Report 3 - Linux Course

Feb. 11, 2020

Posted in:

This is my 3rd report on me Linux course

This time around we had a 5 different exercises we need to do, most concerning Apache. We've had some free choice on depending which exercises we had to do.

This time around I'lle be also using my blog as a live example of this exercise, although this blog is built on Nginx instead of Apache, but I hope it suffices in this, cause I can't be bothered to deploy apache on this particular droplet and have another 8 hours of headache that comes with deploying something with new technology. I'll also be installing apache on a different ip address, that's deployed on a different droplet on my digitalocean server.

I'm working with a macbook pro and working with virtual linux installation has been more than sketchy so I've decided to create a new droplet on digitalocean.com with Ubuntu installation and I'm ssh'ing to root user in this case to the server with an SSH key to do these exercises.

I'm still pretty new when it comes to linux shell so I will be using root (which is not the best way to go), mostly because I don't still remember how to create new users on the linux environment. Hopefully we will learn this properly during the course.

Here are the exercises listed:

a) Install Apache, deploy the users homepage (https://example.com/~user). Test with example homepage.

In this case I've created a new droplet on digitalocean.com with ip address 64.225.104.208. I have already a premade sshkey on my macbook pro. The great thing about mac's is that it's based on same unix architechture, which means that I can use the terminal on mac to connect to the server and it will still use the same commands with the same terminal, good luck doing that with Windows 10 (or whatever OS they have nowadays).

I actually tried to upload photo of this particular process to this blog, but I got an error:

Server Error: Report this error to your webmaster with the following information:
Request Entity Too Large - 413

so there is some debugging to be done. I took a new screenshot with only the terminal showing and it uploaded fine, might be because of the high pixel density on my MacBook Pro, but interesting to see. Also my current droplet should have more than enough bandwidth to handle one high-resolution picture.

Screenshot 2020-02-12 at 1.09.07.png

This is how it looks when you ssh to the root from your terminal on Mac for first time and you've got the actual ssh key saved on your Mac. I've had to do this step about 20 times to get it correctly.

For the actual installation of the apache to the webserver it's simply 2 commands:

apt-get update (Good to do once in a while to update the package lists)

apt-get install apache

Notice when you're the root you don't need to sudo (super user do) because root is the most basic privilege you can have in an Unix based system. Although It's not recommended because of security reasons, I used root here because of time constraints and my lack of knowledge.


b) & c) Surf around your website. Find out some apachelogs about succesful (200 OK) and failed pageload (404 not found) Analyze the pages.

I've mosly used this resource when it comes to this exercise: https://www.digitalocean.com/community/tutorials/how-to-install-the-apache-web-server-on-ubuntu-16-04.

For anyone dabbling in the world of deploying apps to an Ubuntu server I would recommend digital ocean's resources, digitalocean's supportpages have alot of resources regarding deployment of webpages to Linux based servers.


I also used my Nginx based webserver of my blog for this exercise.

Screenshot 2020-02-12 at 1.43.48.png

Here is what it looks on the logs of my python3 django based CMS called wagtail. For some reason there is an error regarding an wp-admin.php -file which is a relic from my old Wordpress installation, but there should be nothing left of the wordpress installation so this is still a mystery for me.

But if I want I can log into my running webservers terminal and see all the logfiles straight from it and all the http requests.

http://mikkoharakka.com/yeet/

Screenshot 2020-02-12 at 1.47.26.png

First it shows an 301 http response which is a new one to me, after this it shows the familiar 404. Which indicates the 'page not found' HTTP error.

301 seems to be an error code relating to 'Moved permanently' response, which again I have no idea why is it throwing this particular error, because there never been resource named that.


d) Make an error on apache configfile and find/analyze the particular errorline.

I went into /etc/nginx/sites-available/ and used command: vim mikkoharakka.com on my config file. I prefer using VIM over nano because it's an text editor I've gotten used to and I'm comfortable at it's abilities.

I made an error on the config file that's shown below:

Screenshot 2020-02-12 at 2.00.00.png

I've put an extra 1 on the end of the listen: 80 argument making it 801. I got instantly thrown out of my webserver and had about 15 minutes of troubleshooting. I had to reconnnect to my webserver with ssh@root -command and I did not get any errors on a log, but had my whole webpage shut down for 15 minutes.

