The Perfect Server - CentOS 5

CentOS Installation Step

1. Installation Operating System2. Installation Proftpd3. Installation IDM Linux4. SAMBA PDC di Centos5.45. Crash Pada apache WEBSERVER6. Install and Configure Cacti Network Graphing Tool7. Install OLE Pear spreadsheet xlsThe Perfect Server - CentOS 5.2

Version 1.0Author: Falko Timme Last edited 06/26/2008

This tutorial shows how to set up a CentOS 5.2 server that offers all services needed by ISPs and web hosters: Apache web server (SSL-capable), Postfix mail server with SMTP-AUTH and TLS, BIND DNS server, Proftpd FTP server, MySQL server, Dovecot POP3/IMAP, Quota, Firewall, etc. This tutorial is written for the 32-bit version of CentOS 5.2, but should apply to the 64-bit version with very little modifications as well.

I will use the following software:

Web Server: Apache 2.2 with PHP 5.1.6

Database Server: MySQL 5.0

Mail Server: Postfix

DNS Server: BIND9 (chrooted)

FTP Server: Proftpd

POP3/IMAP server: Dovecot

Webalizer for web site statistics

In the end you should have a system that works reliably, and if you like you can install the free webhosting control panel ISPConfig (i.e., ISPConfig runs on it out of the box).

I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

1 Requirements

To install such a system you will need the following:

Download the CentOS 5.2 DVD or the six CentOS 5.2 CDs from a mirror next to you (the list of mirrors can be found here: http://isoredirect.centos.org/centos/5/isos/i386/).

a fast internet connection.

2 Preliminary Note

In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100 and the gateway 192.168.0.1. These settings might differ for you, so you have to replace them where appropriate.

3 Install The Base System

Boot from your first CentOS 5.2 CD (CD 1) or the CentOS 5.2 DVD. Press at the boot prompt:

It can take a long time to test the installation media so we skip this test here:

The welcome screen of the CentOS installer appears. Click on Next:

Choose your language next:

(JavaScript must be enabled in your browser to view the large image as an image overlay.)

Select your keyboard layout:

I'm installing CentOS 5.2 on a fresh system, so I answer Yes to the question Would you like to initialize this drive, erasing ALL DATA?

Now we must select a partitioning scheme for our installation. For simplicity's sake I select Remove linux partitions on selected drives and create default layout. This will result in a small /boot and a large / partition as well as a swap partition. Of course, you're free to partition your hard drive however you like it. Then I hit Next:

Answer the following question (Are you sure you want to do this?) with Yes:

On to the network settings. The default setting here is to configure the network interfaces with DHCP, but we are installing a server, so static IP addresses are not a bad idea... Click on the Edit button at the top right.

In the window that pops up uncheck Use dynamic IP configuration (DHCP) and Enable IPv6 support and give your network card a static IP address (in this tutorial I'm using the IP address 192.168.0.100 for demonstration purposes) and a suitable netmask (e.g. 255.255.255.0; if you are not sure about the right values, http://www.subnetmask.info might help you):

Set the hostname manually, e.g. server1.example.com, and enter a gateway (e.g. 192.168.0.1) and up to two DNS servers (e.g. 213.191.92.86 and 145.253.2.75):

Choose your time zone:

Give root a password:

The Perfect Server - CentOS 5.2 - Page 2

Submitted by falko (Contact Author) (Forums) on Thu, 2008-07-10 16:16. ::

Now we select the software we want to install. Select nothing but Server (uncheck everything else). Also don't check Packages from CentOS Extras. Then check Customize now, and click on Next:

Now we must select the package groups we want to install. Select Editors, Text-based Internet, Development Libraries, Development Tools, DNS Name Server, FTP Server, Mail Server, MySQL Database, Server Configuration Tools, Web Server, Administration Tools, Base, and System Tools (unselect all other package groups) and click on Next:

The installer checks the dependencies of the selected packages:

Click on Next to start the installation:

The hard drive is being formatted:

(JavaScript must be enabled in your browser to view the large image as an image overlay.)

The installation begins. This will take a few minutes:

Finally, the installation is complete, and you can remove your CD or DVD from the computer and reboot it:

After the reboot, you will see this screen. Select Firewall configuration and hit Run Tool:

I want to install ISPConfig at the end of this tutorial which comes with its own firewall. That's why I disable the default CentOS firewall now. Of course, you are free to leave it on and configure it to your needs (but then you shouldn't use any other firewall later on as it will most probably interfere with the CentOS firewall).

SELinux is a security extension of CentOS that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only SELinux was causing the problem). Therefore I disable it, too (this is a must if you want to install ISPConfig later on). Hit OK afterwards:

Then leave the Setup Agent by selecting Exit:

Then log in as root and reboot the system so that your changes can be applied:

reboot

Now, on to the configuration...

The Perfect Server - CentOS 5.2 - Page 3

Submitted by falko (Contact Author) (Forums) on Thu, 2008-07-10 16:18. ::

4 Adjust /etc/hosts

Next we edit /etc/hosts. Make it look like this:

vi /etc/hosts

SHAPE

5 Configure Additional IP Addresses

(This section is totally optional. It just shows how to add additional IP addresses to your network interface eth0 if you need more than one IP address. If you're fine with one IP address, you can skip this section.)

Let's assume our network interface is eth0. Then there is a file /etc/sysconfig/network-scripts/ifcfg-eth0 which contains the settings for eth0. We can use this as a sample for our new virtual network interface eth0:0:

cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0:0

Now we want to use the IP address 192.168.0.101 on the virtual interface eth0:0. Therefore we open the file /etc/sysconfig/network-scripts/ifcfg-eth0:0 and modify it as follows (we can leave out the HWADDR line as it is the same physical network card):

vi /etc/sysconfig/network-scripts/ifcfg-eth0:0

SHAPE

Afterwards we have to restart the network:

/etc/init.d/network restart

You might also want to adjust /etc/hosts after you have added new IP addresses, although this is not necessary.

