Squid на Debian Jessie

Добавляем репозиторий
vim /etc/apt/sources.list:

deb http://ftp.ua.debian.org/debian/ jessie main

aptitude update
aptitude install squid3 squid-langpack apache2 apache2-utils iptables-persistent

Настраиваем squid на авторизацию по логину/паролю. Пароль будет передаваться в зашифрованном виде (digest authentication)
vim /etc/squid3/squid.conf:

#digest auth
auth_param digest program /usr/lib/squid3/digest_file_auth -c /etc/squid3/internet_users
auth_param digest realm squid
auth_param digest children 5
acl auth_users proxy_auth REQUIRED
http_access allow auth_users

#acls
acl bad_url url_regex "/etc/squid3/acl/bad_url.domain"
acl upload url_regex "/etc/squid3/acl/upload.domain"
acl filetypes urlpath_regex -i "/etc/squid3/acl/filetypes"
acl banners url_regex "/etc/squid3/acl/ads"
acl blockkeywords url_regex -i "/etc/squid3/acl/keywords"
acl blockip dst "/etc/squid3/acl/bad_ip"
http_access deny banners
http_access deny filetypes
http_access deny upload
http_access deny bad_url
http_access deny blockkeywords
http_access deny blockip

#make web pages load faster
request_header_access Referer deny all
request_header_access X-Forwarded-For deny all
request_header_access Via deny all
request_header_access Cache-Control deny all

http_access deny all

#hide IP address
forwarded_for off

error_directory /usr/share/squid3/errors/Russian-1251
http_port 8080
visible_hostname myhostname

Создаём пользователей squid
htdigest -c /etc/squid3/internet_users squid user1
htdigest /etc/squid3/internet_users squid user2
chown -R proxy:proxy /etc/squid3/internet_users
chmod 640 /etc/squid3/internet_users

Делаем acl списки доступа
mkdir /etc/squid3/acl
vim /etc/squid3/acl/bad_url.domain:

facebook.com
twitter.com
vk.com
odnoklassniki.ru
ok.ru
myspace.com
my.mail.ru

vim /etc/squid3/acl/upload.domain:

rutracker.org
rutor.org
ex.ua

vim /etc/squid3/acl/filetypes:

\.(torrent)$
\.(exe)$
\.(bin)$

vim /etc/squid3/acl/ads:

^http://r\.mail\.ru/(cl)?b[[:digit:]]+
^http://images\.rambler\.ru/upl/
^http://(www\.)?sunradio\.ru/upload/bx/
^http://(www\.)?nnm\.ru/ban/
^http://(www\.)?java2phone\.ru/pict/b
^http://([[:alpha:]]+[[:digit:]]*\.)+bigmir\.net
^http://[[:alpha:]]+[[:digit:]]*\.[[:digit:]]+mdn\.net/viewad/
^http://(www\.)?nasvyazi\.ru/img/banner_
^http://(www\.)?games\.ru/b/
^http://(www\.)?computerra\.ru/upload/bx/
^http://(www\.)?finbs\.ru/Upload/
^http://(www\.)?torrents\.ru/forum/bn/
^http://(www\.)?powerclip\.ru/baner/
^http://(www\.)?nnm\.ru/rec/[[:digit:]]+/banner
^http://[[:alpha:]-]+\.nnm\.ru/rec/[[:digit:]]+/
^http://i\.ru-board\.com/temp/
^http://adserv\.top500\.org/b/
^http://([[:alpha:]-]+\.)+traf\.spb\.ru/(upload|b)/
^http://([[:alpha:]-]+\.)*inf\.by/i/b/
^http://(www\.)?gzt\.ru/files/
^http://([[:alnum:]]+\.)*ru-board\.com/board/temp/
^http://(www\.)?rb\.ru/img/content/ushki/

vim /etc/squid3/acl/keywords:

fuck
sex
porno
naked
condon

vim /etc/squid3/acl/bad_ip:

173.252.120.6
199.16.156.70
87.240.131.118
217.20.147.94
216.178.46.224
94.100.180.25

invoke-rc.d squid3 restart

Настраиваем анализатор логов free-sa
cd /usr/src
wget http://sourceforge.net/projects/free-sa/files/free-sa-dev/2.0.0b6p7/free-sa-2.0.0b6p7.tar.gz
tar xzf free-sa-2.0.0b6p7.tar.gz
cd /usr/src/free-sa-2.0.0b6p7
cp configs/ubuntu-i586-gcc4.mk configs/ubuntu-x86_64-gcc4.mk

В файле configs/ubuntu-x86_64-gcc4.mk нужно заменить -march=$(SARCH) на -march=native
vim global.mk:

#OSTYPE = generic-any-cc
OSTYPE = ubuntu-x86_64-gcc4

make install
Устанавливаем скрипт статистики в cron
vim /etc/free-sa/free-sa_day:

#!/bin/bash
umask 0022
free_sa=/usr/bin/free-sa
date1=`date +%x`
$free_sa -d $date1-

vim /etc/crontab:

0 23 * * * root /etc/free-sa/free-sa_day

Настраиваем apache для просмотра статистики через веб по логину/паролю
vim /etc/apache2/conf-enabled/freesa.conf:

Alias /fsa /var/www/free-sa/
<Directory /var/www/free-sa/>
  DirectoryIndex index.html
   AuthType Digest
   AuthName "freesa"
   AuthUserFile /etc/free-sa/.htpasswd
   Require valid-user
</Directory>

Создаём пользователей, которые будут просматривать статистику
htdigest -c /etc/free-sa/.htpasswd freesa user1
htdigest /etc/free-sa/.htpasswd freesa user2

invoke-rc.d apache2 reload
Статистика будет доступна по адресу http://localhost/fsa
Включаем пересылку пакетов в ядре:
vim /etc/sysctl.conf:

net.ipv4.ip_forward=1

sysctl -p
vim /etc/rc.local:

sysctl -p

Открываем порты

iptables -I INPUT 1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I INPUT 2 -s 192.168.0.0/24 -d 192.168.0.1 -i eth0 -p tcp -m state --state NEW -m multiport --dports 80,8080 -j ACCEPT
invoke-rc.d netfilter-persistent save

Awstats на Debian Jessie.

