Professional Documents
Culture Documents
WEB SERVER
Maintenance and Security
Jan. 2012
Manual
Security
Purpl eaters
LINUX Fedora 16
UPDATE NOW!!!
Version 3.1.0-7.fc16.x86_64 KDE
P ople
Ericka Arguedas
Graphic Design
FLOW CHART
An all you need to know beginners guide to understanding LINUX FEDORA 16 KDE 64bit WEB SEVER Installation, Maintenance and Security.
Review Requirements
Authors:
Manny Arao E ricka Arguedas Rober t Arroyo Al Fernandez
Name project Team name Assign tasks Build VM Install sof tware
TABLE OF CONTENTS
1. Fedora Installation 2. Fedora Update 4. Xinetd 3. Httpd/IP Tables 5. Log Check/Log Rotate 6. Tripwire 7. Webmin 9. Xampp
13. Adding New Users 14. 2 Websites on 1 IP 15. SSL Certificate 17. Resources
EDORA
INSTALLATION
FEDORA is a Linux-based operating system, a suite of software that makes your computer run. You can use the Fedora operating system to replace or to run alongside of other operating systems such as Microsoft Windows or Mac OS X. The Fedora operating system is 100% free of cost for you to enjoy and share.
3. When the welcome screen appears, we click the Forward button in the right lower corner to continue.
6. We now have our username and created a fairly strong password (as indicated by the yellow bar on the right) Click Forward.
7. Next, we set the date and time and then click Forward to continue.
8. On this screen, it asks to submit the profile, select Do not send hardware because we are using a virtual machine.
9. We get a confirmation screen, because we are not sending the profile. Click Finish.
10. The next screen takes us to the FEDORA 16 login screen, where we enter the username and password.
11. FEDORA has now started and we are ready to begin the update process.
EDORA UPDAT
INSTALLATION
Live Media cant be used to upgrade Fedora installations. Instead, you can upgrade Fedora right from your desktop. Do this by using Pre-upgrade - it will install the packages you need and upgrade your version of Fedora.
yum it
1. We want to ensure that we have the latest updates, so we will begin the process by starting a terminal window and typing: su to gain root privileges. From there, we can YUM install it by typing yum update and clicking Enter.
y
2. Now we are ready to begin the install process. It will ask if us if we want to download it? Select y for yes and click Enter
3. The process will begin, it might take a few minutes depending on connection speed.
4. Now it will begin the update process. Again, it might take a few minutes.
5. When the update is successful, we will get a message that says Complete!
6. Now we select the latest update version Fedora (3.1.6-1.fc16.x86_64) and the log in screen will come up.
TTPD IPTABLE
INSTALLATION
HTTPD stands for Hypertext Transfer Protocol Daemon (i.e. web server), a software program that runs in the background of a Web server and waits for incoming server requests. The daemon answers the requests automatically and serves the hypertext and multimedia documents over the Internet using HTTP. IPTABLES is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. Several different tables may be defined. Each table contains a number of built-in chains and may also contain user-defined chains. Each chain is a list of rules which can match a set of packets. Each rule specifies what to do with a packet that matches. This is called a `target, which may be a jump to a user-defined chain in the same table.
yum it
1. We begin by opening a terminal and using YUM, syntax: yum install httpd, click Enter
y
2. Installing package httpd.x86.64 0:2.2.21 - 1.fc16 It will ask if we want to download, and we select y for yes, then click Enter
3. When the update is successful, we will get a message that says: Complete! Package has been installed!
http-v
4. Verify that HTTPD has been installed by typing: httpd -v. Then click Enter Apache/2.2.21 (Unix) Sep 13 2011 12:26:57
1. Open terminal and type: yum install iptables Looks like IPTABLES is already installed!
INETD
INSTALLATION
XINETD starts programs that provide internet services that it based on TCP/IP services. Instead of having all such servers started at system initialization time and be dormant until a connection request arrives, xinetd is the only daemon process started and it listens on all service ports for the services listed in its configuration file. When a request comes in, xinetd starts the appropriate server. Because of the way it operates, xinetd (as well as inetd) is also referred to as a super-server.
Installing package xinetd.x86_64 2:2.3.14-37.fc16 Installed on 1/4/2011 1. Open terminal and type: yum install xinetd Then, click Enter
y
2. Installing XINETD package It will ask if we want to download, select y for yes. Then, click Enter
3. Installation complete!
INSTALLATION
LOGCHECK parses system logs and generates email reports based on anomalies. Anomalies can be defined by users with violations files. It differentiates between Active System Attacks, Security Violations, and Unusual Activity, and is smart enough to remember where in the log it stopped processing to improve efficiency. It can also warn when log files shrink, and does not report errors when they are rotated. LOGROTATE is designed to ease administration of systems that generate large numbers of log files. It allows automatic rotation, compression, removal, and mailing of log files. Each log file may be handled daily, weekly, monthly, or when it grows too large.
OGROTATE OGCHECK
yum it
1. We begin by opening a terminal and typing: yum install logrotate, then click Enter
yum it
3. Open a new terminal and type: yum install logcheck, then click Enter
y
4. Installing LOGCHECK packages It will ask if we want to download, select y for yes. Click Enter
5. Installation complete!
RIPWIRE
INSTALLATION
TRIPWIRE is an intrusion detection system (IDS), which, constantly and automatically, keeps your critical system files and reports under control if they have been destroyed or modified by a cracker (or by mistake). It allows the system administrator to know immediately what was compromised and fix it. The first time Tripwire is run it stores checksums, exact sizes and other data of all the selected files in a database. The successive runs check whether every file still matches the information in the database and report all changes.
yum it
1. Open a new terminal and install TRIPWIRE using the YUM command, syntax: yum install tripwire, then click Enter
y
2. Installing TRIPWIRE package. It will ask if we want to download, select y for yes. Click Enter
4. Installation complete!
EBMIN
INSTALLATION
WEBMIN is a web-based interface for system administration for Unix. Using any browser that supports tables and forms (and Java for the File Manager module), you can setup user accounts, Apache, DNS, file sharing and so on. Webmin consists of a simple web server, and a number of CGI programs which directly update system files like /etc/inetd.conf and /etc/passwd. The web server and all CGI programs are written in Perl version 5, and use no non-standard Perl modules.
1. Install WEBMIN using RPM. (Red Hat Package Manager) You can download the latest WEBMIN version at http://webmin.com/download.html
4. Type password and check the remember authorization box. Click OK to continue.
5. It will then ask you if you want to proceed with the installation. Click Yes to allow it.
9. WEBMIN platform
INSTALLATION
MySQL WORKBENCH simplifies database design and maintenance, automates time-consuming and error-prone tasks, and improves communication among DBA and developer teams. It enables data architects to visualize requirements, communicate with stakeholders, and resolve design issues before a major investment of time and resources is made. It enables model-driven database design, which is the most efficient methodology for creating valid and well-performing databases, while providing the flexibility to respond to evolving business requirements. Model and Schema Validation utilities enforce best practice standards for data modeling, also enforce MySQLspecific physical design standards so no mistakes are made when building new ER diagrams or generating physical MySQL databases.
ORKBENC
1. Install WORKBENCH using GUI. You can download the latest WORKBENCH version at http://dev.mysql.com/downloads/workbench/
3. Go to Administration
5. Select Applications.
8. Select mysql-workbench - A MySQL Visual database modeling and query 5.2.36-4fc16 (or latest version) Then, click Install and Apply to continue.
9. A new box showing us the different packages to be install will appear. Click Continue
12. The following screen box will appear letting us know that the application was installed and asking us if we want to launch it at this time by clicking on its icon. Click Close instead.
13. A list of the software installed will show up once again under Applications. We will see mysql-workbench - A MySQL Visual database modeling and query 5.2.36-4fc16 (or latest version) installed and checked by a green arrow.
AMPP
INSTALLATION
XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. XAMPP is really very easy to install and to use - just download, extract and start. XAMPP for Linux The distribution for Linux systems (tested for SuSE, RedHat, Mandrake and Debian) contains: Apache, MySQL, PHP & PEAR, Perl, ProFTPD, phpMyAdmin, OpenSSL, GD, Freetype2, libjpeg, libpng, gdbm, zlib, expat, Sablotron, libxml, Ming, Webalizer, pdf class, ncurses, mod_perl, FreeTDS, gettext, mcrypt, mhash, eAccelerator, SQLite and IMAP C-Client.
1. We installed XAMPP using a tar.gz file. (single archive file containing many files)
Make sure you stop the previous Apache(httpd) installation before initiating this one, since it creates conflict because Apache is part of the Xampp package. (ser vice httpd stop, /etc/init.d/httpd stop, apachectl -k stop or apachectl -k graceful)
Tar file installation: pwd cd /home/purpleteam/Downloads ls cp xampp-linux-1.7.7.tar.gz cp xampp-linux-1.7.7.tar.gz /opt xampp-linux-1.7.7.tar.gz cd /opt ls tar xvfz xampp-linux -1.7.7.tar.gz -C opt Location: cd /opt/lampp/ in the terminal then ls to list folders within directory.
3. We encounter an error due to that we installed Fedora KDE 64 bit version. It is asking us to download a 32 bit compatibility library to fix the issue.
yum it
4. Type the following: yum install glibc.i686 libgcc.i686 libstdc++.i686 Click Enter
y
5. Installing XAMPP package! It will ask if we want to download, and we select y for yes, then click Enter
6. Installation complete!
8. Open a new terminal and go to the directory where LAMPP is located by typing: cd /opt/lampp Then, type: ./lampp start to start it up.
