Mājas Darbs #2 Rezultāti Pārbaudīts tika ar Ubuntu 5.10 Teksts aiz echo jaliek pedinas, ja ir () u.c. AWK nepazīst dažas atslēgas (--assign) Komandai mv otrais arg tikai direktorija Jānorāda “grep moveme dir/*” DOS rindiņas beigas cat 3.sh | perl -pe 's/\n\r /\n/' > temp 3.sh Create script, that will take 2 arguments: 3.sh <directory> <destination> Search the files in <directory> for substring “moveme” in the file content Move those files that contain the string to directory <destination> On the standard output, output two lines: On first line, output the total number of lines that matched On second line, output the total number of files moved Elegantākais 3.uzd risinājums #!/bin/bash mv `grep -l moveme $1/*` $2 grep moveme $2/* | wc -l grep -l moveme $2/* | wc -l Mazais Mājas Darbs #3a Termiņš: 4.maijs, 2006 Mazais mājas darbs #3a Iegūt apstiprinātu BalticGrid sertifikātu, kas būs nepieciešams Lielajam mājas darbam #3b Izpildes termiņš: 4 maijs, 2006 Vēlāk netiks pieņemts, jo tikai sertificētie tiks pievienoti BalticGrid VO un saistītajām sistēmām, kas būs nepieciešamas md#3b Iesniegšanas forma: savu (publisko) BalticGrid sertifikātu atsūtīt uz [email protected], Subj: MD3a Informācija: http://grid.lumii.lv/section/show/12 Domain of the Institution (domain.zz): lumii.lv Common Name (John Smith): Janis Berzins Certification Procedure Creating a Certification Request BalticGridCA-user.cnf # # OpenSSL configuration file for generating certificate requests for Baltic Grid CA. # # This definition stops the following lines choking if HOME isn't # defined. HOME = . ###RANDFILE = $ENV::HOME/.rnd [ req ] default_bits = 1024 default_keyfile = userkey.pem default_md = sha1 distinguished_name = req_distinguished_name string_mask = nombstr [ req_distinguished_name ] 0.domainComponent 0.domainComponent_default 1.domainComponent 1.domainComponent_default organizationalUnitName commonName commonName_max = = = = Domain Component org Domain Component balticgrid = Domain = Common = 64 # which md to use. (org) (BalticGrid) of the Institution (domain.zz) Name (John Smith) -----BEGIN RSA PRIVATE KEY----Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,C280CE744C634255 Result BrT3IotvrbcpTVeqKssGQnpx2dcnqqGIRb0Jt8pJEUjTX24IsdAg+LxOUEJ70y1a aXMgQmFyemRpbnMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANepPbidunic 4dq8iKj1eEDlicCZ51cKX43Hn17Ca+IKvS7cTBavbFicm6mkfNoCO+erZWL3nlrh GXuhUyCHZJctA9Fu37II3ik7SZe6LahCKu55ZrCP9bEXucvQ7giI2FUcgvjEcK/I 9+NnO+chkJwCTafa32SxZsG7MOnwv14XAgMBAAGgADANBgkqhkiG9w0BAQUFAAOB gQC8oV1AQv1jj2D3gb0aBUwA1CaVqJN+bq2wwmeQSP1+rJXicSlfpIEqI8TwoT6F vEt2EnPAtbXpWMjFtbuM816+tEdkrGLw0wfHdlTCwswcRtHn3QVl4jxA/wReb+CY GXuhUyCHZJctA9Fu37II3ik7SZe6LahCKu55ZrCP9bEXucvQ7giI2FUcgvjEcK/I 9+NnO+chkJwCTafa32SxZsG7MOnwv14XAgMBAAGgADANBgkqhkiG9w0BAQUFAAOB gQC8oV1AQv1jj2D3gb0aBUwA1CaVqJN+bq2wwmeQSP1+rJXicSlfpIEqI8TwoT6F vEt2EnPAtbXpWMjFtbuM816+tEdkrGLw0wfHdlTCwswcRtHn3QVl4jxA/wReb+CY l/OAjuw1hvqYG6ZY6n5zmxZsCnViLMIItW2NMJGBR43CrtJuUHly13hf3eTZiIZq GVjHrRPzj8GC6AOBzQ9KkG/Gcale4ALU1czmSIjwAABL1DNUc8nF/w== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE REQUEST----MIIBnjCCAQcCAQAwXjETMBEGCgmSJomT8ixkARkWA29yZzEaMBgGCgmSJomT8ixk ARkWCmJhbHRpY2dyaWQxETAPBgNVBAsTCGx1bWlpLmx2MRgwFgYDVQQDEw9HdW50 aXMgQmFyemRpbnMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANepPbidunic 4dq8iKj1eEDlicCZ51cKX43Hn17Ca+IKvS7cTBavbFicm6mkfNoCO+erZWL3nlrh GXuhUyCHZJctA9Fu37II3ik7SZe6LahCKu55ZrCP9bEXucvQ7giI2FUcgvjEcK/I 9+NnO+chkJwCTafa32SxZsG7MOnwv14XAgMBAAGgADANBgkqhkiG9w0BAQUFAAOB gQC8oV1AQv1jj2D3gb0aBUwA1CaVqJN+bq2wwmeQSP1+rJXicSlfpIEqI8TwoT6F vEt2EnPAtbXpWMjFtbuM816+tEdkrGLw0wfHdlTCwswcRtHn3QVl4jxA/wReb+CY CSSIx0n3iP6KFP7PMzqLMiGm4jbUVoDiA6ZfKq1HAqPHig== -----END CERTIFICATE REQUEST----- Certificate: Data: Version: 3 (0x2) Serial Number: 13 (0xd) Signature Algorithm: sha1WithRSAEncryption Issuer: O=BalticGrid, CN=Baltic Grid Certification Authority Validity Not Before: Mar 24 12:30:32 2005 GMT Not After : Mar 24 12:30:32 2006 GMT Subject: O=BalticGrid, OU=latnet.lv, CN=Guntis Barzdins Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:c1:54:28:7c:de:67:95:b0:7b:53:24:85:a1:c4: dd:b3:b3:12:b4:06:c4:b0:13:93:c0:5b:ad:2a:ad: 0a:8a:6c:d7:f3:c1:65:d5:1a:3f:f2:e8:ed:da:37: a0:52:e0:05:17:3f:ee:45:91:a8:07:8d:8f:7f:96: aa:fc:7c:4f:27:c6:fc:82:b8:89:54:42:60:ea:18: ff:fa:a4:1e:f7:00:22:66:b2:5b:bb:85:c9:a8:12: 87:f3:6f:96:c2:05:c8:a0:eb:9c:54:03:f1:05:c3: f4:27:ab:6b:30:47:dd:4b:12:b8:21:d9:25:fe:e6: 68:70:23:ae:35:15:80:b5:e7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment X509v3 Subject Key Identifier: B3:0B:DD:96:09:86:37:1F:CF:5D:D5:78:5B:6D:AB:6F:D0:BC:5A:24 X509v3 Authority Key Identifier: keyid:24:4E:75:31:6A:6C:DF:AA:4D:AD:C6:34:39:23:5F:18:DB:17:47:86 DirName:/O=BalticGrid/CN=Baltic Grid Certification Authority serial:00 X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.19974.11.1.0.1 X509v3 Issuer Alternative Name: URI:http://grid.eenet.ee/BalticGridCA/ Signature Algorithm: sha1WithRSAEncryption 67:e8:50:7d:28:84:d7:cb:88:de:4a:14:da:f4:09:16:05:38: 4a:55:23:11:b5:87:77:05:7d:07:d8:1c:03:45:19:6f:6f:97: ef:7d:1b:c8:7f:29:98:c5:d8:35:cf:2e:2e:b2:16:7e:19:8c: 3c:32:79:2d:ed:9a:7b:50:e3:26:df:79:59:84:8f:c6:34:d4: 3a:c1:65:5b:79:2e:6e:eb:62:50:2f:0a:47:00:08:54:ee:54: 6d:91:9f:ff:58:f0:b5:79:aa:68:12:e9:2c:15:9d:06:41:3b: 3f:29:4b:ba:be:e1:ef:e1:aa:7c:83:5b:be:3a:e1:16:5f:02: 65:70:c6:7d:15:7b:e0:43:3e:f9:c1:b3:96:80:fb:a0:aa:a8: 83:79:0e:0b:87:b7:09:b6:60:6d:64:2c:de:de:c3:1c:4c:cc: e5:54:4c:33:26:d9:31:35:29:30:df:8b:7b:e6:a8:31:6e:a4: 57:ef:51:53:6c:df:7b:f6:6d:8e:d0:ad:ba:72:87:17:47:aa: d4:fa:ff:4d:d0:cc:45:a5:28:e5:a3:46:84:cf:c4:4b:94:f8: ba:27:b5:35:e3:79:f8:49:3d:90:b0:41:5d:71:e5:15:6c:25: d3:61:73:31:c8:c5:3d:5e:a1:68:fe:82:9a:4a:0f:ea:5b:13: b4:6a:be:be -----BEGIN CERTIFICATE----MIIDdTCCAl2gAwIBAgIBDTANBgkqhkiG9w0BAQUFADBDMRMwEQYDVQQKEwpCYWx0 aWNHcmlkMSwwKgYDVQQDEyNCYWx0aWMgR3JpZCBDZXJ0aWZpY2F0aW9uIEF1dGhv cml0eTAeFw0wNTAzMjQxMjMwMzJaFw0wNjAzMjQxMjMwMzJaMEMxEzARBgNVBAoT yH8pmMXYNc8uLrIWfhmMPDJ5Le2ae1DjJt95WYSPxjTUOsFlW3kubutiUC8KRwAI VO5UbZGf/1jwtXmqaBLpLBWdBkE7PylLur7h7+GqfINbvjrhFl8CZXDGfRV74EM+ +cGzloD7oKqog3kOC4e3CbZgbWQs3t7DHEzM5VRMMybZMTUpMN+Le+aoMW6kV+9R U2zfe/ZtjtCtunKHF0eq1Pr/TdDMRaUo5aNGhM/ES5T4uie1NeN5+Ek9kLBBXXHl FWwl02FzMcjFPV6haP6CmkoP6lsTtGq+vg== -----END CERTIFICATE----- Sertifikāts Essential Network Deamons Guntis Barzdins Girts Folkmanis, Arnis Sinka Juris Krūmiņš Networking Software Good free implementations for: DNS SMTP sendmail, qmail, postfix, exim POP/IMAP BIND v8/9, djbdns qpopper, uwimapd HTTP Apache PHP, mySQL “If it was hard to develop, it should be hard to install!” Setting Up a Basic Name Server Later versions of BIND use the configuration file /etc/named.conf This file is divided into five sections: options, controls, three different zones and an include line, which refers to the rndc security file A zone is a part of the DNS domain tree for which the DNS server has authority to provide information Zone information is contained in files referred to in named.conf DNS Using DNS system Before Internet network started use DNS system there was hosts files. However there are one main disadvantage of using host file - search time increase exponentially. This is the main reason why Internet network started use DNS system. By the way, DNS system let you use distributed administrative model in order to delegate administrative rights to other people. DNS You can imagine DNS system structure using image below: "." (root) net ru host wsu.ru com edu au .ru domain host gw.wsu.ru host gw1.wsu.ru wsu gw gw1 msu .wsu.ru domain DNS DNS zones com edu gov … terra flora www mfg … ntserver servers Terraflora.com domain mfg.terraflora.com zone terraflora.com zone DNS DNS request: Requred information for DNS requests Making DNS requests DNS requests types: Recursive reuqets Iterative requests DNS IP(crypt.iae.nsk.su) = ? IP(crypt.iae.nsk.su) = ? ada.wsu.ru Root servers Authoritative server for nsk.su - ns.nsk.su server IP(crypt.iae.nsk.su) = ? 212.16.195.98 ns.wsu.ru ns.nsk.su Authoritative server for iae.nsk.su iaebox.iae.nsk.su IP(crypt.iae.nsk.su) = ? iaebox.iae.nsk.su IP(crypt.iae.nsk.su) = 193.124.169.58 IP(crypt.iae.nsk.su) = 193.124.169.58 ada.wsu.ru DNS DNS system planning factors. Number of servers and system platforms Server types: Primary server Secondary servers Cache servers Forward servers Stealth servers DNS DNS database resurce records (RR) DNS database RR forms and types Standart RR DNS database file structure IN-ADDR.ARPA zone for reverse address-toname translation DNS RR format TYPE contain RR type code CLASS contain RR class code TTL contain Time to Live value RDLENGTH – data length RDATA – data 0 1 2 3 4 5 6 7 8 9 NAME TYPE CLASS TTL RDLENGTH RDATA 10 11 12 13 14 15 DNS DNS RR types A NS MX MD MF CNAME SOA WKS SRV TXT PTR … • DNS CLASS types – – – – IN CS CH HS DNS BIND server configuration acl – define access control list in order to control access to server resources Controls – define control channel for rndc control utility. Include - can be used to merge a lot of configuration file in one. Key – use information to check identity using TSIG technology. Logging – use to control logging options of DNS server. Options - different DNS server options. Use mainly for global server configuration. Server - certain server configuration options. trusted-keys - used for DNSSEC protocol to hold trusted keys. View - define view options. Zone – define zone option. DNS Split DNS example: … view "internal" { match-clients { 10.0.0.0 / 8 ; }; recursion yes; zone "example.com" { type master; file "example-internal.db"; }; }; view "external" { match-clients { any; }; recursion no; zone "example.com" { type master; file "example-external.db"; }; }; …. DNS DNS configuration file example: logging { category lame-servers { null; }; }; options { directory "/var/named"; allow-transfer { 195.13.160.52; 195.244.128.2; 10.196.5.130; }; recursive-clients 2000; notify yes; }; acl "internals" { 127.0.0.1; 10.196.0.0/16; 10.1.72.0/24; 10.129.24.0/24; 10.130.24.0/24; }; view "internal" { match-clients { "internals"; }; recursion yes; zone "." IN { type hint; file "named.ca"; }; zone "0.0.127.in-addr.arpa" IN { type master; 1 file "named.local"; allow-update { none; }; }; zone "test.lv" { type master; file "test.lv.zone"; }; }; view "external" { match-clients { any; }; recursion no; zone "." IN { type hint; file "named.ca"; }; zone "test.lv" { type master; file "test.lv.public.zone"; }; }; 2 DNS DNS server database file: $ORIGIN . $TTL 3600 test.lv ; 1 hour IN SOA ns1.test.lv. jurisk.test.lv. ( 2006040301 ; serial 28800 ; refresh (8 hours) 1800 ; retry (5 minutes) 1209600 ; expire (2 weeks) 28800 ; minimum (1 hour) ) NS ns1.test.lv. A 10.196.5.131 MX 10 eproxy.test.lv. MX 20 eproxy1.test.lv. MX 30 eproxy2.test.lv. $ORIGIN test.lv. router A 10.196.5.1 eproxy A 10.196.5.187 eproxy1 A 10.196.5.188 eproxy2 A 10.196.5.189 ns1 A 10.196.5.131 mail CNAME ns1 nais A 10.196.2.11 ; ; test WWW on Lattelekom servers ; www A 81.198.40.10 admin A 81.198.40.10 editor A 81.198.40.10 www A 81.198.40.11 tavro A 81.198.40.10 tekno A 81.198.40.11 $ORIGIN it.test.lv. router A 10.196.5.1 $ORIGIN test.lv. proxy2 A 10.196.5.8 help A 10.196.5.10 ssiahq01 A 10.196.5.31 nw1 A 10.196.5.58 DNS Reverse DNS zone in-addr.arpa $ORIGIN . $TTL 3600 ; 1 hour 5.196.10.in-addr.arpa IN SOA ns1.test.lv. root.ns1.test.lv. ( 2006012401 ; serial 3600 ; refresh (1 hour) 300 ; retry (5 minutes) 3600000 ; expire (5 weeks 6 days 16 hours) 3600 ; minimum (1 hour) ) NS ns1.test.lv. $ORIGIN 5.196.10.in-addr.arpa. 1 PTR router.it.test.lv. 7 PTR instructor.it2.test.lv. 8 PTR proxy2.test.lv. 10 PTR help.test.lv. 31 PTR ssiahq01.test.lv. 58 PTR nw1.test.lv. 60 PTR sandbox.test.lv. 77 PTR rs6000f50.test.lv. 119 PTR risc6000f30.test.lv. Restart named sudo /sbin/service named restart Password: Stopping named: Starting named: [ OK ] $ sudo tail /var/log/messages Jan 28 22:36:22 womnibook named[11333]: loading configuration from '/etc/named.conf' Jan 28 22:36:22 womnibook named[11333]: no IPv6 interfaces found Jan 28 22:36:22 womnibook named[11333]: listening on IPv4 interface lo, 127.0.0.1#53 Jan 28 22:36:22 womnibook named[11333]: listening on IPv4 interface eth0, 192.168.1.74#53 Jan 28 22:36:22 womnibook named[11333]: listening on IPv4 interface eth1, 192.168.2.5#53 Jan 28 22:36:22 womnibook named[11333]: command channel listening on 127.0.0.1#953 Jan 28 22:36:22 womnibook named[11333]: zone johannes.org/IN: loaded serial 142 Jan 28 22:36:22 womnibook named[11333]: running Jan 28 22:36:22 womnibook named[11333]: zone johannes.org/IN: sending notifies (serial 142) Jan 28 22:36:22 womnibook named: named startup succeeded DNS Usefull utilities: Dig Host Nslookup Rndc Named-checkzone Name-checkconfig Using Command-line Utilities Mailservers Maturity Security Features Performance qmail medium high high high Sendmail high low high low Postfix medium high medium high exim medium low high medium Courier low medium high medium Bron: Life with qmail, p. 5 Configuring a Basic Email Server Sendmail is the most widely used email server The sendmail package contains the sendmail daemon Sendmail is started using a script in /etc/rc.d/init.d Sendmail is configured using the file /etc/sendmail.cf Most email administrators prefer to use the m4 program to configure sendmail Email basics Mail Server Mail Server Email database Email database SMTP MTA MDA MTA MDA POP3/IMAP Workstation MUA SMTP Workstation MUA Simplified Mail Transactions Mail User Agent Mail Transport Agent Mail Transport Agent Mail User Agent mbox Mail Delivery Agent Mail Delivery Agent mbox Message composed using an MUA MUA gives message to MTA for delivery If local, the MTA gives it to the local MDA If remote, transfer to another MTA Watching sendmail Work Watching sendmail Work Structure of qmail qmail-smtpd qmail-inject qmail-queue Other incoming mail Incoming SMTP mail qmail-send qmail-rspawn qmail-lspawn qmail-remote qmail-local Installation qmail and qmail-pop3d tux:~# apt-get update tux:~# apt-get install qmail sh -c "start-stop-daemon --start --quiet --user root \ --exec /usr/bin/tcpserver -- \ 0 pop-3 /usr/sbin/qmail-popup `hostname`.`dnsdomainname` \ /usr/bin/checkpassword /usr/sbin/qmail-pop3d Maildir & Configuration of qmail Configuration stored in /var/qmail/control/ Configure: Relaying Multiple host names Virtual domains Aliases qmail-users Blackhole lists Mailbox formaat The qmail security guarantee In March 1997, I offered $500 to the first person to publish a verifiable security hole in the latest version of qmail: for example, a way for a user to exploit qmail to take over another account. My offer still stands. Nobody has found any security holes in qmail. D.J.Bernstein Principles, sendmail vs qmail Do as little as possible in setuid programs Of 20 recent sendmail security holes, 11 worked only because the entire sendmail system is setuid Only qmail-queue is setuid Its only function is add a new message to the queue Do as little as possible as root The entire sendmail system runs as root Operating system protection has no effect Only qmail-start and qmail-lspawn run as root. Principles, sendmail vs qmail Programs and files are not addresses sendmail treats programs and files as addresses “sendmail goes through horrendous contortions trying to keep track of whether a local user was responsible for an address. This has proven to be an unmitigated disaster” (DJB) qmail programs and files are not addresses “The local delivery agent, qmail-local, can run programs or write to files as directed by ~user/.qmail, but it's always running as that user. Security impact: .qmail, like .cshrc and .exrc and various other files, means that anyone who can write arbitrary files as a user can execute arbitrary programs as that user. That's it.” (DJB) Keep it simple Parsing Limited parsing of strings Minimizes risk of security holes from configuration errors Libraries Avoid standard C library, stdio “Write bug-free code” (DJB) Webmail system (SquirreMail) Mail Server Web server MUA Webmail client (Squirre Mail) MTA Workstation browser Email database Apache what is Apache? Apache’s functionality installing Apache directory structure configuration tools Outline Apache Dynamic Content CGI PHP MySQL If you request an HTML file HTML 1 2 Webserver Browser 4 3 Web server ...is a software program that does the following Accepts requests for web pages from a browser. Looks for the requested pages on the server hard drive. Sends a copy of the the requested web page to the browser. A web server can only serve HTML and jpg/gif files In our case, we use a very popular web server called Apache. Apache open-source very popular (more than 67% of the web sites) highly configurable and extensible with third-party modules runs on many operating systems (most of the Unix) is actively being developed Apache functionality DBM databases for authentication customized responses to errors and problems unlimited flexible URL rewriting and aliasing Virtual Hosts Configurable Reliable Piped Logs Apache modules (1) mod_access Access control based on client hostname or IP address mod_alias Mapping different parts of the host filesystem in the document tree, and URL redirection mod_auth User authentication using text files mod_autoindex Automatic directory listings mod_cgi Invoking CGI scripts Apache modules (2) mod_include Server-parsed documents mod_mime Determining document types using file extensions mod_proxy Caching proxy abilities mod_rewrite Powerful URI-to-filename mapping using regular expressions mod_usertrack User tracking using Cookies mod_vhost_alias Support for dynamically configured mass virtual hosting Apache modules (3) mod_ssl This module provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols by the help of the Open Source SSL/TLS toolkit OpenSSL. Requires Apache 1.3.x and OpenSSL 0.9.x Private and Public keys Thawte (www.thawte.com), Versisign (www.verisign.com) Installing Apache Unix binary package RPM DEB Source Windows (MSI Installer) Installing Apache $ ./configure --prefix=/usr/local/apache $ make $ make install $ /usr/local/apache/bin/apachectl start Installing Apache ./configure –help --show-layout --with-layout=GNU Use GNU style directory layout --enable-suexec show GNU style directory layout Enable suEXEC support for CGI and SSI --add-module=/path/to/mod_foo.c compiles, installs and adds module as a Dynamic Shared Object Testing Apache installation arnis@perkons:~$ ps aux | grep apache root 289 0.0 0.2 8400 2564 ? Ss Nov15 0:02 /usr/local/apache/bin/httpd root 307 0.0 0.1 8764 1480 ? Ss Nov15 0:00 /usr/local/apache-ssl/bin/httpd -DSSL apache- 315 0.0 0.1 14768 1580 ? S Nov15 0:27 /usr/local/apache-ssl/bin/httpd -DSSL apache- 13822 0.0 0.2 15224 2644 ? S Nov15 0:26 /usr/local/apache-ssl/bin/httpd -DSSL apache 11290 0.0 0.3 16856 3112 ? S Nov17 0:31 /usr/local/apache/bin/httpd apache 498 0.2 0.8 12596 8484 ? S Nov18 8:54 /usr/local/apache/bin/httpd .... Testing Apache installation Apache directory layout Debian /etc/init.d/apache /etc/apache Apache configuration files /var/www Apache control script Default Document Root /usr/lib/cgi-bin Default script directory Apache directory layout (2) /var/log/apache /usr/sbin htpasswd, htdigest, dbmmanage /usr/lib/apache/1.3 rotatelogs, ab (Apache Benchmark) /usr/bin log files (access.log, error.log) Apache modules /usr/lib/apache/suexec Apache directory layout (3) Slackware /usr/local/apache /usr/local/apache/conf /usr/local/apache/htdocs /usr/local/apache/cgi-bin /var/log/apache /usr/local/apache/bin Apache access log LogFormat "%v %h %l %u %t \"%r\" %>s %b" common CustomLog /usr/local/apache/logs/access_log common %v – virtual host %h – remote host %u – user %t - time %r – HTTP request %>s – status code %b – size www.atlants.lv 159.148.85.46 - - [21/Nov/2004:17:23:36 +0200] "GET /index.php?m=5 HTTP/1.1" 200 32257 Apache error log ErrorLog /usr/local/apache/logs/error_log LogLevel warn [Sun Nov 21 09:13:42 2004] [error] PHP Fatal error: Call to undefined function PN_DBMsgError() in /home/msaule/public_html/referer. php on line 85 [Sun Nov 21 12:41:09 2004] [error] [client 81.198.145.117] File does not exist: /home/sms/public_html/favicon.ico php on line 85 [Sun Nov 21 13:02:50 2004] [error] [client 66.249.66.173] File does not exist: /home/code/public_html/robots.txt [Sun Nov 21 13:08:26 2004] [error] [client 81.198.176.114] File does not exist: /home/refuser2/public_html/_vti_bin/owssvr.dll [Sun Nov 21 13:08:26 2004] [error] [client 81.198.176.114] File does not exist: /home/refuser2/public_html/MSOffice/cltreq.asp [Sun Nov 21 13:09:07 2004] [error] [client 81.198.176.114] File does not exist: /home/refuser2/public_html/_vti_bin/owssvr.dll [Sun Nov 21 13:09:07 2004] [error] [client 81.198.176.114] File does not exist: /home/refuser2/public_html/MSOffice/cltreq.asp Apache configuration Edit httpd.conf Check configuration “apachectl configtest” Restart Apache Check changes http://httpd.apache.org/docs/ Apache configuration Virtual host <VirtualHost *> ServerName www.jrt.lv ServerAlias www.jrt.com CustomLog /usr/local/apache/logs/jrt_access_log common ErrorLog /usr/local/apache/logs/jrt_error_log DocumentRoot /home/jrt/public_html </VirtualHost> Apache configuration .htaccess AuthType Basic AuthUserFile /home/someuser/passwd AuthName "Admin" require valid-user htpasswd htpasswd -c <password file> <username> user1:Y90u499mUj6xE user2:DOrWgcNwzaQUQ Apache2 Unix Threading New Build System Multiprotocol Support New Apache API IPv6 Support Filtering Multilanguage Error Responses Regular Expression Library Updated Dynamic content HTML & Scripts 1 Browser 2 6 Webserver 5 4 Script Engine (PHP, Perl, ...) 3 Dynamic content Scripting engine CGI PHP Apache module vs. CGI Dynamic content Apache only sends content to the user What if I need some resources/information from server Send e-mail Store some information in file (guestbook) Execute unix applications And much more... We need programming language Dynamic content Script engine is a software program that does the following: Accepts scripts passed along from the web server that are of the non-HTML type. Processes these scripts. Returns the result of this processing to the web server. Dynamic content Two ways how to server dynamic content CGI Apache module Many programming languages to use PHP, Perl, Python, C, C++, shell scripts ... Common gateway interface (CGI) A standard for running external programs from a World-Wide Web HTTP server. CGI specifies how to pass arguments to the executing program as part of the HTTP request. It also defines a set of environment variables. Commonly, the program will generate some HTML which will be passed back to the browser but it can also request URL redirection. CGI example Shell script #!/bin/bash echo "Content-type: text/plain" echo "" echo "Hello world!" echo "Today is:" `date` CGI example (2) Perl script #!/usr/bin/perl print "Content-type: text/plain\n\n"; print "Hello world!\n"; print "Today is: " . localtime() . "\n"; Apache modules mod_perl mod_perl brings together the full power of the Perl programming language and the Apache HTTP server. You can use Perl to manage Apache, respond to requests for web pages and much more. mod_php PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML mod_python, OpenASP Module, ... PHP What is PHP? Installing PHP Configuring PHP PHP: Hypertext Preprocessor (PHP) <html> <head> <title>Example</title> </head> <body> <?php echo "Hi, I'm a PHP script!"; ?> </body> </html> Pros PHP easy to learn ideal for small projects widely used no strong typing Cons no strong typing code maintenance interpreted language executes in the Web server process Installing PHP Server-side scripting Command line scripting Client-side GUI applications Installing PHP Gentoo # emerge \<apache-2 # USE="-*" emerge php mod_php # ebuild /var/db/pkg/dev-php/mod_php-<your PHP version>/mod_php-<your PHP version>.ebuild config # nano /etc/conf.d/apache Add "-D PHP4" to APACHE_OPTS # rc-update add apache default # /etc/init.d/apache start Installing PHP Source instalation Install PHP ./configure --with-mysql --with-apxs=/www/bin/apxs make make install cp php.ini-dist /usr/local/lib/php.ini Edit your httpd.conf to load the PHP module. LoadModule php4_module libexec/libphp4.so AddModule mod_php4.c AddType application/x-httpd-php .php .phtml Restart Apache PHP Configuration php.ini read once at web server startup ; any text on a line after an unquoted semicolon (;) is ignored [php] ; section markers (text within square brackets) are also ignored ; Boolean values can be set to either: ; true, on, yes ; or false, off, no, none register_globals = off track_errors = yes ; you can enclose strings in double-quotes PHP Configuration php.ini directives max_execution_time = 30 ; Maximum execution time of each script, in seconds max_input_time = 60 ; Maximum amount of time each script may spend parsing request data memory_limit = 8M ; Maximum amount of memory a script may consume (8MB) ; - Show all errors except for notices and coding standards warnings error_reporting = E_ALL & ~E_NOTICE & ~E_STRICT display_errors = Off log_errors = On error_log = filename PHP Configuration Apache configuration file <VirtualHost 10.10.10.10> DocumentRoot /home/someuser/public_html ServerName www.somesite.lv <Directory /home/someuser/public_html/> php_admin_value open_basedir /home/someuser/:/tmp/:/usr/share/pear/ php_value auto_prepend_file /home/someuser/includes/default.inc php_value upload_max_filesize 10M </Directory> </VirtualHost> PHP Configuration .htaccess file AddType application/x-httpd-php .php3 php_value include_path .:/home/someuser/includes:/home/someuser/public_html php_flag register_globals Off PHP scripts <? ini_set("display_errors", "true"); ini_set("error_log","/home/someuser/log/php.log"); ... Apache module vs. CGI Apache module Good performance One user for all websites Other user’s source files can be accessed PHP safe_mode CGI New process each time suEXEC – each website under its own user fastCGI Apache, PHP and MySQL HTML & PHP 2 1 Browser 8 Webserver 7 4 PHP Engine 6 5 MySQL Database Server 3 MySQL About MySQL Installing MySQL MySQL directory structure MySQL commands Some examples PHPMyAdmin MySQL Open source Very fast Stable Easy to use Independant storage engines Can be run with or without transaction control Security SSL support Resources configurable per user basis MySQL 4.x Subqueries New client-server protocol with prepared statements Unicode and UTF-8 support Query cashing Much more... Installing MySQL Binary distribution shell> groupadd mysql shell> useradd -g mysql mysql shell> cd /usr/local shell> gunzip < /path/to/mysql-VERSION-OS.tar.gz | tar xvf shell> ln -s full-path-to-mysql-VERSION-OS mysql shell> cd mysql shell> scripts/mysql_install_db --user=mysql shell> chown -R root . shell> chown -R mysql data shell> chgrp -R mysql . shell> bin/mysqld_safe --user=mysql & Installing MySQL Source distribution shell> groupadd mysql shell> useradd -g mysql mysql shell> gunzip < mysql-VERSION.tar.gz | tar -xvf shell> cd mysql-VERSION shell> ./configure --prefix=/usr/local/mysql shell> make shell> make install shell> cp support-files/my-medium.cnf /etc/my.cnf shell> cd /usr/local/mysql shell> bin/mysql_install_db --user=mysql shell> chown -R root . shell> chown -R mysql var shell> chgrp -R mysql . shell> bin/mysqld_safe --user=mysql & Post-Instalation Procedures Check instalation shell> bin/mysqladmin version Create system tables shell> bin/mysql_install_db --user=mysql Make nessesary databases and users CREATE DATABASE GRANT MySQL directory structure ./ MySQL server control scripts bin/ MySQL server, MySQL client and commandline tools data/ Databases – directories Tables – files (MYD, MYI,FRM) var/log Log files MySQL binaries mysql MySQL client mysqladmin MySQL administration tool mysqldump Tool for creating database dumps MySQL commands CREATE DATABASE <database name> DROP GRANT ALL PRIVILEGES on database.* to user@localhost IDENTIFIED BY ‘password’ Privilege type (ALL, ALTER, CREATE, DELETE, INSERT, SELECT, GRANT, ...) Privilege level (globa, database, table, column) User and host (localhost, IP address, network, %) REVOKE PHP and database example MySQL and SQLite Examples PHPMyAdmin phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web (http://www.phpmyadmin.net/) CREATE/DROP databases CREATE/DROP/ALTER tables Delete/add/edit/search information Execute SQL queries Manage privileges Export data PHP and SQLite example <?php // create new database (OO interface) $db = new SQLiteDatabase("db.sqlite"); // create table foo and insert sample data $db->query("BEGIN; CREATE TABLE foo(id INTEGER PRIMARY KEY, name CHAR(255)); INSERT INTO foo (name) VALUES('Ilia'); INSERT INTO foo (name) VALUES('Ilia2'); INSERT INTO foo (name) VALUES('Ilia3'); COMMIT;"); // execute a query $result = $db->query("SELECT * FROM foo"); // iterate through the retrieved rows while ($result->valid()) { // fetch current row $row = $result->current(); print_r($row); // proceed to next row $result->next(); } // not generally needed as PHP will destroy the connection unset($db); ?> PHP and MySQL example <?php // Connecting, selecting database $link = mysql_connect('mysql_host', 'mysql_user', 'mysql_password') or die('Could not connect: ' . mysql_error()); echo 'Connected successfully'; mysql_select_db('my_database') or die('Could not select database'); // Performing SQL query $query = 'SELECT * FROM my_table'; $result = mysql_query($query) or die('Query failed: ' . mysql_error()); // Printing results in HTML echo "<table>\n"; while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) { echo "\t<tr>\n"; foreach ($line as $col_value) { echo "\t\t<td>$col_value</td>\n"; } echo "\t</tr>\n"; } echo "</table>\n"; // Free resultset mysql_free_result($result); // Closing connection mysql_close($link); ?>
© Copyright 2024