PORT Related interview questions in Linux:
1. What is a port?
A port is piece of software which is used as docking point in your machine, where remote application can communicate. This is analogy to the physical ports for entering in to a country from different sea ports.
2. What is hardware port?
This is physical peripheral connection point to a machine from a physical device.
3. What is a socket?
Socket is combination of software Port+IP address.
A socket is just a logical endpoint for communication. They exist on the transport layer. You can send and receive things on a socket, you can bind and listen to a socket.
A socket is specific to a protocol, machine, and port, and is addressed as such in the header of a packet.
4. What is the range of ports or how many ports are there?
Port numbers can vary from 0 to 65535, so total we can get 65536 ports
5. Why port numbers are just 65536?
This is because limitation in TCP/IP stack where the port number field is just 16bit size. So we get only 2^16 ports which are equal to 65536 available ports
6.What are the well-known ports or assigned ports or default ports?
Well known ports are from 0 to 1023(total 2^10=1024 ports)
7.What do you mean by default port?
Default port is a designated port for particular well-known server.
8.Can we change default port for a service(example Apache, squid)?
Yes, we can change. In most apache and DNS we can change this using listen configuration entry in httpd.conf and . Squid have port entry in its squid.conf file to mention port number.
9.What are the protocol numbers for TCP and UDP?
Do not confuse this one with port numbers. TCP and UDP have their own numbers in TCP/IP stack.
TCP protocol number:6
UDP protocol number:17
10. Is there any way I can see all the port information in Linux?
Yes, you can get that from /etc/services files.
11. How can I see open ports in Linux?
use nmap , lsof or netstat commands.
Ex: #lsof -i
Ex: #netstat -tulpn
Ex: #nmap -sT -O localhost
12.Which port is used by Ping command?
The answer is none. No ports required for Ping as it uses icmp packets
It needs to allow icmp 'echo-request' (type 8) packets out and icmp 'echo-reply' (type 0) packets in.
Ping Use ICMP to comminicate and ICMP is a protocol not a service. Hence it does not use a specific port
FLOW :
ICMP Echo Request
|
Type (8) Code (0)
|
Checksum
|
Identification
|
Sequence
|
Test Data
Ports and corresponding port numbers:
20 – FTP Data (For transferring FTP data)
21 – FTP Control (For starting FTP connection)
22 – SSH(For secure remote administration which uses SSL to encrypt the transmission)
23 – Telnet (For insecure remote administration
25 – SMTP(Mail Transfer Agent for e-mail server such as SEND mail)
53 – DNS(Special service which uses both TCP and UDP)
69 – TFTP(Trivial file transfer protocol uses udp protocol for connection less transmission
of data)
80 – HTTP/WWW(apache)
110 – POP3(Mail delivery Agent)
123 – NTP(Network time protocol used for time syncing uses UDP protocol)
137 – NetBIOS(nmbd)
138 - NetBIOS
139 – SMB-Samba(smbd)
143 – IMAP
161 – SNMP(For network monitoring)
162-SNMP Trap
389 – LDAP(For centralized administration)
443 – HTTPS(HTTP+SSL for secure web access)
514 – Syslogd(udp port)
636 – ldaps(both tcp and udp)
1. What is a port?
A port is piece of software which is used as docking point in your machine, where remote application can communicate. This is analogy to the physical ports for entering in to a country from different sea ports.
2. What is hardware port?
This is physical peripheral connection point to a machine from a physical device.
3. What is a socket?
Socket is combination of software Port+IP address.
A socket is just a logical endpoint for communication. They exist on the transport layer. You can send and receive things on a socket, you can bind and listen to a socket.
A socket is specific to a protocol, machine, and port, and is addressed as such in the header of a packet.
4. What is the range of ports or how many ports are there?
Port numbers can vary from 0 to 65535, so total we can get 65536 ports
5. Why port numbers are just 65536?
This is because limitation in TCP/IP stack where the port number field is just 16bit size. So we get only 2^16 ports which are equal to 65536 available ports
6.What are the well-known ports or assigned ports or default ports?
Well known ports are from 0 to 1023(total 2^10=1024 ports)
7.What do you mean by default port?
Default port is a designated port for particular well-known server.
8.Can we change default port for a service(example Apache, squid)?
Yes, we can change. In most apache and DNS we can change this using listen configuration entry in httpd.conf and . Squid have port entry in its squid.conf file to mention port number.
9.What are the protocol numbers for TCP and UDP?
Do not confuse this one with port numbers. TCP and UDP have their own numbers in TCP/IP stack.
TCP protocol number:6
UDP protocol number:17
10. Is there any way I can see all the port information in Linux?
Yes, you can get that from /etc/services files.
11. How can I see open ports in Linux?
use nmap , lsof or netstat commands.
Ex: #lsof -i
Ex: #netstat -tulpn
Ex: #nmap -sT -O localhost
12.Which port is used by Ping command?
The answer is none. No ports required for Ping as it uses icmp packets
It needs to allow icmp 'echo-request' (type 8) packets out and icmp 'echo-reply' (type 0) packets in.
Ping Use ICMP to comminicate and ICMP is a protocol not a service. Hence it does not use a specific port
FLOW :
ICMP Echo Request
|
Type (8) Code (0)
|
Checksum
|
Identification
|
Sequence
|
Test Data
Ports and corresponding port numbers:
20 – FTP Data (For transferring FTP data)
21 – FTP Control (For starting FTP connection)
22 – SSH(For secure remote administration which uses SSL to encrypt the transmission)
23 – Telnet (For insecure remote administration
25 – SMTP(Mail Transfer Agent for e-mail server such as SEND mail)
53 – DNS(Special service which uses both TCP and UDP)
69 – TFTP(Trivial file transfer protocol uses udp protocol for connection less transmission
of data)
80 – HTTP/WWW(apache)
110 – POP3(Mail delivery Agent)
123 – NTP(Network time protocol used for time syncing uses UDP protocol)
137 – NetBIOS(nmbd)
138 - NetBIOS
139 – SMB-Samba(smbd)
143 – IMAP
161 – SNMP(For network monitoring)
162-SNMP Trap
389 – LDAP(For centralized administration)
443 – HTTPS(HTTP+SSL for secure web access)
514 – Syslogd(udp port)
636 – ldaps(both tcp and udp)
HTTP ---------- 80
FTP ------------ 20,21
TelNet ---------- 23
SMTP ---------- 25
DNS ----------- 53
TFTP ----------- 69
SNMP ---------- 161
RIP ------------- 520
IMAP 4--------- 143
IMAP 3 --------- 220
RPC ------------ 135
LDAP ---------- 389
Net Stat -------- 15
WINS ---------- 42
BootP ---------- 67
DHCP ---------- 68
POP2 ---------- 109
POP3 ---------- 110
Net BIOS ------ 139
SSL(HTTPS) --- 443
SQL Server ---- 1433
NFS ------------ 2049
SSH ------------ 22
RAP ----------- 38
BGP ----------- 179
10
Useful Interview Questions on Linux Services and Daemons
Daemon is a computer program that runs as a background process and
generally do not remains under the direct control of user. The parent process
of a daemon in most cases are init, but not always.
In Linux, a Service is an
application that runs in a background carrying out essential task or waiting
for its execution.
Questions on Linux Services and
Daemons
Generally, there is no difference
between a Daemon and a Service. Daemon is Service but service may
be bigger than Daemon. Daemon provide some services and services may contain
more than one Daemon.
Here in this series of Interview
Article, we would be covering Services and Daemons in Linux.
1.
What is Exim Service? What is the purpose of this Service?
Answer :
Exim is an Open Source Mail Transfer Agent (MTA)
which deals with routing, receiving and delivering of Electronic Mail. Exim
service serves to be a great replacement of sendmail service which comes
bundled with most of the distro.
2.
What is NIS server? What is the purpose of NIS Server?
Answer :
The NIS server, serves the purpose of dealing with
Network Information Service which in-turn facilitates to login to other Systems
with same log-in credentials. NIS is a directory service protocol which
functions in Client-Server Model.
3.
What will you prefer for a reverse proxy in Linux?
Answer :
Reverse Proxy refers to the type of proxy that
retrieves resources on account of client from server(s). The solution of
‘Reverse Proxy’ in Linux is squid as well as Apache reverse Proxy. However
‘squid’ is more preferred than ‘Apache reverse Proxy’ because of its simplicity
and straight forward nature.
4.
You are getting following codes (2xx, 3xx, 4xx, 5xx) in Apache, at some point
of time. What does this means?
Answer : In
Apache each error code points towards a specific area of problem.
- 2xx : Request of connection Successful
- 3xx: Redirection
- 4xx: Client Error
- 5xx: Server Error
5.
You are asked to stop Apache Service through its control Script. What will you
do?
Answer :
The Apache service is controlled using a script
called apachectl. In order to stop apache using its control script we need to
run.
