Sna Lab
Sna Lab
/etc/httpd/conf.d/
/etc/httpd/conf.modules.d/
1.5. MANAGING THE HTTPD SERVICE
If you use firewall, open the TCP port 80 in the local firewall:
Verification:
1.7. CONFIGURING APACHE NAME-BASED VIRTUAL
HOSTS
Edit the /etc/httpd/conf/httpd.conf file:
If you set paths in the DocumentRoot parameters that are not within
/var/www/, set the httpd_sys_content_t context on both document roots:
Verification:
Retrieve the keytab for the principal stored in the /etc/gssproxy/http.keytab file:
Create the /etc/gssproxy/80-httpd.conf file with the following conten
Edit the /etc/httpd/conf.d/ssl.conf file and add the following settings to the directive:
Verification:
1. Use the following command to verify that the server supports TLSv1.3:
2. Use the following command to verify that the server does not support TLSv1.2:
Verification:
Verification:
1.11.2. Adding a custom rule to ModSecurity:
Open the /etc/httpd/conf.d/mod_security.conf file in a text editor of your choice, for example:
Add the following example rule after the line starting with SecRuleEngine On:
Edit the configuration file in which the module name was found, and uncomment the LoadModule
directive of the module:
If the module was not found, for example, because a RHEL package does not provide the module,
create a configuration file, such as /etc/httpd/conf.modules.d/30-example.conf with the following
directive: not needed
To extract the private key, you must temporarily export the key to a PKCS #12 file:
Set the permissions on /etc/pki/tls/private/server.key to ensure that only the root user can access
this file:
Use the nickname of the server certificate in the NSS database to export the CA certificate:
Set the permissions on /etc/pki/tls/certs/server.crt to ensure that only the root user can access this
file:
Use the nickname of the CA certificate in the NSS database to export the CA certificate:
Follow Configuring TLS encryption on an Apache HTTP server to configure the Apache web server,
and: