Home

CECS 5450/4560

Internet Services

Spring 2010

• General Information
  
• Syllabus
  
• Schedule
  
• Assignments
  

Schedule

Book

• The chapters listed below are from the LINUX+ GUIDE TO LINUX CERT
• UNT Electronic Books. I have provided a link to the e-books via the UNT portal. If it doesn't work, then you will need to access the UNT Safari portal directly, then select the book that is referenced.

Additional Course Links

• Linux
• SQL
• web development
• Whatis.com

Start of Course - February 8, 2010

Readings

Chapter 1: Is an overview of the Linux.
Be sure to pay special attention to the keywords at the end of each chapter and the review questions.


• Open Source
• Internet Services

---

Chapter 2: Covers the hardware required to support Linux.


---

Chapter 3: This reviews the install of Linux.

• Basic Linux Usage
• Basic Shell Commands
• Getting Command Help
• Using SSH to connect to the remote server (What is SSH?)

The instructor, during the start of the course, will provide server information.
For this course, we have already installed Linux on the server, but this is an important part of Linux.
The install covered in the 2nd edition of this book is valid for Fedora before 10.
We are using Fedora Core 12 and the install process has changed a lot, but the basic process is very similar.
The additional course web links above have links to a number of good sites that review the install process.
We did a number of steps during the install to get the system to the stage where you can login.


---

Chapter 4: Exploring the Linux File System

---

Time to remote access your system and start working with the command line shell

We want to complete the following things:


1. Using SSH Terminal on your computer access your system. If you do not have a SSH terminal then you need to download puttyssh. Mac users already have a terminal program in the Utilities folder under applications, issue "ssh -l useraccount systemname" to connect to your system.


2. Using the information that your instructor sent you, access your system.

   Using PuttySSH to login into your server.

   
   
3. Learn to use the bash shell (UNT Library: Chapter on Bash Shell in Learning RedHat Linux and Fedora)


4. Navigate your Linux system (UNT Library: Working with Unix Files in Practical UNIX)


5. learn and run shell commands ( UNT Library: Common Linux Commands)


6. Learn vi (Learning the vi editor); however you can use the nano editor (which is the improved pico editor). You might find nano easier to use since it is a graphical editor, unlike vi which is a visual line editor)



Using vi and nano



7. You will also need a SFTP program if you plan on uploading or downloading to your system. Windows users can use WINSCP (download). Mac users can try Transmit3.

Basic WinSCP.



8. Learn yum, update your system ('yum update') as part of assignment 1. You will need to be changed to root for the update to work. So look up the 'su' command.

   1. Installing yumex
        # yum install yumex
        
   2. Update your OS
        # yum update
   

   Yum Update

   
   If you do this correctly, you will get a long list of things to update and download. Eventually it will ask you to confirm that you want to proceed. Just follow the directions.


9. Getting sendmail to send off campus (Before you begin editing. You can use the 'cp' command to make a copy of the file you are about to edit in case you mess the file up when editing. Just do 'cp filename filename.bak' and you have a copy that you can go back to in case of accidents.)

   1. Setting up sendmail to handle the UNT mailhost 
              (allows for sending mail off campus)
        # yum install sendmail-cf
   
        vi
          /etc/mail/sendmail.mc
   
             delete dnl from line:
                  dnl define(`SMART_HOST',`smtp.your.provider')
             and change to:
   	          define(`SMART_HOST',`mailhost.unt.edu')
   
             add dnl to the line:
   	          dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
   
             save and exit
   
        make the changes
             # cd /etc/mail
             # ./make
   
        restart sendmail
   	     # /sbin/service sendmail restart
   
   2. Setting mail forwarding
        vi
          /etc/aliases
        
             replace the last line #root: marc with
             
             root:  email1, email2, email3
             
         each e-mail represents a member of your group (if the course is using groups)
   
       
    
   3. Configure new mail aliases
   
       # newaliases
   
   4. Mail a message to root as a test
        # mail root
   	 Subject: Test to the Group
   	 This is a test message
   	 .
   	 (return on cc)
   	

   Installing Sendmail

   
   

   This will send an e-mail to root that should then get sent to all in the .forward file for root. If this doesn't work, then you missed or have a mistake in the steps above. Review and check your edits and try to send e-mail again.

   You will now get all system e-mails includin the nightly logs. It is your responability to read these daily messages and monitor activity on your system.

   Note: If your server requires a password to authenticate against a network mailserver the following web site gives some examples of how to setup your system for use on the Verizon network.



