Install DirectAdmin Control Panel On CentOS 7
DirectAdmin is an alternative control panel to cPanel/WHM. This installation guide will outline how to install the DirectAdmin control panel on CentOS 7 64bit server. I will be using a Las Vegas BuyVM.net 1GB dedicated KVM Slice VPS server which costs US$3.50/month – they also generously offer a free DirectAdmin license with every VPS server.
Seems like the cheapest way to get access to DirectAdmin for testing/learning purposes. The 1GB KVM plan only has 20GB disk space which isn’t suitable for production usage but for purpose of writing this guide and learning on DirectAdmin, it should suffice. Otherwise, if your web host doesn’t provide a DirectAdmin license you’d have to buy a DirectAdmin license directly with DirectAdmin. As I am new to DirectAdmin, this guide serves a dual purpose in also documenting my learning and experiences with DirectAdmin installation process. As such this guide will be constantly updated over time so check back regularly. I’ve added a last updated date timestamp for this very purpose. Update: besides DirectAdmin standard licenses, there are also DirectAdmin Lite & Personal limited license options available. For details of what DirectAdmin limited licenses mean, read here.
The following DirectAdmin installation steps are based on the official DirectAdmin outlined documentation for:
- DirectAdmin System Requirements
- DirectAdmin Installation Guide
- Common DirectAdmin pre-installation commands
- DirectAdmin SSL setup and configuration
- How to enable Letsencrypt SSL certificate support
- Installing Letsencrypt SSL certificate on DirectAdmin hostname
- DirectAdmin Tech Notes
Step 1. CentOS 7 server preparation
DirectAdmin system requirements guidelines outline specific recommendations. The ones relevant to this DirectAdmin installation are:
- For CentOS 7, use the xfs quota system. If you use ext4, add use_xfs_quota=0 to the /usr/local/directadmin/conf/directadmin.conf.
- Swap disk size – for less than 2GB memory based servers, set swap disk size to 2x memory installed. For 2-8GB memory-based servers set swap disk size to the same amount as installed memory. For greater than 8GB memory-based servers, set swap disk size to at least 4GB.
- Ensure basic development/compiling tools such as gcc, g++, and perl have been installed
- Do not install services such as Apache, PHP, MySQL, Ftp, Sendmail, etc as DirectAdmin installation will take care of installation and configuration of such services. A full outline list of what DirectAdmin installs can be found at https://www.directadmin.com/technologies.php
- At a bare minimum, your server must have one static IPv4 IP address. However, for DNS control you will sometimes need at least two (2) IP addresses. With only one IP address you might be forced to use an external DNS service, depending on your registrar. This means websites you create through the control panel will not propagate automatically. For this DirectAdmin installation guide, I’ll be using only one static IPv4 IP address with intention of using Cloudflare for DNS management.
- Setup and configuration of your DirectAdmin server’s hostname which should not be the same as the primary domain name. e.g. yourdomain.com is not a good hostname, where server.yourdomain.com or host.yourdomain.com is. If you have signed up with a VPS or dedicated server provider, at order time you would have specified a hostname to label and name your server. This is usually the hostname that the CentOS 7 image will configure out of the box when you log in for the first time and as such may require changing to a hostname that suits your needs.
So within your SSH logged-in session as the root user, run the following commands to prepare your CentOS 7 server for DirectAdmin installation.
Configuring your hostname for your DirectAdmin server. You can find the currently registered hostname for your CentOS 7 server via either of these commands:
uname -n hostname
On BuyVM.net VPS there’s currently a bug in their system which incorrectly populates the hostname as the following instead of your entered hostname at order time. BuyVM folks are aware of this bug and actively working on a fix.
[root@roblifehack ~]# uname -n roblifehack.com [root@roblifehack ~]# hostname roblifehack.com
The bug also appears in the default BuyVM Stallion control panel’s networking PTR configuration field so you will need to adjust those to your desired hostname with the proceeding instructions.
If your desired hostname needs changing you can do that now using the command below changing hostname.yourdomain.com to your own desired hostname.
hostnamectl set-hostname hostname.yourdomain.com
You can verify with with above commands used to get current registered hostname or via:
hostnamectl status
Then ensure your hostname’s DNS works via DNS A record pointing to the DirectAdmin server’s public IP address. This is important for proper mail delivery from the server and for DirectAdmin licensing checks.
Configuring a swap disk. As DirectAdmin does do quite a bit of source compilation, my own experience with Centmin Mod LEMP stack has taught me that on low memory VPS servers, always have adequate swap disk size. So I opted to configure a 3GB swap disk for this 1GB BuyVM KVM VPS server. Below SSH commands create a 3GB swap disk for DirectAdmin to use.
if [ "$(df -hT | grep -w xfs)" ]; then dd if=/dev/zero of=/swapfile bs=1024 count=3072k; else fallocate -l 3G /swapfile; fi mkswap /swapfile swapon /swapfile chown root:root /swapfile chmod 0600 /swapfile swapon -s echo "/swapfile swap swap defaults 0 0" >> /etc/fstab mount -a free -m
BuyVM.net VPS already provisioned a 1GB swap file so this change would increase your total swap available to 4GB
free -ml total used free shared buff/cache available Mem: 991 59 412 12 518 757 Low: 991 578 412 High: 0 0 0 Swap: 1023 0 1023
After adding a 3GB swap file to the existing 1GB swap file = 4GB swap total
free -m total used free shared buff/cache available Mem: 991 61 405 12 524 755 Swap: 4095 0 4095
Installing basic development and compiling tools via YUM. I also add the following additional YUM packages:
- nano – my preferred linux text editor
- cmake, cmake3 – for compiling other software which may use cmake or version 3 of cmake
- screen – useful to run lengthy scripts or where you want your SSH session to survive disconnections from SSH
- sysstat – access to useful system resource gathering tools like sar, pidstat, mpstat, and iostat
- perl-libwww-perl – required if you want to install CSF Firewall
- perl-Crypt-SSLeay – required if you want to install CSF Firewall
- Perl-Net-SSLeay – required if you want to install CSF Firewall
- Perl-LWP-Protocol-HTTPS – required if you want to install CSF Firewall for CentOS 7
- GeoIP-devel
- GeoIP
- mlocate
- bc
- jq – install via EPEL YUM repo
- nghttp2 – for HTTPS/SSL diagnostics testing and access to h2load HTTP/2 HTTPS load tester
- Redis – install via Remi YUM repo for newer version that CentOS 7 base YUM repo version
- memcached – install via Remi YUM repo for a newer version that CentOS 7 base YUM repo version
- memcached-devel – install via Remi YUM repo for a newer version that CentOS 7 base YUM repo version
- libmemcached-devel – install via CentOS 7 base YUM repo version
- libmemcached – install via CentOS 7 base YUM repo version
yum clean all yum -y install wget gcc gcc-c++ flex bison make bind bind-libs bind-utils libaio libcom_err-devel openssl openssl-devel perl quota libcurl-devel gd zlib-devel zip unzip libcap-devel cronie bzip2 cyrus-sasl-devel perl-ExtUtils-Embed autoconf automake libtool which patch mailx bzip2-devel lsof glibc-headers kernel-devel expat-devel psmisc net-tools systemd-devel libdb-devel perl-DBI perl-Perl4-CoreLibs xfsprogs rsyslog logrotate crontabs file kernel-headers nano cmake cmake3 screen sysstat perl-libwww-perl perl-Crypt-SSLeay perl-Net-SSLeay perl-LWP-Protocol-https GeoIP-devel GeoIP mlocate bc # EPEL & Remi YUM repo yum -y install epel-release yum-utils rpm -ivh https://rpms.remirepo.net/enterprise/remi-release-7.rpm # disable Remi & EPEL by default and only enable manually when needed yum-config-manager --disable remi epel yum -q list jq nghttp2 redis memcached memcached-devel libmemcached-devel libmemcached --enablerepo=epel,remi yum -y install jq nghttp2 redis memcached memcached-devel libmemcached-devel libmemcached --enablerepo=epel,remi # mlocate updatedb
Disabling SELINUX
setenforce 0 sed -i 's|enforcing|disabled|g' /etc/selinux/config
A YUM update and reboot is highly recommended before proceeding to ensure that your Linux Kernel is the latest available patch fixed for Meltdown/Spectre and other vulnerabilities.
yum -y update reboot
After setting up 3+1 = 4GB swap disks and doing YUM updates and package installs, current disk usage is:
df -hT Filesystem Type Size Used Avail Use% Mounted on /dev/vda1 ext4 19G 4.8G 13G 27% / devtmpfs devtmpfs 486M 0 486M 0% /dev tmpfs tmpfs 496M 0 496M 0% /dev/shm tmpfs tmpfs 496M 6.7M 489M 2% /run tmpfs tmpfs 496M 0 496M 0% /sys/fs/cgroup tmpfs tmpfs 100M 0 100M 0% /run/user/0
Step 2. Verify your DirectAdmin license information.
If you didn’t get your DirectAdmin license from your web host but direct with DirectAdmin, sign into your client account at https://www.directadmin.com/clients and
- Click the “view” link next to your license and make sure that the license is Active and Verified (if it isn’t, then DirectAdmin’s billing system hasn’t processed the order yet).
- Verify that the server IP address and operating system are correct.
For BuyVM.net they offer free DirectAdmin licenses for their VPS which you can order after your BuyVM VPS has been provisioned and assigned an IP address here. The order form prompts you to provide the IP address of the BuyVM VPS server you intend to install DirectAdmin on, Once ordered you should see your DirectAdmin license listed in the services listing. Clicking on the service will reveal the DirectAdmin license id, client id, status and registered IP and OS. Note, for new first time BuyVM VPS customers when you first provision a new VPS, mail ports are blocked by default until you contact their technical support to unblock the mail ports. This is a one-time task you need to do.
You’ll also receive an email from BuyVM with DirectAdmin license details
Step 3. DirectAdmin Installation
Now to the actual DirectAdmin install which is done as the root user in the SSH logged-in session. You first download the DirectAdmin setup.sh script and give it executable permissions. You can download setup.sh and save anywhere on your server but I generally like to group all my tools in a directory like /root/tools
mkdir -p /root/tools cd /root/tools wget -4 https://www.directadmin.com/setup.sh chmod 755 setup.sh
Next is to actually run the setup.sh script. If you have a flaky SSH connection and do not want SSH disconnections to occur during setup.sh run, you can run setup.sh within a screen session. I also raise the default screen scrollback limit in /root/.screenrc.
You will be prompted for a client ID number, license ID number, and hostname when you run setup.sh as well as ethernet adaptor device name for the public IP address for the server.
- The hostname should not be the same as the primary domain name and should of been the same one we prepared and configured in step 1 preparation stage e.g. yourdomain.com is not a good hostname, where server.yourdomain.com or host.yourdomain.com is.
- Having the same host/main domain name will cause e-mail and FTP problems.
- Also, make sure the hostname resolves once you set up DNS – so ensure a DNS A record for your hostname exists pointing to the DirectAdmin server’s public IP address.
- You can find the list of your ethernet adaptor’s device name for public IP via command. For BuyVM VPS the public IP is on eth0 device name
/sbin/ifconfig
Actual DirectAdmin installation commands for running setup.sh or read further below on customizing setup.sh runs:
echo "defscrollback 200000" >> /root/.screenrc screen -dmS directadmin screen -r directadmin time ./setup.sh
Pre-configure DirectAdmin Installs
Was only made aware after writing this article that you can customize setup.sh and use preset options.conf prior to actual install via outlined instructions here. You can see this DirectAdmin installations final options.conf file settings in a Gist file here.
To populate these SSH session variables or put them into a script the following. Where YOUR_LINK_TO_HOSTED_OPTIONS_FILE would be something like https://yourdomain.com/options.conf where you host the customized options.conf file usually created by DirectAdmin at /usr/local/directadmin/custombuild/options.conf.
clientid=YOUR_CLIENTID licenseid=YOUR_LICENSEID hostname=YOUR_HOSTNAME ip=YOUR_SERVERIP devicename=YOUR_ETHERNET_DEVICENAME opturl=YOUR_LINK_TO_HOSTED_OPTIONS_FILE custombuild_ver=2.0
Also you can pre-configure your DirectAdmin admin email and nameservers in the following files prior to running setup.sh:
- /root/.email.txt
- /root/.ns1.txt
- /root/.ns2.txt
Then you’d change your setup.sh run to
mkdir -p /root/tools cd /root/tools wget -4 https://www.directadmin.com/setup.sh chmod 755 setup.sh echo "defscrollback 200000" >> /root/.screenrc screen -dmS directadmin screen -r directadmin echo $custombuild_ver > /root/.custombuild time ./setup.sh $clientid $licenseid $hostname $devicename $ip
If you have a preconfigured options.conf config file you saved from an existing DirectAdmin server location at /usr/local/directadmin/custombuild/options.conf, you can use that too by setting up /usr/local/directadmin/custombuild/options.conf before running setup.sh by downloading your custom options.conf file from remote server or Gist hosted file you defined in above-populated variables for $opturl. You can see this DirectAdmin installations final options.conf file settings in a Gist file here.
