To setup php mysql and perl cgi-bin,
yum install httpd php mysql mysql-server php-mysql
yum install perl mod_perl perl-DBD-mysql
then the info.php script in /var/www/cgi-bin works. But php scripts in
individual directory will not work.

configuration and management commands:
. instead of chkconfig service on  and service service start
. now use systemctl enable servicename    systemctl start servicename
  using the same systemctl command.
. system enable httpd.service
. system start httpd.service

Firewall: 
FC18 starts to use firewallD for dynamic firewall operation avoiding
restarting unnecssary restart. 
Instead of using lokkit -p 80:tcp 
It is now 
firewall-cmd --add-service=http
  
You will get the following error:
[Fri Dec 09 03:07:47 2011] [error] [client 128.198.16.92] PHP Fatal error:
Unkn
own: Failed opening required '/home/cs301/public_html/cgi-bin/php/info.php'
(include_path='.:/usr/share/pear:/usr/share/php') in Unknown on line 0,
referer: htt
p://walrus.uccs.edu/~cs301/cgi-bin/php/

To allow individual user to have public and run scripts such as php 

The block directory <Directory "/home/*/public_html"> no long in /etc/httpd/conf/httpd.conf
enable individual public_html access by

cd /etc/httpd/conf.d/
edit userdir.conf

comment out  line 17
    UserDir disabled
uncomment line 24
    #UserDir public_html
run "systemctl restart httpd.service

setsebool -P httpd_enable_homedirs true
test the access on individual web page

We install suphp
yum install mod_suphp
yum info suphp
vi /usr/share/doc/mod_suphp-0.6.3/README.fedora

edit /etc/httpd/conf.d/mod_suphp.conf

Add the folowing two directives at the top 
and wrap up with </Directory> so that it onlys applies to the individual
directory and not that on /var/www/cgi-bin or html otherwise those php script
in system directories will not work.

LoadModule suphp_module modules/mod_suphp.so

<Directory /home/*/public_html>

### Uncomment to activate mod_suphp
suPHP_AddHandler php5-script

The commented line "suPHP_AddHandler php5-script" has to be uncommented,
for mod_suphp to work.

Add </Directory> block directive at the end of mod_suphp.conf

set check_vhost_docroot=false in the /etc/suphp.conf
!!! note that in suphp.conf file, mod_suphp uses ; as comment character.
; use # will caurse an error for httpd operation!!! What a convention!
make sure unmask 0022 instead of 0077 so that the directory can be read

When the upload.php gets "Possible file upload attack"  or cannot create
directory on /home/gsc/public_html/pub/ directory, it could be
caused by SELINUX.  You can change the context

chcon -R -t public_content_rw_t /home/gsc/public_html/pub/
setsebool -P allow_smbd_anon_write 1
setsebool -P allow_httpd_anon_write 1


Also the public_html directory  where the scripts resides cannot have group
writable, change it to 711.

SELinux Access control for allowing individual access:

SELinux further restrict individual homedirs access.
We need to change the mandatory access control by running the following cmd:

# bad mistake here.  The following command only set it temporarily, add -P
# or edit the /etc/sysconfig/selinux
#
#setsebool httpd_enable_homedirs true
setsebool -P httpd_enable_homedirs true

To find out what boolean values were set,
use getsebool -a

systemctl restart httpd.service

" Internal Server Error
UID of script "/var/www/html/ictf/index.php" is smaller than min_uid
suPHP 0.6.3"

Need to turn off suphp on those php directory under apache or root
make sure you have
wrapped the directives right after LoadModule in
mod_suphp.conf with <Directory /home/*/public_html>

<Directory /home/*/public_html>
....

</Directory>





Note that /var/named/chroot/etc/named.conf
contains the actual configuration file, not /etc/named.conf
This is due to the use of chroot to prevent the illegal access to other system
directory when bind is compromised.
I copied named.conf directory from gandalf  to /etc/named.conf of walrus 
but only change IP address 197 on /etc/named.conf, not
/var/named/chroot/etc/named.conf  therefore external system cannot access
walrus name service, local is ok (why?)

