Password Protect One File

Password Protect One File

To password protect an individual file:

  1. Create a file :  .htpasswd  and place it above your root directory, so visitors can’t access it.

o    Example of the root directory pathway for shared accounts :

Home/cPUserName /.htpasswd

root directory pathway for Reseller,  Dedicated server  and VPS accounts: Home/cPUserName /.htpasswd

  1. Create an encrypted password using htpasswd generator. [http://www.htaccesstools.com/htpasswd-generator/]

You can setup password for multiple files, all share a common .htpasswd file.

  1. Right click on the .htpasswd file and select the Code Edit option.
  2. In the popup that appears, click the Edit button.
  3. Place the generated .htpasswd information into the .htpasswd file.
  4. Click on the Save Changes button.
  5. Click on the Close button.
  6. Navigate to the directory where the file(s) that you would like to password protect lie.
  7. If an .htaccess file does not exist in the directory already, create one.
  8. Right click on the .htaccess file and select the Code Edit option.
  9. Insert the following code into the .htaccess file:

<FilesMatch “file.extension“>
AuthName “Member Only”
AuthType Basic
AuthUserFile /home/cpusername/.htpasswd
require valid-user
</FilesMatch>

Be sure to replace replace file.extension with your file’s actual name and replace cpusername with your actual cPanel username.

  1. Click on the Save Changes button.
  2. Click on the Close button.

This will protect the specified file, while leaving all other files in the folder unprotected.

Password Protect Multiple Files

You can protect more than one file by using wildcard names. On the FilesMatch line in the previous .htaccess code example, try one of the directives below:

<FilesMatch “*.html”>

<FilesMatch “file.*”>

<FilesMatch “*.*”>

WordPress and Password Protecting Files

WordPress can have some minor conflicts with password protecting files due to the changes in the .htaccess rules.

Secure Apache WebServer using SSL Certificates in Linux

Secure Apache WebServer using SSL Certificates in Linux

PreWebHost.com

PreWebHost.com

 

In Linux,Apache is the most widely used WebServer , will make it secure by implementing SSL Certificates. I am assuming  httpd package(i.e apache software) is already installed on the linux box.

Step 1: Install the necessary packages

[root@localhost /]# yum install mod_ssl openssl

Step 2: Generate the self signed certificate.

Using OpenSSL we will generate a self-signed certificate. If you are using this on a production server you are probably likely to want a key from Trusted Certificate Authority, but if you are just using this on a personal site or for testing purposes a self-signed certificate is fine. To create the key you will need to be root so you can either su to root or use sudo in front of the commands.

# Generate private key using below command

 [root@localhost /]# openssl genrsa  -out server.key 1024

# Now create certificate Signing Request(CSR) With Server RSA Private Key using below command

 [root@localhost /# openssl req -new -key server.key -out server.csr

# Now choose the CA to Sign Your Server’s Certificate , using below command

 [root@localhost /#openssl x509 -req -days 365 -in server.csr -signkey server.key -outserver.crt

Now we have successfully created and signed a certificate and Copy the files to the correct locations

 [root@localhost~]#cp server.crt etc/pki/tls/certs

[root@localhost~]#cp server.key etc/pki/tls/private

[root@localhost~]#cp server.csr /etc/pki/tls/private

 

Step 3: edit the ssl.conf file

[root@localhost ~]# vi /etc/httpd/conf.d/ssl.conf

 

Change the paths to match where the Key file is stored. If you’ve used the method above it will be

 SSLCertificateFile /etc/pki/tls/certs/server.crt

SSLCertificateKeyFile /etc/pki/tls/private/server.key

Save & quit the file and restart the apache serivce

 [root@localhost ~]# /etc/init.d/httpd restart

Step 4: modify the httpd.conf file

[root@localhost ~]# vi /etc/httpd/conf/httpd.conf

Save & quit and Put the html  files in /var/www/html and restart httpd service using below command :

[root@localhost html]# /etc/init.d/httpd restart

Step 4 : If your web server is running behind the firewall , then open 443 port.  Once all the steps are done , we can access the our website “https://www.prewebhost.com” using webroswer.

 

Understanding Linux Security

Understanding Linux Security : /etc/passwd & /etc/shadow file

Security cycle

No system is complete without some form of security. There must be a mechanism available to protect files from unauthorized viewing or modification. The Linux system follows the Unix method of file permissions, allowing individual users and groups access to files based on a set of security settings for each file and directory.

Linux Security

Linux security

The core of the Linux security system is the user account . Each individual who accesses a Linux system should have a unique user account assigned. The permissions users have to objects on the system depend on the user account they log in with. User permissions are tracked using a user ID (often called a UID), which is assigned to an account when it’s created. The UID is a numerical value, unique for each user. However, you don’t log in to a Linux system using your UID. Instead, you use a login name . The login name is an alphanumeric text string of eight characters or fewer that the user uses to log in to the system (along with an associated password).

The Linux system uses special files and utilities to track and manage user accounts on the system.

The /etc/passwd File

The Linux system uses a special file to match the login name to a corresponding UID value. This file is the /etc/passwd file. The /etc/passwd file contains several pieces of information about the user. Here’s what a typical /etc/passwd file looks like on a Linux system:

 # cat /etc/passwd

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologi

The root user account is the administrator for the Linux system and is always assigned UID. As you can see, the Linux system creates lots of user accounts for various functions that aren’t actual users.

These are called system accounts . A system account is a special account that services running on the system use to gain access to resources on the system. All services that run in background mode need to be logged in to the Linux system under a system user account.

Before security became a big issue, these services often just logged in using the root user account. Unfortunately, if an unauthorized person broke into one of these services, he instantly gained access to the system as the root user. To prevent this, now just about every service that runs in background on a Linux server has its own user account to log in with. This way, if a troublemaker does compromise a service, he still can’t necessarily get access to the whole system.

Linux reserves UIDs below 500 for system accounts. Some services even require specific UIDs to work properly. When you create accounts for normal users, most Linux systems assign the first available UID starting at 500 (although this is not necessarily true for all Linux distributions). Probably noticed that the /etc/passwd file contains lots more than just the login name and UID for the user.

The fields of the /etc/passwd file contain the following information:

  • The login username
  • The password for the user
  • The numerical UID of the user account
  • The numerical group ID (GID) of the user account
  • A text description of the user account (called the comment field)
  • The location of the HOME directory for the user
  • The default shell for the user
PreWebHost.com

PreWebHost.com

1 2