Monday, December 19, 2011

Password Protection to your Website Hosted on Apache Web Server


At times, when I am browsing the web, I click on a link such as this one and instead of a web page, I get a dialog box asking me to enter my user name and password. And only after I have been authenticated do I get access to the website (or page). This feature of password protection is very simple to implement in Apache web server.

Password authentication process contains two files:
1. .htpasswd :-
This file contains the user name - password combination of the users who are allowed access to the website or page. This file can reside anywhere in file system. But usually, it is created in the Apache web server directory ( /etc/httpd/conf/.htpasswd ). This is because, this file should not be accessible to the visitors of the site.

2. .htaccess :-
This file defines the actual rules based on which users are given access or denied access to the website. This file should reside in the base directory of one's website. For example, if my website is located in the path '/var/www/mysite.com' and I want to provide user authentication to the entire website, then I will store the file .htaccess in the following location - '/var/www/rootuser/.htaccess '.

[ Note = Here iam using the configuration of apache web server which i have posted earlier ]

1] Create new users and share them access for website.
[root@server ~]# useradd anup
[root@server ~]# passwd anup

[root@server~]# useradd shubham
[root@server ~]# passwd shubham

2] Now create the .htpasswd file which contain the password of user to access web site.
[root@server ~]# htpasswd -cd /etc/httpd/conf/.htpasswd anup
New password:
Re-type new password:

[ Note = Here in above command -c used to Create a new file, -d Force CRYPT encryption of the password. Any number of users and their password may be entered in the same .htpasswd file per website.]

3] Create the .htaccess file which will prohibit the full website which is situated in /var/www/rootuser.
[root@server ~]# vim /var/www/rootuser/.htaccess
AuthUserFile /etc/httpd/conf/.htpasswd
AuthGroupFile /dev/null
AuthName www.rootuser.in
AuthType Basic
require user anup shubham
:wq

[ Note = Here AuthUserFile is the location of .htpasswd file, AuthGroupFile to group file which contain the group of users. Here i don't have any group file hence it points to /dev/null, AuthName is Web site name, AuthType value is Basic that instructs apache to accept basic unencrypted password from remote user's web browser, require user this option tells the apache that only the user whith name anup & shubham have access.
4] Change permission of both file.
[root@server ~]# chmod 600 /etc/httpd/conf/.htpasswd
[root@server ~]# chmod 600 /var/www/html/rootuser/.htaccess

5] Make changes in apache main configuration file i.e. httpd.conf
[root@server ~]# vim /etc/httpd/conf/httpd.conf
From

<Directory /var/www/html/mysite.com/>
...
AllowOverride None
...
</Directory>

To
<Directory /var/www/rootuser/>
...
AllowOverride AuthConfig
...
</Directory>
:wq

6] Restart the apache web server
[root@server ~]# service httpd restart
** Now open the website www.rootuser.in from now any user who visit website will first have to enter username and password to access website.

Web Server Configuration


Introduction:-
Apache HTTP Server is a webserver developed and maintained by The Apache Software Foundation. Apache is the most popular web server, used on more than half of all Internet web servers. Most Linux distributions include Apache. Apache's advantages include its modular design, SSL support, stability and speed. Given the appropriate hardware and configuration it can support the highest loads. On Linux systems, the server configuration is usually done in the /etc/httpd directory. The most important configuration file is httpd.conf.

Requirement:-
  • Package = httpd
  • Service = httpd
  • Port No. = 80
  • Configuration File = /etc/httpd/conf/httpd.conf
Per quest:-
  • Configure IP = 192.168.1.1
  • Configure Virtual IP = 192.168.1.10 & 192.168.1.20
  • Configure Hostname = server.rootuser.in
  • Firewall must be disabled
[ Note = Here www.anup.com on 192.168.1.10 & www.shubham.com on 192.168.1.20 ]

1] Install required package for apache web server.
[root@server ~]# yum install http* -y

2] Edit the /etc/hosts file.
[root@server ~]# vi /etc/hosts [ Insert following lines at the end of file ]
192.168.1.1 www.rootuser.in www
192.168.1.10 www.anup.com www
192.168.1.20 www.shubham.com www
:wq

3] Restart the network service.
[root@server ~]# service network restart
[root@server ~]# chkconfig network on

4] Append the main configuration file.
[root@server ~]# vim /etc/httpd/conf/httpd.conf
NameVirtualHost 192.168.1.1
# Insert following lines at the end of file
<VirtualHost 192.168.1.1:80>
ServerAdmin root@rootuser.in
ServerName www.rootuser.in
DocumentRoot /var/www/html/rootuser
DirectoryIndex index.html
</VirtualHost>
<VirtualHost 192.168.1.10:80>
ServerAdmin root@rootuser.in
ServerName www.anup.com
DocumentRoot /var/www/html/anup
DirectoryIndex index.html
</VirtualHost>
#Following site is port based.
Listen 500
<VirtualHost 192.168.1.20:500>
ServerAdmin root@rootuser.in
ServerName www.shubham.com
DocumentRoot /var/www/html/shubham
DirectoryIndex index.html
</VirtualHost>
:wq

