Page 1 of 1

Hermes SEG on Ubuntu 16.04 LTS

Posted: Fri Mar 09, 2018 1:41 pm
by dedwards
Download and install Ubuntu 16.04 Server

I used the server version since this machine is going to act like a server so I didn't want the GUI or any other software that gets loaded on the end-user version of Ubuntu. Ensure that the machine has at least a 40 GB boot drive and a 250 GB data drive.

Configure the networking

a. Identify all network interfaces:

Code: Select all

ifconfig -a|grep eth
or

Code: Select all

sudo lshw -class network
b. Once you have identified the network interface(s) you are going to use (hint: they start with the word "eth") enter the IP information by editing the "/etc/network/interfaces" file like below:

Code: Select all

vi /etc/network/interfaces
In the vi editor window, locate the interface you wish to configure and set it similar to the example below. The example below assumes you are configuring "eth0":

Code: Select all

auto eth0
iface eth0 inet static
address 192.168.x.x
netmask 255.255.255.0
gateway 192.168.x.x
where "192.168.x.x" is the IP of your server.

c. Enter the DNS information by editing the "/etc/resolv.conf" file as follows:

Code: Select all

vi /etc/resolv.conf
Enter the DNS information for your network like the example below:

Code: Select all

search yourdomain.local
nameserver 192.168.x.x
nameserver 192.168.x.x
Where search is your network's internal domain and each nameserver entry corresponds to each DNS server for your network.

d. Configure the "/etc/hostname" file:

Code: Select all

sudo vi /etc/hostname
Enter the hostname of your server without the domain and save the file.

e. Configure the "/etc/hosts" file:

Code: Select all

sudo vi /etc/hosts
Ensure that the file looks like below:

Code: Select all

127.0.0.1       localhost
192.168.xxx.xxx       hostname.yourdomain.tld   hostname

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
Where "hostname.yourdomain.tld" and "hostname" refer to the FQDN of your server and the hostname of your server respectively and the "192.168.xxx.xxx" is the IP address of your server.

Install ntpdate and set the BIOS clock to the local time

a. Install ntpdate by issuing the following command:

Code: Select all

sudo apt-get install ntpdate
b. Set BIOS clock to local time by issuing the following command:

Code: Select all

hwclock --systohc
Update the package index

Code: Select all

sudo apt-get update
Install ssh server

Code: Select all

sudo apt-get install ssh
Accept all dependencies

Partition the data drive

Create a /mnt/data directory:

Code: Select all

mkdir /mnt/data
Create a new partition on the data drive. In this example the data drive is /dev/sdb, adjust to your configuration:

Code: Select all

fdisk /dev/sdb
a. Hit “n” to add new partition
b. Hit “p” for primary partition
c. “Enter” for partition 1
d. “Enter” for default first sector
e. “Enter” for default last secotr
f. “w” to write table to disk and exit

If successful, this would have created a /dev/sdb1 partition which you can verify by running fdisk:

Code: Select all

fdisk –l
should yield an output similar to the one below:

Code: Select all

Disk /dev/sdb: 250 GB, 85899345920 bytes
86 heads, 10 sectors/track, 195083 cylinders, total 167772160 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0xd405fed4

   Device Boot      Start         End      Blocks   Id  System
/dev/sdb1            2048   167772159    83885056   83  Linux
Create a file system and format the new disk:

Code: Select all

mkfs.ext4 /dev/sdb1
Mount the new disk to the /mnt/data directory you created earlier:

Code: Select all

mount /dev/sdb1 /mnt/data
Get the new disk UUID:

Code: Select all

ls -l /dev/disk/by-uuid
Should yield an output similar to below:

Code: Select all

lrwxrwxrwx 1 root root 10 Feb  5 11:20 30415940-40bd-467d-b179-cb2acb54b964 -> ../../sdb1
lrwxrwxrwx 1 root root 10 Jan  3 12:27 b3a7e707-c301-4e67-b377-9dba6e6c96ee -> ../../sda5
lrwxrwxrwx 1 root root 10 Jan  3 12:27 f6031cdf-6624-4598-b93d-d8d10b555de9 -> ../../sda1
Locate and copy the UUID for the new disk (in this case sdb1). The UUID in your system will differ so ensure you do NOT use the UUID from the example above.

Add disk in /etc/fstab

Code: Select all

vi /etc/fstab
Add the a line like below into /etc/fstab ensuring that you use the UUID from your system:

Code: Select all

UUID=30415940-40bd-467d-b179-cb2acb54b964 /mnt/data               ext4    errors=remount-ro 0       1
Save the file

Reboot the system and ensure the /mnt/data is mounted after reboot by issuing the following command:

Code: Select all

df –h 
It should yield output similar to the one below:

Code: Select all

Filesystem      Size  Used Avail Use% Mounted on
/dev/sda1        12G  3.1G  8.0G  28% /
none            4.0K     0  4.0K   0% /sys/fs/cgroup
udev            2.0G  4.0K  2.0G   1% /dev
tmpfs           396M  528K  395M   1% /run
none            5.0M     0  5.0M   0% /run/lock
none            2.0G     0  2.0G   0% /run/shm
none            100M     0  100M   0% /run/user
/dev/sdb1        79G   56M   75G   1% /mnt/data
Create Necessary Directories

Code: Select all

mkdir /mnt/hermesarchivetest && mkdir /mnt/hermesbackuptest && mkdir /mnt/hermesrestore && mkdir /mnt/archive && mkdir /mnt/backups && mkdir /mnt/hermesbackups && mkdir /mnt/hermesemail_archive && mkdir /mnt/hermesrestoretest && mkdir /mnt/tmp
Install & Configure MySQL

Install MySQL database server:

Code: Select all

apt-get install mysql-server
When prompted, set the password for mysql root user. Ensure you note the password you've set as it will be used further down.

Stop MySQL:

Code: Select all

/etc/init.d/mysql stop
Copy the folders from the default "/var/lib/mysql" directory to /mnt/data/dbase:

Code: Select all

sudo cp -r /var/lib/mysql/* /mnt/data/dbase/
Change the new data directory permissions to mysql user/group:

Code: Select all

chown -R mysql:mysql /mnt/data/dbase/
Edit vi /etc/mysql/mysql.conf.d/mysqld.cnf file:

Code: Select all

vi /etc/mysql/mysql.conf.d/mysqld.cnf
Comment out the bind-address = 127.0.0.1 line as follows:

Code: Select all

# bind-address            = 127.0.0.1
Change the "datadir=" line to reflect the new data directory

Code: Select all

datadir=/mnt/data/dbase
Save the file

Configure AppArmor to allow access to the new data directory

Code: Select all

sudo vi /etc/apparmor.d/usr.sbin.mysqld
Locate the following lines:

Code: Select all

/var/lib/mysql/ r,
/var/lib/mysql/** rwk,
And add the following lines underneath them ensuring that you include the ending "/":

