Chinaunix首页 | 论坛 | 博客
  • 博客访问: 288187
  • 博文数量: 65
  • 博客积分: 1514
  • 博客等级: 中尉
  • 技术积分: 820
  • 用 户 组: 普通用户
  • 注册时间: 2011-10-20 21:01
文章分类

全部博文(65)

文章存档

2012年(65)

分类: LINUX

2012-03-03 22:04:33

卸载系统原有ApacheMySQL

 

查询系统中已安装的Apache相关软件包

# rpm -qa|grep -i  httpd

httpd-manual-2.0.40-21

httpd-2.0.40-21

redhat-config-httpd-1.0.1-18

 

如果Apache已开启,停止运行Apache服务器

#service httpd stop

 

卸载Apache服务器

# rpm -e httpd-manual-2.0.40-21 --nodeps

# rpm -e httpd-2.0.40-21 --nodeps

# rpm -e redhat-config-httpd-1.0.1-18 --nodeps

 

查询系统中已安装的MySQL相关软件包

# rpm -qa|grep -i  mysql

mysql-devel-3.23.54a-11

mysql-3.23.54a-11

mysql-server-3.23.54a-11

 

如果MySQL已开启,停止运行MySQL服务器

#service mysqld stop

 

 

查询系统中已安装的PHP相关软件包

[root@localhost root]# rpm -qa|grep -i php

php-ldap-4.2.2-17

php-imap-4.2.2-17

php-4.2.2-17

 

卸载PHP应用服务器

[root@localhost root]# rpm -e php-ldap-4.2.2-17 --nodeps

[root@localhost root]# rpm -e php-imap-4.2.2-17 --nodeps

[root@localhost root]# rpm -e php-4.2.2-17 --nodeps

系统环境部署及调整

检查系统是否正常

# more /var/log/messages       (检查有无系统级错误信息)

# dmesg                        (检查硬件设备是否有错误信息)

# ifconfig                       (检查网卡设置是否正确)

# ping                 (检查网络是否正常)

 

 

关闭不需要的服务

# ntsysv

以下仅列出需要启动的服务,未列出的服务一律推荐关闭:

atd

crond

irqbalance

microcode_ctl

network

sendmail

sshd

syslog

 

重新启动系统

# init 6

 

使用 yum 程序安装所需开发包(以下为标准的 RPM 包名称)

[root@localhost root]# gcc –v

# yum install ntp vim-enhanced gcc gcc-c++ gcc-g77 flex bison autoconf

automake bzip2-devel ncurses-devel libtiff-devel pam-devel kernel

 

 

安装LAMP环境

 

所用源码包

freetype-2.1.10.tar.gz                           gd-2.0.35.tar.gz 

httpd-2.0.58.tar.gz                         jpegsrc.v6b.tar.gz

libmcrypt-2.5.7.tar.gz                           libpng-1.2.31.tar.gz

libxml2-2.6.11.tar.gz                             mysql-5.0.20a.tar.gz

php-5.0.4.tar.gz                                    zlib-1.2.3.tar.gz

约定目录

/usr/local/src                    软件源代码包存放位置

/usr/local/lamp/softwore_name  源码包编译安装位置

 

 

 

 

安装命令

1 libxml

 

# cd /usr/local/src

# tar -xzvf libxml2-2.6.11.tar.gz

# cd /usr/local/src/libxml2-2.6.11

# ./configure --prefix=/usr/local/lamp/libxml

# make

# make install

 

2 zlib

 

# cd /usr/local/src

# tar -xzvf zlib-1.2.3.tar.gz

# cd /usr/local/src/zlib-1.2.3

# ./configure --prefix=/usr/local/lamp/zlib

# make

# make install

 

3 libmcrypt

 

# cd /usr/local/src

# tar -xzvf libmcrypt-2.5.7.tar.gz

# cd /usr/local/src/libmcrypt-2.5.7

# ./configure --prefix=/usr/local/lamp/libmcrypt

# make

# make install

***********************************************************

# cd /usr/local/src/libmcrypt-2.5.7

# cd libltdl

# ./configure  --enable-ltdl-install

# make

# make install

 

4 libpng

 

# cd /usr/local/src

# tar -xzvf libpng-1.2.31.tar.gz

# cd /usr/local/src/libpng-1.2.31

# ./configure --prefix=/usr/local/lamp/libpng

# make

# make install

 

