Fedora Linux

The fields here are the IP address of the remote host (24.43.223.54); the remote user login name (-); the authenticated username on the local system (- , because the user did not authenticate); the date, time, and time zone of the request ([28/Feb/2006:22:01:33 -0500]); the request string (GET / HTTP/1.1); the status code returned to the client (200, meaning OK); and the number of bytes sent to the client (956).

If you use the combined log format, the entries will look like this:

24.43.223.54 - - [28/Feb/2006:22:01:33 -0500] 'GET / HTTP/1.1' 200 956 'http://www.fedorabook.com/index.html' 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20060202 Fedora/1.0.7-1.2.fc4 Firefox/1.0.7'

The additional fields are the referring page, which linked to or contained the information requested ( http://www.fedorabook.com/index.html ), and the user agent header, which describes the client software (Firefox on a Fedora system in this case). The user agent information is interesting, but the referrer information is critical if you want to analyze where your visitors are coming from, which pages they visit first, and how they progress through your web site.

The error logfile contains entries like this:

[Tue Feb 28 22:01:33 2006] [error] [client 24.43.223.54] File does not exist: /var/www/html/favicon.ico

This indicates the date and time, the fact that this is an error, the client IP address, and the detail of the error.

7.5.3.2. ...using a more secure authentication scheme than Basic?

The problem with basic authentication is that the user ID and password travel in plain text across the network. Anyone snooping on the network can see the password.

A slightly better approach is to use digest authentication, which hashes the password before sending it across the network. This is still not nearly as secure as encrypting the connection.

To use digest authentication, use the same authentication configuration as you would for basic authentication, but substitute Digest for the AuthType :

AuthType Digest

AuthName ' prices '
AuthUserFile /var/www/digest
Require valid-user

Create the password file using the htdigest command instead of htpasswd . htdigest requires one additional argument in front of the username, called the realm ; copy the value from the AuthName directive and use it for the realm. Here is an example:

# htdigest -c /var/www/digest prices chris
Adding password for chris in realm prices.
New password:
 confidentialpassword
Re-type new password:
 confidentialpassword
# htdigest /var/www/digest prices diane
Adding user diane in realm prices
New password:
 bigsecret
Re-type new password:
 bigsecret

htdigest does not accept the -b option used with htpasswd.

7.5.4. Where Can I Learn More?

? The Apache documentation from the Apache Software Foundation is on their web site at http://httpd.apache.org/docs/2.2/ and on the web server of any Fedora system at http://<hostname>/<manual> (to disable access to the manual, remove /var/www/manual ).

? The manpages for httpd , htpasswd , htdigest , and httpd_selinux.

7.6. Configuring the sendmail Server

sendmail is a robust email server. Like Apache, it has an enormous number of configuration options to handle many different service scenarios, even though many of these scenarios are pretty rare. With a small amount of configuration, sendmail can be configured to handle most mail-serving tasks.

7.6.1. How Do I Do That?

Fedora's default sendmail configuration will:

? Start the sendmail service at each boot

? Accept mail from local users for local mailboxes and place it in those mailboxes

? Accept mail from local users for remote systems, place it in a queue, and attempt to deliver it directly to the remote mail hosts

This configuration may or may not work for you, depending on how you are connected to the Internet.

7.6.1.1. Preparing to configure sendmail and activating changes