RH253

Red Hat Network Services

and Security Administration
Welcome!
2
Objectives

Understanding and Managing FTP Server

Understanding FTP Server

FTP Server on!iguration

A""owing and #isa""owing Users

FTP "ient on!iguration

Accessing FTP Server

Understanding and Managing HTTP Server $ A%ac&e Server '

Understanding A%ac&e (e) Server

Hosting (e) Sites

*irtua" #irectory

Access ontro"

+, Scri%ts
3
Understanding FTP Server
4
What is FTP?
FTP- t&e Fi"e Trans!er Protoco"- is one o! t&e origina" network
a%%"ications deve"o%ed wit& t&e TP.,P %rotoco" suite/ ,t !o""ows t&e
standard mode" !or network services- as FTP re0uires a c"ient and a
server - t&e !irst im%"ementations o! FTP date )ack to 1231/
FTP set out to so"ve t&e need to %u)"is& documents and so!tware so
t&at %eo%"e cou"d get t&em easi"y !rom ot&er com%uter systems/ 4n t&e
FTP server- !i"es were organi5ed in a directory structure6 users cou"d
connect to t&e server over t&e network -and down"oad !i"es !rom 7and
%ossi)"y u%"oad !i"es to8 t&e server/
5
What is vsftpd?

T&e Very Secure FTP Server Very Secure FTP Server 7vsFTPd8 is t&e on"y FTP server so!tware
inc"uded in t&e Red Hat 9inu: distri)ution - vsFTPd is )ecoming t&e
FTP server o! c&oice !or sites t&at need to su%%ort t&ousands o!
concurrent down"oads/ ,t was a"so designed to secure your systems
against most common attacks/
6
Configuration Files

/etc/vsftpd/vsftpd.conf : Main on!iguration Fi"e

/etc/vsftpd/ftpusers : ontains Users "ist to deny %ermanent"y

/etc/vsftpd/userlist : ontains Users "ist to a""ow or deny

FTP uses TCP ports !" #for ftp data$ % !& #ftp progra'$.
7
Starting vsftpd service

service vsftpd start service vsftpd start

ch(config ))level *+, vsftpd on ch(config ))level *+, vsftpd on

8
Client Side Co''ands

For Connecting to FTP Server For Connecting to FTP Server

ftp -.-.-.-

For .nstalling Pac(ages fro' FTP server For .nstalling Pac(ages fro' FTP server

rp' )ivh ftp://-.-.-.-/pu//Server/pac(age.rp'

9
0ardening FTP

9imit users to t&eir ;&ome directory< on"y/ vi .etc.vs!t%d.vs!t%d/con!

chrootlocaluser123S
10
4i'iting 'a-i'u' connections

*SFTP# a""ows un"imited connection !rom t&e same c"ient ,P address/ =ou
can easi"y !orce vs!t%d !t% server to use "imited num)er o! connection/
T&ere is a s%ecia" directive ca""ed 'a-perip.

vi /etc/vsftpd/vsftpd.conf
'a-perip1*
'a-clients1! ))))) 'a- si'ultaneous connections
11
5llo6ing 7anony'ous8 upload to FTP

ST3P 9 &: vi /etc/vsftpd/vsftpd.conf

anonuploadena/le123S
cho6nuploads123S
cho6nuserna'e1dae'on
anonu'as(1"::
ST3P )!: Create a directory under 9 '(dir /var/ftp/inco'ing
ch'od :*" /var/ftp/inco'ing
cho6n root:ftp /var/ftp/inco'ing
ST3P 9 *: Set the ;oolean value:
setse/ool )P allo6ftpdfullaccess on
service vs!t%d restart
12
Understanding and <anaging
0TTP Server = 5pache Server >
13
What is 5pache We/ Server?

T&e ((( 7 World Wide We/ 8- as it is known today- )egan as a

%ro>ect o! Mr/ Ti' ;erners)4ee Ti' ;erners)4ee at t&e ?uro%ean Center for Particle
Physics 7?RN8/ T&e origina" goa" was to %rovide one consistent
inter!ace !or geogra%&ica""y dis%ersed researc&ers and scientists w&o
needed access to in!ormation in a variety o! !ormats/

From t&is idea came t&e conce%t o! using one c"ient 7t&e (e) )rowser8
to access data 7te:t- images- sounds- video- and )inary !i"es8 !rom
severa" ty%es o! servers 7HTTP- FTP and SMTP Servers 8

