Linux 环境搭建推荐教程

优质
小牛编辑
141浏览
2023-12-01
一、系统约定

软件源代码包存放位置:/usr/local/src
源码包编译安装位置(prefix):/usr/local/software_name
脚本以及维护程序存放位置:/usr/local/sbin
MySQL 数据库位置:/var/lib/MySQL(可按情况设置)
Apache 网站根目录:/home/www/wwwroot(可按情况设置)
Apache 虚拟主机日志根目录:/home/www/logs(可按情况设置)
Apache 运行账户:www:www

二、系统环境部署及调整
1. 检查系统是否正常

	# more /var/log/messages(检查有无系统级错误信息)
	# dmesg(检查硬件设备是否有错误信息)
	# ifconfig(检查网卡设置是否正确)
	# ping www.163.com(检查网络是否正常)

2. 关闭不需要的服务

	# ntsysv
	以下仅列出需要启动的服务,未列出的服务一律推荐关闭:
	atd
	crond
	irqbalance
	microcode_ctl
	network
	sendmail
	sshd
	syslog

3. 重新启动系统

	# init 6

4. 配置 vim

# vi /root/.bashrc
在 alias mv='mv -i' 下面添加一行:alias vi='vim' 保存退出。
# echo 'syntax on' > /root/.vimrc

5. 使用 yum 程序安装所需开发包(以下为标准的 RPM 包名称)

# yum install ntp vim-enhanced gcc gcc-c++ gcc-g77 flex 
bison autoconf automake bzip2-devel ncurses-devel libjpeg-devel libpng-devel libtiff-devel freetype-devel pam-devel kerne

6. 定时校正服务器时钟,定时与中国国家授时中心授时服务器同步

# crontab -e
加入一行:
*/30 * * * * ntpdate 210.72.145.44

7. 源码编译安装所需包 (Source)

需要下载的文件

	gd-2.0.34.tar.gz
	libxml2-2.6.30.tar.bz2
	libmcrypt-2.5.8.tar.bz2
	cronolog-1.7.0-beta.tar.gz
	openssl-0.9.8e.tar.gz (可选)
	openssl-0.9.8e.tar.gz (可选)
	

7.1 GD2

	# cd /usr/local/src
	# tar xzvf gd-2.0.34.tar.gz
	# cd gd-2.0.34
	# ./configure --prefix=/usr/local/gd2
	# make
	# make install
7.2 LibXML2
	# cd /usr/local/src
	# tar xjvf libxml2-2.6.30.tar.bz2
	# cd libxml2-2.6.30
	# ./configure --prefix=/usr/local/libxml2
	# make
	# make install
7.3 LibMcrypt
	# cd /usr/local/src
	# tar xjvf libmcrypt-2.5.8.tar.bz2
	# cd libmcrypt-2.5.8
	# ./configure –prefix=/usr/local/libmcrypt
	# make
	# make install
7.4 Apache日志截断程序
	# cd /usr/local/src
	# tar xzvf cronolog-1.7.0-beta.tar.gz
	# cd cronolog-1.7.0-beta
	# ./configure –prefix=/usr/local/cronolog
	# make
	# make install

8. 升级OpenSSL和OpenSSH

	# cd /usr/local/src
	# tar xzvf openssl-0.9.8e.tar.gz
	# cd openssl-0.9.8e
	# ./config --prefix=/usr/local/openssl
	# make
	# make test
	# make install
	# cd ..
	# tar xzvf openssh-4.7p1.tar.gz
	# cd openssh-4.7p1
	# ./configure \
	"--prefix=/usr" \
	"--with-pam" \
	"--with-zlib" \
	"--sysconfdir=/etc/ssh" \
	"--with-ssl-dir=/usr/local/openssl" \
	"--with-md5-passwords"
	# make
	# make install
(1)禁用 SSH V1 协议 找到:
#Protocol 2,1
改为:
Protocol 2
(2)禁止root直接登录,此处先建立一个普通系统用户:
	# useradd username
	# passwd username
找到:
#PermitRootLogin yes
改为:
PermitRootLogin no
(3)禁用服务器端GSSAPI,找到以下两行,并将它们注释:
	GSSAPIAuthentication yes
	GSSAPICleanupCredentials yes
(4)禁用 DNS 名称解析,找到:
#UseDNS yes
改为:
UseDNS no
(5)禁用客户端 GSSAPI
# vi /etc/ssh/ssh_config
找到:
GSSAPIAuthentication yes
将这行注释掉。
最后,确认修改正确后重新启动 SSH 服务
	# service sshd restart
	# ssh -v
确认 OpenSSH 以及 OpenSSL 版本正确。

