Centos 5 virtual hosting howto part 4

• Import webmin pgp key

 # wget http://www.webmin.com/jcameron-key.asc
 # rpm --import jcameron-key.asc

• Download the rpm

 # wget http://prdownloads.sourceforge.net/webadmin/webmin-1.390-1.noarch.rpm

• Verify the rpm (should say OK or else download again)

 # rpm --checksig webmin-1.390-1.noarch.rpm

• Install the rpm

 # rpm -Uvh webmin-1.390-1.noarch.rpm

We need to secure webmin by editing /etc/webmin/miniserv.conf and make the following changes

• Using SSL only

ssl=1

• Change the port to 443 and bind to the second nic only

port=443
bind=192.168.1.6

• Disable UDP broadcasts

#listen=10000

• Change host lockout on login failures to 3

blockhost_failures=3

• Increase host lockout timeout to 120

blockhost_time=120

• Change user lockout on login failures to 3

blockuser_failures=3

• Change user lockout timeout to 120

blockuser_time=120

• Change the realm to something else

realm=cpanel

• Log logins to utmp

utmp=1

Install the webmin Tiger theme

• Login to webmin via https://192.168.1.5:10000 using root and your password
• Go to webmin → Configuration → webmin themes
• Select From ftp or http URL and enter http://www.stress-free.co.nz/files/theme-stressfree.tar.gz
• Click install theme
• Click “return to list themes”
• Select StressFree as the Current theme then click change

Install php-pear module

• Go to webmin → webmin configuration → webmin modules
• Select Third party module from and enter http://www.webmin.com/download/modules/php-pear.wbm.gz
• Click install module

Install virtualmin

• Go to webmin → webmin configuration → webmin modules
• Select install from ftp or http URL and enter http://download.webmin.com/download/virtualmin/virtual-server-3.51.gpl.wbm.gz
• Click install module

Remove unwanted modules Go to webmin → webmin configuration → delete and select the following

• ADSL client
• Bacula backup system
• CD Burner
• CVS Server
• Cluster change passwords
• Cluster copy files
• Cluster cron jobs
• Cluster shell commands
• Cluster software packages
• Cluster usermin servers
• Cluster users and groups
• Cluster webmin servers
• Command shell
• Configuration engine
• Custom commands
• DHCP server
• Fetchmail mail retrieval
• File manager
• Frox ftp proxy
• HTTP Tunnel
• Heartbeat monitor
• IPsec VPN
• Jabber IM server
• LDAP server
• Logical volume management
• Majordomo list manager
• NFS exports
• NIS client and server
• OpenSLP server
• PPP dialin server
• PPP dialup client
• PPTP vpn server
• PPTP vpn client
• Postgresql database server
• Printer admin
• ProFTPD server
• QMAIL mail server
• SMART drive status
• SSH / Telnet login
• SSL tunnels
• SAMBA windows file sharing
• Scheduled commands
• Sendmail mail server
• Shoreline firewall
• Squid analysis report generator
• Squid proxy server
• Voicemail server
• WU-FTP server
• Idmapd server

Restart webmin

 # service webmin restart 

 # rpm -Uhv http://packages.sw.be/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

NOTE: If you are using a different architecture check on https://rpmrepo.org/RPMforge/Using for the correct rpm

• Disable the repo (such that base packages not overwritten) edit /etc/yum.d/rpmforge.repo and set the following option

enabled = 0

• Install clamav

 # yum --enablerepo=rpmforge install clamav clamav-db clamav-milter clamd -y
 # wget http://www.topdog-software.com/files/clamav-milter.patch
 # patch /etc/init.d/clamav-milter < clamav-milter.patch
 # chkconfig --del clamd
 # freshclam

• Install sanesecurity signatures

 # wget http://www.sanesecurity.co.uk/clamav/update_sanesecurity.txt -O /usr/local/bin/update_sanesecurity.sh
 # chmod +x /usr/local/bin/update_sanesecurity.sh
 # ln -s /usr/local/bin/update_sanesecurity.sh /etc/cron.hourly/
 # /usr/local/bin/update_sanesecurity.sh

• Install PHP eaccelerator

 # yum --enablerepo=rpmforge install php-eaccelerator 

• Install newer spamassassin package from rpmforge

 # yum --enablerepo=rpmforge upgrade spamassassin

• Install spamass-milter

 # yum --enablerepo=rpmforge install spamass-milter

• Install perl modules¹⁾ required by spamassassin

 # perl -MCPAN -e 'install Mail::SPF'
 # perl -MCPAN -e 'install Mail::SPF::Query' 
 # perl -MCPAN -e 'install Net::Ident'
 # perl -MCPAN -e 'install IP::Country::Fast'
 # perl -MCPAN -e 'install Mail::DomainKeys'
 # perl -MCPAN -e 'install Mail::DKIM'

• Install fuzzyOCR

 # yum --enablerepo=rpmforge install netpbm-progs ocrad gocr gifsicle giflib-utils giflib -y
 # svn co https://svn.own-hero.net/fuzzyocr/trunk/devel/
 # cd devel/
 # perl -MCPAN -e 'install String::Approx'
 # perl -MCPAN -e 'install Time::HiRes'
 # perl -MCPAN -e 'install Log::Agent'
 # cp -rv {FuzzyOcr.cf,FuzzyOcr.scansets,FuzzyOcr.preps,FuzzyOcr.pm,FuzzyOcr.words,FuzzyOcr/} /etc/mail/spamassassin
 # chcon -R system_u:object_r:etc_mail_t /etc/mail/spamassassin/{FuzzyOcr.cf,FuzzyOcr.scansets,FuzzyOcr.preps,FuzzyOcr.pm,FuzzyOcr.words,FuzzyOcr/}
 # wget http://www.gbnetwork.co.uk/mailscanner/FuzzyOcr.words -O /etc/mail/spamassassin/FuzzyOcr.words

• Install Razor

 # yum --enablerepo=rpmforge install razor-agents -y

• Install roundcube

 # yum install php-imap
 # rpm -Uvh http://www.topdog-software.com/oss/roundcube/roundcube-0.1-rc2.noarch.rpm

• Install imapproxy

 # wget http://imapproxy.org/downloads/up-imapproxy-1.2.6.tar.gz
 # rpmbuild -tb up-imapproxy-1.2.6.tar.gz
 # rpm -Uvh /usr/src/redhat/RPMS/i386/up-imapproxy-1.2.6-1.i386.rpm

• Activate services

 # chkconfig --level 345 httpd on
 # chkconfig --level 345 postfix on
 # chkconfig --level 345 spamassassin on
 # chkconfig --level 345 spamass-milter on
 # chkconfig --level 345 clamav-milter on
 # chkconfig --level 345 mysqld on
 # chkconfig --level 345 named on
 # chkconfig --level 345 vsftpd on
 # chkconfig --level 345 dovecot on
 # chkconfig --level 345 imapproxy on

• Postfix
• Dovecot
• Imapproxy
• Bind
• Vsftpd
• Clamav-milter
• Mysql
• Spamassassin
• Spamass-milter
• Apache setup
• Roundcube webmail
• Iptables
• Virtualmin

Continue to part 5