Configuration
Updated System
- Added Extra Repositories
- RPMForge Yum Repository
- Fedora EPEL Yum Repository
- Configured Yum Priorities & to use our mirror
- Edited
/etc/yum.repos.d/CentOS-Base.repo
# CentOS-Base.repo
#
# This file uses a new mirrorlist system developed by Lance Davis for CentOS.
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#
[base]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
baseurl=http://mirror.clarkson.edu/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=1
exclude=nmap
#released updates
[updates]
name=CentOS-$releasever - Updates
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
baseurl=http://mirror.clarkson.edu/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=1
#packages used/produced in the build but not released
[addons]
name=CentOS-$releasever - Addons
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=addons
baseurl=http://mirror.clarkson.edu/centos/$releasever/addons/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=1
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
baseurl=http://mirror.clarkson.edu/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=1
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
baseurl=http://mirror.clarkson.edu/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=2
#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib
baseurl=http://mirror.clarkson.edu/centos/$releasever/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=2
- Edited
/etc/yum.repos.d/rpmforge.repo
# Name: RPMforge RPM Repository for Red Hat Enterprise 5 - dag
# URL: http://rpmforge.net/
[rpmforge]
name = Red Hat Enterprise $releasever - RPMforge.net - dag
baseurl = http://mirror.clarkson.edu/rpmforge/redhat/el5/en/$basearch/dag
#mirrorlist = http://apt.sw.be/redhat/el5/en/mirrors-rpmforge
#mirrorlist = file:///etc/yum.repos.d/mirrors-rpmforge
enabled = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag
gpgcheck = 1
priority=15
- Edited
/etc/yum.repos.d/epel.repo
[epel]
name=Extra Packages for Enterprise Linux 5 - $basearch
baseurl=http://mirror.clarkson.edu/epel/5/$basearch
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
priority=30
[epel-debuginfo]
name=Extra Packages for Enterprise Linux 5 - $basearch - Debug
baseurl=http://mirror.clarkson.edu/epel/5/$basearch/debug
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-5&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
gpgcheck=1
priority=30
[epel-source]
name=Extra Packages for Enterprise Linux 5 - $basearch - Source
baseurl=http://mirror.clarkson.edu/epel/5/SRPMS
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-5&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
gpgcheck=1
priority=30
- Edited
/etc/yum.repos.d/epel-testing.repo
[epel-testing]
name=Extra Packages for Enterprise Linux 5 - Testing - $basearch
baseurl=http://mirror.clarkson.edu/epel/testing/5/$basearch
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=testing-epel5&arch=$basearch
failovermethod=priority
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
priority=40
[epel-testing-debuginfo]
name=Extra Packages for Enterprise Linux 5 - Testing - $basearch - Debug
baseurl=http://mirror.clarkson.edu/epel/testing/5/$basearch/debug
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=testing-debug-epel5&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
gpgcheck=1
priority=40
[epel-testing-source]
name=Extra Packages for Enterprise Linux 5 - Testing - $basearch - Source
baseurl=http://mirror.clarkson.edu/epel/testing/5/SRPMS
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=testing-source-epel5&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
gpgcheck=1
priority=40
- Disabled Yum FastestMirror since using local mirror
sed -i 's/enabled=1/enabled=0/g' /etc/yum/pluginconf.d/fastestmirror.conf
- Installed Yum Priorities (Note: This must be installed prior to installing the packages below.)