5 freetype

 

# cd /usr/local/src

# tar -zxvf freetype-2.1.10.tar.gz

# cd /usr/local/src/freetype-2.1.10

# ./configure --prefix=/usr/local/lamp/freetype

# make

# make install

 

6 JPEG

 

# cd /usr/local/src

# tar -xzvf jpegsrc.v6b.tar.gz

# cd /usr/local/src/jpeg-6b

# mkdir /usr/local/lamp/jpeg && mkdir /usr/local/lamp/jpeg/bin

# mkdir /usr/local/lamp/jpeg/lib && mkdir /usr/local/lamp/jpeg/include

# mkdir -p /usr/local/lamp/jpeg/man/man1

# ./configure --prefix=/usr/local/lamp/jpeg \

--enable-shared \

--enable-static

# make

# make install

 

*******************************************************************************************RH9 必须执行

# rpm -qa|grep autoconf

如果返回信息中autoconf版本低于2.58 则强制卸载当前版本

# rpm -e autoconf-x.x.x --nodeps

# cd /usr/local/src

# tar -xzvf autoconf-2.61.tar.gz

# cd /usr/local/src/autoconf-2.61

# ./configure

# make

# make install

******************************************************************************************

7 GD

 

# cd /usr/local/src

# tar -xzvf gd-2.0.35.tar.gz

# cd /usr/local/src/gd-2.0.35

# ./configure --prefix=/usr/local/lamp/gd \

--with-zlib=/usr/local/lamp/zlib \--with-png=/usr/local/lamp/libpng \

--with-jpeg=/usr/local/lamp/jpeg \

--with-freetype=/usr/local/lamp/freetype

# make

*******************************************************************************************如出现以下警告信息

make[2]: *** [gd_png.lo] Error 1

make[2]: Leaving directory `/usr/local/src/gd-2.0.35'

make[1]: *** [all-recursive] Error 1

make[1]: Leaving directory `/usr/local/src/gd-2.0.35'

make: *** [all] Error 2

# vi  /usr/local/src/gd-2.0.35/gd_png.c

查找png.h改成

/usr/local/lamp/libpng/include/png.h

保存退出

再重新执行

# make

*******************************************************************************************

 

# make install

 

8 Apache

# cd /usr/local/src

# tar -zxvf httpd-2.0.58.tar.gz

# cd /usr/local/src/httpd-2.0.58

# ./configure --prefix=/usr/local/lamp/apache \

--sysconfdir=/etc/httpd \

--with-z=/usr/local/lamp/zlib \

--with-included-apr \

--disable-userdir \

--enable-so \

--enable-deflate=shared \

--enable-expires=shared \

--enable-rewrite=shared \

--enable-vhost-alias=shared \

--enable-static-support

# make

*******************************************************************************************

如出现以下警告信息

make[4]:***[mod_deflate.slo] error 1

# cd /usr/include/

# rm -rf zlib.h

然后使用httpd-2.2.9.tar.gz版本使用相同参数安装即可

******************************************************************************************

# make install

# echo "/usr/local/lamp/apache/bin/apachectl start" >> /etc/rc.d/rc.local

# ln -s /usr/local/lamp/apache/bin/apachectl /sbin/

 

9 MySQL

 

# groupadd mysql

# useradd –g mysql mysql

# tar -xzvf mysql-5.0.20a.tar.gz

# cd /usr/local/src/mysql-5.0.20a

# ./configure --prefix=/usr/local/lamp/mysql \

--with-extra-charsets=all

# make

# make install

# cp support-files/my-medium.cnf /etc/my.cnf

# cd /usr/local/lamp/mysql

# bin/mysql_install_db --user=mysql

# chown –R root .

# chown –R mysql var

# chgrp –R mysql .

# bin/mysqld_safe --user=mysql &       //启动MySQL

# netstat -tnl|grep 3306  //查看3306端口是否开启,以下结果为MySQL

服务启动成功

tcp         0            0 0.0.0.0:3306            0.0.0.0:*        LISTEN

# bin/mysql -u root  //没有密码可以直接登录MySQL服务器

mysql> DELETE FROM mysql.user WHERE Host='localhost' AND User='';

mysql> FLUSH PRIVILEGES;

mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('123456');

mysql> exit

# cd /usr/local/src/mysql-5.0.20a

# cp support-files/mysql.server /etc/rc.d/init.d/mysqld

# chown root.root /etc/rc.d/init.d/mysqld

# chmod 755 /etc/rc.d/init.d/mysqld

# chkconfig --add mysqld

# chkconfig --level 3  mysqld on

# chkconfig --level 5  mysqld on

 

