Browse Source

H4: clean-up + add more info about deb-src

master
Pekka Helenius 6 years ago
committed by GitHub
parent
commit
d08d162e23
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 49 additions and 20 deletions
  1. +49
    -20
      exercises/h4.md

+ 49
- 20
exercises/h4.md View File

@ -276,19 +276,41 @@ We want to remove field `Server: Apache`. Multiple approaches were tested (such
Download Apache source code on your Debian-based Linux distribution: Download Apache source code on your Debian-based Linux distribution:
``` ```
newuser@goauldhost:~$ mkdir -p ./source_codes/apache2 && cd ./source_codes/apache2
newuser@goauldhost:~/source_codes/apache2$ apt-get source apache2
mkdir -p ~/source_codes/apache2 && cd ~/source_codes/apache2 && \
apt-get source apache2
```
--------------------------
**NOTE:** If you get the following error:
```
Reading package lists... Done
E: You must put some 'source' URIs in your sources.list
```
then just 1) uncomment all `deb-src` lines in `/etc/apt/sources.list` file, 2) remove duplicate entries and 3) update databases by issuing the following command sequence:
``` ```
sudo sed -i 's/^# deb-src/deb-src/g' /etc/apt/sources.list && \
cat /etc/apt/sources.list | awk '!x[$0]++' | sudo tee /etc/apt/sources.list && \
sudo apt-get update
After which add [source code patch file](https://raw.githubusercontent.com/Fincer/linux-server-setup/master/patches/patch_apache_servertokens.patch) into created `$HOME/source_codes/apache2` folder.
```
--------------------------
After downloading the source add [source code patch file](https://raw.githubusercontent.com/Fincer/linux-server-setup/master/patches/patch_apache_servertokens.patch) into created `$HOME/source_codes/apache2` folder.
**NOTE:** I have personally created the patch file with Unix tool `diff`. The patch file is not downloaded from any suspicious website. You can always check & analyse the patch file code yourself if still hesitating. **NOTE:** I have personally created the patch file with Unix tool `diff`. The patch file is not downloaded from any suspicious website. You can always check & analyse the patch file code yourself if still hesitating.
If you have a working Apache HTTP daemon (web server) environment on your Linux, please check the version of your Apache software version with the following command before compiling & installing a custom-patched Apache version: If you have a working Apache HTTP daemon (web server) environment on your Linux, please check the version of your Apache software version with the following command before compiling & installing a custom-patched Apache version:
``` ```
newuser@goauldhost:~$ dpkg -s apache2 |grep -i version
Version: 2.4.18-2ubuntu3.5
dpkg -s apache2 |grep -i version
Version: 2.4.18-2ubuntu3.5
``` ```
In that way we can be sure version of the downloaded source code matches with our already-installed/existing Apache environment. In that way we can be sure version of the downloaded source code matches with our already-installed/existing Apache environment.
@ -296,25 +318,25 @@ In that way we can be sure version of the downloaded source code matches with ou
Once you have downloaded the source code, go to the following folder (which contains the code): Once you have downloaded the source code, go to the following folder (which contains the code):
``` ```
newuser@goauldhost:~/source_codes/apache2$ cd apache2-2.4.18/
cd ~/source_codes/apache2/apache2-2.4.18/
``` ```
Implement the patch file changes into the Apache source code:
Implement the patch file changes into the Apache source code in your current working directory `~/source_codes/apache2/apache2-2.4.18`:
``` ```
newuser@goauldhost:~/source_codes/apache2/apache2-2.4.18$ patch -Np1 -i < ../patch_apache_servertokens.patch
patch -Np1 -i < ../patch_apache_servertokens.patch
``` ```
Before compiling Apache web server, you must install the following build time dependencies: Before compiling Apache web server, you must install the following build time dependencies:
``` ```
newuser@goauldhost:~/source_codes/apache2/apache2-2.4.18$ sudo apt-get install debhelper libaprutil1-dev libapr1-dev libpcre3-dev zlib1g-dev libssl-dev liblua5.1-0-dev libxml2-dev autotools-dev build-essential libnghttp2-dev liblua5.2-dev
sudo apt-get install debhelper libaprutil1-dev libapr1-dev libpcre3-dev zlib1g-dev libssl-dev liblua5.1-0-dev libxml2-dev autotools-dev build-essential libnghttp2-dev liblua5.2-dev
``` ```
Compile and install the Apache web server:
Compile and install the Apache web server in your current working directory `~/source_codes/apache2/apache2-2.4.18`:
``` ```
newuser@goauldhost:~/source_codes/apache2/apache2-2.4.18$ dpkg-buildpackage -rfakeroot -b -us -uc
dpkg-buildpackage -rfakeroot -b -us -uc
... ...
<compiling source code> <compiling source code>
... ...
@ -324,7 +346,7 @@ newuser@goauldhost:~/source_codes/apache2/apache2-2.4.18$ dpkg-buildpackage -rfa
If Apache HTTP daemon is running, stop it: If Apache HTTP daemon is running, stop it:
``` ```
newuser@goauldhost:~/source_codes/apache2$ sudo systemctl stop apache2.service
sudo systemctl stop apache2.service
``` ```
It is essential to check which apache2 packages have been installed into the target system. We want to install only specific deb packages already found in the system, as multiple deb packages have been compiled by the previous command. All found Apache2 packages in the system should be replaced by the ones compiled from the Apache2 source code. It is essential to check which apache2 packages have been installed into the target system. We want to install only specific deb packages already found in the system, as multiple deb packages have been compiled by the previous command. All found Apache2 packages in the system should be replaced by the ones compiled from the Apache2 source code.
@ -332,8 +354,8 @@ It is essential to check which apache2 packages have been installed into the tar
System has the following Apache2 packages: System has the following Apache2 packages:
``` ```
newuser@goauldhost:~/source_codes/apache2/apache2-2.4.18$ cd ..
newuser@goauldhost:~/source_codes/apache2$ dpkg --get-selections |grep apache | awk '{print $1}'
dpkg --get-selections |grep apache | awk '{print $1}'
apache2 apache2
apache2-bin apache2-bin
apache2-data apache2-data
@ -345,7 +367,8 @@ libapache2-mod-php7.0
Then we compare the above list to the compiled deb packages: Then we compare the above list to the compiled deb packages:
``` ```
newuser@goauldhost:~/source_codes/apache2$ ls |grep deb
ls ~/source_codes/apache2 |grep deb
apache2_2.4.18-2ubuntu3.5_amd64.deb apache2_2.4.18-2ubuntu3.5_amd64.deb
apache2_2.4.18-2ubuntu3.5.debian.tar.xz apache2_2.4.18-2ubuntu3.5.debian.tar.xz
apache2-bin_2.4.18-2ubuntu3.5_amd64.deb apache2-bin_2.4.18-2ubuntu3.5_amd64.deb
@ -364,16 +387,22 @@ apache2-utils_2.4.18-2ubuntu3.5_amd64.deb
sudo apt-get install -y libaprutil1-dbd-sqlite3 libaprutil1-dbd-mysql libaprutil1-dbd-odbc libaprutil1-dbd-pgsql libaprutil1-ldap libmysqlclient20 libodbc1 libpq5 mysql-common sudo apt-get install -y libaprutil1-dbd-sqlite3 libaprutil1-dbd-mysql libaprutil1-dbd-odbc libaprutil1-dbd-pgsql libaprutil1-ldap libmysqlclient20 libodbc1 libpq5 mysql-common
``` ```
... after which we can install our compiled Apache2 packages with `dpkg -i` command:
... after which we can install our compiled Apache2 packages with `dpkg -i` command (assuming your architecture is `amd64`):
``` ```
newuser@goauldhost:~/source_codes/apache2$ sudo dpkg -i apache2_2.4.18-2ubuntu3.5_amd64.deb apache2-bin_2.4.18-2ubuntu3.5_amd64.deb apache2-data_2.4.18-2ubuntu3.5_all.deb apache2-utils_2.4.18-2ubuntu3.5_amd64.deb
APACHE_NEW_VERSION="2.4.18-2ubuntu3.5"
cd ~/source_codes/apache2 && \
sudo dpkg -i apache2_${APACHE_NEW_VERSION}_amd64.deb apache2-bin_${APACHE_NEW_VERSION}_amd64.deb apache2-data_${APACHE_NEW_VERSION}_all.deb apache2-utils_${APACHE_NEW_VERSION}_amd64.deb
``` ```
where `APACHE_NEW_VERSION` is the new compiled version of your Apache web server.
If everything has succeeded you should have a working, patched Apache web server in your target system. Because the patches web server software supports `ServerTokens None` option now, we shall add this option into `/etc/apache2/apache2.conf`. If everything has succeeded you should have a working, patched Apache web server in your target system. Because the patches web server software supports `ServerTokens None` option now, we shall add this option into `/etc/apache2/apache2.conf`.
``` ```
newuser@goauldhost:~$ sudoedit /etc/apache2/apache2.conf
sudoedit /etc/apache2/apache2.conf
``` ```
Add the following lines (// just replace `ServerTokens Prod` with `ServerTokens None`): Add the following lines (// just replace `ServerTokens Prod` with `ServerTokens None`):
@ -389,7 +418,7 @@ ServerTokens None
Restart Apache2 server (you must apply the patch file before doing this because the default Apache software does not implement `None` for ServerTokens): Restart Apache2 server (you must apply the patch file before doing this because the default Apache software does not implement `None` for ServerTokens):
``` ```
newuser@goauldhost:~$ sudo systemctl start apache2.service
sudo systemctl start apache2.service
``` ```
Check whether the configuration works: Check whether the configuration works:
@ -443,7 +472,7 @@ As I have stated in the patch file, the removal can bury underneath problems in
Apply the patch by doing the following in your `~/source_codes/apache2/apache2-2.4.18` folder: Apply the patch by doing the following in your `~/source_codes/apache2/apache2-2.4.18` folder:
``` ```
newuser@goauldhost:~/source_codes/apache2/apache2-2.4.18$ patch -Np1 -i < ../patch_apache_disable_additional_errormsg.patch
patch -Np1 -i < ../patch_apache_disable_additional_errormsg.patch
``` ```
and follow the procedures of the previous section to compile and install Apache from source code. and follow the procedures of the previous section to compile and install Apache from source code.


Loading…
Cancel
Save