Skip to main content

Moodle on Centos or Red Hat 7 (with SELinux!)

Why the need for another 'Installing Moodle' guide? Two reasons, Systemd and SELinux.
The steps are presented as a Bash script, which may be run on a virgin system, installing a complete working Moodle stack in one go, including enforcing SELinux.

In addition to the absolute basics it also includes adding ClamAV virus for file uploads and Memcached for sessions and 'MUC'.

It does not cover any extras you will need to get your site up to production, e.g. securing your database or updating your virus definitions automatically. Neither does it do any extra PHP configuration (upload limits, execution time etc.) or any extra complexities that might be desirable. For all of this you should goto docs.moodle.org.

Comments

  1. Hi,

    your script works like a charm on Centos 7 minimal install, but SELINUX is driving me CRAZY... I'm trying to authenticate against an LDAP Server so I reinstalled php_ldap, configured this but SE Linux blocks my attempt to do a LDAP authentication...

    Error is:
    type=AVC msg=audit(1445443071.092:399): avc: denied { name_connect } for pid=1890 comm="httpd" dest=389 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:ldap_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1445443071.092:399): arch=c000003e syscall=42 success=noexit=-13 a0=c a1=7fa6b062b370 a2=10 a3=0 items=0 ppid=1123 pid=1890 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)

    I'm new to selinux (and I clearly understand its necessity) but I have no idea, which bool to set to allow httpd to state LDAP queries...

    Can you help me out?

    Thanks and Keep up the good work...

    best regards...

    ReplyDelete
  2. And here is the solution...

    I've just entered the following:

    setsebool -P httpd_can_network_connect=1

    and now it is working like a charm, even with ldap authentication...

    Keep up the good work!

    ReplyDelete
  3. a update to php7 please, greetings

    ReplyDelete

Post a comment

Popular posts from this blog

Raspberry Pi A2DP Bluetooth Audio Receiver

I wanted to use a Raspberry Pi to act as a Bluetooth audio receiver or my Hi-Fi so that I could connect a phone/tablet easily to some proper speakers wirelessly. Rather than reinventing the wheel 'kmonkey' has already achieved most of what I set out to do over here; check this out first.

The only issue now is the manual intervention needed to connect up a new Bluetooth source to the output sink. I initially created a simple bash script to poll pulseaudio (every 5 seconds) and run the necessary commands as and when a new device is connected. You can see the script here and all the pertinent commands are explained over in kmonkey's blog. This is all good, but will need to be run manually using something like,

# nohup ./bt_audio_attach &

This is a bit rubbish and you'll be pleased to know there is a better way to get this done, UDEV!

Over at the Raspbery Pi forums  there's some discussion on using UDEV scripts to automate this process entirely. Initially I had…

Blocking Adverts from the Roku Menu

UPDATE: 18 May 2013 - A new firmware (v5) has changed the way ads are handled on the Roku such that this guide is no longer relevant. 

Roku are are a pretty neat little media streaming box but one thing that I think lets them down are the trashy and mostly irrelevant adverts on the home page. Wouldn't it be great if you could get rid of these?

The ads are served by the third party ad platform, ZEDO. You can block the ads from displaying by simply blocking this domain entirely or by being more targeted and blocking the specific sub-domain serving the Roku ads. A TCPDUMP of my Roku shows that the ad images currently come from 'd7.zedo.com' (although this may change).

I block them by adding a custom DNS record for this sub-domain to my home router pointing to the loopback address (127.0.0.1). There are or course many other ways you could do this, but the best way will largely depend on your own set-up and resources.