The document discusses setting up various server configurations including:
1. Configuring a firewall on Red Hat Enterprise Linux to allow common services like DNS, FTP, and SSH.
2. Setting up a primary DNS server and configuring zone files and resolv.conf.
3. Installing and configuring a DHCP server to hand out IP addresses on a subnet.
4. Reviewing generic parameters in Apache's configuration file such as the ServerRoot, Listen directive, User, and DocumentRoot settings.
The document discusses setting up various server configurations including:
1. Configuring a firewall on Red Hat Enterprise Linux to allow common services like DNS, FTP, and SSH.
2. Setting up a primary DNS server and configuring zone files and resolv.conf.
3. Installing and configuring a DHCP server to hand out IP addresses on a subnet.
4. Reviewing generic parameters in Apache's configuration file such as the ServerRoot, Listen directive, User, and DocumentRoot settings.
The document discusses setting up various server configurations including:
1. Configuring a firewall on Red Hat Enterprise Linux to allow common services like DNS, FTP, and SSH.
2. Setting up a primary DNS server and configuring zone files and resolv.conf.
3. Installing and configuring a DHCP server to hand out IP addresses on a subnet.
4. Reviewing generic parameters in Apache's configuration file such as the ServerRoot, Listen directive, User, and DocumentRoot settings.
The document discusses setting up various server configurations including:
1. Configuring a firewall on Red Hat Enterprise Linux to allow common services like DNS, FTP, and SSH.
2. Setting up a primary DNS server and configuring zone files and resolv.conf.
3. Installing and configuring a DHCP server to hand out IP addresses on a subnet.
4. Reviewing generic parameters in Apache's configuration file such as the ServerRoot, Listen directive, User, and DocumentRoot settings.
1. Explain the concept to allow services through firewalls..
→After an installation of Red Hat Enterprise Linux, the firewall is configured by
default, and not many services are allowed through the firewall *The simplest way to allow specific services through & the firewall is by selecting them using the Trusted Services option in system-config- firewall. This interfaces offers a list of commonly used services. • Allowing basic services through the Firewall: 1. From the GNOME graphical interface, select System > Administration > Firewall. Review the warning that tells you that all current configurations will be overwritten, and dick Close. Also, enter the root password of prompted. 2. from the list of trusted services, select DNS, FTP, SSH, and WWW and click Close Apply to save the configuration 3. Close system-config-firewall, and open a shell prompt. 4. Type chkconfig I grep iptables. This command will display the current status of the iptables service in the runlevels on your server. It should read as follows: [root@hn/~]# chkconfig Igrep iptables iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off 5. If the iptables service that implements your firewall isn't listed as being on in runlevels 2, 3, 4, and 5, use chkconfig iptables on to enable it. 6 Type service iptables status. This command shows that the current status of iptables is enabled. 7. Type iptables -1 -v. You'll see a list that displays all of the firewall rules. 5. Explain procedure for creating Self-signed Certificates. • To begin, you need to store the certificates that you are going to create • You can do this in the home directory of user root if you want them to be well protected, or else you can put the certificates in the directory /etc/pki/tls, which exists for this purpose by default. • Within this directory, you need four subdirectories to store the certificates: certs, newcerts, private, and crl. • To create a certificate for or your CA server, you can use the configuration file that you'll find in /etc/pki/openssl.cnf. facilitate • This file contains default settings that are used to facilite the creation of new certificates. • Using this file makes creating certificates easier, all default values that are specified here don't have to be used on the command line.. • After checking the default values you want to use in can start creating your own self-signed certificate. openssl.cnf, you • The following command allows you to create a certificate that usese 1024-bit RSA key with a validity of 10 years: openssl req -newkey rsa: 1024 -x509 -days 3650. • In the previous & code snippet, you can see that openssl is used as the master command. • req is the command that is used to generate a certificate-signing request. • With that request, a new key is created with an RSA length of 1024 bits in which x509 and a validity of 10 years is used • When creating a certificate that is to be used for a CA, it's a good idea to choose a long validity period. • Another way of creating a self-signed certificate is by using the genkey command. This command provides a text user interface that guides the user through the process of creating a certificate. 