Downloading preset options.conf to /usr/local/directadmin/custombuild/options.conf
mkdir -p /usr/local/directadmin/custombuild wget -O /usr/local/directadmin/custombuild/options.conf $opturl
Example using my Gist file to prepopulate options.conf and using sed to replace values for redirect_host (remember to also configure and setup DirectAdmin over HTTPS) and email options:
HOSTNAME='hostname.yourdomain.com' EMAIL='your_directadmin_email' mkdir -p /usr/local/directadmin/custombuild curl -s -4 https://gist.githubusercontent.com/centminmod/62cc0bcdb44977718f98390a93ad8776/raw/options.conf | sed -e "s|^redirect_host=.*|redirect_host=$HOSTNAME|" -e "s|^email=.*|email=$EMAIL|" > /usr/local/directadmin/custombuild/options.conf
The setup.sh has various setup question prompts for you to answer. Once all question prompts have been answered it’s waiting for DirectAdmin installation process to complete. As there’s source compilation involved, how fast DirectAdmin installs will depend on your specific server hardware configuration.
- The higher the cpu clock frequency, the faster source compilations go.
- The more CPU threads available, the faster source compilations should go if DirectAdmin makes use of multiple CPU threads during source compilation.
- The faster the underlying disk storage layer i.e. NVMe SSD vs SSD vs non-SSD, the faster source compilations are.
- New cpu models are generally clock for clock faster than previous cpu generations.
The BuyVM VPS has 1GB of memory with 1 CPU thread on an Intel Xeon E3-1270v3 Haswell based processor.
lscpu Architecture: x86_64 CPU op-mode(s): 32-bit, 64-bit Byte Order: Little Endian CPU(s): 1 On-line CPU(s) list: 0 Thread(s) per core: 1 Core(s) per socket: 1 Socket(s): 1 NUMA node(s): 1 Vendor ID: GenuineIntel CPU family: 6 Model: 60 Model name: Intel(R) Xeon(R) CPU E3-1270 v3 @ 3.50GHz Stepping: 3 CPU MHz: 3499.992 BogoMIPS: 6999.98 Hypervisor vendor: Microsoft Virtualization type: full L1d cache: 32K L1i cache: 32K L2 cache: 4096K L3 cache: 16384K NUMA node0 CPU(s): 0 Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon rep_good nopl xtopology eagerfpu pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid xsaveopt arat umip
Excerpt below:
time ./setup.sh *** 64-bit OS *** ***************************************************** * * DirectAdmin requires certain packages, described here: * http://help.directadmin.com/item.php?id=354 * * Would you like to install these required pre-install packages? (y/n): y ***************************************************** Please enter your Client ID : CLIENTID Please enter your License ID : LICENSEID Please enter your hostname (server.domain.com) It must be a Fully Qualified Domain Name Do *not* use a domain you plan on using for the hostname: eg. don't use domain.com. Use server.domain.com instead. Do not enter http:// or www Your current hostname is: hostname.yourdomain.com Enter your hostname (FQDN) : hostname.yourdomain.com Client ID: CLIENTID License ID: LICENSEID Hostname: hostname.yourdomain.com Is this correct? (y,n) : y The following ethernet devices/IPs were found. Please enter the name of the device you wish to use: eth0 MY_SERVERIP eth1 Enter the device name: eth0 Your external IP: MY_SERVERIP The external IP should typically match your license IP. Is MY_SERVERIP the IP in your license? (y,n) : y DirectAdmin will now be installed on: Enterprise 7.6 Is this correct? (must match license) (y,n) : y You have chosen custombuild 2.0.
Prompts for Apache/PHP setup – I deliberately chose a non-default Apache/PHP setup just to see what options are available for now. Will play with different configurations later down the track.
Would you like the default settings of apache 2.4 with mod_ruid2 and php 7.2 cli? (y/n): n You have chosen to customize the custombuild options. Please wait while options configurator is downloaded... Cannot find /usr/local/directadmin/custombuild/options.conf, writing defaults. Downloading versions.txt... Would you like to backup the current options.conf? (yes/no): yes Backup created: /usr/local/directadmin/custombuild/options.conf.20190717054458.backup Please select webserver you would like to use (apache/nginx/nginx_apache/litespeed/openlitespeed):apache Please select FTP server you would like to use (proftpd/pureftpd/no):pureftpd Please select default PHP version you would like to use (5.3/5.4/5.5/5.6/7.0/7.1/7.2/7.3):7.3 Please select default PHP mode you would like to use (php-fpm/fastcgi/suphp/lsphp/mod_php):php-fpm Would you like to have a second instance of PHP installed? (yes/no): yes Please select additional PHP version you would like to use (5.3/5.4/5.5/5.6/7.0/7.1/7.2/7.3):7.2 Please select additional PHP mode you would like to use (php-fpm/fastcgi/suphp/lsphp):php-fpm Would you like to have a third instance of PHP installed? (yes/no): yes Please select additional PHP version you would like to use (5.3/5.4/5.5/5.6/7.0/7.1/7.2/7.3):5.6 Please select additional PHP mode you would like to use (php-fpm/fastcgi/suphp/lsphp):php-fpm Would you like to have a fourth instance of PHP installed? (yes/no): no Please select if you would like to use ionCube (yes/no):no Please select if you would like to use Zend Guard Loader (yes/no):no Please select if you would like to use suhosin (yes/no):no Please select if you would like CustomBuild to manage Exim installation (yes/no):yes Please select if you would like CustomBuild to manage Dovecot installation (yes/no):yes Please select if you would like CustomBuild to manage phpMyAdmin installation (yes/no):yes Please select if you would like CustomBuild to manage SquirrelMail installation (yes/no):yes Please select if you would like CustomBuild to manage RoundCube installation (yes/no):yes Would you like to search for the fastest download mirror? (y/n): y
Installation on BuyVM 1GB KVM VPS with 1 CPU thread, took approximately 95 minutes to complete ending with the following message:
To login now, follow this link: http://MY_SERVERIP:2222 and enter your Admin username and password when prompted. You should now visit http://admin.site-helper.com and http://www.directadmin.com/newinstall.html to learn how to get started. Thank you for using DirectAdmin. Should you have any questions, don't hesitate to contact us at support@directadmin.com ## REPORT_END Permissions set System Security Tips: http://help.directadmin.com/item.php?id=247
Disk space usage after DirectAdmin install:
df -hT Filesystem Type Size Used Avail Use% Mounted on /dev/vda1 ext4 19G 6.2G 12G 35% / devtmpfs devtmpfs 486M 0 486M 0% /dev tmpfs tmpfs 496M 0 496M 0% /dev/shm tmpfs tmpfs 496M 6.7M 489M 2% /run tmpfs tmpfs 496M 0 496M 0% /sys/fs/cgroup tmpfs tmpfs 100M 0 100M 0% /run/user/0
If you do happen to get disconnected from your SSH session during setup.sh run, you can just SSH login again and reattach the screen session named, DirectAdmin and will see the setup.sh script is still continuing it’s run if it hasn’t finished yet or may see that setup.sh run has completed.
screen -r directadmin
Once DirectAdmin is installed to access the control panel on port 2222, you’d need to whitelist it in CentOS 7’s Firewalld firewall.
firewall-cmd --permanent --zone=public --add-port=2222/tcp
However, on my BuyVM VPS server, DirectAdmin installs instance, I was able to reach the DirectAdmin control panel on port 2222 without whitelisting port 2222 because it seems the Firewalld service wasn’t running!
service firewalld status Redirecting to /bin/systemctl status firewalld.service ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: man:firewalld(1)
So have to manually start CentOS 7’s Firewalld service which then will block port 2222 access until you run the above firewall-cmd command to whitelist port 2222
service firewalld start
Checking Firewalld
firewall-cmd --state running
Listing current open public ports before whitelisting port 2222 returns empty for this command as no ports are whitelisted as yet.
firewall-cmd --zone=public --list-ports
Whitelist port 2222 in Firewalld and then recheck public whitelisted ports
firewall-cmd --permanent --zone=public --add-port=2222/tcp success firewall-cmd --reload firewall-cmd --zone=public --list-ports 2222/tcp
Do the same for whitelisting SSH and common service ports. I also added 9418 for Git usage and FTP passive port range 35000-35999. Would be nice if DirectAdmin did this by default for its known installed services so out-of-the-box DirectAdmin installations would be protected behind Firewalld initially.
firewall-cmd --permanent --zone=public --add-port=22/tcp firewall-cmd --permanent --zone=public --add-port=2222/tcp firewall-cmd --permanent --zone=public --add-port=9418/tcp firewall-cmd --permanent --zone=public --add-port=35000-35999/tcp firewall-cmd --permanent --zone=public --add-service=dns firewall-cmd --permanent --zone=public --add-service=ftp firewall-cmd --permanent --zone=public --add-service=http firewall-cmd --permanent --zone=public --add-service=https firewall-cmd --permanent --zone=public --add-service=imap firewall-cmd --permanent --zone=public --add-service=imaps firewall-cmd --permanent --zone=public --add-service=pop3 firewall-cmd --permanent --zone=public --add-service=pop3s firewall-cmd --permanent --zone=public --add-service=smtp firewall-cmd --permanent --zone=public --add-service=smtps firewall-cmd --permanent --zone=public --add-service=smtp-submission firewall-cmd --reload firewall-cmd --zone=public --list-ports firewall-cmd --zone=public --list-services
Check port and service listings that are whitelisted now
firewall-cmd --zone=public --list-ports 2222/tcp 22/tcp 35000-35999/tcp 9418/tcp firewall-cmd --zone=public --list-services ssh dhcpv6-client dns ftp http https imaps pop3s smtp imap pop3 smtps smtp-submission
The corresponding whitelisted services’ ports from their profile
echo "ssh dhcpv6-client dns ftp http https imaps pop3s smtp imap pop3 smtps smtp-submission" | xargs -n1 | while read s; do echo -n "/usr/lib/firewalld/services/$s.xml"; grep 'port protocol' /usr/lib/firewalld/services/$s.xml; done /usr/lib/firewalld/services/ssh.xml <port protocol="tcp" port="22"/> /usr/lib/firewalld/services/dhcpv6-client.xml <port protocol="udp" port="546"/> /usr/lib/firewalld/services/dns.xml <port protocol="tcp" port="53"/> <port protocol="udp" port="53"/> /usr/lib/firewalld/services/ftp.xml <port protocol="tcp" port="21"/> /usr/lib/firewalld/services/http.xml <port protocol="tcp" port="80"/> /usr/lib/firewalld/services/https.xml <port protocol="tcp" port="443"/> /usr/lib/firewalld/services/imaps.xml <port protocol="tcp" port="993"/> /usr/lib/firewalld/services/pop3s.xml <port protocol="tcp" port="995"/> /usr/lib/firewalld/services/smtp.xml <port protocol="tcp" port="25"/> /usr/lib/firewalld/services/imap.xml <port protocol="tcp" port="143"/> /usr/lib/firewalld/services/pop3.xml <port protocol="tcp" port="110"/> /usr/lib/firewalld/services/smtps.xml <port protocol="tcp" port="465"/> /usr/lib/firewalld/services/smtp-submission.xml <port protocol="tcp" port="587"/>
If you have other services, Firewalld has a profile for some of these services which you can use –add-service=SERVICENAME to whitelist in public zone where appropriate:
ls -alh /usr/lib/firewalld/services/ total 512K drwxr-xr-x. 2 root root 4.0K May 12 23:10 . drwxr-xr-x. 8 root root 4.0K May 12 23:09 .. -rw-r--r--. 1 root root 412 Oct 30 2018 amanda-client.xml -rw-r--r--. 1 root root 447 Oct 30 2018 amanda-k5-client.xml -rw-r--r--. 1 root root 320 Oct 30 2018 bacula-client.xml -rw-r--r--. 1 root root 346 Oct 30 2018 bacula.xml -rw-r--r--. 1 root root 339 Oct 30 2018 bgp.xml -rw-r--r--. 1 root root 275 Oct 30 2018 bitcoin-rpc.xml -rw-r--r--. 1 root root 307 Oct 30 2018 bitcoin-testnet-rpc.xml -rw-r--r--. 1 root root 281 Oct 30 2018 bitcoin-testnet.xml -rw-r--r--. 1 root root 244 Oct 30 2018 bitcoin.xml -rw-r--r--. 1 root root 294 Oct 30 2018 ceph-mon.xml -rw-r--r--. 1 root root 329 Oct 30 2018 ceph.xml -rw-r--r--. 1 root root 168 Oct 30 2018 cfengine.xml -rw-r--r--. 1 root root 260 Oct 30 2018 condor-collector.xml -rw-r--r--. 1 root root 296 Oct 30 2018 ctdb.xml -rw-r--r--. 1 root root 305 Oct 30 2018 dhcpv6-client.xml -rw-r--r--. 1 root root 234 Oct 30 2018 dhcpv6.xml -rw-r--r--. 1 root root 227 Oct 30 2018 dhcp.xml -rw-r--r--. 1 root root 346 Oct 30 2018 dns.xml -rw-r--r--. 1 root root 374 Oct 30 2018 docker-registry.xml -rw-r--r--. 1 root root 391 Oct 30 2018 docker-swarm.xml -rw-r--r--. 1 root root 228 Oct 30 2018 dropbox-lansync.xml -rw-r--r--. 1 root root 338 Oct 30 2018 elasticsearch.xml -rw-r--r--. 1 root root 836 Oct 30 2018 freeipa-ldaps.xml -rw-r--r--. 1 root root 836 Oct 30 2018 freeipa-ldap.xml -rw-r--r--. 1 root root 315 Oct 30 2018 freeipa-replication.xml -rw-r--r--. 1 root root 629 Oct 30 2018 freeipa-trust.xml -rw-r--r--. 1 root root 374 Oct 30 2018 ftp.xml -rw-r--r--. 1 root root 184 Oct 30 2018 ganglia-client.xml -rw-r--r--. 1 root root 176 Oct 30 2018 ganglia-master.xml -rw-r--r--. 1 root root 212 Oct 30 2018 git.xml -rw-r--r--. 1 root root 132 Oct 30 2018 gre.xml -rw-r--r--. 1 root root 603 Oct 30 2018 high-availability.xml -rw-r--r--. 1 root root 448 Oct 30 2018 https.xml -rw-r--r--. 1 root root 353 Oct 30 2018 http.xml -rw-r--r--. 1 root root 372 Oct 30 2018 imaps.xml -rw-r--r--. 1 root root 327 Oct 30 2018 imap.xml -rw-r--r--. 1 root root 454 Oct 30 2018 ipp-client.xml -rw-r--r--. 1 root root 427 Oct 30 2018 ipp.xml -rw-r--r--. 1 root root 554 Oct 30 2018 ipsec.xml -rw-r--r--. 1 root root 255 Oct 30 2018 ircs.xml -rw-r--r--. 1 root root 247 Oct 30 2018 irc.xml -rw-r--r--. 1 root root 264 Oct 30 2018 iscsi-target.xml -rw-r--r--. 1 root root 213 Oct 30 2018 jenkins.xml -rw-r--r--. 1 root root 182 Oct 30 2018 kadmin.xml -rw-r--r--. 1 root root 233 Oct 30 2018 kerberos.xml -rw-r--r--. 1 root root 384 Oct 30 2018 kibana.xml -rw-r--r--. 1 root root 249 Oct 30 2018 klogin.xml -rw-r--r--. 1 root root 221 Oct 30 2018 kpasswd.xml -rw-r--r--. 1 root root 182 Oct 30 2018 kprop.xml -rw-r--r--. 1 root root 242 Oct 30 2018 kshell.xml -rw-r--r--. 1 root root 232 Oct 30 2018 ldaps.xml -rw-r--r--. 1 root root 199 Oct 30 2018 ldap.xml -rw-r--r--. 1 root root 385 Oct 30 2018 libvirt-tls.xml -rw-r--r--. 1 root root 389 Oct 30 2018 libvirt.xml -rw-r--r--. 1 root root 349 Oct 30 2018 managesieve.xml -rw-r--r--. 1 root root 424 Oct 30 2018 mdns.xml -rw-r--r--. 1 root root 343 Oct 30 2018 minidlna.xml -rw-r--r--. 1 root root 237 Oct 30 2018 mongodb.xml -rw-r--r--. 1 root root 473 Oct 30 2018 mosh.xml -rw-r--r--. 1 root root 211 Oct 30 2018 mountd.xml -rw-r--r--. 1 root root 170 Oct 30 2018 mssql.xml -rw-r--r--. 1 root root 190 Oct 30 2018 ms-wbt.xml -rw-r--r--. 1 root root 242 Oct 30 2018 murmur.xml -rw-r--r--. 1 root root 171 Oct 30 2018 mysql.xml -rw-r--r--. 1 root root 342 Oct 30 2018 nfs3.xml -rw-r--r--. 1 root root 324 Oct 30 2018 nfs.xml -rw-r--r--. 1 root root 293 Oct 30 2018 nmea-0183.xml -rw-r--r--. 1 root root 247 Oct 30 2018 nrpe.xml -rw-r--r--. 1 root root 389 Oct 30 2018 ntp.xml -rw-r--r--. 1 root root 335 Oct 30 2018 openvpn.xml -rw-r--r--. 1 root root 260 Oct 30 2018 ovirt-imageio.xml -rw-r--r--. 1 root root 343 Oct 30 2018 ovirt-storageconsole.xml -rw-r--r--. 1 root root 235 Oct 30 2018 ovirt-vmconsole.xml -rw-r--r--. 1 root root 433 Oct 30 2018 pmcd.xml -rw-r--r--. 1 root root 474 Oct 30 2018 pmproxy.xml -rw-r--r--. 1 root root 544 Oct 30 2018 pmwebapis.xml -rw-r--r--. 1 root root 460 Oct 30 2018 pmwebapi.xml -rw-r--r--. 1 root root 357 Oct 30 2018 pop3s.xml -rw-r--r--. 1 root root 348 Oct 30 2018 pop3.xml -rw-r--r--. 1 root root 181 Oct 30 2018 postgresql.xml -rw-r--r--. 1 root root 509 Oct 30 2018 privoxy.xml -rw-r--r--. 1 root root 261 Oct 30 2018 proxy-dhcp.xml -rw-r--r--. 1 root root 424 Oct 30 2018 ptp.xml -rw-r--r--. 1 root root 414 Oct 30 2018 pulseaudio.xml -rw-r--r--. 1 root root 297 Oct 30 2018 puppetmaster.xml -rw-r--r--. 1 root root 273 Oct 30 2018 quassel.xml -rw-r--r--. 1 root root 520 Oct 30 2018 radius.xml -rw-r--r--. 1 root root 268 Oct 30 2018 redis.xml -rw-r--r--. 1 root root 741 Oct 30 2018 RH-Satellite-6.xml -rw-r--r--. 1 root root 214 Oct 30 2018 rpc-bind.xml -rw-r--r--. 1 root root 310 Oct 30 2018 rsh.xml -rw-r--r--. 1 root root 311 Oct 30 2018 rsyncd.xml -rw-r--r--. 1 root root 384 Oct 30 2018 samba-client.xml -rw-r--r--. 1 root root 461 Oct 30 2018 samba.xml -rw-r--r--. 1 root root 337 Oct 30 2018 sane.xml -rw-r--r--. 1 root root 283 Oct 30 2018 sips.xml -rw-r--r--. 1 root root 509 Oct 30 2018 sip.xml -rw-r--r--. 1 root root 231 Oct 30 2018 smtp-submission.xml -rw-r--r--. 1 root root 577 Oct 30 2018 smtps.xml -rw-r--r--. 1 root root 550 Oct 30 2018 smtp.xml -rw-r--r--. 1 root root 308 Oct 30 2018 snmptrap.xml -rw-r--r--. 1 root root 342 Oct 30 2018 snmp.xml -rw-r--r--. 1 root root 405 Oct 30 2018 spideroak-lansync.xml -rw-r--r--. 1 root root 173 Oct 30 2018 squid.xml -rw-r--r--. 1 root root 463 Oct 30 2018 ssh.xml -rw-r--r--. 1 root root 297 Oct 30 2018 syncthing-gui.xml -rw-r--r--. 1 root root 311 Oct 30 2018 syncthing.xml -rw-r--r--. 1 root root 496 Oct 30 2018 synergy.xml -rw-r--r--. 1 root root 444 Oct 30 2018 syslog-tls.xml -rw-r--r--. 1 root root 329 Oct 30 2018 syslog.xml -rw-r--r--. 1 root root 393 Oct 30 2018 telnet.xml -rw-r--r--. 1 root root 301 Oct 30 2018 tftp-client.xml -rw-r--r--. 1 root root 437 Oct 30 2018 tftp.xml -rw-r--r--. 1 root root 336 Oct 30 2018 tinc.xml -rw-r--r--. 1 root root 771 Oct 30 2018 tor-socks.xml -rw-r--r--. 1 root root 244 Oct 30 2018 transmission-client.xml -rw-r--r--. 1 root root 264 Oct 30 2018 upnp-client.xml -rw-r--r--. 1 root root 593 Oct 30 2018 vdsm.xml -rw-r--r--. 1 root root 475 Oct 30 2018 vnc-server.xml -rw-r--r--. 1 root root 310 Oct 30 2018 wbem-https.xml -rw-r--r--. 1 root root 509 Oct 30 2018 xmpp-bosh.xml -rw-r--r--. 1 root root 488 Oct 30 2018 xmpp-client.xml -rw-r--r--. 1 root root 264 Oct 30 2018 xmpp-local.xml -rw-r--r--. 1 root root 545 Oct 30 2018 xmpp-server.xml -rw-r--r--. 1 root root 314 Oct 30 2018 zabbix-agent.xml -rw-r--r--. 1 root root 315 Oct 30 2018 zabbix-server.xml
Revisiting DirectAdmin control panel login page on port 2222 now:
Check MySQL version installed by default where MySQL root password details are located in
- /usr/local/directadmin/conf/mysql.conf read by DirectAdmin
- /usr/local/directadmin/conf/my.cnf read by MySQL server/client
- /usr/local/directadmin/scripts/setup.txt contents variables logins setup by DirectAdmin
MariaDB 5.5 MySQL server is installed by default it seems according to mysqladmin ver command
mysqladmin --defaults-extra-file=/usr/local/directadmin/conf/my.cnf ver
If you find having to pass –defaults-extra-file path tedious, setup a custom command alias in your ~/.bashrc file
alias mysqladmin='mysqladmin --defaults-extra-file=/usr/local/directadmin/conf/my.cnf'
Output
mysqladmin --defaults-extra-file=/usr/local/directadmin/conf/my.cnf ver mysqladmin Ver 9.0 Distrib 5.5.63-MariaDB, for Linux on x86_64 Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Server version 5.5.63-MariaDB Protocol version 10 Connection Localhost via UNIX socket UNIX socket /var/lib/mysql/mysql.sock Uptime: 2 hours 39 min 46 sec Threads: 1 Questions: 66 Slow queries: 0 Opens: 3 Flush tables: 2 Open tables: 29 Queries per second avg: 0.006
Check Apache version and config installed – Apache 2.4.39 built as Event MPM worker
httpd -V Server version: Apache/2.4.39 (Unix) Server built: Jul 17 2019 17:56:35 Server's Module Magic Number: 20120211:84 Server loaded: APR 1.6.5, APR-UTIL 1.6.1 Compiled using: APR 1.6.5, APR-UTIL 1.6.1 Architecture: 64-bit Server MPM: event threaded: yes (fixed thread count) forked: yes (variable process count) Server compiled with.... -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=256 -D HTTPD_ROOT="/etc/httpd" -D HAVE_SYSTEMD -D SUEXEC_BIN="/usr/sbin/suexec" -D DEFAULT_PIDLOG="/var/logs/httpd.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="conf/mime.types" -D SERVER_CONFIG_FILE="conf/httpd.conf"
Check which Apache modules loaded into Apache – take note that mod_remoteip (remoteip_module) is loaded. Important if you plan to use Cloudflare in front of your DirectAdmin websites.
httpd -M Loaded Modules: core_module (static) authn_file_module (static) authn_dbm_module (static) authn_anon_module (static) authn_dbd_module (static) authn_socache_module (static) authn_core_module (static) authz_host_module (static) authz_groupfile_module (static) authz_user_module (static) authz_dbm_module (static) authz_owner_module (static) authz_dbd_module (static) authz_core_module (static) access_compat_module (static) auth_basic_module (static) auth_form_module (static) auth_digest_module (static) allowmethods_module (static) file_cache_module (static) cache_module (static) cache_disk_module (static) cache_socache_module (static) socache_shmcb_module (static) socache_dbm_module (static) socache_memcache_module (static) socache_redis_module (static) so_module (static) watchdog_module (static) macro_module (static) dbd_module (static) dumpio_module (static) buffer_module (static) ratelimit_module (static) reqtimeout_module (static) ext_filter_module (static) request_module (static) include_module (static) filter_module (static) substitute_module (static) sed_module (static) deflate_module (static) http_module (static) mime_module (static) log_config_module (static) log_debug_module (static) logio_module (static) env_module (static) expires_module (static) headers_module (static) unique_id_module (static) setenvif_module (static) version_module (static) remoteip_module (static) proxy_module (static) proxy_connect_module (static) proxy_ftp_module (static) proxy_http_module (static) proxy_fcgi_module (static) proxy_scgi_module (static) proxy_uwsgi_module (static) proxy_fdpass_module (static) proxy_wstunnel_module (static) proxy_ajp_module (static) proxy_balancer_module (static) proxy_express_module (static) proxy_hcheck_module (static) session_module (static) session_cookie_module (static) session_dbd_module (static) slotmem_shm_module (static) ssl_module (static) http2_module (static) lbmethod_byrequests_module (static) lbmethod_bytraffic_module (static) lbmethod_bybusyness_module (static) lbmethod_heartbeat_module (static) unixd_module (static) dav_module (static) status_module (static) autoindex_module (static) info_module (static) suexec_module (static) cgi_module (static) dav_fs_module (static) dav_lock_module (static) vhost_alias_module (static) negotiation_module (static) dir_module (static) actions_module (static) speling_module (static) userdir_module (static) alias_module (static) rewrite_module (static) systemd_module (shared) mpm_event_module (shared)
Check Apache httpd.conf default includes files that are available or commented out/disabled
grep Include /etc/httpd/conf/httpd.conf Include /etc/httpd/conf/extra/httpd-phpmodules.conf # Include some DirectAdmin alias Include conf/extra/httpd-alias.conf Include conf/extra/httpd-includes.conf Include conf/extra/httpd-directories.conf Include conf/extra/httpd-nginx.conf Include conf/extra/httpd-mpm.conf Include conf/extra/httpd-multilang-errordoc.conf Include conf/extra/httpd-autoindex.conf Include conf/extra/httpd-languages.conf #Include conf/extra/httpd-userdir.conf Include conf/extra/httpd-info.conf Include conf/extra/httpd-suphp.conf #Include conf/extra/httpd-manual.conf Include conf/extra/httpd-dav.conf Include conf/extra/httpd-default.conf Include conf/extra/httpd-ssl.conf Include conf/extra/httpd-deflate.conf Include conf/extra/httpd-php-handlers.conf Include conf/extra/httpd-vhosts.conf Include conf/extra/directadmin-vhosts.conf
Looks like the /etc/httpd/conf/extra/directadmin-vhosts.conf file contains the DirectAdmin added domain site’s Apache vhost configurations in /usr/local/directadmin/data/users/admin/httpd.conf include file
cat conf/extra/directadmin-vhosts.conf Include /usr/local/directadmin/data/users/admin/httpd.conf
Within /usr/local/directadmin/data/users/admin/httpd.conf are the domain site’s Apache vhost configurations it seems. Example in Gist posted here.