#
apachectl stop [On Debian
based Systems]
#
/etc/inid.t/httpd stop [On Red Hat
based Systems]
6.
How is ‘apachectl restart’ different from ‘apachect1 graceful’
Answer :
The ‘apachect1 restart’ when executed will force
Apache to restart immediately, before the task complete whereas ‘apachectl
graceful’ will wait for the current task to be finished before restarting the
service. Not to mention ‘apachectl graceful’ is more safe to execute but the
execution time for ‘apachect1 restart’ is less as compared to ‘apachectl
graceful’.
7.
How will you configure the nfs mounts to export it, from your local machine?
Answer :
The /etc/export allows the creation of nfs exports on
local machine and make it available to the whole world.
8.
You are supposed to create a new Apache VirtualHost configuration for the host
www.Tecmint.com that is available at /home/Tecmint/public_html/ and maintains
log at /var/log/httpd/ by default.
Answer :
You need to create a Apache virtual host container
in main apache configuration file located at ‘/etc/httpd/conf/httpd.conf’. The
following is the virtual container for host www.tecmint.com.
DocumentRoot
/home/Tecmint/public_html
ServerName
www.Tecmint.com
Server
Alias Tecmint.com
CustomLog
/var/log/httpd/Tecmint.com.log combined
ErrorLog
/var/log/httpd/Tecmint.com.error.log
9.
You are supposed to dump all the packets of http traffic in file http.out. What
will you suggest?
Answer :
In order to dump all the network traffic, we need
to use command ‘tcpdump’ with the following switches.
#
tcpdump tcp port 80 -s0 -w http.out
10.
How will you add a service (say httpd) to start at INIT Level 3?
Answer :
We need to use ‘chkconfig’ tool to hook up a
service at INIT Level 3 by changing its runlevel parameter.
chkconfig
–level 3 httpd on
____________________________________________________________________________________
1.
What is Apache web server?
Answer : Apache
web server HTTP is a most popular, powerful and Open Source to host websites on
the web server by serving web files on the networks. It works on HTTP as in
Hypertext Transfer protocol, which provides a standard for servers and client
side web browsers to communicate. It supports SSL, CGI files, Virtual hosting
and many other features.
2.
How to check Apache and it’s version?
Answer : First,
use the rpm command to check whether Apache installed or not. If it’s
installed, then use httpd -v command to check
its version.
[root@tecmint ~]# rpm -qa | grep httpd
httpd-devel-2.2.15-29.el6.centos.i686
httpd-2.2.15-29.el6.centos.i686
httpd-tools-2.2.15-29.el6.centos.i686
[root@tecmint ~]# httpd -v
Server version: Apache/2.2.15 (Unix)
Server built: Aug 13 2013 17:27:11
3.
Apache runs as which user? and location of main config file?.
Answer : Apache
runs with the user “nobody” and httpd daemon. Apache main configuration file:
/etc/httpd/conf/httpd.conf (CentOS/RHEL/Fedora) and /etc/apache2.conf
(Ubuntu/Debian).
4.
On which port Apache listens http and https both?
Answer : By
default Apache runs on http port 80 and https port 443 (for SSL certificate).
You can also use netstat command to check ports.
[root@tecmint ~]# netstat -antp | grep http
tcp 0 0 :::80 :::* LISTEN 1076/httpd
tcp 0 0 :::443 :::* LISTEN 1076/httpd
5.
How do you install Apache Server on your Linux machine?
Answer : Simply,
you can use any package installer such as yum on (RHEL/CentOS/Fedora) and
apt-get on (Debian/Ubuntu) to install Apache server on your Linux machine.
[root@tecmint ~]# yum install httpd
[root@tecmint ~]# apt-get install apache2
6.
Where you can find all configuration directories of Apache Web Server?
Answer : By
default Apache configuration directories installed under /etc/httpd/ on
(RHEL/CentOS/Fedora) and /etc/apache2 on (Debian/Ubuntu).
[root@tecmint ~]# cd /etc/httpd/
[root@tecmint httpd]# ls -l
total 8
drwxr-xr-x. 2 root root 4096 Dec 24 21:44 conf
drwxr-xr-x. 2 root root 4096 Dec 25 02:09 conf.d
lrwxrwxrwx 1 root root 19 Oct 13 19:06 logs -> ../../var/log/httpd
lrwxrwxrwx 1 root root 27 Oct 13 19:06 modules -> ../../usr/lib/httpd/modules
lrwxrwxrwx 1 root root 19 Oct 13 19:06 run -> ../../var/run/httpd
[root@tecmint ~]# cd /etc/apache2
[root@tecmint apache2]# ls -l
total 84
-rw-r--r-- 1 root root 7113 Jul 24 16:15 apache2.conf
drwxr-xr-x 2 root root 4096 Dec 16 11:48 conf-available
drwxr-xr-x 2 root root 4096 Dec 16 11:45 conf.d
drwxr-xr-x 2 root root 4096 Dec 16 11:48 conf-enabled
-rw-r--r-- 1 root root 1782 Jul 21 02:14 envvars
-rw-r--r-- 1 root root 31063 Jul 21 02:14 magic
drwxr-xr-x 2 root root 12288 Dec 16 11:48 mods-available
drwxr-xr-x 2 root root 4096 Dec 16 11:48 mods-enabled
-rw-r--r-- 1 root root 315 Jul 21 02:14 ports.conf
drwxr-xr-x 2 root root 4096 Dec 16 11:48 sites-available
drwxr-xr-x 2 root root 4096 Dec 6 00:04 sites-enabled
7.
Can Apache be secured with TCP wrappers?
Answer : No, It
can’t be secured with the TCP wrappers since it doesn’t support libwrap.a
library of Linux.
8.
How to change default Apache Port and How Listen Directive works in Apache?
Answer : There is
a directive “Listen” in httpd.conf file which allows us to change the default
Apache port. With the help of Listen directive we can make Apache listen on
different port as well as different interfaces.
Suppose you have multiple IPs assigned to your Linux machine and want Apache
to receive HTTP requests on a special Ethernet port or
Interface, even that can be done with Listen directive.To change the Apache default port, please open your Apache main configuration file httpd.conf or apache2.conf file with VI editor.
[root@tecmint ~]# vi /etc/httpd/conf/httpd.conf
[root@tecmint ~]# vi /etc/apache2/apache2.confSearch for the word ”Listen”, comment the original line and write your own directive below that line.
# Listen 80
Listen 8080
OR
Listen 172.16.16.1:8080Save the file and restart the web server.
[root@tecmint ~]# service httpd restart
[root@tecmint ~]# service apache2 restart
9.
Can we have two Apache Web servers on a single machine?
Answer : Yes, we
can run two different Apache servers at one time on a Linux machine, but the
condition for that is they should listen on different ports and we can change
the ports with Listen directive of Apache.
10.
What do you mean by DocumentRoot of Apache?
Answer : DocumentRoot
in Apache means, it’s the location of web files are stored in the server, the
default DocumentRoot of Apache is /var/www/html or /var/www. This can be
changed to anything, by setting up “DocumentRoot” in a virtual host of
configuration file of domain.
11.
How to host files in different folder and what is Alias directive?
Answer : Yes,
this can be achieved by Alias directive in the main Apache configuration file.
Alias directive maps resources in File system, it takes a URL path and
substitute it with a file or directory path on the system with is set up to
redirect.
To use Alias directive, Its the part of mod_alias module of
Apache. The default syntax of Alias directive is:Alias /images /var/data/images/Here in above example, /images url prefix to the /var/data/images prefix that mean clients will query for “http://www.example.com/images/sample-image.png” and Apache will pick up the “sample-image.png” file from /var/data/images/sample-image.png on the server. It’s also known as URL Mapping.
12.
What do you understand by “DirectoryIndex”?
Answer : DirectoryIndex
is the name of first file which Apache looks for when a request comes from a
domain. For example: www.example.com is requested by the client, so Apache will
go the document root of that website and looks for the index file (first file
to display).
The default setting of DirectoryIndex is .html index.html
index.php, if you have different names of your first file, you
need to make the changes in httpd.conf or apache2.conf
for DirectoryIndex value to display that to your client browser.#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
# The index.html.var file (a type-map) is used to deliver content-
# negotiated documents. The MultiViews Option can be used for the
# same purpose, but it is much slower.
#
DirectoryIndex index.html index.html.var index.cgi .exe
13.
How to disable Directory listing when an index file is missing?
Answer : If, the
main index file is missing in the website root directory, then the Apache will
lists all the contents like files and folder of the website on the browser
instead of Main website pages.
To stop Apache directory listing, you can set the following rule in the main
configuration file globally or in .htaccess file for a
particular website. Options -Indexes
14.
What are different log files of Apache Web Server?
Answer : The
default log files of Apache Web Server are access log “/var/log/httpd/access_log”
and error log :/var/log/httpd/error_log”.
15.
What do you understand by “connection reset by peer” in error logs?