// need to add 128.198.60.197 to the listen-on list otherwise it will not
// accept the outside query. Also need to add 128.198.0.0/16 to allow-query
// may add 0.0.0.0/0 to allow all
//

options {
        listen-on port 53 { 127.0.0.1;  128.198.60.197; };
		  allow-query     { localhost; 0.0.0.0/0; };

setsebool -P named_write_master_zones 1
make sure chroot has right named access

SELinux is preventing /usr/sbin/named from append access on the file
named.run.

*****  Plugin catchall_boolean (89.3 confidence) suggests  *******************

If you want to allow BIND to write the master zone files. Generally this is
used for dynamic DNS or zone transfers.
Then you must tell SELinux about this by enabling the
'named_write_master_zones' boolean.
Do
setsebool -P named_write_master_zones 1


http://www.yolinux.com/TUTORIALS/LinuxTutorialWebSiteConfig.html#DNS
chcon -u system_u -r object_r -t named_conf_t /var/named/chroot/etc/named.conf
/var/named/chroot/etc/named.root.hints

[mysql section]
#service mysqld start
systemctl start mysqld.service

try mysql_secure_installation
See detail in
http://www.howtoforge.com/installing-apache2-with-php5-and-mysql-support-on-fedora-19-lamp

set mysql root password
shell> mysql -u root mysql

mysql> UPDATE user SET Password=PASSWORD('new_mysqlrootpassword') 
           WHERE user='root'; 
mysql> FLUSH PRIVILEGES;

create cs3110 mysql account for php-mysql script showUserDB.php demo
cd /home/cs3110/public_html/mysql
./cmysql.pl <mysqlrootpwd> cs3110 <cs3110pwd> cs3110db

get a copy of mysql from an old fedora core server.
[root@walrus wiki]# mysqldump -u root -p<rootpwd> --all-databases > walrusdb.sql
[root@walrus wiki]# scp walrusdb.sql root@viva.uccs.edu:/home/chow/wiki

[root@viva wiki]# mysql -u root -p<rootpwd> < walrusdb.sql

[mediawiki section]

If you got old databases, you may have to run "php maintenance/update.php"

To restore the wiki sites,

dump mysql database on the original site to a mysql backup file backup.sql`
restore it with
msyql -u root -p<passwd> < backup.sql

Double check on the privileges on the mysql entry for ctfwikiuser
grant all privileges on ctfwikidb.* to ctfwikiuser@"localhost" identified by
'xxxx'

mysql> update user set password=password('xxxx') where
user='ctfwikiuser';
Query OK, 0 rows affected (0.00 sec)
Rows matched: 3  Changed: 0  Warnings: 0

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql> grant all privileges on ctfwikidb.* to ctfwikiuser@"localhost"
identified by 'xxxx';
Query OK, 0 rows affected (0.00 sec)

[root@walrus wiki]# mysqldump -u root -pxxxxx --database ipv6wikidb >
ipv6.sql
[root@walrus wiki]# scp ipv6.sql  chow@gandalf:wiki

[root@gandalf wiki]# mysql -u root -pXXXXXX < ipv6.sql

download the new mediawiki-1.21.1.tar.gz from http://www.mediawiki.org/wiki/Download
and tar xvzf it and move the new directory renmae it
/var/www/html/<wikiname>

start http://viva.uccs.edu/<wikiname>  to start configuration.

After entering the db access info, mediawiki will try to convert old database
scheme to the new one.  It may have regenerate the LocalSettings.php and put
it back to the wiki directory.
Make sure to protect LocalSettings.php since it contains db passwd info.
[root@viva ictf]# chmod 700 LocalSettings.php 
[root@viva ictf]# chown apache:apache LocalSettings.php

copy original LocalSettings.php extensions images
skins/common/images/<locallogo>.png file over to the new source directory

For example,
[root@viva ictf]# scp root@walrus.uccs.edu:/var/www/html/ictf/skins/common/images/uclionLogo.png skins/common/images

