Jun 14, 2020
CentOS 8 – Setting up a LAMP environment
Welcome back again to another Stealthbay blog. So this week I was trying to setup a LAMP (linux, apache, mariadb, php) setup to test out some web apps. And, I thought I’d post a quick tutorial on what I did to set one up. Hopefully, it helps someone else out there to setup one very quickly using CentOS 8.
Note – I was using CentOS 8 on VMWare 15.5 and noticed there is an issue. Make sure you do not power the machine on right away. Go to the hardware settings on the VM and remove the “autostart.inf” it shows up as a CD/DVD drive. This is the easy install option and it messes up the installation.
Update Packages
Download new updated packages
sudo dnf update
Install Apache
Install apache on the machine
sudo dnf install httpd httpd-tools
Optional: If you want Apache to start during a bootup use the following:
sudo systemctl enable httpd
Start Apache
sudo systemctl start httpd
Verify Apache is running
sudo systemctl status httpd
Change firewall rules
Use the commands below to allow firewall rules for http(s) traffic:
sudo firewall-cmd –permanent –zone=public –add-service=http
sudo firewall-cmd –permanent –zone=public –add-service=https
sudo firewall-cmd –-reload
Test webserver
If you now go to: http://server-IP you should see your web server is active and running.
Install MariaDB (MySQL)
Download and install mariadb
sudo dnf install mariadb-server mariadb -y
Run mariadb
sudo systemctl start mariadb
Optional: The following command will start MariaDB on startup/bootup
sudo systemctl enable mariadb
Confirm that mariadb is running
sudo systemctl status mariadb
Secure mariadb
sudo mysql_secure_installation
Install PHP
Let us get the latest package updates
sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
Let us get yum utils
sudo dnf install dnf-utils http://rpms.remirepo.net/enterprise/remi-release-8.rpm
Find which PHP modules are available
sudo dnf module list php
Verify we have the latest PHP 7.4 version
sudo dnf module reset php
Reset PHP modules to use latest PHP version
sudo dnf module enable php:remi-7.4
Install PHP modules
sudo dnf install php php-opcache php-gd php-curl php-mysqlnd
Verify latest PHP version is setup
php -v
Start PHP
sudo systemctl start php-fpm
Optional: If you want to run PHP on server startup use the following:
$ sudo systemctl enable php-fpm
Check PHP status
sudo systemctl status php-fpm
Get SELinux to allow apache to run PHP code
sudo setsebool -P httpd_execmem 1
Restart apache
sudo systemctl restart httpd
Test PHP
Create a file and insert the below code in it
<?php
phpinfo ();
?>
Load the file via your web server
http://server-ip-address/test.php
If PHP is working you should see the PHP settings.
Install PHPMYADMIN
Download phpMyAdmin
Visit https://www.phpmyadmin.net/files/ to find the latest version.
Wget https://files.phpmyadmin.net/phpMyAdmin/5.0.2/phpMyAdmin-5.0.2-all-languages.zip
Unzip the file and move the contents
sudo mv phpMyAdmin-5.0.2-all-languages /usr/share/phpMyAdmin
Change the config file so it is active
cd /usr/share/phpmyadmin
mv config.sample.inc.php config.inc.php
Add a database secret
sudo nano config.inc.php
Look for the following and add your own secret/password here.
$cfg[‘blowfish_secret’] = ‘add-a-password-here’;
Import tables
sudo mysql < /usr/share/phpmyadmin/sql/create_tables.sql -u root -p
Create a temp directory for phpMyAdmin
mkdir /usr/share/phpmyadmin/tmp
sudo chown -R apache:apache /usr/share/phpmyadmin
sudo chmod 777 /usr/share/phpmyadmin/tmp
Create config phpMyAdmin file for Apache
nano /etc/httpd/conf.d/phpmyadmin.conf
Add the below code into your file:
Alias /phpmyadmin /usr/share/phpMyAdmin
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require all granted
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
<Directory /usr/share/phpMyAdmin/setup/>
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require all granted
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
Restart apache
sudo systemctl restart httpd
Verify apache is running
sudo systemctl status httpd
Secure phpMyAdmin with SELinux
We need the following package:
sudo dnf install policycoreutils-python-utils
Enable access to the phpMyAdmin directory
sudo semanage fcontext -a -t httpd_sys_rw_content_t ‘/usr/share/phpMyAdmin/’
sudo semanage fcontext -a -t httpd_sys_rw_content_t “/usr/share/phpMyAdmin/tmp(/.*)?”
Recurse through all phpMyAdmin directory files
sudo restorecon -Rv ‘/usr/share/phpMyAdmin/’
Restart the firewall rules for phpmyadmin
sudo firewall-cmd –-reload
Check to see if phpMyAdmin is running
http://your-server-ip/phpmyadmin
Extra security
So for me this is a local virtual machine, so I am not concerned with other IP’s being able to reach the machine. However, if you have this on a public facing IP you will want to restrict what IP addresses can access phpMyAdmin.
Edit the Config file for phpMyAdmin and add your IP address
nano /etc/httpd/conf.d/phpmyadmin.conf
<RequireAny>
Require ip your-ip-address
Require ip ::1
</RequireAny>
Tutorial Completed
Well that is it and you now are done and ready to start installing your web apps. I recommend you make a snapshot if it is a VM that you are using. So, you do not need to redo all of the work again.
My name is Harry Taheem
I am a Cyber Security Engineer.
My aim is to post things I learn or find interesting and allow others to hopefully gain some more insight. I also plan on posting general IT related issues, as I’d like 
Leave a Reply