安装环境:centos5.4\5.5\5.6 x32
- #!/bin/bash
- echo "get some sources"
- LANG=C
- yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel
- cat >>/etc/security/limits.conf<<EOF
- * soft nofile 51200
- * hard nofile 51200
- EOF
- echo "start install PHP 5.2.8 lib"
- tar zxvf libiconv-1.12.tar.gz
- cd libiconv-1.12/
- ./configure --prefix=/usr/local
- make
- make install
- cd ../
- tar zxvf libmcrypt-2.5.8.tar.gz
- cd libmcrypt-2.5.8/
- ./configure
- make
- make install
- /sbin/ldconfig
- cd libltdl/
- ./configure --enable-ltdl-install
- make
- make install
- cd ../
- cd ../
- tar zxvf mhash-0.9.9.tar.gz
- cd mhash-0.9.9/
- ./configure
- make
- make install
- cd ../
- echo "start install GeoIP 1.4.6 lib"
- tar zxvf GeoIP.tar.gz
- cd GeoIP-1.4.6
- ./configure && make && make install
- cd ../
- ln -s /usr/local/lib/libGeoIP.so.1 /usr/lib/libGeoIP.so.1
- ln -s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la
- ln -s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so
- ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4
- ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8
- ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a
- ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la
- ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so
- ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2
- ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1
- tar zxvf mcrypt-2.6.7.tar.gz
- cd mcrypt-2.6.7/
- /sbin/ldconfig
- ./configure
- make
- make install
- cd ../
- echo "start install MySQL 5.1.30"
- /usr/sbin/groupadd mysql
- /usr/sbin/useradd -g mysql mysql
- tar zxvf mysql-5.1.30.tar.gz
- cd mysql-5.1.30/
- ./configure --prefix=/usr/local/mysql/ --enable-assembler --with-extra-charsets=complex --enable-thread-safe-client --with-big-tables --with-readline --with-ssl --with-embedded-server --enable-local-infile --with-innodb
- make
- make install
- mkdir -p /var/lib/mysql
- chmod +w /usr/local/mysql
- chmod +w /usr/local/mysql
- chown -R mysql:mysql /var/lib/mysql
- cd ../
- rm -f /etc/my.cnf
- cp my-bak.cnf /usr/local/mysql/my.cnf
- echo "install mysql-lib"
- rpm -ivh MySQL-shared-community-5.1.31-0.rhel5.i386.rpm
- cp pureftpd-mysql-bak.conf /etc/pureftpd-mysql.conf
- /usr/local/mysql/bin/mysql_install_db --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data --user=mysql
- /bin/sh /usr/local/mysql/bin/mysqld_safe --defaults-file=/usr/local/mysql/my.cnf &
- ln -s /usr/local/mysql/bin/* /usr/bin/
- ln -s /tmp/mysql.sock /var/lib/mysql/mysql.sock
- cp mysql /etc/init.d/mysql
- echo "start install PHP"
- tar zxvf php-5.2.8.tar.gz
- gzip -cd php-5.2.8-fpm-0.5.10.diff.gz | patch -d php-5.2.8 -p1
- cd php-5.2.8/
- ./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --with-iconv-dir=/usr/local --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --enable-xml --disable-rpath --enable-discard-path --enable-safe-mode --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --with-curlwrappers --enable-mbregex --enable-fastcgi --enable-fpm --enable-force-cgi-redirect --enable-mbstring --with-mcrypt --with-gd --enable-gd-native-ttf --with-openssl --with-mhash --enable-pcntl --enable-sockets --enable-zip
- make ZEND_EXTRA_LIBS='-liconv'
- make install
- cd ../
- rm -f /etc/php.ini
- cp php-bak.ini /usr/local/php/etc/php.ini
- echo "start install PHP extra"
- tar zxvf memcache-2.2.4.tgz
- cd memcache-2.2.4/
- /usr/local/php/bin/phpize
- ./configure --with-php-config=/usr/local/php/bin/php-config
- make
- make install
- cd ../
- tar jxvf eaccelerator-0.9.5.3.tar.bz2
- cd eaccelerator-0.9.5.3/
- /usr/local/php/bin/phpize
- ./configure --enable-eaccelerator=shared --with-php-config=/usr/local/php/bin/php-config
- make
- make install
- cd ../
- tar zxvf PDO_MYSQL-1.0.2.tgz
- cd PDO_MYSQL-1.0.2/
- /usr/local/php/bin/phpize
- ./configure --with-php-config=/usr/local/php/bin/php-config --with-pdo-mysql=/usr/local/mysql
- make
- make install
- cd ../
- tar zxvf ZendOptimizer-3.3.3-linux-glibc23-i386.tar.gz
- mkdir -p /usr/local/Zend/lib
- cp /data0/software/centos/ZendOptimizer-3.3.3-linux-glibc23-i386/data/5_2_x_comp/ZendOptimizer.so /usr/local/Zend/lib/
- echo "config eAccelerator"
- mkdir -p /usr/local/eaccelerator_cache
- cat >>/etc/sysctl.conf<<EOF
- kernel.shmmax = 134217728
- net.ipv4.tcp_fin_timeout = 30
- net.ipv4.tcp_keepalive_time = 300
- net.ipv4.tcp_syncookies = 1
- net.ipv4.tcp_tw_reuse = 1
- net.ipv4.tcp_tw_recycle = 1
- net.ipv4.ip_local_port_range = 5000 65000
- EOF
- /sbin/sysctl -p
- echo "add www:www"
- /usr/sbin/groupadd www
- /usr/sbin/useradd -g www www
- echo "config php-fpm"
- rm -f /usr/local/php/etc/php-fpm.conf
- cp php-fpm-bak.conf /usr/local/php/etc/php-fpm.conf
- echo "start php-cgi"
- ulimit -SHn 51200
- /usr/local/php/sbin/php-fpm start
- tar zxvf pcre-7.8.tar.gz
- cd pcre-7.8/
- ./configure
- make && make install
- cd ../
- echo "install Nginx 0.7.63"
- tar zxvf nginx-0.7.63.tar.gz
- cd nginx-0.7.63/
- ./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-http_geoip_module
- make && make install
- cd ../
- echo "start install GeoIP country and city DATABASES lib"
- gzip -d GeoLiteCity.dat.gz
- mv GeoLiteCity.dat /usr/local/nginx/conf/GeoLiteCity.dat
- gzip -d GeoIP.dat.gz
- mv GeoIP.dat /usr/local/nginx/conf/GeoIP.dat
- rm -f /usr/local/nginx/conf/nginx.conf
- cp nginx-bak.conf /usr/local/nginx/conf/nginx.conf
- cp fcgi-bak.conf /usr/local/nginx/conf/fcgi.conf
- cat >>/etc/rc.local<<EOF
- ulimit -SHn 51200
- /usr/local/php/sbin/php-fpm start
- /usr/local/nginx/sbin/nginx
- /usr/local/sbin/pure-config.pl /usr/local/etc/pure-ftpd.conf
- EOF
- echo "config Nginx log"
- cp cut_nginx_log-bak.sh /usr/local/nginx/sbin/cut_nginx_log.sh
- cp ngx-bak.sh /usr/local/nginx/sbin/ngx.sh
- cp rewrite-bak.conf /usr/local/nginx/conf/rewrite.conf
- cp proxy-bak.conf /usr/local/nginx/conf/proxy.conf
- yum -y install vixie-cron
- cp root-bak /var/spool/cron/root
- service crond restart
- echo "install pure-ftpd"
- tar zxvf pure-ftpd-1.0.21.tar.gz
- cd pure-ftpd-1.0.21
- ./configure -prefix=/usr/local/pureftpd -with-mysql=/usr/local/mysql -with-paranoidmsg -with-welcomemsg -with-uploadscript -with-cookie -with-virtualchroot -with-virtualhosts -with-virtualroot -with-diraliases -with-quotas -with-sysquotas -with-ratios -with-ftpwho -with-throttling
- make
- make check
- make install
- cd configuration-file
- chmod u+x pure-config.pl
- cp pure-config.pl /usr/local/sbin/pure-config.pl
- cd ../
- cd ../
- cp pure-ftpd-bak.conf /usr/local/etc/pure-ftpd.conf
- echo "make dir"
- mkdir -p /data1/logs
- mkdir -p /data0/account
- mkdir -p /data0/htdocs
- chmod +w /data0
- chmod +w /data1
- chown -R www:www /data0
- chown -R www:www /data1
- chown www:www /usr/local/nginx/conf/nginx.conf
- chmod -R 777 /usr/local/nginx/conf
- echo "start Nginx"
- ulimit -SHn 51200
- /usr/local/nginx/sbin/nginx
- echo "start pure-ftpd"
- /usr/local/sbin/pure-config.pl /usr/local/etc/pure-ftpd.conf
- service crond restart
- service iptables restart
- /usr/sbin/groupadd products
- /usr/sbin/useradd -g products products
- mkdir -p /data0/products
- chown -R products:products /data0/products
- tar -zxf ocaml-3.10.2.tar.gz
- cd ocaml-3.10.2
- ./configure
- make world opt
- make install
- cd ../
- tar -zxf unison-2.27.57.tar.gz
- cd unison-2.27.57
- make UISTYLE=text
- make install
- cp ./unison /usr/local/bin
- cd ../
- yum -y install sendmail mailx
- /etc/rc.d/init.d/sendmail start
- echo "Configure methods of the system user commands recording "
- ./history-011.5.bin
- mkdir -p /data0/www
- chown -R www:www /data0/www
