::::::::IMPORTANT::::::::PLEASE READ:::::::::::::

Original Post: September 21, 2002
Updated: November 28, 2005
Links last fixed: April 27, 2008

This list is still very useful for general server setup.

Some software and tweaks may no longer apply to your server. This was written originally for Ensim 3.1 Servers. Although many items in here are still of good use. Do a search for something if you are not sure if it applys to your server.


Use At Your Own Risk!

Server security does not stop at the end of this checklist. Please sign up with Ensim's Mailing List or Plesk Support to stay informed when new security updates are released.

It is recommended that you use SSH and NOT Telnet to log into your server. Telnet sends your password in plain text and anyone can sniff it out and use it to break into your server. Please, do NOT use telnet.

You can get a copy of a Windows SSH client called "Putty" here.

Mac users can download an SSH client called "jellyfissh" from this website.

New To Linux?

#How to use SSH on Windows PC's
#How to use SSH on a Mac
#Using VI text editor
#Direcory of Linux commands
#Linux resource websites


Server Security

#APF Firewall Modular IPTables Firewall
#RKHunter Scans for Root Kits
#Hide Server & Apache Info Hides Version info from scans (not tested on plesk)
#Disable Direct Root Login And force SSH protocol 2
#Disable Telnet Telnet is insecure, use SSH only.
#Change All Passwords

Admin:

/usr/bin/passwd
(set new password)

Root:

su -
/usr/bin/passwd
(set new password)

#Kernel Update

Common Issues
Mostly for Ensim Webppliance

#Remove Logging of Lame Servers
#Error_Logs Growing to fast? Rotate them more often
#Ensim's Vhbackup/Restore fails Make sure ATD is on.
#Change or reset the vhbackup password
#Starting httpd: Ouch! ap_mm_create (Apache Fails to start) (Rfxn has the solution, posted maybe 1/2 way down the page)

General Server Setup

#Change Host Name
#ENSIM Name Server Setup
#Plesk Name Server Setup
#Set Date And Time

Monitoring Webppliance / Plesk compatible

#SIM Server Monitor
#HotSaNIC CPU,Memory, Disk Monitor
#Easy MRTG

Accelerators

#Installing Zend Optimizer
#Mod_gzip
#eAccelerator caching accelerator
Statistics

#How to install and AUTOMATE Urchin5 on Ensim

Usefull HowTo's

Mostly for Ensim

#Hide Services from showing on the ENSIM control panel.
http://forums.theplanet.com/index.php?showtopic=9630

#Turn safemode off for one domain (Tested on Ensim)
http://forums.theplanet.com/index.php?showtopic=10244

#Howto: CGI outside of the CGI-BIN (Tested on Ensim)
http://forums.theplanet.com/index.php?showtopic=7328

#How to move sites from one server to another
http://forums.theplanet.com/index.php?showtopic=5607

#Reduce Spam With ORDB and Spamcop (I don't suggest using SpamCop)
http://forums.theplanet.com/index.php?showtopic=4823

#Remove Un-needed RPM's
http://forums.theplanet.com/index.php?showtopic=14359

#How to install LWP and its Dependencies
http://forums.theplanet.com/index.php?showtopic=12869

#HOWTO read mail sent to root@localhost without using PINE.
http://forums.theplanet.com/index.php?showtopic=10132

#Reset MySQL root password (Tested on Ensim)
http://forums.theplanet.com/index.php?showtopic=15570

#HowTo: Clear Mail Root & Other Log Files
http://forums.theplanet.com/index.php?showtopic=16294

#Custom Error Pages on site rollout for all domains. ENSIM
http://forums.theplanet.com/index.php?showtopic=118676

#Change the welcome message when you login via SSH
http://forums.theplanet.com/index.php?showtopic=4954


Thanks to all who wrote these HowTo's you have helped many newbies setup and secure their servers

.

