Serial RHEL 5 22eda90c23f9e5a9 Apachee Web Server Prot 80 #yum install y httpd #vi /etc/httpd/conf/httpd.

conf /find #VirtualHost #7yy > come in the end of file and press p for paste new 7 lines in last remove # sign and make chages are in bold. <VirtualHost *:80> ServerAdmin [email protected] DocumentRoot /home/asif ServerName sagekoochee.com ErrorLog logs/Sagekoochee.com.error.log CustomLog logs/sagekoochee.com.access.log common </VirtualHost> Go few lines up #NameVirtualHost *:80 remove #

Go Few Lines up Find /DocumentRoot /var/www/html change /home/asif Chkconfig 5 httpd on Service httpd restart Chmod R 755 /home/asif

Operating System: CentOs 4.2 Contents Introduction Installing Apache HTTP Web Server Installing mod_ssl for Secure Sockets Layer (SSL) Support Installing PHP for Dynamic Web Pages Setting Apache to Start on Bootup with chkconfig Configuring Apache Server Settings (httpd.conf) Creating the Web Site Directory Structure Creating VirtualHost Configuration Files Starting Apache and Viewing the Web Site Other Things to Know for Using Apache

yum install httpd Installing mod_ssl for Secure Sockets Layer (SSL) Support yum install mod_ssl

Installing PHP for Dynamic Web Pages

yum install php* chkconfig --level 235 httpd on chkconfig --list httpd cd /etc/httpd/conf cp httpd.conf httpd.conf.old nano httpd.conf I will make the assumption that you have a single WAN based IP address. For this example I'm using 192.168.1.210 with a hostname of node2.centos (yes, it's a LAN IP but pretend it's WAN). You can use your IP or hostname from /etc/hosts, but I suggest using your hostname because if you ever change IP's all you have to do is update /etc/hosts with the new address. If you do use an IP then you'll have to change all instances of it in httpd.conf. If you don't know what your IP address is or never set up /etc/hosts, you can find your address by using ifconfig (look at the number to the right of 'inet addr:'). We'll start with opening httpd.conf in the nano text editor, but before that you should make a copy of your existing httpd.conf file. If you encounter any problems you'll still have the original to fall back to.

http://www.howconfig.com/linux/setting-upsquid-proxy-server-on-rhel-5-centos-5-linux/ Setting up Squid Proxy server on RHEL 5 / CentOS 5 linux Proxy is one of the major component of adding security to the network. It also acts as a Gateway that receives the request from the clients and then validates it, when it is fine it forwards it to the destination server. Squid is one of the most popular Open Source Proxy server and a Web Cache Daemon. It has the wide variety of features from: 1. Speeding up a web server by caching repeated requests. 2. Caching Web, DNS, and other lookups. 3. Controlling bandwidth, Access controlling, etc. This article explains how to setup Squid Proxy server in your RHEL 5 / CentOS 5 in a easy stepby-step procedure. Requirements: 1. Active Internet Connection via any means. 2. Super user or root access. Procedure: Step 1: To install Squid Proxy Server on your RHEL / CentOS 5, run the following command: # yum install squid Step 2: Adding Squid to system start up (program starts when system boots up). # chkconfig --level 35 squid on

Numbers 3 and 5 indicates the run-levels of Squid. 3 indicates text mode and 5 indicates GUI mode. Step 3: Now to start the Squid Service: # service squid start Step 4: To open the squid configuration file # vi /etc/squid/squid.conf If you see this error on the log file: WARNING: Could not determine this machines public hostname. Please configure one or set visible_hostname . This needs to be changed, and do something like this: visible_hostname yourhost Step 5: Defining Access Control Lists (ACL) Access Control Lists are used for purposes like: 1. restrict usages 2. limit web access for host(s). 3. To allow your network to use internet ACL Syntax: acl aclname acltype value aclname = rulename (something like personalnetwork ) acltype = type of acl like : src, dst (src:source ip | dst:destination ip) value = this could be ip address, networks, URLs , etc. Example: This example will allow the localhost to access the internet.

