Apache

PORT Related interview questions in Linux:
1. What is a port?
A port is piece of software which is used as docking point in your machine, where remote application can communicate. This is analogy to the physical ports for entering in to a country from different sea ports.
2. What is hardware port?
This is physical peripheral connection point to a machine from a physical device.
3. What is a socket?
Socket is combination of software Port+IP address.
A socket is just a logical endpoint for communication. They exist on the transport layer. You can send and receive things on a socket, you can bind and listen to a socket.
A socket is specific to a protocol, machine, and port, and is addressed as such in the header of a packet.
4. What is the range of ports or how many ports are there?
Port numbers can vary from 0 to 65535, so total we can get 65536 ports
5. Why port numbers are just 65536?
This is because limitation in TCP/IP stack where the port number field is just 16bit size. So we get only 2^16 ports which are equal to 65536 available ports
6.What are the well-known ports or assigned ports or default ports?
Well known ports are from 0 to 1023(total 2^10=1024 ports)
7.What do you mean by default port?
Default port is a designated port for particular well-known server.
8.Can we change default port for a service(example Apache, squid)?
Yes, we can change. In most apache and DNS we can change this using listen configuration entry in httpd.conf and . Squid have port entry in its squid.conf file to mention port number.
9.What are the protocol numbers for TCP and UDP?
Do not confuse this one with port numbers. TCP and UDP have their own numbers in TCP/IP stack.
TCP protocol number:6
UDP protocol number:17
10. Is there any way I can see all the port information in Linux?
Yes, you can get that from /etc/services files.
11. How can I see open ports in Linux?
use nmap , lsof or netstat commands.
Ex: #lsof -i
Ex: #netstat -tulpn
Ex: #nmap -sT -O localhost
12.Which port is used by Ping command?
The answer is none. No ports required for Ping as it uses icmp packets
It needs to allow icmp 'echo-request' (type 8) packets out and icmp 'echo-reply' (type 0) packets in.
Ping Use ICMP to comminicate and ICMP is a protocol not a service. Hence it does not use a specific port
FLOW :
ICMP Echo Request
|
Type (8) Code (0)
|
Checksum
|
Identification
|
Sequence
 |
Test Data
Ports and corresponding port numbers:
20 – FTP Data (For transferring FTP data)
21 – FTP Control (For starting FTP connection)
22 – SSH(For secure remote administration which uses SSL to encrypt the transmission)
23 – Telnet (For insecure remote administration
25 – SMTP(Mail Transfer Agent for e-mail server such as SEND mail)
53 – DNS(Special service which uses both TCP and UDP)
69 – TFTP(Trivial file transfer protocol uses udp protocol for connection less transmission 
of data)
80 – HTTP/WWW(apache)
110 – POP3(Mail delivery Agent)
123 – NTP(Network time protocol used for time syncing uses UDP protocol)
137 – NetBIOS(nmbd)
138 - NetBIOS 
139 – SMB-Samba(smbd)
143 – IMAP
161 – SNMP(For network monitoring)
162-SNMP Trap
 389 – LDAP(For centralized administration)
443 – HTTPS(HTTP+SSL for secure web access)
514 – Syslogd(udp port)
636 – ldaps(both tcp and udp)

HTTP ---------- 80

FTP ------------ 20,21

TelNet ---------- 23

SMTP ---------- 25

DNS ----------- 53

TFTP ----------- 69

SNMP ---------- 161

RIP ------------- 520

IMAP 4--------- 143

IMAP 3 --------- 220

RPC ------------ 135

LDAP ---------- 389

Net Stat -------- 15

WINS ---------- 42

BootP ---------- 67

DHCP ---------- 68

POP2 ---------- 109

POP3 ---------- 110

Net BIOS ------ 139

SSL(HTTPS) --- 443

SQL Server ---- 1433

NFS ------------ 2049

SSH ------------ 22

RAP ----------- 38

BGP ----------- 179

10 Useful Interview Questions on Linux Services and Daemons

Daemon is a computer program that runs as a background process and generally do not remains under the direct control of user. The parent process of a daemon in most cases are init, but not always.

In Linux, a Service is an application that runs in a background carrying out essential task or waiting for its execution.

Questions on Linux Services and Daemons

Generally, there is no difference between a Daemon and a Service. Daemon is Service but service may be bigger than Daemon. Daemon provide some services and services may contain more than one Daemon.

Here in this series of Interview Article, we would be covering Services and Daemons in Linux.

1. What is Exim Service? What is the purpose of this Service?

Answer :Exim is an Open Source Mail Transfer Agent (MTA) which deals with routing, receiving and delivering of Electronic Mail. Exim service serves to be a great replacement of sendmail service which comes bundled with most of the distro.

2. What is NIS server? What is the purpose of NIS Server?

Answer :The NIS server, serves the purpose of dealing with Network Information Service which in-turn facilitates to login to other Systems with same log-in credentials. NIS is a directory service protocol which functions in Client-Server Model.

3. What will you prefer for a reverse proxy in Linux?

Answer :Reverse Proxy refers to the type of proxy that retrieves resources on account of client from server(s). The solution of ‘Reverse Proxy’ in Linux is squid as well as Apache reverse Proxy. However ‘squid’ is more preferred than ‘Apache reverse Proxy’ because of its simplicity and straight forward nature.

4. You are getting following codes (2xx, 3xx, 4xx, 5xx) in Apache, at some point of time. What does this means?

Answer : In Apache each error code points towards a specific area of problem.

1. 2xx : Request of connection Successful
2. 3xx: Redirection
3. 4xx: Client Error
4. 5xx: Server Error

5. You are asked to stop Apache Service through its control Script. What will you do?

Answer :The Apache service is controlled using a script called apachectl. In order to stop apache using its control script we need to run.

# apachectl stop               [On Debian based Systems]

# /etc/inid.t/httpd stop       [On Red Hat based Systems]

6. How is ‘apachectl restart’ different from ‘apachect1 graceful’

Answer :The ‘apachect1 restart’ when executed will force Apache to restart immediately, before the task complete whereas ‘apachectl graceful’ will wait for the current task to be finished before restarting the service. Not to mention ‘apachectl graceful’ is more safe to execute but the execution time for ‘apachect1 restart’ is less as compared to ‘apachectl graceful’.

7. How will you configure the nfs mounts to export it, from your local machine?

Answer :The /etc/export allows the creation of nfs exports on local machine and make it available to the whole world.

8. You are supposed to create a new Apache VirtualHost configuration for the host www.Tecmint.com that is available at /home/Tecmint/public_html/ and maintains log at /var/log/httpd/ by default.

Answer :You need to create a Apache virtual host container in main apache configuration file located at ‘/etc/httpd/conf/httpd.conf’. The following is the virtual container for host www.tecmint.com.

DocumentRoot /home/Tecmint/public_html

ServerName www.Tecmint.com

Server Alias Tecmint.com

CustomLog /var/log/httpd/Tecmint.com.log combined

ErrorLog /var/log/httpd/Tecmint.com.error.log

9. You are supposed to dump all the packets of http traffic in file http.out. What will you suggest?

Answer :In order to dump all the network traffic, we need to use command ‘tcpdump’ with the following switches.

# tcpdump tcp port 80 -s0 -w http.out

10. How will you add a service (say httpd) to start at INIT Level 3?

Answer :We need to use ‘chkconfig’ tool to hook up a service at INIT Level 3 by changing its runlevel parameter.

chkconfig –level 3 httpd on

____________________________________________________________________________________

1. What is Apache web server?

Answer : Apache web server HTTP is a most popular, powerful and Open Source to host websites on the web server by serving web files on the networks. It works on HTTP as in Hypertext Transfer protocol, which provides a standard for servers and client side web browsers to communicate. It supports SSL, CGI files, Virtual hosting and many other features.

2. How to check Apache and it’s version?

Answer : First, use the rpm command to check whether Apache installed or not. If it’s installed, then use httpd -v command to check its version.

[root@tecmint ~]# rpm -qa | grep httpd

httpd-devel-2.2.15-29.el6.centos.i686

httpd-2.2.15-29.el6.centos.i686

httpd-tools-2.2.15-29.el6.centos.i686

[root@tecmint ~]# httpd -v

Server version: Apache/2.2.15 (Unix)

Server built:   Aug 13 2013 17:27:11

3. Apache runs as which user? and location of main config file?.

Answer : Apache runs with the user “nobody” and httpd daemon. Apache main configuration file: /etc/httpd/conf/httpd.conf (CentOS/RHEL/Fedora) and /etc/apache2.conf (Ubuntu/Debian).