Answer : When the
server is serving any ongoing Apache request and end user terminates the
connection in between, we see “connection reset by peer” in the Apache error
logs.
16.
What is Virtual Host in Apache?
The Virtual Host section contains the
information like Website name, Document root, Directory Index, Server Admin
Email, ErrorLog File location etc.
You are free to add as many directives you require for your domain, but the
two minimal entries for a working website is the ServerName
and DocumentRoot. We usually define our Virtual Host section
at the bottom of httpd.conf file in Linux machines.Sample VirtualHost
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot /www/docs/dummy-host.example.com
ServerName dummy-host.example.com
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log common
- ServerAdmin : Its usually the email address of the website owner, where the error or notification can be sent.
- DocumentRoot : location where the web files are located in the server(Necessary).
- ServerName : Its the domain name which you want to access from your web browser(Necessary).
- ErrorLog : Its the location of the log file where all the domain related logs are being recorded.
17.
What’s the difference between and ?
Answer :
is used to set element related to the URL / address bar of the web server. refers that the location of file system object on the server
18.
What is Apache Virtual Hosting?
Answer : Apache
Virtual hosting is the concept of hosting multiple website on a single web
server. There are two types of Virtual hosts can be setup with Apache are Name Based Virtual hosting and IP based virtual hosting.
For more information, read on How to Create Name/IP based Virtual Hosts
in Apache
Download Your Free eBooks NOW - 10 Free Linux eBooks for
Administrators
As we all are aware that Apache is a very powerful, highly
flexible and configurable Web server for Nix OS. Here in this
tutorial, we are going to discuss one more feature of Apache
which allows us to host more than one website on a single Linux machine.
Implementing virtual hosting with Apache web server can help you to save costs
you are investing on your server maintenance and their administration.Concept of Shared web hosting and Reseller web hosting is based on this facility of Apache only.
Types of Virtual Host
There are two types of virtual hosting is available with Apache.Name Based Virtual Hosting
With the name based virtual hosting you can host several domains/websites on a single machine with a single IP. All domains on that server will be sharing a single IP. It’s easier to configure than IP based virtual hosting, you only need to configure DNS of the domain to map it with its correct IP address and then configure Apache to recognize it with the domain names.· IP Based Virtual Hosting
With the IP based virtual hosting, you can assign a separate IP for each domain on a single server, these IP’s can be attached to the server with single NIC cards and as well as multiple NICs.Testing Environment
- OS – CentOS 6.5
- Application – Apache Web Server
- IP Address – 192.168.0.100
- IP Address – 192.168.0.101
- Domain – www.example1.com
- Domain – www.example2.com
How to Setup IP Based and Name Based Apache Virtual Hosts
Before setting up virtual hosting with Apache, your system must have Apache Web software installed. if not, install it using default package installer called yum.[root@tecmint ~]# yum install httpd
Setup Name Based Virtual Host
But, before creating a virtual host, you need to create a directory where you will keep all your website’s files. So, create directories for these two virtual hosts under /var/www/html folder. Please remember /var/www/html will be your default Document Root in the Apache virtual configuration.[root@tecmint ~]# mkdir /var/www/html/example1.com/
[root@tecmint ~]# mkdir /var/www/html/example2.com/To set up Name based virtual hosting you must need to tell Apache to which IP you will be using to receive the Apache requests for all the websites or domain names. We can do this with NameVirtualHost directive. Open Apache main configuration file with VI editor.
[root@tecmint ~]# vi /etc/httpd/conf/httpd.confSearch for NameVirtualHost and uncomment this line by removing the # sign in front of it.
NameVirtualHostNext add the IP with possible in which you want to receive Apache requests. After the changes, your file should look like this:
NameVirtualHost 192.168.0.100:80Now, it’s time to setup Virtual host sections for your domains, move to the bottom of the file by pressing Shift + G. Here in this example, We are setting up virtual host sections for two domains
- www.example1.com
- www.example2.com
ServerAdmin webmaster@example1.com
DocumentRoot /var/www/html/example1.com
ServerName www.example1.com
ErrorLog logs/www.example1.com-error_log
CustomLog logs/www.example1.com-access_log common
ServerAdmin webmaster@example2.com
DocumentRoot /var/www/html/example2.com
ServerName www.example2.com
ErrorLog logs/www.example2.com-error_log
CustomLog logs/www.example2.com-access_log commonYou are free to add as many directives you want to add in your domains virtual host section. When you are done with changes in httpd.conf file, please check the syntax of files with following command.
[root@tecmint ~]# httpd -t
Syntax OKIt is recommended to check the syntax of the file after making some changes and before restarting the Web server because if any syntax goes wrong Apache will refuse to work with some errors and eventually affect your existing web server go down for a while. If syntax is OK. Please restart your Web server and add it to chkconfig to make your web server start in runlevel 3 and 5 at the boot time only.
[root@tecmint ~]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
[root@tecmint ~]# chkconfig --level 35 httpd onNow it’s time to create a test page called index.html add some content to the file so we will have something to check it, when the IP calls the virtual host.
[root@tecmint ~]# vi /var/www/html/example1.com/index.html
Hello, Welcome to www.example1.com.
[root@tecmint ~]# vi /var/www/html/example2.com/index.html
www.example2.com
Hello, Welcome to www.example2.com.
Once you’re done with it, you can test the setup by accessing both the
domains in a browser.http://www.example1.com
http://www.example2.com
Setup IP Based Virtual Hosting Linux
To setup IP based virtual hosting, you must have more than one IP address/Port assigned to your server or your Linux machine.It can be on a single NIC card , For example: eth0:1, eth0:2, eth0:3 … so forth. Multiple NIC cards can also be attached. If you don’t know how to create multiple IP’s on single NIC, follow the below guide, that will help you out in creating.
Purpose of implementing IP based virtual hosting is to assign implementing for each domain and that particular IP will not be used by any other domain.
This kind of set up required when a website is running with SSL certificate (mod_ssl) or on different ports and IPs. And You can also run multiple instances of Apache on a single machine. To check the IPs attached in your server, please check it using ifconfig command.
root@tecmint ~]# ifconfig
Sample Output
eth0 Link encap:Ethernet HWaddr 08:00:27:4C:EB:CE
inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe4c:ebce/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:17550 errors:0 dropped:0 overruns:0 frame:0
TX packets:15120 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:16565983 (15.7 MiB) TX bytes:2409604 (2.2 MiB)
eth0:1 Link encap:Ethernet HWaddr 08:00:27:4C:EB:CE
inet addr:192.168.0.101 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1775 errors:0 dropped:0 overruns:0 frame:0
TX packets:1775 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3416104 (3.2 MiB) TX bytes:3416104 (3.2 MiB)As you can see in above output, two IPs 192.168.0.100 (eth0) and 192.168.0.101 (eth0:1) is attached to the server, both IPs are assigned to the same physical network device (eth0).
Now, assign a specific IP/Port to receive http requests, you can simply do it by changing Listen directive in httpd.conf file.
[root@tecmint ~]# vi /etc/httpd/conf/httpd.confSearch for word “Listen”, You find a section where the short description about Listen directive is written. In that section, comment the original line and write your own directive below that line.
# Listen 80
Listen 192.168.0.100:80Now, create a Virtual host sections for both the domains. Go the bottom of the file and add the following virtual directives.
VirtualHost 192.168.0.100:80>
ServerAdmin webmaster@example1.com
DocumentRoot /var/www/html/example1
ServerName www.example1.com
ErrorLog logs/www.example1.com-error_log
TransferLog logs/www.example1.com-access_log
ServerAdmin webmaster@example2.com
DocumentRoot /var/www/html/example2
ServerName www.example2.com
ErrorLog logs/www.example2.com-error_log
TransferLog logs/www.example2.com-access_logNow, since you have modified main Apache conf file, you need to restart the http service like below.
[root@tecmint ~]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]Test your IP based Virtual hosting setup by accessing the URLs on web browser as shown below.
http://www.example1.com
http://www.example2.comThat’s all with Apache virtual host today, If you’re looking to secure and harden your Apache configuration, then read our article that guides..
19.
What do you understand by MPM in Apache?
Answer : MPM
stands for Multi Processing Modules, actually Apache follows some mechanism to
accept and complete web server requests.
20.
What is the difference between Worker and Prefork MPM?
Answer : Both
MPMs, Worker and prefork has their own mechanism to work with Apache. It
totally depends on you that in which mode you want to start your Apache.
- Basic difference between Worker and MPM is in their process of spawning the child process. In the Prefork MPM, a master httpd process is started and this master process starts manages all other child processes to serve client requests. Whereas, In the worker MPM one httpd process is active, and it uses different threads to serve client requests.
- Prefork MPM uses multiple child processes with one thread each, where worker MPM uses multiple child processes with many threads each.
- Connection handling in the Prefork MPM, each process handles one connection at a time, whereas in the Worker mpm each thread handles one connection at a time.
- Memory footprints Prefork MPM Large memory footprints, where Worker has smaller memory footprints.
21.
What’s the use of “LimitRequestBody” and how to put limit on your uploads?
Answer : LimitRequestBody
directive is used to put a limit on the upload size.
For example: I want to put limits of 100000 Bytes in the
folder /var/www/html/tecmin/uploads. So, you need to add
following directive in Apache configuration file.LimitRequestBody 100000
22.
What is mod_perl and mod _php?
Answer :
- mod_perl is an Apache module which is compiled with Apache for easy integration and to increase the performance of Perl scripts.
- mod_php is used for easy integration of PHP scripts by the web server, it embeds the PHP interpreter inside the Apache process. Its forces Apache child process to use more memory and works with Apache only but still very popular.
23.
What is Mod_evasive?
Answer : Its a
third-party module which helps us to prevent your web server from the web
attacks like DDOS because it performs only one task at a time and performs it
very well.
For more information, read the article that guides you how to install and configure mod_evasive
in Apache.
24.
What is Loglevel debug in httpd.conf file?
Answer : With the
help of Loglevel Debug option, we can get/log more information in the error
logs which helps us to debug a problem.
25.
What’s the use of mod_ssl and how SSL works with Apache?
Answer : Mod_ssl
package is an Apache module, which allows Apache to establish its connection and
transfer all the data in a secure encrypted environment. With the help of SSL
certificates, all the Login details and other important secret details get
transferred in an encrypted manner over the Internet, which prevents our data
from Eavesdropping and IP spoofing.
What
is location of log files for Apache server ?
/var/log/httpd
Q: - What are the types of virtual hosts ?
name-based and IP-based.
Name-based virtual host means that multiple names are running on each IP address.
IP-based virtual host means that a different IP address exists for each website served. Most configurations are named-based because it only requires one IP address.
name-based and IP-based.
Name-based virtual host means that multiple names are running on each IP address.
IP-based virtual host means that a different IP address exists for each website served. Most configurations are named-based because it only requires one IP address.
Q:
- How to restart Apache web server ?
service httpd restart
service httpd restart
Q:
- How to check the version of Apache server ?
rpm -qa |grep httpd
rpm -qa |grep httpd
Q:
- What is meaning of "Listen" in httpd.conf file ?
Port number on which to listen for nonsecure (http) transfers.
Port number on which to listen for nonsecure (http) transfers.
Q:
- What is DocumentRoot ?
it is a location of files which are accessible by clients. By default, the Apache HTTP server in RedHat Enterprise Linux is configured to serve files from the /var/www/html/ directory.
it is a location of files which are accessible by clients. By default, the Apache HTTP server in RedHat Enterprise Linux is configured to serve files from the /var/www/html/ directory.
Q:
- On which port Apache server works ?
http - port 80
https - port 443
http - port 80
https - port 443
Q:
- Tell me name of main configuration file of Apache server ?
httpd.conf
httpd.conf
Q:
- On which version of apache you have worked ?
httpd-2.2.3
httpd-2.2.3
Q:
- What do you mean by a valid ServerName directive?
The DNS system is used to associate IP addresses with domain names. The value of ServerName is returned when the server generates a URL. If you are using a certain domain name, you must make sure that it is included in your DNS system and will be available to clients visiting your site.
The DNS system is used to associate IP addresses with domain names. The value of ServerName is returned when the server generates a URL. If you are using a certain domain name, you must make sure that it is included in your DNS system and will be available to clients visiting your site.
Q: - What is the main difference
between and sections?
Directory sections refer to file system objects; Location sections refer to elements in the address bar of the Web page
Directory sections refer to file system objects; Location sections refer to elements in the address bar of the Web page
What
is the difference between a restart and a graceful restart of a web server?
During a normal restart, the server is stopped and then started, causing some requests to be lost. A graceful restart allows Apache children to continue to serve their current requests until they can be replaced with children running the new configuration.
During a normal restart, the server is stopped and then started, causing some requests to be lost. A graceful restart allows Apache children to continue to serve their current requests until they can be replaced with children running the new configuration.
Q:
- What is the use of mod_perl module?
mod_perl scripting module to allow better Perl script performance and easy integration with the Web server.
mod_perl scripting module to allow better Perl script performance and easy integration with the Web server.
Q:
- If you have added “loglevel Debug” in httpd.conf file, than what will happen?
It will give you more information in the error log in order to debug a problem.
It will give you more information in the error log in order to debug a problem.
Q:
- Can you record the MAC (hardware) address of clients that access your server.
No
No
Q:
- Can you record all the cookies sent to your server by clients in Web Server
logs?
Yes, add following lines in httpd.conf file.
CustomLog logs/cookies_in.log "%{UNIQUE_ID}e %{Cookie}i" CustomLog logs/cookies2_in.log "%{UNIQUE_ID}e %{Cookie2}i"
Yes, add following lines in httpd.conf file.
CustomLog logs/cookies_in.log "%{UNIQUE_ID}e %{Cookie}i" CustomLog logs/cookies2_in.log "%{UNIQUE_ID}e %{Cookie2}i"
Q:
- Can we do automatically roll over the Apache logs at specific times without
having to shut down and restart the server?
Yes
Yes
Use CustomLog and
the rotatelogs programs
Add following line in httpd.conf file. CustomLog "| /path/to/rotatelogs/path/to/logs/access_log.%Y-%m-%d 86400" combined
Add following line in httpd.conf file. CustomLog "| /path/to/rotatelogs/path/to/logs/access_log.%Y-%m-%d 86400" combined
Q:
- What we can do to find out how people are reaching your site?
Add the following effector to your activity log format. %{Referer}
Add the following effector to your activity log format. %{Referer}
Q:
- If you have only one IP address, but you want to host two web sites on your
server. What will you do?
In this case I will use Name Based Virtual hosting.
In this case I will use Name Based Virtual hosting.
ServerName 10.111.203.25
NameVirtualHost *:80
NameVirtualHost *:80
ServerName web1.test.com
DocumentRoot /var/www/html/web1
ServerName web2.test2.com
DocumentRoot /var/www/html/web2
Q:
- Can I serve content out of a directory other than
the DocumentRootdirectory?
Yes, by using “Alias” we can do this.
Yes, by using “Alias” we can do this.
Q:
- If you have to more than one URL map to the same directory but you don't have
multiple Alias directives. What you will do?
In this case I will use “AliasMatch” directives.
The AliasMatch directive allows you to use regular expressions to match arbitrary patterns in URLs and map anything matching the pattern to the desired URL.
In this case I will use “AliasMatch” directives.
The AliasMatch directive allows you to use regular expressions to match arbitrary patterns in URLs and map anything matching the pattern to the desired URL.
Q:
- How you will put a limit on uploads on your web server?
This can be achieved by LimitRequestBody directive.
This can be achieved by LimitRequestBody directive.
LimitRequestBody 100000
Here I have put limit of 100000 Bytes
Q:
- I want to stop people using my site by Proxy server. Is it possible?
Order Allow,Deny
Deny from all
Satisfy All
Order Allow,Deny
Deny from all
Satisfy All
Q:
- What is mod_evasive module?
mod_evasive is a third-party module that performs one simple task, and performs it very well. It detects when your site is receiving a Denial of Service (DoS) attack, and it prevents that attack from doing as much damage. mod_evasive detects when a single client is making multiple requests in a short period of time, and denies further requests from that client. The period for which the ban is in place can be very short, because it just gets renewed the next time a request is detected from that same host.
mod_evasive is a third-party module that performs one simple task, and performs it very well. It detects when your site is receiving a Denial of Service (DoS) attack, and it prevents that attack from doing as much damage. mod_evasive detects when a single client is making multiple requests in a short period of time, and denies further requests from that client. The period for which the ban is in place can be very short, because it just gets renewed the next time a request is detected from that same host.
Q:
- How t to enable PHP scripts on your server?
If you have mod_php installed, use AddHandler to map .php and .phtml files to the PHP handler. AddHandler application/x-httpd-php .phtml .php
If you have mod_php installed, use AddHandler to map .php and .phtml files to the PHP handler. AddHandler application/x-httpd-php .phtml .php
Q: - Which tool you have used for
Apache benchmarking?
ab (Apache bench)
ab (Apache bench)
ab -n 1000 -c 10 http://www.test.com/test.html
Q:
- Can we cache files which are viewed frequently?
Yes we can do it by using mod_file_cache module.
CacheFile /www/htdocs/index.html
Yes we can do it by using mod_file_cache module.
CacheFile /www/htdocs/index.html
Q:
- Can we have two apache servers having diff versions?
Yes, you can have two different
apache servers on one server, but they can't listen to the same port at the
same time.Normally apache listens to port 80 which is the default HTTP port.
The second apache version should listen to another port with the Listen option
in httpd.conf, for example to port 81.
For testing a new apache version before moving your sites from one version to another, this might be a good option.You just type www.example.com:81 in the browser window and you will be connected to the second apache instance.