10 PHP

 

# cd /usr/local/src

# tar -xzvf php-5.0.4.tar.gz

# cd /usr/local/src/php-5.0.4

# ./configure --prefix=/usr/local/lamp/php \

--with-config-file-path=/usr/local/lamp/php/etc \

--with-apxs2=/usr/local/lamp/apache/bin/apxs \

--with-libxml-dir=/usr/local/lamp/libxml \

--with-zlib-dir=/usr/local/lamp/zlib \

--with-mysql=/usr/local/lamp/mysql \

--with-mysqli=/usr/local/lamp/mysql/bin/mysql_config \

--with-gd=/usr/local/lamp/gd \

--with-png-dir=/usr/local/lamp/libpng \

--with-jpeg-dir=/usr/local/lamp/jpeg \

--with-freetype-dir=/usr/local/lamp/freetype \

--enable-soap \

--enable-sockets \

--with-mcrypt=/usr/local/lamp/libmcrypt   

*******************************************************************************************

如出现类似以下警告信息

checking whether to enable LIBXML support... yes

…………………………………………

checking whether libxml build works... no

使用libxml2-2.6.30.tar.gz版本使用相同参数重新安装libxml即可

******************************************************************************************

 

# make

# make install

# mkdir /usr/local/lamp/php/etc

# cp php.ini-dist /usr/local/lamp/php/etc/php.ini

 

11 ZendOptimizer

 

# cd /usr/local/src

# tar –xzvf ZendOptimizer-3.3.3-linux-glibc23-x86_64.tar.gz

# ./ZendOptimizer-3.3.0-linux-glibc21-i386/install.sh

 

整合ApachePHP

 

# vi /usr/local/lamp/apache/conf/httpd.conf

 

找到:

 

AddType application/x-gzip .gz .tgz

 

在该行下面添加

 

AddType application/x-httpd-php .php

 

找到:

 

    DirectoryIndex index.html

 

改为

 

    DirectoryIndex index.html index.htm index.php

 

找到:

 

#Include conf/extra/httpd-mpm.conf

#Include conf/extra/httpd-info.conf

#Include conf/extra/httpd-vhosts.conf

#Include conf/extra/httpd-default.conf

 

去掉前面的#号,取消注释。

# /usr/local/lamp/apache/bin/apachectl restart

 

 

查看确认L.A.M.P环境信息、提升 PHP 安全性

 

在网站根目录放置 phpinfo.php 脚本,检查phpinfo中的各项信息是否正确

确认 PHP 能够正常工作后,在 php.ini 中进行设置提升 PHP 安全性。

 

# vi /etc/php.ini

 

找到:

 

disable_functions =

 

设置为:

 

phpinfo,passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server

 

 

服务器安全性设置

 

# vi /usr/local/sbin/fw.sh

 

将以下脚本命令粘贴到 fw.sh 文件中。

 

#!/bin/bash

 

# Stop iptables service first

service iptables stop

 

# Load FTP Kernel modules

/sbin/modprobe ip_conntrack_ftp

/sbin/modprobe ip_nat_ftp

 

# Inital chains default policy

/sbin/iptables -F -t filter

/sbin/iptables -P INPUT DROP

/sbin/iptables -P OUTPUT ACCEPT

 

# Enable Native Network Transfer

/sbin/iptables -A INPUT -i lo -j ACCEPT

 

# Accept Established Connections

/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

 

# ICMP Control

/sbin/iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 10 –j ACCEPT

 

# WWW Service

/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT

 

# FTP Service

/sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT

 

# SSH Service

/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT

 

修改完成后保存退出

 

# chmod 755 /usr/local/sbin/fw.sh

# echo '/usr/local/sbin/fw.sh' >> /etc/rc.local

# /usr/local/sbin/fw.sh

阅读(3245) | 评论(0) | 转发(0) |
0

上一篇:用iptables 和iproute2实现网络负载平衡功能

下一篇:没有了

给主人留下些什么吧!~~