IT training the perfect server CentOS4

Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ The Perfect Server - CentOS 4.7 Server This tutorial shows how to set up a CentOS 4.7 server that of

Trang 1

ACE I.T LEARNING SOLUTIONS, INC.

Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C

Prepared By: Jim “King” Reforma[virushacker23@yahoo.com]

http://www.linuxman.2ya.com/

The Perfect Server - CentOS 4.7 Server

This tutorial shows how to set up a CentOS 4.7 server that offers all services needed by

ISPs and web hosters: Apache web server (SSL-capable), Postfix mail server with

SMTP-AUTH and TLS, BIND DNS server, Proftpd FTP server, MySQL server, DovecotPOP3/IMAP, Quota, Firewall, etc This tutorial is written for the 32-bit version of

CentOS 4.7, but should apply to the 64-bit version with very little modifications as well

I will use the following software:

• Web Server: Apache 2.0.x with PHP 4.3.9, mod_ruby, mod_python

• Database Server: MySQL 4.1

• Mail Server: Postfix

• DNS Server: BIND9 (chrooted!)

• FTP Server: proftpd

• POP3/IMAP server: dovecot

• Webalizer for web site statistics

In the end you should have a system that works reliably, and if you like you can installthe free webhosting control panelISPConfig (i.e., ISPConfig runs on it out of the box)

I want to say first that this is not the only way of setting up such a system There aremany ways of achieving this goal but this is the way I take I do not issue any guaranteethat this will work for you!

Requirements

To install such a system you will need the following:

• Download the CentOS 4.7 DVD or the four CD iso images from a mirror near you(the list of mirrors can be found here:

http://www.centos.org/modules/tinycontent/index.php?id=13)

• a fast internet connection

1 Install The Base System

Boot from your CentOS 4.7 DVD or CD (CD 1)

Trang 2

It can take a long time to test the installation media so we skip this test here:

Trang 3

The welcome screen of the CentOS installer appears Click on Next:

Trang 4

Choose your language next:

Trang 5

Trang 6

(JavaScript must be enabled in your browser to view the large image as an imageoverlay.)

We want to install a server so we choose Server here:

Trang 7

Trang 8

I'm installing CentOS 4.7 on a fresh system, so I answer Yes to the question Would youlike to initialize this drive, erasing ALL DATA?

Trang 9

Trang 10

We want to remove all Linux partitions, so we answer Yes to the following question:

Trang 11

Trang 12

Now the boot loader GRUB will be installed You can leave the default settingsunchanged and click on Next:

Trang 13

On to the network settings The default setting here is to configure the network interfaceswith DHCP, but we are installing a server, so static IP addresses are not a bad idea Click on the Edit button at the top right In the window that pops up uncheck Configureusing DHCP and give your network card a static IP address (in this tutorial I'm using the

IP address 192.168.0.100 for demonstration purposes):

Trang 14

Trang 15

Trang 16

(JavaScript must be enabled in your browser to view the large image as an image

overlay.)

I want to install ISPConfig at the end of this tutorial which comes with its own firewall.That's why I disable the default CentOS firewall now Of course, you are free to leave it

on and configure it to your needs (but then you shouldn't use any other firewall later on as

it will most probably interfere with the CentOS firewall)

SELinux is a security extension of CentOS that should provide extended security In myopinion you don't need it to configure a secure system, and it usually causes more

problems than advantages (think of it after you have done a week of trouble-shootingbecause some service wasn't working as expected, and then you find out that everythingwas ok, only SELinux was causing the problem) Therefore I disable it (this is a must ifyou want to install ISPConfig later on)

Trang 17

Click on Proceed:

Trang 18

Select the default language for the system and add further languages, if necessary:

Trang 19

Trang 20

Give root a password:

Trang 21

Trang 22

Click on Next to start the installation:

Trang 23

Trang 24

The installation begins This will take a few minutes:

Trang 25

Trang 26

Now, on to the configuration

Trang 27

3 Configure Additional IP Addresses

(This section is totally optional It just shows how to add additional IP addresses to yournetwork interface eth0 if you need more than one IP address If you're fine with one IPaddress, you can skip this section.)

Let's assume our network interface is eth0 Then there is a file scripts/ifcfg-eth0 which looks like this:

Now we want to create the virtual interface eth0:0 with the IP address 192.168.0.101 All

we have to do is to create the file /etc/sysconfig/network-scripts/ifcfg-eth0:0 which lookslike this (we can leave out the HWADDR line as it is the same physical network card):

Trang 28

You should now see your new IP address in the output:

[root@server1 ~]# ifconfig

eth0 Link encap:Ethernet HWaddr 00:0C:29:DC:03:5B

inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0

inet6 addr: fe80::20c:29ff:fedc:35b/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:347 errors:0 dropped:0 overruns:0 frame:0

TX packets:401 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:29234 (28.5 KiB) TX bytes:64323 (62.8 KiB)

Interrupt:177 Base address:0x1400

eth0:0 Link encap:Ethernet HWaddr 00:0C:29:DC:03:5B

inet addr:192.168.0.101 Bcast:192.168.0.255 Mask:255.255.255.0

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

Interrupt:177 Base address:0x1400

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:16436 Metric:1

RX packets:8 errors:0 dropped:0 overruns:0 frame:0

TX packets:8 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:560 (560.0 b) TX bytes:560 (560.0 b)

[root@server1 ~]#

4 Configure The Firewall

(You can skip this chapter if you have already disabled the firewall during the basicsystem installation.)

