Installation Linux (Lighttpd)
##Pre-Flight Check This tutorial will cover installation on Kali 2.0 with lighttpd and PHP5-FPM , the latter provides us with fastcgi scripts and capabilities thats why the collaboration of the two is needed. The current Installed versions of Software are:
lighttpd/1.4.35 (ssl) - a light and fast webserver
Build-Date: Nov 2 2014 03:47:15
PHP 5.6.14-0+deb8u1 (fpm-fcgi) (built: Oct 4 2015 16:13:04)
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2015 Zend Technologies
with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2015, by Zend TechnologiesIf lighttpd is not installed it may be installed as below:
apt-get install lighttpd
apt-get install php5 php5-fpm After ensuring the above is installed we need to do a little bit of configuration changes to both so that the software may work correctly.
Here we are concerned with two settings
- The configuration of PHP5-FPM real path settings
- Whether the listener has the right value To fix issue one we will edit PHP5-FPM's php.ini , this is located at :
/etc/php5/php5-fpm/php.ini the configuration to change here is: cgi.fix_pathinfo , by default it is set to 1 , uncomment it by deleting the preceding semicolon as below:
For the second issue we will simply check the configuration settings of the listener to be set to a file , this can be done using the command below:
cat /etc/php5/fpm/pool.d/www.conf | grep listenThe result should be as below :
If this listener is set to a port e.g. 127.0.0.1:9000 change it to the above we want to use socket rather than TCP.
Now we need to configure lighttpd to listen on this socket and run our scripts through it, as PHP5-FPM is like a seperate webserver in reality. This configuration will be done in the webservers main configuration file , the default webroot is /var/www/html For purposes of this install as apache is already using that directory I have specified a new web root /var/www/lighttpd. The configuration is located in the path below:
/etc/lighttpd/lighttpd.confThe Lighttpd configuration file for PHP /etc/lighttpd/conf-available/15-fastcgi-php.conf is suitable for use with spawn-fcgi therefore this step is optional, however, we want to use PHP5-FPM, therefore we create a copy of the file and name it 15-fastcgi-php-backup.conf and modify 15-fastcgi-php.conf as follows:
cd /etc/lighttpd/conf-available/
cp 15-fastcgi-php.conf 15-fastcgi-php-backup.conf
leafpad 15-fastcgi-php.conf
Next we enable fastcgi with the commands below:
lighttpd-enable-mod fastcgi
lighttpd-enable-mod fastcgi-phpAdditionally we need to create symlinks to these files , that can be done with the command below:
ls -l /etc/lighttpd/conf-enabledThe result should be as below for these steps so far.
The rewrite rule is set in Webserver Configuration to enable the webserver to obey your fatfree routing engine. Your final lighttpd configuration in: /etc/lighttpd/lighttpd.conf should be as below:
Restart lighttpd with the command below:
service lighttpd restartDownload the latest version of the Software from the github repository. i.e. https://github.com/alienwithin/OWASP-mth3l3m3nt-framework
Extract these files to the web root. The web root in our case is :
/var/www/lighttpdFrom the command line this can be done as follows in this case:
cd /var/www/lighttpd
wget https://github.com/alienwithin/OWASP-mth3l3m3nt-framework/archive/master.zip
unzip -e master.zip If you would like it installed in the Webroot you may move the files after the steps above to the webroot.
mv /var/www/lighttpdOWASP-mth3l3m3nt-framework-master/* /var/www/lighttpdIf you want it to remain in a sufolder but rename it the command would be :
mv OWASP-mth3l3m3nt-framework-master/ NewFolderName/The first thing is giving the right permissions to the folders. Currently since we have done this as root it is proper to give the rights to the Apache user. The easiest way to do this is :
chown -R www-data:www-data /var/www/lighttpdnext we configure writeable folders to be writeable. We can do this with the commands below:
chmod -R 0777 tmp/
chmod -R 0777 framework/data/
chmod -R 0777 incoming/
chmod -R 0777 scripts/
If installed in the web root you are done with what you need to do. If you have it installed in a subfolder e.g. /var/www/lighttpd/install-new/ . One more step. Edit .htaccess by uncommenting out the line with RewriteBase to reflect.
RewriteBase /yourSubFolderThis could be something as below considering our install-new/ subfolder.
Next Load the site on the address bar e.g.
http://localhostTo login assuming our URL is http://localhost the administration portal will be :
http://localhost/cncThe default credentials are :
username: mth3l3m3nt
password: mth3l3m3ntSuccessful Installation should give you a dashboard as below and you may start using the framework .
Note: By Default the framework utilises the JIG database that is a flat file however if you love RDBMS it supports MySQL, MSSQL and PostgreSQL . This can be switched in the settings.