This guide will show you how to use mod_auth_mysql with Apache 2 and Debian.

Firstly if you haven't alrteady done so throw some of the essentials on such as Apache 2 !"! # $y%&'

apt(get install libapache2(mod(php mysql(server php#(mysql libapache2(mod(auth( mysql

)e*t we need to enable the module+ unli,e Apache -+ we don't need to modify any configuration files to add sometype of 'oad$odule statement+ simply.

cd etc apache2 mods(enabled

ln (s etc apache2 mods(available auth_mysql.load .

)e*t we need to set the root password for $y%&'

mysqladmin (u root password /password0

Then we need to login into $y%&'

mysql (uroot (p

mysql0 grant all on auth.1 to auth_user2localhost identified by '/password0'3

mysql0 flush privileges3

mysql0 create database auth3

456AT6 TA7'6 8clients8 9 8username8 varchar92:; )<T )='' default ''+ 8passwd8 varchar92:; )<T )='' default ''+ 8groups8 varchar92:; )<T )='' default ''+ !5>$A5? @6? 98username8;+ @6? 8groups8 98groups8; ; 6)A>)6B$y>%A$ D6FA='T 4"A5%6TBlatin-3

>)%65T >)T< 8clients8 CA'=6% 9'/username0'+ '/password0'+ '/group0';3

4hanging /username0+ /password0 and /group0 accordingly.

)e*t we need to modify our Apache 2 configuration.

vi etc apache2 apache2.conf

Add the following line to the end of this file

Auth_$y%&'_>nfo localhost /auth_user0 /password0

/Directory D/web directory0D0 <ptions E>nde*es Follow%ym'in,s $ultiCiews Allow<verride Auth4onfig <ptions File>nfo 'imit <rder allow+deny

Allow from all / Directory0

AdFusting /auth_user0+ /password0 and /web directory0 for the directories you wish to be processed by Apache containing .htaccess files with the relevant directives information.

5estart Apache 2

apache2ctl restart

Finally place an .htaccess file in the directory you wish to protect using mod_auth_mysql. >t needs to contain the following structure.

Auth$?%&' on Auth$y%&'_Authoritative on Auth$y%&'_D7 auth Auth$y%&'_!assword_Table clients Auth$y%&'_Aroup_Table clients Auth$y%&'_6mpty_!asswords off Auth$y%&'_6ncryption_Types !lainte*t 4rypt_D6%

Auth)ame D/description0D AuthType 7asic

/'imit A6T !<%T0

require group /group0 / 'imit0

Gith that file in place it will chec, the group field in the $y%&' and authenicate any users that belong to that particular group+ require group can be changed to require a valid user instead if required and multiple groups can be allowed by simply adding a space after the last group to the file loo,s li,e.

Auth$?%&' on Auth$y%&'_Authoritative on Auth$y%&'_D7 auth Auth$y%&'_!assword_Table clients Auth$y%&'_Aroup_Table clients Auth$y%&'_6mpty_!asswords off Auth$y%&'_6ncryption_Types !lainte*t 4rypt_D6%

Auth)ame D/description0D AuthType 7asic

/'imit A6T !<%T0 require group /group-0 /group20 / 'imit0

This page is released into the public domain.

Apache+ Authentication and $y%&'

by Alistair $iles

> Fust spent a couple of hours trying to configure an Apache 2.2 server to do 7A%>4 authentication using a $y%&' database of usernames and passwords. The standard way to do this is via the mod_auth_mysql module+ but much of the documentation on the web is out of date or has some hidden gotchas. "ere is what > got to wor,.

For reference+ >Hm using =buntu -I.I# with all software installed via A!T 9apache2+ mysql(server+ libapache2(mod(auth(mysql;.

To install mod_auth_mysqlJ

K sudo apt(get install libapache2(mod(auth(mysql K sudo a2enmod auth_mysql The biggest gotcha is that the configuration documentation for mod_auth_mysql is badly out of date. There have been some substantial changes to the configuration parameter names since that was written+ although > could not find any definitive documentation of the new configuration parameters. There are a couple of other gotchas in there too+ >Hll come to those in a minute.

7efore configuring Apache+ > set up a test database of usernames and passwords. This is what > didJ

K mysql (uroot (p mysql0 grant all on auth.1 to auth_user2localhost identified by 'LLL'3 mysql0 flush privileges3 mysql0 create database auth3 mysql0 use auth3 456AT6 TA7'6 user_info 9 user_name 4"A59-II; )<T )=''+ user_passwd 4"A59-II; )<T )=''+ !5>$A5? @6? 9user_name; ;3

>)%65T >)T< 8user_info8 CA'=6% 9'test'+ $D:9'test';;3 456AT6 TA7'6 user_group 9 user_name char9-II; )<T )=''+ user_group char9-II; )<T )=''+ !5>$A5? @6? 9user_name+user_group; ;3 >)%65T >)T< 8user_group8 CA'=6% 9'test'+ 'test(group';3 )ote the length of the user_password field. -II characters is probably more than needed+ but you will definitely need more than the 2I characters suggested in some documentation if you want to use a password hash li,e $D:. 9>f the field is too short+ then password hashes will get truncated when theyHre inserted into the database.;

Then > configured mod_auth_mysql to authenticate users for my whole domain. >n the appropriate virtual host configuration file 9e.g.+ etc apache2 sites(enabled III(default; > added the followingJ

/'ocation 0

M these lines force authentication to fall through to mod_auth_mysql Auth7asicAuthoritative <ff Auth=serFile dev null

M begin auth_mysql configuration Auth$y%&' <n Auth$y%&'_"ost localhost Auth$y%&'_=ser auth_user Auth$y%&'_!assword LLLL Auth$y%&'_D7 auth Auth$y%&'_!assword_Table user_info Auth$y%&'_=sername_Field user_name Auth$y%&'_!assword_Field user_passwd Auth$y%&'_6mpty_!asswords <ff

Auth$y%&'_6ncryption_Types !"!_$D: Auth$y%&'_Authoritative <n MAuth$y%&'_)on_!ersistent <ff MAuth$y%&'_Aroup_Table user_group MAuth$y%&'_Aroup_Field user_group

M generic auth configuration AuthType 7asic Auth)ame Dauth_mysql testD 5equire valid(user

/ 'ocation0 )ote the N!"!_$D:O encryption type. 9%ome of the documented encryption types donHt seem to be available+ e.g.+ N$D:O.;

ThenP

K sudo apache2ctl (t M chec, synta* K sudo apache2ctl restart Then when browsing to the host+ > get an authentication challenge+ and can log in with username NtestQ and password NtestQ.

=sing mod_authn_dbd >nstead

There is another way to get Apache to use a relational database to loo, up usernames and passwords when authenticating R mod_authn_dbd. That module seems more current and has up(to(date documentation+ see e.g.+ the Apache 2.2 mod_authn_dbd module docs and the Apache 2.2 docs on password encryption.

)ote however that you cannot use normal $D: encryption to store passwords in the database with this module. >f you want to use $D: you have to use the special Apache $D: algorithm.

Also note that to get this wor,ing with $y%&' you will need to install the $y%&' driver for D7D+ which you can do via A!T.

K sudo apt(get install libaprutil-(dbd(mysql >f you get a message li,e ND7D. 4anHt load driver file apr_dbd_mysql.soQ then this is what you need to do R donHt believe the articles that tell you you need to recompile A!5 .;

5ed "at 4ent<% >nstall mod_security Apache >ntrusion Detection And !revention 6ngine by )>L 45AFT on $A? S+ 2IIS T -# 4<$$6)T%T 'A%T =!DAT6D $A? S+ 2IIS in A!A4"6+ 46)T<%+ )6TG<5@>)A

"ow do > install $od%ecurity ( an open source intrusion detection and prevention engine for web applications under 4ent<% 5"6' 5ed "at 6nterprise 'inu* :.* serverU

$od%ecurity operates embedded into the web server 9httpd;+ acting as a powerful umbrella ( shielding web applications from attac,s. >n order to use mod_security+ you need to turn on 6!6' repo under 4ent<% 5"6' 'inu*. <nce repo is turned on+ type the following command to install $od%ecurity. M yum install mod_security

%ample output.

'oaded plugins. downloadonly+ fastestmirror+ priorities+ protectbase 'oading mirror speeds from cached hostfile 1 epel. www.gtlib.gatech.edu 1 base. mirror.s,iplin,.com 1 updates. centos.aol.com 1 addons. mirror.cs.vt.edu 1 e*tras. mirror.trouble(free.net I pac,ages e*cluded due to repository protections %etting up >nstall !rocess !arsing pac,age install arguments 5esolving Dependencies ((0 5unning transaction chec, (((0 !ac,age mod_security.*VW_W# I.2.:.S(-.el: set to be updated ((0 Finished Dependency 5esolution Dependencies 5esolved BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBBBBBBBBBB !ac,age 5epository Arch %iXe Cersion

BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBBBBBBBBBB >nstalling. mod_security epel *VW_W# SY: , 2.:.S(-.el:

Transaction %ummary BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBBBBBBBBBB >nstall =pdate 5emove - !ac,age9s; I !ac,age9s; I !ac,age9s;

Total download siXe. SY: , >s this o, Zy )[. y Downloading !ac,ages. mod_security(2.:.S(-.el:.*VW_W#.rpm \ SY: ,7 II.II 5unning rpm_chec,_debug 5unning Transaction Test Finished Transaction Test Transaction Test %ucceeded 5unning Transaction >nstalling . mod_security Z- -[

>nstalled. mod_security.*VW_W# I.2.:.S(-.el: 4omplete] mod_security configuration files

etc httpd conf.d mod_security.conf ( main configuration file for the mod_security Apache module. etc httpd modsecurity.d ( all other configuration files for the mod_security Apache. etc httpd modsecurity.d modsecurity_crs_-I_config.conf ( 4onfiguration contained in this file should be customiXed for your specific requirements before deployment. var log httpd modsec_debug.log ( =se debug messages for debugging mod_security rules and other problems.

var log httpd modsec_audit.log ( All requests that trigger a $od%ecurity events 9as detected; or a serer error are logged 9D5elevant<nlyD; are logged into this file. <pen etc httpd modsecurity.d modsecurity_crs_-I_config.conf file+ enter. M vi etc httpd modsecurity.d modsecurity_crs_-I_config.conf

$a,e sure %ec5ule6ngine set to D<nD to protect webserver for the attac,s.

%ec5ule6ngine <n Turn on other required options and policies as per your requirements. Finally+ restart httpd. M service httpd restart

$a,e sure everything is wor,ing. M tail (f var log httpd error_log

%ample output.

Z%at $ay IS 2Y.-V.Y- 2IIS[ Znotice[ caught %>AT65$+ shutting down Z%at $ay IS 2Y.-V.YY 2IIS[ Znotice[ su6L64 mechanism enabled 9wrapper. usr sbin sue*ec; Z%at $ay IS 2Y.-V.Y# 2IIS[ Znotice[ $od%ecurity for Apache 2.:.S 9http. www.modsecurity.org ; configured. Z%at $ay IS 2Y.-V.Y# 2IIS[ Znotice[ <riginal server signature. Apache 2.2.Y 94ent<%; Z%at $ay IS 2Y.-V.Y# 2IIS[ Znotice[ Digest. generating secret for digest authentication ... Z%at $ay IS 2Y.-V.Y# 2IIS[ Znotice[ Digest. done Z%at $ay IS 2Y.-V.Y: 2IIS[ Znotice[ Apache 2.2.I 9Fedora; configured (( resuming normal operations 5efer mod_security documentations to understand security policies.

TwitterFaceboo,AoogleE!DF versionFound an error typo on this pageU "elp us] Featured Articles. YI 4ool <pen %ource %oftware > Discovered in 2I-Y YI "andy 7ash %hell Aliases For 'inu* =ni* $ac <% L Top YI )map 4ommand 6*amples For %ys )etwor, Admins 2: !"! %ecurity 7est !ractices For %ys Admins 2I 'inu* %ystem $onitoring Tools 6very %ysAdmin %hould @now 2I 'inu* %erver "ardening %ecurity Tips 'inu*. 2I >ptables 6*amples For )ew %ysAdmins Top 2I <pen%%" %erver 7est %ecurity !ractices Top 2I )gin* Geb%erver 7est %ecurity !ractices 2I 6*amples. $a,e %ure =ni* 'inu* 4onfiguration Files Are Free From %ynta* 6rrors -: Areatest <pen %ource Terminal Applications <f 2I-2 $y -I =)>L 4ommand 'ine $ista,es Top -I <pen %ource Geb(7ased !roFect $anagement %oftware Top : 6mail 4lient For 'inu*+ $ac <% L+ and Gindows =sers The )ovice Auide To 7uying A 'inu* 'aptop

5ed "at 6nterprise 'inu* 4ent<% 'inu* 6nable 6!6' 96*tra !ac,ages for 6nterprise 'inu*; 5epository by )>L 45AFT on A=A=%T 2I+ 2IIV T -: 4<$$6)T%T 'A%T =!DAT6D <4T<765 -:+ 2I-Y in 46)T<%+ !A4@AA6 $A)AA6$6)T+ 56D"AT A)D F5>6)D% "ow do > enable 6!6' 96*tra !ac,ages for 6nterprise 'inu*; repo and install the pac,ages under 5"6' 4ent<% 'inu* server systemsU

6!6' 96*tra !ac,ages for 6nterprise 'inu*; is a volunteer(based community effort from the Fedora proFect to create a repository of high(quality add(on pac,ages that complement the Fedora(based 5ed "at 6nterprise 'inu* 95"6'; and its compatible spinoffs+ such as 4ent<% and %cientific 'inu*. Tutorial details Difficulty 6asy 9rss; ?es

5oot privileges 5equirements )one

6stimated completion time

-Im

6!6' provide lots of pac,ages for 4ent<% 5"6'+ >t is not part of 5ed"at or 4ent<% but is designed to wor, with these maFor distributions. !lease note that 6!6' only provides free and open source software unencumbered by patents or any legal issues. >n short you will not find mpY+ dvd and music media player under 6!6'. "owever+ you will find many programs related to networ,ing+ monitoring+ sys admin+ programming and so on. !ac,ages are supplied in 5!$ format and in most cases are ready to use. 7eware that some pac,ages may brea, something and you should not blindly install those pac,ages.

"ow Do > 6nable 6!6' 5epo under 4ent<% or 5"6' %erversU

?ou need to type the following command as per your distro version release.

5"6' :.* 4ent<% :.* =sers

Type the following command as root user to install repo. M rpm (=vh http. download.fedoraproFect.org pub epel : iYVW epel(release(:( #.noarch.rpm

5"6' W.* 4ent<% W.* =sers

Type the following command as root user to install repo. M rpm (=vh http. download.fedoraproFect.org pub epel W iYVW epel(release(W( V.noarch.rpm

!rotect 7ase !ac,ages

?ou need to to protect base and core pac,ages from 6!6' and other repositories. Type the following command under 5"6' W 4ent<% W.

)ote for 5") 95ed "at; users. ?ou need to also enable the 'optional' repository to use 6!6' pac,ages as they depend on pac,ages in that repository. This can be done by enabling the 5"6' optional subchannel for 5")(4lassic. For certificate(based subscriptions see 5"6' Deployment Auide

M yum install yum(plugin(protectbase.noarch

%ample outputs.

