INTERNSHIP RE-

PORT

BY PATRUNI C SASTRY

ARMIA SYSTEMS PVT LTD

26TH SEMTEMBER 2014

Task 1

Dns server

setup

What is DNS (Domain Name

Servers)?

DNS is an acronym for Domain Name Server,

and is the system used to translate word­based

addresses of systems (such as PATRUNI.COM)

to the numerical IP (Internet Protocol) address

of the computer or system that should be

located at that address. All computers and

systems on the Internet use addresses that

look similar to: 192.168.1.151

When you use an alphanumeric address such as

PATRUNI

.COM, your computer needs to understand what

numerical IP addresses it needs to contact, and

this is accomplished through DNS servers. The

answer is delivered back to the requesting

computer via the DNS listed for the domain name.

All domains have at least DNS servers , and your

request for anything related to the domain name

gets sent to one of these servers. In response, the

DNS server sends back the IP address that you

should contact. This works for the Web Site, Mail

Servers, and anything else based on the domain

name.

The DNS database resides on a hierarchy of

special database servers. When

First contacts a DNS server to determine the

server's IP address. If the DNS server does not

contain the needed mapping, it will in turn

forward the request to a different DNS server at

The next higher level in the hierarchy. After

potentially several forwarding and delegation

messages are sent within the DNS hierarchy, the

IP address for the given host eventually arrives at

the resolver that in turn completes the request of

internet protocol

How DNS works?

DNS essentially functions as a distributed database

using a client/server relationship between clients that

need name resolution (mapping host names to IP

addresses) and the servers that maintain the DNS data.

This distributed database structure enables the DNS

name space to be both dynamic and decentralized,

giving local domains control over their own portion of

the DNS database while still enabling any client to

access any part of the database.

At the uppermost level of the DNS name space are the

root servers. The root servers manage the top level

domains: .com, .net, .org,

.mil, .edu, .gov, and .int. With all the domains in

existence today, not to mention all the hosts in those

domains, you can see why the root servers actually

maintain very little information about each domain. In

fact, the only data the root servers typically maintain

about a domain

Are the name servers that are authoritative for the

domain, or which have authority for the domain’s

records?

The authoritative name servers actually maintain the

records for a domain or in some cases delegate some

of or the entire domain to other name servers. The root

servers know the name servers for techrepublic.com,

for example, and within those name servers the

west.techrepublic.com domain is delegated to another

set of name servers that manage that portion of the

overall techrepublic.com domain. In most cases,

domains and their records are either managed directly

by the organization owning the domain or by the ISP

that provides the Internet connection for the

organization.

Configuration and Data Files in

DNS

In addition to the in.named daemon, DNS on a name

server consists of a boot file called named.conf, a

resolver file named resolv.conf, and four types of zone

data files.

This Table gives BIND file names

Solaris Names Content and Purpose of File

/

The configuration file specifies the type of server it is

running on and the

etc./named.con

Zones that it serves as a 'Master', 'Slave', or 'Stub'. It also

defines security,

F

Logging and a finer granularity of options applied to

zones.

/

This file resides on every DNS client (including DNS

servers) and

etc/resolv.co

Designates the servers that the client queries for DNS

information.

Nf

named.ca

This file establishes the names of root servers and lists

their addresses.

Generic: hosts

This file contains all the data about the machines in the

local zone that the

Examples: Server serves.

db.doc

db. Sales

Generic:

This file specifies a zone in the in-addr.arpa. domain, a

special

hosts.rev Domain that allows reverse (address-to-name) mapping.

Examples:

doc.rev

named.local

This file specifies the address for the local loopback

interface, or localhost

$INCLUDE files

Any file identified by an $INCLUDE () statement in a data

file.

DNS Name Servers

DNS name servers maintain mappings of domain names

to IP addresses (and vice versa) and answer queries

including, but not limited to "What is the IP address

associated with this particular domain name?", and

"What is the domain name associated with this

particular IP address?". DNS name servers themselves

also use resolvers to ask other DNS name servers

questions to which they don't know the answers

themselves.

DNS PROPAGATION

When a website is requested through a web browser

(Internet Explorer, Firefox, etc.), the request is first sent

to the computer's Internet Service Provider (ISP) which

contacts the domain's name servers to look up the

location (IP address) of the web hosting server. Caching

occurs when the web hosting server at the IP address

location no longer hosts the website, but a visitor's web

browser still attempts to connect to that server to retrieve

the web page. This happens because the web browser and

the computer's operating system keeps a list of already

looked up IP addresses, and it refers to that list for future

IP address look ups. ISPs also keep their own IP address

list as well. The purpose of this is to speed up web page

loading times, and to reduce the traffic on the Internet.

Unfortunately, this can lead to delays during name server

changes. The case below shows what happens when

there is no caching and what happens when there is

caching.

No caching­ this is the type of lookup that happens

for someone visiting your website for the first time, or

if they haven't visited your website for a while.

Caching at the ISP level - ISPs keep a list of already looked

up domains. This list is only kept for a couple days. If a

name server change is made, the ISP won't look up the new

IP until the IP kept on the 'Already Retrieved' list expires. So

in the example below, if pcs.patuni.com says 'patruni.com is

at the IP address 192.168.1.151,' the website visitor will not

receive that

Information until the patruni.com IP on the 'Already

Retrieved' list expires.

Caching on your computer. - Even your computer and your

web browser cache IP addresses. That way, there's no need

to go out on the Internet to look up the IP address, which

saves time. But during a name server change, your

computer may still go to the old IP address for a few days.

DOMAIN NAME RESOLUTION

Domain Name Resolution is the task of converting

domain names to their corresponding IP address. This is

all done behind the scenes and is rarely noticed by the

user. When you enter a domain name in an application

that uses the Internet, the application will issue a

command to have the operating system convert the

domain name into its IP address, and then connect to

that IP address to perform whatever operation it is

trying to do.

