Servers and Security

REPORT ON SUMMER TRAINING

SERVERS AND SECURITY

Bechlor of Technology (with specialization in Computer Science & Engineering)

Guided By:Submitted By: Mr. SaurabhGalav Hardik Pareek Director CS-A (G2) VIIthSem Linux Scrappers Technologies Pvt. Ltd. 10ESKCS043 JaipurSKIT College, Jaipur

Department of Computer Science Engineering Swami Keshwanand Institute of Technology Management &Gramothan Rajasthan Technical University Kota November, 2013

ACKNOWLEDGEMENT

It was highly educative and interactive to take training at Linux Scrappers Technologies Pvt. Ltd. As an IT engineer is incomplete Without proper knowledge of present market needs, I couldn’t find any place better than this to update myself in the challenging, interesting and on-demand field of Servers and their Security.

I am very much thankful to the Mr. SaurabhGalav for accepting my application to undergo my training at their institute. I once again thank him, as he himself was my trainer during the course of my training.

I extend my vote of thanks to my team during my project to help me wherever I found it difficult to go further. I pay all of my teammates, Mr. Siddharth Sharma, Mr. Nealabh and Mrs. AkshitaPoonia.

Hardik Pareek B. Tech. (VIIthSem, CSE) 10ESKCS043

PAGE INDEX

TOPICS PAGE NO

1. PREFACE 5 2. INTRODUCTION 6 2.1 WHAT IS LINUX? 2.2 THE HISTORY OF LINUX 2.3 LINUX ARCHITECTURE 2.4 LINUX USES 2.5 GNU/LINUX 3. COMPANY PROFILE 16 4. PROJECT DESCRIPTION 17 5. WEB ANALYTICS 5.1 WHAT IS WEB ANALYTICS? 5.2 WEB SERVER LOGFILE ANALYSIS 5.3 ADVANTAGES OF LOGFILE ANALYSIS 5.4 WEB ANALYTICS – DEFIANTIONS 6. TOOLS USED IN WEB ANALYTICS 25 6.1 INTRODUCTION OF AWSTATS 6.2 FEATURES OF AWSTATS 6.3 REQUIREMENT 6.4 AWSTATS INSTALLATION 6.5 AWSTATS CONFIGURATION 6.6 AWSTATS REPORTING 6.7 SCREENSHOTS OF AWSTATS 7. MAIL SERVER 37 7.1 WHAT IS MTA? 7.2 OPERATION PERFORMED BY MTA 7.3 WHAT IS MUA? 7.4 OPERATION PERFORMED BY MUA 8. TOOLS USED IN MAIL SERVER 42 8.1 INTRODUCTION OF HORDE 8.2 FEATURES OF HORDE 8.3 INSTALLING HORDE 8.4 SCREENSHOTS OF HORD 9. BIBLOGRAPHY 55 3

FIGURE INDEX

FIGURE NAME PAGE NO.

1. LINUX ARCHITECTURE 11 2. LINUX SERVER ARCHITECTURE 12

PREFACE

As we know that an engineer has to serve an industry, for that one must be aware of industrial environment, their management, problems and the way of working out their solutions at the industry.

After the completion of the course an engineer must have knowledge of latest technologies and the trends that IT industries are going through. It is the need of the time that a recent engineer should master himself according to latest technology and the need of market.

Six weeks training cum Internship period provided me the opportunity to upgrade myself with a latest technology with a vast market among IT Sector through the globe. The field is SERVERS AND SECURITY. I have studied about Red Hat Enterprise Linux in network services, system and security administration.

I have been lucky enough to get a chance for undergoing this training cum internship at Linux Scrappers Technologies Pvt. Ltd. Linux Scrappersprovides quality training in the field of Linux Servers and Security, Web Development, Networking, Android, Ethical Hacking and iOS Development.

5 I

INTRODUCTION

What is LINUX?

Linux is a UNIX like computer Operating System assembled under the model of free and open source development and distribution. The defining component of Linux is the Linux Kernel,an operating System kernel first released on 5 October 1991, by Linus Torvalds. Because it considers Linux to be a variant of the GNU operating system, initiated in 1983 by Richard Stallman, the Free Software Foundation prefers the name GNU/LINUX when referring to the operating system as a whole. Linux was originally developed as a free operating system for Intel x86- based personal computers. It has since been ported to more computer hardware platforms than any other operating system. It is a leading operating system on servers and other big iron systems such as mainframe computers and supercomputers: more than 90% of today 500 fast running supercomputers run some variant of Linux,including the 10 fastest. Linux also runs on embedded systems (devices where the operating system is typically built into the firmware and highly tailored to the system) such as mobile phones, tablet computers, network routers, building automation controls and televisions, the Android system in wide use on mobile devices is built on the Linux kernel. The development of Linux is one of the most prominent examples of free and open source collaboration: the underlying source code may be used, modified, and distributed—commercially or non-commercially—by anyone under licenses such as the GNU General Public License. Typically Linux is packaged in a format known as a Linux Distribution for desktop and server use. Some popular mainstream Linux distributions include Debian(and its derivatives such as Ubuntu and Linux Mint), Fedora (and its derivatives such as the commercial Red Hat Enterprise Linux and its open equivalentCentOS), openSUSE(and its commercial derivative SUSE 6 Enterprise Server), and Arch Linux. Linux distributions include the Linux kernel, supporting utilities and libraries and usually a large amount of application software to fulfill the distribution's intended use. A distribution oriented toward desktop use will typically include the X Windows System and an accompanying desktop environment such as

