Install an SSL Certificate on Red Hat Linux Apache Server

Red Hat Linux Apache Server is world’s top most enterprise Linux Platform. It is fast, reliable and capable to create a secure environment that helps IT leaders to scale their business.

To secure your Red Hat Linux Apache server, you need to install an SSL certificate on it. Here is an easy-to-follow, stepwise installation procedure:

Install SSL certificate on Red Hat Linux Apache Server

Step 1: Download and extract the certificate files

Once you complete the process of SSL certificate issuance, the Certificate Authority (CA) will send you an email attached with a *.zip file. This *.zip file contains all your certificates.

Download it and extract all the certificate files onto the hard-drive or on your server directory.

Step 2: Copy the certificate into file

Open your certificate file with any text editor and copy its contents. Please make sure you include the tags ‘Begin Certificate’ and ‘End Certificate’.

“ -------BEGIN CERTIFICATE--------

         Cryptographic Data

---------END CERTIFICATE----------- “

Now paste it into an appropriate file (yourdomain.crt).

Next, you need to copy this file in to your server directory where you intend to save all your certificates. For example –/yourdomain/httpd/conf/ssl.crt/.

Note 1: The locations used here in this installation procedure (as mentioned below), are for illustration purpose only.

/yourdomain/httpd/conf/ssl.crt/ - All the certificates are stored here.

/yourdomain/httpd/conf/ssl.key/ - Here, the server’s private keys are stored.

/yourdomain/httpd/conf/ca-bundle/ - All the bundle files by certificate authority are stored here.

Note 2: It is mandatory to create a directory containing private key file, which is only readable by root.

Step 3: Install CA Certificate

In order for the web server to use the SSL certificate properly, you need to install the CA certificates. However, Apache users need not install these certificates individually. Alternatively, they can install the CA certificates by using the ‘bundle’ method.

In the Virtual Host Setting section, you need to perform the following steps:

• Copy the PEM formatted Bundled CA file onto the directory location, where all your CA bundle files are saved.
• Now open your httpd.config file with any text editor
• Next, in the ‘SSL section’ of your .config file, you need to copy the following piece of code: SSLCACertificateFile /yourdomain/httpd/conf/ssl.crt/ca-chain-pem.txt

Note 3: To reflect your server, you need to change the location and the file name based on your certificate file names and location.

Now, the updated SSL section of httpd.config file should look read similar to the example mentioned below:

SSLCertificateFile /yourdomain/httpd/conf/ssl.crt/server.crt

SSLCertificateKeyFile /yourdomain/httpd/conf/ssl.key/server.key

SSLCACertificateFile / yourdomain /httpd/conf/ssl.crt/ca-chain-pem.txt 

Finally, you need to save httpd.config file and restart Apache.

With this step, your SSL certificate is now installed on the Red Hat Linux Apache Server.

DDOS attack prevention in linux servers

A distributed denial-of-service (DDoS) attack is one in which a bunch of compromised systems attack the target machine/server, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.

The most common method of attack is to send a mass saturation of requests for external communication to the target server. These systems are flooded with requests for information from non-users, and often non-visitors to the website. The goal of this attack is to create a large enough presence of false traffic such that legitimate web traffic intended for actual web users is slowed down and delayed. If this type of service becomes too slow, time sensitive information such as live video footage may be rendered entirely useless to legitimate end users.

Denial of service attacks can be problematic, especially when they cause large websites to be unavailable during high-traffic times. Fortunately, security software has been developed to detect DoS attacks and limit their effectiveness or some basic linux commands to be executed to find the if the server is under DDOS attack.

There is one quick linux command via which you can check and confirm if your server is under DDOS attack or not.

netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

One important thing that you should check is the number of active connections that your server currently has, this can be found from the command shown below and the output value should be less than 500.

netstat -n | grep :80 |wc -l

The above command will show the active connections that are open to your server.

netstat -n | grep :80 | grep SYN |wc -l

There are many attackers present who typically start attack by starting a connection to the server and then do not send an acknowledgement making the server wait till it times out. Result of active connections from the first command will vary but if it shows connections  more than 500, then you will be definitely having attacks against the server. If the result after you ran the second command is 100 or above then you are having problems with sync attack.