'oaded plugins. product(id+ rhnplugin+ subscription(manager =pdating certificate(based repositories. %etting up >nstall !rocess 5esolving Dependencies ((0 5unning transaction chec, (((0 !ac,age yum(plugin(protectbase.noarch I.-.-.YI(-I.elW will be installed ((0 Finished Dependency 5esolution Dependencies 5esolved BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB !ac,age Arch Cersion 5epository %iXe

BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB >nstalling. yum(plugin(protectbase 2I , Transaction %ummary BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB >nstall - !ac,age9s; noarch -.-.YI(-I.elW rhel(*VW_W#(server(optional(W

Total download siXe. 2I , >nstalled siXe. I >s this o, Zy )[. y Downloading !ac,ages. yum(plugin(protectbase(-.-.YI(-I.elW.noarch.rpm 5unning rpm_chec,_debug 5unning Transaction Test Transaction Test %ucceeded 5unning Transaction >nstalling . yum(plugin(protectbase(-.-.YI(-I.elW.noarch >nstalled products updated. >nstalled. yum(plugin(protectbase.noarch I.-.-.YI(-I.elW 4omplete] 5"6' : 4ent<% : user type the following command to protect pac,ages. M yum install yum(protectbase.noarch -\ 2I ,7 II.II

This plugin allows certain repositories to be protected. !ac,ages in the protected repositories can't be overridden by pac,ages in non(protected repositories even if the

non(protected repo has a later version.

"ow Do > =se 6!6' 5epoU

To list newly installed repo+ enter. M yum repolist

%ample output.

'oading Ds,ip(bro,enD plugin 'oading DfastestmirrorD plugin repo id addons base epel e*tras updates repo name 4ent<%(: ( Addons 4ent<%(: ( 7ase status enabled enabled

6*tra !ac,ages for 6nterprise 'inu* : ( enabled 4ent<%(: ( 6*tras 4ent<%(: ( =pdates enabled enabled

)ow+ use the yum command to list+ view and install the pac,ages. M yum search pac,age(name M yum install pac,age(name

%ee how to use yum command for installing and searching pac,ages using various repos.

F=5T"65 56AD>)A%. 6!6' !roFect

!revent Do% 7rute(Force attac,s by installing and configuring ApacheHs mod_evasive in Aentoo+ Debian+ 4ent<%+ Arch 'inu* and =buntu 'eave a reply "ow to install and configure mod_evasive on Arch'inu* C!%+ Debian C!%+ =buntu C!%+ 4ent<% C!%Ghat is mod_evasiveU

mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an "TT! Do% or DDo% attac, or brute force attac,. >t is also designed to be a detection and networ, management tool+ and can be easily configured to tal, to ipchains+ firewalls+ routers+ etc. mod_evasive presently reports abuses via email and syslog facilities.

The following article is all about how to install and configure mod_evasive on the following gnu linu* distributions running on our virtual private servers.

>nstallation on Debian >nstallation on =buntu >nstallation on 4ent<% : >nstallation on 4ent<% W >nstallation on Arch 'inu* >nstallation on Aentoo %o+ letHs start by following the above un(ordered list.

B0 >nstallation on Debian =buntu

The installation of mod_evasive in a Debian =buntu based C!% is identical. 7efore we

go any steps further with the installation+ ma,e sure you have an up(to date system by issuing.

M apt(get update ^^ apt(get upgrade ((show(upgraded )e*t+ install ApacheHs module mod_evasive by e*ecuting.

M apt(get install libapache2(mod(evasive (y <nce the installation is finished+ e*ecute the following commands to configure Apache to use mod_evasive module.

M cat 00 etc httpd conf.d mod_evasive.conf //6<F />f$odule mod_evasive2I.c0 D<%"ashTable%iXe YIS_ D<%!age4ount : D<%%ite4ount :I D<%!age>nterval D<%%ite>nterval D<%7loc,ing!eriod WI D<%6mail)otify your2email.com D<%'ogDir var log apache2 evasive / >f$odule0 6<F M chown www(data. (5 var log apache2 M etc init.d apache2 restart B0 >nstallation on 4ent<% :

First+ ma,e sure your 4ent<% : C!% is fully up to date by e*ecuting.

M yum update (y then proceed with adding the 6!6' repository to your 4ent<% : so you can install mod_evasive through yum.

M rpm (=vh ftp. ftp.pbone.net mirror download.fedora.redhat.com pub fedora epel : iYVW epel( release(:(#.noarch.rpm <nce it is added+ protect the base pac,ages from 6!6'.

M yum install yum(protectbase.noarch (y 5efresh the repositories using.

M yum update (y and finally install mod_evasive by e*ecuting.

M yum install mod_evasive (y Then+ proceed with configuring Apache to use the mod_evasive module.

M echo (e DMMM '<AD 6CA%>C6 MMM`n'oad$odule evasive2I_module ` modules mod_evasive2I.so`nMMM`nD 0 etc httpd conf.d mod_evasive.conf M cat 00 etc httpd conf.d mod_evasive.conf //6<F />f$odule mod_evasive2I.c0 D<%"ashTable%iXe YIS_ D<%!age4ount : D<%%ite4ount :I D<%!age>nterval -

D<%%ite>nterval D<%7loc,ing!eriod WI D<%6mail)otify your2email.com D<%'ogDir var log httpd evasive / >f$odule0 6<F M chown apache. (5 var log httpd M etc init.d httpd restart B0 >nstallation on 4ent<% W

7efore installing mod_evasive on your 4ent<% W C!%+ ma,e sure your operating system is fully up(to date by running.

M yum update (y then proceed with adding the 6!6' repository to your 4ent<% W so you can install mod_evasive through yum.

M rpm (=vh ftp. ftp.pbone.net mirror download.fedora.redhat.com pub fedora epel W iYVW epel( release(W(V.noarch.rpm <nce it is added+ protect the base pac,ages from 6!6'.

M yum install yum(plugin(protectbase.noarch (y 5efresh the repositories using.

M yum update (y and finally install mod_evasive by e*ecuting.

M yum install mod_evasive (y Then+ proceed with configuring Apache to use the mod_evasive module.

M echo (e DMMM '<AD 6CA%>C6 MMM`n'oad$odule evasive2I_module ` modules mod_evasive2I.so`nMMM`nD 0 etc httpd conf.d mod_evasive.conf M cat 00 etc httpd conf.d mod_evasive.conf //6<F />f$odule mod_evasive2I.c0 D<%"ashTable%iXe YIS_ D<%!age4ount : D<%%ite4ount :I D<%!age>nterval D<%%ite>nterval D<%7loc,ing!eriod WI D<%6mail)otify your2email.com D<%'ogDir var log httpd evasive / >f$odule0 6<F M chown apache. (5 var log httpd M etc init.d httpd restart B0 >nstallation on Arch 'inu*

%ince mod_evasive is in A=5 9Archlinu* =ser 5epository; you need to build the pac,age and then install it via apacmanH. This can be accomplished either by using some A=5 wrapper li,e apac,erH+ ayaourtH+ acowerH etcJ or by building the pac,age manually via ma,ep,g and then installing it via apacmanH.

Ge are going to use the ama,ep,gH method here because those wrappers are all based on ama,ep,gH and apacmanH+ so create the build directory.

M m,dir (p home build ^^ cd home build download the tar pac,age containing the !@A7=>'D for mod_evasive.

M wget http. aur.archlinu*.org pac,ages mo mod_evasive mod_evasive.tar.gX e*tract the tarball and change to the e*tracted directory by e*ecuting.

M tar X*vf mod_evasive.tar.gX ^^ cd mod_evasive before you proceed with building the pac,age+ ma,e sure you have A44 installed on your Arch 'inu* C!%.

M pacman (%y gcc then proceed with building and installing the mod_evasive pac,age.

M ma,ep,g (si ((asroot <nce the installation is finished+ proceed with creating a configuration for mod_evasive by e*ecuting.

M echo ''oad$odule evasive2I_module modules mod_evasive2I.so' 0 etc httpd conf e*tra mod_evasive.conf M cat 00 etc httpd conf e*tra mod_evasive.conf //6<F />f$odule mod_evasive2I.c0 D<%"ashTable%iXe D<%!age4ount D<%%ite4ount D<%!age>nterval D<%%ite>nterval YIS_ : :I -

D<%7loc,ing!eriod WI D<%6mail)otify D<%'ogDir / >f$odule0 6<F M echo (e DM >nclude mod_evasive options`n>nclude conf e*tra mod_evasive.confD 00 etc httpd conf httpd.conf M rc.d restart httpd B0 >nstallation on Aentoo 'inu* your2email.com var loc, mod_evasive

Firstly+ it is recommended to update the aportageH tree by e*ecuting.

M emerge ((sync <nce the tree is updated+ you need to compile the mod_evasive module using aemergeH. 7efore doing that+ a a,eywordH needs to be added for the pac,age so if youHre on a *VW architecture e*ecute the command below+ else replace a*VWb with aamdW#b.

M echo 'Bwww(apache mod_evasive(-.-I.- c*VW' 00 etc portage pac,age.accept_,eywords with that in place+ compile the module using.

M emerge (av www(apache mod_evasive once the pac,age is compiled and installed+ run.

M revdep(rebuild and then proceed with creating mod_evasiveHs configuration.

M cat 0 etc apache2 modules.d -I_mod_evasive.conf //6<F

/>fDefine 6CA%>C60 'oad$odule evasive_module modules mod_evasive.so D<%"ashTable%iXe YIS_ D<%!age4ount : D<%%ite4ount :I D<%!age>nterval D<%%ite>nterval D<%7loc,ing!eriod WI D<%6mail)otify your2email.com D<%'ogDir var log apache2 evasive / >fDefine0 6<F M chown apache. (5 var log apache2 )e*t+ you need to tell your Apache to use the newly compiled mod_evasive module. >n Aentoo this can be done by editing a etc conf.d apache2b and adding a(D 6CA%>C6H to aA!A4"62_<!T%H+ for e*ample.

A!A4"62_<!T%BD(D D6FA='T_C"<%T (D !"!: (D 6CA%>C6D finally+ restart apache for the changes to ta,e effect.

M etc init.d apache2 restart !%. >f you li,ed this post please share it with your friends on the social networ,s using the buttons on the left or simply leave a reply below. Than,s.

This entry was posted in Tutorials and tagged apache+ archlinu*+ attac,s+ bruteforce+ centos+ debian+ dos+ gentoo+ mod_evasive+ ubuntu on %eptember -W+ 2I-2. !ost navigation "ow to >nstall 5uby -.S.Y and 5ubygems -.V.2# on 4ent<% W.2>nstall and 4onfigure openD@>$ on Debian %queeXe

'eave a 5eply

"ow to mitigate from DDo% with mod_security and mod_evasive on 4entos W? posted on 2I-Y-IS---

<ne of my website hosted on cloud server was recently hit by a S$bps DDo%, and the apache web server runs out of memory and crashed. The attac, began about Y wee,s ago, and it's still being targeted with no sign of slowdown. >'ve ta,en a number of mitigation steps, and the mod_security with the mod_evasive mitigated the problem. =se of mod_security and mod_evasive will mitigate the DDo% to the e*tent where 4!=, $emory and 7andwidth are allowed; and in my case a single 4ent<% server with 2A7 5A$ was sufficient. >f your server cannot handle amount of attac, caused by DDo%, you may have to setup a loadbalancer with adequate number of nodes.

-. >nstall $od %ecurity Apache $odule.

# >nstall $od %ecurity yum install mod_security # Download latest <GA%! ruleset from the site below. # http://spiderlabs.github.io/owasp-modsecurity-crs/ tar *fX %pider'abs-owasp-modsecurity-crs-2.2.V-I-gIfI_cbb.tar.gX # 5emove the one that was installed by the binary mod_security pac,age. rm -rf /etc/httpd/modsecurity.d mv %pider'abs-owasp-modsecurity-crs-2.2.V-I-gIfI_cbb /etc/httpd/modsecurity.d # 6dit the /etc/httpd/conf.d/mod_security.conf 2. >nstall mod_evasive Apache $odule.

# Ge are going to build mod_evasive binary from the source. yum install gcc ma,e lib*ml2 lib*ml2-devel httpd-devel pcre-devel curl-devel

# >nstall mod_evasive. cd /usr/src wget http://www.XdXiars,i.com/blog/wpcontent/uploads/2I-I/I2/mod_evasive_-.-I.-.tar.gX tar *Xf mod_evasive_-.-I.-.tar.gX cd mod_evasive

# )ow, you need to find where ap*s is installed. rpm -ql httpd-devel |grep ap*s # /usr/sbin/ap*s // <utput from the command above /usr/sbin/ap*s -cia mod_evasive2I.c #'ibraries have been installed in: # /usr/libW#/httpd/modules # Add the following bloc, in the /etc/httpd/conf/httpd.conf # mod_evasive <>f$odule mod_evasive2I.c> D<%"ashTable%iXe D<%!age4ount D<%%ite4ount D<%!age>nterval D<%%ite>nterval 2 :I YIS_

D<%7loc,ing!eriod WI # >f you wish to receive email notification, modify & uncomment below. #D<%6mail)otify notify2mydomain.com </>f$odule>

# 5estart Apache service httpd restart To give you a more information about my DDo% e*perience, >'ve initially setup a load balancer from 'inode with : nodes and that wasn't sufficient to handle the bot traffic. The trouble was that Apache would run D<ut of $emoryD due to fa,e bot traffic, and no user traffic were served. > thought it was the Apache @iller, which caused my Apache to crash but that wan't the case as my version of Apache was patched and yet > was e*periencing the same problem.

To alleviate D<ut of $emoryD problem, >'ve also tried )gin* setup but ngin* wasn't able to handle the traffic either. Gith a load balancer with : nodes of )gin* servers, the webapp was throwing :IY %ervice =navailable although > wasn't seeing the D<ut of $emoryD error.

>, then tried DDo% mitigation service provided by >ncapsula, which too, only :-minutes to setup. To mitigate DDo%, > had to signup with a _-day Trial of 7usiness+ !lan. >ncapsula's DDo% mitigation service wor,ed great, but it would cost me K2SS per month if > wish to continue. As the website being under attac, wasn't generating enough dollars to pay for this type lu*ury service, > had to see, an alternative and mod_security with mod_evasive was the answer. "ere is the DDo% stats collected from >ncapsula.

TAA%:

Web Development - Install n! mo"_se#$% t& ' t( )W*+,

*p% l -., -/01 ,oste" b& 2assan"%a Wol33 n Development, 4 ps an" 4% #5s

6o$ 'ant to se#$%e &o$% 'eb appl #at on, b$t &o$ "on7t 5no' '(e%e to sta%t. * n$mbe% o3 openso$%#e %eso$%#es an" mo"$les e8 st, b$t t(at va% et& s mo%e nt m "at n! t(an t s l be%at n!. I3 &o$7%e !o n! to ta5e t(e t me to mplement appl #at on se#$% t&, &o$ "on7t 'ant to p$t &o$% e!!s n t(e '%on! bas5et, so &o$ ' n" $p s$33e% n! 3%om anal&s s pa%al&s s as &o$ #ompa%e all o3 t(e opt ons. 6o$ 'ant a po'e%3$l, 3le8 ble se#$% t& sol$t on t(at sn7t ove%l& #omple8, so to save &o$ t(e (ea"a#(e o3 ma5 n! t(e "e# s on, I7ll ma5e t 3o% &o$: +ta%t ' t( mo"_se#$% t& an" )W*+,.

9o"+e#$% t& :mo"_se#$% t&; s an open-so$%#e *pa#(e mo"$le t(at a#ts as a 'eb appl #at on 3 %e'all. It s $se" to (elp p%ote#t &o$% se%ve% :an" 'ebs tes; 3%om seve%al met(o"s o3 atta#5, most #ommon be n! b%$te 3o%#e. 6o$ #an t( n5 o3 mo"_se#$% t& as an nv s ble la&e% t(at sepa%ates $se%s an" t(e #ontent on &o$% se%ve%, <$ etl& mon to% n! =44, t%a33 # an" ot(e% nte%a#t ons. It7s eas& to $n"e%stan" an" s mple to mplement.

4(e #(allen!e s t(at ' t(o$t some a"van#e" #on3 !$%at on, mo"_se#$% t& sn7t ve%& 3$n#t onal, an" t(at a"van#e" #on3 !$%at on #an !et #omple8 p%ett& <$ #5l&. 6o$ nee" to "ete%m ne an" set a"" t onal %$les so t(at mo"_se#$% t& 5no's (o' to %espon" '(en app%oa#(e" ' t( a potent al t(%eat. 4(at7s '(e%e )pen Web *ppl #at on +e#$% t& ,%o>e#t :)W*+,; #omes n. 6o$ #an t( n5 o3 t(e )W*+, as an en(an#e" #o%e %$leset t(at t(e mo"_se#$% t& mo"$le ' ll 3ollo' to p%event atta#5s on &o$% se%ve%.

4(e p%o#ess o3 !ett n! sta%te" ' t( mo"_se#$% t& an" )W*+, m !(t seem l 5e a lot o3 'o%5, b$t t7s a#t$all& <$ te s mple. ?et7s loo5 at t(e nstallat on an" #on3 !$%at on p%o#ess n a 2ent)+ env %onment. @ %st, 'e 'ant to nstall t(e "epen"en# es t(at mo"_se#$% t& nee"s:

## Install t(e A22 #omp le% an" mo"_se#$% t& "epen"en# es ## B s$"o &$m nstall !## ma5e B s$"o &$m nstall l b8ml- l b8ml--"evel (ttp"-"evel p#%e-"evel #$%l-"evel Co' t(at 'e (ave t(e "epen"en# es n pla#e, let7s nstall mo"_se#$% t&. Dn3o%t$natel&, t(e%e s no &$m 3o% mo"_se#$% t& be#a$se t s not a ma nta ne" pa#5a!e, so &o$7ll (ave to nstall t " %e#tl& 3%om t(e so$%#e:

## Aet mo"_se#$% t& 3%om ts so$%#e ## B #" /$s%/s%# B ! t #lone (ttps://! t($b.#om/+p "e%?abs/9o"+e#$% t&.! t

Co' t(at 'e (ave mo"_se#$% t& on o$% se%ve%, 'e7ll nstall t:

## Install mo"_se#$% t& ## B #" 9o"+e#$% t& B ./#on3 !$%e B ma5e nstall *n" 'e7ll #op& ove% t(e "e3a$lt mo"_se#$% t& #on3 !$%at on 3 le nto t(e ne#essa%& *pa#(e " %e#to%&:

## 2op& #on3 !$%at on 3 le ## B #p mo"se#$% t&.#on3-%e#ommen"e" /et#/(ttp"/#on3."/mo"se#$% t&.#on3 We7ve !ot mo"_se#$% t& nstalle" no', so 'e nee" to tell *pa#(e abo$t t ... It7s no $se (av n! mo"_se#$% t& nstalle" 3 o$% se%ve% "oesn7t 5no' t7s s$ppose" to be $s n! t:

## *pa#(e #on3 !$%at on 3o% mo"_se#$% t& ## B v /et#/(ttp"/#on3/(ttp".#on3 We7ll nee" to loa" o$% *pa#(e #on3 ! 3 le to n#l$"e o$% "epen"en# es :EF@)GF t(e mo"_se#$% t& mo"$le; an" t(e mo"_se#$% t& 3 le mo"$le tsel3:

## ?oa" "epen"en# es ## ?oa"@ le /$s%/l b/l b8ml-.so ?oa"@ le /$s%/l b/l bl$aH.0.so ## ?oa" mo"_se#$% t& ## ?oa"9o"$le se#$% t&-_mo"$le mo"$les/mo"_se#$% t&-.so We7ll save o$% #on3 !$%at on #(an!es an" %esta%t *pa#(e:

## Gesta%t *pa#(eI ##

B s$"o /et#/ n t."/(ttp" %esta%t *s I ment one" at t(e top o3 t( s post, o$% nstallat on o3 mo"_se#$% t& s !oo", b$t 'e 'ant to en(an#e o$% %$leset ' t( t(e (elp o3 )W*+,. I3 &o$7ve ma"e t t( s 3a%, &o$ 'on7t (ave a p%oblem 3ollo' n! a s m la% p%o#ess to nstall )W*+,:

## )W*+, ## B #" /et#/(ttp"/ B ! t #lone (ttps://! t($b.#om/+p "e%?abs/o'asp-mo"se#$% t&-#%s.! t B mv o'asp-mo"se#$% t&-#%s mo"se#$% t&-#%s J$st l 5e ' t( mo"_se#$% t&, 'e7ll set $p o$% #on3 !$%at on 3 le:

## )W*+, #on3 !$%at on 3 le ## B #" mo"se#$% t&-#%s B #p mo"se#$% t&_#%s_0/_set$p.#on3.e8ample mo"se#$% t&_#%s_0/_#on3 !.#on3 Co' 'e (ave mo"_se#$% t& an" t(e )W*+, #o%e %$leset %ea"& to !oI 4(e last step 'e nee" to ta5e s to $p"ate t(e *pa#(e #on3 ! 3 le to set $p o$% bas # %$leset:

## *pa#(e #on3 !$%at on ## B v /et#/(ttp"/#on3/(ttp".#on3 We7ll a"" an I39o"$le an" po nt t to o$% ne' )W*+, %$le set at t(e en" o3 t(e 3 le:

<I39o"$le se#$% t&-_mo"$le> In#l$"e mo"se#$% t&-#%s/mo"se#$% t&_#%s_0/_#on3 !.#on3 In#l$"e mo"se#$% t&-#%s/base_%$les/K.#on3 </I39o"$le> *n" to #omplete t(e nstallat on, 'e save t(e #on3 ! 3 le an" %esta%t *pa#(e:

## Gesta%t *pa#(eI ## B s$"o /et#/ n t."/(ttp" %esta%t *n" 'e7ve !ot mo"_se#$% t& nstalle" ' t( t(e )W*+, #o%e %$lesetI W t( t( s "e3a$lt nstallat on, 'e7%e leve%a! n! t(e %$les t(e )W*+, open so$%#e #omm$n t& (as #ome $p ' t(, an" 'e (ave t(e 3le8 b l t& to t'ea5 an" en(an#e t(ose %$les as o$% nee"s " #tate. I3 &o$ (ave an& <$est ons abo$t t( s nstallat on o% &o$ (ave an& ot(e% te#(n #al blo! top #s &o$7" l 5e to (ea% 3%om $s abo$t, please let $s 5no'I

-2assan"%a

4' tte% lo!o @a#eboo5 lo!o Ge"" t lo!o +t$mbleDpon lo!o "el. # o.$s lo!o ? n5e"In lo!o @o%'a%" lo!o Le&'o%"s: *pa#(e, 2entos, 9o"se#$% t&, )pen +o$%#e, )s, )'asp, G$les, +e#$% t&, 4%a33 #, Dn 8 2ate!o% es: Development | 4 ps an" 4% #5s 0- #omments >> 2omments

5&le +a&s: *p% l -.t(, -/01 at M:-Mpm t(e '!et (ttp://"o'nloa"s.so$%#e3o%!e.net/p%o>e#t/mo"-se#$% t&/mo"se#$% t&-#%s//2DGGFC4/mo"se#$% t&-#%s_-.-.H.ta%.!N

#omes ba#5 ' t( a M/M 3o% me.

'!et (ttp://so$%#e3o%!e.net/p%o>e#ts/mo"-se#$% t&/3 les/mo"se#$% t&-apa#(e/-.O.//mo"se#$% t&apa#(e_-.O./.ta%.!N/"o'nloa"

Wo%5s b$t obv o$sl& 'on7t "o'nloa" t(e latest on#e a ne' %elease #omes o$t.

%5atN +a&s: *p% l -.t(, -/01 at H:1Hpm = L&le,

,lease e8#$se o$% e%%o%s. 4(e blo! 'as '% tten "$% n! 9o"+e#$% t&7s t%ans t on 3%om +o$%#e3o%!e to A t=$b. We7ve ma"e t(e ne#essa%& #(an!es to t(e %epos an" t s(o$l" 'o%5 3o% &o$ no'. ,lease let $s 5no' 3 &o$ (ave an& p%oblemsI

-Ga#(el

9a%a +a&s: 9a& 0st, -/01 at 0:/Mam 4( s #an be nstalle" v a &$m on t(e epel %epos. Eot( mo"_se#$% t& an" mo"_se#$% t&_#%s a%e ava lable.

I3 &o$ (ave t(e epel &$m %epos nstalle" t( s s(o$l" be as eas& as P&$m nstall mo"_se#$% t& mo"_se#$% t&_#%s.P )3 #o$%se, as t( s s meant to be se#$% t& p%e#a$t ons t7s al'a&s bette% to $se t(e o% ! nal p%ov "e%s :3%om t(e ! t($b %epo no';, an" &o$7%e st ll bette% o33 lea%n n! (o' to #on3 !$%e t, b$t nstallat on v a &$m s poss ble.

4(an5s -9a%a-

*t(mane +a&s: 9a& 1%", -/01 at .:H/am

I ten" to 5eep mo"_se#$% t& an" mo"_se#$% t&_#%s @e"o%a/F,F? pa#5a!es $p-to-"ate espe# all& '(en t #omes to se#$% t& $p"ates.

I3 t7s not t(e #ase, &o$ #an al'a&s %e<$est t v a E$!N lla.

-- *t(mane, @e"o%a/F,F? mo"_se#$% t& pa#5a!es ma nta ne%

Je33 +a&s: 9a& 1%", -/01 at 0/:HHam 4(an5 &o$I I (ave been sea%#( n! 3o% t( s 3o% 'ee5s no', t( s s e8a#tl& '(at I nee".

Wobble +a&s: 9a& 01t(, -/01 at 0-:HQam 4( s s an a'esome a%t #le. 4(an5sI

2an"le@)GFR +a&s: 9a& 0Mt(, -/01 at 0:HHpm = I

A%eat a%t #le. We t% e" to ! ve t a !o b$t '(en 'e !et to t( s step:

## Install mo"_se#$% t& ## B #" 9o"+e#$% t& B ./#on3 !$%e B ma5e nstall

*3te% 'e t%& Pma5e nstallP 'e >$st !et an e%%o%: ma5e: KKK Co %$le to ma5e ta%!et S nstall7. +top.

=o' to 3 8 t(at e%%o% n o%"e% to #ont n$e t(e a%t #le steps?

We a%e on 2FC4os T

+ mon +a&s: J$ne 1%", -/01 at O:0-am 4(e%e7s an e%%o% (e%e: B #p mo"se#$% t&_#%s_0/_set$p.#on3.e8ample mo"se#$% t&_#%s0/_#on3 !.#on3 4(at s(o$l" be: B #p mo"se#$% t&_#%s_0/_set$p.#on3.e8ample mo"se#$% t&_#%s_0/_#on3 !.#on3

6o$% #on3 ! states: In#l$"e mo"se#$% t&-#%s/mo"se#$% t&_#%s_0/_#on3 !.#on3

+ mon +a&s: J$ne 1%", -/01 at O:0Oam *lso, a m ss n! step s be3o%e t(e ./#on3 !$%e o3 9o"+e#$% t&, &o$ nee" to %$n ./a$to!en.s( :an" nstall t(e %e<$ %e" tools/l bs;

5(aNa%" +a&s: J$ne 1%", -/01 at 0/:0Qam 4(an5s 3o% po nt n! o$t t(e p%oblem ' t( t(e t&po '(en #o" n! t(e se#on" #%s_0/ pa%t o3 t(at #omman". We7ve $p"ate" t(e #ontent nl ne to (ave t s(o'n p%ope%l&.

W(en t #omes to t(e ./#on3 !$%e #omman", 2assan"%a7s e8ample nstalls t(e %e<$ %e" tools/l bs v a a &$m #omman" ea%l e% n t(e post. +(e e8pla ne" t(at s(e7" be $s n! a 2ent)+ env %onment n (e% e8ample, so 3 &o$7%e $s n! a " 33e%ent )+, t(e p%o#ess ma& loo5 s$btl& " 33e%ent.

+(el"on ,atnett +a&s: J$l& 10st, -/01 at M:/-am Install "en& (ost:

s$"o &$m -& nstall "en&(osts

It7s %eall& #%$# al to (ave...

*mos Eo'man +a&s: *$!$st Ot(, -/01 at T:0Ham +e#$% t& s 5e& #on#e%n 3o% all t(e #ompan es an" 9o"+e#$% t& s s$%el& one ve%& !oo" an openso$%#e *pa#(e mo"$le t(at a#ts as a 'eb appl #at on 3 %e'all, an" (elps to p%ote#t an& 'ebs te.

?eave a Gepl&

6o$% name

Fma l

Webs te DG? 2omment K

? n$8: -/ Iptables F8amples @o% Ce' +&s*"m ns b& CIR 2G*@4 on DF2F9EFG 01, -/00 U TH 2)99FC4+U ?*+4 D,D*4FD 9*G2= -/, -/0n I,4*E?F+, ?ICDR, ?ICDR DI+4GIED4I)C

? n$8 #omes ' t( a (ost base" 3 %e'all #alle" Cet3 lte%. *##o%" n! to t(e o33 # al p%o>e#t s te:

net3 lte% s a set o3 (oo5s ns "e t(e ? n$8 5e%nel t(at allo's 5e%nel mo"$les to %e! ste% #allba#5 3$n#t ons ' t( t(e net'o%5 sta#5. * %e! ste%e" #allba#5 3$n#t on s t(en #alle" ba#5 3o% eve%& pa#5et t(at t%ave%ses t(e %espe#t ve (oo5 ' t( n t(e net'o%5 sta#5.

4( s ? n$8 base" 3 %e'all s #ont%olle" b& t(e p%o!%am #alle" ptables to (an"les 3 lte% n! 3o% I,vM, an" pTtables (an"les 3 lte% n! 3o% I,vT. I st%on!l& %e#ommen" t(at &o$ 3 %st %ea" o$% <$ #5 t$to% al t(at e8pla ns (o' to #on3 !$%e a (ost-base" 3 %e'all #alle" Cet3 lte% : ptables; $n"e% 2ent)+ / G=F? / @e"o%a / Ge"(at Fnte%p% se ? n$8. 4( s post l st most #ommon ptables sol$t ons %e<$ %e" b& a ne' ? n$8 $se% to se#$%e ( s o% (e% ? n$8 ope%at n! s&stem 3%om nt%$"e%s.