AMPP UPDAT
INSTALLATION
With a NEW XAMPP version, there is normally an upgrade package too. Additionally, we have sometimes small patches between the releases. An upgrade is always problematically and there can be errors in the upgrade process. Because of this, you should always make a backup from your XAMPP folder before you upgrade it. We are trying to adjust your configuration files during the upgrade progress, if necessary. Especially if a new XAMPP have a lot of changes compared to the old one, we are providing no upgrade package for security reasons. Sorry. As with the add-ons, install the upgrade directly into the XAMPP directory (e.g. C:\xampp). And you must also start the setup script setup_xampp.bat.
1. We installed XAMPP using YUM. Type: cd /opt/lampp/ in the terminal, then ls to list folders within directory.
2. Start LAMPP by typing: ./lampp start Once again, we encounter an error due to that we installed Fedora KDE 64 bit version. It is asking us to download a 32 bit compatibility library to fix the issue. Type yum install glibc.i686 libgcc.i686 libstdc++.i686 to fix the issue. We will receive a notice asking us to stop the running process or pid 1833 to allow the packages to be installed.
3. Next, type kill 1833 and click Enter Type: yum install glibc.i686 libgcc.i686 libstdc++.i686 and click Enter to set up the installing process.
y
4. Next, It will ask if we want to download, and we select y for yes, then click Enter
6. Installation complete!
LUE FISH
INSTALLATION
BLUEFISH is a powerful editor targeted towards programmers and webdevelopers, with many options to write websites, scripts and programming code. Bluefish supports many programming and markup languages. See features for an extensive overview, take a look at the screenshots, or download it right away. Bluefish is an open source development project, released under the GNU GPL licence. Bluefish is a multi-platform application that runs on most desktop operating systems including Linux, FreeBSD, MacOS-X, Windows, OpenBSD and Solaris..
yum it
1. Open a new terminal and go to: root@localhost/sbin and type: yum install bluefish. Click Enter This begins the installation process for bluefish.x86_64 version 2.0.3.5.fc16
y
2. Type y and Enter to begin the installation of Bluefish RPM files.
4. Installation Complete!
RUPAL
INSTALLATION
DRUPAL is open source software maintained and developed by a community of 630,000+ users and developers. Its distributed under the terms of the GNU General Public License (or GPL), which means anyone is free to download it and share it with others. This open development model means that people are constantly working to make sure Drupal is a cutting-edge platform that supports the latest technologies that the Web has to offer. The Drupal projects principles encourage modularity, standards, collaboration, ease-of-use, and more.
1. We downloaded DRUPAL manually using a tar file. (single archive file containing many files) We used the search engine to find the latest version of Drupal for Linux. We downloaded the latest version of drupal.7.10.gz in root@localhost/purpleteam/Downloads Next, type the following in the command line: tar -xzvf drupal-7.10.tar.gz -C /opt/lampp/htdocs
INSTALLATION
FEDORA 16 adding a new user is a breeze when using the Fedora GUI configuration or terminal. On the first part of this section, follow the beginning 10 steps to add a new user though GUI. On the a second part, you learn the steps to adding a new user through the command line.
7. Add the correct information and password confirmation and click OK to continue the process.
10. This screen will allow you choices. In this case, click on root and OK to continue.
sudo
1. You can also ADD USERS through the terminal by typing: sudo useradd -c Firstname Lastname Name Click Enter
3. The user manager screen will come up and the username and id should have been added it to the list.
WEBSITES ON 1 I
INSTALLATION
2 WEBSITES ON 1 IP follow along and learn how it is done!
1. Go to terminal and acess root by typing: su and password. Then type: mkdir -p /var/www/purpleteam Click Enter to create an user in the directory.
2. Next type: mkdir -p /var/www/purplepeople Click Enter to create another user in the directory.
3. Next type:
4. Next type the following to find the right directory, list it, make a back up file, list the back up file and enter vi: cd /etc/httpd/conf ls cp httpd.conf httpd.conf.bak ls vi httpd.conf Click Enter
6. Closely read section 3: Virtual Hosts and find the documentation details at: <URL:httpd://httpd.apache.org/docs/2.2/vhosts/> Use the command line option -s to verify your virtual host configuration.
:wq
7. Write the following syntax to set up the names for the 2 sites allowing us to host them on 1 IP. Save it and exit vi by clicking ESC and typing wq or zz then Enter to go back to command mode
8. Type cd /etc/ and Enter to list the programs in the current directory.
10. Next type: cp hosts hosts.bak to create a back up file. Then type: vi hosts and Enter
SL CERTIFICAT
INSTALLATION
SSL CERTIFICATE follow along and learn how it gets done.
