To setup php mysql and perl cgi-bin,
yum install httpd php mysql mysql-server php-mysql
yum install perl mod_perl perl-DBD-mysql
then the info.php script in /var/www/cgi-bin works. But php scripts in
individual directory will not work.
configuration and management commands:
. instead of chkconfig service on and service service start
. now use systemctl enable servicename systemctl start servicename
using the same systemctl command.
. system enable httpd.service
. system start httpd.service
Firewall:
FC18 starts to use firewallD for dynamic firewall operation avoiding
restarting unnecssary restart.
Instead of using lokkit -p 80:tcp
It is now
firewall-cmd --add-service=http
You will get the following error:
[Fri Dec 09 03:07:47 2011] [error] [client 128.198.16.92] PHP Fatal error:
Unkn
own: Failed opening required '/home/cs301/public_html/cgi-bin/php/info.php'
(include_path='.:/usr/share/pear:/usr/share/php') in Unknown on line 0,
referer: htt
p://walrus.uccs.edu/~cs301/cgi-bin/php/
To allow individual user to have public and run scripts such as php
The block directory no long in /etc/httpd/conf/httpd.conf
enable individual public_html access by
cd /etc/httpd/conf.d/
edit userdir.conf
comment out line 17
UserDir disabled
uncomment line 24
#UserDir public_html
run "systemctl restart httpd.service
setsebool -P httpd_enable_homedirs true
test the access on individual web page
We install suphp
yum install mod_suphp
yum info suphp
vi /usr/share/doc/mod_suphp-0.6.3/README.fedora
edit /etc/httpd/conf.d/mod_suphp.conf
Add the folowing two directives at the top
and wrap up with so that it onlys applies to the individual
directory and not that on /var/www/cgi-bin or html otherwise those php script
in system directories will not work.
LoadModule suphp_module modules/mod_suphp.so
### Uncomment to activate mod_suphp
suPHP_AddHandler php5-script
The commented line "suPHP_AddHandler php5-script" has to be uncommented,
for mod_suphp to work.
Add block directive at the end of mod_suphp.conf
set check_vhost_docroot=false in the /etc/suphp.conf
!!! note that in suphp.conf file, mod_suphp uses ; as comment character.
; use # will caurse an error for httpd operation!!! What a convention!
make sure unmask 0022 instead of 0077 so that the directory can be read
When the upload.php gets "Possible file upload attack" or cannot create
directory on /home/gsc/public_html/pub/ directory, it could be
caused by SELINUX. You can change the context
chcon -R -t public_content_rw_t /home/gsc/public_html/pub/
setsebool -P allow_smbd_anon_write 1
setsebool -P allow_httpd_anon_write 1
Also the public_html directory where the scripts resides cannot have group
writable, change it to 711.
SELinux Access control for allowing individual access:
SELinux further restrict individual homedirs access.
We need to change the mandatory access control by running the following cmd:
# bad mistake here. The following command only set it temporarily, add -P
# or edit the /etc/sysconfig/selinux
#
#setsebool httpd_enable_homedirs true
setsebool -P httpd_enable_homedirs true
To find out what boolean values were set,
use getsebool -a
systemctl restart httpd.service
" Internal Server Error
UID of script "/var/www/html/ictf/index.php" is smaller than min_uid
suPHP 0.6.3"
Need to turn off suphp on those php directory under apache or root
make sure you have
wrapped the directives right after LoadModule in
mod_suphp.conf with
....
Note that /var/named/chroot/etc/named.conf
contains the actual configuration file, not /etc/named.conf
This is due to the use of chroot to prevent the illegal access to other system
directory when bind is compromised.
I copied named.conf directory from gandalf to /etc/named.conf of walrus
but only change IP address 197 on /etc/named.conf, not
/var/named/chroot/etc/named.conf therefore external system cannot access
walrus name service, local is ok (why?)
