Installationshåndbog.

Gisp Global Internet Service Provider Bilag 3 Installationshåndbog. Aalborg Universitet Master i IIT - Systemadministration

1 Forord Dette dokument beskriver proceduren for at installere komponenterne brugt i gisp s e-mail system Dokumentet er meget teknisk og henvender sig kun til system administratorer eller andre med lignende vidensniveau. Ved hjælp af dette dokument skulle det være muligt at installere komponenterne brugt i GISP s e- mailsetup. 2 Indholdsfortegnelse 1 Forord...2 2 Indholdsfortegnelse...2 3 Installationsmedier...3 3.1 Medier...3 3.2 CVS...3 4 Installation...4 4.1 Operativsystemer og Firewall...4 4.1.1 Redhat...4 4.1.2 Sun Solaris 9...5 4.1.3 Smoothwall...7 4.2 Tjenester...9 4.2.1 Installing bigbrother...9 4.2.2 MySQL...11 4.2.3 Courier...14 4.2.4 Postfix...18 4.2.5 ntpdate...20 4.2.6 mrtg...20 5 Konfiguration...21 5.1 Courier...21 5.2 SQWebmail...21 5.3 Postfix...22 5.4 Bigbrother...23 5.5 mrtg...23 5.6 nfs...23 GISP Installation og konfigurationshåndbog Side 2 af 23

3 Installationsmedier 3.1 Medier Redhat Linux 8.0 CD1 Image kan hentes fra http://www.redhat.com Sun Solaris 9,0 CD1 Image kan hentes fra http://www.sun.com Smoothwall 1.0 Image kan hentes fra http://www.smoothwall.org Sun FreeWare CD Letager 20020216 Image er lavet udfra filer hentet fra http://www.sunfreeware.com samt nogle hjemmelavede scripts. 3.2 CVS Alle installationsscripts og konfigurationsfiler kan også finde i CVS. GISP Installation og konfigurationshåndbog Side 3 af 23

4 Installation Dette kapitel beskriver selve installationsprocessen og i de fleste tilfæ lde hvordan processen er fremkommet. 4.1 Operativsystemer og Firewall Dette afsnit beskriver hvordan operativsystemer og Firewall installeres som fæ rdige systemer fra en CD-ROM (ISO-images hentet fra Internettet) 4.1.1 Redhat Enter linux text at the boot prompt Press SKIP to test CD media Press OK to install Choose English as language during installation Choose dk keyboard Press OK to no mouse Choose a custom setup Choose Auto partition Remove all partitions on this system select hda answer yes to remove all data press ok to the suggested disk layout (press ok if you get the low memory question) Choose the GRUB boot loader no extra options no GRUB password press ok to the suggested boot loader configuration install boot loader in MBR setup ipadress (deselect dhcp/bootp) gw 10.2.0.1 dns 130.225.51.19 and 130.225.51.16 Choose no firewall Choose the default language Set time zone to Europe/Copenhagen Set the root password Add minimum one Luser Choose the default authentication configuration Deselect all standard packages (473MB space needed on the disc) Press ok to begin installation Choose no to create a boot disk reboot change boot sequence in bios to C only or C,A If the network adapter is not found during initial install it should be found during the first boot Press any key when prompted about new hardware. Choose to configure the network adapter Login as root Set hostname with the hostname command (hostname $HOSTNAME) Edit /etc/resolv.conf (add secondary nameserver) GISP Installation og konfigurationshåndbog Side 4 af 23

4.1.2 Sun Solaris 9 Såfremt der ikke er tilsluttet skæ rm og keyboard til sun serveren kan denne forbindes til den serielle port på en PC kørende Linux Først skal Minicom sæ ttes op på Linux boksen su - minicom -s opsæ t minicom til /dev/ttys1 9600 8N1 ANSI terminal Giv ikke root brugere lov til at bruge den serielle port chmod o+rw /dev/ttys1 Herefter tæ ndes Sun Serveren mens minicom er aktiv på Linux boksen og nedenstående procedure følges.. (da F2 ikke kan bruges anvendes i stedet ) Select a Language - 0. English Select a Locale - 14. Denmark (ISO8859-1) What type of terminal are you using? - DEC VT100 (Choose default Networked yes) - (Choose default Use DHCP No) - (Choose default Primary network interface hme0) - Enter Host name: and press Enter IP address and press (Choose default System part of a subnet Yes) - Enter Netmask and press (Choose default Enable IPv6 no) - Default Route - Specify one Enter IP-address of the router 10.1.0.1 - Esc- 2 Check the information and press Accept route (press ) Configure Kerberos Security No - Name service DNS Enter Domain name klaphat.biz - Enter the IP-address of the nameserver 130.225.51.16 and 130.225.51.19 Enter new name service information? No - Continents and Oceans Europe - Countries and Regions Denmark - Enter correct time - Solaris Interactive Installation Choose Initial. - Esc-4 Choose standard installation Select the geographic regions for which support should be installed. - Northern Europe - Select To Include Solaris 64-bit Support - Select the Solaris software to install on the system. - Core System Support 64-bit - Select Disks c0t0d0 - Preserve Data? - Disk Layout Auto - File Systems for Auto-layout GISP Installation og konfigurationshåndbog Side 5 af 23

