MAGENTO 2 INSTALLATION ON CENT OS 7 (APACHE,PHP5.6,MARIADB and PHPMYADMIN)

MAGENTO 2 INSTALLATION ON CENT OS 7 WITH APACHE,PHP5.6,MARIADB & PHPMYADMIN

STEP 1 : Apache installation

#yum -y  install httpd

# systemctl start httpd

# systemctl enable httpd

#firewall-cmd --zone=public --permanent --add-service=http

# firewall-cmd --zone=public --permanent --add-service=https

# firewall-cmd --reload

·         Changes made in /etc/httpd/conf/httpd.conf

Ø  ServerName <ipaddress or doman name>:80

Ø  Require all granted( within <Directory "/var/www"> )

Ø  Options Indexes FollowSymLinks Multiviews

#httpd -v

STEP 2: PHP Installation

#yum -y update

#yum -y install epel-release

#wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

#wget https://centos7.iuscommunity.org/ius-release.rpm

#rpm -Uvh ius-release*.rpm

#yum -y update

#yum -y install php56u php56u-opcache php56u-xml php56u-mcrypt php56u-gd php56u-devel php56u-mysql php56u-intl php56u-mbstring php56u-bcmath php56u-soap

·         Edit /etc/php.ini file

·         memory_limit=1024M

·         always_populate_raw_post_data = -1 (//ensure this value)

·         Make sure  asp_tags = off

#service httpd restart

STEP 3: PHPMyAdmin Installation (version 4.7.6)

# yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm

# yum --enablerepo=remi install phpMyAdmin

·         Edit /etc/httpd/conf.d/phpMyAdmin.conf

 Require all granted                                 [  under <IfModule mod_authz_core.c>  ]

·         edit /etc/phpMyAdmin/config.inc.php

 $cfg['Servers'][$i]['auth_type']     = 'http';    // Authentication method (config, http or cookie based)?

# systemctl restart  httpd.service

STEP 4: MARIADB INSTALLATION

Ø  To install MariaDB database, we need to add the following official MariaDB repository to file /etc/yum.repos.d/MariaDB.repo as shown.

[mariadb]

name = MariaDB

baseurl = http://yum.mariadb.org/10.1/centos7-amd64

gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB

gpgcheck=1

#yum -y install mariadb-server mariadb

#systemctl start mariadb

#systemctl enable mariadb

#mysql (it will give version)

#mysql_secure_installation

# mysql -u root -p

## Creating New User for Magento Database ##

mysql> CREATE USER magento@localhost IDENTIFIED BY "your_password_here";

## Create New Database ##

mysql> create database magento;

## Grant Privileges to Database ##

mysql> GRANT ALL ON magento.* TO magento@localhost;

## FLUSH privileges ##

mysql> FLUSH PRIVILEGES;

## Exit ##

mysql> exit

while having problems in accessing  or creating databases for root user do the following

cd /var/lib/

chown -R mysql:mysql ./mysql/                                  //give the ownership & group as mysql for mysql directory

STEP 5: Magento Installation

1.      Download the magento 2.0.17 compressed file

wget https://github.com/magento/magento2/archive/2.0.17.tar.gz

2.      Untar the file to web root directory

tar -xvzf magento2-2.0.17.tar.gz -C /var/www/html/

3.      cd /var/www/html/

4.      mv magento2-2.0.17/*  /var/www/html/

5.      curl -sS https://getcomposer.org/installer | sudo php  --install-dir=/usr/bin  --filename=composer

6.      composer install –v ( within /var/ww/html/) 

7.      sudo chown -R apache:apache /var/www/html/ 

8.      sudo chmod -R 775 /var/www/html/

9.      service httpd restart

10.  export PATH=$PATH:/var/www/html/bin    (for executing magento commands in any terminal)

STEP 6: Modifications/Permissions for Magento

The commands in this step should be run from your Magento installation directory (where you extracted the archive). If you are not still in that directory, navigate there before proceeding.

#find var vendor pub/static pub/media app/etc -type f -exec chmod g+w {} \;

#find var vendor pub/static pub/media app/etc -type d -exec chmod g+ws {} \;

#chmod u+x bin/magento

#chown -R apache:apache var/

#chown -R apache:apache pub/media/

# chown -R apache:apache pub/static/

#chown -R apache:apache app/etc/

#setenforce 0

#service httpd restart

STEP 7: Finishing Magento Installation

– Go to your Magento site: your_server_ip/, you should see a welcome screen. Click on Agree and Setup Magento to start.

– Magento will now check your machine to see if some requirements is met. Hit Next when done.

– Enter your database’s information. Hit Next when done.

– After that, Magento will prompt your to enter your site’s info. Hit Next when done

– Enter some more infos of location and language for your store. Hit Next when done

– Next, enter your new admin account’s info. Hit Next when done

– Hit Install Now to finish your setup.

Congratulations, you have successfully installed your Magento 2 store on your CentOS server.

How To Install And Setup ModSecurity with OWASP On CentOS 7

How To Install And Setup ModSecurity with OWASP On CentOS 7

ModSecurity is a web application firewall engine that provides very little protection on its own. In order to become useful, ModSecurity must be configured with rules. In order to enable users to take full advantage of ModSecurity out of the box, Trustwave’s SpiderLabs created the OWASP ModSecurity Core Rule Set (CRS) Project. Unlike intrusion detection and prevention systems, which rely on signatures specific to known vulnerabilities, the CRS provides generic protection from unknown vulnerabilities often found in web applications, which are in most cases custom coded.

Prerequisites

# yum -y update

# yum install gcc make httpd-devel libxml2 pcre-devel libxml2-devel curl-devel git

Installing mod_security

#cd /opt/

#wget https://www.modsecurity.org/tarball/2.9.1/modsecurity-2.9.1.tar.gz

#tar xzfv modsecurity-2.9.1.tar.gz

#cd modsecurity-2.9.1

#./configure

# make install

Configure mod_security

# cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf

# cp unicode.mapping /etc/httpd/conf.d/

Now we need to configure the Apache web server . Open the web server configuration file and add the following lines in it.

# vim /etc/httpd/conf/httpd.conf

LoadModule security2_module modules/mod_security2.so

LoadModule unique_id_module modules/mod_unique_id.so

Save the changes using ‘:wq!’ and restart Apache services.

# systemctl restart httpd.service

# systemctl status httpd.service

# systemctl enable httpd.service

Installing OWASP

Now we will install OWSAP CRS to be integrated with Apache’s ModSecurity. Use below commands to download and configure OWASP (Open Web Application Security Project) core rule set for a base configuration.

# cd /etc/httpd

# git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git

#mv owasp-modsecurity-crs modsecurity-crs

#cd modsecurity-crs

#cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_config.conf

Now once again open the Apache configuration file to add the following lines at the end.

LoadModule security2_module modules/mod_security2.so

LoadModule unique_id_module modules/mod_unique_id.so

So now you’ve installed Mod_Security and OWASP-CRS, it’s time to restart Apache service so the module can be loaded along with its rules.

# systemctl restart httpd.service

---------------------------------------------------------------------------------------

Enjoy some basic necessary protection on your Linux CentOS 7 Apache server. It gives you couple of other advantages like below.

Real-time Blacklist Lookups: utilizes 3rd Party IP Reputation
Web-based Malware Detection: identifies malicious web content by check against the Google Safe Browsing API.
Identification of Application Defects: alerts on application misconfigurations.
HTTP Denial of Service Protections: defense against HTTP Flooding and Slow HTTP DoS Attacks.
Tracking Sensitive Data: Tracks Credit Card usage and blocks leakages.
Trojan Protection: Detecting access to Trojans horses.
Integration with AV Scanning for File Uploads – detects malicious files uploaded through the web application.
Error Detection and Hiding: Disguising error messages sent by the server.
Common Web Attacks Protection: detecting common web application security attack.
Automation Detection: Detecting bots, crawlers, scanners and other surface malicious activity.
HTTP Protection: detecting violations of the HTTP protocol and a locally defined usage policy.

---------------------------------------------------------------------------------------

Conclusion

Mod_security is basically used to protect and monitor real time HTTP traffic and web applications from brute fore attacks and it also acts as intrusion detection and prevention system for web applications. In order to become useful, ModSecurity must be configured with rules which we can then use OWASP (Open Web Application Security Project) which is a Core Rules Set (CRS) for mod_security base configuration.

INSTALLING PHP 7 & PhpMyAdmin 4.7.6 ON CENTOS 7

INSTALLING PHP 7 ON CENTOS 7

To install PHP 7, you have to install and enable EPEL and Remi repository to your CentOS 7 system with the commands below.   

   

# yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

            # yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm

 

Next, you need to install yum-utils, a collection of useful programs for managing yum repositories and packages. It has tools that basically extend yum’s default features.

 

            # yum install yum-utils

 

If you want to install PHP 7.1 or PHP 7.2 on CentOS 7, just enable it as shown.

 

# yum-config-manager --enable remi-php71   [Install PHP 7.1]

# yum-config-manager --enable remi-php72   [Install PHP 7.2]

 

Now install PHP 7 with all necessary modules with the command below.

 

# yum install php php-mcrypt php-cli php-gd php-curl php-mysql php-ldap php-zip php-fileinfo

 

You can check the PHP version using the below command

 

# php –v

 

PHP 7.2.0 (cli) (built: Nov 28 2017 20:22:21) ( NTS )

Copyright (c) 1997-2017 The PHP Group

Zend Engine v3.2.0, Copyright (c) 1998-2017 Zend Technologies

PhpMyAdmin 4.7.6 Installation 

 

               # yum --enablerepo=remi install phpMyAdmin

 

·         Edit /etc/httpd/conf.d/phpMyAdmin.conf

 

       Require all granted                                 [  under <IfModule mod_authz_core.c>  ]

 

·         Edit /etc/phpMyAdmin/config.inc.php

 

 $cfg['Servers'][$i]['auth_type']     = 'http';    // Authentication method (config, http or cookie based)

 

#  systemctl restart  httpd.service