Skip to content

NXNJZ

Linux and Security

  • BLOG
  • Cowsay Fortune
  • Contact
  • Gitlab
  • Company Homepage

Tag: crm

How to Install SuiteCRM on Debian 10 Buster

Posted on September 23, 2019 - May 1, 2020 by nxnjz

SuiteCRM is a free and open source alternative to the popular customer relationship management system SugarCRM. It became popular when SugarCRM decided to stop development of its community edition, on which SuiteCRM is based. This guide will explain the installation of SuiteCRM on a Debian 10 system.

Prerequisites

  • A fresh Debian 10 system.
  • Root SSH or console access.
  • A domain name pointing to the server’s IP address.

NOTE: All occurences of crm.example.net should be replaced with your own domain name.

Step 1: update and install required software.

apt update 
apt upgrade -y

SuiteCRM is written in PHP, and can run on Apache2, so you will need to install the Apache web server, PHP itself, PHP modules, and MariaDB.

apt install -y apache2 mariadb-server mariadb-client php php-common php-zip php-mysql php-gd php-curl php-imap php-mbstring php-xml php-json libapache2-mod-php unzip libpcre3

Step 3: MariaDB setup.

Before creating a database, tighten your MariaDB security by running the mysql_secure_installation script:

mysql_secure_installation

Answer all of the questions as shown below and make sure you choose a strong password for the root user:

Enter current password for root: Press <enter>
Set root password? [Y/n] y
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y

Once the script exits, log into the MySQL shell with the following command:

mysql -u root -p

Enter your root password you chose earlier, then the following to create a database for SuiteCRM:

MariadDB [(none)]> CREATE DATABASE suitecrm;

Create a database user with the following command:
MariaDB [(none)]> CREATE USER 'suitecrm'@'localhost' IDENTIFIED BY 'StrongPasswordHere';

Grant privileges to the database:

MariaDB [(none)]> GRANT ALL PRIVILEGES ON suitecrm.* TO 'suitecrm'@'localhost';

Exit from the MySQL shell:

MariaDB [(none)]> \q

Step 4: Download SuiteCRM.

First, copy the download link for the latest stable version of SuiteCRM from their official download page, and download it as follows (use the latest URL instead):

wget -O suitecrm.zip https://suitecrm.com/files/162/SuiteCRM-7.11/448/SuiteCRM-7.11.6.zip
unzip suitecrm.zip
rm suitecrm.zip

Next, move the extracted directory to the web root:

mv SuiteCRM* /var/www/html/suitecrm

Next, set correct ownership and permissions:

cd /var/www/html/suitecrm
chown -R www-data:www-data .
chmod -R 755 .
chmod -R 775 cache custom modules themes data upload
chmod 775 config_override.php 2> /dev/null

Step 5: PHP configuration.

Using a text editor of your choice, open /etc/php/7.3/apache2/php.ini for editing and make changes according to the following values:

memory_limit = 256M
post_max_size = 64M
upload_max_filesize = 64M

Step 6: Configure Apache for SuiteCRM.

Create an Apache virtual host configuration file for SuiteCRM using a text editor of your choice. For example:

vim /etc/apache2/sites-available/suitecrm80.conf

Add the following lines:

<VirtualHost *:80>

 DocumentRoot /var/www/html/suitecrm
 ServerName crm.example.net

 <Directory /var/www/html/suitecrm>
    Options FollowSymLinks
    AllowOverride All
 </Directory>

 ErrorLog /var/log/apache2/suitecrm-error.log
 CustomLog /var/log/apache2/suitecrm-access.log common

</VirtualHost>

Then save and close the file. Disable the default site and enable the newly created one:

a2ensite suitecrm80.conf
a2dissite 000-default.conf

Finally, reload Apache:

systemctl reload apache2

Step 7: HTTPS configuration (optional, highly recommended)

Install certbot, which we will use to obtain a free SSL certificate:

apt install -y certbot

Temporarily stop the Apache service:

systemctl stop apache2.service

Obtain a certificate for your domain:

certbot certonly --standalone --agree-tos -m youremail@domain.tld -d crm.example.net