10. Install BlockHost in order to limit IP abuse.

February 9 - March 1, 2010

Readings

Chapter 5: Filesystem Management
Be sure to pay special attention the file permissin system and how you use the chmod command.



---

Chapter 6: Filesystem Admin
If you plan on taking the cert, be sure to read this chapter.



---

Chapter 7: Adv Installation
If you plan on taking the cert, be sure to read this chapter.



---

Chapter 8: More Bash Shell
This chapter goes beyond the basics we did earlier in the semester. The ability to pipe and redirect is essential in using the command line.



---

Chapter 9: System Ini and X Windows
If you plan on taking the cert, be sure to read this first half of the chapter. Be sure to review the X windows system section. We will be using the GNOME desktop.



---

Chapter 10: Managing Linux Processes
UNIX is a multi processing system, which allows it to run more than one process at a time. This chapter discusses how to manage and control processes. Be sure to review run levels and managing processes.



---

Assignment 2 - (Web / Apache Install)

Assignment 2 focuses on the following issues. Be sure to examine these issues in the book and online in order to fully understand the concepts and terms:
• What is the Web
• What is HTTP
• What is HTML
• What is Apache
• What is a LAMP install
• What are Firewalls and what do they do and why

Open firewall port 80 for Web Service

Fedora uses what is called IPTABLES to control the firewall on your server. IPTABLES is a rules file that tells the OS which ports should be open and how and who should have access to them. We will be doing the basic setup for assignment 2. IPTABLES provides a many ways to configure your server to provide protection from outside attacks. One of the best ways to protect your server is to only open ports that you are using and to control access as required. This is in addition to only running software that accesses these ports as required.

Since, we have not enabled remote desktop access yet (assignment 3), we will editing the iptables file by hand using vi or another command line editor. IPTABLES is already installed on your server as the basic install package. You will need to open up port 80 allow the apache server, that we have not started yet to talk to the outside world via this port. As discussed in the defition above, a port can be thought of as a conduit between the outside network and software running on your server. While port 80 is the default for web services, you can run a web server on any port you want to define depending on conditions you find your server operating in.

a. edit /etc/sysconfig/iptables

b. when you edit iptables, you will notcie that port 22, which is what you are using for SSH is already open.

-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

c. We can clone this line (look up the vi commands for copy and past) and then edit port 22 to port 80, such that you get this addiontional line in the file. If you would like to see a list of standard ports, you can cat /etc/services to view them. The line you want to add to the file iptables is:

-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

d. Save and quit the editor

e. The next step is to restart the iptables service, so that it reads in the new settings you have created.

     # /sbin/service iptables restart

f. If this work correctly, you will get the following OKs back. If you get an error message, then go back and look at the file to see if you made a mistake in the edit

    iptables: Flushing firewall rules:                         [  OK  ]
    iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
    iptables: Unloading modules:                               [  OK  ]
    iptables: Applying firewall rules:                         [  OK  ]

g. You have now opened up port 80. There is way using the GUI to control these ports, but learning to work on the file directly allows you to use SSH to open a session to your server from just about anywhere (like from my iphone now) to be able to control access.


Configuring IPTABLES

Install Apache using yum

a. First, lets check to make sure that httpd is installed.

     # yum install httpd

b. Most likely yum came back with the following, since it should be installed already. If it didn't then it probably asked you to install it.

     Package httpd-2.2.10-2.i386 already installed and latest version
     Nothing to do

Enable Apache and set to auto-start upon system reboot

a. We have two steps to enable and start the httpd service. The first is to set auto start and the second it to actually start httpd

     # chkconfig httpd on

     # /sbin/service httpd start

b. the service command should have outputed

     Starting httpd:                                            [  OK  ]

c. As a further check, lets look at the process table and see if https was started. You should something like this in the table out


     # ps -ef

  
     root     17960     1  0 15:14 ?        00:00:00 /usr/sbin/httpd
     apache   17962 17960  0 15:14 ?        00:00:00 /usr/sbin/httpd
     apache   17963 17960  0 15:14 ?        00:00:00 /usr/sbin/httpd
     apache   17964 17960  0 15:14 ?        00:00:00 /usr/sbin/httpd
     apache   17965 17960  0 15:14 ?        00:00:00 /usr/sbin/httpd
     apache   17966 17960  0 15:14 ?        00:00:00 /usr/sbin/httpd
     apache   17967 17960  0 15:14 ?        00:00:00 /usr/sbin/httpd
     apache   17968 17960  0 15:14 ?        00:00:00 /usr/sbin/httpd
     apache   17969 17960  0 15:14 ?        00:00:00 /usr/sbin/httpd

Just as a side note, lets look at an example of using a pipe in the command. Try

     # ps -ef | grep httpd

Test Web Server

a. You have now set httpd to autostart on server reset and have started the web server. It should display the default web page if you go to your server.
Using a browser, enter http://yourserverdomainname

b. if it does not, then you need to check iptables again (did you enter the right enter and did you restart it) and check httpd (did you start it).

