Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
what is apache?
Apache is a freeware & is the Most Popular& widely used Web Server which
consumes 60% of web
market that can be configured in both windows and LINUX.
service profile:
type: System V-managed service
packages: httpd,httpd-devel,httpd-manual
Daemon: /usr/sbin/httpd
script:/etc/init.d/httpd
ports: 80(http).443(https)
configuration file: /etc/httpd/conf/httpd.conf
related: system-config-httpd,mod_ssl
default selinux daemon : /var/www
(here 192.168.0.17 is our systes ip & /var/www/html is the document root here
we have to place web page to convert as web site NOTE: web page must be with
a name of inde.html)
save&quit
cd /var/www/html
vi index.html
(type as follows)
<head>
<body bgcolor=red>
<h1> " welcome to cyber web services" <h1>
</body>
</head>
save & quit
#service httpd restart
open firefox and type in url
http://station17.redhat.com(now the website will appear)
#vi /etc/httpd/http.conf
(line no 971) # name vitual host *: 80 (remove # and *:80) type ur system ip
(namevirtualhost 192.168.0.17 )
copy last five lines and paste under it
VirtualHost 192.168.0.17>
ServerAdmin root@www17.redhat.com
DocumentRoot /var/www/virtual
serverName www17.redhat.com
</VirtualHost>
(here we are changing system name as www17.redhat.com and document root under
/var/www/virtual)
save & quit
#mkdir -p /var/www/virtual
# cd /var/www/virtual
# vi index.html
<head>
<body bgcolor=green>
<h1> "welcome to virtual website" <h1>
</body>
</head>
save & quit
#service httpd restart
to check
open mozilla
type http://www17.redhat.com
ex:
# vi /etc/httpd/conf/httpd.conf
<VirtualHost 192.168.0.17>
ServerAdmin root@xxx17.redhat.com
DocumentRoot /cyber
serverName xxx17.redhat.com
</VirtualHost>
save&quit
#mkdir /cyber
#cd /cyber
#vi index.html
<html>
<body bgcolor=blue>
<h1> "welcome to cyber'+'technologies" <h1>
</body>
</html>
save & quit
#chcon -R --reference=/var/www/html /cyber
#service httpd restart
to check :
open mozilla
type in url box as follows
http://xxx17.redhat.com(u will get website)
#vi /etc/httpd/httpd.conf
<VirtualHost 192.168.0.17>
ServerAdmin root@www17.redhat.com
DocumentRoot /var/www/virtual
serverName www17.redhat.com
Alias /training /var/www/training (add this line in that website)
</VirtualHost>
# cd /var/www/
#cat > training
(type any thing)
save
#service httpd restart
to check :
go to mozilla
type www17.redhat.com/training
<Directory /var/www/html>
AllowOverride AuthConfig
</Directory>
save & quit
# cd /var/www/html
#vi .htaccess
AuthName "it"
AuthType Basic
AuthUserfile /etc/httpd/conf/passwd
require valid-user
to check :
#vi /etc/httpd/conf/httpd.conf
<Directory "/var/www/html">
Order Allow,deny
Allow from all
deny station12.redhat.com
</Directory>
( here we are denying station12.redhat.com)
# vi /etc/httpd/conf.d/ssl.conf
(line no134) #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
(remove #)
save&quit
#cd /etc/pki/tls/certs
make genkey
provide passphrase
#make testcert
passphrase(create with samepassword)
provide country,city,office,mailaddress
#service httpd restart
to run scripts
#vi test.sh
#!/bin/bash
echo Content-Type:text/html
echo
--
date
ls -l
echo welcome to cyber services
save&quit
#mkdir -p /var/www/hml/cgi-bin
#cp -rf test.sh /var/www/html/cgi-bin/
#cd /var/www/html/cgi-bin/
#cd ..
