apache2+php+mysql+mod_secu+mod_evasive+mod_gzip+snmp＋rrdtool+cacti

apache2+php+mysql+mod_secu+mod_evasive+mod_gzip+snmp＋rrdtool+cacti

下载：
apache2
http://www.apache.org/dist/httpd/httpd-2.0.55.tar.bz2
mysql4:
http://mysql.oss.eznetsols.org/Downloads/MySQL-4.1/mysql-4.1.15.tar.gz
php4:
http://cn.php.net/distributions/php-4.4.1.tar.bz2

mod_security
http://www.modsecurity.org/download/modsecurity-apache-1.9.tar.gz

mod_evasive

http://www.nuclearelephant.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz

mod_gzip

http://w.yi.org/ftp/incoming/mod_gzip-2.1.0.tar.gz

rrdtool

http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/pub/libs/libart_lgpl-2.3.17.tar.gz

cacti

http://www.cacti.net/downloads/cacti-0.8.6g.tar.gz

step 1:[基本环境:apache+mysql+php]安装

1、mysql 安装: [注意：cacti-<chsdate year="1899" month="12" day="30" islunardate="False" isrocdate="False" w:st="on"></chsdate>0.8.6.g版本不支持MYSQL5]
# tar zxvf mysql-<chsdate year="1899" month="12" day="30" islunardate="False" isrocdate="False" w:st="on"></chsdate>4.1.15.tar.gz
# cd mysql-4.1.15
# groupadd mysql

# useradd -g mysql mysql
# ./configure --prefix=/usr/local/mysql

# make
# make install
# cp support-files/my-medium.cnf /etc/my.cnf
# cd /usr/local/mysql
# bin/mysql_install_db --user=mysql
# chown -R root .
# chown -R mysql var
# chgrp -R mysql .
# bin/mysqld_safe --user=mysql &

2、apache 2 安装:

# tar jxvf httpd-<chsdate year="1899" month="12" day="30" islunardate="False" isrocdate="False" w:st="on"></chsdate>2.0.55.tar.bz2
# cd httpd-2.055
# vi config.sh 写入内容如下：

代码:

#!/bin/bash

HTTPD_ROOT="/usr/local/apache2"

./configure --prefix=$HTTPD_ROOT \

--enable-so \

--enable-rewrite \

--enable-info \

--enable-cgid \

--enable-mime-magic \

--enable-vhost-alias \

--enable-deflate \

--enable-expires \

--with-mpm=prefork

# sh config.sh
上面过程等同于直接
./configure --prefix=/usr/local/apache2 \

--enable-so \

--enable-rewrite \

--enable-info \

--enable-cgid \

--enable-mime-magic \

--enable-vhost-alias \

--enable-deflate \

--enable-expires \
写一个config.sh方便今后查看和升级再编译。
# make
# make install

3、安装php4
# tar jxvf php-<chsdate year="1899" month="12" day="30" islunardate="False" isrocdate="False" w:st="on"></chsdate>4.4.1.tar.bz2
# cd php-4.4.1
# vi config.sh 写入内容:

代码:

#!/bin/bash

PHP_ROOT=/usr/local/php/

./configure --prefix=$PHP_ROOT \

--with-apxs2=/usr/local/apache2/bin/apxs \

--with-mysql=/usr/local/mysql \

--enable-mbstring \

--with-curl \

--enable-debug \

--enable-inline-optimization -q \

--with-jpeg-dir=/usr/local/ \

--with-png-dir \

--enable-thread-safety \

--enable-ctype \

--with-bz2 \

--with-zlib \

--with-gd \

--with-kerberos \

--with-gettext \

--enable-force-cgi-redirect \

--with-iconv \

--enable-gd-native-ttf \

--enable-sockets \

--with-snmp \

--enable-ucd-snmp-hack

#sh config.sh
# make
# make install
#cp php.ini-dist /usr/local/php/lib/php.ini

4、安装modsecurity（mod_security 可以加强apache的安全性特别是在防sql 注入上。
# tar zxvf modsecurity-apache-1.9.tar.gz
# cd modsecurity-apache-1.9/apache2/
# /apache2/bin/apxs -cia mod_security.c

5、安装mod_evasive防DDOS攻击
# tar zxvf mod_evasive_<chsdate year="1899" month="12" day="30" islunardate="False" isrocdate="False" w:st="on"></chsdate>1.10.1.tar.gz
# cd mod_evasive_1.10.1
#/apache/bin/apxs -i -a -c mod_evasive20.c
# /usr/local/apache/bin/apxs -i -a -c mod_evasive20.c

6、安装mod_gzip 对静态WEB页面进行压缩

#tar zxvf mod_gzip-<chsdate year="1899" month="12" day="30" islunardate="False" isrocdate="False" w:st="on"></chsdate>2.1.0.tar.gz

# cd mod_gzip-<chsdate year="1899" month="12" day="30" islunardate="False" isrocdate="False" w:st="on"></chsdate>2.1.0

#/usr/local/apache2/bin/apxs -cia mod_gzip.c

…………………..

Rrdtool、cacti的安装等将这些基本的环境配置好后进行安装

………………….

Step 2: 基本环境配置

配置：

1、配置apache

A．增加一个解析php 文件配置
AddType application/x-httpd-php .php
B.在DirectoryIndex 后增加一个 index.php
C.增加deflate 配置信息

代码:

<Location />
# Insert filter
SetOutputFilter DEFLATE

# Netscape 4.x has some problems...
BrowserMatch ^Mozilla/4 gzip-only-text/html

# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4\.0[678] no-gzip

# MSIE masquerades as Netscape, but it is fine
# BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

# NOTE: Due to a bug in mod_setenvif up to Apache <chsdate year="1899" month="12" day="30" islunardate="False" isrocdate="False" w:st="on"></chsdate>2.0.48
# the above regex won't work. You can use the following
# workaround to get the desired effect:
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html

# Don't compress images
SetEnvIfNoCase Request_URI .(?:gif|jpe?g|png|ico)$ no-gzip dont-vary

# Make sure proxies don't deliver the wrong content
#Header append Vary User-Agent env=!dont-vary
</Location>

DeflateFilterNote ratio
LogFormat '"%v %h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" (%{ratio}n)' deflate

CustomLog logs/deflate_log deflate

D.检查一下配置文件中是否有一下模块, 如没有则加上去

LoadModule evasive20_module modules/mod_evasive20.so

LoadModule gzip_module modules/mod_gzip.so

LoadModule security_module modules/mod_security.so

E.添加一段mod_security的配置文件

代码:

<IfModule mod_security.c>
SecFilterEngine On
SecFilterCheckURLEncoding On
SecFilterDefaultAction "deny,log,status:500"
#SecFilterForceByteRange 32 126
#SecFilterScanPOST On
SecAuditLog logs/audit_log
###
SecFilter "\.\./"
#####
SecFilter /etc/*passwd
SecFilter /bin/*sh

#for css attack
SecFilter "<( | )*script"
SecFilter "<(.| )+>"
#for sql attack
SecFilter "delete[ ]+from"
SecFilter "insert[ ]+into"
SecFilter "select.+from"
SecFilter "union[ ]+from"
SecFilter "drop[ ]"
</IfModule>

F.添加一段mod_evasive20的配置文件

代码:

<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
</IfModule>

G. 添加一段mod_gzip.c的配置文件

代码:

mod_gzip_on Yes

mod_gzip_minimum_file_size <rtx w:st="on"></rtx>1002

mod_gzip_maximum_file_size 0

mod_gzip_maximum_inmem_size 60000

mod_gzip_item_include mime "application/x-httpd-php"

mod_gzip_item_include mime "text/*"

# 压缩 Zope 的内容：

mod_gzip_item_include file "[^.]*$"

mod_gzip_item_include mime "httpd/unix-directory"

mod_gzip_dechunk Yes

mod_gzip_temp_dir "/tmp"

mod_gzip_keep_workfiles No

mod_gzip_item_include file "\.php$"

mod_gzip_item_include file "\.txt$"

mod_gzip_item_include file "\.html$"

mod_gzip_item_exclude file "\.css$"

mod_gzip_item_exclude file "\.js$"

H.加个VirtualHost

NameVirtualHost *:80

<VirtualHost *:80>

ServerName www.irunnet.com

DocumentRoot /usr/local/apps/www/cacti

ErrorLog /dev/null

CustomLog /dev/null common

</VirtualHost>

2、测试PHP

在/usr/local/apps/www/cacti 创建文件phpinfo.php 内容为：

代码:

<?php
echo phpinfo();
?>

在浏览器中打开 http://www.irunnet.com/******/phpinfo.php 如果你能看到 phpinfo 界面那么ok。
这里对PHP.ini配置文件根据开发需求简单改改

memory_limit = <chmetcnv w:st="on" tcsc="0" numbertype="1" negative="False" hasspace="False" sourcevalue="50" unitname="m"></chmetcnv>50M

display_errors = Off

log_errors = Off

log_errors_max_len = 10240

error_log = /usr/local/apps/www/log

post_max_size = <chmetcnv w:st="on" tcsc="0" numbertype="1" negative="False" hasspace="False" sourcevalue="30" unitname="m"></chmetcnv>30M

upload_max_filesize = <chmetcnv w:st="on" tcsc="0" numbertype="1" negative="False" hasspace="False" sourcevalue="50" unitname="m"></chmetcnv>50M

有关MYSQL配置，仅供参考！可以跳过不操作，不影响正常安装！
3.mysql配置[这个步骤请有经验的人操作，主要在安全方面设置，仅供参考！]