Upload new Web Site Page

a. It is now time to upload a web site (or pages) to replace the default page just seen

b. Using whatever web authoring package you like, create a home page for your site. Please create a motif/layout that goes with the name of your system. NOTE: Apache uses index.html as the default startup web page, so make sure your first page in any new web directory is called index.html. We will talk more about how to configure httpd.conf in a bit, when we setup user web areas.

c. Uising WINSCP upload the new web content to the default web area of /var/www/html.

d. You will need to make sure you have the proper permissions to load files into this directory, since the base setting is for root. One way to do this is to change the group of /var/www/html to apache. Then editing /etc/group, add any users that need write permission to this group. chmod g+w /var/www/html

e. Using your browser check your new home page. Congrats! You now have a working web server.

Enable User Home Page

a. You now have a server web area. apache supports the ability to setup user web areas that reside under the user's account. This is handy in several cases. One of the main reasons is that users are then responsble for their own content and you do not have to allow user access to your web directory (/var/www/html) for security issues. Keep in mind, there are some downsides, so the choice of enabling this or not depends on your server needs. We will enable it on your server as a further use of apache.

b. The first is to edit the httpd configuration file. /etc/httpd/conf/httpd.conf is a very complex settings file. It controls everything to do with httpd startup. Before we edit it though, lets make a backup copy so if things stop working, you can copy the backup over the edited version and get back to an operational state.

     # cp /etc/httpd/conf/httpd.conf httpd.conf.backup

This command will copy the file httpd.conf in the same directory named httpd.conf.backup

e. edit /etc/httpd/conf/httpd.conf

• Look for the setting for public_html (will be around line 350)

          Change 
		     UserDir disable
          to
		     #UserDir disable
             
          and Change
		     #UserDir public_html
		   to
		     UserDir public_html

• save and exit

f. restart httpd service

     # /sbin/service httpd restart

g. the service command should have outputed OK. If it didn't, then you have an error in your edit. Either try to find it or copy back the backup and start the edit again. Mistakes in editing httpd.conf are very unforgiving.

     Stopping httpd:                                            [  OK  ]
     Starting httpd:                                            [  OK  ]

h. we have a number of steps now to create a user's public_html area and the open it for outside viewing. This is the more complex part of the process and any problem in this chain can cause a failure notice when you try to access the user web area.


Configuring Public_Html. A run through of the steps that are discussed next.


The basic steps are as follows:
• get to the user account you want to create the uoblic web area for.
• be working as root user.
• create a public_html directory in the user account using mkdir command.

      # mkdir public_html

  If you create this account using root, then you have to change owner so that the user can work in the directory (see demo above)

      # chown username:apache public_html

• now you have to open the home directory for access by apache. There are two ways to do this. The movie suggests using

       # chmod g+rx public_html

  which opens up the home directory to move into the directory not see any files. Another way is to simply change the group to apache

       # chgrp apache /home/useraccount
       # chmod g+x /home/useraccount

  which will allow apache and no other users as a group to move into the user directory.


• save or create (vi) a test file into the public_html directory to test the following steps

       # cd public_html
        vi index.html
        <html>
        <body>
        <h1>systemname</h1>
        </body>
        </html>
        

  save and exit the file editing
  If you created this file under root, then you have to change owner so that the user can edit in the file in the future (see demo above)

      # chown username:username index.html



• now try to access the test page

     http://servername.lt.unt.edu/~youraccount

• If you don't get the test page, then you missed or made a mistake in one of the above steps. Go back and review.

Upload User Home Page

a. It is now time to upload a web site (or pages) for the empty user home page

b. Using whatever web authoring package you like, create a home page for your user site. Be sure to put your name, photo, and a bio about yourself on the personal page. Also, be sure to provide a link on your system home page to your personal web site. NOTE: Apache uses index.html as the default startup web page, so make sure your first page in any new web directory is called index.html.

c. Uising WINSCP upload the new web content to the public_html web area.

d. Using your browser check your new home page. http://servername.lt.unt.edu/~youraccount

e.Congrats! You now have a working web server.

March 2 - March 22, 2010

Assignment 3 - (VNC / SWiki)

Assignment 3 focuses on the following issues. Be sure to examine these issues in the book and online in order to fully understand the concepts and terms:
• What is VNC
• What is a wiki
• What is swiki

Open firewall port 5901 for Web Service VNC and port 8080 for Swiki

Use the informaiton and steps you have learned for assignment 2 to open ports 5901 and port 8080. Be sure to restart iptables

Install vnc-server using yum

     #yum install vnc-server

b. Most likely yum came back with the following:

     
    Loaded plugins: refresh-packagekit
    Setting up Install Process
    Parsing package install arguments
    Resolving Dependencies
    --> Running transaction check
    ---> Package vnc-server.i386 0:4.1.3-1.fc10 set to be updated
    --> Processing Dependency: librfb.so.0 for package: vnc-server
    --> Running transaction check
    ---> Package vnc-libs.i386 0:4.1.3-1.fc10 set to be updated
    --> Finished Dependency Resolution
    
    Dependencies Resolved
    
    ===================================================================================================================================
     Package                         Arch                      Version                              Repository                    Size
    ===================================================================================================================================
    Installing:
     vnc-server                      i386                      4.1.3-1.fc10                         updates                      884 k
    Installing for dependencies:
     vnc-libs                        i386                      4.1.3-1.fc10                         updates                      167 k
    
    Transaction Summary
    ===================================================================================================================================
    Install      2 Package(s)         
    Update       0 Package(s)         
    Remove       0 Package(s)         
    
    Total download size: 1.0 M
    Is this ok [y/N]: y
    Downloading Packages:
    (1/2): vnc-libs-4.1.3-1.fc10.i386.rpm                                                                       | 167 kB     00:00     
    (2/2): vnc-server-4.1.3-1.fc10.i386.rpm                                                                     | 884 kB     00:00     
    -----------------------------------------------------------------------------------------------------------------------------------
    Total                                                                                               69 kB/s | 1.0 MB     00:15     
    ======================================================== Entering rpm code ========================================================
    Running rpm_check_debug
    Running Transaction Test
    Finished Transaction Test
    Transaction Test Succeeded
    Running Transaction
      Installing     : vnc-libs                                                                                                    1/2 
      Installing     : vnc-server                                                                                                  2/2 
    ======================================================== Leaving rpm code =========================================================
    
    Installed:
      vnc-server.i386 0:4.1.3-1.fc10                                                                                                   
    
    Dependency Installed:
      vnc-libs.i386 0:4.1.3-1.fc10                                                                                                     
    
    Complete!
 

Starting and Stopping VNC Server (Only when you need it)

vncsever should only be run when you need to access the server remotely. There several reasons for this. The primary ones are 1) it isn't a secure service and 2) it takes resources away from other things.

Setting up the VNC server the first time

After you install the server, you need to run it the first time and edit some files to get it operational.

When you first run vncserver

# vncserver

You will get the following

You will require a password to access your desktops.

Password:

Enter a strong password

Now stop the vncserver:

     # vncserver -kill :1

     Killing Xvnc process ID 23364

When you run vncserver for the first time, it created a directory in the home directory of the account it has been run under. If you run this under your account then vnc setting files will be saved to /home/youraccountname/.vnc

You need to edit the /home/youraccountname/.vnc/xstartup file and edit the last line and add one line:

	#twm &
	/usr/bin/gnome-session &

Starting and Stopping as needed

The vncserver is ready to start and stop as you need it.

When you need to access your server remotely using the GUI, login using ssh, then start the vncserver

     # vncserver

When you are finished (best not to logout of the ssh while doing remote desktop) you then stop the vncserver

     # vncserver -kill :1

In this way, the service is only operating when needed and does not present a long term security issue.

Configuring and using the VNCSERVER

Test the VNC Server

You need to download a viewer. There are several that support VNC. Common to windows is real-vnc and to mac is chicken of the vnc

Run the client viewer software and enter the system name and view 1 (for windows this is denoted with :1 after the system name).

VNC numbers views starting at 0 = port 5900 on your system. 1 is the default = port 5901, which is the port you opened and the default on the vnc-server install

For additional security, you can always change the port on your server to another port that might not be as easy to find.

If you have everything setup right, then you will see your desktop. If not, go back up to the top and review your changes.

Swiki

For this part of the exercise there will not be many step-by-step directions provided. Be sure to read the install information comntained in the software.

Swiki is a standalone wiki that is based on squeak, which is based on the small-talk 80 language.

This is an example of an application that does not require php or apache to run.

You can download the software at http://wiki.squeak.org/swiki/15

Now that you have remote access to your server GUI, you can run firefox on your server and download it directly to the file system.

Once you have it downloaded and extracted, read the install steps.

The first time you run it will be using the remote GUI (vncserver) so that you can see the Swiki gui and configure it for port 8080 and the other elements that are required as stated in the install directions. [Hint: You will be using the terminal program within the Fedora GUI that you are accessing via VNC to start the swiki in order to see the setup window.]

If all things are right and the swiki is started, you can access your server swiki remotely using your web browser. The direction for doing this and starting the configuration process are contained in the SETUP window that is discussed in the previous paragraph.

Once you know this works when running it by hand from the GUI, you need to read the directions on how to run it "headless".

Fedora provides a file that is always read at startup to run scripts and applications. It is named /etc/rc.d/rc.local. You will want to place the swiki headless command in this file

You can test if headless runs, by running rc.local

     # /etc/rc.d/rc.local

Just be sure to kill any processes that are started so that you do not have more than one swiki running

How to find and kill a process

find the process

     # ps -ef | less

Look to see if you can find the process in question, for swiki we ran the command squeak..so we are looking for something line

     root      3041     1  2 Feb08 ?        06:05:30 ./squeak -headless squeak.image

This tells us that the process for squeak is 3041

You can now kill that process:

     # kill -9 3041

and be able to run the rc.local again for testing

once you know the swiki runs okay in rc.local, try restarting your computer remotely and testing to see if it comes up as you expect

the command to restart your server is
NOTE: you have to be root to issue this command and YOU MUST ALWAYS put -r (for restart). If you don't your server will shutdown and turn off.

     # /sbin/shutdown -r now

Your computer will NOW restart. Hopefully!

March 23 - April 12, 2010

Assignment 4 - (MYSQL and PHP)

Assignment 4 focuses on the following issues. Be sure to examine these issues in the book and online in order to fully understand the concepts and terms:
• What is MYSQL
• What is PHP
• What is Apache
• What are the ports (primary and alternate) that HTTP uses
• How does a web browser talk to the web server

Install Mysql

The following steps will install mysql.

1. To Install Mysql (this will update and expand the default install) 
   # yum install mysql mysql-devel mysql-server
          
2. Create the system startup links for MySQL and start the MySQL server:
   # chkconfig mysqld on
          
3. Start Mysql (this will generate some start up messages)
   # /etc/init.d/mysqld start
          
4. Set the Root Password
   # mysqladmin -u root password yourrootsqlpassword
          
5. Install mysql admin (this will allow you to admin the database via VNC)
   # yum install mysql-administrator
          

Mysql Admin

When you are ready to access your database locally.
• Get into your system via VNC
• Start the app -- Applications > System Tools > MYSQL Administrator
• Login into your mysql server. Since you are running it locally, you do not have to open port 3306.
• If you want to use an external mysql management like Navicat you will need to open port 3306
• You will also need to change the permission of the users to allow for outside connetions.
• NOTE: Don't allow ROOT access remotely. Setup another database account.

Install PHP

This will update the current install on the system.

    
1. Install/Update Apache with PHP 5 Support (the following are a selection of common php moduls)
   # yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel

2. Edit /etc/httpd/conf/httpd.conf
   change DirectoryIndex to
     DirectoryIndex index.html index.htm index.php
     
   Add the following line under #AddType application/x-tar .tgz
     AddType application/x-httpd-php .php .html
     
3. Configure start Apache at boot time
   # chkconfig httpd on

4. Start Apache
   # /sbin/service httpd restart 

Test PHP

Create a php test file and view the php into page.

    
1. Create phptest.html file that contains the following information.  
   This allows us to test both html and php
   
         <html>
         <body>
         html test
         <hr>
         <?php
         echo "php test<hr>";
         phpinfo();
         ?>

2. Upload the file into your root html directory.

3. Using your browser view the web page.  You should see this.

4. You want to confirm that you have a MYSQL module installed, 
   otherwise talking to the database does nothing.  
   If you do not see mysql in the list of modules, then you missed something.

5. NOTE: In order for mysql to showup in the php install, it has to be 
   installed and RUNNING at the time of the php install above.
          

Joomla

Some notes and comments about installing Joomla

April 13 - May 3, 2010

Assignment 5 Due - (Dynamic Web Content)