Code: Select all

/mnt/data/dbase/ r,
/mnt/data/dbase/** rwk,
Save the file

Restart AppArmor:

Code: Select all

sudo /etc/init.d/apparmor restart
Add the following lines in /etc/mysql/my.cnf to fix issue with errors in queries that contain nonaggregated columns in GROUP BY clauses:

Code: Select all

vi /etc/mysql/my.cnf


Add the following lines at the very bottom of the file:

Code: Select all

[mysqld]
sql_mode = STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
Start MySQL

Code: Select all

/etc/init.d/mysql start
From the command line connect to mysql:

Code: Select all

mysql -u root -p
At the prompt enter the MySQL root password you set earlier

Type the following commands inside the mysql> prompt followed by enter for each command. Replace the SOME_PASSWORD with a password of your choosing and make a note of since it will be used further down:

Code: Select all

CREATE DATABASE hermes;
CREATE DATABASE Syslog;
GRANT ALL PRIVILEGES ON hermes.* To 'hermes'@'localhost' IDENTIFIED BY 'SOME_PASSWORD';
GRANT ALL PRIVILEGES ON hermes.* To 'hermes'@'127.0.0.1' IDENTIFIED BY 'SOME_PASSWORD';
GRANT ALL PRIVILEGES ON hermes.* To 'amavisd'@'localhost' IDENTIFIED BY 'SOME_PASSWORD';
GRANT ALL PRIVILEGES ON hermes.* To 'amavisd'@'127.0.0.1' IDENTIFIED BY 'SOME_PASSWORD';
GRANT ALL PRIVILEGES ON Syslog.* To 'rsyslog'@'localhost' IDENTIFIED BY 'SOME_PASSWORD';
GRANT ALL PRIVILEGES ON Syslog.* To 'rsyslog'@'127.0.0.1' IDENTIFIED BY 'SOME_PASSWORD';
flush privileges;
Exit the mysql> prompt:

Code: Select all

exit;
Change to the /home/hermes directory:

Code: Select all

cd /home/hermes
Download the latest hermes.sql and Syslog.sql files:

Code: Select all

wget https://www.deeztek.com/downloads/hermes/config/sql/hermes.zip
wget https://www.deeztek.com/downloads/hermes/config/sql/Syslog.zip
Unzip the files:

Code: Select all

unzip hermes.zip
unzip Syslog.zip
After unzipping you will be left with hermes.sql and Syslog.sql files. Execute each sql file in order to build the database schema for the hermes and the Syslog databases you created earlier. Ensure you replace SOME_PASSWORD with the mysql root password you set earlier:

Code: Select all

mysql --user="root" --database="hermes" --password="SOME_PASSWORD" < "hermes.sql"
mysql --user="root" --database="Syslog" --password="SOME_PASSWORD" < "Syslog.sql"

Code: Select all

CREATE USER 'root'@'%' IDENTIFIED BY 'Lwtcdi2!';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'Lwtcdi2!' with grant option;
flush privileges;
exit;
Install rsyslog-mysql

During the installation you will be prompted with Configuring rsyslog-mysql. You should choose No, since we are already created and configured the Syslog database earlier.

Code: Select all

sudo apt-get install rsyslog-mysql
On the “Configuring rsyslog-mysql” screen select “Yes” to configure database for rsyslog-mysql with dbconfig-common.

Edit the following file:

Code: Select all

vi /etc/rsyslog.d/mysql.conf
Locate the following entry:

Code: Select all

$ModLoad ommysql
*.* :ommysql:localhost,Syslog,rsyslog,

Edit it so that it looks like below where SOME_PASSWORD is the password you set for the rsyslog database user you set earlier:

Code: Select all

$ModLoad ommysql
mail.* :ommysql:localhost,Syslog,rsyslog,SOME_PASSWORD
Restart rsyslogd service:

Code: Select all

/etc/init.d/rsyslog restart
Should output the following:

Code: Select all

[ ok ] Restarting rsyslog (via systemctl): rsyslog.service.
Copy Hermes SEG Configuration Files

Create hermes directory:

Code: Select all

mkdir /opt/hermes
Change to /opt/hermes directory:

Code: Select all

cd /opt/hermes/
Download Hermes SEG Configuration Files:

Code: Select all

wget https://www.deeztek.com/downloads/hermes/config/opt/hermes.zip
Unzip hermes.zip

Code: Select all

unzip hermes.zip
Ensure all files and directories are present under /opt/hermes directory:

Code: Select all

ls -l
Should yield a file and directory list like below:

Code: Select all

total 72
drwxr-xr-x 2 root root 4096 Mar 11 10:33 apache_certs
drwxr-xr-x 3 root root 4096 Mar 11 10:33 backups
drwxr-xr-x 3 root root 4096 Mar 11 10:33 CA
drwxr-xr-x 6 root root 4096 Mar 11 10:33 compile
drwxr-xr-x 2 root root 4096 Mar 11 10:33 conf_files
-rw-r--r-- 1 root root  104 Apr 14  2014 directoryexists
drwxr-xr-x 3 root root 4096 Mar 11 10:33 dkim
drwxr-xr-x 2 root root 4096 Mar 11 10:33 HermesExternalCACerts
drwxr-xr-x 2 root root 4096 Mar 11 10:33 keys
drwxr-xr-x 7 root root 4096 Mar 11 10:33 root_ca
drwxr-xr-x 2 root root 4096 Mar 11 10:33 sa-bayes
drwxr-xr-x 6 root root 4096 Mar 11 10:33 sa-learn
drwxr-xr-x 2 root root 4096 Mar 11 10:33 schedule
drwxr-xr-x 2 root root 4096 Mar 11 10:33 scheduled_tasks
drwxr-xr-x 2 root root 4096 Mar 11 10:33 scripts
drwxr-xr-x 2 root root 4096 Mar 11 10:33 ssl
drwxr-xr-x 2 root root 4096 Mar 11 10:33 templates
drwxr-xr-x 3 root root 4096 Mar 11 10:33 tmp
Delete hermes.zip file:

Code: Select all

rm hermes.zip
Make hermes scripts executable:

Code: Select all

/bin/chmod +x /opt/hermes/scripts/*
/bin/chmod +x /opt/hermes/templates/*.sh
Ensure hermes scripts are unix format:

Code: Select all

/usr/bin/dos2unix /opt/hermes/scripts/*
/usr/bin/dos2unix /opt/hermes/templates/*.sh
Install POP4.cfc:

Create /opt/lucee/tomcat/webapps/ROOT/WEB-INF/lucee/components/hermes/extension/pop4 directory structure:

Code: Select all

mkdir /opt/lucee/tomcat/webapps/ROOT/WEB-INF/lucee/components/hermes
mkdir /opt/lucee/tomcat/webapps/ROOT/WEB-INF/lucee/components/hermes/extension
mkdir /opt/lucee/tomcat/webapps/ROOT/WEB-INF/lucee/components/hermes/extension/pop4
Download pop4.zip:

Code: Select all

wget https://www.deeztek.com/downloads/hermes/config/pop4/pop4.zip
Change to /opt/lucee/tomcat/webapps/ROOT/WEB-INF/lucee/components/hermes/extension/pop4 directory:

Code: Select all

cd /opt/lucee/tomcat/webapps/ROOT/WEB-INF/lucee/components/hermes/extension/pop4
unzip pop4.zip
rm pop4.zip
Login to Lucee Server Administrator and navigate to Archives & Resources --> Component. Under the Create new Additional Resouce section enter the following:

In the Name field enter "pop" without the quotes
In the Resource field enter "/opt/lucee/tomcat/webapps/ROOT/WEB-INF/lucee/components/hermes/extension/pop4" without the quotes
In the Primary field ensure "Resource" is selected
In the Inspect field ensure "Inherit" is selected.

Click the "Update" button.

Install CIFS Utilities:

Code: Select all

apt-get -q -y install cifs-utils
Install 7zip:

Code: Select all

apt-get install -q -y p7zip p7zip-rar
Install Sendemail:

Code: Select all

apt-get install -q -y sendemail
Install haveged for GPG entropy:

Code: Select all

apt-get -q -y install haveged
Install GnuPG:

Code: Select all

apt-get -q -y install gnupg
Create /opt/hermes/.gnupg directory:

Code: Select all

/bin/mkdir /opt/hermes/.gnupg
Set permissions on /opt/hermes.gnupg directory:

Code: Select all

/bin/chmod -R go-rwx /opt/hermes/.gnupg/


Make Email Archive Directories:

Code: Select all

/bin/mkdir /mnt/hermesarchivetest
/bin/mkdir /mnt/hermesemail_archive
Install spamassassin

Code: Select all

sudo apt-get install spamassassin
7. Install razor

Code: Select all

sudo apt-get install razor
8. Install pyzor

Code: Select all

sudo apt-get install pyzor
Install Postfix and related packages

Code: Select all

sudo apt-get install postfix postfix-mysql postfix-ldap postfix-pcre
When asked what type of postfix install select "Internet Site"

Install Extractors

Code: Select all

sudo apt-get install arj bzip2 cabextract cpio file gzip lhasa nomarch pax rar unrar unzip zip zoo
Install ClamAv

Code: Select all

sudo apt-get install clamav
sudo apt-get install clamav-daemon
Copy Hermes SEG local.ign2 file into ClamAv:

Code: Select all

cd /var/lib/clamav
wget https://www.deeztek.com/downloads/hermes/config/var/lib/clamav/local.ign2
Change owner clamav for /var/lib/clamav/local.ign2:

Code: Select all

/bin/chown clamav:clamav /var/lib/clamav/local.ign2
Update clamav:

Code: Select all

sudo freshclam
Download and install ClamAV Unofficial Signatures Script:

Code: Select all

cd /home/hermes
wget https://www.deeztek.com/downloads/hermes/config/clamav-unofficial-sigs/clamav-unofficial-sigs-master.zip
unzip clamav-unofficial-sigs-master.zip
mkdir -p /usr/local/sbin/
mkdir -p /var/log/clamav-unofficial-sigs/
mkdir -p /etc/clamav-unofficial-sigs/
/bin/cp /home/hermes/clamav-unofficial-sigs-master/clamav-unofficial-sigs.sh /usr/local/sbin/
/bin/chmod +x /usr/local/sbin/clamav-unofficial-sigs.sh
/bin/cp -rf /home/hermes/clamav-unofficial-sigs-master/config/* /etc/clamav-unofficial-sigs/
/bin/cp -rf /home/hermes/clamav-unofficial-sigs-master/systemd/*.* /etc/systemd/
mv /etc/clamav-unofficial-sigs/os.ubuntu.conf /etc/clamav-unofficial-sigs/os.conf
cd /etc/clamav-unofficial-sigs/
rm -rf user.conf
wget https://www.deeztek.com/downloads/hermes/config//etc/clamav-unofficial-sigs/user.zip
unzip user.zip
rm -rf user.zip
/usr/local/sbin/clamav-unofficial-sigs.sh --install-cron
/usr/local/sbin/clamav-unofficial-sigs.sh --install-logrotate
/usr/local/sbin/clamav-unofficial-sigs.sh --install-man
/usr/local/sbin/clamav-unofficial-sigs.sh
/bin/rm -rf /home/hermes/clamav-unofficial-sigs-master/
/bin/rm -rf /home/hermes/clamav-unofficial-sigs-master.zip
Install amavisd-new

Install pre-requisites:

Code: Select all

sudo apt-get install libdbd-mysql-perl
apt-get install libdbi-perl
Accept all dependencies

Install amavisd-new

Code: Select all

sudo apt-get install amavisd-new
Accept all dependencies

The installation MAY fail with a the following error:

Code: Select all

You must explicitly assign a FQDN o...me
Mar 09 10:37:54 hermes amavis[15839]:   in /etc/amavis/conf.d/05-node_id, o...'s
Mar 09 10:37:54 hermes amavis[15839]:   network name!
Ignore for now, it will be fixed further down the configuration.

Add the clamav user to the amavis group:

Code: Select all

sudo adduser clamav amavis
Create an amavis and a dbase directories under /mnt/data:

Code: Select all

mkdir /mnt/data/amavis
mkdir /mnt/data/dbase
Create the following directories under /mnt/data/amavis:

Code: Select all

mkdir /mnt/data/amavis/bad_header
mkdir /mnt/data/amavis/banned
mkdir /mnt/data/amavis/clean
mkdir /mnt/data/amavis/spam
mkdir /mnt/data/amavis/virus
Change the owner to amavis:amavis on /mnt/data/amavis:

Code: Select all

chown -R amavis:amavis /mnt/data/amavis
Get the latest Hermes SEG Postfix and Amavisd-new Configuration Files:

Copy the Hermes SEG specific Postfix configuration files with the following commands:

