Mysql Developing And Programming, Personal Web Hosting Blog

Installing Linux If someone hasn t already installed and configured a Linux system for you, this chapter is going to help you get started so you can try out the Linux features described in the rest of the book. If you are a first-time Linux user, I recommend that you: . Try a bootable Linux This book s DVD includes several bootable Linux systems. The advantage of a bootable Linux is that you can try out Linux without touching the contents of your computer s hard disk. In particular, KNOPPIX is a full-featured Linux system that can give you a good feel for how Linux works. Using the DVD, you can boot directly to KNOPPIX; using the CD you can boot directly to Damn Small Linux. Other bootable Linux distributions that come with this book are listed in Appendix A. . Install a desktop Linux system Choose one of the other Linux distributions and install it on your computer s hard disk. This gives you more flexibility for adding and removing software, accessing and saving data to hard disk, and more permanently customizing your system. Installing Linux as a desktop system lets you try out some useful applications and get the feel for Linux before dealing with more complex server issues. This chapter provides you with an overview of how to choose a Linux distribution, and then describes issues and topics that are common to installing most Linux distributions. Appendix A describes which Linux distributions are included on this book s DVD and CD and how to either boot them from the DVD or burn them to CD for installation. Each of the other chapters in this part of the book is dedicated to understanding and installing a particular Linux distribution. After you ve installed Linux, you ll want to understand how to get and manage software for your Linux system. These are important topics that are covered throughout the book, but this chapter describes the major packaging formats and tools to get you going. C7H A P T E R . . . . In This Chapter Choosing a Linux distribution Getting a Linux distribution . . . .
We recommend cheap and reliable webhost to host and run your web applications: Coldfusion Web Hosting services.

Choosing and Installing a Linux Distribution . . . . In This Part Chapter 7 Installing Linux Chapter 8 Running Fedora Core and Red Hat Enterprise Linux Chapter 9 Running Debian GNU/Linux Chapter 10 Running SUSE Linux Chapter 11 Running KNOPPIX Chapter 12 Running Yellow Dog Linux Chapter 13 Running Gentoo Linux Chapter 14 Running Slackware Linux Chapter 15 Running Linspire Chapter 16 Running Mandriva Chapter 17 Running Ubuntu Linux Chapter 18 Running a Linux Firewall/Router Chapter 19 Running Bootable Linux Distributions . . . . P A R T IIIIII
Go visit our java server pages services for a reliable, lowcost webhost to satisfy all your needs.

Chapter 6 . Securing Linux 239 Using Security Tools Linux Distributions If you suspect your computers or networks have been exploited, there are a wide range of security tools available for Linux you can use to scan for viruses, do forensics, or monitor activities of intruders. The best way to learn about and use many of these tools is by using dedicated, bootable Linux distributions built specifically for security. Refer to Chapter 18 for information on several bootable, security-oriented Linux distributions you can use to monitor and troubleshoot the security of your computer systems and networks. The chapter also includes various tools you can try out. Summary Securing your Linux system is something you need to do from the very beginning and continue as you use your Linux system. By implementing good security practices (such as practices described in the security checklist at the beginning of this chapter), you stand a better chance of keeping out intruders over the long haul. Going forward, you can help keep your Linux system secure by using encrypted network applications (such as ssh), monitoring log files, and adhering to good password techniques. If your Linux system is being used as a server, you need to take particular care in narrowing the access to the server and protecting data, using such tools as TCP wrappers (to limit who can use your server) and certificates (to ensure that both ends of communications with your Web server are authenticated). . . .
Go visit our java server pages services for a reliable, lowcost webhost to satisfy all your needs.

238 Part II . Running the Show Country Name (2 letter code) [GB]:US State or Province Name (full name) [Berkshire]: Ohio Locality Name (eg, city) [Newbury]: Cincinnati Organization Name (eg, company) [My Company Ltd]:Industrial Press, Inc. Organizational Unit Name (eg, section) []:IT Common Name (eg, your name or your server s hostname) []:www.industrialpressinc.com Email Address []: webmaster@industrialpressinc.com The generation process in this example places all files in the proper place. All you need to do is restart your Web server and add https instead of http in front of your URL. Don t forget that you ll get a certificate validation message from your Web browser, which you can safely ignore. Restarting Your Web Server By now you ve probably noticed that your Web server requires you to enter your certificate password every time it is started. This is to prevent someone from breaking into your server and stealing your private key. Should this happen, you are safe in the knowledge that the private key is a jumbled mess. The cracker will not be able to make use of it. Without such protection, a cracker could get your private key and easily masquerade as you, appearing to be legitimate in all cases. If you just cannot stand having to enter a password every time your Web server starts, and are willing to accept the increased risk, you can remove the password encryption on your private key. Simply do the following: # cd /etc/httpd/conf/ssl.key # /usr/bin/openssl rsa -in server.key -out server.key Troubleshooting Your Certificates The following tips should help if you are having problems with your SSL certificate: . Only one SSL certificate per IP address is allowed. If you want to add more than one SSL-enabled Web site to your server, you must bind another IP address to the network interface. . Make sure the permission mask on the /etc/httpd/conf/ssl.* directories and their contents is 700 (rwx——). . Make sure you aren t blocking port 443 on your Web server. All https requests come in on port 443. If you are blocking it, you will not be able to get secure pages. . The certificate lasts for one year only. When that year is up, you have to renew your certificate with your certificate authority. Each certificate authority has a different procedure for doing this; check the authority s Web site for more details. . Make sure you have the mod_ssl package installed. If it is not installed, you will not be able to serve any SSL-enabled traffic.
You need excellent and relaible webhost company to host your web applications? Then pay a visit to Inexpensive Web Hosting services.

Chapter 6 . Securing Linux 237 8lLZXnaR+acHeStR01b3rQPjgv2y1mwjkPmC1WjoeYfdxH7+Mbg/6fomnK9auWAT WF0iFW/+a8OWRYQJLMA2VQOVhX4znjpGcVNY9AQSHm1UiESJy7vtd1iX —–END CERTIFICATE—– Copy and paste this certificate into an empty file called server.crt, which must reside in the /etc/httpd/conf/ssl.crt directory, and restart your Web server: # service httpd restart Assuming your Web site was previously working fine, you can now view it in a secure fashion by placing an s after the http in the Web address. So if you previously viewed your Web site at http://www.acmemarina.com, you can now view it in a secure fashion by going to https://www.acmemarina.com. Creating Self-Signed Certificates Generating and running a self-signed SSL certificate is much easier than having a signed certificate. To generate a self-signed SSL certificate, do the following: 1. Remove the key and certificate that currently exist: # cd /etc/httpd/conf # rm ssl.key/server.key ssl.crt/server.crt 2. Create your own server key: # make genkey 3. Create the self-signed certificate by typing the following: # make testcert umask 77 ; /usr/bin/openssl req -new -key /etc/httpd/conf/ssl.key/server.key -x509 -days 365 -out /etc/httpd/conf/ssl.key/server.crt … At this point, it is time to start adding some identifying information to the certificate. Before you can do this, you must unlock the private key you just created. Do so by typing the password you typed earlier. Then follow this sample procedure: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter . , the field will be left blank. —–
If you are looking for cheap and quality webhost to host and run your website check Jboss Web Hosting services.