#chown -R apache.apache cgi-bin
#cd cgi-bin
#chmod 755 test.sh
#vi /etc/httpd/conf/httpd.conf
add a line in website data
ScriptAlias /cgi-bin "/var/www/html/cgi-bin"
save&quit
#service httpd restart
#setsebool -P httpd_tty_comm on
#setsebool -P httpd_enable_cgi 1
#setsebool -P httpd_sys_script_exec_t rw
to check:
open mozilla
type http://station17.redhat.com/cgi-bin
DHCP(Dynamically Host Configuration
Protocol)
service profile:
type :SysteV-managed service
package:dhcp
Daemon: /usr/sbin/dhcpd
script : /etc/init.d/dhcpd
ports : 67(bootps), 68 (bootpc)
conf.file: /etc/dhcpd.conf,/var/lib/dhcpd/dhcpd.leases
related: dhclient,dhcpv6-client,dhcpv6
ddns-update-style interim;
ignore client-updates;
host station1
{ hardware ethernet 00:a0:cc:3d:45:3e
fixed address 192.168.0.10;
}
}
(here in this example we are providing 192.168.0.10 for a
specific system we have to type mac address of that system at hardware
ethernet)
# vi /etc/rfc1912.zones
copy ten lines from 21 to 31 and paste under 31
change as follows
zone "redhat.com" IN {
type master;
file "redhat.for"
allow-update { none; };
};
zone "0.168.192.IN-addr-arpa IN {
type master;
file "redhat.rev"
allow-update { none; };
};
change as follows
$TTL 86400
@ IN SOA redhat.com. root.redhat.com. (
42 ; serial (d.
adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS server1.redhat.com.
server1.redhat.com. IN A 192.168.0.254
www254.redhat.com. IN CNAME server1.redhat.com.
station1.redhat.com. IN A 192.168.0.1
www1.redhat.com. IN CNAME station1.redhat.com.
station2.redhat.com. IN A 192.168.0.2
www2.redhat.com. IN CNAME station2.redhat.com.
xxx2.redhat.com. IN CNAME station2.redhat.com.
yyy2.redhat.com. IN CNAME station2.redhat.com.
station3.redhat.com. IN A 192.168.0.3
www3.redhat.com. IN CNAME station3.redhat.com.
station4.redhat.com. IN A 192.168.0.4
www4.redhat.com. IN CNAME station4.redhat.com.
station5.redhat.com. IN A 192.168.0.5
www5.redhat.com. IN CNAME station5.redhat.com.
station6.redhat.com. IN A 192.168.0.6
www6.redhat.com. IN CNAME station6.redhat.com.
types of records:
SOA : sort of authority the first record in any zone it indicates who is
authority for this domain
NS :nameserver it identifies the dns server for each zone
A record : resolves hostname to ip address
CNAME record : resolves an alias name to a hostname
PTR record : resolves an ipaddress to a hostname
MX record : resolves mail server ip (used by mail server)
TTL :time to live)
#vi redhat.rev
(change as follows)
$TTL 86400
@ IN SOA redhat.com. root.redhat.com. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS server1.redhat.com.
254 IN PTR server1.redhat.com.
1 IN PTR station1.redhat.com.
2 IN PTR station2.redhat.com.
3 IN PTR station3.redhat.com.
4 IN PTR station4.redhat.com.
5 IN PTR station5.redhat.com.
6 IN PTR station6.redhat.com.
to check:
#dig server1.redhat.com
#dig -x 192.168.0.1
(if answer is 1 server is ready if answer is 0 server has some error)
SLAVE DNS
if any error may occur to your dns server at the time the
entir network will stop.sometimes it may cause huge damage.for that one we
are createing slave dns for faulttolerance and load balancing.
