Tag Archive encrypted

mm ByYOBICLOUD TEAM

Upgrade SysPass from 2.1 to 3.0

Hi Tech Guys,

SysPass It’s one of the best powerful Free and Open Source web application that provides a password management in a secure and collaborative way with intuitive web UI and several useful features.
More informations on the official website syspass.org.
In this tutorial are going to upgrade step by step from version 2.1 to 3.0, and if you installed previously with php 5.6, we will upgrade on version 7.0 because is supported from the application.
There are important changes in the version 3.0, a fully database structure change, “config” directory is moved off to “/app/config”, Composer PHP package manager is used to install and keep up-to-date sysPass dependencies.

Requirements:

-Centos 7.3 server with minimal hardware configuration (depends of your needs).
-Syspass version 2.1 installed.
-ROOT permission on server.
-Internet connection to download all needed packages.
-Good IT basic knowledge and a bit of patience…

Let’s Start!

Stop Apache web server before start, is not mandatory but we prefer to stop it so no one can use the application in the while.

systemctl stop httpd.service

Backup everything and if you can, snapshot your system (just in case).

There are three general ways to backup with mysqldump, choose what you prefer:

shell> mysqldump [options] db_name [tbl_name ...]
shell> mysqldump [options] --databases db_name ...
shell> mysqldump [options] --all-databases

move on /tmp (we backup twice, never enough):

mysqldump -p --all-databases > all_databases.sql

mysqldump -p syspass > syspass.sql

in additions for precautions save on your local pc, so execute those command with scp:

scp root@[syspass_srv_ip]:/tmp/all_databases.sql /(your local path for backup)

scp root@[syspass_srv_ip]:/root/syspass.sql /(your local path for backup)

copy /config folder on your pc

scp -r root@[syspass_ip]:/var/www/html/sysPass/config (your local path for backup)

and on /tmp as well so will be ready at copy time

cp /var/www/html/sysPass/config /tmp

(optional) If your bakup folder is populated and you wish to hold the previous folder, copy also the backup

cp /var/www/html/sysPass/backup /tmp

(optional) only if you have an old php version and would like to switch to 7.0 remove all older php pkgs

yum remove -y php*

once you can, and you are on it, update all server pkgs

yum update -y

install epel to get extras repository and utils tools

yum install epel-release yum-utils -y

and repo to download and activate php 7.0 pkgs, otherwise you will download last version not supported from syspass.

yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm

yum-config-manager --enable remi-php70

install all required php 7.0 pkgs

yum install php php-common php-opcache php-mcrypt php-cli php-gd php-curl php-mysql php-xml php-devel php-intl php-mbstring php-bcmath php-pdo php-ldap

also install this pkgs required from composer

yum install git zip unzip php7.0-zip -y

be sure maria db and apache are updated to latest version, once you touch the server

yum upgrade -y httpd mariadb-server mariadb

Move on /tmp, download last version of sysPass (if in the time a newer update of version 3 used in this tutorial was released, change the paths) decompress, remove all old folders (or rename if you are not sure) and move the new folder on apache html folder.

cd /tmp
wget https://github.com/nuxsmin/sysPass/archive/3.0.5.19020701.tar.gz
tar -xvzf 3.0.5.19020701.tar.gz
mv sysPass-3.0.5.19020701 sysPass
rm 3.0.5.19020701.tar.gz
rm -rf /var/www/html/sysPass
cp -rf sysPass /var/www/html/.
rm -rf /tmp/sysPass

Move the original syspass config folder that contain “config.xml”, “key.pem” , “pubkey.pem” and “syspass.log” if you want to keep old logs, to the new path

cp /tmp/config/* /var/www/html/sysPass/app/config/.

Change permission to whole folder

chown apache -R /var/www/html/sysPass
chmod 750 /var/www/html/sysPass/app/config /var/www/html/sysPass/app/backup

Be careful at /app/config because contain important information, however you can use .htaccess to make it not accessible to all world (if is on public network).

If selinux is not disabled and is in enforcing mode use those command to allow the program to write its configuration and some other files, so Change SELinux’s context and user

setsebool -P httpd_can_connect_ldap 1
chcon -R -t httpd_sys_rw_content_t /var/www/html/syspass/app/{config,backup,cache,temp}

Go back in the main app folder

cd /var/www/html/sysPass

Download and install composer PHP package manager, used to install and keep up-to-date sysPass dependencies

php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php -r "if (hash_file('sha384', 'composer-setup.php') === '48e3236262b34d30969dca3c37281b3b4bbe3221bda826ac6a9a62d6444cdb0dcd0615698a5cbe587c3f0fe57a54d8f5') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
php composer-setup.php
php -r "unlink('composer-setup.php');"
php composer.phar install --no-dev

In conclusion restart Apache service

systemctl start httpd.service

Point your browser to https://[ip_or_hostname]/sysPass/index.php   or   https://[ip_or_hostname]/sysPass/index.php?r=login

more information at official RTD official site

—>>> ENJOY!!! <<<—