Scribd
Upload
88 views

Configuration

This document provides configuration details for secure shell (SSH), secure Linux (SELinux), log servers, Apache web servers, Nginx web servers, and installing WordPress with Apache and MariaDB. It also describes how to install SSL certificates and host multiple websites with SSL encryption in Red Hat Enterprise Linux (RHEL).

Uploaded by

Pratik Sanas
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
88 views

Configuration

This document provides configuration details for secure shell (SSH), secure Linux (SELinux), log servers, Apache web servers, Nginx web servers, and installing WordPress with Apache and MariaDB. It also describes how to install SSL certificates and host multiple websites with SSL encryption in Red Hat Enterprise Linux (RHEL).

Uploaded by

Pratik Sanas
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 7

SSH (Secure Shell Socket)

Package ------> openssh*


Deamons ------> sshd
Config -------> /etc/ssh/sshd_confg
Port ---------> 22
--------------------------------------------------------------------
SELinux

Config /etc/selinux/confg -----> It is main fle for SELinux.


-----------------------------------------------------------------------------------
------------------------------------
Log server:
* Log server is central log monitaring point.Whih stores all
windows,linux,switches,system,hosts generated log centrally.
So it can be easy to review.
* Rsyslog (daemon) works on both side like server & client. In server sides, it can
gather logs from other devices.
& in client side transmit the logs to server.

Package ------> rsyslog*


Deamons ------> rsyslog
Config file --> /etc/rsyslog.conf
Document root-> /var/log
Port ---------> 514

log files:
* It contatains messages regarding system including the kernal, services &
applications running on it.
* It is very useful to when trying to troubleshoot problem in the system.
* Only root users can read these log messages.
* The messages will be generated only when rsyslog service is running.

The diferent types of log fles and their locations :


# /var/log/messages ----> System and general messages and DHCP log messages.
# /var/log/authlog -----> Authentication log messages.
# /var/log/secure ------> Security and authentication and user log messages.
# /var/log/maillog -----> Mail server log messages.
# /var/log/cron --------> Cron jobs log messages.
# /var/log/boot.log ----> All booting log messages.
# /var/log/httpd -------> All Apache web server log messages.
# /var/log/mysqld.log --> Mysql database server log messages.
# /var/log/utmp or /var/log/wtmp -----> All the user's login messages.
# /var/log/Qmail -------> Qmail log messages.
# /var/log/kernel.log --> All kernel related log messages.
# /var/log/samba -------> All samba server log messages.
# /var/log/anakonda.log-> Linux installation log messages.
# /var/log/lastlog -----> Recent login information for all users.
# /var/log/yum.log -----> All package installation log messages generated by # yum
or # rpm commands.
# /var/log/cups --------> All printer and printing related log messages.
# /var/log/ntpstat -----> All ntp server and services log messages.
# /var/log/spooler -----> Mail, printer and cron jobs spooling messages.
# /var/log/sssd --------> System security service deamon log messages.
# /var/log/audit.log ---> SELinux log messages.
# dmesg (to see the boot log messages)

-----------------------------------------------------------------------------------
-----------------
Apache Web server :
* Open source web server.
* It is mostly used web server in the internet.
* httpd is the deamon that speaks the http or https protocols.
* It is a text based protocol for sending and receiving the objects over a network
connection.
* The http protocol is sent over the wired network in clear text using default port
number 80/tcp.
* To protect the website we can use https web server for data encryption.

Package ------> httpd


Deamons ------> httpd
Config file --> /etc/httpd/conf/httpd.conf (For http)
/etc/httpd/conf.d/ssl.conf (For https)
/etc/httpd/conf.d/demo.conf
Document root-> /var/www/html
Log fles -----> /var/log/httpd/access_log
/var/log/httpd/error_log
Port ---------> 80/http and 443/https
-----------------------------------------------------------------------------------
-------------
How to launch a website:

1) # yum install -y httpd

2) # yum start httpd

3) # go to browser search ------> download free website template

4) # cd /root/Downloads

5) # unzip <content>

6) # cp -rvf Downloads/<content>/* /var/www/html/

7) # vim /var/www/html/index.html-----------> we can see all content here

8) # curl localhost

9) # curl 192.168.1.101

` 10) Search on browser---> 192.168.1.101


-------------------------------------------------------------------------------
Nginx :

