Difference between revisions of "Install Seon on SLES11"
(→PAM authentification) |
|||
(12 intermediate revisions by the same user not shown) | |||
Line 9: | Line 9: | ||
== Add repository == | == Add repository == | ||
For PHP functionality (network socket and Posix support) you need to add a new repository: | For PHP functionality (network socket and Posix support) you need to add a new repository: | ||
− | zypper addrepo http://download.opensuse.org/repositories/server:/php/SLE_11/ PHP_SLE11 | + | root$ zypper addrepo http://download.opensuse.org/repositories/server:/php/SLE_11/ PHP_SLE11 |
== Install requried packages == | == Install requried packages == | ||
Install all needed software (based on a minimal installation, many of these packages may already be installed): | Install all needed software (based on a minimal installation, many of these packages may already be installed): | ||
− | zypper install apache2-mod_php5 php-bz2 php-mysql php-xmlreader php-xsl php-zip php-zlib \ | + | root$ zypper install apache2-mod_php5 php-bz2 php-mysql php-xmlreader php-xsl php-zip php-zlib \ |
php5-sockets php5-posix mysql vim iputils zip samba-winbind yast2-kerberos-client glibc-locale glibc-i18ndata libxslt | php5-sockets php5-posix mysql vim iputils zip samba-winbind yast2-kerberos-client glibc-locale glibc-i18ndata libxslt | ||
− | === Accept repository key === | + | === Accept repository key (english) === |
− | After having added the new repository (see above), you will have to accept its key permanently (with selection "<code>a</code>"): | + | After having added the new repository (see above), you will have to accept its key permanently (with selection "<code>a</code>" for "''always''"): |
<pre> | <pre> | ||
New repository or package signing key received: | New repository or package signing key received: | ||
Line 28: | Line 28: | ||
Do you want to reject the key, trust temporarily, or trust always? [r/t/a/?] (r): a | Do you want to reject the key, trust temporarily, or trust always? [r/t/a/?] (r): a | ||
+ | </pre> | ||
+ | |||
+ | === Accept repository key (german) === | ||
+ | After having added the new repository (see above), you will have to accept its key permanently (with selection "<code>i</code>" for "''immer''"): | ||
+ | <pre> | ||
+ | Neuen Signierungsschlüssel für Repository oder Paket erhalten: | ||
+ | Schlüssel-ID: 6FBE9844DDCD7F1A | ||
+ | Schlüsselname: server:php OBS Project <server:php@build.opensuse.org> | ||
+ | Schlüsselfingerabdruck: A7775E2A3428A096CB5050606FBE9844DDCD7F1A | ||
+ | Schlüssel erstellt: Sa 02 Mär 2013 06:17:15 CET | ||
+ | Schlüssel läuft ab: Mo 11 Mai 2015 07:17:15 CEST (expires in 19 days) | ||
+ | Repository: PHP_SLE11 | ||
+ | |||
+ | Wollen Sie den Schlüssel (a)bweisen, ihm (t)emporär oder (i)mmer vertrauen? [a/t/i/?] (a): i | ||
</pre> | </pre> | ||
== Change PHP configuration == | == Change PHP configuration == | ||
− | Edit the file as root | + | Edit the file as root: |
/etc/php5/apache2/php.ini | /etc/php5/apache2/php.ini | ||
Change the following configuration values to these values: | Change the following configuration values to these values: | ||
Line 39: | Line 53: | ||
== Start services == | == Start services == | ||
For the installation, you need Apache and MySQL up and running: | For the installation, you need Apache and MySQL up and running: | ||
− | service apache2 start | + | root$ service apache2 start |
− | service mysql start | + | root$ service mysql start |
== Change the distribution == | == Change the distribution == | ||
− | chown seon /srv/www/htdocs/ | + | root$ chown seon /srv/www/htdocs/ |
− | mkdir /opt/seon | + | root$ mkdir /opt/seon |
− | chown seon /opt/seon | + | root$ chown seon /opt/seon |
− | chgrp users /etc | + | root$ chgrp users /etc |
− | chmod g+w /etc | + | root$ chmod g+w /etc |
− | chgrp users /var/log/apache2/ | + | root$ chgrp users /var/log/apache2/ |
== Running the installation script == | == Running the installation script == | ||
Download and run the shell installer for Seon: | Download and run the shell installer for Seon: | ||
− | cd /tmp | + | seon$ cd /tmp |
− | wget http://www.seon.de/fileadmin/downloads/seon3_full_pe_Linux-x86-64-MySQL.sh | + | seon$ wget http://www.seon.de/fileadmin/downloads/seon3_full_pe_Linux-x86-64-MySQL.sh |
− | sh ./seon3_full_pe_Linux-x86-64-MySQL.sh | + | seon$ sh ./seon3_full_pe_Linux-x86-64-MySQL.sh |
− | Answer all question according to your needs (possible changed, see above) | + | Answer all question according to your needs (possible changed, see above), the defaults should match your environment if the default is used. |
+ | |||
+ | == Securing distribution == | ||
+ | The permissions, which have been changed above, can be reverted to increase security: | ||
+ | root$ chgrp root /etc | ||
+ | root$ chmod 755 /etc | ||
+ | |||
+ | Optionally, change the permissions of the Apache logs directory: | ||
+ | root$ chgrp root /var/log/apache2/ | ||
+ | |||
+ | == PAM authentification == | ||
+ | If your Seon Webaccess users need PAM authentification (i.e. Microsoft Active Directory), then you need to: | ||
+ | *change permissions of the binary: | ||
+ | /opt/seon/bin/seonclientd | ||
+ | Commands (executed as root): | ||
+ | root$ chown root /opt/seon/bin/seonclientd | ||
+ | root$ chmod +s /opt/seon/bin/seonclientd | ||
+ | *Configure PAM authentification support, as indicated here: [[PAM configuration for Windows Active Directory]] |
Latest revision as of 11:11, 21 April 2015
Contents
Assumptions
- Your installation directory for Seon is
/opt/seon
- The web interfaces will be installed in the default document root directory of Apache:
/srv/www/htdocs
- The user running the installation is not "
root
", but "seon
" with limited permissions - Firewalls and other security measurements are disabled or not installed. (If they are enabled, you have to change them on your own).
