Jump to content
sleed

Tutorial Instalare Server pe DEBIAN [Wheezy]

By sleed, in Tutoriale in romana

Recommended Posts

sleed Newbie

sleed

Posted
Posted

Aveti un calculator vechi si nu stiti ce sa faceti cu el ? Aveti resurse bunicele , cat sa va tina un server ? Vreti sa va jucati , si sa invatati in acelasi timp? Bun , deviza mea este : SA TRECEM LA TREABA.

Sa TRecem la Treaba.

DE ce avem nevoie?

0.1).Distro Debian , se gaseste aici :

Haideti sa configuram Network Interfaces :

Deschide ti consola si :

nano /etc/network/interfaces

V-oi folosi ip ul 192.168.0.100 , deoarece asa e configurat la mine pe eth0.

Adaugam lista in interfaces :

# This file describes the network interfaces available on your system

# and how to activate them. For more information, see interfaces(5).

# The loopback network interface

auto lo

iface lo inet loopback

# The primary network interface

#allow-hotplug eth0

#iface eth0 inet dhcp

auto eth0

iface eth0 inet static

address 192.168.0.100

netmask 255.255.255.0

network 192.168.0.0

broadcast 192.168.0.255

gateway 192.168.0.1

Restart la net :

/etc/init.d/networking restart

Modificam hosts

nano /etc/hosts

127.0.0.1 localhost.localdomain localhost

192.168.0.100 serverumeu.nektsistems.com server1

# The following lines are desirable for IPv6 capable hosts

::1 localhost ip6-localhost ip6-loopback

ff02::1 ip6-allnodes

ff02::2 ip6-allrouters

Acuma scriem in consola :

echo serverumeu.nektsistems.com > /etc/hostname

/etc/init.d/hostname.sh start

Rulam :

hostname
in consola , apoi
hostname -f

Sa aveti neaparat aceste librarii instalate in sources list : scriem in consola

nano /etc/apt/sources.list

si adaugam :

deb Index of /debian wheezy main contrib non-free

deb-src Index of /debian wheezy main contrib non-free

deb Debian -- Security Information wheezy/updates main contrib non-free

deb-src Debian -- Security Information wheezy/updates main contrib non-free

# wheezy-updates, previously known as 'volatile'

deb Index of /debian wheezy-updates main contrib non-free

deb-src Index of /debian wheezy-updates main contrib non-free

Rulam in consola

apt-get update ,
apoi apt-get upgrade

Reconfiguram shellu cu comanda :

dpkg-reconfigure dash

Updatam timpul , clock :

apt-get install ntp ntpdate

0.2) Instalam : Postfix, Dovecot, MySQL, phpMyAdmin, rkhunter, binutils

In consola scriem :

apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve sudo
General type of mail configuration: <-- Internet Site

System mail name: <-- serverumeu.nektsistems.com

New password for the MySQL "root" user: <-- parola pentru root...

Repeat password for the MySQL "root" user: <-- repetam parola

Bun acum ne "jucam" cu TSL/SSL ports,

nano /etc/postfix/master.cf
submission inet n - - - - smtpd

-o syslog_name=postfix/submission

-o smtpd_tls_security_level=encrypt

-o smtpd_sasl_auth_enable=yes

-o smtpd_client_restrictions=permit_sasl_authenticated,reject

# -o milter_macro_daemon_name=ORIGINATING

smtps inet n - - - - smtpd

-o syslog_name=postfix/smtps

-o smtpd_tls_wrappermode=yes

-o smtpd_sasl_auth_enable=yes

-o smtpd_client_restrictions=permit_sasl_authenticated,reject

# -o milter_macro_daemon_name=ORIGINATING

[...]

Nu stergi nimic , adaugi ce este aici .

Restart postfix :

/etc/init.d/postfix restart

Ca mysql sa de-a listen la toate interfetele , in :

/etc/mysql/my.cnf

cautam linia si modificam asa :

#bind-address = 127.0.0.1
, adica bind adress , sa fie localhost ;)

Apoi dam restart la mysql :

/etc/init.d/mysql restart

SI vedem procesul :

netstat -tap | grep mysql

0) Instalam :Amavisd-new, SpamAssassin, And Clamav

apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl

Update la spam assasin :

/etc/init.d/spamassassin stop

update-rc.d -f spamassassin remove

1)Instalam Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, And mcrypt

apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libruby libapache2-mod-ruby libapache2-mod-python php5-curl php5-intl php5-memcache php5-memcached php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl memcached
Web server to reconfigure automatically: <-- apache2

