$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.4 LTS
Release: 18.04
Codename: bionic
$ hostname -I
192.168.0.9
$ sudo ufw status
Status: inactive
# Update package list and install Apache.
$ sudo apt update
...
Fetched 2,854 kB in 2s (1,395 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
$ sudo apt install apache2
...
Created symlink /etc/systemd/system/multi-user.target.wants/apache2.service → /lib/systemd/system/apache2.service.
Created symlink /etc/systemd/system/multi-user.target.wants/apache-htcacheclean.service → /lib/systemd/system/apache-htcacheclean.service.
...
# Note the screen output shows symlinks in the configuration directories for the system services.
# Let's see what was is running.
$ systemctl status apache2.service
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Drop-In: /lib/systemd/system/apache2.service.d
└─apache2-systemd.conf
Active: active (running) since Sun 2020-04-26 12:08:28 MDT; 2min 6s ago
Main PID: 29916 (apache2)
Tasks: 55 (limit: 4915)
CGroup: /system.slice/apache2.service
├─29916 /usr/sbin/apache2 -k start
├─29918 /usr/sbin/apache2 -k start
└─29919 /usr/sbin/apache2 -k start
# Use a web browser to go to the machine name or IP address.
# Earlier you found the IP address by typing "hostname -I".
# It is kind of the developers and package maintainers to put instructions on the home page!
# Let's look at the index.html file.
$ cd /var/www/html
$ ls -l
total 12
-rw-r--r-- 1 root root 10918 Apr 26 12:08 index.html
# Being owned by root, we can guess an "apache" unix logon was not created.
$ grep apa /etc/passwd
# Nothing found. Also look at last line of /etc/passwd for a new entry.
$ tail -1 /etc/passwd
# Since software often has errors, bugs, and security holes, an attacker may exploit those
# holes and possibly gain access as the user which is running the software.
# The apache software is being run as root. It had better be perfect software!
# Let's look further.
$ ps -ef | grep apache
root 29916 1 0 12:08 ? 00:00:00 /usr/sbin/apache2 -k start
www-data 29918 29916 0 12:08 ? 00:00:00 /usr/sbin/apache2 -k start
www-data 29919 29916 0 12:08 ? 00:00:00 /usr/sbin/apache2
# Processes are running both as root and as the pre-existing unix logon www-data.
# Let's see if www-data is a less-privileged account than root
$ groups www-data
www-data : www-data
$ sudo grep www /etc/sudoers
# No output from grep, so it looks like www-data doesn't have sudo. This is good.
# To open a listening connection on a "low numbered port", you typically need to be root.
# Maybe that is why part of the web server is started as root. This is something to further explore.
# For now, let's change the static web page served from the file index.html.$ cd /var/www/html
$ ls -l
total 12
-rw-r--r-- 1 root root 10918 Apr 26 12:08 index.html
$ sudo cp index.html index.html.orig
$ ls -l
total 24
-rw-r--r-- 1 root root 10918 Apr 26 12:08 index.html
-rw-r--r-- 1 root root 10918 Apr 26 12:29 index.html.orig
# Edit the file and add some text. When editing the file, search for "welcome" and change the text.
$ sudo vi index.html
# In the "content_section_text", you may want to add a new paragraph tags and a couple lines such as:
<p>
“I'm a great believer in luck, and I find the harder I work the more I have of it.”
<a href="https://plato.stanford.edu/entries/jefferson">Thomas Jefferson</a>
</p>
# Verify that systemctl is set up properly to start and stop the web server.
$ sudo systemctl stop apache2.service
$ ps -ef|grep apac
testuser 32236 28823 0 14:58 pts/0 00:00:00 grep apac
$ sudo systemctl start apache2.service
$ ps -ef | grep apac
root 32262 1 0 14:58 ? 00:00:00 /usr/sbin/apache2 -k start
www-data 32264 32262 0 14:58 ? 00:00:00 /usr/sbin/apache2 -k start
www-data 32265 32262 0 14:58 ? 00:00:00 /usr/sbin/apache2 -k start
testuser 32327 28823 0 14:58 pts/0 00:00:00 grep apac
$ systemctl status apache2.service
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Drop-In: /lib/systemd/system/apache2.service.d
└─apache2-systemd.conf
Active: active (running) since Sun 2020-04-26 14:58:53 MDT; 17s ago
Process: 32214 ExecStop=/usr/sbin/apachectl stop (code=exited, status=0/SUCCESS)
Process: 32242 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
Main PID: 32262 (apache2)
Tasks: 55 (limit: 4915)
CGroup: /system.slice/apache2.service
├─32262 /usr/sbin/apache2 -k start
├─32264 /usr/sbin/apache2 -k start
└─32265 /usr/sbin/apache2 -k start
If you run the firewall, remember to allow incoming pages to apache webserver.
$ sudo ufw enable
$ sudo ufw allow www
$ sudo ufw allow www