Hello,
Because of yours and others suggestion I am planning to move to a new server. (security issues)
I mean a new software installation. It is a remote dedicated server I do not need to update the hardware. I’m far away a master on this issues, this is because I am asking for some help.
I think that I would ask to install the OS (they install CentOS, I always have used Fedora) tripwire (free version), apf, php-mysql.
I also have to install postfix-clamAV-spamassassin and cron updates for them, squirrelmail, bind, SFTPD, phpMyAdmin and others
When to install Webmin-Virtualmin?
I can install mail server programs from Webmin. I suppose the more I install from Webmin better control from its CP I would have, isn’t it?
Tripwire is for tracking system changes so I suppose it should be installed on a fresh installation.
Do you have any suggestions?
Thank you
What I would recommend is installing Webmin/Virtualmin as the first thing you do once you receive your newly setup CentOS system (if you want to install tripwire before Virtualmin, that’s fine).
CentOS is a good server distro – and what I would do is use the Virtualmin installer, the install.sh.
It will pull in all the dependencies needed for Apache, MySQL, BIND, Postix, SpamAssassin, Clam, and so forth – and it’ll set it all up for you.
At that point, you can just install whatever it is you need on top of that.
-Eric
Hi Eric,
So you say to install CentOS, Tripwire, Webmin/Virtualmin in that order, then run install.sh to install Apache, php-mysql and the other stuff?
Thank you.
Well, the steps would be:
-
Install CentOS
-
Install Tripwire
-
Run install.sh
Step #3 handles installing the full “Virtualmin stack” as they call it – including Webmin, Virtualmin, Apache, Postfix, and all the other goodies.
-Eroc
I would probably install tripwire after Virtualmin. You’re going to have to regenerate the tripwire database after installing Virtualmin anyway.
Today no one can trust to be online for just a minute without a firewall. I use and like apf and bfd.
bfd detects and bounces at least two force brute ssh attacks/day.
Can I install them from install.sh? Can I choose sFTP instead proFTP and other software installed by default?
Can I install them from install.sh?
No.
You can use the Webmin firewall module to build a firewall, though, if you like. It’s how I always build my firewalls. I’m unfamiliar with apf and bfd, but I believe a couple of Virtualmin users are using them with Virtualmin. But, Virtualmin and Webmin don’t have any relation to them or any awareness of them. If they use standard iptables save files, they’ll be able to usable along-side the Webmin firewall module…but if they don’t use standard save files, then you’ll have to choose one or the other.
Can I choose sFTP instead proFTP and other software installed by default?
No. install.sh is an exceedingly stupid script designed to get a working system and nothing more. Once Webmin is installed and working, you can then use the capabilities it provides (including a GUI for the native package manager, like yum or apt-get) to help out with things like installing additional software and such. You can’t do anything with install.sh, beyond installing Virtualmin and related software.
The FTP servers that Virtualmin supports are ProFTPd and vsftpd. ProFTPd is the default, and is configured for use. If you want to switch to vsftpd, you’ll need to make a few changes in your configuration.
I’ve never heard of sFTP, so I don’t know if you’d be able to use it in a Virtualmin deployment easily.
I am currently using apf and bfd without problems so I suppose they will be okay in the new server.
Just FYI Linux Firewall module displays:
[i]Webmin has detected 2 IPtables firewall rules currently in use, which are not recorded in the save file /etc/sysconfig/iptables. These rules were probably setup from a script, which this module does not know how to read and edit.
If you want to use this module to manage your IPtables firewall, click the button below to convert the existing rules to a save file, and then disable your existing firewall script.[/i]
I made a mistake, I meant VSFTP. I mentioned it because I found a bug within Fedora 8 and ProFTP that shifts log times in three hours (!) I suppose that it won’t happen in the new server. Default ProFTP will be fine for me.
I hope that virtual servers will be exported okay. I made a moving process in the past.
Now, the main question.
I need to keep online all virtual servers in the ‘old’ disk while building and debugging the new one.
Is it possible? Can I handle it in Webmin/V?
Two disks, one master, one slave, two different OSs?
One IP pointing to one system and other IP poinitng to the other?
My ignorance on these issues is shameful!
Thanks Joe.