Configure database for phpmyadmin with dbconfig-common? <-- No

Apoi , sa adaugam niste module in apache , scriem in consola :

a2enmod suexec rewrite ssl actions include

a2enmod dav_fs dav auth_digest

Apoi , deschidem cu

nano /etc/apache2/mods-available/suphp.conf

cautam linia <FilesMatch "\.ph(p3?|tml)$"> , ADAUGAM DUPA ACEASTA LINIE :

AddType application/x-httpd-suphp .php .php3 .php4 .php5 .phtml

Restart apache :

/etc/init.d/apache2 restart

Adaugam modulul RUBY : , scriem in consola :

nano /etc/mime.types
,

si adaugam

#application/x-ruby rb

RESTART APACHE :

/etc/init.d/apache2 restart

2) Instalam Xcache

apt-get install php5-xcache

Restart apachE

/etc/init.d/apache2 restart

3) Instalam PHP+FPM

[PEntru ISPCONFIG]

apt-get install libapache2-mod-fastcgi php5-fpm

Scriem in consola urmatoarele comenzi :

Prima: a2enmod actions fastcgi alias

A 2-a: /etc/init.d/apache2 restart

4)Instalam MAILMAN

Deschidem consola,scriem

apt-get install mailman
Languages to support: <-- en (English)

Missing site list <-- Ok

Scriem in consola ,

newlist mailman
root@server1:~# newlist mailman

Enter the email of the person running the list: <-- admin email address, e.g. listadmin@JEPELE.com

Initial mailman password: <-- admin password for the mailman list

To finish creating your mailing list, you must edit your /etc/aliases (or

equivalent) file by adding the following lines, and possibly running the

`newaliases' program:

Enter , si done.

Scrii in consola :

nano /etc/aliases

,si adaugi urmatoarele :

## mailman mailing list

mailman: "|/var/lib/mailman/mail/mailman post mailman"

mailman-admin: "|/var/lib/mailman/mail/mailman admin mailman"

mailman-bounces: "|/var/lib/mailman/mail/mailman bounces mailman"

mailman-confirm: "|/var/lib/mailman/mail/mailman confirm mailman"

mailman-join: "|/var/lib/mailman/mail/mailman join mailman"

mailman-leave: "|/var/lib/mailman/mail/mailman leave mailman"

mailman-owner: "|/var/lib/mailman/mail/mailman owner mailman"

mailman-request: "|/var/lib/mailman/mail/mailman request mailman"

mailman-subscribe: "|/var/lib/mailman/mail/mailman subscribe mailman"

mailman-unsubscribe: "|/var/lib/mailman/mail/mailman unsubscribe mailman"

Scrii

newaliases ,

Restart

/etc/init.d/postfix restart

Apoi activam apache mailman modu:

ln -s /etc/mailman/apache.conf /etc/apache2/conf.d/mailman.conf

Restart apache :

/etc/init.d/apache2 restart

Activam Daemon Mailman :

/etc/init.d/mailman start

XIV)

Instalam PureFTPd And Quota

Open consola ->

apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool

apoi deschidem consola,tastam

nano /etc/default/pure-ftpd-common

si ne asiguram ca aceste setari sunt exact asa :

STANDALONE_OR_INETD=standalone

[...]

VIRTUALCHROOT=true

Ne asiguram ca ssl mod merge :

echo 1 > /etc/pure-ftpd/conf/TLS
mkdir -p /etc/ssl/private/

Generam un certificat SSL :

openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
Country Name (2 letter code) [AU]: <-- Enter your Country Name (e.g., "DE").

State or Province Name (full name) [some-State]: <-- Enter your State or Province Name.

Locality Name (eg, city) []: <-- Enter your City.

Organization Name (eg, company) [internet Widgits Pty Ltd]: <-- Enter your Organization Name (e.g., the name of your company).

Organizational Unit Name (eg, section) []: <-- Enter your Organizational Unit Name (e.g. "NEKT DEPARTAMENT").

Common Name (eg, YOUR name) []: <-- Enter the Fully Qualified Domain Name of the system (e.g. "serverumeu.nektsistems.com").

Email Address []: <-- Enter your Email Address.

