From d08d162e232be10b02bdb3c2b9dfaf5d039a5107 Mon Sep 17 00:00:00 2001 From: Pekka Helenius Date: Sun, 4 Nov 2018 14:58:43 +0200 Subject: [PATCH] H4: clean-up + add more info about deb-src --- exercises/h4.md | 69 +++++++++++++++++++++++++++++++++++-------------- 1 file changed, 49 insertions(+), 20 deletions(-) diff --git a/exercises/h4.md b/exercises/h4.md index 66a9012..18baed3 100644 --- a/exercises/h4.md +++ b/exercises/h4.md @@ -276,19 +276,41 @@ We want to remove field `Server: Apache`. Multiple approaches were tested (such Download Apache source code on your Debian-based Linux distribution: ``` -newuser@goauldhost:~$ mkdir -p ./source_codes/apache2 && cd ./source_codes/apache2 -newuser@goauldhost:~/source_codes/apache2$ apt-get source apache2 +mkdir -p ~/source_codes/apache2 && cd ~/source_codes/apache2 && \ +apt-get source apache2 + +``` + +-------------------------- + +**NOTE:** If you get the following error: + +``` +Reading package lists... Done +E: You must put some 'source' URIs in your sources.list +``` + +then just 1) uncomment all `deb-src` lines in `/etc/apt/sources.list` file, 2) remove duplicate entries and 3) update databases by issuing the following command sequence: + ``` +sudo sed -i 's/^# deb-src/deb-src/g' /etc/apt/sources.list && \ +cat /etc/apt/sources.list | awk '!x[$0]++' | sudo tee /etc/apt/sources.list && \ +sudo apt-get update -After which add [source code patch file](https://raw.githubusercontent.com/Fincer/linux-server-setup/master/patches/patch_apache_servertokens.patch) into created `$HOME/source_codes/apache2` folder. +``` + +-------------------------- + +After downloading the source add [source code patch file](https://raw.githubusercontent.com/Fincer/linux-server-setup/master/patches/patch_apache_servertokens.patch) into created `$HOME/source_codes/apache2` folder. **NOTE:** I have personally created the patch file with Unix tool `diff`. The patch file is not downloaded from any suspicious website. You can always check & analyse the patch file code yourself if still hesitating. If you have a working Apache HTTP daemon (web server) environment on your Linux, please check the version of your Apache software version with the following command before compiling & installing a custom-patched Apache version: ``` -newuser@goauldhost:~$ dpkg -s apache2 |grep -i version -Version: 2.4.18-2ubuntu3.5 +dpkg -s apache2 |grep -i version + + Version: 2.4.18-2ubuntu3.5 ``` In that way we can be sure version of the downloaded source code matches with our already-installed/existing Apache environment. @@ -296,25 +318,25 @@ In that way we can be sure version of the downloaded source code matches with ou Once you have downloaded the source code, go to the following folder (which contains the code): ``` -newuser@goauldhost:~/source_codes/apache2$ cd apache2-2.4.18/ +cd ~/source_codes/apache2/apache2-2.4.18/ ``` -Implement the patch file changes into the Apache source code: +Implement the patch file changes into the Apache source code in your current working directory `~/source_codes/apache2/apache2-2.4.18`: ``` -newuser@goauldhost:~/source_codes/apache2/apache2-2.4.18$ patch -Np1 -i < ../patch_apache_servertokens.patch +patch -Np1 -i < ../patch_apache_servertokens.patch ``` Before compiling Apache web server, you must install the following build time dependencies: ``` -newuser@goauldhost:~/source_codes/apache2/apache2-2.4.18$ sudo apt-get install debhelper libaprutil1-dev libapr1-dev libpcre3-dev zlib1g-dev libssl-dev liblua5.1-0-dev libxml2-dev autotools-dev build-essential libnghttp2-dev liblua5.2-dev +sudo apt-get install debhelper libaprutil1-dev libapr1-dev libpcre3-dev zlib1g-dev libssl-dev liblua5.1-0-dev libxml2-dev autotools-dev build-essential libnghttp2-dev liblua5.2-dev ``` -Compile and install the Apache web server: +Compile and install the Apache web server in your current working directory `~/source_codes/apache2/apache2-2.4.18`: ``` -newuser@goauldhost:~/source_codes/apache2/apache2-2.4.18$ dpkg-buildpackage -rfakeroot -b -us -uc +dpkg-buildpackage -rfakeroot -b -us -uc ... ... @@ -324,7 +346,7 @@ newuser@goauldhost:~/source_codes/apache2/apache2-2.4.18$ dpkg-buildpackage -rfa If Apache HTTP daemon is running, stop it: ``` -newuser@goauldhost:~/source_codes/apache2$ sudo systemctl stop apache2.service +sudo systemctl stop apache2.service ``` It is essential to check which apache2 packages have been installed into the target system. We want to install only specific deb packages already found in the system, as multiple deb packages have been compiled by the previous command. All found Apache2 packages in the system should be replaced by the ones compiled from the Apache2 source code. @@ -332,8 +354,8 @@ It is essential to check which apache2 packages have been installed into the tar System has the following Apache2 packages: ``` -newuser@goauldhost:~/source_codes/apache2/apache2-2.4.18$ cd .. -newuser@goauldhost:~/source_codes/apache2$ dpkg --get-selections |grep apache | awk '{print $1}' +dpkg --get-selections |grep apache | awk '{print $1}' + apache2 apache2-bin apache2-data @@ -345,7 +367,8 @@ libapache2-mod-php7.0 Then we compare the above list to the compiled deb packages: ``` -newuser@goauldhost:~/source_codes/apache2$ ls |grep deb +ls ~/source_codes/apache2 |grep deb + apache2_2.4.18-2ubuntu3.5_amd64.deb apache2_2.4.18-2ubuntu3.5.debian.tar.xz apache2-bin_2.4.18-2ubuntu3.5_amd64.deb @@ -364,16 +387,22 @@ apache2-utils_2.4.18-2ubuntu3.5_amd64.deb sudo apt-get install -y libaprutil1-dbd-sqlite3 libaprutil1-dbd-mysql libaprutil1-dbd-odbc libaprutil1-dbd-pgsql libaprutil1-ldap libmysqlclient20 libodbc1 libpq5 mysql-common ``` -... after which we can install our compiled Apache2 packages with `dpkg -i` command: +... after which we can install our compiled Apache2 packages with `dpkg -i` command (assuming your architecture is `amd64`): ``` -newuser@goauldhost:~/source_codes/apache2$ sudo dpkg -i apache2_2.4.18-2ubuntu3.5_amd64.deb apache2-bin_2.4.18-2ubuntu3.5_amd64.deb apache2-data_2.4.18-2ubuntu3.5_all.deb apache2-utils_2.4.18-2ubuntu3.5_amd64.deb +APACHE_NEW_VERSION="2.4.18-2ubuntu3.5" + +cd ~/source_codes/apache2 && \ +sudo dpkg -i apache2_${APACHE_NEW_VERSION}_amd64.deb apache2-bin_${APACHE_NEW_VERSION}_amd64.deb apache2-data_${APACHE_NEW_VERSION}_all.deb apache2-utils_${APACHE_NEW_VERSION}_amd64.deb + ``` +where `APACHE_NEW_VERSION` is the new compiled version of your Apache web server. + If everything has succeeded you should have a working, patched Apache web server in your target system. Because the patches web server software supports `ServerTokens None` option now, we shall add this option into `/etc/apache2/apache2.conf`. ``` -newuser@goauldhost:~$ sudoedit /etc/apache2/apache2.conf +sudoedit /etc/apache2/apache2.conf ``` Add the following lines (// just replace `ServerTokens Prod` with `ServerTokens None`): @@ -389,7 +418,7 @@ ServerTokens None Restart Apache2 server (you must apply the patch file before doing this because the default Apache software does not implement `None` for ServerTokens): ``` -newuser@goauldhost:~$ sudo systemctl start apache2.service +sudo systemctl start apache2.service ``` Check whether the configuration works: @@ -443,7 +472,7 @@ As I have stated in the patch file, the removal can bury underneath problems in Apply the patch by doing the following in your `~/source_codes/apache2/apache2-2.4.18` folder: ``` -newuser@goauldhost:~/source_codes/apache2/apache2-2.4.18$ patch -Np1 -i < ../patch_apache_disable_additional_errormsg.patch +patch -Np1 -i < ../patch_apache_disable_additional_errormsg.patch ``` and follow the procedures of the previous section to compile and install Apache from source code.