ComputerSecurityStudent (CSS) [Login] [Join Now]




|UNIX >> Fedora >> Current Page |Views: 8308

(Fedora: Lesson 9)

{ Installing Apache }


Section 0. Background Information
  • What is the apache web server?
    • The Apache HTTP Server, commonly referred to as Apache, is web server software notable for playing a key role in the initial growth of the World Wide Web.
  • Pre-Requisite Lab
    1. Fedora: Lesson 1: Installing Fedora 14
     
  • Lab Notes
    • In this lab we will do the following:
      1. Install Apache Web Server.
      2. Create Apache Web Server Start Up Scripts.
      3. Configured the Firewall to allow people to view the Apache Web Server.
      4. We will create a test webpage.
  • Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • You are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
    • © 2013 No content replication of any kind is allowed without express written permission.

 

Section 1: Edit the Fedora14 Virtual Machine
  1. Open Your VMware Player
    • Instructions:
      1. On Your Host Computer, Go To
      2. Start --> All Program --> VMWare --> VMWare Player

       

  2. Edit Fedora 14 Virtual Machine Settings
    • Instructions:
      1. Highlight Fedora14
      2. Click Edit virtual machine settings

     

  3. Edit Network Adapter
    • Instructions:
      1. Highlight Network Adapter
      2. Select Bridged
      3. Click the OK Button

 

Section 1: Play Virtual Machine
  1. Start the Fedora14 VM
    • Instructions:
      1. Click on the Fedora14 VM
      2. Click on Play virtual machine

     

Section 2: Login to your Fedora14 server.
  1. Login As student
    • Instructions:
      1. Click on student
      2. Provide student password
      3. Click the Login Button
     
  2. Start Up A Terminal.
    • Instruction:
      1. Applications --> System Tools --> Terminal

     

  3. Switch User to root
    • Instruction:
      1. su - root
      2. Supply the Root Password

     

  4. Get IP Address
    • Instructions:
      1. ifconfig -a
    • Notes (FYI):
      • As indicated below, my IP address is 192.168.1.110.
      • Please record your IP address.

 

Section 3: Searching the server to see if apache is installed
  1. Is httpd installed?
    • Instructions:
      1. rpm -qa | grep httpd
    • Note(FYI):
      1. rpm, RPM Package Manager
      2. -qa, "q" means query and "a" means all.
      3. grep httpd, print lines matching the string "httpd"
      4. It is apparent that httpd is installed at version 2.2.26.1.

 

Section 4: Updating Apache
  1. List available httpd packages
    • Instructions:
      1. yum list | grep httpd
    • Note(FYI):
      1. yum, Yellowdog Updater Modified
      2. list, list all available packages
      3. grep httpd, print lines matching the string "httpd"
      4. Notice the update to httpd.i686 is 2.2.17.1.fc14.

     

  2. Let's install/update httpd
    • Instructions:
      1. yum install httpd.i686
      2. Is this ok [y/N]: y
    • Note(FYI):
      1. yum, Yellowdog Updater Modified
      2. install, specified package
      3. Since httpd is already installed on the machine, httpd will be updated to the latest version.

     

  3.  Reviewing the installation Log
    • Note(FYI):
      1. Just note that httpd and httpd-tools was updated and the installation completed successfully.

     

Section 5: Configuring httpd startup scripts
  1. Check to see which run levels have a startup script.
    • Instructions:
      1. chkconfig --list | grep httpd
    • Note(FYI):
      1. chkconfig, updates and queries runlevel information for system services.
      2. --list, lists all of the services which chkconfig knows about, and whether they are stopped or started
        in each runlevel.
      3. grep httpd, print lines matching the string "httpd"
      4. Notice all run levels do not have a httpd startup script.

     

  2. What runlevel are we in?
    • Instructions:
      1. runlevel
    • Note(FYI):
      1. The term runlevel refers to a mode of operation in one of the computer operating systems that implement Unix System V-style initialization.
      2. We are in runlevel 5.
        • 0, Halt, Shuts down the system.
        • 1, Single-user Mode, Mode for administrative tasks.
        • 2, Multi-user Mode, Does not configure network interfaces and does not export networks services.
        • 3, Multi-user Mode with Networking, Starts the system normally.
        • 4, Not used/User-definable, For special purposes.
        • 5, Start the system normally with appropriate display manager. ( with GUI ), Same as runlevel 3 + display manager.
        • 6, Reboot, Reboots the system.