Schimbam permisiile pentru certificat : consola , scriem :

chmod 600 /etc/ssl/private/pure-ftpd.pem

Apoi restart pure ftpd restart

/etc/init.d/pure-ftpd-mysql restart

Deschidem in consola :

nano /etc/fstab

Ne asiguram ca este ca aici :

# /etc/fstab: static file system information.

#

# Use 'blkid' to print the universally unique identifier for a

# device; this may be used with UUID= as a more robust way to name devices

# that works even if disks are added and removed. See fstab(5).

#

# <file system> <mount point> <type> <options> <dump> <pass>

/dev/mapper/server1-root / ext4 errors=remount-ro,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 0 1

# /boot was on /dev/sda1 during installation

UUID=46d1bd79-d761-4b23-80b8-ad20cb18e049 /boot ext2 defaults 0 2

/dev/mapper/server1-swap_1 none swap sw 0 0

/dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0

Daca nu , in consola , tastam :

mount -o remount /

quotacheck -avugm

quotaon -avug

VX)Instalam BIND DNS SERVER

apt-get install bind9 dnsutils

5) Instalam Vlogger, Webalizer, And AWstats

apt-get install vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl

Scriem in consola :

nano /etc/cron.d/awstats

Si comentam la liniile urmatoare :

#MAILTO=root

#*/10 * * * * www-data [ -x /usr/share/awstats/tools/update.sh ] && /usr/share/awstats/tools/update.sh

# Generate static reports:

#10 03 * * * www-data [ -x /usr/share/awstats/tools/buildstatic.sh ] && /usr/share/awstats/tools/buildstatic.sh

SA FIE EXACT ASA.

6) Instalam JAILKIT

apt-get install build-essential autoconf automake1.9 libtool flex bison debhelper binutils-gold
cd /tmp

wget http://olivier.sessink.nl/jailkit/jailkit-2.15.tar.gz

tar xvfz jailkit-2.15.tar.gz

cd jailkit-2.15

./debian/rules binary

Sau.deb , asa

cd ..

dpkg -i jailkit_2.15-1_*.deb

rm -rf jailkit-2.15*

7) Instalam Fail2BAN

Consola ->

apt-get install fail2ban

Tot in consola ,

nano /etc/fail2ban/jail.local

Ne asiguram ca configuratiile urmatoare sunt

in fisier :

[pureftpd]

enabled = true

port = ftp

filter = pureftpd

logpath = /var/log/syslog

maxretry = 3

[dovecot-pop3imap]

enabled = true

filter = dovecot-pop3imap

action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]

logpath = /var/log/mail.log

maxretry = 5

[sasl]

enabled = true

port = smtp

filter = sasl

logpath = /var/log/mail.log

maxretry = 3

Facem 2 filtere :Deschidem consola

nano /etc/fail2ban/filter.d/pureftpd.conf

Adaugam :

[Definition]

failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.*

ignoreregex =

Din nou , deschidem :

nano /etc/fail2ban/filter.d/dovecot-pop3imap.conf

Adaugam :

[Definition]

failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.*

ignoreregex =

REstart fail2ban :

/etc/init.d/fail2ban restart

8) Instalam SquirellMail

apt-get install squirrelmail
squirrelmail-configure
, sa configuram,

Comanda -> D -> dovecot -> S -> Q

Haideti sa adaugam la apache , configuratia de la Squirell :

Tastam in consola :

cd /etc/apache2/conf.d/

ln -s ../../squirrelmail/apache.conf squirrelmail.conf

/etc/init.d/apache2 reload

Deschidem consola , scriem:

nano /etc/apache2/conf.d/squirrelmail.conf
[...]

<Directory /usr/share/squirrelmail>

Options FollowSymLinks

<IfModule mod_php5.c>

AddType application/x-httpd-php .php

php_flag magic_quotes_gpc Off

php_flag track_vars On

php_admin_flag allow_url_fopen Off

php_value include_path .

php_admin_value upload_tmp_dir /var/lib/squirrelmail/tmp

php_admin_value open_basedir /usr/share/squirrelmail:/etc/squirrelmail:/var/lib/squirrelmail:/etc/hostname:/etc/mailname

php_flag register_globals off

</IfModule>

<IfModule mod_dir.c>

DirectoryIndex index.php

</IfModule>

# access to configtest is limited by default to prevent information leak

<Files configtest.php>

order deny,allow

deny from all

allow from 127.0.0.1

</Files>

</Directory>

[...]

Adaugam ce este cu albastru!

Cream directoru temp , la squirell ,

mkdir /var/lib/squirrelmail/tmp

Tastam in consola :

chown www-data /var/lib/squirrelmail/tmp

Restart apache :

/etc/init.d/apache2 reload

DE AICI POTI SA ITI ACCESEZI SQUIRELL MAIL :

Si PASUL FINAL , ISPCONFIG/CPANEL, CE DORITI,am sa pun ISPCONFIG

Deschidem alta consola , scriem :

cd /tmp

wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz

tar xfz ISPConfig-3-stable.tar.gz

cd ispconfig3_install/install/

php -q install.php
---> Ca sa functioneze in concordanta cu PHP u

Select language (en,de) [en]: <-- ENTER

Installation mode (standard,expert) [standard]: <-- ENTER

Full qualified hostname (FQDN) of the server, eg server1.domain.tld [server1.example.com]: <-- ENTER

