Shulou(Shulou.com)06/03 Report--

@ [toc]

Foreword:

Analysis of apache configuration

Apache links keep apache access control using blacklist and whitelist, authentication for access control

Apache log management log segmentation AWStats log analysis

How to generate log files

Tool learning for managing logs

1: apache connection retention 1.1 apache connection retention related parameters 1.1.1 whether KeepAlive opens connection retention, OFF closes, ON opens 1.1.2 KeepAliveTimeout the maximum interval between multiple requests for a connection Two requests disconnected beyond this time-resources can be optimized 1.1.3 MaxKeepAliveRequests maximum number of requests that can be transmitted in a single connection-concurrency II: apache access control overview 2.1 apache access control 2.1.1 function controls access to website resources add access authorization 2.1.2 common access control methods client address restrictions user authorization restrictions

2.2 access control based on client address uses Require configuration items to implement access control, restricting, in order, the common syntax available for Require configuration items in the, and configuration segments

Require all granted- allows all permissions

Require all denied- denies all permissions

Require local- allows local permissions

Require [not] host-allow or deny hostname

Reuire [not] ip-allow or deny IP segments

Note: when using not to prohibit access, you should place it in the container and specify the appropriate restriction policy in the container.

[root@localhost html] # vim / etc/httpd/conf/extra/vhost.conf DocumentRoot "/ var/www/html/kgc" ServerName www.kgc.com Errorlog "logs/www.kgc.com.error_log" Customlog "logs/www.kgc.comaccess_log" common Require not ip 192.168.247.157 Require all granted

[root@localhost html] # systemctl restart httpd

III: user authorization limit 3.1 create a user authentication database

Option-c, which means to create a new user authentication database. If you want to write user data to an existing database, you do not need to add-c to write

[root@localhost named] # htpasswd-c / etc/httpd/conf/httppasswd zhangsanNew password: Re-type new password: Adding password for user zhangsan [root@localhost named] # cat / etc/httpd/conf/httppasswd zhangsan:$apr1 $IivUd6IL$J8zc5KAHgsQsoqSkPI1EP. [root@localhost named] # htpasswd / etc/httpd/conf/httppasswd lisiNew password: Re-type new password: Adding password for user lisi [root@localhost named] # cat / etc/httpd/conf/httppasswd zhangsan:$apr1 $IivUd6IL$J8zc5KAHgsQsoqSkPI1EP.lisi:$apr1 $FRyBVvZl$FBdIus.U9PpGVvmEgyAIK0 [root@localhost named] # htpasswd-c / etc / httpd/conf/httppasswd wangermaziNew password: Re-type new password: Adding password for user wangermazi [root@localhost named] # cat / etc/httpd/conf/httppasswd wangermazi:$apr1 $WwVYzzto$/ydcv1CaajW6e4Qi87D7u.3.2 add user authorization configuration Open the user authentication database to control the service from the server's own level

Take one of the last configured virtual web hosts as an example

DocumentRoot "/ var/www/html/accp" ServerName www.accp.com Errorlog "logs/www.accp.com.error_log" Customlog "logs/www.accp.comaccess_log" common authname "documentroot" authtype basic authuserfile / etc/httpd/conf/httppasswd require valid-user

AuthName "DocumentRoot"-establishes the protected domain name, which is the web site directory

AuthType Basic-authentication type

AuthUserFile / etc/httpd/conf/httppasswd-user authentication account file, that is, the user authentication database just created

Require valid-user-requires authentication in order to access

Then restart the httpd service [root@localhost extra] # systemctl restart httpd3.3 client experiment

4: log segmentation 4.1 as the number of visits to the website increases, by default, the single log file of Apache will also become larger and larger over time. It takes up a lot of disk space to view relevant information, which makes it inconvenient to 4.2.Two tools Apache comes with rotatelogs partitioning tool to implement third-party tool cronolog partitioning 4.3 rotatelogs partitioning tool configuration website log files are transferred to rotatelogs partitioning processing configuration format-ErrorLog "| / usr/sbin/rotatelogs-l logs/error_%Y%m%d.log 86400" CustomLog "| / usr/sbin/ Rotatelogs-l logs/access_%Y%m%d.log 86400 "combined

Note: in the actual production environment, the vast majority of a server corresponds to N sub-domain name sites. In order to facilitate agreed management, it can be configured as a virtual host, and the log file can be identified by the website name.

