erlC7ateTimeCFormatC5uilder

-; In(ta%% Aai%Bit
Vailkit is needed onl2 if 2ou want to chroot ''B users. -t can 1e installed as follows :im$ortant: Vailkit must 1e installed 1efore -'.%onfi/ C it cannot 1e installed afterwards9;: cd !tm$ w/et htt$:!!oli,ier.sessink.nl!Railkit!RailkitC#.1I.tar./F tar ),fF RailkitC#.1I.tar./F cd RailkitC#.1I .!confi/ure

make make install cd .. rm Crf RailkitC#.1IQ

2+ In(ta%% fai%26an
This is o$tional 1ut recommended0 1ecause the -'.%onfi/ monitor tries to show the lo/: 2um install fail#1an <e must confi/ure fail#1an to lo/ to the lo/ file !,ar!lo/!fail#1an.lo/ 1ecause this is the lo/ file that is monitored 12 the -'.%onfi/ 3onitor module. &$en !etc!fail#1an!fail#1an.conf... ,i !etc!fail#1an!fail#1an.conf ... and comment out the lo/tar/et P '='L&G line and add lo/tar/et P !,ar!lo/!fail#1an.lo/:
2...3 # Lption: lo*tar*et # %otes.: Set the lo* tar*et. This co"ld -e a file0 S.S!L:0 STF 99 or STFL&T. # Lnl# one lo* tar*et can -e specified. # Xal"es: STFL&T STF 99 S.S!L: file Fefa"lt: 5var5lo*5fail2-an.lo* # #lo*tar*et ( S.S!L: lo*tar*et ( 5var5lo*5fail2-an.lo* 2...3

Then create the s2stem startu$ links for fail#1an and start it: chkconfi/ CCle,els # I fail#1an on !etc!init.d!fail#1an start

2- In(ta%% rBh$nter
rkhunter can 1e installed as follows: 2um install rkhunter

22 In(ta%% #ai%)an
'ince ,ersion .0."0 -'.%onfi/ also allows 2ou to mana/e :create!modif2!delete; 3ailman mailin/ lists. -f 2ou want to make use of this feature0 install 3ailman as follows: 2um install mailman 5efore we can start 3ailman0 a first mailin/ list called mailman must 1e created: !usr!li1!mailman!1in!newlist mailman

[rootKser,er1 tm$]M !usr!li1!mailman!1in!newlist mailman Enter the email of the $erson runnin/ the list: <CC admin email address0 e./. listadminKe)am$le.com -nitial mailman $assword: <CC admin $assword for the mailman list To finish creatin/ 2our mailin/ list0 2ou must edit 2our !etc!aliases :or e?ui,alent; file 12 addin/ the followin/ lines0 and $ossi1l2 runnin/ the UnewaliasesH $ro/ram: MM mailman mailin/ list mailman: TW!usr!li1!mailman!mail!mailman $ost mailmanT mailmanCadmin: TW!usr!li1!mailman!mail!mailman admin mailmanT mailmanC1ounces: TW!usr!li1!mailman!mail!mailman 1ounces mailmanT mailmanCconfirm: TW!usr!li1!mailman!mail!mailman confirm mailmanT mailmanCRoin: TW!usr!li1!mailman!mail!mailman Roin mailmanT mailmanClea,e: TW!usr!li1!mailman!mail!mailman lea,e mailmanT mailmanCowner: TW!usr!li1!mailman!mail!mailman owner mailmanT mailmanCre?uest: TW!usr!li1!mailman!mail!mailman re?uest mailmanT mailmanCsu1scri1e: TW!usr!li1!mailman!mail!mailman su1scri1e mailmanT mailmanCunsu1scri1e: TW!usr!li1!mailman!mail!mailman unsu1scri1e mailmanT Bit enter to notif2 mailman owner... <CC E6TE@ [rootKser,er1 tm$]M &$en !etc!aliases afterwards... ,i !etc!aliases ... and add the followin/ lines:
2...3 mailman: mailman+admin: mailman+-o"nces: mailman+confirm: mailman+6oin: mailman+leave: mailman+o,ner: mailman+reE"est: mailman+s"-scri-e: mailman+"ns"-scri-e:

