Wednesday, November 30, 2011

LAMP Server Configuration

-->
Introduction:-
LAMP stand Linux (operating system) Apache (HTTP server) MySQL (database software) and PHP ( or Perl or Python). LAMP Server is Linux web development environment. It allowes you to create web applications with Apache, PHP and MySQL database. It also come with PHPMyAdmin and SQLiteManager to easily manage your database.

Per quest on server:-
  • Configure IP = 192.168.1.1
  • Hostname = server.anup.co.in
1] Install Apache
[root@server ~]# yum install httpd  -y

2] Start apache service
[root@server ~]# service httpd start
[root@server ~]# chkconfig httpd on

3] Install MySQL Database Server
[ MySQL is a widely used open source database server on most linux server and can very well integrate tp PHP and Apache server on RHEL5 ]
[root@server ~]# yum install mysql mysql-server -y
[root@server ~]# service mysqld start

4] Change MySQL root password [ By default the root password is empty for mysql database. ]
[root@server ~]# mysql
mysql> USE mysql;
mysql> UPDATE user SET Password=PASSWORD('newpassword') WHERE user='root';
mysql> FLUSH PRIVILEGES;

5] Once done check by loging in:
[root@server ~]# mysql -u root -p
Enter password: <your new password>

6] Create a new mysql user
[root@server ~]# mysql -u root -p
mysql> create database lamp
mysql> GRANT ALL PRIVILEGES ON lamp.* TO 'anup'@'localhost' IDENTIFIED BY 'anup' WITH GRANT OPTION;
mysql> UPDATE user SET Password=PASSWORD('anup') WHERE user='anup';
mysql> quit

7] Install PHP language
[root@server ~]# yum install php php-gd -y

8] To load PHP restart apache
[root@server ~]# service httpd restart

9] To test PHP working or not
[root@server ~]# vim /var/www/htm/demo.php
// demo.php
<?php
phpinfo();
?>
:wq

10] Open the browser and type following URL
Syntax = http://<ip address>/demo.php
  • Observe the installed configuration on server
    • PHP paths
    • Apache paths and loaded module
    • PHP gd library
    • MySQL path
11] Download and Install PHPMyAdmin
[ PHPMyAdmin is web based MySQL database administration tool ]

12] Edit phpmyadmin configuration file
[root@server ~]# vi /etc/httpd/conf.d/phpmyadmin.conf (Remove the hash from Deny from all)
<Directory "/usr/share/phpmyadmin">
  Order Deny,Allow
  # Deny from all
  Allow from 127.0.0.1
  </Directory>
13] Open conf.inc.php file and make following changes
[root@server ~]# vi /usr/share/phpmyadmin/conf.inc.php
$cfg[ 'blowfish_secret' ] = 'password'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
:wq

14] Restart all service once again
[root@server ~]# service httpd restart
[root@server ~]# service mysqld restart
[root@server ~]# chkconfig httpd on
[root@server~]# chkconfig mysqld on

15] Ponit your browser to following URL:
Syntax = http://<ip address>/phpmyadmin

[ Note = If you encounter of error to open phpmyadmin then paste extracted directory of phpmyadmin to /var/www/html/ and rename it as phpmyadmin ]

