How to Enable mod_perl

1) #yum -y install mod_perl
 Installation of Perl Module

2) #vim /etc/httpd/conf.d/perl.conf
   perl configuration file
  Go to line 17: uncomment

     PerlSwitches -w

  Go to line 26: uncomment

     PerlSwitches -T

  Go to line 32-38: uncomment like follows

      Alias /perl /var/www/perl

     <Directory /var/www/perl> # directory for mod_perl environment

     SetHandler perl-script # looks all files as perl-scripts under this directory

#   AddHandler perl-script .cgi # if set specific files, use this line and make the line above comment

#   PerlResponseHandler ModPerl::Registry

     PerlResponseHandler ModPerl::PerlRun # set PerlRun mode

     PerlOptions +ParseHeaders

    Options +ExecCGI

    </Directory>

 Go to line 45-51: uncomment ( this is for the status of mod_perl )

    <Location /perl-status>

    SetHandler perl-script

    PerlResponseHandler Apache2::Status

    Order deny,allow

    Deny from all

    Allow from 192.168.1.2 # IP address you permit

   </Location>

3) #service httpd restart
Restarting httpd services

4) Testing
 Open web browser
Http://hostname.com/perl-status

Apache Server with PHP support

1) Install PHP 

#yum -y install php php-mbstring php-pear

2) create one index.php page and copy to document root 

  /var/www/html/index.php

3) restart httpd services

#service httpd restart

4) https://yourdomin.com

How to Create Self-Signed SSL Certificates with OpenSSL

How to Create Self-Signed SSL Certificates with OpenSSL

Introduction

This is a brief and superficial tutorial on creating self-signed SSL certificates using OpenSSL. So what is a SSL certificate and why would you want one? Without getting overly complex, SSL certificates verify your identity to an end user and make it possible to encrypt the communication between two hosts. In short, SSL works like this. The browser would check the web server's certificate to see if it's valid or not. If the certificate is valid and not someone trying to impersonate the intended destination web server, the browser and web server negotiate on an encryption algorithm they both can understand. Once a negotiation has been reached they use unique keys or codes (public key and private key) to be used for encrypting and decrypting the data on both sides. Finally the browser and web server communicate securely so no one can eavesdrop on their conversation.
Secure Sockets Layer (SSL) is used in e-commerce and other applications where the information being transmitted must be secure and not visible to anyone watching the network traffic. A practical e-commerce example would be making a purchase form an online store. When you enter your credit card information and click a submit button, your information is sent from your web browser to the store's server. It's encrypted using SSL so no one else can read it as it travels across the internet. An application example could be acquiring UPS shipping rates in real-time. When you have an account with UPS you must establish a userid, password, and are then assigned a license key. You would transmit these credentials programmatically to their server to request pricing for maybe sending a package to New York from your location. You wouldn't want your credentials being sent in plain text because it'd be possible for someone to steal your account information, so to combat this UPS offers their XML service through a SSL enabled URL.
Now that you have a general understanding of SSL we come to the certificate signing part. SSL certificates must be signed by a trusted authority or more commonly known as Certificate Authorities (CA). CA's confirm your identity by adding their signature to your SSL certificate. On the web browser side, browsers like FireFox and Internet Explorer have a list of CA fingerprints to match against the SSL certificates they come across. For example, when you go to a SSL enabled URL, that certificate would be signed by a company like Verisign, Thawte, Comodo, or some other CA. Your web browser would check the certificate's CA fingerprint to make sure it hasn't been forged and is a valid and trusted certificate. If all goes well your browser would accept the certificate and give no complaints, however, if it doesn't have the fingerprint on file it would complain and typically throw up a window saying the certificate is bad or shouldn't be trusted. CA's usually ask for proof of your company like a copy of your DBA (Doing Business As) before they'll sign your certificate. Also, be prepared to hand over some cash because CA's won't sign your certificate for free.
So where does that leave us individuals and non-commercial entities that want to use SSL to encrypt our data? The answer is using self-signed certificates. Self-signed certs are the same as signed versions except for the fact that a CA doesn't stamp it with their approval, instead you stamp it with yours. Self-signed certs offer the same amount of protection but at the cost of dealing with the annoying popup alert the browser displays and someone being able to forge your identity, however they are completely free and easy to make using OpenSSL. If you want to create your own private use SSL certificate then keep reading this tutorial and you'll learn how to. Make sure you're logged in as root and are in your home directory. Also, be sure to create a directory called ssl and move into it (we'll create our SSL files here temporarily).

