Skip to content

NXNJZ

Linux and Security

  • BLOG
  • Cowsay Fortune
  • Contact
  • Gitlab
  • Company Homepage

Category: Linux

How to Install Wallabag on CentOS 7

Posted on March 8, 2019 - November 21, 2019 by nxnjz

Introduction

Wallabag is a self-hosted PHP web application allowing you to save web pages for later reading. It extracts content so that you can read it when you have time. This article will explain the installation of Wallabag on a system running CentOS 7.

NOTE: This guide assumes that SELinux is disabled, which is the case on many CentOS 7 images, including Vultr‘s.

Prerequisites

  • A CentOS 7 virtual/physical instance.
  • Root access to your server (via a user with sudo privileges.)
  • A web server with PHP 7 (Instructions below.)
  • A MySQL database (Instructions below.)

Preparations

Update your system:

sudo yum update -y

Install additional repositories

Wallabag requires a version of PHP and other packages that are not available in the default CentOS repositories. We will install EPEL (Extra Packages for Enterprise Linux) and Remi.

sudo yum install -y epel-release yum-utils
sudo yum install -y https://rpms.remirepo.net/enterprise/remi-release-7.rpm

And enable PHP 7.0 packages from the newly installed repository:

sudo yum-config-manager --enable remi-php70
Installing a web server stack:

We will be using Apache with PHP, and MariaDB for the database. Execute the following to install the required packages:

sudo yum update
sudo yum install -y httpd php php-common php-curl php-json php-zip php-xml php-mbstring php-mysql php-pdo php-gd php-tidy php-bcmath mariadb-server mariadb

Make sure Apache and MariaDB are enabled and running:

sudo systemctl enable --now httpd.service mariadb.service

Install miscellaneous packages.

sudo yum install -y git make composer unzip

Git will be used to download Wallabag from its github repository and the make command, along with composer to complete the installation of Wallabag.

Configuring Apache

Using a text editor of your choice, create a new Apache configuration file. For instance:

sudo vim /etc/httpd/conf.d/wallabag.conf

Populate it with the following (insert your public IP address or a domain name pointing to your IP for ServerName):

<VirtualHost *:80>
    ServerName IP_or_DOMAIN_NAME 
    DocumentRoot /var/www/wallabag/web
    <Directory /var/www/wallabag/web>
        AllowOverride None
        Order Allow,Deny
        Allow from All
        <IfModule mod_rewrite.c>
            Options -MultiViews
            RewriteEngine On
            RewriteCond %{REQUEST_FILENAME} !-f
            RewriteRule ^(.*)$ app.php [QSA,L]
        </IfModule>
    </Directory>
 <Directory /var/www/wallabag/web/bundles>
        <IfModule mod_rewrite.c>
            RewriteEngine Off
        </IfModule>
    </Directory>
    ErrorLog /var/log/httpd/wallabag_error.log
    CustomLog /var/log/httpd/wallabag_access.log combined
</VirtualHost>

Save and exit.

Reload Apache configuration to apply changes:

sudo systemctl reload httpd.service

Configuring MariaDB

Start by securing your MySQL installation with this command:

sudo mysql_secure_installation

Answer the questions as shown:

Enter current password for root (enter for none): Enter
Set root password? [Y/n]: Y
New password: <your-password>
Re-enter new password: <your-password>
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]: Y
Reload privilege tables now? [Y/n]: Y

Make sure you use a strong password.

Configuring MariaDB

Create a database and user for Wallabag:

sudo mysql -u root -p

MariaDB [(none)]> CREATE DATABASE wallabag; 
MariaDB [(none)]> CREATE USER 'wallabaguser'@'localhost' IDENTIFIED BY 'wallabagpassword';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON wallabag.* TO 'wallabaguser'@'localhost';
MariaDB [(none)]> exit;

Make sure you replace wallabagpassword with a secure password. It should be different from the password you chose for the MariaDB root user.

Installing Wallabag

Since Wallabag is hosted on github, we’ll clone the repository locally:

cd /var/www/
sudo git clone https://github.com/wallabag/wallabag.git

And transfer ownership to the apache user:

sudo chown -R apache:apache /var/www/wallabag

It is not recommended to run the installation scripts as root, so we will use the apache user:

sudo -u apache /bin/bash
cd /var/www/wallabag/
make install

You will be asked several questions regarding desired configuration:

database_driver (pdo_mysql): pdo_mysql
database_driver_class (null): Press Enter
database_host (127.0.0.1): 127.0.0.1
database_port (null): 3306
database_name (wallabag): wallabag
database_user (root): wallabaguser
database_password (null): wallabagpassword
database_path (null): Press Enter
database_table_prefix (wallabag_): Prefix of your choice or Press Enter for the default.
database_socket (null): Press Enter
database_charset (utf8mb4): Press Enter
domain_name ('https://your-wallabag-url-instance.com'): http://IP_or_DOMAIN_NAME

Choose the default (press Enter) for the remaining questions, then exit back to your own user shell session: exit

Finally, enable HTTP traffic through the firewall:

sudo firewall-cmd --add-service http --permanent
sudo firewall-cmd --reload

You should now be able to access Wallabag on http://IP_or_DOMAIN_NAME. For better security/privacy, you should consider using a domain name with HTTPS, however this is beyond the scope of this guide.

Posted in LinuxTagged centosLeave a comment

How to Install PrivateBin on CentOS 7.

Posted on March 4, 2019 - November 21, 2019 by nxnjz

Introduction

PrivateBin is a minimalist online pastebin where the server has zero knowledge of pasted data. This application supports password-protection, expiration, and self-destruction after reading. It is completely open-source and hosted on github. This article will guide through the installation and configuration of PrivateBin on a CentOS 7 system.

