The Perfect Setup - White Box Linux / Red Hat Enterprise Linux 3.0

<< HOWTO-Index

NEW! Visit my Linux forums!

This Howto is also available on HowtoForge! If you have also written tutorials, you can publish them there.

Subscribe to FalkoTimme.com Newsletter
and stay informed about my latest HOWTOs and projects.

Email

(If you want to unsubscribe from our newsletter send a blank email with the subject 'unsubscribe' to:
newsletter@falkotimme.com.)

Protect Your Emails

...wirksamer Schutz vor SPAM und Emailviren

www.42gospamfilter.de

The Perfect Setup - White Box Linux / Red Hat Enterprise Linux 3.0

Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Last edited 03/22/2004

This is a detailed description about the steps to be taken to setup a Linux server based on White Box Linux that offers all services needed by ISPs and hosters (web server (SSL-capable), mail server (with SMTP-AUTH and TLS!), DNS server, FTP server, MySQL server, POP3/IMAP, Quota, Firewall, etc.).

Since White Box Linux is very similar to Red Hat Enterprise Linux this tutorial should also work for Red Hat Enterprise Linux. From the White Box Linux website:

"This product is derived from the Free/Open Source Software made available by Red Hat, Inc but IS NOT produced, maintained or supported by Red Hat. Specifically, this product is forked from the source code for Red Hat's _Red Hat Enterprise Linux 3_ product under the terms and conditions of it's EULA.

There may be remaining packaging problems and other odd bugs. These are solely the responsibility of the White Box Linux effort and should not in any shape, manner or form reflect on the quality of Red Hat's commercial product. In fact, if you need a fully tested and supported OS you probably should go buy their box set. "

The following services will be installed:

Web Server: Apache 2.0.x
Mail Server: Postfix (easier to configure than sendmail; has a shorter history of security holes than sendmail)
DNS Server: BIND9
FTP Server: vsftpd (you could also use vsftpd)
POP3/IMAP: ipop3d/imapd
Webalizer for web site statistics

In the end you should have a system that works reliably and is ready for the server control panel 42go ISP-Manager (this is optional; you can install any other control panel or no control panel at all).

I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

Requirements

To install such a system you will need the following:

Download White Box Linux CD 1 - 3 from here: http://www.whiteboxlinux.org/download.html

1 The Base System

Insert CD 1 into your CD-ROM drive and boot the system from it. To install White Box Linux, hit <Enter> at the boot prompt:

Now you can have your CDs checked (takes some minutes), or you can skip this check.

Select the language for the installation process.

Select your keyboard layout.

Select your mouse type.

Under Installation Type, choose Server.

Now you have to partition your hard disk. I select manual configuration here.

I create a partition hda1 with / as mount point, and I format this partition with the file system ext3:

I also create a partition hda6 which I also format with ext3. The mount point for hda6 is /home:

Now I install the boot loader (Grub). I leave the default values untouched and click on Next:

Under Network Configuration I click on Edit:

In the dialogue box I uncheck Configure using DHCP and assign a static IP address (e.g. 192.168.0.100) and a netmask (e.g. 255.255.255.0) to my network interface eth0:

Next I set the hostname manually (e.g. server1.example.com) and enter the settings for the gateway (e.g. 192.168.0.1) and DNS servers (e.g. 194.25.2.129 and 145.253.2.11):

Now you can configure the firewall. Since I want to install the 42go ISP-Manager later on which has a firewall configuration wizard I select No firewall here.

Select the languages which will be available on the system.

Select your time zone.

Enter your root password.

Under Package Group Selection please add the following groups:

Editors
Mail Server
DNS Name Server
FTP Server
MySQL Database
Network Servers
Development Tools
Kernel Development
System Tools

Remove the group Printing Support if you do not want ot have a print server.

Click on Details for the group Web Server, and add php-mysql:

The installation starts:

Now the base system is ready. Remove the CD, and press <Enter> to reboot the system:

2 Installing and Configuring the Rest of the System

Configure additional IP Addresses

I will now assume that the network card to which you want to add additional IP addresses is eth0. In the directory /etc/sysconfig/network-scripts/ you will find the file ifcfg-eth0. It looks like this:

DEVICE=eth0
BOOTPROTO=static
BROADCAST=192.168.0.255
HWADDR=00:04:AC:D9:0A:1F
IPADDR=192.168.0.100
NETMASK=255.255.255.0
NETWORK=192.168.0.0
ONBOOT=yes
TYPE=Ethernet

In order to assign additional IP addresses to eth0 you have to create "virtual network cards". The second IP address on eth0 is assigned to eth0:0, the third one to eth0:1, etc. If you want to assign the IP address 192.168.0.101 to eth0 you have to create the file /etc/sysconfig/network-scripts/ifcfg-eth0:0 with the following contents:

MTU=""
NETMASK=255.255.255.0
BOOTPROTO=none
ONPARENT=yes
BROADCAST=192.168.0.255
IPADDR=192.168.0.101
NETWORK=192.168.0.0
ONBOOT=yes
DEVICE=eth0:0

