12 MyDNS
MyDNS rpm 패키지를 i386용으로 설치하며, x86_64에서도 작동합니다:
wget http://mydns.bboy.net/download/mydns-mysql-1.1.0-1.i386.rpm
rpm -ivh --force mydns-mysql-1.1.0-1.i386.rpm
다음 MyDNS 초기화 스크립트를 생성합니다:
| #! /bin/sh # Copyright (c) 1995-2004 SUSE Linux AG, Nuernberg, Germany. # All rights reserved. # # Author: Kurt Garloff # Please send feedback to http://www.suse.de/feedback/ # # /etc/init.d/mydns # and its symbolic link # /(usr/)sbin/rcmydns # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # # Template system startup script for some example service/daemon mydns # # LSB compatible service control script; see http://www.linuxbase.org/spec/ # # Note: This template uses functions rc_XXX defined in /etc/rc.status on # UnitedLinux (UL) based Linux distributions. If you want to base your # script on this template and ensure that it works on non UL based LSB # compliant Linux distributions, you either have to provide the rc.status # functions from UL or change the script to work without them. # ### BEGIN INIT INFO # Provides: mydns # Required-Start: $syslog $remote_fs # Should-Start: $time ypbind sendmail # Required-Stop: $syslog $remote_fs # Should-Stop: $time ypbind sendmail # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: mydns XYZ daemon providing ZYX # Description: Start mydns to allow XY and provide YZ # continued on second line by '#' # should contain enough info for the runlevel editor # to give admin some idea what this service does and # what it's needed for ... # (The Short-Description should already be a good hint.) ### END INIT INFO # # Any extensions to the keywords given above should be preceeded by # X-VendorTag- (X-UnitedLinux- X-SuSE- for us) according to LSB. # # Notes on Required-Start/Should-Start: # * There are two different issues that are solved by Required-Start # and Should-Start # (a) Hard dependencies: This is used by the runlevel editor to determine # which services absolutely need to be started to make the start of # this service make sense. Example: nfsserver should have # Required-Start: $portmap # Also, required services are started before the dependent ones. # The runlevel editor will warn about such missing hard dependencies # and suggest enabling. During system startup, you may expect an error, # if the dependency is not fulfilled. # (b) Specifying the init script ordering, not real (hard) dependencies. # This is needed by insserv to determine which service should be # started first (and at a later stage what services can be started # in parallel). The tag Should-Start: is used for this. # It tells, that if a service is available, it should be started # before. If not, never mind. # * When specifying hard dependencies or ordering requirements, you can # use names of services (contents of their Provides: section) # or pseudo names starting with a $. The following ones are available # according to LSB (1.1): # $local_fs all local file systems are mounted # (most services should need this!) # $remote_fs all remote file systems are mounted # (note that /usr may be remote, so # many services should Require this!) # $syslog system logging facility up # $network low level networking (eth card, ...) # $named hostname resolution available # $netdaemons all network daemons are running # The $netdaemons pseudo service has been removed in LSB 1.2. # For now, we still offer it for backward compatibility. # These are new (LSB 1.2): # $time the system time has been set correctly # $portmap SunRPC portmapping service available # UnitedLinux extensions: # $ALL indicates that a script should be inserted # at the end # * The services specified in the stop tags # (Required-Stop/Should-Stop) # specify which services need to be still running when this service # is shut down. Often the entries there are just copies or a subset # from the respective start tag. # * Should-Start/Stop are now part of LSB as of 2.0, # formerly SUSE/Unitedlinux used X-UnitedLinux-Should-Start/-Stop. # insserv does support both variants. # * X-UnitedLinux-Default-Enabled: yes/no is used at installation time # (%fillup_and_insserv macro in %post of many RPMs) to specify whether # a startup script should default to be enabled after installation. # It's not used by insserv. # # Note on runlevels: # 0 - halt/poweroff 6 - reboot # 1 - single user 2 - multiuser without network exported # 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm) # # Note on script names: # http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/scrptnames.html # A registry has been set up to manage the init script namespace. # http://www.lanana.org/ # Please use the names already registered or register one or use a # vendor prefix. # Check for missing binaries (stale symlinks should not happen) # Note: Special treatment of stop for LSB conformance MYDNS_BIN=/usr/sbin/mydns test -x $MYDNS_BIN || { echo "$mydns_BIN not installed"; if [ "$1" = "stop" ]; then exit 0; else exit 5; fi; } # Check for existence of needed config file and