编译安装apache2+php+mysql+mod_security

编译安装apache2+php+mysql+mod_security

作者: hew  发布日期: 2005-11-10    查看数: <script language="JavaScript" src="http://www.linuxsky.net/function.php?action=view&tid=1609&views=1256" type="text/JavaScript"></script>1256   出自: http://www.linuxsky.net

编译安装apache+php+mysql+mod_security 系统平台：maigic linux 2.0 rc1 下载： aoache2 http://www.apache.org/dist/httpd/httpd-2.0.55.tar.bz2 mysql4: http://mysql.oss.eznetsols.org/Downloads/MySQL-4.1/mysql-4.1.15.tar.gz php4: http://cn.php.net/distributions/php-4.4.1.tar.bz2 mod_security http://www.modsecurity.org/download/modsecurity-apache-1.9.tar.gz mysql 安装: $ tar zxvf mysql-4.1.15.tar.gz $ cd mysql-4.1.15 # groupadd mysql # useradd -g mysql mysql # ./configure --prefix=/usr/local/mysql # make # make install # cp support-files/my-medium.cnf /etc/my.cnf # cd /usr/local/mysql # bin/mysql_install_db --user=mysql # chown -R root . # chown -R mysql var # chgrp -R mysql . # bin/mysqld_safe --user=mysql & apache 2 安装: $ tar jxvf httpd-2.0.55.tar.bz2 $ cd httpd-2.055 $ vi config.sh 写入内容如下： CODE: #!/bin/bash HTTPD_ROOT="/apache2" ./configure --prefix=$HTTPD_ROOT / --enable-so / --enable-rewrite / --enable-info / --enable-cgid / --enable-mime-magic / --enable-alias / --enable-access / --enable-deflate / --enable-forward # sh config.sh 上面过程等同于直接 ./configure --prefix＝/apache2 --enable-so / --enable-rewrite / --enable-info / --enable-cgid / --enable-mime-magic / --enable-alias / --enable-access / --enable-deflate / --enable-forward 写一个config.sh 只是个人习惯方便今后查看和升级再编译。 # make # make install 安装php4 $ tar jxvf php-4.4.1.tar.bz2 $ cd php-4.4.1 $ vi config.sh 写入内容: CODE: #!/bin/bash PHP_ROOT=/apache2 ./configure --prefix=$PHP_ROOT / --with-apxs2=$PHP_ROOT/bin/apxs / --with-mysql / --enable-ftp / --enable-zip / --enable-mbstring / --enable-mbregex / --enable-calendar / --enable-curl / --disable-debug / --enable-inline-optimization -q / --with-jpeg / --with-png / --enable-thread-safety / --enable-ctype / --with-bz / --with-zlib / --with-gd / --with-kerberos / --with-gettext / --enable-force-cgi-redirect $ make # make install 安装modsecurity： $ tar zxvf modsecurity-apache-1.9.tar.gz $ cd modsecurity-apache-1.9/apache2/ $ /apache2/bin/apxs -cia mod_security.c 配置： 1.编辑/etc/my.cnf 去掉[mysqld]段skip-networking这句的注释，这样mysql只能从本机连接，有助提高安全性。 2.编辑/apache/conf/httpd.conf 修改ServerAdmin you@example.com 将后面的mail 地址改为服务器管理员地址。 增加一个php 文件配置 AddType application/x-httpd-php .php 在DirectoryIndex 后增加一个 index.php 增加deflate 配置信息 CODE: &lt;Location /&gt; # Insert filter SetOutputFilter DEFLATE # Netscape 4.x has some problems... BrowserMatch ^Mozilla/4 gzip-only-text/html # Netscape 4.06-4.08 have some more problems BrowserMatch ^Mozilla/4/.0&#91;678&#93; no-gzip # MSIE masquerades as Netscape, but it is fine # BrowserMatch /bMSIE !no-gzip !gzip-only-text/html # NOTE&#58; Due to a bug in mod_setenvif up to Apache 2.0.48 # the above regex won't work. You can use the following # workaround to get the desired effect&#58; BrowserMatch /bMSI&#91;E&#93; !no-gzip !gzip-only-text/html # Don't compress images SetEnvIfNoCase Request_URI / /.&#40;?&#58;gif|jpe?g|png|ico&#41;$ no-gzip dont-vary # Make sure proxies don't deliver the wrong content #Header append Vary User-Agent env=!dont-vary &lt;/Location&gt; DeflateFilterNote ratio LogFormat '"%v %h %l %u %t "%r" %&gt;s %b "%{Referer}i" "%{User-Agent}i"" &#40;%{ratio}n&#41;' deflate CustomLog logs/deflate_log deflate 添加一段mod_security的配置文件 CODE: &lt;IfModule mod_security.c&gt; SecFilterEngine On SecFilterCheckURLEncoding On SecFilterDefaultAction "deny,log,status&#58;500" #SecFilterForceByteRange 32 126 #SecFilterScanPOST On SecAuditLog logs/audit_log ### SecFilter "/././" ##### SecFilter /etc/*passwd SecFilter /bin/*sh #for css attack SecFilter "&lt;&#40; | &#41;*script" SecFilter "&lt;&#40;.| &#41;+&gt;" #for sql attack SecFilter "delete&#91; &#93;+from" SecFilter "insert&#91; &#93;+into" SecFilter "select.+from" SecFilter "union&#91; &#93;+from" SecFilter "drop&#91; &#93;" &lt;/IfModule&gt; 测试： 在/apache2/htdocs 创建文件test.php 内容为： CODE: &lt;?php echo phpinfo&#40;&#41;; ?&gt; 在浏览器中打开 http://127.0.0.1/test.php 如果你能看到 phpinfo 界面那么恭喜一切搞定。