Linux basics andng hosti
-
Upload
patruni-chidananda-sastry -
Category
Engineering
-
view
112 -
download
0
Transcript of Linux basics andng hosti
INTERNSHIP RE-
PORT
BY PATRUNI C SASTRY
ARMIA SYSTEMS PVT LTD
26TH SEMTEMBER 2014
Task 1
Dns server
setup
What is DNS (Domain Name
Servers)?
DNS is an acronym for Domain Name Server,
and is the system used to translate wordbased
addresses of systems (such as PATRUNI.COM)
to the numerical IP (Internet Protocol) address
of the computer or system that should be
located at that address. All computers and
systems on the Internet use addresses that
look similar to: 192.168.1.151
When you use an alphanumeric address such as
PATRUNI
.COM, your computer needs to understand what
numerical IP addresses it needs to contact, and
this is accomplished through DNS servers. The
answer is delivered back to the requesting
computer via the DNS listed for the domain name.
All domains have at least DNS servers , and your
request for anything related to the domain name
gets sent to one of these servers. In response, the
DNS server sends back the IP address that you
should contact. This works for the Web Site, Mail
Servers, and anything else based on the domain
name.
The DNS database resides on a hierarchy of
special database servers. When
First contacts a DNS server to determine the
server's IP address. If the DNS server does not
contain the needed mapping, it will in turn
forward the request to a different DNS server at
The next higher level in the hierarchy. After
potentially several forwarding and delegation
messages are sent within the DNS hierarchy, the
IP address for the given host eventually arrives at
the resolver that in turn completes the request of
internet protocol
How DNS works?
DNS essentially functions as a distributed database
using a client/server relationship between clients that
need name resolution (mapping host names to IP
addresses) and the servers that maintain the DNS data.
This distributed database structure enables the DNS
name space to be both dynamic and decentralized,
giving local domains control over their own portion of
the DNS database while still enabling any client to
access any part of the database.
At the uppermost level of the DNS name space are the
root servers. The root servers manage the top level
domains: .com, .net, .org,
.mil, .edu, .gov, and .int. With all the domains in
existence today, not to mention all the hosts in those
domains, you can see why the root servers actually
maintain very little information about each domain. In
fact, the only data the root servers typically maintain
about a domain
Are the name servers that are authoritative for the
domain, or which have authority for the domain’s
records?
The authoritative name servers actually maintain the
records for a domain or in some cases delegate some
of or the entire domain to other name servers. The root
servers know the name servers for techrepublic.com,
for example, and within those name servers the
west.techrepublic.com domain is delegated to another
set of name servers that manage that portion of the
overall techrepublic.com domain. In most cases,
domains and their records are either managed directly
by the organization owning the domain or by the ISP
that provides the Internet connection for the
organization.
Configuration and Data Files in
DNS
In addition to the in.named daemon, DNS on a name
server consists of a boot file called named.conf, a
resolver file named resolv.conf, and four types of zone
data files.
This Table gives BIND file names
Solaris Names Content and Purpose of File
/
The configuration file specifies the type of server it is
running on and the
etc./named.con
Zones that it serves as a 'Master', 'Slave', or 'Stub'. It also
defines security,
F
Logging and a finer granularity of options applied to
zones.
/
This file resides on every DNS client (including DNS
servers) and
etc/resolv.co
Designates the servers that the client queries for DNS
information.
Nf
named.ca
This file establishes the names of root servers and lists
their addresses.
Generic: hosts
This file contains all the data about the machines in the
local zone that the
Examples: Server serves.
db.doc
db. Sales
Generic:
This file specifies a zone in the in-addr.arpa. domain, a
special
hosts.rev Domain that allows reverse (address-to-name) mapping.
Examples:
doc.rev
named.local
This file specifies the address for the local loopback
interface, or localhost
$INCLUDE files
Any file identified by an $INCLUDE () statement in a data
file.
DNS Name Servers
DNS name servers maintain mappings of domain names
to IP addresses (and vice versa) and answer queries
including, but not limited to "What is the IP address
associated with this particular domain name?", and
"What is the domain name associated with this
particular IP address?". DNS name servers themselves
also use resolvers to ask other DNS name servers
questions to which they don't know the answers
themselves.
DNS PROPAGATION
When a website is requested through a web browser
(Internet Explorer, Firefox, etc.), the request is first sent
to the computer's Internet Service Provider (ISP) which
contacts the domain's name servers to look up the
location (IP address) of the web hosting server. Caching
occurs when the web hosting server at the IP address
location no longer hosts the website, but a visitor's web
browser still attempts to connect to that server to retrieve
the web page. This happens because the web browser and
the computer's operating system keeps a list of already
looked up IP addresses, and it refers to that list for future
IP address look ups. ISPs also keep their own IP address
list as well. The purpose of this is to speed up web page
loading times, and to reduce the traffic on the Internet.
Unfortunately, this can lead to delays during name server
changes. The case below shows what happens when
there is no caching and what happens when there is
caching.
No caching this is the type of lookup that happens
for someone visiting your website for the first time, or
if they haven't visited your website for a while.
Caching at the ISP level - ISPs keep a list of already looked
up domains. This list is only kept for a couple days. If a
name server change is made, the ISP won't look up the new
IP until the IP kept on the 'Already Retrieved' list expires. So
in the example below, if pcs.patuni.com says 'patruni.com is
at the IP address 192.168.1.151,' the website visitor will not
receive that
Information until the patruni.com IP on the 'Already
Retrieved' list expires.
Caching on your computer. - Even your computer and your
web browser cache IP addresses. That way, there's no need
to go out on the Internet to look up the IP address, which
saves time. But during a name server change, your
computer may still go to the old IP address for a few days.
DOMAIN NAME RESOLUTION
Domain Name Resolution is the task of converting
domain names to their corresponding IP address. This is
all done behind the scenes and is rarely noticed by the
user. When you enter a domain name in an application
that uses the Internet, the application will issue a
command to have the operating system convert the
domain name into its IP address, and then connect to
that IP address to perform whatever operation it is
trying to do.
The way the operating system resolves the domain
name is based upon its configuration. For almost all
operating systems the default order for Domain Name
resolution is as follows:
1. Hosts File there is a file called the HOSTS file
that you can use to convert domain names to IP
addresses. Entries in the HOSTS file override any
mappings that would be resolved via a DNS server.
2. Domain Name system this is the system used on
the Internet for converting domain names to their
corresponding IP addresses. Your operating system
will connect to the DNS server configured on your
computer and have that server return to you the IP
address for the domain name you queried it with.
3. NetBIOS this only applies to Windows machines
and will only be used to map names to IP addresses
if all previous methods failed. This method will at-
tempt to map the NetBIOS name you are trying to
connect to with an IP address.
How about various DNS records?
The main purpose for DNS is to map host names to IP
addresses, and the data that makes that possible are stored as
records in a zone file on the DNS server hosting the zone. Within
each zone file (really just a text file) are resource records that
define host names and other domain elements. There are
several different types of resource records, each of which
performs a specific function. Table lists resource record types
supported by DNS service.
Table
Record
Purpose
d
SOA Specifies authoritative server for the zone
NS Specifies address of domain’s name server(s)
A Maps host name to an address
PTR Maps address to a host name for reverse lookup
CNAM
Creates alias (synonymous) name for specified
host
E
MX Mail exchange server for domain
SRV Defines servers for specific purpose such as HTTP,
FTP, and so on
AAAA Maps host name to Ipv6 address
AFSD Location of AFS cell database server or DCE cell’s
authenticated
B server
HINFO Identifies host’s hardware and OS type
ISDN Maps host name to ISDN address (phone number)
MB Associates host with specified mailbox;
experimental
MG Associates host name with mail group;
experimental
MIN
F O
MR
RP
RT
TXT
WK
S
X.25
WIN
S
WINS
-R
Specifies mailbox name responsible for mail group;
experimental
Specifies mailbox name that is proper rename
of other mailbox; experimental
Identifies responsible person for domain or
host
Specifies intermediate host that routes packets
to destination host Associates textual
information with item in the zone
Describes services provided by specific protocol on
specific port
Maps host name to X.121 address (X.25
networks); used in conjunction with RT
records
Allows lookup of host portion of domain
name through WINS server
Reverses lookup through WINS server
ATMA Maps domain name to ATM address
As you can see in Table B, there are a lot of resource
record types to deal with. Fortunately, most installations
only require a few of the more common types, including
SOA, A, NS, PTR, CNAME, and MX. The SOA record
indicates that the server is authoritative for the zone,
automatically creates an SOA record when you create a
zone. The NS records identify the name servers for the
zone.
TASK 1
SETUP THE BIND DNS SERVER AND
SETUP A DOMAIN.
1. Downloaded BIND-9.10.0-P2.tar.gz .
2.Extracted it using tar -xvf bind-9.10.0-
P2.tar.gz command.
[root@desktop ~]# tar -xvf bind-9.10.0-
P2.tar.gz
3.Installed the dependencies gcc, gcc-c++,
ncurses, openssl-devel.
4. Created a directory called bind in
/usr/local and copied the extracted file to
this directory. Then run the configure script
with argument
“./configure –prefix=/usr/local/bind
inorder” to create a chroot environment.
[root@desktop ~]# mkdir /usr/local/
5.Run “make” and “make install” commands.
[root@desktop ~]# make
[root@desktop ~]# make
install
6. Created a group called named. Also
created a user called named with home
directory “usr/local/bind” , shell /bin/false
and the user is a member of named
group.Assigned the user ownership to user
named.
7. Dummy directories like etc, dev, usr etc.
are created.
8. Edit the configuration files
vim /etc/named.conf
9. check the named.conf file is correct
namedcheckconf /etc/named.conf
10. create zone file
cp/var/named/named.localhost
/var/named/fwd.patruni.com.zone
11. change the group ownership fwd.patruni.com.zone
chgrp named /var/named/fwd.patruni.com.zone
12. edit the forward zone file
vim /var/named/fwd.patruni.com.zone
13. check the patruni.com.zone file is correct
namedcheckzone patruni.com
/var/named/fwd.patruni.com.zone
14. just restart the service of dns
service named
restart chkconfig
named on
15. next is step is create reverse zone file to edit ..
cp/var/named/fwd.patruni.com.zone/var/named/rev.patru
ni.com. zone
chgrp named /var/named/rev.patruni.com.zone
vim /var/named/rev.patruni.com.zone
16. to check the reverse zone file
namedcheckzone 0.168.192.inaddr.arpa
/var/named/rev.patruni.com.zone
17.Started and added the service to checkconfig.
18.Modified /etc/resolv.conf and added the nameserver
192.168.1.151
19. Tested A record by running the command dig
pcs.patruni.com
20.Tested MX record by running the
command dig t MX desktop.nakul.com
21.Tested TXT record by running the
command dig t TXT pcs.patruni.com
STEPS TAKEN TO SECURE
THE DNS SERVER
1. Installed bind in a chroot environment
(/usr/local/bind).
2. Configured bind to run as nonroot user named.
3. User and group ownerships of the files in bind
dierctory is given to user and group named.
4. Configuration file named.conf and zone files was
given permission
640.
5. Bind was configured to listen to port 53 and
on a specific IP 192.168.1.151
and on loopback(127.0.0.1).
6. Bind was configured to answer the query
from the network 192.168.1.0/24
and loopback(127.0.0.1).
7. DNSSEC and validation are set.
8. Server version is not specified.
9. Allowtransfer and allowupdate are set to none.
10. Recursion is set to no.
Task 2
1.Exim, - server-
create a user at the
domain name and
send a mail to root
2.Postfix + MySQL
authentication
Mail Servers
A mail server is the computerized equivalent of your
friendly neighborhood mailman. Every email that is
sent passes through a series of mail servers along
its way to its intended recipient. ie, Mail exchanged
across networks is passed between mail servers
that run specially designed software. This software
is built around agreed-upon, standardized protocols
for handling mail messages and any data files (such
as images, multimedia or documents) that might be
attached to them.
Without this series of mail servers, you would only
be able to send emails to people whose email
address domains matched your own - i.e., you could
only send messages from one example.com account
to another example.com account.
Types of Mail Servers
Mail servers can be broken down into two main
categories: outgoing mail servers and incoming mail
Servers. Outgoing mail servers are known as SMTP,
or Simple Mail Transfer Protocol, servers. Incoming
mail servers come in two main varieties. POP3, or
Post Office Protocol, version 3, servers are best
known for storing sent and received messages on
PCs' local hard drives. IMAP, or Internet Message
Access Protocol, servers always store copies of
messages on servers. Most POP3 servers can store
messages on servers, too, which is a lot more
convenient.
SMTP: Mail delivery from a client application to the
server, and from an originating server to the
destination server, is handled by the Simple Mail
Transfer Protocol. But the issue with this SMTP is
that it does not need authentication which results in
open door for spam emails. Port used is 465.
POP(Post Office Protocol): When using a POP server,
email messages are downloaded by email client
application. POP is fully compatible with important
Internet messaging standards, such as
Multipurpose Internet Mail Extensions (MIME), which
allow for email attachments. The most current
version of the standard POP protocol is POP3. Port
used is 995. For added security, it is possible to use
Secure Socket Layer (SSL) encryption for client
authentication and data transfer sessions.
IMAP(Internet Message Access Protocol): When
using an IMAP mail server, email messages remain
on the server where users can read or delete them.
IMAP also allows client applications to create,
rename, or delete mail directories on the server to
organize and store email. Port used is 993. IMAP is
particularly useful for users who access their email
using multiple machines. The protocol is also
convenient for users connecting to the mail server
via a slow connection, because only the email
header information is downloaded for messages until
opened, saving bandwidth. The user also has the
ability to delete messages without viewing or
downloading them.
Mail Transfer Agent(MTA)
A message transfer agent (MTA) is a software
application used within an Internet message
handling system (MHS). It is responsible for
transferring and routing an electronic mail message
from the sender’s computer to the recipient’s
computer. The basic platform for an MTA is an
exchange system with client/server architecture. A
message transfer agent receives incoming emails
and forwards the messages to individual
clients/users. The main function of the MTA is
forwarding the incoming message to the proper end-
user or destination.
The major functions of an MTA are:
• Accepting messages originating from the user
agent and forwarding them to their destination
(other user agents).
• Receiving all messages that are transmitted from
other user agents for further transmission.
• Keeping track of each and every activity and
analyzing and storing the recipient list to perform
future routing functions.
• Sending auto-responses about nondelivery when a
message does not reach its intended
destination.
The common MTA's in Linux are
• Postfix
• Sendmail
• Exim
• Fetchmail
Mail Delivery Agent(MDA)
A Mail Delivery Agent (MDA) is invoked by the MTA to
file incoming email in the proper user's mailbox. In
many cases, the MDA is actually a Local Delivery
Agent (LDA), such as mail or Procmail. Any program
that actually handles a message for delivery to the
point where it can be read by an email client
application can be considered an MDA. For this
reason, some MTAs (such as Sendmail and Postfix)
can fill the role of an MDA when they append new
email messages to a local user's mail spool file. In
general, MDAs do not transport messages between
systems nor do they provide a user interface; MDAs
distribute and sort messages on the local machine
for an email client application to access. Common
examples of MDA include Procmail and mail.
Mail User Agent(MUA)
A MUA is an application that is used to send and
receive email. It is a computer program used to
access and manage a user's email. Many MUAs are
capable of retrieving messages via the POP or IMAP
protocols, setting up mailboxes to store messages
and sending outbound messages to an MTA. MUAs
may be graphical, such as Evolution, or have simple
text-based interfaces, such as pine, MUTT.
WHAT IS EXIM
Exim is a mail transfer agent (MTA) for hosts that are
running Unix or Unix-like operating systems. Its first
version was written in 1995 by Philip Hazel for use in
the University of Cambridge Computing
Service's email systems. Exim is distributed under
the GPL, and therefore is free to download, use and
modify.It was designed on the assumption that it
would be run on hosts that are permanently
connected to the Internet. However, it can be used
on intermittently connected hosts with suitable
configuration adjustments.
Early MTAs were usually run as open relays, just
routing and delivering mail without applying many
rules or security controls. Exim features include user
options for defense against mail bombs and
unsolicited junk mail. Exim can be run on any TCP/IP
network, in conjunction with any combination of host
and user software, and is the default MTA included
on most Linux systems. Each mail handled by Exim
will have a unique message-ID. Most commands
related to managing the queue and logging use these
message-ids. Exim log files are stored in
/var/spool/exim/msglog and arenamed the same as
the message-id. Files in /var/spool/exim/input are
named after the message-id. Eximis not a complete
email server package,it’s a mail transfer agent and a
mail submission agent. It doesnot support IMAP or
POP protocols, though it can deliver messages to
mail stores that do, either usingSMTP or LMTP
message delivery, or in some cases by saving
messages directly into mailboxes. Eximdoesn't have
a Graphical User Interfaceected to the Internet.
However, it can be used on intermittently connected
hosts with suitable configuration adjustments. Early
MTAs were usually run as open relays, just routing
and delivering mail without applying many rules or
security controls. Exim features include user options
for defense against mail bombs and unsolicited junk
mail. Exim can be run on any TCP/IP network, in
conjunction with any combination of host and user
software, and is the default MTA included on most
Linux systems. Each mail handled by Exim will have
a unique message-ID. Most commands related to
managing the queue and logging use these message-
ids. Exim log files are stored in
/var/spool/exim/msglog and are named the same as
the message-id. Files in /var/spool/exim/input are
named after the message-id. Exim is not a complete
email server package,it’s a mail transfer agent and a
mail submission agent. It does not support IMAP or
POP protocols, though it can deliver messages to
mail stores that do, either using SMTP or LMTP
message delivery, or in some cases by saving
messages directly into mailboxes. Exim doesn't have
a Graphical User Interface
EXIM INSTALLATION
1)install gcc -y
2) install db4-devel -y
3) install pcre.x86_64 pcre-devel.x86_64 -y
4) echo "exim:x:111:111::/var/spool/mail:/bin/false" >> /etc/passwd
5) echo "exim:x:111:" >> /etc/group
6) mkdir -p /var/spool/mail && mkdir -p /var/log/exim && chown
exim:exim /var/spool/mail && chown exim:adm /var/log/exim && chmod
1777 /var/spool/mail && chmod 2750 /var/log/exim
7) cd /usr/local/src/
8) wget http://ftp.exim.org/pub/exim/exim4/exim-4.84.tar.bz2
9) bunzip2 exim-4.84.tar.bz2
10) tar -xf exim-4.84.tar
11) cd exim-4.84/
12) vim src/EDITME
# only change the following variables with these values
BIN_DIRECTORY=/usr/sbin
CONFIGURE_FILE=/etc/exim/exim.conf
EXIM_USER=exim
#EXIM_MONITOR=eximon.bin # hash this line.
13) cp src/EDITME Local/Makefile
14) make
15) make install
16) mv /usr/lib/sendmail /usr/lib/sendmail-bkp
17) mv /usr/sbin/sendmail /usr/sbin/sendmail-bkp
18) killall sendmail
19) ps aux | grep sendmail ( make sure sendmail is not running )
20) ln -s /usr/sbin/exim /usr/sbin/sendmail
21) ln -s /usr/sbin/exim /usr/lib/sendmail
22) /usr/sbin/sendmail -bd -q15m
checking the connection gor host
# ps aux | grep exim
exim 28002 0.0 0.0 28960 912 ? Ss 17:18 0:00
/usr/sbin/sendmail -bd -q15m
root 28036 0.0 0.0 103236 860 pts/0 R+ 17:18 0:00 grep exim
]# telnet localhost 25
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 localhost ESMTP Exim 4.84 Thu, 28 Aug 2014 17:18:59 +0000
23)Edited the runtime configuration file for exim
following changes:
“/usr/local/exim/configure”
and made the
primary_hostname = desktop.nimy.com (mail domain)
never_users = exim
host_lookup = * (reverse DNS lookup on all incoming iP calls, in order
to get the true host
name.)
24) Created the command alias for easy execution:
vim etc/bashrc
exim='/usr/exim/bin/exim'
25)Now mail can be send using exim.
exim mail
POSTFIX + MYSQL
AUTHENTICATION
WHAT IS POSTFIX
Postfix is a free and open-source mail transfer agent (MTA) that
routes and delivers electronic mail, intended as an alternative to
the widely used Sendmail MTA. It attempts to be fast and easy to
administer and secure. Inorder to improve security, Postfix uses
a modular design, where small
processes with limited privileges are launched by a master
daemon. The smaller, less privileged processes perform very
specific tasks related to the various stages of mail delivery and
run in a change rooted environment to limit the effects of
attacks. Postfix provides a variety of configuration options, as
well as third party add-ons that make it a very
versatile and full featured MTA.
WHAT IS MySQL
MySQL is the world's second most widely used open-source
relational database management system (RDBMS). It is named
after co-founder Michael Widenius's daughter, My. The SQL
phrase stands for Structured Query Language. MySQL is a
relational database management system (RDBMS), and ships
with no GUI tools to administer MySQL databases or manage
data contained within the databases. Users may use the included
command line tools, or use MySQL "front-ends", desktop
software and web applications that create and manage MySQL
databases, build database structures, back up data, inspect
status, and work with data records.
MySQL can be built and installed manually from source code, but
this can be tedious so it is more commonly installed from a
binary package unless special customizations are required. On
most Linux distributions the package management system can
download and install MySQL with minimal effort, though further
configuration is often required to adjust security and
optimization settings. The Postfix mysql map type allows us to
hook up Postfix to a MySQL database. This implementation
allows for multiple mysql databases. We can use one for a virtual
table, one for an access table, and one for an aliases table if we
want. We can specify multiple servers for the same database, so
that Postfix can switch to a good database server if one goes
bad.
The default port used by mysql is 3306. Mysql is the world’s most
used open source relational database management system
(RDBMS).
WHAT IS Cyrus SASL
The Cyrus SASL package contains a Simple Authentication and
Security Layer, a method for adding authentication support to
connection-based protocols. To use SASL, a protocol includes a
command for identifying and authenticating a user to a server
and for optionally negotiating protection of subsequent protocol
interactions. If its use is negotiated, a security layer is inserted
between the protocol and the connection . SMTP servers need to
decide whether an SMTP client is authorized to send mail to
remote destinations or only to destinations that the server itself
is responsible for. SMTP clients outside the SMTP server's
network need a different way to get "same network" privileges.
To address this need, Postfix supports SASL authentication with
this a remote SMTP client can authenticate to the Postfix SMTP
server, and the Postfix SMTP client can authenticate to a remote
SMTP server. Once a client is authenticated, a server can give it
"same network" privileges.
Postfix does not implement SASL itself, but instead uses existing
implementations as building blocks. This means that some SASL-
related configuration files will belong to Postfix, while other
configuration files belong to the specific SASL implementation
that Postfix will use. Configuring the SASL implementation to
offer a list of mechanisms that are suitable for SASL
authentication and, depending on the SASL implementation used,
configuring authentication backbends that verify the remote
SMTP client's authentication data against the system password
file or some other database. Currently the Postfix SMTP server
supports the Cyrus SASL and Dovecot SASL implementations.
Configuring Postfix with MySql Authentication
Download the source files
• postfix- 2.11.1.tar.gz.
• mysql-5.5.28.tar.gz
• cyrus-sasl-2.1.25.tar.gz
Extracted them using “tar -xvf” command.
Install the following dependencies
• gcc
• gcc-c++
• ncurses-devel
• libxml2-devel
• cmake
Installing MySql
1. Changed the pwd to “/usr/src/mysql/mysql-5.5.28” directory
where the source file is untarred.
2. Run the command “cmake
-DCMAKE_INSTALL_PREFIX=/usr/local/mysql
-DMYSQL_DATADIR=/usr/local/mysql/data” .
3. Run the commands “make” and “make install”.
4. Created the mysql user and group.
5. Changed the pwd to “/usr/local/mysql”
6. Run the command chown –R mysql.mysql*
7. Run scripts/mysql_install_dbwith argument “--user=mysql --
basedir=/usr/local/mysql
--datadir=/usr/local/mysql/data”
8. Run the command “bin/mysqld_safe –user=mysql &”
9. Copied “support-files/my-default.cnf” file to “/etc/my.cnf”.
10. Also copied “support-files/mysql.server” to
“/etc/init.d/mysqld”.
11. Added the mysqld service to chkconfig:
• chkconfig –add mysqld
12. Run the script “bin/mysql_secure_installation” to set
password for root sql access.
13. Started the mysqld service.
Installing Cyrus SASL
1. Changed the pwd to “/usr/src/cyrus/cyrus-sasl-2.1.25.tar.gz”
directory where the source file is
untarred.
2.Run the commands “./configure” , “make” and “make install”.
Installing Postfix
1. Change the pwd to “/usr/src/postfix/postfix-2.11.1”.
2. Created users postfix and postdrop.
3. Run the command “make makefiles 'CCARGS=-DHAS_MYSQL -
I/usr/local/mysql/include
-I/usr/local/mysql/include/mysql
-I/usr/local/include/sasl
-DUSE_CYRUS_SASL
-DUSE_SASL_AUTH
-I/usr/local/bdb/include' 'AUXLIBS=-L/usr/local/mysql/lib
-lmysqlclient -lz -lm -L/usr/local/lib -lsasl2' ”
4.Run “make” and “make install” commands.
Configuring Postfix with MySql Authentication
Edited the postfix configuration file “/etc/postfix/main.cf” and
made the necessary changes:
mail_owner = postfix
myhostname = desktop.nimy.com
mydomain = nimy.com
myorigin = $mydomain
inet_interfaces = all
relay_domains = *
Adding entry for virtual mail box: Adding entry for SASL
Authentication.
Create user “vmail” with uid 5000 .
Create virtual mail directory”mkdir /var/mail/virtual/” .
Set permissions for the virtual directory
“chown vmail:vmail /var/mail/virtual”
“ chmod 700 /var/mail/virtual”
Uncomment the line starting with 'submission' and 'smtps' in
/etc/postfix/master.cf file.
Create SQL Schema and Tables.
CREATE USER 'postfix'@'127.0.0.1' IDENTIFIED BY 'redhat';
GRANT USAGE ON * . * TO 'postfix'@'127.0.0.1' IDENTIFIED BY
'redhat';
CREATE DATABASE IF NOT EXISTS `postfix` ;
GRANT ALL PRIVILEGES ON `postfix` . * TO 'postfix'@'127.0.0.1';
USE `postfix`;
CREATE TABLE `aliases` (
`lookup` varchar(255) NOT NULL,
`destination` varchar(255) NOT NULL DEFAULT '',
`enabled` tinyint(1) NOT NULL DEFAULT '1'
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
CREATE TABLE `domains` (
`domain` varchar(120) NOT NULL DEFAULT '',
`enabled` tinyint(1) NOT NULL DEFAULT '1',
PRIMARY KEY (`domain`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
CREATE TABLE `users` (
`username` varchar(255) NOT NULL,
\password` blob DEFAULT NULL,
`enabled` tinyint(1) NOT NULL DEFAULT '1',
PRIMARY KEY (`username`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
CREATE TABLE `delegates` (
`username` varchar(255) NOT NULL DEFAULT '',
`sendas` varchar(255) NOT NULL DEFAULT ''
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
Creating MySQL Lookup Files
1) Create file /etc/postfix/virtual_alias_maps.sql with
hosts = 127.0.0.1
user = postfix
password = redhat
dbname = postfix
query = SELECT destination FROM aliases WHERE lookup = '%s'
AND enabled = 1
2) Create file /etc/postfix/virtual_domains_maps.sql with
hosts = 127.0.0.1
user = postfix
password = redhat
dbname = postfix
query = SELECT domain FROM domains WHERE domain = '%s'
AND enabled = 1
3) Create file /etc/postfix/virtual_mailbox_maps.sql
hosts = 127.0.0.1
user = postfix
password = redhat
dbname = postfix
query = SELECT username FROM users WHERE username = '%s'
AND enabled = 1
result_format = %d/%u/
4)Create file /etc/postfix/smtpd_sender_login_maps.sql with
hosts = 127.0.0.1
user = postfix
password = redhat
dbname = postfix
query = SELECT username FROM delegates WHERE sendas = '%s'
Setting up SASL Authentication
Create file /usr/local/lib/sasl2/smtpd.conf with
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: plain login cram-md5 digest-md5 gssapi
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: postfix
sql_passwd: redhat
sql_database: postfix
sql_select: SELECT CAST(AES_DECRYPT(password, 'mysaltkey')
AS CHAR)
FROM users WHERE username = '%u@%r' AND enabled = 1
Inserting to the tables aliases, domains, delegates and
users
Adding domain names and user example.com
INSERT INTO `domains` (`domain`) VALUES ('example.com');
INSERT INTO `users` (`username`,`password`) VALUES
('[email protected]',AES_ENCRYPT('redhat','mysaltkey'));
INSERT INTO `users` (`username`,`password`) VALUES
('[email protected]',AES_ENCRYPT('redhat','mysaltkey'));
INSERT INTO `delegates` (`username`,`sendas`) VALUES
('[email protected]','[email protected]');
INSERT INTO `aliases` (`lookup`,`destination`) VALUES
('[email protected]','[email protected]');
•
Adding domain names and user nimy.com
INSERT INTO `domains` (`domain`) VALUES ('nimy.com');
INSERT INTO `users` (`username`,`password`) VALUES
('[email protected]',AES_ENCRYPT('redhat','mysaltkey'));
INSERT INTO `users` (`username`,`password`) VALUES
('[email protected]',AES_ENCRYPT('redhat','mysaltkey'));
INSERT INTO `delegates` (`username`,`sendas`) VALUES
('[email protected]','[email protected]');
INSERT INTO `aliases` (`lookup`,`destination`) VALUES
('[email protected]','[email protected]');
Started the postfix service(/usr/sbin/postfix start).
mysql running
Checking whether the modules mysql and dovecot are added to
postfix
MySQL Databases and Tables
Task -3
LAMP SERVER
CONFIGURATION
WHAT IS LAMP?
Short for Linux, Apache, MySQL and PHP, an open-source
Web development platform, also called a Web stack, that
uses Linux as the operating system, Apache as the Web
server, MySQL as the RDBMS and PHP as the object-oriented
scripting language. Perl or Python is often substituted for
PHP.
The key to the idea behind LAMP, a term originally coined by
Michael Kunze in the German magazine c't in 1998, is the
use of these items together. Although not actually designed
to work together, these open source software alternatives
are readily and freely available as each of the components
in the LAMP stack is an example of Free or Open Source
Software (FOSS).
LAMP has become a de facto development standard. Today,
the products that make up the LAMP stack are included by
default in nearly all Linux distributions, and together they
make a powerful web application platform. The original
LAMP acronym has spawned a number of other, related
acronyms that capitalize on the main focus of the original
combination of technologies to provide feature rich Web
sites. Some of these related Web stacks include LAPP,
MAMP, and BAMP.The LAMP platform consists of four
components that are structured in a layered way. Each layer
provides a critical part of the entire software stack:
• Linux. Linux is the lowest-level layer and provides the
operating system. Linux actually runs each of the other
components. You are not specifically limited to Linux,
however; you can easily run each of the other
components on Microsoft®; Windows®;, Mac OS X, or
UNIX® if you need to.
• Apache. The next layer is Apache, the Web server.
Apache provides the mechanics for getting a Web page
to a user. Apache is a stable, mission-critical-capable
server, and it runs more than 65 percent of all Web sites
on the Internet. The PHP component actually sits inside
Apache, and you use Apache and PHP together to
create your dynamic pages.
• MySQL. MySQL provides the data-storage side of the
LAMP system. With MySQL, you have access to a very
capable database suitable for running large and
complex sites. Within your Web application, all your
data, products, accounts, and other types of
information will reside in this database in a format that
you can easily query with the SQL language.
• PHP. PHP is a simple and efficient programming
language that provides the glue for all the other parts of
the LAMP system. You use PHP to write dynamic
content capable of accessing the data in the MySQL
database and some of the features that Linux provides.
WHAT DOES APACHE WEB
SERVER MEAN?
Apache Web Server is an open source Web server creation,
deployment and management software. Initially developed by a
group of software programmers, it is now maintained by the
Apache Software Foundation.
With over 100 million websites and over 50 percent of the global
market share, Apache Web Server is one of the most commonly
used applications for website hosting
Apache Web Server is designed to create Web servers that have
the ability to host one or more HTTP-based websites. Notable
features include the ability to support multiple programming
languages, server side scripting, an authentication mechanism
and database support. Apache Web Server can be enhanced by
manipulating the code base or adding multiple extensions/add-
ons.
It is also widely used by Web hosting companies for the purpose
of providing shared/virtual hosting, as by default, Apache Web
Server supports and distinguishes between different hosts that
reside on the same machine. the most current version of Apache
Web Server is version 2.4.3.
WHAT IS MYSQL?
• MySQL is a database system used on the web
• MySQL is a database system that runs on a server
• MySQL is ideal for both small and large applications
• MySQL is very fast, reliable, and easy to use
• MySQL supports standard SQL
• MySQL compiles on a number of platforms
• MySQL is free to download and use
• MySQL is developed, distributed, and supported by
Oracle Corporation
• MySQL is named after co-founder Monty Widenius's
daughter: My
WHAT IS PHP?
PHP was originally an acronym for Personal Home Pages, but is
now a recursive acronym for PHP: Hypertext Preprocessor.
PHP was originally developed by the Danish Greenlander Rasmus
Lerdorf, and was subsequently developed as open source. PHP is
not a proper web standard - but an open-source technology. PHP
is neither real programming language - but PHP lets you use so-
called scripting in your documents.To describe what a PHP page
is, you could say that it is a file with the extension .php that
contains a combination of HTML tags and scripts that run on a
web server.
How does PHP work?
The best way to explain how PHP works is by comparing it with
standard HTML. Imagine you type the address of an HTML
document (e.g.http://www.mysite.com/page.htm) in the address
line of the browser. This way you request an HTML page. the
server simply sends an HTML file to the client. But if you instead
type http://www.mysite.com/page.php - and thus request an PHP
page - the server is put to work:
The server first reads the PHP file carefully to see if there are
any tasks that need to be executed. Only when the server has
done what it is supposed to do, the result is then sent to the
client. It is important to understand that the client only sees the
result of the server's work, not the actual instructions.
This means that if you click "view source" on a PHP page, you do
not see the PHP codes - only basic HTML tags. Therefore, you
cannot see how a PHP page is made by using "view source". You
have to learn PHP in other ways, for example, by reading this
tutorial.
WHAT IS SSL?
SSL (Secure Sockets Layer) is a standard security technology for
establishing an encrypted link between a server and a client—
typically a web server (website) and a browser; or a mail server
and a mail client (e.g., Outlook).
SSL allows sensitive information such as credit card numbers,
social security numbers, and login credentials to be transmitted
securely. Normally, data sent between browsers and web servers
is sent in plain text—leaving you vulnerable to eavesdropping. If
an attacker is able to intercept all data being sent between a
browser and a web server they can see and use that information.
More specifically, SSL is a security protocol. Protocols describe
how algorithms should be used; in this case, the SSL protocol
determines variables of the encryption for both the link and the
data being transmitted.
SSL secures millions of peoples’ data on the Internet every day,
especially during online transactions or when transmitting
confidential information. Internet users have come to associate
their online security with the lock icon that comes with an SSL-
secured website or green address bar that comes with an
extended validation SSL-secured website. SSL-secured websites
also begin with https rather than http.
LAMP COMPILATION
flush your firewall before you testing this
[root@patruni] # iptables -F
[root@patruni] # service iptables save
Directory Structure
/usr/local/lamp : This where we compile install the source code
Step1:- Removing the already installed rpms
check whether the rpm's are already there
[root@patruni] #rpm -qa | grep httpd <-- Installed
httpd-2.2.15-15.el6.centos.1.x86_64
[root@patruni] #rpm -qa | grep mysql <-- Installed
mysql-server-5.1.61-4.el6.x86_64
stop the services
[root@patruni] # service httpd stop
[root@patruni] # service mysqld stop
Step2:- Downloading the .tar file
root@patruni] # mkdir /usr/local/src/lamp
[root@patruni] # cd /usr/local/src/lamp
[root@patruni] # wget http://archive.apache.org/dist/httpd/httpd.tar.gz
[root@patruni] # wget http://museum.php.net/php5/php.tar.gx
[root@patruni] # wget http://downloads.skysql.com/archives/mysql-
5.5/mysql-5.5.28.tar.gz
Step4:- Installing Compiler and necessary dependencies
Step5.1:- Compiling and Testing Apache
[root@patruni] # tar -xvf httpd-2.4.10.tar.gz
[root@patruni] # cd /usr/local/src/lamp/httpd-2.4.10
[root@patruni] # ./configure
[root@patruni] # make
[root@patruni] # make install
Step5.2:- Satrting And testing Apache
[root@patruni] # /usr/local/lamp/apache/bin/apachectl start
stating the apache
[root@patruni] # netstat -ntlp | grep httpd checking the apache is
running using netstat
tcp 0 0 :::80 :::* LISTEN 31097/httpd
checking
Now open up a browser and type http://192.168.1.151 you will
get test page containing "It works!" "
6.1 Compiling Mysql
Before Compiling the mysql we need to create a user called
"mysql" so that we can run the mysql service under his privilege
[root@patruni] # groupadd mysql
[root@patruni] # useradd -g mysql mysql
[root@patruni] # cd /usr/local/src/lamp
[root@patruni] # tar -xvf mysql-5.5.30.tar.gz
[root@patruni] # cd mysql-5.5.30
[root@patruni] # pwd
/usr/local/src/lamp/mysql-5.5.30
[root@patruni] # cmake -
DCMAKE_INSTALL_PREFIX=/usr/local/lamp/mysql -
DMYSQL_DATADIR=/usr/local/lamp/mysql/data
[root@patruni] # make
[root@patruni] # make install
[root@patruni] # chown -R mysql:mysql /usr/local/lamp/mysql
[root@patruni] # /usr/local/lamp/mysql/scripts/mysql_install_db --
user=mysql --basedir=/usr/local/lamp/mysql/ \ --
datadir=/usr/local/lamp/mysql/data/
[root@patruni] # cp /usr/local/lamp/mysql/support-files/my-
medium.cnf /etc/my.cnf
7.1 Compiling php
[root@patruni] # cd /usr/local/src/lamp/
[root@patruni] # tar -xvf php-5.4.8.tar.gz
root@patruni] # cd php-5.4.8.tar.gz
[root@patruni] # ./configure --prefix=/usr/local/lamp/php --with-
apxs2=/usr/local/lamp/apache/bin/apxs \
--with-mysql=/usr/local/lamp/mysql/
[root@patruni] # make
[root@patruni] # make install
[root@patruni] #cp /usr/local/src/lamp/php-5.4.8/php.ini-
production /usr/local/lamp/php/lib/php.ini
7.2 Checking php module is installed properly
[root@server php-5.4.8]# /usr/local/lamp/apache/bin/apachectl -t -D
DUMP_MODULES |
grep php
php5_module (shared)
Syntax OK
7.3 Tell apache to process file starting .php extension
Open up the file "/usr/local/lamp/apache/conf/httpd.conf " then
add "AddHandler application/x-httpd-php .php " with in the
<IfModule mime_module> ......</IfModule>
[root@patruni] # vim /usr/local/lamp/apache/conf/httpd.conf
.......................
........................
<IfModule mime_module>
........................
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddHandler application/x-httpd-php.php.html
</IfModule>
7.4 Checking Everything works properly
Create an index.php under /usr/local/lamp/apache/htdocs/ with
the following contents.
