In this exercise you will do some basic setup for HTTP. Install some basic packages which you need for work on apache.

[root@security1 ~]# yum -y install httpd elinks

After this turn off automatic index creation for default site. You should change /etc/http/conf/httpd.conf file and in options for default site remove Indexes. Create a new directory tree and some content for authorized users to access. Go to /var/www/html and make directory secrets and inside this directory, yet one directory mp3s. After this you should make index.html pages inside this directories. So, run next:

[root@security1 html]# echo "This is only authorized people can see." > secrets/index.html
[root@security1 html]# echo "This simulates retreiving an actual file." > secrets/mp3s/index.html

After this you should change directive for /var/www/html directory, so that can AllowOverride. Change /etc/http/conf/httpd.conf, so you have next inside it:

Directory "/var/www/html/secrets"
Options ExecCGI
AllowOverride AuthConfig

Restart service after this. If you try to access to http://security1.setenforce.com/secrets you will see that you can see index.html without username and password. For this you should make .htaccess file. Make that file with next content in /var/www/html/secrets

AuthName "Access to secrets folder on SETENFORCE"
AuthType Basic
AuthUserFile /var/www/passwords
require valid-user

Also you should make and /var/www/passwords file. I will do this for user student.

[root@security1 secrets]# htpasswd -c /var/www/passwords student
If this file already exist don't use -c, because this will rewrite content of file. So if you want to add file use next:
[root@security1 secrets]# htpasswd /var/www/passwords mary

After this make sure that /var/www/passwords file have permissions 755. So you can test this now, try http://security1.setenforce.com/secrets, you will be prompted for username and passwd.