Now run

ifconfig

You should now see your new IP address in the output:

[root@server1~]#ifconfigeth0Linkencap:EthernetHWaddr00:0C:29:B1:97:E1inetaddr:192.168.0.100Bcast:192.168.0.255Mask:255.255.255.0inet6addr:fe80::20c:29ff:feb1:97e1/64Scope:LinkUPBROADCASTRUNNINGMULTICASTMTU:1500Metric:1RXpackets:310errors:0dropped:0overruns:0frame:0TXpackets:337errors:0dropped:0overruns:0carrier:0collisions:0txqueuelen:1000RXbytes:28475(27.8KiB)TXbytes:72116(70.4KiB)Interrupt:177Baseaddress:0x1400

eth0:0Linkencap:EthernetHWaddr00:0C:29:B1:97:E1inetaddr:192.168.0.101Bcast:192.168.0.255Mask:255.255.255.0UPBROADCASTRUNNINGMULTICASTMTU:1500Metric:1Interrupt:177Baseaddress:0x1400

loLinkencap:LocalLoopbackinetaddr:127.0.0.1Mask:255.0.0.0inet6addr:::1/128Scope:HostUPLOOPBACKRUNNINGMTU:16436Metric:1RXpackets:8errors:0dropped:0overruns:0frame:0TXpackets:8errors:0dropped:0overruns:0carrier:0collisions:0txqueuelen:0RXbytes:560(560.0b)TXbytes:560(560.0b)

[root@server1~]#

6 Disable The Firewall And SELinux

(You can skip this chapter if you have already disabled the firewall and SELinux at the end of the basic system installation (in the Setup Agent).)

I want to install ISPConfig at the end of this tutorial which comes with its own firewall. That's why I disable the default CentOS firewall now. Of course, you are free to leave it on and configure it to your needs (but then you shouldn't use any other firewall later on as it will most probably interfere with the CentOS firewall).

SELinux is a security extension of CentOS that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only SELinux was causing the problem). Therefore I disable it, too (this is a must if you want to install ISPConfig later on).

Run

system-config-securitylevel

Set both Security Level and SELinux to Disabled and hit OK:

Afterwards we must reboot the system:

reboot

7 Install Some Software

First we import the GPG keys for software packages:

rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*

Then we update our existing packages on the system:

yum update

Now we install some software packages that are needed later on:

yum install fetchmail wget bzip2 unzip zip nmap openssl lynx fileutils ncftp gcc gcc-c++

The Perfect Server - CentOS 5.2 - Page 4

Submitted by falko (Contact Author) (Forums) on Thu, 2008-07-10 16:20. ::

8 Quota

(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota applies to the partitions where you need it.)

To install quota, we run this command:

yum install quota

Edit /etc/fstab and add ,usrquota,grpquota to the / partition (/dev/VolGroup00/LogVol00):

vi /etc/fstab

SHAPE

Then run

touch /aquota.user /aquota.groupchmod 600 /aquota.*mount -o remount /quotacheck -avugmquotaon -avug

to enable quota.

9 Install A Chrooted DNS Server (BIND9)

To install a chrooted BIND9, we do this:

yum install bind-chroot

Then do this:

chmod 755 /var/named/chmod 775 /var/named/chroot/chmod 775 /var/named/chroot/var/chmod 775 /var/named/chroot/var/named/chmod 775 /var/named/chroot/var/run/chmod 777 /var/named/chroot/var/run/named/cd /var/named/chroot/var/named/ln -s ../../ chrootcp /usr/share/doc/bind-9.3.4/sample/var/named/named.local /var/named/chroot/var/named/named.localcp /usr/share/doc/bind-9.3.4/sample/var/named/named.root /var/named/chroot/var/named/named.roottouch /var/named/chroot/etc/named.confchkconfig --levels 235 named on/etc/init.d/named start

BIND will run in a chroot jail under /var/named/chroot/var/named/. I will use ISPConfig to configure BIND (zones, etc.).

10 MySQL (5.0)

To install MySQL, we do this:

yum install mysql mysql-devel mysql-server

Then we create the system startup links for MySQL (so that MySQL starts automatically whenever the system boots) and start the MySQL server:

chkconfig --levels 235 mysqld on/etc/init.d/mysqld start

Now check that networking is enabled. Run

netstat -tap | grep mysql

It should show a line like this:

[root@server1~]#netstat-tap|grepmysqltcp00*:mysql*:*LISTEN2584/mysqld[root@server1~]#

If it does not, edit /etc/my.cnf and comment out the option skip-networking:

vi /etc/my.cnf

SHAPE

and restart your MySQL server:

/etc/init.d/mysqld restart

Run

mysqladmin -u root password yourrootsqlpasswordmysqladmin -h server1.example.com -u root password yourrootsqlpassword

to set a password for the user root (otherwise anybody can access your MySQL database!).

The Perfect Server - CentOS 5.2 - Page 5

Submitted by falko (Contact Author) (Forums) on Thu, 2008-07-10 16:22. ::

11 Postfix With SMTP-AUTH And TLS

Now we install Postfix and Dovecot (Dovecot will be our POP3/IMAP server):

yum install cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain postfix dovecot

Next we configure SMTP-AUTH and TLS:

postconf -e 'smtpd_sasl_local_domain ='postconf -e 'smtpd_sasl_auth_enable = yes'postconf -e 'smtpd_sasl_security_options = noanonymous'postconf -e 'broken_sasl_auth_clients = yes'postconf -e 'smtpd_sasl_authenticated_header = yes'postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'postconf -e 'inet_interfaces = all'postconf -e 'mynetworks = 127.0.0.0/8'

We must edit /usr/lib/sasl2/smtpd.conf so that Postfix allows PLAIN and LOGIN logins. On a 64Bit Centos 5.2 you must edit the file /usr/lib64/sasl2/smtpd.conf instead. It should look like this:

vi /usr/lib/sasl2/smtpd.conf

SHAPE

Afterwards we create the certificates for TLS:

mkdir /etc/postfix/sslcd /etc/postfix/ssl/openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024

chmod 600 smtpd.keyopenssl req -new -key smtpd.key -out smtpd.csr

openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt

openssl rsa -in smtpd.key -out smtpd.key.unencrypted

mv -f smtpd.key.unencrypted smtpd.keyopenssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

Next we configure Postfix for TLS:

postconf -e 'smtpd_tls_auth_only = no'postconf -e 'smtp_use_tls = yes'postconf -e 'smtpd_use_tls = yes'postconf -e 'smtp_tls_note_starttls_offer = yes'postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'postconf -e 'smtpd_tls_loglevel = 1'postconf -e 'smtpd_tls_received_header = yes'postconf -e 'smtpd_tls_session_cache_timeout = 3600s'postconf -e 'tls_random_source = dev:/dev/urandom'