For example: ErrorLog "| rotatelogs (absolute path to the command)-l log file path / website name-error_%Y%m%d.log 86400"

4.4 Lab:

Restore snapshot and start configuration

4.4.1 disable the firewall and enhance the service [root@localhost ~] # systemctl stop firewalld.service [root@localhost ~] # setenforce 0 [root@localhost ~] # 4.4.2 install Apache [root @ localhost ~] # yum install httpd-y4.4.3 at this time there is no log file [root@localhost ~] # cd / etc/httpd/logs [root@localhost logs] # ls [root@localhost logs] # cd. [root@localhost httpd] # ls-ltotal 0drwxr-xr-x. 2 root root 37 Dec 12 20:07 confdrwxr-xr-x. 2 root root 82 Dec 12 20:07 conf.ddrwxr-xr-x. 2 root root 146 Dec 12 20:07 conf.modules.dlrwxrwxrwx. 1 root root 19 Dec 12 20:07 logs->.. /.. / var/log/httpdlrwxrwxrwx. 1 root root 29 Dec 12 20:07 modules->.. /.. / usr/lib64/httpd/moduleslrwxrwxrwx. 1 root root 10 Dec 12 20:07 run-> / run/httpd4.4.4 enable the service, check the log directory, and find that there are error logs and login logs, if you do not configure them Then [root@localhost httpd] # systemctl start httpd [root@localhost httpd] # ls logsaccess_log error_log4.4.5 will be configured daily with two file attributes [root@localhost httpd] # which rotatelogs/usr/sbin/rotatelogs [root@localhost httpd] # vim / etc/httpd/conf/httpd.conf ErrorLog "| / usr/sbin/rotatelogs-l logs/error_%Y%m%d.log 86400" CustomLog "| / usr/sbin/rotatelogs-l logs/access_%Y%m% D.log 86400 "combined4.4.6 restart service View the log directory [root@localhost httpd] # systemctl restart httpd [root@localhost httpd] # ls logsaccess_log error_20191212.log error_ log [root @ localhost httpd] # 4.4.7 visit once

Visit once

Access log files also appear

[root@localhost httpd] # ls logsaccess_20191212.log access_log error_20191212.log error_log4.5 cronolog tool 4.5.1 Snapshot restore New Environment

Reinstall thppd

4.5.2 Mount the shared directory and import the cronolog package into the system [root@localhost ~] # mount.cifs / / 192.168.254.10/linuxs / abcPassword for root@//192.168.254.10/linuxs: [root@localhost ~] # cd / abc [root@localhost abc] # lscronolog-1.6.2-14.el7.x86_64.rpm LAMP-php5.6.txt modify the network card to static IP address .txtdhcp. Txt MAC record and port scan script. Txt development system monitoring script. Txtextundelete-0.2.4.tar.bz2 pxe.txt boot system script. Txthttpd2.4.2 version pxe express secret book. Txt test whether the network segment is alive. Test port 21 of the surviving network segment. Txtjohn-1.8.0.tar.gz qqq.html monitoring system memory cpu disk capacity 1.0.txtLAMP-C7 vsftpd add virtual user script. TXTLAMP-C7.rar different domain names to create virtual hosts .TXT [root@localhost abc] # cp -p cronolog-1.6.2-14.el7.x86_64.rpm / opt-bash: ls/opt: No such file or directory [root@localhost abc] # cd / opt [root@localhost opt] # lscronolog-1.6.2-14.el7.x86_64.rpm rh [root@localhost opt] # rpm-ivh cronolog-1.6.2-14.el7.x86_64.rpm warning: cronolog-1.6.2-14.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature Key ID 352c64e5: NOKEYPreparing... # # [100%] Updating / installing... 1:cronolog-1.6.2-14.el7 # # [100%] [root@localhost opt] # croncrond cronolog cronosplit crontab [root@localhost opt] # which cronolog/usr/sbin/cronolog4.5.3 turn off firewall and enhancement services [root@localhost opt] # systemctl stop firewalld.service [root@ Localhost opt] # setenforce 04.5.4 modify the log parameters in the configuration file [root@localhost opt] # vim / etc//httpd/conf/httpd.conf ErrorLog "| / usr/sbin/cronolog logs/error_%Y%m%d.log" CustomLog "| / usr/sbin/cronolog logs/access_%Y%m%d.log" combined4.5.5 enable the service [root@localhost opt] # systemctl start httpd4.5.6 view log directory [root@localhost logs] # access records are generated when lserror_20191213.log4.5.6 accesses apache

