LAMP 環境の設定全部

### httpd.conf

yum -y install httpd
cp -a /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.orig

# Setting server

sed -i 's/ServerAdmin root@localhost/ServerAdmin webmaster@pooh.gr.jp/' /etc/httpd/conf/httpd.conf
sed -i 's/#ServerName www.example.com:80/ServerName pooh.gr.jp:80/' /etc/httpd/conf/httpd.conf
sed -i 's/Options Indexes FollowSymLinks/Options ExecCGI FollowSymLinks/' /etc/httpd/conf/httpd.conf

# Setting security

sed -i 's/ServerTokens OS/ServerTokens Prod/' /etc/httpd/conf/httpd.conf
sed -i 's/ServerSignature On/ServerSignature Off/' /etc/httpd/conf/httpd.conf
echo -e '\nTraceEnable Off' >> /etc/httpd/conf/httpd.conf

# Disable userdir, dav_fs

sed -i '/<IfModule mod_userdir.c>/,/<\/IfModule>/s/^/#/' /etc/httpd/conf/httpd.conf
sed -i '/<IfModule mod_dav_fs.c>/,/<\/IfModule>/s/^/#/' /etc/httpd/conf/httpd.conf

# Disable default directories

sed -i \
    -e '/ScriptAlias \/cgi-bin\/ "\/var\/www\/cgi-bin\/"/s/^/#/' \
    -e '/<Directory "\/var\/www\/cgi-bin">/,/<\/Directory>/s/^/#/' \
/etc/httpd/conf/httpd.conf
sed -i \
    -e '/Alias \/icons\/ "\/var\/www\/icons\/"/s/^/#/' \
    -e '/<Directory "\/var\/www\/icons">/,/<\/Directory>/s/^/#/' \
    -e '/AddIconByEncoding (CMP,\/icons\/compressed.gif) x-compress x-gzip/s/^/#/' \
    -e '/^AddIconByType[[:space:]]/s/^/#/' \
    -e '/^AddIcon[[:space:]]/s/^/#/' \
    -e '/DefaultIcon \/icons\/unknown.gif/s/^/#/' \
/etc/httpd/conf/httpd.conf

# Disable unnecessary modules

sed -i \
    -e '/LoadModule auth_digest_module modules\/mod_auth_digest.so/s/^/#/' \
    -e '/LoadModule authn_alias_module modules\/mod_authn_alias.so/s/^/#/' \
    -e '/LoadModule authn_anon_module modules\/mod_authn_anon.so/s/^/#/' \
    -e '/LoadModule authn_dbm_module modules\/mod_authn_dbm.so/s/^/#/' \
    -e '/LoadModule authn_default_module modules\/mod_authn_default.so/s/^/#/' \
    -e '/LoadModule authz_owner_module modules\/mod_authz_owner.so/s/^/#/' \
    -e '/LoadModule authz_groupfile_module modules\/mod_authz_groupfile.so/s/^/#/' \
    -e '/LoadModule authz_dbm_module modules\/mod_authz_dbm.so/s/^/#/' \
    -e '/LoadModule authz_default_module modules\/mod_authz_default.so/s/^/#/' \
    -e '/LoadModule ldap_module modules\/mod_ldap.so/s/^/#/' \
    -e '/LoadModule authnz_ldap_module modules\/mod_authnz_ldap.so/s/^/#/' \
    -e '/LoadModule include_module modules\/mod_include.so/s/^/#/' \
    -e '/LoadModule logio_module modules\/mod_logio.so/s/^/#/' \
    -e '/LoadModule env_module modules\/mod_env.so/s/^/#/' \
    -e '/LoadModule ext_filter_module modules\/mod_ext_filter.so/s/^/#/' \
    -e '/LoadModule mime_magic_module modules\/mod_mime_magic.so/s/^/#/' \
    -e '/LoadModule expires_module modules\/mod_expires.so/s/^/#/' \
    -e '/LoadModule usertrack_module modules\/mod_usertrack.so/s/^/#/' \
    -e '/LoadModule dav_module modules\/mod_dav.so/s/^/#/' \
    -e '/LoadModule status_module modules\/mod_status.so/s/^/#/' \
    -e '/LoadModule info_module modules\/mod_info.so/s/^/#/' \
    -e '/LoadModule dav_fs_module modules\/mod_dav_fs.so/s/^/#/' \
    -e '/LoadModule vhost_alias_module modules\/mod_vhost_alias.so/s/^/#/' \
    -e '/LoadModule actions_module modules\/mod_actions.so/s/^/#/' \
    -e '/LoadModule speling_module modules\/mod_speling.so/s/^/#/' \
    -e '/LoadModule userdir_module modules\/mod_userdir.so/s/^/#/' \
    -e '/LoadModule proxy_module modules\/mod_proxy.so/s/^/#/' \
    -e '/LoadModule proxy_balancer_module modules\/mod_proxy_balancer.so/s/^/#/' \
    -e '/LoadModule proxy_ftp_module modules\/mod_proxy_ftp.so/s/^/#/' \
    -e '/LoadModule proxy_http_module modules\/mod_proxy_http.so/s/^/#/' \
    -e '/LoadModule proxy_connect_module modules\/mod_proxy_connect.so/s/^/#/' \
    -e '/LoadModule cache_module modules\/mod_cache.so/s/^/#/' \
    -e '/LoadModule suexec_module modules\/mod_suexec.so/s/^/#/' \
    -e '/LoadModule disk_cache_module modules\/mod_disk_cache.so/s/^/#/' \
    -e '/LoadModule file_cache_module modules\/mod_file_cache.so/s/^/#/' \
    -e '/LoadModule mem_cache_module modules\/mod_mem_cache.so/s/^/#/' \
    -e '/LoadModule cgi_module modules\/mod_cgi.so/s/^/#/' \
    -e '/LoadModule version_module modules\/mod_version.so/s/^/#/' \
/etc/httpd/conf/httpd.conf