How DirectAdmin’s Apache was compiled/configured
cat /usr/local/directadmin/custombuild/configure/ap2/configure.apache #!/bin/sh "./configure" \ "--prefix=/etc/httpd" \ "--exec-prefix=/etc/httpd" \ "--bindir=/usr/bin" \ "--sbindir=/usr/sbin" \ "--sysconfdir=/etc/httpd/conf" \ "--enable-so" \ "--enable-dav" \ "--enable-dav-fs" \ "--enable-dav-lock" \ "--enable-suexec" \ "--enable-deflate" \ "--enable-unique-id" \ "--enable-cgi" \ "--disable-cgid" \ "--enable-mods-static=most" \ "--enable-mpms-shared=all" \ "--with-suexec-safedir=/usr/local/safe-bin" \ "--with-suexec-caller=apache" \ "--with-suexec-docroot=/" \ "--with-suexec-gidmin=100" \ "--with-suexec-logfile=/var/log/httpd/suexec_log" \ "--with-suexec-uidmin=100" \ "--with-suexec-userdir=public_html" \ "--with-suexec-bin=/usr/sbin/suexec" \ "--with-included-apr" \ "--with-pcre=/usr/local" \ "--includedir=/usr/include/apache" \ "--libexecdir=/usr/lib/apache" \ "--libdir=/usr/lib/apache" \ "--mandir=/usr/share/man" \ "--datadir=/var/www" \ "--localstatedir=/var" \ "--enable-logio" \ "--enable-ssl" \ "--enable-rewrite" \ "--enable-proxy" \ "--enable-expires" \ "--enable-reqtimeout" \ "--with-ssl=/usr" \ "--disable-md" \ "--enable-headers"
Check PHP command line version – looks like Zend Opcache isn’t installed by default which will result in PHP performance is much lower!
php -v PHP 7.3.7 (cli) (built: Jul 17 2019 18:33:55) ( NTS ) Copyright (c) 1997-2018 The PHP Group Zend Engine v3.3.7, Copyright (c) 1998-2018 Zend Technologies
Check if DirectAdmin PHP 7.3 supports Argon2 password hashing algorithm and libsodium – looks like libsodium is supported but missing Argon2 password hashing support. FYI, PHP web apps like Xenforo 2. x support newer Argon2 password hashing algorithms if your PHP version supports it.
php -r 'print_r(get_defined_constants());' | grep -i argon [SODIUM_CRYPTO_PWHASH_ALG_ARGON2I13] => 1 [SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13] => 2 [SODIUM_CRYPTO_PWHASH_STRPREFIX] => $argon2id$
Usually for PHP 7.3 on my Centmin Mod LEMP 123.09beta01 stack installs I add Argon2 + libsodium support and you should see the following:
php -r 'print_r(get_defined_constants());' | grep -i argon [PASSWORD_ARGON2I] => 2 [PASSWORD_ARGON2ID] => 3 [PASSWORD_ARGON2_DEFAULT_MEMORY_COST] => 1024 [PASSWORD_ARGON2_DEFAULT_TIME_COST] => 2 [PASSWORD_ARGON2_DEFAULT_THREADS] => 2 [SODIUM_CRYPTO_PWHASH_ALG_ARGON2I13] => 1 [SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13] => 2 [SODIUM_CRYPTO_PWHASH_STRPREFIX] => $argon2id$
For Argon2 you need newer 1.5+ version of libzip for PHP 7 to compile Argon2. On DirectAdmin PHP 7.3 seems libzip is older 1.1.2 version
php --ri zip zip Zip => enabled Zip version => 1.15.4 Libzip version => 1.1.2
And looks like DirectAdmin default PHP 7.3 configuration is compiled with –without-libzip
php-config Usage: /usr/local/bin/php-config [OPTION] Options: --prefix [/usr/local/php73] --includes [-I/usr/local/php73/include/php -I/usr/local/php73/include/php/main -I/usr/local/php73/include/php/TSRM -I/usr/local/php73/include/php/Zend -I/usr/local/php73/include/php/ext -I/usr/local/php73/include/php/ext/date/lib] --ldflags [ -L/usr/local/lib -L/usr/local/icu/lib] --libs [-lcrypt -lz -lexslt -lresolv -lcrypt -lsodium -lrt -lstdc++ -liconv -lpng -lz -ljpeg -lwebp -lz -lrt -lm -ldl -lnsl -lsystemd -lxml2 -lz -liconv -lm -ldl -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lssl -lcrypto -lpcre2-8 -lcurl -lxml2 -lz -liconv -lm -ldl -lssl -lcrypto -lfreetype -licui18n -licuuc -licudata -licuio -lxml2 -lz -liconv -lm -ldl -lxml2 -lz -liconv -lm -ldl -lcrypt -lxml2 -lz -liconv -lm -ldl -lxml2 -lz -liconv -lm -ldl -lxml2 -lz -liconv -lm -ldl -lxslt -lxml2 -lz -liconv -ldl -lm -lssl -lcrypto -lcrypt ] --extension-dir [/usr/local/php73/lib/php/extensions/no-debug-non-zts-20180731] --include-dir [/usr/local/php73/include/php] --man-dir [/usr/local/php73/php/man] --php-binary [/usr/local/php73/bin/php73] --php-sapis [ cli fpm phpdbg cgi] --configure-options [--prefix=/usr/local/php73 --program-suffix=73 --enable-fpm --with-fpm-systemd --with-config-file-scan-dir=/usr/local/php73/lib/php.conf.d --with-curl --with-gd --with-gettext --with-jpeg-dir=/usr/local/lib --with-freetype-dir=/usr/local/lib --with-libxml-dir=/usr/local/lib --with-kerberos --with-openssl --with-mhash --with-mysql-sock=/var/lib/mysql/mysql.sock --with-mysqli=mysqlnd --with-pcre-regex=/usr/local --with-pdo-mysql=mysqlnd --with-pear --with-png-dir=/usr/local/lib --with-sodium=/usr/local --with-webp-dir=/usr/local/lib --with-xsl --with-zlib --enable-zip --without-libzip --with-iconv=/usr/local --enable-bcmath --enable-calendar --enable-exif --enable-ftp --enable-sockets --enable-soap --enable-mbstring --with-icu-dir=/usr/local/icu --enable-intl] --version [7.3.7] --vernum [70307]
cat /usr/local/directadmin/custombuild/configure/ap2/configure.php73 #!/bin/sh ./configure \ --with-apxs2 \ --with-config-file-scan-dir=/usr/local/lib/php.conf.d \ --with-curl \ --with-gd \ --with-gettext \ --with-jpeg-dir=/usr/local/lib \ --with-freetype-dir=/usr/local/lib \ --with-libxml-dir=/usr/local/lib \ --with-kerberos \ --with-openssl \ --with-mhash \ --with-mysql-sock=/var/lib/mysql/mysql.sock \ --with-mysqli=mysqlnd \ --with-pcre-regex=/usr/local \ --with-pdo-mysql=mysqlnd \ --with-pear \ --with-png-dir=/usr/local/lib \ --with-sodium=/usr/local \ --with-webp-dir=/usr/local/lib \ --with-xsl \ --with-zlib \ --enable-zip \ --without-libzip \ --with-iconv=/usr/local \ --enable-bcmath \ --enable-calendar \ --enable-exif \ --enable-ftp \ --enable-sockets \ --enable-soap \ --enable-mbstring \ --with-icu-dir=/usr/local/icu \ --enable-intl
On Centmin Mod PHP 7.3 builds I deliberately use a newer libzip 1.5 version instead of CentOS 7 provided libzip 1.1.2 for this reason. Example from Centmin Mod 123.09beta01 with PHP 7.3.7
php --ri zip zip Zip => enabled Zip version => 1.15.4 Libzip headers version => 1.5.0 Libzip library version => 1.5.0
Check where DirectAdmin’s PHP command line version is reading settings .ini file directories from
php --ini Configuration File (php.ini) Path: /usr/local/php73/lib Loaded Configuration File: /usr/local/php73/lib/php.ini Scan for additional .ini files in: /usr/local/php73/lib/php.conf.d Additional .ini files parsed: /usr/local/php73/lib/php.conf.d/50-webapps.ini
Check DirectAdmin’s PHP command line loaded PHP extension modules
php -m [PHP Modules] bcmath calendar Core ctype curl date dom exif fileinfo filter ftp gd gettext hash iconv intl json libxml mbstring mysqli mysqlnd openssl pcre PDO pdo_mysql pdo_sqlite Phar posix Reflection session SimpleXML soap sockets sodium SPL sqlite3 standard tokenizer xml xmlreader xmlwriter xsl zip zlib [Zend Modules]
Checking the cpu load and memory usage of DirectAdmin installed as sysstat YUM package was installed as part of the preparation stage.
cpu load
sar -q | sed -e "s|$(hostname)|hostname|" Linux 3.10.0-957.21.3.el7.x86_64 (hostname) 07/17/2019 _x86_64_ (1 CPU) 05:10:00 PM LINUX RESTART 05:20:01 PM runq-sz plist-sz ldavg-1 ldavg-5 ldavg-15 blocked 05:30:01 PM 1 83 0.00 0.00 0.00 0 05:40:01 PM 1 83 0.00 0.00 0.00 0 05:50:01 PM 1 91 0.45 0.16 0.07 0 06:00:02 PM 2 116 1.81 1.57 0.85 0 06:10:02 PM 2 118 1.32 1.45 1.16 0 06:20:01 PM 3 113 1.12 1.39 1.31 0 06:30:02 PM 3 114 1.64 1.56 1.44 0 06:40:01 PM 3 114 1.16 1.44 1.46 0 06:50:02 PM 2 114 1.33 1.46 1.47 0 07:00:01 PM 2 114 1.84 1.62 1.54 0 07:10:01 PM 3 113 2.01 1.84 1.71 1 07:20:01 PM 3 128 1.94 1.77 1.71 0 07:30:01 PM 1 522 0.14 1.08 1.48 0 07:40:01 PM 2 523 0.00 0.15 0.78 0 07:50:01 PM 2 525 0.00 0.02 0.41 0 08:00:01 PM 5 527 0.00 0.01 0.22 0 08:10:01 PM 3 528 0.00 0.01 0.12 0 08:20:01 PM 1 527 0.09 0.07 0.10 0 08:30:01 PM 3 528 0.00 0.02 0.06 0 08:40:01 PM 2 525 0.00 0.01 0.05 0 08:50:01 PM 1 524 0.00 0.01 0.05 0 09:00:01 PM 3 527 0.00 0.01 0.05 0 Average: 2 298 0.68 0.71 0.73 0
memory usage
sar -r | sed -e "s|$(hostname)|hostname|" Linux 3.10.0-957.21.3.el7.x86_64 (hostname) 07/17/2019 _x86_64_ (1 CPU) 05:10:00 PM LINUX RESTART 05:20:01 PM kbmemfree kbmemused %memused kbbuffers kbcached kbcommit %commit kbactive kbinact kbdirty 05:30:01 PM 857528 157360 15.51 10060 66416 172372 3.31 49376 61324 0 05:40:01 PM 856412 158476 15.62 10124 67356 172372 3.31 49996 61700 16 05:50:01 PM 237420 777468 76.61 13492 582788 265880 5.10 347640 358336 44516 06:00:02 PM 84916 929972 91.63 17932 609740 889168 17.07 392288 443152 7624 06:10:02 PM 68800 946088 93.22 7652 518300 1002412 19.24 400396 443116 6988 06:20:01 PM 343964 670924 66.11 15040 308432 914316 17.55 192084 364012 11372 06:30:02 PM 686800 328088 32.33 7380 187656 889076 17.07 77984 184040 6244 06:40:01 PM 68984 945904 93.20 12516 599196 1052332 20.20 473912 370572 6380 06:50:02 PM 624964 389924 38.42 8748 193772 920440 17.67 109684 197288 6316 07:00:01 PM 201596 813292 80.14 10960 472432 1050972 20.18 393552 318388 8688 07:10:01 PM 381048 633840 62.45 12244 448196 892164 17.13 219448 317064 6560 07:20:01 PM 85520 929368 91.57 11608 726004 900956 17.30 380644 437972 11616 07:30:01 PM 340136 674752 66.49 57184 312992 3813832 73.21 274420 285892 0 07:40:01 PM 339664 675224 66.53 57336 313272 3813832 73.21 274568 286184 0 07:50:01 PM 299644 715244 70.48 58704 322676 3848780 73.88 307624 291068 0 08:00:01 PM 296944 717944 70.74 58940 322980 3852336 73.95 311300 289780 20 08:10:01 PM 292696 722192 71.16 59264 324164 3856300 74.03 313924 290564 60 08:20:01 PM 250300 764588 75.34 60464 366480 3853488 73.97 323220 323740 180 08:30:01 PM 244376 770512 75.92 61368 370316 3856012 74.02 325556 327132 76 08:40:01 PM 247284 767604 75.63 61968 370712 3849488 73.90 323016 327864 0 08:50:01 PM 246944 767944 75.67 62112 370760 3849488 73.90 323040 328040 0 09:00:01 PM 245516 769372 75.81 62268 370804 3852592 73.96 324256 328228 0 09:10:01 PM 246096 768792 75.75 62432 370952 3849488 73.90 323404 328448 0 Average: 328154 686734 67.67 34774 373756 2235569 42.92 283101 302778 5072
Verify DirectAdmin detected OS and environment to ensure CentOS 7 is detected
/usr/local/directadmin/directadmin o
Output
/usr/local/directadmin/directadmin o Compiled on 'CentOS 7.0 64-Bit' Compile time: Jul 12 2019 at 09:37:52 Timestamp: '1562945823' Compiled with IPv6
Step 4. Post-Install DirectAdmin Tasks
Hide DirectAdmin Apache Version header by editing /etc/httpd/conf/extra/httpd-default.conf and to customise Apache default MPM Worker settings edit /etc/httpd/conf/extra/httpd-mpm.conf.
