apache2+php+mysql+mod_secu+mod_evasive+mod_gzip+snmp+rrdtool+cacti
来源:互联网 发布:淘宝卖家怎么注销 编辑:程序博客网 时间:2024/04/26 15:33
apache2+php+mysql+mod_secu+mod_evasive+mod_gzip+snmp+rrdtool+cacti
下载:
apache2
http://www.apache.org/dist/httpd/httpd-2.0.55.tar.bz2
mysql4:
http://mysql.oss.eznetsols.org/Downloads/MySQL-4.1/mysql-4.1.15.tar.gz
php4:
http://cn.php.net/distributions/php-4.4.1.tar.bz2
mod_security
http://www.modsecurity.org/download/modsecurity-apache-1.9.tar.gz
mod_evasive
http://www.nuclearelephant.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
mod_gzip
http://w.yi.org/ftp/incoming/mod_gzip-2.1.0.tar.gz
rrdtool
http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/pub/libs/libart_lgpl-2.3.17.tar.gz
cacti
http://www.cacti.net/downloads/cacti-0.8.6g.tar.gz
step 1:[基本环境:apache+mysql+php]安装
1、mysql 安装: [注意:cacti-
# tar zxvf mysql-
# cd mysql-4.1.15
# groupadd mysql
# useradd -g mysql mysql
# ./configure --prefix=/usr/local/mysql
# make
# make install
# cp support-files/my-medium.cnf /etc/my.cnf
# cd /usr/local/mysql
# bin/mysql_install_db --user=mysql
# chown -R root .
# chown -R mysql var
# chgrp -R mysql .
# bin/mysqld_safe --user=mysql &
2、apache 2 安装:
# tar jxvf httpd-
# cd httpd-2.055
# vi config.sh 写入内容如下:
代码:
#!/bin/bash
HTTPD_ROOT="/usr/local/apache2"
./configure --prefix=$HTTPD_ROOT /
--enable-so /
--enable-rewrite /
--enable-info /
--enable-cgid /
--enable-mime-magic /
--enable-vhost-alias /
--enable-deflate /
--enable-expires /
--with-mpm=prefork
# sh config.sh
上面过程等同于直接
./configure --prefix=/usr/local/apache2 /
--enable-so /
--enable-rewrite /
--enable-info /
--enable-cgid /
--enable-mime-magic /
--enable-vhost-alias /
--enable-deflate /
--enable-expires /
写一个config.sh方便今后查看和升级再编译。
# make
# make install
3、安装php4
# tar jxvf php-
# cd php-4.4.1
# vi config.sh 写入内容:
代码:
#!/bin/bash
PHP_ROOT=/usr/local/php/
./configure --prefix=$PHP_ROOT /
--with-apxs2=/usr/local/apache2/bin/apxs /
--with-mysql=/usr/local/mysql /
--enable-mbstring /
--with-curl /
--enable-debug /
--enable-inline-optimization -q /
--with-jpeg-dir=/usr/local/ /
--with-png-dir /
--enable-thread-safety /
--enable-ctype /
--with-bz2 /
--with-zlib /
--with-gd /
--with-kerberos /
--with-gettext /
--enable-force-cgi-redirect /
--with-iconv /
--enable-gd-native-ttf /
--enable-sockets /
--with-snmp /
--enable-ucd-snmp-hack
#sh config.sh
# make
# make install
#cp php.ini-dist /usr/local/php/lib/php.ini
4、安装modsecurity(mod_security 可以加强apache的安全性特别是在防sql 注入上。
# tar zxvf modsecurity-apache-1.9.tar.gz
# cd modsecurity-apache-1.9/apache2/
# /apache2/bin/apxs -cia mod_security.c
5、安装mod_evasive防DDOS攻击
# tar zxvf mod_evasive_
# cd mod_evasive_1.10.1
#/apache/bin/apxs -i -a -c mod_evasive20.c
# /usr/local/apache/bin/apxs -i -a -c mod_evasive20.c
6、安装mod_gzip 对静态WEB页面进行压缩
#tar zxvf mod_gzip-
# cd mod_gzip-
#/usr/local/apache2/bin/apxs -cia mod_gzip.c
…………………..
Rrdtool、cacti的安装等将这些基本的环境配置好后进行安装
………………….
Step 2: 基本环境配置
配置:
1、配置apache
A.增加一个解析php 文件配置
AddType application/x-httpd-php .php
B.在DirectoryIndex 后增加一个 index.php
C.增加deflate 配置信息
代码:
# Insert filter
SetOutputFilter DEFLATE
# Netscape 4.x has some problems...
BrowserMatch ^Mozilla/4 gzip-only-text/html
# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4/.0[678] no-gzip
# MSIE masquerades as Netscape, but it is fine
# BrowserMatch /bMSIE !no-gzip !gzip-only-text/html
# NOTE: Due to a bug in mod_setenvif up to Apache
# the above regex won't work. You can use the following
# workaround to get the desired effect:
BrowserMatch /bMSI[E] !no-gzip !gzip-only-text/html
# Don't compress images
SetEnvIfNoCase Request_URI .(?:gif|jpe?g|png|ico)$ no-gzip dont-vary
# Make sure proxies don't deliver the wrong content
#Header append Vary User-Agent env=!dont-vary
DeflateFilterNote ratio
LogFormat '"%v %h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" (%{ratio}n)' deflate
CustomLog logs/deflate_log deflate
D.检查一下配置文件中是否有一下模块, 如没有则加上去
LoadModule evasive20_module modules/mod_evasive20.so
LoadModule gzip_module modules/mod_gzip.so
LoadModule security_module modules/mod_security.so
E.添加一段mod_security的配置文件
代码:
SecFilterEngine On
SecFilterCheckURLEncoding On
SecFilterDefaultAction "deny,log,status:500"
#SecFilterForceByteRange 32 126
#SecFilterScanPOST On
SecAuditLog logs/audit_log
###
SecFilter "/././"
#####
SecFilter /etc/*passwd
SecFilter /bin/*sh
#for css attack
SecFilter "<( | )*script"
SecFilter "<(.| )+>"
#for sql attack
SecFilter "delete[ ]+from"
SecFilter "insert[ ]+into"
SecFilter "select.+from"
SecFilter "union[ ]+from"
SecFilter "drop[ ]"
F.添加一段mod_evasive20的配置文件
代码:
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
G. 添加一段mod_gzip.c的配置文件
代码:
mod_gzip_on Yes
mod_gzip_minimum_file_size
mod_gzip_maximum_file_size 0
mod_gzip_maximum_inmem_size 60000
mod_gzip_item_include mime "application/x-httpd-php"
mod_gzip_item_include mime "text/*"
# 压缩 Zope 的内容:
mod_gzip_item_include file "[^.]*$"
mod_gzip_item_include mime "httpd/unix-directory"
mod_gzip_dechunk Yes
mod_gzip_temp_dir "/tmp"
mod_gzip_keep_workfiles No
mod_gzip_item_include file "/.php$"
mod_gzip_item_include file "/.txt$"
mod_gzip_item_include file "/.html$"
mod_gzip_item_exclude file "/.css$"
mod_gzip_item_exclude file "/.js$"
H.加个VirtualHost
NameVirtualHost *:80
ServerName www.irunnet.com
DocumentRoot /usr/local/apps/www/cacti
ErrorLog /dev/null
CustomLog /dev/null common
2、测试PHP
在/usr/local/apps/www/cacti 创建文件phpinfo.php 内容为:
代码:
echo phpinfo();
?>
在浏览器中打开 http://www.irunnet.com/******/phpinfo.php 如果你能看到 phpinfo 界面那么ok。
这里对PHP.ini配置文件根据开发需求简单改改
memory_limit =
display_errors = Off
log_errors = Off
log_errors_max_len = 10240
error_log = /usr/local/apps/www/log
post_max_size =
upload_max_filesize =
有关MYSQL配置,仅供参考!可以跳过不操作,不影响正常安装!
3.mysql配置[这个步骤请有经验的人操作,主要在安全方面设置,仅供参考!]
- apache2+php+mysql+mod_secu+mod_evasive+mod_gzip+snmp+rrdtool+cacti
- apache2+php+mysql+mod_secu+mod_evasive+mod_gzip+snmp+rrdtool+cacti
- apache2+php+mysql+mod_secu+mod_evasive+mod_gzip+snmp+rrdtool+cacti [续]
- apache2+php+mysql+mod_secu+mod_evasive by irunnet.com铪铪铪
- cacti -rrdtool
- [cacti]nginx+php+cacti+mysql+php-fpm 安装小记
- 支持Cacti运作的PHP+RRDtool环境配置方法 -1
- 支持Cacti运作的PHP+RRDtool环境配置方法 -2
- 支持Cacti运作的PHP+RRDtool环境配置方法 -3
- 支持Cacti运作的PHP+RRDtool环境配置方法 -4
- 支持Cacti运作的PHP+RRDtool环境配置方法 -5
- CentOS5.4(64bit)下安装配置Cacti----SNMP+RRDTool安装配置(RPM安装)
- CentOS CACTI,RRDTool安装
- apache,php, mysql, php加速, mod_evasive防ddos for linux
- 什么是MRTG、RRDTool、Cacti、CactiEZ?
- Ubuntu+Apache2+Mysql+Php
- Ubuntu + apache2 +mysql +php
- cacti snmp 排查
- 没有规划的人,繁忙的一个周末
- 管理的关键不在于知而在于行!
- awstats简易安装文档
- 附:MYSQL配置
- apache2+php+mysql+mod_secu+mod_evasive+mod_gzip+snmp+rrdtool+cacti [续]
- apache2+php+mysql+mod_secu+mod_evasive+mod_gzip+snmp+rrdtool+cacti
- 用mod_gzip对Apache做Web压缩
- unix&linux系列三:anti-backdoor by irunnet.com
- unix&linux系列二:WebApps' config & security by irunnet.com
- unix&linux系列一:Host&Security by irunnet.com
- apache2+php+mysql+mod_secu+mod_evasive by irunnet.com铪铪铪
- win2003+apache+php+mysql 简易配置 by irunnet.com
- how to get the space size of some tables in one database?
- Extended Stored Proc & Inject