Instalacija linux Fedora 15

Instalacija o/s-a, web servera Appache,baze podataka MySQL, PHP, FTP servera i drugih alata.


Instalacija Fedora15 => (next next finish), pomoć pri  instalaciji na linku:

Instalacija LAMP servera

Kod def. instalacijie podešen je pristup do MySQL baze samo sa lokalne mreže

You don’t have permission to access /phpMyAdmin on this server.

This may trigger due to the restrictions which assigned with the default config file. Open it with your favorite editor from the path below.

[root@megantereon /]# vi /etc/httpd/conf.d/phpMyAdmin.conf

by default you can only access phpMyAdmin only over localhost. The rule is here.

Alias /phpMyAdmin /usr/share/phpMyAdmin order deny,allow deny from all allow from

To allow access over remote web browsers, comment out the lines on the above config file as shown below.

Alias /phpMyAdmin /usr/share/phpMyAdmin #order deny,allow #deny from all allow from

Remote Desktop

Dodatna prava (nautilus-super)

Instalacija vsftpd

Kreiranje korisnika koji imaju samo prava doći do svog foldera

useradd <username> -d /var/www/html/foldername/

Promjena passworda

passwd <username>

Problem sa pristupom FTP

Temporarily switch off enforcement

You can switch the system into permissive mode with the following command:

echo 0 >/selinux/enforce

You’ll need to be logged in as root, and in the sysadm_r role:

newrole -r sysadm_r

To switch back into enforcing mode:

echo 1 >/selinux/enforce

In Fedora Core and RedHat Enterprise Linux you can use the setenforce command with a 0 or 1 option to set permissive or enforcing mode, its just a slightly easier command than the above.

To check what mode the system is in,

cat /selinux/enforce

which will print a “0” or “1” for permissive or enforcing – probably printed at the beginning of the line of the command prompt.

You just run the command
setsebool -P ftp_home_dir 1

Vi Editor


Instalacija Adobe Flash playera

1. Change Root User
sudo -i ## OR ## su -

2. Install Adobe YUM Repository RPM package
## Adobe Repository 32-bit x86 ## rpm -ivh http://linuxdownload.adobe.com/adobe-release/adobe-release-i386-1.0-1.noarch.rpm rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux    3. Update Repositories

yum check-update

4. Install Needed Packages and Adobe Flash Player 11 on Fedora 16/15/14/13/12

yum install flash-plugin nspluginwrapper alsa-plugins-pulseaudio libcurl

5.Verify that the Flash Player Plugin is working:
Open Mozilla Firefox and write about:plugins on address bar

FTP: SELinux

Server Training FTP Server

VSFTPD and SELinux
As security issues continue to rise, new strategies for security are imperative. This is most often true with servers and networked computers because of the implications for down servers and non-functioning workstations.   SELinux or Security Enhanced Linux was developed by the US National Security Agency to address the increased need for security on servers and managing the daemons that exist on the server.  SELinux integrates the security architecture into the kernel using Linux Security Modules (LSM).

Lesson 6 / Lesson 8

Now there are a number of  SELinux directives that correspond to VSFTPD.  You may view all directives with this command:

getsebool -a | grep ftpd

allow_ftpd_anon_write –> permits the writing of files to directories configured with the public_content_rw_t setting.
allow_ftpd_use_cifs –> permits the use of files that are shared via CIFS
allow_ftpd_use_nfs –> permits the use of files that are shared via NFS
ftp_is_daemon  –> required for the standalone daemon
ftp_home_directory –> permits read and write access to user home directories

If you want to activate these files sue the setsebool command to turn on or off the settings.  Use the -P option if you want to have the changes remain permanent after booting.  Without the -P option the changes are temporary.  Here is an example turning an option on permanently.

setsebool -P allow_ftpd_use_nfs 1

If you create a file called “file” in the /var/ftp/pub directory you will see this when you review the SELinux settings with the -Z option.
# ls -Z /var/ftp/pub
-rw-r–r–  root root system_u:object_r:public_content_t file

As you can see the root user created this file.  Then you see three elements related to SELinux.  system_u is used because this is a default setting for the system.  

The system object shows the context for the role.

The type describes the nature of the data.  In this case this is public read only data by default.

If you wanted to allow users to write to the pub directory you would need to change the context.  You could do that with the chcon command.
chcon -R -user_u -t public_content_rw_t  /var/pub

The default settings for the ftp directory are set in the file  /etc/selinux/targeted/contexts/files/file_contexts .  Be very careful in making changes in this file.  Here is the listing for ftp.
/var/ftp(/.*)?  system_u:object_r:public_content_t:s0