optimized the ISPCONFIG 3 for Jessie
Hi.
I just followed the setup of Jessie.
https://www.howtoforge.com/tutorial/perfect-server-debian-8-jessie-apache-bind-dovecot-ispconfig-3/
I have some improvemts to use even more the debian standards. I like very clean servers and then some things of ispconfig wont work i noticed.
i install the following way. - expert install - and the packages list, i select ONLY ssh server. When installed like this, the ispconfig installer is missing the package aptitude. a check of aptitude is installed in the installer would be nice.
page 1
check :
sysctl kernel.hostname
uname -n
cat /proc/sys/kernel/hostname
hostname -s
hostname -d
hostname -f
(optional hostname -y and/or sysctl kernel.domainname )
for apt source.list : optional add: ( maybe disabled by default )
# jessie-updates, previously known as 'volatile'
deb http://ftp.nl.debian.org/debian/ jessie-updates main contrib non-free
deb-src http://ftp.nl.debian.org/debian/ jessie-updates main contrib non-free
apt-get install ntp ntpdate
remove ntpdate, it fails at the system start up, because of incorrect loading order, it loads before your network kaart.
when your ip is active, it fails again because ntp is already running.
( not an ispconfig problem, but removing it from install wont harm sinds we setup ntp server )
Page 2.
/etc/fail2ban/jail.local make use of the default available in fail2ban. below is available in the jail.conf.
[sasl]
enabled = true
port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
filter = postfix-sasl
logpath = /var/log/mail.log
[dovecot]
enabled = true
port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
filter = dovecot
logpath = /var/log/mail.log
[pure-ftpd]
enabled = true
port = ftp,ftp-data,ftps,ftps-data
filter = pure-ftpd
logpath = /var/log/syslog
maxretry = 6
adjusting the filters is not needed anymore.
Page 3.
change :
cd /etc/apache2/conf-enabled/
ln -s ../../squirrelmail/apache.conf squirrelmail.conf
to.
ln -s /etc/squirrelmail/apache.conf /etc/apache2/conf-available/squirrelmail.conf
a2enconf squirrelmail
service apache2 reload
and if above is with fail2ban and ufw. if the app names are use, you can use the defaut ufw.conf action in fail2ban. if no app names are used in ufw, add : /etc/fail2ban/action.d/ufw-all.conf with :
actionban = ufw insert 1 deny from <ip> to any
actionunban = ufw delete deny from <ip> to any
and set the default action to ufw-all
More suggestions to come.