5] Now create the resources for website
[root@server ~]# cd /var/www/html
[root@server html]# mkdir {rootuser,anup,shubham}
[root@server html]# cd rootuser
[root@server rootuser]# cat > index.html
<b bgcolor=pink>Welcome to RootUser.in</b>
^d
[root@server rootuser]# cd .. | cd anup
[root@server anup]# cat > index.html
<b bgcolor=yellow>Welcome to anup.com</b>
^d
[root@server anup]# cd .. | cd shubham
[root@server shubham]# cat > index.html
<b bgcolor=green>Welcome to shubham.com</b>
^d
[root@server shubham]# cd

6] Start the httpd service
[root@server ~]# service httpd start
[root@server ~]# chkconfig httpd on

*Point your browser to following URL:
> www.rootuser.in OR 192.168.1.1
> www.anup.com OR 192.168.1.10
> www.shubham.com OR 192.168.1.20

[ If these website are opening without error then your Apache web server is working properly. ]

Saturday, December 03, 2011

DHCP Server Configuration


Introduction:-
Dynamic Host Configuration Protocol (DHCP) automatically assigns IP addresses and other network configuration information (subnetmask, broadcast address, etc) to computers on a network. A client configured for DHCP will send out a broadcast request to the DHCP server requesting an address. The DHCP server will then issue a "lease" and assign it to that client. The time period of a valid lease can be specified on the server.
  • DHCP assignment:
    • Lease Request: Client broadcasts request to DHCP server with a source address of 0.0.0.0 and a destination address of 255.255.255.255. The request includes the MAC address which is used to direct the reply.
    • IP lease offer: DHCP server replies with an IP address, subnet mask, network gateway, name of the domain, name servers, duration of the lease and the IP address of the DHCP server.
    • Lease Selection: Client recieves offer and broadcasts to DHCP servers that will accept given offer so that other DHCP server need not make an offer.
    • The DHCP server then sends an ack to the client. The client is configured to use TCP/IP.
    • Lease Renewal: When half of the lease time has expired, the client will issue a new request to the DHCP server.
Requirement:-
  • Package = dhcp
  • Service = dhcpd
  • Port No. = 67
  • Configuration File = /etc/dhcpd.conf
Per quest:-
  • Configure IP = 192.168.1.1
  • Configure Hostname = server.rootuser.in
  • Firewall must be disabled.
1] Install required package
[root@server ~]# yum install dhcp* -y

2] Copy the new sample file and paste it under /etc directory
[root@server ~]# cp /usr/share/dhcp-3.0.5/dhcpd.conf.sample /etc/dhcpd.conf

3] Edit the dhcpd.conf file as follows: ( Make changes which are denoted in BOLD format)
[root@rootuser ~]# vi /etc/dhcpd.conf
ddns-update-style interim;
ignore cient-updates;

subnet 192.168.1.0 netmask 255.255.255.0 {

option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
options nis-domain “domain.org”;
option domain-name “rootuser.in”;
option domain-name-servers 192.168.1.1;

option time-offset -1800; # Eastern
# option ntp-servers 192.168.1.1;
# option netbios-name-servers 192.168.1.1;
# --- Selects point-to-point node ( default is hybrid )
# -- You understand Netbios very well
# option netbios-node-type 2;

range dynamic-bootp 192.168.1.10 192.168.1.100;
default-lease-time 21600;
max-lease-time 43200;
# we want to nameserver to appear at a fixed address
host client {
next-server client.rootuser.in;
hardware ethernet 12:AH:CD:78:43:GI;
fixed-address 192.168.1.50;
}
:wq

4] Crete one blank file to store allocated ip address to client
[root@server ~]# touch /var/lib/dhcpd/dhcp.ip

5] Start dhcp service
[root@server ~]# service dhcpd start
[root@server ~]# chkconfig dhcpd on

DHCP Client Side:-
1] Set the ip address to dynamic from LAN card properties
[client@server~]# setup
Select the Network configureation --> Select Edit Network Devices --> Select device eth0 --> Select option Use DHCP [ * ] --> Then Ok --> Quit --> Save&quit --> Quit

2] Restart network service
[root@server ~]# service network restart
[root@server ~]# chkconfig network on

3] Now check IP address for eth0 device
[root@server ~]# ifconfig eth0

NFS Server Configuration


Introduction:-
NFS stands for Network File System. NFS protocol used for sharing files between computer network. NFS allowes to mount files on remote computer as well as on local computer. For NFS server the server machine and client machine both are must be Linux OS, NFS does not support Windows machine because Windows is not NFS compatible. The NFS server shares one or more directories to client system.

