Infoaddict Just another site for Infoaddict's

23Feb/140

Configure DNS with CentOS

Posted by Infoaddict

Install BIND

 

[root@dlp ~]#

yum -y install bind bind-utils

 

[2] Configure BIND This example is done with grobal IP address [172.16.0.80/29], Private IP address [10.0.0.0/24], Domain name [server.world]. However, Please use your own IPs and domain name when you set config on your server. ( Actually, [172.16.0.80/29] is for private IP address, though. )

 

[root@dlp ~]#

echo 'OPTIONS="-4"' >> /etc/sysconfig/named

 

# set if you don't use IPv6 ( if use, don't set it )

[root@dlp ~]#

vi /etc/named.conf

//

// named.conf

//

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

 

options {

# make it comment ( listen all interfaces on the server )

 

#

listen-on port 53 { 127.0.0.1; };

 

# change ( if not use IPv6 )

 

listen-on-v6

{ none; };

 

directory

"/var/named";

 

dump-file

"/var/named/data/cache_dump.db";

 

statistics-file

"/var/named/data/named_stats.txt";

 

memstatistics-file

"/var/named/data/named_mem_stats.txt";

 

# query range ( set internal server and so on )

 

allow-query

{ localhost;

10.0.0.0/24;

};

 

# transfer range ( set it if you have secondary DNS )

 

allow-transfer { localhost; 10.0.0.0/24; };

 

recursion yes;

dnssec-enable yes;

 

dnssec-validation yes;

 

dnssec-lookaside auto;

/* Path to ISC DLV key */

 

bindkeys-file "/etc/named.iscdlv.key";

 

managed-keys-directory "/var/named/dynamic";

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

};

 

# change all from here

 

view "internal" {

match-clients {

localhost;

10.0.0.0/24;

};

zone "." IN {

type hint;

file "named.ca";

};

zone "server.world" IN {

type master;

file "server.world.lan";

allow-update { none; };

};

zone "0.0.10.in-addr.arpa" IN {

type master;

file "0.0.10.db";

allow-update { none; };

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

};

view "external" {

match-clients { any; };

allow-query { any; };

recursion no;

zone "server.world" IN {

type master;

file "server.world.wan";

allow-update { none; };

};

zone "80.0.16.172.in-addr.arpa" IN {

type master;

file "80.0.16.172.db";

allow-update { none; };

};

};

 

# allow-query

⇒ query range you permit

# allow-transfer

⇒ the range you permit to transfer zone info

# recursion

⇒ allow or not to search recursively

# view "internal" { *** };

⇒ write for internal definition

# view "external" { *** };

⇒ write for external definition

# For How to write for reverse resolving, Write network address reversely like below.
# 10.0.0.0/24
# network address

⇒ 10.0.0.0

# range of network

⇒ 10.0.0.0 - 10.0.0.255

 

# how to write

⇒ 0.0.10.in-addr.arpa

# 172.16.0.80/29
# network address

⇒ 172.16.0.80

# range of network

⇒ 172.16.0.80 - 172.16.0.87

# how to write

⇒ 80.0.16.172.in-addr.arpa

 

For internal zone
This example uses internal address[10.0.0.0/24], domain name[server.world], but please use your own one when you set config on your server.

 

[root@dlp ~]#

vi /var/named/server.world.lan

$TTL 86400

@   IN  SOA     dlp.server.world. root.server.world. (

2011071001  ;Serial

3600        ;Refresh

1800        ;Retry

604800      ;Expire

86400       ;Minimum TTL

)

# define name serve

 

IN  NS      dlp.server.world.

# internal IP address of name server

 

IN  A       10.0.0.30

# define Mail exchanger

 

IN  MX 10   dlp.server.world.

 

# define IP address and hostname

 

dlp     IN  A       10.0.0.30

 

[2] For external zone
This example uses external address[172.16.0.80/29], domain name[server.world], but please use your own one when you set config on your server.

 

[root@dlp ~]#

vi /var/named/server.world.wan

$TTL 86400

@   IN  SOA     dlp.server.world. root.server.world. (

2011071001  ;Serial

3600        ;Refresh

1800        ;Retry

604800      ;Expire

86400       ;Minimum TTL

)

# define name server

 

IN  NS      dlp.server.world.

# external IP address of name server

 

IN  A       172.16.0.82

# define Mail exchanger

 

IN  MX 10   dlp.server.world.

 

# define IP address and hostname

 

dlp     IN  A       172.16.0.82

 

Set Zones for reverse resolution

 

  Create zone files that servers resolve domain names from IP address.
[3] For internal zone
This example uses internal address[10.0.0.0/24], domain name[server.world], but please use your own one when you set config on your server.

 

[root@dlp ~]#

vi /var/named/0.0.10.db

$TTL 86400

@   IN  SOA     dlp.server.world. root.server.world. (

2011071001  ;Serial

3600        ;Refresh

1800        ;Retry

604800      ;Expire

86400       ;Minimum TTL

)

# define name server

 

IN  NS      dlp.server.world.

 

# define range that this domain name is in

 

IN  PTR     server.world.