I,4*E?F+ G$les F8ample

9ost o3 t(e a#t ons l ste" n t( s post a%e '% tten ' t( t(e ass$mpt on t(at t(e& ' ll be e8e#$te" b& t(e %oot $se% %$nn n! t(e bas( o% an& ot(e% mo"e%n s(ell. Do not t&pe #omman"s on %emote s&stem as t ' ll " s#onne#t &o$% a##ess. @o% "emonst%at on p$%pose I7ve $se" G=F? T.8, b$t t(e 3ollo' n! #omman" s(o$l" 'o%5 ' t( an& mo"e%n ? n$8 " st%o. 4( s s C)4 a t$to% al on (o' to set ptables. +ee t$to% al (e%e. It s a <$ #5 #(eat s(eet to #ommon ptables #omman"s. #0: D spla& n! t(e +tat$s o3 6o$% @ %e'all

4&pe t(e 3ollo' n! #omman" as %oot:

# ptables -? -n -v

+ample o$tp$ts:

2(a n IC,D4 :pol #& *22F,4 / pa#5ets, / b&tes; p5ts b&tes ta%!et p%ot opt n o$t so$%#e "est nat on

2(a n @)GW*GD :pol #& *22F,4 / pa#5ets, / b&tes; p5ts b&tes ta%!et p%ot opt n o$t so$%#e "est nat on

2(a n )D4,D4 :pol #& *22F,4 / pa#5ets, / b&tes; p5ts b&tes ta%!et p%ot opt n o$t so$%#e "est nat on

*bove o$tp$t n" #ates t(at t(e 3 %e'all s not a#t ve. 4(e 3ollo' n! sample s(o's an a#t ve 3 %e'all: # ptables -? -n -v

+ample o$tp$ts:

2(a n IC,D4 :pol #& DG), / pa#5ets, / b&tes; p5ts b&tes ta%!et / / DG), p%ot opt n all -- K K o$t so$%#e /./././// K /./././// /./././// /./././// "est nat on /./././// /./././// /./././// /./././// state ICV*?ID state

1.M M1HQT *22F,4 all -- K GF?*4FD,F+4*E?I+=FD .1 0O-.- *22F,4 0 0M- *22F,4

all -- b%/ K all -- lo K

2(a n @)GW*GD :pol #& DG), / pa#5ets, / b&tes; p5ts b&tes ta%!et / / / *22F,4 / DG), p%ot opt n o$t so$%#e /./././// "est nat on /./././// /./././// state ICV*?ID

all -- b%/ b%/ all -- K K

/./././//

/ / 42,9++ t#p -- K 42,9++ #lamp to ,94D / / *22F,4 all -- K GF?*4FD,F+4*E?I+=FD / / / / 'an n / 'ano$t / *22F,4

K K

/./././// /./././// /./././//

/./././// /./././// /./././// /./././// /./././//

t#p 3la!s:/8/T//8/state

all -- vlan- K all -- K

vlan- /./././// /./././//

all -- b%/ K

2(a n )D4,D4 :pol #& *22F,4 M-H pa#5ets, 001L b&tes; p5ts b&tes ta%!et p%ot opt n o$t so$%#e "est nat on

2(a n 'an n :0 %e3e%en#es; p5ts b&tes ta%!et p%ot opt n o$t so$%#e "est nat on

2(a n 'ano$t :0 %e3e%en#es; p5ts b&tes ta%!et W(e%e, p%ot opt n o$t so$%#e "est nat on

-? : ? st %$les. -v : D spla& "eta le" n3o%mat on. 4( s opt on ma5es t(e l st #omman" s(o' t(e nte%3a#e name, t(e %$le opt ons, an" t(e 4)+ mas5s. 4(e pa#5et an" b&te #o$nte%s a%e also l ste", ' t( t(e s$33 8 7L7, 797 o% 7A7 3o% 0///, 0,///,/// an" 0,///,///,/// m$lt pl e%s %espe#t vel&. -n : D spla& I, a""%ess an" po%t n n$me% # 3o%mat. Do not $se DC+ to %esolve names. 4( s ' ll spee" $p l st n!. #0.0: 4o nspe#t 3 %e'all ' t( l ne n$mbe%s, ente%:

# ptables -n -? -v --l ne-n$mbe%s

+ample o$tp$ts:

2(a n IC,D4 :pol #& DG),;

n$m ta%!et 0 DG), - *22F,4 1 *22F,4 M *22F,4

p%ot opt so$%#e all -- /./././// all -- /./././// all -- /./././// all -- /./././//

"est nat on /./././// /./././// /./././// /./././// state ICV*?ID state GF?*4FD,F+4*E?I+=FD

2(a n @)GW*GD :pol #& DG),; n$m ta%!et 0 *22F,4 - DG), 1 42,9++ ,94D M *22F,4 H 'an n T 'ano$t O *22F,4 p%ot opt so$%#e all -- /./././// all -- /./././// t#p -- /./././// all -- /./././// all -- /./././// all -- /./././// all -- /./././// "est nat on /./././// /./././// /./././// /./././// /./././// /./././// /./././// state ICV*?ID t#p 3la!s:/8/T//8/- 42,9++ #lamp to state GF?*4FD,F+4*E?I+=FD

2(a n )D4,D4 :pol #& *22F,4; n$m ta%!et p%ot opt so$%#e "est nat on

2(a n 'an n :0 %e3e%en#es; n$m ta%!et p%ot opt so$%#e "est nat on

2(a n 'ano$t :0 %e3e%en#es; n$m ta%!et p%ot opt so$%#e "est nat on

6o$ #an $se l ne n$mbe%s to "elete o% nse%t ne' %$les nto t(e 3 %e'all.

#0.-: 4o " spla& IC,D4 o% )D4,D4 #(a n %$les, ente%:

# ptables -? IC,D4 -n -v # ptables -? )D4,D4 -n -v --l ne-n$mbe%s

#-: +top / +ta%t / Gesta%t t(e @ %e'all

I3 &o$ a%e $s n! 2ent)+ / G=F? / @e"o%a ? n$8, ente%: # se%v #e ptables stop # se%v #e ptables sta%t # se%v #e ptables %esta%t

6o$ #an $se t(e ptables #omman" tsel3 to stop t(e 3 %e'all an" "elete all %$les: # ptables -@ # ptables -R # ptables -t nat -@ # ptables -t nat -R # ptables -t man!le -@ # ptables -t man!le -R # ptables -, IC,D4 *22F,4 # ptables -, )D4,D4 *22F,4 # ptables -, @)GW*GD *22F,4

W(e%e,

-@ : Delet n! :3l$s( n!; all t(e %$les. -R : Delete #(a n. -t table_name : +ele#t table :#alle" nat o% man!le; an" "elete/3l$s( %$les. -, : +et t(e "e3a$lt pol #& :s$#( as DG),, GFJF24, o% *22F,4;. #1: Delete @ %e'all G$les

4o " spla& l ne n$mbe% alon! ' t( ot(e% n3o%mat on 3o% e8 st n! %$les, ente%: # ptables -? IC,D4 -n --l ne-n$mbe%s # ptables -? )D4,D4 -n --l ne-n$mbe%s # ptables -? )D4,D4 -n --l ne-n$mbe%s | less # ptables -? )D4,D4 -n --l ne-n$mbe%s | !%ep -/-.HM.0.0

6o$ ' ll !et t(e l st o3 I,. ?oo5 at t(e n$mbe% on t(e le3t, t(en $se n$mbe% to "elete t. @o% e8ample "elete l ne n$mbe% M, ente%: # ptables -D IC,D4 M

)G 3 n" so$%#e I, -/-.HM.0.0 an" "elete 3%om %$le: # ptables -D IC,D4 -s -/-.HM.0.0 -> DG),

W(e%e,

-D : Delete one o% mo%e %$les 3%om t(e sele#te" #(a n #M: Inse%t @ %e'all G$les

4o nse%t one o% mo%e %$les n t(e sele#te" #(a n as t(e ! ven %$le n$mbe% $se t(e 3ollo' n! s&nta8. @ %st 3 n" o$t l ne n$mbe%s, ente%: # ptables -? IC,D4 -n --l ne-n$mbe%s +ample o$tp$ts:

2(a n IC,D4 :pol #& DG),; n$m ta%!et 0 DG), p%ot opt so$%#e all -- -/-.HM.0.0 "est nat on /./././//

- *22F,4

all -- /./././//

/./././//

state CFW,F+4*E?I+=FD

4o nse%t %$le bet'een 0 an" -, ente%: # ptables -I IC,D4 - -s -/-.HM.0.- -> DG),

4o v e' $p"ate" %$les, ente%: # ptables -? IC,D4 -n --l ne-n$mbe%s

+ample o$tp$ts:

2(a n IC,D4 :pol #& DG),; n$m ta%!et 0 DG), - DG), 1 *22F,4 p%ot opt so$%#e all -- -/-.HM.0.0 all -- -/-.HM.0.all -- /./././// "est nat on /./././// /./././// /./././// state CFW,F+4*E?I+=FD

#H: +ave @ %e'all G$les

4o save 3 %e'all %$les $n"e% 2ent)+ / G=F? / @e"o%a ? n$8, ente%: # se%v #e ptables save

In t( s e8ample, "%op an I, an" save 3 %e'all %$les: # ptables -* IC,D4 -s -/-.H.M.0 -> DG), # se%v #e ptables save

@o% all ot(e% " st%os $se t(e ptables-save #omman": # ptables-save > /%oot/m&.a#t ve.3 %e'all.%$les # #at /%oot/m&.a#t ve.3 %e'all.%$les

#T: Gesto%e @ %e'all G$les

4o %esto%e 3 %e'all %$les 3o%m a 3 le #alle" /%oot/m&.a#t ve.3 %e'all.%$les, ente%: # ptables-%esto%e < /%oot/m&.a#t ve.3 %e'all.%$les

4o %esto%e 3 %e'all %$les $n"e% 2ent)+ / G=F? / @e"o%a ? n$8, ente%: # se%v #e ptables %esta%t

#O: +et t(e De3a$lt @ %e'all ,ol # es

4o "%op all t%a33 #: # ptables -, IC,D4 DG), # ptables -, )D4,D4 DG), # ptables -, @)GW*GD DG), # ptables -? -v -n #### &o$ ' ll not able to #onne#t an&'(e%e as all t%a33 # s "%oppe" ### # p n! #&be%# t .b N # '!et (ttp://'''.5e%nel.o%!/p$b/l n$8/5e%nel/v1.//test n!/l n$8-1.--%#H.ta%.bN-

#O.0: )nl& Elo#5 In#om n! 4%a33 #

4o "%op all n#om n! / 3o%'a%"e" pa#5ets, b$t allo' o$t!o n! t%a33 #, ente%: # ptables -, IC,D4 DG), # ptables -, @)GW*GD DG), # ptables -, )D4,D4 *22F,4

# ptables -* IC,D4 -m state --state CFW,F+4*E?I+=FD -> *22F,4 # ptables -? -v -n ### KKK no' p n! an" '!et s(o$l" 'o%5 KKK ### # p n! #&be%# t .b N # '!et (ttp://'''.5e%nel.o%!/p$b/l n$8/5e%nel/v1.//test n!/l n$8-1.--%#H.ta%.bN-

#Q:D%op ,% vate Cet'o%5 *""%ess )n ,$bl # Inte%3a#e

I, spoo3 n! s not( n! b$t to stop t(e 3ollo' n! I,vM a""%ess %an!es 3o% p% vate net'o%5s on &o$% p$bl # nte%3a#es. ,a#5ets ' t( non-%o$table so$%#e a""%esses s(o$l" be %e>e#te" $s n! t(e 3ollo' n! s&nta8: # ptables -* IC,D4 - et(0 -s 0.-.0TQ././/-M -> DG), # ptables -* IC,D4 - et(0 -s 0/./././/Q -> DG),

#Q.0: I,vM *""%ess Gan!es @o% ,% vate Cet'o%5s :ma5e s$%e &o$ blo#5 t(em on p$bl # nte%3a#e;

0/./././/Q -> :*; 0O-.0T././/0- :E; 0.-.0TQ././/0T :2; --M./././/M :9D?4I2*+4 D; -M/./././/H :F; 0-O./././/Q :?)),E*2L; #.: Elo#5 n! an I, *""%ess :E?)2L I,;

4o blo#5 an atta#5e%s p a""%ess #alle" 0.-.1.M, ente%: # ptables -* IC,D4 -s 0.-.1.M -> DG), # ptables -* IC,D4 -s 0.-.0TQ././/-M -> DG),

#0/: Elo#5 In#om n! ,o%t Ge<$ests :E?)2L ,)G4;

4o blo#5 all se%v #e %e<$ests on po%t Q/, ente%: # ptables -* IC,D4 -p t#p --"po%t Q/ -> DG), # ptables -* IC,D4 - et(0 -p t#p --"po%t Q/ -> DG),

4o blo#5 po%t Q/ onl& 3o% an p a""%ess 0.-.1.M, ente%: # ptables -* IC,D4 -p t#p -s 0.-.1.M --"po%t Q/ -> DG), # ptables -* IC,D4 - et(0 -p t#p -s 0.-.0TQ.0.//-M --"po%t Q/ -> DG),

#00: Elo#5 )$t!o n! I, *""%ess

4o blo#5 o$t!o n! t%a33 # to a pa%t #$la% (ost o% "oma n s$#( as #&be%# t .b N, ente%: # (ost -t a #&be%# t .b N

+ample o$tp$ts:

#&be%# t .b N (as a""%ess OH.0-T.0H1.-/T Cote "o'n ts p a""%ess an" t&pe t(e 3ollo' n! to blo#5 all o$t!o n! t%a33 # to OH.0-T.0H1.-/T: # ptables -* )D4,D4 -" OH.0-T.0H1.-/T -> DG),

6o$ #an $se a s$bnet as 3ollo's: # ptables -* )D4,D4 -" 0.-.0TQ.0.//-M -> DG), # ptables -* )D4,D4 -o et(0 -" 0.-.0TQ.0.//-M -> DG),

#00.0: F8ample - Elo#5 @a#eboo5.#om Doma n

@ %st, 3 n" o$t all p a""%ess o3 3a#eboo5.#om, ente%: # (ost -t a '''.3a#eboo5.#om

+ample o$tp$ts:

'''.3a#eboo5.#om (as a""%ess T..0O0.--Q.M/ @ n" 2IDG 3o% T..0O0.--Q.M/, ente%: # '(o s T..0O0.--Q.M/ | !%ep 2IDG

+ample o$tp$ts:

2IDG:

T..0O0.--M.//0.

4o p%event o$t!o n! a##ess to '''.3a#eboo5.#om, ente%: # ptables -* )D4,D4 -p t#p -" T..0O0.--M.//0. -> DG),

6o$ #an also $se "oma n name, ente%: # ptables -* )D4,D4 -p t#p -" '''.3a#eboo5.#om -> DG), # ptables -* )D4,D4 -p t#p -" 3a#eboo5.#om -> DG),

@%om t(e ptables man pa!e:

... spe# 3& n! an& name to be %esolve" ' t( a %emote <$e%& s$#( as DC+ :e.!., 3a#eboo5.#om s a %eall& ba" "ea;, a net'o%5 I, a""%ess :' t( /mas5;, o% a pla n I, a""%ess ...

