Escolar Documentos
Profissional Documentos
Cultura Documentos
A advertising company want to develop and implements their company web pages. As an IT system
consultant you have develop their web pages. Their requirement was for promoting and publicizing
their company and as facilities for receiving suggestion and feedback from their client.
Task
1.Create a web pages.
2. Create company web contents which include the products information and the services offered by
the company.
3. Creates a suggestion and feedback in the web pages.
Introduction
I with my friend have to develop and implements a company web pages. First we must have a server
that control the web. The specifications for the server is intel processer i3, ram 4 GB DDR3, storage
hard disk up to 10 TB, lan Gigabit LAN. The server operating system is linux Ubuntu.
Web content
Then change the hostname file by opening a terminal window and entering:
sudo su
echo "ubb01.mydomain.local" > /etc/hostname
service hostname restart
exit
Ubuntu has very good reasons why it prefer we do not do this - but this needs to be done at
some point or someone else will.
Open a Terminal Window and enter the following :
sudo gedit /etc/network/interfaces
Replace the content of the file with the following and save :
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.0.2
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
dns-nameservers 192.168.0.1, 8.8.8.8
# IPTable rules
post-up iptables-restore < /etc/iptables.up.rules
# The secondary network interface internal
auto eth1
iface eth1 inet static
address 192.168.1.2
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
Edit the Dnsmasq configuration file by opening a terminal window and entering :
Replace the content of the file with the following and save :
# DNS Settings
server=/localnet/192.168.0.2
server=/#/192.168.0.1
server=/#/8.8.8.8
server=/#/8.8.4.4
# Domain Name
domain=mydomain.local
# Server DNS settings... this is required as the server itself will
# not be obtaining it's IP address via DHCP and therefore would
# not be automatically added to the DNS records for forward/reverse
# DNS queries as required by Kerberos
ptr-record=2.0.168.192.in-addr.arpa.,"ubb01.mydomain.local"
address=/ubb01.mydomain.local/192.168.0.2
NOTE: The setup requires that you have your internet router with a fixed IP address
of 192.168.0.1 connected to your LAN Adaptor #1 (eth0) port with a DNS nameserver running on
the router providing internet access.
NOTE: Your outward facing connection is LAN Adaptor #1 (eth0) with IP 192.168.0.2
NOTE: Your inward facing connection is LAN Adaptor #2 (eth1) with IP 192.168.1.2
6. Reboot and check internet connectivity
Reboot and after reboot make sure you are connected to the internet.
7. Add Ubuntu Partner Software Repositories and update software
Make sure that the Ubuntu Partner Repository is active in your /etc/apt/sources.list file and
uncomment if needed or add them manually below.
Open a terminal window and enter :
sudo su
echo "deb http://archive.canonical.com/ubuntu precise partner" >> /etc/apt/sources.list
echo "deb-src http://archive.canonical.com/ubuntu precise partner" >> /etc/apt/sources.list
exit
If there were any kernel upgrades reboot your system to complete the installation process
before continuing.
8. Install support software
We need to install a bit of supporting software and other essentials. Here goes:
Install Linux Server Kernel headers if you are working with the Ubuntu Desktop edition.
Open a terminal window and enter :
sudo apt-get install linux-headers-server linux-image-server linux-server
Install VIM-NOX to fix VI in Ubuntu - this is optional for command line nerds.
sudo apt-get install vim-nox
Security
sudo apt-get install rkhunter chkrootkit
9. Install and configure transparent proxy cache with reporting - Squid | Sarg
Install Squid.
