µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
§ дѥішѧчшѤѸк WebServer
ѱчѕѲнҖ FreeBSD 7.2
§
діцѨћѩдќѥ www.mu-ph.org ѱчѕ ѯѝіѧєёѤьыѫҙ ьѧшѕҙьіѥ Email:
[email protected] 12 ѝѧкўѥзє 2552
* * * * * * * * * Objective: шҖѠкдѥіъѼѥ WebServer еѠк Ѡкзҙді ѲўҖъд ѫ ѐҐѥѕѲьѠкзҙдієѨ WebSite ѲнҖкѥь ѱчѕѲўҖ ѯьѪѸѠъѨз ѷ ьјѣ 5 GBytes Specifications
°Á¦ºÉ°¸ÉÄo CPU: Intel(R) Xeon(R) CPU E5405 @ 2.00GHz (1995.01-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0x1067a Stepping = 10 Ram 2G HardDisk IDE 500G ¨³ 250 εª°o° o°Â¦ 500G ¦oµ / , swap ¨³ /backups o°¸É° 250G ¦oµ /var , /tmp , /usr ¨³ /usr/local Lan card 1 Ä (onboard) Ân partion ´¸Ê www# df Filesystem 1K-blocks Used Avail Capacity /dev/ad5s1a 507630 146844 320176 31% devfs 1 1 0 100% /dev/ad7s1g 400913540 16644420 352196038 5% /dev/ad7s1e 1012974 12 931926 0% /dev/ad7s1f 10154158 1150928 8190898 12% /dev/ad5s1d 231978828 4 213420518 0% /dev/ad7s1d 60931274 1066 56055708 0% www#
Mounted on / /dev /backups /tmp /usr /usr/local /var
ѱюіѰдієъѨѷјк
1. ÂoÅ
¢j¤¸ÉεÁ} 2. Compile Kernel Á¡ºÉ°Ä®o¦°¦´ Firewall ¨³ Quota 3. Update ports tree 4. µ¦·´Ê Firewall 5. µ¦Îµ Quota 6. ·´Ê mysql50-server 7. ·´Ê Apache22 8. ·´Ê PHP5 9. ·´Ê PHP5-extensions 10. ·´Ê ZendOptimizer 11. ·´Ê webmin 12. ·´Ê phpmyadmin 13. ·´Ê vsftp 14. ·´Ê awstats 15. ·´Ê ntp 16. ·´Ê clamav 17. ·´Ê hostsentry 18. ·´Ê portsentry 19. ·´Ê lynx 20. ·´Ê phpbb3 21. ·´Ê denyhosts 22. µ¦ Backup Áª µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 1
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
јѼѥчѤэъѨѷ 1). ѰдҖѳеѰђґєъѨѷлѼѥѯюҝь ѲьдѥішѧчшѤѸкѝѥєѥіщћѩдќѥѳчҖлѥд http://bsd.psru.ac.th/microcom/micro240/install53_1.pdf http://bsd.psru.ac.th/microcom/micro240/install53_2.pdf ѯєѪѷѠшѧчшѤѸк FreeBSD 7.2 ѯіѨѕэіҖѠѕѰјҖњ ѯіѥдѶъѼѥдѥіѰдҖѳеѰђґєъѨѷлѼѥѯюҝьѯэѪѸѠкшҖь ъѼѥѳчҖѱчѕ login as: sermpan Using keyboard-interactive authentication. Password: Last login: Mon Aug 10 11:02:38 2009 from proxy.mu-ph.org Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 7.2-RELEASE (GENERIC) #0: Fri May
1 08:49:13 UTC 2009
Welcome to FreeBSD! Before seeking technical support, please use the following resources: o
Security advisories and updated errata information for all releases are at http://www.FreeBSD.org/releases/ - always consult the ERRATA section for your release first as it's updated frequently.
o
The Handbook and FAQ documents are at http://www.FreeBSD.org/ and, along with the mailing lists, can be searched by going to http://www.FreeBSD.org/search/. If the doc distribution has been installed, they're also available formatted in /usr/share/doc.
If you still have a question or problem, please take the output of `uname -a', along with any relevant error messages, and email it as a question to the
[email protected] mailing list. If you are unfamiliar with FreeBSD's directory layout, please refer to the hier(7) manual page. If you are not familiar with manual pages, type `man man'. You may also use sysinstall(8) to re-enter the installation and configuration utility. Edit /etc/motd to change this login announcement. $ su root Password: www# ѯіѧѷєчҖњѕѰдҖѰђґє Welcome ѲўҖјчдѥі Delay лѥд 10 њѧьѥъѨ ѯўјѪѠ 3 њѧьѥъѨ www# vi /boot/defaults/loader.conf ############################################################## ### Loader settings ######################################## ############################################################## #autoboot_delay="10" autoboot_delay="3"
# Delay in seconds before autobooting, # Delay in seconds before autobooting,
ѰјѣѰдҖѰђґє sshd_config ѯёѪѷѠѠьѫрѥшѲўҖ User нѪѷѠ sermpan ѝѥєѥіщъѨѷлѣ Secure Shell ѳчҖѰшҕѯёѨѕкяѬҖѯчѨѕњ www# vi /etc/ssh/sshd_config # Authentication: AllowUsers sermpan #LoginGraceTime 2m #PermitRootLogin no #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 Save ѰјҖњѝѤѷк Reload www# /etc/rc.d/sshd reload www#
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 2
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
јѼѥчѤэъѨѷ 2). Compile Kernel ѯёѪѷѠѲўҖіѠкіѤэ Firewall Ѱјѣ Quota www# cd /usr/src/sys/i386/conf/ www# cp GENERIC PH www# vi PH ; ѲўҖѳчҖѯюҝьчѤкьѨѸ (ѯёѧѷєѲѝҕѝҕњьъѨѷѯюҝьёѪѸьѝѨѰчк) www# cat PH # # GENERIC -- Generic kernel configuration file for FreeBSD/i386 # # For more information on this file, please read the handbook section on # Kernel Configuration Files: # # http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html # # The handbook is also available locally in /usr/share/doc/handbook # if you've installed the doc distribution, otherwise always see the # FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the # latest information. # # An exhaustive list of options and more detailed explanations of the # device lines is also present in the ../../conf/NOTES and NOTES files. # If you are in doubt as to the purpose or necessity of a line, check first # in NOTES. # # $FreeBSD: src/sys/i386/conf/GENERIC,v 1.474.2.15.2.1 2008/11/25 02:59:29 kensmith Exp $ cpu cpu cpu #ident ident
I486_CPU I586_CPU I686_CPU GENERIC PH
# To statically compile in device wiring instead of /boot/device.hints #hints "GENERIC.hints" # Default places to look for devices. makeoptions
DEBUG=-g
options options options options options options options options options options options options options options options options options options options options options options options options options options options options options options options options options options options options
SCHED_ULE # ULE scheduler PREEMPTION # Enable kernel thread preemption INET # InterNETworking INET6 # IPv6 communications protocols SCTP # Stream Control Transmission Protocol FFS # Berkeley Fast Filesystem SOFTUPDATES # Enable FFS soft updates support UFS_ACL # Support for access control lists UFS_DIRHASH # Improve performance on big directories UFS_GJOURNAL # Enable gjournal-based UFS journaling MD_ROOT # MD is a potential root device NFSCLIENT # Network Filesystem Client NFSSERVER # Network Filesystem Server NFSLOCKD # Network Lock Manager NFS_ROOT # NFS usable as /, requires NFSCLIENT MSDOSFS # MSDOS Filesystem CD9660 # ISO 9660 Filesystem PROCFS # Process filesystem (requires PSEUDOFS) PSEUDOFS # Pseudo-filesystem framework GEOM_PART_GPT # GUID Partition Tables. GEOM_LABEL # Provides labelization COMPAT_43TTY # BSD 4.3 TTY compat [KEEP THIS!] COMPAT_FREEBSD4 # Compatible with FreeBSD4 COMPAT_FREEBSD5 # Compatible with FreeBSD5 COMPAT_FREEBSD6 # Compatible with FreeBSD6 SCSI_DELAY=5000 # Delay (in ms) before probing SCSI KTRACE # ktrace(1) support STACK # stack(9) support SYSVSHM # SYSV-style shared memory SYSVMSG # SYSV-style message queues SYSVSEM # SYSV-style semaphores _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions KBD_INSTALL_CDEV # install a CDEV entry in /dev ADAPTIVE_GIANT # Giant mutex is adaptive. STOP_NMI # Stop CPUS using NMI instead of IPI AUDIT # Security event auditing
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
# Build kernel with gdb(1) debug symbols
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 3
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2 #options KDTRACE_HOOKS # Kernel DTrace hooks # # Add Firewall & Quota to kernel # options IPFIREWALL options IPFIREWALL_FORWARD options IPFIREWALL_DEFAULT_TO_ACCEPT options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=120 options IPDIVERT options QUOTA # # End of Additional Line # . . . . . .
www# pwd /usr/src/sys/i386/conf www# ll total 82 -rw-r--r-- 1 root wheel 13 Jun 20 2005 .cvsignore -rw-r--r-- 1 root wheel 534 Apr 15 10:14 DEFAULTS -rw-r--r-- 1 root wheel 12472 Apr 15 10:14 GENERIC -rw-r--r-- 1 root wheel 1745 Apr 15 10:14 GENERIC.hints -rw-r--r-- 1 root wheel 1034 Apr 15 10:14 MAC -rw-r--r-- 1 root wheel 131 Apr 15 10:14 Makefile -rw-r--r-- 1 root wheel 38891 Apr 15 10:14 NOTES -rw-r--r-- 1 root wheel 2016 Apr 15 10:14 PAE -rw-r--r-- 1 root wheel 12786 Aug 12 16:51 PH -rw-r--r-- 1 root wheel 3539 Apr 15 10:14 XBOX www# config PH Kernel build directory is ../compile/PH Don't forget to do ``make cleandepend && make depend'' www# cd ../compile/PH www# make depend ; make ; make install . . . ===> zyd (install) install -o root -g wheel -m 555 if_zyd.ko /boot/kernel install -o root -g wheel -m 555 if_zyd.ko.symbols /boot/kernel kldxref /boot/kernel www# іѠльдіѣъѤѷкъѼѥкѥьѯѝіѶл ѝѤѷк Reboot www# reboot
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 4
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
јѼѥчѤэъѨѷ 3). Update ports tree ѯєѪѷѠшѧчшѤѸк FreeBSD 7.2 ѯіѨѕэіҖѠѕѰјҖњ ѯіѥдѶъѼѥдѥі Update ports ъѼѥѳчҖѱчѕ login as: sermpan Using keyboard-interactive authentication. Password: Last login: Tue Aug 4 20:03:36 2009 from proxy.mu-ph.org Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 7.2-RELEASE (PH) #0: Tue Aug
4 18:53:55 ICT 2009
Welcome to FreeBSD! Before seeking technical support, please use the following resources: o
Security advisories and updated errata information for all releases are at http://www.FreeBSD.org/releases/ - always consult the ERRATA section for your release first as it's updated frequently.
o
The Handbook and FAQ documents are at http://www.FreeBSD.org/ and, along with the mailing lists, can be searched by going to http://www.FreeBSD.org/search/. If the doc distribution has been installed, they're also available formatted in /usr/share/doc.