Prerequisites

  • A CentOS 7 system.
  • Root access to your server (via the root user or a user with sudo privileges.)
  • A web server with PHP (Instructions below.)
  • A MySQL database (Instructions below.)

Preparations

If you’re not logged in as the root user, execute sudo -i to obtain a temporary root shell.

Update your system and install required software.

yum update
yum install -y git

Git will be used to download PrivateBin from its github repository.

Installing a web server stack:

We will be using Apache and PHP. Execute the following to install the required packages:

yum install -y epel-release
yum install -y httpd php php-common php-xml php-mbstring php-mysql php-pdo php-mcrypt

Make sure Apache is enabled and running:

systemctl enable --now httpd.service

Configuring Apache

Using a text editor of your choice, create a new configuration file for Apache. For instance:

vim /etc/httpd/conf.d/privatebin.conf

Populate it with the following (insert your IP address or a domain name pointing to your IP for ServerName):

<VirtualHost *:80>
    ServerName YOUR_SERVER_IP
    DocumentRoot /var/www/html/PrivateBin/
    ErrorLog /var/log/httpd/privatebin-error.log
    CustomLog /var/log/httpd/privatebin-access.log combined
    <Directory /var/www/html/PrivateBin>
    AllowOverride All
    </Directory>
</VirtualHost>

Save and exit.

Reload the configuration:

systemctl reload httpd.service

Installing PrivateBin

Since PrivateBin is hosted on github, we’ll clone the repository locally:

cd /var/www/html/ && git clone https://github.com/PrivateBin/PrivateBin.git

And give the Apache user ownership of the PrivateBin directory:

chown -R apache:apache PrivateBin/

Configure firewalld to allow HTTP traffic:

firewall-cmd --add-service http --permanent
firewall-cmd --reload

You should now be able to access PrivateBin on http://YOUR_SERVER_IP. For better security/privacy, you should consider using a domain name with HTTPS, however this is beyond the scope of this guide.

If you encounter server-side errors during PrivateBin usage, SELinux is the likely culprit. To disable it, open /etc/sysconfig/selinux with a text editor of your choice, and replace SELINUX=enforcing with SELINUX=disabled. You should now either reboot, or execute setenforce 0 to disable SELinux immediately. Disabling SELinux on production systems is not recommended though, you should consider setting proper labels instead.

Optional

PrivateBin supports MySQL storage in place of the default file-based storage model. To implement MySQL storage, follow the steps below.

Installing MariaDB

yum install -y mariadb-server mariadb 

systemctl enable --now mariadb.service

Secure your MySQL installation with this command:

mysql_secure_installation

Answer the questions as follows:

Enter current password for root (enter for none): Enter
Set root password? [Y/n]: Y
New password: <your-password>
Re-enter new password: <your-password>
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]: Y
Reload privilege tables now? [Y/n]: Y

Make sure you use a strong password.

Configuring MariaDB

Create a database and user for PrivateBin:

mysql -u root -p

MariaDB [(none)]> CREATE DATABASE privatebin DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
MariaDB [(none)]> CREATE USER 'privatebin'@'localhost' IDENTIFIED BY 'newpassword';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON privatebin.* TO 'privatebin'@'localhost';
MariaDB [(none)]> exit;

Make sure you replace newpassword with a secure password. It should be different from the password you chose for the MariaDB root user.

Changing Storage Mode

First, copy the default configuration file for editing:

cd /var/www/html/PrivateBin/cfg
cp conf.sample.php conf.php

Using a text editor of your choice, open the file conf.php. Find the following segment:

[model]
; name of data model class to load and directory for storage
; the default model "Filesystem" stores everything in the filesystem
class = Filesystem
[model_options]
dir = PATH "data"

;[model]
; example of DB configuration for MySQL
;class = Database
;[model_options]
;dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8"
;tbl = "privatebin_"    ; table prefix
;usr = "privatebin"
;pwd = "Z3r0P4ss"
;opt[12] = true      ; PDO::ATTR_PERSISTENT

And replace it with:

; [model]
; name of data model class to load and directory for storage
; the default model "Filesystem" stores everything in the filesystem
; class = Filesystem
; [model_options]
; dir = PATH "data"

[model]
class = Database
[model_options]
dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8"
tbl = "privatebin_"    ; table prefix
usr = "privatebin"
pwd = "newpassword"
opt[12] = true      ; PDO::ATTR_PERSISTENT

Again, make sure you replace newpassword with the password chosen during user creation in the MySQL console, then save and exit.

Finally, restart apache:

systemctl restart httpd.service
Posted in LinuxTagged centosLeave a comment

How to Install WallaBag on Ubuntu 18.04 LTS

Posted on February 21, 2019 - February 21, 2019 by nxnjz

Introduction

Wallabag is a self-hosted PHP web application allowing you to save web pages for later reading. It extracts content so that you can read it when you have time. This article will explain the installation of Wallabag on a Ubuntu 18.04 system.

Prerequisites

  • A Ubuntu 18.04 VPS.
  • Root access to your server (via a user with sudo privileges.)
  • A web server with PHP (Instructions below.)
  • A MySQL database (Instructions below.)

Preparations

Update your system and install required software.

sudo apt update
sudo apt upgrade -y
sudo apt install -y git make composer

Git will be used to download Wallabag from its github repository and composer, via the make command, to install PHP libraries.