Current Apache defaults show ServerSignature is already set to Off (disabled) but ServerTokens should be changed from Major to Prod.
egrep '^ServerTokens|^ServerSignature' /etc/httpd/conf/extra/httpd-default.conf ServerTokens Major ServerSignature Off
Change via sed replacement
sed -i 's|^ServerTokens .*|ServerTokens Prod|' /etc/httpd/conf/extra/httpd-default.conf sed -i 's|^ServerSignature .*|ServerSignature Off|' /etc/httpd/conf/extra/httpd-default.conf
Verify the changes
egrep '^ServerTokens|^ServerSignature' /etc/httpd/conf/extra/httpd-default.conf ServerTokens Prod ServerSignature Off
Then ensure these changes don’t get overwritten by DirectAdmin
cd /usr/local/directadmin/custombuild/ mkdir -p custom/ap2/conf/extra/ cp -p /etc/httpd/conf/extra/httpd-default.conf /usr/local/directadmin/custombuild/custom/ap2/conf/extra/ cp -p /etc/httpd/conf/extra/httpd-mpm.conf /usr/local/directadmin/custombuild/custom/ap2/conf/extra/
Then test the modified Apache config files
httpd -t Syntax OK
Then restart the Apache service
service httpd restart
Then do a curl header check to ensure the DirectAdmin Apache server only reports Server = Apache without any version identifiers.
curl -I localhost HTTP/1.1 200 OK Date: Thu, 25 Jul 2019 14:01:18 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade Last-Modified: Tue, 23 Jul 2019 13:32:29 GMT ETag: "2c-58e593965e689" Accept-Ranges: bytes Content-Length: 44 Vary: User-Agent Content-Type: text/html
Hide DirectAdmin HTTP Daemon Header for port 2222 non-logged-in visitors as per instructions here.
By default HTTP header response for requests over DirectAdmin port 2222 return the full DirectAdmin version number and the full name of the person the DirectAdmin license belongs to:
Server: DirectAdmin Daemon v1.57.5 Registered to FULL NAME - FULL NAME - DirectAdmin License
However, you can disable the more verbose version by setting show_info_in_header=0 in /usr/local/directadmin/conf/directadmin.conf
echo 'show_info_in_header=0' >> /usr/local/directadmin/conf/directadmin.conf service directadmin restart
Then HTTP Header would return a less verbose version
Server: DirectAdmin Daemon
DirectAdmin Apache server-status configuration
Setup Apache server-status and server-info configured for the server hostname you setup in Step 1 above via modifying Apache Include file /etc/httpd/conf/extra/httpd-info.conf – making sure to change YOUR_ISP_IP_ADDR to your ISP IP address or IP address you want to be able to view /server-status and /server-info statistics from and enable ExtendedStatus.
myisp_ip=YOUR_ISP_IP_ADDR sed -i "s|Require host .*|Require host $(hostname -f)|g" /etc/httpd/conf/extra/httpd-info.conf sed -i "s|Require ip .*|Require ip 127\n Require ip $myisp_ip|g" /etc/httpd/conf/extra/httpd-info.conf sed -i 's|^#ExtendedStatus On|ExtendedStatus On|' /etc/httpd/conf/extra/httpd-info.conf
Modified contents of /etc/httpd/conf/extra/httpd-info.conf
# # Get information about the requests being processed by the server # and the configuration of the server. # # Required modules: mod_authz_core, mod_authz_host, # mod_info (for the server-info handler), # mod_status (for the server-status handler) # # Allow server status reports generated by mod_status, # with the URL of http://servername/server-status # Change the ".example.com" to match your domain to enable. <Location /server-status> SetHandler server-status Require host hostname.yourdomain.com Require ip 127 Require ip YOUR_ISP_IP_ADDR </Location> # # ExtendedStatus controls whether Apache will generate "full" status # information (ExtendedStatus On) or just basic information (ExtendedStatus # Off) when the "server-status" handler is called. The default is Off. # ExtendedStatus On # # Allow remote server configuration reports, with the URL of # http://servername/server-info (requires that mod_info.c be loaded). # Change the ".example.com" to match your domain to enable. # <Location /server-info> SetHandler server-info Require host hostname.yourdomain.com Require ip 127 Require ip YOUR_ISP_IP_ADDR </Location>
Then restart the Apache service
service httpd restart
Then accessing hostname.yourdomain.com/server-status or hostname.yourdomain.com/server-info from the specified YOUR_ISP_IP_ADDR IP address will allow you to see DirectAdmin’s Apache server status and server info pages.
For hostname.yourdomain.com/server-status
For hostname.yourdomain.com/server-info
Setup nightly updates notification cronjob as outlined here.
Defaults in /usr/local/directadmin/custombuild/options.conf
#Cronjob Settings cron=no cron_frequency=weekly email=email@domain.com notifications=yes da_autoupdate=no updates=no webapps_updates=yes
Change to below replacing email with your desired email address for notifications
#Cronjob Settings cron=yes cron_frequency=weekly email=email@domain.com notifications=yes da_autoupdate=yes updates=no webapps_updates=yes
Then type:
./build cron Cronjob is set for MYEMAILADDRESS: Cronjob frequency: weekly Automatic notifications: yes Automatic updates: no
Actual cronjob at /etc/cron.weekly/custombuild
#!/bin/sh cd /usr/local/directadmin/custombuild ./build update >/dev/null 2>&1 AVAIL_UPDATES="`./build versions_nobold | grep -c -e 'update is available.'`" if [ "${AVAIL_UPDATES}" -gt 0 ]; then ./build versions_nobold | grep 'update is available.' | mail -s "${AVAIL_UPDATES} updates available for `hostname`" MYEMAILADDRESS ./build update_da ./build update_webapps fi exit 0;
Then when you get email notification alerts for updates, run
cd /usr/local/directadmin/custombuild ./build update_versions
Optionally if you need to create alias redirects i.e. create a /mydir alias which redirects users to /var/www/html/directory as per instructions here
cd /usr/local/directadmin/custombuild mkdir -p custom mkdir -p /var/www/html/mydirectory echo "mydir=mydirectory" >> custom/webapps.list ./build rewrite_confs
Disable /~username access
cd /usr/local/directadmin/custombuild ./build set userdir_access no ./build rewrite_confs
If CustomBuild 2.0 isn’t installed you can install it first. Verify if CustomBuild 2.0 is installed by checking build options and updates available:
cd /usr/local/directadmin/custombuild ./build options ./build versions
Build options output
./build options Apache: 2.4.39 mod_ruid2: no ModSecurity: no htscanner: no Dovecot: 2.3.7 Dovecot configuration: yes AWstats: no Exim: 4.92 exim.conf update: yes, release 4.5 BlockCracking: no Easy Spam Fighter: no SpamAssassin: no ClamAV: no MySQL: no MySQL backup: yes MySQL backup directory: /usr/local/directadmin/custombuild/mysql_backups MySQL compress backups: no PHP (default): 7.3 as php-fpm PHP (additional): 7.2 as php-fpm PHP (additional, 3rd): 5.6 as php-fpm phpMyAdmin: 4.9.0.1-all-languages ProFTPD: no Pure-FTPd: 1.0.49 RoundCube webmail: 1.3.9 Replace "php.ini" with './build all' and './build php_ini': no Auto updates/notifications: no Run "clean" every time: yes Run "clean_old_webapps" every time: yes Run "clean_old_tarballs" every time: yes Show texts in bold: yes SquirrelMail: 1.4.23-20190509_0200 Zend Guard Loader: no ionCube loader: no Suhosin: no
Build versions output
./build versions Latest version of DirectAdmin: 1.57.5 Installed version of DirectAdmin: 1.57.5 Latest version of Let's Encrypt client: 1.1.23 Installed version of Let's Encrypt client: 1.1.23 Latest version of Apache: 2.4.39 Installed version of Apache: 2.4.39 Latest version of Pure-FTPD: 1.0.49 Installed version of Pure-FTPd: 1.0.49 Latest version of libpng: 1.6.37 Installed version of libpng: 1.6.37 Latest version of libwebp: 1.0.2 Installed version of libwebp: 1.0.2 Latest version of nghttp2: 1.39.1 Installed version of nghttp2: 1.39.1 Latest version of libjpeg: 9c Installed version of libjpeg: 9c Latest version of ICU4C: 64.1 Installed version of ICU4C: 64.1 Latest version of libsodium: 1.0.17 Installed version of libsodium: 1.0.17 Latest version of libxml2: 2.9.8 Installed version of libxml2: 2.9.8 Latest version of libxslt: 1.1.32 Installed version of libxslt: 1.1.32 Latest version of iconv: 1.15 Installed version of iconv: 1.15 Latest version of PCRE: 8.43 Installed version of PCRE: 8.43 Latest version of PCRE2: 10.32 Installed version of PCRE2: 10.32 Latest version of FreeType: 2.10.1 Installed version of FreeType: 2.10.1 Latest version of dovecot: 2.3.7 Installed version of dovecot: 2.3.7 Latest version of dovecot.conf: 0.3 Installed version of dovecot.conf: 0.3 Latest version of Exim: 4.92 Installed version of Exim: 4.92 Latest version of exim.conf: 4.5.14 Installed version of exim.conf: 4.5.14 Latest version of PHP 5.6: 5.6.40 Installed version of PHP 5.6: 5.6.40 Latest version of PHP 7.2: 7.2.20 Installed version of PHP 7.2: 7.2.20 Latest version of PHP 7.3: 7.3.7 Installed version of PHP 7.3: 7.3.7 Latest version of RoundCube webmail: 1.3.9 Installed version of RoundCube webmail: 1.3.9 Latest version of phpMyAdmin: 4.9.0.1-all-languages Installed version of phpMyAdmin: 4.9.0.1-all-languages Latest version of SquirrelMail: 1.4.23-20190509_0200 Installed version of SquirrelMail: 1.4.23-20190509_0200 If you want to update all the available versions run: ./build update_versions
To install CustomBuild 2.0 if nothing or error is returned by build options/versions commands:
cd /usr/local/directadmin wget -O custombuild.tar.gz http://files.directadmin.com/services/custombuild/2.0/custombuild.tar.gz tar xvzf custombuild.tar.gz cd custombuild ./build ./build all d
To see current build options set in options.conf:
cd /usr/local/directadmin/custombuild ./build options
To see what each options.conf setting is related to run:
cd /usr/local/directadmin/custombuild ./build opt_help full
To see what configuration files CustomBuild is using:
cd /usr/local/directadmin/custombuild ./build used_configs
Output for used_configs
./build used_configs Apache configuration file: /usr/local/directadmin/custombuild/configure/ap2/configure.apache PHP (default) php.ini file: /usr/local/php73/lib/php.ini PHP (additional) php.ini file: /usr/local/php72/lib/php.ini PHP (additional, 3rd) php.ini file: /usr/local/php56/lib/php.ini PHP (default) configuration file: /usr/local/directadmin/custombuild/configure/fpm/configure.php73 PHP (additional) configuration file: /usr/local/directadmin/custombuild/configure/fpm/configure.php72 PHP (additional, 3rd) configuration file: /usr/local/directadmin/custombuild/configure/fpm/configure.php56 PureFTPD configuration file: /usr/local/directadmin/custombuild/configure/pureftpd/configure.pureftpd Exim Makefile: http://files2.directadmin.com/services/custombuild/Makefile Dovecot configuration file: /usr/local/directadmin/custombuild/configure/dovecot/configure.dovecot
If using EXT4 filesystem add use_xfs_quota=0 in /usr/local/directadmin/conf/directadmin.conf. Check if the setting already is populated via grep
grep 'use_xfs_quota' /usr/local/directadmin/conf/directadmin.conf use_xfs_quota=0
Looks like DirectAdmin install process already setup this variable for us. If it returned empty, then you’d need to add this via the command below.