Restart Apache:

systemctl start apache2.service

To setup redirection from HTTP to HTTPS, open the file /etc/apache2/sites-available/suitecrm80.conf in a text editor and add the following lines before the closing virtual host tag (</VirtualHost>)

RewriteEngine on
RewriteCond %{SERVER_NAME} =crm.example.net
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

Then enable the apache rewrite and ssl modules:

a2enmod rewrite
a2enmod ssl

We’ll now create the necessary configuration for HTTPS, paste the following in /etc/apache2/sites-available/suitecrm443.conf:

<VirtualHost *:443> 

  DocumentRoot /var/www/html/suitecrm
  ServerName crm.example.net

  SSLEngine on
  SSLCertificateFile /etc/letsencrypt/live/crm.example.net/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/crm.example.net/privkey.pem
  SSLProtocol all -SSLv2 -SSLv3
  SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
  SSLHonorCipherOrder on
  SSLCompression off
  SSLOptions +StrictRequire

  <Directory /var/www/html/suitecrm>
    Options FollowSymLinks
    AllowOverride All
  </Directory>

  ErrorLog /var/log/apache2/suitecrm-error.log
  CustomLog /var/log/apache2/suitecrm-access.log common

</VirtualHost>

Then enable it and restart the apache service:

a2ensite suitecrm443.conf
systemctl restart apache2.service

Step 8: Web Installer

Open your web browser and navigate to crm.example.net/install.php to finalize the installation process. Follow the steps below:

1. You will first have to read and accept the license, terms and conditions, then click “Next”.

2. SuiteCRM will check your environment, make sure all tests show “OK” then proceed to the next step.

3. Fill in the form as shown below:

  • Specify Database Type: MySQL.
  • Database Name: suitecrm.
  • Host Name: localhost.
  • User: suitecrm.
  • Password: Enter the password you chose during MySQL user creation in step 3.
  • SuiteCRM Database User: Same as Admin User.
  • SuiteCRM Application Admin Name: Username of your choice.
  • SuiteCRM Admin User Password: Strong password of your choice.
  • URL of SuiteCRM Instance: http://crm.example.net or https://crm.example.net if you configured HTTPS.
  • Email Address: A valid email address for the site administrator.

Modify the remaining settings if needed.

Step 9: Crontab

We need to setup a cron job in order to run SuiteCRM schedulers, use this command:

crontab -e -u www-data

And add the following line to the bottom:

*    *    *    *    *     cd /var/www/html/suitecrm; php -f cron.php > /dev/null 2>&1

Your SuiteCRM installation is now complete.

Further Reading

  • SuiteCRM User Guide
  • Install VtigerCRM on Debian 10
Posted in LinuxTagged crm, debian, linux4 Comments

How to Install VtigerCRM on Debian 10 Buster

Posted on September 22, 2019 - September 23, 2019 by nxnjz

Vtiger CRM is a popular Customer Relationship Management web application which can help enterprises grow sales, deliver customer service, and increase profits. This article will guide you through the installation of Vtiger open source edition on a Debian 10 system with the Apache web server, MariaDB, and PHP.

Prerequisites

  • A newly deployed Debian 10 instance (4GB+ of memory recommended)
  • Root access to your server, via SSH or console.
  • A domain name pointing to your Vultr IP address. crm.example.net will be used as an example.

Installation

Step 1: Update the system.

First, update your system:

apt update
apt upgrade -y

Once that is done, reboot and login again:

reboot

Step 2: Setup a swap file (optional)

If your system has less than 4GB of memory, you can setup a virtual memory file to potentially improve performance. The following commands will create a 4GB swap file, instruct the system to use it as swap space, and create a corresponding entry in /etc/fstab for automatic mounting at boot.

dd if=/dev/zero of=/swapfile bs=1k count=4M
chmod 0600 /swapfile
mkswap /swapfile
swapon /swapfile
echo "/swapfile swap swap defaults 0 0" | tee -a /etc/fstab

Step 3: Install Apache, PHP and MariaDB.

