How-To Set Up Debian/Linux Apache Servers here source: AboutDebian.com 'virtual host' explained
The virtual host configuration statements are in the httpd.conf file. They basically duplicate the configuration statements found earlier in the file, except that they are enclosed in a set of VirtualHost statements.
<VirtualHost 172.18.254.38>
ServerName www.my2nddomain.com
ServerAdmin you@your-real-email-address.com
ScriptAlias /cgi/ /home/httpd/cgi-bin/my2nddomain/
DocumentRoot /home/httpd/html/my2nddomain/
<Directory /home/httpd/html/my2nddomain>
AddType text/html .shtml
AddHandler server-parsed .shtml
Options +Includes
</Directory>
ErrorLog logs/my2nddomain-error_log
CustomLog logs/my2nddomain-access_log common
</VirtualHost>
| How-To unpack a tar archive type: For .tar.gz file extensions use: tar -zxvf <filename> For .tar file extensions use: tar xvfm <filename> For .gz use any of these commands: - zcat <filename.gz> Shows file
- gunzip -c <filename.gz>
- gzip -d <filename.gz> For larger files, then less <filename> to scroll through long documents.
Rename the *.tgz files to *.tar.gz
Example: $ mv <filename>.tgz <filename>.tar.gz
Uncompress and unpack:
gzip -d <filename>.tar.gz | tar xvfm - .bz2 file
Most distributions come with a program bzip2 (and associated bunzip2 - but technically its the same program). Just run:
bunzip2 <filename>
or
bzip2 -d <filename>
And some distributions come with a tar which is patched to handle
bzip2 tar files:
tar xIvvfp <filename>.tar.bz2 The 'I' option does what 'z' does for gzipped tar files. more... source: http://www.indiana.edu/~gisdata/faq.htm
source: Linux.org 'chmod' explained chmod is the program that is used to change file permissions on a Linux system. As we mentioned, others cannot modify your personal user files but you may not want other people to even read these files. You can use this command to take away the possibility of others prying into your private stuff. The syntax (parts separated by brackets) for using this command is the following: chmod [a/o/g/u] [+ or -] (plus or minus sign) [r/w/x]
Let's analyze the syntax: - The symbols in the first brackets refer to the four concepts of users that Linux has.
- a=all, all users
- o=others, (other people)
- g=group, the members of your group
- u=user, (this means you)
- The symbol + adds permissions and the symbol - takes them away. As we say in the Linux world chmod giveth, chmod taketh away
- Your actual rights to files - r=read rights, w=write rights (pardon the homophonic redundancy!) and x=executable rights
Practical examples of chmod As we mentioned before, you may want to restrict rights to read a file. You would simply type: chmod og-r my_world_domination_plan.txt
Now nobody can read your plans to take over the world except you. Best to keep those secret anyway. We also talked earlier about those files that you may have copied from a Windows partition or a floppy formatted for Windows. Even if they're not executable files, they'll show up as such (-rwxr-xr-x). You can change them to their correct permissions, getting rid of the executable status with: chmod a-x the_file
Remember that if you copied them as 'root', you will have to use chmod as root to do this. You could even go one step further and change the ownership of the file to the user you desire. You may want to change root ownership to yourself (your user name). We'll go into this in the next part of the lesson. Using chmod with number values Change the permissions on a file or directory. 4 = read 2 = write 1 = execute, now add 1 plus 2 plus 4 = 7, thus chmod 700 filename gives full permission to the file Owner. chmod 755 filename gives Owner full permission, Group has read and execute permissions and Everyone else has read and execute permissions. more... chmod explained. (Table below from Linux.org Tutorial). | User (or the owner) | Group | Others | | read-write-execute | read-write-execute | read-write-execute | | 4-2-1 | 4-2-1 | 4-2-1 |
chmod from ctssn.com This download shows file permissions of current system configuration: "...lets you see all file system activity in real-time."
This
Sysinternals link had Freeware Filemon v1.1 for Linux in September,
2009.