======================================== [X] / [X] /opt [X] /usr [ ] /usr/openwin [X] /var [X] swap Customize disk layout - Esc-4 Add Entry: /opt Choose the following disk layout. Point Size (MB) 0 / 100 1 /var 512 2 overlap 8222 3 swap 512 4 /usr/local 1024 5 /opt 1024 6 /usr 2048 7 /export/home 2999 (mount software from other server) Reboot After Installation? - Auto **** Begins installation **** After reboot login as root Change roots password Insert The Sun FreeWare CD Letager 20020216 This CD contains the following Software (unpacked), which can be installed with pkgadd d filename http://www.sunfreeware.com/boltpget.pkg ftp://ftp.sunfreeware.com/pub/freeware/sparc/9/bash-2.05-sol9-sparc-local.gz ftp://ftp.sunfreeware.com/pub/freeware/sparc/9/openssl-0.9.6g-sol9-sparc-local.gz ftp://ftp.sunfreeware.com/pub/freeware/sparc/9/wget-1.8.2-sol9-sparc-local.gz ftp://ftp.sunfreeware.com/pub/freeware/sparc/9/apache-1.3.27-sol9-sparc-local.gz ftp://ftp.sunfreeware.com/pub/freeware/sparc/9/openssh-3.5p1-sol9-sparc-local.gz ftp://ftp.sunfreeware.com/pub/freeware/sparc/9/zlib-1.1.4-sol9-sparc-local.gz ftp://ftp.sunfreeware.com/pub/freeware/sparc/9/tar-1.13.19-sol9-sparc-local.gz ftp://ftp.sunfreeware.com/pub/freeware/sparc/9/tcp_wrappers-7.6-sol9-sparc-local.gz ftp://ftp.sunfreeware.com/pub/freeware/sparc/9/cvs-1.11.5-sol9-sparc-local.gz ftp://ftp.sunfreeware.com/pub/freeware/sparc/9/gcc-3.2.2-sol9-sparc-local.gz ftp://ftp.sunfreeware.com/pub/freeware/sparc/9/bzip2-1.0.1-sol9-sparc-local.gz The CD also contains a script to stop services that are not necessary. After this reboot the server and it is ready. GISP Installation og konfigurationshåndbog Side 6 af 23

4.1.3 Smoothwall Installation af SmoothWall ver. 1.0 Følgende valg tages: sprog = Dansk Installation = Cd-rom (Installationen kan ske via Http-forbindelse) Hvorefter harddisken formateres, således at hele harddisken bruges til smoothwall. Konfigurering af netvæ rk: Grønt-interface (sikkert net med klienter): Forsøg at finde (netkort) Finder selv 3com Etherlink3 Adresse: 10.5.0.1 Subnetaske: 255.255.0.0 Herefter installeres filerne Væ lg taststatur: dk Valg af tidszone: Europe/Copenhagen Væ rtsnavn: gisp2.kom.auc.dk Yderligere valg af interfacetyper: ISDN slås fra USB ADSL slås fra Netvæ rkskonfigurationstype: GREEN + ORANGE + RED Driver og kort tildelinger: Først en oversigt der viser at GREEN er sat til 3Com Etherlink III og ORANGE + RED ikke er sat. Derefter sæ ttes de andre interfaces: Først findes EtherExpress Pro der sæ ttes til ORANGE-interface Dernæ st findes Compaq Netteligent 10/100 der sæ ttes til RED-interface Adresse indstillinger: GREEN springes over, da det tidligere er konfigureret ORANGE sæ ttes til: IP: 10.2.0.1 subnetaske: 255.255.0.0 RED sæ ttes til statisk adresse (andre valg: DHCP eller PPOE) IP: 192.168.113.137 subnetaske: 255.255.255.0 Udført Adresse indstillinger. DNS og Gateway indstillinger. Primær DNS: 130.225.51.19 Sekundær DNS: 130.225.51.16 Standard Gateway: 192.168.113.1 GISP Installation og konfigurationshåndbog Side 7 af 23

DHCP server konfiguration slås til. Start adresse: 10.5.1.1 Slut adresse: 10.5.1.254 Primæ rdns: 10.5.0.1 Sekundæ r DNS: Standard lease tid (min): 60 Max. lease tid (min): 120 Domæ ne navns klaphat.biz Kodeord for root. Kodeord for setup. Denne bruger kommer direkte ind i setupprogrammet når der logges ind. Kodeord for admin. Denne bruger er dedikeret til at logge ind via det administrationsinterface der kan nås via WEB Derefter er installationen fuldført og maskinen genstarter. Efter genstart konfigureres følgende (se konfiguration i bilag 4 systembeskrivelse): WEB-proxy: Som transparent med AAU WEB-proxy Portforwarding til de forskellige tjenester bag Firewallen (se bilag 4). GISP Installation og konfigurationshåndbog Side 8 af 23