If you still have a question or problem, please take the output of `uname -a', along with any relevant error messages, and email it as a question to the
[email protected] mailing list. If you are unfamiliar with FreeBSD's directory layout, please refer to the hier(7) manual page. If you are not familiar with manual pages, type `man man'. You may also use sysinstall(8) to re-enter the installation and configuration utility. Edit /etc/motd to change this login announcement. $ su root Password: www# јѼѥчѤэшҕѠѳюѯѠѥѰђґє ъѨѷѯіѥѯзѕјкѱюіѰдієчҖњѕ FreeBSD 7.2 оѩѷкѳчҖ tar ѯѠѥѳњҖѰјѣѯдѶэѳњҖъѨѷ /backups/distfiles72.tar єѥѰшдѯёѪѷѠѯѠѥѳюѲѝҕѲь /usr/ports/distfiles ѱчѕ (ъѤѸкьѨѸѯёѪѷѠ Server еѠкѯіѥѳєҕшҖѠкѳю download ѱюіѰдієъѨѷшҖѠкѲнҖєѥлѥд internet) www# cd / www# tar xpf /backups/distfiles72.tar www# cd /usr/ports/net/cvsup www# make install && make clean ѯєѪѷѠщѬдщѥє ѯіѪѷѠк cvsup ѲўҖѯјѪѠд X11 чҖњѕ (дѶюјҕѠѕѳюшѥє default)ѯьѪѷѠклѥдѲьдѥіјкѱюіѰдієєѨэѥкзіѤѸкъѨѷшҖѠкдѥі library еѠк X11 оѩѷкщҖѥѳєҕѯјѪѠдѲь дѥі compile эѥкѱюіѰдіє лѣѯлѠ Fatal error
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 5
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2 ѰјѣѯєѪѷѠщѬдщѥєњҕѥ ѯіѪѷѠк libiconv
дѶюјҕѠѕѳюшѥє default
ѰјѣѯєѪѷѠщѬдщѥєњҕѥ ѯіѪѷѠк libxslt ѯіѥѯјѪѠд MEM_DEBUG
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 6
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2 ѰјѣѯєѪѷѠщѬдщѥєњҕѥ ѯіѪѷѠк python25 ѯіѥѯјѪѠд THREADS, UCS4, PYMALLOC, FPECTL
ѰјѣѯєѪѷѠщѬдщѥєњҕѥ ѯіѪѷѠк perl ѯіѥѯјѪѠд DEBUGGING, GDBM, PERL_MALLLOC, PERL_64BITINT, THREADS, SUIDPERL, USE_PERL
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 7
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2 ѰјѣѯєѪѷѠщѬдщѥєњҕѥ ѯіѪѷѠк m4 ѯіѥѯјѪѠд LIBSIGSEGV
===> SECURITY REPORT: This port has installed the following files which may act as network servers and may therefore pose a remote security risk to the system. /usr/local/sbin/cvsupd /usr/local/bin/cvsup /usr/local/bin/cvpasswd If there are vulnerabilities in these programs there may be a security risk to the system. FreeBSD makes no guarantee about the security of ports included in the Ports Collection. Please type 'make deinstall' to deinstall the port if this is a concern. For more information, and contact details about the security status of this software, see the following webpage: http://www.cvsup.org/ ===> Cleaning for ezm3-1.2_1 ===> Cleaning for liboldX-1.0.1 ===> Cleaning for libdmx-1.0.2_1 ===> Cleaning for pixman-0.15.2 ===> Cleaning for libXaw-1.0.5_1,1 ===> Cleaning for gmake-3.81_3 ===> Cleaning for libX11-1.2.1,1 ===> Cleaning for libtool-1.5.26 ===> Cleaning for pkg-config-0.23_1 ===> Cleaning for xextproto-7.0.5 ===> Cleaning for dmxproto-2.2.2 ===> Cleaning for libXext-1.0.5,1 ===> Cleaning for perl-threaded-5.8.9_2 ===> Cleaning for printproto-1.0.4 ===> Cleaning for libXau-1.0.4 ===> Cleaning for libXmu-1.0.4,1 ===> Cleaning for libXp-1.0.0,1 ===> Cleaning for libXpm-3.5.7 ===> Cleaning for xproto-7.0.15 ===> Cleaning for libXt-1.0.5_1 ===> Cleaning for gettext-0.17_1 ===> Cleaning for libxcb-1.2_1 ===> Cleaning for xorg-macros-1.2.1 ===> Cleaning for bigreqsproto-1.0.2 ===> Cleaning for xcmiscproto-1.1.2 ===> Cleaning for xtrans-1.2.3 ===> Cleaning for kbproto-1.0.3 ===> Cleaning for inputproto-1.5.0 ===> Cleaning for xf86bigfontproto-1.1.2 ===> Cleaning for libXdmcp-1.0.2_1 ===> Cleaning for automake-1.10.1
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 8
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2 ===> ===> ===> ===> ===> ===> ===> ===> ===> ===> ===> ===> ===> ===> ===> ===> ===> ===> www#
Cleaning Cleaning Cleaning Cleaning Cleaning Cleaning Cleaning Cleaning Cleaning Cleaning Cleaning Cleaning Cleaning Cleaning Cleaning Cleaning Cleaning Cleaning
for for for for for for for for for for for for for for for for for for
autoconf-2.62 gdbm-1.8.3_3 libSM-1.1.0_1,1 libiconv-1.11_1 libcheck-0.9.6 libxslt-1.1.24_2 xcb-proto-1.4 libpthread-stubs-0.1 python25-2.5.4_1 automake-wrapper-20071109 m4-1.4.12,1 help2man-1.36.4_2 autoconf-wrapper-20071109 libICE-1.0.4_1,1 libxml2-2.7.3 libsigsegv-2.5 p5-gettext-1.05_2 cvsup-16.1h_4
www# лѥдьѤѸь ѯѠѥѰђґє ports-supfile ѳюѳњҖъѨѷ /tmp ѰјҖњѯјѪѠд port ъѨѷшҖѠкдѥі Update шѥєшҖѠкдѥі www# cp /usr/share/examples/cvsup/ports-supfile www# cd /tmp www# ll total 14 drwxrwxrwt 2 root wheel 512 Aug 7 09:50 drwxrwxrwt 2 root wheel 512 Aug 7 09:50 drwxrwxrwt 2 root wheel 512 Aug 7 09:50 drwxrwxrwt 2 root wheel 512 Aug 7 09:50 drwxrwxr-x 2 root operator 512 Aug 7 15:58 -r--r--r-- 1 root wheel 3817 Aug 7 10:10 www#
/tmp
.ICE-unix .X11-unix .XIM-unix .font-unix .snap ports-supfile
ѰдҖ ports-supfile чѤкьѨѸ (чѬѲьѝҕњьъѨѷѯюҝьёѪѸьѝѨѰчк) www# cat ports-supfile # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
$FreeBSD: src/share/examples/cvsup/ports-supfile,v 1.38.6.1 2008/11/25 02:59:29 kensmith Exp $ This file contains all of the "CVSup collections" that make up the FreeBSD-current ports collection. CVSup (CVS Update Protocol) allows you to download the latest CVS tree (or any branch of development therefrom) to your system easily and efficiently (far more so than with sup, which CVSup is aimed at replacing). If you're running CVSup interactively, and are currently using an X display server, you should run CVSup as follows to keep your CVS tree up-to-date: cvsup ports-supfile If not running X, or invoking cvsup from a non-interactive script, then run it as follows: cvsup -g -L 2 ports-supfile You may wish to change some of the settings in this file to better suit your system: host=CHANGE_THIS.FreeBSD.org This specifies the server host which will supply the file updates. You must change it to one of the CVSup mirror sites listed in the FreeBSD Handbook at http://www.freebsd.org/doc/handbook/mirrors.html. You can override this setting on the command line with cvsup's "-h host" option. base=/var/db This specifies the root where CVSup will store information about the collections you have transferred to your system. A setting of "/var/db" will generate this information in
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 9
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2 # # # # # prefix=/usr # # # #
/var/db/sup. You can override the "base" setting on the command line with cvsup's "-b base" option. This directory must exist in order to run CVSup.
This specifies where to place the requested files. A setting of "/usr" will place all of the files requested in "/usr/ports" (e.g., "/usr/ports/devel", "/usr/ports/lang"). The prefix directory must exist in order to run CVSup.
# Defaults that apply to all the collections # # IMPORTANT: Change the next line to use one of the CVSup mirror sites # listed at http://www.freebsd.org/doc/handbook/mirrors.html. #*default host=CHANGE_THIS.FreeBSD.org *default host=cvsup1.FreeBSD.org *default base=/var/db *default prefix=/usr *default release=cvs tag=. *default delete use-rel-suffix # If you seem to be limited by CPU rather than network or disk bandwidth, try # commenting out the following line. (Normally, today's CPUs are fast enough # that you want to run compression.) *default compress ## Ports Collection. # # The easiest way to get the ports tree is to use the "ports-all" # mega-collection. It includes all of the individual "ports-*" # collections, #ports-all # These are the individual collections that make up "ports-all". If you # use these, be sure to comment out "ports-all" above. # # Be sure to ALWAYS cvsup the ports-base collection if you use any of the # other individual collections below. ports-base is a mandatory collection # for the ports collection, and your ports may not build correctly if it # is not kept up to date. ports-base ports-accessibility #ports-arabic ports-archivers #ports-astro #ports-audio #ports-benchmarks #ports-biology #ports-cad #ports-chinese ports-comms ports-converters ports-databases #ports-deskutils ports-devel ports-dns #ports-editors ports-emulators #ports-finance #ports-french ports-ftp #ports-games #ports-german ports-graphics #ports-hebrew #ports-hungarian #ports-irc #ports-japanese ports-java #ports-korean ports-lang ports-mail #ports-math
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 10
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2 #ports-mbone ports-misc #ports-multimedia ports-net ports-net-im ports-net-mgmt ports-net-p2p #ports-news #ports-palm #ports-polish ports-ports-mgmt #ports-portuguese ports-print #ports-russian #ports-science ports-security ports-shells ports-sysutils ports-textproc #ports-ukrainian #ports-vietnamese ports-www ports-x11 ports-x11-clocks ports-x11-drivers ports-x11-fm ports-x11-fonts ports-x11-servers ports-x11-themes ports-x11-toolkits ports-x11-wm www# /usr/local/bin/cvsup -g -L 2 /tmp/ports-supfile Parsing supfile "/tmp/ports-supfile" Connecting to cvsup1.FreeBSD.org Connected to cvsup1.FreeBSD.org Server software version: SNAP_16_1h Negotiating file attribute support Exchanging collection information Establishing multiplexed-mode data connection Running щҖѥѯзіѪѷѠкђґѠкњҕѥ Name lookup failure for "cvsup1.FreeBSD.org": Host name lookup failed Will retry at 11:56:55 ѲўҖѯіѥѰдҖэііъѤч ѲьѰђґє ports-supfile *default host=cvsup1.FreeBSD.org ѱчѕѯюјѨѷѕьлѥд cvsup1 ѯмёѥѣѯје 1 ѰдҖѯюҝь 2 ўіѪѠ 3 ўіѪѠ 4 ѳюѯіѪѷѠѕ льщѩк 18
ўіѪѠѳюѯѠѥлѥд
http://www.freebsd.org/doc/en/books/handbook/cvsup.html#CVSUP-MIRRORS ѰјҖњѯіѥдѶѝѤѷкѱчѕѲнҖзѼѥѝѤѷкѯчѧє www# /usr/local/bin/cvsup -g -L 2 /tmp/ports-supfile Parsing supfile "/tmp/ports-supfile" ѯєѪѷѠѰдҖѰјҖњщҖѥѯзіѪѷѠкъѼѥкѥьшҕѠўєѥѕщѩк шѧчшҕѠѳюъѨѷ cvsup2.freebsd.org ѳчҖ дѶіѠльдіѣъѤѷкъѼѥкѥьѯѝіѶл ѰшҕщҖѥѯзіѪѷѠкђґѠкѠѨд ѲўҖѯіѥѯюјѨѷѕьѯје ѳюѯіѪѷѠѕѵ іѠльдіѣъѤѷкъѼѥкѥьѯѝіѶл . . . . Shutting down connection to server Finished successfully www#
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 11
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
јѼѥчѤэъѨѷ 4). дѥішѧчшѤѸк Firewall Á¤ºÉ°Á¦µÅo Compile kernel Á¡ºÉ°¦°¦´ Firewall ¨³ Quota ¨oª Ĩε´n°ÅÈÁ}Á¦ºÉ°
°µ¦Îµ Firewall
Step # 1: Enabling IPFW Open /etc/rc.conf file Á¡·É¤°¦¦´
oµ¨nµÁ
oµÅ firewall_enable="YES" firewall_script="/backups/ipfw.rules"
Step # 2 Write a Firewall Rule Script www# vi /backups/ipfw.rules
ѱчѕєѨіѥѕјѣѯѠѨѕччѤкьѨѸ
IPF="ipfw -q add" ipfw -q -f flush #loopback $IPF 10 allow all from any to any via lo0 $IPF 20 deny all from any to 127.0.0.0/8 $IPF 30 deny all from 127.0.0.0/8 to any $IPF 40 deny tcp from any to any frag # statefull $IPF 50 check-state $IPF 60 allow tcp from any to any established $IPF 70 allow all from any to any out keep-state $IPF 80 allow icmp from any to any # open port ftp (20,21), ssh (22), mail (25) # http (80), dns (53) etc # port 20 = ftp-data #$IPF 90 allow tcp from any to any 20 in #$IPF 100 allow tcp from any to any 20 out # port 21 = ftp $IPF 110 allow tcp from any to any 21 in $IPF 120 allow tcp from any to any 21 out # port 22 = ssh $IPF 130 allow tcp from any to any 22 in $IPF 140 allow tcp from any to any 22 out # telnet port=23 #$IPF 150 allow tcp from any to any 23 in #$IPF 160 allow tcp from any to any 23 out # smtp port=25 #$IPF 170 allow tcp from any to any 25 in #$IPF 180 allow tcp from any to any 25 out # nameserver port=42 #$IPF 190 allow tcp from any to any 42 in #$IPF 200 allow tcp from any to any 42 out # domain port=53 #$IPF 210 allow udp from any to any 53 in #$IPF 220 allow udp from any to any 53 out # tftp port=69 #$IPF 230 allow tcp from any to any 69 in #$IPF 240 allow tcp from any to any 69 out
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 12
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
# finger port=79 #$IPF 250 allow tcp from any to any 79 in #$IPF 260 allow tcp from any to any 79 out # http port=80 $IPF 270 allow tcp from any to any 80 in $IPF 280 allow tcp from any to any 80 out # pop3 port=110 #$IPF 290 allow tcp from any to any 110 in #$IPF 300 allow tcp from any to any 110 out # webmin port=10000 $IPF 310 allow tcp from any to any 10000 in $IPF 320 allow tcp from any to any 10000 out # deny and log everything $IPF 500 deny log all from any to any
Step # 3: Start a firewall You can reboot the box or you could reload these rules by entering on the command line. www# sh /backups/ipfw.rules
Task: List all the rules in sequence Typethefollowingcommand: www# ipfw list 00010 allow ip from any to any via lo0 00020 deny ip from any to 127.0.0.0/8 00030 deny ip from 127.0.0.0/8 to any 00040 deny tcp from any to any frag 00050 check-state 00060 allow tcp from any to any established 00070 allow ip from any to any out keep-state 00080 allow icmp from any to any 00110 allow tcp from any to any dst-port 21 in 00120 allow tcp from any to any dst-port 21 out 00130 allow tcp from any to any dst-port 22 in 00140 allow tcp from any to any dst-port 22 out 00270 allow tcp from any to any dst-port 80 in 00280 allow tcp from any to any dst-port 80 out 00310 allow tcp from any to any dst-port 10000 in 00320 allow tcp from any to any dst-port 10000 out 00500 deny log logamount 120 ip from any to any 65535 allow ip from any to any www#
ѲьјѼѥчѤэшҕѠѳюѯюҝьдѥіъѼѥ quota
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 13
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
јѼѥчѤэъѨѷ 5). дѥіъѼѥ Quota www# cd /etc/ www# vi fstab ѰдҖъѨѷэііъѤч /usr ѯёѧѷє userquota,groupquota www# cat fstab # Device /dev/aacd0s1b /dev/aacd0s1a /dev/aacd1s1d /dev/aacd0s1e /dev/aacd0s1f /dev/aacd0s1d /dev/acd0 www#
Mountpoint none / /backups /tmp /usr /var /cdrom
FStype swap ufs ufs ufs ufs cd9660
Options Dump sw 0 rw 1 ufs rw rw 2 rw,userquota,groupquota rw 2 ro,noauto 0
Pass# 0 1 2 2
2 22
2 0
ъѨѷѰђґє /etc/rc.conf ѯёѧѷєѝѠкэііъѤчеҖѥкјҕѥкѯеҖѥѳю enable_quotas="YES" check_quotas="YES" ѝѤѷк Reboot www# reboot ѯєѪѷѠѯзіѪѷѠк boot еѩѸьєѥ ѲўҖѝѤѷкѯёѪѷѠѲўҖ Disk Quota єѨяјшҕѠдѥіъѼѥкѥьъѤьъѨ www# www# www# Disk
quotacheck -a quotaon -a quota -v sermpan quotas for user sermpan (uid 1002): Filesystem usage quota limit grace files quota limit /usr/local 0 0 0 0 0 0 www# www# edquota -u sermpan Quotas for user sermpan: /usr/local: kbytes in use: 0, limits (soft = 1044480, hard = 1048576) inodes in use: 1, limits (soft = 0, hard = 0) www#
grace
шѤѸк SoftQuota = 1020M Ѱјѣ HardQuota = 1024M www# quota -v sermpan Disk quotas for user sermpan (uid 1003): Filesystem usage quota limit /usr/local 1520 1044480 1048576 www# шѤѸк grace period
grace
files
quota 1
limit 0
grace 0
ѯѠѥѰзҕ 7 њѤьѱчѕ
www# edquota -t Time units may be: days, hours, minutes, or seconds Grace period before enforcing soft limits for users: /var/mail: block grace period: 7 days, file grace period: 7 days ѲўҖ Quota ьѨѸ Ѱдҕ User зьѠѪѷьѵчҖњѕѱчѕ www# edquota -p sermpan `awk -F: '$3 > 1003 {print $1}' /etc/passwd` www#
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 14
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
јѼѥчѤэъѨѷ 6.) шѧчшѤѸк mysql50-server www# cd /usr/ports/database/mysql50-server www# make config ===> No options to configure www# make WITH_CHARSET=tis620 WITH_XCHARSET=all WITH_COLLATION=tis620_thai_ci WITH_OPENSSL=yes BUILD_OPTIMIZED=yes WITH_ARCHIVE=yes WITH_FEDERATED=yes WITH_NDB=yes install clean (эііъѤчъѨѷѝѠкеѠк www# make with
ѠѕѬҕѲьэііъѤчѯчѨѕњдѤь)
ѰјҖњіѠоѤдзіѬҕѲўрҕѵ ѯєѪѷѠѯѝіѶлѯіѥлѣѳчҖ
Added group "mysql". Added user "mysql". ************************************************************************ Remember to run mysql_upgrade (with the optional --datadir=
flag) the first time you start the MySQL server after an upgrade from an earlier version. ************************************************************************ install-info --quiet /usr/local/info/mysql.info /usr/local/info/dir ===> Installing rc.d startup script(s) ===> Compressing manual pages for mysql-server-5.0.84 ===> Registering installation for mysql-server-5.0.84 ===> SECURITY REPORT: This port has installed the following files which may act as network servers and may therefore pose a remote security risk to the system. /usr/local/bin/ndb_drop_table /usr/local/bin/ndb_delete_all /usr/local/libexec/ndbd /usr/local/bin/ndb_restore /usr/local/libexec/ndb_mgmd /usr/local/bin/ndb_select_all /usr/local/bin/ndb_drop_index /usr/local/bin/ndb_desc /usr/local/bin/ndb_show_tables /usr/local/lib/mysql/libndbclient.so.2 /usr/local/bin/ndb_waiter /usr/local/libexec/mysqld /usr/local/libexec/ndb_cpcd /usr/local/bin/ndb_select_count This port has installed the following startup scripts which may cause these network services to be started at boot time. /usr/local/etc/rc.d/mysql-server If there are vulnerabilities in these programs there may be a security risk to the system. FreeBSD makes no guarantee about the security of ports included in the Ports Collection. Please type 'make deinstall' to deinstall the port if this is a concern. For more information, and contact details about the security status of this software, see the following webpage: http://www.mysql.com/ ===> Cleaning for mysql-client-5.0.84 ===> Cleaning for mysql-server-5.0.84 www# ѲўҖ mysql ъѼѥкѥьъѫдзіѤѸкѯєѪѷѠѯюҌчѯзіѪѷѠк www# vi /etc/rc.conf ѯёѧѷєэііъѤчшҕѠѳюьѨѸѯеҖѥѳю mysql_enable="YES" save ѰјѣѠѠдлѥд vi
лѥдьѤѸьдѶ reboot ѯзіѪѷѠк
www# reboot
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 15
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2 ѯєѪѷѠѯіѥ reboot ѯзіѪѷѠкѰјҖњ дѶ login ѯеҖѥіѣээ ѝѧѷкѰідъѨѷшҖѠкъѼѥзѪѠ ѲўҖ password ѝѼѥўіѤэдѥі login ѯёѪѷѠѯеҖѥ database ѱчѕ login as: sermpan Password: Last login: Thu Aug 6 15:08:09 2009 from 202.129.37.133 Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 7.2-RELEASE (NMM) #0: Thu Aug
6 13:11:38 ICT 2009
Welcome to FreeBSD! Before seeking technical support, please use the following resources: o
Security advisories and updated errata information for all releases are at http://www.FreeBSD.org/releases/ - always consult the ERRATA section for your release first as it's updated frequently.
