Securing-Optimizing-RH-Linux-1_2_369
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
369
[root@deep apache_1.3.12]# make install
[root@deep apache_1.3.12]# rm -f /usr/sbin/apachectl
[root@deep apache_1.3.12]# rm -f /usr/man/man8/apachectl.8
[root@deep apache_1.3.12]# rm -rf /home/httpd/icons/
[root@deep apache_1.3.12]# rm -rf /home/httpd/htdocs/
[root@deep apache_1.3.12]# cd /var/tmp/php-4.0
[root@deep php-4.0]# install -m 644 php.ini.dist /etc/httpd/php.ini
[root@deep php-4.0]# rm -rf /etc/httpd/conf/ssl.crl/
[root@deep php-4.0]# rm -rf /etc/httpd/conf/ssl.crt/
[root@deep php-4.0]# rm -rf /etc/httpd/conf/ssl.csr/
[root@deep php-4.0]# rm -rf /etc/httpd/conf/ssl.key/
[root@deep php-4.0]# rm -rf /etc/httpd/conf/ssl.prm/
[root@deep php-4.0]# rm -f /etc/httpd/conf/srm.conf srm.conf.default access.conf access.conf.default
The make command will compile all source files into executable binaries, and make install
will install the binaries and any supporting files into the appropriate locations. The rm -f
command will remove the small script apachectl responsible to start and stop the Apache
daemon since we use a better script named httpd located under the /etc/rc.d/init.d/ directory
that take advantage of Linux system V. We also remove the /home/httpd/icons directory used
under Apache when you use its automatic indexing feature. This feature can bring a security risk
and for this reason we disable this option in the configuration file and can safety remove the
directory to make space in the Linux server. The /home/httpd/htdocs directory handle all
documentation files related to Apache, so after we have finished to read this documentation, we
can remove it to make space. The install -m command will install the php.ini.dist file under
/etc/httpd/ directory and will rename it php.ini, this file controls many aspects of PHP's
behavior. The ssl.crl, ssl.crt, ssl.csr, ssl.key, and ssl.prm directories under /etc/httpd/conf are
all the directories related to SSL and handle private and public keys, since we use another
location /etc/ssl/ we can remove them safety. Finally, we remove the unused srm.conf,
srm.conf.default, access.conf, and access.conf.default files that are now included in the
httpd.conf file of Apache.
Cleanup after work
[root@deep /]# cd /var/tmp
[root@deep tmp]# rm -rf apache-version/ apache-version.tar.gz mod_ssl-version-version/ mod_ssl-version-
version.tar.gz php-version/ php-version.tar.gz mod_perl-version/ mod_perl-version.tar.gz
The rm command will remove all the source files we have used to compile and install Apache,
mod_ssl, mod_perl, and php. It will also remove the Apache, mod_ssl, mod_perl, and php
compressed archive from the /var/tmp directory.
Configurations
Configuration files for different services are very specific depending of your need and your
network architecture. Someone can install Apache Server for showing web pages only; other can
install it with database connectivity, electronic business with SSL support, etc. In this book, we
provide you an httpd.conf file setting with PHP, Perl, SSL, LDAP, and password authentication
to show you different possibility.
Well focus on optimization and security of these files and let all specific adjustments to your
tastes. So you will need to read documentation that comes with these programs and understand
them.
All software we describe in this book has a specific directory and subdirectory in a tar
compressed archive named floppy.tgz containing file configurations for the specific program. If
you get this archive file, you wouldnt be obliged to reproduce the different configuration files
bellow manually or cut and past them to create your configuration files. Whatever your decide to
copy manually or get the files made to your convenience from the archive compressed files, it will