# Disable unnecessary languages

sed -i \
    -e '/AddLanguage ca .ca/,/AddLanguage el .el/s/^/#/' \
    -e '/AddLanguage eo .eo/,/AddLanguage it .it/s/^/#/' \
    -e '/AddLanguage ko .ko/,/AddLanguage zh-TW .zh-tw/s/^/#/' \
    -e 's/LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW/LanguagePriority en ja/' \
/etc/httpd/conf/httpd.conf
sed -i 's/        LanguagePriority en es de fr/        LanguagePriority en ja/' /etc/httpd/conf/httpd.conf

### welcome.conf

cp -a /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf.orig
sed -i '/^[^#]/s/^/#/' /etc/httpd/conf.d/welcome.conf

### proxy_ajp.conf

cp -a /etc/httpd/conf.d/proxy_ajp.conf /etc/httpd/conf.d/proxy_ajp.conf.orig
sed -i '/^[^#]/s/^/#/' /etc/httpd/conf.d/proxy_ajp.conf

### ssl.conf

yum -y install mod_ssl
sudo cp -a /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.orig

# Change key file name

sed -i 's/\/etc\/pki\/tls\/certs\/localhost.crt/\/etc\/pki\/tls\/certs\/server.crt/' /etc/httpd/conf.d/ssl.conf
sed -i 's/\/etc\/pki\/tls\/private\/localhost.key/\/etc\/pki\/tls\/certs\/server.key/' /etc/httpd/conf.d/ssl.conf

# Create config

{
    echo -e "[ req ]"
    echo -e "prompt\t\t\t= no"
    echo -e "distinguished_name\t= req_distinguished_name"
    echo -e "[ req_distinguished_name ]"
    echo -e "C\t\t\t= JP"
    echo -e "ST\t\t\t= Tokyo"
    echo -e "L\t\t\t= Kita-ku"
    echo -e "O\t\t\t= pooh.gr.jp"
    echo -e "OU\t\t\t= pooh.gr.jp"
    echo -e "CN\t\t\t= lachesis.pooh.gr.jp"
    echo -e "emailAddress\t\t= webmaster@pooh.gr.jp"
} > /tmp/openssl.cnf

# Generate key

umask 0077
openssl genrsa -des3 2049 > /etc/pki/tls/certs/server.key
#   Enter pass phrase: <PASSWORD>
#   Verifying - Enter pass phrase: <PASSWORD>
openssl req -utf8 -new -x509 -days 3650 -set_serial 0 \
    -key /etc/pki/tls/certs/server.key \
    -out /etc/pki/tls/certs/server.crt \
    -config /tmp/openssl.cnf
#   Enter pass phrase for /etc/pki/tls/certs/server.key: <PASSWORD>
rm -f /tmp/openssl.cnf
umask 0022

# pp-filter

sed -i 's/SSLPassPhraseDialog  builtin/SSLPassPhraseDialog exec:\/usr\/local\/sbin\/pp-filter/' /etc/httpd/conf.d/ssl.conf
{
    echo -e '#!/bin/bash'
    echo -e 'LANG=C'
    echo -e "/bin/echo '<PASSWORD>'"
    echo -e 'exit 0'
} > /usr/local/sbin/pp-filter
chmod 100 /usr/local/sbin/pp-filter

# Setting security

sed -i 's/SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW/SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:-LOW/' /etc/httpd/conf.d/ssl.conf
sed -i '/<Files ~ "\.(cgi\|shtml\|phtml\|php3?)$">/,/<\/Directory>/s/^/#/' /etc/httpd/conf.d/ssl.conf

### defrate.conf

{
    echo -e '<Location />'
    echo -e '    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/x-js text/css'
    echo -e '</Location>'
} > /etc/httpd/conf.d/deflate.conf

### php

yum -y install php
cp -a /etc/php.ini /etc/php.ini.orig
sed -i 's/expose_php = On/expose_php = Off/' /etc/php.ini
sed -i 's/;date.timezone =/date.timezone = Asia\/Tokyo/' /etc/php.ini

### apc

yum -y install php-pear php-devel pcre-devel httpd-devel
pecl install apc
#   Enable per request file info about files used from the APC cache [no] : no
#   Enable spin locks (EXPERIMENTAL) [no] : no
echo 'extension=apc.so' > /etc/php.d/apc.ini

### mysql

yum -y install mysql-server php-mysql
cp -a /etc/my.cnf /etc/my.cnf.orig
cp -a /usr/share/mysql/my-large.cnf /etc/my.cnf
/sbin/service mysqld start
/usr/bin/mysql_secure_installation
#   Enter current password for root (enter for none): <BLANK>
#   Set root password? [Y/n] y
#   New password: <PASSWORD>
#   Re-enter new password: <PASSWORD>
#   Remove anonymous users? [Y/n] y
#   Disallow root login remotely? [Y/n] y
#   Remove test database and access to it? [Y/n] y
#   Reload privilege tables now? [Y/n] y
タイトルとURLをコピーしました