Links e Comandos do Vídeo

Links

• MobaXterm
• Random.org
• Artigo ISPConfig

Comandos

sudo -s

# verificar a versão do linux
cat /etc/issue

# atualizar e fazer uma limpeza nos pacotes
apt-get update && apt-get upgrade && apt-get dist-upgrade
apt-get autoremove
apt-get autoclean
apt-get clean

# utilitário de descompactação
apt-get install unzip

# configurar linguagens do sistema
dpkg-reconfigure locales

# mudar o shell para usar bash
dpkg-reconfigure dash

# remover o AppArmor (para evitar problemas)
service apparmor stop
update-rc.d -f apparmor remove
apt-get remove apparmor apparmor-utils

# sincronizar o relógio com um NTP Server não é necessário para VM
apt-get -y install ntp

# remover o sendmail (para instalar o postfix)
service sendmail stop; update-rc.d -f sendmail remove

# instalar o Postfix (para email), MariaDb e outros utilitários necessários
apt-get -y install postfix postfix-mysql postfix-doc mariadb-client mariadb-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve sudo patch

# abrir as portas TLS do postfix
nano /etc/postfix/master.cf //tem que ter espaços em branco na frente dos -o..

# [...]
# submission inet n - y - - smtpd
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_tls_auth_only=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# # -o smtpd_reject_unlisted_recipient=no
# # -o smtpd_client_restrictions=$mua_client_restrictions
# #  -o smtpd_helo_restrictions=$mua_helo_restrictions
# # -o smtpd_sender_restrictions=$mua_sender_restrictions
# #  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# #  -o milter_macro_daemon_name=ORIGINATING
# smtps     inet  n       -       y       -       -       smtpd
#   -o syslog_name=postfix/smtps
#   -o smtpd_tls_wrappermode=yes
#   -o smtpd_sasl_auth_enable=yes
#   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# #  -o smtpd_reject_unlisted_recipient=no
# #  -o smtpd_client_restrictions=$mua_client_restrictions
# # -o smtpd_helo_restrictions=$mua_helo_restrictions
# #  -o smtpd_sender_restrictions=$mua_sender_restrictions
# # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# # -o milter_macro_daemon_name=ORIGINATING
# [...]

# reiniciar o postfix
service postfix restart

# liberar as portas do mysql (mariadb) (não só localhost)
nano /etc/mysql/mariadb.conf.d/50-server.cnf
# comentar bind-address = 127.0.0.1

# setar a senha do root mysql
mysql_secure_installation

# configurar o método e autenticação para nativo (para usar o phpmyadmin)
echo "update mysql.user set plugin = 'mysql_native_password' where user='root';" | mysql -u root
nano /etc/mysql/debian.cnf # informar a senha no arquivo

# adicionar essas linhas no fim do limits.conf
nano /etc/security/limits.conf
# mysql soft nofile 65535
# mysql hard nofile 65535

# criar um serviço para o mariadb (configurando os limites)
mkdir /etc/systemd/system/mysql.service.d/
nano /etc/systemd/system/mysql.service.d/limits.conf
# [Service]
# LimitNOFILE=infinity
systemctl daemon-reload
service mariadb restart

# testar o mariadb
netstat -tap | grep mysql

# vamos instalar o Apache, PHP, phpMyAdmin, SuExec, e outros utilitários
apt-get -y install apache2 apache2-doc apache2-utils libapache2-mod-php php7.4 php7.4-common php7.4-gd php7.4-mysql php7.4-imap phpmyadmin php7.4-cli php7.4-cgi libapache2-mod-fcgid apache2-suexec-pristine php-pear libruby libapache2-mod-python php7.4-curl php7.4-intl php7.4-pspell php7.4-sqlite3 php7.4-tidy php7.4-xmlrpc php7.4-xsl memcached php-memcache php-imagick php7.4-zip php7.4-mbstring php-soap php7.4-soap php7.4-opcache php-apcu php7.4-fpm libapache2-reload-perl

# habilitar os módulos do apache, ssl, suexec, rewrite ...
a2enmod suexec rewrite ssl actions include cgi alias proxy_fcgi
a2enmod dav_fs dav auth_digest headers

# desabilitar o proxy nos cabeçalhos do apache
nano /etc/apache2/conf-available/httpoxy.conf
# <IfModule mod_headers.c>
#   RequestHeader unset Proxy early
# </IfModule>
a2enconf httpoxy
# reiniciar o apache
service apache2 restart

