Archive for Linux

Installation of Apache Tomcat with truted HTTPs

I have done it for Debian. Trusted HTTPS configuration is the last page. I took help from the URL:
http://www.debianhelp.co.uk/apachetomcat.htm
http://www.debianhelp.co.uk/selfcert.htm
Requirements:

Apache2, mod_jk, apache tomcat 5.5.16,  JDK, openssl, libapache-mod-ssl

Step by step Configuration:
1. Install apache2. For tomcat we have to change some from the normal configuration. (I folowed the URL http://www.debianhelp.co.uk/apachetomcat.htm )

2. Install JDK at Debian. (I followed the URL http://www.debianhelp.co.uk/apachetomcat.htm ).
3. Install and Configuring Tomcat.
a. Download the tar.gz file from
http://tomcat.apache.org/download-55.cgi
b. extract the files using following commands.
#cd /downloads #unp apache-tomcat-5.5.16.tar.gz

#mv apache-tomcat-5.5.16 /usr/lib

c.#cd /usr/lib

d. Now create a symbolic link called apache-tomcat to the CATALINA_HOME by the following command.
#ln -s apache-tomcat-5.5.16 apache-tomcat

e. #cd /usr/lib/apache-tomcat/bin

f. #./startup.sh

4. Install and Configure mod_jk (I followed the URL http://www.debianhelp.co.uk/apachetomcat.htm)

5.  Configuring Tomcat and Apache. (I followed URL http://www.debianhelp.co.uk/apachetomcat.htm)

a. First create the workers.properties file in your Apache2 root directory.

b. open the workers.properties file and add some lines.(For details http://www.debianhelp.co.uk/apachetomcat.htm)

c. Add some  lines at /etc/apache2/apache2.conf file (For details http://www.debianhelp.co.uk/apachetomcat.htm)

d. add a user tomcat at a group tomcat.

e. change the user and group of the Tomcat path

f. change the password of tomcat.

g. start and stop tomcat server using tomcat user

h. restart apache2.

6. Creating self signed SSL Certification Using OpenSSL (for details http://www.debianhelp.co.uk/selfcert.htm )

a. install openssl and libapache-mod-ssl

b. create a workable directory.

c. create a database for the certificates we will sign

d. We have to add some lines to openssl.cnf (for deatils check http://www.debianhelp.co.uk/selfcert.htm)

e. Run the following command:

openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem \

-out cacert.pem -days 3650 -config ./openssl.cnf

7. Creating a Certificate Signing Request (CSR):

a.Our configuration file needs some more definitions for creating non-CA certificates. Add the following at the end of the file:

[ v3_req ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash

b. insert the following line to the req section after the distinguished_name line as shown:

distinguished_name = req_distinguished_name
req_extensions = v3_req

c. Now we are ready to create first certificate request.

d. openssl req -new -nodes -out req.pem -config ./openssl.cnf

e. openssl req -in req.pem -text -verify -noout

f.Signing a certificate: Insert some line at openssl.cnf file (for detail http://www.debianhelp.co.uk/selfcert.htm)

g. openssl ca -out cert.pem -config ./openssl.cnf -infiles req.pem

h. Installing the certificate and key.

cat key.pem cert.pem  key-cert.pem

i. After this step, you have three installable components to choose from: A private key in key.pem, A certificate in cert.pem, A combined private key and certificate in key-cert.pe.

Copy the appropriate files into the locations specified by the instructions for your application and system. Restart the applications, and you are in operation with your new certificate.

j. Apache (For details URL http://www.debianhelp.co.uk/selfcert.htm)

k. Stunnel (For Details URL http://www.debianhelp.co.uk/selfcert.htm)

l. Distributing CA Certificates (For Details URL http://www.debianhelp.co.uk/selfcert.htm)

m. Renewing Certificates(For Details URL http://www.debianhelp.co.uk/selfcert.htm)

Advertisements

Leave a Comment

FTP server configuration on Redhat

How To Download And Install The VSFTP Package:

RedHat and Fedora software is installed using RPM packages. As of this writing, the most recent Fedora version used a VSFTP RPM file is named:

# vsftpd-1.2.0-5.i386.rpm

Now download the file to a directory such as /tmp and install it using the rpm command:

[root@bigboy tmp]# rpm -Uvh vsftpd-1.2.0-5.i386.rpm
Preparing… ########################################## [100%]
1:vsftpd     ########################################## [100%]

[root@bigboy tmp]#

How To Get VSFTP Started

Redhat Version 9, Fedora Core 1And Newer

You can start/stop/restart vsftpd after booting by using the following commands:

[root@bigboy tmp]# /etc/init.d/vsftpd start
[root@bigboy tmp]# /etc/init.d/vsftpd stop
[root@bigboy tmp]# /etc/init.d/vsftpd restart

To get vsftpd configured to start at boot:

[root@bigboy tmp]# chkconfig –level 345 vsftpd on

Testing To See If VSFTP Is Running

[root@bigboy root]# netstat -a | grep ftp
tcp        0        0        *:ftp         *:*        LISTEN
[root@bigboy root]#


Configuring The VSFTP as anonymous:

# vi /etc/vsftpd/vsftpd.conf

anonymous_enable=YES
local_enable=YES
write_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
xferlog_enable=YES

Other vsftpd.conf Options

There are many other options you can add to this file including:

Limiting the maximum number of client connections (max_clients)

Limiting the number of connections by source IP address (max_per_ip)

The maximum rate of data transfer per anonymous login. (anon_max_rate)

The maximum rate of data transfer per non-anonymous login. (local_max_rate)

Descriptions on this and more can be found in the vsftpd.conf man pages.

The /etc/vsftpd.ftpusers File

For added security you may restrict FTP access to certain users by adding them to the list of users in this file. Do not delete entries from the default list, it is best to add.

Anonymous Upload

If you want remote users to write data to your FTP server then it is recommended you create a write-only directory within /var/ftp/pub. This will allow your users to upload, but not access other files uploaded by other users. Here are the commands to do this:


[root@bigboy tmp]# mkdir /var/ftp/pub/upload
[root@bigboy tmp]# chmod 733 /var/ftp/pub/upload

FTP Greeting Banner

Change the default greeting banner in the vsftpd.conf file to make it harder for malicious users to determine the type of system you have.


ftpd_banner= New Banner Here

Configuring The VSFTP as Sucure Users:

# vi /etc/vsftpd/vsftpd.conf

# anonymous_enable=YES
local_enable=YES
write_enable=YES
# anon_upload_enable=YES
# anon_mkdir_write_enable=YES
xferlog_enable=YES

FTP Users With Only Read Access To A Shared Directory:

Create a user group and shared directory. In this case well use “/home/ftp-users” and a user group name of “ftp-users” for the remote users.

[root@bigboy tmp]# groupadd ftp-users
[root@bigboy tmp]# mkdir /home/ftp-docs

Make the directory accessible to the ftp-users group.

[root@bigboy tmp]# chmod 750 /home/ftp-docs
[root@bigboy tmp]# chown root:ftp-users /home/ftp-docs

Add users, and make their default directory /home/ftp-docs

[root@bigboy tmp]# useradd -g ftp-users -d /home/ftp-docs user1
[root@bigboy tmp]# useradd -g ftp-users -d /home/ftp-docs user2
[root@bigboy tmp]# useradd -g ftp-users -d /home/ftp-docs user3
[root@bigboy tmp]# useradd -g ftp-users -d /home/ftp-docs user4
[root@bigboy tmp]# passwd user1
[root@bigboy tmp]# passwd user2

[root@bigboy tmp]# passwd user3
[root@bigboy tmp]# passwd user4

Change the permissions of the files in the /home/ftp-docs directory for read only access by the group

[root@bigboy tmp]# touch /home/ftp-docs/abc
[root@bigboy tmp]# chown root:ftp-users /home/ftp-docs/*
[root@bigboy tmp]# chmod 740 /home/ftp-docs/*

Users should now be able to log in via ftp to the server using their new user names and passwords. If you absolutely don’t want any FTP users to be able to write to any directory then you should comment out the write_enable line in your vsftpd.conf file like this:

#write_enable=YES

Restart vsftp for the configuration file changes to take effect.

Sample Login Session To Test Funtionality

Check for the presence of a test file on the ftp client server.

[root@smallfry tmp]# ls
total 1
-rw-r–r– 1 root root 0 Jan 4 09:08 testfile


[root@smallfry tmp]#

Now we have to keep the file in location:

# cd /home/ftp-docs/ that will be downloaded.

Comments (2)

DNS configuration at Debian 4.0

Hello, today some while ago i configured a DNS on Debian successfully. I ma writting this post using my DNS. Here is the configuration method of DNS.

Step1. At the very beginning I installed the package bind9 that is used for configuring DNS at Debian. I just write down the command,

apt-get install bind9

It will install the package bind9 within few minutes and now, we are ready to configure our DNS server.