echo 'use_xfs_quota=0' >> /usr/local/directadmin/conf/directadmin.conf
The BuyVM.net KVM VPS server I am using has EXT4 filesystem in place so this modification is needed
df -hT Filesystem Type Size Used Avail Use% Mounted on /dev/vda1 ext4 19G 1.5G 17G 9% / devtmpfs devtmpfs 486M 0 486M 0% /dev tmpfs tmpfs 496M 0 496M 0% /dev/shm tmpfs tmpfs 496M 13M 483M 3% /run tmpfs tmpfs 496M 0 496M 0% /sys/fs/cgroup tmpfs tmpfs 100M 0 100M 0% /run/user/0
Installing AWStats via CustomBuild 2.0
cd /usr/local/directadmin/custombuild ./build set awstats yes ./build awstats
Installing Zend Opcache for better PHP performance via CustomBuild 2.0.
cd /usr/local/directadmin/custombuild ./build update ./build set opcache yes ./build opcache
Output from build opcache
./build opcache opCache is now installed for PHP 7.3. opCache is now installed for PHP 7.2. opCache is now installed for PHP 5.6. Restarting php-fpm73. Restarting php-fpm72. Restarting php-fpm56.
Verify Zend Opcache
php -v PHP 7.3.7 (cli) (built: Jul 17 2019 18:33:55) ( NTS ) Copyright (c) 1997-2018 The PHP Group Zend Engine v3.3.7, Copyright (c) 1998-2018 Zend Technologies with Zend OPcache v7.3.7, Copyright (c) 1999-2018, by Zend Technologies
php --ri 'zend opcache' Zend OPcache Opcode Caching => Up and Running Optimization => Enabled SHM Cache => Enabled File Cache => Disabled Startup => OK Shared memory model => mmap Cache hits => 0 Cache misses => 0 Used memory => 8770936 Free memory => 125446792 Wasted memory => 0 Interned Strings Used memory => 450608 Interned Strings Free memory => 5840424 Cached scripts => 0 Cached keys => 0 Max keys => 7963 OOM restarts => 0 Hash keys restarts => 0 Manual restarts => 0 Directive => Local Value => Master Value opcache.enable => On => On opcache.use_cwd => On => On opcache.validate_timestamps => On => On opcache.validate_permission => On => On opcache.validate_root => Off => Off opcache.dups_fix => Off => Off opcache.revalidate_path => On => On opcache.log_verbosity_level => 1 => 1 opcache.memory_consumption => 128 => 128 opcache.interned_strings_buffer => 8 => 8 opcache.max_accelerated_files => 4000 => 4000 opcache.max_wasted_percentage => 5 => 5 opcache.consistency_checks => 0 => 0 opcache.force_restart_timeout => 180 => 180 opcache.revalidate_freq => 0 => 0 opcache.file_update_protection => 2 => 2 opcache.preferred_memory_model => no value => no value opcache.blacklist_filename => no value => no value opcache.max_file_size => 0 => 0 opcache.protect_memory => 0 => 0 opcache.save_comments => 1 => 1 opcache.optimization_level => 0x7FFEBFFF => 0x7FFEBFFF opcache.opt_debug_level => 0 => 0 opcache.enable_file_override => On => On opcache.enable_cli => On => On opcache.error_log => no value => no value opcache.restrict_api => no value => no value opcache.lockfile_path => /tmp => /tmp opcache.file_cache => no value => no value opcache.file_cache_only => 0 => 0 opcache.file_cache_consistency_checks => 1 => 1 opcache.huge_code_pages => Off => Of
Installing Imagick via CustomBuild 2.0. The DirectAdmin source compiles ImageMagick 7.x. From my experience with my optimise-images.sh script for batch image optimization, ImageMagick 7.x is actually slower than ImageMagick 6.x for image conversions etc.
cd /usr/local/directadmin/custombuild ./build update ./build set imagick yes ./build imagick
Output
./build set imagick yes Changed imagick option from no to yes
For ImagicK PHP extension
---------------------------------------------------------------------- Libraries have been installed in: /usr/local/directadmin/custombuild/imagick-3.4.4/modules If you ever happen to want to link against installed libraries in a given directory, LIBDIR, you must either use libtool, and specify the full pathname of the library, or use the `-LLIBDIR' flag during linking and do at least one of the following: - add LIBDIR to the `LD_LIBRARY_PATH' environment variable during execution - add LIBDIR to the `LD_RUN_PATH' environment variable during linking - use the `-Wl,--rpath -Wl,LIBDIR' linker flag - have your system administrator add LIBDIR to `/etc/ld.so.conf' See any operating system documentation about shared libraries for more information, such as the ld(1) and ld.so(8) manual pages. ---------------------------------------------------------------------- Build complete. Don't forget to run 'make test'. Make complete Installing shared extensions: /usr/local/php56/lib/php/extensions/no-debug-non-zts-20131226/ Installing header files: /usr/local/php56/include/php/ find . -name \*.gcno -o -name \*.gcda | xargs rm -f find . -name \*.lo -o -name \*.o | xargs rm -f find . -name \*.la -o -name \*.a | xargs rm -f find . -name \*.so | xargs rm -f find . -name .libs -a -type d|xargs rm -rf rm -f libphp.la modules/* libs/* Restarting php-fpm73. Restarting php-fpm72. Restarting php-fpm56. imagick 3.4.4 PHP extension has been installed successfully.
Check ImagicK PHP extension info
php --ri imagick imagick imagick module => enabled imagick module version => 3.4.4 imagick classes => Imagick, ImagickDraw, ImagickPixel, ImagickPixelIterator, ImagickKernel Imagick compiled with ImageMagick version => ImageMagick 7.0.8-46 Q16 x86_64 2019-07-18 https://imagemagick.org Imagick using ImageMagick library version => ImageMagick 7.0.8-46 Q16 x86_64 2019-07-18 https://imagemagick.org ImageMagick copyright => © 1999-2019 ImageMagick Studio LLC ImageMagick release date => 2019-07-18 ImageMagick number of supported formats: => 227 ImageMagick supported formats => 3FR, 3G2, 3GP, A, AAI, AI, ART, ARW, AVI, AVS, B, BGR, BGRA, BGRO, BMP, BMP2, BMP3, BRF, C, CAL, CALS, CANVAS, CAPTION, CIN, CIP, CLIP, CMYK, CMYKA, CR2, CRW, CUBE, CUR, CUT, DATA, DCM, DCR, DCRAW, DCX, DDS, DFONT, DNG, DPX, DXT1, DXT5, EPDF, EPI, EPS, EPS2, EPS3, EPSF, EPSI, ERF, FAX, FILE, FITS, FLV, FRACTAL, FTP, FTS, G, G3, G4, GIF, GIF87, GRADIENT, GRAY, GRAYA, HALD, HDR, HISTOGRAM, HRZ, HTM, HTML, HTTP, HTTPS, ICB, ICO, ICON, IIQ, INFO, INLINE, IPL, ISOBRL, ISOBRL6, JNG, JNX, JPE, JPEG, JPG, JPS, JSON, K, K25, KDC, LABEL, M, M2V, M4V, MAC, MAP, MASK, MAT, MATTE, MEF, MIFF, MKV, MNG, MONO, MOV, MP4, MPC, MPEG, MPG, MRW, MSL, MSVG, MTV, MVG, NEF, NRW, NULL, O, ORF, OTB, OTF, PAL, PALM, PAM, PANGO, PATTERN, PBM, PCD, PCDS, PCL, PCT, PCX, PDB, PDF, PDFA, PEF, PES, PFA, PFB, PFM, PGM, PGX, PICON, PICT, PIX, PJPEG, PLASMA, PNG, PNG00, PNG24, PNG32, PNG48, PNG64, PNG8, PNM, PPM, PS, PS2, PS3, PSB, PSD, PWP, R, RADIAL-GRADIENT, RAF, RAS, RAW, RGB, RGBA, RGBO, RGF, RLA, RLE, RMF, RW2, SCR, SCREENSHOT, SCT, SFW, SGI, SHTML, SIX, SIXEL, SPARSE-COLOR, SR2, SRF, STEGANO, SUN, SVG, SVGZ, TEXT, TGA, THUMBNAIL, TILE, TIM, TTC, TTF, TXT, UBRL, UBRL6, UIL, UYVY, VDA, VICAR, VID, VIFF, VIPS, VST, WBMP, WEBP, WMV, WPG, X3F, XBM, XC, XCF, XPM, XPS, XV, Y, YCbCr, YCbCrA, YUV Directive => Local Value => Master Value imagick.locale_fix => 0 => 0 imagick.skip_version_check => 0 => 0 imagick.progress_monitor => 0 => 0
Installing PHP Redis, GeoIP, Memcached, Memcache extensions via Poralix directadmin-utils script – under /php directory from their article.
mkdir -p /root/tools/poralix cd /root/tools/poralix wget -4 https://raw.githubusercontent.com/poralix/directadmin-utils/master/php/php-extension.sh -O php-extension.sh chmod 750 php-extension.sh ./php-extension.sh install redis ./php-extension.sh install geoip ./php-extension.sh install memcached ./php-extension.sh install memcache
For Redis PHP extension
./php-extension.sh install redis ---------------------------------------------------------------------- Libraries have been installed in: /usr/local/src/tmp.d5XOaepCUZ/redis-5.0.1/modules If you ever happen to want to link against installed libraries in a given directory, LIBDIR, you must either use libtool, and specify the full pathname of the library, or use the `-LLIBDIR' flag during linking and do at least one of the following: - add LIBDIR to the `LD_LIBRARY_PATH' environment variable during execution - add LIBDIR to the `LD_RUN_PATH' environment variable during linking - use the `-Wl,--rpath -Wl,LIBDIR' linker flag - have your system administrator add LIBDIR to `/etc/ld.so.conf' See any operating system documentation about shared libraries for more information, such as the ld(1) and ld.so(8) manual pages. ---------------------------------------------------------------------- Build complete. Don't forget to run 'make test'. Installing shared extensions: /usr/local/php73/lib/php/extensions/no-debug-non-zts-20180731/ [OK] Installation of redis for php73 completed! [OK] Found redis.so. Enabling the extension in /usr/local/php73/lib/php.conf.d/90-custom.ini redis Redis Support => enabled Redis Version => 5.0.1
Check Redis PHP extension info
php --ri redis redis Redis Support => enabled Redis Version => 5.0.1 Available serializers => php, json Directive => Local Value => Master Value redis.arrays.algorithm => no value => no value redis.arrays.auth => no value => no value redis.arrays.autorehash => 0 => 0 redis.arrays.connecttimeout => 0 => 0 redis.arrays.distributor => no value => no value redis.arrays.functions => no value => no value redis.arrays.hosts => no value => no value redis.arrays.index => 0 => 0 redis.arrays.lazyconnect => 0 => 0 redis.arrays.names => no value => no value redis.arrays.pconnect => 0 => 0 redis.arrays.previous => no value => no value redis.arrays.readtimeout => 0 => 0 redis.arrays.retryinterval => 0 => 0 redis.arrays.consistent => 0 => 0 redis.clusters.cache_slots => 0 => 0 redis.clusters.auth => no value => no value redis.clusters.persistent => 0 => 0 redis.clusters.read_timeout => 0 => 0 redis.clusters.seeds => no value => no value redis.clusters.timeout => 0 => 0 redis.pconnect.pooling_enabled => 1 => 1 redis.pconnect.connection_limit => 0 => 0 redis.session.locking_enabled => 0 => 0 redis.session.lock_expire => 0 => 0 redis.session.lock_retries => 10 => 10 redis.session.lock_wait_time => 2000 => 2000
For GeoIP PHP extension fails seem GeoIP 1.0.8 installed is too old for PHP 7.3?