Code: Select all

service postfix stop
cd /etc/postfix/
rm *
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/access
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/aliases
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/aliases.db
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/body_checks
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/canonical
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/djigzo-main.cf
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/djigzo-master.cf
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/generic
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/header_checks
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/LICENSE
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/main.bak.12813
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/main.cf
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/main.cf.1_16_2014_11_29_am
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/main.cf.6_5_2014_3_48_pm
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/main.cf.HERMES.BACKUP
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/master.BACKUP
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/master.cf
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/master.cf.BACKUP
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/master.cf.dkim
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/master.cf.non-dkim
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/master.cf.postscreen
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/master.ORIGINAL
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/mysql-aliases.cf
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/mysql-clients.cf
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/mysql-domains.cf
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/mysql-rbl_override.cf
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/mysql-recipients.cf
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/mysql-senders.cf
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/mysql-transport.cf
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/mysql-virtual.cf
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/networks
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/networks.db
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/post-install
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/postfix-files
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/postfix-files.dpkg-dist
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/postfix-script
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/postfix-script.dpkg-dist
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/postfix-wrapper
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/postmulti-script
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/postscreen_access.cidr
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/postscreen_access.cidr.db
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/razor-agent.log
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/regexp_header_checks
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/relay_domains
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/relay_domains.db
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/relay_domains.HERMES.BACKUP
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/relay_passwd
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/relay_recipients
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/relay_recipients.db
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/relocated
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/report_aliases
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/report_aliases.db
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/sender_access
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/sender_access.db
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/TLS_LICENSE
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/tls_policy
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/tls_policy.db
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/tls_policy.HERMES.BACKUP
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/transport
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/transport.BACK
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/transport.db
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/virtual
wget https://www.deeztek.com/downloads/hermes/config/etc/postfix/virtual.db
Edit the following files and set the password = SOME_PASSWORD field in each file to the mysql hermes user password you created earlier:

Code: Select all

/etc/postfix/mysql-aliases.cf
/etc/postfix/mysql-clients.cf
/etc/postfix/mysql-domains.cf
/etc/postfix/mysql-rbl_override.cf
/etc/postfix/mysql-recipients.cf
/etc/postfix/mysql-senders.cf
/etc/postfix/mysql-transport.cf
/etc/postfix/mysql-virtual.cf
Copy the Hermes SEG specific Amavid-New configuration files with the following commands:

Code: Select all

service amavis stop
cd /etc/amavis/
rm *
wget https://www.deeztek.com/downloads/hermes/config/etc/amavis/black.lst
wget https://www.deeztek.com/downloads/hermes/config/etc/amavis/white.lst
wget https://www.deeztek.com/downloads/hermes/config/etc/amavis/mynetworks
wget https://www.deeztek.com/downloads/hermes/config/etc/amavis/README.l10n
cd /etc/amavis/conf.d/
rm *
wget https://www.deeztek.com/downloads/hermes/config/etc/amavis/conf.d/01-debian
wget https://www.deeztek.com/downloads/hermes/config/etc/amavis/conf.d/05-domain_id
wget https://www.deeztek.com/downloads/hermes/config/etc/amavis/conf.d/05-node_id
wget https://www.deeztek.com/downloads/hermes/config/etc/amavis/conf.d/15-av_scanners
wget https://www.deeztek.com/downloads/hermes/config/etc/amavis/conf.d/15-content_filter_mode
wget https://www.deeztek.com/downloads/hermes/config/etc/amavis/conf.d/20-debian_defaults
wget https://www.deeztek.com/downloads/hermes/config/etc/amavis/conf.d/21-ubuntu_defaults
wget https://www.deeztek.com/downloads/hermes/config/etc/amavis/conf.d/25-amavis_helpers
wget https://www.deeztek.com/downloads/hermes/config/etc/amavis/conf.d/30-template_localization
wget https://www.deeztek.com/downloads/hermes/config/etc/amavis/conf.d/40-policy_banks
wget https://www.deeztek.com/downloads/hermes/config/etc/amavis/conf.d/50-user
wget https://www.deeztek.com/downloads/hermes/config/etc/amavis/conf.d/50-user.backup_1-17-2014-104pm
wget https://www.deeztek.com/downloads/hermes/config/etc/amavis/conf.d/50-user.HERMES.BACKUP
Edit the /etc/amavis/conf.d/50-user file:

Code: Select all

/etc/amavis/conf.d/50-user
Locate the following entries and set the SOME_PASSWORD field in each entry to the mysql amavisd user password you created earlier:

Code: Select all

@storage_sql_dsn = (
    ['DBI:mysql:database=hermes;host=localhost;port=3306', 'amavisd', 'SOME_PASSWORD'],
);

Code: Select all

$sql_allow_8bit_address = 1;
@lookup_sql_dsn = (
    ['DBI:mysql:database=hermes;host=127.0.0.1;port=3306',
     'amavisd',
     'SOME_PASSWORD']);
Configure Pyzor

Configuring Pyzor is very easy. The command below will basically goto http://pyzor.sourceforge.net/cgi-bin/in ... vers-0-3-x and get the list of the current pyzor server(s), create a "/root/.pyzor" directory and put the list of server(s) in the "/root/.pyzor/servers" file:

Code: Select all

sudo pyzor ping
You should get a response similar to below:

Code: Select all

public.pyzor.org:24441  (200, 'OK')
Now, if you view the "/root/.pyzor/servers" file you should see the server listed.

Configure Razor

First, remove the "/etc/razor/razor-agent.conf" if it exists:

Code: Select all

sudo rm /etc/razor/razor-agent.conf
Next create a "/etc/razor/" configuration:

Code: Select all

sudo razor-admin -home=/etc/razor -create
Razor requires that all spam reporters be registered so that their reputations can be computed over time and eventually participate in the revocation of spam.

Register the server as follows if you want to use an automatically generated username and password:

Code: Select all

razor-admin -home=/etc/razor -register
or

Register the server as follows if you want to specify a username and password:

razor-admin -home=/etc/razor -register -user someuser -pass somepassword

You should get a response like below:

Code: Select all

Register successful.  Identity stored in /root/.razor/identity-someusername
Next edit the "/etc/razor/razor-agent.conf":

Code: Select all

sudo vi /etc/razor/razor-agent.conf
Change the "debuglevel" entries so it looks like below:

Code: Select all

debuglevel             = 0
Save the file

Install and configure DCC

Install DCC:

DCC isn't available on the Ubuntu repositories, so we must install manually:

Code: Select all

cd /home/hermes
wget https://www.dcc-servers.net/dcc/source/dcc.tar.Z
tar -xvzf dcc.tar.Z
cd dcc-1.3.163
*** Your dcc version will probably be different than the one I use, so change to whatever directory tar creates when it extracts dcc.tar.Z

Code: Select all

sudo ./configure --with-uid=amavis
sudo make
sudo make install
sudo chown -R amavis:amavis /var/dcc/
ln -s /var/dcc/libexec/dccifd /usr/local/bin/dccifd
Configure dcc as follows:

Code: Select all

sudo cdcc "delete 127.0.0.1"
sudo cdcc "delete 127.0.0.1 Greylist"
Verify dcc operation:

Code: Select all

sudo cdcc info
You should get out output similar to the one below:

Code: Select all

# 11/25/10 14:59:45 EST  /var/dcc/map
# Re-resolve names after 16:50:16  Check RTTs after 15:10:55
# 1234.53 ms threshold, 1227.58 ms average    12 total, 9 working servers
IPv6 on   version=3

dcc1.dcc-servers.net,-      RTT+1000 ms  anon
#  65.50.200.136,-                                     z.dcc-servers ID 1049
#     100% of  1 requests ok  192.48+1000 ms RTT       100 ms queue wait
#  137.208.8.26,-                                             wuwien ID 1290
#     100% of  1 requests ok  237.16+1000 ms RTT       100 ms queue wait
#  209.169.14.27,-                                     x.dcc-servers ID 104
#     100% of  1 requests ok  178.82+1000 ms RTT       100 ms queue wait

dcc2.dcc-servers.net,-      RTT+1000 ms  anon
#  71.246.8.99,-                                               Misty ID 1170
#     100% of  1 requests ok  134.53+1000 ms RTT       100 ms queue wait
#  192.84.137.21,-
#      not answering

dcc3.dcc-servers.net,-      RTT+1000 ms  anon
#  192.135.10.194,-
#      not answering
#  209.169.14.30,-                                     x.dcc-servers ID 104
#     100% of  1 requests ok  178.85+1000 ms RTT       100 ms queue wait

dcc4.dcc-servers.net,-      RTT+1000 ms  anon
#  142.27.70.211,-                                  CollegeOfNewCaledonia ID 1189
#     100% of  1 requests ok  231.79+1000 ms RTT       100 ms queue wait
#  209.169.14.26,-                                     x.dcc-servers ID 104
#     100% of  1 requests ok  179.02+1000 ms RTT       100 ms queue wait

dcc5.dcc-servers.net,-      RTT+1000 ms  anon
# *64.254.89.30,-                                            dmv.com ID 1181
#     100% of  1 requests ok  127.58+1000 ms RTT       100 ms queue wait
#  195.20.8.232,-                                          EATSERVER ID 1166
#     100% of  1 requests ok  231.54+1000 ms RTT       100 ms queue wait

@,-                         RTT-1000 ms  32768 secret11254626333y956
#  127.0.0.1,-
#      not answering
################
# 11/25/10 14:59:45 EST  greylist /var/dcc/map
# Re-resolve names after 16:50:16  Check RTTs after 15:10:55
# 1 total, 0 working servers

@,-                         Greylist 32768 secret11254626333y956
# *127.0.0.1,6276
#      not answering
Enable DCC plugin in SpamAssassin:

Edit /etc/spamassassin/v310.pre

Code: Select all

vi /etc/spamassassin/v310.pre
Uncomment the "loadplugin Mail::SpamAssassin::Plugin::DCC" line

Configure SpamAssassin

First, must enable SpamAssassin by editing the "/etc/default/spamassassin" file:

Code: Select all

sudo vi /etc/default/spamassassin
Change the following entry:

Code: Select all

ENABLED=0
to

Code: Select all

ENABLED=1
Save the file.

Change to the /etc/spamassassin directory:

Code: Select all

cd /etc/spamassassin/
Backup the local.cf file:

Code: Select all

mv /etc/spamassassin/local.cf /etc/spamassassin/local.ORIGINAL
Copy the Hermes SEG specific Spamassassin local.cf file with the following command:

Code: Select all

wget https://www.deeztek.com/downloads/hermes/config/etc/spamassassin/local.cf
Verify SpamAssassin configuration:

Code: Select all

sudo spamassassin --lint
If no error, the configuration is good.

Restart amavisd-new:

Code: Select all

sudo /etc/init.d/amavis restart
Update the SpamAssassin ruleset with sought and spamassassin rules

The following instructions are for importing the GPG Key which sometimes doesn't work. If it doesn't work for you, follow the instructions below for NO-GPG.

GPG

Change to /usr/share/spamassassin directory:

Code: Select all

cd /usr/share/spamassassin/
Remove existing GPG.KEY file:

Code: Select all

rm GPG.KEY
Download GPG key:

Code: Select all

wget http://spamassassin.apache.org/updates/GPG.KEY 
Import GPG key:

Code: Select all

sa-update --import GPG.KEY
Update the SpamAssassin ruleset:

Code: Select all

/usr/bin/sa-update --gpgkeyfile /usr/share/spamassassin/GPG.KEY --channel sought.rules.yerp.org --channel updates.spamassassin.org -v
Create a cronjob to update the ruleset on a regular basis:

Code: Select all

sudo crontab -e
Enter the following line:

Code: Select all

0 */6 * * * /usr/bin/sa-update --gpgkeyfile /usr/share/spamassassin/GPG.KEY --channel sought.rules.yerp.org --channel updates.spamassassin.org -v
The line above will update the rulesets every 6 hours

NO-GPG

Update the SpamAssassin ruleset:

Code: Select all

/usr/bin/sa-update --nogpg --channel sought.rules.yerp.org --channel updates.spamassassin.org -v
Create a cronjob to update the ruleset on a regular basis:

Code: Select all

sudo crontab -e
Enter the following line:

Code: Select all

0 */6 * * * /usr/bin/sa-update --nogpg --channel sought.rules.yerp.org --channel updates.spamassassin.org -v
The line above will update the rulesets every 6 hours

Install SPF Python

Code: Select all

sudo apt-get install postfix-policyd-spf-python
Install OpenDKIM

Code: Select all

sudo apt-get install opendkim opendkim-tools
Configure OpenDKIM

Edit /etc/default/opendkim file:

Code: Select all

vi /etc/default/opendkim
Change the "SOCKET" line to look like below:

Code: Select all

SOCKET="inet:8891@127.0.0.1"
Save the file

Restart OpenDKIM service:

Code: Select all

service opendkim restart
Ensure OpenDKIM is listening on port 8891:

Code: Select all

netstat -antup | grep 8891
Should output the following:

Code: Select all

tcp        0      0 127.0.0.1:8891          0.0.0.0:*               LISTEN      17927/opendkim
Install OpenDMARC

The version of OpenDMARC (1.3.1) that comes with Ubuntu 16.04 is full of bugs. You must install the latest version, which at the time of this writing was opendmarc_1.3.2-6 located here:

https://packages.ubuntu.com/eoan/amd64/ ... c/download

The simplest way to install that package is to add the "eoan" universe mirror in your /etc/apt/sources.list:

Code: Select all

vi /etc/apt/sources.list 
Add the following mirror in the file:

Code: Select all

deb mirrors.kernel.org/ubuntu eoan main universe
Save the file.

Update apt:

Code: Select all

sudo apt update
Install OpenDMARC:

Code: Select all

sudo apt install opendmarc
Accept all dependencies. You will be asked to create an opendmarc database and an opendmarc MySQL user. Ensure you allow the setup script to perform those actions for you.

