Since I am brand new to the Linux world and ISPConfig I have a few questions... How is the ISPCOnfig security against malicious intruders right out of the box? recommandations Should I add rules in the IPtables as well as the ISPConfig built in firewall? If so, any recommandations? how does the ISPConfig built in firewall stack up against other firewalls out there? Is there a log from the firewall that I can look at to see what is going on? Any thoughts on adding Awstats as a ISPConfig monitoring tool? Thank you for all help!
This depends on how secure your Server is configured. Do you use SuExec? Do you have PHP Safemode enabled for all sites. Does your SSHD is protected agains dictionary attacks? There are many more things that you can do to secure your server, but they are not specific to ISPConfig. ISPConfig uses the bastille firewall. Bastille is a script to configure IPTables or IPChains. Bastille is an IPTables / IPChains firewall. If you dont like it you can use any other firewall with ISPConfig. You can activate loggin in the bastille configuration under /etc/Bastille. Dont forget to change the configuration tenplate in /root/ispconfig/isp/conf/ too, if you want to add changes permanently. If someone builds an awstats extension, we will add it to ISPConfig.
AWstats is very complicated to set up - I once did it for one web site, and it's not a matter of minutes. Because it is that complex, we haven't integrated it into ISPConfig yet. But if someone comes up with a module for AWStats, we'd be happy to integrate it. For now, you can set up AWStats manually for each web site that needs it.
Thank you. As I said, I am new at this, I activated the module when I installed ISPconfig, but I guss im not using it yet... obviously since this is the second time Im hearing of it... guess I have to read up a little more.. Reason I asked about Awstats is I had it when I had the server on a windows machine.... and yes I guess it does require some more work to install... Is there something I have to to to get the webalizer to work, it seems like it is not recording any hits or visits on my web site? By the way this is a great forum, you guys are responding very quickly and to everyone also. Great Job! Thank you. Ivar
If you've set up the web site right now, you must wait some hours because Webalizer runs at 4:00 AM. If you don't have statistics afterwards, have a look at this thread: http://www.howtoforge.com/forums/showthread.php?t=562
I checked this morning but I must be overlooking something... I finally got the stats folder at weblevel, but it appears that the folder is empty. I ran the grep -i .... but did not see any error in the cron job. Do I have to create/copy the webalizer page manually? Where is it supposed to be anyway? Is it because I called my server the same as the site name?? Server blumonkey.org, site http://blumonkey.org If so what is the easiest way to change this? Thank you!
The stats where generated in the "stats" folder of the website. Are you sure that webalizer is installed on your server? Does the web.log file in the log folder of the website contains log lines from yesterday? No, this should not affect the webalizer stats. The only known complications are in the postfix setup.
Hmmm I followed the perfect setup deal for ISPConfig for Ubuntu, If it wasnt listed there then no... I havent installed webalizer.. What kind of complications in the postfix? What do I have to do to change the webserver name?
It is listed at the bottom of this page http://www.howtoforge.com/perfect_setup_ubuntu_5.10_p5 Yes, better change your server name to something like : server1.yourdomain.com". Make sure that server1.yourdomain.com exists in DNS and points to your server. Otherwise you might get the problem that when you create an catchall email account in your domain you get the emails from all other domains on your server.
Output of: PHP: which webalizer /usr/bin/webalizer I checked and it was installed, I even removed and rreinstalled. Would I have to purge something to ensure a total rremoval and if so what is the command_ PHP: grep -i cron /var/log/messages gives no messages at all and PHP: grep -i cron /var/log/syslog Does give me some messages, but noting that indicates any error Thanks again for all the help.
Yes I did, I restarted cron, but I still cant get access to http://blumonkey.org/stats/ its as if there is noting in that folder. I am asked to enter a username and password, but when doing so, all I get is an 404 page not found... maybe its something in the php on my page that causes this? I will look at that when I get home...' Thanks.
Did you also run Code: crontab -e ? What happens when you run Code: /root/ispconfig/php/php /root/ispconfig/scripts/shell/logs.php /root/ispconfig/php/php /root/ispconfig/scripts/shell/webalizer.php on the shell? Any error messages? Are stats created then?
Yes I ran the crontab -e Output from /root/ispconfig/php/php /root/ispconfig/scripts/shell/logs.php Code: Warning: readlink(): Invalid argument in /root/ispconfig/scripts/shell/logs.php on line 125 Warning: readlink(): Invalid argument in /root/ispconfig/scripts/shell/logs.php on line 125 there is no output from /root/ispconfig/php/php /root/ispconfig/scripts/shell/webalizer.php I ran it a couple of days ago and then I believe it said something in german regarding statistics... I found out that I had accisdentally transmitted an old .htaccess file that caused some issues. but now all I get is 403 Error forbidden...
Can you try to track this down as described on http://www.howtoforge.com/forums/showthread.php?t=1400&page=2 and the following pages?
I followed the suggestion in the link above, and this is what I got: /root/ispconfig/php/php /root/ispconfig/scritps/shell/logs.php Output: Code: /var/www/www.blumonkey.org Warning: readlink(): Invalid argument in /root/ispconfig/scripts/shell/logs.php on line 126 /var/www/localhost Warning: readlink(): Invalid argument in /root/ispconfig/scripts/shell/logs.php on line 126 I also added PHP: rint_r($directory_array)."\n"; print_r(dir_array($dir."/".$filename))."\n"; in the webalizer.php this gave no output when running: /root/ispconfig/php/php /root/ispconfig/scritps/shell/webalizer.php Also moved localhost, but it was recreated and there was no change.. and thats as far as I have gotten...
ls -la /var/www outputs: Code: total 32 drwxr-xr-x 8 root root 4096 2006-03-03 06:35 . drwxr-xr-x 16 root root 4096 2006-03-03 02:14 .. drwxr-xr-x 2 root root 4096 2006-02-19 18:14 apache2-default lrwxrwxrwx 1 www-data web8 13 2006-02-24 00:57 blumonkey.org -> /var/www/web8 drwxr-xr-x 3 root root 4096 2006-03-03 06:35 localhost drwxr-xr-x 2 root root 4096 2006-02-19 20:52 sharedip drwxr-xr-x 12 web8_ivar web8 4096 2006-03-03 10:59 web8 drwxr-xr-x 2 root root 4096 2006-02-19 19:57 webalizer drwxr-xr-x 3 root root 4096 2006-03-02 00:30 www.blumonkey.org
