mājas darbs #2 rezultāti. pārbaudīts tika ar ubuntu 5.10 teksts aiz echo jaliek pedinas, ja ir...
TRANSCRIPT
Pārbaudīts tika ar Ubuntu 5.10
Teksts aiz echo jaliek pedinas, ja ir () u.c. AWK nepazīst dažas atslēgas (--assign) Komandai mv otrais arg tikai direktorija Jānorāda “grep moveme dir/*” DOS rindiņas beigas
cat 3.sh | perl -pe 's/\n\r /\n/' > temp
3.sh
Create script, that will take 2 arguments: 3.sh <directory> <destination>
Search the files in <directory> for substring “moveme” in the file content
Move those files that contain the string to directory <destination>
On the standard output, output two lines: On first line, output the total number of lines that matched On second line, output the total number of files moved
Elegantākais 3.uzd risinājums
#!/bin/bashmv `grep -l moveme $1/*` $2grep moveme $2/* | wc -lgrep -l moveme $2/* | wc -l
Mazais mājas darbs #3a
Iegūt apstiprinātu BalticGrid sertifikātu, kas būs nepieciešams Lielajam mājas darbam #3b
Izpildes termiņš: 4 maijs, 2006 Vēlāk netiks pieņemts, jo tikai sertificētie tiks pievienoti BalticGrid VO
un saistītajām sistēmām, kas būs nepieciešamas md#3b Iesniegšanas forma: savu (publisko) BalticGrid sertifikātu
atsūtīt uz [email protected], Subj: MD3a Informācija: http://grid.lumii.lv/section/show/12
Domain of the Institution (domain.zz): lumii.lv Common Name (John Smith): Janis Berzins
BalticGridCA-user.cnf
## OpenSSL configuration file for generating certificate requests for Baltic Grid CA.#
# This definition stops the following lines choking if HOME isn't# defined.HOME = .###RANDFILE = $ENV::HOME/.rnd
[ req ]default_bits = 1024default_keyfile = userkey.pemdefault_md = sha1 # which md to use.distinguished_name = req_distinguished_namestring_mask = nombstr
[ req_distinguished_name ]0.domainComponent = Domain Component (org)0.domainComponent_default = org1.domainComponent = Domain Component (BalticGrid)1.domainComponent_default = balticgridorganizationalUnitName = Domain of the Institution (domain.zz)commonName = Common Name (John Smith)commonName_max = 64
Result-----BEGIN RSA PRIVATE KEY-----Proc-Type: 4,ENCRYPTEDDEK-Info: DES-EDE3-CBC,C280CE744C634255
BrT3IotvrbcpTVeqKssGQnpx2dcnqqGIRb0Jt8pJEUjTX24IsdAg+LxOUEJ70y1aaXMgQmFyemRpbnMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANepPbidunic4dq8iKj1eEDlicCZ51cKX43Hn17Ca+IKvS7cTBavbFicm6mkfNoCO+erZWL3nlrhGXuhUyCHZJctA9Fu37II3ik7SZe6LahCKu55ZrCP9bEXucvQ7giI2FUcgvjEcK/I9+NnO+chkJwCTafa32SxZsG7MOnwv14XAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQC8oV1AQv1jj2D3gb0aBUwA1CaVqJN+bq2wwmeQSP1+rJXicSlfpIEqI8TwoT6FvEt2EnPAtbXpWMjFtbuM816+tEdkrGLw0wfHdlTCwswcRtHn3QVl4jxA/wReb+CYGXuhUyCHZJctA9Fu37II3ik7SZe6LahCKu55ZrCP9bEXucvQ7giI2FUcgvjEcK/I9+NnO+chkJwCTafa32SxZsG7MOnwv14XAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQC8oV1AQv1jj2D3gb0aBUwA1CaVqJN+bq2wwmeQSP1+rJXicSlfpIEqI8TwoT6FvEt2EnPAtbXpWMjFtbuM816+tEdkrGLw0wfHdlTCwswcRtHn3QVl4jxA/wReb+CYl/OAjuw1hvqYG6ZY6n5zmxZsCnViLMIItW2NMJGBR43CrtJuUHly13hf3eTZiIZqGVjHrRPzj8GC6AOBzQ9KkG/Gcale4ALU1czmSIjwAABL1DNUc8nF/w==-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE REQUEST-----MIIBnjCCAQcCAQAwXjETMBEGCgmSJomT8ixkARkWA29yZzEaMBgGCgmSJomT8ixkARkWCmJhbHRpY2dyaWQxETAPBgNVBAsTCGx1bWlpLmx2MRgwFgYDVQQDEw9HdW50aXMgQmFyemRpbnMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANepPbidunic4dq8iKj1eEDlicCZ51cKX43Hn17Ca+IKvS7cTBavbFicm6mkfNoCO+erZWL3nlrhGXuhUyCHZJctA9Fu37II3ik7SZe6LahCKu55ZrCP9bEXucvQ7giI2FUcgvjEcK/I9+NnO+chkJwCTafa32SxZsG7MOnwv14XAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQC8oV1AQv1jj2D3gb0aBUwA1CaVqJN+bq2wwmeQSP1+rJXicSlfpIEqI8TwoT6FvEt2EnPAtbXpWMjFtbuM816+tEdkrGLw0wfHdlTCwswcRtHn3QVl4jxA/wReb+CYCSSIx0n3iP6KFP7PMzqLMiGm4jbUVoDiA6ZfKq1HAqPHig==-----END CERTIFICATE REQUEST-----
Sertifikāts
Certificate: Data: Version: 3 (0x2) Serial Number: 13 (0xd) Signature Algorithm: sha1WithRSAEncryption Issuer: O=BalticGrid, CN=Baltic Grid Certification Authority Validity Not Before: Mar 24 12:30:32 2005 GMT Not After : Mar 24 12:30:32 2006 GMT Subject: O=BalticGrid, OU=latnet.lv, CN=Guntis Barzdins Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:c1:54:28:7c:de:67:95:b0:7b:53:24:85:a1:c4: dd:b3:b3:12:b4:06:c4:b0:13:93:c0:5b:ad:2a:ad: 0a:8a:6c:d7:f3:c1:65:d5:1a:3f:f2:e8:ed:da:37: a0:52:e0:05:17:3f:ee:45:91:a8:07:8d:8f:7f:96: aa:fc:7c:4f:27:c6:fc:82:b8:89:54:42:60:ea:18: ff:fa:a4:1e:f7:00:22:66:b2:5b:bb:85:c9:a8:12: 87:f3:6f:96:c2:05:c8:a0:eb:9c:54:03:f1:05:c3: f4:27:ab:6b:30:47:dd:4b:12:b8:21:d9:25:fe:e6: 68:70:23:ae:35:15:80:b5:e7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment X509v3 Subject Key Identifier: B3:0B:DD:96:09:86:37:1F:CF:5D:D5:78:5B:6D:AB:6F:D0:BC:5A:24 X509v3 Authority Key Identifier: keyid:24:4E:75:31:6A:6C:DF:AA:4D:AD:C6:34:39:23:5F:18:DB:17:47:86 DirName:/O=BalticGrid/CN=Baltic Grid Certification Authority serial:00
X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.19974.11.1.0.1
X509v3 Issuer Alternative Name: URI:http://grid.eenet.ee/BalticGridCA/
Signature Algorithm: sha1WithRSAEncryption 67:e8:50:7d:28:84:d7:cb:88:de:4a:14:da:f4:09:16:05:38: 4a:55:23:11:b5:87:77:05:7d:07:d8:1c:03:45:19:6f:6f:97: ef:7d:1b:c8:7f:29:98:c5:d8:35:cf:2e:2e:b2:16:7e:19:8c: 3c:32:79:2d:ed:9a:7b:50:e3:26:df:79:59:84:8f:c6:34:d4: 3a:c1:65:5b:79:2e:6e:eb:62:50:2f:0a:47:00:08:54:ee:54: 6d:91:9f:ff:58:f0:b5:79:aa:68:12:e9:2c:15:9d:06:41:3b: 3f:29:4b:ba:be:e1:ef:e1:aa:7c:83:5b:be:3a:e1:16:5f:02: 65:70:c6:7d:15:7b:e0:43:3e:f9:c1:b3:96:80:fb:a0:aa:a8: 83:79:0e:0b:87:b7:09:b6:60:6d:64:2c:de:de:c3:1c:4c:cc: e5:54:4c:33:26:d9:31:35:29:30:df:8b:7b:e6:a8:31:6e:a4: 57:ef:51:53:6c:df:7b:f6:6d:8e:d0:ad:ba:72:87:17:47:aa: d4:fa:ff:4d:d0:cc:45:a5:28:e5:a3:46:84:cf:c4:4b:94:f8: ba:27:b5:35:e3:79:f8:49:3d:90:b0:41:5d:71:e5:15:6c:25: d3:61:73:31:c8:c5:3d:5e:a1:68:fe:82:9a:4a:0f:ea:5b:13: b4:6a:be:be-----BEGIN CERTIFICATE-----MIIDdTCCAl2gAwIBAgIBDTANBgkqhkiG9w0BAQUFADBDMRMwEQYDVQQKEwpCYWx0aWNHcmlkMSwwKgYDVQQDEyNCYWx0aWMgR3JpZCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNTAzMjQxMjMwMzJaFw0wNjAzMjQxMjMwMzJaMEMxEzARBgNVBAoTyH8pmMXYNc8uLrIWfhmMPDJ5Le2ae1DjJt95WYSPxjTUOsFlW3kubutiUC8KRwAIVO5UbZGf/1jwtXmqaBLpLBWdBkE7PylLur7h7+GqfINbvjrhFl8CZXDGfRV74EM++cGzloD7oKqog3kOC4e3CbZgbWQs3t7DHEzM5VRMMybZMTUpMN+Le+aoMW6kV+9RU2zfe/ZtjtCtunKHF0eq1Pr/TdDMRaUo5aNGhM/ES5T4uie1NeN5+Ek9kLBBXXHlFWwl02FzMcjFPV6haP6CmkoP6lsTtGq+vg==-----END CERTIFICATE-----
Networking Software
Good free implementations for: DNS
BIND v8/9, djbdns SMTP
sendmail, qmail, postfix, exim POP/IMAP
qpopper, uwimapd HTTP
Apache PHP, mySQL
“If it was hard to develop, it should be hard to install!”
Setting Up a Basic Name Server
Later versions of BIND use the configuration file /etc/named.conf
This file is divided into five sections: options, controls, three different zones and an include line, which refers to the rndc security file
A zone is a part of the DNS domain tree for which the DNS server has authority to provide information
Zone information is contained in files referred to in named.conf
DNS
Using DNS system Before Internet network started use DNS system there
was hosts files.
However there are one main disadvantage of using host file - search time increase exponentially.
This is the main reason why Internet network started use DNS system.
By the way, DNS system let you use distributed administrative model in order to delegate administrative rights to other people.
DNS You can imagine DNS system structure using image below:
net
"." (root)
com edu auru
.ru domain
msuwsu
.wsu.ru domain
gwgw1
hostgw.wsu.ru
hostgw1.wsu.ru
hostwsu.ru
DNS
DNS zones
terra flora
www
comedu
gov…
mfgntserver
…
Terraflora.com domain
mfg.terraflora.com zone
terraflora.com zone
servers
DNS
DNS request: Requred information for DNS requests Making DNS requests DNS requests types:
Recursive reuqets Iterative requests
DNSada.wsu.ruIP(crypt.iae.nsk.su) = ?
Root serversIP(crypt.iae.nsk.su) = ?
Authoritative server for nsk.su - ns.nsk.su server
ns.nsk.su
iaebox.iae.nsk.su
ada.wsu.ru
IP(crypt.iae.nsk.su) = ?
IP(crypt.iae.nsk.su) = ?
IP(crypt.iae.nsk.su) = 193.124.169.58
Authoritative server for iae.nsk.su - iaebox.iae.nsk.su
IP(crypt.iae.nsk.su) = 193.124.169.58
212.16.195.98ns.wsu.ru
DNS
DNS system planning factors. Number of servers and system platforms Server types:
Primary server Secondary servers Cache servers Forward servers Stealth servers
DNS
DNS database resurce records (RR) DNS database RR forms and types Standart RR DNS database file structure IN-ADDR.ARPA zone for reverse address-to-
name translation
DNS
RR format TYPE contain RR type code CLASS contain RR class code TTL contain Time to Live value RDLENGTH – data length RDATA – data NAME
TYPE
CLASS
TTL
RDLENGTH
RDATA
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
DNS
BIND server configuration acl – define access control list in order to control access to server resources
Controls – define control channel for rndc control utility.Include - can be used to merge a lot of configuration file in one.Key – use information to check identity using TSIG technology.Logging – use to control logging options of DNS server.Options - different DNS server options. Use mainly for global server configuration.Server - certain server configuration options.trusted-keys - used for DNSSEC protocol to hold trusted keys.View - define view options. Zone – define zone option.