Use the following command to install the needed packages and tools:

apt install -y apache2 libapache2-mod-php mariadb-server mariadb-client php-imap php-curl php-xml php php-common php-mysql unzip

Once the installation is complete, make sure that the Apache and MariaDB services are enabled and running:

systemctl enable --now apache2.service mariadb.service

Step 4: Configure PHP.

Using a text editor of your choice, open the file /etc/php/7.3/apache2/php.ini and make the following changes:

memory_limit = 512M
max_execution_time = 240
error_reporting = E_WARNING & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT
display_errors = On
log_errors = Off

Step 5: Setup MariaDB.

We’ll start by securing our MariaDB installation using the command:

mysql_secure_installation

Answer all of the questions as shown below and be sure to choose a strong password for the root user:

Enter current password for root: Press :key_enter:
Set root password? [Y/n] y
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y

We’ll now create a database and a MariaDB user, both of which will be dedicated to the Vtiger web application. Login to the MySQL CLI (mysql -u root -p) and use the following commands:

CREATE DATABASE vtigercrm;
CREATE USER 'vtigercrm'@'localhost' IDENTIFIED BY 'StrongPasswordHere';
GRANT ALL PRIVILEGES ON vtigercrm.* TO 'vtigercrm'@'localhost';
QUIT;

Next, open the file /etc/mysql/my.cnf in a text editor and add the following lines:

[mysqld]
sql_mode = ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION

Save the changes and restart MariaDB:

systemctl restart mariadb.service

Step 6: Download Vtiger CRM:

Go to the Vtiger download page and click “Download Open Source”, then copy the download link for the latest stable TAR.GZ version, and download it on your server:

cd /tmp
wget -O vtiger.tgz DOWNLOAD_LINK

For example:

wget -O vtiger.tgz https://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%207.1.0/Core%20Product/vtigercrm7.1.0.tar.gz/

Go back to the download page and copy the download link for any corresponding hotfix package, and download it as well:

wget -O hotfix.zip https://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%207.1.0/Core%20Product/Hotfixes/vtigercrm7.1.0-hotfix2.zip/download

Now unpack and move the directory to the web root:

tar -xzf vtiger.tgz
rm vtiger.tgz
mv vtigercrm/ /var/www/

Apply the hotfix:

unzip -o -f -d /var/www/vtigercrm hotfix.zip
rm hotfix.zip

Since write permissions are needed, we’ll give the apache process user ownership of the directory:

chown -R www-data:www-data /var/www/vtigercrm

Due do what appears to be a minor bug in the open source version of Vtiger, it will incorrectly report the PHP error_reporting directive as NOT RECOMMENDED. To resolve this, open the file /var/www/vtigercrm/modules/Install/views/Index.php in a text editor such as vim or nano, and find the following line (32):

version_compare(PHP_VERSION, '5.5.0') <= 0 ? error_reporting(E_ERROR & ~E_NOTICE & ~E_DEPRECATED) : error_reporting(E_ERROR & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT);

Replace it with:

version_compare(PHP_VERSION, '5.5.0') <= 0 ? error_reporting(E_ERROR & ~E_NOTICE & ~E_DEPRECATED) : error_reporting(~E_NOTICE & ~E_DEPRECATED & ~E_STRICT & E_WARNING);

Step 7: Apache configuration.

Before configuring Apache, let’s obtain an SSL certificate from “Let’s Encrypt” using certbot:

apt install -y certbot
certbot certonly --webroot --agree-tos -m youremail@domain.tld -d crm.example.net

When prompted to input the webroot for your domain, type in /var/www/html. Certbot will verify that you own your domain and that it correctly resolves to your server’s IP address before creating and saving your certificate and key file.

