CentOS 5.x下安装ISPConfig具体教程[服务器安全]
本文“CentOS 5.x下安装ISPConfig具体教程[服务器安全]”是由七道奇为您精心收集,来源于网络转载,文章版权归文章作者所有,本站不对其观点以及内容做任何评价,请读者自行判断,以下是其具体内容:
ISPConfig 是Linux的一款开源的虚拟主机管理程序,带Web掌握面板,可通过Web掌握面板管理虚拟主机、开设网站、开设邮箱、开设和管理mysql数据库、支 持DNS解析和监控服务器运行情况等功效.下面我们将讲授如安在CentOS 5中安装ISPConfig.安装的IP以及主机名等按照开源主机安装装备篇之——CentOS5.2的安装中设置,您可以替换成您的IP和主机名.
1、安装CentOS 5.2,安装历程见:开源主机安装装备篇之——CentOS5.2的安装
2、对CentOS 5.2举行一些安装前的配置.
3、调整/etc/hosts,调整后的内容以下:
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
192.168.0.200 idc.xifan.org server
::1 localhost6.localdomain6 localhost6
4、 禁止防火墙和SELinux,假如您在安装前已经禁止了,这一步可以忽视.运行下面的号令:
system-config-securitylevel
在下面这个界面中禁止防火墙和SELinux
然后重启服务器:
reboot
5、安装一些所需的软件包.
首先我们运行下面的号令:
rpm –import /etc/pki/rpm-gpg/RPM-GPG-KEY*
然后对系统举行更新进级
yum update
安装系统开辟包,为下一步编译部份软件做预备. yum groupinstall ‘Development Tools’ ‘Development Libraries’
5、安装Quota,这样成立好主机后我们可以举行磁盘配额管理,限制用户的网站和邮箱空间占用. yum install quota
编 辑/etc/fstab,增添,usrquota,grpquota 到/ partition(/dev/VolGroup00/LogVo100)背面,增添后以下: /dev/VolGroup00/LogVol00 / ext3 defaults,usrquota,grpquota 1 1 LABEL=/boot /boot ext3 defaults 1 2 tmpfs /dev/shm tmpfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
/dev/VolGroup00/LogVol01 swap swap defaults 0 0
然后运行以下号令启用quota: touch /aquota.user /aquota.group
chmod 600 /aquota.*
mount -o remount /
quotacheck -avugm
quotaon -avug
6、安装Apache2,Mysql,phpmyadmin,安装前,为了能安装一些官方没有的软件,我们需求运行下面的号令,利用一些非官方的软件库, 便利安装. rpm –import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
cd /tmp
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
rpm -ivh rpmforge-release-0.3.6-1.el5.rf.i386.rpm
假如上面的软件包无法下载,你可以到: http://dag.wieers.com/rpm/packages/rpmforge-release/ 去探求其他的映像网站,去下载安装.
然 后我们举行安装Apache2,MySql,phpmyadmin
#yum install ntp httpd mysql-server php php-mysql php-mbstring php-mcrypt phpmyadmin rpm-build gcc mysql-devel openssl-devel cyrus-sasl-devel pkgconfig zlib-devel pcre-devel openldap-devel postgresql-devel expect libtool-ltdl-devel openldap-servers libtool gdbm-devel pam-devel gamin-devel
7、安装 Courier-IMAP,Courier-Authlib和Maildrop 这三个软件没有RPM包,所以我们只有采取编译的方法举行安装,因为Courier-IMAP的编译只能利用普通用户,为此我们切换到我们先前成立的普通 用户xifanorg下去. su xifanorg
在编译前,还需求举行一些初始化的编译环境的成立. mkdir $HOME/downloads
mkdir $HOME/rpm
mkdir $HOME/rpm/SOURCES
mkdir $HOME/rpm/SPECS
mkdir $HOME/rpm/BUILD
mkdir $HOME/rpm/SRPMS
mkdir $HOME/rpm/RPMS
mkdir $HOME/rpm/RPMS/i386
echo “%_topdir $HOME/rpm” >> $HOME/.rpmmacros
然后,我们到http://www.courier-mta.org/download.php去下载源码包 cd $HOME/downloads
wget http://prdownloads.sourceforge.net/courier/courier-authlib-0.62.2.tar.bz2
wget http://prdownloads.sourceforge.net/courier/courier-imap-4.4.1.tar.bz2
wget http://prdownloads.sourceforge.net/courier/maildrop-2.0.4.tar.bz2
目前我们开始编译courier-authlib sudo rpmbuild -ta courier-authlib-0.62.2.tar.bz2
编译完成后,切换到$HOME/rpm/RPMS/i386,安装三个编译好的RPM软件包. cd $HOME/rpm/RPMS/i386
sudo rpm -ivh courier-authlib-0.62.2-1.i386.rpm courier-authlib-mysql-0.62.2-1.i386.rpm courier-authlib-devel-0.62.2-1.i386.rpm