Installing a web server stack:

We will be using Apache with PHP, and MariaDB for the database. Execute the following to install the required packages:

sudo apt install -y apache2 php7.2 php7.2-common php7.2-xml php7.2-mbstring php7.2-mysql php7.2-json php7.2-pdo php7.2-gd php7.2-tidy php7.2-curl php7.2-bcmath php7.2-zip mariadb-server mariadb-client

Make sure Apache and MariaDB are enabled and running:

sudo systemctl enable --now apache2.service mariadb.service

Configuring Apache

Using a text editor of your choice, create a new Apache configuration file. For instance:

sudo vim /etc/apache2/sites-available/wallabag.conf

Populate it with the following (insert your Vultr IP address or a domain name pointing to your IP for ServerName):

<VirtualHost *:80>
    ServerName IP_or_DOMAIN_NAME 
    DocumentRoot /var/www/wallabag/web
    <Directory /var/www/wallabag/web>
        AllowOverride None
        Order Allow,Deny
        Allow from All
        <IfModule mod_rewrite.c>
            Options -MultiViews
            RewriteEngine On
            RewriteCond %{REQUEST_FILENAME} !-f
            RewriteRule ^(.*)$ app.php [QSA,L]
        </IfModule>
    </Directory>
 <Directory /var/www/wallabag/web/bundles>
        <IfModule mod_rewrite.c>
            RewriteEngine Off
        </IfModule>
    </Directory>
    ErrorLog /var/log/apache2/wallabag_error.log
    CustomLog /var/log/apache2/wallabag_access.log combined
</VirtualHost>

Save, exit, and enable this virtual host:

sudo a2ensite wallabag.conf

Enable the rewrite apache module:

sudo a2enmod rewrite

Restart Apache to apply changes:

sudo systemctl restart apache2.service

Configuring MariaDB for WallaBag

Start by securing your MySQL installation with this command:

sudo mysql_secure_installation

Answer the questions as shown:

Enter current password for root (enter for none): Enter
Set root password? [Y/n]: Y
New password: <your-password>
Re-enter new password: <your-password>
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]: Y
Reload privilege tables now? [Y/n]: Y

Make sure you use a strong password.

Configuring MariaDB

Create a database and user for Wallabag:

sudo mysql -u root -p

MariaDB [(none)]> CREATE DATABASE wallabag; 
MariaDB [(none)]> CREATE USER 'wallabaguser'@'localhost' IDENTIFIED BY 'wallabagpassword';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON wallabag.* TO 'wallabaguser'@'localhost';
MariaDB [(none)]> exit;

Make sure you replace wallabagpassword with a secure password. It should be different from the password you chose for the MariaDB root user.

Installing Wallabag

Since Wallabag is hosted on github, we’ll clone the repository locally:

cd /var/www/
sudo git clone https://github.com/wallabag/wallabag.git

And transfer ownership to the apache user:

sudo chown -R www-data:www-data /var/www/wallabag

It is not recommended to run the installation scripts as root, so we will use the apache user:

sudo -u www-data /bin/bash
cd /var/www/wallabag/
make install

You will be asked several questions regarding desired configuration:

database_driver (pdo_mysql): pdo_mysql
database_driver_class (null): Press Enter
database_host (127.0.0.1): 127.0.0.1
database_port (null): 3306
database_name (wallabag): wallabag
database_user (root): wallabaguser
database_password (null): wallabagpassword
database_path (null): Press Enter
database_table_prefix (wallabag_): Prefix of your choice or Press Enter for the default.
database_socket (null): Press Enter
database_charset (utf8mb4): Press Enter
domain_name ('https://your-wallabag-url-instance.com'): http://IP_or_DOMAIN_NAME

Choose the default (press Enter) for the remaining questions.

If you followed the steps correctly, you’ve successfully installed WallaBag on Ubuntu. You should now be able to access it on http://IP_or_DOMAIN_NAME. For better security/privacy, you should consider using a domain name with HTTPS, however this is beyond the scope of this guide.

 

Want to Install WallaBag on Fedora 29 instead?

Posted in LinuxTagged apache, ubuntu, wallabagLeave a comment

How to Install PrivateBin on Debian 9.

Posted on February 20, 2019 - February 21, 2019 by nxnjz

PrivateBin is a minimalist online pastebin where the server has zero knowledge of pasted data. This application supports password-protection, expiration, and self-destruction after reading. It is completely open-source and hosted on github. This article will guide through the installation and configuration of PrivateBin on a Debian 9 system.

Prerequisites

  • A Debian 9 server.
  • Root access to your server (via the root user or a user with sudo privileges.)
  • A web server with PHP (Instructions below.)
  • A MySQL database (Instructions below.)

Preparations

If you’re not logged in as the root user, execute sudo -i to obtain a temporary root shell.

Update your system and install required software.

apt update
apt upgrade -y
apt install -y git

Git will be used to download PrivateBin from its github repository.

Installing a web server stack:

We will be using Apache and PHP. Execute the following to install the required packages:

apt update
apt install -y apache2 php php-xml php-mbstring php-mysql php-json php-pdo

Make sure Apache is enabled and running:

systemctl enable --now apache2.service

Configuring Apache

Using a text editor of your choice, create a new configuration file for Apache. For instance:

vim /etc/apache2/sites-available/privatebin.conf

Populate it with the following (insert your IP address or a domain name pointing to your IP for ServerName):

<VirtualHost *:80>
ServerName YOUR_SERVER_IP
DocumentRoot /var/www/html/PrivateBin/
ErrorLog ${APACHE_LOG_DIR}/privatebin-error.log
CustomLog ${APACHE_LOG_DIR}/privatebin-access.log combined
<Directory /var/www/html/PrivateBin>
AllowOverride All
</Directory>
</VirtualHost>

Save, exit, and enable this virtual host:

a2ensite privatebin.conf

Reload the configuration:

systemctl reload apache2.service

Installing PrivateBin

Since PrivateBin is hosted on github, we’ll clone the repository locally:

cd /var/www/html/ && git clone https://github.com/PrivateBin/PrivateBin.git

And give the Apache user ownership of the PrivateBin directory:

chown -R www-data:www-data PrivateBin/

You should now be able to access PrivateBin on http://YOUR_SERVER_IP. For better security/privacy, you should consider using a domain name with HTTPS, however this is beyond the scope of this guide.

