Skip to content

NXNJZ

Linux and Security

  • BLOG
  • Cowsay Fortune
  • Contact
  • Gitlab
  • Company Homepage

Tag: centos

How to Set Up an Interactive SSH Honeypot on CentOS 8.

Posted on November 22, 2019 - November 23, 2019 by nxnjz

Introduction

A honeypot is a piece of software or a system that is designed to detect and monitor malicious activity, and deflect attackers from your actual production services and systems. This article will explain the deployment of an interactive SSH honeypot using Cowrie, a free and open-source SSH honeypot. It can log brute force connection attempts and any commands executed by attackers. Additionally, it employs a ‘fake’, isolated filesystem for better interaction and deception. A CentOS 8 machine is used for this guide.

Requirements

  • A CentOS 8 system.
  • Access to the root user or any user with sudo privileges.

NOTE: This guide assumes SELinux is set to either permissive or disabled.

If using a sudo user, use a root shell for the duration of this setup:

sudo -s

Step 1: Pre-Installation Steps

Update your system and install the software packages which are required for this setup:

dnf update -y
dnf install -y python3 python3-virtualenv python3-pip git firewalld

Create a cowrie user account:

useradd cowrie

Ensure the firewall daemon is enabled and running:

systemctl enable --now firewalld.service

Temporarily allow traffic to port 2222. This port will be initially used to access the honeypot.

firewall-cmd --add-port 2222/tcp

Step 2: Installing Cowrie SSH Honeypot

Switch to the cowrie user:

su - cowrie

Clone the Cowrie Github repository:

git clone https://github.com/cowrie/cowrie.git

A Python virtual environment provides a stable and isolated environment where we can have the specific Python modules and their versions that are required by the honeypot. Change into the cowrie directory then initialize a Python virtual env:

cd cowrie
virtualenv-3 --python=/usr/bin/python3 cowrie-venv

Enter it:

. cowrie-venv/bin/activate

Install the required Python modules:

pip3 install -r requirements.txt

Step 3: Initial Testing

At this point you should be able to run the honeypot and test things out before proceeding.

Start Cowrie:

bin/cowrie start

shows starting cowrie honeypot and listening port

From your local machine, try logging into the honeypot as root. Enter any random password but not toor, 123456, or anything containing honeypot.

ssh root@ip_address -p 2222

connecting to ssh honeypot and interacting

As you can see, we are able to authenticate and run commands as if this were a normal SSH session. Once you’re satisfied with testing, log out of the honeypot and stop Cowrie:

bin/cowrie stop

Now let’s make things more permanent.

Step 4: Creating a Systemd Service

Using a Systemd service to manage the honeypot is recommended for a few reasons:

  • Start, stop and check the status of the honeypot with single commands.
  • Restart the honeypot automatically on boot and on failure.
  • Consistency with other system services.

While still logged in as cowrie , open bin/cowrie with your text editor:

cd /home/cowrie/cowrie/
vim bin/cowrie

Find the following lines:

#COWRIE_VIRTUAL_ENV=my-env
DAEMONIZE=""

And change them to the following (don’t forget to remove the ‘#’):

COWRIE_VIRTUAL_ENV=cowrie-venv
DAEMONIZE="-n"

Save your changes and then exit back to your root shell:

exit

Create a new Systemd unit file with your text editor:

vim /etc/systemd/system/cowrie-honeypot.service

Enter the following:

[Unit]
Description=Interactive SSH Honeypot
Wants=network.target
[Service]
Type=simple
User=cowrie
Group=cowrie
ExecStart=/home/cowrie/cowrie/bin/cowrie start
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target

Save and exit, then start the service:

systemctl daemon-reload
systemctl start cowrie-honeypot.service

You can check if it is running with:

systemctl status cowrie-honeypot.service

If you want the honeypot to start automatically after boot, execute:

systemctl enable cowrie-honeypot.service

Step 5: Using TCP port 22 for the honeypot

Your honeypot will receive significantly more connections if it uses port 22, which is the default SSH port. As Cowrie uses port 2222 by default, you can forward connections on that port to port 22. But first, change the port used by the real SSH server and configure the firewall accordingly.