Package -------------> nginx


Main Config file ----> /etc/nginx/nginx.conf
Server Config file --> /etc/nginx/conf.d
Document root--------> /usr/share/nginx/html

* Steps: (For installing the nginx)


1) # yum install epel-release
# yum install nginx

2) # systemctl start nginx


# systemctl enable nginx
# systemctl status nginx

3) # firewall-cmd --zone=public --permanent --add-service=http


# firewall-cmd --zone=public --permanent --add-service=https
# firewall-cmd --reload

4) # vim /usr/share/nginx/html/index.html

5) # firebox search localhost/ip

***********************************************************************************
****

Steps: (Name-based & IP Virtual Hosts with NGINX)


1) # yum install --enablerepo=epel nginx

2) # systemctl stop httpd


# systemctl start nginx

3) # useradd user1

4) # mkdir /var/www/testing1.com/public_html
# cd /var/www/testing1.com/public_html
# vim index.html

5) # mkdir /etc/nginx/sites-available
# cd /etc/nginx/sites-available
# touch testing1.com.conf
server {
listen 192.168.1.101:80
server_name testing1.com www.testing1.com
root /var/www/testing1.com/public_html
index index.html
}
# chmod 755 testing1.com.conf
# chgrp user1 testing1.com.conf
# cd /var/www/testing1.com/public_html
# chmod 755 index.html
# chgrp user1 index.html

6) # vim /etc/nginx/nginx.conf
uncomment ----> #user nginx
uncomment ----> #include /etc/nginx/conf.d/*.conf
add text (in http) ----> include /etc/nginx/sites-available/*.conf

7) # vim /etc/hosts
192.168.1.101 testing1.com www.testing1.com

8) # nginx -t
# systemctl restart nginx

9) Open the browser and navigate to the first virtual domain,


http://testing1.com

***********************************************************************************
**************

Steps : Install WordPress 5 with Apache, MariaDB 10 and PHP 7 on CentOS 7

1) # vim /etc/selinux/config ----->disabled-----> restart

2) # yum install -y httpd


# systemctl start httpd
# systemctl enable httpd
# systemctl status httpd

3) # yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm


yum-utils
# yum-config-manager --enable remi-php73

4) # yum install -y php php-common php-mysql php-gd php-xml php-mbstring php-


mcrypt

5) # vim /etc/yum.repos.d/MariaDB.10x.repo

[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.3/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

# yum install -y MariaDB-server MariaDB-client


# systemctl start mariadb
# systemctl enable mariadb
# systemctl status mariadb
# mysql_secure_installation

# mysql -u root -p
## create database wordpressdb;
## grant all privileges on wordpressdb.* to
wordpressuser@localhost identified by '123';
## flush privileges;

6) # cd /var/www/html
# wget http://wordpress.org/latest.tar.gz
# tar -xvf latest.tar.gz
# chown -R apache:apache wordpress/

7) # vim /etc/httpd/conf.d/<filename>.conf
-----> Go to last line and type
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot /var/www/html/wordpress
ServerName hvthang.xyz
ServerAlias www.hvthang.xyz
ErrorLog /var/log/httpd/hvthang.xyz-error.log
CustomLog /var/log/httpd/hvthang,xyz-acces.log common
</VirtualHost>
# httpd -t
# systemctl restart httpd

8) # firewall-cmd --permanent --add-service=http


# firewall-cmd --permanent --add-service=https
# firewall-cmd --history

***************************************************************************
How to install SSL cetificate

1) # yum install httpd

2) # yum install mod_ssl


3) # yum install openssl

4) # openssl genrsa -out ca.key


# openssl req -new -key ca.key -out ca.csr
# openssl x509 -req -days 365 -in ca-csr -signkey ca.key -out ca.crt
where
ca-csr ---> name of csr file
ca.key----> name of key file
ca.crt ---> name of certificate

5) # cp ca.crt /etc/pki/tls/certs
# cp ca.key /etc/pki/tls/private
# cp ca.csr /etc/pki/tls/private

6) # vim /etc/httpd/conf.d/ssl.conf
Edits line---->
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key

