This is an assignment h7 - Linux palvelimet ICT4TN021-8 in Haaga-Helia University of Applied Sciences

Last assignment in this course was to do an old lab test from earlier courses. In the lab exercise that I chose, you needed to make the following things:

  • Make PHP-sites remotely

  • Make users for: Jorma Mähkylä, Pekka Hurme, Ronaldo Smith, Håkan Petersson, Einari Mikkonen, Einari Vähäkäähkä, Eija Vähäkäähkä

  • Make sample HTML-site for each of them

  • Give sudo privileges to Maija Virtanen

  • Make Jorma’s site to be visible at sleep.example.com

  • Enable firewall

  • Create a command with Python that prints greeting and make it possible to execute despite the user or location

  • Create a Debian metapackage which installs git, ipython3, meld and gedit

I created a new server with DigitalOcean for this exercise in which I’m going do these steps. I also work in root in this exercise, which is indicated by # in beginning of shell, since I made this server only for this exercise.

Installing Apache and PHP

Install Apache and PHP with apt:

# apt-get update

# apt-get install apache2 php libapache2-mod-php

Test the working of Apache:

# curl -s localhost |grep title
    <title>Apache2 Ubuntu Default Page: It works</title>

Remove the default Apache page:

# echo ':)' > /var/www/html/index.html 
# curl localhost
:)

Test the working of PHP:

# echo '<?php phpInfo(); ?>' > /var/www/html/info.php

# curl -s localhost/info.php |grep title
<title>phpinfo()</title><meta name="ROBOTS" content="NOINDEX,NOFOLLOW,NOARCHIVE" /></head>

# rm /var/www/html/info.php

PHP made the test info page. It is recommended to delete this, since we don’t want other people to get information about our system if its not necessary.

Apache mod_userdir

Enable mod_userdir:

# a2enmod userdir
Enabling module userdir.
To activate the new configuration, you need to run:
  service apache2 restart

Restart Apache:

# systemctl restart apache2.service 

Add Users

Make public_html with index.html inside it, which is then copied over newly made users:

# mkdir /etc/skel/public_html/

# touch /etc/skel/public_html/index.html

Install pwgen:

# apt-get install pwgen

Generate nine strong passwords for users and copy them to pw.txt file:

# pwgen -nsy 12 8 > pw.txt

Make the file only writable and readable by root:

# chmod 600 pw.txt 

# ls -l
total 4
-rw------- 1 root root 117 Mar  9 12:20 pw.txt

Then I just add users according to each password:

# nano pw.txt

# cat pw.txt
jorma		[email protected]$^_rDm
pekka		\:4cRy^/a0%(
ronaldo		t4:7E$,QeKPj
hakan		=V98-/`'+}4~
einarim		%I6qI]XY!m0T
einariv		K>s8%[8LjGLV
eija		s9MKY.<e:.C~
maija		5C/qtw(>'3D_	

Then I just create the users according to this file:

# adduser jorma

# adduser pekka

# adduser ronaldo

# adduser hakan

# adduser einarim

# adduser einariv

# adduser eija

# adduser maija

Then I give sudo privileges to user maija:

# adduser maija sudo

# adduser maija admin

# adduser maija adm

Sample Sites for Users

Then I test the working of mod_userdir and insert user’s username to the front page of their website:

# runuser -l jorma -c 'whoami > ~/public_html/index.html'

# curl localhost/~jorma/
jorma

I’ll just make sure that the ownership of that file belongs to the correct user:

# ls -l /home/jorma/public_html/
total 4
-rw-r--r-- 1 jorma jorma 6 Mar  9 13:09 index.html

Then I just create sites for the rest of the users:

# runuser -l pekka -c 'whoami > ~/public_html/index.html'
# runuser -l ronaldo -c 'whoami > ~/public_html/index.html'
# runuser -l hakan -c 'whoami > ~/public_html/index.html'
# runuser -l einarim -c 'whoami > ~/public_html/index.html'
# runuser -l einariv -c 'whoami > ~/public_html/index.html'
# runuser -l eija -c 'whoami > ~/public_html/index.html'
# runuser -l maija -c 'whoami > ~/public_html/index.html'
# curl localhost/~pekka/
pekka
# curl localhost/~ronaldo/
ronaldo
# curl localhost/~hakan/
hakan
# curl localhost/~einarim/
einarim
# curl localhost/~einariv/
einariv
# curl localhost/~eija/
eija
# curl localhost/~maija/
maija

Should’ve used shell script for these

sleep.example.com

To make Jorma’s website visible at sleep.example.com:

# nano /etc/hosts
.
.
.
127.0.0.1 sleep.example.com
.
.
.
# nano /etc/apache2/sites-available/sleep.example.com.conf
<VirtualHost *:80>
	ServerName sleep.example.com
	ServerAlias www.sleep.example.com	

	ServerAdmin [email protected]
	DocumentRoot /home/jorma/public_html/

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	<Directory /home/jorma/public_html/>
		Require all granted
	</Directory>
</VirtualHost>
# a2ensite sleep.example.com.conf

# systemctl restart apache2.service
# curl sleep.example.com
jorma

Enable Firewall

First allow HTTP and HTTPS traffic on Apache and allow SSH connections before enabling firewall:

# ufw allow in "Apache Full"

# ufw allow in OpenSSH

# ufw enable

Global Python Command

# nano pygreet.py
#!/usr/bin/python3

print("Hello to you!")
# chmod ugo+x pygreet.py

# cp pygreet.py /usr/local/bin/

# pygreet.py 
Hello to you!

# runuser -l jorma -c 'pygreet.py'
Hello to you!

Debian Metapackage

Install equivs and gdebi:

# apt-get install equivs gdebi

Create the source file for the package:

# equivs-control coding-guru.cfg

# nano coding-guru.cfg
# cat coding-guru.cfg
### Commented entries have reasonable defaults.
### Uncomment to edit them.
# Source: <source package name; defaults to package name>
Section: misc
Priority: optional
# Homepage: <enter URL here; no default>
Standards-Version: 3.9.2

Package: coding-guru
# Version: <enter version here; defaults to 1.0>
# Maintainer: Your Name <[email protected]>
# Pre-Depends: <comma-separated list of packages>
Depends: git, ipython3, meld, gedit
# Recommends: <comma-separated list of packages>
# Suggests: <comma-separated list of packages>
# Provides: <comma-separated list of packages>
# Replaces: <comma-separated list of packages>
# Architecture: all
# Multi-Arch: <one of: foreign|same|allowed>
# Copyright: <copyright file; defaults to GPL2>
# Changelog: <changelog file; defaults to a generic changelog>
# Readme: <README.Debian file; defaults to a generic one>
# Extra-Files: <comma-separated list of additional files for the doc directory>
# Files: <pair of space-separated paths; First is file to include, second is destination>
#  <more pairs, if there's more than one file to include. Notice the starting space>
Description: <short description; defaults to some wise words> 
 long description and info
 .
 second paragraph

Build the package:

# equivs-build coding-guru.cfg

Install the package:

# gdebi -n coding-guru_1.0_all.deb