Allow traffic to port 222:

firewall-cmd --add-port 222/tcp --permanent
firewall-cmd --reload

Make sure this change took effect. The following command should output 222/tcp :

firewall-cmd --list-ports

Open the OpenSSH daemon configuration file:

vim /etc/ssh/sshd_config

Find the line:

#Port 22

Change it to:

Port 222

Save the change and restart the SSH server:

systemctl restart sshd.service

Check and make sure that it is now listening on port 222:

ss -lntp

openssh changed listening port

Exit your SSH session and reconnect to port 222 instead. If not logged in as root, start a root shell:

sudo -s

Remove the SSH service (which allows traffic to port 22/tcp) from firewalld as it is now running on a different port:

firewall-cmd --remove-service ssh --permanent
firewall-cmd --reload

Enable IP masquerading and add a rule to forward traffic on port 22 to port 2222:

firewall-cmd --add-masquerade --permanent
firewall-cmd --add-forward-port=port=22:proto=tcp:toport=2222 --permanent
firewall-cmd --reload

That’s it. The honeypot is now accessible on the default SSH port.

Step 6: Configuring SSH Honeypot Users

While legitimate users and their passwords are stored in /etc/passwd and /etc/shadow, fake SSH users are configured in etc/userdb.txt in the cowrie directory. You can easily configure allowed/disallowed user/password combinations by adding entries to that file.

The following format is used:

[username]:x:[password]
  • Any username not explicitely listed will not be able to authenticate.
  • You can use arbitrary usernames, they do not have to be real user accounts on your system.
  • You can have more than one rule per username.
  • Prepend the ‘!’ character to a password to explicitely blacklist it.
  • Use the ‘*’ character as a password to allow all passwords.
  • Use /BRE/ syntax to match passwords based on regular expressions.

Consider the following example:

root:x:!toor
root:x:!/admin/
root:x:*
admin:x:admin

With the above entries, the root user will be allowed to authenticate with any password, except toor and any password containing admin. The admin user will only be allowed be login with the password admin.

The default is as follows:

root:x:!root
root:x:!123456
root:x:!/honeypot/i
root:x:*
tomcat:x:*
oracle:x:*

To change the default, start by creating a file in /home/cowrie/cowrie/etc/ named userdb.txt:

vim /home/cowrie/cowrie/etc/userdb.txt

Populate this file according to your needs, then give ownership to the cowrie user and group:

chown cowrie:cowrie /home/cowrie/cowrie/etc/userdb.txt

Honeypot Logs

Connection attempts, shell activity and other details are logged to /home/cowrie/cowrie/var/log/cowrie. You may use a logging server to store and display honeypot logs instead, but that is beyond the scope of this article. The collected data from the honeypot can be used to populate IP blacklists, to monitor threats, and for research purposes.

More Info

  • Cowrie on Github
  • Honeypot(computing) on Wikipedia
Posted in LinuxTagged centos, honeypot, sshLeave a comment

How to Install qdPM 9.1 on CentOS 7.

Posted on September 24, 2019 - October 3, 2019 by nxnjz

Introduction

qdPM is a free and open-source web application for project management. It is designed for small teams working on multiple projects and allows easy management of tasks and roles. qdPM is fully configurable and features a customer-facing ticket system that is integrated into task management. This guide will walk you through the complete installation and configuration of qdPM 9.1 on CentOS 7 with SELinux in enforcing mode.

Requirements

  • A fresh CentOS 7 system.
  • Root access to your server.
  • Optionally, a domain name with an A record pointing to your IP address (required for HTTPS.)

NOTE: pm.example.com should be replaced with the public IP address or domain name of your server.

Installation

Step 1: Installing PHP, Apache and MariaDB.

qdPM requires a web server with PHP processing and a MySQL database. We will install and setup Apache and MariaDB to fulfill those requirements.

Update your system and software:

yum update -y
reboot

After the reboot, login again to install Apache, PHP, MariaDB, and other packages:

yum install -y httpd php php-common php-pdo php-mysql php-xml mariadb-server unzip wget

And make sure the Apache and MariaDB services are enabled and running:

systemctl enable --now httpd.service mariadb.service

If SELinux is enforcing (check with getenforce), install the corresponding management utilities:

yum install -y policycoreutils-python

Step 2: Database Setup.

