ftp-http

26
RH253 Red Hat Network Services and Security Administration Welcome!

Upload: vibhor-sharma

Post on 21-Jul-2016

4 views

Category:

Documents


1 download

DESCRIPTION

linux

TRANSCRIPT

Page 1: ftp-http

RH253

Red Hat Network Services and Security Administration

Welcome!

Page 2: ftp-http

2

Objectives

Understanding and Managing FTP Server Understanding FTP Server FTP Server Configuration

Allowing and Disallowing Users FTP Client Configuration

Accessing FTP Server Understanding and Managing HTTP Server [ Apache Server ]

Understanding Apache Web Server Hosting Web Sites

Virtual Directory Access ControlCGI Scripts

Page 3: ftp-http

3

Understanding FTP Server

Page 4: ftp-http

4

What is FTP?

FTP, the File Transfer Protocol, is one of the original network applications developed with the TCP/IP protocol suite. It follows the standard model for network services, as FTP requires a client and a server , the first implementations of FTP date back to 1971.

FTP set out to solve the need to publish documents and software so

that people could get them easily from other computer systems. On the

FTP server, files were organized in a directory structure; users could

connect to the server over the network ,and download files from (and

possibly upload files to) the server.

Page 5: ftp-http

5

What is vsftpd? The Very Secure FTP ServerVery Secure FTP Server (vsFTPd) is the only FTP server software

included in the Red Hat Linux distribution , vsFTPd is becoming the FTP server of choice for sites that need to support thousands of concurrent downloads. It was also designed to secure your systems against most common attacks.

Page 6: ftp-http

6

Configuration Files /etc/vsftpd/vsftpd.conf : Main Configuration File

/etc/vsftpd/ftpusers : Contains Users list to deny permanently

/etc/vsftpd/user_list : Contains Users list to allow or deny

FTP uses TCP ports 20 (for ftp data) & 21 (ftp program).

Page 7: ftp-http

7

Starting vsftpd service service vsftpd startservice vsftpd start

chkconfig --level 345 vsftpd onchkconfig --level 345 vsftpd on

Page 8: ftp-http

8

Client Side Commands

For Connecting to FTP ServerFor Connecting to FTP Server

ftp x.x.x.x

For Installing Packages from FTP serverFor Installing Packages from FTP server

rpm -ivh ftp://x.x.x.x/pub/Server/package.rpm

Page 9: ftp-http

9

Hardening FTP Limit users to their “home directory” only. vi /etc/vsftpd/vsftpd.conf

chroot_local_user=YES

Page 10: ftp-http

10

Limiting maximum connections

VSFTPD allows unlimited connection from the same client IP address. You

can easily force vsftpd ftp server to use limited number of connection.

There is a special directive called max_per_ip.

vi /etc/vsftpd/vsftpd.conf

max_per_ip=3

max_clients=2 ----- max simultaneous connections

Page 11: ftp-http

11

Allowing “anonymous” upload to FTP STEP – 1: vi /etc/vsftpd/vsftpd.conf

anon_upload_enable=YES

chown_uploads=YES

chown_username=daemon

anon_umask=077

STEP -2: Create a directory under – mkdir /var/ftp/incoming

chmod 730 /var/ftp/incoming

chown root:ftp /var/ftp/incoming

STEP – 3: Set the Boolean value:

setsebool -P allow_ftpd_full_access on

service vsftpd restart

Page 12: ftp-http

12

Understanding and Managing HTTP Server [ Apache Server ]

Page 13: ftp-http

13

What is Apache Web Server? The WWW ( World Wide Web ), as it is known today, began as a

project of Mr. Tim Berners-LeeTim Berners-Lee at the European Center for Particle Physics (CERN). The original goal was to provide one consistent interface for geographically dispersed researchers and scientists who needed access to information in a variety of formats.

From this idea came the concept of using one client (the Web browser)

to access data (text, images, sounds, video, and binary files) from

several types of servers (HTTP, FTP and SMTP Servers )

The Apache Web ServerApache Web Server was originally based on HTTPd, a free server

from NCSA (the National Center for Supercomputing Applications)

Page 14: ftp-http

14

Apache Main Features The stability and rapid development cycle associated with a large group

of cooperative volunteer programmers.

Full source code, downloadable at no charge.

Ease of configuration using plain-text files.

Access-control based on client host name/IP address or user

name/password combinations.

Support for server-side scripting as well as CGI scripts.

Page 15: ftp-http

15

The Apache HTTP Server is a robust, commercial-grade open source Web

server developed by the Apache Software Foundation -- www.apache.org.

Red Hat Enterprise Linux includes the Apache HTTP Server 2.2 as well as a

number of server modules designed to enhance its functionality.

The default configuration file installed with the Apache HTTP Server works

without alteration for most situations.

Page 16: ftp-http

16

Apache HTTP Server 2.2

There are important differences between the Apache HTTP Server 2.2 and version 2.0 (version 2.0 shipped with Red Hat Enterprise Linux 4 and earlier).

Apache HTTP Server 2.2 features the following improvements over version 2.0 :

Improved caching modules (mod_cache, mod_disk_cache, mod_mem_cache).

A new structure for authentication and authorization support, replacing the authentication modules provided in previous versions.

Support for proxy load balancing (mod_proxy_balancer)

Support for handling large files (namely, greater than 2GB) on 32-bit platforms

The following changes have been made to the default httpd configuration:

The mod_cern_meta and mod_asis modules are no longer loaded by default.

The mod_ext_filter module is now loaded by default.

Page 17: ftp-http

17

Installing and Configuring Apache Main Configuration File

/etc/httpd/conf/httpd.conf/etc/httpd/conf/httpd.conf

Main Service to control HTTP server

httpdhttpd

Page 18: ftp-http

18

Hosting Virtual Host Step 1: Creating Virtual host using configuration file

vi /etc/httpd/conf/httpd.confvi /etc/httpd/conf/httpd.conf

<VirtualHost 192.168.0.1><VirtualHost 192.168.0.1>ServerName station1.example.comServerName station1.example.comServerAdmin [email protected] [email protected] /var/www/html/station1DocumentRoot /var/www/html/station1DirectoryIndex index1.htmlDirectoryIndex index1.html

</VirtualHost></VirtualHost>

Step 2: Test HTTP Configuration

httpd -thttpd -t

Step 3: Starting HTTP service

service httpd restartservice httpd restart

chkconfig --level 345 httpd onchkconfig --level 345 httpd on

Page 19: ftp-http

19

Hosting Multiple Sites Step 1: Creating Virtual host using configuration file vi /etc/httpd/conf/httpd.confvi /etc/httpd/conf/httpd.conf

NameVirtualHost 192.168.0.1NameVirtualHost 192.168.0.1 <VirtualHost 192.168.0.1><VirtualHost 192.168.0.1>

ServerName station1.example.comServerName station1.example.comServerAdmin [email protected] [email protected] /var/www/html/station1DocumentRoot /var/www/html/station1DirectoryIndex index1.htmlDirectoryIndex index1.html

</VirtualHost></VirtualHost> <VirtualHost 192.168.0.1><VirtualHost 192.168.0.1>

ServerName station1.example.comServerName station1.example.comServerAdmin [email protected] [email protected] www1.example.comServerAlias www1.example.comDocumentRoot /var/www/html/station1DocumentRoot /var/www/html/station1DirectoryIndexDirectoryIndex index2.html index2.html

</VirtualHost></VirtualHost>

Page 20: ftp-http

20

Hosting Virtual Directory

Step 1: Creating Virtual Directory using configuration file

vi /etc/httpd/conf/httpd.confvi /etc/httpd/conf/httpd.conf

<VirtualHost 192.168.0.1><VirtualHost 192.168.0.1>ServerName station1.example.comServerName station1.example.comServerAdmin [email protected] [email protected] /var/www/html/station1DocumentRoot /var/www/html/station1DirectoryIndex index1.htmlDirectoryIndex index1.html

<Directory "/var/www/html/station1/data"><Directory "/var/www/html/station1/data">Options IndexesOptions IndexesOrder allow,denyOrder allow,denyAllow from allAllow from all

</Directory></Directory></VirtualHost></VirtualHost>

Page 21: ftp-http

21

Control Through .htaccess Step 1: Configuring configuration file

vi /etc/httpd/conf/httpd.confvi /etc/httpd/conf/httpd.conf

<VirtualHost 192.168.0.1><VirtualHost 192.168.0.1>ServerName station1.example.comServerName station1.example.comServerAdmin [email protected] [email protected] /var/www/html/station1DocumentRoot /var/www/html/station1DirectoryIndex index1.htmlDirectoryIndex index1.html

<Directory "/var/www/html/station1/data"><Directory "/var/www/html/station1/data">

AllowOverride AuthConfigAllowOverride AuthConfig</Directory></Directory></VirtualHost></VirtualHost>

Page 22: ftp-http

22

Control Through .htaccess Step 2: Creating .htaccess file

vi /var/www/html/station1/.htaccess

AuthName "restricted site"AuthName "restricted site"AuthType basicAuthType basicAuthUserFile /etc/httpd/htpasswdAuthUserFile /etc/httpd/htpasswd require valid-userrequire valid-user

Step 3: Adding Users to http access file

htpasswd -mc /etc/httpd/htpasswd roothtpasswd -mc /etc/httpd/htpasswd root

htpasswd -m /etc/httpd/htpasswd alokhtpasswd -m /etc/httpd/htpasswd alok

Page 23: ftp-http

23

Using CGI Scripts Step 1: Modify httpd.conf file

<VirtualHost 192.168.0.254><VirtualHost 192.168.0.254>ServerName ServerName server1.example.comserver1.example.comServerAdmin [email protected] [email protected] /var/www/html/station1DocumentRoot /var/www/html/station1DirectoryIndex index1.htmlDirectoryIndex index1.htmlScriptAlias /cgi-bin/ /var/www/html/station1/cgi-bin/ScriptAlias /cgi-bin/ /var/www/html/station1/cgi-bin/

</VirtualHost></VirtualHost>

Page 24: ftp-http

24

CGI Script Step 2: Create Script File

vi /var/www/html/station1/cgi-binvi /var/www/html/station1/cgi-bin

#!/bin/bash#!/bin/bash

echo Content-type: text/htmlecho Content-type: text/html

echoecho

echo "<pre>"echo "<pre>"

echo My username is:echo My username is:

whoamiwhoami

echoecho

echo My id is:echo My id is:

idid

echo "</pre>"echo "</pre>"

Page 25: ftp-http

25

CGI Script Step 3: Assigning permission to CGI script

chmod 555 /var/www/html/station1/cgi-binchmod 555 /var/www/html/station1/cgi-bin

Page 26: ftp-http

?Questions