Re: [CentOS-docs] Mail / Web server guides
On Mon, Mar 25, 2013 at 10:41:31AM -, Christian Salway wrote: Firstly, If such issues could possibly be resolved I feel these scripts would be very beneficial to many users., who better to help out with that than you by the sounds of it. I've already worked this space and have had solutions in place for such provisioning for many, many years; I was not including myself in that many users category :) Anyway, although I would love a perfect system the way CentOS org intended it, there are many reasons why I have done the scripts the way I have. Mainly because there is not always the documentation out there to be able to achieve the centos perfect result, or the packages available in the 'preferred' repos are out-of-date, so people like me find the 'best' solution they can. But the point is... your solution leaves one wide-open for security problems down the road from 1) lack of policy enforcement and 2) unpackaged solutions that will, more than likely, end up missing some updates down the line. Especially when you are talking about such poor codebases as phpmyadmin with sarcasmit's absolutely stellar record of no security issues/sarcasm. selinux I'm all about security but there just isn't any good documentation for managing selinux! That's patently untrue. If there was, SELINUX would still be enabled. For instance, how to allow selinux to let pureftp and apache share the same files, show me a simple guide on that! You mean like the one on the centos wiki or any of the documentation provided by Redhat and Fedora? Here's a list of links to get you started: http://wiki.centos.org/HowTos/SELinux http://wiki.centos.org/TipsAndTricks/SelinuxBooleans http://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/ http://fedorasolved.org/security-solutions/selinux-module-building http://centoshelp.org/security/selinux-common-commands-troubleshooting There are, of course, many, many additional resources. Really... this endless loop I hear about lack of documentation might have been true a number of years ago but it is not the case, nor has it been the case for quite some time. perl-File-Scan-ClamAV I used http://wiki.apache.org/spamassassin/ClamAVPlugin to interact ClamAV and spamassassin which mentions File::Scan::ClamAV but which wasn't available in the repositories I had chosen, so clicking on the link took me to cpan, which I then found a way to automate the install off. I see no reason why it wasn't a good way of doing it as you get the latest version and it's only an add-on module to perl. And it's unpackaged, therefore rpm/yum know absolutely nothing about it which may well lead to conflicts down the road. There is also the it's unpackaged so therefore it may well lack in applied updates issue. While _you_ may well be disciplined enough to check for and apply updates as necessary, the people that would be relying on your scripts may not be as disciplined - cookie cutter solutions such as _packaged_ applications are a better fit for most. perl-File-Scan-ClamAV is in rpmforge. If you are unhappy with the version they offer and you are willing to maintain it yourself then you can use cpanspec or cpan2rpm and create a binary rpm package; this process will use the sources available from cpan and build up an arch (i386/x86_64) or noarch binary package as necessary. phpmyadmin What is so wrong about downloading the latest html files direct from the developers website? Nothing is 'installed' into the system and the repositories rarely have the latest version. You are basically asking the CentOS uses to stay in the dark from new and improved versions of software until you 'have the time' to add them to the repositories! Because latest != greatest. Oh! Shiny! isn't generally worth the trouble that comes with it. And phpmyadmin is a very good example. The versions in rpmforge/epel are tested and vetted which is more than can be said for phpmyadmin itself. And I am not asking users to do anything except understand what an enterprise system is and how to work with it instead of against it. It's your box, do with it as you please. But when you are writing solutions for others it's best to stay with Best Practice for the platform. UTC timezone The timezone script was for simplicity with my setup only and can obviously be removed. Although I'm sure a half-witted donkey can figure out how to change it. That's not the point. You are making a change to someone else's box that may have significant operational impact. Yes, it can be argued that people should review scripts before they run them, but let's face it, most people don't bother. Remi over rpmforge I tried to install mysql from rpmforge but it just wasn't happening. Their mysql_libs are still old and thus causes a warning in phpmyadmin. Why would you go outside the distribution for an alternate mysql package for something as ridiculous as phpmyadmin? Additionally rpmforge has