Then we set the hostname in our Postfix installation (make sure you replace server1.example.com with your own hostname):

postconf -e 'myhostname = server1.example.com'

After these configuration steps you should now have a /etc/postfix/main.cf that looks like this (I have removed all comments from it):

cat /etc/postfix/main.cf

SHAPE

By default, CentOS' Dovecot daemon provides only IMAP and IMAPs services. Because we also want POP3 and POP3s we must configure Dovecot to do so. We edit /etc/dovecot.conf and enable the line protocols = imap imaps pop3 pop3s:

vi /etc/dovecot.conf

SHAPE

Now start Postfix, saslauthd, and Dovecot:

chkconfig --levels 235 sendmail offchkconfig --levels 235 postfix onchkconfig --levels 235 saslauthd onchkconfig --levels 235 dovecot on/etc/init.d/sendmail stop/etc/init.d/postfix start/etc/init.d/saslauthd start/etc/init.d/dovecot start

To see if SMTP-AUTH and TLS work properly now run the following command:

telnet localhost 25

After you have established the connection to your Postfix mail server type

ehlo localhost

If you see the lines

250-STARTTLS

and

250-AUTH PLAIN LOGIN

everything is fine.

[root@server1 ssl]# telnet localhost 25Trying 127.0.0.1...Connected to localhost.localdomain (127.0.0.1).Escape character is '^]'.220 server1.example.com ESMTP Postfixehlo localhost250-server1.example.com250-PIPELINING250-SIZE 10240000250-VRFY250-ETRN250-STARTTLS250-AUTH PLAIN LOGIN250-AUTH=PLAIN LOGIN250-ENHANCEDSTATUSCODES250-8BITMIME250 DSNquit221 2.0.0 ByeConnection closed by foreign host.[root@server1 ssl]#

Type

quit

to return to the system's shell.

11.1 Maildir

Dovecot uses Maildir format (not mbox), so if you install ISPConfig on the server, please make sure you enable Maildir under Management -> Server -> Settings -> Email. ISPConfig will then do the necessary configuration.

If you do not want to install ISPConfig, then you must configure Postfix to deliver emails to a user's Maildir (you can also do this if you use ISPConfig - it doesn't hurt ;-)):

postconf -e 'home_mailbox = Maildir/'postconf -e 'mailbox_command ='/etc/init.d/postfix restart

The Perfect Server - CentOS 5.2 - Page 6

Submitted by falko (Contact Author) (Forums) on Thu, 2008-07-10 16:24. ::

12 Apache2 With PHP & Ruby

Now we install Apache with PHP (this is PHP 5.1.6):

yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel

Then edit /etc/httpd/conf/httpd.conf:

vi /etc/httpd/conf/httpd.conf

and change DirectoryIndex to

SHAPE

Now configure your system to start Apache at boot time:

chkconfig --levels 235 httpd on

Start Apache:

/etc/init.d/httpd start

12.1 Disable PHP Globally

(If you do not plan to install ISPConfig on this server, please skip this section!)

In ISPConfig you will configure PHP on a per-website basis, i.e. you can specify which website can run PHP scripts and which one cannot. This can only work if PHP is disabled globally because otherwise all websites would be able to run PHP scripts, no matter what you specify in ISPConfig.

To disable PHP globally, we edit /etc/httpd/conf.d/php.conf and comment out the AddHandler and AddType lines:

vi /etc/httpd/conf.d/php.conf

SHAPE

Afterwards we restart Apache:

/etc/init.d/httpd restart

12.2 Installing mod_ruby

For CentOS 5.2, there's no mod_ruby package available, so we must compile it ourselves. First we install some prerequisites:

yum install httpd-devel ruby ruby-devel

Next we download and install mod_ruby as follows:

cd /tmpwget http://www.modruby.net/archive/mod_ruby-1.2.6.tar.gztar zxvf mod_ruby-1.2.6.tar.gzcd mod_ruby-1.2.6/./configure.rb --with-apr-includes=/usr/include/apr-1makemake install

Finally we must add the mod_ruby module to the Apache configuration, so we create the file /etc/httpd/conf.d/ruby.conf...

vi /etc/httpd/conf.d/ruby.conf

SHAPE

... and restart Apache:

/etc/init.d/httpd restart

13 ProFTPd

ISPConfig has better support for proftpd than vsftpd, so let's remove vsftpd:

yum remove vsftpd

Because CentOS has no proftpd package, we have to compile Proftpd manually:

cd /tmp/wget --passive-ftp ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.1.tar.gztar xvfz proftpd-1.3.1.tar.gzcd proftpd-1.3.1/./configure --sysconfdir=/etcmakemake installcd ..rm -fr proftpd-1.3.1*

The proftpd binary gets installed in /usr/local/sbin, but we need it in /usr/sbin, so we create a symlink:

ln -s /usr/local/sbin/proftpd /usr/sbin/proftpd

Now create the init script /etc/init.d/proftpd:

vi /etc/init.d/proftpd

SHAPE

Then we make the init script executable:

chmod 755 /etc/init.d/proftpd

Next we open /etc/proftpd.conf and change Group to nobody:

vi /etc/proftpd.conf

SHAPE

For security reasons you can also add the following lines to /etc/proftpd.conf (thanks to Reinaldo Carvalho; more information can be found here: http://proftpd.org/localsite/Userguide/linked/userguide.html):

vi /etc/proftpd.conf

SHAPE

Now we can create the system startup links for Proftpd:

chkconfig --levels 235 proftpd on

And finally we start Proftpd:

/etc/init.d/proftpd start

The Perfect Server - CentOS 5.2 - Page 7

Submitted by falko (Contact Author) (Forums) on Thu, 2008-07-10 16:26. ::

14 Webalizer

To install webalizer, just run

yum install webalizer

15 Synchronize The System Clock

If you want to have the system clock synchronized with an NTP server do the following:

yum install ntp

chkconfig --levels 235 ntpd onntpdate 0.pool.ntp.org/etc/init.d/ntpd start

16 Install Some Perl Modules

ISPConfig comes with SpamAssassin which needs a few Perl modules to work. We install the required Perl modules with a single command:

yum install perl-HTML-Parser perl-DBI perl-Net-DNS perl-Digest-SHA1

17 The End

The configuration of the server is now finished, and if you wish you can now install ISPConfig on it.

