Added info how to secure default phpMyAdmin install. More clearing.

Author: Antennipasi

INSTALL_DEBIAN_LENNY.txt

@@ -16,7 +16,8 @@ Installation
 echo ispconfig.example.com > /etc/hostname
 
 vi /etc/hosts
-and add line similar but appropriate:
+
+# and add line similar but appropriate:
 
 127.0.0.1       localhost.localdomain   localhost
 192.168.0.100   ispconfig.example.com   ispconfig
@@ -48,7 +49,7 @@ General type of configuration? <-- Internet site
 Mail name? <-- server1.mydomain.tld
  SSL certificate required <-- Ok
 
-...use your own domain name of course ;)
+# ...use your own domain name of course ;)
 
 
 
@@ -88,11 +89,42 @@ apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2
 
 a2enmod suexec rewrite ssl
 
+# Secure phpMyAdmin by deleting setuppassword-file
+# and removing/commenting Setup Authorization from apache.conf
+
+rm /etc/phpmyadmin/htpasswd.setup
+
+vi /etc/phpmyadmin/apache.conf
+
+# delete/comment following lines (between the ----- lines):
+------------------------------------------------------
+        # Authorize for setup
+       <Files setup.php>
+           # For Apache 1.3 and 2.0
+           <IfModule mod_auth.c>
+               AuthType Basic
+               AuthName "phpMyAdmin Setup"
+               AuthUserFile /etc/phpmyadmin/htpasswd.setup
+           </IfModule>
+           # For Apache 2.2
+           <IfModule mod_authn_file.c>
+               AuthType Basic
+               AuthName "phpMyAdmin Setup"
+               AuthUserFile /etc/phpmyadmin/htpasswd.setup
+           </IfModule>
+           Require valid-user
+       </Files>
+------------------------------------------------------
+
+
 opt3.1) Optionally install some imagemanipulation capabilities to make advanced webdesigners happy
 
 apt-get install php5-imagick imagemagick
 
+# restart apache before continuing
 
+/etc/init.d/apache2 restart
+ 
 
 4) Install pure-ftpd and quota
 
@@ -125,11 +157,11 @@ cd mydns-1.2.8
 make
 make install
 
-Now create the start / stop script for mydns:
+# Now create the start / stop script for mydns:
 
 vi /etc/init.d/mydns
 
-and enter the following lines (between the ----- lines):
+# and enter the following lines (between the ----- lines):
 
 ------------------------------------------------------
 #! /bin/sh
@@ -190,7 +222,7 @@ esac
 exit 0
 ---------------------------------------------------------------------------
 
-now execute:
+# now execute:
 
 chmod +x /etc/init.d/mydns
 update-rc.d mydns defaults
@@ -202,7 +234,7 @@ apt-get install vlogger webalizer
 
 7) Install ISPConfig 3
 
-There are two possile scenarios, but not both:
+# There are two possile scenarios, but not both:
 7.1) Install the latest released version 
 7.2) Install directly from SVN
 
@@ -223,20 +255,20 @@ There are two possile scenarios, but not both:
 
 7.1+7.2) Now proceed with the ISPConfig installation.
 
-Now start the installation process by executing:
+# Now start the installation process by executing:
 
 php -q install.php
 
-The installer will configure all services like postfix, sasl, courier, etc. for you. A manual setup as required for ISPConfig 2 (perfect setup guides) is not nescessary. To login to the ISPConfig controlpanel, open the following URL in your browser (replace the IP to match your settings!):
+# The installer will configure all services like postfix, sasl, courier, etc. for you. A manual setup as required for ISPConfig 2 (perfect setup guides) is not nescessary. To login to the ISPConfig controlpanel, open the following URL in your browser (replace the IP to match your settings!):
 
 http://192.168.0.100:8080/
 
-the default login is:
+# the default login is:
 
 user: admin
 password: admin
 
-In case you get a permission denied error from apache, please restart the apache webserver process.
+# In case you get a permission denied error from apache, please restart the apache webserver process.