Then restart your network:

/etc/init.d/network restart

Quota

Edit /etc/fstab to look like this (I added ,usrquota,grpquota to partition LABEL=/home):

LABEL=/                 /                       ext3    defaults        1 1
none                    /dev/pts                devpts  gid=5,mode=620  0 0
LABEL=/home             /home                   ext3    defaults,usrquota,grpquota        1 2
none                    /proc                   proc    defaults        0 0
none                    /dev/shm                tmpfs   defaults        0 0
/dev/hda5               swap                    swap    defaults        0 0
/dev/cdrom              /mnt/cdrom              udf,iso9660 noauto,owner,kudzu,ro 0 0
/dev/fd0                /mnt/floppy             auto    noauto,owner,kudzu 0 0

Then run:

touch /home/aquota.user /home/aquota.group
chmod 600 /home/aquota.*
mount -o remount /home
quotacheck -avugm
quotaon -avug

Start Services

All software we need is already installed on the system. Now we have to configure the system to start these services at boot time:

chkconfig httpd on
chkconfig vsftpd on
chkconfig mysqld on
chkconfig named on
chkconfig saslauthd on
chkconfig ipop3 on
chkconfig imap on
chkconfig cups off
chkconfig isdn off
chkconfig kudzu off
chkconfig pcmcia off
chkconfig sendmail off
chkconfig postfix on

Now we start the services we need:

/etc/init.d/sendmail stop
/etc/init.d/postfix start
/etc/init.d/httpd start
/etc/init.d/mysqld start
/etc/init.d/vsftpd start
/etc/init.d/named start
/etc/init.d/saslauthd start

Make sure /etc/hosts looks like this:

# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1               server1.example.com server1 localhost.localdomain localhost

MySQL

You should set a password for your MySQL database (the password for the MySQL user root; the default one is an empty password):

mysqladmin -u root password yourrootsqlpassword

If you already have a non-empty password, and you want to change it, use this command:

mysqladmin -u root -pyourrootsqlpassword password yournewrootsqlpassword

(Please note: There is no blank between -p and yourrootsqlpassword!)

Postfix

We have to configure Postfix in order to enable SMTP-AUTH and TLS.

First, we generate the certificate files needed for TLS:

mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/

openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024

<- Enter a password for smtpd.key.

chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr

<- Again, enter your password for smtpd.key.
<- Enter your Country Name (e.g., "DE").
<- Enter your State or Province Name.
<- Enter your City.
<- Enter your Organization Name (e.g., the name of your company).
<- Enter your Organizational Unit Name (e.g. "IT Department").
<- Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com").
<- Enter your Email Address.

The following information is optional:

<- Enter a challenge password.
<- Enter an optional company name.

openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt

<- Again, enter your password for smtpd.key.

openssl rsa -in smtpd.key -out smtpd.key.unencrypted

<- Again, enter your password for smtpd.key.

mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

Run the following commands in order to enable SMTP-AUTH and TLS in /etc/postfix/main.cf:

postconf -e 'mydomain = example.com'
postconf -e 'myhostname = server1.$mydomain'
postconf -e 'mynetworks = 127.0.0.0/8'
postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'
postconf -e 'alias_maps = hash:/etc/aliases'
postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'

mv -f /etc/pam.d/smtp.postfix /etc/pam.d/smtp
/etc/init.d/postfix restart

To see if SMTP-AUTH and TLS work properly now run the following command:

telnet localhost 25

After you have established the connection to your postfix mail server type

ehlo localhost

If you see the lines

250-STARTTLS

and

250-AUTH

everything is fine.

Type

quit

to return to the system's shell.

Synchronize the System Clock

If you want to have the system clock synchronized with an NTP server you can add the following lines to /var/spool/cron/root (if the file does not exist, create it by running

touch /var/spool/cron/root):

# update time with ntp server
0 3,9,15,21 * * * /usr/bin/rdate 128.2.136.71 | logger -t NTP

Then run

chmod 600 /var/spool/cron/root
/etc/init.d/crond restart

Install the 42go ISP-Manager

If you want to install the 42go ISP-Manager on the system you have to do the following steps because the 42go ISP-Manager does not support White Box Linux / Red Hat Enterprise Linux 3.0 out of the box. But because all paths/settings are similar to those on Red Hat 9 (which is supported by the 42go ISP-Manager) you can make the installer of the 42go ISP-Manager believe that the system is running Red Hat 9:

rm -f /etc/redhat-release

Now create a new file /etc/redhat-release with the following contents:

Red Hat Linux release 9 (Shrike)

Now you can install the 42go ISP-Manager on the system as described here: http://www.projektfarm.com/downloads/manual/installation_en.pdf

Links

White Box Linux: http://www.whiteboxlinux.org/

Red Hat: http://www.redhat.com/

42go ISP-Manager: http://www.projektfarm.com/en/

NEW! Visit my Linux forums!

This Howto is also available on HowtoForge! If you have also written tutorials, you can publish them there.

<< HOWTO-Index

| | | | | | | |