// need to add 128.198.60.197 to the listen-on list otherwise it will not
// accept the outside query. Also need to add 128.198.0.0/16 to allow-query
// may add 0.0.0.0/0 to allow all
//
options {
listen-on port 53 { 127.0.0.1; 128.198.60.197; };
allow-query { localhost; 0.0.0.0/0; };
setsebool -P named_write_master_zones 1
make sure chroot has right named access
SELinux is preventing /usr/sbin/named from append access on the file
named.run.
***** Plugin catchall_boolean (89.3 confidence) suggests *******************
If you want to allow BIND to write the master zone files. Generally this is
used for dynamic DNS or zone transfers.
Then you must tell SELinux about this by enabling the
'named_write_master_zones' boolean.
Do
setsebool -P named_write_master_zones 1
http://www.yolinux.com/TUTORIALS/LinuxTutorialWebSiteConfig.html#DNS
chcon -u system_u -r object_r -t named_conf_t /var/named/chroot/etc/named.conf
/var/named/chroot/etc/named.root.hints
[mysql section]
#service mysqld start
systemctl start mysqld.service
try mysql_secure_installation
See detail in
http://www.howtoforge.com/installing-apache2-with-php5-and-mysql-support-on-fedora-19-lamp
set mysql root password
shell> mysql -u root mysql
mysql> UPDATE user SET Password=PASSWORD('new_mysqlrootpassword')
WHERE user='root';
mysql> FLUSH PRIVILEGES;
create cs3110 mysql account for php-mysql script showUserDB.php demo
cd /home/cs3110/public_html/mysql
./cmysql.pl cs3110 cs3110db
get a copy of mysql from an old fedora core server.
[root@walrus wiki]# mysqldump -u root -p --all-databases > walrusdb.sql
[root@walrus wiki]# scp walrusdb.sql root@viva.uccs.edu:/home/chow/wiki
[root@viva wiki]# mysql -u root -p < walrusdb.sql
[mediawiki section]
If you got old databases, you may have to run "php maintenance/update.php"
To restore the wiki sites,
dump mysql database on the original site to a mysql backup file backup.sql`
restore it with
msyql -u root -p < backup.sql
Double check on the privileges on the mysql entry for ctfwikiuser
grant all privileges on ctfwikidb.* to ctfwikiuser@"localhost" identified by
'xxxx'
mysql> update user set password=password('xxxx') where
user='ctfwikiuser';
Query OK, 0 rows affected (0.00 sec)
Rows matched: 3 Changed: 0 Warnings: 0
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> grant all privileges on ctfwikidb.* to ctfwikiuser@"localhost"
identified by 'xxxx';
Query OK, 0 rows affected (0.00 sec)
[root@walrus wiki]# mysqldump -u root -pxxxxx --database ipv6wikidb >
ipv6.sql
[root@walrus wiki]# scp ipv6.sql chow@gandalf:wiki
[root@gandalf wiki]# mysql -u root -pXXXXXX < ipv6.sql
download the new mediawiki-1.21.1.tar.gz from http://www.mediawiki.org/wiki/Download
and tar xvzf it and move the new directory renmae it
/var/www/html/
start http://viva.uccs.edu/ to start configuration.
After entering the db access info, mediawiki will try to convert old database
scheme to the new one. It may have regenerate the LocalSettings.php and put
it back to the wiki directory.
Make sure to protect LocalSettings.php since it contains db passwd info.
[root@viva ictf]# chmod 700 LocalSettings.php
[root@viva ictf]# chown apache:apache LocalSettings.php
copy original LocalSettings.php extensions images
skins/common/images/.png file over to the new source directory
For example,
[root@viva ictf]# scp root@walrus.uccs.edu:/var/www/html/ictf/skins/common/images/uclionLogo.png skins/common/images
Edit the $wgLogo variable in LocalSettings.php file
# The relative URL path to the logo. Make sure you change this from the
default,
## or else you'll overwrite your logo when you upgrade!
#$wgLogo = "/wiki/skins/common/images/wiki.png";
$wgLogo = "/ictf/skins/common/images/uclionLogo.png";
note that instead of /wiki/skins.. it should be /ictf or //skins/..
