Skip to content

Installation on Debian 7.x 8.x (with safety aspects)

Jump to bottom Edit New page
webterror edited this page Jan 2, 2017 · 2 revisions

1. Introduction

Text is available under the Creative Commons BY-NC-SA License; additional terms may apply. All information provided without guarantee.

Author: Julian Johannsen

In this tutorial we will install 1 management server and 2 client server (nameserver). You can install facilemanager on every webspace ("mod rewrite" required) with an own MySQL database. In this tutorial we use NANO, you can use any other editor if you want.

Requirements

The following things are needed for the further tutorial:

1x management server alternative a webspace with a MySQL database ("mod rewrite" required)

2x client servers Dedicated or virtual servers (ns1.domain.tld and ns2.domain.tld) which should be located in different IP networks. This servers should not be the same server like your management server.

In this tutorial we will install 1 management server and 2 client server (nameserver). You can install facilemanager on every Webspace (mod rewrite required) with an own database. In this case go to Step 1.5 .

Note: All servers should be reinstalled before installing facilemanager

2. Management server

Secure the server (basics)

a) Connect to your server and change your root password

passwd

  • Choose your new safe password (up to 20 alphanumeric signs with special signs or better)
  • Retype the new password

b) Add new SSH group and add a special sshuser

adduser USERNAME --ingroup YOURSSHROUP

  • Choose your new safe password (up to 20 alphanumeric signs with special signs or better)
  • Retype the new password

c) Change SSH port and access

nano /etc/ssh/sshd_config

`# What ports, IPs and protocols we listen for

Port 22`

  • Change the port to 2200 or 5220 or what ever you want

`#Authentication:

LoginGraceTime 30

PermitRootLogin yes

StrictModes yes`

  • Change PermitRootLogin yes to PermitRootLogin** no and add this rule:

AllowGroups YOURSSHGROUP

/etc/init.d/ssh restart

  • We have to restart the SSH service

d) Test your server access and open (duplicate) the SSH session. Try to login with your old root user, also with your new SSHUSER

e) install fail2ban

apt-get install fail2ban -y

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

nano /etc/fail2ban/jail.local

  • Change settings like bantime or maxentry

service fail2ban restart

f) Install rootkithunter

apt-get install rkhunter -y

  • Check your system

rkhunter -c

Install LAMP

1) Install Apache2

apt-get update -y

apt-get upgrade -y

apt-get install apache2 -y

a) Change Port

nano /etc/apache2/ports.conf

  • Change the "Listen Port 80" to any other port you want

apachectl graceful

b) Allow mod_rewrite

a2enmod rewrite

cp /etc/apache2/sites-enabled/000-default /etc/apache2/sites-enabled/default

nano /etc/apache2/sites-available/default

Change AllowOverwrites to all like this

DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride all
</Directory>

<Directory /var/www >
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
allow from all
</Directory>

Also we need this commands:

rm /etc/apache2/mods-enabled/rewrite.load

cp /etc/apache2/mods-available/rewrite.load /etc/apache2/mods-enabled/

apachectl graceful

c) Restart apache

service apache2 restart

2) Install PHP

apt-get install php5 php5-cgi php5-cli php5-common php5-curl php5-dev php5-gd php5-tidy php5-xmlrpc php5-xsl php5-mcrypt php5-imap php5-imagick libapache2-mod-php5 -y

3) Install MySQL server

apt-get install mysql-server php5-mysql -y

  • Set your MySQL root password

mysql_install_db

a) Secure installation

mysql_secure_installation

  • Insert your MySQL root password

Change the root pass --> no
Remove anonymous users --> yes
Disallow root login remotely --> yes
Remove test database and access to it --> yes
Reload privilege tables now --> yes

b) Create database, database user and database password

mysql -u root -p

  • Insert your MySQL root password

mysql> create database NAME;

  • Create the NAME of the database

mysql> CREATE USER 'DBUSER'@'localhost' IDENTIFIED BY 'USERPASSWORD';

  • Create DBUSER and set USERPASSWORD

mysql> GRANT ALL PRIVILEGES ON NAME.* TO 'DBUSER'@'localhost';

  • Grant all previleges on DBUSER

mysql> exit

  • Leave MySQL

4. Install sudo

apt-get update -y

a) Get and install sudo

apt-get install sudo -y

Install facileManager

a) Get facilemanager

cd /root

wget http://www.facilemanager.com/download/facilemanager-complete-2.3.3.tar.gz

b) Unzip facileManager

tar zxvf facilemanager-complete-2.3.3.tar.gz

c) Move facileManager to the right directory

cd /root/facileManager/server

  • Go to the facileManager directory

rm -r /var/www/index.html

  • Remove the old sample page from apache

mv * /var/www

  • Moves all content to www directory

chown root.www-data /var/www

  • Set rights for user root

chmod -R 775 /var/www

  • Set the folder and file permissions

3. Client server

Secure the server

Same like 2. Management server

Install apache and php

1) Install Apache2

apt-get update -y

apt-get upgrade -y

apt-get install apache2 -y

a) Change Port

nano /etc/apache2/ports.conf

  • Change the "Listen Port 80" to any other port you want

apachectl graceful

b) Allow mod_rewrite

a2enmod rewrite

cp /etc/apache2/sites-enabled/000-default /etc/apache2/sites-enabled/default

nano /etc/apache2/sites-available/default

Change AllowOverwrites to all like this

DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride all
</Directory>

<Directory /var/www >
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
allow from all
</Directory>

Also we need this commands:

rm /etc/apache2/mods-enabled/rewrite.load

cp /etc/apache2/mods-available/rewrite.load /etc/apache2/mods-enabled/

apachectl graceful

c) Restart apache

service apache2 restart

2) Install PHP

apt-get install php5 php5-cgi php5-cli php5-common php5-curl php5-dev php5-gd php5-tidy php5-xmlrpc php5-xsl php5-mcrypt php5-imap php5-imagick libapache2-mod-php5 -y

3) Install BIND9

apt-get install bind9 dnsutils -y

Set up the hostname

hostname ns1.DOMAIN.TLD

  • Change the current hostname

nano /etc/hostname

  • Change the hostname, after reboot you will get the same.

Install facileManager client

a) Get facilemanager

cd /root

wget http://www.facilemanager.com/download/facilemanager-complete-2.3.3.tar.gz

b) Unzip facileManager

´tar zxvf facilemanager-complete-2.3.3.tar.gz´

c) Create new directory for Client

mkdir /usr/local/facileManager

d) Move facileManager to the right directory

cd /root/facileManager/client/facileManager

  • Go to the right directory from facileManager

e) Move the content to destination directrory

mv * /usr/local/facileManager

f) Installation and configuration

php /usr/local/facileManager/fmDNS/client.php install

or use debug mode

php /usr/local/facileManager/fmDNS/client.php install debug

also you can try to reinstall the current client

php /usr/local/facileManager/fmDNS/client.php reinstall

Add a custom footer
Add a custom sidebar
Clone this wiki locally