First, the system agreement
1. System environment
Linux:centos-4.4.servercd
apache:2.2.4
mysql:4.0.26
php:4.3.11
zendoptimizer:3.2.2
phpmyadmin:2.10.0.2
2, the source package storage location:/USR/LOCAL/SRC
#为什么一定要在/usr/local/src/under the tarball? This is only customary, because this way, everyone installed in this place, the host after the maintenance and handover is very simple, and for the future of the host on the "Upgrade" and "version recognition" have a good help.
Second, the system environment deployment and tuning
1, basic security settings
Security is important for a host that provides services on the Internet, which includes package patch patching for the host, shutdown is not a required daemon (port), firewall configuration, and daily log analysis. After installing the system, it is recommended that you follow these steps to make your security settings:
1 shutdown is not a necessary daemon (port)
After the CentOS4.4 system is installed, some daemon processes that may not be required are enabled. Disabling unnecessary processes can reduce the system's memory overhead while also reducing system security vulnerabilities, freeing up more memory space, reducing system startup time, and reducing the number of processes processed by the CPU.
By default, many daemons can be safely stopped and disabled under the system. The following table lists some of the daemons for the CentOS4.4 installation (the software package only selects development tools), and you can consider disabling these processes if it is not necessary. Process description
ACPID provides advanced power management. Recommended retention
Anacron an automated run task daemon. Red Hat Linux has four tools for automating tasks cron, Anacron, at, and BATC. When your Linux server is not running all day, this anacron can help you perform the work that was not performed during the "Crontab" time set.
APMD APMD (Advanced power Management) is an advanced source management. Traditional power management standards, for laptops are more useful, you can understand the system's battery charge information. and writes related information through SYSLOGD to the log. It can also be used to shut down when the power is low.
ATD Schedule Task (perform once) daemon. Recommended retention
Autos automatically mount file system processes, such as automatic mount Optical drives, which rarely use the automatic Mount feature on the server system. Shut down
Cpuspeed dynamically adjusts the CPU frequency of the process, in the server system this process is recommended to shut down.
Crond Scheduled Task (circular execution) daemon. Recommended retention
Cups General UNIX Print system, do not close this process if you plan to run the Print service on the server.
GMP text Terminal mouse service, if you want to support the mouse on the local text terminal do not disable this process.
Haldaemon and Windows Hardware management similar to mount U-disk and so on are essential. Recommended retention
Iptables This is the firewall daemon, anyway, start it first.
Irqbalance balance interrupts between multiple processors, if you use a single CPU system or if you plan to statically balance interrupts you can disable the process.
ISDN ISDN modem support, do not disable this process if you are ready to support an ISDN modem on the server.
Kudzu detects and configures new hardware and should be run manually if the hardware configuration changes.
Mdmonitor a RAID-related device daemon.
Messagebus mount U disk, to ensure that Haldaemon and Messagebus service startup, so this is also recommended to keep.
Microcode_ctl can encode and send new micro-code to the kernel to update the Intel IA32 Series Processor Daemon. Recommended retention
Netfs is used to support NFS sharing, and do not disable this process if you are ready to support NFS sharing on the server.
Network activates/shuts down the various network interface daemons at startup.
Nfslock Enable file locks on NFS and do not disable this process if you are prepared to support NFS sharing on the server.
PCMCIA PCMCIA Support, the PCMCIA adapter is rarely used on the server, so it is safe to disable this process.
Portmap dynamically allocates ports for RPC services (such as NIS and NFS) and disables this process if the system does not support RPC services.
Rawdevices provides support for raw device bindings, which can be disabled if you are not prepared to use a bare device in your system.
RPCGSSD is primarily used for multiple remote call processes for NFS and samba, and can be disabled if the system does not support RPC-based services.
RPCIDMAPD ditto
SendMail message transfer agent, do not disable this process if the server needs to support mail services.
SMARTD the process of using S.M.A.R.T compatible devices, you can disable this process if you are not using the Ide/sata disk subsystem.
sshd openssh Server Daemon, if you do not need remote management host, you can shut down, but there should be few people do not need this service.
