Chinaunix首页 | 论坛 | 博客
  • 博客访问: 233135
  • 博文数量: 61
  • 博客积分: 2482
  • 博客等级: 少校
  • 技术积分: 675
  • 用 户 组: 普通用户
  • 注册时间: 2009-03-02 11:03
文章分类

全部博文(61)

文章存档

2012年(1)

2011年(1)

2010年(52)

2009年(7)

分类: 系统运维

2010-09-10 13:25:40

#!/bin/bash
# modified by jack.geng 2010-07-27
# remove buildin mysql
yum -y remove mysql mysql-server

cd
cat > .bash_profile << "EOF"
# .bash_profile
# Get the aliases and functions
if [ -f /etc/bashrc ]; then
        . /etc/bashrc
fi
# User specific environment and startup programs
PATH=/usr/local/php/bin:/usr/local/apache/bin:$PATH:$HOME/bin:/usr/local/mysql/bin
export PATH
unset USERNAME
EOF
# source .bash_profile
# make mysql 5.1.45 from source
/usr/sbin/groupadd -g 500 malabs
/usr/sbin/useradd -g malabs -u 500 -d /usr/local/mysql mysql
cd /usr/local/
tar xfz mysql-5.1.45.tar.gz
cd mysql-5.1.45
./configure --with-plugins=partition,innobase,myisam --without-docs --prefix=/usr/local/mysql
make && make install
ln -s /usr/local/mysql/lib /usr/local/mysql/lib64
cp /usr/local/mysql/lib/mysql/libmysqlclient.so.16.0.0 /usr/lib64/libmysqlclient.so.16
chown -R mysql:malabs /usr/local/mysql

# install apache
useradd –g malabs –u 501 -d /usr/local/apache web
cat > /usr/local/apache/.bash_profile <<"EOF"
if [ -f ~/.bashrc ]; then
        . ~/.bashrc
fi

# User specific environment and startup programs

PATH=$PATH:$HOME/bin:/usr/local/php/bin

export PATH
EOF
chown web:malabs /usr/local/apache/.bash_profile
chmod +x /usr/local/apache/.bash_profile

cd /usr/local
tar zxf httpd-2.2.15.tar.gz
cd httpd-2.2.15
./configure --prefix=/usr/local/apache --enable-mods-shared=all --enable-ssl
make && make install

rm -f /etc/init.d/httpd
cat > /etc/init.d/apache  << "EOF"
#!/bin/bash
#
# Startup script for the Apache Web Server
# chkconfig: - 85 15
# description: Apache is a World Wide Web server.   It is used to serve \
#               HTML files and CGI.
# processname: httpd
# pidfile: /usr/local/apache/logs/httpd.pid
# config: /usr/local/apache/conf/httpd.conf

# Source function library.
. /etc/rc.d/init.d/functions

if [ -f /etc/sysconfig/httpd ]; then
        . /etc/sysconfig/httpd
fi

# This will prevent initlog from swallowing up a pass-phrase prompt if
# mod_ssl needs a pass-phrase from the user.
INITLOG_ARGS=""

# Path to the apachectl script, server binary, and short-form for messages.
apachectl=/usr/local/apache/bin/apachectl
httpd=/usr/local/apache/bin/httpd
pid=/usr/local/apache/logs/httpd.pid
prog=httpd
RETVAL=0

# The semantics of these two functions differ from the way apachectl does
# things -- attempting to start while running is a failure, and shutdown
# when not running is also a failure.   So we just do it the way init scripts
# are expected to behave here.
start() {
         echo -n $"Starting $prog: "
        daemon $httpd $OPTIONS
         RETVAL=$?
         echo
         [ $RETVAL = 0 ] && touch /var/lock/subsys/httpd
        return $RETVAL
}
stop() {
         echo -n $"Stopping $prog: "
        killproc $httpd
         RETVAL=$?
         echo
         [ $RETVAL = 0 ] && rm -f /var/lock/subsys/httpd $pid
}
reload() {
         echo -n $"Reloading $prog: "
        killproc $httpd -HUP
         RETVAL=$?
         echo
}

# See how we were called.
case "$1" in
   start)
        start
        ;;
  stop)
        stop
        ;;
  status)
        status $httpd
         RETVAL=$?
         ;;
  restart)
        stop
         start
        ;;
  condrestart)
         if [ -f $pid ] ; then
                 stop
                 start
         fi
        ;;
  reload)
        reload
        ;;
  graceful|help|configtest|fullstatus)
        $apachectl $@
        RETVAL=$?
         ;;
   *)
         echo $"Usage: $prog {start|stop|restart|condrestart|reload|status"
        echo $"|fullstatus|graceful|help|configtest}"
        exit 1
esac

exit $RETVAL
EOF

chmod +x /etc/init.d/apache
/sbin/chkconfig --add  apache
/sbin/chkconfig --level 3 apache on

