RH253

Red Hat Network Services and Security Administration

Welcome!

2

Objectives

Understanding and Managing FTP Server Understanding FTP Server FTP Server Configuration

Allowing and Disallowing Users FTP Client Configuration

Accessing FTP Server Understanding and Managing HTTP Server [ Apache Server ]

Understanding Apache Web Server Hosting Web Sites

Virtual Directory Access ControlCGI Scripts

3

Understanding FTP Server

4

What is FTP?

FTP, the File Transfer Protocol, is one of the original network applications developed with the TCP/IP protocol suite. It follows the standard model for network services, as FTP requires a client and a server , the first implementations of FTP date back to 1971.

FTP set out to solve the need to publish documents and software so

that people could get them easily from other computer systems. On the

FTP server, files were organized in a directory structure; users could

connect to the server over the network ,and download files from (and

possibly upload files to) the server.

5

What is vsftpd? The Very Secure FTP ServerVery Secure FTP Server (vsFTPd) is the only FTP server software

included in the Red Hat Linux distribution , vsFTPd is becoming the FTP server of choice for sites that need to support thousands of concurrent downloads. It was also designed to secure your systems against most common attacks.

6

Configuration Files /etc/vsftpd/vsftpd.conf : Main Configuration File

/etc/vsftpd/ftpusers : Contains Users list to deny permanently

/etc/vsftpd/user_list : Contains Users list to allow or deny

FTP uses TCP ports 20 (for ftp data) & 21 (ftp program).

7

Starting vsftpd service service vsftpd startservice vsftpd start

chkconfig --level 345 vsftpd onchkconfig --level 345 vsftpd on

8

Client Side Commands

For Connecting to FTP ServerFor Connecting to FTP Server

ftp x.x.x.x

For Installing Packages from FTP serverFor Installing Packages from FTP server

rpm -ivh ftp://x.x.x.x/pub/Server/package.rpm

9

Hardening FTP Limit users to their “home directory” only. vi /etc/vsftpd/vsftpd.conf

chroot_local_user=YES

10

Limiting maximum connections

VSFTPD allows unlimited connection from the same client IP address. You

can easily force vsftpd ftp server to use limited number of connection.

There is a special directive called max_per_ip.

vi /etc/vsftpd/vsftpd.conf

max_per_ip=3

max_clients=2 ----- max simultaneous connections

11

Allowing “anonymous” upload to FTP STEP – 1: vi /etc/vsftpd/vsftpd.conf

anon_upload_enable=YES

chown_uploads=YES

chown_username=daemon

anon_umask=077

STEP -2: Create a directory under – mkdir /var/ftp/incoming

chmod 730 /var/ftp/incoming

chown root:ftp /var/ftp/incoming

STEP – 3: Set the Boolean value:

setsebool -P allow_ftpd_full_access on

service vsftpd restart

12

Understanding and Managing HTTP Server [ Apache Server ]

13

What is Apache Web Server? The WWW ( World Wide Web ), as it is known today, began as a

project of Mr. Tim Berners-LeeTim Berners-Lee at the European Center for Particle Physics (CERN). The original goal was to provide one consistent interface for geographically dispersed researchers and scientists who needed access to information in a variety of formats.

From this idea came the concept of using one client (the Web browser)

to access data (text, images, sounds, video, and binary files) from

several types of servers (HTTP, FTP and SMTP Servers )

The Apache Web ServerApache Web Server was originally based on HTTPd, a free server

from NCSA (the National Center for Supercomputing Applications)

14

Apache Main Features The stability and rapid development cycle associated with a large group

of cooperative volunteer programmers.

Full source code, downloadable at no charge.

Ease of configuration using plain-text files.

Access-control based on client host name/IP address or user

name/password combinations.

Support for server-side scripting as well as CGI scripts.

15

The Apache HTTP Server is a robust, commercial-grade open source Web

server developed by the Apache Software Foundation -- www.apache.org.

Red Hat Enterprise Linux includes the Apache HTTP Server 2.2 as well as a

number of server modules designed to enhance its functionality.

The default configuration file installed with the Apache HTTP Server works

without alteration for most situations.

16

Apache HTTP Server 2.2

There are important differences between the Apache HTTP Server 2.2 and version 2.0 (version 2.0 shipped with Red Hat Enterprise Linux 4 and earlier).

Apache HTTP Server 2.2 features the following improvements over version 2.0 :

Improved caching modules (mod_cache, mod_disk_cache, mod_mem_cache).

A new structure for authentication and authorization support, replacing the authentication modules provided in previous versions.

Support for proxy load balancing (mod_proxy_balancer)

Support for handling large files (namely, greater than 2GB) on 32-bit platforms

The following changes have been made to the default httpd configuration:

The mod_cern_meta and mod_asis modules are no longer loaded by default.

The mod_ext_filter module is now loaded by default.

