Simple .htaccess under Debian/Ubuntu

I'm no web pro and the Apache2 documentation, although very thourough, was way too heavy for what I was trying to figure out. About 90 minutes into epic failure with various how-to and guide sites I was able to mangle my own configuration. Again -- I'm no apache master and I'm not really interested in learning everything to know about Apache right now. There are security concerns to be considered, but I am looking for something simple to protect an internal website. Your results may vary, but my case is that I have an internal webserver that I want to use to host a couple of departmental documents and files - nothing serious or top-secret here. If you are working with a public or internet server this may not be for you but might get you started in the right direction.

Under Debian/Ubuntu there are sites-available and sites-enabled for your virtual hosts. The configuration files for each of the sites are stored under /etc/apache2/sites-available, generally a single text file with the name of the site. In my case, I want to modify the default site as it is the main document root of this particular server.

# pico /etc/apache2/sites-available/default

Look for the directive that has your path you want to protect. Again, I want the document root of this server so I will be editing the seciton with . Change the line (under your directive only) AllowOverrides None to AllowOverrides All

Save the file with CTRL-X and reload the Apache configuration with the following command

# /etc/init.d/apache2 reload

Now that the configuration has been modified you can create the password file and the access file for the directory to be secured. It is a rule of thumb to not keep the password file in the document root so keep that in mind and place it somewhere that the webserver can read but users can not.

# htpasswd -c /path/to/password/.htpasswd username

Once the password file has been created (I called mine .htpasswd) you can add a user later with this command

# htpasswd /path/to/password/.htpasswd username

And to delete a user from this list, use this command (there are no confirmation prompts to delete)

# htpasswd -D /path/to/password/.htpasswd username

With the configuration changed and the password file created (.htpasswd in my case), we can now create the directory access change file called .htaccess. You need to place this file in the same directory that you changed the AllowOverride directive in your site configuration above AND reloaded apache2 or it will not work.

# pico /path/to/directory/needing/password/.htaccess

AuthName "Foo"

AuthType Basic

AuthFile /path/to/password/file/.htpasswd

Require valid-user

The AuthName directive can be anything you want to be displayed in the popup for the username/password box just be sure to encapsulate it between quotation marks or you will get a 500 Internal Server error when you go to test it.

Debian: TaskFreak Installation

TaskFreak! is an open source project and task management tool. Tool is an understatement, this thing is handy! Installing this is listed as easy and JustWorks(tm) but the documentation on it I feel is lacking. I've compiled a list detailed instructions below to get started with a Debian Lenny system and all of the pre-installation requirements.

Pre-Installation packages required:

# apt-get install apache2 mysql-server mysql-client php5 php5-mysql

# wget http://www.taskfreak.com/files/stable/taskfreak-multi-mysql-0.6.1.tgz

# tar -zxvf taskfreak-multi-mysql-0.6.1.tgz

# mv taskfreak/* /var/www/
Note: Be sure that all of the hidden . files get moved as well!

# pico /var/www/include/config.php
Note: Change the three lines listed with //edit me (DB_USER, DB_PASS & DB_BASE). These three variables are how you will be connecting to the MySQL database that we create a few lines down. Do _NOT_ use the root account for this as it will not work (and you shouldn't even if it does)


# mysql -u root -p
Note: You should have been given the opportunity to set a root password for your mysql installation. You will only need this initially to create the database and new user for TaskFreak.

-> create database [DB_BASE];

-> create user '[DB_USER]'@'localhost' identified by '[DB_PASS]';

-> grant all privileges on '[DB_BASE].* to '[DB_USER]'@'localhost' with grant option;

-> exit
Note: Be cautious of the punctuation. Remember that words between [ ] come from your install/config.php file and you do not enter the [ ] symbols, just the words. The ' and ; punctuation marks are specificly spaced and required. There should be a ; after every mysql command or when you press enter you will get a blank -> prompt. If that happens, just type a ; and press enter and it should continue.

Once the above has been completed, open your browser to point to your installation http://server.ip.address/install/index.php. Click the link at the top-left "Check Install" -- there will be errors about missing tables. To correct this, scroll down to the bottom and click the "YES create missing tables for me" button. The tables get created and the database returns a green OK for each element.

Logon to your new TaskFreak! server with the following url : http://server.ip.address/index.html

Debian: Finding fastest apt mirror

For Debian systems already configured and installed, there is a nifty tool that you can install that will check all of the Debian mirrors to see which is the fastest available. This doesn't always mean the the closest will be chosen and your firewall/router must allow traceroute through it.

# apt-get install netselect-apt# netselect-apt lenny

As simple as that! Thanks to mypapit's blog post.

Playing with MS Forefront

Yes I know I'm a linux guy but I support more Windows machines than I do linux. I've been waiting for Microsoft to release a competing Antivirus/Antimalware product for some time. With several years of bad experiences with CA and Symantec products, I'm happy to say that my initial deployment of Microsoft's Forefront Client Security has been successful. Setup is a bit tricky, though, as it depends on WSUS for deployment to the clients and although there is a manual process, it's a bit tedious to get these manual installations to report to the management server at first. I have to admit that once you get comfortable with WSUS, things are a lot easier to deal with. Firstly, the Forefront enterprise product has some very robust reporting and management features. Will be back with an edit and more info in a couple days/weeks as I get free time to blog, which isn't often.