2. source code package storage location:/usr/local/src
# Why should we perform tarball in/usr/local/src? This is just a convention, because as a result, everyone is installed in this place, and the maintenance and handover of the host will be very simple in the future, in addition, it will be helpful for "Upgrading" and "version recognition" on the host in the future.
Ii. System Environment deployment and Optimization
1. Basic Security Settings
Security is very important for a host that provides services on the Internet. This work includes fixing and disabling the vulnerability in the host package, which is not a necessary daemon (port) firewall Configuration and daily log analysis. After installing the system, follow these steps:
1) disable a daemon (port)
After the centos4.4 system is installed, some daemon may be enabled. Disabling unnecessary processes reduces system memory overhead and reduces system security risks, it can release more memory space, reduce the system startup time, and reduce the number of processes processed by the CPU.
By default, many daemon can be safely stopped and disabled in the system. The following table lists some daemon processes installed in centos4.4 (only one development tool is selected when the software package is installed). If not necessary, you can consider disabling these processes. Process description
Acpid provides advanced power management. Reserved
Anacron is an automated task daemon. Red Hat Linux comes with four automated tasks: Cron, anacron, at, and BATC. When your Linux server is not running all day long, this anacron can help you execute the work that has not been executed within the time set by "crontab.
Apmd (Advanced Power Management) is an advanced power management service. Traditional Power Management Standards are useful for laptops and can be used to understand the battery information of the system. And write the relevant information into the log through syslogd. It can also be used to shut down when the power supply is insufficient.
The scheduled task daemon (once executed) of ATD. Reserved
Autos automatically mounts the file system process (such as the automatic Mount optical drive). The file system rarely uses the automatic Mount function on the server system. Close
CPU speed: a process that dynamically adjusts the CPU frequency. We recommend that you disable this process in the server system.
Crond scheduler task (Cyclic execution) daemon. Reserved
Cups General Unix Printing System. If you plan to run the printing service on the server, do not close this process.
GMP text terminal mouse service. If you want to support the mouse on a local text terminal, do not disable this process.
Haldaemon is similar to Windows Hardware Management. Mounting a USB flash disk is essential. Reserved
Iptables is a firewall daemon. In any case, start it first.
Irqbalance balances disconnections among multiple processors. If you use a single CPU system or you plan a static balance interrupt, you can disable this process.
Supported by the isdn modem. If you are about to support the ISDN modem on the server, do not disable this process.
Kudzu detects and configures new hardware. If the hardware configuration changes, it should be manually run.
Mdmonitor raid-related device daemon Program .
Make sure that the haldaemon and messagebus services are started when messagebus is attached to the USB flash drive. Therefore, we recommend that you retain this feature.
Microcode_ctl can be encoded and send new micro Code To the kernel to update the Intel ia32 series processor daemon process. Reserved
Netfs is used to support NFS sharing. If you want to support NFS sharing on the server, do not disable this process.
Enable/disable network interface daemon at startup.
Nfslock enables file locks for NFS. If you want to support NFS sharing on the server, do not disable this process.
PCMCIA is supported, and the pcmcia adapter is rarely used on the server. Therefore, this process can be safely disabled.
Portmap dynamically allocates ports (such as NIS and NFS) for the RPC service. If the system does not support the RPC service, you can disable this process.
Rawdevices supports binding bare devices. If you are not planning to use bare devices in the system, you can disable this process.
Rpcgssd is mainly used for Multiple Remote Call processes of NFS and samba. if the system does not support RPC service, you can disable this process.
Same as rpcidmapd
Sendmail mail proxy. If the server needs to support the mail service, do not disable this process.
Smartd uses the process of S. m.a. R. T compatible devices. If you are not using the IDE/SATA disk subsystem, you can disable this process.
The sshd OpenSSH server daemon can be disabled if you do not need to remotely manage hosts, but few users do not need this service.
Syslog writes events to logs, which is an important service and must be started.
Xfs x Window Font Service. If your running level is 5, do not disable this process.
Xinetd supports core daemon processes of multiple network services. Be sure to start.