17.1 A Note On SuExec

If you want to run CGI scripts under suExec, you should specify /var/www as the home directory for websites created by ISPConfig as CentOS' suExec is compiled with /var/www as Doc_Root. Run

/usr/sbin/suexec -V

and the output should look like this:

[root@server1~]#/usr/sbin/suexec-V-DAP_DOC_ROOT="/var/www"-DAP_GID_MIN=100-DAP_HTTPD_USER="apache"-DAP_LOG_EXEC="/var/log/httpd/suexec.log"-DAP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"-DAP_UID_MIN=500-DAP_USERDIR_SUFFIX="public_html"[root@server1~]#

So if you want to use suExec with ISPconfig, don't change the default web root (which is /var/www) if you use expert mode during the ISPConfig installation (in standard mode you can't change the web root anyway so you'll be able to use suExec in any case).

18 Links

CentOS: http://www.centos.org ISPConfig: http://www.ispconfig.org

How to install and Configure ProFTPd with integrate theMySQL21 10 2008 What is ProFTPd ?ProFTPd is a FTP daemon for unix and unix-like operating systems. With we using ProFTPd we can develop a FTP Server. And also ProFTPd easy to configuration.

System requirements1. Apache2. Mysql3. PhpMyadmin

You can use yum to install these packages:

[root@heri ~] yum install mysql mysql-server phpMyAdmin httpd

Step by step instalation:1. Install Proftpd-mysql with YUM.[root@heri ~]# yum install proftpd-mysql

2. Use the following command to make sure instalation of ProFTPd.

[root@heri ~]# rpm -qa | grep proftpd

proftpd-mysql-1.3.1-1.el5.rf

proftpd-1.3.1-1.el5.rf

3. Create user(ftpuser) and group(ftpgroup) proftpd, Iam assumsing that the group and userid is 2001. Using a number that is free on your system.

[root@heri ~]# groupadd -g 2001 ftpgroup

[root@heri ~]# useradd -u 2001 -s /bin/false -d /bin/null -c "proftpd user" -g ftpgroup ftpuser

4. Log into your mysql, and then please enter your username and password your mysql.

[root@heri ~]# mysql -u root -p

5. Create database to proftpd with the database name is ftp.

mysql> create database ftp;

6. Create an user and give the priveleges to management the database ftp.

mysql> GRANT SELECT, INSERT, UPDATE, DELETE ON ftp.* TO 'proftpd'@'localhost' IDENTIFIED BY 'password';

mysql> GRANT SELECT, INSERT, UPDATE, DELETE ON ftp.* TO 'proftpd'@'localhost.localdomain' IDENTIFIED BY 'password';

mysql> FLUSH PRIVILEGES;

7. Create tables to database ftp.

mysql> use ftp;

mysql> CREATE TABLE ftpgroup (

-> groupname varchar(16) NOT NULL default '',

-> gid smallint(6) NOT NULL default '5500',

-> members varchar(16) NOT NULL default '',

-> KEY groupname (groupname)

-> ) TYPE=MyISAM COMMENT='ProFTP group table';

mysql> CREATE TABLE ftpquotalimits (

-> name varchar(30) default NULL,

-> quota_type enum('user','group','class','all') NOT NULL default 'user',

-> per_session enum('false','true') NOT NULL default 'false',

-> limit_type enum('soft','hard') NOT NULL default 'soft',

-> bytes_in_avail int(10) unsigned NOT NULL default '0',

-> bytes_out_avail int(10) unsigned NOT NULL default '0',

-> bytes_xfer_avail int(10) unsigned NOT NULL default '0',

-> files_in_avail int(10) unsigned NOT NULL default '0',

-> files_out_avail int(10) unsigned NOT NULL default '0',

-> files_xfer_avail int(10) unsigned NOT NULL default '0'

-> ) TYPE=MyISAM;

mysql> CREATE TABLE ftpquotatallies (

-> name varchar(30) NOT NULL default '',

-> quota_type enum('user','group','class','all') NOT NULL default 'user',

-> bytes_in_used int(10) unsigned NOT NULL default '0',

-> bytes_out_used int(10) unsigned NOT NULL default '0',

-> bytes_xfer_used int(10) unsigned NOT NULL default '0',

-> files_in_used int(10) unsigned NOT NULL default '0',

-> files_out_used int(10) unsigned NOT NULL default '0',

-> files_xfer_used int(10) unsigned NOT NULL default '0'

-> ) TYPE=MyISAM;

mysql> CREATE TABLE ftpuser (

-> id int(10) unsigned NOT NULL auto_increment,

-> userid varchar(32) NOT NULL default '',

-> passwd varchar(32) NOT NULL default '',

-> uid smallint(6) NOT NULL default '5500',

-> gid smallint(6) NOT NULL default '5500',

-> homedir varchar(255) NOT NULL default '',

-> shell varchar(16) NOT NULL default '/sbin/nologin',

-> count int(11) NOT NULL default '0',

-> accessed datetime NOT NULL default '0000-00-00 00:00:00',

-> modified datetime NOT NULL default '0000-00-00 00:00:00',

-> PRIMARY KEY (id),

-> UNIQUE KEY userid (userid)

-> ) TYPE=MyISAM COMMENT='ProFTP user table'

Configuration:1. Edit file configuration your ProFTPd in /etc/proftpd.conf. And Comment the AuthPAMConfig and AuthOrder lines.

[root@heri ~]# vi /etc/proftpd.conf

[..]

# Use pam to authenticate (default) and be authoritative

#AuthPAMConfig proftpd

#AuthOrder mod_auth_pam.c* mod_auth_unix.c

[..]

