Scribd Logo
Upload

Welcome to Scribd!

  • Configuration

    Uploaded by

    Pratik Sanas
    45 views7 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    45 views7 pages

    Configuration

    Uploaded by

    Pratik Sanas

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 7

    SSH (Secure Shell Socket)

    Package ------> openssh*


    Deamons ------> sshd
    Config -------> /etc/ssh/sshd_confg
    Port ---------> 22
    --------------------------------------------------------------------
    SELinux

    Config /etc/selinux/confg -----> It is main fle for SELinux.


    -----------------------------------------------------------------------------------
    ------------------------------------
    Log server:
    * Log server is central log monitaring point.Whih stores all
    windows,linux,switches,system,hosts generated log centrally.
    So it can be easy to review.
    * Rsyslog (daemon) works on both side like server & client. In server sides, it can
    gather logs from other devices.
    & in client side transmit the logs to server.

    Package ------> rsyslog*


    Deamons ------> rsyslog
    Config file --> /etc/rsyslog.conf
    Document root-> /var/log
    Port ---------> 514

    log files:
    * It contatains messages regarding system including the kernal, services &
    applications running on it.
    * It is very useful to when trying to troubleshoot problem in the system.
    * Only root users can read these log messages.
    * The messages will be generated only when rsyslog service is running.

    The diferent types of log fles and their locations :


    # /var/log/messages ----> System and general messages and DHCP log messages.
    # /var/log/authlog -----> Authentication log messages.
    # /var/log/secure ------> Security and authentication and user log messages.
    # /var/log/maillog -----> Mail server log messages.
    # /var/log/cron --------> Cron jobs log messages.
    # /var/log/boot.log ----> All booting log messages.
    # /var/log/httpd -------> All Apache web server log messages.
    # /var/log/mysqld.log --> Mysql database server log messages.
    # /var/log/utmp or /var/log/wtmp -----> All the user's login messages.
    # /var/log/Qmail -------> Qmail log messages.
    # /var/log/kernel.log --> All kernel related log messages.
    # /var/log/samba -------> All samba server log messages.
    # /var/log/anakonda.log-> Linux installation log messages.
    # /var/log/lastlog -----> Recent login information for all users.
    # /var/log/yum.log -----> All package installation log messages generated by # yum
    or # rpm commands.
    # /var/log/cups --------> All printer and printing related log messages.
    # /var/log/ntpstat -----> All ntp server and services log messages.
    # /var/log/spooler -----> Mail, printer and cron jobs spooling messages.
    # /var/log/sssd --------> System security service deamon log messages.
    # /var/log/audit.log ---> SELinux log messages.
    # dmesg (to see the boot log messages)

    -----------------------------------------------------------------------------------
    -----------------
    Apache Web server :
    * Open source web server.
    * It is mostly used web server in the internet.
    * httpd is the deamon that speaks the http or https protocols.
    * It is a text based protocol for sending and receiving the objects over a network
    connection.
    * The http protocol is sent over the wired network in clear text using default port
    number 80/tcp.
    * To protect the website we can use https web server for data encryption.

    Package ------> httpd


    Deamons ------> httpd
    Config file --> /etc/httpd/conf/httpd.conf (For http)
    /etc/httpd/conf.d/ssl.conf (For https)
    /etc/httpd/conf.d/demo.conf
    Document root-> /var/www/html
    Log fles -----> /var/log/httpd/access_log
    /var/log/httpd/error_log
    Port ---------> 80/http and 443/https
    -----------------------------------------------------------------------------------
    -------------
    How to launch a website:

    1) # yum install -y httpd

    2) # yum start httpd

    3) # go to browser search ------> download free website template

    4) # cd /root/Downloads

    5) # unzip <content>

    6) # cp -rvf Downloads/<content>/* /var/www/html/

    7) # vim /var/www/html/index.html-----------> we can see all content here

    8) # curl localhost

    9) # curl 192.168.1.101

    ` 10) Search on browser---> 192.168.1.101


    -------------------------------------------------------------------------------
    Nginx :

    Package -------------> nginx


    Main Config file ----> /etc/nginx/nginx.conf
    Server Config file --> /etc/nginx/conf.d
    Document root--------> /usr/share/nginx/html

    * Steps: (For installing the nginx)


    1) # yum install epel-release
    # yum install nginx

    2) # systemctl start nginx


    # systemctl enable nginx
    # systemctl status nginx

    3) # firewall-cmd --zone=public --permanent --add-service=http


    # firewall-cmd --zone=public --permanent --add-service=https
    # firewall-cmd --reload

    4) # vim /usr/share/nginx/html/index.html

    5) # firebox search localhost/ip

    ***********************************************************************************
    ****

    Steps: (Name-based & IP Virtual Hosts with NGINX)