IN  A       255.255.255.0

 

# define IP address and hostname

 

30      IN  PTR     dlp.server.world.

 

[4] For external zone
This example uses external address[172.16.0.80/29], domain name[server.world], but please use your own one when you set config on your server.

 

[root@dlp ~]#

vi /var/named/80.0.16.172.db

$TTL 86400

@   IN  SOA     dlp.server.world. root.server.world. (

2011071001  ;Serial

3600        ;Refresh

1800        ;Retry

604800      ;Expire

86400       ;Minimum TTL

)

# define name server

 

IN  NS      dlp.server.world.

 

# define range that this domain name is in

 

IN  PTR     server.world.

IN  A       255.255.255.248

 

# define IP address and hostname

 

82      IN  PTR     dlp.server.world.

 

 

Configute chroot environment. Simply install "bind-chroot" package to do so. If you edit named.conf or other zone files on chroot environment, edit configuration files under /var/named/chroot/.

 

[root@dlp ~]#

yum -y install bind-chroot

[root@dlp ~]#

/etc/rc.d/init.d/named restart

 

Stopping named:

[ OK ]

Starting named:

[ OK ]

[root@dlp ~]#

ll /var/named/chroot/etc

 

total 28

-rw-r--r-- 1 root root   331 Jul  9 11:17 localtime

drwxr-x--- 2 root named 4096 Nov 11  2010 named

-rw-r----- 1 root named 1550 Jul  9 23:19 named.conf

-rw-r--r-- 1 root named  601 Nov 11  2010 named.iscdlv.key

-rw-r----- 1 root named  931 Jun 21  2007 named.rfc1912.zones

drwxr-xr-x 3 root root  4096 Jul  9 23:30 pki

-rw-r----- 1 root named   77 Jul  9 23:02 rndc.key

[root@dlp ~]#

ll /var/named/chroot/var/named

 

total 40

-rw-r--r-- 1 root  root   359 Jul  9 23:25 0.0.10.db

drwxr-x--- 6 root  named 4096 Jul  9 23:30 chroot

drwxrwx--- 2 named named 4096 Jul  9 23:25 data

drwxrwx--- 2 named named 4096 Jul  9 23:26 dynamic

-rw-r----- 1 root  named 1892 Feb 18  2008 named.ca

-rw-r----- 1 root  named  152 Dec 15  2009 named.empty

-rw-r----- 1 root  named  152 Jun 21  2007 named.localhost

-rw-r----- 1 root  named  168 Dec 15  2009 named.loopback

-rw-r--r-- 1 root  root   350 Jul  9 23:24 server.world.lan

drwxrwx--- 2 named named 4096 Nov 11  2010 slaves

 

 

Set CNAME record in zone file.

 

[root@dlp ~]#

vi /var/named/server.world.lan

$TTL 86400

@   IN  SOA     dlp.server.world. root.server.world. (

# update serial

 

2011071002  ;Serial

3600        ;Refresh

1800        ;Retry

604800      ;Expire

86400       ;Minimum TTL

)

IN  NS      dlp.server.world.

IN  A       10.0.0.30

IN  MX 10   dlp.server.world.

 

dlp     IN  A       10.0.0.30

# [ aliase IN CNAME server's name ]

 

ftp     IN  CNAME   dlp.server.world.

 

[root@dlp ~]#

rndc reload

 

server reload successful

[root@dlp ~]#

dig ftp.server.world.

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> ftp.server.world.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:

;ftp.server.world.

IN

A

;; ANSWER SECTION:
ftp.server.world.

86400

IN

CNAME

dlp.server.world.

 

dlp.server.world.

86400

IN

A

10.0.0.30

;; AUTHORITY SECTION:

server.world.

86400

IN

NS

dlp.server.world.

;; Query time: 0 msec
;; SERVER: 10.0.0.30#53(10.0.0.30)
;; WHEN: Sun Jul 10 23:32:48 2011
;; MSG SIZE rcvd: 82

 

 

ollowing example shows an environment that master DNS is "dlp.server.world", Slave DNS is "ns.example.host".
[1] Write config in Zone file on Master DNS.

 

[root@dlp ~]#

vi /etc/named.conf

# add secondary DNS server in the section below

 

allow-transfer { localhost;

172.16.0.85;

};

[root@dlp ~]#

vi /var/named/server.world.wan

$TTL 86400

@   IN  SOA     dlp.server.world. root.server.world. (

# update serial

 

2011071003  ;Serial

3600        ;Refresh

1800        ;Retry

604800      ;Expire

86400       ;Minimum TTL

)

IN  NS      dlp.server.world.

# add slave name server

 

IN  NS      ns.example.host.

IN  A       172.16.0.82

IN  MX 10   dlp.server.world.

 

dlp     IN  A       172.16.0.82

 

[root@dlp ~]#

rndc reload

server reload successful

 

[2] Configuration on Slave DNS.