Open a Terminal Window and enter the following :
sudo apt-get install -y squid3 ccze sarg calamaris
Edit the Squid configuration file by opening a terminal window and entering :
sudo gedit /etc/squid3/squid.conf
Replace the content of the file with the following, adapt according to your network and acl
options and save :
#
# NCSA - ncsa_auth : auth_param section
# uncomment the line below to enable - require username and passwrd authentication
#auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/squid_passwd
#
# ACCESS CONTROLS OPTIONS
# ====================
#
acl QUERY urlpath_regex -i cgi-bin ? .php$ .asp$ .shtml$ .cfm$ .cfml$ .phtml$ .php3$ localhost
acl all src
acl localnet src 192.168.1.0/24 # Your internal network here
acl localhost src 127.0.0.1/32
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 81 3128 1025-65535
acl sslports port 443 563 81 2087 10000
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl ym dstdomain .messenger.yahoo.com .psq.yahoo.com
acl ym dstdomain .us.il.yimg.com .msg.yahoo.com .pager.yahoo.com
acl ym dstdomain .rareedge.com .ytunnelpro.com .chat.yahoo.com
acl ym dstdomain .voice.yahoo.com
acl social dstdomain .facebook.com .twitter.com .skype.com
acl ymregex url_regex yupdater.yim ymsgr myspaceim
# NCSA - uncomment the following two lines to enable username and password authentication
#acl ncsa_users proxy_auth REQUIRED
#http_access allow ncsa_users
# HTTP Access
http_access deny ym
http_access deny ymregex
http_access deny social
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 100
store_avg_object_size 13 KB
#
# HTTP OPTIONS
# ===========
vary_ignore_expire on
#
# ANONIMITY OPTIONS
# ===============
#
request_header_access From deny all
request_header_access Server deny all
request_header_access Link deny all
request_header_access Via deny all
request_header_access X-Forwarded-For deny all
#
# TIMEOUTS
# =======
#
forward_timeout 240 second
connect_timeout 30 second
peer_connect_timeout 5 second
read_timeout 600 second
request_timeout 60 second
shutdown_lifetime 10 second
#
# ADMINISTRATIVE PARAMETERS
# =====================
#
cache_mgr ninja
cache_effective_user proxy
cache_effective_group proxy
httpd_suppress_version_string on
visible_hostname ubb01.mydomain.local
#
ftp_list_width 32
ftp_passive on
ftp_sanitycheck on
#
# DNS OPTIONS
# ==========
#
dns_timeout 10 seconds
dns_nameservers 192.168.0.1 8.8.8.8 8.8.4.4 # DNS Server
#
# MISCELLANEOUS
# ===========
#
memory_pools off
client_db off
reload_into_ims on
coredump_dir /cache
pipeline_prefetch on
offline_mode off
#
#Marking ZPH
#==========
zph_mode tos
zph_local 0x04
zph_parent 0
zph_option 136
### END CONFIGURATION ###
Configure IP Forwarding.
Open a Terminal Window and enter the following :
sudo su
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
echo "net.ipv6.conf.all.forwarding=1" >> /etc/sysctl.conf
exit
Add the following to the /etc/rc.local file BEFORE the exit line
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE
Optional : Username and Password Access Control ( *optional steps from this great Squid
guide)
*You can configure squid to prompt users for a username and
password using ncsa_auth that reads any NCSA-compliant encrypted password file. You can use
the htpasswd program that comes installed with Apache to create your passwords.
sudo touch /etc/squid3/squid_passwd
sudo chmod o+r /etc/squid3/squid_passwd
*Then uncomment the lines in the squid.conf file above to enable NCSA username and
password authentication. (see comments in squid.conf file below. Note there are several options to
enable.)
*To add new users to squid use the htpasswd command (change administrator below for the
username) or use Webmin to add new proxy users:
sudo htpasswd /etc/squid3/squid_passwd administrator
*NOTE: You cannot use the NCSA username and password authentication in combination
with a transparent proxy. So if you do select this option you will need to manualy add 192.168.1.2
(the IP of your internal network adaptor eth1) port 3128 as the http proxy to each client machine
on the network. This is why this option is disabled by default in this setup.
Restart Squid and Networking.