1. Open new terminal and type: openssl genrsa -des3 -out server .key 1024 Click Enter to generate private key
2. Open new terminal and type: openssl req -new -key server .key -out server.csr Next, enter pass phrase and read about what you need to enter next: Some fields can be left blank by typing: . Country: State: City: Company: Name: Email: And so on...
3. Open new terminal and type: openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt This will sign and create the signature. Next, enter pass phrase and it will be done! Test it by typing: localhost https://localhost/ in adresse bar.
SOFTWARE LICENSING
Name: FEDORA 16 KDE 64 bit
Version: Fedora -16-i686-Live-Desktop.iso License: Red Hat under a Creative Commons AttributionShare Alike 3.0 Unported license (CC-BY-SA).... Using The KNetworkManager Applet in KDE Date: 01/04/2012 Method: GUI Link: http://mirror.metrocast.net Update: yes
Name: HTTPD
Version: httpd.x86_64 0:2.2.21-1.fc16 License: GNU General Public License Date: 01/04/2012 Method: YUM Link: http://apache.org Update: no
Name: IP TABLES
Version: Iptables-1.4.12-2.fc16.x86_64 License: GNU General Public License Date: 01/04/2012 Method: YUM Link: Already installed in Fedora 16 Update: no
Name: LOGROTATE
Version: logrotate-3.8.0-3.fc16.x86_64 License: GNU General Public License Date: 01/04/2012 Method: YUM Link: hthttp://sourceforge.net/projects/logrotate/ Update: no
Name: LOGCHECK
Version: logcheck.noarch 0:1.3.14-4.fc16 License: GNU General Public License Date: 01/04/2012 Method: YUM Link: http://sourceforge.net/projects/logcheck/ Update: no
Name: TRIPWIRE
Version: tripwire .x86_64 0:2.4.1.2-11.FC12 License: GNU General Public License
Name: WEBMIN
Version: webmin-1.570-1.noarch.rpm License: BSD License Date: 01/04/2012 Method: YUM Link: http://sourceforge.net/tripwire/ Update: no
Name: WORKBENCH
Version: Fedora version.15 (x86,64bit), RPM Package License: Open source GPL License Date: 01/04/2012 Method: GUI Link: http://dev.mysql.com/downloads/workbench/ Update: no
Name: XAMPP
Version: xampp-linux-1.7.7.tar.gz License: GNU General Public License Date: 01/04/2012 Method: TAR FILE Link: www.apachefriends.org/en/xampp-linux.html Update: yes
Name: BLUEFISH
Version: bluefish.x86_64 version 2.0.3.5.fc16 License: GNU GPL License Date: 01/04/2012 Method: YUM Link: bluefish.openoffice.nl/index.html Update: yes
Name: DRUPAL
Version: Drupal-7.10.tar.gz License: Creative Commons License, Attribbution-ShareAlike2.0 Date: 01/04/2012 Method: TAR FILE Link: www.drupal.org Update: no
RESOURCES
http://www.linuxjournal.com/article/8758 http://fedoraproject.org/ http://www.linuxforums.org/forum/linux-tutorials-howtos-reference-material/5022-linux-directory-structure-overview.html http://www.yolinux.com/TUTORIALS/unix_for_dos_users.html http://acs.ucsd.edu/info/vi_tutorial.shtml http://linuxcommand.org/writing_shell_scripts.php http://www.gnu.org/licenses/gpl.html http://creativecommons.org/licenses/ http://en.wikipedia.org/wiki/Virtual_machine http://www.webmin.com/ http://www.mysql.com/products/workbench/design/ http://www.apachefriends.org/en/xampp-windows.html#1175 http://linuxcommand.org/man_pages/logrotate8.html http://www.debianhelp.co.uk/logcheck.htm http://www.xinetd.org/faq.html http://www.linuxhelp.net/guides/cron/ http://linuxers.org/howto/howto-use-logrotate-manage-log-files http:// logcheck.org/ http://www.tripwire.org/ http://en.wikipedia.org/wiki/Sudo http://www.sudo.ws/sudo/sudo.man.html http://en.wikipedia.org/wiki/List_of_router_or_firewall_distributions http://www.puschitz.com/FirewallAndRouters.shtml http://www.snort.org/ http://www.yolinux.com/TUTORIALS/LinuxSecurityTools.html https://modules.apache.org/ http://bluefish.openoffice.nl/index.html http://devzone.zend.com/6/php-101-php-for-the-absolute-beginner/ http://drupal.org/
Ericka Arguedas
Graphic Design
Ericka Arguedas
Graphic Design