yum install yum-priorities
- Configured Yum Priorities to check for obsoletes
echo "check_obsoletes=1" >> /etc/yum/pluginconf.d/priorities.conf
yum install vim-enhanced gcc emacs-nox screen net-snmp net-snmp-libs net-snmp-perl net-snmp-perl net-snmp-utils net-snmp-devel nmap
yum update
Created User
- Created user mccarrms
/usr/sbin/useradd -m mccarrms
- Set password for mccarrms
Configured Sudo
## Sudoers allows particular users to run various commands as
## the root user, without needing the root password.
## Networking
Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool
## Installation and management of software
Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum
## Services
Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig
## Updating the locate database
Cmnd_Alias LOCATE = /usr/sbin/updatedb
## Storage
Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount
## Delegating permissions
Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp
## Processes
Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall
## Drivers
Cmnd_Alias DRIVERS = /sbin/modprobe
## Shells
Cmnd_Alias SHELLS = /bin/sh, /bin/bash, /usr/bin/rsh, /bin/dash, /bin/rbash, /bin/su
## Users
Cmnd_Alias USERS = /usr/sbin/useradd, /usr/sbin/userdel
Defaults requiretty
Defaults env_reset,tty_tickets,lecture=always,logfile=/var/log/sudo.log
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR \
LS_COLORS MAIL PS1 PS2 QTDIR USERNAME \
LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION \
LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC \
LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS \
_XKB_CHARSET XAUTHORITY"
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
%wheel ALL=(ALL) ALL
%admins ALL=(root) ALL, !SHELLS
Configured Networks
- Configured hostname in
/etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=admin
GATEWAY=128.153.145.1
- Verified eth0 configuration for Clarkson Network in
/etc/sysconfig/network-scripts/ifcfg-eth0
# Xen Virtual Ethernet
DEVICE=eth0
BOOTPROTO=static
DHCPCLASS=
HWADDR=00:16:36:17:47:B5
IPADDR=128.153.145.35
NETMASK=255.255.255.0
ONBOOT=yes
- Verified eth1 configuration for Server Room Network in
/etc/sysconfig/network-scripts/ifcfg-eth1
# Xen Virtual Ethernet
DEVICE=eth1
BOOTPROTO=static
DHCPCLASS=
HWADDR=00:16:36:09:86:84
IPADDR=10.0.1.60
NETMASK=255.255.255.0
ONBOOT=yes
- Verified eth2 configuration for Internal Network in
/etc/sysconfig/network-scripts/ifcfg-eth2
# Xen Virtual Ethernet
DEVICE=eth2
BOOTPROTO=static
DHCPCLASS=
HWADDR=00:16:36:24:48:B6
IPADDR=10.0.0.25
NETMASK=255.255.255.0
ONBOOT=yes
Configured Hosts
127.0.0.1 localhost.localdomain localhost
128.153.145.35 admin.cslabs.clarkson.edu admin.cslabs admin
10.0.1.60 admin.sr.cslabs.clarkson.edu admin.sr.cslabs admin.sr
10.0.0.25 admin.int.cslabs.clarkson.edu admin.int.cslabs admin.int
For security purposes, this information has been intentionally left off.
ALL: ALL
Configured DNS Servers
search cslabs.clarkson.edu clarkson.edu
nameserver 128.153.145.3
nameserver 128.153.145.4
Disabled IP v6
- Appended the following to
/etc/modprobe.conf
install ipv6 /bin/true
- Disabled IP v6 firewall
/sbin/chkconfig ip6tables off
Configured IPtables
Due to the sensitivity of this material, this config file has been left off; however, the following rule is needed.
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
Configured SSH
- Edited
/etc/ssh/sshd_config
Due to the sensitivity of this material, this config file has been left off.
