OsTicket/Installing

From r00tedvw.com wiki
Jump to: navigation, search

Contents

Update

~$ sudo yum update -y

Install EPEL repo

~$ sudo yum install epel-release

Install LAMP

~$ sudo yum install httpd openssl mod_ssl php mariadb mariadb-server mysql -y 

Secure MariaDB

~$ sudo systemctl start mariadb.service
~$ sudo systemctl enable mariadb.service
~$ sudo mysql_secure_installation
Enter current password for root (enter for none):
Set root password? [Y/n] y
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y

Test MariaDB password

~$ mysql -u root -p

Install Dependencies

~$ sudo yum install php-mysql php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-mcrypt php-imap -y 

Download, Extract, and Configure osTicket

~$ sudo mkdir -p /opt/osticket
~$ sudo wget -P /tmp/ http://osticket.com/sites/default/files/download/osTicket-v1.9.12.zip
~$ sudo unzip -d /opt/osticket /tmp/osTicket-v1.9.12.zip
~$ sudo ln -s /opt/osticket/upload /var/www/html/support
~$ sudo chown apache: -R /var/www/html/support /opt/osticket
~$ sudo cp /var/www/html/support/include/ost-sampleconfig.php /var/www/html/support/include/ost-config.php
~$ sudo chmod 0666 /var/www/html/support/include/ost-config.php

Configure MariaDB

~$ sudo mysql -u root -p
MariaDB> create database osticketdb;
MariaDB> CREATE USER 'osticketuser'@'localhost' IDENTIFIED BY 'password';
MariaDB> GRANT ALL ON osticketdb.* TO 'osticketuser'@'localhost';
flush privileges;
exit;

Doublecheck database & user creation, permissions and password

~$ sudo mysql -u root -p
MariaDB> SHOW DATABASES;
osticketdb
MariaDB> SELECT User,Host FROM mysql.user;
osticketuser | localhost
MariaDB> SHOW GRANTS FOR 'osticketuser'@'localhost';
GRANT ALL PRIVILEGES ON `osticketdb`.* TO 'osticketuser'@'localhost'
MariaDB> exit;
~$ sudo mysql -u osticketuser -p

Configure Apache

start and set to start on boot

~$ sudo systemctl start httpd.service
~$ sudo systemctl enable httpd.service

Create file vhosts.conf and insert configuration line

~$ sudo vi /etc/httpd/conf.d/vhosts.conf
IncludeOptional vhosts.d/*.conf

Create Virtual Host

~$ sudo mkdir /etc/httpd/vhosts.d/
~$ vi /etc/httpd/vhosts.d/support.yourdomain.com.conf

<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot "/var/www/html/support/"
ServerName support.yourdomain.com
ServerAlias www.support.yourdomain.com
ErrorLog "/var/log/httpd/yourdomain.com-error_log"
CustomLog "/var/log/httpd/yourdomain.com-access_log" combined
 
<Directory "/var/www/html/support/">
DirectoryIndex index.html index.php
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>

Restart Apache

~$ sudo systemctl restart httpd.service

Disable SELinux

~$ sudo vi /etc/selinux/config
change SELinux=enforcing to SELinux=disabled

~$ sudo reboot

check status

~$ sestatus
SELinux status:                 disabled

Disable firewalld replace with iptables

~$ sudo systemctl mask firewalld
~$ sudo systemctl stop firewalld
~$ sudo yum -y install iptables-services
~$ sudo systemctl enable iptables
~$ sudo systemctl start iptables

Configure iptables

There are some defaults that should be removed and changed. Using a rule at the bottom of the chain to prohibit traffic instead of changing the default policy of the chain seems silly to me.

~$ sudo iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
~$ sudo iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited
~$ sudo iptables -A INPUT -s 10.0.0.0/8 -p tcp --dport 22 -j ACCEPT -m comment --comment "ssh-limit internal"
~$ sudo iptables -D INPUT -s 0.0.0.0/0 -p tcp -m state --state NEW --dport 22 -j ACCEPT
~$ sudo iptables -A INPUT -s 10.0.0.0/8 -p tcp -m multiport --dports 80,443 -j ACCEPT -m comment --comment "http/s-limit internal"
~$ sudo iptables -P INPUT DROP
~$ sudo iptables -P FORWARD DROP
~$ sudo service iptables save

Create A records

Create the necessary A record(s) for your setup. Make sure they have propagated and are resolvable.

Configure osTicket

Go to your osTicket instance, http://support.yourdomain.com
Make sure the default page shows everything found and available.
Go through the steps of configuring the site

  • Site Name
  • support email address
  • root user & password
  • database name, user, & password

Once completed, you'll get a Congratulations screen, go ahead and change file permissions of the config file to a secure setup.

~$ sudo chmod 644 /var/www/html/support/include/ost-config.php

Now you'll have a few options for links:

  • Main customer portal -- support.yourdomain.com
  • Admin portal -- support.yourdomain.com/scp/settings.php

FAQ

Before the Knowledgebase can be accessible, you must first create a category, then create a FAQ/article, and finally you can make it public.

Personal tools
Namespaces

Variants
Actions
Navigation
Mediawiki
Confluence
DevOps Tools
Ubuntu
Oracle Linux
AWS
Windows
OpenVPN
Grafana
Pivotal
osTicket
OTRS
phpBB
WordPress
VmWare ESXI 5.1
Crypto currencies
HTML
CSS
Python
Java Script
PHP
Raspberry Pi
Canvas LMS
Kaltura Media Server
MetaSploit
Zoneminder
Photoshop CS2
Fortinet
Uploaded
Certifications
General Info
Games
Meal Plans
NC Statutes
Toolbox