Scribd
Upload
19 views17 pages

Sna Lab

server configuration samba

Uploaded by

aamam0266
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
19 views17 pages

Sna Lab

server configuration samba

Uploaded by

aamam0266
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 17

Name= Fatima Ahmed

Roll no= BSIT51F22R006

HTTP APACHE SERVER


1.3. UPDATING THE CONFIGURATION

1.4. THE APACHE CONFIGURATION FILES


/etc/httpd/conf/httpd.conf

/etc/httpd/conf.d/

/etc/httpd/conf.modules.d/
1.5. MANAGING THE HTTPD SERVICE

1.6. SETTING UP A SINGLE-INSTANCE APACHE HTTP


SERVER
 Install the httpd package:

 If you use firewall, open the TCP port 80 in the local firewall:

 Enable and start the httpd service:


 Optional: Add HTML files to the /var/www/html/ directory:

 Verification:
1.7. CONFIGURING APACHE NAME-BASED VIRTUAL
HOSTS
Edit the /etc/httpd/conf/httpd.conf file:

Append a similar virtual host configuration for the example.net domain:


Create the document roots for both virtual hosts:

If you set paths in the DocumentRoot parameters that are not within
/var/www/, set the httpd_sys_content_t context on both document roots:

If you use firewalld, open port 80 in the local firewall:

Enable and start the httpd service:

Verification:

1.8. CONFIGURING KERBEROS AUTHENTICATION FOR


THE APACHE HTTP WEB SERVER
1.8.1. Setting up GSS-Proxy in an IdM environment
Enable access to the keytab file of HTTP/@realm principal by creating the service principal:

Retrieve the keytab for the principal stored in the /etc/gssproxy/http.keytab file:
Create the /etc/gssproxy/80-httpd.conf file with the following conten

Restart and enable the gssproxy service:

1.8.2. Configuring Kerberos authentication for a directory shared by the


Apache HTTP web server
Configure the mod_auth_gssapi module to protect the /var/www/html/private/ directory:

Create system unit configuration drop-in file:

Add the following parameter to the system drop-in file:

Reload the systemd configuration:

1.9. CONFIGURING TLS ENCRYPTION ON AN APACHE


HTTP SERVER
1.9.1. Adding TLS encryption to an Apache HTTP Server
Install the mod_ssl package:

Edit the /etc/httpd/conf.d/ssl.conf file and add the following settings to the directive:

If you use firewalld, open port 443 in the local firewall:

Restart the httpd service:


1.9.2. Setting the supported TLS protocol versions on an Apache HTTP Server
Edit the /etc/httpd/conf/httpd.conf file, and add the following setting to the directive for which you
want to set the TLS protocol version. For example, to enable only the TLSv1.3 protocol:

Restart the httpd service:

Verification:

1. Use the following command to verify that the server supports TLSv1.3:
2. Use the following command to verify that the server does not support TLSv1.2:

1.9.3. Setting the supported ciphers on an Apache HTTP Server


Edit the /etc/httpd/conf/httpd.conf file, and add the SSLCipherSuite parameter to the directive for
which you want to set the TLS ciphers:

Verification:

Install the nmap package:


Use the nmap utility to display the supported ciphers:

1.10. CONFIGURING TLS CLIENT CERTIFICATE


AUTHENTICATION
Edit the /etc/httpd/conf/httpd.conf file and add the following settings to the
directive for which you want to configure client authentication:
Verification:

1.11. SECURING WEB APPLICATIONS ON A WEB


SERVER USING MODSECURITY
1.11.1. Deploying the ModSecurity web-based application firewall for
Apache:
Install the mod_security, mod_security_crs, and httpd packages:

Verification:
1.11.2. Adding a custom rule to ModSecurity:
Open the /etc/httpd/conf.d/mod_security.conf file in a text editor of your choice, for example:

Add the following example rule after the line starting with SecRuleEngine On:

1.12. INSTALLING THE APACHE HTTP SERVER MANUAL


1.13. WORKING WITH APACHE MODULES
1.13.1. Loading a DSO module
Search for the module name in the configuration files in the /etc/httpd/conf.modules.d/ directory:

Edit the configuration file in which the module name was found, and uncomment the LoadModule
directive of the module:

If the module was not found, for example, because a RHEL package does not provide the module,
create a configuration file, such as /etc/httpd/conf.modules.d/30-example.conf with the following
directive: not needed

Restart the httpd service: not needed

1.13.2. Compiling a custom Apache module


Install httpd-devel package:

Build a custom module with the following command

1.14. EXPORTING A PRIVATE KEY AND CERTIFICATES


FROM AN NSS DATABASE TO USE THEM IN AN
APACHE WEB SERVER CONFIGURATION
List the certificates in the NSS database:

To extract the private key, you must temporarily export the key to a PKCS #12 file:

Set the permissions on /etc/pki/tls/private/server.key to ensure that only the root user can access
this file:

Use the nickname of the server certificate in the NSS database to export the CA certificate:

Set the permissions on /etc/pki/tls/certs/server.crt to ensure that only the root user can access this
file:

Use the nickname of the CA certificate in the NSS database to export the CA certificate:

Follow Configuring TLS encryption on an Apache HTTP server to configure the Apache web server,
and:

You might also like