Filemon is also available for Windows. | |
| |
| A Note About DNS (Domain Name Service) | |
DNS is basically just a database, pieces of which scattered around the Internet on a lot of different DNS servers. The entries in the database map a domain name to an IP address. When you visit a Web site, you are actually doing so using the site's IP address even though you used a domain name in the URL. In the background your computer quickly looked at a DNS server to find the IP address that corresponds to the site's domain name. Now you know why you have to specify one or two DNS server IP addresses in the TCP/IP configuration on your computer. Without them you'd need to access everything by IP address. Here is a very simplistic example of what type of information is stored. More... DNS Troubleshooting| A | web.your-domain.com | 172.29.183.103 | | MX | mail.your-domain.com | 172.29.183.217 | | | | | | A | debian.their-domain.com | 10.177.8.3 | | MX | debian.their-domain.com | 10.177.8.3 |
How-To read E-mail Headers: Kim Komando Daily Tip Apache Installation, php and mySql Pkgs. How-To Setup Debian/Linux Internet Servers How-To Setup DNS is an excellent resource, About Debian DNSDNS Root Hints from Linux.orgDebian Network config. /etc/network/interfaces Find a list of Debian/Linux How-To Articles from About Debian, here. This is a good link to a list of Linux Administrator commands: http://linux.about.com/library/bl/open/newbie/blnewbie5.17.htm from
the Linux Newbie Administrator Guide. (Not all commands will work with Debian). |
|
Microsoft Troubleshooting and Info (MCSE, MCSA, Security+) Office Update | MS Technet |
Server Security |
Active Directory | Net Mon
How to restore security settings to the default settings for Windows XP and
Windows Vista?
KB 313222 Set Default Limits (Disk usage quotas in Microsoft beginning with Windows 2000)
You can set the space limit and the warning level limit. Both can be set to a number of kilobytes (KB), megabytes (MB), gigabytes (GB), terabytes (TB), petabytes (PB), or exabytes (EB). Troubleshooting Reminders - For initial troubleshooting, use Task Manager combined with Event Viewer instead of Performance Monitor. Network troubleshooting requires Network Monitor.
- The File and Printer Sharing for Microsoft Networks service in Windows 2000 Professional uses NetBIOS name resolution. Use the net use command. Examples:
To redirect print output for the LPT1 port to MyPrinter1 on print server W2KPRN1: net use LPT1: \\W2KPRN1\MyPrinter1 To display information about the LPT1 port: net use LPT1 net use (How-To Connect and Disconnect a Network Drive here, this article applies to XP)
Microsoft Domain Name System (DNS) Center This page provides access to Knowledge Base (KB) articles, training, WebCasts, online seminars, and white papers that will help you deploy and support DNS on your system.
| Test DNS To verify DNS server responsiveness from the same machine using the nslookup command, open the Command Prompt and type: nslookup server_ip_address 127.0.0.1 If the server is responding, the name "localhost" is returned. |
|
|
|
|
Troubleshooting Commands HOW TO: Diagnose and Test TCP/IP or NetBIOS Network Connections in Windows 2000 http://support.microsoft.com/default.aspx?scid=kb;en-us;300986&sd=tech To determine why a remote host name cannot be resolved, first determine whether the remote computer is being addressed using NetBIOS or Sockets. If the application uses the Net commands or is an NT 4.0 version administrator tool, it is a NetBIOS problem. Try the net view command. If the net view <hostname> command works, name resolution is not the source of the problem.
To confirm this, check the status of the temporary session that NetBIOS creates by entering the Net view command with the syntax shown: net view <ip_address> where ip_address is the IP address of the same computer used in the previous example. If this command fails, the problem is in establishing a session. If the Net View utility fails with both hostname and ip_address, a likely culprit is that the computer is not running the File and Printer Sharing for Microsoft Networks service. If the application uses WinSock (like Telnet, FTP, and Web browsers) the problem will lie with DNS or the Hosts file. Microsoft How-To articles: Windows2000 Server , Windows2000 Pro , Windows XP
Exchange Server How-to , Microsoft Office How-To , Windows Server 2003 From Kim Komando's Tip of the Day 7/24/04: In Windows XP, you can find out who's talking to whom. Click Start>>Run. Enter "cmd" (without the quotes) and click OK. At the command prompt, enter "netstat -no" (without the quotes). You'll get a list of active network connections, including the process identifier (PID) of programs on your computer that are running. Find the PID Number under Processes in Task Manager; if the PID Number is not shown, use the View menu to "Select Columns". Validate local computer configuration by using the ipconfig, arp and route commands.
Try: route print. - DHCP Commands - ipconfig /all and arp -a
- DNS - ipconfig, ipconfig /flushdns, ipconfig /renewdns, nbtstat, nslookup and Network Diagnostics located under Help and Support, then Tools, then Help and Support Tools -- set options and click scan.
- Windows 2000 can also use a local database file called Lmhosts to resolve remote NetBIOS names. The Lmhosts file is stored in the %SystemRoot%\System32\Drivers\Etc folder.
- Hosts File - Microsoft Root Hints files (SRV files) are listed under the DNS Zone in Active Directory DNS, if the files are not there, DNS will not work. See below...
SRV Record "Subfolders" Each of the following "subfolders" must be present in the DNS zone. There will be DNS Service (SRV) records in these "subfolders".
_MSDCS
_SITES
_TCP
_UDP
SRV or Resource Records SOA
Points to the Primary DNS Server(s).
