This tutorial has been tested and is working on Debian etch and lenny

1. Install the PowerDNS server and MySql backend using apt

apt-get install pdns-server pdns-backend-mysql


2. Create a new database (or use existing) and execute the following SQL queries to create the PowerDNS table structure:

create table domains (
id INT auto_increment,
name VARCHAR(255) NOT NULL,
master VARCHAR(128) DEFAULT NULL,
last_check INT DEFAULT NULL,
type VARCHAR(6) NOT NULL,
notified_serial INT DEFAULT NULL,
account VARCHAR(40) DEFAULT NULL,
primary key (id)
)type=InnoDB;
 
CREATE UNIQUE INDEX name_index ON domains(name);
 
CREATE TABLE records (
id INT auto_increment,
domain_id INT DEFAULT NULL,
name VARCHAR(255) DEFAULT NULL,
type VARCHAR(6) DEFAULT NULL,
content VARCHAR(255) DEFAULT NULL,
ttl INT DEFAULT NULL,
prio INT DEFAULT NULL,
change_date INT DEFAULT NULL,
primary key(id)
)type=InnoDB;
 
CREATE INDEX rec_name_index ON records(name);
CREATE INDEX nametype_index ON records(name,type);
CREATE INDEX domain_id ON records(domain_id);
 
create table supermasters (
ip VARCHAR(25) NOT NULL,
nameserver VARCHAR(255) NOT NULL,
account VARCHAR(40) DEFAULT NULL
);


3. Configure PowerDNS to use the MySql backend by adding this line into the configuration file (pico /etc/powerdns/pdns.conf)

launch=gmysql


4. Configure MySql login information for the PowerDNS server that can read from the tables you created earlier by adding lines similar to these (pico /etc/powerdns/pdns.d/pdns.local)

gmysql-host=127.0.0.1
gmysql-user=pdns
gmysql-password=password
gmysql-dbname=pdns


Replace the username, password and dbname with a valid login information and database name.

5. Restart PowerDNS

/etc/init.d/pdns restart


Now you should have a fully functional PowerDNS server installed. To manage the database (adding zones and records), consider using the Poweradmin web-based administration tool.

1. Add non-free archive to apt sources (pico /etc/apt/sources.list)

deb http://ftp.uk.debian.org/debian/ squeeze main non-free
deb-src http://ftp.uk.debian.org/debian/ squeeze main non-free


Add non-free behind main in both lines

2. Update the package list

apt-get update


3. Install Nikto

apt-get install nikto

4. Test the local web server

nikto -h localhost

Nikto also supports testing on different ports. Click here for Nikto usage information.

This tutorial has been tested to be working on Debian squeeze. It's assumed that you are installing one supermaster and one or more slaves that will sync with the master automatically.

On all servers

1. Install the PowerDNS server and MySql backend using apt

apt-get install pdns-server pdns-backend-mysql


2. Create a new database (or use existing) and execute the following SQL queries to create the PowerDNS table structure:

create table domains (
id INT auto_increment,
name VARCHAR(255) NOT NULL,
master VARCHAR(128) DEFAULT NULL,
last_check INT DEFAULT NULL,
type VARCHAR(6) NOT NULL,
notified_serial INT DEFAULT NULL,
account VARCHAR(40) DEFAULT NULL,
primary key (id)
)type=InnoDB;
 
CREATE UNIQUE INDEX name_index ON domains(name);
 
CREATE TABLE records (
id INT auto_increment,
domain_id INT DEFAULT NULL,
name VARCHAR(255) DEFAULT NULL,
type VARCHAR(6) DEFAULT NULL,
content VARCHAR(255) DEFAULT NULL,
ttl INT DEFAULT NULL,
prio INT DEFAULT NULL,
change_date INT DEFAULT NULL,
primary key(id)
)type=InnoDB;
 
