Base Package Installation + Configuration

After installing base Debian GNU/Linux system, or whatever distribution you have decided to use, you will need to get some additional core packages installed. There are two groups we�ll install here:

  • Core packages like Apache, PHP and MySQL that will run our web front-end
  • Dependencies that will be required by our source packages to be installed later

If you have followed the recommendation and have installed Debian GNU/Linux as your base Linux distribution, you can use the apt-get command to install the dependencies required. This will run through installing a number of packages all at once rather than doing them individually, and the system will also work out some other dependencies it needs to install:

apt-get install apache php4 php4-cgi mysql-server phpmyadmin libmysqlclient10-dev sudo

Apache Configuration
A couple of ammendments for Apache need to be made in order to ensure that PHP will work correctly and we also need to setup some virtual hosts that allow us to utilise the S4 system for multiple webservices such as delivering an Intranet front page based on accepted sites (more on this later):

vi /etc/apache/httpd.conf

Ensure ‘LoadModule php4_module /usr/lib/apache/1.3/libphp4.so‘ is uncommented as well – sometimes the installation of PHP4 does not correctly make this adjustment automatically.

To allow us to make sure Apache can be used for multiple services and responds correctly to these requests, add the following under Virtual Hosts within the httpd.conf. This will be right at the end of the configuration file, so there is no need to trawl through it all line by line:

# Virtual Hosts configured for S4 System
NameVirtualHost *

ServerName default
DocumentRoot /var/www/


ServerName schoolproxy
DocumentRoot /var/www/


ServerName intranet
DocumentRoot /var/www/intranet/

# End of virtual hosts configured for S4 System

PHP Configuration
There are two versions of PHP that are installed on our system. The first, PHP4 is the core PHP system that ties in with Apache to run all our PHP scripts across the Internet. The other is PHP4-CGI that allows us to run PHP scripts from the command line. We don�t manually run these scripts, but we will schedule a number of cron jobs each evening to rotate log files, parse data into our MySQL databases, run security checks and updates, etc.

In order for the command line scripts to function, we need to change the following within ‘/etc/php4/cgi/php.ini‘ under Resource Limits section:

max_execution_time = 120
memory_limit = 64M

It�s fine for us to do this as the scripts that require such processing time and memory requirements are ran when the system will not be in use, so hogging all these resource is acceptable. As we haven�t altered things too much, the system still won�t grind to a halt if a problem is encountered, so although the resource limits are a lot more vigorous than the default options, it�s not a security or stability risk.

Visudo
In order to let our web front-end carry out certain actions on the S4 system without opening security holes, we use visudo to control commands available. Visudo lets us specifiy which users can which commands that would normally only be accessible by root. By only specifying certain commands, we still keep our system secure, but allow the running of minor control scripts and service restarts to take place:

visudo

and then add in the following to your sudoers:

Cmnd_Alias DG = /etc/init.d/dansguardian
www-data ALL=(ALL) NOPASSWD:DG

Do not attempt to edit sudoers file manually, it won�t work. Always use the visudo command to make the required changes.

Next Step: Samba Installation + Configuration

S4 Documentation Home

Leave a Reply

Your email address will not be published. Required fields are marked *

*

About Me

Iain Foulds, 33 years old. Originally from England, now living in Seattle. I currently work as a Senior Content Developer for Microsoft writing about Azure VMs. Gamer. Very passionate about photography. Comments and opinions expressed here are my own. More...

Categories

Archives