# install php ref components
cd /usr/local
tar xfz libiconv-1.13.1.tar.gz
cd libiconv-1.13.1
./configure --prefix=/usr/local
make && make install
ln -sf /usr/local/lib/libiconv.* /usr/lib64/

cd /usr/local/
tar zxf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8
./configure  && make && make install
/sbin/ldconfig
cd libltdl/
./configure --enable-ltdl-install
make
make install
ln -sf /usr/local/lib/libmcrypt.* /usr/lib64/
ln -sf /usr/local/bin/libmcrypt-config /usr/bin/

cd /usr/local/
tar zxf mhash-0.9.9.9.tar.gz
cd mhash-0.9.9.9
./configure && make && make install
ln -sf /usr/local/lib/libmhash.* /usr/lib64/

cd /usr/local/
tar zxf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8
./configure  && make && make install
ln -sf /usr/local/lib/libmcrypt.* /usr/lib64/

# install php
# ln -sf /usr/lib64/libjpeg.so.62.0.0 /usr/lib64/libjpeg.so
# ln -sf /usr/lib64/libpng.so.3.10.0 /usr/lib64/libpng.so
ln -sf /usr/lib64/libapr-1.so.0.2.7 /usr/lib64/libapr-1.so
# ln -sf /usr/lib64/libxml2.so.2.6.26 /usr/lib/libxml2.so

cd /usr/local/
tar xfz php-5.3.2.tar.gz
cd php-5.3.2

./configure --with-libdir=lib64 \
--prefix=/usr/local/php --with-apxs2=/usr/local/apache/bin/apxs --with-mysql=/usr/local/mysql \
--with-mysqli=/usr/local/mysql/bin/mysql_config --with-config-file-path=/usr/local/php/etc --with-iconv-dir=/usr/local \
--with-pdo-mysql=/usr/local/mysql \
--with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --enable-xml \
--disable-rpath --enable-safe-mode --enable-bcmath --enable-shmop --enable-sysvsem \
--enable-inline-optimization --with-curl --with-curlwrappers --enable-mbregex --enable-mbstring --with-mcrypt \
--with-gd --enable-gd-native-ttf --with-mhash --with-openssl \
--enable-sockets --with-xmlrpc --enable-zip --enable-soap

make ZEND_EXTRA_LIBS='-liconv'
make install
libtool --finish libs
cp php.ini-production /usr/local/php/etc/php.ini
cp /usr/local/php/etc/php.ini /usr/local/php/etc/php.ini.save
sed -i 's/post_max_size = 8M/ post_max_size = 30M/g' /usr/local/php/etc/php.ini
sed -i 's/upload_max_filesize = 2M/ upload_max_filesize = 25M/g' /usr/local/php/etc/php.ini
sed -i '/display_errors/s/On/Off/' /usr/local/php/etc/php.ini
sed -i '/short_open_tag/s/Off/On/' /usr/local/php/etc/php.ini
sed -i 's#;default_charset = "iso-8859-1"#default_charset = "utf8"#' /usr/local/php/etc/php.ini
sed -i 's/memory_limit = 128M/ memory_limit = 512M/g' /usr/local/php/etc/php.ini
sed -i 's#;date.timezone =#date.timezone = America/Los_Angeles#' /usr/local/php/etc/php.ini
echo "" >> /usr/local/apache/htdocs/index.php

cd /usr/local/
tar xfz APC-3.1.3p1.tgz
cd /usr/local/APC-3.1.3p1
/usr/local/php/bin/phpize
./configure --with-libdir=lib64 --enable-apc --enable-apc-mmap --with-php-config=/usr/local/php/bin/php-config
make && make install
echo "extension=apc.so" >> /usr/local/php/etc/php.ini
echo "apc.enabled=1" >> /usr/local/php/etc/php.ini
echo "apc.shm_size=128" >> /usr/local/php/etc/php.ini
echo "apc.num_files_hint=1024" >> /usr/local/php/etc/php.ini
echo "apc.mmap_file_mask=/tmp/apc.XXXXXX" >> /usr/local/php/etc/php.ini
cp apc.php /usr/local/apache/htdocs/.

