W S M S

WEB SERVER
Maintenance and Security
Jan. 2012

Manual

Secure Web server

LATEST NEWS & TIPS

Plus: Step by step

Downloads

Security

Purpl eaters
LINUX Fedora 16
UPDATE NOW!!!
Version 3.1.0-7.fc16.x86_64 KDE

P ople

HIRE THE BEST AROUND

Ericka Arguedas
Graphic Design

FLOW CHART
An all you need to know beginners guide to understanding LINUX FEDORA 16 KDE 64bit WEB SEVER Installation, Maintenance and Security.
Review Requirements

Authors:
Manny Arao E ricka Arguedas Rober t Arroyo Al Fernandez

Name project Team name Assign tasks Build VM Install sof tware

Build modules Testing Documentation Publish Present

TABLE OF CONTENTS
1. Fedora Installation 2. Fedora Update 4. Xinetd 3. Httpd/IP Tables 5. Log Check/Log Rotate 6. Tripwire 7. Webmin 9. Xampp

8. Workbench 10. Xampp Update 1 1. Blue Fish 12. Drupal

13. Adding New Users 14. 2 Websites on 1 IP 15. SSL Certificate 17. Resources

16. Software Licensing

EDORA

INSTALLATION
FEDORA is a Linux-based operating system, a suite of software that makes your computer run. You can use the Fedora operating system to replace or to run alongside of other operating systems such as Microsoft Windows or Mac OS X. The Fedora operating system is 100% free of cost for you to enjoy and share.

1. We begin by installing the latest version, which is FEDORA 16.

2. We select the first choice:

64-bit version for FEDORA 16 with GUI (Graphic User Interface)

3. When the welcome screen appears, we click the Forward button in the right lower corner to continue.

4. This is the License Agreement, read and click Forward to proceed.

5. Now we need to create a username and password. Clicking Forward to continue.

6. We now have our username and created a fairly strong password (as indicated by the yellow bar on the right) Click Forward.

7. Next, we set the date and time and then click Forward to continue.

8. On this screen, it asks to submit the profile, select Do not send hardware because we are using a virtual machine.

9. We get a confirmation screen, because we are not sending the profile. Click Finish.

10. The next screen takes us to the FEDORA 16 login screen, where we enter the username and password.

11. FEDORA has now started and we are ready to begin the update process.

EDORA UPDAT

INSTALLATION
Live Media cant be used to upgrade Fedora installations. Instead, you can upgrade Fedora right from your desktop. Do this by using Pre-upgrade - it will install the packages you need and upgrade your version of Fedora.

yum it
1. We want to ensure that we have the latest updates, so we will begin the process by starting a terminal window and typing: su to gain root privileges. From there, we can YUM install it by typing yum update and clicking Enter.

y
2. Now we are ready to begin the install process. It will ask if us if we want to download it? Select y for yes and click Enter

3. The process will begin, it might take a few minutes depending on connection speed.

4. Now it will begin the update process. Again, it might take a few minutes.

5. When the update is successful, we will get a message that says Complete!

6. Now we select the latest update version Fedora (3.1.6-1.fc16.x86_64) and the log in screen will come up.

TTPD IPTABLE

INSTALLATION
HTTPD stands for Hypertext Transfer Protocol Daemon (i.e. web server), a software program that runs in the background of a Web server and waits for incoming server requests. The daemon answers the requests automatically and serves the hypertext and multimedia documents over the Internet using HTTP. IPTABLES is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. Several different tables may be defined. Each table contains a number of built-in chains and may also contain user-defined chains. Each chain is a list of rules which can match a set of packets. Each rule specifies what to do with a packet that matches. This is called a `target, which may be a jump to a user-defined chain in the same table.

yum it
1. We begin by opening a terminal and using YUM, syntax: yum install httpd, click Enter

y
2. Installing package httpd.x86.64 0:2.2.21 - 1.fc16 It will ask if we want to download, and we select y for yes, then click Enter

3. When the update is successful, we will get a message that says: Complete! Package has been installed!

http-v
4. Verify that HTTPD has been installed by typing: httpd -v. Then click Enter Apache/2.2.21 (Unix) Sep 13 2011 12:26:57

1. Open terminal and type: yum install iptables Looks like IPTABLES is already installed!

INETD

INSTALLATION
XINETD starts programs that provide internet services that it based on TCP/IP services. Instead of having all such servers started at system initialization time and be dormant until a connection request arrives, xinetd is the only daemon process started and it listens on all service ports for the services listed in its configuration file. When a request comes in, xinetd starts the appropriate server. Because of the way it operates, xinetd (as well as inetd) is also referred to as a super-server.

