打造安全的web服务器!!

[quote:aa21da7ebc]**--------------------------

去掉服务器上的不要服务

ps -ax

which rpc.statd

mv /sbin/rpc.statd

mkdir /var/back.ps

mv /sbin/rpc.statd /var/back.ps

/etc/rc.d/init.d/nfs stop

mv /etc/rc.d/init.d/nfs /var/back.ps/

rpm -qa | grep httpd

rpm -e system-config-httpd-1.2.0-3

rpm -e httpd-2.0.49-4

rpm -qa |grep nfs

rpm -e system-config-nfs-1.2.3-2

rpm -e nfs-utils-1.0.6-20

/etc/rc.d/init.d/xinetd stop

which xinetd

/usr/sbin/xinetd

mv /usr/sbin/xinetd /var/back.ps/

//------------------------------

updatedb

locate init

//----------------------不起动图形界面------------

vi /etc/inittab

#ca::ctrlaltdel:/sbin/shutdown -t3 -r now

ca::ctrlaltdel:/usr/bin/top

# Run xdm in runlevel 5

id:3********

x:3:respawn:/etc/X11/prefdm -nodaemon

reboot

//-------------------------iptables--------------

vi iptable_

iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT

iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT

iptables -t filter -A INPUT -p tcp --dport 20 -j ACCEPT

iptables -t filter -A INPUT -p tcp --dport 21 -j ACCEPT

iptables -t filter -A INPUT -p tcp --dport 3306 -j ACCEPT//可选，

iptables -t filter -A INPUT -p tcp -j DROP

iptables -t filter -A INPUT -p udp -j DROP

//---------------------------apache 2.0--------------

./configure --enable-ssl --enable-so --enable-cgi

make

make install

AddDefaultCharset GB2312

Listen 218.246.33.61:80

ServerTokens Prod

ServerSignature Off 538

DirectoryIndex index.html index.html.var index.php 386

NameVirtualHost 192.168.1.151:80 1058

//--------------MPM---------------------------------

<IfModule prefork.c>

StartServers 10

MinSpareServers 10

MaxSpareServers 15

ServerLimit 2000

MaxClients 1500

MaxRequestsPerChild 10000

</IfModule>

<VirtualHost **.**.**.**:80>

ServerAdmin webmaster@dummy-host.example.com

DocumentRoot /******/

ServerName www.***.***

ErrorLog logs/dummy-host.example.com-error_log

CustomLog logs/dummy-host.example.com-access_log common

</VirtualHost>

AddType application/x-httpd-php .php 852

//--------------------- 安装mysql4.0-----------------

tar -zxf gd-2.0.33.tar.gz

./configure

make

make install

tar -zxf mysql-4.0.22.tar.gz

--with-charset=GB2312

--prefix=/var/local/

./configure --with-charset=GB2312 --prefix=/var/local/

vi /Docs/mysql.info 7086

shell> groupadd mysql

shell> useradd -g mysql mysql

shell> gunzip < mysql-VERSION.tar.gz | tar -xvf -

shell> cd mysql-VERSION

shell> ./configure --with-charset=GB2312 --prefix=/var/local/

shell> make

shell> make install

shell> cp support-files/my-medium.cnf /etc/my.cnf

shell> cd /usr/local/mysql

shell> bin/mysql_install_db --user=mysql

shell> chown -R root .

shell> chown -R mysql var

shell> chgrp -R mysql .

shell> bin/mysqld_safe --user=mysql &

//--------------------------------安装php4.**----------------------------

php

./configure --with-apxs2=/usr/local/apache2/bin/apxs --with-zlib-dir --with-mysql

make

make install

cp php.ini-dist /usr/local/lib/php.ini

;safe_mode = Off

safe_mode = On

;display_errors = On

display_errors = On

;log_errors = Off

log_errors = On

/****

extension_dir = "./"

disable_functions =phpinfo,get_cfg_var,exec,system,eval

//-------------------------------ssh配置

vi /etc/ssh/sshd_config

root用户不能直接登入

#PermitRootLogin yes

PermitRootLogin no

不允许空密码登入

#PermitEmptyPasswords yes

PermitEmptyPasswords no

/etc/rc.d/init/sshd restart[/quote:aa21da7ebc]