6. Explain GPG file encryption and decryption. • GPGI is commonly used to encrypt files. • GPG file encryption and decryption: 1. Open a shell, and use su - linda to become user linda 2. As linda, copy the file /etc/hosts to your home directory using cp /etc/hosts ~. 3. Use gpg --listkeys to list the keys currently imported in linda- 's environment, and note the exact name of the user lisa 4. Encrypt the file using gpg -e hosts. When the user account & requested, enter the exact name of user lisa you found it in the previous step of this exercise. Next press Enter on- an empty line to complete the encryption procedure.. as 5. Use cp ~/hosts.gpg /tmp to copy the gpg file to the timp directory where lisa can see and read it.. 6. Use exit to log out. become user tia lisa. as linda, and now use SL -Ipada to 7. As lisa, use gpg -d /tmp/hosts.gpg to decrypt the hosts file. Q7). Explain process of creating and managing GPG keys. • Creating GPG keys: 1. If they don't exist already, create two users named lisa and linda, and give them the password password: 2. Log in to the graphical interface as user linda, and use gp門 gpg --gen-key to create a GPG key pair. Accept all default values, and assign the password 'password 12' to the private key. When the gen-key program tells you to generate entropy, use Is -R/ a couple of times to get you through the procedure faster. 3. Repeat step 2 for user lisa, and use the same parameters. Managing GPG keys: nlaxa Once the keys have been created, there are some management tasks of which you must be aware. - To begin, you can generate an overview of all the keys that are imported to your account. To see the keys that are currently available, use gpg --list-keys. This command will show you at least your own GPG keys. However, after using GPG for some time, it will also list the GPG keys of other users you have imported. When using the gpg --list-key command, you see only public keys assigned to your go account. - If you want to check your private key, you -keys instead. can use gpg--list- secret - This command is useful if you're encountering problems and you. want to make sure that a correctly. private key has been installed 10. Explain process of setting up Samba server. • Setting up a Samba Server: 1. Use mkdir /sambafples to create a directory on the Linux file- system. 2 Use chmod 777 /sambafiles to grant the appropriate permissions to the /sambafiles share. It's not the most elegant way to to set security, but it's not local Linux security that matters here. 3. As root, use yum -y install samba samba-common samba-dient to install all the required samba server packages. 4. Open the file /etc/samba/smb.conf with an editor. Locate the workgroup parameter, and change it to workgroup = MYSAMBA. 5. Go to the bottom of the configuration file, and add the following share configuration: [sambafiles] comment = samba files. path = /sambafiles writeable = yes valid user = lucy, linda, lori 6. Use user add lucy to create 6. a user account for user lucy. Don't set the password, because Samba users don't need a on the Linux system. password 7. Use smbpasswd -a lucy to create Samba user lucy. 8. Use service smb restart to (re) start the Samba service and chk config smb on to make sure that it starts when the server boots. 9. Use smbclient -1 //localhost. This will show you the current Samba server parameters, and you'll see that the share you just created is listed. The smbclient -1 command will show a login prompt that you can ignore. Do this by pressing Enter twice. Q3. Explain setting up a Primary DNS Server. • Setting up a Primary DNS Server: 1. Make sure that the bind package is installed on your host computer. 2. Open the /etc/named.conf file, and make sure the following parameters are included: *directory is set to /var/named *listen-on port 53 is set to any *allow-query is set to any *forwarders contains the IP address of your Internet provider's DNS name server *dns-sec validation is set to no 3. Open the /etc/named.rfc 1912. zones file, and create a definition for the com domain. 4. Create a file /var/named/example.com, and give it contents. Change it to match the hostnames in your environment. 5. Make sure that the DNS se resolver in /etc/resolv.conf is set to your own DNS server. 6. Dig Use dig your host.example.com, and verify that your DNS server gives the correct information from your DNS database. 4. Explain setting up a DHCP server. Setting up a DHCP server: 1. Start the virtual machine, and open a root shell. from the root shell, use the command yum -y dhcp to install the DHCP server. 2. Open the file /etc/dhcp/dhcpd.conf with an editor, and give it the following contents. Make sure that the names and IP addresses) used in this example match your network: option domain-name "example.com"; option domain-name-servers YOUR.DNS, SERVERNAME. HERE, default-lease-time 600; max-lease-time 1800; subnet 192.168.100.0 netmask 255.255.255.0 { . range 192.168.100.10 192.168.100. 20; . options routers 192.168.100.1; } 3. Start the DHCP server by using the command service dhcpd start, and enable it using chkconfig dhcpd on. 4. Start the second virtual machine. Make sure that the netword card is set to get an IP address from a DHCP server. After starting it, verify that the DHCP server has indeed handed out an IP address. 10. Explain generic parameters of Apache configuration file. →An important directive is Server Root. *This defines the root of the configuration directory. *On Red Hat Enterprise Linux, by default the server root is set to /etc/httpd • It is important to be aware of this because other filenames that are referenced later in the configuration file are all relative to the server root directory. • An example is the Pidfile. which is set to run/httpd.pid • Another important parameter in the beginning of the configuration file is the listen parameter. *In this example, it directs httpd to listen at port 80. *Because no specific IP addresses are mentioned, it will bind to port 80 on all IP addresses that are available. • You can include a specific IP address if you want httpd to bind to just that one and to no other IP addresses. *The neat list of generic parameters & a bit lower in the httpd.conf file •These are the parameters User and Group, which specify the user and group that should be used to run the Apache server *Apache is normally started as root, and once started, will run as this user and group with fewer privileges. • By default, both are set to apache *The most important thing to remember here is that Apache should never offer its services as root! •Another important directive is the Document Root. • This specifies where Apache should look for its content. • Documents that are stored in the DocumentRoot are default. served by default *The standard behaviour on Red Hat Enterprise Linux is to show the contents of the index.html file that is created in the DocumentRoot 11. Explain various modes in Apache. • Apache can be started in two different modes: the prefork mode and the worker mode • The prefork mode is the default mode. • In this mode, a master httpd process is started, and this master process will start different httpd servers. *As an alternative, the worker mode can be used • In this mode, one httpd process is active, and it uses different thread to serve client requests. • Even If the worker mode is a bit more efficient with regards to resource usage, some modules cannot handle it, and therefore the prefork mode is used as default. *However, if you need the best performance that httpd. and you don't use modules that are incompatible with worker made it's a good idea to use worker mode instead. can offer • Worker mode can be configured to serve more simultaneous p processes • To change the default mode that Apache uses, you can modify the HTTPD parameter, in /etc/sysconfig/httpd. • To use the worker mode, you have to start the /usr/sbin/httpd. worker binary instead of /usr/sbin/httpd • To accomplish this, just remove the pound sign in front of the example 19ne in /etc/sysconfig/httpd and restart the httpd process using service httpd restart. • for both modes, you can set some performance parameters: -Start Servers - MinSpare Servers -Min Spare Threads -Max Spare Servers and MaxSpare Threads -ServerLimit -Max Clients -Max Request Per Child 12. Explain various directory options and directory restrictions in Apache. →• The administrator can also set different options on an Apache web. server. • These options are used to define how the contents of a directory on the httpd server should be presented to users who access that directory. • The Directory Index directive can be used to specify that other files. should also be considered. • If this is the case, it will show the contents of this file, and if not, a list of files in the directory is shown. • To modify this behavior, the Directory Index and Options directives con be used. •By default, the Directive Index directive specifies that Apache should look for a file with the name index.html or index.html.var • The Options directive within a directory definition can further fine-tune the options that are used to display the contents of a directory. • You can also use Options to determine which server features Die are available in a particular directory. • A useful argument for the Options directive is Indexes. • If you use this option, you will see a list of files in the directory If no index.html is available. *Related to this option is followsymlinks. • This option will ensure that symbolic links are followed if they ex in the document directory. • In a directory served by Apache, some basic restrictions can be used. *First, there is the AllowOverride directive. •This directive is related to the .htaccess file that administrate can use to restrict access to a given directory •Another basic way to handle access restrictions by using the Order directive. •With this directive, you'll specify the order in which allow and deny commands are used. • The order is not defined by how the rules appear in your configuration file but by how you've used the Order directive. • The default order is deny and then allow..