read it #MYDNS_CONFIG=/etc/sysconfig/mydns #test -r $MYDNS_CONFIG || { echo "$mydns_CONFIG not existing"; # if [ "$1" = "stop" ]; then exit 0; # else exit 6; fi; } # Read config #. $MYDNS_CONFIG # Source LSB init functions # providing start_daemon, killproc, pidofproc, # log_success_msg, log_failure_msg and log_warning_msg. # This is currently not used by UnitedLinux based distributions and # not needed for init scripts for UnitedLinux only. If it is used, # the functions from rc.status should not be sourced or used. #. /lib/lsb/init-functions # Shell functions sourced from /etc/rc.status: # rc_check check and set local and overall rc status # rc_status check and set local and overall rc status # rc_status -v be verbose in local rc status and clear it afterwards # rc_status -v -r ditto and clear both the local and overall rc status # rc_status -s display "skipped" and exit with status 3 # rc_status -u display "unused" and exit with status 3 # rc_failed set local and overall rc status to failed # rc_failed set local and overall rc status to # rc_reset clear both the local and overall rc status # rc_exit exit appropriate to overall rc status # rc_active checks whether a service is activated by symlinks . /etc/rc.status # Reset status of this service rc_reset # Return values acc. to LSB for all commands but status: # 0 - success # 1 - generic or unspecified error # 2 - invalid or excess argument(s) # 3 - unimplemented feature (e.g. "reload") # 4 - user had insufficient privileges # 5 - program is not installed # 6 - program is not configured # 7 - program is not running # 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl) # # Note that starting an already running service, stopping # or restarting a not-running service as well as the restart # with force-reload (in case signaling is not supported) are # considered a success. case "$1" in start) echo -n "Starting mydns " ## Start daemon with startproc(8). If this fails ## the return value is set appropriately by startproc. startproc $MYDNS_BIN # Remember status and be verbose rc_status -v ;; stop) echo -n "Shutting down mydns " ## Stop daemon with killproc(8) and if this fails ## killproc sets the return value according to LSB. killproc -TERM $MYDNS_BIN # Remember status and be verbose rc_status -v ;; try-restart|condrestart) ## Do a restart only if the service was active before. ## Note: try-restart is now part of LSB (as of 1.9). ## RH has a similar command named condrestart. if test "$1" = "condrestart"; then echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" fi $0 status if test $? = 0; then $0 restart else rc_reset # Not running is not a failure. fi # Remember status and be quiet rc_status ;; restart) ## Stop the service and regardless of whether it was ## running or not, start it again. $0 stop $0 start # Remember status and be quiet rc_status ;; force-reload) ## Signal the daemon to reload its config. Most daemons ## do this on signal 1 (SIGHUP). ## If it does not support it, restart. echo -n "Reload service mydns " ## if it supports it: killproc -HUP $MYDNS_BIN #touch /var/run/mydns.pid rc_status -v ## Otherwise: #$0 try-restart #rc_status ;; reload) ## Like force-reload, but if daemon does not support ## signaling, do nothing (!) # If it supports signaling: echo -n "Reload service mydns " killproc -HUP $MYDNS_BIN #touch /var/run/mydns.pid rc_status -v ## Otherwise if it does not support reload: #rc_failed 3 #rc_status -v ;; status) echo -n "Checking for service mydns " ## Check status with checkproc(8), if process is running ## checkproc will return with exit status 0. # Return value is slightly different for the status command: # 0 - service up and running # 1 - service dead, but /var/run/ pid file exists # 2 - service dead, but /var/lock/ lock file exists # 3 - service not running (unused) # 4 - service status unknown :-( # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) # NOTE: checkproc returns LSB compliant status values. checkproc $MYDNS_BIN # NOTE: rc_status knows that we called this init script with # "status" option and adapts its messages accordingly. rc_status -v ;; probe) ## Optional: Probe for the necessity of a reload, print out the ## argument to this init script which is required for a reload. ## Note: probe is not (yet) part of LSB (as of 1.9) test /etc/mydns/mydns.conf -nt /var/run/mydns.pid && echo reload ;; *) echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" exit 1 ;; esac rc_exit |
MyDNS 초기화 스크립트를 실행 가능하게 만듭니다…
chmod 755 /etc/init.d/mydns
… 그리고 MyDNS의 시스템 시작 링크를 생성합니다:
13 vlogger 및 Webalizer 설치
cd /tmp
wget http://n0rp.chemlab.org/vlogger/vlogger-1.3.tar.gz
tar xvfz vlogger-1.3.tar.gz
mv vlogger-1.3/vlogger /usr/sbin/
rm -rf vlogger*
yast2 -i webalizer perl-DateManip
14 fail2ban 설치
rpm -i http://download.opensuse.org/repositories/home:/kolbma/openSUSE_11.1/x86_64/fail2ban-0.8.4-2.1.x86_64.rpm
경고: warning: /var/tmp/rpm-xfer.SCm0TM: Header V3 DSA signature: NOKEY, key ID 5b00c76e는 무시할 수 있습니다.