 

[root@ns ~]#

vi /etc/named.conf

# add lines like below

 

zone "server.world" IN {

type slave;

masters { 172.16.0.82; };

file "slaves/server.world.wan";

notify no;

};

 

[root@ns ~]#

rndc reload

server reload successful
[root@ns ~]#

ls /var/named/slaves

server.world.wan

# zone file in master DNS has been just transfered

 

Print Friendly
Filed under: Centos, DNS No Comments
23Feb/140

Configure postfix with CenOS

Posted by Infoaddict

Install Postfix to configure SMTP Server. This example shows to configure SMTP-Auth to use Dovecot's SASL function.

[1]

Configure Postfix. ( Postfix is installed by default even if you installed CentOS with Minimal.)

[root@mail ~]#

vi /etc/postfix/main.cf

# line 75: uncomment and specify hostname

myhostname =

mail.server.world

# line 83: uncomment and specify domain name

mydomain =

server.world

# line 99: uncomment

myorigin = $mydomain

# line 116: change

inet_interfaces =

all

# line 119: change if you use only IPv4

inet_protocols =

ipv4

# line 164: add

mydestination = $myhostname, localhost.$mydomain, localhost

, $mydomain

# line 264: uncomment and specify your LAN

mynetworks = 127.0.0.0/8,

10.0.0.0/24

# line 419: uncomment (use Maildir)

home_mailbox = Maildir/

# line 545: uncomment, line 546: add

header_checks = regexp:/etc/postfix/header_checks

body_checks = regexp:/etc/postfix/body_checks

# line 571: add

smtpd_banner = $myhostname ESMTP

# add at the last line

# limit an email size 10M

message_size_limit = 10485760

# limit mailbox 1G

mailbox_size_limit = 1073741824

# for SMTP-Auth settings

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_client_restrictions = permit_mynetworks,reject_unknown_client,permit
smtpd_recipient_restrictions = permit_mynetworks,permit_auth_destination,permit_sasl_authenticated,reject

[root@mail ~]#

vi /etc/postfix/header_checks

# add at the head

# reject if email address is empty

/^From:.*<#.*@.*>/ REJECT
/^Return-Path:.*<#.*@.*>/ REJECT

[root@mail ~]#

vi /etc/postfix/body_checks

# reject if includes 'example.com' in mail body

/^(|[^>].*)example.com/ REJECT

[root@mail ~]#

/etc/rc.d/init.d/postfix start

Starting postfix:

[  OK  ]

[root@mail ~]#

chkconfig postfix on

 

Install Dovecot to Configure POP/IMAP Server. This example shows to configure to provide SASL function to Postfix.

[root@mail ~]#

yum -y install dovecot

[root@mail ~]#

vi /etc/dovecot/dovecot.conf

# line 31: change ( if not use IPv6 )

listen =

*

[root@mail ~]#

vi /etc/dovecot/conf.d/10-auth.conf

# line 9: uncomment and change ( allow plain text auth )

disable_plaintext_auth =

no

# line 97: add

auth_mechanisms = plain

login

[root@mail ~]#

vi /etc/dovecot/conf.d/10-mail.conf

# line 30: uncomment and add

mail_location =

maildir:~/Maildir

[root@mail ~]#

vi /etc/dovecot/conf.d/10-master.conf

# line 84-86: uncomment and add

# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {

mode = 0666

user = postfix

# add

group = postfix

# add

}

[root@mail ~]#

/etc/rc.d/init.d/dovecot start

Starting Dovecot Imap:

[  OK  ]

[root@mail ~]#

chkconfig dovecot on

 

Configure for your Mail Client on your PC. This example shows with Windows Live Mail.

[1]

Start Windows Live mail and move to "Account" tab and Click "Email".

[2]

Input email address, account's password, sender's name and check a box 'Configure Manually' and go next.

[3]

Select IMAP or POP. This example selects IMAP. And input other information of your Mail server. Don't forget to check a box 'this server requires to authenticate' at the bottom.

[4]

Click 'Finish'.

[5]

Connect and get server's folder settings automatically.

 

Configure SSL settings in order to encrypt datas in connection.

[1]

Create certificates first, see here.

[2]

Configure Postfix and Dovecot for SSL

[root@mail ~]#

vi /etc/postfix/main.cf

# add at the last line

smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/server.crt
smtpd_tls_key_file = /etc/pki/tls/certs/server.key
smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache

[root@mail ~]#

vi /etc/postfix/master.cf

# line 17-18: uncomment

smtps       inet   n       -       n       -       -       smtpd
-o smtpd_tls_wrappermode=yes

[root@mail ~]#

vi /etc/dovecot/conf.d/10-ssl.conf

# line 6: uncomment

ssl = yes

# line 12,13: uncomment and specify certificate

ssl_cert = <

/etc/pki/tls/certs/server.crt

ssl_key = <

/etc/pki/tls/certs/server.key

[root@mail ~]#

/etc/rc.d/init.d/postfix restart

Shutting down postfix:

[ OK ]

Starting postfix:

[ OK ]

[root@mail ~]#

/etc/rc.d/init.d/dovecot restart

Stopping Dovecot Imap:

[ OK ]

Starting Dovecot Imap:

[ OK ]

Configure on client. Change settings like following example. (if you use PO3S, input '995 for incoming mail)

Click syncronize on Windows Live Mail, then following warning is shown because certificate file is created on your server. It's no ploblem. Click 'Yes' to Proceed, then it's possible to send/receive emails trough SSL connection.

