P. 1
System Administration Guide

System Administration Guide

|Views: 4|Likes:
Publicado porRichard D Armstrong

More info:

Published by: Richard D Armstrong on Sep 02, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

05/24/2012

pdf

text

original

To enable the secure server, you must have the following packages installed at a minimum:

httpd

The httpd package contains the httpd daemon and related utilities, configuration files, icons,
Apache HTTP Server modules, man pages, and other files used by the Apache HTTP Server.

mod_ssl

The mod_ssl package includes the mod_ssl module, which provides strong cryptography for
the Apache HTTP Server via the Secure Sockets Layer (SSL) and Transport Layer Security
(TLS) protocols.

openssl

The opensslpackage contains the OpenSSL toolkit. The OpenSSL toolkit implements the SSL
and TLS protocols, and also includes a general purpose cryptography library.

Additionally, other software packages provide certain security functionalities (but are not required by
the secure server to function):

212

Chapter 26. Apache HTTP Secure Server Configuration

httpd-devel

The httpd-devel package contains the Apache HTTP Server include files, header files, and
the APXS utility. You need all of these if you intend to load any extra modules, other than the
modules provided with this product. Refer to the Red Hat Enterprise Linux Reference Guide for
more information on loading modules onto your secure server using Apache’s dynamic shared
object (DSO) functionality.

If you do not intend to load other modules onto your Apache HTTP Server, you do not need to
install this package.

OpenSSH packages

The OpenSSH packages provide the OpenSSH set of network connectivity tools for logging
into and executing commands on a remote machine. OpenSSH tools encrypt all traffic (includ-
ing passwords), so you can avoid eavesdropping, connection hijacking, and other attacks on the
communications between your machine and the remote machine.

The openssh package includes core files needed by both the OpenSSH client programs and the
OpenSSH server. The openssh package also contains scp, a secure replacement for rcp (for
securely copying files between machines).

The openssh-askpass package supports the display of a dialog window which prompts for a
password during use of the OpenSSH agent.

The openssh-askpass-gnomepackage can be used in conjunction with the GNOME desktop
environment to display a graphical dialog window when OpenSSH programs prompt for a pass-
word. If you are running GNOME and using OpenSSH utilities, you should install this package.

The openssh-server package contains the sshd secure shell daemon and related files. The
secure shell daemon is the server side of the OpenSSH suite and must be installed on your host
to allow SSH clients to connect to your host.

The openssh-clients package contains the client programs needed to make encrypted con-
nections to SSH servers, including the following: ssh, a secure replacement for rsh; sftp, a
secure replacement for ftp (for transferring files between machines); and slogin, a secure re-
placement for rlogin (for remote login) and telnet (for communicating with another host via
the Telnet protocol).

For more information about OpenSSH, see Chapter 21 OpenSSH, the Red Hat Enterprise Linux
Reference Guide
, and the OpenSSH website at http://www.openssh.com/.

openssl-devel

The openssl-develpackage contains the static libraries and the include file needed to compile
applications with support for various cryptographic algorithms and protocols. You need to install
this package only if you are developing applications which include SSL support — you do not
need this package to use SSL.

stunnel

The stunnel package provides the Stunnel SSL wrapper. Stunnel supports the SSL encryption
of TCP connections. It provides encryption for non-SSL aware daemons and protocols (such as
POP, IMAP, and LDAP) without requiring any changes to the daemon’s code.

Note

Newer implementations of various daemons now provide their services natively over SSL, such
as dovecot or OpenLDAP’s slapd server, which may be more desirable than using stunnel.

For example, use of stunnel only provides wrapping of protocols, while the native support in
OpenLDAP’s slapd can also handle in-band upgrades for using encryption in response to a
StartTLS client request.

Chapter 26. Apache HTTP Secure Server Configuration

213

Table 26-1 displays a summary of the secure server packages and whether each package is optional
for the installation of a secure server.

Package Name

Optional?

httpd

no

mod_ssl

no

openssl

no

httpd-devel

yes

openssh

yes

openssh-askpass

yes

openssh-askpass-gnome

yes

openssh-clients

yes

openssh-server

yes

openssl-devel

yes

stunnel

yes

Table 26-1. Security Packages

You're Reading a Free Preview

Descarga
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->