Skip to main content

Install a Web Server in Ubuntu 18.04 LTS and Secure It with AppArmor

Hands-On Lab

 

Photo of Kenny Armstrong

Kenny Armstrong

Linux Training Architect II in Content

Length

00:45:00

Difficulty

Beginner

In this lab, we are going to install the popular Apache web server, and then we'll install a console-based web browser. Afterward we are going to apply extra security to the web server, using both an AppArmor profile and Apache module. Finally, we will replace the default web page to verify that everything is working properly.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Install a Web Server in Ubuntu 18.04 LTS and Secure It with AppArmor

Introduction

In this lab, we are going to install the popular Apache web server, and then we'll install a console-based web browser. Afterward we are going to apply extra security to the web server, using both an AppArmor profile and Apache module. Finally, we will replace the default web page to verify that everything is working properly.

Solution

Once we are logged into the server, we need to install the apache2, w3m, and libapache2-mod-apparmor packages.

After these are installed, verify (using the systemctl command) that the apache2 service is running, and that we can access the pre-installed web page using the console browser with the command: w3m http://localhost.

Next, we need to enable the AppArmor security profile for Apache, as well as the apparmor module for the Apache service.

After this, we will back up the original default index page, and create our own.

Finally, we'll open up the web service port with the uncomplicated firewall, and verify that we can access the page we just created.

Enable the Firewall

First, we want to enable the firewall. By default on this system, it is disabled. Once we enable it, we will be warned that you might lose our SSH connection. If we quickly follow up the enable command with the rule to allow incoming SSH connections, we won't lose connection.

sudo ufw enable
sudo ufw allow ssh

Check it with a quick sudo ufw status.

Install Packages

Next, we'll install the Apache server, a terminal web browser, and the necessary AppArmor utilities and Apache AppArmor module:

sudo apt install apache2 w3m libapache2-mod-apparmor apparmor-utils

Verify the Web Server is Running

First, with the systemctl command, verify that the apache2 service is running. Then, use the w3m console browser to open up the default web page at http://localhost:

systemctl status apache2.service
w3m http://localhost

Enable AppArmor on the Apache Server

Next, apply the AppArmor profile to the Apache service and enable the apparmor Apache module. Once the module is installed, we need to restart the Apache service:

sudo aa-enforce /etc/apparmor.d/usr.sbin.apache2
sudo a2enmod apparmor
sudo systemctl restart apache2.service

Verify AppArmor Status

Now double check the AppArmor status to verify that the Apache server's profile is enforced:

sudo apparmor_status

Create a New Landing Page

Move the original default web page to the cloud_user home directory, and create a new default landing page:

sudo mv /var/www/html/index.html /home/cloud_user/index.html.bak
sudo echo "Hi there!" > index.html
sudo mv index.html /var/www/html/

Configure the Firewall

Open up the web service port in the firewall:

sudo ufw allow http

Now verify that it worked with a quick sudo ufw status.

Verify the Web Page Works

Let's check to see if the actual web server is working. Check and make sure:

w3m http://localhost

Conclusion

If we can see some text saying "Hi there!", then we're finished. Congratulations!