Installing Squirrelmail

Next, install squirrelmail as the webmail client.

Execute the following commands:

cd /var/www/htdocs
wget http://jaist.dl.sourceforge.net/sourceforge/squirrelmail/squirrelmail-1….

Verify the md5sum of the downloaded file by executing the command: md5sum squirrelmail-1.4.13.tar.gz. The md5sum should be 51ddd67a7ff9272f5a6e1da0b9dfbf18.

If the md5sum does not match, then delete the file by executing the command: rm squirrelmail-1.4.13.tar.gz and the download the file again.

Once the md5sum is correct, extract the file by executing the command: tar -xvzf squirrelmail-1.4.13.tar.gz

Rename the downloaded directory to a more descriptive name – webmail for example.

mv squirrelmail-1.4.13 webmail

Create a directory where attachments are stored, inside the webmail directory, by executing the command: mkdir -p /var/www/htdocs/webmail/attachments.

Set the proper permissions on the data and attachments by executing the following commands:

cd /var/www/htdocs/webmail
chown -R www-data data
chmod go-w data
chown -R root attachments
chgrp -R www-data attachments
chmod -R 730 attachments

Configure squirrelmail by executing the commands:

cd /var/www/htdocs/webmail
perl config/conf.pl

Enter 1 to select Organization preferences. Change Organization Name, Organization Title, Provider link and Provider name according to your preferences.

Enter S to save the details and then enter R to return to the main menu.

Enter 2 to select Server Settings. Change Domain to your domain name [e.g. technichristian.info]. Select Sendmail for Sendmail or SMTP.

Enter A to update IMAP Settings. Again, enter 8 to change Server Software. Type in courier as the server software.

Enter S to save the details and then enter R to return to the main menu.

Enter 4 to select General Options. Change Data Directory to /var/www/htdocs/webmail/data. Next, change Attachment Directory to /var/www/htdocs/webmail/attachments.

Enter S to save the details and then enter R to return to the main menu.

Enter 9 to select Plugins. Enable any plugins you like. One plugin that I recommend is squirrelspell. Enable it to spell check your emails before sending them.

Enter S to save the details and then enter R to return to the main menu.

Finally, enter Q to quit the configuration editor.

Open your web browser, navigate to https://domain.com/webmail/ and check your mail.

Create a new mail user with the command:

useradd -d /home/mail-user-name -g users -m -s /bin/false mail-user-name

Change the mail-user-name password with the command:

passwd mail-user-name

Remember to change mail-user-name to the desired user name.

In squirrelmail, open a received mail and click View Full Header. The email headers are then displayed. One of the header lines should be similar to the following:

Received-SPF: pass (gmail.com … _spf.google.com: 72.14.202.183 is authorized to use ‘xxx@gmail.com’ in ‘mfrom’ identity (mechanism ‘ip4:72.14.192.0/18′ matched)) receiver=technichristian.net; identity=mfrom; envelope-from=”xxx@gmail.com”; helo=ro-out-1112.google.com; client-ip=72.14.202.183
Received: from ro-out-1112.google.com (ro-out-1112.google.com [72.14.202.183])

This indicates that Postfix verifies SPF records before accepting the email.

Configuring MySQL

MySQL is already installed. You can get my optimized MySQL configuration and save it as /etc/mysql/my.cnf.

Start MySQL by executing the command: /etc/init.d/mysql restart. Execute the command: netstat -tap | grep mysqld to verify that mysql is running.

Installing Proftpd

Proftpd is a FTP server. Execute the command: apt-get install proftpd ucf to install it. Select Standalone for server Type.

Execute the following commands to get my proftpd configuration.

cd /etc/proftpd
mv proftpd.conf proftpd.conf.old
wget http://technichristian.net/DEBIAN-ETCH-SERVER/proftpd.conf
echo admin >> /etc/ftpusers
cd /usr/src

Restart proftpd with the command: /etc/init.d/proftpd restart. Execute the command: ps -e | grep proftpd to see that proftpd is running.

Root login is disabled and only users with a valid shell are allowed to login to proftpd. As of now, there is no such user who can login to proftpd.