The common images in GUI of mediawiki should be put in
//skins/common/images/
We also copy the banner image and related files to the new wiki site
scp -r root@walrus.uccs.edu:/var/www/html/ictf/images/* /images
chcon -R -t httpd_sys_content_t ictf
chown -R apache:apache ictf
chown -R apache:apache uclionLogo.png
Also a restore.pl script was created in /root/wiki directory to untar
mediawiki software and copy above LocalSettings.php and directories to new
site.
[root@walrus wiki]# ./restore.pl walrus evote
in ipv6 and rras during php update.php
got
Database returned error "1064: You have an error in your SQL syntax; check the
manual that corresponds
to your MySQL server version for the right syntax to use near 'Type=InnoDB' at
line 7 (localhost)"
msg.
In
http://www.mwusers.com/forums/showthread.php?16075-Update-to-1.16.0-getting-CREATE-TABLE-error-with-Update.php
it shows that
I found my problem. It required a small change in LocalSettings.php.
Code:
# MySQL table options to use during installation or update
## $wgDBTableOptions = "TYPE=InnoDB";
$wgDBTableOptions = "ENGINE=InnoDB";
To reset password of a wikiuser, try
cd maintanence
php changePassword.php --user=example --password=newpassword
Sometime the existing user was not email confirmed, e.g. Chow was not.
In previous version you can still edit as admin but not not in new version
Here is how you set user_email_authenticated
MariaDB [ssgwikidb]> update 'ssguser' set
user_email_authenticated='20090722152413' where user_name='Chow';
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual
that corresponds to your MariaDB server version for the right syntax to use
near ''ssguser' set user_email_authenticated='20090722152413' where
user_name='Chow'' at line 1
MariaDB [ssgwikidb]> update ssguser set
user_email_authenticated='20090722152413
' where user_name='Chow';
Query OK, 1 row affected (0.02 sec)
Rows matched: 1 Changed: 1 Warnings: 0
Setting up SSH without password
On client:
1. run ssh-keygen (it generates public key and private key)
2. run ssh-copy-id -i ~/.ssh/id_rsa.pub remote-host
3. ssh remote-host (or scrp or rsync)
phpMyAdmin setup
1. Make sure to edit the config.inc.php file and specified the blowfish_secret
for cookie authentication.
The default key there is too big.
[Sun Sep 22 15:02:31.823524 2013] [:error] [pid 10072] [client
128.198.16.135:49645] PHP Warning: mcrypt_encrypt(): Size of key is too
large for this algorithm in
/var/www/html/phpmyadmin/libraries/mcrypt.lib.php on line 71, referer:
http://walrus.uccs.edu/phpmyadmin/
Change the following
$cfg['blowfish_secret'] = 'directives are explained in Documentation.html
and on phpMyAdmi';
to
$cfg['blowfish_secret'] = 'my devoted servant walrus'; # pick on that is
decent size but not too long.
2. copy /usr/share/phpMyAdmin to /var/www/html/phpMyAdmin
may need to change SELinux type so httpd can read it
chcon -R -t httpd_sys_content_t phpMyAdmin/
3. edit /etc/httpd/conf.d/phpMyAdmin.conf
change /usr/share to /var/www/html
Enable httpd send email
setsebool httpd_can_sendmail on
Enable password file reading when they are not under public_html
. beaware that a password file created on homedir will have user_home_t not
httpd_user_content_t type. Therefore you need to chcon -t
httpd_user_content_t file.txt to allow httpd to read it.
To allow update to the password file,
we need to set httpd_unified to allow Unify HTTPD handling of all content files.
setsebool -P httpd_unified=1