DNSSplit DNS example: …view "internal" {
match-clients { 10.0.0.0 / 8 ; };recursion yes;zone "example.com" {
type master;file "example-internal.db";
};};view "external" {
match-clients { any; };recursion no;zone "example.com" {
type master;file "example-external.db";
};};….
DNSDNS configuration file example:logging { category lame-servers { null; };};options { directory "/var/named"; allow-transfer { 195.13.160.52; 195.244.128.2;
10.196.5.130; }; recursive-clients 2000; notify yes;};acl "internals" { 127.0.0.1; 10.196.0.0/16; 10.1.72.0/24;
10.129.24.0/24; 10.130.24.0/24;};view "internal" { match-clients { "internals"; }; recursion yes;
zone "." IN { type hint; file "named.ca";};zone "0.0.127.in-addr.arpa" IN { type master;
1
file "named.local"; allow-update { none; };};zone "test.lv" { type master; file "test.lv.zone";};};view "external" { match-clients { any; }; recursion no;zone "." IN { type hint; file "named.ca";};zone "test.lv" { type master; file "test.lv.public.zone";};};
2
DNSDNS server database file:$ORIGIN .$TTL 3600 ; 1 hourtest.lv IN SOA ns1.test.lv. jurisk.test.lv. ( 2006040301 ; serial 28800 ; refresh (8 hours) 1800 ; retry (5 minutes) 1209600 ; expire (2 weeks) 28800 ; minimum (1 hour) ) NS ns1.test.lv. A 10.196.5.131 MX 10 eproxy.test.lv. MX 20 eproxy1.test.lv. MX 30 eproxy2.test.lv.$ORIGIN test.lv.router A 10.196.5.1eproxy A 10.196.5.187eproxy1 A 10.196.5.188eproxy2 A 10.196.5.189ns1 A 10.196.5.131mail CNAME ns1nais A 10.196.2.11
;; test WWW on Lattelekom servers;www A 81.198.40.10admin A 81.198.40.10editor A 81.198.40.10www A 81.198.40.11tavro A 81.198.40.10tekno A 81.198.40.11$ORIGIN it.test.lv.router A 10.196.5.1$ORIGIN test.lv.proxy2 A 10.196.5.8help A 10.196.5.10ssiahq01 A 10.196.5.31nw1 A 10.196.5.58
DNSReverse DNS zone in-addr.arpa$ORIGIN .$TTL 3600 ; 1 hour5.196.10.in-addr.arpa IN SOA ns1.test.lv. root.ns1.test.lv. ( 2006012401 ; serial 3600 ; refresh (1 hour) 300 ; retry (5 minutes) 3600000 ; expire (5 weeks 6 days 16 hours) 3600 ; minimum (1 hour) ) NS ns1.test.lv.
$ORIGIN 5.196.10.in-addr.arpa.1 PTR router.it.test.lv.7 PTR instructor.it2.test.lv.8 PTR proxy2.test.lv.10 PTR help.test.lv.31 PTR ssiahq01.test.lv.58 PTR nw1.test.lv.60 PTR sandbox.test.lv.77 PTR rs6000f50.test.lv.119 PTR risc6000f30.test.lv.