Check OpenDMARC status:

Code: Select all

sudo systemctl enable opendmarc
Should Output the following:

Code: Select all

● opendmarc.service - OpenDMARC Milter
   Loaded: loaded (/lib/systemd/system/opendmarc.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2019-04-29 11:56:35 EDT; 21min ago
     Docs: man:opendmarc(8)
           man:opendmarc.conf(5)
 Main PID: 29159 (opendmarc)
   CGroup: /system.slice/opendmarc.service
           └─29159 /usr/sbin/opendmarc

Apr 29 11:56:35 smtp systemd[1]: Starting OpenDMARC Milter...
Apr 29 11:56:35 smtp opendmarc[29159]: OpenDMARC Filter v1.3.2 starting ()
Apr 29 11:56:35 smtp opendmarc[29159]: additional trusted authentication services: (none)
Apr 29 11:56:35 smtp systemd[1]: Started OpenDMARC Milter.
Set OpenDMARC to automatically start at boot time:

Code: Select all

sudo systemctl enable opendmarc
Edit OpenDMARC configuration file:

Code: Select all

vi /etc/opendmarc.conf
Comment out the following line:

Code: Select all

Socket local:/var/run/opendmarc/opendmarc.sock
so it looks like:

Code: Select all

#Socket local:/var/run/opendmarc/opendmarc.sock
Add the following line below the above line to force OpenDMARC to listen on loopback on port 54321:

Code: Select all

Socket inet:54321@localhost
By default OpenDMARc won't reject emails that fail DMARC check if if the domain's policy is set to p=reject, so in order to set OpenDMARC to reject those emails, locate the following line:

Code: Select all

#RejectFailures false
and uncomment it and set it to:

Code: Select all

RejectFailures true
Add the following lines:

Code: Select all

IgnoreHosts /opt/hermes/dkim/TrustedHosts
HistoryFile /var/run/opendmarc/opendmarc.dat
Uncomment the following line:

Code: Select all

#FailureReports false
and set it to:

Code: Select all

FailureReports true
Save the file

Restart OpenDMARC:

systemctl restart opendmarc

Ensure OpenDMARC is listening on port 54321:

Code: Select all

netstat -lptu
Should output the following:

Code: Select all

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 localhost:10026         *:*                     LISTEN      21073/master
tcp        0      0 localhost:10027         *:*                     LISTEN      21073/master
tcp        0      0 localhost:spamd         *:*                     LISTEN      8606/perl
----> tcp        0      0 localhost:54321         *:*                     LISTEN      471/opendmarc <-----
tcp        0      0 *:ssh                   *:*                     LISTEN      6063/sshd
Remove the "eoan" universe mirror from your /etc/apt/sources.list:

Code: Select all

vi /etc/apt/sources.list 
Remove the following mirror in the file:

Code: Select all

deb mirrors.kernel.org/ubuntu eoan main universe
Save the file.

Update apt:

Code: Select all

sudo apt update
Install Apache and prerequisites

Code: Select all

sudo apt-get install apache2
Enable SSL and AJP proxy:

Code: Select all

sudo a2enmod ssl
sudo a2enmod proxy_ajp
Restart Apache:

Code: Select all

service apache2 restart
Install Ciphermail

Install pre-requisite packages:

Code: Select all

sudo apt-get install openjdk-8-jre openjdk-8-jre-headless ant ant-optional mktemp libsasl2-modules symlinks
Accept all dependencies

Download the following latest Ubuntu & Debian Ciphermail packages from https://www.ciphermail.com/downloads-ga ... tions.html where X.X.X-X is the latest version number:

Back End: djigzo_X.X.X-X_all.deb
Web GUI: djigzo-web_X.X.X-X_all.deb

Do NOT download the Postgres: djigzo-postgres_X.x.x-X_all.deb packages as it's not needed.

In this example, the latest version was 3.3.1-0:

Code: Select all

cd /home/hermes
wget https://www.ciphermail.com/downloads/djigzo-release-3.3.1-0/djigzo_3.3.1-0_all.deb
wget https://www.ciphermail.com/downloads/djigzo-release-3.3.1-0/djigzo-web_3.3.1-0_all.deb
Install the back-end package:

Code: Select all

sudo dpkg -i djigzo_3.3.1-0_all.deb
Install Web-GUI package:

Code: Select all

sudo dpkg -i djigzo-web_3.3.1-0_all.deb
Install Tomcat 7:

Code: Select all

sudo apt-get install tomcat7
Edit /etc/default/tomcat7 file:

Code: Select all

vi /etc/default/tomcat7
At the very bottom of the file add the following entries:

Code: Select all

JAVA_OPTS="$JAVA_OPTS -Ddjigzo-web.home=/usr/share/djigzo-web"
JAVA_OPTS="$JAVA_OPTS -Djava.awt.headless=true -Xmx256M"
JAVA_OPTS="$JAVA_OPTS -Ddjigzo.https.all=false"
TOMCAT6_SECURITY=no
Save the file and restart Tomcat 7:

Code: Select all

/etc/init.d/tomcat7 restart
Configure MySQL to allow large binary data for Ciphermail and CRL Quarantined emails

Code: Select all

sudo vi /etc/mysql/conf.d/ciphermail.cnf
Paste the following in the new file:

Code: Select all

[mysqld]
max_allowed_packet = 128M
Save the file and restart MySQL:

Code: Select all

service mysql restart
Configure Ciphermail Database

From the command line, login to MySQL as root using the password you set earlier:

Code: Select all

mysql -u root -p
Issue the following commands at the mysql> prompt to create the ciphermail database user ensure you replace SOME_PASSWORD with a password of your choice and ensure you make note of the password as it will be used further down:

Code: Select all

CREATE USER 'djigzo'@'localhost' IDENTIFIED BY 'SOME_PASSWORD';
Create the ciphermail database and assign the permissions for the djigzo user from above to it:

Code: Select all

CREATE DATABASE djigzo CHARACTER SET utf8 COLLATE utf8_general_ci;

GRANT DELETE,INSERT,SELECT,UPDATE,LOCK TABLES,DROP,CREATE,ALTER ON djigzo.* TO 'djigzo'@'localhost';
Exit the mysql> prompt:

Code: Select all

exit
Back at the command prompt, enter the following commands to download, extract and import the Ciphermail MySQL database table definitions:

Code: Select all

cd /home/hermes/
wget https://www.deeztek.com/downloads/hermes/config/sql/djigzo.zip
unzip djigzo.zip
mysql -u root -p djigzo < /home/hermes/djigzo.sql
rm djigzo.zip
rm djigzo.sql
Configure Ciphermail to use MySQL instead of PostgreSQL:

Edit the /usr/share/djigzo/wrapper/wrapper-additional-parameters.conf file:

Code: Select all

sudo vi /usr/share/djigzo/wrapper/wrapper-additional-parameters.conf
Uncomment (remove the # from the front of it) the following line at the end of wrapper-additional-parameters.conf:

Code: Select all

# -Dciphermail.hibernate.database.type=mysql
So it looks like below:
-Dciphermail.hibernate.database.type=mysql
Configure Database Connection:

Edit /usr/share/djigzo/conf/database/hibernate.mysql.connection.xml file:

Code: Select all

sudo vi /usr/share/djigzo/conf/database/hibernate.mysql.connection.xml
Ensure you change the "djigzo" password on the hibernate.connection.password line to the password you set earlier for the djigzo MySQL user you created earlier:

Code: Select all

<property name="hibernate.connection.password">djigzo</property>
Save the file

Restart the services:

Code: Select all

sudo service djigzo restart
sudo service tomcat7 restart
Install Lucee

Download the latest Lucee 4.5x (Do NOT download Lucee 5.x) release for Linux (64b) from http://download.lucee.org:

As of this writing, the latest release was 4.5.5.006. Adjust the commands below for the version you are downloading:

From the directory where you downloaded lucee-4.5.5.006-pl0-linux-x64-installer.run run the following command to make it executable:

Code: Select all

chmod +x lucee-4.5.5.006-pl0-linux-x64-installer.run
Run the installer:

Code: Select all

./lucee-4.5.5.006-pl0-linux-x64-installer.run
Accept the license agreement:

Code: Select all

Do you accept this license? [y/n]: y
Press Enter to install in the default /opt/lucee directory:

Code: Select all

Please specify the directory where Lucee will be installed.

