Apache Lab - AidanP017/Aidan-SYS-255 GitHub Wiki

Overview

In this lab, we were tasked to set up and configure the web01 workstation and join it to the active directory (AD) domain.

How to Initially Setup web01

To initially setup web01, take the following steps:

  • Log in as a root user.
  • Enter the command nmtui.
  • Edit a connection > ens192.
  • Set the IPv4 Configuration to "Manual".
  • Type in the IP addresses and associated netmask under IPv4 Configuration > Addresses.
  • Type in the default gateway under IPv4 Configuration > Gateway.
  • Type in the DNS server(s) under IPv4 Configuration > DNS servers.
  • Type in your domain under IPv4 Configuration > Search domains.
  • At the bottom, select "OK".
  • Select "Back".
  • Select "Set system hostname".
  • Enter the hostname as desired and press the Enter key.
  • Select "Quit" to leave the Manager.
  • Back in the command line, enter the command systemctl restart network to restart the system and apply the above configurations.
  • Enter the command ifconfig to view your updated network information that includes your above configurations.

Next, add a privileged user by taking the following steps:

  • Enter the command useradd "your first name".
  • Enter the command passwd "your first name".
  • Enter the new password for the new user and confirm the password.
  • Enter the command usermod -aG wheel "your first name".
  • Type exit. You should now be able to log in with the new privileged user's credentials.

How to Disable Root Access on web01

To disable root access on web01, take the following steps:

  • Enter the command visudo.
  • Locate where it says "Allows people in group wheel to run all commands".
  • Under where it says "%wheel ALL=(ALL) ALL", enter ""name of new user" ALL=(ALL) ALL" to match similarly to the line above.
  • Press the esc key and type :wq! to save these changes and exit the visudo menu.

To verify these changes, take the following steps:

  • Enter the command su "name of new user".
  • Enter the command sudo ls and enter your new user password.

Now, you will have to edit the SSH configuration file to prevent root access into the server.

  • Type exit to return to the root user.
  • Enter the command vi /etc/ssh/sshd_config.
  • Type the backslash symbol (/) and search for "Permit".
    • This should take you to a line saying "#PermitRootLogin yes".
  • Delete the hash symbol (#) before the above line and type "no" in place of where "yes" is.
  • Press the esc key and type :wq! to save these changes and exit the menu.
  • Restart the ssh service by typing service sshd restart.

Finally, to ensure that root user access has indeed been disabled, take the following steps:

  • Locate the IP address for your network using the command ifconfig and copy it.
  • Enter the command ssh "name of new user"@"IP address".
  • Type yes.
  • Type sudo ls.
  • Enter your user password.
  • Type cd / to return to the main directory.
  • Type sudo ls to view the main directory. If you are able to view it, then the new user was set up correctly.
  • As the root user, enter the command ssh root@"IP address".
  • Type yes.
  • Once you type in the password, the root user should be denied permission and not be able to log in.

How to Install and Configure httpd Through SSH

To install and configure httpd through SSH, take the following steps:

  • Enter the command yum install httpd.
    • This will install the httpd package using yum.
  • Enter the following commands;
    • firewall-cmd --zone=public --add-port=80/tcp --permanent
    • firewall-cmd --zone=public --add-port=443/tcp --permanent
      • These two commands will permanently assign ports 80 and 443 to the firewall.
  • Reload the firewall using the command sudo firewall-cmd --reload.
  • Enable and start httpd.
    • systemctl enable httpd
    • systemctl start httpd
  • Enter the command _firewall-cmd --list-all to verify that the configurations have been made.

How to Change the Default Welcome Page for the Apache Web Server

To change the default welcome page for the Apache web server, take the following steps:

  • Delete the welcome.conf file associated with the welcome page for the server.
    • rm /etc/httpd/conf.d/welcome.conf
  • Restart httpd.
    • systemctl restart httpd
  • Create a new HTML file called index.html within the _/var/www/html/ directory to replace the welcome page for the server.
    • In my case, echo "Welcome to Aidan's Cyber Web Server" > /var/www/html/index.html
  • In a web browser, go to http://"web server name".
    • If all went well, you should be able to see the new welcome page with the message that you configured above.

How to Join web01 to the Domain on AD02

To join web01 to the domain on AD02, take the following steps:

  • Install realmd.
    • sudo yum install -y realmd samba samba-common oddjob oddjob-mkhomedir sssd
  • Join web01 to the domain on AD02.
  • Using the command realm list, you can verify that web01 has been joined to the domain on AD02. web01 should also be visible in the Active Directory Users and Computers settings in Server Manager on AD02.