Tuesday, November 29, 2011

YUM Configuration

Introduction:-
YUM stands for Yellowdog Update Modifier. Yum is used to install package in network. Yum is configured on one server in network and client uses that the repo file to install package from server. Yum resolves the dependency problem.
Requirement:-
  • Red hat installed machine
  • DVD/CD of Red Hat Enterprise Linux
Per quest:-
  • Configure IP = 192.168.1.1
  • Hostname = server.rootuser.in
1] Mount the CD/DVD
[root@server ~]# mount /dev/cdrom /mnt
2] Install required package
[root@server ~]# cd /mnt/Server
[root@server Server]# rpm -ivh vsftpd-2.0.5(press tab)
[root@server Server]# rpm -ivh createrepo(press tab)
3] Copy all the content of CD/DVD under pub directory which is automatically created when you install vsftpd package
[root@server ~]# cp -rvp /mnt/* /var/ftp/pub/
4] Now create repository of package to Serve directory
[root@server ~]# createrepo -g /var/ftp/pub/Server
5] Now create repo file which containthe path of yum server
[root@server ~]# vim /etc/yum.repos.d/anup.repo
[Server]
name = my yum server
enabled=1
gpgcheck=0
:wq
6] Set Selinux secrity related options.
[root@server ~]# getsebool -a | grep ftp
[root@server~]# setsebool allow_ftpd_full_access on
[root@server ~]# setsebool ftp_home_dir on
[root@server ~]# getsebool -a | grep ftp
7] Start the vsftpd server
[root@server ~]# service vsftpd start
[root@server ~]# chkconfig vsftpd on
8] Now update the yum
[root@server ~]# yum clean all
[root@server ~]# yum update all
9] To test Yum Server install any package the dependency problem is must be resolved by Yum.
[root@server ~]# yum install firefox* -y
YUM Client Side:-
1] Check communication with server
[anup@client ~]$ ping 192.168.1.1
2] Now create the repo file which contain the path of yum server
[anup@client ~]$ vim /etc/yum.repos.d/client.repo
[Server]
name=my yum server
enabled=1
gpgcheck=0
:wq
3] Finall update yum
[anup@client ~]$ yum clean all
[anup@client ~]$ yum update all
4] Try to install package
[anup@client ~]$ yum install firefox* -y
5] To remove package
[anup@client ~]$ yum remove firefox* -y

Monday, November 28, 2011

FTP Server Configuration

Introduction:-
FTP is File Transfer Protocol which is used to transfer files between server and clients. FTP is most used protocol over internet to transfer files and it support all the platforms. FTP server works on client-server architecture. FTP client can easily connect to FTP server and it can download and upload files.
Requirement:-
  • Package = vsftpd
  • Port = 20 [ Control Connection ]
                      21 [ Data Control ]
  • Configuration File = /etc/vsftpd/vsftpd.conf
  • Service = vsftpd
  • FTP home dirctory = pub
Per quest on FTP Server:-
  • Configure FTP Server IP = 192.168.1.1
  • Configure Linux Client IP = 192.168.1.2
  • Configure Windows Client IP = 192.168.1.3
  • Hostname = server.rootuser.in
  • Firewall must be disabled of Server and Client
FTP Server Side Configuration:-
1] Install vsftpd package for FTP service
[root@server ~]# yum install vsftpd* -y
2] Verify wheather the package is install or not
[root@server ~]# rpm -qa vsftpd
3] Edit main configuration file of FTP service. ( Uncomment the follwoing lines which are in BOLD format)
[root@server ~]# vim /etc/vsftpd/vsftpd.conf
#Allow anonymous user to get login to FTP   anonymous_enable=YES
#To allow local users to log in uncommnet this line. 
local_enable = YES
#Uncomment this line if you want local users to be able to upload files.
write_enable = YES
#To allow uploading for anonymous user uncomment this line.
anon_upload_enable=YES
#To activate loging of uploading and downloading.
xferlog_enbable = YES
#The log file of FTP are default store location is; you may change this location
xferlog_file=/var/log/vsftpd.log
#You may change the default value for timing out an idle session.
idle_session_timeout=1200
# You may for some reason decide to limit that amount of users that connect to your
servers at any time, and how many simultaneous connections can be maintained from
each ip address then add following line to the end of file: 
max_clients=20
max_per_ip=4
:wq