Добавляем репозиторий
vim /etc/apt/sources.list:

deb http://ftp.ua.debian.org/debian/ jessie main


aptitude update
aptitude -y install awstats apache2-utils iptables-persistent

Создаем конфигурацию для своего сайта
cp /etc/awstats/awstats.conf /etc/awstats/awstats.example.com.conf
vim /etc/awstats/awstats.example.com.conf:

LogFile="/var/log/apache2/example.com-access.log"
LogFormat=1
SiteDomain="example.com"
Lang="ru"
AllowToUpdateStatsFromBrowser=1

Делаем необходимые разрешения для awstats
vim /etc/logrotate.d/apache2:

create 644 root adm
        prerotate
        /usr/lib/cgi-bin/awstats.pl -config=awstats.example.com.conf  -update
        endscript

chmod 644 /var/log/apache2/*.log
chgrp adm /usr/lib/cgi-bin/awstats.pl

cp /usr/share/doc/awstats/examples/apache.conf /etc/apache2/conf-enabled/awstats.conf
vim /etc/apache2/conf-enabled/awstats.conf:

Alias /awstats /usr/share/awstats/
<Directory /usr/share/awstats/>
        AuthType Digest
        AuthName "awstats"
        AuthUserFile /usr/share/awstats/.htpasswd
        Require valid-user
</Directory>

<Directory /usr/lib/cgi-bin/>
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Require all granted
</Directory>

chown -R www-data:www-data /usr/share/awstats/
invoke-rc.d apache2 reload

Добавляем пользователей awstats
htdigest -c /usr/share/awstats/.htpasswd awstats admin
При следующем добавлении пользователей ключ "-c" не нужен

vim /etc/cron.d/awstats:

#*/10 * * * * www-data [ -x /usr/share/awstats/tools/update.sh ] && /usr/share/awstats/tools/update.sh
#10 03 * * * www-data [ -x /usr/share/awstats/tools/buildstatic.sh ] && /usr/share/awstats/tools/buildstatic.sh
* */2 * * * www-data [ -x /usr/lib/cgi-bin/awstats.pl ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null
* */3 * * * www-data [ -x /usr/lib/cgi-bin/awstats.pl ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -output -staticlink > /usr/share/awstats/index.html

Генерируем первый отчет
sudo -u www-data /usr/lib/cgi-bin/awstats.pl -update -config=example.com
sudo -u www-data /usr/lib/cgi-bin/awstats.pl -config=example.com -output -staticlink > /usr/share/awstats/index.html

Отчеты будут доступны по адресу http://example.com/awstats

Открываем порт
iptables -I INPUT 1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I INPUT 2 -s 192.168.40.0/24 -d 192.168.40.1 -i eth0 -p tcp -m state --state NEW --dport 80 -j ACCEPT
invoke-rc.d netfilter-persistent save

Bacula на Debian Jessie

Добавляем репозиторий
vim /etc/apt/sources.list:

deb http://ftp.ua.debian.org/debian/ jessie main


aptitude update
aptitude -y install bacula-common-mysql bacula-console bacula-director-mysql bacula-fd bacula-sd-mysql sqlite3 zendframework unzip mysql-server apache2 iptables-persistent

vim /etc/bacula/bacula-dir.conf:

Director {
  Name = localhost-dir
  DIRport = 9101
  QueryFile = "/etc/bacula/scripts/query.sql"
  WorkingDirectory = "/var/lib/bacula"
  PidDirectory = "/var/run/bacula"
  Maximum Concurrent Jobs = 1
  Password = "mypassword"
  Messages = Daemon
  DirAddress = 127.0.0.1
}

JobDefs {
  Name = "DefaultJob"
  Type = Backup
  Level = Incremental
  Client = localhost-fd
  FileSet = "Full Set"
  Schedule = "WeeklyCycle"
  Storage = File
  Messages = Standard
  Pool = File
  Priority = 10
  Write Bootstrap = "/var/lib/bacula/%c.bsr"
}

Job {
  Name = "localhost"
  JobDefs = "DefaultJob"
}

Job {
  Name = "RestoreFiles"
  Type = Restore
  Client = localhost-fd
  FileSet = "Full Set"
  Storage = File
  Pool = Default
  Messages = Standard
  Where = /nonexistant/path/to/file/archive/dir/bacula-restores
}

Storage {
  Name = File
  Address = example.com
  SDPort = 9103
  Password = "mypassword"
  Device = FileStorage
  Media Type = File
}

Catalog {
  Name = MyCatalog
  dbname = "bacula"; dbuser = "bacula"; dbpassword = "baculadbpasswd"
}

Console {
  Name = localhost-mon
  Password = "mypassword"
  CommandACL = status, .status
}
#Прикрепляем конфигурационные файлы для наших клиентов
@/etc/bacula/localhost.conf

vim /etc/bacula/bacula-sd.conf:

Storage {
  Name = example.com-sd
  SDPort = 9103
  WorkingDirectory = "/var/lib/bacula"
  Pid Directory = "/var/run/bacula"
  Maximum Concurrent Jobs = 20
#  SDAddress = 127.0.0.1
}
Director {
  Name = example.com-dir
  Password = "mypassword"
}

Director {
  Name = example.com-mon
  Password = "mypassword"
  Monitor = yes
}

Device {
  Name = FileStorage
  Media Type = File
  Archive Device = /res/bacula #папка, в которую будем складывать резервные копии
  LabelMedia = yes;
  Random Access = Yes;
  AutomaticMount = yes;
  RemovableMedia = no;
  AlwaysOpen = no;
}

Device {
        Name = localhost
        Media Type = File
        Archive Device = /res/bacula
        LabelMedia = yes;
        Random Access = yes;
        AutomaticMount = yes;
        RemovableMedia = no;
        AlwaysOpen = no;
}

