Menu
▾
▴
[Sciret-svn] SF.net SVN: sciret:[778] trunk/docs
|
From: <re...@us...> - 2008-11-21 19:14:11
|
Revision: 778
http://sciret.svn.sourceforge.net/sciret/?rev=778&view=rev
Author: reinerj
Date: 2008-11-21 19:14:04 +0000 (Fri, 21 Nov 2008)
Log Message:
-----------
update the BSD doc and add new mysql security
Modified Paths:
--------------
trunk/docs/sciret-install-OpenBSD-EN-images.html
trunk/docs/sciret-install-OpenBSD-EN-images.txt
trunk/docs/sciret-install-OpenBSD-EN.txt
Modified: trunk/docs/sciret-install-OpenBSD-EN-images.html
===================================================================
--- trunk/docs/sciret-install-OpenBSD-EN-images.html 2008-11-15 18:41:44 UTC (rev 777)
+++ trunk/docs/sciret-install-OpenBSD-EN-images.html 2008-11-21 19:14:04 UTC (rev 778)
@@ -344,14 +344,17 @@
<body>
<div id="header">
<h1>Howto install Sciret on OpenBSD</h1>
-<span id="author">v1.1.3, Mai 2007</span><br />
-Reiner Jung <rj...@th...>
+<span id="author">v2.0.0, Nov 2008</span><br />
+Reiner Jung <re...@kb...>
</div>
<h2 id="_introduction">1. Introduction</h2>
<div class="sectionbody">
<div class="para"><p><strong>Sciret</strong></p></div>
<div class="para"><p>Sciret is an advanced knowledge based system written in PHP. The software self is platform independent and should run on every platform where PHP is supported. In the further development, Sciret will be extended to a full enterprise knowledge and information storage system.</p></div>
-<div class="para"><p>Sciret was developed as a internal project from <a href="http://www.the-gang.net">TheGang</a>, a Open Source consulting and strategy company. After many month of internal usage, the decision was taken to release the code as an Open Source Project on <a href="http://www.sf.net">Sourceforge</a>. We hope that Sciret will also fulfill the requirements of other users and companies.</p></div>
+<div class="literalblock">
+<div class="content">
+<pre><tt>Sciret was developed as a internal project from http://www.kb-m.com[Keyboard Monkeys], a Open Source consulting and strategy company. After many month of internal usage, the decision was taken to release the code as an Open Source Project on http://www.sf.net[Sourceforge]. We hope that Sciret will also fulfill the requirements of other users and companies.</tt></pre>
+</div></div>
<div class="para"><p><strong>OpenBSD</strong></p></div>
<div class="para"><p><a href="http://www.openbsd.org">OpenBSD</a> is a Unix-like computer operating system descended from Berkeley Software Distribution (BSD), a Unix derivative developed at the University of California, Berkeley. It was forked from NetBSD by project leader Theo de Raadt in late 1995. The project is widely known for the developers insistence on open source code and quality documentation; uncompromising position on software licensing; and focus on security and code correctness. The project is coordinated from de Raadt's home in Calgary, Alberta, Canada. Its logo and mascot is Puffy, a blowfish.</p></div>
<div class="para"><p>OpenBSD includes a number of security features absent or optional in other operating systems and has a tradition of developers auditing the source code for software bugs and security problems. The project maintains strict policies on licensing and prefers the open source BSD licence and its variants in the past this has led to a comprehensive licence audit and moves to remove or replace code under licences found less acceptable.</p></div>
@@ -593,13 +596,40 @@
</div>
<div class="para"><p>Now you need to prepare your MySQL server that he start at system start and you need to
install the default database for your MySQL server.</p></div>
+<div class="para"><p>The basic installation from your OpenBSD system and the required servers are configured and you can
+start now to install Sciret. Sciret will be available in the OpenBSD ports tree, so you can install
+Sciret without pain. Before you can install Sciret, you need to prepare your database first. Please
+follow the instructions below.</p></div>
+</div>
+<h2 id="_database">4. Database</h2>
+<div class="sectionbody">
+<div class="para"><p>Sciret requires a database. At the moment Sciret support only MySQL as database.