15 jailkit 설치
cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.10.tar.gz
tar xvfz jailkit-2.10.tar.gz
cd jailkit-2.10
./configure
make
make install
cd ..
rm -rf jailkit-2.10*
16 시스템 시계 동기화
NTP 서버와 시스템 시계를 동기화하려면 다음을 수행하십시오:
그런 다음 ntp의 시스템 시작 링크를 추가하고 ntp를 시작합니다:
chkconfig --add ntp
/etc/init.d/ntp start
17 ISPConfig 3
현재 ISPConfig 버전을 다운로드하고 설치합니다. ISPConfig 설치 프로그램이 postfix, sasl, courier 등과 같은 모든 서비스를 구성합니다. ISPConfig 2에 필요한 수동 설정은 더 이상 필요하지 않습니다.
cd /tmp
wget http://downloads.sourceforge.net/ispconfig/ISPConfig-3.0.1.6.tar.gz?use_mirror=
tar xvfz ISPConfig-3.0.1.6.tar.gz
cd ispconfig3_install/install/
이제 다음을 실행하여 설치 프로세스를 시작합니다:
server1:/tmp/ispconfig3_install/install # php -q install.php
——————————————————————————–
_ _ _
| / | _ \/ \ / ()
| | |\ --.| |_/ /| |/ \/ ___ _ __ | |_ _ __ _ | | |–. \ / | | / \| ‘ \| | |/ ` |
| |_| |\/ / | | _/\ () | | | | | | | (| |
__/_/\| __/_/|| ||| ||\, |
/ |
|_/
——————————————————————————–
>> 초기 구성
운영 체제: openSUSE 11.2 또는 호환
다음은 기본 구성을 위한 몇 가지 질문이 있을 것입니다. 주의하십시오.
기본값은 [대괄호] 안에 있으며 로 수락할 수 있습니다.
“quit”(따옴표 없이)를 입력하면 설치 프로그램이 중지됩니다.
언어 선택(en,de) [en]: <– ENTER
설치 모드(standard,expert) [standard]: <– ENTER
서버의 전체 자격 호스트 이름(FQDN), 예: server1.domain.tld [server1.example.com]: <– ENTER
MySQL 서버 호스트 이름 [localhost]: <– ENTER
MySQL 루트 사용자 이름 [root]: <– ENTER
MySQL 루트 비밀번호 []: <– yourrootsqlpassword
생성할 MySQL 데이터베이스 [dbispconfig]: <– ENTER
MySQL 문자 집합 [utf8]: <– ENTER
2048 비트 RSA 개인 키 생성 중
…………………+++
…………..+++
‘smtpd.key’에 새 개인 키 쓰기
—–
인증서 요청에 포함될 정보를 입력하라는 메시지가 표시됩니다.
입력할 내용은 Distinguished Name 또는 DN이라고 합니다.
몇 가지 필드가 있지만 일부는 비워둘 수 있습니다.
일부 필드에는 기본값이 있습니다.
‘.’를 입력하면 필드가 비워집니다.