Клиентский конфигурационный файл
vim /etc/bacula/localhost.conf:

Client {
        Name = localhost-fd
        Address = 127.0.0.1
        FDPort = 9102
        Catalog = MyCatalog
        Password = "mypassword"
        File Retention = 30 days
        Job Retention = 60 day
        AutoPrune = yes
}

Pool {
        Name = localhost
        Pool Type = Backup
        LabelFormat = localhost
        Recycle = yes
        Recycle Oldest Volume = yes
        AutoPrune = yes
        Volume Retention = 30 days
        Maximum Volume Bytes = 30G
        Maximum Volumes = 10
        Maximum Volume Jobs = 1
        Purge Oldest Volume = yes
}

FileSet {
        Name = "localhost-set"
        Include {
                Options {
                        Signature=MD5
                        compression = GZIP
                        }
                File = /
                }
        Exclude {
                File = /tmp
                File = /var/tmp
                File = /proc
                File = /sys
                File = /run
                File = /lost+found
                }
}

Job {
        Name = "localhost-job"
        Type = Backup
        Level = Full
        Client = localhost-fd
        FileSet = "localhost-set"
        Storage = localhost
        Schedule = "localhost"
        Enabled = yes
        Rerun Failed Levels = yes
        Pool = localhost
        Messages = Standard
}

Storage {
        Name = localhost
        Address = 127.0.0.1
        SDPort = 9103
        Password = "mypasswd"
        Device = localhost
        Media Type = File
        Maximum Concurrent Jobs = 2
}

Schedule {
        Name = "localhost"
        Run = Full 1st sat at 2:00
        Run = Differential 2nd-5th sat at 2:00
        Run = Incremental mon-fri at 3:00
}

Делаем базу данных для bacula
vim /usr/share/bacula-director/make_mysql_tables:

##!/bin/sh
#bindir=/usr/bin
#PATH="$bindir:$PATH"
#db_name=${db_name:-XXX_DBNAME_XXX}
#if mysql -D ${db_name} $* -f <<END-OF-DATA
#END-OF-DATA
#then
#   echo "Creation of Bacula MySQL tables succeeded."
#else
#   echo "Creation of Bacula MySQL tables failed."
#fi
#exit 0

mysql -u root -p
create database bacula;
grant all privileges on bacula.* to 'bacula'@'localhost' identified by 'baculadbpasswd';
use bacula;
source /usr/share/bacula-director/make_mysql_tables
quit

Настраиваем клиент
vim /etc/bacula/bacula-fd.conf:

Director {
  Name = localhost-dir
  Password = "mypassword"
}

Director {
  Name = localhost-mon
  Password = "mypassword"
  Monitor = yes
}

FileDaemon {
  Name = localhost-fd
  FDport = 9102
  WorkingDirectory = /var/lib/bacula
  Pid Directory = /var/run/bacula
  Maximum Concurrent Jobs = 20
  FDAddress = 127.0.0.1
}

Messages {
  Name = Standard
  director = localhost-dir = all, !skipped, !restored
}

vim /etc/bacula/bconsole.conf:

Director {
  Name = localhost-dir
  DIRport = 9101
  address = 127.0.0.1
  Password = "mypassword"
}

invoke-rc.d bacula-director restart
invoke-rc.d bacula-sd restart
invoke-rc.d bacula-fd restart

Устанавливаем webacula веб интерфейс для bacula
wget https://github.com/tim4dev/webacula/archive/master.zip
unzip master.zip
mv webacula-master /var/www/webacula

Проверяем зависимости устанавливаем, чего нет
php5 /var/www/webacula/install/check_system_requirements.php

vim /var/www/webacula/application/config.ini:

db.config.host = localhost
db.config.username = bacula
db.config.password = "baculadbpasswd"
db.config.dbname = bacula
def.timezone = "Europe/Kiev"
locale = "ru"
bacula.sudo = ""
bacula.bconsole = "/usr/sbin/bconsole"

vim /var/www/webacula/install/db.conf:

db_name="bacula"
db_user="bacula"
db_pwd="baculadbpasswd"
webacula_root_pwd="mypasswd" #пароль от учетной записи root на веб интерфейс

usermod -a -G bacula www-data
chown root:bacula /usr/sbin/bconsole
chmod u=rwx,g=rx,o= /usr/sbin/bconsole
chown root:bacula /etc/bacula/bconsole.conf
chmod u=rw,g=r,o= /etc/bacula/bconsole.conf

Создаем таблицы для webacula
./var/www/webacula/install/MySql/10_make_tables.sh
./var/www/webacula/install/MySql/20_acl_make_tables.sh

Настраиваем apache
vim /etc/apache2/conf-enabled/webacula.conf

Alias /webacula /var/www/webacula/html
<Directory "/var/www/webacula/html">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
</Directory>

vim /var/www/webacula/html/index.php:

define('BACULA_VERSION', 14);

chown -R www-data:www-data /var/www/webacula/
invoke-rc.d apache2 reload

Открываем порты
iptables -I INPUT 1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I INPUT 2 -s 192.168.0.0/24 -d 192.168.0.1 -i eth0 -p tcp -m state --state NEW -m multiport --dports 80,9101:9103 -j ACCEPT
invoke-rc.d netfilter-persistent save

Nvidia Optimus на Debian Jessie.