Open a Terminal Window and enter the following :
sudo service squid3 stop
sudo service squid3 start
sudo service networking restart
Optional : Install SquidGuard Blacklist Web Filter Plugin for Squid with this excellent guide
by nixCraft
Optional : Install DansGuardian Dynamic Web Content Filter Plugin for Squid. "It filters the
actual content of pages based on many methods including phrase matching, PICS filtering and URL
filtering. It does not purely filter based on a banned list of sites like lesser totally commercial
filters". To install open a terminal window and enter:
sudo apt-get install dansguardian
Install a DHCP server to act on the internal network and assign IP, cache and routing
information dynamically to users on the network.
You could assign static IP addresses on the network as well but then you would need to
manually configure the proxy and gateway information on each computer or network device.
Open a Terminal Window and enter the following :
We will be using Samba as a standalone server and set-up as per the brilliant instructions
from HowtoForge
Next we need to edit the /etc/samba/smb.conf file to uncomment security = user. You could
use sed and these three lines to do the search and replace via the command line. Double check as
the spaces in the script could change in future config files.
sudo sed 's/# security = user/security = user/g' /etc/samba/smb.conf > /tmp/.smb.conf
sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.backup
sudo mv /tmp/.smb.conf /etc/samba/smb.conf
You should be able to access the allusers folder and login from a client machine with your
administrator username and password at his point by using
smb://ubb01/allusers/
If you have completed step 13. and 14. each user will be able to access their own private home folder
using
smb://ubb01/<username>
Download and install the support software and latest version of Webmin directly from the
website with the commands below .
After installation you will be able to assess webmin via any browser on the network
via https://192.168.0.2:10000 orhttps://ubb01.mydomain.local:10000
Open a Terminal Window and enter the following :
sudo apt-get install webalizer smartmontools vlogger awstats geoip-database
sudo apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch
lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-stringperl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl
Restart Apache :
sudo service apache2 restart
You will be asked which mode to run ProFTP - Run proftpd: Standalone
Edit the file /etc/proftpd/proftpd.conf
sudo gedit /etc/proftpd/proftpd.conf
The edit the /etc/proftpd/tls.conf file and add this to the end and save:
<IfModule mod_tls.c>
TLSEngine
on
TLSLog
/var/log/proftpd/tls.log
TLSProtocol
SSLv23
TLSOptions
NoCertRequest AllowClientRenegotiations
TLSRSACertificateFile /etc/proftpd/ssl/proftpd.cert.pem
TLSRSACertificateKeyFile /etc/proftpd/ssl/proftpd.key.pem
TLSVerifyClient
off
TLSRequired
off
</IfModule>
Then open ports for various servers and services running on the server.
Enter one at a time from a terminal window to add the rules, or use gufw to open the ports :
sudo ufw allow 21/tcp # ftp
sudo ufw allow 22/tcp # ssh
sudo ufw allow 25/tcp # smtp
sudo ufw allow 53/tcp # domain
sudo ufw allow 80/tcp # http
sudo ufw allow 110/tcp # pop3
sudo ufw allow 139/tcp # netbios-ssn samba
sudo ufw allow 143/tcp # imap
sudo ufw allow 443/tcp # https
sudo ufw allow 445/tcp # microsoft-ds samba
sudo ufw allow 631/tcp # cups
sudo ufw allow 993/tcp # imaps
sudo ufw allow 995/tcp # pop3s
sudo ufw allow 3128/tcp # squid-http
sudo ufw allow 3306/tcp # mysql
sudo ufw allow 4190/tcp # SOGo sieve
sudo ufw allow 5900/tcp # x11vnc
sudo ufw allow 8800/tcp # DAV
sudo ufw allow 10000/tcp # webmin
sudo ufw allow 10024/tcp # smtp amavis
sudo ufw allow 11211/tcp # memcached
After reboot make sure that ufw is loaded. Open a terminal window and enter :
sudo ufw status
SOGo is a very impressive open source groupware project, with many features and options to
enable mail, contact and calendar sharing support.
Complete setup of SOGo currently falls beyond the scope of this guide due to the vast
configuration options available.