GNOME or KDE Plasma. Some such distributions may include a less resource intensive desktop such as LXDE or Xfcefor use on older or less powerful computers. A distribution intended to run as a server may omit all graphical environments from the standard install and instead include other software such as the Apache HTTP Server and an SSH Server such as openSSH. Because Linux is freely redistributable, anyone may create a distribution for any intended use. Applications commonly used with desktop Linux systems include the Mozilla Firefox web browser, theLibreOfficeoffice application suite, and the GIMP image editor.

The History of Linux

Linux is a freely distributable version of UNIX. UNIX is one of the most popular operating systems for networking worldwide because of its large support base and distribution. Linus Torvalds, who was then a student at the University of Helsinki in Finland, developed Linux in 1991. It was released for free on the Internet and generated the largest software- development phenomena of all time. Because of GNU software (GNU being an acronym for Gnu's Not UNIX) created by the Free Software Foundation, Linux has many utilities to offer. The Free Software Foundation offers royalty-free software to programmers and developers. From the very beginning, Linux has been entwined with GNU software. From 1991, Linux quickly developed on hackers' web pages as the alternative to Windows and the more expensive UNIX systems. When Red Hat released its commercial version of Linux packaged with tech support and documentation, the floodgates broke and the majority of the public became aware of Linux and its capabilities. Now more and more new users are willing to try Linux on their personal PCs and business users are willing to use Linux to run their networks. Linux has become the latest phenomenon to hit the PC software market.

Linux is a unique operating system in that it is an active participant in the Open Source Software movement. The GNU General Public License, also known as GPL, legally covers Linux. Open Source software is free but is not in the public domain. It is not shareware either. GPL allows people to take free software and distribute their own versions of the software. However, the vendors who sell free software cannot restrict the rights of users who purchase the software. In other words, users who buy GPL software can make copies of it and distribute it free of charge or for a fee. Also, distributors of GPL software must make it clear that the software is covered by the GPL and must provide the complete source code for the software at no cost. Linux embodies the Open Source model. Open source applies to software for which the source code is freely available for anyone to download, alter,

8 and redistribute. Linux is the perfect operating system for hackers because they can freely download newer versions of the Linux kernel or

other Linux utilities of the Internet and instantly change its source code to fix any software bugs found. That way, bugs can be fixed in a matter of hours as opposed to days and weeks. Beta testers and code debuggers are unorganized and spread throughout the world, but surprisingly, they have managed to quickly debug Linux software efficiently and cooperate online through the use of the Internet.

Linux Architecture

A Linux-based system is a modular UNIX like operating system. It derives much of its basicdesign from principles established in Unix during the 1970s and 1980s. Such a system uses a monolithic kernel, the Linux Kernel, which handles process control, networking, and peripherals and file system access. Device driver are either integrated directly with the kernel or added as modules loaded while the system is running. Separate projects that interface with the kernel provide much of the system's higher-level functionality. The GNU userlandis an important part of most Linux-based systems, providing the most common implementation of the C library, a popular shell, and many of the common Unix tools which carry out many basic operating system tasks. The Graphical User Interface (or GUI) used by most Linux systems is built on top of an implementation of the X Windows System. Some components of an installed Linux system are:  A bootloader - for example GNU GRUB or LILO. This is a program which is executed by the computer when it is first turned on, and loads the Linux kernel into memory.  An init program. This is the first process launched by the Linux kernel, and is at the root of the process tree: in other terms, all processes are launched through init. It starts processes such as system services and login prompts (whether graphical or in terminal mode) • Software librariesthat contain code which running processes can use. On Linux systems using ELF-format executable files, 10 the dynamic linker which manages use of dynamic libraries is "ld-linux.so". The most commonly used software library on Linux systems is the GNU C Library. If the system is set up for the user to compile software themselves, header files will also be included to describe the interface of installed libraries.

Linux Servers, mainframes and supercomputers:

Linux Distributions have long been used as server operating systems, and have risen to prominence in that area; Netcraftreported in September 2006 that eight of the ten most reliable

12 internet hosting companies ran Linux distributions on their web servers. Since June 2008, Linux distributions represented five of the top ten, FreeBSD three of ten, and Microsoft two of tensince February 2010, Linux distributions represented six of the top ten, FreeBSD two of ten, and Microsoft one of ten. Linux distributions are the cornerstone of the LAMP server-software combination (Linux, Apache, MariaDB/MySQL, Perl/PHP /Python) which has achieved popularity among developers, and which is one of the more common platforms for website hosting. Linux Distributions have become increasingly popular on mainframes in the last decade partly due to pricing and the open-source model. In December 2009, computer giant IBM reported that it would predominantly market and sell mainframe-based Enterprise Linux Server. Linux distributions are also commonly used as operating systems for supercomputer, since November 2010, out of the top 500 systems, 459 (91.8%) run a Linux distribution. Linux was also selected as the operating system for the world's most powerful supercomputer,IBM's Sequoia that became operational in 2011.

Linux Uses

As well as those designed for general purpose use on desktops and servers, distributions may be specialized for different purposes including: computer architecture support, embedded system, stability, security, localization to a specific region or language, targeting of specific user groups, support for real-time applications, or commitment to a given desktop environment. Furthermore, some distributions deliberately include only free software. Currently, over three hundred distributions are actively developed, with about a dozen distributions being most popular for general-purpose use. Linux is a widely ported operating system kernel. The Linux kernel runs on a highly diverse range of computer architecture: in the hand-held ARM-based iPAQ and the mainframe IBM System z9, System z10 in devices ranging from mobile phones to supercomputers. Specialized distributions exist for less mainstream architectures. The ELSK kernel fork can run on Intel 8086 or Intel 8028616-bit microprocessors, while the kernel fork may run on systems without a memory management unit. The kernel also runs on architectures that were only ever intended to use a manufacturer-created operating system, such as Macintosh computers (with both PowerPC and Intel processors), PDAs, video game console, portable music players, and mobile phones. There are several industry associations and hardware conferences devoted to maintaining and improving support for diverse hardware under Linux, such as FreedomHEC.

GNU/LINUX

The Free Software Foundation views Linux distributions that use GNU software as GNU Variants and they ask that such operating systems be referred to as GNU/Linux or a Linux-based GNU system. The media and common usage, however, refers to this family of operating systems simply as Linux, as do many large Linux distributions (e.g. SUSE Linux and Mandriva Linux). Some distributions, notably Debian, use GNU/Linux. The naming issue remains controversial.

COMPANY PROFILE

Red Hat, Inc. is an American multinational software company that is engaged in providing open source software products to the enterprise community. Founded in 1993, Red Hat has its corporate headquarters in Raleigh, North Carolina with satellite offices worldwide. Red Hat has become associated to a large extent with its enterprise operating system Red Hat Enterprise Linux and with the acquisition of open-source enterprise middleware vendor JBoss. Red Hat provides operating system platforms, middleware, applications, management products, and support, training, and consulting services. Red Hat creates, maintains, and contributes to many free software projects and has also acquired several proprietary software packages and released their source code mostly under the GNU GPL while holding copyright under a single commercial entity and selling user subscriptions. As of June 2013, Red Hat is the largest corporate contributor to Linux.

Project Description

1. WEB ANALYTICS 1.1 INTRODUCTION 1.2 TOOLS USED 1.3 INSTALLATION 1.4 CONFIGURATION 1.5 SCREENSHOTS

2. MAIL SERVER 2.1 INTRODUCTION 2.2 TOOLS USED 2.3 INSTALLATION 2.4 CONFIGURATION 2.5 SCREENSHOTS

WEB ANALYTICS

What is Web Analytics?

Web analytics is the measurement, collection, analysis and reporting of Internet data for purposes of understanding and optimizing web usage. Web analytics is not just a tool for measuring web traffic but can be used as a tool for business and market research, and to assess and improve the effectiveness of a web site. Web analytics applications can also help companies measure the results of traditional print or broadcast advertising campaigns. It helps one to estimate how traffic to a website changes after the launch of a new advertising campaign. Web analytics provides information about the number of visitors to a website and the number of page views. It helps gauge traffic and popularity trends, which is useful for market research. There are two categories of web analytics; off-site and on-site web analytics. Off-site web analytics refers to web measurement and analysis regardless of whether you own or maintain a website. It includes the measurement of a website's potential audience (opportunity), share of voice (visibility), and buzz (comments) that is happening on the Internet as a whole. On-site web analytics measure a visitor's behavior once on your website. This includes its drivers and conversions; for example, the degrees to which different landing pages are associated with online purchases. On- site web analytics measures the performance of your website in a commercial context. This data is typically compared against key performance indicator for performance, and used to improve a web site or marketing campaign's audience response. Google Analytics is the most widely-used on-site web analytics service; although new tools are emerging that provide additional layers of information, including heat maps and session replay.

Web server logfile analysis

Web servers record some of their transactions in a logfile. It was soon realized that these logfiles could be read by a program to provide data on the popularity of the website. Thus aroseweb log analysis software. In the early 1990s, web site statistics consisted primarily of counting the number of client requests (or hits) made to the web server. This was a reasonable method initially, since each web site often consisted of a single HTML file. However, with the introduction of images in HTML, and web sites that spanned multiple HTML files, this count became less useful. The first true commercial Log Analyzer was released by IPRO in 1994. Two units of measure were introduced in the mid-1990s to gauge more accurately the amount of human activity on web servers. These were page views and visits (or sessions). A page view was defined as a request made to the web server for a page, as opposed to a graphic, while a visit was defined as a sequence of requests from a uniquely identified client that expired after a certain amount of inactivity, usually 30 minutes. The page views and visits are still commonly displayed metrics, but are now considerer rather rudimentary. The emergence of search engine spider and robots in the late 1990s, along with web proxies and dynamically assigned IP for large companies and ISPs, made it more difficult to identify unique human visitors to a website. Log analyzers responded by tracking visits by cookies, and by ignoring requests from known spiders. The extensive use of web caches also presented a problem for logfile analysis. If a person revisits a page, the second request will often be retrieved from the browser's cache, and so the web server will receive no request. This means that the person's path through the site is lost. Configuring the web server can defeat caching, but this can result in degraded performance for the visitor and bigger load on the servers.