o
The Handbook and FAQ documents are at http://www.FreeBSD.org/ and, along with the mailing lists, can be searched by going to http://www.FreeBSD.org/search/. If the doc distribution has been installed, they're also available formatted in /usr/share/doc.
If you still have a question or problem, please take the output of `uname -a', along with any relevant error messages, and email it as a question to the [email protected] mailing list. If you are unfamiliar with FreeBSD's directory layout, please refer to the hier(7) manual page. If you are not familiar with manual pages, type `man man'. You may also use sysinstall(8) to re-enter the installation and configuration utility. Edit /etc/motd to change this login announcement. $ su root Password: www# /usr/local/bin/mysqladmin -u root password ppppp www# mysql -u root mysql -p Enter password: Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 2 Server version: 5.0.84 FreeBSD port: mysql-server-5.0.84 Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> \q Bye www# ѯюҝьѠѤьњҕѥ ѯіѥѝѥєѥіщѲнҖкѥь mysql ѳчҖѰјҖњ јѼѥчѤэшҕѠѳюѯюҝьдѥішѧчшѤѸк apache22
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 16
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
јѼѥчѤэъѨѷ 7.) шѧчшѤѸк Apache22 www# cd /usr/ports/www/apache22 www# make config
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 17
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 18
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
www# make install clean ѯєѪѷѠщѬдщѥєѯіѪѷѠк arp-ipv6-gdbm-db42
To run apache www server from startup, add apache22_enable="YES" in your /etc/rc.conf. Extra options can be found in startup script. Your hostname must be resolvable using at least 1 mechanism in /etc/nsswitch typically DNS or /etc/hosts or apache might have issues starting depending on the modules you are using. ===> Installing rc.d startup script(s) ===> Compressing manual pages for apache-2.2.11_7 ===> Registering installation for apache-2.2.11_7 ===> SECURITY REPORT: This port has installed the following binaries which execute with increased privileges. /usr/local/sbin/suexec This port has installed the following files which may act as network servers and may therefore pose a remote security risk to the system. /usr/local/libexec/apache22/mod_cgid.so This port has installed the following startup scripts which may cause
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 19
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2 these network services to be started at boot time. /usr/local/etc/rc.d/apache22 /usr/local/etc/rc.d/htcacheclean If there are vulnerabilities in these programs there may be a security risk to the system. FreeBSD makes no guarantee about the security of ports included in the Ports Collection. Please type 'make deinstall' to deinstall the port if this is a concern. For more information, and contact details about the security status of this software, see the following webpage: http://httpd.apache.org/ ===> Cleaning for expat-2.0.1 ===> Cleaning for pcre-7.9 ===> Cleaning for apr-gdbm-db42-ndbm-mysql-1.3.8.1.3.9 ===> Cleaning for automake-1.9.6_3 ===> Cleaning for db42-4.2.52_5 ===> Cleaning for apache-2.2.11_7 www#
ѲўҖ apache ъѼѥкѥьъѫдзіѤѸкѯєѪѷѠѯюҌчѯзіѪѷѠк www# vi /etc/rc.conf ѯёѧѷєэііъѤчшҕѠѳюьѨѸѯеҖѥѳю apache22_enable="YES" save ѰјѣѠѠдлѥд vi
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 20
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
јѼѥчѤэъѨѷ 8.) шѧчшѤѸк PHP5 www# cd /usr/ports/lang/php5 www# make config
www# make install clean *************************************************************** Make sure index.php is part of your DirectoryIndex. You should add the following to your Apache configuration file: AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps *************************************************************** ===> Compressing manual pages for php5-5.2.10 ===> Registering installation for php5-5.2.10 ===> SECURITY REPORT: This port has installed the following files which may act as network servers and may therefore pose a remote security risk to the system. /usr/local/libexec/apache22/libphp5.so /usr/local/bin/php /usr/local/bin/php-cgi If there are vulnerabilities in these programs there may be a security risk to the system. FreeBSD makes no guarantee about the security of ports included in the Ports Collection. Please type 'make deinstall' to deinstall the port if this is a concern. For more information, and contact details about the security status of this software, see the following webpage: http://www.php.net/ ===> Cleaning for php5-5.2.10 www# ѲьјѼѥчѤэшҕѠѳюѯюҝьдѥішѧчшѤѸк php5-extensions
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 21
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
јѼѥчѤэъѨѷ 9.) шѧчшѤѸк PHP5-extensions www# cd /usr/ports/lang/php5-extensions www# make config
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 22
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 23
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2 www# make install clean ѰјҖњдѶіѠѠѨдѯнҕьѯзѕ ... ѯєѪѷѠщѬдщѥєѯіѪѷѠк curl
ѯєѪѷѠщѬдщѥєѯіѪѷѠк c-ares-config
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 24
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2 ѯєѪѷѠщѬдщѥєѯіѪѷѠк ca_root_nss
===> SECURITY REPORT: This port has installed the following files which may act as network servers and may therefore pose a remote security risk to the system. /usr/local/lib/libcurl.so.5 If there are vulnerabilities in these programs there may be a security risk to the system. FreeBSD makes no guarantee about the security of ports included in the Ports Collection. Please type 'make deinstall' to deinstall the port if this is a concern. For more information, and contact details about the security status of this software, see the following webpage: http://curl.haxx.se/ ===> Cleaning for c-ares-config-1.6.0 ===> Cleaning for libidn-1.14 ===> Cleaning for libssh2-1.1,2 ===> Cleaning for ca_root_nss-3.11.9_2 ===> Cleaning for curl-7.19.5_1 www# ѯєѪѷѠшѧчшѤѸк php5-extensions ѯѝіѶлѰјҖњдѶєѥщѩкеѤѸьшѠьдѥіъѼѥѲўҖ Apache іѬҖлѤддѤэ PHP ѲўҖѯеҖѥѳюъѨѷ /usr/local/etc/apache22/Include www# cd /usr/local/etc/apache22/Includes ѝіҖѥкѳђјҙнѪѷѠ php5.conf ѱчѕѲнҖ vi www# vi php5.conf ѯёѧѷєэііъѤчшҕѠѳюьѨѸѯеҖѥѳю DirectoryIndex index.php AddDefaultCharset tis-620 AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps Include etc/apache22/extra/httpd-ssl.conf save ѰјѣѠѠдлѥд vi
ѝіҖѥкѳђјҙ php.ini www# cd /usr/local/etc/ www# cp php.ini-recommended php.ini
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 25
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
дѼѥўьчзҕѥѲьѳђјҙ php.ini default_charset = "tis-610" #ѯѠѥѯіѪѷѠкўєѥѕ ; ѠѠдчҖњѕ session.save_path = "/tmp/sesstmp" #ѯѠѥѯзіѪѷѠкўєѥѕ ; ѠѠдчҖњѕ ѠѕҕѥјѪєѳюѝіҖѥк /tmp/sesstmp Ѳь /tmp ёіҖѠєдѤэ chmod 777 /tmp/sesstmp чҖњѕ ѫ Generate Cert ѲўҖ apache ѯёѪѷѠѲнҖіѤь HTTPS www# cd /usr/local/etc/apache22/ www# openssl genrsa -out server.key 1024 Generating RSA private key, 1024 bit long modulus .++++++ .......++++++ e is 65537 (0x10001) www# openssl req -new -days 365 -key server.key -out server.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----Country Name (2 letter code) [AU]:TH State or Province Name (full name) [Some-State]:Bangkok Locality Name (eg, city) []:Rajchavithi Organization Name (eg, company) [Internet Widgits Pty Ltd]:Faculty of Public Health, Mahidol University Organizational Unit Name (eg, section) []:Computer Division Common Name (eg, YOUR name) []:Computer Email Address []:[email protected] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:pppppppp An optional company name []:PH www# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365 Signature ok subject=/C=TH/ST=Bangkok/L=Rajchavithi/O=Faculty of Public Health, Mahidol University/OU=Computer Division/CN=Computer/[email protected] Getting Private key www# chmod 400 server.* www# ѲўҖ apache ъѼѥкѥьъѫдзіѤѸкѯєѪѷѠѯюҌчѯзіѪѷѠк www# vi /etc/rc.conf ѯёѧѷєэііъѤчшҕѠѳюьѨѸѯеҖѥѳю apache22_enable="YES" save ѰјѣѠѠдлѥд vi
ѰјҖњ reboot ѯзіѪѷѠк
www# reboot шѠььѨѸіѣээеѠкѯіѥдѶёіҖѠєъѨѷлѣъчѝѠэ php ѳчҖѱчѕ www# cd /usr/local/www/apache22/data www# echo "" > info.php
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 26
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2 ѯюҌч browser ѰјҖњѯеҖѥѳюъѨѷ http://www.mu-ph.org/index.html
ўіѪѠ http://www.mu-ph.org/info.php
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 27
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
јѼѥчѤэъѨѷ 10). шѧчшѤѸк ZendOptimizer www# www# ===> www#
cd /usr/ports/devel/ZendOptimizer make config No options to configure make install clean
******************************************************************************** You have installed the ZendOptimizer package. Edit /usr/local/etc/php.ini and add: [Zend] zend_optimizer.optimization_level=15 zend_extension_manager.optimizer="/usr/local/lib/php/20060613/Optimizer" zend_extension_manager.optimizer_ts="/usr/local/lib/php/20060613/Optimizer_TS" zend_extension="/usr/local/lib/php/20060613/ZendExtensionManager.so" zend_extension_ts="/usr/local/lib/php/20060613/ZendExtensionManager_TS.so" NOTE: PHP should be compiled in non-debug mode (default). ******************************************************************************** ===> Registering installation for ZendOptimizer-3.3.0.a ===> Cleaning for compat6x-i386-6.4.604000.200810 ===> Cleaning for ZendOptimizer-3.3.0.a www#
ѰдҖѰђґє /usr/local/etc/php.ini лѥдьѤѸьѯіѥдѶѝѤѷк restart apache
ѱчѕѯёѧѷєэііъѤчѝѨѰчкеҖѥкэь ўд эііъѤч
ъѨѷъҖѥѕѰђґєѯјѕ
www# /usr/local/etc/rc.d/apache22 restart Performing sanity check on apache22 configuration: Syntax OK Stopping apache22. Waiting for PIDS: 704. Performing sanity check on apache22 configuration: Syntax OK Starting apache22. www#
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 28
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
јѼѥчѤэъѨѷ 11.) шѧчшѤѸк webmin www# www# ===> www#
cd /usr/ports/sysutils/webmin/ make config No options to configure make install clean
After installing Webmin for the first time you should perform the following steps as root: * Configure Webmin by running ${LOCALBASE}/lib/webmin/setup.sh * Add webmin_enable="YES" to your /etc/rc.conf * Start Webmin for the first time by running ${LOCALBASE}/etc/rc.d/webmin The parameters requested by setup.sh may then be changed from within Webmin itself. ===> Installing rc.d startup script(s) ===> Registering installation for webmin-1.480_1 ===> Cleaning for p5-Net-SSLeay-1.35_1 ===> Cleaning for p5-Authen-PAM-0.16_1 ===> Cleaning for p5-MIME-Base64-3.08 ===> Cleaning for webmin-1.480_1 www# лѥдьѤѸьѯеҖѥѳю setup webmin ъѨѷ www# /usr/local/lib/webmin/setup.sh *********************************************************************** * Welcome to the Webmin setup script, version 1.480 * *********************************************************************** Webmin is a web-based interface that allows Unix-like operating systems and common Unix services to be easily administered. Installing Webmin in /usr/local/lib/webmin ... *********************************************************************** Webmin uses separate directories for configuration files and log files. Unless you want to run multiple versions of Webmin at the same time you can just accept the defaults. Log file directory [/var/log/webmin]: *********************************************************************** Webmin is written entirely in Perl. Please enter the full path to the Perl 5 interpreter on your system. Full path to perl (default /usr/bin/perl): Testing Perl ... Perl seems to be installed ok *********************************************************************** Operating system name: FreeBSD Operating system version: 7.2 *********************************************************************** Webmin uses its own password protected web server to provide access to the administration programs. The setup script needs to know : - What port to run the web server on. There must not be another web server already using this port. - The login name required to access the web server. - The password required to access the web server. - If the webserver should use SSL (if your system supports it). - Whether to start webmin at boot time. Web server port (default 10000): Login name (default admin): admin Login password: Password again: Use SSL (y/n): y *********************************************************************** Creating web server config files.. ..done Creating access control file.. ..done Creating start and stop scripts..
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 29
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2 ..done Copying config files.. ..done Changing ownership and permissions .. ..done Running postinstall scripts .. syslog-ng: not found ..done www# лѥдьѤѸьѝѤѷк Start webmin ѱчѕ www# /usr/local/etc/rc.d/webmin start Starting webmin. Pre-loaded WebminCore www# ѯеҖѥѯњэъѨѷ port 10000
лѣюіѥдс error ѯьѪѷѠклѥдѯіѥіѣэѫњҕѥлѣѯіѨѕдѲнҖяҕѥь ssl
лѩкшҖѠкѯіѨѕдѯюҝь https://www.mu-ph.org:10000
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
(ѲўҖ Click ъѨѷ link ъѨѷўьҖѥѯњэѳчҖѯјѕ)
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 30
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2 ѯєѪѷѠѯіѥ login ѯеҖѥѝѬҕіѣээ Ѱјѣ Click ъѨѷ Server лѣѝѤкѯдшѫњҕѥѳєҕєѨ Apache WebServer ъѨѷнҕѠк Search ѲўҖѲѝҕзѼѥњҕѥ apache јкѳю дчюѫҐє Enter лѣёэ Apache 41 ъѨѷ ѲўҖѯіѥ Click ъѨѷ Column Module шікъѨѷ Apache Webserver ѯёѪѷѠчѼѥѯьѧьдѥішҕѠ
ѯєѪѷѠѯіѥ Click ъѨѷ Apache Webserver лѣюіѥдтчѤкеҖѥкјҕѥк
юқрўѥзѪѠ webmin ѳєҕёэъѨѷѠѕѬҕеѠк httpd.conf
ѲўҖѯіѥ Click ъѨѷ module configuration (ѯюҝь Highlight ѝѨьѸѼѥѯкѧь)ѯёѪѷѠчѼѥѯьѧьдѥішҕѠ
ѱчѕѲўҖѯіѥѲѝҕѯје 22 јкѳюѲь /usr/local/etc/apache22
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
ъѤѸкўєчѲьѯњэўьҖѥьѨѸ ѰјҖњѝѤѷк save
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 31
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2 ѰјѣѯєѪѷѠѯіѥ refresh ўьҖѥлѠ Ѱјѣ Click ъѨѷ Server дѶлѣюіѥдс Apache Webserver шѥєшҖѠкдѥі лѥдьѤѸьѯіѥдѶѝѥєѥіщъѨѷлѣ config apache яҕѥьъѥк webmin ѳчҖ (ѰшҕѳєҕѰьѣьѼѥ)
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 32
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
јѼѥчѤэъѨѷ 12.) шѧчшѤѸк phpmyadmin www# cd /usr/ports/database/phpmyadmin/ www# make config
www# make install clean ѯєѪѷѠщѬдщѥєѯіѪѷѠк php5-pcre
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 33
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2 ѯєѪѷѠщѬдщѥєѯіѪѷѠк php5-gd
ѯєѪѷѠщѬдщѥєѯіѪѷѠк php5-mbstring
**************************************************************************** The following line has been added to your /usr/local/etc/php/extensions.ini configuration file to automatically load the installed extension: extension=mysqli.so **************************************************************************** ===> Returning to build of phpMyAdmin-3.2.0.1 ===> phpMyAdmin-3.2.0.1 depends on shared library: mysqlclient.15 - found ===> Generating temporary packing list ===> Checking if databases/phpmyadmin already installed phpMyAdmin-3.2.0.1 has been installed into: /usr/local/www/phpMyAdmin Please edit config.inc.php to suit your needs. To make phpMyAdmin available through your web site, I suggest
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 34
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2 that you add something like the following to httpd.conf: Alias /phpmyadmin/ "/usr/local/www/phpMyAdmin/" Options none AllowOverride Limit Order Deny,Allow Deny from all Allow from 127.0.0.1 .example.com ===> ===> ===> ===> ===> ===> ===> ===> ===> ===> ===> ===> ===> ===> ===> ===> ===> ===> ===> ===> ===> ===>
Registering Cleaning for Cleaning for Cleaning for Cleaning for Cleaning for Cleaning for Cleaning for Cleaning for Cleaning for Cleaning for Cleaning for Cleaning for Cleaning for Cleaning for Cleaning for Cleaning for Cleaning for Cleaning for Cleaning for Cleaning for Cleaning for
installation for phpMyAdmin-3.2.0.1 php5-ctype-5.2.10 php5-mysql-5.2.10 php5-session-5.2.10 php5-spl-5.2.10 php5-filter-5.2.10 php5-bz2-5.2.10 php5-gd-5.2.10 php5-openssl-5.2.10 pecl-pdflib-2.1.6_1 php5-zlib-5.2.10 php5-mbstring-5.2.10 php5-zip-5.2.10 php5-mysqli-5.2.10 php5-pcre-5.2.10 php5-simplexml-5.2.10 freetype2-2.3.9_1 png-1.2.38 jpeg-7 t1lib-5.1.2_1,1 pdflib-7.0.4 phpMyAdmin-3.2.0.1
www# ѰдҖѰђґє vi /usr/local/etc/apache22/httpd.conf
ѱчѕѯёѧѷєэііъѤчѝѨѰчкеҖѥкјҕѥк ѝѧэѯѠѶч эііъѤч
Alias /admin/phpMyAdmin/ "/usr/local/www/phpMyAdmin/" Options none AllowOverride Limit Order Deny,Allow Allow from all
лѥдьѤѸьѯіѥдѶѝѤѷк restart apache wwv# /usr/local/etc/rc.d/apache22 restart Performing sanity check on apache22 configuration: Syntax OK Stopping apache22. Waiting for PIDS: 1595. Performing sanity check on apache22 configuration: Syntax OK Starting apache22. www# лѥдьѤѸьѯеҖѥѳюъѨѷ /usr/local/www/phpMyadmin www# cd /usr/local/www/phpMyAdmin/ www# cp config.sample.inc.php config.inc.php www# vi config.inc.php ѯёѧѷєіўѤѝјѤэјкѳю $cfg['blowfish_secret'] = 'mysecret'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! * Ѱјѣ ѯѠѥ // еҖѥкўьҖѥэііъѤчѠѠд /* Advanced phpMyAdmin features */ $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 35
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2 $cfg['Servers'][$i]['bookmarktable'] = 'pma_bookmark'; $cfg['Servers'][$i]['relation'] = 'pma_relation'; $cfg['Servers'][$i]['table_info'] = 'pma_table_info'; $cfg['Servers'][$i]['table_coords'] = 'pma_table_coords'; $cfg['Servers'][$i]['pdf_pages'] = 'pma_pdf_pages'; $cfg['Servers'][$i]['column_info'] = 'pma_column_info'; $cfg['Servers'][$i]['history'] = 'pma_history'; $cfg['Servers'][$i]['designer_coords'] = 'pma_designer_coords'; /* Contrib / Swekey authentication */ $cfg['Servers'][$i]['auth_swekey_config'] = '/etc/swekey-pma.conf';
лѥдьѤѸьјѠкѯеҖѥѯњэъѨѷ
http://www.mu-ph.org/admin/phpMyAdmin/
лѣѯўѶь warning юіѥдсѠѕѬҕѯіѪѷѠк mcrypt ѯьѪѷѠклѥдшѠьъѨѷјк php5-extensions щҖѥѯјѪѠд mcrypt лѣ Compile ѳєҕяҕѥь ѲўҖѲѝҕ нѪѷѠяѬҖѲнҖ ѯюҝь root Ѱјѣ password ъѨѷіѣэѫ шѠьъѨѷѯіѥјк mysql50-server ѯіѥдѶлѣѯеҖѥѝѬҕўьҖѥѯњэеѠк phpMyAdmin ѯёѪѷѠлѤчдѥіѯдѨѷѕњдѤэ database ѰшҕяѬҖѯеѨѕьнѠэ config database Ѱээ text mode єѥддњҕѥ
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 36
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
јѼѥчѤэъѨѷ 13.) шѧчшѤѸк vsftp www# cd /usr/ports/ftp/vsftp/ www# make config
===> SECURITY REPORT: This port has installed the following files which may act as network servers and may therefore pose a remote security risk to the system. /usr/local/libexec/vsftpd This port has installed the following startup scripts which may cause these network services to be started at boot time. /usr/local/etc/rc.d/vsftpd If there are vulnerabilities in these programs there may be a security risk to the system. FreeBSD makes no guarantee about the security of ports included in the Ports Collection. Please type 'make deinstall' to deinstall the port if this is a concern. For more information, and contact details about the security status of this software, see the following webpage: http://vsftpd.beasts.org/ ===> Cleaning for vsftpd-ssl-2.1.2 www# ѯеҖѥѳюѰдҖѰђґє vsftpd.conf ѳчҖъѨѷьѨѷ www# cd /usr/local/etc/ www# vi vsftp.conf # Example config file /usr/local/etc/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all compiled in defaults. # # READ THIS: This example file is NOT an exhaustive list of vsftpd options. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's # capabilities. # # Allow anonymous FTP? (Beware - allowed by default if you comment this out). #anonymous_enable=YES anonymous_enable=NO # # Uncomment this to allow local users to log in. #local_enable=YES local_enable=YES # # Uncomment this to enable any form of FTP write command.
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 37
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2 #write_enable=YES write_enable=YES # # Default umask for local users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd's) #local_umask=022 local_umask=022 # # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will # obviously need to create a directory writable by the FTP user. #anon_upload_enable=YES anon_upload_enable=YES # # Uncomment this if you want the anonymous FTP user to be able to create # new directories. #anon_mkdir_write_enable=YES anon_mkdir_write_enable=YES # # Activate directory messages - messages given to remote users when they # go into a certain directory. dirmessage_enable=YES # # Activate logging of uploads/downloads. xferlog_enable=YES # # Make sure PORT transfer connections originate from port 20 (ftp-data). connect_from_port_20=YES # # If you want, you can arrange for uploaded anonymous files to be owned by # a different user. Note! Using "root" for uploaded files is not # recommended! #chown_uploads=YES #chown_username=whoever chown_uploads=YES chown_username=ftp # # You may override where the log file goes if you like. The default is shown # below. #xferlog_file=/var/log/vsftpd.log # # If you want, you can have your log file in standard ftpd xferlog format. # Note that the default log file location is /var/log/xferlog in this case. #xferlog_std_format=YES # # You may change the default value for timing out an idle session. #idle_session_timeout=600 # # You may change the default value for timing out a data connection. #data_connection_timeout=120 # # It is recommended that you define on your system a unique user which the # ftp server can use as a totally isolated and unprivileged user. #nopriv_user=ftpsecure nopriv_user=ftp # # Enable this and the server will recognise asynchronous ABOR requests. Not # recommended for security (the code is non-trivial). Not enabling it, # however, may confuse older FTP clients. #async_abor_enable=YES # # By default the server will pretend to allow ASCII mode but in fact ignore # the request. Turn on the below options to have the server actually do ASCII # mangling on files when in ASCII mode. # Beware that on some FTP servers, ASCII support allows a denial of service # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd # predicted this attack and has always been safe, reporting the size of the # raw file. # ASCII mangling is a horrible feature of the protocol. #ascii_upload_enable=YES #ascii_download_enable=YES # # You may fully customise the login banner string:
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 38
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2 #ftpd_banner=Welcome to blah FTP service. ftpd_banner=Welcome to MU-PH FTP service. # # You may specify a file of disallowed anonymous e-mail addresses. Apparently # useful for combatting certain DoS attacks. #deny_email_enable=YES deny_email_enable=NO # (default follows) #banned_email_file=/etc/vsftpd.banned_emails # # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). #chroot_list_enable=YES # (default follows) #chroot_list_file=/etc/vsftpd.chroot_list # # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume # the presence of the "-R" option, so there is a strong case for enabling it. #ls_recurse_enable=YES # # When "listen" directive is enabled, vsftpd runs in standalone mode and # listens on IPv4 sockets. This directive cannot be used in conjunction # with the listen_ipv6 directive. listen=NO # # This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6 # sockets, you must run two copies of vsftpd whith two configuration files. # Make sure, that one of the listen options is commented !! #listen_ipv6=YES secure_chroot_dir=/usr/local/share/vsftpd/empty # If using vsftpd in standalone mode, uncomment the next two lines: # listen=YES # background=YES www# vi /etc/inetd.conf #ftp stream tcp nowait ftp stream tcp nowait
root root
/usr/libexec/ftpd ftpd -l /usr/local/libexec/vsftpd vsftpd /usr/local/etc/vsftpd.conf
www# killall inetd No matching processes were found www# /usr/sbin/inetd -wW www# ftp localhost Trying 127.0.0.1... Connected to localhost. 220 Welcome to MU-PH FTP service. Name (localhost:sermpan): 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 229 Entering Extended Passive Mode (|||34230|). 150 Here comes the directory listing. 226 Directory send OK. ftp> quit 221 Goodbye. www# ѯёѧѷє inetd_enable=”YES”
јкѲь /etc/rc.conf чҖњѕ
ц шѠььѨѸ ѯіѥдѶѲнҖѱюіѰдієъѨѷѯдѨѷѕњдѤэ ftp дѶѝѥєѥіщъѨѷлѣ upload/Download ѰђґєѳюєѥіѣўњҕкѯзіѪѷѠкѯіѥдѤэ server ѳчҖ
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 39
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
јѼѥчѤэъѨѷ 14.) шѧчшѤѸк awstats www# cd /usr/ports/www/awstats/ www# make config
www# make install clean ***************************************************************** Please add the following to your apache config, and restart. # # Directives to allow use of AWStats as a CGI # Alias /awstatsclasses "/usr/local/www/awstats/classes/" Alias /awstatscss "/usr/local/www/awstats/css/" Alias /awstatsicons "/usr/local/www/awstats/icons/" ScriptAlias /awstats/ "/usr/local/www/awstats/cgi-bin/" # # This is to permit URL access to scripts/files in AWStats directory. # Options None AllowOverride None Order allow,deny Allow from all ***************************************************************** If you are upgrading from AWStats 6.4 or older, please note the following: If you used the geoip plugin, you must edit your AWStats config file to change the line LoadPlugin="geoip GEOIP_STANDARD" into LoadPlugin="geoip GEOIP_STANDARD /pathto/GeoIP.dat" ***************************************************************** ===> Registering installation for awstats-6.9,1 ===> Cleaning for p5-Net-XWhois-0.90_4 ===> Cleaning for awstats-6.9,1 www#
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 40
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2 ѰдҖѰђґє vi /usr/local/etc/apache22/httpd.conf лѥдьѤѸьѯіѥдѶѝѤѷк restart apache
ѱчѕѯёѧѷєэііъѤчѝѨѰчкеҖѥкэь ѝѧэѯлѶч эііъѤч
www# /usr/local/etc/rc.d/apache22 restart Performing sanity check on apache22 configuration: Syntax OK Stopping apache22. Waiting for PIDS: 12473. Performing sanity check on apache22 configuration: Syntax OK Starting apache22. www# ѰдҖѳеѰђґє awstats.conf ѱчѕ www# cd /usr/local/www/awstats/cgi-bin/ www# ll total 648 -r-xr-xr-x 1 root wheel 5407 Jul 20 -r--r--r-- 1 root wheel 60596 Jul 20 -r-xr-xr-x 1 root wheel 558260 Jul 20 drwxr-xr-x 5 root wheel 1536 Jul 20 drwxr-xr-x 2 root wheel 512 Jul 20 drwxr-xr-x 3 root wheel 512 Jul 20 www# cp awstats.model.conf awstats.conf www# vi awstats.conf
15:11 15:11 15:11 15:11 15:11 15:11
awredir.pl awstats.model.conf awstats.pl lang lib plugins
# LogType=W # SiteDomain="www.mu-ph.org" # HostAliases="www.mu-ph.org localhost 127.0.0.1 REGEX[myserver\.com$]" # AllowToUpdateStatsFromBrowser=1 ѯеҖѥчѬѝщѧшѧѳчҖъѨѷ http://www.mu-ph.org/awstats/awstats.pl ѯєѪѷѠѯеҖѥѰјҖњѯіѥ click ъѨѷ update ўіѪѠ юіѤэюіѫкѯчѨѺѕњьѨѸ щҖѥёэ error Error: Couldn't open server log file "/var/log/httpd/mylog.log" : No such file or directory Setup ('/usr/local/www/awstats/cgi-bin/awstats.conf' file, web server or permissions) may be wrong. Check config file, permissions and AWStats documentation (in 'docs' directory).
эьўьҖѥѯњэ ѲўҖѯіѥ www# mkdir /var/log/httpd www# touch /var/log/httpd/mylog.log www# лѥдьѤѸьѲўҖіѥ refresh ўьҖѥѯњэ дѶлѣѳчҖшѥєшҖѠкдѥі
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 41
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
јѼѥчѤэъѨѷ 15.) шѧчшѤѸк ntp www# www# ===> www#
cd /usr/ports/net/ntp make config No options to configure make install clean
===> SECURITY REPORT: This port has installed the following files which may act as network servers and may therefore pose a remote security risk to the system. /usr/local/bin/ntpd /usr/local/bin/ntpdate /usr/local/bin/sntp If there are vulnerabilities in these programs there may be a security risk to the system. FreeBSD makes no guarantee about the security of ports included in the Ports Collection. Please type 'make deinstall' to deinstall the port if this is a concern. For more information, and contact details about the security status of this software, see the following webpage: http://www.ntp.org/ ===> Cleaning for ntp-4.2.4p7 www# Ѳѝҕ NTP ъѨѷ crontab ѱчѕ www# crontab –e 0 5 * * * /usr/local/bin/ntpdate –u 203.185.69.60
ўіѪѠѝѤѷк update ѯњјѥшѠььѨѸѯјѕѱчѕ www# date Wed Aug 12 21:39:00 ICT 2009 www# /usr/local/bin/ntpdate -u 203.185.69.60 12 Aug 21:39:15 ntpdate[70368]: adjust time server 203.185.69.60 offset 0.393085 sec www# date Wed Aug 12 21:39:17 ICT 2009 www#
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 42
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
јѼѥчѤэъѨѷ 16). шѧчшѤѸк clamav www# cd /usr/ports/security/clamav www# make config
===> SECURITY REPORT: This port has installed the following files which may act as network servers and may therefore pose a remote security risk to the system. /usr/local/sbin/clamd This port has installed the following startup scripts which may cause these network services to be started at boot time. /usr/local/etc/rc.d/clamav-milter /usr/local/etc/rc.d/clamav-freshclam /usr/local/etc/rc.d/clamav-clamd If there are vulnerabilities in these programs there may be a security risk to the system. FreeBSD makes no guarantee about the security of ports included in the Ports Collection. Please type 'make deinstall' to deinstall the port if this is a concern. For more information, and contact details about the security status of this software, see the following webpage: http://www.clamav.net/ ===> Cleaning for arc-5.21o_1 ===> Cleaning for arj-3.10.22_1 ===> Cleaning for lha-1.14i_6 ===> Cleaning for unzoo-4.4_2 ===> Cleaning for clamav-0.95.2 www# ѯёѧѷєѝѠкэііъѤчеҖѥкјҕѥкјкѳюѲь /etc/rc.conf clamav_clamd_enable="YES" clamav_freshclam_enable="YES" ѰдҖѳеѰђґє /usr/local/etc/clamav.conf
ѱчѕъѨѷ
LogFile /var/log/clamav/clamd.log PidFile /var/run/clamav/clamd.pid TemporaryDirectory /tmp DatabaseDirectory /var/db/clamav LocalSocket /var/run/clamav/clamd.sock FixStaleSocket yes User clamav AllowSupplementaryGroups yes ScanPE yes ScanOLE2 yes ScanPDF yes ScanHTML yes
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 43
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2 ScanArchive yes ъѨѷ crontab –e
ѲўҖѯёѧѷє дѥіѳююіѤэюіѫкеҖѠєѬј Virus лѥд site еѠк clamav ъѫдѵнѤѷњѱєкѝѠкьѥъѨ Ѱјѣ ѲўҖ scan ъѨѷѯдѶэ web ъѫдѵшѨўьѩѷкеѠкъѫдѵњѤь
www# crontab –e 0 6 * * * /sbin/reboot 0 5 * * * /usr/local/bin/ntpdate -u 203.185.69.60 2 * * * * /usr/local/bin/freshclam –quiet 0 1 * * * /usr/local/bin/clamscan -r -i /usr/local/www 10 11 * * * /etc/webmin/cron/tempdelete.pl ѝѤѷкѲўҖ Clamav ъѼѥкѥьдҕѠь дҕѠьъѨѷлѣ update ѱчѕ www# /usr/local/etc/rc.d/clamav-freshclam start Starting clamav_freshclam. www# /usr/local/etc/rc.d/clamav-clamd start Starting clamav_clamd. LibClamAV Warning: ************************************************** LibClamAV Warning: *** The virus database is older than 7 days! *** LibClamAV Warning: *** Please update it as soon as possible. *** LibClamAV Warning: ************************************************** www# дѥіѝѤѷкѲўҖ clamav ъѼѥдѥі update шѤњѯѠк www# /usr/local/bin/freshclam ClamAV update process started at Wed Aug 12 21:46:54 2009 main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven) WARNING: getfile: daily-9451.cdiff not found on remote server (IP: 193.1.193.64) WARNING: getpatch: Can't download daily-9451.cdiff from database.clamav.net Trying host database.clamav.net (130.59.10.36)... WARNING: getfile: daily-9451.cdiff not found on remote server (IP: 130.59.10.36) WARNING: getpatch: Can't download daily-9451.cdiff from database.clamav.net WARNING: getpatch: Can't download daily-9451.cdiff from database.clamav.net WARNING: Incremental update failed, trying to download daily.cvd Downloading daily.cvd [100%] daily.cvd updated (version: 9684, sigs: 64237, f-level: 43, builder: ccordes) Database updated (609272 signatures) from database.clamav.net (IP: 130.59.10.36) Clamd successfully notified about the update. www# /usr/local/bin/freshclam ClamAV update process started at Wed Aug 12 21:48:03 2009 main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven) daily.cvd is up to date (version: 9684, sigs: 64237, f-level: 43, builder: ccordes) www#
дѥіѝѤѷкѲўҖ scan ъѨѷ directory ъѨѷшҖѠкдѥіѱчѕ scan іњє sub-directory ѰјѣѰѝчкѯмёѥѣ ѰђґєъѨѷшѧч virus www# /usr/local/bin/clamscan -r -i /usr/local/www ----------- SCAN SUMMARY ----------Known viruses: 608632 Engine version: 0.95.2 Scanned directories: 67 Scanned files: 1563 Infected files: 0 Data scanned: 29.52 MB Data read: 12.02 MB (ratio 2.46:1) Time: 7.825 sec (0 m 7 s) www#
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 44
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
јѼѥчѤэъѨѷ 17). шѧчшѤѸк hostsentry www# www# ===> www#
cd /usr/ports/security/hostsentry make config No options to configure make install clean
Edit /usr/local/etc/hostssentry/hostssentry.conf and change your settings if you haven't already. ===> Registering installation for hostsentry-0.02_2 ===> Cleaning for py25-gdbm-2.5.4 ===> Cleaning for hostsentry-0.02_2 www# www# cd /usr/local/etc/hostsentry/ www# ll total 10 -rw------- 1 root wheel 49 Aug 11 21:31 hostsentry.action-dist -rw------- 1 root wheel 2767 Aug 11 21:31 hostsentry.conf-dist -rw------- 1 root wheel 67 Aug 11 21:31 hostsentry.ignore-dist -rw------- 1 root wheel 135 Aug 11 21:31 hostsentry.modules-dist www# cp hostsentry.action-dist hostsentry.action www# cp hostsentry.conf-dist hostsentry.conf www# cp hostsentry.ignore-dist hostsentry.ignore www# cp hostsentry.modules-dist hostsentry.modules www# ll total 20 -rw------- 1 root wheel 49 Aug 11 21:33 hostsentry.action -rw------- 1 root wheel 49 Aug 11 21:31 hostsentry.action-dist -rw------- 1 root wheel 2767 Aug 11 21:33 hostsentry.conf -rw------- 1 root wheel 2767 Aug 11 21:31 hostsentry.conf-dist -rw------- 1 root wheel 67 Aug 11 21:34 hostsentry.ignore -rw------- 1 root wheel 67 Aug 11 21:31 hostsentry.ignore-dist -rw------- 1 root wheel 135 Aug 11 21:34 hostsentry.modules -rw------- 1 root wheel 135 Aug 11 21:31 hostsentry.modules-dist www# ѰдҖѳеѰђґє ъѤѸкѝѨѷ шѥєшҖѠкдѥі
ѰшҕяѬҖѯеѨѕь ѳєҕѳчҖѰдҖѳеѠѣѳіѯјѕ
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 45
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
јѼѥчѤэъѨѷ 18). шѧчшѤѸк portsentry www# www# ===> www#
cd /usr/ports/security/portsentry make config No options to configure make install clean
Edit ${PREFIX}/etc/portsentry.conf and change your settings if you haven't already. (route, etc) *************************************************** * IGNORE stealth mode. It is for Linux only. * * The author hopes to have a platform independent * * version at some time. So don't even bother * * trying it now. * *************************************************** ===> Registering installation for portsentry-1.2 ===> SECURITY REPORT: This port has installed the following files which may act as network servers and may therefore pose a remote security risk to the system. /usr/local/bin/portsentry This port has installed the following startup scripts which may cause these network services to be started at boot time. /usr/local/etc/rc.d/portsentry.sh
===> www# www# www# www# www# www#
If there are vulnerabilities in these programs there may be a security risk to the system. FreeBSD makes no guarantee about the security of ports included in the Ports Collection. Please type 'make deinstall' to deinstall the port if this is a concern. Cleaning for portsentry-1.2
cd /usr/local/etc/ cp portsentry.conf.default portsentry.conf cp portsentry.ignore.default portsentry.ignore touch portsentry.blocked touch portsentry.history
ѰдҖѳеѰђґє ъѤѸкѝѨѷ шѥєшҖѠкдѥі
ѰшҕяѬҖѯеѨѕь ѳєҕѳчҖѰдҖѳеѠѣѳіѯјѕ
