Friday, January 10, 2014

Create htaccess folder password with htpasswd

Create htaccess folder password with htpasswd

Lets create the .htaccess file first

<IfModule mod_rewrite.c>
RewriteEngine off
</IfModule>
AuthName "Are You Real User"
AuthType Basic
AuthUserFile "/home/apweb/www/yourfolder/xo/.htpasswd"
require valid-user

Now we create the .htpasswd file, we have to generate the password so it will look like this

root:$apr1$2mMeQzaz$577FZ5p/E8EpdrsoVWFRg0

Please use the following URL to generate the username and the password



Finally copy and paste the generated code to your .htpasswd file and uplaod in to the server
Good Luck!

Thursday, November 21, 2013

Disable directory browsing in CentOs 6.4 apache/httpd

How to Disable directory browsing in apache httpd.conf ?


Answer: Actually you are totally right that you wish to disable this feature. One of the “must do’s” on setting a secure apache web server is to disable directory browsing. Usually apache comes with this feature enabled but its always a good idea to get it disabled unless you really need it.

First of all find where is the main apache’s config file httpd.conf is located. If you use Debian, it should be here: /etc/apache/httpd.conf. Using some file editor like Vim or Nano open this file and find the line that looks as follows:

Options Includes Indexes FollowSymLinks MultiViews

then remove word Indexes and save the file. The line should look like this one:

Options Includes FollowSymLinks MultiViews

for the subdomains:

To allow directory browsing for sub-domains and blocked in the main domain as become as follow.
Options Includes FollowSymLinks MultiViews
<VirtualHost *:80>
DocumentRoot "/var/www/downloads"
ServerName downloads.facebook.com
ErrorLog "logs/facebook"
CustomLog "logs/facebook_custom" common
<Directory "/var/www/downloads">
allow from all
Options +Indexes
</Directory>
</VirtualHost>

If no file from the DirectoryIndex directive can be located in the directory, then mod_autoindex can generate a listing of the directory contents. This is turned on and off using the Options directive. For example, to turn on directory listings for a particular directory, you can use:

<Directory /usr/local/apache2/htdocs/listme>
  Options +Indexes
</Directory>

To prevent directory listings (for security purposes, for example), you should remove the Indexes keyword from every Options directive in your configuration file. Or to prevent them only for a single directory, you can use:
<Directory /usr/local/apache2/htdocs/dontlistme>
  Options -Indexes
</Directory>

CentOS 6.4 Create FTP Users

How to Create FTP Users in CentOs 6.4?

- Add a user called "bira"
# useradd bira

Add a password for the user "bira"
# passwd bira (Enter)

New password: (enter your password)

Retype new password: (enter the same password again)
passwd: all authentication tokens updated successfully.

Now give the directory access for the user.
Change the ownership for the "html" directory 
# chown bira /var/www/html

Change the group for this "html" directory .
#chgrp bira /var/www/html

list the directories and check
# ls -l
drwxr-xr-x. 3 bira bira 4096 Nov 21 13:23 html

Finally re-start the vsfptd server.
# service vsftpd restart

All done! just trying to connect with your FileZilla ftp client.

if not:

Do you have SELinux enabled?

To check: # sestatus

If SELinuxstatus = on & Current mode = enforcing, it's all enabled... 
so lets turn it to permissive mode.

Permissive mode: # setenforce 0

Check sestatus again, and it should be Current mode = permissive. This basically leaves SELinux on, but in a log only manner.

All done! just trying to connect with your FileZilla ftp client.

If you still having issues please let me know my self.

Monday, November 18, 2013

“Denied access” problem when using Wamp server 2 on Windows 8



“Denied access” problem when  using Wamp server 2 on Windows 8



First, open the httpd.conf file of your apache version by a text editor such as Notepad or Notepad++. It’s usually located at \wamp\bin\apache\<your apache version>\conf\httpd.conf or you can use the quick menu of Wamp manager to open it. Find these snippet before modify it:

# First, we configure the "default" to be a very restrictive set of 
# features.  
#
<Directory />
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
</Directory>

Replace the Deny from all with Allow from all and save the file.We have not finished yet. Find another snippet:

