Difference: TWikiInstallationGuide (74 vs. 75)

Revision 752010-09-24 - TWikiContributor

Line: 1 to 1
 

TWiki Installation Guide

Line: 10 to 10
 

Preparing to install TWiki

Changed:
<
<		Before attempting to install TWiki, you are encouraged to review the TWiki:TWiki.AdminSkillsAssumptions. This guide assumes the user installing TWiki has, at a minimum, basic knowledge of server administration on the system on which TWiki is to be installed. While it is possible to install TWiki with FTP access alone (for example, on a hosted site), it is tricky and may require additional support from your hosting service (for example, in setting file ownership and installing missing Perl CPAN libraries).
>
>		Before attempting to install TWiki, you are encouraged to review the AdminSkillsAssumptions. This guide assumes the user installing TWiki has, at a minimum, basic knowledge of server administration on the system on which TWiki is to be installed. While it is possible to install TWiki with FTP access alone (for example, on a hosted site), it is tricky and may require additional support from your hosting service (for example, in setting file ownership and installing missing Perl CPAN libraries).
  To help setup a correct Apache configuration, you are very much encouraged to use the automatic tool TWiki:TWiki.ApacheConfigGenerator which generates the contents for an Apache config file for TWiki based on your inputs.
Line: 18 to 18
  If you are installing TWiki without Unix/Linux root (administrator) privileges (for example, on a hosted domain), see "Notes on Installing TWiki on Non-Root Account" below for supplemental instructions to the basic steps presented below.
Changed:
<
<		If you are upgrading from an earlier major version of TWiki such as Cairo (TWiki-3) or TWiki 4.x you will need the information found at TWiki:TWiki.TWikiUpgradeGuide.
>
>		If you are upgrading from an earlier major version of TWiki such as Cairo (TWiki-3) or TWiki 4.x you will need the information found at TWikiUpgradeGuide.
 
Changed:
<
<		One of the more difficult tasks is installation of addition CPAN libraries. See TWiki:TWiki.HowToInstallCpanModules for detailed information on how to install CPAN libraries.
>
>		One of the more difficult tasks is installation of additional CPAN libraries. See TWiki:TWiki.HowToInstallCpanModules for detailed information on how to install CPAN libraries.
 
Changed:
<
<		If you need help, ask a question in the TWiki:Support.Webhome web or on TWiki:Codev.TWikiIRC (irc.freenode.net, channel #twiki).
>
>		If you need help, ask a question in the TWiki:Support.WebHome web or on TWiki:Codev.TWikiIRC (irc.freenode.net, channel #twiki).
 

Basic Installation

Line: 74 to 74
  Before you continue any further there are some basic and very important security settings you have to make sure are set correctly.
Changed:
<
<
  • As already described above you should protect the configure script from general access. The configure script is designed for use by administrators only and should be restricted to invocation by them only, by using the basic Apache authentication. Because of this there has not been put much effort into hardening the script. The configure script cannot save any settings once the password has been saved the first time, but the script could still be vulnerable to specially crafted field values and the script reveals many details about the webserver that you should not display in public.
  • You absolutely must turn off any kind of PHP, Perl, Python, Server Side Includes etc in the pub directory. TWiki has some built-in protection which renames files with dangerous filenames by appending .txt to the filename. But this is a secondary security measure. The essential action that you must take is to turn off any possible execution of any of the attached files.
    Most Linux distributions have a default Apache installation which has PHP and server side include (SSI) enabled.
  • Make sure that you deny access to all other twiki directories than the bin and pub directories. When you have access to the Apache config files the twiki_httpd_conf.txt file mentioned above also contains protection of these directories.
>
>
  1. As already described above you should protect the configure script from general access. The configure script is designed for use by administrators only and should be restricted to invocation by them only, by using the basic Apache authentication. Because of this there has not been put much effort into hardening the script. The configure script cannot save any settings once the password has been saved the first time, but the script could still be vulnerable to specially crafted field values and the script reveals many details about the webserver that you should not display in public.
  2. You absolutely must turn off any kind of PHP, Perl, Python, Server Side Includes etc in the pub directory. TWiki has some built-in protection which renames files with dangerous filenames by appending .txt to the filename. But this is a secondary security measure. The essential action that you must take is to turn off any possible execution of any of the attached files.
    Most Linux distributions have a default Apache installation which has PHP and server side include (SSI) enabled.
  3. Make sure that you deny access to all other twiki directories than the bin and pub directories. When you have access to the Apache config files the twiki_httpd_conf.txt file mentioned above also contains protection of these directories.
  For those that do not have access to the Apache config files a sample subdir-htaccess.txt file can be copied as .htaccess to the data, lib, locale, templates, tools and working directories.
Added:
>
>
  1. Attachments are not secured by default to the access control setting of the topic. In other words, anyone can read them if they know the direct URL of the attachment, which includes name of the web, topic and attachment. You can configure TWiki to secure attachments.
 