Installing package xinetd.x86_64 2:2.3.14-37.fc16 Installed on 1/4/2011 1. Open terminal and type: yum install xinetd Then, click Enter

y
2. Installing XINETD package It will ask if we want to download, select y for yes. Then, click Enter

3. Installation complete!

INSTALLATION
LOGCHECK parses system logs and generates email reports based on anomalies. Anomalies can be defined by users with violations files. It differentiates between Active System Attacks, Security Violations, and Unusual Activity, and is smart enough to remember where in the log it stopped processing to improve efficiency. It can also warn when log files shrink, and does not report errors when they are rotated. LOGROTATE is designed to ease administration of systems that generate large numbers of log files. It allows automatic rotation, compression, removal, and mailing of log files. Each log file may be handled daily, weekly, monthly, or when it grows too large.

OGROTATE OGCHECK

yum it
1. We begin by opening a terminal and typing: yum install logrotate, then click Enter

2. Looks like LOGROTATE is already installed!

yum it
3. Open a new terminal and type: yum install logcheck, then click Enter

y
4. Installing LOGCHECK packages It will ask if we want to download, select y for yes. Click Enter

5. Installation complete!

RIPWIRE

INSTALLATION
TRIPWIRE is an intrusion detection system (IDS), which, constantly and automatically, keeps your critical system files and reports under control if they have been destroyed or modified by a cracker (or by mistake). It allows the system administrator to know immediately what was compromised and fix it. The first time Tripwire is run it stores checksums, exact sizes and other data of all the selected files in a database. The successive runs check whether every file still matches the information in the database and report all changes.

yum it
1. Open a new terminal and install TRIPWIRE using the YUM command, syntax: yum install tripwire, then click Enter

y
2. Installing TRIPWIRE package. It will ask if we want to download, select y for yes. Click Enter

3. TRIPWIRE packages are being installed now.

4. Installation complete!

EBMIN

INSTALLATION
WEBMIN is a web-based interface for system administration for Unix. Using any browser that supports tables and forms (and Java for the File Manager module), you can setup user accounts, Apache, DNS, file sharing and so on. Webmin consists of a simple web server, and a number of CGI programs which directly update system files like /etc/inetd.conf and /etc/passwd. The web server and all CGI programs are written in Perl version 5, and use no non-standard Perl modules.

1. Install WEBMIN using RPM. (Red Hat Package Manager) You can download the latest WEBMIN version at http://webmin.com/download.html

2. Once we are done downloading the file, double click it.

3. Type in the root password to authorize the install.

4. Type password and check the remember authorization box. Click OK to continue.

5. It will then ask you if you want to proceed with the installation. Click Yes to allow it.

6. Once all the packages are installed, click Continue

7. Enter the username and password. Click Login

8. You will then be logged into WEBMIN

9. WEBMIN platform

INSTALLATION
MySQL WORKBENCH simplifies database design and maintenance, automates time-consuming and error-prone tasks, and improves communication among DBA and developer teams. It enables data architects to visualize requirements, communicate with stakeholders, and resolve design issues before a major investment of time and resources is made. It enables model-driven database design, which is the most efficient methodology for creating valid and well-performing databases, while providing the flexibility to respond to evolving business requirements. Model and Schema Validation utilities enforce best practice standards for data modeling, also enforce MySQLspecific physical design standards so no mistakes are made when building new ER diagrams or generating physical MySQL databases.

ORKBENC

1. Install WORKBENCH using GUI. You can download the latest WORKBENCH version at http://dev.mysql.com/downloads/workbench/

2. Go to Start button, then Applications, select Utilities

3. Go to Administration

4. Click Software Management.

5. Select Applications.

6. A search box will open up.

7. Type workbench and scan through packages.

8. Select mysql-workbench - A MySQL Visual database modeling and query 5.2.36-4fc16 (or latest version) Then, click Install and Apply to continue.