[root@patruni] # vim /usr/local/lamp/apache/htdocs/index.php
<?php
phpinfo ();
?>
[root@patruni] # service httpd restart
[root@patrun] # service mysqld restart
"Now open up a browser and type or http://192.168,1,151you
will get test page containing information”
INSTALLING SSL
1. Create a ssl key and cert using the command " openssl req -
x509 -nodes -days 365 -newkey rsa:2048
-keyout /home/nimy/apachehtdoc/apache.key -out
/home/nimy/apachehtdoc/apache.crt"
2. Edit the httpd.conf file again.
• Uncomment LoadModule ssl_module modules/mod_ssl.so
• Uncomment Include conf/extra/httpd-ssl.conf
3. Edit the httpd-ssl.conf file.
• Change DocumentRoot "/home/nimy/apachehtdoc//htdocs"
• Change ServerName to www.nimy.com
• Change ServerAdmin to [email protected]
• Create a virtual host to direct the http request to https with
<VirtualHost _default_:80>
DocumentRoot "/home/nimy/apachehtdoc/htdocs/redirect"
ServerName www.nimy.com
ServerAdmin [email protected]
</VirtualHost>
•
Create a file /home/nimy/apachehtdoc/htdocs/redirect/index.php
with
<?php
if ($_SERVER['SERVER_PORT']!=443)
{
$url = "https://". $_SERVER['SERVER_NAME'] . ":443".
$_SERVER['REQUEST_URI'];
header("Location: $url");
}
?>
4. Restart the apache service(bin/apachectl restart).
SCREEN SHORTS
Task -4
Part 1-Setup php as
SuPHP module
in apache
Part 2-Load various
Applications
using domain name
What is suPHP?
suPHP is a tool for executing PHP scripts with the permissions of their
owners or a program that controls who can access certain files. All
scripts executed on the server need to be authorized to run on the
server. This is done through the file permissions. For more information
on file permissions, please read our article about file permissions
Since most PHP scripts run with the user "Nobody" this means that the
control of the file is directly related to the permissions assigned to the
file. Since "Nobody" is not the User or Group member you'd have to
open the file permissions to 0777 for read, write, and execute for all
categories. This is problematic since you're now letting users off the
server execute files. This gives them the ability to add code to the
URL and manipulate the file accordingly. This can give them access to
your entire site depending on the file then modify and how it is written.
This is not an ideal method and could pose a security risk. suPHP will
stop PHP from running as "Nobody" and make it so the files can only
be written by the User allowing better site containment.
Why use suPHP?
The benefit of using suPHP besides better security, is that it will make
any PHP applications (most often CMS systems) such as Mambo more
user friendly. Case in point: If you upload/install anything via Mambo
such as a template on a non-suphp server, then those template files
will be owned by ‘nobody’ and the customer will not be able to edit
them manually or even delete their account. This ownership issue is
done away with suPHP. On a suPHP enabled server, those same
template files will be owned by the account username and the account
holder will be able to manipulate those files as they see fit.
Furthermore, many third party applications require certain folders to
have 777 permissions. 777 permissions mean that the whole world has
write access to them. If your website code has a vulnerability in it
which hackers could upload files to your account, having 777 will
allow them to do so. suPHP does not require 777 permissions, which
makes your website more secure. suPHP will also throw an error
message if it tries to access any folder with 777 permissions.
PHP APPLICATIONS
Drupal
Drupal is one of the most versatile open source
content management systems on the market.
Over a thousand developers contributed to the
code in the most recent version. Drupal is built
for high performance and is scalable to many
servers, has easy integration via REST, JSON,
SOAP and other formats, and features a
whopping 15,000 plugins to extend and
customize the application for just about any
type of website. You won’t feel alone if you use
Drupal; the hundreds of thousands of Drupal
users around the world have built a very robust
community with local meetups and global user
conferences.
Magento
Magento is one of the most popular open
source ecommerce shopping cart systems. It
is extremely flexible and has a huge variety of
features to build just about any store. Features
include SEO-readiness, multi-store support,
marketing tools, deep analytics, catalog
management, a robust shopping cart with
support for multiple shipping addresses and
more. The Magento project is backed by eBay,
so you can be confident that it will be around
for the long run, and it offers multiple editions,
including small business and enterprise
editions, to help grow with your business.
Joomla!
While there are a lot of content management
systems out there, few can boast as many
downloads as Joomla! Originally released in
2005, Joomla! has some very powerful features
such as an intuitive WYSIWYG editor, content
scheduling, SEO-friendly URLs, and more. You
won’t feel alone or stranded if you use Joomla!
because the very active and vibrant
community behind the CMS has contributed
thousands of free and commercial plugins,
offers global and local meetups (and even a
Joomla! community magazine), and commits
frequently to the code base.
phpBB
f you need to build a community forum, try
phpBB. First released in 2000, phpBB is a
bulletin board solution that allows you to
create forums and subforums. phpBB supports
the notion of users and groups, file
attachments, full-text search, notifications and
more. Hundreds of modifications are available
including themes, communications add-ons,
spam management and more.
WordPress
WordPress is a popular blogging software and
powers more than 10% of all websites globally.
Developed by Automattic, WordPress rose to
popularity quickly because of it's up-to-date
development framework, extensive feature set,
flexibility, rapid and multilingual publishing
ability, multi-author support, and thriving
community. Thousands of free and commercial
themes and plugins are available to extend and
personalize WordPress for just about every
situation.
WordPress Hosting versus WordPress Cloud
Hosting
There are many options for hosting WordPress,
including scores of ISPs. Typically if you pay
an ISP more money, you get more hands-on
services, but after WordPress is initially
configured, you may not need these costly
monthly services. Cloud hosting has the many
advantages over traditional ISP hosting
including the efficiency, reliability and
scalability that comes with the shared
resources of cloud operations. In addition,
cloud prices are dropping every few months
and that savings is passed onto cloud
customers.
A major hurdle for WordPress Hosting has been
the difficulty of set up, configuration, and
maintenance. That's where Bitnami can help.
Our one-click images make it incredibly simple
to launch WordPress in the cloud. In minutes
you can have WordPress up-and-running, easily
set the size of your servers, and monitor
monthly costs – all without having to be an IT
professional.
WordPress features include
Rich text and HTML editing
User roles and permissions
Hundreds of themes, many optimized for
mobile users
Thousands of add-ons for ecommerce, SEO,
email, spam filtering, analytics and more
Multi-user and multi-blogging capabilities
Multilingual support
SEO optimized
Plugin architecture and template engine