2. Add the following lines bellow after this line .[..]

# SQL authentication Dynamic Shared Object (DSO) loading

# See README.DSO and howto/DSO.html for more details.

#

# LoadModule mod_sql.c

# LoadModule mod_sql_mysql.c

# LoadModule mod_sql_postgres.c

#

LoadModule mod_sql.c

LoadModule mod_sql_mysql.c

LoadModule mod_quotatab.c

LoadModule mod_quotatab_sql.c

# The passwords in MySQL are encrypted using CRYPT

SQLAuthTypes Plaintext Crypt

SQLAuthenticate users groups

# used to connect to the database

# databasename@host database_user user_password

SQLConnectInfo ftp@localhost proftpd password

# Here we tell ProFTPd the names of the database columns in the "usertable"

# we want it to interact with. Match the names with those in the db

SQLUserInfo ftpuser userid passwd uid gid homedir shell

# Here we tell ProFTPd the names of the database columns in the "grouptable"

# we want it to interact with. Again the names match with those in the db

SQLGroupInfo ftpgroup groupname gid members

# Here we tell ProFTPd the names of the database columns in the "grouptable"

# we want it to interact with. Again the names match with those in the db

SQLGroupInfo ftpgroup groupname gid members

# set min UID and GID - otherwise these are 999 each

SQLMinID 500

# create a user's home directory on demand if it doesn't exist

SQLHomedirOnDemand on

# Update count every time user logs in

SQLLog PASS updatecount

SQLNamedQuery updatecount UPDATE "count=count+1, accessed=now() WHERE userid='%u'" ftpuser

# Update modified everytime user uploads or deletes a file

SQLLog STOR,DELE modified

SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" ftpuser

# User quotas

# ===========

QuotaEngine on

QuotaDirectoryTally on

QuotaDisplayUnits Mb

QuotaShowQuotas on

SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM ftpquotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"

SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM ftpquotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"

SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" ftpquotatallies

SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftpquotatallies

QuotaLimitTable sql:/get-quota-limit

QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally

RootLogin off

RequireValidShell off

[..]

Please make sure about password of user proftpd for the Mysql user in line SQLConnectInfo!.3. Start service proftpd.

[root@heri ~]# /etc/init.d/proftpd start

4. Log into your mysql and use the following command to create a new user and group in table ftpgroup.

[root@heri ~]# mysql -u root -p

mysql> use ftp;

mysql> INSERT INTO `ftpgroup` (`groupname`, `gid`, `members`) VALUES ('ftpgroup', 2001, 'ftpuser');

5. Then use the following command to create a new virtual FTP user(example:heri) and with a quota of 15MB and password heri1234.

mysql> INSERT INTO `ftpquotalimits` (`name`, `quota_type`, `per_session`, `limit_type`, `bytes_in_avail`, `bytes_out_avail`, `bytes_xfer_avail`, `files_in_avail`, `files_out_avail`, `files_xfer_avail`) VALUES ('heri', 'user', 'true', 'hard', 15728640, 0, 0, 0, 0, 0);

mysql> INSERT INTO `ftpuser` (`id`, `userid`, `passwd`, `uid`, `gid`, `homedir`, `shell`, `count`, `accessed`, `modified`) VALUES (1, 'heri', 'heri1234', 2001, 2001, '/home/www.heri.com', '/sbin/nologin', 0, '', '');

6. Now, tried log in to your FTP server like this picture bellow, Please enter username and password of heri.

7. After you running the command like above then you will see directory www.heri.com in your home directory, like this picture bellow.

Database Administration:For management users FTP in your database you can use phpmyadmin to management it. Please point your browser to http://ip_address_your_server/phpmyadmin. Then you will see like this picture bellow.

Anonymous User:1. Add user and group for anonymous.

[root@heri ~]# groupadd -g 2002 anonymous_ftp

[root@heri ~]# useradd -u 2002 -s /bin/false -d /home/anonymous_ftp -m -c "Anonyous FTP User" -g anonymous_ftp anonymous_ftp

2. Change directory to /home/anonymous_ftp.

[root@heri ~]#cd /home/anonymous_ftp

[root@heri anonymous_ftp]# rm -rf *

3. Create a directory with name incoming.

[root@heri anonymous_ftp]# mkdir incoming

4. Now, change ownner of incoming directory.

[root@heri anonymous_ftp]# chown anonymous_ftp:nobody incoming/

[root@heri anonymous_ftp]# ll

total 4

drwxr-xr-x 2 anonymous_ftp nobody 4096 Oct 21 01:22 incoming

5. And finally, open file your configuration proftpd and changes your configuration until like this bellow.

# A basic anonymous configuration, with an upload directory.

User anonymous_ftp Group nobody

AccessGrantMsg "Anonymous login ok, restrictions apply."#

# # We want clients to be able to login with "anonymous" as well as "ftp"

UserAlias anonymous anonymous_ftp#

# # Limit the maximum number of anonymous logins

MaxClients 10 "Sorry, max %m users -- try again later"#

# # Put the user into /pub right after login

# #DefaultChdir /pub

#

# # We want 'welcome.msg' displayed at login, '.message' displayed in

# # each newly chdired directory and tell users to read README* files.

DisplayLogin /welcome.msg

DisplayFirstChdir .message# DisplayReadme README*

#

# # Some more cosmetic and not vital stuff

DirFakeUser on anonymous_ftp

DirFakeGroup on anonymous_ftp#

# # Limit WRITE everywhere in the anonymous chroot

DenyAll

#

# # An upload directory that allows storing files but not retrieving

# # or creating directories.

AllowOverwrite no

DenyAll

AllowAll

#

# # Don't write anonymous accesses to the system wtmp file (good idea!)

# WtmpLog off

#

# # Logging for the anonymous transfers

# ExtendedLog /var/log/proftpd/access.log WRITE,READ default

# ExtendedLog /var/log/proftpd/auth.log AUTH auth

#

6. Now, tried log into your FTP server with username anonymous and without password, you will see like the picture bellow.

Aplikasi Semacam IDM diLinux

Mei 12, 2010 Setiawan Tinggalkan komentar Go to comments

Mungkin bagi sebagian orang yang terbiasa menggunakan Windows, IDM merupakan downloader yang banyak di pakai. Nah, jika anda baru saja migrasi ke linux, dan bingung harus menggunakan downloader apa. Saya menggunakan Multiget di Firefox.

Cara install multiget agar bisa terintregasi dengan Firefox adalah sebagai berikut, langkah pertama adalah buka Firefox, lalu Tools -> Add-ons -> Get Add-ons carilah Flashgot.

Lalu pilih Add to Firefox, dan biarkan terinstall.

Setelah Flashgot terinstal, restart firefox. Selanjutnya kita akan menginstall multiget, caranya buka terminal lalu ketikkan sudo apt-get install multiget (saya menggunakan linux mint helena). Tunggu sampai proses instalasi multiget selesai.

