Installation of Apache Tomcat on Linux

Tomcat is a java development web server.

Prerequisites for tomcat:

1.  Java Development kit (JDK)

Installation of JDK On Linux:

First download jdk as a compressed file from internet. We have used jdk-1_5_0_03-linux-i586.bin file for installing jdk on fedora core 7.

Create a directory called java under / and download jdk-1_5_0_03-linux-i586.bin in it.

# mkdir  /java

# cd java

The downloaded file is a text file, so change it to executable using chmod.

# chmod +x jdk-1_5_0_03-linux-i586.bin

# ./ jdk-1_5_0_03-linux-i586.bin

This will execute the above file and ask for accepting license agreement. Enter “yes” to install the jdk. Hence a directory jdk1.5.0_03 will be created.

Now edit the file /etc/profile using vi editor to enter below lines.

export JAVA_HOME=/java/jdk1.5.0_03

******************************************************************************

Installing Tomcat

Create a directory “tomcat” under / and download the Jakarta-tomcat-4.1.12.tar.gz in it.

# mkdir  /tomcat

# cd  /tomcat

# wget http://archive .apache.org/dist/tomcat/tomcat-4/archive/v4.1.12/bin/jakarta-tomcat-4.1.12.tar.gz

# tar -xzvf  Jakarta-tomcat-4.1.12.tar.gz

This will create a directory jakarta-tomcat-4.1.12

# cd  Jakarta-tomcat-4.1.12

# cd bin

# ./startup.sh

This will start the tomcat (similarly use ./shutdown.sh to stop tomcat)

Test the tomcat by http://localhost:8080/ in the browser.

The tomcat web page will be displayed if tomcat is installed successfully.

******************************************************************************

Managing Tomcat using web admin tool

There is a directory “conf” in the /tomcat/jakarta-tomcat-4.1.12 folder which contains file called “tomcat-users.xml.

Edit this file to enter a new role by the name of “admin” and then adding a new user with admin role. This user will thus become the administrator of tomcat.

<role rolename=”admin” description=”tomcat administrator”/>

<user username=”test” password=”secure” roles=”admin”/>

Now open the tomcat webpage using http://localhost:8080 and then in the left side of the page navigate to “Tomcat Administration” and click it. This will ask for username & password. Enter the username as “test” and password “secure” to log on as administrator.

******************************************************************************

web filtering using squid proxy server

Squid proxy server is a web caching server for providing controlled internet access to users in an organization.

First Download & install squid

# yum install squid

Prerequisites for Installing SquidGuard

BerkeleyDB.4.6 or previous is required so download it.
(BerkeleyDB.4.7 poses compilation problems during installing of squidGuard)

#cd /Downloads

# tar –xzvf <db tar file>

# cd <db file name>

# cd build_unix

# ../dist/configure

# make

# make install

# echo /usr/local/BerkeleyDB.4.6/lib >> /etc/ld.so.conf

# ldconfig

Hence Berkeley Database if now installed.

Download squidGuard-1.4.tar.gz Untar the tar file

# tar -xzvf squidGuard-1.4.tar.gz

# cd squidGuard-1.4

# ./configure

# make

# make install

Hence squidGuard is now installed in /usr/local/squidGuard directory which contains db & log directories along with squidGuard.conf file.

Under /Downloads directory download blacklists .tar.gz file from squidGuard site and move it to the /usr/local/squidGuard/db directory and untar the blacklist.tar.gz file.

db directory is the database of the blacklists. The blacklists directory holds the various categories of blacklists like drugs, ads,audio-video etc

Edit the squidGuard.conf file to make following changes.

*****************************************************************************************

dest drugs

{ 

domainlist      /blacklists/drugs/domains

urllist          /blacklists/drugs/urls

}

acl {

      default {

                 pass !drugs  all

                 redirect http://192.168.10.222/cgi-bin/squidGuard-simple.cgi?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u

                  }

    }

**************************************************************************************

Save and exit the file.

The above redirector redirects the blocked sites to the blocked.html page in the /var/www/html directory which contains html code .

Verify the squidGuard working using the below command:

# squidGuard  -d

Above command checks the squidGuard.conf file and outputs the wether squidGuard is successfully working or not.

Squid is installed in /etc/squid directory. Edit the squid.conf file to  make following changes:

********************************************************************************************************

acl my_network src 192.168.10.0/24

http_access allow my_network

http_port 3128

#  url_rewrite_program

redirect_program   /usr/local/bin/squidGuard

 *******************************************************************************************************

Save and exit the file

Restart the squid

# service squid restart

Now on the client's computer open up the browser and in the connection  settings enter the proxy server's ip and port i.e 192.168.10.222 & 3128

Hence now the client can access the internet via squid only. Open up www.whatismyip.com on client's computer  which which will display the proxy server details.

SquidGuard CGI Scripts

Copy the squidGuard-simple.cgi file from the /Downloads/squidGuard-1.4/samples directory and place it in /var/www/cgi-bin

# chown -R squid:squid squidGuard-simple.cgi  (Change ownership permissions)

Check wether the squidGuard-simple.cgi script runs by entering the following url in the web browser:

http://192.168.10.222/cgi-bin/squidGuard-simple.cgi

Note: By deafult Apache does not allow cgi scripts to run. Hence uncomment the following from the httpd.conf file in /etc/httpd/conf/ directory.