4] Create the resources that are downloaded by anonymous user, and create upload 
directory to store uploaded files of public user.
[root@server ~]# cd /var/ftp/pub
[root@server pub]# touch anup1 anup2 anup3 anup4 anup5
[root@server pub]# ls
[root@server pub]# cd ..
[root@server ftp]# mkdir upload
[root@server ftp]# cd
5] Create one local user to get login to FTP service from client side.
[root@server ~]# useradd anup
[root@server ~]# passwd anup  
6] Set Selinux security related options.
[root@server ~]# getsebool -a | grep ftp
[root@server ~]# setsebool allow_ftpd_full_access on
[root@server ~]# setsebool ftp_home_dir on
[root@server ~]# getsebool -a | grep ftp  
7] Finally start vsftpd service and make it permanent at next reboot
[root@server ~]# service vsftpd start
[root@server ~]# chkconfig vsftpd on    
FTP Client Side Configuration
1] Check communication wih FTP Server
[root@client ~}# ping 192.168.1.1
2] Create some files to upload.
[root@client ~}# mkdir data
[root@client ~}# cd data
[root@client data]# touch file1 file2 file3 file4
[root@client data]# cd  
3] Now try to connect with anonymous user and password is blan (just press enter).
[root@client data]# ftp 192.168.1.1
Username : anonymous
password : <┘(press enter)
Log in successful.
ftp> ls
ftp> cd pub
ftp> get anup1 # To download single file.
ftp> get anup* # To download multiple file.
ftp> cd ..
ftp> cd upload
ftp> put file1 # To upload single file.
ftp> put file* # To upload multiple file.
ftp> bye
[root@client data]# ls
[ Note = Go to FTP server machine and verify the file which are uploaded under /var/ftp/upload ]  
4] You can also connect to FTP with local user which we have created initally. ( i.e. Anup )
[ Note = Local user must connect to it's home directory on server ]
[anup@client ~]$ ftp 192.168.1.1
Username : anup
password : anup
Login Successful.
ftp> bye

Thursday, November 24, 2011

Install DenyHosts


Install Denyhosts to prevent SSH dictionary attacks

Introduction:-
Brute force attacks or dictionary based attacks are common these days for servers. DenyHosts is an excellent python tool to prevent such attacks. It will detects failed attempts and prevent offending Host/IP for further connection by adding it to /etc/hosts.deny file.

DenyHosts is a tool that observes login attempts to SSH, and if it finds failed login attempts again and again from the same IP address, DenyHosts blocks further login attempts from that IP address by putting it into /etc/hosts.deny. DenyHosts can be run by cron or as a daemon.

1] DenyHosts is written in Python, therefore we must install Python and also the Python development files first
[root@server ~]# yum install python* -y

2] Download denyhosts from following link and paste it on your desktop
Denyhosts Download Link =
http://kaz.dl.sourceforge.net/project/denyhosts/denyhosts/2.6/DenyHosts-2.6.tar.gz

3] Run the python script and install denyhosts
[root@server ~]# cd /root/Desktop
[root@server Desktop]# tar -xvzf DenyHosts-2.6.tar.gz
[root@server Desktop]# ls
[root@server Desktop]# cd DenyHosts-2.6
[root@server DenyHosts-2.6]# python setup.py install
[root@server DenyHosts-2.6]# cd

[ Note = This installs denyhots to /usr/share/denyhosts ]

4] Create the denyhosts configuration file using sample configuration file
[root@server ~]# cp /usr/share/denyhosts/denyhosts.cfg-dist /usr/share/denyhosts/denyhosts.cfg

5] Edit file denyhosts.cfg as shown below
[root@server ~]# vim /usr/share/denyhosts/denyhosts.cfg
DENY_THRESHOLD_INVALID = 5   -->  DENY_THRESHOLD_INVALID = 3
DENY_THRESHOLD_VALID = 10     -->  DENY_THRESHOLD_VALID = 4
:wq

6]Create denyhosts daemon file using sample script
[root@server ~]# cp /usr/share/denyhosts/daemon-control-dist /usr/share/denyhosts/daemon-control


7] Edit daemon-control file and make sure you set the correct values for following options
[root@server ~]# vim /usr/share/denyhosts/daemon-control
DENYHOSTS_BIN = "/usr/bin/denyhosts.py"
DENYHOSTS_LOCK = "/var/run/denyhosts.pid"
DENYHOSTS_CFG = "/usr/share/denyhosts/denyhosts.cfg"
:wq

