Apache 2.0

Introduction

Apache is a freely available Web server that is distributed under an "open source" license. Version 2.0 runs on most Unix-based operating systems, According to a Netcraft (www.netcraft.com) Web server survey 60% of all Web sites on the Internet are using Apache making Apache more widely used than all other Web servers combined.

Features of Apache 2.0

Unix Threading
On Unix systems with POSIX threads support, Apache can now run in a hybrid multiprocess, multithreaded mode. This improves scalability for many, but not all configurations.

New Build System
The build system has been rewritten from scratch to be based on autoconf and libtool. This makes Apache's configuration system more similar to that of other packages.

Multiprotocol Support
Apache now has some of the infrastructure in place to support serving multiple protocols. mod_echo has been written as an example.

Filtering
Apache modules may now be written as filters which act on the stream of content as it is delivered to or from the server. This allows, for example, the output of CGI scripts to be parsed for Server Side Include directives using the INCLUDES filter in mod_include. The module mod_ext_filter allows external programs to act as filters in much the same way that CGI programs can act as handlers.

Simplified configuration
Many confusing directives have been simplified. The often confusing Port and BindAddress directives are gone; only the Listen directive is used for IP address binding; the ServerName directive specifies the server name and port number only for redirection and vhost recognition.

Install Apache
There are 3 ways to install Apache:
1. Install through Yum
2. Install RPM package
Yum (Yellowdog Updater Modified)

Install through yum is simple. Just execute the following command to install
#yum install

RPM Package Manager
Installing through RPM Package manager requires a bit more work. Normally we will install from the CD/DVD-ROM provided. If in any case a CD/DVD-ROM is not available, we will have to download the rpm file from online source.

a) Navigate to the source, which most like be the CD/DVD-ROM. The source CD/DVD-ROM have to be inserted first.

#cd /media/RHEL_5.3\x86\DVD/server

b) Install RPM
#rpm –ivh httpd*


Setting up Apache Server
•The following steps are performed on the instructor computer
•Log in as root

The following commands checks if the web server is installed on the instructor computer
#chkconfig --list httpd

Fig 1.1

From the image above (fig1.1) Apache Server is installed but all run level are off. You can type the following command to ensure that the Apache starts in run level 3 and 5.
#chkconfig –level 35 httpd on

Fig 1.2

Type the following command to start the Apache services and go to web browser and navigate to http://localhost. To ensure that the default web page is up

Fig 1.3

Fig1.4

This command allows you to view the main Apache Server Configuration File.
#nano /etc/httpd/conf/httpd.conf

You can stall the html files at this directory. As you can see there are two folder here.
#/var/www/html

Setting up Apache Server Virtual Web hosting

/var/www/html : Fig2.1

Ensure that you have the folders that you are trying to and in each folder will need to have a index.html for testing purpose.
You have to enter the following command in order to configure the httpd configuration for Virtual Hosting
#nano /etc/httpd/conf/httpd.conf

You can use the template documents as the end of the document as a guide for creating the configuration or connection for the virtual hosting .

Add in the following lines to configure the gajchung web hosting. _____________________________________

DocumentRoot /var/www/html/gajchung/

DirectoryIndex index.html

ServerName http://www.gajchung.com/

ServerAlias gajchung.com, http://www.jon.com/

Disable Directory Listing
For example, you create a subdirectory named /home/www/gajchung/example under www.gajchung.com's Document Root. You'll be able to view the contents of the file gajchung.example.html in this subdirectory if you point your browser to:
www.gajchung.com/example/gajchung.example.com.html

You can disable the Directory Listing by typing the following commands in the
#nano /etc/httpd/conf/httpd.conf

You would not be able to browse the directory in gajchung folder.
Checking Syntax
You can check the work that you have done to create virtual hosts with the following command:
#httpd –S

User-Based Security
Limit access to the webpage to authorized users with password by adding the following commands into the Container

AuthType Basic
AuthName “ Internal Use Only:
AuthUserFile /etc/httpd/webpass
Require user gajchung


Adding the user
Adding the user to be able to access to the Document Root Folders
#useradd –g users www
#chown –R www:users /home/www
#chmod 755 /home/www