 

Create a your server's original SSL Certificate. If you use your server as a business, it had better buy and use a Formal Certificate from Verisigh and so on.

[root@www ~]#

cd /etc/pki/tls/certs

[root@www certs]#

make server.key

umask 77 ; \

/usr/bin/openssl genrsa -aes128 2048 > server.key

Generating RSA private key, 2048 bit long modulus
......................................................++++++
.............++++++
e is 61251 (0x10001)
Enter pass phrase:

# set passphrase

Verifying - Enter pass phrase:

# confirm

# remove passphrase from private key

[root@www certs]#

openssl rsa -in server.key -out server.key

Enter pass phrase for server.key:

# input passphrase

writing RSA key
[root@www certs]#
[root@www certs]#

make server.csr

umask 77 ; \

/usr/bin/openssl req -utf8 -new -key server.key -out server.csr

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:

JP

# country

State or Province Name (full name) [e]:

Hiroshima

# state

Locality Name (eg, city) [Default City]:

Hiroshima

# city

Organization Name (eg, company) [Default Company Ltd]:

GTS

# company

Organizational Unit Name (eg, section) []:

Server World

# department

Common Name (eg, your server's hostname) []:

www.server.world

# server's FQDN

Email Address []:

xxx@server.world

# email address

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:

# Enter

An optional company name []:

# Enter

[root@www certs]#
[root@www certs]#

openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650

Signature ok
subject=/C=JP/ST=Hiroshima/L=Hiroshima/O=GTS/OU=Server World/CN=www.server.world/emailAddress=xxx@server.world Getting Private key
[root@www certs]#

chmod 400 server.*

 

[1]

Install Clamav

[root@mail ~]#

yum --enablerepo=rpmforge -y install clamav

# install from RPMforge

[root@mail ~]#

vi /etc/freshclam.conf

# line 122: make it comment

#

NotifyClamd /etc/clamd.conf

[root@mail ~]#

freshclam

# update pattern files

ClamAV update process started at Sun Jul 10 22:10:08 2011
main.cvd is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven)
daily.cvd is up to date (version: 13304, sigs: 144473, f-level: 60, builder: guitar)
bytecode.cvd is up to date (version: 143, sigs: 40, f-level: 60, builder: edwin)

[2]

Try to scan

# try to scan

[root@mail ~]#

clamscan --infected --remove --recursive /home

----------- SCAN SUMMARY -----------
Known viruses: 989350
Engine version: 0.97.1
Scanned directories: 3
Scanned files: 3
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 2.060 sec (0 m 2 s)

# try to download trial virus

[root@mail ~]#

wget http://www.eicar.org/download/eicar.com

[root@mail ~]#

clamscan --infected --remove --recursive .

./eicar.com: Eicar-Test-Signature FOUND
./eicar.com: Removed.

# just detected

----------- SCAN SUMMARY -----------
nown viruses: 989350
Engine version: 0.97.1
Scanned directories: 1
Scanned files: 13
Infected files: 1
Data scanned: 0.02 MB
Data read: 0.01 MB (ratio 2.00:1)
Time: 2.079 sec (0 m 2 s)

 

[root@mail ~]#

yum --enablerepo=rpmforge -y install clamd

# install from RPMforge

[root@mail ~]#

wget http://thewalter.net/stef/software/clamsmtp/clamsmtp-1.10.tar.gz

[root@mail ~]#

tar zxvf clamsmtp-1.10.tar.gz

[root@mail ~]#

cd clamsmtp-1.10

[root@mail clamsmtp-1.10]#

./configure

[root@mail clamsmtp-1.10]#

make

[root@mail clamsmtp-1.10]#

make install

[root@mail clamsmtp-1.10]#

cp ./doc/clamsmtpd.conf /etc

[root@mail clamsmtp-1.10]#

cd

[root@mail ~]#

vi /etc/clamsmtpd.conf

# line 11: change

OutAddress:

127.0.0.1:10026

# line 29: uncomment and change

Listen:

127.0.0.1:10025

# line 32: change

ClamAddress:

/var/run/clamav/clamd.sock

# line 35: uncomment

Header: X-Virus-Scanned: ClamAV using ClamSMTP

# line 38: uncomment

TempDirectory: /tmp

# line 41: uncomment

Action: drop

# line 50: uncomment

User: clamav

[root@mail ~]#

vi /etc/rc.d/init.d/clamsmtp

# create init script

#!/bin/bash

# clamsmtpd: Start/Stop clamsmtpd

#

# chkconfig: - 65 40

# description: Clamsmtpd is smtpd for Clamav Antivirus daemon.

#

# processname: clamsmtpd

# pidfile: /var/run/clamav/clamsmtpd.pid

. /etc/rc.d/init.d/functions

. /etc/sysconfig/network

CONFIG_FILE=/etc/clamsmtpd.conf

PID_DIR=/var/run/clamav

RETVAL=0

start() {

   echo -n $"Starting ClamSmtpd: "

   daemon /usr/local/sbin/clamsmtpd -f $CONFIG_FILE -p $PID_DIR/clamsmtpd.pid

   RETVAL=$?

