Skip to content

NXNJZ

Linux and Security

  • BLOG
  • Cowsay Fortune
  • Contact
  • Gitlab
  • Company Homepage

Tag: httpd

How to Install qdPM 9.1 on CentOS 7.

Posted on September 24, 2019 - October 3, 2019 by nxnjz

Introduction

qdPM is a free and open-source web application for project management. It is designed for small teams working on multiple projects and allows easy management of tasks and roles. qdPM is fully configurable and features a customer-facing ticket system that is integrated into task management. This guide will walk you through the complete installation and configuration of qdPM 9.1 on CentOS 7 with SELinux in enforcing mode.

Requirements

  • A fresh CentOS 7 system.
  • Root access to your server.
  • Optionally, a domain name with an A record pointing to your IP address (required for HTTPS.)

NOTE: pm.example.com should be replaced with the public IP address or domain name of your server.

Installation

Step 1: Installing PHP, Apache and MariaDB.

qdPM requires a web server with PHP processing and a MySQL database. We will install and setup Apache and MariaDB to fulfill those requirements.

Update your system and software:

yum update -y
reboot

After the reboot, login again to install Apache, PHP, MariaDB, and other packages:

yum install -y httpd php php-common php-pdo php-mysql php-xml mariadb-server unzip wget

And make sure the Apache and MariaDB services are enabled and running:

systemctl enable --now httpd.service mariadb.service

If SELinux is enforcing (check with getenforce), install the corresponding management utilities:

yum install -y policycoreutils-python

Step 2: Database Setup.

We’ll create a database and a corresponding user dedicated to qdPM. But first, secure your MySQL installation with the following script:

mysql_secure_installation

During the process, answer questions as shown below:

Enter current password for root (enter for none): Press :key_enter:
Set root password? [Y/n]: y
New password: <your-secure-password>
Re-enter new password: <your-secure-password>
Remove anonymous users? [Y/n]: y
Disallow root login remotely? [Y/n]: y
Remove test database and access to it? [Y/n]: y
Reload privilege tables now? [Y/n]: y

Now let’s setup the database and user:

mysql -u root -p

Enter the MariaDB root password you set earlier to log in. In the MySQL cli, use the following commands to create a database and user:

CREATE DATABASE qdpm_db default charset utf8;
CREATE USER 'qdpm_user'@'localhost' IDENTIFIED BY 'StrongPasswordHere';
GRANT ALL PRIVILEGES ON qdpm_db.* TO 'qdpm_user'@'localhost';
EXIT;

Step 3: Download qdPM.

Use the following command to download qdPM 9.1:

wget https://netix.dl.sourceforge.net/project/qdpm/qdPM_9.1.zip

Unzip to the webroot:

unzip -d /var/www/html/qdpm qdPM_9.1.zip
rm qdPM_9.1.zip

And give ownership of the qdpm directory to the Apache user:

chown -R apache:apache /var/www/html/qdpm

Step 4: HTTPD configuration.

We’ll now configure Apache. Create a virtual host file in /etc/httpd/conf.d/ with a text editor of your choice. For example:

nano /etc/httpd/conf.d/qdpm80.conf

Add the following lines (while replacing pm.example.com with your own domain name or IP address).

<VirtualHost *:80>

 DocumentRoot /var/www/html/qdpm
 ServerName pm.example.com

 <Directory /var/www/html/qdpm>
   Options FollowSymLinks
   AllowOverride All
 </Directory>

 ErrorLog /var/log/httpd/qdpm-error.log
 CustomLog /var/log/httpd/qdpm-access.log common

</VirtualHost>

Reload the httpd service to apply the new configuration:

systemctl reload httpd.service

And enable traffic to port 80:

 firewall-cmd --add-service http --permanent
 firewall-cmd --reload

Your qdPM instance should be accessible at http://pm.example.com/. Proceed to step 5 if you want to configure HTTPS, or skip to step 6 to finalize the installation process.

Step 5a: HTTPS configuration (Optional, highly recommended).