Apache interview questions and answers
On a fresh install, why does Apache have three config
files - srm.conf,
access.conf and httpd.conf? - The first two are
remnants from the NCSA times, and
generally you should be ok if you delete the first two, and stick
with httpd.conf.
What’s the command to stop Apache? - kill the
specific process that httpd is running
under, or killall httpd. If you have apachectl
installed, use apachectl stop.
What does apachectl graceful do? - It sends a
SIGUSR1 for a restart, and starts the
apache server if it’s not running.
How do you check for the httpd.conf consistency and any
errors in it? - apachectl
configtest
When I do ps -aux, why do I have one copy of httpd
running as root and the rest
as nouser? - You need to be a root to attach yourself
to any Unix port below 1024, and we
need 80.
But I thought that running apache as a root is a security
risk? - That one root
process opens port 80, but never listens to it, so no user
will actually enter the site with root
rights. If you kill the root process, you will see the other
kids disappear as well.
Why do I get the message "… no listening sockets
available, shutting down"? - In
Apache 2 you need to have a listen directive. Just put Listen
80 in httpd.conf.
How do you set up a virtual host in Apache?
ServerAdmin admin@techinterviews.com
DocumentRoot
/home/apache/share/htdocs/hostedsites
ServerName www.techinterviews.com
ErrorLog
/home/apache/logs/error/hostedsites/error_log
TransferLog /home/apache/logs/access/hostedsites/access_log
What is ServerType directive? - It defines whether
Apache should spawn itself as a child
process (standalone) or keep everything in a single process
(inetd). Keeping it inetd conserves
resources. This is deprecated, however.
What is mod_vhost_alias? - It allows hosting multiple
sites on the same server via simpler
configurations.
What does htpasswd do? - It creates a new user in a
specified group, and asks to specify a
password for that user.
If you specify both deny from all and allow
from all, what will be the default
action of Apache? - In case of ambiguity deny always
takes precedence over allow.
1.What are Daemons ??
Daemons are services that provide
several functions that may not be available under the base
operating system.
Its main task is to listen for
service request and at the same time to act on these requests.
After the service is done,
it is then disconnected and waits
for further requests.
2.What are environmental variables?
Environmental variables are global
settings that control the shell’s function as well as that of other Linux
programs. Another common term for environmental variables is global shell
variables
3.What are the different modes when using vi editor?
There are 3 modes under vi:
- Command mode – this is the mode
where you start in
- Edit mode – this is the mode that
allows you to do text editing
- Ex mode – this is the mode wherein
you interact with vi with instructions to process a file
4.How can we change speed and make full duplex settings
for eth0
Ans We can do this with below given
2 methods:
ethtool -s eth0 speed 100 duplex
full
ethtool -s eth0 speed 10 duplex half
OR
mii-tool -F 100baseTx-HD
mii-tool -F 10baseT-HD
5.What are the process states in Unix?
As a process executes it changes state according to its
circumstances. Unix processes have the
following states:
Running : The process is either running or it is
ready to run .
Waiting : The process is waiting for an event or for
a resource.
Stopped : The process has been stopped, usually by
receiving a signal.
Zombie : The process is dead but have not been
removed from the process table.
6.Explain /proc filesystem?
/proc is a virtual filesystem that
provides detailed information about Linux kernel,
hardware’s and running processes.
Files under /proc directory named as Virtual files.
Because /proc contains virtual files
that’s why it is called virtual file system. These virtual files have unique
qualities.
Most of them are listed as zero
bytes in size. Virtual files such as /proc/interrupts,
/proc/meminfo, /proc/mounts, and
/proc/partitions provide an up-to-the-moment glimpse of
the system's hardware. Others, like
the /proc/filesystems file and the /proc/sys/ directory
provide system configuration information and interfaces.
7.What is the difference between hardware RAID and
Software RAID?
The hardware-based RAID is
independent from the host. A Hardware RAID device connects to
the SCSI controller and presents the
RAID arrays as a single SCSI drive.
An external RAID system moves all
RAID handling "intelligence" into a controller located in the external
disk subsystem. The whole subsystem is connected to the host via a normal SCSI
controller and appears to the host
as a single disk.
8.What is the difference between cron and anacron
Ans Cron :
1) Minimum granularity is minute
(i.e Jobs can be scheduled to be executed
every minute)
2) Cron job can be scheduled by any
normal user ( if not restricted by superuser )
3) Cron expects system to be running
24 x 7. If a job is scheduled, and
system is down during that time, job
is not executed
4) Ideal for servers
5) Use cron when a job has to be
executed at a particular hour and minute
Anacron :
1) Minimum granularity is only in
days
2) Anacron can be used only by super
user ( but there are workarounds to
make it usable by normal user )
3) Anacron doesn’t expect system to
be running 24 x 7. If a job is scheduled,
and system is down during that time,
it start the jobs when the system
comes back up.
4) Ideal for desktops and laptops
5) Use anacron when a job has to be
executed irrespective of hour and
minute
9.What is CUPS?
CUPS stands for "Common UNIX
Printing System". CUPS is a open source printing system
developed by Apple Inc. CUPS uses
the Internet Printing Protocol (IPP) to allow local printing
and print sharing.The log files for
the CUPS printing system are located in the /var/log/cups/ directory.
1) What's the command to stop Apache?
kill the specific process that httpd
is running under, or killall httpd.
If you have apachectl installed, use
apachectl stop.
2) How do you set up a virtual host in Apache?
ServerAdmin admin@phptechhelp.com
DocumentRoot
/home/apache/share/htdocs/hostedsites
ServerName www.techinterviews.com
ErrorLog
/home/apache/logs/error/hostedsites/error_log
TransferLog
/home/apache/logs/access/hostedsites/access_log
3) What is mod_vhost_alias?
It allows hosting multiple sites on
the same server via simpler
configurations.
4) What does htpasswd do?
It creates a new user in a specified
group, and asks to specify a
password for that user.
5) If you specify both deny from all and allow from all,
what
Apache Interview Questions - Nitesh
Pawar https://sites.google.com/site/pawarnitesh/home/interview-questions/apach...
1 of 3 11/25/2014 12:32 PM
will be the default action of
Apache?
In case of ambiguity deny always
takes precedence over allow.
6) How do you change the default web root?
The solution is to change the
DocumentRoot in httpd.conf file.
7) Site is accessible under many different hostnames; how
to
redirect clients so that they see only a single name?
Many sites map a variety of
hostnames to the same content. For example, www.example.com, example.com and www.example.net
may all refer to the same site. It is best to
make sure that, regardless of the
name clients use to access the site, they will be redirected to a single,
canonical hostname. This makes the site easier to maintain and assures that
there will be only one version of
the site in proxy caches and search engines.
There are two techniques to
implement canonical hostnames:
1. Use mod_rewrite as described in
the "Canonical Hostnames"
section of the URL Rewriting Guide.
2. Use name-based virtual hosting:
NameVirtualHost *
ServerName www.example.net
ServerAlias example.com
Redirect permanent /
http://www.example.com/
ServerName www.example.com
DocumentRoot
/usr/local/apache/htdocs
8) How do I turn automatic directory listings on or off?
If a client requests a URL that
designates a directory and the directory does not contain a filename that
matches the DirectoryIndex directive, then mod_autoindex can be configured to
present a listing of the directory
contents. To turn on automatic directory indexing, find the Options directive that
applies to the directory and add the Indexes
keyword. For example:
Options +Indexes
To turn off automatic directory
indexing, remove the Indexes
keyword from the appropriate Options
line. To turn off
directory listing for a particular
subdirectory, you can use Options
-Indexes. For example:
Options –Indexes
How SSL works with Apache
Whenever an https requests comes, these three steps Apache follows:- Apache generates its private key and converts that private key to .CSR file (Certificate signing request).
- Then Apache sends the .csr file to the CA (Certificate Authority).
- CA will take the .csr file and convert it to .crt (certificate) and will send that .crt file back to Apache to secure and complete the https connection request.
Apache Web Server Security and Hardening Tips
We all are very familiar with Apache web server, it is a very popular web server to host your web files or your website on the web. Here are some links which can help you to configure Apache web server on your Linux box.Here in this tutorial, I’ll cover some main tips to secure your web server. Before you apply these changes in your web server, you should have some basics of the Apache server.
- Document root Directory: /var/www/html or /var/www
- Main Configuration file: /etc/httpd/conf/httpd.conf (RHEL/CentOS/Fedora) and /etc/apache/apache2.conf (Debian/Ubuntu).
- Default HTTP Port: 80 TCP
- Default HTTPS Port: 443 TCP
- Test your Configuration file settings and syntax: httpd -t
- Access Log files of Web Server: /var/log/httpd/access_log
- Error Log files of Web Server: /var/log/httpd/error_log
1. How to hide Apache Version and OS Identity from Errors
When you install Apache with source or any other package installers like yum, it displays the version of your Apache web server installed on your server with the Operating system name of your server in Errors. It also shows the information about Apache modules installed in your server.In above picture, you can see that Apache is showing its version with the OS installed in your server. This can be a major security threat to your web server as well as your Linux box too. To prevent Apache to not to display these information to the world, we need to make some changes in Apache main configuration file.
Open configuration file with vim editor and search for “ServerSignature“, its by default On. We need to Off these server signature and the second line “ServerTokens Prod” tells Apache to return only Apache as product in the server response header on the every page request, It suppress the OS, major and minor version info.
# vim /etc/httpd/conf/httpd.conf (RHEL/CentOS/Fedora)
# vim /etc/apache/apache2.conf (Debian/Ubuntu)
ServerSignature Off
ServerTokens Prod
# service httpd restart (RHEL/CentOS/Fedora)
# service apache2 restart (Debian/Ubuntu)
2. Disable Directory Listing
By default Apache list all the content of Document root directory in the
absence of index
We can turn off directory listing by using Options directive in configuration file for a specific directory. For that we need to make an entry in httpd.conf or apache2.conf file.
Options -Indexes
3. Keep updating Apache Regularly
Apache developer community is continuously working on security issues and releasing its updated version with new security options. So It is always recommended to use the latest version of Apache as your web server.To check Apache version: You can check your current version with httpd -v command.
# httpd -v
Server version: Apache/2.2.15 (Unix)
Server built: Aug 13 2013 17:29:28
You can update your version with the
following command.# yum update httpd
# apt-get install apache2It is also recommended to keep your Kernel and OS updated to the latest stable releases if you are not running any specific application which works only on specific OS or Kernel.
4. Disable Unnecessary Modules
It’s always good to minor the chances of being a victim of any web attack. So it’s recommended to disable all those modules that are not in use currently. You can list all the compiled modules of web server, using following command.# grep LoadModule /etc/httpd/conf/httpd.conf
# have to place corresponding `LoadModule' lines at this location so the
# LoadModule foo_module modules/mod_foo.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule ext_filter_module modules/mod_ext_filter.so
....Above is the list of modules that are enabled by default but often not needed: mod_imap, mod_include, mod_info, mod_userdir, mod_autoindex. To disable the particular module, you can insert a “#” at the beginning of that line and restart the service.
5. Run Apache as separate User and Group
With a default installation Apache runs its process with user nobody or daemon. For security reasons it is recommended to run Apache in its own non-privileged account. For example: http-web.Create Apache User and Group
# groupadd http-web
# useradd -d /var/www/ -g http-web -s /bin/nologin http-webNow you need to tell Apache to run with this new user and to do so, we need to make an entry in /etc/httpd/conf/httpd.conf and restart the service.
Open /etc/httpd/conf/httpd.conf with vim editor and search for keyword “User” and “Group” and there you will need to specify the username and groupname to use.
User http-web
Group http-web
6. Use Allow and Deny to Restrict access to Directories
We can restrict access to directories with “Allow” and “Deny” options in httpd.conf file. Here in this example, we’ll be securing root directory, for that by setting the following in the httpd.conf file. Options None
Order deny,allow
Deny from all
- Options “None” – This option will not allow users to enable any optional features.
- Order deny, allow – This is the order in which the “Deny” and “Allow” directives will be processed. Here it will “deny” first and “allow” next.
- Deny from all – This will deny request from everybody to the root directory, nobody will be able to access root directory.
7. Use mod_security and mod_evasive Modules to Secure Apache
These two modules “mod_security” and “mod_evasive” are very popular modules of Apache in terms of security.Mod_security
Where mod_security works as a firewall for our web applications and allows us to monitor traffic on a real time basis. It also helps us to protect our websites or web server from brute force attacks. You can simply install mod_security on your server with the help of your default package installers.Install mod_security on Ubuntu/Debian
$ sudo apt-get install libapache2-modsecurity
$ sudo a2enmod mod-security
$ sudo /etc/init.d/apache2 force-reload
Install mod_security on RHEL/CentOS/Fedora/
# yum install mod_security
# /etc/init.d/httpd restart
Mod_evasive
mod_evasive works very efficiently, it takes one request to process and processes it very well. It prevents DDOS attacks from doing as much damage. This feature of mod_evasive enables it to handle the HTTP brute force and Dos or DDos attack. This module detects attacks with three methods.- If so many requests come to a same page in a few times per second.
- If any child process trying to make more than 50 concurrent requests.
- If any IP still trying to make new requests when its temporarily blacklisted.
8. Disable Apache’s following of Symbolic Links
By default Apache follows symlinks, we can turn off this feature with FollowSymLinks with Options directive. And to do so we need to make the following entry in main configuration file.Options -FollowSymLinksAnd, if any particular user or website need FollowSymLinks enable, we can simply write a rule in “.htaccess” file from that website.
# Enable symbolic links
Options +FollowSymLinksNote: To enable rewrite rules inside “.htaccess” file “AllowOverride All” should be present in the main configuration globally.
9. Turn off Server Side Includes and CGI Execution
We can turn off server side includes (mod_include) and CGI execution if not needed and to do so we need to modify main configuration file.Options -Includes
Options -ExecCGIWe can do this for a particular directory too with Directory tag. Here In this example, we are turning off Includes and Cgi file executions for “/var/www/html/web1” directory.
Options -Includes -ExecCGIHere are some other values with can be turned On or off with Options directive.
- Options All – To enable All options at once. This is the default value, If you don’t want specify any values explicitly in Apache conf file or .htaccess.
- Options IncludesNOEXEC – This option allows server side includes without the execute permission to a command or cgi files.
- Options MultiViews – Allows content negotiated multiviews with mod_negotiation module.
- Options SymLinksIfOwnerMatch – It’s similar to FollowSymLinks. But, this will follow only when the owner is the same between the link and the original directory to which it is linked.
10. Limit Request Size
By default Apache has no limit on the total size of the HTTP request i.e. unlimited and when you allow large requests on a web server its possible that you could be a victim of Denial of service attacks. We can Limit the requests size of an Apache directive “LimitRequestBody” with the directory tag.You can set the value in bytes from 0 (unlimited) to 2147483647 (2GB) that are allowed in a request body. You can set this limit according to your site needs, Suppose you have a site where you allows uploads and you want to limit the upload size for a particular directory.
Here in this example, user_uploads is a directory which contains files uploaded by users. We are putting a limit of 500K for this.
LimitRequestBody 512000
11. Protect DDOS attacks and Hardening
Well, it’s true that you cannot completely protect your web site from DDos attacks. Here are some directives which can help you to have a control on it.- TimeOut : This directive allows you to set the amount of time the server will wait for certain events to complete before it fails. Its default value is 300 secs. It’s good to keep this value low on those sites which are subject to DDOS attacks. This value totally depends on kind of request you are getting on your website. Note: It could pose problems with come CGI scripts.
- MaxClients : This directive allows you to set the limit on connections that will be served simultaneously. Every new connection will be queued up after this limit. It is available with Prefork and Worker both MPM. The default value of it is 256.
- KeepAliveTimeout : Its the amount of time the server will wait for a subsequent request before closing the connection. Default value is 5 secs.
- LimitRequestFields : It helps us to set a limit on the number of HTTP request’s header fields that will be accepted from the clients. Its default value is 100. It is recommended to lower this value if DDos attacks are occurring as a result of so many http request headers.
- LimitRequestFieldSize : It helps us to set a size limit on the HTTP Request header.
12. Enable Apache Logging
Apache allows you to logging independently of your OS logging. It is wise to enable Apache logging, because it provides more information, such as the commands entered by users that have interacted with your Web server.To do so you need to include the mod_log_config module. There are three main logging-related directives available with Apache.
- TransferLog: Creating a log file.
- LogFormat : Specifying a custom format.
- CustomLog : Creating and formatting a log file.
DocumentRoot /var/www/html/example.com/
ServerName www.example.com
DirectoryIndex index.htm index.html index.php
ServerAlias example.com
ErrorDocument 404 /story.php
ErrorLog /var/log/httpd/example.com_error_log
CustomLog /var/log/httpd/example.com_access_log combined
13. Securing Apache with SSL Certificates
Last, but not the least SSL certificates, you can secure your all the communication in an encrypted manner over the Internet with SSL certificate. Suppose you have a website in which people login by proving their Login credentials or you have an E- Commerce website where people provides their bank details or Debit/Credit card details to purchase products, by default your web server send these details in plain – text format but when you use SSL certificates to your websites, Apache sends all this information in encrypted text.You can purchase SSl certificates from So many different SSL providers like namecheap.com. If you are running a very small web business and do not willing to purchase an SSL certificate you can still assign a Self signed certificate to your website. Apache uses the mod_ssl module to support SSL certificate.
# openssl genrsa -des3 -out example.com.key 1024
# openssl req -new -key example.com.key -out exmaple.csr
# openssl x509 -req -days 365 -in example.com.com.csr -signkey example.com.com.key -out example.com.com.crtOnce your certificate has been created and signed. Now you need to add this in Apache configuration. Open main configuration file with vim editor and add the following lines and restart the service.
