Installing phpBB on Fedora-Linux

needmoreneedmoreΔιαχείριση Δεδομένων

28 Νοε 2012 (πριν από 4 χρόνια και 8 μήνες)

256 εμφανίσεις

Installing phpBB on Fedora
-
Linux

Before installing phpBB the following need to be installed:



Apache HTTP Server



MYSQL database on Fedora



PostgreSQL 7.4.23database on Fedora (if you need to install postgreSQL)



PHP for Linux


Installing Apache HTTP Server

1.

Do
wnload the Apache HTTP server httpd
-
2.2.6.tar.bz2 from

http://httpd.apache.org/download.cgi

2.

After extracting the contents, from that folder do


$./configure
--
prefix=/usr/local/apache
--
enable
-
so

$make

$make install


Note: you must add
--
enable
-
so to get PHP working as a module later.

3.

Start the HTTP server:


$/usr/local/apache/bin/apachectl start



Now go to your browser and type
http://localhost
.The apache test page

should load.



Installing MYSQL Database

1.

Install mysql
and mysql
-
server

using the Add/Remove software tool in your linux
machine and also include the mysql development packages (named like

devel
--
) for
your installation.


Installing
PostgreSQL

Database

1.

S
ince phpBB2 only support PostgreSQL7.x as we

ll see on the installation page. We
chose to install PostgreSQL7.4.23.

2.

Go to
http://www.postgresql.org/ftp/binary/v7
.4.23/linux/rpms/fedora/fedora
-
9
-
i386/
.
Download and the following 4 rpm packages:

postgresql
-
libs
-
7.4.23
-
1PGDG.f9.i386.rpm

postgresql
-
7.4.23
-
1PGDG.f9.i386.rpm

postgresql
-
server
-
7.4.23
-
1PGDG.f9.i386.rpm

postgresql
-
devel
-
7.4.23
-
1PGDG.f9.i386.rpm


And insta
ll them

by issuing

(

Please follow the exact order
)
:

# rpm

ivh
postgresql
-
libs
-
7.4.23
-
1PGDG.f9.i386.rpm

# rpm

ivh

postgresql
-
7.4.23
-
1PGDG.f9.i386.rpm

# rpm

ivh

postgresql
-
server
-
7.4.23
-
1PGDG.f9.i386.rpm

# rpm

ivh

postgresql
-
devel
-
7.4.23
-
1PGDG.f9.i386.
rpm


Installing PHP

1.

Download PHP
-
5.2.4.tar.bz2 from
http://www.php.net/downloads.php

2.

Extract the file and from that folder (cd php
-
5.2.4) do:

$./configure
\


--
with
-
apxs2=/"PATH_TO_apxs"/apxs
\


--
with
-
mysql=
/"PATH_TO_mysql"


--
with
-
pgsql
=/"PATH_TO_
pgsql
"

Where,

“PATH_TO_apxs” is /usr/local/apache/bin

"PATH_TO_mysql" is
the path of header files of mysql. Normally it should be
/usr/include/mysql (use /usr/ if this doesn’t work).

"PATH_TO_
pgsql
"

is the path of

header files of pgsql. Normally it should be
/usr/include/pgsql. Ignore this option if you didn

t install postgreSQL.

3.

If the last line says something like libxml2 not found, install it from your package
manager.

(install libxml2 and li
b
xml2
-
devel)


4.

Do


$
make


$make install


5.

Now restart the apache server:


$/usr/local/apache/bin/apachectl stop

$/usr/local/apache/bin/apachectl start


In case you get an error with libphp.so in httpd.conf(line 53) use this command:


$chcon
-
t texrel_shlib_t /usr/local/apache
/modules/*.so



6.

To test if php works write a small application, test.php:






<HTML>



<HEAD>




<TITLE>PHP Test Page</TITLE>




</HEAD>


<BODY>


<?php phpinfo() ;?>


</BODY>


</HTML>



Place this code in
the ‘/usr/local/apache/htdocs’ folder which acts as a virtual directory


to host your web pages.



7.

If the php page doesn’t show up, stop the service and do,


cp
-
p .libs/libphp5.so /usr/local/apache/modules


cp
-
p php.ini
-
recommend
ed /usr/local/lib/php


Now, if the following lines are NOT present in /usr/local/apache/conf/httpd.conf, add
them.



DirectoryIndex index.php index.html


AddType application/x
-
httpd
-
php .php .php5


AddType application/x
-
httpd
-
php
-
source .phps




8.

Now poin
t your browser to
http://localhost/test.php
. You should see information
about your php installation.



Note: if the httpd says it’s already running, stop the httpd service.


Installing phpBB

1.

Download phpBB
-
2.0.22 fro
m
http://www.phpbb.com/downloads/


Not攺e
It has
to be phpBB2, newer version won

t work for this Lab.


2.

Extract the contents and move the whole folder to

‘/usr/local/apache/htdocs’

MYSQL Database Setup

1.

First start the mysql service

$/etc/init.d/mysqld start

2.

To enter into mysql prompt:

$mysql


u root

p

It will prompt you for the password given which you can enter the prompt.

(
MySQL
root user has no password initially
)


Once in the prompt do this:



mysql> use mysql;



mysql> delete from user where Host='%';



mysql> delete from user where Use
r='';



mysql> delete from db where Host='%';



mysql> update user set User='NewRootName',




-
> Password=password('NewPassword') where User='root';



mysql> flush privileges;




where ‘NewRootName’ and ‘NewPassword’ is your phpBB database

login account.


3.


Do,





mysql> show databases;



+
----------
+



| Database |



+
----------
+



| mysql |



| test |



+
----------
+



2 rows in set (0.00 sec)


mysql> use mysql;

Database changed



4.


Now, create your phpBB database.



my
sql> create database phpbb_db;



Grant access to the database for the user.






mysql> use phpbb_db;



Database changed

mysql> GRANT ALL PRIVILEGES ON phpbb_db.* to
phpbb_account@localhost





-
> IDENTIFIED BY 'this_password';



Query OK, 0 row
s affected (0.01 sec)



Where phpbb_account is your mysql username and ‘this password’ is the


corresponding password. Now the account has full access to the database.


Quit the application. Ensure that mysql and apache are running

before you start


phpBB.



PostgreSQL

Database Setup

1.

Start the postgreSQL server:

# service postgresql start

You might need to initialize the database if you are asked to. You can initialize the
database by:



#
initdb
--
pgdata=/var/lib/pgsql/d
ata

2.

After installation, a user

postgres


should be automatically
created in

both
PostgreSQL database and Linux.
M
ake sure you are currently logged in as root, and
issue:

# su postgres

$
creatdb phpbb_db

$

psql phpbb_db

Once in the postgreSQL prompt, do a
s following:

phpbb_db=> CREATE USER apache PASSWORD

apache

;

phpbb_db=> GRANT ALL ON DATABASE phpbb_db TO apache;

Thus, we created a user

apache


with the same password

apache


( this is just a
example, in real world you don

t want to setup a such simpl
e password). And we
granted all the privileges on the phpbb_db to this new user.

At last, quit the postgreSQL console.

phpbb_db=>
\
q

3.

Find the authentication configuration file for postgreSQL: pg_hba.conf. Normally it
should be under /var/lib/pgsql/data/.
I
f not, use


find / | grep pg_hba.conf


to
locate it.


Open the pg_hba.conf, comment
out

all of the content and add online:

local all all md5

Save the file and restart the postgreSQL server by:


# service postgresql restart





Configuring phpBB



1.

D
o a
http://yourip/phpBB2/install/install.php
.

2.

Follow the steps and do an install.

(you might need to do

chmod 777


to

files,cache,store
folders in /usr/local/apache/htdocs/phpBB2/

3.

After the install,

download the config file that it asks you to, and do

mv config.php /usr/local/apache/htdocs/phpBB2/

4.

For security reasons,do

rm
-
rf install contrib.

5.

You are now done with your phpBB installati
on. You can change settings by going to the
Administration panel at the bottom of the web page.


Introduce XSS vulnerability


Modify
/usr/local/apache/htdocs/phpBB2/
include
s
/function
s_post.php.


Find function

prepare_message


,

F
ind:

if ($html_on)

{

}


else

{

}


Comment
out

or delete the

if



else



, this way, your html tags in the posting message
will not be filtered. So you can use script in you post.


Save the change, and you are ready to go.