+There are several ways to create a database and several tools</p></div>
<div class="admonitionblock">
<table><tr>
<td class="icon">
-<img src="./asciidoc-images/important.png" alt="Important" />
+<img src="./asciidoc-images/tip.png" alt="Tip" />
</td>
<td class="content">
-<div class="title">Configuration of your MySQL server</div>
+<div class="title">MySQL Administration</div>
+<div class="para"><p>phpMyAdmin: Web based administration tool for MySQL is as a package available in
+the OpenBSD ports tree. You can install the package like the other packages with
+the command</p></div>
+<div class="literalblock">
+<div class="content">
+<pre><tt>pkg_add -v -i phpMyAdmin.</tt></pre>
+</div></div>
+<div class="para"><p>For more information about phpMyAdmin you can visit the project page.</p></div>
+<div class="para"><p><a href="http://www.phpmyadmin.net">http://www.phpmyadmin.net/</a></p></div>
+<div class="para"><p>MySQL Administrator is a other tool, provided by MySQL AB and this tool is also
+available as package from the ports tree (mysql-administrator).</p></div>
+<div class="para"><p><a href="http://www.mysql.com/products/tools/administrator">http://www.mysql.com/products/tools/administrator/</a></p></div>
+</td>
+</tr></table>
+</div>
+<h3 id="_configuration_of_your_mysql_server">4.1. Configuration of your MySQL server</h3><div style="clear:left"></div>
+<div class="exampleblock">
+<div class="exampleblock-content">
<div class="para"><p>To enable MySQL to start at boot enter the following line in /etc/rc.conf.local:</p></div>
<div class="literalblock">
<div class="content">
@@ -636,41 +666,92 @@
</div></div>
<div class="para"><p>You must add this line exactly as they are written here. Otherwise your chrooted Apache will not be
able to connect to the MySQL Database server!</p></div>
-</td>
-</tr></table>
-</div>
-<div class="para"><p>The basic installation from your OpenBSD system and the required servers are configured and you can
-start now to install Sciret. Sciret will be available in the OpenBSD ports tree, so you can install
-Sciret without pain. Before you can install Sciret, you need to prepare your database first. Please
-follow the instructions below.</p></div>
-</div>
-<h2 id="_database">4. Database</h2>
-<div class="sectionbody">
-<div class="para"><p>Sciret requires a database. At the moment Sciret support only MySQL as database.
-There are several ways to create a database and several tools</p></div>
+<div class="para"><p>Now you can start your MySQL server with the follow command manually</p></div>
+<div class="literalblock">
+<div class="content">
+<pre><tt>/usr/local/bin/mysqld_safe &</tt></pre>
+</div></div>
+</div></div>
<div class="admonitionblock">
<table><tr>
<td class="icon">
-<img src="./asciidoc-images/tip.png" alt="Tip" />
+<img src="./asciidoc-images/important.png" alt="Important" />
</td>
<td class="content">
-<div class="title">MySQL Administration</div>
-<div class="para"><p>phpMyAdmin: Web based administration tool for MySQL is as a package available in
-the OpenBSD ports tree. You can install the package like the other packages with
-the command</p></div>
+<div class="title">Secure your MySQL server</div>
+<div class="para"><p>You should run the follow command to secure your MySQL for production environments</p></div>
<div class="literalblock">
<div class="content">
-<pre><tt>pkg_add -v -i phpMyAdmin.</tt></pre>
+<pre><tt># /usr/local/bin/mysql_secure_installation</tt></pre>
</div></div>
-<div class="para"><p>For more information about phpMyAdmin you can visit the project page.</p></div>
-<div class="para"><p><a href="http://www.phpmyadmin.net">http://www.phpmyadmin.net/</a></p></div>
-<div class="para"><p>MySQL Administrator is a other tool, provided by MySQL AB and this tool is also
-available as package from the ports tree (mysql-administrator).</p></div>
-<div class="para"><p><a href="http://www.mysql.com/products/tools/administrator">http://www.mysql.com/products/tools/administrator/</a></p></div>
+<div class="admonitionblock">
+<table><tr>
+<td class="icon">
+<img src="./asciidoc-images/note.png" alt="Note" />
</td>
+<td class="content">RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
+ SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!</td>
</tr></table>
</div>
+<div class="para"><p>In order to log into MySQL to secure it, we'll need the current
+password for the root user. If you've just installed MySQL, and
+you haven't set the root password yet, the password will be blank,
+so you should just press enter here.</p></div>
+<div class="para"><p>Enter current password for root (enter for none):</p></div>
+<div class="para"><p>OK, successfully used password, moving on…</p></div>
+<div class="para"><p>Setting the root password ensures that nobody can log into the MySQL
+root user without the proper authorisation.</p></div>
+<div class="para"><p>Set root password? [Y/n] y</p></div>
