Guruhowtos

the next step is to limit the Apache processes’ access to the filesystems. The chrooting technique was described in detail in the previous article, so at this point we will simply create a directory structure for our new Apache:
 

mkdir -p /chroot/httpd/dev
mkdir -p /chroot/httpd/etc
mkdir -p /chroot/httpd/var/run
mkdir -p /chroot/httpd/usr/lib
mkdir -p /chroot/httpd/usr/libexec
mkdir -p /chroot/httpd/usr/local/apache2/bin
mkdir -p /chroot/httpd/usr/local/apache2/lib
mkdir -p /chroot/httpd/usr/local/apache2/logs/www.ebank.lab
mkdir -p [...]

Before running Apache for the first time, we also need to modify the Apache configuration file. We need to do this because the default configuration file uses modules that we disabled, and without modifications Apache will not run.
Thus, we must remove the /usr/local/apache2/conf/httpd.conf file and create a new httpd.confin its place, with the following content:
 

# =================================================
# Basic settings
# [...]

In this step we will configure, compile, and install the Apache web server as follows:
 

./configure \
–prefix=/usr/local/apache2 \
–with-mpm=prefork \
–disable-charset-lite \
–disable-include \
–disable-env \
–disable-setenvif \
–disable-status \
–disable-autoindex \
–disable-asis \
–disable-cgi \
–disable-negotiation \
–disable-imap \
–disable-actions \
–disable-userdir \
–disable-alias \
–disable-so
make
su
umask 022
make install
chown -R root:sys /usr/local/apache2
 

After Apache is installed, we should make sure that only the following modules are enabled:
 

/usr/local/apache2/bin/httpd -l
Compiled in modules:
core.c
[...]

After the Apache source code is unpacked, we must choose which modules will remain enabled, and which will be removed. A short description of all modules available in Apache 2.0 can be found at http://httpd.apache.org/docs-2.0/mod/.
To fulfill the functionality and security requirements assumed at the beginning of this article, we will compile only the following modules:
 

Module’s name

Description

core
The [...]

One aspect of Apache which is occasionally misunderstood is the feature of default access. That is, unless you take steps to change it, if the server can find its way to a file through normal URL mapping rules, it can serve it to clients.
For instance, consider the following example:

# cd /; ln -s / public_html
Accessing http://localhost/~root/

This [...]

Creating the database is the easy part, but at this point it’s empty, as SHOW TABLES tells you:
mysql> SHOW TABLES;
Empty set (0.00 sec)
The harder part is deciding what the structure of your database should be: what tables you need and what columns should be in each of them.
You want a table that contains a record for each [...]

To run a really tight ship, you’ll want to stop users from setting up .htaccess files which can override security features you’ve configured. Here’s one way to do it.
In the server configuration file, put
<Directory />
AllowOverride None
</Directory>

This prevents the use of .htaccess files in all directories apart from those specifically enabled.

In typical operation, Apache is started by the root user, and it switches to the user defined by the User directive to serve hits. As is the case with any command that root executes, you must take care that it is protected from modification by non-root users. Not only must the files themselves be writeable only by [...]

If the administrator creates your database for you when setting up your permissions, you can begin using it. Otherwise, you need to create it yourself:
mysql> CREATE DATABASE menagerie;
Under Unix, database names are case sensitive (unlike SQL keywords), so you must always refer to your database as menagerie, not as Menagerie,MENAGERIE, or some other variant. This is also [...]

Once you know how to enter commands, you are ready to access a database.
Suppose that you have several pets in your home (your menagerie) and you would like to keep track of various types of information about them. You can do so by creating tables to hold your data and loading them with the desired [...]