Linux Configuration PHP Environment ____linux

A System
System version centos5.0
Software source code package storage location/USR/LOCAL/SRC
Source Package compilation installation location (prefix)/usr/local/software_name
Scripts and where the maintenance program resides/usr/local/sbin
MySQL Database Location/var/lib/mysql
Apache Site root directory/home/www/wwwroot
Apache Virtual Host log root directory/home/www/logs
Apache Run Account Www:www

Turn off services that you don't need
# NTSYSV
Only the services that need to be started are listed below, and services not listed are closed:
Atd
Crond
Irqbalance
Microcode_ctl
Network
SendMail
Sshd
Syslog

Reboot the system
# reboot

Install the required packages using the Yum Program (hereinafter the standard RPM package name)
@ Yum install NTP vim-enhanced gcc gcc-c++ Flex bison autoconf automake bzip2-devel ncurses-devel libjpeg-devel Libpng-dev El libtiff-devel freetype-devel pam-devel kernel

Timed correction of the server clock, timed with China National Time Service Center Timing server Synchronization
# CRONTAB-E
Join a line:
*/30 * * * * ntpdate 210.72.145.44

Source code compile installation required Package
(1) GD2
# CD/USR/LOCAL/SRC
# wget http://www.libgd.org/releases/oldreleases/gd-2.0.34.tar.gz
# tar XZVF gd-2.0.34.tar.gz
# CD gd-2.0.34
#./configure--PREFIX=/USR/LOCAL/GD2
# make
# make Install
(2) LibXML2
# CD/USR/LOCAL/SRC
# wget ftp://xmlsoft.org/libxml2/libxml2-2.6.29.tar.gz
# tar XZVF libxml2-2.6.29.tar.gz
# CD Libxml2-2.6.29
#./configure--PREFIX=/USR/LOCAL/LIBXML2
# make
# make Install
(3) Libmcrypt
# CD/USR/LOCAL/SRC
#wget http://jaist.dl.sourceforge.net/sourceforge/mcrypt/libmcrypt-2.5.8.tar.bz2
# tar XJVF libmcrypt-2.5.8.tar.bz2
# CD libmcrypt-2.5.8
#./configure--prefix=/usr/local/libmcrypt
# make
# make Install
(4) Apache log truncation Program
# CD/USR/LOCAL/SRC
# wget http://cronolog.org/download/cronolog-1.6.2.tar.gz
# tar XZVF cronolog-1.6.2.tar.gz
# CD cronolog-1.6.2
#./configure--prefix=/usr/local/cronolog
# make
# make Install

8. Upgrade OpenSSL and OpenSSH
    # cd/usr/local/src
    # wget http:// www.openssl.org/source/openssl-0.9.8e.tar.gz
    # wget http://mirror.mcs.anl.gov/openssh /portable/openssh-4.6p1.tar.gz
    # tar xzvf openssl-0.9.8e.tar.gz
    # CD openssl-0.9.8e
    #/config--prefix=/usr/local/openssl
    # make
 & nbsp;  # make Test
    # make install
    # cd ...
    # tar xzvf openssh-4.6p1.tar.gz
    # cd OPENSSH-4.6P1
    # ./configure  \
"--prefix=/usr" \
"--with-pam" \
"--with-zlib" \
"--sysconfdir=/etc/ssh" \
"--w Ith-ssl-dir=/usr/local/openssl "\
--with-md5-passwords
    # make
    # Make install

(5) Disable client GSSAPI
# Vi/etc/ssh/ssh_config
Found it:
Gssapiauthentication Yes
Comment out this line.

Finally, reboot the SSH service after confirming the correct modification
# Service Sshd Restart
# ssh-v
Confirm that the OpenSSH and OpenSSL versions are correct.

Compiling and installing the master environment
1. Download software

2. Compile and install MySQL
# tar XZVF mysql-5.0.27.tar.gz
# CD mysql-5.0.27
#./configure \
"--prefix=/usr/local/mysql" \
"--localstatedir=/var/lib/mysql" \ (Note:/var partitions are appropriate.) ）
"--with-comment=source" \
"--with-server-suffix=-lanmang" \
"--with-mysqld-user=mysql" \
"--without-debug" \
"--with-big-tables" \
"--with-charset= GBK" \ (set MySQL default character set here)
"--with-collation= gbk_chinese_ci" \ (set MySQL correction character set here)
"--with-extra-charsets=all" \
"--with-pthread" \
"--enable-static" \
"--enable-thread-safe-client" \
"--with-client-ldflags=-all-static" \
"--with-mysqld-ldflags=-all-static" \
"--enable-assembler" \
"--without-isam" \
"--without-innodb" \
"--without-ndb-debug"
# make
# make Install
# useradd MySQL
# Cd/usr/local/mysql
# bin/mysql_install_db--user=mysql
# Chown-r Root:mysql.
# Chown-r Mysql/var/lib/mysql
# CP SHARE/MYSQL/MY-HUGE.CNF/ETC/MY.CNF
# CP Share/mysql/mysql.server/etc/rc.d/init.d/mysqld
# chmod 755/etc/rc.d/init.d/mysqld
# chkconfig--add mysqld
# chkconfig--level 3 mysqld on
#/etc/rc.d/init.d/mysqld Start
# bin/mysqladmin-u root password ' password_for_root ' (Specify mysqlroot password)

Compile and install Apache
# CD/USR/LOCAL/SRC
# tar XJVF httpd-2.2.4.tar.bz2
# CD httpd-2.2.4
#./configure \
"--prefix=/usr/local/apache2" \
"--WITH-INCLUDED-APR" \
"--enable-so" \
"--enable-deflate=shared" \
"--enable-expires=shared" \
"--enable-rewrite=shared" \
"--enable-static-support" \
"--disable-userdir"
# make
# make Install
# echo '/usr/local/apache2/bin/apachectl start ' >>/etc/rc.local

4. Compile and install PHP
# CD/USR/LOCAL/SRC
# tar XJVF php-5.2.3.tar.bz2
# CD php-5.2.3
#./configure \
"--prefix=/usr/local/php" \
"--with-config-file-path=/etc" \
"--with-mysql=/usr/local/mysql" \
"--WITH-LIBXML-DIR=/USR/LOCAL/LIBXML2" \
"--with-gd=/usr/local/gd2" \
"--with-jpeg-dir" \
"--with-png-dir" \
"--WITH-BZ2" \
"--with-freetype-dir" \
"--with-iconv-dir" \
"--with-zlib-dir" \
"--with-openssl=/usr/local/openssl" \
"--with-mcrypt=/usr/local/libmcrypt" \
"--enable-soap" \
"--enable-gd-native-ttf" \
"--enable-memory-limit" \
"--enable-ftp" \
"--enable-mbstring" \
"--enable-exif" \
"--disable-ipv6" \
"--enable-fastcgi" \
"--enable-force-cgi-redirect" \
"--disable-cli"
"--with-apxs2=/usr/local/apache2/bin/apxs" \
# make
# make Install
# MKDIR/USR/LOCAL/PHP/ETC
# CP Php.ini-dist/usr/local/php/etc/php.ini

Install Zend Optimizer
# CD/USR/LOCAL/SRC
# tar XZVF zendoptimizer-3.2.8-linux-glibc21-i386.tar.gz
#./zendoptimizer-3.2.8-linux-glibc21-i386/install.sh
Do not choose to restart Apache at the end of the installation Zend optimizer process.

Integrate Apache with PHP
# vi/usr/local/apache2/conf/httpd.conf
Found it:
AddType application/x-gzip. GZ tgz
Add below the line
AddType application/x-httpd-php. php

Found it:
<ifmodule dir_module>
DirectoryIndex index.html
</IfModule>
Change the line to
<ifmodule dir_module>
DirectoryIndex index.html index.htm index.php
</IfModule>

Found it:
#Include conf/extra/httpd-mpm.conf
#Include conf/extra/httpd-info.conf
#Include conf/extra/httpd-vhosts.conf
#Include conf/extra/httpd-default.conf
Remove the front "#" number and uncomment.

Note: The settings in the above 4 extended configuration files are configured in accordance with the relevant principles.

Save exit after the modification is complete.
#/usr/local/apache2/bin/apachectl Restart

7. View confirmation environment information, improve PHP security
In the site root directory, place the phpinfo.php script to check that the information in the phpinfo is correct.
#vi phpinfo.php
<?php
Phpinfo ();
?>

Make sure that PHP is working properly, and that you can set up PHP security in php.ini.
# Vi/etc/php.ini
Found it:
Disable_functions =
Set to:
Phpinfo,system,chroot,escapeshellcmd,escapeshellarg,proc_open,proc_get_status,socket_create,socket_bind,
Socket_listen,socket_accept,socket_write,socket_read

8. Eaccelerator
# TAR-JXF EACCELERATOR-0.9.5.TAR.BZ2
# CD eaccelerator-0.9.5
#/usr/local/php/bin/phpize
#./configure--enable-eaccelerator=shared--with-php-config=/usr/local/php/bin/php-config
# Make && make install

Third, server security settings
1. Set the system firewall
# touch/usr/local/sbin/fw.sh
Paste the following script command (green section) into the fw.sh file.

#!/bin/bash

# Stop Iptables Service
Service Iptables Stop

# Load FTP Kernel Modules
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp

# inital Chains Default Policy
/sbin/iptables-f-T Filter
/sbin/iptables-p INPUT DROP
/sbin/iptables-p OUTPUT ACCEPT

# Enable Native Network Transfer
/sbin/iptables-a input-i lo-j ACCEPT

# Accept established connections
/sbin/iptables-a input-m State--state established,related-j ACCEPT

# ICMP Control
/sbin/iptables-a input-p icmp-m limit--limit 1/s--limit-burst 10-j ACCEPT

# WWW Service
/sbin/iptables-a input-p TCP--dport 80-j ACCEPT

# FTP Service
/sbin/iptables-a input-p TCP--dport 21-j ACCEPT

# SSH Service
/sbin/iptables-a input-p TCP--dport 22-j ACCEPT

# chmod 755/usr/local/sbin/fw.sh
# echo '/usr/local/sbin/fw.sh ' >>/etc/rc.local
#/usr/local/sbin/fw.sh