We’ll create a database and a corresponding user dedicated to qdPM. But first, secure your MySQL installation with the following script:

mysql_secure_installation

During the process, answer questions as shown below:

Enter current password for root (enter for none): Press :key_enter:
Set root password? [Y/n]: y
New password: <your-secure-password>
Re-enter new password: <your-secure-password>
Remove anonymous users? [Y/n]: y
Disallow root login remotely? [Y/n]: y
Remove test database and access to it? [Y/n]: y
Reload privilege tables now? [Y/n]: y

Now let’s setup the database and user:

mysql -u root -p

Enter the MariaDB root password you set earlier to log in. In the MySQL cli, use the following commands to create a database and user:

CREATE DATABASE qdpm_db default charset utf8;
CREATE USER 'qdpm_user'@'localhost' IDENTIFIED BY 'StrongPasswordHere';
GRANT ALL PRIVILEGES ON qdpm_db.* TO 'qdpm_user'@'localhost';
EXIT;

Step 3: Download qdPM.

Use the following command to download qdPM 9.1:

wget https://netix.dl.sourceforge.net/project/qdpm/qdPM_9.1.zip

Unzip to the webroot:

unzip -d /var/www/html/qdpm qdPM_9.1.zip
rm qdPM_9.1.zip

And give ownership of the qdpm directory to the Apache user:

chown -R apache:apache /var/www/html/qdpm

Step 4: HTTPD configuration.

We’ll now configure Apache. Create a virtual host file in /etc/httpd/conf.d/ with a text editor of your choice. For example:

nano /etc/httpd/conf.d/qdpm80.conf

Add the following lines (while replacing pm.example.com with your own domain name or IP address).

<VirtualHost *:80>

 DocumentRoot /var/www/html/qdpm
 ServerName pm.example.com

 <Directory /var/www/html/qdpm>
   Options FollowSymLinks
   AllowOverride All
 </Directory>

 ErrorLog /var/log/httpd/qdpm-error.log
 CustomLog /var/log/httpd/qdpm-access.log common

</VirtualHost>

Reload the httpd service to apply the new configuration:

systemctl reload httpd.service

And enable traffic to port 80:

 firewall-cmd --add-service http --permanent
 firewall-cmd --reload

Your qdPM instance should be accessible at http://pm.example.com/. Proceed to step 5 if you want to configure HTTPS, or skip to step 6 to finalize the installation process.

Step 5a: HTTPS configuration (Optional, highly recommended).

Please note that this step will not work with an IP address, a domain name is required. Start by installing certbot and the SSL module for Apache, followed by obtaining an SSL certificate for your domain name from Let’s Encrypt, using the certbot tool:

yum install -y certbot mod_ssl
certbot certonly --webroot --agree-tos -m youremail@domain.tld -d pm.example.com

You’ll be prompted to input the webroot location for your domain, enter /var/www/html/qdpm. Certbot will verify ownership of your domain and will issue an SSL certificate which we will use to setup HTTPS. Next, create another virtual host file:

nano /etc/httpd/conf.d/qdpm443.conf

And add these lines:

<VirtualHost *:443>

  DocumentRoot /var/www/html/qdpm
  ServerName pm.example.com

  SSLEngine on
  SSLCertificateFile /etc/letsencrypt/live/pm.example.com/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/pm.example.com/privkey.pem
  SSLProtocol all -SSLv2 -SSLv3
  SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
  SSLHonorCipherOrder on
  SSLCompression off
  SSLOptions +StrictRequire

  <Directory /var/www/html/qdpm>
    Options FollowSymLinks
    AllowOverride All
  </Directory>

  ErrorLog /var/log/httpd/qdpm-error.log
  CustomLog /var/log/httpd/qdpm-access.log common

</VirtualHost>

Reload the Apache service:

systemctl reload httpd.service

And allow HTTPS traffic through the firewall:

 firewall-cmd --add-service https --permanent
 firewall-cmd --reload

Step 5b: HTTP to HTTPS redirection

If you’d like to redirect all incoming HTTP traffic to HTTPS, open /etc/httpd/conf.d/qdpm80.conf in a text editor and add the following lines after the ServerName directive:

RewriteEngine on
RewriteCond %{SERVER_NAME} =pm.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