#AddHandler cgi-script .cgi

to

 AddHandler cgi-script .cgi

The default squidGuard.cgi file in /samples directory of squidGuard does not seem to work when placed in /var/www/cgi-bin directory. So we use squidGuard-simple.cgi file in the same directory and copy it in cgi-bin directory of Apache.

Change the redirect rule in squiduard.conf file to give the full path name of the squidGuard-simple.cgi file.

redirect http://192.168.10.222/cgi-bin/squidGuard-simple.cgi?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u

*************************************************************************************

Note: Change the ownership of the db ,log directories and squidGuard.conf  to be of the user squid & group squid.

# chown  -R squid:squid db

# chown  -R squid:squid log

# chown  -R squid:squid  squidGuard.conf

Also the permissions of the squidGuard-simple.cgi file in /var/www/cgi-bin directory should be chmodded to 0755.

# chmod 0755 squidGuard-simple.cgi

Mail Server Configuration on Linux

Linux can be configured as a local mail server. This has been tested on the standard Fedora core 7 Linux distro. Here Linux is configured for relaying mails only in the local domain (example.com).

Server side Configuration

Server: Fedora core 7

Installed packages:

Sendmail server

1.       sendmail  -8.14.1-4.2.fc7 & sendmail -cf -8.14.1-4.2.fc7 (packages)

Pop  server

2.       dovecot ( imap/pop3) server

dovecot-1.0.0.11.fc7 (package

Mail Client

3.        Evolution/Thunderbird (for Linux) standard package shipped with Red Hat/Fedora, outlook(for windows)

Or a web based client such as “squirrelmail” can be used for accessing mails using web browser.

squirrelmail-1.4.10a-1.fc7 (package)

Other packages required for web based access (squirrelmail only) of mails are: 

Apache

php

 All standard Linux versions are shipped with apache (httpd) server and php.

   

 Mail Server Configuration

 Firstly we will make a local domain(example.com) on the linux server so that we can create emails as username@example.com

We shall change the hostname of our Linux server to “mailserver” by using the following command

# hostname mailserver

Also edit the file /etc/sysconfig/network to change the HOSTNAME=mailserver.

# hostname

Would  show the changed hostname as “mailserver” ( For our Linux Mail server)

Domain creation

After this we need to create a local domain on Linux server. For this we will edit the /etc/hosts file and add below entry to it below the”127.0.0.1    localhost.localdomain      localhost” line.

192.168.10.221     mailserver.example.com      mailserver

Save the file and exit. Upon exiting type the following command and we should have our dns domain as example.com

# dnsdomainname

Would give output as

example.com

Hence we have created a local domain in Linux by the name of “ example.com”

After this add users on the Linux server using useradd command and give then passwords. This shell login & password will be used for accessing their e-mail accounts.

Next set an ip address for ur mail server,say(192.168.10.221) using following command

# /sbin/ifconfig   eth0   192.168.10.221

Sendmail configuration

Sendmail configuration is stored in /etc/mail  directory which contains the sendmail configuration fil as sendmail.cf. This file should not be directly edited using vi editor. Instead m4 macro is used to configure this file using the sendmail.mc  file as follows.

sendmail.mc   file is edited and the using m4 macro is used to create the sendmail.cf  file .

# m4  /etc/mail/sendmail.mc  >  /etc/mail/sendmail.cf 

Edit the sendmail.mc  file using vi editor and find this line in it.

DAEMON_OPTIONS (`Port=smtp,Addr=127.0.0.1 , Name=MTA’ ) dnl

The above line tells mail server to listen on only loopback address(default setting for mailserver). Hence we should disable it to listen on all available interfaces( i.e it should listen on eth0 interface also for requests). Hence we will disable the above line by commenting it( placing “dnl” in the beginning)

dnl   DAEMON_OPTIONS (`Port=smtp,Addr=127.0.0.1 , Name=MTA’ ) dnl

Next find the  line with LOCAL_DOMAIN and change it to “example.com” in place of localhost.localdomain

Now run the above m4  command to create sendmail.cf  file .

After this restart the sendmail service.

Dovecot configuration

Dovecot  is an open source IMAP & POP3 server. The configuration file is located in /etc directory as dovecot.conf.

Edit the /etc/dovecot .conf file to make following changes in the lines below:

   Protocols = imap   imaps   pop3    pop3s

    listen = * , [::]

    disable_plaintext_auth = no

    ssl_disable = no

    mail_location = mbox:~/mail:INBOX=/var/mail/%u

    pop3_uidl_format = %08Xu%08Xv

    auth default {

                mechanisms =  plain

              }

Save , exit and restart the dovecot.

Note:  Dovecot automatically auto detects the user’s mailbox in most cases (mail_location path given above need not specified in all cases), but if Dovecot does not detect the mailbox for retrieving mails (see /var/log/maillog), then we have to specify the mail location path as above. Choose the mail location from the specified list of mail_location already in the dovecot.conf file.

Testing the Dovecot

#  telnet   192.168.10.221  pop3

Should  greet you with message “ Ok+ Dovecot ready”

Next login with user credentials as

# user  chandan

Should greet you with “+Ok “

# pass   chandan123 

Should greet you with “+Ok Logged in”