2012年(65)
分类: LINUX
2012-03-03 22:04:33
卸载系统原有Apache、MySQL
查询系统中已安装的Apache相关软件包
# rpm -qa|grep -i httpd
httpd-manual-2.0.40-21
httpd-2.0.40-21
redhat-config-httpd-1.0.1-18
如果Apache已开启,停止运行Apache服务器
#service httpd stop
卸载Apache服务器
# rpm -e httpd-manual-2.0.40-21 --nodeps
# rpm -e httpd-2.0.40-21 --nodeps
# rpm -e redhat-config-httpd-1.0.1-18 --nodeps
查询系统中已安装的MySQL相关软件包
# rpm -qa|grep -i mysql
mysql-devel-3.23.54a-11
mysql-3.23.54a-11
mysql-server-3.23.54a-11
如果MySQL已开启,停止运行MySQL服务器
#service mysqld stop
查询系统中已安装的PHP相关软件包
[root@localhost root]# rpm -qa|grep -i php
php-ldap-4.2.2-17
php-imap-4.2.2-17
php-4.2.2-17
卸载PHP应用服务器
[root@localhost root]# rpm -e php-ldap-4.2.2-17 --nodeps
[root@localhost root]# rpm -e php-imap-4.2.2-17 --nodeps
[root@localhost root]# rpm -e php-4.2.2-17 --nodeps
系统环境部署及调整
检查系统是否正常
# more /var/log/messages (检查有无系统级错误信息)
# dmesg (检查硬件设备是否有错误信息)
# ifconfig (检查网卡设置是否正确)
# ping (检查网络是否正常)
关闭不需要的服务
# ntsysv
以下仅列出需要启动的服务,未列出的服务一律推荐关闭:
atd
crond
irqbalance
microcode_ctl
network
sendmail
sshd
syslog
重新启动系统
# init 6
使用 yum 程序安装所需开发包(以下为标准的 RPM 包名称)
[root@localhost root]# gcc –v
# yum install ntp vim-enhanced gcc gcc-c++ gcc-g77 flex bison autoconf
automake bzip2-devel ncurses-devel libtiff-devel pam-devel kernel
安装LAMP环境
所用源码包
freetype-2.1.10.tar.gz gd-2.0.35.tar.gz
httpd-2.0.58.tar.gz jpegsrc.v6b.tar.gz
libmcrypt-2.5.7.tar.gz libpng-1.2.31.tar.gz
libxml2-2.6.11.tar.gz mysql-5.0.20a.tar.gz
php-5.0.4.tar.gz zlib-1.2.3.tar.gz
约定目录
/usr/local/src 软件源代码包存放位置
/usr/local/lamp/softwore_name 源码包编译安装位置
安装命令
1 libxml
# cd /usr/local/src
# tar -xzvf libxml2-2.6.11.tar.gz
# cd /usr/local/src/libxml2-2.6.11
# ./configure --prefix=/usr/local/lamp/libxml
# make
# make install
2 zlib
# cd /usr/local/src
# tar -xzvf zlib-1.2.3.tar.gz
# cd /usr/local/src/zlib-1.2.3
# ./configure --prefix=/usr/local/lamp/zlib
# make
# make install
3 libmcrypt
# cd /usr/local/src
# tar -xzvf libmcrypt-2.5.7.tar.gz
# cd /usr/local/src/libmcrypt-2.5.7
# ./configure --prefix=/usr/local/lamp/libmcrypt
# make
# make install
***********************************************************
# cd /usr/local/src/libmcrypt-2.5.7
# cd libltdl
# ./configure --enable-ltdl-install
# make
# make install
4 libpng
# cd /usr/local/src
# tar -xzvf libpng-1.2.31.tar.gz
# cd /usr/local/src/libpng-1.2.31
# ./configure --prefix=/usr/local/lamp/libpng
# make
# make install
5 freetype
# cd /usr/local/src
# tar -zxvf freetype-2.1.10.tar.gz
# cd /usr/local/src/freetype-2.1.10
# ./configure --prefix=/usr/local/lamp/freetype
# make
# make install
6 JPEG
# cd /usr/local/src
# tar -xzvf jpegsrc.v6b.tar.gz
# cd /usr/local/src/jpeg-6b
# mkdir /usr/local/lamp/jpeg && mkdir /usr/local/lamp/jpeg/bin
# mkdir /usr/local/lamp/jpeg/lib && mkdir /usr/local/lamp/jpeg/include
# mkdir -p /usr/local/lamp/jpeg/man/man1
# ./configure --prefix=/usr/local/lamp/jpeg \
--enable-shared \
--enable-static
# make
# make install
*******************************************************************************************RH9 必须执行
# rpm -qa|grep autoconf
如果返回信息中autoconf版本低于2.58 则强制卸载当前版本
# rpm -e autoconf-x.x.x --nodeps
# cd /usr/local/src
# tar -xzvf autoconf-2.61.tar.gz
# cd /usr/local/src/autoconf-2.61
# ./configure
# make
# make install
******************************************************************************************
7 GD
# cd /usr/local/src
# tar -xzvf gd-2.0.35.tar.gz
# cd /usr/local/src/gd-2.0.35
# ./configure --prefix=/usr/local/lamp/gd \
--with-zlib=/usr/local/lamp/zlib \--with-png=/usr/local/lamp/libpng \
--with-jpeg=/usr/local/lamp/jpeg \
--with-freetype=/usr/local/lamp/freetype
# make
*******************************************************************************************如出现以下警告信息
make[2]: *** [gd_png.lo] Error 1
make[2]: Leaving directory `/usr/local/src/gd-2.0.35'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/usr/local/src/gd-2.0.35'
