ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C The Perfect Server - CentOS 5.2 This tutorial shows how to set up a CentOS 5v.xxx server that offers all services needed by ISPs and web hosters: Apache web server (SSL-capable), Postfix mail server with SMTP-AUTH and TLS, BIND DNS server, Proftpd FTP server, MySQL server, Dovecot POP3/IMAP, Quota, Firewall, etc This tutorial is written for the 32-bit version of CentOS 5.2, but should apply to the 64-bit version with very little modifications as well I will use the following software: • • • • • • • Web Server: Apache 2.2 with PHP 5.1.6 Database Server: MySQL 5.0 Mail Server: Postfix DNS Server: BIND9 (chrooted) FTP Server: Proftpd POP3/IMAP server: Dovecot Webalizer for web site statistics In the end you should have a system that works reliably, and if you like you can install the free webhosting control panel ISPConfig (i.e., ISPConfig runs on it out of the box) I want to say first that this is not the only way of setting up such a system There are many ways of achieving this goal but this is the way I take I not issue any guarantee that this will work for you! Requirements To install such a system you will need the following: • • Download the CentOS 5.2 DVD or the six CentOS 5.2 CDs from a mirror next to you (the list of mirrors can be found here: http://isoredirect.centos.org/centos/5/isos/i386/) a fast internet connection Preliminary Note In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100 and the gateway 192.168.0.1 These settings might differ for you, so you have to replace them where appropriate Install The Base System Boot from your first CentOS 5.2 CD (CD 1) or the CentOS 5.2 DVD Press at the boot prompt: Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C Example screenshots It can take a long time to test the installation media so we skip this test here: Example screenshots The welcome screen of the CentOS installer appears Click on Next: Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C Example screenshots Choose your language next: Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C Example screenshots Select your keyboard layout: Example screenshots I'm installing CentOS 5.2 on a fresh system, so I answer Yes to the question Would you like to initialize this drive, erasing ALL DATA? Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C Example screenshots Now we must select a partitioning scheme for our installation For simplicity's sake I select Remove linux partitions on selected drives and create default layout This will result in a small /boot and a large / partition as well as a swap partition Of course, you're free to partition your hard drive however you like it Then I hit Next: Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C Example screenshots Answer the following question (Are you sure you want to this?) with Yes: Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C Example screenshots On to the network settings The default setting here is to configure the network interfaces with DHCP, but we are installing a server, so static IP addresses are not a bad idea Click on the Edit button at the top right Example screenshots In the window that pops up uncheck Use dynamic IP configuration (DHCP) and Enable IPv6 support and give your network card a static IP address (in this tutorial I'm using the IP address 192.168.0.100 for demonstration purposes) and a suitable netmask (e.g 255.255.255.0; if you are not sure about the right values, http://www.subnetmask.info might help you): Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C Example screenshots Set the hostname manually, e.g server1.example.com, and enter a gateway (e.g 192.168.0.1) and up to two DNS servers (e.g 213.191.92.86 and 145.253.2.75): Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C Example screenshots Choose your time zone: Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C Example screenshots Give root a password: Now we select the software we want to install Select nothing but Server (uncheck everything else) Also don't check Packages from CentOS Extras Then check Customize now, and click on Next: Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C Let's assume our network interface is eth0 Then there is a file /etc/sysconfig/networkscripts/ifcfg-eth0 which contains the settings for eth0 We can use this as a sample for our new virtual network interface eth0:0: cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0:0 Now we want to use the IP address 192.168.0.101 on the virtual interface eth0:0 Therefore we open the file /etc/sysconfig/network-scripts/ifcfg-eth0:0 and modify it as follows (we can leave out the HWADDR line as it is the same physical network card): vi /etc/sysconfig/network-scripts/ifcfg-eth0:0 # Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE] DEVICE=eth0:0 BOOTPROTO=static BROADCAST=192.168.0.255 IPADDR=192.168.0.101 NETMASK=255.255.255.0 NETWORK=192.168.0.0 ONBOOT=yes Afterwards we have to restart the network: /etc/init.d/network restart You might also want to adjust /etc/hosts after you have added new IP addresses, although this is not necessary Now run ifconfig You should now see your new IP address