RedHat 7.0 Install
Set BIOS to boot from CD-ROM.
Install Linux 7.0 Disk #1
Installing to 8 GB hard drive.
Mouse not detected: use text mode
Installation Type: Custom
fdisk
/dev/hda - Samsung
hda1    Linux ext2    /boot    47M    Set with bootable flag
hda2    Linux ext2    /           7750M
hda3    swap            swap    265M
hdb1    Linux ext2    /bootc   47M    Set with bootable flag
hdb2    RAID,fd        /            7750M
hdb3    swap            swap    265M

Note hdb1 is mounted to bootc instead of boot and hdb2 has RAID type.

Lilo config
Where to install boot loader? hda Master Boot Record (MBR)

Network
Uncheck DHCP
IP 192.168.1.99
SM 255.255.255.0
GW 192.168.1.1
DNS 192.168.1.24 < Fix this after install.
 
 

cd /etc
vi resolv.conf
nameserver 216.148.227.68
nameserver 204.127.202.4

FTP
mkdir config
cd config
# transfer etc, scripts, service, var directories to the new machine in my account.

# make software directory
mkdir software
# Copy all of the software to this directory

# As root on the Linux server, create a directory for the source files
cd
mkdir source



# Add users

groupadd arthur
useradd -g arthur arthur
passwd arthur



# Apache http web server
cd /etc/httpd/conf
ServerName www.schoenke.com >> httpd.conf
/etc/rc.d/init.d/httpd restart

# Allow Group and Other read and execute access to everyone's folders so that the public_html directory can be read.
chmod go+rx *

# Create public_html folders
cd /home
for i in tom dottie doug tyler
do
mkdir $i/public_html
chown -R $i:$i /home/$i/public_html
done

# FTP  \tyler\tyler\webpage folder to my account on Linux server

# As root, set up homepage
cd /var/www/html/
mv index.html index.html.orig
cp ~tyler/config/webpage/* .
su - tyler
mv webpage/tyler public_html



Install newer version of apache
cd ~/source
tar zxf ~tyler/httpd-2.0.40.tar.gz
cd httpd-2.0.40/
./configure
make
make install

cd /usr/local/apache2/conf
cp -p httpd.conf httpd.conf.orig
vi httpd.conf

# In apache config file /etc/httpd/conf/httpd.conf

vi /usr/local/apache2/conf/httpd.conf
ServerName www.schoenke.com

DocumentRoot "/var/www/html"

<Directory "/var/www/html">

ErrorLog /var/log/httpd/error_log

CustomLog /var/log/httpd/access_log common

# Allow all IP addresses to be used for a Name based Virtual Host
NameVirtualHost *

<VirtualHost *>
ServerName www.schoenke.com
DocumentRoot /var/www/html
</VirtualHost>

<VirtualHost mail.schoenke.com>
ServerName mail.schoenke.com
DocumentRoot /var/www/cgi-bin/sqwebmail
</VirtualHost>

# Start up Apache
/usr/local/apache2/bin/apachectl start



# Virus scan for email

# Install Trend command line virus scanner
cd
cd source
mkdir filescan
cd filescan/
tar xvf ~tyler/software/filescanlinux.tar
# modify isinst to accept redhat version 7 instead of 6
vi isinst
%s/release 6/release 7/g
# Install
./isinst

# Download latest Linux scan engine
# http://www.antivirus.com/download/engines/#isvw
# Backup scan engine
cd /etc/iscan/
mv libvsapi.so libvsapi.so.orig
# extract to /etc/iscan
cd /etc/iscan/
tar zxvf ~tyler/software/vsapi6150rh.tar.Z

# Download latest Linux pattern file for pc-cillin
# http://www.antivirus.com/download/pattern.asp
# extract to /etc/iscan
cd /etc/iscan/
mkdir oldpattern
mv lpt\$vpn.518 oldpattern/
tar xvf ~tyler/software/ptn289.tar

# Restart virus scanner
/etc/rc.d/init.d/iscanhttpd restart

# Configure
lynx localhost:1812/interscan
# username: admin
#password: admin
# Turn off scan of local computer /home directory.  We are not storing any files on the Linux machine.  We only want to scan email.
config | scan configuration | scheduled scan
turn off enable scheduled scan and click apply
# Change auto-download of new pattern files to weekly instead of monthly.
config | scheduled update
update weekly

Add cron entry if the script did not install it.
0 * * * * /etc/iscan/prescan.cgi >/dev/null 2>&1" >> /tmp/istmp_cron



# Install qmail

# Open ports 25, 110, and 113 on firewall for qmail SMTP and POP3
# 25 25 both 99 SMTP
# 110 110 both 99 POP3
# 113 113 both 99 AUTH for mail authentication

