User Tools

Site Tools


huy:centos_for_rozum
cd /etc/yum.repos.d/
wget http://centos.karan.org/kbsingh-CentOS-Extras.repo
rpm --import http://www.jasonlitka.com/media/RPM-GPG-KEY-jlitka
rpm --import http://centos.karan.org/RPM-GPG-KEY-karan.org.txt
cat > utterramblings.repo
[utterramblings]
name=Jason's Utter Ramblings Repo
baseurl=http://www.jasonlitka.com/media/EL$releasever/$basearch/
enabled=1
gpgcheck=0
gpgkey=http://www.jasonlitka.com/media/RPM-GPG-KEY-jlitka
^D
yum install mysql.x86_64 mysql-server.x86_64 php-mysql php-mhash php-mcrypt \
php-common php-pdo  php-xml php-imap php-tidy php-soap php-mbstring php-cli \
php-xmlrpc php-bcmath php-gd httpd-devel-2.2.16-jason.1 gcc gcc-c++ pcre-devel \
libxml2-devel vsftpd
chkconfig --levels 235 httpd on
chkconfig mysqld on
chkconfig vsftpd on
rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
yum install  php-memcache.x86_64 vim-enhanced

wget http://packages.sw.be/perl-Net-SSLeay/perl-Net-SSLeay-1.36-1.el5.rfx.i386.rpm
wget http://packages.sw.be/perl-Net-SSLeay/perl-Net-SSLeay-1.36-1.el5.rfx.x86_64.rpm
wget http://packages.sw.be/perl-IO-Socket-SSL/perl-IO-Socket-SSL-1.34-1.el5.rfx.noarch.rpm

rpm -e perl-Net-SSLeay-1.30-4.fc6 
rpm -e perl-IO-Socket-SSL-1.01-1.fc6
rpm -i perl-Net-SSLeay-1.36-1.el5.rfx.x86_64.rpm
rpm -i perl-Net-SSLeay-1.36-1.el5.rfx.i386.rpm
rpm -i perl-IO-Socket-SSL-1.34-1.el5.rfx.noarch.rpm

yum install memcached.x86_64  
vim /etc/sysconfig/memcached
   CACHESIZE="1024"
/etc/init.d/memcached start


cat > /etc/httpd/conf.d/php.conf

#
# PHP is an HTML-embedded scripting language which attempts to make it
# easy for developers to write dynamically generated webpages.
#

#LoadModule php5_module modules/libphp5.so

#
# Cause the PHP interpreter to handle files with a .php extension.
#
#AddHandler php5-script .php
#AddType text/html .php

#
# Add index.php to the list of files that will be served as directory
# indexes.
#
DirectoryIndex index.php

#
# Uncomment the following line to allow PHP to pretty-print .phps
# files as PHP source code:
#
#AddType application/x-httpd-php-source .phps

^D
echo cgi.fix_pathinfo = 1 >> /etc/php.ini
groupadd nairabetwww
useradd -s /bin/false -d /var/www/nairabet.com -m -g  nairabetwww nairabetwww
mkdir /var/www/nairabetwww/web
mkdir -p /var/www/php-fcgi-scripts/nairabetwww
cat > /var/www/php-fcgi-scripts/nairabetwww/php-fcgi-starter
#!/bin/sh
PHPRC=/etc/
export PHPRC
export PHP_FCGI_MAX_REQUESTS=5000
export PHP_FCGI_CHILDREN=8
exec /usr/bin/php-cgi

^D
chmod +x /var/www/php-fcgi-scripts/nairabetwww/php-fcgi-starter
chown -R nairabetwww:nairabetwww    /var/www/php-fcgi-scripts/nairabetwww
cat >> /etc/httpd/conf/httpd.conf

NameVirtualHost *:80

<VirtualHost *:80>
  ServerName nairabet.com
  ServerAlias www.nairabet.com
  ServerAdmin [email protected]
  DocumentRoot /var/www/nairabet.com/web/

