3.10.1+ (Build: 20210130 ) Issue with Site Administration Links and Admin Password

3.10.1+ (Build: 20210130 ) Issue with Site Administration Links and Admin Password

by r chan -
Number of replies: 13

OS: Red Hat Enterprise Linux Server release 7.9 (Maipo)

PHP: ius php72u (7.2.34-1.el7.ius)  and php73 (7.3.26-1.el7.ius)

Apache: 2.4.6-97.el7_9

DB: Maria DB 10.5.8-1.el7

Chrome: Version 87.0.4280.141 (Official Build) (64-bit)


The main issue I'm having, is that when moodle is installed, I try to click on the Site Admin links, but not of the tab change, so I can't  access any of the administration links.

Installation was via git.

git clone https://github.com/moodle/moodle.git

cd moodle

git branch -a                                                   

git branch --track MOODLE_310_STABLE origin/MOODLE_310_STABLE

git checkout MOODLE_310_STABLE   

1st attempt: with php 7.2

I did install via command line

/usr/bin/php admin/cli/install.php --wwwroot=https://<someurl> --dataroot=<some dir>/moodledata --dbtype=mariadb --dbhost=localhost --dbname=<db name> --dbuser=<db user> --dbpass=<some password> --dbport=3306 --prefix=<some prefix> --fullname=<Some Name> --shortname=<Some Name> --summary=<Some Name> --adminuser=<some user> --adminpass=<some password> --adminemail=<some email> --agree-license 

2nd attempt: instead with php 7.3

same issue, could not select other tabs such as grades, plugins


3rd attempt with php 7.2

git install as above

Use the web browser to install.

Only got to the page where they ask for the admin user and password.  I tried to click on the box to enter the password of the admin user. but nothing happened, I could not enter a password, i could enter text in other text boxes.  So I could not confirm if the site administration tabs worked or not

4rd attempt with php 7.3

Using same method above, gives same result, unable to new password for admin user.


Average of ratings: -
In reply to r chan

Re: 3.10.1+ (Build: 20210130 ) Issue with Site Administration Links and Admin Password

by Ken Task -
Picture of Particularly helpful Moodlers

el7 is RH or CentOS enterprise release 7 - which?   CentOS 7 or true RedHat EL 7?

Among other potential issues with installations, seLinux is typically running in the 'enforcing' mode and it will deny a clean install.

Please check apache server error logs which on a typical el7 is in /var/log/httpd/  ssl_error_log or just error_log depending upon how logging was configured.

Also check if seLinux is running.   As root user, issue:

setatus [ENTER]

You should see something like:

SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing

Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31

IF it says 'enforcing', set to 'permissive'.

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_selinux/changing-selinux-states-and-modes_using-selinux

When installing Moodle, using git is a good idea.   Suggest once code is in place and moodledata directory has been created manually (normally in /var/www/ and owned by 'apache' user and group with very liberal permissions ... rwx granted to all) and an empty database has been created for moodle, run the install.php script in moodlecode/admin/cli/

php install.php [ENTER]

You will be prompted for all the same things the web interface prompts for and the setting of the admin user password won't be a problem (apache isn't involved).

If you do the install as root user, make sure you change the ownerships/permissions on the config.php file that is created in the code directory so what all can read the file:

chmod ugo+r config.php

Then try to access site with browser.

'SoS', Ken




Average of ratings: -
In reply to r chan

Re: 3.10.1+ (Build: 20210130 ) Issue with Site Administration Links and Admin Password

by Leon Stringer -
Picture of Core developers Picture of Particularly helpful Moodlers

It sounds like JavaScript is being blocked for the site. Can you check your browser's developer tools to see if there are any errors, e.g. Network Monitor and Web Console in Firefox.

If you share screenshots with us we'll try to help, hide anything you don't want to share on the Internet.

Average of ratings: -
In reply to Leon Stringer

Re: 3.10.1+ (Build: 20210130 ) Issue with Site Administration Links and Admin Password

by r chan -
This is the screen for when i try to enter an admin password:

Average of ratings: -
In reply to r chan

Re: 3.10.1+ (Build: 20210130 ) Issue with Site Administration Links and Admin Password

by r chan -


Average of ratings: -
In reply to r chan

Re: 3.10.1+ (Build: 20210130 ) Issue with Site Administration Links and Admin Password

by r chan -
This screenshot is when I did the cmd line install and log into the site and try to use the site admin links:

Average of ratings: -
In reply to r chan

Re: 3.10.1+ (Build: 20210130 ) Issue with Site Administration Links and Admin Password

by Leon Stringer -
Picture of Core developers Picture of Particularly helpful Moodlers

Can you tell us what browser and browser version you're using, and on which operating system you're running the browser. Can you try using a different browser?