Next, create a user who can login to proftpd, with the command:

useradd -d /home/ftpusername -g users -m -s /bin/bash ftpusername

Then set the password with the command: passwd ftpusername

Substitute your desired username for ftpusername in the commands above.

Open your preferred ftp client and connect as the ftp user.

Configuring SSH

SSH is already installed and running. Execute the following commands to get my SSH configuration:

cd /etc/ssh
mv sshd_config sshd_config.old
wget http://technichristian.net/DEBIAN-ETCH-SERVER/sshd_config
cd /usr/src

Root login is disabled. You can either use the ftp user to login to SSH or create a new user with the commands:

useradd -d /home/sshusername -g users -m -s /bin/bash sshusername
passwd sshusername

In any case, edit /etc/ssh/sshd_config and find the line that reads AllowUsers CHANGEME. Replace CHANGEME with your actual SSH user name.

Next, add the following command to /root/.profile (Create it if it does not exist):

echo ‘ALERT – Root Shell Access on:’ `date` `who` | mail -s “Alert: Root Access from `who | awk ‘{print $6}’`” mail@domain.com

Replace mail@domain.com with your actual EXTERNAL email (e.g. tech@gmail.net).

This line will send an email any time anyone logs in as root.

Restart SSH with the command: /etc/init.d/ssh restart.

Log out of SSH and try to login back as root. You should get an Access Denied message. Login as your SSH user and you should be able to login successfully.

Installing Chkrootkit

Chkrootkit is a tootl to check for signs of a rootkit.

Execute the following command to install chkrootkit: apt-get install chkrootkit

Answer Yes to the question Would you like to run chkrootkit automatically every day?

Enter -q for the arguments to pass.

Answer No to the question Only report problems if they differ from yesterday’s problems?

Execute chkrootkit and view the output.

If any of the ouptut lines say INFECTED, then wipe your server and re-install. Your server has been owned.

The chkrootkit installation automatically installs a cron job that runs daily, checks the system and mails the result to the root email.

Installing Rkhunter

Rkhunter is another tool to check for rootkits.

Execute the following command to install rkhunter: apt-get install rkhunter.

Answer Yes to the question Activate daily run

Answer Yes to the question Activate weekly database update

Run rkhunter with the command: rkhunter -c -sk.

The rkhunter automatically installs a cron job that checks for rootkits and emails the results to the root email everyday. Also installed, is another cron job that updates the rkhunter database every day.

Installing Logwatch

Logwatch is a customizable log analysis system. Logwatch parses through your system’s logs for a given period of time and creates a report analyzing areas that you specify, in as much detail as you require.

Execute the following commands to install logwatch.

cd /usr/src
apt-get install logwatch
cp /usr/share/logwatch/scripts/services/* /etc/logwatch/scripts/services/
mkdir -p /var/cache/logwatch
cd /etc/logwatch/conf/
wget http://technichristian.net/DEBIAN-ETCH-SERVER/logwatch.conf
cd /usr/src

Run logwatch, by executing the command: logwatch. Login to your root email and check the results.

The logwatch installation automatically installs a cron script that runs logwatch and emails the results to the root email every day.

Installing BFD

BFD (Brute Force Detection) is a modular shell script for parsing applicable logs and checking for
authentication failures.

Execute the following commands to download BFD.

cd /usr/src
wget http://www.r-fx.ca/downloads/bfd-current.tar.gz

Check the md5sum of the downloaded file: md5sum bfd-current.tar.gz. The md5sum should be 3b19507e6722ea291aabc5e3aa6af208 for the current version (0.9).

If the md5sum does not match, then delete the downloaded file by executing the command: rm bfd-current.tar.gz and download the file again.

Once the mdsum matches, install BFD by executing the commands:

tar -xvzf bfd-current.tar.gz
cd bfd-0.9
./install.sh
cd /usr/src

Edit /usr/local/bfd/conf.bfd. Find the line that reads ALERT_USR=”0″ and change it to ALERT_USR=”1″.

Edit /etc/cron.d/bfd. Find the line that reads MAILTO= and change it to MAILTO=root.

Start bfd by executing the command: /usr/local/sbin/bfd -s

BFD will detect brute force logging attempts and ban the relevant IPs automatically.