     

  3. Create a startup script
    • Instructions:
      1. chkconfig httpd --level 35 on
    • Note(FYI):
      1. This will add a start up script for runlevels 3(Multi-user Mode with Networking) and 5(Same as runlevel 3 + display manager).

     

  4. Verify startup script were created
    • Instructions:
      1. chkconfig --list | grep httpd
    • Note(FYI):
      1. Notice httpd for runlevel 3 and 5 are now on.

     

  5. Verify Startup scripts have been created using the find command.
    • Instructions:
      1. find /etc/rc[0-9].d/* -name "S*httpd*"
    • Note(FYI):
      1. find /etc/rc[0-9].d/*, Search file and directories in /etc/, where rc directories need have a number after the "rc" and before the ".d".  (e.g., rd2.d).
      2. The HTTPD start up scripts start with a "S".
      3. -name "S*httpd*", means search for anything that starts with a "S" and contains httpd after the "S".

     

Section 6: Starting the Apache Web Server
  1. Is the Apache Web Server (aka, httpd) running?
    • Instruction:
      1. ps -eaf | grep -v grep | grep httpd
    • Note(FYI):
      1. ps -eaf, show all running processes
      2. grep -v grep, use "-v" to ignore the string "grep"
      3. grep httpd, display results with the string "httpd"
      4. Note, no results are found, because httpd is not running.

     

  2. Let's start up the Apache Web Server processes
    • Instruction:
      1. service httpd start
      2. ps -eaf | grep -v grep | grep httpd
    • Note(FYI):
      1. service command will execute the httpd start up script.
      2. Now we see that the Apache Web Server processes are now running.

     

Section 7: Configure the Firewall
  1. View Running Firewall Rules
    • Instruction:
      1. iptables -L
    • Note(FYI):
      1. iptables - administration tool for IPv4 packet filtering and NAT (aka, the Firewall).
      2. Notice there is a firewall rule for "ssh", but not for "http".

     

  2. View Firewall Rules File
    • Instruction:
      1. cat /etc/sysconfig/iptables
    • Note(FYI):
      1. The iptables file contains the firewall rules for the actual firewall.
      2. Notice there is a firewall rule for port 22(ssh), but not for port 80(http).

     

  3. Make Backup Copy
    • Instruction:
      1. cd /etc/sysconfig
      2. cp iptables iptables.BKP
    • Note(FYI):
      1. The /etc/sysconfig directory contains many system configuration files for the operating system, including the firewall.
      2. When making change to any configuration file, it is always a good idea to make a copy first.

     

  4. Open the iptables file
    • Instruction:
      1. gedit iptables &
      2. cp iptables iptables.BKP
    • Note(FYI):
      1. gedit - text editor for the GNOME Desktop

     

  5. Create Empty Line
    • Instruction:
      1. Place your cursor to the far right of the word ACCEPT in the line that contains port 22, and press <Enter> once.

     

  6. Add Apache Web Server Firewall Rule
    • Instruction:
      1. Place the below rule underneath the port 22(SSH) rule
        • -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
      2. Click the Save Button
      3. Click X to Close

     

  7. Restart and Flush Firewall
    • Instruction:
      1. Press <Enter>, don't worry about the gedit warning.
      2. service iptables restart

     

  8. View New Firewall Rules
    • Instruction:
      1. iptables -L
    • Note(FYI):
      1. Notice you have both ssh and http firewall rules.

 

Section 8: Apache Configuration File Explained
  1. Navigate to the Apache Configuration Directory
    • Instructions:
      1. cd /etc/httpd/conf
      2. ls -l
    • Note(FYI):
      1. This is where the Apache Webserver Configuration File (httpd.conf) resides.

     

  2. Make a httpd.conf Backup Copy
    • Instructions:
      1. cp httpd.conf httpd.conf.BKP
    • Note(FYI):
      1. It's always a good idea to make a backup copy

     

  3. Open the httpd.conf file
    • Instructions:
      1. gedit httpd.conf &

     

  4. Search for the ServerRoot Directive
    • Instructions:
      1. Search --> Find..
      2. Search for: ServerRoot "
      3. Click the Find Button

     

  5. ServerRoot Directive Explanation
    • Note(FYI):
      1. This directive The top of the directory tree under which the server's configuration, error, and log files are kept.

