|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
75b6c3e |
= Fedora specific installation notes =
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
75b6c3e |
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
75b6c3e |
== Database ==
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
5be44d7 |
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
005224d |
Mantis requires a database to function; use the following steps to
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
5be44d7 |
configure mantis to work with MySQL:
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
5be44d7 |
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
5be44d7 |
1. install MySQL packages
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
75b6c3e |
yum install mysql-server php-mysql
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
5be44d7 |
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
5be44d7 |
2. start MySQL server
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
75b6c3e |
service mysqld start
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
5be44d7 |
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
5be44d7 |
WARNING: the default MySQL configuration has a "root" account with no password.
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
5be44d7 |
Please have a look to the MySQL documentation to add a proper password
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
5be44d7 |
and/or a separate account for mantis usage.
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
5be44d7 |
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
75b6c3e |
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
== Configuration files ==
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
The mantis configuration file is /etc/mantis/config_inc.php.
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
Be sure to check the file /usr/share/mantis/config_defaults_inc.php for the
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
full list of available configuration options.
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
== First time operations ==
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
75b6c3e |
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
75b6c3e |
1. allow yourelf to access the admin directory
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
005224d |
Please note that the provided configuration file for Apache
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
005224d |
(/etc/httpd/conf.d/mantis.conf) by default prevents access to the mantis
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
005224d |
administration area.
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
Find the section:
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
<Directory /usr/share/mantis/admin>
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
and change the "None" in:
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
Allow from None
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
005224d |
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
to the machine IP you will be connecting from. For instance:
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
Allow from 127.0.0.1
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
allows localhost access to the admin area
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
005224d |
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
then restart apache with:
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
005224d |
service httpd restart
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
005224d |
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
75b6c3e |
2. point your browser to:
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
https://localhost/mantis/admin/install.php
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
5be44d7 |
to create an empty DB.
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
5be44d7 |
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
005224d |
BIG FAT WARNING: when you are done with the installation, be sure to revert the
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
modifications you've done in step 1.
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
005224d |
Otherwise you will leave the administration area unprotected with
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
005224d |
critical system information and database update capabilities open to
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
005224d |
any unauthorized person.
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
005224d |
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
5be44d7 |
WARNING: A DEFAULT ADMINISTRATOR level account is created. The account name
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
005224d |
and password are administrator / root. Use this when you first login
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
005224d |
to Mantis. Immediately go to Manage and create at least one
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
005224d |
administrator level account. Immediately after that, DISABLE or DELETE
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
005224d |
the administrator account. You can recreate it but you should delete
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
005224d |
the account to prevent the cookie_string from being used to trick the
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
75b6c3e |
package. REMEMBER: After setting up the package, REMOVE the
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
005224d |
default administrator account.
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
== Upgrades ==
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
After a version upgrade that involves changes to the DB schema, you will need
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
to run again the installer steps as outlined above. The installer is able to
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
recognize which modifications are needed and apply them to the DB.
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
Albeit the upgrade routine is usually well tested and safe, please
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
consider doing a complete backup of the database before attempting the
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
procedure.
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
== SELinux ==
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
The default SELinux configuration prevents the httpd process (hence mantis)
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
from sending emails. This is easily fixed with:
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
|
|
![](https://seccdn.libravatar.org/avatar/c3906cbc04e80ba9313c83f33c43462994a93dd345c772a81f08020ac9dd9fd0?s=16&d=retro) |
156bac0 |
setsebool -P httpd_can_sendmail=1
|