To keep things organized, create two configurations files for your VtigerCRM instance, vtigercrm80.conf and vtigercrm443.conf for HTTP and HTTPS, respectively. Both files should be created in /etc/apache2/sites-available.

nano /etc/apache2/sites-available/vtigercrm80.conf

And paste the following, which will instruct Apache to redirect all incoming HTTP requests to HTTPS :

<VirtualHost *:80>

  DocumentRoot /var/www/vtigercrm
  ServerName crm.example.net

  ErrorLog /var/log/apache2/vtigercrm-error.log
  CustomLog /var/log/apache2/vtigercrm-access.log common

  RewriteEngine on
  RewriteCond %{SERVER_NAME} =crm.example.net
  RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

</VirtualHost>

For the HTTPS version:

nano /etc/apache2/sites-available/vtigercrm443.conf

Below is a sensible configuration that you can tweak if you have more specific needs:

<VirtualHost *:443> 

  DocumentRoot /var/www/vtigercrm
  ServerName crm.example.net

  SSLEngine on
  SSLCertificateFile /etc/letsencrypt/live/crm.example.net/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/crm.example.net/privkey.pem
  SSLProtocol all -SSLv2 -SSLv3
  SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
  SSLHonorCipherOrder on
  SSLCompression off
  SSLOptions +StrictRequire

  <Directory /var/www/vtigercrm>
    Options FollowSymLinks
    AllowOverride All
  </Directory>

  ErrorLog /var/log/apache2/vtigercrm-error.log
  CustomLog /var/log/apache2/vtigercrm-access.log common

</VirtualHost>

Enable both virtual host files:

a2ensite vtigercrm80.conf
a2ensite vtigercrm443.conf

And enable the rewrite and SSL apache modules:

a2enmod rewrite
a2enmod ssl

Finally, restart the apache service to apply changes:

systemctl restart apache2.service

Step 8: Web Installation Wizard

Navigate to https://crm.example.net/, you’ll be greeted with the installation wizard. Click “Install” to begin, and follow these steps:

1. First, you’ll have to agree to the Vtiger Public License before proceeding.

2. The wizard will check your PHP configuration. All tests should pass if you followed this guide. Click “Next”

3. You’ll be asked to enter your database information:

  • Host Name: localhost
  • User Name: vtigercrm
  • Password: The password you chose during user creation in the MySQL console.
  • Database Name: vtigercrm
  • Create new database: Yes. (Check the checkbox. Even though we already create a database, this currently is required in order for the installer to create all tables.)
  • Root User Name: vtigercrm
  • Root Password: The password you chose during user (vtigercrm) creation in the MySQL console. Do not enter the password for the root user.

The system information and admin user information forms should be filled according to your requirements.

4. Confirm your configuration and proceed.

5. Specify your industry and click “Next”. The wizard will begin the setup process, which may take some time.

6. Select the features you’d like to enable. The installation process is now complete.

Further Reading

  • Vtiger Documentation
  • SuiteCRM Installation guide
Posted in LinuxTagged apache, crm, linux, mariadb, php2 Comments

Recent Posts

  • CVE-2021-42052 full disclosure
  • How to Set Up an Interactive SSH Honeypot on CentOS 8.
  • HackTheBox.eu Jarvis Writeup
  • How to setup a simple proxy server with tinyproxy (Debian 10 Buster)
  • How to Install qdPM 9.1 on Debian 10 LEMP

Tags

802.11 ampache apache aspx bash cd centos cms crm cve debian exploits fedora fulldisclosure hackthebox honeypot http httpd ifconfig iw iwconfig labs lfi linux mariadb memory monit music nginx pastebin php privatebin privesc project management proxy reconnoitre selinux shopt ssh systemd txpower ubuntu wallabag wireless xxe

Categories

  • BASH (1)
  • CTF/Labs (2)
  • CVE / full disclosure (1)
  • Information Gathering (1)
  • Linux (25)
  • Password Cracking (1)
  • Privilege Escalation (2)
  • SQL Injection (1)
  • Web-Shells (1)
  • Wifi (2)
  • XXE (1)

Recent Comments

  • Bernard Martiny on How to Install PrivateBin on Ubuntu 18.04 LTS
  • VuCSA on List of security labs/challenges/CTFs
  • Brian on How to Install PrivateBin on Fedora 29.
  • Tyreeb on Installing Ampache on CentOS 7.
  • Christian Mora on Installing Ampache on CentOS 7.