Lab08 Setup - jacob-dinapoli/tech-journal GitHub Wiki
Step One: web01
Use the command 'nmtui' to configure
Change IP address
10.0.5.4
Change Gateway
10.0.5.2
Change DNS Server
10.0.5.6
Change hostname
web01-jacob
Add Search Domain
jacob.local
Create a named sudo user
useradd jacob
passwd jacob
badpassword123
Add prileges to the user
usermod -aG wheel jacob
Step Two: SSH Security
CentOS and other Redhat based Linux servers ship with SSH turned on. This combined with a known "root" user who is able to attempt login remotely presents a security flaw that must be addressed by the systems administrator before the system is accessible over the internet. The typical solution involves explicitly preventing root from logging in via the sshd_config file.
Disable remote root ssh access within the PermitRootLogin no flag in /etc/ssh/sshd_config file.
use the letter i to INSERT (edit)
Type the command 'vi /etc/ssh/sshd_config'
Change the line '#PermitRootLogin yes' to 'PermitRootLogin no'
restart sshd
systemctl restart
On AD01
Type the commands
ssh jacob@web01-jacob
nslookup 10.0.5.4
ping -c1 champlain.edu
Step Three: Running Apache
Using yum install the httpd package:
Type the following command,
yum install httpd (make sure you are in root mode)
Check the status of your firewall:
firewall-cmd --state
Retrieve your currently active zones. Take a note of the zone within which you wish to open ports 80 and 443:
firewall-cmd --get-active-zones
The port 80 and port 443 ports are listed with Firewalld as http and https services. To temporarily open both ports execute:
firewall-cmd --zone=public --add-service=http
firewall-cmd --zone=public --add-service=https
Open port 80 and port 443 port permanently. Execute the below commands to open both ports permanently, hence, make the settings persistent after reboot:
Check for open ports/services. The services with permanently open ports are listed on line starting with services::
firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: enp0s3
sources:
services: cockpit dhcpv6-client http https ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
On wks browse to web01 by hostname
in the chrome search bar type 'web01-jacob/'
Go ahead and remove the welcome.conf file referenced in the message and add a new file to /var/www/html/ called index.html. Add a welcome message including your hostname. Make sure you restart httpd, after you remove welcome.conf .
type to following command to remove the file
rm /etc/httpd/conf.d/welcome.conf
systemctl restart httpd
use the following command to create the new welcome file
vi /var/www/html/index.html
LEARN HTML
Step Four: PHP
Static content is useful, but today's web applications are powered by dynamic data and rendered via scripting languages such as php. You will need to restart httpd after installing PHP.
Type the following command to install php
yum install php
Restart httpd
systemctl restart httpd
edit the index.php file
vi /var/www/html/index.php
add whatever u want in this file
Step 5: Linux Domain Join
We are currently administering systems using multiple credential stores. Each Linux system has their own local credentials (/etc/passwd and /etc/shadow), while Windows has both local accounts and centralized accounts in the form of active directory. We are going to leverage Windows ADDS to consolidate our future Linux accounts.
Install realmd
The ability to easily join a Linux system to a Windows Active Directory Domain is a huge win for centralized account management and security. We are going to join our web01 server to yourname.local domain.