Differences
This shows you the differences between two versions of the page.
linux_wiki:configure_access_restrictions_on_directories [2016/10/08 17:56] billdozor |
linux_wiki:configure_access_restrictions_on_directories [2019/05/25 23:50] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Configure Access Restrictions On Directories ====== | ||
- | |||
- | **General Information** | ||
- | |||
- | Access restrictions on Apache Web Server/ | ||
- | |||
- | ---- | ||
- | |||
- | ====== Lab Setup ====== | ||
- | |||
- | The following virtual machines will be used: | ||
- | * server1.example.com (192.168.1.150) -> Perform all connectivity tests from here | ||
- | * server2.example.com (192.168.1.151) -> Install Apache Web Server here | ||
- | |||
- | ---- | ||
- | |||
- | ====== Prerequisite: | ||
- | |||
- | \\ | ||
- | Setup host name resolution (**Most likely not needed on exam as they should have proper DNS**) | ||
- | <code bash> | ||
- | vim /etc/hosts | ||
- | |||
- | 192.168.1.150 server1 testsite.example.com | ||
- | </ | ||
- | * IP Address will differ depending upon network setup | ||
- | |||
- | \\ | ||
- | Change website name in main config file | ||
- | <code bash> | ||
- | vim / | ||
- | |||
- | ServerAdmin root@testsite.example.com | ||
- | ServerName testweb.example.com | ||
- | </ | ||
- | |||
- | \\ | ||
- | Check syntax | ||
- | <code bash> | ||
- | httpd -t | ||
- | </ | ||
- | |||
- | \\ | ||
- | Apply Config | ||
- | <code bash> | ||
- | systemctl restart httpd | ||
- | </ | ||
- | |||
- | ---- | ||
- | |||
- | ====== Restrict Access to a Directory ====== | ||
- | |||
- | ===== Setup Directory and SELinux ===== | ||
- | Create a directory | ||
- | <code bash> | ||
- | mkdir / | ||
- | </ | ||
- | |||
- | \\ | ||
- | Change permissions | ||
- | <code bash> | ||
- | chown user1:user1 / | ||
- | chmod 711 / | ||
- | </ | ||
- | |||
- | \\ | ||
- | Create an index file | ||
- | <code bash> | ||
- | echo "This is user1' | ||
- | </ | ||
- | |||
- | \\ | ||
- | SELinux: Check normal httpd content contexts vs new directory | ||
- | <code bash> | ||
- | ls -lZ /var/www | ||
- | |||
- | ls -lZ / | ||
- | </ | ||
- | * You will see that / | ||
- | |||
- | \\ | ||
- | SELinux: Give new directory the correct SELinux httpd context | ||
- | <code bash> | ||
- | semanage fcontext -at httpd_sys_content_t "/ | ||
- | restorecon -Rv / | ||
- | </ | ||
- | |||
- | ===== Restrict Access ===== | ||
- | |||
- | Change document root | ||
- | <code bash> | ||
- | vim / | ||
- | |||
- | DocumentRoot "/ | ||
- | </ | ||
- | |||
- | \\ | ||
- | Allow an " | ||
- | <code bash> | ||
- | < | ||
- | AllowOverride AuthConfig | ||
- | </ | ||
- | </ | ||
- | |||
- | \\ | ||
- | Create htaccess file in user1' | ||
- | <code bash> | ||
- | vim / | ||
- | |||
- | AuthType Basic | ||
- | AuthName " | ||
- | AuthUserFile "/ | ||
- | Require user valid-user | ||
- | </ | ||
- | |||
- | \\ | ||
- | Create password for the user | ||
- | <code bash> | ||
- | htpasswd -c / | ||
- | </ | ||
- | * Prompted for a password | ||
- | |||
- | \\ | ||
- | Change permissions on the userdb file | ||
- | <code bash> | ||
- | chown :apache / | ||
- | chmod 640 / | ||
- | </ | ||
- | |||
- | \\ | ||
- | Restart Apache | ||
- | <code bash> | ||
- | systemctl restart httpd | ||
- | </ | ||
- | |||
- | \\ | ||
- | Visit restricted directory | ||
- | <code bash> | ||
- | elinks http:// | ||
- | </ | ||
- | * elinks may need to be installed first (yum install elinks) | ||
- | |||
- | ---- | ||