- 论坛徽章:
- 0
|
Install LAMP
编译环境:RedHat Enterprise AS 5.1 开启SELlinux(我个人认为,它既然被REDHAT用上了,肯定就有它的道理,没有理由关掉它啊,嘿嘿)
安装所需要的软件均为最新的源代码包:
GD及库相关
curl-7.17.1.tar.gz libpng-1.2.24.tar.bz2 zlib-1.2.3.tar.gz
freetype-2.3.5.tar.gz libxslt-1.1.22.tar.gz jpegsrc.v6b.tar.gz
gd-2.0.36RC1.tar.bz2 libxml2-2.6.30.tar.gz
PHP相关软件
phpMyAdmin-2.11.3-all-languages.tar.bz2
php-5.2.5.tar.bz2
suhosin-patch-5.2.5-0.9.6.2.patch
ZendOptimizer-3.3.0-linux-glibc21-i386.tar.gz
APACHE相关软件
httpd-2.2.6.tar.bz2
mysql相关软件
mysql-5.1.22-rc.tar.gz
一、安装GD库及其它库文件
1.install zlib
tar xzvf zlib-1.2.3.tar.gz
cd zlib-1.2.3
./configure
make
make install
2. install libpng
tar xjvf libpng-1.2.24.tar.bz2
cd libpng-1.2.24
cp ./scripts/makefile.std makefile
make
make install
3.install freetype
tar xzvf freetype-2.3.5.tar.gz
cd freetype-2.3.5
./configure
make
make install
4.install jpeg
tar xzvf jpegsrc.v6b.tar.gz
cd jpeg-6b
mkdir -p /usr/local/man/man1
./configure --enable-shared --enable-static
make
make install
5.install curl
tar xzvf curl-7.17.1.tar.gz
cd curl-7.17.1
./configure
make
make install
6.install libxml2
tar xzvf libxml2-2.6.30.tar.gz
cd libxml2-2.6.30
./configure
make
make install
7.install libxslt
tar xzvf libxslt-1.1.22.tar.gz
cd libxslt-1.1.22
./configure --with-libxml
make
make install
8.install gd
tar xjvf gd-2.0.36RC1.tar.bz2
cd gd-2.0.36RC1
./configure --jpeg --with-png --with-zlib --with-freetype
make
make install
二、安装mysql数据库
[root@Kevin soft]# mkdir /httpd
[root@Kevin soft]# tar xzvf mysql-5.1.22-rc.tar.gz
[root@Kevin soft]# cd mysql-5.1.22-rc
[root@Kevin mysql-5.1.22-rc]# groupadd mysql
[root@Kevin mysql-5.1.22-rc]# useradd -g mysql mysql
[root@Kevin mysql-5.1.22-rc]# ./configure \
> --prefix=/httpd/mysql --sysconfdir=/httpd/mysql --enable-assembler \
> --with-unix-socket-path=/tmp/mysql.sock --with-mysqld-user=mysql \
> --with-mysqld-ldflags=-a-static --with-innodb --with-extra-charsets=all \
> --with-charset=gb2312 --with-collation=gb2312_chinese_ci \
> --enable-thread-safe-client
[root@Kevin mysql-5.1.22-rc]# make
[root@Kevin mysql-5.1.22-rc]# make install
[root@Kevin mysql-5.1.22-rc]# cp support-files/my-medium.cnf /etc/my.cnf
[root@Kevin mysql-5.1.22-rc]# ./scripts/mysql_install_db --user=mysql
Installing MySQL system tables...
OK
Filling help tables...
OK
To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system
PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
/httpd/mysql/bin/mysqladmin -u root password 'new-password'
/httpd/mysql/bin/mysqladmin -u root -h Kevin password 'new-password'
See the manual for more instructions.
You can start the MySQL daemon with:
cd /httpd/mysql ; /httpd/mysql/bin/mysqld_safe &
You can test the MySQL daemon with mysql-test-run.pl
cd mysql-test ; perl mysql-test-run.pl
Please report any problems with the /httpd/mysql/bin/mysqlbug script!