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/example.com.crt
SSLCertificateKeyFile /etc/pki/tls/certs/example.com.key
SSLCertificateChainFile /etc/pki/tls/certs/sf_bundle.crt
ServerAdmin ravi.saive@example.com
ServerName example.com
DocumentRoot /var/www/html/example/
ErrorLog /var/log/httpd/example.com-error_log
CustomLog /var/log/httpd/example.com-access_log common
Open up your browser, type https://example.com, and you
will be able to see the new self-signed certificate.Network Related Commands
# dhclient eth0
active interface 'eth0' in dhcp mode
# ethtool eth0
show network statistics of eth0
# host www.example.com
lookup hostname to resolve name to ip address and viceversa
# hostname
show hostname of system
# ifconfig eth0
show configuration of an ethernet network card
# ifconfig eth0 192.168.1.1 netmask 255.255.255.0
configure IP Address
# ifconfig eth0 promisc
configure 'eth0' in promiscuous mode to gather packets (sniffing)
# ifdown eth0
disable an interface 'eth0'
# ifup eth0
activate an interface 'eth0'
# ip link show
show link status of all network interfaces
# iwconfig eth1
show wireless networks
# iwlist scan
wifi scanning to display the wireless connections available
# mii-tool eth0
show link status of 'eth0'
# netstat -tup
show all active network connections and their PID
# netstat -tupl
show all network services listening on the system and their PID
# netstat -rn
show routing table alike "route -n"
# nslookup www.example.com
lookup hostname to resolve name to ip address and viceversa
# route -n
show routing table
# route add -net 0/0 gw IP_Gateway
configure default gateway
# route add -net 192.168.0.0 netmask 255.255.0.0 gw 192.168.1.1
configure static route to reach network '192.168.0.0/16'
# route del 0/0 gw IP_gateway
remove static route
# echo "1" > /proc/sys/net/ipv4/ip_forward
activate ip routing
# tcpdump tcp port 80
show all HTTP traffic
# whois www.example.com
lookup on Whois database
active interface 'eth0' in dhcp mode
# ethtool eth0
show network statistics of eth0
# host www.example.com
lookup hostname to resolve name to ip address and viceversa
# hostname
show hostname of system
# ifconfig eth0
show configuration of an ethernet network card
# ifconfig eth0 192.168.1.1 netmask 255.255.255.0
configure IP Address
# ifconfig eth0 promisc
configure 'eth0' in promiscuous mode to gather packets (sniffing)
# ifdown eth0
disable an interface 'eth0'
# ifup eth0
activate an interface 'eth0'
# ip link show
show link status of all network interfaces
# iwconfig eth1
show wireless networks
# iwlist scan
wifi scanning to display the wireless connections available
# mii-tool eth0
show link status of 'eth0'
# netstat -tup
show all active network connections and their PID
# netstat -tupl
show all network services listening on the system and their PID
# netstat -rn
show routing table alike "route -n"
# nslookup www.example.com
lookup hostname to resolve name to ip address and viceversa
# route -n
show routing table
# route add -net 0/0 gw IP_Gateway
configure default gateway
# route add -net 192.168.0.0 netmask 255.255.0.0 gw 192.168.1.1
configure static route to reach network '192.168.0.0/16'
# route del 0/0 gw IP_gateway
remove static route
# echo "1" > /proc/sys/net/ipv4/ip_forward
activate ip routing
# tcpdump tcp port 80
show all HTTP traffic
# whois www.example.com
lookup on Whois database
How to Work with the Network from the Linux Terminal: 11 Commands You Need to Know
Whether you want to download files, diagnose network problems, manage your network interfaces, or view network statistics, there’s a terminal command for that. This collection contains the tried and true tools and a few newer commands.
You can do most of this from a graphical desktop, although even Linux users that rarely use the terminal often launch one to use ping and other network diagnostic tools.
curl & wget
Use the curl or wget commands to download a file from the Internet without leaving the terminal. If you’re using curl, type curl -O followed by the path to the file. wget users can use wget without any options.. The file will appear in the current directory.curl -O website.com/file
wget website.com/file
ping
ping sends ECHO_REQUEST packets to the address you specify. It’s a great way to see whether your computer can communicate with the Internet or a specific IP address. Bear in mind that many systems are configured not to respond to pings, however.Unlike the ping command on Windows, the Linux ping command will keep sending packets until you terminate it. You can specify a finite amount of packets with the -c switch.
ping -c 4 google.com
tracepath & traceroute
The tracepath command is similar to traceroute, but it doesn’t require root privileges. It’s also installed by default on Ubuntu, while traceroute isn’t. tracepath traces the network path to a destination you specify and reports each “hop” along the path. If you’re having network problems or slowness, tracepath can show you where the network is failing or where the slowness is occurring.
tracepath example.com
mtr
The mtr command combines ping and tracepath into a single command. mtr will continue to send packets, showing you the ping time to each “hop.” This will also show you any problems — in this case, we can see that hop 6 is losing over 20% of the packets.mtr howtogeek.com
Press q or Ctrl-C to quit when you’re done.
host
The host command performs DNS lookups. Give it a domain name and you’ll see the associated IP address. Give it an IP address and you’ll see the associated domain name.host howtogeek.com
host 208.43.115.82
whois
The whois command will show you a website’s whois records, so you can view more information about who registered and owns a specific website.whois example.com
ifplugstatus
The ifplugstatus command will tell you whether a cable is plugged into a network interface or not. It isn’t installed by default on Ubuntu. Use the following command to install it:sudo apt-get install ifplugd
Run the command to see the status of all interfaces or specify a specific interface to view its status.
ifplugstatus
ifplugstatus eth0
“Link beat detected” means the cable is plugged in. You’ll see “unplugged” if it isn’t.
ifconfig
The ifconfig command has a variety of options to configure, tune, and debug your system’s network interfaces. It’s also a quick way to view IP addresses and other network interface information. Type ifconfig to view the status of all currently active network interfaces, including their names. You can also specify an interface’s name to view only information about that interface.ifconfig
ifconfig eth0
ifdown & ifup
The ifdown and ifup commands are the same thing as running ifconfig up or ifconfig down. Given an interface’s name, they take the interface down or bring it up. This requires root permissions, so you have to use sudo on Ubuntu.sudo ifdown eth0
sudo ifup eth0
Try this on a Linux desktop system and you’ll probably get an error message. Linux desktops usually use NetworkManager, which manages network interfaces for you. These commands will still work on servers without NetworkManager, though.
If you really need to configure NetworkManager from the command line, use the nmcli command.
dhclient
The dhclient command can release your computer’s IP address and get a new one from your DHCP server. This requires root permissions, so use sudo on Ubuntu. Run dhclient with no options to get a new IP address or use the -r switch to release your current IP address.sudo dhclient -r
sudo dhclient
netstat
The netstat command can show a lot of different interface statistics, including open sockets and routing tables. Run the netstat command with no options and you’ll see a list of open sockets.There’s a lot more you can do with this command. For example, use the netstat -p command to view the programs associated with open sockets.
View detailed statistics for all ports with netstat -s.
DISPLAY DETAILS OF NETWORK INTERFACES
Display info on all network interfaces on server, active or inactive:
$ ifconfig -a
To see details of eth0
interface:
$ ifconfig eth0
If eth0 exists would take it down, disabling it to send or receive any
information:
$ ifconfig eth0 down
If eth0 exists and is in the down state, this would return it back to the up
state allowing to to send and receive information:
$ ifconfig eth0 up
Assign eth0 with the above values for IP, netmask and broadcast address:
$ ifconfig eth0
192.168.1.102 \
netmask 255.255.255.0 \
broadcast 192.168.1.255
Another command to get details of Network Interfaces is: netmask 255.255.255.0 \
broadcast 192.168.1.255
$ sudo lshw
To get information on the configured routes:
$ route $ route -n
To get information on routing tables, all open ports, all listening ports,
etc.:
$ netstat
$ netstat -nr
(same as route, -n returns IP address instead of hostname, -r prints the routing table);
$ netstat -a
(lists all open ports);
$ netstat -l
(lists all listening ports);
$ netstat -nr
(same as route, -n returns IP address instead of hostname, -r prints the routing table);
$ netstat -a
(lists all open ports);
$ netstat -l
(lists all listening ports);
TO CONFIGURE THE NETWORK INTERFACE
Persistent configuration
The file '/etc/network/interfaces'
(for Ubuntu and Debian distributions only) lists all the network
interfaces and its configuration.
Sample /etc/network/interfaces
#
This file describes the network interfaces available on your system
# and how to activate them. For more information, see interface(5).
# The loopback interfaces
auto lo
iface lo inet loopback
# The primary network interfaces
# eth0 configured for dhcp
auto eth0
iface eth0 inet dhcp
# eth1 manually configured
auto eth1
#to automatically configure it during boot-up
iface eth1 inet static
address 192.168.10.20
netmask 255.255.255.0
gateway 192.168.10.1
# See 'man interfaces' for more options
Now run the command: # and how to activate them. For more information, see interface(5).