4. On which port Apache listens http and https both?

Answer : By default Apache runs on http port 80 and https port 443 (for SSL certificate). You can also use netstat command to check ports.

[root@tecmint ~]# netstat -antp | grep http

tcp        0      0 :::80                       :::*                        LISTEN      1076/httpd          

tcp        0      0 :::443                      :::*                        LISTEN      1076/httpd

5. How do you install Apache Server on your Linux machine?

Answer : Simply, you can use any package installer such as yum on (RHEL/CentOS/Fedora) and apt-get on (Debian/Ubuntu) to install Apache server on your Linux machine.

[root@tecmint ~]# yum install httpd

[root@tecmint ~]# apt-get install apache2

6. Where you can find all configuration directories of Apache Web Server?

Answer : By default Apache configuration directories installed under /etc/httpd/ on (RHEL/CentOS/Fedora) and /etc/apache2 on (Debian/Ubuntu).

[root@tecmint ~]# cd /etc/httpd/

[root@tecmint httpd]# ls -l

total 8

drwxr-xr-x. 2 root root 4096 Dec 24 21:44 conf

drwxr-xr-x. 2 root root 4096 Dec 25 02:09 conf.d

lrwxrwxrwx  1 root root   19 Oct 13 19:06 logs -> ../../var/log/httpd

lrwxrwxrwx  1 root root   27 Oct 13 19:06 modules -> ../../usr/lib/httpd/modules

lrwxrwxrwx  1 root root   19 Oct 13 19:06 run -> ../../var/run/httpd

[root@tecmint ~]# cd /etc/apache2

[root@tecmint apache2]# ls -l

total 84

-rw-r--r-- 1 root root  7113 Jul 24 16:15 apache2.conf

drwxr-xr-x 2 root root  4096 Dec 16 11:48 conf-available

drwxr-xr-x 2 root root  4096 Dec 16 11:45 conf.d

drwxr-xr-x 2 root root  4096 Dec 16 11:48 conf-enabled

-rw-r--r-- 1 root root  1782 Jul 21 02:14 envvars

-rw-r--r-- 1 root root 31063 Jul 21 02:14 magic

drwxr-xr-x 2 root root 12288 Dec 16 11:48 mods-available

drwxr-xr-x 2 root root  4096 Dec 16 11:48 mods-enabled

-rw-r--r-- 1 root root   315 Jul 21 02:14 ports.conf

drwxr-xr-x 2 root root  4096 Dec 16 11:48 sites-available

drwxr-xr-x 2 root root  4096 Dec  6 00:04 sites-enabled

7. Can Apache be secured with TCP wrappers?

Answer : No, It can’t be secured with the TCP wrappers since it doesn’t support libwrap.a library of Linux.

8. How to change default Apache Port and How Listen Directive works in Apache?

Answer : There is a directive “Listen” in httpd.conf file which allows us to change the default Apache port. With the help of Listen directive we can make Apache listen on different port as well as different interfaces.

Suppose you have multiple IPs assigned to your Linux machine and want Apache to receive HTTP requests on a special Ethernet port or Interface, even that can be done with Listen directive.
To change the Apache default port, please open your Apache main configuration file httpd.conf or apache2.conffile with VI editor.

[root@tecmint ~]# vi /etc/httpd/conf/httpd.conf

[root@tecmint ~]# vi /etc/apache2/apache2.conf

Search for the word ”Listen”, comment the original line and write your own directive below that line.

# Listen 80

Listen 8080

OR

Listen 172.16.16.1:8080

Save the file and restart the web server.

[root@tecmint ~]# service httpd restart

[root@tecmint ~]# service apache2 restart

9. Can we have two Apache Web servers on a single machine?

Answer : Yes, we can run two different Apache servers at one time on a Linux machine, but the condition for that is they should listen on different ports and we can change the ports with Listen directive of Apache.

10. What do you mean by DocumentRoot of Apache?

Answer : DocumentRoot in Apache means, it’s the location of web files are stored in the server, the default DocumentRoot of Apache is /var/www/html or /var/www. This can be changed to anything, by setting up “DocumentRoot” in a virtual host of configuration file of domain.

11. How to host files in different folder and what is Alias directive?

Answer : Yes, this can be achieved by Alias directive in the main Apache configuration file. Alias directive maps resources in File system, it takes a URL path and substitute it with a file or directory path on the system with is set up to redirect.

To use Alias directive, Its the part of mod_alias module of Apache. The default syntax of Alias directive is:

Alias /images /var/data/images/

Here in above example, /images url prefix to the /var/data/imagesprefix that mean clients will query for “http://www.example.com/images/sample-image.png” and Apache will pick up the “sample-image.png” file from /var/data/images/sample-image.pngon the server. It’s also known as URL Mapping.

12. What do you understand by “DirectoryIndex”?

Answer : DirectoryIndex is the name of first file which Apache looks for when a request comes from a domain. For example: www.example.com is requested by the client, so Apache will go the document root of that website and looks for the index file (first file to display).

The default setting of DirectoryIndex is .html index.htmlindex.php, if you have different names of your first file, you need to make the changes in httpd.conf or apache2.conffor DirectoryIndex value to display that to your client browser.

#

# DirectoryIndex: sets the file that Apache will serve if a directory

# is requested.

#

# The index.html.var file (a type-map) is used to deliver content-

# negotiated documents.  The MultiViews Option can be used for the

# same purpose, but it is much slower.

#

DirectoryIndex index.html index.html.var index.cgi .exe

13. How to disable Directory listing when an index file is missing?

Answer : If, the main index file is missing in the website root directory, then the Apache will lists all the contents like files and folder of the website on the browser instead of Main website pages.

To stop Apache directory listing, you can set the following rule in the main configuration file globally or in .htaccess file for a particular website.

   Options -Indexes

14. What are different log files of Apache Web Server?

Answer : The default log files of Apache Web Server are access log “/var/log/httpd/access_log” and error log :/var/log/httpd/error_log”.

15. What do you understand by “connection reset by peer” in error logs?

Answer : When the server is serving any ongoing Apache request and end user terminates the connection in between, we see “connection reset by peer” in the Apache error logs.

16. What is Virtual Host in Apache?

The Virtual Host section contains the information like Website name, Document root, Directory Index, Server Admin Email, ErrorLog File location etc.

You are free to add as many directives you require for your domain, but the two minimal entries for a working website is the ServerNameand DocumentRoot. We usually define our Virtual Host section at the bottom of httpd.conf file in Linux machines.

Sample VirtualHost

   ServerAdmin webmaster@dummy-host.example.com

   DocumentRoot /www/docs/dummy-host.example.com

   ServerName dummy-host.example.com

   ErrorLog logs/dummy-host.example.com-error_log

   CustomLog logs/dummy-host.example.com-access_log common

1. ServerAdmin : Its usually the email address of the website owner, where the error or notification can be sent.
2. DocumentRoot : location where the web files are located in the server(Necessary).
3. ServerName : Its the domain name which you want to access from your web browser(Necessary).
4. ErrorLog : Its the location of the log file where all the domain related logs are being recorded.

17. What’s the difference between and ?

Answer :

1. is used to set element related to the URL / address bar of the web server.
2. refers that the location of file system object on the server

18. What is Apache Virtual Hosting?

Answer : Apache Virtual hosting is the concept of hosting multiple website on a single web server. There are two types of Virtual hosts can be setup with Apache are Name Based Virtual hosting and IP based virtual hosting.

For more information, read on How to Create Name/IP based Virtual Hosts in Apache

Download Your Free eBooks NOW - 10 Free Linux eBooks for Administrators

As we all are aware that Apache is a very powerful, highly flexible and configurable Web server for Nix OS. Here in this tutorial, we are going to discuss one more feature of Apachewhich allows us to host more than one website on a single Linux machine. Implementing virtual hosting with Apache web server can help you to save costs you are investing on your server maintenance and their administration.

Apache Virtual Hosting in Linux

Concept of Shared web hosting and Reseller web hosting is based on this facility of Apache only.

Types of Virtual Host

There are two types of virtual hosting is available with Apache.