./php-extension.sh install geoip /usr/local/src/tmp.8TYhIfRHNY/geoip-1.0.8/geoip.c:583:2: error: 'RETURN_STRING' undeclared (first use in this function) RETURN_STRING((char*)timezone, 1); ^ make: *** [geoip.lo] Error 1 [ERROR] Installation of geoip for php73 failed [ERROR] Could not find /usr/local/php73/lib/php/extensions/no-debug-non-zts-20180731/geoip.so. Removing extension from /usr/local/php73/lib/php.conf.d/10-directadmin.ini [ERROR] Could not find /usr/local/php73/lib/php/extensions/no-debug-non-zts-20180731/geoip.so. Removing extension from /usr/local/php73/lib/php.conf.d/50-webapps.ini [ERROR] Could not find /usr/local/php73/lib/php/extensions/no-debug-non-zts-20180731/geoip.so. Removing extension from /usr/local/php73/lib/php.conf.d/90-custom.ini
Update: was informed by the script author that php-extension.sh can also install beta versions of PHP extensions too
cd /root/tools/poralix ./php-extension.sh install geoip --beta
Excerpt output for GeoIP beta PHP extension install
---------------------------------------------------------------------- Libraries have been installed in: /usr/local/src/tmp.Fad76oPvIV/geoip-1.1.1/modules If you ever happen to want to link against installed libraries in a given directory, LIBDIR, you must either use libtool, and specify the full pathname of the library, or use the `-LLIBDIR' flag during linking and do at least one of the following: - add LIBDIR to the `LD_LIBRARY_PATH' environment variable during execution - add LIBDIR to the `LD_RUN_PATH' environment variable during linking - use the `-Wl,--rpath -Wl,LIBDIR' linker flag - have your system administrator add LIBDIR to `/etc/ld.so.conf' See any operating system documentation about shared libraries for more information, such as the ld(1) and ld.so(8) manual pages. ---------------------------------------------------------------------- Build complete. Don't forget to run 'make test'. Installing shared extensions: /usr/local/php73/lib/php/extensions/no-debug-non-zts-20180731/ [OK] Installation of geoip for php73 completed! [OK] Found geoip.so. Enabling the extension in /usr/local/php73/lib/php.conf.d/90-custom.ini geoip geoip support => enabled geoip extension version => 1.1.1
php-extensions.sh installed GeoIP 1.1.1 from the beta repository
php --ri geoip geoip geoip support => enabled geoip extension version => 1.1.1 geoip library version => 1005000 Directive => Local Value => Master Value geoip.custom_directory => no value => no value
On Centmin Mod LEMP stacks for PHP 7.3, I usually install GeoIP 1.1.2-dev builds. Example from Centmin Mod LEMP stack CentOS 7 install.
php --ri geoip geoip geoip support => enabled geoip extension version => 1.1.2-dev geoip library version => 1005000 Directive => Local Value => Master Value geoip.custom_directory => /usr/share/GeoIP => /usr/share/GeoIP
For Memcached PHP extension
./php-extension.sh install memcached ---------------------------------------------------------------------- Libraries have been installed in: /usr/local/src/tmp.757g97rpzB/memcached-3.1.3/modules If you ever happen to want to link against installed libraries in a given directory, LIBDIR, you must either use libtool, and specify the full pathname of the library, or use the `-LLIBDIR' flag during linking and do at least one of the following: - add LIBDIR to the `LD_LIBRARY_PATH' environment variable during execution - add LIBDIR to the `LD_RUN_PATH' environment variable during linking - use the `-Wl,--rpath -Wl,LIBDIR' linker flag - have your system administrator add LIBDIR to `/etc/ld.so.conf' See any operating system documentation about shared libraries for more information, such as the ld(1) and ld.so(8) manual pages. ---------------------------------------------------------------------- Build complete. Don't forget to run 'make test'. Installing shared extensions: /usr/local/php73/lib/php/extensions/no-debug-non-zts-20180731/ [OK] Installation of memcached for php73 completed! [OK] Found memcached.so. Enabling the extension in /usr/local/php73/lib/php.conf.d/90-custom.ini memcached memcached support => enabled memcached.compression_factor => 1.3 => 1.3
Check Memcached PHP extension info
php --ri memcached memcached memcached support => enabled Version => 3.1.3 libmemcached version => 1.0.16 SASL support => yes Session support => yes igbinary support => no json support => no msgpack support => no Directive => Local Value => Master Value memcached.sess_locking => On => On memcached.sess_lock_wait_min => 150 => 150 memcached.sess_lock_wait_max => 150 => 150 memcached.sess_lock_retries => 5 => 5 memcached.sess_lock_expire => 0 => 0 memcached.sess_binary_protocol => Off => Off memcached.sess_consistent_hash => On => On memcached.sess_consistent_hash_type => ketama => ketama memcached.sess_number_of_replicas => 0 => 0 memcached.sess_randomize_replica_read => Off => Off memcached.sess_remove_failed_servers => Off => Off memcached.sess_server_failure_limit => 0 => 0 memcached.sess_connect_timeout => 0 => 0 memcached.sess_sasl_username => no value => no value memcached.sess_sasl_password => no value => no value memcached.sess_persistent => Off => Off memcached.sess_prefix => memc.sess.key. => memc.sess.key. memcached.sess_lock_wait => not set => not set memcached.sess_lock_max_wait => not set => not set memcached.compression_type => fastlz => fastlz memcached.compression_factor => 1.3 => 1.3 memcached.compression_threshold => 2000 => 2000 memcached.serializer => php => php memcached.store_retry_count => 2 => 2 memcached.default_consistent_hash => Off => Off memcached.default_binary_protocol => Off => Off memcached.default_connect_timeout => 0 => 0
For Memcache PHP extension like GeoIP also failed for PHP 7 as it tries to install Memcache 2.2.7 which is very very old and doesn’t support PHP 7
./php-extension.sh install memcache configure: creating ./config.status config.status: creating config.h /bin/sh /usr/local/src/tmp.syOuw7Zz4k/memcache-2.2.7/libtool --mode=compile cc -I/usr/local/php73/include/php -I. -I/usr/local/src/tmp.syOuw7Zz4k/memcache-2.2.7 -DPHP_ATOM_INC -I/usr/local/src/tmp.syOuw7Zz4k/memcache-2.2.7/include -I/usr/local/src/tmp.syOuw7Zz4k/memcache-2.2.7/main -I/usr/local/src/tmp.syOuw7Zz4k/memcache-2.2.7 -I/usr/local/php73/include/php -I/usr/local/php73/include/php/main -I/usr/local/php73/include/php/TSRM -I/usr/local/php73/include/php/Zend -I/usr/local/php73/include/php/ext -I/usr/local/php73/include/php/ext/date/lib -DHAVE_CONFIG_H -g -O2 -c /usr/local/src/tmp.syOuw7Zz4k/memcache-2.2.7/memcache.c -o memcache.lo mkdir .libs cc -I/usr/local/php73/include/php -I. -I/usr/local/src/tmp.syOuw7Zz4k/memcache-2.2.7 -DPHP_ATOM_INC -I/usr/local/src/tmp.syOuw7Zz4k/memcache-2.2.7/include -I/usr/local/src/tmp.syOuw7Zz4k/memcache-2.2.7/main -I/usr/local/src/tmp.syOuw7Zz4k/memcache-2.2.7 -I/usr/local/php73/include/php -I/usr/local/php73/include/php/main -I/usr/local/php73/include/php/TSRM -I/usr/local/php73/include/php/Zend -I/usr/local/php73/include/php/ext -I/usr/local/php73/include/php/ext/date/lib -DHAVE_CONFIG_H -g -O2 -c /usr/local/src/tmp.syOuw7Zz4k/memcache-2.2.7/memcache.c -fPIC -DPIC -o .libs/memcache.o /usr/local/src/tmp.syOuw7Zz4k/memcache-2.2.7/memcache.c:40:40: fatal error: ext/standard/php_smart_str.h: No such file or directory #include "ext/standard/php_smart_str.h" ^ compilation terminated. make: *** [memcache.lo] Error 1 [ERROR] Installation of memcache for php73 failed [ERROR] Could not find /usr/local/php73/lib/php/extensions/no-debug-non-zts-20180731/memcache.so. Removing extension from /usr/local/php73/lib/php.conf.d/10-directadmin.ini [ERROR] Could not find /usr/local/php73/lib/php/extensions/no-debug-non-zts-20180731/memcache.so. Removing extension from /usr/local/php73/lib/php.conf.d/50-webapps.ini [ERROR] Could not find /usr/local/php73/lib/php/extensions/no-debug-non-zts-20180731/memcache.so. Removing extension from /usr/local/php73/lib/php.conf.d/90-custom.ini
Tried beta install but fails too as tries to install Memcache 3.0.8 which doesn’t support PHP 7+
cd /root/tools/poralix ./php-extension.sh install memcache --beta
php-extension.sh install Memcache 3.0.8 beta failure errors
configure: creating ./config.status config.status: creating config.h /bin/sh /usr/local/src/tmp.3qxkvT80jB/memcache-3.0.8/libtool --mode=compile cc -I/usr/local/php73/include/php -I. -I/usr/local/src/tmp.3qxkvT80jB/memcache-3.0.8 -DPHP_ATOM_INC -I/usr/local/src/tmp.3qxkvT80jB/memcache-3.0.8/include -I/usr/local/src/tmp.3qxkvT80jB/memcache-3.0.8/main -I/usr/local/src/tmp.3qxkvT80jB/memcache-3.0.8 -I/usr/local/php73/include/php -I/usr/local/php73/include/php/main -I/usr/local/php73/include/php/TSRM -I/usr/local/php73/include/php/Zend -I/usr/local/php73/include/php/ext -I/usr/local/php73/include/php/ext/date/lib -DHAVE_CONFIG_H -g -O2 -c /usr/local/src/tmp.3qxkvT80jB/memcache-3.0.8/memcache.c -o memcache.lo mkdir .libs cc -I/usr/local/php73/include/php -I. -I/usr/local/src/tmp.3qxkvT80jB/memcache-3.0.8 -DPHP_ATOM_INC -I/usr/local/src/tmp.3qxkvT80jB/memcache-3.0.8/include -I/usr/local/src/tmp.3qxkvT80jB/memcache-3.0.8/main -I/usr/local/src/tmp.3qxkvT80jB/memcache-3.0.8 -I/usr/local/php73/include/php -I/usr/local/php73/include/php/main -I/usr/local/php73/include/php/TSRM -I/usr/local/php73/include/php/Zend -I/usr/local/php73/include/php/ext -I/usr/local/php73/include/php/ext/date/lib -DHAVE_CONFIG_H -g -O2 -c /usr/local/src/tmp.3qxkvT80jB/memcache-3.0.8/memcache.c -fPIC -DPIC -o .libs/memcache.o In file included from /usr/local/src/tmp.3qxkvT80jB/memcache-3.0.8/php_memcache.h:34:0, from /usr/local/src/tmp.3qxkvT80jB/memcache-3.0.8/memcache.c:30: /usr/local/src/tmp.3qxkvT80jB/memcache-3.0.8/memcache_pool.h:45:47: fatal error: ext/standard/php_smart_str_public.h: No such file or directory #include "ext/standard/php_smart_str_public.h" ^ compilation terminated. make: *** [memcache.lo] Error 1 [ERROR] Installation of memcache for php73 failed [ERROR] Could not find /usr/local/php73/lib/php/extensions/no-debug-non-zts-20180731/memcache.so. Removing extension from /usr/local/php73/lib/php.conf.d/10-directadmin.ini [ERROR] Could not find /usr/local/php73/lib/php/extensions/no-debug-non-zts-20180731/memcache.so. Removing extension from /usr/local/php73/lib/php.conf.d/50-webapps.ini [ERROR] Could not find /usr/local/php73/lib/php/extensions/no-debug-non-zts-20180731/memcache.so. Removing extension from /usr/local/php73/lib/php.conf.d/90-custom.ini
On Centmin Mod LEMP stacks for PHP 7+, I usually install Memcache 4.0.4 which supports PHP 7.3 fine. Example:
php --ri memcache memcache memcache support => enabled Version => 4.0.4 Revision => $Revision$ Directive => Local Value => Master Value memcache.allow_failover => 1 => 1 memcache.max_failover_attempts => 20 => 20 memcache.default_port => 11211 => 11211 memcache.chunk_size => 32768 => 32768 memcache.protocol => ascii => ascii memcache.hash_strategy => consistent => consistent memcache.hash_function => crc32 => crc32 memcache.redundancy => 1 => 1 memcache.session_redundancy => 2 => 2 memcache.compress_threshold => 20000 => 20000 memcache.lock_timeout => 15 => 15 memcache.session_prefix_host_key => 0 => 0 memcache.session_prefix_host_key_remove_www => 1 => 1 memcache.session_prefix_host_key_remove_subdomain => 0 => 0 memcache.session_prefix_static_key => no value => no value memcache.session_save_path => no value => no value memcache.prefix_host_key => 0 => 0 memcache.prefix_host_key_remove_www => 1 => 1 memcache.prefix_host_key_remove_subdomain => 0 => 0 memcache.prefix_static_key => no value => no value
Enabling pigz multi-threaded gzip compression as outlined here if you have 2 or more CPU threads. There is no point in enabling pigz support if you only have 1 CPU thread.