[root@localhost logs] # lsaccess_20191213.log error_20191213.log4.5.7 time acceleration verification-use date-s to validate [root@localhost logs] # date-s 2019-12-31Tue Dec 31 00:00:00 CST 2019 [root@localhost logs] # lsaccess_20191213.log error_ 20191213.log [root @ localhost logs] # systemctl restart httpd [root@localhost logs] # ls-ltotal 12rwcombe rkhom. 1 root root 1546 Dec 13 09:11 access_20191213.log-rw-r--r--. 1 root root 888 Dec 13 09:11 error_20191213.log-rw-r--r--. 1 root root 750Log 31 00:00 error_ 20191231.log5: deploy AWStats log analysis system AWStats log analysis system introduction an open source log analysis system developed in Perl language can be used to analyze the access log information of Apache, Samba, Vsftpd, IIS and other servers, combined with crond and other scheduled task services, log content can be analyzed regularly

Install AWStats package [root@localhost ~] # mount.cifs / / 192.168.254.10/linuxs / optPassword for root@//192.168.254.10/linuxs: [root@localhost ~] # cd / opt [root@localhost opt] # ls12.17 LAMP-php5.6.txt8.tar.gz MAC record and port scan script. Txtawstats-7. 6.tar.gz pxe.txt [root@localhost opt] # tar-xzf awstats-7.6.tar.gz-C / mnt [root@localhost opt] # cd / mnt [root@localhost mnt] # ls12.17 awstats-7.6 [root@localhost mnt] # umount / opt [root@localhost mnt] # ls / optrh [root@localhost mnt] # mv awstats-7.6 / usr/local/awstats

Files in awstats

[root@localhost mnt] # cd / usr/local/awstats/ [root@localhost awstats] # lsdocs README.md tools wwwroot [root@localhost awstats] # cd tools/ [root@localhost tools] # lsawstats_buildstaticpages.pl awstats_updateall.pl httpd_conf nginx xsltawstats_configure.pl dolibarr logresolvemerge.pl urlaliasbuilder.plawstats_exportlib.pl geoip_generator.pl maillogconvert.pl webmin

Note: at this time, you can also configure bind and httpd for hands-on exercises.

[root@localhost ~] # yum install bind httpd-yInstalled: bind.x86_64 32 listen-on port 9.11.4-9.P2.el7 httpd.x86_64 0V 2.4.6-90.el7.centos [root@localhost tools] # vim / etc/named.conf 12 options {13 listen-on port 53 {any;}; 14 listen-on-v6 port 53 {:: 1;}; 15 directory "/ var/named" 16 dump-file "/ var/named/data/cache_dump.db"; 17 statistics-file "/ var/named/data/named_stats.txt"; 18 memstatistics-file "/ var/named/data/named_mem_stats.txt"; 19 recursing-file "/ var/named/data/named.recursing"; 20 secroots-file "/ var/named/data/named.secroots"; 21 allow-query {any }; [root@localhost tools] # vim / etc/named.rfc1912.zones zone "kgc.com" IN {type master; file "kgc.com.zone"; allow-update {none;};} [root@localhost tools] # cp-p / var/named/named.localhost kgc.com.zone [root@localhost tools] # vim kgc.com.zone A 192.168.247.149www IN A 192.168.247.149 [root@localhost named] # systemctl start named [root@localhost named] # netstat-natp | grep namedtcp 0 0192.168.247.149 root@localhost tools 53 0.0.0.0 LISTEN 37654/named tcp 0 0127.0.0.1 LISTEN 37654/named tcp6 53 0.0.0.0 LISTEN 37654/named tcp6 0:: 1:53:: * LISTEN 37654/named tcp6 0 0:: 1 root@localhost named 953: * LISTEN 37654/named [root@localhost named] # systemctl stop firewalld.service [root@localhost named] # setenforce 0