Generate Your Private Key

The first step in creating a self-signed SSL certificate is to generate your private key. Its purpose is to encrypt data to be decrypted by the public key and vice versa, so basically one cannot work without the other since they are both mathematically linked. The private key is stored on the web server and should never be shared with anyone (protect it at all costs!). Your private key can be either RSA or DSA based with a minimum of 1024 bits using a cipher such as TripleDES. For our private key we'll use RSA, 1024 bits, and TripleDES (I've gone as far as to use 4096 bits - more secure but slower to encrypt/decrypt). Our private key password should contain a minimum of 12 characters and they should be alpha-numeric with some special characters like spaces, dollar signs, asterisks, etc. The point is to choose a very hard password to crack and not be dictionary based. When you figure out what password you're going to use for your private key then you should write it down and keep it in a safe place. Don't lose this password because when it comes time to renew your certificate you'll have to trash it and start over from scratch.


#yum install mod_ssl


#openssl genrsa -des3 -out server.key 1024


[enter a password]
[confirm your password]


Our private key has been created and saved as server.key. We can now move on to creating the certificate signing request (public key).

Certificate Signing Request (CSR)

The certificate signing request (CSR) is an unsigned copy of the SSL certificate. The CSR contains the public key and X.509 certificate attributes including your country, state, organization name, server's common name or FQDN (fully qualified domain name), and other information. Before you can get a digital certificate from a CA you'll need to generate a CSR on the server you'll be using the SSL certificate on. The most important attribute you should pay close attention to is the common name. You must use the FQDN of the server you'll be protecting by SSL. For example, if you want to use https://secure.yourdomain.com then the common name would besecure.yourdomain.com. You'll need to configure DNS and your web server to respond to requests for this address. Another thing to know is that when you enter your organizational name, you should use the word 'and' instead of an ampersand '&' character if you have a company name like Law Offices of Smith & Klein. Certificate Authorities like Verisign are very picky about the ampersand and will likely make you redo your CSR if you use one. Play it safe and use 'and' instead of '&'. Now we'll create our certificate signing request.


#openssl req -key server.key -out server.csr


[enter your private key password]
[enter your two character country code]
[enter your full state or province name]
[enter your city name]
[enter your company name]
[enter your organizational unit or leave it blank]
[enter your common name or fqdn]
[enter your admin email address]
[leave the rest of the attributes blank]




Our CSR has been generated and saved as server.csr. At this point you could send in the request to a CA, pay the fee, prove your identity, and then they would issue you a SSL certificate. All they need is the contents of server.csr which can be retrieved by using the cat command.


#cat server.csr


You would send everything to the CA starting from the first hyphen to the last one (the entire file).

Sign Your Certificate Signing Request

With our CSR generated we come to the heart of this tutorial which is signing your CSR to create a SSL cert for your web server. Since we're signing our own certificate we have much more control over the process. When you have a CA sign your CSR you pay for a year, two years, or possibly more. In our case we can specify how many days our certificate is good for before it expires and needs to be resigned. We'll be using 365 days but feel free to use a value greater than one year (maybe 5475 days or 15 years...that should take a while for the clock to run out).




#openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
[enter your private key password]


Our self-signed certificate has been created and saved as server.crt. You will use this certificate and the private key for Apache to enable SSL on your server, however before we do that we will remove the passphrase from our private key.