JY5"sr5li-5mailman5mail5mailman JY5"sr5li-5mailman5mail5mailman JY5"sr5li-5mailman5mail5mailman JY5"sr5li-5mailman5mail5mailman JY5"sr5li-5mailman5mail5mailman JY5"sr5li-5mailman5mail5mailman JY5"sr5li-5mailman5mail5mailman JY5"sr5li-5mailman5mail5mailman JY5"sr5li-5mailman5mail5mailman JY5"sr5li-5mailman5mail5mailman

post mailmanJ admin mailmanJ -o"nces mailmanJ confirm mailmanJ 6oin mailmanJ leave mailmanJ o,ner mailmanJ reE"est mailmanJ s"-scri-e mailmanJ "ns"-scri-e mailmanJ

@un newaliases afterwards and restart .ostfi): !etc!init.d!$ostfi) restart 6ow o$en the 3ailman A$ache confi/uration file !etc!htt$d!conf.d!mailman.conf... ,i !etc!htt$d!conf.d!mailman.conf ... and add the line 'cri$tAlias !c/iC1in!mailman! !usr!li1!mailman!c/iC1in!. %omment out Alias !$i$ermail! !,ar!li1!mailman!archi,es!$u1lic! and add the line Alias !$i$ermail !,ar!li1!mailman!archi,es!$u1lic!:

# # httpd confi*"ration settin*s for "se ,ith mailman. # Script@lias 5mailman5 5"sr5li-5mailman5c*i+-in5 Script@lias 5c*i+-in5mailman5 5"sr5li-5mailman5c*i+-in5 IFirector# 5"sr5li-5mailman5c*i+-in5K @llo,Lverride %one Lptions xec<:$ Lrder allo,0den# @llo, from all I5Firector#K #@lias 5pipermail5 5var5li-5mailman5archives5p"-lic5 @lias 5pipermail 5var5li-5mailman5archives5p"-lic5 IFirector# 5var5li-5mailman5archives5p"-licK Lptions $ndexes 1"ltiXie,s Qollo,S#m!in)s @llo,Lverride %one Lrder allo,0den# @llo, from all @ddFefa"lt<harset Lff I5Firector#K # &ncomment the follo,in* line0 to redirect E"eries to 5mailman to the # listinfo pa*e BrecommendedC. # 9edirect1atch Z5mailman253M4 5mailman5listinfo

@estart A$ache: !etc!init.d!htt$d restart %reate the s2stem startu$ links for 3ailman and start it: chkconfi/ CCle,els # I mailman on !etc!init.d!mailman start After 2ou ha,e installed -'.%onfi/ 0 2ou can access 3ailman as follows: =ou can use the alias !c/iC1in!mailman for all A$ache ,hosts :$lease note that suE)ec and %G- must 1e disa1led for all ,hosts from which 2ou want to access 3ailman9;0 which means 2ou can access the 3ailman admin interface for a list at htt$:!!<,host>!c/iC1in!mailman!admin!<listname>0 and the we1 $a/e for users of a mailin/ list can 1e found at htt$:!!<,host>!c/iC1in!mailman!listinfo!<listname>. >nder htt$:!!<,host>!$i$ermail!<listname> 2ou can find the mailin/ list archi,es.

2! In(ta%% S/$irre%#ai%

To install the '?uirrel3ail we1mail client0 run... 2um install s?uirrelmail ... and restart A$ache: !etc!init.d!htt$d restart Then confi/ure '?uirrel3ail: !usr!share!s?uirrelmail!confi/!conf.$l <e must tell '?uirrel3ail that we are usin/ 7o,ecot:

'?uirrel3ail %onfi/uration : @ead: confi/.$h$ :1.".0; CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC 3ain 3enu CC 1. &r/aniFation .references #. 'er,er 'ettin/s . Folder 7efaults ". General &$tions I. Themes (. Address 5ooks O. 3essa/e of the 7a2 :3&T7; *. .lu/ins D. 7ata1ase 10. Lan/ua/es 7. 'et $reCdefined settin/s for s$ecific -3A. ser,ers % Turn color off ' 'a,e data 4 4uit %ommand >> <CC 7 '?uirrel3ail %onfi/uration : @ead: confi/.$h$ CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC <hile we ha,e 1een 1uildin/ '?uirrel3ail0 we ha,e disco,ered some $references that work 1etter with some ser,ers that donHt work so well with others. -f 2ou select 2our -3A. ser,er0 this o$tion will set some $reCdefined settin/s for that ser,er. .lease note that 2ou will still need to /o throu/h and make sure e,er2thin/ is correct. This does not chan/e e,er2thin/. There are onl2 a few settin/s that this will chan/e. .lease select 2our -3A. ser,er: 1incima$ P 5inc -3A. ser,er courier P %ourier -3A. ser,er c2rus P %2rus -3A. ser,er do,ecot P 7o,ecot 'ecure -3A. ser,er e)chan/e P 3icrosoft E)chan/e -3A. ser,er hmailser,er P h3ail'er,er macos) P 3ac &' N 3ailser,er mercur2 # P 3ercur2! # uw P >ni,ersit2 of <ashin/tonHs -3A. ser,er /mail P -3A. access to Goo/le mail :Gmail; accounts ?uit P 7o not chan/e an2thin/ %ommand >> <CC do,ecot '?uirrel3ail %onfi/uration : @ead: confi/.$h$ CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC <hile we ha,e 1een 1uildin/ '?uirrel3ail0 we ha,e disco,ered some $references that work 1etter with some ser,ers that donHt work so well with others. -f 2ou select 2our -3A. ser,er0 this o$tion will set some $reCdefined settin/s for that ser,er.

.lease note that 2ou will still need to /o throu/h and make sure e,er2thin/ is correct. This does not chan/e e,er2thin/. There are onl2 a few settin/s that this will chan/e. .lease select 2our -3A. ser,er: 1incima$ P 5inc -3A. ser,er courier P %ourier -3A. ser,er c2rus P %2rus -3A. ser,er do,ecot P 7o,ecot 'ecure -3A. ser,er e)chan/e P 3icrosoft E)chan/e -3A. ser,er hmailser,er P h3ail'er,er macos) P 3ac &' N 3ailser,er mercur2 # P 3ercur2! # uw P >ni,ersit2 of <ashin/tonHs -3A. ser,er /mail P -3A. access to Goo/le mail :Gmail; accounts ?uit P 7o not chan/e an2thin/ %ommand >> courier ima$+ser,er+t2$e P courier default+folder+$refi) P -65&N. trash+folder P Trash sent+folder P 'ent draft+folder P 7rafts show+$refi)+o$tion P false default+su1+of+in1o) P false show+contain+su1folders+o$tion P false o$tional+delimiter P . delete+folder P true .ress enter to continue... <CC $ress E6TE@ '?uirrel3ail %onfi/uration : @ead: confi/.$h$ :1.".0; CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC 3ain 3enu CC 1. &r/aniFation .references #. 'er,er 'ettin/s . Folder 7efaults ". General &$tions I. Themes (. Address 5ooks O. 3essa/e of the 7a2 :3&T7; *. .lu/ins D. 7ata1ase 10. Lan/ua/es 7. 'et $reCdefined settin/s for s$ecific -3A. ser,ers % Turn color off ' 'a,e data 4 4uit %ommand >> <CC'

'?uirrel3ail %onfi/uration : @ead: confi/.$h$ :1.".0; CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC 3ain 3enu CC 1. &r/aniFation .references #. 'er,er 'ettin/s . Folder 7efaults ". General &$tions I. Themes (. Address 5ooks O. 3essa/e of the 7a2 :3&T7; *. .lu/ins D. 7ata1ase 10. Lan/ua/es 7. 'et $reCdefined settin/s for s$ecific -3A. ser,ers % Turn color off ' 'a,e data 4 4uit %ommand >> <CC4 &ne last thin/ we need to do is modif2 the file !etc!s?uirrelmail!confi/+local.$h$ and comment out the Xdefault+folder+$refi) ,aria1le C if 2ou donHt do this0 2ou will see the followin/ error messa/e in '?uirrel3ail after 2ouH,e lo//ed in: 4uer2: %@EATE T'entT @eason Gi,en: -n,alid mail1o) name. ,i !etc!s?uirrelmail!confi/+local.$h$
I7php 5MM M !ocal confi* overrides. M M .o" can override the confi*.php settin*s here. M FonAt do it "nless #o" )no, ,hat #o"Are doin*. M &se standard /P/ s#ntax0 see confi*.php for examples. M M [cop#ri*ht 8cop#N 2002+2006 The SE"irrel1ail /ro6ect Team M [license http:55openso"rce.or*5licenses5*pl+license.php :%& /"-lic !icense M [version 4$d: confi*Dlocal.php0v 1.2 2006507511 0G:GG:47 ,to*ami xp 4 M [pac)a*e sE"irrelmail M [s"-pac)a*e confi* M5 554defa"ltDfolderDprefix 7K ( AAN

6ow 2ou can t2$e in htt$:!!ser,er1.e)am$le.com!we1mail or htt$:!!1D#.1(*.0.100!we1mail in 2our 1rowser to access '?uirrel3ail.

24 In(ta%% ISPConfi !
7ownload the current -'.%onfi/ ,ersion and install it. The -'.%onfi/ installer will confi/ure all ser,ices like .ostfi)0 7o,ecot0 etc. for 2ou. A manual setu$ as re?uired for -'.%onfi/ # is not necessar2 an2more. =ou now also ha,e the $ossi1ilit2 to let the installer create an ''L ,host for the -'.%onfi/ control $anel0 so that -'.%onfi/ can 1e accessed usin/ htt$s:!! instead of htt$:!!. To achie,e this0 Rust $ress E6TE@ when 2ou see this ?uestion: 7o 2ou want a secure :''L; connection to the -'.%onfi/ we1 interface :20n; [2]:. To install -'.%onfi/ from the latest released ,ersion0 do this:

cd !tm$ w/et htt$:!!www.is$confi/.or/!downloads!-'.%onfi/C Csta1le.tar./F tar )fF -'.%onfi/C Csta1le.tar./F cd is$confi/ +install!install! The ne)t ste$ is to run $h$ C? install.$h$ This will start the -'.%onfi/ installer:

[rootKser,er1 install]M $h$ C? install.$h$ CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC +++++ +++++++++++ +++++ ++ + ++++ W+ +! +++W +++ Y ! ++ Y ! +:+; !++ Y W W Y UCC.W W+! ! W ! Y! +++ + ++ W W+ + ++ + +! ! W W UCC. Y ++! W W ! + YW H+ YW +W W! +U W W+ W

+W W+!Y++! ! W W Y++!Y :+; W W W W W W W :+W W +++Y Y Y+++!Y++++!Y+W Y++++!Y+++!W+W W+W+W W+WY++0 W Y++++! ++! W W+++! CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC >> -nitial confi/uration &$eratin/ '2stem: @edhat or com$ati1le0 unknown ,ersion. Followin/ will 1e a few ?uestions for $rimar2 confi/uration so 1e careful. 7efault ,alues are in [1rackets] and can 1e acce$ted with <E6TE@>. Ta$ in T?uitT :without the ?uotes; to sto$ the installer. 'elect lan/ua/e :en0de; [en]: <CC E6TE@ -nstallation mode :standard0e)$ert; [standard]: <CC E6TE@ Full ?ualified hostname :F476; of the ser,er0 e/ ser,er1.domain.tld [ser,er1.e)am$le.com]: <CC E6TE@ 32'4L ser,er hostname [localhost]: <CC E6TE@ 32'4L root username [root]: <CC E6TE@ 32'4L root $assword []: <CC 2ourroots?l$assword 32'4L data1ase to create [d1is$confi/]: <CC E6TE@ 32'4L charset [utf*]: <CC E6TE@ Generatin/ a #0"* 1it @'A $ri,ate ke2 ..........................................................ZZZ ................................ZZZ writin/ new $ri,ate ke2 to Hsmt$d.ke2H CCCCC =ou are a1out to 1e asked to enter information that will 1e incor$orated into 2our certificate re?uest. <hat 2ou are a1out to enter is what is called a 7istin/uished 6ame or a 76. There are ?uite a few fields 1ut 2ou can lea,e some 1lank For some fields there will 1e a default ,alue0 -f 2ou enter H.H0 the field will 1e left 1lank. CCCCC %ountr2 6ame :# letter code; [NN]: <CC E6TE@ 'tate or .ro,ince 6ame :full name; []: <CC E6TE@ Localit2 6ame :e/0 cit2; [7efault %it2]: <CC E6TE@ &r/aniFation 6ame :e/0 com$an2; [7efault %om$an2 Ltd]: <CC E6TE@ &r/aniFational >nit 6ame :e/0 section; []: <CC E6TE@ %ommon 6ame :e/0 2our name or 2our ser,erHs hostname; []: <CC E6TE@ Email Address []: <CC E6TE@ %onfi/urin/ Vailkit %onfi/urin/ 7o,ecot %onfi/urin/ '$amassassin %onfi/urin/ Ama,isd %onfi/urin/ Getmail