Edit file named.conf in directory /etc/bind . And in this tutor, the domain is test.com.

vi /etc/bind/named.conf

Here we have to add the following lines at the end last ‘Zone’ paragraph.

zone “test.com” {
type master;
file “/etc/bind/test”;
};

zone “1.62.10.in-addr.arpa.” {
type master;
file “/etc/bind/reverse”;
};

after it, save and exit with type “:wq!”

and now we have to make the zone file and reverse zone file, in directory as we edited in file named.conf

vi /etc/bind/test
and you have to put some configuration like this;

$TTL 604800
1.62.10.in-addr.arpa. IN SOA debian. root.test.com. (

1 ;

Serial 604800 ;

Refresh 86400 ;

Retry 2419200 ;

Exipire 604800 ) ;

Negative Cache TTL
;
@ IN NS debian.test.com.
@ IN MX 10 debian.test.com.
debian IN A 10.62.1.100
www IN CNAME debian.test.com.

then save and exit, with type “:wq!

after it, you must create reverse zone file

vi /etc/bind/reverse
then put some configuration like this;

test’s zone file :
$TTL 64800
@ IN SOA debian root.test.com (
1 ;

serial 7200 ;

refresh 7200 ;

retry 36000 ;

expire 7200 ) ;

mimimum
;
@ IN NS debian.test.com.

debian IN A 10.62.1.100

100 IN PTR debian.test.com.

then save and exit, with type “:wq!

and now you should configure dns resolver.

Edit file of directory /etc/resolv.conf
and put some configuration there!


vi /etc/resolv.conf


And add the following lines.

search test.com
nameserver 10.62.1.100

then save and exit with type “:wq!

and now you should configure the host file.

vi /etc/hosts

put some configuration there!

127.0.0.1 localhost
10.62.1.100 debian.test.com debian

Note: IP address in that domain is 10.62.1.100
and that host has domain test.com
Hope to get suggestion from you.

Leave a Comment

Some useful commands at Windows

You can run the following commands to directly open these programs

appwiz.cpl >>Add/Remove Programs
desk.cpl >> Display Properties
firewall.cpl >> Firewall Settings
inetcpl.cpl >> Internet Options
mmsys.cpl >> Sound and Audio
ncpa.cpl >> Network Connections
nusrmgr.cpl >> User Accounts
powercfg.cpl >> Power Options
sysdm.cpl >>System Properties
wscui.cpl >> Security Center
wuaucpl.cpl >> Automatic Updates Configuration

Leave a Comment

Recovering Grub Boot Loader

Sometimes we get problem after installing windows besides linux. Fresh installation of windows sets boot loading directly from MBR. So, Grub boot loader does not work. We can recover Grub boot loader very easily. To do so, we can follow the following steps.

1. Start the pc on linux rescue mode.

2. In rescue mode do chroot/mnt/sysimage.

3. Then do grub-install /dev/hda

4. Restart the pc.

Now you will find Grub boot loader.

Comments (1)

Scheduled task

We can record some schedule task at Linux. To do this we can use crontab command. We can add a scheduled task by command:

crontab -e

At the very first we should understand the basic structure of crontab command.

*           *           *            *          *          Command

1st * is the minutes of hour (0-59)

2nd * is the hour of day (0-23)

3rd star means day of month (1-31)

4th * means month of year (1-12)

5th * means day of week (0-6)

Now,

crontab -e

10     9   *     *      *      cp /etc/passwd /backup

This command will copy /etc/passwd file at /backup every day 9.10 am

crontab -e

*/10     *   *     *      *      cp /etc/passwd /backup

This command will copy /etc/passwd file at /backup after every 10 minutes.

10,30     9,17   *     *      6      cp /etc/passwd /backup

This command will copy /etc/passwd file at /backup every friday at hour between 9am and 5 pm and minute between 10min-30min

To check the scheduled list we can use

crontab -l

To remove schedule task we can use

crontab -r

Leave a Comment

Selecting default OS to boot at Debian

We can do this by changing the configuration at grub file. At red hat the grub file is /etc/grub.conf file. But at Debian it resides at different location. To change the grub configuration you have to edit /boot/grub/menu.lst file. Normally Debian OS is the default bootable OS. To change this we have find out a line

default 0

here , I changed 0 to 3, as my windows system was 4th line at the seletion menu of grub loader.

And then save and exit the file. And it worked nicely.

For very freshers, we can change the same thing at redhat at /etc/grub.conf file and you will get it done.

Any tips about grub configuration will be highly appreciated.

Leave a Comment

Older Posts »