Well, ignoring for a moment the possibility of setting up a virtualized server, which really just makes this far more complex than it needs to be – no, there’s no good way to do that 
In general, you can boot one OS/distro at a time. If you need to setup a second OS/distro on a new hard drive for your server, the options are generally one of:
-
Reboot the server, and boot into the new OS
-
Setup the hard drive on another computer, then once it’s working as you want, move the hard drive into the your current server
I would suggest option #2. If you can dig up even some low-powered computer that you can use temporarily to setup your hard drive – you can use that to get things working perfectly – then just move the hard drive into your server when everything is working correctly.
-Eric
Hello all!
I rent a dedicated server. I am in the way to rent a new one with CentOS installed only.
I will have the present server for a couple of weeks so I will keep the ‘old’ server online while building the new system.
My will is to control as much as possible with W/Virtualmin Main use of this server is Apache services.
To plan moving process I would post some questions here.
First one:
I remember that new servers were built using server and hostnames something like CK-03Y.gyservice.com Can I change them from webmin?
Thank you
Can I change them from webmin? Thank you
yes you can. through the module Networking under webmin - Network Configuration
From http://www.webmin.com/vinstall.html
and after run ./install.sh
Because it downloads numerous packages from the Virtualmin website and your Linux distribution’s repository, it may take up to 30 minutes for the install to complete. Once it is done, you can login to Webmin at https://yourserver:10000/ to see the Virtualmin user interface.
I don’t understand how could I login to Webmin if it is an empty server and no ‘yourserver’ is created.
I don’t understand how could I login to Webmin if it is an empty server and no ‘yourserver’ is created.
“yourserver” means “whatever the name or address of your server is”. Get it? “your server”? 
Ha ha, yes I got it. I’ve just found in my notes what you mean. Thanks!
I am using apf and bfd, one as firewall and the other to bounce and add to deny_hosts.rules file those IPs that make more than 12 attempts to get access to the server (force brute attacks)
Is it possible to do from webmin modules? Of course I mean about a substitute of bdf.
‘Linux firewall’ is as good as apf ?
Thanks!
I am trying to plan an order of installations and data import.
- Are there important differences between CentOS and Fedora I will have to care about?
I’m not an intensive linux user, just basic stuff and Apache environment.
Please correct me if I’m wrong.
I am looking my notes from my last move (external dedicated servers)
After installing W/V (Apache php-MySQL)
“Webmin-System-Software Packages-Upgrade All Install Packages from yum”
-
Does it worth to change smtp, ftp, ssh, smtp regular ports?
Change hostname to my own
Install bind, innotop
Make some changes in Network settings (dns, hostname)
Enable suexec Apache module
From file sys, enable disk quotas
Install postfix-dovecot-clamAV-spamassassin-squirrelmail (uninstall sendmail program, I had problems with postfix and sendmail installed)
Install phpMyAdmin
Install tripwire
Install ImageMagick, linx, jhead, exiftool and other minor programs
Adjust setting from the old server (php, etc)
- Should I first import ‘human’ user/groups or are they created when importing virtual hosts?
I’m not familiar with Fedora, except that it and Centos are basically RedHat while Fedora has bleeding edge stuff in it and Centos is the stable one.
I don’t think it is worth running services on different ports. I tried ssh once on a different port, but explaining that to clients…and getting more support tickets is not worth the fake security feeling. There are portscanners… they will find you
It is worth though to have complicated passwords and per haps a good ruleset in the firewall.
I think you can just import virtualhosts and it will create the user/groups, You may want to test that by importing 1 virtual domain first.
Hello Ronald!
I don’t know very much about these issues, I did suspected that they would find each port.
I have a pending question
I am using apf and bfd, one as firewall and the other to bounce and add to deny_hosts.rules file those IPs that make more than 12 attempts to get access to the server (force brute attacks) Is it possible to do from webmin modules? Of course I mean about a substitute of bdf. ‘Linux firewall’ is as good as apf ?
Thank you.
in the old forum was a long thread about this. Someone had posted a way to configure linux firewall on port 22 to block those scripted brute force attempts. Helas I can not find it anymore, it might be in the queue to be migrated over to this new site. Per haps it will show up or Im just blinded.
Hello, here I come…
./install.sh
/tmp directory is mounted noexec. Installation cannot continue.