You can use the below command to find out how many CPU threads you have for your server
grep -c "processor" /proc/cpuinfo
Then if the resulting output is a number 2 or more, you can enable pigz support in DirectAdmin
getcpus=$(grep -c "processor" /proc/cpuinfo) sed -i "s|^pigz=.*|pigz=$getcpus|" /usr/local/directadmin/conf/directadmin.conf
Then run CustomBuild 2.0 to install pigz
cd /usr/local/directadmin/custombuild ./build update ./build pigz
Install and configure Linux Malware Detect (Maldet) on DirectAdmin as outlined here but first install ClamAV so that Maldet can use ClamAV’s scanning engine which allows you to speed up Maldet scans dramatically. Without the ClamAV engine, Maldet scans will be very slow in comparison.
Install ClamAV using CustomBuild 2.0 with Exim ClamAV support,
cd /usr/local/directadmin/custombuild ./build update ./build set clamav yes ./build set clamav_exim yes ./build set exim yes ./build set eximconf yes ./build set eximconf_release 4.5 ./build clamav ./build exim ./build exim_conf
Looks like build updates download files from plain text non-HTTPS locations
./build update --2019-07-17 21:36:08-- http://files2.directadmin.com/services/custombuild/2.0/custombuild.tar.gz Resolving files2.directadmin.com (files2.directadmin.com)... 208.167.226.3 Connecting to files2.directadmin.com (files2.directadmin.com)|208.167.226.3|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 226253 (221K) [application/x-gzip] Saving to: './custombuild.tar.gz' 100%[================================================================================================================================================================================================================>] 226,253 491KB/s in 0.4s 2019-07-17 21:36:09 (491 KB/s) - './custombuild.tar.gz' saved [226253/226253] Extracting custombuild.tar.gz...
Then
./build set clamav yes Changed clamav option from no to yes ./build set clamav_exim yes Changed clamav_exim option from yes to yes ./build set exim yes Changed exim option from yes to yes ./build set eximconf yes Changed eximconf option from yes to yes ./build set eximconf_release 4.5 Changed eximconf_release option from 4.5 to 4.5
Actual ClamAV build which is a source compiled
./build clamav Downloading clamav-0.101.2.tar.gz... --2019-07-17 21:40:03-- http://files2.directadmin.com/services/custombuild/clamav-0.101.2.tar.gz Resolving files2.directadmin.com (files2.directadmin.com)... 208.167.226.3 Connecting to files2.directadmin.com (files2.directadmin.com)|208.167.226.3|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 21722932 (21M) [application/x-gzip] Saving to: '/usr/local/directadmin/custombuild/clamav-0.101.2.tar.gz' 100%[================================================================================================================================================================================================================>] 21,722,932 1.21MB/s in 19s Enabling clamd in systemd... Created symlink from /etc/systemd/system/multi-user.target.wants/clamd.service to /etc/systemd/system/clamd.service. Enabling freshclam in systemd... Created symlink from /etc/systemd/system/multi-user.target.wants/freshclam.service to /etc/systemd/system/freshclam.service. Current working dir is /usr/local/share/clamav ClamAV update process started at Wed Jul 17 21:44:33 2019 Using IPv6 aware code Max retries == 3 Querying current.cvd.clamav.net TTL: 153 Software version from DNS: 0.101.2 Retrieving http://database.clamav.net/main.cvd Trying to download http://database.clamav.net/main.cvd (IP: 104.16.218.84) Downloading main.cvd [100%] Loading signatures from main.cvd Properly loaded 4566249 signatures from new main.cvd main.cvd updated (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Querying main.58.102.1.0.6810DA54.ping.clamav.net Can't query main.58.102.1.0.6810DA54.ping.clamav.net Retrieving http://database.clamav.net/daily.cvd Trying to download http://database.clamav.net/daily.cvd (IP: 104.16.218.84) Downloading daily.cvd [100%] Loading signatures from daily.cvd Properly loaded 1659025 signatures from new daily.cvd daily.cvd updated (version: 25513, sigs: 1659025, f-level: 63, builder: raynman) Querying daily.25513.102.1.0.6810DA54.ping.clamav.net Can't query daily.25513.102.1.0.6810DA54.ping.clamav.net Retrieving http://database.clamav.net/bytecode.cvd Trying to download http://database.clamav.net/bytecode.cvd (IP: 104.16.218.84) Downloading bytecode.cvd [100%] Loading signatures from bytecode.cvd Properly loaded 94 signatures from new bytecode.cvd bytecode.cvd updated (version: 330, sigs: 94, f-level: 63, builder: neo) Querying bytecode.330.102.1.0.6810DA54.ping.clamav.net Can't query bytecode.330.102.1.0.6810DA54.ping.clamav.net Database updated (6225368 signatures) from database.clamav.net (IP: 104.16.218.84) Restarting freshclam. Restarting clamd. Restarting exim. Done ClamAV.
Actual Exim build
./build exim >>> exim binary built make[1]: Leaving directory `/usr/local/directadmin/custombuild/exim-4.92/build-Linux-x86_64' Installation directory is /usr/sbin cp exim /usr/sbin/exim-4.92-5 /bin/chown root /usr/sbin/exim-4.92-5 chmod a+x /usr/sbin/exim-4.92-5 chmod u+s /usr/sbin/exim-4.92-5 creation of symlink omitted (NO_SYMLINK is specified in Local/Makefile) cp /usr/sbin/exim_dumpdb /usr/sbin/exim_dumpdb.O cp exim_dumpdb /usr/sbin cp /usr/sbin/exim_fixdb /usr/sbin/exim_fixdb.O cp exim_fixdb /usr/sbin cp /usr/sbin/exim_tidydb /usr/sbin/exim_tidydb.O cp exim_tidydb /usr/sbin cp /usr/sbin/exinext /usr/sbin/exinext.O cp exinext /usr/sbin cp /usr/sbin/exiwhat /usr/sbin/exiwhat.O cp exiwhat /usr/sbin cp /usr/sbin/exim_dbmbuild /usr/sbin/exim_dbmbuild.O cp exim_dbmbuild /usr/sbin cp /usr/sbin/exicyclog /usr/sbin/exicyclog.O cp exicyclog /usr/sbin cp /usr/sbin/exigrep /usr/sbin/exigrep.O cp exigrep /usr/sbin cp /usr/sbin/eximstats /usr/sbin/eximstats.O cp eximstats /usr/sbin cp /usr/sbin/exipick /usr/sbin/exipick.O cp exipick /usr/sbin cp /usr/sbin/exiqgrep /usr/sbin/exiqgrep.O cp exiqgrep /usr/sbin cp /usr/sbin/exiqsumm /usr/sbin/exiqsumm.O cp exiqsumm /usr/sbin cp /usr/sbin/exim_lock /usr/sbin/exim_lock.O cp exim_lock /usr/sbin cp /usr/sbin/exim_checkaccess /usr/sbin/exim_checkaccess.O cp exim_checkaccess /usr/sbin Configuration file /etc/exim.conf already exists Exim installation complete Moving exim binary. Enabling exim in systemd... Exim 4.92 Installed. Restarting exim.
Actual Exim Conf build
./build exim_conf --2019-07-17 21:51:12-- http://files2.directadmin.com/services/SpamBlocker/4.5.14/exim.conf-SpamBlockerTechnology-v4.5.14.txt Resolving files2.directadmin.com (files2.directadmin.com)... 208.167.226.3 Connecting to files2.directadmin.com (files2.directadmin.com)|208.167.226.3|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 32137 (31K) [text/plain] Saving to: '/etc/exim.conf.cb20' 100%[================================================================================================================================================================================================================>] 32,137 --.-K/s in 0.1s 2019-07-17 21:51:13 (245 KB/s) - '/etc/exim.conf.cb20' saved [32137/32137] --2019-07-17 21:51:13-- http://files2.directadmin.com/services/custombuild/system_filter.exim Resolving files2.directadmin.com (files2.directadmin.com)... 208.167.226.3 Connecting to files2.directadmin.com (files2.directadmin.com)|208.167.226.3|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 10489 (10K) Saving to: '/etc/system_filter.exim' 100%[================================================================================================================================================================================================================>] 10,489 --.-K/s in 0s 2019-07-17 21:51:13 (119 MB/s) - '/etc/system_filter.exim' saved [10489/10489] --2019-07-17 21:51:13-- http://files2.directadmin.com/services/SpamBlocker/4.5.14/exim.strings.conf Resolving files2.directadmin.com (files2.directadmin.com)... 208.167.226.3 Connecting to files2.directadmin.com (files2.directadmin.com)|208.167.226.3|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 2076 (2.0K) [text/plain] Saving to: '/etc/exim.strings.conf.cb20' 100%[================================================================================================================================================================================================================>] 2,076 --.-K/s in 0s 2019-07-17 21:51:13 (123 MB/s) - '/etc/exim.strings.conf.cb20' saved [2076/2076] --2019-07-17 21:51:13-- http://files2.directadmin.com/services/SpamBlocker/4.5.14/exim.variables.conf.default Resolving files2.directadmin.com (files2.directadmin.com)... 208.167.226.3 Connecting to files2.directadmin.com (files2.directadmin.com)|208.167.226.3|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 924 [text/plain] Saving to: '/etc/exim.variables.conf.cb20' 100%[================================================================================================================================================================================================================>] 924 --.-K/s in 0s 2019-07-17 21:51:13 (148 MB/s) - '/etc/exim.variables.conf.cb20' saved [924/924] --2019-07-17 21:51:14-- http://files2.directadmin.com/services/exim.pl.24 Resolving files2.directadmin.com (files2.directadmin.com)... 208.167.226.3 Connecting to files2.directadmin.com (files2.directadmin.com)|208.167.226.3|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 17716 (17K) Saving to: '/etc/exim.pl.cb20' 100%[================================================================================================================================================================================================================>] 17,716 --.-K/s in 0.06s 2019-07-17 21:51:14 (276 KB/s) - '/etc/exim.pl.cb20' saved [17716/17716] Restarting exim.
Then install Maldet
cd /usr/local/src wget -4 http://www.rfxn.com/downloads/maldetect-current.tar.gz tar -zxvf maldetect-current.tar.gz cd $(ls -1d maldetect-*/ | tail -1) ./install.sh
Install output
./install.sh Created symlink from /etc/systemd/system/multi-user.target.wants/maldet.service to /usr/lib/systemd/system/maldet.service. Linux Malware Detect v1.6.4 (C) 2002-2019, R-fx Networks <proj@r-fx.org> (C) 2019, Ryan MacDonald <ryan@r-fx.org> This program may be freely redistributed under the terms of the GNU GPL installation completed to /usr/local/maldetect config file: /usr/local/maldetect/conf.maldet exec file: /usr/local/maldetect/maldet exec link: /usr/local/sbin/maldet exec link: /usr/local/sbin/lmd cron.daily: /etc/cron.daily/maldet maldet(1291): {sigup} performing signature update check... maldet(1291): {sigup} local signature set is version 201907043616 maldet(1291): {sigup} new signature set 2019071622063 available maldet(1291): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz maldet(1291): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz maldet(1291): {sigup} verified md5sum of maldet-sigpack.tgz maldet(1291): {sigup} unpacked and installed maldet-sigpack.tgz maldet(1291): {sigup} verified md5sum of maldet-clean.tgz maldet(1291): {sigup} unpacked and installed maldet-clean.tgz maldet(1291): {sigup} signature set update completed maldet(1291): {sigup} 15542 signatures (12730 MD5 | 2035 HEX | 777 YARA | 0 USER)
Edit Maldet config file at /usr/local/maldetect/conf.maldet and set scan_clamscan=”1″ to enable ClamAV scanner if it isn’t already set to 1
# If installed, use ClamAV clamscan binary as default scan engine which # provides improved scan performance on large file sets. The clamscan # engine is used in conjunction with native ClamAV signatures updated # through freshclam along with LMD signatures providing additional # detection capabilities. # [ 0 = disabled, 1 = enabled ] scan_clamscan="1"
Add support for Malware.Expert definitions
echo "DatabaseCustomURL http://cdn.malware.expert/malware.expert.ndb" >> /etc/freshclam.conf echo "DatabaseCustomURL http://cdn.malware.expert/malware.expert.hdb" >> /etc/freshclam.conf echo "DatabaseCustomURL http://cdn.malware.expert/malware.expert.ldb" >> /etc/freshclam.conf echo "DatabaseCustomURL http://cdn.malware.expert/malware.expert.fp" >> /etc/freshclam.conf service freshclam restart ls -la /usr/local/share/clamav/malware.expert.* /var/lib/clamav/malware.expert.*
resulting databases are in directory at /usr/local/share/clamav/
ls -la /usr/local/share/clamav/malware.expert.* /var/lib/clamav/malware.expert.* ls: cannot access /var/lib/clamav/malware.expert.*: No such file or directory -rw-r--r-- 1 clamav clamav 2744 Jul 17 21:57 /usr/local/share/clamav/malware.expert.fp -rw-r--r-- 1 clamav clamav 29852 Jul 17 21:57 /usr/local/share/clamav/malware.expert.hdb -rw-r--r-- 1 clamav clamav 20550 Jul 17 21:57 /usr/local/share/clamav/malware.expert.ldb -rw-r--r-- 1 clamav clamav 134358 Jul 17 21:57 /usr/local/share/clamav/malware.expert.ndb
Malware.Expert outlines what those databases contain: