Line 1: |
Line 1: |
| + | =[[User:Mmccarn|Mmccarn]] ([[User talk:Mmccarn|talk]]) [[User:Mmccarn|Mmccarn]] ([[User talk:Mmccarn|talk]]) 13:10, 22 January 2018 (CET) = |
| + | ==Wazuh== |
| + | ===Repo=== |
| + | <nowiki>/sbin/e-smith/db yum_repositories set wazuh repository \ |
| + | Name 'Wazuh repository' \ |
| + | BaseURL 'https://packages.wazuh.com/3.x/yum/' \ |
| + | EnableGroups no \ |
| + | GPGCheck yes \ |
| + | GPGKey https://packages.wazuh.com/key/GPG-KEY-WAZUH \ |
| + | Visible no \ |
| + | status disabled</nowiki> |
| + | |
| + | ===Agent Configuration=== |
| + | [https://documentation.wazuh.com/current/installation-guide/installing-wazuh-agent/wazuh_agent_rpm.html Wazuh Client Installation Instructions] |
| + | |
| + | Wazuh 3.x installs correctly from the yum repository: |
| + | yum --enablerepo=wazuh install wazuh-agent |
| + | |
| + | Create the client account on the wazuh manager: |
| + | /var/ossec/bin/agent-auth -m [ip.of.wazuh.server] |
| + | |
| + | Replace "MANAGER_IP" with the IP address of the wazuh manager in this section of /var/ossec/etc/ossec.conf: |
| + | <nowiki>... |
| + | <client> |
| + | <server> |
| + | <address>MANAGER_IP</address> |
| + | </server> |
| + | <config-profile>rhel, rhel6</config-profile> |
| + | </client> |
| + | ... |
| + | </nowiki> |
| + | |
| + | Start the agent |
| + | /etc/init.d/wazuh-agent start |
| + | |
| + | ===SME Customizations=== |
| + | I added these instructions to /var/ossec/etc/ossec.conf: |
| + | <nowiki> <localfile> |
| + | <log_format>djb-multilog</log_format> |
| + | <location>/var/log/dovecot/current</location> |
| + | </localfile> |
| + | |
| + | <localfile> |
| + | <log_format>djb-multilog</log_format> |
| + | <location>/var/log/tinydns/current</location> |
| + | </localfile> |
| + | <localfile> |
| + | <log_format>djb-multilog</log_format> |
| + | <location>/var/log/dnscache/current</location> |
| + | </localfile> |
| + | |
| + | <localfile> |
| + | <log_format>command</log_format> |
| + | <command>grep -h logterse /var/log/*qpsmtpd/current</command> |
| + | <alias>s/qpsmtpd</alias> |
| + | <frequency>360</frequency> |
| + | </localfile> |
| + | </nowiki> |
| + | |
| + | And this instruction to /var/ossec/etc/local_internal_options.conf: |
| + | <nowiki># from https://documentation.wazuh.com/2.0/user-manual/reference/ossec-conf/localfile.html |
| + | # 'it may not be permissible in all environments to allow the Wazuh manager to run |
| + | # arbitrary commands on agents in their root security context.' |
| + | logcollector.remote_commands=1 |
| + | </nowiki> |
| + | |
| + | And restarted the agent using |
| + | /etc/init.d/wazuh-agent restart |
| + | |
| + | =Older= |
| + | Mariadb notes moved to [[MariaDB_alongside_MySQL]] |
| + | ==Install Moodle 2.6 using git== |
| + | ===Requirements=== |
| + | * Recommended minimum browser: recent Google Chrome, recent Mozilla Firefox, Safari 6, Internet Explorer 9 (IE 10 required for drag and drop of files from outside the browser into Moodle) |
| + | * Moodle upgrade: Moodle 2.2 or later (if upgrading from earlier versions, you must upgrade to 2.2.11 as a first step) |
| + | * Minimum DB versions: PostgreSQL 8.3, <span style="color:red;">MySQL 5.1.33</span>, MariaDB 5.3.5, MSSQL 2005 or Oracle 10.2 |
| + | * Minimum PHP version: <span style="color:green">PHP 5.3.3</span> (always use latest PHP 5.4.x or 5.5.x on Windows - http://windows.php.net/download/) |
| + | * New recommended PHP extensions: <span style="color:green">zlib</span>, <span style="color:red;">OPcache</span> |
| + | |
| + | ====DB Version==== |
| + | SME Server 8.x comes with MySQL v5.0.95. In order to install Moodle without risking destabilizing a SME server by changing the MySQL version, you can install MariaDB 5.3.54 ''alongside'' MySql. |
| + | |
| + | ====OPcache==== |
| + | Zend OPcache is built-in to PHP 5.5, and can be compiled to work with PHP 5.3.3. |
| + | |