Advantages of logfile analysis

The main advantages of logfile analysis over page tagging are as follows:

• The web server normally already produces logfiles, so the raw data is already available. No changes to the website are required.

• The data is on the company's own servers, and is in a standard, rather than a proprietary, format. This makes it easy for a company to switch programs later, use several different programs, and analyze historical data with a new program.

• Logfiles contain information on visits from search engine spiders, which generally do not execute JavaScript on a page and are therefore not recorded by page tagging. Although these should not be reported as part of the human activity, it is useful information for SEO.

• Logfiles require no additional DNS lookups orTCP slow start. Thus there are no external server calls that can slow page load speeds, or result in uncounted page views.

The web server reliably records every transaction it makes, e.g. serving PDF documents and content generated by scripts, and does not rely on the visitors' browsers cooperating.

On-site web analytics – definitions

• Hit - A request for a file from the web server. Available only in log analysis. The number of hits received by a website is frequently cited to assert its popularity, but this number is extremely misleading and dramatically overestimates popularity. A single web-page typically consists of multiple (often dozens) of discrete files, each of which is counted as a hit as the page is downloaded, so the number of hits is really an arbitrary number more reflective of the complexity of individual pages on the website than the website's actual popularity. The total number of visits or page views provides a more realistic and accurate assessment of popularity.

• Page view - A request for a file, or sometimes an event such as a mouse click, that is defined as a page in the setup of the web analytics tool. An occurrence of the script being run in page tagging. In log analysis, a single page view may generate multiple hits as all the resources required to view the page (images, .js and .css files) are also requested from the web server.

• Event - A discrete action or class of actions that occurs on a website. A page view is a type of event. Events also encapsulate clicks, form submissions, key press events, and other client-side user actions.

• Visit / Session - A visit or session is defined as a series of page requests or, in the case of tags, image requests from the same uniquely identified client. A visit is considered ended when no requests have been recorded in some number of elapsed minutes. A 30-minute limit ("time out") is used by many analytics tools but can, in some tools, be changed to another number of minutes. Analytics data collectors and analysis tools have no reliable way of knowing if a visitor has looked at other sites between page views; a visit is considered one visit as long as the events (page views, clicks, whatever is being recorded) are 30 minutes or less closer together. Note that a visit can consist of one page view, or thousands. 21

• First Visit / First Session - (also called 'Absolute Unique Visitor' in some tools) A visit from a uniquely identified client that has theoretically not made any previous visits. Since the only way of knowing whether the uniquely identified client has been to the site before is the presence of a persistent cookie that had been received on a previous visit, the First Visit label is not reliable if the site's cookies have been deleted since their previous visit.

• Visitor / Unique Visitor / Unique User - The uniquely identified client that is generating page views or hits within a defined time period (e.g. day, week or month). A uniquely identified client is usually a combination of a machine (one's desktop computer at work for example) and a browser (Firefox on that machine). The identification is usually via a persistent cookie that has been placed on the computer by the site page code. An older method, used in log file analysis, is the unique combination of the computer's IP address and the User Agent (browser) information provided to the web server by the browser. It is important to understand that the "Visitor" is not the same as the human being sitting at the computer at the time of the visit, since an individual human can use different computers or, on the same computer, can use different browsers, and will be seen as a different visitor in each circumstance. Increasingly, but still somewhat rarely, visitors are uniquely identified by Flash LSO's (Local Shared Object), which are less susceptible to privacy enforcement.

• Repeat Visitor - A visitor that has made at least one previous visit. The period between the last and current visit is called visitor regency and is measured in days.

• New Visitor - A visitor that has not made any previous visits. This definition creates a certain amount of confusion (see common confusions below), and is sometimes substituted with analysis of first visits.

• Impression - The most common definition of "Impression" is an instance of an advertisement appearing on a viewed page. Note that an advertisement can be displayed on a viewed page below the area actually displayed on the screen, so most measures of impressions

do not necessarily mean an advertisement has been viewable.

• Single Page Visit / Singleton - A visit in which only a single page is viewed (a 'bounce').

• Bounce Rate - The percentage of visits that are single page visits.

• Exit Rate / % Exit - A statistic applied to an individual page, not a web site. The percentage of visits seeing a page where that page is the final page viewed in the visit.

• Page Time Viewed / Page Visibility Time / Page View Duration - The time a single page (or a blog, Ad Banner...) is on the screen, measured as the calculated difference between the time of the request for that page and the time of the next recorded request. If there is no next recorded request, then the viewing time of that instance of that page is not included in reports.

• Session Duration / Visit Duration - Average amount of time that visitors spend on the site each time they visit. This metric can be complicated by the fact that analytics programs cannot measure the length of the final page view.

• Average Page View Duration - Average amount of time that visitors spend on an average page of the site.