   echo

   [ $RETVAL -eq 0 ] && touch /var/lock/subsys/clamsmtpd

   return $RETVAL

}

stop() {

   echo -n $"Stopping ClamSmtpd: "

   killproc clamsmtpd

   RETVAL=$?

   echo

   [ $RETVAL -eq 0 ] && rm -f /var/run/clamsmtp/clamsmtpd.pid /var/lock/subsys/clamsmtpd

   return $RETVAL

}

case "$1" in

   start)

      start

      ;;

   stop)

      stop

      ;;

   status)

      status clamsmtpd

      ;;

   restart)

      stop

      start

      ;;

   condrestart)

      [ -f /var/lock/subsys/clamsmtpd ] && restart || :

      ;;

   *)

      echo $"Usage: $0 {start|stop|status|restart}"

      exit 1

esac

exit $?

[root@mail ~]#

chmod 755 /etc/rc.d/init.d/clamsmtp

[root@mail ~]#

/etc/rc.d/init.d/clamd start

Starting Clam AntiVirus Daemon: Bytecode: Security mode set to "TrustSigned".
[ OK ]
[root@mail ~]#

/etc/rc.d/init.d/clamsmtp start

Starting ClamSmtpd:

[ OK ]

[root@mail ~]#

chkconfig --add clamsmtp

[root@mail ~]#

chkconfig clamsmtp on

[root@mail ~]#

chkconfig clamd on

[2]

Configure Postfix

[root@mail ~]#

vi /etc/postfix/main.cf

# add at the last line

content_filter = scan:127.0.0.1:10025

[root@mail ~]#

vi /etc/postfix/master.cf

# add at the last line

scan unix -       -       n       -       16       smtp

   -o smtp_data_done_timeout=1200

   -o smtp_send_xforward_command=yes

   -o disable_dns_lookups=yes

127.0.0.1:10026 inet n       -       n       -       16       smtpd

   -o content_filter=

   -o local_recipient_maps=

   -o relay_recipient_maps=

   -o smtpd_restriction_classes=

   -o smtpd_client_restrictions=

   -o smtpd_helo_restrictions=

   -o smtpd_sender_restrictions=

   -o smtpd_recipient_restrictions=permit_mynetworks,reject

   -o mynetworks_style=host

   -o smtpd_authorized_xforward_hosts=127.0.0.0/8

[root@mail ~]#

/etc/rc.d/init.d/postfix restart

Shutting down postfix:

[ OK ]

Starting postfix:

[ OK ]

These lines below are added in header section of emails after this configuration.

Try to send test virus with email, then it will not send to a mailbox and logs like below are recorded.

 

Install httpd

[root@www ~]#

yum -y install httpd

# remove welcome page

[root@www ~]#

rm -f /etc/httpd/conf.d/welcome.conf

# remove default error page

[root@www ~]#

rm -f /var/www/error/noindex.html

[2]

Configure httpd.

[root@www ~]#

vi /etc/httpd/conf/httpd.conf

# line 44: change

ServerTokens

Prod

# line 76: change to ON

KeepAlive

On

# line 262: Admin's address

ServerAdmin

root@server.world

# line 276: change to your server's name

ServerName

www.server.world:80

# line 338: change

AllowOverride

All

# line 402: add file name that it can access only with directory's name

DirectoryIndex index.html

index.htm

# line 536: change

ServerSignature

Off

# line 759: make it comment

#

AddDefaultCharset UTF-8

[root@www ~]#

/etc/rc.d/init.d/httpd start

Starting httpd:

[ OK ]

[root@www ~]#

chkconfig httpd on

Install MySQL for Database Server.

[root@www ~]#

yum -y install mysql-server

[root@www ~]#

/etc/rc.d/init.d/mysqld start

Initializing MySQL database:  Installing MySQL system tables...

OK

Filling help tables...

OK

To start mysqld at boot time you have to copy

support-files/mysql.server to the right place for your system

PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !

To do so, start the server, then issue the following commands:

/usr/bin/mysqladmin -u root password 'new-password'

/usr/bin/mysqladmin -u root -h www.server.world password 'new-password'

Alternatively you can run:

/usr/bin/mysql_secure_installation

which will also give you the option of removing the test

databases and anonymous user created by default.  This is

strongly recommended for production servers.

See the manual for more instructions.

You can start the MySQL daemon with:

cd /usr ; /usr/bin/mysqld_safe &

You can test the MySQL daemon with mysql-test-run.pl

cd /usr/mysql-test ; perl mysql-test-run.pl

Please report any problems with the /usr/bin/mysqlbug script!

Starting mysqld:     [  OK  ]

[root@www ~]#

chkconfig mysqld on

[root@www ~]#

mysql -u root

# connect to MySQL

Welcome to the MySQL monitor.  Commands end with ; or \g.

Your MySQL connection id is 2

Server version: 5.1.52 Source distribution

Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.

