apache2+php+mysql+mod_secu+mod_evasive by irunnet.com铪铪铪

apache2+php+mysql+mod_secu+mod_evasive

下载：
apache2
http://www.apache.org/dist/httpd/httpd-2.0.55.tar.bz2
mysql4:
http://mysql.oss.eznetsols.org/Downloads/MySQL-4.1/mysql-4.1.15.tar.gz
php4:
http://cn.php.net/distributions/php-4.4.1.tar.bz2

mod_security
http://www.modsecurity.org/download/modsecurity-apache-1.9.tar.gz

mod_evasive

http://www.nuclearelephant.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz

mysql 安装:
$ tar zxvf mysql-4.1.15.tar.gz
$ cd mysql-4.1.15
# groupadd mysql         
# useradd -g mysql mysql  
# ./configure --prefix=/usr/local/mysql

# make
# make install
# cp support-files/my-medium.cnf /etc/my.cnf
# cd /usr/local/mysql
# bin/mysql_install_db --user=mysql
# chown -R root . [后面有个点啊KKK chown -R root .]
# chown -R mysql var
# chgrp -R mysql . [同样有个. chgrp -R mysql .]
# bin/mysqld_safe --user=mysql &

apache 2 安装:

$ tar jxvf httpd-2.0.55.tar.bz2
$ cd httpd-2.055
$ vi config.sh 写入内容如下：

代码:

#!/bin/bash

HTTPD_ROOT="/apache2"

 

 

./configure --prefix=/apache2 /

--enable-so /

--enable-rewrite /

--enable-info /

--enable-cgid /

--enable-mime-magic /

--enable-vhost-alias /

--enable-deflate /

--enable-expires /

--with-mpm=prefork

# sh config.sh
上面过程等同于直接
./configure --prefix=/apache2 /

--enable-so /

--enable-rewrite /

--enable-info /

--enable-cgid /

--enable-mime-magic /

--enable-vhost-alias /

--enable-deflate /

--enable-expires /
写一个config.sh 只是个人习惯方便今后查看和升级再编译。
# make
# make install

安装php4
$ tar jxvf php-4.4.1.tar.bz2
$ cd php-4.4.1
$ vi config.sh 写入内容:

代码:

#!/bin/bash

PHP_ROOT=/apache2

./configure --prefix=$PHP_ROOT /

            --with-apxs2=$PHP_ROOT/bin/apxs /

            --with-mysql=/usr/local/mysql /

            --enable-mbstring /

            --with-curl /

            --enable-debug /

            --enable-inline-optimization -q /

            --with-jpeg-dir=/usr/local/ /

            --with-png-dir /

            --enable-thread-safety /

            --enable-ctype /

            --with-bz2 /

            --with-zlib /

            --with-gd /

            --with-kerberos /

            --with-gettext /

            --enable-force-cgi-redirect /

            --with-iconv /

            --enable-gd-native-ttf /

            --enable-sockets /

            --with-snmp /

            --enable-ucd-snmp-hack

$ make
# make install

安装modsecurity（mod_security 可以加强apache的安全性特别是在防sql 注入上。
$ tar zxvf modsecurity-apache-1.9.tar.gz
$ cd modsecurity-apache-1.9/apache2/
$ /apache2/bin/apxs -cia mod_security.c
$/usr/local/apache-2.0.55/bin/apxs -cia mod_security.c[/usr/local/apache-2.0.55/bin/apxs是实际安装apache的路径]

 

 

安装mod_evasive防DDOS攻击
# tar zxvf  mod_evasive_1.10.1.tar.gz
# cd  mod_evasive_1.10.1
#/apache/bin/apxs -i -a -c mod_evasive20.c
# /usr/local/apache/bin/apxs -i -a -c mod_evasive20.c

打开 httpd.conf文件
查看是否有, 如没有则加上去
LoadModule evasive20_module   modules/mod_evasive20.so
添加一段mod_evasive20的配置文件

代码:

    DOSHashTableSize    3097
    DOSPageCount        2
    DOSSiteCount        50
    DOSPageInterval     1
    DOSSiteInterval     1
    DOSBlockingPeriod   10

 

 

 

 

配置：
1.编辑/etc/my.cnf
去掉[mysqld]段skip-networking这句的注释，这样mysql只能从本机连接，有助提高安全性。

2.编辑/apache/conf/httpd.conf
修改ServerAdmin irunnet.com@irunnet.com将后面的mail 地址改为服务器管理员地址。
增加一个php 文件配置
AddType application/x-httpd-php .php
在DirectoryIndex 后增加一个 index.php
增加deflate 配置信息

代码:

# Insert filter
SetOutputFilter DEFLATE
 
# Netscape 4.x has some problems...
BrowserMatch ^Mozilla/4 gzip-only-text/html
 
# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4/.0[678] no-gzip
 
# MSIE masquerades as Netscape, but it is fine
# BrowserMatch /bMSIE !no-gzip !gzip-only-text/html
 
# NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48
# the above regex won't work. You can use the following
# workaround to get the desired effect:
BrowserMatch /bMSI[E] !no-gzip !gzip-only-text/html
 
# Don't compress images
SetEnvIfNoCase Request_URI .(?:gif|jpe?g|png|ico)$ no-gzip dont-vary
 
# Make sure proxies don't deliver the wrong content
#Header append Vary User-Agent env=!dont-vary

 
DeflateFilterNote ratio
LogFormat '"%v %h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" (%{ratio}n)' deflate
 
CustomLog logs/deflate_log deflate

添加一段mod_security的配置文件

代码:

SecFilterEngine On
SecFilterCheckURLEncoding On
SecFilterDefaultAction "deny,log,status:500"
#SecFilterForceByteRange 32 126
#SecFilterScanPOST On
SecAuditLog logs/audit_log
###
SecFilter "/././"
#####
SecFilter /etc/*passwd
SecFilter /bin/*sh

#for css attack
SecFilter "<( | )*script"
SecFilter "<(.| )+>"
#for sql attack
SecFilter "delete[ ]+from"
SecFilter "insert[ ]+into"
SecFilter "select.+from"
SecFilter "union[ ]+from"
SecFilter "drop[ ]"

添加一段mod_evasive20的配置文件

代码:

    DOSHashTableSize    3097
    DOSPageCount        2
    DOSSiteCount        50
    DOSPageInterval     1
    DOSSiteInterval     1
    DOSBlockingPeriod   10

 

 

测试：
在/apache2/htdocs 创建文件phpinfo.php 内容为：

代码:

echo phpinfo();
?>

在浏览器中打开 http://127.0.0.1/phpinfo.php 如果你能看到 phpinfo 界面那么ok。