[CentOS-docs] Mail / Web server guides

Mon Mar 25 10:41:31 UTC 2013
Christian Salway <ccsalway at itmanx.com>

Hi John, 

Thank you for your feedback.

Firstly, "If such issues could possibly be resolved I feel these scripts
would be very beneficial to many users.", who better to help out with that
than you by the sounds of it.

Anyway, although I would love a perfect system the way CentOS org intended
it, there are many reasons why I have done the scripts the way I have.
Mainly because there is not always the documentation out there to be able to
achieve the centos perfect result, or the packages available in the
'preferred' repos are out-of-date, so people like me find the 'best'
solution they can.

I'm all about security but there just isn't any good documentation for
managing selinux!  If there was, SELINUX would still be enabled.  For
instance, how to allow selinux to let pureftp and apache share the same
files, show me a simple guide on that!

I used http://wiki.apache.org/spamassassin/ClamAVPlugin to interact ClamAV
and spamassassin which mentions File::Scan::ClamAV but which wasn't
available in the repositories I had chosen, so clicking on the link took me
to cpan, which I then found a way to automate the install off.  I see no
reason why it wasn't a good way of doing it as you get the latest version
and it's only an add-on module to perl.

What is so wrong about downloading the latest html files direct from the
developers website?  Nothing is 'installed' into the system and the
repositories rarely have the latest version.  You are basically asking the
CentOS uses to stay in the dark from new and improved versions of software
until you 'have the time' to add them to the repositories!

UTC timezone
The timezone script was for simplicity with my setup only and can obviously
be removed.  Although I'm sure a half-witted donkey can figure out how to
change it.

Remi over rpmforge
I tried to install mysql from rpmforge but it just wasn't happening.  Their
mysql_libs are still old and thus causes a warning in phpmyadmin.

Although CentOS may be a packaged managed system, most of the time the
packages in the repositories are way behind, resulting in system
administrators like myself having to install versions with security
concerns, bugs or unavailable useful features that is just simply
ridiculous, all because you want users to follow suit.

If you would like to add your tweaks to the scripts, I would be more than
happy to re-upload them to my downloads area... but something tells me the
answer will be 'when I have time'.

Nb. I'm just testing CentOS6.4 as it was just released, so these scripts
might change again.

Kind regards,
Christian Salway

-----Original Message-----
From: centos-docs-bounces at centos.org [mailto:centos-docs-bounces at centos.org]
On Behalf Of John R. Dennison
Sent: 25 March 2013 05:53
To: centos-docs at centos.org
Subject: Re: [CentOS-docs] Mail / Web server guides

On Mon, Mar 25, 2013 at 04:59:08AM -0000, Christian Salway wrote:
> http://www.itmanx.com/downloads/scripts.tar.gz

I took a quick glance at your scripts as such a toolchain would prove _very_
useful to many.

Your selinux.sh is an abysmal fail.  It's so discouraging to see this type
of nonsense still going on in 2013.  There is NO REASON to disable selinux

You are also advocating the use of CPAN in your clamav.sh to install
File-Scan-ClamAV from source.  No, please, just... no.  The use of CPAN,
either directly via perl -MCPAN -e shell or the method you use to retrieve
the tarball from the cpan archive system and then building it yourself, is
_strongly_ discouraged on a package managed system.  The module you are
looking for is already prepackaged by rpmforge as perl-File-Scan-ClamAV and
is available for both  CentOS-5 and -6.

I see you are also installing phymyadmin using a source kit install instead
of using the version that is packaged by EPEL which doesn't make any sense
to me considering your repositories.sh installs epel (although without
priorities and you set it to enabled).  Since you also install remi (why?)
there may be conflicts between the two (unconfirmed, I coulnd't be paid
enough to use remi on any box I care about).

You blindly change the host's timezone to UTC?  With no interaction from the
user whether he/she wants this or not? (No, not everyone wants their boxes
in UTC.)

There may be other issues, but these are the ones that jumped out at me from
a _very_ cursory review.

I must admit, I was a little disappointed with things as they stand.
CentOS is a packaged distribution and it's best to stay with components that
are in package format instead of resorting to raw tarball installs.

If such issues could possibkly be resolved I feel these scripts would be
very beneficial to many users.


You may be deceived if you trust too much, but you will live in torment if
you don't trust enough.

-- Frank H. Crane (1 January 1873 - 1 September 1948)
   American stage and film actor and director