[Root @ localhost ~] # Ntsysv
# Use ntsysv to enable the mileage based on your needs.
[Root @ localhost ~] # Reboot
# Restart to make the settings take effect
[Root @ localhost ~] # Netstat-an | more
#... The information is omitted ......
# Check the currently enabled Port
# Netstat is a very important command. please be sure to master it. You can refer to this part of knowledge on the Internet.
2) basic firewall configuration
[Root @ localhost ~] #/Etc/rc. d/init. d/iptables stop
# Firewall Enabled
[Root @ localhost ~] #/Etc/rc. d/init. d/iptables start
# Firewall Enabled
[Root @ localhost ~] # Vi/etc/sysconfig/iptables
# Add firewall rules as needed.
[Email = root @ localhost] root @ localhost [/Email] ~] # Iptables-save> filename
# The above command is used to save the firewall rules on the current host to the filename file.
Root @ localhost ~] # Iptables-Restore <FILENAME
# The above command is used to read the rules of the filename firewall rule file (Note: Not in sehll scripts format) into the current Linux host environment.
3) The locate command uses the database update and automatic update settings.
[Root @ localhost ~] # Vi/etc/updatedb. conf
# Change "daily_update = No" to "daily_update = yes" and save and exit.
[Root @ localhost ~] # Updatedb
# Run the locate database update command. Wait a moment... Prompt displayed after successful update
4) modify the image address of the yum repository to increase the download speed.
[Root @ localhost ~] # Cd/etc/yum. Repos. d/
[Root @ localhost yum. Repos. d] # Music CentOS-Base.repo CentOS-Base.repo.bak
[Root @ localhost yum. Repos. d] # wget http://mirror.be10.com/centos/4.4/CentOS-Base.repo
5) Stop the printing service.
[Root @ localhost ~] #/Etc/rc. d/init. d/cups stop slave stop printing service
Stopping CUPS: [OK] The slave instance stops the service successfully. "OK" appears"
[Root @ localhost ~] # Chkconfig cups off schedule disable auto start of the Print Service
[Root @ localhost ~] # Chkconfig -- list cups slave confirm the status of the auto-start setting of the service
Cups 0: off 1: off 2: off 3: off 4: off 5: off 6: off running 0-6 are all off status OK (the current printing service is disabled since it is started)
6) Upgrade Linux Online
[Root @ localhost ~] # Yum update
# Use the yum tool to update the system. restart the system after the update.
# For usage of yum, see how to use Yum to manage RPM (centos)
2. Other settings
1) language environment default settings
[Root @ localhost ~] # Vi/etc/sysconfig/i18n
Add the following line
Quote:
Lang = "zh_cn.gb18030"
[Root @ localhost ~] # Reboot
# Set the restart to take effect
If you need an English environment temporarily, run the following command.
[Root @ localhost ~] # Export lang = 'en _ us'
2) Adjust the TCP/IP network parameters to enhance the anti-syn_flood capability
[Root @ localhost ~] # Echo 'Net. ipv4.tcp _ syncookies = 1'>/etc/sysctl. conf
[Root @ localhost ~] # Sysctl-P
3) network school hours
[Root @ localhost ~] # Date
# Check whether the system time is correct
[Root @ localhost ~] # Ntpdate 210.72.145.44
# Time correction with China National Time Service Center
[Root @ localhost ~] # Yum install NTP
# Install the ntpdate program. Although this suite is not installed by default, we can easily install it online using the yum tool.
[Root @ localhost ~] # Crontab-e
[Copy to clipboard] [-]
Code:
0 23 *** root/usr/sbin/ntpdate 210.72.145.44>/dev/null 2> & 1
# After the preceding command is set, save the disk. Your machine will automatically calibrate the time at every day based on the NTP server time of the China National Time Service Center.
