SLiMS Technical Aspects

Hendro WicaksonoSLiMS Lead Developer

hendrowicaksono@yahoo.com/gmail.com. Twitter: @hendrowicaksono,

Facebook: facebook.com/hendrowicaksono

Internet(HTTP Protocol)

request response

request

response

Web Server

Create, read,update, delete http://slims.web.id

Kenapa & MySQL ?

Portabilitas yang lebih baik.

Terbukti berjalan baik pada ...

SCM software

Source code management menggunakan GIT (http://git-scm.com/)

Update Harian

Versi stabil terakhir:SliMS 3 stable 15 (Matoa)https://github.com/slims/s3st15_matoa

Development page: https://github.com/slims

Download paket tarball:http://slims.web.id/web/?q=node/1

Web: http://slims.web.id

Dokumentasi Developer

Developer:https://github.com/slims/s3-devdocs

Dokumentasi Pengguna

http://slims.web.id/download/docs/s3-doc-id.pdf

Documentation source code (daily updated):https://github.com/slims/s3-doc-id(latex/lyx format)

SLiMS menyimpan data

Data bibliografi, pengguna, transaksi disimpan di database MySQL.

Cover data bibliografi, lampiran berkas (file attachment), cache (label, barcode, swf), Foto anggota, Back-up (sql), generated report, disimpan di filesystem.

Strategi Back-up (1)

Export “sqldump” secara berkala. Jika di Linux, gunakan cron.

Strategi Back-up (2)

Copy folder aplikasi SliMS secara berkala. Jika di Linux, gunakan cron.

Contoh skrip untuk backup#!/bin/sh

# membersihkan folder backuprm -Rf /home/hendro/backup/*

# membuat subfolder sql utk menyimpan mkdir -p /home/hendro/backup/slims_backup/sqlmkdir -p /home/hendro/backup/slims_backup/app

# dumping sql data/usr/bin/mysqldump -u root --lock-tables --password='mysqlrootpasswd' slimsdb > /home/hendro/backup/slims_backup/sql/slims.sql

# copy app foldercp -R /var/www/libsenayan /home/hendro/backup/senayan_backup/app/

tar -czf /home/hendro/backup/`date +%Y_%m_%d-%d_%B_%Y-%H_%M`.tar.gz -C /home/hendro/backup/slims_backup

scp /home/hendro/backup/*.tar.gz hendro@10.0.0.145:/home/hendro/backup_senayan/ >/dev/null 2>&1exit

Contoh Implementasi (1)

Perpustakaan Kemdiknas RI

ProductionServer

OPACLibrary

Staff

Backup/FileServer

request/response

request/response

backupfrequentlyvia cron &

ssh

InternetOPAC

update frequently via cron & ssh

Intranet / LAN Internet / DMZ

Untuk akses OPAC, diinstal SLiMS terpisah tetapi mengacu ke database yang sama dengan username database yang “almost read-only”.Untuk sinkronisasi folder 'images', files, repository antara aplikasi prod & opac, digunakan rsync via cron.

Server Internet OPAC tidak terkoneksi langsung dengan Production Server.Akses ke database MySQL di set “read-only” (GRANT SELECT ON dbname.* TO username@localhost IDENTIFIED BY 'paswd')Via cron, secara berkala (15 menit) database di restore.

Contoh Implementasi (2)

Sebuah Institusi Pemerintah & instansi swasta bidang perminyakan

ProductionServer

StaffLibrary

Staff

MS ActiveDirectory Server

request/response

request/response

Intranet / LAN Internet / DMZ

Librarian & member login via LDAP for single

sign-on support

SLiMS Hardening Tips

Hendro Wicaksono

Separate database access.

Separate database access (1)

Read-Only for OPACFull Access for Librarian Login

Separate database access (2)

Read-Only for OPACGRANT SELECT ON senayandb.* TO opacuser@localhost IDENTIFIED BY 'password_rahasia';GRANT UPDATE ON senayandb.member TO opacuser@localhost;

Full Access for Librarian LoginGRANT ALL PRIVILEGES ON senayandb.* TO slimsadmin@localhost IDENTIFIED BY 'password_rahasia_juga';

FLUSH PRIVILEGES;

Separate database access (3)

Create 2 sysconfig files:sysconfig.inc.php

sysconfig-opac.inc.php

Separate database access (4)

In sysconfig-opac.inc.php:define('DB_USERNAME', 'opacuser');define('DB_PASSWORD', 'password_rahasia');

In sysconfig.inc.php:define('DB_USERNAME', 'slimsadmin');define('DB_PASSWORD', 'password_rahasia_juga');

Separate database access (5)

Edit index.php:

require '../sysconfig.inc.php';

change to

require '../sysconfig-opac.inc.php';

Separate database access (6)

Since SLiMS version 3 stable 15 (matoa), just copy

sysconfig.local.inc.php to sysconfig.local.fa.inc.php and adjust

the database connection setting for admin user.

Access Restriction based on IP Address to Librarian

Login.

IP Restriction to LibLogin

Edit lib/contents/login.inc.php:

$allowed_liblogin_ip = array('127.0.0.1');$remote_addr = $_SERVER['REMOTE_ADDR'];$confirmation = 0;

foreach ($allowed_liblogin_ip as $ip) { if ($ip == $remote_addr) { $confirmation = 1; }}

if (!$confirmation) { header ("location:index.php");}

HTTP Secure Connection to Librarian Login

HTTPS Secure Connection (1)

Edit lib/contents/login.inc.php:

if ($_SERVER['SERVER_PORT'] != '443') { header ("location:index.php");}

HTTPS Secure Connection (2)

Edit admin/index.php:

if ($_SERVER['SERVER_PORT'] != '443') { header ("location:../index.php");}

Security by obscurity (1)

Remove link to Librarian Login in OPAC

Security by obscurity (2)

<li><a class="menu" href="index.php?p=login"><span><?php echo __('Librarian LOGIN'); ?></span></a></li>

Change to

<!-- <li><a class="menu" href="index.php?p=login"><span><?php echo __('Librarian LOGIN'); ?></span></a></li> →

Or delete the line.

Do not use shared account. Every staff should login with

their own account.

Separate Account for Staffs

Choose the right Operating System for your needs.

Choose the Right OS

Suhosin!

sudo apt-get install php5-suhosin

PHP Hardening

MySQL Hardening

Apache Hardening

Choose the web server with built-in security features

PHP Accelerator/Opcode cache

Performance tuning

sudo apt-get install php-apc

APC

sudo apt-get install php5-xcache

xcache

Diskusi