%onfi/urin/ .ureft$d %onfi/urin/ 5-67 %onfi/urin/ A$ache %onfi/urin/ Vlo//er %onfi/urin/ A$$s ,host %onfi/urin/ 5astille Firewall %onfi/urin/ Fail#1an -nstallin/ -'.%onfi/ -'.%onfi/ .ort [*0*0]: <CC E6TE@ 7o 2ou want a secure :''L; connection to the -'.%onfi/ we1 interface :20n; [2]: <CC E6TE@ Generatin/ @'A $ri,ate ke20 "0D( 1it lon/ modulus .....................ZZ .......ZZ e is (II O :0)10001; =ou are a1out to 1e asked to enter information that will 1e incor$orated into 2our certificate re?uest. <hat 2ou are a1out to enter is what is called a 7istin/uished 6ame or a 76. There are ?uite a few fields 1ut 2ou can lea,e some 1lank For some fields there will 1e a default ,alue0 -f 2ou enter H.H0 the field will 1e left 1lank. CCCCC %ountr2 6ame :# letter code; [NN]: <CC E6TE@ 'tate or .ro,ince 6ame :full name; []: <CC E6TE@ Localit2 6ame :e/0 cit2; [7efault %it2]: <CC E6TE@ &r/aniFation 6ame :e/0 com$an2; [7efault %om$an2 Ltd]: <CC E6TE@ &r/aniFational >nit 6ame :e/0 section; []: <CC E6TE@ %ommon 6ame :e/0 2our name or 2our ser,erHs hostname; []: <CC E6TE@ Email Address []: <CC E6TE@ .lease enter the followin/ He)traH attri1utes to 1e sent with 2our certificate re?uest A challen/e $assword []: <CC E6TE@ An o$tional com$an2 name []: <CC E6TE@ writin/ @'A ke2 %onfi/urin/ 75'er,er -nstallin/ -'.%onfi/ cronta1 no cronta1 for root no cronta1 for /etmail @estartin/ ser,ices ... 'to$$in/ m2s?ld: [ &A ] 'tartin/ m2s?ld: [ &A ] 'huttin/ down $ostfi): [ &A ] 'tartin/ $ostfi): [ &A ] 'to$$in/ saslauthd: [FA-LE7] 'tartin/ saslauthd: [ &A ] <aitin/ for the $rocess [1"#"] to terminate 'huttin/ down ama,isd: 7aemon [1"#"] terminated 12 '-GTE@3 [ &A ] ama,isd sto$$ed 'tartin/ ama,isd: [ &A ] 'to$$in/ clamd.ama,isd: 'tartin/ clamd.ama,isd: 'to$$in/ 7o,ecot -ma$: [ &A ] [ &A ] [ &A ]

'tartin/ 7o,ecot -ma$: [ &A ] 'to$$in/ htt$d: [ &A ] [Thu 3ar 1" 1":1#: # #01 ] [warn] 6ameVirtualBost Q:*0 has no VirtualBosts 'tartin/ htt$d: [ &A ] 'to$$in/ $ureCft$d: [ &A ] 'tartin/ $ureCft$d: [ &A ] -nstallation com$leted. [rootKser,er1 install]M To fi) the 3ailman errors 2ou mi/ht /et durin/ the -'.%onfi/ installation0 o$en !usr!li1!mailman!3ailman!mm+cf/.$2... ,i !usr!li1!mailman!3ailman!mm+cf/.$2 ... and set 7EFA>LT+'E@VE@+LA6G>AGE P HenH:
2...3 #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # The defa"lt lan*"a*e for this server. F Q@&!TDS 9X 9D!@%:&@: ( AenA 2...3

@estart 3ailman: !etc!init.d!mailman restart Afterwards 2ou can access -'.%onfi/ under htt$:s;:!!ser,er1.e)am$le.com:*0*0! or htt$:s;:!!1D#.1(*.0.100:*0*0! :htt$ or htt$s de$ends on what 2ou chose durin/ installation;. Lo/ in with the username admin and the $assword admin :2ou should chan/e the default $assword after 2our first lo/in;:

The s2stem is now read2 to 1e used.