#0-: ?o! an" D%op ,a#5ets

4&pe t(e 3ollo' n! to lo! an" blo#5 I, spoo3 n! on p$bl # nte%3a#e #alle" et(0 # ptables -* IC,D4 - et(0 -s 0/./././/Q -> ?)A --lo!-p%e3 8 PI,_+,))@ *: P # ptables -* IC,D4 - et(0 -s 0/./././/Q -> DG),

E& "e3a$lt eve%&t( n! s lo!!e" to /va%/lo!/messa!es 3 le. # ta l -3 /va%/lo!/messa!es # !%ep --#olo% 7I, +,))@7 /va%/lo!/messa!es

#01: ?o! an" D%op ,a#5ets ' t( ? m te" C$mbe% o3 ?o! Fnt% es

4(e -m l m t mo"$le #an l m t t(e n$mbe% o3 lo! ent% es #%eate" pe% t me. 4( s s $se" to p%event 3loo" n! &o$% lo! 3 le. 4o lo! an" "%op spoo3 n! pe% H m n$tes, n b$%sts o3 at most O ent% es . # ptables -* IC,D4 - et(0 -s 0/./././/Q -m l m t --l m t H/m --l m t-b$%st O -> ?)A --lo!-p%e3 8 PI,_+,))@ *: P # ptables -* IC,D4 - et(0 -s 0/./././/Q -> DG),

#0M: D%op o% *##ept 4%a33 # @%om 9a# *""%ess

Dse t(e 3ollo' n! s&nta8: # ptables -* IC,D4 -m ma# --ma#-so$%#e //:/@:F*:.0:/M:/Q -> DG), ## Konl& a##ept t%a33 # 3o% 42, po%t # Q/Q/ 3%om ma# //:/@:F*:.0:/M:/O K ## # ptables -* IC,D4 -p t#p --"est nat on-po%t -- -m ma# --ma#-so$%#e //:/@:F*:.0:/M:/O -> *22F,4

#0H: Elo#5 o% *llo' I29, , n! Ge<$est

4&pe t(e 3ollo' n! #omman" to blo#5 I29, p n! %e<$ests: # ptables -* IC,D4 -p #mp -- #mp-t&pe e#(o-%e<$est -> DG), # ptables -* IC,D4 - et(0 -p #mp -- #mp-t&pe e#(o-%e<$est -> DG),

, n! %esponses #an also be l m te" to #e%ta n net'o%5s o% (osts: # ptables -* IC,D4 -s 0.-.0TQ.0.//-M -p #mp -- #mp-t&pe e#(o-%e<$est -> *22F,4

4(e 3ollo' n! onl& a##epts l m te" t&pe o3 I29, %e<$ests: ### KK ass$me" t(at "e3a$lt IC,D4 pol #& set to DG), KK ############# ptables -* IC,D4 -p #mp -- #mp-t&pe e#(o-%epl& -> *22F,4 ptables -* IC,D4 -p #mp -- #mp-t&pe "est nat on-$n%ea#(able -> *22F,4 ptables -* IC,D4 -p #mp -- #mp-t&pe t me-e8#ee"e" -> *22F,4 ## KK all o$% se%ve% to %espon" to p n!s KK ## ptables -* IC,D4 -p #mp -- #mp-t&pe e#(o-%e<$est -> *22F,4

#0T: )pen Gan!e o3 ,o%ts

Dse t(e 3ollo' n! s&nta8 to open a %an!e o3 po%ts: ptables -* IC,D4 -m state --state CFW -m t#p -p t#p --"po%t O///:O/0/ -> *22F,4

#0O: )pen Gan!e o3 I, *""%esses

Dse t(e 3ollo' n! s&nta8 to open a %an!e o3 I, a""%ess: ## onl& a##ept #onne#t on to t#p po%t Q/ :*pa#(e; 3 p s bet'een 0.-.0TQ.0.0// an" 0.-.0TQ.0.-// ##

ptables -* IC,D4 -p t#p --"est nat on-po%t Q/ -m p%an!e --s%#-%an!e 0.-.0TQ.0.0//0.-.0TQ.0.-// -> *22F,4

## nat e8ample ## ptables -t nat -* ,)+4G)D4ICA -> +C*4 --to-so$%#e 0.-.0TQ.0.-/-0.-.0TQ.0.-H

#0Q: Fstabl s(e" 2onne#t ons an" Gesta% n! 4(e @ %e'all

W(en &o$ %esta%t t(e ptables se%v #e t ' ll "%op establ s(e" #onne#t ons as t $nloa" mo"$les 3%om t(e s&stem $n"e% G=F? / @e"o%a / 2ent)+ ? n$8. F" t, /et#/s&s#on3 !/ ptables-#on3 ! an" set I,4*E?F+_9)DD?F+_DC?)*D as 3ollo's:

I,4*E?F+_9)DD?F+_DC?)*D W no #0.: =elp Iptables @loo" n! 9& +e%ve% +#%een

Dse t(e #% t lo! level to sen" messa!es to a lo! 3 le nstea" o3 #onsole: ptables -* IC,D4 -s 0.-.1.M -p t#p --"est nat on-po%t Q/ -> ?)A --lo!-level #% t

#-/: Elo#5 o% )pen 2ommon ,o%ts

4(e 3ollo' n! s(o's s&nta8 3o% open n! an" #los n! #ommon 42, an" DD, po%ts:

Gepla#e *22F,4 ' t( DG), to blo#5 po%t: ## open po%t ss( t#p po%t -- ## ptables -* IC,D4 -m state --state CFW -m t#p -p t#p --"po%t -- -> *22F,4 ptables -* IC,D4 -s 0.-.0TQ.0.//-M -m state --state CFW -p t#p --"po%t -- -> *22F,4

## open #$ps :p% nt n! se%v #e; $"p/t#p po%t T10 3o% ?*C $se%s ## ptables -* IC,D4 -s 0.-.0TQ.0.//-M -p $"p -m $"p --"po%t T10 -> *22F,4 ptables -* IC,D4 -s 0.-.0TQ.0.//-M -p t#p -m t#p --"po%t T10 -> *22F,4

## allo' t me s&n# v a C4, 3o% lan $se%s :open $"p po%t 0-1; ## ptables -* IC,D4 -s 0.-.0TQ.0.//-M -m state --state CFW -p $"p --"po%t 0-1 -> *22F,4

## open t#p po%t -H :smtp; 3o% all ## ptables -* IC,D4 -m state --state CFW -p t#p --"po%t -H -> *22F,4

# open "ns se%ve% po%ts 3o% all ## ptables -* IC,D4 -m state --state CFW -p $"p --"po%t H1 -> *22F,4 ptables -* IC,D4 -m state --state CFW -p t#p --"po%t H1 -> *22F,4

## open (ttp/(ttps :*pa#(e; se%ve% po%t to all ## ptables -* IC,D4 -m state --state CFW -p t#p --"po%t Q/ -> *22F,4 ptables -* IC,D4 -m state --state CFW -p t#p --"po%t MM1 -> *22F,4

## open t#p po%t 00/ :pop1; 3o% all ## ptables -* IC,D4 -m state --state CFW -p t#p --"po%t 00/ -> *22F,4

## open t#p po%t 0M1 : map; 3o% all ## ptables -* IC,D4 -m state --state CFW -p t#p --"po%t 0M1 -> *22F,4

## open a##ess to +amba 3 le se%ve% 3o% lan $se%s onl& ##

ptables -* IC,D4 -s 0.-.0TQ.0.//-M -m state --state CFW -p t#p --"po%t 01O -> *22F,4 ptables -* IC,D4 -s 0.-.0TQ.0.//-M -m state --state CFW -p t#p --"po%t 01Q -> *22F,4 ptables -* IC,D4 -s 0.-.0TQ.0.//-M -m state --state CFW -p t#p --"po%t 01. -> *22F,4 ptables -* IC,D4 -s 0.-.0TQ.0.//-M -m state --state CFW -p t#p --"po%t MMH -> *22F,4

## open a##ess to p%o8& se%ve% 3o% lan $se%s onl& ## ptables -* IC,D4 -s 0.-.0TQ.0.//-M -m state --state CFW -p t#p --"po%t 10-Q -> *22F,4

## open a##ess to m&s<l se%ve% 3o% lan $se%s onl& ## ptables -I IC,D4 -p t#p --"po%t 11/T -> *22F,4

#-0: Gest% #t t(e C$mbe% o3 ,a%allel 2onne#t ons 4o a +e%ve% ,e% 2l ent I,

6o$ #an $se #onnl m t mo"$le to p$t s$#( %est% #t ons. 4o allo' 1 ss( #onne#t ons pe% #l ent (ost, ente%: # ptables -* IC,D4 -p t#p --s&n --"po%t -- -m #onnl m t --#onnl m t-above 1 -> GFJF24

+et =44, %e<$ests to -/: # ptables -p t#p --s&n --"po%t Q/ -m #onnl m t --#onnl m t-above -/ --#onnl m t-mas5 -M -> DG),

W(e%e,

--#onnl m t-above 1 : 9at#( 3 t(e n$mbe% o3 e8 st n! #onne#t ons s above 1. --#onnl m t-mas5 -M : A%o$p (osts $s n! t(e p%e3 8 len!t(. @o% I,vM, t( s m$st be a n$mbe% bet'een : n#l$" n!; / an" 1-. #--: =o'4): Dse ptables ? 5e a ,%o

@o% mo%e n3o%mat on abo$t ptables, please see t(e man$al pa!e b& t&p n! man ptables 3%om t(e #omman" l ne: B man ptables

6o$ #an see t(e (elp $s n! t(e 3ollo' n! s&nta8 too: # ptables -(

4o see (elp ' t( spe# 3 # #omman"s an" ta%!ets, ente%: # ptables -> DG), -(

#--.0: 4est n! 6o$% @ %e'all

@ n" o$t 3 po%ts a%e open o% not, ente%: # netstat -t$lpn

@ n" o$t 3 t#p po%t Q/ open o% not, ente%: # netstat -t$lpn | !%ep :Q/

I3 po%t Q/ s not open, sta%t t(e *pa#(e, ente%: # se%v #e (ttp" sta%t

9a5e s$%e ptables allo' n! a##ess to t(e po%t Q/: # ptables -? IC,D4 -v -n | !%ep Q/

)t(e%' se open po%t Q/ $s n! t(e ptables 3o% all $se%s:

# ptables -* IC,D4 -m state --state CFW -p t#p --"po%t Q/ -> *22F,4 # se%v #e ptables save

Dse t(e telnet #omman" to see 3 3 %e'all allo's to #onne#t to po%t Q/: B telnet '''.#&be%# t .b N Q/

+ample o$tp$ts:

4%& n! OH.0-T.0H1.-/T... 2onne#te" to '''.#&be%# t .b N. Fs#ape #(a%a#te% s 7XY7. XY telnet> <$ t 2onne#t on #lose". 6o$ #an $se nmap to p%obe &o$% o'n se%ve% $s n! t(e 3ollo' n! s&nta8: B nmap -s+ -p Q/ '''.#&be%# t .b N

+ample o$tp$ts:

+ta%t n! Cmap H.// : (ttp://nmap.o%! ; at -/00-0--01 01:0. I+4 Inte%est n! po%ts on '''.#&be%# t .b N :OH.0-T.0H1.-/T;: ,)G4 +4*4F +FGVI2F Q//t#p open (ttp Cmap "one: 0 I, a""%ess :0 (ost $p; s#anne" n 0.// se#on"s I also %e#ommen" &o$ nstall an" $se sn 33e% s$#( as t#p"$pm an" n!%ep to test &o$% 3 %e'all sett n!s.

2on#l$s on: 4( s post onl& l st bas # %$les 3o% ne' ? n$8 $se%s. 6o$ #an #%eate an" b$ l" mo%e #omple8 %$les. 4( s %e<$ %es !oo" $n"e%stan" n! o3 42,/I,, ? n$8 5e%nel t$n n! v a s&s#tl.#on3, an" !oo" 5no'le"!e o3 &o$% o'n set$p. +ta& t$ne" 3o% ne8t top #s:

+tate3$l pa#5et nspe#t on. Ds n! #onne#t on t%a#5 n! (elpe%s. Cet'o%5 a""%ess t%anslat on. ?a&e% - 3 lte% n!. @ %e'all test n! tools. Deal n! ' t( V,Cs, DC+, Web, ,%o8&, an" ot(e% p%oto#ols.

*pa#(e a$t(ent #at on an" a$to% Nat on Int%o: *pa#(e a$t(ent #at on #an be #on3 !$%e" to %e<$ %e 'eb s te v s to%s to lo! n ' t( a $se% " an" pass'o%". 4( s s " 33e%ent t(an a"" n! a lo! n 3o%m on a 'eb pa!e an" #%eat n! &o$% o'n a$t(ent #at on. 4( s t$to% al "es#% bes t(e va% o$s met(o"s ava lable 3o% a$t(ent #at on ' t( *pa#(e an" ts7 #on3 !$%at on. ?o! n p%ote#t on s appl e" to t(e 'eb pa!es sto%e" n a " %e#to%&. 4(e lo! n " alo! bo8 '( #( %e<$ests t(e $se% " an" pass'o%" s p%ov "e" b& t(e 'eb b%o'se% at t(e %e<$est o3 *pa#(e. *pa#(e allo's t(e #on3 !$%at on to be ente%e" n ts7 #on3 !$%at on 3 les : .e. ma n #on3 !$%at on 3 le /et#/(ttp"/#on3/(ttp".#on3, s$pplementa%& #on3 !$%at on 3 les /et#/(ttp"/#on3."/#omponent.#on3 o% n a 3 le '( #( %es "es ' t( n t(e " %e#to%& to be pass'o%" p%ote#te". @ ve 3o%ms o3 a$t(ent #at on a%e "eta le" (e%e: *pa#(e pass'o%" 3 le a$t(ent #at on, " !est 3 le a$t(ent #at on, ?D*,, CI+ an" 9&+Z?.

*pa#(e a$t(ent #at on met(o"s $s n! lo#al 3 les to sto%e pass'o%"s, (ave no asso# at on ' t( s&stem $se% a##o$nts. I3 $s n! ?D*, o% CI+ 3o% s&stem lo! n a$t(ent #at on, ts $se #an be e8ten"e" to s$ppo%t *pa#(e 'eb s te lo! ns.

4e%ms: *$t(ent #at on: ,%ove t s &o$. *$t(ent #ate t(e lo! n b& %e<$ % n! a pass'o%" onl& t(e $se% 'o$l" 5no'. *$t(o% Nat on: )nl& #e%ta n $se%s o% membe%s o3 a p% vale!e" !%o$p a%e allo'e".

4&p #all& *$t(ent #at on o% *$t(ent #at on an" *$t(o% Nat on a%e %e<$ %e" 3o% a##ess.

*pa#(e #on3 !$%at on 3 les: :%e3e%e" to !ene% #all& n t( s t$to% al as (ttp".#on3 o% %es "e as t(e 3 le .(tpass'", n t(e " %e#to%& be n! p%ote#te".;

Ge" =at / @e"o%a 2o%e / 2ent)+: /et#/(ttp"/#on3/(ttp".#on3 o% /et#/(ttp"/#on3."/appl #at on.#on3 Covell +$+F: /et#/apa#(e-/(ttp".#on3 o% /et#/apa#(e-/#on3."/appl #at on.#on3 Db$nt$ :"appe% T./T; / Deb an: /et#/apa#(e-/apa#(e-.#on3 o% /et#/apa#(e-/#on3."/appl #at on.#on3 *pa#(e pass'o%" 3 le a$t(ent #at on: D %e#to%& p%ote#t on $s n! .(ta##ess an" .(tpass'"

4( s t$to% al appl es to *pa#(e base" 'eb se%ve%s. It %e<$ %es:

F" t n! t(e se%ve% #on3 !$%at on 3 le :(ttp".#on3; to enable/allo' a " %e#to%& st%$#t$%e on t(e se%ve% to be pass'o%" p%ote#te". Eas #all& t(e "e3a$lt <D %e#to%&> a##ess pe%m ss on statement nee" mo" 3 #at on. 4(e #%eat on an" a"" t on o3 t'o 3 les spe# 3& n! t(e a#t$al lo! ns an" pass'o%"s. :.(ta##ess an" .(tpass'"; Dse t( s spa% n!l& be#a$se *pa#(e ' ll (ave to #(e#5 all " %e#to% es an" s$b" %e#to% es spe# 3 e" n t(e #on3 !$%at on 3 le 3o% t(e e8 sten#e o3 t(e .(ta##ess 3 le a"" n! to a se%ve%s laten#&.

W(en t%& n! to a##ess a 3 le n a p%ote#te" " %e#to%&, t(e $se% ' ll be p%esente" ' t( a ' n"o' :" alo! bo8; %e<$est n! a $se%name an" pass'o%". 4( s p%ote#t on appl es to all s$b-" %e#to% es. )t(e% .(ta##ess 3 les n s$b " %e#to% es ma& %espe# 3& a##ess %$les.

*pa#(e a$t(ent #at on $ses t(e mo"$les mo"_a$t( an" mo"_a##ess.

*pa#(e #on3 !$%at on 3 le:

@ le: /et#/(ttp"/#on3/(ttp".#on3 :ol"e% s&stems $se" a##ess.#on3;

De3a$lt: 4( s " sables t(e p%o#ess n! o3 .(ta##ess 3 les 3o% t(e s&stem.