acl localhost src 127.0.0.1/40 http_access allow localhost Step 6: Allowing a particular network ip range to access internet Find these lines in squid.conf file: # http_access allow localhost # http_access deny all Replace the above two lines like this: # acl personalnetwork src 10.10.1.0/24 # http_access allow localhost # http_access allow personalnetwork # http_access deny all Step 7: Restart your Squid server # service squid restart Note: if you encounter some error for using /24 change it to /255.255.255.0 and now restart your squid server Step 8: Blocking Internet access for a particular IP address # acl block_it src 10.10.1.20 # http_access deny block_it # acl personalnetwork src 10.10.1.0/24 # http access allow personalnetwork The above acl will block internet access only for 10.10.1.20 and the rest will have access. Step 9: Restricting internet access by time or Working hours acl personalnetwork src 10.10.1.0/24 # acl working_hours time M T W H F 13:0017:00 # acl block_it src 10.10.1.20 # http_access deny block_it # http_access allow personalnetwork working_hours Step 10: Block particular URL # acl block_website dst www.facebook.com # http_access deny block_website Step 11: Blocking a domain and its subdomains # acl blocked_domain dstdomain .google.com # http_access deny blocked_domain Step 12: Blocking a list of websites using a text file We need to create a text file with a list of sites to be blocked and to give read permissions for this file, run the below commands in terminal # touch /etc/squid/black_list.txt # chmod 444 /etc/squid/black_list.txt

# vi /etc/squid/black_list.txt Enter the url of the websites need to be blocked like this www.xxx.com www.yyy.com Now create a create rules in ACL by opening the config file and type the below rules # acl black_list url_regex "/etc/squid/black_list.txt" # http_access deny black_list Also you can block URLs containing specific words like this: # acl prevent_word url_regex sex # http_access deny prevent_word Case sensitive words can also be blocked like this -i sex Step 13: Block types of files for download # acl block_type url_regex .*\.exe$ # http_access deny block_type # acl block_type dstdom_regex \.br$ # http_access deny block_type Step 14: Prompting Username and Password from clients # htpasswd -c /etc/squid/squid_pass your_username When it prompts for the password enter a new password that you would like to authenticate. Now set permissions for this file # chmod o+r /etc/squid/squid_pass Now open the config file and add these lines # auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_pass # acl ncsa_user proxy_auth REQUIRED # http_access allow ncsa_user We hope that this article has enlightened you how to configure Squid Proxy server in your network running Linux Servers. How to Configure Delay Pools or Bandwidth Control in Squid Server How to Write Delay Pool Script in Squid In this scenario we are going to creat 3 pools 128kbp 256kbps Unlimited for Admin

Acl 128kbps 192.168.0.200/32

Acl 256kbps 192.168.0.201/32 Acl admin 192.168.0.205/32 You just creat the ACL Named net, net2, net3 delay_pools 3 delay_class 1 2 delay_access 1 deny admin delay_access 1 deny 256kbps delay_access 1 allow 128kbps delay_parameters 1 -1/-1 16000/16000 delay_class 2 2 delay_access 2 deny admin delay_access 2 allow 256kbps delay_parameters 2 -1/-1 32000/32000 delay_class 3 2 delay_access 3 allow admin delay_parameters 3 -1/-1 -1/-1 Enjoy the best delay pool setting by linuxmall if you have any further question about delay pool setting contact us we will appreciate you.

Thanks, Linuxmall Team Block the List of Website acl download url_regex -i "/etc/squid/download" http_access deny download Make a File named "download" in squid directory and write the name of websites which you want to block i.e. www.hotmail.com www.yahoo.com www.gmail.com www.cnn.com www.bbc.com www.mail.yahoo.com

Configuring VSFTPD in CentOS 6.0 vsftpd stands for Very Secure File Transfer Protocol Daemon and it is an popular and well known FTP server for Unix-like (Linux) Operating system. It is Licensed under GNU General Public License. In this tutorial we cover how to configure vsftpd FTP server on CentOS 6.0. Assumptions: We assume that you are using CentOS 6 (Linux operating system based on RedHat Distribution). And using vsftpd version 2.2.2 Your system is connected to Internet via any means.Step-by-Step Procedure: Step 1: Open Terminal in your CentOS. Step 2: Gain the root access by executing the following command: su -root Step 3: After gaining the root access, now run the following command in the root shell: yum install vsftpd

Step 4: The above command will download the vsftpd from the CentOS repository and will be installed automatically.

Step 5: Once the installation is completed, a default configuration file will be placed in following directory /etc/vsftpd/ .

Step 6: Now navigate to the following directory using the cd command in terminal:

cd /etc/vsftpd/

Step 7: We need to make some changes in the config file present in this directory.

Use any of your favorite text editor to edit this file, here we are using gedit text editor. gedit config & or if you wish use vi config .

