Once the email from UK2 has arrived with confirmation of the server, log into the server as root, change the password and upgrade all the current packages (be aware of previous kernel updates that have caused kernel-panics at boot:
ssh root@server12345.uk2net.comUpgrade out of date packages and setup the sudo function
passwd
apt-get upgrade
apt-get install sudoAdd the line %admin ALL=(ALL) ALL to the bottom of the file. Now add some real users and a group called admin; add users to the admin group if they are sudoers.
nano /etc/sudoers
adduser usernameSetup some other basic packages and admin tasks
groupadd admin
usermod -G admin username
apt-get install joe lynxSetup the hosts file (/etc/hosts)
joe /etc/motd - Welcome to...
joe /etc/ssh/sshd_config - PermitRootLogin no
sudo /etc/init.d/ssh restart
127.0.0.1 localhost.localdomain localhostLogout of the root account and setup passwordless login to the new server
83.170.97.143 luffness.humblehosting.co.uk luffness
83.170.75.20 kilspindie.konsulting.ltd.uk kilspindie
83.170.73.70 kingsacre.konsulting.ltd.uk kingsacre
83.170.73.111 kingussie.konsulting.ltd.uk kingussie
ssh-keygen -t rsa - follow the hints (don't enter a passphrase)Log into your new account and check that you aren't prompted for a password.
ssh-copy-id -i ~/.ssh/id_rsa.pub username@host
Firewall
The next job is to remove the firewall that comes preinstalled with some UK2 debian boxes. A quick check should allow confirmation of any rules that are set
sudo iptables -L
If rules are setup, the following commands followed by a reset should reset the firewall and remove it.
sudo -sCopy across the Plesk installer
cd /etc/init.d/
rm -rf firewall
cd /etc/rc2.d/
./S22firewall_setup
shutdown -r now
chmod +w psainstaller....choose the appropriate sections of Plesk to install and let the installer do the work.
./psainstaller...
Plesk web
Log into the Plesk web interface as admin:setup and follow the on screen instructions to setup the hostname, IP addresses, admin account and first client account.
- Check the firewall is installed and running
- Switch on and setup Watchdog
- Run the security check for the first time
- Increase server idle timeout (90 min)
- Run updater and update settings
- Setup IP addresses
- Fix contact name and login for client account
Also copy across the SafeCat deb (http://www.4psa.com/software)
Spam Guardian
move the tarred installer to /usr/local/src
unzip the installer - [tar -zxf]
chmod 777 sguardian_directory
double check the install.txt file
sudo dpkg -i safecat*.deb
sudo apt-get install spamassassin
sudo ./install.sh - follow instructions
- Ensure that domain and client creation and modification works
- Check the service restart works
- Install the license and perform the server checks again
apt-get install libnet-ip-perl libnet-dns-perlCopy the rules_du_jour scripts to /usr/local/sbin/
Copy the RDJ config file to /etc/rulesdujour/
Run RulesDuJour and watch the rules get updated.
Add a cron to run the script at a random time in the morning.
Total Backup
move the tarred installer to /usr/local/srcLicences
unzip the installer - [tar -zxf]
chmod 777 sguardian_directory
double check the install.txt file
sudo apt-get install bzip2 ftp
sudo ./install.sh
Next important thing is to setup the licences for Plesk, Spam Guardian and Total Bakcup. Download them from their respective repositories and use the web-based GUIs for each system to seach for the licence and upload it.
Munin
sudo apt-get install munin-nodeBrowse to the firewall module as admin and open a port:4949 to the IP address of the munin server.
sudo joe /etc/munin/minin-node.conf
add host_name [hostname.example.com]
add allow ^192\.168\.2\.1$ [where 192.168.2.1 is the muine server IP]
sudo /etc/init.d/munin restart
No comments:
Post a Comment