<D %e#to%& /> *llo')ve%% "e Cone </D %e#to%&> o% 3o% a spe# 3 e" " %e#to%&:

<D %e#to%& /(ome/"oma n/p$bl #_(tml> *llo')ve%% "e Cone </D %e#to%&>

2(an!e to an"/o% spe# 3& " %e#to%& to p%ote#t:

<D %e#to%& /(ome/"oma n/p$bl #_(tml/membe%sonl&> *llo')ve%% "e *ll </D %e#to%&>

)G <D %e#to%& /(ome/"oma n/p$bl #_(tml/membe%sonl&> *llo')ve%% "e *$t(2on3 ! </D %e#to%&>

*llo')ve%% "e pa%amete%s: *$t(2on3 ! @ leIn3o In"e8es ? m ts )pt ons

4(e name o3 t(e P" st% b$te"P an" $se% #ont%olle" #on3 !$%at on 3 le .(ta##ess s "e3 ne" ' t( t(e " %e#t ve: :"e3a$lt s(o'n;

*##ess@ leCame .(ta##ess ,ass'o%" p%ote#t on b& a s n!le lo! n: ,ass'o%" 3 les:

2%eate t(e " %e#to%& &o$ 'ant to pass'o%" p%ote#t :e8ample: membe%sonl&; 2%eate a 3 le /(ome/"oma n/p$bl #_(tml/membe%sonl&/.(ta##ess n t(at " %e#to% t(at loo5s somet( n! l 5e t( s: *$t(Came P*"" &o$% lo! n messa!e (e%e.P *$t(4&pe Eas # *$t(Dse%@ le /(ome/"oma n/p$bl #_(tml/membe%sonl&/.(tpass'" *$t(A%o$p@ le /"ev/n$ll %e<$ %e $se% name-o3-$se%

In t( s #ase t(e Pname-o3-$se%P s t(e lo! n name &o$ ' s( to $se 3o% a##ess n! t(e 'eb s te. [, t3allY 4(e l te%at$%e s 3$ll o3 e8amples o3 t(e ne8t met(o" b$t I neve% !ot t to 'o%5.

)ne #an $se *pa#(e " %e#t ves to spe# 3& a##ess an" %est% #t on:

*$t(Came P*"" &o$% lo! n messa!e (e%e.P *$t(4&pe Eas # *$t(Dse%@ le /(ome/"oma n/p$bl #_(tml/membe%sonl&/.(tpass'" *$t(A%o$p@ le /"ev/n$ll <? m t AF4 ,)+4> %e<$ %e $se% name-o3-$se%

</? m t>

*lso see: ? st o3 *pa#(e " %e#t ves. I3 an n#o%%e#t " %e#t ve s $se" n t(e .(ta##ess 3 le t ' ll %es$lt n a se%ve% e%%o%. 2(e#5 &o$% lo! 3 les: /va%/lo!/(ttp"/e%%o%_lo!. 4(e name o3 t(e a##ess 3 le .(ta##ess s spe# 3 e" b& t(e (ttp".#on3 " %e#t ve *##ess@ leCame. 2%eate :o% #lobbe% 3 t al%ea"& e8 sts; t(e pass'o%" 3 le /(ome/"oma n/p$bl #_(tml/membe%sonl&/.(tpass'" $s n! t(e p%o!%am (tpass'": (tpass'" -# .(tpass'" name-o3-$se%

*"" a ne' $se% to t(e e8 st n! pass'o%" 3 le: (tpass'" .(tpass'" name-o3-$se%

9an pa!e: (tpass'" F8ample 3 le: .(tpass'"

$se%0:L!v2+eF8t+M59 D+FG0:L!v2+eF8t+M59 Dse%0:L!v2+eF8t+M59

,ass'o%" 3 le p%ote#t on, o'ne%s( p an" +F? n$8 att% b$tes: @ le p% v le!es: #(mo" $!+%' .(tpass'" @ le o'ne%s( p: #(o'n apa#(e.apa#(e .(tpass'" +F? n$8 3 le att% b$tes: #(#on -G -( -$ s&stem_$ -% ob>e#t_% -t (ttp"_#on3 !_t .(tpass'" 4( s s %e<$ %e" so t(at t(e *pa#(e 'eb se%ve% #an a##ess t(e pass'o%" 3 le. @le8 ble pass'o%" p%ote#t on b& !%o$p a##ess pe%m ss ons: 4( s e8ample " 33e%s 3%om t(e p%ev o$s e8ample n t(at t allo's 3o% !%eate% #ont%ol an" 3le8 b l t& b& $s n! !%o$ps.

,ass'o%" 3 les:

2%eate a 3 le .(t!%o$p n t(at " %e#to%& t(at #onta ns t(e !%o$pname an" l st o3 $se%s: membe%-$se%s: $se%0 $se%- $se%1 ... et#

W(e%e membe%-$se%s s t(e name o3 t(e !%o$p. 9o" 3& .(ta##ess n t(e membe%sonl& " %e#to%& so t loo5s somet( n! l 5e: *$t(Came P*"" &o$% lo! n messa!e (e%e.P *$t(4&pe Eas # *$t(Dse%@ le /(ome/"oma n/p$bl #_(tml/membe%sonl&/.(tpass'" *$t(A%o$p@ le /(ome/"oma n/p$bl #_(tml/membe%sonl&/.(t!%o$p %e<$ %e !%o$p membe%-$se%s

2%eate t(e pass'o%" 3 le .(tpass'" $s n! t(e p%o!%am (tpass'" 3o% ea#( $se% as above. 6o$ "on7t nee" t(e -# opt on 3 &o$ a%e $s n! t(e same .(tpass'" 3 le. :-# s onl& to #%eate a ne' 3 le; (tpass'" -# /(ome/"oma n/p$bl #_(tml/membe%sonl&/.(tpass'" $se%0 (tpass'" /(ome/"oma n/p$bl #_(tml/membe%sonl&/.(tpass'" $se%-

Gest% #t a##ess base" on "oma n o% I, a""%ess: *llo' spe# 3 e" "oma n to a##ess s te:

)%"e% "en&, allo' Den& 3%om all *llo' 3%om allo'able-"oma n.#om *llo' 3%om RRR.RRR.RRR

Den& 3%om ev l-"oma n.#om

+pe# 3& 3 %st t(%ee :o% one, o% t'o, ...; o#tets o3 I, a""%ess "e3 n n! allo'able "oma n. ,la# n! *$t(ent #at on " %e#t ves n (ttp".#on3 e8#l$s vel& nstea" o3 $s n! .(ta##ess: 4(e p$%pose o3 $s n! t(e P" st% b$te" #on3 !$%at on 3 leP .(ta##ess s so t(at $se%s ma& #ont%ol a$t(ent #at on. It #an also be set n t(e *pa#(e #on3 !$%at on 3 le (ttp".#on3 WI4=)D4 $s n! t(e .(ta##ess 3 le. 4( s #an mp%ove se%ve% pe%3o%man#e as t(e se%ve% ' ll not (ave to loo5 3o% t(e .(ta##ess 3 le n ea#( s$b" %e#to%&.

@ le: (ttp".#on3 :po%t on; .. ...

<D %e#to%& /(ome/"oma n/p$bl #_(tml/membe%sonl&> *llo')ve%% "e *$t(2on3 ! *$t(Came P*"" &o$% lo! n messa!e (e%e.P *$t(4&pe Eas # *$t(Dse%@ le /(ome/"oma n/p$bl #_(tml/membe%sonl&/.(tpass'" *$t(A%o$p@ le /"ev/n$ll %e<$ %e $se% name-o3-$se% </D %e#to%&>

... ..

,e%l 2AI +#% pt to 9o" 3& Dse% ,ass'o%"s: 4( s allo's $se%s to mana!e / #(an!e t(e % o'n pass'o%"s.

Dse t(e ,e%l 2AI s#% pt (tpass'".pl [#a#(eY

F" t lo#at on o3 ,e%l . .e.: /$s%/b n/pe%l Cot /$s%/lo#al/b n/pe%l F" t t(e s#% pt to spe# 3& lo#at on o3 t(e pass'o%" 3 le .e. /va%/'''/,ass'o%"D %/.(tpass'" +F? n$8 $se%s m$st a"" t(e #o%%e#t att% b$te .e. #(#on -G -( -t (ttp"_s&s_#ontent_t /va%/'''/,ass'o%"D % 4(e pass'o%" 3 le m$st be lo#ate" n a " %e#to%& '(e%e 2AI s allo'e" to mo" 3& 3 les. @ le: (ttp".#on3 :po%t on; .. ...

<D %e#to%& P/va%/'''/,ass'o%"D %P> )pt ons -In"e8es *llo')ve%% "e Cone )pt ons Cone )%"e% allo',"en& *llo' 3%om all </D %e#to%&> ... ..

Ds n! D !est @ le 3o% *pa#(e *$t(ent #at on: 4( s met(o" a$t(ent #ates a $se% lo! n $s n! *pa#(e -./ on ? n$8. 4(e lo! ns (ave no #onne#t on to $se% a##o$nts.

<?o#at on /(ome/"oma n/p$bl #_(tml/membe%sonl&> *$t(4&pe D !est *$t(C*me P9embe%s )nl& *%eaP *$t(D !estDoma n /(ome/"oma n/p$bl #_(tml/membe%sonl& *$t(D !est@ le /et#/(ttp"/#on3/" !estp' %e<$ %e val "-$se% </?o#at on>

@o% mo%e on " !est a$t(ent #at on see: *pa#(e.o%!: 9o"$le mo"_a$t(_" !est G@2 -T0O: =44, *$t(ent #at on: Eas # an" D !est *##ess *$t(ent #at on 9an pa!e: (t" !est Ds n! ?D*, 3o% *pa#(e *$t(ent #at on: 4( s met(o" a$t(ent #ates $s n! *pa#(e -.//-.- an" t(e ?D*, a$t(ent #at on mo"$les on ? n$8 :s$ppl e" b& "e3a$lt ' t( most ? n$8 " st%os; an" an ?D*, se%ve%. ?D*, #an be $se" to a$t(ent #ate $se% a##o$nts on ? n$8 an" ot(e% #omp$te% s&stems as 'ell as 'eb s te lo! ns. *lso see 6o? n$8 4D4)GI*?: ?D*, s&stem a$t(ent #at on.

4%& t( s o$t ' t( &o$% *pa#(e se%ve% a$t(ent #at n! to o$% open ?D*, se%ve% $s n! o$% 4(%ee +too!es e8ample.

*pa#(e ?D*, mo"$les: Cote t(at t(e 3ollo' n! #on3 !$%at ons 'o%5 3 t(e ?D*, mo"$les a%e enable":

*pa#(e -./ :Ge" =at Fnte%p% se M/2ent)+M;: mo"_l"ap, mo"_a$t(_l"ap *pa#(e -.- :Ge" =at Fnte%p% se H/2ent)+ H;: mo"_l"ap, mo"_a$t(nN_l"ap 4(ese a%e t$%ne" on b& "e3a$lt. +ee /et#/(ttp"/#on3/(ttp".#on3

*pa#(e -./: ?oa"9o"$le l"ap_mo"$le mo"$les/mo"_l"ap.so ?oa"9o"$le a$t(_l"ap_mo"$le mo"$les/mo"_a$t(_l"ap.so

*pa#(e -.-: ?oa"9o"$le l"ap_mo"$le mo"$les/mo"_l"ap.so ?oa"9o"$le a$t(nN_l"ap_mo"$le mo"$les/mo"_a$t(nN_l"ap.so

*pa#(e *$t(ent #at on 2on3 !$%at on: *pa#(e -./:

*$t(ent #ate to an )pen ?D*, se%ve%. :Co b n" name/pass'o%" %e<$ %e" to a##ess ?D*, se%ve%;

@ le: (ttp".#on3 :po%t on; .. ...

<D %e#to%& /va%/'''/(tml> *$t(4&pe Eas # *$t(Came P+too!es Web + te: ?o! n ' t( ema l a""%essP *$t(?D*,DG? l"ap://l"ap.&ol n$8.#om:1Q./oWstoo!es?ma l %e<$ %e val "-$se% </D %e#to%&> ... ..

o% #%eate t(e 3 le /va%/'''/(tml/.(ta##ess *$t(Came P+too!es Web + te: ?o! n ' t( ema l a""%essP *$t(4&pe Eas # *$t(?D*,DG? l"ap://l"ap.&o$%-"oma n.#om:1Q./oWstoo!es?ma l %e<$ %e val "-$se%

,o nt &o$% b%o'se% to (ttp://lo#al(ost/ ?o! n ' t( t(e $se% " P?@ ne\ sp.#omP an" pass'o%" Pla%%&se#%etP. 6o$ ' ll be as5e" to $se a $se% " :ema l a""%ess; an" pass'o%" to ente% t(e s te.

E n" ' t( a b n" DC: :pass'o%" p%ote#te" ?D*, %epos to%&;

@ le: (ttp".#on3 :po%t on; .. ...

<D %e#to%& /va%/'''/(tml> *$t(4&pe Eas # *$t(Came P+too!es Web + te: ?o! n ' t( ema l a""%essP *$t(?D*,Fnable" on *$t(?D*,DG? l"ap://l"ap.&o$%-"oma n.#om:1Q./oWstoo!es?ma l *$t(?D*,E n"DC P#nW+too!e*"m n,oWstoo!esP *$t(?D*,E n",ass'o%" se#%et0 %e<$ %e val "-$se% </D %e#to%&> ...

..

F8amples: %e<$ %e val "-$se%: *llo' all $se%s 3 a$t(ent #at on :pass'o%"; s #o%%e#t. %e<$ %e $se% !%e! p( l bob: *llo' onl& !%e! p( l bob to lo! n. %e<$ %e !%o$p a##o$nt n!: *llo' onl& $se%s n !%o$p Pa##o$nt n!P to a$t(ent #ate. @o% t( s ?D*, a$t(ent #at on e8ample to 'o%5, #on3 !$%e &o$% ?D*, se%ve% ' t( o$% 6o? n$8 4(%ee +too!es e8ample an" set t(e pass'o%" n t(e /et#/openl"ap.slap".#on3 3 le. 4( s e8ample spe# 3 e" t(e $se o3 t(e ema l a""%ess as a lo! n ". I3 $s n! $se% "7s spe# 3&:

*$t(?D*,DG? l"ap://l"ap.&o$%-"oma n.#om:1Q./oWstoo!es?$ " *pa#(e -.-:

*$t(ent #ate $s n! *pa#(e (ttp" -.- *$t(N?D*,: Dse% *$t(ent #at on:

@ le: (ttp".#on3 :po%t on; .. ...

<D %e#to%& /va%/'''/(tml> *$t(4&pe Eas # *$t(Came P+too!es Web + te: ?o! n ' t( $se% "P *$t(Eas #,%ov "e% l"ap *$t(N?D*,*$t(o% tat ve on *$t(?D*,DG? l"ap://l"ap.&o$%-"oma n.#om:1Q./oWstoo!es?$ "?s$b *$t(?D*,E n"DC P#nW+too!e*"m n,oWstoo!esP

*$t(?D*,E n",ass'o%" se#%et0 %e<$ %e l"ap-$se% la%& #$%le& moe >oe bob ma%& </D %e#to%&> ... ..

4(e%e a%e t'o #on3 !$%at ons 3o% t(e " %e#t ve *$t(N?D*,*$t(o% tat ve: *$t(N?D*,*$t(o% tat ve on :"e3a$lt; *$t(N?D*,*$t(o% tat ve on

...

%e<$ %e l"ap-$se% la%& #$%le& moe >oe bob ma%&

*$t(N?D*,*$t(o% tat ve o33 *$t(N?D*,*$t(o% tat ve o33

...

%e<$ %e val "-$se%

4( s #on3 !$%at on allo's a 'ate%3all o3 ot(e% a$t(ent #at on met(o"s to be emplo&e" alon! s "e ?D*,. A%o$p *$t(ent #at on:

?D*, ?DI@ 3 le: :pa%t o3 o$% stoo!es e8ample; "n: #nW$se%s,o$W!%o$p,oWstoo!es

#n: $se%s ob>e#t2lass: top ob>e#t2lass: pos 8A%o$p ! "C$mbe%: 0// membe%D ": la%%& membe%D ": moe *pa#(e 2on3 !$%at on:

...