You can even block a particular IP on your server. If you wish to block a particular IP on you server, you can use the following command

route add ipaddress reject

Here is one example of how to block a particular IP on the server
for example:

 route add 110.125.12.23 reject

Once you block a paricular IP on the server, you can even crosscheck if the IP is blocked or not by using the following command.

route -n |grep IPaddress

You can also block a IP with iptables on the server by using the following command.

iptables -A INPUT 1 -s IPADRESS -j DROP/REJECT
 service iptables restart
 service iptables save

After running the above command, KILL all httpd connection and than restart httpd service by using following command:

killall -KILL httpd
 service httpd startssl

SynFlood Attack

To test syn flood attack use the hping command which is used for testing firewall rules. When attack starts you will see something as follows in /var/log/messages log file.

possible SYN flooding on port 80. Sending cookies.

hping can be run as follows (see man page for more info)

hping -i u1 -S -p 80 x.x.x.x

Syn Flood Protection:

You can turn on syncookies proection for SYN flood attack by adding the following line to /etc/sysctl.conf:

net.ipv4.tcp_syncookies = 1

How To Install MySql in CentOS !

Installing mysql on CentOS, is easy, as 1,2,3. Though i wouldnt say this will be as easy as windows’s installation.

In this short tutorial i will explain how to do it, via console, as most servers dont have GUI installed. And preassumeably, you are login as root and have active internet connection.

• 
  
• Get installation package: to get mysql installation package easy (CentOS has yum repository manager). Just type yum install mysql-server on your CentOS’s console.

Type y, and let Yum do its job, until below screen appear.

• 
  
• Make sure mysql is started by typing /etc/init.d/mysql start

• 
  
• run mysql_secure_installation to set credential and security for your mysql, and enter your current root password, you can leave it blank because we havent set it up yet. And follow instructions on the screen.
  • 
    
  • Set root password? [Y/n]: fill with Y if you want to set root password for your mysql. Root password is the top level access for your mysql, so be wise in use it. And dont forget the password.
  • Remove anonymous users? [Y/n]: By default, mysql has anonymous user account that can be used by anyone to log into mysql without having user account. Remove anonymous user in production, meanwhile in development is up to you.
  • Disallow root login remotely? [Y/n]: If you want root can be accessed from remote computer, you have to set it with n. By allowing root login remotely, your root account can be accessed from any computer that connected with your mysql machine.
  • Remove test database and access to it [Y/n]: By default, mysql has database named ‘test’ that used only for testing purpose. You can remove it safely because it has no effect to your mysql system.
  • Reload privilege tables now? [Y/n]: Fill with Y if you want to reload your privilege that had been set up immediately.

• 
  
• run mysql_install_db to adjust your mysql system tables.

• 
  
• Setting CentOS firewall. After your mysql has been installed on your machine, now the last step you have to do is giving firewall privilege to your mysql port, so it can be accessed from remote machine. Of course you have to do it, because in many cases i believe you wont access your mysql directly from your machine. To do this, on your CentOS Console, type setup and you will have below screen.

Choose Firewall configuration and Run Tool to get into Firewall configuration window.

Choose Customize, and fill Other ports with 3306 (default mysql port). And press OK.

Voila, your mysql has been set up, and please let me know if you have any problem installing it.

Import messages into Windows Mail from Outlook Express

When you upgrade a computer running Windows XP to Windows Vista, Windows automatically imports any messages and contacts you have in Outlook Express to Windows Mail. (Outlook Express has been replaced in Windows Vista by Windows Mail.)

If you are not upgrading but want to transfer your Outlook Express messages to a computer running Windows Vista, then you need to transfer the messages manually or use Windows Easy Transfer.

If you are just transferring Outlook Express messages (and not all your other files and settings) from a computer running Windows XP, you may find it easier to use the manual method described here.

On the computer running Windows XP, do the following:

1. The folder that contains the Outlook Express messages is marked as a hidden folder in Windows. To view this hidden folder, click Start, and then click Control Panel. Click Appearance and Themes, and then click Folder Options. Click the View tab, and under Hidden files and folders, click Show hidden files and folders.

2. Locate the folder named Outlook Express. In Windows XP, this folder is located here by default: C:\Documents and Settings\your user name\Local Settings\Application Data\Identities\{your Windows user identity number}\Microsoft\Outlook Express.