Installation Directory [/opt/lucee]:
Create a Lucee Password for the Lucee Server Administrator and make a note of it:
Lucee Password

Code: Select all

Please enter in the default passwords for the Lucee Server Administrator and the
Lucee Web Administrators.

Lucee Password :
Lucee Password (confirm) :
On the Tomcat Ports prompt, press Enter for default port 8888:

Code: Select all

Tomcat Ports

Tomcat needs to reserve "ports" on your computer in order to serve various types
of requests. You can customize those ports using the fields below. If you are
unsure, the default values provided below are perfectly safe to use.

Tomcat Web Server Port: [8888]:
On the Tomcat Shutdown Port enter 8006 press Enter:

Code: Select all

Tomcat Shutdown Port: [8005]:
On the Tomcat AJP Port press Enter:

Code: Select all

Tomcat AJP Port: [8009]:
On the System User Account that Tomcat will run under prompt, press Enter:

Code: Select all

Enter in the System User Account that Tomcat will run under. Running as "root"
or "Administrator" on Windows will avoid system permission problems, while
running as a non-root user will add an additional layer of security. If you
choose to run as a non-root user, we recommend using a easily identifiable
username like "lucee" or "cfml".

 [root]:
At the Start At Boot prompt, enter Y and press Enter:

Code: Select all

Start At Boot?

Do you want Lucee to start up automatically whenever the system boots up?

Yes, Start Lucee at Boot Time [Y/n]: y
At the Install Apache Connector prompt enter Y and press Enter:

Code: Select all

Install Apache Connector?

This option will install mod_proxy_http so that you can utilize Apache as a web
server in front of your Lucee installation. This option is recommended if you're
using Apache.

Yes, Install Apache Connector [Y/n]: y
At the Install modcfml prompt enter Y and press Enter:

Code: Select all

Install modcfml?

The mod_cfml adaptor helps make system administration easier by automatically
creating new hosts in Tomcat whenever you add a new host to your web server. To
learn more about mod_cfml, visit its website at modcfml.org. This option is
recommended for most environments.

Yes, Install mod_cfml [Y/n]: y
At the Apache Control Script Location prompt press Enter:

Code: Select all

Apache Control Script Location

Please enter the location of your apache control script. The default location
for this script is "/usr/sbin/apachectl".

Apache Control Script Location [/usr/sbin/apachectl]:
At the Apache Modules Directory prompt, ensure the path is /usr/lib/apache2/modules and press Enter:

Code: Select all

Apache Modules Directory

Please enter the directory that apache stores it's modules in. By default, this
directory is located at "/usr/lib/httpd/modules/" for RHEL/CentOS, and
"/usr/lib/apache2/modules/" for Ubuntu. For 64-bit systems, try changing the
"lib" directory to "lib64".

Apache Modules Directory [/usr/lib/apache2/modules]:
At the Apache Configuration File prompt, ensure the path is set to /etc/apache2/apache2.conf and press Enter:

Code: Select all

Apache Configuration File

The Apache configuration file controls how Apache processes incoming requests.
The default location of the Apache configuration file is
"/etc/httpd/conf/httpd.conf" on RHEL/CentOS and "/etc/apache2/apache2.conf" on
Ubuntu.

Apache Configuration File [/etc/apache2/apache2.conf]:
At the Apache Logs Directory ensure the path is set to /var/log/apache2/ and press Enter:

Code: Select all

Apache Logs Directory

Please enter the directory that Apache stores it's log files in. By default,
this directory is located at "/var/log/httpd/" for RHEL/CentOS, and
"/var/log/apache2/" for Ubuntu.

Apache Logs Directory [/var/log/apache2]:
At the Do you want to continue prompt, enter Y and press Enter:

Code: Select all

Setup is now ready to begin installing Lucee on your computer.

Do you want to continue? [Y/n]: y
Successful installation will be indicated by the following output:

Code: Select all

Please wait while Setup installs Lucee on your computer.

 Installing
 0% ______________ 50% ______________ 100%
 #########################################

----------------------------------------------------------------------------
Setup has finished installing Lucee on your computer.
Backup the /opt/lucee/tomcat/conf/server.xml file:

Code: Select all

cp /opt/lucee/tomcat/conf/server.xml /opt/lucee/tomcat/conf/server.ORIGINAL
Edit the /opt/lucee/tomcat/conf/server.xml file:

Code: Select all

vi /opt/lucee/tomcat/conf/server.xml
Change the following entry from:

Code: Select all

<Server port="8005" shutdown="SHUTDOWN">
to:

Code: Select all

<Server port="8006" shutdown="SHUTDOWN">
Change the following entry from:

Code: Select all

 <Connector port="8888" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
to:

Code: Select all

 <Connector port="8888" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8444" />
Change the following entry from:

Code: Select all

 <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
to:

Code: Select all

 <Connector port="8009" protocol="AJP/1.3" redirectPort="8444" />
Add the following entry at the bottom, right above the </Engine> entry:

Code: Select all

<Host name="localhost">
      <Context path="" docBase="/var/www/html" />
</Host>
So the whole entry will look like below:

Code: Select all

<Host name="localhost">
      <Context path="" docBase="/var/www/html" />
</Host>

    </Engine>
  </Service>
</Server>
Save the file

Set JAVA Initial and Maximum memory allocation by editing the following file:

Code: Select all

vi /opt/lucee/tomcat/bin/setenv.sh
Set the CATALINA_OPTS line as follows:

Code: Select all

CATALINA_OPTS="-Xms1024m -Xmx2048m";
Ensure your appliance has plenty of RAM allocated to it to accommodate the 2GB of memory allocation you set above.

Save the file

Restart Lucee:

Code: Select all

/etc/init.d/lucee_ctl restart
Ensure you can access and login to the Lucee Server Administrator using the the Lucee password you set earlier during setup at the following URL where 192.xxx.xxx.xxx is the IP address of your server:

http://192.xxx.xxx.xxx:8888/lucee/admin/server.cfm

While in the Lucee Server Administrator, click on "Request" under the "Settings" section. Under the "Request timeout" section, set the time to Days 0, Hours 1, Minutes 0, Seconds 0 and click on the "Update" button.