• Active Time / Engagement Time - Average amount of time that 23 visitors spend actually interacting with content on a web page, based on mouse moves, clicks, hovers and scrolls. Unlike Session Duration and Page View Duration / Time on Page, this metric can accurately measure the length of engagement in the final page view, but it is not available in many analytics tools or data collection methods.

• Average Page Depth / Page Views per Average Session - Page Depth is the approximate "size" of an average visit, calculated by dividing total number of page views by total number of visits.

• Frequency / Session per Unique - Frequency measures how often visitors come to a website in a given time period. It is calculated by dividing the total number of sessions (or visits) by the total number of unique visitors during a specified time period, such as a month or year. Sometimes it is used interchangeable with the term "loyalty."

• Click path - the chronological sequence of page views within a visit or session.

• Click - "refers to a single instance of a user following a hyperlink from one page in a site to another".

• Site Overlay is a report technique in which statistics (clicks) or hot spots are superimposed, by physical location, on a visual snapshot of the web page.

TOOLS USED IN WEB ANALYTICS

AWStats

Introduction of AWStats :

AWStats is short for Advanced Web Statistics. AWStats is powerful log analyzer which creates advanced web, ftp, mail and streaming server statistics reports based on the rich data contained in server logs. Data is graphically presented in easy to read web pages.

AWStats development started in 1997 and is still developed today by same author (Laurent Destailleur). However, development is now only "maintenance" or small new features because author spend, since July 2008, most of his time as project leader on another major OpenSourceprojet called Dolibarr ERP & CRM. But a lot of other developers maintains the software, above all for Linux distributions (fedora, debian, ubuntu...).

Designed with flexibility in mind, AWStats can be run through a web browser CGI (common gateway interface) or directly from the operating system command line. Through the use of intermediary data base files, AWStats is able to quickly process large log files, as often desired. With support for both standard and custom log format definitions, AWStats can analyze log files from Apache (NCSA combined/XLF/ELF or common/CLF log format), Microsoft's IIS (W3C log format), WebStar and most web, proxy, wap and streaming media servers as well as ftp and mail server logs.

AWStats is free software distributed under the GNU General Public License.

As AWStats works from the command line as well as a CGI, it is compatible with web hosting providers which allow CGI and log access.

Features of AWStats

AWStats' reports include a wide range of information on your web site usage:

* Number of Visits, and number of Unique visitors. * Visit duration and latest visits. * Authenticated Users, and latest authenticated visits. * Usage by Months, Days of week and Hours of the day (pages, hits, KB). * Domains/countries (and regions, cities and ISP with Maxmind proprietary geo databases) of visitor's hosts (pages, hits, KB, 269 domains/countries detected). * Hosts list, latest visits and unresolved IP addresses list. * Most viewed, Entry and Exit pages. * Most commonly requested File types. * Web Compression statistics (for Apache servers using mod_gzip or mod_deflate modules). * Visitor's Browsers (pages, hits, KB for each browser, each version, 123 browsers detected: Web, Wap, Streaming Media browsers..., around 482 with the "phone browsers" database). * Visitor's Operating Systems (pages, hits, KB for each OS, 45 OS detected). * Robots visits, including search engine crawlers (381 robots detected). * Track Downloads such as PDFs, compressed files and others * Search engines, Keywords and Phrases used to find your site (The 122 most famous search engines are detected like Yahoo, Google, Altavista, etc...) * HTTP Errors (Page Not Found with latest referrer, ...). * User defined reports based on url, url parameters, referrer (referer) 26 fields extend AWStats' capabilities to provide even greater technical

and marketing information. * Number of times your site is added to Bookmarks / Favorites. * Screen size (to capture this, some HTML tags must be added to a site's home page). * Ratio of integrated Browser Support for: Java, Flash, Real G2 player, Quicktime reader, PDF reader, WMA reader (as above, requires insertion of HTML tags in site's home page). * Cluster distribution for load balanced servers.

Requirements:

AWStats usage has the following requirements:

* You must have access to the server logs for the reporting you want to perform (web/ftp/mail).

* You must be able to run perl scripts (.pl files) from command line and/or as a CGI. If not, you can solve this by downloading latest Perl version at ActivePerl (Win32) or Perl.com (Unix/Linux/Other).

AWStats Installation, Configuration and Reporting

I. Setup: Installation and configuration using awstats_configure.pl

A) Setup for an Apache or compatible web server (on Unix/Linux)

Step 1:

(If you use a package provided with a Linux distribution, step 1 might have already been done; if you don't know, you can run this step again)

After downloading and extracting the AWStats package, you should run the awstats_configure.pl script to do several setup actions. You will find it in the AWStatstools directory (If using the Windows installer, the script is automatically launched): perl awstats_configure.pl

This is what the script does/asks (you can do all these steps manually instead of running awstats_configure.pl if you prefer):

A) awstats_configure.pl tries to determine your current log format from your Apache web server configuration file httpd.conf (it asks for the path if not found). If you use a common log, awstats_configure.pl will suggest changing it to the NCSA combined/XLF/ELF format (you can use your own custom log format but this predefined log format is often the best choice and makes setup easier). If you answer yes, awstats_configure.pl will modify your httpd.conf, changing the following directive: from CustomLog /yourlogpath/yourlogfile common to CustomLog /yourlogpath/yourlogfile combined