| + | I have not been able to find a source online for an RPM for OPcache. |
| + | |
| + | I believe this will make Moodle run more slowly than it would *with* OPcache. |
| + | |
| + | ===Installation=== |
| + | ====Prepare your server==== |
| + | ======Install useful php modules====== |
| + | * During installation, Moodle will request php-soap, php-xmlrpc and php-intl. These are all available from the 'smeaddons' repository, and can be installed using: |
| + | yum install php-soap php-xmlrpc php-intl |
| + | |
| + | =====Create an ibay===== |
| + | * Create an ibay named 'moodle' in server-manager |
| + | * Customize some of the settings on the new moodle ibay |
| + | <nowiki>IBAY=moodle |
| + | /sbin/e-smith/db accounts setprop $IBAY \ |
| + | FollowSymLinks enabled \ |
| + | CgiBin enabled \ |
| + | AllowOverride All \ |
| + | Group www \ |
| + | PublicAccess global \ |
| + | PHPBaseDir "/home/e-smith/files/ibays/$IBAY/:/tmp/" \ |
| + | UserAccess wr-group-rd-everyone |
| + | /sbin/e-smith/signal-event remoteaccess-update |
| + | # |
| + | mkdir /home/e-smith/files/ibays/$IBAY/moodledata |
| + | chown www:www /home/e-smith/files/ibays/$IBAY/moodledata |
| + | #</nowiki> |
| + | |
| + | =====Create a database===== |
| + | * Install Mariadb ''alongside'' mysql |
| + | * create a mariadb database for moodle |
| + | <nowiki># Generate a random 23 character password |
| + | DBPASS=`< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c23` |
| + | DBNAME=moodle |
| + | DBUSER=moodle |
| + | CONNECT=--socket=/opt/mariadb-data/mariadb.sock |
| + | # |
| + | echo ;\ |
| + | echo ;\ |
| + | echo Creating Database using: ;\ |
| + | echo DBNAME=$DBNAME ;\ |
| + | echo DBUSER=$DBUSER ;\ |
| + | echo DBPASS=$DBPASS ;\ |
| + | echo ;\ |
| + | echo Save this information! You will need it later during initial application setup! \(press \<enter\> when ready\) ;\ |
| + | read |
| + | # |
| + | mysql $CONNECT -e "create database $DBNAME; |
| + | grant all privileges on $DBNAME.* to $DBUSER@localhost identified by \"$DBPASS\" with grant option; |
| + | quit"</nowiki> |
| + | |
| + | ====Install Moodle==== |
| + | =====Download & Checkout using git===== |
| + | <nowiki> |
| + | # |
| + | # Download moodle using git |
| + | # http://docs.moodle.org/26/en/Git_for_Administrators#Obtaining_the_code_from_Git |
| + | # |
| + | IBAY=moodle |
| + | cd /home/e-smith/files/ibays/$IBAY |
| + | mv html html.`date +%F-%H%M%S` |
| + | git clone git://git.moodle.org/moodle.git html |
| + | cd html |
| + | git branch -a |
| + | git branch --track MOODLE_26_STABLE origin/MOODLE_26_STABLE |
| + | git checkout MOODLE_26_STABLE |
| + | # |
| + | # correct ownership |
| + | signal-event ibay-modify $IBAY |
| + | </nowiki> |
| + | |
| + | =====Run the moodle installer===== |
| + | <nowiki># |
| + | # run the moodle command line installer |
| + | # if prompted, set: |
| + | # mysql port: 3307 |
| + | # mysql socket: /opt/mariadb-data/mariadb.sock |
| + | # |
| + | cd /home/e-smith/files/ibays/$IBAY/html/admin/cli |
| + | sudo -u www /usr/bin/php install.php |
| + | </nowiki> |
| + | |
| + | =====Correct database settings if necessary===== |
| + | If you were not prompted for database socket, port, or other connection settings during the command line setup, you will need to correct the settings manually. |
| + | |
| + | The database connection settings are stored in this file: |
| + | /home/e-smith/files/ibays/moodle/html/config.php |
| + | |
| + | If you have just run the above database connection commands in the same putty session, you can correct your moodle settings using: |
| + | <nowiki>IBAY=moodle |
| + | sed -i s/dbname.*/dbname\ \ \ \ \=\ \'$DBNAME\'\;/ /home/e-smith/files/ibays/$IBAY/html/config.php |
| + | sed -i s/dbuser.*/dbuser\ \ \ \ \=\ \'$DBUSER\'\;/ /home/e-smith/files/ibays/$IBAY/html/config.php |
| + | sed -i s/dbpass.*/dbpass\ \ \ \ \=\ \'$DBPASS\'\;/ /home/e-smith/files/ibays/$IBAY/html/config.php</nowiki> |
| + | |
| + | ====Optional Settings==== |
| + | =====Scan Uploads using ClamAV===== |
| + | Moodle can be configured to scan all user files when uploaded. |
| + | <nowiki>mysql $CONNECT -e "use moodle; |
| + | update mdl_config set value=1 where name='runclamonupload'; |
| + | update mdl_config set value='/usr/bin/clamscan' where name='pathtoclam'; |
| + | quit"</nowiki> |
| + | =====Authentication Settings===== |
| + | To configure authentication mechanisms: |
| + | * Login to Moodle using an account with administrative rights |
| + | * Select 'Site Administration' |
| + | ** Select 'Plugins' |
| + | *** Select 'Authentication' |
| + | Moodle can be configured to authenticate users using any of the methods listed below: |
| + | * Manual accounts |
| + | * No login |
| + | * CAS server (SSO) |
| + | * Email-based self-registration |
| + | * External database |
| + | * FirstClass server |
| + | * IMAP server |
| + | ** Select 'imapcert' if your IMAP server uses a self-signed certificate |
| + | * LDAP server |
| + | * MNet authentication |
| + | * NNTP server |
| + | * No authentication |
| + | * PAM (Pluggable Authentication Modules) |
| + | * POP3 server |
| + | * RADIUS server |
| + | * Shibboleth |
| + | * Web services authentication |
| + | |
| + | =====Create Additional Administrators===== |
| + | http://docs.moodle.org/26/en/Assign_admins |
| + | |
| + | ==TiddlyWiki5 Using Node.js== |
| + | [http://tiddlywiki.com/ TiddlyWiki] is "a complete interactive wiki in JavaScript." |
| + | |
| + | {{Warning box|The install and update routines shown here are based on notes from a working installation.<br>The removal routines are untested.}} |
| + | |
| + | ===Prerequisites=== |
| + | # node.js > 8.x (note: I was unable to find a binary installer for curent node releases; I use 'gcc' and compile locally) |
| + | # [https://npmjs.org/package/npm npm] |
| + | |
| + | ===Assumptions=== |
| + | # wiki content will be stored in /opt/tiddlywiki/tiddlers |
| + | # tiddlywiki code will be stored in /opt/tiddlywiki/node_modules |
| + | # tiddlywiki will run as user 'www' |
| + | # tiddlywiki logs will be run as 'smelog' |
| + | # tiddlywiki will be daemonized using daemontools |
| + | |
| + | ===Installation=== |
| + | <nowiki>mkdir /opt/tiddlywiki |
| + | cd /opt/tiddlywiki |
| + | npm install tiddlywiki |
| + | chown -R www:www /opt/tiddlywiki/.</nowiki> |
| + | |
| + | ====Create daemontools scripts, folders, etc==== |
| + | The code below is designed to be run by copy/paste into a server console prompt. |
| + | |
| + | <nowiki>mkdir -p /var/service/tiddlywiki/log |
| + | mkdir -p /var/log/tiddlywiki |
| + | chown -R smelog:smelog /var/log/tiddlywiki |
| + | cd /service |
| + | ln -s /var/service/tiddlywiki . |
| + | cd /var/service/tiddlywiki |
| + | touch down |
| + | # |
| + | # create the service 'run' file |
| + | # |
| + | echo '#!/bin/sh |
| + | # |
| + | # setup node environment |
| + | # |
| + | exec 2>&1 |
| + | # |
| + | APP_DIR=/opt/tiddlywiki |
| + | USER=www |
| + | # |
| + | NODE_EXEC=/usr/local/bin/node |
| + | NODE_ENV=production |
| + | NODE_CONFIG_DIR=$APP_DIR |
| + | NODE_APP=node_modules/tiddlywiki/tiddlywiki.js |
| + | NODE_ARGS=--server |
| + | echo "Starting $NODE_EXEC $APP_DIR/$NODE_APP $NODE_ARGS" |
| + | cd $APP_DIR |
| + | exec \ |
| + | setuidgid $USER \ |
| + | $NODE_EXEC $NODE_APP $NODE_ARGS |
| + | ' > /var/service/tiddlywiki/run |
| + | |
| + | # |
| + | # Create log/run |
| + | # |
| + | echo '#!/bin/sh |
| + | # |
| + | exec \ |
| + | /usr/local/bin/setuidgid smelog \ |
| + | /usr/local/bin/multilog t s5000000 \ |
| + | /var/log/tiddlywiki' > /var/service/tiddlywiki/log/run </nowiki> |
| + | |
| + | ====start the service==== |
| + | sv u tiddlywiki |
| + | |
| + | ====check the log files to see if it worked==== |
| + | tail /var/log/tiddlywiki/current |
| + | |
| + | ====Create init.d script and startup.shutdown scripts==== |
| + | This segment of code will create the scripts needed to start the service at boot and to stop the service at shutdown. |
| + | |
| + | <nowiki>SERVICE=tiddlywiki |
| + | # |
| + | cd /etc/rc.d/init.d |
| + | ln -s daemontools $SERVICE |
| + | cd /etc/rc.d/rc0.d |
| + | ln -s /etc/rc.d/init.d/e-smith-service K01$SERVICE |
| + | cd /etc/rc.d/rc1.d |
| + | ln -s /etc/rc.d/init.d/e-smith-service K01$SERVICE |
| + | cd /etc/rc.d/rc6.d |
| + | ln -s /etc/rc.d/init.d/e-smith-service K01$SERVICE |
| + | cd /etc/rc.d/rc7.d |
| + | ln -s /etc/rc.d/init.d/e-smith/service S99$SERVICE</nowiki> |
| + | |
| + | ====Create config db entry==== |
| + | /etc/rc.d/init.d/e-smith-service will start a service whose status is ''enabled'', and will not start it otherwise. |
| + | |
| + | <nowiki>SERVICE=tiddlywiki |
| + | config set $SERVICE service access public status enabled</nowiki> |
| + | |
| + | ====Proxypass Domain for WAN access==== |
| + | I found that I needed to [http://wiki.contribs.org/SME_Server:Documentation:ProxyPass#ProxyPass_a_domain proxypass a domain]. An [http://wiki.contribs.org/SME_Server:Documentation:ProxyPass#ProxyPass_a_alias.2Fdirectory.2Flocation alias/directory/location] proxypass generated errors and prevented edits from saving correctly. |
| + | |
| + | <nowiki>DOMAIN=tiddlywiki.domain.tld |
| + | db domains set $DOMAIN domain Nameservers internet ProxyPassTarget http://localhost:8080/ TemplatePath ProxyPassVirtualHosts |
| + | # |
| + | # Several TiddlyWiki 5 Plugins require AllowEncodedSlashes On in httpd.conf |
| + | mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/ProxyPassVirtualHosts |
| + | echo '# |
| + | # AllowEncodedSlashes On from custom template in ProxyPassVirtualHosts |
| + | AllowEncodedSlashes On ' > /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/ProxyPassVirtualHosts/04ProxyPassVirtualHosts |
| + | signal-event domain-create $DOMAIN</nowiki> |
| + | |
| + | ===Update to the latest tiddlywiki code=== |
| + | <nowiki>cd /opt/tiddlywiki && setuidgid www npm update tiddlywiki && sv t tiddlywiki</nowiki> |
| + | |
| + | ===COMPLETE Removal=== |
| + | <nowiki>DOMAIN=tiddlywiki.domain.tld |
| + | signal-event domain-delete $DOMAIN |
| + | db domains delete $DOMAIN |
| + | # |
| + | SERVICE=tiddlywiki |
| + | config delete $SERVICE |
| + | find /etc/rc.d -name "*$SERVICE*" -exec 'rm' -f "{}" \; |
| + | 'rm' -rf /service/$SERVICE |
| + | 'rm' -rf /var/service/$SERVICE |
| + | 'rm' -rf /var/log/$SERVICE |
| + | # |
| + | cd /opt/$SERVICE |
| + | npm remove $SERVICE |
| + | cd /opt |
| + | 'rm' -rf /opt/$SERVICE </nowiki> |
| + | |
| + | ==Notes on check_earlytalker== |
| Why did you remove the Request_for_deletion template on the check_earlytalker page? AFAIK it is obsolete and should be deleted according to http://forums.contribs.org/index.php/topic,46234.msg226418.html#msg226418 - <small>— [[User:Cactus|Cactus]] ([[User talk:Cactus|talk]] | [[Special:Contributions/Cactus|contribs]]) </small> 07:05, 16 February 2012 (MST) | | Why did you remove the Request_for_deletion template on the check_earlytalker page? AFAIK it is obsolete and should be deleted according to http://forums.contribs.org/index.php/topic,46234.msg226418.html#msg226418 - <small>— [[User:Cactus|Cactus]] ([[User talk:Cactus|talk]] | [[Special:Contributions/Cactus|contribs]]) </small> 07:05, 16 February 2012 (MST) |
| | | |
| Here's my understanding of the Request_for_deletion addition to this page: | | Here's my understanding of the Request_for_deletion addition to this page: |
| + | |
| 1) Piran posted a link to this page in a thread with the text "Install the check_earlytalker plugin": | | 1) Piran posted a link to this page in a thread with the text "Install the check_earlytalker plugin": |
| http://forums.contribs.org/index.php/topic,46229.msg226377.html#msg226377 | | http://forums.contribs.org/index.php/topic,46229.msg226377.html#msg226377 |