Optional

PrivateBin supports MySQL storage in place of the default file-based storage model. To implement MySQL storage, follow the steps below.

Installing MariaDB

apt install -y mariadb-server mariadb-client

systemctl enable --now mariadb.service

Secure your MySQL installation with this command:

mysql_secure_installation

Answer the questions as follows:

Enter current password for root (enter for none): Enter
Set root password? [Y/n]: Y
New password: <your-password>
Re-enter new password: <your-password>
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]: Y
Reload privilege tables now? [Y/n]: Y

Make sure you use a strong password.

Configuring MariaDB

Create a database and user for PrivateBin:

mysql -u root -p

MariaDB [(none)]> CREATE DATABASE privatebin DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
MariaDB [(none)]> CREATE USER 'privatebin'@'localhost' IDENTIFIED BY 'newpassword';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON privatebin.* TO 'privatebin'@'localhost';
MariaDB [(none)]> exit;

Make sure you replace newpassword with a secure password. It should be different from the password you chose for the MariaDB root user.

Changing Storage Mode

First, copy the default configuration file for editing:

cd /var/www/html/PrivateBin/cfg
cp conf.sample.php conf.php

Using a text editor of your choice, open the file conf.php. Find the following segment:

[model]
; name of data model class to load and directory for storage
; the default model "Filesystem" stores everything in the filesystem
class = Filesystem
[model_options]
dir = PATH "data"

;[model]
; example of DB configuration for MySQL
;class = Database
;[model_options]
;dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8"
;tbl = "privatebin_" ; table prefix
;usr = "privatebin"
;pwd = "Z3r0P4ss"
;opt[12] = true ; PDO::ATTR_PERSISTENT

And replace it with:

; [model]
; name of data model class to load and directory for storage
; the default model "Filesystem" stores everything in the filesystem
; class = Filesystem
; [model_options]
; dir = PATH "data"

[model]
class = Database
[model_options]
dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8"
tbl = "privatebin_" ; table prefix
usr = "privatebin"
pwd = "newpassword"
opt[12] = true ; PDO::ATTR_PERSISTENT

Again, make sure you replace newpassword with the password chosen during user creation in the MySQL console, then save and exit.

Restart apache:

systemctl restart apache2.service

And done.

Implementing HTTPS is recommended but beyond the scope of this article. You can obtain and install a certificate, for free, using certbot.

Posted in LinuxTagged debian, linux, pastebin, privatebin5 Comments

How to Install Wallabag on Fedora 29.

Posted on February 12, 2019 - February 20, 2019 by nxnjz

Introduction

Wallabag is a self-hosted PHP web application allowing you to save web pages for later reading. It extracts content so that you can read it when you have time. This article will explain the installation of Wallabag on a Fedora 29 system.

Prerequisites

  • Something running Fedora 29.
  • Root access to your system (via a user with sudo privileges.)
  • A web server with PHP 7 (Instructions below.)
  • A MySQL database (Instructions below.)

Preparations

Update your system:

sudo dnf update -y

Installing a web server stack:

We will be using Apache with PHP, and MariaDB for the database. Execute the following to install the required packages:

sudo dnf install -y httpd php php-common php-xml \
php-json php-curl php-zip php-mbstring php-mysqlnd \
php-pdo php-gd php-tidy php-bcmath mariadb-server mariadb

Make sure Apache and MariaDB are enabled and running:

sudo systemctl enable --now httpd.service mariadb.service

Install miscellaneous packages.

sudo dnf install -y git make composer unzip policycoreutils-python-utils

Git will be used to download Wallabag from its github repository and the make command, along with composer to complete the installation of Wallabag. The policy utilities package is needed for optional SELinux configuration (instructions below)

Configuring Apache

Using a text editor of your choice, create a new Apache configuration file. For instance:

sudo vim /etc/httpd/conf.d/wallabag.conf

Populate it with the following (insert your Vultr IP address or a domain name pointing to your IP for ServerName):

<VirtualHost *:80>
    ServerName IP_or_DOMAIN_NAME 
    DocumentRoot /var/www/wallabag/web
    <Directory /var/www/wallabag/web>
        AllowOverride None
        Order Allow,Deny
        Allow from All
        <IfModule mod_rewrite.c>
            Options -MultiViews
            RewriteEngine On
            RewriteCond %{REQUEST_FILENAME} !-f
            RewriteRule ^(.*)$ app.php [QSA,L]
        </IfModule>
    </Directory>
 <Directory /var/www/wallabag/web/bundles>
        <IfModule mod_rewrite.c>
            RewriteEngine Off
        </IfModule>
    </Directory>
    ErrorLog /var/log/httpd/wallabag_error.log
    CustomLog /var/log/httpd/wallabag_access.log combined
</VirtualHost>

Save and exit.

Reload Apache configuration to apply changes:

sudo systemctl reload httpd.service

Configuring MariaDB

Start by securing your MySQL installation with this command:

sudo mysql_secure_installation

Answer the questions as shown:

Enter current password for root (enter for none): Enter
Set root password? [Y/n]: Y
New password: <your-password>
Re-enter new password: <your-password>
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]: Y
Reload privilege tables now? [Y/n]: Y

Make sure you use a strong password.

Configuring MariaDB

Create a database and user for Wallabag:

sudo mysql -u root -p

MariaDB [(none)]> CREATE DATABASE wallabag; 
MariaDB [(none)]> CREATE USER 'wallabaguser'@'localhost' IDENTIFIED BY 'wallabagpassword';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON wallabag.* TO 'wallabaguser'@'localhost';
MariaDB [(none)]> exit;

Make sure you replace wallabagpassword with a secure password. It should be different from the password you chose for the MariaDB root user.