Ensure you can access and login to the Lucee Web Administrator using the the Lucee password you set earlier during setup at the following URL where 192.xxx.xxx.xxx is the IP address of your server:

http://192.xxx.xxx.xxx:8888/lucee/admin/web.cfm

While in Lucee Web Administrator, click on "Mappings" and create mappings for the following:

Code: Select all

Virtual: /schedule Resource: /var/www/html/schedule Archive: N/A Primary: Resource Inspect: Inherit 
Virtual: /admin Resource: /var/www/html/admin Archive: N/A Primary: Resource Inspect: Inherit 
Virtual: /users Resource: /var/www/html/users Archive: N/A Primary: Resource Inspect: Inherit 
Virtual: /main Resource: /var/www/html/main Archive: N/A Primary: Resource Inspect: Inherit 

Install SEG Application Files

Change to /var/www/html directory:

Code: Select all

cd /var/www/html
Download the latest html.zip file:

Code: Select all

wget https://www.deeztek.com/downloads/hermes/config/var/www/html/html.zip
Extract html.zip file:

Code: Select all

unzip html.zip
Ensure the directory structure is correct:

Code: Select all

ls -l
Should output the following:

Code: Select all

total 5676
drwxr-xr-x 6 root root   20480 Mar 15 13:04 admin
-rw-r--r-- 1 root root 5756576 Mar 15 13:06 html.zip
-rw-r--r-- 1 root root   11321 Mar 13 08:46 index.html
drwxr-xr-x 2 root root    4096 Mar 15 13:04 main
drwxr-xr-x 2 root root    4096 Mar 15 13:04 schedule
drwxr-xr-x 2 root root    4096 Mar 15 13:04 tasks
drwxr-xr-x 4 root root    4096 Mar 15 13:04 users
drwxr-xr-x 3 root root    4096 Mar 14 10:48 WEB-INF
Delete html.zip file:

Code: Select all

rm -rf html.zip
Change to /etc/apache2/sites-available directory:

Code: Select all

cd /etc/apache2/sites-available/
Disable existing default site config files:

Code: Select all

a2dissite 000-default.conf
a2dissite default-ssl.conf
Download the latest sites-available.zip file:

Code: Select all

wget https://www.deeztek.com/downloads/hermes/config/etc/apache2/sites-available/sites-available.zip
Extract sites-available.zip file ensure you answer y to replace 000-default.conf and default-ssl.conf files:

Code: Select all

unzip sites-available.zip
Ensure the directory structure is correct:

Code: Select all

ls -l
Should output the following:

Code: Select all

total 56
-rw-r--r-- 1 root root  1332 Jan  7  2014 000-default.conf
-rw-r--r-- 1 root root   950 Feb  6  2012 default.dpkg-dist
-rw-r--r-- 1 root root  6437 Jan  7  2014 default-ssl.conf
-rw-r--r-- 1 root root  7469 Feb  6  2012 default-ssl.dpkg-dist
-rw-r--r-- 1 root root   799 Jan 28  2014 hermes
-rw-r--r-- 1 root root  1350 Nov 22  2014 hermes-ssl
-rw-r--r-- 1 root root  1181 May 17  2017 hermes-ssl.conf
-rw-r--r-- 1 root root  1135 Sep  5  2014 hermes-ssl.SELF
-rw-r--r-- 1 root root  1109 Sep  5  2014 hermes-ssl.SPECIFIED
-rw-r--r-- 1 root root 10094 Mar 15 13:28 sites-available.zip
Delete sites-available.zip file:

Code: Select all

rm -rf sites-available.zip
Enable hermes-ssl site:

Code: Select all

a2ensite hermes-ssl.conf
Edit /etc/apache2/ports.conf file:

Code: Select all

vi /etc/apache2/ports.conf
Change all instances of 443 to 9080 in the lines below:

from:

Code: Select all

Listen 80

<IfModule ssl_module>
        Listen 443
</IfModule>

<IfModule mod_gnutls.c>
        Listen 443
</IfModule>

to

Code: Select all

Listen 80

<IfModule ssl_module>
        Listen 9080
</IfModule>

<IfModule mod_gnutls.c>
        Listen 9080
</IfModule>
Save the file and restart Apache:

Login to the Lucee Server Administrator using the the Lucee password you set earlier during setup at the following URL where 192.xxx.xxx.xxx is the IP address of your server:

http://192.xxx.xxx.xxx:8888/lucee/admin/server.cfm

Click on "Password" under Security.

Under the "Set default password" section, enter a password for the web administrators, make a note of it and click the "Update" button.

Next, click on "Web" on the upper right-hand corner of the page and in the "Password" field enter the password you just set and ensure that it works.

Next, click back on "Server" on the upper right-hand corner of the page and click on "Datasource" under the "Services" section.

Under the "Create new datasource" enter "hermes" without the quotes in the "Name" field, select "MySQL" in the "Type" field and click the "Create" button.

In the following screen named "Create new datasource connection MySQL" page, enter "hermes" without the quotes in both the "Database" and the "Username" fields, enter the password of the hermes MySQL user you created earlier in the "Password" field.

Ensure you place a check mark next to the "Blob" and the "Clob" fields and click the "Create" button at the bottom of the page. You will be re-directed back to the "Datasources" page and you will see your new datasource listed with "OK" displayed under the "Check" column.

Back under the "Create new datasource" enter "Syslog" without the quotes in the "Name" field, select "MySQL" in the "Type" field and click the "Create" button.

In the following screen named "Create new datasource connection MySQL" page, enter "Syslog" without the quotes in the "Database" field, "rsyslog" without the quotes in the "Username" field, enter the password of the rsyslog MySQL user you created earlier in the "Password" field.

Ensure you place a check mark next to the "Blob" and the "Clob" fields and click the "Create" button at the bottom of the page. You will be re-directed back to the "Datasources" page and you will see your new datasource listed with "OK" displayed under the "Check" column.

Back under the "Create new datasource" enter "djigzo" without the quotes in the "Name" field, select "MySQL" in the "Type" field and click the "Create" button.

In the following "Create new datasource connection MySQL" page, enter the "djigzo" without the quotes in both the "Username" and "Database" fields, enter the password of the djigzo MySQL user you created earlier in the "Password" field.

Ensure you place a check mark next to the "Blob" and the "Clob" fields and click the "Create" button at the bottom of the page. You will be re-directed back to the "Datasources" page and you will see your new datasource listed with "OK" displayed under the "Check" column.

Click on "Request" under the "Settings"

Under the "Request Timeout" section set "Days" to 0, "Hours" to 1, "Minutes" to 0 and "Seconds" to 0 and click the "Update" button.