# The loopback interfaces
auto lo
iface lo inet loopback
# The primary network interfaces
# eth0 configured for dhcp
auto eth0
iface eth0 inet dhcp
# eth1 manually configured
auto eth1
#to automatically configure it during boot-up
iface eth1 inet static
address 192.168.10.20
netmask 255.255.255.0
gateway 192.168.10.1
# See 'man interfaces' for more options
$
sudo /etc/init.d/networking restart
to restart the network with new
settings.
In case of problems
Try 'dhclient'
command to get IP from a DHCP server. (ifconfig may work subsequently!). Initially no n/w adpaters may be set. Only the loopback would be available.
In case of problems, check the file '/etc/udev/rules.d/70-persistent-net.rules' and ensure that the hardware-names (MAC address) of the ethx adapters are correct. The interface will not come up if there is any mismatch with the actual MAC address. This can happen especially when we move/ export Virtual Machines from one to another (VMWare, VirtualBox). In such cases get the actual MAC address of the interface and enter it in the file at the ATTR{address}=="" part.
Also check the file '/etc/network/interfaces' (for Ubuntu and Debian distributions only, as explained above) where all the network interfaces and its configuration are listed.
To create a network interface without IP address
iface
eth0 inet manual
pre-up config $IFACE up
post-down ifconfig #IFACE down
To set DNS Server for lookuppre-up config $IFACE up
post-down ifconfig #IFACE down
To set up a persistent DNS lookup, add the IP address of DNS server to the file /etc/resolv.conf
This is similar to distributions other than Ubuntu.
Networking is an essential part Unix
and it offer lots of tools and
command to diagnose any networking
problem. When I was
working on FIX Protocol we get lot
of support queries to see
whether FIX Sessions are connected
or not. Since FIX Protocol
uses sockets you can use net stat ,
telnet and other networking
command available in Linux for
finding problem and solve that.In
this article I will show you basic
networking commands in Unix
and for what purpose they are used.
with the combination of grep
and find command on them you can
troubleshoot most of
networking problem.
Networking Commands Example in Unix
and Linux
These are most useful commands in my
list while working on Linux server , this enables you to quickly
troubleshoot connection issues e.g.
whether other system is connected or not , whether other host is
responding or not and while working
for FIX connectivity for advanced trading system this tools saves
quite a lot of time .
This article is in continuation of
my article How to work fast in Unix and Unix Command tutorials and Examples for
beginners.
• finding host/domain name and IP
address - hostname
• test network connection – ping
• getting network configuration – ifconfig
• Network connections, routing
tables, interface statistics – netstat
• query DNS lookup name – nslookup
• communicate with other hostname – telnet
• outing steps that packets take to
get to network host – traceroute
• view user information – finger
• checking status of destination
host - telnet
Example of Networking commands in
Unix
let's see some example of various
networking command in Unix and Linux. Some of them are quite basic e.g. ping
and telnet and some are more
powerful e.g. nslookup and netstat. When you used these commands in combination
of find and grep you can get
anything you are looking for e.g. hostname, connection end points, connection
status
etc.
hostname
hostname with no options displays the machines host name
hostname –d displays the domain name the machine belongs to
hostname –f displays the fully qualified host and domain name
hostname –i displays the IP address for the current machine
ping
It sends packets of information to
the user-defined source. If the packets are received, the destination device
sends
packets back. Ping can be used for
two purposes
1. To ensure that a network
connection can be established.
2. Timing information as to the
speed of the connection.
If you do ping www.yahoo.com it
will display its IP address. Use ctrl+C to stop the test.
ifconfig
View network configuration, it
displays the current network adapter configuration. It is handy to determine if
you are
getting transmit (TX) or receive
(RX) errors.
Best of Javarevisited
How Android works, Introduction for
Java
Programmers
Difference between Java and Scala
Programming
Top 5 Java Programming Books for
Developers
Top 10 JDBC Best Practices for Java
programmers
Tips and Best practices to avoid
NullPointerException in Java
10 Object Oriented Design Principles
Java
Programmer Should Know
10 HotSpot JVM Options, Every Java
Programmer
Should Know
Followers
Follow Us
Javarevisited
Blog about Java programming
language, FIX Protocol, Tibco Rendezvous and related Java technology stack.
Top 10 basic networking commands in
linux/unix
http://javarevisited.blogspot.in/2010/10/basic-networking-commands-in-l...
1 of 3 11/25/2014 1:25 PM
netstat
Most useful and very versatile for
finding connection to and from the host. You can find out all the multicast
groups
(network) subscribed by this host by
issuing "netstat -g"
netstat -nap | grep port will display process id of application which is using that
port
netstat -a or netstat –all will display all connections including TCP and UDP
netstat --tcp or netstat –t will display only TCP connection
netstat --udp or netstat –u will display only UDP connection
netstat -g will display all multicast network subscribed by this host.
nslookup
If you know the IP address it will
display hostname. To find all the IP addresses for a given domain name, the
command nslookup is used. You must
have a connection to the internet for this utility to be useful.
E.g. nslookup blogger.com
You can also use nslookup to convert
hostname to IP Address and from IP Address
from hostname.
traceroute
A handy utility to view the number
of hops and response time to get to a remote system or web site is traceroute.
Again you need an internet
connection to make use of this tool.
finger
View user information, displays a
user’s login name, real name, terminal name and write status. this is pretty
old unix
command and rarely used now days.
telnet
Connects destination host via telnet
protocol, if telnet connection establish on any port means connectivity between
two hosts is working fine.
telnet hostname port will telnet hostname with the port specified. Normally it
is used to see whether host is alive
and network connection is fine or
not.
netstat
Displays contents of /proc/net files. It works with the Linux Network Subsystem, it will
tell you what the status of ports are ie. open, closed,
waiting, masquerade connections. It
will also display various other things. It has many different options.
tcpdump
This is a sniffer, a program that captures packets off a network interface and
interprets them for you. It understands all basic internet protocols,
and can be used to save entire packets for
later inspection.
ping
The ping command (named after
the sound of an active sonar system) sends echo
requests to the host you specify on the command line, and lists the
responses received their round trip
time.
You simply use ping as:
ping ip_or_host_name
Please note: Using ping/smbmount/ssh or
other UNIX system programs with a computer name
rather than IP address will only work if you have the computer listed in your /etc/hosts file. Here is an
example:
192.168.1.100 new
This line says that their is a
computer called “new” with IP address 192.168.1.100. Now that it exists in the /etc/hosts file I don't have to
type the IP address anymore, just the name “new”.
hostname
traceroute
traceroute
will show the route of a packet. It attempts to list the
series of hosts through which your packets travel on
their way to a given destination. Also have a look at xtraceroute (one of several graphical
equivalents of this program).
Command syntax:
traceroute machine_name_or_ip
tracepath
tracepath
performs a very simlar function to traceroute the main difference is
that tracepath doesn't take complicated options.
Command syntax:
tracepath machine_name_or_ip
findsmb
findsmb
is used to list info about machines that
respond to SMB name queries (for example windows based machines sharing their hard disk's).
Command syntax:
findsmb
This would find all machines possible, you may need to specify a particular
subnet to query those machines only...
nmap
“ network exploration
tool and security scanner”. nmap is a very advanced network
tool used to query machines (local or remote) as to whether
they are up and what ports are open on
these machines.
A simple usage example:
nmap machine_name
This would query your own machine as
to what ports it keeps open. nmap is a very powerful tool,
documentation is available on the nmap site as well as the information in the manual page.
Network Configuration
ifconfig
This command is used to
configure network interfaces, or to display their current configuration.
In addition to activating and deactivating interfaces
with the “up” and “down” settings, this
command is necessary for setting an interface's address information if you don't have the ifcfg script.
Use ifconfig as
either:
ifconfig
ifconfig eth0 down
This will take eth0 (assuming the device exists) down, it won't be able to receive or send anything until you put the device
back “up” again.
Clearly there are a lot more options for this tool,
you will need to read the manual/info page to learn more about them.
ifup
Use ifup
device-name to bring an interface up by
following a script (which will contain your default networking settings).
Simply type ifup and
you will get help on using the script.
For example typing:
ifup eth0
ifdown
Use
ifdown device-name to bring an interface down
using a script (which will contain your default network settings). Simply type ifdown and you will get help
on using the script.
For example typing:
ifdown eth0
ifcfg
ifcfg eth0 del 192.168.0.1
ifcfg eth0 add 192.168.0.2
The first command takes eth0 down
and removes that stored IP address and the second one brings it back up with the new address.
route
The route
command is the tool used to display or modify the routing table. To
add a gateway as the default you would type:
route add default gw some_computer
0 comments:
Post a Comment