in the output: [root@server1 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:0C:29:B1:97:E1 inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:feb1:97e1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:310 errors:0 dropped:0 overruns:0 frame:0 TX packets:337 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:28475 (27.8 KiB) TX bytes:72116 (70.4 KiB) Interrupt:177 Base address:0x1400 eth0:0 Link encap:Ethernet HWaddr 00:0C:29:B1:97:E1 inet addr:192.168.0.101 Bcast:192.168.0.255 Mask:255.255.255.0 Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:177 Base address:0x1400 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:560 (560.0 b) TX bytes:560 (560.0 b) [root@server1 ~]# Disable The Firewall And SELinux (You can skip this chapter if you have already disabled the firewall and SELinux at the end of the basic system installation (in the Setup Agent).) I want to install ISPConfig at the end of this tutorial which comes with its own firewall That's why I disable the default CentOS firewall now Of course, you are free to leave it on and configure it to your needs (but then you shouldn't use any other firewall later on as it will most probably interfere with the CentOS firewall) SELinux is a security extension of CentOS that should provide extended security In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only SELinux was causing the problem) Therefore I disable it, too (this is a must if you want to install ISPConfig later on) Run system-config-securitylevel Set both Security Level and SELinux to Disabled and hit OK: Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C Example screenshots Afterwards we must reboot the system: reboot Install Some Software First we import the GPG keys for software packages: rpm import /etc/pki/rpm-gpg/RPM-GPG-KEY* Then we update our existing packages on the system: yum update Now we install some software packages that are needed later on: yum install fetchmail wget bzip2 unzip zip nmap openssl lynx fileutils ncftp gcc gccc++ Quota (If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota applies to the partitions where you need it.) To install quota, we run this command: Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C yum install quota Edit /etc/fstab and add ,usrquota,grpquota to the / partition (/dev/VolGroup00/LogVol00): vi /etc/fstab /dev/VolGroup00/LogVol00 / defaults,usrquota,grpquota LABEL=/boot /boot defaults tmpfs /dev/shm defaults 0 devpts /dev/pts devpts gid=5,mode=620 0 sysfs /sys defaults 0 proc /proc defaults 0 /dev/VolGroup00/LogVol01 swap defaults 0 ext3 1 Then run touch /aquota.user /aquota.group chmod 600 /aquota.* mount -o remount / quotacheck -avugm quotaon -avug to enable quota Install A Chrooted DNS Server (BIND9) To install a chrooted BIND9, we this: yum install bind-chroot Then this: chmod 755 /var/named/ chmod 775 /var/named/chroot/ chmod 775 /var/named/chroot/var/ chmod 775 /var/named/chroot/var/named/ chmod 775 /var/named/chroot/var/run/ chmod 777 /var/named/chroot/var/run/named/ cd /var/named/chroot/var/named/ Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ext3 tmpfs sysfs proc swap ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C ln -s / / chroot cp /usr/share/doc/bind-9.3.4/sample/var/named/named.local /var/named/chroot/var/named/named.local cp /usr/share/doc/bind-9.3.4/sample/var/named/named.root /var/named/chroot/var/named/named.root touch /var/named/chroot/etc/named.conf chkconfig levels 235 named on /etc/init.d/named start BIND will run in a chroot jail under /var/named/chroot/var/named/ I will use ISPConfig to configure BIND (zones, etc.) 10 MySQL (5.0) To install MySQL, we this: yum install mysql mysql-devel mysql-server Then we create the system startup links for MySQL (so that MySQL starts automatically whenever the system boots) and start the MySQL server: chkconfig levels 235 mysqld on /etc/init.d/mysqld start Now check that networking is enabled Run netstat -tap | grep mysql It should show a line like this: [root@server1 ~]# netstat -tap | grep mysql tcp 0 *:mysql *:* [root@server1 ~]# LISTEN 2584/mysqld If it does not, edit /etc/my.cnf and comment out the option skip-networking: vi /etc/my.cnf [ ] #skip-networking [ ] and restart your MySQL server: /etc/init.d/mysqld restart Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C Run mysqladmin -u root password yourrootsqlpassword mysqladmin -h server1.example.com -u root password yourrootsqlpassword to set a password for the user root (otherwise anybody can access your MySQL database!) 11 Postfix With SMTP-AUTH And TLS Now we install Postfix and Dovecot (Dovecot will be our POP3/IMAP server): yum install cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain postfix dovecot Next we configure SMTP-AUTH and TLS: postconf -e 'smtpd_sasl_local_domain =' postconf -e 'smtpd_sasl_auth_enable = yes' postconf -e 'smtpd_sasl_security_options = noanonymous' postconf -e 'broken_sasl_auth_clients = yes' postconf -e 'smtpd_sasl_authenticated_header = yes' postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination' postconf -e 'inet_interfaces = all' postconf -e 'mynetworks = 127.0.0.0/8' We must edit /usr/lib/sasl2/smtpd.conf so that Postfix allows PLAIN and LOGIN logins On a 64Bit Centos 5.2 you must edit the file /usr/lib64/sasl2/smtpd.conf instead It should look like this: vi /usr/lib/sasl2/smtpd.conf pwcheck_method: saslauthd mech_list: plain login Afterwards we create the certificates for TLS: mkdir /etc/postfix/ssl cd /etc/postfix/ssl/ openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024 chmod 600 smtpd.key openssl req -new -key smtpd.key -out smtpd.csr openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C openssl rsa -in smtpd.key -out smtpd.key.unencrypted mv -f smtpd.key.unencrypted smtpd.key openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650 Next we configure Postfix for TLS: postconf -e 'smtpd_tls_auth_only = no' postconf -e 'smtp_use_tls = yes' postconf -e 'smtpd_use_tls = yes' postconf -e 'smtp_tls_note_starttls_offer = yes' postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key' postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt' postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem' postconf -e 'smtpd_tls_loglevel = 1' postconf -e 'smtpd_tls_received_header = yes' postconf -e 'smtpd_tls_session_cache_timeout = 3600s' postconf -e 'tls_random_source = dev:/dev/urandom' Then we set the hostname in our Postfix installation (make sure you replace server1.example.com with your own hostname): postconf -e 'myhostname = server1.example.com' After these configuration steps you should now have a /etc/postfix/main.cf that looks like this (I have removed all comments from it): cat /etc/postfix/main.cf queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix mail_owner = postfix inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost unknown_local_recipient_reject_code = 550 alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases debug_peer_level = debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.3.3/samples readme_directory = /usr/share/doc/postfix2.3.3/README_FILES smtpd_sasl_local_domain = smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_d estination mynetworks = 127.0.0.0/8 smtpd_tls_auth_only = no smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom myhostname = server1.example.com By default, CentOS' Dovecot daemon provides only IMAP and IMAPs services Because we also want POP3 and POP3s we must configure Dovecot to so We edit /etc/dovecot.conf and enable the line protocols = imap imaps pop3 pop3s: vi /etc/dovecot.conf [ ] # Base directory where to store runtime data #base_dir = /var/run/dovecot/ # Protocols we want to be serving: imap imaps pop3 pop3s # If you only want to use dovecot-auth, you can set this to "none" protocols = imap imaps pop3 pop3s # IP or host address where to listen in for connections It's not currently # possible to specify multiple addresses "*" listens in all IPv4 interfaces Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C # "[::]" listens in all IPv6 interfaces, but may also listen in all IPv4 # interfaces depending on the operating system [ ] Now start Postfix, saslauthd, and Dovecot: chkconfig levels 235 sendmail off chkconfig levels 235 postfix on chkconfig levels 235 saslauthd on chkconfig levels 235 dovecot on /etc/init.d/sendmail stop /etc/init.d/postfix start /etc/init.d/saslauthd start /etc/init.d/dovecot start To see if SMTP-AUTH and TLS work properly now run the following command: telnet localhost 25 After you have established the connection to your Postfix mail server type ehlo localhost If you see the lines 250-STARTTLS and 250-AUTH PLAIN LOGIN everything is fine [root@server1 ssl]# telnet localhost 25 Trying 127.0.0.1 Connected to localhost.localdomain (127.0.0.1) Escape character is '^]' 220 server1.example.com ESMTP Postfix ehlo localhost 250-server1.example.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN quit 221 2.0.0 Bye Connection closed by foreign host [root@server1 ssl]# Type quit to return to the system's shell 11.1 Maildir Dovecot uses Maildir format (not mbox), so if you install ISPConfig on the server, please make sure you enable Maildir under Management -> Server -> Settings -> Email ISPConfig will then the necessary configuration If you not want to install ISPConfig, then you must configure Postfix to deliver emails to a user's Maildir (you can also this if you use ISPConfig - it doesn't hurt ;-)): postconf -e 'home_mailbox = Maildir/' postconf -e 'mailbox_command =' /etc/init.d/postfix restart 12 Apache2 With PHP & Ruby Now we install Apache with PHP (this is PHP 5.1.6): yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear phpxml php-xmlrpc curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel Then edit /etc/httpd/conf/httpd.conf: vi /etc/httpd/conf/httpd.conf and change DirectoryIndex to [ ] DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3 index.pl [ ] Now configure your system to start Apache at boot time: Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C chkconfig levels 235 httpd on Start Apache: /etc/init.d/httpd start 12.1 Disable PHP Globally (If you not plan to install ISPConfig on this server, please skip this section!) In ISPConfig you will configure PHP on a per-website basis, i.e you can specify which website can run PHP scripts and which