# Install qmail to replace sendmail and qpopper
cd
tar zxvf ~tyler/software/qmail-1.03.tar.gz
cd qmail-1.03/

# Follow instructions in INSTALL file.
#1. Create the qmail home directory:
mkdir /var/qmail

# 2. Read INSTALL.ids. You must set up the qmail group and the qmail users before compiling the programs.
groupadd nofiles
useradd -g nofiles -d /var/qmail/alias alias
useradd -g nofiles -d /var/qmail qmaild
useradd -g nofiles -d /var/qmail qmaill
useradd -g nofiles -d /var/qmail qmailp
groupadd qmail
useradd -g qmail -d /var/qmail qmailq
useradd -g qmail -d /var/qmail qmailr
useradd -g qmail -d /var/qmail qmails

# Add users for family members
# The following command has not been tested.
for i in tom dottie doug
do groupadd $i
useradd -g $i -d /home/$i $i
done

# set password for each user
passwd username

# 3. Compile the programs and create the qmail directory tree:
make setup check

#  4. Read INSTALL.ctl and FAQ. Minimal survival command:
# ./config
./config-fast schoenke.com

# 5. Read INSTALL.alias. Minimal survival command:
# (cd ~alias; touch .qmail-postmaster .qmail-mailer-daemon .qmail-root)
# chmod 644 ~alias/.qmail*
(cd ~alias; touch .qmail-abuse .qmail-virusalert .qmail-postmaster .qmail-mailer-daemon .qmail-root)
chmod 644 ~alias/.qmail*
 

# 6. Read INSTALL.mbox and INSTALL.vsm.

# 7. Read INSTALL.maildir.
# For each user do the following commands
for i in tom dottie doug tyler
do
maildirmake /home/$i/Maildir
echo ./Maildir/ > /home/$i/.qmail
chown -R $i:$i /home/$i/.qmail /home/$i/Maildir
done
 

# 8. Copy /var/qmail/boot/home (or proc) to /var/qmail/rc.
cp -p /var/qmail/boot/home /var/qmail/rc

# To test qmail deliveries (won't interfere with sendmail):
# 9. Enable deliveries of messages injected into qmail:
csh -cf '/var/qmail/rc &'
# Check to see that qmail started
tail /var/log/maillog

# 10. Read TEST.deliver.
# Send self a test message
echo to: tyler | /var/qmail/bin/qmail-inject

#  Local-error test: Send a message to a nonexistent local address.
echo to: nonexistent | /var/qmail/bin/qmail-inject

# Local-postmaster test: Send mail to postmaster, any capitalization.
# Look for the message in the alias mailbox, normally ~alias/Mailbox.
echo to: POSTmaster | /var/qmail/bin/qmail-inject

# Double-bounce test: Send a message with a completely bad envelope.
/var/qmail/bin/qmail-inject -f nonexistent
To: unknownuser
Subject: testing

This is a test. This is only a test.
# (Use CTRL-D (end-of-file), not dot, to end the message.) Look for the double bounce in the alias mailbox.
 

# Disable sendmail
/etc/rc.d/init.d/sendmail stop
cd /etc/rc.d/init.d/
mv sendmail sendmail.bak

ls -l /usr/sbin/sendmail*
# -r-sr-xr-x    1 root     root       401748 Aug 22  2000 /usr/sbin/sendmail
chmod 0 /usr/sbin/sendmail
 

# (Skip?) Disable binmail
# Not sure why this needs to be disabled.
# ls -l /bin/mail
# -rwxr-xr-x    1 root     mail        67740 Aug 24  2000 /bin/mail

# Setup qmail to auto start
# created /etc/rc.d/init.d/qmail
# copied to my tyler/linux/etc/rc.d/init.d directory
cp ~tyler/config/etc/rc.d/init.d/qmail /etc/rc.d/init.d/
chmod +x /etc/rc.d/init.d/qmail

cd /etc/rc.d/init.d
ln -s ../init.d/qmail ../rc0.d/K30qmail
ln -s ../init.d/qmail ../rc1.d/K30qmail
ln -s ../init.d/qmail ../rc2.d/S80qmail
ln -s ../init.d/qmail ../rc3.d/S80qmail
ln -s ../init.d/qmail ../rc4.d/S80qmail
ln -s ../init.d/qmail ../rc5.d/S80qmail
ln -s ../init.d/qmail ../rc6.d/K30qmail

# Get mail from aliases account

# Add RELAY for specific hosts
# /var/qmail/control/rcpthosts. If qmail-send is running, give it a HUP
# (or do svc -h /var/run/qmail if qmail is supervised).

# Install ucspi-tcp
# http://cr.yp.to/ucspi-tcp/install.html
# http://cr.yp.to/qmail/faq/servers.html#tcpserver-smtpd
cd
tar zxvf ~tyler/software/ucspi-tcp-0.88.tar.gz
cd ucspi-tcp-0.88/
make
make setup check

# Install checkpasswd
cd
tar zxvf ~tyler/software/checkpassword-0.90.tar.gz
cd checkpassword-0.90
make
make setup check

Simulate a failed POP login:

     # /var/qmail/bin/qmail-popup blah /bin/checkpassword pwd
     +OK <...@blah>
     user Frodo
     +OK
     pass Friend
     -ERR authorization failed

# Simulate a successful POP login, using a correct account name and password instead of Frodo and Friend. You should see the account's home directory.

# Simulate a successful POP login again, with id instead of pwd. You should see the account's uid and gid.

# Set up qmail-smtpd to run via tcpserver instead of xinetd.  This means that all xintetd controlled processes have to be spawned a different way.

# files copied to tyler/linux/tcpserver

# Install qmail-conf (third party program) to launch daemons automatically (pop3d, smtp, telnet, ftp, etc.) in their tcpserver wrappers.

# Install daemon tools
# http://cr.yp.to/daemontools/install.html
cd
mkdir -p /package
chmod 1755 /package
cd /package
tar zxpvf ~tyler/software/daemontools-0.76.tar.gz
cd admin/daemontools-0.76
package/install

# Start up service script automatically.
# This script will auto start all tcpserver scripts located under /service directory.
# Copy the scripts from tyler/linux/service directory on PC.
cp -R ~tyler/config/service/* /service
chmod a+x /service/*/run

# The following is taken care of by the installation of one daemontools or some other package that adds a line for svscan to /etc/inittab
# Script location /etc/rc.d/init.d/service
#cp ~tyler/config/etc/rc.d/init.d/service /etc/rc.d/init.d/
#chmod +x /etc/rc.d/init.d/service
#cd /etc/rc.d/
#ln -s ../init.d/service rc0.d/K30service
#ln -s ../init.d/service rc1.d/K30service
#ln -s ../init.d/service rc2.d/S80service
#ln -s ../init.d/service rc3.d/S80service
#ln -s ../init.d/service rc4.d/S80service
#ln -s ../init.d/service rc5.d/S80service
#ln -s ../init.d/service rc6.d/K30service
 

Install
# Set up control files for tcpserver
cp -R ~tyler/config/etc/tcpcontrol/ /etc

# Copy files to this directory from tyler/linux/etc/tcpcontrol
cd /etc/tcpcontrol
tcprules ftp.cdb ftp.tmp < ftp
tcprules smtp.cdb smtp.tmp < smtp
tcprules pop3d.cdb pop3d.tmp < pop3d
tcprules telnet.cdb telnet.tmp < telnet

# The smtp file is set to allow access to the world to send in smtp messages.   It selectively opens smtp relaying for specific clients (me, mom and dad, doug,
localhost)
# The pop3d file is set to deny access to the world.  It allows access only to specific clients.
#  The ftp and telnet deny access to everyone and allow access for a few clients.

# Once you are 100% CERTAIN that the tcprules are correct, shut down xinetd
# If you are wrong, you will be unable to FTP, telnet, POP3 or SMTP into the machine.
cd /etc/rc.d/init.d/
mv xinetd xinetd.bak

REBOOT



# Install email virus scanner
# Amavis perl didn't work, so installing qmail-scanner as interface for virus
# scanning
cd
tar zxf ~tyler/software/qmail-scanner-1.10.tgz
cd qmail-scanner-1.10/

# Install Berkeley DB (prereq)
cd
tar zxvf ~tyler/software/db-4.0.14.tar.gz
cd db-4.0.14/
cd build_unix
../dist/configure
make
make install

# Install DB_File (prereq)
cd
tar zxvf ~tyler/software/DB_File-1.802.tar.gz
cd DB_File-1.802/
# Fix the location of BerkeleyDB with the following substitute
sed -e s/BerkeleyDB/BerkeleyDB.4.0/g config.in > config.in.new
mv config.in config.in.orig
mv config.in.new config.in
perl Makefile.PL
make
make test
make install

# Install Time::HiRes
perl -MCPAN -e shell
install MD5
install Bundle::CPAN ( use Configure -d  or -d &)
reload cpan
install Time::HiRes

# Install Maildrop for the reformime piece
cd
tar zxvf ~tyler/software/maildrop-1.3.7.tar.gz
cd maildrop-1.3.7/
./configure
make
make install-strip
make install-man

# Install unzip from Redhat 7.0 CD#1
mount /mnt/cdrom
rpm -Uvh /mnt/cdrom/RedHat/RPMS/unzip-5.41-3.i386.rpm

# Back to the qmail-scanner install
cd
cd qmail-scanner-1.10/
./configure
./configure --install
cd contrib
make
make install
./test_installation.sh -doit

