ERROR: PleskFatalException
Unable to make action: Unable to manage service by websrvmng:
websrvmng: No such file ‘/usr/local/etc/rc.d/apache2.sh’:
No such file or directory System error 2: No such file or directory

Apache startup script name is specified with the following variable in /etc/psa/psa.conf file:

#apache startup script
HTTPD_SERVICE apache2

Find out what the actual apache startup script file name is, it may be either apache2 or apache2.sh:

# ls /usr/local/etc/rc.d/apache2*
/usr/local/etc/rc.d/apache2

then set the correct value in /etc/psa/psa.conf for HTTPD_SERVICE variable.

Incoming search terms:

• ERROR: PleskFatalException StatInfo->getProductVersion failed: Plesk version file doesnt exist or empty debian (2)
• websrvmng: service /usr/local/etc/rc d/apache2 failed to restart (2)
• councurrent execution flvtool2 windows (1)
• plesk apache-config t failed (1)
• pleskfatalexception: /usr/local/psa/admin/bin/apache-config -t failed with code 1 (1)
• unable to exec utility packagemng: file does not exist or is not executable: /usr/local/psa/admin/bin/packagemng (1)

What is .htaccess and how to disable .htaccess?

.htaccess is use to modify the way Apache behaves for a directory and it’s sub-directories. It gives you an extra control on your server, like setting up custom error messages, password protect a directory, writing rewrite rules, blocking IPs etc.

However, it can be a potentially dangerous file. For example, a hacker can redirect your website to an external website say a malware website.

In order to disable .htaccess server wide, edit the Apache configuration file

pico /etc/httpd/conf/httpd.conf

Search for

    AllowOverride All

replace it with

    AllowOverride None

Save the file and restart the Apache service.

service httpd restart

Incoming search terms:

• disable htaccess plesk (1)

AddHandler application/x-httpd-php .php .html

You can also add the above line in your .htaccess file of the domain.

Incoming search terms:

• php file is asking to download (1)

So what if you need to access a different directory?

The easiest way is to amend the vhost.conf file of the
specific domain.

Open the vhost.conf file if it exists. If not…create it. The vhost.conf file is found under /PATH-TO-DOMAIN/YourDomain.tld/conf/vhost.conf

Add these lines:-

<Directory /PATH-TO-DOMAIN/YourDomain.tld/httpdocs>
php_admin_value open_basedir /PATH-TO-DOMAIN/YourDomain.tld/httpdocs:/tmp:/ADD-YOUR-DIR:/
</Directory>

Save the vhost.conf file and run this command to load the changes into Apache

/usr/local/psa/admin/sbin/websrvmng -a -v

Restart Apache….your finished

Incoming search terms:

• centos php open_basedir error (3)
• access htdocs folder outside plesk panel (1)
• plesk open_basedir update (1)
• plesk module open_basedir (1)
• plesk ftp outside httpdocs (1)
• plesk files outside of httpdocs (1)
• open_basedir how to linux (1)
• how to find httpdocs in plesk (1)
• folders outside httpdocs in cpanel (1)
• centos find directory outside httpdocs (1)

Install NUT dependencies:

yum install net-snmp-libs gd httpd

Download the latest CentOS NUT rpm release for your architecture from: http://geekery.blog.com/category/linux/nut-ups-rpms/

NOTE: you can also download NUT from EPEL repository or the tarball directly from the NUT official site (http://www.networkupstools.org/)

Install downloaded rpms:

rpm -Uvh nut-2.6.0-2geekery.$(uname -i).rpm nut-cgi-2.6.0-2geekery.$(uname -i).rpm nut-client-2.6.0-2geekery.$(uname -i).rpm powerman-2.3.5-2geekery.$(uname -i).rpm

Common Configuration

This is the configuration for my Eaton Powerware 5115 USB UPS. Edit the driver controller configuration file, choosing the correct driver for your UPS. You can read on the HCL which is the right driver to use. My UPS it isn’t officially supported, but I found that the bcmxcp_usb driver works well, so I defined a new UPS section that begins with the name of the UPS in brackets (in my case: 5115), followed by the driver (bcmxcp_usb) and the port device (with USB UPSs choose automatic port detection).

vi /etc/ups/ups.conf

[5115]
        driver = bcmxcp_usb
        port = auto

Now choose your NUT running mode: I chose standalone mode because the UPS is power supplying only one server, but you can also use NUT in network client/server mode.

vi /etc/ups/nut.conf

MODE = standalone

Configure the IP address and port where upsd daemon listens for. The upsd.conf file control access to the server and some other parameters. In a standalone installation you can leave it at default configuration, listening to localhost.

vi /etc/ups/upsd.conf

LISTEN 127.0.0.1 3493

Now define a upsmon user/password in upsd.users file. The user I define is “local_mon” with password “PASSWORD” and upsmon role “master”. We will use this user with the upsmon component of NUT.

vi /etc/ups/upsd.users

[local_mon]
    password = PASSWORD
    upsmon master

Upsmon is the UPS monitor and shutdown controller that will monitor and tell how to shut down the system when necessary. Edit the MONITOR directive inserting the UPS name defined in ups.conf, followed by the IP address or hostname configured in upsd.conf and by the credentials and upsmon role defined in upsd.users. Leave the other directives to the default values specified.

vi /etc/ups/upsmon.conf

MONITOR 5115@localhost 1 local_mon PASSWORD master
MINSUPPLIES 1
SHUTDOWNCMD "/sbin/shutdown -h +0"
POLLFREQ 5
POLLFREQALERT 5
HOSTSYNC 15
DEADTIME 15
POWERDOWNFLAG /etc/killpower
RBWARNTIME 43200
NOCOMMWARNTIME 300
FINALDELAY 5

USB Configuration

If you you installed a NUT rpm release from http://geekery.blog.com/category/linux/nut-ups-rpms/ you can find a nut udev rule file for CentOS at this path: /lib/udev/rules.d/62-nut-usbups.rules

If you are installing a USB UPS, softlink this file in udev rules directory:

ln -s /lib/udev/rules.d/62-nut-usbups.rules /etc/udev/rules.d/62-nut-usbups.rules

and reload udev rules and trigger device detection with these commands:

udevcontrol reload_rules

udevtrigger

UPS Web Monitoring (nut-cgi)

Configure this file to let CGI programs access the UPS info:

vi /etc/ups/hosts.conf

MONITOR 5115@localhost 1 local_mon PASSWORD master

Create a Apache config file for the cgi installed with the nut-cgi package:

vi /etc/httpd/conf.d/ups-cgi.conf

ScriptAlias /nut-cgi-bin/ "/var/www/nut-cgi-bin/"
<Directory "/var/www/nut-cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>

Start UPS Daemon

Now you can try to start your NUT installation with this command:

/etc/init.d/ups start

If the start process is OK, check ups info with this command (use your ups.conf ups name instead of 5115):

upsc 5115

You can also check which instant command are supported by your UPS with this command:

upscmd -l 5115@localhost

Instant commands supported on UPS [5115]:
shutdown.return - Turn off the load and return when power is back
shutdown.stayoff - Turn off the load and remain off
test.battery.start - Start a battery test

You can start a battery test (if supported) with this command:

upscmd -u local_mon -p PASSWORD 5115 test.battery.start

You can also check the web monitoring page with a web browser: http://<upshost>/nut-cgi-bin/upsstats.cgi

Troubleshooting For Common USB Problems

If nut has problems to start check logs:

cat /var/log/messages

Many problems with USB UPSs are related to udev and device rights permission.

1) If you see these messages in /var/log/messages

udevd[513]: add_to_rules: unknown key 'ATTR{idProduct}'
udevd[513]: add_to_rules: unknown key 'ATTR{idVendor}'
udevd[513]: add_to_rules: unknown key 'ATTR{idProduct}'
udevd[513]: add_to_rules: unknown key 'SUBSYSTEMS'

You have a udev rule file that uses directives newer than the udev program version you have.

On CentOS 5.5 try to substitute “ATTR” with “SYSFS” and “SUBSYSTEMS” with “BUS”.

In the “ACTION” directive use only “add” not “change”:

	OK:	ACTION!="add", GOTO="nut-usbups_rules_end"
	ERROR:	ACTION!="add|change", GOTO="nut-usbups_rules_end"

2) Check usb device right permissions: Run the lsusb command:

lsusb

Bus 002 Device 001: ID 0000:0000
Bus 001 Device 001: ID 0000:0000
Bus 003 Device 005: ID 06da:0002 Phoenixtec Power Co., Ltd UPS
Bus 003 Device 001: ID 0000:0000
Bus 004 Device 001: ID 0000:0000
Bus 005 Device 001: ID 0000:0000
Bus 006 Device 001: ID 0000:0000
Bus 007 Device 001: ID 0000:0000

You can see from the preceding output that my usb ups is connected to the usb bus 3 device 5 and has this VendorID=06da and ProductID=0002

Grep VendorID and ProductID from nut udev rule file to see if your ups has already a rule to manage it:

grep “06da” /etc/udev/rules.d/62-nut-usbups.rules | grep 0002

SYSFS{idVendor}=="06da", SYSFS{idProduct}=="0002", MODE="664", GROUP="uucp"

I found that a rule is already present in the udev rule file: it sets file mode 664 and group ownership to uucp group to the usb device linked to the ups.

If a rule is not present for your device, copy the one above and changing VendorID and ProductID with those you found with lsusb command.

Check that device permissions are set like udev rule specify:

ls -l /dev/bus/usb/003/005

crw-rw-r– 1 root uucp 189, 260 Mar 23 23:06 /dev/bus/usb/003/005

Incoming search terms:

• eaton ups 06da-l (3)
• client nut ups (1)
• eaton 5115 ups linux management (1)
• how to ups linux (1)
• linux ups (1)
• network ups tools (1)
• network ups tools windows configuration (1)
• nut windows multiple usb (1)

I do not issue any guarantee that this will work for you!

1 Preliminary Note

I’m using a CentOS 5.5 server with the IP address 192.168.0.100 here.

2 Installing WebDAV

If Apache is not already installed, install it as follows:

yum install httpd

Afterwards, open /etc/httpd/conf/httpd.conf and make sure that the dav and dav_fs modules are enabled in the LoadModule section (they should be enabled by default):

vi /etc/httpd/conf/httpd.conf

[...]
LoadModule dav_module modules/mod_dav.so
[...]
LoadModule dav_fs_module modules/mod_dav_fs.so
[...]

Then create the system startup links for Apache and start it:

chkconfig –levels 235 httpd on
/etc/init.d/httpd start

3 Creating A Virtual Host

I will now create a default Apache vhost in the directory /var/www/web1/web. For this purpose, I will add a default vhost at the end of /etc/httpd/conf/httpd.conf. If you already have a vhost for which you’d like to enable WebDAV, you must adjust this tutorial to your situation.

First, we create the directory /var/www/web1/web and make the Apache user and group (apache) the owner of that directory:

mkdir -p /var/www/web1/web
chown apache:apache /var/www/web1/web

Then add the new vhost at the end of /etc/httpd/conf/httpd.conf:

vi /etc/httpd/conf/httpd.conf

[...]
NameVirtualHost *:80
<VirtualHost *:80>
        ServerAdmin webmaster@localhost

        DocumentRoot /var/www/web1/web/
        <Directory /var/www/web1/web/>
                Options Indexes MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

</VirtualHost>

Then reload Apache:

/etc/init.d/httpd reload

4 Configure The Virtual Host For WebDAV

Now we create the WebDAV password file /var/www/web1/passwd.dav with the user test (the -c switch creates the file if it does not exist):

htpasswd -c /var/www/web1/passwd.dav test

You will be asked to type in a password for the user test.

(Please don’t use the -c switch if /var/www/web1/passwd.dav is already existing because this will recreate the file from scratch, meaning you lose all users in that file!)

Now we change the permissions of the /var/www/web1/passwd.dav file so that only root and the members of the apache group can access it:

chown root:apache /var/www/web1/passwd.dav
chmod 640 /var/www/web1/passwd.dav

Now we modify our vhost at the end of /etc/httpd/conf/httpd.conf and add the following lines to it:

vi /etc/httpd/conf/httpd.conf

[...]
        Alias /webdav /var/www/web1/web

        <Location /webdav>
           DAV On
           AuthType Basic
           AuthName "webdav"
           AuthUserFile /var/www/web1/passwd.dav
           Require valid-user
       </Location>
[...]

The Alias directive makes (together with <Location>) that when you call /webdav, WebDAV is invoked, but you can still access the whole document root of the vhost. All other URLs of that vhost are still “normal” HTTP.

The final vhost should look like this:

[...]
NameVirtualHost *:80
<VirtualHost *:80>
        ServerAdmin webmaster@localhost

        DocumentRoot /var/www/web1/web/
        <Directory /var/www/web1/web/>
                Options Indexes MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

        Alias /webdav /var/www/web1/web

        <Location /webdav>
           DAV On
           AuthType Basic
           AuthName "webdav"
           AuthUserFile /var/www/web1/passwd.dav
           Require valid-user
       </Location>

</VirtualHost>

Reload Apache afterwards:

/etc/init.d/httpd reload

5 Testing WebDAV

We will now install cadaver, a command-line WebDAV client:

yum install cadaver

To test if WebDAV works, type:

cadaver http://localhost/webdav/

You should be prompted for a user name. Type in test and then the password for the user test. If all goes well, you should be granted access which means WebDAV is working ok. Type quit to leave the WebDAV shell:

[root@server1 ~]# cadaver http://localhost/webdav/
Authentication required for webdav on server `localhost’:
Username: test
Password:
dav:/webdav/> quit
Connection to `localhost’ closed.
[root@server1 ~]#

6 Configure A Windows XP Client To Connect To The WebDAV Share

Click on My Network Places on your desktop (I have a German Windows, so the names are a bit different in the screenshots):

Select Add a Network Place from the Network Tasks menu (on the left):

The Add Network Place Wizard comes up. Click on the Next button:

Select Choose another network location, and click on Next:

Enter http://192.168.0.100:80/webdav as the location and click on Next. You must specify the port in the WebDAV URL (:80). For some strange reason this makes Windows XP accept the normal username (e.g. test) – otherwise Windows XP expects NTLM usernames (that would have the form www.example.com\test).

You will be prompted for a user name and a password. Type in the user name test and the password for the user test:

Then type in a name for the WebDAV folder:

To open the new connection, keep the Open this network place when I click Finish box checked, and click on Finish:

The WebDAV folder will then open where you can browse the contents of the /var/www/web1/web directory and its subdirectories on the server, and you will find an icon for your new WebDAV share in the My Network Places folder:

7 Configure A Linux Client (GNOME) To Connect To The WebDAV Share

If you want to connect to the WebDAV share from a GNOME desktop, go to Places > Connect to Server…:

Select WebDAV (HTTP) as the Service type, type in the Server (192.168.0.100 in this example) and then the Folder (webdav). Do not fill in a User Name yet because otherwise the connection will fail. Click on Connect afterwards:

Now you are being prompted for a user name and password. Type in test along with the password, then click on Connect:

You might get the following error…

… but at the same time the WebDAV share should appear on the desktop, which means you can ignore the error:

Double-click on the icon to open the WebDAV share:

8 Links

• WebDAV: http://www.webdav.org/
• Apache: http://httpd.apache.org/
• CentOS: http://www.centos.org/

Incoming search terms:

• directadmin webdav (3)
• webdav directadmin (2)
• apache dav (1)
• webdav centos howto (1)
• webdav centos (1)
• webdav apache http web server windows 7 (1)
• server dav (1)
• how to configure webdav on different centos port (1)
• connect to cpanel webdav on centos (1)
• centos upload to webdav (1)

I do not issue any guarantee that this will work for you!

1 Preliminary Note

In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100. These settings might differ for you, so you have to replace them where appropriate.

2 Installing MySQL 5.0

To install MySQL, we do this:

yum install mysql mysql-server

Then we create the system startup links for MySQL (so that MySQL starts automatically whenever the system boots) and start the MySQL server:

chkconfig –levels 235 mysqld on
/etc/init.d/mysqld start

Set passwords for the MySQL root account:

mysql_secure_installation

[root@server1 ~]# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MySQL to secure it, we’ll need the current
password for the root user.  If you’ve just installed MySQL, and
you haven’t set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on…

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n] <– ENTER
New password: <– yourrootsqlpassword
Re-enter new password: <– yourrootsqlpassword
Password updated successfully!
Reloading privilege tables..
… Success!

By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] <– ENTER
… Success!

Normally, root should only be allowed to connect from ’localhost’.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] <– ENTER
… Success!

By default, MySQL comes with a database named ’test’ that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] <– ENTER
- Dropping test database…
… Success!
- Removing privileges on test database…
… Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] <– ENTER
… Success!

Cleaning up…

All done!  If you’ve completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!

[root@server1 ~]#

3 Installing Apache2

Apache2 is available as a CentOS package, therefore we can install it like this:

yum install httpd

Now configure your system to start Apache at boot time…

chkconfig –levels 235 httpd on

… and start Apache:

/etc/init.d/httpd start

Now direct your browser to http://192.168.0.100, and you should see the Apache2 placeholder page:

Apache’s default document root is /var/www/html on CentOS, and the configuration file is /etc/httpd/conf/httpd.conf. Additional configurations are stored in the /etc/httpd/conf.d/ directory.

4 Installing PHP5

We can install PHP5 and the Apache PHP5 module as follows:

yum install php

We must restart Apache afterwards:

/etc/init.d/httpd restart

5 Testing PHP5 / Getting Details About Your PHP5 Installation

The document root of the default web site is /var/www/html. We will now create a small PHP file (info.php) in that directory and call it in a browser. The file will display lots of useful details about our PHP installation, such as the installed PHP version.

vi /var/www/html/info.php

<?php
phpinfo();
?>

Now we call that file in a browser (e.g. http://192.168.0.100/info.php):

As you see, PHP5 is working, and it’s working through the Apache 2.0 Handler, as shown in the Server API line. If you scroll further down, you will see all modules that are already enabled in PHP5. MySQL is not listed there which means we don’t have MySQL support in PHP5 yet.

6 Getting MySQL Support In PHP5

To get MySQL support in PHP, we can install the php-mysql package. It’s a good idea to install some other PHP5 modules as well as you might need them for your applications. You can search for available PHP5 modules like this:

yum search php

Pick the ones you need and install them like this:

yum install php-mysql php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc

Now restart Apache2:

/etc/init.d/httpd restart

Now reload http://192.168.0.100/info.php in your browser and scroll down to the modules section again. You should now find lots of new modules there, including the MySQL module:

7 phpMyAdmin

phpMyAdmin is a web interface through which you can manage your MySQL databases.

First we enable the RPMforge repository on our CentOS system as phpMyAdmin is not available in the official CentOS 5.5 repositories:

On x86_64 systems:

wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.1-1.el5.rf.x86_64.rpm
rpm -Uhv rpmforge-release-0.5.1-1.el5.rf.x86_64.rpm

On i386 systems:

wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.1-1.el5.rf.i386.rpm
rpm -Uhv rpmforge-release-0.5.1-1.el5.rf.i386.rpm

phpMyAdmin can now be installed as follows:

yum install phpmyadmin

Now we configure phpMyAdmin. We change the Apache configuration so that phpMyAdmin allows connections not just from localhost (by commenting out the <Directory “/usr/share/phpmyadmin”> stanza):

vi /etc/httpd/conf.d/phpmyadmin.conf

#
#  Web application to manage MySQL
#

#<Directory "/usr/share/phpmyadmin">
#  Order Deny,Allow
#  Deny from all
#  Allow from 127.0.0.1
#</Directory>

Alias /phpmyadmin /usr/share/phpmyadmin
Alias /phpMyAdmin /usr/share/phpmyadmin
Alias /mysqladmin /usr/share/phpmyadmin

Next we change the authentication in phpMyAdmin from cookie to http:

vi /usr/share/phpmyadmin/config.inc.php

[...]
/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'http';
[...]

Restart Apache:

/etc/init.d/httpd restart

Afterwards, you can access phpMyAdmin under http://192.168.0.100/phpmyadmin/:

8 Links

• Apache: http://httpd.apache.org/
• PHP: http://www.php.net/
• MySQL: http://www.mysql.com/
• CentOS: http://www.centos.org/
• phpMyAdmin: http://www.phpmyadmin.net/

Incoming search terms:

• centos 5 5 phpmyadmin installation (1)
• centos vmware installed with php apache mysql and cpanel (1)
• centos yum mod_php (1)
• install phpmyadmin in var/www/html folder in centos 5 5 (1)

IMPORTANT NOTE: These suggestions may vary from server to server and modify the values as per your server configurations. It is up to you to determine if any of the changes suggested here are not compatible with your requirements.

1. Hide the Apache Version number, and other sensitive information.

By default many Apache installations provides information about version of Apache, operating system/version you’re running, and Apache Modules are installed on the server. Attackers/Hackers can use this information to their advantage when performing an attack.

Open /etc/httpd/conf/httpd.conf file and add OR edit following

ServerSignature Off
ServerTokens Prod

The ServerSignature appears on the bottom of pages generated by apache such as 404 pages, directory listings, etc.

The ServerTokens directive is used to determine what Apache will put in the Server HTTP response header. By setting it to Prod it sets the HTTP response header as follows:

Server: Apache

2. Make sure apache is running under its own user account and group

By default apache installations have it run as the user nobody. So suppose both Apache and your mail server were running as nobody and attack through Apache may allow the mail server to also be compromised, and vise versa.

User apache
Group apache

In case of CPanel, it set the username as the ftp username of the domain which user set at the time of creating domain.

3. Ensure that files outside the web root are not served

Apache shouldn’t able to access any files out side of its web root. So all your web sites should be placed under one directory (public_html for cPanel and httpdocs incase of Plesk as control panel), you would set it up as follows:

<Directory />
Order Deny,Allow
Deny from all
Options None
AllowOverride None
</Directory>
<Directory /public_html>
Order Allow,Deny
Allow from all
</Directory>

Note that because we set Options None and AllowOverride None this will turn off all options and overrides for the server. You now have to add them explicitly for each directory that requires an Option or Override using .htaccess .

4. Turn off directory browsing

You can do this with an Options directive inside a Directory tag. Set Options to either None or –Indexes to disable Directory listing for the domain

Options -Indexes

5. Turn off server side includes

SSI (Server Side Includes) is directives that are placed in HTML pages, and evaluated on the server while the pages are being served. They let you add dynamically generated content to an existing HTML page, without having to serve the entire page via a CGI program, or other dynamic technology.

This can done with the Options directive inside a Directory tag. Set Options to either None or -Includes

Options -Includes

6. Turn off CGI execution

The CGI (Common Gateway Interface) defines a way for a web server to interact with external content-generating programs, which are often referred to as CGI programs or CGI scripts. It is the simplest, and most common, way to put dynamic content on your web site

If you’re not using CGI turn it off with the Options directive inside a Directory tag. Set Options to either None or -ExecCGI

Options -ExecCGI

7. Don’t allow apache to follow Symbolic Links

Symbolic Link (also symlink or soft link) is a special type of file that contains a reference to another file or directory in the form of an absolute or relative path and that affects pathname resolution.

Symbolic Links can be disabled using the Options directive inside a Directory tag. Set Options to either None or –FollowSymLinks

Options -FollowSymLinks

8.  Turn off support for .htaccess files

.htaccess files (or “distributed configuration files”) provide a way to make configuration changes on a per-directory basis.

This is done in a Directory tag but with the AllowOverride directive. Set it to None.

AllowOverride None

9) Run mod_security

ModSecurity is an open source web application firewall. it’s a super handy Apache module written by Ivan Ristic, the author of Apache Security from O’Reilly press.

You can do the following with mod_security:

* Simple filtering
* Regular Expression based filtering
* URL Encoding Validation
* Unicode Encoding Validation
* Auditing
* Null byte attack prevention
* Upload memory limits* Server identity masking
* Built in Chroot support
* And more

10) Restricting Access by IP

If you have a resource that should only by accessed by a certain network, or IP address you can enforce this in your apache configuration. For instance if you want to restrict access to your intranet to allow only the 92.48 network:

Order Deny,Allow
Deny from all
Allow from 92.48.0.0/16

Or by IP:

Order Deny,Allow
Deny from all
Allow from 127.0.0.1

Incoming search terms:

• plesk IPCCommTimeout (2)
• centos basic programming (1)
• directadmin rewriteengine (1)
• mysql remote access 10 0 0 0/8 (1)
• secure apache web server (1)
• working with apache basic steps (1)

1. Installation

In order to compile mod_slotlimit, you will need to have apxs2 (APache eXtension tool) installed and configured with Apache.

The follow command will install it:

apt-get install apache2-prefork-dev

Now we download the source package present at http://sourceforge.net/projects/mod-slotlimit/ or download it using wget application and this direct link to the repository:

wget http://kent.dl.sourceforge.net/sourceforge/mod-slotlimit/mod_slotlimit.tar.gz

Next open archive, compile and install module with those commands:

tar zxvf mod_slotlimit.tar.gz
cd mod_slotlimit-1.0
make
make install

Add in the main config file of your web server the following command in order to load mod_slotlimit module.

vi /etc/apache2/httpd.conf

2. Configuration

Before we are able to write our configuration, we should known what directives are supported by this module.

For more information read mod_slotlimit’s documentation:

AvailableSlotsPercent – Percentage of apache slots available in order to activate dynamic slot allocation algorithm
MaxConnectionsPerSite – Max connections for each running site
LimitSite – Specific site to limit
LimitSiteConnections – Max connections for “LimitSite”
ClientIpLimit – Number of maximum simultaneous connection per IP
ForceVhostName – Force vhost hostname in scoreboard. Useful when vhost hostname do not match site visited, for example if you’re using mod_vhost_alias

Now we open config file of our web server in order to write the configuration:

vi /etc/apache2/apache2.conf

Finally we restart Apache:

/etc/init.d/apache2 restart

3. Links

• mod_slotlimit: http://sourceforge.net/projects/mod-slotlimit/
• Apache: http://httpd.apache.org
• Debian: http://www.debian.org

Incoming search terms:

• centos directadmin apache log (1)
• directadmin custombuild wsgi (1)
• php5-eaccelerator php5-memcache apt-get (1)
• plesk Apache2::Resource (1)
• sc_pcre c: In function âmsc_pregcomp_exâ: msc_pcre c:70: error: invalid application of âsizeofâ to incomplete type âpcre_extraâ msc_pcre c:74: error: invalid application of âsizeofâ to incomplete type âpcre_extraâ (1)

OCS Inventory is a great software to make inventories. The NG Server is formed by: communication server, deployment server, and administration console. Click here to know how it works.

The computers that will be inventoried must run an agent (installed on each computer), to connect to the OCS NG Server. We are using the CentOS 5.5 (64bits) distribution, but it will probably work on Fedora (and Red Hat, for sure).

1 Some Prerequisites

Installing MySQL Server

We need to install it (if it’s not already installed):

yum install mysql-server php-mysql php-pecl-zip php-gd

Starting MySQL:

/etc/init.d/mysqld start
chkconfig --level 35 mysqld on

Setting a root password on mysql:

/usr/bin/mysqladmin -u root password 'secret'

Starting Apache:

We need to start Apache (OCS uses it):

/etc/init.d/httpd start
chkconfig --level 35 httpd on

Installing Packages

Next, we need to install EPEL repository:

rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm

Afterwards, let’s install the packages:

yum install -y perl-XML-Simple perl-Compress-Zlib perl-DBI perl-DBD-MySQL perl-Net-IP perl-XML-Entities perl-Apache-DBI perl-Apache2-SOAP perl-SOAP-Lite mod_perl

Configure PHP

Edit the /etc/php.ini file, and change the following lines:

vi /etc/php.ini

post_max_size = 200M
upload_max_filesize = 200M

Restart Apache:

/etc/init.d/httpd restart

2 Installing OCS Inventory NG Server 2

First, we need to download the tarball from OCS Inventory website. Click here.

mkdir /download
cd /download
wget http://launchpad.net/ocsinventory-server/stable-2.0/2.0rc1/+download/OCSNG_UNIX_SERVER-2.0rc1.tar.gz

Initiate the installer:

tar -zxvf OCSNG_UNIX_SERVER-2.0rc1.tar.gz
cd /download/OCSNG_UNIX_SERVER-2.0rc1
sh setup.sh

The install script is very simple, it’s a wizard. Almost all the options, we’ll select the default option.
These are the questions:

If you leave the question in blank, it will select the default option.

Do you wish to continue ([y]/n)?y

Your MySQL client seems to be part of MySQL version 5.0.
Your computer seems to be running MySQL 4.1 or higher, good
Which host is running database server [localhost] ?localhost

On which port is running database server [3306] ? 3306

Where is Apache daemon binary [/usr/sbin/httpd] ?

Where is Apache main configuration file [/etc/httpd/conf/httpd.conf] ?

Which user account is running Apache web server [apache] ?

Which user group is running Apache web server [apache] ?

Where is Apache Include configuration directory [/etc/httpd/conf.d/] ?

Where is PERL Intrepreter binary [/usr/bin/perl] ?

Do you wish to setup Communication server on this computer ([y]/n)?y

Where to put Communication server log directory [/var/log/ocsinventory-server] ?

OCS setup.sh can install perl module from packages for you
The script will use the native package from your operating system like apt or rpm
Do you wish to continue (y/[n])? y

To ensure Apache loads mod_perl before OCS Inventory NG Communication Server,

Setup can name Communication Server Apache configuration file
‘z-ocsinventory-server.conf’ instead of ‘ocsinventory-server.conf’.
Do you allow Setup renaming Communication Server Apache configuration file
to ‘z-ocsinventory-server.conf’ ([y]/n) ?y

Do you wish to setup Administration Server (Web Administration Console)
on this computer ([y]/n)?y

CAUTION: Setup now install files in accordance with Filesystem Hierarchy
Standard. So, no file is installed under Apache root document directory
(Refer to Apache configuration files to locate it).
If you’re upgrading from OCS Inventory NG Server 1.01 and previous, YOU
MUST REMOVE (or move) directories ‘ocsreports’ and ‘download’ from Apache
root document directory.
If you choose to move directory, YOU MUST MOVE ‘download’ directory to
Administration Server writable/cache directory (by default
/var/lib/ocsinventory-reports), especialy if you use deployement feature.
Do you wish to continue ([y]/n)?y

Where to copy Administration Server static files for PHP Web Console
[/usr/share/ocsinventory-reports] ?

Where to create writable/cache directories for deployement packages,
IPDiscover and SNMP [/var/lib/ocsinventory-reports] ?

3 Configuring OCS Inventory NG Server 2

Creating a MySQL database:

First, we need to open mysql shell:

mysql -u root -p”secret”

Then create the database named ocsweb, and grant permissions to user ocs, with password ocs:

CREATE DATABASE ocsweb;
GRANT ALL ON ocsweb.* to ‘ocs’@'localhost’ identified by ‘ocs’;

If you want, you can change these parameters (database name, username or password). This is the default of ocs.

Now, point your browser to ocsreports interface, to manage the server with the administration tool:

http://server-ip/ocsreports/

The default user is “admin” and password is “admin”.

Finally, we must delete the install script:

rm -f /usr/share/ocsinventory-reports/ocsreports/install.php

Now, all you have to do is configure the server with the machine options. Install the agents on the network computers pointing the server ip on them.
For more information, take a look at the wiki of OCS clicking here.

References

OCS Inventory: http://wiki.ocsinventory-ng.org/index.php/Documentation:Main

Incoming search terms:

• centos apache mysql sysnetpro (2)
• ocs inventory (2)
• howto ocs inventory debian (1)
• instalasi ocs inventory (1)
• ocs inventory ng freebsd client (1)
• ocsinventory centos iptables (1)