adjei.co.uk

Part 1
Retrieve the full license key from Plesk using the web control panel License Manager.
Backup and download the key.
# cp /etc/psa/psa.key /var/www/vhosts/<domain>/httpdocs/
Visit http://<domain>/psa.key

Part 2
Get the CentOS install script
# wget http://3es.atomicrocketturtle.com/tests/aooi-installer.sh
# chmod +x aooi-installer.sh
Edit the script
# vi aooi-installer.sh
:%s/www.gtlib.gatech.edu/mirror.linux.duke.edu/g
:wq

Run the install
# ./aooi-installer.sh
Open a serial console and watch what happens during reboots etc.

Part 3
Login as root with password ‘atomic555′
Change the root password
# passwd
Copy my firewall scripts to server and customise with new machinename
/root/fw.on
/root/fw.off
/root/getfw.sh
/etc/rc.d/rc.firewall_off
Make them all executable
# chmod +x /root/fw.on /root/fw.on /root/fw.off /root/getfw.sh /etc/rc.d/rc.firewall_off

Write and install an iptables firewall
# ./getfw.sh

Part 4
Install latest Plesk (don’t use auto-installer psa_installer_v3.2.0_build070705.20_os_CentOS_4.3_x86_64 - busted)
# wget http://download1.swsoft.com/Plesk/Plesk8.2/CentOS4.3/psa_installer_v3.1.2_build070321.17_os_CentOS_4_x86_64
# chmod +x psa_installer_v3.1.2_build070321.17_os_CentOS_4_x86_64
# ./psa_installer_v3.1.2_build070321.17_os_CentOS_4_x86_64
You can login to plesk at https://<domain>:8443/
user: admin
pass: setup
Once you’ve logged in change your password

Part 5
Add yourself a user account so you don’t have to login as root
# useradd <username>
# passwd <username>
If you’re going to be using the Plesk migration manager, add your new user to the ‘wheel’ group and enable sudo
# usermod -a -G wheel <username>
uncomment %wheel line in /etc/sudoers

Part 6
Update yum to use atomic channel and run an update
# wget -q -O - http://www.atomicorp.com/installers/atomic.sh | sh
# yum update
If it complains about dependencies involving php-pear
# yum install php-pear
# yum update

Part 7
Make sure you are using all the latest conf files. Use my ‘rpmnew.sh’ manager script to speed the job.
Make sure httpd service is running (probably have to move /etc/php.d/ioncube-loader.ini)

Part 8
Buy and install ASL channel
# wget -q -O - http://www.atomicorp.com/installers/install-asl.sh |sh

Further tweaks
Set kernel to attempt reboot (panic) on oops

I’m currently building a new server for a client and am finding great success using the top notch tools from atomic rocket turtle. (Atomic Corp)

By using Scott’s AOOI script I have managed to install CentOS 4.4 on one of 1and1’s Business Server IIs along with PHP 5 and mysql 5. Taking a backup of the Plesk key before doing so, I was able to install a fresh Plesk 8.2 and have a bang up to date, future proofed box with all the features of the 1and1 build (64 bit, dual core, RAID1 etc.).

1. Login as root and then…
   # wget http://3es.atomicrocketturtle.com/tests/aooi-installer.sh
# chmod +x aooi-installer.sh
2. I actually needed to mod the script a little to get it to run happily as the mirror for the CentOS image was defunct
   Open aooi-installer.sh in vi (or equivalent) and replace the url
   www.gtlib.gatech.edu
   with
   mirror.linux.duke.edu
   save and start the install
   # ./aooi-installer.sh
3. A good way of getting a feel for what should be happening and when can be had from the excellent video provided by Scott.
   It shows two consoles open.. one running the install script, and one logged in from the serial console (superb 1and1 feature) keeping a running commentary on what is happening on the box.
   http://www.atomicrocketturtle.com/tutorials/aooi-v6-tutorial.ogg

The guys over at Atomic Corp are doing some really great work on hardening web servers based on Plesk, and I can’t recommend their ASL - Atomic Secured Linux subscription yum channel enough.

I had to build an rpm file from a src.rpm file for the first time today… shows you how well yum etc. are working.