Configure httpd

[root@localhost named] # vim / etc/httpd/conf/httpd.conf 41 Listen 192.168.247.149 Listen 8042 # Listen 8095 ServerName www.kgc.com:805.2 create a profile for the site to be counted [root@localhost named] # cd / usr/local/awstats/ [root@localhost awstats] # lsdocs README.md tools wwwroot [root@localhost awstats] # cd tools/ [root@localhost tools] # lsawstats_buildstaticpages.pl dolibarr logresolvemerge.pl webminawstats_configure.pl Geoip_generator.pl maillogconvert.pl xsltawstats_exportlib.pl httpd_conf nginxawstats_updateall.pl kgc.com.zone urlaliasbuilder.pl

The script file ends with pl. If it cannot be executed, you need to add additional execution permissions to it.

[root@localhost tools] #. / awstats_configure.pl-AWStats awstats_configure 1.0 (build 20140126) (c) Laurent Destailleur-This tool will help you to configure AWStats to analyze statistics forone web server. You can try to use it to let it do all that is possiblein AWStats setup, however following the step by step manual setupdocumentation (docs/index.html) is often a better idea. Above all if:- You are not an administrator user,- You want to analyze downloaded log files without web server,- You want to analyze mail or ftp log files instead of web log files,- You need to analyze load balanced servers log files,- You want to 'understand' all possible ways to use AWStats...Read the AWStats documentation (docs/index.html).-> Running OS detected: Linux BSD or Unix- > Check for web server installEnter full config file path of your Web server.Example: / etc/httpd/httpd.confExample: / usr/local/apache2/conf/httpd.confExample: C:\ Program files\ apache group\ apache\ conf\ httpd.confConfig file path ('none' to skip web server setup):-- enter Enter the configuration file path-- > / etc/httpd/conf/httpd.conf- > Check and complete web server config file'/ etc/httpd/conf/httpd.conf' Add 'Alias / awstatsclasses "/ usr/local/awstats/wwwroot/classes/"' Add 'Alias / awstatscss "/ Usr/local/awstats/wwwroot/css/ "'Add' Alias / awstatsicons" / usr/local/awstats/wwwroot/icon/ "'Add' ScriptAlias / awstats/" / usr/local/awstats/wwwroot/cgi-bin/ "'Add' 'directive AWStats directives added to Apache config file.- > Update model config file' / usr/local/awstats/wwwroot/cgi-bin/awstats.model.conf' File awstats.model.conf updated.- > Need to create a new config File? Do you want me to build a new AWStats config/profile- agreed to-file (required if first install) [y _ gamma N]? Y-> Define config file name to createWhat is the name of your web site or profile analysis? Example: www.mysite.comExample: demoYour web site Virtual server or profile name:- enter domain name-- > www.kgc.com- > Define config File pathIn which directory do you plan to store your config file (s)? Default: / etc/awstatsDirectory path to store config file (s) (Enter for default):-default Enter-- >-> Create config file'/ etc/awstats/awstats.www.kgc.com.conf' Config file / etc/awstats/awstats.www.kgc.com.conf created.- > Restart Web server with'/ sbin/service httpd restart'Redirecting to / bin/systemctl restart Httpd.service- > Add update process inside a schedulerSorry Configure.pl does not support automatic add to cron yet.You can do it manually by adding the following command to your cron:/usr/local/awstats/wwwroot/cgi-bin/awstats.pl-update-config=www.kgc.comOr if you have several config files and prefer having only one command:/usr/local/awstats/tools/awstats_updateall.pl nowPress ENTER to continue... -enter-A SIMPLE config file has been created: / etc/awstats/awstats.www.kgc.com. ConfYou should have a look inside to check and change manually main parameters.You can then manually update your statistics for 'www.kgc.com' with command: > perl awstats.pl-update-config=www.kgc.comYou can also read your statistics for' www.kgc.com' with URL: > http://localhost/awstats/awstats.pl?config=www.kgc.com//http://localhost/awstats/awstats.pl?config=www.kgc.com this path is to log in to the site Press ENTER to finish...---- of awstats -- enter to complete-[root@localhost tools] # 5. 3 establish a profile for the site to be counted