NS
Points to the DNS Server(s) that host the zone.
A
Each domain controller should have registered a single host (A) record for their hostname that points to their IP address.
*If multiple records are registered, delete any incorrect or outdated entries.
**If the domain controller is multi-homed, you must fully understand all of the ramifications of multi-homed domain controllers before you continue. Configuring Records Manually
Although many of the DNS records on your server will be automatically configured, there will still be times when you will have to manually configure records. This is accomplished through the shortcut menu of the domain in the DNS console.
There are a variety of record types. A host record is the mapping of a host name to an IP address. An alias record is the mapping of one host name (the alias) to another host name for which there is already a host record. A Mail Exchanger (MX) record is a record that defines the location of a mail server in this domain.
|
|
|
|
A misconfigured subnet mask can result in the system's inability to access any other system on the local subnet while still being able to communicate with remote systems. (DHCP could help to prevent data entry errors in large networks.) Problems at this point are usually related to an invalid ARP cache (such as a duplicate address) or an invalid subnet mask. If the IP address is local, the Address Resolution Protocol (ARP) is used to identify the destination MAC address. The utilities Arp and Ipconfig can be used to solve local address resolution problems.
Pathping /? Examples: -4 Force using IPv4.
-6 Force using IPv6. c:\>pathping -i -6 216.95.232.130 (localtech.us) c:\>pathping -i -6 <target system name> Is IPv6 enabled? Xp use: ping6 ::1 and ipv6 if Windows Server 2003 use: netsh interface show interface How to install IPv6 for XP and IPv6 for Windows Server 2003
IPv6 Windows Help Reference from the Run command: D:\Windows\Help\ipv6.chm (Substitute your hard-drive, partition or volume letter). netsh diag show test /v or /p > netshdiag.txt (Mail, computer, ethernet, port and network client information) Because the /v Verbose switch shows a lot of information, use the > command to send the info to a Text file named netshdiag.txt. Find the file using Windows Explorer under the drive letter that you were in when the command was typed.
Type the whole command instead of C:\netsh, then diag, then show test,
etc. netsh diag show test /v > netshdiag.txt is complete when you see a new command prompt.
Windows Server 2003 includes a netsh Help file located at: Start --> Run, then type D:\Windows\Help\netsh.chm (Substitute your hard-drive, partition or volume letter). drives List all drives
drivetype Query drive type for a drive
volumeinfo Query volume information
ntfsinfo Query NTFS specific volume information
statistics Query file system statistics Example query and response: fsutil fsinfo drivetype d: Response: d: - Fixed Drive
Can you ping the static or dynamic IP of other computers in your Intranet? How-To allow incoming echo requests with XPIf you are using the built-in XP Firewall (ICF), Click Start --> Connect To --> Show All Connections --> Local Area Connection --> Properties --> choose the Advanced tab --> Settings --> Click the ICMP tab --> and "Allow incoming echo requests". How-to Articles, etc. | • | How to remove or update an ActiveX Control With Windows XP Service Pack 2 (SP2) managing ActiveX controls is easy. From any web page find Tools in the Menu Bar at the top > Internet Options > Programs > Manage Add-ons... If you are using MSN Explorer (with the Butterfly), or another browser that does not show the Tools menu, click Start > Control Panel > Network and Internet Connections > Internet Options > Programs > Manage Add-ons.
If the ActiveX control name is familiar and something that was either preinstalled or that you chose to download, then do not disable. If you cannot identify the source of the control, try a search engine to learn more
before disabling: http://www.google.com
Some ActiveX controls are needed and should not be removed; while others are considered Spyware or Malware and should be disabled. |
| • | What is a Honeypot? from Google.com, type define:honeypotA host or network with known vulnerabilities deliberately exposed to a public network. Honeypots are useful in studying attackers' behavior and also in drawing attention away from other potential targets.
www.nwfusion.com/techinsider/2002/0624security2.html For information on honeypots, visit the following Web site: http://www.tracking-hackers.com. Check-out their Honeypot Resource page to Try or Buy Honeypot software. Also find Open source, Free Honeypots: Honeypots IDS - Intrusion Detection System SANS - Develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - Internet Storm Center. The SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as a cooperative research and education organization. The SANS Internet Storm Center: http://isc.sans.org/
|
|
|
MS TechNet
Solution
Accelerators are free...
Network monitor To call from the Network Monitor API, you must be running on Windows NT Server 4.0 or Windows Server 2000/2003, or have Microsoft Systems Management Server installed. Using Network Monitor: Flush the DNS look-up cache (if applicable for your operating system). For instance, if you are running Windows, you type ipconfig /flushdns at the command prompt. Start a network monitor capture. Open a Web browser. Go to your domain and view the home page. After returning to the home page configured in your Web browser, close the Web browser. Stop the network monitor capture. View the captured data.
