This article originally appeared in issue 92 of Linux User & Developer magazine. Subscribe and save more than 30% and receive our exclusive money back guarantee – click here to find out more.

As of February 2010, Apache served over 54.46% of all websites and over 66% of the million busiest. It is available on a wide variety of platforms including Linux, Mac OS X, Windows and BSD. One of the key factors behind Apache HTTP Server’s success is its modular architecture. The Apache HTTP Server core is very simple and doesn’t do much. The default distribution of HTTP Server contains the core and a set of core Apache Modules that handle most of the web-server-related operations. This modular architecture presents several benefits. For example, instead of running the full server, one can enable only the modules that one will use; this way one can run the most efficient version of the HTTP Server without changing the server code. Another benefit of modular architecture is extensibility. Apache as a web server community implements a defined feature set approved by the community, but that may or may not be enough for everybody. With extensible architecture, anybody can extend Apache HTTP Server according to their needs by developing Apache modules.

As mentioned previously, Apache HTTP Server comes with several built-in modules. You can run the following command to find out the list of built-in (or compiled-in) modules:

$ apachectl -l

Names starting from mod_ are the actual modules that we are talking about and can be disabled or enabled using the httpd.conf file.

The vanilla distribution (when compiled with default options) of Apache HTTP Server (2.2.16) comes with the following important modules…

mod_authn_file.c: This provides a user authentication system using plain text files.
mod_authn_default.c: This module provides fallback for the authentication system. If you have not configured an authentication module, this module will reject any credential provided by user.
mod_authz_host.c: Provides group authentication based on host name or IP address
mod_authz_groupfile.c: Provides group authentication using plain text files.
mod_authz_user.c: Provides the base user authentication system.
mod_include.c: Processes the server-side include files.
mod_filter.c: This module enables smart, context-sensitive configuration of output content filters.
mod_log_config.c: Provides logging system for client request.
mod_env.c: Modifies the environment which is passed to CGI scripts and SSI pages.
mod_mime.c: Provides the valid MIME type of a file that is being served.
mod_autoindex.c: Generates directory indexes automatically, similar to the UNIX
‘ls’ command.
mod_cgi.c: Provides support for CGI scripts.
mod_dir.c: Provides for ‘trailing slash’ redirects and serving directory index files.
mod_alias.c: Provides mapping support for file system directory and URL redirection.
mod_so.c: Provides support for module loading during server startup or restart.

Developing a ‘Hello World’ Apache Module
First of all perform the following steps to install Apache from source:

$ wget http://mirror.cloudera.com/apache//httpd/httpd-2.2.16.tar.gz
$ tar xvfz http-*
$ cd httpd*
$ ./configure --prefix=$HOME/ludapache //This will install apache into ludapache folder in your home directory.
$ make
$ make install

By now you will have the Apache Web Server installed and configured to listen on default HTTP port, ie 80. On most of the UNIX systems, port 80 is reserved for the system web server and can only be run with root privileges. To run the web server in non-root mode we will need to make some changes to the Apache configuration file:

$ <HTTPD Direcotry>/conf/httpd.conf

In the following section, change ‘Listen 80’ to ‘Listen 3322’.

# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#Listen 12.34.56.78:80
Listen 3322

Continue to page 2 – building a ‘Hello World’ module

Swayam Prakasha explains the types of attacks that could happen over a network and their preventive measures. He also takes a look at various means of securing a web server

Advisor:
Swayam Prakasha has been working in information technology for several years, concentrating on areas such as operating systems, networking, network security, electronic commerce, internet services, LDAP and web servers. Swayam has authored a number of articles for trade publications, and he presents his own papers at industry conferences.

Network and information security refers to the confidence that unauthorised users cannot access the information and services available on a network. Security implies safety. It assumes data integrity, freedom from unauthorised access of resources and freedom from disruption of services. As far as security is concerned, we need to protect both physical and abstract resources, such as information. Protecting the latter is more difficult.
Information security is concerned with three main areas: confidentiality (information should be available only to those who rightfully have access to it), integrity (information should be modified only by those who are authorised to do so) and availability (information should be accessible to those who need it when they need it).

Authentication attack
On the internet, where data passes across intermediate routers and networks, source authentication can be easily attacked at one of the intermediate routers. For example, an impostor can gain control of a router, ‘R’, that lies between a valid client and a server. He can then alter the routes in R to direct return traffic to him and generate a request using the authorised client’s address as a source address. The server will, in this case, accept the request and send the reply to the authorized client. When it reaches R, the reply will be forwarded along the incorrect route to the impostor.

The above example illustrates the need for the server and client to not communicate with impostors. One way of ensuring this is to use the authentication mechanism (also known as IP address authentication). This is a simple security mechanism to verify identification. Here, a server is configured with a list of valid IP source addresses. And when a request arrives, the server makes sure that it’s from a valid client by matching the client’s IP address with the ones in the configured list. Only if the client is authorised does the server grant it the service requested for.

Another method is the public-key encryption mechanism. In this case, we will be using a pair of keys: a public key and a private key. The sender using the public key of the receiver will encrypt the message and when the receiver receives it, he decrypts it using his private key (which only he knows). Thus the sender can make sure that only the intended receiver will receive the message. The public key encryption can be used for authentication, confidentiality and integrity of the messages.

Top Vulnerabilities
1. Default installations of operating system and applications
2. Accounts with no password or weak password
3. Non-existent or incomplete backup
4. A large number of open ports
5. Not filtering packets for correct incoming and outgoing addresses
6. Non-existent or incomplete logging
7. Vulnerable CGI programs
8. Sendmail vulnerabilities
9. BIND weaknesses

This tutorial will help you to get started with DokuWiki and show you how to extend its functionality with plug-ins…

Advisor:
Dmitri Popov
Dmitri has been writing exclusively about open source software for almost a decade, with a focus on productivity tools and applications.