3. Copy the Outlook Express folder and all its contents to the Documents folder on the computer running Windows Vista. (You can store this copy of the Outlook Express folder in a location other than the Documents folder, as long as you remember where to find it.) For information about how to copy a folder, see Copy files to another computer.

On the computer running Windows Vista, do the following:

1. Open Windows Mail by clicking the Start button , clicking All Programs, and then clicking Windows Mail.

2. Click the File menu, point to Import, and then click Messages.

3. Click Microsoft Outlook Express 6, and then click Next.

4. Make sure Import mail from an OE6 store directory is selected, and then click OK.

5. Click Browse, find the Outlook Express folder you copied to this computer, and then click the folder once to select it. (Do not open the folder when you select it.)

6. Click Select Folder, and then click Next.

7. Click All folders to import all the folders, or click Selected folders and select which message folders you want to import, and then click Next.

8. Click Finish.

Notes

• The Windows user identity number is different for every user. It will be inside brackets and look similar to this sample number: {8389CA60-ED34-11DB-95EE-10AE55D89593}

• If Windows XP is installed on another hard disk location other than your C: drive, use that drive letter instead of C: when searching for your Outlook Express folder.

• Outlook Express stores your messages in a folder that contains several different .dbx files. These files (folders.dbx, inbox.dbx, outbox.dbx) contain all your messages. Windows Mail cannot import any of these files individually; you must import the entire Outlook Express folder.

• If Windows Mail is unable to import your messages, make sure none of the files in the Outlook Express folder are marked Read only. Open the folder, select all the files, right-click them, click Properties, and make sure the Read only check box is cleared.

• Windows Mail cannot import messages from IMAP or HTTP e-mail accounts, even if those messages were stored in Outlook Express. For information about these e-mail types, see POP3, SMTP, and other e‑mail server types. Windows Mail also cannot import any newsgroup messages you may have had stored in Outlook Express.

Troubleshoot problems with Windows Mail

If you are having trouble configuring your e‑mail accounts with Windows Mail, you might consider using Windows Live Mail instead. All you need to do is enter your e‑mail address and Windows Live Mail will automatically enter the correct settings for e‑mail servers used by many popular e‑mail services, including Windows Live Hotmail, Yahoo!, AOL, and Gmail.
Windows Live Mail includes the familiar features of Outlook Express, the mail program included in Windows XP, and Windows Mail, the mail program included in Windows Vista. To download Windows Live Mail, go to the Windows Live Mail website.
Here are solutions to some common issues with Windows Mail.

You don't know how to set up Windows Mail for my e‑mail account.

Windows Mail allows you to send and receive messages from one or more e‑mail accounts. You can set up Windows Mail to work with many types of providers, from the biggest, most popular e‑mail services all the way down to the smallest Internet service provider (ISP).
Managing multiple e‑mail accounts is simplified because each account in Windows Mail is organized in its own folder. You can check for messages from all your e‑mail accounts at once by clicking a single button. But first, you'll need to set up each e‑mail account one at a time in Windows Mail.
Before you set up Windows Mail, start by collecting the following information for each e‑mail account. You will need to enter this information during the setup process:
Your e‑mail address and password.
The type of e‑mail server your e‑mail service uses.
The address of the incoming and outgoing e‑mail servers used by your e‑mail provider.
Most people know their e‑mail addresses and passwords, but many get confused when asked to enter information about e‑mail servers. Your e‑mail provider should be able to give you this information.
Here are the addresses of the incoming and outgoing e‑mail servers for some of the most popular e‑mail services:
Yahoo!: pop.mail.yahoo.com (incoming server) and smtp.mail.yahoo.com (outgoing server)
AOL: imap.aol.com (incoming server) and smtp.aol.com (outgoing server)
Gmail: pop.gmail.com (incoming server) and smtp.gmail.com (outgoing server)

If you are having trouble configuring your e‑mail accounts with Windows Mail, you might consider using Windows Live Mail instead. All you need to do is enter your e‑mail address and Windows Live Mail will automatically enter the correct settings for e‑mail servers used by many popular e‑mail services, including Windows Live Hotmail, Yahoo!, AOL, and Gmail. To download Windows Live Mail, go to the Windows Live website.
Once you have collected the required information for each e‑mail account, you can start setting up Windows Mail. Here’s how to add an e‑mail account in Windows Mail:
Open Windows Mail by clicking the Start button , clicking All Programs, and then clicking Windows Mail.
Click the Tools menu, and then click Accounts.
Click Add.