Name Based Virtual Hosting

With the name based virtual hosting you can host several domains/websiteson a single machine with a single IP. All domains on that server will be sharing a single IP. It’s easier to configure than IP based virtual hosting, you only need to configure DNS of the domain to map it with its correct IP address and then configure Apache to recognize it with the domain names.

·         Name Based Virtual Hosting

·         IP Based Virtual Hosting

With the IP based virtual hosting, you can assign a separate IP for each domain on a single server, these IP’s can be attached to the server with single NIC cards and as well as multiple NICs.

IP Based Virtual Hosting

Lets set up Name Based Virtual Hosting and IP based Virtual hosting in RHEL, CentOS and Fedora.

Testing Environment

1. OS – CentOS 6.5
2. Application – Apache Web Server
3. IP Address – 192.168.0.100
4. IP Address – 192.168.0.101
5. Domain – www.example1.com
6. Domain – www.example2.com

How to Setup IP Based and Name Based Apache Virtual Hosts

Before setting up virtual hosting with Apache, your system must have Apache Web software installed. if not, install it using default package installer called yum.

[root@tecmint ~]# yum install httpd

Setup Name Based Virtual Host

But, before creating a virtual host, you need to create a directory where you will keep all your website’s files. So, create directories for these two virtual hosts under /var/www/html folder. Please remember /var/www/htmlwill be your default Document Root in the Apache virtual configuration.

[root@tecmint ~]# mkdir /var/www/html/example1.com/

[root@tecmint ~]# mkdir /var/www/html/example2.com/

To set up Name based virtual hosting you must need to tell Apache to which IP you will be using to receive the Apache requests for all the websites or domain names. We can do this with NameVirtualHost directive. Open Apache main configuration file with VI editor.

[root@tecmint ~]# vi /etc/httpd/conf/httpd.conf

Search for NameVirtualHost and uncomment this line by removing the # sign in front of it.

NameVirtualHost

Next add the IP with possible in which you want to receive Apache requests. After the changes, your file should look like this:

NameVirtualHost 192.168.0.100:80

Now, it’s time to setup Virtual host sections for your domains, move to the bottom of the file by pressing Shift + G. Here in this example, We are setting up virtual host sections for two domains

1. www.example1.com
2. www.example2.com

Add the following two virtual directives at the bottom of the file. Save and close the file.

    ServerAdmin webmaster@example1.com

    DocumentRoot /var/www/html/example1.com

    ServerName www.example1.com

ErrorLog logs/www.example1.com-error_log

CustomLog logs/www.example1.com-access_log common

    ServerAdmin webmaster@example2.com

    DocumentRoot /var/www/html/example2.com

    ServerName www.example2.com

ErrorLog logs/www.example2.com-error_log

CustomLog logs/www.example2.com-access_log common

You are free to add as many directives you want to add in your domains virtual host section. When you are done with changes in httpd.conffile, please check the syntax of files with following command.

[root@tecmint ~]# httpd -t

Syntax OK

It is recommended to check the syntax of the file after making some changes and before restarting the Web server because if any syntax goes wrong Apache will refuse to work with some errors and eventually affect your existing web server go down for a while. If syntax is OK. Please restart your Web server and add it to chkconfig to make your web server start in runlevel 3 and 5 at the boot time only.

[root@tecmint ~]# service httpd restart

Stopping httpd:                                            [  OK  ]

Starting httpd:                                            [  OK  ]

[root@tecmint ~]# chkconfig --level 35 httpd on

Now it’s time to create a test page called index.html add some content to the file so we will have something to check it, when the IP calls the virtual host.

[root@tecmint ~]# vi /var/www/html/example1.com/index.html 

    Hello, Welcome to www.example1.com.

[root@tecmint ~]# vi /var/www/html/example2.com/index.html

  Hello, Welcome to www.example2.com.

Once you’re done with it, you can test the setup by accessing both the domains in a browser.

http://www.example1.com

http://www.example2.com

Setup IP Based Virtual Hosting Linux

To setup IP based virtual hosting, you must have more than one IP address/Port assigned to your server or your Linux machine.
It can be on a single NIC card , For example: eth0:1, eth0:2, eth0:3 … so forth. Multiple NICcards can also be attached. If you don’t know how to create multiple IP’s on single NIC, follow the below guide, that will help you out in creating.

1. Create Multiple IP Addresses to One Single Network Interface

Purpose of implementing IP based virtual hosting is to assign implementing for each domain and that particular IP will not be used by any other domain.
This kind of set up required when a website is running with SSLcertificate (mod_ssl) or on different ports and IPs. And You can also run multiple instances of Apache on a single machine. To check the IPs attached in your server, please check it using ifconfig command.

root@tecmint ~]# ifconfig

Sample Output

eth0      Link encap:Ethernet  HWaddr 08:00:27:4C:EB:CE  

          inet addr:192.168.0.100  Bcast:192.168.0.255  Mask:255.255.255.0

          inet6 addr: fe80::a00:27ff:fe4c:ebce/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:17550 errors:0 dropped:0 overruns:0 frame:0

          TX packets:15120 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:16565983 (15.7 MiB)  TX bytes:2409604 (2.2 MiB)

eth0:1    Link encap:Ethernet  HWaddr 08:00:27:4C:EB:CE  

          inet addr:192.168.0.101  Bcast:192.168.0.255  Mask:255.255.255.0

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

lo        Link encap:Local Loopback  

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:1775 errors:0 dropped:0 overruns:0 frame:0

          TX packets:1775 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:3416104 (3.2 MiB)  TX bytes:3416104 (3.2 MiB)

As you can see in above output, two IPs 192.168.0.100 (eth0) and 192.168.0.101 (eth0:1) is attached to the server, both IPs are assigned to the same physical network device (eth0).
Now, assign a specific IP/Port to receive http requests, you can simply do it by changing Listendirective in httpd.conf file.

[root@tecmint ~]# vi /etc/httpd/conf/httpd.conf

Search for word “Listen”, You find a section where the short description about Listen directive is written. In that section, comment the original line and write your own directive below that line.

# Listen 80

Listen 192.168.0.100:80

Now,  create a Virtual host sections for both the domains. Go the bottom of the file and add the following virtual directives.

VirtualHost 192.168.0.100:80>

    ServerAdmin webmaster@example1.com

    DocumentRoot /var/www/html/example1

    ServerName www.example1.com

ErrorLog logs/www.example1.com-error_log

TransferLog logs/www.example1.com-access_log

    ServerAdmin webmaster@example2.com

    DocumentRoot /var/www/html/example2

    ServerName www.example2.com

ErrorLog logs/www.example2.com-error_log

TransferLog logs/www.example2.com-access_log

Now, since you have modified main Apache conf file, you need to restart the http service like below.

[root@tecmint ~]# service httpd restart

Stopping httpd:                                            [  OK  ]

Starting httpd:                                            [  OK  ]

Test your IP based Virtual hosting setup by accessing the URLson web browser as shown below.

http://www.example1.com

http://www.example2.com

That’s all with Apache virtual host today, If you’re looking to secure and harden your Apache configuration, then read our article that guides..

19. What do you understand by MPM in Apache?

Answer : MPM stands for Multi Processing Modules, actually Apache follows some mechanism to accept and complete web server requests.

20. What is the difference between Worker and Prefork MPM?

Answer : Both MPMs, Worker and prefork has their own mechanism to work with Apache. It totally depends on you that in which mode you want to start your Apache.

1. Basic difference between Worker and MPM is in their process of spawning the child process. In the Prefork MPM, a master httpd process is started and this master process starts manages all other child processes to serve client requests. Whereas, In the worker MPM one httpd process is active, and it uses different threads to serve client requests.
2. Prefork MPM uses multiple child processes with one thread each, where worker MPM uses multiple child processes with many threads each.
3. Connection handling in the Prefork MPM, each process handles one connection at a time, whereas in the Worker mpm each thread handles one connection at a time.
4. Memory footprints Prefork MPM Large memory footprints, where Worker has smaller memory footprints.

21. What’s the use of “LimitRequestBody” and how to put limit on your uploads?

Answer : LimitRequestBody directive is used to put a limit on the upload size.

For example: I want to put limits of 100000 Bytes in the folder /var/www/html/tecmin/uploads. So, you need to add following directive in Apache configuration file.