The way the operating system resolves the domain

name is based upon its configuration. For almost all

operating systems the default order for Domain Name

resolution is as follows:

1. Hosts File ­ there is a file called the HOSTS file

that you can use to convert domain names to IP

addresses. Entries in the HOSTS file override any

mappings that would be resolved via a DNS server.

2. Domain Name system ­ this is the system used on

the Internet for converting domain names to their

corresponding IP addresses. Your operating system

will connect to the DNS server configured on your

computer and have that server return to you the IP

address for the domain name you queried it with.

3. NetBIOS ­ this only applies to Windows machines

and will only be used to map names to IP addresses

if all previous methods failed. This method will at-

tempt to map the NetBIOS name you are trying to

connect to with an IP address.

How about various DNS records?

The main purpose for DNS is to map host names to IP

addresses, and the data that makes that possible are stored as

records in a zone file on the DNS server hosting the zone. Within

each zone file (really just a text file) are resource records that

define host names and other domain elements. There are

several different types of resource records, each of which

performs a specific function. Table lists resource record types

supported by DNS service.

Table

Record

Purpose

d

SOA Specifies authoritative server for the zone

NS Specifies address of domain’s name server(s)

A Maps host name to an address

PTR Maps address to a host name for reverse lookup

CNAM

Creates alias (synonymous) name for specified

host

E

MX Mail exchange server for domain

SRV Defines servers for specific purpose such as HTTP,

FTP, and so on

AAAA Maps host name to Ipv6 address

AFSD Location of AFS cell database server or DCE cell’s

authenticated

B server

HINFO Identifies host’s hardware and OS type

ISDN Maps host name to ISDN address (phone number)

MB Associates host with specified mailbox;

experimental

MG Associates host name with mail group;

experimental

MIN

F O

MR

RP

RT

TXT

WK

S

X.25

WIN

S

WINS

-R

Specifies mailbox name responsible for mail group;

experimental

Specifies mailbox name that is proper rename

of other mailbox; experimental

Identifies responsible person for domain or

host

Specifies intermediate host that routes packets

to destination host Associates textual

information with item in the zone

Describes services provided by specific protocol on

specific port

Maps host name to X.121 address (X.25

networks); used in conjunction with RT

records

Allows lookup of host portion of domain

name through WINS server

Reverses lookup through WINS server

ATMA Maps domain name to ATM address

As you can see in Table B, there are a lot of resource

record types to deal with. Fortunately, most installations

only require a few of the more common types, including

SOA, A, NS, PTR, CNAME, and MX. The SOA record

indicates that the server is authoritative for the zone,

automatically creates an SOA record when you create a

zone. The NS records identify the name servers for the

zone.

TASK 1

SETUP THE BIND DNS SERVER AND

SETUP A DOMAIN.

1. Downloaded BIND-9.10.0-P2.tar.gz .

2.Extracted it using tar -xvf bind-9.10.0-

P2.tar.gz command.

[root@desktop ~]# tar -xvf bind-9.10.0-

P2.tar.gz

3.Installed the dependencies gcc, gcc-c++,

ncurses, openssl-devel.

4. Created a directory called bind in

/usr/local and copied the extracted file to

this directory. Then run the configure script

with argument

“./configure –prefix=/usr/local/bind

inorder” to create a chroot environment.

[root@desktop ~]# mkdir /usr/local/

5.Run “make” and “make install” commands.

[root@desktop ~]# make

[root@desktop ~]# make

install

6. Created a group called named. Also

created a user called named with home

directory “usr/local/bind” , shell /bin/false

and the user is a member of named

group.Assigned the user ownership to user

named.

7. Dummy directories like etc, dev, usr etc.

are created.

8. Edit the configuration files

vim /etc/named.conf

9. check the named.conf file is correct

named­checkconf /etc/named.conf

10. create zone file

cp/var/named/named.localhost

/var/named/fwd.patruni.com.zone

11. change the group ownership fwd.patruni.com.zone

chgrp named /var/named/fwd.patruni.com.zone

12. edit the forward zone file

vim /var/named/fwd.patruni.com.zone

13. check the patruni.com.zone file is correct

named­checkzone patruni.com

/var/named/fwd.patruni.com.zone

14. just restart the service of dns

service named

restart chkconfig

named on

15. next is step is create reverse zone file to edit ..

cp/var/named/fwd.patruni.com.zone/var/named/rev.patru

ni.com. zone

chgrp named /var/named/rev.patruni.com.zone

vim /var/named/rev.patruni.com.zone

16. to check the reverse zone file

named­checkzone 0.168.192.in­addr.arpa

/var/named/rev.patruni.com.zone

17.Started and added the service to checkconfig.

18.Modified /etc/resolv.conf and added the nameserver

192.168.1.151

19. Tested A record by running the command dig

pcs.patruni.com

20.Tested MX record by running the

command dig ­t MX desktop.nakul.com

21.Tested TXT record by running the

command dig ­t TXT pcs.patruni.com

STEPS TAKEN TO SECURE

THE DNS SERVER

1. Installed bind in a chroot environment

(/usr/local/bind).

2. Configured bind to run as non­root user named.

3. User and group ownerships of the files in bind

dierctory is given to user and group named.

4. Configuration file named.conf and zone files was

given permission

640.

5. Bind was configured to listen to port 53 and

on a specific IP 192.168.1.151

and on loopback(127.0.0.1).

6. Bind was configured to answer the query

from the network 192.168.1.0/24

and loopback(127.0.0.1).

7. DNSSEC and validation are set.

8. Server version is not specified.

9. Allow­transfer and allow­update are set to none.

10. Recursion is set to no.

Task 2

1.Exim, - server-

create a user at the

domain name and

send a mail to root

2.Postfix + MySQL

authentication

Mail Servers

A mail server is the computerized equivalent of your

friendly neighborhood mailman. Every email that is

sent passes through a series of mail servers along

its way to its intended recipient. ie, Mail exchanged

across networks is passed between mail servers

that run specially designed software. This software

is built around agreed-upon, standardized protocols

for handling mail messages and any data files (such

as images, multimedia or documents) that might be

attached to them.

