RHCE NW-Service Quickreference sheet

Service: Apache

Packages and Installation

Name Description
httpd Apache http server
mod_ssl ssl for apache
openssl ssl tools
crypto-utils ssl key generating tools
httpd_manual documentation package

SELinux Hints
Boolean default description
httpd_enable_homedirs off allow personal homedir sharing
httpd_use_nfs off allow rw from nfs
httpd_use_cifs off allow rw from cifs
httpd_enable_cgi on enable cgi

types description
httpd_sys_content_t static web content (ro)
httpd_sys_script_exec_t for cgi scripts
httpd_sys_content_rw_t rw for cgi scripts
httpd_sys_content_ra_t append only by cgi scripts
httpd_unconfined_script_e unconfied scripts
xec_t
Systemd Services and Startup Config
task cmd
Restart graceful apachectl graceful
Test configuration apachectl configtest
Security
Firewall Services/Ports
service ports
http tcp/80
https tcp/443

Host-based Security
use mod_authz_host:
config description
<RequireAll></RequireAll> AND, OR, NAND blocks
<RequireAny></RequireAny>
<RequireNone></RequireNone>
Require [not] host #name allow/block host or ip
Require [not] ip #address

Require all granted allow all

Require all denied deny all
Require [not] ip #net/#maks allow/block networks
Require [not] ip #partial-ip
Require local only local access

User-based Security
config description
<RequireAll></RequireAll> AND, OR, NAND blocks
<RequireAny></RequireAny>
<RequireNone></RequireNone>
Require [not] group #group allow/block group or user
Require [not] user #user

Require valid-user allow all valid users

AuthType Basic enable basic auth
AuthName "#text" text display on login
AuthBasicProvider file use htpasswd-files
AuthUserFile #name htpasswd-file path
AuthGroupFile #file path to group file
format:
#group: #member [..]
use htpasswd to manage users

Config Tasks
Configure a Virtual Host
use example from /usr/share/doc/apache/
first host is default

Configure Private Directories

• enable example configfile httpd-userdir.conf

• enable selinux bool

• disable or enable users:

◦ UserDir disabled root jro fish
◦ UserDir enabled rbowen krietz
 •

Deploy a basic CGI application

task cmd
LoadModule cgi_module load module
modules/mod_cgi.so
ScriptAlias /cgi-bin/ add cgi dir
/usr/local/apache2/cgi-bin/

Options +ExecCGI enable cgi

AddHandler cgi-script .cgi .pl set extensions
no for all

Configure Group-managed content

Configure TLS security

task cmd
create selfsigned key genkey #hostname
install new key cp #key /etc/pki/tls/certs/
#change /etc/httpd/conf.d/ssl.conf
disable cert verification in curl curl -k