Presentation is loading. Please wait.

Presentation is loading. Please wait.

Unix System Administration

Published byAngela Harmon Modified over 5 years ago

Similar presentations

Presentation on theme: "Unix System Administration"— Presentation transcript:

1 Unix System Administration
Chris Schenk Lecture 16 – Thursday Mar 06 CSCI 4113, Spring 2008

2 Message Authentication Codes
MACs Not to be confused with network Layer 1 addresses! MACs use hash functions to tag messages Used by our RNDC utility for BIND All messages are authenticated with a 'tag' Not the same as a digital signature! Digital sigs use assymetric keys MACs use a symmetric key with the hash

3 SSL Cert Creation Using an RSA key, we create a certificate signing request (CSR) Contains , common name (CN), and others Plain-text info is hashed (usually with MD5 or SHA1) Hash is encrypted with RSA private key Self-signed so the CA knows we own private key Contains no expiration date CA verifies who we are Removes (?) self-signature, adds in their own Adds in expiration date and 'issuer' information

4 SSL Cert Verification Browser is presented with SSL cert
Checks expiration date Checks if Common Name (CN) matches URL Browser finds CA root cert in browser that matches 'issuer' field Decode CA signature using CA's public key Contained in the CA root cert Hash plain-text data and compare hashes If all three criteria are met, then continue Otherwise create a pop-up window

5 Web – Apache Web Server Apache runs as httpd or apache2 daemon
depending on the distro 'apache2' under Ubuntu Highly configurable Allow/disallow dynamic content with PHP, Perl, Python, etc Fine-grained permissions and options per directory User-defined web pages from public_html dirs SSL support enabled with a module

6 Apache – Ubuntu File Locations
Any of the following locations is configurable I generally like to use the defaults, however /etc/apache2/apache2.conf – Main config /var/www – Default location for webserver files /usr/sbin/apache2 – Daemon /var/log/apache2 – Log file location Many different logs exist in this directory /etc/init.d/apache2 – Startup script

7 Ubuntu File Locations Sites-available vs sites-enabled
A way to easily deploy or disable websites configured on the webserver /etc/apache2/sites-available Sites that can be enabled or disabled Each site has its own configuration file that defines the site /etc/apache2/sites-enabled symbolic links to config files in sites- available All enabled sites are included in apache2.conf

8 Apache – Server Directives
Tons of different options, we'll cover important ones ServerRoot – Location of configs/modules DocumentRoot – Location of webserver files Listen <port> – Bind port for apache (80) LoadModule – Loads extra useful modules DirectoryIndex – Default files to load in a directory (index.html, index.php, etc) User/Group – What users to run as non- privileged ServerAdmin – Contact address (usually webmaster)

9 Apache – Directory Permissions
Set with the Directory directive <Directory /> Options None #Turn all features off AllowOverride none #disable .htaccess Order allow,deny Deny from all #deny access to files </Directory> The above disables all options and denies all access to / This is root on the FILESYSTEM, not the webserver docroot! Useful to set restrictive permissions on a site

10 Apache – Directory Permissions (cont)
Now we can set the permissions on the document root <Directory /var/www> #set default options Options Indexes SymLinksIfOwnerMatch #allow .htaccess to override default options AllowOverride All Order allow,deny Allow from all </Directory> This allows the site to function for files under /var/www Because of the Allow from all directive

11 Virtual Hosts Once NameVirtualHost is enabled one must configure VirtualHost's to be matched NameVirtualHost :80 <VirtualHost :80> ServerName ServerAdmin DocumentRoot /var/www/zipzoomfly </VirtualHost> <VirtualHost :80> ServerName ServerAdmin DocumentRoot /var/www/bingo </VirtualHost> VirtualHost IP addresses must match the NameVirtualHost IP address