After you click Add on the Internet Accounts screen, Windows Mail will ask what type of account you want to add
Click E‑mail Account, click Next, and then follow the instructions.
After you have entered all the information for one e‑mail account, repeat the process for each e‑mail account you want to set up.

You can't receive e‑mail.

There are several possibilities for this issue:

Ensure that your computer is properly set up to connect to the Internet by starting your web browser and trying to open a webpage. If you can't connect to the webpage, your Internet connection might not be working properly. For information about resolving Internet connection difficulties.

If this is your first time trying to receive e‑mail from this e‑mail account on this computer, Windows Mail might not be properly set up to access your account. You should check your e‑mail account properties to ensure that your account information is correct.

To verify your e‑mail account information

Open Windows Mail by clicking the Start button , clicking All Programs, and then clicking Windows Mail.

Click the Tools menu, and then click Accounts.

Under Mail, click your e‑mail account, and then click Properties.

Click the Servers tab. Check that the various entries under Server Information and Incoming Mail Server match the account information from your e‑mail provider.

Note

If all of your account information is correct, your password authentication settings might be incorrect. Select the Log on using Secure Password Authentication check box, or, if the check box is already selected, clear it.

After making changes, click OK, and then click Close to close the Internet Accounts dialog box.

Click Send/Receive to try to retrieve your e‑mail again.

If your account information is correct and you still can't send or receive e‑mail, you might need to set Windows Mail to use a secure connection to your e‑mail server.

To enable a secure connection to your e‑mail server

Open Windows Mail by clicking the Start button , clicking All Programs, and then clicking Windows Mail.

Click the Tools menu, and then click Accounts.

Under Mail, click your e‑mail account, and then click Properties.

Click the Advanced tab.

If you're having problems receiving e‑mail, under Incoming mail, select the This server requires a secure connection (SSL) check box.

If you're having problems sending e‑mail, under Outgoing mail, select the This server requires a secure connection (SSL) check box.

Note

If the setup information from your e‑mail provider states that you need to change the port numbers for a secure connection, enter the port numbers provided by your e‑mail provider in the Incoming mail box for the incoming port, and the Outgoing mail box for the outgoing port.

To close the Internet Accounts dialog box after making changes, click OK, and then click Close.

Click Send/Receive to try to retrieve your e‑mail again.

If you're connected to a corporate network, the company's firewall could be blocking access to your e‑mail provider. Check with your system administrator to see if your firewall settings can be adjusted, or if firewall client software is available that will allow you to access your e‑mail.

You can receive, but not send, e‑mail messages.

If you can successfully receive e‑mail messages, but can't send messages, then Windows Mail is having problems connecting to the outgoing e‑mail server that's used to send messages. These are likely possibilities:

If you've never been able to send e‑mail successfully using Windows Mail, your e‑mail account is probably not set up properly. First, follow the steps to verify your e‑mail account information in the "I can't receive e‑mail" section of this help topic. If you verify that your e‑mail account information is entered properly, you might need to change your authentication settings so that when sending mail, you sign in using your e‑mail user name and password. Check with your e‑mail provider to see if it requires authentication for sending e‑mail.

To use authentication when sending e‑mail

Open Windows Mail by clicking the Start button , clicking All Programs, and then clicking Windows Mail.

Click the Tools menu, and then click Accounts.

Under Mail, click your e‑mail account, and then click Properties.

Click the Servers tab, and then, under Outgoing Mail Server, select the My server requires authentication check box.

If the account information that you use to send e‑mail is not the same information that you use to receive messages, click Settings, click Log on using, and then enter the user name and password that you use to send e‑mail.

Many Internet service providers (ISPs) require you to be directly connected to their network to use their outgoing e‑mail servers. If you're using a mobile PC and connect to the Internet using a different ISP (such as when using a wireless connection in a hotel), you might be able to receive, but not send, e‑mail. Some ISPs will allow you to send e‑mail when connected to a different provider if you use authentication when sending. Follow the previous steps to use authentication when sending e‑mail. If your ISP doesn't allow this, you'll need to find out the name of the outgoing mail server for the ISP you're currently using, and then change the settings in Windows Mail to use it.

