Install and Setup DVWA on Rocky Linux 8

Last Updated:

If you want to play around with Damn Vulnerable Web Application, then follow through this guide to learn how to install and setup DVWA on Rocky Linux 8 as a legal environment to run your web application security tests.

Installing DVWA on Rocky Linux 8

Install LAMP Stack on Rocky Linux 8

One of the major requirements for setting up DVWA lab is to have LAMP Stack up and running. Follow the guides below to learn how to install LAMP stack on Rocky Linux 8.

Note that we use PHP 7.4.

Install LAMP Stack with MariaDB 10 on Rocky Linux 8

Install additional PHP modules and other packages;

dnf install php-gd git vim

Create DVWA Database and Database User

Once the LAMP stack installation is done, proceed to create MariaDB DVWA database and database user.

mysql -u root -p

Create DVWA database. Replace the database name accordingly.

create database dvwa;

Create DVWA database user and grant all privileges. Replace the database user accordingly.

grant all on dvwa.* to dvwauser@localhost identified by 'Str0nGp@ssword';

Reload the privileges table and exit the database.

flush privileges;

Install DVWA on Rocky Linux 8

Clone the latest version of the DVWA to Apache default web root directory, /var/www/html.

git clone /var/www/html/

Check the contents of /var/www/html/.

ls -1 /var/www/html/

Configure DVWA on Rocky Linux 8

Setup DVWA Database Connection

Begin by renaming the sample configuration file /var/www/html/config/ to /var/www/html/config/

cp /var/www/html/config/{.dist,}

Next, edit the configuration file, /var/www/html/config/ and set the database connection details.

vim /var/www/html/config/

Replace the database and database user and the password accordingly.

# Database variables
$_DVWA = array();
$_DVWA[ 'db_server' ]   = '';
$_DVWA[ 'db_database' ] = 'dvwa';
$_DVWA[ 'db_user' ]     = 'dvwauser';
$_DVWA[ 'db_password' ] = 'Str0nGp@ssword';

Install reCAPTCHA keys

Generate recapture values from Google service.

Once generated, simply copy and paste the site key and site secret key to $_DVWA[ 'recaptcha_public_key' ] and $_DVWA[ 'recaptcha_private_key' ] respectively.

# ReCAPTCHA settings
#   Used for the 'Insecure CAPTCHA' module
#   You'll need to generate your own keys at:
$_DVWA[ 'recaptcha_public_key' ]  = '6Lc4BsMUAAAAAKs72dKl4ZTVsA8giXiN7yqQcoVz';
$_DVWA[ 'recaptcha_private_key' ] = '6Lc4BsMUAAAAAI9v0sd_xvlh_PMXTcgtqRYJ6VEd';

Save and exit the configuration file.

Restart MariaDB

systemctl restart mariadb

Configure PHP

The version PHP installed in our case here is 7.4.

php -v
PHP 7.4.6 (cli) (built: May 12 2020 08:09:15) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
    with Zend OPcache v7.4.6, Copyright (c), by Zend Technologies

Proceed to edit /etc/php.ini and make the following changes.

vim /etc/php.ini
  • allow_url_include = On – Allows for Remote File Inclusions (RFI)
  • allow_url_fopen = On – Allows for Remote File Inclusions (RFI)
  • display_errors = Off – (Optional) Hides PHP warning messages to make it less verbose

Save and quit the PHP configuration file

Set the ownership of the DVWA web root directory to Web server user.

chown -R apache: /var/www/html

Restart Apache and MariaDB

systemctl restart httpd mariadb

Configure SELinux

You might experience that the apache web server user might not be allowed to write /var/www/html/external/phpids/0.6/lib/IDS/tmp/phpids_log.txt as well as on the directory, /var/www/html/config.

Such errors as:

  • [User: apache] Writable file /var/www/html/external/phpids/0.6/lib/IDS/tmp/phpids_log.txt: No
  • [User: apache] Writable folder /var/www/html/config: No

To fix this, we simply set SELinux to permissive.

setenforce 0

sed -i ‘s/=enforcing/=permissive/’ /etc/selinux/config

Complete DVWA Setup from Browser

Navigate to the web browser and access your DVWA using the address, http://server-IP.

dvwa 1

On the status check page, ensure that you fix any check whose status is red.

Next, click Create/Reset Database at the bottom to setup the DVWA database. If the database already exists, it will be reset.

After that, you are then taken to the Login screen.

Login using the default credentials: admin:password.

dvwa login

You should now land on DVWA welcome page.

dvwa dashboard

There you go. That is it on how to setup DVWA on Rocky Linux 8. You can now run web application security testings as you wish. Enjoy.

Other Tutorials

Detecting Malicious Files with Wazuh and VirusTotal

Install and Use Nikto Web Scanner on Ubuntu 18.04

Install and Setup Nessus Scanner on Ubuntu 20.04


We're passionate about sharing our knowledge and experiences with you through our blog. If you appreciate our efforts, consider buying us a virtual coffee. Your support keeps us motivated and enables us to continually improve, ensuring that we can provide you with the best content possible. Thank you for being a coffee-fueled champion of our work!

Photo of author
I am the Co-founder of, Linux and the whole FOSS enthusiast, Linux System Admin and a Blue Teamer who loves to share technological tips and hacks with others as a way of sharing knowledge as: "In vain have you acquired knowledge if you have not imparted it to others".

Leave a Comment