# Remember to copy quarantine-attachments.txt to /var/spool/qmailscan and then run "qmail-scanner-queue.pl -g" to generate DB version.
cd ..
cp quarantine-attachments.txt /var/spool/qmailscan
/var/qmail/bin/qmail-scanner-queue.pl -g
 

#Install the qmailqueue patch to allow setting the QMAILQUEUE environment variable
cd
cd qmail-1.03/
cp ~tyler/software/qmailqueuepatch .
patch --dry-run Makefile < qmailqueuepatch
patch  Makefile < qmailqueuepatch
make clean
# Shut down all qmail processes before running next command
/etc/rc.d/init.d/qmail stop
killall -9 svscan supervise tcpserver

make setup check

# Start qmail back up
 /etc/rc.d/init.d/qmail start

# Start up svscan supervise tcpserver
/command/svscanboot &

vi /var/qmail/bin/qmail-scanner-queue.pl
# Change the following lines to have the virusalert@schoenke.com alias
cd /var/qmail/bin/
sed -e s/V_FROM=\'root@mail/V_FROM=\'virusalert@schoenke.com/g \
-e s/QUARANTINE_CC=\'root@mail/QUARANTINE_CC=\'virusalert@schoenke.com/g \
qmail-scanner-queue.pl > qmail-scanner-queue.pl.new
# replace the qmail-scanner-queue.pl while keeping file permissions
cp -p qmail-scanner-queue.pl qmail-scanner-queue.pl.orig
cp qmail-scanner-queue.pl.new qmail-scanner-queue.pl

#Change the following lines in qmail-scanner-queue.pl to remove the reply to the sender.  Wiith the forged email headers, it ends up just bouncing every email message anyway.

#my $NOTIFY_ADDRS='sender,admin';
my $NOTIFY_ADDRS='admin';

vi /service/smtp/run
# Add this line
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue" export QMAILQUEUE

# Restart email (reboot) to get the aliases to take effect

              ****** FINAL TEST ******

Please log into the "qmaild" account  and run
/var/qmail/bin/qmail-scanner-queue.pl -g

If you see the error "Can't do setuid", or "Permission denied", then
refer to the FAQ.

(e.g.  "setuidgid qmaild "/var/qmail/bin/qmail-scanner-queue.pl -g"
or "su qmaild -c "/var/qmail/bin/qmail-scanner-queue.pl -g")
 

That's it! To report success:

   % (echo 'First M. Last'; cat SYSDEF)|mail jhaar-s4vstats@crom.trimble.co.nz
Replace First M. Last with your name.
 
 

# TTS stop here

ls -l /var/qmail/bin/qmail-scanner-queue.pl
-rwsr-xr-x    1 qmailq   qmail       50754 Feb  2 20:27 /var/qmail/bin/qmail-scanner-queue.pl
[root@mail qmail-scanner-1.10]#
chmod 0755 /var/qmail/bin/qmail-scanner-queue.pl
 

cd /var/qmail/bin
vi qmail-scanner-queue.pl
Change #!/usr/bin/suidperl to #!/usr/bin/perl

cd ~/qmail-scanner-1.10/
./contrib/test_installation.sh  -doit

/var/qmail/bin/qmail-scanner-queue.pl -z

cd /var/spool/qmailscan/
chown qmailq:qmail qmail-scanner-queue-version.txt
chmod ug+rw qmail-scanner-queue-version.txt
chmod o-r qmail-scanner-queue-version.txt
chown qmailq:qmail quarantine-attachments.db

/var/qmail/bin/qmail-scanner-queue.pl -g

cd ~/qmail-scanner-1.10/
./contrib/test_installation.sh  -doit

# Set up the virusalert alias
touch ~alias/.qmail-virusalert
# Add my email address.  Put an & before the username as follows: &youremail@hostname.com
# Man the dot-qmail manual page for more info on the format of the alias files.
echo \&youremail@hostname.com > ~alias/.qmail-virusalert
 



# Install NTP clock sync program for Linux
cd
tar zxvf ~tyler/software/ntp-4.1.1a.tar.gz
cd ntp-4.1.1a/

tar zxvf ~tyler/software/ntp-4.1.0.tar.gz
cd ntp-4.1.0/
./configure
make
make check
make install

# Open port 123 on firewall to linux PC for NTP traffic

# Copy the ntp startup into /etc/rc.d/init.d/
cp ~tyler/config/etc/rc.d/init.d/ntpd /etc/rc.d/init.d/
chmod +x /etc/rc.d/init.d/ntpd
ln -s /etc/rc.d/init.d/ntpd /etc/rc.d/rc3.d/S86ntpd
ln -s /etc/rc.d/init.d/ntpd /etc/rc.d/rc2.d/K14ntpd