This software comes with ABSOLUTELY NO WARRANTY. This is free software,

and you are welcome to modify and redistribute it under the GPL v2 license

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

# show user info

mysql>

select user,host,password from mysql.user;

# set root password

mysql>

set password for root@localhost=password('password');

Query OK, 0 rows affected (0.00 sec)

# set root password

mysql>

set password for root@'127.0.0.1'=password('password');

Query OK, 0 rows affected (0.00 sec)

# set root password

mysql>

set password for root@'www.server.world'=password('password');

Query OK, 0 rows affected (0.00 sec)

# delete anonymous user

mysql>

delete from mysql.user where user='';

Query OK, 2 rows affected (0.00 sec)

mysql>

select user,host,password from mysql.user;

mysql>

exit

# quit

Bye
[root@www ~]#

mysql -u root -p

# connect with root

Enter password:

# MySQL root password

Welcome to the MySQL monitor.  Commands end with ; or \g.

Your MySQL connection id is 4

Server version: 5.1.52 Source distribution

Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.

This software comes with ABSOLUTELY NO WARRANTY. This is free software,

and you are welcome to modify and redistribute it under the GPL v2 license

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

exit

Bye

MySQL

root@mail ~]#

mysql -u root -p

# connect to MySQL

Enter password:

Welcome to the MySQL monitor.  Commands end with ; or \g.

Your MySQL connection id is 4

Server version: 5.1.52 Source distribution

Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.

This software comes with ABSOLUTELY NO WARRANTY. This is free software,

and you are welcome to modify and redistribute it under the GPL v2 license

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

# create "postfixadmin" DB ( input any password you like on 'password' section )

mysql>

create database postfixadmin character set utf8 collate utf8_bin;

Query OK, 1 row affected (0.00 sec)

mysql>

grant all privileges on postfixadmin.* to postfixadmin@'localhost' identified by 'password';

Query OK, 0 rows affected (0.00 sec)

mysql>

flush privileges;

Query OK, 0 rows affected (0.00 sec)

mysql>

exit

Bye

[2]

Install PostfixAdmin (Download lataest version of it)

[root@mail ~]#

yum -y install php-mysql php-imap

[root@mail ~]#

wget http://ftp.jaist.ac.jp/pub/sourceforge/p/po/postfixadmin/postfixadmin/postfixadmin-2.3.5/postfixadmin-2.3.5.tar.gz

[root@mail ~]#

tar zxvf postfixadmin-2.3.5.tar.gz

[root@mail ~]#

mv postfixadmin-2.3.5 /var/www/html/postfixadmin

[root@mail ~]#

vi /var/www/html/postfixadmin/config.inc.php

# line 26: change

$CONF['configured'] =

true

;

# line 31: change after Web settings (input it generated on [5] section)

$CONF['setup_password'] = '

xxxxxxxxxx

';

# line 43: change

$CONF['default_language'] = '

ja

';

# line 51,52,53: change to the DB info for postfixadmin

$CONF['database_user'] = '

postfixadmin

';
$CONF['database_password'] = '

password

';
$CONF['database_name'] = '

postfixadmin

';

[root@mail ~]#

vi /etc/httpd/conf.d/postfixadmin.conf

# create new

<Directory /var/www/html/postfixadmin/>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1 10.0.0.0/24

# IP address you permit

</Directory>

[root@mail ~]#

/etc/rc.d/init.d/httpd restart

Stopping httpd:

[  OK  ]

Starting httpd:

[  OK  ]

[3]

Access to "http://(your server's hostname or IP address)/postfixadmin/setup.php". Then, following screen is shown, click "Lost password?" on right under.

[4]

Input setup password.

[5]

Set generated hash on config file (back to [2]). Next, input setup password and email address, admin-password and click "add admin" button.

[6]

Admin user is added. Initial settings is just completed.

[7]

Access to "http://(your server's hostname or IP address)/postfixadmin/login.php". Then, login screen is shown like follows. Login with admin user you added.

[8]

Just logined. It's possible to configure Postfix on here.

 

[root@mail ~]#

yum --enablerepo=epel -y install mailgraph

# install from EPEL

[root@mail ~]#

vi /etc/httpd/conf.d/mailgraph.conf

Alias /mailgraph /usr/share/mailgraph

AddHandler cgi-script .cgi

<Directory /usr/share/mailgraph/>
AllowOverride None
Options +ExecCGI
DirectoryIndex mailgraph.cgi

   Order Deny,Allow
Deny from all
Allow from 127.0.0.1

10.0.0.0/24

# IP address you allow

</Directory>

[root@mail ~]#

/etc/rc.d/init.d/mailgraph start

Starting mailgraph:

[  OK  ]

[root@mail ~]#

/etc/rc.d/init.d/httpd restart

Stopping httpd:

[  OK  ]

Starting httpd:

[  OK  ]

[root@mail ~]#

chkconfig mailgraph on

[2]

Access to 'http://(your server's name or IP address)/mailgraph/' with web browser. Then following screen is shown and it's possible to make sure mail log summary.

Print Friendly
Filed under: Centos, mail No Comments
1Feb/140

Installing Nagios 3.1.2.0 on CentOS 5.3

Posted by Infoaddict

Step # 1 Checking for Prerequisites.

