Procedure: 

• Open http configuration file on given path /etc/httpd/conf/httpd.conf
• Remove “indexes” word and save the file 

What is Reverse Proxy: 
A reverse proxy accepts connections and then routes them to an appropriate path.

For example, if we have any application running on port 5000, we can configure a reverse proxy to accept connections on HTTP or HTTPS, which can then transparently proxy requests to the application backend.

Configure Reverse Proxy.

1. Verify Proxy module using below command

proxy_module (shared)


lbmethod_byrequests_module (shared)


proxy_balancer_module (shared)


proxy_http_module (shared

      2. Configure Virtual Host as follow: [We’ll use example application running on 127.0.0.1:5000 as the backend service that we want to reverse proxy requests to]

 




        # The ServerName directive sets the request scheme, hostname and port that


        # the server uses to identify itself. This is used when creating


        # redirection URLs. In the context of virtual hosts, the ServerName


        # specifies what hostname must appear in the request's Host: header to


        # match this virtual host. For the default virtual host (this file) this


        # value is not decisive as it is used as a last resort host regardless.


        # However, you must set it for any further virtual host explicitly.


        #ServerName www.example.com


        ProxyPreserveHost On


        ProxyPass /api http://127.0.0.1:5000


        ProxyPassReverse /api http://127.0.0.1:5000


         ServerAdmin webmaster@localhost


        ServerName app1.demo.com


        ServerAlias app1.demo.com


        DocumentRoot /var/www/html/demoapp


SSLEngine on


SSLCertificateFile /var/www/html/certs/demo.crt


SSLCertificateKeyFile /var/www/html/certs/demo.key


SSLCertificateChainFile /var/www/html/certs/demo_CA.crt




        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,


        # error, crit, alert, emerg.


        # It is also possible to configure the loglevel for particular


        # modules, e.g.


        #LogLevel info ssl:warn




        ErrorLog ${APACHE_LOG_DIR}/error.log


        CustomLog ${APACHE_LOG_DIR}/access.log combined




        # For most configuration files from conf-available/, which are


        # enabled or disabled at a global level, it is possible to


        # include a line for only one particular virtual host. For example the


        # following line enables the CGI configuration for this host only


        # after it has been globally disabled with "a2disconf".


        #Include conf-available/serve-cgi-bin.conf

• Restart httpd service and verify. 

# systemctl start httpd

Procedure: 

• Create one script as below which will run in screen mode

 #!/bin/sh
 screen -d -m -S SessionName /home/script/run.sh

• To run script on startup open crontab and define schedule as follow.

 @reboot /bin/sh /home/script/run.sh 

• After define in schedule restart crontab service and test by restart server.

Procedure: 

• Install FirewallD using yum 

# yum install firewalld 

FirewallD Zones: FirewallD uses services and zones instead of iptables rules and chains. By default the following zones are available

1. Drop: Drop all incoming network packets with no reply, only outgoing network connections are available.
2. Block: Reject all incoming network packets with an icmp-host-prohibited message, only outgoing network connections are available.
3. Public: Only selected incoming connections are accepted, for use in public areas
4. External: For external networks with masquerading enabled, only selected incoming connections are accepted.
5. DMZ: DMZ demilitarized zone, publicly-accessible with limited access to the internal network, only selected incoming connections are accepted.
6. work: For computers in your home area, only selected incoming connections are accepted.
7. home: For computers in your home area, only selected incoming connections are accepted.
8. internal: For computers in your internal network, only selected incoming connections are accepted.
9. trusted: All network connections are accepted.

• To list all available zones 

# firewall-cmd --get-zones

work drop internal external trusted home dmz public block

• To list default zone

#firewall-cmd --get-default-zone
public

# firewall-cmd --set-default-zone
# firewall-cmd --get-default-zone
dmz

# firewall-cmd --zone=dmz --add-service=http --permanent
# firewall-cmd --zone=dmz --add-service=https --permanent
# firewall-cmd --zone=dmz --add-service=imap --permanent
# firewall-cmd --zone=dmz --add-service=imaps --permanent
# firewall-cmd --zone=dmz --add-service=pop3 --permanent
# firewall-cmd --zone=dmz --add-service=pop3s --permanent

# firewall-cmd --remove-service=ssh --permanent
# firewall-cmd --add-port=7022/tcp --permanent

# firewall-cmd --reload

# firewall-cmd --list-all
dmz
target: default
icmp-block-inversion: 
interfaces
sources
services: http https imap imaps pop3 pop3s smtp smtps
ports: 7022/tcp
protocols
masquerade: no
forward-ports
sourceports
icmp-blocks
rich rules

Procedure: 

• Install FirewallD using yum 

# yum install firewalld 

FirewallD Zones: FirewallD uses services and zones instead of iptables rules and chains. By default the following zones are available

1. Drop: Drop all incoming network packets with no reply, only outgoing network connections are available.
2. Block: Reject all incoming network packets with an icmp-host-prohibited message, only outgoing network connections are available.
3. Public: Only selected incoming connections are accepted, for use in public areas
4. External: For external networks with masquerading enabled, only selected incoming connections are accepted.
5. DMZ: DMZ demilitarized zone, publicly-accessible with limited access to the internal network, only selected incoming connections are accepted.
6. work: For computers in your home area, only selected incoming connections are accepted.
7. home: For computers in your home area, only selected incoming connections are accepted.
8. internal: For computers in your internal network, only selected incoming connections are accepted.
9. trusted: All network connections are accepted.