I want to install ISPConfig at the end of this tutorial which comes with its own firewall

Trang 29

(JavaScript must be enabled in your browser to view the large image as an image

overlay.)

Select Disabled and press OK

To check that the firewall has really been disabled, you can run

iptables -L

afterwards The output should look like this:

[root@server1 ~]# iptables -L

Chain INPUT (policy ACCEPT)

target prot opt source destination

Chain FORWARD (policy ACCEPT)

Chain OUTPUT (policy ACCEPT)

[root@server1 ~]#

5 Disable SELinux

(You can skip this chapter if you have already disabled SELinux during the basic systeminstallation.)

Trang 30

SELinux is a security extension of CentOS that should provide extended security In myopinion you don't need it to configure a secure system, and it usually causes moreproblems than advantages (think of it after you have done a week of trouble-shootingbecause some service wasn't working as expected, and then you find out that everythingwas ok, only SELinux was causing the problem) Therefore I disable it (this is a must ifyou want to install ISPConfig later on)

Edit /etc/selinux/config and set SELINUX=disabled:

vi /etc/selinux/config

# This file controls the state of SELinux on the

system

# SELINUX= can take one of these three values:

# enforcing - SELinux security policy is

6 Install Some Software

First we import the GPG keys for software packages:

rpm import /usr/share/rhn/RPM-GPG-KEY*

Trang 31

7 Quota

To install quota, we run this command:

yum install quota

Edit /etc/fstab and add ,usrquota,grpquota to the / partition

LABEL=/boot /boot ext3defaults 1 2

none /dev/pts

devpts gid=5,mode=620 0 0

none /dev/shm tmpfsdefaults 0 0

none /proc procdefaults 0 0

Trang 32

8 Install A Chrooted DNS Server (BIND9)

To install a chrooted BIND9, we do this:

yum install bind-chroot

BIND will run in a chroot jail under /var/named/chroot/var/named/ I will use ISPConfig

to configure BIND (zones, etc.)

9 MySQL (4.1)

To install MySQL, we do this:

yum install mysql mysql-devel mysql-server

The MySQL init script on CentOS might cause problems when you try to restart MySQL

In some cases it tries to start MySQL before the old MySQL process has stopped whichleads to a failure The solution is to edit the restart section of /etc/init.d/mysqld and add afew seconds delay between the stop and the start of MySQL

Trang 33

This adds a three second delay between the stop and start of MySQL

Then we create the system startup links for MySQL (so that MySQL starts automaticallywhenever the system boots) and start the MySQL server:

chkconfig levels 235 mysqld on

/etc/init.d/mysqld start

Now check that networking is enabled Run

netstat -tap | grep mysql

It should show something like this:

[root@server1 ~]# netstat -tap | grep mysql

tcp 0 0 *:mysql *:* LISTEN 3791/mysqld

[root@server1 ~]#

If it does not, edit /etc/my.cnf and comment out the option skip-networking:

vi /etc/my.cnf

Trang 34

mysqladmin -u root password yourrootsqlpassword

mysqladmin -h server1.example.com -u root password yourrootsqlpassword

to set a password for the user root (otherwise anybody can access your MySQL

database!)

10 Postfix With SMTP-AUTH And TLS

Now we install Postfix and dovecot (dovecot will be our POP3/IMAP server):

yum install cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plainpostfix dovecot

Next we configure SMTP-AUTH and TLS:

postconf -e 'smtpd_sasl_local_domain ='

postconf -e 'smtpd_sasl_auth_enable = yes'

postconf -e 'smtpd_sasl_security_options = noanonymous'

postconf -e 'broken_sasl_auth_clients = yes'

postconf -e 'smtpd_sasl_authenticated_header = yes'

postconf -e 'smtpd_recipient_restrictions =

permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'

postconf -e 'inet_interfaces = all'

postconf -e 'mynetworks = 127.0.0.0/8'

We must edit /usr/lib/sasl2/smtpd.conf so that Postfix allows PLAIN and LOGIN logins

On a 64Bit Centos 4.7 you must edit the file /usr/lib64/sasl2/smtpd.conf instead It shouldlook like this:

Định dạng
Số trang	44
Dung lượng	2,66 MB