DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
Old 4 Days Ago
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 5,706
Default

Quote:
Originally Posted by GarryR View Post
Well I understand that it is for security...
Correct. It is a desirable risk mitigation, as it can limit the impact of a successful attack. Web servers and PHP applications are extremely popular attack vectors. Expect attacks 7x24x365.

In the event of a successful attack, the attacker will not be able to access any files other than those inside /var/www. What the attacker can reach inside that part of the filesystem, or any network connections they may be able to establish or use, should be considered, as these may still be a serious security concern. I've seen database connections from application servers that are tightly restricted to very specific queries, with firewalls between the application server and database server networks.
Quote:
I think at this point my best option is to delete everything I installed, all the php,and data base packages, etc. and start over.
That's up to you, of course.
Reply With Quote
Old 4 Days Ago
GarryR's Avatar
GarryR GarryR is offline
Real Name: Garry Ricketson
Shell Scout
 
Join Date: Jul 2015
Location: Durango, Mx.
Posts: 117
Default

Well, it will be the 3rd time, "third time's a charm
This currently is the 2nd time, something I really like about OpenBsd,
when I used
Code:
pkg_delete php
for example, it also showed me what
conf files I had modified, and recommended deleting them as well, similar on all
the packages, like mariadb, etc,... and right now this is the problem, the other night
I had made several changes, and something I did really messed it up, I can not remember
exactly everything I had done,..
So any way, the first time, I could not really even access any of the PHP stuff, the second
time, for a while I could to some extent, but the "Mybb" installer, could not access the data base, and in the process of trying to solve that, I broke the entire "localhost", but any way
now, I do have "httpd" working ok again, and it does load the "index.html" just fine, however
the PHP config files, and the database is messed up, it seems like the easiest approach is
to re-install them.
This time , when I create the database I will do that in the /var/www/htdocs dir, hopefully that
will work.
Actually the php, and mybb forum , etc is not essential any way, and it does open a
"can of worms" so to speak as far as security goes on a webserver.
Not counting the forum part is a constant struggle to keep "spamfree", but on that I am pretty
well "experienced", and it is no problem,... in fact I do a lot with Stop Forum Spam, another topic, but any way when they hit my site, they get added to the data base,etc.
The thing of it is, as far as I know none of the other admins are using any BSD, or OpenBsd,
they are all using Linux on the other servers, so I am kind of "on my own", on this,...other then you, nobody has even offered any advice. Well actually I have not asked either, because I know, or am under the impression no body else involved on a admin level is using a BSD, maybe I should ask , though.
Sorry, for kind of rambling and drifting "off topic", but any way as I mentioned when I started
this topic,http://daemonforums.org/showthread.p...0299#post61803
Quote:
PS, I have some additional thoughts, ideas,...but will get into that later.
====
I did read this thread, I found doing some searches, http://daemonforums.org/showthread.php?t=5677 But it is very old, and also does not really apply to what
I have in mind. Also the OP never came back with any responses as to if they got it working, etc.
====
The company that provides the server , I have been using them for a year now, seems
reliable, and very economical, basic. They do not offer any support beyond installing the OS one chooses, and if there is a "mechanical" failure of the HD, of course, then they would replace it, and reinstall the OS. I am responsible for my own backups, all though they do
offer a service for that, at a additional cost.
Any way, for now that is about it, this was to long all ready,... we'll see if the 3rd time is "the charm", I may go ahead and get the real server started as well.
There has not been much showing in my searches, it seems like not very many people are using Open Bsd for a web server, or the one that are , are using "apache" or "nginx", so the tutorials do not apply to "httpd", I do want to try to stick with "httpd", but that might be another option, to try using the Apache or Nginx server packages,.?
thanks
Reply With Quote
Old 4 Days Ago
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 5,706
Default

Why not back up, and explain what it is you actually want to do?
  • You linked to a thread on hosting an SSH server, which has nothing to do with PHP, web services, or databases.
  • You've mentioned "MyBB" which is one of many web forum applications, and happens to be written in PHP. There have been a lot of CVEs published for it (link).
MyBB isn't packaged for OpenBSD, so installation and provisioning would be entirely your responsibility. A very clear understanding of how the tinker toys all connect together would be valuable.

I'll restate what I stated earlier about database access, because I think it's important:

If an application's database resides within /var/www, a successful attacker may obtain full access to it. If that database resides elsewhere but is connected via the network (Unix-domain socket, loopback, or actual network), careful application design may be able to limit what damage can be done or what data may be exposed. But in this situation, you are limited to what you get from the third party project.
Reply With Quote
Old 4 Days Ago
GarryR's Avatar
GarryR GarryR is offline
Real Name: Garry Ricketson
Shell Scout
 