The latest information about MySQL is available on the web at
http://www.mysql.com
Support MySQL by buying support/licenses at http://shop.mysql.com
[root@Kevin mysql-5.1.22-rc]#cd /httpd/mysql
[root@Kevin mysql]# chown -R root .
[root@Kevin mysql]# chown -R mysql var
[root@Kevin mysql]# chown -R mysql var/.
[root@Kevin mysql]# chown -R mysql var/mysql/.
[root@Kevin mysql]# chgrp -R mysql .
[root@Kevin mysql]#cd /soft/mysql-5.1.22-rc
[root@Kevin mysql-5.1.22-rc]# cp support-files/mysql.server /etc/rc.d/init.d/mysqld
[root@Kevin mysql-5.1.22-rc]# chmod 700 /etc/rc.d/init.d/mysqld
[root@Kevin mysql-5.1.22-rc]# chkconfig --add mysqld
[root@Kevin mysql-5.1.22-rc]# chmod +x /etc/rc.d/init.d/mysqld
[root@Kevin mysql-5.1.22-rc]# /httpd/mysql/bin/mysqld_safe --user=mysql &
[1] 5321
[root@Kevin mysql-5.1.22-rc]# 071223 09:12:27 mysqld_safe Logging to
'/httpd/mysql/var/Kevin.err'.
071223 09:12:28 mysqld_safe Starting mysqld daemon with databases from
/httpd/mysql/var
kconfig --level 345 mysqld on
[root@Kevin mysql-5.1.22-rc]# service mysqld stop
Shutting down MySQL..071223 09:18:54 mysqld_safe mysqld from pid file
/httpd/mysql/var/Kevin.pid ended
[ OK ]
[1]+ Done /httpd/mysql/bin/mysqld_safe --user=mysql
ln -s /httpd/mysql/bin/mysql /sbin/mysql
[root@Kevin mysql-5.1.22-rc]# ln -s /httpd/mysql/bin/mysqladmin /sbin/mysqladmin
[root@Kevin mysql-5.1.22-rc]# PATH=&PATH:/httpd/mysql/bin
[1] 25129
bash: PATH:/httpd/mysql/bin: No such file or directory
[1]+ Done PATH=
[root@Kevin mysql-5.1.22-rc]# export PATH
[root@Kevin mysql-5.1.22-rc]# echo "/httpd/mysql/lib/mysql" >> /etc/ld.so.conf
[root@Kevin mysql-5.1.22-rc]# ldconfig
edit the file /etc/my.cnf
[root@Kevin mysql-5.1.22-rc]# vi /etc/my.cnf
add this two line under the [mysqld]
log = /var/log/mysqld/log.log
and touch the file
[root@Kevin mysql-5.1.22-rc]# mkdir /var/log/mysqld
[root@Kevin mysql-5.1.22-rc]# touch /var/log/mysqld/log.log
[root@Kevin mysql-5.1.22-rc]# chown -R mysql.mysql /var/log/mysqld
[root@Kevin mysql-5.1.22-rc]# service mysqld start
Starting MySQL. [ OK ]
[root@Kevin mysql-5.1.22-rc]#
set password for mysql root
[root@Kevin mysql-5.1.22-rc]# mysqladmin -u root -p password 'password'
insert the root password before , push enter
三、安装APACHE服务器
[root@Kevin soft]# tar xjvf httpd-2.2.6.tar.bz2
[root@Kevin soft]# cd httpd-2.2.6
[root@Kevin httpd-2.2.6]# ./configure --prefix=/httpd/apache --enable-so --enable-track-vars
