New Server Setup Guide
I've been compiling this kind of resource for a linux server setup from various forums and wanted to get some input as to your thoughts.
The following is a copy of the table of contents.
INTRODUCTION 4
1.1. PURPOSE 4
1.2. CREDITS 4
1.3. DISCLAIMER 5
1.4. 'ALWAYS DO THIS' RULES. 5
2. SERVER HARDWARE INSTALL & CONFIG 7
2.1. SELECTING DATACENTER 7
2.2. SELECTING HARDWARE 7
2.2.1. Processor 7
2.2.2. Memory 7
2.2.3. Hard Drive 7
2.3. CONFIGURING HARDWARE 7
3. SYSTEM SOFTWARE INSTALL & CONFIG 8
3.1. INSTALLING O/S 8
3.1.1. Caldera Open Linux (Incomplete) 8
3.1.2. Debian Linux (Incomplete) 8
3.1.3. Redhat Linux (Incomplete) 8
3.1.4. Slackware Linux (Incomplete) 14
3.1.5. SuSE Linux (Incomplete) 14
3.2. INSTALLING CONTROL PANEL 14
3.2.1. CPanel (Incomplete) 14
3.2.2. DirectAdmin (Incomplete) 14
3.2.3. Ensim (Incomplete) 14
3.2.4. Hsphere (Incomplete) 14
3.2.5. Plesk (Incomplete) 15
3.2.6. WebCP (Incomplete) 15
3.2.7. WebMin (Incomplete) 15
3.3. INITIAL LOGIN 15
3.3.1. Cpanel WHM 15
3.4. CONFIGURING DNS/NAMESERVERS 16
3.4.1. Fixing BIND/NDC 16
3.4.2. Changing Hostname 17
3.5. RECOMPILING APACHE 19
4. OPTIONAL SERVER SOFTWARE INSTALL & CONFIG 21
4.1. INSTALLING SERVER MONITOR 21
4.1.1. Nagios 21
4.1.2. Custom Script 1 24
4.1.3. Custom Script 2 25
4.2. INSTALLING JAVA SERVLET SERVER 26
4.2.1. Tomcat (Incomplete) 26
4.3. INSTALLING STREAMING SERVER 26
4.3.1. Shoutcast 26
5. SERVER SECURITY INSTALLS & SETUPS 28
5.1. SYSTEM SETTINGS 28
5.1.1. Setting SSH IP/Port 28
5.1.2. Setting SSH Legal Message 29
5.1.3. Disabling direct root login 30
5.1.4. Setting Root login e-mail alert 32
5.1.5. Disabling Telnet 32
5.1.6. Setting Chroot/Jail 33
5.1.7. Masking apache server & services version numbers 33
5.1.8. Disabling Unused Services 33
5.2. INSTALLING FIREWALL 34
5.2.1. APF Firewall 34
5.2.2. IPChains (Incomplete) 36
5.2.3. Socks (Incomplete) 36
5.2.4. Squid (Incomplete) 36
5.2.5. TIS Firewall Toolkit (Incomplete) 36
5.3. INSTALLING PORT SCAN DETECTOR/PACKET SNIFFER 36
5.3.1. Courtney (Incomplete) 37
5.3.2. Port Sentry (Incomplete) 37
5.4. INSTALLING AN INTRUSION DETECTION SYSTEM 37
5.4.1. Aide (Incomplete) 37
5.4.2. Snort (Incomplete) 37
5.4.3. Triplite (Incomplete) 37
5.4.4. Tripwire 37
5.5. INSTALLING LOGGER 39
5.5.1. chkrootkit 39
5.5.2. Logcheck (Incomplete) 41
5.5.3. Logwatch (Incomplete) 41
5.6. INSTALLING E-MAIL ANTI-VIRUS 41
5.6.1. Exim 4.20 + MailScanner + Clam AV 41
5.7. INSTALLING PROCESS RESTRICTOR 48
5.7.1. PRM 48
5.8. MRTG BANDWIDTH MONITOR (INCOMPLETE) 50
5.9. INSTALLING LINUX LIMITER 50
5.9.1. lcap 50
5.10. MISC 51
5.10.1. Customize Bash 51
5.10.2. Other 52
6. SERVER CONFIGURATION TWEAKS 54
6.1. SERVICES CONFIGURATION FILES 54
6.1.1. DNS Server (Incomplete) 54
6.1.2. FTP Server 54
6.1.3. Mail Server 54
6.1.4. News Server (Incomplete) 55
6.1.5. SQL Server 55
6.1.6. Web Server 55
6.2. CPANEL/WHM (INCOMPLETE) 60
6.2.1. Server Setup 60
6.2.2. Backup 70
6.3. SHARED SSL BANDWIDTH PROTECTION 71
6.4. FREEBSD NOTES 73
7. ACCOUNT CONFIGURATIONS 75
7.1. CPANEL/WHM 75
7.1.1. Reseller WHM Permissions 75
7.1.2. CPanel Accounts (Incomplete) 78
8. SERVER MAINTENANCE & TROUBLESHOOTING 79
8.1. MAINTENANCE BY SERVER 79
8.1.1. DNS Server 79
8.1.2. FTP Server 79
8.1.3. Mail Server 79
8.1.4. News Server 79
8.1.5. SQL Server 79
8.1.6. Web Server 79
8.2. Logs 80
8.3. Cpanel 80
9. APPENDIX 85
9.1. CHECKLIST 86
9.2. INSTALLING & SETTING SFTP 87
I'd be interested in collaberating with hosts and support crew regarding this guide. Significant contributors (2%+ of total content - practical experience, not solely copy-paste from vendor instructions or a couple of paragraphs) receive free copy for internal use. Guide is in MS Word form with dropdowns, etc.
Btw, whenever this is completed, it may be available for free or a small fee to non-contributors after discussion with contributors.
If you're interested in contributing, you can submit one of the incomplete sections or a new section if appropriate to receive a current copy of the guide (see guidelines for significant contributors above).
I'm also open to suggestions regarding the guide.
