Final Project ‐ AWS and MediaWiki - rune-seregina/sys255-fa24 GitHub Wiki

Aidan Smith + Rune Seregina
SYS-255
FA24

Table of Contents

Description

What is the goal of your project in a few sentences?

  • Self-hosted web server on AWS using MediaWiki
  • Connected form for database
  • Ability to track attacks (SQL injection)

Overview

Describe what systems and configurations are involved with your project. What VMs you used, how they talk to each other at a high level, and any applicable test methodology. Logical topologies are normally a plus.

  • Only 1 machine :( but here’s all the components:
    • AWS - ec2 instance, key set-up, SSH abilities, HTTP/HTTPS connections
    • MediaWiki - website-building software
    • PHP & LAMP Stack
    • MySQL
    • DuckDNS
    • Mod_Evasive and Mod_Security(?)

References

You will be using outside resources than the labs since most of the topics expand on what we have done thus far. Please cite your references here.

Build Documentation

The body of the project. How are things set up? How did you get from point A to point B (the project description). This includes descriptions of what was done and specifics including but not limited to commands entered, files used, system networking settings, etc.

AWS

  • Setting Up an Instance (Security/Settings)
    • Used Amazon Linux with the default options
    • Made a security rule so that only two IPs could connect to the running Amazon Linux ec2 instance via ssh (Aidan and Rune’s laptops)
      • image
  • The box comes pre-loaded with a lot of security protocols that prevent some things such as basic SQL injection into our locally run database
    • It just returns as the page not being able to be found
  • Everything for the database should be hosted locally in the ec2 instance
    • image
  • Connect to the Apache server over the internet using the dynamically changed public IP
    • The public IP changes every time we boot up the box so we have to change specific configurations based on that
  • image

Basic Account Setup

  • Create named user accounts
    • useradd aidan/rune
  • Make passwords
    • passwd aidan/rune
  • Add users to admin group
    • usermod -aG wheel aidan/rune
  • Change to user
    • sudo su - aidan/rune
  • Check privileges
    • sudo -i

Setting up a LAMP Stack

  • Everything for the lamp stack is going to be hosted over AWS
    • First we need the EC2 instance to be running ( we are using Amazon Linux for this project)
      • Install the necessary packages for the other parts to run
      • sudo yum install httpd (for apache)
      • sudo yum install firewalld (for firewall)
      • sudo yum install mariadb105-server (for mysql)
    • Make sure apache is running
      • Enter the public IP address of the ec2 instance in the browser after enabling it
    • Set up the database that will be used for the MediaWiki
      • Make sure all of the necessary php extensions are downloaded and that the mediawiki compressed file is downloaded and extracted (listed here)
        • mysql -u username -p
        • CREATE DATABASE mywiki;
        • GRANT INDEX, CREATE, SELECT, INSERT, UPDATE, DELETE, ALTER, LOCK TABLES ON my_wiki.* TO 'username'@'localhost' IDENTIFIED BY 'password';

Hosting using Apache/HTTPD

  • Enable firewall
    • firewall-cmd --enable
    • firewall-cmd --start
  • Allow traffic using HTTP and HTTPS
    • Firewall: add services “http” and “https” or ports “80” and “443”
    • firewall-cmd --add-service=http --permanent
    • firewall-cmd --add-service=https --permanent

Database Installation/Testing

  • If the database is connected to MediaWiki, then the mywiki database should look like this:
    • insert the image of database
  • You can use this simple php script to test the connection of the database to see if it works or not
    • image
  • Access the php file by going to the public IP of the web server and navigating to the file
    • For example: http://IP ADDRESS/name_of_file.php

Database Integration with PHP/HTML

  • After successfully connecting the database, we can go ahead and set up the MediaWiki by following the guide on how to do so. This can be as simple as going to the install page once you navigate to your server’s IP address after installing MediaWiki and moving it to the /var/www/html directory.
  • In our example, we made a separate database, html, and php page to set everything up.
    • The script looks like this:
      • image
  • We used prepared statements to secure the script as well.