Installing Webalizer

The Webalizer is a fast, free web server log file analysis program. It produces highly detailed, easily configurable usage reports in HTML format, for viewing with a standard web browser.

Execute the following commands to install Webalizer: apt-get install webalizer

Enter /var/www/htdocs/webalizer as the directory in which to put webalizer output.

Enter Usage statistics for as the Title.

Enter /var/log/lighttpd/access.log as the Webserver’s rotated file name.

Answer Yes to the question Enable DNSCache Option

Execute the following commands to get my webalizer configuration:

cd /etc/webalizer
mv webalizer.conf webalizer.conf.old
wget http://technichristian.net/DEBIAN-ETCH-SERVER/webalizer.conf
cd /usr/src

Execute the command: webalizer to run webalizer.

Open your web browser and navigate to either http://yourdomain.com/webalizer or https://yourdomain.com/webalizerto see the web stats. (Substitute your actual domain name for yourdomain.com)

Securing Webalizer Output

Next, secure webalizer output such that only an authorized user can view it.

Execute the command: apt-get install apache2-utils. apache2-utils is the package that contains the htdigest utility that you use to set up a password for the webalizer output.

Execute the command: htdigest -c /etc/webalizer-pass “Authorized User Only” desired-user-name. (Substitute your desired user name for desired-user-name).

Edit /etc/lighttpd.conf. Find the following block:

#$HTTP["url"] =~ “^/webalizer/” {
# auth.backend = “htdigest”
#auth.backend.htdigest.userfile = “/etc/webalizer-pass”
#auth.require = (“/webalizer/” => (
# “method” => “digest”,
# “realm” => “Authorized User Only”,
# “require” => “user=PUT-YOUR-USER-NAME”
#))
#}

Remove the ‘#’ from all the lines. Enter your user name where it says PUT-YOUR-USER-NAME.

Similarly, edit /etc/lighttpd-ssl.conf.

Kill the running lighttpd and lighttpd-ssl process with the command: killall lighttpd lighttpd-ssl php-cgi.

Start the lighttpd and lighttpd-ssl processes with the commands:

lighttpd -f /etc/lighttpd.conf
lighttpd-ssl -f /etc/lighttpd-ssl.conf

If you get this message: lighttpd: Symbol `FamErrlist’ has different size in shared object, consider re-linking, then execute the command: apt-get install libfam0, kill the lighttpd and lighttpd-ssl processes and then restart both lighttpd and lighttpd-ssl. Evidently there is a conflict between fam and gamin that causes this bug in lighttpd.

Open your browser and navigate to http://yourdomain.com/webalizer or https://yourdomain.com/webalizer. A password prompt will be displayed. Enter your user name and password to view the webalizer statistics.

The webalizer installation automatically installs a cron job that updates the webalizer statistics every day.

Installing Munin

Munin is a monitoring software that monitors your server’s vital statistics and displays them in an easy to read graphical format. Execute the following command to install munin: apt-get install munin munin-node.

Next, execute the following commands to set up the output directory correctly:

/etc/init.d/munin-node stop
mv /var/www/munin/ /var/www/htdocs/

Next, edit /etc/munin/munin.conf.

Change htmldir to /var/www/htdocs/munin

Find the following block:

# a simple host tree
[localhost.localdomain]
address 127.0.0.1
use_node_name yes

Change it to:

# a simple host tree
[yourdomain.com]
address 127.0.0.1
use_node_name yes

(Substitute your domain name for yourdomain.com).

Execute the command: echo “allow ^66\.160\.141\.24$” >> /etc/munin/munin-node.conf (Substitute your actual server IP for 66.160.141.24 but preserve the format in which the IP is entered. For e.g. if your IP is 59.216.1.28, then the format should be: ^59\.216\.1\.28$).

Link as many parameters you want to monitor. For e.g. to monitor memory, execute the command:

ln -s /usr/share/munin/plugins/memory /etc/munin/plugins/

To remove a linked parameter [for e.g. memory], execute the command:

rm /etc/munin/plugins/memory

Now, start munin-node with the command: /etc/init.d/munin-node start

Wait for 5 mins for the server to be monitored. Open your browser and navigate to either http://yourdomain.com/munin or https://yourdomain.com/munin and you should see the monitored graphs.