one cannot This can only work if PHP is disabled globally because otherwise all websites would be able to run PHP scripts, no matter what you specify in ISPConfig To disable PHP globally, we edit /etc/httpd/conf.d/php.conf and comment out the AddHandler and AddType lines: vi /etc/httpd/conf.d/php.conf # # PHP is an HTML-embedded scripting language which attempts to make it # easy for developers to write dynamically generated webpages # LoadModule php5_module modules/libphp5.so # # Cause the PHP interpreter to handle files with a php extension # #AddHandler php5-script php #AddType text/html php # # Add index.php to the list of files that will be served as directory # indexes # DirectoryIndex index.php # # Uncomment the following line to allow PHP to pretty-print phps # files as PHP source code: # #AddType application/x-httpd-php-source phps Afterwards we restart Apache: /etc/init.d/httpd restart Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C 12.2 Installing mod_ruby For CentOS 5.2, there's no mod_ruby package available, so we must compile it ourselves First we install some prerequisites: yum install httpd-devel ruby ruby-devel Next we download and install mod_ruby as follows: cd /tmp wget http://www.modruby.net/archive/mod_ruby-1.2.6.tar.gz tar zxvf mod_ruby-1.2.6.tar.gz cd mod_ruby-1.2.6/ /configure.rb with-apr-includes=/usr/include/apr-1 make make install Finally we must add the mod_ruby module to the Apache configuration, so we create the file /etc/httpd/conf.d/ruby.conf vi /etc/httpd/conf.d/ruby.conf LoadModule ruby_module modules/mod_ruby.so and restart Apache: /etc/init.d/httpd restart 13 ProFTPd ISPConfig has better support for proftpd than vsftpd, so let's remove vsftpd: yum remove vsftpd Because CentOS has no proftpd package, we have to compile Proftpd manually: cd /tmp/ wget passive-ftp ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.1.tar.gz tar xvfz proftpd-1.3.1.tar.gz cd proftpd-1.3.1/ /configure sysconfdir=/etc make make install cd rm -fr proftpd-1.3.1* Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C The proftpd binary gets installed in /usr/local/sbin, but we need it in /usr/sbin, so we create a symlink: ln -s /usr/local/sbin/proftpd /usr/sbin/proftpd Now create the init script /etc/init.d/proftpd: vi /etc/init.d/proftpd #!/bin/sh # $Id: proftpd.init,v 1.1 2004/02/26 17:54:30 thias Exp $ # # proftpd This shell script takes care of starting and stopping # proftpd # # chkconfig: - 80 30 # description: ProFTPD is an enhanced FTP server with a focus towards \ # simplicity, security, and ease of configuration \ # It features a very Apache-like configuration syntax, \ # and a highly customizable server infrastructure, \ # including support for multiple 'virtual' FTP servers, \ # anonymous FTP, and permission-based directory visibility # processname: proftpd # config: /etc/proftp.conf # pidfile: /var/run/proftpd.pid # Source function library /etc/rc.d/init.d/functions # Source networking configuration /etc/sysconfig/network # Check that networking is up [ ${NETWORKING} = "no" ] && exit [ -x /usr/sbin/proftpd ] || exit RETVAL=0 prog="proftpd" start() { echo -n $"Starting $prog: " daemon proftpd RETVAL=$? echo [ $RETVAL -eq ] && touch /var/lock/subsys/proftpd } stop() { echo -n $"Shutting down $prog: " killproc proftpd RETVAL=$? echo Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C [ $RETVAL -eq ] && rm -f /var/lock/subsys/proftpd } # See how we were called case "$1" in start) start ;; stop) stop ;; status) status proftpd RETVAL=$? ;; restart) stop start ;; condrestart) if [ -f /var/lock/subsys/proftpd ]; then stop start fi ;; reload) echo -n $"Re-reading $prog configuration: " killproc proftpd -HUP RETVAL=$? echo ;; *) echo "Usage: $prog {start|stop|restart|reload|condrestart|status}" exit esac exit $RETVAL Then we make the init script executable: chmod 755 /etc/init.d/proftpd Next we open /etc/proftpd.conf and change Group to nobody: vi /etc/proftpd.conf [ ] Group [ ] nobody For security reasons you can also add the following lines to /etc/proftpd.conf (thanks to Reinaldo Carvalho; more information can be found here: http://proftpd.org/localsite/Userguide/linked/userguide.html): Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C vi /etc/proftpd.conf [ ] DefaultRoot ~ IdentLookups off ServerIdent on "FTP Server ready." [ ] Now we can create the system startup links for Proftpd: chkconfig levels 235 proftpd on And finally we start Proftpd: /etc/init.d/proftpd start Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ... your new IP address in the output: [root @server1 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:0C:29:B1:97:E1 inet addr:192.168.0.100 Bcast:192.168.0. 255 Mask: 255 . 255 . 255 .0 inet6 addr: fe80::20c:29ff:feb1:97e1/64... BOOTPROTO=static BROADCAST=192.168.0. 255 IPADDR=192.168.0.101 NETMASK= 255 . 255 . 255 .0 NETWORK=192.168.0.0 ONBOOT=yes Afterwards we have to restart the network: /etc/init.d/network restart You might also... address (in this tutorial I'm using the IP address 192.168.0.100 for demonstration purposes) and a suitable netmask (e.g 255 . 255 . 255 .0; if you are not sure about the right values, http://www.subnetmask.info