8] Now make that file executable
[root@server ~]# chown root /usr/share/denyhosts/daemon-control
[root@rootuser ~]# chmod 700 /usr/share/denyhosts/daemon-control

9] Now create the system bootup links for denyhosts
[root@server ~]# cd /etc/init.d
[root@server init.d]# ln -s /usr/share/denyhosts/daemon-control denyhosts

10] Start denyhosts service
[root@server ~]# /etc/init.d/denyhosts start

[ Note = After you have crossed the threshold of incorrect login attempts, the IP address from which you tried to connect should get listed in /etc/hosts.deny. ]

Wednesday, November 23, 2011

PXE Boot Server on Linux


-->

How to configure PXE Boot Server on Linux

This notes will be helpful for linux admins who frequently installs different linux os. PXE boot is one of the best option to start linux installation and for rescue of the other failed systems. We are using RHEL5 as PXE boot server.

Use IP = 192.168.1.1
Hostname = server.anup.co.in

NOTE : Here I am using the IP address 192.168.1.1 you can edit it as per your network.

1] Install syslinux & tftp-server
[root@server ~]# yum install tftp-server -y

2] Enable syslinux at boot time
[root@server ~]# vim /etc/xinetd.d/tftp
edit the line no. 14
disable = no
:wq

3] Restart service
[root@server ~]# service xinetd restart
[root@server ~]# chkconfig xientd on

4] Mount CD/DVD and copy it to rhel folder

[root@server ~]# mount /dev/cdrom /mnt
[root@server ~]# mkdir -p /var/ftp/pub/rhel
[root@server ~]# cp -rvp /mnt/* /var/ftp/pub/rhel

5] Copy the needed files from syslinux to the tftpboot directory

[root@server ~]# cp /usr/lib/syslinux/pxelinux.0 /tftpboot
[root@server ~]# cp /usr/lib/syslinux/menu.c32 /tftpboot
[root@server ~]# cp /usr/lib/syslinux/mboot.c32 /tftpboot
[root@server ~]# cp /usr/lib/syslinux/chain.c32 /tftpboot

6] Create the base directory for image. Create directories for each RHEL release you supporting.

[root@server ~]# mkdir -p /tftpboot/images/rhel
[root@server ~]# cp /var/ftp/pub/rhel/images/pxeboot/vmlinuz /tftpboot/images/rhel/
[root@server ~]# cp /var/ftp/pub/rhel/images/pxeboot/initrd.img /tftpboot/images/rhel/

7] Install DHCP server.

[root@server ~]# yum install dhcp -y

8] Configure DHCP server. Add following lines to your /etc/dhcp/dhcpd.conf make suitable changes for your network.

[root@server ~]# vi /etc/dhcpd.conf

option domain-name "anup.co.in";
option domain-name-servers 192.168.1.1;
default-lease-time 600;
max-lease-time 7200;

allow booting;
allow bootp;
next-server 192.168.1.1;
filename “/pxelinux.0”;

subnet 192.168.1.0 netmask 255.255.255.0 {
        range dynamic-bootp 192.168.1.100 192.168.1.200;
    option routers 192.168.1.1;
}
:wq

10] Start dhcp service
[root@server ~]# service dhcpd start

11] Create the directory for your PXE menus
[root@server ~]# mkdir -p /tftpboot/pxelinux.cfg

12] Sample config file
[root@server ~]# vi /tftpboot/pxelinux.cfg/default
default menu.c32
prompt 0
timeout 50

MENU TITLE ANUP PXE Menu

LABEL Red Hat Enterprise Linux 5.4
MENU LABEL RHEL 5.4
KERNEL images/rhel/vmlinuz
append vga=normal initrd=images/rhel/initrd.img ramdisk_size=32768
method=ftp://192.168.1.1/pub/rhel
:wq

Test the PXE server:
* Make changes in the BIOS settings and boot client machine from network. OR just press F12 to boot from network.