This exercise is a part of [Linux servers (ICT4TN021, spring 2018) // Linux-palvelimet (ICT4TN021, kevät 2018)](http://www.haaga-helia.fi/fi/opinto-opas/opintojaksokuvaukset/ICT4TN021) school course organized as a part of Information Technology studies in Haaga-Helia university of Applied Sciences, Helsinki, Finland. Course lecturer [Tero Karvinen](http://terokarvinen.com/) has defined the original assignment descriptions in Finnish presented in this document in English. Answers and translations have been written by Pekka Helenius (me, ~ Fincer).
*Table of contents:*
--------------
- [a) **Websites on the server** Make it possible to create home pages with normal user privileges in your virtual server environment.](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h4.md#a-make-it-possible-to-create-home-pages-with-normal-user-privileges-in-your-virtual-server-environment)
- [EXTRA: Deleting Server field from HTTP header by updating Apache source code on Debian-based Linux distributions](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h4.md#extra-deleting-server-field-from-http-header-by-updating-apache-source-code-on-debian-based-linux-distributions)
- [b) **Default website** Set user default website to be the default website for Apache in your virtual server environment.](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h4.md#b-set-user-default-website-to-be-the-default-website-for-apache-in-your-virtual-server-environment)
- [c) **Short penetration analysis** Find clues of possible penetration attempts to your web server. You can find more information about suspicious IP address without connecting them by using commands ipcalc, geoiplookup and whois, for instance.](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h4.md#c-find-clues-of-possible-penetration-attempts-to-your-web-server-you-can-find-more-information-about-suspicious-ip-address-without-connecting-them-by-using-commands-ipcalc-geoiplookup-and-whois-for-instance)
- [d) **Transferring website files** Create a set of websites on your local computer and copy the sites to your web server with scp command.](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h4.md#d-create-a-set-of-websites-on-your-local-computer-and-copy-the-sites-to-your-web-server-with-scp-command)
- [e) **PHP website** Set up a simple PHP webpage on your web server. For instance, you can print a remote address of the user ( $_SERVER['REMOTE_ADDR'] ) etc. Be careful if you use input forms of any kind.](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h4.md#e-set-up-a-simple-php-webpage-on-your-web-server-for-instance-you-can-print-a-remote-address-of-the-user--_serverremote_addr--etc-be-careful-if-you-use-input-forms-of-any-kind)
--------------
**a)** Make it possible to create home pages with normal user privileges in your virtual server environment.
--------------
@ -189,8 +206,10 @@ where
Permissions can be written in numeric form but also in symbolic form. For instance,
```
775 = rwxrwxr-x (4+2+1, 4+2+1, 4+1)
ug=rwx,o=rx => rwxrwxr-x
```
Take a look on the following links to get more information about Unix permissions:
@ -389,7 +408,7 @@ Header unset ETag
More about HTTP header syntax in [Wikipedia](https://en.wikipedia.org/wiki/List_of_HTTP_header_fields). More articles in [ETag](https://en.wikipedia.org/wiki/HTTP_ETag), [Vary: Accept-Encoding](https://blog.stackpath.com/accept-encoding-vary-important), etc.
**s)** Set user default website to be the default website for Apache in your virtual server environment.
**b)** Set user default website to be the default website for Apache in your virtual server environment.
Your Apache web server should redirect all traffic of `http://174.138.2.190:80/index.html` to address `http://174.138.2.190:80/`
**y)** Find clues of possible penetration attempts to your web server. You can find more information about suspicious IP address without connecting them by using commands ipcalc, geoiplookup and whois, for instance.
**c)** Find clues of possible penetration attempts to your web server. You can find more information about suspicious IP address without connecting them by using commands ipcalc, geoiplookup and whois, for instance.
--------------
**Answer:**
The key principle to check any malicious activity is to check system log files, mainly `/var/log/apache/access.log` and `/var/log/apache/error.log` (Apache). Malicious SSH attempts may be checked in `/var/log/auth.log`. Other relevant log files must be considered as important, too.
At the time of writing this answer, the Apache web server was running bit over a week period. However, there were no any webpage deployed during that time, and therefore my web server hadn't created any major log entries. However, I noticed one suspicious connection attempt to setup.php file of phpMyAdmin software, although the software was not installed. The lookup was done by checking web server log file `/var/log/apache2/access.log`. The log entry itself was as follows:
```
@ -528,7 +549,7 @@ The most memorable log entry from the past years was, however, a penetration att
**y)** Create a set of websites on your local computer and copy the sites to your web server with scp command.
**d)** Create a set of websites on your local computer and copy the sites to your web server with scp command.
--------------
**Answer:**
@ -594,7 +615,7 @@ The deployed website can be viewed in URL address `http://174.138.2.190:80/~monk
**NOTE:** There are differences in the URL due to language reasons (`~apina` translates from finnish to english as `~monkey`)
**y)** Set up a simple PHP webpage on your web server. For instance, you can print a remote address of the user ( $_SERVER['REMOTE_ADDR'] ) etc. Be careful if you use input forms of any kind.
**e)** Set up a simple PHP webpage on your web server. For instance, you can print a remote address of the user ( $_SERVER['REMOTE_ADDR'] ) etc. Be careful if you use input forms of any kind.
Pekka Helenius
5 years ago
GitHub