make: *** [all] Error 2
则
# vi /usr/local/src/gd-2.0.35/gd_png.c
查找png.h改成
/usr/local/lamp/libpng/include/png.h
保存退出
再重新执行
# make
*******************************************************************************************
# make install
8 Apache
# cd /usr/local/src
# tar -zxvf httpd-2.0.58.tar.gz
# cd /usr/local/src/httpd-2.0.58
# ./configure --prefix=/usr/local/lamp/apache \
--sysconfdir=/etc/httpd \
--with-z=/usr/local/lamp/zlib \
--with-included-apr \
--disable-userdir \
--enable-so \
--enable-deflate=shared \
--enable-expires=shared \
--enable-rewrite=shared \
--enable-vhost-alias=shared \
--enable-static-support
# make
*******************************************************************************************
如出现以下警告信息
make[4]:***[mod_deflate.slo] error 1
则
# cd /usr/include/
# rm -rf zlib.h
然后使用httpd-2.2.9.tar.gz版本使用相同参数安装即可
******************************************************************************************
# make install
# echo "/usr/local/lamp/apache/bin/apachectl start" >> /etc/rc.d/rc.local
# ln -s /usr/local/lamp/apache/bin/apachectl /sbin/
9 MySQL
# groupadd mysql
# useradd –g mysql mysql
# tar -xzvf mysql-5.0.20a.tar.gz
# cd /usr/local/src/mysql-5.0.20a
# ./configure --prefix=/usr/local/lamp/mysql \
--with-extra-charsets=all
# make
# make install
# cp support-files/my-medium.cnf /etc/my.cnf
# cd /usr/local/lamp/mysql
# bin/mysql_install_db --user=mysql
# chown –R root .
# chown –R mysql var
# chgrp –R mysql .
# bin/mysqld_safe --user=mysql & //启动MySQL
# netstat -tnl|grep 3306 //查看3306端口是否开启,以下结果为MySQL
服务启动成功
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
# bin/mysql -u root //没有密码可以直接登录MySQL服务器
mysql> DELETE FROM mysql.user WHERE Host='localhost' AND User='';
mysql> FLUSH PRIVILEGES;
mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('123456');
mysql> exit
# cd /usr/local/src/mysql-5.0.20a
# cp support-files/mysql.server /etc/rc.d/init.d/mysqld
# chown root.root /etc/rc.d/init.d/mysqld
# chmod 755 /etc/rc.d/init.d/mysqld
# chkconfig --add mysqld
# chkconfig --level 3 mysqld on
# chkconfig --level 5 mysqld on
10 PHP
# cd /usr/local/src
# tar -xzvf php-5.0.4.tar.gz
# cd /usr/local/src/php-5.0.4
# ./configure --prefix=/usr/local/lamp/php \
--with-config-file-path=/usr/local/lamp/php/etc \
--with-apxs2=/usr/local/lamp/apache/bin/apxs \
--with-libxml-dir=/usr/local/lamp/libxml \
--with-zlib-dir=/usr/local/lamp/zlib \
--with-mysql=/usr/local/lamp/mysql \
--with-mysqli=/usr/local/lamp/mysql/bin/mysql_config \
--with-gd=/usr/local/lamp/gd \
--with-png-dir=/usr/local/lamp/libpng \
--with-jpeg-dir=/usr/local/lamp/jpeg \
--with-freetype-dir=/usr/local/lamp/freetype \
--enable-soap \
--enable-sockets \
--with-mcrypt=/usr/local/lamp/libmcrypt
*******************************************************************************************
如出现类似以下警告信息
checking whether to enable LIBXML support... yes
…………………………………………
checking whether libxml build works... no
则使用libxml2-2.6.30.tar.gz版本使用相同参数重新安装libxml即可
******************************************************************************************
# make
# make install
# mkdir /usr/local/lamp/php/etc
# cp php.ini-dist /usr/local/lamp/php/etc/php.ini
11 ZendOptimizer
# cd /usr/local/src
# tar –xzvf ZendOptimizer-3.3.3-linux-glibc23-x86_64.tar.gz
# ./ZendOptimizer-3.3.0-linux-glibc21-i386/install.sh
整合Apache与PHP
# vi /usr/local/lamp/apache/conf/httpd.conf
找到:
AddType application/x-gzip .gz .tgz
在该行下面添加
AddType application/x-httpd-php .php
找到:
DirectoryIndex index.html
改为
DirectoryIndex index.html index.htm index.php
找到:
#Include conf/extra/httpd-mpm.conf
#Include conf/extra/httpd-info.conf
#Include conf/extra/httpd-vhosts.conf
#Include conf/extra/httpd-default.conf
去掉前面的“#”号,取消注释。
# /usr/local/lamp/apache/bin/apachectl restart
查看确认L.A.M.P环境信息、提升 PHP 安全性
在网站根目录放置 phpinfo.php 脚本,检查phpinfo中的各项信息是否正确
确认 PHP 能够正常工作后,在 php.ini 中进行设置提升 PHP 安全性。
# vi /etc/php.ini
找到:
disable_functions =
设置为:
phpinfo,passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server
服务器安全性设置
# vi /usr/local/sbin/fw.sh
将以下脚本命令粘贴到 fw.sh 文件中。
#!/bin/bash
# Stop iptables service first
service iptables stop
# Load FTP Kernel modules
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
# Inital chains default policy
/sbin/iptables -F -t filter
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
# Enable Native Network Transfer
/sbin/iptables -A INPUT -i lo -j ACCEPT
# Accept Established Connections
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# ICMP Control
/sbin/iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 10 –j ACCEPT
# WWW Service
/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# FTP Service
/sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT
# SSH Service
/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
修改完成后保存退出
# chmod 755 /usr/local/sbin/fw.sh
# echo '/usr/local/sbin/fw.sh' >> /etc/rc.local
# /usr/local/sbin/fw.sh