And reload the Apache service once again:

systemctl reload httpd.service

Step 6: SELinux

If SELinux is permissive/disabled and you do not intend on enabling it later, you can skip this step.

qdPM requires write access to the core directory. To allow this access, set the “httpd_sys_rw_content_t” context on core and its children:

semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/qdpm/core(/.*)?"
restorecon -Rv /var/www/html/qdpm/

Step 7: Web Installer

Navigate to http://pm.example.com/ or https://pm.example.com/. You should get see the message Environment checked. No errors found. You can install qdPM.. Click Database Config and fill in the form as follows:

  • Database host: localhost
  • Database port: Leave blank.
  • Database name: qdpm_db
  • DB username: qdpm_user
  • DB password: Enter the password you chose during user creation in step 2.

Now click “Install Database” and enter your email and password to create the default administrator account.

Finally, wait for the web installer to finish, then login via SSH and remove the `install’ directory:

rm /var/www/html/qdpm/install/ -rf

Your qdPM installation is now complete.

Posted in LinuxTagged centos, httpd, linux, project management, selinux1 Comment

How to Install Wallabag on CentOS 7

Posted on March 8, 2019 - November 21, 2019 by nxnjz

Introduction

Wallabag is a self-hosted PHP web application allowing you to save web pages for later reading. It extracts content so that you can read it when you have time. This article will explain the installation of Wallabag on a system running CentOS 7.

NOTE: This guide assumes that SELinux is disabled, which is the case on many CentOS 7 images, including Vultr‘s.

Prerequisites

  • A CentOS 7 virtual/physical instance.
  • Root access to your server (via a user with sudo privileges.)
  • A web server with PHP 7 (Instructions below.)
  • A MySQL database (Instructions below.)

Preparations

Update your system:

sudo yum update -y

Install additional repositories

Wallabag requires a version of PHP and other packages that are not available in the default CentOS repositories. We will install EPEL (Extra Packages for Enterprise Linux) and Remi.

sudo yum install -y epel-release yum-utils
sudo yum install -y https://rpms.remirepo.net/enterprise/remi-release-7.rpm

And enable PHP 7.0 packages from the newly installed repository:

sudo yum-config-manager --enable remi-php70
Installing a web server stack:

We will be using Apache with PHP, and MariaDB for the database. Execute the following to install the required packages:

sudo yum update
sudo yum install -y httpd php php-common php-curl php-json php-zip php-xml php-mbstring php-mysql php-pdo php-gd php-tidy php-bcmath mariadb-server mariadb

Make sure Apache and MariaDB are enabled and running:

sudo systemctl enable --now httpd.service mariadb.service

Install miscellaneous packages.

sudo yum install -y git make composer unzip

Git will be used to download Wallabag from its github repository and the make command, along with composer to complete the installation of Wallabag.

Configuring Apache

Using a text editor of your choice, create a new Apache configuration file. For instance:

sudo vim /etc/httpd/conf.d/wallabag.conf

Populate it with the following (insert your public IP address or a domain name pointing to your IP for ServerName):

<VirtualHost *:80>
    ServerName IP_or_DOMAIN_NAME 
    DocumentRoot /var/www/wallabag/web
    <Directory /var/www/wallabag/web>
        AllowOverride None
        Order Allow,Deny
        Allow from All
        <IfModule mod_rewrite.c>
            Options -MultiViews
            RewriteEngine On
            RewriteCond %{REQUEST_FILENAME} !-f
            RewriteRule ^(.*)$ app.php [QSA,L]
        </IfModule>
    </Directory>
 <Directory /var/www/wallabag/web/bundles>
        <IfModule mod_rewrite.c>
            RewriteEngine Off
        </IfModule>
    </Directory>
    ErrorLog /var/log/httpd/wallabag_error.log
    CustomLog /var/log/httpd/wallabag_access.log combined
</VirtualHost>

Save and exit.

Reload Apache configuration to apply changes:

sudo systemctl reload httpd.service

Configuring MariaDB

Start by securing your MySQL installation with this command:

sudo mysql_secure_installation

Answer the questions as shown:

Enter current password for root (enter for none): Enter
Set root password? [Y/n]: Y
New password: <your-password>
Re-enter new password: <your-password>
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]: Y
Reload privilege tables now? [Y/n]: Y

Make sure you use a strong password.

