Curl error (6) when trying to install httpd

Hudle

New Member
Joined
Nov 8, 2024
Messages
7
Reaction score
1
Credits
69
I'm in the process of trying to set up a web server on a vm and am receiving this error on install:
Curl error (6): Couldn't resolve host name for https://mirrors.centos.org/metalink?repo=centos-baseos-9-streamarch=x86_64&protocol=https,http

The command I used to install the package was:
sudo yum install httpd

All I have done as far as setup with this server is set a static ip in the ifcfg file and also enabled http and https with the firewall. Any suggestions to fix this issue?
 


mirrors.centos.org is an alias for wildcard.fedoraproject.org which appears to point to vm3.fedora.ibiblio.org which uses an IPv4 address of 152.19.134.142.

You can add an entry in your /etc/hosts file like this:

152.19.134.142 (TAB) wildcard.fedoraproject.org mirrors.centos.org

until you get your DNS configured on your system.

Signed,

Matthew Campbell
 
Is it necessary to configure my web server with a static ip?
If it's just as a lab test then no, but you need to configure the dns servers correctly but if you use dhcp it should get the dns servers automatically from the dhcp server.
 
Alright so I feel like everything I try, I reach a dead end and end up making things worse. I'm trying to assign a static ip address to my network interface so I can ssh into the server using my local machine. I've tried using nmtui and it tells me the interface name (I'm assuming) is not activatable. I've also tried using NetworkManager running commands like this:
sudo nmcli con mod <interface_name> ipv4.addresses <static_ip>/<subnet_mask>
sudo nmcli con mod <interface_name> ipv4.gateway <gateway_ip>
sudo nmcli con mod <interface_name> ipv4.dns "<dns_server>"
sudo nmcli con mod <interface_name> ipv4.method manual
This method also did not work.
Lastly, I tried to add my own ifcfg file which also did not work.
This has left me with three different IP addresses. None of which are the one I tried to statically assign. I'm running CentOS Stream version 9. I know I don't need to set a static ip at this time for test purposes, but I think it would be beneficial if I was able to understand this. Thanks
 
Alright so I feel like everything I try, I reach a dead end and end up making things worse. I'm trying to assign a static ip address to my network interface so I can ssh into the server using my local machine. I've tried using nmtui and it tells me the interface name (I'm assuming) is not activatable. I've also tried using NetworkManager running commands like this:
sudo nmcli con mod <interface_name> ipv4.addresses <static_ip>/<subnet_mask>
sudo nmcli con mod <interface_name> ipv4.gateway <gateway_ip>
sudo nmcli con mod <interface_name> ipv4.dns "<dns_server>"
sudo nmcli con mod <interface_name> ipv4.method manual
This method also did not work.
Lastly, I tried to add my own ifcfg file which also did not work.
This has left me with three different IP addresses. None of which are the one I tried to statically assign. I'm running CentOS Stream version 9. I know I don't need to set a static ip at this time for test purposes, but I think it would be beneficial if I was able to understand this. Thanks
I could never get NetworkManager to work right on my system. I use ifupdown instead.

Signed,

Matthew Campbell
 
I can ssh into the server using my local machine.

You can also just use the hostname...

It's often ssh hostname.local. For example, this would be ssh kgiii-laptop2.local,

Of course you can add your username to the command.

Then, the IP address doesn't matter. It works fairly well here but it can be flakey if you've mixed things up a bit.
 
Alright, I was able to get ssh working. My next step now is to work on hardening Apache. I've done a few things like hiding the version info and disabling directory listings (which I don't completely understand), but one thing I haven't been able to fix is enabling the preset on httpd. Any suggestions?
1732408825535.png
 
Alright, I was able to get ssh working. My next step now is to work on hardening Apache. I've done a few things like hiding the version info and disabling directory listings (which I don't completely understand), but one thing I haven't been able to fix is enabling the preset on httpd. Any suggestions?
View attachment 22915
Use ACLs to prevent Apache2 from accessing any program with setuid or setgid. Apache2 has a critical security vulnerability that allows a remote unauthenticated attacker to gain a web shell and if the user that runs the server, which should not be root, can run one of these commands, if it has a bug, it will allow them to turn that into a root shell. You might also block things like ncat, wget, and curl too. Turn off file uploading if you're not going to use it. Make sure the files and directories are not owned by the user that runs the web server. Give it limited group access instead. Run an IDS like aide to monitor activity on the host system. Tell your firewall to block all web server ports used by your server on addresses not listed in your list of virtual servers. Apache2 will latch on to every port listed in /etc/apache2/ports.conf on every IP address on your server's computer. When someone tries to access this is should be logged to a separate log file. A good firewall should prevent this from happening in the first place. Make sure to tell your firewall to block IPv6 link local addresses both ways, inbound and outbound.

Signed,

Matthew Campbell
 

Members online


Latest posts

Top