<D %e#to%& /va%/'''/(tml> )%"e% "en&,allo' Den& 3%om *ll *$t(4&pe Eas # *$t(Came P+too!es Web + te: ?o! n ' t( $se% "P *$t(Eas #,%ov "e% l"ap *$t(N?D*,*$t(o% tat ve on *$t(?D*,DG? l"ap://l"ap.&o$%-"oma n.#om:1Q./oWstoo!es?$ "?s$b *$t(?D*,E n"DC P#nW+too!e*"m n,oWstoo!esP *$t(?D*,E n",ass'o%" se#%et0 *$t(?D*,A%o$p*tt% b$te membe%D " *$t(?D*,A%o$p*tt% b$teIsDC o33 Ge<$ %e l"ap-!%o$p #nW$se%s,o$W!%o$p,oWstoo!es Ge<$ %e l"ap-att% b$te ! "C$mbe%W0// +at s3& an& </D %e#to%&>

... Cote: *llo' $se%s :?D*, att% b$te: membe%D "; n !%o$p ! "C$mbe%: 0// o3 ob>e#t2lass: pos 8A%o$p '( #( mat#( to t(e lo! n $ ", a$t(ent #at on app%oval. 4(e " %e#t ve *$t(?D*,A%o$p*tt% b$te "ent 3 es t(e att% b$te to mat#( ' t( t(e lo! n $ ". *$t(?D*,A%o$p*tt% b$teIsDC: on :"e3a$lt;: Dse DC :D st n!$ s(e" name; #nW9oe =o'a%",o$W9embe%A%o$p*,oWstoo!es o33: Dse $se%name moe 9$lt ple Ge<$ %e l"ap-!%o$p ... statements ma& be n#l$"e" to allo' m$lt ple !%o$ps. 9$lt ple Ge<$ %e l"ap-att% b$te ... statements ma& be n#l$"e" to allo' m$lt ple !%o$ps. 4(e " %e#t ve +at s3& an& s %e<$ %e" 3 test n! m$lt ple #on" t ons. )nl& one pos t ve n an& o3 t(e #on" t ons s %e<$ %e" to a$t(ent #ate. 4($s &o$ #an #omb ne t(e 3ollo' n! a$t(o% Nat on s#(emes as 'ell: Ge<$ %e l"ap-$se% Ge<$ %e l"ap-"n Ge<$ %e l"ap-att% b$te Ge<$ %e l"ap-3 lte% 2on#$%%ent @ le an" ?D*, a$t(ent #at on: *pa#(e #an $se bot( @ le an" ?D*, a$t(ent #at on #on#$%entl&. 4( s s somet mes %e<$ %e" to %$n #%on >obs ' t( a lo! n '(e%e &o$ "o not 'ant to $se a s&stem lo! n o% lo! n mana!e" b& a " %e#to%& se%ve% n anot(e% "epa%tment.

<D %e#to%& /*E2> )%"e% "en&,allo' Den& 3%om *ll *$t(4&pe Eas # *$t(Eas #,%ov "e% 3 le l"ap *$t(Came PD %e#to%& se%v #es lo! nP

*$t(Eas #*$t(o% tat ve o33 *$t(Dse%@ le /s%v/(tpass'" *$t(A%o$p@ le /"ev/n$ll *$t(N?D*,*$t(o% tat ve o33 *$t(?D*,DG? Pl"ap://l"ap.me!a#o%p.#om:1Q./o$Wpe%son,oWme!a#o%p.#om,#W$s?$ "?s$bP # 4( s $se% #%eate" 3o% lo#al #%on >obs. It s not a s&stem $se% an" allo's # t(e #%on >ob to pe%3o%m ts tas5. # 4( s $se% s not n t(e ?D*, " %e#to%& b$t n t(e pass'o%" 3 le /s%v/(tpass'" Ge<$ %e $se% #%on$se%>ob8 Ge<$ %e l"ap-$se% $se%a $se%b </D %e#to%&> Cote: *$t(Eas #,%ov "e% 3 le l"ap - 2(e#5 pass'o%" P3 leP a$t(ent #at on t(en ?D*, *$t(Eas #*$t(o% tat ve o33 - *llo's 3all ba#5 to anot(e% a$t( s#(eme, n t( s #ase ?D*, *$t(N?D*,*$t(o% tat ve o33 - *llo's 3all ba#5 to ot(e% a$t( s#(eme bes "es ?D*,, n t( s #ase 3 le Deb$!! n! *pa#(e *$t(ent #at on: +et ?o!?evel "eb$! '(en "eb$!! n! a$t(ent #at on. 4( s ' ll lo! all t(e ?D*, #onne#t on events an" t(e ?D*, att% b$tes %e<$este".

*$t(ent #at n! ' t( 9 #%oso3t *#t ve " %e#to%& $s n! 9 #%oso3t7s PDn 8 se%v #es 3o% W n"o'sP:

*$t(?D*,DG? l"ap://l"ap.&o$%-"oma n.#om:1Q./o$WFmplo&ees,o$W*##o$nts,"#Wsos,"#W#om? s*9*##o$ntCame?s$b *lso note t(at en#%&pte" #onne#t ons ' ll $se t(e DG? p%e3 8 Pl"aps://P an" t(e a""e" " %e#t ves: ?D*,4%$ste"2* " %e#to%&-pat(/3 lename ?D*,4%$ste"2*4&pe t&pe W(e%e t(e Pt&peP s one o3:

DFG_@I?F: 3 le n b na%& DFG 3o%mat E*+FTM_@I?F: 3 le n EaseTM 3o%mat 2FG4O_DE_,*4=: Cets#ape #e%t 3 #ate "atabase 3 le Gesta%t *pa#(e a3te% e" t n! t(e #on3 !$%at on 3 le: se%v #e (ttp" %esta%t 3o% #on3 !$%at on #(an!es to ta5e e33e#t. +ee /va%/lo!/(ttp"/e%%o%_lo! 3o% #on3 !$%at on e%%o%s.

? n5s: 6o? n$8 4$to% al: 2on3 !$%at on o3 an ?D*, se%ve% - n#l$"es a <$ #5 sta%t e8ample $s n! t(e 4(%ee +too!es. 6o? n$8 4$to% al: *pa#(e 'eb se%ve% #on3 !$%at on *pa#(e "o#$mentat on: *pa#(e -./: mo"_l"ap mo"_a$t(_l"ap *pa#(e -.-: mo"_l"ap mo"_a$t(nN_l"ap )t(e% ?D*, mo"$les: *pa#(e ?D*, mo"$le a$t(_l"ap - :*pa#(e 0.1; *pa#(e ?D*, mo"$le mo"_l"ap_$se%" % :*pa#(e -.8; *pa#(e mo"_a$t(_l"ap 'eb se%ve% mo"$le 3o% a$t(ent #at on ' t( Cets#ape o% )pen?D*, se%ve%s :=o'4o; Ds n! CI+ 3o% *pa#(e *$t(ent #at on: 4( s met(o" a$t(ent #ates $s n! *pa#(e on ? n$8 an" an CI+ se%ve%. 4(e a"vanta!e o3 $s n! CI+, s t(e #omonal t& o3 #omp$te% s&stem a##o$nts an" 'eb s te lo! ns. 4( s #on3 !$%at on %e<$ %es t(at t(e s&stem t(e *pa#(e 'eb se%ve% s %$nn n! on, m$st be $s n! CI+ a$t(ent #at on 3o% s&stem lo! ns.

4( s %e<$ %es a CI+ se%ve%. +ee t(e 6o? n$8.#om CI+ #on3 !$%at on t$to% al.

Ge<$ %es t(e ? n$8 G,9 pa#5a!e mo"_pe%l an" t(e 3ollo' n! ,e%l mo"$les:

F8tDt ls-*$toInstall Cet-CI+ *pa#(e--*$t(enCI+ o% *pa#(e-*$t(enCI+ 4(e ve%s on o3 *pa#(e "ete%m nes '( #( ,e%l mo"$les to $se: *pa#(e -.- :G=F?H, 2ent)+H, @2T;: Dse t(e ,e%l mo"$le *pa#(e--*$t(enCI+. *pa#(e -./ :G=F?M, 2ent)+M, @21;: Dse t(e ,e%l mo"$le *pa#(e-*$t(enCI+. Do'nloa" / Install ,e%l mo"$les:

Do'nloa" PF8tDt ls-*$toInstallP as an G,9 3%om Gepo@o%!e G,9s: pe%l-F8tDt ls-*$toInstall/.T1-0.-.elM.%3.noa%#(.%pm Install: %pm - v( pe%l-F8tDt ls-*$toInstall-/.T1-0.-.elM.%3.noa%#(.%pm Cet-CI+: :2,*C; ta% 8N3 Cet-CI+-/.1M.ta%.!N #" Cet-CI+-/.1M/ pe%l 9a5e3 le.,? ma5e ma5e nstall *pa#(e:-;-*$t(enCI+: *pa#(e -.*pa#(e -./

*pa#(e--*$t(enCI+: :2,*C; ta% 8N3 *pa#(e--*$t(enCI+-/.0H.ta%.!N #" *pa#(e--*$t(enCI+-/.0H pe%l 9a5e3 le.,?

ma5e ma5e nstall *pa#(e-*$t(enCI+: :2,*C; ta% 8N3 *pa#(e-*$t(enCI+-/.01.ta%.!N #" *pa#(e-*$t(enCI+-/.01 pe%l 9a5e3 le.,? ma5e ma5e nstall )% nstall 3%om 2,*C v a t(e nte%net:

pe%l -92,*C -e s(ell :*ns'e% no; nstall F8tDt ls::*$toInstall nstall Cet::CI+ nstall *pa#(e-::*$t(enCI+ :o% *pa#(e::*$t(enCI+; <$ t 4est ,e%l mo"$le:

@ le: test*pa#(e-*$t(enCI+.pl #I/$s%/b n/pe%l EFAIC]p$s( \IC2, P/$s%/l b/pe%lH/s te_pe%l/H.Q.Q/*pa#(e-P;^ eval P$se *pa#(e-::*$t(enCI+P; B(as*pa#(e*$t( W B\ ? / : 0; p% nt3 P*pa#(e-::*$t(enCI+P. :B(as*pa#(e*$t( ? PP : P notP; . P nstalle"P; p% nt3 P_nP;

4est: [%ootY# ./test*pa#(e-*$t(enCI+.pl

Aoo": *pa#(e-::*$t(enCI+ nstalle" Cot !oo": *pa#(e-::*$t(enCI+ not nstalle" )G @ le: test*pa#(e*$t(enCI+.pl #I/$s%/b n/pe%l EFAIC]p$s( \IC2, P/$s%/l b/pe%lH/s te_pe%l/H.Q.H/*pa#(eP;^ eval P$se *pa#(e::*$t(enCI+P; B(as*pa#(e*$t( W B\ ? / : 0; p% nt3 P*pa#(e::*$t(enCI+P. :B(as*pa#(e*$t( ? PP : P notP; . P nstalle"P; p% nt3 P_nP;

4est: [%ootY# ./test*$t(enCI+.pl Aoo": *pa#(e::*$t(enCI+ nstalle" Cot !oo": *pa#(e::*$t(enCI+ not nstalle" *pa#(e CI+ a$t(ent #at on F8amples:

%e<$ %e val "-$se%: *llo' all $se%s 3 a$t(ent #at on :pass'o%"; s #o%%e#t. %e<$ %e $se% !%e! p( l bob: *llo' onl& !%e! p( l bob to lo! n. %e<$ %e !%o$p a##o$nt n!: *llo' onl& $se%s n !%o$p Pa##o$nt n!P to a$t(ent #ate. 0; Gest% # a##ess to CI+ a$t(ent #ate" $se%s:

*pa#(e 2on3 !$%at on @ le: (ttp".#on3 :po%t on; .. ...

<D %e#to%& /(ome/"oma n/p$bl #_(tml/membe%sonl&> *$t(4&pe Eas #

*$t(Came P*"" &o$% lo! n messa!e (e%e.P ,e%l*$t(en=an"le% *pa#(e-::*$t(enCI+ ,e%l+etVa% *llo'*lte%nate*$t( no %e<$ %e val "-$se% </D %e#to%&> - o% *pa#(e::*$t(enCI+

... ..

-; Gest% #t to l ste" $se%s !%e!, p( l an" bob, b$t st ll a$t(ent #ate to CI+:

*pa#(e 2on3 !$%at on @ le: (ttp".#on3 :po%t on; .. ...

<D %e#to%& /(ome/"oma n/p$bl #_(tml/membe%sonl&> *$t(4&pe Eas # *$t(Came P*"" &o$% lo! n messa!e (e%e.P ,e%l*$t(en=an"le% *pa#(e-::*$t(enCI+ ,e%l+etVa% *llo'*lte%nate*$t( no %e<$ %e $se% !%e! p( l bob </D %e#to%&> - o% *pa#(e::*$t(enCI+

... ..

1; Gest% #t a##ess to CI+ membe%s o3 a spe# 3 # CI+ !%o$p:

*pa#(e 2on3 !$%at on @ le: (ttp".#on3 :po%t on; .. ...

<D %e#to%& /(ome/"oma n/p$bl #_(tml/membe%sonl&> *$t(4&pe Eas # *$t(Came P*"" &o$% lo! n messa!e (e%e.P ,e%l*$t(en=an"le% *pa#(e-::*$t(enCI+ ,e%l*$t(N=an"le% *pa#(e-::*$t(NCI+ ,e%l+etVa% *llo'*lte%nate*$t( no %e<$ %e !%o$p a##o$nt n! </D %e#to%&> - o% *pa#(e::*$t(enCI+ - o% *pa#(e::*$t(NCI+

... ..

Cote *pa#(e-::*$t(NCI+ onl& #(e#5s 3o% !%o$p membe%s( p b& !%o$p name :not AID;. *pa#(e-::*$t(enCI+ st ll %e<$ %e" to a$t(ent #ate t(e $se% :#(e#5 pass'o%";. F8ample s(o' n! pass'o%" p%ote#t on 3o% $se% 'eb " %e#to% es:

*pa#(e 2on3 !$%at on @ le: (ttp".#on3 :po%t on; .. ...

<I39o"$le mo"_$se%" %.#>

Dse%D % p$bl #_(tml </I39o"$le>

<D %e#to%& /(ome/K/p$bl #_(tml> *$t(4&pe Eas # *$t(Came P*"" &o$% lo! n messa!e (e%e.P ,e%l*$t(en=an"le% *pa#(e-::*$t(enCI+ ,e%l+etVa% *llo'*lte%nate*$t( no %e<$ %e $se% val "-$se% - o% *pa#(e::*$t(enCI+

*llo')ve%% "e @ leIn3o *$t(2on3 ! ? m t )pt ons 9$lt V e's In"e8es +&m? n5sI3)'ne%9at#( In#l$"esCoF8e# <? m t AF4 ,)+4 ),4I)C+> )%"e% allo',"en& *llo' 3%om all </? m t> <? m tF8#ept AF4 ,)+4 ),4I)C+> )%"e% "en&,allo' Den& 3%om all </? m tF8#ept> </D %e#to%&>

... ..