Without this series of mail servers, you would only

be able to send emails to people whose email

address domains matched your own - i.e., you could

only send messages from one example.com account

to another example.com account.

Types of Mail Servers

Mail servers can be broken down into two main

categories: outgoing mail servers and incoming mail

Servers. Outgoing mail servers are known as SMTP,

or Simple Mail Transfer Protocol, servers. Incoming

mail servers come in two main varieties. POP3, or

Post Office Protocol, version 3, servers are best

known for storing sent and received messages on

PCs' local hard drives. IMAP, or Internet Message

Access Protocol, servers always store copies of

messages on servers. Most POP3 servers can store

messages on servers, too, which is a lot more

convenient.

SMTP: Mail delivery from a client application to the

server, and from an originating server to the

destination server, is handled by the Simple Mail

Transfer Protocol. But the issue with this SMTP is

that it does not need authentication which results in

open door for spam emails. Port used is 465.

POP(Post Office Protocol): When using a POP server,

email messages are downloaded by email client

application. POP is fully compatible with important

Internet messaging standards, such as

Multipurpose Internet Mail Extensions (MIME), which

allow for email attachments. The most current

version of the standard POP protocol is POP3. Port

used is 995. For added security, it is possible to use

Secure Socket Layer (SSL) encryption for client

authentication and data transfer sessions.

IMAP(Internet Message Access Protocol): When

using an IMAP mail server, email messages remain

on the server where users can read or delete them.

IMAP also allows client applications to create,

rename, or delete mail directories on the server to

organize and store email. Port used is 993. IMAP is

particularly useful for users who access their email

using multiple machines. The protocol is also

convenient for users connecting to the mail server

via a slow connection, because only the email

header information is downloaded for messages until

opened, saving bandwidth. The user also has the

ability to delete messages without viewing or

downloading them.

Mail Transfer Agent(MTA)

A message transfer agent (MTA) is a software

application used within an Internet message

handling system (MHS). It is responsible for

transferring and routing an electronic mail message

from the sender’s computer to the recipient’s

computer. The basic platform for an MTA is an

exchange system with client/server architecture. A

message transfer agent receives incoming emails

and forwards the messages to individual

clients/users. The main function of the MTA is

forwarding the incoming message to the proper end-

user or destination.

The major functions of an MTA are:

• Accepting messages originating from the user

agent and forwarding them to their destination

(other user agents).

• Receiving all messages that are transmitted from

other user agents for further transmission.

• Keeping track of each and every activity and

analyzing and storing the recipient list to perform

future routing functions.

• Sending auto-responses about nondelivery when a

message does not reach its intended

destination.

The common MTA's in Linux are

• Postfix

• Sendmail

• Exim

• Fetchmail

Mail Delivery Agent(MDA)

A Mail Delivery Agent (MDA) is invoked by the MTA to

file incoming email in the proper user's mailbox. In

many cases, the MDA is actually a Local Delivery

Agent (LDA), such as mail or Procmail. Any program

that actually handles a message for delivery to the

point where it can be read by an email client

application can be considered an MDA. For this

reason, some MTAs (such as Sendmail and Postfix)

can fill the role of an MDA when they append new

email messages to a local user's mail spool file. In

general, MDAs do not transport messages between

systems nor do they provide a user interface; MDAs

distribute and sort messages on the local machine

for an email client application to access. Common

examples of MDA include Procmail and mail.

Mail User Agent(MUA)

A MUA is an application that is used to send and

receive email. It is a computer program used to

access and manage a user's email. Many MUAs are

capable of retrieving messages via the POP or IMAP

protocols, setting up mailboxes to store messages

and sending outbound messages to an MTA. MUAs

may be graphical, such as Evolution, or have simple

text-based interfaces, such as pine, MUTT.

WHAT IS EXIM

Exim is a mail transfer agent (MTA) for hosts that are

running Unix or Unix-like operating systems. Its first

version was written in 1995 by Philip Hazel for use in

the University of Cambridge Computing

Service's email systems. Exim is distributed under

the GPL, and therefore is free to download, use and

modify.It was designed on the assumption that it

would be run on hosts that are permanently

connected to the Internet. However, it can be used

on intermittently connected hosts with suitable

configuration adjustments.

Early MTAs were usually run as open relays, just

routing and delivering mail without applying many

rules or security controls. Exim features include user

options for defense against mail bombs and

unsolicited junk mail. Exim can be run on any TCP/IP

network, in conjunction with any combination of host

and user software, and is the default MTA included

on most Linux systems. Each mail handled by Exim

will have a unique message-ID. Most commands

related to managing the queue and logging use these

message-ids. Exim log files are stored in

/var/spool/exim/msglog and arenamed the same as

the message-id. Files in /var/spool/exim/input are

named after the message-id. Eximis not a complete

email server package,it’s a mail transfer agent and a

mail submission agent. It doesnot support IMAP or

POP protocols, though it can deliver messages to

mail stores that do, either usingSMTP or LMTP

message delivery, or in some cases by saving

messages directly into mailboxes. Eximdoesn't have

a Graphical User Interfaceected to the Internet.

