Addition/Secure.Your.Exist.iRedAdmin

From iRedMail

(Difference between revisions)
Jump to: navigation, search
(Created page with 'If you already have iRedAdmin installed, either iRedAdmin-Pro or open source edition, you can simply secure it by following below tutorial. = Create a new system account = We wi…')
Line 1: Line 1:
 +
__TOC__
 +
If you already have iRedAdmin installed, either iRedAdmin-Pro or open source edition, you can simply secure it by following below tutorial.
If you already have iRedAdmin installed, either iRedAdmin-Pro or open source edition, you can simply secure it by following below tutorial.

Revision as of 05:16, 23 July 2010

Contents


If you already have iRedAdmin installed, either iRedAdmin-Pro or open source edition, you can simply secure it by following below tutorial.

Create a new system account

We will make iRedAdmin run with Apache web server, but as non-apache, low privilege user: iredadmin.

Terminal: 
#
# ---- On Linux ----
# 
# useradd -s /sbin/nologin -M -d /home/iredadadmin iredadmin

#
# ---- On FreeBSD ----
#
# pw useradd -s /sbin/nologin -d /home/iredadmin -n iredadmin

= Configure Apache =
Edit Apache config file of iRedAdmin, make iRedAdmin run as user 'iredadmin'.
File localtion on different distributions:
* RHEL/CentOS: /etc/httpd/conf.d/iredadmin.conf
* Debian/Ubuntu: /etc/apache2/conf.d/iredadmin.conf
* FreeBSD: /usr/local/etc/apache22/Includes/iredadmin.conf

{{cfg|iredadmin.conf|<pre>
WSGISocketPrefix /var/run/wsgi
WSGIDaemonProcess iredadmin user=iredadmin threads=15
WSGIProcessGroup iredadmin

Change file permissions

Change current directory to apache server root directory:

Terminal: 
#
# ---- On RHEL/CentOS ----
#
# cd /var/www/

#
# ---- On Debian/Ubuntu ----
#
# cd /usr/share/apache2/

#
# ---- On FreeBSD ----
#
# cd /usr/local/www/

Change file permissions:

Terminal: 
# chown -R iredadmin:iredadmin iRedAdmin-x.y.z
# chmod -R 0755 iRedAdmin-x.y.z
# chmod 0600 iRedAdmin-x.y.z/settings.ini

Restart Apache

Restart Apache to make changes work.

Verify it

You can simply use top command to verify it:

Terminal: 
#
# ---- Sample output ----
#
# top -u iredadmin
  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND                                                        
 3978 iredadmi  25   0  458m 7052 1028 S  0.0  1.4   0:00.00 httpd
Retrieved from "http://www.iredmail.org/wiki/index.php?title=Addition/Secure.Your.Exist.iRedAdmin"
Personal tools