编译安装apache+php+mysql+mod_security 系统平台:maigic linux 2.0 rc1 作者:hew(http://bbs.linuxsky.net/) 老早以前写的,大家看看。 下载: aoache2 http://www.apache.org/dist/httpd/httpd-2.0.55.tar.bz2 mysql4: http://mysql.oss.eznetsols.org/Downloads/MySQL-4.1/mysql-4.1.15.tar.gz php4: http://cn.php.net/distributions/php-4.4.1.tar.bz2 mod_security http://www.modsecurity.org/download/modsecurity-apache-1.9.tar.gz mysql 安装: $ tar zxvf mysql-4.1.15.tar.gz $ cd mysql-4.1.15 # groupadd mysql # useradd -g mysql mysql # ./configure --prefix=/usr/local/mysql # make # make install # cp support-files/my-medium.cnf /etc/my.cnf # cd /usr/local/mysql # bin/mysql_install_db --user=mysql # chown -R root . # chown -R mysql var # chgrp -R mysql . # bin/mysqld_safe --user=mysql & apache 2 安装: $ tar jxvf httpd-2.0.55.tar.bz2 $ cd httpd-2.055 $ vi config.sh 写入内容如下: 代码: #!/bin/bash HTTPD_ROOT="/apache2" ./configure --prefix=$HTTPD_ROOT \ --enable-so \ --enable-rewrite \ --enable-info \ --enable-cgid \ --enable-mime-magic \ --enable-alias \ --enable-access \ --enable-deflate \ --enable-forward # sh config.sh 上面过程等同于直接 ./configure --prefix=/apache2 --enable-so \ --enable-rewrite \ --enable-info \ --enable-cgid \ --enable-mime-magic \ --enable-alias \ --enable-access \ --enable-deflate \ --enable-forward 写一个config.sh 只是个人习惯方便今后查看和升级再编译。 # make # make install 安装php4 $ tar jxvf php-4.4.1.tar.bz2 $ cd php-4.4.1 $ vi config.sh 写入内容: 代码: #!/bin/bash PHP_ROOT=/apache2 ./configure --prefix=$PHP_ROOT \ --with-apxs2=$PHP_ROOT/bin/apxs \ --with-mysql \ --enable-ftp \ --enable-zip \ --enable-mbstring \ --enable-mbregex \ --enable-calendar \ --enable-curl \ --disable-debug \ --enable-inline-optimization -q \ --with-jpeg \ --with-png \ --enable-thread-safety \ --enable-ctype \ --with-bz \ --with-zlib \ --with-gd \ --with-kerberos \ --with-gettext \ --enable-force-cgi-redirect $ make # make install 安装modsecurity: $ tar zxvf modsecurity-apache-1.9.tar.gz $ cd modsecurity-apache-1.9/apache2/ $ /apache2/bin/apxs -cia mod_security.c 配置: 1.编辑/etc/my.cnf 去掉[mysqld]段skip-networking这句的注释,这样mysql只能从本机连接,有助提高安全性。 2.编辑/apache/conf/httpd.conf 修改ServerAdmin [email protected] 将后面的mail 地址改为服务器管理员地址。 增加一个php 文件配置 AddType application/x-httpd-php .php 在DirectoryIndex 后增加一个 index.php 增加deflate 配置信息 代码: <Location /> # Insert filter SetOutputFilter DEFLATE # Netscape 4.x has some problems... BrowserMatch ^Mozilla/4 gzip-only-text/html # Netscape 4.06-4.08 have some more problems BrowserMatch ^Mozilla/4\.0[678] no-gzip # MSIE masquerades as Netscape, but it is fine # BrowserMatch \bMSIE !no-gzip !gzip-only-text/html # NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48 # the above regex won't work. You can use the following # workaround to get the desired effect: BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html # Don't compress images SetEnvIfNoCase Request_URI \ \.(?:gif|jpe?g|png|ico)$ no-gzip dont-vary # Make sure proxies don't deliver the wrong content #Header append Vary User-Agent env=!dont-vary </Location> DeflateFilterNote ratio LogFormat '"%v %h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" (%{ratio}n)' deflate CustomLog logs/deflate_log deflate 添加一段mod_security的配置文件 代码: <IfModule mod_security.c> SecFilterEngine On SecFilterCheckURLEncoding On SecFilterDefaultAction "deny,log,status:500" #SecFilterForceByteRange 32 126 #SecFilterScanPOST On SecAuditLog logs/audit_log ### SecFilter "\.\./" ##### SecFilter /etc/*passwd SecFilter /bin/*sh #for css attack SecFilter "<( | )*script" SecFilter "<(.| )+>" #for sql attack SecFilter "delete[ ]+from" SecFilter "insert[ ]+into" SecFilter "select.+from" SecFilter "union[ ]+from" SecFilter "drop[ ]" </IfModule> 测试: 在/apache2/htdocs 创建文件test.php 内容为: 代码: <?php echo phpinfo; ?> 在浏览器中打开 http://127.0.0.1/test.php 如果你能看到 phpinfo 界面那么恭喜一切搞定。