armanhakimsagar · September 24, 2020 01:23
diff --git a/apache & database security b/apache & database security
 ************** apache / site enables

 this is folder where we have to setup all domain information of this server. It can be multiple.

 create a file like : lms.com.conf , airposted.com.conf.

 In this file you will configure port number, hostname, host root, servername

 <VirtualHost *:80>

    ServerName airposted.com
    ServerAlias www.airposted.com
    DocumentRoot /var/www/airposted

 </VirtualHost>


 <VirtualHost *:80>

    ServerName lms.com
    ServerAlias www.lms.com
    DocumentRoot /var/www/lms

 </VirtualHost>

 ** Go to cmd for enable this websites : a2ensite lms.com.conf,  a2ensite airposted.com.conf

 ** restart apache server : service apache2 restart



 *********** etc / hosts

 The computer file hosts is an operating system file that maps hostnames to IP addresses. 

 In this file you have to add website name for add any website in server, 

 when you type lms.com it relocate host name to specific folder of the same server.

 type cmd > ipconfig & get ip.

 127.0.0.1  lms.com
 127.0.0.1  airposted.com



 ssl : https://www.youtube.com/watch?v=gxwbP7fNOzI&list=PLCakfctNSHkGLCs9az_9PKqW1NY1C5HIU


 ********** apache \ conf

 All ssl certification folder you can see here. ssl.crt , ssl.csr , ssl.key.
 After generate certificate you can set in this folder.
 Or you you want to generate run this file  : apache \ makecert.bat

 ********* conf\extra\httpd-vhost

 You have to set certification root in here

 <VirtualHost 127.0.0.1:443>
    DocumentRoot "F:/lms/htdocs"
    ServerName myproject
    SSLEngine on
    SSLCertificateFile "conf/ssl.crt/server.crt"
    SSLCertificateKeyFile "conf/ssl.key/server.key"
    <Directory "F:/lms/htdocs/myproject/web">
        Options All
    AllowOverride All
    Require all granted
    </Directory>
 </VirtualHost>



 1. httpd:

 	httpd is server program.
 	HTTP Daemon is a software program that runs in the background of a web server.
 	It waits for the incoming server requests. 
 	The daemon answers the request automatically and serves the hypertext and multimedia documents over the Internet using HTTP.
 	
 	install httpd by apache : sudo apt-get install apache2
 	
 	sudo systemctl stop apache2
 	
 	sudo systemctl start apache2

 	sudo systemctl restart apache2

 	sudo service apache status
 	
 	always remember port 80 - http / port 443 - https
 	
 	check your running port by : netstat -tupan | grep -i http

 2. OpenSSL :

 		OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites.
 		
 3. block php myadmin for specific ip :

 		cd etc/apache/conf-available/phpmyadmin.conf
 		all php myadmin related conf in here. like port block, ip block, change url.
 _______________________

 Database security :

 database security
 MySQL with root level privileges
 https://www.upguard.com/blog/top-11-ways-to-improve-mysql-security
 drop user : https://www.youtube.com/watch?v=1L9u3tbUVBU&t=127s
 create user & set pri : https://www.youtube.com/watch?v=1L9u3tbUVBU&t=127s
 port check
 port block
 remote acccess check
 https://www.a2hosting.com/kb/developer-corner/mysql/restricting-mysql-port-access
 https://www.a2hosting.com/kb/developer-corner/mysql/restricting-mysql-port-access
 https://help.ubuntu.com/community/IptablesHowTo
 https://help.ubuntu.com/community/UFW
 https://www.youtube.com/watch?v=f9-iYQ25K-g
 https://www.myphpnotes.com/post/phpini-vulnerbility-test
 https://www.youtube.com/watch?v=rNelnMATsuc
 https://superuser.com/questions/282115/how-to-restart-mysql
 https://www.networkinghowtos.com/howto/disable-remote-root-logins-into-mysql/
 change phpmyadmin url : https://www.youtube.com/watch?v=CsEtmJO0l-I
 block phpmyadmin specific ip : https://www.youtube.com/watch?v=iV-5E4d34To&t=28s
	************** apache / site enables

	this is folder where we have to setup all domain information of this server. It can be multiple.

	create a file like : lms.com.conf , airposted.com.conf.