# httpd -t

7) # vim /etc/httpd/conf.d/<filename>.conf
<Virtualhost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
servername www.server.demo.com
Documentroot /web
</virtualhost>

# httpd -t

8) # firewall-cmd --permanent --add-service=https


# firewall-cmd --permanent --add-port=443/tcp
# firewall-cmd --reload

9) # systemctl restart httpd


# systemctl enable httpd

10) go to browser----> https://www.server.demo.com

*******************************************************************************
* Host Multiple Websites With SSL Encryption in RHEL

# yum install -y httpd openssl mod_ssl


# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ca.key -out ca.crt
# vim /etc/httpd/conf.d/ssl.conf
Edits line---->
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
# httpd -t
# vim /etc/httpd/conf.d/<filename>.conf
<Virtualhost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
servername www.server.demo.com
Documentroot /web
</virtualhost>vim /etc/httpd/conf.d/httpd.conf

--------------------------------------------------------------------
FTP :
* File transfer protocol.
* FTP stands for File Transfer Protocol used to transfer fles from one host to
another host over a TCP-based network

Package ------> vsftpd (server)


ftp (server & client)
Deamons ------> vsftpd
Config file --> /etc/vsftpd/vsftpd.conf
/etc/vsftpd/user_list
/etc/vsftpd/ftpuser
Document root-> /var/ftp (Home directory)
Log fles -----> /var/log/httpd/access_log
/var/log/httpd/error_log
Port ---------> 20 (Data transfer)
21 (connection establishment)
--------------------------------------------------------------------
NFS :
* Network File system
* It is way to share the local hard drive fles between machines which are NFS
compatible.
* That means we share the fles between Linux and Unix machines but not between
Linux and windows systems.
* NFS is used upd protocol.

Package ------> nfs-utils


Deamons ------> rpc.mountd
rpc.nfsd
rpc.rquotad
rpc.stad
rpc.lockd
rpc.idmapd
Config file --> /etc/exports
Port ---------> 2049
usercreate ---> nobody
--------------------------------------------------------------------
SAMBA :
* Samba allows Linux computers to share fles and printers across a network
connection by using SMB
protocol. Samba will support DFS, NFS, ufs fle systems to share fles and
directories.
* That's why Samba is used to share fles and directories between diferent platforms

Package ------> samba* for samba server and samba-client* for samba client
Deamons ------> smb and nmb for RHEL - 7 where as smb is for Samba server deamon
and nmb is for
Netbios service deamon

Config file --> etc/samba/smb.conf


Log fle ------> /var/log/samba
Port ---------> 137 ---> to verify the share name,
138 ---> to data transfer,
139 ---> to connection establish and
445 ---> for authentication
usercreate ---> nobody
--------------------------------------------------------------------
MariaDB:
* is a database software to create and maintain the databases.

Package ------> mariadb*


Deamons ------> mariadb
Config file --> /etc/my.cnf
Commands -----> mysql_secure_installation
Port ---------> 3306
-----------------------------------------------------------------------------------
-------------------------------------------------------------------------
DHCP:
* Dynamic Host Confguration Protocol.
* DHCP is anetwork protocol that enables the server to assign an IP addresses to
the clients in the network automatically from a defned range of IP addresses
ie., scope confgured for a given network.

Package ------> dhcp*


Deamons ------> dhcpd
Config file --> /etc/dhcp/dhcpd.cnf
Port ---------> 67 server , 68 client

Steps:
1) # yum install dhcp*

2) # Go to virtual box-----> Network----->all networking should have


internal connection

3) # open the linux GUI ---> netwk setting --->wire setting--->wire---->ipv4


Addres 192.168.7.11
Netmask 255.255.255.0
Gateway 192.168.7.11
# vim /etc/dhcp/dhcp.conf
default-lease-time 600;
max-lease-time 7200;

subnet 192.168.7.0 netmask 255.255.255.0 {


range 192.168.7.15 192.168.7.21;
option subnet-mask 255.255.255.0;
option routers 192.168.7.1;
}

4) # systemctl start dhcpd

5) # go to windows firewall ---> custmize setting----> turn off firewall

6) # go to client machine ---> restart the netwk card n check ip assigned or


not

-----------------------------------------------------------------------------------
-----------------

You might also like