Cisco FirePOWER Management Center Appliance – Allowing Domain Authentication

KB ID 0001117 

Problem

Once deployed, authentication is handled by the appliances own internal user database, in larger organisations this is a little impractical. So the ability to create an Active Directory Group, and delegate access to Firesight to members of that group is a little more versatile.

Solution

I’m making the assumption that the appliance does not already have external authentication setup at all, so I’ll cover everything from start to finish.

Newer Versions

Logon to the Appliance > System >Users > External Authentication > Add External Authentication Object

Older Versions

Logon to the Appliance > System > Local User Management > External Authentication > Create External Authentication Object.

  • Authentication Method: LDAP
  • Name: Chose a sensible name for the connection.
  • Server Type: MS Active Directory
  • Host Name/IP Address: the IP of your domain controller
  • Port:389 (this is standard LDAP)

If you have a second Domain Controller enter the details here.

Note: In Active Directory, I’ve created a USER to make the connection to Active Directory with, and I’ve also created a SECURITY GROUP that my administrators will be in.

You can use the ldp.exe tool to locate and find the correct LDAP path for the user you created, (and the group because you will need that in a minute as well).

  • Base DN: Usually the root of the domain, in standard LDAP format.
  • Username: The LDAP path to the user you created.
  • Password: For the user above.
  • UI Access Attribute: sAMAccountName
  • Shell Access Attribute: sAMAccountName

I’m simply having one administrative group, if you have a granular RBAC requirement, there are a number of pre-configured roles you can assign your AD groups to, (or you can create custom ones). So I’m adding the LDAP path of my administrators group to the ‘Administrator’ role.

Also set the default role to ‘Security Analyst (Read Only).

  • Group Member Attribute: member.
  • Username: A user in the AD Administrative group you created.
  • Password: Password for the above account.

Press ‘Test’

All being well you should see a success, Press Save.

Newer Versions

Switch the ‘slider’ to enabled > Save > Save and Apply. (Now skip to All Systems below).

Older Versions

You now need to add this to the policy being applied to this appliance. System > Local System Policy > Select the policy in use  >Edit.

External Authentication

  • Status: Enabled
  • Default User Role: System Analyst (Read Only)

Finally change the slider button and ensure it is ticked. Save policy and exit.

Now apply the policy (green tick).

Tick the appliance > Apply.

Success.

All Systems

Now you can login with your administrative AD accounts.

You can also create a local user to match an AD account.

And get the appliance to use AD for authentication of this user.

Related Articles, References, Credits, or External Links

Original Article Written 18/12/15

Cisco ASA – Gernerate RSA Keypair From ASDM

KB ID 0001322 

Problem

I’ve lost count of the number of times this has happened to me! Most of my colleagues prefer to use the ASDM for remote management, but if (like me) you work at command line, then sometimes people <ahem> forget to generate the RSA keypair when deploying a firewall. Then even if SSH access and AAA is setup correctly, you still can’t get in via SSH. Instead you see the following;

RoyalTS and RoyalTSX: ssh_exchange_identification: Connection closed by remote host.

PuTTY: PuTTY Fatal Error: Server unexpectedly closed network connection.

SecureCRT: Connection closed.

OSX/Linux: ssh_exchange_identification: Connection closed by remote host.

Now at command line you can fix this with a ‘Crypto Key Generate RSA Modulus 2048‘ command, but you can’t get to command line only ASDM.

Solution

On older versions of the ASDM you could generate the keypair in the Identification Certificates section (well you still can but only if you are also generating a certificate request file). So, as we are command line warriors, lets use the ASDM’s command line!

Tools > Command Line Interface > Multiple Line 

[box]

conf t
crypto key generate rsa modulus 2048 noconfirm

[/box]

Send > Wait a couple of minutes and try again.

REMEMBER: I’m assuming you have SSH setup correctly if not, see the following article;

Cisco ASA – Allow Remote Management

 

Related Articles, References, Credits, or External Links

NA

Audi – MMI v3 – Showing Album Art With Mp3 Files

KB ID 0001116 

Problem

A few weeks ago I changed cars, I was pleased to see that the entertainment system in my new car could play music from SD card. These are cheap and can hold a Lot of songs, so rather than have my iPod in the car, I could simply drop music onto an SD card.

Which I did but, annoyingly non of the ‘album artwork’ was displayed, even though the music played fine. I did some Googling and read a few Audi forums, and finally got it to work.