Nah, di Firefox (yang sudah anda restart barusan), pilih Tools -> FlashGot -> More Option, kemudian KlikAdd, lalu Enter download manager name :Multigetkemudian cari lokasi multiget berada yaitu di /usr/bin/multiget, lalu tekanOpen, terakhirisikan[url=URL] [refer=REFERER] di command line arguments.

Sekarang saat kita ingin mendownload sesuatu, kita bisa memilih FlashGot Multiget.

Pilih Save File, lalu pilihlah OK.

Selamat mencoba

SAMBA PDC di Centos5.4

Mungkin sudah banyak artikel di internet yang menulis tentang samba PDC, artikel ini merupakan dokumentasi pekerjaan saya dan mungkin dapat bermanfaat untuk yang lainnya.

Persiapan :

1. Centos 5.4 with LVM Partition ( Optional )

2. Samba Server default centos 5.4 sudah berjalan baik.

Konfigurasi samba :

1. vim /etc/samba/smb.conf

NOTE : Huruf yang ditebalkan pada konfigurasi samba PDC yang di edit/tambahkan [global]

unix charset = UTF-8dos charset = CP932# Network Related Options -

#

# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH

#

# server string is the equivalent of the NT Description field

#

# netbios name can be used to specify a server name not tied to the hostname

#

# Interfaces lets you configure Samba to use multiple interfaces

# If you have multiple network interfaces then you can list the ones

# you want to listen on (never omit localhost)

#

# Hosts Allow/Hosts Deny lets you restrict who can connect, and you can

# specifiy it as a per share option as well

#

workgroup = YOLITA server string = Samba Server Version %v netbios name = YOLITAPDC unix password sync = No; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24

hosts allow = 127. 192.168.1.# Standalone Server Options

#

# Security can be set to user, share(deprecated) or server(deprecated)

#

# Backend to store user information in. New installations should

# use either tdbsam or ldapsam. smbpasswd is available for backwards

# compatibility. tdbsam requires no further configuration.

security = user passdb backend = tdbsam# Domain Controller Options

#

# Security must be set to user for domain controllers

#

# Backend to store user information in. New installations should

# use either tdbsam or ldapsam. smbpasswd is available for backwards

# compatibility. tdbsam requires no further configuration.

#

# Domain Master specifies Samba to be the Domain Master Browser. This

# allows Samba to collate browse lists between subnets. Dont use this

# if you already have a Windows NT domain controller doing this job

#

# Domain Logons let Samba be a domain logon server for Windows workstations.

#

# Logon Scrpit let yuou specify a script to be run at login time on the client

# You need to provide it in a share called NETLOGON

#

# Logon Path let you specify where user profiles are stored (UNC path)

#

# Various scripts can be used on a domain controller or stand-alone

# machine to add or delete corresponding unix accounts domain master = yes domain logons = yes pam password change = yes# the login script name depends on the machine name

# mapping drive automatis ke drive P folder yg akan di bagi

logon drive = p: encrypt passwords = yes logon home = \\netbiosname\%U passwd program = /usr/bin/passwd %u hide files = /*.pst/; logon script = %m.bat

# the login script name depends on the unix user used

#file login.bat di simpan di /var/lib/samba/netlogon/login.bat

logon script = login.bat logon path = \\192.168.1.254\profiles\%U; add user script = /usr/sbin/useradd %u -n -g users

; add group script = /usr/sbin/groupadd %g

; add machine script = /usr/sbin/useradd -n -c Workstation (%u) -M -d /nohome -s

/bin/false %u

add machine script = /usr/sbin/useradd -s /bin/false -d /home/nobody %u; delete user script = /usr/sbin/userdel %u

; delete user from group script = /usr/sbin/userdel %u %g

; delete group script = /usr/sbin/groupdel %g

# Browser Control Options -

#

# set local master to no if you dont want Samba to become a master

# browser on your network. Otherwise the normal election rules apply

#

# OS Level determines the precedence of this server in master browser

# elections. The default value should be reasonable

#

# Preferred Master causes Samba to force a local browser election on startup

# and gives it a slightly higher chance of winning the election

local master = yes os level = 64 preferred master = yes# Name Resolution -

# Windows Internet Name Serving Support Section:

# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both

#

# WINS Support: Tells the NMBD component of Samba to enable its WINS Server

# DNS Proxy tells Samba whether or not to try to resolve NetBIOS names

# via DNS nslookups.

wins support = yes; wins server = w.x.y.z

; wins proxy = yes

; dns proxy = yes

# Printing Options

#

# Load Printers let you load automatically the list of printers rather

# than setting them up individually

#

# Cups Options let you pass the cups libs custom options, setting it to raw

# for example will let you use drivers on your Windows clients

#

# Printcap Name let you specify an alternative printcap file

#

# You can choose a non default printing system using the Printing option

load printers = yes cups options = raw; printcap name = /etc/printcap

#obtain list of printers automatically on SystemV

; printcap name = lpstat

; printing = cups

# Filesystem Options

#

# The following options can be uncommented if the filesystem supports

# Extended Attributes and they are enabled (usually by the mount option

# user_xattr). Thess options will let the admin store the DOS attributes

# in an EA and make samba not mess with the permission bits.

#

# Note: these options can also be set just per share, setting them in global

# makes them the default for all shares

; map archive = no

; map hidden = no

; map read only = no

; map system = no

; store dos attributes = yes

#============================ Share Definitions ==============================

[homes] comment = Home Directories browseable = no writable = yes writable = yes valid users = %S read only = no create mode = 0600 directory mode = 0700; valid users = %S

; valid users = MYDOMAIN\%S

[printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes# Un-comment the following and create the netlogon directory for Domain Logons

[netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = yes writable = no share modes = no# Un-comment the following to provide a specific roving profile share

# Roaming profile user dibuat di masing2 direktori home user linux

[Profiles] create mode = 0600 directory mode = 0700 path = /home/%U profile acls = yes read only = no writable = yes#folder yang dishare di drive P : /var/lib/samba/netlogon/login.bat

[Share] comment = sharing file path = /home/share writable = yes guest ok = yes guest only = yes create mode = 0777 directory mode = 0777 share modes = yes

Finish

________________________________________________________________________________

Membuat administrator / root username di samba :[root@router ~]# smbpasswd -a root[root@router ~]# service smb restartUnix2 Dos[root@router ~]# unix2dos /var/lib/samba/netlogon/login.batKONFIGURASI DI WINDOWS XP SP 31. start run regedit

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Pilih requiresignorseal ganti value data menjadi 0 hexadesimal1. Start Run gpedit.msc

Computer configuration Administrative Templates System User profiles

Pilih Do not check for user ownership of roaming profiles folder ganti ke enable1. Join domain samba PDC

Klik kanan My computer Computer Name > Change Domain

Ketik nama workgroup sesuai dengan konfigurasi workgroup disamba server.

