===============================================================
INSTALLATION AND INITIAL CONFIGURATION
Source code: http://www.apache.org/
> HTTP Server (httpd.apache.org)
> download httpd-2.2.6.tar.bz2
check it:
md5sum htt*
tar tvf htt*
unzip it:
tar xvjf http*
build it:
cd htt*
./buildconf
./configure --prefix=/usr/local/apache --with-layout=Apache --enable-modules=most --enable-mods-shared=most
make
su - (must be root for next step)
make install
RPM: rpmfind.net
> search for hpptd, and select version for OS
Installing Apache RPM on Linux (RH9)
rpm -qa | grep hpptd (check if already installed)
rpm -ihv hpptd* (to install apache rpm)
rpm -ql hpptd | less (find Apache httpd.conf file)
service httpd stop/start/restart
apachectl start/stop/restart
vi httpd.conf (ver 2.0.40-21)
Basic setup:
ServerRoot /etc/httpd (location of Apache)
ServerAdmin root@localhost (root email)
ServerName myhostname.localdomain:80 (update to correct hostname)
DocumentRoot /var/www/html (location of docs to serve)
To select default home page names:
DirectoryIndex index.html index.html.var homepage.htm
To enable user directories:
#UserDir disable (comment out this line)
UserDir public_html (uncomment this line)
chmod 755 (all directories in path to published docs)
chmod 644 (html-files doc files)
===============================================================================
REMOVING APACHE
source:
cd /usr/local
rm -rf apache
rpm:
rpm -e httpd httpd-suexec
===============================================================================
TROUBLESHOOTING
1) Commands to set permissions:
chmod 755 (all directories in path to published docs)
chmod 644 (html-files doc files)
2) Firewall settings
3) Turn off secure Linux
vi /etc/sysconfig/selinux or use Fedora Firewall admin tool
set SELINUX=disabled
===============================================================================
LOG FILE MONITORING:
ErrorLog logs/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog logs/access_log combined
tail -f access_log (cntr-c to end)
[root@frodo1 logs]# tail -f /etc/httpd/logs/access_log
172.30.4.153 - - [07/Nov/2007:17:09:52 -0800] "GET /~cis192 HTTP/1.1" 301 307 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
172.30.4.153 - - [07/Nov/2007:17:09:52 -0800] "GET /~cis192/ HTTP/1.1" 200 5159 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
172.30.4.153 - - [07/Nov/2007:17:09:52 -0800] "GET /~cis192/frodo-167x125.jpg HTTP/1.1" 200 7432 "http://172.30.4.111/~cis192/" "Mozilla/4.0 compatible; MSIE 6.0; Windows NT 5.1; SV1)"
172.30.4.153 - - [07/Nov/2007:18:17:11 -0800] "GET /~cis192/ HTTP/1.1" 304 0 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
172.30.4.153 - - [07/Nov/2007:18:17:11 -0800] "GET /~cis192/frodo-167x125.jpg HTTP/1.1" 304 0 "http://172.30.4.111/~cis192/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