Добавляем репозиторий в /etc/apt/sources.list:

deb http://http.debian.net/debian/ jessie main contrib non-free

aptitude update
aptitude -y install nvidia-kernel-dkms bumblebee-nvidia bbswitch-dkms

vim /etc/bumblebee/bumblebee.conf:

KernelDriver=nvidia-current
KeepUnusedXServer=true

Добавляем пользователя в группу bumblebee:
usermod -a -G bumblebee myuser

Перезагружаемся

Теперь, внешний видеоадаптер будет включаться/выключаться сам. Если нужно запустить программу с внешним видеоадаптером, то запускаем через optirun, например:
optirun iceweasel

В лог будет писать примерно так:

kernel: [   25.040245] bbswitch: detected an Optimus _DSM function
...
kernel: [   25.040284] bbswitch: Succesfully loaded. Discrete card 0000:01:00.0 is on
...
kernel: [12989.159658] bbswitch: enabling discrete graphics
...
kernel: [12989.159658] bbswitch: enabling discrete graphics

Arpwatch на Debian Jessie

Добавляем репозиторий
vim /etc/apt/sources.list:

deb http://ftp.ua.debian.org/debian/ jessie main


aptitude update
aptitude -y install arpwatch libdbi-perl libdatetime-perl apache2 apache2-utils fcgiwrap libapache2-mod-fcgid iptables-persistent

Настраиваем запуск arpwatch на определенный сетевой интерфейс
vim /etc/arpwatch.conf:

eth0 -a -m admin@example.com

invoke-rc.d arpwatch restart

Настраиваем веб интерфейс к arpwatch (http://sources.homelink.ru/arpwatch/arpwatch-rus.html)

mkdir /etc/arpwatch
wget http://sources.homelink.ru/arpwatch/arpwatch-homelink-20100228.tar.gz
tar xzf arpwatch-homelink-20100228.tar.gz -C /etc/arpwatch

Создаем базу данных
mysql -u root -p
create database arpwatch;
use arpwatch;
source /etc/arpwatch/arpwatch.sql
grant insert on arpwatch.arpwatch to arpwatch2sql@localhost identified by 'arpwatchdbpass';
grant select on arpwatch.arpwatch to arpwatch2cgi@localhost identified by 'arpwatchdbpass';
flush privileges;
quit;

Шифруем пароль от базы данных
mysql_config_editor set --login-path=arpwatch --host=localhost --user=arpwatch2sql --password

vim /etc/crontab:

*/5 * * * * root /etc/arpwatch/arpwatch2sql | mysql --login-path=arpwatch arpwatch

mkdir /var/www/arpwatch
cp /etc/arpwatch/{Webutils.pm,arpwatch.cgi,arpwatch-topstats.cgi} /var/www/arpwatch/
chown -R www-data:www-data /var/www/arpwatch

vim /var/www/arpwatch/Webutils.pm:

sub webutils_utminit(;$)
{
        my $dbh = DBI->connect("DBI:mysql:database=arpwatch:host=localhost",
                                "arpwatch2cgi", "arpwatchdbpass")
                or die "Cannot connect to database ".$DBI::errstr."\n";
        $dbh;
}

vim /etc/apache2/conf-enabled/arpwatch.conf:

Alias /arpwatch "/var/www/arpwatch/"
<Directory "/var/www/arpwatch/">
    Options ExecCGI
    DirectoryIndex arpwatch.cgi
    AllowOverride None
    AuthType Digest
    AuthName "arpwatch"
    AuthUserFile "/etc/arpwatch/.htpasswd"
    require user valid-user
</Directory>

a2enmod auth_digest
htdigest -c /etc/arpwatch/.htpasswd arpwatch admin

При последующем добавлении пользователей ключ «-c» не нужен
chgrp www-data /etc/arpwatch/.htpasswd
invoke-rc.d apache2 reload

Веб интерфейс будет доступен по http://example.com/arpwatch

Открываем порт для apache
iptables -I INPUT 1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I INPUT 2 -s 192.168.0.0/24 -d 192.168.0.1 -i eth0 -p tcp -m state --state NEW --dport 80 -j ACCEPT
invoke-rc.d netfilter-persistent save

Drupal на Debian Jessie

Добавляем репозиторий
vim /etc/apt/sources.list:

deb http://ftp.ua.debian.org/debian/ jessie main


aptitude update
aptitude -y install openssl drupal7 iptables-persistent

vim /etc/apache2/sites-available/000-default.conf:

<VirtualHost *:80>
        ServerName example.com
        ServerAdmin admin@example.com
        DocumentRoot /usr/share/drupal7/
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

vim /etc/apache2/sites-available/default-ssl.conf:

<IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                ServerAdmin webmaster@example.com
                DocumentRoot /usr/share/drupal7/
                Options FollowSymLinks ExecCGI
                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined
                SSLEngine on
                SSLCertificateFile      /etc/ssl/private/example.com.crt
                SSLCertificateKeyFile   /etc/ssl/private/example.com.key
                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>
                BrowserMatch "MSIE [2-6]" \
                                nokeepalive ssl-unclean-shutdown \
                                downgrade-1.0 force-response-1.0
                BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
        </VirtualHost>
</IfModule>

Генерируем самоподписные сертификаты SSL
cd /etc/ssl/private
openssl genrsa -des3 -out example.com.key 2048
openssl rsa -in server.key -out example.com.key
openssl req -new -days 36500 -key example.com.key -out example.com.csr
openssl x509 -in example.com.csr -out example.com.crt -req -signkey example.com.key -days 3650
chmod 400 example.com.*

Создаём папку для нашего сайта и настройки по умолчанию:
cd /usr/share/drupal7/sites/
mkdir example.com
cp -a default/* example.com
vim example.com/dbconfig.php:

<?php
$databases['default']['default'] = array(
        'driver' => 'mysql',
        'database' => 'drupal',
        'username' => 'drupal',
        'password' => 'drupaldbpass',
        'host' => 'localhost',
        'port' => '',
        'prefix' => ''
);

?>

chown -R www-data:www-data /usr/share/drupal7

Создаём базу данных для drupal:
mysql -u root -p
create database drupal;
GRANT ALL ON drupal.* TO drupal@localhost IDENTIFIED BY 'drupaldbpass';
quit;

a2enmod ssl rewrite
a2ensite default-ssl
invoke-rc.d apache2 restart

Запускаем установку drupal
https://example.com/install.php

Открываем порты
iptables -I INPUT 1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I INPUT 2 -s 192.168.0.0/24 -d 192.168.0.1 -i eth0 -p tcp -m state --state NEW -m multiport --dports 80,443 -j ACCEPT
invoke-rc.d netfilter-persistent save

NAT на Debian Jessie

Имеем 2 сетевых интерфейса:
eth0 — локальная сеть 192.168.40.1
eth1 — интернет 100.200.1.1

Добавляем репозиторий
vim /etc/apt/sources.list:

deb http://ftp.ua.debian.org/debian/ jessie main

aptitude update
aptitude -y install isc-dhcp-server iptables-persistent

Настраиваем сетевые интерфейсы
vim /etc/network/interfaces:

auto eth1
allow-hotplug eth1
iface eth1 inet dhcp

auto eth0
allow-hotplug eth0
iface eth0 inet static
    address 192.168.40.1

invoke-rc.d networking stop && invoke-rc.d networking start

Включаем пересылку пакетов в ядре:
vim /etc/sysctl.conf:

net.ipv4.ip_forward=1

sysctl -p

vim /etc/dhcp/dhcpd.conf:

ddns-update-style none;
option domain-name-servers здесь через запятую вписываем IP адреса вашего интернет провайдера;
default-lease-time 600;
max-lease-time 7200;
authoritative;
log-facility local7;
subnet 192.168.40.0 netmask 255.255.255.0 {
range 192.168.40.2 192.168.40.10;
option routers 192.168.40.1;
}

Выбираем интерфейс, на котором будет работать DHCP сервер
vim /etc/default/isc-dhcp-server:

INTERFACES="eth0"

invoke-rc.d isc-dhcp-server start

Включаем NAT и открываем порт для DHCP клиентов
iptables -I POSTROUTING 1 -s 192.168.40.0/24 -o eth1 -j SNAT --to-source 100.200.1.1
iptbales -I INPUT 2 -s 192.168.40.0/24 -d 192.168.40.1 -i eth0 -p udp --dport 67 -j ACCEPT
invoke-rc.d netfilter-persistent save

VNC сервер на Debian Jessie

Добавляем репозиторий
vim /etc/apt/sources.list:

deb http://ftp.ua.debian.org/debian/ jessie main

aptitude update
aptitude install vnc4server iptables-persistent

Устанавливаем пароль для каждого пользователя
su username
vncpasswd

Делаем скрипт автозагрузки
vi /etc/init.d/vncserver:

#!/bin/bash
### BEGIN INIT INFO
# Provides: vncserver
# Required-Start: $syslog
# Required-Stop: $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: vnc server
# Description:
#
### END INIT INFO

unset VNCSERVERARGS
VNCSERVERS=""
[ -f /etc/vncserver/vncserver.conf ] && . /etc/vncserver/vncserver.conf
prog=$"VNC server"

start() {
. /lib/lsb/init-functions
REQ_USER=$2
echo -n $"Starting $prog: "
ulimit -S -c 0 >/dev/null 2>&1
RETVAL=0
for display in ${VNCSERVERS}
do
export USER="${display##*:}"
if test -z "${REQ_USER}" -o "${REQ_USER}" == ${USER} ; then
echo -n "${display} "
unset BASH_ENV ENV
DISP="${display%%:*}"
export VNCUSERARGS="${VNCSERVERARGS[${DISP}]}"
su ${USER} -c "cd ~${USER} && [ -f .vnc/passwd ] && vncserver :${DISP} ${VNCUSERARGS}"
fi
done
}

stop() {
. /lib/lsb/init-functions
REQ_USER=$2
echo -n $"Shutting down VNCServer: "
for display in ${VNCSERVERS}
do
export USER="${display##*:}"
if test -z "${REQ_USER}" -o "${REQ_USER}" == ${USER} ; then
echo -n "${display} "
unset BASH_ENV ENV
export USER="${display##*:}"
su ${USER} -c "vncserver -kill :${display%%:*}" >/dev/null 2>&1
fi
done
echo -e "\n"
echo "VNCServer Stopped"
}

case "$1" in
start)
start $@
;;
stop)
stop $@
;;
restart|reload)
stop $@
sleep 3
start $@
;;
condrestart)
if [ -f /var/lock/subsys/vncserver ]; then
stop $@
sleep 3
start $@
fi
;;
status)
status Xvnc
;;
*)
echo $"Usage: $0 {start|stop|restart|condrestart|status}"
exit 1
esac

chmod +x /etc/init.d/vncserver
insserv -d vncserver

Создаём конфигурационный файл:
vi /etc/vncserver/vncserver.conf:

VNCSERVERS="1:myuser 2:myuser2"
VNCSERVERARGS[1]="-geometry 1366x768"
VNCSERVERARGS[2]="-geometry 1024x768"

invoke-rc.d vncserver start; invoke-rc.d vncserver stop

Для каждого пользователя в конец файла /home/user/.vnc/xstartup добавляем опцию «startxfce4 &» получится примерно такой:

#!/bin/sh
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
x-window-manager &
startxfce4 &

invoke-rc.d vncserver start

Открываем порты
iptables -I INPUT 1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I INPUT 2 -s 192.168.40.2 -d 192.168.40.1 -i eth0 -p tcp -m state --state NEW -m multiport --dports 5900,5901 -j ACCEPT
invoke-rc.d netfilter-persistent save

Почтовый сервер на Debian Jessie

Компоненты почтового сервера
Dovecot – IMAP и POP3 сервер, MDA (mail delivery agent)
Postfix – MTA (mail transfer agent)
Postixadmin – управление почтовыми ящиками

Генерируем самоподписные сертификаты для SSL/TLS
openssl req -new -x509 -days 36500 -nodes -out /etc/dovecot/dovecot.pem -keyout /etc/dovecot/private/dovecot.pem
chmod 400 /etc/dovecot/dovecot.pem
chmod 400 /etc/dovecot/private/dovecot.pem

Добавляем репозиторий
vim /etc/apt/sources.list:

deb http://ftp.ua.debian.org/debian/ jessie main

aptitude update
aptitude install dovecot-core dovecot-common dovecot-imapd dovecot-mysql dovecot-pop3d dovecot-sieve dovecot-lmtpd postfix-mysql postfixadmin openssl iptables-persistent bind9
aptitude remove exim4-base exim4-config exim4-daemon-light

Настраиваем DNS сервер

Настраиваем dovecot
vim /etc/dovecot/dovecot.conf:

auth_debug = yes #можно выключить после отладки
auth_verbose = yes    #можно выключить после отладки
mail_debug = yes      #можно выключить после отладки
disable_plaintext_auth = no
auth_mechanisms = plain login cram-md5
protocols = imap pop3 lmtp
passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
userdb {
  driver = sql
  args = /etc/dovecot/dovecot-sql.conf
}
service auth {
unix_listener auth-master {
user = vmail
group = mail
mode = 0660
}
#dict {
  #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
  #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
#}

vim /etc/dovecot/conf.d/10-auth.conf:

#auth_mechanisms = plain

vim /etc/dovecot/conf.d/15-lda.conf:

postmaster_address = admin@example.com
hostname = mail.example.com
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
protocol lda {
  mail_plugins = $mail_plugins
}

vim /etc/dovecot/conf.d/auth-sql.conf.ext:

passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
userdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}

vim /etc/dovecot/conf.d/10-master.conf:

service imap-login {
  inet_listener imap {
    port = 143
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }
}
service pop3-login {
  inet_listener pop3 {
    port = 110
  }
  inet_listener pop3s {
    port = 995
    ssl = yes
  }
}
service auth {
  unix_listener auth-userdb {
    mode = 0600
    user = vmail
    group = mail
  }
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
  }
}

vim /etc/dovecot/conf.d/10-mail.conf:

mail_location = maildir:/var/mail/%d/%u
mail_uid = vmail
mail_gid = mail
first_valid_uid = 2000
last_valid_uid = 2000
first_valid_gid = 8
last_valid_gid = 8

vim /etc/dovecot/conf.d/10-ssl.conf:

ssl = yes
ssl_cert = </etc/dovecot/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.pem
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL

vim /etc/dovecot/conf.d/20-imap.conf:

protocol imap {
  mail_plugins = $mail_plugins quota imap_quota
}

vim /etc/dovecot/conf.d/15-mailboxes.conf:

namespace inbox {
  mailbox Drafts {
    auto = subscribe
    special_use = \Drafts
  }
  mailbox Junk {
    auto = subscribe
    special_use = \Junk
  }
  mailbox Trash {
    auto = subscribe
    special_use = \Trash
  }
  mailbox Sent {
    auto = subscribe
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
}

vim /etc/dovecot/conf.d/20-pop3.conf:

pop3_uidl_format = %08Xu%08Xv
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh

vim /etc/dovecot/conf.d/auth-system.conf.ext:

#passdb {
#  driver = pam
  # [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=]
  # [cache_key=] []
  #args = dovecot
#}
#userdb {
  # 
#  driver = passwd
  # [blocking=no]
  #args =

  # Override fields from passwd
  #override_fields = home=/home/virtual/%u
#}

vim /etc/dovecot/conf.d/10-director.conf:

#service director {
#  unix_listener login/director {
    #mode = 0666
#  }

vim /usr/share/dovecot/protocols.d/imapd.protocol:

#protocols = $protocols imap

vim /usr/share/dovecot/protocols.d/pop3d.protocol:

#protocols = $protocols pop3

vim /usr/share/dovecot/protocols.d/lmtpd.protocol:

#protocols = $protocols lmtp

Создаём файл запросов dovecot для mysql
vim /etc/dovecot/dovecot-sql.conf:

driver = mysql
connect = host=127.0.0.1 dbname=postfix user=postfix password=postfixdbpass
default_pass_scheme = MD5-CRYPT
password_query = SELECT username as user, password FROM mailbox WHERE username = '%u'
user_query = SELECT '/var/mail/%d/%u' AS home, 2000 AS uid, 8 AS gid, CONCAT('*:bytes=', CAST(quota AS CHAR)) AS quota_rule FROM mailbox WHERE username = '%u' AND active = '1'

invoke-rc.d dovecot restart

Настраиваем postfix
cp /usr/share/postfix/main.cf.dist /etc/postfix/main.cf
vim /etc/postfix/main.cf:

queue_directory = /var/spool/postfix
mail_owner = postfix
myhostname = mail.example.com
mydomain = example.com
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, localhost
local_recipient_maps = $virtual_mailbox_maps, $virtual_alias_maps, $alias_maps
mynetworks_style = subnet
mynetworks = 127.0.0.0/8, 192.168.40.0/24 #разрешенные адреса
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
recipient_delimiter = +
mail_spool_directory = /var/mail
mailbox_command = /usr/lib/dovecot/deliver
mailbox_transport = dovecot
debug_peer_level = 2  #после отладки можно выключить
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = no
readme_directory = no
smtpd_client_restrictions = permit_mynetworks,
                            permit_sasl_authenticated,
                            check_client_access hash:/etc/postfix/client_access

smtpd_helo_restrictions = check_helo_access hash:/etc/postfix/hello_access,
                          permit_mynetworks,
                          permit_sasl_authenticated,
                          reject_invalid_helo_hostname,
                          reject_non_fqdn_helo_hostname,
                          reject_unknown_helo_hostname

smtpd_sender_restrictions = permit_mynetworks,
                            check_sender_access hash:/etc/postfix/sender_access,
                            reject_authenticated_sender_login_mismatch,
                            reject_unknown_sender_domain,
                            reject_unlisted_sender,
                            permit_sasl_authenticated

smtpd_recipient_restrictions = permit_mynetworks,
                               permit_sasl_authenticated,
                               reject_unauth_destination,
                               reject_unlisted_recipient,
                               reject_unknown_recipient_domain,
                               reject_non_fqdn_recipient,
                               reject_unverified_recipient

