ftp-http
DESCRIPTION
linuxTRANSCRIPT
RH253
Red Hat Network Services and Security Administration
Welcome!
2
Objectives
Understanding and Managing FTP Server Understanding FTP Server FTP Server Configuration
Allowing and Disallowing Users FTP Client Configuration
Accessing FTP Server Understanding and Managing HTTP Server [ Apache Server ]
Understanding Apache Web Server Hosting Web Sites
Virtual Directory Access ControlCGI Scripts
3
Understanding FTP Server
4
What is FTP?
FTP, the File Transfer Protocol, is one of the original network applications developed with the TCP/IP protocol suite. It follows the standard model for network services, as FTP requires a client and a server , the first implementations of FTP date back to 1971.
FTP set out to solve the need to publish documents and software so
that people could get them easily from other computer systems. On the
FTP server, files were organized in a directory structure; users could
connect to the server over the network ,and download files from (and
possibly upload files to) the server.
5
What is vsftpd? The Very Secure FTP ServerVery Secure FTP Server (vsFTPd) is the only FTP server software
included in the Red Hat Linux distribution , vsFTPd is becoming the FTP server of choice for sites that need to support thousands of concurrent downloads. It was also designed to secure your systems against most common attacks.
6
Configuration Files /etc/vsftpd/vsftpd.conf : Main Configuration File
/etc/vsftpd/ftpusers : Contains Users list to deny permanently
/etc/vsftpd/user_list : Contains Users list to allow or deny
FTP uses TCP ports 20 (for ftp data) & 21 (ftp program).
7
Starting vsftpd service service vsftpd startservice vsftpd start
chkconfig --level 345 vsftpd onchkconfig --level 345 vsftpd on
8
Client Side Commands
For Connecting to FTP ServerFor Connecting to FTP Server
ftp x.x.x.x
For Installing Packages from FTP serverFor Installing Packages from FTP server
rpm -ivh ftp://x.x.x.x/pub/Server/package.rpm
9
Hardening FTP Limit users to their “home directory” only. vi /etc/vsftpd/vsftpd.conf
chroot_local_user=YES
10
Limiting maximum connections
VSFTPD allows unlimited connection from the same client IP address. You
can easily force vsftpd ftp server to use limited number of connection.
There is a special directive called max_per_ip.
vi /etc/vsftpd/vsftpd.conf
max_per_ip=3
max_clients=2 ----- max simultaneous connections
11
Allowing “anonymous” upload to FTP STEP – 1: vi /etc/vsftpd/vsftpd.conf
anon_upload_enable=YES
chown_uploads=YES
chown_username=daemon
anon_umask=077
STEP -2: Create a directory under – mkdir /var/ftp/incoming
chmod 730 /var/ftp/incoming
chown root:ftp /var/ftp/incoming
STEP – 3: Set the Boolean value:
setsebool -P allow_ftpd_full_access on
service vsftpd restart
12
Understanding and Managing HTTP Server [ Apache Server ]
13
What is Apache Web Server? The WWW ( World Wide Web ), as it is known today, began as a
project of Mr. Tim Berners-LeeTim Berners-Lee at the European Center for Particle Physics (CERN). The original goal was to provide one consistent interface for geographically dispersed researchers and scientists who needed access to information in a variety of formats.
From this idea came the concept of using one client (the Web browser)
to access data (text, images, sounds, video, and binary files) from
several types of servers (HTTP, FTP and SMTP Servers )
The Apache Web ServerApache Web Server was originally based on HTTPd, a free server
from NCSA (the National Center for Supercomputing Applications)
14
Apache Main Features The stability and rapid development cycle associated with a large group
of cooperative volunteer programmers.
Full source code, downloadable at no charge.
Ease of configuration using plain-text files.
Access-control based on client host name/IP address or user
name/password combinations.
Support for server-side scripting as well as CGI scripts.
15
The Apache HTTP Server is a robust, commercial-grade open source Web
server developed by the Apache Software Foundation -- www.apache.org.
Red Hat Enterprise Linux includes the Apache HTTP Server 2.2 as well as a
number of server modules designed to enhance its functionality.
The default configuration file installed with the Apache HTTP Server works
without alteration for most situations.
16
Apache HTTP Server 2.2
There are important differences between the Apache HTTP Server 2.2 and version 2.0 (version 2.0 shipped with Red Hat Enterprise Linux 4 and earlier).
Apache HTTP Server 2.2 features the following improvements over version 2.0 :
Improved caching modules (mod_cache, mod_disk_cache, mod_mem_cache).
A new structure for authentication and authorization support, replacing the authentication modules provided in previous versions.
Support for proxy load balancing (mod_proxy_balancer)
Support for handling large files (namely, greater than 2GB) on 32-bit platforms
The following changes have been made to the default httpd configuration:
The mod_cern_meta and mod_asis modules are no longer loaded by default.
The mod_ext_filter module is now loaded by default.
