Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
vms:webdev:ispconfig [2014/06/06 14:50] admin [Mailman] |
vms:webdev:ispconfig [2014/06/06 15:28] admin [fail2ban] |
||
---|---|---|---|
Line 280: | Line 280: | ||
VIRTUALCHROOT=true | VIRTUALCHROOT=true | ||
... | ... | ||
+ | </code> | ||
+ | |||
+ | To allow FTP and TLS sessions: | ||
+ | <code> | ||
+ | > echo 1 > /etc/pure-ftpd/conf/TLS | ||
+ | </code> | ||
+ | |||
+ | In order to use TLS, we must create an SSL certificate. Lets create it in **/etc/ssl/private/**, creating the directory first: | ||
+ | <code> | ||
+ | > mkdir -p /etc/ssl/private/ | ||
+ | </code> | ||
+ | |||
+ | Then, we generate the SSL certificate as follows: | ||
+ | <code> | ||
+ | > openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem | ||
+ | </code> | ||
+ | |||
+ | Fill all requested information... | ||
+ | |||
+ | Change the permissions of the SSL certificate, and restart PureFTPd: | ||
+ | <code> | ||
+ | > chmod 600 /etc/ssl/private/pure-ftpd.pem | ||
+ | > service pure-ftpd-mysql restart | ||
+ | </code> | ||
+ | |||
+ | Edit **/etc/fstab**, adding ,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 to the partition with the mount point /: | ||
+ | <code> | ||
+ | > nano /etc/fstab | ||
+ | |||
+ | UUID=1d269e64-420e-47e1-84fc-c8f0b14c1345 / ext4 errors=remount-ro,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 0 1 | ||
+ | </code> | ||
+ | |||
+ | To enable quota, run these commands: | ||
+ | <code> | ||
+ | > mount -o remount / | ||
+ | > quotacheck -avugm | ||
+ | > quotaon -avug | ||
+ | </code> | ||
+ | |||
+ | ==== BIND DNS Server ==== | ||
+ | ---- | ||
+ | <code> | ||
+ | > apt-get install bind9 dnsutils | ||
+ | </code> | ||
+ | |||
+ | ==== Vlogger, Webalizer, And AWstats ==== | ||
+ | ---- | ||
+ | <code> | ||
+ | > apt-get install vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl | ||
+ | > nano /etc/cron.d/awstats | ||
+ | |||
+ | # Comment out everything in that file ! | ||
+ | </code> | ||
+ | |||
+ | ==== Jailkit ==== | ||
+ | ---- | ||
+ | Jailkit is needed only if you want to chroot SSH users. It must be installed before ISPConfig - it cannot be installed afterwards! | ||
+ | |||
+ | <code> | ||
+ | > apt-get install build-essential autoconf automake1.9 libtool flex bison debhelper binutils-gold | ||
+ | > cd /tmp | ||
+ | > wget http://olivier.sessink.nl/jailkit/jailkit-2.15.tar.gz | ||
+ | > tar xvfz jailkit-2.15.tar.gz | ||
+ | > cd jailkit-2.15 | ||
+ | > ./debian/rules binary | ||
+ | > cd .. | ||
+ | > dpkg -i jailkit_2.15-1_*.deb | ||
+ | > rm -rf jailkit-2.15* | ||
+ | </code> | ||
+ | |||
+ | ==== fail2ban ==== | ||
+ | ---- | ||
+ | <code> | ||
+ | > apt-get install fail2ban | ||
+ | </code> | ||
+ | |||
+ | To have fail2ban monitor PureFTPd and Dovecot, create the file **/etc/fail2ban/jail.local**: | ||
+ | <code> | ||
+ | > nano /etc/fail2ban/jail.local | ||
+ | > [pureftpd] | ||
+ | |||
+ | enabled = true | ||
+ | port = ftp | ||
+ | filter = pureftpd | ||
+ | logpath = /var/log/syslog | ||
+ | maxretry = 3 | ||
+ | |||
+ | [dovecot-pop3imap] | ||
+ | enabled = true | ||
+ | filter = dovecot-pop3imap | ||
+ | action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp] | ||
+ | logpath = /var/log/mail.log | ||
+ | maxretry = 5 | ||
+ | |||
+ | [sasl] | ||
+ | enabled = true | ||
+ | port = smtp | ||
+ | filter = sasl | ||
+ | logpath = /var/log/mail.log | ||
+ | maxretry = 3 | ||
</code> | </code> |