#mysql
virtual_mailbox_base = /var/mail
virtual_mailbox_maps = mysql:/etc/postfix/virtual_mailbox_maps.cf
virtual_alias_maps = mysql:/etc/postfix/virtual_alias_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/virtual_mailbox_domains.cf
#quota
virtual_mailbox_limit = 52428800
message_size_limit = 100485760
mailbox_size_limit = 524288000

smtpd_etrn_restrictions = reject
smtpd_reject_unlisted_sender = yes
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
show_user_unknown_table_name = no
address_verify_sender = <>
unverified_sender_reject_code = 550
smtpd_helo_required = yes
smtp_always_send_ehlo = yes
smtpd_hard_error_limit = 10
smtpd_timeout = 240s
smtp_helo_timeout = 240s
smtp_rcpt_timeout = 300s
virtual_minimum_uid = 2000
virtual_uid_maps = static:2000
virtual_gid_maps = static:8
virtual_transport = dovecot
dovecot_destination_recipient_limit=1
smtpd_sasl_auth_enable = yes
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/ssl/certs/dovecot.pem
smtpd_tls_key_file = /etc/ssl/private/dovecot.pem
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

vim /etc/postfix/master.cf:

smtps     inet  n       -       -       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/deliver -d ${recipient}

Создаем файлы запросов mysql для postfix
vim /etc/postfix/virtual_mailbox_maps.cf:

user = postfix
password = postfixdbpass
dbname = postfix
hosts = 127.0.0.1
table = users
select_field = maildir
where_field = email
additional_conditions = and enabled = 1

vim /etc/postfix/virtual_alias_maps.cf:

user = postfix
password = postfixdbpass
dbname = postfix
table = alias
select_field = goto
where_field = address
hosts = 127.0.0.1

vim /etc/postfix/virtual_mailbox_domains.cf:

user = postfix
password = postfixdbpass
hosts = 127.0.0.1
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' AND transport <> 'relay' AND active = '1'

vim /etc/postfix/virtual_mailbox_limit_maps.cf:

user = postfix
password = postfixdbpass
dbname = postfix
table = users
select_field = quota
where_field = email
additional_conditions = and enabled = 1
hosts = 127.0.0.1

Создаем базу данных псевдонимов
newaliases

Создаём файлы базы данных для postfix:
touch /etc/postfix/{client_access,hello_access,sender_access,recipient_access}
postmap /etc/postfix/{client_access,hello_access,sender_access,recipient_access}

Создаём виртуального пользователя, который будет заниматься локальной доставкой почты
useradd -u 2000 -g mail -d /var/mail -s /bin/false vmail

Создаём базу для postfix
mysql -u root -p
CREATE DATABASE postfix;
GRANT ALL ON postfix.* TO 'postfix'@'localhost' IDENTIFIED BY 'postfixdbpass';
quit

invoke-rc.d postfix restart

Настраиваем postfixadmin
vim /usr/share/postfixadmin/config.inc.php:

$CONF['default_language'] = 'ru';
$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfix';
$CONF['database_password'] = 'postfixdbpass';
$CONF['database_name'] = 'postfix';
$CONF['encrypt'] = 'dovecot:CRAM-MD5';
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'NO';
$CONF['postfix_admin_url'] = '/pfa';

vim /etc/apache2/conf-enabled/postfixadmin.conf:

Alias /pfa /usr/share/postfixadmin/
<Directory /usr/share/postfixadmin/>
  AllowOverride all
  DirectoryIndex index.php
  Require all granted
</Directory>

chown -R www-data:www-data /usr/share/postfixadmin/
invoke-rc.d apache2 reload

В /usr/share/postfixadmin/upgrade.php нужно заменить все значения «255» на «100» иначе при установке будет ошибка «Invalid query: Specified key was too long; max key length is 1000 bytes»
sed -i ‘s|255|100|g’ /usr/share/postfixadmin/upgrade.php

Запускаем мастер установки postfixadmin переходим по адресу http://example.com/pfa/setup.php
Генерируем hash пароля установки
Копируем hash в опцию «$CONF[‘setup_password’]» в /usr/share/postfixadmin/config.inc.php
Вводим пароль установки
Логин вводим в виде почтового адреса, например admin@example.com
Пароль администратора
Для управления почтовыми ящиками нужно заходить на http://example.com/pfa

Добавляем записи для почтового сервера в файл зоны DNS
vim /var/bind9/chroot/etc/bind/example.com.wan:

                IN              MX      10      mail.example.com.
mail                 IN              A       192.168.40.1

rndc reload

Отправляем статистику почтового сервера на почту
aptitude install pflogsumm
crontab -e

 01 00 * * * /usr/sbin/pflogsumm -e -d yesterday /var/log/mail.log | mail -s "Postfix Mail Statistics" admin@example.com

Открываем порты для почты
iptables -I INPUT 1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I INPUT 2 -s 192.168.40.0/24 -d 192.168.40.1 -i eth0 -p tcp -m state --state NEW -m multiport --dports 25,80,110,143,465,993,995 -j ACCEPT
invoke-rc.d netfilter-persistent save

pure-ftpd на Debian Jessie

Добавляем репозиторий
vim /etc/apt/sources.list:

deb http://ftp.ua.debian.org/debian/ jessie main


aptitude update
aptitude install pure-ftpd-mysql openssl iptables-persistent

Создаём группу и пользователя для pure-ftpd
groupadd -g 1001 ftp
useradd -u 1001 -g ftp -s /bin/false -d /ftp -c "ftp-users" ftp