Installing Wallabag

Since Wallabag is hosted on github, we’ll clone the repository locally:

cd /var/www/
sudo git clone https://github.com/wallabag/wallabag.git

And transfer ownership to the apache user:

sudo chown -R apache:apache /var/www/wallabag

It is not recommended to run the installation scripts as root, so we will use the apache user:

sudo -u apache /bin/bash
cd /var/www/wallabag/
make install

You will be asked several questions regarding desired configuration:

database_driver (pdo_mysql): pdo_mysql
database_driver_class (null): Press Enter
database_host (127.0.0.1): 127.0.0.1
database_port (null): 3306
database_name (wallabag): wallabag
database_user (root): wallabaguser
database_password (null): wallabagpassword
database_path (null): Press Enter
database_table_prefix (wallabag_): Prefix of your choice or Press Enter for the default.
database_socket (null): Press Enter
database_charset (utf8mb4): Press Enter
domain_name ('https://your-wallabag-url-instance.com'): http://IP_or_DOMAIN_NAME

Choose the default (press Enter) for the remaining questions, then exit back to your own user shell session: exit

Security configuration:

SELinux (Security-Enhanced Linux) will interfere with the wallabag application. To disable it, open the file /etc/sysconfig/selinux and replace SELINUX=enforcing with SELINUX=disabled. Reboot to apply changes. If you do not wish to disable SELinux entirely, follow the instrucions below to configure SELinux contexts for web directories.

Five labels are required:

sudo semanage fcontext -a -t httpd_sys_content_t "/var/www/wallabag(/.*)?"
sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/wallabag/data(/.*)?"
sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/wallabag/var(/.*)?"  
sudo semanage fcontext -a -t httpd_log_t "/var/www/wallabag/var/logs(/.*)?"  
sudo semanage fcontext -a -t httpd_cache_t "/var/www/wallabag/var/cache(/.*)"

And apply changes with:

sudo restorecon -R /var/www/wallabag

And set the following SELinux booleans to true:

sudo setsebool -P httpd_can_network_connect 1
sudo setsebool -P httpd_can_network_connect_db 1

Finally, enable HTTP traffic through the firewall:

sudo firewall-cmd --add-service http --permanent
sudo firewall-cmd --reload

You should now be able to access Wallabag on http://IP_or_DOMAIN_NAME. For better security/privacy, you should consider using a domain name with HTTPS, however this is beyond the scope of this guide.

If you’d like to host your own music streaming server, check out these guides.

Posted in LinuxTagged apache, fedora, linux, mariadb, php, wallabagLeave a comment

How to Install PrivateBin on Fedora 29.

Posted on February 12, 2019 - February 20, 2019 by nxnjz

PrivateBin is a minimalist online pastebin where the server has zero knowledge of pasted data. This application supports password-protection, expiration, and self-destruction after reading. It is completely open-source and hosted on github. This article will guide through the installation and configuration of PrivateBin on a Fedora 29 system.

Prerequisites

  • A Fedora 29 system obviously.
  • Root access to your server (via the root user or a user with sudo privileges.)
  • A web server with PHP (Instructions below.)
  • A MySQL database (Instructions below.)

Preparations

If you’re not logged in as the root user, execute sudo -i to obtain a temporary root shell.

Update your system and install required software.


dnf update
dnf install -y git

Git will be used to download PrivateBin from its github repository.

Installing a web server stack:

We will be using Apache and PHP. Execute the following to install the required packages:

dnf install -y httpd php php-common php-xml php-mbstring \
php-mysqlnd php-pdo php-mcrypt php-json

Make sure Apache is enabled and running:

systemctl enable --now httpd.service

Configuring Apache

Using a text editor of your choice, create a new configuration file for Apache. For instance:

vim /etc/httpd/conf.d/privatebin.conf

Populate it with the following (insert your IP address or a domain name pointing to your IP for ServerName):

<VirtualHost *:80>
    ServerName YOUR_SERVER_IP
    DocumentRoot /var/www/html/PrivateBin/
    ErrorLog /var/log/httpd/privatebin-error.log
    CustomLog /var/log/httpd/privatebin-access.log combined
    <Directory /var/www/html/PrivateBin>
    AllowOverride All
    </Directory>
</VirtualHost>

Save and exit.

Reload the configuration:

systemctl reload httpd.service

Installing PrivateBin

Since PrivateBin is hosted on github, we’ll clone the repository locally:

cd /var/www/html/ && git clone https://github.com/PrivateBin/PrivateBin.git

And give the Apache user ownership of the PrivateBin directory:

chown -R apache:apache PrivateBin/

Configure firewalld to allow HTTP traffic:


firewall-cmd --add-service http --permanent
firewall-cmd --reload

You should now be able to access PrivateBin on http://YOUR_SERVER_IP. For better security/privacy, you should consider using a domain name with HTTPS, however this is beyond the scope of this guide.

If you encounter server-side errors during PrivateBin usage, SELinux is the likely culprit. To disable it, open /etc/sysconfig/selinux with a text editor of your choice, and replace SELINUX=enforcing with SELINUX=disabled. You should now either reboot, or execute setenforce 0 to disable SELinux immediately.

Optional

PrivateBin supports MySQL storage in place of the default file-based storage model. To implement MySQL storage, follow the steps below.

Installing MariaDB

dnf install -y mariadb-server mariadb 

systemctl enable --now mariadb.service

Secure your MySQL installation with this command:

mysql_secure_installation

Answer the questions as follows:

Enter current password for root (enter for none): Enter
Set root password? [Y/n]: Y
New password: <your-password>
Re-enter new password: <your-password>
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]: Y
Reload privilege tables now? [Y/n]: Y

Make sure you use a strong password.

Configuring MariaDB

Create a database and user for PrivateBin:

mysql -u root -p

MariaDB [(none)]> CREATE DATABASE privatebin DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
MariaDB [(none)]> CREATE USER 'privatebin'@'localhost' IDENTIFIED BY 'newpassword';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON privatebin.* TO 'privatebin'@'localhost';
MariaDB [(none)]> exit;

Make sure you replace newpassword with a secure password. It should be different from the password you chose for the MariaDB root user.