    1) # yum install --enablerepo=epel nginx

    2) # systemctl stop httpd


    # systemctl start nginx

    3) # useradd user1

    4) # mkdir /var/www/testing1.com/public_html
    # cd /var/www/testing1.com/public_html
    # vim index.html

    5) # mkdir /etc/nginx/sites-available
    # cd /etc/nginx/sites-available
    # touch testing1.com.conf
    server {
    listen 192.168.1.101:80
    server_name testing1.com www.testing1.com
    root /var/www/testing1.com/public_html
    index index.html
    }
    # chmod 755 testing1.com.conf
    # chgrp user1 testing1.com.conf
    # cd /var/www/testing1.com/public_html
    # chmod 755 index.html
    # chgrp user1 index.html

    6) # vim /etc/nginx/nginx.conf
    uncomment ----> #user nginx
    uncomment ----> #include /etc/nginx/conf.d/*.conf
    add text (in http) ----> include /etc/nginx/sites-available/*.conf

    7) # vim /etc/hosts
    192.168.1.101 testing1.com www.testing1.com

    8) # nginx -t
    # systemctl restart nginx

    9) Open the browser and navigate to the first virtual domain,


    http://testing1.com

    ***********************************************************************************
    **************

    Steps : Install WordPress 5 with Apache, MariaDB 10 and PHP 7 on CentOS 7

    1) # vim /etc/selinux/config ----->disabled-----> restart

    2) # yum install -y httpd


    # systemctl start httpd
    # systemctl enable httpd
    # systemctl status httpd

    3) # yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm


    yum-utils
    # yum-config-manager --enable remi-php73

    4) # yum install -y php php-common php-mysql php-gd php-xml php-mbstring php-


    mcrypt

    5) # vim /etc/yum.repos.d/MariaDB.10x.repo

    [mariadb]
    name = MariaDB
    baseurl = http://yum.mariadb.org/10.3/centos7-amd64
    gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
    gpgcheck=1

    # yum install -y MariaDB-server MariaDB-client


    # systemctl start mariadb
    # systemctl enable mariadb
    # systemctl status mariadb
    # mysql_secure_installation

    # mysql -u root -p
    ## create database wordpressdb;
    ## grant all privileges on wordpressdb.* to
    wordpressuser@localhost identified by '123';
    ## flush privileges;

    6) # cd /var/www/html
    # wget http://wordpress.org/latest.tar.gz
    # tar -xvf latest.tar.gz
    # chown -R apache:apache wordpress/

    7) # vim /etc/httpd/conf.d/<filename>.conf
    -----> Go to last line and type
    <VirtualHost *:80>
    ServerAdmin admin@hvthang.xyz
    DocumentRoot /var/www/html/wordpress
    ServerName hvthang.xyz
    ServerAlias www.hvthang.xyz
    ErrorLog /var/log/httpd/hvthang.xyz-error.log
    CustomLog /var/log/httpd/hvthang,xyz-acces.log common
    </VirtualHost>
    # httpd -t
    # systemctl restart httpd

    8) # firewall-cmd --permanent --add-service=http


    # firewall-cmd --permanent --add-service=https
    # firewall-cmd --history

    ***************************************************************************
    How to install SSL cetificate

    1) # yum install httpd

    2) # yum install mod_ssl


    3) # yum install openssl

    4) # openssl genrsa -out ca.key


    # openssl req -new -key ca.key -out ca.csr
    # openssl x509 -req -days 365 -in ca-csr -signkey ca.key -out ca.crt
    where
    ca-csr ---> name of csr file
    ca.key----> name of key file
    ca.crt ---> name of certificate

    5) # cp ca.crt /etc/pki/tls/certs
    # cp ca.key /etc/pki/tls/private
    # cp ca.csr /etc/pki/tls/private

    6) # vim /etc/httpd/conf.d/ssl.conf
    Edits line---->
    SSLCertificateFile /etc/pki/tls/certs/ca.crt
    SSLCertificateKeyFile /etc/pki/tls/private/ca.key

    # httpd -t

    7) # vim /etc/httpd/conf.d/<filename>.conf
    <Virtualhost *:443>
    SSLEngine on
    SSLCertificateFile /etc/pki/tls/certs/ca.crt
    SSLCertificateKeyFile /etc/pki/tls/private/ca.key
    servername www.server.demo.com
    Documentroot /web
    </virtualhost>

