ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C The Perfect Server - CentOS 4.7 Server This tutorial shows how to set up a CentOS 4.7 server that offers all services needed by ISPs and web hosters: Apache web server (SSL-capable), Postfix mail server with SMTP-AUTH and TLS, BIND DNS server, Proftpd FTP server, MySQL server, Dovecot POP3/IMAP, Quota, Firewall, etc This tutorial is written for the 32-bit version of CentOS 4.7, but should apply to the 64-bit version with very little modifications as well I will use the following software: • • • • • • • Web Server: Apache 2.0.x with PHP 4.3.9, mod_ruby, mod_python Database Server: MySQL 4.1 Mail Server: Postfix DNS Server: BIND9 (chrooted!) FTP Server: proftpd POP3/IMAP server: dovecot Webalizer for web site statistics In the end you should have a system that works reliably, and if you like you can install the free webhosting control panel ISPConfig (i.e., ISPConfig runs on it out of the box) I want to say first that this is not the only way of setting up such a system There are many ways of achieving this goal but this is the way I take I not issue any guarantee that this will work for you! Requirements To install such a system you will need the following: • • Download the CentOS 4.7 DVD or the four CD iso images from a mirror near you (the list of mirrors can be found here: http://www.centos.org/modules/tinycontent/index.php?id=13) a fast internet connection Install The Base System Boot from your CentOS 4.7 DVD or CD (CD 1) Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C It can take a long time to test the installation media so we skip this test here: Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C The welcome screen of the CentOS installer appears Click on Next: Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C Choose your language next: Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C (JavaScript must be enabled in your browser to view the large image as an image overlay.) Select your keyboard layout: Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C (JavaScript must be enabled in your browser to view the large image as an image overlay.) We want to install a server so we choose Server here: Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C (JavaScript must be enabled in your browser to view the large image as an image overlay.) Next we the partitioning Select Automatically partition This will give you a smalll /boot partition and a large / partition which is fine for our purposes: Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C (JavaScript must be enabled in your browser to view the large image as an image overlay.) I'm installing CentOS 4.7 on a fresh system, so I answer Yes to the question Would you like to initialize this drive, erasing ALL DATA? Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C (JavaScript must be enabled in your browser to view the large image as an image overlay.) Select Remove all partitions on this system Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C (JavaScript must be enabled in your browser to view the large image as an image overlay.) We want to remove all Linux partitions, so we answer Yes to the following question: Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C SELinux is a security extension of CentOS that should provide extended security In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only SELinux was causing the problem) Therefore I disable it (this is a must if you want to install ISPConfig later on) Edit /etc/selinux/config and set SELINUX=disabled: vi /etc/selinux/config # This file controls the state of SELinux on the system # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced # permissive - SELinux prints warnings instead of enforcing # disabled - SELinux is fully disabled SELINUX=disabled # SELINUXTYPE= type of policy in use Possible values are: # targeted - Only targeted network daemons are protected # strict - Full SELinux protection SELINUXTYPE=targeted Afterwards we must reboot the system: reboot Install Some Software First we import the GPG keys for software packages: rpm import /usr/share/rhn/RPM-GPG-KEY* Then we update our existing packages on the system: yum update Now we install some software packages that are needed later on: yum install fetchmail wget bzip2 unzip zip nmap openssl lynx fileutils gcc gcc-c++ Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C Quota To install quota, we run this command: yum install quota Edit /etc/fstab and add ,usrquota,grpquota to the / partition (/dev/VolGroup00/LogVol00): vi /etc/fstab # This file is edited by fstab-sync - see 'man fstabsync' for details /dev/VolGroup00/LogVol00 / ext3 defaults,usrquota,grpquota 1 LABEL=/boot /boot ext3 defaults none /dev/pts devpts gid=5,mode=620 0 none /dev/shm tmpfs defaults 0 none /proc proc defaults 0 none /sys sysfs defaults 0 /dev/VolGroup00/LogVol01 swap swap defaults 0 /dev/hdc /media/cdrecorder auto pamconsole,exec,noauto,managed 0 /dev/fd0 /media/floppy auto pamconsole,exec,noauto,managed 0 Then run touch /aquota.user /aquota.group chmod 600 /aquota.* mount -o remount / quotacheck -avugm quotaon -avug to enable quota Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C Install A Chrooted DNS Server (BIND9) To install a chrooted BIND9, we this: yum install bind-chroot Then this: chmod 755 /var/named/ chmod 775 /var/named/chroot/ chmod 775 /var/named/chroot/var/ chmod 775 /var/named/chroot/var/named/ chmod 775 /var/named/chroot/var/run/ chmod 777 /var/named/chroot/var/run/named/ cd /var/named/chroot/var/named/ ln -s / / chroot chkconfig levels 235 named on /etc/init.d/named start BIND will run in a chroot jail under /var/named/chroot/var/named/ I will use ISPConfig to configure BIND (zones, etc.) MySQL (4.1) To install MySQL, we this: yum install mysql mysql-devel mysql-server The MySQL init script on CentOS might cause problems when you try to restart MySQL In some cases it tries to start MySQL before the old MySQL process has stopped which leads to a failure The solution is to edit the restart section of /etc/init.d/mysqld and add a few seconds delay between the stop and the start of MySQL Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C Edit /etc/init.d/mysqld: vi /etc/init.d/mysqld and change this section: [ ] restart(){ stop start } [ ] so that it looks like this: [ ] restart(){ stop sleep start } [ ] This adds a three second delay between the stop and start of MySQL Then we create the system startup links for MySQL (so that MySQL starts automatically whenever the system boots) and start the MySQL server: chkconfig levels 235 mysqld on /etc/init.d/mysqld start Now check that networking is enabled Run netstat -tap | grep mysql It should show something like this: [root@server1 ~]# netstat -tap | grep mysql tcp 0 *:mysql *:* [root@server1 ~]# LISTEN 3791/mysqld If it does not, edit /etc/my.cnf and comment out the option skip-networking: vi /etc/my.cnf Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C [ ] #skip-networking [ ] and restart your MySQL server: /etc/init.d/mysqld restart Run mysqladmin -u root password yourrootsqlpassword mysqladmin -h server1.example.com -u root password yourrootsqlpassword to set a password for the user root (otherwise anybody can access your MySQL database!) 10 Postfix With SMTP-AUTH And TLS Now we install Postfix and dovecot (dovecot will be our POP3/IMAP server): yum install cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain postfix dovecot Next we configure SMTP-AUTH and TLS: postconf -e 'smtpd_sasl_local_domain =' postconf -e 'smtpd_sasl_auth_enable = yes' postconf -e 'smtpd_sasl_security_options = noanonymous' postconf -e 'broken_sasl_auth_clients = yes' postconf -e 'smtpd_sasl_authenticated_header = yes' postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination' postconf -e 'inet_interfaces = all' postconf -e 'mynetworks = 127.0.0.0/8' We must edit /usr/lib/sasl2/smtpd.conf so that Postfix allows PLAIN and LOGIN logins On a 64Bit Centos 4.7 you must edit the file /usr/lib64/sasl2/smtpd.conf instead It should look like this: vi /usr/lib/sasl2/smtpd.conf pwcheck_method: saslauthd mech_list: plain login Afterwards we create the certificates for TLS: Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C mkdir /etc/postfix/ssl cd /etc/postfix/ssl/ openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024 chmod 600 smtpd.key openssl req -new -key smtpd.key -out smtpd.csr openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt openssl rsa -in smtpd.key -out smtpd.key.unencrypted mv -f smtpd.key.unencrypted smtpd.key openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650 Next we configure Postfix for TLS: postconf -e 'smtpd_tls_auth_only = no' postconf -e 'smtp_use_tls = yes' postconf -e 'smtpd_use_tls = yes' postconf -e 'smtp_tls_note_starttls_offer = yes' postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key' postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt' postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem' postconf -e 'smtpd_tls_loglevel = 1' postconf -e 'smtpd_tls_received_header = yes' postconf -e 'smtpd_tls_session_cache_timeout = 3600s' postconf -e 'tls_random_source = dev:/dev/urandom' Then we set the hostname in our Postfix installation (make sure you replace server1.example.com with your own hostname): postconf -e 'myhostname = server1.example.com' After these configuration steps you should now have a /etc/postfix/main.cf that looks like this (I have removed all comments from it): cat /etc/postfix/main.cf queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix mail_owner = postfix inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost unknown_local_recipient_reject_code = 550 alias_maps = hash:/etc/aliases Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C alias_database = hash:/etc/aliases debug_peer_level = debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.2.10/samples readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES smtpd_sasl_local_domain = smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination mynetworks = 127.0.0.0/8 smtpd_tls_auth_only = no smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom myhostname = server1.example.com By default, CentOS' dovecot daemon provides only IMAP and IMAPs services Because we also want POP3 and POP3s we must configure dovecot to so We edit /etc/dovecot.conf and put the line protocols = imap imaps pop3 pop3s into it: vi /etc/dovecot.conf [ ] # Base directory where to store runtime data #base_dir = /var/run/dovecot/ Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C # Protocols we want to be serving: # imap imaps pop3 pop3s #protocols = imap imaps protocols = imap imaps pop3 pop3s [ ] Now start Postfix, saslauthd, and dovecot: chkconfig levels 235 sendmail off chkconfig levels 235 postfix on chkconfig levels 235 saslauthd on chkconfig levels 235 dovecot on /etc/init.d/sendmail stop /etc/init.d/postfix start /etc/init.d/saslauthd start /etc/init.d/dovecot start To see if SMTP-AUTH and TLS work properly now run the following command: telnet localhost 25 After you have established the connection to your Postfix mail server type ehlo localhost If you see the lines 250-STARTTLS and 250-AUTH LOGIN PLAIN everything is fine [root@server1 ssl]# telnet localhost 25 Trying 127.0.0.1 Connected to localhost.localdomain (127.0.0.1) Escape character is '^]' 220 server1.example.com ESMTP Postfix ehlo localhost 250-server1.example.com 250-PIPELINING 250-SIZE 10240000 250-VRFY Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C 250-ETRN 250-STARTTLS 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250 8BITMIME quit 221 Bye Connection closed by foreign host [root@server1 ssl]# Type quit to return to the system's shell 10.1 Maildir dovecot uses Maildir format (not mbox), so if you install ISPConfig on the server, please make sure you enable Maildir under Management -> Server -> Settings -> Email ISPConfig will then the necessary configuration If you not want to install ISPConfig, then you must configure Postfix to deliver emails to a user's Maildir: postconf -e 'home_mailbox = Maildir/' postconf -e 'mailbox_command =' /etc/init.d/postfix restart 11 Apache2 With PHP, Ruby, Python Now we install Apache with PHP (this is PHP 4.3.9; CentOS does not provide PHP5 packages): yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear phpxml php-xmlrpc curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel Then edit /etc/httpd/conf/httpd.conf: vi /etc/httpd/conf/httpd.conf and change DirectoryIndex to Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C [ ] DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3 index.pl [ ] Now configure your system to start Apache at boot time: chkconfig levels 235 httpd on Start Apache: /etc/init.d/httpd start 11.1 Disable PHP Globally (If you not plan to install ISPConfig on this server, please skip this section!) In ISPConfig you will configure PHP on a per-website basis, i.e you can specify which website can run PHP scripts and which one cannot This can only work if PHP is disabled globally because otherwise all websites would be able to run PHP scripts, no matter what you specify in ISPConfig To disable PHP globally, we edit /etc/httpd/conf.d/php.conf and comment out the AddType line: vi /etc/httpd/conf.d/php.conf # # PHP is an HTML-embedded scripting language which attempts to make it # easy for developers to write dynamically generated webpages # LoadModule php4_module modules/libphp4.so # # Cause the PHP interpreter to handle files with a php extension # #AddType application/x-httpd-php php # AddType application/x-httpd-php-source phps # Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C # Add index.php to the list of files that will be served as directory # indexes # DirectoryIndex index.php Afterwards we restart Apache: /etc/init.d/httpd restart 11.2 Installing mod_ruby For CentOS 4.7, there's no mod_ruby package available, so we must compile it ourselves First we install some prerequisites: yum install httpd-devel ruby ruby-devel Next we download and install mod_ruby as follows: cd /tmp wget http://www.modruby.net/archive/mod_ruby-1.2.6.tar.gz tar zxvf mod_ruby-1.2.6.tar.gz cd mod_ruby-1.2.6/ /configure.rb with-apr-includes=/usr/include/apr-0 make make install Finally we must add the mod_ruby module to the Apache configuration, so we create the file /etc/httpd/conf.d/ruby.conf vi /etc/httpd/conf.d/ruby.conf LoadModule ruby_module modules/mod_ruby.so and restart Apache: /etc/init.d/httpd restart 11.3 Installing mod_python To install mod_python, we simply run Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C yum install mod_python and restart Apache afterwards: /etc/init.d/httpd restart 12 ProFTPd ISPConfig has better support for proftpd than vsftpd, so let's remove vsftpd: yum remove vsftpd Because CentOS has no proftpd package, we must use a third-party yum repository to install it: cd /etc/yum.repos.d/ wget http://centos.karan.org/kbsingh-CentOS-Extras.repo rpm import http://centos.karan.org/RPM-GPG-KEY-karan.org.txt Now we can install proftpd: yum install proftpd Let's create proftpd's system startup links and start it: chkconfig levels 235 proftpd on /etc/init.d/proftpd start Then create the file /etc/pam.d/ftp with the following content (otherwise you will not be able to log in with system users using FTP): vi /etc/pam.d/ftp #%PAM-1.0 auth required account required session required pam_unix.so pam_unix.so pam_unix.so and restart proftpd: /etc/init.d/proftpd restart Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ nullok ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C 13 Webalizer To install webalizer, just run yum install webalizer 14 Synchronize The System Clock If you want to have the system clock synchronized with an NTP server the following: yum install ntp chkconfig levels 235 ntpd on ntpdate 0.pool.ntp.org /etc/init.d/ntpd start 15 Install Some Perl Modules ISPConfig comes with SpamAssassin which needs a few Perl modules to work We install the required Perl modules with a single command: yum install perl-DBI perl-Net-DNS perl-Digest-SHA1 We also need the module HTML::Parser We could install the CentOS package perlHTML-Parser, but this version is too old for the SpamAssassin version that comes with ISPConfig It would result in the following error message during ISPConfig installation: REQUIRED module out of date: HTML::Parser Therefore we must install the latest HTML::Parser using the Perl shell Run the following command to start the Perl shell: perl -MCPAN -e shell If you run the Perl shell for the first time you will be asked some questions In most cases the default answers are ok Because there's no ncftp package for CentOS, the Perl shell cannot find the programs ncftpget and ncftp, and you'll see something like this: Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C Warning: ncftpget not found in PATH Where is your ncftpget program? [] Warning: ncftp not found in PATH Where is your ncftp program? [] It's ok to hit ENTER in both cases Please note: If you run a firewall on your system you might have to turn it off while working on the Perl shell in order for the Perl shell to be able to fetch the needed modules without a big delay You can switch it on afterwards Now type in the following command to install the Perl module HTML::Parser: install HTML::Parser If the installation is successful, you'll see a line like this at the end: /usr/bin/make install OK Type q afterwards to leave the Perl shell 16 The End The configuration of the server is now finished, and if you wish you can now install ISPConfig on it 16.1 A Note On SuExec If you want to run CGI scripts under suExec, you should specify /var/www as the home directory for websites created by ISPConfig as CentOS' suExec is compiled with /var/www as Doc_Root Run /usr/sbin/suexec -V and the output should look like this: [root@server1 ~]# /usr/sbin/suexec -V -D AP_DOC_ROOT="/var/www" Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ACE I.T LEARNING SOLUTIONS, INC Rm 208-210 V.I.R.Bldg., E Rodriquez, Sr., Ave., Cubao, Q C -D AP_GID_MIN=100 -D AP_HTTPD_USER="apache" -D AP_LOG_EXEC="/var/log/httpd/suexec.log" -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin" -D AP_UID_MIN=500 -D AP_USERDIR_SUFFIX="public_html" [root@server1 ~]# So if you want to use suExec with ISPconfig, don't change the default web root (which is /var/www) if you use expert mode during the ISPConfig installation (in standard mode you can't change the web root anyway so you'll be able to use suExec in any case) Prepared By: Jim “King” Reforma[virushacker23@yahoo.com] http://www.linuxman.2ya.com/ ... to leave it on and configure it to your needs (but then you shouldn't use any other firewall later on as it will most probably interfere with the CentOS firewall) SELinux is a security extension... to the network settings The default setting here is to configure the network interfaces with DHCP, but we are installing a server, so static IP addresses are not a bad idea Click on the Edit... comes with its own firewall That's why I disable the default CentOS firewall now Of course, you are free to leave it on and configure it to your needs (but then you shouldn't use any other firewall