However, it can be used on intermittently connected

hosts with suitable configuration adjustments. Early

MTAs were usually run as open relays, just routing

and delivering mail without applying many rules or

security controls. Exim features include user options

for defense against mail bombs and unsolicited junk

mail. Exim can be run on any TCP/IP network, in

conjunction with any combination of host and user

software, and is the default MTA included on most

Linux systems. Each mail handled by Exim will have

a unique message-ID. Most commands related to

managing the queue and logging use these message-

ids. Exim log files are stored in

/var/spool/exim/msglog and are named the same as

the message-id. Files in /var/spool/exim/input are

named after the message-id. Exim is not a complete

email server package,it’s a mail transfer agent and a

mail submission agent. It does not support IMAP or

POP protocols, though it can deliver messages to

mail stores that do, either using SMTP or LMTP

message delivery, or in some cases by saving

messages directly into mailboxes. Exim doesn't have

a Graphical User Interface

EXIM INSTALLATION

1)install gcc -y

2) install db4-devel -y

3) install pcre.x86_64 pcre-devel.x86_64 -y

4) echo "exim:x:111:111::/var/spool/mail:/bin/false" >> /etc/passwd

5) echo "exim:x:111:" >> /etc/group

6) mkdir -p /var/spool/mail && mkdir -p /var/log/exim && chown

exim:exim /var/spool/mail && chown exim:adm /var/log/exim && chmod

1777 /var/spool/mail && chmod 2750 /var/log/exim

7) cd /usr/local/src/

8) wget http://ftp.exim.org/pub/exim/exim4/exim-4.84.tar.bz2

9) bunzip2 exim-4.84.tar.bz2

10) tar -xf exim-4.84.tar

11) cd exim-4.84/

12) vim src/EDITME

# only change the following variables with these values

BIN_DIRECTORY=/usr/sbin

CONFIGURE_FILE=/etc/exim/exim.conf

EXIM_USER=exim

#EXIM_MONITOR=eximon.bin # hash this line.

13) cp src/EDITME Local/Makefile

14) make

15) make install

16) mv /usr/lib/sendmail /usr/lib/sendmail-bkp

17) mv /usr/sbin/sendmail /usr/sbin/sendmail-bkp

18) killall sendmail

19) ps aux | grep sendmail ( make sure sendmail is not running )

20) ln -s /usr/sbin/exim /usr/sbin/sendmail

21) ln -s /usr/sbin/exim /usr/lib/sendmail

22) /usr/sbin/sendmail -bd -q15m

checking the connection gor host

# ps aux | grep exim

exim 28002 0.0 0.0 28960 912 ? Ss 17:18 0:00

/usr/sbin/sendmail -bd -q15m

root 28036 0.0 0.0 103236 860 pts/0 R+ 17:18 0:00 grep exim

]# telnet localhost 25

Trying ::1...

telnet: connect to address ::1: Connection refused

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

220 localhost ESMTP Exim 4.84 Thu, 28 Aug 2014 17:18:59 +0000

23)Edited the runtime configuration file for exim

following changes:

“/usr/local/exim/configure”

and made the

primary_hostname = desktop.nimy.com (mail domain)

never_users = exim

host_lookup = * (reverse DNS lookup on all incoming iP calls, in order

to get the true host

name.)

24) Created the command alias for easy execution:

vim etc/bashrc

exim='/usr/exim/bin/exim'

25)Now mail can be send using exim.

exim mail

POSTFIX + MYSQL

AUTHENTICATION

WHAT IS POSTFIX

Postfix is a free and open-source mail transfer agent (MTA) that

routes and delivers electronic mail, intended as an alternative to

the widely used Sendmail MTA. It attempts to be fast and easy to

administer and secure. Inorder to improve security, Postfix uses

a modular design, where small

processes with limited privileges are launched by a master

daemon. The smaller, less privileged processes perform very

specific tasks related to the various stages of mail delivery and

run in a change rooted environment to limit the effects of

attacks. Postfix provides a variety of configuration options, as

well as third party add-ons that make it a very

versatile and full featured MTA.

WHAT IS MySQL

MySQL is the world's second most widely used open-source

relational database management system (RDBMS). It is named

after co-founder Michael Widenius's daughter, My. The SQL

phrase stands for Structured Query Language. MySQL is a

relational database management system (RDBMS), and ships

with no GUI tools to administer MySQL databases or manage

data contained within the databases. Users may use the included

command line tools, or use MySQL "front-ends", desktop

software and web applications that create and manage MySQL

databases, build database structures, back up data, inspect

status, and work with data records.

MySQL can be built and installed manually from source code, but

this can be tedious so it is more commonly installed from a

binary package unless special customizations are required. On

most Linux distributions the package management system can

download and install MySQL with minimal effort, though further

configuration is often required to adjust security and

optimization settings. The Postfix mysql map type allows us to

hook up Postfix to a MySQL database. This implementation

allows for multiple mysql databases. We can use one for a virtual

table, one for an access table, and one for an aliases table if we

want. We can specify multiple servers for the same database, so

that Postfix can switch to a good database server if one goes

bad.

The default port used by mysql is 3306. Mysql is the world’s most

used open source relational database management system

(RDBMS).

WHAT IS Cyrus SASL

The Cyrus SASL package contains a Simple Authentication and

Security Layer, a method for adding authentication support to

connection-based protocols. To use SASL, a protocol includes a

command for identifying and authenticating a user to a server

and for optionally negotiating protection of subsequent protocol

interactions. If its use is negotiated, a security layer is inserted

between the protocol and the connection . SMTP servers need to

decide whether an SMTP client is authorized to send mail to

remote destinations or only to destinations that the server itself

is responsible for. SMTP clients outside the SMTP server's

network need a different way to get "same network" privileges.

To address this need, Postfix supports SASL authentication with

this a remote SMTP client can authenticate to the Postfix SMTP

server, and the Postfix SMTP client can authenticate to a remote

SMTP server. Once a client is authenticated, a server can give it

"same network" privileges.

Postfix does not implement SASL itself, but instead uses existing

implementations as building blocks. This means that some SASL-

related configuration files will belong to Postfix, while other

configuration files belong to the specific SASL implementation

that Postfix will use. Configuring the SASL implementation to

offer a list of mechanisms that are suitable for SASL

authentication and, depending on the SASL implementation used,

configuring authentication backbends that verify the remote

SMTP client's authentication data against the system password

file or some other database. Currently the Postfix SMTP server

supports the Cyrus SASL and Dovecot SASL implementations.

Configuring Postfix with MySql Authentication

Download the source files

• postfix- 2.11.1.tar.gz.

• mysql-5.5.28.tar.gz

• cyrus-sasl-2.1.25.tar.gz

Extracted them using “tar -xvf” command.

Install the following dependencies

• gcc

• gcc-c++

• ncurses-devel

• libxml2-devel

• cmake

Installing MySql

1. Changed the pwd to “/usr/src/mysql/mysql-5.5.28” directory

where the source file is untarred.

2. Run the command “cmake

-DCMAKE_INSTALL_PREFIX=/usr/local/mysql

-DMYSQL_DATADIR=/usr/local/mysql/data” .

3. Run the commands “make” and “make install”.

4. Created the mysql user and group.

5. Changed the pwd to “/usr/local/mysql”

6. Run the command chown –R mysql.mysql*

7. Run scripts/mysql_install_dbwith argument “--user=mysql --

basedir=/usr/local/mysql

--datadir=/usr/local/mysql/data”

8. Run the command “bin/mysqld_safe –user=mysql &”

9. Copied “support-files/my-default.cnf” file to “/etc/my.cnf”.

10. Also copied “support-files/mysql.server” to

“/etc/init.d/mysqld”.

11. Added the mysqld service to chkconfig:

• chkconfig –add mysqld

12. Run the script “bin/mysql_secure_installation” to set

password for root sql access.

13. Started the mysqld service.

Installing Cyrus SASL

1. Changed the pwd to “/usr/src/cyrus/cyrus-sasl-2.1.25.tar.gz”

directory where the source file is

untarred.

2.Run the commands “./configure” , “make” and “make install”.

Installing Postfix

1. Change the pwd to “/usr/src/postfix/postfix-2.11.1”.

2. Created users postfix and postdrop.

3. Run the command “make makefiles 'CCARGS=-DHAS_MYSQL -

I/usr/local/mysql/include

-I/usr/local/mysql/include/mysql

-I/usr/local/include/sasl

-DUSE_CYRUS_SASL

-DUSE_SASL_AUTH

-I/usr/local/bdb/include' 'AUXLIBS=-L/usr/local/mysql/lib

-lmysqlclient -lz -lm -L/usr/local/lib -lsasl2' ”

4.Run “make” and “make install” commands.

Configuring Postfix with MySql Authentication

Edited the postfix configuration file “/etc/postfix/main.cf” and

made the necessary changes:

mail_owner = postfix

myhostname = desktop.nimy.com

mydomain = nimy.com

myorigin = $mydomain

inet_interfaces = all

relay_domains = *

Adding entry for virtual mail box: Adding entry for SASL

Authentication.

Create user “vmail” with uid 5000 .

Create virtual mail directory”mkdir /var/mail/virtual/” .

Set permissions for the virtual directory

“chown vmail:vmail /var/mail/virtual”

“ chmod 700 /var/mail/virtual”

Uncomment the line starting with 'submission' and 'smtps' in

/etc/postfix/master.cf file.

Create SQL Schema and Tables.

CREATE USER 'postfix'@'127.0.0.1' IDENTIFIED BY 'redhat';

GRANT USAGE ON * . * TO 'postfix'@'127.0.0.1' IDENTIFIED BY

'redhat';

CREATE DATABASE IF NOT EXISTS `postfix` ;

GRANT ALL PRIVILEGES ON `postfix` . * TO 'postfix'@'127.0.0.1';

USE `postfix`;

CREATE TABLE `aliases` (

`lookup` varchar(255) NOT NULL,

`destination` varchar(255) NOT NULL DEFAULT '',

`enabled` tinyint(1) NOT NULL DEFAULT '1'

) ENGINE=MyISAM DEFAULT CHARSET=utf8;

CREATE TABLE `domains` (

`domain` varchar(120) NOT NULL DEFAULT '',

`enabled` tinyint(1) NOT NULL DEFAULT '1',

PRIMARY KEY (`domain`)

) ENGINE=MyISAM DEFAULT CHARSET=utf8;

CREATE TABLE `users` (

`username` varchar(255) NOT NULL,

\password` blob DEFAULT NULL,

`enabled` tinyint(1) NOT NULL DEFAULT '1',

PRIMARY KEY (`username`)

) ENGINE=MyISAM DEFAULT CHARSET=utf8;

CREATE TABLE `delegates` (

`username` varchar(255) NOT NULL DEFAULT '',

`sendas` varchar(255) NOT NULL DEFAULT ''

) ENGINE=MyISAM DEFAULT CHARSET=utf8;

Creating MySQL Lookup Files

1) Create file /etc/postfix/virtual_alias_maps.sql with

hosts = 127.0.0.1

user = postfix

password = redhat

dbname = postfix

query = SELECT destination FROM aliases WHERE lookup = '%s'

AND enabled = 1

2) Create file /etc/postfix/virtual_domains_maps.sql with

hosts = 127.0.0.1

user = postfix

password = redhat

dbname = postfix

query = SELECT domain FROM domains WHERE domain = '%s'

AND enabled = 1

3) Create file /etc/postfix/virtual_mailbox_maps.sql

hosts = 127.0.0.1

user = postfix

password = redhat

dbname = postfix

query = SELECT username FROM users WHERE username = '%s'

AND enabled = 1

result_format = %d/%u/

4)Create file /etc/postfix/smtpd_sender_login_maps.sql with

hosts = 127.0.0.1

user = postfix

password = redhat

dbname = postfix

query = SELECT username FROM delegates WHERE sendas = '%s'

Setting up SASL Authentication

Create file /usr/local/lib/sasl2/smtpd.conf with

pwcheck_method: auxprop

auxprop_plugin: sql

mech_list: plain login cram-md5 digest-md5 gssapi

sql_engine: mysql

sql_hostnames: 127.0.0.1

sql_user: postfix

sql_passwd: redhat

sql_database: postfix

sql_select: SELECT CAST(AES_DECRYPT(password, 'mysaltkey')

AS CHAR)

FROM users WHERE username = '%u@%r' AND enabled = 1

Inserting to the tables aliases, domains, delegates and

users

Adding domain names and user example.com

INSERT INTO `domains` (`domain`) VALUES ('example.com');

INSERT INTO `users` (`username`,`password`) VALUES

('postmaster@example.com',AES_ENCRYPT('redhat','mysaltkey'));

INSERT INTO `users` (`username`,`password`) VALUES

('user@example.com',AES_ENCRYPT('redhat','mysaltkey'));

INSERT INTO `delegates` (`username`,`sendas`) VALUES

('postmaster@example.com','postmaster@example.com');

INSERT INTO `aliases` (`lookup`,`destination`) VALUES

('postmaster@example.com','postmaster@example.com');

•

Adding domain names and user nimy.com

INSERT INTO `domains` (`domain`) VALUES ('nimy.com');

INSERT INTO `users` (`username`,`password`) VALUES

('nimy@example.com',AES_ENCRYPT('redhat','mysaltkey'));

INSERT INTO `users` (`username`,`password`) VALUES

('user@nimy.com',AES_ENCRYPT('redhat','mysaltkey'));

INSERT INTO `delegates` (`username`,`sendas`) VALUES

('nimy@example.com','postmaster@example.com');

INSERT INTO `aliases` (`lookup`,`destination`) VALUES

('postmaster@example.com','postmaster@example.com');

Started the postfix service(/usr/sbin/postfix start).

mysql running

Checking whether the modules mysql and dovecot are added to

postfix

MySQL Databases and Tables

Task -3

LAMP SERVER

CONFIGURATION

WHAT IS LAMP?

Short for Linux, Apache, MySQL and PHP, an open-source

Web development platform, also called a Web stack, that

uses Linux as the operating system, Apache as the Web

server, MySQL as the RDBMS and PHP as the object-oriented

scripting language. Perl or Python is often substituted for

PHP.

The key to the idea behind LAMP, a term originally coined by

Michael Kunze in the German magazine c't in 1998, is the

use of these items together. Although not actually designed

to work together, these open source software alternatives

are readily and freely available as each of the components

in the LAMP stack is an example of Free or Open Source

Software (FOSS).

LAMP has become a de facto development standard. Today,

the products that make up the LAMP stack are included by

default in nearly all Linux distributions, and together they

make a powerful web application platform. The original

LAMP acronym has spawned a number of other, related

acronyms that capitalize on the main focus of the original

combination of technologies to provide feature rich Web

sites. Some of these related Web stacks include LAPP,

MAMP, and BAMP.The LAMP platform consists of four

components that are structured in a layered way. Each layer

provides a critical part of the entire software stack:

• Linux. Linux is the lowest-level layer and provides the

operating system. Linux actually runs each of the other

components. You are not specifically limited to Linux,

however; you can easily run each of the other

components on Microsoft®; Windows®;, Mac OS X, or

UNIX® if you need to.

• Apache. The next layer is Apache, the Web server.

Apache provides the mechanics for getting a Web page

to a user. Apache is a stable, mission-critical-capable

server, and it runs more than 65 percent of all Web sites

on the Internet. The PHP component actually sits inside

Apache, and you use Apache and PHP together to

create your dynamic pages.

• MySQL. MySQL provides the data-storage side of the

LAMP system. With MySQL, you have access to a very

capable database suitable for running large and

complex sites. Within your Web application, all your

data, products, accounts, and other types of

information will reside in this database in a format that

you can easily query with the SQL language.

• PHP. PHP is a simple and efficient programming

language that provides the glue for all the other parts of

the LAMP system. You use PHP to write dynamic

content capable of accessing the data in the MySQL

database and some of the features that Linux provides.

WHAT DOES APACHE WEB

SERVER MEAN?

Apache Web Server is an open source Web server creation,

deployment and management software. Initially developed by a

group of software programmers, it is now maintained by the

Apache Software Foundation.

With over 100 million websites and over 50 percent of the global

market share, Apache Web Server is one of the most commonly

used applications for website hosting

Apache Web Server is designed to create Web servers that have

the ability to host one or more HTTP-based websites. Notable

features include the ability to support multiple programming

languages, server side scripting, an authentication mechanism

and database support. Apache Web Server can be enhanced by

manipulating the code base or adding multiple extensions/add-

ons.

It is also widely used by Web hosting companies for the purpose

of providing shared/virtual hosting, as by default, Apache Web

Server supports and distinguishes between different hosts that

reside on the same machine. the most current version of Apache

Web Server is version 2.4.3.

WHAT IS MYSQL?

• MySQL is a database system used on the web

• MySQL is a database system that runs on a server

• MySQL is ideal for both small and large applications

• MySQL is very fast, reliable, and easy to use

• MySQL supports standard SQL

• MySQL compiles on a number of platforms

• MySQL is free to download and use

• MySQL is developed, distributed, and supported by

Oracle Corporation

• MySQL is named after co-founder Monty Widenius's

daughter: My

WHAT IS PHP?

PHP was originally an acronym for Personal Home Pages, but is

now a recursive acronym for PHP: Hypertext Preprocessor.

PHP was originally developed by the Danish Greenlander Rasmus

Lerdorf, and was subsequently developed as open source. PHP is

not a proper web standard - but an open-source technology. PHP

is neither real programming language - but PHP lets you use so-

called scripting in your documents.To describe what a PHP page

is, you could say that it is a file with the extension .php that

contains a combination of HTML tags and scripts that run on a

web server.

How does PHP work?

The best way to explain how PHP works is by comparing it with

standard HTML. Imagine you type the address of an HTML

document (e.g.http://www.mysite.com/page.htm) in the address

line of the browser. This way you request an HTML page. the

server simply sends an HTML file to the client. But if you instead

type http://www.mysite.com/page.php - and thus request an PHP

page - the server is put to work:

The server first reads the PHP file carefully to see if there are

any tasks that need to be executed. Only when the server has

done what it is supposed to do, the result is then sent to the

client. It is important to understand that the client only sees the

result of the server's work, not the actual instructions.

This means that if you click "view source" on a PHP page, you do

not see the PHP codes - only basic HTML tags. Therefore, you

cannot see how a PHP page is made by using "view source". You

have to learn PHP in other ways, for example, by reading this

tutorial.

WHAT IS SSL?

SSL (Secure Sockets Layer) is a standard security technology for

establishing an encrypted link between a server and a client—

typically a web server (website) and a browser; or a mail server

and a mail client (e.g., Outlook).

SSL allows sensitive information such as credit card numbers,

social security numbers, and login credentials to be transmitted

securely. Normally, data sent between browsers and web servers

is sent in plain text—leaving you vulnerable to eavesdropping. If

an attacker is able to intercept all data being sent between a

browser and a web server they can see and use that information.

More specifically, SSL is a security protocol. Protocols describe

how algorithms should be used; in this case, the SSL protocol

determines variables of the encryption for both the link and the

data being transmitted.

SSL secures millions of peoples’ data on the Internet every day,

especially during online transactions or when transmitting

confidential information. Internet users have come to associate

their online security with the lock icon that comes with an SSL-

secured website or green address bar that comes with an

extended validation SSL-secured website. SSL-secured websites

also begin with https rather than http.

LAMP COMPILATION

flush your firewall before you testing this

[root@patruni] # iptables -F

[root@patruni] # service iptables save

Directory Structure

/usr/local/lamp : This where we compile install the source code

Step1:- Removing the already installed rpms

check whether the rpm's are already there

[root@patruni] #rpm -qa | grep httpd <-- Installed

httpd-2.2.15-15.el6.centos.1.x86_64

[root@patruni] #rpm -qa | grep mysql <-- Installed

mysql-server-5.1.61-4.el6.x86_64

stop the services

[root@patruni] # service httpd stop

[root@patruni] # service mysqld stop

Step2:- Downloading the .tar file

root@patruni] # mkdir /usr/local/src/lamp

[root@patruni] # cd /usr/local/src/lamp

[root@patruni] # wget http://archive.apache.org/dist/httpd/httpd.tar.gz

[root@patruni] # wget http://museum.php.net/php5/php.tar.gx

[root@patruni] # wget http://downloads.skysql.com/archives/mysql-

5.5/mysql-5.5.28.tar.gz

Step4:- Installing Compiler and necessary dependencies

Step5.1:- Compiling and Testing Apache

[root@patruni] # tar -xvf httpd-2.4.10.tar.gz

[root@patruni] # cd /usr/local/src/lamp/httpd-2.4.10

[root@patruni] # ./configure

[root@patruni] # make

[root@patruni] # make install

Step5.2:- Satrting And testing Apache

[root@patruni] # /usr/local/lamp/apache/bin/apachectl start

stating the apache

[root@patruni] # netstat -ntlp | grep httpd checking the apache is

running using netstat

tcp 0 0 :::80 :::* LISTEN 31097/httpd

checking

Now open up a browser and type http://192.168.1.151 you will

get test page containing "It works!" "

6.1 Compiling Mysql

Before Compiling the mysql we need to create a user called

"mysql" so that we can run the mysql service under his privilege

[root@patruni] # groupadd mysql

[root@patruni] # useradd -g mysql mysql

[root@patruni] # cd /usr/local/src/lamp

[root@patruni] # tar -xvf mysql-5.5.30.tar.gz

[root@patruni] # cd mysql-5.5.30

[root@patruni] # pwd

/usr/local/src/lamp/mysql-5.5.30

[root@patruni] # cmake -

DCMAKE_INSTALL_PREFIX=/usr/local/lamp/mysql -

DMYSQL_DATADIR=/usr/local/lamp/mysql/data

[root@patruni] # make

[root@patruni] # make install

[root@patruni] # chown -R mysql:mysql /usr/local/lamp/mysql

[root@patruni] # /usr/local/lamp/mysql/scripts/mysql_install_db --

user=mysql --basedir=/usr/local/lamp/mysql/ \ --

datadir=/usr/local/lamp/mysql/data/

[root@patruni] # cp /usr/local/lamp/mysql/support-files/my-

medium.cnf /etc/my.cnf

7.1 Compiling php

[root@patruni] # cd /usr/local/src/lamp/

[root@patruni] # tar -xvf php-5.4.8.tar.gz

root@patruni] # cd php-5.4.8.tar.gz

[root@patruni] # ./configure --prefix=/usr/local/lamp/php --with-

apxs2=/usr/local/lamp/apache/bin/apxs \

--with-mysql=/usr/local/lamp/mysql/

[root@patruni] # make

[root@patruni] # make install

[root@patruni] #cp /usr/local/src/lamp/php-5.4.8/php.ini-

production /usr/local/lamp/php/lib/php.ini

7.2 Checking php module is installed properly

[root@server php-5.4.8]# /usr/local/lamp/apache/bin/apachectl -t -D

DUMP_MODULES |

grep php

php5_module (shared)

Syntax OK

7.3 Tell apache to process file starting .php extension

Open up the file "/usr/local/lamp/apache/conf/httpd.conf " then

add "AddHandler application/x-httpd-php .php " with in the

<IfModule mime_module> ......</IfModule>

[root@patruni] # vim /usr/local/lamp/apache/conf/httpd.conf

.......................

........................

<IfModule mime_module>

........................

AddType application/x-compress .Z

AddType application/x-gzip .gz .tgz

AddHandler application/x-httpd-php.php.html

</IfModule>

7.4 Checking Everything works properly

Create an index.php under /usr/local/lamp/apache/htdocs/ with

the following contents.