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 46
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
јѼѥчѤэъѨѷ 19). шѧчшѤѸк lynx www# www# ===> www#
cd /usr/ports/ www/lynx-current make config No options to configure make install clean
===> SECURITY REPORT: This port has installed the following files which may act as network servers and may therefore pose a remote security risk to the system. /usr/local/bin/lynx If there are vulnerabilities in these programs there may be a security risk to the system. FreeBSD makes no guarantee about the security of ports included in the Ports Collection. Please type 'make deinstall' to deinstall the port if this is a concern. For more information, and contact details about the security status of this software, see the following webpage: http://lynx.isc.org/current/ ===> Cleaning for mime-support-3.46.1 ===> Cleaning for lynx-2.8.7d13 www# јѠкѯеҖѥ www# /usr/local/bin/lynx www.mu-ph.org
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 47
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
јѼѥчѤэъѨѷ 20). шѧчшѤѸк phpbb3 www# www# ===> www#
cd /usr/ports/www/phpbb3 make config No options to configure make install clean
---------------------------------------------------------------------------phpBB3 has been installed, but is not quite ready to be used yet! You have to ensure that you have a database server (or ODBC access to a remote database) installed and configured, and you have to ensure that your PHP installation has been compiled with support for your database or database access method. You have to create a database for phpBB3 to use, and ensure that this database may be accessed and changed by the user id under which your web server executes. Further information on these installation procedures may be found in: /usr/local/share/doc/phpbb/README.html Once these steps have been taken, you may connect to the following URL to configure your installation of phpBB3: http://localhost/phpBB3/ After configuring phpBB3 and ensuring that it is operational, you MUST remove or rename the install/ directory from /usr/local/www/phpBB3: ---------------------------------------------------------------------------===> Registering installation for phpbb-3.0.5 ===> Cleaning for phpbb-3.0.5 www# www# cd /usr/local/www/ www# ll total 10 drwxr-xr-x 6 root wheel 512 Aug 12 19:37 apache22 drwxr-xr-x 8 root wheel 512 Aug 12 21:29 awstats drwxr-xr-x 13 www www 1024 Aug 12 22:02 phpBB3 drwxr-xr-x 10 root wheel 2560 Aug 12 21:05 phpMyAdmin www# mv phpBB3/ forum/ www# ll total 10 drwxr-xr-x 6 root wheel 512 Aug 12 19:37 apache22 drwxr-xr-x 8 root wheel 512 Aug 12 21:29 awstats drwxr-xr-x 13 www www 1024 Aug 12 22:02 forum drwxr-xr-x 10 root wheel 2560 Aug 12 21:05 phpMyAdmin www# ѰдҖѳеѰђґє httpd.conf ѱчѕѯёѧѷє еҖѥкјҕѥкьѨѸѯеҖѥѳю www# vi /usr/local/etc/apache22/httpd.conf Alias /mambers/forum/ "/usr/local/www/forum/" Options none AllowOverride Limit Order Deny,Allow Allow from all ѝѤѷк run apache Ѳўєҕ www# /usr/local/etc/rc.d/apache22 restart Performing sanity check on apache22 configuration: Syntax OK Stopping apache22. Waiting for PIDS: 2119. Performing sanity check on apache22 configuration: Syntax OK Starting apache22. www#
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 48
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2 ѰјҖњјѠкѯеҖѥѯњэъѨѷ http://www.mu-ph.org/members/forum/
ѰјҖњлѤчдѥі config шҕѠѳюшѥєјѼѥчѤэ дѶлѣѯеҖѥѝѬҕ WebBoard шѥєшҖѠкдѥі
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 49
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
јѼѥчѤэъѨѷ 21). шѧчшѤѸк denyhosts www# cd /usr/ports/security/denyhosts www# make config ===> No options to configure www# make install clean ------------------------------------------------------------------------------To run denyhosts from startup, add denyhosts_enable="YES" in your /etc/rc.conf. Configiration options can be found in /usr/local/etc/denyhosts.conf ------------------------------------------------------------------------------In order to proper working of denyhosts 1. edit your /etc/hosts.allow file and add: sshd : /etc/hosts.deniedssh : deny sshd : ALL : allow 2. issue the following command if /etc/hosts.deniedssh does not exist yet touch /etc/hosts.deniedssh ------------------------------------------------------------------------------Warning: syslogd should ideally be run with the -c option; this will ensure that denyhosts notices multiple repeated login attempts. To do this, add syslogd_flags="-c" to /etc/rc.conf ------------------------------------------------------------------------------===> Installing rc.d startup script(s) ===> Registering installation for denyhosts-2.6_2 ===> Cleaning for denyhosts-2.6_2 www# ѰдҖѳеѰђґє /usr/local/etc/denyhosts.conf SECURE_LOG = /var/log/auth.log HOSTS_DENY = /etc/hosts.allow PURGE_DENY = 7d BLOCK_SERVICE = sshd HOSTNAME_LOOKUP=YES ADMIN_EMAIL = [email protected]
ѯёѧѷєдѥіъѼѥкѥьеѠк denyhosts Ѳь crontab –e 0,20,40 * * * *
/usr/local/bin/python /usr/local/bin/denyhosts.py -c
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
/usr/local/etc/denyhosts.conf
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 50
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
јѼѥчѤэъѨѷ 22). дѥі Backup (ѯмёѥѣ ѯњэ) www# www# www# www# www#
cd /backups/ mkdir /backups/last-full date +%d%b > /backups/last-full/www-full-date mkdir /usr/local/util vi backups.sh
#!/bin/sh #backup database cd /usr/local/util mysqldump phpBB3 > phpBB3.sql --password=ppppppp
#backup passwd & group cp /etc/passwd* . cp /etc/group* . cp /etc/master* . #backup conf cp /etc/rc.conf . cp /usr/local/etc/apache22/httpd.conf . cp /usr/local/etc/apache22/Includes/php5.conf . cp /usr/local/etc/php.ini . cp /etc/resolv.conf . # Full and incremental backup script # Updated 04 July 2002 # Based on a script by Daniel O'Callaghan # and modified by Gerhard Mourani # Change the 5 variables below to fit your computer/backup COMPUTER=www # Name of this computer DIRECTORIES="/usr/local" # Directory to backup BACKUPDIR=/backups # Where to store the backups TIMEDIR=/backups/last-full # Where to store time of full backup TAR=/usr/bin/tar # Name and location of tar # You should not have to change anything below here PATH=/usr/local/bin:/usr/bin:/bin DOW=`date +%a` # Day of the week e.g. Mon DOM=`date +%d` # Date of the Month e.g. 27 DM=`date +%d%b` # Date and Month e.g. 27 Sep # On the 1st of the month a permanet full backup is made # Every Sunday a full backup is made - overwriting last Sundays backup # The rest of the time an incremental backup is made. Each incremental # backup overwrites last weeks incremental backup of the same name. # # if NEWER = "", then tar backs up all files in the directories # otherwise it backs up files newer than the NEWER date. NEWER # gets it date from the file written every Sunday. # Monthly full backup if [ $DOM = "01" ]; then NEWER="" $TAR $NEWER -cf $BACKUPDIR/$COMPUTER-$DM.tar $DIRECTORIES fi # Weekly full backup if [ $DOW = "Sun" ]; then NEWER="" NOW=`date +%d-%b` # Update full backup date echo $NOW > $TIMEDIR/$COMPUTER-full-date $TAR $NEWER -cf $BACKUPDIR/$COMPUTER-$DOW.tar $DIRECTORIES # Make incremental backup - overwrite last weeks else # Get date of last full backup NEWER="--newer `cat $TIMEDIR/$COMPUTER-full-date`" $TAR $NEWER -cf $BACKUPDIR/$COMPUTER-$DOW.tar $DIRECTORIES fi #remove passwd & group
cd rm rm rm
/usr/home/util -f passwd* -f group* -f master*
ѯёѧѷєзѼѥѝѤѷкѲь crontab –e 0 4 * * * /backups/backups.sh
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 51
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2 шѤњѠѕҕѥклѥддѥіъѼѥ backup ъѫдшѨѝѨѷеѠкъѫдњѤь [sermpan@www backupsw]$ ll -h total 5.4G -rw-r--r-1 root root -rwx-----1 root root drwxr-xr-x 2 root root -rw-r--r-1 root root -rw-r--r-1 root root -rw-r--r-1 root root -rw-r--r-1 root root -rw-r--r-1 root root -rw-r--r-1 root root -rw-r--r-1 root root [sermpan@www backupsw]$
2.6K 2.2K 80 17M 6.6M 150M 5.2G 16M 7.3M 7.8M
Jun Apr Apr Aug Aug Aug Aug Aug Aug Aug
18 17 17 7 10 8 9 6 11 12
08:46 12:01 11:58 04:02 04:02 04:02 04:05 04:02 04:02 04:02
backups.sh backups.sh.org* last-full/ www-Fri.tar www-Mon.tar www-Sat.tar www-Sun.tar www-Thu.tar www-Tue.tar www-Wed.tar
ѝѤкѯдшѫњҕѥ ѲьњѤьѠѥъѧшѕҙ лѣѯюҝьдѥі Backup Ѱээ Full ьѠдьѤѸь лѣ backup ѯмёѥѣѰђґєъѨѷєѨдѥіѯюјѨѷѕьѰюјк
ъҖѥѕъѨѷѝѫчьѨѸ ўњѤкѯюҝьѠѕҕѥкѕѧѷкњҕѥ ѯѠдѝѥінѧѸььѨѸ зклѣєѨѝҕњьнҕњѕ ѲьдѥіъѼѥ WebServer чҖњѕ FreeBSD 7.2 ѯѝіѧєёѤьыѫҙ ьѧшѕҙьіѥ 12 ѝѧкўѥзє 2552
µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2
Ã¥ Á¦·¤¡´»r ·¥r¦µ
Page 52