OsTicket/Installing

From r00tedvw.com wiki
(Difference between revisions)
Jump to: navigation, search
Line 26: Line 26:
 
~$ sudo chown apache: -R /var/www/html/support /opt/osticket
 
~$ sudo chown apache: -R /var/www/html/support /opt/osticket
 
~$ sudo cp /var/www/html/support/include/ost-sampleconfig.php /var/www/html/support/include/ost-config.php
 
~$ sudo cp /var/www/html/support/include/ost-sampleconfig.php /var/www/html/support/include/ost-config.php
 +
~$ sudo chmod 0666 /var/www/html/support/include/ost-config.php
 
</nowiki>
 
</nowiki>
 
==Configure MariaDB==
 
==Configure MariaDB==

Revision as of 05:06, 25 February 2017

Contents

Update

~$ sudo yum update -y

Install EPEL repo

~$ sudo yum install epel-release

Install LAMP

~$ sudo yum install httpd openssl mod_ssl php mariadb mariadb-server mysql -y 

Secure MariaDB

~$ sudo systemctl start mariadb.service
~$ sudo systemctl enable mariadb.service
~$ sudo mysql_secure_installation
Enter current password for root (enter for none):
Set root password? [Y/n] y
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y

Test MariaDB password

~$ mysql -u root -p

Install Dependencies

~$ sudo yum install php-mysql php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-mcrypt php-imap -y 

Download, Extract, and Configure osTicket

~$ sudo mkdir -p /opt/osticket
~$ sudo wget -P /tmp/ http://osticket.com/sites/default/files/download/osTicket-v1.9.12.zip
~$ sudo unzip -d /opt/osticket /tmp/osTicket-v1.9.12.zip
~$ sudo ln -s /opt/osticket/upload /var/www/html/support
~$ sudo chown apache: -R /var/www/html/support /opt/osticket
~$ sudo cp /var/www/html/support/include/ost-sampleconfig.php /var/www/html/support/include/ost-config.php
~$ sudo chmod 0666 /var/www/html/support/include/ost-config.php

Configure MariaDB

~$ sudo mysql -u root -p
MariaDB> create database osticketdb;
MariaDB> CREATE USER 'osticketuser'@'localhost' IDENTIFIED BY 'password';
MariaDB> GRANT ALL ON osticketdb.* TO 'osticketuser'@'localhost';
flush privileges;
exit;

Doublecheck database & user creation, permissions and password

~$ sudo mysql -u root -p
MariaDB> SHOW DATABASES;
osticketdb
MariaDB> SELECT User,Host FROM mysql.user;
osticketuser | localhost
MariaDB> SHOW GRANTS FOR 'osticketuser'@'localhost';
GRANT ALL PRIVILEGES ON `osticketdb`.* TO 'osticketuser'@'localhost'
MariaDB> exit;
~$ sudo mysql -u osticketuser -p

Configure Apache

start and set to start on boot

~$ sudo systemctl start httpd.service
~$ sudo systemctl enable httpd.service

Create file vhosts.conf and insert configuration line

~$ sudo vi /etc/httpd/conf.d/vhosts.conf
IncludeOptional vhosts.d/*.conf

Create Virtual Host

~$ sudo mkdir /etc/httpd/vhosts.d/
~$ vi /etc/httpd/vhosts.d/support.yourdomain.com.conf

<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot "/var/www/html/support/"
ServerName support.yourdomain.com
ServerAlias www.support.yourdomain.com
ErrorLog "/var/log/httpd/yourdomain.com-error_log"
CustomLog "/var/log/httpd/yourdomain.com-access_log" combined
 
<Directory "/var/www/html/support/">
DirectoryIndex index.html index.php
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>

Restart Apache

~$ sudo systemctl restart httpd.service

Disable SELinux

~$ sudo vi /etc/selinux/config
change SELinux=enforcing to SELinux=disabled

~$ sudo reboot

check status

~$ sestatus
SELinux status:                 disabled

Disable firewalld replace with iptables

~$ sudo systemctl mask firewalld
~$ sudo systemctl stop firewalld
~$ sudo yum -y install iptables-services
~$ sudo systemctl enable iptables
~$ sudo systemctl start iptables

Configure iptables

There are some defaults that should be removed and changed. Using a rule at the bottom of the chain to prohibit traffic instead of changing the default policy of the chain seems silly to me.

~$ sudo iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
~$ sudo iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited
~$ sudo iptables -A INPUT -s 10.0.0.0/8 -p tcp --dport 22 -j ACCEPT -m comment --comment "ssh-limit internal"
~$ sudo iptables -D INPUT -s 0.0.0.0/0 -p tcp -m state --state NEW --dport 22 -j ACCEPT
~$ sudo iptables -A INPUT -s 10.0.0.0/8 -p tcp -m multiport --dports 80,443 -j ACCEPT -m comment --comment "http/s-limit internal"
~$ sudo iptables -P INPUT DROP
~$ sudo iptables -P FORWARD DROP
~$ sudo service iptables save

Personal tools
Namespaces

Variants
Actions
Navigation
Mediawiki
Confluence
DevOps Tools
Open Source Products
Ubuntu
Ubuntu 22
Mac OSX
Oracle Linux
AWS
Windows
OpenVPN
Grafana
InfluxDB2
TrueNas
MagicMirror
OwnCloud
Pivotal
osTicket
OTRS
phpBB
WordPress
VmWare ESXI 5.1
Crypto currencies
HTML
CSS
Python
Java Script
PHP
Raspberry Pi
Canvas LMS
Kaltura Media Server
Plex Media Server
MetaSploit
Zoneminder
ShinobiCE
Photoshop CS2
Fortinet
Uploaded
Certifications
General Info
Games
Meal Plans
NC Statutes
Politics
Volkswagen
Covid
NCDMV
Toolbox