T&e 5pache We/ Server 5pache We/ Server was origina""y )ased on HTTPd- a !ree server
!rom NSA 7t&e Nationa" enter !or Su%ercom%uting A%%"ications8
14
5pache <ain Features

T&e sta)i"ity and ra%id deve"o%ment cyc"e associated wit& a "arge grou%
o! coo%erative vo"unteer %rogrammers/

Fu"" source code- down"oada)"e at no c&arge/

?ase o! con!iguration using %"ain@te:t !i"es/

Access@contro" )ased on c"ient &ost name.,P address or user

name.%assword com)inations/

Su%%ort !or server@side scri%ting as we"" as +, scri%ts/

15

T&e A%ac&e HTTP Server is a ro)ust- commercia"@grade o%en source (e)

server deve"o%ed )y t&e A%ac&e So!tware Foundation @@ www/a%ac&e/org/
Red Hat ?nter%rise 9inu: inc"udes t&e A%ac&e HTTP Server 2/2 as we"" as a
num)er o! server modu"es designed to en&ance its !unctiona"ity/

T&e de!au"t con!iguration !i"e insta""ed wit& t&e A%ac&e HTTP Server works
wit&out a"teration !or most situations/
16
5pache 0TTP Server !.!

There are important differences between the Apache HTTP Server 2.2 and
version 2.0 (version 2.0 shipped with Red Hat Enterprise Linu ! and ear"ier#.

Apache HTTP Server 2.2 features the fo""owin$ improvements over

version 2.0 %

&mproved cachin$ modu"es (mod'cache( mod'dis)'cache(

mod'mem'cache#.

A new structure for authentication and authori*ation support( rep"acin$

the authentication modu"es provided in previous versions.

Support for pro+ "oad ba"ancin$ (mod'pro+'ba"ancer#

Support for hand"in$ "ar$e fi"es (name"+( $reater than 2,-# on .2/bit
p"atforms
The fo""owin$ chan$es have been made to the defau"t httpd confi$uration%

The mod'cern'meta and mod'asis modu"es are no "on$er "oaded b+

defau"t.

The mod'et'fi"ter modu"e is now "oaded b+ defau"t.

17
.nstalling and Configuring 5pache

Main on!iguration Fi"e

/etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf

Main Service to contro" HTTP server

httpd httpd
18
0osting Virtual 0ost

Ste% 1A reating *irtua" &ost using con!iguration !i"e

vi /etc/httpd/conf/httpd.conf vi /etc/httpd/conf/httpd.conf

?Virtual0ost &@!.&AB.".&C ?Virtual0ost &@!.&AB.".&C

ServerDa'e station&.e-a'ple.co' ServerDa'e station&.e-a'ple.co'
Server5d'in rootEstation&.e-a'ple.co' Server5d'in rootEstation&.e-a'ple.co'
Focu'entGoot /var/666/ht'l/station& Focu'entGoot /var/666/ht'l/station&
Firectory.nde- inde-&.ht'l Firectory.nde- inde-&.ht'l
?/Virtual0ostC ?/Virtual0ostC

Ste% 2A Test HTTP on!iguration

httpd )t httpd )t

Ste% 3A Starting HTTP service

service httpd restart service httpd restart

ch(config ))level *+, httpd on ch(config ))level *+, httpd on

19
0osting <ultiple Sites

Ste% 1A reating *irtua" &ost using con!iguration !i"e

vi /etc/httpd/conf/httpd.conf vi /etc/httpd/conf/httpd.conf

Da'eVirtual0ost &@!.&AB.".& Da'eVirtual0ost &@!.&AB.".&

?Virtual0ost &@!.&AB.".&C ?Virtual0ost &@!.&AB.".&C

ServerDa'e station&.e-a'ple.co' ServerDa'e station&.e-a'ple.co'
Server5d'in rootEstation&.e-a'ple.co' Server5d'in rootEstation&.e-a'ple.co'
Focu'entGoot /var/666/ht'l/station& Focu'entGoot /var/666/ht'l/station&
Firectory.nde- inde-&.ht'l Firectory.nde- inde-&.ht'l
?/Virtual0ostC ?/Virtual0ostC

?Virtual0ost &@!.&AB.".&C ?Virtual0ost &@!.&AB.".&C

ServerDa'e station&.e-a'ple.co' ServerDa'e station&.e-a'ple.co'
Server5d'in rootEstation&.e-a'ple.co' Server5d'in rootEstation&.e-a'ple.co'
Server5lias 666&.e-a'ple.co' Server5lias 666&.e-a'ple.co'
Focu'entGoot /var/666/ht'l/station& Focu'entGoot /var/666/ht'l/station&
Firectory.nde- Firectory.nde- inde-!.ht'l inde-!.ht'l
?/Virtual0ostC ?/Virtual0ostC