Solution

Theres a lot of conflicting information in forums on how to get this to work, so I will just tell you how I got mine working.

  • Car: Audi A6 (2013)
  • MMI Version 3

SD Card Size: Has to be 32GB or less  – This is because it has to be formatted at FAT32, it’s a limitation of the storage system not Audi or the SD Cards (Yes you can have more than 32GB FAT32 drives, thats a different argument).

To Check;

Mac OSX (right click > Get Info).

Windows (Right Click > Properties).

Why is there a problem displaying Album art?

Well, (and I’m making the assumption your mp3 files actually have album art embedded within them, (thats in the mp3 file, not in a different folder, if not get that sorted first!) The Audi will only display art if;

  • It’s less than 500×500 pixels in size.
  • It’s less than 254kb in file size (the image not the track!)

For example, below Im using the excellent, (and free) Mp3tag to look at this songs details, see the album art is 2000×2000 pixels, and is 409Kb in size. Try to play this in the car and the music will play but you will just see a generic ‘musical note’ instead of the album art.

Well that’s OK, but manually resizing all your album art could take along time, (I’ve got a large music collection). To do that requires another brilliant free piece of software called Bliss, (download here). I’m using Mac but theres a Windows version as well.

Windows Alternative

If I’m in Windows I use Sense Mp3 Art Sizer;

Back to my mac..

Install and run the software, at this point it appears nothing has happened but you should see a large blue ‘bl’ at the top of the screen. Right click that, and it will open. Go to Settings.

Change the music location, so that it points to your SD card.

Under the cover art section click ‘more’.

You now have the option to set the maximum size, set it to 500×500, and then set the maximum size to 256KB. Click Apply Rules an it should rattle its way though all the songs on the SD card. Depending on how many you have, this can take a while.

Notice once complete, when looking at the album art it has been resized, and should now show correctly in the car.

Additional Steps For Mac OSX Users.

Mac OSX has a habit of dropping some folders on the drive, and their names start with a full stop (or period if you’re over the pond). Normally that is not a problem, but your Audi will not like this, (typically is scrolls through all the songs and does nothing).

My Mac is set to show hidden folders, so you probably wont even be able to see them, to remove them open a terminal window. Execute the following two commands;

[box]

cd /volumes

ls

[/box]

What this does, is shows you the names of the mounted volumes, mines got a simple enough name because I called it PETES-AUDI, yours might be something else, take note of what it’s being called.

Then, change into the volume name for the card, change to match the name of yours, then issue three rm commands as shown below(rm is simply a remove command).

[box]

cd PETES-AUDI

rm -rf .f*

rm -rf .S*

rm -rf .T*

[/box]

Then you can eject the SD card, and play it in the car.

Related Articles, References, Credits, or External Links

Original Article Written 17/12/15

Updating the AnyConnect client for Deployment from the Cisco ASA 5500

KB ID 0000704 

Problem

Your ASA will (by default) update your AnyConnect clients to the latest client software when they connect. However you need to supply the ASA with the updated packages first.

Solution

1. Download the latest AnyConnect client package, from Cisco. The one you want will have a file extension of .pkg

AnyConnect 4

AnyConnect 3

2. Connect to the ASDM > Configuration > Remote Access VPN > Network (Client) access > AnyConnect Client Software > Add.

 

Note: On older versions of the ASDM you will find the option under > Network (Client) access > Advanced > SSL VPN > Client Settings > Add.

3. Select Upload > Browse to the software you downloaded > Select.

 

4. The file should upload to flash memory.

 

5. And it will tell you if it has been successful.

 

6. Select the new software and, using the ‘up arrow’ move it to the top of the list > Apply.

Note: At this point I also delete the old software packages.

7. Don’t forget to upload the packages for Linus and MacOS of you may see the following error;

The AnyConnect package on the secure gateway could not be located.

 

 

8. Remember to save the changes. File > Save running configuration to flash.

Related Articles, References, Credits, or External Links

Cisco ASA5500 AnyConnect SSL VPN 

Original article written: 02/11/12

Windows Folder Redirection

KB ID 0000467 

Problem

Q: What is Folder Redirection?

A: Essentially you can take folders that hold things like your “My documents” or your “Favorites” folder, and put them out on a network server, which is great if you want to back that sort of information up for disaster recovery.

Q: What’s the difference between this and a roaming / roving profile?

A: Folder redirection keeps information on a server and you access it remotely, Roaming profiles are designed to sync that information (and your WHOLE user profile) backwards and forwards to a network share as your users logon and log off.

Q: What folders can be redirected?

A: From Server 2008 onwards, and with Windows 7 clients and above, the following can be redirected.

  • AppData(Roaming)
  • Desktop
  • Start Menu
  • Documents
  • Pictures
  • Music
  • Videos
  • Favorites
  • Contacts
  • Downloads
  • Links
  • Searches
  • Saved Games

Solution

1. On a server create a folder to hold the redirected data, In this case you will notice I’ve called my share Redir$ (The dollar sign just means it’s a hidden share, and can’t be seen if people are network browsing).

Folder Redirection: Permissions for the Root Folder

2. Set the share permissions to Everyone: Full Control (Don’t worry we will secure it with NTFS permissions).

3. On the security tab of the folder click advanced.

4. For Server 2012 / 2016 you should see something like this;

For Server 2008 and older it should look more like this;

5. For server 2012 / 2016 Disable Inheritance and select ‘Convert’.

For 2008 and older, untick “Include Inheritable permissions from this objects parent” > At the warning click “Add”.

6. Select each User in turn (You will need to add the Everyone group) > Then Edit the permissions so that they are as follows.

  • CREATOR OWNER – Full Control (Apply onto: Subfolders and Files Only).
  • System – Full Control (Apply onto: This Folder, Subfolders and Files).
  • Domain Admins – Full Control (Apply onto: This Folder, Subfolders and Files).
  • Everyone – Traverse Folder/Execute File (Apply onto: This Folder Only).
  • Everyone – List Folder/Read Data (Apply onto: This Folder Only).
  • Everyone – Read Attributes (Apply onto: This Folder Only).
  • Everyone – Create Folder/Append Data (Apply onto: This Folder Only).

2012 / 2016

‘Show Advanced Permissions’

2008 and older.

7. Now REMOVE BOTH the entries for USERS > Apply  > OK.

7. On your domain controller open the Group Policy Management Console, (Under Administrative Tools) and either create a new USER policy of edit one that already linked to the users you want to enforce this policy upon.

8. I prefer to create a new policy and call it something sensible so if there’s a problem it’s easy to find in the future.

9. Navigate to:

[box]User Configuration > Policies > Windows Settings > Folder Redirection[/box]

Locate the folder you want to redirect (In this case its just the documents folder) > Right click > Properties.

10. I’m going to redirect all my users documents to the one folder I created earlier, so I will choose basic.

Note: You can choose “Advanced” and redirect different groups folders to different locations.

Enter the path to the root folder AS A UNC PATH, DONT click the browse button and browse to it.

11. I’m going to accept the defaults on the settings tab, the option I’ve highlighted creates the folders with exclusive rights on the folders for the user in question and SYSTEM, so the domain admin had no access (this is OK, it’s the same way user profiles work, you can still back them up).

12. Now as your users log on their folders will be redirected to the share you setup.

Backing up Redirected Folders

13. Even with exclusive rights you can still back this data up:

Related Articles, References, Credits, or External Links

Original Article written 22/06/11

Ubuntu: Setting Up a WordPress Website with LEMP – Part 3

KB ID 0001320 

Problem

So you want your own web server running WordPress? Previously in Parts One and Two, we setup a new Linux box, and got all the prerequisites installed. Now it’s time to deploy WordPress.

Solution

There are a few extra bits we need to add to the PHP installation before we setup WordPress, to get those installed run the following command;

[box]sudo apt-get install php-curl php-gd php-mbstring php-mcrypt php-xml php-xmlrpc[/box]

Then restart PHP;

[box]sudo systemctl restart php7.0-fpm[/box]

Download and Install WordPress.

We are going to use the /tmp directory and download wordpress into that, you don’t need to worry about what version to download because the good folk at WordPress use the same URL for the latest version and keep it updated.

[box]

cd /tmp
curl -O https://wordpress.org/latest.tar.gz

[/box]

If you didn’t already guess from the file extension, the WordPress files are compressed, we need to ‘extract’ them.

[box]tar xzvf latest.tar.gz[/box]

WordPress has a file called wp-config.php in the root of the website that we will be editing in a while, so we are going to create that file by using the ‘sample’ file provided.

