Web2 Setup Process

From CSLabsWiki
Revision as of 13:12, 17 August 2009 by Mccarrms (talk | contribs) (removed steps that are going to be part of the Ubuntu 8.04 Generic VM instructions)


This page summarizes how the virtual machine Web2 was set up in Summer 2009.

Install

Configuration

Updated System

  • apt-get update && apt-get upgrade

Created User

  • Created user mccarrms
    • /usr/sbin/useradd -m mccarrms
  • Set password for mccarrms
    • passwd mccarrms

Configured Sudo

  • /usr/sbin/visudo
## Sudoers allows particular users to run various commands as
## the root user, without needing the root password.

## Networking
Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool

## Installation and management of software
Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum

## Services
Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig

## Updating the locate database
Cmnd_Alias LOCATE = /usr/sbin/updatedb

## Storage
Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount

## Delegating permissions
Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp, /usr/bin/sudoedit

## Processes
Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall

## Drivers
Cmnd_Alias DRIVERS = /sbin/modprobe

## Shells
Cmnd_Alias SHELLS = /bin/sh, /bin/bash, /usr/bin/rsh, /bin/dash, /bin/rbash, /bin/su

## Users
Cmnd_Alias USERS = /usr/sbin/useradd, /usr/sbin/userdel, /usr/sbin/userhelper, /usr/sbin/usermod, /usr/sbin/usernetctl, /usr/bin/passwd

## HTTP
Cmnd_Alias HTTP = /etc/init.d/httpd restart, /etc/init.d/httpd stop, /etc/init.d/httpd condrestart

Defaults    requiretty

Defaults    env_reset,tty_tickets,lecture=always,logfile=/var/log/sudo.log
Defaults    env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR \
                        LS_COLORS MAIL PS1 PS2 QTDIR USERNAME \
                        LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION \
                        LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC \
                        LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS \
                        _XKB_CHARSET XAUTHORITY"

## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
%sudo   ALL=(ALL)       ALL
%admins ALL=(root) ALL, !SHELLS, !HTTP

Configured IPtables

Due to the sensitivity of this material, this config file has been left off; however, the following rules are needed.

#####################-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

Set Up SSH Login Banner

  • Edited /etc/issue.net
             __   ___ 
 _    _____ / /  |_  |
| |/|/ / -_) _ \/ __/ 
|__,__/\__/_.__/____/ 
                      

Configured Password Requirements

  • Edited /etc/login.defs

Installed Apache

  • Installed httpd, php, etc.
    • apt-get install apache2 php5 libapache2-mod-php5 mysql-client php5-mysql
  • Modified /etc/apache2/

  • Created /etc/apache2/sites-enabled/

  • Configured server so php is not exposed and y2k compliance is off
    • Edited ####################/etc/##############php.ini
y2k_compliance = Off
expose_php = Off
  • Started Apache
    • /etc/init.d/apache2 start

Virtual Host Notes

  • A group must be created for each virtual host and the virtual host html root must be owned by that group.
  • The setgid bit should be set on each of the virtual host html roots. This can be done by using the following command: chmod g+s <vhost>_www/