Oracle 8i | Oracle 9i | Oracle 10g | Oracle 11g | Oracle 12c | Miscellaneous | PL/SQL | SQL | Oracle RAC | Oracle Apps | Linux

Linux HTTP and FTP Server Configuration

This article describes the configuration of default HTTP and FTP servers on Linux, with specific reference to the information needed for the RHCSA EX200 certification exam. A separate articles will cover the information required for HTTP server portion of the RHCE EX300 exam.

Remember, the exams are hands-on, so it doesn't matter which method you use to achieve the result, so long as the end product is correct.

Related articles.

HTTP Server

The requirement for the RHCSA exam is very simple. For a more detailed discussion of the HTTP server read the article here.

Issue the following command to install the HTTP server.

# yum install httpd

Make sure the "/etc/hosts" file contains references for the loopback address and the hostname.

127.0.0.1      localhost localhost.localdomain localhost4 localhost4.localdomain4
192.168.122.89 rhce1.localdomain rhce1

Turn on the HTTP server and make sure it starts automatically on reboot.

# service httpd start
# chkconfig httpd on

The HTTP server is now installed and running. The HTTP configuration files are located under the "/etc/httpd" directory, with the main configuration file being the "/etc/httpd/conf/httpd.conf" file. The default document root is "/var/www/html". Any files or directories below this point will be visible using a browser once you configure the firewall.

You need to punch a hole in the firewall for port 80 to make sure the HTTP server can be accessed from the network. There are several ways to do this:

This is all you need to know for the RHCSA exam. The RHCE exam covers the HTTP server in more depth, as described here.

FTP Server

This section covers the File Transport Protocol (FTP) information needed for both the RHCSA and RHCE exams.

FTP Server : Installation

Issue the following command to install the FTP server.

# yum install vsftpd

Turn on the FTP server and make sure it starts automatically on reboot.

# service vsftpd start
# chkconfig vsftpd on

The FTP server is now installed and running. The FTP configuration files are located under the "/etc/vsftpd" directory, specifically the "/etc/vsftpd/vsftpd.conf" file. The default directory for anonymous connections is "/var/ftp". Changes to the "/etc/vsftpd/vsftpd.conf" file have to be followed by a reload or a restart of the httpd service.

# service vsftpd reload
# # OR
# service vsftpd restart

FTP Server : Firewall

You need to punch a hole in the firewall for port 21 to make sure the FTP server can be accessed from the network. There are several ways to do this:

FTP Server : SELinux

If you are using SELinux, you will need to consider the following points.

The SELinux booleans associated with the vsftpd service are displayed using the getsebool command.

# getsebool -a | grep ftpd
allow_ftpd_anon_write --> off
allow_ftpd_full_access --> off
allow_ftpd_use_cifs --> off
allow_ftpd_use_nfs --> off
ftpd_connect_db --> off
ftpd_use_passive_mode --> off
#

The setsebool command is used to set a specific boolean value.

# setsebool ftpd_use_passive_mode on
# setsebool ftpd_use_passive_mode off

The public_content_t context should be assigned to all public content.

# semanage fcontext -a -t public_content_t "/var/ftp(/.*)?"
# restorecon -F -R -v /var/ftp

You can check the current context setting on files and directories using the "ls -alZ" command.

More information on SELinux can be found here.

FTP Server : Security

By default the FTP installation allows anonymous access, which is potentially dangerous. This is fine for the RHCSA exam, but on real servers you would probably want to disable anonymous access. To do this, edit the "/etc/vsftpd/vsftpd.conf" file, setting the "anonymous_enable" entry as follows.

anonymous_enable=NO
local_enable=YES

The "local_enable" options indicates that local user accounts can be used for authentication.

Restart or reload the FTP service for the changes to take effect.

# service vsftpd reload

The RHCE exam has a requirement for configuring an anonymous-only download FTP server. This can be done by setting the following values in the "/etc/vsftpd/vsftpd.conf" file, then restarting the service.

anonymous_enable=YES
anon_upload_enable=NO
local_enable=NO

Controlling access from specific servers can be done using the Linux firewall, as described here.

For more information see:

Hope this helps. Regards Tim...

Back to the Top.