• To list all available zones 

# firewall-cmd --get-zones

work drop internal external trusted home dmz public block

• To list default zone

#firewall-cmd --get-default-zone
public

# firewall-cmd --set-default-zone
# firewall-cmd --get-default-zone
dmz

# firewall-cmd --zone=dmz --add-service=http --permanent
# firewall-cmd --zone=dmz --add-service=https --permanent
# firewall-cmd --zone=dmz --add-service=imap --permanent
# firewall-cmd --zone=dmz --add-service=imaps --permanent
# firewall-cmd --zone=dmz --add-service=pop3 --permanent
# firewall-cmd --zone=dmz --add-service=pop3s --permanent

# firewall-cmd --remove-service=ssh --permanent
# firewall-cmd --add-port=7022/tcp --permanent

# firewall-cmd --reload

# firewall-cmd --list-all
dmz
target: default
icmp-block-inversion: 
interfaces
sources
services: http https imap imaps pop3 pop3s smtp smtps
ports: 7022/tcp
protocols
masquerade: no
forward-ports
sourceports
icmp-blocks
rich rules

Procedure: 

• Install Samba in Centos 7 using below command

# yum install samba samba-client samba-common

• After installation need to add in firewall 

# firewall-cmd --permanent --zone=public --add-service=samba
# firewall-cmd --reload

• Check windows system work group settings. Before configure samba need to check work group in windows PC.  We can check from My Computer — Properties — Advance System settings — Computer Name
• After checking work group configure Samba on centos 7. The configuration file of samba is /etc/samba/smb.conf  with pre-configuration settings. But make sure to take backup before made any changes. 
• First create any directory that you want to share like “Testdirectory”  and set appropriate permission on it.

# mkdir -p /srv/samba/Testdirectory
# chmod -R 0775 /srv/samba/Testdirectory
# chown -R nobody:nobody /srv/samba/Testdirectory

• You need to set SELinux security context for shared directory

# chcon -t samba_share_t /srv/samba/Testdirectory

• After creating directory open smb configuration directory and add as following 

# useradd authuser
# vi /etc/samba/smb.conf

[global]
workgroup = WORKGROUP
netbios name = centos
security = user

[Testdirectory]
comment = Test Directory
path = /srv/samba/Testdirectory
browsable =yes
writable = yes
guest ok = yes
read only = no
force user = nobody

• Now test configuration using below command 

# useradd authuser
# testparm

Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[Anonymous]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
# Global parameters

[global]
netbios name = centos
printcap name = cups
security = USER
idmap config * : backend = tdb
cups options = raw

[homes]
comment = Home Directories
browseable = No
inherit acls = Yes
read only = No
valid users = %S %D%w%S

[printers]
comment = All
Printers
path = /var/tmp
browseable = No
printable = Yes
create mask = 0600
[print$]
comment = Printer
Drivers
path = /var/lib/samba/drivers
create
mask = 0664
directory mask = 0775
write list = root
[Testdirectory]
comment = Anonymous File Server Share
path = /srv/samba/Testdirectory
force user = nobody
guest ok = Yes
read only = No

• Now start samba service and enable it during boot process

# systemctl enable smb.service
# systemctl enable nmb.service
# systemctl start smb.service
# systemctl start nmb.service

• Now test from your windows client by using \\ipaddress_of_server 

Setup Secure Samba in Centos 7 

• First create samba group, then add user and set password for them.

# groupadd smbgrp
# usermod systalk -aG smbgrp
# smbpasswd -a systalk

• Then create a secure directory where the shared files will be kept and set the appropriate permissions on the directory with SELinux security context for the samba.

# mkdir -p /srv/samba/secure
# chmod -R 0770 /srv/samba/secure
# chown -R root:smbgrp /srv/samba/secure
# chcon -t samba_share_t /srv/samba/secure

• Open samba configuration file and add samba group for appropriate sharing 

# vi /etc/samba/smb.conf
[Secure]
comment = Secure File Server Share
path =  /srv/samba/secure
valid users = @smbgrp
guest ok = no
writable = yes
browsable = yes

• After configuration run testparm to test configuration and restart service 

# systemctl restart smb.service
# systemctl restart nmb.service

• Now test secure samba file sharing it will prompt for password. 