12 Apache NameVirtualHost'ing
Can host multiple domain names Very much like how BIND can host multiple zones Known as a NameVirtualHost in Apache Apache matches the virtual host to present to user based on host presented in URL request from user Hosting companies use a single web server And have multiple domains hosted on it godaddy.com as one example (and tons more) Named virtual hosts BREAK ssl! SSL is tied to the hostname used in the URL

13 How NameVirtualHost Breaks SSL
SSL configuration on a webserver is tied to a specific IP address and port (usually 443) This (usually) means one instance of SSL per server We can only configure one cert per port! SSL checks the following for a valid SSL site: Signature on cert verified by CA root cert Cert has not expired Common Name (CN) within cert matches URL name When the CN is different, we get a popup

Download ppt "Unix System Administration"

Similar presentations

What all is there Inside the Apache web server. These slides are part of study material of LAMP course. Course conducted by Prof Rocky Jagtiani – Technical.

What all is there Inside the Apache web server. These slides are part of study material of LAMP course. Course conducted by Prof Rocky Jagtiani – Technical.
1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.

1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.
Dan Fleck.  WAMP – Windows Apache MySQL PHP -  LAMP – Linux Apache MySQL PHP ◦ There are.

Dan Fleck.  WAMP – Windows Apache MySQL PHP -  LAMP – Linux Apache MySQL PHP ◦ There are.
Michelle J. Gosselin, Jennifer Schommer Guanzhong Wang.

Michelle J. Gosselin, Jennifer Schommer Guanzhong Wang.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.

SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Apache Web Server Quick and Dirty Steve Gibbard for SANOG 16 (Originally by Joel Jaeggli for AfNOG 2007) ‏

Apache Web Server Quick and Dirty Steve Gibbard for SANOG 16 (Originally by Joel Jaeggli for AfNOG 2007) ‏
Apache Configuration Setting up a web server. Basic Server Facts Runs on port 80 Server application -> httpd Richly configurable Many defaults will let.

Apache Configuration Setting up a web server. Basic Server Facts Runs on port 80 Server application -> httpd Richly configurable Many defaults will let.
Chapter Apache Installation in Linux- Mandrake. Acknowledgment The following information has been obtained directly from www.mandrake.com www.mandrake.com.

Chapter Apache Installation in Linux- Mandrake. Acknowledgment The following information has been obtained directly from
Configuring a Web Server. Overview  Understand how a Web server works  Install IIS (Internet Information Services) and Apache Web servers  Examine.

Configuring a Web Server. Overview  Understand how a Web server works  Install IIS (Internet Information Services) and Apache Web servers  Examine.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
CP476 Internet Computing Browser and Web Server 1 Web Browsers A client software program that allows you to access and view Web pages on the Internet –Examples.

CP476 Internet Computing Browser and Web Server 1 Web Browsers A client software program that allows you to access and view Web pages on the Internet –Examples.
Web Server Setup WEB SERVER SETUP.

Web Server Setup WEB SERVER SETUP.
TLS/SSL Review. Transport Layer Security A 30-second history Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent.

TLS/SSL Review. Transport Layer Security A 30-second history Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent.
APACHE SERVER By Innovationframes.com »

APACHE SERVER By Innovationframes.com »
Chapter 22 Web Hosting and Internet Servers Xuanxuan Su.

Chapter 22 Web Hosting and Internet Servers Xuanxuan Su.
Virtual Hosts The apache server can handle multiple “web sites” at a time – a web service provider company may have multiple different sites to offer (see.

Virtual Hosts The apache server can handle multiple “web sites” at a time – a web service provider company may have multiple different sites to offer (see.
Linux Operations and Administration

Linux Operations and Administration
2440: 141 Web Site Administration Web Server Configuration Instructor: Enoch E. Damson.

2440: 141 Web Site Administration Web Server Configuration Instructor: Enoch E. Damson.
CSCI 6962: Server-side Design and Programming

CSCI 6962: Server-side Design and Programming

Similar presentations

Ads by Google