软件源代码包存放位置:/usr/local/src
源码包编译安装位置(prefix):/usr/local/software_name
脚本以及维护程序存放位置:/usr/local/sbin
MySQL 数据库位置:/var/lib/MySQL(可按情况设置)
Apache 网站根目录:/home/www/wwwroot(可按情况设置)
Apache 虚拟主机日志根目录:/home/www/logs(可按情况设置)
Apache 运行账户:www:www
- # more /var/log/messages(检查有无系统级错误信息)
- # dmesg(检查硬件设备是否有错误信息)
- # ifconfig(检查网卡设置是否正确)
- # ping www.163.com(检查网络是否正常)
- # ntsysv
- 以下仅列出需要启动的服务,未列出的服务一律推荐关闭:
- atd
- crond
- irqbalance
- microcode_ctl
- network
- sendmail
- sshd
- syslog
- # init 6
- # vi /root/.bashrc
在 alias mv=’mv -i’ 下面添加一行:alias vi=’vim’ 保存退出。
- # echo 'syntax on' > /root/.vimrc
- # yum install ntp vim-enhanced gcc gcc-c++ gcc-g77 flex
- bison autoconf automake bzip2-devel ncurses-devel libjpeg-devel libpng-devel libtiff-devel freetype-devel pam-devel kerne
- # crontab -e
加入一行:
- */30 * * * * ntpdate 210.72.145.44
需要下载的文件
- gd-2.0.34.tar.gz
- libxml2-2.6.30.tar.bz2
- libmcrypt-2.5.8.tar.bz2
- cronolog-1.7.0-beta.tar.gz
- openssl-0.9.8e.tar.gz (可选)
- openssl-0.9.8e.tar.gz (可选)
7.1 GD2
- # cd /usr/local/src
- # tar xzvf gd-2.0.34.tar.gz
- # cd gd-2.0.34
- # ./configure --prefix=/usr/local/gd2
- # make
- # make install
7.2 LibXML2
- # cd /usr/local/src
- # tar xjvf libxml2-2.6.30.tar.bz2
- # cd libxml2-2.6.30
- # ./configure --prefix=/usr/local/libxml2
- # make
- # make install
7.3 LibMcrypt
- # cd /usr/local/src
- # tar xjvf libmcrypt-2.5.8.tar.bz2
- # cd libmcrypt-2.5.8
- # ./configure –prefix=/usr/local/libmcrypt
- # make
- # make install
7.4 Apache日志截断程序
- # cd /usr/local/src
- # tar xzvf cronolog-1.7.0-beta.tar.gz
- # cd cronolog-1.7.0-beta
- # ./configure –prefix=/usr/local/cronolog
- # make
- # make install
- # cd /usr/local/src
- # tar xzvf openssl-0.9.8e.tar.gz
- # cd openssl-0.9.8e
- # ./config --prefix=/usr/local/openssl
- # make
- # make test
- # make install
- # cd ..
- # tar xzvf openssh-4.7p1.tar.gz
- # cd openssh-4.7p1
- # ./configure
- "--prefix=/usr"
- "--with-pam"
- "--with-zlib"
- "--syscOnfdir=/etc/ssh"
- "--with-ssl-dir=/usr/local/openssl"
- "--with-md5-passwords"
- # make
- # make install
(1)禁用 SSH V1 协议 找到:
- #Protocol 2,1
改为:
- Protocol 2
(2)禁止root直接登录,此处先建立一个普通系统用户:
- # useradd username
- # passwd username
找到:
- #PermitRootLogin yes
改为:
- PermitRootLogin no
(3)禁用服务器端GSSAPI,找到以下两行,并将它们注释:
- GSSAPIAuthentication yes
- GSSAPICleanupCredentials yes
(4)禁用 DNS 名称解析,找到:
- #UseDNS yes
改为:
- UseDNS no
(5)禁用客户端 GSSAPI
- # vi /etc/ssh/ssh_config
找到:
- GSSAPIAuthentication yes
将这行注释掉。
最后,确认修改正确后重新启动 SSH 服务
- # service sshd restart
- # ssh -v
确认 OpenSSH 以及 OpenSSL 版本正确。
- # cd /usr/local/src
下载文件mysql,apache,php,请到下面网址下载相应软件
- http://www.apache.org/ (推荐版本:2.2.21)
- http://www.php.net/ (推荐版本:5.2.17)
- http://www.mysql.com/
- # tar xzvf MySQL-5.0.45-linux-i686-glibc23.tar.gz
- # mv MySQL-5.0.45-linux-i686-glibc23 /usr/local/
- # ln -s /usr/local/ MySQL-5.0.45-linux-i686-glibc23 /usr/local/MySQL
- # useradd MySQL
- # chown -R MySQL:root /usr/local/MySQL/
- # cd /usr/local/MySQL
- # ./scripts/MySQL_install_db --user=MySQL
- # cp ./support-files/MySQL.server /etc/rc.d/init.d/MySQLd
- # chown root:root /etc/rc.d/init.d/MySQLd
- # chmod 755 /etc/rc.d/init.d/MySQLd
- # chkconfig --add MySQLd
- # chkconfig --level 3 5 MySQLd on
- # cp ./support-files/my-huge.cnf /etc/my.cnf
- # mv /usr/local/MySQL/data /var/lib/MySQL
- # chown -R MySQL:MySQL /var/lib/MySQL/
- # vi /etc/my.cnf
- # cd /usr/local/src
- # tar xjvf httpd-2.2.21.tar.bz2
- # cd httpd-2.2.21
- # ./configure
- "--prefix=/usr/local/apache2"
- "--with-included-apr"
- "--enable-so"
- "--enable-deflate=shared"
- "--enable-expires=shared"
- "--enable-rewrite=shared"
- "--enable-static-support"
- "--disable-userdir"
- # make
- # make install
- # echo '/usr/local/apache2/bin/apachectl start ' >> /etc/rc.local
- # cd /usr/local/src
- # tar xjvf php-5.2.17.tar.bz2
- # cd php-5.2.17
- # ./configure
- "--prefix=/usr/local/php"
- "--with-apxs2=/usr/local/apache2/bin/apxs"
- "--with-config-file-path=/usr/local/php/etc"
- "--with-MySQL=/usr/local/MySQL"
- "--with-libxml-dir=/usr/local/libxml2"
- "--with-gd=/usr/local/gd2"
- "--with-jpeg-dir"
- "--with-png-dir"
- "--with-bz2"
- "--with-freetype-dir"
- "--with-iconv-dir"
- "--with-zlib-dir "
- "--with-openssl=/usr/local/openssl"
- "--with-mcrypt=/usr/local/libmcrypt"
- "--enable-soap"
- "--enable-gd-native-ttf"
- "--enable-ftp"
- "--enable-mbstring"
- "--enable-exif"
- "--disable-ipv6"
- "--disable-cgi"
- "--disable-cli"
- # make
- # make install
- # mkdir /usr/local/php/etc
- # cp php.ini-dist /usr/local/php/etc/php.ini
- # vi /usr/local/apache2/conf/httpd.conf
找到:
- AddType application/x-gzip .gz .tgz
在该行下面添加
- 1 AddType application/x-httpd-php .php
找到:
- DirectoryIndex index.html
将该行改为
- DirectoryIndex index.html index.htm index.php
找到:
- #Include conf/extra/httpd-mpm.conf
- #Include conf/extra/httpd-info.conf
- #Include conf/extra/httpd-vhosts.conf
- #Include conf/extra/httpd-default.conf
去掉前面的“#”号,取消注释。注意:以上 4 个扩展配置文件中的设置请按照相关原则进行合理配置!修改完成后保存退出。
- # /usr/local/apache2/bin/apachectl restart
在网站根目录放置 phpinfo.php 脚本,检查phpinfo中的各项信息是否正确。
确认 PHP 能够正常工作后,在 php.ini 中进行设置提升 PHP 安全性。
- # vi /etc/php.ini
找到:
- disable_functions =
设置为:
京公网安备 11010802041100号 | 京ICP备19059560号-4 | PHP1.CN 第一PHP社区 版权所有