下载相应的源代码:apache1,tomcat4,mysql,apr.jdk 1,安装MYSQL4数据库: #tar –zxvf mysql-4.tar.gz #groupadd mysql #useradd -g mysql mysql #cd mysql-4 #./configure –prefix=/usr/local/mysql #make;make install #scripts/mysql_install_db #chown -R root /usr/local/mysql #chown -R mysql /usr/local/mysql/var #chgrp -R mysql /usr/local/mysql #cp /usr/local/mysql/share/mysql/my-medium.cnf /etc/my.cnf #/usr/local/mysql/bin/mysqld_safe --user=mysql & #/usr/local/mysql/bin/mysql -->show databases; -->exit; #/usr/local/mysql/bin/mysqladmin -u root password your_new_password MYSQL安装已经完成 2,安装APACHE1服务器: #tar -zxvf apache1.tar.gz #cd apache1 #./configure --prefix=/usr/local/apache --enable-module=so #make;make install #vi /usr/local/apache/conf/httpd.conf servername:yourip 保存并退出 3安装TOMCAT4 (1)安装JDK #cd /usr/local #sh jdk-1.2.2-RC4-linux-i386-glibc-2.1.2.sh #ln –s jdk-1.2.2 /usr/local/jdk #ln –s jdk-1.2.2 /usr/local/jre (2)设置TOMCAT运行环境 #vi /root/.bash_profile 在此文件后加入下面 JAVA_HOME=/usr/local/jdk export JAVA_HOME CLASSPATH=/usr/local/jdk/lib:/usr/local/jre/lib export CLASSPATH CATALINA_HOME=/usr/local/tomcat export CATALINA_HOME PATH=$PATH:/usr/local/jdk/bin:/usr/local/jre/bin 保存并退出 (3)安装TOMCAT4 #tar –zxvf jakarta-tomcat4.tar.gz #mv jakarta-tomat tomcat a.测试TOMCAT运行情况 #lynx localhost:8080 b.生成mod_webapp.so #tar -zxvf jakarta-tomcat.connnerts-src.tar.gz #tar -zxvf apr_APACHE_2.0.35.tar.gz #mv -r apr /usr/local/tomcat.connerts-src/webapp/ #cd /usr/local/tomcat.connerts-src/webapp/ #support/buildconf.sh #./configure --with-apxs=/usr/local/apache/bin/apxs #make 4.联合APACHE1+TOMCAT4 #cp apache-1.3/mod_webapp.so /usr/local/apache/libexec/ #vi /usr/local/apache/conf/httpd.conf 修改 DirectoryIndex index.jsp index.html Options Indexes MultiViews Options MultiViews 加入 LoadModule webapp_module libexec/mod_webapp.so WebAppConnection warpConnection warp localhost:8008 WebAppDeploy examples warpConnection /examples/ WebAppInfo /webapp-info 保存并退出 #/usr/local/apache/bin/apachectl configtest Syntax OK #/usr/local/apache/bin/apachectl start #/usr/local/tomcat/webapps/examples/index.jsp #vi /usr/local/tomcat/webapps/examples/index.jsp 2 + 2 = <%= 2 + 2 %> 保存并退出 #chmod 755 /usr/local/tomcat/webapps/examples/index.jsp #nohup /usr/local/tomcat/bin/startup.sh 5.测试 打开浏览器键入http://localhost/examples/ 如出现 2+2=4 即联合成功。 6.创建mysql,apache,tomcat自启动 #vi /etc/rc.d/rc.local /usr/local/mysql/bin/mysqld_safe --user=mysql & /usr/local/apache/bin/apachectl start /usr/local/tcstart.sh 保存并退出 #touch /etc/init.d/tomcat #chmod 755 /etc/init.d/tomcat #useradd -d /usr/local/ tomcat #vi /etc/init.d/tomcat #!/bin/bash # # tomcat Starts Tomcat Java server. # # # chkconfig: 345 88 12 # description: Tomcat is the server for Java servlet applications. ### BEGIN INIT INFO # Provides: $tomcat ### END INIT INFO # Source function library. . /etc/init.d/functions [ -f /usr/local/tcstart.sh ] || exit 0 [ -f /usr/local/tcstop.sh ] || exit 0 RETVAL=0 umask 077 start() { echo -n $"Starting Tomcat Java server: " daemon su -c /usr/local/tcstart.sh tomcat echo return $RETVAL } stop() { echo -n $"Shutting down Tomcat Java server: " daemon su -c /usr/local/tcstop.sh tomcat echo return $RETVAL } restart() { stop start } case "$1" in start) start ;; stop) stop ;; restart|reload) restart ;; *) echo $"Usage: $0 {start|stop|restart}" exit 1 esac exit $? 保存并退出 #touch /usr/local/tcstart.sh #!/bin/bash export JDK_HOME=/usr/local/jsdk export JAVA_HOME=/usr/local/jsdk #startup tomcat server /usr/local/tomcat/bin/startup.sh 保存并退出 #chmod 755 /usr/local/tcstart.sh 7.创建安全的科威WEB运行环境 (1).阻止你的系统响应任何从外部/内部来的ping请求 #vi /etc/rc.d/rc.local echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all (2).减少系统CPU占有量和由于误操作导致系统重启 #vi /etc/inittab id:3:initdefault: # Run gettys in standard runlevels 1:2345:respawn:/sbin/mingetty tty1 2:2345:respawn:/sbin/mingetty tty2 #3:2345:respawn:/sbin/mingetty tty3 #4:2345:respawn:/sbin/mingetty tty4 #5:2345:respawn:/sbin/mingetty tty5 #6:2345:respawn:/sbin/mingetty tty6 #ca::ctrlaltdel:/sbin/shutdown -t3 -r now 保存并退出 (3). 删除不必要的拥护和组 #userdel –r username adm,lp,sync,shutdown,halt,mail,procmail,mailx,news,uucp,operator,games,gopher,ftp #groupdel groupname adm,lp,sync,shutdown,halt,mail,procmail,mailx,news,uucp,operator,games,gopher,ftp (4). 创建ftp账户 #groupadd su #useradd –g su –d /usr/local/apache/htdocs webserver (5). 用chattr命令给下面的文件加上不可更改属性。 [root@deep]# chattr +i /etc/passwd [root@deep]# chattr +i /etc/shadow [root@deep]# chattr +i /etc/group [root@deep]# chattr +i /etc/gshadow (6).禁止任何人(非法)通过su命令改变为root用户 #vi /etc/pam.d/su auth sufficient /lib/security/pam_rootok.so debug auth required /lib/security/pam_wheel.so group=sul 保存并退出 这样之后,只有su组成员可以改变为root用户 (7).资源限制防止DoS类型攻击 #vi /etc/security/limits.conf 在这个文件后加入下面 * hard core 0 * hard rss 5000 * hard nproc 20 保存并退出 #vi /etc/pam.d/login 在这个文件后加入下面 session required /lib/security/pam_limits.so 保存并退出 至此,科威服务器已组建成功,即现在的http://www.xx.net. |