+<div class="para"><p>New password:</p></div>
+<div class="para"><p>Re-enter new password:</p></div>
+<div class="para"><p>Password updated successfully!</p></div>
+<div class="para"><p>Reloading privilege tables..</p></div>
+<div class="literalblock">
+<div class="content">
+<pre><tt>... Success!</tt></pre>
+</div></div>
+<div class="para"><p>By default, a MySQL installation has an anonymous user, allowing anyone
+to log into MySQL without having to have a user account created for
+them. This is intended only for testing, and to make the installation
+go a bit smoother. You should remove them before moving into a
+production environment.</p></div>
+<div class="para"><p>Remove anonymous users? [Y/n] y</p></div>
+<div class="literalblock">
+<div class="content">
+<pre><tt>... Success!</tt></pre>
+</div></div>
+<div class="para"><p>Normally, root should only be allowed to connect from <em>localhost</em>. This
+ensures that someone cannot guess at the root password from the network.</p></div>
+<div class="para"><p>Disallow root login remotely? [Y/n] y</p></div>
+<div class="literalblock">
+<div class="content">
+<pre><tt>... Success!</tt></pre>
+</div></div>
+<div class="para"><p>By default, MySQL comes with a database named <em>test</em> that anyone can
+access. This is also intended only for testing, and should be removed
+before moving into a production environment.</p></div>
+<div class="para"><p>Remove test database and access to it? [Y/n] y</p></div>
+<div class="para"><p>Dropping test database…</p></div>
+<div class="literalblock">
+<div class="content">
+<pre><tt>... Success!</tt></pre>
+</div></div>
+<div class="para"><p>Removing privileges on test database…</p></div>
+<div class="literalblock">
+<div class="content">
+<pre><tt>... Success!</tt></pre>
+</div></div>
+<div class="para"><p>Reloading the privilege tables will ensure that all changes made so far
+will take effect immediately.</p></div>
+<div class="para"><p>Reload privilege tables now? [Y/n] y</p></div>
+<div class="literalblock">
+<div class="content">
+<pre><tt>... Success!</tt></pre>
+</div></div>
+</td>
+</tr></table>
</div>
+</div>
<h2 id="_disabling_and_configuring_services">5. Disabling and configuring Services</h2>
<div class="sectionbody">
<div class="para"><p>OpenBSD does come with a few unnecessary services enabled by default, which you don't need when you run Sciret. Turn these services off. This is completely optional and you must do so according to your own needs.</p></div>
@@ -1249,7 +1330,7 @@
</div>
<div id="footer">
<div id="footer-text">
-Last updated 2008-09-25 01:13:09 CEST
+Last updated 2008-11-21 20:09:31 CEST
</div>
</div>
</body>
Modified: trunk/docs/sciret-install-OpenBSD-EN-images.txt
===================================================================
--- trunk/docs/sciret-install-OpenBSD-EN-images.txt 2008-11-15 18:41:44 UTC (rev 777)
+++ trunk/docs/sciret-install-OpenBSD-EN-images.txt 2008-11-21 19:14:04 UTC (rev 778)
@@ -1,8 +1,8 @@
Howto install Sciret on OpenBSD
===============================
-v1.1.3, Mai 2007
-Reiner Jung <rj...@th...>
-:Author Initials: JR
+v2.0.0, Nov 2008
+Reiner Jung <re...@kb...>
+:Author Initials: RJ
Introduction
------------
@@ -11,7 +11,7 @@
Sciret is an advanced knowledge based system written in PHP. The software self is platform independent and should run on every platform where PHP is supported. In the further development, Sciret will be extended to a full enterprise knowledge and information storage system.
-Sciret was developed as a internal project from http://www.the-gang.net[TheGang], a Open Source consulting and strategy company. After many month of internal usage, the decision was taken to release the code as an Open Source Project on http://www.sf.net[Sourceforge]. We hope that Sciret will also fulfill the requirements of other users and companies.
+ Sciret was developed as a internal project from http://www.kb-m.com[Keyboard Monkeys], a Open Source consulting and strategy company. After many month of internal usage, the decision was taken to release the code as an Open Source Project on http://www.sf.net[Sourceforge]. We hope that Sciret will also fulfill the requirements of other users and companies.
*OpenBSD*
@@ -176,8 +176,41 @@
Now you need to prepare your MySQL server that he start at system start and you need to
install the default database for your MySQL server.
-[IMPORTANT]
-.Configuration of your MySQL server
+
+
+
+The basic installation from your OpenBSD system and the required servers are configured and you can
+start now to install Sciret. Sciret will be available in the OpenBSD ports tree, so you can install
+Sciret without pain. Before you can install Sciret, you need to prepare your database first. Please
+follow the instructions below.
+
+Database
+--------
+
+Sciret requires a database. At the moment Sciret support only MySQL as database.
