[go: up one dir, main page]
Scribd
Upload
52 views3 pages

RHCE NW-Service Quickreference Sheet: Packages and Installation

This document provides information about configuring and managing the Apache web server on Red Hat Enterprise Linux systems. It includes details about: 1. Required packages for installing and using Apache, SSL, and documentation. 2. SELinux booleans that control Apache permissions for home directories, NFS, CIFS, and CGI scripts. 3. Systemd services for restarting Apache gracefully and testing configurations. 4. Default firewall ports for HTTP and HTTPS traffic. 5. Host-based and user-based access control configuration using mod_authz_host and mod_authz_user respectively. 6. Common administration tasks like configuring virtual hosts, private directories, TLS security

Uploaded by

Rajat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
52 views3 pages

RHCE NW-Service Quickreference Sheet: Packages and Installation

This document provides information about configuring and managing the Apache web server on Red Hat Enterprise Linux systems. It includes details about: 1. Required packages for installing and using Apache, SSL, and documentation. 2. SELinux booleans that control Apache permissions for home directories, NFS, CIFS, and CGI scripts. 3. Systemd services for restarting Apache gracefully and testing configurations. 4. Default firewall ports for HTTP and HTTPS traffic. 5. Host-based and user-based access control configuration using mod_authz_host and mod_authz_user respectively. 6. Common administration tasks like configuring virtual hosts, private directories, TLS security

Uploaded by

Rajat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

RHCE NW-Service Quickreference sheet

Service: Apache

Packages and Installation


Name Description
httpd Apache http server
mod_ssl ssl for apache
openssl ssl tools
crypto-utils ssl key generating tools
httpd_manual documentation package

SELinux Hints
Boolean default description
httpd_enable_homedirs off allow personal homedir sharing
httpd_use_nfs off allow rw from nfs
httpd_use_cifs off allow rw from cifs
httpd_enable_cgi on enable cgi

types description
httpd_sys_content_t static web content (ro)
httpd_sys_script_exec_t for cgi scripts
httpd_sys_content_rw_t rw for cgi scripts
httpd_sys_content_ra_t append only by cgi scripts
httpd_unconfined_script_e unconfied scripts
xec_t
Systemd Services and Startup Config
task cmd
Restart graceful apachectl graceful
Test configuration apachectl configtest
Security
Firewall Services/Ports
service ports
http tcp/80
https tcp/443

Host-based Security
use mod_authz_host:
config description
<RequireAll></RequireAll> AND, OR, NAND blocks
<RequireAny></RequireAny>
<RequireNone></RequireNone>
Require [not] host #name allow/block host or ip
Require [not] ip #address

Require all granted allow all


Require all denied deny all
Require [not] ip #net/#maks allow/block networks
Require [not] ip #partial-ip
Require local only local access

User-based Security
config description
<RequireAll></RequireAll> AND, OR, NAND blocks
<RequireAny></RequireAny>
<RequireNone></RequireNone>
Require [not] group #group allow/block group or user
Require [not] user #user

Require valid-user allow all valid users


AuthType Basic enable basic auth
AuthName "#text" text display on login
AuthBasicProvider file use htpasswd-files
AuthUserFile #name htpasswd-file path
AuthGroupFile #file path to group file
format:
#group: #member [..]
use htpasswd to manage users

Config Tasks
Configure a Virtual Host
use example from /usr/share/doc/apache/
first host is default

Configure Private Directories


• enable example configfile httpd-userdir.conf

• enable selinux bool

• disable or enable users:


◦ UserDir disabled root jro fish
◦ UserDir enabled rbowen krietz

Deploy a basic CGI application


task cmd
LoadModule cgi_module load module
modules/mod_cgi.so
ScriptAlias /cgi-bin/ add cgi dir
/usr/local/apache2/cgi-bin/

Options +ExecCGI enable cgi


AddHandler cgi-script .cgi .pl set extensions
no for all

Configure Group-managed content

Configure TLS security

task cmd
create selfsigned key genkey #hostname
install new key cp #key /etc/pki/tls/certs/
#change /etc/httpd/conf.d/ssl.conf
disable cert verification in curl curl -k

You might also like