Syslog to write all kinds of events to the log, is a very important service, be sure to start.
XFS X Window Font services, if your run level is 5 please do not disable this process.
XINETD supports a core daemon for a variety of network services. Be sure to start.
[Root@localhost ~]# Ntsysv
#根据自己的需要, use the NTSYSV tool to enable those mileage.
[Root@localhost ~]# reboot
#重新启动使设置生效
[Root@localhost ~]# Netstat-an |more
#...... Information slightly ...
#检查一下当前开启的端口
#netstat是个很重要的命令, please be sure to know this part of the knowledge on the Internet.
2) Basic Firewall configuration
[Root@localhost ~]#/etc/rc.d/init.d/iptables Stop
#防火墙开启
[Root@localhost ~]#/etc/rc.d/init.d/iptables start
#防火墙开启
[Root@localhost ~]# Vi/etc/sysconfig/iptables
#根据自己的情况增加防火墙规则.
[Email=root@localhost]root@localhost[/email] ~]# iptables-save > FileName
#上面的命令用于将当前主机上的防火墙规则保存到filename文件.
Root@localhost ~]# Iptables-restore < filename
#上面的命令用于将filename防火墙规则文件 (Note: not SEHLL scripts format) rules are read into the current Linux host environment.
3) Locate command with Database update and automatic Update settings
[Root@localhost ~]# vi/etc/updatedb.conf
#将 "Daily_update=no" modified to "Daily_update=yes" after saving, exiting.
[Root@localhost ~]# UpdateDB
#运行locate数据库更新命令, wait a moment ... Prompt appears after successful update
4 Modify the mirror address of the Yum warehouse to improve the download speed
[Root@localhost ~]# cd/etc/yum.repos.d/
[Root@localhost yum.repos.d]# MV Centos-base.repo Centos-base.repo.bak
[Root@localhost yum.repos.d]# wget Http://mirror.be10.com/centos/4.4/CentOS-Base.repo
5 Stop Printing Service
[Root@localhost ~]#/etc/rc.d/init.d/cups stop← Stop printing service
stopping cups: [OK]← stop service successful, appear "OK"
[Root@localhost ~]# chkconfig cups off← disable Print Service auto start
[Root@localhost ~]# chkconfig--list cups← confirm Print Service self-startup settings status
Cups 0:off 1:off 2:off the 3:off 4:off 5:off all states are off to OK (the current print service is prohibited from starting)
6) Online Upgrade Linux
[Root@localhost ~]# Yum Update
#通过yum工具更新系统, reboot your system after the update
#yum的用法请见 "How to use Yum to manage rpm (CentOS)"
2, other settings
1 Language Environment default settings
[Root@localhost ~]# vi/etc/sysconfig/i18n
Add the following line
QUOTE:
Lang= "ZH_CN. GB18030 "
[Root@localhost ~]# reboot
#重新启动要设置生效
If you need an English environment temporarily, execute the following command.
[root@localhost ~]# export lang= ' en_US '
2 to adjust the parameters of TCP/IP network, strengthen the ability of resisting Syn_flood
[Root@localhost ~]# echo ' net.ipv4.tcp_syncookies = 1 ' >>/etc/sysctl.conf
[Root@localhost ~]# Sysctl–p
3) Network School Time
[Root@localhost ~]# Date
#确认系统时间是否正确
[Root@localhost ~]# ntpdate 210.72.145.44
#与中国国家授时中心进行时间校正
[root@localhost ~]# Yum Install NTP
#安装ntpdate程序. The system does not install this package by default, but we can easily install it online via the Yum tool.
[Root@localhost ~]# Crontab-e
[Copy to Clipboard] [ - ]
CODE:
0 * * * * root/usr/sbin/ntpdate 210.72.145.44 >/dev/null 2>&1
#以上命令设置好后存盘. Your machine will be automatically calibrated at 23:00 times a day according to the China National Time Service Center's NTP server.
#关于linux下定时执行工具crontab的介绍请见http://hi.baidu.com/monobao/blog/item/01e9ecdcbc6a14a1cc11665b.html
3. Install dependent RPM Package
[Root@localhost ~]# VI install.sh
[Copy to Clipboard] [ - ]
CODE:
Yum-y Install GCC
Yum Install CPP
Yum Install gcc-c++
Yum Install ncurses
Yum Install Ncurses-devel
Yum Install Gd-devel PHP-GD
Yum Install Zlib-devel
Yum Install Freetype-devel Freetype-demos freetype-utils
Yum Install Libpng-devel libpng10 libpng10-devel
Yum Install Libjpeg-devel
Yum Install ImageMagick
Yum Install Flex
Yum Install Imagemagick-devel
[Root@localhost ~]# SH install.sh
#为了方便, the instruction lines that are installed directly on these packages are written to the script (Shell script), and the next time you use it, you can simply execute the script and install it automatically. Because shell script uses some of the instructions that you use on weekdays, you combine them into a "program." If you have frequent instructions in certain sequences, you can combine these instructions to become another new instruction. In this way, not only can simplify and speed up the operation speed, and even can be used to automate the regular execution, greatly simplifying the system management work.
The following official step into the installation of lamp, before starting installation, to understand the source code compiled knowledge, reference "Linux system Administrator (ii)---suite management rpm and Tarball."
Third, the installation of MySQL
1. Set up MSYQL user group
[Root@localhost ~]# grep mysql/etc/group
#查询系统中是否有mysql这个用户组, none is added.
[Root@localhost ~]# Groupadd MySQL
#增加一个名为mysql的用户组
2, the establishment of MySQL users
[Root@localhost ~]# grep mysql/etc/passwd
#查询系统中是否有mysql这个用户, none is added.
[Root@localhost ~]# useradd mysql-g mysql-m-s/sbin/nologin
#增加一个名为mysql的用户.
-G: Specifies the group of users to which the new user belongs
-M: Do not establish root directory
-S: Defines the shell,/sbin/nologin to use on behalf of the user cannot log on to the system.
3, Download: mysql-4.0.26
[Root@localhost ~]# cd/usr/local/src/
[Root@localhost src]# wget http://ftp.gamearena.cn/software/mysql-4.0.26.tar.gz
#...... (Information slightly) ...
[Root@localhost src]# chmod +x mysql-4.0.26.tar.gz
#修改文件权限为755
[Root@localhost src]# TAR-ZXVF mysql-4.0.26.tar.gz
#...... (Information slightly) ...
#解压缩
PS: When you download mysql in www.mysql.com, you will find binary/rpm/source three kinds of packages. Binary distribution is compiled by MySQL official optimization and does not require make.
3. Set Compiler parameters
[Root@localhost src]# cd/usr/local/src/mysql-4.0.26
[Root@localhost mysql-4.0.26]#./configure--prefix=/usr/local/mysql--with-unix-socket-path=/tmp/mysql.sock-- Localstatedir=/usr/local/mysql/data--WITH-CHARSET=GBK--without-debug--enable-assembler--without-isam-- With-client-ldflags=-all-static--with-mysqld-ldflags=-all-static
#这些设置告诉编译器如何编译apache:
--prefix=/usr/local/mysql
Specify MSYQL installation directory
--with-unix-socket-path=/tmp/mysql.sock
This is the location and file name of the online socket file specified when the MySQL server was started.
--localstatedir=/usr/local/mysql/data
Specify MySQL's database directory
--with-charset=gbk
Add GBK Chinese character support
--without-debug
Remove Debug mode
--enable-assembler
Use an assembly version of some character functions
--without-isam
Remove ISAM table type support, now rarely used, ISAM table is a platform-dependent table
--with-client-ldflags=-all-static
--with-mysqld-ldflags=-all-static
4. Compiling and installing
[Root@localhost mysql-4.0.26]# make
# the ' Make ' command compiles the source file into an executable binary file
[Root@localhost mysql-4.0.26]# make install
# "Make install" installs binaries and configuration files in the appropriate directory
6. Initialize System library
[Root@localhost mysql-4.0.26]#./scripts/mysql_install_db
Current 1/2 page
12 Next read the full text