El Servidor Perfecto - OpenSUSE 11.2 x86_64 [ISPConfig 3] - Página 5

12 MyDNS

Instalamos el paquete rpm de MyDNS para i386 que funciona en x86_64 también:

wget http://mydns.bboy.net/download/mydns-mysql-1.1.0-1.i386.rpm  
rpm -ivh --force mydns-mysql-1.1.0-1.i386.rpm

Crea el siguiente script de inicio de MyDNS:

vi /etc/init.d/mydns

| #! /bin/sh # Copyright (c) 1995-2004 SUSE Linux AG, Nuernberg, Germany. # All rights reserved. # # Author: Kurt Garloff # Please send feedback to http://www.suse.de/feedback/ # # /etc/init.d/mydns # and its symbolic link # /(usr/)sbin/rcmydns # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # # Template system startup script for some example service/daemon mydns # # LSB compatible service control script; see http://www.linuxbase.org/spec/ # # Note: This template uses functions rc_XXX defined in /etc/rc.status on # UnitedLinux (UL) based Linux distributions. If you want to base your # script on this template and ensure that it works on non UL based LSB # compliant Linux distributions, you either have to provide the rc.status # functions from UL or change the script to work without them. # ### BEGIN INIT INFO # Provides: mydns # Required-Start: $syslog $remote_fs # Should-Start: $time ypbind sendmail # Required-Stop: $syslog $remote_fs # Should-Stop: $time ypbind sendmail # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: mydns XYZ daemon providing ZYX # Description: Start mydns to allow XY and provide YZ # continued on second line by '#' # should contain enough info for the runlevel editor # to give admin some idea what this service does and # what it's needed for ... # (The Short-Description should already be a good hint.) ### END INIT INFO # # Any extensions to the keywords given above should be preceeded by # X-VendorTag- (X-UnitedLinux- X-SuSE- for us) according to LSB. # # Notes on Required-Start/Should-Start: # * There are two different issues that are solved by Required-Start # and Should-Start # (a) Hard dependencies: This is used by the runlevel editor to determine # which services absolutely need to be started to make the start of # this service make sense. Example: nfsserver should have # Required-Start: $portmap # Also, required services are started before the dependent ones. # The runlevel editor will warn about such missing hard dependencies # and suggest enabling. During system startup, you may expect an error, # if the dependency is not fulfilled. # (b) Specifying the init script ordering, not real (hard) dependencies. # This is needed by insserv to determine which service should be # started first (and at a later stage what services can be started # in parallel). The tag Should-Start: is used for this. # It tells, that if a service is available, it should be started # before. If not, never mind. # * When specifying hard dependencies or ordering requirements, you can # use names of services (contents of their Provides: section) # or pseudo names starting with a $. The following ones are available # according to LSB (1.1): # $local_fs all local file systems are mounted # (most services should need this!) # $remote_fs all remote file systems are mounted # (note that /usr may be remote, so # many services should Require this!) # $syslog system logging facility up # $network low level networking (eth card, ...) # $named hostname resolution available # $netdaemons all network daemons are running # The $netdaemons pseudo service has been removed in LSB 1.2. # For now, we still offer it for backward compatibility. # These are new (LSB 1.2): # $time the system time has been set correctly # $portmap SunRPC portmapping service available # UnitedLinux extensions: # $ALL indicates that a script should be inserted # at the end # * The services specified in the stop tags # (Required-Stop/Should-Stop) # specify which services need to be still running when this service # is shut down. Often the entries there are just copies or a subset # from the respective start tag. # * Should-Start/Stop are now part of LSB as of 2.0, # formerly SUSE/Unitedlinux used X-UnitedLinux-Should-Start/-Stop. # insserv does support both variants. # * X-UnitedLinux-Default-Enabled: yes/no is used at installation time # (%fillup_and_insserv macro in %post of many RPMs) to specify whether # a startup script should default to be enabled after installation. # It's not used by insserv. # # Note on runlevels: # 0 - halt/poweroff 6 - reboot # 1 - single user 2 - multiuser without network exported # 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm) # # Note on script names: # http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/scrptnames.html # A registry has been set up to manage the init script namespace. # http://www.lanana.org/ # Please use the names already registered or register