Changing Storage Mode

First, copy the default configuration file for editing:

cd /var/www/html/PrivateBin/cfg
cp conf.sample.php conf.php

Using a text editor of your choice, open the file conf.php. Find the following segment:

[model]
; name of data model class to load and directory for storage
; the default model "Filesystem" stores everything in the filesystem
class = Filesystem
[model_options]
dir = PATH "data"

;[model]
; example of DB configuration for MySQL
;class = Database
;[model_options]
;dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8"
;tbl = "privatebin_"    ; table prefix
;usr = "privatebin"
;pwd = "Z3r0P4ss"
;opt[12] = true      ; PDO::ATTR_PERSISTENT

And replace it with:

; [model]
; name of data model class to load and directory for storage
; the default model "Filesystem" stores everything in the filesystem
; class = Filesystem
; [model_options]
; dir = PATH "data"

[model]
class = Database
[model_options]
dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8"
tbl = "privatebin_"    ; table prefix
usr = "privatebin"
pwd = "newpassword"
opt[12] = true      ; PDO::ATTR_PERSISTENT

Again, make sure you replace newpassword with the password chosen during user creation in the MySQL console, then save and exit.

Restart apache:

systemctl restart httpd.service

PrivateBin will now store pasted data in its MySQL database.

Posted in LinuxTagged linux, pastebin, privatebin1 Comment

Ampache streaming server installation guides.

Posted on February 5, 2019 - February 21, 2019 by nxnjz

Ampache is a web based audio/video streaming application and file manager allowing you to access your personal music & videos from anywhere, using almost any internet-connected device. It can be installed on most platforms with relative ease. You can visit Ampache’s github page here.

Below are links to detailed guides for 4 major Linux distributions. Familiarity with the shell and privileged (root) access are required.

 

Ampache Installation on Debian 9.

Ampache Installation on Ubuntu 18.04.

Ampache Installation on CentOS 7.

Ampache Installation on Fedora 29.

 

 

Posted in LinuxTagged ampache, linux, music2 Comments

Installing Ampache on Fedora 29.

Posted on February 5, 2019 - October 25, 2019 by nxnjz

Ampache requires a web server, PHP, and a MySQL database. We will be using Apache, PHP 7.2, and MariaDB to fulfill these requirements.

Installing the web stack and other required packages.

dnf upgrade -y
dnf install -y httpd mariadb-server mariadb wget php php-common php-cli php-pdo php-xml php-gd php-mysqlnd composer

And make sure Apache and MariaDB are enabled and running:

systemctl enable --now mariadb.service httpd.service

Database Configuration

Start by running the built-in MariaDB secure installation program:

mysql_secure_installation

When prompted for Y/n answers, choose Y for all questions and make sure you set a strong password.

Ampache requires a database and a MySQL user. Enter the MySQL console:

mysql -u root -p

Create a database named ampache:

MariaDB [(none)]> CREATE DATABASE ampache;

Create a local user named ampache;

MariaDB [(none)]> CREATE USER 'ampache'@'localhost' IDENTIFIED BY 'ampache_password';

Replace ampache_password with a password of your choice.

And grant that user full access to its respective database:

MariaDB [(none)]> GRANT ALL PRIVILEGES ON ampache.* TO 'ampache'@'localhost';

Then exit:

MariaDB [(none)]> exit;

Apache Configuration

Create a new virtual host file with a text editor of your choice, for example:

vim /etc/httpd/conf.d/ampache.conf

And paste the following, replacing SERVER_IP with the correct IP address or your FQDN if you wish to use one.

<VirtualHost *:80>
    ServerName SERVER_IP
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html/ampache/
    ErrorLog /var/log/httpd/ampache-error.log
    CustomLog /var/log/httpd/ampache-access.log combined
    <Directory /var/www/html/ampache/>
    AllowOverride All
    </Directory>
</VirtualHost>

Save and exit.

Restart Apache.

systemctl restart httpd.service

Firewalld configuration

Enable HTTP ports in the firewall daemon:

firewall-cmd --add-service http --add-service https --permanent
firewall-cmd --reload

Disabling SELinux

Ampache will not work properly with SELinux enabled. To disable it, open /etc/sysconfig/selinux with a text editor of your choice, and replace SELINUX=enforcing with SELINUX=disabled. You should now either reboot, or execute setenforce 0 to disable SELinux immediately.

Ampache Installation:

You can download the latest stable release with the following command:

wget https://github.com/ampache/ampache/archive/master.tar.gz

Extract and move the resulting directory:

tar -xzf master.tar.gz
mv ampache-master/ /var/www/html/ampache/

Ampache uses composer to install and manage dependencies. Optionally, switch to a non-root user before running composer.

cd /var/www/html/ampache
composer install --prefer-source --no-interaction

Once composer finishes, give Apache full ownership of the ampache web root and its content:

chown -R apache:apache /var/www/html/ampache/

You should be able to access Ampache at http://SERVER_IP/

The remaining configuration will now be done using the web interface. Here are some guidelines:

  1. Select your Preferred Language and press “Start Configuration”
  2. The next page will check if requirements are established.
  3. In the database creation step, fill in the details as follows:
    • Desired Database Name: ampache
    • MySQL Hostname: localhost
    • MySQL port: leave blank
    • MySQL Administrative Username: ampache
    • MySQL Administrative Password: The password chosen during user creation in the MySQL console.
    • Create Database: unchecked
    • Overwrite if database already exists: unchecked
    • Create Tables: checked
    • Create Database User: unchecked
  4. In the configuration generation step:
    • Web Path: /
    • Database Name: ampache
    • MySQL Hostname: localhost
    • MySQL Port: leave blank
    • MySQL Username: ampache
    • MySQL Password: The password chosen during user creation in the MySQL console.
    • Installation type: Assuming you want a fully featured installation for personal use, choose Default.
    • Transcoding Template Configuration: None
    • Players: You should leave these settings unchanged in most cases.
  5. Create Admin Account: Choose a username and password and proceed.