As far as I can tell the errors, e.g.:

Refused to load the script 'https://.../polyfill.min.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

is your browser blocking Moodle's JavaScript because in violates the directive set by <meta http-equiv="Content-Security-Policy" …>. But Moodle doesn't set such a policy on this page so I'm wondering if there's something (e.g. a web proxy or browser plugin) that could be interfering with this content.

Average of ratings: -
In reply to Leon Stringer

Re: 3.10.1+ (Build: 20210130 ) Issue with Site Administration Links and Admin Password

by r chan -
Chrome: Version 87.0.4280.141 (Official Build) (64-bit)
Firefox: 85.0 (64-bit)
This is from firefox:




MS Edge 88.0705.56 (64bit)




Average of ratings: -
In reply to r chan

Re: 3.10.1+ (Build: 20210130 ) Issue with Site Administration Links and Admin Password

by Ken Task -
Picture of Particularly helpful Moodlers

Ok, it wasn't my guess at seLinux, but appears to be related to openscap which is installed on your server but maybe not configured to allow?

Info collected to assist:

https://docs.centos.org/en-US/centos/install-guide/SecurityPolicySpoke-x86/

The openscap-scanner package will also be added to your package selection, providing a preinstalled tool for compliance and vulnerability scanning. After the installation finishes, the system will be automatically scanned to verify compliance. The results of this scan will be saved to the /root/openscap_data directory on the installed system.

http://www.open-scap.org/security-policies/choosing-policy/
has a section for RHE 7


    C2S for Red Hat Enterprise Linux 7
    CIS Red Hat Enterprise Linux 7 Benchmark
    Criminal Justice Information Services (CJIS) Security Policy
    Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171)
    Health Insurance Portability and Accountability Act (HIPAA)
    NIST National Checklist Program Security Guide
    OSPP – Protection Profile for General Purpose Operating Systems v4.2.1
    PCI-DSS v3.2.1 Control Baseline for Red Hat Enterprise Linux 7
    [DRAFT] DISA STIG for Red Hat Enterprise Linux Virtualization Host (RHELH)
    VPP – Protection Profile for Virtualization v. 1.0 for Red Hat Enterprise Linux Hypervisor (RHELH)
    Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)
    Standard System Security Profile for Red Hat Enterprise Linux 7
    DRAFT – ANSSI DAT-BP28 (enhanced)
    DRAFT – ANSSI DAT-BP28 (high)
    DRAFT – ANSSI DAT-BP28 (intermediary)
    DRAFT – ANSSI DAT-BP28 (minimal)
    Australian Cyber Security Centre (ACSC) Essential Eight
    DISA STIG for Red Hat Enterprise Linux 7

'SoS', Ken


Average of ratings: -
In reply to Ken Task

Re: 3.10.1+ (Build: 20210130 ) Issue with Site Administration Links and Admin Password

by r chan -
It doesn't look like i have this openscap installed.


Average of ratings: -
In reply to r chan

Re: 3.10.1+ (Build: 20210130 ) Issue with Site Administration Links and Admin Password

by Leon Stringer -
Picture of Core developers Picture of Particularly helpful Moodlers

Does the Moodle page being loaded (but not working) contain <meta http-equiv="Content-Security-Policy" …> in the page source? If so, could Apache have been configured to add this? Apparently this is possible.

Average of ratings: Useful (2)
In reply to Leon Stringer

Re: 3.10.1+ (Build: 20210130 ) Issue with Site Administration Links and Admin Password

by r chan -
Thanks for the tip. I looking in the apache virtual host and found this line:

Header set Content-Security-Policy "script-src 'unsafe-inline'; object-src 'self'"

I needed to add bunch of lines from a security scan and i reused the virtual host

Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"

Header always append X-Frame-Options SAMEORIGIN
Header always set X-XSS-Protection "1; mode=block"
Header always set X-Content-Type-Options: nosniff
# Header set Content-Security-Policy "script-src 'unsafe-inline'; object-src 'self'"
Header always set Referrer-Policy: strict-origin-when-cross-origin

i comment out the unsafe-inline and its working now.

Thanks for the help guys
Average of ratings: -
In reply to r chan

Re: 3.10.1+ (Build: 20210130 ) Issue with Site Administration Links and Admin Password

by Ken Task -
Picture of Particularly helpful Moodlers

Welcome ... glad to have a part.   Now how about a return ... wonder if you would expand upon ...

"needed to add bunch of lines from a security scan"

This security scan mentioned ... please share info - not the findings/details, but what was used?

'SoS', Ken

Average of ratings: -
In reply to Ken Task

Re: 3.10.1+ (Build: 20210130 ) Issue with Site Administration Links and Admin Password

by r chan -
The software/service that was used is called nessus
Average of ratings: -