Resources:
A server with the Apache server and PHP 4.3.3 or higher
The latest stable version of DokuWiki
Tag plug-in
DISQUS plug-in
ODT plug-in
Statistics plug-in
Sync plug-in

DokuWiki has gradually evolved into a powerful and flexible wiki engine suitable for most tasks involving web publishing and collaborative editing. This lightweight and elegant wiki software offers a few nifty features that make it a compelling choice for individual users and work groups alike. DokuWiki doesn’t use a database back-end (all pages are stored as plain text files), which makes it significantly easier to install and maintain a wiki. It provides a flexible mechanism for managing users and their privileges. More importantly, DokuWiki’s default functionality can be extended using plug-ins, and the project’s website features hundreds of modules that can turn your wiki into pretty much anything you like: a blog engine, photo gallery, or database front-end. In other words, no matter what type of content your want to publish on the web, chances are that DokuWiki can handle it with consummate ease.

This article originally appeared in issue 80 of Linux User & Developer magazine. Back issues are still available.

01     Install DokuWiki
Grab the latest release of DokuWiki from the project’s website, unpack the downloaded archive and rename the resulting directory to dokuwiki. Then move the dokuwiki folder into the document root of your Apache server. If you are using XAMPP, the document root is the htdocs directory.

02    Install DokuWiki (continued)
Make the data, conf and lib/plugins directories writable by running the chmod command as root – for example: chmod -R 777 /opt/lampp/htdocs/dokuwiki/data. Point your browser to http://yourserver/dokuwiki/install.php and provide the required information. To make your DokuWiki installation more secure, enable the ACL (Access Control List) feature and grant editing rights only to registered users.

03    Configure DokuWiki settings
Before you start using your wiki, you should configure DokuWiki’s settings. To do that, log in using the username and password you specified during installation, press the Admin button and click on the Configuration Settings link. This opens the Configuration Manager page containing all DokuWiki’s configuration options.

04     Configure basic settings
First of all, you might want to choose the appropriate licence for your wiki’s content. Next, set the Use First Heading For Pagenames option to Always, to force DokuWiki to use the first heading in the text as the page’s title. This might sound like a minor thing, but it greatly improves the overall readability of your wiki.

05    Disable DokuWiki actions
The Disable DokuWiki Actions section lets you disable certain features. For example, if you plan to use your wiki as a conventional content management system, you might want to disable the Old Revisions feature. You can also prevent users from creating accounts in your wiki by disabling the Register function.

06    Modify editing settings
DokuWiki allows you to enable embedding of HTML and PHP code in wiki pages, but you have to enable this functionality manually by ticking the appropriate checkboxes in the Editing Settings section. Keep in mind, though, that according to DokuWiki’s developer, enabling this feature makes your wiki less secure.

07     Tweak advanced settings
The Advanced Settings section allows you to enable and configure several useful settings, including nice URLs which format URLs in a more readable format. You can also enable the 404 error message for non-existing pages, specify the RSS feed format, as well as enable the XML-RPC interface which lets you access your wiki from external applications.

WebIssues is one of the rare bug-tracking programs that combines the ease of use of a desktop application and the scalability of a web application…

Advisor:
Kunal Deo
A veteran open source developer currently leading two open source projects – WinOpen64 and KUN Wiki. Kunal is also a KDE developer who has contributed to many open source projects including KDE-Solaris, Belenix and Openmoko. He’s written numerous articles on open source, Solaris and Linux related technologies for various technical magazines around the globe. He is also writing a book, ‘Porting On Open Solaris’

Resources:
WebIssues client and server packages
This tutorial is written for 0.9.5 (Client) and 0.8.4 (Server), but can be used with other versions too.
Mandatory development packages include GCC, g++, automake, make etc.
Nokia Qt 4.2 or later development packages. Please note that you will need the development packages for Qt. In a few distributions, development packages are suffixed with dev or devel. For example, Fedora lists it as qt-devel. To check that you have installed the correct version of Qt, you can run the following command:
$ qmake -v
In recent versions of Fedora Linux, qmake (and other command-line tools) are packaged as qmake-qt4 . You may want to create a symbolic link to qmake in case you run into any problems.
Apache Web Server and PHP Module for Apache
MySQL Database Server
PHP MySQL Database extension (php-mysql or php-mysqli)

Bug tracking is a crucial part of any software development process. Having an efficient bug-tracking platform is very important. Most of the bug-tracking programs available today are web only. This poses a little bit of a problem. Web-based solutions are not very good at delivering the performance of a desktop application, no matter how much Web 2.0, Web 3.0 and AJAX you add.

WebIssues provides a nice desktop application user experience. It is not just meant for bugs, but also provides team collaboration features that can help with software projects with large number of team members. WebIssues has a lot of features that makes the bug-tracking process very easy and intuitive. The following lists a few of the most important features of WebIssues:
• Desktop-based lightweight client interface.
• Reporting and data extraction facilities.
• The capability for comprehensive security and rights management.

This tutorial is divided into the following three sections:
1. Installation: In this first section we will talk about installing the WebIssues client and
server components.
2. Administration: This section will talk about basic administration tasks that you can do
with WebIssues, such as creating a project and adding users.
3. Bug Management: In this final section, we will talk about basic bug management tasks, like filing and editing a bug.

So without further ado, let’s get started…

This article originally appeared in issue 81 of Linux User & Developer magazine.
Back issues are available here.