sudo /sbin/service named restartPassword:Stopping named: Starting named: [ OK ]
Restart named
$ sudo tail /var/log/messagesJan 28 22:36:22 womnibook named[11333]: loading configuration from '/etc/named.conf'Jan 28 22:36:22 womnibook named[11333]: no IPv6 interfaces foundJan 28 22:36:22 womnibook named[11333]: listening on IPv4 interface lo, 127.0.0.1#53Jan 28 22:36:22 womnibook named[11333]: listening on IPv4 interface eth0, 192.168.1.74#53Jan 28 22:36:22 womnibook named[11333]: listening on IPv4 interface eth1, 192.168.2.5#53Jan 28 22:36:22 womnibook named[11333]: command channel listening on 127.0.0.1#953Jan 28 22:36:22 womnibook named[11333]: zone johannes.org/IN: loaded serial 142Jan 28 22:36:22 womnibook named[11333]: runningJan 28 22:36:22 womnibook named[11333]: zone johannes.org/IN: sending notifies (serial 142)Jan 28 22:36:22 womnibook named: named startup succeeded
Mailservers
Maturity Security Features Performance
qmail medium high high high
Sendmail high low high low
Postfix medium high medium high
exim medium low high medium
Courier low medium high medium
Bron: Life with qmail, p. 5
Configuring a Basic Email Server
Sendmail is the most widely used email server The sendmail package contains the sendmail daemon Sendmail is started using a script in /etc/rc.d/init.d Sendmail is configured using the file /etc/sendmail.cf Most email administrators prefer to use the m4
program to configure sendmail
Email basics
Workstation
MUA
Mail Server
MTA
Email database
Mail Server
MTA
Email database
MDA MDA
Workstation
MUA
POP3/IMAP
SMTP
SMTP
Simplified Mail Transactions
mbox mbox
Mail User Agent
Mail Delivery Agent
Mail Delivery Agent
Mail Transport
Agent
Mail Transport
Agent
Mail User Agent
Message composed using an MUA MUA gives message to MTA for delivery
If local, the MTA gives it to the local MDA If remote, transfer to another MTA
Structure of qmailqmail-smtpd
qmail-localqmail-remote
qmail-lspawnqmail-rspawn
qmail-send
qmail-inject
qmail-queue
Incoming SMTP mail Other incoming mail
Installation qmail and qmail-pop3d
tux:~# apt-get updatetux:~# apt-get install qmail
sh -c "start-stop-daemon --start --quiet --user root \ --exec /usr/bin/tcpserver -- \ 0 pop-3 /usr/sbin/qmail-popup `hostname`.`dnsdomainname` \ /usr/bin/checkpassword /usr/sbin/qmail-pop3d Maildir &
Configuration of qmail
Configuration stored in /var/qmail/control/
Configure: Relaying Multiple host names Virtual domains Aliases qmail-users Blackhole lists Mailbox formaat
The qmail security guarantee
In March 1997, I offered $500 to the first person to publish a verifiable security hole in the latest version of qmail: for example, a way for a user to exploit qmail to take over another account.
My offer still stands. Nobody has found any security holes in qmail.
D.J.Bernstein
Principles, sendmail vs qmail
Do as little as possible in setuid programs Of 20 recent sendmail security holes, 11 worked only because
the entire sendmail system is setuid Only qmail-queue is setuid
Its only function is add a new message to the queue
Do as little as possible as root The entire sendmail system runs as root
Operating system protection has no effect Only qmail-start and qmail-lspawn run as root.
Principles, sendmail vs qmail
Programs and files are not addresses sendmail treats programs and files as addresses
“sendmail goes through horrendous contortions trying to keep track of whether a local user was responsible for an address. This has proven to be an unmitigated disaster”
(DJB) qmail programs and files are not addresses
“The local delivery agent, qmail-local, can run programs or write to files as directed by ~user/.qmail, but it's always running as that user. Security impact: .qmail, like .cshrc and .exrc and various other files, means that anyone who can write arbitrary files as a user can execute arbitrary programs as that user. That's it.”
(DJB)
Keep it simple
Parsing Limited parsing of strings
Minimizes risk of security holes from configuration errors
Libraries Avoid standard C library, stdio
“Write bug-free code” (DJB)
Webmail system (SquirreMail)
Web server Mail Server
Workstation
Webmail client(Squirre Mail)
browser
MUA
Email database
MTA
Apache
what is Apache? Apache’s functionality installing Apache directory structure configuration tools
Web server
...is a software program that does the following Accepts requests for web pages from a browser. Looks for the requested pages on the server hard drive. Sends a copy of the the requested web page to the browser. A web server can only serve HTML and jpg/gif files
In our case, we use a very popular web server called Apache.
Apache
open-source very popular (more than 67% of the web sites) highly configurable and extensible with third-party
modules runs on many operating systems (most of the
Unix) is actively being developed
Apache functionality
DBM databases for authentication customized responses to errors and problems unlimited flexible URL rewriting and aliasing Virtual Hosts Configurable Reliable Piped Logs
Apache modules (1) mod_access
Access control based on client hostname or IP address
mod_alias Mapping different parts of the host filesystem in the document tree, and URL
redirection mod_auth
User authentication using text files
mod_autoindex Automatic directory listings
mod_cgi Invoking CGI scripts
Apache modules (2) mod_include
Server-parsed documents
mod_mime Determining document types using file extensions
mod_proxy Caching proxy abilities
mod_rewrite Powerful URI-to-filename mapping using regular expressions
mod_usertrack User tracking using Cookies
mod_vhost_alias Support for dynamically configured mass virtual hosting
Apache modules (3)
mod_ssl This module provides strong cryptography for the Apache 1.3
webserver via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols by the help of the Open Source SSL/TLS toolkit OpenSSL.