Remember to execute:/etc/init.d/munin-node restart, every time you link or remove a parameter.

Securing Munin Output

Next, secure munin output such that only an authorized user can view it.

Execute the command: htdigest -c /etc/munin-pass “Authorized User Only” desired-user-name. (Substitute your desired user name for desired-user-name).

Edit /etc/lighttpd.conf. Find the following block:

#$HTTP["url"] =~ “^/munin/” {
# auth.backend = “htdigest”
#auth.backend.htdigest.userfile = “/etc/munin-pass”
#auth.require = (“/munin/” => (
# “method” => “digest”,
# “realm” => “Authorized User Only”,
# “require” => “user=PUT-YOUR-USER-NAME”
#))
#}

Remove the ‘#’ from all the lines. Enter your user name where it says PUT-YOUR-USER-NAME.

Similarly, edit /etc/lighttpd-ssl.conf.

Kill the running lighttpd and lighttpd-ssl process with the command: killall lighttpd lighttpd-ssl php-cgi.

Start the lighttpd and lighttpd-ssl processes with the commands:

lighttpd -f /etc/lighttpd.conf
lighttpd-ssl -f /etc/lighttpd-ssl.conf

If you get this message: lighttpd: Symbol `FamErrlist’ has different size in shared object, consider re-linking, then execute the command: apt-get install libfam0, kill the lighttpd and lighttpd-ssl processes and then restart both lighttpd and lighttpd-ssl. Evidently there is a conflict between fam and gamin that causes this bug in lighttpd.

Open your browser and navigate to http://yourdomain.com/munin or https://yourdomain.com/munin. A password prompt will be displayed. Enter your user name and password to view the munin output.

The munin installation automatically installs a cron job that updates the munin output every 5 mins.

Installing Vnstat

vnStat is a network traffic monitor for Linux that keeps a log of daily network traffic for the selected interface(s).

Execute the following command to install vnstat: apt-get install vnstat

Execute the following command to generate the vnstat interface database: vnstat -u -i eth0 (substitute your server’s external interface if it is NOT eth0).

Next, get a good PHP frontend for vnstat and install it.

Execute the following commands to download the PHP interface:

cd /var/www/htdocs/
wget http://www.sqweek.com/sqweek/files/vnstat_php_frontend-1.3.tar.gz

Check the md5sum of the downloaded file, with the command: md5sum vnstat_php_frontend-1.3.tar.gz.

The md5sum should be 190b37808ae16bd1c1a132434b170437 for the current version (1.3). If the md5sum does not match, then delete the file by executing the command: rm vnstat_php_frontend-1.3.tar.gz and download the file again.

Once the md5sum matches, extract the file with the commands:

tar -xvzf vnstat_php_frontend-1.3.tar.gz
mv vnstat_php_frontend-1.3 vnstat

Next, edit the file: /var/www/htdocs/vnstat/config.php. Find the line that reads:

$iface_list = array(‘eth0′, ‘eth1′, ‘sixxs’);

and edit it according to your server’s external interface.

For e.g. this line from my server’s configuration is $iface_list = array(‘eth0′);

Find the following lines and edit/comment them out accordingly:

$iface_title['eth0'] = ‘Internal’;
$iface_title['eth1'] = ‘Internet’;
$iface_title['sixxs'] = ‘SixXS IPv6′;

For e.g. these lines from my server’s configuration are:

$iface_title['eth0'] = ‘External’;
//$iface_title['eth1'] = ‘Internet’;
//$iface_title['sixxs'] = ‘SixXS IPv6′;

Find the line that reads: $vnstat_bin = ”; and change it to: $vnstat_bin = ‘/usr/bin/vnstat’;

Find the line that reads: $data_dir = ‘./dumps’; and comment it out, i.e. change it to: //$data_dir = ‘./dumps’;

Open your browser and navigate to either http://yourdomain.com/vnstat or https://yourdomain.com/vnstat and you should see the traffic graphs.

