OsTicket/Installing
From r00tedvw.com wiki
(Difference between revisions)
Line 18: | Line 18: | ||
<nowiki>~$ mysql -u root -p</nowiki> | <nowiki>~$ mysql -u root -p</nowiki> | ||
==Install Dependencies== | ==Install Dependencies== | ||
− | <nowiki>~$ sudo yum install php-mysql php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-mcrypt -y </nowiki> | + | <nowiki>~$ sudo yum install php-mysql php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-mcrypt php-imap -y </nowiki> |
==Download, Extract, and Configure osTicket== | ==Download, Extract, and Configure osTicket== | ||
<nowiki>~$ sudo mkdir -p /opt/osticket | <nowiki>~$ sudo mkdir -p /opt/osticket |
Revision as of 04:08, 25 February 2017
Contents |
Update
~$ sudo yum update -y
Install EPEL repo
~$ sudo yum install epel-release
Install LAMP
~$ sudo yum install httpd openssl mod_ssl php mariadb mariadb-server mysql -y
Secure MariaDB
~$ sudo systemctl start mariadb.service ~$ sudo systemctl enable mariadb.service ~$ sudo mysql_secure_installation Enter current password for root (enter for none): Set root password? [Y/n] y Remove anonymous users? [Y/n] y Disallow root login remotely? [Y/n] y Remove test database and access to it? [Y/n] y Reload privilege tables now? [Y/n] y
Test MariaDB password
~$ mysql -u root -p
Install Dependencies
~$ sudo yum install php-mysql php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-mcrypt php-imap -y
Download, Extract, and Configure osTicket
~$ sudo mkdir -p /opt/osticket ~$ sudo wget -P /tmp/ http://osticket.com/sites/default/files/download/osTicket-v1.9.12.zip ~$ sudo unzip -d /opt/osticket /tmp/osTicket-v1.9.12.zip ~$ sudo ln -s /opt/osticket/upload /var/www/html/support ~$ sudo chown apache: -R /var/www/html/support /opt/osticket ~$ sudo cp /var/www/html/support/include/ost-sampleconfig.php /var/www/html/support/include/ost-config.php
Configure MariaDB
~$ sudo mysql -u root -p MariaDB> create database osticketdb; MariaDB> CREATE USER 'osticketuser'@'localhost' IDENTIFIED BY 'password'; MariaDB> GRANT ALL ON osticketdb.* TO 'osticketuser'@'localhost'; flush privileges; exit;
Doublecheck database & user creation, permissions and password
~$ sudo mysql -u root -p MariaDB> SHOW DATABASES; osticketdb MariaDB> SELECT User,Host FROM mysql.user; osticketuser | localhost MariaDB> SHOW GRANTS FOR 'osticketuser'@'localhost'; GRANT ALL PRIVILEGES ON `osticketdb`.* TO 'osticketuser'@'localhost' MariaDB> exit; ~$ sudo mysql -u osticketuser -p
Configure Apache
start and set to start on boot
~$ sudo systemctl start httpd.service ~$ sudo systemctl enable httpd.service
Create file vhosts.conf
and insert configuration line
~$ sudo vi /etc/httpd/conf.d/vhosts.conf IncludeOptional vhosts.d/*.conf
Create Virtual Host
~$ sudo mkdir /etc/httpd/vhosts.d/ ~$ vi /etc/httpd/vhosts.d/support.yourdomain.com.conf <VirtualHost *:80> ServerAdmin [email protected] DocumentRoot "/var/www/html/support/" ServerName support.yourdomain.com ServerAlias www.support.yourdomain.com ErrorLog "/var/log/httpd/yourdomain.com-error_log" CustomLog "/var/log/httpd/yourdomain.com-access_log" combined <Directory "/var/www/html/support/"> DirectoryIndex index.html index.php Options FollowSymLinks AllowOverride All Require all granted </Directory> </VirtualHost>
Restart Apache
~$ sudo systemctl restart httpd.service
Disable SELinux
~$ sudo vi /etc/selinux/config change SELinux=enforcing to SELinux=disabled ~$ sudo reboot
check status
~$ sestatus SELinux status: disabled
Disable firewalld replace with iptables
~$ sudo systemctl mask firewalld ~$ sudo systemctl stop firewalld ~$ sudo yum -y install iptables-services ~$ sudo systemctl enable iptables ~$ sudo systemctl start iptables
Configure iptables
There are some defaults that should be removed and changed. Using a rule at the bottom of the chain to prohibit traffic instead of changing the default policy of the chain seems silly to me.
~$ sudo iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited ~$ sudo iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited ~$ sudo iptables -A INPUT -s 10.0.0.0/8 -p tcp --dport 22 -j ACCEPT -m comment --comment "ssh-limit internal" ~$ sudo iptables -D INPUT -s 0.0.0.0/0 -p tcp -m state --state NEW --dport 22 -j ACCEPT ~$ sudo iptables -A INPUT -s 10.0.0.0/8 -p tcp -m multiport --dports 80,443 -j ACCEPT -m comment --comment "http/s-limit internal" ~$ sudo iptables -P INPUT DROP ~$ sudo iptables -P FORWARD DROP ~$ sudo service iptables save