17

Installing and Configuring Apache Main Configuration File

/etc/httpd/conf/httpd.conf/etc/httpd/conf/httpd.conf

Main Service to control HTTP server

httpdhttpd

18

Hosting Virtual Host Step 1: Creating Virtual host using configuration file

vi /etc/httpd/conf/httpd.confvi /etc/httpd/conf/httpd.conf

<VirtualHost 192.168.0.1><VirtualHost 192.168.0.1>ServerName station1.example.comServerName station1.example.comServerAdmin root@station1.example.comServerAdmin root@station1.example.comDocumentRoot /var/www/html/station1DocumentRoot /var/www/html/station1DirectoryIndex index1.htmlDirectoryIndex index1.html

</VirtualHost></VirtualHost>

Step 2: Test HTTP Configuration

httpd -thttpd -t

Step 3: Starting HTTP service

service httpd restartservice httpd restart

chkconfig --level 345 httpd onchkconfig --level 345 httpd on

19

Hosting Multiple Sites Step 1: Creating Virtual host using configuration file vi /etc/httpd/conf/httpd.confvi /etc/httpd/conf/httpd.conf

NameVirtualHost 192.168.0.1NameVirtualHost 192.168.0.1 <VirtualHost 192.168.0.1><VirtualHost 192.168.0.1>

ServerName station1.example.comServerName station1.example.comServerAdmin root@station1.example.comServerAdmin root@station1.example.comDocumentRoot /var/www/html/station1DocumentRoot /var/www/html/station1DirectoryIndex index1.htmlDirectoryIndex index1.html

</VirtualHost></VirtualHost> <VirtualHost 192.168.0.1><VirtualHost 192.168.0.1>

ServerName station1.example.comServerName station1.example.comServerAdmin root@station1.example.comServerAdmin root@station1.example.comServerAlias www1.example.comServerAlias www1.example.comDocumentRoot /var/www/html/station1DocumentRoot /var/www/html/station1DirectoryIndexDirectoryIndex index2.html index2.html

</VirtualHost></VirtualHost>

20

Hosting Virtual Directory

Step 1: Creating Virtual Directory using configuration file

vi /etc/httpd/conf/httpd.confvi /etc/httpd/conf/httpd.conf

<VirtualHost 192.168.0.1><VirtualHost 192.168.0.1>ServerName station1.example.comServerName station1.example.comServerAdmin root@station1.example.comServerAdmin root@station1.example.comDocumentRoot /var/www/html/station1DocumentRoot /var/www/html/station1DirectoryIndex index1.htmlDirectoryIndex index1.html

<Directory "/var/www/html/station1/data"><Directory "/var/www/html/station1/data">Options IndexesOptions IndexesOrder allow,denyOrder allow,denyAllow from allAllow from all

</Directory></Directory></VirtualHost></VirtualHost>

21

Control Through .htaccess Step 1: Configuring configuration file

vi /etc/httpd/conf/httpd.confvi /etc/httpd/conf/httpd.conf

<VirtualHost 192.168.0.1><VirtualHost 192.168.0.1>ServerName station1.example.comServerName station1.example.comServerAdmin root@station1.example.comServerAdmin root@station1.example.comDocumentRoot /var/www/html/station1DocumentRoot /var/www/html/station1DirectoryIndex index1.htmlDirectoryIndex index1.html

<Directory "/var/www/html/station1/data"><Directory "/var/www/html/station1/data">

AllowOverride AuthConfigAllowOverride AuthConfig</Directory></Directory></VirtualHost></VirtualHost>

22

Control Through .htaccess Step 2: Creating .htaccess file

vi /var/www/html/station1/.htaccess

AuthName "restricted site"AuthName "restricted site"AuthType basicAuthType basicAuthUserFile /etc/httpd/htpasswdAuthUserFile /etc/httpd/htpasswd require valid-userrequire valid-user

Step 3: Adding Users to http access file

htpasswd -mc /etc/httpd/htpasswd roothtpasswd -mc /etc/httpd/htpasswd root

htpasswd -m /etc/httpd/htpasswd alokhtpasswd -m /etc/httpd/htpasswd alok

23

Using CGI Scripts Step 1: Modify httpd.conf file

<VirtualHost 192.168.0.254><VirtualHost 192.168.0.254>ServerName ServerName server1.example.comserver1.example.comServerAdmin root@server1.example.comServerAdmin root@server1.example.comDocumentRoot /var/www/html/station1DocumentRoot /var/www/html/station1DirectoryIndex index1.htmlDirectoryIndex index1.htmlScriptAlias /cgi-bin/ /var/www/html/station1/cgi-bin/ScriptAlias /cgi-bin/ /var/www/html/station1/cgi-bin/

</VirtualHost></VirtualHost>

24

CGI Script Step 2: Create Script File

vi /var/www/html/station1/cgi-binvi /var/www/html/station1/cgi-bin

#!/bin/bash#!/bin/bash

echo Content-type: text/htmlecho Content-type: text/html

echoecho

echo "<pre>"echo "<pre>"

echo My username is:echo My username is:

whoamiwhoami

echoecho

echo My id is:echo My id is:

idid

echo "</pre>"echo "</pre>"

25

CGI Script Step 3: Assigning permission to CGI script

chmod 555 /var/www/html/station1/cgi-binchmod 555 /var/www/html/station1/cgi-bin

?Questions