Remove the PassPhrase From Your Private Key

When your private key has a passphrase, Apache will have no idea what it is and prompt you for your password whenever the service is started. As you can imagine, this would be a major inconvenience if you need to edit any virtual hosts and reload the changes or if your server crashed or rebooted itself. Apache would just sit there and wait for you to key in the password for each SSL enabled host. The solution to this dilemma would be to remove the passphrase from the private key file. Of course something that simple isn't without another problem. When you remove the encryption from your private key you're also removing its security. If your private key was ever to be stolen then you would need to have your certificate revoked. One course of action is to make your private key readable by only root (chmod 400). Let's remove the passphrase from our private key.


#cp server.key server.key.secure
#openssl rsa -in server.key.secure -out server.key
[enter your private key password]

Install Your Certificate and Private Key

[root@www ~]# vi /etc/httpd/conf.d/ssl.conf

Uncomment

DocumentRoot "/var/www/html"

Uncomment and specify server name

ServerName  www.server.world:443

Specify certificate

SSLCertificateFile /etc/pki/tls/certs/server.crt

Specify certification key

SSLCertificateKeyFile /etc/pki/tls/certs/server.key

[root@www ~]#  /etc/rc.d/init.d/httpd restart

For testing

https://domainname.com

Configure iSCSI target

Configure iSCSI  Target


1) Create one partition

2) #yum install scsi-target-utils

3) #vim /etc/tgt/targets.conf
      (Add at the last of configuration file)
      <target iqn.2011-07.prashant.server:target0>
       (Provided device as a iSCSI target)
       Backing-store /dev/sda
       (iSCSI Initiator IP address you allow to connect)
       initiator-address 10.0.0.30
       (Authentication info (set anyone you like for "username" "password")
       incominguser username password
      </target>

4)#services tgtd start

5)#chkconfig tgtd on


6)#tgtadm --mode target --op show


iSCSI target is configured

How to create Yum repo in Redhat 5

Create Yum Server and Yum Client

Create FTP base Yum server
  Insert RHEL 5 Dvd
   #mkdir -p /var/ftp/pub 
    Create Pub Folder
   #cd /media
   #cd RHEL
    Go to the Media
   #cp -av* /var/ftp/pub
     Copy all DVD in to the /var/ftp/pub Directory
   # cd /var/ftp/pub/Server
    Go to Server Folder
   #rpm -ivh vsftpd-12.42.5.2.5.el5.rpm
   #rpm -ivh createrepo-232.32.4.el5.rpm
   Install flowing Packages
   #services vsftpd start
   Start FTP service
   #chkconfig vsftpd on
   make it a default on
   #cd ..
   #createrepo -v /var/ftp/pub
  Create Repository for all packages
  Create one file in /etc/yum.repos.d/server.repo and configure it
   #vi /etc/yum.repo.d/server.repo
   [server]
   name=yum server
   baseurl=ftp://IP Address/pub (local Server IP Address)
   enabled=1
   gpgcheck=0
  #yum clean all
  #yum list all
  #yum install package name
 Now server is configure

How to create yum client
Create one file in /etc/yum.repos.d/client.repo
#vi /etc/yum.repos.d/client.repo
 [client]
name=yum client
baseurl=ftp://yumserver IP address/pub
enabled=1
gpgcheck=0
:wq

#yum clean all
#yum install package name
Yum client is Configure

Network Settings in CentOs & Redhat

Set static IP Address to the Server

[root@dlp ~]# 

vi /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
HWADDR=00:50:43:00:3B:AE

# change

ONBOOT=

yes

# add lines as follows

BOOTPROTO=none

# this server's IP address

IPADDR=10.0.0.30

# subnet mask

NETMASK=255.255.255.0
TYPE=Ethernet

# default gateway

GATEWAY=10.0.0.1

# DNS server's IP address

DNS1=10.0.0.10
IPV6INIT=no
USERCTL=no

[root@dlp ~]#service network restart

for restarting network service it is showing all ok 

[root@dlp ~]#ifconfig

it is showing your IP Address