Configuring MariaDB

Create a database and user for Wallabag:

sudo mysql -u root -p

MariaDB [(none)]> CREATE DATABASE wallabag; 
MariaDB [(none)]> CREATE USER 'wallabaguser'@'localhost' IDENTIFIED BY 'wallabagpassword';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON wallabag.* TO 'wallabaguser'@'localhost';
MariaDB [(none)]> exit;

Make sure you replace wallabagpassword with a secure password. It should be different from the password you chose for the MariaDB root user.

Installing Wallabag

Since Wallabag is hosted on github, we’ll clone the repository locally:

cd /var/www/
sudo git clone https://github.com/wallabag/wallabag.git

And transfer ownership to the apache user:

sudo chown -R apache:apache /var/www/wallabag

It is not recommended to run the installation scripts as root, so we will use the apache user:

sudo -u apache /bin/bash
cd /var/www/wallabag/
make install

You will be asked several questions regarding desired configuration:

database_driver (pdo_mysql): pdo_mysql
database_driver_class (null): Press Enter
database_host (127.0.0.1): 127.0.0.1
database_port (null): 3306
database_name (wallabag): wallabag
database_user (root): wallabaguser
database_password (null): wallabagpassword
database_path (null): Press Enter
database_table_prefix (wallabag_): Prefix of your choice or Press Enter for the default.
database_socket (null): Press Enter
database_charset (utf8mb4): Press Enter
domain_name ('https://your-wallabag-url-instance.com'): http://IP_or_DOMAIN_NAME

Choose the default (press Enter) for the remaining questions, then exit back to your own user shell session: exit

Finally, enable HTTP traffic through the firewall:

sudo firewall-cmd --add-service http --permanent
sudo firewall-cmd --reload

You should now be able to access Wallabag on http://IP_or_DOMAIN_NAME. For better security/privacy, you should consider using a domain name with HTTPS, however this is beyond the scope of this guide.

Posted in LinuxTagged centosLeave a comment

How to Install PrivateBin on CentOS 7.

Posted on March 4, 2019 - November 21, 2019 by nxnjz

Introduction

PrivateBin is a minimalist online pastebin where the server has zero knowledge of pasted data. This application supports password-protection, expiration, and self-destruction after reading. It is completely open-source and hosted on github. This article will guide through the installation and configuration of PrivateBin on a CentOS 7 system.

Prerequisites

  • A CentOS 7 system.
  • Root access to your server (via the root user or a user with sudo privileges.)
  • A web server with PHP (Instructions below.)
  • A MySQL database (Instructions below.)

Preparations

If you’re not logged in as the root user, execute sudo -i to obtain a temporary root shell.

Update your system and install required software.

yum update
yum install -y git

Git will be used to download PrivateBin from its github repository.

Installing a web server stack:

We will be using Apache and PHP. Execute the following to install the required packages:

yum install -y epel-release
yum install -y httpd php php-common php-xml php-mbstring php-mysql php-pdo php-mcrypt

Make sure Apache is enabled and running:

systemctl enable --now httpd.service

Configuring Apache

Using a text editor of your choice, create a new configuration file for Apache. For instance:

vim /etc/httpd/conf.d/privatebin.conf

Populate it with the following (insert your IP address or a domain name pointing to your IP for ServerName):

<VirtualHost *:80>
    ServerName YOUR_SERVER_IP
    DocumentRoot /var/www/html/PrivateBin/
    ErrorLog /var/log/httpd/privatebin-error.log
    CustomLog /var/log/httpd/privatebin-access.log combined
    <Directory /var/www/html/PrivateBin>
    AllowOverride All
    </Directory>
</VirtualHost>

Save and exit.

Reload the configuration:

systemctl reload httpd.service

Installing PrivateBin

Since PrivateBin is hosted on github, we’ll clone the repository locally:

cd /var/www/html/ && git clone https://github.com/PrivateBin/PrivateBin.git

And give the Apache user ownership of the PrivateBin directory:

chown -R apache:apache PrivateBin/

Configure firewalld to allow HTTP traffic:

firewall-cmd --add-service http --permanent
firewall-cmd --reload

You should now be able to access PrivateBin on http://YOUR_SERVER_IP. For better security/privacy, you should consider using a domain name with HTTPS, however this is beyond the scope of this guide.

