Login | Register   
RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX

By submitting your information, you agree that devx.com may send you DevX offers via email, phone and text message, as well as email offers about other products and services that DevX believes may be of interest to you. DevX will process your information in accordance with the Quinstreet Privacy Policy.


Creating an oBAMP Stack: OpenBSD, Apache, MySQL, and PHP : Page 2

The OpenBSD, Apache, MySQL, and PHP (oBAMP) platform provides a powerful point of departure for the creation of dynamic web content. Learn the procedures for running OpenBSD 4.4 with Apache SSL, MySQL 5, and PHP 5.




Application Security Testing: An Integral Part of DevOps

Configuring OpenBSD with PHP and MySQL
The first thing to do when creating an OpenBSD 4.4, Apache 1.3.29, MySQL 5.0.51a, and PHP 5.2.6 oBAMP web server is to create a user on the OpenBSD system that has sudo privileges.

Next, remain logged in as root and add a user to your OpenBSD 4.4 machine by typing adduser at the root prompt:

# adduser

Choose the default shell, the default login class, and all the defaults until prompted for a username. I suggest using the blowfish algorithm or triple DES for password encryption.

Enter "[] puffy" (without the quotes) as the username, and make this user a member of the group "wheel." Name the login group "puffy", and invite puffy into the group "wheel." Continue with the default settings for [] puffy in the group wheel until complete. Next, configure sudo to allow [] puffy to have limited system administrator root privileges by typing this at the root prompt:

# visudo

Scroll to the following lines:

# Uncomment to allow people in the group wheel to run all commands
# and set environmental variables
# %wheel ALL=(ALL) SETENV: ALL

//Delete the pound sign (#) in the third line with the delete key, so it reads as follows:

Next, type :wq enter and then type exit. Now log in with the username and password you have just created.

From now on, to login as sudo root, remember that the password for sudo is not the root password; it is the user password. Store your true root password in a safe place or memorize it.

// become pseudo root
$ sudo su

Next, type exit to return to your user's default shell. Now you can access applications as pseudo root by typing:

sudo favorite.application.name

Using OpenBSD Packages to Install Third-Party Software
OpenBSD packages are the preferred way of installing third-party software to the OpenBSD base system. When acquiring these packages, it is best to use a mirror server that is geographically close to your computer's location and, of course, to select the packages section that corresponds with your computer's architecture. For example, I am using Canada as my geographic location and I selected the i386 architecture.

To ensure that your settings are accurate for your scenario, you can hard-code the ftp addresses of OpenBSD mirror servers into your new user's .profile file. OpenBSD has the vi editor and the mg (Emacs-like) editor installed by default. Here's how you would edit your .profile file with the vi editor:

$ vi .profile
// hint: i is for insert

// Complete listing of official OpenBSD world ftp mirrors

For my settings (i386 architecture in Canada), you could use something like the following in your .profile file:

export PKG_PATH=ftp://openbsd.arcticnetwork.ca/pub/OpenBSD/4.4/packages/i386:

To select the i386 architecture in the United States, you could use something like this in your .profile file. Realize that connecting to one ftp server is enough.

export PKG_PATH=ftp://mirror.planetunix.net/pub/OpenBSD/4.4/packages/i386: 

See Sidebar 1. Complete Listing of ftp Servers and Master Fanout Sites for a complete listing of ftp servers and Master fanout sites in Australia, Canada, the United Kingdom, and the United States.

When you have chosen the appropriate settings, write the new file and exit your chosen code editor. To escape vi, type :wq.

Log out and then log back in to have these settings take effect with your user's .profile:

$ exit

Next, test out the package system by adding a third party network auditing software package in verbose mode. Dsniff is password sniffing software and is one example of why a person should always use OpenSSL or OpenSSH when sending passwords over any network.

// install dsniff as a package
$ sudo pkg_add -v dsniff-2.3p5-no_x11.tgz

Check out the following links to further explore OpenBSD packages:

Comment and Contribute






(Maximum characters: 1200). You have 1200 characters left.



We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.
Thanks for your registration, follow us on our social networks to keep up-to-date