Set Up SSH Login Banner
__ _
___ ____/ /_ _ (_)__
/ _ `/ _ / ' \/ / _ \
\_,_/\_,_/_/_/_/_/_//_/
Configured Password Requirements
MAIL_DIR /var/spool/mail
PASS_MAX_DAYS 360
PASS_MIN_DAYS 0
PASS_MIN_LEN 8
PASS_WARN_AGE 60
UID_MIN 500
UID_MAX 60000
GID_MIN 500
GID_MAX 60000
CREATE_HOME yes
UMASK 077
USERGROUPS_ENAB yes
MD5_CRYPT_ENAB yes
ENCRYPT_METHOD MD5
Added Custom PATH Variables
- Added the following to
/etc/profile
PATH=$PATH:/usr/sbin:/sbin
export PATH
Configured Aliases
#
# Aliases in this file will NOT be expanded in the header from
# Mail, but WILL be visible over networks or from /bin/mail.
#
# >>>>>>>>>> The program "newaliases" must be run after
# >> NOTE >> this file is updated for any changes to
# >>>>>>>>>> show through to sendmail.
#
# Basic system aliases -- these MUST be present.
mailer-daemon: postmaster
postmaster: logwatch@cslabs.clarkson.edu
# General redirections for pseudo accounts.
bin: logwatch@cslabs.clarkson.edu
daemon: logwatch@cslabs.clarkson.edu
adm: logwatch@cslabs.clarkson.edu
lp: logwatch@cslabs.clarkson.edu
sync: logwatch@cslabs.clarkson.edu
shutdown: logwatch@cslabs.clarkson.edu
halt: logwatch@cslabs.clarkson.edu
mail: logwatch@cslabs.clarkson.edu
news: logwatch@cslabs.clarkson.edu
uucp: logwatch@cslabs.clarkson.edu
operator: logwatch@cslabs.clarkson.edu
games: logwatch@cslabs.clarkson.edu
gopher: logwatch@cslabs.clarkson.edu
ftp: logwatch@cslabs.clarkson.edu
nobody: logwatch@cslabs.clarkson.edu
radiusd: logwatch@cslabs.clarkson.edu
nut: logwatch@cslabs.clarkson.edu
dbus: logwatch@cslabs.clarkson.edu
vcsa: logwatch@cslabs.clarkson.edu
canna: logwatch@cslabs.clarkson.edu
wnn: logwatch@cslabs.clarkson.edu
rpm: logwatch@cslabs.clarkson.edu
nscd: logwatch@cslabs.clarkson.edu
pcap: logwatch@cslabs.clarkson.edu
apache: logwatch@cslabs.clarkson.edu
webalizer: logwatch@cslabs.clarkson.edu
dovecot: logwatch@cslabs.clarkson.edu
fax: logwatch@cslabs.clarkson.edu
quagga: logwatch@cslabs.clarkson.edu
radvd: logwatch@cslabs.clarkson.edu
pvm: logwatch@cslabs.clarkson.edu
amanda: logwatch@cslabs.clarkson.edu
privoxy: logwatch@cslabs.clarkson.edu
ident: logwatch@cslabs.clarkson.edu
named: logwatch@cslabs.clarkson.edu
xfs: logwatch@cslabs.clarkson.edu
gdm: logwatch@cslabs.clarkson.edu
mailnull: logwatch@cslabs.clarkson.edu
postgres: logwatch@cslabs.clarkson.edu
sshd: logwatch@cslabs.clarkson.edu
smmsp: logwatch@cslabs.clarkson.edu
postfix: logwatch@cslabs.clarkson.edu
netdump: logwatch@cslabs.clarkson.edu
ldap: logwatch@cslabs.clarkson.edu
squid: logwatch@cslabs.clarkson.edu
ntp: logwatch@cslabs.clarkson.edu
mysql: logwatch@cslabs.clarkson.edu
desktop: logwatch@cslabs.clarkson.edu
rpcuser: logwatch@cslabs.clarkson.edu
rpc: logwatch@cslabs.clarkson.edu
nfsnobody: logwatch@cslabs.clarkson.edu
ingres: logwatch@cslabs.clarkson.edu
system: logwatch@cslabs.clarkson.edu
toor: logwatch@cslabs.clarkson.edu
manager: logwatch@cslabs.clarkson.edu
dumper: logwatch@cslabs.clarkson.edu
abuse: logwatch@cslabs.clarkson.edu
newsadm: news
newsadmin: news
usenet: news
ftpadm: ftp
ftpadmin: ftp
ftp-adm: ftp
ftp-admin: ftp
www: webmaster
webmaster: logwatch@cslabs.clarkson.edu
noc: logwatch@cslabs.clarkson.edu
security: logwatch@cslabs.clarkson.edu
hostmaster: logwatch@cslabs.clarkson.edu
info: postmaster
marketing: postmaster
sales: postmaster
support: postmaster
# trap decode to catch security attacks
decode: logwatch@cslabs.clarkson.edu
# Person who should get roots's mail
root: logwatch@cslabs.clarkson.edu
Disabled Various Kernel Modules
- Added the following to
/etc/modprobe.conf
install pppox /bin/true
install bluetooth /bin/true
install sctp /bin/true
Installed & Configured SNMP
- Installed needed packages
yum install net-snmp ntp
- Configured SNMP Daemon
/etc/snmp/snmpd.conf
rocommunity <passphrase> 127.0.0.1
rocommunity <passphrase> <ipsallowed>
syslocation Clarkson University Applied CS Labs
syscontact Matt McCarrell <mccarrms@gmail.com>
disk /
disk /var
exec timeskew /usr/local/sbin/ntp_check
exec uptime /usr/bin/uptime
- Deployed
ntp_check
script - Copied over
ntp_check
to /usr/local/sbin/
chown root.root /usr/local/sbin/ntp_check
- Configured SNMP to start at specific run levels
/sbin/chkconfig --levels 2345 snmpd on
/etc/init.d/snmpd start
Increased Detail of Logwatch Reports
- Set detail level to be high
echo "Detail = High" >> /etc/logwatch/conf/logwatch.conf
Disabled Unneeded Services
chkconfig nfs off
/etc/init.d/nfs stop
chkconfig nfslock off
/etc/init.d/nfslock stop
chkconfig rpcgssd off
/etc/init.d/rpcgssd stop
chkconfig rpcidmapd off
/etc/init.d/rpcidmapd stop
chkconfig rpcsvcgssd off
/etc/init.d/rpcsvcgssd stop
chkconfig portmap off
/etc/init.d/portmap stop
chkconfig netfs off
/etc/init.d/netfs stop
chkconfig anacron off
/etc/init.d/anacron stop
chkconfig autofs off
/etc/init.d/autofs stop
chkconfig avahi-daemon off
/etc/init.d/avahi-daemon stop
chkconfig avahi-dnsconfd off
/etc/init.d/avahi-dnsconfd stop
chkconfig bluetooth off
/etc/init.d/bluetooth stop
chkconfig hidd off
/etc/init.d/hidd stop
chkconfig cups off
/etc/init.d/cups stop
chkconfig firstboot off
/etc/init.d/firstboot stop
chkconfig gpm off
/etc/init.d/gpm stop
chkconfig haldaemon off
/etc/init.d/haldaemon stop
chkconfig irda off
/etc/init.d/irda stop
chkconfig kudzu off
/etc/init.d/kudzu stop
chkconfig messagebus off
/etc/init.d/messagebus stop
chkconfig microcode_ctl off
/etc/init.d/microcode_ctl stop
chkconfig pcscd off
/etc/init.d/pcscd stop
chkconfig readahead_early off
/etc/init.d/readahead_early stop
chkconfig readahead_later off
/etc/init.d/readahead_later stop
chkconfig ypbind off
/etc/init.d/ypbind stop
Modified Cron Weekly Execution Time
This was done to reduce load spikes that produce Nagios alerts around 4:30 AM every Sunday. In the event that this VM get moved off of
righteous, this should be changed back to the default setting of 4:22 AM.