Securing Vnstat Output

Next, secure vnstat output such that only an authorized user can view it.

Execute the command: htdigest -c /etc/vnstat-pass “Authorized User Only” desired-user-name. (Substitute your desired user name for desired-user-name).

Edit /etc/lighttpd.conf. Find the following block:

#$HTTP["url"] =~ “^/vnstat/” {
# auth.backend = “htdigest”
#auth.backend.htdigest.userfile = “/etc/vnstat-pass”
#auth.require = (“/vnstat/” => (
# “method” => “digest”,
# “realm” => “Authorized User Only”,
# “require” => “user=PUT-YOUR-USER-NAME”
#))
#}

Remove the ‘#’ from all the lines. Enter your user name where it says PUT-YOUR-USER-NAME.

Similarly, edit /etc/lighttpd-ssl.conf.

Kill the running lighttpd and lighttpd-ssl process with the command: killall lighttpd lighttpd-ssl php-cgi.

Start the lighttpd and lighttpd-ssl processes with the commands:

lighttpd -f /etc/lighttpd.conf
lighttpd-ssl -f /etc/lighttpd-ssl.conf

If you get this message: lighttpd: Symbol `FamErrlist’ has different size in shared object, consider re-linking, then execute the command: apt-get install libfam0, kill the lighttpd and lighttpd-ssl processes and then restart both lighttpd and lighttpd-ssl. Evidently there is a conflict between fam and gamin that causes this bug in lighttpd.

Open your browser and navigate to http://yourdomain.com/vnstat or https://yourdomain.com/vnstat. A password prompt will be displayed. Enter your user name and password to view the traffic output.

Hardening sysctl.conf and host.conf

Execute the following commands to harden /etc/sysctl.conf:

cd /etc/
mv sysctl.conf sysctl.conf.old
wget http://technichristian.net/DEBIAN-ETCH-SERVER/sysctl.conf
sysctl -p
cd /usr/src

Execute the following commands to harden /etc/host.conf

echo “order hosts,bind” >> /etc/host.conf
echo “nospoof on” >> /etc/host.conf

Getting Programs to Start at Boot

The final step before cleaning up is to ensure that all installed programs start at server boot.

Install rcconf by executing the command: apt-get install rcconf. rcconf is an utility to select the programs to start at boot in various runlevels.

Execute rcconf with the command: rccconf and enable only the following:

courier-authdaemon, courier-imap, courier-imap-ssl, courier-pop, courier-pop-ssl, cron, fam, klogd, makedev, memcached, munin-node, mysql, mysql-ndb, mysql-ndb-mgm, postfix, postgrey, proftpd, saslauthd, ssh, sysklogd.

Ensure that all the other entries do NOT have a [*] in front of them. Press Tab to highlight OK and press Enter to save the settings.

Add the following entries to /etc/rc.local before the line exit 0

/bin/hostname -F /etc/hostname
/usr/sbin/lighttpd -f /etc/lighttpd.conf
/usr/sbin/lighttpd-ssl -f /etc/lighttpd-ssl.conf
/usr/local/sbin/apf -s > /dev/null
/usr/local/sbin/bfd -s

Also, execute the following commands:

rm /etc/cron.daily/fw
echo “#! /bin/sh” >> /etc/cron.daily/apf
echo “/usr/local/sbin/apf -f > /dev/null” >> /etc/cron.daily/apf
echo “sleep 2″ >> /etc/cron.daily/apf
echo “/usr/local/sbin/apf -s > /dev/null” >> /etc/cron.daily/apf
chmod +x /etc/cron.daily/apf

These commands stop and start the APF firewall every day so that the new list of malicious systems can be downloaded.

Installing Snort

Snort® is an open source network intrusion prevention and detection system utilizing a rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods.

Login to mysql, by executing the command: mysql -u root -p

At the mysql prompt, create a database for mysql to use: create database snortdb;

Next, create a snort database user and assign correct permissions: grant all on snortdb.* to snortuser identified by ‘snort-user-password’;

Exit mysql by executing the command: quit

Execute the following command to install snort:apt-get install snort-mysql

Enter the interface name [e.g. eth0] on which snort should listen. Change the interface if your server’s external interface is NOT eth0.

Next, enter your server’s IP address,/strong> as the address range that snort will listen on. For e.g. 66.160.141.24/32 [IP-address/32] for a single IP.

Enter root for the address to which daily snort statistics should be sent.

Answer Yes to set up a snort MySQL database.

Enter localhost for the MySQL server.

Enter the name of the Snort MYSQL database that you setup previously [e.g. snortdb]

Enter the name of the Snort MYSQL database user that you setup previously [e.g. snortuser]

Enter a password for the Snort database.

Next, execute the following command to extract the MySQL schema for Snort: gunzip /usr/share/doc/snort-mysql/create_mysql.gz

Import the MySQL schema into the Snort database with the command: mysql -u snortuser -p snort < /usr/share/doc/snort-mysql/create_mysql

Edit /etc/snort/snort.conf. Uncomment the line: #var HOME_NET $eth0_ADDRESS and comment out the line var HOME_NET any. This line indicates the IP address for which all traffic will be monitored.

Change the line: var HTTP_PORTS 80 to var HTTP_PORTS [80:443]. This indicates that both HTTP as well as HTTPS ports are monitored.

Scroll down to the line: output database: log, mysql and ensure that the database settings are correct.

Execute the command: rm /etc/snort/db-pending-config to remove the db-pending-config file.

Start Snort with the command: /etc/init.d/snort start. Execute the command: ps -e | grep snort to see the process number of the running snort process.

Next, get the adodb PHP database library with the commands:

cd /var/www/htdocs
wget http://jaist.dl.sourceforge.net/sourceforge/adodb/adodb504a.tgz

Check the md5sum of the downloaded file: md5sum adodb504a.tgz. The md5sum should be 0d9f49e520adaffc9f48e2ff9f4d8fc9 for the version at the time of writing. If the md5sum does not match, then delete the file with the command: rm adodb504a.tgz and download the file again.

Once the md5sum matches, extract the file with the commands:

tar -xvzf adodb504a.tgz
rm adodb504a.tgz

Next, get BASE (the Basic Analysis and Security Engine) with the commands:

cd /var/www/htdocs/
wget http://jaist.dl.sourceforge.net/sourceforge/secureideas/base-1.3.9.tar.gz

Check the md5sum of the downloaded file: md5sum base-1.3.9.tar.gz. The md5sum should be 66e50f45c6bbf6b0cb2913b8c67f50d6 for the version at the time of writing. If the md5sum does not match, then delete the file with the command: rm base-1.3.9.tar.gz and download the file again.

Once the md5sum matches, extract the file with the commands:

tar -xvzf base-1.3.9.tar.gz
rm base-1.3.9.tar.gz
mv base-1.3.9/ snort-analysis
chmod 757 snort-analysis

Open your web browser and navigate to http://yourdomain.com/snort-analysis. The BASE page should be displayed. The values should be as follows:

Settings
Config Writeable: Yes
PHP Version: YOUR-PHP-VERSION
PHP Logging Level: [ERROR][WARNING][PARSE]

Click Continue.

Enter /var/www/htdocs/adodb5 for the Path to ADODB and click Submit Query.

Enter your Snort MySQL database settings.

Leave Archive Database alone and then click Submit Query.

Leave Use Authentication System alone and then click Submit Query

Click Create Base AG and wait for the tables to be created.

The output should be:

Successfully created ‘acid_ag’
Successfully created ‘acid_ag_alert’
Successfully created ‘acid_ip_cache’
Successfully created ‘acid_event’
Successfully created ‘base_roles’
Successfully INSERTED Admin role
Successfully INSERTED Authenticated User role
Successfully INSERTED Anonymous User role
Successfully INSERTED Alert Group Editor role
Successfully created ‘base_users’

Click Continue to Step 5.

You are done with BASE.

Next, execute the following commands:

pear install Image_Color
pear install Image_Canvas-alpha
pear install Image_Graph-alpha

to install the required packages for BASE graphs to work.

Execute the commands:

cd /var/www/htdocs
chmod 775 snort-analysis

to set proper permissions on the BASE directory.