     

  6. Search for the Listen Directive
    • Instructions:
      1. Search --> Find..
      2. Search for: Listen 80
      3. Click the Find Button

     

  7. Listen Directive Explanation
    • Note(FYI):
      1. Allows you to bind Apache to specific IP addresses and/or # ports.

     

  8. Search for the User/Group Directive
    • Instructions:
      1. Search --> Find..
      2. Search for: User apache
      3. Click the Find Button

     

  9. User and Group Directives Explained
    • Note(FYI):
      1. These directives specifies ownerships that Apache Webserver will (aka httpd) will run under.

     

  10. Search for the ServerAdmin Directive
    • Instructions:
      1. Search --> Find..
      2. Search for: ServerAdmin root
      3. Click the Find Button

     

  11. ServerAdmin Directives Explained
    • Note(FYI):
      1. Your address, where problems with the server should be # e-mailed. This address appears on some server-generated pages, such # as error documents.
      2. e.g. admin@computersecuritystudent.com

     

  12. Search for the DocumentRoot Directive
    • Instructions:
      1. Search --> Find..
      2. Search for: DocumentRoot "
      3. Click the Find Button

     

  13. DocumentRoot Directive Explained
    • Note(FYI):
      • This directive points to the base directory in which webpages will be served to requestors.

     

  14. Prevent Cross-Site Tracing
    • Note(FYI): What is Cross-Site Tracing?
      • Cross-site tracing (XST) is a network security vulnerability exploiting the HTTP TRACE method. XST scripts exploit ActiveX, Flash, or any other controls that allow executing an HTTP TRACE request. The HTTP TRACE response includes all the HTTP headers including authentication data and HTTP cookie contents, which are then available to the script. In combination with cross domain access flaws in web browsers, the exploit is able to collect the cached credentials of any web site, including those utilizing SSL.
    • Instructions:
      1. Scroll all the way down to the last line of the file
      2. Add the following Directive
        • TraceEnable off
      3. Click the Save Button
      4. Click the X to Close

     

  15. Restart the webserver
    • Instruction:
      1. Just Press <Enter>, Ignore gedit error
      2. service httpd restart

 

Section 8: Create a basic webpage
  1. Navigate to the /var/www/html directory
    • Instruction:
      1. cd /var/www/html
      2. echo "<html>" > test.html
      3. echo "<title>Hello World</title>" >> test.html
      4. echo "`date`" >> test.html
      5. echo "<br>" >> test.html
      6. echo "Your Name" >> test.html
        • Replace the string "Your Name" with your actual name.
        • e.g., echo "John Gray"
      7. echo "</html>" >> test.html

     

  2. Change the ownerships on the index.html file
    • Instruction:
      1. ls -l test.html
      2. chown apache:apache test.html
      3. chmod 770 test.html
      4. ls -l test.html
    • Note(FYI):
      1. Notice the permission are (-rw-r--r--), which means the following:
        • -rw-, User apache has read and write permissions.
        • r--, Group apache has read permissions.
        • r--, World has read permissions.
      2. Change ownerships to user apache and group apache.
      3. Change permission to where both user apache and group apache have read,write,execute permissions.
      4. Notice the permission are (-rwxrwx---), which means the following:
        • -rwx, User apache has read,write,execute permissions.
        • rwx, Group apache has read,write,execute permissions.
        • rwx, World has NO permissions.

 

Section 9: Viewing the test.html  webpage
  1. Start Firefox
    • Instruction:
      1. Click the Firefox Icon

     

  2. View the test.html webpage
    • Instructions:
      1. Place the below link in the URL box
        • http://localhost/test.html

 

Section 10: Proof of Lab
  1. Proof of Lab
    • Instructions:
      1. netstat -nao | grep :80
      2. cat /var/www/html/test.html
      3. date
      4. echo "Your Name"
        • Replace the string "Your Name" with your actual name.
        • e.g., echo "John Gray"
    • Proof of Lab Instructions
      1. Press both the <Ctrl> and <Alt> keys at the same time.
      2. Do a <PrtScn>
      3. Paste into a word document
      4. Upload to Moodle

     

 



Help ComputerSecurityStudent
pay for continued research,
resources & bandwidth