9. A new box showing us the different packages to be install will appear. Click Continue

10. Let the installation begin.

11. Let the installation continue on.

12. The following screen box will appear letting us know that the application was installed and asking us if we want to launch it at this time by clicking on its icon. Click Close instead.

13. A list of the software installed will show up once again under Applications. We will see mysql-workbench - A MySQL Visual database modeling and query 5.2.36-4fc16 (or latest version) installed and checked by a green arrow.

AMPP

INSTALLATION
XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. XAMPP is really very easy to install and to use - just download, extract and start. XAMPP for Linux The distribution for Linux systems (tested for SuSE, RedHat, Mandrake and Debian) contains: Apache, MySQL, PHP & PEAR, Perl, ProFTPD, phpMyAdmin, OpenSSL, GD, Freetype2, libjpeg, libpng, gdbm, zlib, expat, Sablotron, libxml, Ming, Webalizer, pdf class, ncurses, mod_perl, FreeTDS, gettext, mcrypt, mhash, eAccelerator, SQLite and IMAP C-Client.

1. We installed XAMPP using a tar.gz file. (single archive file containing many files)
Make sure you stop the previous Apache(httpd) installation before initiating this one, since it creates conflict because Apache is part of the Xampp package. (ser vice httpd stop, /etc/init.d/httpd stop, apachectl -k stop or apachectl -k graceful)

Tar file installation: pwd cd /home/purpleteam/Downloads ls cp xampp-linux-1.7.7.tar.gz cp xampp-linux-1.7.7.tar.gz /opt xampp-linux-1.7.7.tar.gz cd /opt ls tar xvfz xampp-linux -1.7.7.tar.gz -C opt Location: cd /opt/lampp/ in the terminal then ls to list folders within directory.

2. Type: ./ lampp start and click Enter to start Lampp.

3. We encounter an error due to that we installed Fedora KDE 64 bit version. It is asking us to download a 32 bit compatibility library to fix the issue.

yum it
4. Type the following: yum install glibc.i686 libgcc.i686 libstdc++.i686 Click Enter

y
5. Installing XAMPP package! It will ask if we want to download, and we select y for yes, then click Enter

6. Installation complete!

7. Download process of the original tar file continues.

8. Open a new terminal and go to the directory where LAMPP is located by typing: cd /opt/lampp Then, type: ./lampp start to start it up.

9. LAMPP starting process will be displayed as above.

AMPP UPDAT

INSTALLATION
With a NEW XAMPP version, there is normally an upgrade package too. Additionally, we have sometimes small patches between the releases. An upgrade is always problematically and there can be errors in the upgrade process. Because of this, you should always make a backup from your XAMPP folder before you upgrade it. We are trying to adjust your configuration files during the upgrade progress, if necessary. Especially if a new XAMPP have a lot of changes compared to the old one, we are providing no upgrade package for security reasons. Sorry. As with the add-ons, install the upgrade directly into the XAMPP directory (e.g. C:\xampp). And you must also start the setup script setup_xampp.bat.

1. We installed XAMPP using YUM. Type: cd /opt/lampp/ in the terminal, then ls to list folders within directory.

2. Start LAMPP by typing: ./lampp start Once again, we encounter an error due to that we installed Fedora KDE 64 bit version. It is asking us to download a 32 bit compatibility library to fix the issue. Type yum install glibc.i686 libgcc.i686 libstdc++.i686 to fix the issue. We will receive a notice asking us to stop the running process or pid 1833 to allow the packages to be installed.

3. Next, type kill 1833 and click Enter Type: yum install glibc.i686 libgcc.i686 libstdc++.i686 and click Enter to set up the installing process.

y
4. Next, It will ask if we want to download, and we select y for yes, then click Enter

5. Installing XAMPP update package!

6. Installation complete!

7. Start LAMPP by typing: ./lampp start in terminal.

LUE FISH

INSTALLATION
BLUEFISH is a powerful editor targeted towards programmers and webdevelopers, with many options to write websites, scripts and programming code. Bluefish supports many programming and markup languages. See features for an extensive overview, take a look at the screenshots, or download it right away. Bluefish is an open source development project, released under the GNU GPL licence. Bluefish is a multi-platform application that runs on most desktop operating systems including Linux, FreeBSD, MacOS-X, Windows, OpenBSD and Solaris..

yum it
1. Open a new terminal and go to: root@localhost/sbin and type: yum install bluefish. Click Enter This begins the installation process for bluefish.x86_64 version 2.0.3.5.fc16

y
2. Type y and Enter to begin the installation of Bluefish RPM files.

3. BLUEFISH packages installed.

4. Installation Complete!

RUPAL

INSTALLATION

DRUPAL is open source software maintained and developed by a community of 630,000+ users and developers. Its distributed under the terms of the GNU General Public License (or GPL), which means anyone is free to download it and share it with others. This open development model means that people are constantly working to make sure Drupal is a cutting-edge platform that supports the latest technologies that the Web has to offer. The Drupal projects principles encourage modularity, standards, collaboration, ease-of-use, and more.

1. We downloaded DRUPAL manually using a tar file. (single archive file containing many files) We used the search engine to find the latest version of Drupal for Linux. We downloaded the latest version of drupal.7.10.gz in root@localhost/purpleteam/Downloads Next, type the following in the command line: tar -xzvf drupal-7.10.tar.gz -C /opt/lampp/htdocs

2. Installing DRUPAL 7.10

DDING NEW USER

INSTALLATION
FEDORA 16 adding a new user is a breeze when using the Fedora GUI configuration or terminal. On the first part of this section, follow the beginning 10 steps to add a new user though GUI. On the a second part, you learn the steps to adding a new user through the command line.

1. Open the Start menu at the bottom left corner.

2. Go to Applications to open up the menu.

3. Click on Authentication at the top of the menu.

4. Type the Password in the box and click OK.

5. Click on the username configuration choice to continue.

6. The following screen will appear.

7. Add the correct information and password confirmation and click OK to continue the process.

8. Click on the administrative user choice to continue.

9. Click OK to confirm the User Properties.

10. This screen will allow you choices. In this case, click on root and OK to continue.

sudo
1. You can also ADD USERS through the terminal by typing: sudo useradd -c Firstname Lastname Name Click Enter

2. Enter the root password and click Enter

3. The user manager screen will come up and the username and id should have been added it to the list.

WEBSITES ON 1 I

INSTALLATION
2 WEBSITES ON 1 IP follow along and learn how it is done!

1. Go to terminal and acess root by typing: su and password. Then type: mkdir -p /var/www/purpleteam Click Enter to create an user in the directory.

2. Next type: mkdir -p /var/www/purplepeople Click Enter to create another user in the directory.

3. Next type:

cd /etc/httpd/conf then, Enter ls

Click Enter to access and list your current directory.

4. Next type the following to find the right directory, list it, make a back up file, list the back up file and enter vi: cd /etc/httpd/conf ls cp httpd.conf httpd.conf.bak ls vi httpd.conf Click Enter

5. Read the configuration and instruction files.

6. Closely read section 3: Virtual Hosts and find the documentation details at: <URL:httpd://httpd.apache.org/docs/2.2/vhosts/> Use the command line option -s to verify your virtual host configuration.

:wq
7. Write the following syntax to set up the names for the 2 sites allowing us to host them on 1 IP. Save it and exit vi by clicking ESC and typing wq or zz then Enter to go back to command mode

8. Type cd /etc/ and Enter to list the programs in the current directory.

9. The following will be listed.

10. Next type: cp hosts hosts.bak to create a back up file. Then type: vi hosts and Enter

11. The following will be listed.

SL CERTIFICAT

INSTALLATION
SSL CERTIFICATE follow along and learn how it gets done.

1. Open new terminal and type: openssl genrsa -des3 -out server .key 1024 Click Enter to generate private key

2. Open new terminal and type: openssl req -new -key server .key -out server.csr Next, enter pass phrase and read about what you need to enter next: Some fields can be left blank by typing: . Country: State: City: Company: Name: Email: And so on...

3. Open new terminal and type: openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt This will sign and create the signature. Next, enter pass phrase and it will be done! Test it by typing: localhost https://localhost/ in adresse bar.