one or use a # vendor prefix. # Check for missing binaries (stale symlinks should not happen) # Note: Special treatment of stop for LSB conformance MYDNS_BIN=/usr/sbin/mydns test -x $MYDNS_BIN || { echo "$mydns_BIN not installed"; if [ "$1" = "stop" ]; then exit 0; else exit 5; fi; } # Check for existence of needed config file and read it #MYDNS_CONFIG=/etc/sysconfig/mydns #test -r $MYDNS_CONFIG || { echo "$mydns_CONFIG not existing"; # if [ "$1" = "stop" ]; then exit 0; # else exit 6; fi; } # Read config #. $MYDNS_CONFIG # Source LSB init functions # providing start_daemon, killproc, pidofproc, # log_success_msg, log_failure_msg and log_warning_msg. # This is currently not used by UnitedLinux based distributions and # not needed for init scripts for UnitedLinux only. If it is used, # the functions from rc.status should not be sourced or used. #. /lib/lsb/init-functions # Shell functions sourced from /etc/rc.status: # rc_check check and set local and overall rc status # rc_status check and set local and overall rc status # rc_status -v be verbose in local rc status and clear it afterwards # rc_status -v -r ditto and clear both the local and overall rc status # rc_status -s display "skipped" and exit with status 3 # rc_status -u display "unused" and exit with status 3 # rc_failed set local and overall rc status to failed # rc_failed set local and overall rc status to # rc_reset clear both the local and overall rc status # rc_exit exit appropriate to overall rc status # rc_active checks whether a service is activated by symlinks . /etc/rc.status # Reset status of this service rc_reset # Return values acc. to LSB for all commands but status: # 0 - success # 1 - generic or unspecified error # 2 - invalid or excess argument(s) # 3 - unimplemented feature (e.g. "reload") # 4 - user had insufficient privileges # 5 - program is not installed # 6 - program is not configured # 7 - program is not running # 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl) # # Note that starting an already running service, stopping # or restarting a not-running service as well as the restart # with force-reload (in case signaling is not supported) are # considered a success. case "$1" in start) echo -n "Starting mydns " ## Start daemon with startproc(8). If this fails ## the return value is set appropriately by startproc. startproc $MYDNS_BIN # Remember status and be verbose rc_status -v ;; stop) echo -n "Shutting down mydns " ## Stop daemon with killproc(8) and if this fails ## killproc sets the return value according to LSB. killproc -TERM $MYDNS_BIN # Remember status and be verbose rc_status -v ;; try-restart|condrestart) ## Do a restart only if the service was active before. ## Note: try-restart is now part of LSB (as of 1.9). ## RH has a similar command named condrestart. if test "$1" = "condrestart"; then echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" fi $0 status if test $? = 0; then $0 restart else rc_reset # Not running is not a failure. fi # Remember status and be quiet rc_status ;; restart) ## Stop the service and regardless of whether it was ## running or not, start it again. $0 stop $0 start # Remember status and be quiet rc_status ;; force-reload) ## Signal the daemon to reload its config. Most daemons ## do this on signal 1 (SIGHUP). ## If it does not support it, restart. echo -n "Reload service mydns " ## if it supports it: killproc -HUP $MYDNS_BIN #touch /var/run/mydns.pid rc_status -v ## Otherwise: #$0 try-restart #rc_status ;; reload) ## Like force-reload, but if daemon does not support ## signaling, do nothing (!) # If it supports signaling: echo -n "Reload service mydns " killproc -HUP $MYDNS_BIN #touch /var/run/mydns.pid rc_status -v ## Otherwise if it does not support reload: #rc_failed 3 #rc_status -v ;; status) echo -n "Checking for service mydns " ## Check status with checkproc(8), if process is running ## checkproc will return with exit status 0. # Return value is slightly different for the status command: # 0 - service up and running # 1 - service dead, but /var/run/ pid file exists # 2 - service dead, but /var/lock/ lock file exists # 3 - service not running (unused) # 4 - service status unknown :-( # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) # NOTE: checkproc returns LSB compliant status values. checkproc $MYDNS_BIN # NOTE: rc_status knows that we called this init script with # "status" option and adapts its messages accordingly. rc_status -v ;; probe) ## Optional: Probe for the necessity of a reload, print out the ## argument to this init script which is required for a reload. ## Note: probe is not (yet) part of LSB (as of 1.9) test /etc/mydns/mydns.conf -nt /var/run/mydns.pid && echo reload ;; *) echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" exit 1 ;; esac rc_exit |