Please note that this step will not work with an IP address, a domain name is required. Start by installing certbot and the SSL module for Apache, followed by obtaining an SSL certificate for your domain name from Let’s Encrypt, using the certbot tool:

yum install -y certbot mod_ssl
certbot certonly --webroot --agree-tos -m youremail@domain.tld -d pm.example.com

You’ll be prompted to input the webroot location for your domain, enter /var/www/html/qdpm. Certbot will verify ownership of your domain and will issue an SSL certificate which we will use to setup HTTPS. Next, create another virtual host file:

nano /etc/httpd/conf.d/qdpm443.conf

And add these lines:

<VirtualHost *:443>

  DocumentRoot /var/www/html/qdpm
  ServerName pm.example.com

  SSLEngine on
  SSLCertificateFile /etc/letsencrypt/live/pm.example.com/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/pm.example.com/privkey.pem
  SSLProtocol all -SSLv2 -SSLv3
  SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
  SSLHonorCipherOrder on
  SSLCompression off
  SSLOptions +StrictRequire

  <Directory /var/www/html/qdpm>
    Options FollowSymLinks
    AllowOverride All
  </Directory>

  ErrorLog /var/log/httpd/qdpm-error.log
  CustomLog /var/log/httpd/qdpm-access.log common

</VirtualHost>

Reload the Apache service:

systemctl reload httpd.service

And allow HTTPS traffic through the firewall:

 firewall-cmd --add-service https --permanent
 firewall-cmd --reload

Step 5b: HTTP to HTTPS redirection

If you’d like to redirect all incoming HTTP traffic to HTTPS, open /etc/httpd/conf.d/qdpm80.conf in a text editor and add the following lines after the ServerName directive:

RewriteEngine on
RewriteCond %{SERVER_NAME} =pm.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

And reload the Apache service once again:

systemctl reload httpd.service

Step 6: SELinux

If SELinux is permissive/disabled and you do not intend on enabling it later, you can skip this step.

qdPM requires write access to the core directory. To allow this access, set the “httpd_sys_rw_content_t” context on core and its children:

semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/qdpm/core(/.*)?"
restorecon -Rv /var/www/html/qdpm/

Step 7: Web Installer

Navigate to http://pm.example.com/ or https://pm.example.com/. You should get see the message Environment checked. No errors found. You can install qdPM.. Click Database Config and fill in the form as follows:

  • Database host: localhost
  • Database port: Leave blank.
  • Database name: qdpm_db
  • DB username: qdpm_user
  • DB password: Enter the password you chose during user creation in step 2.

Now click “Install Database” and enter your email and password to create the default administrator account.

Finally, wait for the web installer to finish, then login via SSH and remove the `install’ directory:

rm /var/www/html/qdpm/install/ -rf

Your qdPM installation is now complete.

Posted in LinuxTagged centos, httpd, linux, project management, selinux1 Comment

Recent Posts

  • CVE-2021-42052 full disclosure
  • How to Set Up an Interactive SSH Honeypot on CentOS 8.
  • HackTheBox.eu Jarvis Writeup
  • How to setup a simple proxy server with tinyproxy (Debian 10 Buster)
  • How to Install qdPM 9.1 on Debian 10 LEMP

Tags

802.11 ampache apache aspx bash cd centos cms crm cve debian exploits fedora fulldisclosure hackthebox honeypot http httpd ifconfig iw iwconfig labs lfi linux mariadb memory monit music nginx pastebin php privatebin privesc project management proxy reconnoitre selinux shopt ssh systemd txpower ubuntu wallabag wireless xxe

Categories

  • BASH (1)
  • CTF/Labs (2)
  • CVE / full disclosure (1)
  • Information Gathering (1)
  • Linux (25)
  • Password Cracking (1)
  • Privilege Escalation (2)
  • SQL Injection (1)
  • Web-Shells (1)
  • Wifi (2)
  • XXE (1)

Recent Comments

  • Bernard Martiny on How to Install PrivateBin on Ubuntu 18.04 LTS
  • VuCSA on List of security labs/challenges/CTFs
  • Brian on How to Install PrivateBin on Fedora 29.
  • Tyreeb on Installing Ampache on CentOS 7.
  • Christian Mora on Installing Ampache on CentOS 7.