Here is the data written by awstats

# # Directives to allow use of AWStats as a CGI#Alias / awstatsclasses "/ usr/local/awstats/wwwroot/classes/" Alias / awstatscss "/ usr/local/awstats/wwwroot/css/" Alias / awstatsicons "/ usr/local/awstats/wwwroot/icon/" ScriptAlias / awstats/ "/ usr/local/awstats/wwwroot/cgi-bin/" # # This is to permit URL access to scripts/files in AWStats directory.# Options None AllowOverride None Order allow,deny Allow from all

Modify it

[root@localhost tools] # vim / etc/httpd/conf/httpd.conf Options None AllowOverride None# Order allow,deny# Allow from all Require all granted

5.4 modify site statistics configuration file [root@localhost tools] # vim / etc/awstats/awstats.www.kgc.com.conf 50 LogFile= "/ var/log/httpd/access_log" 220 DirData= "/ var/lib/awstats"

Dirdata data storage directory, because it does not exist, so create this directory

[root@localhost tools] # mkdir / var/lib/awstats5.4.2 restart httpd [root @ localhost tools] # systemctl restart httpd [root@localhost tools] #

Note: the localhost in http://localhost/awstats/awstats.pl?config=www.kgc.com is changed to domain name

Refresh log data. / awstats_updateall.pl now [root@localhost tools] #. / awstats_updateall.pl nowRunning'"/ usr/local/awstats/wwwroot/cgi-bin/awstats.pl"-update-config=www.kgc.com-configdir= "/ etc/awstats"'to update config www.kgc.comCreate/Update database for config "/ etc/awstats/awstats.www.kgc.com.conf" by AWStats version 7.6 (build 20161204) From data in log file "/ var/log/ Httpd/access_log "... Phase 1: First bypass old records Searching new record...Searching new records from beginning of log file...Phase 2: Now process new records (Flush history on disk after 20000 hosts)... Jumped lines in file: 0Parsed lines in file: 250Found 0 dropped records, Found 0 comments, Found 0 blank records, Found 1 corrupted records, Found 0 old records, Found 249 new qualified records.

5.6 perform log analysis And set cron schedule task 5.6.1 first get the absolute path to execute the script [root@localhost tools] # pwd/usr/local/awstats/tools [root@localhost tools] # lsawstats_buildstaticpages.pl awstats_updateall.pl httpd_conf nginx xsltawstats_configure.pl dolibarr logresolvemerge.pl urlaliasbuilder.plawstats_exportlib.pl geoip_generator.pl maillogconvert.pl webmin [root@ Localhost tools] # 5.6.2 then proceed to add crond task Turn on crond, and set up self-boot [root@localhost tools] # crontab-eBay charger 5 * / usr/local/awstats/tools/awstats_updateall.pl now [root@localhost tools] # crontab-laccountAccord 5 * / usr/local/awstats/tools/awstats_updateall.pl now [root@localhost tools] # systemctl start crond [root@localhost tools] # systemctl enable crond 6: visit AWStats Analysis system 6.1 to view the statistics page.

6.2 set the page to jump automatically Easy access to [root@localhost tools] # cd / var [root@localhost var] # lsaccount cache db games kerberos local log named opt run target wwwadm crash empty gopher lib lock mail nis preserve spool tmp yp [root@localhost var] # cd www/ [root@localhost www] # lscgi-bin html [root@localhost www] # cd html/ [root@localhost html] # ls [root@localhost html] # vim aws.html 6.2.2 and then Restart httpd [root @ localhost html] # systemctl restart httpd

Summary

Apache Link retention related parameters Apache access Control function and Common Control methods Apache Log Segmentation method AWStats Analysis system deployment and Application

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.