Direct Admin Server Setup, to those techs who want to Setup a Direct Admin You can use the following code by simply copying one entire section and paste it on a shell. For example, if you need to install mod_security, you only need to copy mod_security section of this article and paste it in your shell. Doing so will do many jobs on one shot such as downloading mod_sec source, compilation, installation, addition of httpd configurations and rules. Hope this will help some one. 🙂
Server Environment:-
OS : CentOS
Control Panel : Direct Admin
Â
Installing Direct Admin
### Direct Admin ###
yum -y install gcc gcc-c++ flex && \
wget http://www.directadmin.com/setup.sh && \
chmod 755 setup.sh && \
sh setup.sh
Â
Installing MRTG
### GD ###
wget http://techtrunch.com/downloads/gd-2.0.35.tar.gz -O /root/gd-2.0.35.tar.gz && \
tar -xzvf gd-2.0.35.tar.gz && \
cd gd-2.0.35 && \
./configure && \
make && \
make check && \
make install
### MRTG###
wget http://oss.oetiker.ch/mrtg/pub/mrtg.tar.gz && \
tar -xzvf mrtg.tar.gz && \
cd mrtg-* && \
./configure –prefix=/usr/local/mrtg-2 && \
make && \
make install && \
mkdir /var/www/html/mrtg && \
mkdir /var/www/html/mrtg/core && \
chmod 700 /var/www/html/mrtg/core && \
wget http://techtrunch.com/downloads/mrtg.cfg -O /var/www/html/mrtg/core/mrtg.cfg && \
wget http://techtrunch.com/downloads/system -O /var/www/html/mrtg/core/system && \
chmod +x /var/www/html/mrtg/core/system && \
ldconfig && \
env LANG=C /usr/local/mrtg-2/bin/mrtg /var/www/html/mrtg/core/mrtg.cfg && \
env LANG=C /usr/local/mrtg-2/bin/mrtg /var/www/html/mrtg/core/mrtg.cfg && \
echo “*/5 * * * * root /usr/local/mrtg-2/bin/mrtg /var/www/html/mrtg/core/mrtg.cfg” >> /etc/crontab
Installing mod_security
### Install Modsecurity in DA ###
tar -xzvf modsecurity-apache_* && \
cd modsecurity-apache_*/apache2 && \
./configure –with-apxs=/usr/sbin/apxs && \
make && \
make test && \
make mlogc && \
make install && \
echo “<IfModule mod_security2.c>
SecRuleEngine On
SecAuditEngine RelevantOnly
SecAuditLog /var/log/httpd/modsec_audit.log
SecDebugLog /var/log/httpd/modsec_debug_log
SecDebugLogLevel 0
SecDefaultAction “phase:2,deny,log,status:406”
SecRule REMOTE_ADDR “^127.0.0.1$” nolog,allow
Include conf/modsec/*.conf
</IfModule>” >> /etc/httpd/conf/extra/httpd-includes.conf && \
mkdir /etc/httpd/conf/modsec && \
cd /etc/httpd/conf/modsec && \
wget http://techtrunch.com/downloads/rules_of_cpanel.conf && \
touch /var/log/httpd/modsec_audit.log && \
touch /var/log/httpd/modsec_debug_log && \
chmod 777 /var/log/httpd/modsec* && \
/etc/init.d/httpd restart
Installing CSF, IPtable’s front end
### CSf ###
yum -y install perl-libwww-perl && \
wget http://www.configserver.com/free/csf.tgz && \
tar -xzf csf.tgz && \
cd csf && \
sh install.sh
If you followed default configuration, i.e. CLI, for apache – php while installing you need not follow below steps. But if you followed suphp, you need to follow below given steps.
### SuPhP ###
cd /usr/local/directadmin/scripts/custom && \
wget http://techtrunch.com/downloads/user_destroy_pre.sh && \
wget http://techtrunch.com/downloads/user_create_post.sh && \
chmod 755 /usr/local/directadmin/scripts/custom/*.sh && \
chown diradmin:diradmin /usr/local/directadmin/scripts/custom/*.sh && \
cp /usr/local/directadmin/data/templates/virtual_host2* /usr/local/directadmin/data/templates/custom/
and open each file in /usr/local/directadmin/data/templates/custom/ and insert following
SetEnv PHP_INI_SCAN_DIR /usr/local/directadmin/data/users/|USER|/php/
between
|*if SUPHP=”1″|
and
|*endif|
Make following function modifications in php.ini [first one is only for SuPHP server and second one is to secure php and so can apply to both CLI and SuPHP server]
open_basedir = /var/www/html/:/tmp/:/etc/virtual/
disable_functions = passthru, shell_exec, escapeshellarg, escapeshellcmd, proc_close, proc_open, ini_alter, popen, show_source, proc_nice, proc_terminate, proc_get_status, proc_close, pfsockopen, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid,dl, virtual,exec,system
Â
Installing SNMP
yum install net-snmp net-snmp-utils net-snmp-devel -y
Secure the /tmp and /dev/shm