Haz que el script de inicio sea ejecutable…

chmod 755 /etc/init.d/mydns

… y crea los enlaces de inicio del sistema para MyDNS:

chkconfig --add mydns

13 Instalar vlogger y Webalizer

cd /tmp  
wget http://n0rp.chemlab.org/vlogger/vlogger-1.3.tar.gz  
tar xvfz vlogger-1.3.tar.gz  
mv vlogger-1.3/vlogger /usr/sbin/  
rm -rf vlogger*  
yast2 -i webalizer perl-DateManip

14 Instalar fail2ban

rpm -i http://download.opensuse.org/repositories/home:/kolbma/openSUSE_11.1/x86_64/fail2ban-0.8.4-2.1.x86_64.rpm

Advertencias como warning: /var/tmp/rpm-xfer.SCm0TM: Header V3 DSA signature: NOKEY, key ID 5b00c76e pueden ser ignoradas.

15 Instalar jailkit

cd /tmp  
wget http://olivier.sessink.nl/jailkit/jailkit-2.10.tar.gz  
tar xvfz jailkit-2.10.tar.gz  
cd jailkit-2.10  
./configure  
make  
make install  
cd ..  
rm -rf jailkit-2.10*

16 Sincronizar el Reloj del Sistema

Si deseas tener el reloj del sistema sincronizado con un servidor NTP haz lo siguiente:

yast2 -i xntp

Luego agrega enlaces de inicio del sistema para ntp y comienza ntp:

chkconfig --add ntp  
/etc/init.d/ntp start

17 ISPConfig 3

Descarga la versión actual de ISPConfig e instálala. El instalador de ISPConfig configurará todos los servicios como postfix, sasl, courier, etc. por ti. No es necesario un ajuste manual como se requería para ISPConfig 2.

cd /tmp  
wget http://downloads.sourceforge.net/ispconfig/ISPConfig-3.0.1.6.tar.gz?use_mirror=  
tar xvfz ISPConfig-3.0.1.6.tar.gz  
cd ispconfig3_install/install/

Ahora comienza el proceso de instalación ejecutando:

php -q install.php

server1:/tmp/ispconfig3_install/install # php -q install.php

——————————————————————————–
_ _ _
| / | _ \/ \ / ()
| | | \ --.| |_/ /| |/ \/ ___ _ __| |_ _ _ __ _ | | |–. \ / | | / \| ‘ \| | |/ ` |
| | |_/\/ / | | _/\ () | | | | | | | (| |
__/_/| __/_/|| ||| ||\, |
/ |
|_/
——————————————————————————–

>> Configuración inicial

Sistema Operativo: openSUSE 11.2 o compatible

A continuación, habrá algunas preguntas para la configuración primaria, así que ten cuidado.
Los valores predeterminados están entre [corchetes] y se pueden aceptar con .
Escribe “quit” (sin las comillas) para detener el instalador.

Selecciona el idioma (en,de) [en]: <– ENTER

Modo de instalación (estándar, experto) [estándar]: <– ENTER

Nombre de host completamente calificado (FQDN) del servidor, ej. server1.domain.tld [server1.example.com]: <– ENTER

Nombre de host del servidor MySQL [localhost]: <– ENTER

Nombre de usuario root de MySQL [root]: <– ENTER

Contraseña root de MySQL []: <– tucontraseñadeMySQL

Base de datos MySQL a crear [dbispconfig]: <– ENTER

Conjunto de caracteres MySQL [utf8]: <– ENTER

Generando una clave privada RSA de 2048 bits
…………………+++
…………..+++
escribiendo nueva clave privada en ‘smtpd.key’
—–
Estás a punto de ser preguntado para ingresar información que será incorporada
en tu solicitud de certificado.
Lo que estás a punto de ingresar es lo que se llama un Nombre Distinguido o un DN.
Hay bastantes campos, pero puedes dejar algunos en blanco
Para algunos campos habrá un valor predeterminado,
Si ingresas ‘.’, el campo quedará en blanco.
—–
Nombre del país (código de 2 letras) [AU]: <– ENTER
Nombre del estado o provincia (nombre completo) [Some-State]: <– ENTER
Nombre de la localidad (ej, ciudad) []: <– ENTER
Nombre de la organización (ej, empresa) [Internet Widgits Pty Ltd]: <– ENTER
Nombre de la unidad organizativa (ej, sección) []: <– ENTER
Nombre común (ej, TU nombre) []: <– ENTER
Dirección de correo electrónico []: <– ENTER
Configurando Jailkit
Configurando SASL
Configurando PAM
Configurando Courier
Configurando Spamassassin
Configurando Amavisd
Configurando Getmail
Configurando Pureftpd
Configurando MyDNS
Configurando Apache
Configurando vlogger
Configurando Firewall
Instalando ISPConfig
Puerto de ISPConfig [8080]: <– ENTER