Step 8: In this file comment/add or uncomment the following and leave the rest as is. anonymous_enable=NO This is set to YES by default.

local_enable=YES This is set to NO by default and change when you want the local users to have ftp access. xferlog_enable=Yes This is set to NO by default. Your logs will be written to /var/log/xferlog.

Common Errors:

Most of the Linux systems have SELinux (Security Enhanced Linux) is a linux feature installed by default and enabled in order to enhance the security of a Linux system and this throws an error when the installer does not take care of the SELinux policys. The Error is as follows: 500 OOPS: cannot change directory:/home/someuser

Need not panic, this can be fixed by either disabling the SELinux or Setting the SELinux boolean option.

Solution 1: Disabling SELinux.

Step 1: Open the linux terminal and edit the following file:

vi /etc/selinux/config

Step 2: Now change the value of SELINUX = enabled to disabled and save the file.

Solution 2: Tuning SELinux for ftp access.

Open the linux terminal and run the following commands in terminal (you may

need to execute these commands as a super user).

getsebool -a | grep ftp

This will list a group of ftp Boolean options, the value of ftp_home_dir will be set off by default and we need to set it on by using the following command.

setsebool -P ftp_home_dir on

Execution of the above command may take some time to be completed, a minute or two and please wait until you get back the prompt. To check back whether it is set on check using the former command (getsebool).

Configuring VSFTPD for local and virtual users access

The virtual users home folders will be under /var/ftp/ and we need root access to do access this directory.

Step 1: Run the following command in terminal: yum install db4-utils

Step 2: Create the virtual users as a simple text file in the /etc/vsftpd/ directory with

username of virtual users and their respective password on the next line and save this file with name user1_list (use any of your favorite text editor). Eg:user1 password1 admin password2

Step 3: Now make sure you are in the /etc/vsftpd/ directory and run the following:

mkdir user1 cp user1_list user1/ db_load -T -t hash /etc/vsftpd/user1/user1_list /etc/vsftpd/user1/user1_db.db

A hashed DB file of the user1_list is created named user1_db.db. Note that the file has a .db extension and this is necessary.

Step 4: You need to append to the file /etc/pam.d/vsftpd the following contents and follow the below commands to perform it.

cd /etc/pam.d/ vim vsftpd

Now add the following 2 lines to the file as it is:

auth

sufficient pam_userdb.so db=/etc/vsftpd/user1/user1_db

account sufficient pam_userdb.so db=/etc/vsftpd/user1/user1_db

Step 5: Append Options to /etc/vsftpd/vsftpd.conf file from following:

guest_enable=YES # activate the virtual users virtual_use_local_privs=YES # virtual users have local priveleges user_sub_token=$USER local_root=/var/ftp/user1/$USER # specifies a home directory for each virtual user chroot_local_user=YES # Restricting the user to the FTP area and HOME dir's only

Step 6: Create the Virtual User Folders

cd /var/ftp mkdir user1 mkdir user1/user1 mkdir user1/user2 chown -R ftp:ftp /etc/ftp/user1/

Step 7: For local users, do the following cd /var/ftp/user1/ mkdir yourlocaluser

chown ftp:ftp yourlocaluser ln -s /var/ftp/user1/yourlocaluser /home/yourlocaluser/ftphome

Step 8: Testing the server

service vsftpd start

(or) service vsftpd restart

Step 9: From another machine in the network connect to this server either using a GUI client or CLI client. Its simple right.

Step 10: If you want the ftp service to run automatically whenever your computer boots then just type the command given below.

chkconfig vsftpd on

You can stop the service from running automatically by replacing on with off.

That is all about the FTP using VSFTPD package.

Port forwarding Or Setting up the Router with Port Mapping

There is one last crucial step before any of this can work. Your router must be modified to allow incoming connections to the services you just established. Using a web browser on your office network, enter the IP address of your routers control panel. (This is usually something like 192.168.1.1.) You want to configure port forwarding, also called port mapping. On the Linksys WRT54GS router, this is the first tab underApplications and Gaming. Set your router to forward ports 20, 21, 22, 5801, and 5901 for TCP and UDP traffic, for any application, to the IP address assigned to the Linux computer inside your network. (This address is probably something like 192.168.1.6.) Ports 20 and 21 are for FTP, port 22 is for SSH, and ports 5801 and 5901 are for the VNC remote desktop. To find the internal IP address of your Linux system, typeifconfig in a Linux root shell.