236 Part II . Running the Show After you have selected your certificate signer, you have to go through some validation steps. Each signer has a different method of validating identity and certificate information. Some require that you fax articles of incorporation, while others require a company officer be made available to talk to a validation operator. At some point in the process you will be asked to copy and paste the contents of the CSR you created into the signer s Web form. # cd /etc/httpd/conf/ssl.csr # cat server.csr —–BEGIN CERTIFICATE REQUEST—– MIIB6jCCAVMCAQAwgakxCzAJBgNVBAYTAlVTMRQwEgYDVQQIEwtDb25uZWN0aWN1 dDEPMA0GA1UEBxMGTXlzdGljMRowGAYDVQQKExFBY21lIE1hcmluYSwgSW5jLjER MA8GA1UECxMISW5mb1RlY2gxGzAZBgNVBAMTEnd3dy5hY21lbWFyaW5hLmNvbTEn MCUGCSqGSIb3DQEJARYYd2VibWFzdGVyQGFjbWVtYXJpbmEuY29tMIGfMA0GCSqG SIb3DQEBAQUAA4GNADCBiQKBgQDcYH4pjMxKMldyXRmcoz8uBVOvwlNZHyRWw8ZG u2eCbvgi6w4wXuHwaDuxbuDBmw//Y9DMI2MXg4wDq4xmPi35EsO1Ofw4ytZJn1yW aU6cJVQro46OnXyaqXZOPiRCxUSnGRU+0nsqKGjf7LPpXv29S3QvMIBTYWzCkNnc gWBwwwIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEANv6eJOaJZGzopNR5h2YkR9Wg l8oBl3mgoPH60Sccw3pWsoW4qbOWq7on8dS/++QOCZWZI1gefgaSQMInKZ1II7Fs YIwYBgpoPTMC4bp0ZZtURCyQWrKIDXQBXw7BlU/3A25nvkRY7vgNL9Nq+7681EJ8 W9AJ3PX4vb2+ynttcBI= —–END CERTIFICATE REQUEST—– You can use your mouse to copy and paste the CSR into the signer s Web form. After you have completed the information validation, paid for the signing, and answered all of the questions, you have completed most of the process. Within 48 to 72 hours you should receive an e-mail with your shiny new SSL certificate in it. The certificate will look similar to the following: —–BEGIN CERTIFICATE—– MIIEFjCCA3+gAwIBAgIQMI262Zd6njZgN97tJAVFODANBgkqhkiG9w0BAQQFADCB ujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVy aVNpZ24sIEluXy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2Vy dmVyIENBIC0gZ2xhc3MgMzFJMEcG10rY2g0Dd3d3LnZlcmlzaWduLmNvbS9DUFMg SW5jb3JwLmJ51FJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0w MzAxMTUwMDAwMDBaFw0wNDAxMTUyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzETMBEG A1UECBMKV2FzaG1uZ3RvHiThErE371UEBxQLRmVkZXJhbCBXYXkxGzAZBgNVBAoU EklETSBTZXJ2aWMlcywgSW5jLjEMMAoGA1UECxQDd3d3MTMwMQYDVQQLFCpUZXJt cyBvZiB1c2UgYXQgd3d3LnZlcmlzawduLmNvbS9ycGEgKGMpMDAxFDASBgNVBAMU C2lkbXNlcnYuY29tMIGfMA0GCSqGS1b3DQEBAQUAA4GNADCBiQKBgQDaHSk+uzOf 7jjDFEnqT8UBa1L3yFILXFjhj3XpMXLGWzLmkDmdJjXsa4×7AhEpr1ubuVNhJVI0 FnLDopsx4pyr4n+P8FyS4M5grbcQzy2YnkM2jyqVF/7yOW2pDl30t4eacYYaz4Qg q9pTxhUzjEG4twvKCAFWfuhEoGu1CMV2qQ1DAQABo4IBJTCCASEwCQYDVR0TBAIw ADBEBgNVHSAEPTA7MDkGC2CGSAGG+EUBBxcDMCOwKAYIKwYBBQUHAgEWHGh0dHBz Oi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwCwYDVRRPBAQDAgWgMCgGA1UdJQQhMB8G CWCGSAGG+EIEM00c0wIYBQUHAwEGCCsGAQUFBwmCMDQGCCsGAQUFBwEBBCgwJjAk BggrBgEFBQcwAYYYaHR0cDovL29jc2AudmVyaXNpZ24uY29tMEYGA1UdHwQ/MD0w O6A5oDeGNWh0dHA6Ly9jcmwudmVyaxNpZ24uY29tL0NsYXNzM0ludGVybmF0aW9u YWxTZXJ2ZXIuY3JsMBkGCmCGSAgG+E+f4Nfc3zYJODA5NzMwMTEyMA0GCSqGSIb3 DQEBBAUAA4GBAJ/PsVttmlDkQai5nLeudLceb1F4isXP17B68wXLkIeRu4Novu13
We recommend cheap and reliable webhost to host and run your web applications: Coldfusion Web Hosting services.

Chapter 6 . Securing Linux 235 At this point, it is time to start adding some identifying information to the certificate that the third-party source will later validate. Before you can do this, you must unlock the private key you just created. Do so by typing the password you typed for your pass phrase. Then enter information as you are prompted. An example of a session for adding information for your certificate is shown here: Enter pass phrase for /etc/httpd/conf/ssl.key/server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter . , the field will be left blank. —– Country Name (2 letter code) [GB]:US State or Province Name (full name) [Berkshire]: Connecticut Locality Name (eg, city) [Newbury]: Mystic Organization Name (eg, company) [My Company Ltd]:Acme Marina, Inc. Organizational Unit Name (eg, section) []:InfoTech Common Name (eg, your name or your server s hostname) []:www.acmemarina.com Email Address []: webmaster@acmemarina.com To complete the process, you will be asked if you want to add any extra attributes to your certificate. Unless you have a reason to provide more information, you should simply press Enter at each of the following prompts to leave them blank. Please enter the following extra attributes to be sent with your certificate request A challenge password []: An optional company name []: Signing CSR Signed Once your CSR has been created, you need to send it to a signing authority for validation. The first step in this process is to select a signing authority. Each signing authority has different deals, prices, and products. Check out each of the signing authorities listed in the Using Third-Party Certificate Signers section earlier in this chapter to determine which works best for you. The following are areas where signing authorities differ: . Credibility and stability . Pricing . Browser recognition . Warranties . Support . Certificate strength
Note: In case you are looking for affordable and reliable webhost to host and run your j2ee application check Vision J2ee Web Hosting services.