+There are several ways to create a database and several tools
+
+[TIP]
+.MySQL Administration
+================================================================================
+phpMyAdmin: Web based administration tool for MySQL is as a package available in
+the OpenBSD ports tree. You can install the package like the other packages with
+the command
+
+ pkg_add -v -i phpMyAdmin.
+
+For more information about phpMyAdmin you can visit the project page.
+
+http://www.phpmyadmin.net[http://www.phpmyadmin.net/]
+
+MySQL Administrator is a other tool, provided by MySQL AB and this tool is also
+available as package from the ports tree (mysql-administrator).
+
+http://www.mysql.com/products/tools/administrator[http://www.mysql.com/products/tools/administrator/]
+================================================================================
+
+Configuration of your MySQL server
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
=====================================================================================
To enable MySQL to start at boot enter the following line in /etc/rc.conf.local:
@@ -212,38 +245,89 @@
You must add this line exactly as they are written here. Otherwise your chrooted Apache will not be
able to connect to the MySQL Database server!
+
+
+Now you can start your MySQL server with the follow command manually
+
+ /usr/local/bin/mysqld_safe &
+
=====================================================================================
-The basic installation from your OpenBSD system and the required servers are configured and you can
-start now to install Sciret. Sciret will be available in the OpenBSD ports tree, so you can install
-Sciret without pain. Before you can install Sciret, you need to prepare your database first. Please
-follow the instructions below.
+[IMPORTANT]
+.Secure your MySQL server
+=====================================================================================
+You should run the follow command to secure your MySQL for production environments
-Database
---------
+ # /usr/local/bin/mysql_secure_installation
-Sciret requires a database. At the moment Sciret support only MySQL as database.
-There are several ways to create a database and several tools
+NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
+ SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
-[TIP]
-.MySQL Administration
-================================================================================
-phpMyAdmin: Web based administration tool for MySQL is as a package available in
-the OpenBSD ports tree. You can install the package like the other packages with
-the command
-
- pkg_add -v -i phpMyAdmin.
-For more information about phpMyAdmin you can visit the project page.
-
-http://www.phpmyadmin.net[http://www.phpmyadmin.net/]
+In order to log into MySQL to secure it, we'll need the current
+password for the root user. If you've just installed MySQL, and
+you haven't set the root password yet, the password will be blank,
+so you should just press enter here.
-MySQL Administrator is a other tool, provided by MySQL AB and this tool is also
-available as package from the ports tree (mysql-administrator).
+Enter current password for root (enter for none):
-http://www.mysql.com/products/tools/administrator[http://www.mysql.com/products/tools/administrator/]
-================================================================================
+OK, successfully used password, moving on...
+Setting the root password ensures that nobody can log into the MySQL
+root user without the proper authorisation.
+
+Set root password? [Y/n] y
+
+New password:
+
+Re-enter new password:
+
+Password updated successfully!
+
+Reloading privilege tables..
+
+ ... Success!
+
+
+By default, a MySQL installation has an anonymous user, allowing anyone
+to log into MySQL without having to have a user account created for
+them. This is intended only for testing, and to make the installation
+go a bit smoother. You should remove them before moving into a
+production environment.
+
+Remove anonymous users? [Y/n] y
+
+ ... Success!
+
+Normally, root should only be allowed to connect from 'localhost'. This
+ensures that someone cannot guess at the root password from the network.
+
+Disallow root login remotely? [Y/n] y
+
+ ... Success!
+
+By default, MySQL comes with a database named 'test' that anyone can
+access. This is also intended only for testing, and should be removed
+before moving into a production environment.
+
+Remove test database and access to it? [Y/n] y
+
+Dropping test database...
+
+ ... Success!
+
+Removing privileges on test database...
+
+ ... Success!
+
+Reloading the privilege tables will ensure that all changes made so far
+will take effect immediately.
+
+Reload privilege tables now? [Y/n] y
+
+ ... Success!
+=====================================================================================
+
Disabling and configuring Services
----------------------------------
Modified: trunk/docs/sciret-install-OpenBSD-EN.txt
===================================================================
--- trunk/docs/sciret-install-OpenBSD-EN.txt 2008-11-15 18:41:44 UTC (rev 777)
+++ trunk/docs/sciret-install-OpenBSD-EN.txt 2008-11-21 19:14:04 UTC (rev 778)
@@ -1,8 +1,8 @@
Howto install Sciret on OpenBSD
===============================
-v1.1.3, Mai 2007
+v2.0.0, Nov 2008
Reiner Jung <re...@kb...>
-:Author Initials: JR
+:Author Initials: RJ
Introduction
------------
@@ -176,8 +176,41 @@
Now you need to prepare your MySQL server that he start at system start and you need to
install the default database for your MySQL server.