The installation instructions presented here are very specific for using MySQL as database
for SOGo and as an User Source.
Complete documentation available on the SOGo website. And this good SOGo Debian
Wiki guide which these instructions are based on.
Start by adding the software source and install. Open a terminal window and enter:
sudo apt-key adv --keyserver keys.gnupg.net --recv-key 0x810273C4
sudo su
echo "deb http://inverse.ca/ubuntu precise precise" >> /etc/apt/sources.list
exit
sudo apt-get update
sudo apt-get install sogo sope4.9-gdl1-mysql memcached rpl
Ignore all installation errors and fix some things with the commands below:
sudo rpl 'SHOWWARNING=true' 'SHOWWARNING=false' /etc/tmpreaper.conf # suppress tmpreaper
warnings
sudo rpl '127.0.0.1' localhost /etc/memcached.conf # Fix IPv6 errors
sudo service mysql restart
sudo service memcached restart
Setup the SOGo MySQL database and add some demo users. Change sogopasswd for your
sogo user password:
sudo mysql -u root -p mysql
mysql> CREATE DATABASE `sogo` CHARACTER SET='utf8';
mysql> CREATE USER 'sogo'@'localhost' IDENTIFIED BY 'sogopasswd';
mysql> GRANT ALL PRIVILEGES ON `sogo`.* TO 'sogo'@'localhost' WITH GRANT OPTION;
mysql> USE sogo;
mysql> CREATE TABLE sogo_users (c_uid VARCHAR(60) PRIMARY KEY, c_name
VARCHAR(60), c_password VARCHAR(32), c_cn VARCHAR(128), mail VARCHAR(128));
mysql> INSERT INTO sogo_users VALUES ('paul', 'paul', MD5('zxc'), 'Paul Example',
'paul@mydomain.com');
mysql> INSERT INTO sogo_users VALUES ('piet', 'piet', MD5('zxc'), 'Piet Jansen',
'piet@mydomain.com');
mysql> FLUSH PRIVILEGES;
mysql> quit
Restart Apache
sudo service apache2 restart
Create the SOGo Configuration File changing details according to your setup.
After entering the configuration settings below the complete SOGo configuration file, is
located in/home/sogo/GNUstep/Defaults/.GNUstepDefaults
sudo su sogo
defaults write sogod SOGoTimeZone "Africa/Johannesburg"
defaults write sogod SOGoMailDomain "mydomain.local"
defaults write sogod SOGoLanguage English
defaults write sogod SOGoAppointmentSendEMailNotifications YES
defaults write sogod SOGoFoldersSendEMailNotifications YES
defaults write sogod SOGoACLsSendEMailNotifications YES
defaults write sogod SOGoLoginModule Calendar
defaults write sogod SOGoSieveScriptsEnabled YES
# sometimes Sieve is running on port 2000, port 4190 is relative new:
defaults write sogod SOGoSieveServer sieve://localhost:4190
defaults write sogod SOGoVacationEnabled YES
defaults write sogod SOGoMailMessageCheck every_5_minutes
defaults write sogod SOGoFirstDayOfWeek 1
defaults write sogod SOGoSuperUsernames '( "admin" )'
# MySQL defaults
defaults write sogod OCSFolderInfoURL
"mysql://sogo:sogopasswd@127.0.0.1:3306/sogo/sogo_folder_info"
defaults write sogod SOGoProfileURL
"mysql://sogo:sogopasswd@127.0.0.1:3306/sogo/sogo_user_profile"
defaults write sogod OCSSessionsFolderURL
"mysql://sogo:sogopasswd@127.0.0.1:3306/sogo/sogo_sessions_folder"
# Set MySQL authentication Usersources
defaults write sogod SOGoUserSources '({canAuthenticate = YES;
displayName = "SOGo Users";
id = users;
isAddressBook = YES;
type = sql;