LimitRequestBody 100000

22. What is mod_perl and mod _php?

Answer :

1. mod_perl is an Apache module which is compiled with Apache for easy integration and to increase the performance of Perl scripts.
2. mod_php is used for easy integration of PHP scripts by the web server, it embeds the PHP interpreter inside the Apache process. Its forces Apache child process to use more memory and works with Apache only but still very popular.

23. What is Mod_evasive?

Answer : Its a third-party module which helps us to prevent your web server from the web attacks like DDOS because it performs only one task at a time and performs it very well.

For more information, read the article that guides you how to install and configure mod_evasive in Apache.

24. What is Loglevel debug in httpd.conf file?

Answer : With the help of Loglevel Debug option, we can get/log more information in the error logs which helps us to debug a problem.

25. What’s the use of mod_ssl and how SSL works with Apache?

Answer : Mod_ssl package is an Apache module, which allows Apache to establish its connection and transfer all the data in a secure encrypted environment. With the help of SSL certificates, all the Login details and other important secret details get transferred in an encrypted manner over the Internet, which prevents our data from Eavesdropping and IP spoofing.

What is location of log files for Apache server ?

/var/log/httpd

Q: - What are the types of virtual hosts ?

name-based and IP-based.
Name-based virtual host means that multiple names are running on each IP address.
IP-based virtual host means that a different IP address exists for each website served. Most configurations are named-based because it only requires one IP address.

Q: - How to restart Apache web server ?

service httpd restart

Q: - How to check the version of Apache server ?

rpm -qa |grep httpd

Q: - What is meaning of "Listen" in httpd.conf file ?

Port number on which to listen for nonsecure (http) transfers.

Q: - What is DocumentRoot ?

it is a location of files which are accessible by clients. By default, the Apache HTTP server in RedHat Enterprise Linux is configured to serve files from the /var/www/html/ directory.

Q: - On which port Apache server works ?

http - port 80
https - port 443

Q: - Tell me name of main configuration file of Apache server ?

httpd.conf

Q: - On which version of apache you have worked ?

httpd-2.2.3

Q: - What do you mean by a valid ServerName directive?

The DNS system is used to associate IP addresses with domain names. The value of ServerName is returned when the server generates a URL. If you are using a certain domain name, you must make sure that it is included in your DNS system and will be available to clients visiting your site.

Q: - What is the main difference between and sections?

Directory sections refer to file system objects; Location sections refer to elements in the address bar of the Web page

What is the difference between a restart and a graceful restart of a web server?

During a normal restart, the server is stopped and then started, causing some requests to be lost. A graceful restart allows Apache children to continue to serve their current requests until they can be replaced with children running the new configuration.

Q: - What is the use of mod_perl module?

mod_perl scripting module to allow better Perl script performance and easy integration with the Web server.

Q: - If you have added “loglevel Debug” in httpd.conf file, than what will happen?

 It will give you more information in the error log in order to debug a problem.

Q: - Can you record the MAC (hardware) address of clients that access your server.

No

Q: - Can you record all the cookies sent to your server by clients in Web Server logs?
Yes, add following lines in httpd.conf file.

CustomLog logs/cookies_in.log "%{UNIQUE_ID}e %{Cookie}i" CustomLog logs/cookies2_in.log "%{UNIQUE_ID}e %{Cookie2}i"

Q: - Can we do automatically roll over the Apache logs at specific times without having to shut down and restart the server?
Yes

Use CustomLog and the rotatelogs programs

Add following line in httpd.conf file. CustomLog "| /path/to/rotatelogs/path/to/logs/access_log.%Y-%m-%d 86400" combined

Q: - What we can do to find out how people are reaching your site?

Add the following effector to your activity log format. %{Referer}

Q: - If you have only one IP address, but you want to host two web sites on your server. What will you do?
In this case I will use Name Based Virtual hosting.

ServerName 10.111.203.25
NameVirtualHost *:80

ServerName web1.test.com
DocumentRoot /var/www/html/web1



ServerName web2.test2.com
DocumentRoot /var/www/html/web2

Q: - Can I serve content out of a directory other than the DocumentRootdirectory?
Yes, by using “Alias” we can do this.

Q: - If you have to more than one URL map to the same directory but you don't have multiple Alias directives. What you will do?
In this case I will use “AliasMatch” directives.
The AliasMatch directive allows you to use regular expressions to match arbitrary patterns in URLs and map anything matching the pattern to the desired URL.

Q: - How you will put a limit on uploads on your web server?
This can be achieved by LimitRequestBody directive.

LimitRequestBody 100000

Here I have put limit of 100000 Bytes

Q: - I want to stop people using my site by Proxy server. Is it possible?

Order Allow,Deny
Deny from all
Satisfy All

Q: - What is mod_evasive module?

mod_evasive is a third-party module that performs one simple task, and performs it very well. It detects when your site is receiving a Denial of Service (DoS) attack, and it prevents that attack from doing as much damage. mod_evasive detects when a single client is making multiple requests in a short period of time, and denies further requests from that client. The period for which the ban is in place can be very short, because it just gets renewed the next time a request is detected from that same host.

Q: - How t to enable PHP scripts on your server?
If you have mod_php installed, use AddHandler to map .php and .phtml files to the PHP handler. AddHandler application/x-httpd-php .phtml .php

Q: - Which tool you have used for Apache benchmarking?

ab (Apache bench)

ab -n 1000 -c 10 http://www.test.com/test.html

Q: - Can we cache files which are viewed frequently?

Yes we can do it by using mod_file_cache module.
CacheFile /www/htdocs/index.html

Q: - Can we have two apache servers having diff versions?

Yes, you can have two different apache servers on one server, but they can't listen to the same port at the same time.Normally apache listens to port 80 which is the default HTTP port. The second apache version should listen to another port with the Listen option in httpd.conf, for example to port 81.

For testing a new apache version before moving your sites from one version to another, this might be a good option.You just type www.example.com:81 in the browser window and you will be connected to the second apache instance.

Apache interview questions and answers

On a fresh install, why does Apache have three config files - srm.conf,

access.conf and httpd.conf? - The first two are remnants from the NCSA times, and

generally you should be ok if you delete the first two, and stick with httpd.conf.

What’s the command to stop Apache? - kill the specific process that httpd is running

under, or killall httpd. If you have apachectl installed, use apachectl stop.

What does apachectl graceful do? - It sends a SIGUSR1 for a restart, and starts the

apache server if it’s not running.

How do you check for the httpd.conf consistency and any errors in it? - apachectl

configtest

When I do ps -aux, why do I have one copy of httpd running as root and the rest

as nouser? - You need to be a root to attach yourself to any Unix port below 1024, and we

need 80.

But I thought that running apache as a root is a security risk? - That one root

process opens port 80, but never listens to it, so no user will actually enter the site with root

rights. If you kill the root process, you will see the other kids disappear as well.

Why do I get the message "… no listening sockets available, shutting down"? - In

Apache 2 you need to have a listen directive. Just put Listen 80 in httpd.conf.

How do you set up a virtual host in Apache?

ServerAdmin admin@techinterviews.com

DocumentRoot /home/apache/share/htdocs/hostedsites

ServerName www.techinterviews.com

ErrorLog /home/apache/logs/error/hostedsites/error_log

TransferLog /home/apache/logs/access/hostedsites/access_log

What is ServerType directive? - It defines whether Apache should spawn itself as a child

process (standalone) or keep everything in a single process (inetd). Keeping it inetd conserves

resources. This is deprecated, however.

What is mod_vhost_alias? - It allows hosting multiple sites on the same server via simpler

configurations.

What does htpasswd do? - It creates a new user in a specified group, and asks to specify a

password for that user.

If you specify both deny from all and allow from all, what will be the default

action of Apache? - In case of ambiguity deny always takes precedence over allow.

1.What are Daemons ??

Daemons are services that provide several functions that may not be available under the base

operating system.

Its main task is to listen for service request and at the same time to act on these requests.

After the service is done,

it is then disconnected and waits for further requests.

2.What are environmental variables?

Environmental variables are global settings that control the shell’s function as well as that of other Linux programs. Another common term for environmental variables is global shell variables

3.What are the different modes when using vi editor?

There are 3 modes under vi:

- Command mode – this is the mode where you start in

- Edit mode – this is the mode that allows you to do text editing

- Ex mode – this is the mode wherein you interact with vi with instructions to process a file

4.How can we change speed and make full duplex settings for eth0

Ans We can do this with below given 2 methods:

ethtool -s eth0 speed 100 duplex full

ethtool -s eth0 speed 10 duplex half

OR

mii-tool -F 100baseTx-HD

mii-tool -F 10baseT-HD

5.What are the process states in Unix?

As a process executes it changes state according to its circumstances. Unix processes have the

following states:

Running : The process is either running or it is ready to run .

Waiting : The process is waiting for an event or for a resource.

Stopped : The process has been stopped, usually by receiving a signal.

Zombie : The process is dead but have not been removed from the process table.

6.Explain /proc filesystem?

/proc is a virtual filesystem that provides detailed information about Linux kernel,

hardware’s and running processes. Files under /proc directory named as Virtual files.

Because /proc contains virtual files that’s why it is called virtual file system. These virtual files have unique qualities.

Most of them are listed as zero bytes in size. Virtual files such as /proc/interrupts,

/proc/meminfo, /proc/mounts, and /proc/partitions provide an up-to-the-moment glimpse of

the system's hardware. Others, like the /proc/filesystems file and the /proc/sys/ directory

provide system configuration information and interfaces.

7.What is the difference between hardware RAID and Software RAID?

The hardware-based RAID is independent from the host. A Hardware RAID device connects to

the SCSI controller and presents the RAID arrays as a single SCSI drive.

An external RAID system moves all RAID handling "intelligence" into a controller located in the external disk subsystem. The whole subsystem is connected to the host via a normal SCSI

controller and appears to the host as a single disk.

8.What is the difference between cron and anacron

Ans Cron :

1) Minimum granularity is minute (i.e Jobs can be scheduled to be executed

every minute)

2) Cron job can be scheduled by any normal user ( if not restricted by superuser )

3) Cron expects system to be running 24 x 7. If a job is scheduled, and

system is down during that time, job is not executed

4) Ideal for servers

5) Use cron when a job has to be executed at a particular hour and minute

Anacron :

1) Minimum granularity is only in days

2) Anacron can be used only by super user ( but there are workarounds to

make it usable by normal user )

3) Anacron doesn’t expect system to be running 24 x 7. If a job is scheduled,

and system is down during that time, it start the jobs when the system

comes back up.

4) Ideal for desktops and laptops

5) Use anacron when a job has to be executed irrespective of hour and

minute

9.What is CUPS?

CUPS stands for "Common UNIX Printing System". CUPS is a open source printing system

developed by Apple Inc. CUPS uses the Internet Printing Protocol (IPP) to allow local printing

and print sharing.The log files for the CUPS printing system are located in the /var/log/cups/ directory.

1) What's the command to stop Apache?

kill the specific process that httpd is running under, or killall httpd.

If you have apachectl installed, use apachectl stop.

2) How do you set up a virtual host in Apache?

ServerAdmin admin@phptechhelp.com

DocumentRoot /home/apache/share/htdocs/hostedsites

ServerName www.techinterviews.com

ErrorLog /home/apache/logs/error/hostedsites/error_log

TransferLog /home/apache/logs/access/hostedsites/access_log

3) What is mod_vhost_alias?

It allows hosting multiple sites on the same server via simpler

configurations.

4) What does htpasswd do?

It creates a new user in a specified group, and asks to specify a

password for that user.

5) If you specify both deny from all and allow from all, what

Apache Interview Questions - Nitesh Pawar https://sites.google.com/site/pawarnitesh/home/interview-questions/apach...

1 of 3 11/25/2014 12:32 PM

will be the default action of Apache?

In case of ambiguity deny always takes precedence over allow.

6) How do you change the default web root?

The solution is to change the DocumentRoot in httpd.conf file.

7) Site is accessible under many different hostnames; how to

redirect clients so that they see only a single name?

Many sites map a variety of hostnames to the same content. For example, www.example.com, example.com and www.example.net may all refer to the same site. It is best to

make sure that, regardless of the name clients use to access the site, they will be redirected to a single, canonical hostname. This makes the site easier to maintain and assures that

there will be only one version of the site in proxy caches and search engines.

There are two techniques to implement canonical hostnames:

1. Use mod_rewrite as described in the "Canonical Hostnames"

section of the URL Rewriting Guide.

2. Use name-based virtual hosting:

NameVirtualHost *

ServerName www.example.net

ServerAlias example.com

Redirect permanent / http://www.example.com/

ServerName www.example.com

DocumentRoot /usr/local/apache/htdocs

8) How do I turn automatic directory listings on or off?

If a client requests a URL that designates a directory and the directory does not contain a filename that matches the DirectoryIndex directive, then mod_autoindex can be configured to

present a listing of the directory contents. To turn on automatic directory indexing, find the Options directive that applies to the directory and add the Indexes

keyword. For example:

Options +Indexes

To turn off automatic directory indexing, remove the Indexes

keyword from the appropriate Options line. To turn off

directory listing for a particular subdirectory, you can use Options

-Indexes. For example:

Options –Indexes

How SSL works with Apache

Whenever an https requests comes, these three steps Apache follows:

1. Apache generates its private key and converts that private key to .CSR file (Certificate signing request).
2. Then Apache sends the .csr file to the CA (Certificate Authority).
3. CA will take the .csr file and convert it to .crt (certificate) and will send that .crt file back to Apache to secure and complete the https connection request.

Apache Web Server Security and Hardening Tips

We all are very familiar with Apache web server, it is a very popular web server to host your web files or your website on the web. Here are some links which can help you to configure Apache web server on your Linux box.

Apache Security and Hardening Tips

1. Install Apache Web Server
2. Setup Your Website in Your Linux Box

Here in this tutorial, I’ll cover some main tips to secure your web server. Before you apply these changes in your web server, you should have some basics of the Apache server.

1. Document root Directory: /var/www/html or /var/www
2. Main Configuration file: /etc/httpd/conf/httpd.conf (RHEL/CentOS/Fedora) and /etc/apache/apache2.conf (Debian/Ubuntu).
3. Default HTTP Port: 80 TCP
4. Default HTTPS Port: 443 TCP
5. Test your Configuration file settings and syntax: httpd -t
6. Access Log files of Web Server: /var/log/httpd/access_log
7. Error Log files of Web Server: /var/log/httpd/error_log

1. How to hide Apache Version and OS Identity from Errors

When you install Apache with source or any other package installers like yum, it displays the version of your Apache web server installed on your server with the Operating system name of your server in Errors. It also shows the information about Apache modules installed in your server.

Show Apache Version

In above picture, you can see that Apache is showing its versionwith the OS installed in your server. This can be a major security threat to your web server as well as your Linux box too. To prevent Apacheto not to display these information to the world, we need to make some changes in Apache main configuration file.
Open configuration file with vim editor and search for “ServerSignature“, its by default On. We need to Off these server signature and the second line “ServerTokens Prod” tells Apache to return only Apache as product in the server response header on the every page request, It suppress the OS, major and minor version info.

# vim /etc/httpd/conf/httpd.conf (RHEL/CentOS/Fedora)

# vim /etc/apache/apache2.conf (Debian/Ubuntu)

ServerSignature Off

ServerTokens Prod

# service httpd restart (RHEL/CentOS/Fedora)

# service apache2 restart (Debian/Ubuntu)

2. Disable Directory Listing

By default Apache list all the content of Document root directory in the 

absence of index  

Apache Directory Listing

We can turn off directory listing by using Options directive in configuration file for a specific directory. For that we need to make an entry in httpd.confor apache2.conf file.

    Options -Indexes

Hide Apache Directory Listing

3. Keep updating Apache Regularly

Apache developer community is continuously working on security issues and releasing its updated version with new security options. So It is always recommended to use the latest version of Apacheas your web server.
To check Apache version: You can check your current version with httpd -v command.

# httpd -v

Server version: Apache/2.2.15 (Unix)

Server built:   Aug 13 2013 17:29:28

You can update your version with the following command.

# yum update httpd

# apt-get install apache2

It is also recommended to keep your Kerneland OS updated to the latest stable releases if you are not running any specific application which works only on specific OS or Kernel.

4. Disable Unnecessary Modules

It’s always good to minor the chances of being a victim of any web attack. So it’s recommended to disable all those modules that are not in use currently. You can list all the compiled modules of web server, using following command.

# grep LoadModule /etc/httpd/conf/httpd.conf

# have to place corresponding `LoadModule' lines at this location so the

# LoadModule foo_module modules/mod_foo.so

LoadModule auth_basic_module modules/mod_auth_basic.so

LoadModule auth_digest_module modules/mod_auth_digest.so

LoadModule authn_file_module modules/mod_authn_file.so

LoadModule authn_alias_module modules/mod_authn_alias.so

LoadModule authn_anon_module modules/mod_authn_anon.so

LoadModule authn_dbm_module modules/mod_authn_dbm.so

LoadModule authn_default_module modules/mod_authn_default.so

LoadModule authz_host_module modules/mod_authz_host.so

LoadModule authz_user_module modules/mod_authz_user.so

LoadModule authz_owner_module modules/mod_authz_owner.so

LoadModule authz_groupfile_module modules/mod_authz_groupfile.so

LoadModule authz_dbm_module modules/mod_authz_dbm.so

LoadModule authz_default_module modules/mod_authz_default.so

LoadModule ldap_module modules/mod_ldap.so

LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

LoadModule include_module modules/mod_include.so

LoadModule log_config_module modules/mod_log_config.so

LoadModule logio_module modules/mod_logio.so

LoadModule env_module modules/mod_env.so

LoadModule ext_filter_module modules/mod_ext_filter.so

....

Above is the list of modules that are enabled by default but often not needed: mod_imap, mod_include, mod_info, mod_userdir, mod_autoindex. To disable the particular module, you can insert a “#” at the beginning of that line and restart the service.

5. Run Apache as separate User and Group

With a default installation Apacheruns its process with user nobody or daemon. For security reasons it is recommended to run Apache in its own non-privileged account. For example: http-web.

Create Apache User and Group

# groupadd http-web

# useradd -d /var/www/ -g http-web -s /bin/nologin http-web

Now you need to tell Apacheto run with this new user and to do so, we need to make an entry in /etc/httpd/conf/httpd.confand restart the service.
Open /etc/httpd/conf/httpd.confwith vim editor and search for keyword “User” and “Group” and there you will need to specify the username and groupnameto use.

User http-web

Group http-web

6. Use Allow and Deny to Restrict access to Directories

We can restrict access to directories with “Allow” and “Deny” options in httpd.conf file. Here in this example, we’ll be securing root directory, for that by setting the following in the httpd.conf file.

   Options None

   Order deny,allow

   Deny from all

1. Options “None” – This option will not allow users to enable any optional features.
2. Order deny, allow – This is the order in which the “Deny” and “Allow” directives will be processed. Here it will “deny” first and “allow” next.
3. Deny from all – This will deny request from everybody to the root directory, nobody will be able to access root directory.

7. Use mod_security and mod_evasive Modules to Secure Apache

These two modules “mod_security” and “mod_evasive” are very popular modules of Apache in terms of security.

Mod_security

Where mod_security works as a firewall for our web applications and allows us to monitor traffic on a real time basis. It also helps us to protect our websites or web server from brute force attacks. You can simply install mod_security on your server with the help of your default package installers.

Install mod_security on Ubuntu/Debian

$ sudo apt-get install libapache2-modsecurity

$ sudo a2enmod mod-security

$ sudo /etc/init.d/apache2 force-reload

Install mod_security on RHEL/CentOS/Fedora/

# yum install mod_security

# /etc/init.d/httpd restart

Mod_evasive

mod_evasive works very efficiently, it takes one request to process and processes it very well. It prevents DDOS attacksfrom doing as much damage. This feature of mod_evasive enables it to handle the HTTP brute force and Dos or DDosattack. This module detects attacks with three methods.

1. If so many requests come to a same page in a few times per second.
2. If any child process trying to make more than 50 concurrent requests.
3. If any IP still trying to make new requests when its temporarily blacklisted.

mod_evasive can be installed directly from the source. Here, we have an Installation and setup guide of these modules which will help you to set up these Apache modules in your Linux box.

1. Protect Apache using Mod_Security and Mod_evasive

8. Disable Apache’s following of Symbolic Links

By default Apache follows symlinks, we can turn off this feature with FollowSymLinkswith Options directive. And to do so we need to make the following entry in main configuration file.

Options -FollowSymLinks

And, if any particular useror website need FollowSymLinks enable, we can simply write a rule in “.htaccess” file from that website.

# Enable symbolic links

Options +FollowSymLinks

Note: To enable rewrite rules inside “.htaccess” file “AllowOverride All” should be present in the main configuration globally.

9. Turn off Server Side Includes and CGI Execution

We can turn off server side includes (mod_include) and CGI execution if not needed and to do so we need to modify main configuration file.

Options -Includes

Options -ExecCGI

We can do this for a particular directory too with Directory tag. Here In this example, we are turning offIncludes and Cgi file executions for “/var/www/html/web1” directory.

Options -Includes -ExecCGI

Here are some other values with can be turned On or off with Options directive.

1. Options All – To enable All options at once. This is the default value, If you don’t want specify any values explicitly in Apache conf file or .htaccess.
2. Options IncludesNOEXEC – This option allows server side includes without the execute permission to a command or cgi files.
3. Options MultiViews – Allows content negotiated multiviews with mod_negotiation module.
4. Options SymLinksIfOwnerMatch – It’s similar to FollowSymLinks. But, this will follow only when the owner is the same between the link and the original directory to which it is linked.

10. Limit Request Size

By default Apache has no limit on the total size of the HTTP request i.e. unlimited and when you allow large requests on a web server its possible that you could be a victim of Denial of service attacks. We can Limit the requests size of an Apache directive “LimitRequestBody” with the directory tag.
You can set the value in bytes from 0(unlimited) to 2147483647 (2GB) that are allowed in a request body. You can set this limit according to your site needs, Suppose you have a site where you allows uploads and you want to limit the upload size for a particular directory.
Here in this example, user_uploadsis a directory which contains files uploaded by users. We are putting a limit of 500K for this.

   LimitRequestBody 512000

11. Protect DDOS attacks and Hardening

Well, it’s true that you cannot completely protect your web site from DDos attacks. Here are some directives which can help you to have a control on it.

1. TimeOut : This directive allows you to set the amount of time the server will wait for certain events to complete before it fails. Its default value is 300 secs. It’s good to keep this value low on those sites which are subject to DDOS attacks. This value totally depends on kind of request you are getting on your website. Note: It could pose problems with come CGI scripts.
2. MaxClients : This directive allows you to set the limit on connections that will be served simultaneously. Every new connection will be queued up after this limit. It is available with Prefork and Worker both MPM. The default value of it is 256.
3. KeepAliveTimeout : Its the amount of time the server will wait for a subsequent request before closing the connection. Default value is 5 secs.
4. LimitRequestFields : It helps us to set a limit on the number of HTTP request’s header fields that will be accepted from the clients. Its default value is 100. It is recommended to lower this value if DDos attacks are occurring as a result of so many http request headers.
5. LimitRequestFieldSize : It helps us to set a size limit on the HTTP Request header.

12. Enable Apache Logging

Apache allows you to logging independently of your OS logging. It is wise to enable Apache logging, because it provides more information, such as the commands entered by users that have interacted with your Web server.
To do so you need to include the mod_log_configmodule. There are three main logging-related directives available with Apache.

1. TransferLog: Creating a log file.
2. LogFormat : Specifying a custom format.
3. CustomLog : Creating and formatting a log file.

You can also use them for a particular website it you are doing Virtual hosting and for that you need to specify it in the virtual host section. For example, here is the my website virtual host configuration with logging enabled.

DocumentRoot /var/www/html/example.com/

ServerName www.example.com

DirectoryIndex index.htm index.html index.php

ServerAlias example.com

ErrorDocument 404 /story.php

ErrorLog /var/log/httpd/example.com_error_log

CustomLog /var/log/httpd/example.com_access_log combined

13. Securing Apache with SSL Certificates

Last, but not the least SSL certificates, you can secure your all the communication in an encrypted manner over the Internet with SSL certificate. Suppose you have a website in which people login by proving their Login credentials or you have an E- Commerce website where people provides their bank detailsor Debit/Credit card details to purchase products, by default your web server send these details in plain – text format but when you use SSL certificates to your websites, Apachesends all this information in encrypted text.
You can purchase SSl certificatesfrom So many different SSL providers like namecheap.com. If you are running a very small web business and do not willing to purchase an SSL certificate you can still assign a Self signed certificateto your website. Apache uses the mod_sslmodule to support SSL certificate.

