Thursday, January 18, 2007

Setting up a new UK2 server

Basic server setup

Once the email from UK2 has arrived with confirmation of the server, log into the server as root, change the password and upgrade all the current packages (be aware of previous kernel updates that have caused kernel-panics at boot:
apt-get upgrade
Upgrade out of date packages and setup the sudo function
apt-get install sudo
nano /etc/sudoers
Add the line %admin ALL=(ALL) ALL to the bottom of the file. Now add some real users and a group called admin; add users to the admin group if they are sudoers.
adduser username
groupadd admin
usermod -G admin username
Setup some other basic packages and admin tasks
apt-get install joe lynx
joe /etc/motd - Welcome to...
joe /etc/ssh/sshd_config - PermitRootLogin no
sudo /etc/init.d/ssh restart
Setup the hosts file (/etc/hosts) localhost.localdomain localhost luffness kilspindie kingsacre kingussie
Logout of the root account and setup passwordless login to the new server
ssh-keygen -t rsa - follow the hints (don't enter a passphrase)
ssh-copy-id -i ~/.ssh/ username@host
Log into your new account and check that you aren't prompted for a password.


The next job is to remove the firewall that comes preinstalled with some UK2 debian boxes. A quick check should allow confirmation of any rules that are set
sudo iptables -L

If rules are setup, the following commands followed by a reset should reset the firewall and remove it.
sudo -s
cd /etc/init.d/
rm -rf firewall
cd /etc/rc2.d/
shutdown -r now
Copy across the Plesk installer
chmod +w psainstaller....
choose the appropriate sections of Plesk to install and let the installer do the work.

Plesk web

Log into the Plesk web interface as admin:setup and follow the on screen instructions to setup the hostname, IP addresses, admin account and first client account.
  • Check the firewall is installed and running
  • Switch on and setup Watchdog
  • Run the security check for the first time
  • Increase server idle timeout (90 min)
  • Run updater and update settings
  • Setup IP addresses
  • Fix contact name and login for client account
Copy across the 4PSA installers: Spam Guardian and Total Backup (minimum)
Also copy across the SafeCat deb (

Spam Guardian

move the tarred installer to /usr/local/src
unzip the installer - [tar -zxf]
chmod 777 sguardian_directory
double check the install.txt file

sudo dpkg -i safecat*.deb
sudo apt-get install spamassassin
sudo ./ - follow instructions
  • Ensure that domain and client creation and modification works
  • Check the service restart works
  • Install the license and perform the server checks again
Double check that a "spamassassin --lint" doesn't throw any errors (in the early versions of 8.1 and SG 3.0.3, some libs were missing):
apt-get install libnet-ip-perl libnet-dns-perl
Copy the rules_du_jour scripts to /usr/local/sbin/
Copy the RDJ config file to /etc/rulesdujour/
Run RulesDuJour and watch the rules get updated.
Add a cron to run the script at a random time in the morning.

Total Backup
move the tarred installer to /usr/local/src
unzip the installer - [tar -zxf]
chmod 777 sguardian_directory
double check the install.txt file

sudo apt-get install bzip2 ftp
sudo ./

Next important thing is to setup the licences for Plesk, Spam Guardian and Total Bakcup. Download them from their respective repositories and use the web-based GUIs for each system to seach for the licence and upload it.

sudo apt-get install munin-node
sudo joe /etc/munin/minin-node.conf

add host_name []
add allow ^192\.168\.2\.1$ [where is the muine server IP]

sudo /etc/init.d/munin restart
Browse to the firewall module as admin and open a port:4949 to the IP address of the munin server.

No comments: