Sys255 Final Project - ConnorEast/Tech-Journal GitHub Wiki

Device Name: w-assessment β€”-> Usage: Firewall β€”> IPADDR: 10.0.5.2
Device Name: AD-assessment β€”> Usage: Active Directory β€”> IPADDR: 10.0.5.4
Device Name: Clone2 β€”> Usage: Certificate Authority β€”> IPADDR: 10.0.5.71
Device Name: Clone3 β€”> Usage: WebServer β€”-> IPADDR: 10.0.5.72
Device Name: Wks-Assessment β€”> Usage: Workstation β€”> IPADDR: 10.0.5.100

Setting up the basics:

First I added all of the servers to my DNS manager on My AD Server, This can be seen in the image below.
image

Next I downloaded Apache and all of the subsidiaries I needed with the following command on Clone 3:

"yum install -y httpd mariadb-server php php-intl php-mbstring php-xml php-apcu php-curl php-mysqlnd"

After That had completed I started and enabled httpd (webserver) and mariadb (database). I also opened firewall ports 80 (http) and 443(https) as seen in the following images.
image
image

Setting up Virtual Hosting:

From there I then went to "var/www" and created 1 host folde3r with 4 sub folders. The host folder is labeled vhosts. The four subsequent folders are "sys255-ConnorEast.com","sys255-BenjaminPond.com","sys255-KerryAllen.com","sys255-MorganRees.com" as seen in the image below. I also created a html folder in each and an index.php document in each html folder.
image
image

Next I went to "/etc/httpd/conf.d" and created a .conf file for each servername. In each of the .conf documents I inserted the following code:
image

Following that I went to my AD server and added the following to "C:\Windows\System32\Drivers\etc\Hosts"
image

Confirm all of your new pages are set as the owner being apache. I did this with the command "chown apache:apache sys255*.com.conf" && "chown apache:apache sys255*.com".

Deliverable 1: Each individual php site:

image image image image

Creating groups and site accessibility

  • User 1: Name: Samuel ---> Password: Test_AccOunt1 ---> Group ApUnneccessary
  • user 2: Name: Lilly ---> Password: Test_Acc0unt2 ---> Group: ApUnneccessary
  • User 3: Name: Sammy ---> Password: Test_Acc0unt3 ---> Group: ApUnneccessary

Setting up the group management policy:

Setting up a certificate authority for the web server:

On your CA device do the following:

step 1 ---> use the command "sudo yum -y install openssl"; step 2 ---> Create a folder named private in "/etc/pki/CA";
step 3 ---> Inside the folder "/etc/pki/CA" use the command "echo 1000 > serial". This will create a document that can will be used to assign serial #’s to certs.
step 4 ---> Use the command "openssl genrsa -des3 -out -private/cakey.pem":

If this command doesn't work it may be because you do not have a private folder in which to store cakey.pem; if this is the case use the mkdir command to create a "private folder". Using the openssl command generates an RSA private key. Said private key is then encrypted using -des3 and saved to the file named cakey.pem located in the private folder.
image

step 5 ---> Use the command "Openssl req -new -x509 -days 365 -key private/cakey.pem -out cacert.pem"

This command uses the Openssl command to create a new/process certificates. The -new stands for new document. -x509 stands for the specified input needed to view documentation, it should be open for 365 days and should be saved to cacert.pem in connection with cakey.pem.

image

On your Websrv do the following:

Step 1 ---> Use the command β€œopenssl req -newkey rsa:2048 -keyout websrv.key -out websrv.csr”:

This command uses openssl to request a newkey using rsa:2048 for encryption for our websrv.key file. This file should then be saved to a new document called websrv.csr. Once this command has been run you will have to insert the information relevant to the previous cacert.pem file we created.

image
Step 2: Trasfer the websrv.csr file to your CA cert using the following command: "scp websrv.crs [email protected]:~"
image

On your CA server do the following:

Step 1 ---> Transfer the .csr file to your CA folder using "mv ~/websrv.csr /etc/pki/CA"
Step 2 ---> Use the command "openssl ca -out websrv.crt -infiles websrv.csr". *If it gives you an error; confirm you have made a index.txt file. image
Step 3 ---> Transfer the outputted file back to the apache web server/:
image

On the webserver do the following:

Step 1: ---> Transfer the certificate and private key to the respective locations of"/etc/pki/tls/certs" && "/etc/pki/tls/private" as seen in the image below. Then set them to be owned by apache.
image
Step 2: ---> Install the ssl daemon for apache with the command "yum -y install mod_ssl".
Step 3: ---> next use the command "vi /etc/httpd/conf.d/ssl.conf" and locate the SSLCertificationFile and SSLCertificateKeyPath locations. Replace the information as seen in the image below.
image
Step 4: ---> reload httpd after allowing 443 through the linux ports.
Step 5: ---> Go back through all of your ".conf" files and add the following.
image
Step 6: ---> Confirm this has worked by testing your site from your windows server as seen below.
image
image

Connors Website Code

CA-CERT ISSUE // Server Reset mess:

---> https://docs.aws.amazon.com/linux/al2023/ug/disable-option-selinux.html