cd /usr/local/
tar zxvf mod_rpaf-0.6.tar.gz
cd mod_rpaf-0.6
/usr/local/apache/bin/apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c

yum -y install pcre-devel
mkdir /tmp/modsecurity
chown web:malabs /tmp/modsecurity

cd /usr/local
tar xfz modsecurity-apache_2.5.12.tar.gz
cd modsecurity-apache_2.5.12/apache2
./configure --with-apr=/usr/local/apache/bin --with-apu=/usr/local/apache/bin && make && make install
mkdir /usr/local/apache/conf/secu
cp /usr/local/modsecurity-apache_2.5.12/rules/modsecurity_crs_10_config.conf /usr/local/apache/conf/secu
cp -r /usr/local/modsecurity-apache_2.5.12/rules/base_rules  /usr/local/apache/conf/secu
cp -r /usr/local/modsecurity-apache_2.5.12/rules/optional_rules  /usr/local/apache/conf/secu

cd /usr/local/apache/conf
mv httpd.conf httpd.conf.orig

cat > /usr/local/apache/conf/httpd.conf <<"EOF"
ServerRoot "/usr/local/apache"
Listen 80
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule include_module modules/mod_include.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule mime_module modules/mod_mime.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule asis_module modules/mod_asis.so
LoadModule info_module modules/mod_info.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule php5_module        modules/libphp5.so


User web
Group malabs


ServerAdmin you@example.com
ServerName maweb1:80
DocumentRoot "/usr/local/apache/htdocs"

    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all


    Options Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all


    DirectoryIndex index.html index.php


    Order allow,deny
    Deny from all
    Satisfy All

ErrorLog "logs/error_log"
LogLevel warn

    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
   
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
   

    CustomLog "|/usr/local/apache/bin/rotatelogs /usr/local/apache/logs/%Y_%m_%d.access_log 86400 480" common


    ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"




    AllowOverride None
    Options None
    Order allow,deny
    Allow from all

DefaultType text/plain

    TypesConfig conf/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz

Include conf/extra/httpd-info.conf
Include conf/extra/httpd-mpm.conf

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin


SetHandler server-status
Order Deny,Allow
Deny from all
Allow from 192.168.20.173

AddType application/x-httpd-php         .php .phtml
AddType application/x-httpd-php-source  .phps
# install virtualhost to apache
NameVirtualHost *
Include conf/malabs.conf
Include conf/backend.conf
Include conf/security.conf
Include conf/admin.conf
LoadModule rpaf_module modules/mod_rpaf-2.0.so
RPAFenable On
RPAFsethostname On
RPAFheader X-Forwarded-For
RPAFproxy_ips 10.1.8.116 10.1.8.120
EOF

cat > /usr/local/apache/conf/malabs.conf  << "EOF"

        ServerName
        DocumentRoot "/usr/local/malabs/web"
        DirectoryIndex index.php
        ErrorLog "logs/malabs_error_log"
       
        AllowOverride ALL
        Allow from All
        php_admin_value session.save_path "/tmp/session"
       

        Alias /sf "/usr/local/symfony/data/web/sf"
       
        AllowOverride All
        Allow from All
       


EOF

cat > /usr/local/apache/conf/backend.conf  << "EOF"

        ServerName backend.malabs.com
        DocumentRoot "/usr/local/backend/web"
        ErrorLog "logs/backend_error_log"
        DirectoryIndex index.php
       
        AllowOverride All
        Allow from 10.1.11 192.168.20
        php_admin_value session.save_path "/tmp/session"
       


EOF

cat > /usr/local/apache/conf/admin.conf  << "EOF"
    Alias /admin /usr/local/apache/htdocs
    
    Order Deny,Allow
    Deny from all
    Allow from 192.168.20.173
   

    
    SetHandler server-status
    Order Deny,Allow
    Deny from all
    Allow from 192.168.20.173
    

EOF

# install mod_security
cat > /usr/local/apache/conf/security.conf << "EOF"
TraceEnable off
ServerTokens Prod
ServerSignature Off
LoadFile /usr/lib64/libxml2.so
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule security2_module modules/mod_security2.so
Include conf/secu/*.conf
Include conf/secu/base_rules/modsecurity_crs_40_generic_attacks.conf
Include conf/secu/base_rules/modsecurity_crs_41_sql_injection_attacks.conf
Include conf/secu/base_rules/modsecurity_crs_41_xss_attacks.conf
Include conf/secu/base_rules/modsecurity_crs_45_trojans.conf
SecDataDir /tmp/modsecurity
# Include conf/secu/optional_rules/*.conf
EOF

mkdir /tmp/session
chown web:malabs /tmp/session

cd /usr/local
tar xfz rkhunter-1.3.6.tar.gz
cd rkhunter-1.3.6
./installer.sh --install
rkhunter --propupd

cd /usr/local/
mkdir {malabs,symfony,backend}
chown -R web:malabs {malabs,symfony,backend}

rm -rf /usr/local/package.xml

# passwd web
# web!@2010
# install project
# cd /usr/local
# from 192.168.21.50 deploy to maweb1 and maweb2

# reboot the server

阅读(1839) | 评论(0) | 转发(0) |
0

上一篇:mysql installation

下一篇:nginx+samba installation

给主人留下些什么吧!~~