To change the outgoing mail server settings

Open Windows Mail by clicking the Start button , clicking All Programs, and then clicking Windows Mail.

Click the Tools menu, and then click Accounts.

Under Mail, click your e‑mail account, and then click Properties.

Click the Servers tab, and then enter the new mail server in the Outgoing Mail (SMTP) box.

If the new outgoing mail server requires authentication, under Outgoing Mail Server, select the My server requires authentication check box.

Click Settings, click Log on using, and then enter the user name and password for the outgoing mail server.

You can't view or save an attached file.

Windows Mail blocks access to certain types of attachments that can potentially be harmful to your computer.

If you receive an attached file that is not blocked but will not open, you probably need to install a program capable of opening the file. This can occur if someone sends you a file by e‑mail. Ask the sender what program opens the file and how you can install it.

The links don't work in a message I received.

If Windows Mail determines that a message might be a phishing e‑mail, it blocks access to all links in that message. If you're certain that the message is legitimate and you want to enable links in the message, open the message, and then, on the Information bar, click Unblock to enable links in the message.

 

You don't understand the difference between Windows Mail, Windows Live Mail, and Outlook Express.

Windows Mail is the mail program included in Windows Vista. Outlook Express is the mail program included in Windows XP. Windows Live Mail includes the familiar features of both Windows Mail and Outlook Express, plus other features, including the ability to automatically enter the correct settings for e‑mail servers used by many popular e‑mail services.

Windows Live Mail is not included in Windows Vista or Windows XP. Download Windows Live .

You have messages in my Outbox and I don't know how to send or delete them.

If a message stays in your Outbox after you have clicked Send/Receive, then Windows Mail is unable to send it. This could be due to an invalid e‑mail address for the recipient or a problem with your e‑mail account settings. For information on how to fix your account settings, see the section above titled I can't receive e‑mail.

Double-check that you typed the correct e‑mail address for the recipient. A valid e‑mail address consists of a user name, the @ sign, and the name of the ISP or web-based e‑mail provider—for example, someone@example.com.

If you still can't figure out why you are unable to send a message from your Outbox, try creating a new one to the same recipient and deleting the old one. To delete a message from your Outbox, right click the message and then click Delete.

You can't check spelling in my messages.

Before you can check the spelling in a message, you must select the language you want to use.

To set the language for the spelling checker

Open Windows Mail by clicking the Start button , clicking All Programs, and then clicking Windows Mail.

Click the Tools menu, click Options, and then click the Spelling tab.

Under Language, in the drop-down list, click the language you want to use (English, French, German, or Spanish).

Click Apply, and then click OK.

Note

Although English is displayed as the default language, you must select it if you want to use it.

When You click an e‑mail link in my web browser, it opens another e‑mail program instead of Windows Mail.

This means that another program is set as the default e‑mail program. If you want the message to open in Windows Mail instead, you need to set Windows Mail as the default e‑mail program.
To set Windows Mail as the default e‑mail program
Open Windows Mail by clicking the Start button , clicking All Programs, and then clicking Windows Mail.
Click the Tools menu, and then click Options.
Click Make Default next to This application is NOT the default Mail handler. If the Make Default button is not available, then Windows Mail is already set as your default e‑mail program.

When You search for e‑mail, not all of the messages matching my search show up in the results.

When Windows Mail downloads a message, it immediately adds the e‑mail addresses and message title to the search index. However, the body of the message is indexed along with all of your other Windows files, and might not be added to the index immediately. Wait a few minutes and try your search again. For more information on how Windows indexes files,

Also, Windows Mail searches only the currently selected folder for messages. For example, if you select the Sent Items folder, messages in the Inbox, Outbox, and other folders won't be included in the search results.

Configuring Exchange Server 2003/2007 Public Folders deleted items retention

Using Exchange Server 2003, we can open Exchange System Manager, expand Administrative Groups, Expand , expand , expand , right click on the Public Folder store and click Properties, then click on Limits tab. We are able to define how many days a deleted item will be kept in the dumpster of the Public Folder database and if we are going to wait for a backup before deleting any item permanently, as shown in Figure 01.

Figure 01