Edit the $wgLogo variable in LocalSettings.php file 

# The relative URL path to the logo.  Make sure you change this from the
default,
## or else you'll overwrite your logo when you upgrade!
#$wgLogo             = "/wiki/skins/common/images/wiki.png";
$wgLogo             = "/ictf/skins/common/images/uclionLogo.png";

note that instead of /wiki/skins.. it should be /ictf or /<wikiname>/skins/..
The common images in GUI of mediawiki should be put in 
/<wikiname>/skins/common/images/

We also copy the banner image and related files to the new wiki site 
scp -r root@walrus.uccs.edu:/var/www/html/ictf/images/* <wiki>/images

chcon -R -t httpd_sys_content_t ictf
chown -R apache:apache ictf
chown -R apache:apache uclionLogo.png

Also a restore.pl script was created in /root/wiki directory to untar
mediawiki software and copy above LocalSettings.php and directories to new
site.

[root@walrus wiki]# ./restore.pl walrus evote

in ipv6 and rras during php update.php
got 
Database returned error "1064: You have an error in your SQL syntax; check the
manual that corresponds
to your MySQL server version for the right syntax to use near 'Type=InnoDB' at
line 7 (localhost)"
msg.



In
http://www.mwusers.com/forums/showthread.php?16075-Update-to-1.16.0-getting-CREATE-TABLE-error-with-Update.php
it shows that 

I found my problem. It required a small change in LocalSettings.php.

Code:
# MySQL table options to use during installation or update
## $wgDBTableOptions   = "TYPE=InnoDB";
$wgDBTableOptions   = "ENGINE=InnoDB";

To reset password of a wikiuser, try
cd maintanence
php changePassword.php --user=example --password=newpassword

Sometime the existing user was not email confirmed, e.g. Chow was not.
In previous version you can still edit as admin but not not in new version
Here is how you set user_email_authenticated

MariaDB [ssgwikidb]> update 'ssguser' set
user_email_authenticated='20090722152413' where user_name='Chow';
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual
that corresponds to your MariaDB server version for the right syntax to use
near ''ssguser' set user_email_authenticated='20090722152413' where
user_name='Chow'' at line 1
MariaDB [ssgwikidb]> update ssguser set
user_email_authenticated='20090722152413
' where user_name='Chow';
Query OK, 1 row affected (0.02 sec)
Rows matched: 1  Changed: 1  Warnings: 0


Setting up SSH without password
On client: 
1. run ssh-keygen (it generates public key and private key)
2. run ssh-copy-id -i ~/.ssh/id_rsa.pub remote-host
3. ssh remote-host (or scrp or rsync)

phpMyAdmin setup
1. Make sure to edit the config.inc.php file and specified the blowfish_secret
   for cookie authentication. 
	The default key there is too big.
	[Sun Sep 22 15:02:31.823524 2013] [:error] [pid 10072] [client
	128.198.16.135:49645] PHP Warning:  mcrypt_encrypt(): Size of key is too
	large for this algorithm in
	/var/www/html/phpmyadmin/libraries/mcrypt.lib.php on line 71, referer:
	http://walrus.uccs.edu/phpmyadmin/

	Change the following  
	$cfg['blowfish_secret'] = 'directives are explained in Documentation.html
	and on phpMyAdmi'; 
	to
	$cfg['blowfish_secret'] = 'my devoted servant walrus';  # pick on that is
	decent size but not too long.
2. copy /usr/share/phpMyAdmin to /var/www/html/phpMyAdmin 
   may need to change SELinux type so httpd can read it
   chcon -R -t httpd_sys_content_t phpMyAdmin/
3. edit /etc/httpd/conf.d/phpMyAdmin.conf
   change /usr/share to /var/www/html


Enable httpd send email

setsebool httpd_can_sendmail on

Enable password file reading when they are not under public_html
. beaware that a password file created on homedir will have user_home_t not
httpd_user_content_t type.  Therefore you need to chcon -t
httpd_user_content_t file.txt to allow httpd to read it.

To allow update to the password file,  
we need to set httpd_unified to allow Unify HTTPD handling of all content files. 

setsebool -P httpd_unified=1