If you encounter server-side errors during PrivateBin usage, SELinux is the likely culprit. To disable it, open /etc/sysconfig/selinux with a text editor of your choice, and replace SELINUX=enforcing with SELINUX=disabled. You should now either reboot, or execute setenforce 0 to disable SELinux immediately. Disabling SELinux on production systems is not recommended though, you should consider setting proper labels instead.

Optional

PrivateBin supports MySQL storage in place of the default file-based storage model. To implement MySQL storage, follow the steps below.

Installing MariaDB

yum install -y mariadb-server mariadb 

systemctl enable --now mariadb.service

Secure your MySQL installation with this command:

mysql_secure_installation

Answer the questions as follows:

Enter current password for root (enter for none): Enter
Set root password? [Y/n]: Y
New password: <your-password>
Re-enter new password: <your-password>
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]: Y
Reload privilege tables now? [Y/n]: Y

Make sure you use a strong password.

Configuring MariaDB

Create a database and user for PrivateBin:

mysql -u root -p

MariaDB [(none)]> CREATE DATABASE privatebin DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
MariaDB [(none)]> CREATE USER 'privatebin'@'localhost' IDENTIFIED BY 'newpassword';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON privatebin.* TO 'privatebin'@'localhost';
MariaDB [(none)]> exit;

Make sure you replace newpassword with a secure password. It should be different from the password you chose for the MariaDB root user.

Changing Storage Mode

First, copy the default configuration file for editing:

cd /var/www/html/PrivateBin/cfg
cp conf.sample.php conf.php

Using a text editor of your choice, open the file conf.php. Find the following segment:

[model]
; name of data model class to load and directory for storage
; the default model "Filesystem" stores everything in the filesystem
class = Filesystem
[model_options]
dir = PATH "data"

;[model]
; example of DB configuration for MySQL
;class = Database
;[model_options]
;dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8"
;tbl = "privatebin_"    ; table prefix
;usr = "privatebin"
;pwd = "Z3r0P4ss"
;opt[12] = true      ; PDO::ATTR_PERSISTENT

And replace it with:

; [model]
; name of data model class to load and directory for storage
; the default model "Filesystem" stores everything in the filesystem
; class = Filesystem
; [model_options]
; dir = PATH "data"

[model]
class = Database
[model_options]
dsn = "mysql:host=localhost;dbname=privatebin;charset=UTF8"
tbl = "privatebin_"    ; table prefix
usr = "privatebin"
pwd = "newpassword"
opt[12] = true      ; PDO::ATTR_PERSISTENT

Again, make sure you replace newpassword with the password chosen during user creation in the MySQL console, then save and exit.

Finally, restart apache:

systemctl restart httpd.service
Posted in LinuxTagged centosLeave a comment

Recent Posts

  • CVE-2021-42052 full disclosure
  • How to Set Up an Interactive SSH Honeypot on CentOS 8.
  • HackTheBox.eu Jarvis Writeup
  • How to setup a simple proxy server with tinyproxy (Debian 10 Buster)
  • How to Install qdPM 9.1 on Debian 10 LEMP

Tags

802.11 ampache apache aspx bash cd centos cms crm cve debian exploits fedora fulldisclosure hackthebox honeypot http httpd ifconfig iw iwconfig labs lfi linux mariadb memory monit music nginx pastebin php privatebin privesc project management proxy reconnoitre selinux shopt ssh systemd txpower ubuntu wallabag wireless xxe

Categories

  • BASH (1)
  • CTF/Labs (2)
  • CVE / full disclosure (1)
  • Information Gathering (1)
  • Linux (25)
  • Password Cracking (1)
  • Privilege Escalation (2)
  • SQL Injection (1)
  • Web-Shells (1)
  • Wifi (2)
  • XXE (1)

Recent Comments

  • Bernard Martiny on How to Install PrivateBin on Ubuntu 18.04 LTS
  • VuCSA on List of security labs/challenges/CTFs
  • Brian on How to Install PrivateBin on Fedora 29.
  • Tyreeb on Installing Ampache on CentOS 7.
  • Christian Mora on Installing Ampache on CentOS 7.