# instalar o Let's Encrypt (para criar sites SSL)
apt-get install certbot

# instalar o mailman para criação de listas de email
apt-get -y install mailman

# instalar o PureFTPd e configurações de cota
apt-get -y install pure-ftpd-common pure-ftpd-mysql quota quotatool
nano /etc/default/pure-ftpd-common
# talvez não seja necessário:
# VIRTUALCHROOT=true

# configurar o FTP com TLS (criando um certificado SSL)...
echo 1 > /etc/pure-ftpd/conf/TLS
mkdir -p /etc/ssl/private/
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
# mudar as permissões do certificado
chmod 600 /etc/ssl/private/pure-ftpd.pem
# reiniciar o PureFTPd
service pure-ftpd-mysql restart

# configurar cotas
nano /etc/fstab
# # /etc/fstab: static file system information.
# #
# # Use 'blkid' to print the universally unique identifier for a
# # device; this may be used with UUID= as a more robust way to name devices
# # that works even if disks are added and removed. See fstab(5).
# #
# # <file system> <mount point> <type> <options> <dump> <pass>
# /dev/mapper/server1--vg-root / ext4 errors=remount-ro,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 0 1
# /dev/mapper/server1--vg-swap_1 none swap sw 0 0
# /dev/fd0 /media/floppy0 auto rw,user,noauto,exec,utf8 0 0
mount -o remount /
quotacheck -avugm
quotaon -avug

# instalar um servidor de DNS (BIND)
apt-get -y install bind9 dnsutils haveged
systemctl enable haveged
systemctl start haveged

# instalar o Vlogger, Webalizer, AWStats e o GoAccess (para estatísticas e análises)
apt-get -y install vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl
echo "deb [<https://deb.goaccess.io/>](https://deb.goaccess.io/) $(lsb_release -cs) main" | sudo tee -a /etc/apt/sources.list.d/goaccess.list
wget -O - [<https://deb.goaccess.io/gnugpg.key>](https://deb.goaccess.io/gnugpg.key) | sudo apt-key --keyring /etc/apt/trusted.gpg.d/goaccess.gpg add -
sudo apt-get update
sudo apt-get install goaccess
nano /etc/cron.d/awstats //comentar tudo

# instalar o Jailkit (para que o ispconfig possa exibir um shell de comandos)
apt-get -y install jailkit

# instalar o fail2ban e o firewall UFW (para o ispconfig monitorar tentativas de acesso)
apt-get -y install fail2ban
nano /etc/fail2ban/jail.local # definir as tentativas
# [pure-ftpd]
# enabled = true
# port = ftp
# filter = pure-ftpd
# logpath = /var/log/syslog
# maxretry = 3

# [dovecot]
# enabled = true
# filter = dovecot
# action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
# logpath = /var/log/mail.log
# maxretry = 5
# [postfix]
# enabled = true
# port = smtp
# filter = postfix
# logpath = /var/log/mail.log
# maxretry = 3
service fail2ban restart
apt-get install ufw

# instalar o Roundcube (interface para ler e enviar email)
apt-get -y install roundcube roundcube-core roundcube-mysql roundcube-plugins roundcube-plugins-extra javascript-common libjs-jquery-mousewheel php-net-sieve tinymce

# habilitar php e webmail
nano /etc/apache2/conf-enabled/roundcube.conf
# # Those aliases do not work properly with several hosts on your apache server
# # Uncomment them to use it or adapt them to your configuration
# Alias /roundcube /var/lib/roundcube
# Alias /webmail /var/lib/roundcube
# [...]
# <Directory /var/lib/roundcube>
# AddType application/x-httpd-php .php
# [...]

# reiniciar o apache
service apache2 restart

# evitar que o roundcube exiba na tela do servername
nano /etc/roundcube/config.inc.php
# $config['default_host'] = 'localhost';
# $config['smtp_server'] = 'localhost';
# $config['smtp_port'] = 25;

# instalar o ispconfig 3.2 (usando o php)! obs. o ideal é que você utilize um subdomínio já configurado
cd /tmp
wget -O ispconfig.tar.gz [<https://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz>](https://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz)
tar xfz ispconfig.tar.gz
cd ispconfig3\*/install/
php -q install.php

# liberar a porta 8080 e testar!