Here’s a handy page of instructions on getting this done.

http://perso.b2b2c.ca/sarrazip/dev/rpm-building-crash-course.html

I’ve finally got round to installing a decent email server to manage my ever expanding archive of mail. I came across Zimbra a fair few months ago, but haven’t had the time/hardware to have a solid go at it.
As my rusty windows box kindly started up the other day with a clean registry, I decided to get going with Zimbra anyway.

I’m glad I did, because it seems to Rock!

These are notes on the steps to get everything running smoothly for my setup.

• I have a dynamic IP from NTL (albeit with a very long lease time)
• A netgear router that assigns internal IPs via DHCP
• The router syncs my chosen subdomain of dyndns.org with my NTL IP using dyndns.org’s generous free dynamic DNS services
• Dyndns.org provide an A record and an MX record for <mysubdomain>.dyndns.org
• My Zimbra box handles mail and some web services and I have other machines on the LAN offering other web services

I already had Fedora Core 5 on the chosen box, so I used the Zimbra binaries to install.

Before the install things of note that I remember having to do that were slightly different to the default…

• I stopped sendmail which was running on the server from my install of Fedora and prevented it launching at startup
  # service sendmail stop
# chkconfig sendmail off
• I set the /etc/hosts file to contain …
  127.0.0.1 localhost.localdomain localhost
192.168.xxx.xxx <mysubdomain>.dyndns.org <internal_machinename>
  Reading around, this seems a little screwy, but was the only way I could get everything working (I did do a fair amount of fiddling to get everything hunky dory)
• As my Zimbra box was behind my router which was port forwarding mail services to Zimbra’s internal IP and also offering DNS services out into the world, I needed to set up a minimal DNS service on my Zimbra box so that internal mail would be routed internally rather than out into the world where it would get lost and confused. I needed <mysubdomain>.dyndns.org to resolve to 192.168.xxx.xxx inside the LAN without affecting how <mysubdomain>.dyndns.org would resolve outside the LAN. This takes a little more than just editing the /etc/hosts file as I had originally hoped.
  To get this minimal DNS service working, I used a combination of these documents to installed Bind as the primary DNS service only for the Zimbra box (unsatisfied DNS lookups then being asked of my router) http://wiki.zimbra.com/index.php?title=Split_dns
  http://www.howtoforge.com/linux_bind9_and_caching_nameserver
• To get the local Bind service working out DNS queries before the DHCP assigned router DNS service, you need to have your /etc/resolv.conf looking like this…
  nameserver 127.0.0.1 (localhost IP)
nameserver 192.168.xxx.xxx (IP of the router)
  The tricky part is that DHCP overwrites the resolv.conf file on startup… stripping the critical first line above.
  I got round this by creating an /etc/dhclient.conf file with help of this blog
  http://jbowes.dangerouslyinc.com/2006/12/09/using-opendns-with-fedora-core-6/

Steps that had to be taken during the install that weren’t the default answers.

• I had apache running, offering some unrelated web services that I wanted to keep, so I changed the default port for the tomcat web server that Zimbra installs from 80 to another number I like
• I had to set an admin password before the install could complete (nice and sensible)

I think those all are the steps I needed. A little complicated, but well worth the effort. No more agonising startup delays with Outlook and simply not finding emails even with Google’s desktop search. Zimbra seems like an extremely capable baton carrier for my mail needs at least.

The steps I had to take to get my 1GB of mail/appointments/addresses from Outlook 2002 format into Zimbra can wait for another day.

I’ve a couple of fedora boxes that were coming up with this error when rkhunter was run.

Rootkit Hunter 1.2.8 is running
Determining OS… Unknown
Warning: This operating system is not fully supported!

Seems you just need to add a suitable line into /var/rkhunter/db/os.dat so rkhunter can find your md5 hashes again and properly verify them. e.g.

705:Fedora Core release 5 (Bordeaux) (i386):/usr/bin/md5sum:/bin:

or
706:Fedora Core release 6 (Zod) (i386):/usr/bin/md5sum:/bin:
References
http://www.webhostingtalk.com/showthread.php?t=497209