Configurando DBServer
Instalando Crontab
no crontab para root
no crontab para getmail
Reiniciando servicios …
Reiniciando servicio MySQL
Apagando servicio MySQL ..hecho
Iniciando servicio MySQL ..hecho
Apagando servicio de correo (Postfix)..hecho
Iniciando servicio de correo (Postfix)..hecho
Apagando servicio saslauthd..hecho
Iniciando servicio saslauthd..hecho
Esperando a que el proceso [1836] termine
Esperando a que el proceso [1836] termine
Esperando a que el proceso [1836] termine
Esperando a que el proceso [1836] termine
Daemon [1836] terminado por SIGTERM
Apagando escáner de virus (amavisd-new): ..hecho
Iniciando escáner de virus (amavisd-new): ..hecho
Apagando daemon de Clam AntiVirus ..hecho
Iniciando daemon de Clam AntiVirus ..hecho
Apagando Daemon de Autenticación de Courier ..hecho
Iniciando Daemon de Autenticación de Courier ..hecho
Apagando Courier-IMAP ..hecho
Iniciando Courier-IMAP ..hecho
Apagando Courier-IMAP (SSL)..hecho
Iniciando Courier-IMAP (SSL) generando certificado SSL…..hecho
Apagando Courier-POP3 ..hecho
Iniciando Courier-POP3 ..hecho
Apagando Courier-POP3 (SSL)..hecho
Iniciando Courier-POP3 (SSL) generando certificado SSL…..hecho
Sintaxis OK
Apagando httpd2 (esperando a que todos los hijos terminen) ..hecho
Iniciando httpd2 (prefork) ..hecho
Apagando pure-ftpd..hecho
Iniciando pure-ftpd..hecho
Instalación completada.
server1:/tmp/ispconfig3_install/install # Crea un enlace simbólico para phpMyAdmin: ln -s /srv/www/htdocs/phpMyAdmin /usr/local/ispconfig/interface/web/phpmyadmin Limpia el directorio /tmp: bash rm -rf /tmp/ispconfig3_install rm -f /tmp/ISPConfig-3.0.1.6.tar.gz Para iniciar sesión en el panel de control de ISPConfig, abre esta URL en tu navegador (reemplaza la IP para que coincida con tu configuración!): http://192.168.0.100:8080/ El inicio de sesión predeterminado es: usuario: admin
contraseña: admin #### 17.1 Manual de ISPConfig 3 Para aprender a usar ISPConfig 3, recomiendo encarecidamente descargar el Manual de ISPConfig 3. En casi 300 páginas, cubre el concepto detrás de ISPConfig (administrador, revendedores, clientes), explica cómo instalar y actualizar ISPConfig 3, incluye una referencia para todos los formularios y campos de formulario en ISPConfig junto con ejemplos de entradas válidas, y proporciona tutoriales para las tareas más comunes en ISPConfig 3. También describe cómo hacer que tu servidor sea más seguro y viene con una sección de solución de problemas al final. ### 18 Opcional Instala un cliente de correo electrónico basado en la web: bash rpm -i http://download.opensuse.org/repositories/server:/php:/applications/openSUSE_11.2/noarch/squirrelmail-1.4.19-4.1.noarch.rpm ln -s /srv/www/htdocs/squirrelmail /usr/local/ispconfig/interface/web/webmail ### 19 Desactivar AppArmor AppArmor es una extensión de seguridad de SUSE (similar a SELinux de Fedora) que debería proporcionar seguridad extendida. En mi opinión, no lo necesitas para configurar un sistema seguro, y generalmente causa más problemas que ventajas (piensa en ello después de haber pasado una semana solucionando problemas porque algún servicio no funcionaba como se esperaba, y luego descubres que todo estaba bien, solo AppArmor estaba causando el problema). Por lo tanto, lo desactivo (esto es un requisito si deseas instalar ISPConfig más adelante). Podemos desactivarlo así: bash /etc/init.d/boot.apparmor stop chkconfig -d boot.apparmor ### 20 Enlaces - OpenSUSE: http://www.opensuse.org/ - ISPConfig: http://www.ispconfig.org/