- rm -rf /etc/init.d/mysqld
- cp mysqld /etc/init.d/
- rm -rf /usr/local/nginx/conf/nginx.php
- cp nginx.php /usr/local/nginx/conf/
- rm -rf /usr/local/nginx/sbin/ngx.sh
- cp ngx.sh /usr/local/nginx/sbin/
- chmod +x mysqld
- echo "configure iptables and start install SNMP"
- chmod +x prelinux-11.5.bin
- ./prelinux-11.5.bin
- echo "start phpmyadmin"
- unzip phpmyadmin.zip
- mv phpMyAdmin-3.2.2-all-languages /data0/www/phpmyadmin
- chown -R www:www /data0/www
- echo "Generate rsa public key "
- su www
- cd
- ssh-keygen -t rsa
- echo "The WEB SERVER installation was completed"
- febay@code.root
- cd /etc/snmp/ &&
- scp root@220.231.158.124:~/snmpd.conf /etc/snmp/
- vi /etc/snmp/snmpd.conf
- com2sec notConfigUser 220.231.158.124 public_jia
- /etc/init.d/snmpd restart
- #!/bin/bash
- PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
- iptables -F
- iptables -A INPUT -i lo -j ACCEPT
- iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
- iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- #for monitor
- #for ping:
- iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
- iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
- #iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 8 -j REJECT
- iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 2222 -j ACCEPT
- iptables -A INPUT -s 84.22.112.0/26 -m tcp -p tcp --dport 3306 -j ACCEPT
- #iptables -A INPUT -p tcp --dport 80 -m state --state NEW -m recent --update --seconds 60 --hitcount 15 -j REJECT
- #iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -m connlimit --connlimit-above 5 -j REJECT
- #iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN -m limit --limit 1/s -j ACCEPT
- #iptables -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST SYN -m limit --limit 1/s -j ACCEPT
- #iptables -A FORWARD -p TCP ! --syn -m state --state NEW -j REJECT
- #iptables -A FORWARD -f -m limit --limit 100/s --limit-burst 100 -j ACCEPT
- #iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 1 -j REJECT
- #iptables -A INPUT -m limit --limit 3/hour --limit-burst 5 -j REJECT
- #iptables -A INPUT -p tcp --syn -m limit --limit 1/s -j ACCEPT
- #iptables -A INPUT -p tcp --dport 80 -m connlimit --connlimit-above 30 -j REJECT
- #for DNS:
- iptables -A INPUT -p tcp --source-port 53 -j ACCEPT
- iptables -A INPUT -p udp --source-port 53 -j ACCEPT
- ##########################################
- #for special IP drop something port
- #dropip="203.188.197.0/24 168.95.5.0/24 203.188.197.9"
- # for ip in $dropip; do
- # iptables -A INPUT -s $ip -j DROP
- # iptables -A OUTPUT -d $ip -j DROP
- # done
- ####################################
- TCPPORT=" 80 20 22 21 12000 873 199 1388 25 110 993 995 465"
- for port in $TCPPORT; do
- iptables -A INPUT -p tcp --dport $port -j ACCEPT
- iptables -A OUTPUT -p tcp --sport $port -j ACCEPT
- done
- #################################################
- UDPPORT="161 199 25"
- for port in $UDPPORT; do
- iptables -A INPUT -p udp --dport $port -j ACCEPT
- iptables -A OUTPUT -p udp --sport $port -j ACCEPT
- done
- ######################################################
- #for Local FTP Server:
- iptables -A INPUT -p tcp -m multiport --dport 21,20 -j ACCEPT
- iptables -A INPUT -p tcp --dport 40000:42000 -j ACCEPT
- #for same ip in port
- #acceptport="873 3306"
- #for port in $acceptport; do
- #acceptip="205.209.136.212"
- # for ip in $acceptip; do
- # iptables -A INPUT -p tcp --dport $port -s $ip -j ACCEPT
- # iptables -A OUTPUT -p tcp --sport $port -d $ip -j ACCEPT
- # done
- #done
- #iptables -A INPUT -p all -m state --state RELATED,ESTABLISHED -j ACCEPT
- #iptables -A OUTPUT -p all -m state --state NEW,ESTABLISHED -j ACCEPT
- iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset
- iptables -A INPUT -j DROP
- iptables -A FORWARD -j DROP