View All Disk Usage hack
http://forum.rackshack.net/showthread.php?...=&threadid=8199

bump again..
(added RS marks vi text editor how to)




(can this be sticky. i think its sticky worthy )

sticky stick sticky...the old one was a sticky why cant this one be:D

Added the way to change vhbackup's password


(and another cheap way of bumping myself)

Let's start a petition to get the thread sticky'd : P

i 2nd that motion

what else could I say ... an excellent thread ...
most deserving of a STICKY ...

Make it a STICKY please ...

*sticky spam*

link to hostanic http://www.unofficial-support.com/modules....article&artid=6 does not work. Unofficial-support seems to be unreachable.. I tried it yesterday and got the same error.

Where else can I find the how=to ? or even a sample how hostanic looks like..

thanks

Hotsanic. Im trying to find a local copy of his howto so i can post it to the forum.. but i havent any luck..

here is what it looks like. Click Here

Another vote for sticky!

This thread is currently my browser's homepage... it's "that" helpful hehe

yea, make this a sticky until a new version of ensim comes out:D

Uh ... shall we understand that you want this thread made sticky?

:confused:

*yay* im sticky, im sticky i feel so special. Thanks madsere!

wow the mods are really eagle eyed

nice spot madsere

and congratumalations foggy many a newbie'll love this

HotSaNIC howto now works ( I found a printed copy and i retyped it to the forums)

thanks foggy

btw is unofficial-support gone for good, or just a temporary problem?

I have no clue.. it seems like its gone for good.. thats too bad. it was a good site.


it looks like his site is back up... www.unofficial-support.com yay!

I think you should add to the list this problem I encountered with up2date. After upgrading to 3.1.1.xx I noticed that up2date was not working and it was throwing me a python error.

The fix

rpm -Uvh ftp://ftp.rpmfind.net/linux/redhat/update...-7.x.2.i386.rpm

Popt library was embeded with python in version 7.2, and it was not installed on my box.

run up2date now:

/usr/sbin/up2date

if you still get the same error you need to reinstall up2date again:


rpm -Uvh ftp://ftp.rpmfind.net/linux/redhat/updates/7.2/en/os/i386/up2date-2.7.61-7.x.2.i386.rpm --force --nodeps://ftp://ftp.rpmfind.net/linux/redhat/...-force --nodeps




That worked for me, hopefully you will find this info useful.

I think you should add to the list this problem I encountered with up2date. After upgrading to 3.1.1.xx I noticed that up2date was not working and it was throwing me a python error.

The fix

rpm -Uvh ftp://ftp.rpmfind.net/linux/redhat/update...-7.x.2.i386.rpm

Popt library was embeded with python in version 7.2, and it was not installed on my box.

run up2date now:

/usr/sbin/up2date

if you still get the same error you need to reinstall up2date again:


rpm -Uvh ftp://ftp.rpmfind.net/linux/redhat/update...-7.x.2.i386.rpm




That worked for me, hopefully you will find this info useful.

I'll add that... but why did u double post?

double post... his keys also goy sticky after browsing the sticky thread..

umm.. nice compile.. looking after some more additions...

What about removing ensim.rackshack.net from the mysql tables to ;p

I am running an AMD Duron 1ghz system with 1gb of ram. The version of Ensim is 3.0 with Red Hat v7.1

The got all of the updated RPM files that were needed and the installation started up. I ran the Ensim update and everything seemed to have gone fine until it eventually said FAILED. It told me to refer to the error log file.

I am looking at it now and I have no clue what is wrong. I uploaded the attachment to www.garyzhou.com/errors.txt

Any suggestions or assistance would be very appreciated. I can no longer access the control panel via http or any of the sites... Thanks in advance.

Wow foggy!! Thank you very much!! This is going to be really helpful for newbies like me! Good work ^__^

GZhou06: I sent you a PM


Verónica: Im glad that this list was of help to you

happy upgrading

We just got a Ensim 3.1.1 box a couple of days ago and this thread was very helpful. Today we got bit by the mod_jk.log problem and the server stopped serving httpd. mod_jk.log had grown too large. In addition httpd wouldn't restart until I removed mod_jk.log. I don't know if you think that problem should be mentioned in the new server checklist but it certainly caused us to panic.

It is in this checklist

"Tomcat logs grow to big"

Maybe i will add mod_jk to the title



MAtt

Oops, missed it. "Never mind".

You got to add my MailScanner howto to the liste. MailScanner is a must have for all mail servers. Filters all your incoming/outgoing mail for virus attachments.

I updated it to the latest version 4.0.1 and you can find the link at the HOWTO section.

Ok, i added it.

foggy, I think you'd better remove Mailscanner How to from your list because even what I try and how often I follow that How to, it doesn't work and I make my server more difficult to manage. I have to restart sendmail everytime I reboot manually. Many newbies use your list to work with their server so plase remove it.

You're right nirans,

I want to try to keep this list as newbie friendly as possible. And mailscanner may work for some, but there are alot who have had trouble with it so i removed the link from this list

sorry albo

I have installed MailScanner and almost gave my clients a heart attack!

They were so used to getting so much spam every day that when MailScanner stoped it, they thought their email was broken. After I explaned what was happening and they realized that they were still getting the same amount of good emails, they thanked me big time

so my opinion is keep it in! Maybe put a warning on it that a newbe may not want to try it.

Added JCEUSA httpdmon.so fix for Ensim 3.1.1

Seems to be working ok on my server... so far

I often say that these Forums are alone an education in Server Management. Thanks to all of you for helping make this an excellent resource.

I am learning and installing from this list one by one...

But I wish there was a highly recommened notation...and a not needed if notation...

I was going to install MRTG but not sure if this is redundant to HotSainic?

What about security? The one thing all of the experience users can do for newbies is create a thread explaining how to secure a box. What the installation of a component is used for.

I put Bastille...

Now should I put Aris?

Mailscanner gets mixed reviews....why? Seems like a must but then gets slammed in the threads/

Guys once again THANK YOU and God Bless You All for taking the time to put down these essential How Tos. It's all of you who make RackShack an excellent experience.

All the Best!
Astoria

Might want to add "change urchin admin password" now since servers are supposedly coming with Urchin preinstalled and running with generic usernames/passwords.

Thought i read a post from Patrick-Ev1 saying urchin was going to be "off" on new servers.

I could have misread it, ... or you may not know what your talking about. he he he




(edit: thanks for helping to spread this thread around RNJ )

(edit again: well, either way, i guess i will have to add somthing about Urchin in it.. like how to turn it on? hehe .. )

Ok cool maybe they listened to the complaints about the servers coming with urchin running w/ generic passwords

I just heard that they were coming with Urchin running, and assumed that it was true.

That's good to hear.

And yeah, I figured that more people needed to read this forum after I read like 5 forums where the people had broken Ensim trying to change the hostname some incorrect way, were talking about waiting for Rackshack to change their DNS entries, etc. and thought "man these people really need to read the new server checklist"

Yeah, i'll add somthing on Urchin..

And prolly update the content of the list soon.. Anyone got any good howto's that are newbie friendly that i can add here??

Could just add


/etc/rc.d/init.d/sendmail restart


to /etc/rc.d/rc.local


at the end of the file, this would work fine.









Foggy: Could you add the snort+aris howto?

Added projectandrews howto on Urchin4

He has it somewhat intergrated with Ensim so profiles are created when you create a new site in Ensim..

Had some issues with it at first, but we worked them out and now it works great!

And since its a howto from projectandrew you know its gotta be easy to install!

Id love to... but.... where is it?

yeah yeah yeah ... search is my friend.


(EDIT: i found it, its at aussies site.. I'll add it 2morrow... I like those ice skating penguins. penguins are my favorite )

I don't know how I can disable Telnet as stated in Foggy's list ( From Within The Control Panel)!

In the Appliance Admin panel

Click Services >> and click the stop icon next to telnet.

If you have installed bastille firewall, i believe it shuts down telnet unless you opted to keep it up.

I have done all above but until now I haven't added any domains??!! So can I start adding domains? and How can I start?

Go to your ensim control panel... http://YOUR-SERVERS-IP:19638/webhost/
and have a look at ensim... have a play with that make some test sites or whatever untill you get it....

if you don't know your password it's what you signed up with and the user is admin