# Create needed directories
mkdir /var/lib/ntp
mkdir /var/log/ntpstats
# copy the /etc/ntpd.conf
cp ~tyler/config/etc/ntpd.conf /etc/ntpd.conf

# Start ntpd
/etc/rc.d/init.d/ntpd start



# Zone update for IP address changes
# Run these commands to update

# Crontab format
# 1. minute of the hour, 00 to 59
# 2. hour of the day, 00 to 32 (military time)
# 3. day of the month, 1 to 31
# 4. month of the year, 1 to 12
# 5. day of the week, sun, mon, tue,....
# 6. actual command to execute
# an asterisk that matches all possible values,
# a single integer that matches that exact value,
# a list of integers separated by commas (no spaces)used to match any one of the values
# two integers separated by a dash (a range)used to match any value within the range.

# Add entry for crontab to run script hourly
0 * * * * /var/zoneclient/zoneclient.script >/dev/null 2>&1

cd /var
mkdir zoneclient
cd zoneclient/
cp ~tyler/config/var/zoneclient/zoneclient.py.txt .
chmod +x zoneclient.py.txt
mv zoneclient.py.txt zoneclient.py
# FTP tyler\linux\root\zoneclient\zoneclient.script
# Update password in this file if it has been changed.
cp ~tyler/config/var/zoneclient/zoneclient.script .
chmod +x zoneclient.script 



# Install spamassassin
cd
tar zxvf ~tyler/software/Mail-SpamAssassin-2.20.tar.gz
cd Mail-SpamAssassin-2.20/

#     If you want to use SpamAssassin for local delivery to a qmail or
#    MailDir spool, and you do *not* want to use procmail for some reason,
#    you will need to install the Mail::Audit module, and any modules it
#    requires (there's lots of them, unfortunately).   This is no longer
#    recommended.

perl -MCPAN -e shell
   o conf prerequisites_policy ask
   install Mail::SpamAssassin
   install HTTP::Date
   install Net::DNS
   install Mail::Audit
   install Net::SMTP
   install Mail::Internet
   quit
 

# Test it:
spamassassin -t < sample-nonspam.txt > nonspam.out
spamassassin -t < sample-spam.txt > spam.out
 

From http://qmail-scanner.sourceforge.net/FAQ.php
How do I configure/install SpamAssassin?. Does this look like the SpamAssassin web site? Seriously, you must be comfortable with running any of
     these content-scanning systems before you look at running Qmail-Scanner - it cannot magically make things work for you. Remember; SpamAssassin is
     only detected correctly if it is running in daemon-mode (spamd). Besides that, it's up to you how you want to run it. I'd recommend not running it in the
     default mode, where it alters all messages that it thinks are spam - that will annoy too many users. Don't forget Qmail-Scanner is there messing
     around with all mail into AND OUT OF your site!!! Don't embarrass yourself!!! I'd recommend the following settings for

# Copy local.cf from tyler/config/etc/mail/spamassassin/
vi /etc/mail/spamassassin/local.cf

# Add/Change the following:
skip_rbl_checks 1
required_hits 7
auto_report_threshold 30
rewrite_subject 0
report_header 1
use_terse_report 1
defang_mime 0
skip_rbl_checks 1

...and then run it as "/usr/bin/spamd -F 0 -L -x -u nobody"

     Why? Those settings stops SpamAssassin from altering the message in a way the user will see; they will have to know about the added headers in order
     to act (better: it should be the users choice - IMHO). Secondly, disable RBL checks as you should have done them earlier (i.e via rblsmtpd or the likes).
     Finally, never forget the "-F 0" option. Without it, you will CORRUPT EVERY SINGLE MESSAGE.

# Remake qmail scanner per instructions above.

# Fix and install startup script
cd spamd/
sed -e 's/daemon spamd -d -c -a/daemon spamd -d -F 0 -L -x -u nobody/g' redhat-rc-script.sh > spamassassin
chmod +x spamassassin
cp spamassassin  /etc/rc.d/init.d/
cd /etc/rc.d/init.d
ln -s ../init.d/spamassassin ../rc6.d/S55spamassassin
ln -s ../init.d/spamassassin ../rc5.d/S55spamassassin
ln -s ../init.d/spamassassin ../rc4.d/S55spamassassin
ln -s ../init.d/spamassassin ../rc3.d/S55spamassassin
ln -s ../init.d/spamassassin ../rc2.d/S55spamassassin
ln -s ../init.d/spamassassin ../rc1.d/S55spamassassin
ln -s ../init.d/spamassassin ../rc1.d/K55spamassassin



# Install rblsmtpd which is part of ucspi-tcp-0.88
# http://cr.yp.to/ucspi-tcp/rblsmtpd.html
# http://web.greens.org/about/software/dnsbl.shtml