# openssl genrsa -des3 -out example.com.key 1024

# openssl req -new -key example.com.key -out exmaple.csr

# openssl x509 -req -days 365 -in example.com.com.csr -signkey example.com.com.key -out example.com.com.crt

Once your certificate has been created and signed. Now you need to add this in Apache configuration. Open main configuration file with vim editor and add the following lines and restart the service.

        SSLEngine on

        SSLCertificateFile /etc/pki/tls/certs/example.com.crt

        SSLCertificateKeyFile /etc/pki/tls/certs/example.com.key

        SSLCertificateChainFile /etc/pki/tls/certs/sf_bundle.crt

        ServerAdmin ravi.saive@example.com

        ServerName example.com

        DocumentRoot /var/www/html/example/

        ErrorLog /var/log/httpd/example.com-error_log

        CustomLog /var/log/httpd/example.com-access_log common

Open up your browser, type https://example.com, and you will be able to see the new self-signed certificate.

 

 

Network Related Commands

# dhclient eth0   
active interface 'eth0' in dhcp mode

# ethtool eth0   
show network statistics of eth0

# host www.example.com   
lookup hostname to resolve name to ip address and viceversa

# hostname   
show hostname of system

# ifconfig eth0   
show configuration of an ethernet network card

# ifconfig eth0 192.168.1.1 netmask 255.255.255.0   
configure IP Address

# ifconfig eth0 promisc   
configure 'eth0' in promiscuous mode to gather packets (sniffing)

# ifdown eth0   
disable an interface 'eth0'

# ifup eth0   
activate an interface 'eth0'

# ip link show   
show link status of all network interfaces

# iwconfig eth1   
show wireless networks

# iwlist scan   
wifi scanning to display the wireless connections available

# mii-tool eth0   
show link status of 'eth0'

# netstat -tup   
show all active network connections and their PID

# netstat -tupl   
show all network services listening on the system and their PID

# netstat -rn   
show routing table alike "route -n"

# nslookup www.example.com   
lookup hostname to resolve name to ip address and viceversa

# route -n   
show routing table

# route add -net 0/0 gw IP_Gateway   
configure default gateway

# route add -net 192.168.0.0 netmask 255.255.0.0 gw 192.168.1.1   
configure static route to reach network '192.168.0.0/16'

# route del 0/0 gw IP_gateway   
remove static route

# echo "1" > /proc/sys/net/ipv4/ip_forward   
activate ip routing

# tcpdump tcp port 80   
show all HTTP traffic

# whois www.example.com   
lookup on Whois database

How to Work with the Network from the Linux Terminal: 11 Commands You Need to Know

 

Whether you want to download files, diagnose network problems, manage your network interfaces, or view network statistics, there’s a terminal command for that. This collection contains the tried and true tools and a few newer commands.
You can do most of this from a graphical desktop, although even Linux users that rarely use the terminal often launch one to use ping and other network diagnostic tools.

curl & wget

Use the curl or wget commands to download a file from the Internet without leaving the terminal. If you’re using curl, type curl -O followed by the path to the file. wget users can use wget without any options.. The file will appear in the current directory.
curl -O website.com/file
wget website.com/file

ping

ping sends ECHO_REQUEST packets to the address you specify. It’s a great way to see whether your computer can communicate with the Internet or a specific IP address. Bear in mind that many systems are configured not to respond to pings, however.
Unlike the ping command on Windows, the Linux ping command will keep sending packets until you terminate it. You can specify a finite amount of packets with the -c switch.
ping -c 4 google.com

tracepath & traceroute

 

The tracepath command is similar to traceroute, but it doesn’t require root privileges. It’s also installed by default on Ubuntu, while traceroute isn’t. tracepath traces the network path to a destination you specify and reports each “hop” along the path. If you’re having network problems or slowness, tracepath can show you where the network is failing or where the slowness is occurring.
tracepath example.com

mtr

The mtr command combines ping and tracepath into a single command. mtr will continue to send packets, showing you the ping time to each “hop.” This will also show you any problems — in this case, we can see that hop 6 is losing over 20% of the packets.
mtr howtogeek.com

Press q or Ctrl-C to quit when you’re done.

host

The host command performs DNS lookups. Give it a domain name and you’ll see the associated IP address. Give it an IP address and you’ll see the associated domain name.
host howtogeek.com
host 208.43.115.82

whois

The whois command will show you a website’s whois records, so you can view more information about who registered and owns a specific website.
whois example.com

ifplugstatus

The ifplugstatus command will tell you whether a cable is plugged into a network interface or not. It isn’t installed by default on Ubuntu. Use the following command to install it:
sudo apt-get install ifplugd
Run the command to see the status of all interfaces or specify a specific interface to view its status.
ifplugstatus
ifplugstatus eth0

“Link beat detected” means the cable is plugged in. You’ll see “unplugged” if it isn’t.

ifconfig

The ifconfig command has a variety of options to configure, tune, and debug your system’s network interfaces. It’s also a quick way to view IP addresses and other network interface information. Type ifconfigto view the status of all currently active network interfaces, including their names. You can also specify an interface’s name to view only information about that interface.
ifconfig
ifconfig eth0

ifdown & ifup

The ifdown and ifup commands are the same thing as running ifconfig up or ifconfig down. Given an interface’s name, they take the interface down or bring it up. This requires root permissions, so you have to use sudo on Ubuntu.
sudo ifdown eth0
sudo ifup eth0

Try this on a Linux desktop system and you’ll probably get an error message. Linux desktops usually use NetworkManager, which manages network interfaces for you. These commands will still work on servers without NetworkManager, though.
If you really need to configure NetworkManager from the command line, use the nmcli command.

dhclient

The dhclient command can release your computer’s IP address and get a new one from your DHCP server. This requires root permissions, so use sudo on Ubuntu. Run dhclient with no options to get a new IP address or use the -r switch to release your current IP address.
sudo dhclient -r
sudo dhclient

netstat

The netstat command can show a lot of different interface statistics, including open sockets and routing tables. Run the netstat command with no options and you’ll see a list of open sockets.

There’s a lot more you can do with this command. For example, use the netstat -p command to view the programs associated with open sockets.

View detailed statistics for all ports with netstat -s.

DISPLAY DETAILS OF NETWORK INTERFACES

Display info on all network interfaces on server, active or inactive:

$ ifconfig -a

To see details of eth0interface:

$ ifconfig eth0

If eth0 exists would take it down, disabling it to send or receive any information:

$ ifconfig eth0 down

If eth0 exists and is in the down state, this would return it back to the up state allowing to to send and receive information:

$ ifconfig eth0 up

Assign eth0 with the above values for IP, netmask and broadcast address:

$ ifconfig eth0 192.168.1.102 \
  netmask 255.255.255.0 \
  broadcast 192.168.1.255

Another command to get details of Network Interfaces is:

$ sudo lshw

To get information on the configured routes:

$ route $ route -n

To get information on routing tables, all open ports, all listening ports, etc.:

$ netstat

$ netstat -nr
(same as route, -n returns IP address instead of hostname, -r prints the routing table);
$ netstat -a
(lists all open ports);
$ netstat -l
(lists all listening ports);

TO CONFIGURE THE NETWORK INTERFACE

Persistent configuration

The file '/etc/network/interfaces' (for Ubuntu and Debian distributions only) lists all the network interfaces and its configuration.

Sample /etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interface(5).
 
# The loopback interfaces
auto lo
iface lo inet loopback
 
# The primary network interfaces
# eth0 configured for dhcp
auto eth0
iface eth0 inet dhcp

# eth1 manually configured
auto eth1
#to automatically configure it during boot-up
iface eth1 inet static
  address 192.168.10.20
  netmask 255.255.255.0
  gateway 192.168.10.1
 
# See 'man interfaces' for more options

Now run the command:

$ sudo /etc/init.d/networking restart

to restart the network with new settings.