MediaWiki Setup - Front End

  • Uploading a Logo
    • Using a signed-in administrator account on MediaWiki, I uploaded a file on the specified page
      • image
    • From there, I acquired the file path generated for the image by going to Special Pages > File List > (my image name)
      • image
      • image
    • From there, I was able to change the $wgLogos variable to reflect the path of the new logo
      • image
    • Ta-da!
      • image
  • Creating Web Pages
    • Main Page setup
      • image
      • image
      • Syntax:
1. [[ ]] for links, either absolute links or redirects to pages (ex. [[Lamps]]
2. [[File (name)|option1|option2|option3]] for images - left for horizontal alignment, frame to include a frame around the image, and 100px for horizontal width
  • Category Setup
    • image
    • image
    • Syntax:
1. = = for heading 1
2. == == for heading 2
3. [[ ]] for redirects to pages
  • Page Setup
    • image
    • image
    • Syntax:
’’’ ’’’ bold text
1. [[File (name)|option1|option2|option3]] for images - center for horizontal alignment, frame to include a frame around the image, and 200px for horizontal width
2. [[Category]] to include the page in a certain category, and for the category to be displayed as a page footer

MediaWiki Setup - Back End

  • Editing Local Settings;
    • sudo vi /var/www/html/MediaWiki/LocalSettings.php
  • Editing php.ini (PHP default config file) to allow more access
    • Display php info using:
<?php
phpinfo();
  • Will display location of php.ini
    • /etc/php.ini

Logging & Security Mod_Security & VPC Flow Logs)

  • For logging, we decided to use a feature on AWS called VPC logging which can take the traffic from the instance we are running and send it to an S3 bucket within AWS
  • Since we have limited permission access in AWS academy, I could not make an IAM rule but that can be bypassed through updating the VPC configurations to the S3 bucket
    • The VPC is configured to take in all of the traffic from the internet (accepted and rejected) and move it to the S3 bucket
    • The logs are stored within a .gz file which can be downloaded and viewed at any time
    • This was all done with a “flow log” which is a feature in the VPC console that can log traffic to either a CloudWatch rule or a bucket depending on your use case
    • All of the metadata for our EC2 instance is now captured and sent over to the bucket with very appropriate naming conventions (lamplogbucket and lamp vpc)
    • This was all really cool because I have never seen this feature before but it proves to be quite useful as we do not need to sift through a ton of logs within the EC2 instance and now we can just view individual logs when we need to
  • Mod Security
    • Mod_Security was implemented mostly to keep access logs and error logs of the web server
      • This was done to monitor activity from within the ec2 instance so we can see when the server is being accessed

Registering a Domain With DuckDNS

  • Go to the duckdns website (when it is working)
    • Follow the install instructions on the website under the “ec2” instructions
  • Edit the box with the guide on the DuckDNS website
  • Make sure that everything is running correctly with the command:
    • ps -ef | grep duck
  • If you need to kill the process for whatever reason then use the command:
    • pkill duck
  • Make sure that you register the domain and the ip for your web server by signing into the website using a google account and checking if the IP is correct
    • Our website is: http://255lamps.duckdns.org/
    • Currently, it goes to the index of the web server, but I would like it to redirect to the wiki itself.

Completion Test

Show via video, your project working. It’s important here to display system names or uniquely identifiable info from VMware Workstation or vSphere so the instructor knows what system is what.

Discussion

Descriptions of difficulties you faced, how you troubleshooted them, and what the outcome was.

  • Biggest hurdle (so far) - figuring out how to have multiple users ssh into the same AWS box, figuring out how to connect our database to the page we are working on and making it look nicer, putting images on MediaWiki
  • Figuring out how PHP works on MediaWiki
  • Transferring the local settings file
  • RIP DuckDNS (for that one day we tried to use it LMAO)
⚠️ **GitHub.com Fallback** ⚠️