Execute the command: htdigest -c /etc/base-pass “Authorized User Only” desired-user-name. (Substitute your desired user name for desired-user-name).

Edit /etc/lighttpd.conf. Find the following block:

#$HTTP["url"] =~ “^/snort-analysis/” {
# auth.backend = “htdigest”
#auth.backend.htdigest.userfile = “/etc/base-pass”
#auth.require = (“/snort-analysis/” => (
# “method” => “digest”,
# “realm” => “Authorized User Only”,
# “require” => “user=PUT-YOUR-USER-NAME”
#))
#}

Remove the ‘#’ from all the lines. Enter your user name where it says PUT-YOUR-USER-NAME.

Similarly, edit /etc/lighttpd-ssl.conf.

Kill the running lighttpd and lighttpd-ssl process with the command: killall lighttpd lighttpd-ssl php-cgi.

Start the lighttpd and lighttpd-ssl processes with the commands:

lighttpd -f /etc/lighttpd.conf
lighttpd-ssl -f /etc/lighttpd-ssl.conf

Open your browser and navigate to http://yourdomain.com/snort-analysis or https://yourdomain.com/snort-analysis. A password prompt will be displayed. Enter your user name and password to view the BASE output.

Final Cleaning Up

The final task is to remove all unwanted packages of the server.

Execute the command:

apt-get remove –purge autotools-dev dpkg-dev libc6-dev libgdbm-dev liblua5.1-0-dev libmemcache-dev libmysqlclient15-dev libncurses5-dev libpcre3-dev libreadline5-dev libsqlite3-dev libssl-dev libstdc++6-4.1-dev libxml2-dev linux-kernel-headers php5-dev zlib1g-dev exim autoconf automake patchutils flex bison telnet gcc cpp cpp-4.1 laptop-detect m4 make

(All on ONE line) to remove all unwanted packages.

Clear the apt-cache by executing the command: apt-get clean

Clear out the /usr/src directory with the command: rm -rf /usr/src/*

Remove unwanted tar.gz files from /var/www/htdocs with the command: rm -rf /var/www/htdocs/*.tar.gz

Reboot the server once with the command: shutdown -r now to check whether everything comes up OK. All necessary services should be started at boot up.

Happy Serving

Updated Tuesday April 22 2008

Virtual Hosting With Lighttpd

For this example, we will host 2 domains: example1.com and example2.com

Make sure that the DNS records for example1.com and example2.com point to the IP address of the server on which lighttpd is installed.

First, create a directory where the contents for each domain will be stored:

mkdir -p /var/www/htdocs/example1
mkdir -p /var/www/htdocs/example2
chown -R www-data:www-data /var/www/htdocs/

Next, create the log files for each domain:

mkdir -p /var/log/lighttpd/example1
touch /var/log/lighttpd/example1/access.log
touch /var/log/lighttpd/example1/error.log
mkdir -p /var/log/lighttpd/example2
touch /var/log/lighttpd/example2/access.log
touch /var/log/lighttpd/example2/error.log
chown -R www-data:www-data /var/log/lighttpd/

Edit /etc/lighttpd.conf and add hosting for example1.com

$HTTP["host"] =~ “(^|\.)example1\.com$” {
server.document-root = “/var/www/htdocs/example1″
server.errorlog = “/var/log/lighttpd/example1/error.log”
accesslog.filename = “/var/log/lighttpd/example1/access.log”
}

Next, add support for example2.com

$HTTP["host"] =~ “(^|\.)example2\.com$” {
server.document-root = “/var/www/htdocs/example2″
server.errorlog = “/var/log/lighttpd/example2/error.log”
accesslog.filename = “/var/log/lighttpd/example2/access.log”
}

Similarly, edit /etc/lighttpd-ssl.conf

Kill the running lighttpd, lighttpd-ssl and php-cgi processes by executing the command: killall lighttpd lighttpd-ssl php-cgi

Start lighttpd and lighttpd-ssl by executing the commands:

lighttpd -f /etc/lighttpd.conf
lighttpd-ssl -f /etc/lighttpd-ssl.conf

Written by Michael R.M. David

Debian 4.0 Server Guide - Part 2, 9.8 out of 10 based on 5 ratings