You can test the new ownership command by typing
#11 /var/www/gajchung/index.*

Here is the result which is tested on the Instructor Computer . If you have set the Apache Web hosting properly

www.hahaeve.com

www.gajchung.com

Localhost

Troubleshooting of Apache 2.0

1) /etc/init.d/httpd start : Start the web daemon
2) /etc/init.d/httpd stop : Stop the web daemon
3) /etc/init.d/httpd restart : Stop the daemon and then start it quickly
4) /etc/init.d/httpd reload : Reload the configuration files
5) /etc/init.d/httpd status : Obtain the daemon status
6) /etc/init.d/httpd -help : Obtaining a list of init script
7) /etc/init.d/httpd configtest : Test your Apache Configuration

Sendmail

What is Sendmail?
Sendmail is a general purpose internetworking email routing facility that supports many kinds of mail-transfer and delivery methods, including the Simple Mail Transfer Protocol (SMTP) used for email transport over the internet.

Install Sendmail
Sendmail requires 3 packages to work; sendmail, sendmail-cf and m4.

There are 3 ways to install sendmail:
1) Installing through Yum
2) Install RPM packages
3) Build from source

Yum (Yellowdog Updater Modified)
Install through Yum is simple. Just execute the following command to install.
_________________________________________________
~]#Yum install sendmail sendmail-cf m4
_________________________________________________

RPM Package Manager
Installing through RPM Package manager requires a bit more work. Normally we will install from the CD/DVD-ROM provided. If in any case a CD/DVD-ROM is not available, we might have to download the rpm file from online source.

a. Navigate to the source, which most like be the CD/DVD-ROM. The source CD/DVD-ROM have to be inserted first
____________________________________________
~]# cd / media/RHEL_5.3\ x86_64\ DVD/Server
____________________________________________

b. Install the rpm
_____________________________________________
~]# rpm –ivh sendmail*
~]# rpm –ivh m4*
_____________________________________________

Install from source
a.Download the source
_________________________________________________
~]# wget ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.14.4.tar.gz
_________________________________________________
b.Unzip the source
____________________________________
~]# tar –zxv sendmail.8.14.4.tar.gz
____________________________________

c. Compile the source
____________________________
~]# cd sendmail.8.14.4
# ./Build
# ./Build install
____________________________

Configure Sendmail
Sendmail is a very huge topic to cover. Yet in this document we will be covering on a simple installating to get sendmail working and the methods to test and troubleshooting sendmail should problem arises.

Dovecot is used in this document to IMAP and POP access to the clients. In this document we will also be covering how clients from both Linux and Windows platform are able to access the mail server.

Ensure DNS is configured properly for Mail Exchange
1.Make sure the fully qualified domain name (fqdn) of the mail server host can be resolved.
________________________________________
~]# host mail.ca.com
mail.ca.com is an alias for svr1.ca.com.
svr1.ca.com has address 192.168.205.10
________________________________________
2. Ensure that the MX record in the DNS zone file is pointed correctly to the IP address of the mail server.
_________________________________________________________________________________
~]# cat /var/named/ca.com.zone
;
; Zone file for my-site.com
;
; The full zone file
;
$TTL 3D
@ IN SOA ns1.ca.com. hostmaster.ca.com. (
200211152 ; serial#
3600 ; refresh, seconds
3600 ; retry, seconds
3600 ; expire, seconds
3600 ) ; minimum, seconds

IN NS ns1.ca.com. ; Inet Address of nameserver
IN MX 10 mail.ca.com. ; Primary Mail Exchanger
svr1 IN A 192.168.205.10
mail IN CNAME svr1
____________________________________________________________________
Configure sendmail.mc
1.Ensure that sendmail is listening to the correct network
a.Using netstat to determine to network that the server is listening to

Correct result:
______________________________________
~]# netstat -an grep :25 grep tcp
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
______________________________________

Incorrect result:
_______________________________________
~]# netstat -an grep :25 grep tcp
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
_______________________________________

b. If the server is only listening to localhost, make the following changes by commenting the daemon_options line in sendmail.mc. To comment, just add dnl in front of the line.