userPasswordAlgorithm = md5;
viewURL ="mysql://sogo:sogopasswd@127.0.0.1:3306/sogo/sogo_users";
})'
# Use SMTP
defaults write sogod SOGoMailingMechanism smtp
defaults write sogod SOGoSMTPServer localhost
#IMAP config
defaults write sogod SOGoDraftsFolderName Drafts
defaults write sogod SOGoSentFolderName Sent
defaults write sogod SOGoTrashFolderName Trash
defaults write sogod SOGoIMAPServer localhost
exit
Restart SOGo
sudo service sogo restart
<VirtualHost *:80>
ServerName sogo.mydomain.local
ServerAlias sogo.local
DocumentRoot /usr/lib/GNUstep/SOGo/WebServerResources/
ErrorLog /var/log/apache2/error.log
Customlog /var/log/apache2/access.log combined
ServerSignature Off
Alias /SOGo.woa/WebServerResources/ /usr/lib/GNUstep/SOGo/WebServerResources/
Alias /SOGo/WebServerResources/ /usr/lib/GNUstep/SOGo/WebServerResources/
AliasMatch /SOGo/so/ControlPanel/Products/(.*)/Resources/(.*) /usr/lib/GNUstep/SOGo/
$1.SOGo/Resources/$2
<Directory /usr/lib/GNUstep/SOGo/>
AllowOverride None
Order deny,allow
Allow from all
</Directory>
<LocationMatch "^/SOGo/so/ControlPanel/Products/.*UI/Resources/.*\.(jpg|png|gif|css|js)">
SetHandler default-handler
</LocationMatch>
ProxyRequests Off
SetEnv proxy-nokeepalive 1
ProxyPreserveHost On
ProxyPass /SOGo http://127.0.0.1:20000/SOGo retry=0
<Proxy http://127.0.0.1:20000/SOGo>
RequestHeader set "x-webobjects-server-port" "80"
RequestHeader set "x-webobjects-server-name" "sogo.mydomain.local"
RequestHeader set "x-webobjects-server-url" "http://sogo.mydomain.local"
RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0"
RequestHeader set "x-webobjects-remote-host" %{REMOTE_HOST}e env=REMOTE_HOST
AddDefaultCharset UTF-8
Order allow,deny
Allow from all
</Proxy>
## We use mod_rewrite to pass remote address to the SOGo proxy.
# The remote address will appear in SOGo's log files and in the X-Forward
# header of emails.
RewriteEngine On
RewriteRule ^/SOGo/(.*)$ /SOGo/$1 [env=REMOTE_HOST:%{REMOTE_ADDR},PT]
Redirect permanent /index.html http://sogo.mydomain.local/SOGo
</VirtualHost>
<VirtualHost *:8800>
# this virtualhost is only for carddav on Mac and not tested very well
RewriteEngine Off
ProxyRequests Off
SetEnv proxy-nokeepalive 1
ProxyPreserveHost On
ProxyPassInterpolateEnv On
ProxyPass /principals http://127.0.0.1:20000/SOGo/dav/ interpolate
ProxyPass /SOGo http://127.0.0.1:20000/SOGo interpolate
ProxyPass / http://127.0.0.1:20000/SOGo/dav/ interpolate
<Location />
Order allow,deny
Allow from all
</Location>
<Proxy http://127.0.0.1:20000>
RequestHeader set "x-webobjects-server-port" "8800"
RequestHeader set "x-webobjects-server-name" "sogo.mydomain.local:8800"
RequestHeader set "x-webobjects-server-url" "https://sogo.mydomain.local:8800"
RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0"
RequestHeader set "x-webobjects-remote-host" "127.0.0.1"
AddDefaultCharset UTF-8
</Proxy>
ErrorLog /var/log/apache2/error.log
Customlog /var/log/apache2/access.log combined
</VirtualHost>
You should be able to login to SOGo web interface with you demo users credentials.
Open a browser and go to:
http://ubb01.mydomain.local/SOGo OR http://sogo.mydomain.local/SOGo