What is MIME? Multipurpose Internet Mail Extensions. Secure/Multipurpose Internet Mail Extensions (S/MIME) encrypts e-mail messages when they are created, and provides a mechanism to exchange encryption keys between e-mail users. Layer 2 Tunneling Protocol (L2TP) encrypts data flowing between computers based on user authentication and allows users to log on securely from remote locations. Applies mainly to Remote Access and VPN. Secure Sockets Layer (SSL) encrypts data flowing between computers that have not otherwise agreed to trust one another. SSL does not provide identity of the user or machine, but does encrypt the connection between them.
CompTIA and MCSE:Security+ "...attacks from the Internet are always anonymous, making it very difficult to pinpoint a perpetrator who might easily come from a part of the world that is beyond the reach of local law. These acts cannot be eliminated, so you must harden your network security to prevent them from affecting you." from Microsoft's MCSA/MCSE Security for Windows 2000 Network manual. A computer's role on the network determines which of three IPSec negotiation methods should be used. Secure servers should require security, standard servers should request security, and clients should respond to security requests.
IPSec is incompatible with Network Address Translation (NAT). NAT is widely deployed at the boundary between private networks and the public Internet, so it's likely that you won't be able to create IPSec connections that go from the private to a public network. Clever planning and security design will be required to solve problems like these.
IMPORTANT
Even though exploiting dial-in and wireless servers for free Internet
access is relatively harmless for your network, that doesn't mean that it's not a security issue. If hackers used your Internet connection to perpetrate an illegal attack against a third party, your IP addresses and network would appear in the audit logs of the attacked party and could make you or your company liable for the damages incurred.Spam E-mail Never buy anything advertised in spam. Companies use spam because people respond to the advertisements. The U.S. Federal Trade Commission (FTC) would like to know if you receive spam. They ask you to send a copy of unwanted or deceptive messages to uce@ftc.gov. The FTC stores these messages in a database and pursues law enforcement actions against the people who send them. You can also file online complaints about spam messages, including problems with unsubscribe functions, to the FTC through their Web site at http://www.ftc.gov. (Excellent web site with many resources.)
Remember: If the spam sender is not a reputable business, "unsubscribe" will only confirm to the spammer that your e-mail address is a working address and can now be resold as part of a new list of verified e-mail addresses. The MCSE: Security and CompTIA Security+ courses make reference to RFC (Request for Comment), NIST (National Institute for Standards and Technology), and CC (Common Criteria) documents which supplement the topic being discussed. Unless otherwise noted, these documents can be found at the following Web sites: NIST: http://www.csrc.nist.gov/publications RFC: http://www.icann.rfceditor.org A list of IP versions can be found at the Internet Assigned Numbers Authority (IANA) Web site at http://www.iana.org/assignments/version-numbers. Assigned port numbers for well-known ports, registered ports, dynamic ports, and private ports can be found at http://www.iana.org/cgi-bin/sys-port-number.pl. RSA Security Web site at http://www.rsasecurity.com, and in RFC 1320 and RFC 1321. (RFC articles can be found at http://www.icann.rfceditor.org.) More information on the DES, 3DES, and AES algorithms can be found at http://www.csrc.nist.gov/encryption/tkencryption.html. RFC 2459 defines the X.509 PKI, which is the PKI defined for use on the Internet. It is comprised of certificates, certification authorities (CAs), certificate management tools, and certificate-enabled applications The National Institute of Standards and Technology (NIST) has written SP 800-24, "PBX Vulnerability Analysis" which describes PBX hacking and security measures. (NIST articles can be found at http://csrc.nist.gov/publications.) Microsoft Security Glossary, Example: denial of service attack (DoS)
An attempt by a malicious (or unwitting) user, process, or system to prevent legitimate users from accessing a resource (usually a network service) by exploiting a weakness or design limitation in an information system. Examples of DoS attacks include flooding network connections, filling disk storage, disabling ports, or removing power. Cyclic Redundancy Check -- More information about the CRC used in network layer communications can be found at the International Telecommunication Union (ITU) Web site at http://www.itu.int. More Security Info
To learn more about "The Ten Immutable Laws of Security" visit http://www.microsoft.com/technet and search for that title. Recently located here: http://www.microsoft.com/technet/archive/community/columns/security/essays/10salaws.mspx
More information on WAP can be found at the Open Mobile Alliance Web site at http://www.wapforum.org. For more information on potential Web server exploits, check-out The World Wide Web Security FAQ maintained by the World Wide Web Consortium (W3C) at http://www.w3.org/Security/Faq. |
|
