RH9下APACHE+TOMCAT4+MYSQL4组建科威WEB服务器
下载相应的源代码:apache1,tomcat4,mysql,apr.jdk
1,安装MYSQL4数据库:
#tar –zxvf mysql-4.tar.gz
#groupadd mysql
#useradd -g mysql mysql
#cd mysql-4
#./configure –prefix=/usr/local/mysql
#make;make install
#scripts/mysql_install_db
#chown -R root /usr/local/mysql
#chown -R mysql /usr/local/mysql/var
#chgrp -R mysql /usr/local/mysql
#cp /usr/local/mysql/share/mysql/my-medium.cnf /etc/my.cnf
#/usr/local/mysql/bin/mysqld_safe --user=mysql &
#/usr/local/mysql/bin/mysql
-->show databases;
-->exit;
#/usr/local/mysql/bin/mysqladmin -u root password your_new_password
MYSQL安装已经完成
2,安装APACHE1服务器:
#tar -zxvf apache1.tar.gz
#cd apache1
#./configure --prefix=/usr/local/apache --enable-module=so
#make;make install
#vi /usr/local/apache/conf/httpd.conf
servername:yourip
保存并退出
3安装TOMCAT4
(1)安装JDK
#cd /usr/local
#sh jdk-1.2.2-RC4-linux-i386-glibc-2.1.2.sh
#ln –s jdk-1.2.2 /usr/local/jdk
#ln –s jdk-1.2.2 /usr/local/jre
(2)设置TOMCAT运行环境
#vi /root/.bash_profile
在此文件后加入下面
JAVA_HOME=/usr/local/jdk
export JAVA_HOME
CLASSPATH=/usr/local/jdk/lib:/usr/local/jre/lib
export CLASSPATH
CATALINA_HOME=/usr/local/tomcat
export CATALINA_HOME
PATH=$PATH:/usr/local/jdk/bin:/usr/local/jre/bin
保存并退出
(3)安装TOMCAT4
#tar –zxvf jakarta-tomcat4.tar.gz
#mv jakarta-tomat tomcat
a.测试TOMCAT运行情况
#lynx localhost:8080
b.生成mod_webapp.so
#tar -zxvf jakarta-tomcat.connnerts-src.tar.gz
#tar -zxvf apr_APACHE_2.0.35.tar.gz
#mv -r apr /usr/local/tomcat.connerts-src/webapp/
#cd /usr/local/tomcat.connerts-src/webapp/
#support/buildconf.sh
#./configure --with-apxs=/usr/local/apache/bin/apxs
#make
4.联合APACHE1+TOMCAT4
#cp apache-1.3/mod_webapp.so /usr/local/apache/libexec/
#vi /usr/local/apache/conf/httpd.conf
修改
DirectoryIndex index.jsp index.html
Options Indexes MultiViews Options MultiViews
加入
LoadModule webapp_module libexec/mod_webapp.so
WebAppConnection warpConnection warp localhost:8008
WebAppDeploy examples warpConnection /examples/
WebAppInfo /webapp-info
保存并退出
#/usr/local/apache/bin/apachectl configtest
Syntax OK
#/usr/local/apache/bin/apachectl start
#/usr/local/tomcat/webapps/examples/index.jsp
#vi /usr/local/tomcat/webapps/examples/index.jsp
2 + 2 = <%= 2 + 2 %>
保存并退出
#chmod 755 /usr/local/tomcat/webapps/examples/index.jsp
#nohup /usr/local/tomcat/bin/startup.sh
5.测试
打开浏览器键入http://localhost/examples/ 如出现
2+2=4
即联合成功。
6.创建mysql,apache,tomcat自启动
#vi /etc/rc.d/rc.local
/usr/local/mysql/bin/mysqld_safe --user=mysql &
/usr/local/apache/bin/apachectl start
/usr/local/tcstart.sh
保存并退出
#touch /etc/init.d/tomcat
#chmod 755 /etc/init.d/tomcat
#useradd -d /usr/local/ tomcat
#vi /etc/init.d/tomcat
#!/bin/bash
#
# tomcat Starts Tomcat Java server.
#
#
# chkconfig: 345 88 12
# description: Tomcat is the server for Java servlet applications.
### BEGIN INIT INFO
# Provides: $tomcat
### END INIT INFO
# Source function library.
. /etc/init.d/functions
[ -f /usr/local/tcstart.sh ] || exit 0
[ -f /usr/local/tcstop.sh ] || exit 0
RETVAL=0
umask 077
start() {
echo -n $"Starting Tomcat Java server: "
daemon su -c /usr/local/tcstart.sh tomcat
echo
return $RETVAL
}
stop() {
echo -n $"Shutting down Tomcat Java server: "
daemon su -c /usr/local/tcstop.sh tomcat
echo
return $RETVAL
}
restart() {
stop
start
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart|reload)
restart
;;
*)
echo $"Usage: $0 {start|stop|restart}"
exit 1
esac
exit $?
保存并退出
#touch /usr/local/tcstart.sh
#!/bin/bash
export JDK_HOME=/usr/local/jsdk
export JAVA_HOME=/usr/local/jsdk
#startup tomcat server
/usr/local/tomcat/bin/startup.sh
保存并退出
#chmod 755 /usr/local/tcstart.sh
7.创建安全的科威WEB运行环境
(1).阻止你的系统响应任何从外部/内部来的ping请求
#vi /etc/rc.d/rc.local
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
(2).减少系统CPU占有量和由于误操作导致系统重启
#vi /etc/inittab
id:3:initdefault:
# Run gettys in standard runlevels
1:2345:respawn:/sbin/mingetty tty1
2:2345:respawn:/sbin/mingetty tty2
#3:2345:respawn:/sbin/mingetty tty3
#4:2345:respawn:/sbin/mingetty tty4
#5:2345:respawn:/sbin/mingetty tty5
#6:2345:respawn:/sbin/mingetty tty6
#ca::ctrlaltdel:/sbin/shutdown -t3 -r now
保存并退出
(3). 删除不必要的拥护和组
#userdel –r username
adm,lp,sync,shutdown,halt,mail,procmail,mailx,news,uucp,operator,games,gopher,ftp
#groupdel groupname
adm,lp,sync,shutdown,halt,mail,procmail,mailx,news,uucp,operator,games,gopher,ftp
(4). 创建ftp账户
#groupadd su
#useradd –g su –d /usr/local/apache/htdocs webserver
(5). 用chattr命令给下面的文件加上不可更改属性。
[root@deep]# chattr +i /etc/passwd
[root@deep]# chattr +i /etc/shadow
[root@deep]# chattr +i /etc/group
[root@deep]# chattr +i /etc/gshadow
(6).禁止任何人(非法)通过su命令改变为root用户
#vi /etc/pam.d/su
auth sufficient /lib/security/pam_rootok.so debug
auth required /lib/security/pam_wheel.so group=sul
保存并退出
这样之后,只有su组成员可以改变为root用户
(7).资源限制防止DoS类型攻击
#vi /etc/security/limits.conf
在这个文件后加入下面
* hard core 0
* hard rss 5000
* hard nproc 20
保存并退出
#vi /etc/pam.d/login
在这个文件后加入下面
session required /lib/security/pam_limits.so
保存并退出
至此,科威服务器已组建成功,即现在的http://www.zznk.net.