The Perfect Server - Fedora 10
http://www.howtoforge.com/perfect-server-fedora-10
Some handy networking commands
Display ip address
- Code: Select all
ifconfig
now to check if the installer got your IP address right. If it did not, restart the NetworkManager...
- Code: Select all
/etc/init.d/NetworkManager restart
... and if that still doesn't help, reboot the system:
- Code: Select all
reboot
If the IP address is still not correct, run
- Code: Select all
system-config-network
Check /etc/hosts
- Code: Select all
vi /etc/hosts
Check the firewall
- Code: Select all
system-config-firewall
Allow pop3 access
- Code: Select all
/sbin/iptables -I INPUT -p tcp --destination-port 25 -j ACCEPT
Allow ftp access
- Code: Select all
/sbin/iptables -I INPUT -p tcp --destination-port 21 -j ACCEPT
Allow httpd access
- Code: Select all
/sbin/iptables -I INPUT -p tcp --destination-port 80 -j ACCEPT
Save the changes
- Code: Select all
/sbin/iptables-save > /etc/sysconfig/iptables
To see the status of the firewall
- Code: Select all
iptables -L
- Code: Select all
/sbin/iptables -I INPUT -p tcp --destination-port 25 -j ACCEPT
/sbin/iptables -I INPUT -p tcp --destination-port 21 -j ACCEPT
/sbin/iptables -I INPUT -p tcp --destination-port 80 -j ACCEPT
/sbin/iptables-save > /etc/sysconfig/iptables
iptables -L
Check SELINUX
- Code: Select all
vi /etc/selinux/config
to disable change
- Code: Select all
SELINUX=disabled
Install some software using YUM
Install Some Software
Next we update our existing packages on the system:
To view all the packages needing updates
- Code: Select all
yum update
- Code: Select all
yum install fetchmail wget bzip2 unzip zip nmap openssl lynx fileutils ncftp gcc gcc-c++
Install mySQL
- Code: Select all
yum install mysql mysql-devel mysql-server
add mysql into the system startup
- Code: Select all
chkconfig --levels 235 mysqld on /etc/init.d/mysqld start
When mysql starts for the first time you are given hints to set a root password as shown below
- Code: Select all
[root@localhost etc]# /sbin/service mysqld start
Initializing MySQL database: Installing MySQL system tables...
081214 6:44:54 [Warning] option 'max_join_size': unsigned value 18446744073709551615 adjusted to 4294967295
081214 6:44:54 [Warning] option 'max_join_size': unsigned value 18446744073709551615 adjusted to 4294967295
OK
Filling help tables...
081214 6:44:55 [Warning] option 'max_join_size': unsigned value 18446744073709551615 adjusted to 4294967295
081214 6:44:55 [Warning] option 'max_join_size': unsigned value 18446744073709551615 adjusted to 4294967295
OK
To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system
PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h localhost.localdomain password 'new-password'
Alternatively you can run:
/usr/bin/mysql_secure_installation
which will also give you the option of removing the test
databases and anonymous user created by default. This is
strongly recommended for production servers.
See the manual for more instructions.
You can start the MySQL daemon with:
cd /usr ; /usr/bin/mysqld_safe &
You can test the MySQL daemon with mysql-test-run.pl
cd mysql-test ; perl mysql-test-run.pl
Please report any problems with the /usr/bin/mysqlbug script!
The latest information about MySQL is available on the web at
http://www.mysql.com
Support MySQL by buying support/licenses at http://shop.mysql.com
If you are using embedded objects in your tables you may need to increase the max_allowed_packet field
found in /etc/my.ini
- Code: Select all
[mysqld]
max_allowed_packet=16M
Install a ftp server vsftpd
- Code: Select all
yum install vsftpd
edit the vsftpd config file
- Code: Select all
vi /etc/vsftpd/vsftpd.conf
Allow vsftpd to be started automatically
- Code: Select all
chkconfig --levels 235 vsftpd on /etc/init.d/vsftpd start
to allow ftp to write files with SELINUX
- Code: Select all
setsebool -P ftp_home_dir 1
Install postfix and dovecot
- Code: Select all
yum install cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain postfix dovecot
Now we configure SMTP-AUTH and TLS:
- Code: Select all
postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_sasl_authenticated_header = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'
postconf -e 'mynetworks = 127.0.0.0/8'
- Code: Select all
mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
Next we configure Postfix for TLS:
- Code: Select all
postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
Then we set the hostname in our Postfix installation (make sure you replace server1.example.com with your own hostname):
- Code: Select all
postconf -e 'myhostname = server1.example.com'
If this server is the destination for your domain
- Code: Select all
postconf -e 'mydestination = $myhostname, localhost.$mydomain, localhost, [b]$mydomain[/b]'
Starting Dovecote you may see this message
Starting Dovecot Imap: Info: If you have trouble with authentication failures,
enable auth_debug setting. See http://wiki.dovecot.org/WhyDoesItNotWork
Apache2 With PHP, Ruby, Python
- Code: Select all
yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-eaccelerator php-magickwand php-magpierss php-mapserver php-mbstring php-mcrypt php-mhash php-mssql php-shout php-snmp php-soap php-tidy curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel
Move or Migrate Users and Groups from old server
http://www.cyberciti.biz/faq/howto-move-migrate-user-accounts-old-to-new-server/
Install Samba
- Code: Select all
yum install samba
Allow samba to be started automatically
- Code: Select all
chkconfig --levels 235 smb on /etc/init.d/smb start
Install ASSP Anti-Spam SMTP Proxy
http://assp.sourceforge.net/
modify the /etc/postfix/master.cf
so that the smtp protocol is just looking at localhost
- Code: Select all
localhost:smtp inet n - n - - smtpd
Then run
- Code: Select all
postfix reload
ASSP is configured to look for the smtp on the external ip address
in assp.cfg ensure the SMTP Destination is pointing to the localhost:25
and the listen port is set to the external address port 25
- Code: Select all
smtpDestination:=127.0.0.1:25
listenPort:=10.10.10.183:25
Inorder to use ssl with assp we will use stunnel to handle the ssl
install stunnel
- Code: Select all
yum install stunnel
we will use stunnel to map the pop3s and smtps ports onto the external ip address of the server.
vi /etc/stunnel/stunnel.conf
- Code: Select all
cert = /etc/postfix/ssl/smtpd.crt
key = /etc/postfix/ssl/smtpd.key
debug = local4.5
output = /var/log/stunnel.log
[imaps]
accept = 993
connect = 143
[IMAP4-SSL]
accept = 585
connect = 143
[pop3s]
accept = 995
connect = 10.10.10.183:110
[smtps]
accept = 465
connect = 10.10.10.183:25
Now tell dovecot to only listen on the pop3 port
- Code: Select all
protocols = imap pop3