234 Part II . Running the Show This does not necessarily mean that you are encountering anything illegal, immoral, or fattening. Many sites opt to go with self-signed certificates, not because they are trying to pull a fast one on you, but because there may not be any reason to validate the true owner of the certificate and they do not want to pay the cost of getting a certificate validated. Some reasons for using a self-signed certificate include: . The Web site accepts no input In this case, you as the end user, have nothing to worry about. There is no one trying to steal your information because you aren t giving out any information. Most of the time this is done simply to secure the Web transmission from the server to you. The data in and of itself may not be sensitive, but, being a good netizen, the site has enabled you to secure the transmission to keep third parties from sniffing the traffic. . The Web site caters to a small clientele If you run a Web site that has a very limited set of customers, such as an Application Service Provider, you can simply inform your users that you have no certificate signer. They can browse the certificate information and validate it with you over the phone or in person. . Testing It makes no sense to pay for an SSL certificate if you are only testing a new Web site or Web-based application. Use a self-signed certificate until you are ready to go live. Creating a Certificate Service Request To create a third-party validated SSL certificate, you must first start with a Certificate Service Request (CSR). To create a CSR, do the following on your Web server: # cd /etc/httpd/conf # make certreq umask 77 ; /usr/bin/openssl genrsa -des3 1024 > /etc/httpd/conf/ssl.key/server.key … You will now be asked to enter a password to secure your private key. This password should be at least eight characters long, and should not be a dictionary word or contain numbers or punctuation. The characters you type will not appear on the screen, to prevent someone from shoulder surfing your password. Enter pass phrase: Enter the password again to verify. Verifying - Enter pass phrase: The certificate generation process now begins.
From our experience, we can recommend PHP Web Hosting services, if you need affordable webhost to host and run your web application.

Chapter 6 . Securing Linux 233 trusted third party to vouch for your identity. To ensure that a certificate is immutable, it has to be signed by a trusted third party when the certificate is issued and validated every time an end user taking advantage of your secure site loads it. The following is a list of the trusted third-party certificate signers: . GlobalSign https://www.globalsign.net/ . GeoTrust https://www.geotrust.com/ . VeriSign https://www.verisign.com/ . FreeSSL http://www.freessl.com/ . Thawte http://www.thawte.com/ . EnTrust http://www.entrust.com/ . ipsCA http://www.ipsca.com/ . COMODO Group http://www.comodogroup.com/ Because of the fluid nature of the certificate business, some of these companies may not be in business when you read this, while others may have come into existence. To get a more current list of certificate authorities, from your Mozilla Firefox browser select Edit.Preferences. From the Preferences window that appears, select Advanced.Manage Certificates. From the Certificate Manager window that appears, refer to the Authorities tab to see Certificate Authorities from which you have received certificates. Each of these certificate authorities has gotten a chunk of cryptographic code embedded into nearly every Web browser in the world. This chunk of cryptographic code allows a Web browser to determine whether or not an SSL certificate is authentic. Without this validation, it would be easy for crackers to generate their own certificates and dupe people into thinking they are giving sensitive information to a reputable source. Certificates that are not validated are called self-signed certificates. If you come across a site that has not had its identity authenticated by a trusted third party, your Web browser will display a message similar to the one shown in Figure 6-2. Figure 6-2: A pop-up window alerts you when a site is not authenticated. Note
Looking for affordable and reliable webhost to host and run your business application? Then look no more and go to servlet web hosting services.

232 Part II . Running the Show Now that you re familiar with the basic components, take a look at the tools used to create SSL certificates: # cd /etc/httpd/conf # make This makefile allows you to create: o public/private key pairs o SSL certificate signing requests (CSRs) o self-signed SSL test certificates To create a key pair, run make SOMETHING.key . To create a CSR, run make SOMETHING.csr . To create a test certificate, run make SOMETHING.crt . To create a key and a test certificate in one file, run make SOMETHING.pem . To create a key for use with Apache, run make genkey . To create a CSR for use with Apache, run make certreq . To create a test certificate for use with Apache, run make testcert . Examples: make server.key make server.csr make server.crt make stunnel.pem make genkey make certreq make testcert The make command utilizes the Makefile to create SSL certificates. Without any arguments the make command simply prints the information listed above. The following defines each argument you can give to make: . make server.key Creates generic public/private key pairs. . make server.csr Generates a generic SSL certificate service request. . make server.crt Generates a generic SSL test certificate. . make stunnel.pem Generates a generic SSL test certificate, but puts the private key in the same file as the SSL test certificate. . make genkey Same as make server.key except it places the key in the ssl.key directory. . make certreq Same as make server.csr except it places the certificate service request in the ssl.csr directory. . make testcert Same as make server.crt except it places the test certificate in the ssl.crt directory. Using Third-Party Certificate Signers In the real world, I know who you are because I recognize your face, your voice, and your mannerisms. On the Internet, I cannot see these things and must rely on a
You need excellent and relaible webhost company to host your web applications? Then pay a visit to Inexpensive Web Hosting services.