Add repository
For PHP functionality (network socket and Posix support) you need to add a new repository:
root$ zypper addrepo http://download.opensuse.org/repositories/server:/php/SLE_11/ PHP_SLE11
Install requried packages
Install all needed software (based on a minimal installation, many of these packages may already be installed):
root$ zypper install apache2-mod_php5 php-bz2 php-mysql php-xmlreader php-xsl php-zip php-zlib \ php5-sockets php5-posix mysql vim iputils zip samba-winbind yast2-kerberos-client glibc-locale glibc-i18ndata libxslt
Accept repository key (english)
After having added the new repository (see above), you will have to accept its key permanently (with selection "a
" for "always"):
New repository or package signing key received: Key ID: 6FBE9844DDCD7F1A Key Name: server:php OBS Project <server:php@build.opensuse.org> Key Fingerprint: A7775E2A3428A096CB5050606FBE9844DDCD7F1A Key Created: Sat Mar 2 06:17:15 2013 Key Expires: Mon May 11 07:17:15 2015 (expires in 19 days) Repository: PHP_SLE11 Do you want to reject the key, trust temporarily, or trust always? [r/t/a/?] (r): a
Accept repository key (german)
After having added the new repository (see above), you will have to accept its key permanently (with selection "i
" for "immer"):
Neuen Signierungsschlüssel für Repository oder Paket erhalten: Schlüssel-ID: 6FBE9844DDCD7F1A Schlüsselname: server:php OBS Project <server:php@build.opensuse.org> Schlüsselfingerabdruck: A7775E2A3428A096CB5050606FBE9844DDCD7F1A Schlüssel erstellt: Sa 02 Mär 2013 06:17:15 CET Schlüssel läuft ab: Mo 11 Mai 2015 07:17:15 CEST (expires in 19 days) Repository: PHP_SLE11 Wollen Sie den Schlüssel (a)bweisen, ihm (t)emporär oder (i)mmer vertrauen? [a/t/i/?] (a): i
Change PHP configuration
Edit the file as root:
/etc/php5/apache2/php.ini
Change the following configuration values to these values:
upload_max_filesize = 128M post_max_size = 128M
Start services
For the installation, you need Apache and MySQL up and running:
root$ service apache2 start root$ service mysql start
Change the distribution
root$ chown seon /srv/www/htdocs/ root$ mkdir /opt/seon root$ chown seon /opt/seon root$ chgrp users /etc root$ chmod g+w /etc root$ chgrp users /var/log/apache2/
Running the installation script
Download and run the shell installer for Seon:
seon$ cd /tmp seon$ wget http://www.seon.de/fileadmin/downloads/seon3_full_pe_Linux-x86-64-MySQL.sh seon$ sh ./seon3_full_pe_Linux-x86-64-MySQL.sh
Answer all question according to your needs (possible changed, see above), the defaults should match your environment if the default is used.
Securing distribution
The permissions, which have been changed above, can be reverted to increase security:
root$ chgrp root /etc root$ chmod 755 /etc
Optionally, change the permissions of the Apache logs directory:
root$ chgrp root /var/log/apache2/
PAM authentification
If your Seon Webaccess users need PAM authentification (i.e. Microsoft Active Directory), then you need to:
- change permissions of the binary:
/opt/seon/bin/seonclientd
Commands (executed as root):
root$ chown root /opt/seon/bin/seonclientd root$ chmod +s /opt/seon/bin/seonclientd
- Configure PAM authentification support, as indicated here: PAM configuration for Windows Active Directory