20
Hosting Virtual Directory

Step 1: Creating Virtual Director u!ing con"iguration

"ile

vi /etc/httpd/conf/httpd.conf vi /etc/httpd/conf/httpd.conf

<VirtualHost 192.168.0.1 <VirtualHost 192.168.0.1

!erver"a#e station1.e$a#ple.co# !erver"a#e station1.e$a#ple.co#
!erver%d#in root&station1.e$a#ple.co# !erver%d#in root&station1.e$a#ple.co#
Docu#ent'oot /var/(((/ht#l/station1 Docu#ent'oot /var/(((/ht#l/station1
Directory)nde$ inde$1.ht#l Directory)nde$ inde$1.ht#l
<Directory */var/(((/ht#l/station1/data* <Directory */var/(((/ht#l/station1/data*
+ptions )nde$es +ptions )nde$es
+rder allo(,deny +rder allo(,deny
%llo( fro# all %llo( fro# all
</Directory </Directory
</VirtualHost </VirtualHost
21
Control Through .htaccess

Ste% 1A on!iguring con!iguration !i"e

vi /etc/httpd/conf/httpd.conf vi /etc/httpd/conf/httpd.conf

?Virtual0ost &@!.&AB.".&C ?Virtual0ost &@!.&AB.".&C

ServerDa'e station&.e-a'ple.co' ServerDa'e station&.e-a'ple.co'
Server5d'in rootEstation&.e-a'ple.co' Server5d'in rootEstation&.e-a'ple.co'
Focu'entGoot /var/666/ht'l/station& Focu'entGoot /var/666/ht'l/station&
Firectory.nde- inde-&.ht'l Firectory.nde- inde-&.ht'l
?Firectory H/var/666/ht'l/station&/dataHC ?Firectory H/var/666/ht'l/station&/dataHC
5llo6Iverride 5uthConfig 5llo6Iverride 5uthConfig
?/FirectoryC ?/FirectoryC
?/Virtual0ostC ?/Virtual0ostC
22
Control Through .htaccess

Ste% 2A reating /&taccess !i"e

vi .var.www.&tm".station1./&taccess

5uthDa'e Hrestricted siteH 5uthDa'e Hrestricted siteH

5uthType /asic 5uthType /asic
5uthUserFile /etc/httpd/htpass6d 5uthUserFile /etc/httpd/htpass6d
reJuire valid)user reJuire valid)user

Ste% 3A Adding Users to &tt% access !i"e

htpass6d )'c /etc/httpd/htpass6d root htpass6d )'c /etc/httpd/htpass6d root

htpass6d )' /etc/httpd/htpass6d alo( htpass6d )' /etc/httpd/htpass6d alo(

23
Using CK. Scripts

Ste% 1A Modi!y &tt%d/con! !i"e

?Virtual0ost &@!.&AB.".!,+C ?Virtual0ost &@!.&AB.".!,+C

ServerDa'e ServerDa'e server&.e-a'ple.co' server&.e-a'ple.co'
Server5d'in rootEserver&.e-a'ple.co' Server5d'in rootEserver&.e-a'ple.co'
Focu'entGoot /var/666/ht'l/station& Focu'entGoot /var/666/ht'l/station&
Firectory.nde- inde-&.ht'l Firectory.nde- inde-&.ht'l
Script5lias /cgi)/in/ /var/666/ht'l/station&/cgi)/in/ Script5lias /cgi)/in/ /var/666/ht'l/station&/cgi)/in/
?/Virtual0ostC ?/Virtual0ostC
24
CK. Script

Ste% 2A reate Scri%t Fi"e

vi /var/666/ht'l/station&/cgi)/in vi /var/666/ht'l/station&/cgi)/in
LM//in//ash LM//in//ash
echo Content)type: te-t/ht'l echo Content)type: te-t/ht'l
echo echo
echo H?preCH echo H?preCH
echo <y userna'e is: echo <y userna'e is:
6hoa'i 6hoa'i
echo echo
echo <y id is: echo <y id is:
id id
echo H?/preCH echo H?/preCH
25
CK. Script

Ste% 3A Assigning %ermission to +, scri%t

ch'od ,,, /var/666/ht'l/station&/cgi)/in ch'od ,,, /var/666/ht'l/station&/cgi)/in

?
#ue!tion!