7月 222017
 

Apache Tomcat非root权限加固配置

[root@www_cluster1 ~]# cd /data/
[root@www_cluster1 data]# chown -R root.opsuser apache-tomcat-7.0.79/
[root@www_cluster1 data]# cd apache-tomcat-7.0.79/
[root@www_cluster1 apache-tomcat-7.0.79]# chmod -R g+w logs/ temp/ work/ webapps/
[root@www_cluster1 apache-tomcat-7.0.79]# chmod -R g+r conf/*
[root@www_cluster1 apache-tomcat-7.0.79]#
5月 062013
 

编译安装apache

[root@localhost ~]# yum install perl gcc make
[root@localhost ~]# groupadd -r apache
[root@localhost ~]# useradd -r -M -g apache apache
[root@localhost ~]# tar xzf httpd-2.2.24.tar.gz
[root@localhost ~]# cd httpd-2.2.24
[root@localhost httpd-2.2.24]# ./configure --prefix=/usr/local/apache \
 > --enable-so --enable-rewrite
[root@localhost httpd-2.2.24]# make
[root@localhost httpd-2.2.24]# make install

编译安装php

[root@localhost ~]# tar xzf php-5.2.17.tar.gz
[root@localhost ~]# cd php-5.2.17
[root@localhost php-5.2.17]# yum install libxml2-devel
[root@localhost php-5.2.17]# yum install gd-devel libpng-devel libjpeg-devel
[root@localhost php-5.2.17]# ./configure --prefix=/usr/local/php \
 > --with-apxs2=/usr/local/apache/bin/apxs \
 > --enable-fastcgi --enable-mbstring \
 > --with-gd=/usr/ --with-png-dir=/usr/ --with-jpeg-dir=/usr/
[root@localhost php-5.2.17]# make
[root@localhost php-5.2.17]# make install
[root@localhost php-5.2.17]# cp php.ini-dist /usr/local/php/lib/php.ini

编译安装nginx

[root@localhost ~]# tar xzf nginx-1.4.0.tar.gz
[root@localhost ~]# tar xzf openssl-1.0.1e.tar.gz
[root@localhost ~]# tar xzf zlib-1.2.8.tar.gz
[root@localhost ~]# tar xzf pcre-8.32.tar.gz
[root@localhost nginx-1.4.0]# cd nginx-1.4.0
[root@localhost nginx-1.4.0]# yum install gcc-c++
[root@localhost nginx-1.4.0]# ./configure --prefix=/usr/local/nginx \
 > --with-http_stub_status_module --with-http_ssl_module \
 > --with-pcre=../pcre-8.32/ --with-zlib=../zlib-1.2.8 \
 > --with-openssl=../openssl-1.0.1e
[root@localhost nginx-1.4.0]# make
[root@localhost nginx-1.4.0]# make install

修改nginx配置文件

#location ~ \.php$ {
 #    proxy_pass   http://127.0.0.1;
 #}
location ~ \.php$ {
 proxy_pass   http://127.0.0.1:8080;
 }

修改apache配置文件

[root@localhost ~]# vi /usr/local/apache/conf/httpd.conf
 Listen 8080
User apache
Group apache
ServerName 127.0.0.1:8080
<IfModule dir_module>
 DirectoryIndex index.php
</IfModule>
AddType application/x-httpd-php .php
#DocumentRoot "/usr/local/apache/htdocs"
DocumentRoot "/usr/local/nginx/html"
#<Directory "/usr/local/apache/htdocs">
#    Options Indexes FollowSymLinks
#    AllowOverride None
#    Order allow,deny
#    Allow from all
#</Directory>
<Directory "/usr/local/nginx/html">
 Options Indexes FollowSymLinks
 AllowOverride None
 Order allow,deny
 Allow from all
</Directory>

启动apache并查看监听

[root@localhost ~]# /usr/local/apache/bin/apachectl start
[root@localhost ~]# netstat -lutn |grep 8080
 tcp        0      0 :::8080                     :::*                        LISTEN
[root@localhost ~]#

启动nginx并查看监听

[root@localhost ~]# /usr/local/nginx/sbin/nginx
[root@localhost ~]# netstat -lut |grep http
 tcp        0      0 *:http                      *:*                         LISTEN
[root@localhost ~]#

创建php测试文件

[root@localhost ~]# vi /usr/local/nginx/html/hello.php
 <?php phpinfo(); ?>

nginx-apache-0201

访问http://192.168.244.135/index.html后的nginx日志记录

[root@localhost ~]# cat /usr/local/nginx/logs/access.log
192.168.244.1 - - [06/May/2013:16:53:22 +0800] "GET / HTTP/1.1" 200 612 "-"
 "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0"

nginx-apache-0202

访问http://192.168.244.135/hello.php后的apache日志记录

[root@localhost ~]# cat /usr/local/apache/logs/access_log
 127.0.0.1 - - [06/May/2013:19:09:00 +0800] "GET /hello.php HTTP/1.0" 200 43026
 127.0.0.1 - - [06/May/2013:19:09:00 +0800] "GET
 /hello.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 HTTP/1.0" 200 2524
 127.0.0.1 - - [06/May/2013:19:09:00 +0800] "GET
 /hello.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 HTTP/1.0" 200 2146
3月 142013
 

安装Apache服务

安装perl(编译apache模块依赖)

[root@mail httpd-2.2.24]# yum install perl

添加用户

[root@mail httpd-2.2.24]# groupadd -r apache 
[root@mail httpd-2.2.24]# useradd -r -M -g apache apache

编译安装

[root@mail httpd-2.2.24]# ./configure --prefix=/usr/local/apache \
 > --enable-so --enable-rewrite 
[root@mail httpd-2.2.24]# make 
[root@mail httpd-2.2.24]# make install

Continue reading »