setup-config-debian-bullseye
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
setup-config-debian-bullseye [2022/07/20 22:54] – admin | setup-config-debian-bullseye [2022/07/24 15:18] (current) – admin | ||
---|---|---|---|
Line 47: | Line 47: | ||
#or symlink into / | #or symlink into / | ||
</ | </ | ||
+ | |||
+ | === Apache authentication htpasswd === | ||
+ | Within a vhost, add: | ||
+ | < | ||
+ | < | ||
+ | Order Allow,Deny | ||
+ | Allow from all | ||
+ | AuthName " | ||
+ | AuthType Basic | ||
+ | AuthUserFile / | ||
+ | require valid-user | ||
+ | Allow from 127.0.0.1 | ||
+ | </ | ||
+ | </ | ||
+ | To create a htpasswd file: | ||
+ | < | ||
+ | htpasswd -c / | ||
+ | </ | ||
+ | |||
+ | === Apache HTTPS Secure ssl === | ||
+ | Self Signed Cert | ||
+ | < | ||
+ | make-ssl-cert generate-default-snakeoil | ||
+ | |||
+ | < | ||
+ | |||
+ | ServerAdmin webmaster@localhost | ||
+ | DocumentRoot / | ||
+ | |||
+ | ErrorLog ${APACHE_LOG_DIR}/ | ||
+ | CustomLog ${APACHE_LOG_DIR}/ | ||
+ | |||
+ | SSLEngine on | ||
+ | SSLCertificateFile | ||
+ | SSLCertificateKeyFile / | ||
+ | < | ||
+ | SSLOptions +StdEnvVars | ||
+ | </ | ||
+ | < | ||
+ | SSLOptions +StdEnvVars | ||
+ | </ | ||
+ | </ | ||
+ | </ | ||
+ | Ref: / | ||
===== MySQL migrations ===== | ===== MySQL migrations ===== | ||
Line 65: | Line 109: | ||
apt-get install screen | apt-get install screen | ||
dpkg-reconfigure tzdata | dpkg-reconfigure tzdata | ||
+ | apt-get install fail2ban | ||
+ | apt-get install links | ||
+ | </ | ||
+ | ==== chkrootkit ==== | ||
+ | < | ||
+ | apt-get install chkrootkit | ||
+ | vi / | ||
+ | #change to: | ||
+ | RUN_DAILY=" | ||
+ | RUN_DAILY_OPTS=" | ||
+ | DIFF_MODE=" | ||
+ | |||
+ | vi / | ||
+ | #add | ||
+ | root: | ||
+ | |||
+ | #then run the following to take effect: | ||
+ | newaliases | ||
+ | |||
+ | Now the user will get nightly emails with chkrootkit report. | ||
+ | |||
+ | </ | ||
+ | |||
+ | |||
</ | </ | ||
Line 190: | Line 258: | ||
</ | </ | ||
+ | ===== Mail Server Setup ===== | ||
+ | Followed [[postfix_smtp]] which was mostly OK and still accurate (updated portions of this page at same time for debian bullseye. ) | ||
+ | Also followed [[courier_imaps_server_-_maildir]] again, mostly which was OK (updated this wiki page at the same time for debian bullseye.) | ||
+ | |||
+ | See final Postfix config -> [[postfix_smtp# | ||
+ | |||
+ | ==== Secure smtpd using Postfix and sasl ==== | ||
+ | Debian bullseye had a lot set by default and changed a lot since [[secure_outgoing_smtp_via_postfix_courier_tls_and_sasl]] | ||
+ | |||
+ | * Ref1: http:// | ||
+ | * Ref2: https:// | ||
+ | |||
+ | < | ||
+ | apt-get install libsasl2-modules, | ||
+ | #postfix and the first will most likely be installed. | ||
+ | |||
+ | vi / | ||
+ | #add/check | ||
+ | smtpd_tls_auth_only = yes | ||
+ | smtpd_sasl_auth_enable = yes | ||
+ | |||
+ | |||
+ | vi / | ||
+ | #enter | ||
+ | pwcheck_method: | ||
+ | mech_list: PLAIN LOGIN | ||
+ | |||
+ | |||
+ | vi / | ||
+ | #add/update to the following: | ||
+ | START=yes | ||
+ | MECHANISMS=" | ||
+ | OPTIONS=" | ||
+ | |||
+ | mkdir -p / | ||
+ | |||
+ | dpkg-statoverride --add root sasl 710 / | ||
+ | adduser postfix sasl | ||
+ | |||
+ | </ | ||
+ | |||
+ | Error message I seen in mail.log -> **/ | ||
+ | < | ||
+ | Fix: | ||
+ | chmod 755 / | ||
+ | cd / | ||
+ | touch index | ||
+ | chown courier index | ||
+ | </ | ||
+ | |||
+ | === smtpd certs === | ||
+ | There was a default cert created after installing. The main locations this resides is: | ||
+ | |||
+ | / | ||
+ | |||
+ | Postfix then read these via main.cf with smtpd_tls_cert_file and smtpd_tls_key_file respectively. | ||
+ | |||
+ | It wasn't self signed, so I said I'd use the imapd.pem cert at / | ||
+ | |||
+ | NOTE: May not be the best way, but worked. | ||
+ | |||
+ | < | ||
+ | mv / | ||
+ | mv / | ||
+ | |||
+ | cp / | ||
+ | vi / | ||
+ | #edit and only have | ||
+ | -----BEGIN CERTIFICATE----- | ||
+ | .. | ||
+ | -----END CERTIFICATE----- | ||
+ | |||
+ | cp / | ||
+ | vi / | ||
+ | #edit and have | ||
+ | -----BEGIN PRIVATE KEY----- | ||
+ | ... | ||
+ | -----END PRIVATE KEY----- | ||
+ | |||
+ | Restart postfix etc. | ||
+ | |||
+ | Note: Thunderbird does NOT like self-signed certs [[courier_imaps_server_-_maildir# | ||
+ | You can get it working, but it'll take time. If you get errors, most likely its thunderbird, | ||
+ | |||
+ | </ | ||
setup-config-debian-bullseye.1658357673.txt.gz · Last modified: 2022/07/20 22:54 by admin