# For the introduction of the Linux scheduled execution tool crontab, see the http://hi.baidu.com/monobao/blog/item/01e9ecdcbc6a14a1cc11665b.html
3. Install the dependency RPM package
[Root @ localhost ~] # Vi install. Sh
[Copy to clipboard] [-]
Code:
Yum-y install gcc
Yum install CPP
Yum install gcc-C ++
Yum install ncurses
Yum install ncurses-devel
Yum install Gd-devel PHP-Gd
Yum install zlib-devel
Yum install FreeType-devel FreeType-demos FreeType-utils
Yum install libpng-devel libpng10 libpng10-devel
Yum install libjpeg-devel
Yum install ImageMagick
Yum install flex
Yum install ImageMagick-devel
[Root @ localhost ~] # Sh install. Sh
# For convenience, directly write the command lines for online installation of these software packages to the script (shell script). You only need to execute this script to automatically install the package the next time you use it. Because shell scripts combine the commands you use on a regular basis to form a "program ". If you frequently run commands of certain sequences on weekdays, you can combine these commands to become another new command. In this way, not only can the operation be simplified and accelerated, but also can be executed automatically and periodically, greatly simplifying system management.
The following describes how to install lamp. Before you start installing lamp, read the source code compilation knowledge. For more information, see "Linux System Administrator (II)-kit management rpm and tarball".
Iii. Install MySQL
1. Create an msyql User Group
[Root @ localhost ~] # Grep MySQL/etc/group
# Check whether the user group MySQL exists in the query system. If no user group exists, add it.
[Root @ localhost ~] # Groupadd MySQL
# Add a user group named MySQL
2. Create a MySQL user
[Root @ localhost ~] # Grep MySQL/etc/passwd
# Check whether the user MySQL exists in the query system. If the user does not exist, add the user.
[Root @ localhost ~] # Useradd mysql-G mysql-m-S/sbin/nologin
# Add a user named MySQL.
-G: Specifies the user group to which the new user belongs)
-M: do not create a root directory
-S: defines the shell it uses./sbin/nologin indicates that the user cannot log on to the system.
3. Download: mysql-4.0.26
[root @ localhost ~] # Cd/usr/local/src/
[root @ localhost SRC] # wget http://ftp.gamearena.cn/software/mysql-4.0.26.tar.gz
#...... (information omitted )......
[root @ localhost SRC] # chmod + x mysql-4.0.26.tar.gz
# modify the File Permission to 755
[root @ localhost SRC] # tar-zxvf mysql-4.0.26.tar.gz
#...... (information omitted )......
# decompress
PS: When you download MySQL from www.mysql.com, you will find three packages: Binary/RPM/source. Binary distribution is officially optimized and compiled by MySQL without making.
3. Set compiler compilation parameters
[root @ localhost SRC] # cd/usr/local/src/mysql-4.0.26
[root @ localhost mysql-4.0.26] #. /configure -- prefix =/usr/local/MySQL -- With-Unix-socket-Path =/tmp/MySQL. sock -- localstatedir =/usr/local/MySQL/data -- With-charset = GBK -- without-Debug -- enable-handler er -- without-isam -- With-client-ldflags =-all- static -- With-mysqld-ldflags =-all-static
# these settings tell the compiler how to compile Apache:
-- prefix =/ Usr/local/MySQL
specifies the msyql installation directory
-- With-Unix-socket-Path =/tmp/MySQL. sock
specifies the location and file name of the online socket file after the MySQL server is started.
-- localstatedir =/usr/local/MySQL/Data
specify the MySQL database directory
-- With-charset = GBK
Add support for GBK Chinese characters
-- without-Debug
remove the debug mode
-- enable-debugger
use the assembly version of some character functions
-- without-isam
supported isam table types, it is rarely used now, an isam table is a platform-dependent table
-- With-client-ldflags =-all-static
-- With-mysqld-ldflags =-all-static
4. Compile and install
[Root @ localhost mysql-4.0.26] # Make
# The "make" command compiles the source file into executable binary files.
[Root @ localhost mysql-4.0.26] # make install
# "Make install" Install binary files and configuration files in the appropriate directory
6. initialize the system library
[Root @ localhost mysql-4.0.26] #./scripts/mysql_install_db
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
