Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
linux_wiki:configure_access_restrictions_on_directories [2018/04/07 16:41] billdozor [Prerequisite: Basic Setup] |
linux_wiki:configure_access_restrictions_on_directories [2019/05/25 23:50] (current) |
||
---|---|---|---|
Line 12: | Line 12: | ||
* server1.example.com (192.168.1.150) -> Perform all connectivity tests from here | * server1.example.com (192.168.1.150) -> Perform all connectivity tests from here | ||
* server2.example.com (192.168.1.151) -> Install Apache Web Server here | * server2.example.com (192.168.1.151) -> Install Apache Web Server here | ||
+ | |||
+ | **Previous Sections Completed** | ||
+ | * [[linux_wiki: | ||
+ | * Except leave listening on port 80/tcp | ||
+ | * [[linux_wiki: | ||
---- | ---- | ||
Line 17: | Line 22: | ||
====== Prerequisite: | ====== Prerequisite: | ||
- | \\ | + | Create the redsite virtualhost. |
- | Setup host name resolution (**Most likely not needed on exam as they should have proper DNS**) | + | |
- | <code bash> | + | |
- | vim / | + | |
- | + | ||
- | 192.168.1.150 server1 testsite.example.com | + | |
- | </ | + | |
- | * IP Address will differ depending upon network setup | + | |
\\ | \\ | ||
- | Change website name in main config file | + | server2: Add redsite to vhosts.conf<code bash>vim / |
- | <code bash> | + | |
- | vim / | + | |
- | ServerAdmin root@testsite.example.com | + | < |
- | ServerName | + | ServerName |
+ | DocumentRoot / | ||
+ | ErrorLog logs/ | ||
+ | CustomLog logs/ | ||
+ | |||
+ | < | ||
+ | Options None | ||
+ | AllowOverride None | ||
+ | Require all granted | ||
+ | </ | ||
+ | </ | ||
</ | </ | ||
Line 45: | Line 51: | ||
<code bash> | <code bash> | ||
apachectl restart | apachectl restart | ||
+ | </ | ||
+ | |||
+ | \\ | ||
+ | server1: Update host name resolution | ||
+ | <code bash> | ||
+ | vim /etc/hosts | ||
+ | |||
+ | 192.168.1.151 server2 bluesite.example.com redsite.example.com | ||
</ | </ | ||
Line 52: | Line 66: | ||
===== Setup Directory and SELinux ===== | ===== Setup Directory and SELinux ===== | ||
- | Create | + | |
+ | Create | ||
<code bash> | <code bash> | ||
- | mkdir /var/user1dir | + | mkdir -p /data/redsite/ |
</ | </ | ||
\\ | \\ | ||
- | Change permissions | + | Create an index file |
<code bash> | <code bash> | ||
- | chown user1: | + | echo '< |
- | chmod 711 /var/user1dir | + | |
</ | </ | ||
\\ | \\ | ||
- | Create | + | Create |
<code bash> | <code bash> | ||
- | echo "This is user1' | + | echo "This is for certain people to view only." > /data/redsite/ |
</ | </ | ||
Line 75: | Line 89: | ||
ls -lZ /var/www | ls -lZ /var/www | ||
- | ls -lZ /var/user1dir | + | ls -lZ /data/redsite |
</ | </ | ||
- | * You will see that / | + | * You will see that / |
\\ | \\ | ||
SELinux: Give new directory the correct SELinux httpd context | SELinux: Give new directory the correct SELinux httpd context | ||
<code bash> | <code bash> | ||
- | semanage fcontext -at httpd_sys_content_t "/var/user1dir(/ | + | semanage fcontext -at httpd_sys_content_t "/data/redsite(/ |
- | restorecon -Rv /var/user1dir/ | + | restorecon -Rv /data/redsite/ |
</ | </ | ||
+ | * Reminder: man semanage-fcontext | ||
===== Restrict Access ===== | ===== Restrict Access ===== | ||
- | Change document root | + | **Help**: Available if you installed ' |
- | <code bash> | + | |
- | vim /etc/httpd/conf/httpd.conf | + | |
- | + | ||
- | DocumentRoot "/var" | + | |
- | </ | + | |
\\ | \\ | ||
- | Allow an " | + | Create password |
<code bash> | <code bash> | ||
- | < | + | htpasswd -c /etc/httpd/conf/userdb user1 |
- | AllowOverride AuthConfig | + | |
- | </Directory> | + | |
</ | </ | ||
+ | * Prompted for a password | ||
\\ | \\ | ||
- | Create htaccess | + | Edit the vhosts.conf |
- | <code bash> | + | <code bash>vim /etc/httpd/ |
- | vim /var/user1dir/.htaccess | + | |
- | AuthType Basic | + | < |
- | AuthName " | + | |
- | AuthUserFile "/ | + | |
- | Require user valid-user | + | # |
- | </code> | + | |
- | \\ | + | |
- | Create password for the user | + | |
- | <code bash> | + | |
- | htpasswd -c /etc/httpd/conf/ | + | |
- | </code> | + | |
- | * Prompted for a password | + | </Directory> |
- | + | </VirtualHost> | |
- | \\ | + | |
- | Change permissions on the userdb file | + | |
- | <code bash> | + | |
- | chown : | + | |
- | chmod 640 /etc/httpd/ | + | |
</ | </ | ||
Line 137: | Line 139: | ||
Visit restricted directory | Visit restricted directory | ||
<code bash> | <code bash> | ||
- | elinks http://testsite.example.com/ | + | elinks http://redsite.example.com/ |
</ | </ | ||
* elinks may need to be installed first (yum install elinks) | * elinks may need to be installed first (yum install elinks) |