Requires Apache 1.3.x and OpenSSL 0.9.x Private and Public keys Thawte (www.thawte.com), Versisign (www.verisign.com)
Installing Apache
$ ./configure --prefix=/usr/local/apache
$ make$ make install$ /usr/local/apache/bin/apachectl
start
Installing Apache
./configure –help --show-layout
show GNU style directory layout --with-layout=GNU
Use GNU style directory layout --enable-suexec
Enable suEXEC support for CGI and SSI --add-module=/path/to/mod_foo.c
compiles, installs and adds module as a Dynamic Shared Object
Testing Apache installation
arnis@perkons:~$ ps aux | grep apacheroot 289 0.0 0.2 8400 2564 ? Ss Nov15 0:02 /usr/local/apache/bin/httpdroot 307 0.0 0.1 8764 1480 ? Ss Nov15 0:00 /usr/local/apache-ssl/bin/httpd -DSSLapache- 315 0.0 0.1 14768 1580 ? S Nov15 0:27 /usr/local/apache-ssl/bin/httpd -DSSLapache- 13822 0.0 0.2 15224 2644 ? S Nov15 0:26 /usr/local/apache-ssl/bin/httpd -DSSLapache 11290 0.0 0.3 16856 3112 ? S Nov17 0:31 /usr/local/apache/bin/httpdapache 498 0.2 0.8 12596 8484 ? S Nov18 8:54 /usr/local/apache/bin/httpd
....
Apache directory layout
Debian /etc/init.d/apache
Apache control script /etc/apache
Apache configuration files /var/www
Default Document Root /usr/lib/cgi-bin
Default script directory
Apache directory layout (2)
/var/log/apache log files (access.log, error.log)
/usr/sbin rotatelogs, ab (Apache Benchmark)
/usr/bin htpasswd, htdigest, dbmmanage
/usr/lib/apache/1.3 Apache modules
/usr/lib/apache/suexec
Apache directory layout (3)
Slackware /usr/local/apache /usr/local/apache/conf /usr/local/apache/htdocs /usr/local/apache/cgi-bin /var/log/apache /usr/local/apache/bin
Apache access log
LogFormat "%v %h %l %u %t \"%r\" %>s %b" commonCustomLog /usr/local/apache/logs/access_log common
%v – virtual host %h – remote host %u – user %t - time %r – HTTP request %>s – status code %b – size
www.atlants.lv 159.148.85.46 - - [21/Nov/2004:17:23:36 +0200] "GET /index.php?m=5 HTTP/1.1" 200 32257
Apache error log
ErrorLog /usr/local/apache/logs/error_logLogLevel warn
[Sun Nov 21 09:13:42 2004] [error] PHP Fatal error: Call to undefined function PN_DBMsgError() in /home/msaule/public_html/referer.php on line 85[Sun Nov 21 12:41:09 2004] [error] [client 81.198.145.117] File does not exist: /home/sms/public_html/favicon.icophp on line 85[Sun Nov 21 13:02:50 2004] [error] [client 66.249.66.173] File does not exist: /home/code/public_html/robots.txt[Sun Nov 21 13:08:26 2004] [error] [client 81.198.176.114] File does not exist: /home/refuser2/public_html/_vti_bin/owssvr.dll[Sun Nov 21 13:08:26 2004] [error] [client 81.198.176.114] File does not exist: /home/refuser2/public_html/MSOffice/cltreq.asp[Sun Nov 21 13:09:07 2004] [error] [client 81.198.176.114] File does not exist: /home/refuser2/public_html/_vti_bin/owssvr.dll[Sun Nov 21 13:09:07 2004] [error] [client 81.198.176.114] File does not exist: /home/refuser2/public_html/MSOffice/cltreq.asp
Apache configuration
Edit httpd.conf Check configuration “apachectl configtest” Restart Apache Check changes
http://httpd.apache.org/docs/
Apache configuration
Virtual host<VirtualHost *> ServerName www.jrt.lv ServerAlias www.jrt.com CustomLog /usr/local/apache/logs/jrt_access_log common ErrorLog /usr/local/apache/logs/jrt_error_log DocumentRoot /home/jrt/public_html</VirtualHost>
Apache configuration
.htaccessAuthType Basic AuthUserFile /home/someuser/passwdAuthName "Admin" require valid-user
htpasswdhtpasswd -c <password file> <username>
user1:Y90u499mUj6xEuser2:DOrWgcNwzaQUQ
Apache2
Unix Threading New Build System Multiprotocol Support New Apache API IPv6 Support Filtering Multilanguage Error Responses Regular Expression Library Updated
Dynamic content
Apache only sends content to the user What if I need some resources/information from server
Send e-mail Store some information in file (guestbook) Execute unix applications And much more...
We need programming language
Dynamic content
Script engine is a software program that does the following: Accepts scripts passed along from the web server that
are of the non-HTML type. Processes these scripts. Returns the result of this processing to the web
server.
Dynamic content
Two ways how to server dynamic content CGI Apache module
Many programming languages to use PHP, Perl, Python, C, C++, shell scripts ...
Common gateway interface (CGI)
A standard for running external programs from a World-Wide Web HTTP server. CGI specifies how to pass arguments to the executing program as part of the HTTP request. It also defines a set of environment variables. Commonly, the program will generate some HTML which will be passed back to the browser but it can also request URL redirection.
CGI example
Shell script
#!/bin/bashecho "Content-type: text/plain"echo ""echo "Hello world!"echo "Today is:" `date`
CGI example (2)
Perl script
#!/usr/bin/perlprint "Content-type: text/plain\n\n";print "Hello world!\n";print "Today is: " . localtime() . "\n";
Apache modules
mod_perlmod_perl brings together the full power of the Perl programming
language and the Apache HTTP server. You can use Perl to manage Apache, respond to requests for web pages and much more.
mod_phpPHP is a widely-used general-purpose scripting language that is
especially suited for Web development and can be embedded into HTML
mod_python, OpenASP Module, ...
PHP: Hypertext Preprocessor(PHP)
<html> <head> <title>Example</title> </head> <body>
<?php echo "Hi, I'm a PHP script!"; ?>
</body></html>
PHPPros
easy to learn ideal for small projects widely used no strong typing
Cons no strong typing code maintenance interpreted language executes in the Web server process
Installing PHP
Gentoo# emerge \<apache-2
# USE="-*" emerge php mod_php
# ebuild /var/db/pkg/dev-php/mod_php-<your PHP version>/mod_php-<your PHP version>.ebuild config
# nano /etc/conf.d/apache Add "-D PHP4" to APACHE_OPTS # rc-update add apache default
# /etc/init.d/apache start
Installing PHP
Source instalation Install PHP./configure --with-mysql --with-apxs=/www/bin/apxsmakemake installcp php.ini-dist /usr/local/lib/php.ini Edit your httpd.conf to load the PHP module. LoadModule php4_module libexec/libphp4.so AddModule mod_php4.c AddType application/x-httpd-php .php .phtml Restart Apache
PHP Configuration
php.ini read once at web server startup
; any text on a line after an unquoted semicolon (;) is ignored
[php] ; section markers (text within square brackets) are also ignored
; Boolean values can be set to either: ; true, on, yes
; or false, off, no, none
register_globals = off
track_errors = yes
; you can enclose strings in double-quotes
include_path = ".:/usr/local/lib/php"
PHP Configuration
php.ini directivesmax_execution_time = 30 ; Maximum execution time of each script, in
seconds max_input_time = 60 ; Maximum amount of time each script may spend
parsing request data memory_limit = 8M ; Maximum amount of memory a script may consume
(8MB)
; - Show all errors except for notices and coding standards warningserror_reporting = E_ALL & ~E_NOTICE & ~E_STRICT display_errors = Offlog_errors = Onerror_log = filename
PHP Configuration
Apache configuration file<VirtualHost 10.10.10.10>
DocumentRoot /home/someuser/public_htmlServerName www.somesite.lv<Directory /home/someuser/public_html/> php_admin_value open_basedir /home/someuser/:/tmp/:/usr/share/pear/ php_value auto_prepend_file /home/someuser/includes/default.inc php_value upload_max_filesize 10M</Directory>
</VirtualHost>
PHP Configuration
.htaccess fileAddType application/x-httpd-php .php3php_value include_path .:/home/someuser/includes:/home/someuser/public_htmlphp_flag register_globals Off
PHP scripts<?ini_set("display_errors", "true");ini_set("error_log","/home/someuser/log/php.log");...
Apache module vs. CGI
Apache module Good performance One user for all websites
Other user’s source files can be accessed PHP safe_mode
CGI New process each time suEXEC – each website under its own user
fastCGI
MySQL
About MySQL Installing MySQL MySQL directory structure MySQL commands Some examples PHPMyAdmin
MySQL
Open source Very fast Stable Easy to use Independant storage engines
Can be run with or without transaction control Security
SSL support Resources configurable per user basis
MySQL 4.x
Subqueries New client-server protocol with prepared
statements Unicode and UTF-8 support Query cashing Much more...
Installing MySQL
Binary distributionshell> groupadd mysqlshell> useradd -g mysql mysqlshell> cd /usr/localshell> gunzip < /path/to/mysql-VERSION-OS.tar.gz | tar xvf -shell> ln -s full-path-to-mysql-VERSION-OS mysqlshell> cd mysqlshell> scripts/mysql_install_db --user=mysqlshell> chown -R root .shell> chown -R mysql datashell> chgrp -R mysql .shell> bin/mysqld_safe --user=mysql &
Installing MySQL
Source distributionshell> groupadd mysqlshell> useradd -g mysql mysqlshell> gunzip < mysql-VERSION.tar.gz | tar -xvf -shell> cd mysql-VERSIONshell> ./configure --prefix=/usr/local/mysqlshell> makeshell> make installshell> cp support-files/my-medium.cnf /etc/my.cnfshell> cd /usr/local/mysqlshell> bin/mysql_install_db --user=mysqlshell> chown -R root .shell> chown -R mysql varshell> chgrp -R mysql .shell> bin/mysqld_safe --user=mysql &
Post-Instalation Procedures
Check instalation shell> bin/mysqladmin version
Create system tables shell> bin/mysql_install_db --user=mysql
Make nessesary databases and users CREATE DATABASE GRANT
MySQL directory structure
./ MySQL server control scripts
bin/ MySQL server, MySQL client and commandline tools
data/ Databases – directories Tables – files (MYD, MYI,FRM)
var/log Log files
MySQL binaries
mysql MySQL client
mysqladmin MySQL administration tool
mysqldump Tool for creating database dumps
MySQL commands
CREATE DATABASE <database name> DROP GRANT ALL PRIVILEGES on database.* to
user@localhost IDENTIFIED BY ‘password’ Privilege type (ALL, ALTER, CREATE, DELETE, INSERT,
SELECT, GRANT, ...) Privilege level (globa, database, table, column) User and host (localhost, IP address, network, %)
REVOKE
PHPMyAdmin
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web (http://www.phpmyadmin.net/)
CREATE/DROP databases CREATE/DROP/ALTER tables Delete/add/edit/search information Execute SQL queries Manage privileges Export data
PHP and SQLite example
<?php
// create new database (OO interface) $db = new SQLiteDatabase("db.sqlite");
// create table foo and insert sample data $db->query("BEGIN; CREATE TABLE foo(id INTEGER PRIMARY KEY, name CHAR(255)); INSERT INTO foo (name) VALUES('Ilia'); INSERT INTO foo (name) VALUES('Ilia2'); INSERT INTO foo (name) VALUES('Ilia3'); COMMIT;");
// execute a query $result = $db->query("SELECT * FROM foo"); // iterate through the retrieved rows while ($result->valid()) { // fetch current row $row = $result->current(); print_r($row); // proceed to next row $result->next(); }
// not generally needed as PHP will destroy the connection unset($db);
?>
PHP and MySQL example<?php// Connecting, selecting database$link = mysql_connect('mysql_host', 'mysql_user', 'mysql_password') or die('Could not connect: ' . mysql_error());echo 'Connected successfully';mysql_select_db('my_database') or die('Could not select database');
// Performing SQL query$query = 'SELECT * FROM my_table';$result = mysql_query($query) or die('Query failed: ' . mysql_error());
// Printing results in HTMLecho "<table>\n";while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) { echo "\t<tr>\n"; foreach ($line as $col_value) { echo "\t\t<td>$col_value</td>\n"; } echo "\t</tr>\n";}echo "</table>\n";
// Free resultsetmysql_free_result($result);
// Closing connectionmysql_close($link);?>