ausy lab - HackMD

# ausy lab # 0. ``` ifconfig enp0s3 down ip link set dev enp0s3 up ip address add 192.168.122.1/24 broadcast 192.168.122.255 dev enp0s3 ip route add 192.168.1.0/24 via 0.0.0.0 dev enp0s3 ``` **/etc/sysconfig/network** ``` default via 192.168.1.1 dev virbr0 NETWORKING=yes NETWORKING_IPV6=no HOSTNAME=domlab.studmat.uni.torun.pl ``` **/etc/sysconfig/network-scripts/ifcfg-enp0s3** ``` DEVICE=enp0s3 ONBOOT=yes BOOTPROTO=none BROADCAST=192.168.1.255 IPADDR=192.168.1.119 NETMASK=255.255.255.0 GATEWAY=192.168.1.1 DNS1=8.8.4.4 ``` **/etc/group /etc/passwd** ``` groupadd aus -g 1500 groupadd zespol -g 1501 useradd -u 1500 -g 1500 aus2 useradd -o -u 1500 -g 1500 aus2 useradd -u 1502 -g 1500 testuser useradd -u 2001 -g 1501 student1 useradd -u 2002 -g 1501 student2 useradd -u 2003 -g 1501 student3 usermod -L aus2 passwd aus passwd testuser usermod -a -G zespol testuser passwd student1 passwd -e student1 passwd student2 passwd -e student2 passwd student3 passwd -e student3 ``` # 1. dnf install bind hostnamectl set-hostname domlab.studmat.uni.torun.pl **named.conf** ``` // // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; acl "clients"{ 192.168.1.0/24; 127.0.0.1; }; options { listen-on port 53 { any; }; listen-on-v6 port 53 { any;}; directory "/var/named"; allow-query { clients; }; auth-nxdomain no; }; zone "domlab.studmat.uni.torun.pl" { type master; file "/etc/primary/domlab.studmat.uni.torun.pl"; allow-transfer { 158.75.12.130; 192.168.132.31; }; }; zone "119.1.168.192.in-addr.arpa" { type master; file "/etc/primary/db.192"; }; ``` **/etc/primary/db.192** ``` ; ; BIND reverse data file for local loopback interface ; $TTL 604800 @ IN SOA ns.domlab.studmat.uni.torun.pl. root.domlab.studmat.uni.torun.pl. ( 20191012 8M 2M 30M 10M ) ; @ IN NS ns. 1.0.0 IN PTR ns.domlab.studmat.uni.torun.pl. 100 IN PTR domlab.studmat.uni.torun.pl. @ IN PTR 192.168.1.119 IN PTR 192.168.1.119 6 IN PTR domlab.studmat.uni.torun.pl. $GENERATE 1-254 lab$.domlab.studmat.uni.torun.pl. IN A 192.168.1.$ ``` **/etc/primary/domlab.studmat.uni.torun.pl** ```; ; BIND data file for example.com ; $TTL 604800 $ORIGIN domlab.studmat.uni.torun.pl. @ IN SOA domlab.studmat.uni.torun.pl. root.domlab.studmat.uni.torun.pl. ( 20191012 8M 2M 30M 10M ) IN A 192.168.1.119 ; @ IN NS ns.domlab.studmat.uni.torun.pl. @ IN A 192.168.1.119 ns IN A 192.168.1.119 100 IN PTR domlab.studmat.uni.torun.pl. $GENERATE 1-254 lab$.domlab.studmat.uni.torun.pl. IN A 192.168.1.$ @ IN MX 10 mail.domlab.studmat.uni.torun.pl. @ IN A 192.168.1.119 @ IN TXT "v=spf1 mx ip4:192.168.1.119 ip4:192.168.1.122 -all" www IN CNAME domlab.studmat.uni.torun.pl. mail IN CNAME domlab.studmat.uni.torun.pl. labxxx IN CNAME domlab.studmat.uni.torun.pl. labxx.domlab.studmat.uni.torun.pl. IN A 192.168.1.119 ``` host domlab.studmat.uni.torun.pl host 192.168.1.119 # 2. dnf install httpd -y **/etc/httpd/conf httpd.conf** ``` Listen 127.0.0.1:80 Listen 192.168.1.119:80 User apache Group apache <VirtualHost *:80> ServerName labxx.domlab.studmat.uni.torun.pl DocumentRoot /var/www/html/sub1 </VirtualHost> <VirtualHost *:80> ServerName domlab.studmat.uni.torun.pl ServerAlias *.domlab.studmat.uni.torun.pl DocumentRoot /var/www/html </VirtualHost> :q!:q ``` **/etc/httpd/conf.d server-info** ``` <Location "/server-info"> SetHandler server-info Require ip 192.168.1.0/24 Require ip 127.0.0.1 </Location> ~ ``` **server-status** ``` <Location "/server-status"> SetHandler server-status Require ip 192.168.1.0/24 Require ip 127.0.0.1 </Location> ``` **userdir** ``` UserDir enabled UserDir public_html <Directory "/home/*/public_html"> ## Apache 2.4 users use following ## AllowOverride FileInfo AuthConfig Limit Indexes Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec Require method GET POST OPTIONS ## Apache 2.2 users use following ## Options Indexes Includes FollowSymLinks AllowOverride All Allow from all Order deny,allow </Directory> ```` **/etc/httpd/conf.d/ssl.conf** ``` DocumentRoot /var/www/html ServerName domlab.studmat.uni.torun.pl SSLCertificateFile /etc/pki/tls/certs/example.com.crt SSLCertificateKeyFile /etc/pki/tls/certs/example.com.key [root@www ~]# dnf -y install mod_ssl [root@www ~]# vi /etc/httpd/conf.d/ssl.conf # line 59: uncomment DocumentRoot "/var/www/html" # line 60: uncomment and specify hostname ServerName www.srv.world:443 # line 102: change to the one created in [1] SSLCertificateFile /etc/pki/tls/certs/server.crt # line 110: change to the one created in [1] SSLCertificateKeyFile /etc/pki/tls/certs/server.key [root@www ~]# systemctl restart httpd [root@dlp ~]# firewall-cmd --add-service=https --permanent success [root@dlp ~]# firewall-cmd --reload success ```` **/etc/httpd/conf.d/cgi-enabled** https://www.server-world.info/en/note?os=Fedora_29&p=httpd&f=2 ``` <Directory "/var/www/html/cgi-enabled"> Options +ExecCGI AddHandler cgi-script .cgi .pl </Directory> ``` vim /etc/php.ini **/var/www/html** systemctl restart httpd https://domlab.studmat.uni.torun.pl/ http://labxx.domlab.studmat.uni.torun.pl/ http://domlab.studmat.uni.torun.pl/~klimek/ /cgi-enabled/index.cgi # 3. yum -y install postfix **/etc/postfix/main.cf** ``` myhostname = mail.domlab.studmat.uni.torun.pl mydomain = domlab.studmat.uni.torun.pl myorigin = $mydomain inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mynetworks = 192.168.1.0/24, 127.0.0.0/8 home_mailbox = Maildir/ smtpd_banner = $myhostname ESMTP message_size_limit = 10485760 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname smtpd_recipient_restrictions = permit_mynetworks, permit_auth_destination, permit_sasl_authenticated, reject ``` [root@mail ~]# systemctl restart postfix [root@mail ~]# systemctl enable postfix firewall-cmd --add-service=smtp --permanent firewall-cmd --reload yum -y install dovecot [root@mail ~]# vi **/etc/dovecot/dovecot.conf** ``` # line 24: uncomment protocols = imap pop3 lmtp # line 30: uncomment and change ( if not use IPv6 ) listen = * ``` [root@mail ~]# vi **/etc/dovecot/conf.d/10-auth.conf** ``` # line 10: uncomment and change ( allow plain text auth ) disable_plaintext_auth = no # line 100: add auth_mechanisms = plain login ``` [root@mail ~]# vi **/etc/dovecot/conf.d/10-mail.conf** ``` # line 30: uncomment and add mail_location = maildir:~/Maildir ``` [root@mail ~]# vi **/etc/dovecot/conf.d/10-master.conf** ``` # line 96-98: uncomment and add like follows # Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix } ``` [root@mail ~]# vi **/etc/dovecot/conf.d/10-ssl.conf** ``` # line 8: change (not require SSL) ssl = no ``` [root@mail ~]# systemctl start dovecot [root@mail ~]# systemctl enable dovecot firewall-cmd --add-service={pop3,imap} --permanent firewall-cmd --reload pierwszy : nowy@domlab.studmat.uni.torun.pl drugi : fedora@domlab.studmat.uni.torun.pl