—–
국가 이름(2자리 코드) [AU]: <– ENTER
주 또는 지방 이름(전체 이름) [Some-State]: <– ENTER
지역 이름(예: 도시) []: <– ENTER
조직 이름(예: 회사) [Internet Widgits Pty Ltd]: <– ENTER
조직 단위 이름(예: 섹션) []: <– ENTER
공통 이름(예: 귀하의 이름) []: <– ENTER
이메일 주소 []: <– ENTER
Jailkit 구성 중
SASL 구성 중
PAM 구성 중
Courier 구성 중
Spamassassin 구성 중
Amavisd 구성 중
Getmail 구성 중
Pureftpd 구성 중
MyDNS 구성 중
Apache 구성 중
vlogger 구성 중
방화벽 구성 중
ISPConfig 설치 중
ISPConfig 포트 [8080]: <– ENTER
DBServer 구성 중
Crontab 설치 중
root에 대한 crontab 없음
getmail에 대한 crontab 없음
서비스 재시작 중 …
MySQL 서비스 재시작 중
MySQL 서비스 종료 중 ..완료
MySQL 서비스 시작 중 ..완료
메일 서비스 종료 중 (Postfix)..완료
메일 서비스 시작 중 (Postfix)..완료
서비스 saslauthd 종료 중..완료
서비스 saslauthd 시작 중..완료
프로세스 [1836]이 종료될 때까지 기다리는 중
프로세스 [1836]이 종료될 때까지 기다리는 중
프로세스 [1836]이 종료될 때까지 기다리는 중
프로세스 [1836]이 종료될 때까지 기다리는 중
데몬 [1836]이 SIGTERM으로 종료됨
바이러스 스캐너(amavisd-new) 종료 중: ..완료
바이러스 스캐너(amavisd-new) 시작 중: ..완료
Clam AntiVirus 데몬 종료 중 ..완료
Clam AntiVirus 데몬 시작 중 ..완료
Courier 인증 데몬 종료 중 ..완료
Courier 인증 데몬 시작 중 ..완료
Courier-IMAP 종료 중 ..완료
Courier-IMAP 시작 중 ..완료
Courier-IMAP(SSL) 종료 중 ..완료
Courier-IMAP(SSL) 시작 중 SSL 인증서 생성 중…..완료
Courier-POP3 종료 중 ..완료
Courier-POP3 시작 중 ..완료
Courier-POP3(SSL) 종료 중 ..완료
Courier-POP3(SSL) 시작 중 SSL 인증서 생성 중…..완료
구문 OK
httpd2 종료 중(모든 자식이 종료될 때까지 기다리는 중) ..완료
httpd2 시작 중(prefork) ..완료
pure-ftpd 종료 중..완료
pure-ftpd 시작 중..완료
설치 완료.
server1:/tmp/ispconfig3_install/install # phpMyAdmin에 대한 심볼릭 링크를 생성합니다: ln -s /srv/www/htdocs/phpMyAdmin /usr/local/ispconfig/interface/web/phpmyadmin /tmp 디렉토리를 정리합니다: rm -rf /tmp/ispconfig3_install rm -f /tmp/ISPConfig-3.0.1.6.tar.gz ISPConfig 제어판에 로그인하려면 브라우저에서 이 URL을 엽니다(설정에 맞게 IP를 교체하십시오!): http://192.168.0.100:8080/ 기본 로그인 정보는 다음과 같습니다: 사용자: admin
비밀번호: admin #### 17.1 ISPConfig 3 매뉴얼 ISPConfig 3 사용 방법을 배우기 위해 ISPConfig 3 매뉴얼을 다운로드하는 것을 강력히 권장합니다. 300페이지에 가까운 이 매뉴얼은 ISPConfig의 개념(관리자, 리셀러, 클라이언트)을 다루고, ISPConfig 3 설치 및 업데이트 방법을 설명하며, ISPConfig의 모든 양식 및 양식 필드에 대한 참조와 유효한 입력 예제를 포함하고, ISPConfig 3에서 가장 일반적인 작업에 대한 튜토리얼을 제공합니다. 또한 서버를 더 안전하게 만드는 방법을 설명하고 마지막에 문제 해결 섹션이 포함되어 있습니다. ### 18 선택 사항 웹 기반 이메일 클라이언트를 설치합니다: rpm -i http://download.opensuse.org/repositories/server:/php:/applications/openSUSE_11.2/noarch/squirrelmail-1.4.19-4.1.noarch.rpm ln -s /srv/www/htdocs/squirrelmail /usr/local/ispconfig/interface/web/webmail ### 19 AppArmor 비활성화 AppArmor는 SUSE의 보안 확장(페도라의 SELinux와 유사)으로, 확장된 보안을 제공해야 합니다. 제 생각에는 안전한 시스템을 구성하는 데 필요하지 않으며, 일반적으로 장점보다 더 많은 문제를 일으킵니다(어떤 서비스가 예상대로 작동하지 않아 일주일 동안 문제 해결을 한 후, 모든 것이 괜찮았고 AppArmor가 문제를 일으켰다는 것을 알게 되는 경우를 생각해 보십시오). 따라서 저는 이를 비활성화합니다(나중에 ISPConfig를 설치하려면 필수입니다). 다음과 같이 비활성화할 수 있습니다: /etc/init.d/boot.apparmor stop chkconfig -d boot.apparmor ### 20 링크 - OpenSUSE: http://www.opensuse.org/ - ISPConfig: http://www.ispconfig.org/