    # httpd -t

    8) # firewall-cmd --permanent --add-service=https


    # firewall-cmd --permanent --add-port=443/tcp
    # firewall-cmd --reload

    9) # systemctl restart httpd


    # systemctl enable httpd

    10) go to browser----> https://www.server.demo.com

    *******************************************************************************
    * Host Multiple Websites With SSL Encryption in RHEL

    # yum install -y httpd openssl mod_ssl


    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ca.key -out ca.crt
    # vim /etc/httpd/conf.d/ssl.conf
    Edits line---->
    SSLCertificateFile /etc/pki/tls/certs/ca.crt
    SSLCertificateKeyFile /etc/pki/tls/private/ca.key
    # httpd -t
    # vim /etc/httpd/conf.d/<filename>.conf
    <Virtualhost *:443>
    SSLEngine on
    SSLCertificateFile /etc/pki/tls/certs/ca.crt
    SSLCertificateKeyFile /etc/pki/tls/private/ca.key
    servername www.server.demo.com
    Documentroot /web
    </virtualhost>vim /etc/httpd/conf.d/httpd.conf

    --------------------------------------------------------------------
    FTP :
    * File transfer protocol.
    * FTP stands for File Transfer Protocol used to transfer fles from one host to
    another host over a TCP-based network

    Package ------> vsftpd (server)


    ftp (server & client)
    Deamons ------> vsftpd
    Config file --> /etc/vsftpd/vsftpd.conf
    /etc/vsftpd/user_list
    /etc/vsftpd/ftpuser
    Document root-> /var/ftp (Home directory)
    Log fles -----> /var/log/httpd/access_log
    /var/log/httpd/error_log
    Port ---------> 20 (Data transfer)
    21 (connection establishment)
    --------------------------------------------------------------------
    NFS :
    * Network File system
    * It is way to share the local hard drive fles between machines which are NFS
    compatible.
    * That means we share the fles between Linux and Unix machines but not between
    Linux and windows systems.
    * NFS is used upd protocol.

    Package ------> nfs-utils


    Deamons ------> rpc.mountd
    rpc.nfsd
    rpc.rquotad
    rpc.stad
    rpc.lockd
    rpc.idmapd
    Config file --> /etc/exports
    Port ---------> 2049
    usercreate ---> nobody
    --------------------------------------------------------------------
    SAMBA :
    * Samba allows Linux computers to share fles and printers across a network
    connection by using SMB
    protocol. Samba will support DFS, NFS, ufs fle systems to share fles and
    directories.
    * That's why Samba is used to share fles and directories between diferent platforms

    Package ------> samba* for samba server and samba-client* for samba client
    Deamons ------> smb and nmb for RHEL - 7 where as smb is for Samba server deamon
    and nmb is for
    Netbios service deamon

    Config file --> etc/samba/smb.conf


    Log fle ------> /var/log/samba
    Port ---------> 137 ---> to verify the share name,
    138 ---> to data transfer,
    139 ---> to connection establish and
    445 ---> for authentication
    usercreate ---> nobody
    --------------------------------------------------------------------
    MariaDB:
    * is a database software to create and maintain the databases.

    Package ------> mariadb*


    Deamons ------> mariadb
    Config file --> /etc/my.cnf
    Commands -----> mysql_secure_installation
    Port ---------> 3306
    -----------------------------------------------------------------------------------
    -------------------------------------------------------------------------
    DHCP:
    * Dynamic Host Confguration Protocol.
    * DHCP is anetwork protocol that enables the server to assign an IP addresses to
    the clients in the network automatically from a defned range of IP addresses
    ie., scope confgured for a given network.

    Package ------> dhcp*


    Deamons ------> dhcpd
    Config file --> /etc/dhcp/dhcpd.cnf
    Port ---------> 67 server , 68 client

    Steps:
    1) # yum install dhcp*

    2) # Go to virtual box-----> Network----->all networking should have


    internal connection

    3) # open the linux GUI ---> netwk setting --->wire setting--->wire---->ipv4


    Addres 192.168.7.11
    Netmask 255.255.255.0
    Gateway 192.168.7.11
    # vim /etc/dhcp/dhcp.conf
    default-lease-time 600;
    max-lease-time 7200;

    subnet 192.168.7.0 netmask 255.255.255.0 {


    range 192.168.7.15 192.168.7.21;
    option subnet-mask 255.255.255.0;
    option routers 192.168.7.1;
    }

    4) # systemctl start dhcpd

    5) # go to windows firewall ---> custmize setting----> turn off firewall

    6) # go to client machine ---> restart the netwk card n check ip assigned or


    not

    -----------------------------------------------------------------------------------
    -----------------

    You might also like