Apache Lab - Hsanokklis/2023-2024-Tech-journal GitHub Wiki

Objectives:

  • Setup web01
  • Install httpd
  • Configure httpd
  • Join web01 to AD domain

web01

  • IP: 10.0.5.4
  • Hostname: web01-hannelore
  • Named sudo user

Pre-Lab Stuff

MAKE SURE ITS CONNECTED TO LAN

Make sure DHCP is active and running

image

SSH Security

image

Disable remote root ssh access within the PermitRootLogin no flag in /etc/ssh/sshd_config file.

use the command sudo nano /etc/ssh/sshd_config

image

image

changed PermitRootLogin flag to no

Ctrl + O writes the file

Ctrl + X to escape from nano

Restart sshd

use commands:

  • systemctl restart sshd
  • systemctl status sshd

image

add user hannelore and make a password

useradd hannelore

passwd hannelore

I also changed the root password to 4Hannelore

change the hostname and IP in nmtui

image

image

Configure the IP settings in nmtui

The IP address of a server should not change (thus we configure the IP settings manually instead of with DHCP)

Make sure to reboot the system so the settings get applied with the command reboot

Make sure that the netmask is /24

image

image

TROUBLESHOOTING: My network settings were not applying, turns out I was manually putting in IP address, but it was still configured to "automatic" configuration so DHCP was still assigning it an addresses which overrode my manual configuration

This command disconnects the ens192 connection ---> ifdown ens192 and ifup ens192 image

Add web01-hannelore to DNS manager

image

image

** SSH to web01-hannelore**

image

Deliverable 1. Using PuTTY or SSH from AD02 to Web01, provide a screenshot that shows the following:

  • Your console login as a named sudo user and your elevation to root. The hostname should already be set. This implies that wks01 has network connectivity, you have downloaded PuTTY (you may need to work your way around the DHCP outage), and that you have properly configured DNS for web01.

  • nslookup to 10.0.5.4, grepping the hostname to target results.

  • ping to champlain.edu, grepping the string ‘packet’ to target results.

TROUBLESHOOTING: The user hannelore was not in the sudo group so I could not sudo the command.

To fix this I did the command usermod -aG wheel hannelore signed in as root to make hannelore part of the sudoers group

image

image

Running Apache

Using yum, install the httpd package.

image

image

The installed package

Add ports 80/tcp & 443/tcp or HTTP and HTTPS defined services to your firewall permanently.

I used this for reference: firewall-cmd --zone=public --add-port=25/tcp --permanent

https://www.tutorialspoint.com/how-to-add-user-to-sudoers-amp-add-user-to-sudo-group-on-centos-7

image

successful addition of ports 80 and 443

Deliverable 2. Provide the output of firewall-cmd --list-all

image

use systemctl to enable and start httpd

image

Deliverable 3. Provide a screenshot showing wks browsing to web01 by hostname

I had to type in http://web01-hannelore to get it to search

image

Look at the admin message on the webpage

image

remove the welcome.conf file

Path ---> /etc/httpd/conf.d/welcome.conf

When I typed in the path on its own from the home directory it gave me a message saying "permission denied". This is because I don't have execute permissions for the "welcome.conf" file since its not an executable file.

image

When the console prompts "remove regular file "welcome.conf" I had to type in yes to get the file to be actually deleted

add a new file to /var/www/html/ called index.html

This is where I will be making a webpage!

image

image

SIDE QUEST:

Instead of uploading the image I wanted in my webpage to my or something to be able to get the source addresses, the steps below added the image to the html directory so that I could just use the image path in my html instead.

image

In windows powershell (on my wks02-hannelore box) I typed in these commands

image

image

image

image

image

~setencforce 0` turns off SE Linux so that we could view the file (this technically made the box less secure since SE Linux is a security feature, but funny.

Deliverable 4. Provide a screenshot similar to the one below, displaying VM name and browse by hostname.

image

PHP

image

**Install PHP on web01-hannelore with command yum install -y php

image

Deliverable 5. You can either use & modify the script shown below, or develop your own. Provide a screenshot showing both the PHP code and how it is rendered similar to the screenshot below. Make sure you access this site by hostname.

Make the index.php file in html directory

image

Write the specified php code in nano

image

TROUBLESHOOTING: The code was not executing in the web browser.

  • I just can't read and I needed to restart the httpd

image

image

Linux Domain Join

We are currently administering systems using multiple credential stores. Each Linux system has their own Local credentials (/etc/passwd and /etc/shadow), while Windows has both Local accounts and centralized AD domain accounts. We are going to leverage Windows ADDS to consolidate our future Linux accounts.

Install realmd

image

sudo yum install -y realmd samba samba-common oddjob oddjob-mkhomedir sssd

image

Join the domain

image

realm join [email protected] yourdomain.local realm list

image

realm list

image

Logout and login again as an AD Domain Named user

Deliverable 6. Provide a screenshot showing a domain login via PuTTY or SSH to web01. Issue the id, whoami and pwd commands.

image

Deliverable 7. The realm join operation should add web01 to Active Directory Users and Computers on the Domain Controller. Provide a screenshot similar to the one below:

image

Deliverable 8. Provide a URL to a tech log entry on the Linux Domain Join.

Provide a URL to a tech log entry on Apache installation and firewall-cmd configuration.