4.2 Tjenester Dette kapitel beskriver hvordan de enkelte tjenester installeres på serverne. 4.2.1 Installing bigbrother #At first the web server has to be installed and started rpm -U /install/redhat/80/redhat/rpms/httpd-2.0.40-8.i386.rpm /etc/init.d/httpd start #Preparing for the bb-binaries rpm U /install/redhat/80/redhat/rpms/compat-libstdc++-7.3-2.96.110.i386.rpm #Add the user that should run bb useradd -u 7000 -d /home/bb -m bb # as root cd /home/bb/bb<version>/install./bbconfig redhat # Enter the default recipient: [root@localhost] bb@admin.klaphat.biz # Enter CGI directory [/home/www/httpd/cgi-bin]: /var/www/cgi-bin/ # Enter web server user id [nobody]: apache # Now we have to compile the bb source, and since no c-compiler is installed on kbt we have to mount the source on install. 1 # add the following to /etc/export /home/bb install.klaphat.biz(rw) #Reload the nfs server /etc/init.d/nfs restart #change to install [root@install]# useradd -u 7000 -d /home/bb -m bb mount kbt:/home/bb /home/bb su - bb cd bb19c/src make umount /home/bb #change back to kbt [root@kbt root]# cd /home/bb/bb19c/src/ [root@kbt src]# make install #Remove the line in /etc/exports and restart the nfsserver #su to the bb user su bb #Make a symbolic link to bb<ver> from bb ln s bb19c bb #Edit bb/etc/bb-hosts # Start BigBrother bb/runbb.sh 1 Den første installation kunne have væ ret lavet direkte på install og der ville så ikke have væ ret problemmet med mgl. kompiler. Clienterne skulle så blot generes på install. GISP Installation og konfigurationshåndbog Side 9 af 23

#Generate clients to the other servers #example to generate a client to install.klaphat.biz #The server to be monitored has to be in defined in bb/etc/cc-hosts cd /home/bb/bb/install/./bbclient install.klaphat.biz This has to be done for all clients and the files moved to install:/install/bb/ After that the following commands has to be executed on the clients to install and start BB # bb_install.sh useradd -u 7000 -d /home/bb -m bb su - bb -c tar xvf /install/bb/bb-$hostname.tar su - bb -c bb/runbb.sh chmod +r /var/log/messages Efter installationen af BigBrother kan det ses at adskillige tests ikke virke (BigBrother er lilla, som betyder at der mangler test resultater.) med en ps på kbt kan ses at det er en ping kommando som hæ nger. Derfor laves en lille test af ping [bb@kbt etc]$ ping -n -c1 black PING black.klaphat.biz (10.2.5.2) from 10.2.0.4 : 56(84) bytes of data. From 10.2.0.4 icmp_seq=1 Destination Host Unreachable -c1 skulle gøre at der kun bliver testet med 1 ping, men pingen fryser og BB stopper derfor. Ved at tilføje -w 3 (en timeout på 3) kører det igen [bb@kbt etc]$ ping -n -c1 -w 3 black PING black.klaphat.biz (10.2.5.2) from 10.2.0.4 : 56(84) bytes of data. From 10.2.0.4 icmp_seq=1 Destination Host Unreachable From 10.2.0.4 icmp_seq=2 Destination Host Unreachable From 10.2.0.4 icmp_seq=3 Destination Host Unreachable --- black.klaphat.biz ping statistics --- 3 packets transmitted, 0 received, +3 errors, 100% loss, time 2000ms, pipe 3 Fejlen er tilsyneladende specifik på RedHat 8.0 (har ikke kunnet genskabe denne på andre platforme) Dette tilføjes i bb/etc/bbsys.local hvorefter Bigbrother fungerer igen GISP Installation og konfigurationshåndbog Side 10 af 23

4.2.2 MySQL MySQL master/slave opsæ tning. For at opnå en vis skalerbarhed og driftssikkerhed oprettes der en cluster med en masterserver til MySQL samt 2 slave servere. I dette eksempel bruges MySQL ver. 4.0.12. Teknikken er under stæ rk udvikling, så der kan væ re æ ndret noget i forhold til andre releases. MySQL anbefaler at der bruges version 4.x til dette, da 3.27 klart er på forsøgsbasis. Ved overgang til ver 4.1 skulle teknikken væ re stabil til produktion Master skal have slået binæ r logning til. Dette gøres med nedenstående my.cnf, som ligger i /etc my.cnf: [mysqld] server-id=2 #Unique id for hver maskine i clusteret #Skal også sættes for slaver log-bin=/var/lib/mysql/replication #Binær logning for master Binæ r logning er ikke nødvendig for en slave, men ved overgang til master skal den slås til. På masteren gives følgende rettigheder: grant replication slave on *.* to repl@'%' identified by 'passwd'; grant reload on *.* to repl@'%' identified by 'passwd'; grant super on *.* to repl@'%' identified by 'passwd'; på slaverne køres: change master to master_host='10.2.6.2'; change master to master_user='repl'; change master to master_password='passwd'; slave start; Hvorefter data hentes fra master ved nedenstående kommando denne proces låser databasen på masteren, så ved store databaser skal det vurderes om det er hensigtsmæ ssigt. Det kan også gøre ved at man laver en eksport, samtidig med at status på logfilen findes og overføres. Under denne proces skal masteren væ re låst for skrivninger. Teoretisk set er en eksport hurtigere end en: load data from master; men der vil under alle omstæ ndigheder væ re forhindret skriveadgang til masteren. Med denne opsæ tning replikeres alle databaser og tabeller. Der kan laves specifikke replikeringer på database- eller tabelniveau. Ved ovennæ vnte opsæ tning replikeres alt hvad der laves på masteren også rettighedsdatabasen. Nye databaser og tabeller replikeres også. GISP Installation og konfigurationshåndbog Side 11 af 23

Oprettelse af database til postsystemet CREATE DATABASE postfix; # # Table structure for table alias # USE postfix; CREATE TABLE alias ( address varchar(255) NOT NULL default, goto text NOT NULL, domain varchar(255) NOT NULL default, create_date datetime NOT NULL default 0000-00-00 00:00:00, change_date datetime NOT NULL default 0000-00-00 00:00:00, active tinyint(4) NOT NULL default 1, PRIMARY KEY (address) ) TYPE=MyISAM COMMENT= Virtual Aliases - mysql_virtual_alias_maps ; # # Table structure for table domain # USE postfix; CREATE TABLE domain ( domain varchar(255) NOT NULL default, description varchar(255) NOT NULL default, create_date datetime NOT NULL default 0000-00-00 00:00:00, change_date datetime NOT NULL default 0000-00-00 00:00:00, active tinyint(4) NOT NULL default 1, PRIMARY KEY (domain) ) TYPE=MyISAM COMMENT= Virtual Domains - mysql_virtual_domains_maps ; # # Table structure for table mailbox # USE postfix; CREATE TABLE mailbox ( username varchar(255) NOT NULL default, password varchar(255) NOT NULL default, name varchar(255) NOT NULL default, maildir varchar(255) NOT NULL default, domain varchar(255) NOT NULL default, create_date datetime NOT NULL default 0000-00-00 00:00:00, change_date datetime NOT NULL default 0000-00-00 00:00:00, active tinyint(4) NOT NULL default 1, PRIMARY KEY (username) ) TYPE=MyISAM COMMENT= Virtual Mailboxes - mysql_virtual_mailbox_maps ; ###################################################################### # # Inddatering af domæner, aliases og brugere # USE postfix; INSERT INTO domain (domain,description) VALUES ('klaphat.biz','domain'); INSERT INTO mailbox (username,password,name,maildir) VALUES ( user@klaphat.biz, 12345, Mailbox User, klaphat.biz/user ); INSERT INTO alias (address,goto) VALUES ('alias@klaphat.biz', 'user@klaphat.biz'); GISP Installation og konfigurationshåndbog Side 12 af 23

Oprettelse af brugere til databasen for postserveren: grant select on postfix.* to postfix@ 10.2.3.2 identified by passwd ; grant select on postfix.* to postfix@ 10.2.3.3 identified by passwd ; grant select on postfix.* to postfix@ 10.2.1.2 identified by passwd ; grant select on postfix.* to postfix@ 10.2.1.3 identified by passwd ; Oprettelse af brugere til databasen for oprettelse af nye brugere: Denne del implementeres ikke, men på masterserveren skal der oprettes en bruger med følgende grants: grant insert, update, delete, select on postfix.mailbox to admin@'provisioneringsservere' identified by 'passwd'; GISP Installation og konfigurationshåndbog Side 13 af 23

4.2.3 Courier 4.2.3.1 Generating Courier rpm For at lette installationen af courier laves en række rpm filer. Proceduren for brug af rpmbuild kan ses i Driftshåndbog. (Til Courier bruges proceduren for tar filer.) Nedenfor gennemgås forløbet med at finde afhængigheder og kompilere courier At first we try to compile courier out of the box [install@install install]$ rpmbuild ta courier/courier-imap-1.7.1.tar.bz2 error: Failed build dependencies: openssl-devel is needed by courier-imap-1.7.1-1.8.0 gdbm-devel is needed by courier-imap-1.7.1-1.8.0 pam-devel is needed by courier-imap-1.7.1-1.8.0 fam-devel is needed by courier-imap-1.7.1-1.8.0 postgresql-devel is needed by courier-imap-1.7.1-1.8.0 openldap-devel is needed by courier-imap-1.7.1-1.8.0 openldap-servers is needed by courier-imap-1.7.1-1.8.0 as the error message says some other files are needed before courier can be compiled so we added these to the system. (Including those needed by the needed.) [root@install root]# rpm Uvh /install/redhat/80/redhat/rpms/openssl-devel-0.9.6b-29.i386.rpm warning: /install/redhat/80/redhat/rpms/openssl-devel-0.9.6b-29.i386.rpm: V3 DSA 1:openssl-devel ########################################### [100%] [root@install root]# rpm Uvh /install/redhat/80/redhat/rpms/gdbm-devel-1.8.0-18.i386.rpm warning: /install/redhat/80/redhat/rpms/gdbm-devel-1.8.0-18.i386.rpm: V3 DSA 1:gdbm-devel ########################################### [100%] root@install root]# rpm Uvh /install/redhat/80/redhat/rpms/pam-devel-0.75-40.i386.rpm warning: /install/redhat/80/redhat/rpms/pam-devel-0.75-40.i386.rpm: V3 DSA 1:pam-devel ########################################### [100%] [root@install root]# rpm Uvh /install/redhat/80/redhat/rpms/fam-devel-2.6.8-4.i386.rpm warning: /install/redhat/80/redhat/rpms/fam-devel-2.6.8-4.i386.rpm: V3 DSA error: Failed dependencies: fam = 2.6.8 is needed by fam-devel-2.6.8-4 root@install root]# rpm -Uvh /install/redhat/80/redhat/rpms/fam-* warning: /install/redhat/80/redhat/rpms/fam-2.6.8-4.i386.rpm: V3 DSA signature: NOKEY, key ID db42a60e error: Failed dependencies: xinetd >= 2.1.8.9pre15 is needed by fam-2.6.8-4 [root@install root]# rpm Uvh /install/redhat/80/redhat/rpms/xinetd-2.3.7-2.i386.rpm warning: /install/redhat/80/redhat/rpms/xinetd-2.3.7-2.i386.rpm: V3 DSA 1:xinetd ########################################### [100%] [root@install root]# rpm -Uvh /install/redhat/80/redhat/rpms/fam-* warning: /install/redhat/80/redhat/rpms/fam-2.6.8-4.i386.rpm: V3 DSA signature: NOKEY, key ID db42a60e 1:fam ########################################### [ 50%] 2:fam-devel ########################################### [100%] [root@install root]# rpm Uvh /install/redhat/80/redhat/rpms/postgresql-devel-7.2.2-1.i386.rpm warning: /install/redhat/80/redhat/rpms/postgresql-devel-7.2.2-1.i386.rpm: V3 DSA GISP Installation og konfigurationshåndbog Side 14 af 23

error: Failed dependencies: postgresql-libs = 7.2.2 is needed by postgresql-devel-7.2.2-1 [root@install root]# rpm Uvh /install/redhat/80/redhat/rpms/postgresql-libs-7.2.2-1.i386.rpm warning: /install/redhat/80/redhat/rpms/postgresql-libs-7.2.2-1.i386.rpm: V3 DSA 1:postgresql-libs ########################################### [100%] [root@install root]# rpm Uvh /install/redhat/80/redhat/rpms/postgresql-devel-7.2.2-1.i386.rpm warning: /install/redhat/80/redhat/rpms/postgresql-devel-7.2.2-1.i386.rpm: V3 DSA 1:postgresql-devel ########################################### [100%] [root@install root]# rpm Uvh /install/redhat/80/redhat/rpms/openldap-devel-2.0.25-1.i386.rpm warning: /install/redhat/80/redhat/rpms/openldap-devel-2.0.25-1.i386.rpm: V3 DSA 1:openldap-devel ########################################### [100%] [root@install root]# rpm Uvh /install/redhat/80/redhat/rpms/openldap-servers-2.0.25-1.i386.rpm warning: /install/redhat/80/redhat/rpms/openldap-servers-2.0.25-1.i386.rpm: V3 DSA 1:openldap-servers ########################################### [100%] So now we should be ready to compile Courier [install@install install]$ rpmbuild ta courier/courier-imap-1.7.1.tar.bz2 ar cru libgdbmobj.a gdbmobj.o gdbmobj2.o gdbmobj3.o ranlib libgdbmobj.a Compiling testgdbm.c./../depcomp: line 414: exec: g++: not found make[2]: *** [testgdbm.o] Error 127 Well we also need g++ to compile the courier source code. [root@install root]# rpm Uvh /install/redhat/80/redhat/rpms/gcc-c++-3.2-7.i386.rpm warning: /install/redhat/80/redhat/rpms/gcc-c++-3.2-7.i386.rpm: V3 DSA 1:gcc-c++ ########################################### [100%] Testing that g++ is ready to use [root@install root]# which g++ /usr/bin/g++ Ok then we are ready to generate the rpm files [install@install install]$ rpmbuild ta courier/courier-imap-1.7.1.tar.bz2 This generated the following files install@install install]$ ls -l /install/rpm_build/rpms/i386/ -rw-rw-r-- 1 install install 325419 Apr 18 23:45 courier-imap-1.7.1-1.8.0.i386.rpm -rw-rw-r-- 1 install install 33497 Apr 18 23:45 courier-imap-ldap-1.7.1-1.8.0.i386.rpm -rw-rw-r-- 1 install install 114978 Apr 18 23:45 courier-imap-mysql-1.7.1-1.8.0.i386.rpm -rw-rw-r-- 1 install install 31532 Apr 18 23:45 courier-imap-pgsql-1.7.1-1.8.0.i386.rpm Of these we are going to use courier-imap-1.7.1-1.8.0.i386.rpm and courier-imap-mysql-1.7.1-1.8.0.i386.rpm on the pop3 / imap servers GISP Installation og konfigurationshåndbog Side 15 af 23

4.2.3.2 Installing Courier [root@apollo root]# rpm Uvh /install/rpm_build/rpms/i386/courier-imap-1.7.1-1.8.0.i386.rpm error: Failed dependencies: libfam.so.0 is needed by courier-imap-1.7.1-1.8.0 using rpmfind.net to find the needed file, shows that we have to install fam- 2.6.8-4.i386.rpm (Sounds right since this one was also needed when compiling the source) [root@apollo root]# rpm Uvh /install/redhat/80/redhat/rpms/fam-2.6.8-4.i386.rpm warning: /install/redhat/80/redhat/rpms/fam-2.6.8-4.i386.rpm: V3 DSA error: Failed dependencies: xinetd >= 2.1.8.9pre15 is needed by fam-2.6.8-4 [root@apollo root]# rpm Uvh /install/redhat/80/redhat/rpms/xinetd-2.3.7-2.i386.rpm warning: /install/redhat/80/redhat/rpms/xinetd-2.3.7-2.i386.rpm: V3 DSA signature: NOKEY, key ID db42a60e 1:xinetd ########################################### [100%] [root@apollo root]# rpm Uvh /install/redhat/80/redhat/rpms/fam-2.6.8-4.i386.rpm warning: /install/redhat/80/redhat/rpms/fam-2.6.8-4.i386.rpm: V3 DSA 1:fam ########################################### [100%] [root@apollo root]# rpm Uvh /install/rpm_build/rpms/i386/courier-imap-1.7.1-1.8.0.i386.rpm 1:courier-imap ########################################### [100%] [letager@install letager]$ ssh root@pop00 rpm Uvh /install/rpm_build/rpms/i386/courier-imap-mysql- 1.7.1-1.8.0.i386.rpm root@pop00's password: Preparing... ################################################## courier-imap-mysql ################################################## ---------------- courier-mysql - ------------------------------- Based on the above an installation script is made for fast and easy courier installation. # courier_install.sh rpm -Uvh /install/redhat/80/redhat/rpms/xinetd-2.3.7-2.i386.rpm rpm -Uvh /install/redhat/80/redhat/rpms/fam-2.6.8-4.i386.rpm rpm -Uvh /install/rpm_build/rpms/i386/courier-imap-1.7.1-1.8.0.i386.rpm rpm -Uvh /install/rpm_build/rpms/i386/courier-imap-mysql-1.7.1-1.8.0.i386.rpm Testing that this script works [letager@install letager]$ ssh root@pop01 /install/installscripts/courier_install.sh warning: /install/redhat/80/redhat/rpms/xinetd-2.3.7-2.i386.rpm: V3 DSA Preparing... ################################################## xinetd ################################################## warning: /install/redhat/80/redhat/rpms/fam-2.6.8-4.i386.rpm: V3 DSA signature: NOKEY, key ID db42a60e Preparing... ################################################## fam ################################################## Preparing... ################################################## courier-imap ################################################## Preparing... ################################################## courier-imap-mysql ################################################## GISP Installation og konfigurationshåndbog Side 16 af 23

4.2.3.3 Sqwebmail Same exercise to build the sqwebmail rpm s [install@install install]$ rpmbuild ta courier/courier_tar/sqwebmail-3.5.1.tar.bz2 error: Failed build dependencies: expect is needed by sqwebmail-3.5.1-1.8.0 [root@install root]# rpm Uvh /install/redhat/80/redhat/rpms/expect-5.38.0-74.i386.rpm warning: /install/redhat/80/redhat/rpms/expect-5.38.0-74.i386.rpm: V3 DSA error: Failed dependencies: libtcl.so.0 is needed by expect-5.38.0-74 libtk.so.0 is needed by expect-5.38.0-74 [root@install root]# rpm Uvh /install/redhat/80/redhat/rpms/tcl-8.3.3-74.i386.rpm warning: /install/redhat/80/redhat/rpms/tcl-8.3.3-74.i386.rpm: V3 DSA 1:tcl ########################################### [100%] [root@install root]# rpm Uvh /install/redhat/80/redhat/rpms/expect-5.38.0-74.i386.rpm warning: /install/redhat/80/redhat/rpms/expect-5.38.0-74.i386.rpm: V3 DSA error: Failed dependencies: libtk.so.0 is needed by expect-5.38.0-74 [root@install root]# rpm Uvh /install/redhat/80/redhat/rpms/tk-8.3.3-74.i386.rpm warning: /install/redhat/80/redhat/rpms/tk-8.3.3-74.i386.rpm: V3 DSA 1:tk ########################################### [100%] [root@install root]# rpm Uvh /install/redhat/80/redhat/rpms/expect-5.38.0-74.i386.rpm warning: /install/redhat/80/redhat/rpms/expect-5.38.0-74.i386.rpm: V3 DSA 1:expect ########################################### [100%] [install@install install]$ rpmbuild ta courier/courier_tar/sqwebmail-3.5.1.tar.bz2 Giving the script to install sqwebmail. # sqwebmail_install.sh rpm -Uvh /install/redhat/80/redhat/rpms/httpd-2.0.40-8.i386.rpm rpm -Uvh /install/redhat/80/redhat/rpms/tcl-8.3.3-74.i386.rpm rpm -Uvh /install/redhat/80/redhat/rpms/tk-8.3.3-74.i386.rpm rpm -Uvh /install/redhat/80/redhat/rpms/expect-5.38.0-74.i386.rpm rpm -Uvh /install/rpm_build/rpms/i386/sqwebmail-3.5.1-1.8.0.i386.rpm rpm -Uvh /install/rpm_build/rpms/i386/sqwebmail-mysql-3.5.1-1.8.0.i386.rpm GISP Installation og konfigurationshåndbog Side 17 af 23

4.2.4 Postfix We also generate rpm files for Postfix, but here we are using the spec. file procedure. We base this guide on the howto that can be found on http://postfix.wl0.org/en/building-rpms/ At first install the postfix source rpm -Uvh postfix-2.0.7-4.src.rpm Go to the source, disable ldap and enable mysql cd /usr/src/redhat/sources/ export POSTFIX_MYSQL=1 export POSTFIX_LDAP=0 Ready to compile postfix [install@install SOURCES]$ sh postfix-build This gives the following output Building postfix... Creating Postfix spec file: /usr/src/redhat/specs/postfix.spec Checking rpm database for distribution information... - if the script gets stuck here: check and remove /var/lib/rpm/ db.00? files Distribution is: redhat-8.0 adding MySQL support (www.mysql.com MySQL* packages) to spec file -ba: unknown option (Due to a change in rpm, it can no longer be used to build rpm-files instead rpmbuild has to used.) edit /usr/src/redhat/sources/postfix-build change rpm -ba postfix.spec to rpmbuild -ba postfix.spec Ready to try again [install@install redhat]$ sh SOURCES/postfix-build Building postfix... Creating Postfix spec file: /usr/src/redhat/specs/postfix.spec Checking rpm database for distribution information... - if the script gets stuck here: check and remove /var/lib/rpm/ db.00? files Distribution is: redhat-8.0 adding MySQL support (www.mysql.com MySQL* packages) to spec file error: Failed build dependencies: MySQL-shared is needed by postfix-2.0.7-4.mysql.rh8 MySQL-devel is needed by postfix-2.0.7-4.mysql.rh8 zlib-devel is needed by postfix-2.0.7-4.mysql.rh8 GISP Installation og konfigurationshåndbog Side 18 af 23

Needed dependencies are collected and installed rpm -U zlib-devel-1.1.4-4.i386.rpm wget http://mirrors.sunsite.dk/mysql/downloads/mysql-4.0/mysql-devel-4.0.12-0.i386.rpm wget http://mirrors.sunsite.dk/mysql/downloads/mysql-4.0/mysql-shared-4.0.12-0.i386.rpm [root@install RPMS]# rpm U /install/mysql/mysql-4.0/mysql-devel-4.0.12-0.i386.rpm warning: /install/mysql/mysql-4.0/mysql-devel-4.0.12-0.i386.rpm: V3 DSA signature: NOKEY, key ID 5072e1f5 [root@install RPMS]# rpm U /install/mysql/mysql-4.0/mysql-shared-4.0.12-0.i386.rpm warning: /install/mysql/mysql-4.0/mysql-shared-4.0.12-0.i386.rpm: V3 DSA signature: NOKEY, key ID 5072e1f5 And now postfix can be compiled without errors 4.2.4.1 Postfix files are placed in config files in /etc/postfix/ commands in /usr/sbin/ daemons in /usr/libexec/postfix/ newaliases and mailq in /usr/bin/ aliases file in /etc/postfix/ spool queue in /var/spool/postfix/ documentation in /usr/share/doc/postfix-<version> 4.2.4.2 Installing postfix Til Installation af postfix bruges flg. script. # postfix_install.sh killall sendmail mkdir /root/sendmail-old cp /etc/aliases /root/sendmail-old/ cp /etc/sendmail.cf /root/sendmail-old/ cp /etc/sendmail.cw /root/sendmail-old/ cp /etc/mail/* /root/sendmail-old/ rpm -e sendmail sendmail-doc sendmail-cf --nodeps useradd -u 4000 -s /sbin/nologin -d /home/postfix postfix groupadd -g 4001 postdrop rpm -Uvh /install/mysql/mysql-shared-3.23.54a-1.i386.rpm rpm -Uvh /install/generated_rpms/postfix-2.0.7-4.mysql.rh8.i386.rpm GISP Installation og konfigurationshåndbog Side 19 af 23

4.2.5 ntpdate Ntpdate installeres med flg script (afhæ ngigheder fundet ved samme princip som tidligere vist) # ntpdate_install.sh rpm -Uvh /install/redhat/80/redhat/rpms/libcap-1.10-12.i386.rpm rpm -Uvh /install/redhat/80/redhat/rpms/ntp-4.1.1a-9.i386.rpm /usr/sbin/ntpdate mcenroe.control.auc.dk Herefter opdateres tiden 1 gang pr. time crontab på install vha af flg. linie 5 * * * * /install/update.sh /usr/sbin/ntpdate mcenroe.control.auc.dk /install/update.sh er et lille script som ssh til root på alle serverne og udfører den efterflg. kommando (i dette tilfæ lde /usr/sbin/ntpdate mcenroe.control.auc.dk) 4.2.6 mrtg mrtg installeres med dette script. # mrtg_install.sh rpm -Uvh /install/redhat/80/redhat/rpms/gd-1.8.4-9.i386.rpm rpm -Uvh /install/redhat/80/redhat/rpms/perl-cgi-2.81-55.i386.rpm rpm -Uvh /install/redhat/80/redhat/rpms/perl-uri-1.21-3.noarch.rpm rpm -Uvh /install/redhat/80/redhat/rpms/mrtg-2.9.17-8.i386.rpm GISP Installation og konfigurationshåndbog Side 20 af 23

5 Konfiguration Dette kapitel gennemgår de forskellige applikationernes konfigurationsfiler samt hvilke æ ndringer der er foretaget i disse. 5.1 Courier Konfigurationsfilerne er som standard placeret i /usr/lib/courier-imap/etc/ authdaemonrc imapd pop3d-ssl imapd.cnf pop3d authmysqlrc pop3d.cnf quotawarnmsg imapd-ssl I authdaemonrc æ ndres til at bruge mysql. authmodulelist="authmysql authpam" I authmysqlrc opsæ ttes forbindelse til mysql databasen #DEFAULT_DOMAIN klaphat.biz MYSQL_CLEAR_PWFIELD clear #MYSQL_CRYPT_PWFIELD password MYSQL_DATABASE postfix MYSQL_GID_FIELD 4000 MYSQL_HOME_FIELD /data/maildir MYSQL_LOGIN_FIELD username MYSQL_MAILDIR_FIELD maildir MYSQL_NAME_FIELD name MYSQL_OPT 0 MYSQL_PASSWORD MII20031 MYSQL_SERVER obelix MYSQL_UID_FIELD 4000 MYSQL_USERNAME postfix MYSQL_USER_TABLE mailbox Herudover er det meget anvendeligt at æ ndre debug level i pop3d og imapd under fejlfinding 5.2 SQWebmail SQWebmails konfigurationsfiler er som standard placeret i /usr/local/share/sqwebmail/ Da sqwebmail kommer fra samme kilde som courier kan konfigurationsfilerne fra denne genbruges. authdaemonrc authldaprc authpgsqlrc authmysqlrc ldapaddressbook GISP Installation og konfigurationshåndbog Side 21 af 23

5.3 Postfix Postfixs konfigurationsfiler er som standard placeret i /etc/postfix/*.cf main.cf master.cf mysql_virtual_alias_maps.cf mysql_virtual_domains_maps.cf mysql_virtual_mailbox_maps.cf I main.cf opsæ ttes brugen af de andre konfigurationsfiler (flg er æ ndret / tilføjet til en std. opsæ tning) virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_gid_maps = static:4000 virtual_mailbox_base = /data/maildir/ virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_mailbox_limit = 51200000 virtual_transport = virtual virtual_uid_maps = static:4000 mysql_virtual_alias_maps.cf giver forbindelsen til alias tabellen. user = postfix password = MII20031 hosts = obelix dbname = postfix table = alias select_field = goto where_field = address mysql_virtual_domains_maps.cf giver forbindelsen til domain tabellen user = postfix password = MII20031 hosts = obelix dbname = postfix table = domain select_field = description where_field = domain mysql_virtual_mailbox_maps.cf giver forbindelsen til mailbox tabellen user = postfix password = MII20031 hosts = obelix dbname = postfix table = mailbox select_field = maildir where_field = username GISP Installation og konfigurationshåndbog Side 22 af 23

5.4 Bigbrother Bigbrothers konfigurationsfiler er placeret i $HOME/bb/etc/ ($HOME = bb brugerens hjemmekatalog.) Her findes flg konfigurationsfiler bb-hosts bbsys.local bbwarnrules.cfg bbwarnsetup.cfg I bb-hosts indsæ ttes de servere som skal indgå i overvågningen. 10.2.0.2 sentinel.klaphat.biz # ssh 10.2.0.4 kbt.klaphat.biz # BBPAGER BBNET BBDISPLAY ssh http://kbt.klaphat.biz 10.2.0.3 install.klaphat.biz # ssh http://install.klaphat.biz 10.2.1.2 opti.klaphat.biz # ssh smtp 10.2.1.3 sirius.klaphat.biz # ssh smtp 10.2.2.2 ariane.klaphat.biz # ssh http://ariane.klaphat.biz 10.2.2.3 minimira.klaphat.biz # ssh http://minimira.klaphat.biz 10.2.3.2 apollo.klaphat.biz # ssh pop3 imap 10.2.3.3 mira.klaphat.biz # ssh pop3 imap 10.2.5.2 black.klaphat.biz # ssh 10.2.5.3 space.klaphat.biz # ssh 10.2.6.2 ceasar.klaphat.biz # ssh 10.2.6.3 asterix.klaphat.biz # ssh 10.2.6.4 obelix.klaphat.biz # ssh På redhat 8.0 skal ping parameter som tidligere næ vnt rettes i bbsys.local (-w3 tilføjes) PINGPAR1=" -n -c1 -w3" 5.5 mrtg vha cfgmaker laves konfigurationsfil til mrtg. I denne konfigurationsfil skal workdir rettes til at afspejle web-serverens dokument dir f.eks. WorkDir: /var/www/html/mrtg/ mrtg kaldes med ovennæ vnte konfigurationsfil fra crontab på install ved at flg line er indsat (gøres med crontab e) */5 * * * * ssh root@kbt /usr/bin/mrtg /root/mrtg/3com.mrtg > /dev/null 5.6 nfs På space tilføjes flg. linie i /etc/exports /data 10.2.0.0/16(rw,sync) På frontends indsæ ttes i /etc/fstab space:/data /data nfs defaults 0 0 herefter genstartes nfsserver/klient og filsystemet skulle væ re klart på frontendserverne GISP Installation og konfigurationshåndbog Side 23 af 23