RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX


Install OpenBSD to Secure Your Web Server : Page 4

Designed to be "secure by default", the OpenBSD server operating system offers comprehensive security features. Learn how to perform a network install of this OS—along with PHP4 and MySQL—to keep sensitive data protected.


Install MySQL and PHP

Install MySQL4:

 TYPE: "pkg_add mysql-server-4.0.20.tgz"

Note the instructions on the screen. You will return to this after you install PHP.

Install PHP4:

 TYPE pkg_add php4-core-4.3.10.tgz

Enable the PHP4 module:

 TYPE /usr/local/sbin/phpxs -s
 TYPE cp /usr/local/share/doc/php4/php.ini-recommended /var/www/conf/php.ini

Install PHP4_MySQL4 connectivity:

 TYPE pkg_add php4-mysql-4.3.10.tgz
 TYPE /usr/local/sbin/phpxs -a mysql

Enable MCRYPT:

 TYPE pkg_add php4-mcrypt-4.3.10.tgz
 TYPE /usr/local/sbin/phpxs –a mcrypt

Enable MHASH:

 TYPE pkg_add php4-mhash-4.3.10
 TYPE /usr/loca./sbin/phpxs –a mhash

Enable IMAP:

 TYPE pkg_add php4-imap-4.3.10.tgz
 TYPE /usr/local/sbin/phpxs –a imap

Enable DOMXML:

 TYPE pkg_add php4-domxml-4.3.10.tgz
 TYPE /usr/local/sbin/phpxs –a domxml

Enable PEAR libraries:

 TYPE pkg_add php4-pear-4.3.10.tgz

Use PHP to manipulate graphics:

 TYPE pkg_add php4-gd-4.3.10-no_x11.tgz
 TYPE /usr/local/sbin/phpxs –a gd

Enable CURL:

 TYPE pkg_add php4-curl-4.3.10.tgz
 TYPE /usr/local/sbin/phpxs –a curl

Create MYSQL passwords and user:

 TYPE /usr/local/bin/mysqld_safe &
 TYPE /usr/local/bin/mysqladmin -u root password mypassword

Access the server with your new password:

 TYPE /usr/local/bin/mysql -u root –p

Enter your password at the prompt. You should see the mysql prompt. A problem with MySQL is it ships with two anonymous users who have no passwords. Change this within MySQL by entering the following (Note: the '' marks are two single quotation marks in a row):

mysql> TYPE SELECT Host, User FROM mysql.user;
mysql> TYPE SET PASSWORD FOR ''@'localhost' = PASSWORD('newpwd');
mysql> TYPE SET PASSWORD FOR ''@'host_name' = PASSWORD('newpwd');

Change ''@'host_name' to the value that corresponds to the name you gave your system, displayed on your screen under Host where User = root (e.g., lockdown.cyborgspiders.com):

mysql> TYPE exit

Now that you are back at the '#' prompt, TYPE ps to verify that mysqld_safe is still running.

Edit APACHE httpd.conf file:

  1. vi /var/www/conf/httpd.conf
  2. Change the email address for ServerAdmin to you@youraddress.com.
  3. Change your ServerName to a valid DNS entry. If you do not have a valid DNS name for your host, enter the IP address associated with your LAN.
  4. TYPE ifconfig –a to find the INET address associated with your working Ethernet card.
  5. Find the line that says inet or some similar value.
  6. AddType application/x-httpd-php .php and delete the comment tag '#'.
  7. Also, you must add php to the Apache Directory Index: DirectoryIndex index.html index.php (Optionally, add index.phtml, index.php4, and index.php3.).
  8. Exit VI and save forced.
  9. Press ESC and TYPE ":wq!" ENTER.

Starting and Stopping APACHE as the SuperUser

To start Apache:

 TYPE apachectl start      (c as in current, t as in table, l as in linux)

To stop Apache:

 TYPE apachectl stop      (c as in current, t as in table, l as in linux)

Start Apache now. Then navigate to the htdocs directory to test PHP:

 TYPE cd /var/www/htdocs
 TYPE ls

You are now viewing the htdocs directory. This is the directory from which Apache serves files to the world:

TYPE lynx

This should show you a congratulations screen. Apache is running with the index.html file.

For PHP to work, you must create an index.php file:

 TYPE vi index.html

Remember, press i for insert mode. Beneath the <body bgcolor="#ffffff"> tag, add <?php phpinfo(); ?>. Press ESC:wq index.php. This saves the file as index.php with your changes. Test this out:

 TYPE lynx

You should see a very detailed display about your new PHP-enabled Apache Web server. Read through it. Notice how the variables in the httpd.conf file and the php.ini file affect the output. Depending on your purposes, you will want to make configuration changes to these files. (Note: the Apache documentation is installed by default. To avoid embarrassment (and death threats) on the mailing lists, RTFM.)

Close Icon
Thanks for your registration, follow us on our social networks to keep up-to-date