steps
(change as follows)
copy 10 lines from 21 to 31 paste under 31
zone "redhat.com"
type slave;
file "redhat.for"
masters {192.168.0.254:};
save& quit
go to client
#i /etc/resolv.conf
nameserver 192.168.0.254
nameserver 192.168.0.1 (slave dns ip)
FORWARDERS
steps
in master dns server
# vi /var/named/chroot/etc/named.conf
add aline
forwarders {192.168.10.254:};
forward only ;
};
(here 192.168.10.254 is trusted companies dns)
save & quit
Service profile:
Type:System V-managed service
Package:vsftpd
Daemon:/usr/sbin/vsftpd
Script:/etc/init.d/vsftpd
Ports:21(ftp),20(ftp-data)
Configuration
files:/etc/vsftpd/vsftpd.conf,/etc/vsftpd/ftpusers,/etc/pam.d/vsftpd
Log:/var/log/xferlog
Related:tcp_wrappers,ip_conntrack_ftp,ip_nat_ftp
default selinux daemon= /var/ftp
2)LOCAL USERS:Users with accounts on the target system can connect via ftp
and login using their username and password. They can download any file
they can read and upload to any directory which they have write access.
SECOND METHOD:
#vi /etc/vsftpd/user_list
type username
save&quit
(without asking password it will deny access)
To provide banner:
#vi /etc/vsftpd/vsftpd.conf
(line no.83)#ftpd_banner=welcome to blah ftpservice(remove # and matter
type your own matter)
save&quit
#!ser
CLIENT SIDE:
to check:
add an user send mail to that user from remote system
MAIL SERVER
Sendmail
Postfix
Qmail:
The Qmail MTA is another alternative to sendmail.
It is used by an impressive list of Internet sites.
Smail:
It is reportedly easier to configure than sendmail.
It also includes support for blocking messages.
Exim:
The Exim MTA was developed at Cambridge (U.K.) and islicensed under the
GPL. While based on an older MTAknown as Smail
we can forward mails from one domain to another domain.with the help of
this mail server we can forward mails to branches or public
mailserver must have public ip
Send mail:
It listens mails sent by MUA's through port no.25.
in this mail server mails will be strictly check for exploids and
regenerate the packet and send to MDA.
to check:
add 2users login as one user & send mail to another user
then login as second user type mail
2nd method
#vi /etc/aliases
go to last line add as follows
sam: john (here in this example we are redirecting sams mails to john)
save&quit
#newaliases (to update /etc/aliases file)
tocheck :
send a mail to sam from remote system
you have to get mail in john mailbox
by using ssl certification we can encrypt the data transfer between one
user to another user or one mailserver to another mailserver
#vi /etc/dovecot.conf
(line no 87 & 88)
#ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
#ssl_key_file = /etc/pki/dovecot/private/dovecot.pem (remove # for two
lines)
save&quit
#make -C /etc/pki/tls/certs dovecot.pem
provide country,state,city,organization,server,user info (user must not
root)
#cp /etc/pki/tls/certs/dovecot.pem /etc/pki/tls/private
#service sendmail restart
#service dovecot restart
Service profile:
type:system V-managed service
package:nfs-utils
Daemons:rpc.nfsd,rpc.lockd,rpciod,rpc.mountd,rpc.rquotad,rpc.statd
Scripts:/etc/init.d/nfs,/etc/init.d/nfslock
Ports:2049(nfsd),Others assigned by portmap(111)
Configuration:/etc/exports
Related:portmap (mandatory),tcp_wrappers
nfs client:
A system that mounts the file resources shared over the network and
presents the file resource as if they were local(having same range of IP
address).
Benifits of nfs:
Centralized file access
Common software access
Easy to use
Requirements:
Packages:nfs-*
#vi /etc/exports
/data *.redhat.com(rw,sync,no_root_squash)
save&quit
#chmod 750 /data
#service nfs restart
#showmount -e
(this is the command to check which directories are exported)
#exportfs -v
(to check exported directories permissions)
#exportfs -r
(to replicate changes without logout session from client)
Drawbacks of nfs:
For using nfs like this we have to mount server for a long time at
that time if any user wants to connect with server it will take a long
time (network traffic).
Wastage of bandwidth
To overcome this drawbacks we use automounting
AUTOMOUNTING
Automounting:
Automounting is used to save the bandwidth and helps administrator
for easy administration of nfs mounts.
We can mount server uploaded directory on a nested directory only.
