Install:
apt-get install openssh-server
(enable ssh)
apt-get install open-vm-tools htop vnstat net-tools ntp locate
If this is a virtual machine disable SMBus:
echo blacklist i2c_piix4 >> /etc/modprobe.d/blacklist.conf
update-initramfs -u -k all
nano /etc/hosts
127.0.0.1 localhost.localdomain localhost
nano /etc/apt/sources.list
deb http://ftp.us.debian.org/debian/ stretch main contrib non-free deb-src http://ftp.us.debian.org/debian/ stretch main contrib non-free deb http://security.debian.org/debian-security stretch/updates main contrib non-free deb-src http://security.debian.org/debian-security stretch/updates main contrib non-free
(just add: “contrib non-free” to the end of existing entries)
apt-get update
dpkg-reconfigure dash
Select no
reboot
apt-get install postfix postfix-mysql postfix-doc mariadb-client mariadb-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-lmtpd sudo
mysql_secure_installation
nano /etc/postfix/master.cf
remove comments on
submission inet n
smtps inet n – y – – smtpd
service postfix restart
nano /etc/mysql/mariadb.conf.d/50-server.cnf
add comment on:
#bind-address
check other steps???
apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl libdbd-mysql-perl postgrey
service spamassassin stop
systemctl disable spamassassin
apt-get -y install apache2 apache2-doc apache2-utils libapache2-mod-php php7.0 php7.0-common php7.0-gd php7.0-mysql php7.0-imap phpmyadmin php7.0-cli php7.0-cgi libapache2-mod-fcgid apache2-suexec-pristine php-pear php7.0-mcrypt mcrypt imagemagick libruby libapache2-mod-python php7.0-curl php7.0-intl php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-tidy php7.0-xmlrpc php7.0-xsl memcached php-memcache php-imagick php-gettext php7.0-zip php7.0-mbstring memcached libapache2-mod-passenger php7.0-soap
a2enmod suexec rewrite ssl actions include dav_fs dav auth_digest cgi headers
nano /etc/apache2/conf-available/httpoxy.conf
<IfModule mod_headers.c>
RequestHeader unset Proxy early
</IfModule>
a2enconf httpoxy
service apache2 restart
cd /usr/local/bin wget https://dl.eff.org/certbot-auto chmod a+x certbot-auto ./certbot-auto --install-only
apt-get -y install php7.0-fpm
a2enmod actions proxy_fcgi alias
service apache2 restart
apt-get -y install php7.0-opcache php-apcu
service apache2 restart
apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool
openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 2048
nano /etc/default/pure-ftpd-common
VIRTUALCHROOT=true
echo 1 > /etc/pure-ftpd/conf/TLS
mkdir -p /etc/ssl/private/
(this creates a self signed)
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
chmod 600 /etc/ssl/private/pure-ftpd.pem
nano /etc/fstab
rrors=remount-ro,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 0 1
mount -o remount / quotacheck -avugm quotaon -avug
apt-get install bind9 dnsutils haveged webalizer awstats geoip-database libclass-dbi-mysql-perl libtimedate-perl
nano /etc/cron.d/awstats
comment out all
apt-get install build-essential autoconf automake libtool flex bison debhelper binutils
cd /tmp wget http://olivier.sessink.nl/jailkit/jailkit-2.20.tar.gz tar xvfz jailkit-2.20.tar.gz cd jailkit-2.20 echo 5 > debian/compat ./debian/rules binary
cd .. dpkg -i jailkit_2.20-1_*.deb rm -rf jailkit-2.20*
apt-get install fail2ban
nano /etc/fail2ban/jail.local
[pure-ftpd] enabled = true port = ftp filter = pure-ftpd logpath = /var/log/syslog maxretry = 3 [dovecot] enabled = true filter = dovecot logpath = /var/log/mail.log maxretry = 5 [postfix-sasl] enabled = true port = smtp filter = postfix-sasl logpath = /var/log/mail.log maxretry = 3
service fail2ban restart
apt-get install ufw roundcube roundcube-core roundcube-mysql roundcube-plugins
nano /etc/roundcube/config.inc.php
$config['default_host'] = 'localhost'; $config['smtp_server'] = 'localhost';
nano /etc/apache2/conf-enabled/roundcube.conf
Alias /webmail /var/lib/roundcube
cd /tmp wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz tar xfz ISPConfig-3-stable.tar.gz cd ispconfig3_install/install/
php -q install.php
creates smtpd.key
‘localhost.key? followup
mysql -u root -p
CREATE USER 'admin'@'%' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON *.* TO 'admin'@'%' WITH GRANT OPTION; quit;
email spf check:
apt-get install postfix-policyd-spf-python
nano /etc/postfix/main.cf
add the end of smtpd_recipient_restrictions
check_policy_service unix:private/policy-spf
add at end of file
policy-spf_time_limit = 3600s
nano /etc/postfix/master.cf
add at end:
policy-spf unix - n n - - spawn user=nobody argv=/usr/bin/policyd-spf
/etc/init.d/postfix reload
enable spamassign update:
nano /etc/cron.daily/spamassassin
Replace SSL (self-signed) with signed certificate:
PureFTP:
nano /etc/ssl/private/pure-ftpd.pem
Mail Services:
nano /etc/postfix/smtpd.cert nano /etc/postfix/smtpd.key
ISP Config CP:
nano /usr/local/ispconfig/interface/ssl/ispserver.crt nano /usr/local/ispconfig/interface/ssl/ispserver.csr nano /usr/local/ispconfig/interface/ssl/ispserver.key
Farsightedness hyperopia is the opposite of nearsightedness cheap priligy
buy priligy tablets Roth; 4 Hydroxytamoxifen Induces Autophagic Death through K Ras Degradation