A working WWW server for CCIE Security

I have been playing around with this for quite some time now, and finally got it working.

It’s hardly a complicated requirement, just need a server to host two websites (www.good.com, and www.bad.com). However, I tried loads of different live CDs, tried fresh installs, lots of different qemu images, and all had issues of one sort or another – such not having Apache installed, the NIC not working, and so on and so forth.

I made some good headway yesterday when I found Suse Studio, this allows you to create an image, with as much or as little on it as you need. You can then download it as a qemu image, which works nicely with UNetLab.
So now I have a working setup.I won’t be keeping the Win host there, that was just for testing as I have not sorted out the rest of the topology yet.

The Apache configuration is working and serving the two websites:

If you want to set this up at home then you will need to have apache running two virtual hosts. The conf files need to live under /etc/apache2/vhosts.d/ (for Suse at least). The configurations are below:

good.com.conf:

<VirtualHost *:80>
    ServerAdmin [email protected]
    ServerName www.good.com
    DocumentRoot /srv/www/vhosts/www.good.com
    ErrorLog /var/log/apache2/www.good.com-error_log
    CustomLog /var/log/apache2/www.good.com-access_log combined
    HostnameLookups Off
    UseCanonicalName Off
    ServerSignature On
    ScriptAlias /cgi-bin/ "/srv/www/vhosts/www.good.com/cgi-bin/"
    <Directory "/srv/www/vhosts/www.good.com/cgi-bin">
        AllowOverride None
        Options +ExecCGI -Includes
        <IfModule !mod_access_compat.c>
            Require all granted
        </IfModule>
        <IfModule mod_access_compat.c>
            Order allow,deny
            Allow from all
        </IfModule>
    </Directory>
    <IfModule mod_userdir.c>
        UserDir public_html
        Include /etc/apache2/mod_userdir.conf
    </IfModule>
    <Directory "/srv/www/vhosts/www.good.com">
        Options Indexes FollowSymLinks
        AllowOverride None
        <IfModule !mod_access_compat.c>
            Require all granted
        </IfModule>
        <IfModule mod_access_compat.c>
            Order allow,deny
            Allow from all
        </IfModule>
    </Directory>
</VirtualHost>

bad.com.conf:

<VirtualHost *:80>
    ServerAdmin [email protected]
    ServerName www.bad.com
    DocumentRoot /srv/www/vhosts/www.bad.com
    ErrorLog /var/log/apache2/www.bad.com-error_log
    CustomLog /var/log/apache2/www.bad.com-access_log combined
    HostnameLookups Off
    UseCanonicalName Off
    ServerSignature On
    ScriptAlias /cgi-bin/ "/srv/www/vhosts/www.bad.com/cgi-bin/"
    <Directory "/srv/www/vhosts/www.bad.com/cgi-bin">
        AllowOverride None
        Options +ExecCGI -Includes
        <IfModule !mod_access_compat.c>
            Require all granted
        </IfModule>
        <IfModule mod_access_compat.c>
            Order allow,deny
            Allow from all
        </IfModule>
    </Directory>
    <IfModule mod_userdir.c>
        UserDir public_html
        Include /etc/apache2/mod_userdir.conf
    </IfModule>
    <Directory "/srv/www/vhosts/www.bad.com">
        Options Indexes FollowSymLinks
        AllowOverride None
        <IfModule !mod_access_compat.c>
            Require all granted
        </IfModule>
        <IfModule mod_access_compat.c>
            Order allow,deny
            Allow from all
        </IfModule>
    </Directory>
</VirtualHost>

Then all you need is a simple HTML page under /srv/www/vhosts/www.good.com/ and /srv/www/vhosts/www.bad.com/.

Apache can be started using the command “rcapache2 start”, but you do need to switch to the root user, using “su -” and type in the root password, which is “linux”.

The VM also has:

  • Bind (DNS)
  • NTP
  • FTP (Server)
This makes it a bit useful for future play!

If you want to download the VM, which is pre-IP’d and set up you can click the download link below. All you need to do is set up a hosts entry of DNS entry pointing to the VM’s IP address (198.250.99.100). Note that the password for all accounts is “linux”.

8 Comments

  1. Praveen April 2, 2016
  2. Stuart Fordham April 2, 2016
  3. Anonymous April 4, 2016
  4. Stuart Fordham April 4, 2016
  5. Stuart Fordham April 4, 2016
  6. Stuart Fordham April 4, 2016
  7. bamo April 7, 2016
  8. Damian C October 25, 2016