~]# vi /etc/mail/sendmail.mc
_______________________________________________________________
dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
dnl DAEMON_OPTIONS(`Port=smtp, Name=MTA')
_________________________________________________________

2. Comment out SMART_HOST entry, which is only required for client.
________________________________________

dnl define(`SMART_HOST',`mail.ca.com')
________________________________________

3. Regenerate sendmail.cf and start sendmail
_____________________________________________________
~]# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
~]# service sendmail restart
_____________________________________________________

Configure DoveCot for POP access
1. Install dovecot if required
~]# rpm –ivh dovecot*

2.Ensure dovecot is configured for pop3
______________________________________________________________________
~]# vi /etc/dovecot.conf

# Protocols we want to be serving: imap imaps pop3 pop3s
# If you only want to use dovecot-auth, you can set this to "none".
protocols = imap imaps pop3 pop3s
________________________________________________

3. Start dovecot
_______________________________________________
~]#service dovecot start
_______________________________________________

4. Ensure dove
______________________________________
~]# netstat -a egrep -i 'popimap'
tcp 0 0 *:imaps *:* LISTEN
tcp 0 0 *:pop3s *:* LISTEN
tcp 0 0 *:pop3 *:* LISTEN
tcp 0 0 *:imap *:* LISTEN
_______________________________________

Configure Linux Sendmail Client
1. Install Sendmail onto the client and ensure DNS is working properly
a) Refer to "Install Sendmail" section for installation
b) Ensure that FQDN of the mail server can be resolved.
________________________________________
~]# nslookup mail.ca.com
Server: 192.168.205.10
Address: 192.168.205.10#53

mail.ca.com canonical name = svr1.ca.com.
Name: svr1.ca.com
Address: 192.168.205.10
_____________________________________________________________

2.Configure sendmail.mc. Ensure that the option below is configured properly by pointing it to the FQDN of the mail server.
__________________________________________
~]# vi /etc/mail/sendmail.mc

define(`SMART_HOST',`mail.ca.com')
__________________________________________

3. Regenerate sendmail.cf and start sendmail
____________________________________________________
~]# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
~]# service sendmail restart
_____________________________________________________

Configure Windows Client (Microsoft Outlook 2007)
1) Start MS Outlook 2007. Cancel wizard if promted.
2) Setup the account.
a) Go to Account setting

b. Add new account

c. Check “Manually configure server settings or additional server type” and click next

d. Select “Internet E-mail” for E-mail service and click next

e.Enter the following information for E-mail settings:
i.User Information:
•Your Name: student
•E-mail Address: student@ca.com
ii.Server Information
•Account Type: POP3
•Incoming mail server: 192.168.205.10
•Outgoing mail server: mail.ca.com
iii.Login Information
•Username: student
•Password: *omitted*
f.Click on Test Account Setting to test the connectivity of the service. Click next once everything is configured properly.

Secure Shell

Secure Shell

Secure Shell is a solution that provides an open protocol for securing communication between machines. It is less complex and is a cheaper alternative as compared to many hardware solutions, e.g. VPN. SSH is a server/client solution which provides features like the command shell, file transfer and data tunneling services for TCP/IP applications. SSH provides secured authentication, encryption and data integrity to prevent security threats like password theft and man in the middle attacks.

Benefits of SSH

•User Authentication
SSH provides many alternatives that allow users or machines to be authenticated. The can range for basic shared-key authentication to secure technology like the public key authentication
•Host Authentication
Providing the client with host key and is used by the server to prove the client authenticity. This technique helps to guard again Man-in-the-middle attack.
•Data Encryption
The process of packaging of data using ciphers so provide privacy to the 2 communicating machines. SSH are able to provide this using common types of algorithms like DES, 3DES, Blowfish, AES and Twofish.
•Data Integrity
SSH ensures that the data sent are unaltered through any means within any transactions between machines. SSHv2 uses Message Authentication Code (MAC) which enhanced the current Cyclic Redundancy Check (CRC) provided by SSHv1.


Simple connection to SSH Server from Windows Client using Putty
1.Connect to the server from Windows using SSH Client (PuTTY)
• PuTTY can be downloaded from here:
_________________________________________________________
http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe
__________________________________________________________

• Configure PuTTY

1.Enter the Server IP address:
•The server IP address is: 172.20.130.28
2.Ensure that SSH is selected as the Connection Type
3.To save the configuration for easier connection in the future, give the Session a name and save it
4.Click Open to connect to the server through ssh connection.
5.Click OK to accept the (key?)
6.Login to the system

PuTTY configuration

PuTTY security Alert

2. Restrict Access
The following diagrams describe how it can be done to restrict certain hosts or domain to access the SSH server. All we have to do is to edit the hosts.deny file and add a line pointing to the source domain.

Editing of host.deny

contents of hosts.deny