MySQL server hostname [localhost]: <-- ENTER

MySQL root username [root]: <-- ENTER

MySQL root password []: <-- yourrootsqlpassword

MySQL database to create [dbispconfig]: <-- ENTER

MySQL charset [utf8]: <-- ENTER

Generating a 4096 bit RSA private key

.............................................................++

.........................................................................................................................++

writing new private key to 'smtpd.key'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]: <-- ENTER

State or Province Name (full name) [some-State]: <-- ENTER

Locality Name (eg, city) []: <-- ENTER

Organization Name (eg, company) [internet Widgits Pty Ltd]: <-- ENTER

Organizational Unit Name (eg, section) []: <-- ENTER

Common Name (e.g. server FQDN or YOUR name) []: <-- ENTER

Email Address []: <-- ENTER

Configuring Jailkit

Configuring Dovecot

Configuring Spamassassin

Configuring Amavisd

Configuring Getmail

Configuring Pureftpd

Configuring BIND

Configuring Apache

Configuring Vlogger

Configuring Apps vhost

Configuring Bastille Firewall

Configuring Fail2ban

Installing ISPConfig

ISPConfig Port [8080]: <-- ENTER

Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]: <-- ENTER

Generating RSA private key, 4096 bit long modulus

.................................................................................................++

........++

e is 65537 (0x10001)

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]: <-- ENTER

State or Province Name (full name) [some-State]: <-- ENTER

Locality Name (eg, city) []: <-- ENTER

Organization Name (eg, company) [internet Widgits Pty Ltd]: <-- ENTER

Organizational Unit Name (eg, section) []: <-- ENTER

Common Name (e.g. server FQDN or YOUR name) []: <-- ENTER

Email Address []: <-- ENTER

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []: <-- ENTER

An optional company name []: <-- ENTER

writing RSA key

Configuring DBServer

Installing ISPConfig crontab

no crontab for root

no crontab for getmail

Restarting services ...

Stopping MySQL database server: mysqld.

Starting MySQL database server: mysqld ..

Checking for tables which need an upgrade, are corrupt or were

not closed cleanly..

Stopping Postfix Mail Transport Agent: postfix.

Starting Postfix Mail Transport Agent: postfix.

Stopping amavisd: amavisd-new.

Starting amavisd: amavisd-new.

Stopping ClamAV daemon: clamd.

Starting ClamAV daemon: clamd .

Restarting IMAP/POP3 mail server: dovecot.

[Tue May 07 02:36:22 2013] [warn] NameVirtualHost *:443 has no VirtualHosts

[Tue May 07 02:36:22 2013] [warn] NameVirtualHost *:80 has no VirtualHosts

[Tue May 07 02:36:23 2013] [warn] NameVirtualHost *:443 has no VirtualHosts

[Tue May 07 02:36:23 2013] [warn] NameVirtualHost *:80 has no VirtualHosts

Restarting web server: apache2 ... waiting .

Restarting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -H -O clf:/var/log/pure-ftpd/transfer.log -Y 1 -D -u 1000 -A -E -b -8 UTF-8 -B

Installation completed.

root@server....:/tmp/ispconfig3_install/install#

Ca sa intri pe Panoul de control , intri de aici : http(s)://192.168.0.100:8080/ , sau HTTPS://IP-ULTAU:8080

Asta a fost cam tot , va multumesc pentru vizualizare:) Sper sa va placa .

Source /Sursa : 1) SURSA 1

2) Sursa 2

3) Sursa 3

TESTAT DE MINE + WORKING 100% , DACA SUNT PROBLEME , ASTEPT P.M , SAU COMENTATI MAI JOS. MULTUMESC PENTRU VIZUALIZARE :)

kp112 Newbie

kp112

Posted
Posted (edited)

[ ok ] Restarting authentication failure monitor: fail2ban.

fail2ban eroare :(

am editat

/etc/fail2ban/jail.local

filter = pureftpd
on
filter = pure-ftpd

si tot degeaba, am incercat si asta

editat si /etc/fail2ban/filter.d/sasl.conf


failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed

Editare /etc/fail2ban/jail.local:


[sasl]
..
logpath = /var/log/mail.warn

si degeaba :(

Edited by kp112
sleed Newbie

sleed

Posted
  • Author
Posted

Da , merge , e important sa va uitati si pe tutoriale pentru securizare.. Daca vrei 4fun, recomand /etc/apache2 start, & mysql start cu phpmyadmin pentru testari de framework etc.. Daca vreti ceva mai serios trebuie bind server, mail , ispconfig [pentru buna gestionare] , instalare Selinux, kernelu sa fie la zi ,pam module,implementarea kerberos, chroot , incapsulare criptografica ...etc

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...