B) awstats_configure.pl will then add, if not already present, the following directives to your Apache configuration file (note that the

"/usr/local/awstats/wwwroot" path might differ according to your distribution or OS:

# # Directives to add to your Apache conf file to allow use of AWStats as a CGI. # Note that path "/usr/local/awstats/" must reflect your AWStats Installation path. # Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/" Alias /awstatscss "/usr/local/awstats/wwwroot/css/" Alias /awstatsicons "/usr/local/awstats/wwwroot/icon/" ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/" # # This is to permit URL access to scripts/files in AWStats directory. # Options None AllowOverride None Order allow,deny Allow from all

C) If changes were made as indicated in parts A and B, awstats_configure.pl restarts Apache to apply the changes. To be sure the log format change is effective, go to your homepage. This is an example of the type of records you should see inserted in your new log file after Apache was restarted:

62.161.78.75 - - [dd/mmm/yyyy:hh:mm:ss +0000] "GET / HTTP/1.1" 200 1234 "http://www.from.com/from.html" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"

D) awstats_configure.pl will ask you for a name for the configuration 29 profile file. Enter an appropriate name such as that of your web server or the virtual domain to be analyzed, i.e. mysite.

awstats_configure.pl will create a newfile called awstats.mysite.conf by copying the template file awstats.model.conf. The new file location is: - For Linux/BSD/Unix users: /etc/awstats.

E) awstats_configure.pl ends.

Step 2:

Once a configuration file has been created (by awstats_configure.pl, by your package installer or just by a manual copy of awstats.model.conf), it's important to verify that the "MAIN PARAMETERS" match your needs. Open awstats.mysite.conf in your favorite text editor (i.e. notepad.exe, vi, gedit, etc) - don´t use a word processor - and make changes as required.

Particular attention should be given to these parameters:

- Verify the LogFile value. It should be the full path of your server log file (You can also use a relative path from your awstats.pl directory, but a full path avoids errors).

- Verify the LogType value. It should be "W" for analyzing web log files.

- Check if LogFormat is set to "1" (for "NCSA apache combined/ELF/XLF log format") or use a custom log format if you don't use the combined log format.

- Set the SiteDomain parameter to the main domain name or the intranet web server name used to reach the web site to analyze (Example: www.mysite.com). If you have several possible names for same site, use the main domain name and add the others to the list in the HostAlias parameter.

30 - You can also change other parameters if you want. The full list is described in Configurations/Directives options page.

Installation and configuration is finished. You can jump to the Process logs: Building/updating statistics database section.

SCREESHOTS OF AWSTATS

Summary:

Monthly History:

Days of Week:

Days of Month:

Hours:

Countries:

Hosts:

Authentication :

Downloads and Browser:

Visit:

Miscellaneous:

MAIL SERVER

What is MTA?

A message transfer agentor mail transfer agent (MTA) or mail relay is software that transfers electronic mail messages from one computer to another using a client–server application architecture. An MTA implements both the client (sending) and server (receiving) portions of the Simple Mail Transfer Protocol. The terms mail server, mail exchanger, and MX host may also refer to a computer performing the MTA function. The Domain Name System (DNS) associates a mail server to a domain with mail exchanger (MX) resource records containing the domain name of a host providing MTA services. A mail server is a computer that serves as an electronic post office for email. Mail exchanged across networks is passed between mail servers that run specially designed software. This software is built around agreed-upon, standardized protocols for handling mail messages and the graphics they might contain.

Operation performed by MTA

A message transfer agent receives mail from either another MTA, a mail submission agent (MSA), or a mail user agent (MUA). The transmission details are specified by the Simple Mail Transfer Protocol (SMTP). When a recipient mailbox of a message is not hosted locally, the message is relayed, that is, forwarded to another MTA. Every time an MTA receives an email message, it adds a Received trace header field to the top of the header of the message, thereby building a sequential record of MTAs handling the message. The process of choosing a target MTA for the next hop is also described in SMTP, but can usually be overridden by configuring the MTA software with specific routes. A MTA works in the background, while the user usually interacts directly with a mail user agent. One may distinguish initial submission as first passing through an MSA – port 587 is used for communication between an MUA and an MSA while port 25 is used for communication between MTAs, or from an MSA to an MTA this distinction is first made in RFC 2476. For recipients hosted locally, the final delivery of email to a recipient mailbox is the task of a message delivery agent (MDA). For this purpose the MTA transfers the message to the message handling service component of the message delivery agent. Upon final delivery, the Return-Path field is added to the envelope to record the return path.

What is MUA?

An email client, email reader, or more formally mail user agent (MUA), is a computer program used to access and manage a user's email. The term can refer to any system capable of accessing the user's email mailbox, regardless of it being a mail user agent, a relaying server, or a human typing on a terminal. In addition, a web application that provides message management, composition, and reception functions is sometimes also considered an email client, but more commonly referred to as webmail. Popular locally installed email clients include Microsoft Outlook, IBMLotus Notes, Pegasus Mail, Mozilla's Thunderbird, KMail in the Kontact suite, Evolution and Apple Inc.'s Mail. Popular web-based email clients include: Gmail, Lycos Mail, Mail.com, Outlook.com and Yahoo! Mail.

