The Perfect Server - Debian Lenny

(Debian 5.0) [ISPConfig 3] - Page 3

Do you like HowtoForge? Please consider supporting us by
becoming a subscriber.

Submitted by falko (Contact Author) (Forums) on Tue, 2009-02-24 18:41. ::

4 Install The SSH Server

Debian Lenny does not install OpenSSH by default, therefore we do it now. Run

apt-get install ssh openssh-server

From now on you can use an SSH client such as PuTTY and connect from your
workstation to your Debian Lenny server and follow the remaining steps from this
tutorial.

5 Install vim-nox (Optional)

I'll use vi as my text editor in this tutorial. The default vi program has some strange
behaviour on Debian and Ubuntu; to fix this, we install vim-nox:

apt-get install vim-nox

(You don't have to do this if you use a different text editor such as joe or nano.)
6 Configure The Network

Because the Debian Lenny installer has configured our system to get its network
settings via DHCP, we have to change that now because a server should have a static IP
address. Edit /etc/network/interfaces and adjust it to your needs (in this example setup I
will use the IP address 192.168.0.100) (please note that I replace allow-hotplug eth0
with auto eth0; otherwise restarting the network doesn't work, and we'd have to reboot
the whole system):

vi /etc/network/interfaces

# This file describes the network interfaces available on your

system
# and how to activate them. For more information, see
interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
#allow-hotplug eth0
#iface eth0 inet dhcp
auto eth0
iface eth0 inet static
address 192.168.0.100
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1

Then restart your network:

/etc/init.d/networking restart

Then edit /etc/hosts. Make it look like this:

vi /etc/hosts

127.0.0.1 localhost.localdomain localhost

192.168.0.100 server1.example.com server1
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
Now run

echo server1.example.com > /etc/hostname

/etc/init.d/hostname.sh start

Afterwards, run

hostname
hostname -f

It is important that both show server1.example.com now!

7 Update Your Debian Installation

First make sure that your /etc/apt/sources.list contains the debian-volatile repository
(this makes sure you always get the newest updates for the ClamAV virus scanner - this
project publishes releases very often, and sometimes old versions stop working).

vi /etc/apt/sources.list

[...]
deb http://volatile.debian.org/debian-volatile lenny/volatile
main contrib non-free

Run

apt-get update

to update the apt package database and

apt-get upgrade

to install the latest updates (if there are any).

8 Synchronize the System Clock

It is a good idea to synchronize the system clock with an NTP (network time protocol)
server over the Internet. Simply run
apt-get install ntp ntpdate

and your system time will always be in sync.

9 Install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin, rkhunter,

binutils

We can install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin, rkhunter, and

binutils with a single command:

apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-

authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-
imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql
openssl courier-maildrop getmail4 rkhunter binutils sudo

You will be asked the following questions:

New password for the MySQL "root" user: <-- yourrootsqlpassword

Repeat password for the MySQL "root" user: <-- yourrootsqlpassword
Create directories for web-based administration? <-- No
General type of mail configuration: <-- Internet Site
System mail name: <-- server1.example.com
SSL certificate required <-- Ok

We want MySQL to listen on all interfaces, not just localhost, therefore we edit
/etc/mysql/my.cnf and comment out the line bind-address = 127.0.0.1:
vi /etc/mysql/my.cnf

[...]
# Instead of skip-networking the default is now to listen only
on
# localhost which is more compatible and is not less secure.
#bind-address = 127.0.0.1
[...]

Then we restart MySQL:

/etc/init.d/mysql restart

Now check that networking is enabled. Run

netstat -tap | grep mysql

The output should look like this:

server1:~# netstat -tap | grep mysql

tcp 0 0 *:mysql *:* LISTEN 6612/mysqld
server1:~#

During the installation, the SSL certificates for IMAP-SSL and POP3-SSL are created
with the hostname localhost. To change this to the correct hostname
(server1.example.com in this tutorial), delete the certificates...

cd /etc/courier
rm -f /etc/courier/imapd.pem
rm -f /etc/courier/pop3d.pem

... and modify the following two files; replace CN=localhost with
CN=server1.example.com (you can also modify the other values, if necessary):

vi /etc/courier/imapd.cnf

[...]
CN=server1.example.com
[...]

vi /etc/courier/pop3d.cnf

[...]
CN=server1.example.com
[...]
Then recreate the certificates...

mkimapdcert
mkpop3dcert

... and restart Courier-IMAP-SSL and Courier-POP3-SSL:

/etc/init.d/courier-imap-ssl restart
/etc/init.d/courier-pop-ssl restart