CREATE INDEX rec_name_index ON records(name);
CREATE INDEX nametype_index ON records(name,type);
CREATE INDEX domain_id ON records(domain_id);
 
create table supermasters (
ip VARCHAR(25) NOT NULL,
nameserver VARCHAR(255) NOT NULL,
account VARCHAR(40) DEFAULT NULL
);


3. Configure PowerDNS to use the MySql backend by adding this line into the configuration file (pico /etc/powerdns/pdns.conf)

launch=gmysql


4. Configure MySql login information for the PowerDNS by adding lines similar to these (pico /etc/powerdns/pdns.d/pdns.local).

gmysql-host=127.0.0.1
gmysql-user=pdns
gmysql-password=password
gmysql-dbname=pdns


Replace the username, password and dbname with a valid login information and database name. Each DNS server in the cluster needs to have a dedicated local database.

On the master server

5. Allow zone transferes and enable master operation. (pico /etc/powerdns/pdns.conf)

allow-axfr-ips=10.0.0.2
disable-axfr=no
master=yes


6. Add a new zone

INSERT INTO domains (name, type) VALUES ('example.org', 'MASTER');
INSERT INTO records (domain_id, name, content, type, ttl, prio) VALUES (1, 'example.org', 'ns1.example.org hostmaster.example.org 1', 'SOA', 86400, NULL);
INSERT INTO records (domain_id, name, content, type, ttl, prio) VALUES (1, 'example.org', 'ns1.example.org', 'NS', 86400, NULL);
INSERT INTO records (domain_id, name, content, type, ttl, prio) VALUES (1, 'example.org', 'ns2.example.org', 'NS', 86400, NULL);
INSERT INTO records (domain_id, name, content, type, ttl, prio) VALUES (1, 'ns1.example.org', '10.0.0.1', 'A', 86400, NULL);
INSERT INTO records (domain_id, name, content, type, ttl, prio) VALUES (1, 'ns2.example.org', '10.0.0.2', 'A', 86400, NULL);


On the slaves

7. Enable slave operation (pico /etc/powerdns/pdns.conf)

slave=yes


8. Make the master server a supermaster for the slave. If supermaster is specified, all new zones will be added automatically to the slave when notified by the master.

INSERT INTO supermasters (ip, nameserver, account) VALUES ('10.0.0.1', 'ns2.example.org', '');


Assuming the master IP address is 10.0.0.1

On master and slaves

9. Restart PowerDNS

/etc/init.d/pdns restart


On the master

10. Trigger a notify

UPDATE records SET content = 'ns1.example.org hostmaster.example.org 2' WHERE type = 'SOA' AND name = 'example.org';


Increasing the serial will sync data from the master to the slave

Munin is a network/system monitoring application that presents output in graphs through a web interface. If you haven't installed it already, use this tutorial: Monitoring multiple servers with Munin.

Assuming you have both varnish and munin installed, here's a tutorial on installing a plugin for munin to monitor Varnish.

1. Install git-core to receive the plugin from github

apt-get install git-core


2. cd into the munin plugins directory

/usr/share/munin/plugins


3. Download the munin-varnish plugin

git clone git://github.com/basiszwo/munin-varnish.git


4. Set correct permissions

chmod a+x /usr/share/munin/plugins/munin-varnish/varnish_*


5. Link the plugin sections to the munin config

ln -s /usr/share/munin/plugins/munin-varnish/varnish_* /etc/munin/plugins/


6. Add these lines to the bottom of the munin-node config (pico /etc/munin/plugin-conf.d/munin-node)

[varnish*]
user root


7. Restart munin-node

/etc/init.d/munin-node restart


1. Install rkhunter

apt-get install rkhunter


2. Run rkhunter to check your server

rkhunter --check


The development of this interface specification was led by Intel Corporation and is supported by more than two hundred computer systems vendors including Dell, Hewlett-Packard, Intel, and NEC Corporation.

1. Install the ipmitool which is used to send commands and receive information from the management interface.

apt-get install ipmitool


2. Use this command to send and receive information to a remote server

ipmitool -H {ip_address} -U {username} -a {ipmi_command}


You can also skip the "-a" parameter (which makes ipmitool prompt for a password everytime) and add "-P {password}" to avoid the password prompt.

Here are some examples of useful commands

Get hardware status (including hardware failures and power status)

ipmitool -H {ip_address} -U {username} -a chassis status


List all sensor values (including temperature, fan speed, voltage and more)

ipmitool -H {ip_address} -U {username} -a sensor list


Print system event log

ipmitool -H {ip_address} -U {username} -a sel list


Check if your server is on or off

ipmitool -H {ip_address} -U {username} -a chassis power status


Power off the server (soft shutdown via ACPI)

ipmitool -H {ip_address} -U {username} -a chassis power soft


Power off the server (hard)

ipmitool -H {ip_address} -U {username} -a chassis power off


Start the server

ipmitool -H {ip_address} -U {username} -a chassis power on


Restart server (hard)

ipmitool -H {ip_address} -U {username} -a chassis power reset


1. Install vsftpd

apt-get install vsftpd


2. Configure (pico /etc/vsftpd.conf)

By default, vsftpd only allows anonymous connections. Change the following config variables to enable local users to connect, allow writing and chroot users to home directories.

anonymous_enable=NO
local_enable=YES
write_enable=YES
chroot_local_user=YES


3. Restart vsftpd

/etc/init.d/vsftpd restart


It's assumed that you have already installed and configured Postfix according to this tutorial:
Installing Postfix with MySql backend and SASL for SMTP authentication

1. Install required packages

apt-get install dovecot-imapd dovecot-pop3d


2. Configure Dovecot (pico /etc/dovecot/dovecot.conf)

mail_location = maildir:/home/vmail/%d/%n
auth default {
passdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
userdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
}
disable_plaintext_auth = no
user = vmail


Add or edit the above properties and leave everything else with the default value or configure according to your needs

3. Configure the MySql connector (pico /etc/dovecot/dovecot-sql.conf)

driver = mysql
connect = host=127.0.0.1 dbname={database} user={username} password={password}
default_pass_scheme = CRYPT
password_query = SELECT email as user, password FROM users WHERE email = '%u'
user_query = SELECT CONCAT('/home/vmail/',SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') as home, '5000' as uid, '5000' as gid FROM users WHERE email = '%u'


{database} = MySql database name
{username} = MySql username
{password} = MySql password

4. Restart Dovecot daemon

/etc/init.d/dovecot restart


Installation is easy in Debian but the application is pretty outdated in the squeeze apt repository so you may want to install the latest version manually instead. You can download the source from Sourceforge.

1. Install roundcube

apt-get install roundcube roundcube-mysql


2. Configure apache (pico /etc/apache2/conf.d/roundcube)

Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/
Alias /roundcube /var/lib/roundcube


3. For some reason the default language is set to ar_SA. Change it to English (pico /var/lib/roundcube/config/main.inc.php)

$rcmail_config['language'] = 'en_US';


4. Restart apache

/etc/init.d/apache2 restart


Now you can access Roundcube on this location: http://yourserver/roundcube

This is ideal for web servers to avoid running MTA daemons like sendmail, Exim and Postfix which use up resources on the server.

1. Install sSMTP (Note: Any previously installed MTA will be removed)

apt-get install ssmtp


2. Configure the server (pico /etc/ssmtp/ssmtp.conf)

mailhub=mail.example.org
FromLineOverride=YES


Replace mail.example.org with the external mail server that you want to relay all mail to.

If you would like to relay through Google Mail servers, change these configuration values:

mailhub=smtp.gmail.com:587
UseSTARTTLS=Yes
AuthUser={username}
AuthPass={password}
FromLineOverride=YES


Replace {username} with your Gmail username and {password} with your Gmail password.

That's all! sSMTP doesn't run as service so there's no restart required. sSMTP creates a link to /usr/sbin/sendmail which most programs use by default to send mail including PHP.