Linux Web and FTP Server

Configuring the PureFTPd Server

Strictly speaking, the actual configuration of the PureFTPd server is made purely via command line parameters passed when the server is started. The configuration file etc pure-ftpd.conf cannot overwrite any values here. It is evaluated by a Perl script, which creates the corresponding command line parameters from it. These are passed to the program when it starts. The FTP server can either run as an independent service or be started via the inetd . If PureFTPd should be started directly, this...

IP Address Based Virtual Web Servers

The disadvantage of name-based virtual web servers is that only browsers that support HTTP 1.1 will recognize these servers. If older browsers should be supported, the virtual servers must be IP address-based. This requires an individual IP address for each of the virtual web servers. Until IPv6 is implemented, available IP addresses will remain in short supply, so the overwhelming majority of virtual web servers are name-based. IP-based virtual web servers can also be installed on a machine...

FTP Clients

There are many types of FTP clients command-line clients (such as ftp) and clients with convenient graphical interfaces (e.g., xftp). The advantage of command-line FTP clients is their flexibility, allowing the transfer of entire directory trees to be automated, for example. The standard FTP client is the ftp program, package lukemftp. The program accepts the name of the FTP server as an argument. The most important command is, as always, the help command, which is simply called help. In...

Configuring Anonymous FTP

In PureFTPd, a prerequisite for anonymous FTP is the existence of the user ftp and his home directory specified in the file etc passwd, for example, srv ftp . In contrast to some other FTP servers, however, there do not need to be any subdirectories in this directory, such as bin. A simple configuration ( etc pure-ftpd.conf) could look like this Configuration file for pure-ftpd wrappers If you want to run Pure-FTPd with this configuration instead of command-line options, please run the...

Configuring FTP with Authorized Users

This use of the FTP server is important for those who are hosting web sites. Individual customers maintain their own pages in directories to which they alone may have access. The configuration in which no anonymous FTP access is allowed and where all users are trapped in their home directory could look like this The corresponding command on the command line is If the above configuration is to be modified so that certain users are not held in a chroot environment (for example, members of a group...

Access Control Through Authentication

For authentication, the client sends a user ID and a password to the server. The server compares the data with the entries in a file then permits or denies access. Each user ID and password combination is valid only for a specific area, defined when the password is set. The server requests a user ID and a password for this area. If the client (web browser) already has this information (from a previous login to this area), it sends it to the server. If not, it requests the user to enter the...

A24 The Local Packet Filter Configuration

The local packet filter configuration is set in the configuration file for the SuSE Firewall script, etc sysconfig SuSEfirewall2. The exact descriptions of what each variable does are contained in the file itself in the form of comments, so normally they do not need to be looked up separately. It is highly recommended, however, that you research the SuSE Firewall script using the documentation installed in _DEV_EXT eth0 Question Nr. _SERVICES_EXT_TCP www https With this, the web server from the...

Encryption with RSA

Most of the time when data is transmitted across a network in encrypted form, this is done with RSA keys. This method is used, for example, by the encryption software PGP (Pretty Good Privacy to encrypt e-mails, by ssh (Secure Shell) for encrypted data transfer between two computers, or by Apache-SSL or mod_ssl for secure data transmission between web server and web browser. This encryption is based on two different keys a private key and a public key. While the private key is known only to the...

Creating a Genuine SSL

To create a key pair, a file is needed with as many random numbers as possible. Such a file can be generated with the command earth cat dev random > random This procedure must be stopped with (Ctrl) + ((. The file generated should be at least a thousand bytes in size. Using the file, which here is called random, and the option genrsa, the key pair can now be generated earth openssl genrsa -des3 -out server.key -rand random 1024 The option -des3 ensures that the private key generated is...

Creating a Self Signed Certificate

Create your own certificate with the command earth openssl req -new -x509 -key server.key -out server.crt The dialog for generating the certificate could look like this Using configuration from usr ssl openssl.cnf Enter PEM pass phrase You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there...

The Role of a Proxy Server

The connection of a local area network (LAN) to the Internet incurs certain risks. Not only can users access computers in the Internet from the LAN, but Internet computers can access computers in the local network. The system administrator must ensure security by limiting connections from outside to a minimum and by regulating access from the LAN to the Internet. The latter is important for two reasons on the one hand, intensive use of the Internet can cost the company a lot of money and, on...

Virtual Web Servers

Using Apache as a web server allows you to have many virtual web servers running on one computer. Depending on the name the web server is addressed with, different pages will be displayed. For this purpose, the relevant entries must be inserted into the Section 3 Virtual Hosts in the configuration file etc httpd httpd.conf. The names of the virtual web servers must be known to the DNS server. Virtual web servers can be implemented in two ways either name-based or IP address-based. Attention As...

The Apache Web Server 121 Files

The web server files are located in the following directories (and their subdirectories) etc httpd Configuration files srv www httpd Documents the web server provides (including all accompanying files) The central configuration file for the web server is etc httpd httpd.conf. For this to be started automatically when the computer is booted, the command earth insserv etc init.d apache The web server can also be started manually the command rcapache (or etc init.d apache) has the following...

Basic Settings

Apart from directly editing etc httpd httpd.conf, SuSE Linux Enterprise Server provides the possibility of handling the configuration by using the file etc sysconfig apache then running SuSEconfig. In this case, the file etc httpd httpd.conf will be modified according to the specifications in etc sysconfig apache. Both procedures are described below. The file etc sysconfig apache enables the configuration of various web server settings. If these options are not sufficient for the planned...

Cache Hierarchy Configuration

A cache hierarchy is configured in the second group of the etc squid squid.conf configuration file. The most important options are cache_peer Defines other cache servers in a hierarchy. The parameters after the keyword are the name and type (parent or sibling) of the cache and the port numbers for HTTP and ICP. If the defined cache server does not support ICP, the value 7 should be set for the ICP_port. In addition, further options can be set. Syntax cache_peer < host> < type> <...

Analyzing the Log Files with calamaris

A Perl script called calamaris can be used to analyze the Squid ( var log squid access.log) log file. You can find further information at the calamaris web site at http calamaris.cord.de. This script produces a statistical analysis of the requests and accesses. The analysis can be produced in ASCII or in HTML format. calamaris has a wide range of options affecting the contents of the analysis. The most important options are -a Perform all available analyses corresponds to a combination of the...

Access Control Lists

An ACL definition has the following syntax The keyword acl must always be present, followed by a unique name for this definition. The name of a file (in quotes and including the absolute path), containing one definition per line, can be used instead of the parameter list. acl name type path filename This is particularly useful for large lists (see Chapter 2.5 on page 49). The ACL type may be defined with one of the following expressions src Describes the client IP addresses from which a...