-[IMPORTANT]
-.Configuration of your MySQL server
+
+
+
+The basic installation from your OpenBSD system and the required servers are configured and you can
+start now to install Sciret. Sciret will be available in the OpenBSD ports tree, so you can install
+Sciret without pain. Before you can install Sciret, you need to prepare your database first. Please
+follow the instructions below.
+
+Database
+--------
+
+Sciret requires a database. At the moment Sciret support only MySQL as database.
+There are several ways to create a database and several tools
+
+[TIP]
+.MySQL Administration
+================================================================================
+phpMyAdmin: Web based administration tool for MySQL is as a package available in
+the OpenBSD ports tree. You can install the package like the other packages with
+the command
+
+ pkg_add -v -i phpMyAdmin.
+
+For more information about phpMyAdmin you can visit the project page.
+
+http://www.phpmyadmin.net[http://www.phpmyadmin.net/]
+
+MySQL Administrator is a other tool, provided by MySQL AB and this tool is also
+available as package from the ports tree (mysql-administrator).
+
+http://www.mysql.com/products/tools/administrator[http://www.mysql.com/products/tools/administrator/]
+================================================================================
+
+Configuration of your MySQL server
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
=====================================================================================
To enable MySQL to start at boot enter the following line in /etc/rc.conf.local:
@@ -212,38 +245,97 @@
You must add this line exactly as they are written here. Otherwise your chrooted Apache will not be
able to connect to the MySQL Database server!
+
+
+Now you can start your MySQL server with the follow command manually
+
+ /usr/local/bin/mysqld_safe &
+
=====================================================================================
-The basic installation from your OpenBSD system and the required servers are configured and you can
-start now to install Sciret. Sciret will be available in the OpenBSD ports tree, so you can install
-Sciret without pain. Before you can install Sciret, you need to prepare your database first. Please
-follow the instructions below.
+[IMPORTANT]
+.Secure your MySQL server
+=====================================================================================
+You should run the follow command to secure your MySQL for production environments
-Database
---------
+ # /usr/local/bin/mysql_secure_installation
-Sciret requires a database. At the moment Sciret support only MySQL as database.
-There are several ways to create a database and several tools
+NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
+ SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
-[TIP]
-.MySQL Administration
-================================================================================
-phpMyAdmin: Web based administration tool for MySQL is as a package available in
-the OpenBSD ports tree. You can install the package like the other packages with
-the command
-
- pkg_add -v -i phpMyAdmin.
-For more information about phpMyAdmin you can visit the project page.
-
-http://www.phpmyadmin.net[http://www.phpmyadmin.net/]
+In order to log into MySQL to secure it, we'll need the current
+password for the root user. If you've just installed MySQL, and
+you haven't set the root password yet, the password will be blank,
+so you should just press enter here.
-MySQL Administrator is a other tool, provided by MySQL AB and this tool is also
-available as package from the ports tree (mysql-administrator).
+Enter current password for root (enter for none):
-http://www.mysql.com/products/tools/administrator[http://www.mysql.com/products/tools/administrator/]
-================================================================================
+OK, successfully used password, moving on...
+Setting the root password ensures that nobody can log into the MySQL
+root user without the proper authorisation.
+
+Set root password? [Y/n] y
+
+New password:
+
+Re-enter new password:
+
+Password updated successfully!
+
+Reloading privilege tables..
+
+ ... Success!
+
+
+By default, a MySQL installation has an anonymous user, allowing anyone
+to log into MySQL without having to have a user account created for
+them. This is intended only for testing, and to make the installation
+go a bit smoother. You should remove them before moving into a
+production environment.
+
+Remove anonymous users? [Y/n] y
+
+ ... Success!
+
+Normally, root should only be allowed to connect from 'localhost'. This
+ensures that someone cannot guess at the root password from the network.
+
+Disallow root login remotely? [Y/n] y
+
+ ... Success!
+
+By default, MySQL comes with a database named 'test' that anyone can
+access. This is also intended only for testing, and should be removed
+before moving into a production environment.
+
+Remove test database and access to it? [Y/n] y
+
+Dropping test database...
+
+ ... Success!
+
+Removing privileges on test database...
+
+ ... Success!
+
+Reloading the privilege tables will ensure that all changes made so far
+will take effect immediately.
+
+Reload privilege tables now? [Y/n] y
+
+ ... Success!
+
+Cleaning up...
+
+All done! If you've completed all of the above steps, your MySQL
+installation should now be secure.
+
+Thanks for using MySQL!
+
+=====================================================================================
+
Disabling and configuring Services
----------------------------------
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