 

yum list installed | egrep 'httpd|gcc|glibc|glibc-common|gd|gd-devel'

 

compat-gcc-34.i386 3.4.6-4 installed

compat-gcc-34-c++.i386 3.4.6-4 installed

compat-gcc-34-g77.i386 3.4.6-4 installed

compat-glibc.i386 1:2.3.4-2.26 installed

compat-glibc-headers.i386 1:2.3.4-2.26 installed

compat-libgcc-296.i386 2.96-138 installed

gcc.i386 4.1.2-44.el5 installed

gcc-c++.i386 4.1.2-44.el5 installed

gcc-gfortran.i386 4.1.2-44.el5 installed

gcc-gnat.i386 4.1.2-44.el5 installed

gcc-java.i386 4.1.2-44.el5 installed

gcc-objc.i386 4.1.2-44.el5 installed

gd.i386 2.0.33-9.4.el5_1.1 installed

gd-devel.i386 2.0.33-9.4.el5_1.1 installed

gdb.i386 6.8-27.el5 installed

gdbm.i386 1.8.0-26.2.1 installed

gdbm-devel.i386 1.8.0-26.2.1 installed

gdk-pixbuf.i386 1:0.22.0-25.el5 installed

gdm.i386 1:2.16.0-47.el5.centos installed

glibc.i686 2.5-34 installed

glibc-common.i386 2.5-34 installed

glibc-devel.i386 2.5-34 installed

glibc-headers.i386 2.5-34 installed

httpd.i386 2.2.3-22.el5.centos installed

libgcc.i386 4.1.2-44.el5 installed

sysklogd.i386 1.4.1-44.el5 installed

 

 

Above output shows that required packages are installed on system. In the case the are not installed you can install them using your CentOS 5.3 DVD. If you want to install from CentOS 5.3 DVD you need to enable CentOS-Media.repo

 

Enabling CentOS-Media.repo

 

vim /etc/yum.repos.d/CentOS-Media.repo

 

# CentOS-Media.repo

#

# This repo is used to mount the default locations for a CDROM / DVD on

# CentOS-5. You can use this repo and yum to install items directly off the

# DVD ISO that we release.

#

# To use this repo, put in your DVD and use it with the other repos too:

# yum --enablerepo=c5-media [command]

#

# or for ONLY the media repo, do this:

#

# yum --disablerepo=\* --enablerepo=c5-media [command]

 

[c5-media]

name=CentOS-$releasever - Media

baseurl=file:///media/dvd/

file:///media/CentOS/

file:///media/cdrom/

file:///media/cdrecorder/

gpgcheck=1

enabled=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

 

Step # 2 Installing Prerequisites.

 

yum --disablerepo=\* --enablerepo=c5-media -y install httpd gcc glibc glibc-common gd gd-devel

 

 

 

 

Step # 3 Creating Users/Groups needed.

 

 

groupadd nagcmd

 

useradd -G nagcmd,apache nagios

 

id nagios

 

passwd nagios

 

 

Step # 4 Downloading Nagios & Plugins

 

 

mkdir /downloads

 

cd /downloads

 

 

wget -c http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.1.2.tar.gz

 

wget -c http://prdownloads.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.13.tar.gz

 

 

Step # 5 Extracting Nagios tar ball.

 

 

tar zxvf nagios-3.1.2.tar.gz

 

cd nagios-3.1.2

 

 

Step # 6 running ./configure script.

 

./configure --with-command-group=nagcmd

 

Step # 7 compiling the source code.

 

make all

 

Step # 8 Installing Nagios binaries.

make install

 

Step # 9 Installing init script.

make install-init

 

Step # 10 Installing sample config files.

make install-config

 

Step # 11 setting permissions on the external command directory.

make install-commandmode

 

 

Step # 12 Updating contacts/groups information in contacts.cfg file.

vim /usr/local/nagios/etc/objects/contacts.cfg

change email address of nagiosadmin user line 35 according to your requirements.

 

Step # 13 Installing web configuration.

make install-webconf

 

Step # 14 creating nagiosadmin user and setting password for web-interface.

htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

 

Step # 15 Configuring, Restarting Apache Service and Adding to runlevel 35 .

vim /etc/httpd/conf/httpd.conf

go to line 391 and add index.php

chkconfig --level 35 httpd on

service httpd restart

 

Step # 16 Compiling and installing Nagios plugins.

cd /downloads/

tar zxvf nagios-plugins-1.4.13.tar.gz

cd nagios-plugins-1.4.13

./configure --with-nagios-user=nagios --with-nagios-group=nagios

make

 

make install

 

Step # 17 Verifying, restarting nagios service and Adding to runlevel 35 .

/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

chkconfig --level 35 nagios on

Changing nagios user home directory to /usr/local/nagios

usermod -d /usr/local/nagios/ nagios

service nagios restart

ps aux | grep nagios

 

Step # 18 Modifying SeLinux Setting for Nagios

chcon -R -t httpd_sys_content_t /usr/local/nagios/sbin/

 

chcon -R -t httpd_sys_content_t /usr/local/nagios/share/

 

Step # 19 Login to Web-Interface.

