Difference between revisions of "Web2 Setup Process"

From CSLabsWiki
m (first draft - configs need to be added & any missing steps)
 
m (removed steps that are going to be part of the Ubuntu 8.04 Generic VM instructions)
Line 70: Line 70:
 
%sudo ALL=(ALL) ALL
 
%sudo ALL=(ALL) ALL
 
%admins ALL=(root) ALL, !SHELLS, !HTTP
 
%admins ALL=(root) ALL, !SHELLS, !HTTP
</pre></code>
 
 
===Configured Networks===
 
*Configured hostname in <code>/etc/</code>
 
<code><pre>
 
 
</pre></code>
 
 
 
====Configured Hosts====
 
*Edited <code>/etc/hosts</code>
 
<code><pre>
 
 
</pre></code>
 
 
====Configured DNS Servers====
 
*Edited <code>/etc/resolv.conf</code>
 
<code><pre>
 
search cslabs.clarkson.edu
 
nameserver 128.153.0.254
 
nameserver 128.153.5.254
 
 
</pre></code>
 
</pre></code>
   
Line 100: Line 79:
 
</pre></code>
 
</pre></code>
   
===Configured SSH===
+
===Set Up SSH Login Banner===
*Edited <code>/etc/ssh/sshd_config</code>
 
<code><pre>
 
Due to the sensitivity of this material, this config file has been left off.
 
</pre></code>
 
*Restarted sshd
 
**<code>/etc/init.d/sshd restart</code>
 
 
====Set Up SSH Login Banner====
 
 
*Edited <code>/etc/issue.net</code>
 
*Edited <code>/etc/issue.net</code>
 
<code><pre>
 
<code><pre>
Line 123: Line 94:
   
 
</pre></code>
 
</pre></code>
 
===Configured Aliases===
 
*Edited <code>/etc/aliases</code>
 
<code><pre>
 
 
</pre></code>
 
 
*Updated aliases
 
**<code>/usr/bin/newaliases</code>
 
   
 
==Installed Apache==
 
==Installed Apache==

Revision as of 13:12, 17 August 2009


This page summarizes how the virtual machine Web2 was set up in Summer 2009.

Install

Configuration

Updated System

  • apt-get update && apt-get upgrade

Created User

  • Created user mccarrms
    • /usr/sbin/useradd -m mccarrms
  • Set password for mccarrms
    • passwd mccarrms

Configured Sudo

  • /usr/sbin/visudo
## Sudoers allows particular users to run various commands as
## the root user, without needing the root password.

## Networking
Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool

## Installation and management of software
Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum

## Services
Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig

## Updating the locate database
Cmnd_Alias LOCATE = /usr/sbin/updatedb

## Storage
Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount

## Delegating permissions
Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp, /usr/bin/sudoedit

## Processes
Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall

## Drivers
Cmnd_Alias DRIVERS = /sbin/modprobe

## Shells
Cmnd_Alias SHELLS = /bin/sh, /bin/bash, /usr/bin/rsh, /bin/dash, /bin/rbash, /bin/su

## Users
Cmnd_Alias USERS = /usr/sbin/useradd, /usr/sbin/userdel, /usr/sbin/userhelper, /usr/sbin/usermod, /usr/sbin/usernetctl, /usr/bin/passwd

## HTTP
Cmnd_Alias HTTP = /etc/init.d/httpd restart, /etc/init.d/httpd stop, /etc/init.d/httpd condrestart

Defaults    requiretty

Defaults    env_reset,tty_tickets,lecture=always,logfile=/var/log/sudo.log
Defaults    env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR \
                        LS_COLORS MAIL PS1 PS2 QTDIR USERNAME \
                        LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION \
                        LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC \
                        LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS \
                        _XKB_CHARSET XAUTHORITY"

## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
%sudo   ALL=(ALL)       ALL
%admins ALL=(root) ALL, !SHELLS, !HTTP

Configured IPtables

Due to the sensitivity of this material, this config file has been left off; however, the following rules are needed.

#####################-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

Set Up SSH Login Banner

  • Edited /etc/issue.net
             __   ___ 
 _    _____ / /  |_  |
| |/|/ / -_) _ \/ __/ 
|__,__/\__/_.__/____/ 
                      

Configured Password Requirements

  • Edited /etc/login.defs

Installed Apache

  • Installed httpd, php, etc.
    • apt-get install apache2 php5 libapache2-mod-php5 mysql-client php5-mysql
  • Modified /etc/apache2/

  • Created /etc/apache2/sites-enabled/

  • Configured server so php is not exposed and y2k compliance is off
    • Edited ####################/etc/##############php.ini
y2k_compliance = Off
expose_php = Off
  • Started Apache
    • /etc/init.d/apache2 start

Virtual Host Notes

  • A group must be created for each virtual host and the virtual host html root must be owned by that group.
  • The setgid bit should be set on each of the virtual host html roots. This can be done by using the following command: chmod g+s <vhost>_www/