SOFTWARE LICENSING
Name: FEDORA 16 KDE 64 bit
Version: Fedora -16-i686-Live-Desktop.iso License: Red Hat under a Creative Commons AttributionShare Alike 3.0 Unported license (CC-BY-SA).... Using The KNetworkManager Applet in KDE Date: 01/04/2012 Method: GUI Link: http://mirror.metrocast.net Update: yes

Name: HTTPD
Version: httpd.x86_64 0:2.2.21-1.fc16 License: GNU General Public License Date: 01/04/2012 Method: YUM Link: http://apache.org Update: no

Name: IP TABLES
Version: Iptables-1.4.12-2.fc16.x86_64 License: GNU General Public License Date: 01/04/2012 Method: YUM Link: Already installed in Fedora 16 Update: no

Name: LOGROTATE
Version: logrotate-3.8.0-3.fc16.x86_64 License: GNU General Public License Date: 01/04/2012 Method: YUM Link: hthttp://sourceforge.net/projects/logrotate/ Update: no

Name: LOGCHECK
Version: logcheck.noarch 0:1.3.14-4.fc16 License: GNU General Public License Date: 01/04/2012 Method: YUM Link: http://sourceforge.net/projects/logcheck/ Update: no

Name: TRIPWIRE
Version: tripwire .x86_64 0:2.4.1.2-11.FC12 License: GNU General Public License

Date: 01/04/2012 Method: YUM Link: http://sourceforge.net/tripwire/ Update: no

Name: WEBMIN
Version: webmin-1.570-1.noarch.rpm License: BSD License Date: 01/04/2012 Method: YUM Link: http://sourceforge.net/tripwire/ Update: no

Name: WORKBENCH
Version: Fedora version.15 (x86,64bit), RPM Package License: Open source GPL License Date: 01/04/2012 Method: GUI Link: http://dev.mysql.com/downloads/workbench/ Update: no

Name: XAMPP
Version: xampp-linux-1.7.7.tar.gz License: GNU General Public License Date: 01/04/2012 Method: TAR FILE Link: www.apachefriends.org/en/xampp-linux.html Update: yes

Name: BLUEFISH
Version: bluefish.x86_64 version 2.0.3.5.fc16 License: GNU GPL License Date: 01/04/2012 Method: YUM Link: bluefish.openoffice.nl/index.html Update: yes

Name: DRUPAL
Version: Drupal-7.10.tar.gz License: Creative Commons License, Attribbution-ShareAlike2.0 Date: 01/04/2012 Method: TAR FILE Link: www.drupal.org Update: no

RESOURCES
http://www.linuxjournal.com/article/8758 http://fedoraproject.org/ http://www.linuxforums.org/forum/linux-tutorials-howtos-reference-material/5022-linux-directory-structure-overview.html http://www.yolinux.com/TUTORIALS/unix_for_dos_users.html http://acs.ucsd.edu/info/vi_tutorial.shtml http://linuxcommand.org/writing_shell_scripts.php http://www.gnu.org/licenses/gpl.html http://creativecommons.org/licenses/ http://en.wikipedia.org/wiki/Virtual_machine http://www.webmin.com/ http://www.mysql.com/products/workbench/design/ http://www.apachefriends.org/en/xampp-windows.html#1175 http://linuxcommand.org/man_pages/logrotate8.html http://www.debianhelp.co.uk/logcheck.htm http://www.xinetd.org/faq.html http://www.linuxhelp.net/guides/cron/ http://linuxers.org/howto/howto-use-logrotate-manage-log-files http:// logcheck.org/ http://www.tripwire.org/ http://en.wikipedia.org/wiki/Sudo http://www.sudo.ws/sudo/sudo.man.html http://en.wikipedia.org/wiki/List_of_router_or_firewall_distributions http://www.puschitz.com/FirewallAndRouters.shtml http://www.snort.org/ http://www.yolinux.com/TUTORIALS/LinuxSecurityTools.html https://modules.apache.org/ http://bluefish.openoffice.nl/index.html http://devzone.zend.com/6/php-101-php-for-the-absolute-beginner/ http://drupal.org/

Ericka Arguedas
Graphic Design

Ericka Arguedas
Graphic Design