I'm still littlebit unfamiliar with the different logfiles on the /var/log/ -folder but I tried command tail -f on these 2 logfiles and they might be related to the issue I had. Not totally sure about this though. I did not manage to upload an screenshot because of the previously mentioned 413 -error on my Django Wagtail CMS admin backend, so here is the straight copypaste of the terminal logs.

root@ubuntu-s-1vcpu-1gb-fra1-01:/var/log# tail -f syslog

Feb 12 00:02:54 ubuntu-s-1vcpu-1gb-fra1-01 kernel: [555171.749060] [UFW BLOCK] IN=eth0 OUT= MAC=d2:05:9f:35:3c:c3:40:a6:77:4f:3f:f0:08:00 SRC=95.213.177.122 DST=46.101.202.191 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=49732 PROTO=TCP SPT=45771 DPT=65531 WINDOW=1024 RES=0x00 SYN URGP=0

Feb 12 00:02:54 ubuntu-s-1vcpu-1gb-fra1-01 kernel: [555172.090489] [UFW BLOCK] IN=eth0 OUT= MAC=d2:05:9f:35:3c:c3:40:a6:77:4f:3f:f0:08:00 SRC=95.213.177.122 DST=46.101.202.191 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=37084 PROTO=TCP SPT=45771 DPT=1080 WINDOW=1024 RES=0x00 SYN URGP=0

Feb 12 00:03:21 ubuntu-s-1vcpu-1gb-fra1-01 kernel: [555199.080753] [UFW BLOCK] IN=eth0 OUT= MAC=d2:05:9f:35:3c:c3:40:a6:77:34:67:f0:08:00 SRC=89.248.162.136 DST=46.101.202.191 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=19443 PROTO=TCP SPT=41008 DPT=2125 WINDOW=1024 RES=0x00 SYN URGP=0

Feb 12 00:03:36 ubuntu-s-1vcpu-1gb-fra1-01 kernel: [555214.210761] [UFW BLOCK] IN=eth0 OUT= MAC=d2:05:9f:35:3c:c3:40:a6:77:34:67:f0:08:00 SRC=175.200.3.32 DST=46.101.202.191 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=59326 PROTO=TCP SPT=14996 DPT=23 WINDOW=56684 RES=0x00 SYN URGP=0

Feb 12 00:04:04 ubuntu-s-1vcpu-1gb-fra1-01 kernel: [555242.116017] [UFW BLOCK] IN=eth0 OUT= MAC=d2:05:9f:35:3c:c3:40:a6:77:4f:3f:f0:08:00 SRC=192.186.3.139 DST=46.101.202.191 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=4528 PROTO=TCP SPT=58915 DPT=62222 WINDOW=1024 RES=0x00 SYN URGP=0

Feb 12 00:04:43 ubuntu-s-1vcpu-1gb-fra1-01 kernel: [555280.570628] [UFW BLOCK] IN=eth0 OUT= MAC=d2:05:9f:35:3c:c3:40:a6:77:4f:3f:f0:08:00 SRC=185.153.199.214 DST=46.101.202.191 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=31702 PROTO=TCP SPT=43701 DPT=4353 WINDOW=1024 RES=0x00 SYN URGP=0

Feb 12 00:05:01 ubuntu-s-1vcpu-1gb-fra1-01 CRON[8714]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)

Feb 12 00:05:21 ubuntu-s-1vcpu-1gb-fra1-01 kernel: [555318.443192] [UFW BLOCK] IN=eth0 OUT= MAC=d2:05:9f:35:3c:c3:40:a6:77:34:67:f0:08:00 SRC=196.52.43.130 DST=46.101.202.191 LEN=92 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=UDP SPT=61809 DPT=17185 LEN=72

Feb 12 00:05:36 ubuntu-s-1vcpu-1gb-fra1-01 kernel: [555333.681567] [UFW BLOCK] IN=eth0 OUT= MAC=d2:05:9f:35:3c:c3:40:a6:77:34:67:f0:08:00 SRC=194.26.29.122 DST=46.101.202.191 LEN=40 TOS=0x08 PREC=0x00 TTL=178 ID=55539 PROTO=TCP SPT=56701 DPT=6189 WINDOW=1024 RES=0x00 SYN URGP=0