[root@patruni] # vim /usr/local/lamp/apache/htdocs/index.php

<?php

phpinfo ();

?>

[root@patruni] # service httpd restart

[root@patrun] # service mysqld restart

"Now open up a browser and type or http://192.168,1,151you

will get test page containing information”

INSTALLING SSL

1. Create a ssl key and cert using the command " openssl req -

x509 -nodes -days 365 -newkey rsa:2048

-keyout /home/nimy/apachehtdoc/apache.key -out

/home/nimy/apachehtdoc/apache.crt"

2. Edit the httpd.conf file again.

• Uncomment LoadModule ssl_module modules/mod_ssl.so

• Uncomment Include conf/extra/httpd-ssl.conf

3. Edit the httpd-ssl.conf file.

• Change DocumentRoot "/home/nimy/apachehtdoc//htdocs"

• Change ServerName to www.nimy.com

• Change ServerAdmin to nimy@desktop.nimy.com

• Create a virtual host to direct the http request to https with

<VirtualHost _default_:80>

DocumentRoot "/home/nimy/apachehtdoc/htdocs/redirect"

ServerName www.nimy.com

ServerAdmin nimy@desktop.nimy.com

</VirtualHost>

•

Create a file /home/nimy/apachehtdoc/htdocs/redirect/index.php

with

<?php

if ($_SERVER['SERVER_PORT']!=443)

{

$url = "https://". $_SERVER['SERVER_NAME'] . ":443".

$_SERVER['REQUEST_URI'];

header("Location: $url");

}

?>

4. Restart the apache service(bin/apachectl restart).

SCREEN SHORTS

Task -4

Part 1-Setup php as

SuPHP module

in apache

Part 2-Load various

Applications

using domain name

What is suPHP?

suPHP is a tool for executing PHP scripts with the permissions of their

owners or a program that controls who can access certain files. All

scripts executed on the server need to be authorized to run on the

server. This is done through the file permissions. For more information

on file permissions, please read our article about file permissions

Since most PHP scripts run with the user "Nobody" this means that the

control of the file is directly related to the permissions assigned to the

file. Since "Nobody" is not the User or Group member you'd have to

open the file permissions to 0777 for read, write, and execute for all

categories. This is problematic since you're now letting users off the

server execute files. This gives them the ability to add code to the

URL and manipulate the file accordingly. This can give them access to

your entire site depending on the file then modify and how it is written.

This is not an ideal method and could pose a security risk. suPHP will

stop PHP from running as "Nobody" and make it so the files can only

be written by the User allowing better site containment.

Why use suPHP?

The benefit of using suPHP besides better security, is that it will make

any PHP applications (most often CMS systems) such as Mambo more

user friendly. Case in point: If you upload/install anything via Mambo

such as a template on a non-suphp server, then those template files

will be owned by ‘nobody’ and the customer will not be able to edit

them manually or even delete their account. This ownership issue is

done away with suPHP. On a suPHP enabled server, those same

template files will be owned by the account username and the account

holder will be able to manipulate those files as they see fit.

Furthermore, many third party applications require certain folders to

have 777 permissions. 777 permissions mean that the whole world has

write access to them. If your website code has a vulnerability in it

which hackers could upload files to your account, having 777 will

allow them to do so. suPHP does not require 777 permissions, which

makes your website more secure. suPHP will also throw an error

message if it tries to access any folder with 777 permissions.

PHP APPLICATIONS

Drupal

Drupal is one of the most versatile open source

content management systems on the market.

Over a thousand developers contributed to the

code in the most recent version. Drupal is built

for high performance and is scalable to many

servers, has easy integration via REST, JSON,

SOAP and other formats, and features a

whopping 15,000 plugins to extend and

customize the application for just about any

type of website. You won’t feel alone if you use

Drupal; the hundreds of thousands of Drupal

users around the world have built a very robust

community with local meetups and global user

conferences.

Magento

Magento is one of the most popular open

source ecommerce shopping cart systems. It

is extremely flexible and has a huge variety of

features to build just about any store. Features

include SEO-readiness, multi-store support,

marketing tools, deep analytics, catalog

management, a robust shopping cart with

support for multiple shipping addresses and

more. The Magento project is backed by eBay,

so you can be confident that it will be around

for the long run, and it offers multiple editions,

including small business and enterprise

editions, to help grow with your business.

Joomla!

While there are a lot of content management

systems out there, few can boast as many

downloads as Joomla! Originally released in

2005, Joomla! has some very powerful features

such as an intuitive WYSIWYG editor, content

scheduling, SEO-friendly URLs, and more. You

won’t feel alone or stranded if you use Joomla!

because the very active and vibrant

community behind the CMS has contributed

thousands of free and commercial plugins,

offers global and local meetups (and even a

Joomla! community magazine), and commits

frequently to the code base.

phpBB

f you need to build a community forum, try

phpBB. First released in 2000, phpBB is a

bulletin board solution that allows you to

create forums and subforums. phpBB supports

the notion of users and groups, file

attachments, full-text search, notifications and

more. Hundreds of modifications are available

including themes, communications add-ons,

spam management and more.

WordPress

WordPress is a popular blogging software and

powers more than 10% of all websites globally.

Developed by Automattic, WordPress rose to

popularity quickly because of it's up-to-date

development framework, extensive feature set,

flexibility, rapid and multilingual publishing

ability, multi-author support, and thriving

community. Thousands of free and commercial

themes and plugins are available to extend and

personalize WordPress for just about every

situation.

WordPress Hosting versus WordPress Cloud

Hosting

There are many options for hosting WordPress,

including scores of ISPs. Typically if you pay

an ISP more money, you get more hands-on

services, but after WordPress is initially

configured, you may not need these costly

monthly services. Cloud hosting has the many

advantages over traditional ISP hosting

including the efficiency, reliability and

scalability that comes with the shared

resources of cloud operations. In addition,

cloud prices are dropping every few months

and that savings is passed onto cloud

customers.

A major hurdle for WordPress Hosting has been

the difficulty of set up, configuration, and

maintenance. That's where Bitnami can help.

Our one-click images make it incredibly simple

to launch WordPress in the cloud. In minutes

you can have WordPress up-and-running, easily

set the size of your servers, and monitor

monthly costs – all without having to be an IT

professional.

WordPress features include

Rich text and HTML editing

User roles and permissions

Hundreds of themes, many optimized for

mobile users

Thousands of add-ons for ecommerce, SEO,

email, spam filtering, analytics and more

Multi-user and multi-blogging capabilities

Multilingual support

SEO optimized

Plugin architecture and template engine