	In this file you will configure port number, hostname, host root, servername

	<VirtualHost *:80>

	ServerName airposted.com
	ServerAlias www.airposted.com
	DocumentRoot /var/www/airposted

	</VirtualHost>


	<VirtualHost *:80>

	ServerName lms.com
	ServerAlias www.lms.com
	DocumentRoot /var/www/lms

	</VirtualHost>

	** Go to cmd for enable this websites : a2ensite lms.com.conf, a2ensite airposted.com.conf

	** restart apache server : service apache2 restart



	*********** etc / hosts

	The computer file hosts is an operating system file that maps hostnames to IP addresses.

	In this file you have to add website name for add any website in server,

	when you type lms.com it relocate host name to specific folder of the same server.

	type cmd > ipconfig & get ip.

	127.0.0.1 lms.com
	127.0.0.1 airposted.com



	ssl : https://www.youtube.com/watch?v=gxwbP7fNOzI&list=PLCakfctNSHkGLCs9az_9PKqW1NY1C5HIU


	********** apache \ conf

	All ssl certification folder you can see here. ssl.crt , ssl.csr , ssl.key.
	After generate certificate you can set in this folder.
	Or you you want to generate run this file : apache \ makecert.bat

	********* conf\extra\httpd-vhost

	You have to set certification root in here

	<VirtualHost 127.0.0.1:443>
	DocumentRoot "F:/lms/htdocs"
	ServerName myproject
	SSLEngine on
	SSLCertificateFile "conf/ssl.crt/server.crt"
	SSLCertificateKeyFile "conf/ssl.key/server.key"
	<Directory "F:/lms/htdocs/myproject/web">
	Options All
	AllowOverride All
	Require all granted
	</Directory>
	</VirtualHost>



	1. httpd:

	httpd is server program.
	HTTP Daemon is a software program that runs in the background of a web server.
	It waits for the incoming server requests.
	The daemon answers the request automatically and serves the hypertext and multimedia documents over the Internet using HTTP.

	install httpd by apache : sudo apt-get install apache2

	sudo systemctl stop apache2

	sudo systemctl start apache2

	sudo systemctl restart apache2

	sudo service apache status

	always remember port 80 - http / port 443 - https

	check your running port by : netstat -tupan \| grep -i http

	2. OpenSSL :

	OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites.

	3. block php myadmin for specific ip :

	cd etc/apache/conf-available/phpmyadmin.conf
	all php myadmin related conf in here. like port block, ip block, change url.
	_______________________

	Database security :

	database security
	MySQL with root level privileges
	https://www.upguard.com/blog/top-11-ways-to-improve-mysql-security
	drop user : https://www.youtube.com/watch?v=1L9u3tbUVBU&t=127s
	create user & set pri : https://www.youtube.com/watch?v=1L9u3tbUVBU&t=127s
	port check
	port block
	remote acccess check
	https://www.a2hosting.com/kb/developer-corner/mysql/restricting-mysql-port-access
	https://www.a2hosting.com/kb/developer-corner/mysql/restricting-mysql-port-access
	https://help.ubuntu.com/community/IptablesHowTo
	https://help.ubuntu.com/community/UFW
	https://www.youtube.com/watch?v=f9-iYQ25K-g
	https://www.myphpnotes.com/post/phpini-vulnerbility-test
	https://www.youtube.com/watch?v=rNelnMATsuc
	https://superuser.com/questions/282115/how-to-restart-mysql
	https://www.networkinghowtos.com/howto/disable-remote-root-logins-into-mysql/
	change phpmyadmin url : https://www.youtube.com/watch?v=CsEtmJO0l-I
	block phpmyadmin specific ip : https://www.youtube.com/watch?v=iV-5E4d34To&t=28s