Re: [CentOS-docs] Mail / Web server guides
Ok, The scripts have been rewritten :) All packages are now downloaded from base or IUS (or rpmforge for perl-file-clamav) and I've left selinux enabled, writing some te files :) Changes have been uploaded http://www.itmanx.com/downloads/scripts.tar.gz The only problem now is when I log into phpmyadmin, I get the following and I can't find a solution. Your PHP MySQL library version 5.1.61 differs from your MySQL server version 5.5.30. This may cause unpredictable behavior. # rpm -qa mysql* mysql55-libs-5.5.30-1.ius.el6.x86_64 mysql55-5.5.30-1.ius.el6.x86_64 mysqlclient16-5.1.61-1.ius.el6.x86_64 mysql55-server-5.5.30-1.ius.el6.x86_64 Kind regards, Christian Salway -Original Message- From: centos-docs-boun...@centos.org [mailto:centos-docs-boun...@centos.org] On Behalf Of John R. Dennison Sent: 25 March 2013 13:17 To: centos-docs@centos.org Subject: Re: [CentOS-docs] Mail / Web server guides On Mon, Mar 25, 2013 at 10:41:31AM -, Christian Salway wrote: Firstly, If such issues could possibly be resolved I feel these scripts would be very beneficial to many users., who better to help out with that than you by the sounds of it. I've already worked this space and have had solutions in place for such provisioning for many, many years; I was not including myself in that many users category :) Anyway, although I would love a perfect system the way CentOS org intended it, there are many reasons why I have done the scripts the way I have. Mainly because there is not always the documentation out there to be able to achieve the centos perfect result, or the packages available in the 'preferred' repos are out-of-date, so people like me find the 'best' solution they can. But the point is... your solution leaves one wide-open for security problems down the road from 1) lack of policy enforcement and 2) unpackaged solutions that will, more than likely, end up missing some updates down the line. Especially when you are talking about such poor codebases as phpmyadmin with sarcasmit's absolutely stellar record of no security issues/sarcasm. selinux I'm all about security but there just isn't any good documentation for managing selinux! That's patently untrue. If there was, SELINUX would still be enabled. For instance, how to allow selinux to let pureftp and apache share the same files, show me a simple guide on that! You mean like the one on the centos wiki or any of the documentation provided by Redhat and Fedora? Here's a list of links to get you started: http://wiki.centos.org/HowTos/SELinux http://wiki.centos.org/TipsAndTricks/SelinuxBooleans http://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/ http://fedorasolved.org/security-solutions/selinux-module-building http://centoshelp.org/security/selinux-common-commands-troubleshooting There are, of course, many, many additional resources. Really... this endless loop I hear about lack of documentation might have been true a number of years ago but it is not the case, nor has it been the case for quite some time. perl-File-Scan-ClamAV I used http://wiki.apache.org/spamassassin/ClamAVPlugin to interact ClamAV and spamassassin which mentions File::Scan::ClamAV but which wasn't available in the repositories I had chosen, so clicking on the link took me to cpan, which I then found a way to automate the install off. I see no reason why it wasn't a good way of doing it as you get the latest version and it's only an add-on module to perl. And it's unpackaged, therefore rpm/yum know absolutely nothing about it which may well lead to conflicts down the road. There is also the it's unpackaged so therefore it may well lack in applied updates issue. While _you_ may well be disciplined enough to check for and apply updates as necessary, the people that would be relying on your scripts may not be as disciplined - cookie cutter solutions such as _packaged_ applications are a better fit for most. perl-File-Scan-ClamAV is in rpmforge. If you are unhappy with the version they offer and you are willing to maintain it yourself then you can use cpanspec or cpan2rpm and create a binary rpm package; this process will use the sources available from cpan and build up an arch (i386/x86_64) or noarch binary package as necessary. phpmyadmin What is so wrong about downloading the latest html files direct from the developers website? Nothing is 'installed' into the system and the repositories rarely have the latest version. You are basically asking the CentOS uses to stay in the dark from new and improved versions of software until you 'have the time' to add them to the repositories! Because latest != greatest. Oh! Shiny! isn't generally worth the trouble that comes with it. And phpmyadmin is a very good example. The versions in rpmforge/epel are tested and vetted which is more than can be said for phpmyadmin itself. And I am not asking users to do anything except understand what