Feb 12 00:05:39 ubuntu-s-1vcpu-1gb-fra1-01 kernel: [555336.723211] [UFW BLOCK] IN=eth0 OUT= MAC=d2:05:9f:35:3c:c3:40:a6:77:4f:3f:f0:08:00 SRC=151.236.61.187 DST=46.101.202.191 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=37947 PROTO=TCP SPT=45006 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0

Feb 12 00:05:47 ubuntu-s-1vcpu-1gb-fra1-01 kernel: [555344.878145] [UFW BLOCK] IN=eth0 OUT= MAC=d2:05:9f:35:3c:c3:40:a6:77:34:67:f0:08:00 SRC=176.113.115.251 DST=46.101.202.191 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=50683 PROTO=TCP SPT=57938 DPT=2811 WINDOW=1024 RES=0x00 SYN URGP=0

Feb 12 00:05:59 ubuntu-s-1vcpu-1gb-fra1-01 kernel: [555356.931377] [UFW BLOCK] IN=eth0 OUT= MAC=d2:05:9f:35:3c:c3:40:a6:77:34:67:f0:08:00 SRC=193.32.161.71 DST=46.101.202.191 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=7109 PROTO=TCP SPT=44019 DPT=2145 WINDOW=1024 RES=0x00 SYN URGP=0

Feb 12 00:06:11 ubuntu-s-1vcpu-1gb-fra1-01 kernel: [555369.321240] [UFW BLOCK] IN=eth0 OUT= MAC=d2:05:9f:35:3c:c3:40:a6:77:4f:3f:f0:08:00 SRC=103.133.109.149 DST=46.101.202.191 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=26434 PROTO=TCP SPT=49205 DPT=4150 WINDOW=1024 RES=0x00 SYN URGP=0

Feb 12 00:06:20 ubuntu-s-1vcpu-1gb-fra1-01 kernel: [555378.095979] [UFW BLOCK] IN=eth0 OUT= MAC=d2:05:9f:35:3c:c3:40:a6:77:34:67:f0:08:00 SRC=185.175.93.101 DST=46.101.202.191 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=55649 PROTO=TCP SPT=41035 DPT=5912 WINDOW=1024 RES=0x00 SYN URGP=0

^C

root@ubuntu-s-1vcpu-1gb-fra1-01:/var/log# tail -f auth.log

Feb 11 23:55:06 ubuntu-s-1vcpu-1gb-fra1-01 sshd[8378]: Connection closed by authenticating user root 64.225.104.208 port 37712 [preauth]

Feb 11 23:55:17 ubuntu-s-1vcpu-1gb-fra1-01 sshd[8381]: Connection closed by authenticating user root 64.225.104.208 port 37714 [preauth]

Feb 11 23:56:10 ubuntu-s-1vcpu-1gb-fra1-01 sshd[8385]: Connection closed by authenticating user root 64.225.104.208 port 37716 [preauth]

Feb 11 23:56:37 ubuntu-s-1vcpu-1gb-fra1-01 sshd[8388]: Accepted publickey for root from 176.72.87.31 port 42327 ssh2: RSA SHA256:kf78ytFpmnt5MGVBMli6tpWVWen1Wki+ooyyH7ultvc

Feb 11 23:56:37 ubuntu-s-1vcpu-1gb-fra1-01 sshd[8388]: pam_unix(sshd:session): session opened for user root by (uid=0)

Feb 11 23:56:37 ubuntu-s-1vcpu-1gb-fra1-01 systemd-logind[873]: New session 1104 of user root.

Feb 11 23:59:01 ubuntu-s-1vcpu-1gb-fra1-01 CRON[8613]: pam_unix(cron:session): session opened for user root by (uid=0)

Feb 11 23:59:01 ubuntu-s-1vcpu-1gb-fra1-01 CRON[8613]: pam_unix(cron:session): session closed for user root

Feb 12 00:05:01 ubuntu-s-1vcpu-1gb-fra1-01 CRON[8713]: pam_unix(cron:session): session opened for user root by (uid=0)

Feb 12 00:05:01 ubuntu-s-1vcpu-1gb-fra1-01 CRON[8713]: pam_unix(cron:session): session closed for user root

i) How many different HTTP statuses can one cause in the logs? Explaine how you caused these particular statuses and analyze each on these lines

I managed to cause 3 different HTTP statuses

The last error was littlebit new for me because the wording doesn't really tell me anything about it.

Return to blog