Operation performed by MUA

Like most client programs, an email client is only active when a user runs it. The most common arrangement is for an email user (the client) to make an arrangement with a remote Mail Transfer Agent (MTA) server for the receipt and storage of the client's emails. The MTA, using a suitable mail delivery agent (MDA), adds email messages to a client's storage as they arrive. The remote mail storage is referred to as the user's mailbox. The default setting on many Unix systems is for the mail server to store formatted messages in mbox, within the user's HOME directory. Of course, users of the system can log-in and run a mail client on the same computer that hosts their mailboxes; in which case, the server is not actually remote, other than in a generic sense. Emails are stored in the user's mailbox on the remote server until the user's email client requests them to be downloaded to the user's computer, or can otherwise access the user's mailbox on the possibly remote server. The email client can be set up to connect to multiple mailboxes at the same time and to request the download of emails either automatically, such as at pre-set intervals, or the request can be manually initiated by the user. A user's mailbox can be accessed in two dedicated ways. The Post Office Protocol (POP) allows the user to download messages one at a time and only deletes them from the server after they have been successfully saved on local storage. It is possible to leave messages on the server to permit another client to access them. However, there is no provision for flagging a specific message as seen, answered, or forwarded, thus POP is not convenient for users who access the same mail from different machines. Alternatively, the Internet Message Access Protocol (IMAP) allows users to keep messages on the server, flagging them as appropriate. IMAP provides folders and sub-folders, which can be shared among different users with possibly different access rights. Typically, the Sent, Drafts,

40 andTrash folders are created by default. IMAP features an idle extension for real time updates, providing faster notification than polling, where long lasting connections are feasible. See also the remote messages section below. In addition, the mailbox storage can be accessed directly by programs running on the server or via shared disks. Direct access can be more efficient but is some email clients, including some webmail applications, use less portable as it depends on the mailbox format it.

TOOLS USED IN MAIL SERVER

HORDE(MUA)

Introduction of Horde:

Horde Groupware Webmail Edition is a free, enterprise ready, browser based communication suite. Users can read, send and organize email messages and manage and share calendars, contacts, tasks, notes, files, and bookmarks with the standards compliant components from the Horde Project. Horde Groupware Webmail Edition bundles the separately available applications IMP, Ingo, Kronolith, Turba, Nag, Mnemo, Gollem, and Trean. It can be extended with any of the released Horde applications or the applications that are still in development, like a bookmark manager or a file manager.

Features of Horde

• IMAP and POP3 webmail client • 3-pane and 3-column-layouts • Message filtering • Message searching • HTML message composition with WYSIWIG editor • Spell checking • Built in attachment viewers • Encrypting and signing of messages (S/MIME and PGP) • Quota support • Keyboard navigation • Full character set support for folders names and email messages • Conversation view of all messages in a thread • Downloading of message attachments in a ZIP file • Flexible, individual alias addresses • IMAP folder subscriptions • Shared IMAP folders • Graphical emoticons • Support for mailing list headers • Forwarding of multiple messages at once • Attachments sent as links

Installing Horde Framework 5

1 Quick Install These are very terse instructions how to install Horde and its prerequisites on a LAMP (Linux, Apache, MySQL, PHP) sytem. They are addressed to experienced administrators who know exactly what they are doing. For more detailed instructions, start reading below at Prerequisites. Compiling PHP for Apache 2: Cmd: Cmd: cd php-x.x.x/ Cmd: ./configure --with-apxs2=/usr/sbin/apxs2 \ --with-gettext --enable-mbstring --with-gd \ --with-png-dir=/usr --with-jpeg-dir=/usr \ [--with-mysql|--with-pgsql|--with-ldap] [--with-tidy] cmd: make cmd: make install

Restart Apache. Make sure your PEAR package is up-to-date: Cmd: pear upgrade PEAR

44 Cmd: pear channel-discover pear.horde.org

Set Horde installation directory: Cmd: pear install horde/horde_role Cmd: pear run-scripts horde/horde_role

Install Horde: Cmd: pear install -a -B horde/horde

Configure Horde: Cmd: cd config/ Cmd: cpconf.php.distconf.php

Finish configuration: http://your-server/horde/ Go to Administration => Configuration => Horde (Or navigate to http://your-server/horde/admin/config) Create database tables Go to Administration => Configuration. Click Update All DB Schemas. Test Horde Enable the test script in the Horde configuration at the General in the PHP Settings section, or edit horde/config/conf.php and set 'testdisable' to false. Go to: http://your-server/horde/test.php

2 Configuring Horde

Configuring the web server Horde requires the following webserver settings. Examples shown are for Apache; other webservers' configurations will differ. PHP interpretation for files matching *.php: AddType application/x-httpd-php .php The above instructions may not work if you have specified PHP as an output filter with SetOutputFilter directive in Apache 2.x versions. In particular, Red Hat 8.0 and above Apache 2.x RPMS have the output filter set, and MUST NOT have the above AddType directive added. index.php as an index file (brought up when a user requests a URL for a directory): DirectoryIndexindex.php Configuring HordeTo configure Horde, change to the config/ directory of the installed distribution, and copy the conf.php.dist configuration file to conf.php. Documentation on the format and purpose of the configuration files in the config/ directory can be found in each file. The defaults will be correct for most sites. If you wish to customize Horde's appearance and behavior, create "local" files for the configuration file you want to change. For example if you want to change the default value and lock a preference, create a config/prefs.local.php file with the following content:

This works with any configuration file.All configuration files in Horde are PHP scripts that are executed by the web server. If you make an error in

46 one of these files, Horde might stop working. Thus it is always a good idea to test the configuration files after you edited them. If you want to test mime_drivers.local.php for example run: php -l mime_drivers.local.php

• Completing Configuration You can now access Horde without a password, and you will be logged in as an administrator.You should first configure a real authentication backend and designate which accounts in your real backend will be administrator accounts. Horde does NOT have a default administrator account - all users, including administrators, must exist in the actual authentication backend. Click on Configuration in the Administration menu and configure Horde. Start in the Authentication tab. Here is an example for configuring authentication against a remote IMAP server. Similar steps apply for authenticating against a database, an LDAP server, etc. In the Which users should be treated as administrators field enter a comma separated list of user names of your choosing. This will control who is allowed to make configuration changes, see passwords, potentially add users, etc. In the what backend should we use for authenticating users to Horde pulldown menu select IMAP authentication. The page will reload and you will have specific options for IMAP authentication. In the Configuration type pull-down menu select Separate values. The page will reload with additional options. Fill in the remaining three fields appropriately: IP name/number of the IMAP server For a secure connection, select port 993.

Select the secure connection protocol to use, if desired. Continue to configure Horde through all the tabs of the configuration interface and click on Generate Horde Configuration. An important item that you probably want to configure is the Database Settings,

Which defines the database configuration that is used, by default, for several different Horde sub-systems.By default Horde will be using database backend for most sub-systems. If you do not plan to use a database with Horde, you need to go through all tabs of the configuration screen and change the configuration for those systems from SQL to a suitable alternative. Configuration of applications in registry.php is documented in the INSTALL file of each application. Most applications require you to configure them with a "Horde administrator" account. A Horde administrator account is any normal Horde account that has been added to the administrator list in the Authentication tab of the Horde configuration. The other files in that directory need only be modified if you wish to customize Horde's appearance or behavior -- the defaults will work at most sites. • Creating databases Once you created the database configuration in the previous step, you can create all database tables by hitting the Update all DB schemas button in the configuration screen.Please note that this requires the database that you entered in the database configuration to already exist, and the configured database user to have sufficient permissions to create new tables in this database.Alternatively you can run the bin/horde-db-migrate script in the Horde directory from the command line. Setting up alarm emails If you want your users to be able to receive emails from the Horde_Alarm system, you must set up a cron entry for horde-alarms, you must have at least one administrator specified in the Horde configuration, and you must have the PHP CLI installed (a CGI binary is not supported - php -v will report what kind of PHP binary you

48 have). Running the job every 5 minutes is recommended: # Horde Alarms */5 * * * * /usr/bin/horde-alarms

If not installing Horde through PEAR or if PEAR's bin_dir configuration doesn't point to /usr/bin/, replace /usr/bin/horde-alarms with the path to the horde-alarms script in your Horde installation.

Testing Horde Once you have configured your webserver, PHP, and Horde, bring up the included test page in your Web browser to ensure that all necessary prerequisites have been met. If you installed Horde as described above, the URL to the test page would be: http://your-server/horde/test.php The test script is disabled by default for security reasons. To enable set the 'testdisable' configuration option to false. After testing is completed, the testdisable option should be reset to true. Check that your PHP and PEAR versions are acceptably recent, that all required capabilities are present, and that magic_quotes_runtime is set to Off. Then note the Session counter: 1 line under PHP Sessions, and reload the page. The session counter should increment. If you get a warning like Failed opening '/path/to/test.php' for inclusion, make sure that the web server has the permission to read the test.php file.

Securing Horde Passwords: Some of Horde's configuration files contain passwords which local users could use to access your database. It is recommended to ensure that at least the Horde configuration files (in config/) are not readable to system users. There are .htaccess files restricting access to directories that do not need to be accessed directly; before relying on those, ensure that your webserver supports .htaccess and is configured to use them, and that the files in those directories are in fact inaccessible via the browser. An additional approach is to make Horde's configuration files owned by the user root 49

and by a group which only the webserver user belongs to, and then making them readable only to owner and group. For example, if your webserver runs as www.www, do as follows: chownroot.wwwconfig/* findconfig/ -type f -exec chmod 0440 '{}' \;

Sessions: Session data -- including hashed versions of your users' passwords, in some applications -- may not be stored as securely as necessary. If you are using file-based PHP sessions (which are the

default), be sure that session files are not being written into /tmp with permissions that allow other users to read them. Ideally, change the session. save_path setting in php.ini to a directory only readable and writeable by your webserver. Additionally, you can change the session handler of PHP to use any storage backend requested (e.g. SQL database) via the Custom Session Handler tab in the Horde configuration.

SCREESHOTS OF HORDE

Welcome Screen:

INBOX:

SETTINGS:

OTHER FEATURES:

MAIL COMPOSE :

BIBLOGRAPHY

 www.awstats.org  www.horde.org  www.wikipedia.com