--enable-mods-shared=all --enable-cache --enable-disk-cache --enable-mem-cache
--enable-rewrite --with-mpm=worker --enable-ssl --with-zlib --enable-suexec
--with-suexec-caller=daemon
[root@Kevin httpd-2.2.6]# make
[root@Kevin httpd-2.2.6]# make install
[root@Kevin httpd-2.2.6]# cp support/apachectl /etc/rc.d/init.d/httpd
edit the file /etc/rc.d/init.d/httpd and add this in it
[root@Kevin httpd-2.2.6]# vim /etc/rc.d/init.d/httpd
# Startup script for the Apache Web Server
# chkconfig: 2345 85 15
# description: Apache is a World Wide Web server .It is used to server
# HTML files and CGI.
# processname: httpd
# pidfile: /httpd/apache/log/httpd.pid
# config: /httpd/apache/conf/httpd.conf
[root@Kevin httpd-2.2.6]# chkconfig --add httpd
[root@Kevin httpd-2.2.6]# chmod 755 /etc/rc.d/init.d/httpd
[root@Kevin httpd-2.2.6]# chkconfig --level 345 httpd on
[root@Kevin httpd-2.2.6]# vim /httpd/apache/conf/httpd.conf
[root@Kevin httpd-2.2.6]# service httpd start
httpd: Syntax error on line 75 of /httpd/apache/conf/httpd.conf: Cannot load
/httpd/apache/modules/mod_deflate.so into server:
/httpd/apache/modules/mod_deflate.so: cannot restore segment prot after reloc:
Permission denied
提示这个错误是因为我开启了SELINUX,解决方法如下:(后面也会出现这种问题,按照同样的方法解决即可)
[root@Kevin ~]# tail /var/log/message
日志提示信息如下:
Dec 23 10:32:52 Kevin setroubleshoot: SELinux is preventing
/httpd/apache/bin/httpd from loading /httpd/apache/modules/mod_deflate.so
which requires text relocation. For complete SELinux messages. run
sealert -l dea1fd12-6af0-493c-9767-e76b9d8bd3b3
其中For complete SELinux messages.run …… 意思就是说为了完成SELlinux,运行后面的命令
然后我们运行日志里提示的命令,再从中找有用的信息。
[root@Kevin httpd-2.2.6]# sealert -l dea1fd12-6af0-493c-9767-e76b9d8bd3b3
Summary
SELinux is preventing /httpd/apache/bin/httpd from loading
/httpd/apache/modules/mod_deflate.so which requires text relocation.
Detailed Description
The /httpd/apache/bin/httpd application attempted to load
/httpd/apache/modules/mod_deflate.so which requires text relocation. This
is a potential security problem. Most libraries do not need this
permission.
Libraries are sometimes coded incorrectly and request this permission.
The
http://people.redhat.com/drepper/selinux-mem.html web page explains how to
remove this requirement. You can configure SELinux temporarily to allow
/httpd/apache/modules/mod_deflate.so to use relocation as a workaround,
until the library is fixed. Please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.
Allowing Access
If you trust /httpd/apache/modules/mod_deflate.so to run correctly, you
can
change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t
/httpd/apache/modules/mod_deflate.so"
The following command will allow this access:
chcon -t textrel_shlib_t /httpd/apache/modules/mod_deflate.so
上面这一段,Allowing Acces意思就是说允许访问(因为最开始的时候是提示权限拒绝),
这正是我们要找的内容 ,继续往下看,如果你相信,mod_deflate.so是可信的,你可以
改变这个文件的context为textrel_shlib_t.,用chcon -t textrel_shlib_t /httpd/apache/
modules/mod_deflate.so 这个命令。
用下面的命令将会允许这个访问:chcon -t textrel_shlib_t /httpd/apache/modules/mod_deflate.so
Additional Information
Source Context root:system_r:unconfined_t:SystemLow-SystemHigh
Target Context root:object_r:etc_runtime_t
Target Objects /httpd/apache/modules/mod_deflate.so [ file ]
Affected RPM Packages
Policy RPM selinux-policy-2.4.6-104.el5
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.allow_execmod
Host Name Kevin
Platform Linux Kevin 2.6.18-53.el5xen #1 SMP Wed Oct 10