[box]cp /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php[/box]

And, to save you hassle, (in future) we will pre-create the folder that WordPress will need when you eventually come to upgrade it, it will also, (after we have moved it in a minute),  have the correct permissions.

[box]mkdir /tmp/wordpress/wp-content/upgrade[/box]

Now we have all the files, but they are in the WRONG PLACE, they are all sat in the /tmp directory, but we want them in the root of your website, i.e. the  /var/www/html  directory. So to copy them (in bulk).

[box]sudo cp -a /tmp/wordpress/. /var/www/html[/box]

You won’t see anything happen, but if you have a look in your /var/www/html directory, the files will be there.

To set the correct permissions, execute the following commands;

[box]

sudo chown -R www-data /var/www/html
sudo find /var/www/html -type d -exec chmod g+s {} \;
sudo chmod g+w /var/www/html/wp-content
sudo chmod -R g+w /var/www/html/wp-content/themes
sudo chmod -R g+w /var/www/html/wp-content/plugins

[/box]

Configuring WordPress

Run the following, and it will return a large block of incomprehensible text; 

[box]curl -s https://api.wordpress.org/secret-key/1.1/salt/[/box]

COPY THAT TEXT TO THE CLIPBOARD (Yours will look different to the one above!)

Now edit the wp-config.php file, when its open go the the section that ‘looks like’ the text you copied above and paste your text over the top.

[box]nano /var/www/html/wp-config.php[/box]

While you are still in the file, you need to enter the database settings you setup in Part One. Near the top of the file you will see there’s a space for database name, username and password.

Enter your settings;

Save and close the file.

Now if you browse to your website, you should see the WordPress language selection, select your language and enter the settings and logon details for your website.

You will be logged into your sites admin panel (http://your-site/wp-admin). From here you can install new themes, add new plugins, and create new posts. Your website will now be ‘live’.

You may want to consider raising the maximum upload limit before proceeding;

Nginx Error – 413 Request Entity Too Large

If you are migrating data from another WordPress site into this one, see the following article;

Migrating WordPress From One Server To Another

If you are unsure on how to setup DNS records for your website see the following article;

Setting up the Correct DNS Records for your Web or Mail Server

Related Articles, References, Credits, or External Links

NA

Ubuntu: Setting Up a WordPress Website with LEMP – Part 2

KB ID 0001319 

Problem

Back in part one we deployed the server and setup our database, now we are going to setup our nginx web server, and get it to work with PHP.

Solution

Install NGINX

To get the nginx package installed;

[box]sudo apt install nginx[/box]

Now ensure nginx is set to start automatically with the server, and manually start the service.

[box]

sudo systemctl enable nginx
sudo systemctl start nginx

[/box]

Make sure it’s up and running;

[box]systemctl status nginx[/box]

Now the test if the web server is up and running, get the IP address (ifconfig), and browse to the IP address and you should see the nginx welcome page.

Note: If you get a 403 error, issue a ‘cp index.nginx-debian.html index.html‘ command and try again.

Install PHP7

Run the following command;

[box]sudo apt install php7.0-fpm php7.0-mbstring php7.0-xml php7.0-mysql php7.0-common php7.0-gd php7.0-json php7.0-cli php7.0-curl[/box]

Start the service and check it’s running;

[box]

sudo systemctl start php7.0-fpm
systemctl status php7.0-fpm

[/box]

Now to enable nginx to pass information to the FastCGI server (allows php scripts to be executed outside the web server). Your nginx install should be taking its settings from a configuration file ‘/etc/nginx/sites-enabled/default’.  To make sure execute an ‘nginx -t’ command. We need to edit that file.

Note: Below you will want to change the values in red to match your server, and the values in blue are optional. You can remove all the contents of the existing file and paste in the following.

To Edit;

[box]sudo nano /etc/nginx/sites-enabled/default[/box]

[box]

# Default server configuration

server {
listen 80 default_server;
listen [::]:80 default_server;

# Set The Root Directory for the Entire Website

    root /var/www/html/;

# Adding index.php to the list if you are using PHP

    index index.html index.htm index.nginx-debian.html;

# Add The Server IP Address or FQDN

    server_name 123.123.123.12;

# Auto Remove and re-write .htm from requests (to maintain old back-links)

    rewrite ^(/.*)\.htm(\?.*)?$ $1$2 permanent;

# The following does the WordPress Rewrites for the permalinks

      location / {
        index index.php index.html index.htm;
        try_files $uri $uri/ /index.php?$args;
      }

# Allow the user to Cache Static files for 1 year

      location ~* .(jpg|jpeg|png|gif|ico|css|js)$ {
        expires 365d;
      }

# pass PHP scripts to FastCGI server

     location ~ \.php$ {
    fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
    include snippets/fastcgi-php.conf;
  }
}

[/box]

Now save and exit the file, make sure its ok by running;

[box]nginx -t[/box]

Providing it says ‘successful’ restart nginx.

