optimized the ISPCONFIG 3 for Jessie
I just followed the setup of Jessie.
I have some improvemts to use even more the debian standards. I like very clean servers and then some things of ispconfig wont work i noticed.
i install the following way. - expert install - and the packages list, i select ONLY ssh server. When installed like this, the ispconfig installer is missing the package aptitude. a check of aptitude is installed in the installer would be nice.
check : sysctl kernel.hostname uname -n cat /proc/sys/kernel/hostname hostname -s hostname -d hostname -f (optional hostname -y and/or sysctl kernel.domainname )
for apt source.list : optional add: ( maybe disabled by default )
# jessie-updates, previously known as 'volatile' deb http://ftp.nl.debian.org/debian/ jessie-updates main contrib non-free deb-src http://ftp.nl.debian.org/debian/ jessie-updates main contrib non-free
apt-get install ntp ntpdate
remove ntpdate, it fails at the system start up, because of incorrect loading order, it loads before your network kaart.
when your ip is active, it fails again because ntp is already running.
( not an ispconfig problem, but removing it from install wont harm sinds we setup ntp server )
/etc/fail2ban/jail.local make use of the default available in fail2ban. below is available in the jail.conf.
[sasl] enabled = true port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s filter = postfix-sasl logpath = /var/log/mail.log [dovecot] enabled = true port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s filter = dovecot logpath = /var/log/mail.log [pure-ftpd] enabled = true port = ftp,ftp-data,ftps,ftps-data filter = pure-ftpd logpath = /var/log/syslog maxretry = 6
adjusting the filters is not needed anymore.
cd /etc/apache2/conf-enabled/ ln -s ../../squirrelmail/apache.conf squirrelmail.conf
ln -s /etc/squirrelmail/apache.conf /etc/apache2/conf-available/squirrelmail.conf a2enconf squirrelmail service apache2 reload
and if above is with fail2ban and ufw. if the app names are use, you can use the defaut ufw.conf action in fail2ban. if no app names are used in ufw, add : /etc/fail2ban/action.d/ufw-all.conf with :
actionban = ufw insert 1 deny from <ip> to any actionunban = ufw delete deny from <ip> to any
and set the default action to ufw-all
More suggestions to come.