17
Installing and Configuring Apache Main Configuration File
/etc/httpd/conf/httpd.conf/etc/httpd/conf/httpd.conf
Main Service to control HTTP server
httpdhttpd
18
Hosting Virtual Host Step 1: Creating Virtual host using configuration file
vi /etc/httpd/conf/httpd.confvi /etc/httpd/conf/httpd.conf
<VirtualHost 192.168.0.1><VirtualHost 192.168.0.1>ServerName station1.example.comServerName station1.example.comServerAdmin [email protected] [email protected] /var/www/html/station1DocumentRoot /var/www/html/station1DirectoryIndex index1.htmlDirectoryIndex index1.html
</VirtualHost></VirtualHost>
Step 2: Test HTTP Configuration
httpd -thttpd -t
Step 3: Starting HTTP service
service httpd restartservice httpd restart
chkconfig --level 345 httpd onchkconfig --level 345 httpd on
19
Hosting Multiple Sites Step 1: Creating Virtual host using configuration file vi /etc/httpd/conf/httpd.confvi /etc/httpd/conf/httpd.conf
NameVirtualHost 192.168.0.1NameVirtualHost 192.168.0.1 <VirtualHost 192.168.0.1><VirtualHost 192.168.0.1>
ServerName station1.example.comServerName station1.example.comServerAdmin [email protected] [email protected] /var/www/html/station1DocumentRoot /var/www/html/station1DirectoryIndex index1.htmlDirectoryIndex index1.html
</VirtualHost></VirtualHost> <VirtualHost 192.168.0.1><VirtualHost 192.168.0.1>
ServerName station1.example.comServerName station1.example.comServerAdmin [email protected] [email protected] www1.example.comServerAlias www1.example.comDocumentRoot /var/www/html/station1DocumentRoot /var/www/html/station1DirectoryIndexDirectoryIndex index2.html index2.html
</VirtualHost></VirtualHost>
20
Hosting Virtual Directory
Step 1: Creating Virtual Directory using configuration file
vi /etc/httpd/conf/httpd.confvi /etc/httpd/conf/httpd.conf
<VirtualHost 192.168.0.1><VirtualHost 192.168.0.1>ServerName station1.example.comServerName station1.example.comServerAdmin [email protected] [email protected] /var/www/html/station1DocumentRoot /var/www/html/station1DirectoryIndex index1.htmlDirectoryIndex index1.html
<Directory "/var/www/html/station1/data"><Directory "/var/www/html/station1/data">Options IndexesOptions IndexesOrder allow,denyOrder allow,denyAllow from allAllow from all
</Directory></Directory></VirtualHost></VirtualHost>
21
Control Through .htaccess Step 1: Configuring configuration file
vi /etc/httpd/conf/httpd.confvi /etc/httpd/conf/httpd.conf
<VirtualHost 192.168.0.1><VirtualHost 192.168.0.1>ServerName station1.example.comServerName station1.example.comServerAdmin [email protected] [email protected] /var/www/html/station1DocumentRoot /var/www/html/station1DirectoryIndex index1.htmlDirectoryIndex index1.html
<Directory "/var/www/html/station1/data"><Directory "/var/www/html/station1/data">
AllowOverride AuthConfigAllowOverride AuthConfig</Directory></Directory></VirtualHost></VirtualHost>
22
Control Through .htaccess Step 2: Creating .htaccess file
vi /var/www/html/station1/.htaccess
AuthName "restricted site"AuthName "restricted site"AuthType basicAuthType basicAuthUserFile /etc/httpd/htpasswdAuthUserFile /etc/httpd/htpasswd require valid-userrequire valid-user
Step 3: Adding Users to http access file
htpasswd -mc /etc/httpd/htpasswd roothtpasswd -mc /etc/httpd/htpasswd root
htpasswd -m /etc/httpd/htpasswd alokhtpasswd -m /etc/httpd/htpasswd alok
23
Using CGI Scripts Step 1: Modify httpd.conf file
<VirtualHost 192.168.0.254><VirtualHost 192.168.0.254>ServerName ServerName server1.example.comserver1.example.comServerAdmin [email protected] [email protected] /var/www/html/station1DocumentRoot /var/www/html/station1DirectoryIndex index1.htmlDirectoryIndex index1.htmlScriptAlias /cgi-bin/ /var/www/html/station1/cgi-bin/ScriptAlias /cgi-bin/ /var/www/html/station1/cgi-bin/
</VirtualHost></VirtualHost>
24
CGI Script Step 2: Create Script File
vi /var/www/html/station1/cgi-binvi /var/www/html/station1/cgi-bin
#!/bin/bash#!/bin/bash
echo Content-type: text/htmlecho Content-type: text/html
echoecho
echo "<pre>"echo "<pre>"
echo My username is:echo My username is:
whoamiwhoami
echoecho
echo My id is:echo My id is:
idid
echo "</pre>"echo "</pre>"
25
CGI Script Step 3: Assigning permission to CGI script
chmod 555 /var/www/html/station1/cgi-binchmod 555 /var/www/html/station1/cgi-bin
?Questions