cd /etc/yum.repos.d/
wget http://centos.karan.org/kbsingh-CentOS-Extras.repo
rpm --import http://www.jasonlitka.com/media/RPM-GPG-KEY-jlitka rpm --import http://centos.karan.org/RPM-GPG-KEY-karan.org.txt
cat > utterramblings.repo
[utterramblings] name=Jason's Utter Ramblings Repo baseurl=http://www.jasonlitka.com/media/EL$releasever/$basearch/ enabled=1 gpgcheck=0 gpgkey=http://www.jasonlitka.com/media/RPM-GPG-KEY-jlitka ^D
yum install mysql.x86_64 mysql-server.x86_64 php-mysql php-mhash php-mcrypt \ php-common php-pdo php-xml php-imap php-tidy php-soap php-mbstring php-cli \ php-xmlrpc php-bcmath php-gd httpd-devel-2.2.16-jason.1 gcc gcc-c++ pcre-devel \ libxml2-devel vsftpd
chkconfig --levels 235 httpd on chkconfig mysqld on chkconfig vsftpd on rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm yum install php-memcache.x86_64 vim-enhanced wget http://packages.sw.be/perl-Net-SSLeay/perl-Net-SSLeay-1.36-1.el5.rfx.i386.rpm wget http://packages.sw.be/perl-Net-SSLeay/perl-Net-SSLeay-1.36-1.el5.rfx.x86_64.rpm wget http://packages.sw.be/perl-IO-Socket-SSL/perl-IO-Socket-SSL-1.34-1.el5.rfx.noarch.rpm rpm -e perl-Net-SSLeay-1.30-4.fc6 rpm -e perl-IO-Socket-SSL-1.01-1.fc6 rpm -i perl-Net-SSLeay-1.36-1.el5.rfx.x86_64.rpm rpm -i perl-Net-SSLeay-1.36-1.el5.rfx.i386.rpm rpm -i perl-IO-Socket-SSL-1.34-1.el5.rfx.noarch.rpm yum install memcached.x86_64 vim /etc/sysconfig/memcached CACHESIZE="1024" /etc/init.d/memcached start
cat > /etc/httpd/conf.d/php.conf # # PHP is an HTML-embedded scripting language which attempts to make it # easy for developers to write dynamically generated webpages. # #LoadModule php5_module modules/libphp5.so # # Cause the PHP interpreter to handle files with a .php extension. # #AddHandler php5-script .php #AddType text/html .php # # Add index.php to the list of files that will be served as directory # indexes. # DirectoryIndex index.php # # Uncomment the following line to allow PHP to pretty-print .phps # files as PHP source code: # #AddType application/x-httpd-php-source .phps ^D
echo cgi.fix_pathinfo = 1 >> /etc/php.ini
groupadd nairabetwww useradd -s /bin/false -d /var/www/nairabet.com -m -g nairabetwww nairabetwww
mkdir /var/www/nairabetwww/web mkdir -p /var/www/php-fcgi-scripts/nairabetwww
cat > /var/www/php-fcgi-scripts/nairabetwww/php-fcgi-starter #!/bin/sh PHPRC=/etc/ export PHPRC export PHP_FCGI_MAX_REQUESTS=5000 export PHP_FCGI_CHILDREN=8 exec /usr/bin/php-cgi ^D
chmod +x /var/www/php-fcgi-scripts/nairabetwww/php-fcgi-starter chown -R nairabetwww:nairabetwww /var/www/php-fcgi-scripts/nairabetwww
cat >> /etc/httpd/conf/httpd.conf NameVirtualHost *:80 <VirtualHost *:80> ServerName nairabet.com ServerAlias www.nairabet.com ServerAdmin webmaster@nairabet.com DocumentRoot /var/www/nairabet.com/web/ <IfModule mod_fcgid.c> SuexecUserGroup nairabetwww nairabetwww ProcessLifeTime 7200 IPCCommTimeout 600 PHP_Fix_Pathinfo_Enable 1 <Directory /var/www/nairabet.com/web/> Options +ExecCGI AllowOverride All AddHandler fcgid-script .php FCGIWrapper /var/www/php-fcgi-scripts/nairabetwww/php-fcgi-starter .php Order allow,deny Allow from all </Directory> </IfModule> <IfModule mod_evasive20.c> DOSHashTableSize 3097 DOSPageCount 2 DOSSiteCount 50 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 10 </IfModule> # ErrorLog /var/log/apache2/error.log # CustomLog /var/log/apache2/access.log combined ServerSignature Off <IfModule mod_security2.c> SecRuleEngine On SecDefaultAction "log,deny,phase:2" </IfModule> </VirtualHost> ^D
