Manual

Security Downloads

Step by stepPlus:Secure Web serverLATEST NEWS & TIPS

WE SERVERMaintenance and Security Jan. 2012

“HIRE THE BEST AROUND”Purpl

P

op

le

aterse

LINUX Fedora 16 UPDATE NOW!!!Version 3.1.0-7.fc16.x86_64 KDE

W M SS

B

Ericka ArguedasG r a p h i c D e s i g n

FLOW CHART

Review Requirements

Authors: Manny Arao

Ericka Arguedas

Robert Arroyo

Al Fernandez

An all you need to know beginners guide to understanding LINUX FEDORA 16 KDE 64bit WEB SEVER Installation, Maintenance and Security.

Name project

Team name

Assign tasks

Build VM

Install software

Build modules

Testing

Documentation

Publish

Present

1. Fedora Installation

2. Fedora Update

3. Httpd/IP Tables

4. Xinetd

5. Log Check/Log Rotate

6. Tripwire

7. Webmin

8. Workbench

9. Xampp

10. Xampp Update

1 1. Blue Fish

12. Drupal

13. Adding New Users

14. 2 Websites on 1 IP

15. SSL Certificate

16. Software Licensing

17. Resources

TABLE OF CONTENTS

FED

OR

A INSTALLATION

FEDORA is a Linux-based operating system, a suite of software that makes your computer run. You can use the Fedora operating system to replace or to run alongside of other operating systems such as Microsoft Windows™ or Mac OS X™. The Fedora operating system is 100% free of cost for you to enjoy and share.

1. We begin by installing the latest version, which is FEDORA 16.

2. We select the first choice:64-bit version for FEDORA 16 with GUI(Graphic User Interface)

3. When the welcome screen appears, we click the “Forward” button in the right lower corner to continue.

4. This is the License Agreement, read and click “Forward” to proceed.

5. Now we need to create a username and password. Clicking “Forward” to continue.

6. We now have our username and created a fairly strong password (as indicated by the yellow bar on the right) Click “Forward”.

7. Next, we set the date and time and then click “Forward” to continue.

8. On this screen, it asks to submit the profile, select “Do not send hardware because we are using a virtual machine”.

9. We get a confirmation screen, because we are not sending the profile. Click “Finish”.

10. The next screen takes us to the FEDORA 16 login screen, where we enter the username and password.

11. FEDORA has now started and we are ready to begin the update process.

FED

OR

A U

PDA

TEINSTALLATION

Live Media can’t be used to upgradeFedora installations. Instead, you canupgrade Fedora right from your desktop. Do this by using Pre-upgrade - it will install the packages you need and upgrade your version of Fedora.

1. We want to ensure that we have the latest updates, so we will begin the process by starting a terminal window and typing: “su” to gain root privileges. From there, we can YUM install it bytyping “yum update” and clicking “Enter”.

yum it

2. Now we are ready to begin the install process. It will ask if us if we want to download it?Select “y” for yes and click “Enter”

y

3. The process will begin, it might take a few minutes depending on connection speed.

4. Now it will begin the update process. Again, it might take a few minutes.

5. When the update is successful, we will get a message that says “Complete!”

HTT

PD I

PTA

BLES

6. Now we select the latest update version Fedora (3.1.6-1.fc16.x86_64) and the log in screen will come up.

HTT

PD I

PTA

BLES HTTPD stands for Hypertext Transfer Proto-

col Daemon (i.e. web server), a software program that runs in the background of a Web server and waits for incoming server requests. The daemon answers the requests automatically and serves the hypertext and multimedia documents over the Internet using HTTP.

IPTABLES is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. Several different ta-bles may be defined. Each table con-tains a number of built-in chains and may also contain user-defined chains.

Each chain is a list of rules which can match a set of packets. Each rule speci-fies what to do with a packet that match-es. This is called a `target’, which may be a jump to a user-defined chain in the same table.

INSTALLATION

1. We begin by opening a terminal and using YUM, syntax: “yum install httpd”, click “Enter”

yum it

2. Installing package httpd.x86.64 0:2.2.21 - 1.fc16 It will ask if we want to download, and we select “y” for yes, then click “Enter”

y

3. When the update is successful, we will get a message that says: “Complete!” Package has been installed!

4. Verify that HTTPD has been installed by typing:httpd -v. Then click “Enter”Apache/2.2.21 (Unix) Sep 13 2011 12:26:57

http-v

XIN

ETD1. Open terminal and type:

“yum install iptables” Looks like IPTABLES is already installed!