Masukan username / password root untuk pertama kali login ke samba. Restart Win Xp

1. Buat user samba di linux

[root@router ~]# useradd karu[root@router ~]# passwd karuChanging password for user karu.New UNIX password:BAD PASSWORD: it is based on a dictionary wordRetype new UNIX password:passwd: all authentication tokens updated successfully.[root@router ~]# smbpasswd -a karu

New SMB password:

Retype new SMB password:

Added user karu.

Windows XPLog on mengunakan user tsb. Dan ganti logon to ke domain workgroup samba

Screenshoot di Windows XP :

Log file di sever sambatail f /var/log/samba/smbd.log

[2011/06/22 10:01:44, 1] smbd/service.c:make_connection_snum(1033)

gudangllb (192.168.1.167) connect to service Profiles initially as user karu (uid=502, gid=502) (pid 4845)

[2011/06/22 10:01:44, 1] smbd/service.c:make_connection_snum(1033)

gudangllb (192.168.1.167) connect to service netlogon initially as user karu (uid=502, gid=502) (pid 4844)

[2011/06/22 10:01:55, 1] smbd/service.c:close_cnum(1230)

gudangllb (192.168.1.167) closed connection to service Profiles

[2011/06/22 10:01:55, 1] smbd/service.c:close_cnum(1230)

gudangllb (192.168.1.167) closed connection to service netlogon

Crash Pada apache WEBSERVER[root@server p247com]# /sbin/service httpd restartStopping httpd: [ OK ]Starting httpd: [Sun Nov 01 19:43:28 2009] [warn] module php5_module is already loaded, skipping(98)Address already in use: make_sock: could not bind to address [::]:80(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80no listening sockets available, shutting downUnable to open logs

[root@server p247com]# /sbin/service httpd restartStopping httpd: [FAILED]Starting httpd: [Sun Nov 01 19:43:43 2009] [warn] module php5_module is already loaded, skipping(98)Address already in use: make_sock: could not bind to address [::]:80(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80no listening sockets available, shutting downUnable to open logs

[root@server p247com]# netstat -lnp | grep :80tcp 0 0 :::80 :::* LISTEN 12839/ixko.pl

EDIT

[root@server /]# netstat -lnp | grep :80tcp 0 0 :::80 :::* LISTEN 12840/ixko.pl [root@server /]# kill -9 12840[root@server /]# netstat -lnp | grep :80tcp 0 0 :::80 :::* LISTEN 12841/ixko.pl [root@server /]# kill -9 12841[root@server /]# netstat -lnp | grep :80tcp 0 0 :::80 :::* LISTEN 12842/ixko.pl [root@server /]# kill -9 12842[root@server /]# netstat -lnp | grep :80[root@server /]# netstat -lnp | grep :80 GRANT ALL ON cacti.* TO cacti@localhost IDENTIFIED BY 'zYn95ph43zYtq';

mysql> FLUSH privileges;

mysql> \q

Install snmpd

Type the following command to install net-snmpd# yum install net-snmp-utils php-snmp net-snmp-libsConfigure snmpd, open /etc/snmp/snmpd.conf# vi /etc/snmp/snmpd.confAppend / modify it as follows (see snmpd.conf man page for details):

com2sec local localhost public

group MyRWGroup v1 local

group MyRWGroup v2c local

group MyRWGroup usm local

view all included .1 80

access MyRWGroup "" any noauth exact all all none

syslocation Unknown (edit /etc/snmp/snmpd.conf)

syscontact Root (configure /etc/snmp/snmp.local.conf)

pass .1.3.6.1.4.1.4413.4.1 /usr/bin/ucd5820stat

Save and close the file. Turn on snmpd service:# /etc/init.d/snmpd start# chkconfig snmpd onMake sure you are getting information from snmpd:# snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndexSample ouptut:

IP-MIB::ipAdEntIfIndex.10.10.29.68 = INTEGER: 2

IP-MIB::ipAdEntIfIndex.67.yy.zz.eee = INTEGER: 3

IP-MIB::ipAdEntIfIndex.127.0.0.1 = INTEGER: 1

Install cacti

First, make sure EPEL repo is enabled. Type the following command to install cacti:# yum install cactiInstall cacti tables

Type the following command to find out cacti.sql path:# rpm -ql cacti | grep cacti.sqlSample output:

/usr/share/doc/cacti-0.8.7d/cacti.sql

Type the following command to install cacti tables (you need to type the cacti user password):# mysql -u cacti -p cacti < /usr/share/doc/cacti-0.8.7d/cacti.sqlConfigure cacti

Open /etc/cacti/db.php file, enter:# vi /etc/cacti/db.phpMake changes as follows:

/* make sure these values refect your actual database/host/user/password */$database_type = "mysql";

$database_default = "cacti";

$database_hostname = "localhost";

$database_username = "cacti";

$database_password = "zYn95ph43zYtq";

$database_port = "3306";

Save and close the file.

Configure httpd

Open /etc/httpd/conf.d/cacti.conf file, enter:# vi /etc/httpd/conf.d/cacti.confYou need to update allow from line. Either set to ALL or your LAN subnet to allow access to cacti:

#

# Cacti: An rrd based graphing tool

#

Alias /cacti /usr/share/cacti

Order Deny,Allow

Deny from all

Allow from 10.0.0.0/8

Another option is create /usr/share/cacti/.htaccess file and password protect the directory. Finally, restart httpd:# service httpd restartSetup cacti cronjob

Open /etc/cron.d/cacti file, enter:# vi /etc/cron.d/cactiUncomment the line:

*/5 * * * * cacti /usr/bin/php /usr/share/cacti/poller.php > /dev/null 2>&1

Save and close the file.