Your Ampache installation is now ready for use. You can login at http://SERVER_IP//login.php

You can read about creating your first catalog in the Ampache wiki.

Optional

If you plan on uploading files via Ampache, you should change the PHP max upload size. Using a text editor of your choice, open the file /etc/php.ini and find the following line:

upload_max_filesize = 2M

Change it to:

upload_max_filesize = 100M

This will allow upload of files up to 100MB in size, you can change this value according to your needs.

Posted in Linux1 Comment

Installing Ampache on CentOS 7.

Posted on February 5, 2019 - May 1, 2020 by nxnjz

Ampache requires a web server, PHP, and a MySQL database. We will be using Apache, PHP 7, and MariaDB to fulfill these requirements.

Installing the web stack and other required packages.

yum update -y
yum install -y httpd mariadb-server mariadb wget yum-utils epel-release git

And make sure Apache and MariaDB are enabled and running:

systemctl enable --now mariadb.service httpd.service

Installing PHP7.2

The default PHP version in CentOS repositories is not recent enough for Ampache. We will install PHP 7.2 from a third party repository.

yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum-config-manager --enable remi-php72
yum install php php-common php-pdo php-cli php-mysql php-xml php-gd

Installing Composer.

Composer will be used to install additional PHP dependencies for Ampache.

Run the following command to download composer’s installation script:

wget https://getcomposer.org/installer -O composer-setup.php

And execute it:

php composer-setup.php --install-dir=/usr/local/bin --filename=composer

Installing FFmpeg

FFmpeg will be used for audio and video encoding/decoding. It isn’t available in official CentOS repositories, hence the need for the third-party repo known as Nux Dextop.

Install Nux Dextop:

rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm

FFmpeg can now be installed with:

yum install -y ffmpeg

Database Configuration

Start by running the built-in MariaDB secure installation program:

mysql_secure_installation

When prompted for Y/n answers, choose Y for all questions and make sure you set a strong password.

Ampache requires a database and a MySQL user. Enter the MySQL console:

mysql -u root -p

Create a database named ampache:

MariaDB [(none)]> CREATE DATABASE ampache;

Create a local user named ampache;

MariaDB [(none)]> CREATE USER 'ampache'@'localhost' IDENTIFIED BY 'ampache_password';

Replace ampache_password with a password of your choice.

And grant that user full access to its respective database:

MariaDB [(none)]> GRANT ALL PRIVILEGES ON ampache.* TO 'ampache'@'localhost';

Then exit:

MariaDB [(none)]> exit;

Apache Configuration

Create a new virtual host file with a text editor of your choice, for example:

vim /etc/httpd/conf.d/ampache.conf

And paste the following, replacing SERVER_IP with the correct IP address or your FQDN if you wish to use one.

<VirtualHost *:80>
    ServerName SERVER_IP
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html/ampache/
    ErrorLog /var/log/httpd/ampache-error.log
    CustomLog /var/log/httpd/ampache-access.log combined
    <Directory /var/www/html/ampache/>
    AllowOverride All
    </Directory>
</VirtualHost>

Save and exit.

Restart Apache.

systemctl restart httpd.service

Firewalld configuration

Enable HTTP ports in the firewall daemon:

firewall-cmd --add-service http --add-service https --permanent
firewall-cmd --reload

Disabling SELinux

Ampache will not work properly with SELinux enabled. To disable it, open /etc/sysconfig/selinux with a text editor of your choice, and replace SELINUX=enforcing with SELINUX=disabled. You should now either reboot, or execute setenforce 0 to disable SELinux immediately.

Ampache Installation:

You can download the latest stable release with the following command:

wget https://github.com/ampache/ampache/archive/master.tar.gz

Extract and move the resulting directory:

tar -xzf master.tar.gz
mv ampache-master/ /var/www/html/ampache/

Ampache uses composer to install and manage dependencies. Optionally, switch to a non-root user before running composer.

cd /var/www/html/ampache
composer install --prefer-source --no-interaction

Once composer finishes, give Apache full ownership of the ampache web root and its content:

chown -R apache:apache /var/www/html/ampache/

You should be able to access Ampache at http://SERVER_IP/

The remaining configuration will now be done using the web interface. Here are some guidelines:

  1. Select your Preferred Language and press “Start Configuration”
  2. The next page will check if requirements are established.
  3. In the database creation step, fill in the details as follows:
    • Desired Database Name: ampache
    • MySQL Hostname: localhost
    • MySQL port: leave blank
    • MySQL Administrative Username: ampache
    • MySQL Administrative Password: The password chosen during user creation in the MySQL console.
    • Create Database: unchecked
    • Overwrite if database already exists: unchecked
    • Create Tables: checked
    • Create Database User: unchecked
  4. In the configuration generation step:
    • Web Path: /
    • Database Name: ampache
    • MySQL Hostname: localhost
    • MySQL Port: leave blank
    • MySQL Username: ampache
    • MySQL Password: The password chosen during user creation in the MySQL console.
    • Installation type: Assuming you want a fully featured installation for personal use, choose Default.
    • Transcoding Template Configuration: ffmpeg
    • Players: You should leave these settings unchanged in most cases.
  5. Create Admin Account: Choose a username and password and proceed.

Your Ampache installation is now ready for use. You can login at http://SERVER_IP//login.php

You can read about creating your first catalog in the Ampache wiki.

Optional

If you plan on uploading files via Ampache, you should change the PHP max upload size. Using a text editor of your choice, open the file /etc/php.ini and find the following line:

upload_max_filesize = 2M

Change it to:

upload_max_filesize = 100M

This will allow upload of files up to 100MB in size, you can change this value according to your needs.