http://www.mrunix.net/webalizer/
> download webalizer***-x86-bin.tgz
> tar tzvf web*
> tar xzvf web*
> ./webalizer /var/log/httpd/access_log
> browse to file:///usr/local/
> click on webalizer directory
> click of reports
# To find all the entries from Feb 2002
cd /usr/local/apache2/logs
grep "Mar/2003" access_log
# Can pipe results to wc (word count) program
grep "Mar/2003" access_log | wc
-> 418 4180 46311
# Returns number of lines, words and characters
# May be many transactions per page -- why?
# Can remove gif and jpg files with egrep command
grep "Mar/2003" access_log | egrep -v 'gif|jpg' | wc
-> 414 4140 45795
#Use cut command to extract the first field from the access log
cut -d ' ' -f 1 access_log
cut -d ' ' -f 1 access_log | sort -u
# To get the total number of unique hosts, use the wc command
cut -d ' ' -f 1 access_log | sort -u | wc
# To get a count for a particular month:
grep "Mar/2003" access_log | cut -d ' ' -f 1 | sort -u | wc
-> 166 166 2329
==========================================================================================
VIRTUAL HOSTS
# Lab 3a - virtual hosts by IP's (browse to 172.30.4.20x)
#
# ifconfig eth0:a 172.30.4.206 netmask 255.255.255.0
# ifconfig eth0:b 172.30.4.207 netmask 255.255.255.0
ServerName merida.localdomain:80
Listen 80
ServerName domain1
DocumentRoot /www/domain1
ServerName domain2
DocumentRoot /www/domain2
ServerName domain3
DocumentRoot /www/domain3
#
# Lab 3b - virtual hosts by ports (browse to localhost:80xx)
#
ServerName merida.localdomain:80
Listen 8080
DocumentRoot /www/domain1
Listen 8085
DocumentRoot /www/domain2
Listen 8090
DocumentRoot /www/domain3
#
# Lab 3c - virtual hosts by name (browse to domainx)
#
ServerName merida.localdomain:80
Listen 80
NameVirtualHost 172.30.4.206:80
ServerName default
DocumentRoot /var/www/html
ErrorLog logs/errlog.default
CustomLog logs/accesslog.default combined
ServerName domain1
DocumentRoot /www/domain1
ErrorLog logs/errlog.domain1
CustomLog logs/accesslog.domain1 combined
ServerName domain2
DocumentRoot /www/domain2
ErrorLog logs/errlog.domain2
CustomLog logs/accesslog.domain2 combined
ServerName domain3
DocumentRoot /www/domain3
ErrorLog logs/errlog.domain3
CustomLog logs/accesslog.domain3 combined
*
* Classroom server01 (with SSL and Virtual Hosts)
*
NameVirtualHost 172.30.1.201:80
ServerName server01.localdomain
DocumentRoot /var/www/html
ServerAlias server01
ServerName simms.localdomain
DocumentRoot /www/simms
ServerAlias simms
ErrorLog /etc/httpd/logs/errlog.simms
==========================================================================
DYNAMIC CONTENT
# Lab 4 configuration
#Enable scripts to run from cgi-bin directory
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
[root@frodo1 www]# pwd
/var/www
[root@frodo1 www]# ls
cgi-bin error html icons
[root@frodo1 www]#
#!/bin/bash
# CGI file to pull color from query string and set background color
IFS='&'
for i in $QUERY_STRING
do eval $i
done
echo "Content-type: text/html"
echo
echo "
$name
"
exit
# Simple html form calling cgi file in /cgi/bin directory
#Enable scripts to run by file extension
AddHandler cgi-script .cgi
Options Indexes FollowSymLinks Includes ExecCGI
# Simple html form calling cgi file in same directory
# To enable SSI
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
Options Indexes FollowSymLinks Includes
Note: xBitHack on (allows any SSI file to run if it has execute permission)
# Simple html file displaying SSI variables
=======================================================================
ALIASES AND REDIRECTION
Alias /newurl /www/htdocs/oldurl
Alias /logs /etc/httpd/logs
Redirect option /foo.html http://example.com/new/foo.html
option = temp | permanent | gone | seeother
temp is default if you leave blank
Redirect permanent /tim http://server04
======================================================================
SPELLING CORRECTION
Module mod_speling
CheckSpelling directive
Syntax: CheckSpelling on|off
======================================================================
HTTP Protocol (Request line, Header section, Entity body)
www.rexswain.com (HTTP viewer)
Client side request:
-------------------
telnet hayrocket.com 80
GET / HTTP/1.1
Host: hayrocket.com
[space]
[CR]
Server responds with page:
-------------------------
HTTP/1.1 200 OK
Date: Mon, 12 Nov 2007 17:33:03 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.7 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi
/2.4.2 DAV/2 SVN/1.4.2
Last-Modified: Fri, 26 Oct 2007 22:56:35 GMT
ETag: "22336f-115f-43332ec0"
Accept-Ranges: bytes
Content-Length: 4447
Vary: Accept-Encoding
Content-Type: text/html
Rich's Home Page
==========================================================================
HACKER ATTACKS
1) DOS: fill up log files with page not found
To mitigate: put log files in separate partition
2) Symbolic links allow access to other parts of file system
To mitigate: configure Apache not to follow symbolic links (Options FollowSymLinks)