#   onlineoffline tag - don't remove
    Order Deny,Allow
    Deny from all
    Allow from 127.0.0.1

Replace Deny from all with Allow from all again. The localhost runs correctly now.After do all above thing, I believe that you can locate to localhost and your local web project with your browser. However, if you navigate to http://localhost/phpmyadmin, you will continue getting the Forbidden error. The reason is you did not modify the alias configuration file to allow access from your localhost. Let open this file by using Wamp manager or finding it in \wamp\alias\phpmyadmin.conf, find this snippet

<Directory "c:/wamp/apps/phpmyadmin3.4.10.1/">
    Options Indexes FollowSymLinks MultiViews
    AllowOverride all
        Order Deny,Allow
    Deny from all
    Allow from 127.0.0.1
</Directory>


Change Allow from 127.0.0.1 to Allow from ::1 or you can do as above, change Deny from all into Allow from all. Now, that’s all.

Tuesday, November 12, 2013

FileZilla - Disable the password autosave feature

To disable this feature under FileZilla: 




  1. Click on the "Edit" menu > Settings > Interface
  2. In the "Behaviour" section, check "Do not save passwords".
  3. Click on OK to validate.



Monday, November 11, 2013

CentOS 6.x make visible .htaccess file on ftp / vsftpd

Server OS: Centos 5.x / VSFTPD

Client: Windows 7 /Filezilla

You have uploaded an .htaccess file to your FTP space. You click refresh and the file disappears. Do not worry. The file is there – it is simply not displaying as it is classed as a hidden file. If you have shell access then SSH to your server and run:

 ls -a

You should see the file listed.
In this scenario, to see the hidden files via your FTP client edit the vsftpd.conf file:

 vi /etc/vsftpd/vsftpd.conf

And add the following line force_dot_files=YES
Dont forget to restart the FTP service! /sbin/service vsftpd restart



Sunday, November 10, 2013

CentOS 6.4 VSFTP Problem - 553 Could not create file

Do you have SELinux enabled?

To check: sestatus

If SELinuxstatus = on & Current mode = enforcing, it's all enabled... so lets turn it to permissive mode.

Permissive mode: setenforce 0

Check sestatus again, and it should be Current mode = permissive. This basically leaves SELinux on, but in a log only manner.

With selinux in permissive mode, try your FTP things again, and see if the problems have magically gone away. If they have, you have issues with SELinux. Check /var/log/audit for reasons. Best thing to do is clear the log files, do your FTP thing, then check the logs as they'll then only contain what's related to your FTP issue.

If SELinux is to blame, there's a few SELinux booleans worth looking at.

Best start is: getsebool -a | grep ftp

You'll see something like

allow_ftpd_anon_write --> off
allow_ftpd_full_access --> on
allow_ftpd_use_cifs --> off
allow_ftpd_use_nfs --> off
ftp_home_dir --> on
ftpd_connect_db --> off
httpd_enable_ftp_server --> off
tftp_anon_write --> off

Not all of these are relevant to vsftpd, for example the httpd_enable_ftp_server is for Apache running FTP, and tftp_anon_write is for tftpd. I'd start with:

setsebool -P allow_ftpd_full_access on
setsebool -P ftp_home_dir on

The first one of allow_ftpd_anon_write is needed if you want every joe blow out there to be able to upload files to the anonymous folder... seriously discourage you doing that, unless it's internal only. If this is publicly accessibly, it will be found and it will be abused.

Next you'll need to make sure that the home folders have the right settings enabled.

Check policy bits: ls -alZ /home

Chances are if you just created the home folders they have the wrong settings, so you can just reset them as follows:

First run it to see what it'll change, but without it changing anything: restorecon -nvvr /home
-n = don't do anything, report only
-vv = very verbose
-r = recursive (do /home and everything under it)

You might want to run this on /home/udo, /home/ftp-docs and /home/ftpuser instead of all of /home

If you're happy with what it wants to do: restorecon -vvr /home
Same command with no -n, so it'll do it's actions.

Next stick SELinux back into enforcing mode:
setenforce 1

Check it is with sestatus (current mode = enforcing).

Try FTP again, and if it's broken once more check the audit logs to see what else is going on. Might be missing some settings, which you can sort out using chcon. Use -Z on various commands to work out what the current selinux policies in play are (ps -Z, ls -Z, and so on).

There's a few tools out there to turn the audit log into something more human readable, together with suggestions on what to do to fix it. Never used any of them so I can't speak much about them in anyway.