*lso see 6o? n$8 +&s*"m n: ,e%l *"m n

? n5s:

CI++ :9o%e se#$%e t(an CI+;: *pa#(e::*$t(enCI+,l$s A%o$p CI+ a$t(ent #at on: *pa#(e-::*$t(NCI+ *pa#(e::*$t(NCI+ Cote: *pa#(e allo's 3$%t(e% %est% #t on b& #l ent I, net'o%5 a""%ess o% s$bnet. ,ass'o%"s #an also be sent ove% an en#%&pte" (ttps #onne#t on b& $se o3 t(e *pa#(e " %e#t ve ++?Ge<$ %e++?. +ee *pa#(e ++?/4?+ en#%&pt on [,otent al , t3allY: 4( s met(o" o3 a$t(ent #at on ' ll 3a l 3 $s n! Pa">$n#t pass'o%" mapsP. 4( s ,e%l mo"$le %e<$ %es t(e $se o3 t(e l b%a%& #all &p_mat#(:; '( #( m$st (ave a##ess to t(e en#%&pte" pass'o%"s. I3 Pa">$n#t pass'o%" mapsP a%e $se", t(en t( s s not a##ess ble to p%o#esses ot(e% t(an %oot t($s t(e 'eb se%ve% "aemon p%o#ess apa#(e ' ll not be able to a##ess t(e "ata %e<$ %e". 4est &o$% s&stem $s n! t(e #omman" &p#at pass'" | (ea". I3 t(e se#on" 3 el" s p%e3 8e" ' t( P##P, t(en t( s pe%l mo"$le ' ll not 'o%5. I3 t(e se#on" 3 el" s an en#%&pte" pass'o%", t(en t( s pe%l mo"$le #an 'o%5.

2AI to allo' $se%s to mo" 3& t(e % CI+ ,ass'o%"s: @o% t(ose $se%s '(o !et a s(ell o3 /sb n/nolo! n, t(e P#! pa3P 'eb nte%3a#e s "eal 3o% $se% mana!ement o3 CI+ pass'o%"s. 2! pa3 $ses ,=,, #! :'% tten n 2; an" &o$% s&stem ,*9 a$t(ent #at on :o% /et#/pass'", /et#/s(a"o' 3 les;. 2! pa3 also #an mana!e ma l a##o$nts $s n! p%o#ma l.

Do'nloa" 3%om (ttp://'''.'a!ema5e%s.be/en!l s(/p%o!%ams/#! pa3

Installat on/#on3 !$%at on:

ta% 83 #! pa3-0.1.0.ta%.!N #" #! pa3-0.1.0/ ./#on3 !$%e --b n" %W/va%/'''/#! -b n --"ata" %W/s%v/#! pa3 --s&s#on3 !" %W/et#/#! pa3 --p%e3 8W/opt Cote: not( n! en"s $p n /opt ma5e ma5e nstall #" /s%v/#! pa3 ln -s #! pass'".p(p n"e8.p(p @ le: /et#/(ttp"/#on3."/#! pa3.#on3 :Ge" =at st&le s&stems;

*l as /CI+/ P/s%v/#! pa3/P

<D %e#to%& P/s%v/#! pa3P> ++?Ge<$ %e++? )pt ons In"e8es @ollo'+&m? n5s *llo')ve%% "e Cone )%"e% allo', "en& *llo' 3%om all </D %e#to%&>

Cote t(e *pa#(e - " %e#t ve P++?Ge<$ %e++?P ' ll onl& allo' (ttps en#%&pte" a##ess. 4( s s mpo%tant '(en mana! n! pass'o%"s ove% t(e 'eb. 4(e ,=, pa!es %es "e n /s%v/#! pa3/. 4(e #omp le" 2 #! ' ll %es "e n /va%/'''/#! -b n. 4(e #on3 !$%at on 3 le ' ll be /et#/#! pa3/#! pa3.#on3.

+ee t(e 'eb pa!e at (ttp://lo#al(ost/CI+/

Ds n! a 9&+Z? "atabase 3o% *pa#(e *$t(ent #at on: 4'o *pa#(e mo"$les a%e ava lable 3o% "atabase a$t(ent #at on:

9&+Z?: mo"_a$t(_m&s<l :4( s t$to% al; Ge" =at G,9 pa#5a!e: mo"_a$t(_m&s<l +$+F G,9 pa#5a!e: apa#(e--mo"_a$t(_m&s<l DE9 "atabase 3 le: mo"_a$t(_"bm :@ast even 3o% 0///7s o3 $se%s.; *pa#(e 2on3 !$%at on: Ge" =at: /et#/(ttp"/#on3/(ttp".#on3 o% /et#/(ttp"/#on3."/appl #at on.#on3 +$+F: /et#/apa#(e-/(ttp".#on3 o% /et#/apa#(e-/#on3."/appl #at on.#on3 .. ...

<D %e#to%& /(ome/"oma n/p$bl #_(tml/membe%sonl&> *$t(4&pe Eas # *$t(Came P*"" &o$% lo! n messa!e (e%e.P *$t(9&+Z?=ost lo#al(ost *$t(9&+Z?Dse% "b_$se% *$t(9&+Z?,ass'o%" "b_pass'o%" *$t(9&+Z?DE "atabase_name_$se"_3o%_a$t(ent #at on *$t(9&s<lDse%4able (ttp_a$t( *$t(9&+Z?,'Fn#%&pt on none *$t(9&+Z?Fnable on %e<$ %e val "-$se%

</D %e#to%&>

... ..

F8amples: %e<$ %e val "-$se%: *llo' all $se%s 3 a$t(ent #at on :pass'o%"; s #o%%e#t. %e<$ %e $se% !%e! p( l bob: *llo' onl& !%e! p( l bob to lo! n. %e<$ %e !%o$p a##o$nt n!: *llo' onl& $se%s n !%o$p Pa##o$nt n!P to a$t(ent #ate. D %e#t ves:

D %e#t ve

Des#% pt on

*$t(9&+Z?Fnable )n I3 7)337, 9&+Z? a$t(ent #at on ' ll pass on t(e a$t(ent #at on >ob to t(e ot(e% a$t(ent #at on mo"$les .e pass'o%" 3 les. *$t(9&+Z?=ost (ost_name Came o3 9&+Z? Database (os%. .e. 7lo#al(ost7 ,o%t n$mbe% o3 9&+Z? Database. De3a$lt: 11/T

*$t(9&+Z?,o%t 42,_,o%t_n$mbe%

*$t(9&+Z?DE "atabase_nameCame o3 9&+Z? Database. *$t(9&+Z?Dse% $se%_ " 9&+Z? Database lo! n ". 9&+Z? Database lo! n pass'o%". ,la n te8t. Came o3 9&+Z? Databse table n t(e "atabase Databse table (ol" n! !%o$p n3o.

*$t(9&+Z?,ass'o%" $se%_pass'o%"

*$t(9&+Z?Dse%4able $se%_table_name '( #( (ol"s t(e $se% name an" pass'o%"s. *$t(9&+Z?A%o$p4able !%o$p_table_name

*$t(9&+Z?Came@ el" $se%_3 el"_name I3 not $s n! "e3a$lt 3 el" name 7$se%_name7, t(en spe# 3&. Cot #ase sens t ve " 2=*G o% V*G2=*G. *$t(9&+Z?,ass'o%"@ el" pass'o%"_3 el"_name I3 not $s n! "e3a$lt 3 el" name 7$se%_pass'"7, t(en spe# 3&. ,ass'o%"s a%e #ase sens t ve. *$t(9&+Z?A%o$p@ el" !%o$p_3 el"_name spe# 3&. I3 not $s n! "e3a$lt 3 el" name 7!%o$ps7, t(en

*$t(9&+Z?Co,ass'" )33 )n: pass'o%" m$st be spe# 3 e".

)33: ,ass'o%"s #an be n$ll :77;.

*$t(9&+Z?,'Fn#%&pt on none )pt ons: none, #%&pt, s#%amble" :9&+Z? pass'o%" en#%&pt on;, m"H, aes, s(a. I3 &o$ a%e !o n! to $se pla n-te8t pass'o%"s 3o% m&s<l a$t(ent #at on, &o$ m$st n#l$"e t( s " %e#t ve ' t( t(e a%!$ment PnoneP. *$t(9&+Z?+alt@ el" salt_st% n! m&s<l_#ol$mn_name +alt 3 el" to be $se" 3o% #%&pt an" aes. *$t(9&+Z?*$t(o% tat ve on *$t(ent #ate $s n! ot(e% a$t(ent #at on mo"$les a3te% t(e $se% s s$##ess3$ll& a$t(ent #ate" b& t(e 9&+Z? a$t( mo"$le. De3a$lt on: %e<$est s not passe" on. *$t(9&+Z?Leep*l ve )33 9&+Z? *"m n: )33: 2lose t(e 9&+Z? l n5 a3te% ea#( a$t(ent #at on %e<$est.

m&s<la"m n -( lo#al(ost -$ %oot -ppass'o%" #%eate (ttp_a$t( m&s<l -( lo#al(ost -$ %oot -ppass'o%" m&s<l> $se (ttp_a$t( m&s<l> #%eate table m&s<l_a$t( : $se%_name #(a%:1/; C)4 CD??,$se%_pass'" #(a%:T/; C)4 CD??,$se%_!%o$p #(a%:-H;,p% ma%& 5e& :$se%_name; ;; m&s<l> nse%t nto m&s<l_a$t( val$es:7@%e"7,7s$pe%se#%et7,7'o%5e%7;; ? n5s:

=ome pa!e 3o% mo"_a$t(_m&s<l =ome pa!e 3o% mo"_a$t(_"bm [*pa#(e 0.1Y - [*pa#(e -./Y 6o? n$8 9&+Z? t$to% al ?o! n DG? 4% #5s: =e%e s a t% #5 to n#o%po%ate a lo! n an" pass'o%" nto a DG?. 4&p #all one 'o$l" attempt to ente% t(e pass'o%" p%ote#te" a%ea o3 t(e 'eb s te an" t(e $se% 'o$l" be #on3%onte" ' t( a lo! n " alo! bo8 nto '( #( one 'o$l" ente% t(e $se% " an" pass'o%". *not(e% opt on s to ente% a DG? ' t( t(e lo! n an" pass'o%" embe""e".

(ttp://lo! n- ":pass'o%"\D%l)3Doma n.#om/p%ote#te",at(/Web,a!e.(tml

? n5s: *pa#(e: Dse%s a$t(ent #at on ' t( ."bmpass'" pass'o%" 3 le *pa#(e::*$t(en+mb, *pa#(e-::*$t(en+mb - 9 #%oso3t *#t ve D %e#to%& a$t(ent #at on *pa#(e::*$t(en9+*D, *pa#(e-::*$t(en9+*D - +amba C4 ,D2 a$t(ent #at on *pa#(e::*$t(enC4?9, *pa#(e-::*$t(enC4?9 - 9 #%oso3t C4?9 ?*C p%oto#ol s$po%te" b& 9+/Inte%net F8plo%e%. ?o! n/pass'o%" #%e"ent als passe" on t(e 'eb se%ve% b& IF b%o'se%. )t(e% 3o%ms o3 'eb a$t(ent #at on: @a#eboo5 ,lat3o%m a$t(ent #at on - Ds n! )*$t( p%oto#ol, t(e @a#eboo5 *,I allo's "evelope%s to $se Javas#% pt, ,=,, ,&t(on, et#. IF4@ )*$t( -./ ,%oto#ol "%a3t )penID - "e#ent%al Ne" DG? base" a$t( *$t(ent #at on +e%ve% ,%ov "e%s: 6a(oo )penID Aoo!le )penID )penID 3o% Aoo!le *pps *,I ?a$n#(pa" Ve% s !n )penID - t'o 3a#to% a$t( *,I: mo"_a$t(_open " - *pa#(e )penI"MJava ? st o3 )penID ? b%a% es - "evelope% nte%3a#es +*9?: +e#$% t& *sse%t on 9a%5$p ?an!$a!e - R9? base" a$t(ent #at on *$t(ent #at on +e%ve% ,%ov "e%s: Aoo!le +*9?

+Z? +FGVFG ` Gesto%e +e<$en#e an" Dn"e%stan" n! C)GF2)VFG6 an" GF2)VFG6

I ma nta n a sp%ea"s(eet o3 <$est ons sent b& $se%s an" 3%om t(at I s n!le o$t a top # to '% te an" s(a%e m& 5no'le"!e an" op n on. Dnless an" $nt l I 3 n" an ss$e appeal n!, I "o not p%e3e% to '% te abo$t t, t ll t(e ss$e #%osses t(e t(%es(ol". 4o"a& t(e <$est on t(at #%osse" t(e t(%es(ol" s ` '(at s t(e " 33e%en#e bet'een C)GF2)FG6 an" GF2)VFG6 '(en %esto% n! "atabase.

4(e 3a#t s t(at one #an eas l& !o to 9+DC an" lea%n t(e " 33e%en#e, so I (ea" m&sel3 to 9+DC an" %ea" t(e " 33e%en#e. 4( s s '(at t(e Eoo5 )n ? ne s$!!ests (e%e.

C)GF2)VFG6 spe# 3 es t(at %oll ba#5 not o##$%. 4( s allo's %oll 3o%'a%" to #ont n$e ' t( t(e ne8t statement n t(e se<$en#e. In t( s #ase, t(e %esto%e se<$en#e #an %esto%e ot(e% ba#5$ps an" %oll t(em 3o%'a%". GF2)VFG6 :t(e "e3a$lt; n" #ates t(at %oll ba#5 s(o$l" be pe%3o%me" a3te% %oll 3o%'a%" s #omplete" 3o% t(e #$%%ent ba#5$p. Ge#ove% n! t(e "atabase %e<$ %es t(at t(e ent %e set o3 "ata be n! %esto%e" :t(e %oll 3o%'a%" set; s #ons stent ' t( t(e "atabase. I3 t(e %oll 3o%'a%" set (as not been %olle" 3o%'a%" 3a% eno$!( to be #ons stent ' t( t(e "atabase an" GF2)VFG6 s spe# 3 e", t(e Database Fn! ne ss$es an e%%o%.

Eoo5 )n ? ne (as ve%& #lea%l& e8pla ne" t(e same s$b>e#t an" p%ov "es s$## n#t e8planat on o3 t(e " 33e%en#e.

In ot(e% 'o%"s -

W( le "o n! GF+4)GF )pe%at on 3 &o$ %esto% n! "atabase 3 les, al'a&s $se C)GF2)VFG opt on as t(at ' ll 5eep "atabase n state '(e%e mo%e ba#5$p 3 le a%e %esto%e". 4( s ' ll also 5eep "atabase o33l ne also to p%event an& #(an!es, '( #( #an #%eate te!% t& ss$es. )n#e all ba#5$p 3 le s %esto%e" %$n GF+4)GF #omman" ' t( GF2)VFG6 opt on to !et "atabase onl ne an" ope%at onal.

It s also mpo%tant to be a#<$a nte" ' t( t(e %esto%e se<$en#e o3 (o' 3$ll "atabase ba#5$p s %esto%e".

@ %st, %esto%e 3$ll "atabase ba#5$p, " 33e%ent al "atabase ba#5$p an" all t%ansa#t onal lo! ba#5$ps WI4= C)GF2)VFG6 )pt on. *3te% t(at, b% n! ba#5 "atabase onl ne $s n! WI4= GF2)VFG6 opt on.

@ollo' n! s t(e sample Gesto%e +e<$en#e

GF+4)GF D*4*E*+F D*4*E*+F @G)9 3$ll_"atabase_ba#5$p WI4= C)GF2)VFG6; GF+4)GF D*4*E*+F D*4*E*+F @G)9 " 33e%ent al_ba#5$p WI4= C)GF2)VFG6; GF+4)GF ?)A D*4*E*+F @G)9 lo!_ba#5$p WI4= C)GF2)VFG6; -- Gepeat t( s t ll &o$ %esto%e last lo! ba#5$p GF+4)GF D*4*E*+F D*4*E*+F WI4= GF2)VFG6;

I (ope no' t s ve%& #lea% to &o$ all '(at s %esto%e se<$en#e an" t(e " 33e%en#e bet'een %e#ove%& opt ons.