CentOS 7.x Installation

Prerequisites

Installation

CentOS 7 package installation (http://wiki.centos.org/SpecialInterestGroup/SCLo).

$ sudo yum -y install centos-release-scl.noarch
$ sudo yum -y install rh-php73 rh-php73-php rh-php73-php-fpm httpd rh-mariadb103 wget
$ sudo yum -y install rh-php73-php-gd rh-php73-php-intl rh-php73-php-json rh-php73-php-ldap rh-php73-php-mbstring rh-php73-php-mysqlnd rh-php73-php-opcache rh-php73-php-pdo rh-php73-php-xml rh-php73-php-zip

Automated start/stop Apache web server and MariaDB server.

$ sudo systemctl enable --now httpd24-httpd.service rh-mariadb103-mariadb.service

Setting up MariaDB.

$ sudo scl enable rh-mariadb103 mysql_secure_installation

Enabling firewall ports.

$ sudo firewall-cmd --zone=public --add-service=http --add-service=https
$ sudo firewall-cmd --runtime-to-permanent

Optional for enabling SSL.

In order to increase your sysPass instance security, please consider to use SSL. See Security and the following resources for Debian:

Directories and permissions

Create a directory for sysPass within the web server root.

$ sudo mkdir /var/www/html/syspass

If you go with the packaged version, download and unpack sysPass files.

$ cd /var/www/html/syspass
# Strip version directory and extract contents to current directory.
$ sudo tar xzf syspass.tar.gz --strip-components=1
# If using the vendors package
$ sudo tar xzf vendors.tar.gz

If you go with Git cloned version, clone sysPass GitHub repository.

$ sudo git clone https://github.com/nuxsmin/sysPass.git  /var/www/html/syspass

Setup directories permissions. The owner should match the web server running user.

$ sudo chown apache -R /var/www/html/syspass
$ sudo chmod 750 /var/www/html/syspass/app/config /var/www/html/syspass/app/backup

SELinux

sysPass needs to be allowed to write its configuration and some other files (backup, cache, temp, etc). We have 2 choices:

Note

Please, run only one of the choices

  • Change the SELinux context of files:
$ sudo setsebool -P httpd_can_connect_ldap 1
$ sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/syspass/app/(config|backup|cache|temp)(/.*)?"
$ sudo restorecon -R -v /var/www/html/syspass
  • Disable SELinux by editing the file “/etc/sysconfig/selinux” and setting “SELINUX” variable’s value to “disabled”. You need to restart the system. Until then you can use permissive mode which won’t enforce the policies:
$ sudo setenforce 0

Installing dependencies

PHP Composer is needed to keep up-to-date dependencies and an easy way to apply security or functional patches to them.

You can either download the dependencies using Composer itself or by getting the latest “vendor.tar.gz” package from the release page.

Note

If you don’t have any Internet access from the server, the vendor package will provide all the release dependencies and you don’t need to deal with composer commands.

Using PHP Composer

From sysPass root directory, download and install Composer (https://getcomposer.org/doc/faqs/how-to-install-composer-programmatically.md)

Create a bash script called “install_composer.sh” and paste this code in it:

#!/bin/sh
EXPECTED_SIGNATURE="$(wget -q -O - https://composer.github.io/installer.sig)"
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
ACTUAL_SIGNATURE="$(php -r "echo hash_file('sha384', 'composer-setup.php');")"

if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ]
then
    >&2 echo 'ERROR: Invalid installer signature'
    rm composer-setup.php
    exit 1
fi

php composer-setup.php --quiet
RESULT=$?
rm composer-setup.php
exit $RESULT
$ chmod +x install_composer.sh
$ ./install_composer.sh

Then install sysPass dependencies

$ php composer.phar install --no-dev

Environment configuration

Please, point your web browser to the following URL and follow the installer steps

https://IP_OR_SERVER_ADDRESS/syspass/index.php

Note

More information about how sysPass works on Application

Warning

It’s very advisable to take a look to security advices on Security