- Modified the following line in
/etc/crontab
32 5 * * 0 root run-parts /etc/cron.weekly
Installed Apache
yum install httpd mod_ssl openssl-devel php php-devel php-gd php-imap php-ldap php-mysql php-suhosin php-odbc php-pear php-xml php-xmlrpc mysql
- Modified Apache Config
/etc/httpd/conf/httpd.conf
ServerTokens Prod
ServerRoot "/etc/httpd"
PidFile run/httpd.pid
Timeout 30
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
TraceEnable Off
<IfModule prefork.c>
StartServers 5
MinSpareServers 5
MaxSpareServers 10
ServerLimit 50
MaxClients 50
MaxRequestsPerChild 0
</IfModule>
<IfModule worker.c>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>
Listen 80
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule info_module modules/mod_info.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
#LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule version_module modules/mod_version.so
Include conf.d/*.conf
User apache
Group apache
ServerAdmin web-admin@cslabs.clarkson.edu
UseCanonicalName Off
DocumentRoot "/var/www/html"
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
<IfModule mod_userdir.c>
UserDir disable
</IfModule>
DirectoryIndex index.html index.html.var
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
TypesConfig /etc/mime.types
DefaultType text/plain
<IfModule mod_mime_magic.c>
# MIMEMagicFile /usr/share/magic.mime
MIMEMagicFile conf/magic
</IfModule>
HostnameLookups Off
ErrorLog logs/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog logs/access_log combined
ServerSignature Off
Alias /icons/ "/var/www/icons/"
<Directory "/var/www/icons">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<IfModule mod_dav_fs.c>
# Location of the WebDAV lock database.
DAVLockDB /var/lib/dav/lockdb
</IfModule>
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
DefaultIcon /icons/unknown.gif
ReadmeName README.html
HeaderName HEADER.html
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
AddLanguage ca .ca
AddLanguage cs .cz .cs
AddLanguage da .dk
AddLanguage de .de
AddLanguage el .el
AddLanguage en .en
AddLanguage eo .eo
AddLanguage es .es
AddLanguage et .et
AddLanguage fr .fr
AddLanguage he .he
AddLanguage hr .hr
AddLanguage it .it
AddLanguage ja .ja
AddLanguage ko .ko
AddLanguage ltz .ltz
AddLanguage nl .nl
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pl .po
AddLanguage pt .pt
AddLanguage pt-BR .pt-br
AddLanguage ru .ru
AddLanguage sv .sv
AddLanguage zh-CN .zh-cn
AddLanguage zh-TW .zh-tw
LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
ForceLanguagePriority Prefer Fallback
AddDefaultCharset UTF-8
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddHandler type-map var
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
Alias /error/ "/var/www/error/"
<IfModule mod_negotiation.c>
<IfModule mod_include.c>
<Directory "/var/www/error">
AllowOverride None
Options IncludesNoExec
AddOutputFilter Includes html
AddHandler type-map var
Order allow,deny
Allow from all
LanguagePriority en es de fr
ForceLanguagePriority Prefer Fallback
</Directory>
</IfModule>
</IfModule>
#ErrorDocument 404 /error/404.html
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/atom_xml
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/x-httpd-php
AddOutputFilterByType DEFLATE application/x-httpd-fastphp
AddOutputFilterByType DEFLATE application/x-httpd-eruby
AddOutputFilterByType DEFLATE text/html
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
- Disabled
/etc/httpd/conf.d/welcome.conf
#
# This configuration file enables the default "Welcome"
# page if there is no default index page present for
# the root URL. To disable the Welcome page, comment
# out all the lines below.
#
#<LocationMatch "^/+$">
# Options -Indexes
# ErrorDocument 403 /error/noindex.html
#</LocationMatch>
- Configured server so php is not exposed and y2k compliance is off
y2k_compliance = Off
expose_php = Off
memory_limit = 128M
- Disabled
/etc/httpd/conf.d/proxy_ajp.conf
#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
#
# When loaded, the mod_proxy_ajp module adds support for
# proxying to an AJP/1.3 backend server (such as Tomcat).
# To proxy to an AJP backend, use the "ajp://" URI scheme;
# Tomcat is configured to listen on port 8009 for AJP requests
# by default.
#
#
# Uncomment the following lines to serve the ROOT webapp
# under the /tomcat/ location, and the jsp-examples webapp
# under the /examples/ location.
#
#ProxyPass /tomcat/ ajp://localhost:8009/
#ProxyPass /examples/ ajp://localhost:8009/jsp-examples/
- Configured Apache to start on boot
/sbin/chkconfig --levels 345 httpd on
AWStats
Aucun commentaire:
Enregistrer un commentaire