Run cacti installer

Now cacti is ready to install. Fire a webbrowser and type the url:http://your.example.com/cacti/ORhttp://your.server.ip.address/cacti/Just follow on screen instructions. The default username and password for cacti is admin / admin. Upon first login, you will be force to change the default password.

How do I configure SNMP data collection?

SNMP can be used to monitor server traffic. Once installed login to cacti.=> Click on Devices

=> Select Localhost

=> Make sure SNMP options are selected as follows:

Fig.01: SNMP configuration

Finally, click on Save button.

How do I create SNMP graphs?

Click on "Create Graphs for this Host" link on top right side.

Select SNMP - Interface Statistics

Select a graph type (such as In/Out bytes with total bandwidth)

Finally, click on Create button.

How do I view graphs?

To view graphs click on Graphs tab. Here is sample graph from one my own box:

Fig.02: Cacti in Action - Memory, CPU and Network Usage

(Fig.02: Cacti in action)

Fig.03: Cacti in Action Disk, Load average and User stats

Install OLE Pear spreadsheet xls

pear install Spreadsheet_Excel_Writer-0.9.3pear install OLE-1.0.0RC2# Do not remove the following line, or various programs

# that require network functionality will fail.

127.0.0.1 localhost.localdomain localhost

192.168.0.100 server1.example.com server1

::1 localhost6.localdomain6 localhost6

# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]

DEVICE=eth0:0

BOOTPROTO=static

BROADCAST=192.168.0.255

IPADDR=192.168.0.101

NETMASK=255.255.255.0

NETWORK=192.168.0.0

ONBOOT=yes

/dev/VolGroup00/LogVol00 / ext3 defaults,usrquota,grpquota 1 1

LABEL=/boot /boot ext3 defaults 1 2

tmpfs /dev/shm tmpfs defaults 0 0

devpts /dev/pts devpts gid=5,mode=620 0 0

sysfs /sys sysfs defaults 0 0

proc /proc proc defaults 0 0

/dev/VolGroup00/LogVol01 swap swap defaults 0 0

[...]

#skip-networking

[...]

pwcheck_method: saslauthd

mech_list: plain login

queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = /usr/libexec/postfix

mail_owner = postfix

inet_interfaces = all

mydestination = $myhostname, localhost.$mydomain, localhost

unknown_local_recipient_reject_code = 550

alias_maps = hash:/etc/aliases

alias_database = hash:/etc/aliases

debug_peer_level = 2

debugger_command =

PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin

xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail.postfix

newaliases_path = /usr/bin/newaliases.postfix

mailq_path = /usr/bin/mailq.postfix

setgid_group = postdrop

html_directory = no

manpage_directory = /usr/share/man

sample_directory = /usr/share/doc/postfix-2.3.3/samples

readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES

smtpd_sasl_local_domain =

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

broken_sasl_auth_clients = yes

smtpd_sasl_authenticated_header = yes

smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination

mynetworks = 127.0.0.0/8

smtpd_tls_auth_only = no

smtp_use_tls = yes

smtpd_use_tls = yes

smtp_tls_note_starttls_offer = yes

smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key

smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt

smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem

smtpd_tls_loglevel = 1

smtpd_tls_received_header = yes

smtpd_tls_session_cache_timeout = 3600s

tls_random_source = dev:/dev/urandom

myhostname = server1.example.com

[...]

# Base directory where to store runtime data.

#base_dir = /var/run/dovecot/

# Protocols we want to be serving: imap imaps pop3 pop3s

# If you only want to use dovecot-auth, you can set this to "none".

protocols = imap imaps pop3 pop3s

# IP or host address where to listen in for connections. It's not currently

# possible to specify multiple addresses. "*" listens in all IPv4 interfaces.

# "[::]" listens in all IPv6 interfaces, but may also listen in all IPv4

# interfaces depending on the operating system.

[...]

[...]

DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3 index.pl

[...]

#

# PHP is an HTML-embedded scripting language which attempts to make it

# easy for developers to write dynamically generated webpages.

#

LoadModule php5_module modules/libphp5.so

#

# Cause the PHP interpreter to handle files with a .php extension.

#

#AddHandler php5-script .php

#AddType text/html .php

#

# Add index.php to the list of files that will be served as directory

# indexes.

#

DirectoryIndex index.php

#

# Uncomment the following line to allow PHP to pretty-print .phps

# files as PHP source code:

#

#AddType application/x-httpd-php-source .phps

LoadModule ruby_module modules/mod_ruby.so

#!/bin/sh

# $Id: proftpd.init,v 1.1 2004/02/26 17:54:30 thias Exp $

#

# proftpd This shell script takes care of starting and stopping

# proftpd.

#

# chkconfig: - 80 30

# description: ProFTPD is an enhanced FTP server with a focus towards \

# simplicity, security, and ease of configuration. \

# It features a very Apache-like configuration syntax, \

# and a highly customizable server infrastructure, \

# including support for multiple 'virtual' FTP servers, \

# anonymous FTP, and permission-based directory visibility.

# processname: proftpd

# config: /etc/proftp.conf

# pidfile: /var/run/proftpd.pid

# Source function library.

. /etc/rc.d/init.d/functions

# Source networking configuration.

. /etc/sysconfig/network

# Check that networking is up.

[ ${NETWORKING} = "no" ] && exit 0

[ -x /usr/sbin/proftpd ] || exit 0

RETVAL=0

prog="proftpd"

start() {

echo -n $"Starting $prog: "

daemon proftpd

RETVAL=$?

echo

[ $RETVAL -eq 0 ] && touch /var/lock/subsys/proftpd

}

stop() {

echo -n $"Shutting down $prog: "

killproc proftpd

RETVAL=$?

echo

[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/proftpd

}

# See how we were called.

case "$1" in

start)

start

;;

stop)

stop

;;

status)

status proftpd

RETVAL=$?

;;

restart)

stop

start

;;

condrestart)

if [ -f /var/lock/subsys/proftpd ]; then

stop

start

fi

;;

reload)

echo -n $"Re-reading $prog configuration: "

killproc proftpd -HUP

RETVAL=$?

echo

;;

*)

echo "Usage: $prog {start|stop|restart|reload|condrestart|status}"

exit 1

esac

exit $RETVAL

[...]

Group nobody

[...]

[...]

DefaultRoot ~

IdentLookups off

ServerIdent on "FTP Server ready."

[...]