1 / 24

Review

Review. Security Hardening IPTables SELinux. Today. Installations and updates Rpm command and packages Apache “Issue Ownership”. Installing Items. Several Different Ways Build from source works on all systems Download source code, unzip it, run ‘make file’ Compiles it on your system

ekram
Download Presentation

Review

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Review • Security • Hardening • IPTables • SELinux

  2. Today • Installations and updates • Rpm command and packages • Apache • “Issue Ownership”

  3. Installing Items • Several Different Ways • Build from source works on all systems • Download source code, unzip it, run ‘make file’ • Compiles it on your system • Annoying, time consuming, etc… • Different distributions have ‘package managers’ • Debian/Ubuntu – Apt-Get / dpkg • SuSE - YaST

  4. CentOS/RHEL • Online (aka, requires internet connection) • yum • yum install <package> # or update or…. • VERY easy, very nice, I highly recommend it • Offline (aka, no internet connection) • Must know package name • rpm (RedHat Package Manager) • Flags will then lead us to install, uninstall, update, etc…

  5. RPM Usage • Simple installation • rpm -i <filename> • rpm -ivh <filename> • List installed programs • rpm -qa #optional: <package> • Uninstall program • rpm -ev <package> • Notice difference between filename and package

  6. RPM File Names • An RPM filename will end in .rpm • The name will usually contain package, version, OS version, and architecture • CentOS 5 Apache installation file • httpd-2.2.3-43.el5.i386.rpm • Package: httpd • Apache version: 2.2.3-43 • OS version: ‘Enterprise Linux’ 5 (el5) • Architecture: i386 (Intel, 32-bit)

  7. Complex Installations • Some packages will require a ‘depdency’ • A dependency is another install package • Possibly another program, possibly a library • For example, to run the GNU C++ Compiler (g++), you have to have the GNU C Compiler installed (gcc) • g++ has a dependency of gcc • rpm -R <package>

  8. Failures • Dependencies • 2 packages, 2 libraries • Packages will most likely appear with that name • Libraries will have to be Google’d for

  9. Library Packages • libapr-1.so.0 – library package • In an offline install this will not show up as libapr.rpm or any variation

  10. Libapr-1.so.0 • Easily handled - apr package and apr-util packages contain the libapr and libapr-util libraries • Go through each dependency from the top, install all the ones you can easily • Then try to install the main packages and Google anything left over

  11. Successful Install • rpm -ivh apr-util-1.3.9-3.el6_0.1.x86_64.rpm

  12. So We Can Use It • We can see it in the output of rpm -qahttpd • Even more, we can use it

  13. What Is A Web Server? • “The hardware or software that delivers web content” –wikipedia • Thanks, wikipedia, that’s helpful • Web server is a computer running • Windows OS & IISapplication • Linux OS & Apache application • There are others, those are the big ones • They hold the code files that make up web pages (facebook, Amazon, ESPN, etc…)

  14. Apache Web Server • “LAMP Stack” – Linux, Apache, MySQL, PHP • Everything you need to build a ‘feature-rich’ website (ESPN.com) • Config file in /etc/httpd/conf/httpd.conf • Contains ‘modules’ that help develop web site • Code files in /var/www • Expected to be ‘feature rich’

  15. Apache Details • Service named httpd (so we can control it by the services command or see it in ps) • Starts about 8 processes named httpd • Sits “on top” of our networking scripts, opens port 80 to “listen” for incoming web (http) connections, etc…

  16. Apache COnfig • So when we browse to the IP

  17. Quick Aside – Regular Tasks • Starting out in IT, expect: • Programmers: documenting code • Possibly minor bug fixes • Networking: monitoring • I actually know the least about this one • Sysadmin: Password resets, low-level user calls • Aka, help desk

  18. Help Desk • Help desk isn’t a bad place to be • But it’s hard to move out into ‘sysadmin’ work • Easier to move up to L2/L3 support • Internships are the way to go • Regardless, you’ll usually have a ‘script’

  19. Help Desk • In that script you won’t have too much freedom, which means you won’t have too much opportunity to show off skills • Sometimes you do, and sticking with something (especially the really annoying things) are what managers look for • They call it “issue ownership” • Do you take the next step when it’s not in your script?

  20. Example • Apache is not installed on our VM’s

  21. Or You Might Get A Ticket • “User X Can’t Log In” • Login to what?! • Obviously not the ticketing system • This is why I structure our class this way • This is also the least-favorite assignment of many students • “Scope” the problem • Outline the fix • Implement • Write-up

  22. Your Homework and Practical • Install Apache on our vm’s • Not using yum • Turn in a short write-up of what you did and how • Documentation is necessary • 1) tells you where you are • 2) tells you what you’re doing • 3) covers your behind

  23. Tickets • IDS was owned by ‘Enterasys’ • Awful support, except for 2/3 guys • Used their tickets to show their mgmt they weren’t responding (many times) • Got 2 of the “good” responders dedicated to our account • I’m sure they were chewed out after the 4th/5th/6th time we escalated through our mgmt

  24. Own Study • Installations and updates • Rpm command and packages • http://www.thegeekstuff.com/2010/07/rpm-command-examples/ • Apache • http://www.centos.org/docs/5/html/Cluster_Administration/s1-apache-inshttpd-CA.html

More Related