[box]sudo systemctl reload nginx[/box]

Testing PHP7 Works

Make sure we are up and running on version 7.

[box]php –version[/box]

Now just to be sure we are going to create a test page,  put in some PHP and make sure it works.

Create a file;

[box]sudo nano /var/www/html/test.php[/box]

Pete in the following;

[box]<?php phpinfo(); ?>[/box]

Save and exit the file, then browse to http://{ip-address}/test.php it should look something like the image below.

It’s considered bad practice to have that file on the server, so lets delete it with the following command;

[box]sudo rm /var/www/html/test.php[/box]

 

That’s us with a fully functioning nginx web server thats processing PHP, in part three we will install WordPress, connect it to the database we made easier, and then you will be ready to start posting.

Related Articles, References, Credits, or External Links

NA

Cisco ASA: ‘ERROR: Multiple Peers can be specified only with originate-only connections’

KB ID 0001316 

Problem

This week I had a client who had a head office and three satellite sites. They had old firewalls (a 5510 and 5505’s), and my firm had installed FTTC circuits, into the sites for them. My job was to reconfigure the firewalls and the site to site VPN tunnels (each site had a tunnel to the other sites), then disconnect their old ADSL connections, change the firewalls public IP, then connect to the shiny new FTTC circuits.

To save on downtime, my plan was to create new tunnel-groups for all the new IP addresses with the same shared-secrets, then add the new IPs as an alternative crpytomap peers. That way I could migrate all the sites and , the only downtime would be when I changed the firewall to the new IP and plugged into the new router, cool eh? 

All was going well until I hit the third satellite site and tried to add a second VPN peer like so…

[box]crypto map outside_map 1 set peer {new-ip-address} {old-ip-address} [/box]

It returned this error;

 ERROR: Multiple Peers can be specified only with originate-only connections

Solution

None of the other sites had done this, and I’ve done redundant VPN configs many times, (see the failover ISP article at the bottom of the page.) Never had I seen this error?

I made the ‘mistake‘ of adding;

[box]crypto map outside_map 1 set connection-type originate-only [/box]

A few minutes later I got an email “That sites VPNs have all gone down?”. On investigation the remote site thought the tunnel was up, (it was even encrypting and decrypting layer two traffic?) The main site didn’t even say phase one was attempting. I changed all the crypto maps back to a single peer IP and removed the ‘connection-type originate-only’ from all the crypto entries as well, everything started working again?

I found a bug report for something similar (CSCsd21514) but that affected version 7, I did a show version on the firewall it was running 7.2 (eeurgh.) I updated it to 8.3, (yes I could go to 9 but lets not tempt fate). Problem disappeared, it accepted the redundant VPN config and everything worked, (I flipped the circuit on this problem firewall this morning and downtime was less than 10 seconds).

Related Articles, References, Credits, or External Links

Cisco ASA/PIX Redundant or Backup ISP Links with VPNs

Ubuntu: Setting Up a WordPress Website with LEMP – Part 1

KB ID 0001318 

Problem

At the time of writing this site is running on CentOS7 LAMP (Linux Apache MySQL and PHP). Well I’m actually using MariaDB not MySQL as it’s ‘supposed’ to be a little faster, but they are similar enough to be accepted. I’m planning to migrate to Ubuntu 17 LEMP (Linux ‘EnginX’ MySQL and PHP) again with MariaDB. As the site is getting more traffic I want to utilise the better performance of nginx (I know I called it EnginX above but LNMP stack doesn’t sound so good, and nginx is ‘pronounced ‘engine x’).

So the following series of articles will be how to install nginx, MariaDB, PHP and WordPress.