三、编译安装L.A.M.P环境
1. 下载软件

# cd /usr/local/src
下载文件mysql,apache,php,请到下面网址下载相应软件
	http://www.apache.org/ (推荐版本:2.2.21)
	http://www.php.net/  (推荐版本:5.2.17)
	http://www.mysql.com/

2. 编译安装MySQL

	# tar xzvf MySQL-5.0.45-linux-i686-glibc23.tar.gz
	# mv MySQL-5.0.45-linux-i686-glibc23 /usr/local/
	# ln -s /usr/local/ MySQL-5.0.45-linux-i686-glibc23 /usr/local/MySQL
	# useradd MySQL
	# chown -R MySQL:root /usr/local/MySQL/
	# cd /usr/local/MySQL
	# ./scripts/MySQL_install_db --user=MySQL
	# cp ./support-files/MySQL.server /etc/rc.d/init.d/MySQLd
	# chown root:root /etc/rc.d/init.d/MySQLd
	# chmod 755 /etc/rc.d/init.d/MySQLd
	# chkconfig --add MySQLd
	# chkconfig --level 3 5 MySQLd on
	# cp ./support-files/my-huge.cnf /etc/my.cnf
	# mv /usr/local/MySQL/data /var/lib/MySQL
	# chown -R MySQL:MySQL /var/lib/MySQL/
	# vi /etc/my.cnf	
	

3. 编译安装Apache

	# cd /usr/local/src
	# tar xjvf httpd-2.2.21.tar.bz2
	# cd httpd-2.2.21
	# ./configure \
	"--prefix=/usr/local/apache2" \
	"--with-included-apr" \
	"--enable-so" \
	"--enable-deflate=shared" \
	"--enable-expires=shared" \
	"--enable-rewrite=shared" \
	"--enable-static-support" \
	"--disable-userdir"
	# make
	# make install
	# echo '/usr/local/apache2/bin/apachectl start ' >> /etc/rc.local
	

4. 编译安装PHP

	# cd /usr/local/src
	# tar xjvf php-5.2.17.tar.bz2
	# cd php-5.2.17
	# ./configure \
	"--prefix=/usr/local/php" \
	"--with-apxs2=/usr/local/apache2/bin/apxs" \
	"--with-config-file-path=/usr/local/php/etc" \
	"--with-MySQL=/usr/local/MySQL" \
	"--with-libxml-dir=/usr/local/libxml2" \
	"--with-gd=/usr/local/gd2" \
	"--with-jpeg-dir" \
	"--with-png-dir" \
	"--with-bz2" \
	"--with-freetype-dir" \
	"--with-iconv-dir" \
	"--with-zlib-dir " \
	"--with-openssl=/usr/local/openssl" \
	"--with-mcrypt=/usr/local/libmcrypt" \
	"--enable-soap" \
	"--enable-gd-native-ttf" \
	"--enable-ftp" \
	"--enable-mbstring" \
	"--enable-exif" \
	"--disable-ipv6" \
	"--disable-cgi" \
	"--disable-cli"
	# make
	# make install
	# mkdir /usr/local/php/etc
	# cp php.ini-dist /usr/local/php/etc/php.ini

5. 整合Apache与PHPP

# vi /usr/local/apache2/conf/httpd.conf
找到:
AddType application/x-gzip .gz .tgz
在该行下面添加
AddType application/x-httpd-php .php
找到:
 DirectoryIndex index.html
将该行改为
DirectoryIndex index.html index.htm index.php
找到:
	#Include conf/extra/httpd-mpm.conf
	#Include conf/extra/httpd-info.conf
	#Include conf/extra/httpd-vhosts.conf
	#Include conf/extra/httpd-default.conf
去掉前面的“#”号,取消注释。注意:以上 4 个扩展配置文件中的设置请按照相关原则进行合理配置!修改完成后保存退出。
# /usr/local/apache2/bin/apachectl restart

6. 查看确认L.A.M.P环境信息、提升 PHP 安全性

在网站根目录放置 phpinfo.php 脚本,检查phpinfo中的各项信息是否正确。
确认 PHP 能够正常工作后,在 php.ini 中进行设置提升 PHP 安全性。

# vi /etc/php.ini
找到:
disable_functions =
设置为:
phpinfo,passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,
ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server