In case of problems

Try 'dhclient' command to get IP from a DHCP server. (ifconfig may work subsequently!).
Initially no n/w adpaters may be set. Only the loopback would be available.
In case of problems, check the file '/etc/udev/rules.d/70-persistent-net.rules' and ensure that the hardware-names (MAC address) of the ethx adapters are correct. The interface will not come up if there is any mismatch with the actual MAC address.  This can happen especially when we move/ export Virtual Machines from one to another (VMWare, VirtualBox). In such cases get the actual MAC address of the interface and enter it in the file at the ATTR{address}==""part.
Also check the file '/etc/network/interfaces' (for Ubuntu and Debian distributions only, as explained above) where all the network interfaces and its configuration are listed.
To create a network interface without IP address

iface eth0 inet manual
pre-up config $IFACE up
post-down ifconfig #IFACE down

To set DNS Server for lookup
To set up a persistent DNS lookup, add the IP address of DNS server to the file /etc/resolv.conf
This is similar to distributions other than Ubuntu.

Networking is an essential part Unix and it offer lots of tools and

command to diagnose any networking problem. When I was

working on FIX Protocol we get lot of support queries to see

whether FIX Sessions are connected or not. Since FIX Protocol

uses sockets you can use net stat , telnet and other networking

command available in Linux for finding problem and solve that.In

this article I will show you basic networking commands in Unix

and for what purpose they are used. with the combination of grep

and find command on them you can troubleshoot most of

networking problem.

Networking Commands Example in Unix

and Linux

These are most useful commands in my list while working on Linux server , this enables you to quickly

troubleshoot connection issues e.g. whether other system is connected or not , whether other host is

responding or not and while working for FIX connectivity for advanced trading system this tools saves

quite a lot of time .

This article is in continuation of my article How to work fast in Unix and Unix Command tutorials and Examples for

beginners.

• finding host/domain name and IP address - hostname

• test network connection – ping

• getting network configuration – ifconfig

• Network connections, routing tables, interface statistics – netstat

• query DNS lookup name – nslookup

• communicate with other hostname – telnet

• outing steps that packets take to get to network host – traceroute

• view user information – finger

• checking status of destination host - telnet

Example of Networking commands in Unix

let's see some example of various networking command in Unix and Linux. Some of them are quite basic e.g. ping

and telnet and some are more powerful e.g. nslookup and netstat. When you used these commands in combination

of find and grep you can get anything you are looking for e.g. hostname, connection end points, connection status

etc.

hostname

hostname with no options displays the machines host name

hostname –d displays the domain name the machine belongs to

hostname –f displays the fully qualified host and domain name

hostname –i displays the IP address for the current machine

ping

It sends packets of information to the user-defined source. If the packets are received, the destination device sends

packets back. Ping can be used for two purposes

1. To ensure that a network connection can be established.

2. Timing information as to the speed of the connection.

If you do ping www.yahoo.com it will display its IP address. Use ctrl+C to stop the test.

ifconfig

View network configuration, it displays the current network adapter configuration. It is handy to determine if you are

getting transmit (TX) or receive (RX) errors.

Best of Javarevisited

How Android works, Introduction for Java

Programmers

Difference between Java and Scala Programming

Top 5 Java Programming Books for Developers

Top 10 JDBC Best Practices for Java programmers

Tips and Best practices to avoid

NullPointerException in Java

10 Object Oriented Design Principles Java

Programmer Should Know

10 HotSpot JVM Options, Every Java Programmer

Should Know

Followers

Follow Us

Javarevisited

Blog about Java programming language, FIX Protocol, Tibco Rendezvous and related Java technology stack.

Top 10 basic networking commands in linux/unix http://javarevisited.blogspot.in/2010/10/basic-networking-commands-in-l...

1 of 3 11/25/2014 1:25 PM

netstat

Most useful and very versatile for finding connection to and from the host. You can find out all the multicast groups

(network) subscribed by this host by issuing "netstat -g"

netstat -nap | grep port will display process id of application which is using that port

netstat -a or netstat –all will display all connections including TCP and UDP

netstat --tcp or netstat –t will display only TCP connection

netstat --udp or netstat –u will display only UDP connection

netstat -g will display all multicast network subscribed by this host.

nslookup

If you know the IP address it will display hostname. To find all the IP addresses for a given domain name, the

command nslookup is used. You must have a connection to the internet for this utility to be useful.

E.g. nslookup blogger.com

You can also use nslookup to convert hostname to IP Address and from IP Address

from hostname.

traceroute

A handy utility to view the number of hops and response time to get to a remote system or web site is traceroute.

Again you need an internet connection to make use of this tool.

finger

View user information, displays a user’s login name, real name, terminal name and write status. this is pretty old unix

command and rarely used now days.

telnet

Connects destination host via telnet protocol, if telnet connection establish on any port means connectivity between

two hosts is working fine.

telnet hostname port will telnet hostname with the port specified. Normally it is used to see whether host is alive

and network connection is fine or not.

The network commands chapter explains various tools which can be useful when networking with other computers both within the network and accross the internet, obtaining more information about other computers. This chapter also includes information on tools for network configuration, file transfer and working with remote machines.

netstat

Displays contents of /proc/net files. It works with the Linux Network Subsystem, it will tell you what the status of ports are ie. open, closed,waiting, masquerade connections. It will also display various other things. It has many different options.

tcpdump

This is a sniffer, a program that captures packets off a network interface and interprets them for you. It understands all basic internet protocols,and can be used to save entire packets for later inspection.

ping

The ping command (named after the sound of an active sonar system) sends echo requests to the host you specify on the command line, and lists the responses received their round trip time.

You simply use ping as:

ping ip_or_host_name

Note to stop ping (otherwise it goes forever) use CTRL-C (break).

Please note: Using ping/smbmount/ssh or other UNIX system programs with a computer name rather than IP address will only work if you have the computer listed in your /etc/hosts file. Here is an example:

192.168.1.100 new 

This line says that their is a computer called “new” with IP address 192.168.1.100. Now that it exists in the /etc/hosts file I don't have to type the IP address anymore, just the name “new”.

hostname

Tells the user the host name of the computer they are logged into. Note: may be called host.

traceroute

traceroutewill show the route of a packet. It attempts to list the series of hosts through which your packets travel on their way to a given destination. Also have a look at xtraceroute (one of several graphical equivalents of this program).

Command syntax:

traceroute machine_name_or_ip

tracepath

tracepathperforms a very simlar function to traceroute the main difference is that tracepath doesn't take complicated options.

Command syntax:

tracepath machine_name_or_ip

findsmb

findsmbis used to list info about machines that respond to SMB name queries (for example windows based machines sharing their hard disk's).

Command syntax:

findsmb

This would find all machines possible, you may need to specify a particularsubnet to query those machines only...

nmap

“ network exploration tool and security scanner”. nmap is a very advanced network tool used to query machines (local or remote) as to whether they are up and what ports are open on these machines.

A simple usage example:

nmap machine_name

This would query your own machine as to what ports it keeps open. nmap is a very powerful tool, documentation is available on the nmap site as well as the information in the manual page.

Network Configuration

ifconfig

This command is used to configure network interfaces, or to display their current configuration.In addition to activating and deactivating interfaces with the “up” and “down” settings, this command is necessary for setting an interface's address information if you don't have the ifcfg script.

Use ifconfig as either:

ifconfig

This will simply list all information on all network devices currently up.

ifconfig eth0 down

This will take eth0 (assuming the device exists) down, it won't be able to receive or send anything until you put the device back “up” again.

Clearly there are a lot more options for this tool, you will need to read the manual/info page to learn more about them.

ifup

Use ifup device-name to bring an interface up by following a script (which will contain your default networking settings). Simply type ifup and you will get help on using the script.

For example typing:

ifup eth0

Will bring eth0 up if it is currently down.

ifdown

Useifdown device-name to bring an interface down using a script (which will contain your default network settings). Simply type ifdown and you will get help on using the script.

For example typing:

ifdown eth0

Will bring eth0 down if it is currently up.

ifcfg

Use ifcfgto configure a particular interface.Simply type ifcfg to get help on using this script.

For example, to change eth0 from 192.168.0.1 to 192.168.0.2 you could do:

ifcfg eth0 del 192.168.0.1

ifcfg eth0 add 192.168.0.2

The first command takes eth0 down and removes that stored IP address and the second one brings it back up with the new address.

route

The routecommand is the tool used to display or modify the routing table. To add a gateway as the default you would type:

route add default gw some_computer