Solution

Installing Linux

You have essentially two choices, do what most people do and go to a hosting company and rent a VPS, (virtual private server) for a monthly fee. Then when you set it up you can select what flavour of Linux you require, press go, and by the time you have had a coffee, they will have emailed you the IP and logon details, and Linux is already installed for you. You can of course install linux on your own server, and as long as you can make it publicly available use that.

The main difference is, if your hosting company build it for you, the root user will be enabled and you will connect with the root user and password. If you build your own server you will connect with user account and root will be disabled. If you know nothing about Linux that means to execute any system level commands you need to prefix them with ‘sudo’ (or type su and enter the root password). If you are logged in as root and use sudo it does not make any difference so I will prefix all the commands I use below with sudo to make things easier, just remember the first time you use sudo it will ask for your password again.

Why Ubuntu? Well I use CentOS presently, but while doing research there was little information on getting nginx and PHP7 running on CentOS, but there was for Ubuntu that’s the only reason I’m switching OS.

Update The Server

It might have been built from an image, but that does not mean that the image was up to date, thankfully that’s simple to do, run the following command to see if there’s any updates.

[box]sudo apt update[/box]

In my example theres two updates, I can upgrade to them with the following command, (you may be asked to answer ‘y’ for yes);

[box]sudo apt upgrade[/box]

Change the Linux SSH Port

Note: If you built the server, you may need to install openssh server.

[box]sudo apt-get install openssh-server[/box]

I’ve had servers compromised in the past so let’s start with some basic security, I always change the default SSH port, in this example I’ll use 2223 (instead of the default SSH port of 22).

Edit the SSH config file;

[box]sudo nano /etc/ssh/sshd_config[/box]

Uncomment and change the Port number to something other than 22, (make it above 1024 to be on the safe side, I’m using 2223).

Note: If you built your own server, and you are allowing root access to SSH you may want to see the following article;

Ubuntu: Allow SSH access for ‘root’ user

Don’t forget to restart the service;

[box]sudo service ssh restart[/box]

Protect Your Web Server With a Firewall

Traditionally Linux uses iptables, (or FirewallD for CentOS.) I like iptables, because like all things Linux I worked out how to set it up, and wrote it down. Ubuntu has a ‘front-end’ to iptables thats still command driven, it’s called UFW (uncomplicated firewall). Which I didn’t want to learn about because I use iptables! But in all honestly UFW is so simple it’s painfully easy.

I want to allow TCP 80 (http), TCP 443 (https), and TCP 2223 (for my SSH server). And that’s it, block everything else incoming, allow the server to speak out, and secure the server.

Run the following commands;

[box]

sudo ufw default allow outgoing
sudo ufw default deny incoming
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 2223/tcp

[/box]

Then enable the firewall, and set it so that it starts when the server reboots, you can also check its status for peace of mind;

[box]

sudo ufw enable
sudo ufw status

[/box]

Install and Configure MariaDB

Like most things Linux, installing MariaDB is simple, run the following command;

[box]sudo apt install mariadb-server mariadb-client[/box]

Then make sure it’s up and running;

[box]systemctl status mysql[/box]

Note: If it looks like it’s frozen, press Ctrl+C to get the cursor back

Set MariaDB to start when the server restarts;

[box]systemctl enable mariadb[/box]

Secure MariaDB: At the moment MariaDB will have a blank root password, (it has its own root user). So to secure it you simply run;

[box]sudo mysql_secure_installation[/box]

Note: It immediately asks for a password, (it will be blank so hit (Enter},) answer ‘Y’ to set a root password, set a fresh one (you will need it in a minute, so remember what it is!) Then accept all the defaults by just pressing {Enter}.

Create Your WordPress Database

WordPress needs a database, to get WordPress talking to MariaDB (or MySQL) you need three things;

  • A database name.
  • A username to access the database.
  • A password for that user.

So in the following example I will use;

  • Database Name: PETESDATABASE
  • Username: petesuser
  • Password: P@ssword12345

Execute the following commands one by one;

[box]

sudo mysql -u root -p
{Enter the root password you just set for MariaDB}
CREATE DATABASE PETESDATABASE;
CREATE USER 'petesuser'@'localhost' IDENTIFIED BY 'P@ssword12345';
GRANT ALL ON PETESDATABASE.* TO 'petesuser'@'localhost' IDENTIFIED BY 'P@ssword12345';
FLUSH PRIVILEGES;
exit

[/box]

 

In Part Two, we will install nginx and PHP.

Related Articles, References, Credits, or External Links

NA