Requirements:-
  • Package = nfs
  • Service = nfs
  • Port No. = 2049
  • Configuration File = /etc/exports
Per quest:-
  • Configure Server IP = 192.168.1.1
  • Configure Client IP = 192.168.1.2
  • Confiugre Server Hostname = server.rootuser.in
  • Configure Client Hostname = client.rootuser.in
  • Firewall must be disabled.
1] Install required package
[root@server ~]# yum install nfs* -y

2] Create one new directory to share it using NFS server
[root@server ~]# mkdir /data
[root@server~]# cd /data
[root@server data]# touch anup1 anup2 anup3 anup4 anup5
[root@server data]# cd

3] Grant full permissions to data directory.
[root@server ~]# chmod 777 /data

4] Open main configuration file i.e. /etc/exports and share /data directory to 192.168.1.0 network
[root@server~]# vim /etc/exports
/data 192.168.1.0/255.255.255.0(rw,sync) #Here rw means r for read & w for write
#You can allow data directory to specific IP als.
/data 192.168.1.50/255.255.255.0(rw,sync)
#You can insert entry for data directory by following way
/data *(rw,sync)
/data *(ro,sync)
/data client.rootuser.in(rw,sync) #Share directory using Hostname
:wq
5] Now start NFS service
[root@server ~]# service nfs start
[root@server ~]# chkconfig nfs on

6] Update exports file entries
[root@server ~]# exportfs -r

NFS Client Side:-
1] Check communication with NFS Server
[root@client ~]# ping 192.168.1.1

2] Check NFS server exports list
[root@client ~]# showmount -e 192.168.1.1

3] Create mount point to mount shared directory
[root@client ~]# mkdir /testnfs

4] Now mount shared directory.
[root@client ~]# mount -t nfs 192.168.1.1:/data /testnfs
[root@client ~]# cd /testnfs
[root@client testnfs]# ls
[root@client testnfs]# cat > testfile
This is test file from client.
^d
[root@client testnfs]# cd

[ Note = In this way you can use shared directory. But this directory will be available till system is up, it will not availabe after system reboot. To keep it available after reboot use following way: ]
[root@client ~]# vim /etc/fstab (Go to end of the file and make following entry)
192.168.1.1:/data      /testnfs      nfs      defaults     0 0
:wq
[root@client ~]# mount -a

[ Reboot computer using reboot command and check /testnfs directory]

Friday, December 02, 2011

Samba Server Configuration


Introduction:-
Samba is a software suite that provides file and print sharing services to SMB/CIFS clients. Samba is freely available and it supports Linux/Unix and Windows clients. Samba allows other computer platforms, such as Mac OS, Unix, Linux, IBM System 390 with Windows computers on the same network. Samba includes sharing files and sharing devices such as printer connected to other computers within the local network.

Requirement:-
  • Package = samba
  • Service = smb
  • Port No. = 445
  • Configuration File = /etc/samba/smb.conf
Per quest:-
  • Configure IP = 192.168.1.1
  • Hostname = server.rootuser.in
  • Firewall should be off on server.
1] Install required packages
[root@server ~]# yum install samba* -y

2] Create one new user
[root@server ~]# useradd anup
[root@server~]# passwd anup

3] Create new directory that will host Samba share and grant it full permission.
[root@server ~]# mkdir /mydata
[root@server ~]# chmod 777 mydata

4] Create some files under mydata directory
[root@server ~]# cd /mydata
[root@servermydata]# touch a1 n2 u3 p4
[root@server mydata]# cd

5] Now add anup user to Samba user
[root@server ~]# smbpasswd -a anup
New SMB password:
Retype new SMB password:

6] Use following command to confirm user was added to the samba database
[root@server ~]# pdbedit -w -L

7] Edit main configuration file
[root@server ~]# vim /etc/samba/smb.conf
#By default name of workgroup is MYGROUP you can change to desire name.
workgroup = rootuser
#Remove hash from follwing line and edit as follows
hosts allow 192.168.1.0/24
#Go to end of the file and type as follows:
[mydata]
comment = mysamba
path = /mydata #samba share directory name
public = no #Can not be used by pulic users
browseable = yes
valid users = anup #Only user anup can use samba share
:wq

8] Set Selinux security related options
[root@server ~]# chcon -t samba_shared_t /mydata

9] Use following command to check smb.conf file parameter
[root@server ~]# testparm

10] Start the smb service and make it permanent
[root@server~]# service smb start
[root@server ~]# chkconfig smb on

Client Side Configuration:-
1] Check communication with Samba server
[anup@server ~]$ ping 192.168.1.1

2] Create one directory to store downloaded files.
[anup@server~]$ mkdir /client

3] Now try to connect to Samba server
[anup@server ~]$ smbclient //192.168.1.1/mydata -U anup
Password:
smb:\> ls
smb:\> get a1
smb:\> exit
OR
4] You can also mount samba share directory
[anup@server ~]# smbmount 192.168.1.1:/mydata /client -o username=anup

Windows client side configuration:-
1] Check communication with Samba server
cmd\> ping 192.168.1.1

2] Change computer name to windowsclient and change workgroup to rootuser
Right click on My Computer --> Select Properties --> Click the Computer Name Tab --> Select Change button --> Type the computer name in given filed and type the workgroup name in workgroup filed.

3] After reboot open Go to Start --> Select Search option --> then search Samba server with it's ip