Changed:
<
<		The TWiki:TWiki.ApacheConfigGenerator as well as the example twiki_httpd_conf.txt and example htaccess.txt files include the needed settings that protect against all 3 security elements.
>
>		The TWiki:TWiki.ApacheConfigGenerator as well as the example twiki_httpd_conf.txt and example htaccess.txt files include the needed settings that protect against all 4 security elements.
 

Next Steps

Line: 179 to 180
 

Install Plugins

Changed:
<
<		TWiki:Plugins.Webhome is an extensive library of plugins for TWiki, that enhance functionality in a huge number of ways. A few plugins are pre-installed in the TWiki distribution. For more information on these, see InstalledPlugins.
>
>		TWiki:Plugins.WebHome is an extensive library of plugins for TWiki, that enhance functionality in a huge number of ways. A few plugins are pre-installed in the TWiki distribution. For more information on these, see InstalledPlugins.
  You activate installed plugin in the Plugins section of configure. In this section you also find a Find More Extensions button which opens an application which can install additional plugins from the TWiki.org website. If you are behind a firewall or your server has no access to the Internet it is also possible to install plugins manually. Manual installation instructions for the plugins can be found in the plugin topics on TWiki.org. Additional documenation on TWiki plugins can be found at TWiki:TWiki.TWikiPluginsSupplement.
Line: 187 to 188
 

Customize Your TWiki!

Changed:
<
<		The real power of TWiki lies in it's flexibility to be customized to meet your needs. You can with small means change the looks of the default skin (called PatternSkin) by reading the PatternSkinCustomization.
>
>		The real power of TWiki lies in it's flexibility to be customized to meet your needs. You can with small means change the looks of the default skins (called TopMenuSkin and PatternSkin) by reading the PatternSkinCustomization.
  At the official TWiki website you can find more resources. A good place to start for exploring what's possible is TWiki:TWiki.TWikiAdminCookBook which offers tips and tricks for customizing your TWiki site. Many of these are appropriate to implement immediately after installing TWiki and before adding content so now's a good time to look at these.
Line: 293 to 293
 
Digest::SHA1    
Jcode   Used for I18N support with perl 5.6
Locale::Maketext::Lexicon >=0 Used for I18N support
Added:
>
>
Authen::SASL   Used for SMTP Authentication
 
Net::SMTP >=2.29 Used for sending mail
Unicode::Map   Used for I18N support with perl 5.6
Unicode::Map8   Used for I18N support with perl 5.6
Line: 369 to 370
 
Changed:
<
<		Related Topics: AdminDocumentationCategory, TWiki:TWiki.InstallingTWiki
>
>		Related Topics: AdminDocumentationCategory, TWiki:TWiki.InstallingTWiki, TWikiUpgradeGuide
  Contributors: TWiki:Main.PeterThoeny, TWiki:Main.MikeMannix, TWiki:Main.RichardDonkin, TWiki:Main.KennethLavrsen, TWiki:Main.CrawfordCurrie, TWiki:Main.MartinGregory
View topic | History: r83 < r82 < r81 < r80 | More topic actions...
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 1999-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
Note: Please contribute updates to this topic on TWiki.org at TWiki:TWiki.TWikiInstallationGuide.