Re: [CentOS-docs] Mail / Web server guides
I didn't have that problem before when using remi :) --Original Message-- From: Manuel Wolfshant Sender: centos-docs-boun...@centos.org To: Mail list for wiki articles ReplyTo: Mail list for wiki articles Subject: Re: [CentOS-docs] Mail / Web server guides Sent: 25 Mar 2013 20:00 On 03/25/2013 09:56 PM, Christian Salway wrote: [...] The only problem now is when I log into phpmyadmin, I get the following and I can't find a solution. Your PHP MySQL library version 5.1.61 differs from your MySQL server version 5.5.30. This may cause unpredictable behavior. # rpm -qa mysql* mysql55-libs-5.5.30-1.ius.el6.x86_64 mysql55-5.5.30-1.ius.el6.x86_64 mysqlclient16-5.1.61-1.ius.el6.x86_64 mysql55-server-5.5.30-1.ius.el6.x86_64 You will keep seeing that warning for as long as phpmyadmin is compiled against the stock mysql libs while the server runs a different mysql version. Normally it's benign. ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] Mail / Web server guides
On 12.03.2013 13:29, Christian Salway wrote: Overall, this will give anyone the chance to run a mail server with multi domain support and website hosting support on a CentOS system by simply running a shell script which takes about 5 minutes. Hmmm. No. That is not really what we are looking for (although it sounds interesting). We're looking for documentation which enables the reader to *learn* and then implement things himself. Okay, if there is some copy paste, there's nothing wrong with that :) But we don't want to supply shell scripts which are opaque to the causal user and then do something he cannot reproduce (or understand with his level of knowledge). Let me know if you're interested and if so, how I go about writing it into your wiki. If you can add to various parts of the wiki which already describe mail - or create new pages on things which aren't already covered - then that would be great. Regards, Ralph ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] Mail / Web server guides
Hi Ralph, I would love to write some guides but I just don't have the time at the moment (work commitments), but for those that would like the scripts and maybe write up some guides, you can download them from: http://www.itmanx.com/downloads/scripts.tar.gz This has been tested on a fresh install of CentOS 6.3 x64 minimal. Run the prerequisites.sh file (eg. sh prerequisites.sh) first just to make sure you have wget. Then run run.sh. You can see inside run.sh what it sets up. I have also made every file independent if you'd like to just install a particular feature. In the archive are also 3 files named newemail.sh, newwebsite.sh and newftpuser.sh to get you started post install. When I get more time, I will be happy to write up some guides. Kind regards, Christian Salway -Original Message- From: centos-docs-boun...@centos.org [mailto:centos-docs-boun...@centos.org] On Behalf Of Ralph Angenendt Sent: 24 March 2013 21:43 To: centos-docs@centos.org Subject: Re: [CentOS-docs] Mail / Web server guides On 12.03.2013 13:29, Christian Salway wrote: Overall, this will give anyone the chance to run a mail server with multi domain support and website hosting support on a CentOS system by simply running a shell script which takes about 5 minutes. Hmmm. No. That is not really what we are looking for (although it sounds interesting). We're looking for documentation which enables the reader to *learn* and then implement things himself. Okay, if there is some copy paste, there's nothing wrong with that :) But we don't want to supply shell scripts which are opaque to the causal user and then do something he cannot reproduce (or understand with his level of knowledge). Let me know if you're interested and if so, how I go about writing it into your wiki. If you can add to various parts of the wiki which already describe mail - or create new pages on things which aren't already covered - then that would be great. Regards, Ralph ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