XIN

ETD INSTALLATION

XINETD starts programs that provide internet services that it based on TCP/IP services. Instead of having all such servers started at system initialization time and be dormant until a connec-tion request arrives, xinetd is the only daemon process started and it listens on all service ports for the services listed in its configuration file. When a request comes in, xinetd starts the appropriate server. Because of the way it operates, xinetd (as well as inetd) is also referred to as a super-server.

Installing package xinetd.x86_64 2:2.3.14-37.fc16Installed on 1/4/2011

1. Open terminal and type: “yum install xinetd”Then, click “Enter”

2. Installing XINETD packageIt will ask if we want to download, select “y” for yes.Then, click “Enter”

y

LOG

ROTA

TE

LOG

CH

ECK

3. Installation complete!

LOG

ROTA

TE

LOG

CH

ECK

INSTALLATION

LOGCHECK parses system logs and generates email reports based on anomalies. Anoma-lies can be defined by users with ‘violations’ files. It differentiates between ‘Active System Attacks’, ‘Security Violations’, and ‘Unusu-al Activity’, and is smart enough to remember where in the log it stopped processing to improve efficiency. It can also warn when log files shrink, and does not re-port errors when they are rotated.

LOGROTATE is designed to ease administration of systems that generate large numbers of log files. It allows automatic rotation, compression, removal, and mail-ing of log files. Each log file may be handled daily, weekly, month-ly, or when it grows too large.

1. We begin by opening a terminal and typing: “yum install logrotate”, then click “Enter”

yum it

2. Looks like LOGROTATE is already installed!

3. Open a new terminal and type: “yum install logcheck”, then click “Enter”

yum it

4. Installing LOGCHECK packagesIt will ask if we want to download, select “y” for yes.Click “Enter”

y

TRIP

WIR

E

5. Installation complete!

TRIP

WIR

E INSTALLATION

TRIPWIRE is an intrusion detection system (IDS), which, constantly and automatically, keeps your critical system files and reports under control if they have been destroyed or modified by a cracker (or by mistake). It allows the system administrator to know immediately what was compro-mised and fix it.

The first time Tripwire is run it stores checksums, exact sizes and other data of all the selected files in a database. The successive runs check whether every file still matches the information in the database and report all changes.

1. Open a new terminal and install TRIPWIRE using the YUM command, syntax: “yum install tripwire”, then click “Enter”

yum it

2. Installing TRIPWIRE package.It will ask if we want to download, select “y” for yes.Click “Enter”

y

3. TRIPWIRE packages are being installed now.

4. Installation complete!

WEB

MIN

INSTALLATION

WEBMIN is a web-based interface for system administration for Unix. Using any browser that supports tables and forms (and Java for the File Manager module), you can setup user accounts, Apache, DNS, file sharing and so on.

Webmin consists of a simple web serv-er, and a number of CGI programs which directly update system files like /etc/inetd.conf and /etc/passwd. The web server and all CGI programs are written in Perl version 5, and use no non-standard Perl modules.

1. Install WEBMIN using RPM. (Red Hat Package Manager) You can download the latest WEBMIN version at http://webmin.com/download.html

2. Once we are done downloading the file, double click it.

3. Type in the root password to authorize the install.

4. Type password and check the remember authori-zation box. Click “OK” to continue.

5. It will then ask you if you want to proceed with the installation. Click “Yes” to allow it.

6. Once all the packages are installed,click “Continue”

7. Enter the username and password. Click “Login”

8. You will then be logged into WEBMIN

9. WEBMIN platform

WO

RKBE

NC

H INSTALLATION

MySQL WORKBENCH simplifies database design and maintenance, automates time-consuming and error-prone tasks, and improves communication among DBA and developer teams. It enables data architects to visualize requirements, communicate with stakeholders, and re-solve design issues before a major invest-ment of time and resources is made. It enables model-driven database design, which is the most efficient methodology for creating valid and well-performing databases, while providing the flexibility to respond to evolving business require-ments. Model and Schema Validation utilities enforce best practice standards for data modeling, also enforce MySQL-specific physical design standards so no mistakes are made when building new ER diagrams or generating physical MySQL databases.

1. Install WORKBENCH using GUI.You can download the latest WORKBENCH version at http://dev.mysql.com/downloads/workbench/

2. Go to Start button, then Applications, select Utilities

3. Go to Administration

4. Click Software Management.

5. Select Applications.

6. A search box will open up.

7. Type “workbench” and scan through packages.

8. Select mysql-workbench - A MySQL Visual data-base modeling and query 5.2.36-4fc16 (or latest ver-sion) Then, click “Install” and “Apply” to continue.

9. A new box showing us the different packages to be install will appear. Click “Continue”

10. Let the installation begin.

11. Let the installation continue on.

12. The following screen box will appear letting us know that the application was installed and asking us if we want to launch it at this time by clicking on its icon. Click “Close” instead.

13. A list of the software installed will show up once again under Applications. We will see mysql-work-bench - A MySQL Visual database modeling and query 5.2.36-4fc16 (or latest version) installed and checked by a green arrow.

XA

MPP

INSTALLATION

XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. XAMPP is really very easy to install and to use - just download, extract and start.

XAMPP for Linux

The distribution for Linux systems (test-ed for SuSE, RedHat, Mandrake and Debian) contains: Apache, MySQL, PHP & PEAR, Perl, ProFTPD, phpMy-Admin, OpenSSL, GD, Freetype2, lib-jpeg, libpng, gdbm, zlib, expat, Sa-blotron, libxml, Ming, Webalizer, pdf class, ncurses, mod_perl, FreeTDS, gettext, mcrypt, mhash, eAccelera-tor, SQLite and IMAP C-Client.

1. We installed XAMPP using a tar.gz file.(single archive file containing many files)Make sure you “stop” the previous Apache(httpd) installation before initiating this one, since it creates conflict because Apache is part of the Xampp package. (service httpd stop, /etc/init.d/httpd stop, apa-

chectl -k stop or apachectl -k graceful)

Tar file installation:pwdcd /home/purpleteam/Downloadslscp xampp-linux-1.7.7.tar.gzcp xampp-linux-1.7.7.tar.gz /optxampp-linux-1.7.7.tar.gzcd /optlstar xvfz xampp-linux -1.7.7.tar.gz -C opt

Location: cd /opt/lampp/ in the terminal then “ls” to list folders within directory.

2. Type: ./ lampp start and click “Enter” to start Lampp.

3. We encounter an error due to that we installed Fedora KDE 64 bit version.It is asking us to download a 32 bit compatibility li-brary to fix the issue.

4. Type the following: yum install glibc.i686 libgcc.i686 libstdc++.i686 Click “Enter”

yum it

5. Installing XAMPP package! It will ask if we want to download, and we select “y” for yes, then click “Enter”

y

6. Installation complete!

7. Download process of the original tar file continues.

8. Open a new terminal and go to the directory where LAMPP is located by typing: cd /opt/lamppThen, type: ./lampp start to start it up.

9. LAMPP starting process will be displayed as above.

XA

MPP

UPD

ATE INSTALLATION

With a NEW XAMPP version, there is normally an upgrade package too. Additionally, we have sometimes small patches between the releases.

An upgrade is always problematically and there can be errors in the upgrade process. Because of this, you should al-ways make a backup from your XAMPP folder before you upgrade it.

We are trying to adjust your configuration files during the upgrade progress, if nec-essary. Especially if a new XAMPP have a lot of changes compared to the old one, we are providing no upgrade package for security reasons. Sorry.

As with the add-ons, install the upgrade directly into the XAMPP directory (e.g. “C:\xampp”). And you must also start the setup script “setup_xampp.bat”.

1. We installed XAMPP using YUM.Type: cd /opt/lampp/ in the terminal, then “ls” to list folders within directory.

2. Start LAMPP by typing: ./lampp start Once again, we encounter an error due to that we installed Fedora KDE 64 bit version.It is asking us to download a 32 bit compatibility li-brary to fix the issue. Type yum install glibc.i686 lib-gcc.i686 libstdc++.i686 to fix the issue. We will receive a notice asking us to stop the run-ning process or pid 1833 to allow the packages to be installed.

3. Next, type “kill 1833” and click “Enter”Type: yum install glibc.i686 libgcc.i686 libstdc++.i686 and click “Enter” to set up the installing process.

4. Next, It will ask if we want to download, and we se-lect “y” for yes, then click “Enter”

y

5. Installing XAMPP update package!

6. Installation complete!

7. Start LAMPP by typing: ./lampp start in terminal.

INSTALLATION

BLU

E FI

SH

BLUEFISH is a powerful editor targeted towards programmers and webdevel-opers, with many options to write web-sites, scripts and programming code. Bluefish supports many programming and markup languages. See features for an extensive overview, take a look at the screenshots, or download it right away. Bluefish is an open source de-velopment project, released under the GNU GPL licence.

Bluefish is a multi-platform application that runs on most desktop operating sys-tems including Linux, FreeBSD, MacOS-X, Windows, OpenBSD and Solaris..

1. Open a new terminal and go to: root@localhost/sbin and type: “yum install bluefish”. Click “Enter”

This begins the installation process for bluefish.x86_64 version 2.0.3.5.fc16

yum it

2. Type “y” and “Enter” to begin the installation of Bluefish RPM files.

y

3. BLUEFISH packages installed.

4. Installation Complete!

DRU

PAL

DRU

PAL INSTALLATION

DRUPAL is open source software maintained and developed by a community of 630,000+ users and developers. It’s distributed under the terms of the GNU General Pub-lic License (or “GPL”), which means anyone is free to download it and share it with others. This open devel-opment model means that people are constantly working to make sure Drupal is a cutting-edge platform that supports the latest technologies that the Web has to offer. The Dru-pal project’s principles encourage modularity, standards, collaboration, ease-of-use, and more.

1. We downloaded DRUPAL manually using a tar file.(single archive file containing many files) We used the search engine to find the latest version of Drupal for Linux.

We downloaded the latest version of drupal.7.10.gz in root@localhost/purpleteam/Downloads

Next, type the following in the command line:tar -xzvf drupal-7.10.tar.gz -C /opt/lampp/htdocs

2. Installing DRUPAL 7.10

AD

DIN

G N

EW U

SERS

INSTALLATION

FEDORA 16 adding a new user is a breeze when using the Fedora GUI configuration or terminal.

On the first part of this section,follow the beginning 10 steps to add a new user though GUI. On the a second part, you learn the steps to adding a new user through the command line.

1. Open the “Start menu” at the bottom left corner.

2. Go to “Applications” to open up the menu.

3. Click on “Authentication” at the top of the menu.

4. Type the “Password” in the box and click “OK”.

5. Click on the username configuration choice to continue.

6. The following screen will appear.

7. Add the correct information and password confir-mation and click “OK” to continue the process.

8. Click on the administrative user choice to continue.

9. Click “OK” to confirm the User Properties.

10. This screen will allow you choices. In this case, click on “root” and “OK” to continue.

1. You can also ADD USERS through the terminal by typing: sudo useradd -c “Firstname Lastname” NameClick “Enter”

sudo

2. Enter the root password and click “Enter”

3. The user manager screen will come up and theusername and id should have been added it to the list.

2 W

EBSI

TES

ON

1 IP

INSTALLATION

2 WEBSITES ON 1 IP follow along and learn how it is done!

1. Go to terminal and acess root by typing: “su” and password. Then type: mkdir -p /var/www/purpleteam Click “Enter” to create an user in the directory.

2. Next type: mkdir -p /var/www/purplepeopleClick “Enter” to create another user in the directory.

3. Next type:

cd /etc/httpd/conf then, “Enter”ls

Click “Enter” to access and list your current directory.

4. Next type the following to find the right direc-tory, list it, make a back up file, list the back up file and enter vi:

cd /etc/httpd/conflscp httpd.conf httpd.conf.baklsvi httpd.conf

Click “Enter”

5. Read the configuration and instruction files.

6. Closely read section 3: Virtual Hosts and find the documentation details at: <URL:httpd://httpd.apache.org/docs/2.2/vhosts/>

Use the command line option ‘-s’ to verify your virtual host configuration.

7. Write the following syntax to set up the names for the 2 sites allowing us to host them on 1 IP.Save it and exit vi by clicking “ESC” and typing “wq” or “zz” then “Enter” to go back to command mode

:wq

8. Type cd /etc/ and “Enter” to list the programs in the current directory.

9. The following will be listed.

10. Next type: cp hosts hosts.bak to create a back up file. Then type: vi hosts and “Enter”

11. The following will be listed.

SSL

CER

TIFI

CA

TE

INSTALLATION

SSL CERTIFICATE follow along and learn how it gets done.

1. Open new terminal and type: openssl genrsa -des3 -out server .key 1024 Click “Enter” to generate private key

2. Open new terminal and type: openssl req -new -key server .key -out server.csrNext, enter pass phraseand read about what you need to enter next:Some fields can be left blank by typing: ‘.’Country:State:City: Company:Name:Email:And so on...

3. Open new terminal and type: openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crtThis will sign and create the signature.Next, enter pass phrase and it will be done!Test it by typing: localhost https://localhost/ in adresse bar.

Name: FEDORA 16 KDE 64 bitVersion: Fedora -16-i686-Live-Desktop.isoLicense: Red Hat under a Creative Commons Attribution–Share Alike 3.0 Un-ported license (“CC-BY-SA”).... Using The KNetworkManager Applet in KDE Date: 01/04/2012Method: GUILink: http://mirror.metrocast.netUpdate: yesName: HTTPDVersion: httpd.x86_64 0:2.2.21-1.fc16License: GNU General Public LicenseDate: 01/04/2012Method: YUMLink: http://apache.orgUpdate: noName: IP TABLESVersion: Iptables-1.4.12-2.fc16.x86_64License: GNU General Public LicenseDate: 01/04/2012Method: YUMLink: Already installed in Fedora 16Update: noName: LOGROTATEVersion: logrotate-3.8.0-3.fc16.x86_64License: GNU General Public LicenseDate: 01/04/2012Method: YUMLink: hthttp://sourceforge.net/projects/logrotate/Update: noName: LOGCHECKVersion: logcheck.noarch 0:1.3.14-4.fc16License: GNU General Public LicenseDate: 01/04/2012Method: YUMLink: http://sourceforge.net/projects/logcheck/Update: noName: TRIPWIREVersion: tripwire .x86_64 0:2.4.1.2-11.FC12License: GNU General Public License

SOFTWARE LICENSING

SOFTWARE LICENSINGDate: 01/04/2012Method: YUMLink: http://sourceforge.net/tripwire/Update: noName: WEBMINVersion: webmin-1.570-1.noarch.rpmLicense: BSD LicenseDate: 01/04/2012Method: YUMLink: http://sourceforge.net/tripwire/Update: noName: WORKBENCHVersion: Fedora version.15 (x86,64bit), RPM PackageLicense: Open source GPL LicenseDate: 01/04/2012Method: GUILink: http://dev.mysql.com/downloads/workbench/Update: noName: XAMPPVersion: xampp-linux-1.7.7.tar.gzLicense: GNU General Public LicenseDate: 01/04/2012Method: TAR FILELink: www.apachefriends.org/en/xampp-linux.htmlUpdate: yesName: BLUEFISHVersion: bluefish.x86_64 version 2.0.3.5.fc16License: GNU GPL LicenseDate: 01/04/2012Method: YUMLink: bluefish.openoffice.nl/index.htmlUpdate: yesName: DRUPALVersion: Drupal-7.10.tar.gzLicense: Creative Commons License, Attribbution-ShareAlike2.0Date: 01/04/2012Method: TAR FILELink: www.drupal.orgUpdate: no

http://www.linuxjournal.com/article/8758

http://fedoraproject.org/

http://www.linuxforums.org/forum/linux-tutorials-howtos-reference-mate-

rial/5022-linux-directory-structure-overview.html

http://www.yolinux.com/TUTORIALS/unix_for_dos_users.html

http://acs.ucsd.edu/info/vi_tutorial.shtml

http://linuxcommand.org/writing_shell_scripts.php

http://www.gnu.org/licenses/gpl.html

http://creativecommons.org/licenses/

http://en.wikipedia.org/wiki/Virtual_machine

http://www.webmin.com/

http://www.mysql.com/products/workbench/design/

http://www.apachefriends.org/en/xampp-windows.html#1175

http://linuxcommand.org/man_pages/logrotate8.html

http://www.debianhelp.co.uk/logcheck.htm

http://www.xinetd.org/faq.html

http://www.linuxhelp.net/guides/cron/

http://linuxers.org/howto/howto-use-logrotate-manage-log-files http://

logcheck.org/

http://www.tripwire.org/

http://en.wikipedia.org/wiki/Sudo

http://www.sudo.ws/sudo/sudo.man.html

http://en.wikipedia.org/wiki/List_of_router_or_firewall_distributions

http://www.puschitz.com/FirewallAndRouters.shtml

http://www.snort.org/

http://www.yolinux.com/TUTORIALS/LinuxSecurityTools.html

https://modules.apache.org/

http://bluefish.openoffice.nl/index.html

http://devzone.zend.com/6/php-101-php-for-the-absolute-beginner/

http://drupal.org/

RESOURCES

RESOURCES

Ericka ArguedasG r a p h i c D e s i g n

Ericka ArguedasG r a p h i c D e s i g n