Http://localhost/nagios

 

Step # 20 Check for Nagios Logs

tail -f /usr/local/nagios/var/nagios.log

Print Friendly
Filed under: Centos No Comments
20Jun/130

Roundcube (0.2.1) webmail client installation on Centos 5.3

Posted by Infoaddict

Warning: Before you move farther into installation, I must warn you that RoundCube is a Web Mail Client in it's infancy. It provides you look and feel like your desktop email client. The only advantage it has over squirrel mail is that it has facility to show and compose HTML mails. It does not contain password changing facility as of version 0.2.1.
Also, it does not contain options to Filter messages as well.
There are hacks, though. I am using Qmail setup, with Squirrelmail+change_password plugin already installed on the mail server. I can use that. OR, I can use a link to qmailadmin administration page, where users can change their passwords, effortlessly. The INSTALL file mentions requirements as:
REQUIREMENTS
============

* The Apache or Lighttpd Webserver
* .htaccess support allowing overrides for DirectoryIndex
* PHP Version 5.2 or greater including
- PCRE (perl compatible regular expression)
- DOM (xml document object model)
- libiconv (recommended)
- mbstring (optional)
* php.ini options:
- error_reporting E_ALL & ~E_NOTICE (or lower)
- memory_limit (increase as suitable to support large attachments)
- file_uploads enabled (for attachment upload features)
- session.auto_start disabled
- zend.ze1_compatibility_mode disabled
* PHP compiled with OpenSSL to connect to IMAPS and to use the spell checker
* A MySQL or PostgreSQL database engine or the SQLite extension for PHP
* One of the above databases with permission to create tables
* An SMTP server or PHP configured for mail delivery

However, in my experience, I have installed successfully on CentOS 5.3, with PHP 5.1 .

Download the Roundcube TAR file from http://roundcube.net/ . Un-tar it under your document root, if you want it just for your specific website, OR, you can un-tar it in /var/www/roundcube and create a server wide alias. This way, it will be accessible to all websites hosted on your server.

Assuming your web server runs as user apache:-
Change the ownership of the entire directory tree of RoundCube source to apache:apache, if you are setting it up server wide.

Change the ownership of the entire directory tree of RoundCube source to yourftpaccount:apache, if you are setting it up only for your website, under your document root sub tree. If your document root is /var/www/vhosts/mysite.com/httpdocs., then you may want to install roundcube in:  /var/www/vhosts/mysite.com/httpdocs/webmail .

Make sure that config, temp and logs directories are readable and writeable by user apache.

Once you reach here, you may want to configure it.

If you have installed it server wide, under /var/www/roundcube, you will first need to create an Alias in your apache config file. You can do it as :-

cat > /etc/httpd/conf.d/roundcube.conf << EOF
Alias /roundcube /var/www/roundcube
EOF

service httpd reload

If you have installed it only for one website, inside a directory named webmail, under it's document root, you can continue onwards.

Go inside the directory webmail/config and change the names of files *.inc.php.dist to *.inc.php . Now you can use either the web installer method, or the manual method. To use the web-installer method, which is diabled by default, you would need to :

set $rcmail_config['enable_installer'] = true; in config/main.inc.php

,… and run/access  http://yourwebsite/webmail/installer from a web browser. This should get you done in a few steps.

If you are doing a manual install, here are the instructions (which are easy as well) :-

The roundcube INSTALL file says:-

First you need to create a database for roundcube, in mysql.

# mysql –u root
CREATE DATABASE roundcubedb /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;
GRANT ALL PRIVILEGES ON roundcubedb.* TO roundcubeuser@localhost IDENTIFIED BY 'secret';
quit

Then, populate this DB as :-

[root@www roundcubemail-0.2.1]# mysql -u root -psecretdbpassword roundcubedb < SQL/mysql.initial.sql

Next edit the config/db.inc.php file  and set value for the following variables.

$rcmail_config['db_dsnw'] = 'mysql://roundcubeuser:secret@localhost/roundcubedb';

Then edit the config/main.inc.php and adjust the following variables:-

$rcmail_config['default_host'] = 'mail.yoursite.com';

This one is not a must actually. If you do not set it, you will see a  "Server" textbox on the webmail login page, below your id and password text boxes. You may supply "localhost" or "mail.yoursite.com" , or whatever is the name of your mail server in that box. That is it!. you are done.

Now login to your roundcube interface by accessing http://yourwebsite/webmail . Use complete email-id as username and your email password . Login and enjoy!

Changing email password:-

Assuming, you have an email id as webmaster@example.com , and you have QmailAdmin installed on your system, like I do, then you would login as :

URL: http://www.yoursite.com/cgi-bin/qmailadmin
UserAccount: webmaster
DomainName: example.com
Password: your-current-email-password

Once you login, you will see options to set your full name, your password, email routing, incase you want your mail to be forwarded elsewhere, and an option to set vacation auto-response. Update your settings here and press the "Modify User" button at the bottom to save changes. You are done. Similarly if you have other hosted or hosting environments, such as plesk / cpanel, etc, you may use their email control panel to change your password.

 

Print Friendly
Filed under: Centos No Comments