Skip to end of banner
Go to start of banner

Installing Open-AudiT 5.x on Redhat 8 without external repo's

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »


Redhat 8 in particular doesn't ship with a late enough version (it ships 7.2.x) for us - we require 7.4 at a minimum.

Redhat 8 also does not ship the libsodium library at all. Libsodium is used by PHP (amongst others) to provide encryption abilities - and we use this in Open-AudIT.

So, by default Open-AudIT 5.x uses the Remi repo for Redhat to get updated versions of PHP and a suitable libsodium.


Some customers are not permitted to allow external repositiories that are not Redhat controlled (or owned). Even though Remi works for Redhat and is their PHP packager and maintainer, his repository is not "official" and therefore not allowed on these servers.

What to do... what to do?

Well, you cou8ld always install Redhat 9 and use the default repo's. This will "just work" as Redhat 9 has a suitable version of PHP and does ship libsodium.

But what if you have to stay on Redhat 8?

Fear not, I have the answer. Below uses Redhat AppStream (for PHP), Fedora Repo (for libsodium, owned by Redhat)  and PECL (official Redhat package).

Follow the bouncing ball below to get this working.

NOTE - This is designed for a new Redhat 8 server, not for upgrading your existing server. I have not attempted to install the dependencies over an existing set, but I think it should work.

As always - do not try this on your production machine. The best way is a new install of Redhat 8, followed by a clone of your production machine.

On the new server.

subscription-manager refresh

dnf update

dnf install @php:8.0 httpd

dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

/usr/bin/crb enable

dnf update

dnf install mariadb-server nmap zip curl wget sshpass samba-client logrotate ipmitool net-snmp libnsl php-intl php-mysqlnd php-ldap php-process php-snmp libsodium php-pear php-devel libsodium-devel make perl-Crypt-CBC perl-Time-ParseDate screen 

pecl channel-update pecl.php.net

pecl install libsodium

echo 'extension=sodium.so' > /etc/php.d/20-sodium.ini

systemctl restart php-fpm

systemctl restart httpd

systemctl restart mariadb

wget https://dl-openaudit.opmantek.com/OAE-Linux-x86_64-release_5.1.0.run

chmod +x OAE-Linux-x86_64-release_5.1.0.run


Once the installer is running, answer as below.

Have you successfully run yum update (y/n)? y

Enable the EPEL and Remi (PHP) repositories (y/n)? n

Open-AudIT requires the following packages which are not installed: 
 php php-sodium
The installer can use DNF to download and install these packages.
Do you want to install these packages with DNF now (y/n)? n

Should I set the default Open-AudIT root password to 'openauditrootuserpassword' (y/n)? y 


On your existing production machine.

mysql -u root -popenauditrootuserpassword openaudit -e "DELETE FROM oa_user_sessions; DELETE FROM logs;"

mysqldump -u root -popenauditrootuserpassword --extended-insert=FALSE --routines openaudit > /tmp/openaudit.sql 

scp YOUR_USERNAME@ORIGINAL_OPEN_AUDIT_SERVER:/tmp/openaudit.sql /usr/local/open-audit/

scp YOUR_USERNAME@ORIGINAL_OPEN_AUDIT_SERVER:/var/www/html/open-audit/custom_images/* /usr/local/open-audit/public/custom_images/

scp YOUR_USERNAME@ORIGINAL_OPEN_AUDIT_SERVER:/usr/local/open-audit/code_igniter/application/attachments/* /usr/local/open-audit/app/Attachments/

cat /usr/local/omk/conf/opLicense.json


On the new server.

cd /usr/local/open-audit

mysql -u root -popenauditrootuserpassword -e "DROP DATABASE openaudit; CREATE DATABASE openaudit;"

mysql -u root -popenauditrootuserpassword openaudit < openaudit.sql


Logon to the Open-AudIT GUI and upgrade the database.

Then add your license. Go to menu -> Licenses -> Manage Licenses. Copy the encrypted string for Open-AudIT from opLicense.json you cat'ed earlier (on the production machine).

And you're done.


Really, it is much easier to use Redhat 9 or allow Remi's repo, but in cases where that isn't possible you have the above.

And of course if you are a supported customer, we will walk you through it with a screen-share session if required.

Onwards and Upwards!

  • No labels