Difference between revisions of "Install Seon on SLES11"

From Seon
Jump to: navigation, search
(Change PHP configuration)
(Securing distribution)
Line 73: Line 73:
 
== Securing distribution ==
 
== Securing distribution ==
 
The permissions, which have been changed above, can be reverted to increase security:
 
The permissions, which have been changed above, can be reverted to increase security:
  chgrp root /etc
+
  root$ chgrp root /etc
  chmod 755 /etc
+
  root$ chmod 755 /etc
  
 
Optionally, change the permissions of the Apache logs directory:
 
Optionally, change the permissions of the Apache logs directory:
  chgrp root /var/log/apache2/
+
  root$ chgrp root /var/log/apache2/
  
 
== PAM authentification ==
 
== PAM authentification ==

Revision as of 10:18, 21 April 2015

Assumptions

  • Your installation directory for Seon is
/opt/seon
  • The web interfaces will be installed in the default document root directory of Apache:
/srv/www/htdocs
  • The user running the installation is not "root", but "seon" with limited permissions
  • Firewalls and other security measurements are disabled or not installed. (If they are enabled, you have to change them on your own).

Add repository

For PHP functionality (network socket and Posix support) you need to add a new repository:

root$ zypper addrepo http://download.opensuse.org/repositories/server:/php/SLE_11/ PHP_SLE11

Install requried packages

Install all needed software (based on a minimal installation, many of these packages may already be installed):

root$ zypper install apache2-mod_php5 php-bz2 php-mysql php-xmlreader php-xsl php-zip php-zlib \
php5-sockets php5-posix mysql vim iputils zip samba-winbind yast2-kerberos-client glibc-locale glibc-i18ndata libxslt

Accept repository key (english)

After having added the new repository (see above), you will have to accept its key permanently (with selection "a" for "always"):

New repository or package signing key received:
Key ID: 6FBE9844DDCD7F1A
Key Name: server:php OBS Project <server:php@build.opensuse.org>
Key Fingerprint: A7775E2A3428A096CB5050606FBE9844DDCD7F1A
Key Created: Sat Mar  2 06:17:15 2013
Key Expires: Mon May 11 07:17:15 2015 (expires in 19 days)
Repository: PHP_SLE11

Do you want to reject the key, trust temporarily, or trust always? [r/t/a/?] (r): a

Accept repository key (german)

After having added the new repository (see above), you will have to accept its key permanently (with selection "i" for "immer"):

Neuen Signierungsschlüssel für Repository oder Paket erhalten:
Schlüssel-ID: 6FBE9844DDCD7F1A
Schlüsselname: server:php OBS Project <server:php@build.opensuse.org>
Schlüsselfingerabdruck: A7775E2A3428A096CB5050606FBE9844DDCD7F1A
Schlüssel erstellt: Sa 02 Mär 2013 06:17:15 CET
Schlüssel läuft ab: Mo 11 Mai 2015 07:17:15 CEST (expires in 19 days)
Repository: PHP_SLE11

Wollen Sie den Schlüssel (a)bweisen, ihm (t)emporär oder (i)mmer vertrauen? [a/t/i/?] (a): i

Change PHP configuration

Edit the file as root:

/etc/php5/apache2/php.ini

Change the following configuration values to these values:

upload_max_filesize = 128M
post_max_size = 128M

Start services

For the installation, you need Apache and MySQL up and running:

service apache2 start
service mysql start

Change the distribution

chown seon /srv/www/htdocs/
mkdir /opt/seon
chown seon /opt/seon
chgrp users /etc
chmod g+w /etc
chgrp users /var/log/apache2/

Running the installation script

Download and run the shell installer for Seon:

cd /tmp
wget http://www.seon.de/fileadmin/downloads/seon3_full_pe_Linux-x86-64-MySQL.sh
sh ./seon3_full_pe_Linux-x86-64-MySQL.sh

Answer all question according to your needs (possible changed, see above)

Securing distribution

The permissions, which have been changed above, can be reverted to increase security:

root$ chgrp root /etc
root$ chmod 755 /etc

Optionally, change the permissions of the Apache logs directory:

root$ chgrp root /var/log/apache2/

PAM authentification

If your Seon Webaccess users need PAM authentification (i.e. Microsoft Active Directory), then you need to:

  • change permissions of the binary:
/opt/seon/bin/seonclientd

Commands (executed as root):

chown root opt/seon/bin/seonclientd
chmod +s opt/seon/bin/seonclientd