Join Date: Jul 2015
Location: Durango, Mx.
Posts: 117
Default

Ok, sorry about that, the thread I linked to, that was my point, It shows up
when I was trying some searches, but it does not apply to what I am doing,
guess I shouldn't have even mentioned it.
====
Quote:
A very clear understanding of how the tinker toys all connect together would be valuable.
Ok, well it is a little more then just "tinker toys" to me, but any way I understand what you mean,..........
Basicly, I want to setup a website, non commercial. I do not want to use any "hosting services", I will do my own "hosting", similar to what I am doing here:
(note, I am not trying to promote my website, but this is the easiest way to explain)
http://http://www.elchanate.org/ I no longer want to use Debian wheezy, and there
is no way I would use any of the newer versions of Debian for a server, but that is a really different topic.
I do enjoy writing, so most of what gets on the website is my own material. However I would
like to have some sort of "forum" software, to make it possible that others can submit or post
things if they wish.
If there is any forum software packaged for OpenBsd, I would be more interested
in using that instead of "myBB" or "phpBB", so far I am not aware of any.
It is a "project" of sorts, and if there are any others that are using Open Bsd, and have interest, I would welcome the "company" so to speak, but the first thing to do (I think)
is setup the server, it will be "dedicated", then the "home page" , forum, etc.
Even if there is no interest, it does not matter. I will PM you with some detail on
that, don't want to say here.
Quote:
I'll restate what I stated earlier about database access, because I think it's important:

If an application's database resides within /var/www, a successful attacker may obtain full access to it. If that database resides elsewhere but is connected via the network (Unix-domain socket, loopback, or actual network), careful application design may be able to limit what damage can be done or what data may be exposed. But in this situation, you are limited to what you get from the third party project.
Ok, yes I am aware of that, and it is a concern. So any way, "scratch that idea"( puting the data base inside /var/www.
Quote:
My self>>> This time , when I create the database I will do that in the /var/www/htdocs dir, hopefully that
will work.
thanks again,...
Reply With Quote
Old 2 Days Ago
GarryR's Avatar
GarryR GarryR is offline
Real Name: Garry Ricketson
Shell Scout
 
Join Date: Jul 2015
Location: Durango, Mx.
Posts: 117
Default

I deleted everything and started over, and
I stumbled on to this :
https://thecyberrecce.net/2017/01/15...riadb-and-php/
And then it also goes into a detailed tutorial on installing WordPress, have not tried that part yet.
The first part on starting the web server, seems to work pretty well, except there are some minor typos,
One : where it says to use
Code:
/etc/rc.d/php56-fpm start
, I needed to use :
Code:
/etc/rc.d/php56_fpm start
Also the httpd.conf example, needed some minor adjustments,..
But after all said and done it seemed to be a pretty good tutorial, so far any way,
everything went pretty smoothly.
================================================== ======
Also I am still thinking about the other options we discussed, by PM, the "Drupal" idea sounds
really good, there even is some spam preventing software available for Drupal,
https://www.stopforumspam.com/mods#link_drupal
Like I mentioned , I have never used Drupal, but also, never have tried Wordpress either, I am not a big fan of WordPress, but that would be another topic...
__________________
More screen shots here: My OpenBsd screens

My best friends are parrots
Reply With Quote
Old 1 Day Ago
GarryR's Avatar
GarryR GarryR is offline
Real Name: Garry Ricketson
Shell Scout
 
Join Date: Jul 2015
Location: Durango, Mx.
Posts: 117
Default

I managed to install Drupal7 to the PC and localhost. It was pretty easy,
but there were a couple of "hoops", I am about to take a nap, but will get back later
with some more details.
============== Edited===========
The installer for Drupal was pretty good, and the few "hoops" were not to hard because
the installer was clear about what was missing or needed to be change.
the php.ini needs to have the gd extension, as well as the mysql and mysqli
Code:
; If you only provide the name of the extension, PHP will look for it in its
; default extension directory.
extension=mysql.so
extension=mysqli.so
extension=gd.so
Then :
Under the [mbstring] section , I had to modify these:
Code:
lines:1771 thru 173
; The precedence is: default_charset < intput_encoding < mbsting.http_input
; http://php.net/mbstring.http-input
mbstring.http_input = pass
#==== next : 
#line 1784
mbstring.http_output = pass
#======and finally
#This was the part that was confusing
#1792 line 
; http://php.net/mbstring.encoding-translation
; mbstring.encoding_translation = off
# The default was like this:   mbstring.encoding_translation = On
# simply changing it to off, was not enough, I had the place the (  ;  ) to disable it completely.
But all in all it was pretty easy.
Also restarting the services:
Code:
/etc/rc.d/httpd -f -d restart

/etc/rc.d/php56_fpm restart
After modify the php.ini, restarting httpd, and fpm is supposed to work, but I still had to reboot.
So even if one runs the restart commands, and no change, I suggest trying to reboot as well.
I imagine that may vary on different machines.
==== edit again===
Note: I just used the "sqlite" option, ......for the db .
Attached Images
File Type: gif drupal.gif (192.2 KB, 8 views)

Last edited by GarryR; 23 Hours Ago at 02:45 AM.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenBSD As DNS Server 3v1l OpenBSD Packages and Ports 8 6th February 2014 05:06 AM
ssh server on OpenBSD MarinosK OpenBSD General 4 16th February 2011 07:38 PM
How to build a OpenBSD server? fender0107401 OpenBSD Installation and Upgrading 6 15th October 2010 07:11 PM
OpenBSD Xterminal Server jjjustjjjay OpenBSD General 0 17th April 2010 12:46 PM
Caching-only DNS server on OpenBSD Oko OpenBSD General 1 13th September 2009 08:30 PM


All times are GMT. The time now is 02:35 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick