This tutorial describes OCS Inventory installation on Oracle Linux 9.2.
1. Network connectivity configuration using nmtui tool
2. Unlock access to root account via SSH
nano /etc/ssh/sshd_config uncomment line: PermitRootLogin yes
3. Host name setting
hostnamectl set-hostname new_name
or
nano /etc/hostname
4. System update and install tools.
dnf -y update dnf install epel-release yum install -y net-tools bash-completion vim-enhanced yum install gnome-tweaks yum install policycoreutils-python-utils dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm dnf install -y https://rpms.remirepo.net/enterprise/remi-release-9.rpm
5. NTP client – chrony configuration
systemctl status chronyd.service sudo firewall-cmd --add-service=ntp --permanent sudo firewall-cmd --reload nano /etc/chrony.conf systemctl is-active chronyd.service systemctl restart chronyd.service timedatectl list-timezones | grep Europe/ timedatectl set-timezone Europe/Warsaw chronyc sources timedatectl
6. MariaDB installation and database creation
dnf install mariadb-server -y systemctl enable --now mariadb mysql_secure_installation mysql -u root -p CREATE USER 'ocsadmin' IDENTIFIED BY 'OCSDBocsadminPa$$'; ALTER USER 'ocsadmin' IDENTIFIED BY 'OCSDBocsadminPa$$'; CREATE DATABASE IF NOT EXISTS ocsdb character set utf8mb4 collate utf8mb4_bin; GRANT ALL PRIVILEGES ON ocsdb.* TO ocsadmin; FLUSH PRIVILEGES; exit
7. PHP8, Apache (httpd) and nmap installation
dnf module reset -y php
dnf module list php
dnf install httpd httpd-tools httpd-manual
systemctl start httpd
systemctl enable --now httpd
dnf module enable php:remi-8.2 -y
dnf install php-{mysqlnd,gd,intl,ldap,apcu,xmlrpc,opcache,zip,xmlrpc}
dnf install php php-cli php-common php-fpm vim wget unzip mod_perl unzip curl php-curl php-zip php-gd php-soap php-xml php-mbstring php-fpm mod_perl unzip curl perl -y
yum install perl-libwww-perl
yum install httpd-devel
dnf install "@Development Tools"
dnf install cmake gcc make
yum install perl-DBD-mysql
dnf install nmap
Checking installed Apache version and its modules. For install aforementioned modules it is necessery to download Apache 1.3.0 sources.
rpm -qi httpd /usr/lib64/httpd/modules wget https://archive.apache.org/dist/httpd/httpd-2.4.54.tar.gz tar xvf httpd-2.4.54.tar.gz wget https://archive.apache.org/dist/httpd/apache_1.3.0.tar.gz tar xvf apache_1.3.0.tar.gz
8. Pearl modules installation
perl -MCPAN -e 'install Plack::Handler' perl -MCPAN -e 'install Switch' perl -MCPAN -e 'install Mojolicious' perl -MCPAN -e 'install Apache::DBI' perl -MCPAN -e 'install Net::IP' perl -MCPAN -e 'install XML::Entities' perl -MCPAN -e 'install ModPerl::MM' perl -MCPAN -e 'install SOAP::Lite' perl -MCPAN -e 'install Apache2::SOAP' perl -MCPAN -e 'install XML::Simple' perl -MCPAN -e 'install DBD::mysql'
9. Firewall and Selinux configuration
firewall-cmd --zone=public--add-service=mysql --permanent firewall-cmd --zone=public --add-service=https --permanent firewall-cmd --zone=public --add-service=http --permanent firewall-cmd --reload setsebool -P httpd_can_network_connect on setsebool -P httpd_can_network_connect_db on setsebool -P httpd_can_sendmail on
10. Configuring /etc/php.ini
upload_max_filesize = 1024M post_max_size = 1024M max_execution_time = 300 max_input_time = 300 memory_limit = 1024M allow_url_fopen = On short_open_tag = On systemctl restart httpd
11. Configuring Apache and PHPmyAdmin
cd /var/www/html wget https://www.phpmyadmin.net/downloads/phpMyAdmin-latest-all-languages.tar.gz tar xvf phpMyAdmin-latest-all-languages.tar.gz -C /var/www/html mkdir /var/www/html/phpmyadmin cp -R /var/www/html/phpMyAdmin*/* /var/www/html/phpmyadmin cp /var/www/html/phpmyadmin/config.sample.inc.php /var/www/html/phpmyadmin/config.inc.php
The following command will generate the password (it has to be copied to clipboard).
openssl rand -hex 16
cp /var/www/html/phpmyadmin/config.inc.php /var/www/html/phpmyadmin/config.inc.php.old nano /var/www/html/phpmyadmin/config.inc.php $cfg['blowfish_secret'] = 'Here it is necessery to paste the password that it was copied -hex 16'; $cfg['TempDir'] = '/var/www/html/phpmyadmin/tmp'; chown apache:apache /var/www/html/phpmyadmin/config.inc.php mkdir -p /var/www/html/phpmyadmin/tmp chown -R apache:apache /var/www/html/phpmyadmin/tmp chmod 755 /var/www/html/phpmyadmin/tmp semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/phpmyadmin/' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/phpmyadmin/tmp(/.*)?' restorecon -Rv '/var/www/html/phpmyadmin/' sudo chown -R apache:apache /var/www/html/* sudo chmod -R 755 /var/www/html/* systemctl restart httpd
12. OCS Inventory NG installation
cd /tmp wget https://github.com/OCSInventory-NG/OCSInventory-ocsreports/releases/download/2.12.1/OCSNG_UNIX_SERVER-2.12.1.tar.gz tar -zxf OCSNG_UNIX_SERVER-2.12.1.tar.gz -C /tmp cd OCSNG_UNIX_SERVER-2.12.1 curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer nano setup.sh DB_SERVER_HOST="localhost" DB_SERVER_PORT="3306" DB_SERVER_USER="ocsadmin" DB_SERVER_PWD="OCSDBocsadminPa$$" chmod u+x setup.sh sh setup.sh chown apache:apache -R /var/lib/ocsinventory-reports chown apache:apache -R /usr/share/ocsinventory-reports/ocsreports chmod -R 755 -R /usr/share/ocsinventory-reports/ocsreports
13. Install OCS Inventory via WWW: http://IPaddress/ocsreports
14. Deleting install.php file from /usr/share/ocsinventory-reports/ocsreports folder
mv /usr/share/ocsinventory-reports/ocsreports/install.php /usr/share/ocsinventory-reports/
15. Changing access parameters to database in files and Apache restart:
nano /etc/httpd/conf.d/z-ocsinventory-server.conf nano /etc/httpd/conf.d/zz-ocsinventory-restapi.conf nano /etc/httpd/conf.d/ocsinventory-reports.conf systemctl restart httpd
16. Set Selinux
setsebool httpd_can_network_connect on -P chcon -R -t httpd_sys_rw_content_t /usr/share/ocsinventory-reports systemctl restart httpd
17. Creating and implementing SSL certificate
yum install openssl-libs -y yum install mod_ssl -y openssl genrsa -des3 -out ocs.key 4096 mv ocs.key ocs-old.key openssl rsa -in ocs-old.key -out ocs.key openssl req -new -key ocs.key -out ocs.csr openssl x509 -req -days 36500 -in ocs.csr -signkey ocs.key -out ocs.pem openssl x509 -in /etc/pki/tls/certs/ocs.pem -text | less
Set information about certificate: Country, State, Locality Name, Organizotion Name, Organizational Unit Name, Common Name (server FQDN or YOUR name), Email Address:
Copy certificate to Apache folder and make them usable by Apache.
chmod 600 ocs.* mv ocs.key /etc/pki/tls/private/ mv ocs.pem /etc/pki/tls/certs/ restorecon -RvF /etc/pki/tls/
nano /etc/httpd/conf.d/ssl.conf nano /etc/httpd/conf.d/ocsinventory-reports.conf SSLCertificateFile /etc/pki/tls/certs/ocs.pem SSLCertificateKeyFile /etc/pki/tls/private/ocs.key
Enforce logging to OCS Inventory by HTTPS by edditing nano /etc/httpd/conf.d/ocsinventory-reports.conf and uncomment SSLRequireSSL line. Then restart Apache: systemctl restart http.
Automatic redirect http to https traffic:
nano /etc/httpd/conf/httpd.conf or /etc/httpd/conf.d/ocsinventory-reports.conf
or
nano /etc/httpd/conf.d/ocsinventory-reports.conf
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
Sources:
https://computingforgeeks.com/how-to-install-mariadb-database-server-on-rhel-8/
https://computingforgeeks.com/install-glpi-on-centos-rhel-rocky-linux/
https://www.tecmint.com/install-apache-with-virtual-host-on-centos-8/
https://www.tecmint.com/install-php-8-on-centos/
https://computingforgeeks.com/install-glpi-on-centos-rhel-rocky-linux/
https://phoenixnap.com/kb/install-phpmyadmin-on-centos-8
https://glpi.pl/instalacja-i-konfiguracja-glpi-9-5-3-dla-centos-8/
https://techviewleo.com/install-phpmyadmin-on-oracle-linux/
https://www.tecmint.com/install-apache-with-virtual-host-on-centos-8/
https://www.linkedin.com/pulse/how-install-glpi-from-scratchfedora-33-953-raphael-konno?trk=read_related_article-card_title
https://www.youtube.com/watch?v=oqxFPS1Xgto
https://piestrzynski.pl/instalacja-i-konfiguracja-glpi/
https://tech.davidfield.co.uk/2021/08/04/setting-up-glpi-and-fusioninventory-to-make-asset-management-easier/
https://justasysadminblog.wordpress.com/2012/05/13/developing-an-ocs-inventory-plugin-track-computers-connection-and-location/
https://unix.stackexchange.com/questions/642876/have-selinux-allow-syslog-and-logrotate-to-handle-files-outside-of-var-log
https://www.xmodulo.com/enable-htaccess-apache.html