/etc/init.d/httpd reload
wget http://thesuki.org/scripts/zend/ZendOptimizer-3.3.9-linux-glibc23-x86_64.tar.gz tar zxfv ZendOptimizer-3.3.9-linux-glibc23-x86_64.tar.gz cp ZendOptimizer-3.3.9-linux-glibc23-x86_64/data/5_2_x_comp/ZendOptimizer.so /usr/lib64/php/modules/ZendOptimizer.so cat >> /etc/php.ini [Zend] zend_extension=/usr/lib64/php/modules/ZendOptimizer.so ^D
wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz tar zxfv mod_evasive_1.10.1.tar.gz cd mod_evasive apxs -cia mod_evasive20.c
cd wget http://www.modsecurity.org/download/modsecurity-apache_2.5.12.tar.gz tar zxfv modsecurity-apache_2.5.12.tar.gz cd modsecurity-apache_2.5.12 cd apache2 ./configure make make install mkdir /etc/httpd/modsecurity.d cd .. cd rules cp base_rules/* /etc/httpd/modsecurity.d/ cp -Rfp optional_rules /etc/httpd/modsecurity.d/ cp modsecurity_crs_10_config.conf /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf
cat > /etc/httpd/conf.d/mod_security.conf # Example configuration file for the mod_security Apache module LoadModule security2_module modules/mod_security2.so LoadModule unique_id_module modules/mod_unique_id.so <IfModule mod_security2.c> # This is the ModSecurity Core Rules Set. # Basic configuration goes in here Include modsecurity.d/modsecurity_crs_10_config.conf # Protocol violation and anomalies. Include modsecurity.d/modsecurity_crs_20_protocol_violations.conf Include modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf # HTTP policy rules Include modsecurity.d/modsecurity_crs_30_http_policy.conf # Here comes the Bad Stuff... Include modsecurity.d/modsecurity_crs_35_bad_robots.conf Include modsecurity.d/modsecurity_crs_40_generic_attacks.conf Include modsecurity.d/modsecurity_crs_45_trojans.conf Include modsecurity.d/modsecurity_crs_50_outbound.conf # Search engines and other crawlers. Only useful if you want to track # Google / Yahoo et. al. # Include modsecurity.d/modsecurity_crs_55_marketing.conf # Put your local rules in here. Include modsecurity.d/modsecurity_localrules.conf </IfModule> ^D
touch /etc/httpd/modsecurity.d/modsecurity_localrules.conf
vim /etc/vsftpd/vsftpd.conf
anonymous_enable=NO chroot_local_user=YES
/etc/init.d/vsftpd start
echo /bin/false >> /etc/shells
/etc/init.d/mysqld start mysqladmin password CHANGEME cat > /root/.my.cnf [client] password=CHANGEME ^D chmod 600 /root/.my.cnf
passwd nairabetwww mkdir /var/www/nairabet.com/web chown -R nairabetwww:nairabetwww /var/www/nairabet.com chmod +x /var/www/nairabet.com vim /etc/yum.repos.d/kbsingh-CentOS-Extras.repo yum install mod_fcgid.x86_64 chmod +x /var/www/nairabet.com apachectl stop apachectl start