Note: Automounting has to implement only in client
Steps to configure automounting:
(now we are trying to mount server exported /data on /sun/moon in client)
#vi /etc/auto.master
(this file contains information about nfs mount directory and second
maping file and time out session)
Edit at last line:
/sun /etc/auto.misc --timeout=5
(default timeout is 1 minute here in configuration file timeout identifies
as seconds)
save&quit
#vi /etc/auto.misc
this file contains information aboout hidden directory filesystem type and
location of server and share directory.
syn: <directory> <permissions> <server IP>:<shared directory>
ex:moon -rw,soft,intr 192.168.0.1:/data
save&quit
(here soft means whenever we are trying to edit into /sun/moon it will
automatically create a soft link between server and client)
intr is used to break the soft link whenever we comes out from the nested
directory by reading timeout
To check:
#cd /sun/moon
Both NIS and LDAP allows to manage all users &computer centrally.
it works with the help of sunrpc
here passwords are in clear text format. we normally use nfs along wuth
nis to share users home directories from server to client for security
purpose
SAMBA SERVER
The samba server will provide user authentication via passwords and
optionally domains. Samba can also try AFS(andrew file system)
authentication, granting AFS rights if successfull or falling back to
native password checking otherwise.
SAMBA SERVICES:
Four main services of samba
1)Authentication and authorization of users
2)File and printer sharing
3)Name resolution
4)Browsing(service announcements)
Related:
smbclient command line access
linux can mount a samba share using cifs and smbfs filesystem
File and printer sharing is probably the most attractive samba
feature for most users. With this functions users can easily retrive files
or print to any printer over the network.
SERVICE PROFILE:
Type: System V-managed service
Packages: Samba,samba-common,samba-client
Daemons: /usr/sbin/nmbd,/usr/sbin/smbd
Script: /etc/init.d/smb
Ports: <netbios> 137(-ns),138(-dgm),139(-ssh),<smb over tcp> 445(-ds)
Configuration file: /etc/samba/smb.conf
Related: system-config-samba,testparm
here we are sharing /exam directory to sam and john they can read write
/exam from any of 192.168.0. network system by using a share name linux
Note: we have to provide samba password for both users
#smbpasswd -a <username>
samba passwords will store under /etc/samba/smbpasswd
To check syntax of configuration file:
#testparm
#service smb restart
#mkdir /exam
#chmod 777 /exam
(here we have to set selinux context )
#chcon -t samba_share_t /exam
#setsebool -P allow_smbd_anon_write=1
to disconnect
smb> (type exit)
to disconnect
-------------------
rightclick on mynetwork places disconnect network drive
select drive click ok
IInd Method
---------------
start---run ----
\\<serverip>\<sharedirectory>
provide username and password
vi /etc/samba/smb.conf
[<sharename>]
path=<exported directory>
write list=@<group name>
ex:
[linux]
path=/exam
write list=@sales
to check :
#vi /etc/squid/squid.conf
add a line under 2536 as follows
acl deepu 192.168.0.0/24
acl bussiness time MWTHFA 9:00-17:30
http_access allow deepu bussiness - time
#vi /etc/squid/squid.conf
(line no2537) acl test url_regex www.yahoo.com
http_access deny test
#vi /etc/squid/squid.conf
(line no73) http_port 3128 (change this one as 8080)
(line no305)# cache_peer parent.foo.net parent 3128 3130
[ proxy-only]
remove # &change this one as follows
cache_peer server1.redhat.com parent 3128 3130
KICKSTART CONFIGUARATIONS
KICKSTART SERVER
steps :
keep rhel5 dvd in cdrom
#mount /dev/cdrom /mnt
#cd /mnt
#cd Server
#rpm -ivh pykickstart-0.43
0.43-1.el5.noarch.rpm --force --aid
#system-config-kickstart-2.6.19.1-1.el5.noarch.rpm --force --aid
change as follows
we have provided screen shots for this
save this file under /var/ftp/pub(with a name with .ks extension)
client side:
KICKSTART SERVER