Procedure: 

• Install Samba in Centos 7 using below command

# yum install samba samba-client samba-common

• After installation need to add in firewall 

# firewall-cmd --permanent --zone=public --add-service=samba
# firewall-cmd --reload

• Check windows system work group settings. Before configure samba need to check work group in windows PC.  We can check from My Computer — Properties — Advance System settings — Computer Name
• After checking work group configure Samba on centos 7. The configuration file of samba is /etc/samba/smb.conf  with pre-configuration settings. But make sure to take backup before made any changes. 
• First create any directory that you want to share like “Testdirectory”  and set appropriate permission on it.

# mkdir -p /srv/samba/Testdirectory
# chmod -R 0775 /srv/samba/Testdirectory
# chown -R nobody:nobody /srv/samba/Testdirectory

• You need to set SELinux security context for shared directory

# chcon -t samba_share_t /srv/samba/Testdirectory

• After creating directory open smb configuration directory and add as following 

# useradd authuser
# vi /etc/samba/smb.conf

[global]
workgroup = WORKGROUP
netbios name = centos
security = user

[Testdirectory]
comment = Test Directory
path = /srv/samba/Testdirectory
browsable =yes
writable = yes
guest ok = yes
read only = no
force user = nobody

• Now test configuration using below command 

# useradd authuser
# testparm

Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[Anonymous]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
# Global parameters

[global]
netbios name = centos
printcap name = cups
security = USER
idmap config * : backend = tdb
cups options = raw

[homes]
comment = Home Directories
browseable = No
inherit acls = Yes
read only = No
valid users = %S %D%w%S

[printers]
comment = All
Printers
path = /var/tmp
browseable = No
printable = Yes
create mask = 0600
[print$]
comment = Printer
Drivers
path = /var/lib/samba/drivers
create
mask = 0664
directory mask = 0775
write list = root
[Testdirectory]
comment = Anonymous File Server Share
path = /srv/samba/Testdirectory
force user = nobody
guest ok = Yes
read only = No

• Now start samba service and enable it during boot process

# systemctl enable smb.service
# systemctl enable nmb.service
# systemctl start smb.service
# systemctl start nmb.service

• Now test from your windows client by using \\ipaddress_of_server 

Setup Secure Samba in Centos 7 

• First create samba group, then add user and set password for them.

# groupadd smbgrp
# usermod systalk -aG smbgrp
# smbpasswd -a systalk

• Then create a secure directory where the shared files will be kept and set the appropriate permissions on the directory with SELinux security context for the samba.

# mkdir -p /srv/samba/secure
# chmod -R 0770 /srv/samba/secure
# chown -R root:smbgrp /srv/samba/secure
# chcon -t samba_share_t /srv/samba/secure

• Open samba configuration file and add samba group for appropriate sharing 

# vi /etc/samba/smb.conf
[Secure]
comment = Secure File Server Share
path =  /srv/samba/secure
valid users = @smbgrp
guest ok = no
writable = yes
browsable = yes

• After configuration run testparm to test configuration and restart service 

# systemctl restart smb.service
# systemctl restart nmb.service

• Now test secure samba file sharing it will prompt for password. 

• First step to install NFS using yum using below command 

# yum install nfs-utils

• Now create directory that need to share using NFS 

# mkdir /data

• Change permission on directory as follow

# chmod -R 755 /data

• Need to start service and enable them as boot time

• Share directory over network using following

# vi /etc/exports

• Restart NFS service 

# systemctl restart nfs-server

• After restart service need to allow NFS port in firewall 

• Install nfs-util using below command 

# yum install nfs-utils

• Create directory to  mount from NFS

# mkdir /mnt/nfsshare

• After creating directory now mount from NFS using below command:

# mount -t nfs 10.10.10.1:/var/nfsshare /mnt/nfsshare

• After mount check storage using below command 

# df -kh

• Now we are connecting NFS shared drive, please check by create test file 

# touch  /mnt/nfsshare/testfile

• First step to install NFS using yum using below command 

# yum install nfs-utils

• Now create directory that need to share using NFS 

# mkdir /data

• Change permission on directory as follow

# chmod -R 755 /data

• Need to start service and enable them as boot time

• Share directory over network using following

# vi /etc/exports

• Restart NFS service 

# systemctl restart nfs-server

• After restart service need to allow NFS port in firewall 

• Install nfs-util using below command 

# yum install nfs-utils

• Create directory to  mount from NFS

# mkdir /mnt/nfsshare

• After creating directory now mount from NFS using below command:

# mount -t nfs 10.10.10.1:/var/nfsshare /mnt/nfsshare

• After mount check storage using below command 

# df -kh

• Now we are connecting NFS shared drive, please check by create test file 

# touch  /mnt/nfsshare/testfile

Procedure: 

• First add user using below command 

# adduser testuser1

• Set password to user 

# passwd testuser1

• Grant privileges to user using below command 

# visudo

## find the following content
root ALL=(ALL) ALL
## Add following content
testuser1 ALL=(ALL) ALL

• Then save and exit file using :wq command
• To test privileges login with testuser1 and use below command to take previleges

$ sudo su
password prompt for testuser1 now testuser1 can run all commands as a root.