17:06:12 EDT 2007 i686 i686
Alert Count 1
Line Numbers
Raw Audit Messages
avc: denied { execmod } for comm="httpd" dev=sda2 egid=0 euid=0
exe="/httpd/apache/bin/httpd" exit=-13 fsgid=0 fsuid=0 gid=0 items=0
path="/httpd/apache/modules/mod_deflate.so" pid=23414
scontext=root:system_r:unconfined_t:s0-s0:c0.c1023 sgid=0
subj=root:system_r:unconfined_t:s0-s0:c0.c1023 suid=0 tclass=file
tcontext=root:object_r:etc_runtime_t:s0 tty=pts0 uid=0
[root@Kevin httpd-2.2.6]# chcon -t textrel_shlib_t /httpd/apache/modules/mod_deflate.so
再重新启动APACHE服务,又有一个同样的问题出现了,这次是mod_ssl.so,解决方法同上,我也
把信息贴出来。
[root@Kevin httpd-2.2.6]# service httpd start
httpd: Syntax error on line 89 of /httpd/apache/conf/httpd.conf: Cannot load
/httpd/apache/modules/mod_ssl.so into server:
/httpd/apache/modules/mod_ssl.so: cannot restore segment prot after reloc:
Permission denied
[root@Kevin ~]# tail /var/log/message
Dec 23 10:35:52 Kevin setroubleshoot: SELinux is preventing
/httpd/apache/bin/httpd from loading /httpd/apache/modules/mod_ssl.so which
requires text relocation. For complete SELinux messages. run sealert -l
013a3462-7caf-4619-a80c-4c3863537004
[root@Kevin httpd-2.2.6]# sealert -l 013a3462-7caf-4619-a80c-4c3863537004
Summary
SELinux is preventing /httpd/apache/bin/httpd from loading
/httpd/apache/modules/mod_ssl.so which requires text relocation.
Detailed Description
The /httpd/apache/bin/httpd application attempted to load
/httpd/apache/modules/mod_ssl.so which requires text relocation. This is
a
potential security problem. Most libraries do not need this permission.
Libraries are sometimes coded incorrectly and request this permission.
The
http://people.redhat.com/drepper/selinux-mem.html web page explains how to
remove this requirement. You can configure SELinux temporarily to allow
/httpd/apache/modules/mod_ssl.so to use relocation as a workaround, until
the library is fixed. Please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.
Allowing Access
If you trust /httpd/apache/modules/mod_ssl.so to run correctly, you can
change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t
/httpd/apache/modules/mod_ssl.so"
The following command will allow this access:
chcon -t textrel_shlib_t /httpd/apache/modules/mod_ssl.so
Additional Information
Source Context root:system_r:unconfined_t:SystemLow-SystemHigh
Target Context root:object_r:etc_runtime_t
Target Objects /httpd/apache/modules/mod_ssl.so [ file ]
Affected RPM Packages
Policy RPM selinux-policy-2.4.6-104.el5
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.allow_execmod
Host Name Kevin
Platform Linux Kevin 2.6.18-53.el5xen #1 SMP Wed Oct 10
17:06:12 EDT 2007 i686 i686
Alert Count 1
Line Numbers
Raw Audit Messages
avc: denied { execmod } for comm="httpd" dev=sda2 egid=0 euid=0
exe="/httpd/apache/bin/httpd" exit=-13 fsgid=0 fsuid=0 gid=0 items=0
path="/httpd/apache/modules/mod_ssl.so" pid=23436
scontext=root:system_r:unconfined_t:s0-s0:c0.c1023 sgid=0
subj=root:system_r:unconfined_t:s0-s0:c0.c1023 suid=0 tclass=file
tcontext=root:object_r:etc_runtime_t:s0 tty=pts0 uid=0
[root@Kevin httpd-2.2.6]# chcon -t textrel_shlib_t /httpd/apache/modules/mod_ssl.so
[root@Kevin httpd-2.2.6]# service httpd start
[root@Kevin httpd-2.2.6]#
OK,可以看到成功启动了。不信还可以用命令查看一下httpd的进程
[root@Kevin httpd-2.2.6]# ps -ef | grep httpd
看看有没有相关的进程,如果没有,我说如果,那就看看日志里说什么,根据日志来判断问题所在,进而解决。
[ 本帖最后由 HonestQiao 于 2008-1-18 21:17 编辑 ] |
|
免费注册
发表于 2007-12-23 13:10
自己先来一个 嘿嘿
