OutSCIRT

About
Documentation
Downloads

Installation Instructions

Last updated: January 1, 2021

Notes:
  • Although initially developed on Windows with lighttpd, all the latest versions have been developed on Linux systems, using Apache and PHP.

Prerequisites

  1. Update apache2.conf
  2. ActivateModRewrite
  3. Restart Apache

OutSCIRT Installation

  1. Download the latest release
  2. Extract the files to the root folder of your web server; e.g., /var/www/html
  3. Open localhost/O__setup.php in your web browser (otherwise, you will get argument errors on the index file.)
  4. Assuming there are no errors, then you can proceed to the login via the setup. Note: the default login page is located at localhost/O__login/login
  5. Now, login: the default username is ID and default password is PASSWORD

Best Practices

  1. Change the default username and password: For obvious reasons, change your default username and password.
  2. Move your directories: For additional security, please manually move the ./DB and ./libraries directories to a folder that is not accessible through a web browser. For example localhost/DB is accessible through a web browser. However, /var/DB is not. Make sure the new paths for rootPath, DBpath, and libPath are updated in the /DB/system/ini.php file. However, when you move ini.php, you must also update the reference to it in your index.php file.
  3. Remove unneeded PageTypes: You should remove all PageTypes that you will not be using. For example, a screensaver may not have a purpose for a website; so, the O__screensaver folders should be removed from DB and libraries.
  4. Update session ownership: If needed, change session ownership of the session directory; e.g., chown -R www-data:www-data ./DB/pageTypes/O__users/data/sessions
  5. Suppress page errors: By default, errors are saved to /logs/errors and are viewable through the admin screen, but are suppressed from being displayed on page. Displaying errors on page (if any), can expose the location of your DB, library, and other paths. Otherwise, if you are developing on a local system, you can set errors to display on page by setting $O__errorDisplayOff = 0 in the ini.php file.
  6. Force https: It is strongly encouraged that you set up your htaccess file to use https. If you are unable to do this, you can edit your ini.php file and change $O__redirectSecureForce = 0 to $O__redirectSecureForce = 1.