Posted in Linux5 Comments

Installing Ampache on Debian 9.

Posted on January 26, 2019 - October 25, 2019 by nxnjz

Preparations

Ampache requires a web server, PHP, and a MySQL database. We will be using Apache, PHP 7, and MariaDB to fulfill these requirements.

Installing the web stack and other required packages.


apt update
apt install -y apache2 mariadb-server mariadb-client php php-common php-mysql php-curl php-xml composer php-gd ffmpeg

And make sure Apache and MariaDB are enabled and running:

systemctl enable --now mariadb.service apache2.service

Database Configuration

Start by running the built-in MariaDB secure installation program:

mysql_secure_installation

When prompted for Y/n answers, choose Y for all questions and make sure you set a strong password.

Ampache requires a database and a dedicated MySQL user. Enter the MySQL console:
mysql -u root -p

Create a database named ampache:

MariaDB [(none)]> CREATE DATABASE ampache;

Create a local user named ampache;

MariaDB [(none)]> CREATE USER 'ampache'@'localhost' IDENTIFIED BY 'ampache_password';

Replace ampache_password with a password of your choice.

And grant that user full access to its respective database:
MariaDB [(none)]> GRANT ALL PRIVILEGES ON ampache.* TO 'ampache'@'localhost';

Then exit:

MariaDB [(none)]> exit;

Apache Configuration

Create a new virtual host file with a text editor of your choice, for example:

vim /etc/apache2/sites-available/ampache.conf

And paste the following, replacing SERVER_IP with the correct IP address or your FQDN if you wish to use one.


<VirtualHost *:80>
    ServerName SERVER_IP
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html/ampache/
    ErrorLog ${APACHE_LOG_DIR}/ampache-error.log
    CustomLog ${APACHE_LOG_DIR}/ampache-access.log combined
    <Directory /var/www/html/ampache/>
    AllowOverride All
    </Directory>
</VirtualHost>

Enable this virtual host:

a2ensite ampache.conf

Enable required Apache modules:


a2enmod rewrite
a2enmod expires

Restart Apache for the changes to take effect:

systemctl restart apache2.service

Ampache Installation:

 

You can download the latest stable release with the following command:

wget https://github.com/ampache/ampache/archive/master.tar.gz

Extract and move the resulting directory:


tar -xzf master.tar.gz
mv ampache-master/ /var/www/html/ampache/

Ampache uses composer to install and manage dependencies. Optionally, switch to a non-root user before running composer.


cd /var/www/html/ampache
composer install --prefer-source --no-interaction

Once composer finishes, give Apache full ownership of the ampache web root and its content:

chown -R www-data:www-data /var/www/html/ampache

You should be able to access Ampache at http://SERVER_IP/

The remaining configuration will now be done using the web interface. Here are some guidelines:

  1. Select your Preferred Language and press “Start Configuration”
  2. The next page will check if requirements are established.
  3. In the database creation step, fill in the details as follows:
    • Desired Database Name: ampache
    • MySQL Hostname: localhost
    • MySQL port: leave blank
    • MySQL Administrative Username: ampache
    • MySQL Administrative Password: The password chosen during user creation in the MySQL console.
    • Create Database: unchecked
    • Overwrite if database already exists: unchecked
    • Create Tables: checked
    • Create Database User: unchecked
  4. In the configuration generation step:
    • Web Path: /
    • Database Name: ampache
    • MySQL Hostname: localhost
    • MySQL Port: leave blank
    • MySQL Username: ampache
    • MySQL Password: The password chosen during user creation in the MySQL console.
    • Installation type: Assuming you want a fully featured installation for personal use, choose Default.
    • Transcoding Template Configuration: ffmpeg
    • Players: You should leave these settings unchanged in most cases.
  5. Create Admin Account: Choose a username and password and proceed.

Your Ampache installation is now ready for use. You can login at http://SERVER_IP//login.php

You can read about creating your first catalog in the Ampache wiki.

Optional

 

If you plan on uploading files via Ampache, you should change the PHP max upload size. Using a text editor of your choice, open the file /etc/php/7.0/apache2/php.ini and find the following line:

upload_max_filesize = 2M

Change it to:

upload_max_filesize = 100M

This will allow upload of files up to 100MB in size, you can change this value according to your needs.

Posted in Linux1 Comment

Posts navigation

Older posts
Newer posts

Recent Posts

  • CVE-2021-42052 full disclosure
  • How to Set Up an Interactive SSH Honeypot on CentOS 8.
  • HackTheBox.eu Jarvis Writeup
  • How to setup a simple proxy server with tinyproxy (Debian 10 Buster)
  • How to Install qdPM 9.1 on Debian 10 LEMP

Tags

802.11 ampache apache aspx bash cd centos cms crm cve debian exploits fedora fulldisclosure hackthebox honeypot http httpd ifconfig iw iwconfig labs lfi linux mariadb memory monit music nginx pastebin php privatebin privesc project management proxy reconnoitre selinux shopt ssh systemd txpower ubuntu wallabag wireless xxe

Categories

  • BASH (1)
  • CTF/Labs (2)
  • CVE / full disclosure (1)
  • Information Gathering (1)
  • Linux (25)
  • Password Cracking (1)
  • Privilege Escalation (2)
  • SQL Injection (1)
  • Web-Shells (1)
  • Wifi (2)
  • XXE (1)

Recent Comments

  • Bernard Martiny on How to Install PrivateBin on Ubuntu 18.04 LTS
  • VuCSA on List of security labs/challenges/CTFs
  • Brian on How to Install PrivateBin on Fedora 29.
  • Tyreeb on Installing Ampache on CentOS 7.
  • Christian Mora on Installing Ampache on CentOS 7.