  <IfModule mod_fcgid.c>
    SuexecUserGroup nairabetwww nairabetwww
    ProcessLifeTime 7200
    IPCCommTimeout 600
    PHP_Fix_Pathinfo_Enable 1
    <Directory /var/www/nairabet.com/web/>
      Options +ExecCGI
      AllowOverride All
      AddHandler fcgid-script .php
      FCGIWrapper /var/www/php-fcgi-scripts/nairabetwww/php-fcgi-starter .php
      Order allow,deny
      Allow from all
    </Directory>
  </IfModule>
<IfModule mod_evasive20.c>
    DOSHashTableSize    3097
    DOSPageCount        2
    DOSSiteCount        50
    DOSPageInterval     1
    DOSSiteInterval     1
    DOSBlockingPeriod   10
</IfModule>
  # ErrorLog /var/log/apache2/error.log
  # CustomLog /var/log/apache2/access.log combined
  ServerSignature Off
<IfModule mod_security2.c>
    SecRuleEngine On
    SecDefaultAction "log,deny,phase:2"
</IfModule>

</VirtualHost>

^D
/etc/init.d/httpd reload
wget http://thesuki.org/scripts/zend/ZendOptimizer-3.3.9-linux-glibc23-x86_64.tar.gz
tar zxfv ZendOptimizer-3.3.9-linux-glibc23-x86_64.tar.gz
cp ZendOptimizer-3.3.9-linux-glibc23-x86_64/data/5_2_x_comp/ZendOptimizer.so /usr/lib64/php/modules/ZendOptimizer.so
cat >> /etc/php.ini
[Zend]
zend_extension=/usr/lib64/php/modules/ZendOptimizer.so

^D
wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz
tar zxfv mod_evasive_1.10.1.tar.gz
cd mod_evasive
apxs -cia mod_evasive20.c
cd
wget http://www.modsecurity.org/download/modsecurity-apache_2.5.12.tar.gz
tar zxfv modsecurity-apache_2.5.12.tar.gz
cd modsecurity-apache_2.5.12
cd apache2
./configure
make
make install
mkdir /etc/httpd/modsecurity.d
cd ..
cd rules
cp base_rules/* /etc/httpd/modsecurity.d/
cp -Rfp optional_rules /etc/httpd/modsecurity.d/
cp modsecurity_crs_10_config.conf /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf
cat > /etc/httpd/conf.d/mod_security.conf
# Example configuration file for the mod_security Apache module

LoadModule security2_module modules/mod_security2.so
LoadModule unique_id_module modules/mod_unique_id.so
<IfModule mod_security2.c>
        # This is the ModSecurity Core Rules Set.

        # Basic configuration goes in here
        Include modsecurity.d/modsecurity_crs_10_config.conf

        # Protocol violation and anomalies.

        Include modsecurity.d/modsecurity_crs_20_protocol_violations.conf
        Include modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf

        # HTTP policy rules

        Include modsecurity.d/modsecurity_crs_30_http_policy.conf

        # Here comes the Bad Stuff...

        Include modsecurity.d/modsecurity_crs_35_bad_robots.conf
        Include modsecurity.d/modsecurity_crs_40_generic_attacks.conf
        Include modsecurity.d/modsecurity_crs_45_trojans.conf
        Include modsecurity.d/modsecurity_crs_50_outbound.conf

        # Search engines and other crawlers. Only useful if you want to track
        # Google / Yahoo et. al.

        # Include modsecurity.d/modsecurity_crs_55_marketing.conf

        # Put your local rules in here.

        Include modsecurity.d/modsecurity_localrules.conf
</IfModule>

^D
touch /etc/httpd/modsecurity.d/modsecurity_localrules.conf
vim /etc/vsftpd/vsftpd.conf
anonymous_enable=NO
chroot_local_user=YES
/etc/init.d/vsftpd start
echo /bin/false >> /etc/shells
/etc/init.d/mysqld start

mysqladmin password CHANGEME

cat > /root/.my.cnf
[client]
password=CHANGEME
^D
chmod 600 /root/.my.cnf
passwd nairabetwww
mkdir /var/www/nairabet.com/web
chown -R nairabetwww:nairabetwww /var/www/nairabet.com
chmod +x /var/www/nairabet.com
vim /etc/yum.repos.d/kbsingh-CentOS-Extras.repo
yum install mod_fcgid.x86_64
chmod +x /var/www/nairabet.com
apachectl stop
apachectl start

huy/centos_for_rozum.txt · Last modified: 2011/03/23 14:05 by slayer