然后返回$HOME/downloads,持续编译courier-imap. cd $HOME/downloads
rpmbuild -ta courier-imap-4.4.1.tar.bz2
完成后,进入$HOME/rpm/RPMS/i386,安装courier-imap. cd $HOME/rpm/RPMS/i386
sudo rpm -ivh maildrop-2.0.4-1.i386.rpm
接下来,我们返回$HOME/downloads,编译maildrop. cd $HOME/downloads
sudo rpmbuild -ta maildrop-2.0.4.tar.bz2
编译完成后,进入$HOME/rpm/RPMS/i386,安装maildrop,按章完成后,我们要退出当前用户,仍旧利用root举行下一步的安装. cd $HOME/rpm/RPMS/i386
sudo rpm -ivh maildrop-2.0.4-1.i386.rpm
exit
8、安装Postfix 并给其增添Quota和Mysql支持.我们必须下载Postfix的RPM源文件,给Postfix打上Quota和Mysql补钉,然后编译成RPM包,再安装. cd /usr/src
wget http://ftp-stud.fht-esslingen.de/pub/Mirrors/centos/5.2/os/SRPMS/postfix-2.3.3-2.src.rpm
rpm -ivh postfix-2.3.3-2.src.rpm
然 后会呈现很多 warning: user mockbuild does not exist – using root warning: group mockbuild does not exist – using root 这样的错误,不用理睬他,我们持续: cd /usr/src/redhat/SOURCES
wget http://vda.sourceforge.net/VDA/postfix-2.3.3-vda.patch.gz
gunzip postfix-2.3.3-vda.patch.gz
cd /usr/src/redhat/SPECS/
为了增添Quota和Mysql支持,我们必须编辑postfix.spec vi postfix.spec
把“%define MYSQL 0”改成“%define MYSQL 1”,并且在“Patch1: postfix-2.1.1-config.patch”前加上一行“Patch0: postfix-2.3.3-vda.patch”,在“%patch1 -p1 -b .config”前加上一行“%patch0 -p1 -b .vda”,内容以下: [...]
%define MYSQL 1
[...]
# Patches
Patch0: postfix-2.3.3-vda.patch
Patch1: postfix-2.1.1-config.patch
Patch3: postfix-alternatives.patch
Patch6: postfix-2.1.1-obsolete.patch
Patch7: postfix-2.1.5-aliases.patch
Patch8: postfix-large-fs.patch
Patch9: postfix-2.2.5-cyrus.patch
[...]
%setup -q
# Apply obligatory patches
%patch0 -p1 -b .vda
%patch1 -p1 -b .config
%patch3 -p1 -b .alternatives
%patch6 -p1 -b .obsolete
%patch7 -p1 -b .aliases
%patch8 -p1 -b .large-fs
%patch9 -p1 -b .cyrus
[...]
然后我们编译新的可以支持Quota和Mysql的RPM软件包 rpmbuild -ba postfix.spec
我们的编译好的软件包在在目录/usr/src/redhat/RPMS/i386下,我们进入这个目录然后安装编译好的软件包. cd /usr/src/redhat/RPMS/i386
rpm -ivh postfix-2.3.3-2.i386.rpm
然后我们关闭Sendmail,启动Postfix,saslauthd和courier-authlib: chkconfig –levels 235 courier-authlib on
/etc/init.d/courier-authlib start
chkconfig –levels 235 sendmail off
chkconfig –levels 235 postfix on
chkconfig –levels 235 saslauthd on
/etc/init.d/sendmail stop
/etc/init.d/postfix start
/etc/init.d/saslauthd start
8、配置Courier 这一步,我们将对Courier举行一些配置,先启动Courier: chkconfig –levels 235 courier-imap on
/etc/init.d/courier-authlib restart
/etc/init.d/courier-imap restart
当 courier-imap第一次启动的时刻,他会默许以/usr/lib/courier-imap/etc/imapd.cnf and /usr/lib/courier-imap/etc/pop3d.cnf和/usr/lib/courier-imap/etc/pop3d.cnf这 两个文件辨别家里一个文件,辨别是/usr/lib/courier-imap/share/imapd.pem 和 /usr/lib/courier-imap/share/pop3d.pem,因为这个.cnf文件中的CN=localhost,但是我们的服务器的 主机名是idc.xifan.org,当我们利用TLS衔接的时刻这两个证书文件大概会招致一些问题,为了办理这个问题,我们删除这两个证书. cd /usr/lib/courier-imap/share/
rm -f imapd.pem
rm -f pop3d.pem
然 后 把/usr/lib/courier-imap/etc/imapd.cnf和/usr/lib/courier-imap/etc/pop3d.cnf 这两个文件中的“CN=localhost”用“CN=idc.xifan.org”替换掉. vi /usr/lib/courier-imap/etc/imapd.cnf
然后替换成: [...]
CN=idx.xifan.org
[...]
编辑/usr/lib/courier-imap/etc/pop3d.cnf vi /usr/lib/courier-imap/etc/pop3d.cnf
替换成 [...]
CN=idc.xifan.org
[...]
然后我们重新成立这两个证书: ./mkimapdcert
./mkpop3dcert
然后我们重新启动courier-authlib和courier-imap: /etc/init.d/courier-authlib restart
/etc/init.d/courier-imap restart
9、安装Getmail 用一下号令安装getmail yum install getmail
10、设置Mysql密码,并对phpmyadmin举行配置.
启动Mysql: chkconfig –levels 235 mysqld on
/etc/init.d/mysqld start
然后为Mysql的root帐号设置密码,注意将这里的yourrootpassword替换成你的密码. mysqladmin -u root password yourrootsqlpassword
mysqladmin -h server1.example.com -u root password yourrootsqlpassword
接下来为phpmyadmin成立一个体名,这样才能拜候. vi /etc/httpd/conf.d/phpmyadmin.conf
改变的内容以下: #
# Web application to manage MySQL
#
#
# order Deny,Allow
# Deny from all
# Allow from 127.0.0.1
#
Alias /phpmyadmin /usr/share/phpmyadmin
Alias /phpMyAdmin /usr/share/phpmyadmin
Alias /mysqladmin /usr/share/phpmyadmin
然后我们改变phpmyadmin的考证方法,把cookie考证改成http vi /usr/share/phpmyadmin/config.inc.php
改变的内容以下: [...]
/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = ‘http’;
[...]
然后我们设置httpd为自启动,并且启动httpd chkconfig –levels 235 httpd on
/etc/init.d/httpd start
目前我们可以利用http://idc.xifan.org/phpmyadmin拜候到phpmyadmin了.
11、安装Amavisd-new、SpamAssassin和ClamAV
运行以下号令行安装 Amavisd-new、SpamAssassin和ClamAV
yum install amavisd-new spamassassin clamav clamd unzip bzip2 unrar perl-DBD-mysql
然后,我们启动freshclam, amavisd 和 clamd. chkconfig –levels 235 amavisd on
chkconfig –levels 235 clamd on
/usr/bin/freshclam
/etc/init.d/amavisd start
/etc/init.d/clamd start
然后,成立一些必须的文件夹,并设置权限. mkdir /var/run/amavisd /var/spool/amavisd /var/spool/amavisd/tmp /var/spool/amavisd/db
chown amavis /var/run/amavisd /var/spool/amavisd /var/spool/amavisd/tmp /var/spool/amavisd/db
12、安装php的mod-php,suphp,fcgi等情势支持.
ISPCOnfig 3答应在php5的环境中为每个站点设置mod_php,mod_fcgi,cgi 和suPHP这四种差别的php运行情势.mod_fcgid在官方的 软件库中是不存在的,但是在centos.karan.org有测试包.我们通过以下号令增添更新库来安装这个测试包 cd /etc/yum.repos.d/
wget http://centos.karan.org/kbsingh-CentOS-Extras.repo
然后我们编辑/etc/yum.repos.d/kbsingh-CentOS-Extras.repo这个文件: vi /etc/yum.repos.d/kbsingh-CentOS-Extras.repo
然后我们在[kbs-CentOS-Testing]中设置gpgcheck = 0 ,设置enabled = 1.以下: [...]
[kbs-CentOS-Testing]
name=CentOS.Karan.Org-EL$releasever – Testing
gpgcheck=0
gpgkey=http://centos.karan.org/RPM-GPG-KEY-karan.org.txt
enabled=1
baseurl=http://centos.karan.org/el$releasever/extras/testing/$basearch/RPMS/
接下来我们可以安装apache的mod_php5,mo_fcgid和php5模块.
注意:假如您在安装的历程中呈现不能安装php-eaccelerator,请在以下号令中删除php-eaccelerator.因为在php 5.1.6版本中,已经没有这个模块了.
yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-eaccelerator php-mbstring php-mcrypt php-mhash php-mssql php-snmp php-soap php-tidy curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel mod_fcgid php-cli httpd-devel
然后我们编辑/etc/php.ini vi /etc/php.ini
改变错误报告的方法,找到 “;error_reporting = E_ALL & ~E_NOTICE”,去掉前面的“;”号(假如没有,则查找error_reporting,改成“error_reporting = E_ALL & ~E_NOTICE
”,并且在文件最后增添一行“cgi.fix_pathinfo = 1”,以下 [...]
error_reporting = E_ALL & ~E_NOTICE
[...]
cgi.fix_pathinfo = 1
接下来我们安装suPHP: cd /tmp
wget http://www.suphp.org/download/suphp-0.7.0.tar.gz
tar xvfz suphp-0.7.0.tar.gz
cd suphp-0.7.0/
./configure –prefix=/usr –sysconfdir=/etc –with-apr=/usr/bin/apr-1-config –with-apxs=/usr/sbin/apxs –with-apache-user=apache –with-setid-mode=owner –with-php=/usr/bin/php-cgi –with-logfile=/var/log/httpd/suphp_log –enable-SUPHP_USE_USERGROUP=yes
make
make install
然后把我们的suPHP模块增添到apache的配置中.成立/etc/httpd/conf.d/suphp.conf这个文件: vi /etc/httpd/conf.d/suphp.conf
成立的文件内容以下: LoadModule suphp_module modules/mod_suphp.so
然后成立/etc/suphp.conf: vi /etc/suphp.conf
内容以下: [global]
;Path to logfile
logfile=/var/log/httpd/suphp.log
;Loglevel
loglevel=info
;User Apache is running as
webserver_user=apache
;Path all scripts have to be in
docroot=/
;Path to chroot() to before executing script
;chroot=/mychroot
; Security options
allow_file_group_writeable=true
allow_file_others_writeable=false
allow_directory_group_writeable=true
allow_directory_others_writeable=false
;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true
;Send minor error messages to browser
errors_to_browser=false
;PATH environment variable
env_path=/bin:/usr/bin
;Umask to set, specify in octal notation
umask=0077
; Minimum UID
min_uid=100
; Minimum GID
min_gid=100
[handlers]
;Handler for php-scripts
x-httpd-suphp=”php:/usr/bin/php-cgi”
;Handler for CGI-scripts
x-suphp-cgi=”execute:!self”
最后重启Apache: /etc/init.d/httpd restart
13、安装PureFTPd
利用以下号令安装PureFtpd yum install pure-ftpd
设置Pureftpd自启动,然后启动pureftpd chkconfig –levels 235 pure-ftpd on
/etc/init.d/pure-ftpd start
14、安装Mydns
利用以下号令安装MyDns wget http://mydns.bboy.net/download/mydns-mysql-1.1.0-1.i386.rpm
rpm -ivh mydns-mysql-1.1.0-1.i386.rpm
系统开机时,MyDNS必须在MySQL之后启动.MySQL的启动优先级是64,所以MyDNS的启动优先级必须在65-99之间,然后我们翻开MyDNS的启动脚本 vi /etc/init.d/mydns
改正的内容以下,请参照改正: [...]
# chkconfig: 345 65 50
[...]
然后我们设置MyDNS自启动. chkconfig –levels 235 mydns on
我们目前不启动MyDNS,是因为它初次启动必须举行配置,这个配置将对今后安装ISPConfig 3有影响,今后我们安装ISPConfig3的时刻会对他自动举行配置的.
15、安装Vlogger 和 Webalizer
利用以下号令安装Vlogger和Webalizer. yum install webalizer perl-DateTime-Format-HTTP perl-DateTime-Format-Builder
cd /tmp
wget http://n0rp.chemlab.org/vlogger/vlogger-1.3.tar.gz
tar xvfz vlogger-1.3.tar.gz
mv vlogger-1.3/vlogger /usr/sbin/
rm -rf vlogger*
16、安装Jailkit
利用以下号令安装Jailkit: cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.5.tar.gz
tar xvfz jailkit-2.5.tar.gz
cd jailkit-2.5
./configure
make
make install
rm -rf jailkit-2.5*
17、安装fail2ban. yum install fail2ban
chkconfig –levels 235 fail2ban on
/etc/init.d/fail2ban start
18、安装rkhunter,利用以下号令: yum install rkhunter
19、安装Webmail.
官 方利用的是squirrelmail,但是对中文支持不好,所以我们利用Extmail,Extmail是国产开源的webmail系统,对中文支持自然 没问题.首先我们去http://www.extmail.org/cgi-bin/download.cgi下 载Extmail,目前是1.09版本. 他下载前要求填写一个表单. Your Name:这里填写你的名字,Phone:电话,Email:电子邮箱,Your website:你的网站,Industry:职业,Scale:规模,MTA Softs:邮件系统,这里挑选Postfix,OS:操作系统,就选Linux好了.下载后的操作请见 在ispconfig3中利用Extmail替换squirrelmail!.
20、安装ISPConfig 3
首先我们要下载ISPConfig3,然后解压,进入安装目录,号令以下:
cd /tmp
wget http://downloads.sourceforge.net/ispconfig/ISPConfig-3.0.1.tar.gz?use_mirror=
tar xvfz ISPConfig-3.0.1.tar.gz
cd ispconfig3_install/install/
然后运行以下号令行安装: php -q install.php
这里大概会出错,假如出错,看: 关于ISPConfig在CentOS 5.3下安装的问题
改正完后,持续安装,操作按下面提醒举行: ——————————————————————————–
_____ ___________ _____ __ _
|_ _/ ___| ___ \ / __ \ / _(_)
| | \ `–.| |_/ / | / \/ ___ _ __ | |_ _ __ _
| | `–. \ __/ | | / _ \| ‘_ \| _| |/ _` |
_| |_/\__/ / | | \__/\ (_) | | | | | | | (_| |
\___/\____/\_| \____/\___/|_| |_|_| |_|\__, |
__/ |
|___/
——————————————————————————–
>> Initial configuration
Operating System: CentOS 5.2 or compatible
Following will be a few questions for primary configuration so be careful.
Default values are in [brackets] and can be accepted with .
Tap in “quit” (without the quotes) to stop the installer.
Select language (en,de) [en]:
Installation mode (standard,expert) [standard]: <– 回车
Full qualified hostname (FQDN) of the server, eg server1.domain.tld [idc.xifan.org]: <–回车
MySQL server hostname [localhost]: <– 回车
MySQL root username [root]: <–回车
MySQL root password []: <– 输入您的MySql的root用户密码
MySQL database to create [dbispconfig]: <– 回车
MySQL charset [utf8]: <– 回车
Generating a 2048 bit RSA private key
…………………………………………+++
………………………………………………………………………+++
writing new private key to ’smtpd.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]: <– 输入“CN”
State or Province Name (full name) [Berkshire]: <– 填写你的省份
Locality Name (eg, city) [Newbury]: <– ENTER
organization Name (eg, company) [My Company Ltd]: <– 回车
organizational Unit Name (eg, section) []: <– 回车
Common Name (eg, your name or your server’s hostname) []: <– 回车
Email Address []: <– 回车
Configuring Jailkit
Configuring SASL
Configuring PAM
Configuring Courier
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Configuring Pureftpd
Configuring MyDNS
Configuring Apache
Configuring Firewall
Installing ISPConfig
ISPConfig Port [8080]: <– 回车
Configuring DBServer
Installing Crontab
no crontab for root
no crontab for getmail
Restarting services …
Stopping MySQL: [ OK ]
Starting MySQL: [ OK ]
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
Stopping saslauthd: [ OK ]
Starting saslauthd: [ OK ]
Shutting down Mail Virus Scanner (amavisd): [ OK ]
Starting Mail Virus Scanner (amavisd): [ OK ]
Stopping Clam AntiVirus Daemon: [ OK ]
Starting Clam AntiVirus Daemon: [ OK ]
Stopping Courier authentication services: authdaemond
Starting Courier authentication services: authdaemond
Stopping Courier-IMAP server: imap imap-ssl pop3 pop3-ssl
Starting Courier-IMAP server: imap imap-ssl pop3 pop3-ssl
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
Stopping pure-ftpd: [ OK ]
Starting pure-ftpd: [ OK ]
Installation completed.
[root@server1 install]#
然后便可以输入http://192.168.0.200:8080看看是不可以拜候了.
以上是“CentOS 5.x下安装ISPConfig具体教程[服务器安全]”的内容,如果你对以上该文章内容感兴趣,你可以看看七道奇为您推荐以下文章:
| 本文地址: | 与您的QQ/BBS好友分享! |
- 好的评价 如果您觉得此文章好,就请您
0%(0) 
- 差的评价 如果您觉得此文章差,就请您
0%(0) 
中查找“CentOS 5.x下安装ISPConfig具体教程”更多相关内容
中查找“CentOS 5.x下安装ISPConfig具体教程”更多相关内容