Настраиваем pure-ftpd
echo "no" > /etc/pure-ftpd/conf/NoAnonymous
echo "yes" > /etc/pure-ftpd/conf/ChrootEveryone
echo "yes" > /etc/pure-ftpd/conf/IPV4Only
echo "yes" > /etc/pure-ftpd/conf/UnixAuthentication
echo "yes" > /etc/pure-ftpd/conf/DontResolve
echo "yes" > /etc/pure-ftpd/conf/CreateHomeDir
echo "no" > /etc/pure-ftpd/conf/PAMAuthentication
echo "yes" > /etc/pure-ftpd/conf/VerboseLog
echo "30" > /etc/pure-ftpd/conf/MaxClientsNumber
echo "8" > /etc/pure-ftpd/conf/MaxClientsPerIP
echo "no" > /etc/pure-ftpd/conf/DisplayDotFiles
echo "30" > /etc/pure-ftpd/conf/MaxIdleTime
echo "49152 65535" > /etc/pure-ftpd/conf/PassivePortRange
echo "2048" > /etc/pure-ftpd/conf/AnonymousBandwidth
echo "1000 500" > /etc/pure-ftpd/conf/Quota
echo "90" > /etc/pure-ftpd/conf/MaxDiskUsage
echo "1" > /etc/pure-ftpd/conf/TLS

Генерируем самоподписные сертификаты для pure-ftpd
cd /etc/ssl/private
openssl req -x509 -nodes -newkey rsa:1024 -keyout pure-ftpd.pem -out pure-ftpd.pem
chmod 400 pure-ftpd.pem

Создаем базу данных для pure-ftpd
mysql -u root -p
CREATE DATABASE pureftpd;
GRANT ALL PRIVILEGES ON pureftpd.* TO 'pureftpd'@'localhost' IDENTIFIED BY 'pureftpddbpass';

USE pureftpd;

CREATE TABLE admin (
Username varchar(35) NOT NULL default '',
Password char(32) binary NOT NULL default '',
PRIMARY KEY (Username)
) ENGINE=MyISAM;

INSERT INTO admin VALUES ('admin',MD5('adminpasswd'));

CREATE TABLE `users` (
`User` varchar(16) NOT NULL default '',
`Password` varchar(32) binary NOT NULL default '',
`Uid` int(11) NOT NULL default '14',
`Gid` int(11) NOT NULL default '5',
`Dir` varchar(128) NOT NULL default '',
`QuotaFiles` int(10) NOT NULL default '500',
`QuotaSize` int(10) NOT NULL default '30',
`ULBandwidth` int(10) NOT NULL default '80',
`DLBandwidth` int(10) NOT NULL default '80',
`Ipaddress` varchar(15) NOT NULL default '*',
`Comment` tinytext,
`Status` enum('0','1') NOT NULL default '1',
`ULRatio` smallint(5) NOT NULL default '1',
`DLRatio` smallint(5) NOT NULL default '1',
PRIMARY KEY (`User`),
UNIQUE KEY `User` (`User`)
) ENGINE=MyISAM;
quit

vim /etc/pure-ftpd/db/mysql.conf:

MYSQLUser       pureftpd
MYSQLPassword   pureftpddbpass
MYSQLDatabase   pureftpd
MYSQLCrypt      md5
MYSQLGetPW      SELECT Password FROM users WHERE User="\L" AND status="1" AND (Ipaddress = "*" OR Ipaddress LIKE "\R")
MYSQLGetUID     SELECT Uid FROM users WHERE User="\L" AND status="1" AND (Ipaddress = "*" OR Ipaddress LIKE "\R")
MYSQLGetGID     SELECT Gid FROM users WHERE User="\L"AND status="1" AND (Ipaddress = "*" OR Ipaddress LIKE "\R")
MYSQLGetDir     SELECT Dir FROM users WHERE User="\L"AND status="1" AND (Ipaddress = "*" OR Ipaddress LIKE "\R")
MySQLGetBandwidthUL SELECT ULBandwidth FROM users WHERE User="\L"AND status="1" AND (Ipaddress = "*" OR Ipaddress LIKE "\R")
MySQLGetBandwidthDL SELECT DLBandwidth FROM users WHERE User="\L"AND status="1" AND (Ipaddress = "*" OR Ipaddress LIKE "\R")
MySQLGetQTASZ   SELECT QuotaSize FROM users WHERE User="\L"AND status="1" AND (Ipaddress = "*" OR Ipaddress LIKE "\R")
MySQLGetQTAFS   SELECT QuotaFiles FROM users WHERE User="\L"AND status="1" AND (Ipaddress = "*" OR Ipaddress LIKE "\R")

invoke-rc.d pure-ftpd-mysql restart

Устанавливаем user manager для pure-ftpd
wget http://machiel.generaal.net/files/pureftpd/ftp_v2.1.tar.gz
tar xzf ftp_v2.1.tar.gz -C /var/www
wget http://machiel.generaal.net/files/pureftpd/languages/2.x/russian.php.txt -O /var/www/ftp/language/russian.php
chown -R www-data:www-data /var/www/ftp

vim /var/www/ftp/config.php:

  $LANG = "Russian";
  $LocationImages =  "images";
  $DBHost = "127.0.0.1";
  $DBLogin = "pureftpd";
  $DBPassword = "pureftpddbpass";
  $DBDatabase = "pureftpd";
  $FTPAddress = "example.com:21";
  $DEFUserID = "1001";
  $DEFGroupID = "1001";
  $UsersFile = "/etc/passwd";
  $GroupFile = "/etc/group";
  $StyleSheet = "style/default.css.php";
  $EnableQuota = 1;
  $EnableRatio = 1;

vim /etc/php5/apache2/php.ini:

short_open_tag = On

vim /etc/apache2/conf-enabled/ftpmgr.conf:

Alias /ftpmgr /var/www/ftp/
<Directory /var/www/ftp/>
  DirectoryIndex index.php
  Require all granted
</Directory>

invoke-rc.d apache2 restart

Управление пользователями будет доступно на http://example.com/ftpmgr

Открываем порты
iptables -I INPUT 1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I INPUT 2 -s 192.168.40.0/24 -d 192.168.40.1 -i eth0 -p tcp -m state --state NEW -m multiport --dports 21,990,49152:65535 -j ACCEPT
invoke-rc.d netfilter-persistent save