# Modify the /service/smtp/run script

#QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" export QMAILQUEUE
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue" export QMAILQUEUE
#QMAILQUEUE="/var/qmail/bin/qmail-queue" export QMAILQUEUE
exec \
/usr/local/bin/tcpserver\
 -x/etc/tcpcontrol/smtp.cdb -v\
 -u qmaild -g nofiles 192.168.1.99 smtp\
 rblsmtpd -r relays.ordb.org \
 rblsmtpd -r relays.osirusoft.com \
 /var/qmail/bin/qmail-smtpd >> /var/log/rblsmtpd.log 2>&1 | /var/qmail/bin/splogger smtpd 3

# Skip the log rotate so that the spam_firewall_block script can tail the rblsmtpd.log file
# Update /etc/logrotate.d/syslog to rotate rblsmtpd.log
# put something like the following into that file
#/var/log/messages {
#    postrotate
#        /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
#    endscript
#}
 



# Install Razor
# http://razor.sourceforge.net/
cd
tar zxvf ~tyler/software/razor-agents-1.20.tar.gz
cd razor-agents-1.20/
perl Makefile.PL
make
make test
make install

perl -MCPAN -e shell
install Net::Ping
install Net::DNS
install Time::HiRes
install Digest::SHA1
install Mail::Internet
quit



# Install Webalizer

cd
cd source/
tar zxvf ~tyler/software/webalizer-2.01-10-src.tgz
cd webalizer-2.01-10/
./configure --enable-dns
# Change db.h to db1/db.h in the following two files
vi dns_resolv.c
vi webalizer.c
make
make install

#usage
cd /var/www/html/
mkdir webalizer
cd webalizer/
webalizer /var/log/httpd/access_log

# Copy script over from tyler\linux\var\scripts
# Add crontab entry to run daily at 01:00
* 1 * * * /var/scripts/webalizer_script >/dev/null 2>&1

# Cache DNS to IP addresses
 for i in /var/log/*/access_log*; do   webazolver -N 20 -D dns_cache.db $i; done
 


# Install web email program
# Install Sqwebmail web interface for qmail

# (prerequisite) Install Postgresql devel from Redhat 7.0 CD#1
mount /mnt/cdrom
rpm -Uvh /mnt/cdrom/RedHat/RPMS/postgresql-devel-7.0.2-17.i386.rpm
# It appears to already be installed

cd ~/source/
tar zxvf ~tyler/software/sqwebmail-3.3.4.tar.gz
cd sqwebmail-3.3.4/
./configure  --without-authpgsql
make configure-check
make

# To avoid getting this error, run the configure with the above parameter.
# Getting the following error on make
#make[1]: Entering directory #`/root/source/sqwebmail-3.3.4/authlib'
#gcc -DHAVE_CONFIG_H -I. -I. -I.     -g -O2 -Wall -I.. -I./.. -c authpgsql.c
#In file included from authpgsql.c:19:
#authpgsql.h:8:29: libpq-fe.h: No such file or directory
#make[1]: *** [authpgsql.o] Error 1
#make[1]: Leaving directory #`/root/source/sqwebmail-3.3.4/authlib'
#make: *** [all-recursive] Error 1

# The following command works to finish the make
make CC="gcc -I/usr/include/pgsql" all

#gcc -I/usr/include/pgsql -DHAVE_CONFIG_H -I. -I. -I.     -g -O2 -Wall -I.. -I./.
. -c maildir.c
#maildir.c: In function `showsize':
#maildir.c:196: Internal error: Segmentation fault.
#Please submit a full bug report.

# Reissued previous make command and it continued without problems. - Weird.  I think there is bad RAM in this machine.

#More failures.  Upgraded a lot of the Perl stuff, and it completed without problems

make check
make install-strip       # Do a make install if this doesn't work
make install-configure   # Install configuration files.
make install-man

# Create /etc/pam.d/webmail file with following information
touch /etc/pam.d/webmail
echo "#%PAM-1.0" >> /etc/pam.d/webmail
echo "auth    required  /lib/security/pam_pwdb.so shadow nullok" >> /etc/pam.d/webmail
echo "account required  /lib/security/pam_pwdb.so" >> /etc/pam.d/webmail

# Create authdaemonrc file
# cd /usr/local/share/sqwebmail/
# cp authdaemonrc.dist authdaemonrc

# Start up the auth modules
/usr/local/share/sqwebmail/libexec/authlib/authdaemond start

You must now create the following cron job that runs at
regular intervals:

su -c "/usr/local/share/sqwebmail/cleancache.pl" bin
-----------------------------------------------------------
(note - your su command may use slightly different arguments)
----------------------------------------------------------------------------
You must now set up the following command to run at system boot:

/usr/local/share/sqwebmail/libexec/authlib/authdaemond start

# Create script to start these automatically on reboot
cd /etc/rc.d/init.d/
cp ~tyler/config/etc/rc.d/init.d/authdaemond .
chmod a+x authdaemond
ln -s /etc/rc.d/init.d/authdaemond /etc/rc.d/rc3.d/S86authdaemond
ln -s /etc/rc.d/init.d/authdaemond /etc/rc.d/rc2.d/K14authdaemond

In /usr/local/share/sqwebmail/ there is a file authdaemonrc .  Initially, it contained a line:

authmodulelist="authcustom authuserdb authldap authmysql authpam"
I changed it to:
authmodulelist="authpam"

Restart authdaemon
/usr/local/share/sqwebmail/libexec/authlib/authdaemond stop
/usr/local/share/sqwebmail/libexec/authlib/authdaemond start
 

# Perl is having problems.  Try reinstalling from source.
# Download stable.tar.gz from http://www.perl.com/

rm -f config.sh Policy.sh
sh Configure -de
make
make test
make install
 

## SKIP THIS because I got it working with the C wrapper instead of suidperl
# Make suidperl version 5.6.1 for the qmail-scanner program
make suidperl
cd /usr/bin
mv suidperl suidperl.bak
cd -
cp suidperl /usr/bin
chgrp qmail /usr/bin/suidperl
chmod 7710 /usr/bin/suidperl
chmod 4710 /usr/bin/suidperl


# Mirror hard drive
You can only use this method on RAID levels 1 and above. The idea is to install a system on a disk which is purposely marked as failed in the RAID, then
copy the system to the RAID which will be running in degraded mode, and finally making the RAID use the no-longer needed ``install-disk'', zapping the old
installation but making the RAID run in non-degraded mode.
# Create /etc/raidtab

vi /etc/raidtab
-----------------
raiddev            /dev/md0
          raid-level                  1
          nr-raid-disks               2
          chunk-size                  64k
          persistent-superblock       1
          nr-spare-disks      0
              device          /dev/hdb2
              raid-disk       0
              device          /dev/hda2
              failed-disk     1

Note that hda2 is listed as a failed disk because it contains the good data right now.  We are creating a blank RAID filesystem on hdb2.

mkfs /dev/md0

4.Now we can actually create these raid sets, and make filesystems on them:

               mkraid /dev/md0
I had to use
mkraid --really-force /dev/md0
because I had created a previous raid structure on that disk
               mkfs /dev/md0

# Next we mount them up somewhere:
mkdir /mnt/newroot
mount /dev/md0 /mnt/newroot
umount /bootb
mkdir /mnt/newroot/boot
mount /dev/hdb1 /mnt/newroot/boot

# Shut down most of the processes so that files are not open during the copy
./apmd stop
   43  ./atd stop
   44  ./crond stop
   45  ./gpm stop
   46  ./httpd stop
   47  ./keytable stop
   48  ./lpd stop
   49  ./syslog stop
   50  ./xfs stop
   51  ps aux
   52  ./identd stop
   53  ls
   54  grep getty *
   55  ps aux
   56  ./xinetd stop
   57  ./sendmail stop
   58  ./sshd stop
   59  ls
   60  ./rhnsd stop

# Copy the data from our current system onto the new "broken" raid disk.  We are moving everything to the raid disk, then we will destroy the original "hda".
(cd /; tar clf - .) | (cd /mnt/newroot; tar xf -)

kill klogd (so you can unmount /boot) if it hasn't been done already.

# Next, we fix /mnt/newroot/etc/fstab
   4.edit /etc/fstab, and mount /dev/hda1 on /boota and /dev/hdc1 on /bootc.
umount /boot
umount /mnt/newroot/boot
copy the /boot partition to the other drive
dd if=/dev/hda1 of=/dev/hdb1
mount /dev/hdb1 /mnt/newroot/boot
 
 

and /mnt/newroot/etc/lilo.conf to list our root as /dev/md0, tc.
cd /mnt/newroot/etc/
cp -p lilo.conf lilo.conf.orig

   5.Make a lilo.conf for your second drive:
cp lilo.conf lilo.conf.hdb
vi lilo.conf.hdb
change
             boot=/dev/hda
     to
             boot=/dev/hdb
             disk=/dev/hdb
                 bios=0x80

   6.then you can actually run LILO once for each disk, each with its own lilo.conf, and its own /boot partition:

             ln -s /boota /boot
             lilo -C /etc/lilo.conf
             rm /boot
             ln -s /bootc /boot
             lilo -C /etc/lilo.conf.hdc

And now both disks are bootable.

Note that you need to repeat this procedure any time you need to do a mkinitrd, or need to rerun LILO, or one of your boot partitions may not work when/if
you need it.
 
 

        8.Finally, we run lilo from the chroot area, and reboot

               cd /mnt/newroot
               chroot . /sbin/lilo
               reboot

        9.Now when the system comes back up, we should have /md0 as root, etc. with failed partitions listed on /dev/hda. Now we need to use fdisk to
          change the partition types to 0xfd on the /dev/hda drive and possibly add a /boot partition, if it doesn't have one.

# Turn off failed in /etc/raidtab

# Once our partitions match up with the ones on /dev/hdc, we can add them into the raid sets:

raidhotadd /dev/md0 /dev/hda2

              ...

          Note: Double-check that you are adding the right partitions with raidhotadd, as it will let you add partitions not mentioned in /etc/raidtab...

          The system will be a little slow for a while as the mirror sets synch up. You can cat /proc/mdstat to see how the resynch is proceeding.
     Once the mirrors have synchronized, you can now proceed with the "Configuring LILO" section, above.



# Block Code Red and Nimda probes using ipchains

# Copy script over from tyler/var/scripts/cr-snd to /var/scripts

# Set up automatic startup
# Copy code-red-snd from tyler/etc/rc.d/init.d/ to /etc/rc.d/init.d
cd /etc/rc.d/
ln -s ../init.d/code-red-snd ../rc0.d/K30code-red-snd
ln -s ../init.d/code-red-snd ../rc1.d/K30code-red-snd
ln -s ../init.d/code-red-snd ../rc2.d/S80code-red-snd
ln -s ../init.d/code-red-snd ../rc3.d/S80code-red-snd
ln -s ../init.d/code-red-snd ../rc4.d/S80code-red-snd
ln -s ../init.d/code-red-snd ../rc5.d/S80code-red-snd
ln -s ../init.d/code-red-snd ../rc6.d/K30code-red-snd


# See how many sites were blocked
grep ': 451 ' /var/log/rblsmtpd*|wc -l
   6259

# See how many open relays were blocked
grep 'open relay' /var/log/rblsmtpd*|wc -l
    119

# See how many sites that were blocked because of being blacklisted
grep ': 451 ' /var/log/rblsmtpd*|grep -v "open relay"|wc -l
   6140

# Filter out IP addresses
grep ': 451 ' /var/log/rblsmtpd*|grep -v "open relay"|cut -d
' ' -f2|wc -l
   6143

# How many unique 'class C' subnets are these spam emails coming from?
[root@mail /root]# grep ': 451 ' /var/log/rblsmtpd*|grep -v "open relay"|cut -d
 ' ' -f2|sort|cut -d'.' -f 1-3|sort|uniq|wc -l
   62

# Roughly a 100 spam messages per class C subnet.

# Figure out distribution
grep ': 451 ' /var/log/rblsmtpd*|grep -v "open relay"|cut -d ' ' -f2|sort
|cut -d'.' -f 1-3|sort > tts
grep ': 451 ' /var/log/rblsmtpd*|grep -v "open relay"|cut -d ' ' -f2|sort |cut -d'.' -f 1-3|sort|uniq > tts1

for i in `cat tts1` ; do grep $i tts| wc -l; done
      1
      1
      1
      5
      1
      1
      1
     14
      1
      1
     21
     27
     16
      2
      4
     32
    119
     12
      1
      1
      1
      1
     26
      3
      2
      7
      8
      1
     10
     20
      1
      1
     23
     11
     13
      1
      1
     47
      6
      9
   4246
      3
    157
      1
     21
     33
      8
     49
      7
      1
      1
      2
    151
      2
    507
    360
     76
     65
      1
      4
     10
      1

Interesting distribution.  Some sites only one spam message, all the way up to 4246 spam messages.

grep ': 451 ' /var/log/rblsmtpd*|grep -v "open relay"|cut -d ' ' -f2|sort|uniq|wc -l
    303

# This shows that there were 303 unique IP addresses that sent spam from the 62 class C subnets.

# Need to create a filter to block these IP addresses.
# Since there are only 62 subnets, using a range is the most reasonable approach.

# View the log without all of the virus entries.
cat /var/log/httpd/access_log |egrep -v "scripts|msadc|_mem_|_vti|system32|root.exe|default.ida" |less

# Need to find the smallest and largest number in each subnet and block everything in between.

# Block azogle
ipchains -I input 1 -p tcp --dport 25 -s 66.197.140/255.255.255.0 -j DENY
ipchains -I input 1 -p tcp --dport 25 -s 66.197.170/255.255.255.0 -j DENY
# Block mx2.dnsvr.com
ipchains -I input 1 -p tcp --dport 25 -s 207.228.253.52 -j DENY



# Add spam_firewall_block to end of rc.local
vi /etc/rc.d/rc.local
/var/scripts/spam_firewall_block -live